/**
  * Prepare the errors for display.
  *
  * - Return an array containing the error strings
  * - If severity is null the function returns all the errors
  *
  * @param int|null $severity = null the severity level wanted
  */
 public function prepareErrors($severity = null)
 {
     global $txt;
     $returns = array();
     if ($this->_generic_error !== null) {
         $returns['attach_generic'] = array('errors' => $this->_generic_error->prepareErrors($severity), 'type' => $this->getErrorType(), 'title' => $txt['attach_error_title']);
     }
     if (!empty($this->_attachs)) {
         foreach ($this->_attachs as $attachID => $error) {
             $returns[$attachID] = array('errors' => $error['error']->prepareErrors($severity), 'type' => $this->getErrorType(), 'title' => sprintf($txt['attach_warning'], $error['name']));
         }
     }
     return $returns;
 }
示例#2
0
 function testSimpleError()
 {
     $error_context = Error_Context::context();
     // Let's add an error and see
     $error_context->addError('test');
     $this->assertTrue($error_context->hasErrors());
     $this->assertTrue($error_context->hasError('test'));
     $this->assertFalse($error_context->hasError('test2'));
     $this->assertEqual($error_context->getErrorType(), Error_Context::MINOR);
     // Now the error can be removed
     $error_context->removeError('test');
     $this->assertFalse($error_context->hasErrors());
     $this->assertFalse($error_context->hasError('test'));
     $this->assertFalse($error_context->hasError('test2'));
     $this->assertFalse($error_context->getErrors());
 }
/**
 * Create a anti-bot verification control?
 *
 * @param mixed[] $verificationOptions
 * @param bool $do_test = false
 */
function create_control_verification(&$verificationOptions, $do_test = false)
{
    global $context;
    // We need to remember this because when failing the page is realoaded and the
    // code must remain the same (unless it has to change)
    static $all_instances = array();
    // Always have an ID.
    assert(isset($verificationOptions['id']));
    $isNew = !isset($context['controls']['verification'][$verificationOptions['id']]);
    if ($isNew) {
        $context['controls']['verification'][$verificationOptions['id']] = array('id' => $verificationOptions['id'], 'max_errors' => isset($verificationOptions['max_errors']) ? $verificationOptions['max_errors'] : 3, 'render' => false);
    }
    $thisVerification =& $context['controls']['verification'][$verificationOptions['id']];
    if (!isset($_SESSION[$verificationOptions['id'] . '_vv'])) {
        $_SESSION[$verificationOptions['id'] . '_vv'] = array();
    }
    $force_refresh = (!empty($_SESSION[$verificationOptions['id'] . '_vv']['did_pass']) || empty($_SESSION[$verificationOptions['id'] . '_vv']['count']) || $_SESSION[$verificationOptions['id'] . '_vv']['count'] > 3) && empty($verificationOptions['dont_refresh']);
    if (!isset($all_instances[$verificationOptions['id']])) {
        $known_verifications = loadVerificationControls();
        $all_instances[$verificationOptions['id']] = array();
        foreach ($known_verifications as $verification) {
            $class_name = 'Verification_Controls_' . ucfirst($verification);
            $current_instance = new $class_name($verificationOptions);
            // If there is anything to show, otherwise forget it
            if ($current_instance->showVerification($isNew, $force_refresh)) {
                $all_instances[$verificationOptions['id']][$verification] = $current_instance;
            }
        }
    }
    $instances =& $all_instances[$verificationOptions['id']];
    // Is there actually going to be anything?
    if (empty($instances)) {
        return false;
    } elseif (!$isNew && !$do_test) {
        return true;
    }
    $verification_errors = Error_Context::context($verificationOptions['id']);
    $increase_error_count = false;
    // Start with any testing.
    if ($do_test) {
        // This cannot happen!
        if (!isset($_SESSION[$verificationOptions['id'] . '_vv']['count'])) {
            fatal_lang_error('no_access', false);
        }
        foreach ($instances as $instance) {
            $outcome = $instance->doTest();
            if ($outcome !== true) {
                $increase_error_count = true;
                $verification_errors->addError($outcome);
            }
        }
    }
    // Any errors means we refresh potentially.
    if ($increase_error_count) {
        if (empty($_SESSION[$verificationOptions['id'] . '_vv']['errors'])) {
            $_SESSION[$verificationOptions['id'] . '_vv']['errors'] = 0;
        } elseif ($_SESSION[$verificationOptions['id'] . '_vv']['errors'] > $thisVerification['max_errors']) {
            $force_refresh = true;
        }
        // Keep a track of these.
        $_SESSION[$verificationOptions['id'] . '_vv']['errors']++;
    }
    // Are we refreshing then?
    if ($force_refresh) {
        // Assume nothing went before.
        $_SESSION[$verificationOptions['id'] . '_vv']['count'] = 0;
        $_SESSION[$verificationOptions['id'] . '_vv']['errors'] = 0;
        $_SESSION[$verificationOptions['id'] . '_vv']['did_pass'] = false;
    }
    foreach ($instances as $test => $instance) {
        $instance->createTest($force_refresh);
        $thisVerification['test'][$test] = $instance->prepareContext();
        if ($instance->hasVisibleTemplate()) {
            $thisVerification['render'] = true;
        }
    }
    $_SESSION[$verificationOptions['id'] . '_vv']['count'] = empty($_SESSION[$verificationOptions['id'] . '_vv']['count']) ? 1 : $_SESSION[$verificationOptions['id'] . '_vv']['count'] + 1;
    // Return errors if we have them.
    if ($verification_errors->hasErrors()) {
        // @todo temporary until the error class is implemented in register
        $error_codes = array();
        foreach ($verification_errors->getErrors() as $errors) {
            foreach ($errors as $error) {
                $error_codes[] = $error;
            }
        }
        return $error_codes;
    } elseif ($do_test) {
        $_SESSION[$verificationOptions['id'] . '_vv']['did_pass'] = true;
    }
    // Say that everything went well chaps.
    return true;
}
示例#4
0
 /**
  * See if a username already exists.
  */
 private function _registerCheckUsername()
 {
     global $context;
     // This is XML!
     loadTemplate('Xml');
     $context['sub_template'] = 'check_username';
     $context['checked_username'] = isset($_GET['username']) ? un_htmlspecialchars($_GET['username']) : '';
     $context['valid_username'] = true;
     // Clean it up like mother would.
     $context['checked_username'] = preg_replace('~[\\t\\n\\r \\x0B\\0\\x{A0}\\x{AD}\\x{2000}-\\x{200F}\\x{201F}\\x{202F}\\x{3000}\\x{FEFF}]+~u', ' ', $context['checked_username']);
     $errors = Error_Context::context('valid_username', 0);
     require_once SUBSDIR . '/Auth.subs.php';
     validateUsername(0, $context['checked_username'], 'valid_username', true, false);
     $context['valid_username'] = !$errors->hasErrors();
 }
示例#5
0
/**
 * Creates a new ban group
 *
 * What it does:
 * - If a ban group with the same name already exists or the group s successfully created the ID is returned
 * - On error the error code is returned or false
 *
 * @package Bans
 * @param mixed[] $ban_info
 * @return int the ban group's ID
 */
function insertBanGroup($ban_info = array())
{
    $db = database();
    $ban_errors = Error_Context::context('ban', 1);
    if (empty($ban_info['name'])) {
        $ban_errors->addError('ban_name_empty');
    }
    if (empty($ban_info['cannot']['access']) && empty($ban_info['cannot']['register']) && empty($ban_info['cannot']['post']) && empty($ban_info['cannot']['login'])) {
        $ban_errors->addError('ban_unknown_restriction_type');
    }
    if ($ban_errors->hasErrors()) {
        return false;
    }
    // Check whether a ban with this name already exists.
    $request = $db->query('', '
		SELECT id_ban_group
		FROM {db_prefix}ban_groups
		WHERE name = {string:new_ban_name}' . '
		LIMIT 1', array('new_ban_name' => $ban_info['name']));
    // @todo shouldn't be an error here?
    if ($db->num_rows($request) == 1) {
        list($id_ban) = $db->fetch_row($request);
        $db->free_result($request);
        return $id_ban;
    }
    $db->free_result($request);
    // Yes yes, we're ready to add now.
    $db->insert('', '{db_prefix}ban_groups', array('name' => 'string-20', 'ban_time' => 'int', 'expire_time' => 'raw', 'cannot_access' => 'int', 'cannot_register' => 'int', 'cannot_post' => 'int', 'cannot_login' => 'int', 'reason' => 'string-255', 'notes' => 'string-65534'), array($ban_info['name'], time(), $ban_info['db_expiration'], $ban_info['cannot']['access'], $ban_info['cannot']['register'], $ban_info['cannot']['post'], $ban_info['cannot']['login'], $ban_info['reason'], $ban_info['notes']), array('id_ban_group'));
    $ban_info['id'] = $db->insert_id('{db_prefix}ban_groups', 'id_ban_group');
    if (empty($ban_info['id'])) {
        $ban_errors->addError('impossible_insert_new_bangroup');
    }
    return $ban_info['id'];
}
示例#6
0
 /**
  * Send the emails.
  *
  * - Sends off emails to all the moderators.
  * - Sends to administrators and global moderators. (1 and 2)
  * - Called by action_reporttm(), and thus has the same permission and setting requirements as it does.
  * - Accessed through ?action=reporttm when posting.
  */
 public function action_reporttm2()
 {
     global $txt, $scripturl, $topic, $board, $user_info, $modSettings, $language, $context;
     // You must have the proper permissions!
     isAllowedTo('report_any');
     // Make sure they aren't spamming.
     spamProtection('reporttm');
     require_once SUBSDIR . '/Mail.subs.php';
     // No errors, yet.
     $report_errors = Error_Context::context('report', 1);
     // Check their session.
     if (checkSession('post', '', false) != '') {
         $report_errors->addError('session_timeout');
     }
     // Make sure we have a comment and it's clean.
     if (!isset($_POST['comment']) || Util::htmltrim($_POST['comment']) === '') {
         $report_errors->addError('no_comment');
     }
     $poster_comment = strtr(Util::htmlspecialchars($_POST['comment']), array("\r" => '', "\t" => ''));
     if (Util::strlen($poster_comment) > 254) {
         $report_errors->addError('post_too_long');
     }
     // Guests need to provide their address!
     if ($user_info['is_guest']) {
         require_once SUBSDIR . '/DataValidator.class.php';
         if (!Data_Validator::is_valid($_POST, array('email' => 'valid_email'), array('email' => 'trim'))) {
             empty($_POST['email']) ? $report_errors->addError('no_email') : $report_errors->addError('bad_email');
         }
         isBannedEmail($_POST['email'], 'cannot_post', sprintf($txt['you_are_post_banned'], $txt['guest_title']));
         $user_info['email'] = htmlspecialchars($_POST['email'], ENT_COMPAT, 'UTF-8');
     }
     // Could they get the right verification code?
     if ($user_info['is_guest'] && !empty($modSettings['guests_report_require_captcha'])) {
         require_once SUBSDIR . '/VerificationControls.class.php';
         $verificationOptions = array('id' => 'report');
         $context['require_verification'] = create_control_verification($verificationOptions, true);
         if (is_array($context['require_verification'])) {
             foreach ($context['require_verification'] as $error) {
                 $report_errors->addError($error, 0);
             }
         }
     }
     // Any errors?
     if ($report_errors->hasErrors()) {
         return $this->action_reporttm();
     }
     // Get the basic topic information, and make sure they can see it.
