function do_login_redirect() { global $vbulletin, $vbphrase; $vbulletin->input->fetch_basepath(); if ( $vbulletin->url == 'login.php' OR $vbulletin->url == $vbulletin->options['forumhome'] . '.php' OR strpos($vbulletin->url, 'do=logout') !== false OR (!$vbulletin->options['allowmultiregs'] AND strpos($vbulletin->url, $vbulletin->basepath . 'register.php') === 0) ) { $vbulletin->url = $vbulletin->options['forumhome'] . '.php' . $vbulletin->session->vars['sessionurl_q']; } else { $vbulletin->url = fetch_replaced_session_url($vbulletin->url); $vbulletin->url = preg_replace('#^/+#', '/', $vbulletin->url); // bug 3654 don't ask why } $temp = strpos($vbulletin->url, '?'); if ($temp) { $formfile = substr($vbulletin->url, 0, $temp); } else { $formfile =& $vbulletin->url; } $postvars = $vbulletin->GPC['postvars']; ($hook = vBulletinHook::fetch_hook('login_redirect')) ? eval($hook) : false; // recache the global group to get the stuff from the new language $globalgroup = $vbulletin->db->query_first_slave(" SELECT phrasegroup_global, languagecode, charset FROM " . TABLE_PREFIX . "language WHERE languageid = " . intval($vbulletin->userinfo['languageid'] ? $vbulletin->userinfo['languageid'] : $vbulletin->options['languageid']) ); if ($globalgroup) { $vbphrase = array_merge($vbphrase, unserialize($globalgroup['phrasegroup_global'])); if (vB_Template_Runtime::fetchStyleVar('charset') != $globalgroup['charset']) { // change the character set in a bunch of places - a total hack global $headinclude; $headinclude = str_replace( "content=\"text/html; charset=" . vB_Template_Runtime::fetchStyleVar('charset') . "\"", "content=\"text/html; charset=$globalgroup[charset]\"", $headinclude ); vB_Template_Runtime::addStyleVar('charset', $globalgroup['charset'], 'imgdir'); $vbulletin->userinfo['lang_charset'] = $globalgroup['charset']; exec_headers(); } if ($vbulletin->GPC['postvars']) { $postvars = @unserialize(verify_client_string($vbulletin->GPC['postvars'])); if ($postvars['securitytoken'] = 'guest') { $vbulletin->userinfo['securitytoken_raw'] = sha1($vbulletin->userinfo['userid'] . sha1($vbulletin->userinfo['salt']) . sha1(COOKIE_SALT)); $vbulletin->userinfo['securitytoken'] = TIMENOW . '-' . sha1(TIMENOW . $vbulletin->userinfo['securitytoken_raw']); $postvars['securitytoken'] = $vbulletin->userinfo['securitytoken']; $vbulletin->GPC['postvars'] = sign_client_string(serialize($postvars)); } } vB_Template_Runtime::addStyleVar('languagecode', $globalgroup['languagecode']); } eval(print_standard_redirect('redirect_login', true, true, $vbulletin->userinfo['languageid'])); }
{ $vbulletin->GPC['url'] = fetch_seo_url('forum', $foruminfo); } else if ($vbulletin->GPC['url'] != '' AND $vbulletin->GPC['url'] != 'forumdisplay.php') { $vbulletin->GPC['url'] = str_replace('"', '', $vbulletin->GPC['url']); } else { $vbulletin->GPC['url'] = fetch_seo_url('forum', $foruminfo); } // Allow POST based redirection... if ($vbulletin->GPC['postvars'] != '') { if (($check = verify_client_string($vbulletin->GPC['postvars'])) !== false) { $temp = unserialize($check); if ($temp['do'] == 'doenterpwd') { $vbulletin->GPC['postvars'] = ''; } } else { $vbulletin->GPC['postvars'] = ''; } } // workaround IIS cookie+location header bug $forceredirect = (strpos($_SERVER['SERVER_SOFTWARE'], 'Microsoft-IIS') !== false);
$threadslist .= ",{$thread['threadid']}"; } $db->query_write("\n\t\t\tUPDATE " . TABLE_PREFIX . "thread SET\n\t\t\t\tforumid = " . $vbulletin->GPC['destforumid'] . "\n\t\t\tWHERE threadid IN ({$threadslist})\n\t\t"); $vbulletin->db->query_write("TRUNCATE TABLE " . TABLE_PREFIX . "postparsed"); require_once DIR . '/includes/functions_prefix.php'; remove_invalid_prefixes($threadslist, $vbulletin->GPC['destforumid']); require_once DIR . '/includes/functions_databuild.php'; build_forum_counters($vbulletin->GPC['destforumid']); define('CP_REDIRECT', 'index.php?do=home'); print_stop_message('moved_threads_successfully_modcp'); } } // ###################### Start move/prune select ####################### if ($_POST['do'] == 'dothreadssel') { $vbulletin->input->clean_array_gpc('p', array('criteria' => TYPE_BINARY, 'destforumid' => TYPE_INT)); $thread = @unserialize(verify_client_string($vbulletin->GPC['criteria'])); if (!is_array($thread) or sizeof($thread) == 0) { print_stop_message('please_complete_required_fields'); } $whereclause = fetch_thread_move_prune_sql($thread, $forumids, $vbulletin->GPC['type']); $fullquery = "\n\t\tSELECT thread.*, forum.title AS forum_title\n\t\tFROM " . TABLE_PREFIX . "thread AS thread\n\t\tLEFT JOIN " . TABLE_PREFIX . "forum AS forum ON(forum.forumid = thread.forumid)\n\t\tLEFT JOIN " . TABLE_PREFIX . "deletionlog AS deletionlog ON(deletionlog.primaryid = thread.threadid AND deletionlog.type = 'thread')\n\t\tWHERE {$whereclause}\n\t"; $threads = $db->query_read($fullquery); print_form_header('thread', 'dothreadsselfinish'); construct_hidden_code('type', $vbulletin->GPC['type']); construct_hidden_code('destforumid', $vbulletin->GPC['destforumid']); if ($vbulletin->GPC['type'] == 'prune') { print_table_header($vbphrase['prune_threads_selectively'], 5); } else { if ($vbulletin->GPC['type'] == 'move') { print_table_header($vbphrase['move_threads_selectively'], 5); }
