PHP error_no_permission函数代码示例

function get_contact_func($xmlrpc_params)
{
    global $db, $lang, $theme, $plugins, $mybb, $session, $settings, $cache, $time, $mybbgroups, $parser, $displaygroupfields;
    $lang->load("member");
    $input = Tapatalk_Input::filterXmlInput(array('user_id' => Tapatalk_Input::STRING), $xmlrpc_params);
    if (isset($input['user_id']) && !empty($input['user_id'])) {
        $uid = $input['user_id'];
    } else {
        $uid = $mybb->user['uid'];
    }
    if ($mybb->user['uid'] != $uid) {
        $member = get_user($uid);
    } else {
        $member = $mybb->user;
    }
    if (!$member['uid']) {
        error($lang->error_nomember);
    }
    // Guests or those without permission can't email other users
    if ($mybb->usergroup['cansendemail'] == 0 || !$mybb->user['uid']) {
        error_no_permission();
    }
    if ($member['hideemail'] != 0) {
        error($lang->error_hideemail);
    }
    $user_info = array('result' => new xmlrpcval(true, 'boolean'), 'user_id' => new xmlrpcval($member['uid']), 'display_name' => new xmlrpcval(basic_clean($member['username']), 'base64'), 'enc_email' => new xmlrpcval(base64_encode(encrypt($member['email'], loadAPIKey()))));
    $xmlrpc_user_info = new xmlrpcval($user_info, 'struct');
    return new xmlrpcresp($xmlrpc_user_info);
}

function upload_avatar_func($xmlrpc_params)
{
    global $db, $lang, $theme, $plugins, $mybb, $session, $settings, $cache, $time, $mybbgroups;
    //chdir("../");
    $input = Tapatalk_Input::filterXmlInput(array('content' => Tapatalk_Input::STRING), $xmlrpc_params);
    if ($mybb->usergroup['canuploadavatars'] == 0) {
        error_no_permission();
    }
    $avatar = upload_avatar($_FILES['upload']);
    if ($avatar['error']) {
        return xmlrespfalse($avatar['error']);
    } else {
        if ($avatar['width'] > 0 && $avatar['height'] > 0) {
            $avatar_dimensions = $avatar['width'] . "|" . $avatar['height'];
        }
        $updated_avatar = array("avatar" => $avatar['avatar'] . '?dateline=' . TIME_NOW, "avatardimensions" => $avatar_dimensions, "avatartype" => "upload");
        $db->update_query("users", $updated_avatar, "uid='" . $mybb->user['uid'] . "'");
    }
    return xmlresptrue();
}

function m_delete_post_func($xmlrpc_params)
{
    global $input, $post, $thread, $forum, $pid, $tid, $fid, $modlogdata, $db, $lang, $theme, $plugins, $mybb, $session, $settings, $cache, $time, $mybbgroups, $moderation, $parser;
    $input = Tapatalk_Input::filterXmlInput(array('post_id' => Tapatalk_Input::INT, 'mode' => Tapatalk_Input::INT, 'reason_text' => Tapatalk_Input::STRING), $xmlrpc_params);
    // Load global language phrases
    $lang->load("editpost");
    $plugins->run_hooks("editpost_start");
    // No permission for guests
    if (!$mybb->user['uid']) {
        error_no_permission();
    }
    // Get post info
    $pid = intval($input['post_id']);
    $query = $db->simple_select("posts", "*", "pid='{$pid}'");
    $post = $db->fetch_array($query);
    if (!$post['pid']) {
        error($lang->error_invalidpost);
    }
    // Get thread info
    $tid = $post['tid'];
    $thread = get_thread($tid);
    if (!$thread['tid']) {
        error($lang->error_invalidthread);
    }
    // Get forum info
    $fid = $post['fid'];
    $forum = get_forum($fid);
    if (!$forum || $forum['type'] != "f") {
        error($lang->error_closedinvalidforum);
    }
    if ($forum['open'] == 0 || $mybb->user['suspendposting'] == 1) {
        error_no_permission();
    }
    $forumpermissions = forum_permissions($fid);
    if (!is_moderator($fid, "candeleteposts")) {
        if ($thread['closed'] == 1) {
            error($lang->redirect_threadclosed);
        }
        if ($forumpermissions['candeleteposts'] == 0) {
            error_no_permission();
        }
        if ($mybb->user['uid'] != $post['uid']) {
            error_no_permission();
        }
    }
    // Check if this forum is password protected and we have a valid password
    check_forum_password($forum['fid']);
    $plugins->run_hooks("editpost_deletepost");
    $modlogdata['fid'] = $fid;
    $modlogdata['tid'] = $tid;
    $query = $db->simple_select("posts", "pid", "tid='{$tid}'", array("limit" => 1, "order_by" => "dateline", "order_dir" => "asc"));
    $firstcheck = $db->fetch_array($query);
    if ($firstcheck['pid'] == $pid) {
        if ($forumpermissions['candeletethreads'] == 1 || is_moderator($fid, "candeletethreads")) {
            delete_thread($tid);
            mark_reports($tid, "thread");
            log_moderator_action($modlogdata, $lang->thread_deleted);
        } else {
            error_no_permission();
        }
    } else {
        if ($forumpermissions['candeleteposts'] == 1 || is_moderator($fid, "candeleteposts")) {
            // Select the first post before this
            delete_post($pid, $tid);
            mark_reports($pid, "post");
            log_moderator_action($modlogdata, $lang->post_deleted);
        } else {
            error_no_permission();
        }
    }
    $response = new xmlrpcval(array('result' => new xmlrpcval(true, 'boolean'), 'is_login_mod' => new xmlrpcval(true, 'boolean'), 'result_text' => new xmlrpcval("", 'base64')), 'struct');
    return new xmlrpcresp($response);
}

