| [ Index ] |
PHP Cross Reference of MyBB |
[Summary view] [Print] [Text view]
1 <?php 2 /** 3 * MyBB 1.6 4 * Copyright 2010 MyBB Group, All Rights Reserved 5 * 6 * Website: http://mybb.com 7 * License: http://mybb.com/about/license 8 * 9 * $Id$ 10 */ 11 12 /** 13 * The deal with this file is that it handles all of the XML HTTP Requests for MyBB. 14 * 15 * It contains a stripped down version of the MyBB core which does not load things 16 * such as themes, who's online data, all of the language packs and more. 17 * 18 * This is done to make response times when using XML HTTP Requests faster and 19 * less intense on the server. 20 */ 21 22 define("IN_MYBB", 1); 23 24 // We don't want visits here showing up on the Who's Online 25 define("NO_ONLINE", 1); 26 27 define('THIS_SCRIPT', 'xmlhttp.php'); 28 29 // Load MyBB core files 30 require_once dirname(__FILE__)."/inc/init.php"; 31 32 $shutdown_queries = array(); 33 34 // Load some of the stock caches we'll be using. 35 $groupscache = $cache->read("usergroups"); 36 37 if(!is_array($groupscache)) 38 { 39 $cache->update_usergroups(); 40 $groupscache = $cache->read("usergroups"); 41 } 42 43 // Send no cache headers 44 header("Expires: Sat, 1 Jan 2000 01:00:00 GMT"); 45 header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); 46 header("Cache-Control: no-cache, must-revalidate"); 47 header("Pragma: no-cache"); 48 49 // Create the session 50 require_once MYBB_ROOT."inc/class_session.php"; 51 $session = new session; 52 $session->init(); 53 54 // Load the language we'll be using 55 if(!isset($mybb->settings['bblanguage'])) 56 { 57 $mybb->settings['bblanguage'] = "english"; 58 } 59 if(isset($mybb->user['language']) && $lang->language_exists($mybb->user['language'])) 60 { 61 $mybb->settings['bblanguage'] = $mybb->user['language']; 62 } 63 $lang->set_language($mybb->settings['bblanguage']); 64 65 if(function_exists('mb_internal_encoding') && !empty($lang->settings['charset'])) 66 { 67 @mb_internal_encoding($lang->settings['charset']); 68 } 69 70 // Load the language pack for this file. 71 if(isset($mybb->user['style']) && intval($mybb->user['style']) != 0) 72 { 73 $loadstyle = "tid='".$mybb->user['style']."'"; 74 } 75 else 76 { 77 $loadstyle = "def=1"; 78 } 79 80 // Load basic theme information that we could be needing. 81 $query = $db->simple_select("themes", "name, tid, properties", $loadstyle); 82 $theme = $db->fetch_array($query); 83 $theme = @array_merge($theme, unserialize($theme['properties'])); 84 85 // Set the appropriate image language directory for this theme. 86 if(!empty($mybb->user['language']) && is_dir($theme['imgdir'].'/'.$mybb->user['language'])) 87 { 88 $theme['imglangdir'] = $theme['imgdir'].'/'.$mybb->user['language']; 89 } 90 else 91 { 92 if(is_dir($theme['imgdir'].'/'.$mybb->settings['bblanguage'])) 93 { 94 $theme['imglangdir'] = $theme['imgdir'].'/'.$mybb->settings['bblanguage']; 95 } 96 else 97 { 98 $theme['imglangdir'] = $theme['imgdir']; 99 } 100 } 101 102 $templatelist = "postbit_editedby,xmlhttp_inline_post_editor,xmlhttp_buddyselect_online,xmlhttp_buddyselect_offline,xmlhttp_buddyselect"; 103 $templates->cache($db->escape_string($templatelist)); 104 105 if($lang->settings['charset']) 106 { 107 $charset = $lang->settings['charset']; 108 } 109 // If not, revert to UTF-8 110 else 111 { 112 $charset = "UTF-8"; 113 } 114 115 $lang->load("global"); 116 $lang->load("xmlhttp"); 117 118 $plugins->run_hooks("xmlhttp"); 119 120 // Fetch a list of usernames beginning with a certain string (used for auto completion) 121 if($mybb->input['action'] == "get_users") 122 { 123 // If the string is less than 3 characters, quit. 124 if(my_strlen($mybb->input['query']) < 3) 125 { 126 exit; 127 } 128 129 // Send our headers. 