/* $Id: class_core.php 14 2009-01-12 09:36:11Z john $ */ class SECore { function &getInstance() { static $instance; if( !is_a($instance, 'SECore') ) { $instance = new SECore(); } return $instance; } function &getSettings() { static $settings; if( !is_array($settings) ) { $cache = SECache::getInstance('serial', array('lifetime' => 3600)); // Get from cache if( is_object($cache) ) { $settings = $cache->get('site_settings'); } // Get from database if( !is_array($settings) ) { $database = SEDatabase::getInstance(); $resource = $database->database_query("SELECT * FROM se_settings LIMIT 1"); $settings = $database->database_fetch_assoc($resource); // Store in cache if( is_object($cache) ) { $cache->store($settings, 'site_settings'); } } } return $settings; } function &getPlugins() { static $plugins; if( !is_array($plugins) ) { $cache = SECache::getInstance('serial', array('lifetime' => 3600)); // Get from cache if( is_object($cache) ) { $plugins = $cache->get('site_plugins'); } // Get from database if( !is_array($plugins) ) { $database = SEDatabase::getInstance(); $resource = $database->database_query("SELECT plugin_type, plugin_icon FROM se_plugins WHERE plugin_disabled=0 ORDER BY plugin_order ASC"); $plugins = $database->database_load_all_assoc('plugin_type'); // Store in cache if( is_object($cache) ) { $cache->store($plugins, 'site_plugins'); } } } return $plugins; } function &getLanguages() { static $languages; if( !is_array($languages) ) { $cache = SECache::getInstance('serial', array('lifetime' => 3600)); // Get from cache if( is_object($cache) ) { $languages = $cache->get('site_languages'); } // Get from database if( !is_array($languages) ) { //$database = SEDatabase::getInstance(); //$resource = $database->database_query("SELECT * FROM se_languages ORDER BY language_default DESC"); //$languages = $database->database_load_all_assoc('language_id'); $languages = SELanguage::_languages(); // Store in cache if( is_object($cache) ) { $cache->store($languages, 'site_languages'); } } } return $languages; } function &getSubnetworkInfo($subnet_id) { static $subnetwork_info; if( !is_array($subnetwork_info) ) $subnetwork_info = array(); if( !isset($subnetwork_info[$subnet_id]) ) { $cache = SECache::getInstance('serial', array('lifetime' => 3600)); // Get from cache if( is_object($cache) ) { $subnetwork_info[$subnet_id] = $cache->get('site_subnetworks_'.$subnet_id); } // Get from database if( !is_array($subnetwork_info[$subnet_id]) ) { $database = SEDatabase::getInstance(); $resource = $database->database_query("SELECT subnet_id, subnet_name FROM se_subnets WHERE subnet_id='{$subnet_id}' LIMIT 1"); $subnetwork_info[$subnet_id] = $database->database_fetch_assoc($resource); // Store in cache if( is_object($cache) ) { $cache->store($subnetwork_info[$subnet_id], 'site_subnetworks_'.$subnet_id); } } } return $subnetwork_info[$subnet_id]; } } ?>/* $Id: class_comment.php 161 2009-04-28 21:14:59Z john $ */ // THIS CLASS CONTAINS COMMENT-RELATED METHODS // IT IS USED FOR ALL COMMENTING (INCLUDING PLUGINS) // METHODS IN THIS CLASS: // se_comment() // comment_total() // comment_list() // comment_post() // comment_edit() // comment_delete() // comment_delete_selected() class se_comment { // INITIALIZE VARIABLES var $is_error; // DETERMINES WHETHER THERE IS AN ERROR OR NOT var $comment_type; // CONTAINS THE PREFIX CORRESPONDING TO THE COMMENT TYPE (EX: PROFILE FOR SE_PROFILECOMMENTS) var $comment_identifier; // CONTAINS THE IDENTIFYING COLUMN IN THE TABLE (EX: USER_ID FOR SE_PROFILECOMMENTS) var $comment_identifying_value; // CONTAINS THE VALUE TO MATCH TO THE IDENTIFIER var $comment_parent_type; // CONTAINS THE PREFIX CORRESPONDING TO THE COMMENT'S PARENT TYPE (EX: USERS FOR SE_USERS, MUSIC FOR SE_MUSIC) var $comment_parent_identifier; // CONTAINS THE IDENTIFYING COLUMN IN THE COMMENT'S PARENT'S TABLE (EX: USER FOR SE_USERS, MUSIC FOR SE_MUSIC) // THIS METHOD SETS INITIAL VARS // INPUT: $type REPRESENTING THE PREFIX CORRESPONDING TO THE COMMENT TYPE // $identifier REPRESENTING THE IDENTIFYING COLUMN IN THE TABLE // OUTPUT: function se_comment($type, $identifier, $identifying_value, $parent_type=NULL, $parent_identifier=NULL) { $this->comment_type = $type; $this->comment_identifier = $identifier; $this->comment_identifying_value = $identifying_value; $this->comment_parent_type = $parent_type; $this->comment_parent_identifier = $parent_identifier; } // END se_comment() METHOD // THIS METHOD RETURNS THE TOTAL NUMBER OF COMMENTS // INPUT: // OUTPUT: AN INTEGER REPRESENTING THE NUMBER OF COMMENTS function comment_total() { global $database; // New handling. On failure, will use old handling if( $this->comment_parent_type && $this->comment_parent_identifier ) { $comment_query = "SELECT `{$this->comment_parent_identifier}_totalcomments` AS total_comments FROM `se_{$this->comment_parent_type}` WHERE `{$this->comment_parent_identifier}_id`='{$this->comment_identifying_value}' LIMIT 1"; $resource = $database->database_query($comment_query); if( $resource ) { $result = $database->database_fetch_assoc($resource); return (int) $result['total_comments']; } } // Old handling $comment_query = "SELECT `{$this->comment_type}comment_id` FROM `se_{$this->comment_type}comments` WHERE `{$this->comment_type}comment_{$this->comment_identifier}`='{$this->comment_identifying_value}'"; $resource = $database->database_query($comment_query); if( !$resource ) return FALSE; return (int) $database->database_num_rows($resource); } // END comment_total() METHOD // THIS METHOD RETURNS AN ARRAY CONTAINING COMMENT INFO // INPUT: $start REPRESENTING THE COMMENT TO START WITH // $limit REPRESENTING THE NUMBER OF COMMENTS TO RETURN // OUTPUT: AN ARRAY OF COMMENTS function comment_list($start, $limit) { global $database, $setting, $user; $comment_array = Array(); $comment_query = " SELECT `se_{$this->comment_type}comments`.*, se_users.user_id, se_users.user_username, se_users.user_fname, se_users.user_lname, se_users.user_photo, CASE WHEN ((se_users.user_privacy & @SE_PRIVACY_REGISTERED) AND '{$user->user_exists}'<>0) THEN FALSE WHEN ((se_users.user_privacy & @SE_PRIVACY_ANONYMOUS) AND '{$user->user_exists}'=0) THEN FALSE WHEN ((se_users.user_privacy & @SE_PRIVACY_SELF) AND se_users.user_id='{$user->user_info['user_id']}') THEN FALSE WHEN ((se_users.user_privacy & @SE_PRIVACY_FRIEND) AND (SELECT TRUE FROM se_friends WHERE friend_user_id1=se_users.user_id AND friend_user_id2='{$user->user_info['user_id']}' AND friend_status='1' LIMIT 1)) THEN FALSE WHEN ((se_users.user_privacy & @SE_PRIVACY_SUBNET) AND se_users.user_subnet_id='{$user->user_info['user_subnet_id']}') THEN FALSE WHEN ((se_users.user_privacy & @SE_PRIVACY_FRIEND2) AND se_users.user_subnet_id='{$user->user_info['user_subnet_id']}' AND (SELECT TRUE FROM se_friends AS friends_primary LEFT JOIN se_friends AS friends_secondary ON friends_primary.friend_user_id2=friends_secondary.friend_user_id1 WHERE friends_primary.friend_user_id1=se_users.user_id AND friends_secondary.friend_user_id2='{$user->user_info['user_id']}' LIMIT 1)) THEN FALSE ELSE TRUE END AS is_profile_private FROM `se_{$this->comment_type}comments` LEFT JOIN se_users ON `se_{$this->comment_type}comments`.`{$this->comment_type}comment_authoruser_id`=se_users.user_id WHERE `{$this->comment_type}comment_{$this->comment_identifier}`='{$this->comment_identifying_value}' ORDER BY `{$this->comment_type}comment_id` DESC LIMIT {$start}, {$limit} "; $comments = $database->database_query($comment_query); while($comment_info = $database->database_fetch_assoc($comments)) { // CREATE AN OBJECT FOR AUTHOR $author = new se_user(); if( $comment_info['user_id'] != $comment_info[$this->comment_type.'comment_authoruser_id'] ) { $author->user_exists = FALSE; } else { $author->user_exists = TRUE; $author->user_info['user_id'] = $comment_info['user_id']; $author->user_info['user_username'] = $comment_info['user_username']; $author->user_info['user_fname'] = $comment_info['user_fname']; $author->user_info['user_lname'] = $comment_info['user_lname']; $author->user_info['user_photo'] = $comment_info['user_photo']; $author->user_displayname(); } // SET COMMENT ARRAY $comment_array[] = Array( 'comment_id' => $comment_info[$this->comment_type.'comment_id'], 'comment_authoruser_id' =>$comment_info[$this->comment_type.'comment_authoruser_id'], 'comment_author' => $author, 'comment_date' => $comment_info[$this->comment_type.'comment_date'], 'comment_body' => $comment_info[$this->comment_type.'comment_body'], 'comment_author_private' => $comment_info['is_profile_private'] ); } return $comment_array; } // END comment_list() METHOD // THIS METHOD POSTS A COMMENT // INPUT: $comment_body REPRESENTING THE COMMENT BODY BEING POSTED // $comment_secure REPRESENTING THE SECURITY CODE VALUE (IF APPLICABLE) // $object_title (OPTIONAL) REPRESENTING THE COMMENTED OBJECT'S TITLE // $object_owner (OPTIONAL) REPRESENTING THE OWNER OF THE OBJECT (ex 'user') // $object_owner_id (OPTIONAL) REPRESENTING THE OWNER OF THE OBJECT'S ID // $object_privacy (OPTIONAL) REPRESENTING THE PRIVACY OF THE OBJECT // OUTPUT: AN ARRAY CONTAINING ALL THE SAVED COMMENT DATA function comment_post($comment_body, $comment_secure, $object_title = "", $object_owner = "", $object_owner_id = 0, $object_privacy = "") { global $database, $user, $owner, $setting, $actions, $notify, $url; $comment_id = 0; $comment_date = time(); // RETRIEVE AND CHECK SECURITY CODE IF NECESSARY if( $setting['setting_comment_code'] ) { // NOW IN HEADER //session_start(); $code = $_SESSION['code']; if($code == "") { $code = randomcode(); } if($comment_secure != $code) { $this->is_error = 1; } } // MAKE SURE COMMENT BODY IS NOT EMPTY - ADD BREAKS AND CENSOR $comment_body = cleanHTML(censor($comment_body), $setting['setting_comment_html'], Array("style")); $comment_body = preg_replace('/(\r\n?)/', "\n", $comment_body); $comment_body = str_replace("\n", "
", $comment_body); $comment_body = preg_replace('/(
){3,}/is', '

', $comment_body); $comment_body = str_replace("'", "\'", $comment_body); if( !trim($comment_body) ) { $this->is_error = 1; $comment_body = ""; } // ADD COMMENT IF NO ERROR if( !$this->is_error ) { $resource = $database->database_query(" INSERT INTO `se_{$this->comment_type}comments` ( `{$this->comment_type}comment_{$this->comment_identifier}`, `{$this->comment_type}comment_authoruser_id`, `{$this->comment_type}comment_date`, `{$this->comment_type}comment_body` ) VALUES ( '{$this->comment_identifying_value}', '{$user->user_info['user_id']}', '{$comment_date}', '{$comment_body}' ) "); $comment_id = $database->database_insert_id(); // New handling - total cached in parent table if( $resource && $this->comment_parent_type && $this->comment_parent_identifier ) { $database->database_query(" UPDATE `se_{$this->comment_parent_type}` SET `{$this->comment_parent_identifier}_totalcomments`=`{$this->comment_parent_identifier}_totalcomments`+1 WHERE `{$this->comment_identifier}`='{$this->comment_identifying_value}' LIMIT 1 "); } // INSERT ACTION IF USER EXISTS if( $user->user_exists ) { $commenter = $user->user_displayname; $comment_body_encoded = strip_tags($comment_body); if( strlen($comment_body_encoded) > 250 ) $comment_body_encoded = substr($comment_body_encoded, 0, 247)."..."; $comment_body_encoded = str_replace(Array("
", "
"), " ", $comment_body_encoded); $actions->actions_add($user, $this->comment_type."comment", Array( $user->user_info['user_username'], $user->user_displayname, $owner->user_info['user_username'], $owner->user_displayname, $comment_body_encoded, $this->comment_identifying_value, $object_title, $object_owner_id ), Array(), 0, false, $object_owner, $object_owner_id, $object_privacy); } else { SE_Language::_preload(835); SE_Language::load(); $commenter = SE_Language::_get(835); } // SEND PROFILE COMMENT NOTIFICATION IF COMMENTER IS NOT OWNER if( $owner->user_info['user_id'] != $user->user_info['user_id'] ) { $notifytype = $notify->notify_add( $owner->user_info['user_id'], $this->comment_type."comment", $this->comment_identifying_value, Array( $owner->user_info['user_username'], $this->comment_identifying_value, $object_owner_id ), Array($object_title) ); $object_url = $url->url_base.vsprintf($notifytype['notifytype_url'], Array($owner->user_info['user_username'], $this->comment_identifying_value)); $owner->user_settings(); if( $owner->usersetting_info['usersetting_notify_'.$this->comment_type.'comment'] ) { send_systememail($this->comment_type."comment", $owner->user_info['user_email'], Array($owner->user_displayname, $commenter, "$object_url")); } } } return Array( 'comment_id' => $comment_id, 'comment_body' => $comment_body, 'comment_date' => $comment_date ); } // END comment_post() METHOD // THIS METHOD EDITS A COMMENT // INPUT: $comment_id REPRESENTING THE ID FOR THE COMMENT BEING EDITED // $comment_body REPRESENTING THE COMMENT BODY BEING EDITED // OUTPUT: function comment_edit($comment_id, $comment_body) { global $database, $user, $setting; // MAKE SURE COMMENT BODY IS NOT EMPTY - ADD BREAKS AND CENSOR $comment_body = str_replace("\r\n", "
", cleanHTML(censor($comment_body), $setting['setting_comment_html'])); $comment_body = preg_replace('/(
){3,}/is', '

', $comment_body); $comment_body = str_replace("'", "\'", $comment_body); // EDIT COMMENT IF NO ERROR if( trim($comment_body) ) { $database->database_query(" UPDATE `se_{$this->comment_type}comments` SET `{$this->comment_type}comment_body`='{$comment_body}' WHERE `{$this->comment_type}comment_{$this->comment_identifier}`='{$this->comment_identifying_value}' && `{$this->comment_type}comment_id`='{$comment_id}' && `{$this->comment_type}comment_authoruser_id`='{$user->user_info['user_id']}' LIMIT 1 "); } } // END comment_edit() METHOD // THIS METHOD DELETES A SINGLE COMMENT // INPUT: $comment_id REPRESENTING THE ID OF THE COMMENT TO DELETE // OUTPUT: function comment_delete($comment_id) { global $database; $resource = $database->database_query(" DELETE FROM `se_{$this->comment_type}comments` WHERE `{$this->comment_type}comment_{$this->comment_identifier}`='{$this->comment_identifying_value}' && `{$this->comment_type}comment_id`='{$comment_id}' LIMIT 1 "); // New handling - total cached in parent table if( $this->comment_parent_type && $this->comment_parent_identifier && $resource && $database->database_affected_rows($resource) ) { $database->database_query(" UPDATE `se_{$this->comment_parent_type}` SET `{$this->comment_parent_identifier}_totalcomments`=`{$this->comment_parent_identifier}_totalcomments`-1 WHERE `{$this->comment_identifier}`='{$this->comment_identifying_value}' LIMIT 1 "); } } // END comment_delete() METHOD // THIS METHOD DELETES MANY COMMENTS BASED ON WHAT HAS BEEN POSTED // INPUT: $start REPRESENTING THE COMMENT TO START WITH // $limit REPRESENTING THE NUMBER OF COMMENTS TO RETURN // OUTPUT: function comment_delete_selected($start, $limit) { global $database; $comments = $database->database_query(" SELECT `se_{$this->comment_type}comments`.`{$this->comment_type}comment_id` FROM `se_{$this->comment_type}comments` WHERE `{$this->comment_type}comment_{$this->comment_identifier}`='{$this->comment_identifying_value}' ORDER BY `{$this->comment_type}comment_id` DESC LIMIT {$start}, {$limit} "); $delete_ids = array(); while( $comment_info = $database->database_fetch_assoc($comments) ) { $var = "comment_".$comment_info[$this->comment_type.'comment_id']; if( isset($_POST[$var]) && is_numeric($_POST[$var]) ) { $delete_ids[] = $comment_info[$this->comment_type.'comment_id']; } } if( !empty($delete_ids) ) { $database->database_query(" DELETE FROM `se_{$this->comment_type}comments` WHERE `{$this->comment_type}comment_id` IN('".join("', '", $delete_ids)."') "); } } // END comment_delete_selected() METHOD } ?>/* $Id: class_field.php 159 2009-04-11 01:18:28Z john $ */ // THIS CLASS CONTAINS FIELD-RELATED METHODS. // IT IS USED DURING THE CREATION, MODIFICATION AND DELETION OF FIELDS // METHODS IN THIS CLASS: // se_field() // cat_list() // field_list() // field_get() // field_save() // field_delete() // cat_delete() // cat_modify() class se_field { // INITIALIZE VARIABLES var $is_error; // DETERMINES WHETHER THERE IS AN ERROR OR NOT, CONTAINS RELEVANT ERROR CODE var $type; // CONTAINS THE FIELD TYPE (PROFILE, PLUGIN-RELATED, ETC) var $value_info; // CONTAINS THE VALUE INFO OF THE SPECIFIC OBJECT var $cats; // CONTAINS ARRAY OF FIELD CATEGORIES WITH CORRESPONDING FIELD ARRAYS var $subcats; // CONTAINS ARRAY OF FIELD SUB-CATEGORIES WITH CORRESPONDING FIELD ARRAYS var $fields; // CONTAINS ARRAY OF FIELDS FROM CAT SPECIFIED var $fields_new; // CONTAINS ARRAY OF NEW (UNSAVED) FIELD VALUES var $field_query; // CONTAINS A PARTIAL DATABASE QUERY TO SAVE/RETRIEVE FIELD VALUES var $field_values; // CONTAINS AN ARRAY OF FORMATTED FIELD VALUES (USED FOR GLOBAL META DESCRIPTIONS) var $fields_all; // CONTAINS ARRAY OF FIELDS FROM ALL LOOPED CATS var $url_string; // CONTAINS VARIOUS PARTIAL URL STRINGS (SITUATION DEPENDENT) var $field_special; // CONTAINS VALUES FOR SPECIAL FIELDS // THIS METHOD SETS INITIAL VARS (SUCH AS FIELD TYPE) // INPUT: $type REPRESENTING THE TYPE OF FIELD (PROFILE, PLUGIN-RELATED, ETC) // $value_info (OPTIONAL) REPRESENTING THE VALUE INFO FOR THE GIVEN TYPE // OUTPUT: function se_field($type, $value_info = "") { $this->type = $type; $this->value_info = $value_info; } // END se_field() METHOD // THIS METHOD LOOPS AND/OR VALIDATES FIELD INPUT AND CREATES A PARTIAL QUERY TO UPDATE VALUE TABLE // INPUT: $validate (OPTIONAL) REPRESENTING A BOOLEAN THAT DETERMINES WHETHER TO VALIDATE POST VARS OR NOT // $format (OPTIONAL) REPRESENTING A BOOLEAN THAT DETERMINES WHETHER TO CREATE FORMATTED FIELD VALUES // $search (OPTIONAL) REPRESENTING WHETHER TO CREATE A SEARCH QUERY OR NOT // $cat_where (OPTIONAL) REPRESENTING A WHERE CLAUSE FOR THE CATEGORY QUERY // $subcat_where (OPTIONAL) REPRESENTING A WHERE CLAUSE FOR THE SUBCATEGORY QUERY // $field_where (OPTIONAL) REPRESENTING A WHERE CLAUSE FOR THE FIELD QUERY // OUTPUT: function cat_list($validate = 0, $format = 0, $search = 0, $cat_where = "", $subcat_where = "", $field_where = "") { global $database, $datetime, $setting; // SET CATEGORY VARIABLES $this->fields_all = Array(); $cat_query = "SELECT ".$this->type."cat_id AS cat_id, ".$this->type."cat_title AS cat_title, ".$this->type."cat_order AS cat_order, ".$this->type."cat_signup AS cat_signup FROM se_".$this->type."cats WHERE ".$this->type."cat_dependency='0'"; if($cat_where != "") { $cat_query .= " AND ($cat_where)"; } $cat_query .= " ORDER BY ".$this->type."cat_order"; $cats = $database->database_query($cat_query); // LOOP THROUGH CATS while($cat_info = $database->database_fetch_assoc($cats)) { // GET LIST OF FIELDS $cat_fields = ""; $new_field_where = $this->type."field_".$this->type."cat_id='$cat_info[cat_id]'"; if($field_where != "") { $new_field_where .= " AND ($field_where)"; } $this->field_list($validate, $format, $search, $new_field_where); $cat_fields = $this->fields; // GET DEPENDENT CATS $this->subcats = ""; $subcat_query = "SELECT ".$this->type."cat_id AS cat_id, ".$this->type."cat_title AS cat_title, ".$this->type."cat_order AS cat_order FROM se_".$this->type."cats WHERE ".$this->type."cat_dependency='$cat_info[cat_id]'"; if($subcat_where != "") { $subcat_query .= " AND ($subcat_where)"; } $subcat_query .= " ORDER BY ".$this->type."cat_order"; $subcats = $database->database_query($subcat_query); // LOOP THROUGH SUBCATS while($subcat_info = $database->database_fetch_assoc($subcats)) { // GET LIST OF FIELDS $new_field_where = $this->type."field_".$this->type."cat_id='$subcat_info[cat_id]'"; if($field_where != "") { $new_field_where .= " AND ($field_where)"; } $this->field_list($validate, $format, $search, $new_field_where); // SET CAT ARRAY if($format == 0 || ($format == 1 && count($this->fields) != 0)) { SE_Language::_preload($subcat_info[cat_title]); $this->subcats[] = Array('subcat_id' => $subcat_info[cat_id], 'subcat_title' => $subcat_info[cat_title], 'subcat_order' => $subcat_info[cat_order], 'subcat_signup' => $subcat_info[cat_signup], 'fields' => $this->fields); } } // SET CAT ARRAY SE_Language::_preload($cat_info[cat_title]); $this->cats[] = Array('cat_id' => $cat_info[cat_id], 'cat_title' => $cat_info[cat_title], 'cat_order' => $cat_info[cat_order], 'cat_signup' => $cat_info[cat_signup], 'fields' => $cat_fields, 'subcats' => $this->subcats); } } // END cat_list() METHOD // THIS METHOD LOOPS AND/OR VALIDATES FIELD INPUT AND CREATES A PARTIAL QUERY TO UPDATE VALUE TABLE // INPUT: $validate (OPTIONAL) REPRESENTING A BOOLEAN THAT DETERMINES WHETHER TO VALIDATE POST VARS OR NOT // $format (OPTIONAL) REPRESENTING A BOOLEAN THAT DETERMINES WHETHER TO CREATE FORMATTED FIELD VALUES // $search (OPTIONAL) REPRESENTING WHETHER TO CREATE A SEARCH QUERY OR NOT // $field_where (OPTIONAL) REPRESENTING A WHERE CLAUSE FOR THE FIELD QUERY // OUTPUT: function field_list($validate = 0, $format = 0, $search = 0, $field_where = "") { global $database, $datetime, $setting; // GET NON DEPENDENT FIELDS IN CAT IF NECESSARY $field_count = 0; $this->fields = Array(); $field_query = "SELECT ".$this->type."field_id AS field_id, ".$this->type."field_order AS field_order, ".$this->type."field_title AS field_title, ".$this->type."field_desc AS field_desc, ".$this->type."field_signup AS field_signup, ".$this->type."field_error AS field_error, ".$this->type."field_type AS field_type, ".$this->type."field_style AS field_style, ".$this->type."field_maxlength AS field_maxlength, ".$this->type."field_link AS field_link, ".$this->type."field_options AS field_options, ".$this->type."field_required AS field_required, ".$this->type."field_regex AS field_regex, ".$this->type."field_special AS field_special, ".$this->type."field_html AS field_html, ".$this->type."field_search AS field_search, ".$this->type."field_display AS field_display FROM se_".$this->type."fields WHERE ".$this->type."field_dependency='0'"; if($field_where != "") { $field_query .= " AND ($field_where)"; } $field_query .= " ORDER BY ".$this->type."field_order"; $fields = $database->database_query($field_query); while($field_info = $database->database_fetch_assoc($fields)) { // SET FIELD VARS $is_field_error = 0; $field_value = ""; $field_value_formatted = ""; $field_value_min = ""; $field_value_max = ""; $field_options = Array(); // FIELD TYPE SWITCH switch($field_info[field_type]) { case 1: // TEXT FIELD case 2: // TEXTAREA // VALIDATE POSTED FIELD VALUE if($validate == 1) { // RETRIEVE POSTED FIELD VALUE AND FILTER FOR ADMIN-SPECIFIED HTML TAGS $var = "field_".$field_info[field_id]; $field_value = security(cleanHTML(censor($_POST[$var]), $field_info[field_html])); if($field_info[field_type] == 2) { $field_value = str_replace("\r\n", "
", $field_value); } // CHECK FOR REQUIRED if($field_info[field_required] != 0 && trim($field_value) == "") { $this->is_error = 96; $is_field_error = 1; } // RUN PREG MATCH (ONLY FOR TEXT FIELDS) if($field_info[field_regex] != "" && trim($field_value) != "") { if(!preg_match($field_info[field_regex], $field_value)) { $this->is_error = 97; $is_field_error = 1; } } // UPDATE SAVE VALUE QUERY if($this->field_query != "") { $this->field_query .= ", "; } if($field_info[field_special] == 2 || $field_info[field_special] == 3) { $field_value = ucwords($field_value); } $this->field_query .= $this->type."value_$field_info[field_id]='$field_value'"; // CREATE A SEARCH QUERY FROM POSTED FIELD VALUE } elseif($search == 1) { if($field_info[field_search] == 2) { $var1 = "field_".$field_info[field_id]."_min"; if(isset($_POST[$var1])) { $field_value_min = $_POST[$var1]; } elseif(isset($_GET[$var1])) { $field_value_min = $_GET[$var1]; } else { $field_value_min = ""; } $var2 = "field_".$field_info[field_id]."_max"; if(isset($_POST[$var2])) { $field_value_max = $_POST[$var2]; } elseif(isset($_GET[$var2])) { $field_value_max = $_GET[$var2]; } else { $field_value_max = ""; } if($field_value_min != "") { if($this->field_query != "") { $this->field_query .= " AND "; } $this->field_query .= $this->type."value_$field_info[field_id] >= $field_value_min"; $this->url_string .= $var1."=".urlencode($field_value_min)."&"; } if($field_value_max != "") { if($this->field_query != "") { $this->field_query .= " AND "; } $this->field_query .= $this->type."value_$field_info[field_id] <= $field_value_max"; $this->url_string .= $var2."=".urlencode($field_value_max)."&"; } } elseif($field_info[field_search] == 1) { $var = "field_".$field_info[field_id]; if(isset($_POST[$var])) { $field_value = $_POST[$var]; } elseif(isset($_GET[$var])) { $field_value = $_GET[$var]; } else { $field_value = ""; } if($field_value != "") { if($this->field_query != "") { $this->field_query .= " AND "; } $this->field_query .= $this->type."value_$field_info[field_id] LIKE '%$field_value%'"; $this->url_string .= $var."=".urlencode($field_value)."&"; } } else { $field_value = ""; } // DO NOT VALIDATE FIELD VALUE AND DON'T CREATE SEARCH VALUE } else { // RETRIEVE DATABASE FIELD VALUE if($this->value_info != "") { $value_column = $this->type."value_".$field_info[field_id]; $field_value = $this->value_info[$value_column]; } } // FORMAT VALUE FOR DISPLAY if($format == 1 && $field_info[field_display] != 0) { // LINK BROWSABLE FIELD VALUES IF NECESSARY if($field_info[field_display] == 2) { $br_exploded_field_values = explode("
", trim($field_value)); $exploded_field_values = Array(); foreach($br_exploded_field_values as $key => $value) { $comma_exploded_field_values = explode(",", trim($value)); array_walk($comma_exploded_field_values, 'link_field_values', Array($field_info[field_id], "", $field_info[field_link], $field_info[field_display])); $exploded_field_values[$key] = implode(", ", $comma_exploded_field_values); } $field_value_formatted = implode("
", $exploded_field_values); // MAKE SURE TO LINK FIELDS WITH A LINK TAG } else { $exploded_field_values = Array(trim($field_value)); array_walk($exploded_field_values, 'link_field_values', Array($field_info[field_id], "", $field_info[field_link], $field_info[field_display])); $field_value_formatted = implode("", $exploded_field_values); } // DECODE TO MAKE HTML TAGS FOR FIELDS VALID $field_value_formatted = htmlspecialchars_decode($field_value_formatted, ENT_QUOTES); // FORMAT VALUE FOR FORM } else { if($field_info[field_type] == 1) { $options = unserialize($field_info[field_options]); for($i=0,$max=count($options);$i<$max;$i++) { SE_Language::_preload_multi($options[$i][label]); SE_Language::load(); $field_options[] = Array('label'=>SE_Language::_get($options[$i][label])); } } if($field_info[field_type] == 2) { $field_value = str_replace("
