function tags_validate(&$datahandler)
{
global $mybb, $db, $thread, $lang;
if ($mybb->settings['tags_enabled'] == 0 || tags_in_disforum($datahandler->fid) || $mybb->settings['tags_groups'] != -1 && !is_member($mybb->settings['tags_groups'])) {
return;
}
$lang->load('tags');
$mybb->settings['tags_max_thread'] = (int) $mybb->settings['tags_max_thread'];
if ($mybb->get_input('tags') != '' && ($datahandler->action == 'thread' || is_array($thread) && $datahandler->data['pid'] == $thread['firstpost'])) {
$tags_value = $mybb->get_input('tags');
$tags_value = tags_string2tag($tags_value);
$tags = explode(',', $tags_value);
if (count($tags) > $mybb->settings['tags_max_thread'] && $mybb->settings['tags_max_thread'] > 0) {
$lang->many_tags = $lang->sprintf($lang->many_tags, $mybb->settings['tags_max_thread']);
$datahandler->set_error($lang->many_tags);
return;
}
foreach ($tags as $tag) {
if (my_strlen($tag) > 0 && my_strlen($tag) < $mybb->settings['tags_minchars']) {
$datahandler->set_error($lang->tags_too_short);
return;
} elseif (my_strlen($tag) > $mybb->settings['tags_maxchars'] && $mybb->settings['tags_maxchars'] > 0) {
$datahandler->set_error($lang->tags_too_long);
return;
}
}
}
}
/**
* Verifies a private message subject.
*
* @return boolean True when valid, false when invalid.
*/
function verify_subject()
{
$subject =& $this->data['subject'];
// Subject is over 85 characters, too long.
if (my_strlen($subject) > 85) {
$this->set_error("too_long_subject");
return false;
}
// No subject, apply the default [no subject]
if (!trim_blank_chrs($subject)) {
$this->set_error("missing_subject");
return false;
}
return true;
}
function countWord($string)
{
//출처 http://php.net/manual/en/function.str-word-count.php
// Return the number of words in a string.
$string = str_replace("'", "'", $string);
$t = array(' ', "\t", '=', '+', '-', '*', '/', '\\', ',', '.', ';', ':', '[', ']', '{', '}', '(', ')', '<', '>', '&', '%', '$', '@', '#', '^', '!', '?', '~');
// separators
$string = str_replace($t, " ", $string);
$string = trim(preg_replace("/\\s+/", " ", $string));
$num = 0;
if (my_strlen($string) > 0) {
$word_array = explode(" ", $string);
$num = count($word_array);
}
return $num;
}
}
$xml = "<?xml version=\"1.0\" encoding=\"{$lang->settings['charset']}\"?" . ">\n";
$xml = "<usergroups version=\"{$mybb->version_code}\" exported=\"" . TIME_NOW . "\">\n";
$query = $db->simple_select("usergroups", "*", $gidwhere, array('order_by' => 'gid', 'order_dir' => 'ASC'));
while ($usergroup = $db->fetch_array($query)) {
$xml .= "\t\t<usergroup>\n";
foreach ($usergroup as $key => $value) {
$value = str_replace(']]>', ']]]]><![CDATA[>', $value);
$xml .= "\t\t\t<{$key}><![CDATA[{$value}]]></{$key}>\n";
}
$xml .= "\t\t</usergroup>\n";
}
$xml .= "</usergroups>";
$mybb->settings['bbname'] = urlencode($mybb->settings['bbname']);
header("Content-disposition: filename=" . $mybb->settings['bbname'] . "-usergroups.xml");
header("Content-Length: " . my_strlen($xml));
header("Content-type: unknown/unknown");
header("Pragma: no-cache");
header("Expires: 0");
$plugins->run_hooks("admin_user_groups_export_end");
echo $xml;
exit;
}
if ($mybb->input['action'] == "approve_join_request") {
$plugins->run_hooks("admin_user_groups_approve_join_request");
$query = $db->simple_select("joinrequests", "*", "rid='" . $mybb->input['rid'] . "'");
$request = $db->fetch_array($query);
if (!$request['rid']) {
flash_message($lang->error_invalid_join_request, 'error');
admin_redirect("index.php?module=user-groups");
}
echo $error;
exit;
}
// This user is trying to give a positive reputation, but positive reps have been disabled.
if ($mybb->get_input('reputation', MyBB::INPUT_INT) > 0 && $mybb->settings['posrep'] != 1) {
$message = $lang->add_positive_disabled;
if ($mybb->input['nomodal']) {
eval("\$error = \"" . $templates->get("reputation_add_error_nomodal", 1, 0) . "\";");
} else {
eval("\$error = \"" . $templates->get("reputation_add_error", 1, 0) . "\";");
}
echo $error;
exit;
}
// The length of the comment is too long
if (my_strlen($mybb->input['comments']) > $mybb->settings['maxreplength']) {
$message = $lang->sprintf($lang->add_toolong, $mybb->settings['maxreplength']);
if ($mybb->input['nomodal']) {
eval("\$error = \"" . $templates->get("reputation_add_error_nomodal", 1, 0) . "\";");
} else {
eval("\$error = \"" . $templates->get("reputation_add_error", 1, 0) . "\";");
}
echo $error;
exit;
}
// Build array of reputation data.
$reputation = array("uid" => $uid, "adduid" => $mybb->user['uid'], "pid" => $mybb->get_input('pid', MyBB::INPUT_INT), "reputation" => $mybb->get_input('reputation', MyBB::INPUT_INT), "dateline" => TIME_NOW, "comments" => $db->escape_string($mybb->input['comments']));
$plugins->run_hooks("reputation_do_add_process");
// Updating an existing reputation
if (!empty($existing_reputation['uid'])) {
$db->update_query("reputation", $reputation, "rid='" . $existing_reputation['rid'] . "'");
/**
* Verifies if a profile fields are filled in correctly.
*
* @return boolean True when valid, false when invalid.
*/
function verify_profile_fields()
{
global $db, $cache;
$user =& $this->data;
$profile_fields =& $this->data['profile_fields'];
// Loop through profile fields checking if they exist or not and are filled in.
$userfields = array();
$comma = '';
// Fetch all profile fields first.
$pfcache = $cache->read('profilefields');
if (is_array($pfcache)) {
// Then loop through the profile fields.
foreach ($pfcache as $profilefield) {
if (isset($this->data['profile_fields_editable']) || isset($this->data['registration']) && ($profilefield['required'] == 1 || $profilefield['registration'] == 1)) {
$profilefield['editableby'] = -1;
}
if (!is_member($profilefield['editableby'], array('usergroup' => $user['usergroup'], 'additionalgroups' => $user['additionalgroups']))) {
continue;
}
// Does this field have a minimum post count?
if (!isset($this->data['profile_fields_editable']) && !empty($profilefield['postnum']) && $profilefield['postnum'] > $user['postnum']) {
continue;
}
$profilefield['type'] = htmlspecialchars_uni($profilefield['type']);
$thing = explode("\n", $profilefield['type'], "2");
$type = trim($thing[0]);
$field = "fid{$profilefield['fid']}";
if (!isset($profile_fields[$field])) {
$profile_fields[$field] = '';
}
// If the profile field is required, but not filled in, present error.
if ($type != "multiselect" && $type != "checkbox") {
if (trim($profile_fields[$field]) == "" && $profilefield['required'] == 1 && !defined('IN_ADMINCP') && THIS_SCRIPT != "modcp.php") {
$this->set_error('missing_required_profile_field', array($profilefield['name']));
}
} elseif (($type == "multiselect" || $type == "checkbox") && $profile_fields[$field] == "" && $profilefield['required'] == 1 && !defined('IN_ADMINCP') && THIS_SCRIPT != "modcp.php") {
$this->set_error('missing_required_profile_field', array($profilefield['name']));
}
// Sort out multiselect/checkbox profile fields.
$options = '';
if (($type == "multiselect" || $type == "checkbox") && is_array($profile_fields[$field])) {
$expoptions = explode("\n", $thing[1]);
$expoptions = array_map('trim', $expoptions);
foreach ($profile_fields[$field] as $value) {
if (!in_array(htmlspecialchars_uni($value), $expoptions)) {
$this->set_error('bad_profile_field_values', array($profilefield['name']));
}
if ($options) {
$options .= "\n";
}
$options .= $db->escape_string($value);
}
} elseif ($type == "select" || $type == "radio") {
$expoptions = explode("\n", $thing[1]);
$expoptions = array_map('trim', $expoptions);
if (!in_array(htmlspecialchars_uni($profile_fields[$field]), $expoptions) && trim($profile_fields[$field]) != "") {
$this->set_error('bad_profile_field_values', array($profilefield['name']));
}
$options = $db->escape_string($profile_fields[$field]);
} else {
if ($profilefield['maxlength'] > 0 && my_strlen($profile_fields[$field]) > $profilefield['maxlength']) {
$this->set_error('max_limit_reached', array($profilefield['name'], $profilefield['maxlength']));
}
if (!empty($profilefield['regex']) && !preg_match("#" . $profilefield['regex'] . "#i", $profile_fields[$field])) {
$this->set_error('bad_profile_field_value', array($profilefield['name']));
}
$options = $db->escape_string($profile_fields[$field]);
}
$user['user_fields'][$field] = $options;
}
}
return true;
}
$message['subject'] = $parser->parse_badwords($message['subject']);
if (my_strlen($message['subject']) > 50) {
$message['subject'] = htmlspecialchars_uni(my_substr($message['subject'], 0, 50) . "...");
} else {
$message['subject'] = htmlspecialchars_uni($message['subject']);
}
if ($message['folder'] != "3") {
$senddate = my_date('relative', $message['dateline']);
} else {
$senddate = $lang->not_sent;
}
$foldername = $foldernames[$message['folder']];
// What we do here is parse the post using our post parser, then strip the tags from it
$parser_options = array('allow_html' => 0, 'allow_mycode' => 1, 'allow_smilies' => 0, 'allow_imgcode' => 0, 'filter_badwords' => 1);
$message['message'] = strip_tags($parser->parse_message($message['message'], $parser_options));
if (my_strlen($message['message']) > 200) {
$message['message'] = my_substr($message['message'], 0, 200) . "...";
}
eval("\$messagelist .= \"" . $templates->get("private_search_messagebit") . "\";");
}
if ($db->num_rows($query) == 0) {
eval("\$messagelist = \"" . $templates->get("private_search_results_nomessages") . "\";");
}
$plugins->run_hooks("private_results_end");
eval("\$results = \"" . $templates->get("private_search_results") . "\";");
output_page($results);
}
if ($mybb->input['action'] == "advanced_search") {
$plugins->run_hooks("private_advanced_search");
eval("\$advanced_search = \"" . $templates->get("private_advanced_search") . "\";");
output_page($advanced_search);
$totalposts_query = $db->simple_select("posts", "fid,message", "uid='" . $user['uid'] . "' AND pid NOT IN(" . implode(',', $firstposts) . ")");
while ($post = $db->fetch_array($totalposts_query)) {
if ($mybb->settings['newpoints_income_newpost'] == 0) {
continue;
}
if (!$allforumrules[$post['fid']]) {
$allforumrules[$post['fid']]['rate'] = 1;
}
// no rule set so default income rate is 1
// if the forum rate is 0, nothing is going to be added so let's just skip to the next post
if ($allforumrules[$post['fid']]['rate'] == 0) {
continue;
}
// calculate points ber character bonus
// let's see if the number of characters in the post is greater than the minimum characters
if (($charcount = my_strlen($post['message'])) >= $mybb->settings['newpoints_income_minchar']) {
$bonus = $charcount * $mybb->settings['newpoints_income_perchar'];
} else {
$bonus = 0;
}
// give points to the poster
$points += ($mybb->settings['newpoints_income_newpost'] + $bonus) * $allforumrules[$post['fid']]['rate'];
$thread = get_thread($post['tid']);
if ($thread['uid'] != $user['uid']) {
// we are not the thread started so give points to him/her
if ($mybb->settings['newpoints_income_perreply'] != 0) {
newpoints_addpoints($thread['uid'], $mybb->settings['newpoints_income_perreply'], $allforumrules[$post['fid']]['rate'], $grouprules['rate']);
}
}
}
// poll votes
} else {
eval("\$latest_post = \"" . $templates->get("modcp_awaitingmoderation_none") . "\";");
}
eval("\$awaitingposts = \"" . $templates->get("modcp_awaitingposts") . "\";");
}
if ($nummodqueuethreads > 0 || $mybb->usergroup['issupermod'] == 1) {
$query = $db->simple_select("threads", "COUNT(tid) AS unapprovedthreads", "visible='0' {$flist_queue_threads}");
$unapproved_threads = $db->fetch_field($query, "unapprovedthreads");
if ($unapproved_threads > 0) {
$query = $db->simple_select("threads", "tid, subject, uid, username, dateline", "visible='0' {$flist_queue_threads}", array('order_by' => 'dateline', 'order_dir' => 'DESC', 'limit' => 1));
$thread = $db->fetch_array($query);
$thread['date'] = my_date('relative', $thread['dateline']);
$thread['profilelink'] = build_profile_link($thread['username'], $thread['uid']);
$thread['link'] = get_thread_link($thread['tid']);
$thread['subject'] = $thread['fullsubject'] = $parser->parse_badwords($thread['subject']);
if (my_strlen($thread['subject']) > 25) {
$post['subject'] = my_substr($thread['subject'], 0, 25) . "...";
}
$thread['subject'] = htmlspecialchars_uni($thread['subject']);
$thread['fullsubject'] = htmlspecialchars_uni($thread['fullsubject']);
$unapproved_threads = my_number_format($unapproved_threads);
eval("\$latest_thread = \"" . $templates->get("modcp_lastthread") . "\";");
} else {
eval("\$latest_thread = \"" . $templates->get("modcp_awaitingmoderation_none") . "\";");
}
eval("\$awaitingthreads = \"" . $templates->get("modcp_awaitingthreads") . "\";");
}
if (!empty($awaitingattachments) || !empty($awaitingposts) || !empty($awaitingthreads)) {
eval("\$awaitingmoderation = \"" . $templates->get("modcp_awaitingmoderation") . "\";");
}
}
$postoptions_subscriptionmethod_dont = "checked=\"checked\"";
}
}
}
}
if ($forum['allowpicons'] != 0) {
$posticons = get_post_icons();
}
// No subject?
