function generate_smilies($mode, $forum_id)
{
global $_CLASS;
// add option for all smiles in window
$display_link = false;
$mode = $mode == 'window' ? 'window' : 'inline';
if ($mode == 'inline') {
$sql = 'SELECT smiley_id
FROM ' . SMILIES_TABLE . '
WHERE smiley_type = 1';
$result = $_CLASS['core_db']->query_limit($sql, 1, 0);
if ($row = $_CLASS['core_db']->fetch_row_assoc($result)) {
$display_link = true;
}
$_CLASS['core_db']->free_result($result);
}
if (is_null($smiley = $_CLASS['core_cache']->get('smiley_' . $mode))) {
$smiley = array();
$sql = 'SELECT *
FROM ' . SMILIES_TABLE . '
WHERE smiley_type =' . ($mode == 'inline' ? '0' : '1') . '
ORDER BY smiley_order';
$result = $_CLASS['core_db']->query($sql);
while ($row = $_CLASS['core_db']->fetch_row_assoc($result)) {
$smiley[] = array('SMILEY_CODE' => $row['smiley_code'], 'SMILEY_IMG' => $row['smiley_src'], 'SMILEY_WIDTH' => $row['smiley_width'], 'SMILEY_HEIGHT' => $row['smiley_height'], 'SMILEY_DESC' => $row['smiley_description']);
}
$_CLASS['core_cache']->put('smiley_' . $mode, $smiley);
$_CLASS['core_db']->free_result($result);
}
$_CLASS['core_template']->assign('smiley', $smiley);
if ($mode == 'inline') {
$_CLASS['core_template']->assign_array(array('S_SHOW_SMILEY_LINK' => $display_link ? true : false, 'U_MORE_SMILIES' => generate_link('Forums&file=posting&mode=smilies&f=' . $forum_id)));
}
if ($mode == 'window') {
global $config;
$_CLASS['core_template']->assign('T_SMILIES_PATH', "{$config['smilies_path']}/");
$_CLASS['core_template']->display('modules/Forums/posting_smilies.html');
script_close();
}
}
}
$path = str_replace('install/', '', $path);
$domain = empty($_SERVER['SERVER_NAME']) ? $_SERVER['HTTP_HOST'] : $_SERVER['SERVER_NAME'];
$_CLASS['core_template']->assign_array(array('site_name' => 'New CMS Site', 'site_domain' => $domain, 'site_path' => $path, 'site_port' => $_SERVER['SERVER_PORT'] == 80 ? '' : $_SERVER['SERVER_PORT'], 'cookie_domain' => $domain, 'cookie_path' => $path, 'cookie_name' => 'cms', 'username' => '', 'password' => '', 'password_confirm' => '', 'email' => '', 'email_confirm' => '', 'error' => empty($error) ? false : implode('<br/>', $error), 'config_content' => $config_data));
$_CLASS['core_template']->display('installer/stage3.html');
script_close();
}
}
}
if ($stage === 2) {
if (isset($_POST['test']) && empty($error)) {
$error[] = 'Database Setting Perfect :-)';
}
$_CLASS['core_template']->assign_array(array('database_options' => $database_options, 'error' => empty($error) ? false : implode('<br/>', $error), 'server' => isset($site_db['server']) ? $site_db['server'] : 'localhost', 'port' => isset($site_db['port']) ? $site_db['port'] : '', 'database' => isset($site_db['database']) ? $site_db['database'] : '', 'username' => isset($site_db['username']) ? $site_db['username'] : '', 'password' => isset($site_db['password']) ? $site_db['password'] : '', 'file' => isset($site_db['file']) ? $site_db['file'] : '', 'table_prefix' => get_variable('table_prefix', 'POST', 'cms_'), 'user_prefix' => get_variable('user_prefix', 'POST', 'cms_')));
$_CLASS['core_template']->display('installer/stage2.html');
script_close();
}
if ($stage === 1) {
$gd_info = gd_info();
$continue = true;
if (!($compatible = version_compare(PHP_VERSION, '4.2.0', '>='))) {
$continue = false;
}
$_CLASS['core_template']->assign_array(array('error' => false, 'magic_quotes_gpc' => (bool) ini_get('magic_quotes_gpc') === false, 'output_buffering' => (int) ini_get('output_buffering') === 0, 'register_globals' => (bool) ini_get('register_globals') === false, 'safe_mode' => (bool) ini_get('safe_mode') === false, 'php_version' => PHP_VERSION, 'workable_Version' => $compatible, 'recommended_Version' => version_compare(PHP_VERSION, '4.3.0', '>='), 'mbstring' => extension_loaded('mbstring'), 'zlib' => extension_loaded('zlib'), 'gd' => extension_loaded('gd'), 'gd_version' => $gd_info['GD Version'], 'continue' => $continue));
$_CLASS['core_template']->display('installer/stage1.html');
script_close();
}
if (!$stage) {
$_CLASS['core_template']->display('installer/agreement.html');
script_close();
}
function do_login($login_options, $template)
{
global $_CLASS, $_CORE_CONFIG;
$error = '';
$login_array = array('redirect' => false, 'explain' => false, 'success' => '', 'admin_login' => false, 'full_login' => true, 'full_screen' => false);
if (is_array($login_options)) {
$login_array = array_merge($login_array, $login_options);
}
if (isset($_POST['login'])) {
$user_name = get_variable('username', 'POST');
$user_password = get_variable('password', 'POST');
if (!$user_name || !$user_password) {
$error = 'INCOMPLETE_LOGIN_INFO';
}
if (!$error && $_CORE_CONFIG['user']['enable_confirm']) {
$code = $_CLASS['core_user']->session_data_get('confirmation_code');
$confirm_code = get_variable('confirm_code', 'POST', false);
if (!$code || !$confirm_code || $code !== $confirm_code) {
// $error = 'CONFIRM_CODE_WRONG';
}
}
if (!$error) {
$result = $this->user_auth($user_name, $user_password);
if (is_numeric($result)) {
$_CLASS['core_user']->login($result, $login_array['admin_login'], !empty($_POST['hidden']), !empty($_POST['auto_login']));
$login_array['redirect'] = generate_link(get_variable('redirect', 'POST', $login_array['redirect']), array('admin' => $login_array['admin_login']));
$_CLASS['core_display']->meta_refresh(5, $login_array['redirect']);
$message = ($login_array['success'] ? $_CLASS['core_user']->get_lang($login_array['success']) : $_CLASS['core_user']->lang['LOGIN_REDIRECT']) . '<br /><br />' . sprintf($_CLASS['core_user']->lang['RETURN_PAGE'], '<a href="' . $login_array['redirect'] . '">', '</a> ');
trigger_error($message);
}
$error = is_string($result) ? $result : 'LOGIN_ERROR';
}
}
if (!$login_array['redirect']) {
$login_array['redirect'] = htmlspecialchars($_CLASS['core_user']->url);
}
$s_hidden_fields = '<input type="hidden" name="redirect" value="' . $login_array['redirect'] . '" />';
if ($_CORE_CONFIG['user']['enable_confirm']) {
$confirm_image = '<img src="' . generate_link('system&mode=confirmation_image') . '" alt="" title="" />';
$_CLASS['core_user']->session_data_set('confirmation_code', generate_string(6));
} else {
$confirm_image = false;
}
$_CLASS['core_template']->assign_array(array('LOGIN_ERROR' => $_CLASS['core_user']->get_lang($error), 'LOGIN_EXPLAIN' => $_CLASS['core_user']->get_lang($login_array['explain']), 'U_SEND_PASSWORD' => $_CORE_CONFIG['email']['email_enable'] ? generate_link('Control_Panel&mode=sendpassword') : '', 'U_RESEND_ACTIVATION' => $_CORE_CONFIG['user']['activation'] != USER_ACTIVATION_NONE && $_CORE_CONFIG['email']['email_enable'] ? generate_link('Control_Panel&mode=resend_act') : '', 'U_TERMS_USE' => generate_link('Control_Panel&mode=terms'), 'U_PRIVACY' => generate_link('Control_Panel&mode=privacy'), 'U_REGISTER' => generate_link('Control_Panel&mode=register'), 'U_CONFIRM_IMAGE' => $confirm_image, 'USERNAME' => isset($data['user_name']) ? $data['user_name'] : '', 'S_DISPLAY_FULL_LOGIN' => $login_array['full_login'], 'S_LOGIN_ACTION' => !$login_array['admin_login'] ? generate_link($_CLASS['core_user']->url) : generate_link(false, array('admin' => true)), 'S_HIDDEN_FIELDS' => $s_hidden_fields));
