API tools faq
paste
Advertisement
Guest User

Mingle / Cubepoints / deherve

a guest
Dec 29th, 2011
151
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 12.03 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. global $wpdb, $mingleforum, $user_ID, $user_level;
  3. $error = false;
  4. $root = dirname(dirname(dirname(dirname(__FILE__))));
  5. require_once($root.'/wp-load.php');
  6. $mingleforum->setup_linksdk($_POST['add_topic_plink']);
  7. $options = get_option("mingleforum_options");
  8.  
  9. //Checking if current categories have been disabled to admin posting only
  10. $the_forum_id = false;
  11. if(isset($_POST['add_topic_forumid']) && !empty($_POST['add_topic_forumid']))
  12.     $the_forum_id = $mingleforum->check_parms($_POST['add_topic_forumid']);
  13. if(isset($_POST['add_post_forumid']) && !empty($_POST['add_post_forumid'])) {
  14.     $the_thread_id = $mingleforum->check_parms($_POST['add_post_forumid']);
  15.     $the_forum_id = $wpdb->get_var("SELECT `parent_id` FROM {$mingleforum->t_threads} WHERE `id` = {$the_thread_id}");
  16. }
  17. if(is_numeric($the_forum_id))
  18. {
  19.     $the_cat_id = $wpdb->get_var("SELECT `parent_id` FROM {$mingleforum->t_forums} WHERE `id` = {$the_forum_id}");
  20.     if(in_array($the_cat_id, $options['forum_disabled_cats']) && !current_user_can('administrator') && !is_super_admin($user_ID))
  21.         wp_die(__("Oops only Administrators can post in this Forum!", "mingleforum"));
  22. }
  23. //End Check
  24.  
  25.     function mf_u_key()
  26.     {
  27.         $pref = "";
  28.         for ($i = 0; $i < 5; $i++)
  29.         {
  30.         $d = rand(0,1);
  31.         $pref .= $d ? chr(rand(97, 122)) : chr(rand(48, 57));
  32.         }
  33.         return $pref."-";
  34.     }
  35.  
  36.     function MFAttachImage($temp, $name)
  37.     {
  38.         //GET USERS UPLOAD PATH
  39.         $upload_dir = wp_upload_dir();
  40.         $path = $upload_dir['path']."/";
  41.         $url = $upload_dir['url']."/";
  42.         $u = mf_u_key();
  43.         $name = sanitize_file_name($name);
  44.         if(!empty($name))
  45.             move_uploaded_file($temp, $path.$u.$name);
  46.         return "\n[img]".$url.$u.$name."[/img]";
  47.     }
  48.  
  49.     function MFGetExt($str)
  50.     {
  51.         //GETS THE FILE EXTENSION BELONGING TO THE UPLOADED FILE
  52.         $i = strrpos($str,".");
  53.         if (!$i) { return ""; }
  54.         $l = strlen($str) - $i;
  55.         $ext = substr($str,$i+1,$l);
  56.         return $ext;
  57.     }
  58.  
  59.     function mf_check_uploaded_images()
  60.     {
  61.         $valid = array('im1' => true, 'im2' => true, 'im3' => true);
  62.         if($_FILES["mfimage1"]["error"] > 0 && !empty($_FILES["mfimage1"]["name"]))
  63.             $valid['im1'] = false;
  64.         if($_FILES["mfimage2"]["error"] > 0 && !empty($_FILES["mfimage2"]["name"]))
  65.             $valid['im2'] = false;
  66.         if($_FILES["mfimage3"]["error"] > 0 && !empty($_FILES["mfimage3"]["name"]))
  67.             $valid['im3'] = false;
  68.         if(!empty($_FILES["mfimage1"]["name"]))
  69.         {
  70.             $ext = strtolower(MFGetExt(stripslashes($_FILES["mfimage1"]["name"])));
  71.             if($ext != "jpg" && $ext != "jpeg" && $ext != "bmp" && $ext != "png" && $ext != "gif")
  72.                 $valid['im1'] = false;
  73.         }
  74.         else
  75.             $valid['im1'] = false;
  76.         if(!empty($_FILES["mfimage2"]["name"]))
  77.         {
  78.             $ext = strtolower(MFGetExt(stripslashes($_FILES["mfimage2"]["name"])));
  79.             if($ext != "jpg" && $ext != "jpeg" && $ext != "bmp" && $ext != "png" && $ext != "gif")
  80.                 $valid['im2'] = false;
  81.         }
  82.         else
  83.             $valid['im2'] = false;
  84.         if(!empty($_FILES["mfimage3"]["name"]))
  85.         {
  86.             $ext = strtolower(MFGetExt(stripslashes($_FILES["mfimage3"]["name"])));
  87.             if($ext != "jpg" && $ext != "jpeg" && $ext != "bmp" && $ext != "png" && $ext != "gif")
  88.                 $valid['im2'] = false;
  89.         }
  90.         else
  91.             $valid['im3'] = false;
  92.         return $valid;
  93.     }
  94.  
