本文整理汇总了PHP中phorum_api_user_check_access函数的典型用法代码示例。如果您正苦于以下问题:PHP phorum_api_user_check_access函数的具体用法?PHP phorum_api_user_check_access怎么用?PHP phorum_api_user_check_access使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了phorum_api_user_check_access函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。
示例1: phorum_api_redirect
// we should not redirect to the listpage for moderators.
// Else a moderator can never read an unapproved message.
if (isset($PHORUM["postingargs"]["as_include"])) {
if ($PHORUM["DATA"]["MODERATOR"]) {
$PHORUM["DATA"]["OKMSG"] = $PHORUM["DATA"]["LANG"]["UnapprovedMessage"];
return;
}
}
// In other cases, redirect users that are replying to
// unapproved messages to the message list.
phorum_api_redirect(PHORUM_LIST_URL);
}
// closed topic, show a message
if ($top_parent["closed"]) {
$PHORUM["DATA"]["OKMSG"] = $PHORUM["DATA"]["LANG"]["ThreadClosed"];
$PHORUM["posting_template"] = "message";
return;
}
}
// Do permission checks for editing messages.
if ($mode == "edit") {
// Check if the user is allowed to edit this post.
$timelim = $PHORUM["user_edit_timelimit"];
$useredit = $message["user_id"] == $PHORUM["user"]["user_id"] && phorum_api_user_check_access(PHORUM_USER_ALLOW_EDIT) && !empty($top_parent) && !$top_parent["closed"] && (!$timelim || $message["datestamp"] + $timelim * 60 >= time());
// Moderators are allowed to edit messages.
$moderatoredit = $PHORUM["DATA"]["MODERATOR"] && $message["forum_id"] == $PHORUM["forum_id"];
if (!$useredit && !$moderatoredit) {
$PHORUM["DATA"]["ERROR"] = $PHORUM["DATA"]["LANG"]["EditPostForbidden"];
return;
}
}示例2: phorum_api_forums_tree
/**
* This function can be used to build a tree structure for the available
* folders and forums.
*
* @param mixed $vroot
* The vroot for which to build the forums tree (0 (zero) to
* use the main root folder) or NULL to use the current (v)root.
*
* @param int $flags
* If the {@link PHORUM_FLAG_INCLUDE_INACTIVE} flag is set, then
* inactive forums and folders will be included in the tree.
* If the {@link PHORUM_FLAG_INCLUDE_EMPTY_FOLDERS} flag is set, then
* empty folders will be included in the tree. By default, empty folders
* will be taken out of the tree.
*
* @return array
* An array containing arrays that describe nodes in the tree.
* The nodes are in the order in which they would appear in an expanded
* tree, moving from top to bottom. An "indent" field is added to each
* node array to tell at what indention level the node lives.
*/
function phorum_api_forums_tree($vroot = NULL, $flags = 0)
{
global $PHORUM;
if ($vroot === NULL) {
$vroot = isset($PHORUM['vroot']) ? $PHORUM['vroot'] : 0;
} else {
settype($vroot, 'int');
}
// Get the information for the root.
$root = phorum_api_forums_by_forum_id($vroot, $flags);
if (!$root) {
trigger_error("phorum_api_forums_tree(): vroot {$vroot} does not exist", E_USER_ERROR);
return NULL;
}
if ($root['vroot'] != $root['forum_id']) {
trigger_error("phorum_api_forums_tree(): vroot {$vroot} is not a vroot folder", E_USER_ERROR);
return NULL;
}
// Temporarily witch to the vroot for which we are building a tree.
$orig_vroot = isset($PHORUM['vroot']) ? $PHORUM['vroot'] : 0;
$PHORUM['vroot'] = $vroot;
// Check what forums the current user can read in that vroot.
$allowed_forums = phorum_api_user_check_access(PHORUM_USER_ALLOW_READ, PHORUM_ACCESS_LIST);
// Load the data for those forums.
$forums = phorum_api_forums_by_forum_id($allowed_forums, $flags);
// Sort the forums in a tree structure.
// First pass: build a parent / child relationship structure.
$tmp_forums = array();
foreach ($forums as $forum_id => $forum) {
$tmp_forums[$forum_id]['forum_id'] = $forum_id;
$tmp_forums[$forum_id]['parent'] = $forum['parent_id'];
if (empty($forums[$forum["parent_id"]]["childcount"])) {
$tmp_forums[$forum["parent_id"]]["children"] = array($forum_id);
$forums[$forum["parent_id"]]["childcount"] = 1;
} else {
$tmp_forums[$forum["parent_id"]]["children"][] = $forum_id;
$forums[$forum["parent_id"]]["childcount"]++;
}
}
// Second pass: sort the folders and forums in their tree order.
$order = array();
$stack = array();
$seen = array();
$curr_id = $vroot;
while (count($tmp_forums)) {
// Add the current element to the tree order array. Do not add it
// in case we've already seen it (we move down and back up the tree
// during processing, so we could see an element twice
// while doing that).
if ($curr_id != 0 && empty($seen[$curr_id])) {
$order[$curr_id] = $forums[$curr_id];
$seen[$curr_id] = true;
}
// Push the current element on the tree walking stack
// to move down the tree.
array_push($stack, $curr_id);
// Get the current element's data.
