/www/forum/bb-admin/admin-ajax.php

https://github.com/micz/elencode · PHP · 219 lines · 134 code · 43 blank · 42 comment · 26 complexity · 276eb16f6ab1fef7efac755e45062871 MD5 · raw file 

    

  1. <?php
    2. 

  2. require_once('../bb-load.php');
    3. 

  3. require_once(BB_PATH . 'bb-admin/admin-functions.php');
    4. 

  4. 

  5. if ( !$bb_current_id = bb_get_current_user_info( 'id' ) )
    6. 

  6. 	die('-1');
    7. 

  7. 

  8. define('DOING_AJAX', true);
    9. 

  9. 

  10. function bb_grab_results() {
    11. 

  11. 	global $ajax_results;
    12. 

  12. 	$ajax_results = @ unserialize(func_get_arg(0));
    13. 

  13. 	if ( false === $ajax_results )
    14. 

  14. 		$ajax_results = func_get_args();
    15. 

  15. 	return;
    16. 

  16. }
    17. 

  17. 

  18. $id = (int) @$_POST['id'];
    19. 

  19. 

  20. switch ( $action = $_POST['action'] ) :
    21. 

  21. case 'add-tag' : // $id is topic_id
    22. 

  22. 	if ( !bb_current_user_can('edit_tag_by_on', $bb_current_id, $id) )
    23. 

  23. 		die('-1');
    24. 

  24. 

  25. 	bb_check_ajax_referer( "add-tag_$id" );
    26. 

  26. 

  27. 	global $tag, $topic;
    28. 

  28. 	add_action('bb_tag_added', 'bb_grab_results', 10, 3);
    29. 

  29. 	add_action('bb_already_tagged', 'bb_grab_results', 10, 3);
    30. 

  30. 	$tag_name = @$_POST['tag'];
    31. 

  31. 	$tag_name = stripslashes( $tag_name );
    32. 

  32. 

  33. 	$topic = get_topic( $id );
    34. 

  34. 	if ( !$topic )
    35. 

  35. 		die('0');
    36. 

  36. 

  37. 	$tag_name = rawurldecode($tag_name);
    38. 

  38. 	$x = new WP_Ajax_Response();
    39. 

  39. 	foreach ( bb_add_topic_tags( $id, $tag_name ) as $tag_id ) {
    40. 

  40. 		if ( !is_numeric($tag_id) || !$tag = bb_get_tag( $tag_id, bb_get_current_user_info( 'id' ), $topic->topic_id ) )
    41. 

  41. 			if ( !$tag = bb_get_tag( $tag_id ) )
    42. 

  42. 				continue;
    43. 

  43. 		$tag_id_val = $tag->tag_id . '_' . $tag->user_id;
    44. 

  44. 		$tag->raw_tag = attribute_escape( $tag->raw_tag );
    45. 

  45. 		$x->add( array(
    46. 

  46. 			'what' => 'tag',
    47. 

  47. 			'id' => $tag_id_val,
    48. 

  48. 			'data' => "<li id='tag-$tag_id_val'><a href='" . bb_get_tag_link() . "' rel='tag'>$tag->raw_tag</a> " . bb_get_tag_remove_link() . '</li>' 
    49. 

  49. 		) );
    50. 

  50. 	}
    51. 

  51. 	$x->send();
    52. 

  52. 	break;
    53. 

  53. 

  54. case 'delete-tag' :
    55. 

  55. 	list($tag_id, $user_id) = explode('_', $_POST['id']);
    56. 

  56. 	$tag_id   = (int) $tag_id;
    57. 

  57. 	$user_id  = (int) $user_id;
    58. 

  58. 	$topic_id = (int) $_POST['topic_id'];
    59. 

  59. 

  60. 	if ( !bb_current_user_can('edit_tag_by_on', $user_id, $topic_id) )
    61. 

  61. 		die('-1');
    62. 

  62. 

  63. 	bb_check_ajax_referer( "remove-tag_$tag_id|$topic_id" );
    64. 

  64. 

