public function getFloodingLimitForAction($action, &$viewingUser = null) { $this->standardizeViewingUserReference($viewingUser); if (!$viewingUser['user_id']) { return null; } switch ($action) { case 'conversation': $floodingLimit = XenForo_Permission::hasPermission($viewingUser['permissions'], 'conversation', 'floodCheckLength'); break; case 'post': $floodingLimit = XenForo_Permission::hasPermission($viewingUser['permissions'], 'general', 'floodCheckPostLength'); break; case 'contact': $floodingLimit = XenForo_Permission::hasPermission($viewingUser['permissions'], 'general', 'floodCheckContactLength'); break; case 'report': $floodingLimit = XenForo_Permission::hasPermission($viewingUser['permissions'], 'general', 'floodCheckReportLength'); break; default: $floodingLimit = null; break; } if ($floodingLimit === false) { return null; } return $floodingLimit; }
public function actionContent() { $noWrapper = $this->_input->filterSingle('no_wrapper', XenForo_Input::STRING); $defaultOrder = 'media_date'; $order = $this->_input->filterSingle('order', XenForo_Input::STRING, array('default' => $defaultOrder)); $container = $this->_input->filterSingle('container', XenForo_Input::STRING); $type = $this->_input->filterSingle('type', XenForo_Input::STRING); $userId = $this->_input->filterSingle('user_id', XenForo_Input::UINT); $userFetchOptions = array('join' => XenForo_Model_User::FETCH_LAST_ACTIVITY); $user = $this->getHelper('UserProfile')->assertUserProfileValidAndViewable($userId, $userFetchOptions); $this->canonicalizeRequestUrl(XenForo_Link::buildPublicLink('xengallery/users', $user)); $mediaModel = $this->_getMediaModel(); $page = $this->_input->filterSingle('page', XenForo_Input::UINT); $perPage = XenForo_Application::getOptions()->xengalleryMediaMaxPerPage; $visitor = XenForo_Visitor::getInstance(); $conditions = array('user_id' => $user['user_id'], 'container' => $container, 'type' => $type, 'deleted' => XenForo_Permission::hasPermission(XenForo_Visitor::getInstance()->permissions, 'xengallery', 'viewDeleted'), 'privacyUserId' => $visitor->user_id, 'viewAlbums' => XenForo_Permission::hasPermission($visitor->permissions, 'xengallery', 'viewAlbums'), 'viewCategoryIds' => $mediaModel->getViewableCategoriesForVisitor($visitor->toArray())); $fetchOptions = $this->_getMediaFetchOptions() + array('order' => $order ? $order : $defaultOrder, 'orderDirection' => 'desc', 'page' => $page, 'perPage' => $perPage); $fetchOptions['join'] |= XenGallery_Model_Media::FETCH_ALBUM | XenGallery_Model_Media::FETCH_PRIVACY; $totalCount = $mediaModel->countMedia($conditions, $fetchOptions); $media = $mediaModel->getMedia($conditions, $fetchOptions); $media = $mediaModel->prepareMediaItems($media); $userPage = false; if ($userId == $visitor->user_id) { $userPage = true; } $inlineModOptions = $mediaModel->prepareInlineModOptions($media, $userPage); $pageNavParams = array('order' => $order != $defaultOrder ? $order : false, 'container' => $container ? $container : false, 'type' => $type ? $type : false); $viewParams = array('canViewComments' => $this->_getCommentModel()->canViewComments(), 'media' => $media, 'user' => $user, 'page' => $page <= 1 ? '' : $page, 'perPage' => $perPage, 'pageNavParams' => $pageNavParams, 'order' => $order, 'defaultOrder' => $defaultOrder, 'container' => $container, 'containerFilter' => $container, 'type' => $type, 'typeFilter' => $type, 'mediaCount' => count($media), 'totalCount' => $totalCount, 'noWrapper' => $noWrapper, 'showFilterTabs' => true, 'inlineModOptions' => $inlineModOptions); $view = $this->responseView('XenGallery_ViewPublic_User_Media', 'xengallery_media_user', $viewParams); if ($noWrapper) { return $view; } else { return $this->_getSiteMediaWrapper('', $view); } }