     $msg_id = (int) $_POST['msg'];
     $message = posterDetails($msg_id, $topic);
     if (empty($message)) {
         fatal_lang_error('no_board', false);
     }
     $poster_name = un_htmlspecialchars($message['real_name']) . ($message['real_name'] != $message['poster_name'] ? ' (' . $message['poster_name'] . ')' : '');
     $reporterName = un_htmlspecialchars($user_info['name']) . ($user_info['name'] != $user_info['username'] && $user_info['username'] != '' ? ' (' . $user_info['username'] . ')' : '');
     $subject = un_htmlspecialchars($message['subject']);
     // Get a list of members with the moderate_board permission.
     require_once SUBSDIR . '/Members.subs.php';
     $moderators = membersAllowedTo('moderate_board', $board);
     $result = getBasicMemberData($moderators, array('preferences' => true, 'sort' => 'lngfile'));
     $mod_to_notify = array();
     foreach ($result as $row) {
         if ($row['notify_types'] != 4) {
             $mod_to_notify[] = $row;
         }
     }
     // Check that moderators do exist!
     if (empty($mod_to_notify)) {
         fatal_lang_error('no_mods', false);
     }
     // If we get here, I believe we should make a record of this, for historical significance, yabber.
     if (empty($modSettings['disable_log_report'])) {
         require_once SUBSDIR . '/Messages.subs.php';
         $id_report = recordReport($message, $poster_comment);
         // If we're just going to ignore these, then who gives a monkeys...
         if ($id_report === false) {
             redirectexit('topic=' . $topic . '.msg' . $msg_id . '#msg' . $msg_id);
         }
     }
     // Find out who the real moderators are - for mod preferences.
     require_once SUBSDIR . '/Boards.subs.php';
     $real_mods = getBoardModerators($board, true);
     // Send every moderator an email.
     foreach ($mod_to_notify as $row) {
         // Maybe they don't want to know?!
         if (!empty($row['mod_prefs'])) {
             list(, , $pref_binary) = explode('|', $row['mod_prefs']);
             if (!($pref_binary & 1) && (!($pref_binary & 2) || !in_array($row['id_member'], $real_mods))) {
                 continue;
             }
         }
         $replacements = array('TOPICSUBJECT' => $subject, 'POSTERNAME' => $poster_name, 'REPORTERNAME' => $reporterName, 'TOPICLINK' => $scripturl . '?topic=' . $topic . '.msg' . $msg_id . '#msg' . $msg_id, 'REPORTLINK' => !empty($id_report) ? $scripturl . '?action=moderate;area=reports;report=' . $id_report : '', 'COMMENT' => $_POST['comment']);
         $emaildata = loadEmailTemplate('report_to_moderator', $replacements, empty($row['lngfile']) || empty($modSettings['userLanguage']) ? $language : $row['lngfile']);
         // Send it to the moderator.
         sendmail($row['email_address'], $emaildata['subject'], $emaildata['body'], $user_info['email'], null, false, 2);
     }
     // Keep track of when the mod reports get updated, that way we know when we need to look again.
     updateSettings(array('last_mod_report_action' => time()));
     // Back to the post we reported!
     redirectexit('reportsent;topic=' . $topic . '.msg' . $msg_id . '#msg' . $msg_id);
 }
示例#7
0
 /**
  * Update the settings for a poll, or add a new one.
  * Must be called with a topic specified in the URL.
  * The user must have poll_edit_any/poll_add_any permission
  * for the relevant action. Otherwise they must be poll starter
  * with poll_edit_own permission for editing, or be topic starter
  * with poll_add_any permission for adding.
  * In the case of an error, this function will redirect back to
  * action_editpoll and display the relevant error message.
  * Upon successful completion of action will direct user back to topic.
  * Accessed via ?action=editpoll2.
  */
 public function action_editpoll2()
 {
     global $topic, $board, $user_info;
     // Sneaking off, are we?
     if (empty($_POST)) {
         redirectexit('action=editpoll;topic=' . $topic . '.0');
     }
     $poll_errors = Error_Context::context('poll');
     if (checkSession('post', '', false) != '') {
         $poll_errors->addError('session_timeout');
     }
     if (isset($_POST['preview'])) {
         return $this->action_editpoll();
     }
     // HACKERS (!!) can't edit :P.
     if (empty($topic)) {
         fatal_lang_error('no_access', false);
     }
     // Is this a new poll, or editing an existing?
     $isEdit = isset($_REQUEST['add']) ? 0 : 1;
     // Make sure we have our stuff.
     require_once SUBSDIR . '/Poll.subs.php';
     // Get the starter and the poll's ID - if it's an edit.
     $bcinfo = getPollStarter($topic);
     // Check their adding/editing is valid.
     if (!$isEdit && !empty($bcinfo['id_poll'])) {
         fatal_lang_error('poll_already_exists');
     } elseif ($isEdit && empty($bcinfo['id_poll'])) {
         fatal_lang_error('poll_not_found');
     }
     // Check if they have the power to add or edit the poll.
     if ($isEdit && !allowedTo('poll_edit_any')) {
         isAllowedTo('poll_edit_' . ($user_info['id'] == $bcinfo['id_member_started'] || $bcinfo['poll_starter'] != 0 && $user_info['id'] == $bcinfo['poll_starter'] ? 'own' : 'any'));
     } elseif (!$isEdit && !allowedTo('poll_add_any')) {
         isAllowedTo('poll_add_' . ($user_info['id'] == $bcinfo['id_member_started'] ? 'own' : 'any'));
     }
     $optionCount = 0;
     $idCount = 0;
     // Ensure the user is leaving a valid amount of options - there must be at least two.
     foreach ($_POST['options'] as $k => $option) {
         if (trim($option) != '') {
             $optionCount++;
             $idCount = max($idCount, $k);
         }
     }
     if ($optionCount < 2) {
         $poll_errors->addError('poll_few');
     } elseif ($optionCount > 256 || $idCount > 255) {
         $poll_errors->addError('poll_many');
     }
     // Also - ensure they are not removing the question.
     if (trim($_POST['question']) == '') {
         $poll_errors->addError('no_question');
     }
     // Got any errors to report?
     if ($poll_errors->hasErrors()) {
         return $this->action_editpoll();
     }
     // Prevent double submission of this form.
     checkSubmitOnce('check');
     // Now we've done all our error checking, let's get the core poll information cleaned... question first.
     $_POST['question'] = Util::htmlspecialchars($_POST['question']);
     $_POST['question'] = Util::substr($_POST['question'], 0, 255);
     $_POST['poll_hide'] = (int) $_POST['poll_hide'];
     $_POST['poll_expire'] = isset($_POST['poll_expire']) ? (int) $_POST['poll_expire'] : 0;
     $_POST['poll_change_vote'] = isset($_POST['poll_change_vote']) ? 1 : 0;
     $_POST['poll_guest_vote'] = isset($_POST['poll_guest_vote']) ? 1 : 0;
     // Make sure guests are actually allowed to vote generally.
     if ($_POST['poll_guest_vote']) {
         require_once SUBSDIR . '/Members.subs.php';
         $allowedGroups = groupsAllowedTo('poll_vote', $board);
         if (!in_array(-1, $allowedGroups['allowed'])) {
             $_POST['poll_guest_vote'] = 0;
         }
     }
     // Ensure that the number options allowed makes sense, and the expiration date is valid.
     if (!$isEdit || allowedTo('moderate_board')) {
         $_POST['poll_expire'] = $_POST['poll_expire'] > 9999 ? 9999 : ($_POST['poll_expire'] < 0 ? 0 : $_POST['poll_expire']);
         if (empty($_POST['poll_expire']) && $_POST['poll_hide'] == 2) {
             $_POST['poll_hide'] = 1;
         } elseif (!$isEdit || $_POST['poll_expire'] != ceil($bcinfo['expire_time'] <= time() ? -1 : ($bcinfo['expire_time'] - time()) / (3600 * 24))) {
             $_POST['poll_expire'] = empty($_POST['poll_expire']) ? '0' : time() + $_POST['poll_expire'] * 3600 * 24;
         } else {
             $_POST['poll_expire'] = $bcinfo['expire_time'];
         }
         if (empty($_POST['poll_max_votes']) || $_POST['poll_max_votes'] <= 0) {
             $_POST['poll_max_votes'] = 1;
         } else {
             $_POST['poll_max_votes'] = (int) $_POST['poll_max_votes'];
         }
     }
     // If we're editing, let's commit the changes.
     if ($isEdit) {
         modifyPoll($bcinfo['id_poll'], $_POST['question'], !empty($_POST['poll_max_votes']) ? $_POST['poll_max_votes'] : 0, $_POST['poll_hide'], !empty($_POST['poll_expire']) ? $_POST['poll_expire'] : 0, $_POST['poll_change_vote'], $_POST['poll_guest_vote']);
     } else {
         // Create the poll.
         $bcinfo['id_poll'] = createPoll($_POST['question'], $user_info['id'], $user_info['username'], $_POST['poll_max_votes'], $_POST['poll_hide'], $_POST['poll_expire'], $_POST['poll_change_vote'], $_POST['poll_guest_vote']);
         // Link the poll to the topic.
         associatedPoll($topic, $bcinfo['id_poll']);
     }
     // Get all the choices.  (no better way to remove all emptied and add previously non-existent ones.)
     $choices = array_keys(pollOptions($bcinfo['id_poll']));
     $add_options = array();
     $update_options = array();
     $delete_options = array();
     foreach ($_POST['options'] as $k => $option) {
         // Make sure the key is numeric for sanity's sake.
         $k = (int) $k;
         // They've cleared the box.  Either they want it deleted, or it never existed.
         if (trim($option) == '') {
             // They want it deleted.  Bye.
             if (in_array($k, $choices)) {
                 $delete_options[] = $k;
             }
             // Skip the rest...
             continue;
         }
         // Dress the option up for its big date with the database.