if (!isset($subject)) {
if (!empty($mybb->input['subject'])) {
$subject = $mybb->get_input('subject');
} else {
$subject = $thread['subject'];
// Subject too long? Shorten it to avoid error message
if (my_strlen($subject) > 85) {
$subject = my_substr($subject, 0, 82) . '...';
}
$subject = "RE: " . $subject;
}
}
// Preview a post that was written.
$preview = '';
if (!empty($mybb->input['previewpost'])) {
// If this isn't a logged in user, then we need to do some special validation.
if ($mybb->user['uid'] == 0) {
// If they didn't specify a username then give them "Guest"
if (!$mybb->get_input('username')) {
$username = $lang->guest;
} else {
$username = $mybb->get_input('username');
/**
* Truncate too long URLs.
*
* @param string The string to be truncated.
* @param string The word separator.
* @param int The soft limit.
* @param int The hard limit.
* @return string truncated string
*/
function google_seo_url_truncate($str)
{
global $settings;
$separator = $settings['google_seo_url_separator'];
$soft = $settings['google_seo_url_length_soft'];
$hard = $settings['google_seo_url_length_hard'];
// Cut off word past soft limit.
if ($soft && my_strlen($str) > $soft) {
// Search the separator after the soft limit.
$part = my_substr($str, $soft);
$pos = my_strpos($part, $separator);
if ($pos === 0 || $pos > 0) {
$str = my_substr($str, 0, $soft + $pos);
}
}
// Truncate hard limit.
if ($hard && my_strlen($str) > $hard) {
$str = my_substr($str, 0, $hard);
}
return $str;
}
break;
}
// Any events on this specific day?
if (is_array($events_cache) && array_key_exists("{$day}-{$calendar_month}-{$calendar_year}", $events_cache)) {
$total_events = count($events_cache["{$day}-{$calendar_month}-{$calendar_year}"]);
if ($total_events > $calendar['eventlimit'] && $calendar['eventlimit'] != 0) {
if ($total_events > 1) {
$day_events = "<div style=\"margin-bottom: 4px;\"><a href=\"" . get_calendar_link($calendar['cid'], $calendar_year, $calendar_month, $day) . "\" class=\"smalltext\">{$total_events} {$lang->events}</a></div>\n";
} else {
$day_events = "<div style=\"margin-bottom: 4px;\"><a href=\"" . get_calendar_link($calendar['cid'], $calendar_year, $calendar_month, $day) . "\" class=\"smalltext\">1 {$lang->event}</a></div>\n";
}
} else {
foreach ($events_cache["{$day}-{$calendar_month}-{$calendar_year}"] as $event) {
$event['eventlink'] = get_event_link($event['eid']);
$event['fullname'] = htmlspecialchars_uni($event['name']);
if (my_strlen($event['name']) > 15) {
$event['name'] = my_substr($event['name'], 0, 15) . "...";
}
$event['name'] = htmlspecialchars_uni($event['name']);
if ($event['private'] == 1) {
$event_class = " private_event";
} else {
$event_class = " public_event";
}
if ($event['visible'] == 0) {
$event_class .= " trow_shaded";
}
eval("\$day_events .= \"" . $templates->get("calendar_eventbit") . "\";");
}
}
}
/**
* Writes text to the image.
*
* @param resource $im The image.
* @param string $string The string to be written
*
* @return bool False if string is empty, true otherwise
*/
function draw_string(&$im, $string)
{
global $use_ttf, $min_size, $max_size, $min_angle, $max_angle, $ttf_fonts, $img_height, $img_width;
if (empty($string)) {
return false;
}
$spacing = $img_width / my_strlen($string);
$string_length = my_strlen($string);
for ($i = 0; $i < $string_length; ++$i) {
// Using TTF fonts
if ($use_ttf) {
// Select a random font size
$font_size = my_rand($min_size, $max_size);
// Select a random font
$font = array_rand($ttf_fonts);
$font = $ttf_fonts[$font];
// Select a random rotation
$rotation = my_rand($min_angle, $max_angle);
// Set the colour
$r = my_rand(0, 200);
$g = my_rand(0, 200);
$b = my_rand(0, 200);
$color = imagecolorallocate($im, $r, $g, $b);
// Fetch the dimensions of the character being added
$dimensions = imageftbbox($font_size, $rotation, $font, $string[$i], array());
$string_width = $dimensions[2] - $dimensions[0];
$string_height = $dimensions[3] - $dimensions[5];
// Calculate character offsets
//$pos_x = $pos_x + $string_width + ($string_width/4);
$pos_x = $spacing / 4 + $i * $spacing;
$pos_y = ceil($img_height - $string_height / 2);
// Draw a shadow
$shadow_x = my_rand(-3, 3) + $pos_x;
$shadow_y = my_rand(-3, 3) + $pos_y;
$shadow_color = imagecolorallocate($im, $r + 20, $g + 20, $b + 20);
imagefttext($im, $font_size, $rotation, $shadow_x, $shadow_y, $shadow_color, $font, $string[$i], array());
// Write the character to the image
imagefttext($im, $font_size, $rotation, $pos_x, $pos_y, $color, $font, $string[$i], array());
} else {
// Get width/height of the character
$string_width = imagefontwidth(5);
$string_height = imagefontheight(5);
// Calculate character offsets
$pos_x = $spacing / 4 + $i * $spacing;
$pos_y = $img_height / 2 - $string_height - 10 + my_rand(-3, 3);
// Create a temporary image for this character
if (gd_version() >= 2) {
$temp_im = imagecreatetruecolor(15, 20);
} else {
$temp_im = imagecreate(15, 20);
}
$bg_color = imagecolorallocate($temp_im, 255, 255, 255);
imagefill($temp_im, 0, 0, $bg_color);
imagecolortransparent($temp_im, $bg_color);
// Set the colour
$r = my_rand(0, 200);
$g = my_rand(0, 200);
$b = my_rand(0, 200);
$color = imagecolorallocate($temp_im, $r, $g, $b);
// Draw a shadow
$shadow_x = my_rand(-1, 1);
$shadow_y = my_rand(-1, 1);
$shadow_color = imagecolorallocate($temp_im, $r + 50, $g + 50, $b + 50);
imagestring($temp_im, 5, 1 + $shadow_x, 1 + $shadow_y, $string[$i], $shadow_color);
imagestring($temp_im, 5, 1, 1, $string[$i], $color);
// Copy to main image
imagecopyresized($im, $temp_im, $pos_x, $pos_y, 0, 0, 40, 55, 15, 20);
imagedestroy($temp_im);
}
}
return true;
}
$post['forumlink'] = "<a href=\"" . get_forum_link($post['fid']) . "\">" . $forumcache[$post['fid']]['name'] . "</a>";
} else {
$post['forumlink'] = "";
}
if (!$post['subject']) {
$post['subject'] = $post['message'];
}
if (my_strlen($post['subject']) > 50) {
$post['subject'] = htmlspecialchars_uni(my_substr($post['subject'], 0, 50) . "...");
} else {
$post['subject'] = htmlspecialchars_uni($post['subject']);
}
// What we do here is parse the post using our post parser, then strip the tags from it
$parser_options = array('allow_html' => 0, 'allow_mycode' => 1, 'allow_smilies' => 0, 'allow_imgcode' => 0, 'filter_badwords' => 1);
$post['message'] = strip_tags($parser->parse_message($post['message'], $parser_options));
if (my_strlen($post['message']) > 200) {
$prev = my_substr($post['message'], 0, 200) . "...";
} else {
$prev = $post['message'];
}
$posted = my_date($mybb->settings['dateformat'], $post['dateline']) . ", " . my_date($mybb->settings['timeformat'], $post['dateline']);
$thread_url = get_thread_link($post['tid']);
$post_url = get_post_link($post['pid'], $post['tid']);
// Inline post moderation
$inline_mod_checkbox = '';
if ($is_supermod || is_moderator($post['fid'])) {
eval("\$inline_mod_checkbox = \"" . $templates->get("search_results_posts_inlinecheck") . "\";");
} elseif ($is_mod) {
eval("\$inline_mod_checkbox = \"" . $templates->get("search_results_posts_nocheck") . "\";");
}
$plugins->run_hooks("search_results_post");
public function retrieve_buddylist_from_db($page, $memprofile)
{
global $db, $settings;
$page = (int) $page;
$buddylist = array();
$count = count(array_filter(explode(",", $memprofile["buddylist"])));
$limit = is_numeric($settings["mpbuddylistrecord"]) ? (int) $settings["mpbuddylistrecord"] : 4;
$membuddylistarray = array_slice(explode(",", $memprofile["buddylist"]), ($page - 1) * $limit, $limit);
$membuddylist = implode(",", $membuddylistarray);
if (my_strlen(trim($membuddylist)) != 0) {
$query = $db->simple_select("users", "*", "uid IN ({$membuddylist})", array("limit" => $limit));
while ($buddy = $db->fetch_array($query)) {
$buddylist[] = $buddy;
}
/* saving up a query */
}
return $this->buddylist_process($buddylist, $count, $memprofile, $limit, $page);
}
/**
* Verifies if a profile fields are filled in correctly.
