| [ Index ] |
PHP Cross Reference of MyBB 1.6.5 |
[Summary view] [Print] [Text view]
1 <?php 2 /** 3 * MyBB 1.6 4 * Copyright 2010 MyBB Group, All Rights Reserved 5 * 6 * Website: http://mybb.com 7 * License: http://mybb.com/about/license 8 * 9 * $Id: xmlhttp.php 5641 2011-10-26 09:36:44Z Tomm $ 10 */ 11 12 /** 13 * The deal with this file is that it handles all of the XML HTTP Requests for MyBB. 14 * 15 * It contains a stripped down version of the MyBB core which does not load things 16 * such as themes, who's online data, all of the language packs and more. 17 * 18 * This is done to make response times when using XML HTTP Requests faster and 19 * less intense on the server. 20 */ 21 22 define("IN_MYBB", 1); 23 24 // We don't want visits here showing up on the Who's Online 25 define("NO_ONLINE", 1); 26 27 define('THIS_SCRIPT', 'xmlhttp.php'); 28 29 // Load MyBB core files 30 require_once dirname(__FILE__)."/inc/init.php"; 31 32 $shutdown_queries = array(); 33 34 // Load some of the stock caches we'll be using. 35 $groupscache = $cache->read("usergroups"); 36 37 if(!is_array($groupscache)) 38 { 39 $cache->update_usergroups(); 40 $groupscache = $cache->read("usergroups"); 41 } 42 43 // Send no cache headers 44 header("Expires: Sat, 1 Jan 2000 01:00:00 GMT"); 45 header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); 46 header("Cache-Control: no-cache, must-revalidate"); 47 header("Pragma: no-cache"); 48 49 // Create the session 50 require_once MYBB_ROOT."inc/class_session.php"; 51 $session = new session; 52 $session->init(); 53 54 // Load the language we'll be using 55 if(!isset($mybb->settings['bblanguage'])) 56 { 57 $mybb->settings['bblanguage'] = "english"; 58 } 59 if(isset($mybb->user['language']) && $lang->language_exists($mybb->user['language'])) 60 { 61 $mybb->settings['bblanguage'] = $mybb->user['language']; 62 } 63 $lang->set_language($mybb->settings['bblanguage']); 64 65 if(function_exists('mb_internal_encoding') && !empty($lang->settings['charset'])) 66 { 67 @mb_internal_encoding($lang->settings['charset']); 68 } 69 70 // Load the language pack for this file. 71 if(isset($mybb->user['style']) && intval($mybb->user['style']) != 0) 72 { 73 $loadstyle = "tid='".$mybb->user['style']."'"; 74 } 75 else 76 { 77 $loadstyle = "def=1"; 78 } 79 80 // Load basic theme information that we could be needing. 81 $query = $db->simple_select("themes", "name, tid, properties", $loadstyle); 82 $theme = $db->fetch_array($query); 83 $theme = @array_merge($theme, unserialize($theme['properties'])); 84 85 // Set the appropriate image language directory for this theme. 86 if(!empty($mybb->user['language']) && is_dir($theme['imgdir'].'/'.$mybb->user['language'])) 87 { 88 $theme['imglangdir'] = $theme['imgdir'].'/'.$mybb->user['language']; 89 } 90 else 91 { 92 if(is_dir($theme['imgdir'].'/'.$mybb->settings['bblanguage'])) 93 { 94 $theme['imglangdir'] = $theme['imgdir'].'/'.$mybb->settings['bblanguage']; 95 } 96 else 97 { 98 $theme['imglangdir'] = $theme['imgdir']; 99 } 100 } 101 102 if($lang->settings['charset']) 103 { 104 $charset = $lang->settings['charset']; 105 } 106 // If not, revert to UTF-8 107 else 108 { 109 $charset = "UTF-8"; 110 } 111 112 $lang->load("global"); 113 $lang->load("xmlhttp"); 114 115 $plugins->run_hooks("xmlhttp"); 116 117 // Fetch a list of usernames beginning with a certain string (used for auto completion) 118 if($mybb->input['action'] == "get_users") 119 { 120 // If the string is less than 3 characters, quit. 121 if(my_strlen($mybb->input['query']) < 3) 122 { 123 exit; 124 } 125 126 // Send our headers. 