public static function getImage($content, $params, XenForo_Template_Abstract $template) { $posts = $template->getParam('posts'); if (!count($posts)) { return $content; } $visitor = XenForo_Visitor::getInstance(); $matches = array(); foreach ($posts as $post) { if (XenForo_Permission::hasPermission($visitor['permissions'], 'forum', 'viewAttachment')) { preg_match('#\\[attach(=[^\\]]*)?\\](?P<id>\\d+)(\\D.*)?\\[/attach\\]#iU', $post['message'], $matches); if (!empty($matches[2])) { $link = XenForo_Link::buildPublicLink('full:attachments', array('attachment_id' => $matches[2])); if (!empty($link)) { return $link; } } } preg_match('/\\[(img|IMG)\\]\\s*(https?:\\/\\/([^*\\r\\n]+|[a-z0-9\\/\\\\._\\- !]+))\\[\\/(img|IMG)\\]/', $post['message'], $matches); if (!empty($matches[2])) { return $matches[2]; } } return $content; }
public function getPermissions(array $viewingUser = null) { $this->standardizeViewingUserReference($viewingUser); $perms['custom'] = XenForo_Permission::hasPermission($viewingUser['permissions'], 'EWRporta', 'canCustom') ? true : false; $perms['promote'] = XenForo_Permission::hasPermission($viewingUser['permissions'], 'EWRporta', 'canPromote') ? true : false; return $perms; }
public function findNewMedia() { $mediaModel = $this->_getMediaModel(); /** @var $searchModel XenForo_Model_Search */ $searchModel = $this->_getSearchModel(); $visitor = XenForo_Visitor::getInstance(); $limitOptions = array('limit' => XenForo_Application::getOptions()->maximumSearchResults, 'viewCategoryIds' => $mediaModel->getViewableCategoriesForVisitor($visitor->toArray()), 'viewAlbums' => XenForo_Permission::hasPermission($visitor->permissions, 'xengallery', 'viewAlbums'), 'privacyUserId' => $visitor->user_id); if ($visitor->user_id) { $mediaIds = $mediaModel->getUnviewedMediaIds($visitor->user_id, $limitOptions); } else { $conditions = $limitOptions + array('media_date' => array('>', XenForo_Application::$time - 86400 * 7), 'deleted' => false, 'moderated' => false); $fetchOptions = $limitOptions + array('order' => 'media_date', 'orderDirection' => 'desc', 'join' => XenGallery_Model_Media::FETCH_USER | XenGallery_Model_Media::FETCH_ATTACHMENT | XenGallery_Model_Media::FETCH_CATEGORY | XenGallery_Model_Media::FETCH_ALBUM | XenGallery_Model_Media::FETCH_PRIVACY); $mediaIds = array_keys($mediaModel->getMedia($conditions, $fetchOptions)); } if ($mediaIds) { $media = $mediaModel->getMedia(array('media_id' => $mediaIds, 'view_user_id' => $visitor->getUserId()), array('join' => XenGallery_Model_Media::FETCH_USER | XenGallery_Model_Media::FETCH_ATTACHMENT | XenGallery_Model_Media::FETCH_CATEGORY | XenGallery_Model_Media::FETCH_ALBUM | XenGallery_Model_Media::FETCH_LAST_VIEW)); $media = $mediaModel->prepareMedia($media); } $results = array(); foreach ($mediaIds as $mediaId) { if (isset($media[$mediaId])) { $results[] = array(XenForo_Model_Search::CONTENT_TYPE => 'xengallery_media', XenForo_Model_Search::CONTENT_ID => $mediaId); } } $search = $searchModel->insertSearch($results, 'xengallery_media', '', array('findNew'), 'date', false); return $this->responseRedirect(XenForo_ControllerResponse_Redirect::SUCCESS, XenForo_Link::buildPublicLink('find-new/media', $search)); }
public function getVisibleReportsForUser(array $reports, array $viewingUser) { $teamIds = array(); foreach ($reports as $reportId => $report) { $info = unserialize($report['content_info']); $teamIds[$info['team_id']][] = $reportId; } $teamModel = XenForo_Model::create('Nobita_Teams_Model_Team'); $teams = $teamModel->getTeamsByIds(array_keys($teamIds), array('join' => Nobita_Teams_Model_Team::FETCH_CATEGORY | Nobita_Teams_Model_Team::FETCH_PRIVACY | Nobita_Teams_Model_Team::FETCH_PROFILE)); foreach ($teamIds as $teamId => $teamReports) { $remove = false; if (!isset($teams[$teamId])) { $remove = true; } else { $team = $teams[$teamId]; if (!XenForo_Permission::hasPermission($viewingUser['permissions'], 'Teams', 'editPostAny') && !XenForo_Permission::hasPermission($viewingUser['permissions'], 'Teams', 'deletePostAny')) { $remove = true; } } if ($remove) { foreach ($teamReports as $reportId) { unset($teamReports[$reportId]); } } } return $reports; }
