User Social MyBB Plugin 1.2 - XSS

1. <?php
2. /**
3.  *
4.  * Fixed by Fikri Fadzil - [email protected]
5.  * - As I couldn't contact the developer, this is the patch for time being.
6.  *
7.  * User Social 1.1
8.  *
9.  * Copyright 2014 CrazyCat
10.  *
11.  * This program is free software: you can redistribute it
12.  * and/or modify it under the terms of the GNU General Public License
13.  * as published by the Free Software Foundation, either version 3
14.  * of the License, or (at your option) any later version.
15.  *
16.  * This program is distributed in the hope that it will be useful,
17.  * but WITHOUT ANY WARRANTY; without even the implied warranty of
18.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
19.  * See the GNU General Public License for more details.
20.  *
21.  *You should have received a copy of the GNU General Public License
22.  * along with this program.
23.  *If not, see <http://www.gnu.org/licenses/>.
24. **/
25.  
26. /**
27.  * Short changelog
28.  *
29.  * 1.2 : corrected usercp and member profil queries
30.  *
31.  * 1.1 : corrected package (pictures missing, language variables)
32.  * Upgrade: unactivate the plugin, upload the new version and re-activate
33.  *
34.  * 1.0 : Initial release
35. **/
36.  
37.  
38. if(!defined('IN_MYBB'))
39. {
40.     die('This file cannot be accessed directly.');
41. }
42.  
43. function usersocial_info()
44. {
45.     return array(
46.         'name'          => "User social fields",
47.         'description'   => "Display more user social ids",
48.         'website'       => 'http://www.g33k-zone.org/',
49.         'author'        => 'CrazyCat',
50.         'authorsite'    => 'http://www.g33k-zone.org/',
51.         'version'       => '1.2',
52.         'compatibility' => '16*',
53.         'guid'          => 'da8691c12e504d9bba121d7b073bd3ed'
54.     );
55. }
56.  
57. if(defined('IN_ADMINCP'))
58. {
59.     $plugins->add_hook('admin_user_menu', 'usersocial_menu');
60.     $plugins->add_hook('admin_user_action_handler', 'usersocial_action_handler');
61.     $plugins->add_hook('admin_load', 'usersocial_admin_load');
62.     $plugins->add_hook('admin_user_permissions', 'usersocial_admin_permissions');
63. }
64. else
65. {
66.     $plugins->add_hook('postbit_prev', 'usersocial_postbit');
67.     $plugins->add_hook('postbit_pm', 'usersocial_postbit');
68.     $plugins->add_hook('postbit', 'usersocial_postbit');
69.     $plugins->add_hook('postbit_announcement', 'usersocial_postbit');
70.     $plugins->add_hook('member_profile_end', 'usersocial_profile');
71.     $plugins->add_hook('usercp_profile_start', 'usersocial_usercp');
72.     $plugins->add_hook('datahandler_user_update', 'usersocial_update_user');
73. }
74.  
75. function usersocial_menu(&$sub_menu)
76. {
77.     global $lang;
78.     $lang->load('usersocial');
79.     $sub_menu[] = array('id' => 'usersocial', 'title' => $lang->usersocial, 'link' => 'index.php?module=user-usersocial');
80. }
81.  