if (!$template && $login_array['full_screen']) {
$template = 'login_body_full.html';
}
$_CLASS['core_template']->display($template ? $template : 'login_body.html');
script_close();
}
function redirect($url = false, $save = false)
{
$url = $url ? str_replace('&', '&', $url) : generate_link();
if (preg_match('#Microsoft|WebSTAR|Xitami#', $_SERVER['SERVER_SOFTWARE'])) {
header('Refresh: 0; url=' . $url);
} else {
header('Location: ' . $url);
}
header('P3P: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"');
header('Cache-Control: private, pre-check=0, post-check=0, max-age=0');
header('Expires: 0');
header('Pragma: no-cache');
echo '<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<meta http-equiv="refresh" content="0; url=' . $url . '">
<title>Redirect</title>
</head>
<body>
<div align="center"><a href="' . $url . '">Click here to continue</a></div>
</body>
</html>';
script_close($save);
}
FROM ' . FORUMS_TOPICS_TABLE . ' t LEFT JOIN ' . FORUMS_FORUMS_TABLE . " f ON (f.forum_id = t.forum_id)\n\t\t\tWHERE t.topic_id = {$topic_id}";
break;
case 'quote':
case 'edit':
case 'delete':
if (!$post_id) {
trigger_error('NO_POST');
}
$sql = 'SELECT f.*, t.*, p.*, u.username, u.user_sig, u.user_sig_bbcode_uid, u.user_sig_bbcode_bitfield
FROM ' . FORUMS_POSTS_TABLE . ' p, ' . USERS_TABLE . ' u , ' . FORUMS_TOPICS_TABLE . ' t
LEFT JOIN ' . FORUMS_FORUMS_TABLE . " f ON (f.forum_id = t.forum_id)\n\t\t\tWHERE p.post_id = {$post_id}\n\t\t\t\tAND t.topic_id = p.topic_id\n\t\t\t\tAND u.user_id = p.poster_id";
break;
case 'smilies':
require_once $site_file_root . 'includes/forums/functions_posting.php';
generate_smilies('window', $forum_id);
script_close(false);
break;
default:
trigger_error('NO_POST_MODE');
break;
}
$result = $_CLASS['core_db']->query($sql);
$posting_data = $_CLASS['core_db']->fetch_row_assoc($result);
$_CLASS['core_db']->free_result($result);
if (!$posting_data) {
trigger_error('NO_POST');
}
require_once $site_file_root . 'includes/forums/message_parser.php';
require_once $site_file_root . 'includes/forums/functions_admin.php';
require_once $site_file_root . 'includes/forums/functions_posting.php';
// remove
function ucp_register($id, $mode)
{
global $site_file_root, $config, $_CLASS, $_CORE_CONFIG;
$coppa = isset($_REQUEST['coppa']) ? (int) $_REQUEST['coppa'] : null;
$submit = isset($_POST['submit']);
if ($_CORE_CONFIG['user']['activation'] == USER_ACTIVATION_DISABLE || ($coppa || $_CORE_CONFIG['user']['activation'] == USER_ACTIVATION_SELF || $_CORE_CONFIG['user']['activation'] == USER_ACTIVATION_ADMIN) && !$_CORE_CONFIG['email']['email_enable']) {
trigger_error('UCP_REGISTER_DISABLE');
}
$_CLASS['core_template']->assign('S_UCP_ACTION', generate_link('Control_Panel&mode=register'));
$error = $data = array();
$s_hidden_fields = '';
if (!isset($_POST['agreed'])) {
if ($_CORE_CONFIG['user']['coppa_enable'] && is_null($coppa)) {
$now = explode(':', gmdate('m:j:Y'));
$coppa_birthday = $_CLASS['core_user']->format_date(mktime(12, 0, 0, $now[0], $now[1], $now[2] - 13), 'D M d, Y');
$_CLASS['core_template']->assign_array(array('L_COPPA_NO' => sprintf($_CLASS['core_user']->lang['UCP_COPPA_BEFORE'], $coppa_birthday), 'L_COPPA_YES' => sprintf($_CLASS['core_user']->lang['UCP_COPPA_ON_AFTER'], $coppa_birthday), 'U_COPPA_NO' => generate_link('Control_Panel&mode=register&coppa=0'), 'U_COPPA_YES' => generate_link('Control_Panel&mode=register&coppa=1'), 'S_SHOW_COPPA' => true, 'S_HIDDEN_FIELDS' => $s_hidden_fields, 'S_REGISTER_ACTION' => generate_link('Control_Panel&mode=register')));
} else {
$s_hidden_fields .= '<input type="hidden" name="coppa" value="' . $coppa . '" />';
$_CLASS['core_template']->assign_array(array('S_SHOW_COPPA' => false, 'S_HIDDEN_FIELDS' => $s_hidden_fields, 'S_REGISTER_ACTION' => generate_link('Control_Panel&mode=register')));
}
$this->display($_CLASS['core_user']->lang['REGISTER'], 'ucp_agreement.html');
script_close();
}
if ($submit) {
require_once $site_file_root . 'includes/functions_user.php';
$error = array();
$username = get_variable('username', 'POST', false);
$password = get_variable('password', 'POST', false);
$email = get_variable('email', 'POST', false);
$email_confirm = get_variable('email_confirm', 'POST', '');
//when we add this make sure to confirm that it's one of the installed langs
$lang = $_CORE_CONFIG['global']['default_lang'];
$tz = get_variable('tz', 'POST', false);
if (strpos($username, "\n")) {
die;
}
$username_validate = validate_username($username);
if ($username_validate !== true) {
$error[] = $_CLASS['core_user']->get_lang($username_validate);
}
if (!$password || $password !== get_variable('password_confirm', 'POST', '')) {
$error[] = $_CLASS['core_user']->get_lang('PASSWORD_ERROR');
}
if (!$email || $email !== $email_confirm) {
$error[] = $_CLASS['core_user']->get_lang('EMAIL_ERROR');
} elseif (!check_email($email)) {
$error[] = $_CLASS['core_user']->get_lang('EMAIL_INVALID');
}
if (!$tz || !in_array($tz, tz_array())) {
$tz = null;
}
if ($_CORE_CONFIG['user']['enable_confirm']) {
$confirmation_code = $_CLASS['core_user']->session_data_get('confirmation_code');
$confirm_code = trim(get_variable('confirm_code', 'POST', false));
if (!$confirm_code || !$confirmation_code || $confirm_code != $confirmation_code) {
$error[] = $_CLASS['core_user']->get_lang('CONFIRM_CODE_WRONG');
}
// we don't need this any more
$_CLASS['core_user']->user_data_kill('confirmation_code');
}
if (empty($error)) {
$password = encode_password($password, $_CORE_CONFIG['user']['password_encoding']);
if (!$password) {
//do some admin contact thing here
die('Activation disabled: Passwaord encoding problem');
}
if ($coppa || $_CORE_CONFIG['user']['activation'] == USER_ACTIVATION_SELF || $_CORE_CONFIG['user']['activation'] == USER_ACTIVATION_ADMIN) {
if (!$_CORE_CONFIG['email']['email_enable']) {
//do some admin contact thing here
die('Activation disabled: Email Disabled');
}
$user_status = STATUS_PENDING;
$user_act_key = generate_string(10);
if ($coppa) {
$message = $_CLASS['core_user']->lang['ACCOUNT_COPPA'];
$email_template = 'coppa_welcome_inactive';
} elseif ($_CORE_CONFIG['user']['activation'] == USER_ACTIVATION_SELF) {
$message = $_CLASS['core_user']->lang['ACCOUNT_INACTIVE'];
$email_template = 'user_welcome_inactive';
} elseif ($_CORE_CONFIG['user']['activation'] == USER_ACTIVATION_ADMIN) {
$message = $_CLASS['core_user']->lang['ACCOUNT_INACTIVE_ADMIN'];
$email_template = 'admin_welcome_inactive';
}
} else {
$user_status = STATUS_ACTIVE;
$user_act_key = null;
$email_template = 'user_welcome';
$message = $_CLASS['core_user']->lang['ACCOUNT_ADDED'];
}
$data = array('username' => (string) $username, 'user_email' => (string) $email, 'user_group' => $coppa ? 3 : 2, 'user_reg_date' => (int) $_CLASS['core_user']->time, 'user_timezone' => (string) $tz, 'user_password' => (string) $password, 'user_password_encoding' => (string) $_CORE_CONFIG['user']['password_encoding'], 'user_lang' => $lang ? (string) $lang : null, 'user_type' => USER_NORMAL, 'user_status' => (int) $user_status, 'user_act_key' => (string) $user_act_key, 'user_ip' => (string) $_CLASS['core_user']->ip);
