示例#1
0
        $show_menu_user = TRUE;
    }
    unset($plugin_vars);
}
$global_plugins['plugin_controls'] = array('show_menu_user' => $show_menu_user);
SE_DEBUG ? $_benchmark->end('plugins') : NULL;
SE_DEBUG ? $_benchmark->start('page') : NULL;
// CHECK TO SEE IF SITE IS ONLINE OR NOT, ADMIN NOT LOGGED IN, DISPLAY OFFLINE PAGE
if (!$setting['setting_online'] && !$admin->admin_exists) {
    $page = "offline";
    include "footer.php";
}
// CALL HEADER HOOK
($hook = SE_Hook::exists('se_header')) ? SE_Hook::call($hook, array()) : NULL;
// CHECK IF LOGGED-IN USER IS ON OWNER'S BLOCKLIST
if ($user->user_exists && $owner->user_exists && $owner->user_blocked($user->user_info['user_id'])) {
    // ASSIGN VARIABLES AND DISPLAY ERROR PAGE
    $page = "error";
    $smarty->assign('error_header', 639);
    $smarty->assign('error_message', 640);
    $smarty->assign('error_submit', 641);
    include "footer.php";
}
// CHECK TO SEE IF USER HAS BEEN BLOCKED BY IP
if (check_ip_in_banned_list($_SERVER['REMOTE_ADDR'], $setting['setting_banned_ips'])) {
    // LOGOUT IF LOGGED IN
    if ($user->user_exists) {
        $user->user_logout();
    }
    // ASSIGN VARIABLES AND DISPLAY ERROR PAGE
    $page = "error";
示例#2
0
 function user_message_send($to, $subject, $message, $convo_id = NULL)
 {
     global $database, $notify, $url;
     $recipients = array();
     $recipients_full = array();
     // VALIDATE CONVERSATION ID
     if (!$convo_id || !is_numeric($convo_id)) {
         $convo_id = 0;
     }
     // CHECK TO SEE IF MESSAGE IS EMPTY
     if (!trim($message)) {
         $this->is_error = 796;
     }
     // NEW MESSAGE
     if (!$convo_id) {
         // ORGANIZE RECIPIENTS
         $tos = array_filter(preg_split('/[\\s,;]+?/', $to));
         array_splice($tos, $this->level_info['level_message_recipients']);
         // LOOP OVER RECIPIENTS
         foreach ($tos as $to_username) {
             // CANT SEND TO SELF
             if (strtolower($to_username) == strtolower($this->user_info['user_username'])) {
                 continue;
             }
             // GET TO USER OBJECT
             $to_user = new SEUser(array(NULL, $to_username));
             // CANT SEND TO NON EXISTENT USER. BLOCKED USER, OR USERS NOT ALLOWED TO USE MESSAGES
             if (!$to_user->user_exists) {
                 continue;
             }
             if ($to_user->user_blocked($this->user_info['user_id'])) {
                 continue;
             }
             if (!$this->level_info['level_message_allow']) {
                 continue;
             }
             // CHECK MESSAGE TYPES AND ADD RECIPIENT
             if ($this->level_info['level_message_allow'] == 2 || $this->level_info['level_message_allow'] == 1 && $this->user_friended($to_user->user_info['user_id'])) {
                 $recipients_full[$to_user->user_info['user_id']] =& $to_user;
                 $recipients[] = $to_user->user_info['user_id'];
             }
         }
         // ENSURE THERE ARE RECIPIENTS
         if (empty($recipients)) {
             $this->is_error = 795;
         }
         // IF NO ERROR, CREATE CONVERSATION
         if (!$this->is_error) {
             // CREATE CONVO
             $sql = "INSERT INTO se_pmconvos (pmconvo_subject, pmconvo_recipients) VALUES ('" . addslashes($subject) . "', '" . (count($recipients) + 1) . "')";
             $resource = $database->database_query($sql);
             $convo_id = $database->database_insert_id();
             // CREATE CONVOOPS
