punbb/extern.php
author Dan
Thu, 12 Jul 2007 01:04:01 -0400
changeset 2 a8a21e1c7afa
parent 0 f9ffdbd96607
permissions -rw-r--r--
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
0
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
     1
<?php
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
     2
/***********************************************************************
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
     3
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
     4
  Copyright (C) 2002-2005  Rickard Andersson (rickard@punbb.org)
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
     5
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
     6
  This file is part of PunBB.
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
     7
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
     8
  PunBB is free software; you can redistribute it and/or modify it
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
     9
  under the terms of the GNU General Public License as published
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
    10
  by the Free Software Foundation; either version 2 of the License,
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
    11
  or (at your option) any later version.
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
    12
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
    13
  PunBB is distributed in the hope that it will be useful, but
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
    14
  WITHOUT ANY WARRANTY; without even the implied warranty of
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
    15
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
    16
  GNU General Public License for more details.
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
    17
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
    18
  You should have received a copy of the GNU General Public License
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
    19
  along with this program; if not, write to the Free Software
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
    20
  Foundation, Inc., 59 Temple Place, Suite 330, Boston,
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
    21
  MA  02111-1307  USA
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
    22
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
    23
************************************************************************
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
    24
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
    25
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
    26
  INSTRUCTIONS
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
    27
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
    28
  This script is used to include information about your board from
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
    29
  pages outside the forums and to syndicate news about recent
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
    30
  discussions via RSS. The script can display a list of recent
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
    31
  discussions (sorted by post time or last post time), a list of
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
    32
  active users or a collection of general board statistics. The
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
    33
  script can be called directly via an URL (for RSS), from a PHP
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
    34
  include command or through the use of Server Side Includes (SSI).
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
    35
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
    36
  The scripts behaviour is controlled via variables supplied in the
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
    37
  URL to the script. The different variables are: action (what to
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
    38
  output), show (how many topics to display), fid (the ID or ID's of
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
    39
  the forum(s) to poll for topics), nfid (the ID or ID's of forums
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
    40
  that should be excluded) and type (output as HTML or RSS). The
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
    41
  only mandatory variable is action. Possible/default values are:
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
    42
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
    43
    action: active (show most recently active topics) (HTML or RSS)
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
    44
            new (show newest topics) (HTML or RSS)
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
    45
            online (show users online) (HTML)
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
    46
            online_full (as above, but includes a full list) (HTML)
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
    47
            stats (show board statistics) (HTML)
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
    48
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
    49
    show:   Any integer value between 1 and 50. This variables is
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
    50
            ignored for RSS output. The default is 15.
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
    51
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
    52
    fid:    One or more forum ID's (comma-separated). If ignored,
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
    53
            topics from all guest-readable forums will be polled.
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
    54
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
    55
    nfid:   One or more forum ID's (comma-separated) that are to be
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
    56
            excluded. E.g. the ID of a a test forum.
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
    57
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
    58
    type:   RSS. Anything else means HTML output.
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
    59
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
    60
  Here are some examples using PHP include().
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
    61
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
    62
    Show the 15 most recently active topics from all forums:
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
    63
    include('http://host.com/forums/extern.php?action=active');
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
    64
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
    65
    Show the 10 newest topics from forums with ID 5, 6 and 7:
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
    66
    include('http://host.com/forums/extern.php?action=new&show=10&fid=5,6,7');
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
    67
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
    68
    Show users online:
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
    69
    include('http://host.com/forums/extern.php?action=online');
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
    70
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
    71
    Show users online with full listing of users:
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
    72
    include('http://host.com/forums/extern.php?action=online_full');
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
    73
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
    74
    Show board statistics:
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
    75
    include('http://host.com/forums/extern.php?action=stats');
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
    76
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
    77
  Here are some examples using SSI.
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
    78
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
    79
    Show the 5 newest topics from forums with ID 11 and 22:
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
    80
    <!--#include virtual="forums/extern.php?action=new&show=5&fid=11,22" -->
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
    81
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
    82
    Show board statistics:
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
    83
    <!--#include virtual="forums/extern.php?action=stats" -->
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
    84
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
    85
  And finally some examples using extern.php to output an RSS 0.91
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
    86
  feed.
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
    87
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
    88
    Output the 15 most recently active topics:
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
    89
    http://host.com/extern.php?action=active&type=RSS
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
    90
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
    91
    Output the 15 newest topics from forum with ID=2:
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
    92
    http://host.com/extern.php?action=active&type=RSS&fid=2
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
    93
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
    94
  Below you will find some variables you can edit to tailor the
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
    95
  scripts behaviour to your needs.