function get_user_info_func($xmlrpc_params)
{
    global $db, $lang, $theme, $plugins, $mybb, $session, $settings, $cache, $time, $mybbgroups, $parser, $displaygroupfields;
    $lang->load("member");
    $input = Tapatalk_Input::filterXmlInput(array('user_name' => Tapatalk_Input::STRING, 'user_id' => Tapatalk_Input::INT), $xmlrpc_params);
    if ($mybb->usergroup['canviewprofiles'] == 0) {
        error_no_permission();
    }
    if (isset($input['user_id']) && !empty($input['user_id'])) {
        $uid = $input['user_id'];
    } elseif (!empty($input['user_name'])) {
        $query = $db->simple_select("users", "uid", "username='{$input['user_name_esc']}'");
        $uid = $db->fetch_field($query, "uid");
    } else {
        $uid = $mybb->user['uid'];
    }
    if ($mybb->user['uid'] != $uid) {
        $memprofile = get_user($uid);
    } else {
        $memprofile = $mybb->user;
    }
    if (!$memprofile['uid']) {
        error($lang->error_nomember);
    }
    // Get member's permissions
    $memperms = user_permissions($memprofile['uid']);
    if (!$memprofile['displaygroup']) {
        $memprofile['displaygroup'] = $memprofile['usergroup'];
    }
    // Grab the following fields from the user's displaygroup
    $displaygroupfields = array("title", "usertitle", "stars", "starimage", "image", "usereputationsystem");
    $displaygroup = usergroup_displaygroup($memprofile['displaygroup']);
    // Get the user title for this user
    unset($usertitle);
    unset($stars);
    if (trim($memprofile['usertitle']) != '') {
        // User has custom user title
        $usertitle = $memprofile['usertitle'];
    } elseif (trim($displaygroup['usertitle']) != '') {
        // User has group title
        $usertitle = $displaygroup['usertitle'];
    } else {
        // No usergroup title so get a default one
        $query = $db->simple_select("usertitles", "*", "", array('order_by' => 'posts', 'order_dir' => 'DESC'));
        while ($title = $db->fetch_array($query)) {
            if ($memprofile['postnum'] >= $title['posts']) {
                $usertitle = $title['title'];
                $stars = $title['stars'];
                $starimage = $title['starimage'];
                break;
            }
        }
    }
    // User is currently online and this user has permissions to view the user on the WOL
    $timesearch = TIME_NOW - $mybb->settings['wolcutoffmins'] * 60;
    $query = $db->simple_select("sessions", "location,nopermission", "uid='{$uid}' AND time>'{$timesearch}'", array('order_by' => 'time', 'order_dir' => 'DESC', 'limit' => 1));
    $session = $db->fetch_array($query);
    if (($memprofile['invisible'] != 1 || $mybb->usergroup['canviewwolinvis'] == 1 || $memprofile['uid'] == $mybb->user['uid']) && !empty($session)) {
        // Fetch their current location
        $lang->load("online");
        require_once MYBB_ROOT . "inc/functions_online.php";
        $activity = fetch_wol_activity($session['location'], $session['nopermission']);
        /*unset($activity['tid']);
          unset($activity['fid']);
          unset($activity['pid']);
          unset($activity['eid']);
          unset($activity['aid']);*/
        $location = strip_tags(build_friendly_wol_location($activity));
        $location_time = my_date($mybb->settings['timeformat'], $memprofile['lastactive']);
        $online = true;
    } else {
        $online = false;
    }
    // Get custom fields start
    $custom_fields_list = array();
    if ($memprofile['birthday']) {
        $membday = explode("-", $memprofile['birthday']);
        if ($memprofile['birthdayprivacy'] != 'none') {
            if ($membday[0] && $membday[1] && $membday[2]) {
                $lang->membdayage = $lang->sprintf($lang->membdayage, get_age($memprofile['birthday']));
                if ($membday[2] >= 1970) {
                    $w_day = date("l", mktime(0, 0, 0, $membday[1], $membday[0], $membday[2]));
                    $membday = format_bdays($mybb->settings['dateformat'], $membday[1], $membday[0], $membday[2], $w_day);
                } else {
                    $bdayformat = fix_mktime($mybb->settings['dateformat'], $membday[2]);
                    $membday = mktime(0, 0, 0, $membday[1], $membday[0], $membday[2]);
                    $membday = date($bdayformat, $membday);
                }
                $membdayage = $lang->membdayage;
            } elseif ($membday[2]) {
                $membday = mktime(0, 0, 0, 1, 1, $membday[2]);
                $membday = date("Y", $membday);
                $membdayage = '';
            } else {
                $membday = mktime(0, 0, 0, $membday[1], $membday[0], 0);
                $membday = date("F j", $membday);
                $membdayage = '';
            }
        }
        if ($memprofile['birthdayprivacy'] == 'age') {
//.........这里部分代码省略.........

