ob_start(); ($hook = get_hook('mi_rules_output_start')) ? eval($hook) : null; ?>

', $tpl_temp, $tpl_main); ob_end_clean(); // END SUBST - require FORUM_ROOT.'footer.php'; } // Mark all topics/posts as read? else if ($action == 'markread') { if ($forum_user['is_guest']) message($lang_common['No permission']); // We validate the CSRF token. If it's set in POST and we're at this point, the token is valid. // If it's in GET, we need to make sure it's valid. if (!isset($_POST['csrf_token']) && (!isset($_GET['csrf_token']) || $_GET['csrf_token'] !== generate_form_token('markread'.$forum_user['id']))) csrf_confirm_form(); ($hook = get_hook('mi_markread_selected')) ? eval($hook) : null; $query = array( 'UPDATE' => 'users', 'SET' => 'last_visit='.$forum_user['logged'], 'WHERE' => 'id='.$forum_user['id'] ); ($hook = get_hook('mi_markread_qr_update_last_visit')) ? eval($hook) : null; $forum_db->query_build($query) or error(__FILE__, __LINE__); // Reset tracked topics set_tracked_topics(null); ($hook = get_hook('mi_markread_pre_redirect')) ? eval($hook) : null; redirect(forum_link($forum_url['index']), $lang_misc['Mark read redirect']); } // Mark the topics/posts in a forum as read? else if ($action == 'markforumread') { if ($forum_user['is_guest']) message($lang_common['No permission']); $fid = isset($_GET['fid']) ? intval($_GET['fid']) : 0; if ($fid < 1) message($lang_common['Bad request']); // We validate the CSRF token. If it's set in POST and we're at this point, the token is valid. // If it's in GET, we need to make sure it's valid. if (!isset($_POST['csrf_token']) && (!isset($_GET['csrf_token']) || $_GET['csrf_token'] !== generate_form_token('markforumread'.$fid.$forum_user['id']))) csrf_confirm_form(); ($hook = get_hook('mi_markforumread_selected')) ? eval($hook) : null; // Fetch some info about the forum $query = array( 'SELECT' => 'f.forum_name', 'FROM' => 'forums AS f', 'JOINS' => array( array( 'LEFT JOIN' => 'forum_perms AS fp', 'ON' => '(fp.forum_id=f.id AND fp.group_id='.$forum_user['g_id'].')' ) ), 'WHERE' => '(fp.read_forum IS NULL OR fp.read_forum=1) AND f.id='.$fid ); ($hook = get_hook('mi_markforumread_qr_get_forum_info')) ? eval($hook) : null; $result = $forum_db->query_build($query) or error(__FILE__, __LINE__); if (!$forum_db->num_rows($result)) message($lang_common['Bad request']); $forum_name = $forum_db->result($result); $tracked_topics = get_tracked_topics(); $tracked_topics['forums'][$fid] = time(); set_tracked_topics($tracked_topics); ($hook = get_hook('mi_markforumread_pre_redirect')) ? eval($hook) : null; redirect(forum_link($forum_url['forum'], array($fid, sef_friendly($forum_name))), $lang_misc['Mark forum read redirect']); } // Send form e-mail? else if (isset($_GET['email'])) { if ($forum_user['is_guest'] || $forum_user['g_send_email'] == '0') message($lang_common['No permission']); $recipient_id = intval($_GET['email']); if ($recipient_id < 2) message($lang_common['Bad request']); ($hook = get_hook('mi_email_selected')) ? eval($hook) : null; // User pressed the cancel button if (isset($_POST['cancel'])) redirect(forum_htmlencode($_POST['redirect_url']), $lang_common['Cancel redirect']); $query = array( 'SELECT' => 'u.username, u.email, u.email_setting', 'FROM' => 'users AS u', 'WHERE' => 'u.id='.$recipient_id ); ($hook = get_hook('mi_email_qr_get_form_email_data')) ? eval($hook) : null; $result = $forum_db->query_build($query) or error(__FILE__, __LINE__); if (!$forum_db->num_rows($result)) message($lang_common['Bad request']); list($recipient, $recipient_email, $email_setting) = $forum_db->fetch_row($result); if ($email_setting == 2 && !