| Zeile 6 | Zeile 6 |
|---|
* Website: http://www.mybboard.net
* License: http://www.mybboard.net/about/license
*
|
* Website: http://www.mybboard.net
* License: http://www.mybboard.net/about/license
*
|
* $Id: xmlhttp.php 4039 2008-07-25 18:52:06Z Tikitiki $
| * $Id: xmlhttp.php 5379 2011-02-21 11:06:42Z Tomm $
|
*/
/**
| */
/**
|
| Zeile 23 | Zeile 23 |
|---|
// We don't want visits here showing up on the Who's Online
define("NO_ONLINE", 1);
|
// We don't want visits here showing up on the Who's Online
define("NO_ONLINE", 1);
|
| | define('THIS_SCRIPT', 'xmlhttp.php');
|
// Load MyBB core files
require_once dirname(__FILE__)."/inc/init.php";
|
// Load MyBB core files
require_once dirname(__FILE__)."/inc/init.php";
|
| Zeile 40 | Zeile 41 |
|---|
// Send no cache headers
header("Expires: Sat, 1 Jan 2000 01:00:00 GMT");
|
// Send no cache headers
header("Expires: Sat, 1 Jan 2000 01:00:00 GMT");
|
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . "GMT");
| header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
|
header("Cache-Control: no-cache, must-revalidate");
header("Pragma: no-cache");
| header("Cache-Control: no-cache, must-revalidate");
header("Pragma: no-cache");
|
| Zeile 226 | Zeile 227 |
|---|
{
if(function_exists("iconv"))
{
|
{
if(function_exists("iconv"))
{
|
$subject = iconv("UTF-8", $charset, $subject);
| $subject = iconv($charset, "UTF-8//IGNORE", $subject);
|
}
else if(function_exists("mb_convert_encoding"))
{
| }
else if(function_exists("mb_convert_encoding"))
{
|
| Zeile 323 | Zeile 324 |
|---|
xmlhttp_error($lang->thread_closed_edit_message);
}
// Forum is not open, user doesn't have permission to edit, or author doesn't match this user - don't allow editing.
|
xmlhttp_error($lang->thread_closed_edit_message);
}
// Forum is not open, user doesn't have permission to edit, or author doesn't match this user - don't allow editing.
|
else if($forum['open'] == 0 || $forumpermissions['caneditposts'] == 0 || $mybb->user['uid'] != $post['uid'] || $mybb->user['uid'] == 0)
{
| else if($forum['open'] == 0 || $forumpermissions['caneditposts'] == 0 || $mybb->user['uid'] != $post['uid'] || $mybb->user['uid'] == 0 || $mybb->user['suspendposting'] == 1)
{
|
xmlhttp_error($lang->no_permission_edit_post);
}
// If we're past the edit time limit - don't allow editing.
| xmlhttp_error($lang->no_permission_edit_post);
}
// If we're past the edit time limit - don't allow editing.
|
| Zeile 334 | Zeile 335 |
|---|
xmlhttp_error($lang->edit_time_limit);
}
}
|
xmlhttp_error($lang->edit_time_limit);
}
}
|
| |
// Forum is closed - no editing allowed (for anyone)
if($forum['open'] == 0)
{
xmlhttp_error($lang->no_permission_edit_post);
}
|
if($mybb->input['do'] == "get_post")
{
// Send our headers.
| if($mybb->input['do'] == "get_post")
{
// Send our headers.
|
| Zeile 355 | Zeile 363 |
|---|
xmlhttp_error($lang->invalid_post_code);
}
|
xmlhttp_error($lang->invalid_post_code);
}
|
$message = strval($_POST['value']);
| $message = strval($mybb->input['value']);
|
if(my_strtolower($charset) != "utf-8")
{
if(function_exists("iconv"))
{
|
if(my_strtolower($charset) != "utf-8")
{
if(function_exists("iconv"))
{
|
$message = iconv("UTF-8", $charset, $message);
| $message = iconv($charset, "UTF-8//IGNORE", $message);
|
}
else if(function_exists("mb_convert_encoding"))
{
| }
else if(function_exists("mb_convert_encoding"))
{
|
| Zeile 514 | Zeile 522 |
|---|
WHERE {$from_tid}p.pid IN ($quoted_posts) {$unviewable_forums}
");
while($quoted_post = $db->fetch_array($query))
|
WHERE {$from_tid}p.pid IN ($quoted_posts) {$unviewable_forums}
");
while($quoted_post = $db->fetch_array($query))
|
{
| {
|
if(!is_moderator($quoted_post['fid']) && $quoted_post['visible'] == 0)
{
continue;
| if(!is_moderator($quoted_post['fid']) && $quoted_post['visible'] == 0)
{
continue;
|
| Zeile 585 | Zeile 593 |
|---|
}
else if($mybb->input['action'] == "username_availability")
{
|
}
else if($mybb->input['action'] == "username_availability")
{
|
| | if(!verify_post_check($mybb->input['my_post_key'], true))
{
xmlhttp_error($lang->invalid_post_code);
}
|
require_once MYBB_ROOT."inc/functions_user.php";
$username = $mybb->input['value'];
// Fix bad characters
$username = trim($username);
|
require_once MYBB_ROOT."inc/functions_user.php";
$username = $mybb->input['value'];
// Fix bad characters
$username = trim($username);
|
$username = str_replace(array(unicode_chr(160), unicode_chr(173), unicode_chr(0xCA), dec_to_utf8(8238), dec_to_utf8(8237)), array(" ", "-", "", "", ""), $username);
| $username = str_replace(array(unicode_chr(160), unicode_chr(173), unicode_chr(0xCA), dec_to_utf8(8238), dec_to_utf8(8237), dec_to_utf8(8203)), array(" ", "-", "", "", "", ""), $username);
|
// Remove multiple spaces from the username
$username = preg_replace("#\s{2,}#", " ", $username);
|
// Remove multiple spaces from the username
$username = preg_replace("#\s{2,}#", " ", $username);
|
| |
if(empty($username))
{
echo "<fail>{$lang->banned_characters_username}</fail>";
exit;
}
|
header("Content-type: text/xml; charset={$charset}");
|
header("Content-type: text/xml; charset={$charset}");
|
|
|
// Check if the username belongs to the list of banned usernames.