127 header("Content-type: text/plain; charset={$charset}"); 128 129 // Sanitize the input. 130 $mybb->input['query'] = str_replace(array("%", "_"), array("\\%", "\\_"), $mybb->input['query']); 131 132 // Query for any matching users. 133 $query_options = array( 134 "order_by" => "username", 135 "order_dir" => "asc", 136 "limit_start" => 0, 137 "limit" => 15 138 ); 139 140 $query = $db->simple_select("users", "uid, username", "username LIKE '".$db->escape_string($mybb->input['query'])."%'", $query_options); 141 while($user = $db->fetch_array($query)) 142 { 143 $user['username'] = htmlspecialchars_uni($user['username']); 144 // Send the result to the browser for this user. 145 echo "<div>\n"; 146 echo "<span class=\"username\">{$user['username']}</span>\n"; 147 echo "</div>\n"; 148 } 149 } 150 else if($mybb->input['action'] == "get_usergroups") 151 { 152 // If the string is less than 3 characters, quit. 153 if(my_strlen($mybb->input['query']) < 3) 154 { 155 exit; 156 } 157 158 // Send our headers. 159 header("Content-type: text/plain; charset={$charset}"); 160 161 // Sanitize the input. 162 $mybb->input['query'] = str_replace(array("%", "_"), array("\\%", "\\_"), $mybb->input['query']); 163 164 // Query for any matching usergroups. 165 $query_options = array( 166 "order_by" => "title", 167 "order_dir" => "asc", 168 "limit_start" => 0, 169 "limit" => 15 170 ); 171 172 $query = $db->simple_select("usergroups", "gid, title", "title LIKE '".$db->escape_string($mybb->input['query'])."%'", $query_options); 173 while($group = $db->fetch_array($query)) 174 { 175 $group['title'] = htmlspecialchars_uni($group['title']); 176 // Send the result to the browser for this usergroup. 177 echo "<div>\n"; 178 echo "<span class=\"usergroup\">{$group['title']} ({$lang->usergroup} {$group['gid']})</span>\n"; 179 echo "</div>\n"; 180 } 181 } 182 // This action provides editing of thread/post subjects from within their respective list pages. 183 else if($mybb->input['action'] == "edit_subject" && $mybb->request_method == "post") 184 { 185 // Verify POST request 186 if(!verify_post_check($mybb->input['my_post_key'], true)) 187 { 188 xmlhttp_error($lang->invalid_post_code); 189 } 190 191 // Editing a post subject. 192 if($mybb->input['pid']) 193 { 194 // Fetch the post from the database. 195 $post = get_post($mybb->input['pid']); 196 197 // No result, die. 198 if(!$post['pid']) 199 { 200 xmlhttp_error($lang->post_doesnt_exist); 201 } 202 203 // Fetch the thread associated with this post. 204 $thread = get_thread($post['tid']); 205 } 206 207 // We're editing a thread subject. 208 else if($mybb->input['tid']) 209 { 210 // Fetch the thread. 211 $thread = get_thread($mybb->input['tid']); 212 213 // Fetch some of the information from the first post of this thread. 214 $query_options = array( 215 "order_by" => "dateline", 216 "order_dir" => "asc", 217 ); 218 $query = $db->simple_select("posts", "pid,uid,dateline", "tid='".$thread['tid']."'", $query_options); 219 $post = $db->fetch_array($query); 220 } 221 // Fetch the specific forum this thread/post is in. 222 $forum = get_forum($thread['fid']); 223 224 // Missing thread, invalid forum? Error. 225 if(!$thread['tid'] || !$forum['fid'] || $forum['type'] != "f") 226 { 227 xmlhttp_error($lang->thread_doesnt_exist); 228 } 229 230 // Fetch forum permissions. 231 $forumpermissions = forum_permissions($forum['fid']); 232 233 // If this user is not a moderator with "caneditposts" permissions. 234 if(!is_moderator($forum['fid'], "caneditposts")) 235 { 236 // Thread is closed - no editing allowed. 