/** * Gets the visible reports of this content type for the viewing user. * * @see XenForo_ReportHandler_Abstract:getVisibleReportsForUser() */ public function getVisibleReportsForUser(array $reports, array $viewingUser) { $reportsByUser = array(); foreach ($reports as $reportId => $report) { $info = unserialize($report['content_info']); $reportsByUser[$info['profile_user_id']][] = $reportId; } $users = XenForo_Model::create('XenForo_Model_User')->getUsersByIds(array_keys($reportsByUser), array('join' => XenForo_Model_User::FETCH_USER_PRIVACY, 'followingUserId' => $viewingUser['user_id'])); $userProfileModel = XenForo_Model::create('XenForo_Model_UserProfile'); foreach ($reportsByUser as $userId => $userReports) { $remove = false; if (isset($users[$userId]) && !$userProfileModel->canViewFullUserProfile($users[$userId], $null, $viewingUser)) { $remove = true; } else { if (!XenForo_Permission::hasPermission($viewingUser['permissions'], 'profilePost', 'editAny') && !XenForo_Permission::hasPermission($viewingUser['permissions'], 'profilePost', 'deleteAny')) { $remove = true; } } if ($remove) { foreach ($userReports as $reportId) { unset($reports[$reportId]); } } } return $reports; }
public function actionAlbums() { $this->_routeMatch->setSections('xengallery'); $albumWatchModel = $this->_getAlbumWatchModel(); $albumModel = $this->_getAlbumModel(); if (!$albumModel->canWatchAlbum()) { throw $this->getErrorOrNoPermissionResponseException(); } $visitor = XenForo_Visitor::getInstance(); $defaultOrder = 'album_date'; $order = $this->_input->filterSingle('order', XenForo_Input::STRING, array('default' => $defaultOrder)); $page = $this->_input->filterSingle('page', XenForo_Input::UINT); $perPage = XenForo_Application::getOptions()->xengalleryMediaMaxPerPage; $albums = array(); $conditions = array(); $fetchOptions = array(); $albumIds = $albumWatchModel->getUserAlbumWatchByUser($visitor['user_id']); if ($albumIds) { $conditions = array('deleted' => XenForo_Permission::hasPermission($visitor->permissions, 'xengallery', 'viewDeleted'), 'privacyUserId' => $visitor->user_id, 'viewCategoryIds' => $this->getModelFromCache('XenGallery_Model_Media')->getViewableCategoriesForVisitor(), 'album_id' => array_keys($albumIds)); $fetchOptions = array('order' => $order ? $order : $defaultOrder, 'orderDirection' => 'desc', 'page' => $page, 'perPage' => $perPage, 'join' => XenGallery_Model_Album::FETCH_PRIVACY | XenGallery_Model_Album::FETCH_USER); $albums = $albumModel->getAlbums($conditions, $fetchOptions); $albums = $albumModel->prepareAlbums($albums); foreach ($albums as $albumId => &$album) { $album = array_merge($albumIds[$albumId], $album); } } $pageNavParams = array('order' => $order != $defaultOrder ? $order : false); $viewParams = array('albums' => $albums, 'albumCount' => $albums ? $albumModel->countAlbums($conditions, $fetchOptions) : 0, 'canViewRatings' => $this->_getMediaModel()->canViewRatings(), 'canViewComments' => $this->_getCommentModel()->canViewComments(), 'order' => $order, 'defaultOrder' => $defaultOrder, 'page' => $page, 'perPage' => $perPage, 'pageNavParams' => $pageNavParams, 'watchPage' => true, 'hideFilterMenu' => true); return $this->responseView('XenGallery_ViewPublic_Watched_Albums', 'xengallery_watch_albums', $viewParams); }
/** * Determines if the specified attachment can be viewed. * * @see XenForo_AttachmentHandler_Abstract::_canViewAttachment() */ protected function _canViewAttachment(array $attachment, array $viewingUser) { $mediaModel = $this->_getMediaModel(); $fetchOptions = array('join' => XenGallery_Model_Media::FETCH_USER | XenGallery_Model_Media::FETCH_ATTACHMENT | XenGallery_Model_Media::FETCH_CATEGORY | XenGallery_Model_Media::FETCH_ALBUM, 'watchUserId' => $viewingUser['user_id']); if (XenForo_Permission::hasPermission($viewingUser['permissions'], 'xengallery', 'viewDeleted')) { $fetchOptions['join'] |= XenGallery_Model_Media::FETCH_DELETION_LOG; } $mediaId = $mediaModel->getMediaIdByAttachmentId($attachment['attachment_id']); $media = $mediaModel->getMediaById($mediaId, $fetchOptions); if (!$media) { return false; } if (!empty($media['album_id'])) { $albumModel = $this->_getAlbumModel(); $media = $albumModel->prepareAlbumWithPermissions($media); if (!$albumModel->canViewAlbum($media, $null, $viewingUser)) { return false; } } if (!empty($media['category_id'])) { if (!$this->_getCategoryModel()->canViewCategory($media, $null, $viewingUser)) { return false; } } if (!$mediaModel->canViewDeletedMedia($error, $viewingUser) && $media['media_state'] == 'deleted') { return false; } if (!$mediaModel->canViewUnapprovedMedia($error, $viewingUser) && $media['media_state'] == 'moderated') { return false; } return true; }
