/**
This is where you perform the action when the API is called, the parameter given is an instance of stdClass, this method should return an instance of stdClass.
*/
public function action()
{
global $mybb, $db;
$api = APISystem::get_instance();
if (isset($api->paths[1]) && is_string($api->paths[1])) {
switch (strtolower($api->paths[1])) {
case "list":
if (isset($api->paths[2]) && is_string($api->paths[2]) && isset($forums[$api->paths[2]])) {
return (object) $forums[$api->paths[2]];
} else {
return (object) $forums;
}
break;
case "posts":
if (isset($api->paths[2]) && is_string($api->paths[2])) {
$posts = array();
$tid = $db->escape_string($api->paths[2]);
$query = $db->write_query("SELECT * FROM " . TABLE_PREFIX . "posts p WHERE p.`tid` = '{$tid}'");
while ($post = $db->fetch_array($query)) {
$posts[$post["pid"]] = $post;
}
return (object) $posts;
} else {
// what forum?
}
break;
case "permissions":
$forumpermissions = forum_permissions();
return (object) $forumpermissions;
default:
break;
}
}
throw new BadRequestException("No valid option given in the URL.");
}
function get_forum_func()
{
global $db, $lang, $theme, $plugins, $mybb, $session, $settings, $cache, $time, $mybbgroups, $forumpermissions, $fcache, $forum_cache;
$lang->load("index");
$inactiveforums = get_inactive_forums();
if ($mybb->user['uid'] == 0) {
// Build a forum cache.
$query = $db->query("\n SELECT *, threads as unread_count\n FROM " . TABLE_PREFIX . "forums\n WHERE active != 0 " . ($inactiveforums ? " AND fid NOT IN ({$inactiveforums})" : '') . "\n ORDER BY pid, disporder\n ");
$forumsread = unserialize($mybb->cookies['mybb']['forumread']);
} else {
// Build a forum cache.
$query = $db->query("\n SELECT f.*, fr.dateline AS lastread, fs.fsid, (\n select count(*) from " . TABLE_PREFIX . "threads where fid=f.fid and lastpost > fr.dateline\n ) as unread_count\n FROM " . TABLE_PREFIX . "forums f\n LEFT JOIN " . TABLE_PREFIX . "forumsread fr ON (fr.fid=f.fid AND fr.uid='{$mybb->user['uid']}')\n LEFT JOIN " . TABLE_PREFIX . "forumsubscriptions fs ON (fs.fid=f.fid AND fs.uid='{$mybb->user['uid']}')\n WHERE f.active != 0 " . ($inactiveforums ? " AND f.fid NOT IN ({$inactiveforums})" : '') . "\n ORDER BY pid, disporder\n ");
}
while ($forum = $db->fetch_array($query)) {
if ($mybb->user['uid'] == 0) {
if ($forumsread[$forum['fid']]) {
$forum['lastread'] = $forumsread[$forum['fid']];
}
}
$fcache[$forum['pid']][$forum['disporder']][$forum['fid']] = $forum;
}
$forumpermissions = forum_permissions();
$excols = "index";
$permissioncache['-1'] = "1";
$showdepth = 10;
$xml_nodes = new xmlrpcval(array(), 'array');
$done = array();
$xml_tree = treeBuild(0, $fcache, $xml_nodes, $done);
$xml_nodes->addArray($xml_tree);
return new xmlrpcresp($xml_nodes);
}
function remove_attachment_func($xmlrpc_params)
{
global $db, $lang, $theme, $plugins, $mybb, $session, $settings, $cache, $time, $mybbgroups;
chdir("../");
$lang->load("member");
$parser = new postParser();
$input = Tapatalk_Input::filterXmlInput(array('attachment_id' => Tapatalk_Input::INT, 'forum_id' => Tapatalk_Input::INT, 'group_id' => Tapatalk_Input::STRING, 'post_id' => Tapatalk_Input::INT), $xmlrpc_params);
$fid = $input['forum_id'];
$forum = get_forum($fid);
if (!$forum) {
return xmlrespfalse($lang->error_invalidforum);
}
$forumpermissions = forum_permissions($fid);
if ($forum['open'] == 0 || $forum['type'] != "f") {
return xmlrespfalse($lang->error_closedinvalidforum);
}
if ($mybb->user['uid'] < 1 || $forumpermissions['canview'] == 0 || $forumpermissions['canpostthreads'] == 0 || $mybb->user['suspendposting'] == 1) {
return tt_no_permission();
}
tt_check_forum_password($forum['fid']);
$posthash = $input['group_id'];
$mybb->input['posthash'] = $posthash;
// If we're removing an attachment that belongs to an existing post, some security checks...
$query = $db->simple_select("attachments", "pid", "aid='{$input['attachment_id']}'");
$attachment = $db->fetch_array($query);
$pid = $attachment['pid'];
if ($pid > 0) {
if ($pid != $input['post_id']) {
return xmlrespfalse("The attachment you are trying to remove does not belong to this post");
}
$query = $db->simple_select("posts", "*", "pid='{$pid}'");
$post = $db->fetch_array($query);
if (!$post['pid']) {
return xmlrespfalse($lang->error_invalidpost);
}
// Get thread info
$tid = $post['tid'];
$thread = get_thread($tid);
if (!$thread['tid']) {
return xmlrespfalse($lang->error_invalidthread);
}
if (!is_moderator($fid, "caneditposts")) {
if ($thread['closed'] == 1) {
return xmlrespfalse($lang->redirect_threadclosed);
}
if ($forumpermissions['caneditposts'] == 0) {
return tt_no_permission();
}
if ($mybb->user['uid'] != $post['uid']) {
return tt_no_permission();
}
}
} else {
$pid = 0;
}
require_once MYBB_ROOT . "inc/functions_upload.php";
remove_attachment($pid, $mybb->input['posthash'], $input['attachment_id']);
return xmlresptrue();
}
function upload_attach_func($xmlrpc_params)
{
global $db, $lang, $theme, $plugins, $mybb, $session, $settings, $cache, $time, $mybbgroups;
$lang->load("member");
$parser = new postParser();
$input = Tapatalk_Input::filterXmlInput(array('forum_id' => Tapatalk_Input::INT, 'group_id' => Tapatalk_Input::STRING, 'content' => Tapatalk_Input::STRING), $xmlrpc_params);
$fid = $input['forum_id'];
//return xmlrespfalse(print_r($_FILES, true));
// Fetch forum information.
$forum = get_forum($fid);
if (!$forum) {
return xmlrespfalse($lang->error_invalidforum);
}
$forumpermissions = forum_permissions($fid);
if ($forum['open'] == 0 || $forum['type'] != "f") {
return xmlrespfalse($lang->error_closedinvalidforum);
}
if ($mybb->user['uid'] < 1 || $forumpermissions['canview'] == 0 || $forumpermissions['canpostthreads'] == 0 || $mybb->user['suspendposting'] == 1) {
return tt_no_permission();
}
// Check if this forum is password protected and we have a valid password
tt_check_forum_password($forum['fid']);
$posthash = $input['group_id'];
if (empty($posthash)) {
$posthash = md5($mybb->user['uid'] . random_str());
}
$mybb->input['posthash'] = $posthash;
if (!empty($mybb->input['pid'])) {
$attachwhere = "pid='{$mybb->input['pid']}'";
} else {
$attachwhere = "posthash='{$posthash}'";
}
$query = $db->simple_select("attachments", "COUNT(aid) as numattachs", $attachwhere);
$attachcount = $db->fetch_field($query, "numattachs");
//if(is_array($_FILES['attachment']['name'])){
foreach ($_FILES['attachment'] as $k => $v) {
if (is_array($_FILES['attachment'][$k])) {
$_FILES['attachment'][$k] = $_FILES['attachment'][$k][0];
}
}
//}
if ($_FILES['attachment']['type'] == 'image/jpg') {
$_FILES['attachment']['type'] = 'image/jpeg';
}
// If there's an attachment, check it and upload it
if ($_FILES['attachment']['size'] > 0 && $forumpermissions['canpostattachments'] != 0 && ($mybb->settings['maxattachments'] == 0 || $attachcount < $mybb->settings['maxattachments'])) {
require_once MYBB_ROOT . "inc/functions_upload.php";
$attachedfile = upload_attachment($_FILES['attachment'], false);
}
if (empty($attachedfile)) {
return xmlrespfalse("No file uploaded");
}
//return xmlrespfalse(print_r($attachedfile, true));
if ($attachedfile['error']) {
return xmlrespfalse(implode(" :: ", $attachedfile['error']));
}
$result = new xmlrpcval(array('attachment_id' => new xmlrpcval($attachedfile['aid'], 'string'), 'group_id' => new xmlrpcval($posthash, 'string'), 'result' => new xmlrpcval(true, 'boolean'), 'result_text' => new xmlrpcval('', 'base64'), 'file_size' => new xmlrpcval($attachedfile['filesize'], 'int')), 'struct');
return new xmlrpcresp($result);
}
/**
* Fetches the number of unread threads for the current user in a particular forum.
*
* @param string The forums (CSV list)
* @return int The number of unread threads
*/
function fetch_unread_count($fid)
{
global $cache, $db, $mybb;
$onlyview = $onlyview2 = '';
$permissions = forum_permissions($fid);
$cutoff = TIME_NOW - $mybb->settings['threadreadcut'] * 60 * 60 * 24;
if (!empty($permissions['canonlyviewownthreads'])) {
$onlyview = " AND uid = '{$mybb->user['uid']}'";
$onlyview2 = " AND t.uid = '{$mybb->user['uid']}'";
}
if ($mybb->user['uid'] == 0) {
$comma = '';
$tids = '';
$threadsread = my_unserialize($mybb->cookies['mybb']['threadread']);
$forumsread = my_unserialize($mybb->cookies['mybb']['forumread']);
if (!empty($threadsread)) {
foreach ($threadsread as $key => $value) {
$tids .= $comma . intval($key);
$comma = ',';
}
}
if (!empty($tids)) {
$count = 0;
// We've read at least some threads, are they here?
$query = $db->simple_select("threads", "lastpost, tid, fid", "visible=1 AND closed NOT LIKE 'moved|%' AND fid IN ({$fid}) AND lastpost > '{$cutoff}'{$onlyview}", array("limit" => 100));
while ($thread = $db->fetch_array($query)) {
if ($thread['lastpost'] > intval($threadsread[$thread['tid']]) && $thread['lastpost'] > intval($forumsread[$thread['fid']])) {
++$count;
}
}
return $count;
}
// Not read any threads?
return false;
} else {
// START - Unread posts MOD
$fieldname = 'dateline';
if (function_exists("unreadPosts_is_installed") && unreadPosts_is_installed()) {
$cutoff = $mybb->user['lastmark'];
}
// END - Unread posts MOD
switch ($db->type) {
case "pgsql":
$query = $db->query("\n SELECT COUNT(t.tid) AS unread_count\n FROM " . TABLE_PREFIX . "threads t\n LEFT JOIN " . TABLE_PREFIX . "threadsread tr ON (tr.tid=t.tid AND tr.uid='{$mybb->user['uid']}')\n LEFT JOIN " . TABLE_PREFIX . "forumsread fr ON (fr.fid=t.fid AND fr.uid='{$mybb->user['uid']}')\n WHERE t.visible=1 AND t.closed NOT LIKE 'moved|%' \n AND t.fid IN ({$fid}) \n AND t.lastpost > COALESCE(tr.dateline,{$cutoff}) \n AND t.lastpost > COALESCE(fr.dateline,{$cutoff}) \n AND t.lastpost > {$cutoff}\n {$onlyview2}\n ");
break;
default:
$query = $db->query("\n SELECT COUNT(t.tid) AS unread_count\n FROM " . TABLE_PREFIX . "threads t\n LEFT JOIN " . TABLE_PREFIX . "threadsread tr ON (tr.tid=t.tid AND tr.uid='{$mybb->user['uid']}')\n LEFT JOIN " . TABLE_PREFIX . "forumsread fr ON (fr.fid=t.fid AND fr.uid='{$mybb->user['uid']}')\n WHERE t.visible=1 AND t.closed NOT LIKE 'moved|%' \n AND t.fid IN ({$fid}) \n AND t.lastpost > IFNULL(tr.dateline,{$cutoff}) \n AND t.lastpost > IFNULL(fr.dateline,{$cutoff}) \n AND t.lastpost > {$cutoff}\n {$onlyview2}\n ");
}
return (int) $db->fetch_field($query, "unread_count");
}
}
function subscribe_topic_func($xmlrpc_params)
{
global $db, $lang, $theme, $plugins, $mybb, $session, $settings, $cache, $time, $mybbgroups;
$lang->load("usercp");
$input = Tapatalk_Input::filterXmlInput(array('topic_id' => Tapatalk_Input::INT), $xmlrpc_params);
$thread = get_thread($input['topic_id']);
if (!$thread['tid']) {
return xmlrespfalse($lang->error_invalidthread);
}
$forumpermissions = forum_permissions($thread['fid']);
if ($forumpermissions['canview'] == 0 || $forumpermissions['canviewthreads'] == 0) {
return tt_no_permission();
}
add_subscribed_thread($thread['tid'], 0);
return xmlresptrue();
}
/**
This is where you perform the action when the API is called, the parameter given is an instance of stdClass, this method should return an instance of stdClass.
*/
public function action()
{
global $mybb, $db;
$api = APISystem::get_instance();
if (isset($api->paths[1]) && is_string($api->paths[1])) {
$forums = cache_forums();
switch (strtolower($api->paths[1])) {
case "list":
if (isset($api->paths[2]) && is_string($api->paths[2]) && isset($forums[$api->paths[2]])) {
return (object) $forums[$api->paths[2]];
} else {
return (object) $forums;
}
break;
case "threads":
if (isset($api->paths[2]) && is_string($api->paths[2]) && isset($forums[$api->paths[2]])) {
$threads = array();
$fid = $db->escape_string($api->paths[2]);
$query = $db->write_query("SELECT * FROM " . TABLE_PREFIX . "threads t WHERE t.`fid` = '{$fid}'");
while ($thread = $db->fetch_array($query)) {
$threads[$thread["tid"]] = $thread;
}
return (object) $threads;
} else {
// what forum?
}
break;
case "permissions":
if (isset($api->paths[2]) && is_string($api->paths[2]) && isset($forums[$api->paths[2]]) && $this->is_authenticated()) {
return (object) forum_permissions($api->paths[2], $this->get_user()->id, $this->get_user()->usergroup);
} else {
//what forum?
}
default:
break;
}
}
throw new BadRequestException("No valid option given in the URL.");
}
function get_subscribed_forum_func($xmlrpc_params)
{
global $db, $lang, $theme, $plugins, $mybb, $session, $settings, $cache, $time, $mybbgroups;
$lang->load("usercp");
if ($mybb->user['uid'] == 0 || $mybb->usergroup['canusercp'] == 0) {
return tt_no_permission();
}
$query = $db->simple_select("forumpermissions", "*", "gid='" . $db->escape_string($mybb->user['usergroup']) . "'");
while ($permissions = $db->fetch_array($query)) {
$permissioncache[$permissions['gid']][$permissions['fid']] = $permissions;
}
// Build a forum cache.