", "\r\n", $field_value); } } break; case 3: // SELECT BOX case 4: // RADIO BUTTON // VALIDATE POSTED FIELD if($validate == 1) { // RETRIEVE POSTED FIELD VALUE $var = "field_".$field_info[field_id]; $field_value = censor($_POST[$var]); // CHECK FOR REQUIRED if($field_info[field_required] != 0 && ($field_value == "-1" || $field_value == "")) { $this->is_error = 96; $is_field_error = 1; } // UPDATE SAVE VALUE QUERY if($this->field_query != "") { $this->field_query .= ", "; } $this->field_query .= $this->type."value_$field_info[field_id]='$field_value'"; // CREATE A SEARCH QUERY FROM POSTED FIELD VALUE } elseif($search == 1) { if($field_info[field_search] == 2) { $var1 = "field_".$field_info[field_id]."_min"; if(isset($_POST[$var1])) { $field_value_min = $_POST[$var1]; } elseif(isset($_GET[$var1])) { $field_value_min = $_GET[$var1]; } else { $field_value_min = ""; } $var2 = "field_".$field_info[field_id]."_max"; if(isset($_POST[$var2])) { $field_value_max = $_POST[$var2]; } elseif(isset($_GET[$var2])) { $field_value_max = $_GET[$var2]; } else { $field_value_max = ""; } if($field_value_min != "" && $field_value_min != "-1") { if($this->field_query != "") { $this->field_query .= " AND "; } $this->field_query .= $this->type."value_$field_info[field_id] >= $field_value_min"; $this->url_string .= $var1."=".urlencode($field_value_min)."&"; } if($field_value_max != "" && $field_value_max != "-1") { if($this->field_query != "") { $this->field_query .= " AND "; } $this->field_query .= $this->type."value_$field_info[field_id] <= $field_value_max"; $this->url_string .= $var2."=".urlencode($field_value_max)."&"; } } elseif($field_info[field_search] == 1) { $var = "field_".$field_info[field_id]; if(isset($_POST[$var])) { $field_value = $_POST[$var]; } elseif(isset($_GET[$var])) { $field_value = $_GET[$var]; } else { $field_value = ""; } if($field_value != "-1" && $field_value != "") { if($this->field_query != "") { $this->field_query .= " AND "; } $this->field_query .= $this->type."value_$field_info[field_id]='$field_value'"; $this->url_string .= $var."=".urlencode($field_value)."&"; } } else { $field_value = ""; } // DO NOT VALIDATE FIELD VALUE AND DON'T CREATE SEARCH VALUE } else { // RETRIEVE DATABASE FIELD VALUE if($this->value_info != "") { $value_column = $this->type."value_".$field_info[field_id]; $field_value = $this->value_info[$value_column]; } } // LOOP OVER FIELD OPTIONS $options = unserialize($field_info[field_options]); for($i=0,$max=count($options);$i<$max;$i++) { $dep_field_info = ""; $dep_field_value = ""; $dep_field_options = ""; // OPTION HAS DEPENDENCY if($options[$i][dependency] == "1") { $dep_field_query = "SELECT ".$this->type."field_id AS field_id, ".$this->type."field_type AS field_type, ".$this->type."field_title AS field_title, ".$this->type."field_style AS field_style, ".$this->type."field_options AS field_options, ".$this->type."field_maxlength AS field_maxlength, ".$this->type."field_link AS field_link, ".$this->type."field_required AS field_required, ".$this->type."field_regex AS field_regex, ".$this->type."field_display AS field_display FROM se_".$this->type."fields WHERE ".$this->type."field_id='".$options[$i][dependent_id]."' AND ".$this->type."field_dependency='$field_info[field_id]'"; $dep_field = $database->database_query($dep_field_query); if($database->database_num_rows($dep_field) != "1") { $options[$i][dependency] = 0; } else { $dep_field_info = $database->database_fetch_assoc($dep_field); // VALIDATE POSTED FIELD VALUE if($validate == 1) { // OPTION SELECTED if($field_value == $options[$i][value]) { $dep_var = "field_".$dep_field_info[field_id]; $dep_field_value = censor($_POST[$dep_var]); // DEP FIELD TYPE switch($dep_field_info[field_type]) { // TEXT FIELD case "1": // CHECK FOR REQUIRED if($dep_field_info[field_required] != 0 && trim($dep_field_value) == "") { $this->is_error = 96; $is_field_error = 1; } // RUN PREG MATCH if($dep_field_info[field_regex] != "" && trim($dep_field_value) != "") { if(!preg_match($dep_field_info[field_regex], $dep_field_value)) { $this->is_error = 97; $is_field_error = 1; } } break; // SELECT BOX case "3": // CHECK FOR REQUIRED if( $dep_field_info['field_required'] != 0 && ($dep_field_value == "-1" || $dep_field_value == "") ) { $this->is_error = 96; $is_field_error = 1; } break; } // OPTION NOT SELECTED } else { $dep_field_value = ""; } // UPDATE SAVE VALUE QUERY if($this->field_query != "") { $this->field_query .= ", "; } $this->field_query .= $this->type."value_$dep_field_info[field_id]='$dep_field_value'"; // DO NOT VALIDATE POSTED FIELD VALUE } else { // RETRIEVE DATABASE FIELD VALUE if($this->value_info != "") { $value_column = $this->type."value_".$dep_field_info[field_id]; $dep_field_value = $this->value_info[$value_column]; } } // RETRIEVE DEP FIELD OPTIONS $dep_options = unserialize($dep_field_info[field_options]); for($i2=0,$max2=count($dep_options);$i2<$max2;$i2++) { SE_Language::_preload($dep_options[$i2][label]); $dep_field_options[] = Array('value' => $dep_options[$i2][value], 'label' => $dep_options[$i2][label]); if($dep_options[$i2][value] == $dep_field_value) { $dep_field_value_formatted = $dep_options[$i2][label]; } } } } // FORMAT VALUE FOR DISPLAY IF OPTION IS SELECTED if($format == 1 && $field_value == $options[$i][value] && $field_info[field_display] != 0) { SE_Language::_preload_multi($dep_field_info[field_title], $options[$i][label]); SE_Language::load(); $field_value_formatted = SE_Language::_get($options[$i][label]); // LINK FIELD VALUES IF NECESSARY if($field_info[field_display] == 2) { link_field_values($field_value_formatted, "", Array($field_info[field_id], $options[$i][value], "", $field_info[field_display])); } // ADD DEPENDENT VALUE TO FIELD VALUE if($dep_field_value != "" && $dep_field_info[field_display] != 0) { if($dep_field_info[field_type] == 3) { $dep_field_value_formatted = SE_Language::_get($dep_field_value_formatted); } else { $dep_field_value_formatted = $dep_field_value; } link_field_values($dep_field_value_formatted, "", Array($dep_field_info[field_id], $dep_field_value, $dep_field_info[field_link], $dep_field_info[field_display])); $field_value_formatted .= " ".SE_Language::_get($dep_field_info[field_title])." ".$dep_field_value_formatted; } } // SET OPTIONS ARRAY SE_Language::_preload_multi($dep_field_info[field_title], $options[$i][label]); $field_options[] = Array('value' => $options[$i][value], 'label' => $options[$i][label], 'dependency' => $options[$i][dependency], 'dep_field_id' => $dep_field_info[field_id], 'dep_field_title' => $dep_field_info[field_title], 'dep_field_type' => $dep_field_info[field_type], 'dep_field_required' => $dep_field_info[field_required], 'dep_field_maxlength' => $dep_field_info[field_maxlength], 'dep_field_options' => $dep_field_options, 'dep_field_style' => $dep_field_info[field_style], 'dep_field_value' => $dep_field_value, 'dep_field_error' => $dep_field_error); } break; case 5: // DATE FIELD // SET MONTH, DAY, AND YEAR FORMAT FROM SETTINGS switch($setting[setting_dateformat]) { case "n/j/Y": case "n.j.Y": case "n-j-Y": $month_format = "n"; $day_format = "j"; $year_format = "Y"; $date_order = "mdy"; break; case "Y/n/j": case "Ynj": $month_format = "n"; $day_format = "j"; $year_format = "Y"; $date_order = "ymd"; break; case "Y-n-d": $month_format = "n"; $day_format = "d"; $year_format = "Y"; $date_order = "ymd"; break; case "Y-m-d": $month_format = "m"; $day_format = "d"; $year_format = "Y"; $date_order = "ymd"; break; case "j/n/Y": case "j.n.Y": $month_format = "n"; $day_format = "j"; $year_format = "Y"; $date_order = "dmy"; break; case "M. j, Y": $month_format = "M"; $day_format = "j"; $year_format = "Y"; $date_order = "mdy"; break; case "F j, Y": case "l, F j, Y": $month_format = "F"; $day_format = "j"; $year_format = "Y"; $date_order = "mdy"; break; case "j F Y": case "D j F Y": case "l j F Y": $month_format = "F"; $day_format = "j"; $year_format = "Y"; $date_order = "dmy"; break; case "D-j-M-Y": case "D j M Y": case "j-M-Y": $month_format = "M"; $day_format = "j"; $year_format = "Y"; $date_order = "dmy"; break; case "Y-M-j": $month_format = "M"; $day_format = "j"; $year_format = "Y"; $date_order = "ymd"; break; } // VALIDATE POSTED VALUE if($validate == 1) { // RETRIEVE POSTED FIELD VALUE $var1 = "field_".$field_info[field_id]."_1"; $var2 = "field_".$field_info[field_id]."_2"; $var3 = "field_".$field_info[field_id]."_3"; $field_1 = $_POST[$var1]; $field_2 = $_POST[$var2]; $field_3 = $_POST[$var3]; // ORDER DATE VALUES PROPERLY switch($date_order) { case "mdy": $month = $field_1; $day = $field_2; $year = $field_3; break; case "ymd": $year = $field_1; $month = $field_2; $day = $field_3; break; case "dmy": $day = $field_1; $month = $field_2; $year = $field_3; break; } // CONSTRUCT FIELD VALUE $field_value = str_pad($year, 4, '0', STR_PAD_LEFT)."-".str_pad($month, 2, '0', STR_PAD_LEFT).'-'.str_pad($day, 2, '0', STR_PAD_LEFT); // CHECK FOR REQUIRED if( $field_info['field_required'] && ($month == "00" || $day == "00" || $year == "00") ) { $this->is_error = 96; $is_field_error = 1; } // UPDATE SAVE VALUE QUERY if($this->field_query != "") { $this->field_query .= ", "; } $this->field_query .= $this->type."value_$field_info[field_id]='$field_value'"; // CREATE A SEARCH QUERY FROM POSTED FIELD VALUE } elseif($search == 1) { // DATE IS A BIRTHDAY if($field_info[field_special] == 1) { // RESET DATE ORDER SO MONTH IS LAST $date_order = "mdy"; // RETRIEVE MIN/MAX YEARS $var3_min = "field_".$field_info[field_id]."_3_min"; $var3_max = "field_".$field_info[field_id]."_3_max"; if(isset($_POST[$var3_min])) { $field_3_min = $_POST[$var3_min]; } elseif(isset($_GET[$var3_min])) { $field_3_min = $_GET[$var3_min]; } else { $field_3_min = ""; } if(isset($_POST[$var3_max])) { $field_3_max = $_POST[$var3_max]; } elseif(isset($_GET[$var3_max])) { $field_3_max = $_GET[$var3_max]; } else { $field_3_max = ""; } $this->url_string .= $var3_min."=".urlencode($field_3_min)."&"; $this->url_string .= $var3_max."=".urlencode($field_3_max)."&"; // CONSTRUCT SEARCH VALUES (MIN YEAR) // IMPORTANT NOTE - BECAUSE IT DISPLAYS THE AGE (NOT THE YEAR) TO THE SEARCHER, THIS ACTUALLY CORRESPONDS TO THE MINIMUM AGE (MAXIMUM YEAR) $field_value_min = str_pad($field_3_min, 4, '0', STR_PAD_LEFT); if($field_value_min != "0000") { if($this->field_query != "") { $this->field_query .= " AND "; } $this->field_query .= $this->type."value_$field_info[field_id]<='$field_value_min-".date('m', time())."-".date('d', time())."'"; } // CONSTRUCT SEARCH VALUES (MAX YEAR) // IMPORTANT NOTE - BECAUSE IT DISPLAYS THE AGE (NOT THE YEAR) TO THE SEARCHER, THIS ACTUALLY CORRESPONDS TO THE MAXIMUM AGE (MINIMUM YEAR) $field_value_max = str_pad($field_3_max, 4, '0', STR_PAD_LEFT); if($field_value_max != "0000") { if($this->field_query != "") { $this->field_query .= " AND "; } $this->field_query .= $this->type."value_$field_info[field_id]>=DATE_ADD('".($field_value_max-1)."-".date('m', time())."-".date('d', time())."', INTERVAL 1 DAY)"; } // EXCLUDE USERS WHO HAVE NOT ENTERED A BIRTH YEAR if($field_value_min != "0000" || $field_value_max != "0000") { if($this->field_query != "") { $this->field_query .= " AND "; } $this->field_query .= "YEAR(".$this->type."value_$field_info[field_id])<>'0000'"; } // DATE IS NOT A BIRTHDAY } else { // RETRIEVE VALUES $var1 = "field_".$field_info[field_id]."_1"; $var2 = "field_".$field_info[field_id]."_2"; $var3 = "field_".$field_info[field_id]."_3"; if(isset($_POST[$var1])) { $field_1 = $_POST[$var1]; } elseif(isset($_GET[$var1])) { $field_1 = $_GET[$var1]; } else { $field_1 = ""; } if(isset($_POST[$var2])) { $field_2 = $_POST[$var2]; } elseif(isset($_GET[$var2])) { $field_2 = $_GET[$var2]; } else { $field_2 = ""; } if(isset($_POST[$var3])) { $field_3 = $_POST[$var3]; } elseif(isset($_GET[$var3])) { $field_3 = $_GET[$var3]; } else { $field_3 = ""; } $this->url_string .= $var1."=".urlencode($field_1)."&"; $this->url_string .= $var2."=".urlencode($field_2)."&"; $this->url_string .= $var3."=".urlencode($field_3)."&"; // ORDER DATE VALUES PROPERLY switch($date_order) { case "mdy": $month = str_pad($field_1, 2, '0', STR_PAD_LEFT); $day = str_pad($field_2, 2, '0', STR_PAD_LEFT); $year = str_pad($field_3, 4, '0', STR_PAD_LEFT); break; case "ymd": $year = str_pad($field_1, 4, '0', STR_PAD_LEFT); $month = str_pad($field_2, 2, '0', STR_PAD_LEFT); $day = str_pad($field_3, 2, '0', STR_PAD_LEFT); break; case "dmy": $day = str_pad($field_1, 2, '0', STR_PAD_LEFT); $month = str_pad($field_2, 2, '0', STR_PAD_LEFT); $year = str_pad($field_3, 4, '0', STR_PAD_LEFT); break; } // CONSTRUCT FIELD VALUE $field_value = $year."-".$month.'-'.$day; if($month != "00") { if($this->field_query != "") { $this->field_query .= " AND "; } $this->field_query .= "MONTH(".$this->type."value_$field_info[field_id])='$month'"; } if($day != "00") { if($this->field_query != "") { $this->field_query .= " AND "; } $this->field_query .= "DAY(".$this->type."value_$field_info[field_id])='$day'"; } if($year != "0000") { if($this->field_query != "") { $this->field_query .= " AND "; } $this->field_query .= "YEAR(".$this->type."value_$field_info[field_id])='$year'"; } } // DO NOT VALIDATE FIELD VALUE AND DON'T CREATE SEARCH VALUE } else { // RETRIEVE DATABASE FIELD VALUE if($this->value_info != "") { $value_column = $this->type."value_".$field_info[field_id]; $field_value = $this->value_info[$value_column]; } else { $field_value = "0000-00-00"; } } $year = substr($field_value, 0, 4); $month = substr($field_value, 5, 2); $day = substr($field_value, 8, 2); // FORMAT VALUE FOR DISPLAY if($format == 1 && $field_info[field_display] != 0) { if($field_value != "0000-00-00") { if($year == "0000") { $year = ""; } if($month == "00") { $month = ""; } else { $month = $datetime->cdate("F", mktime(0, 0, 0, $month, 1, 1990)); } if($day == "00") { $day = ""; } else { $day = $datetime->cdate("$day_format", mktime(0, 0, 0, 1, $day, 1990)); } switch($date_order) { case "mdy": $field_value_formatted = "$month $day $year"; break; case "ymd": $field_value_formatted = "$year $month $day"; break; case "dmy": $field_value_formatted = "$day $month $year"; break; } if($field_info[field_display] == 2) { link_field_values($field_value_formatted, "", Array($field_info[field_id], $field_value, "", $field_info[field_display])); } } // FORMAT VALUE FOR FORM } else { // GET LANGUAGE VARS SE_Language::_preload_multi(579, 580, 581); // CONSTRUCT MONTH ARRAY $month_array = Array(); $month_array[0] = Array('name' => "579", 'value' => "0", 'selected' => ""); for($m=1;$m<=12;$m++) { if($month == $m) { $selected = " SELECTED"; } else { $selected = ""; } $month_array[$m] = Array('name' => $datetime->cdate("$month_format", mktime(0, 0, 0, $m, 1, 1990)), 'value' => $m, 'selected' => $selected); } // CONSTRUCT DAY ARRAY $day_array = Array(); $day_array[0] = Array('name' => "580", 'value' => "0", 'selected' => ""); for($d=1;$d<=31;$d++) { if($day == $d) { $selected = " SELECTED"; } else { $selected = ""; } $day_array[$d] = Array('name' => $datetime->cdate("$day_format", mktime(0, 0, 0, 1, $d, 1990)), 'value' => $d, 'selected' => $selected); } // CONSTRUCT YEAR ARRAY $year_array = Array(); $year_count = 1; $current_year = $datetime->cdate("Y", time()); $year_array[0] = Array('name' => "581", 'value' => "0", 'selected' => ""); for($y=$current_year;$y>=1920;$y--) { if($year == $y) { $selected = " SELECTED"; } else { $selected = ""; } $year_array[$year_count] = Array('name' => $y, 'value' => $y, 'selected' => $selected); $year_count++; } // ORDER DATE ARRAYS PROPERLY switch($date_order) { case "mdy": $date_array1 = $month_array; $date_array2 = $day_array; $date_array3 = $year_array; break; case "ymd": $date_array1 = $year_array; $date_array2 = $month_array; $date_array3 = $day_array; break; case "dmy": $date_array1 = $day_array; $date_array2 = $month_array; $date_array3 = $year_array; break; } } break; case 6: // CHECKBOXES // VALIDATE POSTED FIELD if($validate == 1) { // RETRIEVE POSTED FIELD VALUE $var = "field_".$field_info[field_id]; $field_value = $_POST[$var]; // CHECK FOR REQUIRED if($field_info[field_required] != 0 && count($field_value) == 0) { $this->is_error = 96; $is_field_error = 1; } // UPDATE SAVE VALUE QUERY if($this->field_query != "") { $this->field_query .= ", "; } $this->field_query .= $this->type."value_$field_info[field_id]='".implode(",", $field_value)."'"; // CREATE A SEARCH QUERY FROM POSTED FIELD VALUE } elseif($search == 1) { $var = "field_".$field_info[field_id]; if(isset($_POST[$var])) { $field_value = $_POST[$var]; } elseif(isset($_GET[$var])) { $field_value = $_GET[$var]; } else { $field_value = ""; } if(count($field_value) != 0 && $field_value != "") { for($o=0;$ofield_query != "") { $this->field_query .= " AND "; } $this->field_query .= "FIND_IN_SET('".$field_value[$o]."', ".$this->type."value_$field_info[field_id])"; $this->url_string .= $var."[]=".urlencode($field_value[$o])."&"; } } // DO NOT VALIDATE FIELD VALUE AND DON'T CREATE SEARCH VALUE } else { // RETRIEVE DATABASE FIELD VALUE if($this->value_info != "") { $value_column = $this->type."value_".$field_info[field_id]; $field_value = explode(",", $this->value_info[$value_column]); } } // LOOP OVER FIELD OPTIONS $options = unserialize($field_info[field_options]); for($i=0,$max=count($options);$i<$max;$i++) { $dep_field_info = ""; $dep_field_value = ""; $dep_field_options = ""; // OPTION HAS DEPENDENCY if($options[$i][dependency] == "1") { $dep_field_query = "SELECT ".$this->type."field_id AS field_id, ".$this->type."field_type AS field_type, ".$this->type."field_title AS field_title, ".$this->type."field_style AS field_style, ".$this->type."field_options AS field_options, ".$this->type."field_maxlength AS field_maxlength, ".$this->type."field_link AS field_link, ".$this->type."field_required AS field_required, ".$this->type."field_regex AS field_regex, ".$this->type."field_display AS field_display FROM se_".$this->type."fields WHERE ".$this->type."field_id='".$options[$i][dependent_id]."' AND ".$this->type."field_dependency='$field_info[field_id]'"; $dep_field = $database->database_query($dep_field_query); if($database->database_num_rows($dep_field) != "1") { $options[$i][dependency] = 0; } else { $dep_field_info = $database->database_fetch_assoc($dep_field); // VALIDATE POSTED FIELD VALUE if($validate == 1) { // OPTION SELECTED if(in_array($options[$i][value], $field_value)) { $dep_var = "field_".$dep_field_info[field_id]; $dep_field_value = censor($_POST[$dep_var]); // DEP FIELD TYPE switch($dep_field_info[field_type]) { // TEXT FIELD case "1": // CHECK FOR REQUIRED if($dep_field_info[field_required] != 0 && trim($dep_field_value) == "") { $this->is_error = 96; $is_field_error = 1; } // RUN PREG MATCH if($dep_field_info[field_regex] != "" && trim($dep_field_value) != "") { if(!preg_match($dep_field_info[field_regex], $dep_field_value)) { $this->is_error = 97; $is_field_error = 1; } } break; // SELECT BOX case "3": // CHECK FOR REQUIRED if( $dep_field_info['field_required'] != 0 && ($dep_field_value == "-1" || $dep_field_value == "") ) { $this->is_error = 96; $is_field_error = 1; } break; } // OPTION NOT SELECTED } else { $dep_field_value = ""; } // UPDATE SAVE VALUE QUERY if($this->field_query != "") { $this->field_query .= ", "; } $this->field_query .= $this->type."value_$dep_field_info[field_id]='$dep_field_value'"; // DO NOT VALIDATE POSTED FIELD VALUE } else { // RETRIEVE DATABASE FIELD VALUE if($this->value_info != "") { $value_column = $this->type."value_".$dep_field_info[field_id]; $dep_field_value = $this->value_info[$value_column]; } } // RETRIEVE DEP FIELD OPTIONS $dep_options = unserialize($dep_field_info[field_options]); for($i2=0,$max2=count($dep_options);$i2<$max2;$i2++) { SE_Language::_preload($dep_options[$i2][label]); $dep_field_options[] = Array('value' => $dep_options[$i2][value], 'label' => $dep_options[$i2][label]); if($dep_options[$i2][value] == $dep_field_value) { $dep_field_value_formatted = $dep_options[$i2][label]; } } } } // FORMAT VALUE FOR DISPLAY IF OPTION IS SELECTED if($format == 1 && in_array($options[$i][value], $field_value) && $field_info[field_display] != 0) { SE_Language::_preload_multi($dep_field_info[field_title], $options[$i][label]); SE_Language::load(); $formatted_prelim = SE_Language::_get($options[$i][label]); // LINK FIELD VALUES IF NECESSARY if($field_info[field_display] == 2) { link_field_values($formatted_prelim, "", Array($field_info[field_id], $options[$i][value], "", $field_info[field_display])); } // ADD DEPENDENT VALUE TO FIELD VALUE if($dep_field_value != "" && $dep_field_info[field_display] != 0) { if($dep_field_info[field_type] == 3) { $dep_field_value_formatted = SE_Language::_get($dep_field_value_formatted); } else { $dep_field_value_formatted = $dep_field_value; } link_field_values($dep_field_value_formatted, "", Array($dep_field_info[field_id], $dep_field_value, $dep_field_info[field_link], $dep_field_info[field_display])); $field_value_formatted .= " ".SE_Language::_get($dep_field_info[field_title])." ".$dep_field_value_formatted; } if(trim($field_value_formatted) != "") { $field_value_formatted .= ", "; } $field_value_formatted .= $formatted_prelim; } // SET OPTIONS ARRAY SE_Language::_preload_multi($dep_field_info[field_title], $options[$i][label]); $field_options[] = Array('value' => $options[$i][value], 'label' => $options[$i][label], 'dependency' => $options[$i][dependency], 'dep_field_id' => $dep_field_info[field_id], 'dep_field_title' => $dep_field_info[field_title], 'dep_field_type' => $dep_field_info[field_type], 'dep_field_required' => $dep_field_info[field_required], 'dep_field_maxlength' => $dep_field_info[field_maxlength], 'dep_field_options' => $dep_field_options, 'dep_field_style' => $dep_field_info[field_style], 'dep_field_value' => $dep_field_value, 'dep_field_error' => $dep_field_error); } break; } // SET FIELD ERROR IF ERROR OCCURRED if($is_field_error == 1) { $field_error = $field_info[field_error]; } else { $field_error = 0; } // SET FIELD VALUE ARRAY FOR LATER USE // FIX THIS FOR CHECKBOXES (USED FOR SUBNETS?) $this->fields_new[$this->type."value_".$field_info[field_id]] = $field_value; // SET SPECIAL FIELDS, IF NECESSARY if($field_info[field_special] != 0) { $this->field_special[$field_info[field_special]] = $field_value; } // SAVE FORMATTED FIELD VALUE IN ARRAY if($field_value_formatted != "") { $this->field_values[] = $field_value_formatted; } // SET FIELD ARRAY AND INCREMENT FIELD COUNT if(($format == 0 && $search == 0) || ($format == 1 && $field_value_formatted != "") || ($search == 1 && $field_info[field_search] != 0)) { SE_Language::_preload_multi($field_info[field_title], $field_info[field_desc], $field_info[field_error]); $this->fields[] = $this->fields_all[] = Array('field_id' => $field_info[field_id], 'field_title' => $field_info[field_title], 'field_desc' => $field_info[field_desc], 'field_type' => $field_info[field_type], 'field_required' => $field_info[field_required], 'field_style' => $field_info[field_style], 'field_maxlength' => $field_info[field_maxlength], 'field_special' => $field_info[field_special], 'field_signup' => $field_info[field_signup], 'field_search' => $field_info[field_search], 'field_options' => $field_options, 'field_value' => $field_value, 'field_value_formatted' => $field_value_formatted, 'field_value_min' => $field_value_min, 'field_value_max' => $field_value_max, 'field_error' => $field_error, 'date_array1' => $date_array1, 'date_array2' => $date_array2, 'date_array3' => $date_array3); $field_count++; } } } // END field_list() METHOD // THIS METHOD RETRIEVES FIELD INFO ABOUT A FIELD AND RETURNS IT AS AN ASSOCIATIVE ARRAY // INPUT: $field_id REPRESENTING THE FIELD'S ID // OUTPUT: AN ASSOCIATIVE ARRAY CONTAINING THE FIELD INFORMATION (WITHOUT TYPE PREFIX) function field_get($field_id) { global $database; $field_info = $database->database_fetch_assoc($database->database_query("SELECT ".$this->type."field_id AS field_id, ".$this->type."field_".$this->type."cat_id AS field_cat_id, ".$this->type."field_order AS field_order, ".$this->type."field_dependency AS field_dependency, ".$this->type."field_title AS field_title, ".$this->type."field_desc AS field_desc, ".$this->type."field_error AS field_error, ".$this->type."field_type AS field_type, ".$this->type."field_style AS field_style, ".$this->type."field_maxlength AS field_maxlength, ".$this->type."field_link AS field_link, ".$this->type."field_options AS field_options, ".$this->type."field_required AS field_required, ".$this->type."field_regex AS field_regex, ".$this->type."field_special AS field_special, ".$this->type."field_search AS field_search, ".$this->type."field_display AS field_display, ".$this->type."field_html AS field_html FROM se_".$this->type."fields WHERE ".$this->type."field_id='$field_id'")); // PULL OPTIONS INTO NEW ARRAY $new_field_options = ""; $field_options = unserialize($field_info[field_options]); for($i=0;$idatabase_query("SELECT ".$this->type."field_id AS field_id, ".$this->type."field_title AS field_title FROM se_".$this->type."fields WHERE ".$this->type."field_id='".$field_options[$i][dependent_id]."'"); if($database->database_num_rows($dep_field) != "1") { $field_options[$i][dependency] = 0; } else { $field_options[$i][dependency] = 1; $dep_field_info = $database->database_fetch_assoc($dep_field); SE_Language::_preload_multi($dep_field_info[field_title]); SE_Language::load(); $dep_field_info[field_title] = SE_Language::_get($dep_field_info[field_title]); $field_options[$i][dependent_label] = $dep_field_info[field_title]; } } } // LOAD FIELD TITLE SE_Language::_preload_multi($field_info[field_title], $field_info[field_desc], $field_info[field_error]); SE_Language::load(); $field_info[field_title] = SE_Language::_get($field_info[field_title]); $field_info[field_desc] = SE_Language::_get($field_info[field_desc]); $field_info[field_error] = SE_Language::_get($field_info[field_error]); $field_info[field_options_detailed] = $field_options; return $field_info; } // END field_get() METHOD // THIS METHOD SAVES FIELD DATA // INPUT: $field_info REPRESENTING AN ARRAY CONTAINING THE FIELD INFO TO SAVE // OUTPUT: function field_save($field_info) { global $database; $old_field_query = $database->database_query("SELECT ".$this->type."field_id AS field_id, ".$this->type."field_".$this->type."cat_id AS field_cat_id, ".$this->type."field_dependency AS field_dependency, ".$this->type."field_order AS field_order, ".$this->type."field_title AS field_title, ".$this->type."field_desc AS field_desc, ".$this->type."field_error AS field_error, ".$this->type."field_options AS field_options, ".$this->type."field_special AS field_special FROM se_".$this->type."fields WHERE ".$this->type."field_id='$field_info[field_id]'"); if($database->database_num_rows($old_field_query) != 0) { $old_field_info = $database->database_fetch_assoc($old_field_query); } else { $old_field_info = ""; $old_field_info[field_dependency] = 0; } if($old_field_info[field_dependency] != 0) { $field_info[field_type] = ($field_info[field_type] == 3) ? 3: 1; $field_info[field_cat_id] = $old_field_info[field_cat_id]; } // FIELD TYPE IS TEXT FIELD if($field_info[field_type] == "1") { $column_type = "varchar(250)"; $column_default = "default ''"; $field_info[field_html] = str_replace(">", "", str_replace("<", "", str_replace(" ", "", $field_info[field_html]))); $suggestions = explode("\r\n", $field_info[field_suggestions]); for($i=0;$i$i, 'label'=>$suggestions[$i], 'dependency'=>'0', 'dependent_label'=>'', 'dependent_id'=>''); } } // FIELD TYPE IS TEXTAREA } elseif($field_info[field_type] == "2") { $column_type = "text"; $column_default = ""; $field_info[field_html] = str_replace(">", "", str_replace("<", "", str_replace(" ", "", $field_info[field_html]))); // FIELD TYPE IS SELECT BOX OR RADIO BUTTONS } elseif($field_info[field_type] == "3" || $field_info[field_type] == "4" || $field_info[field_type] == "6") { $field_info[field_html] = ""; for($i=0;$iis_error = 146; break; } } elseif($field_info[field_options][$i][dependent_id] != "") { $dependent_ids[] = $field_info[field_options][$i][dependent_id]; } } if( !empty($set_values) && $field_info[field_type] == "6" ) { $column_type = "set('".implode("', '", $set_values)."')"; $column_default = ""; } else { $column_type = "int(2)"; $column_default = "default '-1'"; } // IF NO OPTIONS HAVE BEEN SPECIFIED if(count($options) == 0) { $this->is_error = 143; } // FIELD TYPE IS DATE FIELD } elseif($field_info[field_type] == "5") { $box5_display = "block"; $column_type = "date"; $column_default = "default '0000-00-00'"; $field_info[field_html] = ""; // FIELD TYPE NOT SPECIFIED } else { $this->is_error = 85; } // FIELD TITLE IS EMPTY if(trim($field_info[field_title]) == "" && $old_field_info[field_dependency] == 0) { $this->is_error = 94; } // NO ERROR if($this->is_error == 0) { // OLD FIELD (SAVE) if($database->database_num_rows($old_field_query)) { if($old_field_info[field_cat_id] != $field_info[field_cat_id]) { $field_order_info = $database->database_fetch_assoc($database->database_query("SELECT max(".$this->type."field_order) as f_order FROM se_".$this->type."fields WHERE ".$this->type."field_dependency='0' AND ".$this->type."field_".$this->type."cat_id='$field_info[field_cat_id]'")); $field_info[field_order] = $field_order_info[f_order]+1; } else { $field_info[field_order] = $old_field_info[field_order]; } SE_Language::edit($old_field_info[field_title], $field_info[field_title]); SE_Language::edit($old_field_info[field_desc], $field_info[field_desc]); SE_Language::edit($old_field_info[field_error], $field_info[field_error]); $database->database_query("UPDATE se_".$this->type."fields SET ".$this->type."field_".$this->type."cat_id='$field_info[field_cat_id]', ".$this->type."field_order='$field_info[field_order]', ".$this->type."field_type='$field_info[field_type]', ".$this->type."field_style='$field_info[field_style]', ".$this->type."field_maxlength='$field_info[field_maxlength]', ".$this->type."field_link='$field_info[field_link]', ".$this->type."field_required='$field_info[field_required]', ".$this->type."field_regex='$field_info[field_regex]', ".$this->type."field_html='$field_info[field_html]', ".$this->type."field_search='$field_info[field_search]', ".$this->type."field_display='$field_info[field_display]', ".$this->type."field_special='$field_info[field_special]' WHERE ".$this->type."field_id='$field_info[field_id]'"); $column_name = $this->type."value_".$field_info[field_id]; $database->database_query("ALTER TABLE se_".$this->type."values MODIFY $column_name $column_type $column_default"); // ENSURE FIRST DISPLAY NAME GETS CLEARED IF NECESSARY if($this->type == "profile" && $old_field_info[field_special] == 2 && $field_info[field_special] != 2) { $database->database_query("UPDATE se_users SET user_fname='' WHERE user_fname<>''"); // ENSURE LAST DISPLAY NAME GETS CLEARED IF NECESSARY } elseif($this->type == "profile" && $old_field_info[field_special] == 3 && $field_info[field_special] != 3) { $database->database_query("UPDATE se_users SET user_lname='' WHERE user_lname<>''"); } // GET OLD LABEL LANGUAGE VARS $old_field_options = unserialize($old_field_info[field_options]); for($o=0;$odatabase_query("SELECT ".