function generate_smilies($mode, $forum_id) { global $_CLASS; // add option for all smiles in window $display_link = false; $mode = $mode == 'window' ? 'window' : 'inline'; if ($mode == 'inline') { $sql = 'SELECT smiley_id FROM ' . SMILIES_TABLE . ' WHERE smiley_type = 1'; $result = $_CLASS['core_db']->query_limit($sql, 1, 0); if ($row = $_CLASS['core_db']->fetch_row_assoc($result)) { $display_link = true; } $_CLASS['core_db']->free_result($result); } if (is_null($smiley = $_CLASS['core_cache']->get('smiley_' . $mode))) { $smiley = array(); $sql = 'SELECT * FROM ' . SMILIES_TABLE . ' WHERE smiley_type =' . ($mode == 'inline' ? '0' : '1') . ' ORDER BY smiley_order'; $result = $_CLASS['core_db']->query($sql); while ($row = $_CLASS['core_db']->fetch_row_assoc($result)) { $smiley[] = array('SMILEY_CODE' => $row['smiley_code'], 'SMILEY_IMG' => $row['smiley_src'], 'SMILEY_WIDTH' => $row['smiley_width'], 'SMILEY_HEIGHT' => $row['smiley_height'], 'SMILEY_DESC' => $row['smiley_description']); } $_CLASS['core_cache']->put('smiley_' . $mode, $smiley); $_CLASS['core_db']->free_result($result); } $_CLASS['core_template']->assign('smiley', $smiley); if ($mode == 'inline') { $_CLASS['core_template']->assign_array(array('S_SHOW_SMILEY_LINK' => $display_link ? true : false, 'U_MORE_SMILIES' => generate_link('Forums&file=posting&mode=smilies&f=' . $forum_id))); } if ($mode == 'window') { global $config; $_CLASS['core_template']->assign('T_SMILIES_PATH', "{$config['smilies_path']}/"); $_CLASS['core_template']->display('modules/Forums/posting_smilies.html'); script_close(); } }
} $path = str_replace('install/', '', $path); $domain = empty($_SERVER['SERVER_NAME']) ? $_SERVER['HTTP_HOST'] : $_SERVER['SERVER_NAME']; $_CLASS['core_template']->assign_array(array('site_name' => 'New CMS Site', 'site_domain' => $domain, 'site_path' => $path, 'site_port' => $_SERVER['SERVER_PORT'] == 80 ? '' : $_SERVER['SERVER_PORT'], 'cookie_domain' => $domain, 'cookie_path' => $path, 'cookie_name' => 'cms', 'username' => '', 'password' => '', 'password_confirm' => '', 'email' => '', 'email_confirm' => '', 'error' => empty($error) ? false : implode('<br/>', $error), 'config_content' => $config_data)); $_CLASS['core_template']->display('installer/stage3.html'); script_close(); } } } if ($stage === 2) { if (isset($_POST['test']) && empty($error)) { $error[] = 'Database Setting Perfect :-)'; } $_CLASS['core_template']->assign_array(array('database_options' => $database_options, 'error' => empty($error) ? false : implode('<br/>', $error), 'server' => isset($site_db['server']) ? $site_db['server'] : 'localhost', 'port' => isset($site_db['port']) ? $site_db['port'] : '', 'database' => isset($site_db['database']) ? $site_db['database'] : '', 'username' => isset($site_db['username']) ? $site_db['username'] : '', 'password' => isset($site_db['password']) ? $site_db['password'] : '', 'file' => isset($site_db['file']) ? $site_db['file'] : '', 'table_prefix' => get_variable('table_prefix', 'POST', 'cms_'), 'user_prefix' => get_variable('user_prefix', 'POST', 'cms_'))); $_CLASS['core_template']->display('installer/stage2.html'); script_close(); } if ($stage === 1) { $gd_info = gd_info(); $continue = true; if (!($compatible = version_compare(PHP_VERSION, '4.2.0', '>='))) { $continue = false; } $_CLASS['core_template']->assign_array(array('error' => false, 'magic_quotes_gpc' => (bool) ini_get('magic_quotes_gpc') === false, 'output_buffering' => (int) ini_get('output_buffering') === 0, 'register_globals' => (bool) ini_get('register_globals') === false, 'safe_mode' => (bool) ini_get('safe_mode') === false, 'php_version' => PHP_VERSION, 'workable_Version' => $compatible, 'recommended_Version' => version_compare(PHP_VERSION, '4.3.0', '>='), 'mbstring' => extension_loaded('mbstring'), 'zlib' => extension_loaded('zlib'), 'gd' => extension_loaded('gd'), 'gd_version' => $gd_info['GD Version'], 'continue' => $continue)); $_CLASS['core_template']->display('installer/stage1.html'); script_close(); } if (!$stage) { $_CLASS['core_template']->display('installer/agreement.html'); script_close(); }
function do_login($login_options, $template) { global $_CLASS, $_CORE_CONFIG; $error = ''; $login_array = array('redirect' => false, 'explain' => false, 'success' => '', 'admin_login' => false, 'full_login' => true, 'full_screen' => false); if (is_array($login_options)) { $login_array = array_merge($login_array, $login_options); } if (isset($_POST['login'])) { $user_name = get_variable('username', 'POST'); $user_password = get_variable('password', 'POST'); if (!$user_name || !$user_password) { $error = 'INCOMPLETE_LOGIN_INFO'; } if (!$error && $_CORE_CONFIG['user']['enable_confirm']) { $code = $_CLASS['core_user']->session_data_get('confirmation_code'); $confirm_code = get_variable('confirm_code', 'POST', false); if (!$code || !$confirm_code || $code !== $confirm_code) { // $error = 'CONFIRM_CODE_WRONG'; } } if (!$error) { $result = $this->user_auth($user_name, $user_password); if (is_numeric($result)) { $_CLASS['core_user']->login($result, $login_array['admin_login'], !empty($_POST['hidden']), !empty($_POST['auto_login'])); $login_array['redirect'] = generate_link(get_variable('redirect', 'POST', $login_array['redirect']), array('admin' => $login_array['admin_login'])); $_CLASS['core_display']->meta_refresh(5, $login_array['redirect']); $message = ($login_array['success'] ? $_CLASS['core_user']->get_lang($login_array['success']) : $_CLASS['core_user']->lang['LOGIN_REDIRECT']) . '<br /><br />' . sprintf($_CLASS['core_user']->lang['RETURN_PAGE'], '<a href="' . $login_array['redirect'] . '">', '</a> '); trigger_error($message); } $error = is_string($result) ? $result : 'LOGIN_ERROR'; } } if (!$login_array['redirect']) { $login_array['redirect'] = htmlspecialchars($_CLASS['core_user']->url); } $s_hidden_fields = '<input type="hidden" name="redirect" value="' . $login_array['redirect'] . '" />'; if ($_CORE_CONFIG['user']['enable_confirm']) { $confirm_image = '<img src="' . generate_link('system&mode=confirmation_image') . '" alt="" title="" />'; $_CLASS['core_user']->session_data_set('confirmation_code', generate_string(6)); } else { $confirm_image = false; } $_CLASS['core_template']->assign_array(array('LOGIN_ERROR' => $_CLASS['core_user']->get_lang($error), 'LOGIN_EXPLAIN' => $_CLASS['core_user']->get_lang($login_array['explain']), 'U_SEND_PASSWORD' => $_CORE_CONFIG['email']['email_enable'] ? generate_link('Control_Panel&mode=sendpassword') : '', 'U_RESEND_ACTIVATION' => $_CORE_CONFIG['user']['activation'] != USER_ACTIVATION_NONE && $_CORE_CONFIG['email']['email_enable'] ? generate_link('Control_Panel&mode=resend_act') : '', 'U_TERMS_USE' => generate_link('Control_Panel&mode=terms'), 'U_PRIVACY' => generate_link('Control_Panel&mode=privacy'), 'U_REGISTER' => generate_link('Control_Panel&mode=register'), 'U_CONFIRM_IMAGE' => $confirm_image, 'USERNAME' => isset($data['user_name']) ? $data['user_name'] : '', 'S_DISPLAY_FULL_LOGIN' => $login_array['full_login'], 'S_LOGIN_ACTION' => !$login_array['admin_login'] ? generate_link($_CLASS['core_user']->url) : generate_link(false, array('admin' => true)), 'S_HIDDEN_FIELDS' => $s_hidden_fields)); if (!$template && $login_array['full_screen']) { $template = 'login_body_full.html'; } $_CLASS['core_template']->display($template ? $template : 'login_body.html'); script_close(); }