$forum_user['is_admmod']) message($lang_misc['Form e-mail disabled']); if (isset($_POST['form_sent'])) { ($hook = get_hook('mi_email_form_submitted')) ? eval($hook) : null; // Clean up message and subject from POST $subject = forum_trim($_POST['req_subject']); $message = forum_trim($_POST['req_message']); if ($subject == '') $errors[] = $lang_misc['No e-mail subject']; if ($message == '') $errors[] = $lang_misc['No e-mail message']; else if (strlen($message) > FORUM_MAX_POSTSIZE_BYTES) $errors[] = sprintf($lang_misc['Too long e-mail message'], forum_number_format(strlen($message)), forum_number_format(FORUM_MAX_POSTSIZE_BYTES)); if ($forum_user['last_email_sent'] != '' && (time() - $forum_user['last_email_sent']) < $forum_user['g_email_flood'] && (time() - $forum_user['last_email_sent']) >= 0) $errors[] = sprintf($lang_misc['Email flood'], $forum_user['g_email_flood']); ($hook = get_hook('mi_email_end_validation')) ? eval($hook) : null; // Did everything go according to plan? if (empty($errors)) { // Load the "form e-mail" template $mail_tpl = forum_trim(file_get_contents(FORUM_ROOT.'lang/'.$forum_user['language'].'/mail_templates/form_email.tpl')); // The first row contains the subject $first_crlf = strpos($mail_tpl, "\n"); $mail_subject = forum_trim(substr($mail_tpl, 8, $first_crlf-8)); $mail_message = forum_trim(substr($mail_tpl, $first_crlf)); $mail_subject = str_replace('', $subject, $mail_subject); $mail_message = str_replace('', $forum_user['username'], $mail_message); $mail_message = str_replace('', $forum_config['o_board_title'], $mail_message); $mail_message = str_replace('', $message, $mail_message); $mail_message = str_replace('', sprintf($lang_common['Forum mailer'], $forum_config['o_board_title']), $mail_message); ($hook = get_hook('mi_email_new_replace_data')) ? eval($hook) : null; if (!defined('FORUM_EMAIL_FUNCTIONS_LOADED')) require FORUM_ROOT.'include/email.php'; forum_mail($recipient_email, $mail_subject, $mail_message, $forum_user['email'], $forum_user['username']); // Set the user's last_email_sent time $query = array( 'UPDATE' => 'users', 'SET' => 'last_email_sent='.time(), 'WHERE' => 'id='.$forum_user['id'], ); ($hook = get_hook('mi_email_qr_update_last_email_sent')) ? eval($hook) : null; $forum_db->query_build($query) or error(__FILE__, __LINE__); ($hook = get_hook('mi_email_pre_redirect')) ? eval($hook) : null; redirect(forum_htmlencode($_POST['redirect_url']), $lang_misc['E-mail sent redirect']); } } // Setup form $forum_page['group_count'] = $forum_page['item_count'] = $forum_page['fld_count'] = 0; $forum_page['form_action'] = forum_link($forum_url['email'], $recipient_id); $forum_page['hidden_fields'] = array( 'form_sent' => '', 'redirect_url' => '', 'csrf_token' => '' ); // Setup main heading $forum_page['main_head'] = sprintf($lang_misc['Send forum e-mail'], forum_htmlencode($recipient)); // Setup breadcrumbs $forum_page['crumbs'] = array( array($forum_config['o_board_title'], forum_link($forum_url['index'])), sprintf($lang_misc['Send forum e-mail'], forum_htmlencode($recipient)) ); ($hook = get_hook('mi_email_pre_header_load')) ? eval($hook) : null; define('FORUM_PAGE', 'formemail'); require FORUM_ROOT.'header.php'; // START SUBST - ob_start(); ($hook = get_hook('mi_email_output_start')) ? eval($hook) : null; ?>

'.$cur_error.''; ($hook = get_hook('mi_pre_email_errors')) ? eval($hook) : null; ?>

'.$lang_common['Required'].'') ?>