82. function usersocial_install()
83. {
84.     global $db;
85.     if (usersocial_is_installed()) {
86.         usersocial_uninstall();
87.     }
88.     $collation = $db->build_create_table_collation();
89.     if(!$db->table_exists('social_network'))
90.     {
91.         $db->write_query("CREATE TABLE IF NOT EXISTS ".TABLE_PREFIX."social_network (
92.            `snid` int(11) NOT NULL AUTO_INCREMENT,
93.            `sn_name` varchar(50) NOT NULL,
94.            `sn_label` varchar(255) NOT NULL,
95.            `sn_active` int(1) NOT NULL DEFAULT '1',
96.            `sn_profil` int(1) NOT NULL DEFAULT '1',
97.            `sn_postbit` int(1) NOT NULL DEFAULT '0',
98.            `sn_link` varchar(250) NOT NULL,
99.            `sn_image` varchar(50) NOT NULL,
100.            `sn_order` int(5) NOT NULL,
101.            PRIMARY KEY (`snid`)
102.            ) ENGINE=MyISAM{$collation};"
103.         );
104.     }
105.     $db->insert_query('social_network',
106.         array(
107.             'sn_name' => 'Facebook',
108.             'sn_label' => 'Insert your Facebook username',
109.             'sn_link' => 'http://www.facebook.com/#username#',
110.             'sn_image' => 'facebook.png',
111.             'sn_order' => 1
112.         )
113.     );
114.     $db->insert_query('social_network',
115.         array(
116.             'sn_name' => 'Twitter',
117.             'sn_label' => 'Insert your Twitter username',
118.             'sn_link' => 'http://www.twitter.com/#username#',
119.             'sn_image' => 'twitter.png',
120.             'sn_order' => 2
121.         )
122.     );
123.     $db->insert_query('social_network',
124.         array(
125.             'sn_name' => 'Pinterest',
126.             'sn_label' => 'Insert your Pinterest username',
127.             'sn_link' => 'http://www.pinterest.com/#username#/',
128.             'sn_image' => 'pinterest.png',
129.             'sn_order' => 3
130.         )
131.     );
132.    
133.     if(!$db->table_exists('social_user_network'))
134.     {
135.         $db->write_query("CREATE TABLE IF NOT EXISTS ".TABLE_PREFIX."social_user_network (
136.            `snid` int(11) NOT NULL,
137.            `uid` int(11) NOT NULL,
138.            `sn_value` varchar(255) NOT NULL,
139.            `sn_private` int(1) NOT NULL DEFAULT '0',
140.            UNIQUE KEY `snid` (`snid`,`uid`)
141.            ) ENGINE=MyISAM{$collation};"
142.         );
143.     }
144. }
145.  
146. function usersocial_is_installed()
147. {
148.     global $db;
149.     if( $db->table_exists('social_network') && $db->table_exists('social_user_network')) {
150.         return true;
151.     }
152.     return false;
153. }
154.  
155. function usersocial_uninstall()
156. {
157.     global $db;
158.     if($db->table_exists('social_network'))
159.     {
160.         $db->drop_table('social_network');
161.     }
162.     if($db->table_exists('social_user_network'))
163.     {
164.         $db->drop_table('social_user_network');
165.     }
166. }
167.  
168. function usersocial_activate()
169. {
170.     global $db, $mybb;
171.     $db->insert_query('templates',
172.         array(
173.             'title'     =>  'usersocial_postbit',
174.             'template'  =>  $db->escape_string('<a href="{$network[\'sn_link\']}" title="{$network[\'sn_name\']}"><img src="{$network[\'sn_image\']}" /></a>'),
175.             'version'   =>  intval(1614),
176.             'dateline'  =>  TIME_NOW,
177.             'sid'       =>  -1
178.         )
179.     );
180.     $db->insert_query('templates',
181.         array(
182.             'title' => 'usersocial_member_profile_row',
183.             'template' => $db->escape_string('<tr>
184.    <td class="trow{$network[\'even\']}"><strong>{$network[\'sn_name\']}</strong></td>