$query = $db->query("\n\t\tSELECT f.fid, fr.dateline AS lastread\n\t\tFROM " . TABLE_PREFIX . "forums f\n\t\tLEFT JOIN " . TABLE_PREFIX . "forumsread fr ON (fr.fid=f.fid AND fr.uid='{$mybb->user['uid']}')\n\t\tWHERE f.active != 0\n\t\tORDER BY pid, disporder\n\t");
while ($forum = $db->fetch_array($query)) {
if ($mybb->user['uid'] == 0) {
if ($forumsread[$forum['fid']]) {
$forum['lastread'] = $forumsread[$forum['fid']];
}
}
$readforums[$forum['fid']] = $forum['lastread'];
}
require_once MYBB_ROOT . "inc/functions_forumlist.php";
$fpermissions = forum_permissions();
$query = $db->query("\n\t\tSELECT fs.*, f.*, t.subject AS lastpostsubject, fr.dateline AS lastread\n\t\tFROM " . TABLE_PREFIX . "forumsubscriptions fs\n\t\tLEFT JOIN " . TABLE_PREFIX . "forums f ON (f.fid = fs.fid)\n\t\tLEFT JOIN " . TABLE_PREFIX . "threads t ON (t.tid = f.lastposttid)\n\t\tLEFT JOIN " . TABLE_PREFIX . "forumsread fr ON (fr.fid=f.fid AND fr.uid='{$mybb->user['uid']}')\n\t\tWHERE f.type='f' AND fs.uid='" . $mybb->user['uid'] . "'\n\t\tORDER BY f.name ASC\n\t");
$forums = '';
$forum_list = array();
while ($forum = $db->fetch_array($query)) {
$forumpermissions = $fpermissions[$forum['fid']];
if ($forumpermissions['canview'] != 0) {
$lightbulb = get_forum_lightbulb(array('open' => $forum['open'], 'lastread' => $forum['lastread']), array('lastpost' => $forum['lastpost']));
$forum_list[] = new xmlrpcval(array('forum_id' => new xmlrpcval($forum['fid'], 'string'), 'forum_name' => new xmlrpcval(basic_clean($forum['name']), 'base64'), 'is_protected' => new xmlrpcval(!empty($forum['password']), 'boolean'), 'new_post' => new xmlrpcval($lightbulb['folder'] == 'on', 'boolean')), 'struct');
}
}
$result = new xmlrpcval(array('total_forums_num' => new xmlrpcval(count($forum_list), 'int'), 'forums' => new xmlrpcval($forum_list, 'array')), 'struct');
return new xmlrpcresp($result);
}
if (!$mybb->user['ismoderator']) {
$sql[] = "p.visible='1'";
$sql[] = "t.visible='1'";
}
$sql = implode(' AND ', $sql);
$query = $db->query("\n\t\t\tSELECT p.pid, p.uid, p.fid, p.visible, p.message, t.tid, t.subject, t.visible AS thread_visible\n\t\t\tFROM " . TABLE_PREFIX . "posts p\n\t\t\tLEFT JOIN " . TABLE_PREFIX . "threads t ON (t.tid=p.tid)\n\t\t\tWHERE {$sql}\n\t\t");
$forumpermissions = array();
while ($post = $db->fetch_array($query)) {
if (($post['visible'] == 0 || $post['thread_visible'] == 0) && !is_moderator($post['fid'], 'canviewunapprove')) {
continue;
}
if (($post['visible'] == -1 || $post['thread_visible'] == -1) && !is_moderator($post['fid'], 'canviewdeleted')) {
continue;
}
if (!isset($forumpermissions[$post['fid']])) {
$forumpermissions[$post['fid']] = forum_permissions($post['fid']);
}
// Make sure we can view this post
if (isset($forumpermissions[$post['fid']]['canonlyviewownthreads']) && $forumpermissions[$post['fid']]['canonlyviewownthreads'] == 1 && $post['uid'] != $mybb->user['uid']) {
continue;
}
$post_reputation[$post['pid']] = $post;
}
}
$reputation_votes = '';
foreach ($reputation_cache as $reputation_vote) {
// Get the reputation for the user who posted this comment
if ($reputation_vote['adduid'] == 0) {
$reputation_vote['user_reputation'] = 0;
}
$reputation_vote['user_reputation'] = get_reputation($reputation_vote['user_reputation'], $reputation_vote['adduid']);
/**
* Updates a post that is already in the database.
*
*/
function update_post()
{
global $db, $mybb, $plugins;
// Yes, validating is required.
if ($this->get_validated() != true) {
die("The post needs to be validated before inserting it into the DB.");
}
if (count($this->get_errors()) > 0) {
die("The post is not valid.");
}
$post =& $this->data;
$post['pid'] = (int) $post['pid'];
$existing_post = get_post($post['pid']);
$post['tid'] = $existing_post['tid'];
$post['fid'] = $existing_post['fid'];
$forum = get_forum($post['fid']);
$forumpermissions = forum_permissions($post['fid'], $post['uid']);
// Check if this is the first post in a thread.
$options = array("order_by" => "dateline", "order_dir" => "asc", "limit_start" => 0, "limit" => 1);
$query = $db->simple_select("posts", "pid", "tid='" . (int) $post['tid'] . "'", $options);
$first_post_check = $db->fetch_array($query);
if ($first_post_check['pid'] == $post['pid']) {
$first_post = true;
} else {
$first_post = false;
}
// Decide on the visibility of this post.
$ismod = is_moderator($post['fid'], "", $post['uid']);
// Keep visibility for unapproved and deleted posts
if ($existing_post['visible'] == 0) {
$visible = 0;
} elseif ($existing_post['visible'] == -1) {
$visible = -1;
} elseif ($forumpermissions['mod_edit_posts'] == 1 && !$ismod) {
$visible = 0;
require_once MYBB_ROOT . "inc/class_moderation.php";
$moderation = new Moderation();
$moderation->unapprove_posts(array($post['pid']));
} else {
$visible = 1;
}
// Update the thread details that might have been changed first.
if ($first_post) {
$this->tid = $post['tid'];
if (isset($post['prefix'])) {
$this->thread_update_data['prefix'] = (int) $post['prefix'];
}
if (isset($post['subject'])) {
$this->thread_update_data['subject'] = $db->escape_string($post['subject']);
}
if (isset($post['icon'])) {
$this->thread_update_data['icon'] = (int) $post['icon'];
}
if (count($this->thread_update_data) > 0) {
$plugins->run_hooks("datahandler_post_update_thread", $this);
$db->update_query("threads", $this->thread_update_data, "tid='" . (int) $post['tid'] . "'");
}
}
// Prepare array for post updating.
$this->pid = $post['pid'];
if (isset($post['subject'])) {
$this->post_update_data['subject'] = $db->escape_string($post['subject']);
}
if (isset($post['message'])) {
$this->post_update_data['message'] = $db->escape_string($post['message']);
}
if (isset($post['editreason']) && trim($post['editreason']) != '') {
$this->post_update_data['editreason'] = $db->escape_string(trim($post['editreason']));
}
if (isset($post['icon'])) {
$this->post_update_data['icon'] = (int) $post['icon'];
}
if (isset($post['options'])) {
if (isset($post['options']['disablesmilies'])) {
$this->post_update_data['smilieoff'] = $db->escape_string($post['options']['disablesmilies']);
}
if (isset($post['options']['signature'])) {
$this->post_update_data['includesig'] = $db->escape_string($post['options']['signature']);
}
}
// If we need to show the edited by, let's do so.
if ($mybb->settings['showeditedby'] == 1 && !is_moderator($post['fid'], "caneditposts", $post['edit_uid']) || $mybb->settings['showeditedbyadmin'] == 1 && is_moderator($post['fid'], "caneditposts", $post['edit_uid'])) {
$this->post_update_data['edituid'] = (int) $post['edit_uid'];
$this->post_update_data['edittime'] = TIME_NOW;
}
$plugins->run_hooks("datahandler_post_update", $this);
$db->update_query("posts", $this->post_update_data, "pid='" . (int) $post['pid'] . "'");
// Automatic subscription to the thread
if ($post['options']['subscriptionmethod'] != "" && $post['uid'] > 0) {
switch ($post['options']['subscriptionmethod']) {
case "pm":
$notification = 2;
break;
case "email":
$notification = 1;
break;
default:
$notification = 0;
}
require_once MYBB_ROOT . "inc/functions_user.php";
add_subscribed_thread($post['tid'], $notification, $post['uid']);
} else {
$db->delete_query("threadsubscriptions", "uid='" . (int) $post['uid'] . "' AND tid='" . (int) $post['tid'] . "'");
}
update_forum_lastpost($post['fid']);
update_last_post($post['tid']);
// Return the thread's first post id and whether or not it is visible.
$this->return_values = array('visible' => $visible, 'first_post' => $first_post);
$plugins->run_hooks("datahandler_post_update_end", $this);
return $this->return_values;
}
/**
* Gets a list of forums and possibly subforums.
*
* @param int The parent forum to get the childforums for.
* @return array Array of information regarding the child forums of this parent forum
*/
function build_archive_forumbits($pid = 0)
{
global $db, $forumpermissions, $mybb, $lang, $archiveurl, $base_url;
// Sort out the forum cache first.
static $fcache;
if (!is_array($fcache)) {
// Fetch forums
$query = $db->simple_select("forums", "*", "active!=0 AND password=''", array('order_by' => 'pid, disporder'));
while ($forum = $db->fetch_array($query)) {
$fcache[$forum['pid']][$forum['disporder']][$forum['fid']] = $forum;
}
$forumpermissions = forum_permissions();
}
// Start the process.
if (is_array($fcache[$pid])) {
foreach ($fcache[$pid] as $key => $main) {
foreach ($main as $key => $forum) {
$perms = $forumpermissions[$forum['fid']];
if (($perms['canview'] == 1 || $mybb->settings['hideprivateforums'] == 0) && $forum['active'] != 0) {
if ($forum['linkto']) {
$forums .= "<li><a href=\"{$forum['linkto']}\">{$forum['name']}</a>";
} elseif ($forum['type'] == "c") {
$forums .= "<li><strong><a href=\"{$base_url}forum-{$forum['fid']}.html\">{$forum['name']}</a></strong>";
} else {
$forums .= "<li><a href=\"{$base_url}forum-{$forum['fid']}.html\">{$forum['name']}</a>";
}
if ($fcache[$forum['fid']]) {
$forums .= "\n<ol>\n";
$forums .= build_archive_forumbits($forum['fid']);
$forums .= "</ol>\n";
}
$forums .= "</li>\n";
}
}
}
}
return $forums;
}
function m_get_moderate_post_func($xmlrpc_params)
{
global $input, $post, $thread, $forum, $pid, $tid, $fid, $modlogdata, $db, $lang, $theme, $plugins, $mybb, $session, $settings, $cache, $time, $mybbgroups, $moderation, $parser;
$input = Tapatalk_Input::filterXmlInput(array('start_num' => Tapatalk_Input::INT, 'last_num' => Tapatalk_Input::INT), $xmlrpc_params);
mod_setup();
list($start, $limit) = process_page($input['start_num'], $input['last_num']);
// Load global language phrases
$lang->load("modcp");
if ($mybb->user['uid'] == 0 || $mybb->usergroup['canmodcp'] != 1) {
return tt_no_permission();
}
$errors = '';
// SQL for fetching items only related to forums this user moderates
$moderated_forums = array();
if ($mybb->usergroup['issupermod'] != 1) {
$query = $db->simple_select("moderators", "*", "id='{$mybb->user['uid']}' AND isgroup = '0'");
while ($forum = $db->fetch_array($query)) {
$flist .= ",'{$forum['fid']}'";
$children = get_child_list($forum['fid']);
if (!empty($children)) {
$flist .= ",'" . implode("','", $children) . "'";
}
$moderated_forums[] = $forum['fid'];
}
if ($flist) {
$tflist = " AND t.fid IN (0{$flist})";
$flist = " AND fid IN (0{$flist})";
}
} else {
$flist = $tflist = '';
}
$forum_cache = $cache->read("forums");
$query = $db->query("\n SELECT COUNT(pid) AS unapprovedposts\n FROM " . TABLE_PREFIX . "posts p\n LEFT JOIN " . TABLE_PREFIX . "threads t ON (t.tid=p.tid)\n WHERE p.visible='0' {$tflist} AND t.firstpost != p.pid\n ");
$unapproved_posts = $db->fetch_field($query, "unapprovedposts");
$query = $db->query("\n SELECT p.pid, p.subject, p.message, t.subject AS threadsubject, t.tid, u.username, p.uid, t.fid, p.dateline, u.avatar, t.views, t.replies, IF(b.lifted > UNIX_TIMESTAMP() OR b.lifted = 0, 1, 0) as isbanned\n FROM " . TABLE_PREFIX . "posts p\n LEFT JOIN " . TABLE_PREFIX . "threads t ON (t.tid=p.tid)\n LEFT JOIN " . TABLE_PREFIX . "users u ON (u.uid=p.uid)\n LEFT JOIN " . TABLE_PREFIX . "banned b ON (b.uid = p.uid)\n left join " . TABLE_PREFIX . "forums f on f.fid = t.fid\n WHERE p.visible='0' {$tflist} AND t.firstpost != p.pid\n ORDER BY p.dateline DESC\n LIMIT {$start}, {$limit}\n ");
$forumcache = $cache->read("forums");
$post_list = array();
while ($post = $db->fetch_array($query)) {
$post['threadsubject'] = $parser->parse_badwords($post['threadsubject']);
$forumpermissions = forum_permissions($post['fid']);
$can_delete = 0;
if ($mybb->user['uid'] == $post['uid']) {
if ($forumpermissions['candeletethreads'] == 1 && $post['replies'] == 0) {
$can_delete = 1;
} else {
if ($forumpermissions['candeleteposts'] == 1 && $post['replies'] > 0) {
$can_delete = 1;
}
}
}
$can_delete = (is_moderator($post['fid'], "candeleteposts") || $can_delete == 1) && $mybb->user['uid'] != 0;
$post_list[] = new xmlrpcval(array('forum_id' => new xmlrpcval($post['fid'], 'string'), 'forum_name' => new xmlrpcval(basic_clean($forumcache[$post['fid']]['name']), 'base64'), 'topic_id' => new xmlrpcval($post['tid'], 'string'), 'topic_title' => new xmlrpcval($post['threadsubject'], 'base64'), 'post_id' => new xmlrpcval($post['pid'], 'string'), 'post_title' => new xmlrpcval($post['subject'], 'base64'), 'post_author_name' => new xmlrpcval($post['username'], 'base64'), 'icon_url' => new xmlrpcval(absolute_url($post['avatar']), 'string'), 'post_time' => new xmlrpcval(mobiquo_iso8601_encode($post['dateline']), 'dateTime.iso8601'), 'short_content' => new xmlrpcval(process_short_content($post['message'], $parser), 'base64'), 'reply_number' => new xmlrpcval($post['replies'], 'int'), 'view_number' => new xmlrpcval($post['views'], 'int'), 'can_delete' => new xmlrpcval($can_delete, 'boolean'), 'can_approve' => new xmlrpcval(is_moderator($post['fid'], "canmanagethreads"), 'boolean'), 'can_move' => new xmlrpcval(is_moderator($post['fid'], "canmovetononmodforum"), 'boolean'), 'can_ban' => new xmlrpcval($mybb->usergroup['canmodcp'] == 1, 'boolean'), 'is_ban' => new xmlrpcval($post['isbanned'], 'boolean'), 'is_approved' => new xmlrpcval(false, 'boolean'), 'is_deleted' => new xmlrpcval(false, 'boolean')), "struct");
}
$result = new xmlrpcval(array('total_post_num' => new xmlrpcval($unapproved_posts, 'int'), 'posts' => new xmlrpcval($post_list, 'array')), 'struct');
return new xmlrpcresp($result);
}
/**
* Build a comma separated list of the forums this user cannot search
*
* @param int The parent ID to build from
* @param int First rotation or not (leave at default)
* @return return a CSV list of forums the user cannot search
*/
function get_unsearchable_forums($pid = "0", $first = 1)
{
global $db, $forum_cache, $permissioncache, $mybb, $unsearchableforums, $unsearchable, $templates, $forumpass;
$pid = intval($pid);
if (!is_array($forum_cache)) {
// Get Forums
$query = $db->simple_select("forums", "fid,parentlist,password,active", '', array('order_by' => 'pid, disporder'));
while ($forum = $db->fetch_array($query)) {
$forum_cache[$forum['fid']] = $forum;
}
}
if (!is_array($permissioncache)) {
$permissioncache = forum_permissions();
}
foreach ($forum_cache as $fid => $forum) {
if ($permissioncache[$forum['fid']]) {
$perms = $permissioncache[$forum['fid']];
} else {
$perms = $mybb->usergroup;
}
$pwverified = 1;
if ($forum['password'] != '') {
if ($mybb->cookies['forumpass'][$forum['fid']] != md5($mybb->user['uid'] . $forum['password'])) {
$pwverified = 0;
}
}
$parents = explode(",", $forum['parentlist']);
if (is_array($parents)) {
foreach ($parents as $parent) {
if ($forum_cache[$parent]['active'] == 0) {
$forum['active'] = 0;
}
}
}
if ($perms['canview'] != 1 || $perms['cansearch'] != 1 || $pwverified == 0 || $forum['active'] == 0) {
if ($unsearchableforums) {
$unsearchableforums .= ",";
}
$unsearchableforums .= "'{$forum['fid']}'";
}
}
$unsearchable = $unsearchableforums;
// Get our unsearchable password protected forums
$pass_protected_forums = get_password_protected_forums();
if ($unsearchable && $pass_protected_forums) {
$unsearchable .= ",";
}
if ($pass_protected_forums) {
$unsearchable .= implode(",", $pass_protected_forums);
}
return $unsearchable;
}
/**
* Builds a friendly named Who's Online location from an "activity" and array of user data. Assumes fetch_wol_activity has already been called.
