a/admin_bans.php |
b/admin_bans.php |
30: { | 30: { |
31: $user_id = intval($_GET['add_ban']); | 31: $user_id = intval($_GET['add_ban']); |
32: if ($user_id < 2) | 32: if ($user_id < 2) |
33: message($lang_common['Bad request']); | 33: message($lang_common['Bad request'], false, '404 Not Found'); |
34: | 34: |
35: $result = $db->query('SELECT group_id, username, email FROM '.$db->prefix.'users WHERE id='.$user_id) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error()); | 35: $result = $db->query('SELECT group_id, username, email FROM '.$db->prefix.'users WHERE id='.$user_id) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error()); |
36: if ($db->num_rows($result)) | 36: if ($db->num_rows($result)) |
84: { | 84: { |
85: $ban_id = intval($_GET['edit_ban']); | 85: $ban_id = intval($_GET['edit_ban']); |
86: if ($ban_id < 1) | 86: if ($ban_id < 1) |
87: message($lang_common['Bad request']); | 87: message($lang_common['Bad request'], false, '404 Not Found'); |
88: | 88: |
89: $result = $db->query('SELECT username, ip, email, message, expire FROM '.$db->prefix.'bans WHERE id='.$ban_id) or error('Unable to fetch ban info', __FILE__, __LINE__, $db->error()); | 89: $result = $db->query('SELECT username, ip, email, message, expire FROM '.$db->prefix.'bans WHERE id='.$ban_id) or error('Unable to fetch ban info', __FILE__, __LINE__, $db->error()); |
90: if ($db->num_rows($result)) | 90: if ($db->num_rows($result)) |
91: list($ban_user, $ban_ip, $ban_email, $ban_message, $ban_expire) = $db->fetch_row($result); | 91: list($ban_user, $ban_ip, $ban_email, $ban_message, $ban_expire) = $db->fetch_row($result); |
92: else | 92: else |
93: message($lang_common['Bad request']); | 93: message($lang_common['Bad request'], false, '404 Not Found'); |
94: | 94: |
95: $diff = ($pun_user['timezone'] + $pun_user['dst']) * 3600; | 95: $diff = ($pun_user['timezone'] + $pun_user['dst']) * 3600; |
96: $ban_expire = ($ban_expire != '') ? gmdate('Y-m-d', $ban_expire + $diff) : ''; | 96: $ban_expire = ($ban_expire != '') ? gmdate('Y-m-d', $ban_expire + $diff) : ''; |
116: <?php endif; ?> <fieldset> | 116: <?php endif; ?> <fieldset> |
117: <legend><?php echo $lang_admin_bans['Ban advanced subhead'] ?></legend> | 117: <legend><?php echo $lang_admin_bans['Ban advanced subhead'] ?></legend> |
118: <div class="infldset"> | 118: <div class="infldset"> |
119: <table class="aligntop" cellspacing="0"> | 119: <table class="aligntop"> |
120: <tr> | 120: <tr> |
121: <th scope="row"><?php echo $lang_admin_bans['Username label'] ?></th> | 121: <th scope="row"><?php echo $lang_admin_bans['Username label'] ?></th> |
122: <td> | 122: <td> |
147: <fieldset> | 147: <fieldset> |
148: <legend><?php echo $lang_admin_bans['Message expiry subhead'] ?></legend> | 148: <legend><?php echo $lang_admin_bans['Message expiry subhead'] ?></legend> |
149: <div class="infldset"> | 149: <div class="infldset"> |
150: <table class="aligntop" cellspacing="0"> | 150: <table class="aligntop"> |
151: <tr> | 151: <tr> |
152: <th scope="row"><?php echo $lang_admin_bans['Ban message label'] ?></th> | 152: <th scope="row"><?php echo $lang_admin_bans['Ban message label'] ?></th> |
153: <td> | 153: <td> |
308: | 308: |
309: $ban_id = intval($_GET['del_ban']); | 309: $ban_id = intval($_GET['del_ban']); |
310: if ($ban_id < 1) | 310: if ($ban_id < 1) |
311: message($lang_common['Bad request']); | 311: message($lang_common['Bad request'], false, '404 Not Found'); |
312: | 312: |
313: $db->query('DELETE FROM '.$db->prefix.'bans WHERE id='.$ban_id) or error('Unable to delete ban', __FILE__, __LINE__, $db->error()); | 313: $db->query('DELETE FROM '.$db->prefix.'bans WHERE id='.$ban_id) or error('Unable to delete ban', __FILE__, __LINE__, $db->error()); |
314: | 314: |
407: <h2><span><?php echo $lang_admin_bans['Results head'] ?></span></h2> | 407: <h2><span><?php echo $lang_admin_bans['Results head'] ?></span></h2> |
408: <div class="box"> | 408: <div class="box"> |
409: <div class="inbox"> | 409: <div class="inbox"> |
410: <table cellspacing="0"> | 410: <table> |
411: <thead> | 411: <thead> |
412: <tr> | 412: <tr> |
413: <th class="tcl" scope="col"><?php echo $lang_admin_bans['Results username head'] ?></th> | 413: <th class="tcl" scope="col"><?php echo $lang_admin_bans['Results username head'] ?></th> |
489: <fieldset> | 489: <fieldset> |
490: <legend><?php echo $lang_admin_bans['Add ban subhead'] ?></legend> | 490: <legend><?php echo $lang_admin_bans['Add ban subhead'] ?></legend> |
491: <div class="infldset"> | 491: <div class="infldset"> |
492: <table class="aligntop" cellspacing="0"> | 492: <table class="aligntop"> |
493: <tr> | 493: <tr> |
494: <th scope="row"><?php echo $lang_admin_bans['Username label'] ?><div><input type="submit" name="add_ban" value="<?php echo $lang_admin_common['Add'] ?>" tabindex="2" /></div></th> | 494: <th scope="row"><?php echo $lang_admin_bans['Username label'] ?><div><input type="submit" name="add_ban" value="<?php echo $lang_admin_common['Add'] ?>" tabindex="2" /></div></th> |
495: <td> | 495: <td> |
513: <legend><?php echo $lang_admin_bans['Ban search subhead'] ?></legend> | 513: <legend><?php echo $lang_admin_bans['Ban search subhead'] ?></legend> |
514: <div class="infldset"> | 514: <div class="infldset"> |
515: <p><?php echo $lang_admin_bans['Ban search info'] ?></p> | 515: <p><?php echo $lang_admin_bans['Ban search info'] ?></p> |
516: <table class="aligntop" cellspacing="0"> | 516: <table class="aligntop"> |
517: <tr> | 517: <tr> |
518: <th scope="row"><?php echo $lang_admin_bans['Username label'] ?></th> | 518: <th scope="row"><?php echo $lang_admin_bans['Username label'] ?></th> |
519: <td><input type="text" name="form[username]" size="25" maxlength="25" tabindex="4" /></td> | 519: <td><input type="text" name="form[username]" size="25" maxlength="25" tabindex="4" /></td> |
a/admin_forums.php |
b/admin_forums.php |
27: | 27: |
28: $add_to_cat = intval($_POST['add_to_cat']); | 28: $add_to_cat = intval($_POST['add_to_cat']); |
29: if ($add_to_cat < 1) | 29: if ($add_to_cat < 1) |
30: message($lang_common['Bad request']); | 30: message($lang_common['Bad request'], false, '404 Not Found'); |
31: | 31: |
32: $db->query('INSERT INTO '.$db->prefix.'forums (forum_name, cat_id) VALUES(\''.$db->escape($lang_admin_forums['New forum']).'\', '.$add_to_cat.')') or error('Unable to create forum', __FILE__, __LINE__, $db->error()); | 32: $db->query('INSERT INTO '.$db->prefix.'forums (forum_name, cat_id) VALUES(\''.$db->escape($lang_admin_forums['New forum']).'\', '.$add_to_cat.')') or error('Unable to create forum', __FILE__, __LINE__, $db->error()); |
33: | 33: |
47: | 47: |
48: $forum_id = intval($_GET['del_forum']); | 48: $forum_id = intval($_GET['del_forum']); |
49: if ($forum_id < 1) | 49: if ($forum_id < 1) |
50: message($lang_common['Bad request']); | 50: message($lang_common['Bad request'], false, '404 Not Found'); |
51: | 51: |
52: if (isset($_POST['del_forum_comply'])) // Delete a forum with all posts | 52: if (isset($_POST['del_forum_comply'])) // Delete a forum with all posts |
53: { | 53: { |
147: { | 147: { |
148: $forum_id = intval($_GET['edit_forum']); | 148: $forum_id = intval($_GET['edit_forum']); |
149: if ($forum_id < 1) | 149: if ($forum_id < 1) |
150: message($lang_common['Bad request']); | 150: message($lang_common['Bad request'], false, '404 Not Found'); |
151: | 151: |
152: // Update group permissions for $forum_id | 152: // Update group permissions for $forum_id |
153: if (isset($_POST['save'])) | 153: if (isset($_POST['save'])) |
165: message($lang_admin_forums['Must enter name message']); | 165: message($lang_admin_forums['Must enter name message']); |
166: | 166: |
167: if ($cat_id < 1) | 167: if ($cat_id < 1) |
168: message($lang_common['Bad request']); | 168: message($lang_common['Bad request'], false, '404 Not Found'); |
169: | 169: |
170: $forum_desc = ($forum_desc != '') ? '\''.$db->escape($forum_desc).'\'' : 'NULL'; | 170: $forum_desc = ($forum_desc != '') ? '\''.$db->escape($forum_desc).'\'' : 'NULL'; |
171: $redirect_url = ($redirect_url != '') ? '\''.$db->escape($redirect_url).'\'' : 'NULL'; | 171: $redirect_url = ($redirect_url != '') ? '\''.$db->escape($redirect_url).'\'' : 'NULL'; |
225: // Fetch forum info | 225: // Fetch forum info |
226: $result = $db->query('SELECT id, forum_name, forum_desc, redirect_url, num_topics, sort_by, cat_id FROM '.$db->prefix.'forums WHERE id='.$forum_id) or error('Unable to fetch forum info', __FILE__, __LINE__, $db->error()); | 226: $result = $db->query('SELECT id, forum_name, forum_desc, redirect_url, num_topics, sort_by, cat_id FROM '.$db->prefix.'forums WHERE id='.$forum_id) or error('Unable to fetch forum info', __FILE__, __LINE__, $db->error()); |
227: if (!$db->num_rows($result)) | 227: if (!$db->num_rows($result)) |
228: message($lang_common['Bad request']); | 228: message($lang_common['Bad request'], false, '404 Not Found'); |
229: | 229: |
230: $cur_forum = $db->fetch_assoc($result); | 230: $cur_forum = $db->fetch_assoc($result); |
231: | 231: |
245: <fieldset> | 245: <fieldset> |
246: <legend><?php echo $lang_admin_forums['Edit details subhead'] ?></legend> | 246: <legend><?php echo $lang_admin_forums['Edit details subhead'] ?></legend> |
247: <div class="infldset"> | 247: <div class="infldset"> |
248: <table class="aligntop" cellspacing="0"> | 248: <table class="aligntop"> |
249: <tr> | 249: <tr> |
250: <th scope="row"><?php echo $lang_admin_forums['Forum name label'] ?></th> | 250: <th scope="row"><?php echo $lang_admin_forums['Forum name label'] ?></th> |
251: <td><input type="text" name="forum_name" size="35" maxlength="80" value="<?php echo pun_htmlspecialchars($cur_forum['forum_name']) ?>" tabindex="1" /></td> | 251: <td><input type="text" name="forum_name" size="35" maxlength="80" value="<?php echo pun_htmlspecialchars($cur_forum['forum_name']) ?>" tabindex="1" /></td> |
294: <legend><?php echo $lang_admin_forums['Group permissions subhead'] ?></legend> | 294: <legend><?php echo $lang_admin_forums['Group permissions subhead'] ?></legend> |
295: <div class="infldset"> | 295: <div class="infldset"> |
296: <p><?php printf($lang_admin_forums['Group permissions info'], '<a href="admin_groups.php">'.$lang_admin_common['User groups'].'</a>') ?></p> | 296: <p><?php printf($lang_admin_forums['Group permissions info'], '<a href="admin_groups.php">'.$lang_admin_common['User groups'].'</a>') ?></p> |
297: <table id="forumperms" cellspacing="0"> | 297: <table id="forumperms"> |