function redirect($url = false, $save = false) { $url = $url ? str_replace('&', '&', $url) : generate_link(); if (preg_match('#Microsoft|WebSTAR|Xitami#', $_SERVER['SERVER_SOFTWARE'])) { header('Refresh: 0; url=' . $url); } else { header('Location: ' . $url); } header('P3P: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"'); header('Cache-Control: private, pre-check=0, post-check=0, max-age=0'); header('Expires: 0'); header('Pragma: no-cache'); echo '<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <meta http-equiv="refresh" content="0; url=' . $url . '"> <title>Redirect</title> </head> <body> <div align="center"><a href="' . $url . '">Click here to continue</a></div> </body> </html>'; script_close($save); }
FROM ' . FORUMS_TOPICS_TABLE . ' t LEFT JOIN ' . FORUMS_FORUMS_TABLE . " f ON (f.forum_id = t.forum_id)\n\t\t\tWHERE t.topic_id = {$topic_id}"; break; case 'quote': case 'edit': case 'delete': if (!$post_id) { trigger_error('NO_POST'); } $sql = 'SELECT f.*, t.*, p.*, u.username, u.user_sig, u.user_sig_bbcode_uid, u.user_sig_bbcode_bitfield FROM ' . FORUMS_POSTS_TABLE . ' p, ' . USERS_TABLE . ' u , ' . FORUMS_TOPICS_TABLE . ' t LEFT JOIN ' . FORUMS_FORUMS_TABLE . " f ON (f.forum_id = t.forum_id)\n\t\t\tWHERE p.post_id = {$post_id}\n\t\t\t\tAND t.topic_id = p.topic_id\n\t\t\t\tAND u.user_id = p.poster_id"; break; case 'smilies': require_once $site_file_root . 'includes/forums/functions_posting.php'; generate_smilies('window', $forum_id); script_close(false); break; default: trigger_error('NO_POST_MODE'); break; } $result = $_CLASS['core_db']->query($sql); $posting_data = $_CLASS['core_db']->fetch_row_assoc($result); $_CLASS['core_db']->free_result($result); if (!$posting_data) { trigger_error('NO_POST'); } require_once $site_file_root . 'includes/forums/message_parser.php'; require_once $site_file_root . 'includes/forums/functions_admin.php'; require_once $site_file_root . 'includes/forums/functions_posting.php'; // remove
function ucp_register($id, $mode) { global $site_file_root, $config, $_CLASS, $_CORE_CONFIG; $coppa = isset($_REQUEST['coppa']) ? (int) $_REQUEST['coppa'] : null; $submit = isset($_POST['submit']); if ($_CORE_CONFIG['user']['activation'] == USER_ACTIVATION_DISABLE || ($coppa || $_CORE_CONFIG['user']['activation'] == USER_ACTIVATION_SELF || $_CORE_CONFIG['user']['activation'] == USER_ACTIVATION_ADMIN) && !$_CORE_CONFIG['email']['email_enable']) { trigger_error('UCP_REGISTER_DISABLE'); } $_CLASS['core_template']->assign('S_UCP_ACTION', generate_link('Control_Panel&mode=register')); $error = $data = array(); $s_hidden_fields = ''; if (!isset($_POST['agreed'])) { if ($_CORE_CONFIG['user']['coppa_enable'] && is_null($coppa)) { $now = explode(':', gmdate('m:j:Y')); $coppa_birthday = $_CLASS['core_user']->format_date(mktime(12, 0, 0, $now[0], $now[1], $now[2] - 13), 'D M d, Y'); $_CLASS['core_template']->assign_array(array('L_COPPA_NO' => sprintf($_CLASS['core_user']->lang['UCP_COPPA_BEFORE'], $coppa_birthday), 'L_COPPA_YES' => sprintf($_CLASS['core_user']->lang['UCP_COPPA_ON_AFTER'], $coppa_birthday), 'U_COPPA_NO' => generate_link('Control_Panel&mode=register&coppa=0'), 'U_COPPA_YES' => generate_link('Control_Panel&mode=register&coppa=1'), 'S_SHOW_COPPA' => true, 'S_HIDDEN_FIELDS' => $s_hidden_fields, 'S_REGISTER_ACTION' => generate_link('Control_Panel&mode=register'))); } else { $s_hidden_fields .= '<input type="hidden" name="coppa" value="' . $coppa . '" />'; $_CLASS['core_template']->assign_array(array('S_SHOW_COPPA' => false, 'S_HIDDEN_FIELDS' => $s_hidden_fields, 'S_REGISTER_ACTION' => generate_link('Control_Panel&mode=register'))); } $this->display($_CLASS['core_user']->lang['REGISTER'], 'ucp_agreement.html'); script_close(); } if ($submit) { require_once $site_file_root . 'includes/functions_user.php'; $error = array(); $username = get_variable('username', 'POST', false); $password = get_variable('password', 'POST', false); $email = get_variable('email', 'POST', false); $email_confirm = get_variable('email_confirm', 'POST', ''); //when we add this make sure to confirm that it's one of the installed langs $lang = $_CORE_CONFIG['global']['default_lang']; $tz = get_variable('tz', 'POST', false); if (strpos($username, "\n")) { die; } $username_validate = validate_username($username); if ($username_validate !== true) { $error[] = $_CLASS['core_user']->get_lang($username_validate); } if (!$password || $password !== get_variable('password_confirm', 'POST', '')) { $error[] = $_CLASS['core_user']->get_lang('PASSWORD_ERROR'); } if (!$email || $email !== $email_confirm) { $error[] = $_CLASS['core_user']->get_lang('EMAIL_ERROR'); } elseif (!check_email($email)) { $error[] = $_CLASS['core_user']->get_lang('EMAIL_INVALID'); } if (!$tz || !in_array($tz, tz_array())) { $tz = null; } if ($_CORE_CONFIG['user']['enable_confirm']) { $confirmation_code = $_CLASS['core_user']->session_data_get('confirmation_code'); $confirm_code = trim(get_variable('confirm_code', 'POST', false)); if (!$confirm_code || !$confirmation_code || $confirm_code != $confirmation_code) { $error[] = $_CLASS['core_user']->get_lang('CONFIRM_CODE_WRONG'); } // we don't need this any more $_CLASS['core_user']->user_data_kill('confirmation_code'); } if (empty($error)) { $password = encode_password($password, $_CORE_CONFIG['user']['password_encoding']); if (!$password) { //do some admin contact thing here die('Activation disabled: Passwaord encoding problem'); } if ($coppa || $_CORE_CONFIG['user']['activation'] == USER_ACTIVATION_SELF || $_CORE_CONFIG['user']['activation'] == USER_ACTIVATION_ADMIN) { if (!$_CORE_CONFIG['email']['email_enable']) { //do some admin contact thing here die('Activation disabled: Email Disabled'); } $user_status = STATUS_PENDING; $user_act_key = generate_string(10); if ($coppa) { $message = $_CLASS['core_user']->lang['ACCOUNT_COPPA']; $email_template = 'coppa_welcome_inactive'; } elseif ($_CORE_CONFIG['user']['activation'] == USER_ACTIVATION_SELF) { $message = $_CLASS['core_user']->lang['ACCOUNT_INACTIVE']; $email_template = 'user_welcome_inactive'; } elseif ($_CORE_CONFIG['user']['activation'] == USER_ACTIVATION_ADMIN) { $message = $_CLASS['core_user']->lang['ACCOUNT_INACTIVE_ADMIN']; $email_template = 'admin_welcome_inactive'; } } else { $user_status = STATUS_ACTIVE; $user_act_key = null; $email_template = 'user_welcome'; $message = $_CLASS['core_user']->lang['ACCOUNT_ADDED']; } $data = array('username' => (string) $username, 'user_email' => (string) $email, 'user_group' => $coppa ? 3 : 2, 'user_reg_date' => (int) $_CLASS['core_user']->time, 'user_timezone' => (string) $tz, 'user_password' => (string) $password, 'user_password_encoding' => (string) $_CORE_CONFIG['user']['password_encoding'], 'user_lang' => $lang ? (string) $lang : null, 'user_type' => USER_NORMAL, 'user_status' => (int) $user_status, 'user_act_key' => (string) $user_act_key, 'user_ip' => (string) $_CLASS['core_user']->ip); user_add($data); if ($data['user_status'] === STATUS_ACTIVE) { set_core_config('user', 'newest_user_id', $data['user_id'], false); set_core_config('user', 'newest_username', $data['username'], false); set_core_config('user', 'total_users', $_CORE_CONFIG['user']['total_users'] + 1, false); } require_once $site_file_root . 