/** * Gets visible moderation queue entries for specified user. * * @see XenForo_ModerationQueueHandler_Abstract::getVisibleModerationQueueEntriesForUser() */ public function getVisibleModerationQueueEntriesForUser(array $contentIds, array $viewingUser) { /* @var $profilePostModel XenForo_Model_ProfilePost */ $profilePostModel = XenForo_Model::create('XenForo_Model_ProfilePost'); $profilePosts = $profilePostModel->getProfilePostsByIds($contentIds); $profileUserIds = array(); foreach ($profilePosts as $profilePost) { $profileUserIds[] = $profilePost['profile_user_id']; } $users = XenForo_Model::create('XenForo_Model_User')->getUsersByIds($profileUserIds, array('join' => XenForo_Model_User::FETCH_USER_PRIVACY, 'followingUserId' => $viewingUser['user_id'])); $output = array(); foreach ($profilePosts as $profilePost) { if (!isset($users[$profilePost['profile_user_id']])) { continue; } $user = $users[$profilePost['profile_user_id']]; $canManage = true; if (!$profilePostModel->canViewProfilePostAndContainer($profilePost, $user, $null, $viewingUser)) { $canManage = false; } else { if (!XenForo_Permission::hasPermission($viewingUser['permissions'], 'profilePost', 'editAny') || !XenForo_Permission::hasPermission($viewingUser['permissions'], 'profilePost', 'deleteAny')) { $canManage = false; } } if ($canManage) { $output[$profilePost['profile_post_id']] = array('message' => $profilePost['message'], 'user' => array('user_id' => $profilePost['user_id'], 'username' => $profilePost['username']), 'title' => new XenForo_Phrase('profile_post_for_x', array('username' => $user['username'])), 'link' => XenForo_Link::buildPublicLink('profile-posts', $profilePost), 'contentTypeTitle' => new XenForo_Phrase('profile_post'), 'titleEdit' => false); } } return $output; }
public function getPermissionsFromContext(array $context, array $parentContext = null) { // Context could be some previously fetched permissions, media, album or category... if (isset($context['tagger_permissions'])) { return $context['tagger_permissions']; } else { if (isset($context['media_id'])) { $media = $context; $container = $parentContext; } else { $media = null; $container = $context; } } if (!$container || empty($container['album_id']) && empty($container['category_id'])) { throw new Exception("Context must be a media item and an album/category or just an album/category"); } $visitor = XenForo_Visitor::getInstance(); if ($media) { if ($media['user_id'] == $visitor['user_id'] && XenForo_Permission::hasPermission($visitor['permissions'], 'xengallery', 'manageOthersTagsOwnMedia')) { $removeOthers = true; } else { $removeOthers = XenForo_Permission::hasPermission($visitor['permissions'], 'xengallery', 'manageAnyTag'); } } else { $removeOthers = false; } return array('edit' => $this->_getMediaModel()->canEditTags($media), 'removeOthers' => $removeOthers, 'minTotal' => isset($container['min_tags']) ? $container['min_tags'] : XenForo_Application::getOptions()->xengalleryAlbumMinTags); }
/** * Gets visible moderation queue entries for specified user. * * @see XenForo_ModerationQueueHandler_Abstract::getVisibleModerationQueueEntriesForUser() */ public function getVisibleModerationQueueEntriesForUser(array $contentIds, array $viewingUser) { /** @var XenForo_Model_ProfilePost $profilePostModel */ $profilePostModel = XenForo_Model::create('XenForo_Model_ProfilePost'); $comments = $profilePostModel->getProfilePostCommentsByIds($contentIds); $profilePostIds = XenForo_Application::arrayColumn($comments, 'profile_post_id'); $profilePosts = $profilePostModel->getProfilePostsByIds($profilePostIds, array('join' => XenForo_Model_ProfilePost::FETCH_USER_RECEIVER | XenForo_Model_ProfilePost::FETCH_USER_RECEIVER_PRIVACY | XenForo_Model_ProfilePost::FETCH_USER_POSTER, 'visitingUser' => $viewingUser)); $output = array(); foreach ($comments as $key => &$comment) { if (isset($profilePosts[$comment['profile_post_id']])) { $comment['profilePost'] = $profilePosts[$comment['profile_post_id']]; $comment['profileUser'] = $profilePostModel->getProfileUserFromProfilePost($comment['profilePost'], $viewingUser); if (!