[ Index ]

PHP Cross Reference of MyBB 1.8.12

title

Body

[close]

/ -> misc.php (source)

   1  <?php
   2  /**
   3   * MyBB 1.8
   4   * Copyright 2014 MyBB Group, All Rights Reserved
   5   *
   6   * Website: http://www.mybb.com
   7   * License: http://www.mybb.com/about/license
   8   *
   9   */
  10  
  11  define("IN_MYBB", 1);
  12  define("IGNORE_CLEAN_VARS", "sid");
  13  define('THIS_SCRIPT', 'misc.php');
  14  
  15  $templatelist = "misc_rules_forum,misc_help_helpdoc,misc_whoposted_poster,misc_whoposted,misc_smilies_popup_smilie,misc_smilies_popup,misc_smilies_popup_empty,misc_smilies_popup_row,multipage_start";
  16  $templatelist .= ",misc_buddypopup,misc_buddypopup_user,misc_buddypopup_user_none,misc_buddypopup_user_online,misc_buddypopup_user_offline,misc_buddypopup_user_sendpm,misc_syndication_forumlist";
  17  $templatelist .= ",misc_smilies,misc_smilies_smilie,misc_help_section_bit,misc_help_section,misc_help,forumdisplay_password_wrongpass,forumdisplay_password,misc_helpresults,misc_helpresults_bit";
  18  $templatelist .= ",multipage,multipage_end,multipage_jump_page,multipage_nextpage,multipage_page,multipage_page_current,multipage_page_link_current,multipage_prevpage,misc_imcenter_error";
  19  $templatelist .= ",misc_smilies_popup_no_smilies,misc_smilies_no_smilies,misc_syndication,misc_help_search,misc_helpresults_noresults,misc_syndication_forumlist_forum,misc_syndication_feedurl";
  20  
  21  require_once  "./global.php";
  22  require_once  MYBB_ROOT."inc/functions_post.php";
  23  
  24  // Load global language phrases
  25  $lang->load("misc");
  26  
  27  $plugins->run_hooks("misc_start");
  28  
  29  $mybb->input['action'] = $mybb->get_input('action');
  30  if($mybb->input['action'] == "dstswitch" && $mybb->request_method == "post" && $mybb->user['uid'] > 0)
  31  {
  32      if($mybb->user['dstcorrection'] == 2)
  33      {
  34          if($mybb->user['dst'] == 1)
  35          {
  36              $update_array = array("dst" => 0);
  37          }
  38          else
  39          {
  40              $update_array = array("dst" => 1);
  41          }
  42      }
  43      $db->update_query("users", $update_array, "uid='{$mybb->user['uid']}'");
  44      if(!isset($mybb->input['ajax']))
  45      {
  46          redirect("index.php", $lang->dst_settings_updated);
  47      }
  48      else
  49      {
  50          echo "done";
  51          exit;
  52      }
  53  }
  54  elseif($mybb->input['action'] == "markread")
  55  {
  56      if($mybb->user['uid'] && verify_post_check($mybb->get_input('my_post_key'), true) !== true)
  57      {
  58          // Protect our user's unread forums from CSRF
  59          error($lang->invalid_post_code);
  60      }
  61  
  62      if(isset($mybb->input['fid']))
  63      {
  64          $validforum = get_forum($mybb->input['fid']);
  65          if(!$validforum)
  66          {
  67              if(!isset($mybb->input['ajax']))
  68              {
  69                  error($lang->error_invalidforum);
  70              }
  71              else
  72              {
  73                  echo 0;
  74                  exit;
  75              }
  76          }
  77  
  78          require_once  MYBB_ROOT."/inc/functions_indicators.php";
  79          mark_forum_read($mybb->input['fid']);
  80  
  81          $plugins->run_hooks("misc_markread_forum");
  82  
  83          if(!isset($mybb->input['ajax']))
  84          {
  85              redirect(get_forum_link($mybb->input['fid']), $lang->redirect_markforumread);
  86          }
  87          else
  88          {
  89              echo 1;
  90              exit;
  91          }
  92      }
  93      else
  94      {
  95  
  96          $plugins->run_hooks("misc_markread_end");
  97          require_once  MYBB_ROOT."/inc/functions_indicators.php";
  98          mark_all_forums_read();
  99          redirect("index.php", $lang->redirect_markforumsread);
 100      }
 101  }
 102  elseif($mybb->input['action'] == "clearpass")
 103  {
 104      $plugins->run_hooks("misc_clearpass");
 105  
 106      if(isset($mybb->input['fid']))
 107      {
 108          if(!verify_post_check($mybb->get_input('my_post_key')))
 109          {
 110              error($lang->invalid_post_code);
 111          }
 112  
 113          my_unsetcookie("forumpass[".$mybb->get_input('fid', MyBB::INPUT_INT)."]");
 114          redirect("index.php", $lang->redirect_forumpasscleared);
 115      }
 116  }
 117  elseif($mybb->input['action'] == "rules")
 118  {
 119      if(isset($mybb->input['fid']))
 120      {
 121          $plugins->run_hooks("misc_rules_start");
 122  
 123          $fid = $mybb->input['fid'];
 124  
 125          $forum = get_forum($fid);
 126          if(!$forum || $forum['type'] != "f" || $forum['rules'] == '')
 127          {
 128              error($lang->error_invalidforum);
 129          }
 130  
 131          $forumpermissions = forum_permissions($forum['fid']);
 132          if($forumpermissions['canview'] != 1)
 133          {
 134              error_no_permission();
 135          }
 136  
 137          if(!$forum['rulestitle'])
 138          {
 139              $forum['rulestitle'] = $lang->sprintf($lang->forum_rules, $forum['name']);