'includes/mailer.php'; $mailer = new core_mailer(); $mailer->to($email, $username); $mailer->subject($subject); $_CLASS['core_template']->assign_array(array('SITENAME' => $_CORE_CONFIG['global']['site_name'], 'WELCOME_MSG' => sprintf($_CLASS['core_user']->lang['WELCOME_SUBJECT'], $_CORE_CONFIG['global']['site_name']), 'USERNAME' => $username, 'PASSWORD' => $password, 'EMAIL_SIG' => '', 'U_ACTIVATE' => generate_link('system&mode=activate&user_id=' . $data['user_id'] . '&key=' . $user_act_key, array('sid' => false, 'full' => true)))); if ($coppa) { $_CLASS['core_template']->assign_array(array('FAX_INFO' => $_CORE_CONFIG['user']['coppa_fax'], 'MAIL_INFO' => $_CORE_CONFIG['user']['coppa_mail'], 'EMAIL_ADDRESS' => $email, 'SITENAME' => $_CORE_CONFIG['global']['site_name'])); } $mailer->message = trim($_CLASS['core_template']->display('modules/Control_Panel/email/' . $email_template, true)); $mailer->send(); $message = $message . '<br /><br />' . sprintf($_CLASS['core_user']->lang['RETURN_INDEX'], '<a href="' . generate_link() . '">', '</a>'); trigger_error($message); } } $s_hidden_fields .= '<input type="hidden" name="coppa" value="' . $coppa . '" />'; $s_hidden_fields .= '<input type="hidden" name="agreed" value="true" />'; if ($_CORE_CONFIG['user']['enable_confirm']) { $_CLASS['core_user']->session_data_set('confirmation_code', generate_string(6)); $confirm_image = '<img src="' . generate_link('system&mode=confirmation_image') . '" alt="" title="" />'; } else { $confirm_image = false; } if ($submit) { if ($_CORE_CONFIG['user']['max_reg_attempts']) { $attempts = (int) $_CLASS['core_user']->session_data_get('reg_attempts', 0); if ($attempts > $_CORE_CONFIG['user']['max_reg_attempts']) { trigger_error($_CLASS['core_user']->lang['TOO_MANY_REGISTERS']); } $_CLASS['core_user']->session_data_get('reg_attempts', $attempts + 1); } } switch ($_CORE_CONFIG['user']['activation']) { case USER_ACTIVATION_SELF: $l_reg_cond = $_CLASS['core_user']->lang['UCP_EMAIL_ACTIVATE']; break; case USER_ACTIVATION_ADMIN: $l_reg_cond = $_CLASS['core_user']->lang['UCP_ADMIN_ACTIVATE']; break; default: $l_reg_cond = ''; break; } $user_char_ary = array('.*' => 'USERNAME_CHARS_ANY', '[\\w]+' => 'USERNAME_ALPHA_ONLY', '[\\w_\\+\\. \\-\\[\\]]+' => 'USERNAME_ALPHA_SPACERS'); $_CLASS['core_template']->assign_array(array('ERROR' => empty($error) ? false : implode('<br />', $error), 'USERNAME' => isset($username) ? $username : '', 'PASSWORD' => isset($password) ? $password : '', 'EMAIL' => isset($email) ? $email : '', 'EMAIL_CONFIRM' => isset($email_confirm) ? $email_confirm : '', 'CONFIRM_IMG' => $confirm_image, 'SELECT_TZ' => select_tz(isset($tz) ? $tz : $_CORE_CONFIG['global']['default_timezone']), 'L_CONFIRM_EXPLAIN' => sprintf($_CLASS['core_user']->lang['CONFIRM_EXPLAIN'], '<a href="mailto:' . htmlentities($config['board_contact']) . '">', '</a>'), 'L_ITEMS_REQUIRED' => $l_reg_cond, 'L_USERNAME_EXPLAIN' => sprintf($_CLASS['core_user']->lang[$user_char_ary[$_CORE_CONFIG['user']['allow_name_chars']] . '_EXPLAIN'], $_CORE_CONFIG['user']['min_name_chars'], $_CORE_CONFIG['user']['max_name_chars']), 'L_NEW_PASSWORD_EXPLAIN' => sprintf($_CLASS['core_user']->lang['NEW_PASSWORD_EXPLAIN'], $_CORE_CONFIG['user']['min_pass_chars'], $_CORE_CONFIG['user']['max_pass_chars']), 'S_COPPA' => $coppa, 'S_HIDDEN_FIELDS' => $s_hidden_fields, 'S_UCP_ACTION' => generate_link("Control_Panel&mode=register"))); $this->display($_CLASS['core_user']->lang['REGISTER'], 'ucp_register.html'); }
function sql_error($backtrace, $return = false) { if ($return) { return array('message' => @mysql_error(), 'code' => @mysql_errno()); } if (!$this->report_error) { return; } $message = '<br clear="all"/><table><tr><td><u>SQL ERROR</u><br /><br />' . @mysql_error() . '<br /><br />File:<br/><br/>' . $backtrace['file'] . '<br /><br />Line:<br /><br />' . $backtrace['line'] . '<br /><br /><u>CALLING PAGE</u><br /><br />' . ($sql ? '<br /><br /><u>SQL</u><br /><br />' . $this->last_query : '') . '<br /></td></tr></table>'; if ($this->in_transaction) { $this->transaction('rollback'); } trigger_error($message, E_USER_ERROR); script_close(false); }
function error_handler($errtype, $error, $errfile, $errline) { global $_CLASS, $site_file_root, $_CORE_CONFIG; if ($this->report != ERROR_NONE) { echo $error; //damn windows $errfile = str_replace('\\', '/', $errfile); // Remove the root paths, site files, along with document root $errfile = str_replace($site_file_root, '', str_replace($_SERVER['DOCUMENT_ROOT'], '', $errfile)); } switch ($errtype) { case E_NOTICE: case E_WARNING: if (!$this->report) { return; } $errtype = $errtype == E_NOTICE ? 'E_NOTICE' : 'E_WARNING'; $this->error = array('type' => $errtype, 'error' => $error, 'file' => $errfile, 'line' => $errline); $this->format_error($errtype); $this->error_setting = array('title', 'redirect'); break; case E_USER_ERROR: $code = false; if (mb_strpos($error, ':')) { list($code, $error) = explode(':', $error, 2); if (!is_numeric($code)) { $error = $code . ':' . $error; } else { $header_array = array(404 => 'HTTP/1.0 404 Not Found', 503 => 'HTTP/1.0 503 Service Unavailable'); settype($code, 'integer'); if (!empty($header_array[$code])) { header($header_array[$code]); } } } if (isset($_CLASS['core_user'])) { $_CLASS['core_user']->user_setup(); $error = !empty($_CLASS['core_user']->lang[$error]) ? $_CLASS['core_user']->lang[$error] : $error; } $_CLASS['core_template']->assign('MESSAGE_TEXT', $error); if (isset($_CLASS['core_display'])) { $_CLASS['core_display']->display(false, 'error.html'); } $_CLASS['core_template']->display('error.html'); script_close(); break; case E_USER_NOTICE: $_CLASS['core_user']->user_setup(); $this->error_setting['title'] = empty($_CLASS['core_user']->lang[$this->error_setting['title']]) ? $this->error_setting['title'] : $_CLASS['core_user']->lang[$this->error_setting['title']]; $error = empty($_CLASS['core_user']->lang[$error]) ? $error : $_CLASS['core_user']->lang[$error]; $_CLASS['core_template']->assign_array(array('MESSAGE_TITLE' => $this->error_setting['title'], 'MESSAGE_TEXT' => $error)); $this->error_setting = array('title', 'redirect'); if (isset($_CLASS['core_display'])) { $_CLASS['core_display']->display($this->error_setting['title'], 'message.html'); } $_CLASS['core_template']->display('message.html'); script_close(); break; } }