user_add($data);
if ($data['user_status'] === STATUS_ACTIVE) {
set_core_config('user', 'newest_user_id', $data['user_id'], false);
set_core_config('user', 'newest_username', $data['username'], false);
set_core_config('user', 'total_users', $_CORE_CONFIG['user']['total_users'] + 1, false);
}
require_once $site_file_root . 'includes/mailer.php';
$mailer = new core_mailer();
$mailer->to($email, $username);
$mailer->subject($subject);
$_CLASS['core_template']->assign_array(array('SITENAME' => $_CORE_CONFIG['global']['site_name'], 'WELCOME_MSG' => sprintf($_CLASS['core_user']->lang['WELCOME_SUBJECT'], $_CORE_CONFIG['global']['site_name']), 'USERNAME' => $username, 'PASSWORD' => $password, 'EMAIL_SIG' => '', 'U_ACTIVATE' => generate_link('system&mode=activate&user_id=' . $data['user_id'] . '&key=' . $user_act_key, array('sid' => false, 'full' => true))));
if ($coppa) {
$_CLASS['core_template']->assign_array(array('FAX_INFO' => $_CORE_CONFIG['user']['coppa_fax'], 'MAIL_INFO' => $_CORE_CONFIG['user']['coppa_mail'], 'EMAIL_ADDRESS' => $email, 'SITENAME' => $_CORE_CONFIG['global']['site_name']));
}
$mailer->message = trim($_CLASS['core_template']->display('modules/Control_Panel/email/' . $email_template, true));
$mailer->send();
$message = $message . '<br /><br />' . sprintf($_CLASS['core_user']->lang['RETURN_INDEX'], '<a href="' . generate_link() . '">', '</a>');
trigger_error($message);
}
}
$s_hidden_fields .= '<input type="hidden" name="coppa" value="' . $coppa . '" />';
$s_hidden_fields .= '<input type="hidden" name="agreed" value="true" />';
if ($_CORE_CONFIG['user']['enable_confirm']) {
$_CLASS['core_user']->session_data_set('confirmation_code', generate_string(6));
$confirm_image = '<img src="' . generate_link('system&mode=confirmation_image') . '" alt="" title="" />';
} else {
$confirm_image = false;
}
if ($submit) {
if ($_CORE_CONFIG['user']['max_reg_attempts']) {
$attempts = (int) $_CLASS['core_user']->session_data_get('reg_attempts', 0);
if ($attempts > $_CORE_CONFIG['user']['max_reg_attempts']) {
trigger_error($_CLASS['core_user']->lang['TOO_MANY_REGISTERS']);
}
$_CLASS['core_user']->session_data_get('reg_attempts', $attempts + 1);
}
}
switch ($_CORE_CONFIG['user']['activation']) {
case USER_ACTIVATION_SELF:
$l_reg_cond = $_CLASS['core_user']->lang['UCP_EMAIL_ACTIVATE'];
break;
case USER_ACTIVATION_ADMIN:
$l_reg_cond = $_CLASS['core_user']->lang['UCP_ADMIN_ACTIVATE'];
break;
default:
$l_reg_cond = '';
break;
}
$user_char_ary = array('.*' => 'USERNAME_CHARS_ANY', '[\\w]+' => 'USERNAME_ALPHA_ONLY', '[\\w_\\+\\. \\-\\[\\]]+' => 'USERNAME_ALPHA_SPACERS');
$_CLASS['core_template']->assign_array(array('ERROR' => empty($error) ? false : implode('<br />', $error), 'USERNAME' => isset($username) ? $username : '', 'PASSWORD' => isset($password) ? $password : '', 'EMAIL' => isset($email) ? $email : '', 'EMAIL_CONFIRM' => isset($email_confirm) ? $email_confirm : '', 'CONFIRM_IMG' => $confirm_image, 'SELECT_TZ' => select_tz(isset($tz) ? $tz : $_CORE_CONFIG['global']['default_timezone']), 'L_CONFIRM_EXPLAIN' => sprintf($_CLASS['core_user']->lang['CONFIRM_EXPLAIN'], '<a href="mailto:' . htmlentities($config['board_contact']) . '">', '</a>'), 'L_ITEMS_REQUIRED' => $l_reg_cond, 'L_USERNAME_EXPLAIN' => sprintf($_CLASS['core_user']->lang[$user_char_ary[$_CORE_CONFIG['user']['allow_name_chars']] . '_EXPLAIN'], $_CORE_CONFIG['user']['min_name_chars'], $_CORE_CONFIG['user']['max_name_chars']), 'L_NEW_PASSWORD_EXPLAIN' => sprintf($_CLASS['core_user']->lang['NEW_PASSWORD_EXPLAIN'], $_CORE_CONFIG['user']['min_pass_chars'], $_CORE_CONFIG['user']['max_pass_chars']), 'S_COPPA' => $coppa, 'S_HIDDEN_FIELDS' => $s_hidden_fields, 'S_UCP_ACTION' => generate_link("Control_Panel&mode=register")));
$this->display($_CLASS['core_user']->lang['REGISTER'], 'ucp_register.html');
}
function sql_error($backtrace, $return = false)
{
if ($return) {
return array('message' => @mysql_error(), 'code' => @mysql_errno());
}
if (!$this->report_error) {
return;
}
$message = '<br clear="all"/><table><tr><td><u>SQL ERROR</u><br /><br />' . @mysql_error() . '<br /><br />File:<br/><br/>' . $backtrace['file'] . '<br /><br />Line:<br /><br />' . $backtrace['line'] . '<br /><br /><u>CALLING PAGE</u><br /><br />' . ($sql ? '<br /><br /><u>SQL</u><br /><br />' . $this->last_query : '') . '<br /></td></tr></table>';
if ($this->in_transaction) {
$this->transaction('rollback');
}
trigger_error($message, E_USER_ERROR);
script_close(false);
}
function error_handler($errtype, $error, $errfile, $errline)
{
global $_CLASS, $site_file_root, $_CORE_CONFIG;
if ($this->report != ERROR_NONE) {
echo $error;
//damn windows
$errfile = str_replace('\\', '/', $errfile);
// Remove the root paths, site files, along with document root
$errfile = str_replace($site_file_root, '', str_replace($_SERVER['DOCUMENT_ROOT'], '', $errfile));
}
switch ($errtype) {
case E_NOTICE:
case E_WARNING:
if (!$this->report) {
return;
}
$errtype = $errtype == E_NOTICE ? 'E_NOTICE' : 'E_WARNING';
$this->error = array('type' => $errtype, 'error' => $error, 'file' => $errfile, 'line' => $errline);
$this->format_error($errtype);
$this->error_setting = array('title', 'redirect');
break;
case E_USER_ERROR:
$code = false;
if (mb_strpos($error, ':')) {
list($code, $error) = explode(':', $error, 2);
if (!is_numeric($code)) {
$error = $code . ':' . $error;
} else {
$header_array = array(404 => 'HTTP/1.0 404 Not Found', 503 => 'HTTP/1.0 503 Service Unavailable');
settype($code, 'integer');
if (!empty($header_array[$code])) {
header($header_array[$code]);
}
}
}
if (isset($_CLASS['core_user'])) {
$_CLASS['core_user']->user_setup();
$error = !empty($_CLASS['core_user']->lang[$error]) ? $_CLASS['core_user']->lang[$error] : $error;
}
$_CLASS['core_template']->assign('MESSAGE_TEXT', $error);
if (isset($_CLASS['core_display'])) {
$_CLASS['core_display']->display(false, 'error.html');
}
$_CLASS['core_template']->display('error.html');
script_close();
break;
case E_USER_NOTICE:
$_CLASS['core_user']->user_setup();
$this->error_setting['title'] = empty($_CLASS['core_user']->lang[$this->error_setting['title']]) ? $this->error_setting['title'] : $_CLASS['core_user']->lang[$this->error_setting['title']];
$error = empty($_CLASS['core_user']->lang[$error]) ? $error : $_CLASS['core_user']->lang[$error];
$_CLASS['core_template']->assign_array(array('MESSAGE_TITLE' => $this->error_setting['title'], 'MESSAGE_TEXT' => $error));
$this->error_setting = array('title', 'redirect');
if (isset($_CLASS['core_display'])) {
$_CLASS['core_display']->display($this->error_setting['title'], 'message.html');
}
$_CLASS['core_template']->display('message.html');
script_close();
break;
}
}
function login($id = ANONYMOUS, $admin_login = false, $hidden = false, $auto_log = false)
{
global $_CLASS;
settype($id, 'int');
if ($bot = check_bot_status($this->browser, $this->ip)) {
$id = $bot;
}
if (!$this->can_create()) {
if (!$bot) {
$this->user_setup();
trigger_error('SITE_TEMP_UNAVAILABLE', E_USER_ERROR);
}
header('HTTP/1.0 503 Service Unavailable');
script_close(false);
}
$result = $_CLASS['core_db']->query('SELECT * FROM ' . USERS_TABLE . ' WHERE user_id = ' . $id);
