}
$attachcount++;
if (!$foruminfo['allowposting']) {
$error = $vbphrase['this_forum_is_not_accepting_new_attachments'];
$errors[] = array('filename' => $attachment['name'], 'error' => $error);
} else {
if ($vbulletin->options['attachlimit'] and $attachcount > $vbulletin->options['attachlimit']) {
$error = construct_phrase($vbphrase['you_may_only_attach_x_files_per_post'], $vbulletin->options['attachlimit']);
$errors[] = array('filename' => $attachment['name'], 'error' => $error);
} else {
if ($attachmentid = $upload->process_upload($attachment)) {
if ($vbulletin->userinfo['userid'] != $postinfo['userid'] and can_moderate($threadinfo['forumid'], 'caneditposts')) {
$postinfo['attachmentid'] =& $attachmentid;
$postinfo['forumid'] =& $foruminfo['forumid'];
require_once DIR . '/includes/functions_log_error.php';
log_moderator_action($postinfo, 'attachment_uploaded');
}
} else {
$attachcount--;
}
if ($error = $upload->fetch_error()) {
$errors[] = array('filename' => is_array($attachment) ? $attachment['name'] : $attachment, 'error' => $error);
}
}
}
}
($hook = vBulletinHook::fetch_hook('newattachment_attach')) ? eval($hook) : false;
if (!empty($errors)) {
$errorlist = '';
foreach ($errors as $error) {
$filename = htmlspecialchars_uni($error['filename']);
// Validate Messages
$messages = $db->query_read_slave("\n\t\tSELECT gm.gmid, gm.state, gm.groupid, gm.dateline, gm.postuserid, gm.postusername,\n\t\t\tsocialgroup.name AS group_name, socialgroup.creatoruserid\n\t\tFROM " . TABLE_PREFIX . "groupmessage AS gm\n\t\tLEFT JOIN " . TABLE_PREFIX . "socialgroup AS socialgroup ON (socialgroup.groupid = gm.groupid)\n\t\tWHERE gmid IN ({$messageids})\n\t\t\tAND state = 'deleted'\n\t");
while ($message = $db->fetch_array($messages)) {
$message['is_group_owner'] = $message['creatoruserid'] == $vbulletin->userinfo['userid'];
$messagearray["{$message['gmid']}"] = $message;
$grouplist["{$message['groupid']}"] = true;
}
if (empty($messagearray)) {
standard_error(fetch_error('you_did_not_select_any_valid_messages'));
}
$db->query_write("\n\t\tDELETE FROM " . TABLE_PREFIX . "deletionlog\n\t\tWHERE type = 'groupmessage' AND\n\t\t\tprimaryid IN(" . implode(',', array_keys($messagearray)) . ")\n\t");
$db->query_write("\n\t\tUPDATE " . TABLE_PREFIX . "groupmessage\n\t\tSET state = 'visible'\n\t\tWHERE gmid IN(" . implode(',', array_keys($messagearray)) . ")\n\t");
foreach ($grouplist as $groupid => $foo) {
build_group_counters($groupid);
}
foreach ($messagearray as $message) {
if (!$message['is_group_owner']) {
log_moderator_action($message, 'gm_by_x_for_y_undeleted', array($message['postusername'], $message['group_name']));
}
}
// empty cookie
setcookie('vbulletin_inlinegmessage', '', TIMENOW - 3600, '/');
($hook = vBulletinHook::fetch_hook('group_inlinemod_undelete')) ? eval($hook) : false;
eval(print_standard_redirect('redirect_inline_undeletedmessages', true, $forceredirect));
}
/*======================================================================*\
|| ####################################################################
|| # Downloaded: 09:39, Wed Nov 5th 2008
|| # SVN: $Revision: 27889 $
|| ####################################################################
\*======================================================================*/
function insert_moderator_log()
{
if ($this->modlog) {
require_once DIR . '/includes/functions_log_error.php';
$threadid = intval(($tid = $this->fetch_field('threadid')) ? $tid : $this->info['thread']['threadid']);
$forumid = intval(($fid = $this->fetch_field('forumid')) ? $fid : $this->info['forum']['forumid']);
if (can_moderate($forumid)) {
foreach ($this->modlog as $entry) {
$entry['forumid'] = $forumid;
$entry['threadid'] = $threadid;
log_moderator_action($entry, $entry['type'], $entry['action']);
}
}
$this->modlog = array();
}
}
// Verify incoming POST request
verify_post_check($mybb->get_input('my_post_key'));
// Fetch the existing reputation for this user given by our current user if there is one.
$query = $db->query("\n\t\tSELECT r.*, u.username\n\t\tFROM " . TABLE_PREFIX . "reputation r\n\t\tLEFT JOIN " . TABLE_PREFIX . "users u ON (u.uid=r.adduid)\n\t\tWHERE rid = '" . $mybb->get_input('rid', MyBB::INPUT_INT) . "'\n\t");
$existing_reputation = $db->fetch_array($query);
// Only administrators, super moderators, as well as users who gave a specifc vote can delete one.
if ($mybb->usergroup['issupermod'] != 1 && ($mybb->usergroup['candeletereputations'] != 1 || $existing_reputation['adduid'] != $mybb->user['uid'] || $mybb->user['uid'] == 0)) {
error_no_permission();
}
// Delete the specified reputation
$db->delete_query("reputation", "uid='{$uid}' AND rid='" . $mybb->get_input('rid', MyBB::INPUT_INT) . "'");
// Recount the reputation of this user - keep it in sync.
$query = $db->simple_select("reputation", "SUM(reputation) AS reputation_count", "uid='{$uid}'");
$reputation_value = $db->fetch_field($query, "reputation_count");
// Create moderator log
log_moderator_action(array("uid" => $user['uid'], "username" => $user['username']), $lang->sprintf($lang->delete_reputation_log, $existing_reputation['username'], $existing_reputation['adduid']));
$db->update_query("users", array('reputation' => (int) $reputation_value), "uid='{$uid}'");
redirect("reputation.php?uid={$uid}", $lang->vote_deleted_message);
}
// Otherwise, show a listing of reputations for the given user.
if (!$mybb->input['action']) {
if ($mybb->usergroup['canviewprofiles'] == 0) {
// Reputation page is a part of a profile
error_no_permission();
}
// Set display group to their user group if they don't have a display group.
if (!$user['displaygroup']) {
$user['displaygroup'] = $user['usergroup'];
}
// Fetch display group properties.
$displaygroupfields = array('title', 'description', 'namestyle', 'usertitle', 'stars', 'starimage', 'image', 'usereputationsystem');
if ($existing_ban) {
$update_array = array('gid' => $mybb->get_input('usergroup', MyBB::INPUT_INT), 'dateline' => TIME_NOW, 'bantime' => $db->escape_string($mybb->get_input('liftafter')), 'lifted' => $db->escape_string($lifted), 'reason' => $db->escape_string($banreason));
$db->update_query('banned', $update_array, "uid='{$user['uid']}'");
} else {
$insert_array = array('uid' => $user['uid'], 'gid' => $mybb->get_input('usergroup', MyBB::INPUT_INT), 'oldgroup' => (int) $user['usergroup'], 'oldadditionalgroups' => (string) $user['additionalgroups'], 'olddisplaygroup' => (int) $user['displaygroup'], 'admin' => (int) $mybb->user['uid'], 'dateline' => TIME_NOW, 'bantime' => $db->escape_string($mybb->get_input('liftafter')), 'lifted' => $db->escape_string($lifted), 'reason' => $db->escape_string($banreason));
$db->insert_query('banned', $insert_array);
}
// Move the user to the banned group
$update_array = array('usergroup' => $mybb->get_input('usergroup', MyBB::INPUT_INT), 'displaygroup' => 0, 'additionalgroups' => '');
$db->update_query('users', $update_array, "uid = {$user['uid']}");
$cache->update_banned();
// Log edit or add ban
if ($existing_ban) {
log_moderator_action(array("uid" => $user['uid'], "username" => $user['username']), $lang->edited_user_ban);
} else {
log_moderator_action(array("uid" => $user['uid'], "username" => $user['username']), $lang->banned_user);
}
$plugins->run_hooks("modcp_do_banuser_end");
if ($existing_ban) {
redirect("modcp.php?action=banning", $lang->redirect_banuser_updated);
} else {
redirect("modcp.php?action=banning", $lang->redirect_banuser);
}
} else {
$mybb->input['action'] = "banuser";
}
}
if ($mybb->input['action'] == "banuser") {
add_breadcrumb($lang->mcp_nav_banning, "modcp.php?action=banning");
if ($mybb->usergroup['canbanusers'] == 0) {
error_no_permission();
$socialgroupmemberdm = datamanager_init('SocialGroupMember', $vbulletin);
$vbulletin->GPC['ids'][] = 0;
$ids = implode(', ', $vbulletin->GPC['ids']);
$invites = $vbulletin->db->query_read("\n\t\t\tSELECT * FROM " . TABLE_PREFIX . "socialgroupmember\n\t\t\tWHERE groupid = " . $group['groupid'] . " AND userid IN({$ids})" . ($_POST['do'] == 'cancelinvites' ? " AND type = 'invited'" : ''));
while ($invite = $vbulletin->db->fetch_array($invites)) {
($hook = vBulletinHook::fetch_hook('group_kickmember')) ? eval($hook) : false;