/** * Halts execution and redirects to the address specified * * If the 'useheaderredirect' option is on, the system will attempt to redirect invisibly using header('Location... * However, 'useheaderredirect' is overridden by setting $forceredirect to a true value. * * @param string Redirect message * @param string URL to which to redirect the browser */ function standard_redirect($message = '', $forceredirect = false) { global $header, $footer, $headinclude, $headinclude_bottom, $forumjump; global $timezone, $vbulletin, $vbphrase; static $str_find = array('"', '<', '>'), $str_replace = array('"', '<', '>'); if ($vbulletin->db->explain) { $totaltime = microtime(true) - TIMESTART; $vartext .= "<!-- Page generated in " . vb_number_format($totaltime, 5) . " seconds with " . $vbulletin->db->querycount . " queries -->"; $querytime = $vbulletin->db->time_total; echo "\n<b>Page generated in $totaltime seconds with " . $vbulletin->db->querycount . " queries,\nspending $querytime doing MySQL queries and " . ($totaltime - $querytime) . " doing PHP things.\n\n<hr />Shutdown Queries:</b>" . (defined('NOSHUTDOWNFUNC') ? " <b>DISABLED</b>" : '') . "<hr />\n\n"; exit; } if ($vbulletin->options['useheaderredirect'] AND !$forceredirect AND !headers_sent() AND !$vbulletin->GPC['postvars']) { exec_header_redirect(unhtmlspecialchars($vbulletin->url, true)); } $title = $vbulletin->options['bbtitle']; $pagetitle = $title; $errormessage = $message; $url = unhtmlspecialchars($vbulletin->url, true); $url = str_replace(chr(0), '', $url); $url = create_full_url($url); $url = str_replace($str_find, $str_replace, $url); $js_url = addslashes_js($url, '"'); // " has been replaced by " $url = preg_replace( array('/�*59;?/', '/�*3B;?/i', '#;#'), '%3B', $url ); $url = preg_replace('#&%3B#i', '&', $url); define('NOPMPOPUP', 1); // No footer here require_once(DIR . '/includes/functions_misc.php'); $postvars = construct_hidden_var_fields(verify_client_string($vbulletin->GPC['postvars'])); $formfile =& $url; ($hook = vBulletinHook::fetch_hook('redirect_generic')) ? eval($hook) : false; $templater = vB_Template::create('STANDARD_REDIRECT'); $templater->register('errormessage', $errormessage); $templater->register('formfile', $formfile); $templater->register('headinclude', $headinclude); $templater->register('headinclude_bottom', $headinclude_bottom); $templater->register('js_url', $js_url); $templater->register('pagetitle', $pagetitle); $templater->register('postvars', $postvars); $templater->register('url', $url); print_output($templater->render()); exit; }
/** * Returns a hidden input field containing the serialized $_POST array * * @return string HTML code containing hidden fields */ function construct_post_vars_html() { global $vbulletin; $vbulletin->input->clean_gpc('p', 'postvars', TYPE_BINARY); if ($vbulletin->GPC['postvars'] != '' and verify_client_string($vbulletin->GPC['postvars']) !== false) { return '<input type="hidden" name="postvars" value="' . htmlspecialchars_uni($vbulletin->GPC['postvars']) . '" />' . "\n"; } else { if ($vbulletin->superglobal_size['_POST'] > 0) { return '<input type="hidden" name="postvars" value="' . htmlspecialchars_uni(sign_client_string(serialize($_POST))) . '" />' . "\n"; } else { return ''; } } }
$conflicts[] = $usergroup; } else { if ($vbulletin->GPC['conflict']["{$usergroup}"] === 2) { $override_no[] = $usergroup; } } } else { if (array_diff($prefixids, $prefixes)) { if ($vbulletin->GPC['conflict']["{$usergroup}"] === 0) { $conflicts[] = $usergroup; } } } } $vbulletin->input->clean_array_gpc('p', array('shownusergroups' => TYPE_NOCLEAN)); $shownusergroups_raw = unserialize(verify_client_string($vbulletin->GPC['shownusergroups'])); $shownusergroups = array(); foreach ($shownusergroups_raw as $shownusergroup) { $shownusergroups[] = $vbulletin->input->do_clean($shownusergroup, TYPE_UINT); } if (empty($shownusergroups)) { // This shouldn't trigger - probably a suhosin issue if it does print_stop_message('variables_missing_suhosin'); } $vbulletin->input->clean_array_gpc('p', array('usergroup' => TYPE_ARRAY_KEYS_INT)); $vbulletin->db->query_write("\r\n\t\tDELETE FROM " . TABLE_PREFIX . "prefixpermission\r\n\t\tWHERE prefixid IN ('" . implode("', '", array_map(array($vbulletin->db, 'escape_string'), $prefixids)) . "')\r\n\t\t" . (!empty($conflicts) ? "AND usergroupid NOT IN (" . implode(', ', $conflicts) . ")" : '')); $todeny = array(); foreach ($shownusergroups as $shownusergroup) { if (array_key_exists($shownusergroup, $vbulletin->usergroupcache)) { if (!in_array($shownusergroup, $conflicts)) { if (!in_array($shownusergroup, $vbulletin->GPC['usergroup']) and !in_array($shownusergroup, array_keys($vbulletin->GPC['conflict']))) {