298: <thead> | 298: <thead> |
299: <tr> | 299: <tr> |
300: <th class="atcl"> </th> | 300: <th class="atcl"> </th> |
371: <h2><span><?php echo $lang_admin_forums['Add forum head'] ?></span></h2> | 371: <h2><span><?php echo $lang_admin_forums['Add forum head'] ?></span></h2> |
372: <div class="box"> | 372: <div class="box"> |
373: <form method="post" action="admin_forums.php?action=adddel"> | 373: <form method="post" action="admin_forums.php?action=adddel"> |
| 374: <?php |
| 375: |
| 376: $result = $db->query('SELECT id, cat_name FROM '.$db->prefix.'categories ORDER BY disp_position') or error('Unable to fetch category list', __FILE__, __LINE__, $db->error()); |
| 377: |
| 378: if ($db->num_rows($result) > 0) |
| 379: { |
| 380: |
| 381: ?> |
374: <div class="inform"> | 382: <div class="inform"> |
375: <fieldset> | 383: <fieldset> |
376: <legend><?php echo $lang_admin_forums['Create new subhead'] ?></legend> | 384: <legend><?php echo $lang_admin_forums['Create new subhead'] ?></legend> |
377: <div class="infldset"> | 385: <div class="infldset"> |
378: <table class="aligntop" cellspacing="0"> | 386: <table class="aligntop"> |
379: <tr> | 387: <tr> |
380: <th scope="row"><?php echo $lang_admin_forums['Add forum label'] ?><div><input type="submit" name="add_forum" value="<?php echo $lang_admin_forums['Add forum'] ?>" tabindex="2" /></div></th> | 388: <th scope="row"><?php echo $lang_admin_forums['Add forum label'] ?><div><input type="submit" name="add_forum" value="<?php echo $lang_admin_forums['Add forum'] ?>" tabindex="2" /></div></th> |
381: <td> | 389: <td> |
382: <select name="add_to_cat" tabindex="1"> | 390: <select name="add_to_cat" tabindex="1"> |
383: <?php | 391: <?php |
384: | 392: |
385: $result = $db->query('SELECT id, cat_name FROM '.$db->prefix.'categories ORDER BY disp_position') or error('Unable to fetch category list', __FILE__, __LINE__, $db->error()); | 393: while ($cur_cat = $db->fetch_assoc($result)) |
386: if ($db->num_rows($result) > 0) | 394: echo "\t\t\t\t\t\t\t\t\t\t\t".'<option value="'.$cur_cat['id'].'">'.pun_htmlspecialchars($cur_cat['cat_name']).'</option>'."\n"; |
387: { | |
388: while ($cur_cat = $db->fetch_assoc($result)) | |
389: echo "\t\t\t\t\t\t\t\t\t\t\t".'<option value="'.$cur_cat['id'].'">'.pun_htmlspecialchars($cur_cat['cat_name']).'</option>'."\n"; | |
390: } | |
391: else | |
392: echo "\t\t\t\t\t\t\t\t\t\t\t".'<option value="0" disabled="disabled">'.$lang_admin_forums['No categories exist'].'</option>'."\n"; | |
393: | 395: |
394: ?> | 396: ?> |
395: </select> | 397: </select> |
400: </div> | 402: </div> |
401: </fieldset> | 403: </fieldset> |
402: </div> | 404: </div> |
| 405: <?php |
| 406: |
| 407: } |
| 408: else |
| 409: { |
| 410: |
| 411: ?> |
| 412: <div class="inform"> |
| 413: <fieldset> |
| 414: <legend><?php echo $lang_admin_common['None'] ?></legend> |
| 415: <div class="infldset"> |
| 416: <p><?php echo $lang_admin_forums['No categories exist'] ?></p> |
| 417: </div> |
| 418: </fieldset> |
| 419: </div> |
| 420: <?php |
| 421: |
| 422: } |
| 423: |
| 424: ?> |
403: </form> | 425: </form> |
404: </div> | 426: </div> |
405: <?php | 427: <?php |
432: <fieldset> | 454: <fieldset> |
433: <legend><?php echo $lang_admin_forums['Category subhead'] ?> <?php echo pun_htmlspecialchars($cur_forum['cat_name']) ?></legend> | 455: <legend><?php echo $lang_admin_forums['Category subhead'] ?> <?php echo pun_htmlspecialchars($cur_forum['cat_name']) ?></legend> |
434: <div class="infldset"> | 456: <div class="infldset"> |
435: <table cellspacing="0"> | 457: <table> |
436: <thead> | 458: <thead> |
437: <tr> | 459: <tr> |
438: <th class="tcl"><?php echo $lang_admin_common['Action'] ?></th> | 460: <th class="tcl"><?php echo $lang_admin_common['Action'] ?></th> |
a/admin_groups.php |
b/admin_groups.php |
41: { | 41: { |
42: $group_id = intval($_GET['edit_group']); | 42: $group_id = intval($_GET['edit_group']); |
43: if ($group_id < 1 || !isset($groups[$group_id])) | 43: if ($group_id < 1 || !isset($groups[$group_id])) |
44: message($lang_common['Bad request']); | 44: message($lang_common['Bad request'], false, '404 Not Found'); |
45: | 45: |
46: $group = $groups[$group_id]; | 46: $group = $groups[$group_id]; |
47: | 47: |
71: <legend><?php echo $lang_admin_groups['Group settings subhead'] ?></legend> | 71: <legend><?php echo $lang_admin_groups['Group settings subhead'] ?></legend> |
72: <div class="infldset"> | 72: <div class="infldset"> |
73: <p><?php echo $lang_admin_groups['Group settings info'] ?></p> | 73: <p><?php echo $lang_admin_groups['Group settings info'] ?></p> |
74: <table class="aligntop" cellspacing="0"> | 74: <table class="aligntop"> |
75: <tr> | 75: <tr> |
76: <th scope="row"><?php echo $lang_admin_groups['Group title label'] ?></th> | 76: <th scope="row"><?php echo $lang_admin_groups['Group title label'] ?></th> |
77: <td> | 77: <td> |
383: | 383: |
384: // Make sure it's not the admin or guest groups | 384: // Make sure it's not the admin or guest groups |
385: if ($group_id == PUN_ADMIN || $group_id == PUN_GUEST) | 385: if ($group_id == PUN_ADMIN || $group_id == PUN_GUEST) |
386: message($lang_common['Bad request']); | 386: message($lang_common['Bad request'], false, '404 Not Found'); |
387: | 387: |
388: // Make sure it's not a moderator group | 388: // Make sure it's not a moderator group |
389: if ($groups[$group_id]['g_moderator'] != 0) | 389: if ($groups[$group_id]['g_moderator'] != 0) |
390: message($lang_common['Bad request']); | 390: message($lang_common['Bad request'], false, '404 Not Found'); |
391: | 391: |
392: $db->query('UPDATE '.$db->prefix.'config SET conf_value='.$group_id.' WHERE conf_name=\'o_default_user_group\'') or error('Unable to update board config', __FILE__, __LINE__, $db->error()); | 392: $db->query('UPDATE '.$db->prefix.'config SET conf_value='.$group_id.' WHERE conf_name=\'o_default_user_group\'') or error('Unable to update board config', __FILE__, __LINE__, $db->error()); |
393: | 393: |
408: | 408: |
409: $group_id = isset($_POST['group_to_delete']) ? intval($_POST['group_to_delete']) : intval($_GET['del_group']); | 409: $group_id = isset($_POST['group_to_delete']) ? intval($_POST['group_to_delete']) : intval($_GET['del_group']); |
410: if ($group_id < 5) | 410: if ($group_id < 5) |
411: message($lang_common['Bad request']); | 411: message($lang_common['Bad request'], false, '404 Not Found'); |
412: | 412: |
413: // Make sure we don't remove the default group | 413: // Make sure we don't remove the default group |
414: if ($group_id == $pun_config['o_default_user_group']) | 414: if ($group_id == $pun_config['o_default_user_group']) |
540: <fieldset> | 540: <fieldset> |
541: <legend><?php echo $lang_admin_groups['Add group subhead'] ?></legend> | 541: <legend><?php echo $lang_admin_groups['Add group subhead'] ?></legend> |
542: <div class="infldset"> | 542: <div class="infldset"> |
543: <table class="aligntop" cellspacing="0"> | 543: <table class="aligntop"> |
544: <tr> | 544: <tr> |
545: <th scope="row"><?php echo $lang_admin_groups['New group label'] ?><div><input type="submit" name="add_group" value="<?php echo $lang_admin_common['Add'] ?>" tabindex="2" /></div></th> | 545: <th scope="row"><?php echo $lang_admin_groups['New group label'] ?><div><input type="submit" name="add_group" value="<?php echo $lang_admin_common['Add'] ?>" tabindex="2" /></div></th> |
546: <td> | 546: <td> |
571: <fieldset> | 571: <fieldset> |
572: <legend><?php echo $lang_admin_groups['Default group subhead'] ?></legend> | 572: <legend><?php echo $lang_admin_groups['Default group subhead'] ?></legend> |
573: <div class="infldset"> | 573: <div class="infldset"> |
574: <table class="aligntop" cellspacing="0"> | 574: <table class="aligntop"> |
575: <tr> | 575: <tr> |
576: <th scope="row"><?php echo $lang_admin_groups['Default group label'] ?><div><input type="submit" name="set_default_group" value="<?php echo $lang_admin_common['Save'] ?>" tabindex="4" /></div></th> | 576: <th scope="row"><?php echo $lang_admin_groups['Default group label'] ?><div><input type="submit" name="set_default_group" value="<?php echo $lang_admin_common['Save'] ?>" tabindex="4" /></div></th> |
577: <td> | 577: <td> |
609: <legend><?php echo $lang_admin_groups['Edit groups subhead'] ?></legend> | 609: <legend><?php echo $lang_admin_groups['Edit groups subhead'] ?></legend> |
610: <div class="infldset"> | 610: <div class="infldset"> |
611: <p><?php echo $lang_admin_groups['Edit groups info'] ?></p> | 611: <p><?php echo $lang_admin_groups['Edit groups info'] ?></p> |
612: <table cellspacing="0"> | 612: <table> |
613: <?php | 613: <?php |
614: | 614: |
615: $cur_index = 5; | 615: $cur_index = 5; |
a/admin_options.php |
b/admin_options.php |
104: | 104: |
105: $languages = forum_list_langs(); | 105: $languages = forum_list_langs(); |
106: if (!in_array($form['default_lang'], $languages)) | 106: if (!in_array($form['default_lang'], $languages)) |
107: message($lang_common['Bad request']); | 107: message($lang_common['Bad request'], false, '404 Not Found'); |
108: | 108: |
109: $styles = forum_list_styles(); | 109: $styles = forum_list_styles(); |
110: if (!in_array($form['default_style'], $styles)) | 110: if (!in_array($form['default_style'], $styles)) |
111: message($lang_common['Bad request']); | 111: message($lang_common['Bad request'], false, '404 Not Found'); |
112: | 112: |
113: if ($form['time_format'] == '') | 113: if ($form['time_format'] == '') |
114: $form['time_format'] = 'H:i:s'; | 114: $form['time_format'] = 'H:i:s'; |
183: $form['disp_posts_default'] = 75; | 183: $form['disp_posts_default'] = 75; |
184: | 184: |
185: if ($form['feed_type'] < 0 || $form['feed_type'] > 2) | 185: if ($form['feed_type'] < 0 || $form['feed_type'] > 2) |
186: message($lang_common['Bad request']); | 186: message($lang_common['Bad request'], false, '404 Not Found'); |
187: | 187: |
188: if ($form['feed_ttl'] < 0) | 188: if ($form['feed_ttl'] < 0) |
189: message($lang_common['Bad request']); | 189: message($lang_common['Bad request'], false, '404 Not Found'); |
190: | 190: |
191: if ($form['report_method'] < 0 || $form['report_method'] > 2) | 191: if ($form['report_method'] < 0 || $form['report_method'] > 2) |
192: message($lang_common['Bad request']); | 192: message($lang_common['Bad request'], false, '404 Not Found'); |
193: | 193: |
194: if ($form['default_email_setting'] < 0 || $form['default_email_setting'] > 2) | 194: if ($form['default_email_setting'] < 0 || $form['default_email_setting'] > 2) |