function mysteam_usercp()
{
    global $lang, $mybb;
    if (!$lang->mysteam) {
        $lang->load('mysteam');
    }
    // Check if current User CP page is Steam Integration.
    if ($mybb->input['action'] == 'steamid') {
        global $db, $theme, $templates, $headerinclude, $header, $footer, $plugins, $usercpnav, $steamform;
        // Make sure user is in an allowed usergroup if set.
        $is_allowed = mysteam_filter_groups($mybb->user);
        if (!$is_allowed) {
            error_no_permission();
        }
        add_breadcrumb($lang->nav_usercp, 'usercp.php');
        add_breadcrumb($lang->mysteam_integration, 'usercp.php?action=steamid');
        $submit_display = 'display: none;';
        if (!$mybb->user['steamid']) {
            $decouple_display = 'display: none;';
        }
        // Process the form submission if something has been submitted.
        if ($mybb->input['uid']) {
            $submit_display = '';
            $uid = $db->escape_string($mybb->input['uid']);
            // If user has attempted to submit a Steam profile . . .
            if ($mybb->input['submit']) {
                // If user directly entered a Steam ID . . .
                if (is_numeric($mybb->input['steamprofile']) && strlen($mybb->input['steamprofile']) === 17) {
                    $steamid = $db->escape_string($mybb->input['steamprofile']);
                    // Ensure the Steam ID is valid.
                    $data = 'http://api.steampowered.com/ISteamUser/GetPlayerSummaries/v0002/?key=' . $mybb->settings['mysteam_apikey'] . '&steamids=' . $steamid;
                    $response = multiRequest($data);
                    if (!strpos($response[0], 'steamid')) {
                        unset($steamid);
                    } else {
                        $decoded = json_decode($response[0]);
                        $steamname = $decoded->response->players[0]->personaname;
                    }
                } elseif (!strpos($mybb->input['steamprofile'], '/')) {
                    $vanity_url = $db->escape_string($mybb->input['steamprofile']);
                    $data = 'http://api.steampowered.com/ISteamUser/ResolveVanityURL/v0001/?key=' . $mybb->settings['mysteam_apikey'] . '&vanityurl=' . $vanity_url;
                    $response = multiRequest($data);
                    $decoded = json_decode($response[0]);
                    if ($decoded->response->success == 1) {
                        $steamid = $db->escape_string($decoded->response->steamid);
                    }
                } elseif (strpos($mybb->input['steamprofile'], '/profiles/')) {
                    $trimmed_url = rtrim($mybb->input['steamprofile'], '/');
                    $parsed_url = explode('/', $trimmed_url);
                    $steamid = end($parsed_url);
                    $data = 'http://api.steampowered.com/ISteamUser/GetPlayerSummaries/v0002/?key=' . $mybb->settings['mysteam_apikey'] . '&steamids=' . $steamid;
                    $response = multiRequest($data);
                    if (!strpos($response[0], 'steamid')) {
                        unset($steamid);
                    } else {
                        $decoded = json_decode($response[0]);
                        $steamname = $decoded->response->players[0]->personaname;
                    }
                } elseif (strpos($mybb->input['steamprofile'], '/id/')) {
                    $trimmed_url = rtrim($mybb->input['steamprofile'], '/');
                    $parsed_url = explode('/', $trimmed_url);
                    $vanity_url = end($parsed_url);
                    $data = 'http://api.steampowered.com/ISteamUser/ResolveVanityURL/v0001/?key=' . $mybb->settings['mysteam_apikey'] . '&vanityurl=' . $vanity_url;
                    $response = multiRequest($data);
                    $decoded = json_decode($response[0]);
                    if ($decoded->response->success == 1) {
                        $steamid = $db->escape_string($decoded->response->steamid);
                    }
                }
                // If we have a valid Steam ID . . .
                if ($steamid) {
                    $query = $db->simple_select("users", "username", "steamid='" . $steamid . "'");
                    $username_same = $db->fetch_field($query, 'username');
                    // Don't run if Steam ID matches another user's current ID, and display error.
                    if ($db->num_rows($query)) {
                        $submit_message = '
							<p><em>' . $lang->please_correct_errors . '</em></p>
							<p>' . $lang->mysteam_submit_same . $username_same . '</p>';
                    } else {
                        $db->update_query("users", array('steamid' => $steamid), "uid='" . $uid . "'");
                        if ($vanity_url) {
                            $success_third_line = '<br />
							<strong>' . $lang->mysteam_vanityurl . '</strong>' . $vanity_url . '</p>';
                        } else {
                            $success_third_line = '<br />
							<strong>' . $lang->mysteam_name . '</strong>' . $steamname . '</p>';
                        }
                        $submit_message = '<p><strong>' . $lang->mysteam_submit_success . '</strong></p>
							<p><strong>' . $lang->mysteam_steamid . '</strong>' . $steamid . $success_third_line;
                    }
                } else {
                    $submit_message = '<p><em>' . $lang->please_correct_errors . '</em></p>
						<p>' . $lang->mysteam_submit_invalid . '</p>';
                }
            } elseif ($mybb->input['decouple']) {
                $db->update_query("users", array('steamid' => ''), "uid='" . $uid . "'");
                $submit_message = $lang->mysteam_decouple_success;
            }
        }
        eval("\$steamform = \"" . $templates->get("mysteam_usercp") . "\";");
//.........这里部分代码省略.........