         $option = Util::htmlspecialchars($option);
         // If it's already there, update it.  If it's not... add it.
         if (in_array($k, $choices)) {
             $update_options[] = array($bcinfo['id_poll'], $k, $option);
         } else {
             $add_options[] = array($bcinfo['id_poll'], $k, $option, 0);
         }
     }
     if (!empty($update_options)) {
         modifyPollOption($update_options);
     }
     if (!empty($add_options)) {
         insertPollOptions($add_options);
     }
     // I'm sorry, but... well, no one was choosing you. Poor options, I'll put you out of your misery.
     if (!empty($delete_options)) {
         deletePollOptions($bcinfo['id_poll'], $delete_options);
     }
     // Shall I reset the vote count, sir?
     if (isset($_POST['resetVoteCount'])) {
         resetVotes($bcinfo['id_poll']);
     }
     call_integration_hook('integrate_poll_add_edit', array($bcinfo['id_poll'], $isEdit));
     // Off we go.
     redirectexit('topic=' . $topic . '.' . $_REQUEST['start']);
 }
 /**
  * Does the actual saving of the article data
  *
  * - validates the data is safe to save
  * - updates existing articles or creates new ones
  */
 private function _sportal_admin_article_edit_save()
 {
     global $context, $txt, $modSettings;
     // No errors, yet.
     $article_errors = Error_Context::context('article', 0);
     // Use our standard validation functions in a few spots
     require_once SUBSDIR . '/DataValidator.class.php';
     $validator = new Data_Validator();
     // If its not new, lets load the current data
     if (!$this->_is_new) {
         $_REQUEST['article_id'] = (int) $_REQUEST['article_id'];
         $context['article'] = sportal_get_articles($_REQUEST['article_id']);
     }
     // Clean and Review the post data for compliance
     $validator->sanitation_rules(array('title' => 'trim|Util::htmlspecialchars', 'namespace' => 'trim|Util::htmlspecialchars', 'article_id' => 'intval', 'category_id' => 'intval', 'permissions' => 'intval', 'type' => 'trim', 'content' => 'trim'));
     $validator->validation_rules(array('title' => 'required', 'namespace' => 'alpha_numeric|required', 'type' => 'required', 'content' => 'required'));
     $validator->text_replacements(array('title' => $txt['sp_admin_articles_col_title'], 'namespace' => $txt['sp_admin_articles_col_namespace'], 'content' => $txt['sp_admin_articles_col_body']));
     // If you messed this up, back you go
     if (!$validator->validate($_POST)) {
         foreach ($validator->validation_errors() as $id => $error) {
             $article_errors->addError($error);
         }
         $this->action_sportal_admin_article_edit();
     }
     // Lets make sure this namespace (article id) is unique
     $has_duplicate = sp_duplicate_articles($validator->article_id, $validator->namespace);
     if (!empty($has_duplicate)) {
         $article_errors->addError('sp_error_article_namespace_duplicate');
     }
     // And we can't have just a numeric namespace (article id)
     if (preg_replace('~[0-9]+~', '', $validator->namespace) === '') {
         $article_errors->addError('sp_error_article_namespace_numeric');
     }
     // Posting some PHP code, and allowed? Then we need to validate it will run
     if ($_POST['type'] === 'php' && !empty($_POST['content']) && empty($modSettings['sp_disable_php_validation'])) {
         $validator_php = new Data_Validator();
         $validator_php->validation_rules(array('content' => 'php_syntax'));
         // Bad PHP code
         if (!$validator_php->validate(array('content' => $_POST['content']))) {
             $article_errors->addError($validator_php->validation_errors());
         }
     }
     // None shall pass ... with errors
     if ($article_errors->hasErrors()) {
         $this->action_sportal_admin_article_edit();
     }
     // No errors then, prepare the data for saving
     $article_info = array('id' => $validator->article_id, 'id_category' => $validator->category_id, 'namespace' => $validator->namespace, 'title' => $validator->title, 'body' => Util::htmlspecialchars($_POST['content'], ENT_QUOTES), 'type' => in_array($validator->type, array('bbc', 'html', 'php')) ? $_POST['type'] : 'bbc', 'permissions' => $validator->permissions, 'status' => !empty($_POST['status']) ? 1 : 0);
     if ($article_info['type'] === 'bbc') {
         preparsecode($article_info['body']);
     }
     // Save away
     checkSession();
     sp_save_article($article_info, $this->_is_new);
     redirectexit('action=admin;area=portalarticles');
     return true;
 }
示例#9
0
 /**
  * Find and return error_context instance if it exists,
  * or create a new instance for $id if it didn't already exist.
  *
  * @param string $id
  * @param int|null $default_severity
  * @return Error_Context
  */
 public static function context($id = 'default', $default_severity = null)
 {
     if (self::$_contexts === null) {
         self::$_contexts = array();
     }
     if (!array_key_exists($id, self::$_contexts)) {
         self::$_contexts[$id] = new Error_Context($id, $default_severity);
     }
     return self::$_contexts[$id];
 }
示例#10
0
/**
 * Checks a username obeys a load of rules
 *
 * - Returns null if fine
 *
 * @package Authorization
 * @param int $memID
 * @param string $username
 * @param string $error_context
 * @param boolean $check_reserved_name
 * @param boolean $fatal pass through to isReservedName
 * @return string
 */
function validateUsername($memID, $username, $error_context = 'register', $check_reserved_name = true, $fatal = true)
{
    global $txt;
    $errors = Error_Context::context($error_context, 0);
    // Don't use too long a name.
    if (Util::strlen($username) > 25) {
        $errors->addError('error_long_name');
    }
    // No name?!  How can you register with no name?
    if ($username == '') {
        $errors->addError('need_username');
    }
    // Only these characters are permitted.
    if (in_array($username, array('_', '|')) || preg_match('~[<>&"\'=\\\\]~', preg_replace('~&#(?:\\d{1,7}|x[0-9a-fA-F]{1,6});~', '', $username)) != 0 || strpos($username, '[code') !== false || strpos($username, '[/code') !== false) {
        $errors->addError('error_invalid_characters_username');
    }
    if (stristr($username, $txt['guest_title']) !== false) {
        $errors->addError(array('username_reserved', array($txt['guest_title'])), 1);
    }
    if ($check_reserved_name) {
        require_once SUBSDIR . '/Members.subs.php';
        if (isReservedName($username, $memID, false, $fatal)) {
            $errors->addError(array('name_in_use', array(htmlspecialchars($username, ENT_COMPAT, 'UTF-8'))));
        }
    }
}
示例#11
0
/**
 * Registers a member to the forum.
 *
 * What it does:
 * - Allows two types of interface: 'guest' and 'admin'. The first
 * - includes hammering protection, the latter can perform the registration silently.
 * - The strings used in the options array are assumed to be escaped.
 * - Allows to perform several checks on the input, e.g. reserved names.
 * - The function will adjust member statistics.
 * - If an error is detected will fatal error on all errors unless return_errors is true.
 *
 * @package Members
 * @uses Auth.subs.php
 * @uses Mail.subs.php
 * @param mixed[] $regOptions
 * @param string $error_context
 * @return integer the ID of the newly created member
 */
function registerMember(&$regOptions, $error_context = 'register')
{
    global $scripturl, $txt, $modSettings, $user_info;
    $db = database();
    loadLanguage('Login');
    // We'll need some external functions.
    require_once SUBSDIR . '/Auth.subs.php';
    require_once SUBSDIR . '/Mail.subs.php';
    // Put any errors in here.
    $reg_errors = Error_Context::context($error_context, 0);
    // Registration from the admin center, let them sweat a little more.
    if ($regOptions['interface'] == 'admin') {
        is_not_guest();
        isAllowedTo('moderate_forum');
    } elseif ($regOptions['interface'] == 'guest') {
        // You cannot register twice...
        if (empty($user_info['is_guest'])) {
            redirectexit();
        }
        // Make sure they didn't just register with this session.
        if (!empty($_SESSION['just_registered']) && empty($modSettings['disableRegisterCheck'])) {
            fatal_lang_error('register_only_once', false);
        }
    }
    // What method of authorization are we going to use?
    if (empty($regOptions['auth_method']) || !in_array($regOptions['auth_method'], array('password', 'openid'))) {
        if (!empty($regOptions['openid'])) {
            $regOptions['auth_method'] = 'openid';
        } else {
            $regOptions['auth_method'] = 'password';
        }
    }
    // Spaces and other odd characters are evil...
    $regOptions['username'] = trim(preg_replace('~[\\t\\n\\r \\x0B\\0\\x{A0}\\x{AD}\\x{2000}-\\x{200F}\\x{201F}\\x{202F}\\x{3000}\\x{FEFF}]+~u', ' ', $regOptions['username']));
    // Valid emails only
    require_once SUBSDIR . '/DataValidator.class.php';
    if (!Data_Validator::is_valid($regOptions, array('email' => 'valid_email|required|max_length[255]'), array('email' => 'trim'))) {
        $reg_errors->addError('bad_email');
    }
    validateUsername(0, $regOptions['username'], $error_context, !empty($regOptions['check_reserved_name']));
    // Generate a validation code if it's supposed to be emailed.
    $validation_code = '';
    if ($regOptions['require'] == 'activation') {
        $validation_code = generateValidationCode();
    }
    // If you haven't put in a password generate one.
    if ($regOptions['interface'] == 'admin' && $regOptions['password'] == '' && $regOptions['auth_method'] == 'password') {
        mt_srand(time() + 1277);
        $regOptions['password'] = generateValidationCode();
        $regOptions['password_check'] = $regOptions['password'];
    } elseif ($regOptions['password'] != $regOptions['password_check'] && $regOptions['auth_method'] == 'password') {
        $reg_errors->addError('passwords_dont_match');
    }
    // That's kind of easy to guess...
    if ($regOptions['password'] == '') {
        if ($regOptions['auth_method'] == 'password') {
            $reg_errors->addError('no_password');
        } else {
            $regOptions['password'] = sha1(mt_rand());
        }
    }
    // Now perform hard password validation as required.
    if (!empty($regOptions['check_password_strength']) && $regOptions['password'] != '') {
        $passwordError = validatePassword($regOptions['password'], $regOptions['username'], array($regOptions['email']));
        // Password isn't legal?
        if ($passwordError != null) {
            $reg_errors->addError('profile_error_password_' . $passwordError);
        }
    }
    // You may not be allowed to register this email.
    if (!empty($regOptions['check_email_ban'])) {
        isBannedEmail($regOptions['email'], 'cannot_register', $txt['ban_register_prohibited']);
    }
    // Check if the email address is in use.