', $tpl_temp, $tpl_main); ob_end_clean(); // END SUBST - require FORUM_ROOT.'footer.php'; } // Report a post? else if (isset($_GET['report'])) { if ($forum_user['is_guest']) message($lang_common['No permission']); $post_id = intval($_GET['report']); if ($post_id < 1) message($lang_common['Bad request']); ($hook = get_hook('mi_report_selected')) ? eval($hook) : null; // User pressed the cancel button if (isset($_POST['cancel'])) redirect(forum_link($forum_url['post'], $post_id), $lang_common['Cancel redirect']); if (isset($_POST['form_sent'])) { ($hook = get_hook('mi_report_form_submitted')) ? eval($hook) : null; // Flood protection if ($forum_user['last_email_sent'] != '' && (time() - $forum_user['last_email_sent']) < $forum_user['g_email_flood'] && (time() - $forum_user['last_email_sent']) >= 0) message(sprintf($lang_misc['Report flood'], $forum_user['g_email_flood'])); // Clean up reason from POST $reason = forum_linebreaks(forum_trim($_POST['req_reason'])); if ($reason == '') message($lang_misc['No reason']); // Get some info about the topic we're reporting $query = array( 'SELECT' => 't.id, t.subject, t.forum_id', 'FROM' => 'posts AS p', 'JOINS' => array( array( 'INNER JOIN' => 'topics AS t', 'ON' => 't.id=p.topic_id' ) ), 'WHERE' => 'p.id='.$post_id ); ($hook = get_hook('mi_report_qr_get_topic_data')) ? eval($hook) : null; $result = $forum_db->query_build($query) or error(__FILE__, __LINE__); if (!$forum_db->num_rows($result)) message($lang_common['Bad request']); list($topic_id, $subject, $forum_id) = $forum_db->fetch_row($result); ($hook = get_hook('mi_report_pre_reports_sent')) ? eval($hook) : null; // Should we use the internal report handling? if ($forum_config['o_report_method'] == 0 || $forum_config['o_report_method'] == 2) { $query = array( 'INSERT' => 'post_id, topic_id, forum_id, reported_by, created, message', 'INTO' => 'reports', 'VALUES' => $post_id.', '.$topic_id.', '.$forum_id.', '.$forum_user['id'].', '.time().', \''.$forum_db->escape($reason).'\'' ); ($hook = get_hook('mi_report_add_report')) ? eval($hook) : null; $forum_db->query_build($query) or error(__FILE__, __LINE__); } // Should we e-mail the report? if ($forum_config['o_report_method'] == 1 || $forum_config['o_report_method'] == 2) { // We send it to the complete mailing-list in one swoop if ($forum_config['o_mailing_list'] != '') { $mail_subject = 'Report('.$forum_id.') - \''.$subject.'\''; $mail_message = 'User \''.$forum_user['username'].'\' has reported the following message:'."\n".forum_link($forum_url['post'], $post_id)."\n\n".'Reason:'."\n".$reason; if (!defined('FORUM_EMAIL_FUNCTIONS_LOADED')) require FORUM_ROOT.'include/email.php'; ($hook = get_hook('mi_report_modify_message')) ? eval($hook) : null; forum_mail($forum_config['o_mailing_list'], $mail_subject, $mail_message); } } // Set last_email_sent time to prevent flooding $query = array( 'UPDATE' => 'users', 'SET' => 'last_email_sent='.time(), 'WHERE' => 'id='.$forum_user['id'] ); ($hook = get_hook('mi_report_qr_update_last_email_sent')) ? eval($hook) : null; $forum_db->query_build($query) or error(__FILE__, __LINE__); ($hook = get_hook('mi_report_pre_redirect')) ? eval($hook) : null; redirect(forum_link($forum_url['post'], $post_id), $lang_misc['Report redirect']); } // Setup form $forum_page['group_count'] = $forum_page['item_count'] = $forum_page['fld_count'] = 0; $forum_page['form_action'] = forum_link($forum_url['report'], $post_id); $forum_page['hidden_fields'] = array( 'form_sent' => '', 'csrf_token' => '' ); // Setup breadcrumbs $forum_page['crumbs'] = array( array($forum_config['o_board_title'], forum_link($forum_url['index'])), $lang_misc['Report post'] ); // Setup main heading $forum_page['main_head'] = end($forum_page['crumbs']); ($hook = get_hook('mi_report_pre_header_load')) ? eval($hook) : null; define('FORUM_PAGE', 'report'); require FORUM_ROOT.'header.php'; // START SUBST - ob_start(); ($hook = get_hook('mi_report_output_start')) ? eval($hook) : null; ?>

'.$lang_common['Required'].'') ?>

