/** * Display the options a user can configure for this extension * * @return null * @access public */ public function display_options() { add_form_key('acp_donation'); // Is the form being submitted to us? if ($this->request->is_set_post('submit')) { if (!check_form_key('acp_donation')) { $error[] = 'FORM_INVALID'; } $donation_row = array('donation_body' => $this->request->variable('donation_body', '', true), 'donation_cancel' => $this->request->variable('donation_cancel', '', true), 'donation_success' => $this->request->variable('donation_success', '', true)); foreach ($donation_row as $this->config_name => $this->config_value) { $sql = 'UPDATE ' . $this->donation_table . "\n\t\t\t\t\tSET config_value = '" . $this->db->sql_escape($this->config_value) . "'\n\t\t\t\t\tWHERE config_name = '" . $this->db->sql_escape($this->config_name) . "'"; $this->db->sql_query($sql); } // Set the options the user configured $this->set_options(); // Add option settings change action to the admin log $this->phpbb_log->add('admin', $this->user->data['user_id'], $this->user->ip, 'DONATION_SAVED'); trigger_error($this->user->lang['DONATION_SAVED'] . adm_back_link($this->u_action)); } // let's get it on $sql = 'SELECT * FROM ' . $this->donation_table; $result = $this->db->sql_query($sql); $donation = array(); while ($row = $this->db->sql_fetchrow($result)) { $donation[$row['config_name']] = $row['config_value']; } $this->db->sql_freeresult($result); $donation_body = isset($donation['donation_body']) ? $donation['donation_body'] : ''; $donation_cancel = isset($donation['donation_cancel']) ? $donation['donation_cancel'] : ''; $donation_success = isset($donation['donation_success']) ? $donation['donation_success'] : ''; $donation_version = isset($this->config['donation_version']) ? $this->config['donation_version'] : ''; $this->template->assign_vars(array('DONATION_VERSION' => $donation_version, 'DONATION_ENABLE' => $this->config['donation_enable'], 'DONATION_INDEX_ENABLE' => $this->config['donation_index_enable'], 'DONATION_INDEX_TOP' => $this->config['donation_index_top'], 'DONATION_INDEX_BOTTOM' => $this->config['donation_index_bottom'], 'DONATION_EMAIL' => $this->config['donation_email'], 'DONATION_ACHIEVEMENT_ENABLE' => $this->config['donation_achievement_enable'], 'DONATION_ACHIEVEMENT' => $this->config['donation_achievement'], 'DONATION_GOAL_ENABLE' => $this->config['donation_goal_enable'], 'DONATION_GOAL' => $this->config['donation_goal'], 'DONATION_GOAL_CURRENCY_ENABLE' => $this->config['donation_goal_currency_enable'], 'DONATION_GOAL_CURRENCY' => $this->config['donation_goal_currency'], 'DONATION_BODY' => $donation_body, 'DONATION_CANCEL' => $donation_cancel, 'DONATION_SUCCESS' => $donation_success, 'U_ACTION' => $this->u_action)); }
/** * {@inheritdoc} */ public function get_group_rules($type = '') { $sql_array = array('SELECT' => 'agr.*, agt.autogroups_type_name', 'FROM' => array($this->autogroups_rules_table => 'agr', $this->autogroups_types_table => 'agt'), 'WHERE' => 'agr.autogroups_type_id = agt.autogroups_type_id' . ($type ? " AND agt.autogroups_type_name = '" . $this->db->sql_escape($type) . "'" : '')); $sql = $this->db->sql_build_query('SELECT', $sql_array); $result = $this->db->sql_query($sql, 7200); $rows = $this->db->sql_fetchrowset($result); $this->db->sql_freeresult($result); return $rows; }
/** * Update the users session in the table. */ public function update_session() { if ($this->user->data['user_id'] != ANONYMOUS) { $wwh_data = array('user_id' => $this->user->data['user_id'], 'user_ip' => $this->user->ip, 'username' => $this->user->data['username'], 'username_clean' => $this->user->data['username_clean'], 'user_colour' => $this->user->data['user_colour'], 'user_type' => $this->user->data['user_type'], 'viewonline' => $this->user->data['session_viewonline'], 'wwh_lastpage' => time()); $this->db->sql_return_on_error(true); $sql = 'UPDATE ' . WWH_TABLE . ' SET ' . $this->db->sql_build_array('UPDATE', $wwh_data) . ' WHERE user_id = ' . (int) $this->user->data['user_id'] . "\n\t\t\t\t\tOR (user_ip = '" . $this->db->sql_escape($this->user->ip) . "'\n\t\t\t\t\t\tAND user_id = " . ANONYMOUS . ')'; $result = $this->db->sql_query($sql); $this->db->sql_return_on_error(false); if ((bool) $result === false) { // database does not exist yet... return; } $sql_affectedrows = (int) $this->db->sql_affectedrows(); if ($sql_affectedrows != 1) { if ($sql_affectedrows > 1) { // Found multiple matches, so we delete them and just add one $sql = 'DELETE FROM ' . WWH_TABLE . ' WHERE user_id = ' . (int) $this->user->data['user_id'] . "\n\t\t\t\t\t\t\tOR (user_ip = '" . $this->db->sql_escape($this->user->ip) . "'\n\t\t\t\t\t\t\t\tAND user_id = " . ANONYMOUS . ')'; $this->db->sql_query($sql); $this->db->sql_query('INSERT INTO ' . WWH_TABLE . ' ' . $this->db->sql_build_array('INSERT', $wwh_data)); } if ($sql_affectedrows == 0) { // No entry updated. Either the user is not listed yet, or has opened two links in the same time $sql = 'SELECT 1 as found FROM ' . WWH_TABLE . ' WHERE user_id = ' . (int) $this->user->data['user_id'] . "\n\t\t\t\t\t\t\tOR (user_ip = '" . $this->db->sql_escape($this->user->ip) . "'\n\t\t\t\t\t\t\t\tAND user_id = " . ANONYMOUS . ')'; $result = $this->db->sql_query($sql); $found = (int) $this->db->sql_fetchfield('found'); $this->db->sql_freeresult($result); if (!$found) { // He wasn't listed. $this->db->sql_query('INSERT INTO ' . WWH_TABLE . ' ' . $this->db->sql_build_array('INSERT', $wwh_data)); } } } } else { $this->db->sql_return_on_error(true); $sql = 'SELECT user_id FROM ' . WWH_TABLE . "\n\t\t\t\tWHERE user_ip = '" . $this->db->sql_escape($this->user->ip) . "'"; $result = $this->db->sql_query_limit($sql, 1); $this->db->sql_return_on_error(false); if ((bool) $result === false) { // database does not exist yet... return; } $user_logged = (int) $this->db->sql_fetchfield('user_id'); $this->db->sql_freeresult($result); if (!$user_logged) { $wwh_data = array('user_id' => $this->user->data['user_id'], 'user_ip' => $this->user->ip, 'username' => $this->user->data['username'], 'username_clean' => $this->user->data['username_clean'], 'user_colour' => $this->user->data['user_colour'], 'user_type' => $this->user->data['user_type'], 'viewonline' => 1, 'wwh_lastpage' => time()); $this->db->sql_query('INSERT INTO ' . WWH_TABLE . ' ' . $this->db->sql_build_array('INSERT', $wwh_data)); } } $this->db->sql_return_on_error(false); }