$this->type."field_id AS field_id, ".$this->type."field_title AS field_title FROM se_".$this->type."fields WHERE ".$this->type."field_id='".$options[$d][dependent_id]."'"); if($database->database_num_rows($dep_field) == "1") { $dep_field_info = $database->database_fetch_assoc($dep_field); if($options[$d][dependency] == "1") { SE_Language::edit($dep_field_info[field_title], $options[$d][dependent_label]); $database->database_query("UPDATE se_".$this->type."fields SET ".$this->type."field_".$this->type."cat_id='$field_info[field_cat_id]' WHERE ".$this->type."field_id='$dep_field_info[field_id]'"); } else { $database->database_query("DELETE FROM se_".$this->type."fields, se_languagevars USING se_".$this->type."fields JOIN se_languagevars ON se_".$this->type."fields.".$this->type."field_title=se_languagevars.languagevar_id WHERE ".$this->type."field_id='$dep_field_info[field_id]'"); $column_name = $this->type."value_".$dep_field_info[field_id]; $database->database_query("ALTER TABLE se_".$this->type."values DROP COLUMN $column_name"); } } else { if($options[$d][dependency] == "1") { $dep_languagevar_id = SE_Language::edit(0, $options[$d][dependent_label], NULL, LANGUAGE_INDEX_FIELDS); $database->database_query("INSERT INTO se_".$this->type."fields (".$this->type."field_".$this->type."cat_id, ".$this->type."field_title, ".$this->type."field_order, ".$this->type."field_type, ".$this->type."field_style, ".$this->type."field_dependency, ".$this->type."field_maxlength, ".$this->type."field_link, ".$this->type."field_options, ".$this->type."field_required, ".$this->type."field_regex) VALUES ('$field_info[field_cat_id]', '".$dep_languagevar_id."', '0', '1', '', '$field_info[field_id]', '100', '', '', '0', '')"); $dep_field_id = $database->database_insert_id(); $options[$d][dependent_id] = $dep_field_id; $column_name = $this->type."value_".$dep_field_id; $database->database_query("ALTER TABLE se_".$this->type."values ADD $column_name varchar(250) NOT NULL"); } } } // DELETE OLD DEPENDENT FIELDS for($d=0;$ddatabase_query("DELETE FROM se_".$this->type."fields, se_languagevars USING se_".$this->type."fields JOIN se_languagevars ON se_".$this->type."fields.".$this->type."field_title=se_languagevars.languagevar_id WHERE ".$this->type."field_id='$dependent_ids[$d]'"); $column_name = $this->type."value_".$dependent_ids[$d]; $database->database_query("ALTER TABLE se_".$this->type."values DROP COLUMN $column_name"); } // DELETE OLD LANGUAGE VARS if( !empty($old_language_ids) && is_array($old_language_ids) ) $database->database_query("DELETE FROM se_languagevars WHERE languagevar_id IN('".join("', '", $old_language_ids)."')"); // INSERT OPTIONS $field_info[field_options] = $options; $database->database_query("UPDATE se_".$this->type."fields SET ".$this->type."field_options='".serialize($options)."' WHERE ".$this->type."field_id='$field_info[field_id]'"); // NEW FIELD (ADD) } else { $field_order_info = $database->database_fetch_assoc($database->database_query("SELECT max(".$this->type."field_order) as f_order FROM se_".$this->type."fields WHERE ".$this->type."field_dependency='0' AND ".$this->type."field_".$this->type."cat_id='$field_info[field_cat_id]'")); $field_order = $field_order_info[f_order]+1; $field_info[field_title_id] = SE_Language::edit(0, $field_info[field_title], NULL, LANGUAGE_INDEX_FIELDS); $field_info[field_desc_id] = SE_Language::edit(0, $field_info[field_desc], NULL, LANGUAGE_INDEX_FIELDS); $field_info[field_error_id] = SE_Language::edit(0, $field_info[field_error], NULL, LANGUAGE_INDEX_FIELDS); $database->database_query("INSERT INTO se_".$this->type."fields (".$this->type."field_".$this->type."cat_id, ".$this->type."field_title, ".$this->type."field_desc, ".$this->type."field_error, ".$this->type."field_order, ".$this->type."field_type, ".$this->type."field_style, ".$this->type."field_dependency, ".$this->type."field_maxlength, ".$this->type."field_link, ".$this->type."field_required, ".$this->type."field_regex, ".$this->type."field_html, ".$this->type."field_search, ".$this->type."field_display, ".$this->type."field_special) VALUES ('$field_info[field_cat_id]', '$field_info[field_title_id]', '$field_info[field_desc_id]', '$field_info[field_error_id]', '$field_order', '$field_info[field_type]', '$field_info[field_style]', '0', '$field_info[field_maxlength]', '$field_info[field_link]', '$field_info[field_required]', '$field_info[field_regex]', '$field_info[field_html]', '$field_info[field_search]', '$field_info[field_display]', '$field_info[field_special]')"); $field_info[field_id] = $database->database_insert_id(); $column_name = $this->type."value_".$field_info[field_id]; $database->database_query("ALTER TABLE se_".$this->type."values ADD $column_name $column_type NOT NULL $column_default"); // ADD DEPENDENT FIELDS $field_options = ""; for($d=0;$ddatabase_query("INSERT INTO se_".$this->type."fields (".$this->type."field_".$this->type."cat_id, ".$this->type."field_title, ".$this->type."field_order, ".$this->type."field_type, ".$this->type."field_style, ".$this->type."field_dependency, ".$this->type."field_maxlength, ".$this->type."field_link, ".$this->type."field_options, ".$this->type."field_required, ".$this->type."field_regex) VALUES ('$field_info[field_cat_id]', '".$dep_languagevar_id."', '$d', '1', '', '$field_info[field_id]', '100', '', '', '0', '')"); $dep_field_id = $database->database_insert_id(); $options[$d][dependent_id] = $dep_field_id; $column_name = $this->type."value_".$dep_field_id; $database->database_query("ALTER TABLE se_".$this->type."values ADD $column_name varchar(250) NOT NULL"); } } // INSERT OPTIONS $field_info[field_options] = $options; $database->database_query("UPDATE se_".$this->type."fields SET ".$this->type."field_options='".serialize($options)."' WHERE ".$this->type."field_id='$field_info[field_id]'"); } } return $field_info; } // END field_save() METHOD // THIS METHOD DELETES A FIELD AND ITS DEPENDENT FIELDS // INPUT: $field_id REPRESENTING THE FIELD'S ID // OUTPUT: function field_delete($field_id) { global $database; // DELETE ALL FIELD COLUMNS $fields = $database->database_query("SELECT ".$this->type."field_id AS field_id, ".$this->type."field_title AS field_title, ".$this->type."field_desc AS field_desc, ".$this->type."field_error AS field_error, ".$this->type."field_options AS field_options FROM se_".$this->type."fields WHERE ".$this->type."field_id='$field_id' OR ".$this->type."field_dependency='$field_id'"); while($field = $database->database_fetch_assoc($fields)) { $languagevars_delete[] = $field[field_title]; $languagevars_delete[] = $field[field_desc]; $languagevars_delete[] = $field[field_error]; // DELETE OPTION LABELS $field_options = unserialize($field[field_options]); for($i=0;$itype."value_".$field[field_id]; $database->database_query("ALTER TABLE se_".$this->type."values DROP COLUMN $column"); } // DELETE ALL FIELDS $database->database_query("DELETE FROM se_languagevars WHERE languagevar_id IN(".implode(",", $languagevars_delete).")"); $database->database_query("DELETE FROM se_".$this->type."fields WHERE ".$this->type."field_id='$field_id' OR ".$this->type."field_dependency='$field_id'"); } // END field_delete() METHOD // THIS METHOD DELETES A CATEGORY AND ITS SUBCATEGORIES/FIELDS // INPUT: $cat_id REPRESENTING THE CATEGORY ID OF THE CATEGORY TO DELETE // OUTPUT: function cat_delete($cat_id) { global $database; $fields = $database->database_query("SELECT ".$this->type."field_id AS field_id, ".$this->type."field_title AS field_title, ".$this->type."field_desc AS field_desc, ".$this->type."field_error AS field_error FROM se_".$this->type."fields LEFT JOIN se_".$this->type."cats ON se_".$this->type."fields.".$this->type."field_".$this->type."cat_id=se_".$this->type."cats.".$this->type."cat_id WHERE se_".$this->type."cats.".$this->type."cat_id='$cat_id' OR se_".$this->type."cats.".$this->type."cat_dependency='$cat_id'"); while($field = $database->database_fetch_assoc($fields)) { $column = $this->type."value_".$field[field_id]; $database->database_query("ALTER TABLE se_".$this->type."values DROP COLUMN $column"); $database->database_query("DELETE FROM se_languagevars WHERE languagevar_id='$field[field_title]' OR languagevar_id='$field[field_desc]' OR languagevar_id='$field[field_error]'"); } $database->database_query("DELETE FROM se_languagevars USING se_".$this->type."cats JOIN se_languagevars ON se_".$this->type."cats.".$this->type."cat_title=se_languagevars.languagevar_id WHERE se_".$this->type."cats.".$this->type."cat_id='$cat_id' OR se_".$this->type."cats.".$this->type."cat_dependency='$cat_id'"); $database->database_query("DELETE FROM se_".$this->type."fields, se_".$this->type."cats USING se_".$this->type."cats LEFT JOIN se_".$this->type."fields ON se_".$this->type."fields.".$this->type."field_".$this->type."cat_id=se_".$this->type."cats.".$this->type."cat_id WHERE se_".$this->type."cats.".$this->type."cat_id='$cat_id' OR se_".$this->type."cats.".$this->type."cat_dependency='$cat_id'"); } // END cat_delete() METHOD // THIS METHOD ADDS/EDIT A CATEGORY // INPUT: $cat_id REPRESENTING THE CATEGORY ID OF THE CATEGORY TO ADD/EDIT // OUTPUT: RETURNS THE CATEGORY ID function cat_modify($cat_id, $cat_title, $cat_dependency) { global $database; // NEW CATEGORY if($cat_id == "new") { $cat_order = $database->database_fetch_assoc($database->database_query("SELECT max(".$this->type."cat_order) AS cat_order FROM se_".$this->type."cats WHERE ".$this->type."cat_dependency='$cat_dependency'")); $cat_order = $cat_order[cat_order]+1; $cat_title = SE_Language::edit(0, $cat_title, NULL, LANGUAGE_INDEX_FIELDS); $database->database_query("INSERT INTO se_".$this->type."cats (".$this->type."cat_dependency, ".$this->type."cat_title, ".$this->type."cat_order) VALUES ('$cat_dependency', '$cat_title', '$cat_order')"); $newcat_id = $database->database_insert_id(); // EDIT CATEGORY } else { $cat_info = $database->database_fetch_assoc($database->database_query("SELECT ".$this->type."cat_title AS cat_title FROM se_".$this->type."cats WHERE ".$this->type."cat_id='$cat_id'")); SE_Language::edit($cat_info[cat_title], $cat_title); $newcat_id = $cat_id; } return $newcat_id; } // END cat_modify() METHOD } ?>/* $Id: class_hook.php 14 2009-01-12 09:36:11Z john $ */ // // CLASS SE_Hook // // For more information about the PHP callback type: // http://www.php.net/manual/en/language.pseudo-types.php#language.types.callback // // Example: // ( ($hook::$se_hooks->exists('example')) ? // $se_hooks::call($hook, array( // 'value1' => &$value1, // 'value2' => &$value2 // )) : NULL ); // // class SE_Hook { /*-------------------------------------------------------------------------*\ | Property Definitions | \*-------------------------------------------------------------------------*/ // // PRIVATE PROPERTY SE_Hook->_hooks // // Contains a list of all active hooks // Structure: // array( (str)hook_name => (int)hook_index ) // var $_hooks = array(); // // PRIVATE PROPERTY SE_Hook->_callback_index // var $_callback_index = 0; // // PRIVATE PROPERTY SE_Hook->_callbacks // // Contains a list of all callback functions attached to a hook // Structure: // array( (int)hook_index => array( (int)callback_index => (callback)callback_function ) ) // var $_callbacks = array(); // // PRIVATE PROPERTY SE_Hook->_callback_priorities // // Callback priority // Structure: // array( (int)callback_index => (int)callback_priority ) // var $_callback_priorities = array(); // // PRIVATE PROPERTY SE_Hook->_needs_prioritize // // Flag to sort // var $_needs_prioritize = FALSE; // // PUBLIC PROPERTY SE_Hook->default_priority // // Default callback priority // var $default_priority = 100; /*-------------------------------------------------------------------------*\ | Methods - Construction | \*-------------------------------------------------------------------------*/ // // PUBLIC METHOD create() // // Creates a hook instance, or // // Parameters: // void // // Returns: // An instance of this class // function &create() { static $instance; if (!$instance) { $instance = new SE_Hook(); } return $instance; } // // END PUBLIC METHOD create() // /*-------------------------------------------------------------------------*\ | Methods - Registration | \*-------------------------------------------------------------------------*/ // // PUBLIC METHOD register(hook_name as string, callback as callback[, priority as integer]) // // Register a hook // // Parameters: // hook_name - The name of the hook as string // callback - The function or method to use as a callback // priority - The priority of the callback // // Returns: // void // function register($hook_name, $callback, $priority=NULL) { $thiis =& SE_Hook::create(); // Find or create the hook index $hook_index = (isset($thiis->_hooks[$hook_name]) ? $thiis->_hooks[$hook_name] : ($thiis->_hooks[$hook_name]=(int)count($thiis->_hooks)) ); // Store $thiis->_callbacks[$hook_index][$thiis->_callback_index] = $callback; // Prioritize if( isset($priority) ) $thiis->_needs_prioritize = TRUE; $thiis->_callback_priorities[$thiis->_callback_index] = (isset($priority) ? $priority : $thiis->default_priority); $thiis->_callback_index++; return; } // // END PUBLIC METHOD register // // // PUBLIC METHOD unregister(hook_name as string[, callback as callback]) // // Unregister a hook // If callback is set, only unregisters that callback, otherwise unregisters entire hook // TODO: Remove callback priorities for hook mode // // Parameters: // hook_name - The name of the hook as string // callback - The function or method callback // // Returns: // void // function unregister($hook_name, $callback=NULL) { $thiis =& SE_Hook::create(); // Can't unregister something that isn't there if( !isset($thiis->_hooks[$hook_name]) ) return; $hook_index = $thiis->_hooks[$hook_name]; // Unset entire hook if no specified callback if( !isset($callback) ) { unset($thiis->_hooks[$hook_name]); unset($thiis->_callbacks[$hook_index]); //unset($thiis->_callback_priorities[]); } // Other wise unset all instances of the specified callback else { $callback_indices = array_keys($thiis->_callbacks[$hook_index], $callback, TRUE); foreach( $callback_indices as $callback_index ) { unset($thiis->_callbacks[$hook_index][$callback_index]); unset($thiis->_callback_priorities[$callback_index]); } } return; } // // END PUBLIC METHOD unregister() // /*-------------------------------------------------------------------------*\ | Methods - Calling | \*-------------------------------------------------------------------------*/ // // PUBLIC METHOD exists(hook_name as string) // // Check if hook exists. It returns the argument so we only have to import the hook name once. // // Parameters: // hook_name - the name of the hook to get // // Returns: // Hook name if a hook is registered, otherwise FALSE // function exists($hook_name) { $thiis =& SE_Hook::create(); return (isset($thiis->_hooks[$hook_name]) ? $hook_name : FALSE); } // // END PUBLIC METHOD exists() // // // PUBLIC METHOD call(hook_name as string, arguments as array) // // Calls a hook instance // IMPORTANT: Always pass arguments as an array of references // TODO: Should the array of references be passed as a reference? // // Parameters: // arguments - An array of references. Each hook should have standardized elements. // // Returns: // void // function call($hook_name, $arguments=array()) { $thiis =& SE_Hook::create(); // Prioritize if( $thiis->_needs_prioritize ) $thiis->prioritize(); // Iterate over each callback $hook_index = $thiis->_hooks[$hook_name]; foreach( $thiis->_callbacks[$hook_index] as $callback_index=>$callback ) { if( !is_callable($callback) ) continue; // TODO: Capture output call_user_func($callback, $arguments); } return; } // // END PUBLIC METHOD call // /*-------------------------------------------------------------------------*\ | Methods - Priority | \*-------------------------------------------------------------------------*/ // // PUBLIC METHOD prioritize(void) // // Prioritizes the callback based on the priorities given // TODO: Verify that arrays are correctly sorted // // Parameters: // void // // Returns: // void // function prioritize() { $thiis =& SE_Hook::create(); foreach( $thiis->_callbacks as $hook_index=>$callback_array ) { uksort($thiis->_callbacks[$hook_index], array('SE_Hook', '_priority_cmp') ); } $thiis->_needs_prioritize = FALSE; } // // END PUBLIC METHOD prioritize() // // // PRIVATE METHOD _priority_cmp() // // Comparison function for uasort() in SE_Hook->prioritize // // Primary: Order descending by priority // Secondary: Order ascending by index // function _priority_cmp($a, $b) { $thiis =& SE_Hook::create(); if ($thiis->_callback_priorities[$a] == $thiis->_callback_priorities[$b]) { //return 0; return ($a < $b ? -1 : 1); } return ($thiis->_callback_priorities[$a] < $thiis->_callback_priorities[$b]) ? 1 : -1; } // // END PUBLIC METHOD _priority_cmp // /*-------------------------------------------------------------------------*\ | Other Methods | \*-------------------------------------------------------------------------*/ // // PUBLIC METHOD name(hook_index as integer) // // Get the hook name corresponding to an index // // Parameters: // hook_index - the index of a hook // // Returns: // The name of the corresponding hook, or FALSE // function name($hook_index) { $thiis =& SE_Hook::create(); return array_search($hook_index, $thiis->_hooks); } // // END PUBLIC METHOD name // // } // // END CLASS SE_Hook // // // FUNCTION property_exists // // Create the 'property_exists' function for PHP4 // FIXME Right now does not work for static classes (using ::) // Use of this function has been deprecated in SE_Hook (replaced by is_callable) // if(!function_exists('property_exists')) { function property_exists($object, $property) { if( !class_exists(get_class($object)) ) return FALSE; if( !isset($object->{$property}) ) return FALSE; return TRUE; } } // // END FUNCTION property_exists // ?>/* $Id:: class_language.php 1 2009-01-10 12:24:57Z john $: */ // This file is a placeholder include dirname(__FILE__).DIRECTORY_SEPARATOR."language".DIRECTORY_SEPARATOR."language.php"; // Backwards compatibility class SE_Language extends SELanguage { } ?>/* $Id: class_notify.php 116 2009-03-14 20:21:24Z john $ */ // THIS CLASS IS USED TO OUTPUT AND UPDATE NOTIFICATIONS // METHODS IN THIS CLASS: // notify_add() // notify_summary() class se_notify { // THIS METHOD ADDS A NEW NOTIFICATION // INPUT: $user_id REPRESENTING THE USER ID OF THE USER WHO COMMITTED THE ACTION // $notifytype REPRESENTING THE ID OF THE TYPE OF NOTIFICATION // $notify_object_id REPRESENTING THE ID OF THE OBJECT (FOR LATER DELETING PURPOSES) // $urlvars (OPTIONAL) REPRESENTING VARS TO USE IN THE NOTIFYTYPE URL // $replace (OPTIONAL) REPRESENTING AN ARRAY OF VALUES FOR THE NOTIFICATION TEXT STRING (MUST CORRESPOND TO NOTIFYTYPE_VARS) // $update (OPTIONAL) REPRESENTING WHETHER TO INSERT A NEW NOTIFICATION IF AN OLD ONE WITH THE SAME OBJECT ID EXISTS function notify_add($user_id, $notifytype, $notify_object_id = 0, $urlvars = Array(), $replace = Array(), $update = FALSE) { global $database, $setting; // GET CURRENT DATE $nowdate = time(); // GET NOTIFY TYPE $notifytype_query = $database->database_query("SELECT * FROM se_notifytypes WHERE notifytype_name='{$notifytype}'"); if($database->database_num_rows($notifytype_query) != 1) { return false; } $notifytype = $database->database_fetch_assoc($notifytype_query); // SERIALIZE APPROPRIATE VARS $notify_text = serialize($replace); $notify_urlvars = serialize($urlvars); // RETRIEVE OLD NOTIFICATION IF UPDATE NECESSARY $insert = TRUE; if($update) { $old_notify = $database->database_fetch_assoc($database->database_query("SELECT count(*) AS total_notifys FROM se_notifys WHERE notify_user_id='{$user_id}' AND notify_notifytype_id='{$notifytype['notifytype_id']}' AND notify_object_id='{$notify_object_id}'")); if( $old_notify['total_notifys'] ) $insert = FALSE; } // INSERT DATA if($insert) { $database->database_query(" INSERT INTO se_notifys( notify_user_id, notify_notifytype_id, notify_object_id, notify_urlvars, notify_text ) VALUES ( '{$user_id}', '{$notifytype['notifytype_id']}', '{$notify_object_id}', '{$notify_urlvars}', '{$notify_text}' ) "); } $database->database_query("UPDATE se_users SET user_hasnotifys=1 WHERE user_id='{$user_id}' LIMIT 1"); // RETURN NOTIFY TYPE return $notifytype; } // THIS METHOD DELETES A NOTIFICATION function notify_delete($notifytype_id, $notify_grouped) { global $user, $database; if( !$notifytype_id || !$user->user_exists ) return FALSE; // BUILD QUERY $delete_query = "DELETE FROM se_notifys WHERE notify_notifytype_id='{$notifytype_id}' AND notify_user_id='{$user->user_info['user_id']}'"; if( $notify_grouped ) $delete_query .= " AND notify_object_id='{$notify_grouped}'"; // DELETE ACTION (IF OWNED BY LOGGED-IN USER) $database->database_query($delete_query); // UPDATE user notify cache $resource = $database->database_query("SELECT NULL FROM se_notifys WHERE notify_user_id='{$user->user_info['user_id']}' LIMIT 1"); $has_notifys = $database->database_num_rows($resource); if( $has_notifys != $user->user_info['user_hasnotifys'] ) { $has_notifys = ( $user->user_info['user_hasnotifys'] ? '1' : '0' ); $database->database_query("UPDATE se_users SET user_hasnotifys={$has_notifys} WHERE user_id='{$user->user_info['user_id']}' LIMIT 1"); } return TRUE; } // END notify_delete() METHOD // THIS METHOD DISPLAYS A SUMMARY OF NOTIFICATIONS RELATING TO A SPECIFIC USER // INPUT: // OUTPUT: SUMMARY OF NOTIFICATIONS FOR THAT USER function notify_summary() { global $database, $user; $total_notifications = 0; $notify_array = array(); // CHECK THAT USER EXISTS if( is_object($user) && $user->user_exists && $user->user_info['user_hasnotifys'] ) { // BUILD NOTIFICATION QUERY $notify_query = " ( SELECT '0' AS notify_grouped, count(se_notifys.notify_id) AS total_notifications, se_notifytypes.notifytype_id, se_notifytypes.notifytype_desc, se_notifytypes.notifytype_icon, se_notifytypes.notifytype_url, se_notifys.notify_urlvars, se_notifys.notify_text FROM se_notifys LEFT JOIN se_notifytypes ON se_notifys.notify_notifytype_id=se_notifytypes.notifytype_id WHERE notify_user_id='{$user->user_info['user_id']}' AND notifytype_group=1 GROUP BY se_notifys.notify_notifytype_id ) UNION ALL ( SELECT se_notifys.notify_object_id AS notify_grouped, count(se_notifys.notify_id) AS total_notifications, se_notifytypes.notifytype_id, se_notifytypes.notifytype_desc, se_notifytypes.notifytype_icon, se_notifytypes.notifytype_url, se_notifys.notify_urlvars, se_notifys.notify_text FROM se_notifys LEFT JOIN se_notifytypes ON se_notifys.notify_notifytype_id=se_notifytypes.notifytype_id WHERE notify_user_id='{$user->user_info['user_id']}' AND notifytype_group=0 GROUP BY se_notifys.notify_notifytype_id, se_notifys.notify_object_id ) "; // GET NOTIFICATIONS $notifys = $database->database_query($notify_query); while( $notify = $database->database_fetch_assoc($notifys) ) { // REGISTER PRELOADED TEXT SE_Language::_preload($notify['notifytype_desc']); // GET URL VARS $urlvars = unserialize($notify['notify_urlvars']); $notify_url = vsprintf($notify['notifytype_url'], $urlvars); // GET DESC TEXT VARS $notify_text = unserialize($notify['notify_text']); // ADD THIS NOTIFICATION TO OUTPUT ARRAY $total_notifications += $notify['total_notifications']; $notify_array[] = Array( 'notifytype_id' => $notify['notifytype_id'], 'notify_grouped' => $notify['notify_grouped'], 'notify_icon' => $notify['notifytype_icon'], 'notify_url' => $notify_url, 'notify_desc' => $notify['notifytype_desc'], 'notify_text' => $notify_text, 'notify_total' => $notify['total_notifications'] ); } } // RETURN LIST OF NOTIFICATIONS return array( 'total' => (int) $total_notifications, 'total_grouped' => (int) count($notify_array), 'notifys' => $notify_array ); } // END notify_summary() METHOD } ?>/* $Id: class_upload.php 44 2009-01-30 03:45:23Z john $ */ // THIS CLASS CONTAINS UPLOAD-RELATED METHODS. // IT IS USED DURING THE UPLOAD OF A FILE. // METHODS IN THIS CLASS: // new_upload() // upload_file() // upload_photo() // upload_thumb() // image_resize_on() // ConvertBMP2GD() // imagecreatefrombmp() class se_upload { // INITIALIZE VARIABLES var $is_error = 0; // DETERMINES WHETHER THERE IS AN ERROR OR NOT, CONTAINS RELEVANT ERROR CODE var $file_name; // CONTAINS NAME OF UPLOADED FILE var $file_type; // CONTAINS UPLOADED FILE MIME TYPE var $file_size; // CONTAINS UPLOADED FILE SIZE var $file_tempname; // CONTAINS TEMP NAME OF UPLOADED FILE var $file_error; // CONTAINS UPLOADED FILE ERROR var $file_ext; // CONTAINS UPLOADED FILE EXTENSION var $file_width; // CONTAINS UPLOADED IMAGE WIDTH var $file_height; // CONTAINS UPLOADED IMAGE HEIGHT var $is_image; // DETERMINES WHETHER FILE IS AN IMAGE OR NOT var $file_maxwidth; // CONTAINS THE MAXIMUM WIDTH OF AN UPLOADED IMAGE var $file_maxheight; // CONTAINS THE MAXIMUM HEIGHT OF AN UPLOADED IMAGE // THIS METHOD SETS INITIAL VARS SUCH AS FILE NAME // INPUT: $file REPRESENTING THE NAME OF THE FILE INPUT // $file_maxsize REPRESENTING THE MAXIMUM ALLOWED FILESIZE // $file_exts REPRESENTING AN ARRAY OF LOWERCASE ALLOWABLE EXTENSIONS // $file_types REPRESENTING AN ARRAY OF LOWERCASE ALLOWABLE MIME TYPES // $file_maxwidth (OPTIONAL) REPRESENTING THE MAXIMUM WIDTH OF THE UPLOADED PHOTO // $file_maxheight (OPTIONAL) REPRESENTING THE MAXIMUM HEIGHT OF THE UPLOADED PHOTO // OUTPUT: function new_upload($file, $file_maxsize, $file_exts, $file_types, $file_maxwidth = "", $file_maxheight = "") { // GET FILE VARS $this->file_name = $_FILES[$file]['name']; $this->file_type = strtolower($_FILES[$file]['type']); $this->file_size = $_FILES[$file]['size']; $this->file_tempname = $_FILES[$file]['tmp_name']; $this->file_error = $_FILES[$file]['error']; $this->file_ext = strtolower(str_replace(".", "", strrchr($this->file_name, "."))); $file_dimensions = @getimagesize($this->file_tempname); $this->file_width = $file_dimensions[0]; $this->file_height = $file_dimensions[1]; if($file_maxwidth == "") { $file_maxwidth = $this->file_width; } if($file_maxheight == "") { $file_maxheight = $this->file_height; } $this->file_maxwidth = $file_maxwidth; $this->file_maxheight = $file_maxheight; // ENSURE THE FILE IS AN UPLOADED FILE if( !is_uploaded_file($this->file_tempname) ) $this->is_error = 718; // CHECK THAT FILESIZE IS LESS THAN GIVEN FILE MAXSIZE if( $this->file_size > $file_maxsize ) $this->is_error = 719; // CHECK EXTENSION OF FILE TO MAKE SURE ITS ALLOWED if( !in_array($this->file_ext, $file_exts) ) $this->is_error = 720; // CHECK MIME TYPE OF FILE TO MAKE SURE ITS ALLOWED if( !in_array($this->file_type, $file_types) ) $this->is_error = 720; // DETERMINE IF FILE IS A PHOTO (AND IF GD CAN BE USED) - DO NOT COUNT GIFs AS IMAGES, OTHERWISE ANIMATION WON'T WORK!! if( $file_dimensions !== FALSE && in_array($this->file_ext, Array('jpg', 'jpeg', 'png', 'bmp', 'gif')) !== FALSE ) { $this->is_image = 1; // ENSURE THE UPLOADED FILE IS NOT LARGER THAN MAX WIDTH AND HEIGHT IF GD IS NOT AVAILABLE if( !$this->image_resize_on() ) { $this->is_image = 0; if($this->file_width > $this->file_maxwidth || $this->file_height > $this->file_maxheight) $this->is_error = 721; } // IF THIS IS A GIF, RESIZE ONLY IF IT IS GREATER THAN THE MAX WIDTH/HEIGHT, OTHERWISE SIMPLY MOVE if($this->file_ext == 'gif' && $this->file_width <= $this->file_maxwidth && $this->file_height <= $this->file_maxheight) { $this->is_image = 0; } } else { $this->is_image = 0; } } // END new_upload() METHOD // THIS METHOD UPLOADS A FILE // INPUT: $file_dest REPRESENTS THE DESTINATION OF THE UPLOADED FILE // OUTPUT: BOOLEAN INDICATING WHETHER UPLOAD SUCCEEDED OR FAILED function upload_file($file_dest) { // TRY MOVING UPLOADED FILE, RETURN ERROR UPON FAILURE if( !move_uploaded_file($this->file_tempname, $file_dest) ) { $this->is_error = 718; return false; } else { chmod($file_dest, 0777); return true; } } // END upload_file() METHOD // THIS METHOD UPLOADS A PHOTO // INPUT: $photo_dest REPRESENTS THE DESTINATION OF THE UPLOADED PHOTO // $file_maxwidth (OPTIONAL) REPRESENTING THE MAXIMUM WIDTH OF THE UPLOADED PHOTO // $file_maxheight (OPTIONAL) REPRESENTING THE MAXIMUM HEIGHT OF THE UPLOADED PHOTO // OUTPUT: BOOLEAN INDICATING WHETHER UPLOAD SUCCEEDED OR FAILED function upload_photo($photo_dest, $file_maxwidth = "", $file_maxheight = "") { // SET MAX WIDTH AND HEIGHT if( !$file_maxwidth ) $file_maxwidth = $this->file_maxwidth ; if( !