$data = $tmp_forums[$curr_id];
// If there are no children (anymore), then move back up the the tree.
if (empty($data["children"])) {
unset($tmp_forums[$curr_id]);
array_pop($stack);
$curr_id = array_pop($stack);
} else {
$curr_id = array_shift($tmp_forums[$curr_id]["children"]);
}
if (!is_numeric($curr_id)) {
break;
}
}
$tree = array();
foreach ($order as $forum) {
if ($forum["folder_flag"]) {
// Skip empty folders, if we didn't request them
if (empty($forums[$forum['forum_id']]['childcount']) && !($flags & PHORUM_FLAG_INCLUDE_EMPTY_FOLDERS)) {
continue;
}
$url = phorum_api_url(PHORUM_INDEX_URL, $forum["forum_id"]);
} else {
//.........这里部分代码省略.........
示例3: foreach
}
// Loop over all the folders (flat view sections) that we will show and get
// their child forums and folders.
foreach ($folders as $folder_id => $dummy) {
// These folders are level zero folders. To the child forums and folders,
// level 1 will be assigned. The level value can be used in the template
// to see where a new top level folder starts.
$forums[$folder_id]['level'] = 0;
// Retrieve the children for the current folder. For the (v)root folder,
// we only retrieve the contained forums, since its folders will be shown
// as separate sections in the flat index view instead.
$children = phorum_api_forums_get(NULL, $folder_id, NULL, $PHORUM['vroot'], $PHORUM['vroot'] == $folder_id ? PHORUM_FLAG_FORUMS : 0);
foreach ($children as $child_forum_id => $child_forum) {
// If inaccessible forums should be hidden on the index, then check
// if the current user has rights to access the current forum.
if (!$child_forum['folder_flag'] && $PHORUM['hide_forums'] && !phorum_api_user_check_access(PHORUM_USER_ALLOW_READ, $child_forum_id)) {
continue;
}
// These are level one forums and folders.
$child_forum['level'] = 1;
// Remember the data.
$forums[$child_forum_id] = $child_forum;
// Add the forum or folder to the child list for the current folder.
$folders[$folder_id][$child_forum_id] = $child_forum_id;
}
}
// --------------------------------------------------------------------
// Setup the template data and display the template
// --------------------------------------------------------------------
// Format the data for the forums and folders that we gathered.
$forums = phorum_api_format_forums($forums, PHORUM_FLAG_ADD_UNREAD_INFO);示例4: phorum_build_forum_list
function phorum_build_forum_list()
{
$PHORUM = $GLOBALS["PHORUM"];
// Check what forums the current user can read.
$allowed_forums = phorum_api_user_check_access(PHORUM_USER_ALLOW_READ, PHORUM_ACCESS_LIST);
$forum_picker = array();
// build forum drop down data
require_once './include/api/forums.php';
$forums = phorum_api_forums_get($allowed_forums);
foreach ($forums as $forum) {
$tmp_forums[$forum["forum_id"]]["forum_id"] = $forum["forum_id"];
$tmp_forums[$forum["forum_id"]]["parent"] = $forum["parent_id"];
$tmp_forums[$forum["parent_id"]]["children"][] = $forum["forum_id"];
if (empty($forums[$forum["parent_id"]]["childcount"])) {
$forums[$forum["parent_id"]]["childcount"] = 1;
} else {
$forums[$forum["parent_id"]]["childcount"]++;
}
}
$order = array();
$stack = array();
$curr_id = $PHORUM['vroot'];
while (count($tmp_forums)) {
if (empty($seen[$curr_id])) {
if ($curr_id != $PHORUM['vroot']) {
if ($forums[$curr_id]["active"]) {
$order[$curr_id] = $forums[$curr_id];
}
$seen[$curr_id] = true;
}
}
array_unshift($stack, $curr_id);
$data = $tmp_forums[$curr_id];
if (isset($data["children"])) {
if (count($data["children"])) {
$curr_id = array_shift($tmp_forums[$curr_id]["children"]);
} else {
unset($tmp_forums[$curr_id]);
array_shift($stack);
$curr_id = array_shift($stack);
}
} else {
unset($tmp_forums[$curr_id]);
array_shift($stack);
$curr_id = array_shift($stack);
}
if (!is_numeric($curr_id)) {
break;
}
}
foreach ($order as $forum) {
if ($forum["folder_flag"]) {
// Skip empty folders.