*
* @return boolean True when valid, false when invalid.
*/
function verify_profile_fields()
{
global $db;
$user =& $this->data;
$profile_fields =& $this->data['profile_fields'];
// Loop through profile fields checking if they exist or not and are filled in.
$userfields = array();
$comma = '';
$editable = '';
if (!$this->data['profile_fields_editable']) {
$editable = "editable=1";
}
// Fetch all profile fields first.
$options = array('order_by' => 'disporder');
$query = $db->simple_select('profilefields', 'name, postnum, type, fid, required, maxlength', $editable, $options);
// Then loop through the profile fields.
while ($profilefield = $db->fetch_array($query)) {
// Does this field have a minimum post count?
if (!$this->data['profile_fields_editable'] && !empty($profilefield['postnum']) && $profilefield['postnum'] > $user['postnum']) {
continue;
}
$profilefield['type'] = htmlspecialchars_uni($profilefield['type']);
$thing = explode("\n", $profilefield['type'], "2");
$type = trim($thing[0]);
$field = "fid{$profilefield['fid']}";
// If the profile field is required, but not filled in, present error.
if ($type != "multiselect" && $type != "checkbox") {
if (trim($profile_fields[$field]) == "" && $profilefield['required'] == 1 && !defined('IN_ADMINCP') && THIS_SCRIPT != "modcp.php") {
$this->set_error('missing_required_profile_field', array($profilefield['name']));
}
} elseif (($type == "multiselect" || $type == "checkbox") && $profile_fields[$field] == "" && $profilefield['required'] == 1 && !defined('IN_ADMINCP') && THIS_SCRIPT != "modcp.php") {
$this->set_error('missing_required_profile_field', array($profilefield['name']));
}
// Sort out multiselect/checkbox profile fields.
$options = '';
if (($type == "multiselect" || $type == "checkbox") && is_array($profile_fields[$field])) {
$expoptions = explode("\n", $thing[1]);
$expoptions = array_map('trim', $expoptions);
foreach ($profile_fields[$field] as $value) {
if (!in_array(htmlspecialchars_uni($value), $expoptions)) {
$this->set_error('bad_profile_field_values', array($profilefield['name']));
}
if ($options) {
$options .= "\n";
}
$options .= $db->escape_string($value);
}
} elseif ($type == "select" || $type == "radio") {
$expoptions = explode("\n", $thing[1]);
$expoptions = array_map('trim', $expoptions);
if (!in_array(htmlspecialchars_uni($profile_fields[$field]), $expoptions) && trim($profile_fields[$field]) != "") {
$this->set_error('bad_profile_field_values', array($profilefield['name']));
}
$options = $db->escape_string($profile_fields[$field]);
} elseif ($type == "textarea") {
if ($profilefield['maxlength'] > 0 && my_strlen($profile_fields[$field]) > $profilefield['maxlength']) {
$this->set_error('max_limit_reached', array($profilefield['name'], $profilefield['maxlength']));
}
$options = $db->escape_string($profile_fields[$field]);
} else {
if ($profilefield['maxlength'] > 0 && my_strlen($profile_fields[$field]) > $profilefield['maxlength']) {
$this->set_error('max_limit_reached', array($profilefield['name'], $profilefield['maxlength']));
}
$options = $db->escape_string($profile_fields[$field]);
}
$user['user_fields'][$field] = $options;
}
return true;
}
if (!isset($postoptions['public']) || $postoptions['public'] != '1') {
$postoptions['public'] = 0;
}
if (!isset($postoptions['closed']) || $postoptions['closed'] != '1') {
$postoptions['closed'] = 0;
}
$optioncount = "0";
$options = $mybb->input['options'];
for ($i = 1; $i <= $numoptions; ++$i) {
if (!isset($options[$i])) {
$options[$i] = '';
}
if (trim($options[$i]) != '') {
$optioncount++;
}
if (my_strlen($options[$i]) > $mybb->settings['polloptionlimit'] && $mybb->settings['polloptionlimit'] != 0) {
$lengtherror = 1;
break;
}
}
if (isset($lengtherror)) {
error($lang->error_polloptiontoolong);
}
$mybb->input['question'] = $mybb->get_input('question');
if (trim($mybb->input['question']) == '' || $optioncount < 2) {
error($lang->error_noquestionoptions);
}
$optionslist = '';
$voteslist = '';
$numvotes = '';
$votes = $mybb->input['votes'];
/**
* Parses IMG MyCode.
*
* @param string The URL to the image
* @param array Optional array of dimensions
*/
function mycode_parse_img($url, $dimensions = array(), $align = '')
{
global $lang;
$url = trim($url);
$url = str_replace("\n", "", $url);
$url = str_replace("\r", "", $url);
if (!empty($this->options['allow_html'])) {
$url = $this->parse_html($url);
}
$css_align = '';
if ($align == "right") {
$css_align = " style=\"float: right;\"";
} else {
if ($align == "left") {
$css_align = " style=\"float: left;\"";
}
}
$alt = basename($url);
$alt = htmlspecialchars_decode($alt);
if (my_strlen($alt) > 55) {
$alt = my_substr($alt, 0, 40) . '...' . my_substr($alt, -10);
}
$alt = htmlspecialchars_uni($alt);
$alt = $lang->sprintf($lang->posted_image, $alt);
if (isset($dimensions[0]) && $dimensions[0] > 0 && isset($dimensions[1]) && $dimensions[1] > 0) {
return "<img src=\"{$url}\" width=\"{$dimensions[0]}\" height=\"{$dimensions[1]}\" border=\"0\" alt=\"{$alt}\"{$css_align} />";
} else {
return "<img src=\"{$url}\" border=\"0\" alt=\"{$alt}\"{$css_align} />";
}
}
function firstpreview_pm()
{
global $mybb, $db, $charset, $headerinclude, $header;
$header = '<div class="arrow-down"></div>' . $header;
// Add jQuery and noConflict for MyBB 1.6.*
$jquery = '';
$noconflict = '';
if ($mybb->version < "1.7.0") {
$jquery = '<script type="text/javascript">
//<![CDATA[
if (!window.jQuery)
{
document.write(unescape("%3Cscript src=\\"http://code.jquery.com/jquery-latest.min.js\\" type=\\"text/javascript\\"%3E%3C/script%3E"));
}
//]]>
</script>';
$noconflict = 'jQuery.noConflict();';
}
// Background color
$bg_color = '#aaaaaa';
if (isset($mybb->settings['firstpreview_bg']) && preg_match('/^#([0-9a-f]{1,6})$/i', $mybb->settings['firstpreview_bg'])) {
$bg_color = htmlspecialchars_uni($mybb->settings['firstpreview_bg']);
}
// Close button
$close_preview = '#close_preview{display:none;cursor:pointer;background:#000;color:#fff;float:right;font-size:1em;font-weight:bold;text-align:center;width:20px;height:20px;border-radius:5px}';
if (isset($mybb->settings['firstpreview_close']) && $mybb->settings['firstpreview_close'] == 1) {
$close_preview = '#close_preview{cursor:pointer;background:#000;color:#fff;float:right;font-size:1em;font-weight:bold;text-align:center;width:20px;height:20px;border-radius:5px}';
}
// Insert the code
$headerinclude .= '
<!-- start: first_preview_plugin -->
<style type="text/css">
.modal_firstpost{text-align:left;border-radius:7px;-moz-border-radius:7px;-webkit-border-radius:7px;border:1px solid ' . $bgcolor . ';display:none;position:absolute;z-index:29000;width:390px;height:180px;overflow:hidden}
.fpreview{z-index:29001;width:390px;height:180px;overflow:auto;background:' . $bg_color . '}
.arrow-down{display:none;position:absolute;z-index:28999;width:0;height:0;border-left:20px solid transparent;border-right:20px solid transparent;border-top:20px solid ' . $bg_color . '}
.prev_content{padding:10px;height:auto;word-wrap:break-word;-webkit-hyphens:auto;-moz-hyphens:auto;-ms-hyphens:auto;-o-hyphens:auto;hyphens:auto;background:none}
' . $close_preview . '
</style>
' . $jquery . '
<script type="text/javascript">
//<![CDATA[
' . $noconflict . '
<!--
if(use_xmlhttprequest == 1) {
jQuery(document).ready(function(e){e(".pmprev").on("touchenter mouseenter",function(){id=e(this).attr("id");pmid=id.replace(/[^\\d.]/g,"");var t=e(this).offset().left;var n=e(this).offset().top-200;showPost=setTimeout(function(){e.ajax({url:"private.php?pmid="+pmid+"&firstpm=1",type:"post",complete:function(t){e(".modal_firstpost").html(t.responseText)}});e(".modal_firstpost").fadeIn("slow");e(".modal_firstpost").css("top",n);e(".modal_firstpost").css("left",t);e(".arrow-down").fadeIn("slow");e(".arrow-down").css("top",n+180);e(".arrow-down").css("left",t+20);},1500)});e(".pmprev").on("mouseleave touchleave touchend",function(){clearTimeout(showPost);});e(".modal_firstpost").on("mouseleave touchmove",function(){e(".modal_firstpost").fadeOut("slow");e(".arrow-down").fadeOut("fast")});e(".modal_firstpost").on("click", "#close_preview", function(){e(".modal_firstpost").fadeOut("slow");e(".arrow-down").fadeOut("fast")})});
}
//]]>
</script>
<!-- end: first_preview_plugin -->
';
// Get the pm preview
if (isset($mybb->input['firstpm']) && $mybb->input['firstpm'] == 1 && $mybb->request_method == "post") {
$pmid = (int) $mybb->input['pmid'];
$query = $db->simple_select('privatemessages', '*', "pmid = '" . $pmid . "'");
$pm = $db->fetch_array($query);
// Load the users own messages only
if ($pm['uid'] != $mybb->user['uid']) {
return;
}
require_once MYBB_ROOT . "inc/class_parser.php";
$parser = new postParser();
$pm['subject'] = htmlspecialchars_uni($parser->parse_badwords($pm['subject']));
$user = get_user($pm['fromid']);
$idtype = 'pmid';
$parser_options['allow_html'] = $mybb->settings['pmsallowhtml'];
$parser_options['allow_mycode'] = $mybb->settings['pmsallowmycode'];
$parser_options['allow_smilies'] = $mybb->settings['pmsallowsmilies'];
$parser_options['allow_imgcode'] = $mybb->settings['pmsallowimgcode'];
$parser_options['allow_videocode'] = $mybb->settings['pmsallowvideocode'];
$parser_options['me_username'] = $user['username'];
$parser_options['filter_badwords'] = 1;
$id = $pmid;
$pm['message'] = $parser->parse_message($pm['message'], $parser_options);
$pmdate = my_date($mybb->settings['dateformat'], $pm['dateline']);
$pmtime = my_date($mybb->settings['timeformat'], $pm['dateline']);
$pmsent = ' (' . $pmdate . ', ' . $pmtime . ')';
if (isset($mybb->settings['firstpreview_html']) && $mybb->settings['firstpreview_html'] != 1) {
$pm['message'] = strip_tags($pm['message'], "<br><p><ul><ol><li>");
}
if (!empty($mybb->settings['firstpreview_length']) && $mybb->settings['firstpreview_length'] != "0" && my_strlen($pm['message']) > (int) $mybb->settings['firstpreview_length']) {
$pm['message'] = preg_replace("!<a([^>]+)>!isU", "", $pm['message']);
$pm['message'] = str_replace("</a>", "", $pm['message']);