if ($invite['userid'] != $group['creatoruserid']) {
$socialgroupmemberdm->set_existing($invite);
$socialgroupmemberdm->delete();
}
}
unset($socialgroupmemberdm);
}
if (!$group['is_owner'] and can_moderate(0, 'candeletesocialgroups')) {
require_once DIR . '/includes/functions_log_error.php';
log_moderator_action($group, 'social_group_x_members_managed', array($group['name']));
}
if ($group['members'] - sizeof($ids) <= 1 and $_REQUEST['do'] == 'kickmembers') {
$vbulletin->url = 'group.php?' . $vbulletin->session->vars['sessionurl'] . 'groupid=' . $group['groupid'];
} else {
$vbulletin->url = 'group.php?' . $vbulletin->session->vars['sessionurl'] . 'do=manage' . ($_REQUEST['do'] == 'kickmembers' ? 'members' : '') . '&groupid=' . $group['groupid'];
}
($hook = vBulletinHook::fetch_hook('group_kickmember_complete')) ? eval($hook) : false;
$phrase = $_POST['do'] == 'cancelinvites' ? 'successfully_removed_invites' : 'successfully_kicked_members';
eval(print_standard_redirect($phrase));
}
// #######################################################################
if ($_POST['do'] == 'pendingmembers') {
if (!fetch_socialgroup_modperm('caninvitemoderatemembers', $group)) {
print_no_permission();
}
if (TIMENOW + $vbulletin->GPC['timeout'] * 86400 >= 2147483647) {
// maximuim size of a 32 bit integer
eval(standard_error(fetch_error('maxpolltimeout')));
}
$poll->set('question', $vbulletin->GPC['pollquestion']);
$poll->set('active', $vbulletin->GPC['closepoll'] ? 0 : 1);
$poll->set('timeout', $vbulletin->GPC['timeout']);
// only let a poll go from public to private, not the other way about
if ($pollinfo['public']) {
$poll->set('public', $vbulletin->GPC['public']);
}
($hook = vBulletinHook::fetch_hook('poll_update_process')) ? eval($hook) : false;
$poll->save();
$pollinfo['threadid'] = $threadinfo['threadid'];
require_once DIR . '/includes/functions_log_error.php';
log_moderator_action($pollinfo, 'poll_edited');
($hook = vBulletinHook::fetch_hook('poll_update_complete')) ? eval($hook) : false;
$vbulletin->url = 'showthread.php?' . $vbulletin->session->vars['sessionurl'] . "t={$threadinfo['threadid']}";
eval(print_standard_redirect('redirect_editthanks'));
}
// ############################### start show results without vote ###############################
if ($_REQUEST['do'] == 'showresults') {
if (!$pollinfo['pollid']) {
eval(standard_error(fetch_error('invalidid', $vbphrase['poll'], $vbulletin->options['contactuslink'])));
}
($hook = vBulletinHook::fetch_hook('poll_results_start')) ? eval($hook) : false;
$counter = 1;
$pollbits = '';
$bbcode_parser =& new vB_BbCodeParser($vbulletin, fetch_tag_list());
$pollinfo['question'] = $bbcode_parser->parse(unhtmlspecialchars($pollinfo['question']), $foruminfo['forumid'], 1);
$splitoptions = explode('|||', $pollinfo['options']);
} else {
$hard_delete = false;
}
$dataman =& datamanager_init('PictureComment', $vbulletin, ERRTYPE_STANDARD);
$dataman->set_existing($commentinfo);
if ($pictureuser = fetch_userinfo($pictureinfo['userid'])) {
$dataman->set_info('pictureuser', $pictureuser);
}
$dataman->set_info('pictureinfo', $pictureinfo);
$dataman->set_info('hard_delete', $hard_delete);
$dataman->set_info('reason', $vbulletin->GPC['reason']);
$dataman->delete();
unset($dataman);
if ($comentinfo['postuserid'] != $vbulletin->userinfo['userid'] and (can_moderate(0, 'candeletepicturecomments') or can_moderate(0, 'canremovepicturecomments'))) {
require_once DIR . '/includes/functions_log_error.php';
log_moderator_action($pictureinfo, $hard_delete ? 'pc_by_x_on_y_removed' : 'pc_by_x_on_y_soft_deleted', array($commentinfo['postusername'], fetch_trimmed_title($pictureinfo['caption'], 50)));
}
print_standard_redirect('picturecomment_deleted');
} else {
print_standard_redirect('picturecomment_nodelete');
}
}
// ############################### start retrieve ip ###############################
if ($_REQUEST['do'] == 'viewip') {
// check moderator permissions for getting ip
if (!can_moderate(0, 'canviewips')) {
print_no_permission();
}
if (!$commentinfo['commentid']) {
standard_error(fetch_error('invalidid', $vbphrase['comment'], $vbulletin->options['contactuslink']));
}
$modlogdata['tid'] = $tid;
if ($firstpost) {
if ($forumpermissions['candeletethreads'] == 1 || is_moderator($fid, "candeletethreads")) {
delete_thread($tid);
mark_reports($tid, "thread");
log_moderator_action($modlogdata, $lang->thread_deleted);
redirect(get_forum_link($fid), $lang->redirect_threaddeleted);
} else {
error_no_permission();
}
} else {
if ($forumpermissions['candeleteposts'] == 1 || is_moderator($fid, "candeleteposts")) {
// Select the first post before this
delete_post($pid, $tid);
mark_reports($pid, "post");
log_moderator_action($modlogdata, $lang->post_deleted);
$query = $db->simple_select("posts", "pid", "tid='{$tid}' AND dateline <= '{$post['dateline']}'", array("limit" => 1, "order_by" => "dateline", "order_dir" => "desc"));
$next_post = $db->fetch_array($query);
if ($next_post['pid']) {
$redirect = get_post_link($next_post['pid'], $tid) . "#pid{$next_post['pid']}";
} else {
$redirect = get_thread_link($tid);
}
redirect($redirect, $lang->redirect_postdeleted);
} else {
error_no_permission();
}
}
} else {
error($lang->redirect_nodelete);
}
$merge_thread->save();
if ($vbulletin->GPC['redirect'] == 'expires') {
$db->query_write("\n\t\t\t\tINSERT INTO " . TABLE_PREFIX . "threadredirect\n\t\t\t\t\t(threadid, expires)\n\t\t\t\tVALUES\n\t\t\t\t\t({$mergethreadinfo['threadid']}, {$expires})\n\t\t\t");
}
} else {
// remove remnants of merge thread
$merge_thread->delete(false, true, NULL, false);
}
unset($merge_thread);
build_thread_counters($threadinfo['threadid']);
build_forum_counters($threadinfo['forumid']);
if ($mergethreadinfo['forumid'] != $threadinfo['forumid']) {
build_forum_counters($mergethreadinfo['forumid']);
}
vB_ActivityStream_Populate_Forum_Thread::rebuild_thread(array($threadinfo['threadid'], $mergethreadinfo['threadid']));
log_moderator_action($threadinfo, 'thread_merged_with_x', $mergethreadinfo['title']);
($hook = vBulletinHook::fetch_hook('threadmanage_merge_complete')) ? eval($hook) : false;
$vbulletin->url = fetch_seo_url('thread', $threadinfo);
print_standard_redirect('redirect_mergethread');
}
// ############################### start stick / unstick thread ###############################
if ($_POST['do'] == 'stick') {
if ($threadinfo['isdeleted'] and !can_moderate($threadinfo['forumid'], 'candeleteposts') or !$threadinfo['visible'] and !can_moderate($threadinfo['forumid'], 'canmoderateposts')) {
if (can_moderate($threadinfo['forumid'])) {
print_no_permission();
} else {
eval(standard_error(fetch_error('invalidid', $idname, $vbulletin->options['contactuslink'])));
}
}
if (!can_moderate($threadinfo['forumid'], 'canmanagethreads')) {
print_no_permission();
$db->query_write("\n\t\tUPDATE " . TABLE_PREFIX . "groupmessage\n\t\tSET state = 'visible'\n\t\tWHERE gmid IN(" . implode(',', array_keys($messagearray)) . ")\n\t");
foreach (array_keys($messagearray) as $gmid) {
vB_Search_Indexcontroller_Queue::indexQueue('vBForum', 'SocialGroupMessage', 'index', $gmid, null, null);
}
foreach (array_keys($discussionlist) as $discussionid) {
build_discussion_counters($discussionid);
}
foreach (array_keys($grouplist) as $groupid) {
build_group_counters($groupid);
}
foreach ($messagearray as $message) {
if (!$message['is_group_owner']) {
if ($message['firstpost']) {
log_moderator_action($message, 'discussion_by_x_for_y_undeleted', array($message['postusername'], $message['group_name']));
} else {
log_moderator_action($message, 'gm_by_x_in_y_for_z_undeleted', array($message['postusername'], $message['discussion_name'], $message['group_name']));
}
}
}
// empty cookie
setcookie($inline_cookie, '', TIMENOW - 3600, '/');
($hook = vBulletinHook::fetch_hook('group_inlinemod_undelete')) ? eval($hook) : false;
if ($inline_discussion) {
print_standard_redirect('redirect_inline_undeleteddiscussions', true, $forceredirect);
} else {
print_standard_redirect('redirect_inline_undeletedmessages', true, $forceredirect);
}
}
/*======================================================================*\
|| ####################################################################
