public function ReadUnreadPackPM(array $messageids, $set = 'yes') { if ($this->vbulletin->options['dle_onoff'] && $this->vbulletin->options['dle_pm']) { $pm_result = $this->vbulletin->db->query_read("SELECT pt.*, p.messageread, p.folderid FROM " . TABLE_PREFIX . "pmtext AS pt \n LEFT JOIN " . TABLE_PREFIX . "pm AS p\n ON pt.pmtextid=p.pmtextid\n WHERE p.pmid IN (" . implode(", ", $messageids) . ") AND p.userid=" . $this->vbulletin->userinfo['userid'] . " LIMIT 1"); if ($this->vbulletin->db->num_rows($pm_result)) { $this->_db_connect(); $user_name = $this->db->escape_string($this->vbulletin->userinfo['username']); $user = $this->db->query_first("SELECT user_id FROM " . USERPREFIX . "_users WHERE name='{$user_name}' LIMIT 1"); if ($user) { $pm_unread = 0; while ($pm_info = $this->vbulletin->db->fetch_array($pm_result)) { if (DLE_CHARSET && DLE_CHARSET != $this->vbulletin->userinfo['lang_charset']) { $pm_info['fromusername'] = iconv($this->vbulletin->userinfo['lang_charset'], DLE_CHARSET, $pm_info['fromusername']); } $fromusername = $this->db->escape_string($pm_info['fromusername']); if ($pm_info['messageread']) { $pm_unread++; } if ($pm_info['folderid'] == -1) { $folder = "outbox"; } else { $folder = "inbox"; } $this->db->query_write("UPDATE " . USERPREFIX . "_pm SET pm_read='{$set}' WHERE user_from='{$fromusername}' AND date='{$pm_info['dateline']}' AND folder='{$folder}' AND user={$user['user_id']}"); } if ($pm_unread) { $this->db->query_write("UPDATE " . USERPREFIX . "_users SET pm_unread=IF(pm_unread <= {$pm_unread}, 0, pm_unread-{$pm_unread}) WHERE user_id='{$user['user_id']}'"); } } $this->_db_disconnect(); } } }
/** * Verifies that the provided username is valid, and attempts to correct it if it is not valid * * @param string Username * * @return boolean Returns true if the username is valid, or has been corrected to be valid */ function verify_username(&$username) { // this is duplicated from the user manager // fix extra whitespace and invisible ascii stuff $username = trim(preg_replace('#[ \\r\\n\\t]+#si', ' ', strip_blank_ascii($username, ' '))); $username_raw = $username; global $stylevar; $username = preg_replace('/&#([0-9]+);/ie', "convert_unicode_char_to_charset('\\1', \$stylevar['charset'])", $username); $username = preg_replace('/�*([0-9]{1,2}|1[01][0-9]|12[0-7]);/ie', "convert_int_to_utf8('\\1')", $username); $username = str_replace(chr(0), '', $username); $username = trim($username); $length = vbstrlen($username); if ($length < $this->registry->options['minuserlength']) { // name too short $this->error('usernametooshort', $this->registry->options['minuserlength']); return false; } else { if ($length > $this->registry->options['maxuserlength']) { // name too long $this->error('usernametoolong', $this->registry->options['maxuserlength']); return false; } else { if (preg_match('/(?<!&#[0-9]{3}|&#[0-9]{4}|&#[0-9]{5});/', $username)) { // name contains semicolons $this->error('username_contains_semi_colons'); return false; } else { if ($username != fetch_censored_text($username)) { // name contains censored words $this->error('censorfield', $this->registry->options['contactuslink']); return false; } else { if ($this->dbobject->query_first("\n\t\t\tSELECT userid, username FROM " . TABLE_PREFIX . "user\n\t\t\tWHERE userid != " . intval($this->existing['userid']) . "\n\t\t\tAND\n\t\t\t(\n\t\t\t\tusername = '******'\n\t\t\t\tOR\n\t\t\t\tusername = '******'\n\t\t\t)\n\t\t")) { // name is already in use $this->error('usernametaken', htmlspecialchars_uni($username), $this->registry->session->vars['sessionurl']); return false; } else { if (!empty($this->registry->options['illegalusernames'])) { // check for illegal username $usernames = preg_split('/[ \\r\\n\\t]+/', $this->registry->options['illegalusernames'], -1, PREG_SPLIT_NO_EMPTY); foreach ($usernames as $val) { if (strpos(strtolower($username), strtolower($val)) !== false) { // wierd error to show, but hey... $this->error('usernametaken', htmlspecialchars_uni($username), $this->registry->session->vars['sessionurl']); return false; } } } } } } } } // if we got here, everything is okay $username = htmlspecialchars_uni($username); return true; }
