public function handle_actions($topic_id, $action) { $action = $this->hook->fire('handle_actions_start', $action, $topic_id); // If action=new, we redirect to the first new post (if any) if ($action == 'new') { if (!$this->user->is_guest) { // We need to check if this topic has been viewed recently by the user $tracked_topics = Track::get_tracked_topics(); $last_viewed = isset($tracked_topics['topics'][$topic_id]) ? $tracked_topics['topics'][$topic_id] : $this->user->last_visit; $first_new_post_id = DB::for_table('posts')->where('topic_id', $topic_id)->where_gt('posted', $last_viewed)->min('id'); $first_new_post_id = $this->hook->fire('handle_actions_first_new', $first_new_post_id); if ($first_new_post_id) { Url::redirect($this->feather->urlFor('viewPost', ['pid' => $first_new_post_id]) . '#p' . $first_new_post_id); } } // If there is no new post, we go to the last post $action = 'last'; } // If action=last, we redirect to the last post if ($action == 'last') { $last_post_id = DB::for_table('posts')->where('topic_id', $topic_id)->max('id'); $last_post_id = $this->hook->fire('handle_actions_last_post', $last_post_id); if ($last_post_id) { Url::redirect($this->feather->urlFor('viewPost', ['pid' => $last_post_id]) . '#p' . $last_post_id); } } $this->hook->fire('handle_actions', $action, $topic_id); }
public function display() { if ($this->user->g_search == '0') { throw new Error(__('No search permission'), 403); } // Figure out what to do :-) if ($this->request->get('action') || $this->request->get('search_id')) { $search = $this->model->get_search_results(); // We have results to display if (isset($search['is_result'])) { $this->feather->template->setPageInfo(array('title' => array(Utils::escape($this->config['o_board_title']), __('Search results')), 'active_page' => 'search')); $this->model->display_search_results($search, $this->feather); $this->feather->template->setPageInfo(array('search' => $search)); $this->feather->template->addTemplate('search/header.php', 1); if ($search['show_as'] == 'posts') { $this->feather->template->addTemplate('search/posts.php', 5); } else { $this->feather->template->addTemplate('search/topics.php', 5); } $this->feather->template->addTemplate('search/footer.php', 10)->display(); } else { Url::redirect($this->feather->urlFor('search'), __('No hits')); } } else { $this->feather->template->setPageInfo(array('title' => array(Utils::escape($this->config['o_board_title']), __('Search')), 'active_page' => 'search', 'focus_element' => array('search', 'keywords'), 'is_indexed' => true, 'forums' => $this->model->get_list_forums()))->addTemplate('search/form.php')->display(); } }
public function markforumread($id) { $tracked_topics = get_tracked_topics(); $tracked_topics['forums'][$id] = time(); Track::set_tracked_topics($tracked_topics); Url::redirect($this->feather->urlFor('Forum', array('id' => $id)), __('Mark forum read redirect')); }
public function deactivate($plugin = null) { if (!$plugin) { throw new Error(__('Bad request'), 400); } $manager = new PluginManager(); $manager->deactivate($plugin); // Plugin has been activated, confirm and redirect Url::redirect($this->feather->urlFor('adminPlugins'), array('warning', 'Plugin deactivated!')); }
public function display() { // Zap a report if ($this->feather->request->isPost()) { $zap_id = intval(key($this->request->post('zap_id'))); $user_id = $this->user->id; $this->model->zap_report($zap_id, $user_id); Url::redirect($this->feather->urlFor('adminReports'), __('Report zapped redirect')); } AdminUtils::generateAdminMenu('reports'); $this->feather->template->setPageInfo(array('title' => array(Utils::escape($this->config['o_board_title']), __('Admin'), __('Reports')), 'active_page' => 'admin', 'admin_console' => true, 'report_data' => $this->model->get_reports(), 'report_zapped_data' => $this->model->get_zapped_reports()))->addTemplate('admin/reports.php')->display(); }
public function remove_word() { $id = intval(key($this->request->post('remove'))); $id = $this->hook->fire('remove_censoring_word_start', $id); $result = DB::for_table('censoring')->find_one($id); $result = $this->hook->fireDB('remove_censoring_word', $result); $result = $result->delete(); // Regenerate the censoring cache $this->feather->cache->store('search_for', Cache::get_censoring('search_for')); $this->feather->cache->store('replace_with', Cache::get_censoring('replace_with')); Url::redirect($this->feather->urlFor('adminCensoring'), __('Word removed redirect')); }
public function delete_category() { $cat_to_delete = (int) $this->request->post('cat_to_delete'); if ($cat_to_delete < 1) { throw new Error(__('Bad request'), '400'); } if (intval($this->request->post('disclaimer')) != 1) { Url::redirect($this->feather->urlFor('adminCategories'), __('Delete category not validated')); } if ($this->model->delete_category($cat_to_delete)) { Url::redirect($this->feather->urlFor('adminCategories'), __('Category deleted redirect')); } else { Url::redirect($this->feather->urlFor('adminCategories'), __('Unable to delete category')); } }
public function rules() { // If we are logged in, we shouldn't be here if (!$this->user->is_guest) { Url::redirect($this->feather->urlFor('home')); } // Display an error message if new registrations are disabled if ($this->config['o_regs_allow'] == '0') { throw new Error(__('No new regs'), 403); } if ($this->config['o_rules'] != '1') { Url::redirect($this->feather->urlFor('register')); } $this->feather->template->setPageInfo(array('title' => array(Utils::escape($this->config['o_board_title']), __('Register'), __('Forum rules')), 'active_page' => 'register'))->addTemplate('register/rules.php')->display(); }
public function editpost($id) { // Fetch some informations about the post, the topic and the forum $cur_post = $this->model->get_info_edit($id); // Sort out who the moderators are and if we are currently a moderator (or an admin) $mods_array = $cur_post['moderators'] != '' ? unserialize($cur_post['moderators']) : array(); $is_admmod = $this->user->g_id == $this->feather->forum_env['FEATHER_ADMIN'] || $this->user->g_moderator == '1' && array_key_exists($this->user->username, $mods_array) ? true : false; $can_edit_subject = $id == $cur_post['first_post_id']; if ($this->config['o_censoring'] == '1') { $cur_post['subject'] = Utils::censor($cur_post['subject']); $cur_post['message'] = Utils::censor($cur_post['message']); } // Do we have permission to edit this post? if (($this->user->g_edit_posts == '0' || $cur_post['poster_id'] != $this->user->id || $cur_post['closed'] == '1') && !$is_admmod) { throw new Error(__('No permission'), 403); } if ($is_admmod && $this->user->g_id != $this->feather->forum_env['FEATHER_ADMIN'] && in_array($cur_post['poster_id'], Utils::get_admin_ids())) { throw new Error(__('No permission'), 403); } // Start with a clean slate $errors = array(); if ($this->feather->request()->isPost()) { // Let's see if everything went right $errors = $this->model->check_errors_before_edit($can_edit_subject, $errors); // Setup some variables before post $post = $this->model->setup_variables($cur_post, $is_admmod, $can_edit_subject, $errors); // Did everything go according to plan? if (empty($errors) && !$this->request->post('preview')) { // Edit the post $this->model->edit_post($id, $can_edit_subject, $post, $cur_post, $is_admmod); Url::redirect($this->feather->urlFor('viewPost', ['pid' => $id]) . '#p' . $id, __('Post redirect')); } } else { $post = ''; } if ($this->request->post('preview')) { $preview_message = $this->feather->parser->parse_message($post['message'], $post['hide_smilies']); } else { $preview_message = ''; } $lang_bbeditor = array('btnBold' => __('btnBold'), 'btnItalic' => __('btnItalic'), 'btnUnderline' => __('btnUnderline'), 'btnColor' => __('btnColor'), 'btnLeft' => __('btnLeft'), 'btnRight' => __('btnRight'), 'btnJustify' => __('btnJustify'), 'btnCenter' => __('btnCenter'), 'btnLink' => __('btnLink'), 'btnPicture' => __('btnPicture'), 'btnList' => __('btnList'), 'btnQuote' => __('btnQuote'), 'btnCode' => __('btnCode'), 'promptImage' => __('promptImage'), 'promptUrl' => __('promptUrl'), 'promptQuote' => __('promptQuote')); $this->feather->template->setPageInfo(array('title' => array(Utils::escape($this->config['o_board_title']), __('Edit post')), 'required_fields' => array('req_subject' => __('Subject'), 'req_message' => __('Message')), 'focus_element' => array('edit', 'req_message'), 'cur_post' => $cur_post, 'errors' => $errors, 'preview_message' => $preview_message, 'id' => $id, 'checkboxes' => $this->model->get_checkboxes($can_edit_subject, $is_admmod, $cur_post, 1), 'can_edit_subject' => $can_edit_subject, 'lang_bbeditor' => $lang_bbeditor, 'post' => $post))->addTemplate('edit.php')->display(); }
public function update_permissions() { $form = array_map('intval', $this->request->post('form')); $form = $this->hook->fire('permissions.update_permissions.form', $form); foreach ($form as $key => $input) { // Make sure the input is never a negative value if ($input < 0) { $input = 0; } // Only update values that have changed if (array_key_exists('p_' . $key, $this->config) && $this->config['p_' . $key] != $input) { DB::for_table('config')->where('conf_name', 'p_' . $key)->update_many('conf_value', $input); } } // Regenerate the config cache $this->feather->cache->store('config', Cache::get_config()); // $this->clear_feed_cache(); Url::redirect($this->feather->urlFor('adminPermissions'), __('Perms updated redirect')); }