|| # Downloaded: 03:13, Sat Sep 7th 2013
/**
* pre_delete function - extend if the contenttype needs to do anything
*
* @param array list of deleted attachment ids to delete
* @param boolean verify permission to delete
*
* @return boolean
*/
public function pre_delete($list, $checkperms = true)
{
@ignore_user_abort(true);
// init lists
$this->lists = array(
'grouplist' => array(),
);
if ($checkperms)
{
// Verify that we have permission to view these attachmentids
$attachmultiple = new vB_Attachment_Display_Multiple($this->registry);
$attachments = $attachmultiple->fetch_results("a.attachmentid IN (" . implode(", ", $list) . ")");
if (count($list) != count($attachments))
{
return false;
}
}
$ids = $this->registry->db->query_read("
SELECT
a.attachmentid, a.userid, IF(a.contentid = 0, 1, 0) AS inprogress, a.caption,
sg.name, sg.groupid, IF(sg.creatoruserid = {$this->registry->userinfo['userid']}, 1, 0) AS is_owner,
user.username
FROM " . TABLE_PREFIX . "attachment AS a
LEFT JOIN " . TABLE_PREFIX . "socialgroup AS sg ON (a.contentid = sg.groupid)
LEFT JOIN " . TABLE_PREFIX . "user AS user ON (a.userid = user.userid)
WHERE
a.attachmentid IN (" . implode(", ", $list) . ")
");
while ($id = $this->registry->db->fetch_array($ids))
{
if ($checkperms AND !$id['inprogress'] AND $id['userid'] != $this->registry->userinfo['userid'] AND !fetch_socialgroup_modperm('canremovepicture', $id))
{
return false;
}
if ($id['groupid'])
{
$this->lists['grouplist']["{$id['groupid']}"]["{$id['attachmentid']}"] = 1;
if ($this->log)
{
if (!$id['is_owner'] AND $id['userid'] != $this->registry->userinfo['userid'])
{
// TODO : What does $picture want and fix modlog display in the admincp as it does not filter attachmentid properly on contenttype
$picture = array();
require_once(DIR . '/includes/functions_log_error.php');
log_moderator_action($picture, 'social_group_picture_x_in_y_removed', array(fetch_trimmed_title($id['caption'], 50), $id['name']));
}
}
}
}
return true;
}
/**
* Delete ban
*/
function shoutboxUnban()
{
global $mybb, $db, $lang;
if (isset($mybb->input['id']) && isset($mybb->input['token'])) {
$lang->load('dvz_reports');
verify_post_check($mybb->input['token']);
$id = $db->escape_string($mybb->input['id']);
$data = $db->write_query("select " . TABLE_PREFIX . "dvz_reports_banned.uid, " . TABLE_PREFIX . "dvz_reports_banned.id, " . TABLE_PREFIX . "users.username\r\n from " . TABLE_PREFIX . "dvz_reports_banned\r\n JOIN " . TABLE_PREFIX . "users ON " . TABLE_PREFIX . "dvz_reports_banned.uid = " . TABLE_PREFIX . "users.uid\r\n WHERE " . TABLE_PREFIX . "dvz_reports_banned.id = '{$id}';");
//Validate ban existance
if ($data->num_rows === 0) {
redirect('modcp.php?action=shoutbox_banned');
die;
}
$data = $data->fetch_assoc();
//Delete ban and log action
$db->delete_query('dvz_reports_banned', 'id=' . $id);
//Log action
$logdata = array('uid' => htmlspecialchars_uni($data['uid']), 'username' => htmlspecialchars_uni($data['username']));
log_moderator_action($logdata, $lang->unban_user);
redirect('modcp.php?action=shoutbox_banned');
die;
}
//Redirect
redirect('modcp.php?action=shoutbox_banned');
die;
}
/**
* pre_delete function - extend if the contenttype needs to do anything
*
* @param array list of deleted attachment ids to delete
* @param boolean verify permission to delete
*
* @return boolean
*/
public function pre_delete($list, $checkperms = true)
{
@ignore_user_abort(true);
// init lists
$this->lists = array(
'bloglist' => array(),
);
if ($checkperms)
{
// Verify that we have permission to view these attachmentids
$attachmultiple = new vB_Attachment_Display_Multiple($this->registry);
$attachments = $attachmultiple->fetch_results("a.attachmentid IN (" . implode(", ", $list) . ")");
if (count($list) != count($attachments))
{
return false;
}
}
$replaced = array();
$ids = $this->registry->db->query_read("
SELECT
a.attachmentid, a.userid, IF(a.contentid = 0, 1, 0) AS inprogress,
blog.blogid, blog.firstblogtextid, blog.dateline AS blog_dateline, blog.state, blog.postedby_userid,
bu.memberids, bu.memberblogids,
gm.permissions AS grouppermissions,
user.membergroupids, user.usergroupid, user.infractiongroupids,
blog_deletionlog.moddelete AS del_moddelete, blog_deletionlog.userid AS del_userid, blog_deletionlog.username AS del_username, blog_deletionlog.reason AS del_reason
FROM " . TABLE_PREFIX . "attachment AS a
LEFT JOIN " . TABLE_PREFIX . "blog AS blog ON (blog.blogid = a.contentid)
LEFT JOIN " . TABLE_PREFIX . "blog_user AS bu ON (bu.bloguserid = blog.userid)
LEFT JOIN " . TABLE_PREFIX . "user AS user ON (user.userid = blog.userid)
LEFT JOIN " . TABLE_PREFIX . "blog_groupmembership AS gm ON (blog.userid = gm.bloguserid AND gm.userid = " . $this->registry->userinfo['userid'] . ")
LEFT JOIN " . TABLE_PREFIX . "blog_deletionlog AS blog_deletionlog ON (blog.blogid = blog_deletionlog.primaryid AND blog_deletionlog.type = 'blogid')
WHERE
a.attachmentid IN (" . implode(", ", $list) . ")
");
while ($id = $this->registry->db->fetch_array($ids))
{
cache_permissions($id, false);
if ($checkperms AND !$id['inprogress'] AND !fetch_entry_perm('edit', $id))
{
return false;
}
if ($id['blogid'])
{
$this->lists['bloglist']["{$id['blogid']}"]++;
if ($this->log)
{
if (($this->registry->userinfo['permissions']['genericoptions'] & $this->registry->bf_ugp_genericoptions['showeditedby']) AND $id['p_dateline'] < (TIMENOW - ($this->registry->options['noeditedbytime'] * 60)))
{
if (empty($replaced["$id[firstblogtextid]"]))
{
/*insert query*/
$this->registry->db->query_write("
REPLACE INTO " . TABLE_PREFIX . "blog_editlog
(blogtextid, userid, username, dateline)
VALUES
(
$id[firstblogtextid],
" . $this->registry->userinfo['userid'] . ",
'" . $this->registry->db->escape_string($this->registry->userinfo['username']) . "',
" . TIMENOW . "
)
");
$replaced["$id[firstblogtextid]"] = true;
}
}
if (!is_member_of_blog($this->registry->userinfo, $id) AND can_moderate_blog('caneditentries'))
{
$bloginfo = array(
'blogid' => $id['blogid'],
'attachmentid' => $id['attachmentid'],
);
require_once(DIR . '/includes/blog_functions_log_error.php');
log_moderator_action($bloginfo, 'attachment_removed');
}
}
}
}
return true;
}
if (count($pids) < 1) {
error($lang->error_inline_nopostsselected);
}
if (!is_moderator_by_pids($pids)) {
error_no_permission();
}
// Get threads which are associated with the posts
$tids = array();
$options = array('order_by' => 'dateline', 'order_dir' => 'asc');
$query = $db->simple_select("posts", "DISTINCT tid", "pid IN (" . implode(',', $pids) . ")", $options);
while ($row = $db->fetch_array($query)) {
$tids[] = $row['tid'];
}
$ret = $custommod->execute(intval($mybb->input['action']), $tids, $pids);
$lang->custom_tool = $lang->sprintf($lang->custom_tool, $tool['name']);
log_moderator_action($modlogdata, $lang->custom_tool);
if ($mybb->input['inlinetype'] == 'search') {
clearinline($mybb->input['searchid'], 'search');
$lang->redirect_customtool_search = $lang->sprintf($lang->redirect_customtool_search, $tool['name']);
$return_url = htmlspecialchars_uni($mybb->input['url']);
redirect($return_url, $lang->redirect_customtool_search);
} else {
clearinline($tid, 'thread');
if ($ret == 'forum') {
$lang->redirect_customtool_forum = $lang->sprintf($lang->redirect_customtool_forum, $tool['name']);
moderation_redirect(get_forum_link($fid), $lang->redirect_customtool_forum);
} else {
$lang->redirect_customtool_thread = $lang->sprintf($lang->redirect_customtool_thread, $tool['name']);
moderation_redirect(get_thread_link($tid), $lang->redirect_customtool_thread);
}
}
function replyban_run()
{
global $db, $mybb, $lang, $templates, $theme, $headerinclude, $header, $footer, $replyban, $moderation;
$lang->load("replyban");
if ($mybb->input['action'] != "replyban" && $mybb->input['action'] != "do_replyban" && $mybb->input['action'] != "liftreplyban") {
return;
}
if ($mybb->input['action'] == "replyban") {
$tid = $mybb->get_input('tid', MyBB::INPUT_INT);
$thread = get_thread($tid);
if (!is_moderator($thread['fid'], "canmanagethreads")) {
error_no_permission();
}
if (!$thread['tid']) {
error($lang->error_invalidthread);
}
$thread['subject'] = htmlspecialchars_uni($thread['subject']);