$this->data = $_CLASS['core_db']->fetch_row_assoc($result);
$_CLASS['core_db']->free_result($result);
if (!$this->data) {
die('Installlation problem');
// Error here, however this happen
}
$this->is_user = !$bot && $this->data['user_type'] == USER_NORMAL;
$this->is_bot = $bot;
if (isset($_CLASS['core_auth'])) {
unset($_CLASS['core_auth']);
}
load_class(false, 'core_auth', 'auth_db');
$this->data['session_admin'] = ADMIN_NOT_ADMIN;
if (!$this->is_bot && $_CLASS['core_auth']->admin_auth()) {
$this->data['session_admin'] = $admin_login ? ADMIN_IS_ADMIN : ADMIN_NOT_LOGGED;
}
$this->is_admin = $this->data['session_admin'] === ADMIN_IS_ADMIN;
$this->data['session_hidden'] = $hidden;
$this->session_create($auto_log);
}
function display($page_title, $tpl_name)
{
global $_CLASS;
page_header();
$_CLASS['core_template']->display('modules/Control_Panel/' . $tpl_name);
script_close();
}
function login_forum_box($forum_data)
{
global $config, $_CLASS;
$sql = 'SELECT forum_id
FROM ' . FORUMS_ACCESS_TABLE . "\n\t\tWHERE forum_id = '" . $forum_data['forum_id'] . "'\n\t\t\tAND user_id = '" . $_CLASS['core_user']->data['user_id'] . "'\n\t\t\tAND session_id = '" . $_CLASS['core_user']->session_id . "'";
$result = $_CLASS['core_db']->query($sql);
if ($row = $_CLASS['core_db']->fetch_row_assoc($result)) {
$_CLASS['core_db']->free_result($result);
return true;
}
$_CLASS['core_db']->free_result($result);
$password = request_var('password', '');
if ($password) {
// Remove expired authorised sessions
$sql = 'SELECT session_id
FROM ' . SESSIONS_TABLE;
$result = $_CLASS['core_db']->query($sql);
if ($row = $_CLASS['core_db']->fetch_row_assoc($result)) {
$sql_in = array();
do {
$sql_in[] = "'" . $_CLASS['core_db']->escape($row['session_id']) . "'";
} while ($row = $_CLASS['core_db']->fetch_row_assoc($result));
$sql = 'DELETE FROM ' . FORUMS_ACCESS_TABLE . '
WHERE session_id NOT IN (' . implode(', ', $sql_in) . ')';
$_CLASS['core_db']->query($sql);
}
$_CLASS['core_db']->free_result($result);
if ($password == $forum_data['forum_password']) {
$sql = 'INSERT INTO ' . FORUMS_ACCESS_TABLE . ' (forum_id, user_id, session_id)
VALUES (' . $forum_data['forum_id'] . ', ' . $_CLASS['core_user']->data['user_id'] . ", '" . $_CLASS['core_db']->escape($_CLASS['core_user']->session_id) . "')";
$_CLASS['core_db']->query($sql);
return true;
}
$_CLASS['core_template']->assign('LOGIN_ERROR', $_CLASS['core_user']->lang['WRONG_PASSWORD']);
}
page_header();
$_CLASS['core_template']->display('modules/forums/login_forum.html');
script_close();
}
function compose_pm($id, $mode, $action)
{
global $_CLASS, $site_file_root, $config;
if (!$action) {
$action = 'post';
}
$_CLASS['core_template']->assign(array('S_DISPLAY_FORM' => false, 'S_DRAFT_LOADED' => false, 'S_SHOW_DRAFTS' => false, 'S_POST_REVIEW' => false, 'S_INLINE_ATTACHMENT_OPTIONS' => false, 'S_EDIT_REASON' => false, 'S_HAS_ATTACHMENTS' => false, 'to_recipient' => false, 'bcc_recipient' => false, 'S_DISPLAY_HISTORY' => false, 'S_DISPLAY_PREVIEW' => false));
// Grab only parameters needed here
$to_user_id = request_var('u', 0);
$to_group_id = request_var('g', 0);
$msg_id = request_var('p', 0);
$quote_post = request_var('q', 0);
$draft_id = request_var('d', 0);
$lastclick = request_var('lastclick', 0);
$message_text = $subject = '';
// Do NOT use request_var or specialchars here
$address_list = isset($_REQUEST['address_list']) ? $_REQUEST['address_list'] : array();
$submit = isset($_POST['post']);
$preview = isset($_POST['preview']);
$save = isset($_POST['save']);
$load = isset($_POST['load']);
$cancel = isset($_POST['cancel']);
$confirm = isset($_POST['confirm']);
$delete = isset($_POST['delete']);
$remove_u = isset($_REQUEST['remove_u']);
$remove_g = isset($_REQUEST['remove_g']);
$add_to = isset($_REQUEST['add_to']);
$add_bcc = isset($_REQUEST['add_bcc']);
$refresh = isset($_POST['add_file']) || isset($_POST['delete_file']) || isset($_POST['edit_comment']) || $save || $load || $remove_u || $remove_g || $add_to || $add_bcc;
$action = $delete && !$preview && !$refresh && $submit ? 'delete' : $action;
$error = array();
$current_time = gmtime();
// Was cancel pressed? If so then redirect to the appropriate page
if ($cancel || $current_time - $lastclick < 2 && $submit) {
$redirect = generate_link("Control_Panel&i={$id}&mode=view_messages&action=view_message" . ($msg_id ? "&p={$msg_id}" : ''));
redirect($redirect);
}
if ($action == 'forward' && (!$config['forward_pm'] || !$_CLASS['auth']->acl_get('u_pm_forward'))) {
trigger_error('NO_AUTH_FORWARD_MESSAGE');
}
if ($action == 'edit' && !$_CLASS['auth']->acl_get('u_pm_edit')) {
trigger_error('NO_AUTH_EDIT_MESSAGE');
}
$sql = '';
// What is all this following SQL for? Well, we need to know
// some basic information in all cases before we do anything.
switch ($action) {
case 'post':
if (!$_CLASS['auth']->acl_get('u_sendpm')) {
trigger_error('NO_AUTH_SEND_MESSAGE');
}
break;
case 'reply':
case 'quote':
case 'forward':
if (!$msg_id) {
trigger_error('NO_MESSAGE');
}
if (!$_CLASS['auth']->acl_get('u_sendpm')) {
trigger_error('NO_AUTH_SEND_MESSAGE');
}
if ($quote_post) {
$sql = 'SELECT p.post_text as message_text, p.poster_id as author_id, p.post_time as message_time, p.bbcode_bitfield, p.bbcode_uid, p.enable_sig, p.enable_html, p.enable_smilies, p.enable_magic_url, t.topic_title as message_subject, u.username as quote_username
FROM ' . FORUMS_POSTS_TABLE . ' p, ' . FORUMS_TOPICS_TABLE . ' t, ' . USERS_TABLE . " u\n\t\t\t\t\tWHERE p.post_id = {$msg_id}\n\t\t\t\t\t\tAND t.topic_id = p.topic_id\n\t\t\t\t\t\tAND u.user_id = p.poster_id";
} else {
$sql = 'SELECT t.*, p.*, u.username as quote_username
FROM ' . FORUMS_PRIVMSGS_TO_TABLE . ' t, ' . FORUMS_PRIVMSGS_TABLE . ' p, ' . USERS_TABLE . ' u
WHERE t.user_id = ' . $_CLASS['core_user']->data['user_id'] . "\n\t\t\t\t\t\tAND p.author_id = u.user_id\n\t\t\t\t\t\tAND t.msg_id = p.msg_id\n\t\t\t\t\t\tAND p.msg_id = {$msg_id}";
}
break;
case 'edit':
if (!$msg_id) {
trigger_error('NO_MESSAGE');
}
// check for outbox (not read) status, we do not allow editing if one user already having the message
$sql = 'SELECT p.*, t.*
FROM ' . FORUMS_PRIVMSGS_TO_TABLE . ' t, ' . FORUMS_PRIVMSGS_TABLE . ' p
WHERE t.user_id = ' . $_CLASS['core_user']->data['user_id'] . '
AND t.folder_id = ' . PRIVMSGS_OUTBOX . "\n\t\t\t\t\tAND t.msg_id = {$msg_id}\n\t\t\t\t\tAND t.msg_id = p.msg_id";
break;
case 'delete':
if (!$_CLASS['auth']->acl_get('u_pm_delete')) {
trigger_error('NO_AUTH_DELETE_MESSAGE');
}
if (!$msg_id) {
trigger_error('NO_MESSAGE');
}
$sql = 'SELECT msg_id, unread, new, author_id, folder_id
FROM ' . FORUMS_PRIVMSGS_TO_TABLE . '
WHERE user_id = ' . $_CLASS['core_user']->data['user_id'] . "\n\t\t\t\t\tAND msg_id = {$msg_id}";
break;
case 'smilies':
require_once $site_file_root . 'includes/forums/functions_posting.php';
generate_smilies('window', 0);
script_close(false);
break;
default:
trigger_error('NO_ACTION_MODE');
break;
}
if ($sql) {
$result = $_CLASS['core_db']->query_limit($sql, 1);
if (!($row = $_CLASS['core_db']->fetch_row_assoc($result))) {
trigger_error('NO_MESSAGE');
}
extract($row);