    $request = $db->query('', '
		SELECT id_member
		FROM {db_prefix}members
		WHERE email_address = {string:email_address}
			OR email_address = {string:username}
		LIMIT 1', array('email_address' => $regOptions['email'], 'username' => $regOptions['username']));
    if ($db->num_rows($request) != 0) {
        $reg_errors->addError(array('email_in_use', array(htmlspecialchars($regOptions['email'], ENT_COMPAT, 'UTF-8'))));
    }
    $db->free_result($request);
    // Perhaps someone else wants to check this user
    call_integration_hook('integrate_register_check', array(&$regOptions, &$reg_errors));
    // If there's any errors left return them at once!
    if ($reg_errors->hasErrors()) {
        return false;
    }
    $reservedVars = array('actual_theme_url', 'actual_images_url', 'base_theme_dir', 'base_theme_url', 'default_images_url', 'default_theme_dir', 'default_theme_url', 'default_template', 'images_url', 'number_recent_posts', 'smiley_sets_default', 'theme_dir', 'theme_id', 'theme_layers', 'theme_templates', 'theme_url');
    // Can't change reserved vars.
    if (isset($regOptions['theme_vars']) && count(array_intersect(array_keys($regOptions['theme_vars']), $reservedVars)) != 0) {
        fatal_lang_error('no_theme');
    }
    // New password hash
    require_once SUBSDIR . '/Auth.subs.php';
    // Some of these might be overwritten. (the lower ones that are in the arrays below.)
    $regOptions['register_vars'] = array('member_name' => $regOptions['username'], 'email_address' => $regOptions['email'], 'passwd' => validateLoginPassword($regOptions['password'], '', $regOptions['username'], true), 'password_salt' => substr(md5(mt_rand()), 0, 4), 'posts' => 0, 'date_registered' => !empty($regOptions['time']) ? $regOptions['time'] : time(), 'member_ip' => $regOptions['interface'] == 'admin' ? '127.0.0.1' : $regOptions['ip'], 'member_ip2' => $regOptions['interface'] == 'admin' ? '127.0.0.1' : $regOptions['ip2'], 'validation_code' => $validation_code, 'real_name' => $regOptions['username'], 'personal_text' => $modSettings['default_personal_text'], 'pm_email_notify' => 1, 'id_theme' => 0, 'id_post_group' => 4, 'lngfile' => '', 'buddy_list' => '', 'pm_ignore_list' => '', 'message_labels' => '', 'website_title' => '', 'website_url' => '', 'location' => '', 'time_format' => '', 'signature' => '', 'avatar' => '', 'usertitle' => '', 'secret_question' => '', 'secret_answer' => '', 'additional_groups' => '', 'ignore_boards' => '', 'smiley_set' => '', 'openid_uri' => !empty($regOptions['openid']) ? $regOptions['openid'] : '');
    // Setup the activation status on this new account so it is correct - firstly is it an under age account?
    if ($regOptions['require'] == 'coppa') {
        $regOptions['register_vars']['is_activated'] = 5;
        // @todo This should be changed.  To what should be it be changed??
        $regOptions['register_vars']['validation_code'] = '';
    } elseif ($regOptions['require'] == 'nothing') {
        $regOptions['register_vars']['is_activated'] = 1;
    } elseif ($regOptions['require'] == 'activation') {
        $regOptions['register_vars']['is_activated'] = 0;
    } else {
        $regOptions['register_vars']['is_activated'] = 3;
    }
    if (isset($regOptions['memberGroup'])) {
        // Make sure the id_group will be valid, if this is an administator.
        $regOptions['register_vars']['id_group'] = $regOptions['memberGroup'] == 1 && !allowedTo('admin_forum') ? 0 : $regOptions['memberGroup'];
        // Check if this group is assignable.
        $unassignableGroups = array(-1, 3);
        $request = $db->query('', '
			SELECT id_group
			FROM {db_prefix}membergroups
			WHERE min_posts != {int:min_posts}' . (allowedTo('admin_forum') ? '' : '
				OR group_type = {int:is_protected}'), array('min_posts' => -1, 'is_protected' => 1));
        while ($row = $db->fetch_assoc($request)) {
            $unassignableGroups[] = $row['id_group'];
        }
        $db->free_result($request);
        if (in_array($regOptions['register_vars']['id_group'], $unassignableGroups)) {
            $regOptions['register_vars']['id_group'] = 0;
        }
    }
    // Integrate optional member settings to be set.
    if (!empty($regOptions['extra_register_vars'])) {
        foreach ($regOptions['extra_register_vars'] as $var => $value) {
            $regOptions['register_vars'][$var] = $value;
        }
    }
    // Integrate optional user theme options to be set.
    $theme_vars = array();
    if (!empty($regOptions['theme_vars'])) {
        foreach ($regOptions['theme_vars'] as $var => $value) {
            $theme_vars[$var] = $value;
        }
    }
    // Right, now let's prepare for insertion.
    $knownInts = array('date_registered', 'posts', 'id_group', 'last_login', 'personal_messages', 'unread_messages', 'notifications', 'new_pm', 'pm_prefs', 'gender', 'hide_email', 'show_online', 'pm_email_notify', 'karma_good', 'karma_bad', 'notify_announcements', 'notify_send_body', 'notify_regularity', 'notify_types', 'id_theme', 'is_activated', 'id_msg_last_visit', 'id_post_group', 'total_time_logged_in', 'warning');
    $knownFloats = array('time_offset');
    // Call an optional function to validate the users' input.
    call_integration_hook('integrate_register', array(&$regOptions, &$theme_vars, &$knownInts, &$knownFloats));
    $column_names = array();
    $values = array();
    foreach ($regOptions['register_vars'] as $var => $val) {
        $type = 'string';
        if (in_array($var, $knownInts)) {
            $type = 'int';
        } elseif (in_array($var, $knownFloats)) {
            $type = 'float';
        } elseif ($var == 'birthdate') {
            $type = 'date';
        }
        $column_names[$var] = $type;
        $values[$var] = $val;
    }
    // Register them into the database.
    $db->insert('', '{db_prefix}members', $column_names, $values, array('id_member'));
    $memberID = $db->insert_id('{db_prefix}members', 'id_member');
    // Update the number of members and latest member's info - and pass the name, but remove the 's.
    if ($regOptions['register_vars']['is_activated'] == 1) {
        updateMemberStats($memberID, $regOptions['register_vars']['real_name']);
    } else {
        updateMemberStats();
    }
    // Theme variables too?
    if (!empty($theme_vars)) {
        $inserts = array();
        foreach ($theme_vars as $var => $val) {
            $inserts[] = array($memberID, $var, $val);
        }
        $db->insert('insert', '{db_prefix}themes', array('id_member' => 'int', 'variable' => 'string-255', 'value' => 'string-65534'), $inserts, array('id_member', 'variable'));
    }
    // If it's enabled, increase the registrations for today.
    trackStats(array('registers' => '+'));
    // Administrative registrations are a bit different...
    if ($regOptions['interface'] == 'admin') {
        if ($regOptions['require'] == 'activation') {
            $email_message = 'admin_register_activate';
        } elseif (!empty($regOptions['send_welcome_email'])) {
            $email_message = 'admin_register_immediate';
        }
        if (isset($email_message)) {
            $replacements = array('REALNAME' => $regOptions['register_vars']['real_name'], 'USERNAME' => $regOptions['username'], 'PASSWORD' => $regOptions['password'], 'FORGOTPASSWORDLINK' => $scripturl . '?action=reminder', 'ACTIVATIONLINK' => $scripturl . '?action=activate;u=' . $memberID . ';code=' . $validation_code, 'ACTIVATIONLINKWITHOUTCODE' => $scripturl . '?action=activate;u=' . $memberID, 'ACTIVATIONCODE' => $validation_code);
            $emaildata = loadEmailTemplate($email_message, $replacements);
            sendmail($regOptions['email'], $emaildata['subject'], $emaildata['body'], null, null, false, 0);
        }
    } else {
        // Can post straight away - welcome them to your fantastic community...
        if ($regOptions['require'] == 'nothing') {
            if (!empty($regOptions['send_welcome_email'])) {
                $replacements = array('REALNAME' => $regOptions['register_vars']['real_name'], 'USERNAME' => $regOptions['username'], 'PASSWORD' => $regOptions['password'], 'FORGOTPASSWORDLINK' => $scripturl . '?action=reminder', 'OPENID' => !empty($regOptions['openid']) ? $regOptions['openid'] : '');
                $emaildata = loadEmailTemplate('register_' . ($regOptions['auth_method'] == 'openid' ? 'openid_' : '') . 'immediate', $replacements);
                sendmail($regOptions['email'], $emaildata['subject'], $emaildata['body'], null, null, false, 0);
            }
            // Send admin their notification.
            require_once SUBSDIR . '/Notification.subs.php';
            sendAdminNotifications('standard', $memberID, $regOptions['username']);
        } elseif ($regOptions['require'] == 'activation' || $regOptions['require'] == 'coppa') {
            $replacements = array('REALNAME' => $regOptions['register_vars']['real_name'], 'USERNAME' => $regOptions['username'], 'PASSWORD' => $regOptions['password'], 'FORGOTPASSWORDLINK' => $scripturl . '?action=reminder', 'OPENID' => !empty($regOptions['openid']) ? $regOptions['openid'] : '');
            if ($regOptions['require'] == 'activation') {
                $replacements += array('ACTIVATIONLINK' => $scripturl . '?action=activate;u=' . $memberID . ';code=' . $validation_code, 'ACTIVATIONLINKWITHOUTCODE' => $scripturl . '?action=activate;u=' . $memberID, 'ACTIVATIONCODE' => $validation_code);
            } else {
                $replacements += array('COPPALINK' => $scripturl . '?action=coppa;u=' . $memberID);
            }
            $emaildata = loadEmailTemplate('register_' . ($regOptions['auth_method'] == 'openid' ? 'openid_' : '') . ($regOptions['require'] == 'activation' ? 'activate' : 'coppa'), $replacements);
            sendmail($regOptions['email'], $emaildata['subject'], $emaildata['body'], null, null, false, 0);
        } else {
            $replacements = array('REALNAME' => $regOptions['register_vars']['real_name'], 'USERNAME' => $regOptions['username'], 'PASSWORD' => $regOptions['password'], 'FORGOTPASSWORDLINK' => $scripturl . '?action=reminder', 'OPENID' => !empty($regOptions['openid']) ? $regOptions['openid'] : '');
            $emaildata = loadEmailTemplate('register_' . ($regOptions['auth_method'] == 'openid' ? 'openid_' : '') . 'pending', $replacements);
            sendmail($regOptions['email'], $emaildata['subject'], $emaildata['body'], null, null, false, 0);
            // Admin gets informed here...
            require_once SUBSDIR . '/Notification.subs.php';
            sendAdminNotifications('approval', $memberID, $regOptions['username']);
        }
        // Okay, they're for sure registered... make sure the session is aware of this for security. (Just married :P!)
        $_SESSION['just_registered'] = 1;
    }
    // If they are for sure registered, let other people to know about it
    call_integration_hook('integrate_register_after', array($regOptions, $memberID));
    return $memberID;
}
示例#12
0
    /**
     * Used to edit the body or subject of a message inline
     * called from action=jsmodify from script and topic js
     */
    public function action_jsmodify()
    {
        global $modSettings, $board, $topic;
        global $user_info, $context;
        $db = database();
        // We have to have a topic!
        if (empty($topic)) {
            obExit(false);
        }
        checkSession('get');
        require_once SUBSDIR . '/Post.subs.php';
        // Assume the first message if no message ID was given.