 140          }
 141  
 142          require_once  MYBB_ROOT."inc/class_parser.php";
 143          $parser = new postParser();
 144          $parser_options = array(
 145              "allow_html" => 1,
 146              "allow_mycode" => 1,
 147              "allow_smilies" => 1,
 148              "allow_imgcode" => 1,
 149              "filter_badwords" => 1
 150          );
 151  
 152          $forum['rules'] = $parser->parse_message($forum['rules'], $parser_options);
 153  
 154          // Make navigation
 155          build_forum_breadcrumb($mybb->input['fid']);
 156          add_breadcrumb($forum['rulestitle']);
 157  
 158          $plugins->run_hooks("misc_rules_end");
 159  
 160          eval("\$rules = \"".$templates->get("misc_rules_forum")."\";");
 161          output_page($rules);
 162      }
 163  
 164  }
 165  elseif($mybb->input['action'] == "do_helpsearch" && $mybb->request_method == "post")
 166  {
 167      $plugins->run_hooks("misc_do_helpsearch_start");
 168  
 169      if($mybb->settings['helpsearch'] != 1)
 170      {
 171          error($lang->error_helpsearchdisabled);
 172      }
 173  
 174      // Check if search flood checking is enabled and user is not admin
 175      if($mybb->settings['searchfloodtime'] > 0 && $mybb->usergroup['cancp'] != 1)
 176      {
 177          // Fetch the time this user last searched
 178          $timecut = TIME_NOW-$mybb->settings['searchfloodtime'];
 179          $query = $db->simple_select("searchlog", "*", "uid='{$mybb->user['uid']}' AND dateline > '$timecut'", array('order_by' => "dateline", 'order_dir' => "DESC"));
 180          $last_search = $db->fetch_array($query);
 181          // Users last search was within the flood time, show the error
 182          if($last_search['sid'])
 183          {
 184              $remaining_time = $mybb->settings['searchfloodtime']-(TIME_NOW-$last_search['dateline']);
 185              if($remaining_time == 1)
 186              {
 187                  $lang->error_searchflooding = $lang->sprintf($lang->error_searchflooding_1, $mybb->settings['searchfloodtime']);
 188              }
 189              else
 190              {
 191                  $lang->error_searchflooding = $lang->sprintf($lang->error_searchflooding, $mybb->settings['searchfloodtime'], $remaining_time);
 192              }
 193              error($lang->error_searchflooding);
 194          }
 195      }
 196  
 197      if($mybb->get_input('name', MyBB::INPUT_INT) != 1 && $mybb->get_input('document', MyBB::INPUT_INT) != 1)
 198      {
 199          error($lang->error_nosearchresults);
 200      }
 201  
 202      if($mybb->get_input('document', MyBB::INPUT_INT) == 1)
 203      {
 204          $resulttype = "helpdoc";
 205      }
 206      else
 207      {
 208          $resulttype = "helpname";
 209      }
 210  
 211      $search_data = array(
 212          "keywords" => $mybb->get_input('keywords'),
 213          "name" => $mybb->get_input('name', MyBB::INPUT_INT),
 214          "document" => $mybb->get_input('document', MyBB::INPUT_INT),
 215      );
 216  
 217      if($db->can_search == true)
 218      {
 219          require_once  MYBB_ROOT."inc/functions_search.php";
 220  
 221          $search_results = helpdocument_perform_search_mysql($search_data);
 222      }
 223      else
 224      {
 225          error($lang->error_no_search_support);
 226      }
 227      $sid = md5(uniqid(microtime(), true));
 228      $searcharray = array(
 229          "sid" => $db->escape_string($sid),
 230          "uid" => $mybb->user['uid'],
 231          "dateline" => TIME_NOW,
 232          "ipaddress" => $db->escape_binary($session->packedip),
 233          "threads" => '',
 234          "posts" => '',
 235          "resulttype" => $resulttype,
 236          "querycache" => $search_results['querycache'],
 237          "keywords" => $db->escape_string($mybb->get_input('keywords')),
 238      );
 239      $plugins->run_hooks("misc_do_helpsearch_process");
 240  
 241      $db->insert_query("searchlog", $searcharray);
 242  
 243      $plugins->run_hooks("misc_do_helpsearch_end");
 244      redirect("misc.php?action=helpresults&sid={$sid}", $lang->redirect_searchresults);
 245  }
 246  elseif($mybb->input['action'] == "helpresults")
 247  {
 248      if($mybb->settings['helpsearch'] != 1)
 249      {
 250          error($lang->error_helpsearchdisabled);
 251      }
 252  
 253      $sid = $mybb->get_input('sid');
 254      $query = $db->simple_select("searchlog", "*", "sid='".$db->escape_string($sid)."' AND uid='{$mybb->user['uid']}'");
 255      $search = $db->fetch_array($query);
 256  
 257      if(!$search)
 258      {
 259          error($lang->error_invalidsearch);
 260      }
 261  
 262      $plugins->run_hooks("misc_helpresults_start");
 263  
 264      add_breadcrumb($lang->nav_helpdocs, "misc.php?action=help");
 265      add_breadcrumb($lang->search_results, "misc.php?action=helpresults&sid={$sid}");
 266  
 267      if(!$mybb->settings['threadsperpage'] || (int)$mybb->settings['threadsperpage'] < 1)
 268      {
 269          $mybb->settings['threadsperpage'] = 20;
 270      }
 271  
 272      // Work out pagination, which page we're at, as well as the limits.