237 if($thread['closed'] == 1) 238 { 239 xmlhttp_error($lang->thread_closed_edit_subjects); 240 } 241 // Forum is not open, user doesn't have permission to edit, or author doesn't match this user - don't allow editing. 242 else if($forum['open'] == 0 || $forumpermissions['caneditposts'] == 0 || $mybb->user['uid'] != $post['uid'] || $mybb->user['uid'] == 0) 243 { 244 xmlhttp_error($lang->no_permission_edit_subject); 245 } 246 // If we're past the edit time limit - don't allow editing. 247 else if($mybb->settings['edittimelimit'] != 0 && $post['dateline'] < (TIME_NOW-($mybb->settings['edittimelimit']*60))) 248 { 249 $lang->edit_time_limit = $lang->sprintf($lang->edit_time_limit, $mybb->settings['edittimelimit']); 250 xmlhttp_error($lang->edit_time_limit); 251 } 252 $ismod = false; 253 } 254 else 255 { 256 $ismod = true; 257 } 258 $subject = $mybb->input['value']; 259 if(my_strtolower($charset) != "utf-8") 260 { 261 if(function_exists("iconv")) 262 { 263 $subject = iconv($charset, "UTF-8//IGNORE", $subject); 264 } 265 else if(function_exists("mb_convert_encoding")) 266 { 267 $subject = @mb_convert_encoding($subject, $charset, "UTF-8"); 268 } 269 else if(my_strtolower($charset) == "iso-8859-1") 270 { 271 $subject = utf8_decode($subject); 272 } 273 } 274 275 // Set up posthandler. 276 require_once MYBB_ROOT."inc/datahandlers/post.php"; 277 $posthandler = new PostDataHandler("update"); 278 $posthandler->action = "post"; 279 280 // Set the post data that came from the input to the $post array. 281 $updatepost = array( 282 "pid" => $post['pid'], 283 "tid" => $thread['tid'], 284 "subject" => $subject, 285 "edit_uid" => $mybb->user['uid'] 286 ); 287 $posthandler->set_data($updatepost); 288 289 // Now let the post handler do all the hard work. 290 if(!$posthandler->validate_post()) 291 { 292 $post_errors = $posthandler->get_friendly_errors(); 293 $errors = implode("\n\n", $post_errors); 294 xmlhttp_error($errors); 295 } 296 // No errors were found, we can call the update method. 297 else 298 { 299 $posthandler->update_post(); 300 if($ismod == true) 301 { 302 $modlogdata = array( 303 "tid" => $thread['tid'], 304 "pid" => $post['pid'], 305 "fid" => $forum['fid'] 306 ); 307 log_moderator_action($modlogdata, $lang->edited_post); 308 } 309 } 310 311 require_once MYBB_ROOT."inc/class_parser.php"; 312 $parser = new postParser; 313 314 // Send our headers. 315 header("Content-type: text/plain; charset={$charset}"); 316 317 $mybb->input['value'] = $parser->parse_badwords($mybb->input['value']); 318 319 // Spit the subject back to the browser. 320 echo substr($mybb->input['value'], 0, 120); // 120 is the varchar length for the subject column 321 322 // Close the connection. 323 exit; 324 } 325 else if($mybb->input['action'] == "edit_post") 326 { 327 // Fetch the post from the database. 328 $post = get_post($mybb->input['pid']); 329 330 // No result, die. 331 if(!$post['pid']) 332 { 333 xmlhttp_error($lang->post_doesnt_exist); 334 } 335 336 // Fetch the thread associated with this post. 337 $thread = get_thread($post['tid']); 338 339 // Fetch the specific forum this thread/post is in. 340 $forum = get_forum($thread['fid']); 341 342 // Missing thread, invalid forum? Error. 343 if(!$thread['tid'] || !$forum['fid'] || $forum['type'] != "f") 344 { 345 xmlhttp_error($lang->thread_doesnt_exist); 346 } 347 348 // Fetch forum permissions. 349 $forumpermissions = forum_permissions($forum['fid']); 350 351 // If this user is not a moderator with "caneditposts" permissions. 