130 header("Content-type: text/plain; charset={$charset}"); 131 132 // Query for any matching users. 133 $query_options = array( 134 "order_by" => "username", 135 "order_dir" => "asc", 136 "limit_start" => 0, 137 "limit" => 15 138 ); 139 140 $query = $db->simple_select("users", "uid, username", "username LIKE '".$db->escape_string_like($mybb->input['query'])."%'", $query_options); 141 while($user = $db->fetch_array($query)) 142 { 143 $user['username'] = htmlspecialchars_uni($user['username']); 144 // Send the result to the browser for this user. 145 echo "<div>\n"; 146 echo "<span class=\"username\">{$user['username']}</span>\n"; 147 echo "</div>\n"; 148 } 149 } 150 else if($mybb->input['action'] == "get_usergroups") 151 { 152 // If the string is less than 3 characters, quit. 153 if(my_strlen($mybb->input['query']) < 3) 154 { 155 exit; 156 } 157 158 // Send our headers. 159 header("Content-type: text/plain; charset={$charset}"); 160 161 // Sanitize the input. 162 $mybb->input['query'] = str_replace(array("%", "_"), array("\\%", "\\_"), $mybb->input['query']); 163 164 // Query for any matching usergroups. 165 $query_options = array( 166 "order_by" => "title", 167 "order_dir" => "asc", 168 "limit_start" => 0, 169 "limit" => 15 170 ); 171 172 $query = $db->simple_select("usergroups", "gid, title", "title LIKE '".$db->escape_string($mybb->input['query'])."%'", $query_options); 173 while($group = $db->fetch_array($query)) 174 { 175 $group['title'] = htmlspecialchars_uni($group['title']); 176 // Send the result to the browser for this usergroup. 177 echo "<div>\n"; 178 echo "<span class=\"usergroup\">{$group['title']} ({$lang->usergroup} {$group['gid']})</span>\n"; 179 echo "</div>\n"; 180 } 181 } 182 // This action provides editing of thread/post subjects from within their respective list pages. 183 else if($mybb->input['action'] == "edit_subject" && $mybb->request_method == "post") 184 { 185 // Verify POST request 186 if(!verify_post_check($mybb->input['my_post_key'], true)) 187 { 188 xmlhttp_error($lang->invalid_post_code); 189 } 190 191 // Editing a post subject. 192 if($mybb->input['pid']) 193 { 194 // Fetch the post from the database. 195 $post = get_post($mybb->input['pid']); 196 197 // No result, die. 198 if(!$post['pid']) 199 { 200 xmlhttp_error($lang->post_doesnt_exist); 201 } 202 203 // Fetch the thread associated with this post. 204 $thread = get_thread($post['tid']); 205 } 206 207 // We're editing a thread subject. 208 else if($mybb->input['tid']) 209 { 210 // Fetch the thread. 211 $thread = get_thread($mybb->input['tid']); 212 213 // Fetch some of the information from the first post of this thread. 214 $query_options = array( 215 "order_by" => "dateline", 216 "order_dir" => "asc", 217 ); 218 $query = $db->simple_select("posts", "pid,uid,dateline", "tid='".$thread['tid']."'", $query_options); 219 $post = $db->fetch_array($query); 220 } 221 // Fetch the specific forum this thread/post is in. 222 $forum = get_forum($thread['fid']); 223 224 // Missing thread, invalid forum? Error. 225 if(!$thread['tid'] || !$forum['fid'] || $forum['type'] != "f") 226 { 227 xmlhttp_error($lang->thread_doesnt_exist); 228 } 229 230 // Fetch forum permissions. 231 $forumpermissions = forum_permissions($forum['fid']); 232 233 // If this user is not a moderator with "caneditposts" permissions. 234 if(!is_moderator($forum['fid'], "caneditposts")) 235 { 236 // Thread is closed - no editing allowed. 