$lang->reply_bans_for = $lang->sprintf($lang->reply_bans_for, $thread['subject']);
check_forum_password($thread['fid']);
build_forum_breadcrumb($thread['fid']);
add_breadcrumb($thread['subject'], get_thread_link($thread['tid']));
add_breadcrumb($lang->reply_bans);
$query = $db->query("\r\n\t\t\tSELECT r.*, u.username\r\n\t\t\tFROM " . TABLE_PREFIX . "replybans r\r\n\t\t\tLEFT JOIN " . TABLE_PREFIX . "users u ON (r.uid=u.uid)\r\n\t\t\tWHERE r.tid='{$thread['tid']}'\r\n\t\t\tORDER BY r.dateline DESC\r\n\t\t");
while ($ban = $db->fetch_array($query)) {
$ban['reason'] = htmlspecialchars_uni($ban['reason']);
$ban['username'] = build_profile_link($ban['username'], $ban['uid']);
if ($ban['lifted'] == 0) {
$ban['lifted'] = $lang->permanent;
} else {
$ban['lifted'] = my_date('relative', $ban['lifted'], '', 2);
}
$alt_bg = alt_trow();
eval("\$ban_bit .= \"" . $templates->get("moderation_replyban_bit") . "\";");
}
if (!$ban_bit) {
eval("\$ban_bit = \"" . $templates->get("moderation_replyban_no_bans") . "\";");
}
// Generate the banned times dropdown
$liftlist = '';
$bantimes = fetch_ban_times();
foreach ($bantimes as $time => $title) {
$selected = '';
if (isset($banned['bantime']) && $banned['bantime'] == $time) {
$selected = " selected=\"selected\"";
}
$thattime = '';
if ($time != '---') {
$dateline = TIME_NOW;
if (isset($banned['dateline'])) {
$dateline = $banned['dateline'];
}
$thatime = my_date("D, jS M Y @ g:ia", ban_date2timestamp($time, $dateline));
$thattime = " ({$thatime})";
}
eval("\$liftlist .= \"" . $templates->get("moderation_replyban_liftlist") . "\";");
}
eval("\$replyban = \"" . $templates->get("moderation_replyban") . "\";");
output_page($replyban);
}
if ($mybb->input['action'] == "do_replyban" && $mybb->request_method == "post") {
// Verify incoming POST request
verify_post_check($mybb->get_input('my_post_key'));
$tid = $mybb->get_input('tid', MyBB::INPUT_INT);
$thread = get_thread($tid);
if (!is_moderator($thread['fid'], "canmanagethreads")) {
error_no_permission();
}
if (!$thread['tid']) {
error($lang->error_invalidthread);
}
$user = get_user_by_username($mybb->input['username'], array('fields' => array('username')));
if (!$user['uid']) {
error($lang->error_invaliduser);
}
$mybb->input['reason'] = $mybb->get_input('reason');
if (!trim($mybb->input['reason'])) {
error($lang->error_missing_reason);
}
$query = $db->simple_select('replybans', 'rid', "uid='{$user['uid']}' AND tid='{$thread['tid']}'");
$existingban = $db->fetch_field($query, 'rid');
if ($existingban > 0) {
error($lang->error_alreadybanned);
}
if ($mybb->get_input('liftban') == '---') {
$lifted = 0;
} else {
$lifted = ban_date2timestamp($mybb->get_input('liftban'), 0);
}
$reason = my_substr($mybb->input['reason'], 0, 240);
$insert_array = array('uid' => $user['uid'], 'tid' => $thread['tid'], 'dateline' => TIME_NOW, 'reason' => $db->escape_string($reason), 'lifted' => $db->escape_string($lifted));
$db->insert_query('replybans', $insert_array);
log_moderator_action(array("tid" => $thread['tid'], "fid" => $thread['fid'], "uid" => $user['uid'], "username" => $user['username']), $lang->user_reply_banned);
moderation_redirect("moderation.php?action=replyban&tid={$thread['tid']}", $lang->redirect_user_banned_replying);
}
if ($mybb->input['action'] == "liftreplyban") {
// Verify incoming POST request
verify_post_check($mybb->get_input('my_post_key'));
$rid = $mybb->get_input('rid', MyBB::INPUT_INT);
$query = $db->simple_select("replybans", "*", "rid='{$rid}'");
$ban = $db->fetch_array($query);
if (!$ban['rid']) {
error($lang->error_invalidreplyban);
}
$thread = get_thread($ban['tid']);
$user = get_user($ban['uid']);
if (!$thread['tid']) {
error($lang->error_invalidthread);
}
if (!is_moderator($thread['fid'], "canmanagethreads")) {
error_no_permission();
}
$db->delete_query("replybans", "rid='{$ban['rid']}'");
log_moderator_action(array("tid" => $thread['tid'], "fid" => $thread['fid'], "uid" => $user['uid'], "username" => $user['username']), $lang->user_reply_banned_lifted);
moderation_redirect("moderation.php?action=replyban&tid={$thread['tid']}", $lang->redirect_reply_ban_lifted);
}
exit;
}
/**
* Insert a thread into the database.
*
* @return array Array of new thread details, tid and visibility.
*/
function insert_thread()
{
global $db, $mybb, $plugins, $cache, $lang;
// Yes, validating is required.
if (!$this->get_validated()) {
die("The thread needs to be validated before inserting it into the DB.");
}
if (count($this->get_errors()) > 0) {
die("The thread is not valid.");
}
$thread =& $this->data;
// Fetch the forum this thread is being made in
$forum = get_forum($thread['fid']);
// This thread is being saved as a draft.
if ($thread['savedraft']) {
$visible = -2;
} else {
$forumpermissions = forum_permissions($thread['fid'], $thread['uid']);
// Decide on the visibility of this post.
if ($forumpermissions['modthreads'] == 1 && !is_moderator($thread['fid'], "", $thread['uid'])) {
$visible = 0;
} else {
$visible = 1;
}
// Are posts from this user being moderated? Change visibility
if ($mybb->user['uid'] == $thread['uid'] && $mybb->user['moderateposts'] == 1) {
$visible = 0;
}
}
// Have a post ID but not a thread ID - fetch thread ID
if (!empty($thread['pid']) && !$thread['tid']) {
$query = $db->simple_select("posts", "tid", "pid='{$thread['pid']}");
$thread['tid'] = $db->fetch_field($query, "tid");
}
if (isset($thread['pid']) && $thread['pid'] > 0) {
$query = $db->simple_select("posts", "pid", "pid='{$thread['pid']}' AND uid='{$thread['uid']}' AND visible='-2'");
$draft_check = $db->fetch_field($query, "pid");
} else {
$draft_check = false;
}
// Are we updating a post which is already a draft? Perhaps changing it into a visible post?
if ($draft_check) {
$this->thread_insert_data = array("subject" => $db->escape_string($thread['subject']), "icon" => (int) $thread['icon'], "username" => $db->escape_string($thread['username']), "dateline" => (int) $thread['dateline'], "lastpost" => (int) $thread['dateline'], "lastposter" => $db->escape_string($thread['username']), "visible" => $visible);
$plugins->run_hooks("datahandler_post_insert_thread", $this);
$db->update_query("threads", $this->thread_insert_data, "tid='{$thread['tid']}'");
$this->post_insert_data = array("subject" => $db->escape_string($thread['subject']), "icon" => (int) $thread['icon'], "username" => $db->escape_string($thread['username']), "dateline" => (int) $thread['dateline'], "message" => $db->escape_string($thread['message']), "ipaddress" => $db->escape_binary(my_inet_pton(get_ip())), "includesig" => $thread['options']['signature'], "smilieoff" => $thread['options']['disablesmilies'], "visible" => $visible);
$plugins->run_hooks("datahandler_post_insert_thread_post", $this);
$db->update_query("posts", $this->post_insert_data, "pid='{$thread['pid']}'");
$this->tid = $thread['tid'];
$this->pid = $thread['pid'];
} else {
$this->thread_insert_data = array("fid" => $thread['fid'], "subject" => $db->escape_string($thread['subject']), "prefix" => (int) $thread['prefix'], "icon" => (int) $thread['icon'], "uid" => $thread['uid'], "username" => $db->escape_string($thread['username']), "dateline" => (int) $thread['dateline'], "lastpost" => (int) $thread['dateline'], "lastposter" => $db->escape_string($thread['username']), "views" => 0, "replies" => 0, "visible" => $visible, "notes" => '');
$plugins->run_hooks("datahandler_post_insert_thread", $this);
$this->tid = $db->insert_query("threads", $this->thread_insert_data);
$this->post_insert_data = array("tid" => $this->tid, "fid" => $thread['fid'], "subject" => $db->escape_string($thread['subject']), "icon" => (int) $thread['icon'], "uid" => $thread['uid'], "username" => $db->escape_string($thread['username']), "dateline" => (int) $thread['dateline'], "message" => $db->escape_string($thread['message']), "ipaddress" => $db->escape_binary(my_inet_pton(get_ip())), "includesig" => $thread['options']['signature'], "smilieoff" => $thread['options']['disablesmilies'], "visible" => $visible);
$plugins->run_hooks("datahandler_post_insert_thread_post", $this);
$this->pid = $db->insert_query("posts", $this->post_insert_data);
// Now that we have the post id for this first post, update the threads table.