/** * Check if the provided user has a specific key in the table provided * * @param string $table Table to check in * @param int $user_id The specific user * @param string $where Extra where clause. Be sure to include AND * * @return bool */ protected function check_table_for_user($table, $user_id, $where = '') { $sql = 'SELECT COUNT(registration_id) as reg_id FROM ' . $this->db->sql_escape($table) . ' WHERE user_id = ' . (int) $user_id . ' ' . $where; $result = $this->db->sql_query($sql); $row = $this->db->sql_fetchrow($result); $this->db->sql_freeresult($result); return $row && $row['reg_id'] > 0; }
public function edit_user_ranks() { $this->template->assign_vars(array('U_ACTION' => $this->u_action, 'S_FIND_USER' => true, 'U_FIND_USERNAME' => append_sid("{$this->root_path}memberlist.{$this->php_ext}", 'mode=searchuser&form=select_user&field=username&select_single=true'))); $submit = isset($_POST['submit-user']) ? true : false; if ($submit) { $username = utf8_normalize_nfc(request_var('username', '', true)); $user_sql = 'SELECT * FROM ' . USERS_TABLE . "\n\t\t\t\tWHERE username_clean = '" . $this->db->sql_escape(utf8_clean_string($username)) . "'"; $user_result = $this->db->sql_query($user_sql); $user_row = $this->db->sql_fetchrow($user_result); $user_id = (int) $user_row['user_id']; $this->db->sql_freeresult($user_result); if (!$user_id) { trigger_error($this->user->lang['NO_USER'] . adm_back_link($this->u_action), E_USER_WARNING); } $rank_sql = 'SELECT * FROM ' . RANKS_TABLE . ' WHERE rank_special = 1 ORDER BY rank_title'; $rank_result = $this->db->sql_query($rank_sql); $s_rank_one_options = '<option value="0"' . (!$user_row['user_rank'] ? ' selected="selected"' : '') . '>' . $this->user->lang['ACP_NO_SPEC_RANK'] . '</option>'; $s_rank_two_options = '<option value="0"' . (!$user_row['user_rank_two'] ? ' selected="selected"' : '') . '>' . $this->user->lang['ACP_NO_SPEC_RANK'] . '</option>'; $s_rank_three_options = '<option value="0"' . (!$user_row['user_rank_three'] ? ' selected="selected"' : '') . '>' . $this->user->lang['ACP_NO_SPEC_RANK'] . '</option>'; while ($row = $this->db->sql_fetchrow($rank_result)) { $selected1 = $user_row['user_rank'] && $row['rank_id'] == $user_row['user_rank'] ? ' selected="selected"' : ''; $s_rank_one_options .= '<option value="' . $row['rank_id'] . '"' . $selected1 . '>' . $row['rank_title'] . '</option>'; $selected2 = $user_row['user_rank_two'] && $row['rank_id'] == $user_row['user_rank_two'] ? ' selected="selected"' : ''; $s_rank_two_options .= '<option value="' . $row['rank_id'] . '"' . $selected2 . '>' . $row['rank_title'] . '</option>'; $selected3 = $user_row['user_rank_three'] && $row['rank_id'] == $user_row['user_rank_three'] ? ' selected="selected"' : ''; $s_rank_three_options .= '<option value="' . $row['rank_id'] . '"' . $selected3 . '>' . $row['rank_title'] . '</option>'; } $this->db->sql_freeresult($result); $this->template->assign_vars(array('ACP_MR_USER' => sprintf($this->user->lang['ACP_EDIT_USER_RANK'], $user_row['username']), 'S_EDIT_RANKS' => true, 'S_FIND_USER' => false, 'S_RANK_ONE_OPTIONS' => $s_rank_one_options, 'S_RANK_TWO_OPTIONS' => $s_rank_two_options, 'S_RANK_THREE_OPTIONS' => $s_rank_three_options, 'HIDDEN_RANK_USER_ID' => $user_id)); } add_form_key('submit-rank-key'); $upd_rank = isset($_POST['submit-rank']) ? true : false; if ($upd_rank) { if (check_form_key('submit-rank-key')) { $rank_one = request_var('user_rank_one', 0); $rank_two = request_var('user_rank_two', 0); $rank_thr = request_var('user_rank_three', 0); $upd_user_id = request_var('hidden_user_id', 0); $upd_sql = 'UPDATE ' . USERS_TABLE . ' SET user_rank = ' . $rank_one . ', user_rank_two = ' . $rank_two . ', user_rank_three = ' . $rank_thr . ' WHERE user_id = ' . $upd_user_id; $this->db->sql_query($upd_sql); trigger_error($this->user->lang('ACP_MR_SAVED') . adm_back_link($this->u_action)); } } }
/** * {@inheritdoc} */ public function set_user_categories($forum_id) { // Set the collapsed category data array $this->set_collapsed_categories($forum_id); // Update the db with json encoded array of collapsed category data if ($this->user->data['is_registered']) { $sql = 'UPDATE ' . USERS_TABLE . "\n\t\t\t\tSET collapsible_categories = '" . $this->db->sql_escape(json_encode($this->collapsed_categories)) . "'\n\t\t\t\tWHERE user_id = " . (int) $this->user->data['user_id']; $this->db->sql_query($sql); // There was an error updating the user's data if (!$this->db->sql_affectedrows()) { return false; } } // Set a cookie with the collapsed category data and return true return $this->set_cookie_categories($forum_id); }