  95.     //--weaver-- check if guest filled in form
  96.     if (!isset($_POST['edit_post_submit'])) {
  97.         $errormsg = apply_filters('wpwf_check_guestinfo',"");
  98.         if ($errormsg != "") {
  99.             $error = true;
  100.             wp_die($errormsg); //plugin failed
  101.         }
  102.     }
  103.     //--weaver-- end guest form check
  104.  
  105.     if($options['forum_captcha'] == true && !$user_ID){
  106.         include_once(WPFPATH."captcha/shared.php");
  107.         $wpf_code = wpf_str_decrypt($_POST['wpf_security_check']);
  108.             if(($wpf_code == $_POST['wpf_security_code']) && (!empty($wpf_code))) {
  109.               //It passed
  110.             }
  111.             else {
  112.                 $error = true;
  113.                 $msg = __("Security code does not match", "mingleforum");
  114.                 wp_die($msg);
  115.             }
  116.     }
  117.  
  118.     $cur_user_ID = apply_filters('wpwf_change_userid', $user_ID); // --weaver-- use real id or generated guest ID
  119.  
  120.   //ADDING A NEW TOPIC?
  121.     if(isset($_POST['add_topic_submit'])){
  122.         $myReplaceSub = array("'", "\\");
  123.         $subject = str_replace($myReplaceSub, "", $mingleforum->input_filter($_POST['add_topic_subject']));
  124.         $content = $mingleforum->input_filter($_POST['message']);
  125.         $forum_id = $mingleforum->check_parms($_POST['add_topic_forumid']);
  126.  
  127.         if($subject == ""){
  128.             $msg .= "<h2>".__("An error occured", "mingleforum")."</h2>";
  129.             $msg .= ("<div id='error'><p>".__("You must enter a subject", "mingleforum")."</p></div>");
  130.             $error = true;
  131.         }
  132.         elseif($content == ""){
  133.             $msg .=  "<h2>".__("An error occured", "mingleforum")."</h2>";
  134.             $msg .=  ("<div id='error'><p>".__("You must enter a message", "mingleforum")."</p></div>");
  135.             $error = true;
  136.         }
  137.         else{
  138.             $date = $mingleforum->wpf_current_time_fixed('mysql', 0);
  139.            
  140.             $sql_thread = "INSERT INTO $mingleforum->t_threads
  141.                         (last_post, subject, parent_id, `date`, status, starter)
  142.                  VALUES(%s, %s, %d, %s, 'open', %d)";
  143.             $wpdb->query($wpdb->prepare($sql_thread, $date, $subject, $forum_id, $date, $cur_user_ID));
  144.  
  145.             $id = $wpdb->insert_id;
  146.             //Add to mingle board
  147.             $myMingID = -1;
  148.             if(!function_exists('is_plugin_active'))
  149.                 require_once( ABSPATH . 'wp-admin/includes/plugin.php' );
  150.             if(is_plugin_active('mingle/mingle.php') and is_user_logged_in())
  151.             {
  152.                 $board_post =& MnglBoardPost::get_stored_object();
  153.                 $myMingID = $board_post->create( $cur_user_ID, $cur_user_ID, "[b]".__("created the forum topic:", "mingleforum")."[/b] <a href='" . $mingleforum->get_threadlink($id) . "'>" . $mingleforum->output_filter($subject) . "</a>" );
  154.             }
  155.             //End add to mingle board
  156.  
  157. //Add to mingle board
  158. $myMingID = -1;
  159. if(!function_exists('is_plugin_active'))
  160. require_once( ABSPATH . 'wp-admin/includes/plugin.php' );
  161. if(is_plugin_active('mingle/mingle.php') and is_user_logged_in())
  162. {
  163. $board_post =& MnglBoardPost::get_stored_object();
  164. $myMingID = $board_post->create( $cur_user_ID, $cur_user_ID, "[b]".__("created the forum topic:", "mingleforum")."[/b] get_threadlink($id) . "'>" . $mingleforum->output_filter($subject) . "" );
  165. }
  166. //End add to mingle board
  167.  