237 if($thread['closed'] == 1) 238 { 239 xmlhttp_error($lang->thread_closed_edit_subjects); 240 } 241 // Forum is not open, user doesn't have permission to edit, or author doesn't match this user - don't allow editing. 242 else if($forum['open'] == 0 || $forumpermissions['caneditposts'] == 0 || $mybb->user['uid'] != $post['uid'] || $mybb->user['uid'] == 0) 243 { 244 xmlhttp_error($lang->no_permission_edit_subject); 245 } 246 // If we're past the edit time limit - don't allow editing. 247 else if($mybb->settings['edittimelimit'] != 0 && $post['dateline'] < (TIME_NOW-($mybb->settings['edittimelimit']*60))) 248 { 249 $lang->edit_time_limit = $lang->sprintf($lang->edit_time_limit, $mybb->settings['edittimelimit']); 250 xmlhttp_error($lang->edit_time_limit); 251 } 252 $ismod = false; 253 } 254 else 255 { 256 $ismod = true; 257 } 258 $subject = $mybb->input['value']; 259 if(my_strtolower($charset) != "utf-8") 260 { 261 if(function_exists("iconv")) 262 { 263 $subject = iconv($charset, "UTF-8//IGNORE", $subject); 264 } 265 else if(function_exists("mb_convert_encoding")) 266 { 267 $subject = @mb_convert_encoding($subject, $charset, "UTF-8"); 268 } 269 else if(my_strtolower($charset) == "iso-8859-1") 270 { 271 $subject = utf8_decode($subject); 272 } 273 } 274 275 // Set up posthandler. 276 require_once MYBB_ROOT."inc/datahandlers/post.php"; 277 $posthandler = new PostDataHandler("update"); 278 $posthandler->action = "post"; 279 280 // Set the post data that came from the input to the $post array. 281 $updatepost = array( 282 "pid" => $post['pid'], 283 "tid" => $thread['tid'], 284 "subject" => $subject, 285 "edit_uid" => $mybb->user['uid'] 286 ); 287 $posthandler->set_data($updatepost); 288 289 // Now let the post handler do all the hard work. 290 if(!$posthandler->validate_post()) 291 { 292 $post_errors = $posthandler->get_friendly_errors(); 293 $errors = implode("\n\n", $post_errors); 294 xmlhttp_error($errors); 295 } 296 // No errors were found, we can call the update method. 297 else 298 { 299 $posthandler->update_post(); 300 if($ismod == true) 301 { 302 $modlogdata = array( 303 "tid" => $thread['tid'], 304 "pid" => $post['pid'], 305 "fid" => $forum['fid'] 306 ); 307 log_moderator_action($modlogdata, $lang->edited_post); 308 } 309 } 310 311 require_once MYBB_ROOT."inc/class_parser.php"; 312 $parser = new postParser; 313 314 // Send our headers. 315 header("Content-type: text/plain; charset={$charset}"); 316 317 $mybb->input['value'] = $parser->parse_badwords($mybb->input['value']); 318 319 // Spit the subject back to the browser. 320 echo substr($mybb->input['value'], 0, 120); // 120 is the varchar length for the subject column 321 322 // Close the connection. 323 exit; 324 } 325 else if($mybb->input['action'] == "edit_post") 326 { 327 // Fetch the post from the database. 328 $post = get_post($mybb->input['pid']); 329 330 // No result, die. 331 if(!$post['pid']) 332 { 333 xmlhttp_error($lang->post_doesnt_exist); 334 } 335 336 // Fetch the thread associated with this post. 337 $thread = get_thread($post['tid']); 338 339 // Fetch the specific forum this thread/post is in. 340 $forum = get_forum($thread['fid']); 341 342 // Missing thread, invalid forum? Error. 343 if(!$thread['tid'] || !$forum['fid'] || $forum['type'] != "f") 344 { 345 xmlhttp_error($lang->thread_doesnt_exist); 346 } 347 348 // Fetch forum permissions. 349 $forumpermissions = forum_permissions($forum['fid']); 350 351 // If this user is not a moderator with "caneditposts" permissions. 352 if(!is_moderator($forum['fid'], "caneditposts")) 353 { 354 // Thread is closed - no editing allowed. 