/** * Set anchor * * @param string $anchor Anchor text * @return rule_interface $this object for chaining calls; load()->set()->save() * @access public * @throws \phpbb\boardrules\exception\unexpected_value */ public function set_anchor($anchor) { // Enforce a string $anchor = (string) $anchor; // Anchor should not contain any special characters if ($anchor != '' && !preg_match('/^[^!"#$%&*\'()+,.\\/\\\\:;<=>?@\\[\\]^`{|}~ ]*$/i', $anchor)) { throw new \phpbb\boardrules\exception\unexpected_value(array('anchor', 'ILLEGAL_CHARACTERS')); } // We limit the anchor length to 255 characters if (truncate_string($anchor, 255) != $anchor) { throw new \phpbb\boardrules\exception\unexpected_value(array('anchor', 'TOO_LONG')); } // Make sure rule anchors are unique // Test if new page and anchor field has data or... // if existing page and anchor field has new data not equal to existing anchor data if (!$this->get_id() && $anchor !== '' || $this->get_id() && $anchor !== '' && $this->get_anchor() !== $anchor) { $sql = 'SELECT 1 FROM ' . $this->boardrules_table . "\n\t\t\t\tWHERE rule_anchor = '" . $this->db->sql_escape($anchor) . "'\n\t\t\t\t\tAND rule_id <> " . $this->get_id(); $result = $this->db->sql_query_limit($sql, 1); $row = $this->db->sql_fetchrow($result); $this->db->sql_freeresult($result); if ($row) { throw new \phpbb\boardrules\exception\unexpected_value(array('anchor', 'NOT_UNIQUE')); } } // Set the anchor on our data array $this->data['rule_anchor'] = $anchor; return $this; }
/** * Perform table SQL query and return any messages * * @param string $query should either be OPTIMIZE TABLE, REPAIR TABLE, or CHECK TABLE * @param string $tables comma delineated string of all tables to be processed * @param int $disable_board the users option to disable the board during run time * @return string $message any errors or status information * @access protected */ protected function table_maintenance($query, $tables, $disable_board = 0) { // Disable the board if admin selected this option if ($disable_board) { $this->config->set('board_disable', 1); } $message = ''; $result = $this->db->sql_query($query . ' ' . $this->db->sql_escape($tables)); while ($row = $this->db->sql_fetchrow($result)) { // Build a message only for optimize/repair errors, or if check table is run if (in_array(strtolower($row['Msg_type']), array('error', 'info', 'note', 'warning')) || $query == 'CHECK TABLE') { $message .= '<br />' . substr($row['Table'], strpos($row['Table'], '.') + 1) . ' ... ' . $row['Msg_type'] . ': ' . $row['Msg_text']; } } $this->db->sql_freeresult($result); // Enable the board again if admin selected this option if ($disable_board) { $this->config->set('board_disable', 0); } // Clear cache to ensure board is re-enabled for all users $this->cache->purge(); // Let's add an extra line break if there are messages, it looks better $message = !empty($message) ? '<br />' . $message : ''; return $message; }
/** * Checks to see if we can use this username for a merge, based on a few factors. * * @param string $username - The username to check * @param array &$errors - Errors array to work with * @return mixed - Return the user's ID (integer) if valid, return void if there was an error */ private function check_user($username, &$errors, $old_user) { // Grabbeth the old user's ID if (!empty($username)) { $sql = 'SELECT user_id, user_type FROM ' . USERS_TABLE . "\n\t\t\t\tWHERE username_clean = '" . $this->db->sql_escape(utf8_clean_string($username)) . "'"; $result = $this->db->sql_query($sql); $user_id = (int) $this->db->sql_fetchfield('user_id'); $user_type = (int) $this->db->sql_fetchfield('user_type'); $this->db->sql_freeresult($result); // No such user. o_0 if (!$user_id) { $errors[] = $this->user->lang['NO_USER']; return; } } else { $errors[] = $this->user->lang['NO_USER_SPECIFIED']; return; } // Check to see if it is ourselves here if ($user_id === (int) $this->user->data['user_id'] && $old_user) { $errors[] = $this->user->lang['CANNOT_MERGE_SELF']; return; } // Make sure we aren't messing with a founder if ($user_type === USER_FOUNDER && $old_user && $this->user->data['user_type'] !== USER_FOUNDER) { $errors[] = $this->user->lang['CANNOT_MERGE_FOUNDER']; return; } return $user_id; }
/** * {@inheritdoc} */ protected function save_record(array $record) { $columns = $this->get_columns(); $sql = 'UPDATE ' . $this->get_table_name() . ' SET ' . $columns['text'] . " = '" . $this->db->sql_escape($record['text']) . "'\n\t\t\tWHERE " . $columns['id'] . ' = ' . $record['id']; $this->db->sql_query($sql); }
/** * Get a list of all users on the board that can be mentioned. Keys are the usernames utf8_cleaned. * Data is cached after the first call. * * @param string|bool $query_string False, if all users should be retrieved. Otherwise a string wich should be searched for. * @return array Array containing data of all users */ public function get_userlist($query_string = false) { // If we need the complete list and it is cached, we can return it. if ($query_string == false && self::$user_list) { return self::$user_list; } $cache_time = 300; $sql_ary = array('SELECT' => '*', 'FROM' => array(USERS_TABLE => 'u'), 'WHERE' => 'user_posts >= ' . $this->config['wolfsblvt.mentions.min_posts_suggest'] . ' AND user_type <> ' . USER_IGNORE, 'ORDER_BY' => 'username'); if ($query_string) { $escaped_query_string_clean = $this->db->sql_escape(utf8_clean_string($query_string)); $query_string['WHERE'] .= ' username_clean ' . $this->db->sql_like_expression($escaped_query_string_clean . $this->db->get_any_char()); } $sql = $this->db->sql_build_query('SELECT', $sql_ary); $result = $this->db->sql_query($sql, $cache_time); $user_list = array(); while ($row = $this->db->sql_fetchrow($result)) { $user_data = array('name' => $row['username'], 'user_id' => $row['user_id'], 'posts' => $row['user_posts'], 'colour' => $row['user_colour'], 'avatar' => phpbb_get_user_avatar($row), 'username_full' => get_username_string('full', $row['user_id'], $row['username'], $row['user_colour']), 'username_no_profile' => get_username_string('no_profile', $row['user_id'], $row['username'], $row['user_colour'])); if ($user_data['avatar'] == '') { $default_avatar_url = $this->path_helper->get_web_root_path() . $this->ext_root_path . '/styles/' . $this->user->style['style_path'] . '/theme' . '/images/no_avatar.gif'; // Check if file exists, otherwise take from "/all" folder. The administrator hasn't chosen a specific no_avatar avatar for this style then if (!file_exists($default_avatar_url)) { $default_avatar_url = $this->path_helper->get_web_root_path() . $this->ext_root_path . '/styles/all/theme' . '/images/no_avatar.gif'; } $user_data['avatar'] = '<img src="' . $default_avatar_url . '" width="100" height="100" alt="' . $this->user->lang['USER_AVATAR'] . '">'; } $user_list[$row['username_clean']] = $user_data; } $this->db->sql_freeresult($result); // If we have the complete list, we can cache it. if ($query_string == false) { self::$user_list = $user_list; } return $user_list; }