require_once DIR . '/includes/modfunctions.php'; show_inline_mod_login(true); } else { define('VB_ERROR_PERMISSION', true); $show['useurl'] = true; $show['specificerror'] = true; $url = $vbulletin->url; if ($vbulletin->options['usestrikesystem']) { eval(standard_error(fetch_error('badlogin_strikes_passthru', $vbulletin->options['bburl'], $vbulletin->session->vars['sessionurl'], $strikes))); } else { eval(standard_error(fetch_error('badlogin_passthru', $vbulletin->options['bburl'], $vbulletin->session->vars['sessionurl']))); } } } exec_unstrike_user($vbulletin->GPC['vb_login_username']); $_postvars = @unserialize(verify_client_string($vbulletin->GPC['postvars'])); // create new session process_new_login($_postvars['logintype'] ? $_postvars['logintype'] : $vbulletin->GPC['logintype'], $vbulletin->GPC['cookieuser'], $vbulletin->GPC['cssprefs']); // do redirect do_login_redirect(); } else { if ($_GET['do'] == 'login') { // add consistency with previous behavior exec_header_redirect(fetch_seo_url('forumhome|nosession', array())); } } // ############################### start lost password ############################### if ($_REQUEST['do'] == 'lostpw') { $vbulletin->input->clean_gpc('r', 'email', TYPE_NOHTML); $email = $vbulletin->GPC['email']; $navbits = construct_navbits(array('' => $vbphrase['lost_password_recovery_form']));
/** * Returns a hidden input field containing the serialized $_POST array * * @return string HTML code containing hidden fields */ function construct_post_vars_html() { global $vbulletin; $vbulletin->input->clean_gpc('p', 'postvars', vB_Cleaner::TYPE_BINARY); if ($vbulletin->GPC['postvars'] != '' and verify_client_string($vbulletin->GPC['postvars']) !== false) { return '<input type="hidden" name="postvars" value="' . htmlspecialchars_uni($vbulletin->GPC['postvars']) . '" />' . "\n"; } else { if (sizeof($_POST) > 0) { $string = json_encode($_POST); return '<input type="hidden" name="postvars" value="' . htmlspecialchars_uni(sign_client_string($string)) . '" />' . "\n"; } else { return ''; } } }
if (empty($_REQUEST['do'])) { $_REQUEST['do'] = 'start'; } // *************************** Send a page of emails ********************** if ($_POST['do'] == 'dosendmail' or $_POST['do'] == 'makelist') { $vbulletin->input->clean_array_gpc('p', array('user' => TYPE_ARRAY, 'profile' => TYPE_ARRAY, 'serializeduser' => TYPE_STR, 'serializedprofile' => TYPE_STR, 'septext' => TYPE_NOTRIM, 'perpage' => TYPE_UINT, 'startat' => TYPE_UINT, 'test' => TYPE_BOOL, 'from' => TYPE_STR, 'subject' => TYPE_STR, 'message' => TYPE_STR)); $vbulletin->GPC['septext'] = nl2br(htmlspecialchars_uni($vbulletin->GPC['septext'])); // ensure that we don't send blank emails by mistake if ($_POST['do'] == 'dosendmail') { if ($vbulletin->GPC['subject'] == '' or $vbulletin->GPC['message'] == '' or !is_valid_email($vbulletin->GPC['from'])) { print_stop_message('please_complete_required_fields'); } } if (!empty($vbulletin->GPC['serializeduser'])) { $vbulletin->GPC['user'] = @unserialize(verify_client_string($vbulletin->GPC['serializeduser'])); $vbulletin->GPC['profile'] = @unserialize(verify_client_string($vbulletin->GPC['serializedprofile'])); } $condition = fetch_user_search_sql($vbulletin->GPC['user'], $vbulletin->GPC['profile']); if (!$condition) { $condition = ' 1=1 '; } $finalcondition = "\n\t\t{$condition}\n\t\tAND user.email <> ''\n\t\t" . iif(!$vbulletin->GPC['user']['adminemail'], " AND (options & " . $vbulletin->bf_misc_useroptions['adminemail'] . ")"); if ($_POST['do'] == 'makelist') { $users = $db->query_read("\n\t\t\tSELECT DISTINCT user.email\n\t\t\tFROM " . TABLE_PREFIX . "user AS user\n\t\t\tLEFT JOIN " . TABLE_PREFIX . "userfield AS userfield ON (userfield.userid = user.userid)\n\t\t\tLEFT JOIN " . TABLE_PREFIX . "usertextfield AS usertextfield ON (usertextfield.userid = user.userid)\n\t\t\tWHERE {$finalcondition}\n\t\t"); if ($db->num_rows($users) > 0) { while ($user = $db->fetch_array($users)) { echo $user['email'] . $vbulletin->GPC['septext']; vbflush(); } } else { print_stop_message('no_users_matched_your_query');