public function display($action = null) { // Check for upgrade if ($action == 'check_upgrade') { if (!ini_get('allow_url_fopen')) { throw new Error(__('fopen disabled message'), 500); } $latest_version = trim(@file_get_contents('http://featherbb.org/latest_version')); if (empty($latest_version)) { throw new Error(__('Upgrade check failed message'), 500); } if (version_compare($this->config['o_cur_version'], $latest_version, '>=')) { Url::redirect($this->feather->urlFor('adminIndex'), __('Running latest version message')); } else { Url::redirect($this->feather->urlFor('adminIndex'), sprintf(__('New version available message'), '<a href="http://featherbb.org/">FeatherBB.org</a>')); } } AdminUtils::generateAdminMenu('index'); $this->feather->template->setPageInfo(array('title' => array(Utils::escape($this->config['o_board_title']), __('Admin'), __('Index')), 'active_page' => 'admin', 'admin_console' => true))->addTemplate('admin/index.php')->display(); }
public function handle_deletion($is_topic_post, $id, $tid, $fid) { $this->hook->fire('handle_deletion_start', $is_topic_post, $id, $tid, $fid); if ($is_topic_post) { $this->hook->fire('handle_deletion_topic_post', $tid, $fid); // Delete the topic and all of its posts self::topic($tid); Forum::update($fid); Url::redirect($this->feather->urlFor('Forum', array('id' => $fid)), __('Topic del redirect')); } else { $this->hook->fire('handle_deletion', $tid, $fid, $id); // Delete just this one post self::post($id, $tid); Forum::update($fid); // Redirect towards the previous post $post = DB::for_table('posts')->select('id')->where('topic_id', $tid)->where_lt('id', $id)->order_by_desc('id'); $post = $this->hook->fireDB('handle_deletion_query', $post); $post = $post->find_one(); Url::redirect($this->feather->urlFor('viewPost', ['pid' => $post['id']]) . '#p' . $post['id'], __('Post del redirect')); } }
public function subscribe_forum($forum_id) { $forum_id = $this->hook->fire('subscribe_forum_start', $forum_id); if ($this->config['o_forum_subscriptions'] != '1') { throw new Error(__('No permission'), 403); } // Make sure the user can view the forum $authorized['where'] = array(array('fp.read_forum' => 'IS NULL'), array('fp.read_forum' => '1')); $authorized = DB::for_table('forums')->table_alias('f')->left_outer_join('forum_perms', array('fp.forum_id', '=', 'f.id'), 'fp')->left_outer_join('forum_perms', array('fp.group_id', '=', $this->user->g_id), null, true)->where_any_is($authorized['where'])->where('f.id', $forum_id); $authorized = $this->hook->fireDB('subscribe_forum_authorized_query', $authorized); $authorized = $authorized->find_one(); if (!$authorized) { throw new Error(__('Bad request'), 404); } $is_subscribed = DB::for_table('forum_subscriptions')->where('user_id', $this->user->id)->where('forum_id', $forum_id); $is_subscribed = $this->hook->fireDB('subscribe_forum_subscribed_query', $is_subscribed); $is_subscribed = $is_subscribed->find_one(); if ($is_subscribed) { throw new Error(__('Already subscribed forum'), 400); } // Insert the subscription $subscription['insert'] = array('user_id' => $this->user->id, 'forum_id' => $forum_id); $subscription = DB::for_table('forum_subscriptions')->create()->set($subscription['insert']); $subscription = $this->hook->fireDB('subscribe_forum_query', $subscription); $subscription = $subscription->save(); Url::redirect($this->feather->urlFor('Forum', ['id' => $forum_id]), __('Subscribe redirect')); }
public function remove_ban($ban_id) { $ban_id = $this->hook->fire('remove_ban', $ban_id); $result = DB::for_table('bans')->where('id', $ban_id)->find_one(); $result = $this->hook->fireDB('remove_ban_query', $result); $result = $result->delete(); // Regenerate the bans cache $this->feather->cache->store('bans', Cache::get_bans()); Url::redirect($this->feather->urlFor('adminBans'), __('Ban removed redirect')); }
public function forget() { if (!$this->feather->user->is_guest) { Url::redirect($this->feather->urlFor('home'), 'Already logged in'); } if ($this->feather->request->isPost()) { // Validate the email address $email = strtolower(Utils::trim($this->feather->request->post('req_email'))); if (!$this->feather->email->is_valid_email($email)) { throw new Error(__('Invalid email'), 400); } $user = ModelAuth::get_user_from_email($email); if ($user) { // Load the "activate password" template $mail_tpl = trim(file_get_contents($this->feather->forum_env['FEATHER_ROOT'] . 'featherbb/lang/' . $this->feather->user->language . '/mail_templates/activate_password.tpl')); $mail_tpl = $this->feather->hooks->fire('mail_tpl_password_forgotten', $mail_tpl); // The first row contains the subject $first_crlf = strpos($mail_tpl, "\n"); $mail_subject = trim(substr($mail_tpl, 8, $first_crlf - 8)); $mail_message = trim(substr($mail_tpl, $first_crlf)); // Do the generic replacements first (they apply to all emails sent out here) $mail_message = str_replace('<base_url>', Url::base() . '/', $mail_message); $mail_message = str_replace('<board_mailer>', $this->feather->forum_settings['o_board_title'], $mail_message); $mail_message = $this->feather->hooks->fire('mail_message_password_forgotten', $mail_message); if ($user->last_email_sent != '' && time() - $user->last_email_sent < 3600 && time() - $user->last_email_sent >= 0) { throw new Error(sprintf(__('Email flood'), intval((3600 - (time() - $user->last_email_sent)) / 60)), 429); } // Generate a new password and a new password activation code $new_password = Random::pass(12); $new_password_key = Random::pass(8); ModelAuth::set_new_password($new_password, $new_password_key, $user->id); // Do the user specific replacements to the template $cur_mail_message = str_replace('<username>', $user->username, $mail_message); $cur_mail_message = str_replace('<activation_url>', $this->feather->urlFor('profileAction', ['action' => 'change_pass']) . '?key=' . $new_password_key, $cur_mail_message); $cur_mail_message = str_replace('<new_password>', $new_password, $cur_mail_message); $cur_mail_message = $this->feather->hooks->fire('cur_mail_message_password_forgotten', $cur_mail_message); $this->feather->email->feather_mail($email, $mail_subject, $cur_mail_message); Url::redirect($this->feather->urlFor('home'), __('Forget mail') . ' <a href="mailto:' . $this->feather->utils->escape($this->feather->forum_settings['o_admin_email']) . '">' . $this->feather->utils->escape($this->feather->forum_settings['o_admin_email']) . '</a>.', 200); } else { throw new Error(__('No email match') . ' ' . Utils::escape($email) . '.', 400); } } $this->feather->template->setPageInfo(array('active_page' => 'login', 'title' => array(Utils::escape($this->feather->forum_settings['o_board_title']), __('Request pass')), 'required_fields' => array('req_email' => __('Email')), 'focus_element' => array('request_pass', 'req_email')))->addTemplate('login/password_forgotten.php')->display(); }
public function update_options() { $form = array('board_title' => Utils::trim($this->request->post('form_board_title')), 'board_desc' => Utils::trim($this->request->post('form_board_desc')), 'base_url' => Utils::trim($this->request->post('form_base_url')), 'default_timezone' => floatval($this->request->post('form_default_timezone')), 'default_dst' => $this->request->post('form_default_dst') != '1' ? '0' : '1', 'default_lang' => Utils::trim($this->request->post('form_default_lang')), 'default_style' => Utils::trim($this->request->post('form_default_style')), 'time_format' => Utils::trim($this->request->post('form_time_format')), 'date_format' => Utils::trim($this->request->post('form_date_format')), 'timeout_visit' => intval($this->request->post('form_timeout_visit')) > 0 ? intval($this->request->post('form_timeout_visit')) : 1, 'timeout_online' => intval($this->request->post('form_timeout_online')) > 0 ? intval($this->request->post('form_timeout_online')) : 1, 'redirect_delay' => intval($this->request->post('form_redirect_delay')) >= 0 ? intval($this->request->post('form_redirect_delay')) : 0, 'show_version' => $this->request->post('form_show_version') != '1' ? '0' : '1', 'show_user_info' => $this->request->post('form_show_user_info') != '1' ? '0' : '1', 'show_post_count' => $this->request->post('form_show_post_count') != '1' ? '0' : '1', 'smilies' => $this->request->post('form_smilies') != '1' ? '0' : '1', 'smilies_sig' => $this->request->post('form_smilies_sig') != '1' ? '0' : '1', 'make_links' => $this->request->post('form_make_links') != '1' ? '0' : '1', 'topic_review' => intval($this->request->post('form_topic_review')) >= 0 ? intval($this->request->post('form_topic_review')) : 0, 'disp_topics_default' => intval($this->request->post('form_disp_topics_default')), 'disp_posts_default' => intval($this->request->post('form_disp_posts_default')), 'indent_num_spaces' => intval($this->request->post('form_indent_num_spaces')) >= 0 ? intval($this->request->post('form_indent_num_spaces')) : 0, 'quote_depth' => intval($this->request->post('form_quote_depth')) > 0 ? intval($this->request->post('form_quote_depth')) : 1, 'quickpost' => $this->request->post('form_quickpost') != '1' ? '0' : '1', 'users_online' => $this->request->post('form_users_online') != '1' ? '0' : '1', 'censoring' => $this->request->post('form_censoring') != '1' ? '0' : '1', 'signatures' => $this->request->post('form_signatures') != '1' ? '0' : '1', 'show_dot' => $this->request->post('form_show_dot') != '1' ? '0' : '1', 'topic_views' => $this->request->post('form_topic_views') != '1' ? '0' : '1', 'quickjump' => $this->request->post('form_quickjump') != '1' ? '0' : '1', 'gzip' => $this->request->post('form_gzip') != '1' ? '0' : '1', 'search_all_forums' => $this->request->post('form_search_all_forums') != '1' ? '0' : '1', 'additional_navlinks' => Utils::trim($this->request->post('form_additional_navlinks')), 'feed_type' => intval($this->request->post('form_feed_type')), 'feed_ttl' => intval($this->request->post('form_feed_ttl')), 'report_method' => intval($this->request->post('form_report_method')), 'mailing_list' => Utils::trim($this->request->post('form_mailing_list')), 'avatars' => $this->request->post('form_avatars') != '1' ? '0' : '1', 'avatars_dir' => Utils::trim($this->request->post('form_avatars_dir')), 'avatars_width' => intval($this->request->post('form_avatars_width')) > 0 ? intval($this->request->post('form_avatars_width')) : 