352 if(!is_moderator($forum['fid'], "caneditposts")) 353 { 354 // Thread is closed - no editing allowed. 355 if($thread['closed'] == 1) 356 { 357 xmlhttp_error($lang->thread_closed_edit_message); 358 } 359 // Forum is not open, user doesn't have permission to edit, or author doesn't match this user - don't allow editing. 360 else if($forum['open'] == 0 || $forumpermissions['caneditposts'] == 0 || $mybb->user['uid'] != $post['uid'] || $mybb->user['uid'] == 0 || $mybb->user['suspendposting'] == 1) 361 { 362 xmlhttp_error($lang->no_permission_edit_post); 363 } 364 // If we're past the edit time limit - don't allow editing. 365 else if($mybb->settings['edittimelimit'] != 0 && $post['dateline'] < (TIME_NOW-($mybb->settings['edittimelimit']*60))) 366 { 367 $lang->edit_time_limit = $lang->sprintf($lang->edit_time_limit, $mybb->settings['edittimelimit']); 368 xmlhttp_error($lang->edit_time_limit); 369 } 370 } 371 372 // Forum is closed - no editing allowed (for anyone) 373 if($forum['open'] == 0) 374 { 375 xmlhttp_error($lang->no_permission_edit_post); 376 } 377 378 if($mybb->input['do'] == "get_post") 379 { 380 // Send our headers. 381 header("Content-type: text/xml; charset={$charset}"); 382 383 $post['message'] = htmlspecialchars_uni($post['message']); 384 385 // Send the contents of the post. 386 eval("\$inline_editor = \"".$templates->get("xmlhttp_inline_post_editor")."\";"); 387 echo "<?xml version=\"1.0\" encoding=\"{$charset}\"?".">"; 388 echo "<form>".$inline_editor."</form>"; 389 exit; 390 } 391 else if($mybb->input['do'] == "update_post") 392 { 393 // Verify POST request 394 if(!verify_post_check($mybb->input['my_post_key'], true)) 395 { 396 xmlhttp_error($lang->invalid_post_code); 397 } 398 399 $message = (string)$mybb->input['value']; 400 if(my_strtolower($charset) != "utf-8") 401 { 402 if(function_exists("iconv")) 403 { 404 $message = iconv($charset, "UTF-8//IGNORE", $message); 405 } 406 else if(function_exists("mb_convert_encoding")) 407 { 408 $message = @mb_convert_encoding($message, $charset, "UTF-8"); 409 } 410 else if(my_strtolower($charset) == "iso-8859-1") 411 { 412 $message = utf8_decode($message); 413 } 414 } 415 416 // Set up posthandler. 417 require_once MYBB_ROOT."inc/datahandlers/post.php"; 418 $posthandler = new PostDataHandler("update"); 419 $posthandler->action = "post"; 420 421 // Set the post data that came from the input to the $post array. 422 $updatepost = array( 423 "pid" => $mybb->input['pid'], 424 "message" => $message, 425 "edit_uid" => $mybb->user['uid'] 426 ); 427 $posthandler->set_data($updatepost); 428 429 // Now let the post handler do all the hard work. 430 if(!$posthandler->validate_post()) 431 { 432 $post_errors = $posthandler->get_friendly_errors(); 433 $errors = implode("\n\n", $post_errors); 434 xmlhttp_error($errors); 435 } 436 // No errors were found, we can call the update method. 437 else 438 { 439 $postinfo = $posthandler->update_post(); 440 $visible = $postinfo['visible']; 441 if($visible == 0 && !is_moderator()) 442 { 443 echo "<p>\n"; 444 echo $lang->post_moderation; 445 echo "</p>\n"; 446 exit; 447 } 448 } 449 450 require_once MYBB_ROOT."inc/class_parser.php"; 451 $parser = new postParser; 452 453 $parser_options = array( 454 "allow_html" => $forum['allowhtml'], 455 "allow_mycode" => $forum['allowmycode'], 456 "allow_smilies" => $forum['allowsmilies'], 457 "allow_imgcode" => $forum['allowimgcode'], 458 "allow_videocode" => $forum['allowvideocode'], 459 "me_username" => $post['username'], 460 "filter_badwords" => 1 461 ); 462 463 if($post['smilieoff'] == 1) 464 { 465 $parser_options['allow_smilies'] = 0; 466 } 467 468 $post['message'] = $parser->parse_message($message, $parser_options); 469 470 // Now lets fetch all of the attachments for these posts. 