$_CLASS['core_db']->free_result($result);
$msg_id = (int) $msg_id;
$enable_urls = $enable_magic_url;
if (!$author_id && $msg_id) {
trigger_error('NO_AUTHOR');
}
if (($action == 'reply' || $action == 'quote') && empty($address_list) && !$refresh && !$submit && !$preview) {
$address_list = array('u' => array($author_id => 'to'));
} elseif ($action == 'edit' && empty($address_list) && !$refresh && !$submit && !$preview) {
// Rebuild TO and BCC Header
$address_list = rebuild_header(array('to' => $to_address, 'bcc' => $bcc_address));
}
$check_value = ($enable_html + 1 << 16) + ($enable_bbcode + 1 << 8) + ($enable_smilies + 1 << 4) + ($enable_urls + 1 << 2) + ($enable_sig + 1 << 1);
} else {
$message_attachment = 0;
if ($to_user_id && $action == 'post') {
$address_list['u'][$to_user_id] = 'to';
} else {
if ($to_group_id && $action == 'post') {
$address_list['g'][$to_group_id] = 'to';
}
}
$check_value = 0;
}
if (($to_group_id || isset($address_list['g'])) && !$config['allow_mass_pm']) {
trigger_error('NO_AUTH_GROUP_MESSAGE');
}
if ($action == 'edit' && !$refresh && !$preview && !$submit) {
if (!($message_time > time() - $config['pm_edit_time'] || !$config['pm_edit_time'])) {
trigger_error('CANNOT_EDIT_MESSAGE_TIME');
}
}
if (!isset($icon_id)) {
$icon_id = 0;
}
require_once $site_file_root . 'includes/forums/functions_admin.php';
require_once $site_file_root . 'includes/forums/functions_posting.php';
require_once $site_file_root . 'includes/forums/message_parser.php';
$message_parser = new parse_message();
$message_subject = isset($message_subject) ? $message_subject : '';
$message_parser->message = $action == 'reply' ? '' : (isset($message_text) ? $message_text : '');
unset($message_text);
$s_action = "Control_Panel&i={$id}&mode={$mode}&action={$action}";
$s_action .= $msg_id ? "&p={$msg_id}" : '';
$s_action .= $quote_post ? "&q=1" : '';
// Delete triggered ?
if ($action == 'delete') {
// Folder id has been determined by the SQL Statement
// $folder_id = request_var('f', PRIVMSGS_NO_BOX);
$s_hidden_fields = '<input type="hidden" name="p" value="' . $msg_id . '" /><input type="hidden" name="f" value="' . $folder_id . '" /><input type="hidden" name="action" value="delete" />';
// Do we need to confirm ?
if (confirm_box(true)) {
delete_pm($_CLASS['core_user']->data['user_id'], $msg_id, $folder_id);
// TODO - jump to next message in "history"?
$meta_info = generate_link('Control_Panel&i=pm&folder=' . $folder_id);
$message = $_CLASS['core_user']->lang['MESSAGE_DELETED'];
meta_refresh(3, $meta_info);
$message .= '<br /><br />' . sprintf($_CLASS['core_user']->lang['RETURN_FOLDER'], '<a href="' . $meta_info . '">', '</a>');
trigger_error($message);
} else {
confirm_box(false, 'DELETE_MESSAGE', $s_hidden_fields);
}
}
// Handle User/Group adding/removing
handle_message_list_actions($address_list, $remove_u, $remove_g, $add_to, $add_bcc);
// Check for too many recipients
if (!$config['allow_mass_pm'] && num_recipients($address_list) > 1) {
$address_list = get_recipient_pos($address_list, 1);
$error[] = $_CLASS['core_user']->lang['TOO_MANY_RECIPIENTS'];
}
$message_parser->get_submitted_attachment_data();
if ($message_attachment && !$submit && !$refresh && !$preview && $action == 'edit') {
$sql = 'SELECT attach_id, physical_filename, comment, real_filename, extension, mimetype, filesize, filetime, thumbnail
FROM ' . FORUMS_ATTACHMENTS_TABLE . "\n\t\t\tWHERE post_msg_id = {$msg_id}\n\t\t\t\tAND in_message = 1\n\t\t\t\tORDER BY filetime " . (!$config['display_order'] ? 'DESC' : 'ASC');
$result = $_CLASS['core_db']->query($sql);
$message_parser->attachment_data = array_merge($message_parser->attachment_data, $_CLASS['core_db']->fetch_row_assocset($result));
$_CLASS['core_db']->free_result($result);
}
if (!in_array($action, array('quote', 'edit', 'delete', 'forward'))) {
$enable_sig = $config['allow_sig'] && $_CLASS['auth']->acl_get('u_sig') && $_CLASS['core_user']->optionget('attachsig');
$enable_smilies = $config['allow_smilies'] && $_CLASS['auth']->acl_get('u_pm_smilies') && $_CLASS['core_user']->optionget('smilies');
$enable_bbcode = $config['allow_bbcode'] && $_CLASS['auth']->acl_get('u_pm_bbcode') && $_CLASS['core_user']->optionget('bbcode');
$enable_urls = true;
}
$enable_magic_url = $drafts = false;
// User own some drafts?
if ($_CLASS['auth']->acl_get('u_savedrafts') && $action != 'delete') {
$sql = 'SELECT draft_id
FROM ' . FORUMS_DRAFTS_TABLE . '
WHERE (forum_id = 0 AND topic_id = 0)
AND user_id = ' . $_CLASS['core_user']->data['user_id'] . ($draft_id ? " AND draft_id <> {$draft_id}" : '');
$result = $_CLASS['core_db']->query_limit($sql, 1);
if ($_CLASS['core_db']->fetch_row_assoc($result)) {
$drafts = true;
}
$_CLASS['core_db']->free_result($result);
}
if ($action == 'edit' || $action == 'forward') {
$message_parser->bbcode_uid = $bbcode_uid;
}
$config['auth_bbcode_pm'] = true;
$html_status = $config['allow_html'] && $config['auth_html_pm'] && $_CLASS['auth']->acl_get('u_pm_html');
$bbcode_status = $config['allow_bbcode'] && $config['auth_bbcode_pm'] && $_CLASS['auth']->acl_get('u_pm_bbcode');
$smilies_status = $config['allow_smilies'] && $config['auth_smilies_pm'] && $_CLASS['auth']->acl_get('u_pm_smilies');
$img_status = $config['auth_img_pm'] && $_CLASS['auth']->acl_get('u_pm_img');
$flash_status = $config['auth_flash_pm'] && $_CLASS['auth']->acl_get('u_pm_flash');
// Save Draft
if ($save && $_CLASS['auth']->acl_get('u_savedrafts')) {
$subject = request_var('subject', '', true);
$subject = !$subject && $action != 'post' ? $_CLASS['core_user']->lang['NEW_MESSAGE'] : $subject;
$message = request_var('message', '', true);
if ($subject && $message) {
$sql = 'INSERT INTO ' . FORUMS_DRAFTS_TABLE . ' ' . $_CLASS['core_db']->sql_build_array('INSERT', array('user_id' => $_CLASS['core_user']->data['user_id'], 'topic_id' => 0, 'forum_id' => 0, 'save_time' => $current_time, 'draft_subject' => $subject, 'draft_message' => $message));
$_CLASS['core_db']->query($sql);
$_CLASS['core_display']->meta_refresh(3, generate_link('Control_Panel&i=pm&mode=' . $mode));
$message = $_CLASS['core_user']->lang['DRAFT_SAVED'] . '<br /><br />' . sprintf($_CLASS['core_user']->lang['RETURN_UCP'], '<a href="' . generate_link('Control_Panel&i=pm&mode=' . $mode) . '">', '</a>');
trigger_error($message);
}
unset($subject);
unset($message);
}
// Load Draft
if ($draft_id && $_CLASS['auth']->acl_get('u_savedrafts')) {
$sql = 'SELECT draft_subject, draft_message
FROM ' . FORUMS_DRAFTS_TABLE . " \n\t\t\tWHERE draft_id = {$draft_id}\n\t\t\t\tAND topic_id = 0\n\t\t\t\tAND forum_id = 0\n\t\t\t\tAND user_id = " . $_CLASS['core_user']->data['user_id'];
$result = $_CLASS['core_db']->query_limit($sql, 1);
if ($row = $_CLASS['core_db']->fetch_row_assoc($result)) {
$_REQUEST['subject'] = $row['draft_subject'];
$_REQUEST['message'] = $row['draft_message'];
$refresh = true;
$_CLASS['core_template']->assign('S_DRAFT_LOADED', true);
} else {
$draft_id = 0;
}
}
// Load Drafts
if ($load && $drafts) {
load_drafts(0, 0, $id);
}
if ($submit || $preview || $refresh) {
$subject = mb_strtolower(get_variable('subject', 'POST', ''));
$message_parser->message = request_var('message', '', true);