1, 'avatars_height' => intval($this->request->post('form_avatars_height')) > 0 ? intval($this->request->post('form_avatars_height')) : 1, 'avatars_size' => intval($this->request->post('form_avatars_size')) > 0 ? intval($this->request->post('form_avatars_size')) : 1, 'admin_email' => strtolower(Utils::trim($this->request->post('form_admin_email'))), 'webmaster_email' => strtolower(Utils::trim($this->request->post('form_webmaster_email'))), 'forum_subscriptions' => $this->request->post('form_forum_subscriptions') != '1' ? '0' : '1', 'topic_subscriptions' => $this->request->post('form_topic_subscriptions') != '1' ? '0' : '1', 'smtp_host' => Utils::trim($this->request->post('form_smtp_host')), 'smtp_user' => Utils::trim($this->request->post('form_smtp_user')), 'smtp_ssl' => $this->request->post('form_smtp_ssl') != '1' ? '0' : '1', 'regs_allow' => $this->request->post('form_regs_allow') != '1' ? '0' : '1', 'regs_verify' => $this->request->post('form_regs_verify') != '1' ? '0' : '1', 'regs_report' => $this->request->post('form_regs_report') != '1' ? '0' : '1', 'rules' => $this->request->post('form_rules') != '1' ? '0' : '1', 'rules_message' => Utils::trim($this->request->post('form_rules_message')), 'default_email_setting' => intval($this->request->post('form_default_email_setting')), 'announcement' => $this->request->post('form_announcement') != '1' ? '0' : '1', 'announcement_message' => Utils::trim($this->request->post('form_announcement_message')), 'maintenance' => $this->request->post('form_maintenance') != '1' ? '0' : '1', 'maintenance_message' => Utils::trim($this->request->post('form_maintenance_message'))); $form = $this->hook->fire('options.update_options.form', $form); if ($form['board_title'] == '') { throw new Error(__('Must enter title message'), 400); } // Make sure base_url doesn't end with a slash if (substr($form['base_url'], -1) == '/') { $form['base_url'] = substr($form['base_url'], 0, -1); } // Convert IDN to Punycode if needed if (preg_match('/[^\\x00-\\x7F]/', $form['base_url'])) { if (!function_exists('idn_to_ascii')) { throw new Error(__('Base URL problem'), 400); } else { $form['base_url'] = idn_to_ascii($form['base_url']); } } $languages = \FeatherBB\Core\Lister::getLangs(); if (!in_array($form['default_lang'], $languages)) { throw new Error(__('Bad request'), 404); } $styles = \FeatherBB\Core\Lister::getStyles(); if (!in_array($form['default_style'], $styles)) { throw new Error(__('Bad request'), 404); } if ($form['time_format'] == '') { $form['time_format'] = 'H:i:s'; } if ($form['date_format'] == '') { $form['date_format'] = 'Y-m-d'; } if (!$this->email->is_valid_email($form['admin_email'])) { throw new Error(__('Invalid e-mail message'), 400); } if (!$this->email->is_valid_email($form['webmaster_email'])) { throw new Error(__('Invalid webmaster e-mail message'), 400); } if ($form['mailing_list'] != '') { $form['mailing_list'] = strtolower(preg_replace('%\\s%S', '', $form['mailing_list'])); } // Make sure avatars_dir doesn't end with a slash if (substr($form['avatars_dir'], -1) == '/') { $form['avatars_dir'] = substr($form['avatars_dir'], 0, -1); } if ($form['additional_navlinks'] != '') { $form['additional_navlinks'] = Utils::trim(Utils::linebreaks($form['additional_navlinks'])); } // Change or enter a SMTP password if ($this->request->post('form_smtp_change_pass')) { $smtp_pass1 = $this->request->post('form_smtp_pass1') ? Utils::trim($this->request->post('form_smtp_pass1')) : ''; $smtp_pass2 = $this->request->post('form_smtp_pass2') ? Utils::trim($this->request->post('form_smtp_pass2')) : ''; if ($smtp_pass1 == $smtp_pass2) { $form['smtp_pass'] = $smtp_pass1; } else { throw new Error(__('SMTP passwords did not match'), 400); } } if ($form['announcement_message'] != '') { $form['announcement_message'] = Utils::linebreaks($form['announcement_message']); } else { $form['announcement_message'] = __('Enter announcement here'); $form['announcement'] = '0'; } if ($form['rules_message'] != '') { $form['rules_message'] = Utils::linebreaks($form['rules_message']); } else { $form['rules_message'] = __('Enter rules here'); $form['rules'] = '0'; } if ($form['maintenance_message'] != '') { $form['maintenance_message'] = Utils::linebreaks($form['maintenance_message']); } else { $form['maintenance_message'] = __('Default maintenance message'); $form['maintenance'] = '0'; } // Make sure the number of displayed topics and posts is between 3 and 75 if ($form['disp_topics_default'] < 3) { $form['disp_topics_default'] = 3; } elseif ($form['disp_topics_default'] > 75) { $form['disp_topics_default'] = 75; } if ($form['disp_posts_default'] < 3) { $form['disp_posts_default'] = 3; } elseif ($form['disp_posts_default'] > 75) { $form['disp_posts_default'] = 75; } if ($form['feed_type'] < 0 || $form['feed_type'] > 2) { throw new Error(__('Bad request'), 400); } if ($form['feed_ttl'] < 0) { throw new Error(__('Bad request'), 400); } if ($form['report_method'] < 0 || $form['report_method'] > 2) { throw new Error(__('Bad request'), 400); } if ($form['default_email_setting'] < 0 || $form['default_email_setting'] > 2) { throw new Error(__('Bad request'), 400); } if ($form['timeout_online'] >= $form['timeout_visit']) { throw new Error(__('Timeout error message'), 400); } foreach ($form as $key => $input) { // Only update values that have changed if (array_key_exists('o_' . $key, $this->config) && $this->config['o_' . $key] != $input) { if ($input != '' || is_int($input)) { DB::for_table('config')->where('conf_name', 'o_' . $key)->update_many('conf_value', $input); } else { DB::for_table('config')->where('conf_name', 'o_' . $key)->update_many_expr('conf_value', 'NULL'); } } } // Regenerate the config cache $this->feather->cache->store('config', Cache::get_config()); $this->clear_feed_cache(); Url::redirect($this->feather->urlFor('adminOptions'), __('Options updated redirect')); }
public function delete_group($group_id) { $group_id = $this->hook->fire('delete_group.group_id', $group_id); if ($this->request->post('del_group')) { $move_to_group = intval($this->request->post('move_to_group')); $move_to_group = $this->hook->fire('delete_group.move_to_group', $move_to_group); DB::for_table('users')->where('group_id', $group_id)->update_many('group_id', $move_to_group); } // Delete the group and any forum specific permissions DB::for_table('groups')->where('g_id', $group_id)->delete_many(); DB::for_table('forum_perms')->where('group_id', $group_id)->delete_many(); // Don't let users be promoted to this group DB::for_table('groups')->where('g_promote_next_group', $group_id)->update_many('g_promote_next_group', 0); Url::redirect($this->feather->urlFor('adminGroups'), __('Group removed redirect')); }
public function newpost($fid = null, $tid = null, $qid = null) { // Antispam feature require $this->feather->forum_env['FEATHER_ROOT'] . 'featherbb/lang/' . $this->feather->user->language . '/antispam.php'; $index_questions = rand(0, count($lang_antispam_questions) - 1); // If $_POST['username'] is filled, we are facing a bot if ($this->feather->request->post('username')) { throw new Error(__('Bad request'), 400); } // Fetch some info about the topic and/or the forum $cur_posting = $this->model->get_info_post($tid, $fid); $is_subscribed = $tid && $cur_posting['is_subscribed']; // Is someone trying to post into a redirect forum? if ($cur_posting['redirect_url'] != '') { throw new Error(__('Bad request'), 400); } // Sort out who the moderators are and if we are currently a moderator (or an admin) $mods_array = $cur_posting['moderators'] != '' ? unserialize($cur_posting['moderators']) : array(); $is_admmod = $this->feather->user->g_id == $this->feather->forum_env['FEATHER_ADMIN'] || $this->feather->user->g_moderator == '1' && array_key_exists($this->feather->user->username, $mods_array) ? true : false; // Do we have permission to post? if (($tid && ($cur_posting['post_replies'] == '' && $this->feather->user->g_post_replies == '0' || $cur_posting['post_replies'] == '0') || $fid && ($cur_posting['post_topics'] == '' && $this->feather->user->g_post_topics == '0' || $cur_posting['post_topics'] == '0') || isset($cur_posting['closed']) && $cur_posting['closed'] == '1') && !$is_admmod) { throw new Error(__('No permission'), 403); } // Start with a clean slate $errors = array(); $post = ''; // Did someone just hit "Submit" or "Preview"? if ($this->feather->request()->isPost()) { // Include $pid and $page if needed for confirm_referrer function called in check_errors_before_post() if ($this->feather->request->post('pid')) { $pid = $this->feather->request->post('pid'); } else { $pid = ''; } if ($this->feather->request->post('page')) { $page = $this->feather->request->post('page'); } else { $page = ''; } // Let's see if everything went right $errors = $this->model->check_errors_before_post($fid, $tid, $qid, $pid, $page, $errors); // Setup some variables before post $post = $this->model->setup_variables($errors, $is_admmod); // Did everything go according to plan? if (empty($errors) && !$this->feather->request->post('preview')) { // If it's a reply if ($tid) { // Insert the reply, get the new_pid $new = $this->model->insert_reply($post, $tid, $cur_posting, $is_subscribed); // Should we send out notifications? if ($this->feather->forum_settings['o_topic_subscriptions'] == '1') { $this->model->send_notifications_reply($tid, $cur_posting, $new['pid'], $post); } } elseif ($fid) { // Insert the topic, get the new_pid $new = $this->model->insert_topic($post, $fid); // Should we send out notifications? if ($this->feather->forum_settings['o_forum_subscriptions'] == '1') { $this->model->send_notifications_new_topic($post, $cur_posting, $new['tid']); } } // If we previously found out that the email was banned if ($this->feather->user->is_guest && isset($errors['banned_email']) && $this->feather->forum_settings['o_mailing_list'] != '') { $this->model->warn_banned_user($post, $new['pid']); } // If the posting user is logged in, increment his/her post count if (!