*
* @param array Array containing activity and essential IDs.
* @return string Location name for the activity being performed.
*/
function build_friendly_wol_location($user_activity)
{
global $db, $lang, $uid_list, $aid_list, $pid_list, $tid_list, $fid_list, $ann_list, $eid_list, $plugins, $parser, $mybb;
global $threads, $forums, $forums_linkto, $forum_cache, $posts, $announcements, $events, $usernames, $attachments;
// Fetch forum permissions for this user
$unviewableforums = get_unviewable_forums();
$inactiveforums = get_inactive_forums();
$fidnot = '';
$unviewablefids = $inactivefids = array();
if ($unviewableforums) {
$fidnot = " AND fid NOT IN ({$unviewableforums})";
$unviewablefids = explode(',', $unviewableforums);
}
if ($inactiveforums) {
$fidnot .= " AND fid NOT IN ({$inactiveforums})";
$inactivefids = explode(',', $inactiveforums);
}
// Fetch any users
if (!is_array($usernames) && count($uid_list) > 0) {
$uid_sql = implode(",", $uid_list);
if ($uid_sql != $mybb->user['uid']) {
$query = $db->simple_select("users", "uid,username", "uid IN ({$uid_sql})");
while ($user = $db->fetch_array($query)) {
$usernames[$user['uid']] = $user['username'];
}
} else {
$usernames[$mybb->user['uid']] = $mybb->user['username'];
}
}
// Fetch any attachments
if (!is_array($attachments) && count($aid_list) > 0) {
$aid_sql = implode(",", $aid_list);
$query = $db->simple_select("attachments", "aid,pid", "aid IN ({$aid_sql})");
while ($attachment = $db->fetch_array($query)) {
$attachments[$attachment['aid']] = $attachment['pid'];
$pid_list[] = $attachment['pid'];
}
}
// Fetch any announcements
if (!is_array($announcements) && count($ann_list) > 0) {
$aid_sql = implode(",", $ann_list);
$query = $db->simple_select("announcements", "aid,subject", "aid IN ({$aid_sql}) {$fidnot}");
while ($announcement = $db->fetch_array($query)) {
$announcement_title = htmlspecialchars_uni($parser->parse_badwords($announcement['subject']));
$announcements[$announcement['aid']] = $announcement_title;
}
}
// Fetch any posts
if (!is_array($posts) && count($pid_list) > 0) {
$pid_sql = implode(",", $pid_list);
$query = $db->simple_select("posts", "pid,tid", "pid IN ({$pid_sql}) {$fidnot}");
while ($post = $db->fetch_array($query)) {
$posts[$post['pid']] = $post['tid'];
$tid_list[] = $post['tid'];
}
}
// Fetch any threads
if (!is_array($threads) && count($tid_list) > 0) {
$perms = array();
$tid_sql = implode(",", $tid_list);
$query = $db->simple_select('threads', 'uid, fid, tid, subject, visible, prefix', "tid IN({$tid_sql}) {$fidnot}");
$threadprefixes = build_prefixes();
while ($thread = $db->fetch_array($query)) {
$thread['threadprefix'] = '';
if ($thread['prefix'] && !empty($threadprefixes[$thread['prefix']])) {
$thread['threadprefix'] = $threadprefixes[$thread['prefix']]['displaystyle'];
}
if (empty($perms[$thread['fid']])) {
$perms[$thread['fid']] = forum_permissions($thread['fid']);
}
if (isset($perms[$thread['fid']]['canonlyviewownthreads']) && $perms[$thread['fid']]['canonlyviewownthreads'] == 1 && $thread['uid'] != $mybb->user['uid'] && !is_moderator($thread['fid'])) {
continue;
}
if (is_moderator($thread['fid']) || $thread['visible'] == 1) {
$thread_title = '';
if ($thread['threadprefix']) {
$thread_title = $thread['threadprefix'] . ' ';
}
$thread_title .= htmlspecialchars_uni($parser->parse_badwords($thread['subject']));
$threads[$thread['tid']] = $thread_title;
$fid_list[] = $thread['fid'];
}
}
}
// Fetch any forums
if (!is_array($forums) && count($fid_list) > 0) {
$fidnot = array_merge($unviewablefids, $inactivefids);
foreach ($forum_cache as $fid => $forum) {
if (in_array($fid, $fid_list) && !in_array($fid, $fidnot)) {
$forums[$fid] = $forum['name'];
$forums_linkto[$fid] = $forum['linkto'];
}
}
}
// And finaly any events
if (!is_array($events) && count($eid_list) > 0) {
$eid_sql = implode(",", $eid_list);
$query = $db->simple_select("events", "eid,name", "eid IN ({$eid_sql})");
while ($event = $db->fetch_array($query)) {
$events[$event['eid']] = htmlspecialchars_uni($parser->parse_badwords($event['name']));
}
}
// Now we've got everything we need we can put a name to the location
switch ($user_activity['activity']) {
// announcement.php functions
case "announcements":
if (!empty($announcements[$user_activity['ann']])) {
$location_name = $lang->sprintf($lang->viewing_announcements, get_announcement_link($user_activity['ann']), $announcements[$user_activity['ann']]);
} else {
$location_name = $lang->viewing_announcements2;
}
break;
// attachment.php actions
// attachment.php actions
case "attachment":
$pid = $attachments[$user_activity['aid']];
$tid = $posts[$pid];
if (!empty($threads[$tid])) {
$location_name = $lang->sprintf($lang->viewing_attachment2, $user_activity['aid'], $threads[$tid], get_thread_link($tid));
} else {
$location_name = $lang->viewing_attachment;
}
break;
// calendar.php functions
// calendar.php functions
case "calendar":
$location_name = $lang->viewing_calendar;
break;
case "calendar_event":
if (!empty($events[$user_activity['eid']])) {
$location_name = $lang->sprintf($lang->viewing_event2, get_event_link($user_activity['eid']), $events[$user_activity['eid']]);
} else {
$location_name = $lang->viewing_event;
}
break;
case "calendar_addevent":
$location_name = $lang->adding_event;
break;
case "calendar_editevent":
$location_name = $lang->editing_event;
break;
case "contact":
$location_name = $lang->viewing_contact_us;
break;
// editpost.php functions
// editpost.php functions
case "editpost":
$location_name = $lang->editing_post;
break;
// forumdisplay.php functions
// forumdisplay.php functions
case "forumdisplay":
if (!empty($forums[$user_activity['fid']])) {
if ($forums_linkto[$user_activity['fid']]) {
$location_name = $lang->sprintf($lang->forum_redirect_to, get_forum_link($user_activity['fid']), $forums[$user_activity['fid']]);
} else {
$location_name = $lang->sprintf($lang->viewing_forum2, get_forum_link($user_activity['fid']), $forums[$user_activity['fid']]);
}
} else {
$location_name = $lang->viewing_forum;
}
break;
// index.php functions
// index.php functions
case "index":
$location_name = $lang->sprintf($lang->viewing_index, $mybb->settings['bbname']);
break;
// managegroup.php functions
// managegroup.php functions
case "managegroup":
$location_name = $lang->managing_group;
break;
// member.php functions
// member.php functions
case "member_activate":
$location_name = $lang->activating_account;
break;
case "member_profile":
if (!empty($usernames[$user_activity['uid']])) {
$location_name = $lang->sprintf($lang->viewing_profile2, get_profile_link($user_activity['uid']), $usernames[$user_activity['uid']]);
} else {
$location_name = $lang->viewing_profile;
}
break;
case "member_register":
$location_name = $lang->registering;
break;
case "member":
case "member_login":
// Guest or member?
if ($mybb->user['uid'] == 0) {
$location_name = $lang->logging_in;
} else {
$location_name = $lang->logging_in_plain;
}
break;
case "member_logout":
$location_name = $lang->logging_out;
break;
case "member_emailuser":
$location_name = $lang->emailing_user;
break;
case "member_rate":
$location_name = $lang->rating_user;
break;
case "member_resendactivation":
$location_name = $lang->member_resendactivation;
break;
case "member_lostpw":
$location_name = $lang->member_lostpw;
break;
// memberlist.php functions
// memberlist.php functions
case "memberlist":
$location_name = $lang->viewing_memberlist;
break;
// misc.php functions
// misc.php functions
case "misc_dstswitch":
$location_name = $lang->changing_dst;
break;
case "misc_whoposted":
if (!empty($threads[$user_activity['tid']])) {
$location_name = $lang->sprintf($lang->viewing_whoposted2, get_thread_link($user_activity['tid']), $threads[$user_activity['tid']]);
} else {
$location_name = $lang->viewing_whoposted;
}
break;
case "misc_markread":
$location_name = $lang->sprintf($lang->marking_read, $mybb->post_code);
break;
case "misc_help":
$location_name = $lang->viewing_helpdocs;
break;
case "misc_buddypopup":
$location_name = $lang->viewing_buddylist;
break;
case "misc_smilies":
$location_name = $lang->viewing_smilies;
break;
case "misc_syndication":
$location_name = $lang->viewing_syndication;
break;
case "misc_imcenter":
$location_name = $lang->viewing_imcenter;
break;
// modcp.php functions
// modcp.php functions
case "modcp_modlogs":
$location_name = $lang->viewing_modlogs;
break;
case "modcp_announcements":
$location_name = $lang->managing_announcements;
break;
case "modcp_finduser":
$location_name = $lang->search_for_user;
break;
case "modcp_warninglogs":
$location_name = $lang->managing_warninglogs;
break;
case "modcp_ipsearch":
$location_name = $lang->searching_ips;
break;
case "modcp_report":
$location_name = $lang->viewing_reports;
break;
case "modcp_new_announcement":
$location_name = $lang->adding_announcement;
break;
case "modcp_delete_announcement":
$location_name = $lang->deleting_announcement;
break;
case "modcp_edit_announcement":
$location_name = $lang->editing_announcement;
break;
case "modcp_mod_queue":
$location_name = $lang->managing_modqueue;
break;
case "modcp_editprofile":
$location_name = $lang->editing_user_profiles;
break;
case "modcp_banning":
$location_name = $lang->managing_bans;
break;
case "modcp":
$location_name = $lang->viewing_modcp;
break;
// moderation.php functions
// moderation.php functions
case "moderation":
$location_name = $lang->using_modtools;
break;
// newreply.php functions
// newreply.php functions
case "newreply":
if (!empty($threads[$user_activity['tid']])) {
$location_name = $lang->sprintf($lang->replying_thread2, get_thread_link($user_activity['tid']), $threads[$user_activity['tid']]);
} else {
$location_name = $lang->replying_thread;
}
break;
// newthread.php functions
// newthread.php functions
case "newthread":
if (!empty($forums[$user_activity['fid']])) {
$location_name = $lang->sprintf($lang->posting_thread2, get_forum_link($user_activity['fid']), $forums[$user_activity['fid']]);
} else {
$location_name = $lang->posting_thread;
}
break;
// online.php functions
// online.php functions
case "wol":
$location_name = $lang->viewing_wol;
break;
case "woltoday":
$location_name = $lang->viewing_woltoday;
break;
// polls.php functions
// polls.php functions
case "newpoll":
$location_name = $lang->creating_poll;
break;
case "editpoll":
$location_name = $lang->editing_poll;
break;
case "showresults":
$location_name = $lang->viewing_pollresults;
break;
case "vote":
$location_name = $lang->voting_poll;
break;
// printthread.php functions
// printthread.php functions
case "printthread":
if (!empty($threads[$user_activity['tid']])) {
$location_name = $lang->sprintf($lang->printing_thread2, get_thread_link($user_activity['tid']), $threads[$user_activity['tid']]);
} else {
$location_name = $lang->printing_thread;
}
break;
// private.php functions
// private.php functions
case "private_send":
$location_name = $lang->sending_pm;
break;
case "private_read":
$location_name = $lang->reading_pm;
break;
case "private_folders":
$location_name = $lang->editing_pmfolders;
break;
case "private":
$location_name = $lang->using_pmsystem;
break;
/* Ratethread functions */
/* Ratethread functions */
case "ratethread":
$location_name = $lang->rating_thread;
break;
// report.php functions
// report.php functions
case "report":
$location_name = $lang->reporting_post;
break;
// reputation.php functions
// reputation.php functions
case "reputation":
$location_name = $lang->sprintf($lang->giving_reputation, get_profile_link($user_activity['uid']), $usernames[$user_activity['uid']]);
break;
case "reputation_report":
if (!empty($usernames[$user_activity['uid']])) {
$location_name = $lang->sprintf($lang->viewing_reputation_report, "reputation.php?uid={$user_activity['uid']}", $usernames[$user_activity['uid']]);
} else {
$location_name = $lang->sprintf($lang->viewing_reputation_report2);
}
break;
// search.php functions
// search.php functions
case "search":
$location_name = $lang->sprintf($lang->searching_forum, $mybb->settings['bbname']);
break;
// showthread.php functions
// showthread.php functions
case "showthread":
if (!empty($threads[$user_activity['tid']])) {
$pagenote = '';
$location_name = $lang->sprintf($lang->reading_thread2, get_thread_link($user_activity['tid']), $threads[$user_activity['tid']], $pagenote);
} else {
$location_name = $lang->reading_thread;
}
break;
case "showpost":
if (!empty($posts[$user_activity['pid']]) && !empty($threads[$posts[$user_activity['pid']]])) {
$pagenote = '';
$location_name = $lang->sprintf($lang->reading_thread2, get_thread_link($posts[$user_activity['pid']]), $threads[$posts[$user_activity['pid']]], $pagenote);
} else {
$location_name = $lang->reading_thread;
}
break;
// showteam.php functions
// showteam.php functions
case "showteam":
$location_name = $lang->viewing_team;
break;
// stats.php functions
// stats.php functions
case "stats":
$location_name = $lang->viewing_stats;
break;
// usercp.php functions
// usercp.php functions
case "usercp_profile":
$location_name = $lang->updating_profile;
break;
case "usercp_editlists":
$location_name = $lang->managing_buddyignorelist;
break;
case "usercp_options":
$location_name = $lang->updating_options;
break;
case "usercp_editsig":
$location_name = $lang->editing_signature;
break;
case "usercp_avatar":
$location_name = $lang->changing_avatar;
break;
case "usercp_subscriptions":
$location_name = $lang->viewing_subscriptions;
break;
case "usercp_favorites":
$location_name = $lang->viewing_favorites;
break;
case "usercp_notepad":
$location_name = $lang->editing_pad;
break;
case "usercp_password":
$location_name = $lang->editing_password;
break;
case "usercp":
$location_name = $lang->user_cp;
break;
case "usercp2_favorites":
$location_name = $lang->managing_favorites;
break;
case "usercp2_subscriptions":
$location_name = $lang->managing_subscriptions;
break;
case "portal":
$location_name = $lang->viewing_portal;
break;
// sendthread.php functions
// sendthread.php functions
case "sendthread":
$location_name = $lang->sending_thread;
break;
// warnings.php functions
// warnings.php functions
case "warnings_revoke":
$location_name = $lang->revoking_warning;
break;
case "warnings_warn":
$location_name = $lang->warning_user;
break;
case "warnings_view":
$location_name = $lang->viewing_warning;
break;
case "warnings":
$location_name = $lang->managing_warnings;
break;
}
$plugin_array = array('user_activity' => &$user_activity, 'location_name' => &$location_name);
$plugins->run_hooks("build_friendly_wol_location_end", $plugin_array);
if (isset($user_activity['nopermission']) && $user_activity['nopermission'] == 1) {
$location_name = $lang->viewing_noperms;
}
if (!$location_name) {
$location_name = $lang->sprintf($lang->unknown_location, $user_activity['location']);
}
return $location_name;
}
}
$visibleonly = "AND visible='1'";
$visibleonly2 = "AND p.visible='1' AND t.visible='1'";
// Is the currently logged in user a moderator of this forum?
if (is_moderator($fid)) {
$visibleonly = " AND (visible='1' OR visible='0')";
$visibleonly2 = "AND (p.visible='1' OR p.visible='0') AND (t.visible='1' OR t.visible='0')";
$ismod = true;
} else {
$ismod = false;
}
// Make sure we are looking at a real thread here.
if (!$thread || $thread['visible'] != 1 && $ismod == false || $thread['visible'] > 1 && $ismod == true) {
error($lang->error_invalidthread);
}
$forumpermissions = forum_permissions($thread['fid']);
// Does the user have permission to view this thread?
if ($forumpermissions['canview'] != 1 || $forumpermissions['canviewthreads'] != 1) {
error_no_permission();
}
if (isset($forumpermissions['canonlyviewownthreads']) && $forumpermissions['canonlyviewownthreads'] == 1 && $thread['uid'] != $mybb->user['uid']) {
error_no_permission();
}
$archive_url = build_archive_link("thread", $tid);
// Does the thread belong to a valid forum?
