public function ReadUnreadPackPM(array $messageids, $set = 'yes') { if ($this->vbulletin->options['dle_onoff'] && $this->vbulletin->options['dle_pm']) { $pm_result = $this->vbulletin->db->query_read("SELECT pt.*, p.messageread, p.folderid FROM " . TABLE_PREFIX . "pmtext AS pt \n LEFT JOIN " . TABLE_PREFIX . "pm AS p\n ON pt.pmtextid=p.pmtextid\n WHERE p.pmid IN (" . implode(", ", $messageids) . ") AND p.userid=" . $this->vbulletin->userinfo['userid'] . " LIMIT 1"); if ($this->vbulletin->db->num_rows($pm_result)) { $this->_db_connect(); $user_name = $this->db->escape_string($this->vbulletin->userinfo['username']); $user = $this->db->query_first("SELECT user_id FROM " . USERPREFIX . "_users WHERE name='{$user_name}' LIMIT 1"); if ($user) { $pm_unread = 0; while ($pm_info = $this->vbulletin->db->fetch_array($pm_result)) { if (DLE_CHARSET && DLE_CHARSET != $this->vbulletin->userinfo['lang_charset']) { $pm_info['fromusername'] = iconv($this->vbulletin->userinfo['lang_charset'], DLE_CHARSET, $pm_info['fromusername']); } $fromusername = $this->db->escape_string($pm_info['fromusername']); if ($pm_info['messageread']) { $pm_unread++; } if ($pm_info['folderid'] == -1) { $folder = "outbox"; } else { $folder = "inbox"; } $this->db->query_write("UPDATE " . USERPREFIX . "_pm SET pm_read='{$set}' WHERE user_from='{$fromusername}' AND date='{$pm_info['dateline']}' AND folder='{$folder}' AND user={$user['user_id']}"); } if ($pm_unread) { $this->db->query_write("UPDATE " . USERPREFIX . "_users SET pm_unread=IF(pm_unread <= {$pm_unread}, 0, pm_unread-{$pm_unread}) WHERE user_id='{$user['user_id']}'"); } } $this->_db_disconnect(); } } }
/** * Verifies that the provided username is valid, and attempts to correct it if it is not valid * * @param string Username * * @return boolean Returns true if the username is valid, or has been corrected to be valid */ function verify_username(&$username) { // this is duplicated from the user manager // fix extra whitespace and invisible ascii stuff $username = trim(preg_replace('#[ \\r\\n\\t]+#si', ' ', strip_blank_ascii($username, ' '))); $username_raw = $username; global $stylevar; $username = preg_replace('/&#([0-9]+);/ie', "convert_unicode_char_to_charset('\\1', \$stylevar['charset'])", $username); $username = preg_replace('/�*([0-9]{1,2}|1[01][0-9]|12[0-7]);/ie', "convert_int_to_utf8('\\1')", $username); $username = str_replace(chr(0), '', $username); $username = trim($username); $length = vbstrlen($username); if ($length < $this->registry->options['minuserlength']) { // name too short $this->error('usernametooshort', $this->registry->options['minuserlength']); return false; } else { if ($length > $this->registry->options['maxuserlength']) { // name too long $this->error('usernametoolong', $this->registry->options['maxuserlength']); return false; } else { if (preg_match('/(?<!&#[0-9]{3}|&#[0-9]{4}|&#[0-9]{5});/', $username)) { // name contains semicolons $this->error('username_contains_semi_colons'); return false; } else { if ($username != fetch_censored_text($username)) { // name contains censored words $this->error('censorfield', $this->registry->options['contactuslink']); return false; } else { if ($this->dbobject->query_first("\n\t\t\tSELECT userid, username FROM " . TABLE_PREFIX . "user\n\t\t\tWHERE userid != " . intval($this->existing['userid']) . "\n\t\t\tAND\n\t\t\t(\n\t\t\t\tusername = '******'\n\t\t\t\tOR\n\t\t\t\tusername = '******'\n\t\t\t)\n\t\t")) { // name is already in use $this->error('usernametaken', htmlspecialchars_uni($username), $this->registry->session->vars['sessionurl']); return false; } else { if (!empty($this->registry->options['illegalusernames'])) { // check for illegal username $usernames = preg_split('/[ \\r\\n\\t]+/', $this->registry->options['illegalusernames'], -1, PREG_SPLIT_NO_EMPTY); foreach ($usernames as $val) { if (strpos(strtolower($username), strtolower($val)) !