$comment['profilePost'] || !$comment['profileUser']) { continue; } $canManage = true; if (!$profilePostModel->canViewProfilePostAndContainer($comment['profilePost'], $comment['profileUser'], $null, $viewingUser)) { $canManage = false; } else { if (!$profilePostModel->canViewProfilePostComment($comment, $comment['profilePost'], $comment['profileUser'], $null, $viewingUser)) { $canManage = false; } else { if (!XenForo_Permission::hasPermission($viewingUser['permissions'], 'profilePost', 'editAny') || !XenForo_Permission::hasPermission($viewingUser['permissions'], 'profilePost', 'deleteAny')) { $canManage = false; } } } if ($canManage) { $output[$comment['profile_post_comment_id']] = array('message' => $comment['message'], 'user' => array('user_id' => $comment['user_id'], 'username' => $comment['username']), 'title' => new XenForo_Phrase('profile_post_comment_by_x', array('username' => $comment['username'])), 'link' => XenForo_Link::buildPublicLink('profile-posts/comments', $comment), 'contentTypeTitle' => new XenForo_Phrase('profile_post_comment'), 'titleEdit' => false); } } } return $output; }
protected function _getContent(array $contentIds, array $viewingUser) { $mediaModel = $this->_getMediaModel(); $conditions = array('media_id' => $contentIds, 'privacyUserId' => $viewingUser['user_id'], 'deleted' => $mediaModel->canViewDeletedMedia($null, $viewingUser), 'moderated' => $mediaModel->canViewUnapprovedMedia($null, $viewingUser), 'viewAlbums' => XenForo_Permission::hasPermission($viewingUser['permissions'], 'xengallery', 'viewAlbums'), 'viewCategoryIds' => $mediaModel->getViewableCategoriesForVisitor($viewingUser)); $fetchOptions = array('join' => XenGallery_Model_Media::FETCH_USER | XenGallery_Model_Media::FETCH_ALBUM | XenGallery_Model_Media::FETCH_CATEGORY | XenGallery_Model_Media::FETCH_PRIVACY); return $mediaModel->getMedia($conditions, $fetchOptions); }
/** * * @see XenForo_Model_UserProfile */ public function canViewProfilePosts(array $user, &$errorPhraseKey = '', array $viewingUser = null) { $this->standardizeViewingUserReference($viewingUser); if ($user['user_id'] == $viewingUser['user_id']) { return XenForo_Permission::hasPermission($viewingUser['permissions'], 'profilePost', 'viewOwnStatus'); } return parent::canViewProfilePosts($user, $errorPhraseKey, $viewingUser); }
/** * Determines if permissions are sufficient to view similar usernames for * the given user. * * @param array $user User being viewed * @param string $errorPhraseKey Returned by ref. Phrase key of more * specific error * @param array|null $viewingUser Viewing user ref * * @return boolean */ public function canViewSimilarUsernames(array $user, &$errorPhraseKey = '', array $viewingUser = null) { if (empty($user['user_id'])) { return false; } $this->standardizeViewingUserReference($viewingUser); return XenForo_Permission::hasPermission($viewingUser['permissions'], 'general', 'similarUsernames'); }
/** * Determines if a user can view the lists of threads in watched forums * * @param string $errorPhraseKey * @param array|null $viewingUser * * @return boolean */ public function canViewThreadsInWatchedForums(&$errorPhraseKey = '', array $viewingUser = null) { $this->standardizeViewingUserReference($viewingUser); if (!$viewingUser['user_id'] || !XenForo_Permission::hasPermission($viewingUser['permissions'], 'general', 'viewThreadsWatchedForums')) { return false; } return true; }
/** * Determines if a user can edit the temporary user changes * * @param string $errorPhraseKey * @param array|null $viewingUser * * @return boolean */ public function canEditTempUserChanges(&$errorPhraseKey = '', array $viewingUser = null) { $this->standardizeViewingUserReference($viewingUser); if (!$viewingUser['user_id'] || !XenForo_Permission::hasPermission($viewingUser['permissions'], 'general', 'editTempUserChange')) { return false; } return true; }