$this->feather->user->is_guest) { $this->model->increment_post_count($post, $new['tid']); } Url::redirect($this->feather->urlFor('viewPost', ['pid' => $new['pid']]) . '#p' . $new['pid'], __('Post redirect')); } } $quote = ''; // If a topic ID was specified in the url (it's a reply) if ($tid) { $action = __('Post a reply'); $form = '<form id="post" method="post" action="' . $this->feather->urlFor('newReply', ['tid' => $tid]) . '" onsubmit="this.submit.disabled=true;if(process_form(this)){return true;}else{this.submit.disabled=false;return false;}">'; // If a quote ID was specified in the url if (isset($qid)) { $quote = $this->model->get_quote_message($qid, $tid); $form = '<form id="post" method="post" action="' . $this->feather->urlFor('newQuoteReply', ['pid' => $tid, 'qid' => $qid]) . '" onsubmit="this.submit.disabled=true;if(process_form(this)){return true;}else{this.submit.disabled=false;return false;}">'; } } elseif ($fid) { $action = __('Post new topic'); $form = '<form id="post" method="post" action="' . $this->feather->urlFor('newTopic', ['fid' => $fid]) . '" onsubmit="return process_form(this)">'; } else { throw new Error(__('Bad request'), 404); } $url_forum = Url::url_friendly($cur_posting['forum_name']); $is_subscribed = $tid && $cur_posting['is_subscribed']; if (isset($cur_posting['subject'])) { $url_topic = Url::url_friendly($cur_posting['subject']); } else { $url_topic = ''; } $required_fields = array('req_email' => __('Email'), 'req_subject' => __('Subject'), 'req_message' => __('Message')); if ($this->feather->user->is_guest) { $required_fields['captcha'] = __('Robot title'); } // Set focus element (new post or new reply to an existing post ?) $focus_element[] = 'post'; if (!$this->feather->user->is_guest) { $focus_element[] = $fid ? 'req_subject' : 'req_message'; } else { $required_fields['req_username'] = __('Guest name'); $focus_element[] = 'req_username'; } // Get the current state of checkboxes $checkboxes = $this->model->get_checkboxes($fid, $is_admmod, $is_subscribed); // Check to see if the topic review is to be displayed if ($tid && $this->feather->forum_settings['o_topic_review'] != '0') { $post_data = $this->model->topic_review($tid); } else { $post_data = ''; } $lang_bbeditor = array('btnBold' => __('btnBold'), 'btnItalic' => __('btnItalic'), 'btnUnderline' => __('btnUnderline'), 'btnColor' => __('btnColor'), 'btnLeft' => __('btnLeft'), 'btnRight' => __('btnRight'), 'btnJustify' => __('btnJustify'), 'btnCenter' => __('btnCenter'), 'btnLink' => __('btnLink'), 'btnPicture' => __('btnPicture'), 'btnList' => __('btnList'), 'btnQuote' => __('btnQuote'), 'btnCode' => __('btnCode'), 'promptImage' => __('promptImage'), 'promptUrl' => __('promptUrl'), 'promptQuote' => __('promptQuote')); $this->feather->template->setPageInfo(array('title' => array(Utils::escape($this->feather->forum_settings['o_board_title']), $action), 'required_fields' => $required_fields, 'focus_element' => $focus_element, 'active_page' => 'post', 'post' => $post, 'tid' => $tid, 'fid' => $fid, 'cur_posting' => $cur_posting, 'lang_antispam' => $lang_antispam, 'lang_antispam_questions' => $lang_antispam_questions, 'lang_bbeditor' => $lang_bbeditor, 'index_questions' => $index_questions, 'checkboxes' => $checkboxes, 'action' => $action, 'form' => $form, 'post_data' => $post_data, 'url_forum' => $url_forum, 'url_topic' => $url_topic, 'quote' => $quote, 'errors' => $errors))->addTemplate('post.php')->display(); }
public function action($id, $action) { // Include UTF-8 function require $this->feather->forum_env['FEATHER_ROOT'] . 'featherbb/Helpers/utf8/substr_replace.php'; require $this->feather->forum_env['FEATHER_ROOT'] . 'featherbb/Helpers/utf8/ucwords.php'; // utf8_ucwords needs utf8_substr_replace require $this->feather->forum_env['FEATHER_ROOT'] . 'featherbb/Helpers/utf8/strcasecmp.php'; if ($action != 'change_pass' || !$this->request->get('key')) { if ($this->user->g_read_board == '0') { throw new Error(__('No view'), 403); } elseif ($this->user->g_view_users == '0' && ($this->user->is_guest || $this->user->id != $id)) { throw new Error(__('No permission'), 403); } } if ($action == 'change_pass') { $this->model->change_pass($id, $this->feather); $this->feather->template->setPageInfo(array('title' => array(Utils::escape($this->config['o_board_title']), __('Profile'), __('Change pass')), 'active_page' => 'profile', 'id' => $id, 'required_fields' => array('req_old_password' => __('Old pass'), 'req_new_password1' => __('New pass'), 'req_new_password2' => __('Confirm new pass')), 'focus_element' => array('change_pass', !$this->user->is_admmod ? 'req_old_password' : 'req_new_password1'))); $this->feather->template->addTemplate('profile/change_pass.php')->display(); } elseif ($action == 'change_email') { $this->model->change_email($id, $this->feather); $this->feather->template->setPageInfo(array('title' => array(Utils::escape($this->config['o_board_title']), __('Profile'), __('Change email')), 'active_page' => 'profile', 'required_fields' => array('req_new_email' => __('New email'), 'req_password' => __('Password')), 'focus_element' => array('change_email', 'req_new_email'), 'id' => $id)); $this->feather->template->addTemplate('profile/change_mail.php')->display(); } elseif ($action == 'upload_avatar' || $action == 'upload_avatar2') { if ($this->config['o_avatars'] == '0') { throw new Error(__('Avatars disabled'), 400); } if ($this->user->id != $id && !$this->user->is_admmod) { throw new Error(__('No permission'), 403); } if ($this->feather->request()->isPost()) { $this->model->upload_avatar($id, $_FILES); } $this->feather->template->setPageInfo(array('title' => array(Utils::escape($this->config['o_board_title']), __('Profile'), __('Upload avatar')), 'active_page' => 'profile', 'required_fields' => array('req_file' => __('File')), 'focus_element' => array('upload_avatar', 'req_file'), 'id' => $id)); $this->feather->template->addTemplate('profile/upload_avatar.php')->display(); } elseif ($action == 'delete_avatar') { if ($this->user->id != $id && !$this->user->is_admmod) { throw new Error(__('No permission'), 403); } Delete::avatar($id); Url::redirect($this->feather->urlFor('profileSection', array('id' => $id, 'section' => 'personality')), __('Avatar deleted redirect')); } elseif ($action == 'promote') { if ($this->user->g_id != $this->feather->forum_env['FEATHER_ADMIN'] && ($this->user->g_moderator != '1' || $this->user->g_mod_promote_users == '0')) { throw new Error(__('No permission'), 403); } $this->model->promote_user($id, $this->feather); } else { throw new Error(__('Bad request'), 404); } }
public function display() { global $lang_admin_parser; // Legacy require $this->feather->forum_env['FEATHER_ROOT'] . 'featherbb/lang/' . $this->user->language . '/admin/parser.php'; // This is where the parser data lives and breathes. $cache_file = $this->feather->forum_env['FEATHER_ROOT'] . 'cache/cache_parser_data.php'; // If RESET button pushed, or no cache file, re-compile master bbcode source file. if ($this->request->post('reset') || !file_exists($cache_file)) { require_once $this->feather->forum_env['FEATHER_ROOT'] . 'featherbb/Core/parser/bbcd_source.php'; require_once $this->feather->forum_env['FEATHER_ROOT'] . 'featherbb/Core/parser/bbcd_compile.php'; Url::redirect($this->feather->urlFor('adminParser'), $lang_admin_parser['reset_success']); } // Load the current BBCode $pd array from featherbb/Core/parser/parser_data.inc.php. require_once $cache_file; // Fetch $pd compiled global regex data. $bbcd = $pd['bbcd']; // Local scratch copy of $bbcd. $smilies = $pd['smilies']; // Local scratch copy of $smilies. $config = $pd['config']; // Local scratch copy of $config. $count = count($bbcd); if ($this->request->post('form_sent')) { // Upload new smiley image to style/img/smilies if ($this->request->post('upload') && isset($_FILES['new_smiley']) && isset($_FILES['new_smiley']['error'])) { $f = $_FILES['new_smiley']; switch ($f['error']) { case 0: // 0: Successful upload. $name = str_replace(' ', '_', $f['name']); // Convert spaces to underscoree. $name = preg_replace('/[^\\w\\-.]/S', '', $name); // Weed out all unsavory filename chars. if (preg_match('/^[\\w\\-.]++$/', $name)) { // If we have a valid filename? if (preg_match('%^image/%', $f['type'])) { // If we have an image file type? if ($f['size'] > 0 && $f['size'] <= $this->config['o_avatars_size']) { if (move_uploaded_file($f['tmp_name'], $this->feather->forum_env['FEATHER_ROOT'] . 'style/img/smilies/' . $name)) { Url::redirect($this->feather->urlFor('adminParser'), $lang_admin_parser['upload success']); } else { // Error #1: 'Smiley upload failed. Unable to move to smiley folder.'. throw new Error($lang_admin_parser['upload_err_1'], 500); } } else { // Error #2: 'Smiley upload failed. File is too big.' throw new Error($lang_admin_parser['upload_err_2'], 400); } } else { // Error #3: 'Smiley upload failed. File type is not an image.'