function spa_render_profiles_container($formid) { switch ($formid) { case 'options': include_once SF_PLUGIN_DIR . '/admin/panel-profiles/forms/spa-profiles-options-form.php'; spa_profiles_options_form(); break; case 'tabsmenus': include_once SF_PLUGIN_DIR . '/admin/panel-profiles/forms/spa-profiles-tabs-menus-form.php'; spa_profiles_tabs_menus_form(); break; case 'avatars': include_once SF_PLUGIN_DIR . '/admin/panel-profiles/forms/spa-profiles-avatars-form.php'; spa_profiles_avatars_form(); break; # leave this for plugins to add to this panel # leave this for plugins to add to this panel case 'plugin': include_once SF_PLUGIN_DIR . '/admin/panel-plugins/forms/spa-plugins-user-form.php'; $admin = isset($_GET['admin']) ? sp_esc_str($_GET['admin']) : ''; $save = isset($_GET['save']) ? sp_esc_str($_GET['save']) : ''; $form = isset($_GET['form']) ? sp_esc_int($_GET['form']) : ''; $reload = isset($_GET['reload']) ? sp_esc_str($_GET['reload']) : ''; spa_plugins_user_form($admin, $save, $form, $reload); break; } }
function spa_render_options_container($formid) { switch ($formid) { case 'global': include_once SF_PLUGIN_DIR . '/admin/panel-options/forms/spa-options-global-form.php'; spa_options_global_form(); break; case 'display': include_once SF_PLUGIN_DIR . '/admin/panel-options/forms/spa-options-display-form.php'; spa_options_display_form(); break; case 'content': include_once SF_PLUGIN_DIR . '/admin/panel-options/forms/spa-options-content-form.php'; spa_options_content_form(); break; case 'members': include_once SF_PLUGIN_DIR . '/admin/panel-options/forms/spa-options-members-form.php'; spa_options_members_form(); break; case 'email': include_once SF_PLUGIN_DIR . '/admin/panel-options/forms/spa-options-email-form.php'; spa_options_email_form(); break; # leave this for plugins to add to this panel # leave this for plugins to add to this panel case 'plugin': include_once SF_PLUGIN_DIR . '/admin/panel-plugins/forms/spa-plugins-user-form.php'; $admin = isset($_GET['admin']) ? sp_esc_str($_GET['admin']) : ''; $save = isset($_GET['save']) ? sp_esc_str($_GET['save']) : ''; $form = isset($_GET['form']) ? sp_esc_int($_GET['form']) : ''; $reload = isset($_GET['reload']) ? sp_esc_str($_GET['reload']) : ''; spa_plugins_user_form($admin, $save, $form, $reload); break; } }
function spa_render_integration_container($formid) { switch ($formid) { case 'page': include_once SF_PLUGIN_DIR . '/admin/panel-integration/forms/spa-integration-page-form.php'; spa_integration_page_form(); break; case 'storage': include_once SF_PLUGIN_DIR . '/admin/panel-integration/forms/spa-integration-storage-form.php'; spa_integration_storage_form(); break; case 'language': include_once SF_PLUGIN_DIR . '/admin/panel-integration/forms/spa-integration-language-form.php'; spa_integration_language_form(); break; # leave this for plugins to add to this panel # leave this for plugins to add to this panel case 'plugin': include_once SF_PLUGIN_DIR . '/admin/panel-plugins/forms/spa-plugins-user-form.php'; $admin = isset($_GET['admin']) ? sp_esc_str($_GET['admin']) : ''; $save = isset($_GET['save']) ? sp_esc_str($_GET['save']) : ''; $form = isset($_GET['form']) ? sp_esc_int($_GET['form']) : ''; $reload = isset($_GET['reload']) ? sp_esc_str($_GET['reload']) : ''; spa_plugins_user_form($admin, $save, $form, $reload); break; } }
function spa_render_themes_container($formid) { switch ($formid) { case 'theme-list': include_once SF_PLUGIN_DIR . '/admin/panel-themes/forms/spa-themes-list-form.php'; spa_themes_list_form(); break; case 'mobile': include_once SF_PLUGIN_DIR . '/admin/panel-themes/forms/spa-themes-mobile-form.php'; spa_themes_mobile_form(); break; case 'tablet': include_once SF_PLUGIN_DIR . '/admin/panel-themes/forms/spa-themes-tablet-form.php'; spa_themes_tablet_form(); break; case 'editor': include_once SF_PLUGIN_DIR . '/admin/panel-themes/forms/spa-themes-editor-form.php'; spa_themes_editor_form(); break; case 'theme-upload': include_once SF_PLUGIN_DIR . '/admin/panel-themes/forms/spa-themes-upload-form.php'; spa_themes_upload_form(); break; # leave this for plugins to add to this panel # leave this for plugins to add to this panel case 'plugin': include_once SF_PLUGIN_DIR . '/admin/panel-plugins/forms/spa-plugins-user-form.php'; $admin = isset($_GET['admin']) ? sp_esc_str($_GET['admin']) : ''; $save = isset($_GET['save']) ? sp_esc_str($_GET['save']) : ''; $form = isset($_GET['form']) ? sp_esc_int($_GET['form']) : ''; $reload = isset($_GET['reload']) ? sp_esc_str($_GET['reload']) : ''; spa_plugins_user_form($admin, $save, $form, $reload); break; } }
function spa_render_admins_container($formid) { switch ($formid) { case 'youradmin': include_once SF_PLUGIN_DIR . '/admin/panel-admins/forms/spa-admins-your-options-form.php'; spa_admins_your_options_form(); break; case 'globaladmin': include_once SF_PLUGIN_DIR . '/admin/panel-admins/forms/spa-admins-global-options-form.php'; spa_admins_global_options_form(); break; case 'manageadmin': require_once ABSPATH . 'wp-admin/includes/admin.php'; include_once SF_PLUGIN_DIR . '/admin/panel-admins/forms/spa-admins-manage-admins-form.php'; spa_admins_manage_admins_form(); break; # leave this for plugins to add to this panel # leave this for plugins to add to this panel case 'plugin': include_once SF_PLUGIN_DIR . '/admin/panel-plugins/forms/spa-plugins-user-form.php'; $admin = isset($_GET['admin']) ? sp_esc_str($_GET['admin']) : ''; $save = isset($_GET['save']) ? sp_esc_str($_GET['save']) : ''; $form = isset($_GET['form']) ? sp_esc_int($_GET['form']) : ''; $reload = isset($_GET['reload']) ? sp_esc_str($_GET['reload']) : ''; spa_plugins_user_form($admin, $save, $form, $reload); break; } }
function sp_profile_add_menu($menu, $name, $form, $order = 0, $display = 1, $auth = '') { # sanitize before use $menu = sp_filter_title_save($menu); $slug = sp_create_slug($name, false); $name = sp_filter_title_save($name); $form = str_replace('\\', '/', $form); # sanitize for Win32 installs $display = (int) $display; $auth = sp_esc_str($auth); # get profile tabs $tabs = sp_profile_get_tabs(); if (empty($tabs)) { return false; } # find the requested tab foreach ($tabs as &$tab) { $found = false; if ($tab['name'] == $menu) { # make sure the menu doesnt already exist on this tab if (isset($tab['menus']) && $tab['menus']) { foreach ($tab['menus'] as $thisMenu) { if ($thisMenu['name'] == $name) { return -1; } } } # insert the new menu if (empty($order)) { $order = empty($tab['menus']) ? 0 : count($tab['menus']); } $newtab = array(); $newtab['name'] = $name; $newtab['slug'] = $slug; $newtab['form'] = $form; $newtab['display'] = $display; $newtab['auth'] = $auth; sp_array_insert($tab['menus'], $newtab, $order); # make sure its compact $tab['menus'] = array_values($tab['menus']); # menu added so break out $found = true; break; } } # if tab wasnt found bail if (!$found) { return false; } # save the new profile tabs $result = sp_add_sfmeta('profile', 'tabs', $tabs); return $result; }
function spa_render_toolbox_container($formid) { switch ($formid) { case 'toolbox': include_once SF_PLUGIN_DIR . '/admin/panel-toolbox/forms/spa-toolbox-toolbox-form.php'; spa_toolbox_toolbox_form(); break; case 'environment': include_once SF_PLUGIN_DIR . '/admin/panel-toolbox/forms/spa-toolbox-environment-form.php'; spa_toolbox_environment_form(); break; case 'housekeeping': include_once SF_PLUGIN_DIR . '/admin/panel-toolbox/forms/spa-toolbox-housekeeping-form.php'; spa_toolbox_housekeeping_form(); break; case 'inspector': include_once SF_PLUGIN_DIR . '/admin/panel-toolbox/forms/spa-toolbox-inspector-form.php'; spa_toolbox_inspector_form(); break; case 'cron': include_once SF_PLUGIN_DIR . '/admin/panel-toolbox/forms/spa-toolbox-cron-form.php'; spa_toolbox_cron_form(); break; case 'log': include_once SF_PLUGIN_DIR . '/admin/panel-toolbox/forms/spa-toolbox-log-form.php'; spa_toolbox_log_form(); break; case 'errorlog': include_once SF_PLUGIN_DIR . '/admin/panel-toolbox/forms/spa-toolbox-errorlog-form.php'; spa_toolbox_errorlog_form(); break; case 'changelog': include_once SF_PLUGIN_DIR . '/admin/panel-toolbox/forms/spa-toolbox-changelog-form.php'; spa_toolbox_changelog_form(); break; case 'uninstall': include_once SF_PLUGIN_DIR . '/admin/panel-toolbox/forms/spa-toolbox-uninstall-form.php'; spa_toolbox_uninstall_form(); break; # leave this for plugins to add to this panel # leave this for plugins to add to this panel case 'plugin': include_once SF_PLUGIN_DIR . '/admin/panel-plugins/forms/spa-plugins-user-form.php'; $admin = isset($_GET['admin']) ? sp_esc_str($_GET['admin']) : ''; $save = isset($_GET['save']) ? sp_esc_str($_GET['save']) : ''; $form = isset($_GET['form']) ? sp_esc_int($_GET['form']) : ''; $reload = isset($_GET['reload']) ? sp_esc_str($_GET['reload']) : ''; spa_plugins_user_form($admin, $save, $form, $reload); break; } }