if (empty($forums[$forum['forum_id']]['childcount'])) {
continue;
}
$url = phorum_get_url(PHORUM_INDEX_URL, $forum["forum_id"]);
} else {
$url = phorum_get_url(PHORUM_LIST_URL, $forum["forum_id"]);
}
$indent = count($forum["forum_path"]) - 2;
if ($indent < 0) {
$indent = 0;
}
$forum_picker[$forum["forum_id"]] = array("forum_id" => $forum["forum_id"], "parent_id" => $forum["parent_id"], "folder_flag" => $forum["folder_flag"], "name" => $forum["name"], "stripped_name" => strip_tags($forum["name"]), "indent" => $indent, "indent_spaces" => str_repeat(" ", $indent), "url" => $url, "path" => $forum["forum_path"]);
}
return $forum_picker;
}示例5: phorum_db_get_forums
$forums = phorum_db_get_forums(0, $parent_id);
$PHORUM["DATA"]["FORUMS"] = array();
$forums_shown = false;
$new_checks = array();
if ($PHORUM["DATA"]["LOGGEDIN"] && !empty($forums)) {
if ($PHORUM["show_new_on_index"] == 2) {
$new_checks = phorum_db_newflag_check(array_keys($forums));
} elseif ($PHORUM["show_new_on_index"] == 1) {
$new_counts = phorum_db_newflag_count(array_keys($forums));
}
}
foreach ($forums as $forum) {
if ($forum["folder_flag"]) {
$forum["URL"]["LIST"] = phorum_get_url(PHORUM_INDEX_URL, $forum["forum_id"]);
} else {
if ($PHORUM["hide_forums"] && !phorum_api_user_check_access(PHORUM_USER_ALLOW_READ, $forum["forum_id"])) {
continue;
}
$forum["url"] = phorum_get_url(PHORUM_LIST_URL, $forum["forum_id"]);
// if there is only one forum in Phorum, redirect to it.
if ($parent_id == 0 && count($forums) < 2) {
phorum_redirect_by_url($forum['url']);
exit;
}
if ($forum["message_count"] > 0) {
$forum["raw_last_post"] = $forum["last_post_time"];
$forum["last_post"] = phorum_date($PHORUM["long_date_time"], $forum["last_post_time"]);
} else {
$forum["last_post"] = " ";
}
$forum["URL"]["LIST"] = phorum_get_url(PHORUM_LIST_URL, $forum["forum_id"]);示例6: elseif
} elseif (isset($PHORUM['args']['onlyunapproved']) && !empty($PHORUM["args"]['onlyunapproved']) && is_numeric($PHORUM["args"]['onlyunapproved'])) {
$showwaiting = (int) $PHORUM['args']['onlyunapproved'];
} else {
$showwaiting = phorum_api_user_get_setting('cc_messages_onlyunapproved');
}
if (empty($showwaiting)) {
$showwaiting = 0;
}
$PHORUM['DATA']['SELECTED'] = $moddays;
$PHORUM['DATA']['SELECTED_2'] = $showwaiting ? true : false;
// Store current selection for the user.
phorum_api_user_save_settings(array("cc_messages_moddays" => $moddays, "cc_messages_onlyunapproved" => $showwaiting));
// some needed vars
$numunapproved = 0;
$oldforum = $PHORUM['forum_id'];
$mod_forums = phorum_api_user_check_access(PHORUM_USER_ALLOW_MODERATE_MESSAGES, PHORUM_ACCESS_LIST);
$gotforums = count($mod_forums) > 0;
if ($gotforums && isset($_POST['deleteids']) && count($_POST['deleteids'])) {
//print_var($_POST['deleteids']);
$deleteids = $_POST['deleteids'];
foreach ($deleteids as $did => $did_var) {
$deleteids[$did] = (int) $did_var;
}
$delete_messages = phorum_db_get_message(array_keys($deleteids), 'message_id', true);
//print_var($delete_messages);
foreach ($deleteids as $msgthd_id => $doit) {
// A hook to allow modules to implement extra or different
// delete functionality.
if ($doit && isset($mod_forums[$delete_messages[$msgthd_id]['forum_id']])) {
$delete_handled = 0;
if (isset($PHORUM["hooks"]["before_delete"])) {示例7: get_neighbour_thread
/**
* Retrieve the closest neighbour thread. What "neighbour" is, depends on the
* float to top setting. If float to top is enabled, then the
* modifystamp is used for comparison (so the time at which the last
* message was posted to a thread). Otherwise, the thread id is used
* (so the time at which a thread was started).
*
* @param integer $key
* The key value of the message for which the neighbour must be returned.
* The key value is either the modifystamp (if float to top is enabled)
* or the thread id.
*
* @param string $direction
* Either "older" or "newer".
*
* @return integer
* The thread id for the requested neigbour thread or 0 (zero) if there
* is no neighbour available.
*/
public function get_neighbour_thread($key, $direction)
{
global $PHORUM;
settype($key, 'int');
$keyfield = $PHORUM['float_to_top'] ? 'modifystamp' : 'datestamp';
$compare = "";
$orderdir = "";
switch ($direction) {
case 'newer':
$compare = '>';
$orderdir = 'ASC';
break;
case 'older':
$compare = '<';
$orderdir = 'DESC';
break;
default:
trigger_error(__METHOD__ . ': Illegal direction ' . '"' . htmlspecialchars($direction) . '"', E_USER_ERROR);
}
// If the active Phorum user is not a moderator for the forum, then
// the neighbour message should be approved.
$approvedval = '';
if (!phorum_api_user_check_access(PHORUM_USER_ALLOW_MODERATE_MESSAGES)) {
$approvedval = 'AND status = ' . PHORUM_STATUS_APPROVED;
}
// Select the neighbour from the database.