355 if($thread['closed'] == 1) 356 { 357 xmlhttp_error($lang->thread_closed_edit_message); 358 } 359 // Forum is not open, user doesn't have permission to edit, or author doesn't match this user - don't allow editing. 360 else if($forum['open'] == 0 || $forumpermissions['caneditposts'] == 0 || $mybb->user['uid'] != $post['uid'] || $mybb->user['uid'] == 0 || $mybb->user['suspendposting'] == 1) 361 { 362 xmlhttp_error($lang->no_permission_edit_post); 363 } 364 // If we're past the edit time limit - don't allow editing. 365 else if($mybb->settings['edittimelimit'] != 0 && $post['dateline'] < (TIME_NOW-($mybb->settings['edittimelimit']*60))) 366 { 367 $lang->edit_time_limit = $lang->sprintf($lang->edit_time_limit, $mybb->settings['edittimelimit']); 368 xmlhttp_error($lang->edit_time_limit); 369 } 370 // User can't edit unapproved post 371 if($post['visible'] == 0) 372 { 373 xmlhttp_error($lang->post_moderation); 374 } 375 376 // Forum is closed - no editing allowed 377 if($forum['open'] == 0) 378 { 379 xmlhttp_error($lang->no_permission_edit_post); 380 } 381 } 382 if($mybb->input['do'] == "get_post") 383 { 384 // Send our headers. 385 header("Content-type: text/xml; charset={$charset}"); 386 387 $post['message'] = htmlspecialchars_uni($post['message']); 388 389 // Send the contents of the post. 390 eval("\$inline_editor = \"".$templates->get("xmlhttp_inline_post_editor")."\";"); 391 echo "<?xml version=\"1.0\" encoding=\"{$charset}\"?".">"; 392 echo "<form>".$inline_editor."</form>"; 393 exit; 394 } 395 else if($mybb->input['do'] == "update_post") 396 { 397 // Verify POST request 398 if(!verify_post_check($mybb->input['my_post_key'], true)) 399 { 400 xmlhttp_error($lang->invalid_post_code); 401 } 402 403 $message = (string)$mybb->input['value']; 404 if(my_strtolower($charset) != "utf-8") 405 { 406 if(function_exists("iconv")) 407 { 408 $message = iconv($charset, "UTF-8//IGNORE", $message); 409 } 410 else if(function_exists("mb_convert_encoding")) 411 { 412 $message = @mb_convert_encoding($message, $charset, "UTF-8"); 413 } 414 else if(my_strtolower($charset) == "iso-8859-1") 415 { 416 $message = utf8_decode($message); 417 } 418 } 419 420 // Set up posthandler. 421 require_once MYBB_ROOT."inc/datahandlers/post.php"; 422 $posthandler = new PostDataHandler("update"); 423 $posthandler->action = "post"; 424 425 // Set the post data that came from the input to the $post array. 426 $updatepost = array( 427 "pid" => $mybb->input['pid'], 428 "message" => $message, 429 "edit_uid" => $mybb->user['uid'] 430 ); 431 $posthandler->set_data($updatepost); 432 433 // Now let the post handler do all the hard work. 434 if(!$posthandler->validate_post()) 435 { 436 $post_errors = $posthandler->get_friendly_errors(); 437 $errors = implode("\n\n", $post_errors); 438 xmlhttp_error($errors); 439 } 440 // No errors were found, we can call the update method. 441 else 442 { 443 $postinfo = $posthandler->update_post(); 444 $visible = $postinfo['visible']; 445 if($visible == 0 && !is_moderator($post['fid'])) 446 { 447 echo "<p>\n"; 448 echo $lang->post_moderation; 449 echo "</p>\n"; 450 exit; 451 } 452 } 453 454 require_once MYBB_ROOT."inc/class_parser.php"; 455 $parser = new postParser; 456 457 $parser_options = array( 458 "allow_html" => $forum['allowhtml'], 459 "allow_mycode" => $forum['allowmycode'], 460 "allow_smilies" => $forum['allowsmilies'], 461 "allow_imgcode" => $forum['allowimgcode'], 462 "allow_videocode" => $forum['allowvideocode'], 463 "me_username" => $post['username'], 464 "filter_badwords" => 1 465 ); 466 467 if($post['smilieoff'] == 1) 468 { 469 $parser_options['allow_smilies'] = 0; 470 } 471 472 $post['message'] = $parser->parse_message($message, $parser_options); 473 474 // Now lets fetch all of the attachments for these posts. 