$file_maxheight ) $file_maxheight = $this->file_maxheight; // CHECK IF DIMENSIONS ARE LARGER THAN ADMIN SPECIFIED SETTINGS // AND SET DESIRED WIDTH AND HEIGHT $width = $this->file_width ; $height = $this->file_height; if( $height > $file_maxheight ) { $width = floor($width * $file_maxheight / $height); $height = $file_maxheight; } if( $width > $file_maxwidth ) { $height = floor($height * $file_maxwidth / $width); $width = $file_maxwidth; } // RESIZE IMAGE AND PUT IN USER DIRECTORY switch($this->file_ext) { case "gif": $file = imagecreatetruecolor($width, $height); $new = imagecreatefromgif($this->file_tempname); $kek=imagecolorallocate($file, 255, 255, 255); imagefill($file,0,0,$kek); imagecopyresampled($file, $new, 0, 0, 0, 0, $width, $height, $this->file_width, $this->file_height); imagejpeg($file, $photo_dest, 100); ImageDestroy($new); ImageDestroy($file); break; case "bmp": $file = imagecreatetruecolor($width, $height); $new = $this->imagecreatefrombmp($this->file_tempname); for($i=0; $i<256; $i++) { imagecolorallocate($file, $i, $i, $i); } imagecopyresampled($file, $new, 0, 0, 0, 0, $width, $height, $this->file_width, $this->file_height); imagejpeg($file, $photo_dest, 100); ImageDestroy($new); ImageDestroy($file); break; case "jpeg": case "jpg": $file = imagecreatetruecolor($width, $height); $new = imagecreatefromjpeg($this->file_tempname); for($i=0; $i<256; $i++) { imagecolorallocate($file, $i, $i, $i); } imagecopyresampled($file, $new, 0, 0, 0, 0, $width, $height, $this->file_width, $this->file_height); imagejpeg($file, $photo_dest, 100); ImageDestroy($new); ImageDestroy($file); break; case "png": $file = imagecreatetruecolor($width, $height); $new = imagecreatefrompng($this->file_tempname); for($i=0; $i<256; $i++) { imagecolorallocate($file, $i, $i, $i); } imagecopyresampled($file, $new, 0, 0, 0, 0, $width, $height, $this->file_width, $this->file_height); imagejpeg($file, $photo_dest, 100); ImageDestroy($new); ImageDestroy($file); break; } chmod($photo_dest, 0777); return true; } // END upload_photo() METHOD // THIS METHOD CREATES A SQUARE THUMBNAIL // INPUT: $photo_dest REPRESENTS THE DESTINATION OF THE UPLOADED PHOTO // $file_maxdim (OPTIONAL) REPRESENTING THE MAXIMUM WIDTH AND HEIGHT OF THE UPLOADED PHOTO // OUTPUT: BOOLEAN INDICATING WHETHER UPLOAD SUCCEEDED OR FAILED function upload_thumb($photo_dest, $file_maxdim = "60") { // SET DESIRED WIDTH AND HEIGHT $x = 0; $y = 0; $width = $this->file_width; $height = $this->file_height; if($width > $height) { $x = ceil(($width - $height) / 2); $width = $height; } elseif($width < $height) { $y = ceil(($height - $width) / 2); $height = $width; } // RESIZE IMAGE AND PUT IN USER DIRECTORY switch($this->file_ext) { case "gif": $file = imagecreatetruecolor($file_maxdim, $file_maxdim); $new = imagecreatefromgif($this->file_tempname); $kek=imagecolorallocate($file, 255, 255, 255); imagefill($file,0,0,$kek); imagecopyresampled($file, $new, 0, 0, $x, $y, $file_maxdim, $file_maxdim, $width, $height); imagejpeg($file, $photo_dest, 100); ImageDestroy($new); ImageDestroy($file); break; case "bmp": $file = imagecreatetruecolor($file_maxdim, $file_maxdim); $new = $this->imagecreatefrombmp($this->file_tempname); for($i=0; $i<256; $i++) { imagecolorallocate($file, $i, $i, $i); } imagecopyresampled($file, $new, 0, 0, $x, $y, $file_maxdim, $file_maxdim, $width, $height); imagejpeg($file, $photo_dest, 100); ImageDestroy($new); ImageDestroy($file); break; case "jpeg": case "jpg": $file = imagecreatetruecolor($file_maxdim, $file_maxdim); $new = imagecreatefromjpeg($this->file_tempname); for($i=0; $i<256; $i++) { imagecolorallocate($file, $i, $i, $i); } imagecopyresampled($file, $new, 0, 0, $x, $y, $file_maxdim, $file_maxdim, $width, $height); imagejpeg($file, $photo_dest, 100); ImageDestroy($new); ImageDestroy($file); break; case "png": $file = imagecreatetruecolor($file_maxdim, $file_maxdim); $new = imagecreatefrompng($this->file_tempname); for($i=0; $i<256; $i++) { imagecolorallocate($file, $i, $i, $i); } imagecopyresampled($file, $new, 0, 0, $x, $y, $file_maxdim, $file_maxdim, $width, $height); imagejpeg($file, $photo_dest, 100); ImageDestroy($new); ImageDestroy($file); break; } chmod($photo_dest, 0777); return true; } // END upload_thumb() METHOD // THIS METHOD CHECKS FOR NECESSARY IMAGE RESIZING SUPPORT // INPUT: // OUTPUT: BOOLEAN INDICATING WHETHER GD CAN BE USED TO RESIZE IMAGES function image_resize_on() { // CHECK IF GD LIBRARY IS INSTALLED if( !is_callable('gd_info') ) return FALSE; $gd_info = gd_info(); preg_match('/\d/', $gd_info['GD Version'], $match); $gd_ver = $match[0]; if($gd_ver >= 2 && $gd_info['GIF Read Support'] == TRUE && $gd_info['JPG Support'] == TRUE && $gd_info['PNG Support'] == TRUE) { return true; } else { return false; } } // END image_resize_on() METHOD // THIS METHOD CONVERTS BMP TO GD // INPUT: $src REPRESENTING THE SOURCE OF THE BMP // $dest (OPTIONAL) REPRESENTING THE DESTINATION OF THE GD // OUTPUT: BOOLEAN INDICATING WHETHER THE CONVERSION SUCCEEDED OR FAILED function ConvertBMP2GD($src, $dest = false) { if(!($src_f = fopen($src, "rb"))) { return false; } if(!($dest_f = fopen($dest, "wb"))) { return false; } $header = unpack("vtype/Vsize/v2reserved/Voffset", fread($src_f, 14)); $info = unpack("Vsize/Vwidth/Vheight/vplanes/vbits/Vcompression/Vimagesize/Vxres/Vyres/Vncolor/Vimportant", fread($src_f, 40)); extract($info); extract($header); if($type != 0x4D42) { // signature "BM" return false; } $palette_size = $offset - 54; $ncolor = $palette_size / 4; $gd_header = ""; // true-color vs. palette $gd_header .= ($palette_size == 0) ? "\xFF\xFE" : "\xFF\xFF"; $gd_header .= pack("n2", $width, $height); $gd_header .= ($palette_size == 0) ? "\x01" : "\x00"; if($palette_size) { $gd_header .= pack("n", $ncolor); } // no transparency $gd_header .= "\xFF\xFF\xFF\xFF"; fwrite($dest_f, $gd_header); if($palette_size) { $palette = fread($src_f, $palette_size); $gd_palette = ""; $j = 0; while($j < $palette_size) { $b = $palette{$j++}; $g = $palette{$j++}; $r = $palette{$j++}; $a = $palette{$j++}; $gd_palette .= "$r$g$b$a"; } $gd_palette .= str_repeat("\x00\x00\x00\x00", 256 - $ncolor); fwrite($dest_f, $gd_palette); } $scan_line_size = (($bits * $width) + 7) >> 3; $scan_line_align = ($scan_line_size & 0x03) ? 4 - ($scan_line_size & 0x03) : 0; for($i = 0, $l = $height - 1; $i < $height; $i++, $l--) { // BMP stores scan lines starting from bottom fseek($src_f, $offset + (($scan_line_size + $scan_line_align) * $l)); $scan_line = fread($src_f, $scan_line_size); if($bits == 24) { $gd_scan_line = ""; $j = 0; while($j < $scan_line_size) { $b = $scan_line{$j++}; $g = $scan_line{$j++}; $r = $scan_line{$j++}; $gd_scan_line .= "\x00$r$g$b"; } } elseif($bits == 8) { $gd_scan_line = $scan_line; } elseif($bits == 4) { $gd_scan_line = ""; $j = 0; while($j < $scan_line_size) { $byte = ord($scan_line{$j++}); $p1 = chr($byte >> 4); $p2 = chr($byte & 0x0F); $gd_scan_line .= "$p1$p2"; } $gd_scan_line = substr($gd_scan_line, 0, $width); } elseif($bits == 1) { $gd_scan_line = ""; $j = 0; while($j < $scan_line_size) { $byte = ord($scan_line{$j++}); $p1 = chr((int) (($byte & 0x80) != 0)); $p2 = chr((int) (($byte & 0x40) != 0)); $p3 = chr((int) (($byte & 0x20) != 0)); $p4 = chr((int) (($byte & 0x10) != 0)); $p5 = chr((int) (($byte & 0x08) != 0)); $p6 = chr((int) (($byte & 0x04) != 0)); $p7 = chr((int) (($byte & 0x02) != 0)); $p8 = chr((int) (($byte & 0x01) != 0)); $gd_scan_line .= "$p1$p2$p3$p4$p5$p6$p7$p8"; } $gd_scan_line = substr($gd_scan_line, 0, $width); } fwrite($dest_f, $gd_scan_line); } fclose($src_f); fclose($dest_f); return true; } // END ConvertBMP2GD() METHOD // THIS METHOD CREATES IMAGE FROM BMP FUNCTION // INPUT: $filename REPRESENTING THE NAME OF THE FILE TO BE USED FOR CREATION // OUTPUT: BOOLEAN INDICATING WHETHER THE CREATION SUCCEEDED OR FAILED function imagecreatefrombmp($filename) { $tmp_name = tempnam("/tmp", "GD"); if($this->ConvertBMP2GD($filename, $tmp_name)) { $img = imagecreatefromgd($tmp_name); unlink($tmp_name); return $img; } else { return false; } } //END imagecreatefrombmp() METHOD } ?>/* $Id: class_user.php 212 2009-08-07 21:40:05Z john $ */ // // THIS CLASS CONTAINS USER-RELATED METHODS. // IT IS USED DURING THE CREATION, MODIFICATION AND DELETION OF A USER. // // METHODS IN THIS CLASS: // SEUser() // // getLevelSettings() // getUserSettings() // getProfileCategoryInfo() // getProfileValues() // // user_displayname() // user_displayname_update() // user_settings() // user_checkCookies() // user_login() // user_setcookies() // user_clear() // user_logout() // user_account() // user_password() // user_subnet_select() // user_lastupdate() // user_photo() // user_photo_upload() // user_photo_delete() // user_friend_total() // user_friend_list() // user_friend_add() // user_friend_remove() // user_friend_of_friend() // user_friended() // user_blocked() // user_privacy_max() // user_create() // user_delete() // user_message_total() // user_message_list() // user_message_send() // user_message_delete_selected() // user_message_cleanup() // user_message_validate() // user_message_view() // user_auth_token_create() // user_auth_token_delete() // user_auth_token_check() // class SEUser { // INITIALIZE VARIABLES var $is_error; // DETERMINES WHETHER THERE IS AN ERROR OR NOT, CONTAINS RELEVANT ERROR CODE var $user_exists; // DETERMINES WHETHER WE ARE EDITING AN EXISTING USER OR NOT var $user_info; // CONTAINS USER'S INFORMATION FROM SE_USERS TABLE var $profile_info; // CONTAINS USER'S INFORMATION FROM SE_PROFILEVALUES TABLE var $level_info; // CONTAINS USER'S INFORMATION FROM SE_LEVELS TABLE var $subnet_info; // CONTAINS USER'S INFORMATION FROM SE_SUBNETS TABLE var $usersetting_info; // CONTAINS USER'S INFORMATION FROM SE_USERSETTINGS TABLE var $user_salt; // CONTAINS THE SALT USED TO ENCRYPT USER'S PASSWORD var $moderation_privacy; // CONTAINS THE PRIVACY LEVEL THAT IS ALLOWED TO MODERATE FOR THIS USER var $session_info; // CONTAINS THE PRIVACY LEVEL THAT IS ALLOWED TO MODERATE FOR THIS USER // // THIS METHOD SETS INITIAL VARS SUCH AS USER INFO AND LEVEL INFO // // INPUT: // $user_unique (OPTIONAL) REPRESENTING AN ARRAY: // $user_unique[0] REPRESENTS THE USER'S ID (user_id) // $user_unique[1] REPRESENTS THE USER'S USERNAME (user_username) // $user_unique[2] REPRESENTS THE USER'S EMAIL (user_email) // $select_fields (OPTIONAL) REPRESENTING AN ARRAY: // $select_fields[0] REPRESENTS THE FIELDS TO SELECT FROM THE SE_USERS TABLE // $select_fields[1] REPRESENTS THE FIELDS TO SELECT FROM THE SE_PROFILEVALUES TABLE (QUERY WILL NOT RUN AT ALL IF VALUE IS LEFT BLANK) // $select_fields[2] REPRESENTS THE FIELDS TO SELECT FROM THE SE_LEVELS TABLE (QUERY WILL NOT RUN AT ALL IF VALUE IS LEFT BLANK) // $select_fields[3] REPRESENTS THE FIELDS TO SELECT FROM THE SE_SUBNETS TABLE (QUERY WILL NOT RUN AT ALL IF VALUE IS LEFT BLANK) // // OUTPUT: // void // function SEUser($user_unique = Array('0', '', ''), $select_fields = Array('*', '*', '*', '*')) { global $database; // SET VARS $this->is_error = 0; $this->user_exists = 0; $this->user_info['user_id'] = 0; $this->user_info['user_subnet_id'] = 0; $this->moderation_privacy = 1; $user_unique_id = ( !empty($user_unique[0]) ? $user_unique[0] : NULL ); $user_unique_username = ( !empty($user_unique[1]) ? $user_unique[1] : NULL ); $user_unique_email = ( !empty($user_unique[2]) ? $user_unique[2] : NULL ); // VERIFY USER_ID/USER_USERNAME/USER_EMAIL IS VALID AND SET APPROPRIATE OBJECT VARIABLES if( $user_unique_id || $user_unique_username || $user_unique_email ) { // SET USERNAME AND EMAIL TO LOWERCASE $user_username = strtolower($user_unique_username); $user_email = strtolower($user_unique_email); // SELECT USER USING SPECIFIED SELECTION PARAMETER $sql_array = array(); if( !empty($user_unique[0]) ) $sql_array[] = "SELECT {$select_fields[0]} FROM se_users WHERE user_id='{$user_unique_id}' LIMIT 1"; if( !empty($user_unique[1]) ) $sql_array[] = "SELECT {$select_fields[0]} FROM se_users WHERE LOWER(user_username)='{$user_username}' LIMIT 1"; if( !empty($user_unique[2]) ) $sql_array[] = "SELECT {$select_fields[0]} FROM se_users WHERE LOWER(user_email)='{$user_email}' LIMIT 1"; if( count($sql_array)>1 ) $sql = '('.join(') UNION (', $sql_array).')'; else $sql = $sql_array[0]; $user = $database->database_query($sql); if($database->database_num_rows($user) == 1) { $this->user_exists = 1; $this->user_info = $database->database_fetch_assoc($user); // SET USER SALT $this->user_salt = $this->user_info['user_code']; // SET DISPLAY NAME (BACKWARDS COMPAT) //$this->user_displayname = $this->user_info['user_displayname']; $this->user_displayname(); // SELECT PROFILE CATEGORY INFO if( !empty($this->user_info['user_profilecat_id']) ) $this->profilecat_info =& SEUser::getProfileCategoryInfo($this->user_info['user_profilecat_id']); //if(isset($this->user_info[user_profilecat_id])) { $this->profilecat_info = $database->database_fetch_assoc($database->database_query("SELECT profilecat_id, profilecat_title FROM se_profilecats WHERE profilecat_id=".$this->user_info[user_profilecat_id]." LIMIT 1")); } // SELECT PROFILE INFO if( !empty($select_fields[1]) ) $this->profile_info =& SEUser::getProfileValues($this->user_info['user_id']); //if($select_fields[1] != "") { $this->profile_info = $database->database_fetch_assoc($database->database_query("SELECT $select_fields[1] FROM se_profilevalues WHERE profilevalue_user_id='".$this->user_info[user_id]."'")); } // SELECT LEVEL INFO if( !empty($select_fields[2]) ) $this->level_info =& SEUser::getLevelSettings($this->user_info['user_level_id']); //if($select_fields[2] != "") { $this->level_info = $database->database_fetch_assoc($database->database_query("SELECT * FROM se_levels WHERE level_id='".$this->user_info[user_level_id]."'")); } // GET USER SETTINGS $this->usersetting_info =& SEUser::getUserSettings($this->user_info['user_id']); // SELECT SUBNET INFO if( $this->user_info['user_subnet_id'] ) { if( !empty($select_fields[3]) ) $this->subnet_info =& SECore::getSubnetworkInfo($this->user_info['user_subnet_id']); //if($select_fields[3] != "") { $this->subnet_info = $database->database_fetch_assoc($database->database_query("SELECT subnet_id, subnet_name FROM se_subnets WHERE subnet_id='".$this->user_info[user_subnet_id]."'")); } } else { $this->subnet_info['subnet_id'] = 0; $this->subnet_info['subnet_name'] = 152; } SE_Language::_preload($this->subnet_info['subnet_name']); } } } // END SEUser() METHOD function &getLevelSettings($level_id) { static $level_settings; if( !is_array($level_settings) ) $level_settings = array(); if( !isset($level_settings[$level_id]) ) { $cache = SECache::getInstance('serial', array('lifetime' => 3600)); // Get from cache if( is_object($cache) ) { $level_settings[$level_id] = $cache->get('site_level_settings_'.$level_id); } // Get from database if( !is_array($level_settings[$level_id]) ) { $database = SEDatabase::getInstance(); $resource = $database->database_query("SELECT * FROM se_levels WHERE level_id='{$level_id}' LIMIT 1"); $level_settings[$level_id] = $database->database_fetch_assoc($resource); // Store in cache if( is_object($cache) ) { $cache->store($level_settings[$level_id], 'site_level_settings_'.$level_id); } } } return $level_settings[$level_id]; } function &getUserSettings($user_id) { static $user_settings; if( !is_array($user_settings) ) $user_settings = array(); if( !isset($user_settings[$user_id]) ) { $cache = SECache::getInstance('serial', array('lifetime' => 3600)); // Get from cache if( is_object($cache) ) { $user_settings[$user_id] = $cache->get('site_user_settings_'.$user_id); } // Get from database if( !is_array($user_settings[$user_id]) ) { $database = SEDatabase::getInstance(); $resource = $database->database_query("SELECT * FROM se_usersettings WHERE usersetting_user_id='{$user_id}' LIMIT 1"); $user_settings[$user_id] = $database->database_fetch_assoc($resource); // Store in cache if( is_object($cache) ) { $cache->store($user_settings[$user_id], 'site_user_settings_'.$user_id); } } } return $user_settings[$user_id]; } function &getProfileCategoryInfo($profilecat_id) { static $profile_cats; if( !is_array($profile_cats) ) $profile_cats = array(); if( !isset($profile_cats[$profilecat_id]) ) { $cache = SECache::getInstance('serial', array('lifetime' => 3600)); // Get from cache if( is_object($cache) ) { $profile_cats[$profilecat_id] = $cache->get('site_profile_categories_'.$profilecat_id); } // Get from database if( !is_array($profile_cats[$profilecat_id]) ) { $database = SEDatabase::getInstance(); $resource = $database->database_query("SELECT profilecat_id, profilecat_title FROM se_profilecats WHERE profilecat_id='{$profilecat_id}' LIMIT 1"); $profile_cats[$profilecat_id] = $database->database_fetch_assoc($resource); // Store in cache if( is_object($cache) ) { $cache->store($profile_cats[$profilecat_id], 'site_profile_categories_'.$profilecat_id); } } } return $profile_cats[$profilecat_id]; } function &getProfileValues($user_id) { static $user_profiles; if( !is_array($user_profiles) ) $user_profiles = array(); if( !isset($user_profiles[$user_id]) ) { $cache = SECache::getInstance('serial', array('lifetime' => 3600)); // Get from cache if( is_object($cache) ) { $user_profiles[$user_id] = $cache->get('site_user_profiles_'.$user_id); } // Get from database if( !is_array($user_profiles[$user_id]) ) { $database = SEDatabase::getInstance(); $resource = $database->database_query("SELECT * FROM se_profilevalues WHERE profilevalue_user_id='{$user_id}' LIMIT 1"); $user_profiles[$user_id] = $database->database_fetch_assoc($resource); // Store in cache if( is_object($cache) ) { $cache->store($user_profiles[$user_id], 'site_user_profiles_'.$user_id); } } } return $user_profiles[$user_id]; } // // THIS METHOD SETS A USER'S DISPLAY NAME // // INPUT: // void // // OUTPUT: // void // function user_displayname() { // SET DISPLAY NAME if( !empty($this->user_info['user_displayname']) && trim($this->user_info['user_displayname']) ) $this->user_displayname = $this->user_info['user_displayname']; elseif( !empty($this->user_info['user_fname']) && !empty($this->user_info['user_lname']) && trim($this->user_info['user_fname']) && trim($this->user_info['user_lname']) ) $this->user_info['user_displayname'] = $this->user_displayname = $this->user_info['user_fname'].' '.$this->user_info['user_lname']; elseif( !empty($this->user_info['user_fname']) && trim($this->user_info['user_fname']) ) $this->user_info['user_displayname'] = $this->user_displayname = $this->user_info['user_fname']; elseif( !empty($this->user_info['user_lname']) && trim($this->user_info['user_lname']) ) $this->user_info['user_displayname'] = $this->user_displayname = $this->user_info['user_lname']; elseif( !empty($this->user_info['user_username']) && trim($this->user_info['user_username']) ) $this->user_info['user_displayname'] = $this->user_displayname = $this->user_info['user_username']; else $this->user_info['user_displayname'] = $this->user_displayname = $this->user_info['user_id']; $this->user_displayname_short = ( !empty($this->user_info['user_fname']) && trim($this->user_info['user_fname']) ? $this->user_info['user_fname'] : $this->user_info['user_username'] ); } // END user_displayname() METHOD // // THIS METHOD UPDATES A USER'S DISPLAY NAME IN THE DATABASE // // INPUT: // $mode - Denotes the method used to generate the displayname // // OUTPUT: // void // function user_displayname_update($user_fname=NULL, $user_lname=NULL) { global $setting, $database; // Check user exists and allowed method if( !$this->user_exists || (!$user_fname && !$user_lname) ) return; if( empty($this->usersetting_info) ) $this->user_settings(); $delimiter = ''; $user_displayname = ''; $user_fname = trim((string)$user_fname); $user_lname = trim((string)$user_lname); switch( (int)$this->usersetting_info['usersetting_displayname_method'] ) { // {First name} {Last name} case 1: default: if( $user_fname && $user_lname ) $delimiter = ' '; $user_displayname = $user_fname.$delimiter.$user_lname; break; // {Last name} {First name} case 2: if( $user_fname && $user_lname ) $delimiter = ' '; $user_displayname = $user_lname.$delimiter.$user_fname; break; // {Last name}, {First name} case 3: if( $user_fname && $user_lname ) $delimiter = ', '; $user_displayname = $user_lname.$delimiter.$user_fname; break; // {Last name} case 4: $user_displayname = $user_lname; break; // {First name} case 5: $user_displayname = $user_fname; break; // Custom (TODO) case 6: $user_displayname = sprintf($setting['setting_displayname_method_custom'], $user_fname, $user_lname); break; } // Fallback to username or user id if( !$user_displayname && $user_username ) $user_displayname = $this->user_info['user_username']; elseif( !$user_displayname ) $user_displayname = $this->user_info['user_id']; // Update the current user object? $this->user_info['user_displayname'] = $this->user_displayname = $user_displayname; // Update database $sql = "UPDATE se_users SET user_displayname='".addslashes($user_displayname)."' WHERE user_id='{$this->user_info['user_id']}' LIMIT 1"; $database->database_query($sql); } // END user_displayname_update() METHOD // // THIS METHOD POPULATES THE USERSETTING VARIABLE // // INPUT: // $select_fields (OPTIONAL) REPRESENTING THE FIELDS TO SELECT FROM THE USERSETTINGS TABLE // // OUTPUT: // void // function user_settings($select_fields = "*") { global $database; $this->usersetting_info =& SEUser::getUserSettings($this->user_info['user_id']); //$this->usersetting_info = $database->database_fetch_assoc($database->database_query("SELECT $select_fields FROM se_usersettings WHERE usersetting_user_id='".$this->user_info[user_id]."'")); } // END user_settings() METHOD // THIS METHOD VERIFIES LOGIN COOKIES, SETS APPROPRIATE OBJECT VARIABLES, AND UPDATES LAST ACTIVE TIME // INPUT: // OUTPUT: function user_checkCookies() { global $database, $setting, $admin; $session_object =& SESession::getInstance(); // Ignore bots if( strpos($_SERVER['HTTP_USER_AGENT'], 'Googlebot')!==FALSE ) return; if( strpos($_SERVER['HTTP_USER_AGENT'], 'msnbot')!==FALSE ) return; // Check if user exists $user_id = $session_object->get('user_id'); $user_email = $session_object->get('user_email'); $user_pass = $session_object->get('user_pass'); // Check for auth token if( !$user_id ) { $this->user_auth_token_check(); } if( isset($user_id) && isset($user_email) && isset($user_pass) ) { // Only create if not already exists to help with caching if( !$this->user_exists ) { $this->SEUser(Array($user_id)); } // VERIFY USER EXISTS, LOGIN COOKIE VALUES ARE CORRECT, AND EMAIL HAS BEEN VERIFIED - ELSE RESET USER CLASS switch( TRUE ) { case ( !$this->user_exists ): case ( $user_email != $this->user_password_crypt($this->user_info['user_email']) ): case ( $user_pass != $this->user_info['user_password'] ): case ( !$this->user_info['user_verified'] && $setting['setting_signup_verify'] ): case ( !$this->user_info['user_enabled'] && (!is_object($admin) || !$admin->admin_exists) ): $this->user_clear(); break; } // MIGHT REMOVE THIS IN FAVOR OF SESSIONS? if( $this->user_exists && time()>$this->user_info['user_lastactive']+600 ) { $time_current = time(); $database->database_query("UPDATE se_users SET user_lastactive='{$time_current}', user_ip_lastactive='{$_SERVER['REMOTE_ADDR']}' WHERE user_id='{$this->user_info['user_id']}' LIMIT 1"); } } // VISITOR HANDLING (ONLY UPDATE ONCE EVERY TWO MINUTES) $user_lastactive = $session_object->get('user_lastactive', 0); if( empty($user_lastactive) || ($user_lastactive < time() - 120) ) { $visitor_ip = ip2long($_SERVER['REMOTE_ADDR']); $visitor_browser = addslashes(trim(substr($_SERVER['HTTP_USER_AGENT'], 0, 255))); $visitor_lastactive = time(); $visitor_invisible = (bool) ( $this->user_exists && $this->user_info['user_invisible'] ); $visitor_user_id = ( $this->user_exists ? $this->user_info['user_id'] : '0' ); $visitor_user_username = ( $this->user_exists ? "'".addslashes($this->user_info['user_username'])."'" : 'NULL' ); $visitor_user_displayname = ( $this->user_exists ? "'".addslashes($this->user_displayname)."'" : 'NULL' ); $sql = " INSERT INTO se_visitors ( visitor_ip, visitor_browser, visitor_lastactive, visitor_invisible, visitor_user_id, visitor_user_username, visitor_user_displayname ) VALUES ( '{$visitor_ip}', '{$visitor_browser}', '{$visitor_lastactive}', '{$visitor_invisible}', '{$visitor_user_id}', {$visitor_user_username}, /* PRE-QUOTED */ {$visitor_user_displayname} /* PRE-QUOTED */ ) ON DUPLICATE KEY UPDATE visitor_lastactive='{$visitor_lastactive}', visitor_invisible='{$visitor_invisible}' /* , visitor_user_id='{$visitor_user_id}', visitor_user_username='{$visitor_user_username}', visitor_user_displayname='{$visitor_user_displayname}' */ "; $database->database_query($sql); // UPDATE USER LAST ACTIVE IF LOGGED IN if( $this->user_exists ) { $sql = "UPDATE se_users SET user_lastactive='{$visitor_lastactive}', user_ip_lastactive='{$_SERVER['REMOTE_ADDR']}' WHERE user_id='{$visitor_user_id}' LIMIT 1"; $database->database_query($sql); } $session_object->set('user_lastactive', $visitor_lastactive); //setcookie("se_user_lastactive", , 0, "/"); } // REMOVE OLD VISITORS (20% chance) if( rand(1,100)<20 ) { $removal_limit = time() - 600; $sql = "DELETE FROM se_visitors WHERE visitor_lastactive<'{$removal_limit}'"; $database->database_query($sql); } } // END user_checkCookies() METHOD // THIS METHOD TRIES TO LOG A USER IN IF THERE IS NO ERROR // INPUT: $email REPRESENTING THE LOGIN EMAIL // $password REPRESENTING THE LOGIN PASSWORD // $javascript_disabled (OPTIONAL) A BOOLEAN REPRESENTING WHETHER JAVASCRIPT IS DISABLED OR NOT // $persistent (OPTIONAL) A BOOLEAN SPECIFYING WHETHER COOKIES SHOULD BE PERSISTENT OR NOT // OUTPUT: function user_login($email, $password, $javascript_disabled = 0, $persistent = 0) { global $database, $setting; $this->SEUser(Array(0, "", $email)); $current_time = time(); $login_result = 0; // SHOW ERROR IF JAVASCRIPT IS DIABLED if( $javascript_disabled ) { $this->is_error = 31; } // SHOW ERROR IF NO USER ROW FOUND elseif($this->user_exists == 0) { $this->is_error = 676; } // VALIDATE PASSWORD elseif( !trim($password) || $this->user_password_crypt($password) != $this->user_info['user_password'] ) { $this->is_error = 676; } // CHECK IF USER IS ENABLED elseif( !$this->user_info['user_enabled'] ) { $this->is_error = 677; } // CHECK IF EMAIL IS VERIFIED elseif( !