public static function checkUrlAvailable()
{
global $vbulletin;
global $vbphrase;
require_once DIR . '/includes/functions_databuild.php';
require_once DIR . '/includes/functions_misc.php';
fetch_phrase_group('cpcms');
$vbulletin->input->clean_array_gpc('r', array(
'url' => TYPE_STR,
'nodeid' => TYPE_INT));
$xml = new vB_AJAX_XML_Builder($vbulletin, 'text/xml');
$xml->add_group('root');
$url_conflict = '';
if (strlen($vbulletin->GPC['url'])
and $row = $vbulletin->db->query_first($sql="SELECT nodeid FROM " . TABLE_PREFIX .
"cms_node WHERE new != 1 AND lower(url)='" . $vbulletin->db->escape_string(strtolower($vbulletin->GPC['url'])) ."'"
. ($vbulletin->GPC_exists['nodeid'] ? " and nodeid <> " . $vbulletin->GPC['nodeid'] : "" ) )
and intval($row['nodeid']))
{
$url_conflict = $vbphrase['url_in_use'];
}
$xml->add_tag('html', $url_conflict);
$xml->close_group();
$xml->print_xml();
return '';
}
if ($user_tags_remain == null) {
$user_tags_remain = $tags_remain;
} else {
$user_tags_remain = min($tags_remain, $user_tags_remain);
}
}
}
($hook = vBulletinHook::fetch_hook('threadtag_manage_tagsremain')) ? eval($hook) : false;
$show['tag_limit_phrase'] = $user_tags_remain !== null;
$tags_remain = vb_number_format($user_tags_remain);
$tag_delimiters = addslashes_js($vbulletin->options['tagdelimiter']);
if ($vbulletin->GPC['ajax']) {
eval('$html = "' . fetch_template('tag_edit_ajax') . '";');
require_once DIR . '/includes/class_xml.php';
$xml = new vB_AJAX_XML_Builder($vbulletin, 'text/xml');
$xml->add_group('tag');
$xml->add_tag('html', process_replacement_vars($html));
$xml->add_tag('delimiters', $vbulletin->options['tagdelimiter']);
$xml->close_group();
$xml->print_xml();
}
// navbar and output
$navbits = array();
$parentlist = array_reverse(explode(',', substr($foruminfo['parentlist'], 0, -3)));
foreach ($parentlist as $forumid) {
$forum_title = $vbulletin->forumcache["{$forumid}"]['title'];
$navbits['forumdisplay.php?' . $vbulletin->session->vars['sessionurl'] . "f={$forumid}"] = $forum_title;
}
$navbits['showthread.php?' . $vbulletin->session->vars['sessionurl'] . "t={$threadinfo['threadid']}"] = $threadinfo['prefix_plain_html'] . ' ' . $threadinfo['title'];
$navbits[''] = $vbphrase['tag_management'];
$navbits = construct_navbits($navbits);
mark_project_read($project['projectid'], $vbulletin->GPC['issuetypeid'], TIMENOW);
$issuetypes = array($vbulletin->GPC['issuetypeid']);
} else {
$projectperms = fetch_project_permissions($vbulletin->userinfo, $project['projectid']);
$issuetypes = array();
foreach ($vbulletin->pt_issuetype as $issuetypeid => $typeinfo) {
if ($projectperms["{$issuetypeid}"]['generalpermissions'] & $vbulletin->pt_bitfields['general']['canview']) {
mark_project_read($project['projectid'], $issuetypeid, TIMENOW);
$issuetypes[] = $issuetypeid;
}
}
}
if ($vbulletin->GPC['ajax']) {
require_once DIR . '/includes/class_xml.php';
$xml = new vB_AJAX_XML_Builder($vbulletin, 'text/xml');
$xml->add_group('readmarker');
$xml->add_group('project', array('projectid' => $project['projectid']));
foreach ($issuetypes as $issuetypeid) {
$xml->add_tag('issuetype', $issuetypeid);
}
$xml->close_group();
$xml->close_group();
$xml->print_xml();
} else {
$vbulletin->url = 'project.php?' . $vbulletin->session->vars['sessionurl'] . 'projectid=' . $project['projectid'];
eval(print_standard_redirect('project_markread'));
}
}
// #######################################################################
if ($_REQUEST['do'] == 'notehistory') {
$vbulletin->input->clean_array_gpc('r', array('issuenoteid' => TYPE_UINT));
$vminfo = verify_visitormessage($vbulletin->GPC['vmid']);
$editorid = construct_edit_toolbar(
htmlspecialchars_uni($vminfo['pagetext']),
false,
'visitormessage',
true,
true,
false,
'qenr',
$vbulletin->GPC['editorid']
);
$xml = new vB_AJAX_XML_Builder($vbulletin, 'text/xml');
$xml->add_group('quickedit');
$xml->add_tag('editor', process_replacement_vars($messagearea), array(
'reason' => '',
'parsetype' => 'visitormessage',
'parsesmilies' => true,
'mode' => $show['is_wysiwyg_editor']
));
$xml->close_group();
$xml->print_xml();
}
($hook = vBulletinHook::fetch_hook('visitor_message_complete')) ? eval($hook) : false;
/*======================================================================*\
|| ####################################################################
($hook = vBulletinHook::fetch_hook('attachment_lightbox')) ? eval($hook) : false;
$templater = vB_Template::create('lightbox');
$templater->register('attachmentinfo', $attachmentinfo);