 273      $perpage = $mybb->settings['threadsperpage'];
 274      $page = $mybb->get_input('page', MyBB::INPUT_INT);
 275      if($page > 0)
 276      {
 277          $start = ($page-1) * $perpage;
 278      }
 279      else
 280      {
 281          $start = 0;
 282          $page = 1;
 283      }
 284      $end = $start + $perpage;
 285      $lower = $start+1;
 286      $upper = $end;
 287  
 288      // Work out if we have terms to highlight
 289      $highlight = "";
 290      if($search['keywords'])
 291      {
 292          $highlight = "&amp;highlight=".urlencode($search['keywords']);
 293      }
 294  
 295      // Do Multi Pages
 296      $query = $db->simple_select("helpdocs", "COUNT(*) AS total", "hid IN(".$db->escape_string($search['querycache']).")");
 297      $helpcount = $db->fetch_array($query);
 298  
 299      if($upper > $helpcount)
 300      {
 301          $upper = $helpcount;
 302      }
 303      $multipage = multipage($helpcount['total'], $perpage, $page, "misc.php?action=helpresults&amp;sid='".htmlspecialchars_uni($mybb->get_input('sid'))."'");
 304      $helpdoclist = '';
 305  
 306      require_once  MYBB_ROOT."inc/class_parser.php";
 307      $parser = new postParser();
 308  
 309      $query = $db->query("
 310          SELECT h.*, s.enabled
 311          FROM ".TABLE_PREFIX."helpdocs h
 312          LEFT JOIN ".TABLE_PREFIX."helpsections s ON (s.sid=h.sid)
 313          WHERE h.hid IN(".$db->escape_string($search['querycache']).") AND h.enabled='1' AND s.enabled='1'
 314          LIMIT {$start}, {$perpage}
 315      ");
 316      while($helpdoc = $db->fetch_array($query))
 317      {
 318          $bgcolor = alt_trow();
 319  
 320          if(my_strlen($helpdoc['name']) > 50)
 321          {
 322              $helpdoc['name'] = htmlspecialchars_uni(my_substr($helpdoc['name'], 0, 50)."...");
 323          }
 324          else
 325          {
 326              $helpdoc['name'] = htmlspecialchars_uni($helpdoc['name']);
 327          }
 328  
 329          $parser_options = array(
 330              'allow_html' => 1,
 331              'allow_mycode' => 0,
 332              'allow_smilies' => 0,
 333              'allow_imgcode' => 0,
 334              'filter_badwords' => 1
 335          );
 336          $helpdoc['helpdoc'] = my_strip_tags($parser->parse_message($helpdoc['document'], $parser_options));
 337  
 338          if(my_strlen($helpdoc['helpdoc']) > 350)
 339          {
 340              $prev = my_substr($helpdoc['helpdoc'], 0, 350)."...";
 341          }
 342          else
 343          {
 344              $prev = $helpdoc['helpdoc'];
 345          }
 346  
 347          $plugins->run_hooks("misc_helpresults_bit");
 348  
 349          eval("\$helpdoclist .= \"".$templates->get("misc_helpresults_bit")."\";");
 350      }
 351  
 352      if($db->num_rows($query) == 0)
 353      {
 354          eval("\$helpdoclist = \"".$templates->get("misc_helpresults_noresults")."\";");
 355      }
 356  
 357      $plugins->run_hooks("misc_helpresults_end");
 358  
 359      eval("\$helpresults = \"".$templates->get("misc_helpresults")."\";");
 360      output_page($helpresults);
 361  }
 362  elseif($mybb->input['action'] == "help")
 363  {
 364      $lang->load("helpdocs");
 365      $lang->load("helpsections");
 366      $lang->load("customhelpdocs");
 367      $lang->load("customhelpsections");
 368  
 369      $hid = $mybb->get_input('hid', MyBB::INPUT_INT);
 370      add_breadcrumb($lang->nav_helpdocs, "misc.php?action=help");
 371  
 372      if($hid)
 373      {
 374          $query = $db->query("
 375              SELECT h.*, s.enabled AS section
 376              FROM ".TABLE_PREFIX."helpdocs h
 377              LEFT JOIN ".TABLE_PREFIX."helpsections s ON (s.sid=h.sid)
 378              WHERE h.hid='{$hid}'
 379          ");
 380  
 381          $helpdoc = $db->fetch_array($query);
 382          if($helpdoc['section'] != 0 && $helpdoc['enabled'] != 0)
 383          {
 384              $plugins->run_hooks("misc_help_helpdoc_start");
 385  
 386              // If we have incoming search terms to highlight - get it done (only if not using translation).