$templater->register('navclass', $navclass); $templater->register('onload', $onload); $templater->register('pagetitle', $pagetitle); $templater->register('template_hook', $template_hook); print_output($templater->render()); } // ########################## Do move of threads ############################################## if ($_POST['do'] == 'movethread') { $vbulletin->input->clean_array_gpc('p', array( 'ids' => TYPE_BINARY, 'folderid' => TYPE_UINT )); if ($ids = verify_client_string($vbulletin->GPC['ids'])) { $ids = explode(',', $ids); } if (!is_array($ids) OR empty($ids)) { eval(standard_error(fetch_error('invalidid', $vbphrase['subscribed_threads'], $vbulletin->options['contactuslink']))); } $subids = array(); foreach ($ids AS $subid) { $id = intval($subid); $subids["$id"] = $id; }
/** * Halts execution and redirects to the address specified * * If the 'useheaderredirect' option is on, the system will attempt to redirect invisibly using header('Location... * However, 'useheaderredirect' is overridden by setting $forceredirect to a true value. * * @param string Redirect message * @param string URL to which to redirect the browser */ function standard_redirect($message = '', $forceredirect = false) { global $header, $footer, $headinclude, $forumjump; global $timezone, $vbulletin, $vbphrase, $stylevar, $pagestarttime; static $str_find = array('"', '<', '>'), $str_replace = array('"', '<', '>'); if ($vbulletin->db->explain) { $pageendtime = microtime(); $starttime = explode(' ', $pagestarttime); $endtime = explode(' ', $pageendtime); $totaltime = $endtime[0] - $starttime[0] + $endtime[1] - $starttime[1]; $vartext .= "<!-- Page generated in " . vb_number_format($totaltime, 5) . " seconds with " . $vbulletin->db->querycount . " queries -->"; $querytime = $vbulletin->db->time_total; echo "\n<b>Page generated in {$totaltime} seconds with " . $vbulletin->db->querycount . " queries,\nspending {$querytime} doing MySQL queries and " . ($totaltime - $querytime) . " doing PHP things.\n\n<hr />Shutdown Queries:</b>" . (defined('NOSHUTDOWNFUNC') ? " <b>DISABLED</b>" : '') . "<hr />\n\n"; exit; } if ($vbulletin->url) { $foundurl = false; if ($urlinfo = @parse_url($vbulletin->url)) { if (!$urlinfo['scheme']) { // url is made full in exec_header_redirect which stops a url from being redirected to, say "www.php.net" (no http://) $foundurl = true; } else { $whitelist = array(); if ($vbulletin->options['redirect_whitelist']) { $whitelist = explode("\n", trim($vbulletin->options['redirect_whitelist'])); } // Add $bburl to the whitelist $bburlinfo = @parse_url($vbulletin->options['bburl']); $bburl = "{$bburlinfo['scheme']}://{$bburlinfo['host']}"; array_unshift($whitelist, $bburl); // if the "realurl" of this request does not equal $bburl, add it as well.. $realurl = VB_URL_SCHEME . '://' . VB_URL_HOST; if (strtolower($bburl) != strtolower($realurl)) { array_unshift($whitelist, $realurl); } $vburl = strtolower($vbulletin->url); foreach ($whitelist as $url) { $url = trim($url); if ($vburl == strtolower($url) or strpos($vburl, strtolower($url) . '/', 0) === 0) { $foundurl = true; break; } } } } if (!$foundurl) { eval(standard_error(fetch_error('invalid_redirect_url_x', $vbulletin->url))); } } if ($vbulletin->options['useheaderredirect'] and !$forceredirect and !headers_sent() and !$vbulletin->GPC['postvars']) { exec_header_redirect($vbulletin->url); } $title = $vbulletin->options['bbtitle']; $pagetitle = $title; $errormessage = $message; $url = unhtmlspecialchars($vbulletin->url); $url = str_replace(chr(0), '', $url); $url = create_full_url($url); $url = str_replace($str_find, $str_replace, $url); $js_url = addslashes_js($url, '"'); // " has been replaced by " $url = preg_replace(array('/�*59;?/', '/�*3B;?/i', '#;#'), '%3B', $url); $url = preg_replace('#&%3B#i', '&', $url); define('NOPMPOPUP', 1); // No footer here require_once DIR . '/includes/functions_misc.php'; $postvars = construct_hidden_var_fields(verify_client_string($vbulletin->GPC['postvars'])); $formfile =& $url; ($hook = vBulletinHook::fetch_hook('redirect_generic')) ? eval($hook) : false; eval('print_output("' . fetch_template('STANDARD_REDIRECT') . '");'); exit; }
function doConfirmUpload($sessionid) { global $vbphrase, $vbulletin; global $_HIDDENFIELDS; //first let's make sure we have a valid session and valid list if (!$sessionid) { return; } $vbulletin->input->clean_array_gpc('r', array('listname' => TYPE_STR, 'listid' => TYPE_UINT, 'do_percycle' => TYPE_UINT, 'user' => TYPE_ARRAY, 'profile' => TYPE_ARRAY, 'display' => TYPE_ARRAY_BOOL, 'orderby' => TYPE_STR, 'startat' => TYPE_UINT, 'serializedprofile' => TYPE_STR, 'serializeduser' => TYPE_STR, 'serializeddisplay' => TYPE_STR, 'condition' => TYPE_STR)); $client = new vB_VerticalResponse(); if (!$vbulletin->GPC_exists['do_percycle'] or !intval($vbulletin->GPC['do_percycle'])) { $vbulletin->GPC['do_percycle'] = 1000; } if (!