195: message($lang_common['Bad request']); | 195: message($lang_common['Bad request'], false, '404 Not Found'); |
196: | 196: |
197: if ($form['timeout_online'] >= $form['timeout_visit']) | 197: if ($form['timeout_online'] >= $form['timeout_visit']) |
198: message($lang_admin_options['Timeout error message']); | 198: message($lang_admin_options['Timeout error message']); |
238: <fieldset> | 238: <fieldset> |
239: <legend><?php echo $lang_admin_options['Essentials subhead'] ?></legend> | 239: <legend><?php echo $lang_admin_options['Essentials subhead'] ?></legend> |
240: <div class="infldset"> | 240: <div class="infldset"> |
241: <table class="aligntop" cellspacing="0"> | 241: <table class="aligntop"> |
242: <tr> | 242: <tr> |
243: <th scope="row"><?php echo $lang_admin_options['Board title label'] ?></th> | 243: <th scope="row"><?php echo $lang_admin_options['Board title label'] ?></th> |
244: <td> | 244: <td> |
372: <fieldset> | 372: <fieldset> |
373: <legend><?php echo $lang_admin_options['Timeouts subhead'] ?></legend> | 373: <legend><?php echo $lang_admin_options['Timeouts subhead'] ?></legend> |
374: <div class="infldset"> | 374: <div class="infldset"> |
375: <table class="aligntop" cellspacing="0"> | 375: <table class="aligntop"> |
376: <tr> | 376: <tr> |
377: <th scope="row"><?php echo $lang_admin_options['Time format label'] ?></th> | 377: <th scope="row"><?php echo $lang_admin_options['Time format label'] ?></th> |
378: <td> | 378: <td> |
416: <fieldset> | 416: <fieldset> |
417: <legend><?php echo $lang_admin_options['Display subhead'] ?></legend> | 417: <legend><?php echo $lang_admin_options['Display subhead'] ?></legend> |
418: <div class="infldset"> | 418: <div class="infldset"> |
419: <table class="aligntop" cellspacing="0"> | 419: <table class="aligntop"> |
420: <tr> | 420: <tr> |
421: <th scope="row"><?php echo $lang_admin_options['Version number label'] ?></th> | 421: <th scope="row"><?php echo $lang_admin_options['Version number label'] ?></th> |
422: <td> | 422: <td> |
508: <fieldset> | 508: <fieldset> |
509: <legend><?php echo $lang_admin_options['Features subhead'] ?></legend> | 509: <legend><?php echo $lang_admin_options['Features subhead'] ?></legend> |
510: <div class="infldset"> | 510: <div class="infldset"> |
511: <table class="aligntop" cellspacing="0"> | 511: <table class="aligntop"> |
512: <tr> | 512: <tr> |
513: <th scope="row"><?php echo $lang_admin_options['Quick post label'] ?></th> | 513: <th scope="row"><?php echo $lang_admin_options['Quick post label'] ?></th> |
514: <td> | 514: <td> |
596: <fieldset> | 596: <fieldset> |
597: <legend><?php echo $lang_admin_options['Feed subhead'] ?></legend> | 597: <legend><?php echo $lang_admin_options['Feed subhead'] ?></legend> |
598: <div class="infldset"> | 598: <div class="infldset"> |
599: <table class="aligntop" cellspacing="0"> | 599: <table class="aligntop"> |
600: <tr> | 600: <tr> |
601: <th scope="row"><?php echo $lang_admin_options['Default feed label'] ?></th> | 601: <th scope="row"><?php echo $lang_admin_options['Default feed label'] ?></th> |
602: <td> | 602: <td> |
631: <fieldset> | 631: <fieldset> |
632: <legend><?php echo $lang_admin_options['Reports subhead'] ?></legend> | 632: <legend><?php echo $lang_admin_options['Reports subhead'] ?></legend> |
633: <div class="infldset"> | 633: <div class="infldset"> |
634: <table class="aligntop" cellspacing="0"> | 634: <table class="aligntop"> |
635: <tr> | 635: <tr> |
636: <th scope="row"><?php echo $lang_admin_options['Reporting method label'] ?></th> | 636: <th scope="row"><?php echo $lang_admin_options['Reporting method label'] ?></th> |
637: <td> | 637: <td> |
656: <fieldset> | 656: <fieldset> |
657: <legend><?php echo $lang_admin_options['Avatars subhead'] ?></legend> | 657: <legend><?php echo $lang_admin_options['Avatars subhead'] ?></legend> |
658: <div class="infldset"> | 658: <div class="infldset"> |
659: <table class="aligntop" cellspacing="0"> | 659: <table class="aligntop"> |
660: <tr> | 660: <tr> |
661: <th scope="row"><?php echo $lang_admin_options['Use avatars label'] ?></th> | 661: <th scope="row"><?php echo $lang_admin_options['Use avatars label'] ?></th> |
662: <td> | 662: <td> |
701: <fieldset> | 701: <fieldset> |
702: <legend><?php echo $lang_admin_options['E-mail subhead'] ?></legend> | 702: <legend><?php echo $lang_admin_options['E-mail subhead'] ?></legend> |
703: <div class="infldset"> | 703: <div class="infldset"> |
704: <table class="aligntop" cellspacing="0"> | 704: <table class="aligntop"> |
705: <tr> | 705: <tr> |
706: <th scope="row"><?php echo $lang_admin_options['Admin e-mail label'] ?></th> | 706: <th scope="row"><?php echo $lang_admin_options['Admin e-mail label'] ?></th> |
707: <td> | 707: <td> |
772: <fieldset> | 772: <fieldset> |
773: <legend><?php echo $lang_admin_options['Registration subhead'] ?></legend> | 773: <legend><?php echo $lang_admin_options['Registration subhead'] ?></legend> |
774: <div class="infldset"> | 774: <div class="infldset"> |
775: <table class="aligntop" cellspacing="0"> | 775: <table class="aligntop"> |
776: <tr> | 776: <tr> |
777: <th scope="row"><?php echo $lang_admin_options['Allow new label'] ?></th> | 777: <th scope="row"><?php echo $lang_admin_options['Allow new label'] ?></th> |
778: <td> | 778: <td> |
829: <fieldset> | 829: <fieldset> |
830: <legend><?php echo $lang_admin_options['Announcement subhead'] ?></legend> | 830: <legend><?php echo $lang_admin_options['Announcement subhead'] ?></legend> |
831: <div class="infldset"> | 831: <div class="infldset"> |
832: <table class="aligntop" cellspacing="0"> | 832: <table class="aligntop"> |
833: <tr> | 833: <tr> |
834: <th scope="row"><?php echo $lang_admin_options['Display announcement label'] ?></th> | 834: <th scope="row"><?php echo $lang_admin_options['Display announcement label'] ?></th> |
835: <td> | 835: <td> |
853: <fieldset> | 853: <fieldset> |
854: <legend><?php echo $lang_admin_options['Maintenance subhead'] ?></legend> | 854: <legend><?php echo $lang_admin_options['Maintenance subhead'] ?></legend> |
855: <div class="infldset"> | 855: <div class="infldset"> |
856: <table class="aligntop" cellspacing="0"> | 856: <table class="aligntop"> |
857: <tr> | 857: <tr> |
858: <th scope="row"><a name="maintenance"></a><?php echo $lang_admin_options['Maintenance mode label'] ?></th> | 858: <th scope="row"><a name="maintenance"></a><?php echo $lang_admin_options['Maintenance mode label'] ?></th> |
859: <td> | 859: <td> |
a/admin_users.php |
b/admin_users.php |
25: { | 25: { |
26: $ip_stats = intval($_GET['ip_stats']); | 26: $ip_stats = intval($_GET['ip_stats']); |
27: if ($ip_stats < 1) | 27: if ($ip_stats < 1) |
28: message($lang_common['Bad request']); | 28: message($lang_common['Bad request'], false, '404 Not Found'); |
29: | 29: |
30: // Fetch ip count | 30: // Fetch ip count |
31: $result = $db->query('SELECT poster_ip, MAX(posted) AS last_used FROM '.$db->prefix.'posts WHERE poster_id='.$ip_stats.' GROUP BY poster_ip') or error('Unable to fetch post info', __FILE__, __LINE__, $db->error()); | 31: $result = $db->query('SELECT poster_ip, MAX(posted) AS last_used FROM '.$db->prefix.'posts WHERE poster_id='.$ip_stats.' GROUP BY poster_ip') or error('Unable to fetch post info', __FILE__, __LINE__, $db->error()); |
63: <h2><span><?php echo $lang_admin_users['Results head'] ?></span></h2> | 63: <h2><span><?php echo $lang_admin_users['Results head'] ?></span></h2> |
64: <div class="box"> | 64: <div class="box"> |
65: <div class="inbox"> | 65: <div class="inbox"> |
66: <table cellspacing="0"> | 66: <table> |
67: <thead> | 67: <thead> |
68: <tr> | 68: <tr> |
69: <th class="tcl" scope="col"><?php echo $lang_admin_users['Results IP address head'] ?></th> | 69: <th class="tcl" scope="col"><?php echo $lang_admin_users['Results IP address head'] ?></th> |
164: <h2><span><?php echo $lang_admin_users['Results head'] ?></span></h2> | 164: <h2><span><?php echo $lang_admin_users['Results head'] ?></span></h2> |
165: <div class="box"> | 165: <div class="box"> |
166: <div class="inbox"> | 166: <div class="inbox"> |
167: <table cellspacing="0"> | 167: <table> |
168: <thead> | 168: <thead> |
169: <tr> | 169: <tr> |
170: <th class="tcl" scope="col"><?php echo $lang_admin_users['Results username head'] ?></th> | 170: <th class="tcl" scope="col"><?php echo $lang_admin_users['Results username head'] ?></th> |
361: <fieldset> | 361: <fieldset> |
362: <legend><?php echo $lang_admin_users['Move users subhead'] ?></legend> | 362: <legend><?php echo $lang_admin_users['Move users subhead'] ?></legend> |
363: <div class="infldset"> | 363: <div class="infldset"> |
364: <table class="aligntop" cellspacing="0"> | 364: <table class="aligntop"> |
365: <tr> | 365: <tr> |
366: <th scope="row"><?php echo $lang_admin_users['New group label'] ?></th> | 366: <th scope="row"><?php echo $lang_admin_users['New group label'] ?></th> |
367: <td> | 367: <td> |
643: <fieldset> | 643: <fieldset> |
644: <legend><?php echo $lang_admin_users['Message expiry subhead'] ?></legend> | 644: <legend><?php echo $lang_admin_users['Message expiry subhead'] ?></legend> |
645: <div class="infldset"> | 645: <div class="infldset"> |
646: <table class="aligntop" cellspacing="0"> | 646: <table class="aligntop"> |
647: <tr> | 647: <tr> |
648: <th scope="row"><?php echo $lang_admin_users['Ban message label'] ?></th> | 648: <th scope="row"><?php echo $lang_admin_users['Ban message label'] ?></th> |
649: <td> | 649: <td> |
839: <h2><span><?php echo $lang_admin_users['Results head'] ?></span></h2> | 839: <h2><span><?php echo $lang_admin_users['Results head'] ?></span></h2> |
840: <div class="box"> | 840: <div class="box"> |
841: <div class="inbox"> | 841: <div class="inbox"> |
842: <table cellspacing="0"> | 842: <table> |
843: <thead> | 843: <thead> |
844: <tr> | 844: <tr> |
845: <th class="tcl" scope="col"><?php echo $lang_admin_users['Results username head'] ?></th> | 845: <th class="tcl" scope="col"><?php echo $lang_admin_users['Results username head'] ?></th> |
935: <legend><?php echo $lang_admin_users['User search subhead'] ?></legend> | 935: <legend><?php echo $lang_admin_users['User search subhead'] ?></legend> |
936: <div class="infldset"> | 936: <div class="infldset"> |
937: <p><?php echo $lang_admin_users['User search info'] ?></p> | 937: <p><?php echo $lang_admin_users['User search info'] ?></p> |