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
    96
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
    97
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
    98
/***********************************************************************/
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
    99
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   100
// The maximum number of topics that will be displayed
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   101
$show_max_topics = 60;
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   102
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   103
// The length at which topic subjects will be truncated (for HTML output)
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   104
$max_subject_length = 30;
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   105
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   106
/***********************************************************************/
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   107
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   108
// DO NOT EDIT ANYTHING BELOW THIS LINE! (unless you know what you are doing)
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   109
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   110
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   111
define('PUN_ROOT', './');
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   112
@include PUN_ROOT.'config.php';
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   113
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   114
// If PUN isn't defined, config.php is missing or corrupt
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   115
if (!defined('PUN'))
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   116
	exit('The file \'config.php\' doesn\'t exist or is corrupt. Please run install.php to install PunBB first.');
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   117
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   118
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   119
// Make sure PHP reports all errors except E_NOTICE
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   120
error_reporting(E_ALL ^ E_NOTICE);
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   121
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   122
// Turn off magic_quotes_runtime
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   123
set_magic_quotes_runtime(0);
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   124
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   125
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   126
// Load the functions script
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   127
require PUN_ROOT.'include/functions.php';
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   128
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   129
// Load DB abstraction layer and try to connect
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   130
require PUN_ROOT.'include/dblayer/common_db.php';
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   131
2
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 0
diff changeset
   132
// Load cached config
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 0
diff changeset
   133
@include PUN_ROOT.'cache/cache_config.php';
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 0
diff changeset
   134
if (!defined('PUN_CONFIG_LOADED'))
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 0
diff changeset
   135
{
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 0
diff changeset
   136
    require PUN_ROOT.'include/cache.php';
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 0
diff changeset
   137
    generate_config_cache();
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 0
diff changeset
   138
    require PUN_ROOT.'cache/cache_config.php';
0
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   139
}
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   140
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   141
// Make sure we (guests) have permission to read the forums
2
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 0
diff changeset
   142
$result = $pun_db->query('SELECT g_read_board FROM '.$pun_db->prefix.'groups WHERE g_id=3') or error('Unable to fetch group info', __FILE__, __LINE__, $pun_db->error());
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 0
diff changeset
   143
if ($pun_db->result($result) == '0')
0
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   144
	exit('No permission');
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   145
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   146
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   147
// Attempt to load the common language file
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   148
@include PUN_ROOT.'lang/'.$pun_config['o_default_lang'].'/common.php';
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   149
if (!isset($lang_common))
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   150
	exit('There is no valid language pack \''.$pun_config['o_default_lang'].'\' installed. Please reinstall a language of that name.');
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   151
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   152
// Check if we are to display a maintenance message
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   153
if ($pun_config['o_maintenance'] && !defined('PUN_TURN_OFF_MAINT'))
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   154
	maintenance_message();
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   155
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   156
if (!isset($_GET['action']))
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   157
	exit('No parameters supplied. See extern.php for instructions.');
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   158
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   159
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   160
//
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   161
// Converts the CDATA end sequence ]]> into ]]&gt;
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   162
//
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   163
function escape_cdata($str)
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   164
{
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   165
	return str_replace(']]>', ']]&gt;', $str);
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   166
}
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   167
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   168
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   169
//
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   170
// Show recent discussions
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   171
//
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   172
if ($_GET['action'] == 'active' || $_GET['action'] == 'new')
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   173
{
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   174
	$order_by = ($_GET['action'] == 'active') ? 't.last_post' : 't.posted';
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   175
	$forum_sql = '';
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   176
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   177
	// Was any specific forum ID's supplied?
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   178
	if (isset($_GET['fid']) && $_GET['fid'] != '')
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   179
	{
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   180
		$fids = explode(',', trim($_GET['fid']));
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   181
		$fids = array_map('intval', $fids);
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   182
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   183
		if (!empty($fids))
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   184
			$forum_sql = ' AND f.id IN('.implode(',', $fids).')';
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   185
	}
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   186
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   187
	// Any forum ID's to exclude?
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   188
	if (isset($_GET['nfid']) && $_GET['nfid'] != '')
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   189
	{
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   190
		$nfids = explode(',', trim($_GET['nfid']));
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   191
		$nfids = array_map('intval', $nfids);
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   192
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   193
		if (!empty($nfids))
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   194
			$forum_sql = ' AND f.id NOT IN('.implode(',', $nfids).')';
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   195
	}
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   196
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   197
	// Should we output this as RSS?