$templater->register('current', $current);
$templater->register('first', $first);
$templater->register('height', $height);
$templater->register('imagelink', $imagelink);
$templater->register('last', $last);
$templater->register('total', $total);
$templater->register('uniqueid', $uniqueid);
$templater->register('width', $width);
$html = $templater->render(true);
$xml->add_group('img');
$xml->add_tag('html', process_replacement_vars($html));
$xml->add_tag('link', $imagelink);
$xml->add_tag('name', $attachmentinfo['filename']);
$xml->add_tag('date', $attachmentinfo['date_string']);
$xml->add_tag('time', $attachmentinfo['time_string']);
$xml->close_group();
}
else
{
$xml->add_group('errormessage');
$xml->add_tag('error', 'notimage');
$xml->add_tag('extension', $attachmentinfo['extension']);
$xml->close_group();
}
$xml->print_xml();
}
else
{
vB_Search_Searchtools::getUiXml(vB_Search_Core::TYPE_COMMON,
vB_Search_Searchtools::searchIntroFetchPrefs($current_user, vB_Search_Core::TYPE_COMMON));
}
}
if ($_POST['do'] == 'loadimageconfig')
{
$vbulletin->input->clean_array_gpc('p', array(
'attachmentid' => TYPE_UINT,
));
$xml = new vB_AJAX_XML_Builder($vbulletin, 'text/xml');
$xml->add_group('settings');
if ($attachment = $db->query_first("
SELECT settings
FROM " . TABLE_PREFIX . "attachment
WHERE attachmentid = " . $vbulletin->GPC['attachmentid'] . "
"))
{
$settings = unserialize($attachment['settings']);
foreach ($settings AS $key => $value)
{
$xml->add_tag($key, $value);
}
}
/**
* Renders the view to a string and returns it.
*
* @return string
*/
public function render($send_content_headers = false)
{
require_once DIR . '/includes/class_xml.php';
$xml = new vB_AJAX_XML_Builder(vB::$vbulletin, 'text/xml');
$xml->add_group('container');
$xml->add_tag('success', 1);
if ($this->content) {
$xml->add_tag('html', $this->content->render());
}
$xml->add_tag('title', $this->title);
$xml->add_tag('status', $this->status);
$xml->add_tag('message', $this->feedback);
if (sizeof($this->errors)) {
$xml->add_group('errors');
foreach ($this->errors as $error) {
$xml->add_tag('error', $error['message'], array('errcode' => $error['code']));
}
$xml->close_group();
}
if (sizeof($this->urls)) {
$xml->add_group('urls');
foreach ($this->urls as $type => $url) {
$xml->add_tag('url', $url, array('type' => $type));
}
$xml->close_group();
}
$xml->close_group();
if ($send_content_headers and !vB::contentHeadersSent()) {
$xml->send_content_type_header();
$xml->send_content_length_header();
vB::contentHeadersSent(true);
}
return $xml->fetch_xml();
}
public static function showCommentsXml($nodeid, $userinfo, $pageno = 1,
$perpage = 20, $target_url = '')
{
require_once DIR . '/includes/functions_misc.php';
global $show;
$xml = new vB_AJAX_XML_Builder( vB::$vbulletin, 'text/xml');
$xml->add_group('root');
//todo handle prefs for xml types
$xml->add_tag('html', $check_val = self::showComments($nodeid, $userinfo, $pageno,
$perpage, $target_url));
$xml->close_group();
$xml->print_xml();
}
// #######################################################################
// ######################## START MAIN SCRIPT ############################
// #######################################################################
$vbulletin->input->clean_array_gpc('r', array('poststarttime' => TYPE_UINT, 'posthash' => TYPE_NOHTML, 'userid' => TYPE_UINT));
if (!$vbulletin->userinfo['userid'] or empty($vbulletin->userinfo['attachmentextensions']) or $vbulletin->GPC['posthash'] != md5($vbulletin->GPC['poststarttime'] . $vbulletin->userinfo['userid'] . $vbulletin->userinfo['salt'])) {
print_no_permission();
}
if ($_POST['ajax']) {
require_once DIR . '/includes/class_xml.php';
$xml = new vB_AJAX_XML_Builder($vbulletin, 'text/xml');
// Still undecided about this
// $userinfo = verify_id('user', $vbulletin->GPC['userid'], 1, 1);
$userinfo = $vbulletin->userinfo;
if ($_POST['do'] == 'loadnode') {
$vbulletin->input->clean_array_gpc('p', array('parentid' => TYPE_UINT));
$xml->add_group('categories');
$categories = $db->query_read_slave("\r\n\t\t\tSELECT categoryid, title\r\n\t\t\tFROM " . TABLE_PREFIX . "attachmentcategory\r\n\t\t\tWHERE\r\n\t\t\t\tuserid = {$userinfo['userid']}\r\n\t\t\t\t\tAND\r\n\t\t\t\tparentid = {$vbulletin->GPC['parentid']}\r\n\t\t\tORDER BY displayorder\r\n\t\t");
while ($category = $db->fetch_array($categories)) {
$xml->add_tag('category', $category['title'], array('categoryid' => $category['categoryid']));
}
// Update posthash if this is the root node.