$thread = $this->interact(DB_RETURN_VALUE, "SELECT thread\n FROM {$this->message_table}\n WHERE forum_id = {$PHORUM['forum_id']} AND\n parent_id = 0\n {$approvedval} AND\n {$keyfield} {$compare} {$key}\n ORDER BY {$keyfield} {$orderdir}", NULL, 0, 1);
return $thread;
}示例8: unset
// Retrieve the recent messages.
$recent = $PHORUM['DB']->get_recent_messages($count, 0, $forum_id, $thread_id, $threads_only);
unset($recent["users"]);
// Add newflag info to the messages.
if ($PHORUM["DATA"]["LOGGEDIN"]) {
$type = $threads_only ? PHORUM_NEWFLAGS_BY_THREAD : PHORUM_NEWFLAGS_BY_MESSAGE;
$recent = phorum_api_newflags_apply_to_messages($recent, $type);
}
// Format the messages.
$recent = phorum_api_format_messages($recent);
// Apply the list hook to the messages.
if (isset($PHORUM["hooks"]["list"])) {
$recent = phorum_api_hook("list", $recent);
}
// Retrieve information about the forums for the active user.
$allowed_forums = phorum_api_user_check_access(PHORUM_USER_ALLOW_READ, PHORUM_ACCESS_LIST);
$forums = $PHORUM['DB']->get_forums($allowed_forums);
foreach ($forums as $id => $forum) {
$forums[$id]['url'] = phorum_get_url(PHORUM_LIST_URL, $forum['forum_id']);
}
// Add forum info to the messages and clean up data.
foreach ($recent as $id => $message) {
$recent[$id]['foruminfo'] = array('id' => $message['forum_id'], 'name' => $forums[$message['forum_id']]['name'], 'url' => $forums[$message['forum_id']]['url']);
// Strip fields that the caller should not see in the return data.
unset($recent[$id]['email']);
unset($recent[$id]['ip']);
unset($recent[$id]['meta']);
unset($recent[$id]['msgid']);
}
// Return the results.
phorum_ajax_return(array_values($recent));示例9: phorum_get_url
$PHORUM['DATA']['URL']['CC3'] = phorum_get_url(PHORUM_CONTROLCENTER_URL, "panel=" . PHORUM_CC_USERINFO);
$PHORUM['DATA']['URL']['CC4'] = phorum_get_url(PHORUM_CONTROLCENTER_URL, "panel=" . PHORUM_CC_SIGNATURE);
$PHORUM['DATA']['URL']['CC5'] = phorum_get_url(PHORUM_CONTROLCENTER_URL, "panel=" . PHORUM_CC_MAIL);
$PHORUM['DATA']['URL']['CC6'] = phorum_get_url(PHORUM_CONTROLCENTER_URL, "panel=" . PHORUM_CC_BOARD);
$PHORUM['DATA']['URL']['CC7'] = phorum_get_url(PHORUM_CONTROLCENTER_URL, "panel=" . PHORUM_CC_PASSWORD);
$PHORUM['DATA']['URL']['CC8'] = phorum_get_url(PHORUM_CONTROLCENTER_URL, "panel=" . PHORUM_CC_UNAPPROVED);
$PHORUM['DATA']['URL']['CC9'] = phorum_get_url(PHORUM_CONTROLCENTER_URL, "panel=" . PHORUM_CC_FILES);
$PHORUM['DATA']['URL']['CC10'] = phorum_get_url(PHORUM_CONTROLCENTER_URL, "panel=" . PHORUM_CC_USERS);
$PHORUM['DATA']['URL']['CC14'] = phorum_get_url(PHORUM_CONTROLCENTER_URL, "panel=" . PHORUM_CC_PRIVACY);
$PHORUM['DATA']['URL']['CC15'] = phorum_get_url(PHORUM_CONTROLCENTER_URL, "panel=" . PHORUM_CC_GROUP_MODERATION);
$PHORUM['DATA']['URL']['CC16'] = phorum_get_url(PHORUM_CONTROLCENTER_URL, "panel=" . PHORUM_CC_GROUP_MEMBERSHIP);
// Determine if the user files functionality is available.
$PHORUM["DATA"]["MYFILES"] = $PHORUM["file_uploads"] || $PHORUM["user"]["admin"];
// Determine if the user is a moderator.
$PHORUM["DATA"]["MESSAGE_MODERATOR"] = phorum_api_user_check_access(PHORUM_USER_ALLOW_MODERATE_MESSAGES, PHORUM_ACCESS_ANY);
$PHORUM["DATA"]["USER_MODERATOR"] = phorum_api_user_check_access(PHORUM_USER_ALLOW_MODERATE_USERS, PHORUM_ACCESS_ANY);
$PHORUM["DATA"]["GROUP_MODERATOR"] = phorum_api_user_check_group_access(PHORUM_USER_GROUP_MODERATOR, PHORUM_ACCESS_ANY);
$PHORUM["DATA"]["MODERATOR"] = $PHORUM["DATA"]["USER_MODERATOR"] + $PHORUM["DATA"]["MESSAGE_MODERATOR"] + $PHORUM["DATA"]["GROUP_MODERATOR"] > 0;
// If global email hiding is not enabled, then give the user a chance
// to choose for hiding himself.