$icon_id = request_var('icon', 0);
$enable_html = !$html_status || isset($_POST['disable_html']) ? false : true;
$enable_bbcode = !$bbcode_status || isset($_POST['disable_bbcode']) ? false : true;
$enable_smilies = !$smilies_status || isset($_POST['disable_smilies']) ? false : true;
$enable_urls = isset($_POST['disable_magic_url']) ? 0 : 1;
$enable_sig = !$config['allow_sig'] ? false : (isset($_POST['attach_sig']) ? true : false);
if ($submit) {
$status_switch = ($enable_html + 1 << 16) + ($enable_bbcode + 1 << 8) + ($enable_smilies + 1 << 4) + ($enable_urls + 1 << 2) + ($enable_sig + 1 << 1);
$status_switch = $status_switch != $check_value;
} else {
$status_switch = 1;
}
// Parse Attachments - before checksum is calculated
$message_parser->parse_attachments('fileupload', $action, 0, $submit, $preview, $refresh, true);
// Grab md5 'checksum' of new message
$message_md5 = md5($message_parser->message);
// Check checksum ... don't re-parse message if the same
$update_message = $action != 'edit' || $message_md5 != $post_checksum || $status_switch || $preview ? true : false;
if ($update_message) {
$message_parser->parse($enable_html, $enable_bbcode, $enable_urls, $enable_smilies, $img_status, $flash_status, true);
} else {
$message_parser->bbcode_bitfield = $bbcode_bitfield;
}
if ($action != 'edit' && !$preview && !$refresh && $config['flood_interval'] && !$_CLASS['auth']->acl_get('u_ignoreflood')) {
// Flood check
$last_post_time = $_CLASS['core_user']->data['user_last_post_time'];
if ($last_post_time) {
if ($last_post_time && $current_time - $last_post_time < intval($config['flood_interval'])) {
$error[] = $_CLASS['core_user']->lang['FLOOD_ERROR'];
}
}
}
// Subject defined
if (!$subject && !($remove_u || $remove_g || $add_to || $add_bcc)) {
$error[] = $_CLASS['core_user']->lang['EMPTY_SUBJECT'];
}
if (empty($address_list)) {
$error[] = $_CLASS['core_user']->lang['NO_RECIPIENT'];
}
if (!empty($message_parser->warn_msg) && !($remove_u || $remove_g || $add_to || $add_bcc)) {
$error[] = implode('<br />', $message_parser->warn_msg);
}
// Store message, sync counters
if (empty($error) && $submit) {
$pm_data = array('msg_id' => (int) $msg_id, 'reply_from_root_level' => isset($root_level) ? (int) $root_level : 0, 'reply_from_msg_id' => (int) $msg_id, 'icon_id' => (int) $icon_id, 'enable_sig' => (bool) $enable_sig, 'enable_bbcode' => (bool) $enable_bbcode, 'enable_html' => (bool) $enable_html, 'enable_smilies' => (bool) $enable_smilies, 'enable_urls' => (bool) $enable_urls, 'message_md5' => (int) $message_md5, 'bbcode_bitfield' => (int) $message_parser->bbcode_bitfield, 'bbcode_uid' => $message_parser->bbcode_uid, 'message' => $message_parser->message, 'attachment_data' => $message_parser->attachment_data, 'filename_data' => $message_parser->filename_data, 'address_list' => $address_list);
unset($message_parser);
// ((!$message_subject) ? $subject : $message_subject)
$msg_id = submit_pm($action, $subject, $pm_data, $update_message);
$return_message_url = generate_link('Control_Panel&i=pm&mode=view_messages&action=view_message&p=' . $msg_id);
$return_folder_url = generate_link('Control_Panel&i=pm&folder=outbox');
$_CLASS['core_display']->meta_refresh(3, $return_message_url);
$message = $_CLASS['core_user']->lang['MESSAGE_STORED'] . '<br /><br />' . sprintf($_CLASS['core_user']->lang['VIEW_MESSAGE'], '<a href="' . $return_message_url . '">', '</a>') . '<br /><br />' . sprintf($_CLASS['core_user']->lang['CLICK_RETURN_FOLDER'], '<a href="' . $return_folder_url . '">', '</a>', $_CLASS['core_user']->lang['PM_OUTBOX']);
trigger_error($message);
}
$message_subject = stripslashes($subject);
}
if (empty($error) && $preview) {
$post_time = $action == 'edit' ? $post_time : $current_time;
$preview_message = $message_parser->format_display($enable_html, $enable_bbcode, $enable_urls, $enable_smilies, false);
$preview_signature = $_CLASS['core_user']->data['user_sig'];
$preview_signature_uid = $_CLASS['core_user']->data['user_sig_bbcode_uid'];
$preview_signature_bitfield = $_CLASS['core_user']->data['user_sig_bbcode_bitfield'];
// Signature
if ($enable_sig && $config['allow_sig'] && $preview_signature) {
$parse_sig = new parse_message($preview_signature);
$parse_sig->bbcode_uid = $preview_signature_uid;
$parse_sig->bbcode_bitfield = $preview_signature_bitfield;
$parse_sig->format_display($enable_html, $enable_bbcode, $enable_urls, $enable_smilies);
$preview_signature = $parse_sig->message;
unset($parse_sig);
} else {
$preview_signature = '';
}
// Attachment Preview
if (!empty($message_parser->attachment_data)) {
require $site_file_root . 'includes/forums/functions_display.php';
$extensions = $update_count = array();
$_CLASS['core_template']->assign('S_HAS_ATTACHMENTS', true);
display_attachments(0, 'attachment', $message_parser->attachment_data, $update_count, true);
}
$preview_subject = censor_text($subject);
if (empty($error)) {
$_CLASS['core_template']->assign(array('POST_DATE' => $_CLASS['core_user']->format_date($post_time), 'PREVIEW_SUBJECT' => $preview_subject, 'PREVIEW_MESSAGE' => $preview_message, 'PREVIEW_SIGNATURE' => $preview_signature, 'S_DISPLAY_PREVIEW' => true));
}
unset($message_text);
}
// Decode text for message display
$bbcode_uid = ($action == 'quote' || $action == 'forward') && !$preview && !$refresh && empty($error) ? $bbcode_uid : $message_parser->bbcode_uid;
$message_parser->decode_message($bbcode_uid);
if ($action == 'quote' && !$preview && !$refresh) {
$message_parser->message = '[quote="' . $quote_username . '"]' . censor_text(trim($message_parser->message)) . "[/quote]\n";
}
if (($action == 'reply' || $action == 'quote') && !$preview && !$refresh) {
$message_subject = (!preg_match('/^Re:/', $message_subject) ? 'Re: ' : '') . censor_text($message_subject);
}
if ($action == 'forward' && !$preview && !$refresh) {
$fwd_to_field = write_pm_addresses(array('to' => $to_address), 0, true);
$forward_text = array();
$forward_text[] = $_CLASS['core_user']->lang['FWD_ORIGINAL_MESSAGE'];
$forward_text[] = sprintf($_CLASS['core_user']->lang['FWD_SUBJECT'], censor_text($message_subject));
$forward_text[] = sprintf($_CLASS['core_user']->lang['FWD_DATE'], $_CLASS['core_user']->format_date($message_time));
$forward_text[] = sprintf($_CLASS['core_user']->lang['FWD_FROM'], $quote_username);
$forward_text[] = sprintf($_CLASS['core_user']->lang['FWD_TO'], implode(', ', $fwd_to_field['to']));
$message_parser->message = implode("\n", $forward_text) . "\n\n[quote=\"[url=" . generate_link("Members_List&mode=viewprofile&u={$author_id}]{$quote_username}") . "[/url]\"]\n" . censor_text(trim($message_parser->message)) . "\n[/quote]";
$message_subject = (!preg_match('/^Fwd:/', $message_subject) ? 'Fwd: ' : '') . censor_text($message_subject);
}
$attachment_data = $message_parser->attachment_data;
$filename_data = $message_parser->filename_data;
$message_text = $message_parser->message;
unset($message_parser);
// MAIN PM PAGE BEGINS HERE
// Generate smiley listing
generate_smilies('inline', 0);
// Generate PM Icons
$s_pm_icons = false;
if ($config['enable_pm_icons']) {
$s_pm_icons = posting_gen_topic_icons($action, $icon_id);