/** * Uninstall style * * @param array $style Style data * @return bool|string True on success, error message on error */ protected function uninstall_style($style) { $id = $style['style_id']; $path = $style['style_path']; // Check if style has child styles $sql = 'SELECT style_id FROM ' . STYLES_TABLE . ' WHERE style_parent_id = ' . (int) $id . " OR style_parent_tree = '" . $this->db->sql_escape($path) . "'"; $result = $this->db->sql_query($sql); $conflict = $this->db->sql_fetchrow($result); $this->db->sql_freeresult($result); if ($conflict !== false) { return sprintf($this->user->lang['STYLE_UNINSTALL_DEPENDENT'], $style['style_name']); } // Change default style for users $sql = 'UPDATE ' . USERS_TABLE . ' SET user_style = 0 WHERE user_style = ' . $id; $this->db->sql_query($sql); // Uninstall style $sql = 'DELETE FROM ' . STYLES_TABLE . ' WHERE style_id = ' . $id; $this->db->sql_query($sql); return true; }
/** * Enable all notifications of a certain type * * This should be called when an extension which has notification types * that was disabled is re-enabled so that all those notifications that * were hidden are shown again * * @param string $notification_type_name Type identifier of the subscription */ public function enable_notifications($notification_type_name) { $sql = 'UPDATE ' . $this->notification_types_table . " SET notification_type_enabled = 1 WHERE notification_type_name = '" . $this->db->sql_escape($notification_type_name) . "'"; $this->db->sql_query($sql); }
/** * Callback function for language replacing * * @param array $matches * @return string */ public function lang_replace_callback($matches) { if (!empty($matches[1])) { return $this->db->sql_escape($this->language->lang($matches[1])); } return ''; }
/** * Get basic data of all parent items * * Basic data is defined in the $item_basic_data property. * Data is cached in the item_parents column in the item table * * @param array $item The item to get the path from * @return array Array of items (containing basic columns from the item table) * ID => Item data */ public function get_path_basic_data(array $item) { $parents = array(); if ($item[$this->column_parent_id]) { if (!$item[$this->column_item_parents]) { $sql = 'SELECT ' . implode(', ', $this->item_basic_data) . ' FROM ' . $this->table_name . ' WHERE ' . $this->column_left_id . ' < ' . (int) $item[$this->column_left_id] . ' AND ' . $this->column_right_id . ' > ' . (int) $item[$this->column_right_id] . ' ' . $this->get_sql_where('AND') . ' ORDER BY ' . $this->column_left_id . ' ASC'; $result = $this->db->sql_query($sql); while ($row = $this->db->sql_fetchrow($result)) { $parents[$row[$this->column_item_id]] = $row; } $this->db->sql_freeresult($result); $item_parents = serialize($parents); $sql = 'UPDATE ' . $this->table_name . ' SET ' . $this->column_item_parents . " = '" . $this->db->sql_escape($item_parents) . "'\n\t\t\t\t\tWHERE " . $this->column_parent_id . ' = ' . (int) $item[$this->column_parent_id]; $this->db->sql_query($sql); } else { $parents = unserialize($item[$this->column_item_parents]); } } return $parents; }
/** * Set route * * @param string $route Route text * @return page_interface $this object for chaining calls; load()->set()->save() * @access public * @throws \phpbb\pages\exception\unexpected_value */ public function set_route($route) { // Enforce a string $route = (string) $route; // Route is a required field if ($route == '') { throw new \phpbb\pages\exception\unexpected_value(array('route', 'FIELD_MISSING')); } // Route should not contain any special characters if (!preg_match('/^[^!"#$%&*\'()+,.\\/\\\\:;<=>?@\\[\\]^`{|}~ ]*$/i', $route)) { throw new \phpbb\pages\exception\unexpected_value(array('route', 'ILLEGAL_CHARACTERS')); } // We limit the route length to 100 characters if (truncate_string($route, 100) != $route) { throw new \phpbb\pages\exception\unexpected_value(array('route', 'TOO_LONG')); } // Routes must be unique if (!$this->get_id() || $this->get_id() && $this->get_route() !== '' && $this->get_route() != $route) { $sql = 'SELECT 1 FROM ' . $this->pages_table . "\n\t\t\t\tWHERE page_route = '" . $this->db->sql_escape($route) . "'\n\t\t\t\t\tAND page_id <> " . $this->get_id(); $result = $this->db->sql_query_limit($sql, 1); $row = $this->db->sql_fetchrow($result); $this->db->sql_freeresult($result); if ($row) { throw new \phpbb\pages\exception\unexpected_value(array('route', 'NOT_UNIQUE')); } } // Set the route on our data array $this->data['page_route'] = $route; return $this; }