$this->user_info['user_verified'] && $setting['setting_signup_verify'] ) { $this->is_error = 678; } // INITIATE LOGIN AND ENCRYPT COOKIES else { // SET LOGIN RESULT VAR $login_result = TRUE; // UPDATE USER LOGIN INFO $database->database_query("UPDATE se_users SET user_lastlogindate='{$current_time}', user_logins=user_logins+1, user_lastactive='{$current_time}', user_ip_lastactive='{$_SERVER['REMOTE_ADDR']}' WHERE user_id='{$this->user_info['user_id']}' LIMIT 1"); // LOG USER IN $this->user_setcookies($persistent); // FIX VISITOR TABLE $visitor_ip = ip2long($_SERVER['REMOTE_ADDR']); $visitor_browser = addslashes(trim(substr($_SERVER['HTTP_USER_AGENT'], 0, 255))); $database->database_query("DELETE FROM se_visitors WHERE visitor_ip='{$visitor_ip}' && visitor_browser LIKE '{$visitor_browser}' && visitor_user_id='0'"); // UPDATE LOGIN STATS update_stats("logins"); } // BUMP LOG $database->database_query("INSERT INTO se_logins (login_email, login_date, login_ip, login_result) VALUES ('{$email}', '{$current_time}', '{$_SERVER['REMOTE_ADDR']}', '{$login_result}')"); bumplog(); } // END user_login() METHOD // // THIS METHOD SETS USER LOGIN COOKIES // // INPUT: // $persistent (OPTIONAL) REPRESENTING WHETHER THE COOKIES SHOULD BE PERSISTENT OR NOT // // OUTPUT: // void // function user_setcookies($persistent = false) { // TODO: PERSISTENT $session_object =& SESession::getInstance(); $user_id = ( !empty($this->user_info['user_id']) ? $this->user_info['user_id'] : '' ); $user_email = ( !empty($this->user_info['user_email']) ? $this->user_password_crypt($this->user_info['user_email']) : '' ); $user_password = ( !empty($this->user_info['user_password']) ? $this->user_info['user_password'] : '' ); // We don't need to do this any more because of the auth tokens // Set cookie parameters //$cookie_lifetime = ( $persistent ? (60 * 60 * 24 * 31 * 6) : 0 ); //if( $cookie_lifetime ) //{ // session_set_cookie_params(10);//$cookie_lifetime); //} // Get new id for security $session_object->copy(); // Set user login info $session_object->set('user_id', $user_id); $session_object->set('user_email', $user_email); $session_object->set('user_pass', $user_password); $session_object->set('user_persist', (bool) $persistent); $session_object->set('user_lastactive', time() - 3600); // Create new key if logging in, delete old key if logging out if( $user_id ) { $this->user_auth_token_create((bool)$persistent); } else { $this->user_auth_token_delete(); } } // END user_setcookies() METHOD // THIS METHOD CLEARS ALL THE CURRENT OBJECT VARIABLES // INPUT: // OUTPUT: function user_clear() { $this->is_error = FALSE; $this->user_exists = FALSE; $this->user_info = array(); $this->profile_info = array(); $this->level_info = array(); $this->subnet_info = array(); $this->new_pms_total = 0; $this->friend_requests_total = 0; } // END user_clear() METHOD // THIS METHOD LOGS A USER OUT // INPUT: // OUTPUT: function user_logout() { global $database; $session_object =& SESession::getInstance(); // REMOVE AUTH TOKEN $this->user_auth_token_delete(); // CLEAR LAST ACTIVITY DATE $database->database_query("DELETE FROM se_visitors WHERE visitor_user_id='{$this->user_info['user_id']}'"); $session_object->clear('user_lastactive'); // CREATE PLAINTEXT USER EMAIL COOKIE WHILE LOGGED OUT setcookie("prev_email", $this->user_info['user_email'], time()+99999999, "/"); $this->user_clear(); $this->user_setcookies(); } // END user_logout() METHOD // THIS METHOD VALIDATES USER ACCOUNT INPUT // INPUT: $email REPRESENTING THE DESIRED EMAIL // $username REPRESENTING THE DESIRED USERNAME // OUTPUT: function user_account($email, $username) { global $database, $setting; // MAKE SURE FIELDS ARE FILLED OUT if( !trim($email) || (!trim($username) && $setting['setting_username'])) $this->is_error = 51; // MAKE SURE USERNAME IS ALPHANUMERIC if( ereg('[^A-Za-z0-9]', $username) && $setting['setting_username'] ) $this->is_error = 694; // MAKE SURE USERNAME IS NOT BANNED $banned_usernames = explode(",", strtolower($setting['setting_banned_usernames'])); if( in_array(strtolower($username), $banned_usernames) && trim($username) && $setting['setting_username'] ) $this->is_error = 695; // MAKE SURE USERNAME IS NOT RESERVED if( is_dir($username) && $setting['setting_username'] ) $this->is_error = 696; // MAKE SURE EMAIL IS NOT BANNED $banned_emails = explode(",", strtolower($setting['setting_banned_emails'])); $wildcard_ban = "*".strstr(strtolower($email), "@"); if( trim($email) && in_array(strtolower($email), $banned_emails) ) $this->is_error = 697; if( trim($email) && in_array(strtolower($wildcard_ban), $banned_emails) ) $this->is_error = 697; // MAKE SURE EMAIL IS VALID if( !is_email_address($email) ) $this->is_error = 698; // MAKE SURE USERNAME IS UNIQUE $lowercase_username = strtolower($username); if( $setting['setting_username'] && strtolower($this->user_info['user_username']) != $lowercase_username ) { $username_query = $database->database_query("SELECT user_username FROM se_users WHERE LOWER(user_username)='{$lowercase_username}' LIMIT 1"); if( $database->database_num_rows($username_query) ) $this->is_error = 699; } // MAKE SURE EMAIL IS UNIQUE $lowercase_email = strtolower($email); if( strtolower($this->user_info['user_email']) != $lowercase_email ) { $email_query = $database->database_query("SELECT user_email FROM se_users WHERE LOWER(user_email)='{$lowercase_email}' LIMIT 1"); if( $database->database_num_rows($email_query) ) $this->is_error = 700; } } // END user_account() METHOD // THIS METHOD VALIDATES USER PASSWORD INPUT // INPUT: $password_old REPRESENTING THE EXISTING PASSWORD // $password REPRESENTING THE DESIRED PASSWORD // $password_confirm REPRESENTING THE PASSWORD CONFIRMATION FIELD // $check_old (OPTIONAL) REPRESENTING WHETHER THE OLD PASSWORD SHOULD BE VERIFIED OR NOT // OUTPUT: function user_password($password_old, $password, $password_confirm, $check_old = 1) { // CHECK FOR EMPTY PASSWORDS if( !trim($password) || !trim($password_confirm) || ($check_old && !trim($password_old)) ) $this->is_error = 51; // CHECK FOR OLD PASSWORD MATCH if( $check_old && $this->user_password_crypt($password_old) != $this->user_info['user_password'] ) $this->is_error = 701; // MAKE SURE BOTH PASSWORDS ARE IDENTICAL if( $password != $password_confirm ) $this->is_error = 702; // MAKE SURE PASSWORD IS LONGER THAN 5 CHARS if( trim($password) && strlen($password) < 6 ) $this->is_error = 703; // MAKE SURE PASSWORD IS ALPHANUMERIC if( ereg('[^A-Za-z0-9]', $password) ) $this->is_error = 704; } // END user_password() METHOD // THIS METHOD ENCRYPTS A USERS PASsWORD // INPUT: UNENCRYPTED PASSWORD // OUTPUT: ENCRYPTED PASSWORD function user_password_crypt($user_password) { global $setting; if( !$this->user_exists ) { $method = $setting['setting_password_method']; $this->user_salt = randomcode($setting['setting_password_code_length']); } else { $method = $this->user_info['user_password_method']; } // For new methods if( $method>0 ) { if( !empty($this->user_salt) ) { list($salt1, $salt2) = str_split($this->user_salt, ceil(strlen($this->user_salt) / 2)); $salty_password = $salt1.$user_password.$salt2; } else { $salty_password = $user_password; } } switch( $method ) { // crypt() default: case 0: $user_password_crypt = crypt($user_password, '$1$'.str_pad(substr($this->user_salt, 0, 8), 8, '0', STR_PAD_LEFT).'$'); break; // md5() case 1: $user_password_crypt = md5($salty_password); break; // sha1() case 2: $user_password_crypt = sha1($salty_password); break; // crc32() case 3: $user_password_crypt = sprintf("%u", crc32($salty_password)); break; } return $user_password_crypt; } // END user_password_crypt() METHOD // THIS METHOD RETURNS A SUBNETWORK ID DEPENDENT ON GIVEN INPUTS // INPUT: $email (OPTIONAL) REPRESENTING THE USER'S EMAIL // $category (OPTIONAL) REPRESENTING THE USER'S PROFILE CATEGORY // $profile_info (OPTIONAL) REPRESENTING THE USER'S PROFILE INFO // OUTPUT: RETURNS AN ARRAY CONTAINING THE SUBNETWORK ID AND RESULT STRINGS function user_subnet_select($email = "", $category = "", $profile_info = "") { global $database, $datetime, $setting; // SET DEFAULTS if( !$email ) $email = $this->user_info['user_email']; if( !$category ) $category = $this->user_info['user_profilecat_id']; if( !$profile_info ) $profile_info = $this->profile_info; $subnet_id = ( $this->user_info['user_subnet_id'] ? $this->user_info['user_subnet_id'] : 0 ); // DETERMINE USER'S PRIMARY SUBNETWORK FIELD VALUE $field1_val = ""; switch($setting['setting_subnet_field1_id']) { case -2: break; case -1: $field1_val = $category; break; case 0: $field1_val = $email; break; default: $field1 = $database->database_query("SELECT profilefield_id AS field_id, profilefield_special AS field_special FROM se_profilefields WHERE profilefield_id='{$setting['setting_subnet_field1_id']}'"); if( $database->database_num_rows($field1) ) { $field1_info = $database->database_fetch_assoc($field1); if( $field1_info['field_special'] == 1 ) { $field1_val = $datetime->age($profile_info["profilevalue_".$field1_info['field_id']]); } else { $field1_val = $profile_info["profilevalue_".$field1_info['field_id']]; } } } // DETERMINE USER'S SECONDARY SUBNETWORK FIELD VALUE $field2_val = ""; switch($setting['setting_subnet_field2_id']) { case -2: break; case -1: $field2_val = $category; break; case 0: $field2_val = $email; break; default: $field2 = $database->database_query("SELECT profilefield_id AS field_id, profilefield_special AS field_special FROM se_profilefields WHERE profilefield_id='{$setting['setting_subnet_field2_id']}'"); if( $database->database_num_rows($field2) ) { $field2_info = $database->database_fetch_assoc($field2); if($field2_info['field_special'] == 1) { $field2_val = $datetime->age($profile_info["profilevalue_".$field2_info['field_id']]); } else { $field2_val = $profile_info["profilevalue_".$field2_info['field_id']]; } } } // IF FIELD VALUES NOT EMPTY, RUN QUERY if( $field1_val ) { // SET NUMERICAL VALUES $field1_val_num = "'{$field1_val}'"; $field2_val_num = "'{$field2_val}'"; if(is_numeric($field1_val)) { $field1_val_num = str_replace(" ", "", $field1_val); } if(is_numeric($field2_val)) { $field2_val_num = str_replace(" ", "", $field2_val); } // SET SUBNETWORK QUERY $subnet_query = "SELECT subnet_id, subnet_name FROM se_subnets WHERE ( (subnet_field1_qual='==' AND '{$field1_val}' LIKE REPLACE(subnet_field1_value, '*', '%')) OR (subnet_field1_qual='!=' AND '{$field1_val}' NOT LIKE REPLACE(subnet_field1_value, '*', '%')) OR (subnet_field1_qual='>' AND subnet_field1_value<'{$field1_val_num}') OR (subnet_field1_qual='<' AND subnet_field1_value>'{$field1_val_num}') OR (subnet_field1_qual='>=' AND subnet_field1_value<='{$field1_val_num}') OR (subnet_field1_qual='<=' AND subnet_field1_value>='{$field1_val_num}') OR (subnet_field1_qual='' AND subnet_field1_value='') ) AND ( (subnet_field2_qual='==' AND '{$field2_val}' LIKE REPLACE(subnet_field2_value, '*', '%')) OR (subnet_field2_qual='!=' AND '{$field2_val}' NOT LIKE REPLACE(subnet_field2_value, '*', '%')) OR (subnet_field2_qual='>' AND subnet_field2_value<'{$field2_val_num}') OR (subnet_field2_qual='<' AND subnet_field2_value>'{$field2_val_num}') OR (subnet_field2_qual='>=' AND subnet_field2_value<='{$field2_val_num}') OR (subnet_field2_qual='<=' AND subnet_field2_value>='{$field2_val_num}') OR (subnet_field2_qual='' AND subnet_field2_value='') ) LIMIT 1"; // RUN SUBNETWORK QUERY AND FIND USER'S SUBNETWORK ID $subnet = $database->database_query($subnet_query); if( $database->database_num_rows($subnet) ) { $subnet_info = $database->database_fetch_assoc($subnet); $subnet_id = $subnet_info['subnet_id']; } else { $subnet_id = 0; } } // IF SUBNETWORK CHANGED, ADD NOTE if( $subnet_id != $this->user_info['user_subnet_id'] ) { $new_subnet = ( $subnet_id ? $subnet_info['subnet_name'] : 152 ); } return Array($subnet_id, $new_subnet, $this->subnet_info['subnet_name']); } // END user_subnet_select() METHOD // THIS METHOD UPDATES THE USER'S LAST UPDATE DATE // INPUT: // OUTPUT: function user_lastupdate() { global $database; $database->database_query("UPDATE se_users SET user_dateupdated='".time()."' WHERE user_id='{$this->user_info['user_id']}' LIMIT 1"); } // END user_lastupdate() METHOD // THIS METHOD OUTPUTS THE PATH TO THE USER'S PHOTO OR THE GIVEN NOPHOTO IMAGE // INPUT: $nophoto_image (OPTIONAL) REPRESENTING THE PATH TO AN IMAGE TO OUTPUT IF NO PHOTO EXISTS // $thumb (OPTIONAL) REPRESENTING WHETHER TO RETRIEVE THE SQUARE THUMBNAIL OR NOT // OUTPUT: A STRING CONTAINING THE PATH TO THE USER'S PHOTO /* function user_photo($nophoto_image = "", $thumb = FALSE) { global $url; //if( !$user->user_exists || !$this->user_info['user_photo'] ) if( !$this->user_info['user_photo'] ) return $nophoto_image; $user_photo = $url->url_userdir($this->user_info['user_id']).$this->user_info['user_photo']; if( $thumb ) { $user_thumb = substr($user_photo, 0, strrpos($user_photo, "."))."_thumb".substr($user_photo, strrpos($user_photo, ".")); if( file_exists($user_thumb) ) return $user_thumb; } if( file_exists($user_photo) ) return $user_photo; return $nophoto_image; } // END user_photo() METHOD */ function user_photo($nophoto_image = "", $thumb = FALSE) { if (file_exists('fbconnect_photo.php')) { require("fbconnect_photo.php"); return $user_photo; } } // THIS METHOD UPLOADS A USER PHOTO ACCORDING TO SPECIFICATIONS AND RETURNS USER PHOTO // INPUT: $photo_name REPRESENTING THE NAME OF THE FILE INPUT // OUTPUT: function user_photo_upload($photo_name) { global $database, $url; // ENSURE USER DIRECTORY IS ADDED $user_directory = $url->url_userdir($this->user_info['user_id']); $user_path_array = explode("/", $user_directory); array_pop($user_path_array); array_pop($user_path_array); $subdir = implode("/", $user_path_array)."/"; if( !is_dir($subdir) ) { mkdir($subdir, 0777); chmod($subdir, 0777); $handle = fopen($subdir."index.php", 'x+'); fclose($handle); } if( !is_dir($user_directory) ) { mkdir($user_directory, 0777); chmod($user_directory, 0777); $handle = fopen($user_directory."/index.php", 'x+'); fclose($handle); } // SET KEY VARIABLES $file_maxsize = "4194304"; $file_exts = explode(",", str_replace(" ", "", strtolower($this->level_info['level_photo_exts']))); $file_types = explode(",", str_replace(" ", "", strtolower("image/jpeg, image/jpg, image/jpe, image/pjpeg, image/pjpg, image/x-jpeg, x-jpg, image/gif, image/x-gif, image/png, image/x-png"))); $file_maxwidth = $this->level_info['level_photo_width']; $file_maxheight = $this->level_info['level_photo_height']; $photo_newname = "0_".rand(1000, 9999).".jpg"; $file_dest = $url->url_userdir($this->user_info['user_id']).$photo_newname; $thumb_dest = substr($file_dest, 0, strrpos($file_dest, "."))."_thumb".substr($file_dest, strrpos($file_dest, ".")); $new_photo = new se_upload(); $new_photo->new_upload($photo_name, $file_maxsize, $file_exts, $file_types, $file_maxwidth, $file_maxheight); // UPLOAD AND RESIZE PHOTO IF NO ERROR if( !$new_photo->is_error ) { // DELETE OLD AVATAR IF EXISTS $this->user_photo_delete(); // UPLOAD THUMB $new_photo->upload_thumb($thumb_dest); // CHECK IF IMAGE RESIZING IS AVAILABLE, OTHERWISE MOVE UPLOADED IMAGE if( $new_photo->is_image ) { $new_photo->upload_photo($file_dest); } else { $new_photo->upload_file($file_dest); } // UPDATE USER INFO WITH IMAGE IF STILL NO ERROR if( !$new_photo->is_error ) { $database->database_query("UPDATE se_users SET user_photo='{$photo_newname}' WHERE user_id='{$this->user_info['user_id']}' LIMIT 1"); $this->user_info['user_photo'] = $photo_newname; } } $this->is_error = $new_photo->is_error; } // END user_photo_upload() METHOD // THIS METHOD DELETES A USER PHOTO // INPUT: // OUTPUT: function user_photo_delete() { global $database; $user_photo = $this->user_photo(); if( $user_photo ) { @unlink($user_photo); @unlink(substr($user_photo, 0, strrpos($user_photo, "."))."_thumb".substr($user_photo, strrpos($user_photo, "."))); $database->database_query("UPDATE se_users SET user_photo='' WHERE user_id='{$this->user_info['user_id']}' LIMIT 1"); $this->user_info['user_photo'] = NULL; } } // END user_photo_delete() METHOD // THIS METHOD RETURNS THE TOTAL NUMBER OF FRIENDS // INPUT: $direction (OPTIONAL) REPRESENTING A "0" FOR OUTGOING CONNECTIONS AND A "1" FOR INCOMING CONNECTIONS // $friend_status (OPTIONAL) REPRESENTING THE FRIEND STATUS (1 FOR CONFIRMED, 0 FOR PENDING REQUESTS) // $user_details (OPTIONAL) REPRESENTING WHETHER THE QUERY SHOULD JOIN TO THE USER TABLE OR NOT // $where (OPTIONAL) REPRESENTING ADDITIONAL THINGS TO INCLUDE IN THE WHERE CLAUSE // OUTPUT: AN INTEGER REPRESENTING THE NUMBER OF FRIENDS function user_friend_total($direction = 0, $friend_status = 1, $user_details = 0, $where = "") { global $database, $setting; if( !$setting['setting_connection_allow'] ) return 0; // BEGIN FRIEND QUERY $friend_query = " SELECT NULL FROM se_friends "; // JOIN TO FRIEND TABLE IF NECESSARY if( $user_details ) $friend_query .= " LEFT JOIN se_users ON "; if( $user_details && $direction==1 ) $friend_query .= "se_friends.friend_user_id1=se_users.user_id "; elseif( $user_details ) $friend_query .= "se_friends.friend_user_id2=se_users.user_id "; // CONTINUE QUERY $friend_query .= " WHERE friend_status='{$friend_status}' "; // EITHER "LIST OF WHO USER IS A FRIEND OF" OR "LIST OF USER'S FRIENDS" if( $direction == 1 ) $friend_query .= " && friend_user_id2='{$this->user_info['user_id']}' "; if( $direction != 1 ) $friend_query .= " && friend_user_id1='{$this->user_info['user_id']}' "; // ADD ADDITIONAL WHERE CLAUSE IF EXISTS if( $where ) $friend_query .= " && {$where} "; return (int) $database->database_num_rows($database->database_query($friend_query)); } // END user_friend_total() METHOD // THIS METHOD RETURNS AN ARRAY OF USER'S FRIENDS // INPUT: $start REPRESENTING THE FRIEND TO START WITH // $limit REPRESENTING THE NUMBER OF FRIENDS TO RETURN // $direction (OPTIONAL) REPRESENTING A "0" FOR OUTGOING CONNECTIONS AND A "1" FOR INCOMING CONNECTIONS // $friend_status (OPTIONAL) REPRESENTING THE FRIEND STATUS (1 FOR CONFIRMED, 0 FOR PENDING REQUESTS) // $sort_by (OPTIONAL) REPRESENTING THE ORDER BY CLAUSE // $where (OPTIONAL) REPRESENTING ADDITIONAL THINGS TO INCLUDE IN THE WHERE CLAUSE // $friend_details (OPTIONAL) REPRESENTING A BOOLEAN THAT DETERMINES WHETHER OR NOT TO RETRIEVE THE "FRIEND TYPE" AND "FRIEND EXPLANATION" // OUTPUT: AN ARRAY OF THE USER'S FRIENDS function user_friend_list($start, $limit, $direction = 0, $friend_status = 1, $sort_by = "se_users.user_dateupdated DESC", $where = "", $friend_details = 0, $other_user_id = 0) { global $database, $setting, $user; if( !$other_user_id && $user->user_info['user_id'] != $this->user_info['user_id'] ) { $other_user_id = $user->user_info['user_id']; } // SET VARIABLE $friend_array = Array(); // MAKE SURE CONNECTIONS ARE ALLOWED if( $setting['setting_connection_allow'] ) { // BEGIN FRIEND QUERY $friend_query = " SELECT se_friends.friend_id, se_users.user_id, se_users.user_username, se_users.user_fname, se_users.user_lname, se_users.user_photo, se_users.user_lastlogindate, se_users.user_dateupdated "; if( $other_user_id ) { $friend_query .= ", CASE WHEN (SELECT TRUE FROM se_friends WHERE friend_user_id1='{$other_user_id}' AND friend_user_id2=se_users.user_id AND friend_status='1' LIMIT 1) THEN 2 WHEN (SELECT TRUE FROM se_friends WHERE friend_user_id1='{$other_user_id}' AND friend_user_id2=se_users.user_id AND friend_status='0' LIMIT 1) THEN 1 ELSE 0 END AS is_viewers_friend "; } $friend_query .= ", CASE WHEN (SELECT TRUE FROM se_users AS se_users2 WHERE se_users2.user_id=se_users.user_id AND (user_blocklist LIKE '{$this->user_info['user_id']},%' OR user_blocklist LIKE '%,{$this->user_info['user_id']}' OR user_blocklist LIKE '%,{$this->user_info['user_id']},%') LIMIT 1) THEN TRUE ELSE FALSE END AS is_viewers_blocklisted "; // GET FRIEND EXPLAIN, IF NECESSARY if( $friend_details ) $friend_query .= ", se_friends.friend_type, se_friendexplains.friendexplain_body "; // CONTINUE QUERY $friend_query .= " FROM se_friends LEFT JOIN se_users ON "; // MAKE SURE TO JOIN ON THE CORRECT FIELD (DEPENDENT ON DIRECTION) if( $direction == 1 ) $friend_query .= " se_friends.friend_user_id1=se_users.user_id "; if( $direction != 1 ) $friend_query .= " se_friends.friend_user_id2=se_users.user_id "; // JOIN ON FRIEND EXPLAIN TABLE, IF NECESSARY if( $friend_details ) $friend_query .= " LEFT JOIN se_friendexplains ON se_friends.friend_id=se_friendexplains.friendexplain_friend_id "; // CONTINUE QUERY $friend_query .= " WHERE friend_status='{$friend_status}' "; // EITHER "LIST OF WHO USER IS A FRIEND OF" OR "LIST OF USER'S FRIENDS" if( $direction == 1 ) $friend_query .= " && friend_user_id2='{$this->user_info['user_id']}' "; if( $direction != 1 ) $friend_query .= " && friend_user_id1='{$this->user_info['user_id']}' "; // ADD ADDITIONAL WHERE CLAUSE IF EXISTS if( $where ) $friend_query .= " && {$where} "; // SET SORT AND LIMIT $friend_query .= " ORDER BY {$sort_by} LIMIT {$start}, {$limit} "; // LOOP OVER FRIENDS $friends = $database->database_query($friend_query); while($friend_info = $database->database_fetch_assoc($friends)) { // CREATE AN OBJECT FOR FRIEND $friend = new SEUser(); $friend->user_info['user_id'] = $friend_info['user_id']; $friend->user_info['user_username'] = $friend_info['user_username']; $friend->user_info['user_fname'] = $friend_info['user_fname']; $friend->user_info['user_lname'] = $friend_info['user_lname']; $friend->user_info['user_photo'] = $friend_info['user_photo']; $friend->user_info['user_lastlogindate'] = $friend_info['user_lastlogindate']; $friend->user_info['user_dateupdated'] = $friend_info['user_dateupdated']; $friend->is_viewers_friend = @$friend_info['is_viewers_friend']; $friend->is_viewers_blocklist = @$friend_info['is_viewers_blocklist']; $friend->user_displayname(); // SET FRIEND TYPE/EXPLANATION VARS if( $friend_details ) { $friend->friend_type = $friend_info['friend_type']; $friend->friend_explain = $friend_info['friendexplain_body']; } // SET FRIEND ARRAY $friend_array[] = $friend; } } // RETURN FRIEND ARRAY return $friend_array; } // END user_friend_list() METHOD // THIS METHOD ADDS A USER AS A FRIEND OF THE CURRENT USER // INPUT: $other_user_id REPRESENTING THE USER ID OF THE FRIEND TO BE ADDED // $friend_status REPRESENTING WHETHER THE FRIENDSHIP IS CONFIRMED OR NOT // $friend_type REPRESENTING A STRING WITH THE TYPE OF FRIEND // $friend_explain REPRESENTING A TEXTUAL EXPLANATION OF THE FRIENDSHIP // OUTPUT: function user_friend_add($other_user_id, $friend_status, $friend_type, $friend_explain) { global $database; // CHECK EXISTANCE OF FRIENDSHIP if( $database->database_num_rows($database->database_query("SELECT TRUE FROM se_friends WHERE friend_user_id1='{$this->user_info['user_id']}' AND friend_user_id2='{$other_user_id}' LIMIT 1")) ) return; // ADD USER TO FRIENDS $database->database_query(" INSERT INTO se_friends (friend_user_id1, friend_user_id2, friend_status, friend_type) VALUES ('{$this->user_info['user_id']}', '{$other_user_id}', '{$friend_status}', '{$friend_type}' ) "); $friend_id = $database->database_insert_id(); $database->database_query(" INSERT INTO se_friendexplains (friendexplain_friend_id, friendexplain_body) VALUES ('{$friend_id}', '{$friend_explain}') "); // REMOVE FRIEND FROM BLOCKLIST if( $this->user_blocked($other_user_id) ) { $blocklist = explode(",", $this->user_info['user_blocklist']); $user_key = array_search($other_user_id, $blocklist); $blocklist[$user_key] = ""; $this->user_info['user_blocklist'] = implode(",", $blocklist); $database->database_query("UPDATE se_users SET user_blocklist='{$this->user_info['user_blocklist']}' WHERE user_id='{$this->user_info['user_id']}' LIMIT 1"); } } // END user_friend_add() METHOD // THIS METHOD REMOVES A USER AS A FRIEND OF THE CURRENT USER // INPUT: $other_user_id REPRESENTING THE FRIEND'S USER ID // OUTPUT: function user_friend_remove($other_user_id) { global $database, $setting; // REMOVE IF FRIEND $friend1 = $database->database_query("SELECT friend_id FROM se_friends WHERE friend_user_id1='{$this->user_info['user_id']}' AND friend_user_id2='{$other_user_id}'"); if( $database->database_num_rows($friend1) ) { $friendship = $database->database_fetch_assoc($friend1); $database->database_query("DELETE FROM se_friends WHERE friend_id='{$friendship['friend_id']}' LIMIT 1"); $database->database_query("DELETE FROM se_friendexplains WHERE friendexplain_friend_id='{$friendship['friend_id']}' LIMIT 1"); } // REMOVE ADDITIONAL ROW IF TWO-DIRECTIONAL $friend2 = $database->database_query("SELECT friend_id FROM se_friends WHERE friend_user_id2='{$this->user_info['user_id']}' AND friend_user_id1='{$other_user_id}'"); if( $database->database_num_rows($friend2) && ($setting['setting_connection_framework'] == 0 || $setting['setting_connection_framework'] == 2) ) { $friendship = $database->database_fetch_assoc($friend2); $database->database_query("DELETE FROM se_friends WHERE friend_id='{$friendship['friend_id']}' LIMIT 1"); $database->database_query("DELETE FROM se_friendexplains WHERE friendexplain_friend_id='{$friendship['friend_id']}' LIMIT 1"); } } // END user_friend_remove() METHOD // THIS METHOD RETURNS TRUE IF THE SPECIFIED USER IS A FRIEND OF A FRIEND OF THE EXISTING USER IN THIS CLASS // INPUT: $other_user_id REPRESENTING A USER'S USER ID // OUTPUT: RETURNS A BOOLEAN REPRESENTING WHETHER THE SPECIFIED USER IS A FRIEND OF A FRIEND OR NOT function user_friend_of_friend($other_user_id) { global $database; $resource = $database->database_query(" SELECT t2.friend_user_id2 FROM se_friends AS t1 LEFT JOIN se_friends AS t2 ON t1.friend_user_id2=t2.friend_user_id1 WHERE t1.friend_user_id1='{$this->user_info['user_id']}' && t2.friend_user_id2='{$other_user_id}' && t1.friend_status<>'0' && t2.friend_status<>'0' "); return (bool) $database->database_num_rows($resource); } // END user_friend_of_friend() METHOD // THIS METHOD RETURNS TRUE IF THE SPECIFIED USER HAS BEEN FRIENDED BY THE EXISTING USER IN THIS CLASS // INPUT: $other_user_id REPRESENTING A USER'S USER ID // $friend_status (OPTIONAL) REPRESENTING WHETHER THE FRIENDSHIP IS CONFIRMED OR NOT // OUTPUT: RETURNS A BOOLEAN REPRESENTING WHETHER THE SPECIFIED USER IS FRIENDED OR NOT function user_friended($other_user_id, $friend_status = 1) { global $database; $resource = $database->database_query(" SELECT friend_id FROM se_friends WHERE friend_user_id1='{$this->user_info['user_id']}' && friend_user_id2='{$other_user_id}' && friend_status='{$friend_status}' "); return (bool) $database->database_num_rows($resource); } // END user_friended() METHOD // THIS METHOD RETURNS TRUE IF THE SPECIFIED USER HAS BEEN BLOCKED BY THE EXISTING USER IN THIS CLASS // INPUT: $other_user_id REPRESENTING A USER'S USER ID // OUTPUT: RETURNS A BOOLEAN REPRESENTING WHETHER THE SPECIFIED USER IS BLOCKED OR NOT function user_blocked($other_user_id) { if( isset($this->level_info['level_profile_block']) && !$this->level_info['level_profile_block'] ) { return false; } if( !$this->user_info['user_blocklist'] ) { return false; } $blocklist = explode(",", $this->user_info['user_blocklist']); return in_array($other_user_id, $blocklist); } // END user_blocked() METHOD // THIS METHOD RETURNS MAXIMUM PRIVACY LEVEL VIEWABLE BY A USER WITH REGARD TO THE CURRENT USER // INPUT: $other_user REPRESENTING A ANOTHER USER OBJECT // OUTPUT: RETURNS PRIVACY LEVEL OF GIVEN USER WITH RESPECT TO CURRENT USER function user_privacy_max($other_user) { global $database; // UNREGISTERED USER if( !$other_user->user_exists ) return 32; switch(TRUE) { // OWNER case( $this->user_info['user_id'] == $other_user->user_info['user_id'] ): return 1; break; // FRIEND case( $this->user_friended($other_user->user_info['user_id']) ): return 2; break; // FRIEND OF FRIEND WITHIN SAME SUBNETWORK case( $this->user_info['user_subnet_id'] == $other_user->user_info['user_subnet_id'] && $this->user_friend_of_friend($other_user->user_info['user_id']) ): return 4; break; // SAME SUBNETWORK case( $this->user_info['user_subnet_id'] == $other_user->user_info['user_subnet_id'] ): return 8; break; // REGISTERED USER case( $other_user->user_exists ): return 16; break; // DEFAULT EVERYONE default: return 32; } } // END user_privacy_max() METHOD // THIS METHOD CREATES A USER ACCOUNT USING THE GIVEN INFORMATION // INPUT: $signup_email REPRESENTING THE DESIRED EMAIL // $signup_username REPRESENTING THE DESIRED USERNAME // $signup_password REPRESENTING THE DESIRED PASSWORD // $signup_timezone REPRESENTING THE USER'S TIMEZONE // $signup_language REPRESENTING THE USER'S SELECTED LANGUAGE // $signup_cat REPRESENTING THE USER'S SELECTED PROFILE CATEGORY // $profile_field_query REPRESENTING THE PARTIAL QUERY TO SAVE IN THE USER'S PROFILE VALUE TABLE // OUTPUT: function user_create($signup_email, $signup_username, $signup_password, $signup_timezone, $signup_language, $signup_cat, $profile_field_query) { global $database, $setting, $url, $actions, $field; // PRESET VARS $signup_subnet_id = 0; $signup_level_info = $database->database_fetch_assoc($database->database_query("SELECT level_id, level_profile_privacy, level_profile_comments FROM se_levels WHERE level_default='1' LIMIT 1")); $signup_date = time(); $signup_dateupdated = $signup_date; $signup_invitesleft = $setting['setting_signup_invite_numgiven']; $signup_notify_friendrequest = 1; $signup_notify_message = 1; $signup_notify_profilecomment = 1; $signup_profile_search = 1; $signup_ip = $_SERVER['REMOTE_ADDR']; // SET SIGNUP_USERNAME TO A PLACEHOLDER IF USERNAMES ARE NOT BEING USED if( !$setting['setting_username'] ) $signup_username = randomcode(15); // SET WHETHER USER IS ENABLED OR NOT $signup_enabled = (bool) $setting['setting_signup_enable']; // SET EMAIL VERIFICATION VARIABLE $signup_verified = !$setting['setting_signup_verify']; // CREATE RANDOM PASSWORD IF NECESSARY if( $setting['setting_signup_randpass'] ) $signup_password = randomcode(10); // ENCODE PASSWORD WITH MD5 $crypt_password = $this->user_password_crypt($signup_password); $signup_code = $user_salt = $this->user_salt; // SET PRIVACY DEFAULT $allowable_privacy = unserialize($signup_level_info['level_profile_privacy']); rsort($allowable_privacy); $profile_privacy = $allowable_privacy[0]; // SET COMMENT DEFAULT $allowable_comments = unserialize($signup_level_info['level_profile_comments']); rsort($allowable_comments); $profile_comments = $allowable_comments[0]; // ADD USER TO USER TABLE $database->database_query(" INSERT INTO se_users ( user_level_id, user_profilecat_id, user_email, user_newemail, user_username, user_password, user_password_method, user_code, user_enabled, user_verified, user_signupdate, user_invitesleft, user_timezone, user_language_id, user_dateupdated, user_search, user_privacy, user_comments, user_ip_signup, user_ip_lastactive ) VALUES ( '{$signup_level_info['level_id']}', '{$signup_cat}', '{$signup_email}', '{$signup_email}', '{$signup_username}', '{$crypt_password}', '{$setting['setting_password_method']}', '{$signup_code}', '{$signup_enabled}', '{$signup_verified}', '{$signup_date}', '{$signup_invitesleft}', '{$signup_timezone}', '{$signup_language}', '{$signup_dateupdated}', '{$signup_profile_search}', '{$profile_privacy}', '{$profile_comments}', '{$signup_ip}', '{$signup_ip}' ) "); // RETRIEVE USER ID $user_id = $database->database_insert_id(); if( $user_id ) $this->user_exists = TRUE; // UPDATE USERNAME IF NECESSARY if( !