if ($vbulletin->GPC['parentid'] == 0) {
$userdm =& datamanager_init('User', $vbulletin, ERRTYPE_SILENT);
$userdm->set_existing($userinfo);
$userdm->set('assetposthash', $vbulletin->GPC['posthash']);
$userdm->save();
$userinfo['assetposthash'] = $vbulletin->GPC['posthash'];
}
$xml->close_group();
$xml->print_xml();
}
// get special data templates from the datastore
$specialtemplates = array();
// pre-cache templates used by all actions - build
$globaltemplates = array();
// pre-cache templates used by specific actions
$actiontemplates = array();
// ######################### REQUIRE BACK-END ############################
require_once './global.php';
require_once DIR . '/includes/class_xml.php';
// #######################################################################
// ######################## START MAIN SCRIPT ############################
// #######################################################################
header('Pragma:');
// VBIV-8269
header('Cache-control: max-age=31536000, private');
header('Expires: ' . gmdate("D, d M Y H:i:s", TIMENOW + 31536000) . ' GMT');
// When were the CKEditor phrases last modified? Good Question.
header('Last-Modified: ' . gmdate('D, d M Y H:i:s', 0) . ' GMT');
$xml = new vB_AJAX_XML_Builder($vbulletin, 'text/xml');
$xml->add_group('phrases');
foreach ($vbphrase as $key => $phrase) {
$xml->add_tag('phrase', $phrase, array('name' => $key));
}
$xml->close_group('group');
$xml->print_xml();
/*======================================================================*\
|| ####################################################################
|| # Downloaded: 03:13, Sat Sep 7th 2013
|| # CVS: $RCSfile$ - $Revision: 30573 $
|| ####################################################################
\*======================================================================*/
function outputError($errors)
{
global $vbulletin;
if (!is_array($errors)) {
$errors = array($errors);
//create array with 1 item
}
if ($vbulletin->GPC['ajax']) {
require_once DIR . '/includes/class_xml.php';
$xml = new vB_AJAX_XML_Builder($vbulletin, 'text/xml');
$xml->add_group('response');
$html = '';
$xml->add_tag('error', implode(',', $errors));
$xml->close_group();
$xml->print_xml(true);
} else {
eval(standard_error(implode('<br/>', $errors)));
}
exit;
//just in case...
}
$dohtml = false;
}
($hook = vBulletinHook::fetch_hook('editor_switch_wysiwyg_to_standard')) ? eval($hook) : false;
}
$xml->add_tag('message', convert_wysiwyg_html_to_bbcode($vbulletin->GPC['message'], $dohtml));
}
$xml->print_xml();
}
// #############################################################################
// mark forums read
if ($_POST['do'] == 'markread') {
$vbulletin->input->clean_gpc('p', 'forumid', TYPE_UINT);
require_once DIR . '/includes/functions_misc.php';
$mark_read_result = mark_forums_read($foruminfo['forumid']);
$xml = new vB_AJAX_XML_Builder($vbulletin, 'text/xml');
$xml->add_group('readmarker');
$xml->add_tag('phrase', $mark_read_result['phrase']);
$xml->add_tag('url', $mark_read_result['url']);
$xml->add_group('forums');
if (is_array($mark_read_result['forumids'])) {
foreach ($mark_read_result['forumids'] as $forumid) {
$xml->add_tag('forum', $forumid);
}
}
$xml->close_group();
$xml->close_group();
$xml->print_xml();
}
// ###########################################################################
// Image Verification
if ($_POST['do'] == 'imagereg') {
/**
* vb_Search_Searchtools::getDefaultUiXml()
* This gets the xml which will be passed to the ajax function. It just wraps
* get_ui in html
*
* @param integer $contenttypeid
* @return the appropriate user interface wrapped in XML
*/
public static function getDefaultUiXml($contenttypeid, $prefs)
{
global $vbulletin;
$xml = new vB_AJAX_XML_Builder($vbulletin, 'text/xml');
$xml->add_group('root');
$xml->add_tag('html', self::makeDefaultSearch($contenttypeid, $prefs));
$xml->close_group();
$xml->print_xml();
}
$threadrate->set('userid', 0);
$threadrate->set('vote', $vbulletin->GPC['vote']);
$threadrate->set('ipaddress', IPADDRESS);
($hook = vBulletinHook::fetch_hook('threadrate_add')) ? eval($hook) : false;
$threadrate->save();
$update = true;
if (!$vbulletin->GPC['ajax']) {
$vbulletin->url = 'showthread.php?' . $vbulletin->session->vars['sessionurl'] . "t={$threadinfo['threadid']}&page=" . $vbulletin->GPC['pagenumber'] . "&pp=" . $vbulletin->GPC['perpage'];