  168.             //MAYBE ATTACH IMAGES
  169.             $images = mf_check_uploaded_images();
  170.             if($images['im1'] || $images['im2'] || $images['im3'])
  171.             {
  172.                 if($images['im1'])
  173.                     $content .= MFAttachImage($_FILES["mfimage1"]["tmp_name"], stripslashes($_FILES["mfimage1"]["name"]));
  174.                 if($images['im2'])
  175.                     $content .= MFAttachImage($_FILES["mfimage2"]["tmp_name"], stripslashes($_FILES["mfimage2"]["name"]));
  176.                 if($images['im3'])
  177.                     $content .= MFAttachImage($_FILES["mfimage3"]["tmp_name"], stripslashes($_FILES["mfimage3"]["name"]));
  178.             }
  179.  
  180.             $sql_post = "INSERT INTO $mingleforum->t_posts
  181.                         (text, parent_id, `date`, author_id, subject)
  182.                  VALUES(%s, %d, %s, %d, %s)";
  183.             $wpdb->query($wpdb->prepare($sql_post, $content, $id, $date, $cur_user_ID, $subject));
  184.             $new_post_id = $wpdb->insert_id;
  185.            
  186.             //UPDATE PROPER Mngl ID
  187.             $sql_thread = "UPDATE $mingleforum->t_threads
  188.                     SET mngl_id = %d
  189.                     WHERE id = %d";
  190.             $wpdb->query($wpdb->prepare($sql_thread, $myMingID, $id));
  191.             //END UPDATE PROPER Mngl ID
  192.         }
  193.         if(!$error){
  194.             $mingleforum->notify_starter($id, $subject, $content, $date);
  195.             $unused = apply_filters('wpwf_add_guest_sub', $id); //--weaver-- Maybe add a subscription
  196.             header("Location: ".html_entity_decode($mingleforum->get_threadlink($id)."#postid-".$new_post_id)); exit;
  197.             }
  198.         else
  199.             wp_die($msg);
  200.  
  201.     }
  202.  
  203.  //ADDING A POST REPLY?
  204.     if(isset($_POST['add_post_submit'])){
  205.         $myReplaceSub = array("'", "\\");
  206.         $subject = str_replace($myReplaceSub, "", $mingleforum->input_filter($_POST['add_post_subject']));
  207.         $content = $mingleforum->input_filter($_POST['message']);
  208.         $thread = $mingleforum->check_parms($_POST['add_post_forumid']);
  209.  
  210.         //GET PROPER Mngl ID
  211.         $MngBID = $wpdb->get_var($wpdb->prepare("SELECT mngl_id FROM $mingleforum->t_threads WHERE id = %d", $thread));
  212.         //END GET PROPER Mngl ID
  213.        
  214.         if($subject == ""){
  215.             $msg .= "<h2>".__("An error occured", "mingleforum")."</h2>";
  216.             $msg .= ("<div id='error'><p>".__("You must enter a subject", "mingleforum")."</p></div>");
  217.             $error = true;
  218.         }
  219.         elseif($content == ""){
  220.             $msg .=  "<h2>".__("An error occured", "mingleforum")."</h2>";
  221.             $msg .=  ("<div id='error'><p>".__("You must enter a message", "mingleforum")."</p></div>");
  222.             $error = true;
  223.         }
  224.         else{
  225.             $date = $mingleforum->wpf_current_time_fixed('mysql', 0);
  226.            
  227.             //Add to mingle board
  228. if(!function_exists('is_plugin_active'))
  229. require_once( ABSPATH . 'wp-admin/includes/plugin.php' );
  230. if(is_plugin_active('mingle/mingle.php') and is_user_logged_in() and $MngBID > 0)
  231. {
  232. $board_post =& MnglBoardPost::get_stored_object();
  233. $mngl_board_comment->create( $MngBID, $cur_user_ID, "[b]".__("replied to the forum topic:", "mingleforum")."[/b] get_threadlink($thread) . "'>" . $mingleforum->output_filter($subject) . "" );
  234. }
  235. //End add to mingle board
  236.  
