function spa_get_admins_your_options_data() { global $spThisUser; $sfadminoptions = sp_get_member_item($spThisUser->ID, 'admin_options'); $sfadminoptions['setmods'] = false; return $sfadminoptions; }
function sp_apply_timezone($date, $return = 'display', $userid = 0) { global $spThisUser; # Do we have a timestamp? if (!is_numeric($date)) { $date = strtotime($date); } # set timezone onto the started date if ($userid) { $opts = sp_get_member_item($userid, 'user_options'); $zone = isset($opts['timezone']) ? $opts['timezone'] : 0; } else { $zone = isset($spThisUser->timezone) ? $spThisUser->timezone : 0; } if (empty($zone)) { $zone = 0; } if ($zone < 0) { $date = $date - abs($zone) * 3600; } if ($zone > 0) { $date = $date + abs($zone) * 3600; } # Do we need to return as string date? if ($return == 'display') { $date = date_i18n(SFDATES, $date) . ' - ' . date_i18n(SFTIMES, $date); } if ($return == 'mysql') { $date = date('Y-m-d H:i:s', $date); } return $date; }
function sp_logout_redirect() { sp_forum_api_support(); global $spThisUser; $sflogin = sp_get_option('sflogin'); if (!empty($sflogin['sflogouturl'])) { $sfadminoptions = sp_get_member_item($spThisUser->ID, 'admin_options'); if ($spThisUser->moderator && $sfadminoptions['bypasslogout']) { $_REQUEST['redirect_to'] = esc_url(wp_login_url()); } else { $_REQUEST['redirect_to'] = $sflogin['sflogouturl']; } } $redirect = isset($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : ''; $_REQUEST['redirect_to'] = apply_filters('sph_logout_redirect', $redirect); }
function sp_admin_bar_do_install() { global $spThisUser; $oldOptions = sp_get_option('sfadminsettings'); $newOptions = sp_get_option('spAdminBar'); if (!isset($oldOptions['sfqueue']) && empty($newOptions)) { $newOptions = array(); $newOptions['dashboardposts'] = false; $newOptions['dbversion'] = SPABDBVERSION; sp_add_option('spAdminBar', $newOptions); $options = sp_get_member_item($spThisUser->ID, 'admin_options'); $options['sfadminbar'] = true; sp_update_member_item($spThisUser->ID, 'admin_options', $options); } else { if (empty($newOptions)) { $newOptions = array(); $newOptions['dashboardposts'] = $oldOptions['sfdashboardposts']; $newOptions['dbversion'] = SPABDBVERSION; sp_add_option('spAdminBar', $newOptions); $options = sp_get_member_item($spThisUser->ID, 'admin_options'); $options['sfadminbar'] = true; sp_update_member_item($spThisUser->ID, 'admin_options', $options); unset($oldOptions['sfqueue']); unset($oldOptions['sfmodasadmin']); unset($oldOptions['sfshowmodposts']); unset($oldOptions['sfbaronly']); unset($oldOptions['sfdashboardposts']); sp_update_option('sfadminsettings', $oldOptions); } } # permission for bypassing akismet checks sp_add_auth('bypass_akismet', __('Can bypass akismet check on posts', 'spab'), 1, 0, 0, 0, 3); sp_activate_auth('bypass_akismet'); # create new Akismet setting $akismet = sp_get_option('spAkismet'); if (empty($akismet)) { sp_add_option('spAkismet', 1); } # get auto update running $autoup = array('spabupdate', 'sp_ahah=admin-bar-update&target=newposts'); sp_add_sfmeta('autoupdate', 'admin', $autoup, 1); }
function spa_block_admin() { global $wp_roles, $current_user; # Is this the admin interface? if (strstr(strtolower($_SERVER['REQUEST_URI']), '/wp-admin/') && !strstr(strtolower($_SERVER['REQUEST_URI']), 'async-upload.php') && !strstr(strtolower($_SERVER['REQUEST_URI']), 'admin-ajax.php')) { # get the user level and required level to access admin pages $sfblock = sp_get_option('sfblockadmin'); if ($sfblock['blockadmin'] && !empty($sfblock['blockroles'])) { $role_matches = array_intersect_key($sfblock['blockroles'], array_flip($current_user->roles)); $access = in_array(1, $role_matches); # block admin if required $is_moderator = sp_get_member_item($current_user->ID, 'moderator'); if (!sp_current_user_can('SPF Manage Options') && !sp_current_user_can('SPF Manage Forums') && !sp_current_user_can('SPF Manage Components') && !sp_current_user_can('SPF Manage User Groups') && !sp_current_user_can('SPF Manage Permissions') && !sp_current_user_can('SPF Manage Tags') && !sp_current_user_can('SPF Manage Users') && !sp_current_user_can('SPF Manage Profiles') && !sp_current_user_can('SPF Manage Admins') && !sp_current_user_can('SPF Manage Toolbox') && !$is_moderator && !$access) { if ($sfblock['blockprofile']) { $redirect = sp_url('profile'); } else { $redirect = $sfblock['blockredirect']; } wp_redirect($redirect, 302); } } } }
function sp_get_auth($check, $id = 'global', $user = '') { global $spGlobals, $spThisUser, $spStatus; if ($spStatus != 'ok') { return 0; } if (empty($id)) { $id = 'global'; } # check if for current user or specified user if (empty($user) || isset($spThisUser) && $user == $spThisUser->ID) { # retrieve the current user auth if (empty($spThisUser->auths[$id][$spGlobals['auths_map'][$check]])) { $auth = 0; } else { $auth = $spThisUser->auths[$id][$spGlobals['auths_map'][$check]]; } # is this a guest and auth should be ignored? if (empty($spThisUser->ID) && $spGlobals['auths'][$spGlobals['auths_map'][$check]]->ignored) { $auth = 0; } } else { # see if we have a user object passed in with auths defined if (is_object($user) && is_array($user->auths)) { $user_auths = $user->auths; } else { #retrieve auth for specified user $user_auths = sp_get_member_item($user, 'auths'); if (empty($user_auths)) { $user_auths = sp_rebuild_user_auths($user); } } $auth = empty($user_auths[$id][$spGlobals['auths_map'][$check]]) ? 0 : $user_auths[$id][$spGlobals['auths_map'][$check]]; } return (int) $auth == 1; }