/** * Import System Dependencies * */ public function import_dependencies($dependencylist = null) { // get system version info $system_versions = array('php' => PHP_VERSION, 'vbulletin' => $this->registry->options['templateversion'], 'products' => fetch_product_list(true)); $mysql_version = $this->db->query_first("SELECT VERSION() AS version"); $system_versions['mysql'] = $mysql_version['version']; if ($dependencylist) { $this->productobj['dependencies']['dependency'] = $dependencylist; } // ############## import dependencies if (is_array($this->productobj['dependencies']['dependency'])) { $dependencies =& $this->productobj['dependencies']['dependency']; if (!isset($dependencies[0])) { $dependencies = array($dependencies); } $dependency_errors = array(); $ignore_dependency_errors = array(); // let's check the dependencies foreach ($dependencies as $dependency) { // if we get an error, we haven't met this dependency // if we go through without a problem, we have automatically met // all dependencies for this "class" (mysql, php, vb, a specific product, etc) $this_dependency_met = true; // build a phrase for the version compats -- will look like (minver / maxver) if ($dependency['minversion']) { $compatible_phrase = construct_phrase($this->vbphrase['compatible_starting_with_x'], htmlspecialchars_uni($dependency['minversion'])); } else { $compatible_phrase = ''; } if ($dependency['maxversion']) { $incompatible_phrase = construct_phrase($this->vbphrase['incompatible_with_x_and_greater'], htmlspecialchars_uni($dependency['maxversion'])); } else { $incompatible_phrase = ''; } if ($compatible_phrase or $incompatible_phrase) { $required_version_info = "({$compatible_phrase}"; if ($compatible_phrase and $incompatible_phrase) { $required_version_info .= ' / '; } $required_version_info .= "{$incompatible_phrase})"; } // grab the appropriate installed version string if ($dependency['dependencytype'] == 'product') { // group dependencies into types -- individual products get their own group $dependency_type_key = "product-{$dependency['parentproductid']}"; // undocumented feature -- you can put a producttitle attribute in a dependency so the id isn't displayed $parent_product_title = !empty($dependency['producttitle']) ? $dependency['producttitle'] : $dependency['parentproductid']; $parent_product = $system_versions['products']["{$dependency['parentproductid']}"]; if (!$parent_product) { // required product is not installed $dependency_errors["{$dependency_type_key}"] = construct_phrase($this->vbphrase['product_x_must_be_installed'], htmlspecialchars_uni($parent_product_title), $required_version_info); continue; // can't do version checks if the product isn't installed } else { if ($parent_product['active'] == 0) { // product is installed, but inactive $dependency_errors["{$dependency_type_key}-inactive"] = construct_phrase($this->vbphrase['product_x_must_be_activated'], htmlspecialchars_uni($parent_product_title)); $this_dependency_met = false; // allow version checks to continue } } $sys_version_str = $parent_product['version']; $version_incompatible_phrase = 'product_incompatible_version_x_product_y'; } else { $dependency_type_key = $dependency['dependencytype']; $parent_product_title = ''; $sys_version_str = $system_versions["{$dependency['dependencytype']}"]; $version_incompatible_phrase = 'product_incompatible_version_x_' . $dependency['dependencytype']; } // if no version string, we are trying to do an unsupported dep check if ($sys_version_str == '') { continue; } $sys_version = fetch_version_array($sys_version_str); // error if installed version < minversion if ($dependency['minversion']) { $dep_version = fetch_version_array($dependency['minversion']); for ($i = 0; $i <= 5; $i++) { if ($sys_version["{$i}"] < $dep_version["{$i}"]) { // installed version is too old $dependency_errors["{$dependency_type_key}"] = construct_phrase($this->vbphrase["{$version_incompatible_phrase}"], htmlspecialchars_uni($sys_version_str), $required_version_info, $parent_product_title); $this_dependency_met = false; break; } else { if ($sys_version["{$i}"] > $dep_version["{$i}"]) { break; } } } } // error if installed version >= maxversion if ($dependency['maxversion']) { $dep_version = fetch_version_array($dependency['maxversion']); $all_equal = true; for ($i = 0; $i <= 5; $i++) { if ($sys_version["{$i}"] > $dep_version["{$i}"]) { // installed version is newer than the maxversion $dependency_errors["{$dependency_type_key}"] = construct_phrase($this->vbphrase["{$version_incompatible_phrase}"], htmlspecialchars_uni($sys_version_str), $required_version_info, $parent_product_title); $this_dependency_met = false; break; } else { if ($sys_version["{$i}"] < $dep_version["{$i}"]) { // not every part is the same and since we've got less we can exit $all_equal = false; break; } else { if ($sys_version["{$i}"] != $dep_version["{$i}"]) { // not every part is the same $all_equal = false; } } } } if ($all_equal == true) { // installed version is same as the max version, which is the first incompat version $dependency_errors["{$dependency_type_key}"] = construct_phrase($this->vbphrase["{$version_incompatible_phrase}"], htmlspecialchars_uni($sys_version_str), $required_version_info, $parent_product_title); $this_dependency_met = false; } } if ($this_dependency_met) { // we met 1 dependency for this type -- this emulates or'ing together groups $ignore_dependency_errors["{$dependency_type_key}"] = true; } } // for any group we met a dependency for, ignore any errors we might // have gotten for the group foreach ($ignore_dependency_errors as $dependency_type_key => $devnull) { unset($dependency_errors["{$dependency_type_key}"]); } if ($dependency_errors) { $dependency_errors = array_unique($dependency_errors); if ($this->outputtype == 'html') { $dependency_errors = '<ol class="deperrors"><li>' . implode('</li><li>', $dependency_errors) . '</li></ol>'; } else { $dependency_errors = implode("\r\n", $dependency_errors); } print_dots_stop(); throw new vB_Exception_AdminStopMessage(array('dependencies_not_met_x', $dependency_errors)); } } // look to see if we already have this product installed if ($existingprod = $this->db->query_first("\n\t\t\tSELECT *\n\t\t\tFROM " . TABLE_PREFIX . "product\n\t\t\tWHERE productid = '" . $this->db->escape_string($this->productinfo['productid']) . "'")) { if (!$this->productinfo['allow_overwrite']) { print_dots_stop(); throw new vB_Exception_AdminStopMessage(array('product_x_installed_no_overwrite', $this->productinfo['title'])); } $this->active = $existingprod['active']; // not sure what we're deleting, so rebuild everything $this->rebuild = array('templates' => true, 'plugins' => true, 'phrases' => true, 'options' => true, 'cron' => true); $this->installed_version = $existingprod['version']; } else { $this->active = $this->productinfo['active'] ? 1 : 0; $this->rebuild = array('templates' => false, 'plugins' => false, 'phrases' => false, 'options' => false, 'cron' => false); $this->installed_version = null; } }
/** * Verifies the an image property. Must come from this user's album and the album must be public/profile. * * @param string Value to verfiy. May be modified. * * @return boolean True if value. */ function verify_image(&$value) { if (!($this->registry->options['socnet'] & $this->registry->bf_misc_socnet['enable_albums'])) { $value = ''; return true; } $foundalbum = preg_match('#albumid=([0-9]+)#', $value, $albumid); $foundpicture = preg_match('#pictureid=([0-9]+)#', $value, $pictureid); if ($foundalbum and $foundpicture and $picture = $this->dbobject->query_first("\n\t\t\tSELECT album.userid\n\t\t\tFROM " . TABLE_PREFIX . "albumpicture AS albumpicture\n\t\t\tINNER JOIN " . TABLE_PREFIX . "picture AS picture ON (albumpicture.pictureid = picture.pictureid)\n\t\t\tINNER JOIN " . TABLE_PREFIX . "album AS album ON (albumpicture.albumid = album.albumid)\n\t\t\tWHERE albumpicture.albumid = " . intval($albumid[1]) . "\n\t \t\t\tAND albumpicture.pictureid = " . intval($pictureid[1]) . "\n\t \t\t\tAND album.state IN ('profile', 'public')\n\t \t\t\tAND album.userid = " . $this->userid . "\n\t \t")) { $value = $albumid[1] . "," . $pictureid[1]; return true; } else { return false; } }