$pm['message'] = my_substr($pm['message'], 0, (int) $mybb->settings['firstpreview_length']) . '...<p><a href="private.php?action=read&pmid=' . (int) $pm['pmid'] . '">more</a></p>';
}
$preview = "<div class=\"fpreview\"><span id=\"close_preview\">❌</span>\n\t\t<div class=\"thead\" style=\"text-align:center; font-weight:bold; min-height:20px;\">" . $pm['subject'] . "</div>\n\t\t<div class=\"tcat\" style=\"padding-left:10px;\">" . build_profile_link(format_name(htmlspecialchars_uni($user['username']), (int) $user['usergroup'], (int) $user['displaygroup']), (int) $pm['fromid']) . "<span class=\"smalltext\">" . $pmsent . "</span></div>\n\t\t<div class=\"prev_content\">" . $pm['message'] . "</div>\n\t\t</div>";
header("Content-type: text/plain; charset={$charset}");
echo $preview;
exit;
}
}
/**
* Perform a thread and post search under MySQL or MySQLi using boolean fulltext capabilities
*
* @param array Array of search data
* @return array Array of search data with results mixed in
*/
function perform_search_mysql_ft($search)
{
global $mybb, $db, $lang;
$keywords = clean_keywords_ft($search['keywords']);
if (!$keywords && !$search['author']) {
error($lang->error_nosearchterms);
}
// Attempt to determine minimum word length from MySQL for fulltext searches
$query = $db->query("SHOW VARIABLES LIKE 'ft_min_word_len';");
$min_length = $db->fetch_field($query, 'Value');
if (is_numeric($min_length)) {
$mybb->settings['minsearchword'] = $min_length;
} else {
$mybb->settings['minsearchword'] = 4;
}
if ($keywords) {
$keywords_exp = explode("\"", $keywords);
$inquote = false;
foreach ($keywords_exp as $phrase) {
if (!$inquote) {
$split_words = preg_split("#\\s{1,}#", $phrase, -1);
foreach ($split_words as $word) {
$word = str_replace(array("+", "-", "*"), '', $word);
if (!$word) {
continue;
}
if (my_strlen($word) < $mybb->settings['minsearchword']) {
$all_too_short = true;
} else {
$all_too_short = false;
break;
}
}
} else {
$phrase = str_replace(array("+", "-", "*"), '', $phrase);
if (my_strlen($phrase) < $mybb->settings['minsearchword']) {
$all_too_short = true;
} else {
$all_too_short = false;
break;
}
}
$inquote = !$inquote;
}
// Show the minimum search term error only if all search terms are too short
if ($all_too_short == true) {
$lang->error_minsearchlength = $lang->sprintf($lang->error_minsearchlength, $mybb->settings['minsearchword']);
error($lang->error_minsearchlength);
}
$message_lookin = "AND MATCH(message) AGAINST('" . $db->escape_string($keywords) . "' IN BOOLEAN MODE)";
$subject_lookin = "AND MATCH(subject) AGAINST('" . $db->escape_string($keywords) . "' IN BOOLEAN MODE)";
}
$post_usersql = '';
$thread_usersql = '';
if ($search['author']) {
$userids = array();
if ($search['matchusername']) {
$query = $db->simple_select("users", "uid", "username='******'author']) . "'");
} else {
$search['author'] = my_strtolower($search['author']);
$query = $db->simple_select("users", "uid", "LOWER(username) LIKE '%" . $db->escape_string_like($db->escape_string($search['author'])) . "%'");
}
while ($user = $db->fetch_array($query)) {
$userids[] = $user['uid'];
}
if (count($userids) < 1) {
error($lang->error_nosearchresults);
} else {
$userids = implode(',', $userids);
$post_usersql = " AND p.uid IN (" . $userids . ")";
$thread_usersql = " AND t.uid IN (" . $userids . ")";
}
}
$datecut = '';
if ($search['postdate']) {
if ($search['pddir'] == 0) {
$datecut = "<=";
} else {
$datecut = ">=";
}
$now = TIME_NOW;
$datelimit = $now - 86400 * $search['postdate'];
$datecut .= "'{$datelimit}'";
$post_datecut = " AND p.dateline {$datecut}";
$thread_datecut = " AND t.dateline {$datecut}";
}
$thread_replycut = '';
if ($search['numreplies'] != '' && $search['findthreadst']) {
if (intval($search['findthreadst']) == 1) {
$thread_replycut = " AND t.replies >= '" . intval($search['numreplies']) . "'";
} else {
$thread_replycut = " AND t.replies <= '" . intval($search['numreplies']) . "'";
}
}
$forumin = '';
$fidlist = array();
$searchin = array();
if ($search['forums'] != "all") {
if (!is_array($search['forums'])) {
$search['forums'] = array(intval($search['forums']));
}
foreach ($search['forums'] as $forum) {
$forum = intval($forum);
if (!$searchin[$forum]) {
switch ($db->type) {
case "pgsql":
case "sqlite3":
case "sqlite2":
$query = $db->query("\n\t\t\t\t\t\t\tSELECT f.fid \n\t\t\t\t\t\t\tFROM " . TABLE_PREFIX . "forums f \n\t\t\t\t\t\t\tLEFT JOIN " . TABLE_PREFIX . "forumpermissions p ON (f.fid=p.fid AND p.gid='" . $mybb->user['usergroup'] . "') \n\t\t\t\t\t\t\tWHERE INSTR(','||parentlist||',',',{$forum},') > 0 AND active!=0 AND (ISNULL(p.fid) OR p.cansearch=1)\n\t\t\t\t\t\t");
break;
default:
$query = $db->query("\n\t\t\t\t\t\t\tSELECT f.fid \n\t\t\t\t\t\t\tFROM " . TABLE_PREFIX . "forums f \n\t\t\t\t\t\t\tLEFT JOIN " . TABLE_PREFIX . "forumpermissions p ON (f.fid=p.fid AND p.gid='" . $mybb->user['usergroup'] . "') \n\t\t\t\t\t\t\tWHERE INSTR(CONCAT(',',parentlist,','),',{$forum},') > 0 AND active!=0 AND (ISNULL(p.fid) OR p.cansearch=1)\n\t\t\t\t\t\t");
}
while ($sforum = $db->fetch_array($query)) {
$fidlist[] = $sforum['fid'];
}
}
}
if (count($fidlist) == 1) {
$forumin .= " AND t.fid='{$forum}' ";
$searchin[$fid] = 1;
} else {
if (count($fidlist) > 1) {
$forumin = " AND t.fid IN (" . implode(',', $fidlist) . ")";
}
}
}
$unsearchforums = get_unsearchable_forums();
if ($unsearchforums) {
$permsql = " AND t.fid NOT IN ({$unsearchforums})";
}
$inactiveforums = get_inactive_forums();
if ($inactiveforums) {
$permsql .= " AND t.fid NOT IN ({$inactiveforums})";
}
// Searching a specific thread?
if ($search['tid']) {
$tidsql = " AND t.tid='" . intval($search['tid']) . "'";
}
$limitsql = '';
if (intval($mybb->settings['searchhardlimit']) > 0) {
$limitsql = "LIMIT " . intval($mybb->settings['searchhardlimit']);
}
// Searching both posts and thread titles
$threads = array();
$posts = array();
$firstposts = array();
if ($search['postthread'] == 1) {
// No need to search subjects when looking for results within a specific thread
if (!$search['tid']) {
$query = $db->query("\n\t\t\t\tSELECT t.tid, t.firstpost\n\t\t\t\tFROM " . TABLE_PREFIX . "threads t\n\t\t\t\tWHERE 1=1 {$thread_datecut} {$thread_replycut} {$forumin} {$thread_usersql} {$permsql} AND t.visible>=0 AND t.closed NOT LIKE 'moved|%' {$subject_lookin}\n\t\t\t\t{$limitsql}\n\t\t\t");
while ($thread = $db->fetch_array($query)) {
$threads[$thread['tid']] = $thread['tid'];
if ($thread['firstpost']) {
$posts[$thread['tid']] = $thread['firstpost'];
}
}
}
$query = $db->query("\n\t\t\tSELECT p.pid, p.tid\n\t\t\tFROM " . TABLE_PREFIX . "posts p\n\t\t\tLEFT JOIN " . TABLE_PREFIX . "threads t ON (t.tid=p.tid)\n\t\t\tWHERE 1=1 {$post_datecut} {$thread_replycut} {$forumin} {$post_usersql} {$permsql} {$tidsql} AND p.visible>=0 AND t.visible>=0 AND t.closed NOT LIKE 'moved|%' {$message_lookin}\n\t\t\t{$limitsql}\n\t\t");
while ($post = $db->fetch_array($query)) {
$posts[$post['pid']] = $post['pid'];
$threads[$post['tid']] = $post['tid'];
}
if (count($posts) < 1 && count($threads) < 1) {
error($lang->error_nosearchresults);
}
$threads = implode(',', $threads);
$posts = implode(',', $posts);
} else {
$query = $db->query("\n\t\t\tSELECT t.tid, t.firstpost\n\t\t\tFROM " . TABLE_PREFIX . "threads t\n\t\t\tWHERE 1=1 {$thread_datecut} {$thread_replycut} {$forumin} {$thread_usersql} {$permsql} AND t.visible>=0 {$subject_lookin}\n\t\t\t{$limitsql}\n\t\t");
while ($thread = $db->fetch_array($query)) {
$threads[$thread['tid']] = $thread['tid'];
if ($thread['firstpost']) {
$firstposts[$thread['tid']] = $thread['firstpost'];
}
}
if (count($threads) < 1) {
error($lang->error_nosearchresults);
}
$threads = implode(',', $threads);
$firstposts = implode(',', $firstposts);
if ($firstposts) {
$query = $db->simple_select("posts", "pid", "pid IN ({$firstposts}) AND visible >= '0' {$limitsql}");
while ($post = $db->fetch_array($query)) {
$posts[$post['pid']] = $post['pid'];
}
$posts = implode(',', $posts);
}
}
return array("threads" => $threads, "posts" => $posts, "querycache" => '');
}
/**
* Builds the "view management" interface allowing administrators to edit their custom designed "views"
*
* @param string The base URL to this instance of the view manager
* @param string The internal type identifier for this view
* @param array Array of fields this view supports
* @param array Array of possible sort options this view supports if any
* @param string Optional callback function which generates list of "conditions" for this view
*/
function view_manager($base_url, $type, $fields, $sort_options = array(), $conditions_callback = "")
{
global $mybb, $db, $page, $lang;
$sub_tabs['views'] = array('title' => $lang->views, 'link' => "{$base_url}&action=views", 'description' => $lang->views_desc);
$sub_tabs['create_view'] = array('title' => $lang->create_new_view, 'link' => "{$base_url}&action=views&do=add", 'description' => $lang->create_new_view_desc);
$page->add_breadcrumb_item($lang->view_manager, 'index.php?module=user-users&action=views');
// Lang strings should be in global lang file
if ($mybb->input['do'] == "set_default") {
$query = $db->simple_select("adminviews", "vid, uid, visibility", "vid='" . $mybb->get_input('vid', MyBB::INPUT_INT) . "'");
$admin_view = $db->fetch_array($query);
if (!$admin_view['vid'] || $admin_view['visibility'] == 1 && $mybb->user['uid'] != $admin_view['uid']) {
flash_message($lang->error_invalid_admin_view, 'error');
admin_redirect($base_url . "&action=views");
}
set_default_view($type, $admin_view['vid']);
flash_message($lang->succuss_view_set_as_default, 'success');
admin_redirect($base_url . "&action=views");
}
if ($mybb->input['do'] == "add") {
if ($mybb->request_method == "post") {
if (!trim($mybb->input['title'])) {
$errors[] = $lang->error_missing_view_title;
}
if ($mybb->input['fields_js']) {
$mybb->input['fields'] = explode(",", $mybb->input['fields_js']);
}
if (count($mybb->input['fields']) <= 0) {
$errors[] = $lang->error_no_view_fields;
}
if ($mybb->get_input('perpage', MyBB::INPUT_INT) <= 0) {
$errors[] = $lang->error_invalid_view_perpage;
}
if (!in_array($mybb->input['sortby'], array_keys($sort_options))) {