function replyban_run()
{
    global $db, $mybb, $lang, $templates, $theme, $headerinclude, $header, $footer, $replyban, $moderation;
    $lang->load("replyban");
    if ($mybb->input['action'] != "replyban" && $mybb->input['action'] != "do_replyban" && $mybb->input['action'] != "liftreplyban") {
        return;
    }
    if ($mybb->input['action'] == "replyban") {
        $tid = $mybb->get_input('tid', MyBB::INPUT_INT);
        $thread = get_thread($tid);
        if (!is_moderator($thread['fid'], "canmanagethreads")) {
            error_no_permission();
        }
        if (!$thread['tid']) {
            error($lang->error_invalidthread);
        }
        $thread['subject'] = htmlspecialchars_uni($thread['subject']);
        $lang->reply_bans_for = $lang->sprintf($lang->reply_bans_for, $thread['subject']);
        check_forum_password($thread['fid']);
        build_forum_breadcrumb($thread['fid']);
        add_breadcrumb($thread['subject'], get_thread_link($thread['tid']));
        add_breadcrumb($lang->reply_bans);
        $query = $db->query("\r\n\t\t\tSELECT r.*, u.username\r\n\t\t\tFROM " . TABLE_PREFIX . "replybans r\r\n\t\t\tLEFT JOIN " . TABLE_PREFIX . "users u ON (r.uid=u.uid)\r\n\t\t\tWHERE r.tid='{$thread['tid']}'\r\n\t\t\tORDER BY r.dateline DESC\r\n\t\t");
        while ($ban = $db->fetch_array($query)) {
            $ban['reason'] = htmlspecialchars_uni($ban['reason']);
            $ban['username'] = build_profile_link($ban['username'], $ban['uid']);
            if ($ban['lifted'] == 0) {
                $ban['lifted'] = $lang->permanent;
            } else {
                $ban['lifted'] = my_date('relative', $ban['lifted'], '', 2);
            }
            $alt_bg = alt_trow();
            eval("\$ban_bit .= \"" . $templates->get("moderation_replyban_bit") . "\";");
        }
        if (!$ban_bit) {
            eval("\$ban_bit = \"" . $templates->get("moderation_replyban_no_bans") . "\";");
        }
        // Generate the banned times dropdown
        $liftlist = '';
        $bantimes = fetch_ban_times();
        foreach ($bantimes as $time => $title) {
            $selected = '';
            if (isset($banned['bantime']) && $banned['bantime'] == $time) {
                $selected = " selected=\"selected\"";
            }
            $thattime = '';
            if ($time != '---') {
                $dateline = TIME_NOW;
                if (isset($banned['dateline'])) {
                    $dateline = $banned['dateline'];
                }
                $thatime = my_date("D, jS M Y @ g:ia", ban_date2timestamp($time, $dateline));
                $thattime = " ({$thatime})";
            }
            eval("\$liftlist .= \"" . $templates->get("moderation_replyban_liftlist") . "\";");
        }
        eval("\$replyban = \"" . $templates->get("moderation_replyban") . "\";");
        output_page($replyban);
    }
    if ($mybb->input['action'] == "do_replyban" && $mybb->request_method == "post") {
        // Verify incoming POST request
        verify_post_check($mybb->get_input('my_post_key'));
        $tid = $mybb->get_input('tid', MyBB::INPUT_INT);
        $thread = get_thread($tid);
        if (!is_moderator($thread['fid'], "canmanagethreads")) {
            error_no_permission();
        }
        if (!$thread['tid']) {
            error($lang->error_invalidthread);
        }
        $user = get_user_by_username($mybb->input['username'], array('fields' => array('username')));
        if (!$user['uid']) {
            error($lang->error_invaliduser);
        }
        $mybb->input['reason'] = $mybb->get_input('reason');
        if (!trim($mybb->input['reason'])) {
            error($lang->error_missing_reason);
        }
        $query = $db->simple_select('replybans', 'rid', "uid='{$user['uid']}' AND tid='{$thread['tid']}'");
        $existingban = $db->fetch_field($query, 'rid');
        if ($existingban > 0) {
            error($lang->error_alreadybanned);
        }
        if ($mybb->get_input('liftban') == '---') {
            $lifted = 0;
        } else {
            $lifted = ban_date2timestamp($mybb->get_input('liftban'), 0);
        }
        $reason = my_substr($mybb->input['reason'], 0, 240);
        $insert_array = array('uid' => $user['uid'], 'tid' => $thread['tid'], 'dateline' => TIME_NOW, 'reason' => $db->escape_string($reason), 'lifted' => $db->escape_string($lifted));
        $db->insert_query('replybans', $insert_array);
        log_moderator_action(array("tid" => $thread['tid'], "fid" => $thread['fid'], "uid" => $user['uid'], "username" => $user['username']), $lang->user_reply_banned);
        moderation_redirect("moderation.php?action=replyban&tid={$thread['tid']}", $lang->redirect_user_banned_replying);
    }
    if ($mybb->input['action'] == "liftreplyban") {
        // Verify incoming POST request
        verify_post_check($mybb->get_input('my_post_key'));
        $rid = $mybb->get_input('rid', MyBB::INPUT_INT);
        $query = $db->simple_select("replybans", "*", "rid='{$rid}'");
        $ban = $db->fetch_array($query);
//.........这里部分代码省略.........

function trader_unapprove($fid)
{
    global $mybb, $db, $header, $headerinclude, $footer, $lang;
    $lang->load("tradefeedback");
    $fid = intval($fid);
    if (!$fid) {
        error($lang->feedback_invalid_action);
    }
    if ($mybb->usergroup['canmodcp'] == 0) {
        error_no_permission();
    }
    verify_post_check($mybb->input['my_post_key']);
    // Check if the rep exists
    $query = $db->simple_select("trade_feedback", "receiver", "fid={$fid}");
    $userid = $db->fetch_field($query, "receiver");
    if (!$userid) {
        error($lang->feedback_invalid_action);
    }
    $db->write_query("UPDATE " . TABLE_PREFIX . "trade_feedback SET approved=0 WHERE fid={$fid}");
    trader_rebuild_reputation($userid);
    $url = $mybb->settings['bburl'] . "/tradefeedback.php?action=view&uid={$userid}";
    $message = $lang->feedback_unapproved_success;
    redirect($url, $message, "", true);
}