        $request = $db->query('', '
			SELECT
				t.locked, t.num_replies, t.id_member_started, t.id_first_msg,
				m.id_msg, m.id_member, m.poster_time, m.subject, m.smileys_enabled, m.body, m.icon,
				m.modified_time, m.modified_name, m.approved
			FROM {db_prefix}messages AS m
				INNER JOIN {db_prefix}topics AS t ON (t.id_topic = {int:current_topic})
			WHERE m.id_msg = {raw:id_msg}
				AND m.id_topic = {int:current_topic}' . (allowedTo('modify_any') || allowedTo('approve_posts') ? '' : (!$modSettings['postmod_active'] ? '
				AND (m.id_member != {int:guest_id} AND m.id_member = {int:current_member})' : '
				AND (m.approved = {int:is_approved} OR (m.id_member != {int:guest_id} AND m.id_member = {int:current_member}))')), array('current_member' => $user_info['id'], 'current_topic' => $topic, 'id_msg' => empty($_REQUEST['msg']) ? 't.id_first_msg' : (int) $_REQUEST['msg'], 'is_approved' => 1, 'guest_id' => 0));
        if ($db->num_rows($request) == 0) {
            fatal_lang_error('no_board', false);
        }
        $row = $db->fetch_assoc($request);
        $db->free_result($request);
        // Change either body or subject requires permissions to modify messages.
        if (isset($_POST['message']) || isset($_POST['subject']) || isset($_REQUEST['icon'])) {
            if (!empty($row['locked'])) {
                isAllowedTo('moderate_board');
            }
            if ($row['id_member'] == $user_info['id'] && !allowedTo('modify_any')) {
                if ((!$modSettings['postmod_active'] || $row['approved']) && !empty($modSettings['edit_disable_time']) && $row['poster_time'] + ($modSettings['edit_disable_time'] + 5) * 60 < time()) {
                    fatal_lang_error('modify_post_time_passed', false);
                } elseif ($row['id_member_started'] == $user_info['id'] && !allowedTo('modify_own')) {
                    isAllowedTo('modify_replies');
                } else {
                    isAllowedTo('modify_own');
                }
            } elseif ($row['id_member_started'] == $user_info['id'] && !allowedTo('modify_any')) {
                isAllowedTo('modify_replies');
            } else {
                isAllowedTo('modify_any');
            }
            // Only log this action if it wasn't your message.
            $moderationAction = $row['id_member'] != $user_info['id'];
        }
        $post_errors = Error_Context::context('post', 1);
        if (isset($_POST['subject']) && Util::htmltrim(Util::htmlspecialchars($_POST['subject'])) !== '') {
            $_POST['subject'] = strtr(Util::htmlspecialchars($_POST['subject']), array("\r" => '', "\n" => '', "\t" => ''));
            // Maximum number of characters.
            if (Util::strlen($_POST['subject']) > 100) {
                $_POST['subject'] = Util::substr($_POST['subject'], 0, 100);
            }
        } elseif (isset($_POST['subject'])) {
            $post_errors->addError('no_subject');
            unset($_POST['subject']);
        }
        if (isset($_POST['message'])) {
            if (Util::htmltrim(Util::htmlspecialchars($_POST['message'])) === '') {
                $post_errors->addError('no_message');
                unset($_POST['message']);
            } elseif (!empty($modSettings['max_messageLength']) && Util::strlen($_POST['message']) > $modSettings['max_messageLength']) {
                $post_errors->addError(array('long_message', array($modSettings['max_messageLength'])));
                unset($_POST['message']);
            } else {
                $_POST['message'] = Util::htmlspecialchars($_POST['message'], ENT_QUOTES);
                preparsecode($_POST['message']);
                if (Util::htmltrim(strip_tags(parse_bbc($_POST['message'], false), '<img>')) === '') {
                    $post_errors->addError('no_message');
                    unset($_POST['message']);
                }
            }
        }
        if (isset($_POST['lock'])) {
            if (!allowedTo(array('lock_any', 'lock_own')) || !allowedTo('lock_any') && $user_info['id'] != $row['id_member']) {
                unset($_POST['lock']);
            } elseif (!allowedTo('lock_any')) {
                if ($row['locked'] == 1) {
                    unset($_POST['lock']);
                } else {
                    $_POST['lock'] = empty($_POST['lock']) ? 0 : 2;
                }
            } elseif (!empty($row['locked']) && !empty($_POST['lock']) || $_POST['lock'] == $row['locked']) {
                unset($_POST['lock']);
            } else {
                $_POST['lock'] = empty($_POST['lock']) ? 0 : 1;
            }
        }
        if (isset($_POST['sticky']) && !allowedTo('make_sticky')) {
            unset($_POST['sticky']);
        }
        if (!$post_errors->hasErrors()) {
            $msgOptions = array('id' => $row['id_msg'], 'subject' => isset($_POST['subject']) ? $_POST['subject'] : null, 'body' => isset($_POST['message']) ? $_POST['message'] : null, 'icon' => isset($_REQUEST['icon']) ? preg_replace('~[\\./\\\\*\':"<>]~', '', $_REQUEST['icon']) : null);
            $topicOptions = array('id' => $topic, 'board' => $board, 'lock_mode' => isset($_POST['lock']) ? (int) $_POST['lock'] : null, 'sticky_mode' => isset($_POST['sticky']) && !empty($modSettings['enableStickyTopics']) ? (int) $_POST['sticky'] : null, 'mark_as_read' => false);
            $posterOptions = array();
            // Only consider marking as editing if they have edited the subject, message or icon.
            if (isset($_POST['subject']) && $_POST['subject'] != $row['subject'] || isset($_POST['message']) && $_POST['message'] != $row['body'] || isset($_REQUEST['icon']) && $_REQUEST['icon'] != $row['icon']) {
                // And even then only if the time has passed...
                if (time() - $row['poster_time'] > $modSettings['edit_wait_time'] || $user_info['id'] != $row['id_member']) {
                    $msgOptions['modify_time'] = time();
                    $msgOptions['modify_name'] = $user_info['name'];
                }
            } else {
                $moderationAction = false;
            }
            modifyPost($msgOptions, $topicOptions, $posterOptions);
            // If we didn't change anything this time but had before put back the old info.
            if (!isset($msgOptions['modify_time']) && !empty($row['modified_time'])) {
                $msgOptions['modify_time'] = $row['modified_time'];
                $msgOptions['modify_name'] = $row['modified_name'];
            }
            // Changing the first subject updates other subjects to 'Re: new_subject'.
            if (isset($_POST['subject']) && isset($_REQUEST['change_all_subjects']) && $row['id_first_msg'] == $row['id_msg'] && !empty($row['num_replies']) && (allowedTo('modify_any') || $row['id_member_started'] == $user_info['id'] && allowedTo('modify_replies'))) {
                // Get the proper (default language) response prefix first.
                $context['response_prefix'] = response_prefix();
                $db->query('', '
					UPDATE {db_prefix}messages
					SET subject = {string:subject}
					WHERE id_topic = {int:current_topic}
						AND id_msg != {int:id_first_msg}', array('current_topic' => $topic, 'id_first_msg' => $row['id_first_msg'], 'subject' => $context['response_prefix'] . $_POST['subject']));
            }
            if (!empty($moderationAction)) {
                logAction('modify', array('topic' => $topic, 'message' => $row['id_msg'], 'member' => $row['id_member'], 'board' => $board));
            }
        }
        if (isset($_REQUEST['xml'])) {
            $context['sub_template'] = 'modifydone';
            if (!$post_errors->hasErrors() && isset($msgOptions['subject']) && isset($msgOptions['body'])) {
                $context['message'] = array('id' => $row['id_msg'], 'modified' => array('time' => isset($msgOptions['modify_time']) ? standardTime($msgOptions['modify_time']) : '', 'html_time' => isset($msgOptions['modify_time']) ? htmlTime($msgOptions['modify_time']) : '', 'timestamp' => isset($msgOptions['modify_time']) ? forum_time(true, $msgOptions['modify_time']) : 0, 'name' => isset($msgOptions['modify_time']) ? $msgOptions['modify_name'] : ''), 'subject' => $msgOptions['subject'], 'first_in_topic' => $row['id_msg'] == $row['id_first_msg'], 'body' => strtr($msgOptions['body'], array(']]>' => ']]]]><![CDATA[>')));
                censorText($context['message']['subject']);
                censorText($context['message']['body']);
                $context['message']['body'] = parse_bbc($context['message']['body'], $row['smileys_enabled'], $row['id_msg']);
            } elseif (!$post_errors->hasErrors()) {
                $context['sub_template'] = 'modifytopicdone';
                $context['message'] = array('id' => $row['id_msg'], 'modified' => array('time' => isset($msgOptions['modify_time']) ? standardTime($msgOptions['modify_time']) : '', 'html_time' => isset($msgOptions['modify_time']) ? htmlTime($msgOptions['modify_time']) : '', 'timestamp' => isset($msgOptions['modify_time']) ? forum_time(true, $msgOptions['modify_time']) : 0, 'name' => isset($msgOptions['modify_time']) ? $msgOptions['modify_name'] : ''), 'subject' => isset($msgOptions['subject']) ? $msgOptions['subject'] : '');
                censorText($context['message']['subject']);
            } else {
                $context['message'] = array('id' => $row['id_msg'], 'errors' => array(), 'error_in_subject' => $post_errors->hasError('no_subject'), 'error_in_body' => $post_errors->hasError('no_message') || $post_errors->hasError('long_message'));
                $context['message']['errors'] = $post_errors->prepareErrors();
            }
        } else {
            obExit(false);
        }
    }
 /**
  * Send a personal message.
  */
 public function action_send2()
 {
     global $txt, $context, $user_info, $modSettings;
     // All the helpers we need
     require_once SUBSDIR . '/Auth.subs.php';
     require_once SUBSDIR . '/Post.subs.php';
     // PM Drafts enabled and needed?
     if ($context['drafts_pm_save'] && (isset($_POST['save_draft']) || isset($_POST['id_pm_draft']))) {
         require_once SUBSDIR . '/Drafts.subs.php';
     }
     loadLanguage('PersonalMessage', '', false);
     // Extract out the spam settings - it saves database space!
     list($modSettings['max_pm_recipients'], $modSettings['pm_posts_verification'], $modSettings['pm_posts_per_hour']) = explode(',', $modSettings['pm_spam_settings']);
     // Initialize the errors we're about to make.