/** * @param int $user_id * @param bool $admin * @param bool $auto_login * @param bool $viewonline * @param string $redirect */ public function generate_page($user_id, $admin, $auto_login, $viewonline, $redirect) { $this->user->add_lang_ext('paul999/tfa', 'common'); $modules = $this->getModules(); /** * @var module_interface $row */ foreach ($modules as $row) { if ($row->is_usable($user_id)) { $this->template->assign_block_vars('tfa_options', array_merge(array('ID' => $row->get_name(), 'NAME' => $this->user->lang($row->get_translatable_name()), 'U_SUBMIT_AUTH' => $this->controller_helper->route('paul999_tfa_read_controller_submit', array('user_id' => (int) $user_id, 'admin' => (int) $admin, 'auto_login' => (int) $auto_login, 'viewonline' => (int) $viewonline, 'class' => $row->get_name()))), $row->login_start($user_id))); } } add_form_key('tfa_login_page'); $random = sha1(random_bytes(32)); if (!empty($this->user->data['tfa_random'])) { throw new http_exception(400, 'TFA_SOMETHING_WENT_WRONG'); } $sql_ary = array('tfa_random' => $random, 'tfa_uid' => $user_id); $sql = 'UPDATE ' . SESSIONS_TABLE . ' SET ' . $this->db->sql_build_array('UPDATE', $sql_ary) . "\n\t\t\tWHERE\n\t\t\t\tsession_id = '" . $this->db->sql_escape($this->user->data['session_id']) . "' AND\n\t\t\t\tsession_user_id = " . (int) $this->user->data['user_id']; $this->db->sql_query($sql); $this->template->assign_vars(array('REDIRECT' => $redirect, 'RANDOM' => $random)); page_header('TFA_KEY_REQUIRED'); $this->template->set_filenames(array('body' => '@paul999_tfa/authenticate_main.html')); page_footer(false); // Do not include cron on this page! }
/** * Display birthdays of 29th february on 28th february in non-leap-years * * @param array $now * @param \phpbb\datetime $time * @return string */ private function _adjust_leap_year(array $now, \phpbb\datetime $time) { $leap_year_birthdays = ''; if ($now['mday'] == 28 && $now['mon'] == 2 && !$time->format('L')) { $leap_year_birthdays = " OR u.user_birthday LIKE '" . $this->db->sql_escape(sprintf('%2d-%2d-', 29, 2)) . "%'"; } return $leap_year_birthdays; }
/** * Получение ID группы пользователей * @param string $group_name - по умолчанию REGISTERED * @return mixed */ public function getGroupId($group_name = 'REGISTERED') { $sql = "SELECT group_id\n\t\t\t\t\tFROM " . GROUPS_TABLE . "\n\t\t\t\t\tWHERE group_name = '" . $this->db->sql_escape($group_name) . "'"; $result = $this->db->sql_query($sql); $row = $this->db->sql_fetchrow($result); $this->db->sql_freeresult(); return $row['group_id']; }
/** * Set ColorizeIt options for a revision. * * @param array $options * @param int $revision_id * @param \phpbb\db\driver\driver_interface $db * * @return null */ public function submit_options($options, $revision_id, $db) { $options = serialize($options); $sql = 'UPDATE ' . TITANIA_REVISIONS_TABLE . ' SET revision_clr_options = "' . $db->sql_escape($options) . '" WHERE revision_id = ' . (int) $revision_id; $db->sql_query($sql); }
/** * Find the users who want to receive notifications (helper) * * @param array|bool $user_ids User IDs to check if they want to receive notifications * (Bool False to check all users besides anonymous and bots (USER_IGNORE)) * @param array $options * @return array */ protected function check_user_notification_options($user_ids = false, $options = array()) { $options = array_merge(array('ignore_users' => array(), 'item_type' => $this->get_type(), 'item_id' => 0), $options); if ($user_ids === false) { $user_ids = array(); $sql = 'SELECT user_id FROM ' . USERS_TABLE . ' WHERE user_id <> ' . ANONYMOUS . ' AND user_type <> ' . USER_IGNORE; $result = $this->db->sql_query($sql); while ($row = $this->db->sql_fetchrow($result)) { $user_ids[] = $row['user_id']; } $this->db->sql_freeresult($result); } if (empty($user_ids)) { return array(); } $rowset = $output = array(); $sql = 'SELECT user_id, method, notify FROM ' . $this->user_notifications_table . ' WHERE ' . $this->db->sql_in_set('user_id', $user_ids) . "\n\t\t\t\tAND item_type = '" . $this->db->sql_escape($options['item_type']) . "'\n\t\t\t\tAND item_id = " . (int) $options['item_id']; $result = $this->db->sql_query($sql); while ($row = $this->db->sql_fetchrow($result)) { if (isset($options['ignore_users'][$row['user_id']]) && in_array($row['method'], $options['ignore_users'][$row['user_id']])) { continue; } if (!isset($rowset[$row['user_id']])) { $rowset[$row['user_id']] = array(); } $rowset[$row['user_id']][$row['method']] = $row['notify']; if (!isset($output[$row['user_id']])) { $output[$row['user_id']] = array(); } if ($row['notify']) { $output[$row['user_id']][] = $row['method']; } } $this->db->sql_freeresult($result); $default_methods = $this->notification_manager->get_default_methods(); foreach ($user_ids as $user_id) { if (isset($options['ignore_users'][$user_id])) { continue; } if (!array_key_exists($user_id, $rowset)) { // No rows at all for this user, use the default methods $output[$user_id] = $default_methods; } else { foreach ($default_methods as $default_method) { if (!array_key_exists($default_method, $rowset[$user_id])) { // No user preference for this type recorded, but it should be enabled by default. $output[$user_id][] = $default_method; } } } } return $output; }
/** * Module Remove * * Remove a module * * @param string $class The module class(acp|mcp|ucp) * @param int|string|bool $parent The parent module_id|module_langname(0 for no parent). * Use false to ignore the parent check and check class wide. * @param int|string $module The module id|module_langname * specify that here * @return null * @throws \phpbb\db\migration\exception */ public function remove($class, $parent = 0, $module = '') { // Imitation of module_add's "automatic" and "manual" method so the uninstaller works from the same set of instructions for umil_auto if (is_array($module)) { if (isset($module['module_langname'])) { // Manual Method return $this->remove($class, $parent, $module['module_langname']); } // Failed. if (!isset($module['module_basename'])) { throw new \phpbb\db\migration\exception('MODULE_NOT_EXIST'); } // Automatic method $basename = $module['module_basename']; $module_info = $this->get_module_info($class, $basename); foreach ($module_info['modes'] as $mode => $info) { if (!isset($module['modes']) || in_array($mode, $module['modes'])) { $this->remove($class, $parent, $info['title']); } } } else { if (!