$PHORUM['DATA']['SHOW_EMAIL_HIDE'] = empty($PHORUM['hide_email_addr']) ? 1 : 0;
// If pm email notifications are enabled, then give the user a chance
// to disable it.
$PHORUM['DATA']['SHOW_PM_EMAIL_NOTIFY'] = !empty($PHORUM["allow_pm_email_notify"]);
// The form action for the common form.
$PHORUM["DATA"]["URL"]["ACTION"] = phorum_get_url(PHORUM_CONTROLCENTER_ACTION_URL);
// fill the breadcrumbs-info
$PHORUM['DATA']['BREADCRUMBS'][] = array('URL' => $PHORUM['DATA']['URL']['REGISTERPROFILE'], 'TEXT' => $PHORUM['DATA']['LANG']['MyProfile'], 'TYPE' => 'control');
$user = $PHORUM['user'];
// Security messures.
unset($user["password"]);示例10: phorum_api_format_messages
//.........这里部分代码省略.........
// Convert legacy <...> URLs into bare URLs.
$body = preg_replace("/<(\n (?:http|https|ftp):\\/\\/\n [a-z0-9;\\/\\?:@=\\&\$\\-_\\.\\+!*'\\(\\),~%]+?\n )>/xi", "\$1", $body);
// Escape special HTML characters.
$escaped_body = htmlspecialchars($body, ENT_COMPAT, $PHORUM["DATA"]["HCHARSET"]);
// When there is a charset mismatch between the database
// and the language file, then bodies might get crippled
// because of the htmlspecialchars() call. Here we try to
// correct this issue. It's not perfect, but we do what
// we can ...
if ($escaped_body == '') {
if (function_exists("iconv")) {
// We are gonna guess and see if we get lucky.
$escaped_body = iconv("ISO-8859-1", $PHORUM["DATA"]["HCHARSET"], $body);
} else {
// We let htmlspecialchars use its defaults.
$escaped_body = htmlspecialchars($body);
}
}
$body = $escaped_body;
// Replace newlines with $phorum_br temporarily.
// This way the mods know what breaks were added by
// Phorum and what breaks by the user.
$body = str_replace("\n", "{$phorum_br}\n", $body);
// Censor bad words in the body.
if ($censor_search !== NULL) {
$body = preg_replace($censor_search, $censor_replace, $body);
}
$messages[$id]['body'] = $body;
}
// -----------------------------------------------------------------
// Message subject
// -----------------------------------------------------------------
// Censor bad words in the subject.
if (isset($message['subject']) && $censor_search !== NULL) {
$messages[$id]['subject'] = preg_replace($censor_search, $censor_replace, $message['subject']);
}
// Escape special HTML characters.
if (isset($message['subject'])) {
$messages[$id]['subject'] = htmlspecialchars($messages[$id]['subject'], ENT_COMPAT, $PHORUM['DATA']['HCHARSET']);
}
// -----------------------------------------------------------------
// Message author
// -----------------------------------------------------------------
// Escape special HTML characters in the email address.
if (isset($message['email'])) {
$messages[$id]['email'] = htmlspecialchars($message['email'], ENT_COMPAT, $PHORUM['DATA']['HCHARSET']);
}
// Do author formatting for all provided author fields.
foreach ($author_specs as $spec) {
// Use "Anonymous user" as the author name if there's no author
// name available for some reason.
if (!isset($message[$spec[1]]) || $message[$spec[1]] == '') {
$messages[$id][$spec[3]] = $PHORUM["DATA"]["LANG"]["AnonymousUser"];
} elseif (!empty($message[$spec[0]])) {
$url = str_replace('%spec_data%', $message[$spec[0]], $profile_url_template);
$messages[$id]["URL"][$spec[4]] = $url;
$messages[$id][$spec[3]] = empty($PHORUM["custom_display_name"]) ? htmlspecialchars($message[$spec[1]], ENT_COMPAT, $PHORUM["DATA"]["HCHARSET"]) : $message[$spec[1]];
} elseif ($spec[2] !== NULL && !empty($message[$spec[2]]) && (empty($PHORUM['hide_email_addr']) || !empty($PHORUM["user"]["admin"]) || phorum_api_user_check_access(PHORUM_USER_ALLOW_MODERATE_MESSAGES) && PHORUM_MOD_EMAIL_VIEW || phorum_api_user_check_access(PHORUM_USER_ALLOW_MODERATE_USERS) && PHORUM_MOD_EMAIL_VIEW)) {
$messages[$id][$spec[3]] = htmlspecialchars($message[$spec[1]], ENT_COMPAT, $PHORUM["DATA"]["HCHARSET"]);
$email_url = phorum_api_format_html_encode("mailto:" . $message[$spec[2]]);
$messages[$id]["URL"]["PROFILE"] = $email_url;
} else {
$messages[$id][$spec[3]] = htmlspecialchars($message[$spec[1]], ENT_COMPAT, $PHORUM["DATA"]["HCHARSET"]);
}
if ($censor_search !== NULL) {
$messages[$id][$spec[3]] = preg_replace($censor_search, $censor_replace, $messages[$id][$spec[3]]);
}
}
}
// A hook for module writers to apply custom message formatting.
if (isset($PHORUM["hooks"]["format"])) {
$messages = phorum_api_hook("format", $messages);
}
// A hook for module writers for doing post formatting fixups.