== false) { // wierd error to show, but hey... $this->error('usernametaken', htmlspecialchars_uni($username), $this->registry->session->vars['sessionurl']); return false; } } } } } } } } // if we got here, everything is okay $username = htmlspecialchars_uni($username); return true; }
/** * Disable a product, not delete * */ public function disable($productid = null) { $productid = $productid ? $productid : $this->productinfo['productid']; $this->db->query_write("\n\t\t\tUPDATE " . TABLE_PREFIX . "product\n\t\t\tSET active = 0\n\t\t\tWHERE productid = '" . $this->db->escape_string($productid) . "'\n\t\t"); build_product_datastore(); // build bitfields to remove/add this products bitfields require_once DIR . '/includes/class_bitfield_builder.php'; vB_Bitfield_Builder::save($this->db); // Products can enable a cron entries, so we need to rebuild that as well require_once DIR . '/includes/functions_cron.php'; build_cron_next_run(); // Purge cache -- doesn't apply to pre-vB4 versions if (class_exists('vB_Cache')) { vB_Cache::instance()->purge('vb_types.types'); } // Reload blocks and block types -- doesn't apply to pre-vB4 versions if (class_exists('vB_BlockManager')) { $blockmanager = vB_BlockManager::create($this->registry); $blockmanager->reloadBlockTypes(); $blockmanager->getBlocks(true, true); } }
/** * Updates this user's CSS cache. * * @return string Compiled CSS */ function update_css_cache() { $buildcss = $this->build_css(); $this->dbobject->query_write("\n\t\t\tREPLACE INTO " . TABLE_PREFIX . "usercsscache\n\t\t\t\t(userid, cachedcss, buildpermissions)\n\t\t\tVALUES\n\t\t\t\t(" . $this->userid . ", '" . $this->dbobject->escape_string($buildcss) . "', " . intval($this->permissions['usercsspermissions']) . ")\n\t\t"); return $buildcss; }
/** * Prepares an array of items into a list. * The result is a comma delimited, db escaped, quoted list for use in SQL. * * @param array string $items - An array of item titles * @param bool $prepare_items - Wether to check the items first * * @return string - A sql safe comma delimited list */ function prepare_itemlist($items, $prepare_items = false) { if (is_string($items) or $prepare_items) { $items = $this->prepare_itemarray($items); } if (!sizeof($items)) { return false; } foreach ($items as &$item) { $item = "'" . $this->dbobject->escape_string($item) . "'"; } return implode(',', $items); }
/** * Log the current location of the upgrade * * @param string Upgrade Step * @param int Startat value for multi step steps * @param bool Process only the current version upgrade */ public function log_upgrade_step($step, $startat = 0, $only = false) { $complete = $step == $this->stepcount; $perpage = 0; $insertstep = true; if ($complete) { $step = 0; if ($this->SHORT_VERSION == 'final' or $only) { $this->db->query_write("\n\t\t\t\t\tDELETE FROM " . TABLE_PREFIX . "upgradelog\n\t\t\t\t\tWHERE script IN ('final', 'vbblog', 'vbcms', 'skimlinks', 'forumrunner', 'postrelease')\n\t\t\t\t"); $insertstep = false; } else { if (is_newer_version($this->LONG_VERSION, $this->registry->options['templateversion'])) { $this->db->query_write("UPDATE " . TABLE_PREFIX . "setting SET value = '" . $this->LONG_VERSION . "' WHERE varname = 'templateversion'"); } if (!defined('SKIPDB')) { build_options(); } $this->registry->options['templateversion'] = $this->LONG_VERSION; } } if ($insertstep and !defined('SKIPDB')) { // use time() not TIMENOW to actually time the script's execution /*insert query*/ $this->db->query_write("\n\t\t\t\tINSERT INTO " . TABLE_PREFIX . "upgradelog(script, steptitle, step, startat, perpage, dateline, only)\n\t\t\t\tVALUES (\n\t\t\t\t\t'" . $this->db->escape_string($this->SHORT_VERSION) . "',\n\t\t\t\t\t'',\n\t\t\t\t\t{$step},\n\t\t\t\t\t{$startat},\n\t\t\t\t\t{$perpage},\n\t\t\t\t\t" . time() . ",\n\t\t\t\t\t" . intval($only) . "\n\t\t\t)"); } }