938: <table class="aligntop" cellspacing="0"> | 938: <table class="aligntop"> |
939: <tr> | 939: <tr> |
940: <th scope="row"><?php echo $lang_admin_users['Username label'] ?></th> | 940: <th scope="row"><?php echo $lang_admin_users['Username label'] ?></th> |
941: <td><input type="text" name="form[username]" size="25" maxlength="25" tabindex="2" /></td> | 941: <td><input type="text" name="form[username]" size="25" maxlength="25" tabindex="2" /></td> |
1074: <fieldset> | 1074: <fieldset> |
1075: <legend><?php echo $lang_admin_users['IP search subhead'] ?></legend> | 1075: <legend><?php echo $lang_admin_users['IP search subhead'] ?></legend> |
1076: <div class="infldset"> | 1076: <div class="infldset"> |
1077: <table class="aligntop" cellspacing="0"> | 1077: <table class="aligntop"> |
1078: <tr> | 1078: <tr> |
1079: <th scope="row"><?php echo $lang_admin_users['IP address label'] ?><div><input type="submit" value="<?php echo $lang_admin_users['Find IP address'] ?>" tabindex="26" /></div></th> | 1079: <th scope="row"><?php echo $lang_admin_users['IP address label'] ?><div><input type="submit" value="<?php echo $lang_admin_users['Find IP address'] ?>" tabindex="26" /></div></th> |
1080: <td><input type="text" name="show_users" size="18" maxlength="15" tabindex="24" /> | 1080: <td><input type="text" name="show_users" size="18" maxlength="15" tabindex="24" /> |
a/include/functions.php |
b/include/functions.php |
6: * License: http://www.gnu.org/licenses/gpl.html GPL version 2 or higher | 6: * License: http://www.gnu.org/licenses/gpl.html GPL version 2 or higher |
7: */ | 7: */ |
8: | 8: |
9: include PUN_ROOT.'include/srand.php'; | |
10: | 9: |
11: | 10: |
12: // | 11: // |
454: { | 453: { |
455: global $db, $pun_config, $errors, $lang_prof_reg, $lang_register, $lang_common, $pun_bans; | 454: global $db, $pun_config, $errors, $lang_prof_reg, $lang_register, $lang_common, $pun_bans; |
456: | 455: |
| 456: // Include UTF-8 function |
| 457: require_once PUN_ROOT.'include/utf8/strcasecmp.php'; |
| 458: |
457: // Convert multiple whitespace characters into one (to prevent people from registering with indistinguishable usernames) | 459: // Convert multiple whitespace characters into one (to prevent people from registering with indistinguishable usernames) |
458: $username = preg_replace('%\s+%s', ' ', $username); | 460: $username = preg_replace('%\s+%s', ' ', $username); |
459: | 461: |
462: $errors[] = $lang_prof_reg['Username too short']; | 464: $errors[] = $lang_prof_reg['Username too short']; |
463: else if (pun_strlen($username) > 25) // This usually doesn't happen since the form element only accepts 25 characters | 465: else if (pun_strlen($username) > 25) // This usually doesn't happen since the form element only accepts 25 characters |
464: $errors[] = $lang_prof_reg['Username too long']; | 466: $errors[] = $lang_prof_reg['Username too long']; |
465: else if (!strcasecmp($username, 'Guest') || !strcasecmp($username, $lang_common['Guest'])) | 467: else if (!strcasecmp($username, 'Guest') || !utf8_strcasecmp($username, $lang_common['Guest'])) |
466: $errors[] = $lang_prof_reg['Username guest']; | 468: $errors[] = $lang_prof_reg['Username guest']; |
467: else if (preg_match('%[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}%', $username) || preg_match('%((([0-9A-Fa-f]{1,4}:){7}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){6}:[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){5}:([0-9A-Fa-f]{1,4}:)?[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){4}:([0-9A-Fa-f]{1,4}:){0,2}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){3}:([0-9A-Fa-f]{1,4}:){0,3}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){2}:([0-9A-Fa-f]{1,4}:){0,4}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){6}((\b((25[0-5])|(1\d{2})|(2[0-4]\d)|(\d{1,2}))\b)\.){3}(\b((25[0-5])|(1\d{2})|(2[0-4]\d)|(\d{1,2}))\b))|(([0-9A-Fa-f]{1,4}:){0,5}:((\b((25[0-5])|(1\d{2})|(2[0-4]\d)|(\d{1,2}))\b)\.){3}(\b((25[0-5])|(1\d{2})|(2[0-4]\d)|(\d{1,2}))\b))|(::([0-9A-Fa-f]{1,4}:){0,5}((\b((25[0-5])|(1\d{2})|(2[0-4]\d)|(\d{1,2}))\b)\.){3}(\b((25[0-5])|(1\d{2})|(2[0-4]\d)|(\d{1,2}))\b))|([0-9A-Fa-f]{1,4}::([0-9A-Fa-f]{1,4}:){0,5}[0-9A-Fa-f]{1,4})|(::([0-9A-Fa-f]{1,4}:){0,6}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){1,7}:))%', $username)) | 469: else if (preg_match('%[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}%', $username) || preg_match('%((([0-9A-Fa-f]{1,4}:){7}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){6}:[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){5}:([0-9A-Fa-f]{1,4}:)?[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){4}:([0-9A-Fa-f]{1,4}:){0,2}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){3}:([0-9A-Fa-f]{1,4}:){0,3}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){2}:([0-9A-Fa-f]{1,4}:){0,4}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){6}((\b((25[0-5])|(1\d{2})|(2[0-4]\d)|(\d{1,2}))\b)\.){3}(\b((25[0-5])|(1\d{2})|(2[0-4]\d)|(\d{1,2}))\b))|(([0-9A-Fa-f]{1,4}:){0,5}:((\b((25[0-5])|(1\d{2})|(2[0-4]\d)|(\d{1,2}))\b)\.){3}(\b((25[0-5])|(1\d{2})|(2[0-4]\d)|(\d{1,2}))\b))|(::([0-9A-Fa-f]{1,4}:){0,5}((\b((25[0-5])|(1\d{2})|(2[0-4]\d)|(\d{1,2}))\b)\.){3}(\b((25[0-5])|(1\d{2})|(2[0-4]\d)|(\d{1,2}))\b))|([0-9A-Fa-f]{1,4}::([0-9A-Fa-f]{1,4}:){0,5}[0-9A-Fa-f]{1,4})|(::([0-9A-Fa-f]{1,4}:){0,6}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){1,7}:))%', $username)) |
468: $errors[] = $lang_prof_reg['Username IP']; | 470: $errors[] = $lang_prof_reg['Username IP']; |
476: $errors[] = $lang_register['Username censor']; | 478: $errors[] = $lang_register['Username censor']; |
477: | 479: |
478: // Check that the username (or a too similar username) is not already registered | 480: // Check that the username (or a too similar username) is not already registered |
479: $query = ($exclude_id) ? ' AND id!='.$exclude_id : ''; | 481: $query = (!is_null($exclude_id)) ? ' AND id!='.$exclude_id : ''; |
480: | 482: |
481: $result = $db->query('SELECT username FROM '.$db->prefix.'users WHERE (UPPER(username)=UPPER(\''.$db->escape($username).'\') OR UPPER(username)=UPPER(\''.$db->escape(ucp_preg_replace('%[^\p{L}\p{N}]%u', '', $username)).'\')) AND id>1'.$query) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error()); | 483: $result = $db->query('SELECT username FROM '.$db->prefix.'users WHERE (UPPER(username)=UPPER(\''.$db->escape($username).'\') OR UPPER(username)=UPPER(\''.$db->escape(ucp_preg_replace('%[^\p{L}\p{N}]%u', '', $username)).'\')) AND id>1'.$query) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error()); |
482: | 484: |
591: { | 593: { |
592: global $pun_config, $lang_common; | 594: global $pun_config, $lang_common; |
593: | 595: |
| 596: if (!is_array($page_title)) |
| 597: $page_title = array($page_title); |
| 598: |
594: $page_title = array_reverse($page_title); | 599: $page_title = array_reverse($page_title); |
595: | 600: |
596: if (!is_null($p)) | 601: if (!is_null($p)) |
834: $ban_list = array(); | 839: $ban_list = array(); |
835: | 840: |
836: foreach ($pun_bans as $cur_ban) | 841: foreach ($pun_bans as $cur_ban) |
837: $ban_list[] = strtolower($cur_ban['username']); | 842: $ban_list[] = utf8_strtolower($cur_ban['username']); |
838: } | 843: } |
839: | 844: |
840: // If the user has a custom title | 845: // If the user has a custom title |
841: if ($user['title'] != '') | 846: if ($user['title'] != '') |
842: $user_title = pun_htmlspecialchars($user['title']); | 847: $user_title = pun_htmlspecialchars($user['title']); |
843: // If the user is banned | 848: // If the user is banned |
844: else if (in_array(strtolower($user['username']), $ban_list)) | 849: else if (in_array(utf8_strtolower($user['username']), $ban_list)) |
845: $user_title = $lang_common['Banned']; | 850: $user_title = $lang_common['Banned']; |
846: // If the user group has a default user title | 851: // If the user group has a default user title |
847: else if ($user['g_user_title'] != '') | 852: else if ($user['g_user_title'] != '') |
1011: // | 1016: // |
1012: function random_key($len, $readable = false, $hash = false) | 1017: function random_key($len, $readable = false, $hash = false) |
1013: { | 1018: { |
| 1019: if (!function_exists('secure_random_bytes')) |
| 1020: include PUN_ROOT.'include/srand.php'; |
| 1021: |
1014: $key = secure_random_bytes($len); | 1022: $key = secure_random_bytes($len); |
1015: | 1023: |
1016: if ($hash) | 1024: if ($hash) |
1017: $key = substr(bin2hex($key), 0, $len); | 1025: return substr(bin2hex($key), 0, $len); |
1018: else if ($readable) | 1026: else if ($readable) |
1019: $key = substr(base64_encode($key), 0, $len); | 1027: { |
| 1028: $chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789'; |
| 1029: |
| 1030: $result = ''; |
| 1031: for ($i = 0; $i < $len; ++$i) |
| 1032: $result .= substr($chars, (ord($key[$i]) % strlen($chars)), 1); |
| 1033: |
| 1034: return $result; |
| 1035: } |
1020: | 1036: |
1021: return $key; | 1037: return $key; |
1022: } | 1038: } |
1025: // | 1041: // |
1026: // Make sure that HTTP_REFERER matches base_url/script | 1042: // Make sure that HTTP_REFERER matches base_url/script |
1027: // | 1043: // |
1028: function confirm_referrer($script, $error_msg = false) | 1044: function confirm_referrer($scripts, $error_msg = false) |
1029: { | 1045: { |
1030: global $pun_config, $lang_common; | 1046: global $pun_config, $lang_common; |
1031: | 1047: |
| 1048: if (!is_array($scripts)) |
| 1049: $scripts = array($scripts); |
| 1050: |
1032: // There is no referrer | 1051: // There is no referrer |
1033: if (empty($_SERVER['HTTP_REFERER'])) | 1052: if (empty($_SERVER['HTTP_REFERER'])) |
1034: message($error_msg ? $error_msg : $lang_common['Bad referrer']); | 1053: message($error_msg ? $error_msg : $lang_common['Bad referrer']); |
1038: if (strpos($referrer['host'], 'www.') === 0) | 1057: if (strpos($referrer['host'], 'www.') === 0) |
1039: $referrer['host'] = substr($referrer['host'], 4); | 1058: $referrer['host'] = substr($referrer['host'], 4); |
1040: | 1059: |
1041: $valid = parse_url(strtolower(get_base_url().'/'.$script)); | 1060: $valid_paths = array(); |
1042: // Remove www subdomain if it exists | 1061: foreach ($scripts as $script) |
1043: if (strpos($valid['host'], 'www.') === 0) | 1062: { |
1044: $valid['host'] = substr($valid['host'], 4); | 1063: $valid = parse_url(strtolower(get_base_url().'/'.$script)); |
| 1064: // Remove www subdomain if it exists |
| 1065: if (strpos($valid['host'], 'www.') === 0) |