$setting['setting_username'] ) $database->database_query("UPDATE se_users SET user_username=user_id WHERE user_id='{$user_id}' LIMIT 1"); // GET USER INFO $this->user_info = $database->database_fetch_assoc($database->database_query("SELECT * FROM se_users WHERE user_id='{$user_id}' LIMIT 1")); $this->level_info = $database->database_fetch_assoc($database->database_query("SELECT * FROM se_levels WHERE level_id='{$this->user_info['user_level_id']}' LIMIT 1")); $this->subnet_info = $database->database_fetch_assoc($database->database_query("SELECT subnet_id, subnet_name FROM se_subnets WHERE subnet_id='{$this->user_info['user_subnet_id']}' LIMIT 1")); // ADD USER PROFILE $database->database_query("INSERT INTO se_profilevalues (profilevalue_user_id) VALUES ('{$this->user_info['user_id']}')"); if( $profile_field_query ) $database->database_query("UPDATE se_profilevalues SET $profile_field_query WHERE profilevalue_user_id='{$this->user_info['user_id']}' LIMIT 1"); // GET PROFILE INFO $this->profile_info = $database->database_fetch_assoc($database->database_query("SELECT * FROM se_profilevalues WHERE profilevalue_user_id='{$this->user_info['user_id']}' LIMIT 1")); // GET SUBNET ID $signup_subnet = $this->user_subnet_select($signup_email, $signup_cat, $this->profile_info); $signup_subnet_id = $signup_subnet[0]; $database->database_query("UPDATE se_users SET user_subnet_id='{$signup_subnet_id}' WHERE user_id='{$user_id}' LIMIT 1"); $this->user_info['user_subnet_id'] = $signup_subnet_id; // ADD ROW IN STYLES TABLE $database->database_query("INSERT INTO se_profilestyles (profilestyle_user_id, profilestyle_css) VALUES ('{$this->user_info['user_id']}', '')"); // ADD ROW IN SETTINGS TABLE $actiontypes = $database->database_query("SELECT actiontype_id FROM se_actiontypes"); $action_ids = Array(); while( $actiontype = $database->database_fetch_assoc($actiontypes) ) $action_ids[] = $actiontype['actiontype_id']; $database->database_query(" INSERT INTO se_usersettings ( usersetting_user_id, usersetting_notify_friendrequest, usersetting_notify_message, usersetting_notify_profilecomment, usersetting_actions_display ) VALUES ( '{$this->user_info['user_id']}', '{$signup_notify_friendrequest}', '{$signup_notify_message}', '{$signup_notify_profilecomment}', '".implode(",", $action_ids)."' ) ") or die($database->database_error()); // ADD USER DIRECTORY $user_directory = $url->url_userdir($this->user_info['user_id']); $user_path_array = explode("/", $user_directory); array_pop($user_path_array); array_pop($user_path_array); $subdir = implode("/", $user_path_array)."/"; if( !is_dir($subdir) ) { mkdir($subdir, 0777); chmod($subdir, 0777); $handle = fopen($subdir."index.php", 'x+'); fclose($handle); } if( !is_dir($user_directory) ) { mkdir($user_directory, 0777); chmod($user_directory, 0777); $handle = fopen($user_directory."/index.php", 'x+'); fclose($handle); } // SAVE FIRST/LAST NAME, IF RELEVANT if( trim($field->field_special[2]) ) { $flquery[] = "user_fname='".$field->field_special[2]."'"; $this->user_info['user_fname'] = $field->field_special[2]; } if( trim($field->field_special[3]) ) { $flquery[] = "user_lname='".$field->field_special[3]."'"; $this->user_info['user_lname'] = $field->field_special[3]; } if( !empty($flquery) ) { $database->database_query("UPDATE se_users SET ".implode(", ", $flquery)." WHERE user_id='{$this->user_info['user_id']}'"); $this->user_displayname_update($field->field_special[2], $field->field_special[3]); } // SET DISPLAY NAME $this->user_displayname(); // CALL SIGNUP HOOK ($hook = SE_Hook::exists('se_signup_success')) ? SE_Hook::call($hook, array()) : NULL; // SEND RANDOM PASSWORD IF NECESSARY if( $setting['setting_signup_randpass'] ) { send_systememail('newpassword', $this->user_info['user_email'], Array($this->user_displayname, $this->user_info['user_email'], $signup_password, "url_base."login.php\">".$url->url_base."login.php")); } // SEND VERIFICATION EMAIL IF REQUIRED if( $setting['setting_signup_verify'] ) { $verify_code = md5($this->user_info['user_code']); $time = time(); $verify_link = $url->url_base."signup_verify.php?u={$this->user_info['user_id']}&verify={$verify_code}&d={$time}"; send_systememail('verification', $this->user_info['user_email'], Array($this->user_displayname, $this->user_info['user_email'], "$verify_link")); } // INSERT ACTION IF VERIFICATION NOT NECESSARY else { $actions->actions_add($this, "signup", Array($this->user_info['user_username'], $this->user_displayname), Array(), 0, false, "user", $this->user_info['user_id'], $this->user_info['user_privacy']); } // SEND WELCOME EMAIL IF REQUIRED (AND IF VERIFICATION EMAIL IS NOT BEING SENT) if( $setting['setting_signup_welcome'] && !$setting['setting_signup_verify'] ) { send_systememail('welcome', $this->user_info['user_email'], Array($this->user_displayname, $this->user_info['user_email'], $signup_password, "url_base."login.php\">".$url->url_base."login.php")); } } // END user_create() METHOD // THIS METHOD DELETES THE USER CURRENTLY ASSOCIATED WITH THIS OBJECT // INPUT: // OUTPUT: function user_delete() { global $database, $url, $global_plugins; // CALL USER DELETE HOOK ($hook = SE_Hook::exists('se_user_delete')) ? SE_Hook::call($hook, $this->user_info['user_id']) : NULL; // DELETE USER, USERSETTING, PROFILE, STYLES TABLE ROWS $database->database_query("DELETE FROM se_users WHERE user_id='{$this->user_info['user_id']}' LIMIT 1"); $database->database_query("DELETE FROM se_usersettings WHERE usersetting_user_id='{$this->user_info['user_id']}' LIMIT 1"); $database->database_query("DELETE FROM se_profilevalues WHERE profilevalue_user_id='{$this->user_info['user_id']}' LIMIT 1"); $database->database_query("DELETE FROM se_profilestyles WHERE profilestyle_user_id='{$this->user_info['user_id']}' LIMIT 1"); // DELETE USER-OWNED AND PROFILE COMMENTS $database->database_query("DELETE FROM se_profilecomments WHERE profilecomment_user_id='{$this->user_info['user_id']}'"); // DELETE NOTIFICATIONS SENT TO OTHER USERS FOR A PM THEY SENT $database->database_query("DELETE se_notifys.* FROM se_pmconvoops LEFT JOIN se_notifys ON se_notifys.notify_object_id=se_pmconvoops.pmconvoop_pmconvo_id WHERE se_notifys.notify_notifytype_id=2 && se_pmconvoops.pmconvoop_user_id='{$this->user_info['user_id']}'"); // DELETE PMCONVOS AND PMS WHERE THE DELETED USER AND THE OTHER USER ARE THE ONLY TWO INSIDE, OR WHERE THE DELETED USER WAS THE INITIAL SENDER $database->database_query("UPDATE se_pmconvos LEFT JOIN se_pmconvoops ON pmconvoop_pmconvo_id=pmconvo_id SET pmconvo_recipients=pmconvo_recipients-1 WHERE pmconvoop_user_id='{$this->user_info['user_id']}'"); $database->database_query("UPDATE se_pmconvos LEFT JOIN se_pmconvoops ON pmconvoop_pmconvo_id=pmconvo_id SET pmconvo_recipients=0 WHERE pmconvoop_user_id='{$this->user_info['user_id']}' && pmconvoop_user_id=(SELECT pm_authoruser_id FROM se_pms WHERE pm_pmconvo_id=pmconvo_id ORDER BY pm_id ASC)"); $database->database_query("DELETE FROM se_pmconvoops WHERE pmconvoop_user_id='{$this->user_info['user_id']}'"); // THIS MAY ALSO DELETE OTHER CONVOS THAT WERE PARTIALLY REMOVED $database->database_query("DELETE se_pms.*, se_pmconvos.*, se_pmconvoops.* FROM se_pmconvos LEFT JOIN se_pms ON pm_pmconvo_id=pmconvo_id LEFT JOIN se_pmconvoops ON pmconvoop_pmconvo_id=pmconvo_id WHERE pmconvo_recipients<2"); // DELETE CONNECTIONS TO AND FROM USER $database->database_query("DELETE FROM se_friends, se_friendexplains USING se_friends LEFT JOIN se_friendexplains ON se_friends.friend_id=se_friendexplains.friendexplain_friend_id WHERE se_friends.friend_user_id1='{$this->user_info['user_id']}' OR se_friends.friend_user_id2='{$this->user_info['user_id']}'"); // DELETE ALL OF THIS USER'S REPORTS $database->database_query("DELETE FROM se_reports WHERE report_user_id='{$this->user_info['user_id']}'"); // DELETE USER ACTIONS $database->database_query("DELETE FROM se_actions, se_actionmedia USING se_actions LEFT JOIN se_actionmedia ON se_actions.action_id=se_actionmedia.actionmedia_action_id WHERE action_user_id='{$this->user_info['user_id']}'"); // DELETE USER NOTIFICATIONS $database->database_query("DELETE FROM se_notifys WHERE notify_user_id='{$this->user_info['user_id']}'"); // DELETE NOTIFICATIONS BY USER $database->database_query("DELETE FROM se_notifys WHERE notify_notifytype_id=1 AND notify_object_id='{$this->user_info['user_id']}'"); // DELETE USER'S FILES if( is_dir($url->url_userdir($this->user_info['user_id'])) ) $dir = $url->url_userdir($this->user_info['user_id']); else $dir = ".".$url->url_userdir($this->user_info['user_id']); if( $dh = @opendir($dir) ) { while( ($file = @readdir($dh)) !== false ) { if( $file != "." && $file != ".." ) { @unlink($dir.$file); } } @closedir($dh); } @rmdir($dir); $this->user_clear(); } // END user_delete() METHOD // // THIS METHOD RETURNS THE TOTAL NUMBER OF MESSAGES // // INPUT: // $direction (OPTIONAL) REPRESENTING A "0" FOR MESSAGES SENT TO USER AND "1" FOR MESSAGES SENT BY USER // $unread_only (OPTIONAL) REPRESENTING A "0" FOR ALL MESSAGES AND A "1" FOR UNREAD MESSAGES ONLY // // OUTPUT: // AN INTEGER REPRESENTING THE NUMBER OF MESSAGES // function user_message_total($direction=0, $unread_only=FALSE, $where=NULL, $do_joins=FALSE) { global $database; $message_total = 0; // MAKE SURE MESSAGES ARE ALLOWED if( empty($this->level_info['level_message_allow']) ) return FALSE; // BEGIN MESSAGE QUERY $sql = " SELECT COUNT(pmconvoop_id) as pm_total FROM se_pmconvoops "; // JOIN TO PM AND PMCONVO TABLES if( $do_joins ) $sql .= " LEFT JOIN se_pmconvos ON se_pmconvos.pmconvo_id=se_pmconvoops.pmconvoop_pmconvo_id LEFT JOIN se_pms ON se_pms.pm_pmconvo_id=se_pmconvoops.pmconvoop_pmconvo_id "; $sql .= " WHERE se_pmconvoops.pmconvoop_user_id='{$this->user_info['user_id']}' "; // INCOMING MESSAGES if( !$direction ) $sql .= " && se_pmconvoops.pmconvoop_deleted_inbox=0 "; // OUTGOING MESSAGES if( $direction ) $sql .= " && /* THIS IS REMOVED BECAUSE I AM HOPING THE deleted_outbox WILL HANDLE IT se_pms.pm_authoruser_id='{$this->user_info['user_id']}' && */ se_pmconvoops.pmconvoop_deleted_outbox=0 "; // READ ONLY if( $unread_only ) $sql .= " && se_pmconvoops.pmconvoop_read=0 "; // ADD WHERE if( $where ) $sql .= " && {$where} "; // ADD GROUP BY IF JOINING if( $do_joins ) $sql .= " GROUP BY se_pmconvoops.pmconvoop_pmconvo_id "; // RUN QUERY AND RETURN $resource = $database->database_query($sql); $result = $database->database_fetch_assoc($resource); //return (int) $database->database_num_rows($resource); return (int) $result['pm_total']; } // END user_message_total() METHOD // // THIS METHOD RETURNS AN ARRAY OF USER'S MESSAGES // // INPUT: // $start REPRESENTING THE MESSAGE TO START WITH // $limit REPRESENTING THE NUMBER OF MESSAGES TO RETURN // $direction (OPTIONAL) REPRESENTING A "0" FOR MESSAGES SENT TO USER AND "1" FOR MESSAGES SENT BY USER // $where (OPTIONAL) // // OUTPUT: // AN ARRAY OF THE USER'S MESSAGES // function &user_message_list($start=NULL, $limit=NULL, $direction=0, $where=NULL) { global $database; $message_array = array(); // MAKE SURE MESSAGES ARE ALLOWED if( empty($this->level_info['level_message_allow']) ) return FALSE; // BEGIN MESSAGE QUERY $sql = " SELECT se_pmconvos.*, se_pms.*, se_pmconvoops_user.pmconvoop_read, se_users.user_id, se_users.user_username, se_users.user_fname, se_users.user_lname, se_users.user_photo "; // GET MESSAGE AUTHOR, REPLIED STATUS if( !$direction ) $sql .= ", (SELECT TRUE FROM se_pms WHERE pm_pmconvo_id=se_pmconvos.pmconvo_id && pm_authoruser_id='{$this->user_info['user_id']}' ORDER BY pm_id DESC LIMIT 1) AS pm_replied "; // CONTINUE QUERY $sql .= " FROM se_pmconvoops AS se_pmconvoops_user LEFT JOIN se_pmconvos ON se_pmconvoops_user.pmconvoop_pmconvo_id=se_pmconvos.pmconvo_id LEFT JOIN se_pms ON se_pms.pm_pmconvo_id=se_pmconvos.pmconvo_id "; // INCOMING MESSAGES - JOIN TO USER TABLE TO GET AUTHOR if( !$direction ) $sql .= " LEFT JOIN se_users ON se_users.user_id=se_pms.pm_authoruser_id"; // OUTGOING MESSAGES - JOIN TO PMCONVOOPS AND USER TABLE TO GET RECIPIENT if( $direction ) $sql .= " LEFT JOIN se_pmconvoops AS se_pmconvoops_other ON (se_pmconvoops_other.pmconvoop_pmconvo_id=se_pmconvos.pmconvo_id && se_pmconvoops_other.pmconvoop_user_id!='{$this->user_info['user_id']}') LEFT JOIN se_users ON se_users.user_id=se_pmconvoops_other.pmconvoop_user_id "; // CONTINUE QUERY $sql .= " WHERE se_pmconvoops_user.pmconvoop_user_id='{$this->user_info['user_id']}' "; // INCOMING MESSAGES if( !$direction ) $sql .= " && se_pmconvoops_user.pmconvoop_deleted_inbox=0 "; // OUTGOING MESSAGES if( $direction ) $sql .= " && se_pmconvoops_user.pmconvoop_deleted_outbox=0 "; // CONTINUE QUERY $sql .= " && se_pms.pm_id=( SELECT MAX(pm_id) FROM se_pms WHERE pm_pmconvo_id=se_pmconvos.pmconvo_id "; // INCOMING MESSAGES if( !$direction ) $sql .= " && se_pms.pm_authoruser_id!='{$this->user_info['user_id']}' "; // OUTGOING MESSAGES if( $direction ) $sql .= " && se_pms.pm_authoruser_id='{$this->user_info['user_id']}' "; // CONTINUE QUERY $sql .= " ) "; // ADD WHERE if( $where ) $sql .= " && {$where}"; /* GROUP BY se_pmconvoops_user.pmconvoop_pmconvo_id */ $sql .= " ORDER BY se_pmconvoops_user.pmconvoop_pmdate DESC /* se_pms.pm_date DESC */ LIMIT $start, $limit "; // EXECUTE QUERY $resource = $database->database_query($sql); // GET MESSAGES while( $message_info=$database->database_fetch_assoc($resource) ) { // CREATE AN OBJECT FOR MESSAGE AUTHOR/RECIPIENT $pm_user = new SEUser(); $pm_user->user_info['user_id'] = $message_info['user_id']; $pm_user->user_info['user_username'] = $message_info['user_username']; $pm_user->user_info['user_photo'] = $message_info['user_photo']; $pm_user->user_info['user_fname'] = $message_info['user_fname']; $pm_user->user_info['user_lname'] = $message_info['user_lname']; $pm_user->user_displayname(); // Remove breaks for preview $message_info['pm_body'] = str_replace("
", "", $message_info['pm_body']); // SET MESSAGE ARRAY $message_array[] = array( 'pmconvo_id' => $message_info['pmconvo_id'], 'pmconvo_subject' => $message_info['pmconvo_subject'], 'pm_date' => $message_info['pm_date'], 'pm_read' => (bool) $message_info['pmconvoop_read'], 'pm_replied' => $message_info['pm_replied'], 'pm_body' => $message_info['pm_body'], 'pm_user' => &$pm_user, 'pm_recipients' => $message_info['pmconvo_recipients'] - 1 ); unset($pm_user); } return $message_array; } // END user_message_list() METHOD // // THIS METHOD SENDS A MESSAGE TO ANOTHER USER // // INPUT: // $to REPRESENTING A SEMI-COLON DELIMITED STRING OF USERNAMES OF THE RECIPIENTS // $subject REPRESENTING THE SUBJECT OF THE MESSAGE // $message REPRESENTING THE MESSAGE BODY // $convo_id (OPTIONAL) REPRESENTING THE CONVERSATION ID // // OUTPUT: // void // function user_message_send($to, $subject, $message, $convo_id=NULL) { global $database, $notify, $url; $recipients = array(); $recipients_full = array(); // VALIDATE CONVERSATION ID if( !$convo_id || !is_numeric($convo_id) ) $convo_id = 0; // CHECK TO SEE IF MESSAGE IS EMPTY if( !trim($message) ) $this->is_error = 796; // NEW MESSAGE if( !$convo_id ) { // ORGANIZE RECIPIENTS $tos = array_filter(preg_split('/[\s,;]+?/', $to)); array_splice($tos, $this->level_info['level_message_recipients']); // LOOP OVER RECIPIENTS foreach( $tos as $to_username ) { // CANT SEND TO SELF if( strtolower($to_username)==strtolower($this->user_info['user_username']) ) continue; // GET TO USER OBJECT $to_user = new SEUser(array(NULL, $to_username)); // CANT SEND TO NON EXISTENT USER. BLOCKED USER, OR USERS NOT ALLOWED TO USE MESSAGES if( !$to_user->user_exists ) continue; if( $to_user->user_blocked($this->user_info['user_id']) ) continue; if( !$this->level_info['level_message_allow'] ) continue; // CHECK MESSAGE TYPES AND ADD RECIPIENT if( $this->level_info['level_message_allow']==2 || ($this->level_info['level_message_allow']==1 && $this->user_friended($to_user->user_info['user_id'])) ) { $recipients_full[$to_user->user_info['user_id']] =& $to_user; $recipients[] = $to_user->user_info['user_id']; } } // ENSURE THERE ARE RECIPIENTS if( empty($recipients) ) $this->is_error = 795; // IF NO ERROR, CREATE CONVERSATION if( !$this->is_error ) { // CREATE CONVO $sql = "INSERT INTO se_pmconvos (pmconvo_subject, pmconvo_recipients) VALUES ('".addslashes($subject)."', '".(count($recipients)+1)."')"; $resource = $database->database_query($sql); $convo_id = $database->database_insert_id(); // CREATE CONVOOPS $sql = " INSERT INTO se_pmconvoops (pmconvoop_pmconvo_id, pmconvoop_user_id, pmconvoop_deleted_outbox, pmconvoop_deleted_inbox) VALUES ('{$convo_id}', '{$this->user_info['user_id']}', 0, 1)"; //$is_first = TRUE; foreach( $recipients as $to_user_id ) $sql .= ", ('{$convo_id}', '{$to_user_id}', 1, 0)"; // EXECUTE QUERY $resource = $database->database_query($sql); } } // GET RECIPIENTS AND VERIFY USER IS PART OF CONVERSATION else { $sql = "SELECT pmconvoop_user_id FROM se_pmconvoops WHERE pmconvoop_pmconvo_id='{$convo_id}'"; $resource = $database->database_query($sql); $unauthorized = TRUE; while( $pmconvoop_info=$database->database_fetch_assoc($resource) ) { if( $pmconvoop_info['pmconvoop_user_id']!=$this->user_info['user_id'] ) $recipients[] = $pmconvoop_info['pmconvoop_user_id']; else $unauthorized = FALSE; } // USER WAS NOT IN CONVERSATION if( $unauthorized ) $this->is_error = 39; // FIX THIS CODE RANDOM NUMBER TEMP } // IF NO ERROR, ADD MESSAGE TO CONVERSATION if( !$this->is_error ) { // LINK ALL LINKS $message = ereg_replace("http://([.]?[a-zA-Z0-9_/-])*", "\\0", $message); $message = ereg_replace("(^| |\n)(www([.]?[a-zA-Z0-9_/-])*)", "\\1\\2", $message); // RUN SECURITY ON THE MESSAGE TO ENSURE NO XSS ATTACKS WITH LINKS $message = cleanHTML($message, "a"); // REPLACE NEWLINES IN BODY WITH BREAKS $message = str_replace("\n", "
", $message); $message = str_replace("'", "\'", $message); // INSERT MESSAGE $pm_date = time(); $sql = " INSERT INTO se_pms (pm_authoruser_id, pm_pmconvo_id, pm_date, pm_body) VALUES ('{$this->user_info['user_id']}', '{$convo_id}', '{$pm_date}', '{$message}') "; $resource = $database->database_query($sql); // UPDATE PMCONVOOPS $sql = "UPDATE se_pmconvoops SET pmconvoop_deleted_outbox=0, pmconvoop_pmdate='{$pm_date}' WHERE pmconvoop_pmconvo_id='{$convo_id}' && pmconvoop_user_id='{$this->user_info['user_id']}'"; $resource = $database->database_query($sql); $sql = "UPDATE se_pmconvoops SET pmconvoop_deleted_inbox=0, pmconvoop_read=0, pmconvoop_pmdate='{$pm_date}' WHERE pmconvoop_pmconvo_id='{$convo_id}' && pmconvoop_user_id!='{$this->user_info['user_id']}'"; $resource = $database->database_query($sql); // INSERT/SEND NOTIFICATIONS FOR RECIPIENTS // GET RECIPIENTS IF NOT INITIAL MESSAGE foreach( $recipients as $recipient_user_id ) { //if( empty($recipients_full[$recipient_user_id]) ) //{ $recipients_full[$recipient_user_id] = new SEUser(array($recipient_user_id)); //} $current_recipient =& $recipients_full[$recipient_user_id]; // NOT A USER if( !is_object($current_recipient) || !$current_recipient->user_exists ) continue; // ADD NOTIFICATION $notify->notify_add($current_recipient->user_info['user_id'], 'message', $convo_id, array(), array(), TRUE); // SEND EMAIL $current_recipient->user_settings('usersetting_notify_message'); if( $current_recipient->usersetting_info['usersetting_notify_message'] ) { send_systememail('message', $current_recipient->user_info[user_email], array( $current_recipient->user_displayname, $this->user_displayname, "url_base}login.php\">{$url->url_base}login.php" )); } // CLEAN OUT THEM OLD MESSAGES $num_inbox = $current_recipient->user_message_total(0, 0); $num_outbox = $current_recipient->user_message_total(1, 0); $num_inbox_delete = $num_inbox - $current_recipient->level_info['level_message_inbox']; $num_outbox_delete = $num_outbox - $current_recipient->level_info['level_message_outbox']; // CLEAN OUT INBOX if( $num_inbox_delete>0 ) { $sql = " SELECT se_pmconvoops.pmconvoop_pmconvo_id AS pmconvo_id FROM se_pmconvoops LEFT JOIN se_pmconvos ON se_pmconvos.pmconvo_id=se_pmconvoops.pmconvoop_pmconvo_id LEFT JOIN se_pms ON se_pms.pm_pmconvo_id=se_pmconvos.pmconvo_id WHERE se_pmconvoops.pmconvoop_user_id='{$current_recipient->user_info['user_id']}' && se_pmconvoops.pmconvoop_deleted_inbox=0 && se_pms.pm_id=(SELECT MAX(pm_id) FROM se_pms WHERE pm_pmconvo_id=se_pmconvoops.pmconvoop_pmconvo_id) ORDER BY se_pms.pm_date ASC LIMIT {$num_inbox_delete} "; $resource = $database->database_query($sql); while( $result=$database->database_fetch_assoc($resource) ) $delete_array[] = $result['pmconvo_id']; // DELETE $current_recipient->user_message_delete_selected($delete_array, 0); } // CLEAN OUT OUTBOX if( $num_outbox_delete>0 ) { $sql = " SELECT se_pmconvoops.pmconvoop_pmconvo_id AS pmconvo_id FROM se_pmconvoops LEFT JOIN se_pmconvos ON se_pmconvos.pmconvo_id=se_pmconvoops.pmconvoop_pmconvo_id LEFT JOIN se_pms ON se_pms.pm_pmconvo_id=se_pmconvos.pmconvo_id WHERE se_pmconvoops.pmconvoop_user_id='{$current_recipient->user_info['user_id']}' && se_pmconvoops.pmconvoop_deleted_outbox=0 && se_pms.pm_id=(SELECT MAX(pm_id) FROM se_pms WHERE pm_pmconvo_id=se_pmconvoops.pmconvoop_pmconvo_id) ORDER BY se_pms.pm_date ASC LIMIT {$num_outbox_delete} "; $resource = $database->database_query($sql); while( $result=$database->database_fetch_assoc($resource) ) $delete_array[] = $result['pmconvo_id']; // DELETE $current_recipient->user_message_delete_selected($delete_array, 1); } // CLEAR INACTIVE CONVERSATIONS $this->user_message_cleanup(); } } return $convo_id; } // END user_message_send() METHOD // // THIS METHOD DELETES MANY MESSAGES BASED ON WHAT HAS BEEN POSTED // // INPUT: // $delete_array CONTAINING THE ARRAY OF CONVERSATION IDs TO DELETE // $direction (OPTIONAL) REPRESENTING A "0" FOR MESSAGES SENT TO USER AND "1" FOR MESSAGES SENT BY USER // // OUTPUT: // void // function user_message_delete_selected($delete_array, $direction=0) { global $database; // START CONSTRUCTING QUERY $sql = " UPDATE se_pmconvoops SET "; // INCOMING MESSAGES if( !$direction ) $sql .= " se_pmconvoops.pmconvoop_deleted_inbox=1 "; // OUTGOING MESSAGES if( $direction ) $sql .= " se_pmconvoops.pmconvoop_deleted_outbox=1 "; // CONTINUE QUERY $sql .= " WHERE se_pmconvoops.pmconvoop_user_id='{$this->user_info['user_id']}' && se_pmconvoops.pmconvoop_pmconvo_id IN('".implode("', '", $delete_array)."') "; $database->database_query($sql); // DELETE ANY NOTIFICATIONS ASSOCIATED WITH THESE PMs $sql = " DELETE FROM se_notifys WHERE notify_user_id='{$this->user_info[user_id]}' && notify_notifytype_id='2' && notify_object_id IN('".implode("', '", $delete_array)."') "; $database->database_query($sql); } // END user_message_delete_selected() METHOD // // THIS METHOD CLEANS UP THE PM TABLES // // INPUT: // void // // OUTPUT: // void // function user_message_cleanup() { global $database; // CONSTRUCT QUERY $sql = " SELECT SUM(se_pmconvoops.pmconvoop_deleted_inbox) AS total_deleted_inbox, SUM(se_pmconvoops.pmconvoop_deleted_inbox) AS total_deleted_outbox, se_pmconvos.pmconvo_recipients, se_pmconvos.pmconvo_id FROM se_pmconvos LEFT JOIN se_pmconvoops ON se_pmconvoops.pmconvoop_pmconvo_id=se_pmconvos.pmconvo_id GROUP BY se_pmconvos.pmconvo_id LIMIT 50 "; $resource = $database->database_query($sql); $to_delete = array(); while( $result=$database->database_fetch_assoc($resource) && count($to_delete)<50 ) { if( $result['total_deleted_inbox']!=$result['pmconvo_recipients'] ) continue; if( $result['total_deleted_outbox']!=$result['pmconvo_recipients'] ) continue; $to_delete[] = $result['pmconvo_id']; } $to_delete = array_filter($to_delete); if( empty($to_delete) ) return; $sql = " DELETE FROM se_pmconvos, se_pms, se_pmconvoops USING se_pmconvos LEFT JOIN se_pms ON se_pms.pm_pmconvo_id=se_pmconvos.pmconvo_id LEFT JOIN se_pmconvoops ON se_pmconvoops.pmconvoop_pmconvo_id=se_pmconvos.pmconvo_id WHERE se_pmconvos.pmconvo_id IN('".join("','", $to_delete)."') "; $resource = $database->database_query($sql); } // END user_message_cleanup() METHOD // // THIS METHOD GETS CONVO INFO IF USER IS PART OF CONVO // // INPUT: // $convo_id // $validate_only // // OUTPUT: // void // function user_message_validate($convo_id, $validate_only=FALSE) { global $database; // GET PMCONVO INFO $sql = " SELECT se_pmconvos.*, se_pmconvoops.* FROM se_pmconvos LEFT JOIN se_pmconvoops ON se_pmconvoops.pmconvoop_pmconvo_id=se_pmconvos.pmconvo_id WHERE se_pmconvos.pmconvo_id='{$convo_id}' && se_pmconvoops.pmconvoop_user_id='{$this->user_info['user_id']}' LIMIT 1 "; $resource = $database->database_query($sql); if( !$database->database_num_rows($resource) ) return FALSE; if( $validate_only ) return TRUE; return $database->database_fetch_assoc($resource); } // END user_message_validate() METHOD // // THIS METHOD GETS CONVO INFO // // INPUT: // $convo_id // // OUTPUT: // void // function &user_message_view($convo_id) { global $database; if( !$this->user_message_validate($convo_id, TRUE) ) return FALSE; // SET MESSAGE TO READ $sql = "UPDATE se_pmconvoops SET pmconvoop_read=1 WHERE pmconvoop_pmconvo_id='{$convo_id}' && pmconvoop_user_id='{$this->user_info['user_id']}' LIMIT 1"; $resource = $database->database_query($sql); // DELETE NOTIFICATIONS $sql = "DELETE FROM se_notifys WHERE notify_user_id='{$this->user_info['user_id']}' AND notify_notifytype_id='2' AND notify_object_id='{$convo_id}'"; $resource = $database->database_query($sql); // GET COLLABORATORS // added user_blocklist $sql = " SELECT user_id, user_username, user_fname, user_lname, user_photo, user_blocklist FROM se_pmconvoops LEFT JOIN se_users ON se_users.user_id=se_pmconvoops.pmconvoop_user_id WHERE se_pmconvoops.pmconvoop_pmconvo_id='{$convo_id}' && se_pmconvoops.pmconvoop_user_id!='{$this->user_info['user_id']}' "; $resource = $database->database_query($sql); $collaborators = array(); $collaborators_by_id = array(); while( $result=$database->database_fetch_assoc($resource) ) { $coll = new SEUser(); $coll->user_info['user_id'] = $result['user_id']; $coll->user_info['user_username'] = $result['user_username']; $coll->user_info['user_photo'] = $result['user_photo']; $coll->user_info['user_fname'] = $result['user_fname']; $coll->user_info['user_lname'] = $result['user_lname']; $coll->user_info['user_blocklist'] = $result['user_blocklist']; // this was added to fix blocklist bug $coll->user_displayname(); $collaborators[] =& $coll; $collaborators_by_id[$result['user_id']] =& $coll; unset($coll); } // GET CONVERSATION $sql = " SELECT se_pms.* FROM se_pms WHERE pm_pmconvo_id='{$convo_id}' ORDER BY pm_date "; $resource = $database->database_query($sql); $pms = array(); while( $result=$database->database_fetch_assoc($resource) ) { $pm_info = $result; if( $pm_info['pm_authoruser_id']==$this->user_info['user_id'] ) $pm_info['author'] =& $this; else $pm_info['author'] =& $collaborators_by_id[$pm_info['pm_authoruser_id']]; $pms[] =& $pm_info; unset($pm_info); } return array ( 'collaborators' => &$collaborators, 'pms' => &$pms ); } // END user_message_view() METHOD function user_auth_token_create($persistent = false) { if( !$this->user_exists ) { return false; } $db =& SEDatabase::getInstance(); $id = false; while( !$id ) { $id = sha1(uniqid(mt_rand(), true)); $resource = $db->database_query("SELECT NULL FROM se_session_auth WHERE session_auth_key='{$id}' LIMIT 1"); if( $db->database_num_rows($resource) >= 1 ) { $id = false; } } $persistent = (bool) $persistent; $ua = md5($_SERVER['HTTP_USER_AGENT']); $ip = ip2long($_SERVER['REMOTE_ADDR']); $now = time(); $sql = " INSERT INTO se_session_auth (session_auth_key, session_auth_user_id, session_auth_ua, session_auth_ip, session_auth_type, session_auth_time) VALUES ('{$id}', '{$this->user_info['user_id']}', '{$ua}', '{$ip}', '{$persistent}', '{$now}') "; $resource = $db->database_query($sql); // Success, set token if( $resource ) { // Delete old token if necessary $this->user_auth_token_delete(null, false); // Set new token $cookie_lifetime = ( $persistent ? time() + (60 * 60 * 24 * 30 * 6) : 0 ); $host = get_simple_cookie_domain(); setcookie('se_auth_token', $id, $cookie_lifetime, '/', $host); return $id; } else { // Delete existing auth token on failure $this->user_auth_token_delete(null, true); return false; } } function user_auth_token_delete($id = null, $delete_cookie = true) { if( !$id ) { $id = $_COOKIE['se_auth_token']; if( !$id ) { return; } } // Remove cookie if( $delete_cookie ) { $host = get_simple_cookie_domain(); setcookie('se_auth_token', null, (int) time() / 2, '/', $host); } // Remove from db $db =& SEDatabase::getInstance(); $db->database_query("DELETE FROM se_session_auth WHERE session_auth_key='{$id}' LIMIT 1"); // Cleanup? ~6 months $mintime = time() - (60 * 60 * 24 * 30 * 6); $db->database_query("DELETE FROM se_session_auth WHERE session_auth_time<'{$mintime}'"); } function user_auth_token_check() { // We are already logged in? Why are we checking this? if( $this->user_exists ) { return true; } $id = @$_COOKIE['se_auth_token']; // No auth token set, fail if( !