471 $query = $db->simple_select("attachments", "*", "pid='{$post['pid']}'"); 472 while($attachment = $db->fetch_array($query)) 473 { 474 $attachcache[$attachment['pid']][$attachment['aid']] = $attachment; 475 } 476 477 require_once MYBB_ROOT."inc/functions_post.php"; 478 479 get_post_attachments($post['pid'], $post); 480 481 // Figure out if we need to show an "edited by" message 482 // Only show if at least one of "showeditedby" or "showeditedbyadmin" is enabled 483 if($mybb->settings['showeditedby'] != 0 && $mybb->settings['showeditedbyadmin'] != 0) 484 { 485 $post['editdate'] = my_date($mybb->settings['dateformat'], TIME_NOW); 486 $post['edittime'] = my_date($mybb->settings['timeformat'], TIME_NOW); 487 $post['editnote'] = $lang->sprintf($lang->postbit_edited, $post['editdate'], $post['edittime']); 488 $post['editedprofilelink'] = build_profile_link($mybb->user['username'], $mybb->user['uid']); 489 eval("\$editedmsg = \"".$templates->get("postbit_editedby")."\";"); 490 } 491 492 // Send our headers. 493 header("Content-type: text/plain; charset={$charset}"); 494 echo "<p>\n"; 495 echo $post['message']; 496 echo "</p>\n"; 497 if($editedmsg) 498 { 499 echo str_replace(array("\r", "\n"), "", "<editedmsg>{$editedmsg}</editedmsg>"); 500 } 501 } 502 } 503 // Fetch the list of multiquoted posts which are not in a specific thread 504 else if($mybb->input['action'] == "get_multiquoted") 505 { 506 // If the cookie does not exist, exit 507 if(!array_key_exists("multiquote", $mybb->cookies)) 508 { 509 exit; 510 } 511 // Divide up the cookie using our delimeter 512 $multiquoted = explode("|", $mybb->cookies['multiquote']); 513 514 // No values - exit 515 if(!is_array($multiquoted)) 516 { 517 exit; 518 } 519 520 // Loop through each post ID and sanitize it before querying 521 foreach($multiquoted as $post) 522 { 523 $quoted_posts[$post] = intval($post); 524 } 525 526 // Join the post IDs back together 527 $quoted_posts = implode(",", $quoted_posts); 528 529 // Fetch unviewable forums 530 $unviewable_forums = get_unviewable_forums(); 531 if($unviewable_forums) 532 { 533 $unviewable_forums = "AND t.fid NOT IN ({$unviewable_forums})"; 534 } 535 $message = ''; 536 537 // Are we loading all quoted posts or only those not in the current thread? 538 if(!$mybb->input['load_all']) 539 { 540 $from_tid = "p.tid != '".intval($mybb->input['tid'])."' AND "; 541 } 542 else 543 { 544 $from_tid = ''; 545 } 546 547 require_once MYBB_ROOT."inc/class_parser.php"; 548 $parser = new postParser; 549 550 require_once MYBB_ROOT."inc/functions_posting.php"; 551 552 // Query for any posts in the list which are not within the specified thread 553 $query = $db->query(" 554 SELECT p.subject, p.message, p.pid, p.tid, p.username, p.dateline, t.fid, p.visible, u.username AS userusername 555 FROM ".TABLE_PREFIX."posts p 556 LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid) 557 LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=p.uid) 558 WHERE {$from_tid}p.pid IN ($quoted_posts) {$unviewable_forums} 559 "); 560 while($quoted_post = $db->fetch_array($query)) 561 { 562 if(!is_moderator($quoted_post['fid']) && $quoted_post['visible'] == 0) 563 { 564 continue; 565 } 566 567 $message .= parse_quoted_message($quoted_post, false); 568 } 569 if($mybb->settings['maxquotedepth'] != '0') 570 { 571 $message = remove_message_quotes($message); 572 } 573 574 // Send our headers. 