function sp_convert_ranks() { spdb_query('ALTER TABLE ' . SFMEMBERS . ' ADD (special_ranks text default NULL)'); # convert special rank users to new column in sfmembers $special_rankings = sp_get_sfmeta('special_rank'); if ($special_rankings) { foreach ($special_rankings as $rank) { if (empty($rank['meta_value']['users'])) { continue; } $users = $rank['meta_value']['users']; foreach ($users as $user) { $memberData = sp_get_member_item($user, 'special_ranks'); $memberData[] = $rank['meta_key']; sp_update_member_item($user, 'special_ranks', $memberData); } unset($rank['meta_value']['users']); sp_update_sfmeta('special_rank', $rank['meta_key'], $rank['meta_value'], $rank['meta_id'], 1); } } }
function sp_remove_users_newposts($topicid, $userid) { global $spThisUser; if (empty($userid)) { return; } if (isset($spThisUser) && $spThisUser->ID == $userid) { $newPostList = $spThisUser->newposts; } else { $newPostList = sp_get_member_item($userid, 'newposts'); } if ($newPostList && !empty($newPostList)) { if (count($newPostList['topics']) == 1 && $newPostList['topics'][0] == $topicid) { $remove = -99; unset($newPostList); $newPostList = array(); $newPostList['topics'] = array(); $newPostList['forums'] = array(); } else { $remove = -1; for ($x = 0; $x < count($newPostList['topics']); $x++) { if ($newPostList['topics'][$x] == $topicid) { $remove = $x; break; } } } if ($remove != -1) { array_splice($newPostList['topics'], $remove, 1); array_splice($newPostList['forums'], $remove, 1); sp_update_member_item($userid, 'newposts', $newPostList); if ($spThisUser->ID == $userid) { $spThisUser->newposts = $newPostList; } } } }
function sp_UpdateProfile() { global $spGlobals, $spThisUser; # make sure nonce is there check_admin_referer('forum-profile', 'forum-profile'); $message = array(); # dont update forum if its locked down if ($spGlobals['lockdown']) { $message['type'] = 'error'; $message['text'] = sp_text('This forum is currently locked - access is read only - profile not updated'); return $message; } # do we have a form to update? if (isset($_GET['form'])) { $thisForm = sp_esc_str($_GET['form']); } else { $message['type'] = 'error'; $message['text'] = sp_text('Profile update aborted - no valid form'); return $message; } # do we have an actual user to update? if (isset($_GET['userid'])) { $thisUser = sp_esc_int($_GET['userid']); } else { $message['type'] = 'error'; $message['text'] = sp_text('Profile update aborted - no valid user'); return $message; } # Check the user ID for current user of admin edit if ($thisUser != $spThisUser->ID && !$spThisUser->admin) { $message['type'] = 'error'; $message['text'] = sp_text('Profile update aborted - no valid user'); return $message; } if (isset($spThisUser->sp_change_pw) && $spThisUser->sp_change_pw) { $pass1 = $pass2 = ''; if (isset($_POST['pass1'])) { $pass1 = $_POST['pass1']; } if (isset($_POST['pass2'])) { $pass2 = $_POST['pass2']; } if (empty($pass1) || empty($pass2) || $pass1 != $pass2) { $message['type'] = 'error'; $message['text'] = sp_text('Cannot save profile until password has been changed'); return $message; } } # form save filter $thisForm = apply_filters('sph_profile_save_thisForm', $thisForm); # valid save attempt, so lets process the save switch ($thisForm) { case 'show-memberships': # update memberships # any usergroup removals? if (isset($_POST['usergroup_leave'])) { foreach ($_POST['usergroup_leave'] as $membership) { sp_remove_membership(sp_esc_str($membership), $thisUser); } } # any usergroup joins? if (isset($_POST['usergroup_join'])) { foreach ($_POST['usergroup_join'] as $membership) { sp_add_membership(sp_esc_int($membership), $thisUser); } } # fire action for plugins $message = apply_filters('sph_UpdateProfileMemberships', $message, $thisUser); # output update message if (empty($message)) { $message['type'] = 'success'; $message['text'] = sp_text('Memberships updated'); } break; case 'account-settings': # update account settings # check for password update $pass1 = $pass2 = ''; if (isset($_POST['pass1'])) { $pass1 = $_POST['pass1']; } if (isset($_POST['pass2'])) { $pass2 = $_POST['pass2']; } if (!empty($pass1) || !empty($pass2)) { if ($pass1 != $pass2) { $message['type'] = 'error'; $message['text'] = sp_text('Please enter the same password in the two password fields'); return $message; } else { # update the password $user = new stdClass(); $user->ID = (int) $thisUser; $user->user_pass = $pass1; wp_update_user(get_object_vars($user)); if (isset($spThisUser->sp_change_pw) && $spThisUser->sp_change_pw) { delete_user_meta($spThisUser->ID, 'sp_change_pw'); } } } # now check the email is valid and unique $update = apply_filters('sph_ProfileUserEmailUpdate', true); if ($update) { $curEmail = sp_filter_email_save($_POST['curemail']); $email = sp_filter_email_save($_POST['email']); if ($email != $curEmail) { if (empty($email)) { $message['type'] = 'error'; $message['text'] = sp_text('Please enter a valid email address'); return $message; } elseif (($owner_id = email_exists($email)) && $owner_id != $thisUser) { $message['type'] = 'error'; $message['text'] = sp_text('The email address is already registered. Please choose another one'); return $message; } # save new email address $sql = 'UPDATE ' . SFUSERS . " SET user_email='{$email}' WHERE ID=" . $thisUser; spdb_query($sql); } } # fire action for plugins $message = apply_filters('sph_UpdateProfileSettings', $message, $thisUser); # output profile save status if (empty($message)) { $message['type'] = 'success'; $message['text'] = sp_text('Account settings updated'); } break; case 'edit-profile': # update profile settings # validate any username change $update = apply_filters('sph_ProfileUserDisplayNameUpdate', true); if ($update) { $spProfile = sp_get_option('sfprofile'); if ($spProfile['nameformat'] || $spThisUser->admin) { $display_name = !empty($_POST['display_name']) ? trim($_POST['display_name']) : spdb_table(SFUSERS, "ID={$thisUser}", 'user_login'); $display_name = sp_filter_name_save($display_name); # make sure display name isnt already used if ($_POST['oldname'] != $display_name) { $records = spdb_table(SFMEMBERS, "display_name='{$display_name}'"); if ($records) { foreach ($records as $record) { if ($record->user_id != $thisUser) { $message['type'] = 'error'; $message['text'] = $display_name . ' ' . sp_text('is already in use - please choose a different display name'); return $message; } } } # validate display name $errors = new WP_Error(); $user = new stdClass(); $user->display_name = $display_name; sp_validate_display_name($errors, true, $user); if ($errors->get_error_codes()) { $message['type'] = 'error'; $message['text'] = sp_text('The display name you have chosen is not allowed on this site'); return $message; } # now save the display name sp_update_member_item($thisUser, 'display_name', $display_name); # Update new users list with changed display name sp_update_newuser_name(sp_filter_name_save($_POST['oldname']), $display_name); # do we need to sync display name with wp? $options = sp_get_member_item($thisUser, 'user_options'); if ($options['namesync']) { spdb_query('UPDATE ' . SFUSERS . ' SET display_name="' . $display_name . '" WHERE ID=' . $thisUser); } } } } # save the url $update = apply_filters('sph_ProfileUserWebsiteUpdate', true); if ($update) { $url = sp_filter_url_save($_POST['website']); $sql = 'UPDATE ' . SFUSERS . ' SET user_url="' . $url . '" WHERE ID=' . $thisUser; spdb_query($sql); } # update first name, last name, location and biorgraphy $update = apply_filters('sph_ProfileUserFirstNameUpdate', true); if ($update) { update_user_meta($thisUser, 'first_name', sp_filter_name_save(trim($_POST['first_name']))); } $update = apply_filters('sph_ProfileUserLastNameUpdate', true); if ($update) { update_user_meta($thisUser, 'last_name', sp_filter_name_save(trim($_POST['last_name']))); } $update = apply_filters('sph_ProfileUserLocationUpdate', true); if ($update) { update_user_meta($thisUser, 'location', sp_filter_title_save(trim($_POST['location']))); } $update = apply_filters('sph_ProfileUserBiographyUpdate', true); if ($update) { update_user_meta($thisUser, 'description', sp_filter_save_kses($_POST['description'])); } # fire action for plugins $message = apply_filters('sph_UpdateProfileProfile', $message, $thisUser); # output profile save status if (empty($message)) { $message['type'] = 'success'; $message['text'] = sp_text('Profile settings updated'); } break; case 'edit-identities': # update identity settings # update the user identities $update = apply_filters('sph_ProfileUserAIMUpdate', true); if ($update) { update_user_meta($thisUser, 'aim', sp_filter_title_save(trim($_POST['aim']))); } $update = apply_filters('sph_ProfileUserYahooUpdate', true); if ($update) { update_user_meta($thisUser, 'yim', sp_filter_title_save(trim($_POST['yim']))); } $update = apply_filters('sph_ProfileUserGoogleUpdate', true); if ($update) { update_user_meta($thisUser, 'jabber', sp_filter_title_save(trim($_POST['jabber']))); } $update = apply_filters('sph_ProfileUserMSNUpdate', true); if ($update) { update_user_meta($thisUser, 'msn', sp_filter_title_save(trim($_POST['msn']))); } $update = apply_filters('sph_ProfileUserICQUpdate', true); if ($update) { update_user_meta($thisUser, 'icq', sp_filter_title_save(trim($_POST['icq']))); } $update = apply_filters('sph_ProfileUserSkypeUpdate', true); if ($update) { update_user_meta($thisUser, 'skype', sp_filter_title_save(trim($_POST['skype']))); } $update = apply_filters('sph_ProfileUserFacebookUpdate', true); if ($update) { update_user_meta($thisUser, 'facebook', sp_filter_title_save(trim($_POST['facebook']))); } $update = apply_filters('sph_ProfileUserMySpaceUpdate', true); if ($update) { update_user_meta($thisUser, 'myspace', sp_filter_title_save(trim($_POST['myspace']))); } $update = apply_filters('sph_ProfileUserTwitterUpdate', true); if ($update) { update_user_meta($thisUser, 'twitter', sp_filter_title_save(trim($_POST['twitter']))); } $update = apply_filters('sph_ProfileUserLinkedInUpdate', true); if ($update) { update_user_meta($thisUser, 'linkedin', sp_filter_title_save(trim($_POST['linkedin']))); } $update = apply_filters('sph_ProfileUserYouTubeUpdate', true); if ($update) { update_user_meta($thisUser, 'youtube', sp_filter_title_save(trim($_POST['youtube']))); } $update = apply_filters('sph_ProfileUserGooglePlusUpdate', true); if ($update) { update_user_meta($thisUser, 'googleplus', sp_filter_title_save(trim($_POST['googleplus']))); } # fire action for plugins $message = apply_filters('sph_UpdateProfileIdentities', $message, $thisUser); # output profile save status if (empty($message)) { $message['type'] = 'success'; $message['text'] = sp_text('Identities updated'); } break; case 'avatar-upload': # upload avatar # did we get an avatar to upload? if (empty($_FILES['avatar-upload']['name'])) { $message['type'] = 'error'; $message['text'] = sp_text('Sorry, the avatar filename was empty'); return $message; } # Verify the file extension global $spPaths; $uploaddir = SF_STORE_DIR . '/' . $spPaths['avatars'] . '/'; $filename = basename($_FILES['avatar-upload']['name']); $path = pathinfo($filename); $ext = strtolower($path['extension']); if ($ext != 'jpg' && $ext != 'jpeg' && $ext != 'gif' && $ext != 'png') { $message['type'] = 'error'; $message['text'] = sp_text('Sorry, only JPG, JPEG, PNG, or GIF files are allowed'); return $message; } # check image file mimetype $mimetype = 0; $mimetype = exif_imagetype($_FILES['avatar-upload']['tmp_name']); if (empty($mimetype) || $mimetype == 0 || $mimetype > 3) { $message['type'] = 'error'; $message['text'] = sp_text('Sorry, the avatar file is an invalid format'); return $message; } # make sure file extension and mime type actually match if ($mimetype == 1 && $ext != 'gif' || $mimetype == 2 && ($ext != 'jpg' && $ext != 'jpeg') || $mimetype == 3 && $ext != 'png') { $message['type'] = 'error'; $message['text'] = sp_text('Sorry, the file mime type does not match file extension'); return $message; } # Clean up file name just in case $filename = date('U') . sp_filter_filename_save(basename($_FILES['avatar-upload']['name'])); $uploadfile = $uploaddir . $filename; # check for existence if (file_exists($uploadfile)) { $message['type'] = 'error'; $message['text'] = sp_text('Sorry, the avatar file already exists'); return $message; } # check file size against limit if provided $spAvatars = sp_get_option('sfavatars'); if ($_FILES['avatar-upload']['size'] > $spAvatars['sfavatarfilesize']) { $message['type'] = 'error'; $message['text'] = sp_text('Sorry, the avatar file exceeds the maximum allowed size'); return $message; } # valid avatar, so try moving the uploaded file to the avatar storage directory if (move_uploaded_file($_FILES['avatar-upload']['tmp_name'], $uploadfile)) { @chmod("{$uploadfile}", 0644); # do we need to resize? $sfavatars = sp_get_option('sfavatars'); if ($sfavatars['sfavatarresize']) { $editor = wp_get_image_editor($uploadfile); if (is_wp_error($editor)) { @unlink($uploadfile); $message['type'] = 'error'; $message['text'] = sp_text('Sorry, there was a problem resizing the avatar'); return $message; } else { $editor->resize($sfavatars['sfavatarsize'], $sfavatars['sfavatarsize'], true); $imageinfo = $editor->save($uploadfile); $filename = $imageinfo['file']; } } # update member avatar data $avatar = sp_get_member_item($thisUser, 'avatar'); $avatar['uploaded'] = $filename; sp_update_member_item($thisUser, 'avatar', $avatar); } else { $message['type'] = 'error'; $message['text'] = sp_text('Sorry, the avatar file could not be moved to the avatar storage location'); return $message; } # fire action for plugins $message = apply_filters('sph_UpdateProfileAvatarUpload', $message, $thisUser); # output profile save status if (empty($message)) { $message['type'] = 'success'; $message['text'] = sp_text('Uploaded avatar updated'); } break; case 'avatar-pool': # pool avatar # get pool avatar name $filename = sp_filter_filename_save($_POST['spPoolAvatar']); # error if no pool avatar provided if (empty($filename)) { $message['type'] = 'error'; $message['text'] = sp_text('Sorry, you must select a pool avatar before trying to save it'); return $message; } # save the pool avatar $avatar = sp_get_member_item($thisUser, 'avatar'); $avatar['pool'] = $filename; sp_update_member_item($thisUser, 'avatar', $avatar); # fire action for plugins $message = apply_filters('sph_UpdateProfileAvatarPool', $message, $thisUser); # output profile save status if (empty($message)) { $message['type'] = 'success'; $message['text'] = sp_text('Pool avatar updated'); } break; case 'avatar-remote': # remote avatar # get remote avatar name $filename = sp_filter_url_save($_POST['spAvatarRemote']); $avatar = sp_get_member_item($thisUser, 'avatar'); $avatar['remote'] = $filename; sp_update_member_item($thisUser, 'avatar', $avatar); # fire action for plugins $message = apply_filters('sph_UpdateProfileAvatarRemote', $message, $thisUser); # output profile save status if (empty($message)) { $message['type'] = 'success'; $message['text'] = sp_text('Remote avatar updated'); } break; case 'edit-signature': # save signature # Check if maxmium links has been exceeded $numLinks = substr_count($_POST['postitem'], '</a>'); $spFilters = sp_get_option('sffilters'); if (!sp_get_auth('create_links', 'global', $thisUser) && $numLinks > 0 && !$spThisUser->admin) { $message['type'] = 'error'; $message['text'] = sp_text('You are not allowed to put links in signatures'); return $message; } if (sp_get_auth('create_links', 'global', $thisUser) && $spFilters['sfmaxlinks'] != 0 && $numLinks > $spFilters['sfmaxlinks'] && !$spThisUser->admin) { $message['type'] = 'error'; $message['text'] = sp_text('Maximum number of allowed links exceeded in signature') . ': ' . $spFilters['sfmaxlinks'] . ' ' . sp_text('allowed'); return $message; } // $sig = esc_sql(sp_filter_save_kses(trim($_POST['postitem']))); $sig = sp_filter_content_save($_POST['postitem'], 'edit'); sp_update_member_item($thisUser, 'signature', $sig); # fire action for plugins $message = apply_filters('sph_UpdateProfileSignature', $message, $thisUser); # output profile save status if (empty($message)) { $message['type'] = 'success'; $message['text'] = sp_text('Signature updated'); } break; case 'edit-photos': # save photos $photos = array(); $spProfileOptions = sp_get_option('sfprofile'); for ($x = 0; $x < $spProfileOptions['photosmax']; $x++) { $photos[$x] = sp_filter_url_save($_POST['photo' . $x]); } update_user_meta($thisUser, 'photos', $photos); # fire action for plugins $message = apply_filters('sph_UpdateProfilePhotos', $message, $thisUser); # output profile save status if (empty($message)) { $message['type'] = 'success'; $message['text'] = sp_text('Photos updated'); } break; case 'edit-global-options': # save global options $options = sp_get_member_item($thisUser, 'user_options'); $options['hidestatus'] = isset($_POST['hidestatus']) ? true : false; $update = apply_filters('sph_ProfileUserSyncNameUpdate', true); if ($update) { $options['namesync'] = isset($_POST['namesync']) ? true : false; } sp_update_member_item($thisUser, 'user_options', $options); # fire action for plugins $message = apply_filters('sph_UpdateProfileGlobalOptions', $message, $thisUser); # output profile save status if (empty($message)) { $message['type'] = 'success'; $message['text'] = sp_text('Global options updated'); } break; case 'edit-posting-options': # save posting options $update = apply_filters('sph_ProfileUserEditorUpdate', true); if ($update) { $options = sp_get_member_item($thisUser, 'user_options'); if (isset($_POST['editor'])) { $options['editor'] = sp_esc_int($_POST['editor']); } sp_update_member_item($thisUser, 'user_options', $options); } # fire action for plugins $message = apply_filters('sph_UpdateProfilePostingOptions', $message, $thisUser); # output profile save status if (empty($message)) { $message['type'] = 'success'; $message['text'] = sp_text('Posting options updated'); } break; case 'edit-display-options': # save display options $options = sp_get_member_item($thisUser, 'user_options'); if (isset($_POST['timezone'])) { if (preg_match('/^UTC[+-]/', $_POST['timezone'])) { # correct for manual UTC offets $userOffset = preg_replace('/UTC\\+?