185.    <td class="trow{$network[\'even\']}">{$network[\'ulink\']}</td>
186. </tr>'),
187.              'version' => intval(1614),
188.             'dateline' => TIME_NOW,
189.             'sid' => -1
190.         )
191.     );
192.     $db->insert_query('templates',
193.         array(
194.             'title' => 'usersocial_usercp_row',
195.             'template' => $db->escape_string('<tr>
196.    <td><span class="smalltext">{$network[\'sn_name\']}</span></td>
197.    <td><input type="text" class="textbox" size="25" name="sn[{$network[\'snid\']}]" value="{$network[\'sn_value\']}" /></td>
198.     <td><input type="checkbox" name="snp[{$network[\'snid\']}]" {$network[\'checked\']} value="1" /></td>
199. </tr>
200. <tr>
201.    <td colspan="3"><span class="smalltext">{$network[\'sn_label\']}</span></td>
202. </tr>'),
203.             'version' => intval(1614),
204.             'dateline' => TIME_NOW,
205.             'sid' => -1
206.         )
207.     );
208.     $db->insert_query('templates',
209.         array(
210.             'title' => 'usersocial_usercp',
211.             'template' => $db->escape_string('<fieldset class="trow2">
212. <legend><strong>{$lang->usersocial}</strong></legend>
213. <table cellspacing="0" cellpadding="5">
214. <tr>
215.     <th>{$lang->usersocial_network}</th>
216.     <th>{$lang->usersocial_username}</th>
217.     <th>{$lang->usersocial_private}</th>
218. </tr>
219. {$usersocial_rows}
220. </table>
221. </fieldset>'),
222.             'version' => intval(1614),
223.                         'dateline' => TIME_NOW,
224.                         'sid' => -1
225.                 )
226.         );
227.     require_once MYBB_ROOT.'/inc/adminfunctions_templates.php';
228.     find_replace_templatesets('postbit', '#'.preg_quote('{$post[\'user_details\']}').'#', '{$post[\'user_details\']}{$post[\'usersocial\']}');
229.     find_replace_templatesets('postbit_classic', '#'.preg_quote('{$post[\'user_details\']}').'#', '{$post[\'user_details\']}{$post[\'usersocial\']}');
230.     find_replace_templatesets('member_profile', '#'.preg_quote('<td class="{$bgcolors[\'msn\']}"><a href="javascript:;" onclick="MyBB.popupWindow(\'misc.php?action=imcenter&amp;imtype=msn&amp;uid={$uid}\', \'imcenter\', 450, 300);">{$memprofile[\'msn\']}</a></td>').'#', '<td class="{$bgcolors[\'msn\']}"><a href="javascript:;" onclick="MyBB.popupWindow(\'misc.php?action=imcenter&amp;imtype=msn&amp;uid={$uid}\', \'imcenter\', 450, 300);">{$memprofile[\'msn\']}</a></td>{$memprofile[\'usersocial\']}');
231.     find_replace_templatesets('usercp_profile', '#'.preg_quote('{$awaysection}').'#', '{$usersocial}{$awaysection}');
232.     rebuild_settings();
233. }
234.  
235. function usersocial_deactivate()
236. {
237.     global $db, $mybb;
238.     $db->delete_query('templates', "title LIKE 'usersocial%'");
239.  
240.     require_once MYBB_ROOT.'/inc/adminfunctions_templates.php';
241.     find_replace_templatesets('postbit', '#'.preg_quote('{$post[\'usersocial\']}').'#', '', 0);
242.         find_replace_templatesets('postbit_classic', '#'.preg_quote('{$post[\'usersocial\']}').'#', '', 0);
243.     find_replace_templatesets('member_profile', '#'.preg_quote('{$memprofile[\'usersocial\']}').'#', '', 0);
244.     find_replace_templatesets('usercp_profile', '#'.preg_quote('{$usersocial}').'#', '', 0);
245.     rebuild_settings();
246. }
247.  
248. function usersocial_action_handler(&$action)
249. {
250.     $action['usersocial'] = array('active' => 'usersocial', 'file' => 'usersocial');
251. }
252.  
253.  
254. function usersocial_admin_permissions(&$admin_permissions)
255. {
256.     global $lang;
257.     $lang->load('usersocial');
258.     $admin_permissions['usersocial'] = $lang->usersocial_admin_action;
259. }
260.  