$client->checkStatus($sessionid)) { printLogin($vbphrase['vr_login_first_desc']); return; } require_once DIR . '/includes/adminfunctions_user.php'; require_once DIR . '/includes/adminfunctions_profilefield.php'; if ($vbulletin->GPC_exists['listname'] and !empty($vbulletin->GPC['listname'])) { $listid = $client->createList($sessionid, $vbulletin->GPC['listname']); if (!$listid) { return; } } else { if ($vbulletin->GPC_exists['listid']) { $listid = $vbulletin->GPC['listid']; if (intval($vbulletin->GPC['startat']) == 0) { $client->setCustomListFields($sessionid, array('userid', 'username')); //if we're just starting, clear the existing records $client->eraseListMembers($sessionid, $listid); } } else { return false; } } //we appear to have good data. Let's go ahead and compose the sql if (!empty($vbulletin->GPC['serializeduser'])) { $vbulletin->GPC['user'] = @unserialize(verify_client_string($vbulletin->GPC['serializeduser'])); $vbulletin->GPC['profile'] = @unserialize(verify_client_string($vbulletin->GPC['serializedprofile'])); } if (!empty($vbulletin->GPC['serializeddisplay'])) { $vbulletin->GPC['display'] = @unserialize(verify_client_string($vbulletin->GPC['serializeddisplay'])); } if (@array_sum($vbulletin->GPC['display']) == 0) { $vbulletin->GPC['display'] = array('username' => 1, 'options' => 1, 'email' => 1, 'joindate' => 1, 'lastactivity' => 1, 'posts' => 1); } $condition = fetch_user_search_sql($vbulletin->GPC['user'], $vbulletin->GPC['profile']); if (empty($condition)) { $condition = "1 = 1"; } $searchquery = "\n\t\tSELECT COUNT(*) AS count\n\t\tFROM " . TABLE_PREFIX . "user AS user\n\t\tLEFT JOIN " . TABLE_PREFIX . "userfield AS userfield ON (userfield.userid = user.userid)\n\t\tLEFT JOIN " . TABLE_PREFIX . "usertextfield AS usertextfield ON (usertextfield.userid = user.userid)\n\t\tWHERE {$condition}"; $count = $vbulletin->db->query_first($searchquery); if (!$count) { return false; } $count = $count['count']; print_cp_header($vbphrase['verticalresponse']); print_form_header('verticalresponse', 'do_upload', false, true, 'verticalresponse'); print_table_header($vbphrase['upload_list'], 2); print_description_row(construct_phrase($vbphrase['upload_count_x_desc'], $count)); $_HIDDENFIELDS['condition'] = htmlspecialchars_uni($condition); $_HIDDENFIELDS['do_percycle'] = $vbulletin->GPC['do_percycle']; $_HIDDENFIELDS['startat'] = 0; $_HIDDENFIELDS['count'] = $count; $_HIDDENFIELDS['listid'] = $listid; print_hidden_fields(); print_submit_row($vbphrase['submit'], 0); print_table_footer(); }
function do_login_redirect() { global $vbulletin, $vbphrase; $vbulletin->input->fetch_basepath(); //the clauses //url $vbulletin->url == 'login.php' and $vbulletin->url == $vbulletin->options['forumhome'] . '.php' //will never be true -- $vbulletin->url contains the full url path. //The second shouldn't be needed, the else clause seems to handle this just fine. //the first we'll change to match a partial url. if (preg_match('#login.php(?:\\?|$)#', $vbulletin->url) or strpos($vbulletin->url, 'do=logout') !== false or !$vbulletin->options['allowmultiregs'] and strpos($vbulletin->url, $vbulletin->basepath . 'register.php') === 0) { $vbulletin->url = fetch_seo_url('forumhome', array()); } else { $vbulletin->url = fetch_replaced_session_url($vbulletin->url); $vbulletin->url = preg_replace('#^/+#', '/', $vbulletin->url); // bug 3654 don't ask why } $temp = strpos($vbulletin->url, '?'); if ($temp) { $formfile = substr($vbulletin->url, 0, $temp); } else { $formfile =& $vbulletin->url; } $postvars = $vbulletin->GPC['postvars']; ($hook = vBulletinHook::fetch_hook('login_redirect')) ? eval($hook) : false; if (!VB_API) { // recache the global group to get the stuff from the new language $globalgroup = $vbulletin->db->query_first_slave("\n\t\t\tSELECT phrasegroup_global, languagecode, charset\n\t\t\tFROM " . TABLE_PREFIX . "language\n\t\t\tWHERE languageid = " . intval($vbulletin->userinfo['languageid'] ? $vbulletin->userinfo['languageid'] : $vbulletin->options['languageid'])); if ($globalgroup) { $vbphrase = array_merge($vbphrase, unserialize($globalgroup['phrasegroup_global'])); if (vB_Template_Runtime::fetchStyleVar('charset') != $globalgroup['charset']) { // change the character set in a bunch of places - a total hack global $headinclude; $headinclude = str_replace("content=\"text/html; charset=" . vB_Template_Runtime::fetchStyleVar('charset') . "\"", "content=\"text/html; charset={$globalgroup['charset']}\"", $headinclude); vB_Template_Runtime::addStyleVar('charset', $globalgroup['charset'], 'imgdir'); $vbulletin->userinfo['lang_charset'] = $globalgroup['charset']; exec_headers(); } if ($vbulletin->GPC['postvars']) { $postvars = @unserialize(verify_client_string($vbulletin->GPC['postvars'])); $postvars['login_redirect'] = true; if ($postvars['securitytoken'] == 'guest') { $vbulletin->userinfo['securitytoken_raw'] = sha1($vbulletin->userinfo['userid'] . sha1($vbulletin->userinfo['salt']) . sha1(COOKIE_SALT)); $vbulletin->userinfo['securitytoken'] = TIMENOW . '-' . sha1(TIMENOW . $vbulletin->userinfo['securitytoken_raw']); $postvars['securitytoken'] = $vbulletin->userinfo['securitytoken']; } $vbulletin->GPC['postvars'] = sign_client_string(serialize($postvars)); } vB_Template_Runtime::addStyleVar('languagecode', $globalgroup['languagecode']); } } print_standard_redirect(array('redirect_login', $vbulletin->userinfo['username']), true, true, $vbulletin->userinfo['languageid']); }
