public function __construct() { global $aidlink, $locale; // sanitize all $_GET $_GET['forum_id'] = isset($_GET['forum_id']) && isnum($_GET['forum_id']) ? $_GET['forum_id'] : 0; $_GET['forum_cat'] = isset($_GET['forum_cat']) && isnum($_GET['forum_cat']) ? $_GET['forum_cat'] : 0; $_GET['forum_branch'] = isset($_GET['forum_branch']) && isnum($_GET['forum_branch']) ? $_GET['forum_branch'] : 0; $_GET['parent_id'] = isset($_GET['parent_id']) && isnum($_GET['parent_id']) ? $_GET['parent_id'] : 0; $_GET['action'] = isset($_GET['action']) && $_GET['action'] ? $_GET['action'] : ''; $_GET['status'] = isset($_GET['status']) && $_GET['status'] ? $_GET['status'] : ''; $this->ext = isset($_GET['parent_id']) && isnum($_GET['parent_id']) ? "&parent_id=" . $_GET['parent_id'] : ''; $this->ext .= isset($_GET['branch']) && isnum($_GET['branch']) ? "&branch=" . $_GET['branch'] : ''; // indexing hierarchy data $this->forum_index = self::get_forum_index(); if (!empty($this->forum_index)) { $this->level = self::make_forum_breadcrumbs(); } /** * List of actions available in this admin */ self::forum_jump(); self::remove_forum_image(); // Delete forum /** * $action_data * 'forum_id' - current forum id * 'forum_branch' - the branch id * 'threads_to_forum' - target destination where all threads should move to * 'delete_threads' - if delete threads are checked * 'subforum_to_forum' - target destination where all subforums should move to * 'delete_forum' - if delete all subforums are checked */ /* if (isset($_POST['forum_remove'])) { $action_data = array( 'forum_id' => isset($_POST['forum_id']) ? form_sanitizer($_POST['forum_id'], 0, 'forum_id') : 0, 'forum_branch' => isset($_POST['forum_branch']) ? form_sanitizer($_POST['forum_branch'], 0, 'forum_branch') : 0, 'threads_to_forum' => isset($_POST['move_threads']) ? form_sanitizer($_POST['move_threads'], 0, 'move_threads') : '', 'delete_threads' => isset($_POST['delete_threads']) ? 1 : 0, 'subforums_to_forum' => isset($_POST['move_forums']) ? form_sanitizer($_POST['move_forums'], 0, 'move_forums') : '', 'delete_forums' => isset($_POST['delete_forums']) ? 1 : 0, ); if (self::verify_forum($action_data['forum_id'])) { // Threads and Posts action if (!$action_data['delete_threads'] && $action_data['threads_to_forum']) { //dbquery("UPDATE ".DB_FORUM_THREADS." SET forum_id='".$action_data['threads_to_forum']."' WHERE forum_id='".$action_data['forum_id']."'"); dbquery("UPDATE ".DB_FORUM_POSTS." SET forum_id='".$action_data['threads_to_forum']."' WHERE forum_id='".$action_data['forum_id']."'"); } // wipe current forum and all threads elseif ($action_data['delete_threads']) { // remove all threads and all posts in this forum. self::prune_attachment($action_data['forum_id']); // wipe self::prune_posts($action_data['forum_id']); // wipe self::prune_threads($action_data['forum_id']); // wipe self::recalculate_post($action_data['forum_id']); // wipe } else { $defender->stop(); addNotice('danger', $locale['forum_notice_na']); } // Subforum action if (!$action_data['delete_forums'] && $action_data['subforums_to_forum']) { dbquery("UPDATE ".DB_FORUMS." SET forum_cat='".$action_data['subforums_to_forum']."', forum_branch='".get_hkey(DB_FORUMS, 'forum_id', 'forum_cat', $action_data['subforums_to_forum'])."' ".(multilang_table("FO") ? "WHERE forum_language='".LANGUAGE."' AND" : "WHERE")." forum_cat='".$action_data['forum_id']."'"); } elseif (!$action_data['delete_forums']) { $defender->stop(); addNotice('danger', $locale['forum_notice_na']); } } else { $defender->stop(); addNotice('error', $locale['forum_notice_na']); } self::prune_forums($action_data['forum_id']); addNotice('info', $locale['forum_notice_5']); redirect(FUSION_SELF.