$forum = get_forum($fid);
if (!$forum || $forum['type'] != "f") {
error($lang->error_invalidforum);
}
// Check if this forum is password protected and we have a valid password
check_forum_password($forum['fid']);
/**
* Perform a thread and post search under MySQL or MySQLi using boolean fulltext capabilities
*
* @param array Array of search data
* @return array Array of search data with results mixed in
*/
function perform_search_mysql_ft($search)
{
global $mybb, $db, $lang;
$keywords = clean_keywords_ft($search['keywords']);
if (!$keywords && !$search['author']) {
error($lang->error_nosearchterms);
}
// Attempt to determine minimum word length from MySQL for fulltext searches
$query = $db->query("SHOW VARIABLES LIKE 'ft_min_word_len';");
$min_length = $db->fetch_field($query, 'Value');
if (is_numeric($min_length)) {
$mybb->settings['minsearchword'] = $min_length;
} else {
$mybb->settings['minsearchword'] = 4;
}
if ($keywords) {
$keywords_exp = explode("\"", $keywords);
$inquote = false;
foreach ($keywords_exp as $phrase) {
if (!$inquote) {
$split_words = preg_split("#\\s{1,}#", $phrase, -1);
foreach ($split_words as $word) {
$word = str_replace(array("+", "-", "*"), '', $word);
if (!$word) {
continue;
}
if (my_strlen($word) < $mybb->settings['minsearchword']) {
$all_too_short = true;
} else {
$all_too_short = false;
break;
}
}
} else {
$phrase = str_replace(array("+", "-", "*"), '', $phrase);
if (my_strlen($phrase) < $mybb->settings['minsearchword']) {
$all_too_short = true;
} else {
$all_too_short = false;
break;
}
}
$inquote = !$inquote;
}
// Show the minimum search term error only if all search terms are too short
if ($all_too_short == true) {
$lang->error_minsearchlength = $lang->sprintf($lang->error_minsearchlength, $mybb->settings['minsearchword']);
error($lang->error_minsearchlength);
}
$message_lookin = "AND MATCH(message) AGAINST('" . $db->escape_string($keywords) . "' IN BOOLEAN MODE)";
$subject_lookin = "AND MATCH(subject) AGAINST('" . $db->escape_string($keywords) . "' IN BOOLEAN MODE)";
}
$post_usersql = '';
$thread_usersql = '';
if ($search['author']) {
$userids = array();
if ($search['matchusername']) {
$query = $db->simple_select("users", "uid", "username='******'author']) . "'");
} else {
$search['author'] = my_strtolower($search['author']);
$query = $db->simple_select("users", "uid", "LOWER(username) LIKE '%" . $db->escape_string_like($search['author']) . "%'");
}
while ($user = $db->fetch_array($query)) {
$userids[] = $user['uid'];
}
if (count($userids) < 1) {
error($lang->error_nosearchresults);
} else {
$userids = implode(',', $userids);
$post_usersql = " AND p.uid IN (" . $userids . ")";
$thread_usersql = " AND t.uid IN (" . $userids . ")";
}
}
$datecut = '';
if ($search['postdate']) {
if ($search['pddir'] == 0) {
$datecut = "<=";
} else {
$datecut = ">=";
}
$now = TIME_NOW;
$datelimit = $now - 86400 * $search['postdate'];
$datecut .= "'{$datelimit}'";
$post_datecut = " AND p.dateline {$datecut}";
$thread_datecut = " AND t.dateline {$datecut}";
}
$thread_replycut = '';
if ($search['numreplies'] != '' && $search['findthreadst']) {
if (intval($search['findthreadst']) == 1) {
$thread_replycut = " AND t.replies >= '" . intval($search['numreplies']) . "'";
} else {
$thread_replycut = " AND t.replies <= '" . intval($search['numreplies']) . "'";
}
}
$thread_prefixcut = '';
$prefixlist = array();
if ($search['threadprefix'] && $search['threadprefix'][0] != 'any') {
foreach ($search['threadprefix'] as $threadprefix) {
$threadprefix = intval($threadprefix);
$prefixlist[] = $threadprefix;
}
}
if (count($prefixlist) == 1) {
$thread_prefixcut .= " AND t.prefix='{$threadprefix}' ";
} else {
if (count($prefixlist) > 1) {
$thread_prefixcut = " AND t.prefix IN (" . implode(',', $prefixlist) . ")";
}
}
$forumin = '';
$fidlist = array();
$searchin = array();
if ($search['forums'][0] != "all") {
if (!is_array($search['forums'])) {
$search['forums'] = array(intval($search['forums']));
}
// Generate a comma separated list of all groups the user belongs to
$user_groups = $mybb->user['usergroup'];
if ($mybb->user['additionalgroups']) {
$user_groups .= "," . $mybb->user['additionalgroups'];
}
foreach ($search['forums'] as $forum) {
$forum = intval($forum);
if (!$searchin[$forum]) {
switch ($db->type) {
case "pgsql":
case "sqlite":
$query = $db->query("\n\t\t\t\t\t\t\tSELECT f.fid\n\t\t\t\t\t\t\tFROM " . TABLE_PREFIX . "forums f\n\t\t\t\t\t\t\tLEFT JOIN " . TABLE_PREFIX . "forumpermissions p ON (f.fid=p.fid AND p.gid IN (" . $user_groups . "))\n\t\t\t\t\t\t\tWHERE INSTR(','||parentlist||',',',{$forum},') > 0 AND active!=0 AND ((p.fid) IS NULL OR p.cansearch=1)\n\t\t\t\t\t\t");
break;
default:
$query = $db->query("\n\t\t\t\t\t\t\tSELECT f.fid\n\t\t\t\t\t\t\tFROM " . TABLE_PREFIX . "forums f\n\t\t\t\t\t\t\tLEFT JOIN " . TABLE_PREFIX . "forumpermissions p ON (f.fid=p.fid AND p.gid IN (" . $user_groups . "))\n\t\t\t\t\t\t\tWHERE INSTR(CONCAT(',',parentlist,','),',{$forum},') > 0 AND active!=0 AND ((p.fid) IS NULL OR p.cansearch=1)\n\t\t\t\t\t\t");
}
while ($sforum = $db->fetch_array($query)) {
$fidlist[] = $sforum['fid'];
}
}
}
if (count($fidlist) == 1) {
$forumin .= " AND t.fid='{$forum}' ";
$searchin[$fid] = 1;
} else {
if (count($fidlist) > 1) {
$forumin = " AND t.fid IN (" . implode(',', $fidlist) . ")";
}
}
}
$permsql = "";
$onlyusfids = array();
// Check group permissions if we can't view threads not started by us
$group_permissions = forum_permissions();
foreach ($group_permissions as $fid => $forum_permissions) {
if ($forum_permissions['canonlyviewownthreads'] == 1) {
$onlyusfids[] = $fid;
}
}
if (!empty($onlyusfids)) {
$permsql .= "AND ((t.fid IN(" . implode(',', $onlyusfids) . ") AND t.uid='{$mybb->user['uid']}') OR t.fid NOT IN(" . implode(',', $onlyusfids) . "))";
}
$unsearchforums = get_unsearchable_forums();
if ($unsearchforums) {
$permsql .= " AND t.fid NOT IN ({$unsearchforums})";
}
$inactiveforums = get_inactive_forums();
if ($inactiveforums) {
$permsql .= " AND t.fid NOT IN ({$inactiveforums})";
}
$visiblesql = $post_visiblesql = $plain_post_visiblesql = "";
if (isset($search['visible'])) {
if ($search['visible'] == 1) {
$visiblesql = " AND t.visible = '1'";
if ($search['postthread'] == 1) {
$post_visiblesql = " AND p.visible = '1'";
$plain_post_visiblesql = " AND visible = '1'";
}
} else {
$visiblesql = " AND t.visible != '1'";
if ($search['postthread'] == 1) {
$post_visiblesql = " AND p.visible != '1'";
$plain_post_visiblesql = " AND visible != '1'";
}
}
}
// Searching a specific thread?
if ($search['tid']) {
$tidsql = " AND t.tid='" . intval($search['tid']) . "'";
}
$limitsql = '';
if (intval($mybb->settings['searchhardlimit']) > 0) {
$limitsql = "LIMIT " . intval($mybb->settings['searchhardlimit']);
}
// Searching both posts and thread titles
$threads = array();
$posts = array();
$firstposts = array();
if ($search['postthread'] == 1) {
// No need to search subjects when looking for results within a specific thread
if (!$search['tid']) {
$query = $db->query("\n\t\t\t\tSELECT t.tid, t.firstpost\n\t\t\t\tFROM " . TABLE_PREFIX . "threads t\n\t\t\t\tWHERE 1=1 {$thread_datecut} {$thread_replycut} {$thread_prefixcut} {$forumin} {$thread_usersql} {$permsql} {$visiblesql} AND t.closed NOT LIKE 'moved|%' {$subject_lookin}\n\t\t\t\t{$limitsql}\n\t\t\t");
while ($thread = $db->fetch_array($query)) {
$threads[$thread['tid']] = $thread['tid'];
if ($thread['firstpost']) {
$posts[$thread['tid']] = $thread['firstpost'];
}
}
}
$query = $db->query("\n\t\t\tSELECT p.pid, p.tid\n\t\t\tFROM " . TABLE_PREFIX . "posts p\n\t\t\tLEFT JOIN " . TABLE_PREFIX . "threads t ON (t.tid=p.tid)\n\t\t\tWHERE 1=1 {$post_datecut} {$thread_replycut} {$thread_prefixcut} {$forumin} {$post_usersql} {$permsql} {$tidsql} {$post_visiblesql} {$visiblesql} AND t.closed NOT LIKE 'moved|%' {$message_lookin}\n\t\t\t{$limitsql}\n\t\t");
while ($post = $db->fetch_array($query)) {
$posts[$post['pid']] = $post['pid'];
$threads[$post['tid']] = $post['tid'];
}
if (count($posts) < 1 && count($threads) < 1) {
error($lang->error_nosearchresults);
}
$threads = implode(',', $threads);
$posts = implode(',', $posts);
} else {
$query = $db->query("\n\t\t\tSELECT t.tid, t.firstpost\n\t\t\tFROM " . TABLE_PREFIX . "threads t\n\t\t\tWHERE 1=1 {$thread_datecut} {$thread_replycut} {$thread_prefixcut} {$forumin} {$thread_usersql} {$permsql} {$visiblesql} {$subject_lookin}\n\t\t\t{$limitsql}\n\t\t");
while ($thread = $db->fetch_array($query)) {
$threads[$thread['tid']] = $thread['tid'];
if ($thread['firstpost']) {
$firstposts[$thread['tid']] = $thread['firstpost'];
}
}
if (count($threads) < 1) {
error($lang->error_nosearchresults);
}
$threads = implode(',', $threads);
$firstposts = implode(',', $firstposts);
if ($firstposts) {
$query = $db->simple_select("posts", "pid", "pid IN ({$firstposts}) {$plain_post_visiblesql} {$limitsql}");
while ($post = $db->fetch_array($query)) {
$posts[$post['pid']] = $post['pid'];
}
$posts = implode(',', $posts);
}
}
return array("threads" => $threads, "posts" => $posts, "querycache" => '');
}
function xthreads_forumdisplay()
{
global $db, $threadfield_cache, $fid, $mybb, $tf_filters, $xt_filters, $filters_set, $xthreads_forum_filter_form, $xthreads_forum_filter_args;
// the position of the "forumdisplay_start" hook is kinda REALLY annoying...