}
// Generate inline attachment select box
posting_gen_inline_attachments($attachment_data);
// Build address list for display
// array('u' => array($author_id => 'to'));
if (!empty($address_list)) {
// Get Usernames and Group Names
$result = array();
if (isset($address_list['u']) && !empty($address_list['u'])) {
$result['u'] = $_CLASS['core_db']->query('SELECT user_id as id, username as name, user_colour as colour
FROM ' . USERS_TABLE . '
WHERE user_id IN (' . implode(', ', array_map('intval', array_keys($address_list['u']))) . ')');
}
if (isset($address_list['g']) && !empty($address_list['g'])) {
$result['g'] = $_CLASS['core_db']->query('SELECT group_id as id, group_name as name, group_colour as colour
FROM ' . GROUPS_TABLE . '
WHERE group_receive_pm = 1 AND group_id IN (' . implode(', ', array_map('intval', array_keys($address_list['g']))) . ')');
}
$u = $g = array();
foreach (array('u', 'g') as $type) {
if (isset($result[$type]) && $result[$type]) {
while ($row = $_CLASS['core_db']->fetch_row_assoc($result[$type])) {
${$type}[$row['id']] = array('name' => $row['name'], 'colour' => $row['colour']);
}
$_CLASS['core_db']->free_result($result[$type]);
}
}
// Now Build the address list
$plain_address_field = '';
foreach ($address_list as $type => $adr_ary) {
foreach ($adr_ary as $id => $field) {
if (!isset(${$type}[$id])) {
unset($address_list[$type][$id]);
continue;
}
$field = $field == 'to' ? 'to' : 'bcc';
$type = $type == 'u' ? 'u' : 'g';
$id = (int) $id;
$_CLASS['core_template']->assign_vars_array($field . '_recipient', array('NAME' => ${$type}[$id]['name'], 'IS_GROUP' => $type == 'g', 'IS_USER' => $type == 'u', 'COLOUR' => ${$type}[$id]['colour'] ? ${$type}[$id]['colour'] : '', 'UG_ID' => $id, 'U_VIEW' => $type == 'u' ? generate_link('Members_List&mode=viewprofile&u=' . $id) : generate_link('Members_List&mode=group&g=' . $id), 'TYPE' => $type));
}
}
}
// Build hidden address list
$s_hidden_address_field = '';
foreach ($address_list as $type => $adr_ary) {
foreach ($adr_ary as $id => $field) {
$s_hidden_address_field .= '<input type="hidden" name="address_list[' . ($type == 'u' ? 'u' : 'g') . '][' . (int) $id . ']" value="' . ($field == 'to' ? 'to' : 'bcc') . '" />';
}
}
$html_checked = isset($enable_html) ? !$enable_html : ($config['allow_html'] && $_CLASS['auth']->acl_get('u_pm_html') ? !$_CLASS['core_user']->optionget('html') : 1);
$bbcode_checked = isset($enable_bbcode) ? !$enable_bbcode : ($config['allow_bbcode'] && $_CLASS['auth']->acl_get('u_pm_bbcode') ? !$_CLASS['core_user']->optionget('bbcode') : 1);
$smilies_checked = isset($enable_smilies) ? !$enable_smilies : ($config['allow_smilies'] && $_CLASS['auth']->acl_get('u_pm_smilies') ? !$_CLASS['core_user']->optionget('smilies') : 1);
$urls_checked = isset($enable_urls) ? !$enable_urls : 0;
$sig_checked = $enable_sig;
switch ($action) {
case 'post':
$page_title = $_CLASS['core_user']->lang['POST_NEW_PM'];
break;
case 'quote':
$page_title = $_CLASS['core_user']->lang['POST_QUOTE_PM'];
break;
case 'reply':
$page_title = $_CLASS['core_user']->lang['POST_REPLY_PM'];
break;
case 'edit':
$page_title = $_CLASS['core_user']->lang['POST_EDIT_PM'];
break;
case 'forward':
$page_title = $_CLASS['core_user']->lang['POST_FORWARD_PM'];
break;
default:
trigger_error('NO_ACTION_MODE');
}
$s_hidden_fields = '<input type="hidden" name="lastclick" value="' . $current_time . '" />';
$s_hidden_fields .= isset($check_value) ? '<input type="hidden" name="status_switch" value="' . $check_value . '" />' : '';
$s_hidden_fields .= $draft_id || isset($_REQUEST['draft_loaded']) ? '<input type="hidden" name="draft_loaded" value="' . (isset($_REQUEST['draft_loaded']) ? intval($_REQUEST['draft_loaded']) : $draft_id) . '" />' : '';
$form_enctype = @ini_get('file_uploads') == '0' || strtolower(@ini_get('file_uploads')) == 'off' || @ini_get('file_uploads') == '0' || !$config['allow_pm_attach'] || !$_CLASS['auth']->acl_get('u_pm_attach') ? '' : ' enctype="multipart/form-data"';
// Start assigning vars for main posting page ...
$_CLASS['core_template']->assign(array('L_POST_A' => $page_title, 'L_ICON' => $_CLASS['core_user']->lang['PM_ICON'], 'L_MESSAGE_BODY_EXPLAIN' => intval($config['max_post_chars']) ? sprintf($_CLASS['core_user']->lang['MESSAGE_BODY_EXPLAIN'], intval($config['max_post_chars'])) : '', 'SUBJECT' => isset($message_subject) ? $message_subject : '', 'MESSAGE' => $message_text, 'HTML_STATUS' => $html_status ? $_CLASS['core_user']->lang['HTML_IS_ON'] : $_CLASS['core_user']->lang['HTML_IS_OFF'], 'BBCODE_STATUS' => $bbcode_status ? sprintf($_CLASS['core_user']->lang['BBCODE_IS_ON'], '<a href="' . generate_link('Forums&file=faq&mode=bbcode') . '" target="_phpbbcode">', '</a>') : sprintf($_CLASS['core_user']->lang['BBCODE_IS_OFF'], '<a href="' . generate_link('Forums&file=faq&mode=bbcode') . '" target="_phpbbcode">', '</a>'), 'IMG_STATUS' => $img_status ? $_CLASS['core_user']->lang['IMAGES_ARE_ON'] : $_CLASS['core_user']->lang['IMAGES_ARE_OFF'], 'FLASH_STATUS' => $flash_status ? $_CLASS['core_user']->lang['FLASH_IS_ON'] : $_CLASS['core_user']->lang['FLASH_IS_OFF'], 'SMILIES_STATUS' => $smilies_status ? $_CLASS['core_user']->lang['SMILIES_ARE_ON'] : $_CLASS['core_user']->lang['SMILIES_ARE_OFF'], 'MINI_POST_IMG' => $_CLASS['core_user']->img('icon_post', $_CLASS['core_user']->lang['PM']), 'ERROR' => empty($error) ? '' : implode('<br />', $error), 'S_EDIT_POST' => $action == 'edit', 'S_SHOW_PM_ICONS' => $s_pm_icons, 'S_HTML_ALLOWED' => $html_status, 'S_HTML_CHECKED' => $html_checked ? ' checked="checked"' : '', 'S_BBCODE_ALLOWED' => $bbcode_status, 'S_BBCODE_CHECKED' => $bbcode_checked ? ' checked="checked"' : '', 'S_SMILIES_ALLOWED' => $smilies_status, 'S_SMILIES_CHECKED' => $smilies_checked ? ' checked="checked"' : '', 'S_SIG_ALLOWED' => $config['allow_sig'] && $_CLASS['auth']->acl_get('u_sig'), 'S_SIGNATURE_CHECKED' => $sig_checked ? ' checked="checked"' : '', 'S_MAGIC_URL_CHECKED' => $urls_checked ? ' checked="checked"' : '', 'S_SAVE_ALLOWED' => $_CLASS['auth']->acl_get('u_savedrafts'), 'S_HAS_DRAFTS' => $_CLASS['auth']->acl_get('u_savedrafts') && $drafts, 'S_FORM_ENCTYPE' => $form_enctype, 'S_POST_ACTION' => generate_link($s_action), 'S_HIDDEN_ADDRESS_FIELD' => $s_hidden_address_field, 'S_HIDDEN_FIELDS' => $s_hidden_fields));
// Attachment entry
if ($_CLASS['auth']->acl_get('u_pm_attach') && $config['allow_pm_attach'] && $form_enctype) {
posting_gen_attachment_entry($attachment_data, $filename_data);
}
}
function page_articles()
{
global $_CLASS;
$_CLASS['core_user']->user_setup();
if (isset($_GET['mode'])) {
switch ($_GET['mode']) {
case 'print':
$print = true;
case 'view':
$print = isset($print);
$id = get_variable('id', 'GET', false, 'int');
if (!$id) {
trigger_error('ARTICLE_NOT_FOUND');
}
$result = $_CLASS['core_db']->query('SELECT * FROM ' . ARTICLES_TABLE . ' WHERE articles_id = ' . $id);
$row = $_CLASS['core_db']->fetch_row_assoc($result);
$_CLASS['core_db']->free_result($result);
if (!$row || $row['articles_status'] != STATUS_ACTIVE) {
trigger_error('ARTICLE_NOT_FOUND');
}