 387              if(!empty($mybb->input['highlight']) && $helpdoc['usetranslation'] != 1)
 388              {
 389                  require_once  MYBB_ROOT."inc/class_parser.php";
 390                  $parser = new postParser();
 391  
 392                  $highlight = $mybb->input['highlight'];
 393                  $helpdoc['name'] = $parser->highlight_message($helpdoc['name'], $highlight);
 394                  $helpdoc['document'] = $parser->highlight_message($helpdoc['document'], $highlight);
 395              }
 396  
 397              if($helpdoc['usetranslation'] == 1)
 398              {
 399                  $langnamevar = "d".$helpdoc['hid']."_name";
 400                  $langdescvar = "d".$helpdoc['hid']."_desc";
 401                  $langdocvar = "d".$helpdoc['hid']."_document";
 402                  if($lang->$langnamevar)
 403                  {
 404                      $helpdoc['name'] = $lang->$langnamevar;
 405                  }
 406                  if($lang->$langdescvar)
 407                  {
 408                      $helpdoc['description'] = $lang->$langdescvar;
 409                  }
 410                  if($lang->$langdocvar)
 411                  {
 412                      $helpdoc['document'] = $lang->$langdocvar;
 413                  }
 414              }
 415  
 416              if($helpdoc['hid'] == 3)
 417              {
 418                  $helpdoc['document'] = $lang->sprintf($helpdoc['document'], $mybb->post_code);
 419              }
 420  
 421              add_breadcrumb($helpdoc['name']);
 422  
 423              $plugins->run_hooks("misc_help_helpdoc_end");
 424  
 425              eval("\$helppage = \"".$templates->get("misc_help_helpdoc")."\";");
 426              output_page($helppage);
 427          }
 428          else
 429          {
 430              error($lang->error_invalidhelpdoc);
 431          }
 432      }
 433      else
 434      {
 435          $plugins->run_hooks("misc_help_section_start");
 436  
 437          $query = $db->simple_select("helpdocs", "*", "", array('order_by' => 'sid, disporder'));
 438          while($helpdoc = $db->fetch_array($query))
 439          {
 440              $helpdocs[$helpdoc['sid']][$helpdoc['disporder']][$helpdoc['hid']] = $helpdoc;
 441          }
 442          unset($helpdoc);
 443          $sections = '';
 444          $query = $db->simple_select("helpsections", "*", "enabled != 0", array('order_by' => 'disporder'));
 445          while($section = $db->fetch_array($query))
 446          {
 447              if($section['usetranslation'] == 1)
 448              {
 449                  $langnamevar = "s".$section['sid']."_name";
 450                  $langdescvar = "s".$section['sid']."_desc";
 451                  if($lang->$langnamevar)
 452                  {
 453                      $section['name'] = $lang->$langnamevar;
 454                  }
 455                  if($lang->$langdescvar)
 456                  {
 457                      $section['description'] = $lang->$langdescvar;
 458                  }
 459              }
 460              if(is_array($helpdocs[$section['sid']]))
 461              {
 462                  $helpbits = '';
 463                  foreach($helpdocs[$section['sid']] as $key => $bit)
 464                  {
 465                      foreach($bit as $key => $helpdoc)
 466                      {
 467                          if($helpdoc['enabled'] != 0)
 468                          {
 469                              if($helpdoc['usetranslation'] == 1)
 470                              {
 471                                  $langnamevar = "d".$helpdoc['hid'].'_name';
 472                                  $langdescvar = "d".$helpdoc['hid'].'_desc';
 473                                  if($lang->$langnamevar)
 474                                  {
 475                                      $helpdoc['name'] = $lang->$langnamevar;
 476                                  }
 477                                  if($lang->$langdescvar)
 478                                  {
 479                                      $helpdoc['description'] = $lang->$langdescvar;
 480                                  }
 481                              }
 482                              $altbg = alt_trow();
 483                              eval("\$helpbits .= \"".$templates->get("misc_help_section_bit")."\";");
 484                          }
 485                      }
 486                      $expdisplay = '';
 487                      $sname = "sid_".$section['sid']."_c";
 488                      if(isset($collapsed[$sname]) && $collapsed[$sname] == "display: show;")
 489                      {
 490                          $expcolimage = "collapse_collapsed.png";
 491                          $expdisplay = "display: none;";
 492                          $expthead = " thead_collapsed";
 493                      }
 494                      else
 495                      {
 496                          $expcolimage = "collapse.png";
 497                          $expthead = "";
 498                      }
 499                  }
 500                  eval("\$sections .= \"".$templates->get("misc_help_section")."\";");
 501              }
 502          }
 503  
 504          if($mybb->settings['helpsearch'] == 1)
 505          {
 506              eval("\$search = \"".$templates->get("misc_help_search")."\";");
 507          }
 508  
 509          $plugins->run_hooks("misc_help_section_end");
 510  
 511          eval("\$help = \"".$templates->get("misc_help")."\";");
 512          output_page($help);
 513      }
 514  }
 515  elseif($mybb->input['action'] == "buddypopup")
 516  {
 517      $plugins->run_hooks("misc_buddypopup_start");
 518  
 519      if($mybb->user['uid'] == 0)
 520      {
 521          error_no_permission();
 522      }
 523  
 524      if(isset($mybb->input['removebuddy']) && verify_post_check($mybb->input['my_post_key']))
 525      {
 526          $buddies = $mybb->user['buddylist'];
 527          $namesarray = explode(",", $buddies);
 528          $mybb->input['removebuddy'] = $mybb->get_input('removebuddy', MyBB::INPUT_INT);
 529          if(is_array($namesarray))
 530          {
 531              foreach($namesarray as $key => $buddyid)
 532              {
 533                  if($buddyid == $mybb->input['removebuddy'])
 534                  {
 535                      unset($namesarray[$key]);
 536                  }
 537              }