/', '', $_POST['timezone']) * 3600; } else { # get timezone offset for user $date_time_zone_selected = new DateTimeZone(sp_esc_str($_POST['timezone'])); $userOffset = timezone_offset_get($date_time_zone_selected, date_create()); } # get timezone offset for server based on wp settings $wptz = get_option('timezone_string'); if (empty($wptz)) { $serverOffset = get_option('gmt_offset'); } else { $date_time_zone_selected = new DateTimeZone($wptz); $serverOffset = timezone_offset_get($date_time_zone_selected, date_create()); } # calculate time offset between user and server $options['timezone'] = (int) round(($userOffset - $serverOffset) / 3600, 2); $options['timezone_string'] = sp_esc_str($_POST['timezone']); } else { $options['timezone'] = 0; $options['timezone_string'] = 'UTC'; } if (isset($_POST['unreadposts'])) { $sfcontrols = sp_get_option('sfcontrols'); $options['unreadposts'] = is_numeric($_POST['unreadposts']) ? max(min(sp_esc_int($_POST['unreadposts']), $sfcontrols['sfmaxunreadposts']), 0) : $sfcontrols['sfdefunreadposts']; } $options['topicASC'] = isset($_POST['topicASC']); $options['postDESC'] = isset($_POST['postDESC']); sp_update_member_item($thisUser, 'user_options', $options); # fire action for plugins $message = apply_filters('sph_UpdateProfileDisplayOptions', $message, $thisUser); # output profile save status if (empty($message)) { $message['type'] = 'success'; $message['text'] = sp_text('Display options updated'); } break; default: break; } # let plugins do their thing on success $message = apply_filters('sph_ProfileFormSave_' . $thisForm, $message, $thisUser, $thisForm); do_action('sph_UpdateProfile', $thisUser, $thisForm); # reset the plugin_data just in case sp_reset_member_plugindata($thisUser); # done saving - return the messages return $message; }
function sp_update_recent_members() { $newuserlist = sp_get_option('spRecentMembers'); if (is_array($newuserlist)) { for ($x = 0; $x < count($newuserlist); $x++) { $newuserlist[$x]['name'] = sp_get_member_item($newuserlist[$x]['id'], 'display_name'); } } sp_update_option('spRecentMembers', $newuserlist); }
function saveData() { global $spVars, $spGlobals; $this->abort = false; $this->newpost['action'] = $this->action; # make the entire class object available for modification before saving # warning: note the passing by reference. other end could wreak havoc do_action_ref_array('sph_new_post_pre_save', array(&$this)); # Write the topic if needed if ($this->action == 'topic') { $this->newpost = apply_filters('sph_new_topic_pre_data_saved', $this->newpost); $spdb = new spdbComplex(); $spdb->table = SFTOPICS; $spdb->fields = array('topic_name', 'topic_slug', 'topic_date', 'forum_id', 'topic_status', 'topic_pinned', 'user_id'); $spdb->data = array($this->newpost['topicname'], $this->newpost['topicslug'], $this->newpost['postdate'], $this->newpost['forumid'], $this->newpost['topicstatus'], $this->newpost['topicpinned'], $this->newpost['userid']); $spdb = apply_filters('sph_new_topic_data', $spdb); $this->newpost['db'] = $spdb->insert(); if ($this->newpost['db'] == true) { $this->newpost['topicid'] = $spVars['insertid']; $this->newpost = apply_filters('sph_new_topic_data_saved', $this->newpost); } else { $this->abort = true; $this->message = sp_text('Unable to save new topic record'); return; } # failsafe: check the topic slug and if empty use the topic id if (empty($this->newpost['topicslug'])) { $this->newpost['topicslug'] = 'topic-' . $this->newpost['topicid']; spdb_query('UPDATE ' . SFTOPICS . " SET topic_slug='" . $this->newpost['topicslug'] . "' WHERE topic_id=" . $this->newpost['topicid']); } } # Write the post # Double check forum id is correct - it has been known for a topic to have just been moved! $this->newpost['forumid'] = spdb_table(SFTOPICS, 'topic_id=' . $this->newpost['topicid'], 'forum_id'); # Get post count in topic to enable post index setting $index = spdb_count(SFPOSTS, 'topic_id = ' . $this->newpost['topicid']); $index++; $this->newpost['postindex'] = $index; # if topic lock set in post reply update topic (post only) if ($this->action == 'post' && $this->newpost['topicstatus']) { spdb_query('UPDATE ' . SFTOPICS . ' SET topic_status=1 WHERE topic_id=' . $this->newpost['topicid']); } $this->newpost = apply_filters('sph_new_post_pre_data_saved', $this->newpost); $spdb = new spdbComplex(); $spdb->table = SFPOSTS; $spdb->fields = array('post_content', 'post_date', 'topic_id', 'forum_id', 'user_id', 'guest_name', 'guest_email', 'post_pinned', 'post_index', 'post_status', 'poster_ip', 'source'); $spdb->data = array($this->newpost['postcontent'], $this->newpost['postdate'], $this->newpost['topicid'], $this->newpost['forumid'], $this->newpost['userid'], $this->newpost['guestname'], $this->newpost['guestemail'], $this->newpost['postpinned'], $this->newpost['postindex'], $this->newpost['poststatus'], $this->newpost['posterip'], $this->newpost['source']); $spdb = apply_filters('sph_new_post_data', $spdb); $this->newpost['db'] = $spdb->insert(); if ($this->newpost['db'] == true) { $this->newpost['postid'] = $spVars['insertid']; $this->newpost = apply_filters('sph_new_post_data_saved', $this->newpost); } else { $this->abort = true; $this->message = sp_text('Unable to save new post message'); return; } # Update the timestamp of the last post sp_update_option('poststamp', $this->newpost['postdate']); $this->returnURL = sp_build_url($this->newpost['forumslug'], $this->newpost['topicslug'], 0, $this->newpost['postid']); if ($this->newpost['poststatus']) { $this->newpost['submsg'] .