| 1066: $valid['host'] = substr($valid['host'], 4); |
| 1067: |
| 1068: $valid_host = $valid['host']; |
| 1069: $valid_paths[] = $valid['path']; |
| 1070: } |
1045: | 1071: |
1046: // Check the host and path match. Ignore the scheme, port, etc. | 1072: // Check the host and path match. Ignore the scheme, port, etc. |
1047: if ($referrer['host'] != $valid['host'] || $referrer['path'] != $valid['path']) | 1073: if ($referrer['host'] != $valid_host || !in_array($referrer['path'], $valid_paths)) |
1048: message($error_msg ? $error_msg : $lang_common['Bad referrer']); | 1074: message($error_msg ? $error_msg : $lang_common['Bad referrer']); |
1049: } | 1075: } |
1050: | 1076: |
2059: <h2><span><?php echo $lang_common['Debug table'] ?></span></h2> | 2085: <h2><span><?php echo $lang_common['Debug table'] ?></span></h2> |
2060: <div class="box"> | 2086: <div class="box"> |
2061: <div class="inbox"> | 2087: <div class="inbox"> |
2062: <table cellspacing="0"> | 2088: <table> |
2063: <thead> | 2089: <thead> |
2064: <tr> | 2090: <tr> |
2065: <th class="tcl" scope="col"><?php echo $lang_common['Query times'] ?></th> | 2091: <th class="tcl" scope="col"><?php echo $lang_common['Query times'] ?></th> |
a/include/parser.php |
b/include/parser.php |
823: $replace_callback[] = 'handle_url_tag($matches[1], $matches[2])'; | 823: $replace_callback[] = 'handle_url_tag($matches[1], $matches[2])'; |
824: $replace[] = '<a href="mailto:$1">$1</a>'; | 824: $replace[] = '<a href="mailto:$1">$1</a>'; |
825: $replace[] = '<a href="mailto:$1">$2</a>'; | 825: $replace[] = '<a href="mailto:$1">$2</a>'; |
826: $replace_callback[] = 'handle_url_tag(\''.get_base_url(true).'/viewtopic.php?id=.$matches[1]\')'; | 826: $replace_callback[] = 'handle_url_tag(\''.get_base_url(true).'/viewtopic.php?id=\'.$matches[1])'; |
827: $replace_callback[] = 'handle_url_tag(\''.get_base_url(true).'/viewtopic.php?id=.$matches[1],$matches[2]\')'; | 827: $replace_callback[] = 'handle_url_tag(\''.get_base_url(true).'/viewtopic.php?id=\'.$matches[1], $matches[2])'; |
828: $replace_callback[] = 'handle_url_tag(\''.get_base_url(true).'/viewtopic.php?pid=.$matches[1].#p.$matches[1]\')'; | 828: $replace_callback[] = 'handle_url_tag(\''.get_base_url(true).'/viewtopic.php?pid=\'.$matches[1].\'#p\'.$matches[1])'; |
829: $replace_callback[] = 'handle_url_tag(\''.get_base_url(true).'/viewtopic.php?pid=.$matches[1].#p.$matches[1],$matches[2]\')'; | 829: $replace_callback[] = 'handle_url_tag(\''.get_base_url(true).'/viewtopic.php?pid=\'.$matches[1].\'#p\'.$matches[1], $matches[2])'; |
830: $replace_callback[] = 'handle_url_tag(\''.get_base_url(true).'/viewforum.php?id=.$matches[1]\')'; | 830: $replace_callback[] = 'handle_url_tag(\''.get_base_url(true).'/viewforum.php?id=\'.$matches[1])'; |
831: $replace_callback[] = 'handle_url_tag(\''.get_base_url(true).'/viewforum.php?id=.$matches[1],$matches[2]\')'; | 831: $replace_callback[] = 'handle_url_tag(\''.get_base_url(true).'/viewforum.php?id=\'.$matches[1], $matches[2])'; |
832: $replace_callback[] = 'handle_url_tag(\''.get_base_url(true).'/profile.php?id=.$matches[1]\')'; | 832: $replace_callback[] = 'handle_url_tag(\''.get_base_url(true).'/profile.php?id=\'.$matches[1])'; |
833: $replace_callback[] = 'handle_url_tag(\''.get_base_url(true).'/profile.php?id=.$matches[1],$matches[2]\')'; | 833: $replace_callback[] = 'handle_url_tag(\''.get_base_url(true).'/profile.php?id=\'.$matches[1], $matches[2])'; |
834: | 834: |
835: // This thing takes a while! :) | 835: // This thing takes a while! :) |
836: $text = preg_replace($pattern, $replace, $text); | 836: $text = preg_replace($pattern, $replace, $text); |
849: function do_clickable($text) | 849: function do_clickable($text) |
850: { | 850: { |
851: $text = ' '.$text; | 851: $text = ' '.$text; |
852: $text = ucp_preg_replace_callback('%(?<=[\s\]\)])(<)?(\[)?(\()?([\'"]?)(https?|ftp|news){1}://([\p{L}\p{N}\-]+\.([\p{L}\p{N}\-]+\.)*[\p{L}\p{N}]+(:[0-9]+)?(/(?:[^\s\[]*[^\s.,?!\[;:-])?)?)\4(?(3)(\)))(?(2)(\]))(?(1)(>))(?![^\s]*\[/(?:url|img)\])%ui', 'stripslashes($matches[1].$matches[2].$matches[3].$matches[4]).handle_url_tag($matches[5]."://".$matches[6], $matches[5]."://".$matches[6], true).stripslashes($matches[4].$matches[10].$matches[11].$matches[12])', $text); | 852: $text = ucp_preg_replace_callback('%(?<=[\s\]\)])(<)?(\[)?(\()?([\'"]?)(https?|ftp|news){1}://([\p{L}\p{N}\-]+\.([\p{L}\p{N}\-]+\.)*[\p{L}\p{N}]+(:[0-9]+)?(/(?:[^\s\[]*[^\s.,?!\[;:-])?)?)\4(?(3)(\)))(?(2)(\]))(?(1)(>))(?![^\s]*\[/(?:url|img)\])%ui', 'stripslashes($matches[1].$matches[2].$matches[3].$matches[4]).handle_url_tag($matches[5]."://".$matches[6], $matches[5]."://".$matches[6], true).stripslashes($matches[4].forum_array_key($matches, 10).forum_array_key($matches, 11).forum_array_key($matches, 12))', $text); |
853: $text = ucp_preg_replace_callback('%(?<=[\s\]\)])(<)?(\[)?(\()?([\'"]?)(www|ftp)\.(([\p{L}\p{N}\-]+\.)+[\p{L}\p{N}]+(:[0-9]+)?(/(?:[^\s\[]*[^\s.,?!\[;:-])?)?)\4(?(3)(\)))(?(2)(\]))(?(1)(>))(?![^\s]*\[/(?:url|img)\])%ui','stripslashes($matches[1].$matches[2].$matches[3].$matches[4]).handle_url_tag($matches[5].".".$matches[6], $matches[5].".".$matches[6], true).stripslashes($matches[4].$matches[10].$matches[11].$matches[12])', $text); | 853: $text = ucp_preg_replace_callback('%(?<=[\s\]\)])(<)?(\[)?(\()?([\'"]?)(www|ftp)\.(([\p{L}\p{N}\-]+\.)+[\p{L}\p{N}]+(:[0-9]+)?(/(?:[^\s\[]*[^\s.,?!\[;:-])?)?)\4(?(3)(\)))(?(2)(\]))(?(1)(>))(?![^\s]*\[/(?:url|img)\])%ui','stripslashes($matches[1].$matches[2].$matches[3].$matches[4]).handle_url_tag($matches[5].".".$matches[6], $matches[5].".".$matches[6], true).stripslashes($matches[4].forum_array_key($matches, 10).forum_array_key($matches, 11).forum_array_key($matches, 12))', $text); |
854: | 854: |
855: return substr($text, 1); | 855: return substr($text, 1); |
856: } | 856: } |
857: | 857: |
858: | 858: |
859: // | 859: // |
| 860: // Return an array key, if it exists, otherwise return an empty string |
| 861: // |
| 862: function forum_array_key($arr, $key) |
| 863: { |
| 864: return isset($arr[$key]) ? $arr[$key] : ''; |
| 865: } |
| 866: |
| 867: |
| 868: // |
860: // Convert a series of smilies to images | 869: // Convert a series of smilies to images |
861: // | 870: // |
862: function do_smilies($text) | 871: function do_smilies($text) |
863: { | 872: { |
864: global $pun_config, $smilies; | 873: global $smilies; |
865: | 874: |
866: $text = ' '.$text.' '; | 875: $text = ' '.$text.' '; |
867: | 876: |
a/misc.php |
b/misc.php |
22: if ($action == 'rules') | 22: if ($action == 'rules') |
23: { | 23: { |
24: if ($pun_config['o_rules'] == '0' || ($pun_user['is_guest'] && $pun_user['g_read_board'] == '0' && $pun_config['o_regs_allow'] == '0')) | 24: if ($pun_config['o_rules'] == '0' || ($pun_user['is_guest'] && $pun_user['g_read_board'] == '0' && $pun_config['o_regs_allow'] == '0')) |
25: message($lang_common['Bad request']); | 25: message($lang_common['Bad request'], false, '404 Not Found'); |
26: | 26: |
27: // Load the register.php language file | 27: // Load the register.php language file |
28: require PUN_ROOT.'lang/'.$pun_user['language'].'/register.php'; | 28: require PUN_ROOT.'lang/'.$pun_user['language'].'/register.php'; |
68: | 68: |
69: $fid = isset($_GET['fid']) ? intval($_GET['fid']) : 0; | 69: $fid = isset($_GET['fid']) ? intval($_GET['fid']) : 0; |
70: if ($fid < 1) | 70: if ($fid < 1) |
71: message($lang_common['Bad request']); | 71: message($lang_common['Bad request'], false, '404 Not Found'); |
72: | 72: |
73: $tracked_topics = get_tracked_topics(); | 73: $tracked_topics = get_tracked_topics(); |
74: $tracked_topics['forums'][$fid] = time(); | 74: $tracked_topics['forums'][$fid] = time(); |
85: | 85: |
86: $recipient_id = intval($_GET['email']); | 86: $recipient_id = intval($_GET['email']); |
87: if ($recipient_id < 2) | 87: if ($recipient_id < 2) |
88: message($lang_common['Bad request']); | 88: message($lang_common['Bad request'], false, '404 Not Found'); |
89: | 89: |
90: $result = $db->query('SELECT username, email, email_setting FROM '.$db->prefix.'users WHERE id='.$recipient_id) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error()); | 90: $result = $db->query('SELECT username, email, email_setting FROM '.$db->prefix.'users WHERE id='.$recipient_id) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error()); |
91: if (!$db->num_rows($result)) | 91: if (!$db->num_rows($result)) |
92: message($lang_common['Bad request']); | 92: message($lang_common['Bad request'], false, '404 Not Found'); |
93: | 93: |
94: list($recipient, $recipient_email, $email_setting) = $db->fetch_row($result); | 94: list($recipient, $recipient_email, $email_setting) = $db->fetch_row($result); |
95: | 95: |
109: message($lang_misc['No email subject']); | 109: message($lang_misc['No email subject']); |
110: else if ($message == '') | 110: else if ($message == '') |
111: message($lang_misc['No email message']); | 111: message($lang_misc['No email message']); |
112: else if (pun_strlen($message) > PUN_MAX_POSTSIZE) | 112: // Here we use strlen() not pun_strlen() as we want to limit the post to PUN_MAX_POSTSIZE bytes, not characters |
| 113: else if (strlen($message) > PUN_MAX_POSTSIZE) |
113: message($lang_misc['Too long email message']); | 114: message($lang_misc['Too long email message']); |
114: | 115: |
115: if ($pun_user['last_email_sent'] != '' && (time() - $pun_user['last_email_sent']) < $pun_user['g_email_flood'] && (time() - $pun_user['last_email_sent']) >= 0) | 116: if ($pun_user['last_email_sent'] != '' && (time() - $pun_user['last_email_sent']) < $pun_user['g_email_flood'] && (time() - $pun_user['last_email_sent']) >= 0) |
207: else if (isset($_GET['report'])) | 208: else if (isset($_GET['report'])) |
208: { | 209: { |
209: if ($pun_user['is_guest']) | 210: if ($pun_user['is_guest']) |
210: message($lang_common['No permission']); | 211: message($lang_common['No permission'], false, '403 Forbidden'); |
211: | 212: |
212: $post_id = intval($_GET['report']); | 213: $post_id = intval($_GET['report']); |
213: if ($post_id < 1) | 214: if ($post_id < 1) |
214: message($lang_common['Bad request']); | 215: message($lang_common['Bad request'], false, '404 Not Found'); |
215: | 216: |
216: if (isset($_POST['form_sent'])) | 217: if (isset($_POST['form_sent'])) |
217: { | 218: { |
| 219: // Make sure they got here from the site |
| 220: confirm_referrer('misc.php'); |
| 221: |
218: // Clean up reason from POST | 222: // Clean up reason from POST |