$vbulletin->input->clean_array_gpc('r', array('userid' => vB_Cleaner::TYPE_INT)); log_admin_action(iif($vbulletin->GPC['userid'] != 0, 'user id = ' . $vbulletin->GPC['userid'])); // ######################################################################## // ######################### START MAIN SCRIPT ############################ // ######################################################################## $vb5_config =& vB::getConfig(); // ############################################################################# // put this before print_cp_header() so we can use an HTTP header if ($_REQUEST['do'] == 'find') { $vbulletin->input->clean_array_gpc('r', array('user' => vB_Cleaner::TYPE_ARRAY, 'profile' => vB_Cleaner::TYPE_ARRAY, 'display' => vB_Cleaner::TYPE_ARRAY_BOOL, 'orderby' => vB_Cleaner::TYPE_STR, 'limitstart' => vB_Cleaner::TYPE_UINT, 'limitnumber' => vB_Cleaner::TYPE_UINT, 'direction' => vB_Cleaner::TYPE_STR, 'serializedprofile' => vB_Cleaner::TYPE_STR, 'serializeduser' => vB_Cleaner::TYPE_STR, 'serializeddisplay' => vB_Cleaner::TYPE_STR)); if (!empty($vbulletin->GPC['serializeduser'])) { $vbulletin->GPC['user'] = @unserialize(verify_client_string($vbulletin->GPC['serializeduser'])); $vbulletin->GPC['profile'] = @unserialize(verify_client_string($vbulletin->GPC['serializedprofile'])); } if (!empty($vbulletin->GPC['serializeddisplay'])) { $vbulletin->GPC['display'] = @unserialize(verify_client_string($vbulletin->GPC['serializeddisplay'])); } if (@array_sum($vbulletin->GPC['display']) == 0) { $vbulletin->GPC['display'] = array('username' => 1, 'options' => 1, 'email' => 1, 'joindate' => 1, 'lastactivity' => 1, 'posts' => 1); } $users = vB_Api::instanceInternal('User')->find($vbulletin->GPC['user'], $vbulletin->GPC['profile'], $vbulletin->GPC['orderby'], $vbulletin->GPC['direction'], $vbulletin->GPC['limitstart'], $vbulletin->GPC['limitnumber']); if (empty($users) or $users['count'] == 0) { // no users found! print_stop_message2('no_users_matched_your_query'); } $countusers = $users['count']; if ($users['count'] == 1) { // show a user if there is just one found $user = current($users['users']); $args = array(); parse_str(vB::getCurrentSession()->get('sessionurl'), $args);
if (is_unalterable_user($vbulletin->GPC['userid'])) { print_stop_message('user_is_protected_from_alteration_by_undeletableusers_var'); } // init data manager $userdata =& datamanager_init('User', $vbulletin, ERRTYPE_CP); $userdata->adminoverride = true; // set existing info if this is an update if ($vbulletin->GPC['userid']) { $userinfo = fetch_userinfo($vbulletin->GPC['userid']); if (!$userinfo) { print_stop_message('invalid_user_specified'); } $userinfo['posts'] = intval($vbulletin->GPC['user']['posts']); $userdata->set_existing($userinfo); } $olduser = @unserialize(verify_client_string($vbulletin->GPC['olduser'])); // user options foreach ($vbulletin->GPC['options'] as $key => $val) { if (!$vbulletin->GPC['userid'] or $olduser["{$key}"] != $val) { $userdata->set_bitfield('options', $key, $val); } } foreach ($vbulletin->GPC['adminoptions'] as $key => $val) { $userdata->set_bitfield('adminoptions', $key, $val); } $displaygroupid = $vbulletin->GPC['user']['displaygroupid'] <= 0 ? $vbulletin->GPC['user']['usergroupid'] : $vbulletin->GPC['user']['displaygroupid']; // custom user title $userdata->set_usertitle($vbulletin->GPC['user']['usertitle'], $vbulletin->GPC['user']['customtitle'] ? false : true, $vbulletin->usergroupcache["{$displaygroupid}"], true, $vbulletin->GPC['user']['customtitle'] == 1 ? true : false); unset($vbulletin->GPC['user']['usertitle'], $vbulletin->GPC['user']['customtitle']); // user fields foreach ($vbulletin->GPC['user'] as $key => $val) {