function spa_render_components_container($formid) { switch ($formid) { case 'smileys': include_once SF_PLUGIN_DIR . '/admin/panel-components/forms/spa-components-smileys-form.php'; spa_components_smileys_form(); break; case 'login': include_once SF_PLUGIN_DIR . '/admin/panel-components/forms/spa-components-login-form.php'; spa_components_login_form(); break; case 'seo': include_once SF_PLUGIN_DIR . '/admin/panel-components/forms/spa-components-seo-form.php'; spa_components_seo_form(); break; case 'forumranks': include_once SF_PLUGIN_DIR . '/admin/panel-components/forms/spa-components-forumranks-form.php'; spa_components_forumranks_form(); break; case 'addmembers': include_once SF_PLUGIN_DIR . '/admin/panel-components/forms/spa-components-special-ranks-add-form.php'; spa_components_sr_add_members_form($_GET['id']); break; case 'delmembers': include_once SF_PLUGIN_DIR . '/admin/panel-components/forms/spa-components-special-ranks-del-form.php'; spa_components_sr_del_members_form($_GET['id']); break; case 'messages': include_once SF_PLUGIN_DIR . '/admin/panel-components/forms/spa-components-messages-form.php'; spa_components_messages_form(); break; case 'policies': include_once SF_PLUGIN_DIR . '/admin/panel-components/forms/spa-components-policies-form.php'; spa_components_policies_form(); break; # leave this for plugins to add to this panel # leave this for plugins to add to this panel case 'plugin': include_once SF_PLUGIN_DIR . '/admin/panel-plugins/forms/spa-plugins-user-form.php'; $admin = isset($_GET['admin']) ? sp_esc_str($_GET['admin']) : ''; $save = isset($_GET['save']) ? sp_esc_str($_GET['save']) : ''; $form = isset($_GET['form']) ? sp_esc_int($_GET['form']) : ''; $reload = isset($_GET['reload']) ? sp_esc_str($_GET['reload']) : ''; spa_plugins_user_form($admin, $save, $form, $reload); break; } }
function spa_render_usergroups_container($formid) { switch ($formid) { case 'usergroups': include_once SF_PLUGIN_DIR . '/admin/panel-usergroups/spa-usergroups-display-main.php'; spa_usergroups_usergroup_main(); break; case 'createusergroup': include_once SF_PLUGIN_DIR . '/admin/panel-usergroups/forms/spa-usergroups-create-usergroup-form.php'; spa_usergroups_create_usergroup_form(); break; case 'editusergroup': include_once SF_PLUGIN_DIR . '/admin/panel-usergroups/forms/spa-usergroups-edit-usergroup-form.php'; spa_usergroups_edit_usergroup_form(sp_esc_int($_GET['id'])); break; case 'delusergroup': include_once SF_PLUGIN_DIR . '/admin/panel-usergroups/forms/spa-usergroups-delete-usergroup-form.php'; spa_usergroups_delete_usergroup_form(sp_esc_int($_GET['id'])); break; case 'addmembers': include_once SF_PLUGIN_DIR . '/admin/panel-usergroups/forms/spa-usergroups-add-members-form.php'; spa_usergroups_add_members_form(sp_esc_int($_GET['id'])); break; case 'delmembers': include_once SF_PLUGIN_DIR . '/admin/panel-usergroups/forms/spa-usergroups-delete-members-form.php'; spa_usergroups_delete_members_form(sp_esc_int($_GET['id'])); break; case 'mapusers': include_once SF_PLUGIN_DIR . '/admin/panel-usergroups/forms/spa-usergroups-map-users.php'; spa_usergroups_map_users(); break; # leave this for plugins to add to this panel # leave this for plugins to add to this panel case 'plugin': include_once SF_PLUGIN_DIR . '/admin/panel-plugins/forms/spa-plugins-user-form.php'; $admin = isset($_GET['admin']) ? sp_esc_str($_GET['admin']) : ''; $save = isset($_GET['save']) ? sp_esc_str($_GET['save']) : ''; $form = isset($_GET['form']) ? sp_esc_int($_GET['form']) : ''; $reload = isset($_GET['reload']) ? sp_esc_str($_GET['reload']) : ''; spa_plugins_user_form($admin, $save, $form, $reload); break; } }
function spa_render_users_container($formid) { switch ($formid) { case 'member-info': require_once ABSPATH . 'wp-admin/includes/admin.php'; include_once SF_PLUGIN_DIR . '/admin/panel-users/forms/spa-users-members-form.php'; spa_users_members_form(); break; # leave this for plugins to add to this panel # leave this for plugins to add to this panel case 'plugin': include_once SF_PLUGIN_DIR . '/admin/panel-plugins/forms/spa-plugins-user-form.php'; $admin = isset($_GET['admin']) ? sp_esc_str($_GET['admin']) : ''; $save = isset($_GET['save']) ? sp_esc_str($_GET['save']) : ''; $form = isset($_GET['form']) ? sp_esc_int($_GET['form']) : ''; $reload = isset($_GET['reload']) ? sp_esc_str($_GET['reload']) : ''; spa_plugins_user_form($admin, $save, $form, $reload); break; } }
function spa_render_permissions_container($formid) { switch ($formid) { case 'permissions': include_once SF_PLUGIN_DIR . '/admin/panel-permissions/spa-permissions-display-main.php'; spa_permissions_permission_main(); break; case 'createperm': include_once SF_PLUGIN_DIR . '/admin/panel-permissions/forms/spa-permissions-add-permission-form.php'; spa_permissions_add_permission_form(); break; case 'editperm': include_once SF_PLUGIN_DIR . '/admin/panel-permissions/forms/spa-permissions-edit-permission-form.php'; spa_permissions_edit_permission_form(sp_esc_int($_GET['id'])); break; case 'delperm': include_once SF_PLUGIN_DIR . '/admin/panel-permissions/forms/spa-permissions-delete-permission-form.php'; spa_permissions_delete_permission_form(sp_esc_int($_GET['id'])); break; case 'resetperms': include_once SF_PLUGIN_DIR . '/admin/panel-permissions/forms/spa-permissions-reset-permissions-form.php'; spa_permissions_reset_perms_form(); break; case 'newauth': include_once SF_PLUGIN_DIR . '/admin/panel-permissions/forms/spa-permissions-add-auth-form.php'; spa_permissions_add_auth_form(); break; # leave this for plugins to add to this panel # leave this for plugins to add to this panel case 'plugin': include_once SF_PLUGIN_DIR . '/admin/panel-plugins/forms/spa-plugins-user-form.php'; $admin = isset($_GET['admin']) ? sp_esc_str($_GET['admin']) : ''; $save = isset($_GET['save']) ? sp_esc_str($_GET['save']) : ''; $form = isset($_GET['form']) ? sp_esc_int($_GET['form']) : ''; $reload = isset($_GET['reload']) ? sp_esc_str($_GET['reload']) : ''; spa_plugins_user_form($admin, $save, $form, $reload); break; } }
function spa_save_plugin_activation() { check_admin_referer('forum-adminform_plugins', 'sfnonce'); if (!sp_current_user_can('SPF Manage Plugins')) { spa_etext('Access denied - you do not have permission'); die; } if (empty($_GET['action']) && empty($_GET['action2']) || empty($_GET['plugin'])) { return spa_text('An error occurred activating/deactivating the plugin!'); } $action = !empty($_GET['action']) ? sp_esc_str($_GET['action']) : sp_esc_str($_GET['action2']); $plugin = sp_esc_str($_GET['plugin']); if ($action == 'activate') { # activate the plugin sp_activate_sp_plugin($plugin); # reset all users plugin data in case new plugin adds elements to user object sp_reset_member_plugindata(); } else { if ($action == 'deactivate') { # deactivate the plugin sp_deactivate_sp_plugin($plugin); } else { if ($action == 'uninstall_confirmed') { # fire uninstall action do_action('sph_uninstall_plugin', trim($plugin)); do_action('sph_uninstall_' . trim($plugin)); do_action('sph_uninstalled_plugin', trim($plugin)); # now deactivate the plugin sp_deactivate_sp_plugin($plugin); } else { if ($action == 'delete' && (!is_multisite() || is_super_admin())) { # delete the plugin sp_delete_sp_plugin($plugin); } } } } do_action('sph_plugins_save', $action, $plugin); }