/** * Verifies the an image property. Must come from this user's album and the album must be public/profile. * * @param string Value to verfiy. May be modified. * * @return boolean True if value. */ function verify_image(&$value) { if (!($this->registry->options['socnet'] & $this->registry->bf_misc_socnet['enable_albums'])) { $value = ''; return true; } $foundalbum = preg_match('#albumid=([0-9]+)#', $value, $albumid); $foundpicture = preg_match('#attachmentid=([0-9]+)#', $value, $attachmentid); require_once(DIR . '/includes/class_bootstrap_framework.php'); require_once(DIR . '/vb/types.php'); vB_Bootstrap_Framework::init(); $types = vB_Types::instance(); $contenttypeid = intval($types->getContentTypeID('vBForum_Album')); if ($foundalbum AND $foundpicture AND $picture = $this->dbobject->query_first(" SELECT album.userid FROM " . TABLE_PREFIX . "attachment AS a INNER JOIN " . TABLE_PREFIX . "album AS album ON (a.contentid = album.albumid) WHERE a.attachmentid = " . intval($attachmentid[1]) . " AND a.contenttypeid = $contenttypeid AND album.state IN ('profile', 'public') AND album.userid = " . $this->userid . " AND album.albumid = " . intval($albumid[1]) . " ")) { $value = $albumid[1] . "," . $attachmentid[1]; return true; } else { return false; } }
/** This sets an option. It should rarely used. Its primary use is for temporarily * storing the version number from which this upgrade started. Any other use should be * carefully considered as to why you don't just put in the XML file. * * * @param string * @param string //we actually don't currently use this parameter * @param string ****/ protected function set_new_option($varname, $grouptitle, $value, $datatype, $default_value = false, $optioncode = '', $product = 'vbulletin') { $row = $this->db->query_first("\n\t\t\tSELECT value\n\t\t\tFROM " . TABLE_PREFIX . "setting\n\t\t\tWHERE varname = '" . $this->db->escape_string($varname) . "';"); if (!$row) { $sql = "REPLACE INTO " . TABLE_PREFIX . "setting\n\t\t\t\t\t(product, varname, grouptitle, value, datatype, optioncode, volatile " . ($default_value ? ',defaultvalue' : '') . ")VALUES('" . $this->db->escape_string($product) . "', '" . $this->db->escape_string($varname) . "', '" . $this->db->escape_string($grouptitle) . "', '" . $this->db->escape_string($value) . "',\n\t\t\t\t'{$datatype}', '" . $this->db->escape_string($optioncode) . "', 1 " . ($default_value ? ",'" . $this->db->escape_string($default_value) . "'" : '') . ")"; $this->db->query_write($sql); } include_once DIR . '/includes/adminfunctions_options.php'; $values = array($varname => $value); if ($default_value) { $values[$varname]['default_value'] = $default_value; } save_settings($values); }
/** * Verifies the an image property. Must come from this user's album and the album must be public/profile. * * @param string Value to verfiy. May be modified. * * @return boolean True if value. */ function verify_image(&$value) { if (!($this->registry->options['socnet'] & $this->registry->bf_misc_socnet['enable_albums'])) { $value = ''; return true; } $foundalbum = preg_match('#albumid=([0-9]+)#', $value, $albumid); $foundpicture = preg_match('#attachmentid=([0-9]+)#', $value, $attachmentid); $types = vB_Types::instance(); $contenttypeid = intval($types->getContentTypeID('vBForum_Album')); if ($foundalbum and $foundpicture and $picture = $this->dbobject->query_first("\n\t\t\tSELECT album.userid\n\t\t\tFROM " . TABLE_PREFIX . "attachment AS a\n\t\t\tINNER JOIN " . TABLE_PREFIX . "album AS album ON (a.contentid = album.albumid)\n\t\t\tWHERE\n\t\t\t\ta.attachmentid = " . intval($attachmentid[1]) . "\n\t \t\t\t\tAND\n\t \t\t\ta.contenttypeid = {$contenttypeid}\n\t \t\t\t\tAND\n\t \t\t\talbum.state IN ('profile', 'public')\n\t \t\t\t\tAND\n\t \t\t\talbum.userid = " . $this->userid . "\n\t \t\t\t\tAND\n\t \t\t\talbum.albumid = " . intval($albumid[1]) . "\n\t \t")) { $value = $albumid[1] . "," . $attachmentid[1]; return true; } else { return false; } }