475 $query = $db->simple_select("attachments", "*", "pid='{$post['pid']}'"); 476 while($attachment = $db->fetch_array($query)) 477 { 478 $attachcache[$attachment['pid']][$attachment['aid']] = $attachment; 479 } 480 481 require_once MYBB_ROOT."inc/functions_post.php"; 482 483 get_post_attachments($post['pid'], $post); 484 485 // Figure out if we need to show an "edited by" message 486 // Only show if at least one of "showeditedby" or "showeditedbyadmin" is enabled 487 if($mybb->settings['showeditedby'] != 0 && $mybb->settings['showeditedbyadmin'] != 0) 488 { 489 $post['editdate'] = my_date($mybb->settings['dateformat'], TIME_NOW); 490 $post['edittime'] = my_date($mybb->settings['timeformat'], TIME_NOW); 491 $post['editnote'] = $lang->sprintf($lang->postbit_edited, $post['editdate'], $post['edittime']); 492 $post['editedprofilelink'] = build_profile_link($mybb->user['username'], $mybb->user['uid']); 493 eval("\$editedmsg = \"".$templates->get("postbit_editedby")."\";"); 494 } 495 496 // Send our headers. 497 header("Content-type: text/plain; charset={$charset}"); 498 echo $post['message']."\n"; 499 if($editedmsg) 500 { 501 echo str_replace(array("\r", "\n"), "", "<editedmsg>{$editedmsg}</editedmsg>"); 502 } 503 } 504 } 505 // Fetch the list of multiquoted posts which are not in a specific thread 506 else if($mybb->input['action'] == "get_multiquoted") 507 { 508 // If the cookie does not exist, exit 509 if(!array_key_exists("multiquote", $mybb->cookies)) 510 { 511 exit; 512 } 513 // Divide up the cookie using our delimeter 514 $multiquoted = explode("|", $mybb->cookies['multiquote']); 515 516 // No values - exit 517 if(!is_array($multiquoted)) 518 { 519 exit; 520 } 521 522 // Loop through each post ID and sanitize it before querying 523 foreach($multiquoted as $post) 524 { 525 $quoted_posts[$post] = intval($post); 526 } 527 528 // Join the post IDs back together 529 $quoted_posts = implode(",", $quoted_posts); 530 531 // Fetch unviewable forums 532 $unviewable_forums = get_unviewable_forums(); 533 if($unviewable_forums) 534 { 535 $unviewable_forums = "AND t.fid NOT IN ({$unviewable_forums})"; 536 } 537 $message = ''; 538 539 // Are we loading all quoted posts or only those not in the current thread? 540 if(!$mybb->input['load_all']) 541 { 542 $from_tid = "p.tid != '".intval($mybb->input['tid'])."' AND "; 543 } 544 else 545 { 546 $from_tid = ''; 547 } 548 549 require_once MYBB_ROOT."inc/class_parser.php"; 550 $parser = new postParser; 551 552 require_once MYBB_ROOT."inc/functions_posting.php"; 553 554 // Query for any posts in the list which are not within the specified thread 555 $query = $db->query(" 556 SELECT p.subject, p.message, p.pid, p.tid, p.username, p.dateline, t.fid, p.visible, u.username AS userusername 557 FROM ".TABLE_PREFIX."posts p 558 LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid) 559 LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=p.uid) 560 WHERE {$from_tid}p.pid IN ($quoted_posts) {$unviewable_forums} 561 ORDER BY p.dateline 562 "); 563 while($quoted_post = $db->fetch_array($query)) 564 { 565 if(!is_moderator($quoted_post['fid']) && $quoted_post['visible'] == 0) 566 { 567 continue; 568 } 569 570 $message .= parse_quoted_message($quoted_post, false); 571 } 572 if($mybb->settings['maxquotedepth'] != '0') 573 { 574 $message = remove_message_quotes($message); 575 } 576 577 // Send our headers. 