$aidlink); } */ // Save_permission if (isset($_POST['save_permission'])) { $this->data['forum_id'] = form_sanitizer($_POST['forum_id'], '', 'forum_id'); $this->data = self::get_forum($this->data['forum_id']); if (!empty($this->data)) { $this->data['forum_access'] = form_sanitizer($_POST['forum_access'], USER_LEVEL_PUBLIC, 'forum_access'); $this->data['forum_post'] = form_sanitizer($_POST['forum_post'], USER_LEVEL_MEMBER, 'forum_post'); $this->data['forum_reply'] = form_sanitizer($_POST['forum_reply'], USER_LEVEL_MEMBER, 'forum_reply'); $this->data['forum_post_ratings'] = form_sanitizer($_POST['forum_post_ratings'], USER_LEVEL_MEMBER, 'forum_post_ratings'); $this->data['forum_poll'] = form_sanitizer($_POST['forum_poll'], USER_LEVEL_MEMBER, 'forum_poll'); $this->data['forum_vote'] = form_sanitizer($_POST['forum_vote'], USER_LEVEL_MEMBER, 'forum_vote'); $this->data['forum_answer_threshold'] = form_sanitizer($_POST['forum_answer_threshold'], 0, 'forum_answer_threshold'); $this->data['forum_attach'] = form_sanitizer($_POST['forum_attach'], USER_LEVEL_MEMBER, 'forum_attach'); $this->data['forum_attach_download'] = form_sanitizer($_POST['forum_attach_download'], USER_LEVEL_PUBLIC, 'forum_attach_download'); $this->data['forum_mods'] = isset($_POST['forum_mods']) ? form_sanitizer($_POST['forum_mods'], '', 'forum_mods') : ""; dbquery_insert(DB_FORUMS, $this->data, 'update'); addnotice('success', $locale['forum_notice_10']); if (\defender::safe()) { redirect(FUSION_SELF . $aidlink . $this->ext); } } } self::set_forumDB(); /** * Ordering actions */ switch ($_GET['action']) { case 'mu': self::move_up(); break; case 'md': self::move_down(); break; case 'delete': self::validate_forum_removal(); break; case 'prune': require_once "forums_prune.php"; break; case 'edit': $this->data = self::get_forum($_GET['forum_id']); break; case 'p_edit': $this->data = self::get_forum($_GET['forum_id']); break; } }
/** * MYSQL update and save forum */ private function set_forumDB() { global $aidlink; // Save_permission if (isset($_POST['save_permission'])) { $this->data['forum_id'] = form_sanitizer($_POST['forum_id'], '', 'forum_id'); $this->data = self::get_forum($this->data['forum_id']); if (!empty($this->data)) { $this->data['forum_access'] = form_sanitizer($_POST['forum_access'], USER_LEVEL_PUBLIC, 'forum_access'); $this->data['forum_post'] = form_sanitizer($_POST['forum_post'], USER_LEVEL_MEMBER, 'forum_post'); $this->data['forum_reply'] = form_sanitizer($_POST['forum_reply'], USER_LEVEL_MEMBER, 'forum_reply'); $this->data['forum_post_ratings'] = form_sanitizer($_POST['forum_post_ratings'], USER_LEVEL_MEMBER, 'forum_post_ratings'); $this->data['forum_poll'] = form_sanitizer($_POST['forum_poll'], USER_LEVEL_MEMBER, 'forum_poll'); $this->data['forum_vote'] = form_sanitizer($_POST['forum_vote'], USER_LEVEL_MEMBER, 'forum_vote'); $this->data['forum_answer_threshold'] = form_sanitizer($_POST['forum_answer_threshold'], 0, 'forum_answer_threshold'); $this->data['forum_attach'] = form_sanitizer($_POST['forum_attach'], USER_LEVEL_MEMBER, 'forum_attach'); $this->data['forum_attach_download'] = form_sanitizer($_POST['forum_attach_download'], USER_LEVEL_PUBLIC, 'forum_attach_download'); $this->data['forum_mods'] = isset($_POST['forum_mods']) ? form_sanitizer($_POST['forum_mods'], '', 'forum_mods') : ""; dbquery_insert(DB_FORUMS, $this->data, 'update'); addnotice('success', self::$locale['forum_notice_10']); if (\defender::safe()) { redirect(FUSION_SELF . $aidlink . $this->ext); } } } if (isset($_POST['save_forum'])) { $this->data = array('forum_id' => form_sanitizer($_POST['forum_id'], 0, 'forum_id'), 'forum_name' => form_sanitizer($_POST['forum_name'], '', 'forum_name'), 'forum_description' => form_sanitizer($_POST['forum_description'], '', 'forum_description'), 'forum_cat' => form_sanitizer($_POST['forum_cat'], 0, 'forum_cat'), 'forum_type' => form_sanitizer($_POST['forum_type'], '', 'forum_type'), 'forum_language' => form_sanitizer($_POST['forum_language'], '', 'forum_language'), 'forum_alias' => form_sanitizer($_POST['forum_alias'], '', 'forum_alias'), 'forum_meta' => form_sanitizer($_POST['forum_meta'], '', 'forum_meta'), 'forum_rules' => form_sanitizer($_POST['forum_rules'], '', 'forum_rules'), 'forum_image_enable' => isset($_POST['forum_image_enable']) ? 