if (isset($PHORUM["hooks"]["format_fixup"])) {
$messages = phorum_api_hook("format_fixup", $messages);
}
// Clean up after the mods are done.
foreach ($messages as $id => $message) {
// Clean up line breaks inside pre and xmp tags. These tags
// take care of showing newlines as breaks themselves.
if (isset($message['body']) && $message['body'] != '') {
foreach (array('pre', 'goep', 'xmp') as $tagname) {
if (preg_match_all("/(<{$tagname}.*?>).+?(<\\/{$tagname}>)/si", $message['body'], $matches)) {
foreach ($matches[0] as $match) {
$stripped = str_replace($phorum_br, '', $match);
$message['body'] = str_replace($match, $stripped, $message['body']);
}
}
}
// Remove line break after div, quote and code tags. These
// tags have their own line break. Without this, there would
// be to many white lines.
$message['body'] = preg_replace("/\\s*(<\\/?(?:div|xmp|blockquote|pre)[^>]*>)\\s*\\Q{$phorum_br}\\E/", '$1', $message['body']);
// Normalize the Phorum line breaks that are left.
$messages[$id]['body'] = str_replace($phorum_br, "<br />", $message['body']);
}
}
return $messages;
}示例11: phorum_api_file_check_delete_access
/**
* Check if the active user has permission to delete a file.
*
* @example file_delete.php Delete a file.
*
* @param integer $file_id
* The file_id of the file for which to check the delete access.
*
* @return boolean
* TRUE if the user has rights to delete the file, FALSE otherwise.
*/
function phorum_api_file_check_delete_access($file_id)
{
global $PHORUM;
settype($file_id, "int");
// Administrator users always have rights to delete files.
if ($PHORUM["user"]["admin"]) {
return TRUE;
}
// Anonymous users never have rights to delete files.
if (empty($PHORUM["user"]["user_id"])) {
return FALSE;
}
// For other users, the file information has to be retrieved
// to be able to check the delete access.
$file = phorum_api_file_check_read_access($file_id, PHORUM_FLAG_IGNORE_PERMS);
// To prevent permission errors after deleting the same file twice,
// we'll return TRUE if we did not find a file (if the file is not found,
// then there's no harm in deleting it; the file storage API will
// silently ignore deleting non-existent files). If some other error
// occurred, then we return FALSE (most likely, the user does not
// even have read permission for the file, so delete access would
// be out of the question too).
if ($file === FALSE) {
if (phorum_api_errno() == PHORUM_ERRNO_NOTFOUND) {
return TRUE;
} else {
return FALSE;
}
}
// We don't care about deleting temporary files and files that
// are linked to the posting editor (during writing a post).
// Those are both intermediate states for files, without them
// being available on the forum. So for those, we always grant
// delete access.
if ($file["link"] == PHORUM_LINK_TEMPFILE || $file["link"] == PHORUM_LINK_EDITOR) {
return TRUE;
}
// If the file is owned by the user, then the user has rights
// to delete the file (this would be a personal user file).
if (!empty($file["user_id"]) && $file["user_id"] == $PHORUM["user"]["user_id"]) {
return TRUE;
}
// The file is not owned by the user. In that case, the user only has
// rights to delete it if it is a file that is linked to a message which
// the user posted himself of which was posted in a forum for which
// the user is a moderator.
if ($file["link"] == PHORUM_LINK_MESSAGE) {
// Retrieve the message to which the file is linked.
$message = phorum_db_get_message($file["message_id"]);
// If the message cannot be found, we do not care if the linked
// file is deleted. It's clearly an orphin file.
if (!$message) {
return TRUE;
}
// Check if the user posted the message himself.
if (!empty($message["user_id"]) && $message["user_id"] == $PHORUM["user"]["user_id"]) {
return TRUE;
}
// Check if the user is moderator for the forum_id of the message.
if (phorum_api_user_check_access(PHORUM_USER_ALLOW_MODERATE_MESSAGES, $message["forum_id"])) {
return TRUE;
}
}
// The default policy for any unhandled case is to deny access.
return FALSE;
}示例12: phorum_api_redirect
return;
}
// somehow we got to a folder
if ($PHORUM["folder_flag"]) {
phorum_api_redirect(PHORUM_INDEX_URL, $PHORUM['forum_id']);
}
if (isset($PHORUM["args"][1]) && is_numeric($PHORUM["args"][1])) {
$message_id = $PHORUM["args"][1];
} else {
phorum_api_redirect(PHORUM_INDEX_URL, $PHORUM['forum_id']);
}
$message = $PHORUM['DB']->get_message($message_id);
if (empty($message)) {
phorum_api_redirect(PHORUM_INDEX_URL, $PHORUM["forum_id"]);
}
$PHORUM["DATA"]["MODERATOR"] = phorum_api_user_check_access(PHORUM_USER_ALLOW_MODERATE_MESSAGES);
$edit_tracks = $PHORUM['DB']->get_message_edits($message_id);
if (count($edit_tracks) == 0 || $PHORUM["track_edits"] == PHORUM_EDIT_TRACK_OFF || $PHORUM["track_edits"] == PHORUM_EDIT_TRACK_MODERATOR && !$PHORUM["DATA"]["MODERATOR"]) {
phorum_api_redirect(PHORUM_READ_URL, $message['thread'], $message_id);
}
$diffs = array_reverse($edit_tracks);
// push an empty diff for the current status
array_push($diffs, array());
$prev_body = -1;
$prev_subject = -1;
foreach ($diffs as $diff_info) {
if (!isset($diff_info["user_id"])) {
$this_version["username"] = empty($PHORUM['custom_display_name']) ? htmlspecialchars($message["author"], ENT_COMPAT, $PHORUM["DATA"]["HCHARSET"]) : $message["author"];
$this_version["user_id"] = $message["user_id"];
$this_version["date"] = phorum_api_format_date($PHORUM["long_date_time"], $message["datestamp"]);
$this_version["original"] = true;示例13: phorum_format_messages
//.........这里部分代码省略.........