eval(print_standard_redirect('redirect_threadrate_add'));
}
}
}
}
require_once DIR . '/includes/class_xml.php';
$xml = new vB_AJAX_XML_Builder($vbulletin, 'text/xml');
$xml->add_group('threadrating');
if ($update) {
$thread = $db->query_first_slave("\n\t\tSELECT votetotal, votenum\n\t\tFROM " . TABLE_PREFIX . "thread\n\t\tWHERE threadid = {$threadinfo['threadid']}\n\t");
if ($thread['votenum'] >= $vbulletin->options['showvotes']) {
// Show Voteavg
$thread['voteavg'] = vb_number_format($thread['votetotal'] / $thread['votenum'], 2);
$thread['rating'] = round($thread['votetotal'] / $thread['votenum']);
$xml->add_tag('voteavg', process_replacement_vars("{$vbphrase['rating']}: <img class=\"inlineimg\" src=\"{$stylevar['imgdir_rating']}/rating_{$thread['rating']}.gif\" alt=\"" . construct_phrase($vbphrase['thread_rating_x_votes_y_average'], $thread['votenum'], $thread['voteavg']) . "\" border=\"0\" />"));
} else {
$xml->add_tag('voteavg', '');
}
if (!function_exists('fetch_phrase')) {
require_once DIR . '/includes/functions_misc.php';
}
$xml->add_tag('message', fetch_phrase('redirect_threadrate_add', 'frontredirect', 'redirect_'));
} else {
/**
* Rate a node (ajax only)
*
* @return string
*/
public function actionRate()
{
global $bootstrap;
$nodeid = intval($this->node->getNodeId());
// Load the style
$bootstrap->force_styleid($this->node->getStyleId());
$bootstrap->load_style();
vB::$vbulletin->input->clean_array_gpc('r', array(
'vote' => vB_Input::TYPE_UINT
));
$vote = vB::$vbulletin->GPC['vote'];
if ($vote < 0 OR $vote > 5)
{
die;
}
$rated = intval(fetch_bbarray_cookie('cms_rate', $nodeid));
$update = false;
if (vB::$vbulletin->userinfo['userid'])
{
if ($rating = vB::$db->query_first("
SELECT *
FROM " . TABLE_PREFIX . "cms_rate
WHERE userid = " . vB::$vbulletin->userinfo['userid'] . "
AND nodeid = $nodeid
"))
{
if (vB::$vbulletin->options['votechange'])
{
if ($vote != $rating['vote'])
{
$rateitem = new vBCms_Item_Rate($rating['rateid']);
$ratedm = new vBCms_DM_Rate($rateitem);
$ratedm->set('nodeid', $nodeid);
$ratedm->set('userid', vB::$vbulletin->userinfo['userid']);
$ratedm->set('vote', intval($vote));
$ratedm->save();
}
$update = true;
}
}
else
{
$ratedm = new vBCms_DM_Rate();
$ratedm->set('nodeid', $nodeid);
$ratedm->set('userid', vB::$vbulletin->userinfo['userid']);
$ratedm->set('vote', intval($vote));
$ratedm->save();
$update = true;
}
}
else
{
// Check for cookie on user's computer for this blogid
if ($rated AND !vB::$vbulletin->options['votechange'])
{
}
else
{
// Check for entry in Database for this Ip Addr/blogid
if ($rating = vB::$db->query_first("
SELECT *
FROM " . TABLE_PREFIX . "cms_rate
WHERE ipaddress = '" . vB::$db->escape_string(IPADDRESS) . "'
AND nodeid = $nodeid
"))
{
if (vB::$vbulletin->options['votechange'])
{
if ($vote != $rating['vote'])
{
$rateitem = new vBCms_Item_Rate($rating['rateid']);
$ratedm = new vBCms_DM_Rate($rateitem);
$ratedm->set('nodeid', $nodeid);
$ratedm->set('vote', intval($vote));
$ratedm->save();
}
$update = true;
}
}
else
{
$ratedm = new vBCms_DM_Rate();
$ratedm->set('nodeid', $nodeid);
$ratedm->set('userid', 0);
$ratedm->set('vote', intval($vote));
$ratedm->save();
$update = true;
}
}
}
require_once(DIR . '/includes/class_xml.php');
$xml = new vB_AJAX_XML_Builder(vB::$vbulletin, 'text/xml');
$xml->add_group('threadrating');
if ($update)
{
$node = vB::$db->query_first_slave("
SELECT ratingtotal, ratingnum
FROM " . TABLE_PREFIX . "cms_nodeinfo
WHERE nodeid = $nodeid
");
if ($node['ratingnum'] > 0 AND $node['ratingnum'] >= vB::$vbulletin->options['showvotes'])
{ // Show Voteavg
$node['ratingavg'] = vb_number_format($node['ratingtotal'] / $node['ratingnum'], 2);
$node['rating'] = intval(round($node['ratingtotal'] / $node['ratingnum']));
$xml->add_tag('voteavg', "<img class=\"inlineimg\" src=\"" . vB_Template_Runtime::fetchStyleVar('imgdir_rating') . "/rating-15_$node[rating].png\" alt=\"" . construct_phrase($vbphrase['rating_x_votes_y_average'], $node['ratingnum'], $node['ratingavg']) . "\" border=\"0\" />");
}
else
{
$xml->add_tag('voteavg', '');
}
if (!function_exists('fetch_phrase'))
{
require_once(DIR . '/includes/functions_misc.php');
}
$xml->add_tag('message', fetch_phrase('redirect_blog_rate_add', 'frontredirect', 'redirect_'));
}
else // Already voted error...