function login($id = ANONYMOUS, $admin_login = false, $hidden = false, $auto_log = false) { global $_CLASS; settype($id, 'int'); if ($bot = check_bot_status($this->browser, $this->ip)) { $id = $bot; } if (!$this->can_create()) { if (!$bot) { $this->user_setup(); trigger_error('SITE_TEMP_UNAVAILABLE', E_USER_ERROR); } header('HTTP/1.0 503 Service Unavailable'); script_close(false); } $result = $_CLASS['core_db']->query('SELECT * FROM ' . USERS_TABLE . ' WHERE user_id = ' . $id); $this->data = $_CLASS['core_db']->fetch_row_assoc($result); $_CLASS['core_db']->free_result($result); if (!$this->data) { die('Installlation problem'); // Error here, however this happen } $this->is_user = !$bot && $this->data['user_type'] == USER_NORMAL; $this->is_bot = $bot; if (isset($_CLASS['core_auth'])) { unset($_CLASS['core_auth']); } load_class(false, 'core_auth', 'auth_db'); $this->data['session_admin'] = ADMIN_NOT_ADMIN; if (!$this->is_bot && $_CLASS['core_auth']->admin_auth()) { $this->data['session_admin'] = $admin_login ? ADMIN_IS_ADMIN : ADMIN_NOT_LOGGED; } $this->is_admin = $this->data['session_admin'] === ADMIN_IS_ADMIN; $this->data['session_hidden'] = $hidden; $this->session_create($auto_log); }
function display($page_title, $tpl_name) { global $_CLASS; page_header(); $_CLASS['core_template']->display('modules/Control_Panel/' . $tpl_name); script_close(); }
function login_forum_box($forum_data) { global $config, $_CLASS; $sql = 'SELECT forum_id FROM ' . FORUMS_ACCESS_TABLE . "\n\t\tWHERE forum_id = '" . $forum_data['forum_id'] . "'\n\t\t\tAND user_id = '" . $_CLASS['core_user']->data['user_id'] . "'\n\t\t\tAND session_id = '" . $_CLASS['core_user']->session_id . "'"; $result = $_CLASS['core_db']->query($sql); if ($row = $_CLASS['core_db']->fetch_row_assoc($result)) { $_CLASS['core_db']->free_result($result); return true; } $_CLASS['core_db']->free_result($result); $password = request_var('password', ''); if ($password) { // Remove expired authorised sessions $sql = 'SELECT session_id FROM ' . SESSIONS_TABLE; $result = $_CLASS['core_db']->query($sql); if ($row = $_CLASS['core_db']->fetch_row_assoc($result)) { $sql_in = array(); do { $sql_in[] = "'" . $_CLASS['core_db']->escape($row['session_id']) . "'"; } while ($row = $_CLASS['core_db']->fetch_row_assoc($result)); $sql = 'DELETE FROM ' . FORUMS_ACCESS_TABLE . ' WHERE session_id NOT IN (' . implode(', ', $sql_in) . ')'; $_CLASS['core_db']->query($sql); } $_CLASS['core_db']->free_result($result); if ($password == $forum_data['forum_password']) { $sql = 'INSERT INTO ' . FORUMS_ACCESS_TABLE . ' (forum_id, user_id, session_id) VALUES (' . $forum_data['forum_id'] . ', ' . $_CLASS['core_user']->data['user_id'] . ", '" . $_CLASS['core_db']->escape($_CLASS['core_user']->session_id) . "')"; $_CLASS['core_db']->query($sql); return true; } $_CLASS['core_template']->assign('LOGIN_ERROR', $_CLASS['core_user']->lang['WRONG_PASSWORD']); } page_header(); $_CLASS['core_template']->display('modules/forums/login_forum.html'); script_close(); }
function compose_pm($id, $mode, $action) { global $_CLASS, $site_file_root, $config; if (!$action) { $action = 'post'; } $_CLASS['core_template']->assign(array('S_DISPLAY_FORM' => false, 'S_DRAFT_LOADED' => false, 'S_SHOW_DRAFTS' => false, 'S_POST_REVIEW' => false, 'S_INLINE_ATTACHMENT_OPTIONS' => false, 'S_EDIT_REASON' => false, 'S_HAS_ATTACHMENTS' => false, 'to_recipient' => false, 'bcc_recipient' => false, 'S_DISPLAY_HISTORY' => false, 'S_DISPLAY_PREVIEW' => false)); // Grab only parameters needed here $to_user_id = request_var('u', 0); $to_group_id = request_var('g', 0); $msg_id = request_var('p', 0); $quote_post = request_var('q', 0); $draft_id = request_var('d', 0); $lastclick = request_var('lastclick', 0); $message_text = $subject = ''; // Do NOT use request_var or specialchars here $address_list = isset($_REQUEST['address_list']) ? $_REQUEST['address_list'] : array(); $submit = isset($_POST['post']); $preview = isset($_POST['preview']); $save = isset($_POST['save']); $load = isset($_POST['load']); $cancel = isset($_POST['cancel']); $confirm = isset($_POST['confirm']); $delete = isset($_POST['delete']); $remove_u = isset($_REQUEST['remove_u']); $remove_g = isset($_REQUEST['remove_g']); $add_to = isset($_REQUEST['add_to']); $add_bcc = isset($_REQUEST['add_bcc']); $refresh = isset($_POST['add_file']) || isset($_POST['delete_file']) || isset($_POST['edit_comment']) || $save || $load || $remove_u || $remove_g || $add_to || $add_bcc; $action = $delete && !$preview && !$refresh && $submit ? 'delete' : $action; $error = array(); $current_time = gmtime(); // Was cancel pressed? If so then redirect to the appropriate page if ($cancel || $current_time - $lastclick < 2 && $submit) { $redirect = generate_link("Control_Panel&i={$id}&mode=view_messages&action=view_message" . ($msg_id ? "&p={$msg_id}" : '')); redirect($redirect); } if ($action == 'forward' && (!$config['forward_pm'] || !$_CLASS['auth']->acl_get('u_pm_forward'))) { trigger_error('NO_AUTH_FORWARD_MESSAGE'); } if ($action == 'edit' && !$_CLASS['auth']->acl_get('u_pm_edit')) { trigger_error('NO_AUTH_EDIT_MESSAGE'); } $sql = ''; // What is all this following SQL for? Well, we need to know // some basic information in all cases before we do anything. switch ($action) { case 'post': if (!$_CLASS['auth']->acl_get('u_sendpm')) { trigger_error('NO_AUTH_SEND_MESSAGE'); } break; case 'reply': case 'quote': case 'forward': if (!$msg_id) { trigger_error('NO_MESSAGE'); } if (!$_CLASS['auth']->acl_get('u_sendpm')) { trigger_error('NO_AUTH_SEND_MESSAGE'); } if ($quote_post) { $sql = 'SELECT p.post_text as message_text, p.poster_id as author_id, p.post_time as message_time, p.bbcode_bitfield, p.bbcode_uid, p.enable_sig, p.enable_html, p.enable_smilies, p.enable_magic_url, t.topic_title as message_subject, u.username as quote_username FROM ' . FORUMS_POSTS_TABLE . ' p, ' . FORUMS_TOPICS_TABLE . ' t, ' . USERS_TABLE . " u\n\t\t\t\t\tWHERE p.post_id = {$msg_id}\n\t\t\t\t\t\tAND t.topic_id = p.topic_id\n\t\t\t\t\t\tAND u.user_id = p.poster_id"; } else { $sql = 'SELECT t.*, p.*, u.username as quote_username FROM ' . FORUMS_PRIVMSGS_TO_TABLE . ' t, ' . FORUMS_PRIVMSGS_TABLE . ' p, ' . USERS_TABLE . ' u WHERE t.user_id = ' . $_CLASS['core_user']->data['user_id'] . "\n\t\t\t\t\t\tAND p.author_id = u.user_id\n\t\t\t\t\t\tAND t.msg_id = p.msg_id\n\t\t\t\t\t\tAND p.msg_id = {$msg_id}"; } break; case 'edit': if (!$msg_id) { trigger_error('NO_MESSAGE'); } // check for outbox (not read) status, we do not allow editing if one user already having the message $sql = 'SELECT p.*, t.* FROM ' . FORUMS_PRIVMSGS_TO_TABLE . ' t, ' . FORUMS_PRIVMSGS_TABLE . ' p WHERE t.user_id = ' . $_CLASS['core_user']->data['user_id'] . ' AND t.folder_id = ' . PRIVMSGS_OUTBOX . "\n\t\t\t\t\tAND t.msg_id = {$msg_id}\n\t\t\t\t\tAND t.msg_id = p.msg_id"; break; case 'delete': if (!$_CLASS['auth']->acl_get('u_pm_delete')) { trigger_error('NO_AUTH_DELETE_MESSAGE'); } if (!$msg_id) { trigger_error('NO_MESSAGE'); } $sql = 'SELECT msg_id, unread, new, author_id, folder_id FROM ' . FORUMS_PRIVMSGS_TO_TABLE . ' WHERE user_id = ' . $_CLASS['core_user']->data['user_id'] . "\n\t\t\t\t\tAND msg_id = {$msg_id}"; break; case 'smilies': require_once $site_file_root . 'includes/forums/functions_posting.php'; generate_smilies('window', 0); script_close(false); break; default: trigger_error('NO_ACTION_MODE'); break; } if ($sql) { $result = $_CLASS['core_db']->query_limit($sql, 1); if (!