function spa_render_sidemenu() { global $sfadminpanels, $spThisUser, $spDevice; $target = 'sfmaincontainer'; $image = SFADMINIMAGES; $upgrade = admin_url('admin.php?page=' . SPINSTALLPATH); if (isset($_GET['tab']) ? $formid = sp_esc_str($_GET['tab']) : ($formid = '')) { } if ($spDevice == 'mobile') { echo '<div id="spaMobileAdmin">' . "\n"; echo '<select class="wp-core-ui" onchange="location = this.options[this.selectedIndex].value;">' . "\n"; foreach ($sfadminpanels as $index => $panel) { if (sp_current_user_can($panel[1]) || $panel[0] == 'Admins' && ($spThisUser->admin || $spThisUser->moderator)) { echo '<optgroup label="' . $panel[0] . '">' . "\n"; foreach ($panel[6] as $label => $data) { foreach ($data as $formid => $reload) { # ignore user plugin data for menu if ($formid == 'admin' || $formid == 'save' || $formid == 'form') { continue; } $id = ''; if ($reload != '') { $id = ' id="' . esc_attr($reload) . '"'; } else { $id = ' id="acc' . esc_attr($formid) . '"'; } $sel = ''; if (isset($_GET['tab'])) { if ($_GET['tab'] == 'plugin') { if (isset($_GET['admin']) && isset($data['admin']) && $_GET['admin'] == $data['admin']) { $sel = ' selected="selected" '; } } else { if ($_GET['tab'] == $formid) { $sel = ' selected="selected" '; } } } echo "<option {$id} {$sel}"; $admin = !empty($data['admin']) ? '&admin=' . $data['admin'] : ''; $save = !empty($data['save']) ? '&save=' . $data['save'] : ''; $form = !empty($data['form']) ? '&form=' . $data['form'] : ''; if (empty($admin)) { $base = SFHOMEURL . 'wp-admin/admin.php?page=simple-press/admin'; } else { $base = SFHOMEURL . 'wp-admin/admin.php?page=simple-press/admin/panel-plugins/spa-plugins.php'; $panel[2] = ''; } $http = $base . $panel[2] . '&tab=' . $formid . $admin . $save . $form; echo 'value="' . $http . '">' . $label . '</option>' . "\n"; } } echo '</optgroup>' . "\n"; } } echo '</select>' . "\n"; echo '<a class="button button-secondary" href="' . sp_url() . '">' . spa_text('Go To Forum') . '</a>'; echo '</div>' . "\n"; } else { echo '<div id="sfsidepanel">' . "\n"; echo '<div id="sfadminmenu">' . "\n"; foreach ($sfadminpanels as $index => $panel) { if (sp_current_user_can($panel[1]) || $panel[0] == 'Admins' && ($spThisUser->admin || $spThisUser->moderator)) { $pName = str_replace(' ', '', $panel[0]); echo '<div class="sfsidebutton" id="sfacc' . $pName . '">' . "\n"; echo '<div class="" title="' . esc_attr($panel[3]) . '"><span class="spa' . $panel[4] . '"></span><a href="#">' . $panel[0] . '</a></div>' . "\n"; echo '</div>' . "\n"; echo '<div class="sfmenublock">' . "\n"; foreach ($panel[6] as $label => $data) { foreach ($data as $formid => $reload) { # ignore user plugin data for menu if ($formid == 'admin' || $formid == 'save' || $formid == 'form') { continue; } echo '<div class="sfsideitem">' . "\n"; $id = ''; if ($reload != '') { $id = ' id="' . esc_attr($reload) . '"'; } else { $id = ' id="acc' . esc_attr($formid) . '"'; } $base = esc_js($panel[5]); $admin = !empty($data['admin']) ? $data['admin'] : ''; $save = !empty($data['save']) ? $data['save'] : ''; $form = !empty($data['form']) ? $data['form'] : ''; ?> <a<?php echo $id; ?> href="#" onclick="spjLoadForm('<?php echo $formid; ?> ', '<?php echo $base; ?> ', '<?php echo $target; ?> ', '<?php echo $image; ?> ', '', 'sfopen', '<?php echo $upgrade; ?> ', '<?php echo esc_js($admin); ?> ', '<?php echo esc_js($save); ?> ', '<?php echo $form; ?> ', '<?php echo $reload; ?> ');"><?php echo $label; ?> </a><?php echo "\n"; ?> <?php } echo '</div>' . "\n"; } echo '</div>' . "\n"; } } echo '</div>' . "\n"; # Help link $site = SFHOMEURL . 'index.php?sp_ahah=troubleshooting&sfnonce=' . wp_create_nonce('forum-ahah'); echo '<br /><input type="button" id="spHelp" class="button-primary" value="' . spa_text('Simple:Press Help and Troubleshooting') . '" onclick="spjTroubleshooting(\'' . $site . '\', \'' . $target . '\');" />' . "\n"; echo '</div>' . "\n"; } }
echo '</fieldset>'; } if ($action == 'delsmiley') { $file = sp_esc_str($_GET['file']); $path = SF_STORE_DIR . '/' . $spPaths['smileys'] . '/' . $file; @unlink($path); # load smiles from sfmeta $meta = sp_get_sfmeta('smileys', 'smileys'); # now cycle through to remove this entry and resave if (!empty($meta[0]['meta_value'])) { $newsmileys = array(); foreach ($meta[0]['meta_value'] as $name => $info) { if ($info[0] != $file) { $newsmileys[$name][0] = sp_filter_title_save($info[0]); $newsmileys[$name][1] = sp_filter_name_save($info[1]); $newsmileys[$name][2] = sp_filter_name_save($info[2]); $newsmileys[$name][3] = $info[3]; $newsmileys[$name][4] = $info[4]; } } sp_update_sfmeta('smileys', 'smileys', $newsmileys, $meta[0]['meta_id'], true); } echo '1'; } if ($action == 'delbadge') { $file = sp_esc_str($_GET['file']); $path = SF_STORE_DIR . '/' . $spPaths['ranks'] . '/' . $file; @unlink($path); echo '1'; } die;
# check for tab press if (isset($_GET['tab'])) { # profile edit, so only admin or logged in user can view if (empty($userid) || $spThisUser->ID != $userid && !$spThisUser->admin) { sp_notify(SPFAILURE, sp_text('Invalid profile request')); $out .= sp_render_queued_notification(); $out .= '<div class="sfmessagestrip">'; $out .= apply_filters('sph_ProfileErrorMsg', sp_text('Sorry, an invalid profile request was detected. Do you need to log in?')); $out .= '</div>'; return $out; } # set up profile for requested user sp_SetupUserProfileData($userid); # get pressed tab and menu (if pressed) $thisTab = sp_esc_str($_GET['tab']); $thisMenu = isset($_GET['menu']) ? sp_esc_str($_GET['menu']) : ''; # get all the tabs meta info $tabs = sp_profile_get_tabs(); if (!empty($tabs)) { foreach ($tabs as $tab) { # find the pressed tab in the list of tabs if ($tab['slug'] == $thisTab) { # now output the menu and content $first = true; $thisForm = ''; $thisName = ''; $thisSlug = ''; $out = ''; if (!empty($tab['menus'])) { foreach ($tab['menus'] as $menu) { # do we need an auth check?
function sp_ProfileEditMobile($tabSlug = 'profile', $menuSlug = 'overview') { # is this edit for current user of admin edit of user global $spVars, $spThisUser; if (!empty($spVars['member'])) { $userid = (int) $spVars['member']; } else { $userid = $spThisUser->ID; } if (empty($userid) || $spThisUser->ID != $userid && !$spThisUser->admin) { sp_notify(SPFAILURE, sp_text('Invalid profile request')); $out = sp_render_queued_notification(); $out .= '<div class="spMessage">'; $out .= apply_filters('sph_ProfileErrorMsg', sp_text('Sorry, an invalid profile request was detected. Do you need to log in?')); $out .= '</div>'; echo $out; return; } # see if query args used to specify tab and/or menu if (isset($_GET['ptab'])) { $tabSlug = sp_esc_str($_GET['ptab']); } if (isset($_GET['pmenu'])) { $menuSlug = sp_esc_str($_GET['pmenu']); } # set up the profile data global $spProfileUser; sp_SetupUserProfileData($userid); do_action('sph_profile_edit_before'); do_action('sph_ProfileStart'); $tabs = sp_profile_get_tabs(); if (!empty($tabs)) { do_action('sph_profile_edit_before_tabs'); echo '<div id="spProfileAccordion">'; echo "<div class='spProfileAccordionTab'>\n"; $firstTab = $firstMenu = ''; $tabSlugExist = $menuSlugExist = false; foreach ($tabs as $tab) { # do we need an auth check? $authCheck = empty($tab['auth']) ? true : sp_get_auth($tab['auth'], '', $userid); # is this tab being displayed and does user have auth to see it? if ($authCheck && $tab['display']) { if ($tab['slug'] == $tabSlug) { $tabSlugExist = true; } if (empty($firstTab)) { $firstTab = $tab['slug']; } echo '<h2 id="spProfileTabTitle-' . esc_attr($tab['slug']) . '">' . sp_filter_title_display($tab['name']) . "</h2>\n"; echo "<div id='spProfileTab-" . esc_attr($tab['slug']) . "' class='spProfileAccordionPane'>\n"; if (!empty($tab['menus'])) { echo "<div class='spProfileAccordionTab'>\n"; foreach ($tab['menus'] as $menu) { # do we need an auth check? $authCheck = empty($menu['auth']) ? true : sp_get_auth($menu['auth'], '', $userid); # is this menu being displayed and does user have auth to see it? if ($authCheck && $menu['display']) { if ($menu['slug'] == $menuSlug) { $menuSlugExist = true; } if (empty($firstMenu)) { $firstMenu = $menu['slug']; } $thisSlug = $menu['slug']; # this variable is used in the form action url # special checking for displaying menus $spProfileOptions = sp_get_option('sfprofile'); $spAvatars = sp_get_option('sfavatars'); $noPhotos = $menu['slug'] == 'edit-photos' && $spProfileOptions['photosmax'] < 1; # dont display edit photos if disabled $noAvatars = $menu['slug'] == 'edit-avatars' && !$spAvatars['sfshowavatars']; # dont display edit avatars if disabled $hideMenu = $noPhotos || $noAvatars; $hideMenu = apply_filters('sph_ProfileMenuHide', $hideMenu, $tab, $menu, $userid); if (!$hideMenu) { echo '<h2 id="spProfileMenuTitle-' . esc_attr($menu['slug']) . '">' . sp_filter_title_display($menu['name']) . "</h2>\n"; echo "<div id='spProfileMenu-" . esc_attr($menu['slug']) . "' class='spProfileAccordionPane'>\n"; if (!empty($menu['form']) && file_exists($menu['form'])) { echo "<div class='spProfileAccordionForm'>\n"; include_once $menu['form']; echo "</div>\n"; } else { echo sp_text('Profile form could not be found') . ': [' . $menu['name'] . ']<br />'; echo sp_text('You might try the forum - toolbox - housekeeping admin form and reset the profile tabs and menus and see if that helps'); } echo "</div>\n"; # menu pane } } } echo "</div>\n"; # menu accordion } echo "</div>\n"; # tab pane } } echo "</div>\n"; # tab accordion echo '</div>'; # profile accordion do_action('sph_profile_edit_after_tabs'); # inline js to create profile tabs global $firstTab, $firstMenu; $firstTab = $tabSlugExist ? $tabSlug : $firstTab; # if selected tab does not exist, use first tab $firstMenu = $menuSlugExist ? $menuSlug : $firstMenu; # if selected tab does not exist, use first menu in first tab # are we forcing password change on first login? if (isset($spThisUser->sp_change_pw) && $spThisUser->sp_change_pw) { $firstTab = 'profile'; $firstMenu = 'account-settings'; } add_action('wp_footer', 'sp_ProfileEditFooterMobile'); } do_action('sph_profile_edit_after'); }