$errors[] = $lang->error_invalid_view_sortby;
}
if ($mybb->input['sortorder'] != "asc" && $mybb->input['sortorder'] != "desc") {
$errors[] = $lang->error_invalid_view_sortorder;
}
if ($mybb->input['visibility'] == 0) {
$mybb->input['visibility'] = 2;
}
if (!$errors) {
$new_view = array("uid" => $mybb->user['uid'], "title" => $db->escape_string($mybb->input['title']), "type" => $type, "visibility" => $mybb->get_input('visibility', MyBB::INPUT_INT), "fields" => $db->escape_string(my_serialize($mybb->input['fields'])), "conditions" => $db->escape_string(my_serialize($mybb->input['conditions'])), "custom_profile_fields" => $db->escape_string(my_serialize($mybb->input['profile_fields'])), "sortby" => $db->escape_string($mybb->input['sortby']), "sortorder" => $db->escape_string($mybb->input['sortorder']), "perpage" => $mybb->get_input('perpage', MyBB::INPUT_INT), "view_type" => $db->escape_string($mybb->input['view_type']));
$vid = $db->insert_query("adminviews", $new_view);
if ($mybb->input['isdefault']) {
set_default_view($type, $vid);
}
flash_message($lang->success_view_created, "success");
admin_redirect($base_url . "&vid={$vid}");
}
} else {
$mybb->input = array_merge($mybb->input, array('perpage' => 20));
}
// Write in our JS based field selector
$page->extra_header .= "<script src=\"jscripts/view_manager.js\" type=\"text/javascript\"></script>\n";
$page->add_breadcrumb_item($lang->create_new_view);
$page->output_header($lang->create_new_view);
$form = new Form($base_url . "&action=views&do=add", "post");
$page->output_nav_tabs($sub_tabs, 'create_view');
// If we have any error messages, show them
if ($errors) {
$page->output_inline_error($errors);
}
$form_container = new FormContainer($lang->create_new_view);
$form_container->output_row($lang->title . " <em>*</em>", "", $form->generate_text_box('title', $mybb->input['title'], array('id' => 'title')), 'title');
if ($mybb->input['visibility'] == 2) {
$visibility_public_checked = true;
} else {
$visibility_private_checked = true;
}
$visibility_options = array($form->generate_radio_button("visibility", "1", "<strong>{$lang->private}</strong> - {$lang->private_desc}", array("checked" => $visibility_private_checked)), $form->generate_radio_button("visibility", "2", "<strong>{$lang->public}</strong> - {$lang->public_desc}", array("checked" => $visibility_public_checked)));
$form_container->output_row($lang->visibility, "", implode("<br />", $visibility_options));
$form_container->output_row($lang->set_as_default_view, "", $form->generate_yes_no_radio("isdefault", $mybb->input['isdefault'], array('yes' => 1, 'no' => 0)));
if (count($sort_options) > 0) {
$sort_directions = array("asc" => $lang->ascending, "desc" => $lang->descending);
$form_container->output_row($lang->sort_results_by, "", $form->generate_select_box('sortby', $sort_options, $mybb->input['sortby'], array('id' => 'sortby')) . " {$lang->in} " . $form->generate_select_box('sortorder', $sort_directions, $mybb->input['sortorder'], array('id' => 'sortorder')), 'sortby');
}
$form_container->output_row($lang->results_per_page, "", $form->generate_numeric_field('perpage', $mybb->input['perpage'], array('id' => 'perpage', 'min' => 1)), 'perpage');
if ($type == "user") {
$form_container->output_row($lang->display_results_as, "", $form->generate_radio_button('view_type', 'table', $lang->table, array('checked' => $mybb->input['view_type'] != "card" ? true : false)) . "<br />" . $form->generate_radio_button('view_type', 'card', $lang->business_card, array('checked' => $mybb->input['view_type'] == "card" ? true : false)));
}
$form_container->end();
$field_select .= "<div class=\"view_fields\">\n";
$field_select .= "<div class=\"enabled\"><div class=\"fields_title\">{$lang->enabled}</div><ul id=\"fields_enabled\">\n";
if (is_array($mybb->input['fields'])) {
foreach ($mybb->input['fields'] as $field) {
if ($fields[$field]) {
$field_select .= "<li id=\"field-{$field}\">• {$fields[$field]['title']}</li>";
$active[$field] = 1;
}
}
}
$field_select .= "</ul></div>\n";
$field_select .= "<div class=\"disabled\"><div class=\"fields_title\">{$lang->disabled}</div><ul id=\"fields_disabled\">\n";
foreach ($fields as $key => $field) {
if ($active[$key]) {
continue;
}
$field_select .= "<li id=\"field-{$key}\">• {$field['title']}</li>";
}
$field_select .= "</div></ul>\n";
$field_select .= $form->generate_hidden_field("fields_js", @implode(",", @array_keys($active)), array('id' => 'fields_js'));
$field_select = str_replace("'", "\\'", $field_select);
$field_select = str_replace("\n", "", $field_select);
$field_select = "<script type=\"text/javascript\">\n//<![CDATA[\ndocument.write('" . str_replace("/", "\\/", $field_select) . "');\n//]]>\n</script>\n";
foreach ($fields as $key => $field) {
$field_options[$key] = $field['title'];
}
$field_select .= "<noscript>" . $form->generate_select_box('fields[]', $field_options, $mybb->input['fields'], array('id' => 'fields', 'multiple' => true)) . "</noscript>\n";
$form_container = new FormContainer($lang->fields_to_show);
$form_container->output_row($lang->fields_to_show_desc, $description, $field_select);
$form_container->end();
// Build the search conditions
if (function_exists($conditions_callback)) {
$conditions_callback($mybb->input, $form);
}
$buttons[] = $form->generate_submit_button($lang->save_view);
$form->output_submit_wrapper($buttons);
$form->end();
$page->output_footer();
} else {
if ($mybb->input['do'] == "edit") {
$query = $db->simple_select("adminviews", "*", "vid='" . $mybb->get_input('vid', MyBB::INPUT_INT) . "'");
$admin_view = $db->fetch_array($query);
// Does the view not exist?
if (!$admin_view['vid'] || $admin_view['visibility'] == 1 && $mybb->user['uid'] != $admin_view['uid']) {
flash_message($lang->error_invalid_admin_view, 'error');
admin_redirect($base_url . "&action=views");
}
if ($mybb->request_method == "post") {
if (!trim($mybb->input['title'])) {
$errors[] = $lang->error_missing_view_title;
}
if ($mybb->input['fields_js']) {
$mybb->input['fields'] = explode(",", $mybb->input['fields_js']);
}
if (count($mybb->input['fields']) <= 0) {
$errors[] = $lang->error_no_view_fields;
}
if ($mybb->get_input('perpage', MyBB::INPUT_INT) <= 0) {
$errors[] = $lang->error_invalid_view_perpage;
}
if (!in_array($mybb->input['sortby'], array_keys($sort_options))) {
$errors[] = $lang->error_invalid_view_sortby;
}
if ($mybb->input['sortorder'] != "asc" && $mybb->input['sortorder'] != "desc") {
$errors[] = $lang->error_invalid_view_sortorder;
}
if ($mybb->input['visibility'] == 0) {
$mybb->input['visibility'] = 2;
}
if (!$errors) {
$updated_view = array("title" => $db->escape_string($mybb->input['title']), "type" => $type, "visibility" => $mybb->get_input('visibility', MyBB::INPUT_INT), "fields" => $db->escape_string(my_serialize($mybb->input['fields'])), "conditions" => $db->escape_string(my_serialize($mybb->input['conditions'])), "custom_profile_fields" => $db->escape_string(my_serialize($mybb->input['profile_fields'])), "sortby" => $db->escape_string($mybb->input['sortby']), "sortorder" => $db->escape_string($mybb->input['sortorder']), "perpage" => $mybb->get_input('perpage', MyBB::INPUT_INT), "view_type" => $db->escape_string($mybb->input['view_type']));
$db->update_query("adminviews", $updated_view, "vid='{$admin_view['vid']}'");
if ($mybb->input['isdefault']) {
set_default_view($type, $admin_view['vid']);
}
flash_message($lang->success_view_updated, "success");
admin_redirect($base_url . "&vid={$admin_view['vid']}");
}
}
// Write in our JS based field selector
$page->extra_header .= "<script src=\"jscripts/view_manager.js\" type=\"text/javascript\"></script>\n";
$page->add_breadcrumb_item($lang->edit_view);
$page->output_header($lang->edit_view);
$form = new Form($base_url . "&action=views&do=edit&vid={$admin_view['vid']}", "post");
$sub_tabs = array();
$sub_tabs['edit_view'] = array('title' => $lang->edit_view, 'link' => $base_url . "&action=views&do=edit&vid={$admin_view['vid']}", 'description' => $lang->edit_view_desc);
$page->output_nav_tabs($sub_tabs, 'edit_view');
// If we have any error messages, show them
if ($errors) {
$page->output_inline_error($errors);
} else {
$admin_view['conditions'] = my_unserialize($admin_view['conditions']);
$admin_view['fields'] = my_unserialize($admin_view['fields']);
$admin_view['profile_fields'] = my_unserialize($admin_view['custom_profile_fields']);
$mybb->input = array_merge($mybb->input, $admin_view);
$mybb->input['isdefault'] = 0;
$default_view = fetch_default_view($type);
if ($default_view == $admin_view['vid']) {
$mybb->input['isdefault'] = 1;
}
}
$form_container = new FormContainer($lang->edit_view);
$form_container->output_row($lang->view . " <em>*</em>", "", $form->generate_text_box('title', $mybb->input['title'], array('id' => 'title')), 'title');
if ($mybb->input['visibility'] == 2) {
$visibility_public_checked = true;
} else {
$visibility_private_checked = true;
}
$visibility_options = array($form->generate_radio_button("visibility", "1", "<strong>{$lang->private}</strong> - {$lang->private_desc}", array("checked" => $visibility_private_checked)), $form->generate_radio_button("visibility", "2", "<strong>{$lang->public}</strong> - {$lang->public_desc}", array("checked" => $visibility_public_checked)));
$form_container->output_row($lang->visibility, "", implode("<br />", $visibility_options));
$form_container->output_row($lang->set_as_default_view, "", $form->generate_yes_no_radio("isdefault", $mybb->input['isdefault'], array('yes' => 1, 'no' => 0)));
if (count($sort_options) > 0) {
$sort_directions = array("asc" => $lang->ascending, "desc" => $lang->descending);
$form_container->output_row($lang->sort_results_by, "", $form->generate_select_box('sortby', $sort_options, $mybb->input['sortby'], array('id' => 'sortby')) . " {$lang->in} " . $form->generate_select_box('sortorder', $sort_directions, $mybb->input['sortorder'], array('id' => 'sortorder')), 'sortby');
}
$form_container->output_row($lang->results_per_page, "", $form->generate_numeric_field('perpage', $mybb->input['perpage'], array('id' => 'perpage', 'min' => 1)), 'perpage');