     $post_errors = Error_Context::context('pm', 1);
     // Check whether we've gone over the limit of messages we can send per hour - fatal error if fails!
     if (!empty($modSettings['pm_posts_per_hour']) && !allowedTo(array('admin_forum', 'moderate_forum', 'send_mail')) && $user_info['mod_cache']['bq'] == '0=1' && $user_info['mod_cache']['gq'] == '0=1') {
         // How many have they sent this last hour?
         $pmCount = pmCount($user_info['id'], 3600);
         if (!empty($pmCount) && $pmCount >= $modSettings['pm_posts_per_hour']) {
             if (!isset($_REQUEST['xml'])) {
                 fatal_lang_error('pm_too_many_per_hour', true, array($modSettings['pm_posts_per_hour']));
             } else {
                 $post_errors->addError('pm_too_many_per_hour');
             }
         }
     }
     // If your session timed out, show an error, but do allow to re-submit.
     if (!isset($_REQUEST['xml']) && checkSession('post', '', false) != '') {
         $post_errors->addError('session_timeout');
     }
     $_REQUEST['subject'] = isset($_REQUEST['subject']) ? strtr(Util::htmltrim($_POST['subject']), array("\r" => '', "\n" => '', "\t" => '')) : '';
     $_REQUEST['to'] = empty($_POST['to']) ? empty($_GET['to']) ? '' : $_GET['to'] : $_POST['to'];
     $_REQUEST['bcc'] = empty($_POST['bcc']) ? empty($_GET['bcc']) ? '' : $_GET['bcc'] : $_POST['bcc'];
     // Route the input from the 'u' parameter to the 'to'-list.
     if (!empty($_POST['u'])) {
         $_POST['recipient_to'] = explode(',', $_POST['u']);
     }
     // Construct the list of recipients.
     $recipientList = array();
     $namedRecipientList = array();
     $namesNotFound = array();
     foreach (array('to', 'bcc') as $recipientType) {
         // First, let's see if there's user ID's given.
         $recipientList[$recipientType] = array();
         if (!empty($_POST['recipient_' . $recipientType]) && is_array($_POST['recipient_' . $recipientType])) {
             foreach ($_POST['recipient_' . $recipientType] as $recipient) {
                 $recipientList[$recipientType][] = (int) $recipient;
             }
         }
         // Are there also literal names set?
         if (!empty($_REQUEST[$recipientType])) {
             // We're going to take out the "s anyway ;).
             $recipientString = strtr($_REQUEST[$recipientType], array('\\"' => '"'));
             preg_match_all('~"([^"]+)"~', $recipientString, $matches);
             $namedRecipientList[$recipientType] = array_unique(array_merge($matches[1], explode(',', preg_replace('~"[^"]+"~', '', $recipientString))));
             // Clean any literal names entered
             foreach ($namedRecipientList[$recipientType] as $index => $recipient) {
                 if (strlen(trim($recipient)) > 0) {
                     $namedRecipientList[$recipientType][$index] = Util::htmlspecialchars(Util::strtolower(trim($recipient)));
                 } else {
                     unset($namedRecipientList[$recipientType][$index]);
                 }
             }
             // Now see if we can resolove the entered name to an actual user
             if (!empty($namedRecipientList[$recipientType])) {
                 $foundMembers = findMembers($namedRecipientList[$recipientType]);
                 // Assume all are not found, until proven otherwise.
                 $namesNotFound[$recipientType] = $namedRecipientList[$recipientType];
                 // Make sure we only have each member listed once, incase they did not use the select list
                 foreach ($foundMembers as $member) {
                     $testNames = array(Util::strtolower($member['username']), Util::strtolower($member['name']), Util::strtolower($member['email']));
                     if (count(array_intersect($testNames, $namedRecipientList[$recipientType])) !== 0) {
                         $recipientList[$recipientType][] = $member['id'];
                         // Get rid of this username, since we found it.
                         $namesNotFound[$recipientType] = array_diff($namesNotFound[$recipientType], $testNames);
                     }
                 }
             }
         }
         // Selected a recipient to be deleted? Remove them now.
         if (!empty($_POST['delete_recipient'])) {
             $recipientList[$recipientType] = array_diff($recipientList[$recipientType], array((int) $_POST['delete_recipient']));
         }
         // Make sure we don't include the same name twice
         $recipientList[$recipientType] = array_unique($recipientList[$recipientType]);
     }
     // Are we changing the recipients some how?
     $is_recipient_change = !empty($_POST['delete_recipient']) || !empty($_POST['to_submit']) || !empty($_POST['bcc_submit']);
     // Check if there's at least one recipient.
     if (empty($recipientList['to']) && empty($recipientList['bcc'])) {
         $post_errors->addError('no_to');
     }
     // Make sure that we remove the members who did get it from the screen.
     if (!$is_recipient_change) {
         foreach (array_keys($recipientList) as $recipientType) {
             if (!empty($namesNotFound[$recipientType])) {
                 $post_errors->addError('bad_' . $recipientType);
                 // Since we already have a post error, remove the previous one.
                 $post_errors->removeError('no_to');
                 foreach ($namesNotFound[$recipientType] as $name) {
                     $context['send_log']['failed'][] = sprintf($txt['pm_error_user_not_found'], $name);
                 }
             }
         }
     }
     // Did they make any mistakes like no subject or message?
     if ($_REQUEST['subject'] == '') {
         $post_errors->addError('no_subject');
     }
     if (!isset($_REQUEST['message']) || $_REQUEST['message'] == '') {
         $post_errors->addError('no_message');
     } elseif (!empty($modSettings['max_messageLength']) && Util::strlen($_REQUEST['message']) > $modSettings['max_messageLength']) {
         $post_errors->addError('long_message');
     } else {
         // Preparse the message.
         $message = $_REQUEST['message'];
         preparsecode($message);
         // Make sure there's still some content left without the tags.
         if (Util::htmltrim(strip_tags(parse_bbc(Util::htmlspecialchars($message, ENT_QUOTES), false), '<img>')) === '' && (!allowedTo('admin_forum') || strpos($message, '[html]') === false)) {
             $post_errors->addError('no_message');
         }
     }
     // Wrong verification code?
     if (!$user_info['is_admin'] && !isset($_REQUEST['xml']) && !empty($modSettings['pm_posts_verification']) && $user_info['posts'] < $modSettings['pm_posts_verification']) {
         require_once SUBSDIR . '/VerificationControls.class.php';
         $verificationOptions = array('id' => 'pm');
         $context['require_verification'] = create_control_verification($verificationOptions, true);
         if (is_array($context['require_verification'])) {
             foreach ($context['require_verification'] as $error) {
                 $post_errors->addError($error);
             }
         }
     }
     // If they made any errors, give them a chance to make amends.
     if ($post_errors->hasErrors() && !$is_recipient_change && !isset($_REQUEST['preview']) && !isset($_REQUEST['xml'])) {
         return messagePostError($namedRecipientList, $recipientList);
     }
     // Want to take a second glance before you send?
     if (isset($_REQUEST['preview'])) {
         // Set everything up to be displayed.
         $context['preview_subject'] = Util::htmlspecialchars($_REQUEST['subject']);
         $context['preview_message'] = Util::htmlspecialchars($_REQUEST['message'], ENT_QUOTES, 'UTF-8', true);
         preparsecode($context['preview_message'], true);
         // Parse out the BBC if it is enabled.
         $context['preview_message'] = parse_bbc($context['preview_message']);
         // Censor, as always.
         censorText($context['preview_subject']);
         censorText($context['preview_message']);
         // Set a descriptive title.
         $context['page_title'] = $txt['preview'] . ' - ' . $context['preview_subject'];
         // Pretend they messed up but don't ignore if they really did :P.
         return messagePostError($namedRecipientList, $recipientList);
     } elseif ($is_recipient_change) {
         // Maybe we couldn't find one?
         foreach ($namesNotFound as $recipientType => $names) {
             $post_errors->addError('bad_' . $recipientType);
             foreach ($names as $name) {
                 $context['send_log']['failed'][] = sprintf($txt['pm_error_user_not_found'], $name);
             }
         }
         return messagePostError($namedRecipientList, $recipientList);
     }
     // Want to save this as a draft and think about it some more?
     if ($context['drafts_pm_save'] && isset($_POST['save_draft'])) {
         savePMDraft($recipientList);
         return messagePostError($namedRecipientList, $recipientList);
     } elseif (!empty($modSettings['max_pm_recipients']) && count($recipientList['to']) + count($recipientList['bcc']) > $modSettings['max_pm_recipients'] && !allowedTo(array('moderate_forum', 'send_mail', 'admin_forum'))) {
         $context['send_log'] = array('sent' => array(), 'failed' => array(sprintf($txt['pm_too_many_recipients'], $modSettings['max_pm_recipients'])));
         return messagePostError($namedRecipientList, $recipientList);
     }
     // Protect from message spamming.
     spamProtection('pm');
     // Prevent double submission of this form.
     checkSubmitOnce('check');
     // Finally do the actual sending of the PM.
     if (!empty($recipientList['to']) || !empty($recipientList['bcc'])) {
         $context['send_log'] = sendpm($recipientList, $_REQUEST['subject'], $_REQUEST['message'], true, null, !empty($_REQUEST['pm_head']) ? (int) $_REQUEST['pm_head'] : 0);
     } else {
         $context['send_log'] = array('sent' => array(), 'failed' => array());
     }
     // Mark the message as "replied to".
     if (!empty($context['send_log']['sent']) && !empty($_REQUEST['replied_to']) && isset($_REQUEST['f']) && $_REQUEST['f'] == 'inbox') {
         require_once SUBSDIR . '/PersonalMessage.subs.php';
         setPMRepliedStatus($user_info['id'], (int) $_REQUEST['replied_to']);
     }
     // If one or more of the recipients were invalid, go back to the post screen with the failed usernames.
     if (!empty($context['send_log']['failed'])) {
         return messagePostError($namesNotFound, array('to' => array_intersect($recipientList['to'], $context['send_log']['failed']), 'bcc' => array_intersect($recipientList['bcc'], $context['send_log']['failed'])));
     }
     // Message sent successfully?
     if (!empty($context['send_log']) && empty($context['send_log']['failed'])) {
         $context['current_label_redirect'] = $context['current_label_redirect'] . ';done=sent';
         // If we had a PM draft for this one, then its time to remove it since it was just sent
         if ($context['drafts_pm_save'] && !empty($_POST['id_pm_draft'])) {
             deleteDrafts($_POST['id_pm_draft'], $user_info['id']);
         }
     }
     // Go back to the where they sent from, if possible...