function sp_UpdateProfile() { global $spGlobals, $spThisUser; # make sure nonce is there check_admin_referer('forum-profile', 'forum-profile'); $message = array(); # dont update forum if its locked down if ($spGlobals['lockdown']) { $message['type'] = 'error'; $message['text'] = sp_text('This forum is currently locked - access is read only - profile not updated'); return $message; } # do we have a form to update? if (isset($_GET['form'])) { $thisForm = sp_esc_str($_GET['form']); } else { $message['type'] = 'error'; $message['text'] = sp_text('Profile update aborted - no valid form'); return $message; } # do we have an actual user to update? if (isset($_GET['userid'])) { $thisUser = sp_esc_int($_GET['userid']); } else { $message['type'] = 'error'; $message['text'] = sp_text('Profile update aborted - no valid user'); return $message; } # Check the user ID for current user of admin edit if ($thisUser != $spThisUser->ID && !$spThisUser->admin) { $message['type'] = 'error'; $message['text'] = sp_text('Profile update aborted - no valid user'); return $message; } if (isset($spThisUser->sp_change_pw) && $spThisUser->sp_change_pw) { $pass1 = $pass2 = ''; if (isset($_POST['pass1'])) { $pass1 = $_POST['pass1']; } if (isset($_POST['pass2'])) { $pass2 = $_POST['pass2']; } if (empty($pass1) || empty($pass2) || $pass1 != $pass2) { $message['type'] = 'error'; $message['text'] = sp_text('Cannot save profile until password has been changed'); return $message; } } # form save filter $thisForm = apply_filters('sph_profile_save_thisForm', $thisForm); # valid save attempt, so lets process the save switch ($thisForm) { case 'show-memberships': # update memberships # any usergroup removals? if (isset($_POST['usergroup_leave'])) { foreach ($_POST['usergroup_leave'] as $membership) { sp_remove_membership(sp_esc_str($membership), $thisUser); } } # any usergroup joins? if (isset($_POST['usergroup_join'])) { foreach ($_POST['usergroup_join'] as $membership) { sp_add_membership(sp_esc_int($membership), $thisUser); } } # fire action for plugins $message = apply_filters('sph_UpdateProfileMemberships', $message, $thisUser); # output update message if (empty($message)) { $message['type'] = 'success'; $message['text'] = sp_text('Memberships updated'); } break; case 'account-settings': # update account settings # check for password update $pass1 = $pass2 = ''; if (isset($_POST['pass1'])) { $pass1 = $_POST['pass1']; } if (isset($_POST['pass2'])) { $pass2 = $_POST['pass2']; } if (!empty($pass1) || !empty($pass2)) { if ($pass1 != $pass2) { $message['type'] = 'error'; $message['text'] = sp_text('Please enter the same password in the two password fields'); return $message; } else { # update the password $user = new stdClass(); $user->ID = (int) $thisUser; $user->user_pass = $pass1; wp_update_user(get_object_vars($user)); if (isset($spThisUser->sp_change_pw) && $spThisUser->sp_change_pw) { delete_user_meta($spThisUser->ID, 'sp_change_pw'); } } } # now check the email is valid and unique $update = apply_filters('sph_ProfileUserEmailUpdate', true); if ($update) { $curEmail = sp_filter_email_save($_POST['curemail']); $email = sp_filter_email_save($_POST['email']); if ($email != $curEmail) { if (empty($email)) { $message['type'] = 'error'; $message['text'] = sp_text('Please enter a valid email address'); return $message; } elseif (($owner_id = email_exists($email)) && $owner_id != $thisUser) { $message['type'] = 'error'; $message['text'] = sp_text('The email address is already registered. Please choose another one'); return $message; } # save new email address $sql = 'UPDATE ' . SFUSERS . " SET user_email='{$email}' WHERE ID=" . $thisUser; spdb_query($sql); } } # fire action for plugins $message = apply_filters('sph_UpdateProfileSettings', $message, $thisUser); # output profile save status if (empty($message)) { $message['type'] = 'success'; $message['text'] = sp_text('Account settings updated'); } break; case 'edit-profile': # update profile settings # validate any username change $update = apply_filters('sph_ProfileUserDisplayNameUpdate', true); if ($update) { $spProfile = sp_get_option('sfprofile'); if ($spProfile['nameformat'] || $spThisUser->admin) { $display_name = !empty($_POST['display_name']) ? trim($_POST['display_name']) : spdb_table(SFUSERS, "ID={$thisUser}", 'user_login'); $display_name = sp_filter_name_save($display_name); # make sure display name isnt already used if ($_POST['oldname'] != $display_name) { $records = spdb_table(SFMEMBERS, "display_name='{$display_name}'"); if ($records) { foreach ($records as $record) { if ($record->user_id != $thisUser) { $message['type'] = 'error'; $message['text'] = $display_name . ' ' . sp_text('is already in use - please choose a different display name'); return $message; } } } # validate display name $errors = new WP_Error(); $user = new stdClass(); $user->display_name = $display_name; sp_validate_display_name($errors, true, $user); if ($errors->get_error_codes()) { $message['type'] = 'error'; $message['text'] = sp_text('The display name you have chosen is not allowed on this site'); return $message; } # now save the display name sp_update_member_item($thisUser, 'display_name', $display_name); # Update new users list with changed display name sp_update_newuser_name(sp_filter_name_save($_POST['oldname']), $display_name); # do we need to sync display name with wp? $options = sp_get_member_item($thisUser, 'user_options'); if ($options['namesync']) { spdb_query('UPDATE ' . SFUSERS . ' SET display_name="' . $display_name . '" WHERE ID=' . $thisUser); } } } } # save the url $update = apply_filters('sph_ProfileUserWebsiteUpdate', true); if ($update) { $url = sp_filter_url_save($_POST['website']); $sql = 'UPDATE ' . SFUSERS . ' SET user_url="' . $url . '" WHERE ID=' . $thisUser; spdb_query($sql); } # update first name, last name, location and biorgraphy $update = apply_filters('sph_ProfileUserFirstNameUpdate', true); if ($update) { update_user_meta($thisUser, 'first_name', sp_filter_name_save(trim($_POST['first_name']))); } $update = apply_filters('sph_ProfileUserLastNameUpdate', true); if ($update) { update_user_meta($thisUser, 'last_name', sp_filter_name_save(trim($_POST['last_name']))); } $update = apply_filters('sph_ProfileUserLocationUpdate', true); if ($update) { update_user_meta($thisUser, 'location', sp_filter_title_save(trim($_POST['location']))); } $update = apply_filters('sph_ProfileUserBiographyUpdate', true); if ($update) { update_user_meta($thisUser, 'description', sp_filter_save_kses($_POST['description'])); } # fire action for plugins $message = apply_filters('sph_UpdateProfileProfile', $message, $thisUser); # output profile save status if (empty($message)) { $message['type'] = 'success'; $message['text'] = sp_text('Profile settings updated'); } break; case 'edit-identities': # update identity settings # update the user identities $update = apply_filters('sph_ProfileUserAIMUpdate', true); if ($update) { update_user_meta($thisUser, 'aim', sp_filter_title_save(trim($_POST['aim']))); } $update = apply_filters('sph_ProfileUserYahooUpdate', true); if ($update) { update_user_meta($thisUser, 'yim', sp_filter_title_save(trim($_POST['yim']))); } $update = apply_filters('sph_ProfileUserGoogleUpdate', true); if ($update) { update_user_meta($thisUser, 'jabber', sp_filter_title_save(trim($_POST['jabber']))); } $update = apply_filters('sph_ProfileUserMSNUpdate', true); if ($update) { update_user_meta($thisUser, 'msn', sp_filter_title_save(trim($_POST['msn']))); } $update = apply_filters('sph_ProfileUserICQUpdate', true); if ($update) { update_user_meta($thisUser, 'icq', sp_filter_title_save(trim($_POST['icq']))); } $update = apply_filters('sph_ProfileUserSkypeUpdate', true); if ($update) { update_user_meta($thisUser, 'skype', sp_filter_title_save(trim($_POST['skype']))); } $update = apply_filters('sph_ProfileUserFacebookUpdate', true); if ($update) { update_user_meta($thisUser, 'facebook', sp_filter_title_save(trim($_POST['facebook']))); } $update = apply_filters('sph_ProfileUserMySpaceUpdate', true); if ($update) { update_user_meta($thisUser, 'myspace', sp_filter_title_save(trim($_POST['myspace']))); } $update = apply_filters('sph_ProfileUserTwitterUpdate', true); if ($update) { update_user_meta($thisUser, 'twitter', sp_filter_title_save(trim($_POST['twitter']))); } $update = apply_filters('sph_ProfileUserLinkedInUpdate', true); if ($update) { update_user_meta($thisUser, 'linkedin', sp_filter_title_save(trim($_POST['linkedin']))); } $update = apply_filters('sph_ProfileUserYouTubeUpdate', true); if ($update) { update_user_meta($thisUser, 'youtube', sp_filter_title_save(trim($_POST['youtube']))); } $update = apply_filters('sph_ProfileUserGooglePlusUpdate', true); if ($update) { update_user_meta($thisUser, 'googleplus', sp_filter_title_save(trim($_POST['googleplus']))); } # fire action for plugins $message = apply_filters('sph_UpdateProfileIdentities', $message, $thisUser); # output profile save status if (empty($message)) { $message['type'] = 'success'; $message['text'] = sp_text('Identities updated'); } break; case 'avatar-upload': # upload avatar # did we get an avatar to upload? if (empty($_FILES['avatar-upload']['name'])) { $message['type'] = 'error'; $message['text'] = sp_text('Sorry, the avatar filename was empty'); return $message; } # Verify the file extension global $spPaths; $uploaddir = SF_STORE_DIR . '/' . $spPaths['avatars'] . '/'; $filename = basename($_FILES['avatar-upload']['name']); $path = pathinfo($filename); $ext = strtolower($path['extension']); if ($ext != 'jpg' && $ext != 'jpeg' && $ext != 'gif' && $ext != 'png') { $message['type'] = 'error'; $message['text'] = sp_text('Sorry, only JPG, JPEG, PNG, or GIF files are allowed'); return $message; } # check image file mimetype $mimetype = 0; $mimetype = exif_imagetype($_FILES['avatar-upload']['tmp_name']); if (empty($mimetype) || $mimetype == 0 || $mimetype > 3) { $message['type'] = 'error'; $message['text'] = sp_text('Sorry, the avatar file is an invalid format'); return $message; } # make sure file extension and mime type actually match if ($mimetype == 1 && $ext != 'gif' || $mimetype == 2 && ($ext != 'jpg' && $ext != 'jpeg') || $mimetype == 3 && $ext != 'png') { $message['type'] = 'error'; $message['text'] = sp_text('Sorry, the file mime type does not match file extension'); return $message; } # Clean up file name just in case $filename = date('U') . sp_filter_filename_save(basename($_FILES['avatar-upload']['name'])); $uploadfile = $uploaddir . $filename; # check for existence if (file_exists($uploadfile)) { $message['type'] = 'error'; $message['text'] = sp_text('Sorry, the avatar file already exists'); return $message; } # check file size against limit if provided $spAvatars = sp_get_option('sfavatars'); if ($_FILES['avatar-upload']['size'] > $spAvatars['sfavatarfilesize']) { $message['type'] = 'error'; $message['text'] = sp_text('Sorry, the avatar file exceeds the maximum allowed size'); return $message; } # valid avatar, so try moving the uploaded file to the avatar storage directory if (move_uploaded_file($_FILES['avatar-upload']['tmp_name'], $uploadfile)) { @chmod("{$uploadfile}", 0644); # do we need to resize? $sfavatars = sp_get_option('sfavatars'); if ($sfavatars['sfavatarresize']) { $editor = wp_get_image_editor($uploadfile); if (is_wp_error($editor)) { @unlink($uploadfile); $message['type'] = 'error'; $message['text'] = sp_text('Sorry, there was a problem resizing the avatar'); return $message; } else { $editor->resize($sfavatars['sfavatarsize'], $sfavatars['sfavatarsize'], true); $imageinfo = $editor->save($uploadfile); $filename = $imageinfo['file']; } } # update member avatar data $avatar = sp_get_member_item($thisUser, 'avatar'); $avatar['uploaded'] = $filename; sp_update_member_item($thisUser, 'avatar', $avatar); } else { $message['type'] = 'error'; $message['text'] = sp_text('Sorry, the avatar file could not be moved to the avatar storage location'); return $message; } # fire action for plugins $message = apply_filters('sph_UpdateProfileAvatarUpload', $message, $thisUser); # output profile save status if (empty($message)) { $message['type'] = 'success'; $message['text'] = sp_text('Uploaded avatar updated'); } break; case 'avatar-pool': # pool avatar # get pool avatar name $filename = sp_filter_filename_save($_POST['spPoolAvatar']); # error if no pool avatar provided if (empty($filename)) { $message['type'] = 'error'; $message['text'] = sp_text('Sorry, you must select a pool avatar before trying to save it'); return $message; } # save the pool avatar $avatar = sp_get_member_item($thisUser, 'avatar'); $avatar['pool'] = $filename; sp_update_member_item($thisUser, 'avatar', $avatar); # fire action for plugins $message = apply_filters('sph_UpdateProfileAvatarPool', $message, $thisUser); # output profile save status if (empty($message)) { $message['type'] = 'success'; $message['text'] = sp_text('Pool avatar updated'); } break; case 'avatar-remote': # remote avatar # get remote avatar name $filename = sp_filter_url_save($_POST['spAvatarRemote']); $avatar = sp_get_member_item($thisUser, 'avatar'); $avatar['remote'] = $filename; sp_update_member_item($thisUser, 'avatar', $avatar); # fire action for plugins $message = apply_filters('sph_UpdateProfileAvatarRemote', $message, $thisUser); # output profile save status if (empty($message)) { $message['type'] = 'success'; $message['text'] = sp_text('Remote avatar updated'); } break; case 'edit-signature': # save signature # Check if maxmium links has been exceeded $numLinks = substr_count($_POST['postitem'], '</a>'); $spFilters = sp_get_option('sffilters'); if (!sp_get_auth('create_links', 'global', $thisUser) && $numLinks > 0 && !$spThisUser->admin) { $message['type'] = 'error'; $message['text'] = sp_text('You are not allowed to put links in signatures'); return $message; } if (sp_get_auth('create_links', 'global', $thisUser) && $spFilters['sfmaxlinks'] != 0 && $numLinks > $spFilters['sfmaxlinks'] && !$spThisUser->admin) { $message['type'] = 'error'; $message['text'] = sp_text('Maximum number of allowed links exceeded in signature') . ': ' . $spFilters['sfmaxlinks'] . ' ' . sp_text('allowed'); return $message; } // $sig = esc_sql(sp_filter_save_kses(trim($_POST['postitem']))); $sig = sp_filter_content_save($_POST['postitem'], 'edit'); sp_update_member_item($thisUser, 'signature', $sig); # fire action for plugins $message = apply_filters('sph_UpdateProfileSignature', $message, $thisUser); # output profile save status if (empty($message)) { $message['type'] = 'success'; $message['text'] = sp_text('Signature updated'); } break; case 'edit-photos': # save photos $photos = array(); $spProfileOptions = sp_get_option('sfprofile'); for ($x = 0; $x < $spProfileOptions['photosmax']; $x++) { $photos[$x] = sp_filter_url_save($_POST['photo' . $x]); } update_user_meta($thisUser, 'photos', $photos); # fire action for plugins $message = apply_filters('sph_UpdateProfilePhotos', $message, $thisUser); # output profile save status if (empty($message)) { $message['type'] = 'success'; $message['text'] = sp_text('Photos updated'); } break; case 'edit-global-options': # save global options $options = sp_get_member_item($thisUser, 'user_options'); $options['hidestatus'] = isset($_POST['hidestatus']) ? true : false; $update = apply_filters('sph_ProfileUserSyncNameUpdate', true); if ($update) { $options['namesync'] = isset($_POST['namesync']) ? true : false; } sp_update_member_item($thisUser, 'user_options', $options); # fire action for plugins $message = apply_filters('sph_UpdateProfileGlobalOptions', $message, $thisUser); # output profile save status if (empty($message)) { $message['type'] = 'success'; $message['text'] = sp_text('Global options updated'); } break; case 'edit-posting-options': # save posting options $update = apply_filters('sph_ProfileUserEditorUpdate', true); if ($update) { $options = sp_get_member_item($thisUser, 'user_options'); if (isset($_POST['editor'])) { $options['editor'] = sp_esc_int($_POST['editor']); } sp_update_member_item($thisUser, 'user_options', $options); } # fire action for plugins $message = apply_filters('sph_UpdateProfilePostingOptions', $message, $thisUser); # output profile save status if (empty($message)) { $message['type'] = 'success'; $message['text'] = sp_text('Posting options updated'); } break; case 'edit-display-options': # save display options $options = sp_get_member_item($thisUser, 'user_options'); if (isset($_POST['timezone'])) { if (preg_match('/^UTC[+-]/', $_POST['timezone'])) { # correct for manual UTC offets $userOffset = preg_replace('/UTC\\+?