219: $reason = pun_linebreaks(pun_trim($_POST['req_reason'])); | 223: $reason = pun_linebreaks(pun_trim($_POST['req_reason'])); |
220: if ($reason == '') | 224: if ($reason == '') |
228: // Get the topic ID | 232: // Get the topic ID |
229: $result = $db->query('SELECT topic_id FROM '.$db->prefix.'posts WHERE id='.$post_id) or error('Unable to fetch post info', __FILE__, __LINE__, $db->error()); | 233: $result = $db->query('SELECT topic_id FROM '.$db->prefix.'posts WHERE id='.$post_id) or error('Unable to fetch post info', __FILE__, __LINE__, $db->error()); |
230: if (!$db->num_rows($result)) | 234: if (!$db->num_rows($result)) |
231: message($lang_common['Bad request']); | 235: message($lang_common['Bad request'], false, '404 Not Found'); |
232: | 236: |
233: $topic_id = $db->result($result); | 237: $topic_id = $db->result($result); |
234: | 238: |
235: // Get the subject and forum ID | 239: // Get the subject and forum ID |
236: $result = $db->query('SELECT subject, forum_id FROM '.$db->prefix.'topics WHERE id='.$topic_id) or error('Unable to fetch topic info', __FILE__, __LINE__, $db->error()); | 240: $result = $db->query('SELECT subject, forum_id FROM '.$db->prefix.'topics WHERE id='.$topic_id) or error('Unable to fetch topic info', __FILE__, __LINE__, $db->error()); |
237: if (!$db->num_rows($result)) | 241: if (!$db->num_rows($result)) |
238: message($lang_common['Bad request']); | 242: message($lang_common['Bad request'], false, '404 Not Found'); |
239: | 243: |
240: list($subject, $forum_id) = $db->fetch_row($result); | 244: list($subject, $forum_id) = $db->fetch_row($result); |
241: | 245: |
278: // Fetch some info about the post, the topic and the forum | 282: // Fetch some info about the post, the topic and the forum |
279: $result = $db->query('SELECT f.id AS fid, f.forum_name, t.id AS tid, t.subject FROM '.$db->prefix.'posts AS p INNER JOIN '.$db->prefix.'topics AS t ON t.id=p.topic_id INNER JOIN '.$db->prefix.'forums AS f ON f.id=t.forum_id LEFT JOIN '.$db->prefix.'forum_perms AS fp ON (fp.forum_id=f.id AND fp.group_id='.$pun_user['g_id'].') WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND p.id='.$post_id) or error('Unable to fetch post info', __FILE__, __LINE__, $db->error()); | 283: $result = $db->query('SELECT f.id AS fid, f.forum_name, t.id AS tid, t.subject FROM '.$db->prefix.'posts AS p INNER JOIN '.$db->prefix.'topics AS t ON t.id=p.topic_id INNER JOIN '.$db->prefix.'forums AS f ON f.id=t.forum_id LEFT JOIN '.$db->prefix.'forum_perms AS fp ON (fp.forum_id=f.id AND fp.group_id='.$pun_user['g_id'].') WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND p.id='.$post_id) or error('Unable to fetch post info', __FILE__, __LINE__, $db->error()); |
280: if (!$db->num_rows($result)) | 284: if (!$db->num_rows($result)) |
281: message($lang_common['Bad request']); | 285: message($lang_common['Bad request'], false, '404 Not Found'); |
282: | 286: |
283: $cur_post = $db->fetch_assoc($result); | 287: $cur_post = $db->fetch_assoc($result); |
284: | 288: |
329: else if ($action == 'subscribe') | 333: else if ($action == 'subscribe') |
330: { | 334: { |
331: if ($pun_user['is_guest']) | 335: if ($pun_user['is_guest']) |
332: message($lang_common['No permission']); | 336: message($lang_common['No permission'], false, '403 Forbidden'); |
333: | 337: |
334: $topic_id = isset($_GET['tid']) ? intval($_GET['tid']) : 0; | 338: $topic_id = isset($_GET['tid']) ? intval($_GET['tid']) : 0; |
335: $forum_id = isset($_GET['fid']) ? intval($_GET['fid']) : 0; | 339: $forum_id = isset($_GET['fid']) ? intval($_GET['fid']) : 0; |
336: if ($topic_id < 1 && $forum_id < 1) | 340: if ($topic_id < 1 && $forum_id < 1) |
337: message($lang_common['Bad request']); | 341: message($lang_common['Bad request'], false, '404 Not Found'); |
338: | 342: |
339: if ($topic_id) | 343: if ($topic_id) |
340: { | 344: { |
341: if ($pun_config['o_topic_subscriptions'] != '1') | 345: if ($pun_config['o_topic_subscriptions'] != '1') |
342: message($lang_common['No permission']); | 346: message($lang_common['No permission'], false, '403 Forbidden'); |
343: | 347: |
344: // Make sure the user can view the topic | 348: // Make sure the user can view the topic |
345: $result = $db->query('SELECT 1 FROM '.$db->prefix.'topics AS t LEFT JOIN '.$db->prefix.'forum_perms AS fp ON (fp.forum_id=t.forum_id AND fp.group_id='.$pun_user['g_id'].') WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND t.id='.$topic_id.' AND t.moved_to IS NULL') or error('Unable to fetch topic info', __FILE__, __LINE__, $db->error()); | 349: $result = $db->query('SELECT 1 FROM '.$db->prefix.'topics AS t LEFT JOIN '.$db->prefix.'forum_perms AS fp ON (fp.forum_id=t.forum_id AND fp.group_id='.$pun_user['g_id'].') WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND t.id='.$topic_id.' AND t.moved_to IS NULL') or error('Unable to fetch topic info', __FILE__, __LINE__, $db->error()); |
346: if (!$db->num_rows($result)) | 350: if (!$db->num_rows($result)) |
347: message($lang_common['Bad request']); | 351: message($lang_common['Bad request'], false, '404 Not Found'); |
348: | 352: |
349: $result = $db->query('SELECT 1 FROM '.$db->prefix.'topic_subscriptions WHERE user_id='.$pun_user['id'].' AND topic_id='.$topic_id) or error('Unable to fetch subscription info', __FILE__, __LINE__, $db->error()); | 353: $result = $db->query('SELECT 1 FROM '.$db->prefix.'topic_subscriptions WHERE user_id='.$pun_user['id'].' AND topic_id='.$topic_id) or error('Unable to fetch subscription info', __FILE__, __LINE__, $db->error()); |
350: if ($db->num_rows($result)) | 354: if ($db->num_rows($result)) |
358: if ($forum_id) | 362: if ($forum_id) |
359: { | 363: { |
360: if ($pun_config['o_forum_subscriptions'] != '1') | 364: if ($pun_config['o_forum_subscriptions'] != '1') |
361: message($lang_common['No permission']); | 365: message($lang_common['No permission'], false, '403 Forbidden'); |
362: | 366: |
363: // Make sure the user can view the forum | 367: // Make sure the user can view the forum |
364: $result = $db->query('SELECT 1 FROM '.$db->prefix.'forums AS f LEFT JOIN '.$db->prefix.'forum_perms AS fp ON (fp.forum_id=f.id AND fp.group_id='.$pun_user['g_id'].') WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND f.id='.$forum_id) or error('Unable to fetch forum info', __FILE__, __LINE__, $db->error()); | 368: $result = $db->query('SELECT 1 FROM '.$db->prefix.'forums AS f LEFT JOIN '.$db->prefix.'forum_perms AS fp ON (fp.forum_id=f.id AND fp.group_id='.$pun_user['g_id'].') WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND f.id='.$forum_id) or error('Unable to fetch forum info', __FILE__, __LINE__, $db->error()); |
365: if (!$db->num_rows($result)) | 369: if (!$db->num_rows($result)) |
366: message($lang_common['Bad request']); | 370: message($lang_common['Bad request'], false, '404 Not Found'); |
367: | 371: |
368: $result = $db->query('SELECT 1 FROM '.$db->prefix.'forum_subscriptions WHERE user_id='.$pun_user['id'].' AND forum_id='.$forum_id) or error('Unable to fetch subscription info', __FILE__, __LINE__, $db->error()); | 372: $result = $db->query('SELECT 1 FROM '.$db->prefix.'forum_subscriptions WHERE user_id='.$pun_user['id'].' AND forum_id='.$forum_id) or error('Unable to fetch subscription info', __FILE__, __LINE__, $db->error()); |
369: if ($db->num_rows($result)) | 373: if ($db->num_rows($result)) |
379: else if ($action == 'unsubscribe') | 383: else if ($action == 'unsubscribe') |
380: { | 384: { |
381: if ($pun_user['is_guest']) | 385: if ($pun_user['is_guest']) |
382: message($lang_common['No permission']); | 386: message($lang_common['No permission'], false, '403 Forbidden'); |
383: | 387: |
384: $topic_id = isset($_GET['tid']) ? intval($_GET['tid']) : 0; | 388: $topic_id = isset($_GET['tid']) ? intval($_GET['tid']) : 0; |
385: $forum_id = isset($_GET['fid']) ? intval($_GET['fid']) : 0; | 389: $forum_id = isset($_GET['fid']) ? intval($_GET['fid']) : 0; |
386: if ($topic_id < 1 && $forum_id < 1) | 390: if ($topic_id < 1 && $forum_id < 1) |
387: message($lang_common['Bad request']); | 391: message($lang_common['Bad request'], false, '404 Not Found'); |
388: | 392: |
389: if ($topic_id) | 393: if ($topic_id) |
390: { | 394: { |
391: if ($pun_config['o_topic_subscriptions'] != '1') | 395: if ($pun_config['o_topic_subscriptions'] != '1') |
392: message($lang_common['No permission']); | 396: message($lang_common['No permission'], false, '403 Forbidden'); |
393: | 397: |
394: $result = $db->query('SELECT 1 FROM '.$db->prefix.'topic_subscriptions WHERE user_id='.$pun_user['id'].' AND topic_id='.$topic_id) or error('Unable to fetch subscription info', __FILE__, __LINE__, $db->error()); | 398: $result = $db->query('SELECT 1 FROM '.$db->prefix.'topic_subscriptions WHERE user_id='.$pun_user['id'].' AND topic_id='.$topic_id) or error('Unable to fetch subscription info', __FILE__, __LINE__, $db->error()); |
395: if (!$db->num_rows($result)) | 399: if (!$db->num_rows($result)) |
403: if ($forum_id) | 407: if ($forum_id) |
404: { | 408: { |
405: if ($pun_config['o_forum_subscriptions'] != '1') | 409: if ($pun_config['o_forum_subscriptions'] != '1') |
406: message($lang_common['No permission']); | 410: message($lang_common['No permission'], false, '403 Forbidden'); |
407: | 411: |
408: $result = $db->query('SELECT 1 FROM '.$db->prefix.'forum_subscriptions WHERE user_id='.$pun_user['id'].' AND forum_id='.$forum_id) or error('Unable to fetch subscription info', __FILE__, __LINE__, $db->error()); | 412: $result = $db->query('SELECT 1 FROM '.$db->prefix.'forum_subscriptions WHERE user_id='.$pun_user['id'].' AND forum_id='.$forum_id) or error('Unable to fetch subscription info', __FILE__, __LINE__, $db->error()); |
409: if (!$db->num_rows($result)) | 413: if (!$db->num_rows($result)) |
417: | 421: |
418: | 422: |
419: else | 423: else |
a/moderate.php |
b/moderate.php |
24: { | 24: { |
25: $get_host = intval($_GET['get_host']); | 25: $get_host = intval($_GET['get_host']); |
26: if ($get_host < 1) | 26: if ($get_host < 1) |
27: message($lang_common['Bad request']); | 27: message($lang_common['Bad request'], false, '404 Not Found'); |
28: | 28: |
29: $result = $db->query('SELECT poster_ip FROM '.$db->prefix.'posts WHERE id='.$get_host) or error('Unable to fetch post IP address', __FILE__, __LINE__, $db->error()); | 29: $result = $db->query('SELECT poster_ip FROM '.$db->prefix.'posts WHERE id='.$get_host) or error('Unable to fetch post IP address', __FILE__, __LINE__, $db->error()); |