', $tpl_temp, $tpl_main); ob_end_clean(); // END SUBST - require FORUM_ROOT.'footer.php'; } // Subscribe to a topic? else if (isset($_GET['subscribe'])) { if ($forum_user['is_guest'] || $forum_config['o_subscriptions'] != '1') message($lang_common['No permission']); $topic_id = intval($_GET['subscribe']); if ($topic_id < 1) message($lang_common['Bad request']); // We validate the CSRF token. If it's set in POST and we're at this point, the token is valid. // If it's in GET, we need to make sure it's valid. if (!isset($_POST['csrf_token']) && (!isset($_GET['csrf_token']) || $_GET['csrf_token'] !== generate_form_token('subscribe'.$topic_id.$forum_user['id']))) csrf_confirm_form(); ($hook = get_hook('mi_subscribe_selected')) ? eval($hook) : null; // Make sure the user can view the topic $query = array( 'SELECT' => 'subject', 'FROM' => 'topics AS t', 'JOINS' => array( array( 'LEFT JOIN' => 'forum_perms AS fp', 'ON' => '(fp.forum_id=t.forum_id AND fp.group_id='.$forum_user['g_id'].')' ) ), 'WHERE' => '(fp.read_forum IS NULL OR fp.read_forum=1) AND t.id='.$topic_id.' AND t.moved_to IS NULL' ); ($hook = get_hook('mi_subscribe_qr_topic_exists')) ? eval($hook) : null; $result = $forum_db->query_build($query) or error(__FILE__, __LINE__); if (!$forum_db->num_rows($result)) message($lang_common['Bad request']); $subject = $forum_db->result($result); $query = array( 'SELECT' => '1', 'FROM' => 'subscriptions AS s', 'WHERE' => 'user_id='.$forum_user['id'].' AND topic_id='.$topic_id ); ($hook = get_hook('mi_subscribe_qr_check_subscribed')) ? eval($hook) : null; $result = $forum_db->query_build($query) or error(__FILE__, __LINE__); if ($forum_db->num_rows($result)) message($lang_misc['Already subscribed']); $query = array( 'INSERT' => 'user_id, topic_id', 'INTO' => 'subscriptions', 'VALUES' => $forum_user['id'].' ,'.$topic_id ); ($hook = get_hook('mi_subscribe_add_subscription')) ? eval($hook) : null; $forum_db->query_build($query) or error(__FILE__, __LINE__); ($hook = get_hook('mi_subscribe_pre_redirect')) ? eval($hook) : null; redirect(forum_link($forum_url['topic'], array($topic_id, sef_friendly($subject))), $lang_misc['Subscribe redirect']); } // Unsubscribe from a topic? else if (isset($_GET['unsubscribe'])) { if ($forum_user['is_guest'] || $forum_config['o_subscriptions'] != '1') message($lang_common['No permission']); $topic_id = intval($_GET['unsubscribe']); if ($topic_id < 1) message($lang_common['Bad request']); // We validate the CSRF token. If it's set in POST and we're at this point, the token is valid. // If it's in GET, we need to make sure it's valid. if (!isset($_POST['csrf_token']) && (!isset($_GET['csrf_token']) || $_GET['csrf_token'] !== generate_form_token('unsubscribe'.$topic_id.$forum_user['id']))) csrf_confirm_form(); ($hook = get_hook('mi_unsubscribe_selected')) ? eval($hook) : null; $query = array( 'SELECT' => 't.subject', 'FROM' => 'topics AS t', 'JOINS' => array( array( 'INNER JOIN' => 'subscriptions AS s', 'ON' => 's.user_id='.$forum_user['id'].' AND s.topic_id=t.id' ) ), 'WHERE' => 't.id='.$topic_id ); ($hook = get_hook('mi_unsubscribe_qr_check_subscribed')) ? eval($hook) : null; $result = $forum_db->query_build($query) or error(__FILE__, __LINE__); if (!$forum_db->num_rows($result)) message($lang_misc['Not subscribed']); $subject = $forum_db->result($result); $query = array( 'DELETE' => 'subscriptions', 'WHERE' => 'user_id='.$forum_user['id'].' AND topic_id='.$topic_id ); ($hook = get_hook('mi_unsubscribe_qr_delete_subscription')) ? eval($hook) : null; $result = $forum_db->query_build($query) or error(__FILE__, __LINE__); ($hook = get_hook('mi_unsubscribe_pre_redirect')) ? eval($hook) : null; redirect(forum_link($forum_url['topic'], array($topic_id, sef_friendly($subject))), $lang_misc['Unsubscribe redirect']); } ($hook = get_hook('mi_new_action')) ? eval($hook) : null; message($lang_common['Bad request']);