575 header("Content-type: text/plain; charset={$charset}"); 576 echo $message; 577 exit; 578 } 579 else if($mybb->input['action'] == "refresh_captcha") 580 { 581 $imagehash = $db->escape_string($mybb->input['imagehash']); 582 $query = $db->simple_select("captcha", "dateline", "imagehash='$imagehash'"); 583 if($db->num_rows($query) == 0) 584 { 585 xmlhttp_error($lang->captcha_not_exists); 586 } 587 $db->delete_query("captcha", "imagehash='$imagehash'"); 588 $randomstr = random_str(5); 589 $imagehash = md5(random_str(12)); 590 $regimagearray = array( 591 "imagehash" => $imagehash, 592 "imagestring" => $randomstr, 593 "dateline" => TIME_NOW 594 ); 595 $db->insert_query("captcha", $regimagearray); 596 header("Content-type: text/plain; charset={$charset}"); 597 echo $imagehash; 598 } 599 else if($mybb->input['action'] == "validate_captcha") 600 { 601 header("Content-type: text/xml; charset={$charset}"); 602 $imagehash = $db->escape_string($mybb->input['imagehash']); 603 $query = $db->simple_select("captcha", "imagestring", "imagehash='$imagehash'"); 604 if($db->num_rows($query) == 0) 605 { 606 echo "<fail>{$lang->captcha_valid_not_exists}</fail>"; 607 exit; 608 } 609 $imagestring = $db->fetch_field($query, 'imagestring'); 610 611 if(my_strtolower($imagestring) == my_strtolower($mybb->input['value'])) 612 { 613 echo "<success>{$lang->captcha_matches}</success>"; 614 exit; 615 } 616 else 617 { 618 echo "<fail>{$lang->captcha_does_not_match}</fail>"; 619 exit; 620 } 621 } 622 else if($mybb->input['action'] == "complex_password") 623 { 624 $password = trim($mybb->input['value']); 625 $password = str_replace(array(unichr(160), unichr(173), unichr(0xCA), dec_to_utf8(8238), dec_to_utf8(8237), dec_to_utf8(8203)), array(" ", "-", "", "", "", ""), $password); 626 627 header("Content-type: text/xml; charset={$charset}"); 628 if(!preg_match("/^.*(?=.{".$mybb->settings['minpasswordlength'].",})(?=.*\d)(?=.*[a-z])(?=.*[A-Z]).*$/", $password)) 629 { 630 echo "<fail>{$lang->complex_password_fails}</fail>"; 631 } 632 else 633 { 634 // Return nothing but an OK password if passes regex 635 echo "<success></success>"; 636 } 637 638 exit; 639 } 640 else if($mybb->input['action'] == "username_availability") 641 { 642 if(!verify_post_check($mybb->input['my_post_key'], true)) 643 { 644 xmlhttp_error($lang->invalid_post_code); 645 } 646 647 require_once MYBB_ROOT."inc/functions_user.php"; 648 $username = $mybb->input['value']; 649 650 // Fix bad characters 651 $username = trim($username); 652 $username = str_replace(array(unichr(160), unichr(173), unichr(0xCA), dec_to_utf8(8238), dec_to_utf8(8237), dec_to_utf8(8203)), array(" ", "-", "", "", "", ""), $username); 653 654 // Remove multiple spaces from the username 655 $username = preg_replace("#\s{2,}#", " ", $username); 656 657 header("Content-type: text/xml; charset={$charset}"); 658 659 if(empty($username)) 660 { 661 echo "<fail>{$lang->banned_characters_username}</fail>"; 662 exit; 663 } 664 665 // Check if the username belongs to the list of banned usernames. 666 $banned_username = is_banned_username($username, true); 667 if($banned_username) 668 { 669 echo "<fail>{$lang->banned_username}</fail>"; 670 exit; 671 } 672 673 // Check for certain characters in username (<, >, &, and slashes) 674 if(strpos($username, "<") !== false || strpos($username, ">") !== false || strpos($username, "&") !== false || my_strpos($username, "\\") !== false || strpos($username, ";") !