$fid = (int) $mybb->input['fid'];
if ($fid < 1 || !($forum = get_forum($fid))) {
return;
}
// replicate some MyBB behaviour
if (!isset($mybb->input['sortby']) && !empty($forum['defaultsortby'])) {
$mybb->input['sortby'] = $forum['defaultsortby'];
}
$threadfield_cache = xthreads_gettfcache($fid);
// Quick Thread integration
if (!empty($threadfield_cache) && function_exists('quickthread_run')) {
xthreads_forumdisplay_quickthread();
}
$fpermissions = forum_permissions($fid);
$show_threads = $fpermissions['canview'] == 1 && $fpermissions['canviewthreads'] != 0;
$tf_filters = array();
$filters_set = array('__search' => array('hiddencss' => '', 'visiblecss' => 'display: none;', 'selected' => array('' => ' selected="selected"'), 'checked' => array('' => ' checked="checked"'), 'active' => array('' => 'filtertf_active'), 'nullselected' => ' selected="selected"', 'nullchecked' => ' checked="checked"', 'nullactive' => 'filtertf_active'), '__all' => array('hiddencss' => '', 'visiblecss' => 'display: none;', 'nullselected' => ' selected="selected"', 'nullchecked' => ' checked="checked"', 'nullactive' => 'filtertf_active'));
$xthreads_forum_filter_form = $xthreads_forum_filter_args = '';
$use_default_filter = true;
if (!empty($threadfield_cache)) {
if ($show_threads) {
function xthreads_forumdisplay_dbhook(&$s, &$db)
{
global $threadfield_cache, $fid, $plugins, $threadfields, $xthreads_forum_sort;
//if(empty($threadfield_cache)) return;
$fields = '';
foreach ($threadfield_cache as &$v) {
$fields .= ', tfd.`' . $v['field'] . '` AS `xthreads_' . $v['field'] . '`';
}
$sortjoin = '';
if (!empty($xthreads_forum_sort) && isset($xthreads_forum_sort['sortjoin'])) {
$sortjoin = ' LEFT JOIN ' . $db->table_prefix . $xthreads_forum_sort['sortjoin'];
}
$s = strtr($s, array('SELECT t.*, ' => 'SELECT t.*' . $fields . ', ', 'WHERE t.fid=' => 'LEFT JOIN `' . $db->table_prefix . 'threadfields_data` tfd ON t.tid=tfd.tid' . $sortjoin . ' WHERE t.fid='));
$plugins->add_hook('forumdisplay_thread', 'xthreads_forumdisplay_thread');
$threadfields = array();
}
control_object($db, '
function query($string, $hide_errors=0, $write_query=0) {
static $done=false;
if(!$done && !$write_query && strpos($string, \'SELECT t.*, \') && strpos($string, \'t.username AS threadusername, u.username\') && strpos($string, \'FROM ' . TABLE_PREFIX . 'threads t\')) {
$done = true;
xthreads_forumdisplay_dbhook($string, $this);
}
return parent::query($string, $hide_errors, $write_query);
}
');
}
// also check for forumdisplay filters/sort
// and generate form HTML
foreach ($threadfield_cache as $n => &$tf) {
$filters_set[$n] = array('hiddencss' => '', 'visiblecss' => 'display: none;', 'nullselected' => ' selected="selected"', 'nullchecked' => ' checked="checked"', 'nullactive' => 'filtertf_active');
if ($tf['ignoreblankfilter']) {
// will be overwritten if not blank
$filters_set[$n]['selected'] = array('' => ' selected="selected"');
$filters_set[$n]['checked'] = array('' => ' checked="checked"');
$filters_set[$n]['active'] = array('' => 'filtertf_active');
}
if ($tf['allowfilter'] && isset($mybb->input['filtertf_' . $n]) && xthreads_user_in_groups($tf['viewable_gids'])) {
$tf_filters[$n] = $mybb->input['filtertf_' . $n];
$use_default_filter = false;
// ignore blank inputs
if ($tf['ignoreblankfilter'] && (is_array($tf_filters[$n]) && (empty($tf_filters[$n]) || array_unique($tf_filters[$n]) == array('')) || $tf_filters[$n] === '')) {
unset($tf_filters[$n]);
}
}
}
// sorting by thread fields
if ($mybb->input['sortby'] && substr($mybb->input['sortby'], 0, 2) == 'tf') {
global $xthreads_forum_sort;
if (substr($mybb->input['sortby'], 0, 3) == 'tf_') {
$n = substr($mybb->input['sortby'], 3);
if (isset($threadfield_cache[$n]) && xthreads_empty($threadfield_cache[$n]['multival']) && $threadfield_cache[$n]['inputtype'] != XTHREADS_INPUT_FILE && xthreads_user_in_groups($threadfield_cache[$n]['viewable_gids'])) {
if ($threadfield_cache[$n]['inputtype'] != XTHREADS_INPUT_TEXTAREA) {
// also disallow sorting by textarea inputs
$xthreads_forum_sort = array('t' => 'tfd.', 'sortby' => $mybb->input['sortby'], 'sortfield' => '`' . $n . '`');
}
}
} elseif (substr($mybb->input['sortby'], 0, 4) == 'tfa_') {
$p = strpos($mybb->input['sortby'], '_', 5);
if ($p) {
$field = strtolower(substr($mybb->input['sortby'], 4, $p - 4));
$n = substr($mybb->input['sortby'], $p + 1);
if (isset($threadfield_cache[$n]) && xthreads_empty($threadfield_cache[$n]['multival']) && $threadfield_cache[$n]['inputtype'] == XTHREADS_INPUT_FILE && xthreads_user_in_groups($threadfield_cache[$n]['viewable_gids']) && in_array($field, array('filename', 'filesize', 'uploadtime', 'updatetime', 'downloads'))) {
$xthreads_forum_sort = array('t' => 'xta.', 'sortby' => $mybb->input['sortby'], 'sortfield' => '`' . $field . '`', 'sortjoin' => 'xtattachments xta ON tfd.`' . $n . '`=xta.aid');
}
}
}
}
}
if (!isset($xthreads_forum_sort) && $mybb->input['sortby'] && in_array($mybb->input['sortby'], array('prefix', 'icon', 'lastposter', 'numratings', 'attachmentcount'))) {
global $xthreads_forum_sort;
switch ($mybb->input['sortby']) {
case 'prefix':
if ($mybb->version_code >= 1500) {
$xthreads_forum_sort = array('t' => $mybb->version_code >= 1604 ? 't.' : 'p.', 'sortby' => $mybb->input['sortby'], 'sortfield' => $mybb->input['sortby']);
}
break;
case 'icon':
$xthreads_forum_sort = array('t' => 't.', 'sortby' => $mybb->input['sortby'], 'sortfield' => $mybb->input['sortby']);
break;
case 'lastposter':
case 'numratings':
case 'attachmentcount':
$xthreads_forum_sort = array('t' => 't.', 'sortby' => $mybb->input['sortby'], 'sortfield' => $mybb->input['sortby']);
}
}
$xt_filters = array();
//$enabled_xtf = explode(',', $forum['xthreads_addfiltenable']);
//if(!empty($enabled_xtf)) {
//global $lang;
//foreach($enabled_xtf as &$xtf) {
$enabled_xtf = array('uid', 'icon', 'lastposteruid');
if ($mybb->version_code >= 1500) {
$enabled_xtf[] = 'prefix';
}
foreach ($enabled_xtf as &$xtf) {
$filters_set['__xt_' . $xtf] = array('hiddencss' => '', 'visiblecss' => 'display: none;', 'nullselected' => ' selected="selected"', 'nullchecked' => ' checked="checked"', 'nullactive' => 'filtertf_active');
if (isset($mybb->input['filterxt_' . $xtf]) && $mybb->input['filterxt_' . $xtf] !== '') {
$xt_filters[$xtf] = $mybb->input['filterxt_' . $xtf];
$use_default_filter = false;
}
}
unset($enabled_xtf);
//}
if (function_exists('xthreads_evalcacheForumFilters')) {
$xtforum = xthreads_evalcacheForumFilters($fid);
if ($use_default_filter && (!empty($xtforum['defaultfilter_tf']) || !empty($xtforum['defaultfilter_xt'])) && !$mybb->input['filterdisable']) {
$tf_filters = $xtforum['defaultfilter_tf'];
foreach ($tf_filters as $n => &$filter) {
if (!xthreads_user_in_groups($threadfield_cache[$n]['viewable_gids'])) {
unset($tf_filters[$n]);
continue;
}
}
$xt_filters = $xtforum['defaultfilter_xt'];
}
//unset($enabled_xtf);
}
foreach ($tf_filters as $n => &$filter) {
xthreads_forumdisplay_filter_input('filtertf_' . $n, $filter, $filters_set[$n]);
}
foreach ($xt_filters as $n => &$filter) {
/*
// sanitise input here as we may need to grab extra info
if(is_array($filter))
$filter = array_map('intval', $filter);
else
$filter = (int)$filter;
*/
xthreads_forumdisplay_filter_input('filterxt_' . $n, $filter, $filters_set['__xt_' . $n]);
/*
if(is_array($filter))
$ids = implode(',', $filter);
else
$ids = $filter;
// grab extra info for $filter_set array
switch($n) {
case 'uid': case 'lastposteruid':
// perhaps might be nice if we could merge these two together...
$info = xthreads_forumdisplay_xtfilter_extrainfo('users', array('username'), 'uid', $ids, 'guest');
$filters_set['__xt_'.$n]['name'] = $info['username'];
break;
case 'prefix':
// displaystyles?
if(!$lang->xthreads_no_prefix) $lang->load('xthreads');
$info = xthreads_forumdisplay_xtfilter_extrainfo('threadprefixes', array('prefix', 'displaystyle'), 'pid', $ids, 'xthreads_no_prefix');
$filters_set['__xt_'.$n]['name'] = $info['prefix'];
$filters_set['__xt_'.$n]['displayname'] = $info['displaystyle'];
break;
case 'icon':
// we'll retrieve icons from the cache rather than query the DB
$icons = $GLOBALS['cache']->read('posticons');
if(is_array($filter))
$ids =& $filter;
else
$ids = array($ids);
$filters_set['__xt_'.$n]['name'] = '';
$iconstr =& $filters_set['__xt_'.$n]['name'];
foreach($ids as $id) {
if($id && $icons[$id])
$iconstr .= ($iconstr?', ':'') . htmlspecialchars_uni($icons[$id]['name']);
elseif(!$id) {
if(!$lang->xthreads_no_icon) $lang->load('xthreads');
$iconstr .= ($iconstr?', ':'') . '<em>'.$lang->xthreads_no_icon.'</em>';
}
}
unset($icons);
break;
}
*/
}
unset($filter);
if ($xthreads_forum_filter_args) {
$filters_set['__all']['urlarg'] = htmlspecialchars_uni(substr($xthreads_forum_filter_args, 1));
$filters_set['__all']['urlarga'] = '&' . $filters_set['__all']['urlarg'];
$filters_set['__all']['urlargq'] = '?' . $filters_set['__all']['urlarg'];
$filters_set['__all']['forminput'] = $xthreads_forum_filter_form;
$filters_set['__all']['hiddencss'] = 'display: none;';
$filters_set['__all']['visiblecss'] = '';
unset($filters_set['__all']['nullselected'], $filters_set['__all']['nullchecked'], $filters_set['__all']['nullactive']);
}
if ($forum['xthreads_inlinesearch'] && isset($mybb->input['search']) && $mybb->input['search'] !== '') {
$urlarg = 'search=' . rawurlencode($mybb->input['search']);
$xthreads_forum_filter_args .= '&' . $urlarg;
$GLOBALS['xthreads_forum_search_form'] = '<input type="hidden" name="search" value="' . htmlspecialchars_uni($mybb->input['search']) . '" />';
$filters_set['__search']['forminput'] =& $GLOBALS['xthreads_forum_search_form'];
$filters_set['__search']['value'] = htmlspecialchars_uni($mybb->input['search']);
$filters_set['__search']['urlarg'] = htmlspecialchars_uni($urlarg);
$filters_set['__search']['urlarga'] = '&' . $filters_set['__search']['urlarg'];
$filters_set['__search']['urlargq'] = '?' . $filters_set['__search']['urlarg'];
$filters_set['__search']['selected'] = array($mybb->input['search'] => ' selected="selected"');
$filters_set['__search']['checked'] = array($mybb->input['search'] => ' checked="checked"');
$filters_set['__search']['active'] = array($mybb->input['search'] => 'filtertf_active');
$filters_set['__search']['hiddencss'] = 'display: none;';
$filters_set['__search']['visiblecss'] = '';
unset($filters_set['__search']['nullselected'], $filters_set['__search']['nullchecked'], $filters_set['__search']['nullactive']);
}
if ($show_threads) {
$using_filter = $forum['xthreads_inlinesearch'] || !empty($tf_filters) || !empty($xt_filters);
if ($using_filter || isset($xthreads_forum_sort)) {
// only nice way to do all of this is to gain control of $templates, so let's do it
control_object($GLOBALS['templates'], '
function get($title, $eslashes=1, $htmlcomments=1) {
static $done=false;
if(!$done && $title == \'forumdisplay_orderarrow\') {
$done = true;
' . ($using_filter ? 'xthreads_forumdisplay_filter();' : '') . '
' . (isset($xthreads_forum_sort) ? '
$orderbyhack = xthreads_forumdisplay_sorter();
return $orderbyhack.parent::get($title, $eslashes, $htmlcomments);
' : '') . '
}
return parent::get($title, $eslashes, $htmlcomments);
}
');
/*
if($forum['xthreads_inlinesearch']) {
// give us a bit of a free speed up since this isn't really being used anyway...
$templates->cache['forumdisplay_searchforum'] = '';
}
*/
// generate stuff for pagination/sort-links and fields for forms (sort listboxes, inline search)
}
}
if ($forum['xthreads_fdcolspan_offset']) {
control_object($GLOBALS['cache'], '
function read($name, $hard=false) {
static $done=false;
if(!$done && $name == "posticons" && isset($GLOBALS["colspan"])) {
$done = true;
$GLOBALS["colspan"] += $GLOBALS["foruminfo"]["xthreads_fdcolspan_offset"];
}
return parent::read($name, $hard);
}
');
}
}
/**
* Build a list of forums for RSS multiselect.
*
* @param int Parent forum ID.
* @param unknown_type deprecated
* @param boolean Whether to add selected attribute or not.
* @param string HTML for the depth of the forum.
* @return string HTML of the list of forums for CSS.
*/
function makesyndicateforums($pid = "0", $selitem = "", $addselect = "1", $depth = "")
{
global $db, $forumcache, $permissioncache, $mybb, $forumlist, $forumlistbits, $flist, $lang, $unexp, $templates;
$pid = (int) $pid;
$forumlist = '';
if (!is_array($forumcache)) {
// Get Forums
$query = $db->simple_select("forums", "*", "linkto = '' AND active!=0", array('order_by' => 'pid, disporder'));
while ($forum = $db->fetch_array($query)) {
$forumcache[$forum['pid']][$forum['disporder']][$forum['fid']] = $forum;
}
}
if (!is_array($permissioncache)) {
$permissioncache = forum_permissions();
}
if (is_array($forumcache[$pid])) {
foreach ($forumcache[$pid] as $key => $main) {
foreach ($main as $key => $forum) {
$perms = $permissioncache[$forum['fid']];
if ($perms['canview'] == 1 || $mybb->settings['hideprivateforums'] == 0) {
$optionselected = '';
if (isset($flist[$forum['fid']])) {
$optionselected = 'selected="selected"';
$selecteddone = "1";
}
if ($forum['password'] == '' && !in_array($forum['fid'], $unexp) || $forum['password'] && isset($mybb->cookies['forumpass'][$forum['fid']]) && $mybb->cookies['forumpass'][$forum['fid']] === md5($mybb->user['uid'] . $forum['password'])) {
$forumlistbits .= "<option value=\"{$forum['fid']}\" {$optionselected}>{$depth} {$forum['name']}</option>\n";
}
if (!empty($forumcache[$forum['fid']])) {
$newdepth = $depth . " ";
$forumlistbits .= makesyndicateforums($forum['fid'], '', 0, $newdepth);
}
}
}
}
}
if ($addselect) {
$addsel = '';
if (empty($selecteddone)) {
$addsel = ' selected="selected"';
}
eval("\$forumlist = \"" . $templates->get("misc_syndication_forumlist") . "\";");
}
return $forumlist;
}
function save_raw_post_func($xmlrpc_params)
{
global $db, $lang, $theme, $plugins, $mybb, $session, $settings, $cache, $time, $mybbgroups;
$lang->load("editpost");
$input = Tapatalk_Input::filterXmlInput(array('post_id' => Tapatalk_Input::INT, 'post_title' => Tapatalk_Input::STRING, 'post_content' => Tapatalk_Input::STRING, 'return_html' => Tapatalk_Input::INT, 'attachment_id_array' => Tapatalk_Input::RAW, 'group_id' => Tapatalk_Input::STRING, 'editreason' => Tapatalk_Input::STRING), $xmlrpc_params);
$parser = new postParser();
// No permission for guests
if (!$mybb->user['uid']) {
return tt_no_permission();
}
// Get post info
$pid = $input['post_id'];
$query = $db->simple_select("posts", "*", "pid='{$pid}'");
$post = $db->fetch_array($query);
if (empty($input['post_title'])) {
$input['post_title'] = $post['subject'];
}
if (!$post['pid']) {
return xmlrespfalse($lang->error_invalidpost);
}
// Get thread info
$tid = $post['tid'];
$thread = get_thread($tid);
if (!$thread['tid']) {
return xmlrespfalse($lang->error_invalidthread);
}
$thread['subject'] = htmlspecialchars_uni($thread['subject']);
// Get forum info
$fid = $post['fid'];
$forum = get_forum($fid);
if (!$forum || $forum['type'] != "f") {
return xmlrespfalse($lang->error_closedinvalidforum);
}
if ($forum['open'] == 0 || $mybb->user['suspendposting'] == 1) {
return tt_no_permission();
}
$forumpermissions = forum_permissions($fid);
if (!is_moderator($fid, "caneditposts")) {
if ($thread['closed'] == 1) {
return xmlrespfalse($lang->redirect_threadclosed);
}
if ($forumpermissions['caneditposts'] == 0) {
return tt_no_permission();
}
if ($mybb->user['uid'] != $post['uid']) {
return tt_no_permission();
}
// Edit time limit
$time = TIME_NOW;
if ($mybb->settings['edittimelimit'] != 0 && $post['dateline'] < $time - $mybb->settings['edittimelimit'] * 60) {
$lang->edit_time_limit = $lang->sprintf($lang->edit_time_limit, $mybb->settings['edittimelimit']);
return xmlrespfalse($lang->edit_time_limit);
}
}
// Check if this forum is password protected and we have a valid password
tt_check_forum_password($forum['fid']);
// Set up posthandler.
require_once MYBB_ROOT . "inc/datahandlers/post.php";
$posthandler = new PostDataHandler("update");
$posthandler->action = "post";
// Set the post data that came from the input to the $post array.