1 : 0, 'forum_merge' => isset($_POST['forum_merge']) ? 1 : 0, 'forum_allow_attach' => isset($_POST['forum_allow_attach']) ? 1 : 0, 'forum_quick_edit' => isset($_POST['forum_quick_edit']) ? 1 : 0, 'forum_allow_poll' => isset($_POST['forum_allow_poll']) ? 1 : 0, 'forum_poll' => USER_LEVEL_MEMBER, 'forum_users' => isset($_POST['forum_users']) ? 1 : 0, 'forum_lock' => isset($_POST['forum_lock']) ? 1 : 0, 'forum_permissions' => isset($_POST['forum_permissions']) ? form_sanitizer($_POST['forum_permissions'], 0, 'forum_permissions') : 0, 'forum_order' => isset($_POST['forum_order']) ? form_sanitizer($_POST['forum_order']) : '', 'forum_branch' => get_hkey(DB_FORUMS, 'forum_id', 'forum_cat', $this->data['forum_cat']), 'forum_image' => '', 'forum_mods' => ""); $this->data['forum_alias'] = $this->data['forum_alias'] ? str_replace(' ', '-', $this->data['forum_alias']) : ''; // Checks for unique forum alias if ($this->data['forum_alias']) { if ($this->data['forum_id']) { $alias_check = dbcount("('alias_id')", DB_PERMALINK_ALIAS, "alias_url='" . $this->data['forum_alias'] . "' AND alias_item_id !='" . $this->data['forum_id'] . "'"); } else { $alias_check = dbcount("('alias_id')", DB_PERMALINK_ALIAS, "alias_url='" . $this->data['forum_alias'] . "'"); } if ($alias_check) { \defender::stop(); addNotice('warning', self::$locale['forum_error_6']); } } // check forum name unique $this->data['forum_name'] = $this->check_validForumName($this->data['forum_name'], $this->data['forum_id']); // Uploads or copy forum image or use back the forum image existing if (!empty($_FILES) && is_uploaded_file($_FILES['forum_image']['tmp_name'])) { $upload = form_sanitizer($_FILES['forum_image'], '', 'forum_image'); if ($upload['error'] == 0) { if (!empty($upload['thumb1_name'])) { $this->data['forum_image'] = $upload['thumb1_name']; } else { $this->data['forum_image'] = $upload['image_name']; } } } elseif (isset($_POST['forum_image_url']) && $_POST['forum_image_url'] != "") { require_once INCLUDES . "photo_functions_include.php"; // if forum_image_header is not empty $type_opts = array('0' => BASEDIR, '1' => ''); // the url $this->data['forum_image'] = $type_opts[intval($_POST['forum_image_header'])] . form_sanitizer($_POST['forum_image_url'], '', 'forum_image_url'); $upload = copy_file($this->data['forum_image'], FORUM . "images/"); if ($upload['error'] == TRUE) { \defender::stop(); addNotice('danger', self::$locale['forum_error_9']); } else { $this->data['forum_image'] = $upload['name']; } } else { $this->data['forum_image'] = isset($_POST['forum_image']) ? form_sanitizer($_POST['forum_image'], '', 'forum_image') : ""; } if (!$this->data['forum_id']) { $this->data += array('forum_access' => USER_LEVEL_PUBLIC, 'forum_post' => USER_LEVEL_MEMBER, 'forum_reply' => USER_LEVEL_MEMBER, 'forum_post_ratings' => USER_LEVEL_MEMBER, 'forum_poll' => USER_LEVEL_MEMBER, 'forum_vote' => USER_LEVEL_MEMBER, 'forum_mods' => ""); } // Set last order if (!$this->data['forum_order']) { $this->data['forum_order'] = dbresult(dbquery("SELECT MAX(forum_order) FROM " . DB_FORUMS . " " . (multilang_table("FO") ? "WHERE forum_language='" . LANGUAGE . "' AND" : "WHERE") . " forum_cat='" . $this->data['forum_cat'] . "'"), 0) + 1; } if (\defender::safe()) { if ($this->verify_forum($this->data['forum_id'])) { $result = dbquery_order(DB_FORUMS, $this->data['forum_order'], 'forum_order', $this->data['forum_id'], 'forum_id', $this->data['forum_cat'], 'forum_cat', 1, 'forum_language', 'update'); if ($result) { dbquery_insert(DB_FORUMS, $this->data, 'update'); } addNotice('success', self::$locale['forum_notice_9']); redirect(FUSION_SELF . $aidlink . $this->ext); } else { $new_forum_id = 0; $result = dbquery_order(DB_FORUMS, $this->data['forum_order'], 'forum_order', FALSE, FALSE, $this->data['forum_cat'], 'forum_cat', 1, 'forum_language', 'save'); if ($result) { dbquery_insert(DB_FORUMS, $this->data, 'save'); $new_forum_id = dblastid(); } if ($this->data['forum_cat'] == 0) { redirect(FUSION_SELF . $aidlink . "&action=p_edit&forum_id=" . $new_forum_id . "&parent_id=0"); } else { switch ($this->data['forum_type']) { case '1': addNotice('success', self::$locale['forum_notice_1']); break; case '2': addNotice('success', self::$locale['forum_notice_2']); break; case '3': addNotice('success', self::$locale['forum_notice_3']); break; case '4': addNotice('success', self::$locale['forum_notice_4']); break; } redirect(FUSION_SELF . $aidlink . $this->ext); } } } } }
public function __construct() { global $aidlink; $locale = fusion_get_locale(); // sanitize all $_GET $_GET['forum_id'] = isset($_GET['forum_id']) && isnum($_GET['forum_id']) ? $_GET['forum_id'] : 0; $_GET['forum_cat'] = isset($_GET['forum_cat']) && isnum($_GET['forum_cat']) ? $_GET['forum_cat'] : 0; $_GET['forum_branch'] = isset($_GET['forum_branch']) && isnum($_GET['forum_branch']) ? $_GET['forum_branch'] : 0; $_GET['parent_id'] = isset($_GET['parent_id']) && isnum($_GET['parent_id']) ? $_GET['parent_id'] : 0; $_GET['action'] = isset($_GET['action']) && $_GET['action'] ? $_GET['action'] : ''; $_GET['status'] = isset($_GET['status']) && $_GET['status'] ? $_GET['status'] : ''; $this->ext = isset($_GET['parent_id']) && isnum($_GET['parent_id']) ? "&parent_id=" . $_GET['parent_id'] : ''; $this->ext .= isset($_GET['branch']) && isnum($_GET['branch']) ? "&branch=" . $_GET['branch'] : ''; // indexing hierarchy data $this->forum_index = self::get_forum_index(); if (!empty($this->forum_index)) { $this->level = self::make_forum_breadcrumbs(); } /** * List of actions available in this admin */ self::forum_jump(); // Save_permission if (isset($_POST['save_permission'])) { $this->data['forum_id'] = form_sanitizer($_POST['forum_id'], '', 'forum_id'); $this->data = self::get_forum($this->data['forum_id']); if (!empty($this->data)) { $this->data['forum_access'] = form_sanitizer($_POST['forum_access'], USER_LEVEL_PUBLIC, 'forum_access'); $this->data['forum_post'] = form_sanitizer($_POST['forum_post'], USER_LEVEL_MEMBER, 'forum_post'); $this->data['forum_reply'] = form_sanitizer($_POST['forum_reply'], USER_LEVEL_MEMBER, 'forum_reply'); $this->data['forum_post_ratings'] = form_sanitizer($_POST['forum_post_ratings'], USER_LEVEL_MEMBER, 'forum_post_ratings'); $this->data['forum_poll'] = form_sanitizer($_POST['forum_poll'], USER_LEVEL_MEMBER, 'forum_poll'); $this->data['forum_vote'] = form_sanitizer($_POST['forum_vote'], USER_LEVEL_MEMBER, 'forum_vote'); $this->data['forum_answer_threshold'] = form_sanitizer($_POST['forum_answer_threshold'], 0, 'forum_answer_threshold'); $this->data['forum_attach'] = form_sanitizer($_POST['forum_attach'], USER_LEVEL_MEMBER, 'forum_attach'); $this->data['forum_attach_download'] = form_sanitizer($_POST['forum_attach_download'], USER_LEVEL_PUBLIC, 'forum_attach_download'); $this->data['forum_mods'] = isset($_POST['forum_mods']) ? form_sanitizer($_POST['forum_mods'], '', 'forum_mods') : ""; dbquery_insert(DB_FORUMS, $this->data, 'update'); addnotice('success', $locale['forum_notice_10']); if (\defender::safe()) { redirect(FUSION_SELF . $aidlink . $this->ext); } } } self::set_forumDB(); /** * Ordering actions */ switch ($_GET['action']) { case 'mu': self::move_up(); break; case 'md': self::move_down(); break; case 'delete': self::validate_forum_removal(); break; case 'prune': require_once "forums_prune.php"; break; case 'edit': $this->data = self::get_forum($_GET['forum_id']); break; case 'p_edit': $this->data = self::get_forum($_GET['forum_id']); break; } }