/** * Determines the maximum number of secondary social forums for the specified user. * * @param string $errorPhraseKey Returned by ref. Phrase key of more specific error * @param array|null $viewingUser Viewing user ref * * @return integer */ public function getMaximumSecondarySocialForums(&$errorPhraseKey = '', array $viewingUser = null) { $this->standardizeViewingUserReference($viewingUser); if (!$viewingUser['user_id']) { return 0; } return XenForo_Permission::hasPermission($viewingUser['permissions'], 'general', 'maxSecondarySocialForums'); }
public function getPermissions(array $viewingUser = null) { $this->standardizeViewingUserReference($viewingUser); $perms['post'] = XenForo_Permission::hasPermission($viewingUser['permissions'], 'GeekListings', 'canPost') ? true : false; $perms['bypass'] = XenForo_Permission::hasPermission($viewingUser['permissions'], 'GeekListings', 'canBypass') ? true : false; $perms['rsvp'] = XenForo_Permission::hasPermission($viewingUser['permissions'], 'GeekListings', 'canRSVP') ? true : false; $perms['mod'] = XenForo_Permission::hasPermission($viewingUser['permissions'], 'GeekListings', 'canMod') ? true : false; return $perms; }
/** * * @see XenForo_Model_ProfilePost::getPermissionBasedProfilePostConditions() */ public function getPermissionBasedProfilePostConditions(array $user, array $viewingUser = null) { $conditions = parent::getPermissionBasedProfilePostConditions($user, $viewingUser); $this->standardizeViewingUserReference($viewingUser); if ($user['user_id'] == $viewingUser['user_id'] && !XenForo_Permission::hasPermission($viewingUser['permissions'], 'profilePost', 'view') && XenForo_Permission::hasPermission($viewingUser['permissions'], 'profilePost', 'viewOwnStatus')) { $conditions['profile_post_user_id'] = $viewingUser['user_id']; } return $conditions; }
/** * * @see XenForo_Model_Attachment::canDeleteAttachment() */ public function canDeleteAttachment(array $attachment, $tempHash = '', array $viewingUser = null) { $this->standardizeViewingUserReference($viewingUser); if (empty($attachment['temp_hash']) || !empty($attachment['content_id'])) { if (!XenForo_Permission::hasPermission($viewingUser['permissions'], 'general', 'deleteAttachment')) { return false; } } return parent::canDeleteAttachment($attachment, $tempHash, $viewingUser); }
public function actionAddEntry() { // this action must be called via POST $this->_assertPostOnly(); // guests not allowed $this->_assertRegistrationRequired(); $permissions = XenForo_Visitor::getInstance()->getPermissions(); $actionAllowed = XenForo_Permission::hasPermission($permissions, "forum", "postThread"); if (!$actionAllowed) { return $this->responseError('You do not have permissions to do this'); } # Grab user info/model/array from db $userModel = XenForo_Model::create('XenForo_Model_User'); // get donor id and also get the receiver's name $dbtc_donor_id = $this->_input->filterSingle('dbtc_donor_id', XenForo_Input::STRING); $dbtc_receiver_name = $this->_input->filterSingle('dbtc_receiver_name', XenForo_Input::STRING); // get transaction id if it exists $dbtc_transaction_id = $this->_input->filterSingle('dbtc_transaction_id', XenForo_Input::UINT); // get parent transaction id if it exists $dbtc_parent_transaction_id = $this->_input->filterSingle('dbtc_parent_transaction_id', XenForo_Input::UINT); $donorModel = $userModel->getUserById($dbtc_donor_id); $receiverModel = $userModel->getUserByNameOrEmail($dbtc_receiver_name); // get user id $dbtc_receiver_id = $receiverModel['user_id']; // get the user based on id or error // $user = $this->_getUserOrError($dbtc_receiver_id); // get status id $dbtc_status_id = $this->_input->filterSingle('dbtc_status_id', XenForo_Input::UINT); // get date and make sure we have a 'human' versino of the date $dbtc_date = $this->_input->filterSingle('dbtc_date', XenForo_Input::DATE_TIME); $dbtc_human_date = gmdate("m/d/Y", $dbtc_date); # Grab avatar and link $avatar = XenForo_Template_Helper_Core::callHelper('avatarhtml', array($receiverModel, TRUE, array('size' => 's'), '')); // get