261. function usersocial_admin_load()
262. {
263.     global $run_module, $action_file, $lang;
264.     $lang->load('usersocial');
265.     if ($run_module == 'user' && $action_file == 'usersocial')
266.     {
267.         global $mybb, $db, $page, $lang;
268.         $page->add_breadcrumb_item($lang->usersocial, 'index.php?module=user-usersocial');
269.         $page->output_header($lang->usersocial);
270.         $mybb->input['aid'] = intval($mybb->input['aid']);
271.         $mybb->input['uid'] = intval($mybb->input['uid']);
272.         if (!$mybb->input['action'] || in_array($mybb->input['action'], array('add', 'edit')))
273.         {
274.             $sub_tabs['usersocial_view'] = array(
275.                 'title' => $lang->usersocial_list,
276.                 'link' => 'index.php?module=user-usersocial',
277.                 'description' => $lang->usersocial_list_desc
278.             );
279.             $sub_tabs['usersocial_add'] = array(
280.                 'title' => $lang->usersocial_add,
281.                 'link' => 'index.php?module=user-usersocial&action=add',
282.                 'description' => $lang->usersocial_add_desc
283.             );
284.             $sub_tabs['usersocial_edit'] = array(
285.                 'title' => $lang->usersocial_edit,
286.                 'link' => 'index.php?module=user-usersocial&action=edit',
287.                 'description' => $lang->usersocial_edit_desc,
288.             );
289.         }
290.         if (!$mybb->input['action'] || $mybb->input['action'] == 'view')
291.         {
292.             $page->output_nav_tabs($sub_tabs, 'usersocial_view');
293.             $table = new Table();
294.             $table->construct_header($lang->usersocial_icon, array('width' => '10%'));
295.             $table->construct_header($lang->usersocial_network, array('width' => '45%'));
296.             $table->construct_header($lang->usersocial_active, array('width' => '10%', 'class' => 'align_center'));
297.             $table->construct_header($lang->usersocial_profil, array('width' => '10%', 'class' => 'align_center'));
298.             $table->construct_header($lang->usersocial_post, array('width' => '10%', 'class' => 'align_center'));
299.             $table->construct_header($lang->usersocial_action, array('width' => '15%', 'class' => 'align_center'));
300.             $query = $db->simple_select('social_network', "*", "1=1", array("order_by" => 'sn_order', "order_dir" => 'ASC'));
301.             if($db->num_rows($query) < 1)
302.             {
303.                 $table->construct_cell('<div align="center">'.$lang->usersocial_no_network.'</div>', array('colspan' => 6));
304.                 $table->construct_row();
305.             }
306.             else
307.             {
308.                 while ($network = $db->fetch_array($query))
309.                 {
310.                     $table->construct_cell('<img src="'.usersocial_get_icon($network['sn_image']).'" />', array('class' => 'align_center'));
311.                     $table->construct_cell(htmlspecialchars_uni($network['sn_name']));
312.                     $table->construct_cell('<img src="../images/usersocial/bullet_'.(($network['sn_active']==0) ? 'red' : 'green').'.png" alt="" title="'.(($network['sn_active']==0) ? $lang->no : $lang->yes).'" />', array('class' => 'align_center'));
313.                     $table->construct_cell('<img src="../images/usersocial/bullet_'.(($network['sn_profil']==0) ? 'red' : 'green').'.png" alt="" title="'.(($network['sn_profil']==0) ? $lang->no : $lang->yes).'" />', array('class' => 'align_center'));
314.                     $table->construct_cell('<img src="../images/usersocial/bullet_'.(($network['sn_postbit']==0) ? 'red' : 'green').'.png" alt="" title="'.(($network['sn_postbit']==0) ? $lang->no : $lang->yes).'" />', array('class' => 'align_center'));
315.                     $popup = new PopupMenu("usersocial_{$network['snid']}", $lang->options);
316.                     $popup->add_item($lang->usersocial_edit, "index.php?module=user-usersocial&amp;action=edit&amp;snid={$network['snid']}");
317.                     $popup->add_item($lang->usersocial_del, "index.php?module=user-usersocial&amp;action=delete&amp;snid={$network['snid']}");
318.                     $table->construct_cell($popup->fetch(), array('class' => 'align_center'));