             $sql = "\r\n          INSERT INTO se_pmconvoops\r\n            (pmconvoop_pmconvo_id, pmconvoop_user_id, pmconvoop_deleted_outbox, pmconvoop_deleted_inbox)\r\n          VALUES\r\n            ('{$convo_id}', '{$this->user_info['user_id']}', 0, 1)";
             //$is_first = TRUE;
             foreach ($recipients as $to_user_id) {
                 $sql .= ", ('{$convo_id}', '{$to_user_id}', 1, 0)";
             }
             // EXECUTE QUERY
             $resource = $database->database_query($sql);
         }
     } else {
         $sql = "SELECT pmconvoop_user_id FROM se_pmconvoops WHERE pmconvoop_pmconvo_id='{$convo_id}'";
         $resource = $database->database_query($sql);
         $unauthorized = TRUE;
         while ($pmconvoop_info = $database->database_fetch_assoc($resource)) {
             if ($pmconvoop_info['pmconvoop_user_id'] != $this->user_info['user_id']) {
                 $recipients[] = $pmconvoop_info['pmconvoop_user_id'];
             } else {
                 $unauthorized = FALSE;
             }
         }
         // USER WAS NOT IN CONVERSATION
         if ($unauthorized) {
             $this->is_error = 39;
         }
         // FIX THIS CODE RANDOM NUMBER TEMP
     }
     // IF NO ERROR, ADD MESSAGE TO CONVERSATION
     if (!$this->is_error) {
         // LINK ALL LINKS
         $message = ereg_replace("http://([.]?[a-zA-Z0-9_/-])*", "<a href=\"\\0\" target=\"_blank\">\\0</a>", $message);
         $message = ereg_replace("(^| |\n)(www([.]?[a-zA-Z0-9_/-])*)", "\\1<a href=\"http://\\2\" target=\"_blank\">\\2</a>", $message);
         // RUN SECURITY ON THE MESSAGE TO ENSURE NO XSS ATTACKS WITH LINKS
         $message = cleanHTML($message, "a");
         // REPLACE NEWLINES IN BODY WITH BREAKS
         $message = str_replace("\n", "<br>", $message);
         $message = str_replace("'", "\\'", $message);
         // INSERT MESSAGE
         $pm_date = time();
         $sql = "\r\n        INSERT INTO se_pms\r\n          (pm_authoruser_id, pm_pmconvo_id, pm_date, pm_body)\r\n        VALUES\r\n          ('{$this->user_info['user_id']}', '{$convo_id}', '{$pm_date}', '{$message}')\r\n      ";
         $resource = $database->database_query($sql);
         // UPDATE PMCONVOOPS
         $sql = "UPDATE se_pmconvoops SET pmconvoop_deleted_outbox=0, pmconvoop_pmdate='{$pm_date}' WHERE pmconvoop_pmconvo_id='{$convo_id}' && pmconvoop_user_id='{$this->user_info['user_id']}'";
         $resource = $database->database_query($sql);
         $sql = "UPDATE se_pmconvoops SET pmconvoop_deleted_inbox=0, pmconvoop_read=0, pmconvoop_pmdate='{$pm_date}' WHERE pmconvoop_pmconvo_id='{$convo_id}' && pmconvoop_user_id!='{$this->user_info['user_id']}'";
         $resource = $database->database_query($sql);
         // INSERT/SEND NOTIFICATIONS FOR RECIPIENTS
         // GET RECIPIENTS IF NOT INITIAL MESSAGE
         foreach ($recipients as $recipient_user_id) {
             //if( empty($recipients_full[$recipient_user_id]) )
             //{
             $recipients_full[$recipient_user_id] = new SEUser(array($recipient_user_id));
             //}
             $current_recipient =& $recipients_full[$recipient_user_id];
             // NOT A USER
             if (!is_object($current_recipient) || !$current_recipient->user_exists) {
                 continue;
             }
             // ADD NOTIFICATION
             $notify->notify_add($current_recipient->user_info['user_id'], 'message', $convo_id, array(), array(), TRUE);