$post = array("pid" => $pid, "subject" => $input['post_title'], "uid" => $mybb->user['uid'], "username" => $mybb->user['username'], "edit_uid" => $mybb->user['uid'], "message" => $input['post_content']);
if (version_compare($mybb->version, '1.8.0', '>=') && !empty($input['editreason'])) {
$post["editreason"] = $input['editreason'];
}
// get subscription status
$query = $db->simple_select("threadsubscriptions", 'notification', "uid='" . intval($mybb->user['uid']) . "' AND tid='" . intval($tid) . "'");
$substatus = $db->fetch_array($query);
// Set up the post options from the input.
$post['options'] = array("signature" => 1, "subscriptionmethod" => isset($substatus['notification']) ? $substatus['notification'] == 1 ? 'instant' : 'none' : '', "disablesmilies" => 0);
$posthandler->set_data($post);
// Now let the post handler do all the hard work.
if (!$posthandler->validate_post()) {
$post_errors = $posthandler->get_friendly_errors();
return xmlrespfalse(implode(" :: ", $post_errors));
} else {
$postinfo = $posthandler->update_post();
$visible = $postinfo['visible'];
$first_post = $postinfo['first_post'];
// Help keep our attachments table clean.
$db->delete_query("attachments", "filename='' OR filesize<1");
if ($visible == 0 && $first_post && !is_moderator($fid, "", $mybb->user['uid'])) {
$state = 1;
} else {
if ($visible == 0 && !is_moderator($fid, "", $mybb->user['uid'])) {
$state = 1;
} else {
$state = 0;
}
}
}
$pid = intval($pid);
if (!empty($input['group_id_esc'])) {
$db->update_query("attachments", array("pid" => $pid), "posthash='{$input['group_id_esc']}'");
}
// update thread attachment account
if (count($input['attachment_id_array']) > 0) {
update_thread_counters($tid, array("attachmentcount" => "+" . count($input['attachment_id_array'])));
}
$post = get_post($pid);
$parser_options = array();
$parser_options['allow_html'] = false;
$parser_options['allow_mycode'] = true;
$parser_options['allow_smilies'] = false;
$parser_options['allow_imgcode'] = true;
$parser_options['allow_videocode'] = true;
$parser_options['nl2br'] = (bool) $input['return_html'];
$parser_options['filter_badwords'] = 1;
if (!$post['username']) {
$post['username'] = $lang->guest;
}
if ($post['userusername']) {
$parser_options['me_username'] = $post['userusername'];
} else {
$parser_options['me_username'] = $post['username'];
}
$post['message'] = $parser->parse_message($post['message'], $parser_options);
$post['subject'] = $parser->parse_badwords($post['subject']);
$result = new xmlrpcval(array('result' => new xmlrpcval(true, 'boolean'), 'result_text' => new xmlrpcval('', 'base64'), 'state' => new xmlrpcval($state, 'int'), 'post_title' => new xmlrpcval($post['subject'], 'base64'), 'post_content' => new xmlrpcval(process_post($post['message'], $input['return_html']), 'base64')), 'struct');
return new xmlrpcresp($result);
}
function get_announcement_func($xmlrpc_params)
{
global $db, $lang, $mybb, $position, $plugins, $pids, $groupscache;
$input = Tapatalk_Input::filterXmlInput(array('topic_id' => Tapatalk_Input::STRING, 'start_num' => Tapatalk_Input::INT, 'last_num' => Tapatalk_Input::INT, 'return_html' => Tapatalk_Input::INT), $xmlrpc_params);
$parser = new Tapatalk_Parser();
// Load global language phrases
$lang->load("announcements");
$aid = intval($_GET['aid']);
// Get announcement fid
$query = $db->simple_select("announcements", "fid", "aid='{$aid}'");
$announcement = $db->fetch_array($query);
$plugins->run_hooks("announcements_start");
if (!$announcement) {
error($lang->error_invalidannouncement);
}
// Get forum info
$fid = $announcement['fid'];
if ($fid > 0) {
$forum = get_forum($fid);
if (!$forum) {
error($lang->error_invalidforum);
}
// Make navigation
build_forum_breadcrumb($forum['fid']);
// Permissions
$forumpermissions = forum_permissions($forum['fid']);
if ($forumpermissions['canview'] == 0 || $forumpermissions['canviewthreads'] == 0) {
error_no_permission();
}
// Check if this forum is password protected and we have a valid password
check_forum_password($forum['fid']);
}
add_breadcrumb($lang->nav_announcements);
$archive_url = build_archive_link("announcement", $aid);
// Get announcement info
$time = TIME_NOW;
$query = $db->query("\n\t\tSELECT u.*, u.username AS userusername, a.*, f.*\n\t\tFROM " . TABLE_PREFIX . "announcements a\n\t\tLEFT JOIN " . TABLE_PREFIX . "users u ON (u.uid=a.uid)\n\t\tLEFT JOIN " . TABLE_PREFIX . "userfields f ON (f.ufid=u.uid)\n\t\tWHERE a.startdate<='{$time}' AND (a.enddate>='{$time}' OR a.enddate='0') AND a.aid='{$aid}'\n\t");
$announcementarray = $db->fetch_array($query);
if (!$announcementarray) {
error($lang->error_invalidannouncement);
}
// Gather usergroup data from the cache
// Field => Array Key
$data_key = array('title' => 'grouptitle', 'usertitle' => 'groupusertitle', 'stars' => 'groupstars', 'starimage' => 'groupstarimage', 'image' => 'groupimage', 'namestyle' => 'namestyle', 'usereputationsystem' => 'usereputationsystem');
foreach ($data_key as $field => $key) {
$announcementarray[$key] = $groupscache[$announcementarray['usergroup']][$field];
}
$announcementarray['dateline'] = $announcementarray['startdate'];
$announcementarray['userusername'] = $announcementarray['username'];
$announcement = build_postbit($announcementarray, 3);
$announcementarray['subject'] = $parser->parse_badwords($announcementarray['subject']);
$lang->forum_announcement = $lang->sprintf($lang->forum_announcement, htmlspecialchars_uni($announcementarray['subject']));
if ($announcementarray['startdate'] > $mybb->user['lastvisit']) {
$setcookie = true;
if (isset($mybb->cookies['mybb']['announcements']) && is_scalar($mybb->cookies['mybb']['announcements'])) {
$cookie = my_unserialize(stripslashes($mybb->cookies['mybb']['announcements']));
if (isset($cookie[$announcementarray['aid']])) {
$setcookie = false;
}
}
if ($setcookie) {
my_set_array_cookie('announcements', $announcementarray['aid'], $announcementarray['startdate'], -1);
}
}
$user_info = get_user($announcementarray['aid']);
$icon_url = absolute_url($user_info['avatar']);
// prepare xmlrpc return
$xmlrpc_post = new xmlrpcval(array('topic_id' => new xmlrpcval('ann_' . $announcementarray['aid']), 'post_title' => new xmlrpcval(basic_clean($announcementarray['subject']), 'base64'), 'post_content' => new xmlrpcval(process_post($announcementarray['message'], $input['return_html']), 'base64'), 'post_author_id' => new xmlrpcval($announcementarray['uid']), 'post_author_name' => new xmlrpcval(basic_clean($announcementarray['username']), 'base64'), 'user_type' => new xmlrpcval(check_return_user_type($announcementarray['username']), 'base64'), 'icon_url' => new xmlrpcval(absolute_url($icon_url)), 'post_time' => new xmlrpcval(mobiquo_iso8601_encode($announcementarray['dateline']), 'dateTime.iso8601'), 'timestamp' => new xmlrpcval($announcementarray['dateline'], 'string')), 'struct');
$result = array('total_post_num' => new xmlrpcval(1, 'int'), 'can_reply' => new xmlrpcval(false, 'boolean'), 'can_subscribe' => new xmlrpcval(false, 'boolean'), 'posts' => new xmlrpcval(array($xmlrpc_post), 'array'));
return new xmlrpcresp(new xmlrpcval($result, 'struct'));
}
$query = $db->simple_select("forums", "*", "fid='{$fid}'");
$forum = $db->fetch_array($query);
$sperms = $permission_data;
$sql = build_parent_list($fid);
$query = $db->simple_select("forumpermissions", "*", "{$sql} AND gid='{$gid}'");
$customperms = $db->fetch_array($query);
if ($permission_data['pid']) {
$permission_data['usecustom'] = 1;
echo $form->generate_hidden_field("pid", $pid);
} else {
echo $form->generate_hidden_field("fid", $fid);
echo $form->generate_hidden_field("gid", $gid);
if (!$customperms['pid']) {
$permission_data = usergroup_permissions($gid);
} else {
$permission_data = forum_permissions($fid, 0, $gid);
}
}
}
$groups = array('canviewthreads' => 'viewing', 'canview' => 'viewing', 'canonlyviewownthreads' => 'viewing', 'candlattachments' => 'viewing', 'canpostthreads' => 'posting_rating', 'canpostreplys' => 'posting_rating', 'canonlyreplyownthreads' => 'posting_rating', 'canpostattachments' => 'posting_rating', 'canratethreads' => 'posting_rating', 'caneditposts' => 'editing', 'candeleteposts' => 'editing', 'candeletethreads' => 'editing', 'caneditattachments' => 'editing', 'modposts' => 'moderate', 'modthreads' => 'moderate', 'modattachments' => 'moderate', 'mod_edit_posts' => 'moderate', 'canpostpolls' => 'polls', 'canvotepolls' => 'polls', 'cansearch' => 'misc');
$groups = $plugins->run_hooks("admin_forum_management_permission_groups", $groups);
$tabs = array();
foreach (array_unique(array_values($groups)) as $group) {
$lang_group = "group_" . $group;
$tabs[$group] = $lang->{$lang_group};
}
if ($mybb->input['ajax'] == 1) {
$page->output_tab_control($tabs, false, "tabs2");
} else {
$page->output_tab_control($tabs);
}
function xthreads_upload_attachments_global()
{
//if($mybb->request_method == 'post' && ($current_page == 'newthread.php' || ($current_page == 'editpost.php' && $mybb->input['action'] != 'deletepost'))
// the above line is always checked and true
global $mybb, $current_page, $thread;
if ($current_page == 'editpost.php') {
// check if first post
$pid = (int) $mybb->input['pid'];
if (!$thread) {
$post = get_post($pid);
if (!empty($post)) {
$thread = get_thread($post['tid']);
}
if (empty($thread)) {
return;
}
$pid = $post['pid'];
}
if ($thread['firstpost'] != $pid) {
return;
}
} elseif ($mybb->input['tid']) {
/* ($mybb->input['action'] == 'editdraft' || $mybb->input['action'] == 'savedraft') && */
$thread = get_thread((int) $mybb->input['tid']);
if ($thread['visible'] != -2 || $thread['uid'] != $mybb->user['uid']) {
// ensure that this is, indeed, a draft
unset($GLOBALS['thread']);
}
}
// permissions check - ideally, should get MyBB to do this, but I see no easy way to implement it unfortunately
if ($mybb->user['suspendposting'] == 1) {
return;
}
if ($thread['fid']) {
$fid = $thread['fid'];
} else {
$fid = (int) $mybb->input['fid'];
}
$forum = get_forum($fid);
if (!$forum['fid'] || $forum['open'] == 0 || $forum['type'] != 'f') {
return;
}
$forumpermissions = forum_permissions($fid);
if ($forumpermissions['canview'] == 0) {
return;
}
if ($current_page == 'newthread.php' && $forumpermissions['canpostthreads'] == 0) {
return;
} elseif ($current_page == 'editpost.php') {
if (!is_moderator($fid, 'caneditposts')) {
if ($thread['closed'] == 1 || $forumpermissions['caneditposts'] == 0 || $mybb->user['uid'] != $thread['uid']) {
return;
}
if ($mybb->settings['edittimelimit'] != 0 && $thread['dateline'] < TIME_NOW - $mybb->settings['edittimelimit'] * 60) {
return;
}
}
}
if (!verify_post_check($mybb->input['my_post_key'], true)) {
return;
}
check_forum_password($forum['fid']);
xthreads_upload_attachments();
}
function firstpreview_ajax()
{
global $mybb, $db, $lang, $charset;
// Get the first post
if (isset($mybb->input['firstpost']) && $mybb->input['firstpost'] == 1 && $mybb->request_method == "post") {
$thread = get_thread((int) $mybb->input['tid']);
$permissions = forum_permissions($thread['fid']);
require_once MYBB_ROOT . "inc/class_parser.php";
$parser = new postParser();
$post = get_post($thread['firstpost']);
$forum = get_forum($thread['fid']);
$user = get_user($post['uid']);
$thread['subject'] = htmlspecialchars_uni($parser->parse_badwords($thread['subject']));
$threaddate = my_date($mybb->settings['dateformat'], $thread['dateline']);
$threadtime = my_date($mybb->settings['timeformat'], $thread['dateline']);
$threadposted = ' (' . $threaddate . ', ' . $threadtime . ')';
$parser_options['allow_html'] = $forum['allowhtml'];
$parser_options['allow_mycode'] = $forum['allowmycode'];
$parser_options['allow_smilies'] = $forum['allowsmilies'];
$parser_options['allow_imgcode'] = $forum['allowimgcode'];
$parser_options['allow_videocode'] = $forum['allowvideocode'];
$parser_options['filter_badwords'] = 1;
$id = 0;
$post['message'] = $parser->parse_message($post['message'], $parser_options);
if (isset($mybb->settings['firstpreview_html']) && $mybb->settings['firstpreview_html'] != 1) {
$post['message'] = strip_tags($post['message'], "<br><p><ul><ol><li>");
}
if (!empty($mybb->settings['firstpreview_length']) && $mybb->settings['firstpreview_length'] != "0" && my_strlen($post['message']) > (int) $mybb->settings['firstpreview_length']) {
$post['message'] = my_substr($post['message'], 0, (int) $mybb->settings['firstpreview_length']) . '...';
}
if (isset($permissions['canviewthreads']) && $permissions['canviewthreads'] == 1) {
$preview = "<div class=\"fpreview\"><span id=\"close_preview\">❌</span>\n\t\t\t<div class=\"thead\" style=\"text-align:center; font-weight:bold; min-height:20px;\">" . $thread['subject'] . "</div>\n\t\t\t<div class=\"tcat\" style=\"padding-left:10px; height: 10%;\">" . build_profile_link(format_name(htmlspecialchars_uni($post['username']), (int) $user['usergroup'], (int) $user['displaygroup']), (int) $post['uid']) . "<span class=\"smalltext\">" . $threadposted . "</span></div>\n\t\t\t<div class=\"prev_content\">" . $post['message'] . "</div>\n\t\t\t</div>";
} else {
$lang->load("messages");
$preview = "<div class=\"fpreview\"><span id=\"close_preview\">❌</span><div class=\"prev_content\" style=\"text-align:center;\">" . $lang->error_nopermission_user_ajax . "</div></div>";
}
header("Content-type: text/plain; charset={$charset}");
echo $preview;
exit;
}
// Get the last post
if (isset($mybb->settings['firstpreview_last']) && $mybb->settings['firstpreview_last'] != 0 && isset($mybb->input['lastpost']) && $mybb->input['lastpost'] == 1 && $mybb->request_method == "post") {
$thread = get_thread((int) $mybb->input['tid']);
$tid = (int) $thread['tid'];
$permissions = forum_permissions($thread['fid']);
require_once MYBB_ROOT . "inc/class_parser.php";
$parser = new postParser();
$lastposter = (int) $thread['lastposteruid'];
$lastposttime = (int) $thread['lastpost'];
$query = $db->simple_select('posts', '*', "uid = '" . $lastposter . "' AND dateline = '" . $lastposttime . "' AND tid = '" . $tid . "'");
$post = $db->fetch_array($query);
$forum = get_forum($thread['fid']);