319.                     $table->construct_row();
320.                 }
321.             }
322.             $db->free_result($query);
323.             $table->output($lang->usersocial_network);
324.         }
325.         elseif ($mybb->input['action'] == 'add')
326.         {
327.             if ($mybb->request_method == 'post')
328.             {
329.                 if ($mybb->input['sn_name'] == '')
330.                 {
331.                     flash_message($lang->usersocial_add_error, 'error');
332.                     admin_redirect("index.php?module=user-usersocial&amp;action=add");
333.                 }
334.                 $insert = array(
335.                     'sn_name' => $mybb->input['sn_name'],
336.                     'sn_label' => $mybb->input['sn_label'],
337.                     'sn_active' => $mybb->input['sn_active'],
338.                     'sn_profil' => $mybb->input['sn_profil'],
339.                     'sn_postbit' => $mybb->input['sn_postbit'],
340.                     'sn_link' => $mybb->input['sn_link'],
341.                     'sn_image' => $mybb->input['sn_image'],
342.                     'sn_order' => $mybb->input['sn_order']
343.                 );
344.                 log_admin_action($lang->usersocial_new_network . ' : '.$insert['sn_name']);
345.                 usersocial_add_network($insert);
346.                 flash_message($lang->usersocial_add_success, 'success');
347.                 admin_redirect("index.php?module=user-usersocial");
348.             }
349.             $page->output_nav_tabs($sub_tabs, 'usersocial_add');
350.             $form = new Form('index.php?module=user-usersocial&amp;action=add', "post");
351.             $form_container = new FormContainer($lang->usersocial_add_network);
352.             $form_container->output_row($lang->usersocial_row_name, $lang->usersocial_row_name_desc, $form->generate_text_box('sn_name'));
353.             $form_container->output_row($lang->usersocial_row_label, $lang->usersocial_row_label_desc, $form->generate_text_area('sn_label', '', array('rows' => 5, 'style' => 'width:80%;')));
354.             $form_container->output_row($lang->usersocial_row_active, $lang->usersocial_row_active_desc, $form->generate_yes_no_radio('sn_active'));
355.             $form_container->output_row($lang->usersocial_row_profil, $lang->usersocial_row_profil_desc, $form->generate_yes_no_radio('sn_profil'));
356.             $form_container->output_row($lang->usersocial_row_postbit, $lang->usersocial_row_postbit_desc, $form->generate_yes_no_radio('sn_postbit'));
357.             $form_container->output_row($lang->usersocial_row_link, $lang->usersocial_row_link_desc, $form->generate_text_box('sn_link'));
358.             $form_container->output_row($lang->usersocial_row_icon, $lang->usersocial_row_icon_desc, $form->generate_text_box('sn_image'));
359.             $form_container->output_row($lang->usersocial_row_order, $lang->usersocial_row_order_desc, $form->generate_text_box('sn_order'));
360.             $form_container->end();
361.             $buttons = array();
362.             $buttons[] = $form->generate_submit_button($lang->usersocial_add);
363.             $buttons[] = $form->generate_reset_button($lang->usersocial_cancel);
364.             $form->output_submit_wrapper($buttons);
365.             $form->end();
366.         }
367.          elseif ($mybb->input['action'] == 'edit')
368.         {
369.             if(!($network = usersocial_get_network($mybb->input['snid'])))
370.             {
371.                 flash_message($lang->usersocial_edit_none, 'error');
372.                 admin_redirect("index.php?module=user-usersocial");
373.             }
374.             if ($mybb->request_method == 'post')
375.             {
376.                 if ($mybb->input['sn_name'] == '')
377.                 {
378.                     flash_message($lang->usersocial_edit_error, 'error');
379.                     admin_redirect("index.php?module=user-usersocial&amp;action=edit");
380.                 }
381.                 $update = array(
382.                     'sn_name' => $mybb->input['sn_name'],
383.                     'sn_label' => $mybb->input['sn_label'],
384.                     'sn_active' => $mybb->input['sn_active'],
385.                     'sn_profil' => $mybb->input['sn_profil'],