($row = $_CLASS['core_db']->fetch_row_assoc($result))) { trigger_error('NO_MESSAGE'); } extract($row); $_CLASS['core_db']->free_result($result); $msg_id = (int) $msg_id; $enable_urls = $enable_magic_url; if (!$author_id && $msg_id) { trigger_error('NO_AUTHOR'); } if (($action == 'reply' || $action == 'quote') && empty($address_list) && !$refresh && !$submit && !$preview) { $address_list = array('u' => array($author_id => 'to')); } elseif ($action == 'edit' && empty($address_list) && !$refresh && !$submit && !$preview) { // Rebuild TO and BCC Header $address_list = rebuild_header(array('to' => $to_address, 'bcc' => $bcc_address)); } $check_value = ($enable_html + 1 << 16) + ($enable_bbcode + 1 << 8) + ($enable_smilies + 1 << 4) + ($enable_urls + 1 << 2) + ($enable_sig + 1 << 1); } else { $message_attachment = 0; if ($to_user_id && $action == 'post') { $address_list['u'][$to_user_id] = 'to'; } else { if ($to_group_id && $action == 'post') { $address_list['g'][$to_group_id] = 'to'; } } $check_value = 0; } if (($to_group_id || isset($address_list['g'])) && !$config['allow_mass_pm']) { trigger_error('NO_AUTH_GROUP_MESSAGE'); } if ($action == 'edit' && !$refresh && !$preview && !$submit) { if (!($message_time > time() - $config['pm_edit_time'] || !$config['pm_edit_time'])) { trigger_error('CANNOT_EDIT_MESSAGE_TIME'); } } if (!isset($icon_id)) { $icon_id = 0; } require_once $site_file_root . 'includes/forums/functions_admin.php'; require_once $site_file_root . 'includes/forums/functions_posting.php'; require_once $site_file_root . 'includes/forums/message_parser.php'; $message_parser = new parse_message(); $message_subject = isset($message_subject) ? $message_subject : ''; $message_parser->message = $action == 'reply' ? '' : (isset($message_text) ? $message_text : ''); unset($message_text); $s_action = "Control_Panel&i={$id}&mode={$mode}&action={$action}"; $s_action .= $msg_id ? "&p={$msg_id}" : ''; $s_action .= $quote_post ? "&q=1" : ''; // Delete triggered ? if ($action == 'delete') { // Folder id has been determined by the SQL Statement // $folder_id = request_var('f', PRIVMSGS_NO_BOX); $s_hidden_fields = '<input type="hidden" name="p" value="' . $msg_id . '" /><input type="hidden" name="f" value="' . $folder_id . '" /><input type="hidden" name="action" value="delete" />'; // Do we need to confirm ? if (confirm_box(true)) { delete_pm($_CLASS['core_user']->data['user_id'], $msg_id, $folder_id); // TODO - jump to next message in "history"? $meta_info = generate_link('Control_Panel&i=pm&folder=' . $folder_id); $message = $_CLASS['core_user']->lang['MESSAGE_DELETED']; meta_refresh(3, $meta_info); $message .= '<br /><br />' . sprintf($_CLASS['core_user']->lang['RETURN_FOLDER'], '<a href="' . $meta_info . '">', '</a>'); trigger_error($message); } else { confirm_box(false, 'DELETE_MESSAGE', $s_hidden_fields); } } // Handle User/Group adding/removing handle_message_list_actions($address_list, $remove_u, $remove_g, $add_to, $add_bcc); // Check for too many recipients if (!$config['allow_mass_pm'] && num_recipients($address_list) > 1) { $address_list = get_recipient_pos($address_list, 1); $error[] = $_CLASS['core_user']->lang['TOO_MANY_RECIPIENTS']; } $message_parser->get_submitted_attachment_data(); if ($message_attachment && !$submit && !$refresh && !$preview && $action == 'edit') { $sql = 'SELECT attach_id, physical_filename, comment, real_filename, extension, mimetype, filesize, filetime, thumbnail FROM ' . FORUMS_ATTACHMENTS_TABLE . "\n\t\t\tWHERE post_msg_id = {$msg_id}\n\t\t\t\tAND in_message = 1\n\t\t\t\tORDER BY filetime " . (!$config['display_order'] ? 'DESC' : 'ASC'); $result = $_CLASS['core_db']->query($sql); $message_parser->attachment_data = array_merge($message_parser->attachment_data, $_CLASS['core_db']->fetch_row_assocset($result)); $_CLASS['core_db']->free_result($result); } if (!in_array($action, array('quote', 'edit', 'delete', 'forward'))) { $enable_sig = $config['allow_sig'] && $_CLASS['auth']->acl_get('u_sig') && $_CLASS['core_user']->optionget('attachsig'); $enable_smilies = $config['allow_smilies'] && $_CLASS['auth']->acl_get('u_pm_smilies') && $_CLASS['core_user']->optionget('smilies'); $enable_bbcode = $config['allow_bbcode'] && $_CLASS['auth']->acl_get('u_pm_bbcode') && $_CLASS['core_user']->optionget('bbcode'); $enable_urls = true; } $enable_magic_url = $drafts = false; // User own some drafts? if ($_CLASS['auth']->acl_get('u_savedrafts') && $action != 'delete') { $sql = 'SELECT draft_id FROM ' . FORUMS_DRAFTS_TABLE . ' WHERE (forum_id = 0 AND topic_id = 0) AND user_id = ' . $_CLASS['core_user']->data['user_id'] . ($draft_id ? " AND draft_id <> {$draft_id}" : ''); $result = $_CLASS['core_db']->query_limit($sql, 1); if ($_CLASS['core_db']->fetch_row_assoc($result)) { $drafts = true; } $_CLASS['core_db']->free_result($result); } if ($action == 'edit' || $action == 'forward') { $message_parser->bbcode_uid = $bbcode_uid; } $config['auth_bbcode_pm'] = true; $html_status = $config['allow_html'] && $config['auth_html_pm'] && $_CLASS['auth']->acl_get('u_pm_html'); $bbcode_status = $config['allow_bbcode'] && $config['auth_bbcode_pm'] && $_CLASS['auth']->acl_get('u_pm_bbcode'); $smilies_status = $config['allow_smilies'] && $config['auth_smilies_pm'] && $_CLASS['auth']->acl_get('u_pm_smilies'); $img_status = $config['auth_img_pm'] && $_CLASS['auth']->acl_get('u_pm_img'); $flash_status = $config['auth_flash_pm'] && $_CLASS['auth']->acl_get('u_pm_flash'); // Save Draft if ($save && $_CLASS['auth']->acl_get('u_savedrafts')) { $subject = request_var('subject', '', true); $subject = !$subject && $action != 'post' ? $_CLASS['core_user']->lang['NEW_MESSAGE'] : $subject; $message = request_var('message', '', true); if ($subject && $message) { $sql = 'INSERT INTO ' . FORUMS_DRAFTS_TABLE . ' ' . $_CLASS['core_db']->sql_build_array('INSERT', array('user_id' => $_CLASS['core_user']->data['user_id'], 'topic_id' => 0, 'forum_id' => 0, 'save_time' => $current_time, 'draft_subject' => $subject, 'draft_message' => $message)); $_CLASS['core_db']->query($sql); $_CLASS['core_display']->meta_refresh(3, generate_link('Control_Panel&i=pm&mode=' . $mode)); $message = $_CLASS['core_user']->lang['DRAFT_SAVED'] . '<br /><br />' . sprintf($_CLASS['core_user']->lang['RETURN_UCP'], '<a href="' . generate_link('Control_Panel&i=pm&mode=' . $mode) . '">', '</a>'); trigger_error($message); } unset($subject); unset($message); } // Load Draft if ($draft_id && $_CLASS['auth']->acl_get('u_savedrafts')) { $sql = 'SELECT draft_subject, draft_message FROM ' . FORUMS_DRAFTS_TABLE . " \n\t\t\tWHERE draft_id = {$draft_id}\n\t\t\t\tAND topic_id = 0\n\t\t\t\tAND forum_id = 0\n\t\t\t\tAND user_id = " . $_CLASS['core_user']->data['user_id']; $result = $_CLASS['core_db']->query_limit($sql, 1); if ($row = $_CLASS['core_db']->fetch_row_assoc($result)) { $_REQUEST['subject'] = $row['draft_subject']; $_REQUEST['message'] = $row['draft_message']; $refresh = true; $_CLASS['core_template']->assign('S_DRAFT_LOADED', true); } else { $draft_id = 0; } } // Load Drafts if ($load && $drafts) { load_drafts(0, 0, $id); } if ($submit || $preview || $refresh) { $subject = mb_strtolower(get_variable('subject', 'POST', '')); $message_parser->message = request_var('message', '', true); $icon_id = request_var('icon', 0); $enable_html = !