. throw new Error($lang_admin_parser['upload_err_3'], 400); } } else { // Error #4: 'Smiley upload failed. Bad filename.' throw new Error($lang_admin_parser['upload_err_4'], 400); } break; case 1: // case 1 similar to case 2 so fall through... // case 1 similar to case 2 so fall through... case 2: throw new Error($lang_admin_parser['upload_err_2'], 400); // File exceeds MAX_FILE_SIZE. // File exceeds MAX_FILE_SIZE. case 3: throw new Error($lang_admin_parser['upload_err_5'], 400); // File only partially uploaded. // case 4: break; // No error. Normal response when this form element left empty // File only partially uploaded. // case 4: break; // No error. Normal response when this form element left empty case 4: throw new Error($lang_admin_parser['upload_err_6'], 400); // No filename. // No filename. case 6: throw new Error($lang_admin_parser['upload_err_7'], 500); // No temp folder. // No temp folder. case 7: throw new Error($lang_admin_parser['upload_err_8'], 500); // Cannot write to disk. // Cannot write to disk. default: throw new Error($lang_admin_parser['upload_err_9'], 500); // Generic/unknown error } } // Set new $config values: if ($this->request->post('config')) { $pcfg = $this->request->post('config'); if (isset($pcfg['textile'])) { if ($pcfg['textile'] == '1') { $config['textile'] = true; } else { $config['textile'] = false; } } if (isset($pcfg['quote_links'])) { if ($pcfg['quote_links'] == '1') { $config['quote_links'] = true; } else { $config['quote_links'] = false; } } if (isset($pcfg['quote_imgs'])) { if ($pcfg['quote_imgs'] == '1') { $config['quote_imgs'] = true; } else { $config['quote_imgs'] = false; } } if (isset($pcfg['valid_imgs'])) { if ($pcfg['valid_imgs'] == '1') { $config['valid_imgs'] = true; } else { $config['valid_imgs'] = false; } } if (isset($pcfg['click_imgs'])) { if ($pcfg['click_imgs'] == '1') { $config['click_imgs'] = true; } else { $config['click_imgs'] = false; } } if (isset($pcfg['max_size']) && preg_match('/^\\d++$/', $pcfg['max_size'])) { $config['max_size'] = (int) $pcfg['max_size']; } if (isset($pcfg['max_width']) && preg_match('/^\\d++$/', $pcfg['max_width'])) { $config['max_width'] = (int) $pcfg['max_width']; // Limit default to maximum. if ($config['def_width'] > $config['max_width']) { $config['def_width'] = $config['max_width']; } } if (isset($pcfg['max_height']) && preg_match('/^\\d++$/', $pcfg['max_height'])) { $config['max_height'] = (int) $pcfg['max_height']; // Limit default to maximum. if ($config['def_height'] > $config['max_height']) { $config['def_height'] = $config['max_height']; } } if (isset($pcfg['def_width']) && preg_match('/^\\d++$/', $pcfg['def_width'])) { $config['def_width'] = (int) $pcfg['def_width']; // Limit default to maximum. if ($config['def_width'] > $config['max_width']) { $config['def_width'] = $config['max_width']; } } if (isset($pcfg['def_height']) && preg_match('/^\\d++$/', $pcfg['def_height'])) { $config['def_height'] = (int) $pcfg['def_height']; // Limit default to maximum. if ($config['def_height'] > $config['max_height']) { $config['def_height'] = $config['max_height']; } } if (isset($pcfg['smiley_size']) && preg_match('/^\\s*+(\\d++)\\s*+%?+\\s*+$/', $pcfg['smiley_size'], $m)) { $config['smiley_size'] = (int) $m[1]; // Limit default to maximum. } } // Set new $bbcd values: foreach ($bbcd as $tagname => $tagdata) { if ($tagname == '_ROOT_') { continue; // Skip last pseudo-tag } $tag =& $bbcd[$tagname]; if ($this->request->post($tagname . '_in_post') && $this->request->post($tagname . '_in_post') == '1') { $tag['in_post'] = true; } else { $tag['in_post'] = false; } if ($this->request->post($tagname . '_in_sig') && $this->request->post($tagname . '_in_sig') == '1') { $tag['in_sig'] = true; } else { $tag['in_sig'] = false; } if ($this->request->post($tagname . '_depth_max') && preg_match('/^\\d++$/', $this->request->post($tagname . '_depth_max'))) { $tag['depth_max'] = (int) $this->request->post($tagname . '_depth_max'); } } // Set new $smilies values: if ($this->request->post('smiley_text') && is_array($this->request->post('smiley_text')) && $this->request->post('smiley_file') && is_array($this->request->post('smiley_file')) && count($this->request->post('smiley_text')) === count($this->request->post('smiley_file'))) { $stext = $this->request->post('smiley_text'); $sfile = $this->request->post('smiley_file'); $len = count($stext); $good = ''; $smilies = array(); for ($i = 0; $i < $len; ++$i) { // Loop through all posted smileys. if ($stext[$i] && $sfile !== 'select new file') { $smilies[$stext[$i]] = array('file' => $sfile[$i]); } } } require_once 'featherbb/Core/parser/bbcd_compile.php'; // Compile $bbcd and save into $pd['bbcd'] Url::redirect($this->feather->urlFor('adminParser'), $lang_admin_parser['save_success']); } AdminUtils::generateAdminMenu('parser'); $this->feather->template->setPageInfo(array('title' => array(Utils::escape($this->config['o_board_title']), __('Admin'), __('Parser')), 'active_page' => 'admin', 'admin_console' => true, 'lang_admin_parser' => $lang_admin_parser, 'smiley_files' => $this->model->get_smiley_files(), 'bbcd' => $bbcd, 'config' => $config, 'smilies' => $smilies, 'i' => -1))->addTemplate('admin/parser.php')->display(); }
public function insert_user($user) { $user = $this->hook->fire('insert_user_start', $user); // Insert the new user into the database. We do this now to get the last inserted ID for later use $now = time(); $intial_group_id = $this->config['o_regs_verify'] == '0' ? $this->config['o_default_user_group'] : $this->feather->forum_env['FEATHER_UNVERIFIED']; $password_hash = Random::hash($user['password1']); // Add the user $user['insert'] = array('username' => $user['username'], 'group_id' => $intial_group_id, 'password' => $password_hash, 'email' => $user['email1'], 'email_setting' => $this->config['o_default_email_setting'], 'timezone' => $this->config['o_default_timezone'], 'dst' => 0, 'language' => $user['language'], 'style' => $this->config['o_default_style'], 'registered' => $now, 'registration_ip' => $this->request->getIp(), 'last_visit' => $now); $user = DB::for_table('users')->create()->set($user['insert']); $user = $this->hook->fireDB('insert_user_query', $user); $user = $user->save(); $new_uid = DB::get_db()->lastInsertId($this->feather->forum_settings['db_prefix'] . 'users'); if ($this->config['o_regs_verify'] == '0') { // Regenerate the users info cache if (!$this->feather->cache->isCached('users_info')) { $this->feather->cache->store('users_info', Cache::get_users_info()); } $stats = $this->feather->cache->retrieve('users_info'); } // If the mailing list isn't empty, we may need to send out some alerts if ($this->config['o_mailing_list'] != '') { // If we previously found out that the email was banned if (isset($user['banned_email'])) { // Load the "banned email register" template $mail_tpl = trim(file_get_contents($this->feather->forum_env['FEATHER_ROOT'] . 'featherbb/lang/' . $this->user->language . '/mail_templates/banned_email_register.tpl')); $mail_tpl = $this->hook->fire('insert_user_banned_mail_tpl', $mail_tpl); // The first row contains the subject $first_crlf = strpos($mail_tpl, "\n"); $mail_subject = trim(substr($mail_tpl, 8, $first_crlf - 8)); $mail_subject = $this->hook->fire('insert_user_banned_mail_subject', $mail_subject); $mail_message = trim(substr($mail_tpl, $first_crlf)); $mail_message = str_replace('<username>', $user['username'], $mail_message); $mail_message = str_replace('<email>', $user['email1'], $mail_message); $mail_message = str_replace('<profile_url>', $this->feather->urlFor('userProfile', ['id' => $new_uid]), $mail_message); $mail_message = str_replace('<board_mailer>', $this->config['o_board_title'], $mail_message); $mail_message = $this->hook->fire('insert_user_banned_mail_message', $mail_message); $this->email->feather_mail($this->config['o_mailing_list'], $mail_subject, $mail_message); } // If we previously found out that the email was a dupe if (!empty($dupe_list)) { // Load the "dupe email register" template $mail_tpl = trim(file_get_contents($this->feather->forum_env['FEATHER_ROOT'] . 'featherbb/lang/' . $this->user->language . '/mail_templates/dupe_email_register.tpl')); $mail_tpl = $this->hook->fire('insert_user_dupe_mail_tpl', $mail_tpl); // The first row contains the subject $first_crlf = strpos($mail_tpl, "\n"); $mail_subject = trim(substr($mail_tpl, 8, $first_crlf - 8)); $mail_subject = $this->hook->fire('insert_user_dupe_mail_subject', $mail_subject); $mail_message = trim(substr($mail_tpl, $first_crlf)); $mail_message = str_replace('<username>', $user['username'], $mail_message); $mail_message = str_replace('<dupe_list>', implode(', ', $dupe_list), $mail_message); $mail_message = str_replace('<profile_url>', $this->feather->urlFor('userProfile', ['id' => $new_uid]), $mail_message); $mail_message = str_replace('<board_mailer>', $this->config['o_board_title'], $mail_message); $mail_message = $this->hook->fire('insert_user_dupe_mail_message', $mail_message); $this->email->feather_mail($this->config['o_mailing_list'], $mail_subject, $mail_message); } // Should we alert people on the admin mailing list that a new user has registered? if ($this->config['o_regs_report'] == '1') { // Load the "new user" template $mail_tpl = trim(file_get_contents($this->feather->forum_env['FEATHER_ROOT'] . 'featherbb/lang/' . $this->user->language . '/mail_templates/new_user.tpl')); $mail_tpl = $this->hook->fire('insert_user_new_mail_tpl', $mail_tpl); // The first row contains the subject $first_crlf = strpos($mail_tpl, "\n"); $mail_subject = trim(substr($mail_tpl, 8, $first_crlf - 8)); $mail_subject = $this->hook->fire('insert_user_new_mail_subject', $mail_subject); $mail_message = trim(substr($mail_tpl, $first_crlf)); $mail_message = str_replace('<username>', $user['username'], $mail_message); $mail_message = str_replace('<base_url>', $this->feather->urlFor('home'), $mail_message); $mail_message = str_replace('<profile_url>', $this->feather->urlFor('userProfile', ['id' => $new_uid]), $mail_message); $mail_message = str_replace('<admin_url>', $this->feather->urlFor('profileSection', ['id' => $new_uid, 'section' => 'admin']), $mail_message); $mail_message = str_replace('<board_mailer>', $this->config['o_board_title'], $mail_message); $mail_message = $this->hook->fire('insert_user_new_mail_message', $mail_message); $this->email->feather_mail($this->config['o_mailing_list'], $mail_subject, $mail_message); } } // Must the user verify the registration or do we log him/her in right now? if ($this->config['o_regs_verify'] == '1') { // Load the "welcome" template $mail_tpl = trim(file_get_contents($this->feather->forum_env['FEATHER_ROOT'] . 'featherbb/lang/' . $this->user->language . '/mail_templates/welcome.tpl')); $mail_tpl = $this->hook->fire('insert_user_welcome_mail_tpl', $mail_tpl); // The first row contains the subject $first_crlf = strpos($mail_tpl, "\n"); $mail_subject = trim(substr($mail_tpl, 8, $first_crlf - 8)); $mail_subject = $this->hook->fire('insert_user_welcome_mail_subject', $mail_subject); $mail_message = trim(substr($mail_tpl, $first_crlf)); $mail_subject = str_replace('<board_title>', $this->config['o_board_title'], $mail_subject); $mail_message = str_replace('<base_url>', $this->feather->urlFor('home'), $mail_message); $mail_message = str_replace('<username>', $user['username'], $mail_message); $mail_message = str_replace('<password>', $user['password1'], $mail_message); $mail_message = str_replace('<login_url>', $this->feather->urlFor('login'), $mail_message); $mail_message = str_replace('<board_mailer>', $this->config['o_board_title'], $mail_message); $mail_message = $this->hook->fire('insert_user_welcome_mail_message', $mail_message); $this->email->feather_mail($user['email1'], $mail_subject, $mail_message); Url::redirect($this->feather->urlFor('home'), __('Reg email') . ' <a href="mailto:' . Utils::escape($this->config['o_admin_email']) . '">' . Utils::escape($this->config['o_admin_email']) . '</a>.'); } $this->auth->feather_setcookie($new_uid, $password_hash, time() + $this->config['o_timeout_visit']); $this->hook->fire('insert_user'); Url::redirect($this->feather->urlFor('home'), __('Reg complete')); }