{
if (!empty($rating['nodeid']))
{
set_bbarray_cookie('cms_rate', $rating['nodeid'], $rating['vote'], 1);
}
$xml->add_tag('error', fetch_error('blog_rate_voted'));
}
$xml->close_group();
$xml->print_xml();
}
$dataman->setr('iconid', $edit['iconid']);
}
$postusername = $vbulletin->userinfo['username'];
$dataman->pre_save();
if ($dataman->errors) {
$errors = $dataman->errors;
}
if ($dataman->info['podcastsize']) {
$edit['podcastsize'] = $dataman->info['podcastsize'];
}
if (sizeof($errors) > 0) {
// ### POST HAS ERRORS ###
if ($vbulletin->GPC['ajax']) {
require_once DIR . '/includes/class_xml.php';
$xml = new vB_AJAX_XML_Builder($vbulletin, 'text/xml');
$xml->add_group('errors');
foreach ($errors as $error) {
$xml->add_tag('error', $error);
}
$xml->close_group();
$xml->print_xml();
} else {
$postpreview = construct_errors($errors);
construct_checkboxes($edit);
$previewpost = true;
$_REQUEST['do'] = 'editpost';
}
} else {
if ($edit['preview']) {
$attachs = $db->query_read_slave("\n\t\t\tSELECT dateline, thumbnail_dateline, filename, filesize, visible, attachmentid, counter,\n\t\t\t\tIF(thumbnail_filesize > 0, 1, 0) AS hasthumbnail, thumbnail_filesize,\n\t\t\t\tattachmenttype.thumbnail AS build_thumbnail, attachmenttype.newwindow\n\t\t\tFROM " . TABLE_PREFIX . "attachment\n\t\t\tLEFT JOIN " . TABLE_PREFIX . "attachmenttype AS attachmenttype USING (extension)\n\t\t\tWHERE postid = {$postinfo['postid']}\n\t\t\tORDER BY attachmentid\n\t\t");
while ($attachment = $db->fetch_array($attachs)) {
$extension['width'] = $extension['width'] > 0 ? $extension['width'] : '-';
$extension['height'] = $extension['height'] > 0 ? $extension['height'] : '-';
$extension['extension'] = $filetype;
$templater = vB_Template::create('newattachment_keybit');
$templater->register('bgclass', $bgclass);
$templater->register('extension', $extension);
$attachkeybits .= $templater->render();
}
}
$show['updateparent'] = true;
$hiddenvalues = implode("\r\n", array_map('fetch_hidden_value', array_keys($vbulletin->GPC['values']), $vbulletin->GPC['values']));
// complete
if ($show['ajaxupload']) {
require_once DIR . '/includes/class_xml.php';
$xml = new vB_AJAX_XML_Builder($vbulletin, 'text/xml');
$xml->add_group('container');
if (!empty($attachlib->errors)) {
$xml->add_group('uploaderrors');
foreach ($attachlib->errors as $error) {
$filename = fetch_censored_text(htmlspecialchars_uni($error['filename'], false));
$errormessage = $error['error'] ? $error['error'] : $vbphrase["{$error['errorphrase']}"];
$xml->add_tag('uploaderror', "{$filename}: {$errormessage}");
if ($vbulletin->GPC['flash']) {
echo "error: {$errormessage}";
}
}
$xml->close_group();
if ($vbulletin->GPC['flash']) {
exit;
}
}
define('MESSAGEPREVIEW', true);
$preview = process_group_message_preview($message);
$_GET['do'] = 'message';
} else {
$gmid = $dataman->save();
if ($messageinfo) {
$gmid = $messageinfo['gmid'];
}
if ($messageinfo and !$group['is_owner'] and can_moderate(0, 'caneditgroupmessages')) {
require_once DIR . '/includes/functions_log_error.php';
log_moderator_action($messageinfo, 'gm_by_x_for_y_edited', array($messageinfo['postusername'], $group['name']));
}
if ($vbulletin->GPC['ajax']) {
require_once DIR . '/includes/class_xml.php';
$xml = new vB_AJAX_XML_Builder($vbulletin, 'text/xml');
$xml->add_group('commentbits');
$state = array('visible');
if (fetch_socialgroup_modperm('canmoderategroupmessages', $group)) {
$state[] = 'moderation';
}
if (fetch_socialgroup_modperm('canviewdeleted', $group)) {
$state[] = 'deleted';
$deljoinsql = "LEFT JOIN " . TABLE_PREFIX . "deletionlog AS deletionlog ON (gm.gmid = deletionlog.primaryid AND deletionlog.type = 'gmid')";
} else {
$deljoinsql = '';
}
$state_or = array("gm.state IN ('" . implode("','", $state) . "')");
// Get the viewing user's moderated posts
if ($vbulletin->userinfo['userid'] and !fetch_socialgroup_modperm('canmoderategroupmessages', $group)) {
$state_or[] = "(gm.postuserid = " . $vbulletin->userinfo['userid'] . " AND state = 'moderation')";
}
{
$ignore["$ignoreuserid"] = 1;
}
}
$see_deleted = ($forumperms & $vbulletin->bf_ugp_forumpermissions['canseedelnotice'] OR can_moderate($threadinfo['forumid']));
$postbit_factory = new vB_Postbit_Factory();
$postbit_factory->registry =& $vbulletin;
$postbit_factory->forum =& $foruminfo;
$postbit_factory->thread =& $thread;
$postbit_factory->cache = array();
$postbit_factory->bbcode_parser = new vB_BbCodeParser($vbulletin, fetch_tag_list());
$xml = new vB_AJAX_XML_Builder($vbulletin, 'text/xml');
$xml->add_group('postbits');
while ($post = $db->fetch_array($posts))