 538              $buddylist = implode(',', $namesarray);
 539              $db->update_query("users", array('buddylist' => $buddylist), "uid='".$mybb->user['uid']."'");
 540              $mybb->user['buddylist'] = $buddylist;
 541          }
 542      }
 543  
 544      // Load Buddies
 545      $buddies = '';
 546      if($mybb->user['buddylist'] != "")
 547      {
 548          $buddys = array('online' => '', 'offline' => '');
 549          $timecut = TIME_NOW - $mybb->settings['wolcutoff'];
 550  
 551          $query = $db->simple_select("users", "*", "uid IN ({$mybb->user['buddylist']})", array('order_by' => 'lastactive'));
 552  
 553          while($buddy = $db->fetch_array($query))
 554          {
 555              $buddy['username'] = htmlspecialchars_uni($buddy['username']);
 556              $buddy_name = format_name($buddy['username'], $buddy['usergroup'], $buddy['displaygroup']);
 557              $profile_link = build_profile_link($buddy_name, $buddy['uid'], '_blank', 'if(window.opener) { window.opener.location = this.href; return false; }');
 558  
 559              $send_pm = '';
 560              if($mybb->user['receivepms'] != 0 && $buddy['receivepms'] != 0 && $groupscache[$buddy['usergroup']]['canusepms'] != 0)
 561              {
 562                  eval("\$send_pm = \"".$templates->get("misc_buddypopup_user_sendpm")."\";");
 563              }
 564  
 565              if($buddy['lastactive'])
 566              {
 567                  $last_active = $lang->sprintf($lang->last_active, my_date('relative', $buddy['lastactive']));
 568              }
 569              else
 570              {
 571                  $last_active = $lang->sprintf($lang->last_active, $lang->never);
 572              }
 573  
 574              $buddy['avatar'] = format_avatar($buddy['avatar'], $buddy['avatardimensions'], '44x44');
 575  
 576              if($buddy['lastactive'] > $timecut && ($buddy['invisible'] == 0 || $mybb->user['usergroup'] == 4) && $buddy['lastvisit'] != $buddy['lastactive'])
 577              {
 578                  $bonline_alt = alt_trow();
 579                  eval("\$buddys['online'] .= \"".$templates->get("misc_buddypopup_user_online")."\";");
 580              }
 581              else
 582              {
 583                  $boffline_alt = alt_trow();
 584                  eval("\$buddys['offline'] .= \"".$templates->get("misc_buddypopup_user_offline")."\";");
 585              }
 586          }
 587  
 588          $colspan = ' colspan="2"';
 589          if(empty($buddys['online']))
 590          {
 591              $error = $lang->online_none;
 592              eval("\$buddys['online'] = \"".$templates->get("misc_buddypopup_user_none")."\";");
 593          }
 594  
 595          if(empty($buddys['offline']))
 596          {
 597              $error = $lang->offline_none;
 598              eval("\$buddys['offline'] = \"".$templates->get("misc_buddypopup_user_none")."\";");
 599          }
 600  
 601          eval("\$buddies = \"".$templates->get("misc_buddypopup_user")."\";");
 602      }
 603      else
 604      {
 605          // No buddies? :(
 606          $colspan = '';
 607          $error = $lang->no_buddies;
 608          eval("\$buddies = \"".$templates->get("misc_buddypopup_user_none")."\";");
 609      }
 610  
 611      $plugins->run_hooks("misc_buddypopup_end");
 612  
 613      eval("\$buddylist = \"".$templates->get("misc_buddypopup", 1, 0)."\";");
 614      echo $buddylist;
 615      exit;
 616  }
 617  elseif($mybb->input['action'] == "whoposted")
 618  {
 619      $numposts = 0;
 620      $altbg = alt_trow();
 621      $whoposted = '';
 622      $tid = $mybb->get_input('tid', MyBB::INPUT_INT);
 623      $thread = get_thread($tid);
 624  
 625      // Make sure we are looking at a real thread here.
 626      if(!$thread)
 627      {
 628          error($lang->error_invalidthread);
 629      }
 630  
 631      // Make sure we are looking at a real thread here.
 632      if(($thread['visible'] == -1 && !is_moderator($thread['fid'], "canviewdeleted")) || ($thread['visible'] == 0 && !is_moderator($thread['fid'], "canviewunapprove")) || $thread['visible'] > 1)
 633      {
 634          error($lang->error_invalidthread);
 635      }
 636  
 637      if(is_moderator($thread['fid'], "canviewdeleted") || is_moderator($thread['fid'], "canviewunapprove"))
 638      {
 639          if(is_moderator($thread['fid'], "canviewunapprove") && !is_moderator($thread['fid'], "canviewdeleted"))
 640          {
 641              $show_posts = "p.visible IN (0,1)";
 642          }
 643          elseif(is_moderator($thread['fid'], "canviewdeleted") && !is_moderator($thread['fid'], "canviewunapprove"))
 644          {
 645              $show_posts = "p.visible IN (-1,1)";
 646          }
 647          else
 648          {
 649              $show_posts = "p.visible IN (-1,0,1)";
 650          }
 651      }
 652      else
 653      {
 654          $show_posts = "p.visible = 1";
 655      }
 656  
 657      // Does the thread belong to a valid forum?
 658      $forum = get_forum($thread['fid']);
 659      if(!$forum || $forum['type'] != "f")
 660      {
 661          error($lang->error_invalidforum);
 662      }
 663  
 664      // Does the user have permission to view this thread?
 665      $forumpermissions = forum_permissions($forum['fid']);
 666  
 667      if($forumpermissions['canview'] == 0 || $forumpermissions['canviewthreads'] == 0 || (isset($forumpermissions['canonlyviewownthreads']) && $forumpermissions['canonlyviewownthreads'] != 0 && $thread['uid'] != $mybb->user['uid']))
 668      {
 669          error_no_permission();
 670      }
 671  
 672      // Check if this forum is password protected and we have a valid password
 673      check_forum_password($forum['fid']);
 674  
 675      if($mybb->get_input('sort') != 'username')
 676      {
 677          $sortsql = ' ORDER BY posts DESC';
 678      }
 679      else
 680      {
 681          $sortsql = ' ORDER BY p.username ASC';
 682      }
 683      $whoposted = '';
 684      $query = $db->query("
 685          SELECT COUNT(p.pid) AS posts, p.username AS postusername, u.uid, u.username, u.usergroup, u.displaygroup
 686          FROM ".TABLE_PREFIX."posts p
 687          LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=p.uid)
 688          WHERE tid='".$tid."' AND $show_posts
 689          GROUP BY u.uid, p.username, u.uid, u.username, u.usergroup, u.displaygroup
 690          ".$sortsql."