$totalallthreads = 0; $show['havethreads'] = false; } $navbits[''] = $vbphrase['subscriptions']; $navbits = construct_navbits($navbits); // build the cp nav construct_usercp_nav('substhreads_listthreads'); ($hook = vBulletinHook::fetch_hook('usersub_view_complete')) ? eval($hook) : false; eval('$navbar = "' . fetch_template('navbar') . '";'); eval('$HTML = "' . fetch_template('SUBSCRIBE') . '";'); eval('print_output("' . fetch_template('USERCP_SHELL') . '");'); } // ########################## Do move of threads ############################################## if ($_POST['do'] == 'movethread') { $vbulletin->input->clean_array_gpc('p', array('ids' => TYPE_BINARY, 'folderid' => TYPE_UINT)); $ids = @unserialize(verify_client_string($vbulletin->GPC['ids'])); if (!is_array($ids) or empty($ids)) { eval(standard_error(fetch_error('invalidid', $vbphrase['subscribed_threads'], $vbulletin->options['contactuslink']))); } $subids = array(); foreach ($ids as $subid) { $id = intval($subid); $subids["{$id}"] = $id; } ($hook = vBulletinHook::fetch_hook('usersub_movethread')) ? eval($hook) : false; $db->query_write("\n\t\tUPDATE " . TABLE_PREFIX . "subscribethread\n\t\tSET folderid = " . $vbulletin->GPC['folderid'] . "\n\t\tWHERE userid = " . $vbulletin->userinfo['userid'] . " AND subscribethreadid IN(" . implode(', ', $subids) . ")\n\t"); $vbulletin->url = 'subscription.php?' . $vbulletin->session->vars['sessionurl'] . 'folderid=' . $vbulletin->GPC['folderid']; eval(print_standard_redirect('sub_threadsmoved')); } // ########################## Start Move / Delete / Update Email ############################## if ($_POST['do'] == 'dostuff') {
define('CP_REDIRECT', 'attachment.php?do=intro'); print_stop_message('deleted_attachment_successfully'); } // ###################### Mass Delete attachments #################### if ($_REQUEST['do'] == 'massdelete') { $vbulletin->input->clean_array_gpc('r', array('a_delete' => TYPE_ARRAY_UINT)); print_form_header('attachment', 'domassdelete'); construct_hidden_code('a_delete', sign_client_string(serialize($vbulletin->GPC['a_delete']))); print_table_header($vbphrase['confirm_deletion']); print_description_row($vbphrase['are_you_sure_you_want_to_delete_these_attachments']); print_submit_row($vbphrase['yes'], '', 2, $vbphrase['no']); } // ###################### Mass Delete attachments #################### if ($_POST['do'] == 'domassdelete') { $vbulletin->input->clean_array_gpc('p', array('a_delete' => TYPE_STR)); $delete = @unserialize(verify_client_string($vbulletin->GPC['a_delete'])); if ($delete and is_array($delete)) { $ids = implode(',', $delete); $attachdata =& datamanager_init('Attachment', $vbulletin, ERRTYPE_CP, 'attachment'); $attachdata->condition = "attachmentid IN (-1," . $db->escape_string($ids) . ")"; $attachdata->log = false; $attachdata->delete(true, false); } define('CP_REDIRECT', 'attachment.php?do=intro'); print_stop_message('deleted_attachments_successfully'); } // ###################### Statistics #################### if ($_REQUEST['do'] == 'stats') { $astats = $db->query_first("\n\t\tSELECT COUNT(*) AS count, SUM(filesize) AS totalsize, SUM(counter) AS downloads\n\t\tFROM " . TABLE_PREFIX . "attachment AS a\n\t\tINNER JOIN " . TABLE_PREFIX . "filedata AS fd ON (a.filedataid = fd.filedataid);\n\t"); $fstats = $db->query_first("\n\t\tSELECT COUNT(*) AS count, SUM(filesize) AS totalsize\n\t\tFROM " . TABLE_PREFIX . "filedata AS fd\n\t"); if ($astats['count']) {
$error = 1; } $cells = array($table, ucfirst($msg[1]), iif($error, '<b>' . ucfirst($msg[2]) . '</b>', ucfirst($msg[2])) . ': ' . $msg[3]); print_cells_row($cells, 0, '', -4); } } // end optimizing } // ######################### Start do repair ##################### if ($_POST['do'] == 'dorepair') { $vbulletin->input->clean_array_gpc('p', array('tableserial' => TYPE_STR, 'tablelist' => TYPE_ARRAY_STR, 'optimizetables' => TYPE_BOOL, 'repairtables' => TYPE_BOOL, 'converttables' => TYPE_BOOL, 'isamtablelist' => TYPE_ARRAY_STR)); // This will work on some servers, for what it's worth. echo '<p align="center">' . $vbphrase['please_wait'] . '</p>'; vbflush(); if (!empty($vbulletin->GPC['tableserial'])) { $vbulletin->GPC['tablelist'] = @unserialize(verify_client_string($vbulletin->GPC['tableserial'])); } print_form_header('repair', 'dorepair'); if ($vbulletin->GPC['converttables'] and !empty($vbulletin->GPC['isamtablelist'])) { $vbulletin->db->hide_errors(); print_table_header(construct_phrase($vbphrase['convert_tables_from_x_to_y'], '<b>ISAM</b>', '<b>MyISAM</b>')); print_cells_row(array($vbphrase['table'], $vbphrase['status']), 1); foreach ($vbulletin->GPC['isamtablelist'] as $index => $value) { $cells = array(); $cells[] = construct_phrase($vbphrase['convert_x_from_y_to_z'], "<i>{$value}</i>", 'ISAM', 'MyISAM'); $vbulletin->db->query_write("ALTER TABLE `{$value}` TYPE=MyISAM"); if ($vbulletin->db->errno() == 0) { $cells[] = $vbphrase['okay']; } else { $cells[] = $vbulletin->db->errno() . ': ' . $vbulletin->db->error(); }