function searchAttach($params, vB_Database $db, $check_only = false) { if ($check_only) { return true; } $query = array("a.nodeid <> 0"); if ($params['search']['filename']) { $query[] = "a.filename LIKE '%" . $db->escape_string_like($params['search']['filename']) . "%' "; } if ($params['search']['attachedbyuser']) { $query[] = "node.userid=" . $params['search']['attachedbyuser'] . " "; } if ($params['search']['datelinebefore'] and $params['search']['datelineafter']) { $query[] = "(fd.dateline BETWEEN UNIX_TIMESTAMP('" . $db->escape_string($params['search']['datelineafter']) . "') AND UNIX_TIMESTAMP('" . $db->escape_string($params['search']['datelinebefore']) . "')) "; } else { if ($params['search']['datelinebefore']) { $query[] = "fd.dateline < UNIX_TIMESTAMP('" . $db->escape_string($params['search']['datelinebefore']) . "') "; } else { if ($params['search']['datelineafter']) { $query[] = "fd.dateline > UNIX_TIMESTAMP('" . $db->escape_string($params['search']['datelineafter']) . "') "; } } } if ($params['search']['downloadsmore'] and $params['search']['downloadsless']) { $query[] = "(a.counter BETWEEN " . $params['search']['downloadsmore'] . " AND " . $params['search']['downloadsless'] . ") "; } else { if ($params['search']['downloadsless']) { $query[] = "a.counter < " . $params['search']['downloadsless'] . " "; } else { if ($params['search']['downloadsmore']) { $query[] = "a.counter > " . $params['search']['downloadsmore'] . " "; } } } if ($params['search']['sizemore'] and $params['search']['sizeless']) { $query[] = "(fd.filesize BETWEEN " . $params['search']['sizemore'] . " AND " . $params['search']['sizeless'] . ") "; } else { if ($params['search']['sizeless']) { $query[] = "fd.filesize < " . $params['search']['sizeless'] . " "; } else { if ($params['search']['sizemore']) { $query[] = "fd.filesize > " . $params['search']['sizemore'] . " "; } } } // if ($params['search']['visible'] != -1) // { // $query[] = "a.state = '" . ($params['search']['visible'] ? 'visible' : 'moderation') . "' "; // } $tables = "FROM " . TABLE_PREFIX . "node AS node\n\t\t\t\tINNER JOIN " . TABLE_PREFIX . "attach AS a ON (node.nodeid = a.nodeid)\n\t\t\t\tINNER JOIN " . TABLE_PREFIX . "filedata AS fd ON (a.filedataid = fd.filedataid)\n\t\t"; $where = "WHERE " . implode(" AND ", $query); $limit = ""; $order = ""; if (!empty($params['countonly'])) { $fields = "COUNT(*) AS count, SUM(fd.filesize) AS sum"; } else { $fields = "node.*, fd.filesize, a.filedataid, a.filename, fd.dateline"; $limit = "LIMIT " . ($params['pagenum'] - 1) * $params['search']['results'] . ", " . $params['search']['results']; $order = 'ORDER BY ' . $params['search']['orderby'] . ' ' . $params['search']['ordering']; } $sql = "\n\t\t\t\tSELECT {$fields}\n\t\t\t\t{$tables}\n\t\t\t\t{$where}\n\t\t\t\t{$order}\n\t\t\t\t{$limit}\n\t\t"; $resultclass = 'vB_dB_' . $this->db_type . '_result'; $config = vB::getConfig(); if (isset($config['Misc']['debug_sql']) and $config['Misc']['debug_sql']) { echo "sql: {$sql}<br />\n"; } $result = new $resultclass($db, $sql); return $result; }