$banned_username = is_banned_username($username, true);
if($banned_username)
| // Check if the username belongs to the list of banned usernames.
$banned_username = is_banned_username($username, true);
if($banned_username)
|
| Zeile 609 | Zeile 628 |
|---|
if(strpos($username, "<") !== false || strpos($username, ">") !== false || strpos($username, "&") !== false || my_strpos($username, "\\") !== false || strpos($username, ";") !== false)
{
echo "<fail>{$lang->banned_characters_username}</fail>";
|
if(strpos($username, "<") !== false || strpos($username, ">") !== false || strpos($username, "&") !== false || my_strpos($username, "\\") !== false || strpos($username, ";") !== false)
{
echo "<fail>{$lang->banned_characters_username}</fail>";
|
exit;
}
| exit;
}
|
// Check if the username is actually already in use
$query = $db->simple_select("users", "uid", "LOWER(username)='".$db->escape_string(my_strtolower($username))."'");
$user = $db->fetch_array($query);
|
// Check if the username is actually already in use
$query = $db->simple_select("users", "uid", "LOWER(username)='".$db->escape_string(my_strtolower($username))."'");
$user = $db->fetch_array($query);
|
|
|
if($user['uid'])
{
|
if($user['uid'])
{
|
$lang->username_taken = $lang->sprintf($lang->username_taken, $username);
| $lang->username_taken = $lang->sprintf($lang->username_taken, htmlspecialchars_uni($username));
|
echo "<fail>{$lang->username_taken}</fail>";
exit;
}
else
{
|
echo "<fail>{$lang->username_taken}</fail>";
exit;
}
else
{
|
$lang->username_available = $lang->sprintf($lang->username_available, $username);
| $lang->username_available = $lang->sprintf($lang->username_available, htmlspecialchars_uni($username));
|
echo "<success>{$lang->username_available}</success>";
exit;
}
}
else if($mybb->input['action'] == "username_exists")
{
|
echo "<success>{$lang->username_available}</success>";
exit;
}
}
else if($mybb->input['action'] == "username_exists")
{
|
| | if(!verify_post_check($mybb->input['my_post_key'], true))
{
xmlhttp_error($lang->invalid_post_code);
}
|
require_once MYBB_ROOT."inc/functions_user.php";
$username = $mybb->input['value'];
| require_once MYBB_ROOT."inc/functions_user.php";
$username = $mybb->input['value'];
|
| Zeile 648 | Zeile 672 |
|---|
if($user['uid'])
{
|
if($user['uid'])
{
|
$lang->valid_username = $lang->sprintf($lang->valid_username, $username);
| $lang->valid_username = $lang->sprintf($lang->valid_username, htmlspecialchars_uni($username));
|
echo "<success>{$lang->valid_username}</success>";
exit;
}
else
{
|
echo "<success>{$lang->valid_username}</success>";
exit;
}
else
{
|
$lang->invalid_username = $lang->sprintf($lang->invalid_username, $username);
| $lang->invalid_username = $lang->sprintf($lang->invalid_username, htmlspecialchars_uni($username));
|
echo "<fail>{$lang->invalid_username}</fail>";
exit;
}
| echo "<fail>{$lang->invalid_username}</fail>";
exit;
}
|
| Zeile 672 | Zeile 696 |
|---|
);
$timecut = TIME_NOW - $mybb->settings['wolcutoff'];
$query = $db->simple_select("users", "uid, username, usergroup, displaygroup, lastactive, lastvisit, invisible", "uid IN ({$mybb->user['buddylist']})", $query_options);
|
);
$timecut = TIME_NOW - $mybb->settings['wolcutoff'];
$query = $db->simple_select("users", "uid, username, usergroup, displaygroup, lastactive, lastvisit, invisible", "uid IN ({$mybb->user['buddylist']})", $query_options);
|
$buddy_array = array();
| $online = array();
$offline = array();
|
while($buddy = $db->fetch_array($query))
{
$buddy_name = format_name($buddy['username'], $buddy['usergroup'], $buddy['displaygroup']);
| while($buddy = $db->fetch_array($query))
{
$buddy_name = format_name($buddy['username'], $buddy['usergroup'], $buddy['displaygroup']);
|