$html_status || isset($_POST['disable_html']) ? false : true; $enable_bbcode = !$bbcode_status || isset($_POST['disable_bbcode']) ? false : true; $enable_smilies = !$smilies_status || isset($_POST['disable_smilies']) ? false : true; $enable_urls = isset($_POST['disable_magic_url']) ? 0 : 1; $enable_sig = !$config['allow_sig'] ? false : (isset($_POST['attach_sig']) ? true : false); if ($submit) { $status_switch = ($enable_html + 1 << 16) + ($enable_bbcode + 1 << 8) + ($enable_smilies + 1 << 4) + ($enable_urls + 1 << 2) + ($enable_sig + 1 << 1); $status_switch = $status_switch != $check_value; } else { $status_switch = 1; } // Parse Attachments - before checksum is calculated $message_parser->parse_attachments('fileupload', $action, 0, $submit, $preview, $refresh, true); // Grab md5 'checksum' of new message $message_md5 = md5($message_parser->message); // Check checksum ... don't re-parse message if the same $update_message = $action != 'edit' || $message_md5 != $post_checksum || $status_switch || $preview ? true : false; if ($update_message) { $message_parser->parse($enable_html, $enable_bbcode, $enable_urls, $enable_smilies, $img_status, $flash_status, true); } else { $message_parser->bbcode_bitfield = $bbcode_bitfield; } if ($action != 'edit' && !$preview && !$refresh && $config['flood_interval'] && !$_CLASS['auth']->acl_get('u_ignoreflood')) { // Flood check $last_post_time = $_CLASS['core_user']->data['user_last_post_time']; if ($last_post_time) { if ($last_post_time && $current_time - $last_post_time < intval($config['flood_interval'])) { $error[] = $_CLASS['core_user']->lang['FLOOD_ERROR']; } } } // Subject defined if (!$subject && !($remove_u || $remove_g || $add_to || $add_bcc)) { $error[] = $_CLASS['core_user']->lang['EMPTY_SUBJECT']; } if (empty($address_list)) { $error[] = $_CLASS['core_user']->lang['NO_RECIPIENT']; } if (!empty($message_parser->warn_msg) && !($remove_u || $remove_g || $add_to || $add_bcc)) { $error[] = implode('<br />', $message_parser->warn_msg); } // Store message, sync counters if (empty($error) && $submit) { $pm_data = array('msg_id' => (int) $msg_id, 'reply_from_root_level' => isset($root_level) ? (int) $root_level : 0, 'reply_from_msg_id' => (int) $msg_id, 'icon_id' => (int) $icon_id, 'enable_sig' => (bool) $enable_sig, 'enable_bbcode' => (bool) $enable_bbcode, 'enable_html' => (bool) $enable_html, 'enable_smilies' => (bool) $enable_smilies, 'enable_urls' => (bool) $enable_urls, 'message_md5' => (int) $message_md5, 'bbcode_bitfield' => (int) $message_parser->bbcode_bitfield, 'bbcode_uid' => $message_parser->bbcode_uid, 'message' => $message_parser->message, 'attachment_data' => $message_parser->attachment_data, 'filename_data' => $message_parser->filename_data, 'address_list' => $address_list); unset($message_parser); // ((!$message_subject) ? $subject : $message_subject) $msg_id = submit_pm($action, $subject, $pm_data, $update_message); $return_message_url = generate_link('Control_Panel&i=pm&mode=view_messages&action=view_message&p=' . $msg_id); $return_folder_url = generate_link('Control_Panel&i=pm&folder=outbox'); $_CLASS['core_display']->meta_refresh(3, $return_message_url); $message = $_CLASS['core_user']->lang['MESSAGE_STORED'] . '<br /><br />' . sprintf($_CLASS['core_user']->lang['VIEW_MESSAGE'], '<a href="' . $return_message_url . '">', '</a>') . '<br /><br />' . sprintf($_CLASS['core_user']->lang['CLICK_RETURN_FOLDER'], '<a href="' . $return_folder_url . '">', '</a>', $_CLASS['core_user']->lang['PM_OUTBOX']); trigger_error($message); } $message_subject = stripslashes($subject); } if (empty($error) && $preview) { $post_time = $action == 'edit' ? $post_time : $current_time; $preview_message = $message_parser->format_display($enable_html, $enable_bbcode, $enable_urls, $enable_smilies, false); $preview_signature = $_CLASS['core_user']->data['user_sig']; $preview_signature_uid = $_CLASS['core_user']->data['user_sig_bbcode_uid']; $preview_signature_bitfield = $_CLASS['core_user']->data['user_sig_bbcode_bitfield']; // Signature if ($enable_sig && $config['allow_sig'] && $preview_signature) { $parse_sig = new parse_message($preview_signature); $parse_sig->bbcode_uid = $preview_signature_uid; $parse_sig->bbcode_bitfield = $preview_signature_bitfield; $parse_sig->format_display($enable_html, $enable_bbcode, $enable_urls, $enable_smilies); $preview_signature = $parse_sig->message; unset($parse_sig); } else { $preview_signature = ''; } // Attachment Preview if (!empty($message_parser->attachment_data)) { require $site_file_root . 'includes/forums/functions_display.php'; $extensions = $update_count = array(); $_CLASS['core_template']->assign('S_HAS_ATTACHMENTS', true); display_attachments(0, 'attachment', $message_parser->attachment_data, $update_count, true); } $preview_subject = censor_text($subject); if (empty($error)) { $_CLASS['core_template']->assign(array('POST_DATE' => $_CLASS['core_user']->format_date($post_time), 'PREVIEW_SUBJECT' => $preview_subject, 'PREVIEW_MESSAGE' => $preview_message, 'PREVIEW_SIGNATURE' => $preview_signature, 'S_DISPLAY_PREVIEW' => true)); } unset($message_text); } // Decode text for message display $bbcode_uid = ($action == 'quote' || $action == 'forward') && !$preview && !$refresh && empty($error) ? $bbcode_uid : $message_parser->bbcode_uid; $message_parser->decode_message($bbcode_uid); if ($action == 'quote' && !$preview && !$refresh) { $message_parser->message = '[quote="' . $quote_username . '"]' . censor_text(trim($message_parser->message)) . "[/quote]\n"; } if (($action == 'reply' || $action == 'quote') && !$preview && !$refresh) { $message_subject = (!preg_match('/^Re:/', $message_subject) ? 'Re: ' : '') . censor_text($message_subject); } if ($action == 'forward' && !$preview && !$refresh) { $fwd_to_field = write_pm_addresses(array('to' => $to_address), 0, true); $forward_text = array(); $forward_text[] = $_CLASS['core_user']->lang['FWD_ORIGINAL_MESSAGE']; $forward_text[] = sprintf($_CLASS['core_user']->lang['FWD_SUBJECT'], censor_text($message_subject)); $forward_text[] = sprintf($_CLASS['core_user']->lang['FWD_DATE'], $_CLASS['core_user']->format_date($message_time)); $forward_text[] = sprintf($_CLASS['core_user']->lang['FWD_FROM'], $quote_username); $forward_text[] = sprintf($_CLASS['core_user']->lang['FWD_TO'], implode(', ', $fwd_to_field['to'])); $message_parser->message = implode("\n", $forward_text) . "\n\n[quote=\"[url=" . generate_link("Members_List&mode=viewprofile&u={$author_id}]{$quote_username}") . "[/url]\"]\n" . censor_text(trim($message_parser->message)) . "\n[/quote]"; $message_subject = (!preg_match('/^Fwd:/', $message_subject) ? 