$id ) { return false; } $db =& SEDatabase::getInstance(); $ua = md5($_SERVER['HTTP_USER_AGENT']); $ip = ip2long($_SERVER['REMOTE_ADDR']); $resource = $db->database_query("SELECT session_auth_user_id, session_auth_type FROM se_session_auth WHERE session_auth_key='{$id}' && session_auth_ip='{$ip}' && session_auth_ua='{$ua}' LIMIT 1"); if( !$db->database_num_rows($resource) ) { // There was an invalid key, remove it $this->user_auth_token_delete(null, true); return false; } $info = $db->database_fetch_assoc($resource); $persistent = (bool) $info['session_auth_type']; $user_id = $info['session_auth_user_id']; // Should we populate use data here? $this->SEUser(array($user_id)); $this->user_setcookies($persistent); return $user_id; } } // Backwards compat class se_user extends SEUser { function se_user($user_unique = Array('0', '', ''), $select_fields = Array('*', '*', '*', '*')) { $this->SEUser($user_unique, $select_fields); } } ?>/* $Id: class_url.php 44 2009-01-30 03:45:23Z john $ */ // THIS CLASS CONTAINS URL-RELATED METHODS. // IT IS USED TO RETURN THE CURRENT URL AND CREATE NEW URLS // METHODS IN THIS CLASS: // se_url() // url_create() // url_current() // url_userdir() // url_encode() class SEUrl { // INITIALIZE VARIABLES var $is_error; // DETERMINES WHETHER THERE IS AN ERROR OR NOT var $url_base; // CONTAINS THE BASE URL TO WHICH FILENAMES CAN BE APPENDED var $convert_urls; // CONTAINS THE URL CONVERSIONS // THIS METHOD SETS THE BASE URL TO WHICH FILENAMES CAN BE APPENDED // INPUT: // OUTPUT: A STRING REPRESENTING A PATH TO WHICH FILENAMES CAN BE APPENDED TO CREATE URLs function SEUrl() { global $database; $server_array = explode("/", $_SERVER['PHP_SELF']); $server_array_mod = array_pop($server_array); if($server_array[count($server_array)-1] == "admin") { $server_array_mod = array_pop($server_array); } $server_info = implode("/", $server_array); $this->url_base = "http://".$_SERVER['HTTP_HOST'].$server_info."/"; $this->convert_urls =& SEUrl::getSettings(); } // END SEUrl() METHOD // THIS METHOD GETS URLS SETTINGS // INPUT: // OUTPUT: THE ARRAY OF SETTINGS function &getSettings() { static $url_settings; if( !is_array($url_settings) ) { $cache = SECache::getInstance(); // Get from cache if( is_object($cache) ) { $url_settings = $cache->get('site_url_settings'); } // Get from database if( !is_array($url_settings) ) { $database = SEDatabase::getInstance(); $resource = $database->database_query("SELECT url_file, url_regular, url_subdirectory FROM se_urls"); $url_settings = $database->database_load_all_assoc('url_file'); // Special case -_- $url_settings['profile'] = array( 'url_regular' => 'profile.php?user=$user', 'url_subdirectory' => '$user/' ); // Store in cache if( is_object($cache) ) { $cache->store($url_settings, 'site_url_settings'); } } } return $url_settings; } // END getSettings() METHOD // THIS METHOD CREATES A FULL URL TO A GIVEN PAGE // INPUT: $file REPRESENTING THE PAGE TO CREATE THE URL FOR // $user REPRESENTING THE USERNAME OF THE USER // THERE ARE FURTHER OPTIONAL PARAMETERS TO ALLOW FOR ADDITIONAL REPLACEMENTS // OUTPUT: A STRING REPRESENTING A URL function url_create($file, $user) { global $setting; $url_conversion = $this->convert_urls[$file]; if( $setting['setting_url'] == 1 ) { $new_url = $url_conversion['url_subdirectory']; } else { $new_url = $url_conversion['url_regular']; } $num_args = func_num_args(); $search = Array('$user'); $replace = Array($user); for($a=2;$a<$num_args;$a++) { $search[] = '$id'.($a-1); $replace[] = func_get_arg($a); } $new_url = str_replace($search, $replace, $new_url); return $this->url_base.$new_url; } // END url_create() METHOD // THIS METHOD RETURNS THE URL TO THE CURRENT PAGE // INPUT: // OUTPUT: A STRING REPRESENTING THE URL TO THE CURRENT PAGE function url_current() { $current_url_domain = $_SERVER['HTTP_HOST']; $current_url_path = $_SERVER['SCRIPT_NAME']; $current_url_querystring = $_SERVER['QUERY_STRING']; $current_url = "http://".$current_url_domain.$current_url_path; if($current_url_querystring != "") { $current_url .= "?".$current_url_querystring; } $current_url = urlencode($current_url); return $current_url; } // END url_current() METHOD // THIS METHOD RETURNS THE PATH TO THE GIVEN USER'S DIRECTORY // INPUT: $user_id REPRESENTING A USER'S USER_ID // OUTPUT: A STRING REPRESENTING THE RELATIVE PATH TO THE USER'S DIRECTORY function url_userdir($user_id) { $subdir = $user_id+999-(($user_id-1)%1000); $userdir = "./uploads_user/$subdir/$user_id/"; return $userdir; } // END url_userdir() METHOD // THIS METHOD RETURNS A URLENCODED VERSION OF THE GIVEN STRING // INPUT: $url REPRESENTING ANY STRING // OUTPUT: A STRING REPRESENTING A URLENCODED VERSION OF THE GIVEN STRING function url_encode($url) { return urlencode($url); } // END url_encode() METHOD } // Backwards compatibility class se_url extends SEUrl { function se_url() { $this->SEUrl(); } } ?>/* $Id: class_misc.php 44 2009-01-30 03:45:23Z john $ */ // THIS CLASS CONTAINS MISC METHODS TO BE AVAILABLE TO SMARTY // METHODS IN THIS CLASS: // photo_size() class se_misc { // THIS METHOD RETURNS WIDTH OR HEIGHT, PROPORTIONALLY, BASED ON GIVEN MAX WIDTH AND MAX HEIGHT // INPUT: $photo REPRESENTING THE PATH TO THE PHOTO // $max_width REPRESENTING THE MAXIMUM WIDTH IN PIXELS // $max_height REPRESENTING THE MAXIMUM HEIGHT IN PIXELS // $return_value (OPTIONAL) REPRESENTING THE VALUE TO RETURN (CAN BE "w" FOR WIDTH OR "h" FOR HEIGHT) // OUTPUT: A WIDTH OR HEIGHT IN PIXELS THAT SCALES THE PHOTO BASED ON A MAX WIDTH AND HEIGHT function photo_size($photo, $max_width, $max_height, $return_value = "w") { $dimensions = @getimagesize($photo); $width = $dimensions[0]; $height = $dimensions[1]; if($width > $max_width || $height > $max_height) { if($width > $max_width) { $height = $height*$max_width/$width; $width = $max_width; } if($height > $max_height) { $width = $width*$max_height/$height; $height = $max_height; } } if($return_value == "w") { $image_dimension = $width; } else { $image_dimension = $height; } return round($image_dimension, 2); } // END photo_size() METHOD } ?>/* $Id: class_ads.php 44 2009-01-30 03:45:23Z john $ */ // THIS CLASS IS USED TO DISPLAY AND MANAGE AD CAMPAIGN BANNERS // METHODS IN THIS CLASS: // se_ads() // ad_display() class se_ads { var $ad_top; // VARIABLE REPRESENTING PAGE TOP BANNER HTML var $ad_belowmenu; // VARIABLE REPRESENTING BELOW MENU BANNER HTML var $ad_left; // VARIABLE REPRESENTING LEFT SIDE BANNER HTML var $ad_right; // VARIABLE REPRESENTING RIGHT SIDE BANNER HTML var $ad_bottom; // VARIABLE REPRESENTING PAGE BOTTOM BANNER HTML var $ad_feed; // VARIABLE REPRESENTING ACTIVITY FEED BANNER HTML var $ad_custom; // VARIABLE REPRESENTING AN ARRAY OF CUSTOM BANNER HTML // THIS METHOD IS USED TO DETERMINE WHAT ADS SHOULD BE SHOWN ON THE PAGE // THIS ONLY INCLUDES AD CAMPAIGNS THAT HAVE BEEN GIVEN A POSITION BY THE ADMIN // OUTPUT: AD BANNER HTML (IF AVAILABLE) FOR PAGE TOP, BELOW MENU, LEFT, RIGHT, AND BOTTOM //function se_ads() { function load() { global $database, $datetime, $setting, $user; // GET CURRENT TIME IN ADMINS TIMEZONE $nowtime = time(); // BEGIN BUILDING AD QUERY $ad_querystring = "SELECT ad_id, ad_position, ad_html FROM se_ads WHERE ad_date_start<'{$nowtime}' AND (ad_date_end>'{$nowtime}' OR ad_date_end='0')"; // MAKE SURE AD IS NOT PAUSED $ad_querystring .= " AND ad_paused!='1'"; // MAKE SURE AD HAS NOT REACHED ITS VIEW LIMIT $ad_querystring .= " AND (ad_limit_views=0 OR ad_limit_views>ad_total_views)"; // MAKE SURE AD HAS NOT REACHED ITS CLICK LIMIT $ad_querystring .= " AND (ad_limit_clicks=0 OR ad_limit_clicks>ad_total_clicks)"; // MAKE SURE AD HAS NOT REACHED ITS CTR LIMIT $ad_querystring .= " AND (ad_limit_ctr=0 OR ad_limit_ctr<(ad_total_clicks/(ad_total_views+1))*100)"; // IF VIEWER IS NOT LOGGED-IN, ONLY SHOW PUBLIC AD CAMPAIGNS if( !$user->user_exists ) { $ad_querystring .= " AND ad_public='1'"; } // IF VIEWER IS LOGGED-IN, ONLY SHOW AD IF VIEWER'S LEVEL AND SUBNETS MATCH else { $level_id = $user->level_info['level_id']; $subnet_id = $user->subnet_info['subnet_id']; $ad_querystring .= " AND (ad_levels LIKE '%,{$level_id},%' AND ad_subnets LIKE '%,{$subnet_id},%')"; } // RANDOMIZE QUERY RESULTS $ad_querystring .= " ORDER BY RAND()"; // DETERMINE WHICH ADS SHOULD BE SHOWN $ad_query = $database->database_query($ad_querystring); // PREPARE STAT UPDATE QUERY $stats_id_array = array(); // SET AD HTML FOR EACH POSITION while( $ad_info = $database->database_fetch_assoc($ad_query) ) { // CONVERT TO HTML AND ADD CLICK-TRACKING JAVASCRIPT $ad_info['ad_html'] = htmlspecialchars_decode($ad_info['ad_html'], ENT_QUOTES); $ad_info['ad_html'] = "
{$ad_info['ad_html']}
"; $this->ad_custom[$ad_info['ad_id']] = $ad_info['ad_html']; if( $ad_info['ad_position'] == "top" && !$this->ad_top ) { $this->ad_top = $ad_info['ad_html']; $stats_id_array[] = $ad_info['ad_id']; } elseif( $ad_info['ad_position'] == "belowmenu" && !$this->ad_belowmenu ) { $this->ad_belowmenu = $ad_info['ad_html']; $stats_id_array[] = $ad_info['ad_id']; } elseif( $ad_info['ad_position'] == "left" && !$this->ad_left ) { $this->ad_left = $ad_info['ad_html']; $stats_id_array[] = $ad_info['ad_id']; } elseif( $ad_info['ad_position'] == "right" && !$this->ad_right ) { $this->ad_right = $ad_info['ad_html']; $stats_id_array[] = $ad_info['ad_id']; } elseif( $ad_info['ad_position'] == "feed" && !$this->ad_feed ) { $this->ad_feed = $ad_info['ad_html']; $stats_id_array[] = $ad_info['ad_id']; } elseif( $ad_info['ad_position'] == "bottom" && !$this->ad_bottom ) { $this->ad_bottom = $ad_info['ad_html']; $stats_id_array[] = $ad_info['ad_id']; } } // UPDATE THE ADS VIEW STATS if( !empty($stats_id_array) ) { $database->database_query("UPDATE se_ads SET ad_total_views=ad_total_views+1 WHERE ad_id IN('".join("', '", $stats_id_array)."')"); } } // END se_ads() METHOD // THIS METHOD IS DISPLAYS THE CUSTOM AD AND UPDATES THE VIEWS // INPUT: $ad_id REPRESENTING AN AD ID // OUTPUT: AD BANNER HTML (IF AVAILABLE) FOR GIVEN AD ID function ads_display($ad_id) { global $database; // UPDATE THE ADS VIEW STATS $database->database_query("UPDATE se_ads SET ad_total_views=ad_total_views+1 WHERE ad_id='{$ad_id}' LIMIT 1"); // DISPLAY AD return $this->ad_custom[$ad_id]; } // END ads_display() METHOD } ?>/* $Id: class_actions.php 164 2009-05-18 20:00:58Z john $ */ // THIS CLASS IS USED TO OUTPUT AND UPDATE RECENT ACTIVITY ACTIONS // METHODS IN THIS CLASS: // actions_add() // actions_display() // actions_allowed() class se_actions { // THIS METHOD ADDS A NEW ACTION // INPUT: $user REPRESENTING THE USER OBJECT OF THE USER WHO COMMITTED THE ACTION // $actiontype_name REPRESENTING THE TYPE OF ACTION COMMITTED // $replace (OPTIONAL) REPRESENTING AN ARRAY OF VALUES FOR THE ACTION TEXT STRING (MUST CORRESPOND TO ACTIONTYPE_VARS) // $action_media (OPTIONAL) REPRESENTING AN ARRAY OF VALUES FOR ACTION MEDIA // $timeframe (OPTIONAL) REPRESENTING THE TIME (IN SEC) AFTER WHICH TO INSERT A NEW ROW - SET TO 0 TO ALWAYS INSERT A NEW ROW // $replace_media (OPTIONAL) REPRESENTING WHETHER TO REPLACE MEDIA FOR AN OLD ACTION OR SIMPLY ADD ADDITIONAL MEDIA // $action_object_owner (OPTIONAL) REPRESENTING THE OWNER OF THE OBJECT (ex: 'user') // $action_object_owner_id (OPTIONAL) REPRESENTING THE ID OF THE OWNER // $action_object_privacy (OPTIONAL) REPRESENTING THE PRIVACY OF THE OBJECT function actions_add($user, $actiontype_name, $replace = array(), $action_media = array(), $timeframe = 0, $replace_media = false, $action_object_owner = "", $action_object_owner_id = 0, $action_object_privacy = 0) { global $database, $setting; // GET CURRENT DATE $nowdate = time(); // GET ACTIONTYPE INFO $actiontype_info = $database->database_fetch_assoc($database->database_query("SELECT * FROM se_actiontypes WHERE actiontype_name='$actiontype_name' LIMIT 1")); // DONT PUBLISH IF PRIVACY IS TURNED ON AND USER DISALLOWED THIS ACTION TYPE, OR IS NOT ENABLED BY ADMIN $user->user_settings(); $dontpublish_array = array_filter(explode(",", $user->usersetting_info['usersetting_actions_dontpublish'])); $publish = ( $actiontype_info['actiontype_enabled'] && ( ($setting['setting_actions_privacy'] == 1 && !in_array($actiontype_info['actiontype_id'], $dontpublish_array)) || !$setting['setting_actions_privacy'] ) ); // PUBLISH ACTION if( !$publish ) return; // DELETE OLDEST ACTION(S) FOR THIS USER IF MAX ACTIONS STORED PER USER IS REACHED $totalactions = $database->database_num_rows($database->database_query("SELECT action_id FROM se_actions WHERE action_user_id='{$user->user_info['user_id']}'")); if( $totalactions>$setting['setting_actions_actionsonprofile'] ) { $database->database_query("DELETE FROM se_actions WHERE action_user_id='{$user->user_info['user_id']}' ORDER BY action_id ASC LIMIT ".($totalactions-$setting['setting_actions_actionsonprofile'])); // CLEANUP THE ACTION MEDIA TABLE $database->database_query("DELETE se_actionmedia.* FROM se_actionmedia LEFT JOIN se_actions ON se_actions.action_id=se_actionmedia.actionmedia_action_id WHERE action_id IS NULL"); } // GET PREVIOUS ACTION OF THE SAME TYPE WITH TIMEFRAME SPECIFICATIONS $difference = ( ($nowdate < $timeframe) ? 0 : $nowdate - $timeframe ); $prev_query = $database->database_query("SELECT action_id FROM se_actions WHERE action_user_id='{$user->user_info['user_id']}' AND action_actiontype_id='{$actiontype_info['actiontype_id']}' AND action_date>'{$difference}' ORDER BY action_actiontype_id DESC LIMIT 1"); $update = (bool) $database->database_num_rows($prev_query); if( $update ) $prev = $database->database_fetch_assoc($prev_query); // SERIALIZE APPROPRIATE VARS $replace = array_map('stripslashes', $replace); $action_text = addslashes(serialize($replace)); // UPDATE OLD ACTION if( $update ) { $database->database_query(" UPDATE se_actions SET action_date='{$nowdate}', action_text='{$action_text}', action_object_privacy='{$action_object_privacy}' WHERE action_id='{$prev['action_id']}' AND action_user_id='{$user->user_info['user_id']}' AND action_actiontype_id='{$actiontype_info['actiontype_id']}' "); // DELETE OLD MEDIA IF NECESSARY if( $replace_media ) { $database->database_query("DELETE FROM se_actionmedia WHERE actionmedia_action_id='{$prev['action_id']}'"); } $action_id = $prev['action_id']; } // INSERT NEW ACTION else { $database->database_query(" INSERT INTO se_actions ( action_actiontype_id, action_date, action_user_id, action_text, action_object_owner, action_object_owner_id, action_object_privacy ) VALUES ( '{$actiontype_info['actiontype_id']}', '{$nowdate}', '{$user->user_info['user_id']}', '{$action_text}', '{$action_object_owner}', '{$action_object_owner_id}', '{$action_object_privacy}' ) "); $action_id = $database->database_insert_id(); } // INSERT MEDIA if( is_array($action_media) && !empty($action_media) && $action_id ) { foreach( $action_media as $action_media_index=>$action_media_data ) { $database->database_query(" INSERT INTO se_actionmedia ( actionmedia_action_id, actionmedia_path, actionmedia_link, actionmedia_width, actionmedia_height ) VALUES ( '{$action_id}', '{$action_media_data['media_path']}', '{$action_media_data['media_link']}', '{$action_media_data['media_width']}', '{$action_media_data['media_height']}' ) "); } } } // END actions_add() METHOD // THIS METHOD DISPLAYS A LIST OF RECENT UPDATES (ACTIONS) // INPUT: $visibility REPRESENTING A VISIBILITY SETTING // $actionsperuser REPRESENTING HOW MANY ACTIONS PER USER TO DISPLAY // $where (OPTIONAL) REPRESENTING A WHERE CLAUSE // OUTPUT: LIST OF RECENT ACTIONS function actions_display($visibility, $actionsperuser, $where = "") { global $database, $user, $owner, $setting; $actions_array = array(); // CACHING $cache_object = SECache::getInstance('serial'); $cache_id = 'actions_'.( $visibility ? $visibility : '0').'_'.$actionsperuser.'_'.( $owner->user_exists ? $owner->user_info['user_id'] : '0' ).'_'.( $user->user_exists ? $user->user_info['user_id'] : '0' ).( $where ? '_'.md5($where) : ''); if( is_object($cache_object) ) { $actions_array = $cache_object->get($cache_id); } // GET ACTIONS if( empty($actions_array) ) { // GET CURRENT DATE $nowdate = time(); // BEGIN BUILDING QUERY $actions_query = "SELECT se_actions.*, se_actiontypes.actiontype_icon, se_actiontypes.actiontype_text, se_actiontypes.actiontype_media FROM se_actions LEFT JOIN se_actiontypes ON se_actions.action_actiontype_id=se_actiontypes.actiontype_id"; // GET USER PREFERENCES, IF USER LOGGED IN $user_pref_where = ""; if( $setting['setting_actions_preference'] == 1 && $user->user_exists ) { if( empty($user->usersetting_info) ) $user->user_settings(); $usersetting_actions_display = join(',', array_filter(explode(',', $user->usersetting_info['usersetting_actions_display']))); $user_pref_where = " se_actiontypes.actiontype_id IN ({$usersetting_actions_display}) AND"; } switch($visibility) { // ALL ACTIONS, NO USER PREFS case 0: $actions_query .= " WHERE"; break; // ALL REGISTERED USERS, EXCLUDING LOGGED IN USER case 1: $actions_query .= " WHERE se_actions.action_user_id<>'{$user->user_info['user_id']}' AND"; $actions_query .= $user_pref_where; break; // ONLY MY FRIENDS AND EVERYONE IN MY SUBNET, EXCLUDING LOGGED IN USER case 2: $actions_query .= " LEFT JOIN se_friends ON se_friends.friend_user_id2=se_actions.action_user_id AND se_friends.friend_user_id1='{$user->user_info['user_id']}' AND se_friends.friend_status='1'"; $actions_query .= " LEFT JOIN se_users ON se_users.user_id=se_actions.action_user_id"; $actions_query .= " WHERE se_actions.action_user_id<>'{$user->user_info['user_id']}' AND"; $actions_query .= " (se_friends.friend_id <> 'NULL' OR se_users.user_subnet_id='{$user->user_info['user_subnet_id']}') AND"; $actions_query .= $user_pref_where; break; // ONLY MY FRIENDS, EXCLUDING LOGGED IN USER case 4: $actions_query .= " RIGHT JOIN se_friends ON se_friends.friend_user_id2=se_actions.action_user_id AND se_friends.friend_user_id1='{$user->user_info['user_id']}' AND se_friends.friend_status='1'"; $actions_query .= " WHERE se_actions.action_user_id<>'{$user->user_info['user_id']}' AND"; $actions_query .= $user_pref_where; break; } // CHECK PRIVACY $actions_query .= " CASE WHEN se_actions.action_object_owner='user' THEN CASE WHEN se_actions.action_user_id='{$user->user_info['user_id']}' THEN TRUE WHEN ((se_actions.action_object_privacy & @SE_PRIVACY_REGISTERED) AND '{$user->user_exists}'<>0) THEN TRUE WHEN ((se_actions.action_object_privacy & @SE_PRIVACY_ANONYMOUS) AND '{$user->user_exists}'=0) THEN TRUE WHEN ((se_actions.action_object_privacy & @SE_PRIVACY_SELF) AND se_actions.action_object_owner_id='{$user->user_info['user_id']}') THEN TRUE WHEN ((se_actions.action_object_privacy & @SE_PRIVACY_FRIEND) AND (SELECT TRUE FROM se_friends WHERE friend_user_id1=se_actions.action_object_owner_id AND friend_user_id2='{$user->user_info['user_id']}' AND friend_status='1' LIMIT 1)) THEN TRUE WHEN ((se_actions.action_object_privacy & @SE_PRIVACY_SUBNET) AND '{$user->user_exists}'<>0 AND (SELECT TRUE FROM se_users WHERE user_id=se_actions.action_object_owner_id AND user_subnet_id='{$user->user_info['user_subnet_id']}' LIMIT 1)) THEN TRUE WHEN ((se_actions.action_object_privacy & @SE_PRIVACY_FRIEND2) AND (SELECT TRUE FROM se_friends AS friends_primary LEFT JOIN se_users ON friends_primary.friend_user_id1=se_users.user_id LEFT JOIN se_friends AS friends_secondary ON friends_primary.friend_user_id2=friends_secondary.friend_user_id1 WHERE friends_primary.friend_user_id1=se_actions.action_object_owner_id AND friends_secondary.friend_user_id2='{$user->user_info['user_id']}' AND se_users.user_subnet_id='{$user->user_info['user_subnet_id']}' LIMIT 1)) THEN TRUE ELSE FALSE END "; // CALL HOOK ($hook = SE_Hook::exists('se_action_privacy')) ? SE_Hook::call($hook, array('actions_query' => &$actions_query)) : NULL; // RESUME CASE STATEMENT $actions_query .= " ELSE TRUE END AND "; // ADD WHERE CLAUSE IF NECESSARY if($where != "") { $actions_query .= " ($where) AND"; } // LIMIT RESULTS TO TIME PERIOD SPECIFIED BY ADMIN $actions_query .= " se_actions.action_date>".($nowdate-$setting['setting_actions_showlength']); // ORDER BY ACTION ID DESCENDING $actions_query .= " ORDER BY action_date DESC"; // LIMIT RESULTS TO MAX NUMBER SPECIFIED BY ADMIN $actions_query .= " LIMIT {$setting['setting_actions_actionsinlist']}"; // GET RECENT ACTIVITY FEED $actions = $database->database_query($actions_query); $actions_array = Array(); $actions_users_array = Array(); while($action = $database->database_fetch_assoc($actions)) { // ONLY DISPLAY THIS ACTION IF MAX OCCURRANCES PER USER HAS NOT YET BEEN REACHED $actions_users_array[] = $action['action_user_id']; $occurrances = array_count_values($actions_users_array); if($occurrances[$action['action_user_id']] <= $actionsperuser) { // UNSERIALIZE VARIABLES // NOTE: I don't like mb_unserialize: it ignores the strlen param. But it works... if( ($action_vars = unserialize($action['action_text']))===FALSE ) $action_vars = mb_unserialize($action['action_text']); // REGISTER PRELOADED TEXT SE_Language::_preload($action['actiontype_text']); // RETRIEVE MEDIA IF NECESSARY $action_media = false; if( $action['actiontype_media'] ) { $action_media = Array(); $media = $database->database_query("SELECT * FROM se_actionmedia WHERE actionmedia_action_id='{$action['action_id']}'"); while( $media_info = $database->database_fetch_assoc($media) ) { $action_media[] = $media_info; } } // ADD THIS ACTION TO OUTPUT ARRAY $actions_array[] = array( 'action_id' => $action['action_id'], 'action_date' => $action['action_date'], 'action_text' => $action['actiontype_text'], 'action_vars' => $action_vars, 'action_user_id' => $action['action_user_id'], //'action_username' => $action_username_info['user_username'], 'action_icon' => $action['actiontype_icon'], 'action_media' => $action_media ); } } // CACHE if( is_object($cache_object) ) { $cache_object->store($actions_array, $cache_id); } } // Process actions (load language) foreach( $actions_array as $action ) { SE_Language::_preload($action['action_text']); } // RETURN LIST OF ACTIONS return $actions_array; } // END actions_display() METHOD function actions_allowed() { global $user, $setting, $database; if( !$setting['setting_actions_preference'] ) return FALSE; $actiontypes_array = NULL; // CACHING $cache_object = SECache::getInstance('serial'); if( is_object($cache_object) ) { $actiontypes_array = $cache_object->get('actiontypes'); } // RETRIEVAL if( !is_array($actiontypes_array) || empty($actiontypes_array) ) { $resource = $database->database_query("SELECT actiontype_id, actiontype_desc FROM se_actiontypes WHERE actiontype_enabled=1"); while( $actiontype = $database->database_fetch_assoc($resource) ) { $actiontypes_array[] = $actiontype; } // CACHE if( is_object($cache_object) ) { $cache_object->store($actiontypes_array, 'actiontypes'); } } // POST PROCESSING if( empty($user->usersetting_info) ) $user->user_settings(); $actiontypes_display = explode(",", $user->usersetting_info['usersetting_actions_display']); foreach( $actiontypes_array as $actiontype_index=>$actiontype ) { SE_Language::_preload($actiontype['actiontype_desc']); // MAKE THIS ACTION TYPE SELECTED IF ITS NOT DISALLOWED BY USER $actiontypes_array[$actiontype_index]['actiontype_selected'] = ( in_array($actiontype['actiontype_id'], $actiontypes_display) ); } return $actiontypes_array; } } ?>/* $Id: functions_general.php 207 2009-08-07 01:54:51Z john $ */ // THIS FILE CONTAINS GENERAL FUNCTIONS // FUNCTIONS IN THIS FILE: // cheader() // make_page() // bumplog() // randomcode() // is_email_address() // str_ireplace() // htmlspecialchars_decode() // str_split() // security() // select_subnet() // link_field_values() // censor() // dirsize() // user_privacy_levels() // search_profile() // getmicrotime() // cleanHTML() // chopHTML() // choptext() // chunkHTML_split() // strlen_utf8() // mb_unserialize() // online_users() // site_statistics() // recent_signups() // recent_logins() // popular_users() // site_news() // friends_birthdays() // get_simple_cookie_domain() // THIS FUNCTION CHANGES LOCATION HEADER TO REDIRECT FOR IIS PRIOR TO SETTING COOKIES // INPUT: $url REPRESENTING THE URL TO REDIRECT TO // OUTPUT: function cheader($url) { if( ereg("Microsoft", $_SERVER['SERVER_SOFTWARE']) ) { header("Refresh: 0; URL=$url"); } else { header("Location: $url"); } exit(); } // END cheader() FUNCTION // THIS FUNCTION RETURNS APPROPRIATE PAGE VARIABLES // INPUT: $total_items REPRESENTING THE TOTAL NUMBER OF ITEMS // $items_per_page REPRESENTING THE NUMBER OF ITEMS PER PAGE // $p REPRESENTING THE CURRENT PAGE // OUTPUT: AN ARRAY CONTAINING THE STARTING ITEM, THE PAGE, AND THE MAX PAGE function make_page($total_items, $items_per_page, $p) { if( !$items_per_page ) $items_per_page = 1; $maxpage = ceil($total_items / $items_per_page); if( $maxpage <= 0 ) $maxpage = 1; $p = ( ($p > $maxpage) ? $maxpage : ( ($p < 1) ? 1 : $p ) ); $start = ($p - 1) * $items_per_page; return array($start, $p, $maxpage); } // END make_page() FUNCTION // THIS FUNCTION BUMPS LOGIN LOG // INPUT: // OUTPUT: function bumplog() { global $database; $log_entries = $database->database_num_rows($database->database_query("SELECT login_id FROM se_logins")); if( $log_entries > 1000 ) { $oldest_log = $database->database_fetch_assoc($database->database_query("SELECT login_id FROM se_logins ORDER BY login_id ASC LIMIT 0,1")); $database->database_query("DELETE FROM se_logins WHERE login_id='{$oldest_log['login_id']}'"); bumplog(); } } // END bumplog() FUNCTION // THIS FUNCTION RETURNS A RANDOM CODE OF DEFAULT LENGTH 8 // INPUT: $len (OPTIONAL) REPRESENTING THE LENGTH OF THE RANDOM STRING // OUTPUT: A RANDOM ALPHANUMERIC STRING function randomcode($len=8) { $code = NULL; for( $i=0; $i<$len; $i++ ) { $char = chr(rand(48,122)); while( !ereg("[a-zA-Z0-9]", $char) ) { if( $char == $lchar ) continue; $char = chr(rand(48,90)); } $pass .= $char; $lchar = $char; } return $pass; } // END randomcode() FUNCTION // THIS FUNCTION CHECKS IF PROVIDED STRING IS AN EMAIL ADDRESS // INPUT: $email REPRESENTING THE EMAIL ADDRESS TO CHECK // OUTPUT: TRUE/FALSE DEPENDING ON WHETHER THE EMAIL ADDRESS IS VALIDLY CONSTRUCTED function is_email_address($email) { $regexp = "/^[a-z0-9]+([a-z0-9_\+\\.-]+)*@([a-z0-9]+([\.-][a-z0-9]+)*)+\\.[a-z]{2,}$/i"; return (bool) preg_match($regexp, $email); } // END is_email_address() FUNCTION // THIS FUNCTION SETS STR_IREPLACE IF FUNCTION DOESN'T EXIST // INPUT: $search REPRESENTING THE STRING TO SEARCH FOR // $replace REPRESENTING THE STRING TO REPLACE IT WITH // $subject REPRESENTING THE STRING WITHIN WHICH TO SEARCH // OUTPUT: RETURNS A STRING IN WHICH ONE STRING HAS BEEN CASE-INSENSITIVELY REPLACED BY ANOTHER if( !function_exists('str_ireplace') ) { function str_ireplace($search, $replace, $subject) { $search = preg_quote($search, "/"); return preg_replace("/".$search."/i", $replace, $subject); } } // END str_ireplace() FUNCTION // THIS FUNCTION SETS HTMLSPECIALCHARS_DECODE IF FUNCTION DOESN'T EXIST // INPUT: $text REPRESENTING THE TEXT TO DECODE // $ent_quotes (OPTIONAL) REPRESENTING WHETHER TO REPLACE DOUBLE QUOTES, ETC // OUTPUT: A STRING WITH HTML CHARACTERS DECODED if( !function_exists('htmlspecialchars_decode') ) { function htmlspecialchars_decode($text, $ent_quotes = ENT_COMPAT) { if( $ent_quotes === ENT_QUOTES ) $text = str_replace(""", "\"", $text); if( $ent_quotes !== ENT_NOQUOTES ) $text = str_replace("'", "'", $text); $text = str_replace("<", "<", $text); $text = str_replace(">", ">", $text); $text = str_replace("&", "&", $text); return $text; } } // END htmlspecialchars() FUNCTION // THIS FUNCTION SETS STR_SPLIT IF FUNCTION DOESN'T EXIST // INPUT: $string REPRESENTING THE STRING TO SPLIT // $split_length (OPTIONAL) REPRESENTING WHERE TO CUT THE STRING // OUTPUT: AN ARRAY OF STRINGS if( !function_exists('str_split') ) { function str_split($string, $split_length = 1) { $count = strlen($string); if($split_length < 1) { return false; } elseif($split_length > $count) { return array($string); } else { $num = (int)ceil($count/$split_length); $ret = array(); for($i=0;$i<$num;$i++) { $ret[] = substr($string,$i*$split_length,$split_length); } return $ret; } } } // END str_split() FUNCTION // THIS FUNCTION STRIPSLASHES AND ENCODES HTML ENTITIES FOR SECURITY PURPOSES // INPUT: $value REPRESENTING A STRING OR ARRAY TO CLEAN // OUTPUT: THE ARRAY OR STRING WITH HTML CHARACTERS ENCODED function security($value) { if( is_array($value) ) { $value = array_map('security', $value); } else { if( !get_magic_quotes_gpc() ) { $value = htmlspecialchars($value, ENT_QUOTES, 'UTF-8'); } else { $value = htmlspecialchars(stripslashes($value), ENT_QUOTES, 'UTF-8'); } $value = str_replace("\\", "\\\\", $value); } return $value; } // END security() FUNCTION // THIS FUNCTION LINKS FIELD VALUES // INPUT: $field_value REPRESENTING THE VALUE TO LINK // $key (NEEDED TO USE ARRAY WALK) // $additional REPRESENTING THE ADDITIONAL PARAMETERS // OUTPUT: function link_field_values(&$field_value, $key, $additional) { global $url; $field_id = $additional[0]; $field_browse = $additional[1]; $field_link = $additional[2]; $field_display = $additional[3]; $field_value = trim($field_value); if( !trim($field_link) && $field_display == 2 ) { if( !