function newpoints_shop_page()
{
    global $mybb, $db, $lang, $cache, $theme, $header, $templates, $plugins, $headerinclude, $footer, $options, $inline_errors;
    if (!$mybb->user['uid']) {
        return;
    }
    newpoints_lang_load("newpoints_shop");
    if ($mybb->input['action'] == "do_shop") {
        verify_post_check($mybb->input['postcode']);
        $plugins->run_hooks("newpoints_do_shop_start");
        switch ($mybb->input['shop_action']) {
            case 'buy':
                $plugins->run_hooks("newpoints_shop_buy_start");
                // check if the item exists
                if (!($item = newpoints_shop_get_item($mybb->input['iid']))) {
                    error($lang->newpoints_shop_invalid_item);
                }
                // check if the item is assigned to category
                if (!($cat = newpoints_shop_get_category($item['cid']))) {
                    error($lang->newpoints_shop_invalid_cat);
                }
                // check if we have permissions to view the parent category
                if (!newpoints_shop_check_permissions($cat['usergroups'])) {
                    error_no_permission();
                }
                if ($item['visible'] == 0 || $cat['visible'] == 0) {
                    error_no_permission();
                }
                // check group rules - primary group check
                $grouprules = newpoints_getrules('group', $mybb->user['usergroup']);
                if (!$grouprules) {
                    $grouprules['items_rate'] = 1.0;
                }
                // no rule set so default income rate is 1
                // if the group items rate is 0, the price of the item is 0
                if (floatval($grouprules['items_rate']) == 0) {
                    $item['price'] = 0;
                } else {
                    $item['price'] = $item['price'] * floatval($grouprules['items_rate']);
                }
                if (floatval($item['price']) > floatval($mybb->user['newpoints'])) {
                    $errors[] = $lang->newpoints_shop_not_enough;
                }
                if ($item['infinite'] != 1 && $item['stock'] <= 0) {
                    $errors[] = $lang->newpoints_shop_out_of_stock;
                }
                if ($item['limit'] != 0) {
                    // Get how many items of this type we have in our inventory
                    $myitems = @unserialize($mybb->user['newpoints_items']);
                    if (!$myitems) {
                        $myitems = array();
                    }
                    // If more than or equal to $item['limit'] -> FAILED
                    if (count(array_keys($myitems, $item['iid'])) >= $item['limit']) {
                        $errors[] = $lang->newpoints_shop_limit_reached;
                    }
                }
                if (!empty($errors)) {
                    $inline_errors = inline_error($errors, $lang->newpoints_shop_inline_errors);
                    $mybb->input = array();
                    $mybb->input['action'] = 'shop';
                } else {
                    $myitems = @unserialize($mybb->user['newpoints_items']);
                    if (!$myitems) {
                        $myitems = array();
                    }
                    $myitems[] = $item['iid'];
                    $db->update_query('users', array('newpoints_items' => serialize($myitems)), 'uid=\'' . $mybb->user['uid'] . '\'');
                    // update stock
                    if ($item['infinite'] != 1) {
                        $db->update_query('newpoints_shop_items', array('stock' => $item['stock'] - 1), 'iid=\'' . $item['iid'] . '\'');
                    }
                    // get money from user
                    newpoints_addpoints($mybb->user['uid'], -floatval($item['price']));
                    if (!empty($item['pm'])) {
                        // send PM if item has private message
                        newpoints_send_pm(array('subject' => $lang->newpoints_shop_bought_item_pm_subject, 'message' => $item['pm'], 'touid' => $mybb->user['uid'], 'receivepms' => 1), -1);
                    }
                    $plugins->run_hooks("newpoints_shop_buy_end", $item);
                    // log purchase
                    newpoints_log('shop_purchase', $lang->sprintf($lang->newpoints_shop_purchased_log, $item['iid'], $item['price']));
                    redirect($mybb->settings['bburl'] . "/newpoints.php?action=shop", $lang->newpoints_shop_item_bought, $lang->newpoints_shop_item_bought_title);
                }
                break;
            case 'send':
                $plugins->run_hooks("newpoints_shop_send_start");
                // check if the item exists
                if (!($item = newpoints_shop_get_item($mybb->input['iid']))) {
                    error($lang->newpoints_shop_invalid_item);
                }
                // check if the item is assigned to category
                if (!($cat = newpoints_shop_get_category($item['cid']))) {
                    error($lang->newpoints_shop_invalid_cat);
                }
                // check if we have permissions to view the parent category
                if (!newpoints_shop_check_permissions($cat['usergroups'])) {
                    error_no_permission();
                }
                if ($item['visible'] == 0 || $cat['visible'] == 0) {
                    error_no_permission();
//.........这里部分代码省略.........

function cloudflare_moderation_start()
{
    global $mybb, $db, $cache, $fid, $pid;
    if (!$mybb->settings['cloudflare_postbit_spam'] || $mybb->input['action'] != 'cloudflare_report_spam') {
        return;
    }
    if (!$mybb->input['pid']) {
        error($lang->error_invalidpost);
    }
    $pid = intval($mybb->input['pid']);
    if (!$mybb->input['fid']) {
        error($lang->error_invalidforum);
    }
    $fid = intval($mybb->input['fid']);
    if (!is_moderator($fid)) {
        error_no_permission();
    }
    $query = $db->query("\n\t\tSELECT p.uid, p.username, u.email, p.message, p.ipaddress, p.tid\n\t\tFROM " . TABLE_PREFIX . "posts p\n\t\tLEFT JOIN " . TABLE_PREFIX . "users u ON (u.uid=p.uid)\n\t\tLEFT JOIN " . TABLE_PREFIX . "forums f ON (f.fid=p.fid)\n\t\tWHERE p.pid = '{$pid}'\n\t");
    $post = $db->fetch_array($query);
    if (!$post) {
        error($lang->error_invalidpost);
    }
    if (!$mybb->input['my_post_key']) {
        error_no_permission();
    }
    verify_post_check($mybb->input['my_post_key']);
    $spammer = get_user($post['uid']);
    $data = array("a" => $spammer['username'], "am" => $spammer['email'], "ip" => $post['ipaddress'], "con" => substr($post['message'], 0, 100));
    $data = urlencode(json_encode($data));
    cloudflare_report_spam($data);
    redirect(get_post_link($pid), "Spam successfully reported to CloudFlare. You may now ban the spammer.");
}