$firstpostup = array("firstpost" => $this->pid);
$db->update_query("threads", $firstpostup, "tid='{$this->tid}'");
}
// If we're not saving a draft there are some things we need to check now
if (!$thread['savedraft']) {
if ($thread['options']['subscriptionmethod'] != "" && $thread['uid'] > 0) {
switch ($thread['options']['subscriptionmethod']) {
case "pm":
$notification = 2;
break;
case "email":
$notification = 1;
break;
default:
$notification = 0;
}
require_once MYBB_ROOT . "inc/functions_user.php";
add_subscribed_thread($this->tid, $notification, $thread['uid']);
}
// Perform any selected moderation tools.
if (is_moderator($thread['fid'], "", $thread['uid']) && is_array($thread['modoptions'])) {
$lang->load($this->language_file, true);
$modoptions = $thread['modoptions'];
$modlogdata['fid'] = $thread['fid'];
if (isset($thread['tid'])) {
$modlogdata['tid'] = $thread['tid'];
}
$modoptions_update = array();
// Close the thread.
if (!empty($modoptions['closethread'])) {
$modoptions_update['closed'] = 1;
log_moderator_action($modlogdata, $lang->thread_closed);
}
// Stick the thread.
if (!empty($modoptions['stickthread'])) {
$modoptions_update['sticky'] = 1;
log_moderator_action($modlogdata, $lang->thread_stuck);
}
// Execute moderation options.
if ($modoptions_update) {
$db->update_query('threads', $modoptions_update, "tid='{$this->tid}'");
}
}
if ($visible == 1) {
// If we have a registered user then update their post count and last post times.
if ($thread['uid'] > 0) {
$user = get_user($thread['uid']);
$update_query = array();
// Only update the lastpost column of the user if the date of the thread is newer than their last post.
if ($thread['dateline'] > $user['lastpost']) {
// Yes this has a single quote within a double quote. It's not a bug.
$update_query['lastpost'] = "'{$thread['dateline']}'";
}
// Update the post count if this forum allows post counts to be tracked
if ($forum['usepostcounts'] != 0) {
$update_query['postnum'] = "postnum+1";
}
if ($forum['usethreadcounts'] != 0) {
$update_query['threadnum'] = 'threadnum+1';
}
// Only update the table if we need to.
if (!empty($update_query)) {
$db->update_query("users", $update_query, "uid='{$thread['uid']}'", 1, true);
}
}
if (!isset($forum['lastpost'])) {
$forum['lastpost'] = 0;
}
$done_users = array();
// Queue up any forum subscription notices to users who are subscribed to this forum.
$excerpt = my_substr($thread['message'], 0, $mybb->settings['subscribeexcerpt']) . $lang->emailbit_viewthread;
// Parse badwords
require_once MYBB_ROOT . "inc/class_parser.php";
$parser = new postParser();
$excerpt = $parser->parse_badwords($excerpt);
$query = $db->query("\n\t\t\t\t\tSELECT u.username, u.email, u.uid, u.language, u.loginkey, u.salt, u.regdate\n\t\t\t\t\tFROM " . TABLE_PREFIX . "forumsubscriptions fs\n\t\t\t\t\tLEFT JOIN " . TABLE_PREFIX . "users u ON (u.uid=fs.uid)\n\t\t\t\t\tLEFT JOIN " . TABLE_PREFIX . "usergroups g ON (g.gid=u.usergroup)\n\t\t\t\t\tWHERE fs.fid='" . (int) $thread['fid'] . "'\n\t\t\t\t\tAND fs.uid != '" . (int) $thread['uid'] . "'\n\t\t\t\t\tAND u.lastactive > '{$forum['lastpost']}'\n\t\t\t\t\tAND g.isbannedgroup != 1\n\t\t\t\t");
while ($subscribedmember = $db->fetch_array($query)) {
if ($done_users[$subscribedmember['uid']]) {
continue;
}
$done_users[$subscribedmember['uid']] = 1;
$forumpermissions = forum_permissions($thread['fid'], $subscribedmember['uid']);
if ($forumpermissions['canview'] == 0 || $forumpermissions['canviewthreads'] == 0) {
continue;
}
if (!is_moderator($thread['fid'], "", $subscribedmember['uid']) && $forumpermissions['canonlyviewownthreads'] == 1) {
// In a 'view own only' forum and not a moderator
continue;
}
// Determine the language pack we'll be using to send this email in and load it if it isn't already.
if ($subscribedmember['language'] != '' && $lang->language_exists($subscribedmember['language'])) {
$uselang = $subscribedmember['language'];
} else {
if ($mybb->settings['bblanguage']) {
$uselang = $mybb->settings['bblanguage'];
} else {
$uselang = "english";
}
}
if ($uselang == $mybb->settings['bblanguage']) {
$emailsubject = $lang->emailsubject_forumsubscription;
$emailmessage = $lang->email_forumsubscription;
} else {
if (!isset($langcache[$uselang]['emailsubject_forumsubscription'])) {
$userlang = new MyLanguage();
$userlang->set_path(MYBB_ROOT . "inc/languages");
$userlang->set_language($uselang);
$userlang->load("messages");
$langcache[$uselang]['emailsubject_forumsubscription'] = $userlang->emailsubject_forumsubscription;
$langcache[$uselang]['email_forumsubscription'] = $userlang->email_forumsubscription;
unset($userlang);
}
$emailsubject = $langcache[$uselang]['emailsubject_forumsubscription'];
$emailmessage = $langcache[$uselang]['email_forumsubscription'];
}
$emailsubject = $lang->sprintf($emailsubject, $forum['name']);
$post_code = md5($subscribedmember['loginkey'] . $subscribedmember['salt'] . $subscribedmember['regdate']);
$emailmessage = $lang->sprintf($emailmessage, $subscribedmember['username'], $thread['username'], $forum['name'], $mybb->settings['bbname'], $thread['subject'], $excerpt, $mybb->settings['bburl'], get_thread_link($this->tid), $thread['fid'], $post_code);
$new_email = array("mailto" => $db->escape_string($subscribedmember['email']), "mailfrom" => '', "subject" => $db->escape_string($emailsubject), "message" => $db->escape_string($emailmessage), "headers" => '');
$db->insert_query("mailqueue", $new_email);
unset($userlang);
$queued_email = 1;
}
// Have one or more emails been queued? Update the queue count
if (isset($queued_email) && $queued_email == 1) {
$cache->update_mailqueue();
}
}
}
// Assign any uploaded attachments with the specific posthash to the newly created post.
if ($thread['posthash']) {
$thread['posthash'] = $db->escape_string($thread['posthash']);
$attachmentassign = array("pid" => $this->pid, "posthash" => '');
$db->update_query("attachments", $attachmentassign, "posthash='{$thread['posthash']}' AND pid='0'");
}
if ($visible == 1) {
update_last_post($this->tid);
update_forum_counters($thread['fid'], array("threads" => "+1", "posts" => "+1"));
update_forum_lastpost($thread['fid']);
} else {
if ($visible == 0) {
update_forum_counters($thread['fid'], array("unapprovedthreads" => "+1", "unapprovedposts" => "+1"));
}
}
$query = $db->simple_select("attachments", "COUNT(aid) AS attachmentcount", "pid='{$this->pid}' AND visible='1'");
$attachmentcount = $db->fetch_field($query, "attachmentcount");
if ($attachmentcount > 0) {
update_thread_counters($this->tid, array("attachmentcount" => "+{$attachmentcount}"));
}
// Return the post's pid and whether or not it is visible.