// Normally, the message_id must be set, since we should be handling
// message data. It might not be set however, because sometimes
// the message formatting is called using some fake message data
// for formatting something else than a message.
if (!isset($message['message_id'])) {
$data[$key]['message_id'] = $message['message_id'] = $key;
}
// Work on the message body ========================
if (isset($message["body"])) {
$body = $message["body"];
// Convert legacy <> urls into bare urls.
$body = preg_replace("/<((http|https|ftp):\\/\\/[a-z0-9;\\/\\?:@=\\&\$\\-_\\.\\+!*'\\(\\),~%]+?)>/i", "\$1", $body);
// Escape special HTML characters.
$escaped_body = htmlspecialchars($body, ENT_COMPAT, $PHORUM["DATA"]["HCHARSET"]);
if ($escaped_body == "") {
if (function_exists("iconv")) {
// we are gonna guess and see if we get lucky
$escaped_body = iconv("ISO-8859-1", $PHORUM["DATA"]["HCHARSET"], $body);
} else {
// we let htmlspecialchars use its defaults
$escaped_body = htmlspecialchars($body);
}
}
$body = $escaped_body;
// Replace newlines with $phorum_br temporarily.
// This way the mods know what Phorum did vs the user.
$body = str_replace("\n", "{$phorum_br}\n", $body);
// Run bad word replacement code.
if ($bad_word_check) {
$body = preg_replace($replace_words, $replace_vals, $body);
}
$data[$key]["body"] = $body;
}
// Work on the other fields ========================
// Run bad word replacement code on subject and author.
if ($bad_word_check) {
if (isset($message["subject"])) {
$data[$key]["subject"] = preg_replace($replace_words, $replace_vals, $data[$key]["subject"]);
}
if (isset($message["author"])) {
$data[$key]["author"] = preg_replace($replace_words, $replace_vals, $data[$key]["author"]);
}
}
// Escape special HTML characters in fields.
if (isset($message["email"])) {
$data[$key]["email"] = htmlspecialchars($data[$key]["email"], ENT_COMPAT, $PHORUM["DATA"]["HCHARSET"]);
}
if (isset($message["subject"])) {
$data[$key]["subject"] = htmlspecialchars($data[$key]["subject"], ENT_COMPAT, $PHORUM["DATA"]["HCHARSET"]);
}
// Do author formatting for all provided author fields.
foreach ($author_specs as $spec) {
// Use "Anonymous user" as the author name if there's no author
// name available for some reason.
if (!isset($message[$spec[1]]) || $message[$spec[1]] == '') {
$data[$key][$spec[3]] = $PHORUM["DATA"]["LANG"]["AnonymousUser"];
} elseif (!empty($message[$spec[0]])) {
$url = str_replace('%spec_data%', $message[$spec[0]], $profile_url_template);
$data[$key]["URL"][$spec[4]] = $url;
$data[$key][$spec[3]] = empty($PHORUM["custom_display_name"]) ? htmlspecialchars($message[$spec[1]], ENT_COMPAT, $PHORUM["DATA"]["HCHARSET"]) : $message[$spec[1]];
} elseif ($spec[2] !== NULL && !empty($message[$spec[2]]) && (empty($PHORUM['hide_email_addr']) || !empty($PHORUM["user"]["admin"]) || phorum_api_user_check_access(PHORUM_USER_ALLOW_MODERATE_MESSAGES) && PHORUM_MOD_EMAIL_VIEW || phorum_api_user_check_access(PHORUM_USER_ALLOW_MODERATE_USERS) && PHORUM_MOD_EMAIL_VIEW)) {
$data[$key][$spec[3]] = htmlspecialchars($message[$spec[1]], ENT_COMPAT, $PHORUM["DATA"]["HCHARSET"]);
$email_url = phorum_html_encode("mailto:" . $message[$spec[2]]);
$data[$key]["URL"]["PROFILE"] = $email_url;
} else {
$data[$key][$spec[3]] = htmlspecialchars($message[$spec[1]], ENT_COMPAT, $PHORUM["DATA"]["HCHARSET"]);
}
}
}
// A hook for module writers to apply custom message formatting.
if (isset($PHORUM["hooks"]["format"])) {
$data = phorum_hook("format", $data);
}
// A hook for module writers for doing post formatting fixups.