{
if ($tachyuser = in_coventry($post['userid']) AND !can_moderate($thread['forumid']))
{
continue;
}
if ($tachyuser)
{
$fetchtype = 'post_global_ignore';
}
else if ($ignore["$post[userid]"])
{
$fetchtype = 'post_ignore';
$page_templater->register('editorid', $editorid);
$page_templater->register('messagearea', $messagearea);
$page_templater->register('pm', $pm);
$page_templater->register('postbit', $postbit);
$page_templater->register('receipt_question_js', $receipt_question_js);
$page_templater->register('threadpms', $threadpms);
$page_templater->register('vBeditTemplate', $vBeditTemplate);
}
// ############################# start pm message history #############################
if ($_REQUEST['do'] == 'showhistory') {
require_once DIR . '/includes/class_postbit.php';
require_once DIR . '/includes/functions_bigthree.php';
$vbulletin->input->clean_gpc('r', array('pmid' => TYPE_UINT));
require_once DIR . '/includes/class_xml.php';
$xml = new vB_AJAX_XML_Builder($vbulletin, 'text/xml');
$xml->add_group('response');
if ($vbulletin->userinfo['userid'] and $vbulletin->GPC['pmid']) {
$pm = $db->query_first_slave("\n\t\t\tSELECT pm.parentpmid, pmtext.dateline\n\t\t\tFROM " . TABLE_PREFIX . "pm AS pm\n\t\t\tINNER JOIN " . TABLE_PREFIX . "pmtext AS pmtext ON(pmtext.pmtextid = pm.pmtextid)\n\t\t\tWHERE pm.userid=" . $vbulletin->userinfo['userid'] . " AND pm.pmid=" . $vbulletin->GPC['pmid'] . "\n\t\t");
}
if (empty($pm)) {
$xml->add_tag('error', 1);
} else {
$threadresult = $vbulletin->db->query_read_slave("\n\t\t\tSELECT pm.*, pmtext.*\n\t\t\tFROM " . TABLE_PREFIX . "pm AS pm\n\t\t\tINNER JOIN " . TABLE_PREFIX . "pmtext AS pmtext ON(pmtext.pmtextid = pm.pmtextid)\n\t\t\tWHERE (pm.parentpmid=" . $pm['parentpmid'] . "\n\t\t\t\t\tOR pm.pmid = " . $pm['parentpmid'] . ")\n\t\t\tAND pm.pmid != " . $vbulletin->GPC['pmid'] . "\n\t\t\tAND pm.userid=" . $vbulletin->userinfo['userid'] . "\n\t\t\tAND pmtext.dateline < " . intval($pm['dateline']) . "\n\t\t\tORDER BY pmtext.dateline DESC\n\t\t");
if ($vbulletin->db->num_rows($threadresult)) {
$threadpms = '';
while ($threadpm = $vbulletin->db->fetch_array($threadresult)) {
$postbit_factory = new vB_Postbit_Factory();
$postbit_factory->registry =& $vbulletin;
$postbit_factory->cache = array();
$postbit_factory->bbcode_parser = new vB_BbCodeParser($vbulletin, fetch_tag_list());
$postbit_obj =& $postbit_factory->fetch_postbit('pm');
/**
* Retrieve current MYSQL process list
*
*/
protected function fetch_query_status()
{
$xml = new vB_AJAX_XML_Builder($this->registry, 'text/xml', vB_Template_Runtime::fetchStyleVar('charset'));
$xml->add_group('processes');
$xml->add_tag('query_status', $this->phrase['core']['query_status_title']);
$processes = $this->db->query_read("\n\t\t\tSHOW FULL PROCESSLIST\n\t\t");
$found = false;
while ($process = $this->db->fetch_array($processes)) {
if ($process['db'] == $this->registry->config['Database']['dbname'] and $process['User'] == $this->registry->config['MasterServer']['username'] and $process['Info'] != 'SHOW FULL PROCESSLIST' and $process['Command'] == 'Query' and preg_match('/^(\\s+)?### vBulletin Database Alter ###/s', $process['Info'])) {
$process['Info'] = preg_replace("/^(\\s+)?### vBulletin Database Alter ###/s", "", $process['Info']);
$found = true;
$totalseconds = intval($process['Time']);
$hours = floor($seconds / 3600);
$totalseconds -= $hours * 3600;
$minutes = floor($totalseconds / 60);
$totalseconds -= $minutes * 60;
$seconds = $totalseconds;
$xml->add_tag('process', construct_phrase($this->phrase['core']['process_x_y_z'], str_pad($hours, 2, "0", STR_PAD_LEFT), str_pad($minutes, 2, "0", STR_PAD_LEFT), str_pad($seconds, 2, "0", STR_PAD_LEFT), htmlspecialchars_uni($process['State']), htmlspecialchars_uni($process['Info'])));
}
}
if (!$found) {
$xml->add_tag('noprocess', $this->phrase['core']['no_processes_found']);
}
$xml->close_group('processes');
$xml->print_xml();
}
/**
* vB_Search_Type::getUiXml()
* This gets the xml which will be passed to the ajax function. It just wraps
* get_ui in html
*
* @param array $prefs : the stored prefs for this contenttype
* @return the appropriate user interface wrapped in XML
*/
public function getUiXml($prefs)
{
global $vbulletin;
$xml = new vB_AJAX_XML_Builder($vbulletin, 'text/xml');
$xml->add_group('root');
$xml->add_tag('html', $this->listUi($prefs));
$xml->close_group();
$xml->print_xml();
}
/**
* Halts execution of the entire system and displays an error message
*
* @param string Text of the error message. Leave blank to use $this->sql as error text.