 691      ");
 692      while($poster = $db->fetch_array($query))
 693      {
 694          if($poster['username'] == '')
 695          {
 696              $poster['username'] = $poster['postusername'];
 697          }
 698          $poster['username'] = htmlspecialchars_uni($poster['username']);
 699          $poster['postusername'] = htmlspecialchars_uni($poster['postusername']);
 700          $poster_name = format_name($poster['username'], $poster['usergroup'], $poster['displaygroup']);
 701          if($poster['uid'])
 702          {
 703              $onclick = "opener.location.href='".get_profile_link($poster['uid'])."'; return false;";
 704          }
 705          $profile_link = build_profile_link($poster_name, $poster['uid'], '_blank', $onclick);
 706          $numposts += $poster['posts'];
 707          eval("\$whoposted .= \"".$templates->get("misc_whoposted_poster")."\";");
 708          $altbg = alt_trow();
 709      }
 710      $numposts = my_number_format($numposts);
 711      $poster['posts'] = my_number_format($poster['posts']);
 712      eval("\$whop = \"".$templates->get("misc_whoposted", 1, 0)."\";");
 713      echo $whop;
 714      exit;
 715  }
 716  elseif($mybb->input['action'] == "smilies")
 717  {
 718      $smilies = '';
 719      if(!empty($mybb->input['popup']) && !empty($mybb->input['editor']))
 720      { // make small popup list of smilies
 721          $editor = preg_replace('#([^a-zA-Z0-9_-]+)#', '', $mybb->get_input('editor'));
 722          $e = 1;
 723          $smile_icons = '';
 724          $class = alt_trow(1);
 725          $smilies_cache = $cache->read("smilies");
 726  
 727          if(is_array($smilies_cache))
 728          {
 729              $extra_class = ' smilie_pointer';
 730              foreach($smilies_cache as $smilie)
 731              {
 732                  $smilie['image'] = str_replace("{theme}", $theme['imgdir'], $smilie['image']);
 733                  $smilie['image'] = htmlspecialchars_uni($mybb->get_asset_url($smilie['image']));
 734                  $smilie['name'] = htmlspecialchars_uni($smilie['name']);                
 735                  
 736                  // Only show the first text to replace in the box
 737                  $temp = explode("\n", $smilie['find']); // use temporary variable for php 5.3 compatibility
 738                  $smilie['find'] = $temp[0];
 739  
 740                  $smilie['find'] = htmlspecialchars_uni($smilie['find']);
 741                  $smilie_insert = str_replace(array('\\', "'"), array('\\\\', "\'"), $smilie['find']);
 742  
 743                  $onclick = " onclick=\"MyBBEditor.insertText(' $smilie_insert ');\"";
 744                  eval('$smilie_image = "'.$templates->get('smilie', 1, 0).'";');
 745                  eval("\$smile_icons .= \"".$templates->get("misc_smilies_popup_smilie")."\";");
 746                  if($e == 2)
 747                  {
 748                      eval("\$smilies .= \"".$templates->get("misc_smilies_popup_row")."\";");
 749                      $smile_icons = '';
 750                      $e = 1;
 751                      $class = alt_trow();
 752                  }
 753                  else
 754                  {
 755                      $e = 2;
 756                  }
 757              }
 758          }
 759  
 760          if($e == 2)
 761          {
 762              eval("\$smilies .= \"".$templates->get("misc_smilies_popup_empty")."\";");
 763          }
 764  
 765          if(!$smilies)
 766          {
 767              eval("\$smilies = \"".$templates->get("misc_smilies_popup_no_smilies")."\";");
 768          }
 769  
 770          eval("\$smiliespage = \"".$templates->get("misc_smilies_popup", 1, 0)."\";");
 771          output_page($smiliespage);
 772      }
 773      else
 774      {
 775          add_breadcrumb($lang->nav_smilies);
 776          $class = "trow1";
 777          $smilies_cache = $cache->read("smilies");
 778  
 779          if(is_array($smilies_cache))
 780          {
 781              $extra_class = $onclick = '';
 782              foreach($smilies_cache as $smilie)
 783              {
 784                  $smilie['image'] = str_replace("{theme}", $theme['imgdir'], $smilie['image']);
 785                  $smilie['image'] = htmlspecialchars_uni($mybb->get_asset_url($smilie['image']));
 786                  $smilie['name'] = htmlspecialchars_uni($smilie['name']);                
 787                  
 788                  $smilie['find'] = nl2br(htmlspecialchars_uni($smilie['find']));
 789                  eval('$smilie_image = "'.$templates->get('smilie').'";');
 790                  eval("\$smilies .= \"".$templates->get("misc_smilies_smilie")."\";");
 791                  $class = alt_trow();
 792              }
 793          }
 794  
 795          if(!$smilies)
 796          {
 797              eval("\$smilies = \"".$templates->get("misc_smilies_no_smilies")."\";");
 798          }
 799  
 800          eval("\$smiliespage = \"".$templates->get("misc_smilies")."\";");
 801          output_page($smiliespage);
 802      }
 803  }
 804  elseif($mybb->input['action'] == "imcenter")
 805  {