if ($type == "user") {
$form_container->output_row($lang->display_results_as, "", $form->generate_radio_button('view_type', 'table', $lang->table, array('checked' => $mybb->input['view_type'] != "card" ? true : false)) . "<br />" . $form->generate_radio_button('view_type', 'card', $lang->business_card, array('checked' => $mybb->input['view_type'] == "card" ? true : false)));
}
$form_container->end();
$field_select .= "<div class=\"view_fields\">\n";
$field_select .= "<div class=\"enabled\"><div class=\"fields_title\">{$lang->enabled}</div><ul id=\"fields_enabled\">\n";
if (is_array($mybb->input['fields'])) {
foreach ($mybb->input['fields'] as $field) {
if ($fields[$field]) {
$field_select .= "<li id=\"field-{$field}\">• {$fields[$field]['title']}</li>";
$active[$field] = 1;
}
}
}
$field_select .= "</ul></div>\n";
$field_select .= "<div class=\"disabled\"><div class=\"fields_title\">{$lang->disabled}</div><ul id=\"fields_disabled\">\n";
if (is_array($fields)) {
foreach ($fields as $key => $field) {
if ($active[$key]) {
continue;
}
$field_select .= "<li id=\"field-{$key}\">• {$field['title']}</li>";
}
}
$field_select .= "</div></ul>\n";
$field_select .= $form->generate_hidden_field("fields_js", @implode(",", @array_keys($active)), array('id' => 'fields_js'));
$field_select = str_replace("'", "\\'", $field_select);
$field_select = str_replace("\n", "", $field_select);
$field_select = "<script type=\"text/javascript\">\n//<![CDATA[\ndocument.write('" . str_replace("/", "\\/", $field_select) . "');\n//]]></script>\n";
foreach ($fields as $key => $field) {
$field_options[$key] = $field['title'];
}
$field_select .= "<noscript>" . $form->generate_select_box('fields[]', $field_options, $mybb->input['fields'], array('id' => 'fields', 'multiple' => true)) . "</noscript>\n";
$form_container = new FormContainer($lang->fields_to_show);
$form_container->output_row($lang->fields_to_show_desc, $description, $field_select);
$form_container->end();
// Build the search conditions
if (function_exists($conditions_callback)) {
$conditions_callback($mybb->input, $form);
}
$buttons[] = $form->generate_submit_button($lang->save_view);
$form->output_submit_wrapper($buttons);
$form->end();
$page->output_footer();
} else {
if ($mybb->input['do'] == "delete") {
if ($mybb->input['no']) {
admin_redirect($base_url . "&action=views");
}
$query = $db->simple_select("adminviews", "COUNT(vid) as views");
$views = $db->fetch_field($query, "views");
if ($views == 0) {
flash_message($lang->error_cannot_delete_view, 'error');
admin_redirect($base_url . "&action=views");
}
$vid = $mybb->get_input('vid', MyBB::INPUT_INT);
$query = $db->simple_select("adminviews", "vid, uid, visibility", "vid = '{$vid}'");
$admin_view = $db->fetch_array($query);
if ($vid == 1 || !$admin_view['vid'] || $admin_view['visibility'] == 1 && $mybb->user['uid'] != $admin_view['uid']) {
flash_message($lang->error_invalid_view_delete, 'error');
admin_redirect($base_url . "&action=views");
}
if ($mybb->request_method == "post") {
$db->delete_query("adminviews", "vid='{$admin_view['vid']}'");
flash_message($lang->success_view_deleted, 'success');
admin_redirect($base_url . "&action=views");
} else {
$page->output_confirm_action($base_url . "&action=views&do=delete&vid={$admin_view['vid']}", $lang->confirm_view_deletion);
}
} else {
if ($mybb->input['do'] == "export") {
$xml = "<?xml version=\"1.0\" encoding=\"ISO-8859-1\"?" . ">\n";
$xml = "<adminviews version=\"" . $mybb->version_code . "\" exported=\"" . TIME_NOW . "\">\n";
if ($mybb->input['type']) {
$type_where = "type='" . $db->escape_string($mybb->input['type']) . "'";
}
$query = $db->simple_select("adminviews", "*", $type_where);
while ($admin_view = $db->fetch_array($query)) {
$fields = my_unserialize($admin_view['fields']);
$conditions = my_unserialize($admin_view['conditions']);
$admin_view['title'] = str_replace(']]>', ']]]]><![CDATA[>', $admin_view['title']);
$admin_view['sortby'] = str_replace(']]>', ']]]]><![CDATA[>', $admin_view['sortby']);
$admin_view['sortorder'] = str_replace(']]>', ']]]]><![CDATA[>', $admin_view['sortorder']);
$admin_view['view_type'] = str_replace(']]>', ']]]]><![CDATA[>', $admin_view['view_type']);
$xml .= "\t<view vid=\"{$admin_view['vid']}\" uid=\"{$admin_view['uid']}\" type=\"{$admin_view['type']}\" visibility=\"{$admin_view['visibility']}\">\n";
$xml .= "\t\t<title><![CDATA[{$admin_view['title']}]]></title>\n";
$xml .= "\t\t<fields>\n";
foreach ($fields as $field) {
$xml .= "\t\t\t<field name=\"{$field}\" />\n";
}
$xml .= "\t\t</fields>\n";
$xml .= "\t\t<conditions>\n";
foreach ($conditions as $name => $condition) {
if (!$conditions) {
continue;
}
if (is_array($condition)) {
$condition = my_serialize($condition);
$is_serialized = " is_serialized=\"1\"";
}
$condition = str_replace(']]>', ']]]]><![CDATA[>', $condition);
$xml .= "\t\t\t<condition name=\"{$name}\"{$is_serialized}><![CDATA[{$condition}]]></condition>\n";
}
$xml .= "\t\t</conditions>\n";
$xml .= "\t\t<sortby><![CDATA[{$admin_view['sortby']}]]></sortby>\n";
$xml .= "\t\t<sortorder><![CDATA[{$admin_view['sortorder']}]]></sortorder>\n";
$xml .= "\t\t<perpage><![CDATA[{$admin_view['perpage']}]]></perpage>\n";
$xml .= "\t\t<view_type><![CDATA[{$admin_view['view_type']}]]></view_type>\n";
$xml .= "\t</view>\n";
}
$xml .= "</adminviews>\n";
$mybb->settings['bbname'] = urlencode($mybb->settings['bbname']);
header("Content-disposition: filename=" . $mybb->settings['bbname'] . "-views.xml");
header("Content-Length: " . my_strlen($xml));
header("Content-type: unknown/unknown");
header("Pragma: no-cache");
header("Expires: 0");
echo $xml;
exit;
} else {
$page->output_header($lang->view_manager);
$page->output_nav_tabs($sub_tabs, 'views');
$table = new Table();
$table->construct_header($lang->view);
$table->construct_header($lang->controls, array("class" => "align_center", "width" => 150));
$default_view = fetch_default_view($type);
$query = $db->simple_select("adminviews", "COUNT(vid) as views");
$views = $db->fetch_field($query, "views");
$query = $db->query("\n\t\t\tSELECT v.*, u.username\n\t\t\tFROM " . TABLE_PREFIX . "adminviews v\n\t\t\tLEFT JOIN " . TABLE_PREFIX . "users u ON (u.uid=v.uid)\n\t\t\tWHERE v.visibility='2' OR (v.visibility='1' AND v.uid='{$mybb->user['uid']}')\n\t\t\tORDER BY title\n\t\t");
while ($view = $db->fetch_array($query)) {
$created = "";
if ($view['uid'] == 0) {
$view_type = "default";
$default_class = "grey";
} else {
if ($view['visibility'] == 2) {
$view_type = "group";
if ($view['username']) {
$created = "<br /><small>{$lang->created_by} {$view['username']}</small>";
}
} else {
$view_type = "user";
}
}
$default_add = '';
if ($default_view == $view['vid']) {
$default_add = " ({$lang->default})";
}
$title_string = "view_title_{$view['vid']}";
if ($lang->{$title_string}) {
$view['title'] = $lang->{$title_string};
}
$table->construct_cell("<div class=\"float_right\"><img src=\"styles/{$page->style}/images/icons/{$view_type}.png\" title=\"" . $lang->sprintf($lang->this_is_a_view, $view_type) . "\" alt=\"{$view_type}\" /></div><div class=\"{$default_class}\"><strong><a href=\"{$base_url}&action=views&do=edit&vid={$view['vid']}\" >{$view['title']}</a></strong>{$default_add}{$created}</div>");
$popup = new PopupMenu("view_{$view['vid']}", $lang->options);
$popup->add_item($lang->edit_view, "{$base_url}&action=views&do=edit&vid={$view['vid']}");
if ($view['vid'] != $default_view) {
$popup->add_item($lang->set_as_default, "{$base_url}&action=views&do=set_default&vid={$view['vid']}");
}
if ($views > 1 && $view['vid'] != 1) {
$popup->add_item($lang->delete_view, "{$base_url}&action=views&do=delete&vid={$view['vid']}&my_post_key={$mybb->post_code}", "return AdminCP.deleteConfirmation(this, '{$lang->confirm_view_deletion}')");
}
$controls = $popup->fetch();
$table->construct_cell($controls, array("class" => "align_center"));
$table->construct_row();
}
$table->output($lang->view);
echo <<<LEGEND
<br />
<fieldset>
<legend>{$lang->legend}</legend>
<img src="styles/{$page->style}/images/icons/default.png" alt="{$lang->default}" style="vertical-align: middle;" /> {$lang->default_view_desc}<br />
<img src="styles/{$page->style}/images/icons/group.png" alt="{$lang->public}" style="vertical-align: middle;" /> {$lang->public_view_desc}<br />
<img src="styles/{$page->style}/images/icons/user.png" alt="{$lang->private}" style="vertical-align: middle;" /> {$lang->private_view_desc}</fieldset>
LEGEND;
$page->output_footer();
}
}
}
}
}
/**
* Verifies a post message.
*
* @param string The message content.
*/
function verify_message()
{
global $mybb;
$post =& $this->data;
$post['message'] = trim_blank_chrs($post['message']);
// Do we even have a message at all?
if (my_strlen($post['message']) == 0) {
$this->set_error("missing_message");
return false;
} else {
if (strlen($post['message']) > $mybb->settings['maxmessagelength'] && $mybb->settings['maxmessagelength'] > 0 && !is_moderator($post['fid'], "", $post['uid'])) {
$this->set_error("message_too_long", array($mybb->settings['maxmessagelength'], strlen($post['message'])));
return false;
} else {
if (!isset($post['fid'])) {
$post['fid'] = 0;
}
if (!$mybb->settings['mycodemessagelength']) {
// Check to see of the text is full of MyCode
require_once MYBB_ROOT . "inc/class_parser.php";
$parser = new postParser();
$message = $parser->text_parse_message($post['message']);
if (my_strlen($message) < $mybb->settings['minmessagelength'] && $mybb->settings['minmessagelength'] > 0 && !is_moderator($post['fid'], "", $post['uid'])) {
$this->set_error("message_too_short", array($mybb->settings['minmessagelength']));
return false;
}
} else {
if (my_strlen($post['message']) < $mybb->settings['minmessagelength'] && $mybb->settings['minmessagelength'] > 0 && !is_moderator($post['fid'], "", $post['uid'])) {
$this->set_error("message_too_short", array($mybb->settings['minmessagelength']));
return false;
}
}
}
}
return true;
}
/**
* Initialize a session
*/
function init()
{
global $db, $mybb, $cache;
// Get our visitor's IP.