  65. 	add_action('bb_rpe_tag_removed', 'bb_grab_results', 10, 3);
    66. 

  66. 

  67. 	$tag   = bb_get_tag( $tag_id );
    68. 

  68. 	$user  = bb_get_user( $user_id );
    69. 

  69. 	$topic = get_topic ( $topic_id );
    70. 

  70. 	if ( !$tag || !$topic )
    71. 

  71. 		die('0');
    72. 

  72. 	if ( bb_remove_topic_tag( $tag_id, $user_id, $topic_id ) )
    73. 

  73. 		die('1');
    74. 

  74. 	break;
    75. 

  75. 

  76. case 'dim-favorite' :
    77. 

  77. 	$topic_id = (int) @$_POST['topic_id'];
    78. 

  78. 	$user_id  = (int) @$_POST['user_id'];
    79. 

  79. 

  80. 	$topic = get_topic( $topic_id );
    81. 

  81. 	$user = bb_get_user( $user_id );
    82. 

  82. 	if ( !$topic || !$user )
    83. 

  83. 		die('0');
    84. 

  84. 

  85. 	if ( !bb_current_user_can( 'edit_favorites_of', $user->ID ) )
    86. 

  86. 		die('-1');
    87. 

  87. 

  88. 	bb_check_ajax_referer( "toggle-favorite_$topic_id" );
    89. 

  89. 

  90. 	$is_fav = is_user_favorite( $user_id, $topic_id );
    91. 

  91. 

  92. 	if ( 1 == $is_fav ) {
    93. 

  93. 		if ( bb_remove_user_favorite( $user_id, $topic_id ) )
    94. 

  94. 			die('1');
    95. 

  95. 	} elseif ( false === $is_fav ) {
    96. 

  96. 		if ( bb_add_user_favorite( $user_id, $topic_id ) )
    97. 

  97. 			die('1');
    98. 

  98. 	}
    99. 

  99. 	break;
    100. 

  100. 

  101. case 'delete-post' : // $id is post_id
    102. 

  102. 	if ( !bb_current_user_can( 'delete_post', $id ) )
    103. 

  103. 		die('-1');
    104. 

  104. 

  105. 	bb_check_ajax_referer( "delete-post_$id" );
    106. 

  106. 

  107. 	$page = (int) $_POST['page'];
    108. 

  108. 	$last_mod = (int) $_POST['last_mod'];
    109. 

  109. 

  110. 	$bb_post = bb_get_post( $id );
    111. 

  111. 

  112. 	if ( !$bb_post )
    113. 

  113. 		die('0');
    114. 

  114. 

  115. 	$topic = get_topic( $bb_post->topic_id );
    116. 

  116. 

  117. 	if ( bb_delete_post( $id, 1 ) )
    118. 

  118. 		die('1');
    119. 

  119. 	break;
    120. 

  120. /*
    121. 

  121. case 'add-post' : // Can put last_modified stuff back in later
    122. 

  122. 	bb_check_ajax_referer( $action );
    123. 

  123. 	$error = false;
    124. 

  124. 	$post_id = 0;
    125. 

  125. 	$topic_id = (int) $_POST['topic_id'];
    126. 

  126. 	$last_mod = (int) $_POST['last_mod'];
    127. 

  127. 	if ( !$post_content = trim($_POST['post_content']) )
    128. 

  128. 		$error = new WP_Error( 'no-content', __('You need to actually submit some content!') );
    129. 

  129. 	if ( !bb_current_user_can( 'write_post', $topic_id ) )
    130. 

  130. 		die('-1');
    131. 

  131. 	if ( !$topic = get_topic( $topic_id ) )
    132. 

  132. 		die('0');
    133. 

  133. 	if ( !topic_is_open( $topic_id ) )
    134. 

  134. 		$error = new WP_Error( 'topic-closed', __('This topic is closed.') );
    135. 

  135. 	if ( $throttle_time = bb_get_option( 'throttle_time' ) )
    136. 