386.                     'sn_postbit' => $mybb->input['sn_postbit'],
387.                     'sn_link' => $mybb->input['sn_link'],
388.                     'sn_image' => $mybb->input['sn_image'],
389.                     'sn_order' => $mybb->input['sn_order']
390.                 );
391.                 log_admin_action($lang->usersocial_edit_network . ' : '.$update['sn_name']);
392.                 usersocial_update_network($network['snid'], $update);
393.                 flash_message($lang->usersocial_edit_success, 'success');
394.                 admin_redirect("index.php?module=user-usersocial");
395.             }
396.             $page->output_nav_tabs($sub_tabs, 'usersocial_edit');
397.             $form = new Form("index.php?module=user-usersocial&amp;action=edit&amp;snid={$network['snid']}", "post");
398.             $form_container = new FormContainer($lang->usersocial_edit_network);
399.             $form_container->output_row($lang->usersocial_row_name, $lang->usersocial_row_name_desc, $form->generate_text_box('sn_name', $network['sn_name']));
400.             $form_container->output_row($lang->usersocial_row_label, $lang->usersocial_row_label_desc, $form->generate_text_area('sn_label', htmlspecialchars_uni($network['sn_label']), array('rows' => 5, 'style' => 'width:80%;')));
401.             $form_container->output_row($lang->usersocial_row_active, $lang->usersocial_row_active_desc, $form->generate_yes_no_radio('sn_active', intval($network['sn_active'])));
402.             $form_container->output_row($lang->usersocial_row_profil, $lang->usersocial_row_profil_desc, $form->generate_yes_no_radio('sn_profil', intval($network['sn_profil'])));
403.             $form_container->output_row($lang->usersocial_row_postbit, $lang->usersocial_row_postbit_desc, $form->generate_yes_no_radio('sn_postbit', intval($network['sn_postbit'])));
404.             $form_container->output_row($lang->usersocial_row_link, $lang->usersocial_row_link_desc, $form->generate_text_box('sn_link', htmlspecialchars_uni($network['sn_link'])));
405.             $form_container->output_row($lang->usersocial_row_icon, $lang->usersocial_row_icon_desc, $form->generate_text_box('sn_image', htmlspecialchars_uni($network['sn_image'])));
406.             $form_container->output_row($lang->usersocial_row_order, $lang->usersocial_row_order_desc, $form->generate_text_box('sn_order', intval($network['sn_order'])));
407.             $form_container->end();
408.             $buttons = array();
409.             $buttons[] = $form->generate_submit_button($lang->usersocial_add);
410.             $form->output_submit_wrapper($buttons);
411.             $form->end();
412.         }
413.         elseif($mybb->input['action'] == 'delete')
414.         {
415.             if(!($network = usersocial_get_network($mybb->input['snid'])) || ($mybb->request_method == 'post' && $mybb->input['my_post_key'] != $mybb->post_code) || $mybb->input['no'])
416.             {
417.                 if(!$mybb->input['no'])
418.                 {
419.                     flash_message($lang->usersocial_del_error, 'error');
420.                 }
421.                 admin_redirect("index.php?module=user-usersocial");
422.             }
423.             if($mybb->request_method == 'post')
424.             {
425.                 log_admin_action($lang->usersocial_del_network . ' : '.$network['sn_name'], $network['snid']);
426.                 usersocial_delete_network($network['snid']);
427.                 flash_message($lang->usersocial_del_success, 'success');
428.                 admin_redirect("index.php?module=user-usersocial");
429.             }
430.             $form = new Form("index.php?module=user-usersocial&amp;action=delete&amp;snid={$network['snid']}&amp;my_post_key={$mybb->post_code}", 'post');
431.             echo("
432.                <div class=\"confirm_action\">\n
433.                <p>". $lang->usersocial_del_confirm."</p><br />\n
434.                <p class=\"buttons\">
435.                {$form->generate_submit_button($lang->yes, array('class' => 'button_yes'))}
436.                {$form->generate_submit_button($lang->no, array("name" => "no", 'class' => 'button_no'))}
437.                </p>\n
438.                </div>
439.            ");
440.             $form->end();
441.         }
442.         $page->output_footer();
443.  
444.     }
445. }
446.  