function mysupport_modcp_support_denial()
{
    global $mybb;
    if ($mybb->settings['enablemysupport'] != 1) {
        return;
    }
    global $db, $cache, $lang, $theme, $templates, $headerinclude, $header, $footer, $modcp_nav, $mod_log_action, $redirect;
    $lang->load("mysupport");
    if ($mybb->input['action'] == "supportdenial") {
        if (!mysupport_usergroup("canmanagesupportdenial")) {
            error_no_permission();
        }
        add_breadcrumb($lang->nav_modcp, "modcp.php");
        add_breadcrumb($lang->support_denial, "modcp.php?action=supportdenial");
        if ($mybb->input['do'] == "do_denysupport") {
            verify_post_check($mybb->input['my_post_key']);
            if ($mybb->settings['enablemysupportsupportdenial'] != 1) {
                mysupport_error($lang->support_denial_not_enabled);
                exit;
            }
            // get username from UID
            // this is if we're revoking via the list of denied users, we specify a UID here
            if ($mybb->input['uid']) {
                $uid = intval($mybb->input['uid']);
                $user = get_user($uid);
                $username = $user['username'];
            } elseif ($mybb->input['username']) {
                $username = $db->escape_string($mybb->input['username']);
                $query = $db->simple_select("users", "uid", "username = '{$username}'");
                $uid = $db->fetch_field($query, "uid");
            }
            if (!$uid || !$username) {
                mysupport_error($lang->support_denial_reason_invalid_user);
                exit;
            }
            if (isset($mybb->input['deniedsupportreason'])) {
                $deniedsupportreason = intval($mybb->input['deniedsupportreason']);
            } else {
                $deniedsupportreason = 0;
            }
            if ($mybb->input['tid'] != 0) {
                $tid = intval($mybb->input['tid']);
                $thread_info = get_thread($tid);
                $fid = $thread_info['fid'];
                $redirect_url = get_thread_link($tid);
            } else {
                $redirect_url = "modcp.php?action=supportdenial";
            }
            $mod_log_action = "";
            $redirect = "";
            $mysupport_cache = $cache->read("mysupport");
            // -1 is if we're revoking and 0 is no reason, so those are exempt
            if (!array_key_exists($deniedsupportreason, $mysupport_cache['deniedreasons']) && $deniedsupportreason != -1 && $deniedsupportreason != 0) {
                mysupport_error($lang->support_denial_reason_invalid_reason);
                exit;
            } elseif ($deniedsupportreason == -1) {
                $update = array("deniedsupport" => 0, "deniedsupportreason" => 0, "deniedsupportuid" => 0);
                $db->update_query("users", $update, "uid = '" . intval($uid) . "'");
                $update = array("closed" => 0, "closedbymysupport" => 0);
                $mysupport_forums = implode(",", array_map("intval", mysupport_forums()));
                $db->update_query("threads", $update, "uid = '" . intval($uid) . "' AND fid IN (" . $db->escape_string($mysupport_forums) . ") AND closed = '1' AND closedbymysupport = '2'");
                mysupport_mod_log_action(11, $lang->sprintf($lang->deny_support_revoke_mod_log, $username));
                mysupport_redirect_message($lang->sprintf($lang->deny_support_revoke_success, htmlspecialchars_uni($username)));
            } else {
                $update = array("deniedsupport" => 1, "deniedsupportreason" => intval($deniedsupportreason), "deniedsupportuid" => intval($mybb->user['uid']));
                $db->update_query("users", $update, "uid = '" . intval($uid) . "'");
                if ($mybb->settings['mysupportclosewhendenied'] == 1) {
                    $update = array("closed" => 1, "closedbymysupport" => 2);
                    $mysupport_forums = implode(",", array_map("intval", mysupport_forums()));
                    $db->update_query("threads", $update, "uid = '" . intval($uid) . "' AND fid IN (" . $db->escape_string($mysupport_forums) . ") AND closed = '0'");
                }
                if ($deniedsupportreason != 0) {
                    $deniedsupportreason = $db->fetch_field($query, "name");
                    mysupport_mod_log_action(11, $lang->sprintf($lang->deny_support_mod_log_reason, $username, $deniedsupportreason));
                } else {
                    mysupport_mod_log_action(11, $lang->sprintf($lang->deny_support_mod_log, $username));
                }
                mysupport_redirect_message($lang->sprintf($lang->deny_support_success, htmlspecialchars_uni($username)));
            }
            if (!empty($mod_log_action)) {
                $mod_log_data = array("fid" => intval($fid), "tid" => intval($tid));
                log_moderator_action($mod_log_data, $mod_log_action);
            }
            redirect($redirect_url, $redirect);
        } elseif ($mybb->input['do'] == "denysupport") {
            if ($mybb->settings['enablemysupportsupportdenial'] != 1) {
                mysupport_error($lang->support_denial_not_enabled);
                exit;
            }
            $uid = intval($mybb->input['uid']);
            $tid = intval($mybb->input['tid']);
            $user = get_user($uid);
            $username = $user['username'];
            $user_link = build_profile_link(htmlspecialchars_uni($username), intval($uid), "blank");
            if ($mybb->input['uid']) {
                $deny_support_to = $lang->sprintf($lang->deny_support_to, htmlspecialchars_uni($username));
            } else {
                $deny_support_to = $lang->deny_support_to_user;
            }
            add_breadcrumb($deny_support_to);
//.........这里部分代码省略.........

function hello_new()
{
    global $mybb;
    // If we're not running the 'hello' action as specified in our form, get out of there.
    if ($mybb->get_input('action') != 'hello') {
        return;
    }
    // Only accept POST
    if ($mybb->request_method != 'post') {
        error_no_permission();
    }
    global $lang;
    // Correct post key? This is important to prevent CSRF
    verify_post_check($mybb->get_input('my_post_key'));
    // Load our language file
    $lang->load('hello');
    $message = trim($mybb->get_input('message'));
    // Message cannot be empty
    if (!$message || my_strlen($message) > 100) {
        error($lang->hello_message_empty);
    }
    global $db;
    // Escape input data
    $message = $db->escape_string($message);
    // Insert into database
    $db->insert_query('hello_messages', array('message' => $message));
    // Redirect to index.php with a message
    redirect('index.php', $lang->hello_done);
}