/', '', $_POST['timezone']) * 3600; } else { # get timezone offset for user $date_time_zone_selected = new DateTimeZone(sp_esc_str($_POST['timezone'])); $userOffset = timezone_offset_get($date_time_zone_selected, date_create()); } # get timezone offset for server based on wp settings $wptz = get_option('timezone_string'); if (empty($wptz)) { $serverOffset = get_option('gmt_offset'); } else { $date_time_zone_selected = new DateTimeZone($wptz); $serverOffset = timezone_offset_get($date_time_zone_selected, date_create()); } # calculate time offset between user and server $options['timezone'] = (int) round(($userOffset - $serverOffset) / 3600, 2); $options['timezone_string'] = sp_esc_str($_POST['timezone']); } else { $options['timezone'] = 0; $options['timezone_string'] = 'UTC'; } if (isset($_POST['unreadposts'])) { $sfcontrols = sp_get_option('sfcontrols'); $options['unreadposts'] = is_numeric($_POST['unreadposts']) ? max(min(sp_esc_int($_POST['unreadposts']), $sfcontrols['sfmaxunreadposts']), 0) : $sfcontrols['sfdefunreadposts']; } $options['topicASC'] = isset($_POST['topicASC']); $options['postDESC'] = isset($_POST['postDESC']); sp_update_member_item($thisUser, 'user_options', $options); # fire action for plugins $message = apply_filters('sph_UpdateProfileDisplayOptions', $message, $thisUser); # output profile save status if (empty($message)) { $message['type'] = 'success'; $message['text'] = sp_text('Display options updated'); } break; default: break; } # let plugins do their thing on success $message = apply_filters('sph_ProfileFormSave_' . $thisForm, $message, $thisUser, $thisForm); do_action('sph_UpdateProfile', $thisUser, $thisForm); # reset the plugin_data just in case sp_reset_member_plugindata($thisUser); # done saving - return the messages return $message; }
function sp_render_forum($content) { global $spIsForum, $spContentLoaded, $spVars, $spGlobals, $spThisUser, $spStatus; # make sure we are at least in the html body before outputting any content if (!sp_get_option('sfwpheadbypass') && !did_action('wp_head')) { return ''; } if ($spIsForum && !post_password_required(get_post(sp_get_option('sfpage')))) { # Limit forum display to within the wp loop? if (sp_get_option('sfinloop') && !in_the_loop()) { return $content; } # Has forum content already been loaded and are we limiting? if (!sp_get_option('sfmultiplecontent') && $spContentLoaded) { return $content; } $spContentLoaded = true; sp_set_server_timezone(); # offer a way for forum display to be short circuited but always show for admins unless an upgrade $message = sp_abort_display_forum(); $content .= $message; if (!empty($message) && (!$spThisUser->admin || $spStatus != 'ok')) { return $content; } # process query arg actions # check for edit operation. Need tp check for '_x' in case using mobile as buttin is an image if (isset($_POST['editpost']) || isset($_POST['editpost_x'])) { sp_save_edited_post(); } if (isset($_POST['edittopic'])) { sp_save_edited_topic(); } if (isset($_POST['ordertopicpins'])) { sp_promote_pinned_topic(); } if (isset($_POST['makepostreassign'])) { sp_reassign_post(); } if (isset($_POST['approvepost'])) { sp_approve_post(false, sp_esc_int($_POST['approvepost']), $spVars['topicid']); } if (isset($_POST['unapprovepost'])) { sp_unapprove_post(sp_esc_int($_POST['unapprovepost'])); } if (isset($_POST['doqueue'])) { sp_remove_waiting_queue(); } if (isset($_POST['notifyuser'])) { sp_post_notification(sp_esc_str($_POST['sp_notify_user']), sp_esc_str($_POST['message']), sp_esc_int($_POST['postid'])); } # move a topic and redirect to that topic if (isset($_POST['maketopicmove'])) { if (empty($_POST['forumid'])) { sp_notify(1, sp_text('Destination forum not selected')); return; } sp_move_topic(); $forumslug = spdb_table(SFFORUMS, 'forum_id=' . sp_esc_int(sp_esc_int($_POST['forumid'])), 'forum_slug'); $topicslug = spdb_table(SFTOPICS, 'topic_id=' . sp_esc_int(sp_esc_int($_POST['currenttopicid'])), 'topic_slug'); $returnURL = sp_build_url($forumslug, $topicslug, 0); sp_redirect($returnURL); } # move a post and redirect to the post if (isset($_POST['makepostmove1']) || isset($_POST['makepostmove2']) || isset($_POST['makepostmove3'])) { sp_move_post(); if (isset($_POST['makepostmove1'])) { $returnURL = sp_permalink_from_postid(sp_esc_int($_POST['postid'])); sp_redirect($returnURL); } } # cancel a post move if (isset($_POST['cancelpostmove'])) { $meta = sp_get_sfmeta('post_move', 'post_move'); if ($meta) { $id = $meta[0]['meta_id']; sp_delete_sfmeta($id); unset($spGlobals['post_move']); } } # rebuild the forum and post indexes if (isset($_POST['rebuildforum']) || isset($_POST['rebuildtopic'])) { sp_build_post_index(sp_esc_int($_POST['topicid']), true); sp_build_forum_index(sp_esc_int($_POST['forumid']), false); } # Set display mode if topic view (for editing posts) if ($spVars['pageview'] == 'topic' && isset($_POST['postedit'])) { $spVars['displaymode'] = 'edit'; $spVars['postedit'] = $_POST['postedit']; } else { $spVars['displaymode'] = 'posts'; } # clean cache of timed our records sp_clean_cache(); #--Scratch Pad Area---Please Leave Here--------- #--End Scratch Pad Area------------------------- # let other plugins check for posted actions do_action('sph_setup_forum'); # do we use output buffering? $ob = sp_get_option('sfuseob'); if ($ob) { ob_start(); } # set up some stuff before wp page content $content .= sp_display_banner(); $content = apply_filters('sph_before_wp_page_content', $content); # run any other wp filters on page content but exclude ours if (!$ob) { remove_filter('the_content', 'sp_render_forum', 1); $content = apply_filters('the_content', $content); $content = wpautop($content); add_filter('the_content', 'sp_render_forum', 1); } # set up some stuff after wp page content $content = apply_filters('sph_after_wp_page_content', $content); $content .= '<div id="dialogcontainer" style="display:none;"></div>'; $content .= sp_js_check(); # echo any wp page content echo $content; # now add our content do_action('sph_before_template_processing'); sp_process_template(); do_action('sph_after_template_processing'); # Return if using output buffering if ($ob) { $forum = ob_get_contents(); ob_end_clean(); return $forum; } } # not returning any content since we output it already unless password needed if (post_password_required(get_post(sp_get_option('sfpage')))) { return $content; } }
$Rev: 3818 $ */ if (preg_match('#' . basename(__FILE__) . '#', $_SERVER['PHP_SELF'])) { die('Access denied - you cannot directly call this file'); } # workaround function for php installs without exif. leave original function since this is slower. if (!function_exists('exif_imagetype')) { function exif_imagetype($filename) { if ((list($width, $height, $type, $attr) = @getimagesize(str_replace(' ', '%20', $filename))) !== false) { return $type; } return false; } } $uploaddir = sp_esc_str($_POST['saveloc']); # Clean up file name just in case $uploadfile = $uploaddir . sp_filter_filename_save(basename($_FILES['uploadfile']['name'])); # check image file mimetype $mimetype = 0; $mimetype = exif_imagetype($_FILES['uploadfile']['tmp_name']); if (empty($mimetype) || $mimetype == 0 || $mimetype > 3) { echo 'invalid'; die; } # check for existence if (file_exists($uploadfile)) { echo 'exists'; die; } # check file size against limit if provided