447. function usersocial_add_network($data)
448. {
449.     global $db;
450.     if (!is_array($data))
451.     {
452.         $data = array();
453.     }
454.     if ($data['sn_name'])
455.     {
456.         $data['sn_name'] = $db->escape_string($data['sn_name']);
457.     }
458.     if ($data['sn_label'])
459.     {
460.         $data['sn_label'] = $db->escape_string($data['sn_label']);
461.     }
462.     if ($data['sn_active'])
463.     {
464.         $data['sn_active'] = intval($data['sn_active']);
465.     }
466.     if ($data['sn_profil'])
467.     {
468.         $data['sn_profil'] = intval($data['sn_profil']);
469.     }
470.     if ($data['sn_postbit'])
471.     {
472.         $data['sn_postbit'] = intval($data['sn_postbit']);
473.     }
474.     if ($data['sn_image'])
475.     {
476.         $data['sn_image'] = $db->escape_string($data['sn_image']);
477.     }
478.     if ($data['sn_order'])
479.     {
480.         $data['sn_order'] = intval($data['sn_order']);
481.     }
482.     $db->insert_query('social_network', $data);
483.  
484. }
485.  
486. function usersocial_update_network($snid, $data)
487. {
488.     global $db;
489.     if (!is_array($data))
490.     {
491.         $data = array();
492.     }
493.     if ($data['sn_name'])
494.     {
495.         $data['sn_name'] = $db->escape_string($data['sn_name']);
496.     }
497.     if ($data['sn_label'])
498.     {
499.         $data['sn_label'] = $db->escape_string($data['sn_label']);
500.     }
501.     if ($data['sn_active'])
502.     {
503.         $data['sn_active'] = intval($data['sn_active']);
504.     }
505.     if ($data['sn_profil'])
506.     {
507.         $data['sn_profil'] = intval($data['sn_profil']);
508.     }
509.     if ($data['sn_postbit'])
510.     {
511.         $data['sn_postbit'] = intval($data['sn_postbit']);
512.     }
513.     if ($data['sn_image'])
514.     {
515.         $data['sn_image'] = $db->escape_string($data['sn_image']);
516.     }
517.     if ($data['sn_order'])
518.     {
519.         $data['sn_order'] = intval($data['sn_order']);
520.     }
521.     $db->update_query('social_network', $data, "snid='{$snid}'");
522. }
523.  
524. function usersocial_delete_network($snid)
525. {
526.     global $db;
527.     $snid = intval($snid);
528.     $db->delete_query('social_network', "snid='{$snid}'");
529.     $db->delete_query('social_user_network', "snid='{$snid}'");
530. }
531.  
532. function usersocial_get_icon($img)
533. {
534.     global $mybb;
535.     $image = $mybb->settings['bburl'].'/images/usersocial/default.png';
536.     if(my_strpos($img, "ttp:/"))
537.     {
538.         $image = $img;
539.     }
540.     if(!my_strpos($img, "/") && !empty($img) && file_exists(MYBB_ROOT.'/images/usersocial/'.$img))
541.     {
542.         $image = $mybb->settings['bburl'].'/images/usersocial/'.htmlspecialchars_uni($img);
543.     }
544.     if(!empty($img) && file_exists(MYBB_ROOT.'/images/'.$img))
545.     {
546.         $image = $mybb->settings['bburl'].'/images/'.htmlspecialchars_uni($img);
547.     }
548.     return $image;
549. }
550.  
551. function usersocial_get_network($snid)
552. {
553.     global $db;
554.  
555.     $snid = intval($snid);
556.     $query = $db->simple_select('social_network', '*', "snid='{$snid}'");
557.     $network = $db->fetch_array($query);
558.     $db->free_result($query);
559.  
560.     if($network['snid'])
561.     {
562.         return $network;
563.     }
564.     return false;
565. }
566.  
567. function usersocial_postbit(&$post)
568. {
569.     global $db, $mybb, $templates;
570.     $post['usersocial'] = '';
571.     $sql = "SELECT s.sn_name, s.sn_link, s.sn_image, u.sn_value
572.    FROM ".TABLE_PREFIX."social_network s, ".TABLE_PREFIX."social_user_network u
573.    WHERE s.snid=u.snid AND u.uid='".$post['uid']."' AND u.sn_private=0 AND u.sn_value<>'' AND s.sn_active=1 AND s.sn_postbit=1
574.    ORDER BY s.sn_order ASC";
575.     $query = $db->query($sql);
576.     if ($db->num_rows($query)>0) {
577.         $post['usersocial'] = '<br />';
578.         while ($network = $db->fetch_array($query)) {
579.             $network['sn_link'] = str_replace('#username#', htmlspecialchars($network['sn_value'], ENT_QUOTES), $network['sn_link']);
580.             $network['sn_image'] = usersocial_get_icon($network['sn_image']);
581.             eval("\$post['usersocial'] .= \"".$templates->get("usersocial_postbit")."\";");
582.         }
583.     }
584. }
585.  