'Fwd: ' : '') . censor_text($message_subject); } $attachment_data = $message_parser->attachment_data; $filename_data = $message_parser->filename_data; $message_text = $message_parser->message; unset($message_parser); // MAIN PM PAGE BEGINS HERE // Generate smiley listing generate_smilies('inline', 0); // Generate PM Icons $s_pm_icons = false; if ($config['enable_pm_icons']) { $s_pm_icons = posting_gen_topic_icons($action, $icon_id); } // Generate inline attachment select box posting_gen_inline_attachments($attachment_data); // Build address list for display // array('u' => array($author_id => 'to')); if (!empty($address_list)) { // Get Usernames and Group Names $result = array(); if (isset($address_list['u']) && !empty($address_list['u'])) { $result['u'] = $_CLASS['core_db']->query('SELECT user_id as id, username as name, user_colour as colour FROM ' . USERS_TABLE . ' WHERE user_id IN (' . implode(', ', array_map('intval', array_keys($address_list['u']))) . ')'); } if (isset($address_list['g']) && !empty($address_list['g'])) { $result['g'] = $_CLASS['core_db']->query('SELECT group_id as id, group_name as name, group_colour as colour FROM ' . GROUPS_TABLE . ' WHERE group_receive_pm = 1 AND group_id IN (' . implode(', ', array_map('intval', array_keys($address_list['g']))) . ')'); } $u = $g = array(); foreach (array('u', 'g') as $type) { if (isset($result[$type]) && $result[$type]) { while ($row = $_CLASS['core_db']->fetch_row_assoc($result[$type])) { ${$type}[$row['id']] = array('name' => $row['name'], 'colour' => $row['colour']); } $_CLASS['core_db']->free_result($result[$type]); } } // Now Build the address list $plain_address_field = ''; foreach ($address_list as $type => $adr_ary) { foreach ($adr_ary as $id => $field) { if (!isset(${$type}[$id])) { unset($address_list[$type][$id]); continue; } $field = $field == 'to' ? 'to' : 'bcc'; $type = $type == 'u' ? 'u' : 'g'; $id = (int) $id; $_CLASS['core_template']->assign_vars_array($field . '_recipient', array('NAME' => ${$type}[$id]['name'], 'IS_GROUP' => $type == 'g', 'IS_USER' => $type == 'u', 'COLOUR' => ${$type}[$id]['colour'] ? ${$type}[$id]['colour'] : '', 'UG_ID' => $id, 'U_VIEW' => $type == 'u' ? generate_link('Members_List&mode=viewprofile&u=' . $id) : generate_link('Members_List&mode=group&g=' . $id), 'TYPE' => $type)); } } } // Build hidden address list $s_hidden_address_field = ''; foreach ($address_list as $type => $adr_ary) { foreach ($adr_ary as $id => $field) { $s_hidden_address_field .= '<input type="hidden" name="address_list[' . ($type == 'u' ? 'u' : 'g') . '][' . (int) $id . ']" value="' . ($field == 'to' ? 'to' : 'bcc') . '" />'; } } $html_checked = isset($enable_html) ? !$enable_html : ($config['allow_html'] && $_CLASS['auth']->acl_get('u_pm_html') ? !$_CLASS['core_user']->optionget('html') : 1); $bbcode_checked = isset($enable_bbcode) ? !$enable_bbcode : ($config['allow_bbcode'] && $_CLASS['auth']->acl_get('u_pm_bbcode') ? !$_CLASS['core_user']->optionget('bbcode') : 1); $smilies_checked = isset($enable_smilies) ? !$enable_smilies : ($config['allow_smilies'] && $_CLASS['auth']->acl_get('u_pm_smilies') ? !$_CLASS['core_user']->optionget('smilies') : 1); $urls_checked = isset($enable_urls) ? !$enable_urls : 0; $sig_checked = $enable_sig; switch ($action) { case 'post': $page_title = $_CLASS['core_user']->lang['POST_NEW_PM']; break; case 'quote': $page_title = $_CLASS['core_user']->lang['POST_QUOTE_PM']; break; case 'reply': $page_title = $_CLASS['core_user']->lang['POST_REPLY_PM']; break; case 'edit': $page_title = $_CLASS['core_user']->lang['POST_EDIT_PM']; break; case 'forward': $page_title = $_CLASS['core_user']->lang['POST_FORWARD_PM']; break; default: trigger_error('NO_ACTION_MODE'); } $s_hidden_fields = '<input type="hidden" name="lastclick" value="' . $current_time . '" />'; $s_hidden_fields .= isset($check_value) ? '<input type="hidden" name="status_switch" value="' . $check_value . '" />' : ''; $s_hidden_fields .= $draft_id || isset($_REQUEST['draft_loaded']) ? '<input type="hidden" name="draft_loaded" value="' . (isset($_REQUEST['draft_loaded']) ? intval($_REQUEST['draft_loaded']) : $draft_id) . '" />' : ''; $form_enctype = @ini_get('file_uploads') == '0' || strtolower(@ini_get('file_uploads')) == 'off' || @ini_get('file_uploads') == '0' || !$config['allow_pm_attach'] || !$_CLASS['auth']->acl_get('u_pm_attach') ? '' : ' enctype="multipart/form-data"'; // Start assigning vars for main posting page ... $_CLASS['core_template']->assign(array('L_POST_A' => $page_title, 'L_ICON' => $_CLASS['core_user']->lang['PM_ICON'], 'L_MESSAGE_BODY_EXPLAIN' => intval($config['max_post_chars']) ? sprintf($_CLASS['core_user']->lang['MESSAGE_BODY_EXPLAIN'], intval($config['max_post_chars'])) : '', 'SUBJECT' => isset($message_subject) ? $message_subject : '', 'MESSAGE' => $message_text, 'HTML_STATUS' => $html_status ? $_CLASS['core_user']->lang['HTML_IS_ON'] : $_CLASS['core_user']->lang['HTML_IS_OFF'], 'BBCODE_STATUS' => $bbcode_status ? sprintf($_CLASS['core_user']->lang['BBCODE_IS_ON'], '<a href="' . generate_link('Forums&file=faq&mode=bbcode') . '" target="_phpbbcode">', '</a>') : sprintf($_CLASS['core_user']->lang['BBCODE_IS_OFF'], '<a href="' . generate_link('Forums&file=faq&mode=bbcode') . '" target="_phpbbcode">', '</a>'), 'IMG_STATUS' => $img_status ? $_CLASS['core_user']->lang['IMAGES_ARE_ON'] : $_CLASS['core_user']->lang['IMAGES_ARE_OFF'], 'FLASH_STATUS' => $flash_status ? $_CLASS['core_user']->lang['FLASH_IS_ON'] : $_CLASS['core_user']->lang['FLASH_IS_OFF'], 'SMILIES_STATUS' => $smilies_status ? $_CLASS['core_user']->lang['SMILIES_ARE_ON'] : $_CLASS['core_user']->lang['SMILIES_ARE_OFF'], 'MINI_POST_IMG' => $_CLASS['core_user']->img('icon_post', $_CLASS['core_user']->lang['PM']), 'ERROR' => empty($error) ? '' : implode('<br />', $error), 'S_EDIT_POST' => $action == 'edit', 'S_SHOW_PM_ICONS' => $s_pm_icons, 'S_HTML_ALLOWED' => $html_status, 'S_HTML_CHECKED' => $html_checked ? ' checked="checked"' : '', 'S_BBCODE_ALLOWED' => $bbcode_status, 'S_BBCODE_CHECKED' => $bbcode_checked ? ' checked="checked"' : '', 'S_SMILIES_ALLOWED' => $smilies_status, 'S_SMILIES_CHECKED' => $smilies_checked ? ' checked="checked"' : '', 'S_SIG_ALLOWED' => $config['allow_sig'] && $_CLASS['auth']->acl_get('u_sig'), 'S_SIGNATURE_CHECKED' => $sig_checked ? ' checked="checked"' : '', 'S_MAGIC_URL_CHECKED' => $urls_checked ? ' checked="checked"' : '', 'S_SAVE_ALLOWED' => $_CLASS['auth']->acl_get('u_savedrafts'), 'S_HAS_DRAFTS' => $_CLASS['auth']->acl_get('u_savedrafts') && $drafts, 'S_FORM_ENCTYPE' => $form_enctype, 'S_POST_ACTION' => generate_link($s_action), 'S_HIDDEN_ADDRESS_FIELD' => $s_hidden_address_field, 'S_HIDDEN_FIELDS' => $s_hidden_fields)); // Attachment entry if ($_CLASS['auth']->acl_get('u_pm_attach') && $config['allow_pm_attach'] && $form_enctype) { posting_gen_attachment_entry($attachment_data, $filename_data); } }