 function hook_newpoints_do_shop_start()
 {
     global $mybb, $db, $lang, $cache, $theme, $header, $templates, $plugins, $headerinclude, $footer, $options, $inline_errors;
     if ($mybb->get_input('shop_action') == 'buy_sticky') {
         $do = false;
     } elseif ($mybb->get_input('shop_action') == 'do_buy_sticky') {
         $do = true;
     } else {
         return false;
     }
     if ($do) {
         $plugins->run_hooks('newpoints_shop_do_buy_sticky_start');
     } else {
         $plugins->run_hooks('newpoints_shop_buy_sticky_start');
     }
     if (!($item = newpoints_shop_get_item($mybb->get_input('iid', 1)))) {
         error($lang->newpoints_shop_invalid_item);
     }
     if (!($cat = newpoints_shop_get_category($item['cid']))) {
         error($lang->newpoints_shop_invalid_cat);
     }
     if (!newpoints_shop_check_permissions($cat['usergroups'])) {
         error_no_permission();
     }
     if (!$item['visible'] || !$cat['visible']) {
         error_no_permission();
     }
     if (!$item['buy_sticky'] || $item['buy_sticky_time'] < 1) {
         error_no_permission();
     }
     $myitems = @unserialize($mybb->user['newpoints_items']);
     if (!$myitems) {
         error($lang->newpoints_shop_inventory_empty);
     }
     $key = array_search($item['iid'], $myitems);
     if ($key === false) {
         error($lang->newpoints_shop_selected_item_not_owned);
     }
     $this->load_language();
     if ($do) {
         // ~~~ @ https://github.com/PaulBender/Move-Posts/blob/master/inc/plugins/moveposts.php#L217 //
         if ($db->table_exists('google_seo')) {
             $regexp = "{$mybb->settings['bburl']}/{$mybb->settings['google_seo_url_threads']}";
             if ($regexp) {
                 $regexp = preg_quote($regexp, '#');
                 $regexp = str_replace('\\{\\$url\\}', '([^./]+)', $regexp);
                 $regexp = str_replace('\\{url\\}', '([^./]+)', $regexp);
                 $regexp = "#^{$regexp}\$#u";
             }
             $url = $mybb->get_input('threadurl');
             $url = preg_replace('/^([^#?]*)[#?].*$/u', '\\1', $url);
             $url = preg_replace($regexp, '\\1', $url);
             $url = urldecode($url);
             $query = $db->simple_select('google_seo', 'id', "idtype='4' AND url='{$db->escape_string($url)}'");
             $redeemtid = $db->fetch_field($query, 'id');
         }
         $realurl = explode('#', $mybb->get_input('threadurl'));
         $mybb->input['threadurl'] = $realurl[0];
         if (substr($mybb->get_input('threadurl'), -4) == 'html') {
             preg_match('#thread-([0-9]+)?#i', $mybb->get_input('threadurl'), $threadmatch);
             preg_match('#post-([0-9]+)?#i', $mybb->get_input('threadurl'), $postmatch);
             if ($threadmatch[1]) {
                 $parameters['tid'] = $threadmatch[1];
             }
             if ($postmatch[1]) {
                 $parameters['pid'] = $postmatch[1];
             }
         } else {
             $splitloc = explode('.php', $mybb->get_input('threadurl'));
             $temp = explode('&', my_substr($splitloc[1], 1));
             if (!empty($temp)) {
                 for ($i = 0; $i < count($temp); $i++) {
                     $temp2 = explode('=', $temp[$i], 2);
                     $parameters[$temp2[0]] = $temp2[1];
                 }
             } else {
                 $temp2 = explode('=', $splitloc[1], 2);
                 $parameters[$temp2[0]] = $temp2[1];
             }
         }
         if ($parameters['pid'] && !$parameters['tid']) {
             $query = $db->simple_select('posts', '*', "pid='" . (int) $parameters['pid'] . "'");
             $post = $db->fetch_array($query);
             $redeemtid = $post['tid'];
         } elseif ($parameters['tid']) {
             $redeemtid = $parameters['tid'];
         }
         $thread = get_thread($redeemtid);
         // ~~~ //
         if (!$thread['tid'] || !$thread['visible'] || $thread['deletetime']) {
             error($lang->newpoints_buy_sticky_redeem_error_invalid);
         }
         if ($thread['sticky']) {
             error($lang->newpoints_buy_sticky_redeem_error_alreadystickied);
         }
         if ($thread['closed']) {
             error($lang->newpoints_buy_sticky_redeem_error_closedthread);
         }
         if ($thread['uid'] != $mybb->user['uid']) {
             error($lang->newpoints_buy_sticky_redeem_error_wronguser);
//.........这里部分代码省略.........

function mylikes_popup()
{
    global $db, $mybb, $lang, $groupscache, $templates;
    if ($mybb->input['action'] == "likes_recount") {
        // Rebuild the cache for this post - the reputation/like counter may have changed
        if (!empty($mybb->input['pid'])) {
            JB_MyLikes_Like::cache($mybb->input['pid']);
        }
        exit;
    }
    if ($mybb->input['action'] != "likes") {
        return;
    }
    if (empty($mybb->input['pid']) || empty($mybb->input['uid'])) {
        error_no_permission();
    }
    $lang->load("mylikes");
    $pid = $mybb->get_input("pid");
    $uid = $mybb->get_input("uid");
    $query = $db->simple_select("reputation", "*", "uid={$uid} AND pid={$pid}");
    $users = "";
    while ($like = $db->fetch_array($query)) {
        $user = get_user($like['adduid']);
        $name = format_name($user['username'], $user['usergroup'], $user['displaygroup']);
        $profile_link = build_profile_link($name, $user['uid'], '_blank', 'if(window.opener) { window.opener.location = this.href; return false; }');
        $send_pm = '';
        if ($mybb->user['receivepms'] != 0 && $user['receivepms'] != 0 && $groupscache[$user['usergroup']]['canusepms'] != 0) {
            eval("\$send_pm = \"" . $templates->get("misc_buddypopup_user_sendpm") . "\";");
        }
        if ($user['lastactive']) {
            $last_active = $lang->sprintf($lang->last_active, my_date('relative', $user['lastactive']));
        } else {
            $last_active = $lang->sprintf($lang->last_active, $lang->never);
        }
        $user['avatar'] = format_avatar(htmlspecialchars_uni($user['avatar']), $user['avatardimensions'], '44x44');
        $online_alt = alt_trow();
        $users .= eval($templates->render("misc_mylikes_like"));
    }
    if (empty($users)) {
        $users = eval($templates->render("misc_mylikes_nolikes"));
    }
    echo eval($templates->render("misc_mylikes", 1, 0));
    exit;
}

function avatarep_popup()
{
    global $lang, $mybb, $templates, $avatarep_popup, $db;
    if ($mybb->settings['avatarep_active'] == 0 || $mybb->settings['avatarep_active'] == 1 && $mybb->settings['avatarep_menu'] == 0) {
        return false;
    }
    if ($mybb->input['action'] == "avatarep_popup") {
        if ($mybb->usergroup['canviewprofiles'] == 0) {
            error_no_permission();
        }
        $lang->load("member");
        $lang->load("avatarep");
        $uid = intval($mybb->input['uid']);
        $memprofile = get_user($uid);
        $memprofile['avatar'] = htmlspecialchars_uni($memprofile['avatar']);
        if (strlen(trim($memprofile['avatar'])) == 0) {
            $memprofile['avatar'] = "images/default_avatar.png";
        }
        $formattedname = format_name($memprofile['username'], $memprofile['usergroup'], $memprofile['displaygroup']);
        $usertitle = "";
        if (!empty($memprofile['usertitle'])) {
            $usertitle = $memprofile['usertitle'];
            $usertitle = "({$usertitle})";
        }
        $memregdate = my_date($mybb->settings['dateformat'], $memprofile['regdate']);
        $memprofile['postnum'] = my_number_format($memprofile['postnum']);
        $warning_link = "warnings.php?uid={$memprofile['uid']}";
        $warning_level = round($memprofile['warningpoints'] / $mybb->settings['maxwarningpoints'] * 100);
        $memlastvisitdate = my_date($mybb->settings['dateformat'], $memprofile['lastactive']);
        $memlastvisittime = my_date($mybb->settings['timeformat'], $memprofile['lastactive']);
        // User is currently online and this user has permissions to view the user on the WOL
        $timesearch = TIME_NOW - $mybb->settings['wolcutoffmins'] * 60;
        $query = $db->simple_select("sessions", "location,nopermission", "uid='{$uid}' AND time>'{$timesearch}'", array('order_by' => 'time', 'order_dir' => 'DESC', 'limit' => 1));
        $session = $db->fetch_array($query);
        if (($memprofile['invisible'] != 1 || $mybb->usergroup['canviewwolinvis'] == 1 || $memprofile['uid'] == $mybb->user['uid']) && !empty($session)) {
            eval("\$online_status = \"" . $templates->get("member_profile_online") . "\";");
        } else {
            eval("\$online_status = \"" . $templates->get("member_profile_offline") . "\";");
        }
        eval("\$avatarep_popup = \"" . $templates->get("avatarep_popup") . "\";");
        output_page($avatarep_popup);
    }
}