             // SEND EMAIL
             $current_recipient->user_settings('usersetting_notify_message');
             if ($current_recipient->usersetting_info['usersetting_notify_message']) {
                 send_systememail('message', $current_recipient->user_info[user_email], array($current_recipient->user_displayname, $this->user_displayname, "<a href=\"{$url->url_base}login.php\">{$url->url_base}login.php</a>"));
             }
             // CLEAN OUT THEM OLD MESSAGES
             $num_inbox = $current_recipient->user_message_total(0, 0);
             $num_outbox = $current_recipient->user_message_total(1, 0);
             $num_inbox_delete = $num_inbox - $current_recipient->level_info['level_message_inbox'];
             $num_outbox_delete = $num_outbox - $current_recipient->level_info['level_message_outbox'];
             // CLEAN OUT INBOX
             if ($num_inbox_delete > 0) {
                 $sql = "\r\n            SELECT\r\n              se_pmconvoops.pmconvoop_pmconvo_id AS pmconvo_id\r\n            FROM\r\n              se_pmconvoops\r\n            LEFT JOIN\r\n              se_pmconvos\r\n              ON se_pmconvos.pmconvo_id=se_pmconvoops.pmconvoop_pmconvo_id\r\n            LEFT JOIN\r\n              se_pms\r\n              ON se_pms.pm_pmconvo_id=se_pmconvos.pmconvo_id\r\n            WHERE\r\n              se_pmconvoops.pmconvoop_user_id='{$current_recipient->user_info['user_id']}' &&\r\n              se_pmconvoops.pmconvoop_deleted_inbox=0 &&\r\n              se_pms.pm_id=(SELECT MAX(pm_id) FROM se_pms WHERE pm_pmconvo_id=se_pmconvoops.pmconvoop_pmconvo_id)\r\n            ORDER BY\r\n              se_pms.pm_date ASC\r\n            LIMIT\r\n              {$num_inbox_delete}\r\n          ";
                 $resource = $database->database_query($sql);
                 while ($result = $database->database_fetch_assoc($resource)) {
                     $delete_array[] = $result['pmconvo_id'];
                 }
                 // DELETE
                 $current_recipient->user_message_delete_selected($delete_array, 0);
             }
             // CLEAN OUT OUTBOX
             if ($num_outbox_delete > 0) {
                 $sql = "\r\n            SELECT\r\n              se_pmconvoops.pmconvoop_pmconvo_id AS pmconvo_id\r\n            FROM\r\n              se_pmconvoops\r\n            LEFT JOIN\r\n              se_pmconvos\r\n              ON se_pmconvos.pmconvo_id=se_pmconvoops.pmconvoop_pmconvo_id\r\n            LEFT JOIN\r\n              se_pms\r\n              ON se_pms.pm_pmconvo_id=se_pmconvos.pmconvo_id\r\n            WHERE\r\n              se_pmconvoops.pmconvoop_user_id='{$current_recipient->user_info['user_id']}' &&\r\n              se_pmconvoops.pmconvoop_deleted_outbox=0 &&\r\n              se_pms.pm_id=(SELECT MAX(pm_id) FROM se_pms WHERE pm_pmconvo_id=se_pmconvoops.pmconvoop_pmconvo_id)\r\n            ORDER BY\r\n              se_pms.pm_date ASC\r\n            LIMIT\r\n              {$num_outbox_delete}\r\n          ";
                 $resource = $database->database_query($sql);
                 while ($result = $database->database_fetch_assoc($resource)) {
                     $delete_array[] = $result['pmconvo_id'];
                 }
                 // DELETE
                 $current_recipient->user_message_delete_selected($delete_array, 1);
             }
             // CLEAR INACTIVE CONVERSATIONS
             $this->user_message_cleanup();
         }
     }
     return $convo_id;
 }