     redirectexit($context['current_label_redirect']);
 }
示例#14
0
/**
 * Saves a PM draft in the user_drafts table
 *
 * - The core draft feature must be enabled, as well as the pm draft option
 * - Determines if this is a new or and update to an existing pm draft
 *
 * @package Drafts
 * @param mixed[] $recipientList
 */
function savePMDraft($recipientList)
{
    global $context, $user_info, $modSettings;
    // Ajax calling
    if (!isset($context['drafts_pm_save'])) {
        $context['drafts_pm_save'] = !empty($modSettings['drafts_enabled']) && !empty($modSettings['drafts_pm_enabled']) && allowedTo('pm_draft');
    }
    // PM survey says ... can you stay or must you go
    if (empty($context['drafts_pm_save']) || !isset($_POST['save_draft']) || !isset($_POST['id_pm_draft'])) {
        return false;
    }
    // Read in what was sent
    $id_pm_draft = empty($_POST['id_pm_draft']) ? 0 : (int) $_POST['id_pm_draft'];
    $draft_info = loadDraft($id_pm_draft, 1);
    $post_errors = Error_Context::context('pm', 1);
    // 5 seconds is the same limit we have for posting
    if (isset($_REQUEST['xml']) && !empty($draft_info['poster_time']) && time() < $draft_info['poster_time'] + 5) {
        // Send something back to the javascript caller
        if (!empty($id_pm_draft)) {
            loadTemplate('Xml');
            $context['sub_template'] = 'xml_draft';
            $context['id_draft'] = $id_pm_draft;
            $context['draft_saved_on'] = $draft_info['poster_time'];
            obExit();
        }
        return true;
    }
    // Determine who this is being sent to
    if (isset($_REQUEST['xml'])) {
        $recipientList['to'] = isset($_POST['recipient_to']) ? explode(',', $_POST['recipient_to']) : array();
        $recipientList['bcc'] = isset($_POST['recipient_bcc']) ? explode(',', $_POST['recipient_bcc']) : array();
    } elseif (!empty($draft_info['to_list']) && empty($recipientList)) {
        $recipientList = unserialize($draft_info['to_list']);
    }
    // Prepare the data
    $draft = array('id_pm_draft' => $id_pm_draft, 'reply_id' => empty($_POST['replied_to']) ? 0 : (int) $_POST['replied_to'], 'body' => Util::htmlspecialchars($_POST['message'], ENT_QUOTES), 'subject' => strtr(Util::htmlspecialchars($_POST['subject']), array("\r" => '', "\n" => '', "\t" => '')), 'id_member' => $user_info['id']);
    // message and subject always need a bit more work
    preparsecode($draft['body']);
    if (Util::strlen($draft['subject']) > 100) {
        $draft['subject'] = Util::substr($draft['subject'], 0, 100);
    }
    // Modifying an existing PM draft?
    if (!empty($id_pm_draft) && !empty($draft_info)) {
        modify_pm_draft($draft, $recipientList);
        // some items to return to the form
        $context['draft_saved'] = true;
        $context['id_pm_draft'] = $id_pm_draft;
    } else {
        $id_pm_draft = create_pm_draft($draft, $recipientList);
        // Everything go as expected, if not toss back an error
        if (!empty($id_pm_draft)) {
            $context['draft_saved'] = true;
            $context['id_pm_draft'] = $id_pm_draft;
        } else {
            $post_errors->addError('draft_not_saved');
        }
    }
    // if we were called from the autosave function, send something back
    if (!empty($id_pm_draft) && isset($_REQUEST['xml']) && !$post_errors->hasError('session_timeout')) {
        loadTemplate('Xml');
        $context['sub_template'] = 'xml_draft';
        $context['id_draft'] = $id_pm_draft;
        $context['draft_saved_on'] = time();
        obExit();
    }
    return;
}
 public function action_register2()
 {
     global $txt, $modSettings, $context, $user_info;
     // Start collecting together any errors.
     $reg_errors = Error_Context::context('register', 0);
     // Check they are who they should be
     checkSession();
     if (!validateToken('register', 'post', true, false)) {
         $reg_errors->addError('token_verification');
     }
     // You can't register if it's disabled.
     if (!empty($modSettings['registration_method']) && $modSettings['registration_method'] == 3) {
         fatal_lang_error('registration_disabled', false);
     }
     // Well, if you don't agree, you can't register.
     if (!empty($modSettings['requireAgreement']) && !isset($_POST['checkbox_agreement'])) {
         $reg_errors->addError('agreement_unchecked');
     }
     // Make sure they came from *somewhere*, have a session.
     if (!isset($_SESSION['old_url'])) {
         redirectexit('action=register');
     }
     // Check their provider deatils match up correctly in case they're pulling something funny
     if ($_POST['provider'] != $_SESSION['extauth_info']['provider']) {
         redirectexit('action=register');
     }
     // Clean up
     foreach ($_POST as $key => $value) {
         if (!is_array($_POST[$key])) {
             $_POST[$key] = htmltrim__recursive(str_replace(array("\n", "\r"), '', $_POST[$key]));
         }
     }
     // Needed for isReservedName() and registerMember()
     require_once SUBSDIR . '/Members.subs.php';
     // Needed for generateValidationCode()
     require_once SUBSDIR . '/Auth.subs.php';
     // Set the options needed for registration.
     $regOptions = array('interface' => 'guest', 'username' => !empty($_POST['user']) ? $_POST['user'] : '', 'email' => !empty($_POST['email']) ? $_POST['email'] : '', 'check_reserved_name' => true, 'check_password_strength' => true, 'check_email_ban' => true, 'send_welcome_email' => !empty($modSettings['send_welcomeEmail']), 'require' => empty($modSettings['registration_method']) ? 'nothing' : ($modSettings['registration_method'] == 1 ? 'activation' : 'approval'));
     // Lets check for other errors before trying to register the member.
     if ($reg_errors->hasErrors()) {
         return $this->action_register();
     }
     mt_srand(time() + 1277);
     $regOptions['password'] = generateValidationCode();
     $regOptions['password_check'] = $regOptions['password'];
     // Registration needs to know your IP
     $req = request();
     $regOptions['ip'] = $user_info['ip'];
     $regOptions['ip2'] = $req->ban_ip();
     $memberID = registerMember($regOptions, 'register');
     // If there are "important" errors and you are not an admin: log the first error
     // Otherwise grab all of them and don't log anything
     if ($reg_errors->hasErrors(1) && !$user_info['is_admin']) {
         foreach ($reg_errors->prepareErrors(1) as $error) {
             fatal_error($error, 'general');
         }
     }
     // One last error check
     if ($reg_errors->hasErrors()) {
         return $this->action_register();
     }
     // Do our spam protection now.
     spamProtection('register');
     // Since all is well, we'll go ahead and associate the member's external account
     addAuth($memberID, $_SESSION['extauth_info']['provider'], $_SESSION['extauth_info']['uid'], $_SESSION['extauth_info']['name']);
     // Basic template variable setup.
     if (!empty($modSettings['registration_method'])) {
         loadTemplate('Register');
         $context += array('page_title' => $txt['register'], 'title' => $txt['registration_successful'], 'sub_template' => 'after', 'description' => $modSettings['registration_method'] == 2 ? $txt['approval_after_registration'] : $txt['activate_after_registration']);
     } else {
         call_integration_hook('integrate_activate', array($regOptions['username']));
         setLoginCookie(60 * $modSettings['cookieTime'], $memberID, hash('sha256', Util::strtolower($regOptions['username']) . $regOptions['password'] . $regOptions['register_vars']['password_salt']));
         redirectexit('action=auth;sa=check;member=' . $memberID, $context['server']['needs_login_fix']);
     }
 }
示例#16
0
 /**
  * This function handles submitted forms that add, modify or remove ban triggers.
  */
 public function action_edit2()
 {
     global $context;
     require_once SUBSDIR . '/Bans.subs.php';
     // Check with security first
     checkSession();
     validateToken('admin-bet');
     $ban_errors = Error_Context::context('ban', 1);
     // Adding or editing a ban group
     if (isset($_POST['add_ban']) || isset($_POST['modify_ban'])) {
         $ban_info = array();
         // Let's collect all the information we need
         $ban_info['id'] = isset($_REQUEST['bg']) ? (int) $_REQUEST['bg'] : 0;
         $ban_info['is_new'] = empty($ban_info['id']);
         $ban_info['expire_date'] = !empty($_POST['expire_date']) ? (int) $_POST['expire_date'] : 0;
         $ban_info['expiration'] = array('status' => isset($_POST['expiration']) && in_array($_POST['expiration'], array('never', 'one_day', 'expired')) ? $_POST['expiration'] : 'never', 'days' => $ban_info['expire_date']);
         $ban_info['db_expiration'] = $ban_info['expiration']['status'] == 'never' ? 'NULL' : ($ban_info['expiration']['status'] == 'one_day' ? time() + 24 * 60 * 60 * $ban_info['expire_date'] : 0);
         $ban_info['full_ban'] = empty($_POST['full_ban']) ? 0 : 1;
         $ban_info['reason'] = !empty($_POST['reason']) ? Util::htmlspecialchars($_POST['reason'], ENT_QUOTES) : '';
         $ban_info['name'] = !empty($_POST['ban_name']) ? Util::htmlspecialchars($_POST['ban_name'], ENT_QUOTES) : '';
         $ban_info['notes'] = isset($_POST['notes']) ? Util::htmlspecialchars($_POST['notes'], ENT_QUOTES) : '';
         $ban_info['notes'] = str_replace(array("\r", "\n", '  '), array('', '<br />', '&nbsp; '), $ban_info['notes']);
         $ban_info['cannot']['access'] = empty($ban_info['full_ban']) ? 0 : 1;
         $ban_info['cannot']['post'] = !empty($ban_info['full_ban']) || empty($_POST['cannot_post']) ? 0 : 1;
         $ban_info['cannot']['register'] = !empty($ban_info['full_ban']) || empty($_POST['cannot_register']) ? 0 : 1;
         $ban_info['cannot']['login'] = !empty($ban_info['full_ban']) || empty($_POST['cannot_login']) ? 0 : 1;
         // Adding a new ban group
         if (empty($ban_info['id'])) {
             $ban_group_id = insertBanGroup($ban_info);
         } else {
             $ban_group_id = updateBanGroup($ban_info);
         }
         if ($ban_group_id !== false) {
             $ban_info['id'] = $ban_group_id;
             $ban_info['is_new'] = false;
         }
         $context['ban'] = $ban_info;
     }
     // Update the triggers associated with this ban
     if (isset($_POST['ban_suggestions'])) {
         $saved_triggers = saveTriggers($_POST['ban_suggestions'], $ban_info['id'], isset($_REQUEST['u']) ? (int) $_REQUEST['u'] : 0, isset($_REQUEST['bi']) ? (int) $_REQUEST['bi'] : 0);
         $context['ban_suggestions']['saved_triggers'] = $saved_triggers;
     }
     // Something went wrong somewhere, ban info or triggers, ... Oh well, let's go back.
     if ($ban_errors->hasErrors()) {
         $context['ban_suggestions'] = $saved_triggers;
         $context['ban']['from_user'] = true;
         // They may have entered a name not using the member select box
         if (isset($_REQUEST['u'])) {
             $context['ban_suggestions'] = array_merge($context['ban_suggestions'], getMemberData((int) $_REQUEST['u']));
         } elseif (isset($_REQUEST['user'])) {
             $context['ban']['from_user'] = false;
             $context['use_autosuggest'] = true;
             $context['ban_suggestions']['member']['name'] = $_REQUEST['user'];
         }
         // Not strictly necessary, but it's nice
         if (!empty($context['ban_suggestions']['member']['id'])) {
             $context['ban_suggestions']['other_ips'] = banLoadAdditionalIPs($context['ban_suggestions']['member']['id']);
         }
         return $this->action_edit();
     }
     if (isset($_POST['ban_items'])) {
         $ban_group_id = isset($_REQUEST['bg']) ? (int) $_REQUEST['bg'] : 0;
         $ban_items = array_map('intval', $_POST['ban_items']);
         removeBanTriggers($ban_items, $ban_group_id);
     }
     // Register the last modified date.
     updateSettings(array('banLastUpdated' => time()));
     // Update the member table to represent the new ban situation.
     updateBanMembers();
     // Go back to an appropriate spot
     redirectexit('action=admin;area=ban;sa=' . (isset($_POST['add_ban']) ? 'list' : 'edit;bg=' . $ban_group_id));
 }
 /**
  * Does the actual saving of the page data
  *
  * - validates the data is safe to save
  * - updates existing pages or creates new ones
  */
 private function _sportal_admin_page_edit_save()
 {
     global $txt, $context, $modSettings;
     // No errors, yet.