public function logout($id, $token) { $token = $this->hook->fire('logout_start', $token, $id); if ($this->user->is_guest || !isset($id) || $id != $this->user->id || !isset($token) || $token != Random::hash($this->user->id . Random::hash($this->request->getIp()))) { header('Location: ' . Url::base()); exit; } // Remove user from "users online" list $delete_online = DB::for_table('online')->where('user_id', $this->user->id); $delete_online = $this->hook->fireDB('delete_online_logout', $delete_online); $delete_online = $delete_online->delete_many(); // Update last_visit (make sure there's something to update it with) if (isset($this->user->logged)) { $update_last_visit = DB::for_table('users')->where('id', $this->user->id)->find_one()->set('last_visit', $this->user->logged); $update_last_visit = $this->hook->fireDB('update_online_logout', $update_last_visit); $update_last_visit = $update_last_visit->save(); } $this->hook->fire('logout_end'); $this->auth->feather_setcookie(1, Random::hash(uniqid(rand(), true)), time() + 31536000); Url::redirect($this->feather->urlFor('home'), __('Logout redirect')); }
public function update_profile($id, $info, $section) { $info = $this->hook->fire('update_profile_start', $info, $id, $section); $username_updated = false; $section = $this->hook->fire('update_profile_section', $section, $id, $info); // Validate input depending on section switch ($section) { case 'essentials': $form = array('timezone' => floatval($this->request->post('form_timezone')), 'dst' => $this->request->post('form_dst') ? '1' : '0', 'time_format' => intval($this->request->post('form_time_format')), 'date_format' => intval($this->request->post('form_date_format'))); // Make sure we got a valid language string if ($this->request->post('form_language')) { $languages = \FeatherBB\Core\Lister::getLangs(); $form['language'] = Utils::trim($this->request->post('form_language')); if (!in_array($form['language'], $languages)) { throw new Error(__('Bad request'), 404); } } if ($this->user->is_admmod) { $form['admin_note'] = Utils::trim($this->request->post('admin_note')); // Are we allowed to change usernames? if ($this->user->g_id == $this->feather->forum_env['FEATHER_ADMIN'] || $this->user->g_moderator == '1' && $this->user->g_mod_rename_users == '1') { $form['username'] = Utils::trim($this->request->post('req_username')); if ($form['username'] != $info['old_username']) { $errors = ''; $errors = $this->check_username($form['username'], $errors, $id); if (!empty($errors)) { throw new Error($errors[0]); } $username_updated = true; } } // We only allow administrators to update the post count if ($this->user->g_id == $this->feather->forum_env['FEATHER_ADMIN']) { $form['num_posts'] = intval($this->request->post('num_posts')); } } if ($this->config['o_regs_verify'] == '0' || $this->user->is_admmod) { // Validate the email address $form['email'] = strtolower(Utils::trim($this->request->post('req_email'))); if (!$this->email->is_valid_email($form['email'])) { throw new Error(__('Invalid email')); } } break; case 'personal': $form = array('realname' => $this->request->post('form_realname') ? Utils::trim($this->request->post('form_realname')) : '', 'url' => $this->request->post('form_url') ? Utils::trim($this->request->post('form_url')) : '', 'location' => $this->request->post('form_location') ? Utils::trim($this->request->post('form_location')) : ''); // Add http:// if the URL doesn't contain it already (while allowing https://, too) if ($this->user->g_post_links == '1') { if ($form['url'] != '') { $url = Url::is_valid($form['url']); if ($url === false) { throw new Error(__('Invalid website URL')); } $form['url'] = $url['url']; } } else { if (!empty($form['url'])) { throw new Error(__('Website not allowed')); } $form['url'] = ''; } if ($this->user->g_id == $this->feather->forum_env['FEATHER_ADMIN']) { $form['title'] = Utils::trim($this->request->post('title')); } elseif ($this->user->g_set_title == '1') { $form['title'] = Utils::trim($this->request->post('title')); if ($form['title'] != '') { // A list of words that the title may not contain // If the language is English, there will be some duplicates, but it's not the end of the world $forbidden = array('member', 'moderator', 'administrator', 'banned', 'guest', utf8_strtolower(__('Member')), utf8_strtolower(__('Moderator')), utf8_strtolower(__('Administrator')), utf8_strtolower(__('Banned')), utf8_strtolower(__('Guest'))); if (in_array(utf8_strtolower($form['title']), $forbidden)) { throw new Error(__('Forbidden title')); } } } break; case 'messaging': $form = array('jabber' => Utils::trim($this->request->post('form_jabber')), 'icq' => Utils::trim($this->request->post('form_icq')), 'msn' => Utils::trim($this->request->post('form_msn')), 'aim' => Utils::trim($this->request->post('form_aim')), 'yahoo' => Utils::trim($this->request->post('form_yahoo'))); // If the ICQ UIN contains anything other than digits it's invalid if (preg_match('%[^0-9]%', $form['icq'])) { throw new Error(__('Bad ICQ')); } break; case 'personality': $form = array(); // Clean up signature from POST if ($this->config['o_signatures'] == '1') { $form['signature'] = Utils::linebreaks(Utils::trim($this->request->post('signature'))); // Validate signature if (Utils::strlen($form['signature']) > $this->config['p_sig_length']) { throw new Error(sprintf(__('Sig too long'), $this->config['p_sig_length'], Utils::strlen($form['signature']) - $this->config['p_sig_length'])); } elseif (substr_count($form['signature'], "\n") > $this->config['p_sig_lines'] - 1) { throw new Error(sprintf(__('Sig too many lines'), $this->config['p_sig_lines'])); } elseif ($form['signature'] && $this->config['p_sig_all_caps'] == '0' && Utils::is_all_uppercase($form['signature']) && !$this->user->is_admmod) { $form['signature'] = utf8_ucwords(utf8_strtolower($form['signature'])); } // Validate BBCode syntax if ($this->config['p_sig_bbcode'] == '1') { $errors = array(); $form['signature'] = $this->feather->parser->preparse_bbcode($form['signature'], $errors, true); if (count($errors) > 0) { throw new Error('<ul><li>' . implode('</li><li>', $errors) . '</li></ul>'); } } } break; case 'display': $form = array('disp_topics' => Utils::trim($this->request->post('form_disp_topics')), 'disp_posts' => Utils::trim($this->request->post('form_disp_posts')), 'show_smilies' => $this->request->post('form_show_smilies') ? '1' : '0', 'show_img' => $this->request->post('form_show_img') ? '1' : '0', 'show_img_sig' => $this->request->post('form_show_img_sig') ? '1' : '0', 'show_avatars' => $this->request->post('form_show_avatars') ? '1' : '0', 'show_sig' => $this->request->post('form_show_sig') ? '1' : '0'); if ($form['disp_topics'] != '') { $form['disp_topics'] = intval($form['disp_topics']); if ($form['disp_topics'] < 3) { $form['disp_topics'] = 3; } elseif ($form['disp_topics'] > 75) { $form['disp_topics'] = 75; } } if ($form['disp_posts'] != '') { $form['disp_posts'] = intval($form['disp_posts']); if ($form['disp_posts'] < 3) { $form['disp_posts'] = 3; } elseif ($form['disp_posts'] > 75) { $form['disp_posts'] = 75; } } // Make sure we got a valid style string if ($this->request->post('form_style')) { $styles = \FeatherBB\Core\Lister::getStyles(); $form['style'] = Utils::trim($this->request->post('form_style')); if (!in_array($form['style'], $styles)) { throw new Error(__('Bad request'), 404); } } break; case 'privacy': $form = array('email_setting' => intval($this->request->post('form_email_setting')), 'notify_with_post' => $this->request->post('form_notify_with_post') ? '1' : '0', 'auto_notify' => $this->request->post('form_auto_notify') ? '1' : '0'); if ($form['email_setting'] < 0 || $form['email_setting'] > 2) { $form['email_setting'] = $this->config['o_default_email_setting']; } break; default: throw new Error(__('Bad request'), 404); } $form = $this->hook->fire('update_profile_form', $form, $section, $id, $info); // Single quotes around non-empty values and nothing for empty values $temp = array(); foreach ($form as $key => $input) { $temp[$key] = $input; } if (empty($temp)) { throw new Error(__('Bad request'), 404); } $update_user = DB::for_table('users')->where('id', $id)->find_one()->set($temp); $update_user = $this->hook->fireDB('update_profile_query', $update_user); $update_user = $update_user->save(); // If we changed the username we have to update some stuff if ($username_updated) { $bans_updated = DB::for_table('bans')->where('username', $info['old_username']); $bans_updated = $this->hook->fireDB('update_profile_bans_updated', $bans_updated); $bans_updated = $bans_updated->update_many('username', $form['username']); $update_poster_id = DB::for_table('posts')->where('poster_id', $id); $update_poster_id = $this->hook->fireDB('update_profile_poster_id', $update_poster_id); $update_poster_id = $update_poster_id->update_many('poster', $form['username']); $update_posts = DB::for_table('posts')->where('edited_by', $info['old_username']); $update_posts = $this->hook->fireDB('update_profile_posts', $update_posts); $update_posts = $update_posts->update_many('edited_by', $form['username']); $update_topics_poster = DB::for_table('topics')->where('poster', $info['old_username']); $update_topics_poster = $this->hook->fireDB('update_profile_topics_poster', $update_topics_poster); $update_topics_poster = $update_topics_poster->update_many('poster', $form['username']); $update_topics_last_poster = DB::for_table('topics')->where('last_poster', $info['old_username']); $update_topics_last_poster = $this->hook->fireDB('update_profile_topics_last_poster', $update_topics_last_poster); $update_topics_last_poster = $update_topics_last_poster->update_many('last_poster', $form['username']); $update_forums = DB::for_table('forums')->where('last_poster', $info['old_username']); $update_forums = $this->hook->fireDB('update_profile_forums', $update_forums); $update_forums = $update_forums->update_many('last_poster', $form['username']); $update_online = DB::for_table('online')->where('ident', $info['old_username']); $update_online = $this->hook->fireDB('update_profile_online', $update_online); $update_online = $update_online->update_many('ident', $form['username']); // If the user is a moderator or an administrator we have to update the moderator lists $group_id = DB::for_table('users')->where('id', $id); // TODO: restore hook // $group_id = $this->hook->fireDB('update_profile_group_id', $update_online); $group_id = $group_id->find_one_col('group_id'); $group_mod = DB::for_table('groups')->where('g_id', $group_id); $group_mod = $this->hook->fireDB('update_profile_group_mod', $group_mod); $group_mod = $group_mod->find_one_col('g_moderator'); if ($group_id == $this->feather->forum_env['FEATHER_ADMIN'] || $group_mod == '1') { // Loop through all forums $result = $this->loop_mod_forums(); foreach ($result as $cur_forum) { $cur_moderators = $cur_forum['moderators'] != '' ? unserialize($cur_forum['moderators']) : array(); if (in_array($id, $cur_moderators)) { unset($cur_moderators[$info['old_username']]); $cur_moderators[$form['username']] = $id; uksort($cur_moderators, 'utf8_strcasecmp'); $update_mods = DB::for_table('forums')->where('id', $cur_forum['id'])->find_one()->set('moderators', serialize($cur_moderators)); $update_mods = $this->hook->fireDB('update_profile_mods', $update_mods); $update_mods = $update_mods->save(); } } } // Regenerate the users info cache if (!$this->feather->cache->isCached('users_info')) { $this->feather->cache->store('users_info', Cache::get_users_info()); } $stats = $this->feather->cache->retrieve('users_info'); // Check if the bans table was updated and regenerate the bans cache when needed if ($bans_updated) { $this->feather->cache->store('bans', Cache::get_bans()); } } $section = $this->hook->fireDB('update_profile', $section, $id); Url::redirect($this->feather->urlFor('profileSection', array('id' => $id, 'section' => $section)), __('Profile redirect')); }
public function prune_comply($prune_from, $prune_sticky) { $prune_days = intval($this->request->post('prune_days')); $prune_days = $this->hook->fire('maintenance.prune_comply.prune_days', $prune_days); $prune_date = $prune_days ? time() - $prune_days * 86400 : -1; @set_time_limit(0); if ($prune_from == 'all') { $result = DB::for_table('forums')->select('id'); $result = $this->hook->fireDB('maintenance.prune_comply.query', $result); $result = $result->find_array(); if (!empty($result)) { foreach ($result as $row) { $this->prune($row['id'], $prune_sticky, $prune_date); \FeatherBB\Model\Forum::update($row['id']); } } } else { $prune_from = intval($prune_from); $this->prune($prune_from, $prune_sticky, $prune_date); \FeatherBB\Model\Forum::update($prune_from); } // Locate any "orphaned redirect topics" and delete them $result = DB::for_table('topics')->table_alias('t1')->select('t1.id')->left_outer_join('topics', array('t1.moved_to', '=', 't2.id'), 't2')->where_null('t2.id')->where_not_null('t1.moved_to'); $result = $this->hook->fireDB('maintenance.prune_comply.orphans_query', $result); $result = $result->find_array(); $orphans = array(); if (!empty($result)) { foreach ($result as $row) { $orphans[] = $row['id']; } $orphans = $this->hook->fire('maintenance.prune_comply.orphans', $orphans); DB::for_table('topics')->where_in('id', $orphans)->delete_many(); } Url::redirect($this->feather->urlFor('adminMaintenance'), __('Posts pruned redirect')); }
public function dealposts($fid) { // Make sure that only admmods allowed access this page $moderators = $this->model->get_moderators($fid); $mods_array = $moderators != '' ? unserialize($moderators) : array(); if ($this->user->g_id != $this->feather->forum_env['FEATHER_ADMIN'] && ($this->user->g_moderator == '0' || !array_key_exists($this->user->username, $mods_array))) { throw new Error(__('No permission'), 403); } // Move one or more topics if ($this->request->post('move_topics') || $this->request->post('move_topics_to')) { if ($this->request->post('move_topics_to')) { $this->model->move_topics_to($fid); } $topics = $this->request->post('topics') ? $this->request->post('topics') : array(); if (empty($topics)) { throw new Error(__('No topics selected'), 400); } // Check if there are enough forums to move the topic $this->model->check_move_possible(); $this->feather->template->setPageInfo(array('action' => 'multi', 'title' => array(Utils::escape($this->config['o_board_title']), __('Moderate')), 'active_page' => 'moderate', 'id' => $fid, 'topics' => implode(',', array_map('intval', array_keys($topics))), 'list_forums' => $this->model->get_forum_list_move($fid)))->addTemplate('moderate/move_topics.php')->display(); } elseif ($this->request->post('merge_topics') || $this->request->post('merge_topics_comply')) { if ($this->request->post('merge_topics_comply')) { $this->model->merge_topics($fid); } $topics = $this->request->post('topics') ? $this->request->post('topics') : array(); if (count($topics) < 2) { throw new Error(__('Not enough topics selected'), 400); } $this->feather->template->setPageInfo(array('title' => array(Utils::escape($this->config['o_board_title']), __('Moderate')), 'active_page' => 'moderate', 'id' => $fid, 'topics' => $topics))->addTemplate('moderate/merge_topics.php')->display(); } elseif ($this->request->post('delete_topics') || $this->request->post('delete_topics_comply')) { $topics = $this->request->post('topics') ? $this->request->post('topics') : array(); if (empty($topics)) { throw new Error(__('No topics selected'), 400); } if ($this->request->post('delete_topics_comply')) { $this->model->delete_topics($topics, $fid); } $this->feather->template->setPageInfo(array('title' => array(Utils::escape($this->config['o_board_title']), __('Moderate')), 'active_page' => 'moderate', 'id' => $fid, 'topics' => $topics))->addTemplate('moderate/delete_topics.php')->display(); } elseif ($this->request->post('open') || $this->request->post('close')) { $action = $this->request->post('open') ? 0 : 1; // There could be an array of topic IDs in $_POST if ($this->request->post('open') || $this->request->post('close')) { $topics = $this->request->post('topics') ? @array_map('intval', @array_keys($this->request->post('topics'))) : array(); if (empty($topics)) { throw new Error(__('No topics selected'), 400); } $this->model->close_multiple_topics($action, $topics, $fid); $redirect_msg = $action ? __('Close topics redirect') : __('Open topics redirect'); Url::redirect($this->feather->urlFor('moderateForum', array('id' => $fid)), $redirect_msg); } } }
public function create_db(array $data) { Core::init_db($data); // Load appropriate language load_textdomain('featherbb', $this->feather->forum_env['FEATHER_ROOT'] . 'featherbb/lang/' . $data['default_lang'] . '/install.mo'); // Handle db prefix $data['db_prefix'] = !empty($data['db_prefix']) ? $data['db_prefix'] : ''; // Create tables foreach ($this->model->get_database_scheme() as $table => $sql) { if (!$this->model->create_table($data['db_prefix'] . $table, $sql)) { // Error handling $this->errors[] = 'A problem was encountered while creating table ' . $table; } } // Populate group table with default values foreach ($this->model->load_default_groups() as $group_name => $group_data) { $this->model->add_data('groups', $group_data); } // Populate user table with default values $this->model->add_data('users', $this->model->load_default_user()); $this->model->add_data('users', $this->model->load_admin_user($data)); // Populate categories, forums, topics, posts $this->model->add_mock_forum($this->model->load_mock_forum_data($data)); // Store config in DB $this->model->save_config($this->load_default_config($data)); // Handle .htaccess if (function_exists('apache_get_modules') && in_array('mod_rewrite', apache_get_modules())) { $this->write_htaccess(); } // Install success flash message $flash = new \Slim\Middleware\Flash(); $flash->set('success', __('Message')); $flash->save(); // Redirect to homepage Url::redirect($this->feather->urlFor('home')); }