$_CLASS['core_template']->assign_array(array('ARTICLES_POSTER' => $row['poster_name'] ? $row['poster_name'] : $_CLASS['core_user']->get_lang('ANONYMOUS'), 'ARTICLES_POSTER_LINK' => $row['poster_name'] && $row['poster_id'] ? generate_link('Members_List&mode=viewprofile&u=' . $row['poster_id']) : '', 'ARTICLES_TEXT' => $row['articles_text'], 'ARTICLES_CONTENT_LINK' => generate_link('articles&mode=view&id=' . $row['articles_id']), 'ARTICLES_TIME' => $_CLASS['core_user']->format_date($row['articles_posted']), 'ARTICLES_TITLE' => $row['articles_title'], 'ARTICLES_ID' => $id, 'ARTICLES_LINK_PRINT' => generate_link('articles&mode=print&id=' . $row['articles_id']), 'ARTICLES_LINK_SEND' => generate_link('articles&mode=send&id=' . $row['articles_id'])));
$_CLASS['core_display']->display(false, $print ? 'modules/articles/print.html' : 'modules/articles/view.html');
script_close();
break;
}
}
$start = get_variable('start', 'GET', false, 'int');
$collapable_holding = array();
$expire_updated = false;
$limit = 10;
$sql = 'SELECT * FROM ' . ARTICLES_TABLE . ' WHERE articles_status = ' . STATUS_ACTIVE . ' ORDER BY articles_order ASC';
$result = $_CLASS['core_db']->query_limit($sql, $limit, $start);
while ($row = $_CLASS['core_db']->fetch_row_assoc($result)) {
// this can cause problems, only thing to do is remove the limit query and do a loop until we get the needed articles
if ($row['articles_auth'] && !$_CLASS['core_auth']->auth(@unserialize($row['articles_auth'])) && !$_CLASS['core_auth']->admin_power('articles')) {
continue;
}
if ($row['articles_expires'] && !$expire_updated && $_CLASS['core_user']->time > $row['articles_expires']) {
$_CLASS['core_db']->query('UPDATE ' . ARTICLES_TABLE . ' SET articles_status = ' . STATUS_DISABLED . ' WHERE articles_expires > 0 AND articles_expires <= ' . $_CLASS['core_user']->time);
$expire_updated = true;
continue;
}
if ($row['articles_starts'] && $row['articles_starts'] > $_CLASS['core_user']->time) {
continue;
}
$_CLASS['core_template']->assign_vars_array('articles', array('poster' => $row['poster_name'] ? $row['poster_name'] : $_CLASS['core_user']->get_lang('ANONYMOUS'), 'content' => $row['articles_intro'] ? $row['articles_intro'] : $row['articles_text'], 'time' => $_CLASS['core_user']->format_date($row['articles_posted']), 'title' => $row['articles_title'], 'id' => $row['articles_id'], 'collapse' => check_collapsed_status('a_' . $row['articles_id']), 'full_story' => $row['articles_intro'] && $row['articles_text'], 'link_poster' => $row['poster_name'] && $row['poster_id'] ? generate_link('Members_List&mode=viewprofile&u=' . $row['poster_id']) : '', 'link_content' => generate_link('articles&mode=view&id=' . $row['articles_id']), 'link_print' => generate_link('articles&mode=print&id=' . $row['articles_id']), 'link_send' => generate_link('articles&mode=send&id=' . $row['articles_id'])));
$collapable_holding[] = 'a_' . $row['articles_id'];
}
$_CLASS['core_db']->free_result($result);
// Garbage collection, would cause problems with guest/loggin articl views
if ($cookie_data = get_variable('collapsed_items', 'COOKIE')) {
$collapsed_items = $cookie_data ? explode(':', $cookie_data) : array();
$count = count($collapsed_items);
for ($i = 0; $i < $count; $i++) {
if (mb_strpos($collapsed_items[$i], 'a_') === 0 && !in_array($collapsed_items[$i], $collapable_holding)) {
unset($collapsed_items[$i]);
}
}
$collapsed_items = implode(':', $collapsed_items);
setcookie('collapsed_items', $collapsed_items, (int) $_CLASS['core_user']->time + 31536000000.0, '/');
}
$result = $_CLASS['core_db']->query('SELECT COUNT(*) AS total FROM ' . ARTICLES_TABLE . ' WHERE articles_status = ' . STATUS_ACTIVE);
$row = $_CLASS['core_db']->fetch_row_assoc($result);
$_CLASS['core_db']->free_result($result);
$pagination = generate_pagination('articles', $row['total'], $limit, $start);
$_CLASS['core_template']->assign_array(array('articles_pagination' => $pagination['formated'], 'articles_pagination_array' => $pagination['array']));
$_CLASS['core_display']->display(false, 'modules/articles/index.html');
}
function send_file_to_browser($attachment, $upload_dir, $category)
{
global $_CLASS, $config;
$filename = $upload_dir . '/' . $attachment['physical_filename'];
if (!@file_exists($filename)) {
trigger_error($_CLASS['core_user']->lang['ERROR_NO_ATTACHMENT'] . '<br /><br />' . sprintf($_CLASS['core_user']->lang['FILE_NOT_FOUND_404'], $filename));
}
// Check if headers already sent or not able to get the file contents.
if (headers_sent() || !@is_readable($filename)) {
trigger_error('UNABLE_TO_DELIVER_FILE');
}
/*
Correct the mime type - we force application/octetstream for all files, except images
Please do not change this, it is a security precaution
*/
if (strpos($attachment['mimetype'], 'image') !== 0) {
$attachment['mimetype'] = strpos(strtolower($_CLASS['core_user']->browser), 'msie') !== false || strpos(strtolower($_CLASS['core_user']->browser), 'opera') !== false ? 'application/octetstream' : 'application/octet-stream';
}
/* Clean all output buffers */
if (@ob_get_length()) {
while (@ob_end_clean()) {
}
}
header('Content-Encoding: ');
/* Send out required headers */
header('Pragma: public');
// Try X-Sendfile since it is much more server friendly - only works if the path is *not* outside of the root path...
// lighttpd has core support for it. An apache2 module is available at http://celebnamer.celebworld.ws/stuff/mod_xsendfile/
if (strpos($upload_dir, '/') !== 0 && strpos($upload_dir, '../') === false && (!SITE_ROOT || (strpos($upload_dir, SITE_ROOT) || @file_exists(SITE_ROOT . $filename)))) {
header('X-Sendfile: ' . $filename);
}
header('Content-Type: ' . $attachment['mimetype'] . '; name="' . $attachment['real_filename'] . '"');
header('Content-Disposition: ' . (strpos($attachment['mimetype'], 'image') === 0 ? 'inline' : 'attachment') . '; filename="' . $attachment['real_filename'] . '"');
/* Now send the File Contents to the Browser */
$size = @filesize($filename);
if ($size) {
header('Content-Length: ' . $size);
}
$result = @readfile($filename);
if (!$result) {
trigger_error('Unable to deliver file.<br />Error was: ' . $php_errormsg, E_USER_WARNING);
}
script_close(false);
}
function display_footer($save = true)
{
global $_CLASS, $_CORE_MODULE, $_CORE_CONFIG;
if ($this->displayed['footer']) {
return;
}
if (!$this->displayed['header']) {
script_close($save);
}
if ($_CORE_MODULE = $this->get_module()) {
require SITE_FILE_ROOT . 'modules/' . $_CORE_MODULE['module_name'] . '/index.php';
}
$this->displayed['footer'] = true;
if ($this->homepage) {
$_CLASS['core_blocks']->display(BLOCK_BOTTOM);
}
$_CLASS['core_blocks']->display(BLOCK_MESSAGE_BOTTOM);
if ($this->displayed['header']) {
$this->theme->theme_footer();
}
script_close($save);
}
function display_footer($save = true)
{
global $_CLASS, $_CORE_MODULE, $_CORE_CONFIG;
if ($this->displayed['footer']) {
return;
}
if (!$this->displayed['header']) {
script_close($save);
}
if ($this->generate_page()) {
return;
}
$this->displayed['footer'] = true;
$_CLASS['core_blocks']->generate(BLOCK_BOTTOM);
$_CLASS['core_blocks']->generate(BLOCK_MESSAGE_BOTTOM);
if ($this->displayed['header']) {
$this->theme->theme_footer();
}
script_close($save);
}