     $pages_errors = Error_Context::context('pages', 0);
     // Use our standard validation functions in a few spots
     require_once SUBSDIR . '/DataValidator.class.php';
     $validator = new Data_Validator();
     // Clean and Review the post data for compliance
     $validator->sanitation_rules(array('title' => 'trim|Util::htmlspecialchars', 'namespace' => 'trim|Util::htmlspecialchars', 'permissions' => 'intval', 'type' => 'trim', 'content' => 'trim'));
     $validator->validation_rules(array('title' => 'required', 'namespace' => 'alpha_numeric|required', 'type' => 'required', 'content' => 'required'));
     $validator->text_replacements(array('title' => $txt['sp_error_page_name_empty'], 'namespace' => $txt['sp_error_page_namespace_empty'], 'content' => $txt['sp_admin_pages_col_body']));
     // If you messed this up, back you go
     if (!$validator->validate($_POST)) {
         foreach ($validator->validation_errors() as $id => $error) {
             $pages_errors->addError($error);
         }
         $this->action_sportal_admin_page_edit();
     }
     // Can't have the same name in the same space twice
     $has_duplicate = sp_check_duplicate_pages($_POST['namespace'], $_POST['page_id']);
     if (!empty($has_duplicate)) {
         $pages_errors->addError('sp_error_page_namespace_duplicate');
     }
     // Can't have a simple numeric namespace
     if (preg_replace('~[0-9]+~', '', $_POST['namespace']) === '') {
         $pages_errors->addError('sp_error_page_namespace_numeric');
     }
     if ($_POST['type'] === 'php' && !allowedTo('admin_forum')) {
         fatal_lang_error('cannot_admin_forum', false);
     }
     // Running some php code, then we need to validate its legit code
     if ($_POST['type'] === 'php' && !empty($_POST['content']) && empty($modSettings['sp_disable_php_validation'])) {
         $validator_php = new Data_Validator();
         $validator_php->validation_rules(array('content' => 'php_syntax'));
         // Bad PHP code
         if (!$validator_php->validate(array('content' => $_POST['content']))) {
             $pages_errors->addError($validator_php->validation_errors());
         }
     }
     // None shall pass ... with errors
     if ($pages_errors->hasErrors()) {
         $this->action_sportal_admin_page_edit();
     }
     // If you made it this far, we are going to save the work
     if (!empty($_POST['blocks']) && is_array($_POST['blocks'])) {
         foreach ($_POST['blocks'] as $id => $block) {
             $_POST['blocks'][$id] = (int) $block;
         }
     } else {
         $_POST['blocks'] = array();
     }
     // The data for the fields
     $page_info = array('id' => (int) $_POST['page_id'], 'namespace' => Util::htmlspecialchars($_POST['namespace'], ENT_QUOTES), 'title' => Util::htmlspecialchars($_POST['title'], ENT_QUOTES), 'body' => Util::htmlspecialchars($_POST['content'], ENT_QUOTES), 'type' => in_array($_POST['type'], array('bbc', 'html', 'php')) ? $_POST['type'] : 'bbc', 'permissions' => (int) $_POST['permissions'], 'style' => sportal_parse_style('implode'), 'status' => !empty($_POST['status']) ? 1 : 0);
     if ($page_info['type'] === 'bbc') {
         preparsecode($page_info['body']);
     }
     // Save away
     sp_save_page($page_info, $context['SPortal']['is_new']);
     $to_show = array();
     $not_to_show = array();
     $changes = array();
     foreach ($context['page_blocks'] as $page_blocks) {
         foreach ($page_blocks as $block) {
             if ($block['shown'] && !in_array($block['id'], $_POST['blocks'])) {
                 $not_to_show[] = $block['id'];
             } elseif (!$block['shown'] && in_array($block['id'], $_POST['blocks'])) {
                 $to_show[] = $block['id'];
             }
         }
     }
     foreach ($to_show as $id) {
         if (empty($this->blocks[$id]['display']) && empty($this->blocks[$id]['display_custom']) || $this->blocks[$id]['display'] == 'sportal') {
             $changes[$id] = array('display' => 'portal,p' . $page_info['id'], 'display_custom' => '');
         } elseif (in_array($this->blocks[$id]['display'], array('allaction', 'allboard'))) {
             $changes[$id] = array('display' => '', 'display_custom' => $this->blocks[$id]['display'] . ',p' . $page_info['id']);
         } elseif (in_array('-p' . $page_info['id'], explode(',', $this->blocks[$id]['display_custom']))) {
             $changes[$id] = array('display' => $this->blocks[$id]['display'], 'display_custom' => implode(',', array_diff(explode(',', $this->blocks[$id]['display_custom']), array('-p' . $page_info['id']))));
         } elseif (empty($this->blocks[$id]['display_custom'])) {
             $changes[$id] = array('display' => implode(',', array_merge(explode(',', $this->blocks[$id]['display']), array('p' . $page_info['id']))), 'display_custom' => '');
         } else {
             $changes[$id] = array('display' => $this->blocks[$id]['display'], 'display_custom' => implode(',', array_merge(explode(',', $this->blocks[$id]['display_custom']), array('p' . $page_info['id']))));
         }
     }
     foreach ($not_to_show as $id) {
         if (count(array_intersect(array($this->blocks[$id]['display'], $this->blocks[$id]['display_custom']), array('sforum', 'allpages', 'all'))) > 0) {
             $changes[$id] = array('display' => '', 'display_custom' => $this->blocks[$id]['display'] . $this->blocks[$id]['display_custom'] . ',-p' . $page_info['id']);
         } elseif (empty($this->blocks[$id]['display_custom'])) {
             $changes[$id] = array('display' => implode(',', array_diff(explode(',', $this->blocks[$id]['display']), array('p' . $page_info['id']))), 'display_custom' => '');
         } else {
             $changes[$id] = array('display' => implode(',', array_diff(explode(',', $this->blocks[$id]['display']), array('p' . $page_info['id']))), 'display_custom' => implode(',', array_diff(explode(',', $this->blocks[$id]['display_custom']), array('p' . $page_info['id']))));
         }
     }
     // Update the blocks as needed
     foreach ($changes as $id => $data) {
         sp_update_block_visibility($id, $data);
     }
     redirectexit('action=admin;area=portalpages');
     return true;
 }
 /**
  * This function allows the admin to register a new member by hand.
  *
  * - It also allows assigning a primary group to the member being registered.
  * - Accessed by ?action=admin;area=regcenter;sa=register
  * - Requires the moderate_forum permission.
  *
  * @uses Register template, admin_register sub-template.
  */
 public function action_register()
 {
     global $txt, $context, $scripturl, $user_info;
     if (!empty($_POST['regSubmit'])) {
         checkSession();
         validateToken('admin-regc');
         foreach ($_POST as $key => $dummy) {
             if (!is_array($_POST[$key])) {
                 $_POST[$key] = htmltrim__recursive(str_replace(array("\n", "\r"), '', $_POST[$key]));
             }
         }
         $regOptions = array('interface' => 'admin', 'username' => $_POST['user'], 'email' => $_POST['email'], 'password' => $_POST['password'], 'password_check' => $_POST['password'], 'check_reserved_name' => true, 'check_password_strength' => true, 'check_email_ban' => false, 'send_welcome_email' => isset($_POST['emailPassword']) || empty($_POST['password']), 'require' => isset($_POST['emailActivate']) ? 'activation' : 'nothing', 'memberGroup' => empty($_POST['group']) || !allowedTo('manage_membergroups') ? 0 : (int) $_POST['group']);
         require_once SUBSDIR . '/Members.subs.php';
         $reg_errors = Error_Context::context('register', 0);
         $memberID = registerMember($regOptions, 'register');
         // If there are "important" errors and you are not an admin: log the first error
         // Otherwise grab all of them and don't log anything
         $error_severity = $reg_errors->hasErrors(1) && !$user_info['is_admin'] ? 1 : null;
         foreach ($reg_errors->prepareErrors($error_severity) as $error) {
             fatal_error($error, $error_severity === null ? false : 'general');
         }
         if (!empty($memberID)) {
             $context['new_member'] = array('id' => $memberID, 'name' => $_POST['user'], 'href' => $scripturl . '?action=profile;u=' . $memberID, 'link' => '<a href="' . $scripturl . '?action=profile;u=' . $memberID . '">' . $_POST['user'] . '</a>');
             $context['registration_done'] = sprintf($txt['admin_register_done'], $context['new_member']['link']);
         }
     }
     // Load the assignable member groups.
     if (allowedTo('manage_membergroups')) {
         require_once SUBSDIR . '/Membergroups.subs.php';
         if (allowedTo('admin_forum')) {
             $includes = array('admin', 'globalmod', 'member');
         } else {
             $includes = array('globalmod', 'member', 'custom');
         }
         $groups = array();
         $membergroups = getBasicMembergroupData($includes, array('hidden', 'protected'));
         foreach ($membergroups as $membergroup) {
             $groups[$membergroup['id']] = $membergroup['name'];
         }
         $context['member_groups'] = $groups;
     } else {
         $context['member_groups'] = array();
     }
     // Basic stuff.
     addInlineJavascript('disableAutoComplete();', true);
     $context['sub_template'] = 'admin_register';
     $context['page_title'] = $txt['registration_center'];
     createToken('admin-regc');
 }