all necessary inputs from this form $dbtc_thread_id = $this->_input->filterSingle('dbtc_thread_id', XenForo_Input::UINT); // $data = array($dbtc_thread_id, $dbtc_donor_id, $dbtc_receiver_id, $dbtc_status_id, $dbtc_date, $avatar); // create a new DataWriter and set user_id and message fields $writer = XenForo_DataWriter::create('DBTC_DataWriter_DBTCNodeEntry'); // if we're editing a transaction if ($dbtc_transaction_id != 0) { $writer->setExistingData($dbtc_transaction_id); } $writer->set('dbtc_thread_id', $dbtc_thread_id); $writer->set('dbtc_donor_id', $dbtc_donor_id); $writer->set('dbtc_receiver_id', $dbtc_receiver_id); $writer->set('dbtc_status_id', $dbtc_status_id); $writer->set('dbtc_date', $dbtc_date); $writer->set('dbtc_parent_transaction_id', $dbtc_parent_transaction_id); $writer->save(); // get the data that was saved $nodeData = $writer->getMergedData(); $data = array('dbtc_transaction_id' => $nodeData['dbtc_transaction_id'], 'dbtc_thread_id' => $dbtc_thread_id, 'dbtc_donor_id' => $dbtc_donor_id, 'dbtc_receiver_id' => $dbtc_receiver_id, 'dbtc_receiver_name' => $dbtc_receiver_name, 'dbtc_status_id' => $dbtc_status_id, 'dbtc_date' => $dbtc_human_date, 'dbtc_receiver_avatar_html' => $avatar, 'dbtc_parent_transaction_id', $dbtc_parent_transaction_id); // redirect back to the normal scratchpad index page return $this->responseRedirect(XenForo_ControllerResponse_Redirect::SUCCESS, XenForo_Link::buildPublicLink('dbtc-node-entry'), null, $data); }
public function canChangeCheckInOutUser(&$errorPhraseKey = '', array $viewingUser = null) { $this->standardizeViewingUserReference($viewingUser); if (!$viewingUser['user_id']) { return false; } if (XenForo_Permission::hasPermission($viewingUser['permissions'], 'general', 'checkInOutAsUser')) { return true; } return false; }
public function getRecords($previousLast, $limit, array $viewingUser) { if (!XenForo_Permission::hasPermission($viewingUser['permissions'], 'general', 'viewProfile')) { return array(); } $userModel = $this->_getUserModel(); $ids = $userModel->getUserIdsInRange($previousLast, $limit); $users = $userModel->getUsersByIds($ids, array('join' => XenForo_Model_User::FETCH_USER_FULL, 'followingUserId' => $viewingUser['user_id'])); ksort($users); return $users; }
public function getRecords($previousLast, $limit, array $viewingUser) { if (!XenForo_Permission::hasPermission($viewingUser['permissions'], 'Teams', 'view')) { return array(); } $teamModel = $this->_getTeamModel(); $ids = $teamModel->getTeamIdsInRange($previousLast, $limit); $teams = $teamModel->getTeamsByIds($ids, array('join' => Nobita_Teams_Model_Team::FETCH_PROFILE | Nobita_Teams_Model_Team::FETCH_PRIVACY | Nobita_Teams_Model_Team::FETCH_CATEGORY)); ksort($teams); return $teams; }
public function canViewCategories(&$errorPhraseKey = '', array $viewingUser = array()) { $viewingUser = $this->standardizeViewingUserReference($viewingUser); if (XenForo_Permission::hasPermission($viewingUser['permissions'], 'xengallery', 'viewOverride')) { return true; } if (!XenForo_Permission::hasPermission($viewingUser['permissions'], 'xengallery', 'viewCategories')) { $errorPhraseKey = 'xengallery_no_view_this_category_permission'; return false; } return true; }
/** * Determines if a user can add a category inside the given resource * category. * * @param array $category * @param string $errorPhraseKey * @param array $viewingUser * @param array|null $categoryPermissions * * @return boolean */ public function canAddCategory(array $category = null, &$errorPhraseKey = '', array $viewingUser = null, array $categoryPermissions = null) { if ($category) { $this->standardizeViewingUserReferenceForCategory($category, $viewingUser, $categoryPermissions); } else { $this->standardizeViewingUserReference($viewingUser); } if ($category) { return XenForo_Permission::hasContentPermission($categoryPermissions, 'addCategory'); } return XenForo_Permission::hasPermission($viewingUser['permissions'], 'resource', 'addCategory'); }