578 header("Content-type: text/plain; charset={$charset}"); 579 echo $message; 580 exit; 581 } 582 else if($mybb->input['action'] == "refresh_captcha") 583 { 584 $imagehash = $db->escape_string($mybb->input['imagehash']); 585 $query = $db->simple_select("captcha", "dateline", "imagehash='$imagehash'"); 586 if($db->num_rows($query) == 0) 587 { 588 xmlhttp_error($lang->captcha_not_exists); 589 } 590 $db->delete_query("captcha", "imagehash='$imagehash'"); 591 $randomstr = random_str(5); 592 $imagehash = md5(random_str(12)); 593 $regimagearray = array( 594 "imagehash" => $imagehash, 595 "imagestring" => $randomstr, 596 "dateline" => TIME_NOW 597 ); 598 $db->insert_query("captcha", $regimagearray); 599 header("Content-type: text/plain; charset={$charset}"); 600 echo $imagehash; 601 } 602 else if($mybb->input['action'] == "validate_captcha") 603 { 604 header("Content-type: text/xml; charset={$charset}"); 605 $imagehash = $db->escape_string($mybb->input['imagehash']); 606 $query = $db->simple_select("captcha", "imagestring", "imagehash='$imagehash'"); 607 if($db->num_rows($query) == 0) 608 { 609 echo "<fail>{$lang->captcha_valid_not_exists}</fail>"; 610 exit; 611 } 612 $imagestring = $db->fetch_field($query, 'imagestring'); 613 614 if(my_strtolower($imagestring) == my_strtolower($mybb->input['value'])) 615 { 616 echo "<success>{$lang->captcha_matches}</success>"; 617 exit; 618 } 619 else 620 { 621 echo "<fail>{$lang->captcha_does_not_match}</fail>"; 622 exit; 623 } 624 } 625 else if($mybb->input['action'] == "complex_password") 626 { 627 $password = trim($mybb->input['value']); 628 $password = str_replace(array(unichr(160), unichr(173), unichr(0xCA), dec_to_utf8(8238), dec_to_utf8(8237), dec_to_utf8(8203)), array(" ", "-", "", "", "", ""), $password); 629 630 header("Content-type: text/xml; charset={$charset}"); 631 if(!preg_match("/^.*(?=.{".$mybb->settings['minpasswordlength'].",})(?=.*\d)(?=.*[a-z])(?=.*[A-Z]).*$/", $password)) 632 { 633 echo "<fail>{$lang->complex_password_fails}</fail>"; 634 } 635 else 636 { 637 // Return nothing but an OK password if passes regex 638 echo "<success></success>"; 639 } 640 641 exit; 642 } 643 else if($mybb->input['action'] == "username_availability") 644 { 645 if(!verify_post_check($mybb->input['my_post_key'], true)) 646 { 647 xmlhttp_error($lang->invalid_post_code); 648 } 649 650 require_once MYBB_ROOT."inc/functions_user.php"; 651 $username = $mybb->input['value']; 652 653 // Fix bad characters 654 $username = trim($username); 655 $username = str_replace(array(unichr(160), unichr(173), unichr(0xCA), dec_to_utf8(8238), dec_to_utf8(8237), dec_to_utf8(8203)), array(" ", "-", "", "", "", ""), $username); 656 657 // Remove multiple spaces from the username 658 $username = preg_replace("#\s{2,}#", " ", $username); 659 660 header("Content-type: text/xml; charset={$charset}"); 661 662 if(empty($username) || utf8_handle_4byte_string($username, false) == false) 663 { 664 echo "<fail>{$lang->banned_characters_username}</fail>"; 665 exit; 666 } 667 668 // Check if the username belongs to the list of banned usernames. 669 $banned_username = is_banned_username($username, true); 670 if($banned_username) 671 { 672 echo "<fail>{$lang->banned_username}</fail>"; 673 exit; 674 } 675 676 // Check for certain characters in username (<, >, &, and slashes) 677 if(strpos($username, "<") !== false || strpos($username, ">") !== false || strpos($username, "&") !== false || my_strpos($username, "\\") !== false || strpos($username, ";") !