if (isset($PHORUM["hooks"]["format_fixup"])) {
$data = phorum_hook("format_fixup", $data);
}
// Clean up after the mods are done.
foreach ($data as $key => $message) {
// Clean up line breaks inside pre and xmp tags. These tags
// take care of showing newlines as breaks themselves.
if (isset($message["body"])) {
foreach (array("pre", "goep", "xmp") as $tagname) {
if (preg_match_all("/(<{$tagname}.*?>).+?(<\\/{$tagname}>)/si", $message["body"], $matches)) {
foreach ($matches[0] as $match) {
$stripped = str_replace($phorum_br, "", $match);
$message["body"] = str_replace($match, $stripped, $message["body"]);
}
}
}
// Remove line break after div, quote and code tags. These
// tags have their own line break. Without this, there would
// be to many white lines.
$message["body"] = preg_replace("/\\s*(<\\/?(?:div|xmp|blockquote|pre)[^>]*>)\\s*\\Q{$phorum_br}\\E/", "\$1", $message["body"]);
// Normalize the Phorum line breaks that are left.
$data[$key]["body"] = str_replace($phorum_br, "<br />", $message["body"]);
}
}
return $data;
}示例14: phorum_api_user_check_access
$mode = "reply";
}
// Do ban list checks. Only check the bans on entering and
// on finishing up. No checking is needed on intermediate requests.
if ($initial || $finish || $preview) {
include './include/posting/check_banlist.php';
}
// Determine the abilities that the current user has.
// Is the forum running in a moderated state?
$PHORUM["DATA"]["MODERATED"] = $PHORUM["moderation"] == PHORUM_MODERATE_ON && !phorum_api_user_check_access(PHORUM_USER_ALLOW_MODERATE_MESSAGES);
// Does the user have administrator permissions?
$PHORUM["DATA"]["ADMINISTRATOR"] = $PHORUM["user"]["admin"];
// Does the user have moderator permissions?
$PHORUM["DATA"]["MODERATOR"] = phorum_api_user_check_access(PHORUM_USER_ALLOW_MODERATE_MESSAGES);
// Ability: Do we allow attachments?
$PHORUM["DATA"]["ATTACHMENTS"] = $PHORUM["max_attachments"] > 0 && phorum_api_user_check_access(PHORUM_USER_ALLOW_ATTACH);
// What options does this user have for a message?
$PHORUM["DATA"]["OPTION_ALLOWED"] = array("sticky" => FALSE, "allow_reply" => FALSE, "subscribe" => FALSE, "subscribe_mail" => FALSE);
// Subscribing to threads for new messages by authenticated users or for
// editing messages posted by authenticated users (in which case the
// thread subscription for the user that posted the message can be
// updated).
if (($mode == "post" || $mode == "reply") && $PHORUM["DATA"]["LOGGEDIN"] || $mode == "edit" && !empty($message["user_id"])) {
$PHORUM["DATA"]["OPTION_ALLOWED"]["subscribe"] = TRUE;
$PHORUM["DATA"]["OPTION_ALLOWED"]["subscribe_mail"] = !empty($PHORUM['allow_email_notify']) ? TRUE : FALSE;
}
// For moderators and administrators.
if (($PHORUM["DATA"]["MODERATOR"] || $PHORUM["DATA"]["ADMINISTRATOR"]) && $message["parent_id"] == 0) {
$PHORUM["DATA"]["OPTION_ALLOWED"]["sticky"] = true;
$PHORUM["DATA"]["OPTION_ALLOWED"]["allow_reply"] = true;
}示例15: phorum_check_read_common
/**
* Check if the user has read permission for a forum page.
*
* If the user does not have read permission for the currently active
* forum, then an error message is shown. What message to show depends
* on the exact case. Possible cases are:
*
* - The user is logged in: final missing read permission message;
* - The user is not logged in, but wouldn't be allowed to read the
* forum, even if he were logged in: final missing read permission message;
* - The user is not logged in, but could be allowed to read the
* forum if he were logged in: please login message.
*
* @return boolean
* TRUE in case the user is allowed to read the forum,
* FALSE otherwise.
*/
function phorum_check_read_common()
{
global $PHORUM;
$retval = TRUE;
if ($PHORUM["forum_id"] > 0 && !$PHORUM["folder_flag"] && !phorum_api_user_check_access(PHORUM_USER_ALLOW_READ)) {
if ($PHORUM["DATA"]["LOGGEDIN"]) {
// if they are logged in and not allowed, they don't have rights
$PHORUM["DATA"]["OKMSG"] = $PHORUM["DATA"]["LANG"]["NoRead"];
} else {
// Check if they could read if logged in.
// If so, let them know to log in.
if (empty($PHORUM["DATA"]["POST"]["parentid"]) && $PHORUM["reg_perms"] & PHORUM_USER_ALLOW_READ) {
$PHORUM["DATA"]["OKMSG"] = $PHORUM["DATA"]["LANG"]["PleaseLoginRead"];
} else {
$PHORUM["DATA"]["OKMSG"] = $PHORUM["DATA"]["LANG"]["NoRead"];
}
}
phorum_build_common_urls();
phorum_api_output("message");
$retval = FALSE;
}
return $retval;
}