*
* @return integer
*/
function halt($errortext = '')
{
global $vbulletin;
if ($this->connection_recent) {
$this->error = $this->error($this->connection_recent);
$this->errno = $this->errno($this->connection_recent);
}
if ($this->reporterror) {
if ($errortext == '') {
$this->sql = "Invalid SQL:\r\n" . chop($this->sql) . ';';
$errortext =& $this->sql;
}
// Try and stop e-mail flooding.
if (!$vbulletin->options['disableerroremail']) {
if (!$vbulletin->options['safeupload']) {
$tempdir = ini_get('upload_tmp_dir');
} else {
$tempdir = $vbulletin->options['tmppath'] . '/';
}
$unique = md5(COOKIE_SALT);
$tempfile = $tempdir . "zdberr{$unique}.dat";
/* If its less than a minute since the last e-mail
and the error code is the same as last time, disable e-mail */
if ($data = @file_get_contents($tempfile)) {
$errc = intval(substr($data, 10));
$time = intval(substr($data, 0, 10));
if ($time and TIMENOW - $time < 60 and intval($this->errno) == $errc) {
$vbulletin->options['disableerroremail'] = true;
} else {
$data = TIMENOW . intval($this->errno);
@file_put_contents($tempfile, $data);
}
} else {
$data = TIMENOW . intval($this->errno);
@file_put_contents($tempfile, $data);
}
}
$vboptions =& $vbulletin->options;
$technicalemail =& $vbulletin->config['Database']['technicalemail'];
$bbuserinfo =& $vbulletin->userinfo;
$requestdate = date('l, F jS Y @ h:i:s A', TIMENOW);
$date = date('l, F jS Y @ h:i:s A');
$scriptpath = str_replace('&', '&', $vbulletin->scriptpath);
$referer = REFERRER;
$ipaddress = IPADDRESS;
$classname = get_class($this);
if ($this->connection_recent) {
$this->hide_errors();
list($mysqlversion) = $this->query_first("SELECT VERSION() AS version", DBARRAY_NUM);
$this->show_errors();
}
$display_db_error = (VB_AREA == 'Upgrade' or VB_AREA == 'Install' or $vbulletin->userinfo['permissions']['adminpermissions'] & $vbulletin->bf_ugp_adminpermissions['cancontrolpanel']);
// Hide the MySQL Version if its going in the source
if (!$display_db_error) {
$mysqlversion = '';
}
eval('$message = "' . str_replace('"', '\\"', file_get_contents(DIR . '/includes/database_error_message.html')) . '";');
// add a backtrace to the message
if ($vbulletin->debug) {
$trace = debug_backtrace();
$trace_output = "\n";
foreach ($trace as $index => $trace_item) {
$param = in_array($trace_item['function'], array('require', 'require_once', 'include', 'include_once')) ? $trace_item['args'][0] : '';
// remove path
$param = str_replace(DIR, '[path]', $param);
$trace_item['file'] = str_replace(DIR, '[path]', $trace_item['file']);
$trace_output .= "#{$index} {$trace_item['class']}{$trace_item['type']}{$trace_item['function']}({$param}) called in {$trace_item['file']} on line {$trace_item['line']}\n";
}
$message .= "\n\nStack Trace:\n{$trace_output}\n";
}
require_once DIR . '/includes/functions_log_error.php';
if (function_exists('log_vbulletin_error')) {
log_vbulletin_error($message, 'database');
}
if ($technicalemail != '' and !$vbulletin->options['disableerroremail'] and verify_email_vbulletin_error($this->errno, 'database')) {
// If vBulletinHook is defined then we know that options are loaded, so we can then use vbmail
if (class_exists('vBulletinHook', false)) {
@vbmail($technicalemail, $this->appshortname . ' Database Error!', $message, true, $technicalemail);
} else {
@mail($technicalemail, $this->appshortname . ' Database Error!', preg_replace("#(\r\n|\r|\n)#s", @ini_get('sendmail_path') === '' ? "\r\n" : "\n", $message), "From: {$technicalemail}");
}
}
if (defined('STDIN')) {
echo $message;
exit;
}
// send ajax reponse after sending error email
if ($vbulletin->GPC['ajax']) {
require_once DIR . '/includes/class_xml.php';
$xml = new vB_AJAX_XML_Builder($vbulletin, 'text/xml');
$error = '<p>Database Error</p>';
if ($vbulletin->debug or VB_AREA == 'Upgrade') {
$error .= "\r\n\r\n{$errortext}";
$error .= "\r\n\r\n{$this->error}";
}
eval('$ajaxmessage = "' . str_replace('"', '\\"', file_get_contents(DIR . '/includes/database_error_message_ajax.html')) . '";');
$xml->add_group('errors');
$xml->add_tag('error', $error);
$xml->add_tag('error_html', $ajaxmessage);
$xml->close_group('errors');
$xml->print_xml();
}
if (!headers_sent()) {
if (SAPI_NAME == 'cgi' or SAPI_NAME == 'cgi-fcgi') {
header('Status: 503 Service Unavailable');
} else {
header($_SERVER['SERVER_PROTOCOL'] . ' 503 Service Unavailable');
}
}
if ($display_db_error) {
// display error message on screen
$message = '<form><textarea rows="15" cols="70" wrap="off" id="message">' . htmlspecialchars_uni($message) . '</textarea></form>';
} else {
if ($vbulletin->debug) {
// display hidden error message
$message = "\r\n<!--\r\n" . htmlspecialchars_uni($message) . "\r\n-->\r\n";
} else {
$message = '';
}
}
if ($vbulletin->options['bburl']) {
$imagepath = $vbulletin->options['bburl'];