eval('$receiptbits .= "' . fetch_template('pm_receiptsbit') . '";'); } $pagenav = construct_page_nav($vbulletin->GPC['pagenumber'], $perpage, $unreadtotal, "private.php?" . $vbulletin->session->vars['sessionurl'] . "do=trackpm&type=unconfirmed"); eval('$unconfirmedreceipts = "' . fetch_template('pm_receipts') . '";'); } } $folderjump = construct_folder_jump(); // generate navbar $navbits[''] = $vbphrase['message_tracking']; $show['receipts'] = ($confirmedreceipts != '' or $unconfirmedreceipts != ''); $templatename = 'pm_trackpm'; } // ############################### start move pms ############################### if ($_POST['do'] == 'movepm') { $vbulletin->input->clean_array_gpc('p', array('folderid' => TYPE_INT, 'messageids' => TYPE_STR)); $vbulletin->GPC['messageids'] = @unserialize(verify_client_string($vbulletin->GPC['messageids'])); if (!is_array($vbulletin->GPC['messageids']) or empty($vbulletin->GPC['messageids'])) { eval(standard_error(fetch_error('invalidid', $vbphrase['private_message'], $vbulletin->options['contactuslink']))); } $pmids = array(); foreach ($vbulletin->GPC['messageids'] as $pmid) { $id = intval($pmid); $pmids["{$id}"] = $id; } ($hook = vBulletinHook::fetch_hook('private_movepm')) ? eval($hook) : false; $db->query_write("UPDATE " . TABLE_PREFIX . "pm SET folderid=" . $vbulletin->GPC['folderid'] . " WHERE userid=" . $vbulletin->userinfo['userid'] . " AND folderid<>-1 AND pmid IN(" . implode(', ', $pmids) . ")"); $vbulletin->url = 'private.php?' . $vbulletin->session->vars['sessionurl'] . 'folderid=' . $vbulletin->GPC['folderid']; eval(print_standard_redirect('pm_messagesmoved')); } // ############################### start pm manager ############################### // actions for moving pms between folders, and deleting pms
function do_login_redirect() { global $vbulletin, $vbphrase; $vbulletin->input->fetch_basepath(); //the clauses //url $vbulletin->url == 'login.php' and $vbulletin->url == $vbulletin->options['forumhome'] . '.php' //will never be true -- $vbulletin->url contains the full url path. //The second shouldn't be needed, the else clause seems to handle this just fine. //the first we'll change to match a partial url. if (preg_match('#login.php(?:\\?|$)#', $vbulletin->url) or strpos($vbulletin->url, 'do=logout') !== false or !$vbulletin->options['allowmultiregs'] and strpos($vbulletin->url, $vbulletin->basepath . 'register.php') === 0) { $forumHome = vB_Library::instance('content_channel')->getForumHomeChannel(); $vbulletin->url = vB5_Route::buildUrl($forumHome['routeid'] . '|fullurl'); } else { $vbulletin->url = fetch_replaced_session_url($vbulletin->url); $vbulletin->url = preg_replace('#^/+#', '/', $vbulletin->url); // bug 3654 don't ask why } $temp = strpos($vbulletin->url, '?'); if ($temp) { $formfile = substr($vbulletin->url, 0, $temp); } else { $formfile =& $vbulletin->url; } $postvars = $vbulletin->GPC['postvars']; // Legacy Hook 'login_redirect' Removed // if (!VB_API) { // recache the global group to get the stuff from the new language $globalgroup = $vbulletin->db->query_first_slave("\n\t\t\tSELECT phrasegroup_global, languagecode, charset\n\t\t\tFROM " . TABLE_PREFIX . "language\n\t\t\tWHERE languageid = " . intval($vbulletin->userinfo['languageid'] ? $vbulletin->userinfo['languageid'] : $vbulletin->options['languageid'])); if ($globalgroup) { $vbphrase = array_merge($vbphrase, unserialize($globalgroup['phrasegroup_global'])); if (vB_Template_Runtime::fetchStyleVar('charset') != $globalgroup['charset']) { // change the character set in a bunch of places - a total hack global $headinclude; $headinclude = str_replace("content=\"text/html; charset=" . vB_Template_Runtime::fetchStyleVar('charset') . "\"", "content=\"text/html; charset={$globalgroup['charset']}\"", $headinclude); vB_Template_Runtime::addStyleVar('charset', $globalgroup['charset'], 'imgdir'); $vbulletin->userinfo['lang_charset'] = $globalgroup['charset']; exec_headers(); } if ($vbulletin->GPC['postvars']) { $postvars = array(); $client_string = verify_client_string($vbulletin->GPC['postvars']); if ($client_string) { $postvars = @json_decode($client_string, true); } if ($postvars['securitytoken'] == 'guest') { $vbulletin->userinfo['securitytoken_raw'] = sha1($vbulletin->userinfo['userid'] . sha1($vbulletin->userinfo['secret']) . sha1(vB_Request_Web::$COOKIE_SALT)); $vbulletin->userinfo['securitytoken'] = TIMENOW . '-' . sha1(TIMENOW . $vbulletin->userinfo['securitytoken_raw']); $postvars['securitytoken'] = $vbulletin->userinfo['securitytoken']; $vbulletin->GPC['postvars'] = sign_client_string(json_encode($postvars)); } } vB_Template_Runtime::addStyleVar('languagecode', $globalgroup['languagecode']); } } if ($vbulletin->GPC['logintype'] === 'cplogin' or $vbulletin->GPC['logintype'] === 'modcplogin') { require_once DIR . '/includes/adminfunctions.php'; print_cp_redirect($vbulletin->url); } else { eval(print_standard_redirect('redirect_login_gfrontredirect', true, true, $vbulletin->userinfo['languageid'])); } }