586. function usersocial_profile()
587. {
588.     global $db, $mybb, $templates, $memprofile, $lang;
589.     $lang->load('usersocial');
590.     $memprofile['usersocial'] = '';
591.     $sql = "SELECT s.sn_name, s.sn_link, s.sn_image, u.sn_value, u.sn_private
592.    FROM ".TABLE_PREFIX."social_network s
593.    LEFT JOIN ".TABLE_PREFIX."social_user_network u ON ( u.snid = s.snid AND u.uid=".$mybb->user['uid'].")
594.    WHERE s.sn_active=1 AND s.sn_profil=1
595.    ORDER BY s.sn_order ASC";
596.     $query = $db->query($sql);
597.     if ($db->num_rows($query)>0) {
598.         $cpt = 0;
599.         $tr = '</tr><tr>';
600.         while ($network = $db->fetch_array($query)) {
601.             $cpt++;
602.             $network['even'] = ($cpt%2)+1;
603.             if ($network['sn_private']==1 || trim($network['sn_value'])=='')
604.             {
605.                 $network['ulink'] = '';
606.             }
607.             else
608.             {
609.                 $network['ulink'] = '<a href="'.str_replace('#username#', htmlspecialchars($network['sn_value'], ENT_QUOTES), $network['sn_link']).'">'. $lang->usersocial_contact .' '.$network['sn_name'].'</a>';
610.             }
611.             eval("\$memprofile['usersocial'] .= \"</tr><tr>".$templates->get("usersocial_member_profile_row")."\";");
612.         }
613.     }
614. }
615.  
616. function usersocial_usercp()
617. {
618.     global $db, $mybb, $templates, $usersocial, $usersocial_rows, $lang;
619.     $lang->load('usersocial');
620.     $sql = "SELECT s.snid, s.sn_name, s.sn_link, s.sn_image, s.sn_label, u.sn_value, u.sn_private
621.        FROM ".TABLE_PREFIX."social_network s
622.        LEFT JOIN ".TABLE_PREFIX."social_user_network u ON ( u.snid = s.snid AND u.uid=".$mybb->user['uid'].")
623.        WHERE s.sn_active=1
624.        ORDER BY s.sn_order ASC";
625.     $query = $db->query($sql);
626.     $usersocial = '';
627.     if ($db->num_rows($query)>0)
628.     {
629.         $usersocial_rows = '';
630.         while ($network = $db->fetch_array($query)) {
631.             if ($network['sn_private']==1)
632.             {
633.                 $network['checked'] = ' checked="checked"';
634.             }
635.             eval("\$usersocial_rows .= \"".$templates->get('usersocial_usercp_row')."\";");
636.         }
637.         eval("\$usersocial .= \"".$templates->get('usersocial_usercp')."\";");
638.     }
639. }
640.  
641. function usersocial_update_user()
642. {
643.     global $db, $mybb;
644.     if($mybb->input['action'] == "do_profile" && $mybb->request_method == "post")
645.     {
646.         $db->delete_query('social_user_network', 'uid='.$mybb->user['uid']);
647.         foreach($mybb->input['sn'] as $k => $v) {
648.             if (isset($mybb->input['snp'][$k]) && $mybb->input['snp'][$k]==1)
649.             {
650.                 $mybb->input['snp'][$k] = 1;
651.             }
652.             else
653.             {
654.                 $mybb->input['snp'][$k] = 0;
655.             }
656.             $userdata = array(
657.                 'snid' => intval($k),
658.                 'uid' => intval($mybb->user['uid']),
659.                 'sn_value' => $db->escape_string(trim($v)),
660.                 'sn_private' => $mybb->input['snp'][$k]
661.             );
662.             $db->insert_query('social_user_network', $userdata);
663.         }
664.     }
665. }