} else {
// this might not work with too many slashes in the archive
$imagepath = VB_AREA == 'Forum' ? '.' : '..';
}
eval('$message = "' . str_replace('"', '\\"', file_get_contents(DIR . '/includes/database_error_page.html')) . '";');
// This is needed so IE doesn't show the pretty error messages
$message .= str_repeat(' ', 512);
die($message);
} else {
if (!empty($errortext)) {
$this->error = $errortext;
}
}
}
protected function processAjax($result)
{
require_once DIR . '/includes/class_xml.php';
$xml = new vB_AJAX_XML_Builder(vB::$vbulletin, 'text/xml');
if (!$result) {
$xml->add_tag('nada', '~~No Results Found~~');
$xml->print_xml();
}
$xml->add_group('results');
$xml->add_tag('count', $result['count']);
$xml->add_tag('totalcount', $result['totalcount']);
$xml->add_tag('minid', $result['minid']);
$xml->add_tag('maxid', $result['maxid']);
$xml->add_tag('mindateline', $result['mindateline']);
$xml->add_tag('maxdateline', $result['maxdateline']);
$xml->add_tag('minscore', $result['minscore']);
$xml->add_tag('moreresults', $result['moreresults']);
if ($result['bits']) {
$xml->add_group('bits');
foreach ($result['bits'] as $bit) {
$xml->add_tag('bit', $bit);
}
$xml->close_group('bits');
}
$xml->close_group('results');
$xml->print_xml();
}
// ######################## CHECK ADMIN PERMISSIONS #######################
if (!($vbulletin->userinfo['permissions']['cms']['admin'] & 2)) {
print_cp_no_permission();
}
fetch_phrase_group('cpcms');
// ########################################################################
// ######################### START MAIN SCRIPT ############################
// ########################################################################
//If we get an ajax request, we return the XML and exit
if ($_REQUEST['do'] == 'perms_section') {
require_once DIR . '/includes/functions_misc.php';
require_once DIR . '/includes/adminfunctions_misc.php';
$vbulletin->input->clean_array_gpc('r', array('sectionid' => TYPE_UINT));
if ($vbulletin->GPC_exists['sectionid']) {
$xml = new vB_AJAX_XML_Builder($vbulletin, 'text/xml');
$xml->add_group('root');
$xml->add_tag('html', $vbulletin->GPC['sectionid'] ? getSectionTable($vbulletin->GPC['sectionid']) : showDefault());
$xml->close_group();
$xml->print_xml();
return;
}
} else {
if ($_REQUEST['do'] == 'save') {
saveData();
} else {
if ($_REQUEST['do'] == 'remove_perms') {
removePerms();
}
}
}
print_cp_header($vbphrase['permissions_manager']);
if (!in_array($value, $allowedlist) and $value != '') {
$usercss->invalid["{$selectorname}"]["{$property}"] = ' usercsserror ';
continue;
}
}
$usercss->parse($selectorname, $property, $value);
}
}
($hook = vBulletinHook::fetch_hook('profile_docustomize_process')) ? eval($hook) : false;
if ($vbulletin->GPC['ajax']) {
// AJAX means get the preview
$effective_css = $usercss->build_css($usercss->fetch_effective());
$effective_css = str_replace('/*sessionurl*/', $vbulletin->session->vars['sessionurl_js'], $effective_css);
require_once DIR . '/includes/class_xml.php';
$xml = new vB_AJAX_XML_Builder($vbulletin, 'text/xml');
$xml->add_group('preview');
$xml->add_tag('css', process_replacement_vars($effective_css));
$xml->close_group();
$xml->print_xml();
}
if (empty($usercss->error) and empty($usercss->invalid)) {
$usercss->save();
$vbulletin->url = "profile.php?" . $vbulletin->session->vars['sessionurl'] . "do=customize";
eval(print_standard_redirect('usercss_saved'));
} else {
if (!empty($usercss->error)) {
standard_error(implode("<br />", $usercss->error));
} else {
// have invalid, no errors
$_REQUEST['do'] = 'customize';
define('HAVE_ERRORS', true);
if ('vBForum_SocialGroupMessage' == VOTE_CONTENT_TYPE) {
$url = 'group.php?' . $vbulletin->session->vars['sessionurl_js'] . "do=discuss&discussionid={$target['discussionid']}";
}
$vbulletin->url = $url;
eval(print_standard_redirect('redirect_' . VOTE_CONTENT_TYPE . '_vote_add'));
}
$vote_buttons_visibility = 'none';
if ($vote_manager->can_add_vote()) {
$vote_buttons_visibility = '';
}
}
if ($need_ajax_response) {
// create response for ajax
require_once DIR . '/includes/class_xml.php';
$xml = new vB_AJAX_XML_Builder($vbulletin, 'text/xml');
$xml->add_group('voting');
// get votes results
$vote_results = '';
$disabled_group = unserialize($vbulletin->options['vbv_grp_disable']);
if (!is_member_of($vbulletin->userinfo, $disabled_group)) {
$result_vote_type = NULL;
if (!$vbulletin->options['vbv_enable_neg_votes']) {
$result_vote_type = vtVotes::POSITIVE;
}
$votes = $vote_manager->get_item_votes($result_vote_type);
$xml->add_tag('votes', $vote_manager->render_votes_block($votes, $target_id));
}
// enable/disable vote buttons
$xml->add_tag('vote_buttons_visibility', $vote_buttons_visibility);
$item_id_name = 'post_';
if (VOTE_CONTENT_TYPE == 'vBForum_SocialGroupMessage') {