function ougc_pages_show()
{
    global $db, $ougc_pages, $lang, $templates, $mybb, $footer, $headerinclude, $header, $theme, $page, $category;
    // Load lang
    $ougc_pages->lang_load();
    !$ougc_pages->invalid_page or error($lang->ougc_pages_error_invalidpage);
    !$ougc_pages->invalid_çategory or error($lang->ougc_pages_error_invalidçategory);
    !$ougc_pages->no_permission or error_no_permission();
    // Load custom page language file if exists
    $lang->load('ougc_pages_' . $category['cid'], false, true);
    $lang->load('ougc_pages_' . $page['pid'], false, true);
    $category['name'] = htmlspecialchars_uni($category['name']);
    /*if($category['breadcrumb'])
    	{
    		add_breadcrumb($category['name'], $ougc_pages->get_category_link($category['cid']));
    	}`*/
    add_breadcrumb($category['name'], $ougc_pages->get_category_link($category['cid']));
    $gids = explode(',', $mybb->user['additionalgroups']);
    $gids[] = $mybb->user['usergroup'];
    $gids = array_filter(array_unique($gids));
    $sqlwhere = 'visible=\'1\' AND cid=\'' . (int) $category['cid'] . '\' AND groups!=\'\' AND (groups=\'-1\'';
    switch ($db->type) {
        case 'pgsql':
        case 'sqlite':
            foreach ($gids as $gid) {
                $gid = (int) $gid;
                $sqlwhere .= ' OR \',\'||groups||\',\' LIKE \'%,' . $gid . ',%\'';
            }
            break;
        default:
            foreach ($gids as $gid) {
                $gid = (int) $gid;
                $sqlwhere .= ' OR CONCAT(\',\',groups,\',\') LIKE \'%,' . $gid . ',%\'';
            }
            break;
    }
    $sqlwhere .= ')';
    /*$navigation = array('previous' => '', 'right' => 'next');*/
    if (!empty($page)) {
        $title = $page['name'] = htmlspecialchars_uni($page['name']);
        $description = $page['description'] = htmlspecialchars_uni($page['description']);
        add_breadcrumb($page['name'], $ougc_pages->get_page_link($page['pid']));
        /*if($category['navigation'])
        		{
        			$sqlwhere .= 'AND php!=\'1\' AND disporder';
        			$where = '<\''.(int)$page['disporder'].'\'';
        			$query = $db->simple_select('ougc_pages', 'pid', $sqlwhere.$where, array('order_by' => 'disporder, name', 'limit' => 1));
        			$previous_page_id = (int)$db->fetch_field($query, 'pid');
        
        			if($previous_page_id)
        			{
        				$previous_link = $ougc_pages->get_page_link($previous_page_id);
        				eval('$navigation[\'previous\'] = "'.$templates->get('ougcpages_navigation_previous').'";');
        			}
        
        			$where = '>\''.(int)$page['disporder'].'\'';
        			$query = $db->simple_select('ougc_pages', 'pid', $sqlwhere.$where, array('order_by' => 'disporder, name', 'limit' => 1));
        			$next_page_id = (int)$db->fetch_field($query, 'pid');
        
        			if($next_page_id)
        			{
        				$next_link = $ougc_pages->get_page_link($next_page_id);
        				eval('$navigation[\'next\'] = "'.$templates->get('ougcpages_navigation_next').'";');
        			}
        		}*/
        $templates->cache['ougcpages_temporary_tmpl'] = $page['template'];
        #TODO: Add "Las updated on DATELINE..." to page
        eval('$content = "' . $templates->get('ougcpages_temporary_tmpl') . '";');
        if ($page['wrapper']) {
            eval('$content = "' . $templates->get('ougcpages_wrapper') . '";');
        }
    } else {
        $title = $category['name'] = htmlspecialchars_uni($category['name']);
        $description = $category['description'] = htmlspecialchars_uni($category['description']);
        $query = $db->simple_select('ougc_pages', '*', $sqlwhere, array('order_by' => 'disporder'));
        $page_list = '';
        while ($page = $db->fetch_array($query)) {
            $page['name'] = htmlspecialchars_uni($page['name']);
            $page_link = $ougc_pages->get_page_link($page['pid']);
            eval('$page_list .= "' . $templates->get('ougcpages_category_list_item') . '";');
        }
        if (!$page_list) {
            eval('$content = "' . $templates->get('ougcpages_category_list_empty') . '";');
        } else {
            eval('$content = "' . $templates->get('ougcpages_category_list') . '";');
        }
        eval('$content = "' . $templates->get('ougcpages_wrapper') . '";');
    }
    /*if($category['navigation'])
    	{
    		eval('$content = "'.$templates->get('ougcpages_navigation').'";');
    	}*/
    /*if($portal)
    	{
    		return $content;
    	}*/
    eval('$page = "' . $templates->get('ougcpages') . '";');
    output_page($page);
    exit;
}