function spa_save_content_data() { check_admin_referer('forum-adminform_content', 'forum-adminform_content'); $mess = spa_text('Options updated'); # Save Image resizing $sfimage = array(); $sfimage = sp_get_option('sfimage'); $sfimage['enlarge'] = isset($_POST['sfimgenlarge']); $sfimage['process'] = isset($_POST['process']); $sfimage['constrain'] = isset($_POST['constrain']); $sfimage['forceclear'] = isset($_POST['forceclear']); $thumb = sp_esc_int($_POST['sfthumbsize']); if ($thumb < 100) { $thumb = 100; $mess .= '<br />* ' . spa_text('Image thumbsize reset to minimum 100px'); } $sfimage['thumbsize'] = $thumb; $sfimage['style'] = sp_esc_str($_POST['style']); sp_update_option('sfimage', $sfimage); sp_update_option('sfdates', sp_filter_title_save(trim($_POST['sfdates']))); sp_update_option('sftimes', sp_filter_title_save(trim($_POST['sftimes']))); # link filters $sffilters = array(); $sffilters['sfnofollow'] = isset($_POST['sfnofollow']); $sffilters['sftarget'] = isset($_POST['sftarget']); $sffilters['sffilterpre'] = isset($_POST['sffilterpre']); $sffilters['sfdupemember'] = isset($_POST['sfdupemember']); $sffilters['sfdupeguest'] = isset($_POST['sfdupeguest']); $sffilters['sfurlchars'] = sp_esc_int($_POST['sfurlchars']); $sffilters['sfmaxlinks'] = sp_esc_int($_POST['sfmaxlinks']); if (empty($sffilters['sfmaxlinks'])) { $sffilters['sfmaxlinks'] = 0; } $sffilters['sfmaxsmileys'] = sp_esc_int($_POST['sfmaxsmileys']); if (empty($sffilters['sfmaxsmileys'])) { $sffilters['sfmaxsmileys'] = 0; } $sffilters['sfnolinksmsg'] = sp_filter_text_save(trim($_POST['sfnolinksmsg'])); sp_update_option('sffilters', $sffilters); spa_update_check_option('sffiltershortcodes'); sp_update_option('sfshortcodes', sp_filter_text_save(trim($_POST['sfshortcodes']))); do_action('sph_option_content_save'); return $mess; }
function sp_MemberListUsergroupSelect($args = '') { global $spMembersList; if (empty($spMembersList->userGroups)) { return; } if (!sp_get_auth('view_members_list')) { return; } global $spMembersList; $defs = array('tagId' => 'spUsergroupSelect', 'tagClass' => 'spUsergroupSelect', 'selectClass' => 'spControl', 'echo' => 1); $a = wp_parse_args($args, $defs); $a = apply_filters('sph_MemberListUsergroupSelect_args', $a); extract($a, EXTR_SKIP); # sanitize before use $tagId = esc_attr($tagId); $tagClass = esc_attr($tagClass); $selectClass = esc_attr($selectClass); $echo = (int) $echo; $search = !empty($_POST['msearch']) && !isset($_POST['allmembers']) ? '&msearch=' . sp_esc_str($_POST['msearch']) : ''; $search = !empty($_GET['msearch']) ? '&msearch=' . sp_esc_str($_GET['msearch']) : $search; $ug = !empty($_POST['ug']) && !isset($_POST['allmembers']) ? sp_esc_int($_POST['ug']) : ''; $ug = !empty($_GET['ug']) ? sp_esc_int($_GET['ug']) : $ug; $out = "<div id='{$tagId}' class='{$tagClass}'>"; $out .= "<select class='{$selectClass}' name='sp_usergroup_select' onchange='javascript:spjChangeURL(this)'>"; $out .= "<option value='#'>" . sp_text('Select Specific Usergroup') . "</option>"; foreach ($spMembersList->userGroups as $usergroup) { $selected = $usergroup['usergroup_id'] == $ug ? "selected='selected'" : ''; $out .= "<option {$selected} value='" . sp_get_sfqurl(sp_url('members')) . 'ug=' . $usergroup['usergroup_id'] . $search . "'>" . sp_filter_title_display($usergroup['usergroup_name']) . '</option>'; } if (!empty($ug)) { $out .= "<option value='" . sp_get_sfqurl(sp_url('members')) . $search . "'>" . sp_text('Reset to Default Usergroups') . "</option>"; } $out .= '</select>'; $out .= "</div>\n"; $out = apply_filters('sph_MemberListUsergroupSelect', $out, $a); if ($echo) { echo $out; } else { return $out; } }
/* Simple:Press general ahah routines $LastChangedDate: 2015-08-12 07:21:39 -0700 (Wed, 12 Aug 2015) $ $Rev: 13286 $ */ if (preg_match('#' . basename(__FILE__) . '#', $_SERVER['PHP_SELF'])) { die('Access denied - you cannot directly call this file'); } sp_forum_api_support(); # get out of here if no action specified if (empty($_GET['action'])) { die; } $action = sp_esc_str($_GET['action']); if ($action == 'page-popup') { sp_text('Jump to page:'); $permalink = trailingslashit(sp_esc_str($_GET['url'])); $max = sp_esc_str($_GET['max']); $out = '<div id="spMainContainer">'; $out .= '<form action="' . sp_url() . '" method="post" id ="pagejump" name="pagejump">' . "\n"; $out .= '<input type="hidden" id="url" name="url" value="' . $permalink . '" />' . "\n"; $out .= '<input type="hidden" id="max" name="max" value="' . $max . '" />' . "\n"; $out .= '<label>' . sp_text('Enter page you want to go to:') . '</label>'; $out .= '<input class="spSubmit" type="text" id="page" name="page" value="" />' . "\n"; $out .= '<div style="text-align:center"><p><input type="submit" class="spButton" name="pagejump" value="' . sp_text('Go') . '" onclick="spjPageJump(); return false;" /></p></div>'; $out .= '</form></div>' . "\n"; echo apply_filters('sph_jump_page', $out); } die;
function sp_og_meta() { global $spVars, $spPaths, $post; $sfseo = sp_get_option('sfseo'); if ($sfseo['sfseo_og']) { $mp = "\t<meta property="; $out = "\n"; $out .= $mp . '"og:url" content="' . $spVars['seourl'] . '"/>' . "\n"; $out .= $mp . '"og:title" content="' . $spVars['seotitle'] . '"/>' . "\n"; $out .= $mp . '"og:site_name" content="' . get_option('blogname') . '"/>' . "\n"; $out .= $mp . '"og:description" content="' . $spVars['seodescription'] . '"/>' . "\n"; $out .= $mp . '"og:type" content="' . $sfseo['seo_og_type'] . '"/>' . "\n"; $out .= $mp . '"og:locale" content="' . get_locale() . '"/>' . "\n"; # image processing $link = ''; if ($spVars['topicid'] && $sfseo['seo_og_attachment']) { # Topic View $link = apply_filters('sph_find_attachment', ''); } # if no attachment then move on... if (empty($link)) { if (!empty($spVars['featureimage'])) { $file = sp_esc_str($spVars['featureimage']); $link = SF_STORE_URL . '/' . $spPaths['forum-images'] . '/' . $file; } elseif (has_post_thumbnail($post->ID)) { $thumbnail_src = wp_get_attachment_image_src(get_post_thumbnail_id($post->ID), 'large'); $link = $thumbnail_src[0]; if (!preg_match('/^https?:\\/\\//', $link)) { $link = site_url('/') . ltrim($link, '/'); } } } if ($link) { $out .= $mp . '"og:image" content="' . $link . '"/>' . "\n"; } echo $out . "\n"; } }
function sp_topic_delete() { sp_delete_topic(sp_esc_int($_GET['killtopic']), sp_esc_int($_GET['killtopicforum']), false); $view = sp_esc_str($_GET['view']); if ($view == 'topic') { $forumslug = spdb_table(SFFORUMS, 'forum_id=' . sp_esc_int($_GET['killtopicforum']), 'forum_slug'); $returnURL = sp_build_url($forumslug, '', 0); echo $returnURL; } else { if ($_GET['count'] == 1) { $forumslug = spdb_table(SFFORUMS, 'forum_id=' . sp_esc_int($_GET['killtopicforum']), 'forum_slug'); $page = sp_esc_int($_GET['page']); if ($page == 1) { $returnURL = sp_build_url($forumslug, '', 0); } else { $page = $page - 1; $returnURL = sp_build_url($forumslug, '', $page); } echo $returnURL; } } die; }
function sp_spamcheck() { $spamcheck = array(); $spamcheck[0] = false; # Check dummy input field if (array_key_exists('url', $_POST)) { if (!empty($_POST['url'])) { $spamcheck[0] = true; $spamcheck[1] = sp_text('Form not filled by human hands!'); return $spamcheck; } } # Check math question $uKey = sp_get_option('spukey'); $correct = sp_esc_str($_POST[$uKey . '2']); $test = sp_esc_str($_POST[$uKey . '1']); $test = preg_replace('/[^0-9]/', '', $test); if ($test == '') { $spamcheck[0] = true; $spamcheck[1] = sp_text('No answer was given to the math question'); return $spamcheck; } # Add name of the weblog: $test .= get_bloginfo('name'); # Add date: $test .= date('j') . date('ny'); # Get MD5 and reverse it $enc = strrev(md5($test)); # Get only a few chars out of the string $enc = substr($enc, 26, 1) . substr($enc, 10, 1) . substr($enc, 23, 1) . substr($enc, 3, 1) . substr($enc, 19, 1); if ($enc != $correct) { $spamcheck[0] = true; $spamcheck[1] = sp_text('The answer to the math question was incorrect'); return $spamcheck; } return $spamcheck; }