= ' - ' . sp_text('placed in moderation') . ' '; } # Now for all that post-save processing required if ($this->guest) { $sfguests = sp_get_option('sfguests'); if ($sfguests['storecookie']) { sp_write_guest_cookie($this->newpost['guestname'], $this->newpost['guestemail']); } } else { $postcount = sp_get_member_item($this->newpost['userid'], 'posts'); $postcount++; sp_update_member_item($this->newpost['userid'], 'posts', $postcount); # see if postcount qualifies member for new user group membership # get rankings information if (!$this->admin) { # ignore for admins as they dont belong to user groups global $spGlobals; if (!empty($spGlobals['forum_rank'])) { $index = 0; foreach ($spGlobals['forum_rank'] as $x => $info) { $rankdata['title'][$index] = $x; $rankdata['posts'][$index] = $info['posts']; $rankdata['usergroup'][$index] = $info['usergroup']; $index++; } # sort rankings array_multisort($rankdata['posts'], SORT_ASC, $rankdata['title'], $rankdata['usergroup']); # check for new ranking for ($x = 0; $x < count($rankdata['posts']); $x++) { if ($postcount <= $rankdata['posts'][$x] && !empty($rankdata['usergroup'][$x])) { # if a user group is tied to forum rank add member to the user group if ($rankdata['usergroup'][$x] != 'none') { sp_add_membership($rankdata['usergroup'][$x], $this->newpost['userid']); } break; # only update highest rank } } } } } # set new url for email $this->newpost['url'] = $this->returnURL; # allow plugins to add to post message $this->newpost['submsg'] = apply_filters('sph_post_message', $this->newpost['submsg'], $this->newpost); # add to or remove from admins new post queue if ($this->admin || $this->moderator) { # remove topic from waiting... sp_remove_from_waiting(false, $this->newpost['topicid']); } else { # add topic to waiting sp_add_to_waiting($this->newpost['topicid'], $this->newpost['forumid'], $this->newpost['postid'], $this->newpost['userid']); } # if a new post remove topic from the users new post list if in it if ($this->action == 'post') { sp_remove_users_newposts($this->newpost['topicid'], $this->newpost['userid']); } # do we need to approve any posts in moderation in this topic? if ($this->admin && $spGlobals['admin']['sfadminapprove'] || $this->moderator && $spGlobals['admin']['sfmoderapprove']) { sp_approve_post(true, 0, $this->newpost['topicid'], false, $this->newpost['forumid']); } # if post in moderatiuon then add entry to notices if ($this->newpost['poststatus'] != 0) { $nData = array(); $nData['user_id'] = $this->newpost['userid']; $nData['guest_email'] = $this->newpost['guestemail']; $nData['post_id'] = $this->newpost['postid']; $nData['link'] = $this->newpost['url']; $nData['link_text'] = $this->newpost['topicname']; $nData['message'] = sp_text('Your post is awaiting moderation in the topic'); $nData['expires'] = time() + 30 * 24 * 60 * 60; # 30 days; 24 hours; 60 mins; 60secs sp_add_notice($nData); } # Add this new item to the new tpic/post cache $meta = sp_get_sfmeta_key('topic_cache', 'new'); $cacheSize = sp_get_option('topic_cache'); $a = array(); $a[LISTFORUM] = (int) $this->newpost['forumid']; $a[LISTTOPIC] = (int) $this->newpost['topicid']; $a[LISTPOST] = (int) $this->newpost['postid']; $a[LISTSTATUS] = (int) $this->newpost['poststatus']; if (isset($spGlobals['topic_cache']['new']) && !empty($spGlobals['topic_cache']['new'])) { array_unshift($spGlobals['topic_cache']['new'], $a); if (count($spGlobals['topic_cache']['new']) > $cacheSize) { array_pop($spGlobals['topic_cache']['new']); } } sp_update_sfmeta('topic_cache', 'new', $spGlobals['topic_cache']['new'], $meta, true); # remove group level caches to accommodate new post spdb_query('DELETE FROM ' . SFCACHE . " WHERE cache_id LIKE '%*group'"); # save post in cache for flood control sp_add_cache('floodcontrol', time() + sp_get_option('floodcontrol')); # Update forum, topic and post index data sp_build_post_index($this->newpost['topicid']); sp_build_forum_index($this->newpost['forumid']); # send out email notifications sp_email_notifications($this->newpost); # one final filter - just in case do_action_ref_array('sph_post_new_completed', array(&$this)); # and a final action hook do_action('sph_new_post', $this->newpost); do_action('sph_post_create', $this->newpost); }
function sp_searchview_control($count) { global $spVars; $searchType = $spVars['searchtype']; $searchInclude = $spVars['searchinclude']; # (LIMIT) how many topics per page? if (!$count) { $count = 30; } $this->searchShow = $count; if ($spVars['searchpage'] == 1) { $startlimit = 0; } else { $startlimit = ($spVars['searchpage'] - 1) * $count; } # For this page? $this->limit = $startlimit . ', ' . $count; # (WHERE) All or specific forum? if ($spVars['forumslug'] == 'all') { # create forumIds list and where clause $forumIds = sp_user_visible_forums('post-content'); if (empty($forumIds)) { return; } $this->forumWhere = 'forum_id IN (' . implode(',', $forumIds) . ') '; } else { # check we can see this forum and create where clause if (!sp_get_auth('view_forum', $spVars['forumid'])) { return; } $this->forumWhere = 'forum_id=' . $spVars['forumid']; } if (empty($spVars['searchvalue'])) { return ''; } if ($searchType == 4 || $searchType == 5) { $this->searchTermRaw = sp_get_member_item((int) $spVars['searchvalue'], 'display_name'); } else { $this->searchTermRaw = $spVars['searchvalue']; } $this->searchTerm = $this->sp_construct_search_term($spVars['searchvalue'], $searchType, $searchInclude); # if search type is 1,2 or 3 (i.e., normal data searches) and we are looking for page 1 then we need to run # the query. Note - if posts and titles then we need to run it twice! # If we are not loading page 1 however then we can grab the results from the cache. # For all other searchtypes - just rin the standard routine if ($searchType > 3) { $r = $this->sp_searchview_query($searchType, $searchInclude); return $r; } if ($spVars['searchpage'] == 1 && $spVars['newsearch'] == true) { $r = $this->sp_searchview_query($searchType, $searchInclude); # Remove dupes and re-sort if ($r) { $r = array_unique($r); rsort($r, SORT_NUMERIC); # Now hive off into a transient $d = array(); $d['url'] = $this->searchPermalink; $d['page'] = $spVars['searchpage']; $t = array(); $t[0] = $d; $t[1] = $r; sp_add_cache('search', $t); } } else { # Get the data from the cache if not page 1 for first time $r = sp_get_cache('search'); if ($r) { $d = $r[0]; $r = $r[1]; $d['url'] = $this->searchPermalink; $d['page'] = $spVars['searchpage']; $t = array(); $t[0] = $d; $t[1] = $r; # update the transient with the new url sp_add_cache('search', $t); } } # Now work out which part of the $r array to return if ($r) { $spVars['searchresults'] = count($r); $this->searchCount = $spVars['searchresults']; $this->searchInclude = $searchInclude; $this->searchType = $searchType; return array_slice($r, $startlimit, $count); } }
function sp_set_last_visited($userid) { global $spThisUser; # before setting last visit check and save timezone difference just to be sure. $opts = sp_get_member_item($userid, 'user_options'); if (!empty($opts['timezone_string'])) { if (preg_match('/^UTC[ \\t+-]/', $opts['timezone_string'])) { # correct for manual UTC offets $userOffset = preg_replace('/UTC\\+?/', '', $opts['timezone_string']) * 3600; } else { # get timezone offset for user $date_time_zone_selected = new DateTimeZone(sp_esc_str($opts['timezone_string'])); $userOffset = timezone_offset_get($date_time_zone_selected, date_create()); } $wptz = get_option('timezone_string'); if (empty($wptz)) { $serverOffset = get_option('gmt_offset'); } else { $date_time_zone_selected = new DateTimeZone($wptz); $serverOffset = timezone_offset_get($date_time_zone_selected, date_create()); } # calculate time offset between user and server $ntz = (int) round(($userOffset - $serverOffset) / 3600, 2); if ($opts['timezone'] != $ntz) { $opts['timezone'] = $ntz; $spThisUser->timezone = $ntz; sp_update_member_item($userid, 'user_options', $opts); sp_update_member_item($userid, 'checktime', 0); } } # Now set the last visit date/time sp_update_member_item($userid, 'lastvisit', 0); }
function sp_UserAvatar($args = '', $contextData = '') { global $spThisUser; $defs = array('tagClass' => 'spAvatar', 'imgClass' => 'spAvatar', 'size' => '', 'link' => 'profile', 'context' => 'current', 'wp' => '', 'echo' => 1, 'get' => 0); $a = wp_parse_args($args, $defs); $a = apply_filters('sph_Avatar_args', $a); extract($a, EXTR_SKIP); # sanitize before use $tagClass = esc_attr($tagClass); $imgClass = esc_attr($imgClass); $link = esc_attr($link); $size = (int) $size; $echo = (int) $echo; $get = (int) $get; $wp = esc_attr($wp); # init some vars $forceWidth = false; # make sure we are displaying avatars $spAvatars = sp_get_option('sfavatars'); if ($spAvatars['sfshowavatars'] == true) { $avatarData = new stdClass(); $avatarData->object = false; $avatarData->userId = 0; # need user id OR email $avatarData->email = ''; $avatarData->avatar = ''; $avatarData->admin = ''; # determine avatar size $avatarData->size = !empty($size) ? $size : $spAvatars['sfavatarsize']; # get the appropriate user id and email address switch ($context) { case 'current': # we want the avatar for the current user global $spThisUser; $avatarData->userId = $spThisUser->ID; $avatarData->email = !empty($avatarData->userId) ? $spThisUser->user_email : ''; break; case 'user': # determine if we have user object, id or email address if (is_object($contextData)) { # sp user object passed in # can contain anything, but must contain id or email, avatar array and admin flag $avatarData->object = true; $avatarData->userId = $contextData->ID; $avatarData->email = $contextData->user_email; $avatarData->avatar = $contextData->avatar; $avatarData->admin = $contextData->admin; } else { if (is_numeric($contextData)) { # user id passed in $user = get_userdata((int) $contextData); } else { # email address passed in $user = get_user_by('email', sp_esc_str($contextData)); } if ($user) { $avatarData->userId = $user->ID; $avatarData->email = $user->user_email; } } break; default: # allow themes/plugins to add new avatar user types $avatarData = apply_filters('sph_Avatar_' . $context, $avatarData, $a); break; } # loop through prorities until we find an avatar to use foreach ($spAvatars['sfavatarpriority'] as $priority) { switch ($priority) { case 0: # Gravatars if (function_exists('sp_get_gravatar_cache_url')) { $avatarData->url = sp_get_gravatar_cache_url(strtolower($avatarData->email), $avatarData->size); if (empty($avatarData->url)) { $gravatar = false; } else { $gravatar = true; $forceWidth = true; # force width to request since we only cache one size } } else { $rating = $spAvatars['sfgmaxrating']; switch ($rating) { case 1: $grating = 'g'; break; case 2: $grating = 'pg'; break; case 3: $grating = 'r'; break; case 4: default: $grating = 'x'; break; } $avatarData->url = 'http://www.gravatar.com/avatar/' . md5(strtolower($avatarData->email)) . "?d=404&size={$avatarData->size}&rating={$grating}"; # Is there an gravatar? $headers = wp_get_http_headers($avatarData->url); if (!is_array($headers)) { $gravatar = false; } elseif (isset($headers['content-disposition'])) { $gravatar = true; } else { $gravatar = false; } } # ignore gravatar blank images if ($gravatar == true) { break 2; # if actual gravatar image found, show it } break; case 1: # WP avatars # if wp avatars being used, handle slightly different since we get image tags $avatar = "<div class='{$tagClass}'>"; if (!empty($wp)) { $avatar .= sp_build_avatar_display($avatarData->userId, $wp, $link); } else { if ($avatarData->userId) { $avatarData->email = $avatarData->userId; } $avatar .= sp_build_avatar_display($avatarData->userId, get_avatar($avatarData->email, $avatarData->size), $link); } $avatar .