$this->exists($class, $parent, $module)) { return; } $parent_sql = ''; if ($parent !== false) { // Allows '' to be sent as 0 $parent = $parent ?: 0; if (!is_numeric($parent)) { $sql = 'SELECT module_id FROM ' . $this->modules_table . "\n\t\t\t\t\t\tWHERE module_langname = '" . $this->db->sql_escape($parent) . "'\n\t\t\t\t\t\t\tAND module_class = '" . $this->db->sql_escape($class) . "'"; $result = $this->db->sql_query($sql); $module_id = $this->db->sql_fetchfield('module_id'); $this->db->sql_freeresult($result); // we know it exists from the module_exists check $parent_sql = 'AND parent_id = ' . (int) $module_id; } else { $parent_sql = 'AND parent_id = ' . (int) $parent; } } $module_ids = array(); if (!is_numeric($module)) { $sql = 'SELECT module_id FROM ' . $this->modules_table . "\n\t\t\t\t\tWHERE module_langname = '" . $this->db->sql_escape($module) . "'\n\t\t\t\t\t\tAND module_class = '" . $this->db->sql_escape($class) . "'\n\t\t\t\t\t\t{$parent_sql}"; $result = $this->db->sql_query($sql); while ($module_id = $this->db->sql_fetchfield('module_id')) { $module_ids[] = (int) $module_id; } $this->db->sql_freeresult($result); } else { $module_ids[] = (int) $module; } foreach ($module_ids as $module_id) { $this->module_manager->delete_module($module_id, $class); } $this->cache->destroy("_modules_{$class}"); } }
/** * Add new condition type * * @param string $autogroups_type_name The name of the auto group type * * @return int The identifier of the new condition type * @access public */ public function add_autogroups_type($autogroups_type_name) { // Insert the type name into the database $sql = 'INSERT INTO ' . $this->autogroups_types_table . ' ' . $this->db->sql_build_array('INSERT', array('autogroups_type_name' => $this->db->sql_escape($autogroups_type_name))); $this->db->sql_query($sql); // Return the id of the newly inserted condition type return (int) $this->db->sql_nextid(); }
/** * Get Ideas poster bot user ID * * @return int user_id Ideas bot user ID * @access protected */ protected function get_ideas_topics_poster_id() { $sql = 'SELECT user_id FROM ' . USERS_TABLE . "\n\t\t\tWHERE username_clean = '" . $this->db->sql_escape(utf8_clean_string($this->cfg_array['ideas_poster_id'])) . "'"; $result = $this->db->sql_query($sql); $user_id = (int) $this->db->sql_fetchfield('user_id'); $this->db->sql_freeresult($result); return $user_id; }
/** * Updates the user_id field in the database assosciated with the token * * @param int $user_id */ public function set_user_id($user_id) { if (!$this->cachedToken) { return; } $sql = 'UPDATE ' . $this->oauth_token_table . ' SET ' . $this->db->sql_build_array('UPDATE', array('user_id' => (int) $user_id)) . ' WHERE user_id = ' . (int) $this->user->data['user_id'] . "\n\t\t\t\t\tAND session_id = '" . $this->db->sql_escape($this->user->data['session_id']) . "'"; $this->db->sql_query($sql); }
protected function get_userid_from_username($username) { $sql = 'SELECT user_id FROM ' . USERS_TABLE . ' WHERE ' . "username_clean = '" . $this->db->sql_escape(utf8_clean_string($username)) . "'"; $result = $this->db->sql_query($sql); $user_id = (int) $this->db->sql_fetchfield('user_id'); $this->db->sql_freeresult($result); return $this->auth->acl_raw_data($user_id, 'a_') ? 'admin' : 'user'; }
/** * @param int $user_id * @param bool $admin * @param bool $auto_login * @param bool $viewonline * @param string $class * @return \Symfony\Component\HttpFoundation\Response * @throws http_exception */ public function submit($user_id, $admin, $auto_login, $viewonline, $class) { $this->user->add_lang_ext('paul999/tfa', 'common'); if (!check_form_key('tfa_login_page')) { throw new http_exception(403, 'FORM_INVALID'); } if (empty($this->user->data['tfa_random']) || $user_id != $this->user->data['tfa_uid']) { throw new http_exception(400, 'TFA_SOMETHING_WENT_WRONG'); } $random = $this->request->variable('random', ''); if ($this->user->data['tfa_random'] !== $random || strlen($random) !== 40) { throw new http_exception(400, 'TFA_SOMETHING_WENT_WRONG'); } $sql_ary = array('tfa_random' => '', 'tfa_uid' => 0); $sql = 'UPDATE ' . SESSIONS_TABLE . ' SET ' . $this->db->sql_build_array('UPDATE', $sql_ary) . "\n\t\t\tWHERE\n\t\t\t\tsession_id = '" . $this->db->sql_escape($this->user->data['session_id']) . "' AND\n\t\t\t\tsession_user_id = '" . (int) $this->user->data['user_id']; $this->db->sql_query($sql); if (empty($class)) { throw new http_exception(400, 'TFA_SOMETHING_WENT_WRONG'); } $module = $this->session_helper->findModule($class); if ($module == null) { throw new http_exception(400, 'TFA_SOMETHING_WENT_WRONG'); } $redirect = $this->request->variable('redirect', "{$this->root_path}/index.{$this->php_ext}"); try { if (!$module->login($user_id)) { $this->template->assign_var('S_ERROR', $this->user->lang('TFA_INCORRECT_KEY')); $this->session_helper->generate_page($user_id, $admin, $auto_login, $viewonline, $redirect); } } catch (http_exception $ex) { if ($ex->getStatusCode() == 400) { $this->template->assign_var('S_ERROR', $ex->getMessage()); $this->session_helper->generate_page($user_id, $admin, $auto_login, $viewonline, $redirect); } } $old_session_id = $this->user->session_id; if ($admin) { $cookie_expire = time() - 31536000; $this->user->set_cookie('u', '', $cookie_expire); $this->user->set_cookie('sid', '', $cookie_expire); } $result = $this->user->session_create($user_id, $admin, $auto_login, $viewonline); // Successful session creation if ($result === true) { // If admin re-authentication we remove the old session entry because a new one has been created... if ($admin) { // the login array is used because the user ids do not differ for re-authentication $sql = 'DELETE FROM ' . SESSIONS_TABLE . "\n\t\t\t\t\tWHERE session_id = '" . $this->db->sql_escape($old_session_id) . "'\n\t\t\t\t\tAND session_user_id = " . (int) $user_id; $this->db->sql_query($sql); redirect(append_sid("{$this->root_path}adm/index.{$this->php_ext}", false, true, $this->user->data['session_id'])); } redirect(append_sid($redirect, false, true, $this->user->data['session_id'])); } throw new http_exception(400, 'TFA_SOMETHING_WENT_WRONG'); }