$field_browse ) $field_browse = urlencode(htmlspecialchars_decode($field_value, ENT_QUOTES)); $browse_url = $url->url_base."search_advanced.php?task=browse&field_id={$field_id}&field_value={$field_browse}"; if( $field_value ) $field_value = "{$field_value}"; } elseif( trim($field_link) && $field_value ) { if( preg_match('/^www([.]?[a-zA-Z0-9_\/-])*/', $field_value) ) $field_link = "http://".$field_value; $link_to = str_replace("[field_value]", $field_value, $field_link); $field_value = "{$field_value}"; } } // END link_field_values() FUNCTION // THIS FUNCTION CENSORS WORDS FROM A STRING // INPUT: $field_value REPRESENTING THE VALUE TO CENSOR // OUTPUT: THE VALUE WITH BANNED WORDS CENSORED function censor($field_value) { global $setting; $censored_array = explode(",", trim($setting['setting_banned_words'])); foreach($censored_array as $key => $value) { $replace_value = str_pad("", strlen(trim($value)), "*"); $field_value = str_ireplace(trim($value), $replace_value, $field_value); } return $field_value; } // END censor() FUNCTION // THIS FUNCTION RETURNS THE SIZE OF A DIRECTORY // INPUT: $dirname REPRESENTING THE PATH TO A DIRECTORY // OUTPUT: THE SIZE OF ALL THE FILES WITHIN THE DIRECTORY function dirsize($dirname) { if( !is_dir($dirname) || !is_readable($dirname) ) return false; $dirname_stack[] = $dirname; $size = 0; do { $dirname = array_shift($dirname_stack); $handle = opendir($dirname); while(false !== ($file = readdir($handle))) { if($file != '.' && $file != '..' && is_readable($dirname . DIRECTORY_SEPARATOR . $file)) { if(is_dir($dirname . DIRECTORY_SEPARATOR . $file)) { $dirname_stack[] = $dirname . DIRECTORY_SEPARATOR . $file; } $size += filesize($dirname . DIRECTORY_SEPARATOR . $file); } } closedir($handle); } while( count($dirname_stack) > 0 ); return $size; } // END dirsize() FUNCTION // THIS FUNCTION RETURNS TEXT CORRESPONDING TO THE GIVEN USER PRIVACY LEVEL // INPUT: $privacy_level REPRESENTING THE LEVEL OF USER PRIVACY // OUTPUT: A STRING EXPLAINING THE GIVEN PRIVACY SETTING function user_privacy_levels($privacy_level) { global $functions_general; switch($privacy_level) { case 63: $privacy = 323; break; case 31: $privacy = 324; break; case 15: $privacy = 325; break; case 7: $privacy = 326; break; case 3: $privacy = 327; break; case 1: $privacy = 328; break; case 0: $privacy = 329; break; default: $privacy = ""; break; } return $privacy; } // END user_privacy_levels() FUNCTION // THIS FUNCTION SEARCHES THROUGH PROFILE INFORMATION // INPUT: // OUTPUT: function search_profile() { global $database, $url, $results_per_page, $p, $search_text, $t, $search_objects, $results, $total_results; // GET FIELDS $fields = $database->database_query(" SELECT profilefield_id AS field_id, profilefield_type AS field_type, profilefield_options AS field_options FROM se_profilefields WHERE profilefield_type<>'5' && (profilefield_dependency<>'0' OR (profilefield_dependency='0' AND profilefield_display<>'0')) "); $profile_query = "se_users.user_username LIKE '%{$search_text}%' OR CONCAT(se_users.user_fname, ' ', se_users.user_lname) LIKE '%{$search_text}%'"; // LOOP OVER FIELDS while($field_info = $database->database_fetch_assoc($fields)) { // TEXT FIELD OR TEXTAREA if( $field_info['field_type'] == 1 || $field_info['field_type'] == 2 ) { if( $profile_query ) $profile_query .= " OR "; $profile_query .= "`se_profilevalues`.`profilevalue_{$field_info['field_id']}` LIKE '%{$search_text}%'"; } // RADIO OR SELECT BOX elseif($field_info[field_type] == 3 || $field_info[field_type] == 4) { $options = unserialize($field_info['field_options']); $langids = Array(); $cases = Array(); for($i=0,$max=count($options);$i<$max;$i++) { $cases[] = "WHEN languagevar_id='{$options[$i]['label']}' THEN {$options[$i]['value']}"; $langids[] = $options[$i][label]; } if(count($cases) != 0) { if( $profile_query ) $profile_query .= " OR "; $profile_query .= "`se_profilevalues`.`profilevalue_{$field_info['field_id']}` IN (SELECT CASE ".implode(" ", $cases)." END AS value FROM se_languagevars WHERE languagevar_id IN (".implode(", ", $langids).") AND languagevar_value LIKE '%{$search_text}%')"; } } // CHECKBOX elseif($field_info[field_type] == 6) { $options = unserialize($field_info['field_options']); $langids = Array(); $cases = Array(); for($i=0,$max=count($options);$i<$max;$i++) { $cases[] = "WHEN languagevar_id='{$options[$i]['label']}' THEN ".(pow(2, $i)); $langids[] = $options[$i][label]; } if(count($cases) != 0) { if( $profile_query ) $profile_query .= " OR "; $profile_query .= "`se_profilevalues`.`profilevalue_{$field_info['field_id']}` & (SELECT sum(CASE ".implode(" ", $cases)." END) AS value FROM se_languagevars WHERE languagevar_id IN (".implode(", ", $langids).") AND languagevar_value LIKE '%{$search_text}%')"; } } } // CONSTRUCT QUERY $profile_query = " SELECT se_users.user_id, se_users.user_username, se_users.user_fname, se_users.user_lname, se_users.user_photo FROM se_profilevalues LEFT JOIN se_users ON se_profilevalues.profilevalue_user_id=se_users.user_id LEFT JOIN se_levels ON se_levels.level_id=se_users.user_level_id WHERE se_users.user_verified='1' AND se_users.user_enabled='1' AND (se_users.user_search='1' OR se_levels.level_profile_search='0') AND ($profile_query) "; // GET TOTAL PROFILES $total_profiles = $database->database_num_rows($database->database_query($profile_query." LIMIT 201")); // IF NOT TOTAL ONLY if($t == "0") { // MAKE PROFILE PAGES $start = ($p - 1) * $results_per_page; $limit = $results_per_page+1; // SEARCH PROFILES $online_users_array = online_users(); $profiles = $database->database_query($profile_query." ORDER BY se_users.user_id DESC LIMIT $start, $limit"); while($profile_info = $database->database_fetch_assoc($profiles)) { // CREATE AN OBJECT FOR USER $profile = new se_user(); $profile->user_info['user_id'] = $profile_info['user_id']; $profile->user_info['user_username'] = $profile_info['user_username']; $profile->user_info['user_fname'] = $profile_info['user_fname']; $profile->user_info['user_lname'] = $profile_info['user_lname']; $profile->user_info['user_photo'] = $profile_info['user_photo']; $profile->user_displayname(); // DETERMINE IF USER IS ONLINE $is_online = (bool) in_array($profile_info['user_username'], $online_users_array[0]); $results[] = Array( 'result_url' => $url->url_create('profile', $profile_info['user_username']), 'result_icon' => $profile->user_photo('./images/nophoto.gif', TRUE), 'result_name' => 509, 'result_name_1' => $profile->user_displayname, 'result_desc' => '', 'result_online' => $is_online ); } // SET TOTAL RESULTS $total_results = $total_profiles; } // SET ARRAY VALUES SE_Language::_preload_multi(509, 1072); if($total_profiles > 200) { $total_profiles = "200+"; } $search_objects[] = Array( 'search_type' => '0', 'search_lang' => 1072, 'search_total' => $total_profiles ); } // END search_profile() FUNCTION // THIS FUNCTION RETURNS TIME IN SECONDS WITH MICROSECONDS // INPUT: // OUTPUT: RETURNS THE TIME IN SECONDS WITH MICROSECONDS function getmicrotime() { list($usec, $sec) = explode(" ",microtime()); return ((float)$usec + (float)$sec); } // END getmicrotime() FUNCTION // THIS FUNCTION CLEANS HTML TAGS FROM TEXT // INPUT: $text REPRESENTING THE STRING TO CLEAN // $allowable_tags REPRESENTING THE ALLOWABLE HTML TAGS (AS A COMMA-DELIMITED STRING) // $forbidden_attr (OPTIONAL) REPRESENTING AND ARRAY OF ANY ADDITIONAL FORBIDDEN ATTRIBUTES (SUCH AS A STYLE TAG) // OUTPUT: THE CLEANED TEXT function cleanHTML($text, $allowable_tags, $forbidden_attr = "") { // INCLUDE FILTER CLASS if( !class_exists("InputFilter") ) require(SE_ROOT."/include/class_inputfilter.php"); // INSTANTIATE INPUT FILTER CLASS WITH APPROPRIATE TAGS $xssFilter = new InputFilter(explode(",", str_replace(" ", "", $allowable_tags)), "", 0, 1, 1); // ADD NECESSARY BLACKLIST ITEMS for($i=0;$iattrBlacklist[] = $forbidden_attr[$i]; } // RETURN PROCESSED TEXT return $xssFilter->process($text); } // END cleanHTML() FUNCTION // THIS FUNCTION TRIMS A GIVEN STRING PRESERVING HTML // INPUT: $string REPRESENTING THE STRING TO SHORTEN // $start REPRESENTING THE CHARACTER TO START WITH // $length REPRESENTING THE LENGTH OF THE STRING TO RETURN // OUTPUT: THE CLEANED TEXT function chopHTML($string, $start, $length=false) { $pattern = '/(\[\w+[^\]]*?\]|\[\/\w+\]|<\w+[^>]*?>|<\/\w+>)/i'; $clean = preg_replace($pattern, chr(1), $string); if(!$length) $str = substr($clean, $start); else { $str = substr($clean, $start, $length); $str = substr($clean, $start, $length + substr_count($str, chr(1))); } $pattern = str_replace(chr(1),'(.*?)',preg_quote($str)); if(preg_match('/'.$pattern.'/is', $string, $matched)) return $matched[0]; return $string; } // END chopHTML() FUNCTION // THIS FUNCTION CHOPS A GIVEN STRING AND INSERTS A STRING AT THE END OF EACH CHOP // INPUT: $string REPRESENTING THE STRING TO CHOP // $length REPRESENTING THE LENGTH OF EACH SEGMENT // $insert_char REPRESENTING THE STRING TO INSERT AT THE END OF EACH SEGMENT function choptext($string, $length=32, $insert_char=' ') { return preg_replace("!(?:^|\s)([\w\!\?\.]{" . $length . ",})(?:\s|$)!e",'chunk_split("\\1",' . $length . ',"' . $insert_char. '")',$string); } // END choptext() FUNCTION // THIS FUNCTION CHOPS A GIVEN STRING AND INSERTS A STRING AT THE END OF EACH CHOP (PRESERVING HTML ENTITIES) // INPUT: $html REPRESENTING THE STRING TO CHOP // $size REPRESENTING THE LENGTH OF EACH SEGMENT // $delim REPRESENTING THE STRING TO INSERT AT THE END OF EACH SEGMENT function chunkHTML_split($html, $size, $delim) { $pos=0; for($i=0;$i= $size && !$unsafe) { $out .= $delim; $unsafe = 0; $pos = 0; } $c = substr($html,$i,1); if($c == "&") $unsafe = 1; elseif($c == ";") $unsafe = 0; $out .= $c; $pos++; } return $out; } // END chunkHTML_split // THIS FUNCTION RETURNS THE LENGTH OF A STRING, ACCOUNTING FOR UTF8 CHARS // INPUT: $str REPRESENTING THE STRING // OUTPUT: THE LENGTH OF THE STRING function strlen_utf8($str) { $i = 0; $count = 0; $len = strlen($str); while($i < $len) { $chr = ord ($str[$i]); $count++; $i++; if($i >= $len) break; if($chr & 0x80) { $chr <<= 1; while ($chr & 0x80) { $i++; $chr <<= 1; } } } return $count; } // END strlen_utf8() FUNCTION // THIS FUNCTION MAKES UTF8 CHARS WORK IN SERIALIZE BY BASICALLY IGNORING THE STRING LENGTH PARAM // INPUT: $str REPRESENTING THE SERIALIZED STRING // OUTPUT: THE UNSERIALIZED DATA function mb_unserialize($serial_str) { $out = preg_replace('!s:(\d+):"(.*?)";!se', "'s:'.strlen('$2').':\"$2\";'", $serial_str ); return unserialize($out); } // END mb_unserialize() FUNCTION // THIS FUNCTION RETURNS AN ARRAY CONTAINING THE USERNAMES OF ONLINE USERS // INPUT: // OUTPUT: AN ARRAY OF USERNAMES FOR USERS CURRENTLY ACTIVE IN THE SYSTEM function online_users() { global $database; $online_array = NULL; // CACHING $cache_object = SECache::getInstance('serial'); if( is_object($cache_object) ) { $online_array = $cache_object->get('online_users'); } if( !is_array($online_array) ) { $total_visitors = 0; $onlineusers_array = array(); $onlineusers_usernames = array(); $online_time = time() - (10 * 60); $sql = "SELECT visitor_user_id AS user_id, visitor_user_username AS user_username, visitor_user_displayname AS user_displayname FROM se_visitors WHERE visitor_invisible=0 && visitor_lastactive>'{$online_time}' ORDER BY visitor_lastactive DESC LIMIT 2000"; $resource = $database->database_query($sql); while( $online_user_info = $database->database_fetch_assoc($resource) ) { // THIS IS A USER if( !empty($online_user_info['user_id']) ) { if( in_array($online_user_info['user_username'], $onlineusers_usernames) ) continue; $online_user = new se_user(); $online_user->user_info['user_id'] = $online_user_info['user_id']; $online_user->user_info['user_username'] = $online_user_info['user_username']; $online_user->user_info['user_displayname'] = $online_user_info['user_displayname']; $online_user->user_displayname = $online_user_info['user_displayname']; $onlineusers_array[] = $online_user; $onlineusers_usernames[] = $online_user->user_info['user_username']; } // THIS IS A VISITOR else { $total_visitors++; } } $online_array = array($onlineusers_array, $total_visitors, $onlineusers_usernames); // CACHE if( is_object($cache_object) ) { $cache_object->store($online_array, 'online_users'); } } return $online_array; } // END online_users() FUNCTION // THIS FUNCTION RETURNS AN ARRAY CONTAINING SITE STATISTICS // INPUT: // OUTPUT: AN ARRAY OF STATISTICS function site_statistics() { global $setting, $database, $database_name; $statistics = NULL; // CACHING $cache_object = SECache::getInstance('serial'); if( is_object($cache_object) ) { $statistics = $cache_object->get('site_statistics'); } // RETRIEVAL //if( !is_array($statistics) || empty($statistics) ) if( !is_array($statistics) ) { $statistics = array(); // Get default stats $total_members = $database->database_fetch_assoc($database->database_query("SELECT count(*) AS total_members FROM se_users")); $statistics['members'] = array( 'title' => 661, 'stat' => (int) ( isset($total_members['total_members']) ? $total_members['total_members'] : 0 ) ); if( $setting['setting_connection_allow'] ) { $total_friends = $database->database_fetch_assoc($database->database_query("SELECT count(*) AS total_friends FROM se_friends WHERE friend_status='1'")); $statistics['friends'] = array( 'title' => 662, 'stat' => (int) ( isset($total_friends['total_friends']) ? $total_friends['total_friends'] : 0 ) ); } $total_comments = 0; $comment_tables = $database->database_query("SHOW TABLES FROM `{$database_name}` LIKE 'se_%comments'"); while($table_info = $database->database_fetch_array($comment_tables)) { $comment_type = strrev(substr(strrev(substr($table_info[0], 3)), 8)); $table_comments = $database->database_fetch_assoc($database->database_query("SELECT count(*) AS total_comments FROM `se_{$comment_type}comments`")); $total_comments += $table_comments['total_comments']; } $statistics['comments'] = array( 'title' => 663, 'stat' => (int) $total_comments ); /* $total_media = 0; $media_tables = $database->database_query("SHOW TABLES FROM `{$database_name}` LIKE 'se_%media'"); while($table_info = $database->database_fetch_array($media_tables)) { $comment_type = strrev(substr(strrev(substr($table_info[0], 3)), 8)); $table_media = $database->database_fetch_assoc($database->database_query("SELECT count(*) AS total_media FROM se_{$comment_type}media")); $total_media += $total_media['total_media']; } $statistics['media'] = array( 'title' => 663, // TODO 'stat' => (int) $total_media ); */ /* $total_mediatags = 0; $mediatag_tables = $database->database_query("SHOW TABLES FROM `{$database_name}` LIKE 'se_%mediatags'"); while($table_info = $database->database_fetch_array($media_tables)) { $comment_type = strrev(substr(strrev(substr($table_info[0], 3)), 8)); $table_mediatags = $database->database_fetch_assoc($database->database_query("SELECT count(*) AS total_mediatags FROM se_{$comment_type}mediatags")); $total_mediatags += $total_mediatags['total_mediatags']; } $statistics['mediatags'] = array( 'title' => 663, // TODO 'stat' => (int) $total_mediatags ); */ // CALL HOOK // COMMENT OUT THIS NEXT LINE IF YOU ONLY WANT THE BASIC STATISTICS ($hook = SE_Hook::exists('se_site_statistics')) ? SE_Hook::call($hook, array('statistics' => &$statistics)) : NULL; // CACHE if( is_object($cache_object) ) { $cache_object->store($statistics, 'site_statistics'); } } // Load language foreach( $statistics as $stat ) { SE_Language::_preload($stat['title']); } return $statistics; } // END site_statistics() FUNCTION // THIS FUNCTION RETURNS AN ARRAY CONTAINING THE USERS THAT RECENTLY SIGNED UP // INPUT: // OUTPUT: function recent_signups() { global $setting, $database; $signups = NULL; // CACHING $cache_object = SECache::getInstance('serial'); if( is_object($cache_object) ) { $signups = $cache_object->get('recent_signups'); } // RETRIEVAL //if( !is_array($signups) || empty($signups) ) if( !is_array($signups) ) { $sql = "SELECT user_id, user_username, user_fname, user_lname, user_photo FROM se_users WHERE user_verified='1' AND user_enabled='1' AND user_search='1' AND user_photo<>'' ORDER BY user_signupdate DESC LIMIT 20"; $resource = $database->database_query($sql); $signups = array(); while( $user_info = $database->database_fetch_assoc($resource) ) { $signup_user = new se_user(); $signup_user->user_info['user_id'] = $user_info['user_id']; $signup_user->user_info['user_username'] = $user_info['user_username']; $signup_user->user_info['user_photo'] = $user_info['user_photo']; $signup_user->user_info['user_fname'] = $user_info['user_fname']; $signup_user->user_info['user_lname'] = $user_info['user_lname']; $signup_user->user_displayname(); $signups[] =& $signup_user; unset($signup_user); } // CACHE if( is_object($cache_object) ) { $cache_object->store($signups, 'recent_signups'); } } return $signups; } // END recent_signups() FUNCTION // THIS FUNCTION RETURNS AN ARRAY CONTAINING THE MOST RECENTLY LOGGED IN USERS // INPUT: // OUTPUT: function recent_logins() { global $setting, $database; $logins = NULL; // CACHING $cache_object = SECache::getInstance('serial'); if( is_object($cache_object) ) { $logins = $cache_object->get('recent_logins'); } // RETRIEVAL //if( !is_array($logins) || empty($logins) ) if( !is_array($logins) ) { $sql = "SELECT user_id, user_username, user_fname, user_lname, user_photo FROM se_users WHERE user_photo<>'' AND user_search='1' ORDER BY user_lastlogindate DESC LIMIT 20"; $resource = $database->database_query($sql); $logins = array(); while( $user_info = $database->database_fetch_assoc($resource) ) { $login_user = new se_user(); $login_user->user_info['user_id'] = $user_info['user_id']; $login_user->user_info['user_username'] = $user_info['user_username']; $login_user->user_info['user_photo'] = $user_info['user_photo']; $login_user->user_info['user_fname'] = $user_info['user_fname']; $login_user->user_info['user_lname'] = $user_info['user_lname']; $login_user->user_displayname(); $logins[] =& $login_user; unset($login_user); } // CACHE if( is_object($cache_object) ) { $cache_object->store($logins, 'recent_logins'); } } return $logins; } // END recent_logins() FUNCTION // THIS FUNCTION RETURNS AN ARRAY CONTAINING THE MOST POPULAR USERS // INPUT: // OUTPUT: function popular_users() { global $setting, $database; $popular_users = NULL; // CACHING $cache_object = SECache::getInstance('serial'); if( is_object($cache_object) ) { $popular_users = $cache_object->get('popular_users'); } // RETRIEVAL //if( !is_array($popular_users) || empty($popular_users) ) if( !is_array($popular_users) ) { $sql = "SELECT count(se_friends.friend_user_id2) AS num_friends, se_users.user_id, se_users.user_username, se_users.user_fname, se_users.user_lname, se_users.user_photo FROM se_friends LEFT JOIN se_users ON se_friends.friend_user_id1=se_users.user_id WHERE se_friends.friend_status='1' AND se_users.user_search='1' GROUP BY se_users.user_id ORDER BY num_friends DESC LIMIT 20"; $resource = $database->database_query($sql); $popular_users = array(); while( $user_info = $database->database_fetch_assoc($resource) ) { $popular_user = new se_user(); $popular_user->user_info['user_id'] = $user_info['user_id']; $popular_user->user_info['user_username'] = $user_info['user_username']; $popular_user->user_info['user_photo'] = $user_info['user_photo']; $popular_user->user_info['user_fname'] = $user_info['user_fname']; $popular_user->user_info['user_lname'] = $user_info['user_lname']; $popular_user->user_displayname(); $popular_users[] = array( 'friend' => &$popular_user, 'total_friends' => $user_info['num_friends'] ); unset($popular_user); } // CACHE if( is_object($cache_object) ) { $cache_object->store($popular_users, 'popular_users'); } } return $popular_users; } // END popular_users() FUNCTION // THIS FUNCTION RETURNS AN ARRAY CONTAINING THE MOST POPULAR USERS // INPUT: // OUTPUT: function site_news() { global $setting, $database; $news = NULL; // CACHING $cache_object = SECache::getInstance('serial'); if( is_object($cache_object) ) { $news = $cache_object->get('site_news'); } // RETRIEVAL //if( !is_array($news) || empty($news) ) if( !is_array($news) ) { $sql = "SELECT * FROM se_announcements ORDER BY announcement_order DESC LIMIT 20"; $resource = $database->database_query($sql); $news = array(); while( $news_info = $database->database_fetch_assoc($resource) ) { // CONVERT SUBJECT/BODY BACK TO HTML $news_info['announcement_body'] = htmlspecialchars_decode($news_info['announcement_body'], ENT_QUOTES); $news_info['announcement_subject'] = htmlspecialchars_decode($news_info['announcement_subject'], ENT_QUOTES); $news[] = $news_info; } // CACHE if( is_object($cache_object) ) { $cache_object->store($news, 'site_news'); } } return $news; } // END site_news() FUNCTION // THIS FUNCTION RETURNS AN ARRAY CONTAINING THE USERS FRIENDS BIRTHDAYS INFO // INPUT: // OUTPUT: function friends_birthdays() { global $setting, $database, $user; $birthdays = NULL; // CACHING $cache_object = SECache::getInstance('serial'); if( is_object($cache_object) ) { $birthdays = $cache_object->get('friends_birthdays_user_'.$user->user_info['user_id']); } // RETRIEVAL //if( !is_array($birthdays) || empty($birthdays) ) if( !is_array($birthdays) ) { $birthdays = array(); $sql = "SELECT profilefield_id, t2.profilecat_id FROM se_profilefields LEFT JOIN se_profilecats AS t1 ON se_profilefields.profilefield_profilecat_id=t1.profilecat_id LEFT JOIN se_profilecats AS t2 ON t1.profilecat_dependency=t2.profilecat_id WHERE profilefield_special='1'"; $resource = $database->database_query($sql); if( $database->database_num_rows($resource) > 0 ) { // CONSTRUCT QUERY $birthdays_upcoming_query = " SELECT se_users.user_id, se_users.user_username, se_users.user_fname, se_users.user_lname, CASE "; while( $birthday_field = $database->database_fetch_assoc($resource) ) { $birthdays_upcoming_query .= " WHEN se_users.user_profilecat_id='{$birthday_field['profilecat_id']}' THEN DATE_FORMAT(CONCAT(YEAR(CURDATE()), \"-\", MONTH(se_profilevalues.`profilevalue_{$birthday_field['profilefield_id']}`), \"-\", DAY(se_profilevalues.`profilevalue_{$birthday_field['profilefield_id']}`)), '%Y-%m-%d')"; $birthdays_upcoming_where[] = "(se_users.user_profilecat_id='{$birthday_field['profilecat_id']}' AND DAY(se_profilevalues.`profilevalue_{$birthday_field['profilefield_id']}`)<>'0' AND MONTH(se_profilevalues.`profilevalue_{$birthday_field['profilefield_id']}`)<>'0' AND CURDATE() <= DATE_FORMAT(CONCAT(YEAR(CURDATE()), \"-\", MONTH(se_profilevalues.`profilevalue_{$birthday_field['profilefield_id']}`), \"-\", DAY(se_profilevalues.`profilevalue_{$birthday_field['profilefield_id']}`)), '%Y-%m-%d') AND DATE_ADD(CURDATE(), INTERVAL 7 DAY) >= DATE_FORMAT(CONCAT(YEAR(CURDATE()), \"-\", MONTH(se_profilevalues.`profilevalue_{$birthday_field['profilefield_id']}`), \"-\", DAY(se_profilevalues.`profilevalue_{$birthday_field['profilefield_id']}`)), '%Y-%m-%d'))"; } $birthdays_upcoming_query .= " ELSE '0000-00-00' END AS birthday FROM se_friends LEFT JOIN se_users ON se_friends.friend_user_id2=se_users.user_id LEFT JOIN se_profilevalues ON se_users.user_id=se_profilevalues.profilevalue_user_id WHERE se_friends.friend_user_id1='{$user->user_info['user_id']}' AND (".implode(" OR ", $birthdays_upcoming_where).") ORDER BY birthday"; $resource = $database->database_query($birthdays_upcoming_query); while( $birthday_info = $database->database_fetch_assoc($resource) ) { $birthday_user = new se_user(); $birthday_user->user_info['user_id'] = $birthday_info['user_id']; $birthday_user->user_info['user_username'] = $birthday_info['user_username']; $birthday_user->user_info['user_fname'] = $birthday_info['user_fname']; $birthday_user->user_info['user_lname'] = $birthday_info['user_lname']; $birthday_user->user_displayname(); // SET BIRTHDAY $birthday_date = mktime(0, 0, 0, substr($birthday_info['birthday'], 5, 2), substr($birthday_info['birthday'], 8, 2), 1990); $birthdays[] = array( 'birthday_user_id' => $birthday_user->user_info['user_id'], 'birthday_user_username' => $birthday_user->user_info['user_username'], 'birthday_user_displayname' => $birthday_user->user_displayname, 'birthday_date' => $birthday_date, 'birthday_user' => &$birthday_user ); unset($birthday_user); } } // CACHE if( is_object($cache_object) ) { $cache_object->store($birthdays, 'friends_birthdays_user_'.$user->user_info['user_id']); } } return $birthdays; } // END friends_birthdays() FUNCTION function get_simple_cookie_domain($host = null) { // Quick config if( defined('SE_COOKIE_DOMAIN') ) { return SE_COOKIE_DOMAIN; } if( !$host ) { $host = $_SERVER["HTTP_HOST"]; } $host = parse_url($host); $host = $host['path']; $parts = explode('.', $host); switch( TRUE ) { // Do not use custom for these: // IP Address case ( preg_match('/\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}/', $host) ): // Intranet host case ( count($parts) === 1 ): return null; break; // Second level ccld case ( strlen($parts[count($parts)-1]) == 2 && strlen($parts[count($parts)-2]) <= 3 ): array_splice($parts, 0, count($parts) - 3); return join('.', $parts); break; // tld or first-level ccld default: array_splice($parts, 0, count($parts) - 2); return join('.', $parts); } return null; } ?>/* $Id: functions_stats.php 44 2009-01-30 03:45:23Z john $ */ // THIS FILE CONTAINS STAT-RELATED FUNCTIONS // FUNCTIONS IN THIS CLASS: // update_stats() // update_refurls() // THIS FUNCTION UPDATES THE LATEST ROW IN THE STATS TABLE // INPUT: $type REPRESENTING WHICH STAT TO INCREMENT // OUTPUT: function update_stats($type) { global $database; // INCREASE REQUESTED STAT VALUE $database->database_query(" INSERT INTO se_stats (`stat_date`, `stat_{$type}`) VALUES (UNIX_TIMESTAMP(CURDATE()), 1) ON DUPLICATE KEY UPDATE `stat_{$type}`=`stat_{$type}`+1 "); } // END update_stats() FUNCTION // THIS FUNCTION GETS THE CURRENT VIEWER'S REFERRING URL AND ADDS IT TO REF URL STATS TABLE // INPUT: // OUTPUT: function update_refurls() { global $database; // IF URL IS NOT EMPTY $referring_url = $_SERVER["HTTP_REFERER"]; if(strpos(strtolower($referring_url), strtolower($_SERVER["HTTP_HOST"])) !== FALSE) { return; } if( $referring_url ) { // IS URL ALREADY IN DATABASE? IF YES, ADD TO HITS. IF NO, ADD NEW ROW $referring_url = str_replace("http://www.", "http://", $referring_url); $database->database_query(" INSERT INTO se_statrefs (statref_hits, statref_url) VALUES ('1', '{$referring_url}') ON DUPLICATE KEY UPDATE statref_hits=statref_hits+1 "); // IF 1000 ROWS REACHED, DELETE ONE TO MAKE ROOM $refurl_totalrows = $database->database_num_rows($database->database_query("SELECT statref_id FROM se_statrefs")); if( $refurl_totalrows > 1000 ) $database->database_query("DELETE FROM se_statrefs WHERE statref_hits='1' ORDER BY statref_id ASC LIMIT 1"); } } // END update_refurls FUNCTION ?>/* $Id: class_javascript.php 150 2009-03-31 21:57:10Z john $ */ class SE_Javascript { function json_encode(&$data) { if( !function_exists('json_encode') ) return ''; return json_encode($data); } function generateSettings(&$settings) { return json_encode(array( 'setting_url' => (bool) $settings['setting_url'], 'setting_username' => (bool) $settings['setting_username'] )); } function generatePlugins(&$plugin_list) { // Fix those darn error messages in the admin panel if( !empty($plugin_list[0]) || !is_array($plugin_list) ) return '[]'; return json_encode(array_keys($plugin_list)); } function generateUserInfo(&$user_object) { if( !$user_object || !$user_object->user_exists) return json_encode(array('user_exists' => FALSE)); return json_encode(array( 'user_exists' => ( $user_object->user_exists ? TRUE : FALSE ), 'user_id' => (int) $user_object->user_info['user_id'], 'user_username' => $user_object->user_info['user_username'], 'user_fname' => $user_object->user_info['user_fname'], 'user_lname' => $user_object->user_info['user_lname'], 'user_subnet_id' => (int) $user_object->user_info['user_subnet_id'], 'user_status' => $user_object->user_info['user_status'], 'user_photo' => $user_object->user_info['user_photo'] )); } function generateURLBase(&$url_object) { return "'".addslashes($url_object->url_base)."'"; } function generateURLInfo(&$url_object) { return json_encode($url_object->convert_urls); } function generateNotifys(&$notify_data) { $data =& $notify_data['notifys']; foreach( $data as $index=>$notify_info ) { $data[$index]['notify_text_output'] = sprintf(SELanguage::_get($notify_info['notify_desc']), $notify_info['notify_total'], $notify_info['notify_text'][0]); } return json_encode($notify_data); } } ?>