$this->return_values = array("pid" => $this->pid, "tid" => $this->tid, "visible" => $visible);
$plugins->run_hooks("datahandler_post_insert_thread_end", $this);
return $this->return_values;
}
foreach ($unique_thread_user as $threadid => $users) {
foreach ($users as $userid => $subscriptioninfo) {
if ($subscriptioninfo['issubscribed'] and $subscriptioninfo['autosubscribe'] != -1) {
$insert_subscriptions[] = "({$userid}, {$destthreadinfo['threadid']}, {$subscriptioninfo['autosubscribe']}, 0, 1)";
}
}
}
if ($insert_subscriptions) {
$db->query_write("\n\t\t\t\tINSERT IGNORE INTO " . TABLE_PREFIX . "subscribethread\n\t\t\t\t\t(userid, threadid, emailupdate, folderid, canview)\n\t\t\t\tVALUES\n\t\t\t\t\t" . implode(', ', $insert_subscriptions));
}
// need to check permissions on these threads
update_subscriptions(array('threadids' => array($destthreadinfo['threadid'])));
}
build_thread_counters($destthreadinfo['threadid']);
build_forum_counters($destforuminfo['forumid']);
log_moderator_action($destthreadinfo, 'posts_copied_to_x', $destthreadinfo['threadid']);
// empty cookie
setcookie('vbulletin_inlinepost', '', TIMENOW - 3600, '/');
($hook = vBulletinHook::fetch_hook('inlinemod_docopyposts')) ? eval($hook) : false;
$vbulletin->url = 'showthread.php?' . $vbulletin->session->vars['sessionurl'] . "t={$destthreadinfo['threadid']}";
eval(print_standard_redirect('redirect_inline_copiedposts', true, $forceredirect));
}
$navbits = construct_navbits($navbits);
eval('$navbar = "' . fetch_template('navbar') . '";');
($hook = vBulletinHook::fetch_hook('inlinemod_complete')) ? eval($hook) : false;
$url =& $vbulletin->url;
// spit out the final HTML if we have got this far
eval('$HTML = "' . fetch_template($template) . '";');
eval('print_output("' . fetch_template('THREADADMIN') . '");');
/*======================================================================*\
|| ####################################################################
UPDATE " . TABLE_PREFIX . "picturecomment
SET state = 'visible'
WHERE commentid IN(" . implode(',', array_keys($messagearray)) . ")
");
foreach(array_keys($userlist) AS $userid)
{
build_picture_comment_counters($userid);
}
if (can_moderate(0, 'candeletepicturecomments'))
{
foreach ($messagearray AS $message)
{
log_moderator_action($message, 'pc_by_x_on_y_undeleted',
array($message['postusername'], fetch_trimmed_title($message['picture_caption'], 50))
);
}
}
// empty cookie
setcookie('vbulletin_inlinepicturecomment', '', TIMENOW - 3600, '/');
($hook = vBulletinHook::fetch_hook('picturecomment_inlinemod_undelete')) ? eval($hook) : false;
eval(print_standard_redirect('redirect_inline_undeletedmessages', true, $forceredirect));
}
/*======================================================================*\
|| ####################################################################
|| #
function m_ban_user_func($xmlrpc_params)
{
global $input, $post, $thread, $forum, $pid, $tid, $fid, $modlogdata, $db, $lang, $theme, $plugins, $mybb, $session, $settings, $cache, $time, $mybbgroups, $moderation, $parser;
$input = Tapatalk_Input::filterXmlInput(array('user_name' => Tapatalk_Input::STRING, 'mode' => Tapatalk_Input::INT, 'reason_text' => Tapatalk_Input::STRING, 'expired' => Tapatalk_Input::INT), $xmlrpc_params);
$ban_time = '---';
if (!empty($input['expired'])) {
$expired = intval($input['expired']);
$year = date("Y", $expired) - date("Y", time());
$month = date("m", $expired) - date("m", time());
$day = date("d", $expired) - date("d", time());
if ($year < 0) {
$year = 0;
$month = 0;
$day = 0;
}
if ($month < 0) {
$month = 0;
}
if ($day < 0) {
$day = 0;
}
$ban_time = $day . '-' . $month . '-' . $year;
}
mod_setup();
$lang->load("modcp");
// Get the users info from their Username
$query = $db->simple_select("users", "uid, username,usergroup, additionalgroups, displaygroup", "username = '******'user_name_esc']}'", array('limit' => 1));
$user = $db->fetch_array($query);
if (!$user['uid']) {
return xmlrespfalse($lang->invalid_username);
}
if ($user['uid'] == $mybb->user['uid']) {
return xmlrespfalse($lang->error_cannotbanself);
}
// Have permissions to ban this user?
if (!modcp_can_manage_user($user['uid'])) {
return xmlrespfalse($lang->error_cannotbanuser);
}
// Check for an incoming reason
if (empty($input['reason_text'])) {
return xmlrespfalse($lang->error_nobanreason);
}
// Check banned group
$query = $db->simple_select("usergroups", "gid", "isbannedgroup=1", array('limit' => 1));
$gid = $db->fetch_field($query, "gid");
if (!$gid) {
return xmlrespfalse($lang->error_nobangroup);
}
// If this is a new ban, we check the user isn't already part of a banned group
$query = $db->simple_select("banned", "uid", "uid='{$user['uid']}'");
if ($db->fetch_field($query, "uid")) {
return xmlrespfalse($lang->error_useralreadybanned);
}
$insert_array = array('uid' => $user['uid'], 'gid' => $gid, 'oldgroup' => $user['usergroup'], 'oldadditionalgroups' => $user['additionalgroups'], 'olddisplaygroup' => $user['displaygroup'], 'admin' => intval($mybb->user['uid']), 'dateline' => TIME_NOW, 'bantime' => $ban_time, 'lifted' => 0, 'reason' => $input['reason_text_esc']);
$db->insert_query('banned', $insert_array);
// Move the user to the banned group
$update_array = array('usergroup' => $gid, 'displaygroup' => 0, 'additionalgroups' => '');
$db->update_query('users', $update_array, "uid = {$user['uid']}");
// soft delete (unapprove) posts if necessary
if ($input['mode'] == 2) {
$db->update_query('posts', array("visible" => 0), "uid = {$user['uid']}");
$db->update_query('threads', array("visible" => 0), "uid = {$user['uid']}");
}
$cache->update_banned();
log_moderator_action(array("uid" => $user['uid'], "username" => $user['username']), $lang->banned_user);
$response = new xmlrpcval(array('result' => new xmlrpcval(true, 'boolean'), 'is_login_mod' => new xmlrpcval(true, 'boolean'), 'result_text' => new xmlrpcval("", 'base64')), 'struct');
return new xmlrpcresp($response);
}
if ($albuminfo['userid'] != $vbulletin->userinfo['userid'] and can_moderate(0, 'caneditalbumpicture')) {
require_once DIR . '/includes/functions_log_error.php';
log_moderator_action($picture, 'picture_x_in_y_by_z_deleted', array(fetch_trimmed_title($picture['caption'], 50), $albuminfo['title'], $userinfo['username']));
}
}
} else {
if ($picture['state'] == 'moderation' and can_moderate(0, 'canmoderatepictures') and $vbulletin->GPC['pictures']["{$picture['pictureid']}"]['approve']) {
// need to increase picture counter
$picturedata->set('state', 'visible');
$updatecounter++;
}
$picturedata->set('caption', $vbulletin->GPC['pictures']["{$picture['pictureid']}"]['caption']);
$picturedata->save();
if ($albuminfo['userid'] != $vbulletin->userinfo['userid'] and $vbulletin->GPC['pictures']["{$picture['pictureid']}"]['caption'] != $picture['caption'] and can_moderate(0, 'caneditalbumpicture')) {
require_once DIR . '/includes/functions_log_error.php';
log_moderator_action($picture, 'picture_x_in_y_by_z_edited', array(fetch_trimmed_title($picture['caption'], 50), $albuminfo['title'], $userinfo['username']));
}
if ($picture['pictureid'] == $vbulletin->GPC['coverpictureid'] and $picturedata->fetch_field('state') == 'visible') {
$new_coverid = $picture['pictureid'];
} else {
if (!$vbulletin->GPC['coverpictureid'] and !$new_coverid and !$albuminfo['coverpictureid'] and $picturedata->fetch_field('state') == 'visible') {
// not setting a cover and there's no existing cover -> set to this pic
$new_coverid = $picture['pictureid'];
}
}
}
}
($hook = vBulletinHook::fetch_hook('album_picture_update_complete')) ? eval($hook) : false;
if ($new_coverid or $updatecounter) {
$albumdata =& datamanager_init('Album', $vbulletin, ERRTYPE_SILENT);
$albumdata->set_existing($albuminfo);
function undelete_post($postid, $countposts, $postinfo = NULL, $threadinfo = NULL, $counterupdate = true)
{
global $vbulletin, $vbphrase;
// Valid postinfo array will contain: postid, threadid, visible, userid, username, title
// Invalid post or post is not deleted
if (!$postinfo AND !$postinfo = fetch_postinfo($postid))
{
return;
}
// Valid threadinfo array will contain: threadid, forumid, visible, firstpostid