30: if (!$db->num_rows($result)) | 30: if (!$db->num_rows($result)) |
87: confirm_referrer('moderate.php'); | 87: confirm_referrer('moderate.php'); |
88: | 88: |
89: if (@preg_match('%[^0-9,]%', $posts)) | 89: if (@preg_match('%[^0-9,]%', $posts)) |
90: message($lang_common['Bad request']); | 90: message($lang_common['Bad request'], false, '404 Not Found'); |
91: | 91: |
92: // Verify that the post IDs are valid | 92: // Verify that the post IDs are valid |
93: $admins_sql = ($pun_user['g_id'] != PUN_ADMIN) ? ' AND poster_id NOT IN('.implode(',', get_admin_ids()).')' : ''; | 93: $admins_sql = ($pun_user['g_id'] != PUN_ADMIN) ? ' AND poster_id NOT IN('.implode(',', get_admin_ids()).')' : ''; |
94: $result = $db->query('SELECT 1 FROM '.$db->prefix.'posts WHERE id IN('.$posts.') AND topic_id='.$tid.$admins_sql) or error('Unable to check posts', __FILE__, __LINE__, $db->error()); | 94: $result = $db->query('SELECT 1 FROM '.$db->prefix.'posts WHERE id IN('.$posts.') AND topic_id='.$tid.$admins_sql) or error('Unable to check posts', __FILE__, __LINE__, $db->error()); |
95: | 95: |
96: if ($db->num_rows($result) != substr_count($posts, ',') + 1) | 96: if ($db->num_rows($result) != substr_count($posts, ',') + 1) |
97: message($lang_common['Bad request']); | 97: message($lang_common['Bad request'], false, '404 Not Found'); |
98: | 98: |
99: // Delete the posts | 99: // Delete the posts |
100: $db->query('DELETE FROM '.$db->prefix.'posts WHERE id IN('.$posts.')') or error('Unable to delete posts', __FILE__, __LINE__, $db->error()); | 100: $db->query('DELETE FROM '.$db->prefix.'posts WHERE id IN('.$posts.')') or error('Unable to delete posts', __FILE__, __LINE__, $db->error()); |
155: confirm_referrer('moderate.php'); | 155: confirm_referrer('moderate.php'); |
156: | 156: |
157: if (@preg_match('%[^0-9,]%', $posts)) | 157: if (@preg_match('%[^0-9,]%', $posts)) |
158: message($lang_common['Bad request']); | 158: message($lang_common['Bad request'], false, '404 Not Found'); |
159: | 159: |
160: $move_to_forum = isset($_POST['move_to_forum']) ? intval($_POST['move_to_forum']) : 0; | 160: $move_to_forum = isset($_POST['move_to_forum']) ? intval($_POST['move_to_forum']) : 0; |
161: if ($move_to_forum < 1) | 161: if ($move_to_forum < 1) |
162: message($lang_common['Bad request']); | 162: message($lang_common['Bad request'], false, '404 Not Found'); |
163: | 163: |
164: // How many posts did we just split off? | 164: // How many posts did we just split off? |
165: $num_posts_splitted = substr_count($posts, ',') + 1; | 165: $num_posts_splitted = substr_count($posts, ',') + 1; |
167: // Verify that the post IDs are valid | 167: // Verify that the post IDs are valid |
168: $result = $db->query('SELECT 1 FROM '.$db->prefix.'posts WHERE id IN('.$posts.') AND topic_id='.$tid) or error('Unable to check posts', __FILE__, __LINE__, $db->error()); | 168: $result = $db->query('SELECT 1 FROM '.$db->prefix.'posts WHERE id IN('.$posts.') AND topic_id='.$tid) or error('Unable to check posts', __FILE__, __LINE__, $db->error()); |
169: if ($db->num_rows($result) != $num_posts_splitted) | 169: if ($db->num_rows($result) != $num_posts_splitted) |
170: message($lang_common['Bad request']); | 170: message($lang_common['Bad request'], false, '404 Not Found'); |
171: | 171: |
172: // Verify that the move to forum ID is valid | 172: // Verify that the move to forum ID is valid |
173: $result = $db->query('SELECT 1 FROM '.$db->prefix.'forums AS f LEFT JOIN '.$db->prefix.'forum_perms AS fp ON (fp.group_id='.$pun_user['g_id'].' AND fp.forum_id='.$move_to_forum.') WHERE f.redirect_url IS NULL AND (fp.post_topics IS NULL OR fp.post_topics=1)') or error('Unable to fetch forum permissions', __FILE__, __LINE__, $db->error()); | 173: $result = $db->query('SELECT 1 FROM '.$db->prefix.'forums AS f LEFT JOIN '.$db->prefix.'forum_perms AS fp ON (fp.group_id='.$pun_user['g_id'].' AND fp.forum_id='.$move_to_forum.') WHERE f.redirect_url IS NULL AND (fp.post_topics IS NULL OR fp.post_topics=1)') or error('Unable to fetch forum permissions', __FILE__, __LINE__, $db->error()); |
174: if (!$db->num_rows($result)) | 174: if (!$db->num_rows($result)) |
175: message($lang_common['Bad request']); | 175: message($lang_common['Bad request'], false, '404 Not Found'); |
176: | 176: |
177: // Load the post.php language file | 177: // Load the post.php language file |
178: require PUN_ROOT.'lang/'.$pun_user['language'].'/post.php'; | 178: require PUN_ROOT.'lang/'.$pun_user['language'].'/post.php'; |
278: // Used to disable the Move and Delete buttons if there are no replies to this topic | 278: // Used to disable the Move and Delete buttons if there are no replies to this topic |
279: $button_status = ($cur_topic['num_replies'] == 0) ? ' disabled="disabled"' : ''; | 279: $button_status = ($cur_topic['num_replies'] == 0) ? ' disabled="disabled"' : ''; |
280: | 280: |
| 281: if (isset($_GET['action']) && $_GET['action'] == 'all') |
| 282: $pun_user['disp_posts'] = $cur_topic['num_replies'] + 1; |
281: | 283: |
282: // Determine the post offset (based on $_GET['p']) | 284: // Determine the post offset (based on $_GET['p']) |
283: $num_pages = ceil(($cur_topic['num_replies'] + 1) / $pun_user['disp_posts']); | 285: $num_pages = ceil(($cur_topic['num_replies'] + 1) / $pun_user['disp_posts']); |
425: confirm_referrer('moderate.php'); | 427: confirm_referrer('moderate.php'); |
426: | 428: |
427: if (@preg_match('%[^0-9,]%', $_POST['topics'])) | 429: if (@preg_match('%[^0-9,]%', $_POST['topics'])) |
428: message($lang_common['Bad request']); | 430: message($lang_common['Bad request'], false, '404 Not Found'); |
429: | 431: |
430: $topics = explode(',', $_POST['topics']); | 432: $topics = explode(',', $_POST['topics']); |
431: $move_to_forum = isset($_POST['move_to_forum']) ? intval($_POST['move_to_forum']) : 0; | 433: $move_to_forum = isset($_POST['move_to_forum']) ? intval($_POST['move_to_forum']) : 0; |
432: if (empty($topics) || $move_to_forum < 1) | 434: if (empty($topics) || $move_to_forum < 1) |
433: message($lang_common['Bad request']); | 435: message($lang_common['Bad request'], false, '404 Not Found'); |
434: | 436: |
435: // Verify that the topic IDs are valid | 437: // Verify that the topic IDs are valid |
436: $result = $db->query('SELECT 1 FROM '.$db->prefix.'topics WHERE id IN('.implode(',',$topics).') AND forum_id='.$fid) or error('Unable to check topics', __FILE__, __LINE__, $db->error()); | 438: $result = $db->query('SELECT 1 FROM '.$db->prefix.'topics WHERE id IN('.implode(',',$topics).') AND forum_id='.$fid) or error('Unable to check topics', __FILE__, __LINE__, $db->error()); |
437: | 439: |
438: if ($db->num_rows($result) != count($topics)) | 440: if ($db->num_rows($result) != count($topics)) |
439: message($lang_common['Bad request']); | 441: message($lang_common['Bad request'], false, '404 Not Found'); |
440: | 442: |
441: // Verify that the move to forum ID is valid | 443: // Verify that the move to forum ID is valid |
442: $result = $db->query('SELECT 1 FROM '.$db->prefix.'forums AS f LEFT JOIN '.$db->prefix.'forum_perms AS fp ON (fp.group_id='.$pun_user['g_id'].' AND fp.forum_id='.$move_to_forum.') WHERE f.redirect_url IS NULL AND (fp.post_topics IS NULL OR fp.post_topics=1)') or error('Unable to fetch forum permissions', __FILE__, __LINE__, $db->error()); | 444: $result = $db->query('SELECT 1 FROM '.$db->prefix.'forums AS f LEFT JOIN '.$db->prefix.'forum_perms AS fp ON (fp.group_id='.$pun_user['g_id'].' AND fp.forum_id='.$move_to_forum.') WHERE f.redirect_url IS NULL AND (fp.post_topics IS NULL OR fp.post_topics=1)') or error('Unable to fetch forum permissions', __FILE__, __LINE__, $db->error()); |
443: if (!$db->num_rows($result)) | 445: if (!$db->num_rows($result)) |
444: message($lang_common['Bad request']); | 446: message($lang_common['Bad request'], false, '404 Not Found'); |
445: | 447: |
446: // Delete any redirect topics if there are any (only if we moved/copied the topic back to where it was once moved from) | 448: // Delete any redirect topics if there are any (only if we moved/copied the topic back to where it was once moved from) |
447: $db->query('DELETE FROM '.$db->prefix.'topics WHERE forum_id='.$move_to_forum.' AND moved_to IN('.implode(',',$topics).')') or error('Unable to delete redirect topics', __FILE__, __LINE__, $db->error()); | 449: $db->query('DELETE FROM '.$db->prefix.'topics WHERE forum_id='.$move_to_forum.' AND moved_to IN('.implode(',',$topics).')') or error('Unable to delete redirect topics', __FILE__, __LINE__, $db->error()); |
483: { | 485: { |
484: $topics = intval($_GET['move_topics']); | 486: $topics = intval($_GET['move_topics']); |
485: if ($topics < 1) | 487: if ($topics < 1) |
486: message($lang_common['Bad request']); | 488: message($lang_common['Bad request'], false, '404 Not Found'); |
487: | 489: |
488: $action = 'single'; | 490: $action = 'single'; |
489: } | 491: } |
553: confirm_referrer('moderate.php'); | 555: confirm_referrer('moderate.php'); |
554: | 556: |
555: if (@preg_match('%[^0-9,]%', $_POST['topics'])) | 557: if (@preg_match('%[^0-9,]%', $_POST['topics'])) |
556: message($lang_common['Bad request']); | 558: message($lang_common['Bad request'], false, '404 Not Found'); |
557: | 559: |
558: $topics = explode(',', $_POST['topics']); | 560: $topics = explode(',', $_POST['topics']); |
559: if (count($topics) < 2) | 561: if (count($topics) < 2) |
562: // Verify that the topic IDs are valid (redirect links will point to the merged topic after the merge) | 564: // Verify that the topic IDs are valid (redirect links will point to the merged topic after the merge) |
563: $result = $db->query('SELECT id FROM '.$db->prefix.'topics WHERE id IN('.implode(',', $topics).') AND forum_id='.$fid.' ORDER BY id ASC') or error('Unable to check topics', __FILE__, __LINE__, $db->error()); | 565: $result = $db->query('SELECT id FROM '.$db->prefix.'topics WHERE id IN('.implode(',', $topics).') AND forum_id='.$fid.' ORDER BY id ASC') or error('Unable to check topics', __FILE__, __LINE__, $db->error()); |
564: if ($db->num_rows($result) != count($topics)) | 566: if ($db->num_rows($result) != count($topics)) |
565: message($lang_common['Bad request']); | 567: message($lang_common['Bad request'], false, '404 Not Found'); |
566: | 568: |
567: // The topic that we are merging into is the one with the smallest ID | 569: // The topic that we are merging into is the one with the smallest ID |