function sp_move_post() { global $spVars, $spGlobals, $spThisUser; # extract data from POST $postid = sp_esc_int($_POST['postid']); $oldtopicid = sp_esc_int($_POST['oldtopicid']); $oldforumid = sp_esc_int($_POST['oldforumid']); $action = sp_esc_str($_POST['moveop']); # determine op type - new or exsiting topic if (isset($_POST['makepostmove1']) || isset($_POST['makepostmove3'])) { # new topic move or exsiting topic move called from notification # extract data from POST $newforumid = sp_esc_int($_POST['forumid']); if (!sp_get_auth('move_posts', $oldforumid) || !sp_get_auth('move_posts', $newforumid)) { if (!is_user_logged_in()) { $msg = sp_text('Access denied - are you logged in?'); } else { $msg = sp_text('Access denied - you do not have permission'); } sp_notify(SPFAILURE, $msg); return; } if (empty($newforumid)) { sp_notify(SPFAILURE, sp_text('Post move abandoned as no forum was selected')); return; } if (isset($_POST['makepostmove1'])) { # create new topic for a new topic post move only $newtopicname = sp_filter_title_save(trim($_POST['newtopicname']), SFTOPICS, 'topic_name'); if (empty($newtopicname)) { sp_notify(SPFAILURE, sp_text('Post move abandoned as no topic was defined')); return; } # start with creating the new topic $newtopicslug = sp_create_slug($newtopicname, true, SFTOPICS, 'topic_slug'); # now create the topic and post records $sql = 'INSERT INTO ' . SFTOPICS . "\n\t\t\t\t (topic_name, topic_slug, topic_date, forum_id, post_count, post_id, post_count_held, post_id_held)\n\t\t\t\t VALUES\n\t\t\t\t ('{$newtopicname}', '{$newtopicslug}', now(), {$newforumid}, 1, {$postid}, 1, {$postid});"; if (spdb_query($sql) == false) { sp_notify(SPFAILURE, sp_text('Post move failed')); return; } $newtopicid = $spVars['insertid']; # check the topic slug and if empty use the topic id if (empty($newtopicslug)) { $newtopicslug = 'topic-' . $newtopicid; $thistopic = spdb_query('UPDATE ' . SFTOPICS . " SET\n\t\t\t\t\t\t\t\t\t\ttopic_slug='{$newtopicslug}'\n\t\t\t\t\t\t\t\t\t\tWHERE topic_id={$newtopicid}"); } } else { # it's a re-entry $newtopicid = sp_esc_int($_POST['newtopicid']); } # Now determine the list of post ids to move $posts = array(); switch ($action) { case 'single': $posts[] = $postid; break; case 'tostart': $sql = "SELECT post_id FROM " . SFPOSTS . " WHERE topic_id = {$oldtopicid} AND post_id <= {$postid}"; $posts = spdb_select('col', $sql); break; case 'toend': $sql = "SELECT post_id FROM " . SFPOSTS . " WHERE topic_id = {$oldtopicid} AND post_id >= {$postid}"; $posts = spdb_select('col', $sql); break; case 'select': $idlist = sp_esc_str(trim($_POST['idlist'], ",")); if (empty($idlist)) { $posts[] = $postid; } else { $where = "topic_id = {$oldtopicid} AND post_index IN ({$idlist})"; $sql = "SELECT post_id FROM " . SFPOSTS . " WHERE topic_id = {$oldtopicid} AND post_index IN ({$idlist})"; $posts = spdb_select('col', $sql); } break; } if (empty($posts)) { sp_notify(SPFAILURE, sp_text('Post move abandoned as no posts were selected')); return; } # loop through and update post records and other housekeeping foreach ($posts as $post) { # update post record $sql = 'UPDATE ' . SFPOSTS . " SET\n\t\t\t\t \ttopic_id={$newtopicid},\n\t\t\t\t \tforum_id={$newforumid},\n\t\t\t\t \tpost_status=0\n\t\t\t\t \tWHERE post_id={$post}"; spdb_query($sql); # update post if in sfwaiting spdb_query("UPDATE " . SFWAITING . " SET forum_id={$newforumid}, topic_id={$newtopicid} WHERE post_id={$post}"); # notify author of move $thisPost = spdb_table(SFPOSTS, "post_id={$post}", 'row'); $sfadminsettings = sp_get_option('sfadminsettings'); if ($sfadminsettings['movenotice'] && $spThisUser->ID != $thisPost->user_id) { $nData = array(); $nData['user_id'] = $thisPost->user_id; $nData['guest_email'] = $thisPost->guest_email; $nData['post_id'] = $post; $nData['link'] = sp_permalink_from_postid($post); $nData['link_text'] = spdb_table(SFTOPICS, "topic_id={$thisPost->topic_id}", 'topic_name'); $nData['message'] = sp_text('A post of yours was moved to'); $nData['expires'] = time() + 30 * 24 * 60 * 60; # 30 days; 24 hours; 60 mins; 60secs sp_add_notice($nData); } } # flush and rebuild topic cache (since one or more posts approved) sp_rebuild_topic_cache(); # rebuild indexing on target topic and forum sp_build_post_index($newtopicid); sp_build_forum_index($newforumid); # determine if any posts left in old topic - just in case - delete or reindex $sql = "SELECT post_id FROM " . SFPOSTS . " WHERE topic_id = {$oldtopicid}"; $posts = spdb_select('col', $sql); if (empty($posts)) { spdb_query("DELETE FROM " . SFTOPICS . " WHERE topic_id=" . $oldtopicid); } else { sp_build_post_index($oldtopicid); sp_build_forum_index($oldforumid); } do_action('sph_move_post', $oldtopicid, $newtopicid, $newforumid, $oldforumid, $postid, $spThisUser->ID); sp_notify(SPSUCCESS, sp_text('Post moved')); } elseif (isset($_POST['makepostmove2'])) { # must be a move to an exisiting topic action sp_add_sfmeta('post_move', 'post_move', $_POST, true); } if (isset($_POST['makepostmove3'])) { # if a re-entry for move to exisiting - clear the sfmeta record $meta = sp_get_sfmeta('post_move', 'post_move'); if ($meta) { $id = $meta[0]['meta_id']; sp_delete_sfmeta($id); unset($spGlobals['post_move']); } } }
function spa_save_login_data() { check_admin_referer('forum-adminform_login', 'forum-adminform_login'); # login $sflogin = sp_get_option('sflogin'); $sflogin['sfregmath'] = isset($_POST['sfregmath']); if (!empty($_POST['sfloginurl'])) { $sflogin['sfloginurl'] = sp_filter_save_cleanurl($_POST['sfloginurl']); } else { $sflogin['sfloginurl'] = ''; } if (!empty($_POST['sflogouturl'])) { $sflogin['sflogouturl'] = sp_filter_save_cleanurl($_POST['sflogouturl']); } else { $sflogin['sflogouturl'] = ''; } if (!empty($_POST['sfregisterurl'])) { $sflogin['sfregisterurl'] = sp_filter_save_cleanurl($_POST['sfregisterurl']); } else { $sflogin['sfregisterurl'] = ''; } if (!empty($_POST['sfloginemailurl'])) { $sflogin['sfloginemailurl'] = sp_filter_save_cleanurl($_POST['sfloginemailurl']); } else { $sflogin['sfloginemailurl'] = esc_url(wp_login_url(sp_url())); } if (!empty($_POST['sptimeout'])) { $timeout = sp_esc_int($_POST['sptimeout']); } if (!$timeout) { $timeout = 20; } $sflogin['sptimeout'] = $timeout; sp_update_option('sflogin', $sflogin); # RPX support $sfrpx = sp_get_option('sfrpx'); $oldrpx = $sfrpx['sfrpxenable']; $sfrpx['sfrpxenable'] = isset($_POST['sfrpxenable']); $sfrpx['sfrpxkey'] = sp_esc_str($_POST['sfrpxkey']); $sfrpx['sfrpxredirect'] = sp_filter_save_cleanurl($_POST['sfrpxredirect']); # change in RPX support? if (!$oldrpx && $sfrpx['sfrpxenable']) { include_once SPBOOT . 'site/credentials/sp-rpx.php'; $post_data = array('apiKey' => $_POST['sfrpxkey'], 'format' => 'json'); $raw = sp_rpx_http_post('https://rpxnow.com/plugin/lookup_rp', $post_data); $r = sp_rpx_parse_lookup_rp($raw); if ($r) { $sfrpx['sfrpxrealm'] = $r['realm']; } else { $mess = spa_text('Error in RPX API data!'); return $mess; } } sp_update_option('sfrpx', $sfrpx); do_action('sph_component_login_save'); $mess = spa_text('Login and registration component updated'); return $mess; }
function sp_build_search_vars($stuff) { global $spVars; if (isset($_GET['forum'])) { # means searching all $spVars['forumslug'] = sp_esc_str($_GET['forum']); } else { # searching single forum if (!empty($stuff[1])) { $spVars['forumslug'] = $stuff[1]; } # (2) topic if (!empty($stuff[2])) { $parts = explode('&', $stuff[2]); $spVars['topicslug'] = $parts[0]; } } }
/* Simple:Press Admin Help $LastChangedDate: 2014-10-20 07:38:39 -0700 (Mon, 20 Oct 2014) $ $Rev: 12009 $ */ if (preg_match('#' . basename(__FILE__) . '#', $_SERVER['PHP_SELF'])) { die('Access denied - you cannot directly call this file'); } spa_admin_ahah_support(); if (!isset($_GET['file'])) { die; } $file = sp_esc_str($_GET['file']); $tag = sp_esc_str($_GET['item']); $tag = '[' . $tag . ']'; $folder = 'panels/'; # Formatting and Display of Help Panel $helptext = wpautop(sp_retrieve_help($file, $tag, $folder), false); echo '<div class="sfhelptext">'; echo '<div class="sfhelptag"><p>' . sp_convert_tag($tag) . '</p></div>'; echo '<fieldset>'; echo $helptext; echo '</fieldset>'; echo '<div class="sfhelptextlogo">'; echo '<img src="' . SFCOMMONIMAGES . 'sp-small-megaphone.png" alt="" title="" />'; echo '</div></div>'; die; function sp_retrieve_help($file, $tag, $folder) {
# Set data items needed for initial needed permission checks ----------------------- if (isset($_POST['action'])) { $p->action = $_POST['action']; } if (isset($_POST['forumid'])) { $p->newpost['forumid'] = sp_esc_int($_POST['forumid']); } if (isset($_POST['forumslug'])) { $p->newpost['forumslug'] = sp_esc_str($_POST['forumslug']); } if ($p->action == 'post') { if (isset($_POST['topicid'])) { $p->newpost['topicid'] = sp_esc_int($_POST['topicid']); } if (isset($_POST['topicslug'])) { $p->newpost['topicslug'] = sp_esc_str($_POST['topicslug']); } } # Anti-spam-bot/human checks come first ------------------------------------------------------ $p->validateHuman($_POST); if ($p->abort) { # it the checks fail then just die. die; } # Permission checks on forum data -------------------------------------------------- $p->validatePermission(); if ($p->abort) { sp_notify(1, $p->message); wp_redirect($p->returnURL); die; }