if (!$threadinfo AND !$threadinfo = fetch_threadinfo($postinfo['threadid']))
{
return;
}
if ($threadinfo['firstpostid'] == $postid)
{
// undelete thread
undelete_thread($threadinfo['threadid'], $countposts, $threadinfo);
return;
}
// Post is not deleted
if ($postinfo['visible'] != 2)
{
return;
}
// Only increment post for a visible thread in a counting forum
if ($countposts AND $postinfo['userid'] AND $threadinfo['visible'] == 1)
{
$userdata =& datamanager_init('User', $vbulletin, ERRTYPE_SILENT);
$userdata->set_existing($postinfo);
$userdata->set('posts', 'posts + 1', false);
$userdata->set_ladder_usertitle_relative(1);
$userdata->save();
unset($userdata);
}
$deletiondata =& datamanager_init('Deletionlog_ThreadPost', $vbulletin, ERRTYPE_SILENT, 'deletionlog');
$deletioninfo = array('type' => 'post', 'primaryid' => $postid);
$deletiondata->set_existing($deletioninfo);
$deletiondata->delete();
unset($deletiondata, $deletioninfo);
$postman =& datamanager_init('Post', $vbulletin, ERRTYPE_SILENT, 'threadpost');
$postman->set_existing($postinfo);
$postman->set('visible', 1);
$postman->save();
if ($counterupdate)
{
build_thread_counters($postinfo['threadid']);
build_forum_counters($threadinfo['forumid']);
}
fetch_phrase_group('threadmanage');
$postinfo['forumid'] = $threadinfo['forumid'];
require_once(DIR . '/includes/functions_log_error.php');
log_moderator_action($postinfo, 'post_y_by_x_undeleted', array($postinfo['title'], $postinfo['username']));
}
while ($message = $db->fetch_array($messages)) {
if (!fetch_visitor_message_perm('canundeletevisitormessages', $userinfo, $message)) {
standard_error(fetch_error('you_do_not_have_permission_to_manage_deleted_messages'));
}
$messagearray["{$message['vmid']}"] = $message;
$userlist["{$message['userid']}"] = true;
}
if (empty($messagearray)) {
standard_error(fetch_error('you_did_not_select_any_valid_messages'));
}
$db->query_write("\r\n\t\tDELETE FROM " . TABLE_PREFIX . "deletionlog\r\n\t\tWHERE type = 'visitormessage' AND\r\n\t\t\tprimaryid IN(" . implode(',', array_keys($messagearray)) . ")\r\n\t");
$db->query_write("\r\n\t\tUPDATE " . TABLE_PREFIX . "visitormessage\r\n\t\tSET state = 'visible'\r\n\t\tWHERE vmid IN(" . implode(',', array_keys($messagearray)) . ")\r\n\t");
foreach (array_keys($userlist) as $userid) {
build_visitor_message_counters($userid);
}
if (can_moderate(0, 'candeletevisitormessages')) {
foreach ($messagearray as $message) {
log_moderator_action($message, 'vm_by_x_for_y_undeleted', array($message['postusername'], $message['profile_username']));
}
}
// empty cookie
setcookie('vbulletin_inlinevmessage', '', TIMENOW - 3600, '/');
($hook = vBulletinHook::fetch_hook('member_inlinemod_undelete')) ? eval($hook) : false;
eval(print_standard_redirect('redirect_inline_undeletedmessages', true, $forceredirect));
}
/*======================================================================*\
|| ####################################################################
|| # Downloaded: 23:48, Wed Mar 24th 2010
|| # SVN: $Revision: 32878 $
|| ####################################################################
\*======================================================================*/
$timeout = $mybb->get_input('timeout', MyBB::INPUT_INT);
} else {
$timeout = 0;
}
if ($mybb->get_input('maxoptions', MyBB::INPUT_INT) > 0 && $mybb->get_input('maxoptions', MyBB::INPUT_INT) < $numoptions) {
$maxoptions = $mybb->get_input('maxoptions', MyBB::INPUT_INT);
} else {
$maxoptions = 0;
}
$updatedpoll = array("question" => $db->escape_string($mybb->input['question']), "options" => $db->escape_string($optionslist), "votes" => $db->escape_string($voteslist), "numoptions" => (int) $optioncount, "numvotes" => $numvotes, "timeout" => $timeout, "closed" => $postoptions['closed'], "multiple" => $postoptions['multiple'], "public" => $postoptions['public'], "maxoptions" => $maxoptions);
$plugins->run_hooks("polls_do_editpoll_process");
$db->update_query("polls", $updatedpoll, "pid='" . $mybb->get_input('pid', MyBB::INPUT_INT) . "'");
$plugins->run_hooks("polls_do_editpoll_end");
$modlogdata['fid'] = $thread['fid'];
$modlogdata['tid'] = $thread['tid'];
log_moderator_action($modlogdata, $lang->poll_edited);
redirect(get_thread_link($thread['tid']), $lang->redirect_pollupdated);
}
if ($mybb->input['action'] == "showresults") {
$query = $db->simple_select("polls", "*", "pid='" . $mybb->get_input('pid', MyBB::INPUT_INT) . "'");
$poll = $db->fetch_array($query);
if (!$poll) {
error($lang->error_invalidpoll);
}
$tid = $poll['tid'];
$thread = get_thread($tid);
if (!$thread) {
error($lang->error_invalidthread);
}
$fid = $thread['fid'];
// Get forum info
/**
* pre_delete function - extend if the contenttype needs to do anything
*
* @param array list of deleted attachment ids to delete
* @param boolean verify permission to delete
*
* @return boolean
*/
public function pre_delete($list, $checkperms = true)
{
@ignore_user_abort(true);
// init lists
$this->lists = array('postlist' => array(), 'threadlist' => array());
if ($checkperms) {
// Verify that we have permission to view these attachmentids
$attachmultiple = new vB_Attachment_Display_Multiple($this->registry);
$attachments = $attachmultiple->fetch_results("a.attachmentid IN (" . implode(", ", $list) . ")");
if (count($list) != count($attachments)) {
return false;
}
}
$ids = $this->registry->db->query_read("\n\t\t\tSELECT\n\t\t\t\ta.attachmentid, a.userid, IF(a.contentid = 0, 1, 0) AS inprogress,\n\t\t\t\tpost.postid, post.threadid, post.dateline AS p_dateline, post.userid AS post_userid,\n\t\t\t\tthread.forumid, thread.threadid, thread.open,\n\t\t\t\teditlog.hashistory\n\t\t\tFROM " . TABLE_PREFIX . "attachment AS a\n\t\t\tLEFT JOIN " . TABLE_PREFIX . "post AS post ON (post.postid = a.contentid)\n\t\t\tLEFT JOIN " . TABLE_PREFIX . "thread AS thread ON (thread.threadid = post.threadid)\n\t\t\tLEFT JOIN " . TABLE_PREFIX . "editlog AS editlog ON (editlog.postid = post.postid)\n\t\t\tWHERE a.attachmentid IN (" . implode(", ", $list) . ")\n\t\t");
while ($id = $this->registry->db->fetch_array($ids)) {
if (!$id['inprogress'] and $checkperms) {
if (!$id['open'] and !can_moderate($id['forumid'], 'canopenclose') and !$this->registry->options['allowclosedattachdel']) {
return false;
} else {
if (!can_moderate($id['forumid'], 'caneditposts')) {
$forumperms = fetch_permissions($id['forumid']);
if (!($forumperms & $this->registry->bf_ugp_forumpermissions['caneditpost']) or $this->registry->userinfo['userid'] != $id['userid']) {
return false;
} else {
if (!$this->registry->options['allowattachdel'] and $this->registry->options['edittimelimit'] and $id['p_dateline'] < TIMENOW - $this->registry->options['edittimelimit'] * 60) {
return false;
}
}
}
}
}
if ($id['postid']) {
$this->lists['postlist']["{$id['postid']}"]++;
if ($this->log) {
if ($this->registry->userinfo['permissions']['genericoptions'] & $this->registry->bf_ugp_genericoptions['showeditedby'] and $id['p_dateline'] < TIMENOW - $this->registry->options['noeditedbytime'] * 60) {
if (empty($replaced["{$id['postid']}"])) {
/*insert query*/
$this->registry->db->query_write("\n\t\t\t\t\t\t\t\tREPLACE INTO " . TABLE_PREFIX . "editlog\n\t\t\t\t\t\t\t\t\t\t(postid, userid, username, dateline, hashistory)\n\t\t\t\t\t\t\t\tVALUES\n\t\t\t\t\t\t\t\t\t({$id['postid']},\n\t\t\t\t\t\t\t\t\t" . $this->registry->userinfo['userid'] . ",\n\t\t\t\t\t\t\t\t\t'" . $this->registry->db->escape_string($this->registry->userinfo['username']) . "',\n\t\t\t\t\t\t\t\t\t" . TIMENOW . ",\n\t\t\t\t\t\t\t\t\t" . intval($id['hashistory']) . ")\n\t\t\t\t\t\t\t");
$replaced["{$id['postid']}"] = true;
}
}
if ($this->registry->userinfo['userid'] != $id['post_userid'] and can_moderate($id['forumid'], 'caneditposts')) {
$postinfo = array('postid' => &$id['postid'], 'threadid' => &$id['threadid'], 'forumid' => &$id['forumid'], 'attachmentid' => &$id['attachmentid']);
require_once DIR . '/includes/functions_log_error.php';
log_moderator_action($postinfo, 'attachment_removed');
}
}
}
if ($id['threadid']) {
$this->lists['threadlist']["{$id['threadid']}"]++;
}
}
return true;
}
// do we need to update the forum counters?