  237. // Cubepoints support
  238. $cp_current_user = wp_get_current_user();
  239. cp_points('cp_minglef_new_reply', $cp_current_user->ID, get_option('cp_mingle_new_reply'), "");
  240.  
  241.             //MAYBE ATTACH IMAGES
  242.             $images = mf_check_uploaded_images();
  243.             if($images['im1'] || $images['im2'] || $images['im3'])
  244.             {
  245.                 if($images['im1'])
  246.                     $content .= MFAttachImage($_FILES["mfimage1"]["tmp_name"], stripslashes($_FILES["mfimage1"]["name"]));
  247.                 if($images['im2'])
  248.                     $content .= MFAttachImage($_FILES["mfimage2"]["tmp_name"], stripslashes($_FILES["mfimage2"]["name"]));
  249.                 if($images['im3'])
  250.                     $content .= MFAttachImage($_FILES["mfimage3"]["tmp_name"], stripslashes($_FILES["mfimage3"]["name"]));
  251.             }
  252.  
  253.             $sql_post = "INSERT INTO $mingleforum->t_posts
  254.                         (text, parent_id, `date`, author_id, subject)
  255.                  VALUES(%s, %d, %s, %d, %s)";
  256.             $wpdb->query($wpdb->prepare($sql_post, $content, $thread, $date, $cur_user_ID, $subject));
  257.             $new_id = $wpdb->insert_id;
  258.             $wpdb->query($wpdb->prepare("UPDATE $mingleforum->t_threads SET last_post = %s WHERE id = %d", $date, $thread));
  259.         }
  260.  
  261.         if(!$error){
  262.             $mingleforum->notify_starter($thread, $subject, $content, $date);
  263.             $unused = apply_filters('wpwf_add_guest_sub', $thread); //--weaver-- Maybe add a subscription
  264.             header("Location: ".html_entity_decode($mingleforum->get_paged_threadlink($thread)."#postid-".$new_id)); exit;
  265.         }
  266.         else   
  267.             wp_die($msg);
  268.     }
  269.  
  270.     //EDITING A POST?
  271.     if(isset($_POST['edit_post_submit'])) {
  272.         $myReplaceSub = array("'", "\\");
  273.         $subject = str_replace($myReplaceSub, "", $mingleforum->input_filter($_POST['edit_post_subject']));
  274.         $content = $mingleforum->input_filter($_POST['message']);
  275.         $thread = $mingleforum->check_parms($_POST['thread_id']);
  276.         $edit_post_id = $_POST['edit_post_id'];
  277.  
  278.         if($subject == "") {
  279.             $msg .= "<h2>".__("An error occured", "mingleforum")."</h2>";
  280.             $msg .= ("<div id='error'><p>".__("You must enter a subject", "mingleforum")."</p></div>");
  281.             $error = true;
  282.         }
  283.         if($content == "") {
  284.             $msg .= "<h2>".__("An error occured", "mingleforum")."</h2>";
  285.             $msg .= ("<div id='error'><p>".__("You must enter a message", "mingleforum")."</p></div>");
  286.             $error = true;
  287.         }
  288.         //Major security check here, prevents hackers from editing the entire forums posts
  289.         if(!current_user_can('administrator') && !is_super_admin($user_ID) && $user_ID != $mingleforum->get_post_owner($edit_post_id)) {
  290.             $msg .= "<h2>".__("An error occured", "mingleforum")."</h2>";
  291.             $msg .= ("<div id='error'><p>".__("You do not have permission to edit this post!", "mingleforum")."</p></div>");
  292.             $error = true;
  293.         }
  294.  
  295.         if ($error) wp_die($msg);
  296.  
  297.         $sql = ("UPDATE $mingleforum->t_posts SET text = %s, subject = %s WHERE id = %d");
  298.         $wpdb->query($wpdb->prepare($sql, $content, $subject, $edit_post_id));
  299.  
  300.         $ret = $wpdb->get_results("select id from $mingleforum->t_posts where parent_id = $thread order by date asc limit 1");
  301.         if ($ret[0]->id == $edit_post_id) {
  302.             $sql = ("UPDATE $mingleforum->t_threads set subject = %s where id = %d");
  303.             $wpdb->query($wpdb->prepare($sql, $subject, $thread));
  304.         }
  305.  
  306.         header("Location: ".html_entity_decode($mingleforum->get_paged_threadlink($thread)."#postid-".$edit_post_id)); exit;
  307.     }
  308. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!