$this->ipaddress = get_ip();
// Find out the user agent.
$this->useragent = $_SERVER['HTTP_USER_AGENT'];
if (my_strlen($this->useragent) > 100) {
$this->useragent = my_substr($this->useragent, 0, 100);
}
// Attempt to find a session id in the cookies.
if (isset($mybb->cookies['sid'])) {
$this->sid = $db->escape_string($mybb->cookies['sid']);
// Load the session
$query = $db->simple_select("sessions", "*", "sid='{$this->sid}' AND ip='" . $db->escape_string($this->ipaddress) . "'", array('limit' => 1));
$session = $db->fetch_array($query);
if ($session['sid']) {
$this->sid = $session['sid'];
$this->uid = $session['uid'];
} else {
$this->sid = 0;
$this->uid = 0;
$this->logins = 1;
$this->failedlogin = 0;
}
}
// Still no session, fall back
if (!$this->sid) {
$this->sid = 0;
$this->uid = 0;
$this->logins = 1;
$this->failedlogin = 0;
}
// If we have a valid session id and user id, load that users session.
if ($mybb->cookies['mybbuser']) {
$logon = explode("_", $mybb->cookies['mybbuser'], 2);
$this->load_user($logon[0], $logon[1]);
}
// If no user still, then we have a guest.
if (!isset($mybb->user['uid'])) {
// Detect if this guest is a search engine spider. (bots don't get a cookied session ID so we first see if that's set)
if (!$this->sid) {
$spiders = $cache->read("spiders");
if (is_array($spiders)) {
foreach ($spiders as $spider) {
if (my_strpos(my_strtolower($this->useragent), my_strtolower($spider['useragent'])) !== false) {
$this->load_spider($spider['sid']);
}
}
}
}
// Still nothing? JUST A GUEST!
if (!$this->is_spider) {
$this->load_guest();
}
}
// As a token of our appreciation for getting this far (and they aren't a spider), give the user a cookie
if ($this->sid && $mybb->cookies['sid'] != $this->sid && $this->is_spider != true) {
my_setcookie("sid", $this->sid, -1, true);
}
}
/**
* Build a list of forum bits.
*
* @param int The parent forum to fetch the child forums for (0 assumes all)
* @param int The depth to return forums with.
* @return array Array of information regarding the child forums of this parent forum
*/
function build_forumbits($pid = 0, $depth = 1)
{
global $fcache, $moderatorcache, $forumpermissions, $theme, $mybb, $templates, $bgcolor, $collapsed, $lang, $showdepth, $plugins, $parser, $forum_viewers;
$forum_listing = '';
// If no forums exist with this parent, do nothing
if (!is_array($fcache[$pid])) {
return;
}
// Foreach of the forums in this parent
foreach ($fcache[$pid] as $parent) {
foreach ($parent as $forum) {
$forums = $subforums = $sub_forums = '';
$lastpost_data = '';
$counters = '';
$forum_viewers_text = '';
$forum_viewers_text_plain = '';
// Get the permissions for this forum
$permissions = $forumpermissions[$forum['fid']];
// If this user doesnt have permission to view this forum and we're hiding private forums, skip this forum
if ($permissions['canview'] != 1 && $mybb->settings['hideprivateforums'] == 1) {
continue;
}
$plugins->run_hooks_by_ref("build_forumbits_forum", $forum);
// Build the link to this forum
$forum_url = get_forum_link($forum['fid']);
// This forum has a password, and the user isn't authenticated with it - hide post information
$hideinfo = false;
$showlockicon = 0;
if ($permissions['canviewthreads'] != 1) {
$hideinfo = true;
}
if ($forum['password'] != '' && $mybb->cookies['forumpass'][$forum['fid']] != md5($mybb->user['uid'] . $forum['password'])) {
$hideinfo = true;
$showlockicon = 1;
}
$lastpost_data = array("lastpost" => $forum['lastpost'], "lastpostsubject" => $forum['lastpostsubject'], "lastposter" => $forum['lastposter'], "lastposttid" => $forum['lastposttid'], "lastposteruid" => $forum['lastposteruid']);
// Fetch subforums of this forum
if (isset($fcache[$forum['fid']])) {
$forum_info = build_forumbits($forum['fid'], $depth + 1);
// Increment forum counters with counters from child forums
$forum['threads'] += $forum_info['counters']['threads'];
$forum['posts'] += $forum_info['counters']['posts'];
$forum['unapprovedthreads'] += $forum_info['counters']['unapprovedthreads'];
$forum['unapprovedposts'] += $forum_info['counters']['unapprovedposts'];
$forum['viewers'] += $forum_info['counters']['viewing'];
// If the child forums' lastpost is greater than the one for this forum, set it as the child forums greatest.
if ($forum_info['lastpost']['lastpost'] > $lastpost_data['lastpost']) {
$lastpost_data = $forum_info['lastpost'];
}
$sub_forums = $forum_info['forum_list'];
}
// If we are hiding information (lastpost) because we aren't authenticated against the password for this forum, remove them
if ($hideinfo == true) {
unset($lastpost_data);
}
// If the current forums lastpost is greater than other child forums of the current parent, overwrite it
if ($lastpost_data['lastpost'] > $parent_lastpost['lastpost']) {
$parent_lastpost = $lastpost_data;
}
if (is_array($forum_viewers) && $forum_viewers[$forum['fid']] > 0) {
$forum['viewers'] = $forum_viewers[$forum['fid']];
}
// Increment the counters for the parent forum (returned later)
if ($hideinfo != true) {
$parent_counters['threads'] += $forum['threads'];
$parent_counters['posts'] += $forum['posts'];
$parent_counters['unapprovedposts'] += $forum['unapprovedposts'];
$parent_counters['unapprovedthreads'] += $forum['unapprovedthreads'];
$parent_counters['viewers'] += $forum['viewers'];
}
// Done with our math, lets talk about displaying - only display forums which are under a certain depth
if ($depth > $showdepth) {
continue;
}
// Get the lightbulb status indicator for this forum based on the lastpost
$lightbulb = get_forum_lightbulb($forum, $lastpost_data, $showlockicon);
// Fetch the number of unapproved threads and posts for this forum
$unapproved = get_forum_unapproved($forum);
if ($hideinfo == true) {
unset($unapproved);
}
// Sanitize name and description of forum.
$forum['name'] = preg_replace("#&(?!\\#[0-9]+;)#si", "&", $forum['name']);
// Fix & but allow unicode
$forum['description'] = preg_replace("#&(?!\\#[0-9]+;)#si", "&", $forum['description']);
// Fix & but allow unicode
$forum['name'] = preg_replace("#&([^\\#])(?![a-z1-4]{1,10};)#i", "&\$1", $forum['name']);
$forum['description'] = preg_replace("#&([^\\#])(?![a-z1-4]{1,10};)#i", "&\$1", $forum['description']);
// If this is a forum and we've got subforums of it, load the subforums list template
if ($depth == 2 && $sub_forums) {
eval("\$subforums = \"" . $templates->get("forumbit_subforums") . "\";");
} else {
if ($depth == 3) {
if ($donecount < $mybb->settings['subforumsindex']) {
$statusicon = '';
// Showing mini status icons for this forum
if ($mybb->settings['subforumsstatusicons'] == 1) {
$lightbulb['folder'] = "mini" . $lightbulb['folder'];
eval("\$statusicon = \"" . $templates->get("forumbit_depth3_statusicon", 1, 0) . "\";");
}
// Fetch the template and append it to the list
eval("\$forum_list .= \"" . $templates->get("forumbit_depth3", 1, 0) . "\";");
$comma = ', ';
}
// Have we reached our max visible subforums? put a nice message and break out of the loop
++$donecount;
if ($donecount == $mybb->settings['subforumsindex']) {
if (subforums_count($fcache[$pid]) > $donecount) {
$forum_list .= $comma . $lang->sprintf($lang->more_subforums, subforums_count($fcache[$pid]) - $donecount);
}
}
continue;
}
}
// Forum is a category, set template type
if ($forum['type'] == 'c') {
$forumcat = '_cat';
} else {
$forumcat = '_forum';
}
if ($forum['linkto'] == '') {
// No posts have been made in this forum - show never text
if (($lastpost_data['lastpost'] == 0 || $lastpost_data['lastposter'] == '') && $hideinfo != true) {
$lastpost = "<div style=\"text-align: center;\">{$lang->lastpost_never}</div>";
} elseif ($hideinfo != true) {
// Format lastpost date and time
$lastpost_date = my_date($mybb->settings['dateformat'], $lastpost_data['lastpost']);
$lastpost_time = my_date($mybb->settings['timeformat'], $lastpost_data['lastpost']);
// Set up the last poster, last post thread id, last post subject and format appropriately
$lastpost_profilelink = build_profile_link($lastpost_data['lastposter'], $lastpost_data['lastposteruid']);
$lastpost_link = get_thread_link($lastpost_data['lastposttid'], 0, "lastpost");
$lastpost_subject = $full_lastpost_subject = $parser->parse_badwords($lastpost_data['lastpostsubject']);
if (my_strlen($lastpost_subject) > 25) {
$lastpost_subject = my_substr($lastpost_subject, 0, 25) . "...";
}
$lastpost_subject = htmlspecialchars_uni($lastpost_subject);
$full_lastpost_subject = htmlspecialchars_uni($full_lastpost_subject);
// Call lastpost template
if ($depth != 1) {
eval("\$lastpost = \"" . $templates->get("forumbit_depth{$depth}_forum_lastpost") . "\";");
}
}
if ($mybb->settings['showforumviewing'] != 0 && $forum['viewers'] > 0) {
if ($forum['viewers'] == 1) {
$forum_viewers_text = $lang->viewing_one;
} else {
$forum_viewers_text = $lang->sprintf($lang->viewing_multiple, $forum['viewers']);
}
$forum_viewers_text_plain = $forum_viewers_text;
$forum_viewers_text = "<span class=\"smalltext\">{$forum_viewers_text}</span>";
}
}
// If this forum is a link or is password protected and the user isn't authenticated, set lastpost and counters to "-"
if ($forum['linkto'] != '' || $hideinfo == true) {
$lastpost = "<div style=\"text-align: center;\">-</div>";
$posts = "-";
$threads = "-";
} else {
$posts = my_number_format($forum['posts']);
$threads = my_number_format($forum['threads']);
}
// Moderator column is not off
if ($mybb->settings['modlist'] != 0) {
$done_moderators = array();
$moderators = '';
// Fetch list of moderators from this forum and its parents
$parentlistexploded = explode(',', $forum['parentlist']);
foreach ($parentlistexploded as $mfid) {
// This forum has moderators
if (is_array($moderatorcache[$mfid])) {
// Fetch each moderator from the cache and format it, appending it to the list
foreach ($moderatorcache[$mfid] as $moderator) {
if (in_array($moderator['uid'], $done_moderators)) {
continue;
}
$moderators .= "{$comma}<a href=\"" . get_profile_link($moderator['uid']) . "\">" . htmlspecialchars_uni($moderator['username']) . "</a>";
$comma = ', ';
$done_moderators[] = $moderator['uid'];
}
}
}
$comma = '';
// If we have a moderators list, load the template
if ($moderators) {
eval("\$modlist = \"" . $templates->get("forumbit_moderators") . "\";");
} else {
$modlist = '';
}
}
// Descriptions aren't being shown - blank them
if ($mybb->settings['showdescriptions'] == 0) {
$forum['description'] = '';
}
// Check if this category is either expanded or collapsed and hide it as necessary.