 806      $mybb->input['imtype'] = $mybb->get_input('imtype');
 807      if($mybb->input['imtype'] != "aim" && $mybb->input['imtype'] != "skype" && $mybb->input['imtype'] != "yahoo")
 808      {
 809          $message = $lang->error_invalidimtype;
 810          eval("\$error = \"".$templates->get("misc_imcenter_error", 1, 0)."\";");
 811          echo $error;
 812          exit;
 813      }
 814  
 815      $uid = $mybb->get_input('uid', MyBB::INPUT_INT);
 816      $user = get_user($uid);
 817  
 818      if(!$user)
 819      {
 820          $message = $lang->error_invaliduser;
 821          eval("\$error = \"".$templates->get("misc_imcenter_error", 1, 0)."\";");
 822          echo $error;
 823          exit;
 824      }
 825  
 826      if(empty($user[$mybb->input['imtype']]))
 827      {
 828          $message = $lang->error_invalidimtype;
 829          eval("\$error = \"".$templates->get("misc_imcenter_error", 1, 0)."\";");
 830          echo $error;
 831          exit;
 832      }
 833  
 834      $settingkey = 'allow'.$mybb->input['imtype'].'field';
 835      if(!is_member($mybb->settings[$settingkey], $user))
 836      {
 837          $message = $lang->error_nopermission_user_ajax;
 838          eval("\$error = \"".$templates->get("misc_imcenter_error", 1, 0)."\";");
 839          echo $error;
 840          exit;
 841      }
 842  
 843      // Build IM navigation bar
 844      $navigationbar = $navsep = $imtype = $imtype_lang = '';
 845      if(!empty($user['aim']) && is_member($mybb->settings['allowaimfield'], array('usergroup' => $user['usergroup'], 'additionalgroups' => $user['additionalgroups'])))
 846      {
 847          $imtype = "aim";
 848          $imtype_lang = $lang->aol_im;
 849          eval("\$navigationbar .= \"".$templates->get("misc_imcenter_nav")."\";");
 850          $navsep = ' - ';
 851      }
 852      if(!empty($user['skype']) && is_member($mybb->settings['allowskypefield'], array('usergroup' => $user['usergroup'], 'additionalgroups' => $user['additionalgroups'])))
 853      {
 854          $imtype = "skype";
 855          $imtype_lang = $lang->skype;
 856          eval("\$navigationbar .= \"".$templates->get("misc_imcenter_nav")."\";");
 857          $navsep = ' - ';
 858      }
 859      if(!empty($user['yahoo']) && is_member($mybb->settings['allowyahoofield'], array('usergroup' => $user['usergroup'], 'additionalgroups' => $user['additionalgroups'])))
 860      {
 861          $imtype = "yahoo";
 862          $imtype_lang = $lang->yahoo_im;
 863          eval("\$navigationbar .= \"".$templates->get("misc_imcenter_nav")."\";");
 864      }
 865      
 866      $user['skype'] = htmlspecialchars_uni($user['skype']);
 867      $user['yahoo'] = htmlspecialchars_uni($user['yahoo']);
 868      $user['aim'] = htmlspecialchars_uni($user['aim']);
 869  
 870      $user['username'] = htmlspecialchars_uni($user['username']);
 871  
 872      $lang->chat_on_skype = $lang->sprintf($lang->chat_on_skype, $user['username']);
 873      $lang->call_on_skype = $lang->sprintf($lang->call_on_skype, $user['username']);
 874  
 875      $imtemplate = "misc_imcenter_".$mybb->input['imtype'];
 876      eval("\$imcenter = \"".$templates->get($imtemplate, 1, 0)."\";");
 877      echo $imcenter;
 878      exit;
 879  }
 880  elseif($mybb->input['action'] == "syndication")
 881  {
 882      $plugins->run_hooks("misc_syndication_start");
 883  
 884      $fid = $mybb->get_input('fid', MyBB::INPUT_INT);
 885      $version = $mybb->get_input('version');
 886      $new_limit = $mybb->get_input('limit', MyBB::INPUT_INT);
 887      $forums = $mybb->get_input('forums', MyBB::INPUT_ARRAY);
 888      $limit = 15;
 889      if(!empty($new_limit) && $new_limit != $limit)
 890      {
 891          $limit = $new_limit;
 892      }
 893      $feedurl = '';
 894      $add = false;
 895  
 896      add_breadcrumb($lang->nav_syndication);
 897      $unviewable = get_unviewable_forums();
 898      $inactiveforums = get_inactive_forums();
 899      $unexp1 = explode(',', $unviewable);
 900      $unexp2 = explode(',', $inactiveforums);
 901      $unexp = array_merge($unexp1, $unexp2);
 902      
 903      if(is_array($forums))
 904      {
 905          foreach($unexp as $fid)
 906          {
 907              $unview[$fid] = true;
 908          }
 909  
 910          $syndicate = '';
 911          $comma = '';
 912          $all = false;
 913          foreach($forums as $fid)
 914          {
 915              if($fid == "all")
 916              {
 917                  $all = true;
 918                  break;
 919              }
 920              elseif(ctype_digit($fid))
 921              {
 922                  if(!isset($unview[$fid]))
 923                  {
 924                      $syndicate .= $comma.$fid;
 925                      $comma = ",";
 926                      $flist[$fid] = true;
 927                  }
 928              }
 929          }
 930          $url = $mybb->settings['bburl']."/syndication.php";
 931          if(!$all)
 932          {
 933              $url .= "?fid=$syndicate";
 934              $add = true;
 935          }
 936  
 937          // If the version is not RSS2.0, set the type to Atom1.0.