$forumupdate = $foruminfo['lastthreadid'] == $threadinfo['threadid'] ? true : false;
}
// can this user open/close this thread if they want to?
if ($vbulletin->GPC['openclose'] and ($threadinfo['postuserid'] != 0 and $threadinfo['postuserid'] == $vbulletin->userinfo['userid'] and $forumperms & $vbulletin->bf_ugp_forumpermissions['canopenclose'] or can_moderate($threadinfo['forumid'], 'canopenclose'))) {
$threadman->set('open', $threadman->fetch_field('open') == 1 ? 0 : 1);
}
if ($vbulletin->GPC['stickunstick'] and can_moderate($threadinfo['forumid'], 'canmanagethreads')) {
$threadman->set('sticky', $threadman->fetch_field('sticky') == 1 ? 0 : 1);
}
($hook = vBulletinHook::fetch_hook('editpost_update_thread')) ? eval($hook) : false;
$threadman->save();
// if this is a mod edit, then log it
if ($vbulletin->userinfo['userid'] != $postinfo['userid'] and can_moderate($threadinfo['forumid'], 'caneditposts')) {
$modlog = array('threadid' => $threadinfo['threadid'], 'forumid' => $threadinfo['forumid'], 'postid' => $postinfo['postid']);
log_moderator_action($modlog, 'post_x_edited', $postinfo['title']);
}
require_once DIR . '/includes/functions_databuild.php';
// do forum update if necessary
if ($forumupdate) {
build_forum_counters($threadinfo['forumid']);
}
// don't do thread subscriptions if we are doing quick edit
if (!$vbulletin->GPC['ajax'] and !$vbulletin->GPC['quickeditnoajax']) {
// ### DO THREAD SUBSCRIPTION ###
// We use $postinfo[userid] so that we update the user who posted this, not the user who is editing this
if (!$threadinfo['issubscribed'] and $edit['emailupdate'] != 9999) {
// user is not subscribed to this thread so insert it
/*insert query*/
$db->query_write("\n\t\t\t\t\tREPLACE INTO " . TABLE_PREFIX . "subscribethread (userid, threadid, emailupdate, folderid, canview)\n\t\t\t\t\tVALUES ({$postinfo['userid']}, {$threadinfo['threadid']}, {$edit['emailupdate']}, {$edit['folderid']}, 1)\n\t\t\t\t");
} else {
$hard_delete = false;
}
$dataman =& datamanager_init('VisitorMessage', $vbulletin, ERRTYPE_STANDARD);
$dataman->set_existing($messageinfo);
$dataman->set_info('hard_delete', $hard_delete);
$dataman->set_info('reason', $vbulletin->GPC['reason']);
$dataman->delete();
unset($dataman);
if ($messageinfo['postuserid'] != $vbulletin->userinfo['userid'] AND can_moderate(0, 'candeletevisitormessages'))
{
require_once(DIR . '/includes/functions_log_error.php');
log_moderator_action($messageinfo,
($hard_delete ? 'vm_by_x_for_y_removed' : 'vm_by_x_for_y_soft_deleted'),
array($messageinfo['postusername'], $userinfo['username'])
);
}
$vbulletin->url = fetch_seo_url('member', $userinfo);
eval(print_standard_redirect('visitormessagedelete'));
}
else
{
$vbulletin->url = fetch_seo_url('member', $userinfo);
eval(print_standard_redirect('visitormessage_nodelete'));
}
}
// ############################### start retrieve ip ###############################
if ($_REQUEST['do'] == 'viewip')
$postman =& datamanager_init('Post', $vbulletin, ERRTYPE_SILENT, 'threadpost');
$postman->set_existing($postinfo);
$postman->delete($countposts, $postinfo['threadid'], can_moderate($postinfo['forumid'], 'canremoveposts'));
unset($postman);
$updatethread["{$postinfo['threadid']}"] = 1;
$updateforum["{$postinfo['forumid']}"] = 1;
}
}
}
if (!empty($postids)) {
$postids = implode(',', $postids);
$db->query_write("\n\t\t\t\tDELETE FROM " . TABLE_PREFIX . "moderation\n\t\t\t\tWHERE primaryid IN({$postids}) AND type = 'reply'\n\t\t\t");
}
if (!empty($modlog)) {
require_once DIR . '/includes/functions_log_error.php';
log_moderator_action($modlog, 'approved_post');
}
}
vbmail_end();
// Update post counts
unset($userbyuserid[0]);
// skip any guest posts
if (!empty($userbyuserid)) {
$userbypostcount = array();
foreach ($userbyuserid as $postuserid => $postcount) {
$alluserids .= ",{$postuserid}";
$userbypostcount["{$postcount}"] .= ",{$postuserid}";
}
foreach ($userbypostcount as $postcount => $userids) {
$casesql .= " WHEN userid IN (0{$userids}) THEN {$postcount}\n";
}
// Set up posthandler.
require_once MYBB_ROOT . "inc/datahandlers/post.php";
$posthandler = new PostDataHandler("update");
$posthandler->action = "post";
// Set the post data that came from the input to the $post array.
$updatepost = array("pid" => $post['pid'], "tid" => $thread['tid'], "subject" => $subject, "edit_uid" => $mybb->user['uid']);
$posthandler->set_data($updatepost);
// Now let the post handler do all the hard work.
if (!$posthandler->validate_post()) {
$post_errors = $posthandler->get_friendly_errors();
xmlhttp_error($post_errors);
} else {
$posthandler->update_post();
if ($ismod == true) {
$modlogdata = array("tid" => $thread['tid'], "fid" => $forum['fid']);
log_moderator_action($modlogdata, $lang->edited_post);
}
}
}
require_once MYBB_ROOT . "inc/class_parser.php";
$parser = new postParser();
// Send our headers.
header("Content-type: application/json; charset={$charset}");
$plugins->run_hooks("xmlhttp_edit_subject_end");
$mybb->input['value'] = $parser->parse_badwords($mybb->get_input('value'));
// Spit the subject back to the browser.
$subject = substr($mybb->input['value'], 0, 120);
// 120 is the varchar length for the subject column
echo json_encode(array("subject" => '<a href="' . get_thread_link($thread['tid']) . '">' . htmlspecialchars_uni($subject) . '</a>'));
// Close the connection.
exit;
/**
* Any code to run before deleting. Builds lists and updates mod log
*
* @param Boolean Do the query?
*/
function pre_delete($doquery = true)
{
@ignore_user_abort(true);
// init lists
$this->lists = array('idlist' => array(), 'postlist' => array(), 'threadlist' => array());
$replaced = array();
$ids = $this->registry->db->query_read("\n\t\t\tSELECT\n\t\t\t\tattachment.attachmentid,\n\t\t\t\tattachment.userid,\n\t\t\t\tpost.postid,\n\t\t\t\tpost.threadid,\n\t\t\t\tpost.dateline AS post_dateline,\n\t\t\t\tpost.userid AS post_userid,\n\t\t\t\tthread.forumid,\n\t\t\t\teditlog.hashistory\n\t\t\tFROM " . TABLE_PREFIX . "attachment AS attachment\n\t\t\tLEFT JOIN " . TABLE_PREFIX . "post AS post ON (post.postid = attachment.postid)\n\t\t\tLEFT JOIN " . TABLE_PREFIX . "thread AS thread ON (thread.threadid = post.threadid)\n\t\t\tLEFT JOIN " . TABLE_PREFIX . "editlog AS editlog ON (editlog.postid = post.postid)\n\t\t\tWHERE " . $this->condition);
while ($id = $this->registry->db->fetch_array($ids)) {
$this->lists['idlist']["{$id['attachmentid']}"] = $id['userid'];
if ($id['postid']) {
$this->lists['postlist']["{$id['postid']}"]++;
if ($this->log) {
if ($this->registry->userinfo['permissions']['genericoptions'] & $this->registry->bf_ugp_genericoptions['showeditedby'] and $id['post_dateline'] < TIMENOW - $this->registry->options['noeditedbytime'] * 60) {
if (empty($replaced["{$id['postid']}"])) {
/*insert query*/
$this->registry->db->query_write("\n\t\t\t\t\t\t\t\tREPLACE INTO " . TABLE_PREFIX . "editlog\n\t\t\t\t\t\t\t\t\t\t(postid, userid, username, dateline, hashistory)\n\t\t\t\t\t\t\t\tVALUES\n\t\t\t\t\t\t\t\t\t({$id['postid']},\n\t\t\t\t\t\t\t\t\t" . $this->registry->userinfo['userid'] . ",\n\t\t\t\t\t\t\t\t\t'" . $this->registry->db->escape_string($this->registry->userinfo['username']) . "',\n\t\t\t\t\t\t\t\t\t" . TIMENOW . ",\n\t\t\t\t\t\t\t\t\t" . intval($id['hashistory']) . ")\n\t\t\t\t\t\t\t");
$replaced["{$id['postid']}"] = true;
}
}
if ($this->registry->userinfo['userid'] != $id['post_userid'] and can_moderate($threadinfo['forumid'], 'caneditposts')) {
$postinfo['forumid'] =& $foruminfo['forumid'];
$postinfo = array('postid' => &$id['postid'], 'threadid' => &$id['threadid'], 'forumid' => &$id['forumid'], 'attachmentid' => &$id['attachmentid']);
require_once DIR . '/includes/functions_log_error.php';
log_moderator_action($postinfo, 'attachment_removed');
}
}
}
if ($id['threadid']) {
$this->lists['threadlist']["{$id['threadid']}"]++;
}
}
if ($this->registry->db->num_rows($ids) == 0) {
// nothing to delete
return false;
} else {
// condition needs to have any attachment. replaced with TABLE_PREFIX . attachment
// since DELETE doesn't suport table aliasing in some versions of MySQL
// we needed the attachment. for the query run above at the start of this function
$this->condition = preg_replace('#(attachment\\.)#si', TABLE_PREFIX . '\\1', $this->condition);
return true;
}
}