public function delete_topics($topics, $fid) { $this->hook->fire('delete_topics'); if (@preg_match('%[^0-9,]%', $topics)) { throw new Error(__('Bad request'), 400); } $topics_sql = explode(',', $topics); // Verify that the topic IDs are valid $result = DB::for_table('topics')->where_in('id', $topics_sql)->where('forum_id', $fid); $result = $this->hook->fireDB('delete_topics_verify_id', $result); $result = $result->find_many(); if (count($result) != substr_count($topics, ',') + 1) { throw new Error(__('Bad request'), 400); } // Verify that the posts are not by admins if ($this->user->g_id != $this->feather->forum_env['FEATHER_ADMIN']) { $authorized = DB::for_table('posts')->where_in('topic_id', $topics_sql)->where('poster_id', Utils::get_admin_ids()); $authorized = $this->hook->fireDB('delete_topics_authorized', $authorized); $authorized = $authorized->find_many(); if ($authorized) { throw new Error(__('No permission'), 403); } } // Delete the topics $delete_topics = DB::for_table('topics')->where_in('id', $topics_sql); $delete_topics = $this->hook->fireDB('delete_topics_query', $delete_topics); $delete_topics = $delete_topics->delete_many(); // Delete any redirect topics $delete_redirect_topics = DB::for_table('topics')->where_in('moved_to', $topics_sql); $delete_redirect_topics = $this->hook->fireDB('delete_topics_redirect', $delete_redirect_topics); $delete_redirect_topics = $delete_redirect_topics->delete_many(); // Delete any subscriptions $delete_subscriptions = DB::for_table('topic_subscriptions')->where_in('topic_id', $topics_sql); $delete_subscriptions = $this->hook->fireDB('delete_topics_subscriptions', $delete_subscriptions); $delete_subscriptions = $delete_subscriptions->delete_many(); // Create a list of the post IDs in this topic and then strip the search index $find_ids = DB::for_table('posts')->select('id')->where_in('topic_id', $topics_sql); $find_ids = $this->hook->fireDB('delete_topics_find_ids', $find_ids); $find_ids = $find_ids->find_many(); $ids_post = array(); foreach ($find_ids as $id) { $ids_post[] = $id['id']; } $post_ids = implode(', ', $ids_post); // We have to check that we actually have a list of post IDs since we could be deleting just a redirect topic if ($post_ids != '') { $this->search->strip_search_index($post_ids); } // Delete posts $delete_posts = DB::for_table('posts')->where_in('topic_id', $topics_sql); $delete_posts = $this->hook->fireDB('delete_topics_delete_posts', $delete_posts); $delete_posts = $delete_posts->delete_many(); Forum::update($fid); $this->hook->fire('delete_topics'); Url::redirect($this->feather->urlFor('Forum', array('id' => $fid)), __('Delete topics redirect')); }
public function ban_users() { if ($this->request->post('users')) { $user_ids = is_array($this->request->post('users')) ? array_keys($this->request->post('users')) : explode(',', $this->request->post('users')); $user_ids = array_map('intval', $user_ids); // Delete invalid IDs $user_ids = array_diff($user_ids, array(0, 1)); } else { $user_ids = array(); } $user_ids = $this->hook->fire('model.users.ban_users.user_ids', $user_ids); if (empty($user_ids)) { throw new Error(__('No users selected'), 404); } // Are we trying to ban any admins? $is_admin = DB::for_table('users')->where_in('id', $user_ids)->where('group_id', $this->feather->forum_env['FEATHER_ADMIN'])->find_one(); if ($is_admin) { throw new Error(__('No ban admins message'), 403); } // Also, we cannot ban moderators $is_mod = DB::for_table('users')->table_alias('u')->inner_join('groups', array('u.group_id', '=', 'g.g_id'), 'g')->where('g.g_moderator', 1)->where_in('u.id', $user_ids)->find_one(); if ($is_mod) { throw new Error(__('No ban mods message'), 403); } if ($this->request->post('ban_users_comply')) { $ban_message = Utils::trim($this->request->post('ban_message')); $ban_expire = Utils::trim($this->request->post('ban_expire')); $ban_the_ip = $this->request->post('ban_the_ip') ? intval($this->request->post('ban_the_ip')) : 0; $this->hook->fire('model.users.ban_users.comply', $ban_message, $ban_expire, $ban_the_ip); if ($ban_expire != '' && $ban_expire != 'Never') { $ban_expire = strtotime($ban_expire . ' GMT'); if ($ban_expire == -1 || !$ban_expire) { throw new Error(__('Invalid date message') . ' ' . __('Invalid date reasons'), 400); } $diff = ($this->user->timezone + $this->user->dst) * 3600; $ban_expire -= $diff; if ($ban_expire <= time()) { throw new Error(__('Invalid date message') . ' ' . __('Invalid date reasons'), 400); } } else { $ban_expire = 'NULL'; } $ban_message = $ban_message != '' ? $ban_message : 'NULL'; // Fetch user information $user_info = array(); $select_fetch_user_information = array('id', 'username', 'email', 'registration_ip'); $result = DB::for_table('users')->select_many($select_fetch_user_information)->where_in('id', $user_ids); $result = $this->hook->fireDB('model.users.ban_users.user_info_query', $result); $result = $result->find_many(); foreach ($result as $cur_user) { $user_info[$cur_user['id']] = array('username' => $cur_user['username'], 'email' => $cur_user['email'], 'ip' => $cur_user['registration_ip']); } // Overwrite the registration IP with one from the last post (if it exists) if ($ban_the_ip != 0) { $result = DB::for_table('posts')->raw_query('SELECT p.poster_id, p.poster_ip FROM ' . $this->feather->forum_settings['db_prefix'] . 'posts AS p INNER JOIN (SELECT MAX(id) AS id FROM ' . $this->feather->forum_settings['db_prefix'] . 'posts WHERE poster_id IN (' . implode(',', $user_ids) . ') GROUP BY poster_id) AS i ON p.id=i.id')->find_many(); foreach ($result as $cur_address) { $user_info[$cur_address['poster_id']]['ip'] = $cur_address['poster_ip']; } } $user_info = $this->hook->fire('model.users.ban_users.user_info', $user_info); // And insert the bans! foreach ($user_ids as $user_id) { $ban_username = $user_info[$user_id]['username']; $ban_email = $user_info[$user_id]['email']; $ban_ip = $ban_the_ip != 0 ? $user_info[$user_id]['ip'] : 'NULL'; $insert_update_ban = array('username' => $ban_username, 'ip' => $ban_ip, 'email' => $ban_email, 'message' => $ban_message, 'expire' => $ban_expire, 'ban_creator' => $this->user->id); $insert_update_ban = $this->hook->fire('model.users.ban_users.ban_data', $insert_update_ban); if ($this->request->post('mode') == 'add') { $insert_update_ban['ban_creator'] = $this->user->id; DB::for_table('bans')->create()->set($insert_update_ban)->save(); } // Regenerate the bans cache $this->feather->cache->store('bans', Cache::get_bans()); Url::redirect($this->feather->urlFor('adminUsers'), __('Users banned redirect')); } } return $user_ids; }
public function folders() { $errors = array(); if ($this->request->post('add_folder')) { $folder = $this->request->post('req_folder') ? Utils::trim(Utils::escape($this->request->post('req_folder'))) : ''; if ($folder == '') { $errors[] = __('No folder name', 'private_messages'); } else { if (Utils::strlen($folder) < 4) { $errors[] = __('Folder too short', 'private_messages'); } else { if (Utils::strlen($folder) > 30) { $errors[] = __('Folder too long', 'private_messages'); } else { if ($this->feather->forum_settings['o_censoring'] == '1' && Utils::censor($folder) == '') { $errors[] = __('No folder after censoring', 'private_messages'); } } } } // TODO: Check perms when ready // $data = array( // ':uid' => $panther_user['id'], // ); // // if ($panther_user['g_pm_folder_limit'] != 0) // { // $ps = $db->select('folders', 'COUNT(id)', $data, 'user_id=:uid'); // $num_folders = $ps->fetchColumn(); // // if ($num_folders >= $panther_user['g_pm_folder_limit']) // $errors[] = sprintf($lang_pm['Folder limit'], $panther_user['g_pm_folder_limit']); // } if (empty($errors)) { $insert = array('user_id' => $this->feather->user->id, 'name' => $folder); $this->model->addFolder($insert); Url::redirect($this->feather->urlFor('Conversations.folders'), __('Folder added', 'private_messages')); } } else { if ($this->request->post('update_folder')) { $id = intval(key($this->request->post('update_folder'))); var_dump($id); $errors = array(); $folder = Utils::trim($this->request->post('folder')[$id]); if ($folder == '') { $errors[] = __('No folder name', 'private_messages'); } else { if (Utils::strlen($folder) < 4) { $errors[] = __('Folder too short', 'private_messages'); } else { if (Utils::strlen($folder) > 30) { $errors[] = __('Folder too long', 'private_messages'); } else { if ($this->feather->forum_settings['o_censoring'] == '1' && Utils::censor($folder) == '') { $errors[] = __('No folder after censoring', 'private_messages'); } } } } if (empty($errors)) { $update = array('name' => $folder); if ($this->model->updateFolder($this->feather->user->id, $id, $update)) { Url::redirect($this->feather->urlFor('Conversations.folders'), __('Folder updated', 'private_messages')); } else { throw new Error(__('Error'), 403); } } } else { if ($this->request->post('remove_folder')) { $id = intval(key($this->request->post('remove_folder'))); // Before we do anything, check we blocked this user if (!$this->model->checkFolderOwner($id, intval($this->feather->user->id))) { throw new Error(__('No permission'), 403); } if ($this->model->removeFolder($this->feather->user->id, $id)) { Url::redirect($this->feather->urlFor('Conversations.folders'), __('Folder removed', 'private_messages')); } else { throw new Error(__('Error'), 403); } } } } Utils::generateBreadcrumbs(array($this->feather->urlFor('Conversations.home') => __('PMS', 'private_messages'), __('Options'), __('My Folders', 'private_messages'))); $this->generateMenu('folders'); $this->feather->template->setPageInfo(array('title' => array(Utils::escape($this->feather->config['o_board_title']), __('PMS', 'private_messages'), __('Blocked Users', 'private_messages')), 'admin_console' => true, 'errors' => $errors))->addTemplate('folders.php')->display(); }
public function edit_positions() { foreach ($this->request->post('position') as $forum_id => $position) { $position = (int) Utils::trim($position); $this->model->update_positions($forum_id, $position); } // Regenerate the quick jump cache $this->feather->cache->store('quickjump', Cache::get_quickjump()); Url::redirect($this->feather->urlFor('adminForums'), __('Forums updated redirect')); }