public function actionLogin() { if (!$this->_request->isPost()) { return $this->responseRedirect(XenForo_ControllerResponse_Redirect::RESOURCE_CANONICAL, XenForo_Link::buildAdminLink('index')); } $data = $this->_input->filter(array('login' => XenForo_Input::STRING, 'password' => XenForo_Input::STRING, 'redirect' => XenForo_Input::STRING, 'cookie_check' => XenForo_Input::UINT)); $redirect = $data['redirect'] ? $data['redirect'] : XenForo_Link::buildAdminLink('index'); $loginModel = $this->_getLoginModel(); if ($data['cookie_check'] && count($_COOKIE) == 0) { // login came from a page, so we should at least have a session cookie. // if we don't, assume that cookies are disabled return $this->responseError(new XenForo_Phrase('cookies_required_to_log_in_to_site')); } $needCaptcha = $loginModel->requireLoginCaptcha($data['login']); if ($needCaptcha) { // just block logins here instead of using the captcha return $this->responseError(new XenForo_Phrase('your_account_has_temporarily_been_locked_due_to_failed_login_attempts')); } $userModel = $this->_getUserModel(); $userId = $userModel->validateAuthentication($data['login'], $data['password'], $error); if (!$userId) { $loginModel->logLoginAttempt($data['login']); if ($loginModel->requireLoginCaptcha($data['login'])) { return $this->responseError(new XenForo_Phrase('your_account_has_temporarily_been_locked_due_to_failed_login_attempts')); } if ($this->_input->filterSingle('upgrade', XenForo_Input::UINT)) { return $this->responseRedirect(XenForo_ControllerResponse_Redirect::SUCCESS, $redirect); } else { // note - JSON view will return responseError($text) return $this->responseView('XenForo_ViewAdmin_Login_Error', 'login_form', array('text' => $error, 'defaultLogin' => $data['login'], 'redirect' => $redirect), array('containerTemplate' => 'LOGIN_PAGE')); } } $loginModel->clearLoginAttempts($data['login']); $user = $this->_getUserModel()->getFullUserById($userId, array('join' => XenForo_Model_User::FETCH_USER_PERMISSIONS)); // now check that the user will be able to get into the ACP (is_admin) if (!$user['is_admin']) { return $this->responseError(new XenForo_Phrase('your_account_does_not_have_admin_privileges')); } /** @var XenForo_ControllerHelper_Login $loginHelper */ $loginHelper = $this->getHelper('Login'); if ($loginHelper->userTfaConfirmationRequired($user)) { $loginHelper->setTfaSessionCheck($user['user_id']); return $this->responseRedirect(XenForo_ControllerResponse_Redirect::SUCCESS, XenForo_Link::buildAdminLink('login/two-step', null, array('redirect' => $redirect))); } else { $permissions = XenForo_Permission::unserializePermissions($user['global_permission_cache']); if (empty($user['use_tfa']) && (XenForo_Application::getOptions()->adminRequireTfa || XenForo_Permission::hasPermission($permissions, 'general', 'requireTfa'))) { return $this->responseError(new XenForo_Phrase('you_must_enable_two_step_access_control_panel', array('link' => XenForo_Link::buildPublicLink('account/two-step')))); } $postVars = $this->_input->filterSingle('postVars', XenForo_Input::JSON_ARRAY); return $this->completeLogin($userId, $redirect, $postVars); } }
/** * @see XenForo_ControllerPublic_Account::actionPrivacy() * * @return XenForo_ControllerResponse_View */ public function actionPrivacy() { $response = parent::actionPrivacy(); if ($response instanceof XenForo_ControllerResponse_View) { $visitor = XenForo_Visitor::getInstance()->toArray(); if (XenForo_Permission::hasPermission($visitor['permissions'], 'general', 'editVisibility')) { $response->subView->params['canEditVisibility'] = true; } else { $response->subView->params['canEditVisibility'] = false; } } return $response; }
public function getPostAsDifferentUsers(array $conditions = array(), array $viewingUser = null) { $this->standardizeViewingUserReference($viewingUser); $users = array(); if ($viewingUser['user_id'] && XenForo_Permission::hasPermission($viewingUser['permissions'], 'general', 'postAsDifferentUser')) { $userGroupIds = array_keys(XenForo_Application::get('options')->th_postAsUser_userGroups); if (!empty($userGroupIds)) { $users = $this->getUsersByUserGroupIds($userGroupIds, $conditions); unset($users[XenForo_Visitor::getUserId()]); } } return $users; }