function page_articles() { global $_CLASS; $_CLASS['core_user']->user_setup(); if (isset($_GET['mode'])) { switch ($_GET['mode']) { case 'print': $print = true; case 'view': $print = isset($print); $id = get_variable('id', 'GET', false, 'int'); if (!$id) { trigger_error('ARTICLE_NOT_FOUND'); } $result = $_CLASS['core_db']->query('SELECT * FROM ' . ARTICLES_TABLE . ' WHERE articles_id = ' . $id); $row = $_CLASS['core_db']->fetch_row_assoc($result); $_CLASS['core_db']->free_result($result); if (!$row || $row['articles_status'] != STATUS_ACTIVE) { trigger_error('ARTICLE_NOT_FOUND'); } $_CLASS['core_template']->assign_array(array('ARTICLES_POSTER' => $row['poster_name'] ? $row['poster_name'] : $_CLASS['core_user']->get_lang('ANONYMOUS'), 'ARTICLES_POSTER_LINK' => $row['poster_name'] && $row['poster_id'] ? generate_link('Members_List&mode=viewprofile&u=' . $row['poster_id']) : '', 'ARTICLES_TEXT' => $row['articles_text'], 'ARTICLES_CONTENT_LINK' => generate_link('articles&mode=view&id=' . $row['articles_id']), 'ARTICLES_TIME' => $_CLASS['core_user']->format_date($row['articles_posted']), 'ARTICLES_TITLE' => $row['articles_title'], 'ARTICLES_ID' => $id, 'ARTICLES_LINK_PRINT' => generate_link('articles&mode=print&id=' . $row['articles_id']), 'ARTICLES_LINK_SEND' => generate_link('articles&mode=send&id=' . $row['articles_id']))); $_CLASS['core_display']->display(false, $print ? 'modules/articles/print.html' : 'modules/articles/view.html'); script_close(); break; } } $start = get_variable('start', 'GET', false, 'int'); $collapable_holding = array(); $expire_updated = false; $limit = 10; $sql = 'SELECT * FROM ' . ARTICLES_TABLE . ' WHERE articles_status = ' . STATUS_ACTIVE . ' ORDER BY articles_order ASC'; $result = $_CLASS['core_db']->query_limit($sql, $limit, $start); while ($row = $_CLASS['core_db']->fetch_row_assoc($result)) { // this can cause problems, only thing to do is remove the limit query and do a loop until we get the needed articles if ($row['articles_auth'] && !$_CLASS['core_auth']->auth(@unserialize($row['articles_auth'])) && !$_CLASS['core_auth']->admin_power('articles')) { continue; } if ($row['articles_expires'] && !$expire_updated && $_CLASS['core_user']->time > $row['articles_expires']) { $_CLASS['core_db']->query('UPDATE ' . ARTICLES_TABLE . ' SET articles_status = ' . STATUS_DISABLED . ' WHERE articles_expires > 0 AND articles_expires <= ' . $_CLASS['core_user']->time); $expire_updated = true; continue; } if ($row['articles_starts'] && $row['articles_starts'] > $_CLASS['core_user']->time) { continue; } $_CLASS['core_template']->assign_vars_array('articles', array('poster' => $row['poster_name'] ? $row['poster_name'] : $_CLASS['core_user']->get_lang('ANONYMOUS'), 'content' => $row['articles_intro'] ? $row['articles_intro'] : $row['articles_text'], 'time' => $_CLASS['core_user']->format_date($row['articles_posted']), 'title' => $row['articles_title'], 'id' => $row['articles_id'], 'collapse' => check_collapsed_status('a_' . $row['articles_id']), 'full_story' => $row['articles_intro'] && $row['articles_text'], 'link_poster' => $row['poster_name'] && $row['poster_id'] ? generate_link('Members_List&mode=viewprofile&u=' . $row['poster_id']) : '', 'link_content' => generate_link('articles&mode=view&id=' . $row['articles_id']), 'link_print' => generate_link('articles&mode=print&id=' . $row['articles_id']), 'link_send' => generate_link('articles&mode=send&id=' . $row['articles_id']))); $collapable_holding[] = 'a_' . $row['articles_id']; } $_CLASS['core_db']->free_result($result); // Garbage collection, would cause problems with guest/loggin articl views if ($cookie_data = get_variable('collapsed_items', 'COOKIE')) { $collapsed_items = $cookie_data ? explode(':', $cookie_data) : array(); $count = count($collapsed_items); for ($i = 0; $i < $count; $i++) { if (mb_strpos($collapsed_items[$i], 'a_') === 0 && !in_array($collapsed_items[$i], $collapable_holding)) { unset($collapsed_items[$i]); } } $collapsed_items = implode(':', $collapsed_items); setcookie('collapsed_items', $collapsed_items, (int) $_CLASS['core_user']->time + 31536000000.0, '/'); } $result = $_CLASS['core_db']->query('SELECT COUNT(*) AS total FROM ' . ARTICLES_TABLE . ' WHERE articles_status = ' . STATUS_ACTIVE); $row = $_CLASS['core_db']->fetch_row_assoc($result); $_CLASS['core_db']->free_result($result); $pagination = generate_pagination('articles', $row['total'], $limit, $start); $_CLASS['core_template']->assign_array(array('articles_pagination' => $pagination['formated'], 'articles_pagination_array' => $pagination['array'])); $_CLASS['core_display']->display(false, 'modules/articles/index.html'); }
function send_file_to_browser($attachment, $upload_dir, $category) { global $_CLASS, $config; $filename = $upload_dir . '/' . $attachment['physical_filename']; if (!@file_exists($filename)) { trigger_error($_CLASS['core_user']->lang['ERROR_NO_ATTACHMENT'] . '<br /><br />' . sprintf($_CLASS['core_user']->lang['FILE_NOT_FOUND_404'], $filename)); } // Check if headers already sent or not able to get the file contents. if (headers_sent() || !@is_readable($filename)) { trigger_error('UNABLE_TO_DELIVER_FILE'); } /* Correct the mime type - we force application/octetstream for all files, except images Please do not change this, it is a security precaution */ if (strpos($attachment['mimetype'], 'image') !== 0) { $attachment['mimetype'] = strpos(strtolower($_CLASS['core_user']->browser), 'msie') !== false || strpos(strtolower($_CLASS['core_user']->browser), 'opera') !== false ? 'application/octetstream' : 'application/octet-stream'; } /* Clean all output buffers */ if (@ob_get_length()) { while (@ob_end_clean()) { } } header('Content-Encoding: '); /* Send out required headers */ header('Pragma: public'); // Try X-Sendfile since it is much more server friendly - only works if the path is *not* outside of the root path... // lighttpd has core support for it. An apache2 module is available at http://celebnamer.celebworld.ws/stuff/mod_xsendfile/ if (strpos($upload_dir, '/') !== 0 && strpos($upload_dir, '../') === false && (!SITE_ROOT || (strpos($upload_dir, SITE_ROOT) || @file_exists(SITE_ROOT . $filename)))) { header('X-Sendfile: ' . $filename); } header('Content-Type: ' . $attachment['mimetype'] . '; name="' . $attachment['real_filename'] . '"'); header('Content-Disposition: ' . (strpos($attachment['mimetype'], 'image') === 0 ? 'inline' : 'attachment') . '; filename="' . $attachment['real_filename'] . '"'); /* Now send the File Contents to the Browser */ $size = @filesize($filename); if ($size) { header('Content-Length: ' . $size); } $result = @readfile($filename); if (!$result) { trigger_error('Unable to deliver file.<br />Error was: ' . $php_errormsg, E_USER_WARNING); } script_close(false); }
function display_footer($save = true) { global $_CLASS, $_CORE_MODULE, $_CORE_CONFIG; if ($this->displayed['footer']) { return; } if (!$this->displayed['header']) { script_close($save); } if ($_CORE_MODULE = $this->get_module()) { require SITE_FILE_ROOT . 'modules/' . $_CORE_MODULE['module_name'] . '/index.php'; } $this->displayed['footer'] = true; if ($this->homepage) { $_CLASS['core_blocks']->display(BLOCK_BOTTOM); } $_CLASS['core_blocks']->display(BLOCK_MESSAGE_BOTTOM); if ($this->displayed['header']) { $this->theme->theme_footer(); } script_close($save); }
function display_footer($save = true) { global $_CLASS, $_CORE_MODULE, $_CORE_CONFIG; if ($this->displayed['footer']) { return; } if (!$this->displayed['header']) { script_close($save); } if ($this->generate_page()) { return; } $this->displayed['footer'] = true; $_CLASS['core_blocks']->generate(BLOCK_BOTTOM); $_CLASS['core_blocks']->generate(BLOCK_MESSAGE_BOTTOM); if ($this->displayed['header']) { $this->theme->theme_footer(); } script_close($save); }