= '</div>'; if ($get) { return $avatarData; } # for wp avatars, we need to display/return and bail if (empty($echo)) { return $avatar; } else { echo $avatar . "\n"; return; } case 2: # Uploaded avatars $userAvatar = $avatarData->avatar; if (empty($userAvatar) && !empty($avatarData->userId) && isset($spThisUser)) { $userAvatar = $avatarData->userId == $spThisUser->ID ? $spThisUser->avatar : sp_get_member_item($avatarData->userId, 'avatar'); } if (!empty($userAvatar['uploaded'])) { $avfile = $userAvatar['uploaded']; $avatarData->url = SFAVATARURL . $avfile; if (file_exists(SFAVATARDIR . $avfile)) { $avatarData->path = SFAVATARDIR . $avfile; break 2; # if uploaded avatar exists, show it } } break; case 3: # SPF default avatars # SPF default avatars default: if (empty($avatarData->userId)) { $image = 'guestdefault.png'; } else { if ($avatarData->object) { $image = $avatarData->admin ? 'admindefault.png' : 'userdefault.png'; } else { $image = sp_is_forum_admin($avatarData->userId) ? 'admindefault.png' : 'userdefault.png'; } } $avatarData->url = SFAVATARURL . $image; $avatarData->path = SFAVATARDIR . $image; break 2; # defaults, so show it # defaults, so show it case 4: # Pool avatars $userAvatar = $avatarData->avatar; if (empty($userAvatar) && !empty($avatarData->userId) && isset($spThisUser)) { $userAvatar = $avatarData->userId == $spThisUser->ID ? $spThisUser->avatar : sp_get_member_item($avatarData->userId, 'avatar'); } if (!empty($userAvatar['pool'])) { $pavfile = $userAvatar['pool']; $avatarData->url = SFAVATARPOOLURL . $pavfile; if (file_exists(SFAVATARPOOLDIR . $pavfile)) { $avatarData->path = SFAVATARPOOLDIR . $pavfile; break 2; # if pool avatar exists, show it } } break; case 5: # Remote avatars $userAvatar = $avatarData->avatar; if (empty($userAvatar) && !empty($avatarData->userId) && isset($spThisUser)) { $userAvatar = $avatarData->userId == $spThisUser->ID ? $spThisUser->avatar : sp_get_member_item($avatarData->userId, 'avatar'); } if (!empty($userAvatar['remote'])) { $ravfile = $userAvatar['remote']; $avatarData->url = $ravfile; # see if file exists $response = wp_remote_get($avatarData->url); if (!is_wp_error($response) && wp_remote_retrieve_response_code($response) == 200) { $avatarData->path = $avatarData->url; break 2; # if remote avatar exists, show it } } break; } } # allow themes/plugins to filter the final avatar data $avatarData = apply_filters('sph_Avatar', $avatarData, $a); if ($get) { return $avatarData; } # now display the avatar $width = $forceWidth ? " width='{$avatarData->size}'" : ""; $maxwidth = $avatarData->size > 0 ? " style='max-width: {$avatarData->size}px'" : ''; $avatar = sp_build_avatar_display($avatarData->userId, "<img src='" . esc_url($avatarData->url) . "' class='{$imgClass}'{$width}{$maxwidth} alt='' />", $link); $avatar = "<div class='{$tagClass}'>{$avatar}</div>\n"; if ($echo) { echo $avatar; } else { return $avatar; } } }
echo '<p style="text-align:center"' . sp_text('Avatar Pool') . '</p>'; echo '<p>'; while (false !== ($file = readdir($dlist))) { if ($file != "." && $file != "..") { echo '<img class="spAvatarPool" src="' . esc_url(SFAVATARPOOLURL . '/' . $file) . '" alt="" onclick="spjSelAvatar(\'' . $file . '\', \'' . esc_js("<p class=\\'spCenter\\'>" . sp_text('Avatar selected. Please save pool avatar') . "</p>") . '\'); return jQuery(\'#dialog\').dialog(\'close\');" /> '; } } echo '</p>'; closedir($dlist); die; } if (isset($_GET['poolremove']) && ($spThisUser->ID == $userid || $spThisUser->admin)) { if (empty($userid)) { die; } $avatar = sp_get_member_item($userid, 'avatar'); $avatar['pool'] = ''; sp_update_member_item($userid, 'avatar', $avatar); echo '<strong>' . sp_text('No pool avatar currently selected') . '</strong>'; $ahahURL = SFHOMEURL . 'index.php?sp_ahah=profile&sfnonce=' . wp_create_nonce('forum-ahah') . "&action=update-display-avatar&user={$userid}"; ?> <script type="text/javascript"> jQuery(document).ready(function() { jQuery('#spProfileDisplayAvatar').load('<?php echo $ahahURL; ?> '); }) </script> <?php die;
function sp_delete_post($postid, $topicid, $forumid, $show = true, $poster = 0) { global $spThisUser; if (!$postid || !$topicid || !$forumid) { return ''; } if (sp_get_auth('delete_any_post', $forumid) || sp_get_auth('delete_own_posts', $forumid) && $spThisUser->ID == $poster) { # Check post actually exsists - might be a browsser refresh! $target = spdb_table(SFPOSTS, "post_id={$postid}", 'row'); if (empty($target)) { if ($show) { sp_notify(SPSUCCESS, sp_text('Post already deleted')); } return; } # if just one post then remove topic as well $pcount = spdb_table(SFTOPICS, "topic_id={$topicid}", 'post_count'); if ($pcount == 1) { sp_delete_topic($topicid, $forumid, $show); } else { if (spdb_query('DELETE FROM ' . SFPOSTS . " WHERE post_id={$postid}") == false) { if ($show) { sp_notify(SPFAILURE, sp_text('Deletion failed')); } } else { if ($show) { sp_notify(SPSUCCESS, sp_text('Post deleted')); } } # adjust post count if needed $adjust = sp_get_option('post_count_delete'); if ($adjust) { $count = sp_get_member_item($target->user_id, 'posts') - 1; sp_update_member_item($target->user_id, 'posts', $count); } # re number post index sp_build_post_index($topicid); sp_build_forum_index($forumid); # post delete hook do_action('sph_post_delete', $target, $spThisUser->ID); # flush and rebuild topic cache (since one or more posts approved) sp_rebuild_topic_cache(); } # need to look in sfwaiting to see if it's in there... sp_remove_from_waiting(true, $topicid, $postid); sp_delete_notice('post_id', $postid); } else { if (!is_user_logged_in()) { $msg = sp_text('Access denied - are you logged in?'); } else { $msg = sp_text('Access denied - you do not have permission'); } sp_notify(SPFAILURE, $msg); } }
function sp_ttags_new_admin($uid) { $sfadminoptions = sp_get_member_item($uid, 'admin_options'); $sfadminoptions['offline_message'] = ''; sp_update_member_item($uid, 'admin_options', $sfadminoptions); }