$expdisplay = '';
$collapsed_name = "cat_{$forum['fid']}_c";
if (isset($collapsed[$collapsed_name]) && $collapsed[$collapsed_name] == "display: show;") {
$expcolimage = "collapse_collapsed.gif";
$expdisplay = "display: none;";
$expaltext = "[+]";
} else {
$expcolimage = "collapse.gif";
$expaltext = "[-]";
}
// Swap over the alternate backgrounds
$bgcolor = alt_trow();
// Add the forum to the list
eval("\$forum_list .= \"" . $templates->get("forumbit_depth{$depth}{$forumcat}") . "\";");
}
}
// Return an array of information to the parent forum including child forums list, counters and lastpost information
return array("forum_list" => $forum_list, "counters" => $parent_counters, "lastpost" => $parent_lastpost);
}
$thread['threadprefix'] = '';
$thread['displayprefix'] = '';
if ($thread['prefix'] != 0) {
$threadprefix = build_prefixes($thread['prefix']);
if ($threadprefix['prefix']) {
$thread['threadprefix'] = $threadprefix['prefix'] . ' ';
$thread['displayprefix'] = $threadprefix['displaystyle'] . ' ';
}
}
if (substr($thread['closed'], 0, 6) == "moved|") {
$thread['tid'] = 0;
}
$reply_subject = $parser->parse_badwords($thread['subject']);
$thread['subject'] = htmlspecialchars_uni($reply_subject);
// Subject too long? Shorten it to avoid error message
if (my_strlen($reply_subject) > 85) {
$reply_subject = my_substr($reply_subject, 0, 82) . '...';
}
$reply_subject = htmlspecialchars_uni($reply_subject);
$tid = $thread['tid'];
$fid = $thread['fid'];
if (!$thread['username']) {
$thread['username'] = $lang->guest;
}
$visibleonly = "AND visible='1'";
$visibleonly2 = "AND p.visible='1' AND t.visible='1'";
// Is the currently logged in user a moderator of this forum?
if (is_moderator($fid)) {
$visibleonly = " AND (visible='1' OR visible='0')";
$visibleonly2 = "AND (p.visible='1' OR p.visible='0') AND (t.visible='1' OR t.visible='0')";
$ismod = true;
function process_short_content($post_text, $parser = null, $length = 200)
{
global $parser, $mybb;
require_once MYBB_ROOT . $mybb->settings['tapatalk_directory'] . '/emoji/emoji.class.php';
$post_text = tapatalkEmoji::covertNameToEmpty($post_text);
if ($parser === null) {
require_once MYBB_ROOT . "inc/class_parser.php";
$parser = new postParser();
}
$array_reg = array(array('reg' => '/\\[color=(.*?)\\](.*?)\\[\\/color\\]/sei', 'replace' => "mobi_color_convert('\$1','\$2' ,false)"), array('reg' => '/\\[php\\](.*?)\\[\\/php\\]/si', 'replace' => '[php]'), array('reg' => '/\\[align=(.*?)\\](.*?)\\[\\/align\\]/si', replace => " \$2 "), array('reg' => '/\\[email\\](.*?)\\[\\/email\\]/si', replace => "[url]"), array('reg' => '/\\[quote(.*?)\\](.*?)\\[\\/quote\\]/si', 'replace' => '[quote]'), array('reg' => '/\\[code\\](.*?)\\[\\/code\\]/si', 'replace' => ''), array('reg' => '/\\[url=(.*?)\\](.*?)\\[\\/url\\]/sei', 'replace' => "mobi_url_convert('\$1','\$2')"), array('reg' => '/\\[img(.*?)\\](.*?)\\[\\/img\\]/si', 'replace' => '[img]'), array('reg' => '/\\[video=(.*?)\\](.*?)\\[\\/video\\]/si', 'replace' => '[V]'), array('reg' => '/\\[attachment=(.*?)\\]/si', 'replace' => '[attach]'));
foreach ($array_reg as $arr) {
$post_text = preg_replace($arr['reg'], $arr['replace'], $post_text);
}
//$post_text = tt_covert_list($post_text, '/\[list=1\](.*?)\[\/list\]/si', '2');
//$post_text = tt_covert_list($post_text, '/\[list\](.*?)\[\/list\]/si', '1');
$parser_options = array('allow_html' => 0, 'allow_mycode' => 1, 'allow_smilies' => 0, 'allow_imgcode' => 0, 'filter_badwords' => 1);
$post_text = strip_tags($parser->parse_message($post_text, $parser_options));
$post_text = preg_replace('/\\s+/', ' ', $post_text);
$post_text = html_entity_decode($post_text);
if (my_strlen($post_text) > $length) {
$post_text = my_substr(trim($post_text), 0, $length);
}
return $post_text;
}
$default_page->show_login($lang->error_invalid_secret_pin, "error");
}
}
$loginhandler->set_data(array('username' => $mybb->input['username'], 'password' => $mybb->input['password']));
if ($loginhandler->validate_login() == true) {
$mybb->user = get_user($loginhandler->login_data['uid']);
}
if ($mybb->user['uid']) {
if (login_attempt_check_acp($mybb->user['uid']) == true) {
log_admin_action(array('type' => 'admin_locked_out', 'uid' => (int) $mybb->user['uid'], 'username' => $mybb->user['username']));
$default_page->show_lockedout();
}
$db->delete_query("adminsessions", "uid='{$mybb->user['uid']}'");
$sid = md5(uniqid(microtime(true), true));
$useragent = $_SERVER['HTTP_USER_AGENT'];
if (my_strlen($useragent) > 200) {
$useragent = my_substr($useragent, 0, 200);
}
// Create a new admin session for this user
$admin_session = array("sid" => $sid, "uid" => $mybb->user['uid'], "loginkey" => $mybb->user['loginkey'], "ip" => $db->escape_binary(my_inet_pton(get_ip())), "dateline" => TIME_NOW, "lastactive" => TIME_NOW, "data" => my_serialize(array()), "useragent" => $db->escape_string($useragent));
$db->insert_query("adminsessions", $admin_session);
$admin_session['data'] = array();
// Only reset the loginattempts when we're really logged in and the user doesn't need to enter a 2fa code
$query = $db->simple_select("adminoptions", "authsecret", "uid='{$mybb->user['uid']}'");
$admin_options = $db->fetch_array($query);
if (empty($admin_options['authsecret'])) {
$db->update_query("adminoptions", array("loginattempts" => 0, "loginlockoutexpiry" => 0), "uid='{$mybb->user['uid']}'");
}
my_setcookie("adminsid", $sid, '', true);
my_setcookie('acploginattempts', 0);
$post_verify = false;
function ougc_showinportal_cutoff(&$message, $fid, $tid)
{
global $settings;
if (!$message || !$settings['ougc_showinportal_tag']) {
return;
}
if (!preg_match('#' . ($tag = preg_quote($settings['ougc_showinportal_tag'])) . '#', $message)) {
return;
}
$msg = preg_split('#' . $tag . '#', $message);
if (!(isset($msg[0]) && my_strlen($msg[0]) >= (int) $settings['minmessagelength'])) {
return;
}
global $lang, $forum_cache, $showinportal;
$showinportal->lang_load();
$forum_cache or cache_forums();
// Find out what langguage variable to use
$lang_var = 'ougc_showinportal_readmore';
if ((bool) $forum_cache[$fid]['allowmycode']) {
$lang_var .= '_mycode';
} elseif ((bool) $forum_cache[$fid]['allowhtml']) {
$lang_var .= '_html';
}
$message = $msg[0] . $lang->sprintf($lang->{$lang_var}, $settings['bburl'], get_thread_link($tid));
}
$mybb->input['action'] = $mybb->get_input('action');
$plugins->run_hooks("xmlhttp");
// If the board is closed, the user is not an administrator and they're not trying to login, show the board closed message
if ($mybb->settings['boardclosed'] == 1 && $mybb->usergroup['canviewboardclosed'] != 1 && !in_array($mybb->input['action'], $closed_bypass)) {
// Show error
if (!$mybb->settings['boardclosed_reason']) {
$mybb->settings['boardclosed_reason'] = $lang->boardclosed_reason;
}
$lang->error_boardclosed .= "<br /><em>{$mybb->settings['boardclosed_reason']}</em>";
xmlhttp_error($lang->error_boardclosed);
}
// Fetch a list of usernames beginning with a certain string (used for auto completion)
if ($mybb->input['action'] == "get_users") {
$mybb->input['query'] = ltrim($mybb->get_input('query'));
// If the string is less than 3 characters, quit.
if (my_strlen($mybb->input['query']) < 3) {
exit;
}
if ($mybb->get_input('getone', MyBB::INPUT_INT) == 1) {
$limit = 1;
} else {
$limit = 15;
}
// Send our headers.
header("Content-type: application/json; charset={$charset}");
// Query for any matching users.
$query_options = array("order_by" => "username", "order_dir" => "asc", "limit_start" => 0, "limit" => $limit);
$plugins->run_hooks("xmlhttp_get_users_start");
$query = $db->simple_select("users", "uid, username", "username LIKE '" . $db->escape_string_like($mybb->input['query']) . "%'", $query_options);
if ($limit == 1) {
$user = $db->fetch_array($query);
if (!isset($mybb->input['attachments']) || !is_array($mybb->input['attachments'])) {
error($lang->no_attachments_selected);
}
$aids = implode(',', array_map('intval', $mybb->input['attachments']));
$query = $db->simple_select("attachments", "*", "aid IN ({$aids}) AND uid='" . $mybb->user['uid'] . "'");
while ($attachment = $db->fetch_array($query)) {
remove_attachment($attachment['pid'], '', $attachment['aid']);
}
$plugins->run_hooks("usercp_do_attachments_end");
redirect("usercp.php?action=attachments", $lang->attachments_deleted);
}
if ($mybb->input['action'] == "do_notepad" && $mybb->request_method == "post") {
// Verify incoming POST request
verify_post_check($mybb->get_input('my_post_key'));
// Cap at 60,000 chars; text will allow up to 65535?
if (my_strlen($mybb->get_input('notepad')) > 60000) {
$mybb->input['notepad'] = my_substr($mybb->get_input('notepad'), 0, 60000);
}
$plugins->run_hooks("usercp_do_notepad_start");
$db->update_query("users", array('notepad' => $db->escape_string($mybb->get_input('notepad'))), "uid='" . $mybb->user['uid'] . "'");
$plugins->run_hooks("usercp_do_notepad_end");
redirect("usercp.php", $lang->redirect_notepadupdated);
}
if (!$mybb->input['action']) {
// Get posts per day
$daysreg = (TIME_NOW - $mybb->user['regdate']) / (24 * 3600);
if ($daysreg < 1) {
$daysreg = 1;
}
$perday = $mybb->user['postnum'] / $daysreg;
$perday = round($perday, 2);