/** * {@inheritdoc} */ public function run() { $this->db->sql_return_on_error(true); $server_name = $this->install_config->get('server_name'); $current_time = time(); $user_ip = phpbb_ip_normalise($this->iohandler->get_server_variable('REMOTE_ADDR')); $user_ip = $user_ip === false ? '' : $user_ip; $referer = $this->iohandler->get_server_variable('REFERER'); // Calculate cookie domain $cookie_domain = $server_name; if (strpos($cookie_domain, 'www.') === 0) { $cookie_domain = substr($cookie_domain, 3); } // Set default config and post data, this applies to all DB's $sql_ary = array('INSERT INTO ' . $this->config_table . " (config_name, config_value)\n\t\t\t\tVALUES ('board_startdate', '{$current_time}')", 'INSERT INTO ' . $this->config_table . " (config_name, config_value)\n\t\t\t\tVALUES ('default_lang', '" . $this->db->sql_escape($this->install_config->get('default_lang')) . "')", 'UPDATE ' . $this->config_table . "\n\t\t\t\tSET config_value = '" . $this->db->sql_escape($this->install_config->get('img_imagick')) . "'\n\t\t\t\tWHERE config_name = 'img_imagick'", 'UPDATE ' . $this->config_table . "\n\t\t\t\tSET config_value = '" . $this->db->sql_escape($this->install_config->get('server_name')) . "'\n\t\t\t\tWHERE config_name = 'server_name'", 'UPDATE ' . $this->config_table . "\n\t\t\t\tSET config_value = '" . $this->db->sql_escape($this->install_config->get('server_port')) . "'\n\t\t\t\tWHERE config_name = 'server_port'", 'UPDATE ' . $this->config_table . "\n\t\t\t\tSET config_value = '" . $this->db->sql_escape($this->install_config->get('board_email')) . "'\n\t\t\t\tWHERE config_name = 'board_email'", 'UPDATE ' . $this->config_table . "\n\t\t\t\tSET config_value = '" . $this->db->sql_escape($this->install_config->get('board_email')) . "'\n\t\t\t\tWHERE config_name = 'board_contact'", 'UPDATE ' . $this->config_table . "\n\t\t\t\tSET config_value = '" . $this->db->sql_escape($cookie_domain) . "'\n\t\t\t\tWHERE config_name = 'cookie_domain'", 'UPDATE ' . $this->config_table . "\n\t\t\t\tSET config_value = '" . $this->db->sql_escape($this->language->lang('default_dateformat')) . "'\n\t\t\t\tWHERE config_name = 'default_dateformat'", 'UPDATE ' . $this->config_table . "\n\t\t\t\tSET config_value = '" . $this->db->sql_escape($this->install_config->get('email_enable')) . "'\n\t\t\t\tWHERE config_name = 'email_enable'", 'UPDATE ' . $this->config_table . "\n\t\t\t\tSET config_value = '" . $this->db->sql_escape($this->install_config->get('smtp_delivery')) . "'\n\t\t\t\tWHERE config_name = 'smtp_delivery'", 'UPDATE ' . $this->config_table . "\n\t\t\t\tSET config_value = '" . $this->db->sql_escape($this->install_config->get('smtp_host')) . "'\n\t\t\t\tWHERE config_name = 'smtp_host'", 'UPDATE ' . $this->config_table . "\n\t\t\t\tSET config_value = '" . $this->db->sql_escape($this->install_config->get('smtp_port')) . "'\n\t\t\t\tWHERE config_name = 'smtp_port'", 'UPDATE ' . $this->config_table . "\n\t\t\t\tSET config_value = '" . $this->db->sql_escape($this->install_config->get('smtp_auth')) . "'\n\t\t\t\tWHERE config_name = 'smtp_auth_method'", 'UPDATE ' . $this->config_table . "\n\t\t\t\tSET config_value = '" . $this->db->sql_escape($this->install_config->get('smtp_user')) . "'\n\t\t\t\tWHERE config_name = 'smtp_username'", 'UPDATE ' . $this->config_table . "\n\t\t\t\tSET config_value = '" . $this->db->sql_escape($this->install_config->get('smtp_pass')) . "'\n\t\t\t\tWHERE config_name = 'smtp_password'", 'UPDATE ' . $this->config_table . "\n\t\t\t\tSET config_value = '" . $this->db->sql_escape($this->install_config->get('cookie_secure')) . "'\n\t\t\t\tWHERE config_name = 'cookie_secure'", 'UPDATE ' . $this->config_table . "\n\t\t\t\tSET config_value = '" . $this->db->sql_escape($this->install_config->get('force_server_vars')) . "'\n\t\t\t\tWHERE config_name = 'force_server_vars'", 'UPDATE ' . $this->config_table . "\n\t\t\t\tSET config_value = '" . $this->db->sql_escape($this->install_config->get('script_path')) . "'\n\t\t\t\tWHERE config_name = 'script_path'", 'UPDATE ' . $this->config_table . "\n\t\t\t\tSET config_value = '" . $this->db->sql_escape($this->install_config->get('server_protocol')) . "'\n\t\t\t\tWHERE config_name = 'server_protocol'", 'UPDATE ' . $this->config_table . "\n\t\t\t\tSET config_value = '" . $this->db->sql_escape($this->install_config->get('admin_name')) . "'\n\t\t\t\tWHERE config_name = 'newest_username'", 'UPDATE ' . $this->config_table . "\n\t\t\t\tSET config_value = '" . md5(mt_rand()) . "'\n\t\t\t\tWHERE config_name = 'avatar_salt'", 'UPDATE ' . $this->config_table . "\n\t\t\t\tSET config_value = '" . md5(mt_rand()) . "'\n\t\t\t\tWHERE config_name = 'plupload_salt'", 'UPDATE ' . $this->config_table . "\n\t\t\t\tSET config_value = '" . $this->db->sql_escape($this->install_config->get('board_name')) . "'\n\t\t\t\tWHERE config_name = 'sitename'", 'UPDATE ' . $this->config_table . "\n\t\t\t\tSET config_value = '" . $this->db->sql_escape($this->install_config->get('board_description')) . "'\n\t\t\t\tWHERE config_name = 'site_desc'", 'UPDATE ' . $this->user_table . "\n\t\t\t\tSET username = '******'admin_name')) . "',\n\t\t\t\t\tuser_password='******'admin_passwd')) . "',\n\t\t\t\t\tuser_ip = '" . $this->db->sql_escape($user_ip) . "',\n\t\t\t\t\tuser_lang = '" . $this->db->sql_escape($this->install_config->get('user_language', 'en')) . "',\n\t\t\t\t\tuser_email='" . $this->db->sql_escape($this->install_config->get('board_email')) . "',\n\t\t\t\t\tuser_dateformat='" . $this->db->sql_escape($this->language->lang('default_dateformat')) . "',\n\t\t\t\t\tuser_email_hash = " . $this->db->sql_escape(phpbb_email_hash($this->install_config->get('board_email'))) . ",\n\t\t\t\t\tusername_clean = '" . $this->db->sql_escape(utf8_clean_string($this->install_config->get('admin_name'))) . "'\n\t\t\t\tWHERE username = '******'", 'UPDATE ' . $this->moderator_cache_table . "\n\t\t\t\tSET username = '******'admin_name')) . "'\n\t\t\t\tWHERE username = '******'", 'UPDATE ' . $this->forums_table . "\n\t\t\t\tSET forum_last_poster_name = '" . $this->db->sql_escape($this->install_config->get('admin_name')) . "'\n\t\t\t\tWHERE forum_last_poster_name = 'Admin'", 'UPDATE ' . $this->topics_table . "\n\t\t\t\tSET topic_first_poster_name = '" . $this->db->sql_escape($this->install_config->get('admin_name')) . "',\n\t\t\t\ttopic_last_poster_name = '" . $this->db->sql_escape($this->install_config->get('admin_name')) . "'\n\t\t\t\tWHERE topic_first_poster_name = 'Admin'\n\t\t\t\t\tOR topic_last_poster_name = 'Admin'", 'UPDATE ' . $this->user_table . "\n\t\t\t\tSET user_regdate = {$current_time}", 'UPDATE ' . $this->posts_table . "\n\t\t\t\tSET post_time = {$current_time}, poster_ip = '" . $this->db->sql_escape($user_ip) . "'", 'UPDATE ' . $this->topics_table . "\n\t\t\t\tSET topic_time = {$current_time}, topic_last_post_time = {$current_time}", 'UPDATE ' . $this->forums_table . "\n\t\t\t\tSET forum_last_post_time = {$current_time}", 'UPDATE ' . $this->config_table . "\n\t\t\t\tSET config_value = '" . $this->db->sql_escape($this->db->sql_server_info(true)) . "'\n\t\t\t\tWHERE config_name = 'dbms_version'"); if (@extension_loaded('gd')) { $sql_ary[] = 'UPDATE ' . $this->config_table . "\n\t\t\t\tSET config_value = 'core.captcha.plugins.gd'\n\t\t\t\tWHERE config_name = 'captcha_plugin'"; $sql_ary[] = 'UPDATE ' . $this->config_table . "\n\t\t\t\tSET config_value = '1'\n\t\t\t\tWHERE config_name = 'captcha_gd'"; } $ref = substr($referer, strpos($referer, '://') + 3); if (!(stripos($ref, $server_name) === 0)) { $sql_ary[] = 'UPDATE ' . $this->config_table . "\n\t\t\t\tSET config_value = '0'\n\t\t\t\tWHERE config_name = 'referer_validation'"; } // We set a (semi-)unique cookie name to bypass login issues related to the cookie name. $cookie_name = 'phpbb3_'; $rand_str = md5(mt_rand()); $rand_str = str_replace('0', 'z', base_convert($rand_str, 16, 35)); $rand_str = substr($rand_str, 0, 5); $cookie_name .= strtolower($rand_str); $sql_ary[] = 'UPDATE ' . $this->config_table . "\n\t\t\tSET config_value = '" . $this->db->sql_escape($cookie_name) . "'\n\t\t\tWHERE config_name = 'cookie_name'"; // Disable avatars if upload directory is not writable if (!$this->filesystem->is_writable($this->phpbb_root_path . 'images/avatars/upload/')) { $sql_ary[] = 'UPDATE ' . $this->config_table . "\n\t\t\t\tSET config_value = '0'\n\t\t\t\tWHERE config_name = 'allow_avatar'"; $sql_ary[] = 'UPDATE ' . $this->config_table . "\n\t\t\t\tSET config_value = '0'\n\t\t\t\tWHERE config_name = 'allow_avatar_upload'"; } $i = $this->install_config->get('add_config_settings_index', 0); $total = sizeof($sql_ary); $sql_ary = array_slice($sql_ary, $i); foreach ($sql_ary as $sql) { if (!$this->db->sql_query($sql)) { $error = $this->db->sql_error($this->db->get_sql_error_sql()); $this->iohandler->add_error_message('INST_ERR_DB', $error['message']); } $i++; // Stop execution if resource limit is reached if ($this->install_config->get_time_remaining() <= 0 || $this->install_config->get_memory_remaining() <= 0) { break; } } if ($i < $total) { $this->install_config->set('add_config_settings_index', $i); throw new resource_limit_reached_exception(); } }
/** * Update own secondname settings * * @return null * @access public */ public function update_self() { if (\kommodore\secondname\tables::$externTable == true) { $sql = 'UPDATE ' . \kommodore\secondname\tables::$tableName . ' SET ' . $this->db->sql_build_array('UPDATE', array(\kommodore\secondname\tables::$column['firstname'] => $this->request->variable('firstname', ''), \kommodore\secondname\tables::$column['lastname'] => $this->request->variable('lastname', ''))) . ' WHERE ' . \kommodore\secondname\tables::$externUsername . ' = "' . $this->db->sql_escape($this->user->data['username']) . '"'; } else { $sql = 'UPDATE ' . USERS_TABLE . ' SET ' . $this->db->sql_build_array('UPDATE', array(\kommodore\secondname\tables::$column['firstname'] => $this->request->variable('firstname', ''), \kommodore\secondname\tables::$column['lastname'] => $this->request->variable('lastname', ''))) . ' WHERE user_id = "' . (int) $this->user->data['user_id'] . '"'; } $this->db->sql_query($sql); $sql = 'UPDATE ' . USERS_TABLE . ' SET sn_title = ' . (int) $this->request->variable('title', 0) . ' WHERE user_id = "' . (int) $this->user->data['user_id'] . '"'; $this->db->sql_query($sql); }
/** * See if there is a question other than the one we have * * @param integer $question_id * @return boolean */ public function acp_is_last($question_id) { $sql = 'SELECT question_id FROM ' . $this->table_sortables_questions . "\n\t\t\tWHERE lang_iso = '" . $this->db->sql_escape($this->config['default_lang']) . "'\n\t\t\t\tAND question_id <> " . (int) $question_id; $result = $this->db->sql_query_limit($sql, 1); $question = $this->db->sql_fetchrow($result); $this->db->sql_freeresult($result); if (!$question) { return true; } return false; }