 938          if($version != "rss2.0")
 939          {
 940              if(!$add)
 941              {
 942                  $url .= "?";
 943              }
 944              else
 945              {
 946                  $url .= "&";
 947              }
 948              $url .= "type=atom1.0";
 949              $add = true;
 950          }
 951          if((int)$limit > 0)
 952          {
 953              if($limit > 50)
 954              {
 955                  $limit = 50;
 956              }
 957              if(!$add)
 958              {
 959                  $url .= "?";
 960              }
 961              else
 962              {
 963                  $url .= "&";
 964              }
 965              if(is_numeric($limit))
 966              {
 967                  $url .= "limit=$limit";
 968              }
 969          }
 970          eval("\$feedurl = \"".$templates->get("misc_syndication_feedurl")."\";");
 971      }
 972      unset($GLOBALS['forumcache']);
 973  
 974      // If there is no version in the input, check the default (RSS2.0).
 975      if($version == "atom1.0")
 976      {
 977          $atom1check = "checked=\"checked\"";
 978          $rss2check = '';
 979      }
 980      else
 981      {
 982          $atom1check = '';
 983          $rss2check = "checked=\"checked\"";
 984      }
 985      $forumselect = makesyndicateforums();
 986  
 987      $plugins->run_hooks("misc_syndication_end");
 988  
 989      eval("\$syndication = \"".$templates->get("misc_syndication")."\";");
 990      output_page($syndication);
 991  }
 992  elseif($mybb->input['action'] == "clearcookies")
 993  {
 994      verify_post_check($mybb->get_input('my_post_key'));
 995  
 996      $plugins->run_hooks("misc_clearcookies");
 997  
 998      $remove_cookies = array('mybbuser', 'mybb[announcements]', 'mybb[lastvisit]', 'mybb[lastactive]', 'collapsed', 'mybb[forumread]', 'mybb[threadsread]', 'mybbadmin',
 999                              'mybblang', 'mybbtheme', 'multiquote', 'mybb[readallforums]', 'coppauser', 'coppadob', 'mybb[referrer]');
1000  
1001      foreach($remove_cookies as $name)
1002      {
1003          my_unsetcookie($name);
1004      }
1005      redirect("index.php", $lang->redirect_cookiescleared);
1006  }
1007  
1008  /**
1009   * Build a list of forums for RSS multiselect.
1010   *
1011   * @param int $pid Parent forum ID.
1012   * @param string $selitem deprecated
1013   * @param boolean $addselect Whether to add selected attribute or not.
1014   * @param string $depth HTML for the depth of the forum.
1015   * @return string HTML of the list of forums for CSS.
1016   */
1017  function makesyndicateforums($pid=0, $selitem="", $addselect=true, $depth="")
1018  {
1019      global $db, $forumcache, $permissioncache, $mybb, $forumlist, $forumlistbits, $flist, $lang, $unexp, $templates;
1020  
1021      $pid = (int)$pid;
1022      $forumlist = '';
1023  
1024      if(!is_array($forumcache))
1025      {
1026          // Get Forums
1027          $query = $db->simple_select("forums", "*", "linkto = '' AND active!=0", array('order_by' => 'pid, disporder'));
1028          while($forum = $db->fetch_array($query))
1029          {
1030              $forumcache[$forum['pid']][$forum['disporder']][$forum['fid']] = $forum;
1031          }
1032      }
1033  
1034      if(!is_array($permissioncache))
1035      {
1036          $permissioncache = forum_permissions();
1037      }
1038  
1039      if(is_array($forumcache[$pid]))
1040      {
1041          foreach($forumcache[$pid] as $key => $main)
1042          {
1043              foreach($main as $key => $forum)
1044              {
1045                  $perms = $permissioncache[$forum['fid']];
1046                  if($perms['canview'] == 1 || $mybb->settings['hideprivateforums'] == 0)
1047                  {
1048                      $optionselected = '';
1049                      if(isset($flist[$forum['fid']]))
1050                      {
1051                          $optionselected = 'selected="selected"';
1052                          $selecteddone = "1";
1053                      }
1054  
1055                      if($forum['password'] == '' && !in_array($forum['fid'], $unexp) || $forum['password'] && isset($mybb->cookies['forumpass'][$forum['fid']]) && $mybb->cookies['forumpass'][$forum['fid']] === md5($mybb->user['uid'].$forum['password']))
1056                      {
1057                          eval("\$forumlistbits .= \"".$templates->get("misc_syndication_forumlist_forum")."\";");
1058                      }
1059  
1060                      if(!empty($forumcache[$forum['fid']]))
1061                      {
1062                          $newdepth = $depth."&nbsp;&nbsp;&nbsp;&nbsp;";
1063                          $forumlistbits .= makesyndicateforums($forum['fid'], '', 0, $newdepth);
1064                      }
1065                  }
1066              }
1067          }
1068      }
1069      
1070      if($addselect)
1071      {
1072          $addsel = '';
1073          if(empty($selecteddone))
1074          {
1075              $addsel = ' selected="selected"';
1076          }
1077  
1078          eval("\$forumlist = \"".$templates->get("misc_syndication_forumlist")."\";");
1079      }
1080  
1081      return $forumlist;
1082  }


2005 - 2016 © MyBB.de | Alle Rechte vorbehalten! | Sponsor: netcup Cross-referenced by PHPXref 0.7.1