$user = get_user($post['uid']);
$thread['subject'] = htmlspecialchars_uni($parser->parse_badwords($thread['subject']));
$lastdate = my_date($mybb->settings['dateformat'], $lastposttime);
$lasttime = my_date($mybb->settings['timeformat'], $lastposttime);
$lastposted = ' (' . $lastdate . ', ' . $lasttime . ')';
$parser_options['allow_html'] = $forum['allowhtml'];
$parser_options['allow_mycode'] = $forum['allowmycode'];
$parser_options['allow_smilies'] = $forum['allowsmilies'];
$parser_options['allow_imgcode'] = $forum['allowimgcode'];
$parser_options['allow_videocode'] = $forum['allowvideocode'];
$parser_options['filter_badwords'] = 1;
$id = 0;
$post['message'] = $parser->parse_message($post['message'], $parser_options);
if (isset($mybb->settings['firstpreview_html']) && $mybb->settings['firstpreview_html'] != 1) {
$post['message'] = strip_tags($post['message'], "<br><p><ul><ol><li>");
}
if (!empty($mybb->settings['firstpreview_length']) && $mybb->settings['firstpreview_length'] != "0" && my_strlen($post['message']) > (int) $mybb->settings['firstpreview_length']) {
$post['message'] = my_substr($post['message'], 0, (int) $mybb->settings['firstpreview_length']) . '...';
}
if (isset($permissions['canviewthreads']) && $permissions['canviewthreads'] == 1) {
$lang->load("forumdisplay");
$preview = "<div class=\"fpreview\"><span id=\"close_preview\">❌</span>\n\t\t\t<div class=\"thead\" style=\"text-align:center; font-weight:bold; min-height:20px;\">" . $thread['subject'] . "</div>\n\t\t\t<div class=\"tcat\" style=\"padding-left:10px; padding-right:10px;\">" . build_profile_link(format_name(htmlspecialchars_uni($post['username']), (int) $user['usergroup'], (int) $user['displaygroup']), (int) $post['uid']) . "<span class=\"smalltext\">" . $lastposted . "<span class=\"float_right\"><strong>" . $lang->lastpost . "</strong></span></span></div>\n\t\t\t<div class=\"prev_content\">" . $post['message'] . "</div>\n\t\t\t</div>";
} else {
$lang->load("messages");
$preview = "<div class=\"fpreview\"><span id=\"close_preview\">❌</span><div class=\"prev_content\" style=\"text-align:center;\">" . $lang->error_nopermission_user_ajax . "</div></div>";
}
header("Content-type: text/plain; charset={$charset}");
echo $preview;
exit;
}
}
$query = $db->query("\n\t\tSELECT p.pid, p.message, p.tid, p.smilieoff\n\t\tFROM " . TABLE_PREFIX . "posts p\n\t\tLEFT JOIN " . TABLE_PREFIX . "threads t ON (t.tid=p.tid)\n\t\tWHERE t.fid IN (" . $announcementsfids . "){$tunviewwhere} AND t.visible='1' AND t.closed NOT LIKE 'moved|%' AND t.firstpost=p.pid\n\t\tORDER BY t.dateline DESC\n\t\tLIMIT 0, {$numannouncements}");
while ($getid = $db->fetch_array($query)) {
$pids .= ",'{$getid['pid']}'";
$tids .= ",'{$getid['tid']}'";
$posts[$getid['tid']] = $getid;
}
if (!empty($posts)) {
$pids = "pid IN(0{$pids})";
// Now lets fetch all of the attachments for these posts
$query = $db->simple_select("attachments", "*", $pids);
while ($attachment = $db->fetch_array($query)) {
$attachcache[$attachment['pid']][$attachment['aid']] = $attachment;
}
if (is_array($forum)) {
foreach ($forum as $fid => $forumrow) {
$forumpermissions[$fid] = forum_permissions($fid);
}
}
$icon_cache = $cache->read("posticons");
$query = $db->query("\n\t\t\tSELECT t.*, t.username AS threadusername, u.username, u.avatar, u.avatardimensions\n\t\t\tFROM " . TABLE_PREFIX . "threads t\n\t\t\tLEFT JOIN " . TABLE_PREFIX . "users u ON (u.uid = t.uid)\n\t\t\tWHERE t.fid IN (" . $announcementsfids . ") AND t.tid IN (0{$tids}) AND t.visible='1' AND t.closed NOT LIKE 'moved|%'\n\t\t\tORDER BY t.dateline DESC\n\t\t\tLIMIT 0, {$numannouncements}");
while ($announcement = $db->fetch_array($query)) {
// Make sure we can view this announcement
if ($forumpermissions[$announcement['fid']]['canview'] == 0 || $forumpermissions[$announcement['fid']]['canviewthreads'] == 0 || $forumpermissions[$announcement['fid']]['canonlyviewownthreads'] == 1 && $announcement['uid'] != $mybb->user['uid']) {
continue;
}
$announcement['message'] = $posts[$announcement['tid']]['message'];
$announcement['pid'] = $posts[$announcement['tid']]['pid'];
$announcement['smilieoff'] = $posts[$announcement['tid']]['smilieoff'];
$announcement['threadlink'] = get_thread_link($announcement['tid']);
if ($announcement['uid'] == 0) {
$profilelink = htmlspecialchars_uni($announcement['threadusername']);
$query = $db->simple_select("attachments", "*", "aid='{$aid}'");
} else {
$query = $db->simple_select("attachments", "*", "pid='{$pid}'");
}
$attachment = $db->fetch_array($query);
$pid = $attachment['pid'];
$post = get_post($pid);
$thread = get_thread($post['tid']);
if (!$thread['tid'] && !$mybb->input['thumbnail']) {
error($lang->error_invalidthread);
}
$fid = $thread['fid'];
// Get forum info
$forum = get_forum($fid);
// Permissions
$forumpermissions = forum_permissions($fid);
if ($forumpermissions['canview'] == 0 || $forumpermissions['canviewthreads'] == 0 || $forumpermissions['canonlyviewownthreads'] != 0 && $thread['uid'] != $mybb->user['uid'] || $forumpermissions['candlattachments'] == 0 && !$mybb->input['thumbnail']) {
error_no_permission();
}
// Error if attachment is invalid or not visible
if (!$attachment['aid'] || !$attachment['attachname'] || !is_moderator($fid) && ($attachment['visible'] != 1 || $thread['visible'] != 1 || $post['visible'] != 1)) {
error($lang->error_invalidattachment);
}
if (!$mybb->input['thumbnail']) {
$attachupdate = array("downloads" => $attachment['downloads'] + 1);
$db->update_query("attachments", $attachupdate, "aid='{$attachment['aid']}'");
}
// basename isn't UTF-8 safe. This is a workaround.
$attachment['filename'] = ltrim(basename(' ' . $attachment['filename']));
$plugins->run_hooks("attachment_end");
if ($mybb->input['thumbnail']) {
/**
* Upload an attachment in to the file system
*
* @param array $attachment Attachment data (as fed by PHPs $_FILE)
* @param boolean $update_attachment Whether or not we are updating a current attachment or inserting a new one
* @return array Array of attachment data if successful, otherwise array of error data
*/
function upload_attachment($attachment, $update_attachment = false)
{
global $mybb, $db, $theme, $templates, $posthash, $pid, $tid, $forum, $mybb, $lang, $plugins, $cache;
$posthash = $db->escape_string($mybb->get_input('posthash'));
$pid = (int) $pid;
if (isset($attachment['error']) && $attachment['error'] != 0) {
$ret['error'] = $lang->error_uploadfailed . $lang->error_uploadfailed_detail;
switch ($attachment['error']) {
case 1:
// UPLOAD_ERR_INI_SIZE
$ret['error'] .= $lang->error_uploadfailed_php1;
break;
case 2:
// UPLOAD_ERR_FORM_SIZE
$ret['error'] .= $lang->error_uploadfailed_php2;
break;
case 3:
// UPLOAD_ERR_PARTIAL
$ret['error'] .= $lang->error_uploadfailed_php3;
break;
case 4:
// UPLOAD_ERR_NO_FILE
$ret['error'] .= $lang->error_uploadfailed_php4;
break;
case 6:
// UPLOAD_ERR_NO_TMP_DIR
$ret['error'] .= $lang->error_uploadfailed_php6;
break;
case 7:
// UPLOAD_ERR_CANT_WRITE
$ret['error'] .= $lang->error_uploadfailed_php7;
break;
default:
$ret['error'] .= $lang->sprintf($lang->error_uploadfailed_phpx, $attachment['error']);
break;
}
return $ret;
}
if (!is_uploaded_file($attachment['tmp_name']) || empty($attachment['tmp_name'])) {
$ret['error'] = $lang->error_uploadfailed . $lang->error_uploadfailed_php4;
return $ret;
}
$attachtypes = $cache->read('attachtypes');
$attachment = $plugins->run_hooks("upload_attachment_start", $attachment);
$ext = get_extension($attachment['name']);
// Check if we have a valid extension
if (!isset($attachtypes[$ext])) {
$ret['error'] = $lang->error_attachtype;
return $ret;
} else {
$attachtype = $attachtypes[$ext];
}
// Check the size
if ($attachment['size'] > $attachtype['maxsize'] * 1024 && $attachtype['maxsize'] != "") {
$ret['error'] = $lang->sprintf($lang->error_attachsize, $attachtype['maxsize']);
return $ret;
}
// Double check attachment space usage
if ($mybb->usergroup['attachquota'] > 0) {
$query = $db->simple_select("attachments", "SUM(filesize) AS ausage", "uid='" . $mybb->user['uid'] . "'");
$usage = $db->fetch_array($query);
$usage = $usage['ausage'] + $attachment['size'];
if ($usage > $mybb->usergroup['attachquota'] * 1024) {
$friendlyquota = get_friendly_size($mybb->usergroup['attachquota'] * 1024);
$ret['error'] = $lang->sprintf($lang->error_reachedattachquota, $friendlyquota);
return $ret;
}
}
// Gather forum permissions
$forumpermissions = forum_permissions($forum['fid']);
// Check if an attachment with this name is already in the post
if ($pid != 0) {
$uploaded_query = "pid='{$pid}'";
} else {
$uploaded_query = "posthash='{$posthash}'";
}
$query = $db->simple_select("attachments", "*", "filename='" . $db->escape_string($attachment['name']) . "' AND " . $uploaded_query);
$prevattach = $db->fetch_array($query);
if ($prevattach['aid'] && $update_attachment == false) {
if (!$mybb->usergroup['caneditattachments'] && !$forumpermissions['caneditattachments']) {
$ret['error'] = $lang->error_alreadyuploaded_perm;
return $ret;
}
$ret['error'] = $lang->error_alreadyuploaded;
return $ret;
}
// Check to see how many attachments exist for this post already
if ($mybb->settings['maxattachments'] > 0 && $update_attachment == false) {
$query = $db->simple_select("attachments", "COUNT(aid) AS numattachs", $uploaded_query);
$attachcount = $db->fetch_field($query, "numattachs");
if ($attachcount >= $mybb->settings['maxattachments']) {
$ret['error'] = $lang->sprintf($lang->error_maxattachpost, $mybb->settings['maxattachments']);
return $ret;
}
}
$month_dir = '';
if ($mybb->safemode == false) {
// Check if the attachment directory (YYYYMM) exists, if not, create it
$month_dir = gmdate("Ym");
if (!@is_dir($mybb->settings['uploadspath'] . "/" . $month_dir)) {
@mkdir($mybb->settings['uploadspath'] . "/" . $month_dir);
// Still doesn't exist - oh well, throw it in the main directory
if (!@is_dir($mybb->settings['uploadspath'] . "/" . $month_dir)) {
$month_dir = '';
}
}
}
// All seems to be good, lets move the attachment!
$filename = "post_" . $mybb->user['uid'] . "_" . TIME_NOW . "_" . md5(random_str()) . ".attach";
$file = upload_file($attachment, $mybb->settings['uploadspath'] . "/" . $month_dir, $filename);
// Failed to create the attachment in the monthly directory, just throw it in the main directory
if (!empty($file['error']) && $month_dir) {
$file = upload_file($attachment, $mybb->settings['uploadspath'] . '/', $filename);
} elseif ($month_dir) {
$filename = $month_dir . "/" . $filename;
}
if (!empty($file['error'])) {
$ret['error'] = $lang->error_uploadfailed . $lang->error_uploadfailed_detail;
switch ($file['error']) {
case 1:
$ret['error'] .= $lang->error_uploadfailed_nothingtomove;
break;
case 2:
$ret['error'] .= $lang->error_uploadfailed_movefailed;
break;
}
return $ret;
}
// Lets just double check that it exists
if (!file_exists($mybb->settings['uploadspath'] . "/" . $filename)) {
$ret['error'] = $lang->error_uploadfailed . $lang->error_uploadfailed_detail . $lang->error_uploadfailed_lost;
return $ret;
}
// Generate the array for the insert_query
$attacharray = array("pid" => $pid, "posthash" => $posthash, "uid" => $mybb->user['uid'], "filename" => $db->escape_string($file['original_filename']), "filetype" => $db->escape_string($file['type']), "filesize" => (int) $file['size'], "attachname" => $filename, "downloads" => 0, "dateuploaded" => TIME_NOW);
// If we're uploading an image, check the MIME type compared to the image type and attempt to generate a thumbnail
if ($ext == "gif" || $ext == "png" || $ext == "jpg" || $ext == "jpeg" || $ext == "jpe") {
// Check a list of known MIME types to establish what kind of image we're uploading
switch (my_strtolower($file['type'])) {
case "image/gif":
$img_type = 1;
break;
case "image/jpeg":
case "image/x-jpg":
case "image/x-jpeg":
case "image/pjpeg":
case "image/jpg":
$img_type = 2;
break;
case "image/png":
case "image/x-png":
$img_type = 3;
break;
default:
$img_type = 0;
}
$supported_mimes = array();
foreach ($attachtypes as $attachtype) {
if (!empty($attachtype['mimetype'])) {
$supported_mimes[] = $attachtype['mimetype'];
}
}
// Check if the uploaded file type matches the correct image type (returned by getimagesize)
$img_dimensions = @getimagesize($mybb->settings['uploadspath'] . "/" . $filename);
$mime = "";
$file_path = $mybb->settings['uploadspath'] . "/" . $filename;
if (function_exists("finfo_open")) {
$file_info = finfo_open(FILEINFO_MIME);
list($mime, ) = explode(';', finfo_file($file_info, MYBB_ROOT . $file_path), 1);
finfo_close($file_info);
} else {
if (function_exists("mime_content_type")) {
$mime = mime_content_type(MYBB_ROOT . $file_path);
}
}
if (!is_array($img_dimensions) || $img_dimensions[2] != $img_type && !in_array($mime, $supported_mimes)) {
delete_uploaded_file($mybb->settings['uploadspath'] . "/" . $filename);
$ret['error'] = $lang->error_uploadfailed;
return $ret;
}
require_once MYBB_ROOT . "inc/functions_image.php";
$thumbname = str_replace(".attach", "_thumb.{$ext}", $filename);
$attacharray = $plugins->run_hooks("upload_attachment_thumb_start", $attacharray);
$thumbnail = generate_thumbnail($mybb->settings['uploadspath'] . "/" . $filename, $mybb->settings['uploadspath'], $thumbname, $mybb->settings['attachthumbh'], $mybb->settings['attachthumbw']);
if ($thumbnail['filename']) {
$attacharray['thumbnail'] = $thumbnail['filename'];
} elseif ($thumbnail['code'] == 4) {
$attacharray['thumbnail'] = "SMALL";
}
}
if ($forumpermissions['modattachments'] == 1 && !is_moderator($forum['fid'], "canapproveunapproveattachs")) {
$attacharray['visible'] = 0;
} else {
$attacharray['visible'] = 1;
}
$attacharray = $plugins->run_hooks("upload_attachment_do_insert", $attacharray);
if ($prevattach['aid'] && $update_attachment == true) {
unset($attacharray['downloads']);
// Keep our download count if we're updating an attachment
$db->update_query("attachments", $attacharray, "aid='" . $db->escape_string($prevattach['aid']) . "'");
// Remove old attachment file
// Check if this attachment is referenced in any other posts. If it isn't, then we are safe to delete the actual file.