== false) 675 { 676 echo "<fail>{$lang->banned_characters_username}</fail>"; 677 exit; 678 } 679 680 // Check if the username is actually already in use 681 $query = $db->simple_select("users", "uid", "LOWER(username)='".$db->escape_string(my_strtolower($username))."'"); 682 $user = $db->fetch_array($query); 683 684 if($user['uid']) 685 { 686 $lang->username_taken = $lang->sprintf($lang->username_taken, htmlspecialchars_uni($username)); 687 echo "<fail>{$lang->username_taken}</fail>"; 688 exit; 689 } 690 else 691 { 692 $lang->username_available = $lang->sprintf($lang->username_available, htmlspecialchars_uni($username)); 693 echo "<success>{$lang->username_available}</success>"; 694 exit; 695 } 696 } 697 else if($mybb->input['action'] == "username_exists") 698 { 699 if(!verify_post_check($mybb->input['my_post_key'], true)) 700 { 701 xmlhttp_error($lang->invalid_post_code); 702 } 703 704 require_once MYBB_ROOT."inc/functions_user.php"; 705 $username = $mybb->input['value']; 706 707 header("Content-type: text/xml; charset={$charset}"); 708 709 if(!trim($username)) 710 { 711 echo "<success></success>"; 712 exit; 713 } 714 715 // Check if the username actually exists 716 $query = $db->simple_select("users", "uid", "LOWER(username)='".$db->escape_string(my_strtolower($username))."'"); 717 $user = $db->fetch_array($query); 718 719 if($user['uid']) 720 { 721 $lang->valid_username = $lang->sprintf($lang->valid_username, htmlspecialchars_uni($username)); 722 echo "<success>{$lang->valid_username}</success>"; 723 exit; 724 } 725 else 726 { 727 $lang->invalid_username = htmlspecialchars_uni($lang->sprintf($lang->invalid_username, htmlspecialchars_uni($username))); 728 echo "<fail>{$lang->invalid_username}</fail>"; 729 exit; 730 } 731 } 732 else if($mybb->input['action'] == "get_buddyselect") 733 { 734 // Send our headers. 735 header("Content-type: text/plain; charset={$charset}"); 736 737 if($mybb->user['buddylist'] != "") 738 { 739 $query_options = array( 740 "order_by" => "username", 741 "order_dir" => "asc" 742 ); 743 $timecut = TIME_NOW - $mybb->settings['wolcutoff']; 744 $query = $db->simple_select("users", "uid, username, usergroup, displaygroup, lastactive, lastvisit, invisible", "uid IN ({$mybb->user['buddylist']})", $query_options); 745 $online = array(); 746 $offline = array(); 747 while($buddy = $db->fetch_array($query)) 748 { 749 $buddy_name = format_name($buddy['username'], $buddy['usergroup'], $buddy['displaygroup']); 750 $profile_link = build_profile_link($buddy_name, $buddy['uid'], '_blank'); 751 if($buddy['lastactive'] > $timecut && ($buddy['invisible'] == 0 || $mybb->user['usergroup'] == 4) && $buddy['lastvisit'] != $buddy['lastactive']) 752 { 753 eval("\$online[] = \"".$templates->get("xmlhttp_buddyselect_online")."\";"); 754 } 755 else 756 { 757 eval("\$offline[] = \"".$templates->get("xmlhttp_buddyselect_offline")."\";"); 758 } 759 } 760 $online = implode("", $online); 761 $offline = implode("", $offline); 762 eval("\$buddy_select = \"".$templates->get("xmlhttp_buddyselect")."\";"); 763 echo $buddy_select; 764 } 765 else 766 { 767 xmlhttp_error($lang->buddylist_error); 768 } 769 } 770 771 /** 772 * Spits an XML Http based error message back to the browser 773 * 774 * @param string The message to send back. 775 */ 776 function xmlhttp_error($message) 777 { 778 global $charset; 779 780 // Send our headers. 781 header("Content-type: text/xml; charset={$charset}"); 782 783 // Send the error message. 784 echo "<error>".$message."</error>"; 785 786 // Exit 787 exit; 788 } 789 790 ?>
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Sun Dec 11 14:16:27 2011 | Cross-referenced by PHPXref 0.7.1 |