568: $merge_to_tid = $db->result($result); | 570: $merge_to_tid = $db->result($result); |
580: $db->query('UPDATE '.$db->prefix.'posts SET topic_id='.$merge_to_tid.' WHERE topic_id IN('.implode(',', $topics).')') or error('Unable to merge the posts into the topic', __FILE__, __LINE__, $db->error()); | 582: $db->query('UPDATE '.$db->prefix.'posts SET topic_id='.$merge_to_tid.' WHERE topic_id IN('.implode(',', $topics).')') or error('Unable to merge the posts into the topic', __FILE__, __LINE__, $db->error()); |
581: | 583: |
582: // Update any subscriptions | 584: // Update any subscriptions |
583: $result = $db->query('SELECT user_id FROM '.$db->prefix.'topic_subscriptions WHERE topic_id IN ('.implode(',', $topics).')') or error('Unable to fetch subscriptions of merged topics', __FILE__, __LINE__, $db->error()); | 585: $result = $db->query('SELECT DISTINCT user_id FROM '.$db->prefix.'topic_subscriptions WHERE topic_id IN('.implode(',', $topics).')') or error('Unable to fetch subscriptions of merged topics', __FILE__, __LINE__, $db->error()); |
584: | 586: |
585: $subscribed_users = array(); | 587: $subscribed_users = array(); |
586: while ($cur_user_id = $db->result($result)) | 588: while ($row = $db->fetch_row($result)) |
587: $subscribed_users[] = $cur_user_id; | 589: $subscribed_users[] = $row[0]; |
588: $subscribed_users = array_unique($subscribed_users); | |
589: | 590: |
590: $db->query('DELETE FROM '.$db->prefix.'topic_subscriptions WHERE topic_id IN ('.implode(',', $topics).')') or error('Unable to delete subscriptions of merged topics', __FILE__, __LINE__, $db->error()); | 591: $db->query('DELETE FROM '.$db->prefix.'topic_subscriptions WHERE topic_id IN('.implode(',', $topics).')') or error('Unable to delete subscriptions of merged topics', __FILE__, __LINE__, $db->error()); |
591: | 592: |
592: foreach ($subscribed_users as $cur_user_id) | 593: foreach ($subscribed_users as $cur_user_id) |
593: $db->query('INSERT INTO '.$db->prefix.'topic_subscriptions (topic_id, user_id) VALUES ('.$merge_to_tid.', '.$cur_user_id.')') or error('Unable to re-enter subscriptions for merge topic', __FILE__, __LINE__, $db->error()); | 594: $db->query('INSERT INTO '.$db->prefix.'topic_subscriptions (topic_id, user_id) VALUES ('.$merge_to_tid.', '.$cur_user_id.')') or error('Unable to re-enter subscriptions for merge topic', __FILE__, __LINE__, $db->error()); |
657: confirm_referrer('moderate.php'); | 658: confirm_referrer('moderate.php'); |
658: | 659: |
659: if (@preg_match('%[^0-9,]%', $topics)) | 660: if (@preg_match('%[^0-9,]%', $topics)) |
660: message($lang_common['Bad request']); | 661: message($lang_common['Bad request'], false, '404 Not Found'); |
661: | 662: |
662: require PUN_ROOT.'include/search_idx.php'; | 663: require PUN_ROOT.'include/search_idx.php'; |
663: | 664: |
665: $result = $db->query('SELECT 1 FROM '.$db->prefix.'topics WHERE id IN('.$topics.') AND forum_id='.$fid) or error('Unable to check topics', __FILE__, __LINE__, $db->error()); | 666: $result = $db->query('SELECT 1 FROM '.$db->prefix.'topics WHERE id IN('.$topics.') AND forum_id='.$fid) or error('Unable to check topics', __FILE__, __LINE__, $db->error()); |
666: | 667: |
667: if ($db->num_rows($result) != substr_count($topics, ',') + 1) | 668: if ($db->num_rows($result) != substr_count($topics, ',') + 1) |
668: message($lang_common['Bad request']); | 669: message($lang_common['Bad request'], false, '404 Not Found'); |
669: | 670: |
670: // Verify that the posts are not by admins | 671: // Verify that the posts are not by admins |
671: if ($pun_user['g_id'] != PUN_ADMIN) | 672: if ($pun_user['g_id'] != PUN_ADMIN) |
755: | 756: |
756: $topic_id = ($action) ? intval($_GET['close']) : intval($_GET['open']); | 757: $topic_id = ($action) ? intval($_GET['close']) : intval($_GET['open']); |
757: if ($topic_id < 1) | 758: if ($topic_id < 1) |
758: message($lang_common['Bad request']); | 759: message($lang_common['Bad request'], false, '404 Not Found'); |
759: | 760: |
760: $db->query('UPDATE '.$db->prefix.'topics SET closed='.$action.' WHERE id='.$topic_id.' AND forum_id='.$fid) or error('Unable to close topic', __FILE__, __LINE__, $db->error()); | 761: $db->query('UPDATE '.$db->prefix.'topics SET closed='.$action.' WHERE id='.$topic_id.' AND forum_id='.$fid) or error('Unable to close topic', __FILE__, __LINE__, $db->error()); |
761: | 762: |
772: | 773: |
773: $stick = intval($_GET['stick']); | 774: $stick = intval($_GET['stick']); |
774: if ($stick < 1) | 775: if ($stick < 1) |
775: message($lang_common['Bad request']); | 776: message($lang_common['Bad request'], false, '404 Not Found'); |
776: | 777: |
777: $db->query('UPDATE '.$db->prefix.'topics SET sticky=\'1\' WHERE id='.$stick.' AND forum_id='.$fid) or error('Unable to stick topic', __FILE__, __LINE__, $db->error()); | 778: $db->query('UPDATE '.$db->prefix.'topics SET sticky=\'1\' WHERE id='.$stick.' AND forum_id='.$fid) or error('Unable to stick topic', __FILE__, __LINE__, $db->error()); |
778: | 779: |
787: | 788: |
788: $unstick = intval($_GET['unstick']); | 789: $unstick = intval($_GET['unstick']); |
789: if ($unstick < 1) | 790: if ($unstick < 1) |
790: message($lang_common['Bad request']); | 791: message($lang_common['Bad request'], false, '404 Not Found'); |
791: | 792: |
792: $db->query('UPDATE '.$db->prefix.'topics SET sticky=\'0\' WHERE id='.$unstick.' AND forum_id='.$fid) or error('Unable to unstick topic', __FILE__, __LINE__, $db->error()); | 793: $db->query('UPDATE '.$db->prefix.'topics SET sticky=\'0\' WHERE id='.$unstick.' AND forum_id='.$fid) or error('Unable to unstick topic', __FILE__, __LINE__, $db->error()); |
793: | 794: |
809: | 810: |
810: // Is this a redirect forum? In that case, abort! | 811: // Is this a redirect forum? In that case, abort! |
811: if ($cur_forum['redirect_url'] != '') | 812: if ($cur_forum['redirect_url'] != '') |
812: message($lang_common['Bad request']); | 813: message($lang_common['Bad request'], false, '404 Not Found'); |
813: | 814: |
814: switch ($cur_forum['sort_by']) | 815: switch ($cur_forum['sort_by']) |
815: { | 816: { |
860: <h2><span><?php echo pun_htmlspecialchars($cur_forum['forum_name']) ?></span></h2> | 861: <h2><span><?php echo pun_htmlspecialchars($cur_forum['forum_name']) ?></span></h2> |
861: <div class="box"> | 862: <div class="box"> |
862: <div class="inbox"> | 863: <div class="inbox"> |
863: <table cellspacing="0"> | 864: <table> |
864: <thead> | 865: <thead> |
865: <tr> | 866: <tr> |
866: <th class="tcl" scope="col"><?php echo $lang_common['Topic'] ?></th> | 867: <th class="tcl" scope="col"><?php echo $lang_common['Topic'] ?></th> |
a/profile.php |
b/profile.php |
81: | 81: |
82: if (isset($_POST['form_sent'])) | 82: if (isset($_POST['form_sent'])) |
83: { | 83: { |
84: if ($pun_user['is_admmod']) | 84: // Make sure they got here from the site |
85: confirm_referrer('profile.php'); | 85: confirm_referrer('profile.php'); |
86: | 86: |
87: $old_password = isset($_POST['req_old_password']) ? pun_trim($_POST['req_old_password']) : ''; | 87: $old_password = isset($_POST['req_old_password']) ? pun_trim($_POST['req_old_password']) : ''; |
88: $new_password1 = pun_trim($_POST['req_new_password1']); | 88: $new_password1 = pun_trim($_POST['req_new_password1']); |
195: { | 195: { |
196: if (pun_hash($_POST['req_password']) !== $pun_user['password']) | 196: if (pun_hash($_POST['req_password']) !== $pun_user['password']) |
197: message($lang_profile['Wrong pass']); | 197: message($lang_profile['Wrong pass']); |
| 198: |
| 199: // Make sure they got here from the site |
| 200: confirm_referrer('profile.php'); |
198: | 201: |
199: require PUN_ROOT.'include/email.php'; | 202: require PUN_ROOT.'include/email.php'; |
200: | 203: |
322: { | 325: { |
323: if (!isset($_FILES['req_file'])) | 326: if (!isset($_FILES['req_file'])) |
324: message($lang_profile['No file']); | 327: message($lang_profile['No file']); |
| 328: |
| 329: // Make sure they got here from the site |
| 330: confirm_referrer('profile.php'); |
325: | 331: |
326: $uploaded_file = $_FILES['req_file']; | 332: $uploaded_file = $_FILES['req_file']; |
327: | 333: |
700: $is_moderator)))) // or the user is another mod | 706: $is_moderator)))) // or the user is another mod |
701: message($lang_common['No permission'], false, '403 Forbidden'); | 707: message($lang_common['No permission'], false, '403 Forbidden'); |
702: | 708: |
703: if ($pun_user['is_admmod']) | 709: // Make sure they got here from the site |
704: confirm_referrer('profile.php'); | 710: confirm_referrer('profile.php'); |
705: | 711: |
706: $username_updated = false; | 712: $username_updated = false; |
707: | 713: |
924: } | 930: } |
925: | 931: |
926: default: | 932: default: |
927: message($lang_common['Bad request']); | 933: message($lang_common['Bad request'], false, '404 Not Found'); |
928: } | 934: } |
929: | 935: |
930: | 936: |
938: } | 944: } |
939: | 945: |
940: if (empty($temp)) | 946: if (empty($temp)) |
941: message($lang_common['Bad request']); | 947: message($lang_common['Bad request'], false, '404 Not Found'); |
942: | 948: |
943: | 949: |
944: $db->query('UPDATE '.$db->prefix.'users SET '.implode(',', $temp).' WHERE id='.$id) or error('Unable to update profile', __FILE__, __LINE__, $db->error()); | 950: $db->query('UPDATE '.$db->prefix.'users SET '.implode(',', $temp).' WHERE id='.$id) or error('Unable to update profile', __FILE__, __LINE__, $db->error()); |
1495: else if ($section == 'personality') | 1501: else if ($section == 'personality') |
1496: { | 1502: { |
1497: if ($pun_config['o_avatars'] == '0' && $pun_config['o_signatures'] == '0') | 1503: if ($pun_config['o_avatars'] == '0' && $pun_config['o_signatures'] == '0') |
1498: message($lang_common['Bad request']); | 1504: message($lang_common['Bad request'], false, '404 Not Found'); |
1499: | 1505: |
1500: $avatar_field = '<span><a href="profile.php?action=upload_avatar&id='.$id.'">'.$lang_profile['Change avatar'].'</a></span>'; | 1506: $avatar_field = '<span><a href="profile.php?action=upload_avatar&id='.$id.'">'.$lang_profile['Change avatar'].'</a></span>'; |
1501: | 1507: |
1821: | 1827: |
1822: } | 1828: } |
1823: else | 1829: else |
1824: message($lang_common['Bad request']); | 1830: message($lang_common['Bad request'], false, '404 Not Found'); |
1825: | 1831: |
1826: ?> | 1832: ?> |
1827: <div class="clearer"></div> | 1833: <div class="clearer"></div> |