  136. 		if ( isset($bb_current_user->data->last_posted) && time() < $bb_current_user->data->last_posted + $throttle_time && !bb_current_user_can('throttle') )
    137. 

  137. 			$error = new WP_Error( 'throttle-limit', sprintf( __('Slow down!  You can only post every %d seconds.'), $throttle_time );
    138. 

    139. 

  139. 	if ( !$error ) :
    140. 

  140. 		if ( !$post_id = bb_new_post( $topic_id, rawurldecode($_POST['post_content']) ) )
    141. 

  141. 			die('0');
    142. 

    143. 

  143. 		$bb_post = bb_get_post( $post_id );
    144. 

    145. 

  145. 		$new_page = get_page_number( $bb_post->post_position );
    146. 

    147. 

  147. 		ob_start();
    148. 

  148. 			echo "<li id='post-$post_id'>";
    149. 

  149. 			bb_post_template();
    150. 

  150. 			echo '</li>';
    151. 

  151. 		$data = ob_get_contents();
    152. 

  152. 		ob_end_clean();
    153. 

  153. 	endif;
    154. 

  154. 	$x = new WP_Ajax_Response( array(
    155. 

  155. 		'what' => 'post',
    156. 

  156. 		'id' => $post_id,
    157. 

  157. 		'data' => is_wp_error($error) ? $error : $data
    158. 

  158. 	) );
    159. 

  159. 	$x->send();
    160. 

  160. 	break;
    161. 

  161. */
    162. 

  162. case 'add-forum' :
    163. 

  163. 	if ( !bb_current_user_can( 'manage_forums' ) )
    164. 

  164. 		die('-1');
    165. 

  165. 

  166. 	bb_check_ajax_referer( $action );
    167. 

  167. 

  168. 	if ( !$forum_id = bb_new_forum( $_POST ) )
    169. 

  169. 		die('0');
    170. 

  170. 

  171. 	global $forums_count;
    172. 

  172. 	$forums_count = 2; // Hack
    173. 

  173. 

  174. 	$x = new WP_Ajax_Response( array(
    175. 

  175. 		'what' => 'forum',
    176. 

  176. 		'id' => $forum_id,
    177. 

  177. 		'data' => bb_forum_row( $forum_id, false, true )
    178. 

  178. 	) );
    179. 

  179. 	$x->send();
    180. 

  180. 	break;
    181. 

  181. 

  182. case 'order-forums' :
    183. 

  183. 	if ( !bb_current_user_can( 'manage_forums' ) )
    184. 

  184. 		die('-1');
    185. 

  185. 

  186. 	bb_check_ajax_referer( $action );
    187. 

  187. 

  188. 	if ( !is_array($_POST['order']) )
    189. 

  189. 		die('0');
    190. 

  190. 

  191. 	global $bbdb;
    192. 

  192. 

  193. 	$forums = array();
    194. 

  194. 

  195. 	get_forums(); // cache
    196. 

  196. 

  197. 	foreach ( $_POST['order'] as $pos => $forum_id ) :
    198. 

  198. 		$forum = $bbdb->escape_deep( get_object_vars( get_forum( $forum_id ) ) );
    199. 

  199. 		$forum['forum_order'] = $pos;
    200. 

  200. 		$forums[(int) $forum_id] = $forum;
    201. 

  201. 	endforeach;
    202. 

  202. 

  203. 	foreach ( $_POST['root'] as $root => $ids )
    204. 

  204. 		foreach ( $ids as $forum_id )
    205. 

  205. 			$forums[(int) $forum_id]['forum_parent'] = (int) $root;
    206. 

  206. 

  207. 	foreach ( $forums as $forum )
    208. 

  208. 		bb_update_forum( $forum );
    209. 

  209. 

  210. 	die('1');
    211. 

  211. 	break;
    212. 

  212. 

  213. default :
    214. 

  214. 	do_action( 'bb_ajax_' . $_POST['action'] );
    215. 

  215. 	break;
    216. 

  216. endswitch;
    217. 

  217. 

  218. die('0');
    219. 

  219. ?>
    220.