$query = $db->simple_select("attachments", "COUNT(aid) as numreferences", "attachname='" . $db->escape_string($prevattach['attachname']) . "'");
if ($db->fetch_field($query, "numreferences") == 0) {
delete_uploaded_file($mybb->settings['uploadspath'] . "/" . $prevattach['attachname']);
if ($prevattach['thumbnail']) {
delete_uploaded_file($mybb->settings['uploadspath'] . "/" . $prevattach['thumbnail']);
}
$date_directory = explode('/', $prevattach['attachname']);
if (@is_dir($mybb->settings['uploadspath'] . "/" . $date_directory[0])) {
delete_upload_directory($mybb->settings['uploadspath'] . "/" . $date_directory[0]);
}
}
$aid = $prevattach['aid'];
} else {
$aid = $db->insert_query("attachments", $attacharray);
if ($pid) {
update_thread_counters($tid, array("attachmentcount" => "+1"));
}
}
$ret['aid'] = $aid;
return $ret;
}
if (isset($mybb->cookies['mybb']['forumread'])) {
$forumsread = my_unserialize($mybb->cookies['mybb']['forumread']);
}
} else {
// Build a forum cache.
$query = $db->query("\n\t\tSELECT f.*, fr.dateline AS lastread\n\t\tFROM " . TABLE_PREFIX . "forums f\n\t\tLEFT JOIN " . TABLE_PREFIX . "forumsread fr ON (fr.fid = f.fid AND fr.uid = '{$mybb->user['uid']}')\n\t\tWHERE f.active != 0\n\t\tORDER BY pid, disporder\n\t");
}
while ($forum = $db->fetch_array($query)) {
if ($mybb->user['uid'] == 0) {
if (!empty($forumsread[$forum['fid']])) {
$forum['lastread'] = $forumsread[$forum['fid']];
}
}
$fcache[$forum['pid']][$forum['disporder']][$forum['fid']] = $forum;
}
$forumpermissions = forum_permissions();
// Get the forum moderators if the setting is enabled.
$moderatorcache = array();
if ($mybb->settings['modlist'] != 0 && $mybb->settings['modlist'] != 'off') {
$moderatorcache = $cache->read('moderators');
}
$excols = 'index';
$permissioncache['-1'] = '1';
$bgcolor = 'trow1';
// Decide if we're showing first-level subforums on the index page.
$showdepth = 2;
if ($mybb->settings['subforumsindex'] != 0) {
$showdepth = 3;
}
$forum_list = build_forumbits();
$forums = $forum_list['forum_list'];
break;
// Actually move the threads in Inline moderation
// Actually move the threads in Inline moderation
case "do_multimovethreads":
// Verify incoming POST request
verify_post_check($mybb->input['my_post_key']);
$moveto = intval($mybb->input['moveto']);
$threadlist = explode("|", $mybb->input['threads']);
if (!is_moderator_by_tids($threadlist, 'canmanagethreads')) {
error_no_permission();
}
foreach ($threadlist as $tid) {
$tids[] = intval($tid);
}
// Make sure moderator has permission to move to the new forum
$newperms = forum_permissions($moveto);
if (($newperms['canview'] == 0 || !is_moderator($moveto, 'canmanagethreads')) && !is_moderator_by_tids($tids, 'canmovetononmodforum')) {
error_no_permission();
}
$newforum = get_forum($moveto);
if (!$newforum || $newforum['type'] != "f" || $newforum['type'] == "f" && $newforum['linkto'] != '') {
error($lang->error_invalidforum);
}
$moderation->move_threads($tids, $moveto);
log_moderator_action($modlogdata, $lang->multi_moved_threads);
moderation_redirect(get_forum_link($moveto), $lang->redirect_inline_threadsmoved);
break;
// Delete posts - Inline moderation
// Delete posts - Inline moderation
case "multideleteposts":
add_breadcrumb($lang->nav_multi_deleteposts);
// Fetch the post from the database.
$post = get_post($mybb->get_input('pid', MyBB::INPUT_INT));
// No result, die.
if (!$post) {
xmlhttp_error($lang->post_doesnt_exist);
}
// Fetch the thread associated with this post.
$thread = get_thread($post['tid']);
// Fetch the specific forum this thread/post is in.
$forum = get_forum($thread['fid']);
// Missing thread, invalid forum? Error.
if (!$thread || !$forum || $forum['type'] != "f") {
xmlhttp_error($lang->thread_doesnt_exist);
}
// Fetch forum permissions.
$forumpermissions = forum_permissions($forum['fid']);
$plugins->run_hooks("xmlhttp_edit_post_start");
// If this user is not a moderator with "caneditposts" permissions.
if (!is_moderator($forum['fid'], "caneditposts")) {
// Thread is closed - no editing allowed.
if ($thread['closed'] == 1) {
xmlhttp_error($lang->thread_closed_edit_message);
} else {
if ($forum['open'] == 0 || $forumpermissions['caneditposts'] == 0 || $mybb->user['uid'] != $post['uid'] || $mybb->user['uid'] == 0 || $mybb->user['suspendposting'] == 1) {
xmlhttp_error($lang->no_permission_edit_post);
} else {
if ($mybb->usergroup['edittimelimit'] != 0 && $post['dateline'] < TIME_NOW - $mybb->usergroup['edittimelimit'] * 60) {
$lang->edit_time_limit = $lang->sprintf($lang->edit_time_limit, $mybb->usergroup['edittimelimit']);
xmlhttp_error($lang->edit_time_limit);
}
}
function manageboards()
{
if (!isset($_GET['type'])) {
$BODY = "";
$cats = mysql_query("SELECT * FROM `categories` ORDER BY `order`");
if (mysql_num_rows($cats) > 0) {
$BODY .= "<table width='100%' cellspacing='3' cellpadding='0'>";
while ($row = mysql_fetch_array($cats)) {
$BODY .= "\n\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t<td width='80%'><strong>" . $row['title'] . "</strong></td>\n\t\t\t\t\t\t\t<td width='20%'><a href='acp.php?action=boards&type=cat&id=" . $row['id'] . "&edit'>Edit</a> <a href='acp.php?action=boards&type=cat&id=" . $row['id'] . "&delete'>Delete</a></td></td>\n\t\t\t\t\t\t</tr>\n\t\t\t\t\t";
$forums = mysql_query("SELECT * FROM `forums` WHERE `cid` = '" . $row['id'] . "'");
$forums_ = "";
while ($forum = mysql_fetch_array($forums)) {
$forums_ .= "<a href='acp.php?action=boards&type=forum&id=" . $forum['id'] . "&edit'>" . $forum['title'] . "</a>, ";
}
$BODY .= "\n\t\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t\t<td colspan='2'>" . substr($forums_, 0, strlen($forums_) - 2) . "</td>\n\t\t\t\t\t\t\t</tr>\n\t\t\t\t\t\t";
}
$BODY .= "</table>";
} else {
return "There aren't any categorys in the database, go create some.";
}
return $BODY;
} else {
switch ($_GET['type']) {
case "cat":
if (isset($_GET['edit']) and !isset($_GET['delete'])) {
$cid = intval(htmlspecialchars($_GET['id']));
$sql = mysql_query("SELECT * FROM `categories` WHERE `id` = '" . $cid . "'");
$row = mysql_fetch_array($sql);
if (!isset($_POST['submit'])) {
return "\n\t\t\t\t\t\t\t\t<form method='post' action=''>\n\t\t\t\t\t\t\t\t\t<table width='100%' cellspacing='3' cellpadding='0'>\n\t\t\t\t\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t\t\t\t\t<td width='30%'>Category Name</td>\n\t\t\t\t\t\t\t\t\t\t\t<td width='70%'><input type='text' name='name' value='" . $row['title'] . "' /></td>\n\t\t\t\t\t\t\t\t\t\t</tr>\n\t\t\t\t\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t\t\t\t\t<td colspan='2' align='center'><input type='submit' name='submit' value='Edit Category' /></td>\n\t\t\t\t\t\t\t\t\t\t</tr>\n\t\t\t\t\t\t\t\t\t</table>\n\t\t\t\t\t\t\t\t</form>\n\t\t\t\t\t\t\t";
} else {
if (!empty($_POST['name'])) {
$category = htmlspecialchars($_POST['name']);
$id = intval(htmlspecialchars($_GET['id']));
if (mysql_query("UPDATE `categories` SET `title` = '" . $category . "' WHERE `id` = '" . $id . "'")) {
return "Category was updated successfully.";
} else {
return "There was a problem updating category, please contact Nevux Ability Boards Tech Support.";
}
} else {
return "You left a field blank please go back and make sure all fields are filled.";
}
}
} elseif (isset($_GET['delete']) and !isset($_GET['edit'])) {
if (!isset($_POST['delete'])) {
return "\n\t\t\t\t\t\t\t\t<form method='post' action=''>\n\t\t\t\t\t\t\t\t\t<table width='100%'>\n\t\t\t\t\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t\t\t\t\t<td width='50%'>Are you Sure you want to delete this Category?</td><td width='50%'><input type='submit' name='delete' value='Delete' /></td>\n\t\t\t\t\t\t\t\t\t\t</tr>\n\t\t\t\t\t\t\t\t\t</table>\n\t\t\t\t\t\t\t\t</form>\n\t\t\t\t\t\t\t";
} else {
$id = intval(htmlspecialchars($_GET['id']));
if (mysql_query("DELETE FROM `categories` WHERE `id` = '" . $id . "'")) {
return "Category was deleted successfully.";
} else {
return "There was an error deleteing categorys from Database.";
}
}
} else {
return "Error action.";
}
break;
case "forum":
if (isset($_GET['edit']) and !isset($_GET['delete'])) {
$id = intval(htmlspecialchars($_GET['id']));
$sql = mysql_query("SELECT * FROM `forums` WHERE `id` = '" . $id . "'");
$row = mysql_fetch_array($sql);
$sub = "";
$sub_ = mysql_query("SELECT * FROM `forums` WHERE `sid` = '" . $row['id'] . "'");
if (mysql_num_rows($sub_) > 0) {
while ($rows = mysql_fetch_array($sub_)) {
$sub .= "<a href='acp.php?action=boards&type=forum&id=" . $rows['id'] . "&edit'>" . $rows['title'] . "</a>, ";
}
}
if (!isset($_POST['submit'])) {
return "\n\t\t\t\t\t\t\t\t<form method='post' action=''>\n\t\t\t\t\t\t\t\t\t<table width='100%' cellspacing='3' cellpadding='0'>\n\t\t\t\t\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t\t\t\t\t<td width='30%'>Forum Name</td>\n\t\t\t\t\t\t\t\t\t\t\t<td width='70%'><input type='text' name='name' value='" . $row['title'] . "' /></td>\n\t\t\t\t\t\t\t\t\t\t</tr>\n\t\t\t\t\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t\t\t\t\t<td width='30%' valign='top'>Forum Description</td>\n\t\t\t\t\t\t\t\t\t\t\t<td width='70%'><textarea cols='20' rows='5' name='desc'>" . $row['description'] . "</textarea></td>\n\t\t\t\t\t\t\t\t\t\t</tr>\n\t\t\t\t\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t\t\t\t\t<td width='30%'>Forum Parent</td>\n\t\t\t\t\t\t\t\t\t\t\t<td width='70%'>" . parents($row['cid'] != 0 ? $row['cid'] : $row['sid'], $row['cid'] != 0 ? "c" : "f") . "</td>\n\t\t\t\t\t\t\t\t\t\t</tr>\n\t\t\t\t\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t\t\t\t\t<td width='30%'>Forum Locked</td>\n\t\t\t\t\t\t\t\t\t\t\t<td width='70%'><input type='checkbox' " . ($row['locked'] == 't' ? 'checked="checked"' : '') . " name='locked' /></td>\n\t\t\t\t\t\t\t\t\t\t</tr>\n\t\t\t\t\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t\t\t\t\t<td colspan='2'>\n\t\t\t\t\t\t\t\t\t\t\t\t" . forum_permissions(1, 2, $row['permissions']) . "\n\t\t\t\t\t\t\t\t\t\t\t</td>\n\t\t\t\t\t\t\t\t\t\t</tr>\n\t\t\t\t\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t\t\t\t\t<td colspan='2' align='center'><input type='submit' name='submit' value='Edit Forum' /></td>\n\t\t\t\t\t\t\t\t\t\t</tr>\n\t\t\t\t\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t\t\t\t\t<td colspan='2' width='100%'>" . ($sub == "" ? '' : '<strong>SubForums</strong>: ' . substr($sub, 0, strlen($sub) - 2)) . "</td>\n\t\t\t\t\t\t\t\t\t\t</tr>\n\t\t\t\t\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t\t\t\t\t<td colspan='2'><a href='acp.php?action=boards&type=forum&id=" . $_GET['id'] . "&delete'>Delete Forum</a></td>\n\t\t\t\t\t\t\t\t\t\t</tr>\n\t\t\t\t\t\t\t\t\t</table>\n\t\t\t\t\t\t\t\t</form>\n\t\t\t\t\t\t\t";
} else {
if (!empty($_POST['parent']) and !empty($_POST['name'])) {
$views = array();
$read = array();
$reply_p = array();
$reply_t = array();
if ($_POST['view']) {
foreach ($_POST['view'] as $v) {
$views[$v] = 't';
}
}
if ($_POST['read']) {
foreach ($_POST['read'] as $b) {
$read[$b] = 't';
}
}
if ($_POST['reply']) {
foreach ($_POST['reply'] as $w) {
$reply_p[$w] = 't';
}
}
if ($_POST['topic']) {
foreach ($_POST['topic'] as $e) {
$reply_t[$e] = 't';
}
}
$permissions = serialize(array('view' => $views, 'read' => $read, 'reply' => $reply_p, 'topic' => $reply_t));
$permissions = mysql_real_escape_string($permissions);
$id = intval(htmlspecialchars($_GET['id']));
$parent = explode("|", $_POST['parent']);
$parent_ = $parent[0] == 'cat' ? "`cid`" : "`sid`";
$parent2_ = $parent[0] == 'cat' ? "`sid`" : "`cid`";
$title = htmlspecialchars($_POST['name']);
$desc = htmlspecialchars($_POST['desc']);
$locked = isset($_POST['locked']) ? 't' : 'f';
if (mysql_query("UPDATE `forums` SET `permissions` = '" . $permissions . "', " . $parent2_ . " = '0', " . $parent_ . " = '" . $parent[1] . "', `title` = '" . $title . "',`description` = '" . $desc . "',`locked` = '" . $locked . "' WHERE `id` = '" . $id . "'")) {
return "Forum was successfully updated into database." . $parent[0];
} else {
return "Sorry, there was an sql error trying to update data into database.";
}
} else {
return "You either left a field blank, or you need to create a category before adding any forums.";
}
}
} elseif (isset($_GET['delete']) and !isset($_GET['edit'])) {
$id = intval(htmlspecialchars($_GET['id']));
if (!isset($_POST['delete'])) {
return "\n\t\t\t\t\t\t\t\t<form method='post' action=''>\n\t\t\t\t\t\t\t\t\t<table width='100%'>\n\t\t\t\t\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t\t\t\t\t<td width='50%'>Are you Sure you want to delete this Forum?</td><td width='50%'><input type='submit' name='delete' value='Delete' /></td>\n\t\t\t\t\t\t\t\t\t\t</tr>\n\t\t\t\t\t\t\t\t\t</table>\n\t\t\t\t\t\t\t\t</form>\n\t\t\t\t\t\t\t";
} else {
$id = intval(htmlspecialchars($_GET['id']));
if (mysql_query("DELETE FROM `forums` WHERE `id` = '" . $id . "'")) {
return "Forum was deleted successfully.";
} else {
return "There was an error deleteing Forum from Database.";
}
}
} else {
return "Error action.";
}
break;
}
}
}