== false) 678 { 679 echo "<fail>{$lang->banned_characters_username}</fail>"; 680 exit; 681 } 682 683 // Check if the username is actually already in use 684 $query = $db->simple_select("users", "uid", "LOWER(username)='".$db->escape_string(my_strtolower($username))."'"); 685 $user = $db->fetch_array($query); 686 687 if($user['uid']) 688 { 689 $lang->username_taken = $lang->sprintf($lang->username_taken, htmlspecialchars_uni($username)); 690 echo "<fail>{$lang->username_taken}</fail>"; 691 exit; 692 } 693 else 694 { 695 $lang->username_available = $lang->sprintf($lang->username_available, htmlspecialchars_uni($username)); 696 echo "<success>{$lang->username_available}</success>"; 697 exit; 698 } 699 } 700 else if($mybb->input['action'] == "username_exists") 701 { 702 if(!verify_post_check($mybb->input['my_post_key'], true)) 703 { 704 xmlhttp_error($lang->invalid_post_code); 705 } 706 707 require_once MYBB_ROOT."inc/functions_user.php"; 708 $username = $mybb->input['value']; 709 710 header("Content-type: text/xml; charset={$charset}"); 711 712 if(!trim($username)) 713 { 714 echo "<success></success>"; 715 exit; 716 } 717 718 // Check if the username actually exists 719 $query = $db->simple_select("users", "uid", "LOWER(username)='".$db->escape_string(my_strtolower($username))."'"); 720 $user = $db->fetch_array($query); 721 722 if($user['uid']) 723 { 724 $lang->valid_username = $lang->sprintf($lang->valid_username, htmlspecialchars_uni($username)); 725 echo "<success>{$lang->valid_username}</success>"; 726 exit; 727 } 728 else 729 { 730 $lang->invalid_username = htmlspecialchars_uni($lang->sprintf($lang->invalid_username, htmlspecialchars_uni($username))); 731 echo "<fail>{$lang->invalid_username}</fail>"; 732 exit; 733 } 734 } 735 else if($mybb->input['action'] == "get_buddyselect") 736 { 737 // Send our headers. 738 header("Content-type: text/plain; charset={$charset}"); 739 740 if($mybb->user['buddylist'] != "") 741 { 742 $query_options = array( 743 "order_by" => "username", 744 "order_dir" => "asc" 745 ); 746 $timecut = TIME_NOW - $mybb->settings['wolcutoff']; 747 $query = $db->simple_select("users", "uid, username, usergroup, displaygroup, lastactive, lastvisit, invisible", "uid IN ({$mybb->user['buddylist']})", $query_options); 748 $online = array(); 749 $offline = array(); 750 while($buddy = $db->fetch_array($query)) 751 { 752 $buddy_name = format_name($buddy['username'], $buddy['usergroup'], $buddy['displaygroup']); 753 $profile_link = build_profile_link($buddy_name, $buddy['uid'], '_blank'); 754 if($buddy['lastactive'] > $timecut && ($buddy['invisible'] == 0 || $mybb->user['usergroup'] == 4) && $buddy['lastvisit'] != $buddy['lastactive']) 755 { 756 eval("\$online[] = \"".$templates->get("xmlhttp_buddyselect_online")."\";"); 757 } 758 else 759 { 760 eval("\$offline[] = \"".$templates->get("xmlhttp_buddyselect_offline")."\";"); 761 } 762 } 763 $online = implode("", $online); 764 $offline = implode("", $offline); 765 eval("\$buddy_select = \"".$templates->get("xmlhttp_buddyselect")."\";"); 766 echo $buddy_select; 767 } 768 else 769 { 770 xmlhttp_error($lang->buddylist_error); 771 } 772 } 773 774 /** 775 * Spits an XML Http based error message back to the browser 776 * 777 * @param string The message to send back. 778 */ 779 function xmlhttp_error($message) 780 { 781 global $charset; 782 783 // Send our headers. 784 header("Content-type: text/xml; charset={$charset}"); 785 786 // Send the error message. 787 echo "<error>".$message."</error>"; 788 789 // Exit 790 exit; 791 } 792 793 ?>
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Tue Oct 8 19:19:50 2013 | Cross-referenced by PHPXref 0.7.1 |