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   198
	if (isset($_GET['type']) && strtoupper($_GET['type']) == 'RSS')
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   199
	{
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   200
		$rss_description = ($_GET['action'] == 'active') ? $lang_common['RSS Desc Active'] : $lang_common['RSS Desc New'];
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   201
		$url_action = ($_GET['action'] == 'active') ? '&amp;action=new' : '';
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   202
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   203
		// Send XML/no cache headers
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   204
		header('Content-Type: text/xml');
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   205
		header('Expires: '.gmdate('D, d M Y H:i:s').' GMT');
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   206
		header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   207
		header('Pragma: public');
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   208
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   209
		// It's time for some syndication!
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   210
		echo '<?xml version="1.0" encoding="'.$lang_common['lang_encoding'].'"?>'."\r\n";
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   211
		echo '<!DOCTYPE rss PUBLIC "-//Netscape Communications//DTD RSS 0.91//EN" "http://my.netscape.com/publish/formats/rss-0.91.dtd">'."\r\n";
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   212
		echo '<rss version="0.91">'."\r\n";
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   213
		echo '<channel>'."\r\n";
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   214
		echo "\t".'<title>'.pun_htmlspecialchars($pun_config['o_board_title']).'</title>'."\r\n";
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   215
		echo "\t".'<link>'.$pun_config['o_base_url'].'/</link>'."\r\n";
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   216
		echo "\t".'<description>'.pun_htmlspecialchars($rss_description.' '.$pun_config['o_board_title']).'</description>'."\r\n";
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   217
		echo "\t".'<language>en-us</language>'."\r\n";
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   218
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   219
		// Fetch 15 topics
2
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 0
diff changeset
   220
		$result = $pun_db->query('SELECT t.id, t.poster, t.subject, t.posted, t.last_post, f.id AS fid, f.forum_name FROM '.$pun_db->prefix.'topics AS t INNER JOIN '.$pun_db->prefix.'forums AS f ON f.id=t.forum_id LEFT JOIN '.$pun_db->prefix.'forum_perms AS fp ON (fp.forum_id=f.id AND fp.group_id=3) WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND t.moved_to IS NULL'.$forum_sql.' ORDER BY '.$order_by.' DESC LIMIT 15') or error('Unable to fetch topic list', __FILE__, __LINE__, $pun_db->error());
0
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   221
2
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 0
diff changeset
   222
		while ($cur_topic = $pun_db->fetch_assoc($result))
0
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   223
		{
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   224
			if ($pun_config['o_censoring'] == '1')
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   225
				$cur_topic['subject'] = censor_words($cur_topic['subject']);
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   226
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   227
			echo "\t".'<item>'."\r\n";
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   228
			echo "\t\t".'<title>'.pun_htmlspecialchars($cur_topic['subject']).'</title>'."\r\n";
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   229
			echo "\t\t".'<link>'.$pun_config['o_base_url'].'/viewtopic.php?id='.$cur_topic['id'].$url_action.'</link>'."\r\n";
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   230
			echo "\t\t".'<description><![CDATA['.escape_cdata($lang_common['Forum'].': <a href="'.$pun_config['o_base_url'].'/viewforum.php?id='.$cur_topic['fid'].'">'.$cur_topic['forum_name'].'</a><br />'."\r\n".$lang_common['Author'].': '.$cur_topic['poster'].'<br />'."\r\n".$lang_common['Posted'].': '.date('r', $cur_topic['posted']).'<br />'."\r\n".$lang_common['Last post'].': '.date('r', $cur_topic['last_post'])).']]></description>'."\r\n";
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   231
			echo "\t".'</item>'."\r\n";
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   232
		}
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   233
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   234
		echo '</channel>'."\r\n";
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   235
		echo '</rss>';
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   236
	}
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   237
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   238
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   239
	// Output regular HTML
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   240
	else
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   241
	{
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   242
		$show = isset($_GET['show']) ? intval($_GET['show']) : 15;
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   243
		if ($show < 1 || $show > 50)
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   244
			$show = 15;
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   245
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   246
		// Fetch $show topics
2
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 0
diff changeset
   247
		$result = $pun_db->query('SELECT t.id, t.subject FROM '.$pun_db->prefix.'topics AS t INNER JOIN '.$pun_db->prefix.'forums AS f ON f.id=t.forum_id LEFT JOIN '.$pun_db->prefix.'forum_perms AS fp ON (fp.forum_id=f.id AND fp.group_id=3) WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND t.moved_to IS NULL'.$forum_sql.' ORDER BY '.$order_by.' DESC LIMIT '.$show) or error('Unable to fetch topic list', __FILE__, __LINE__, $pun_db->error());
0
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   248
2
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 0
diff changeset
   249
		while ($cur_topic = $pun_db->fetch_assoc($result))
0
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   250
		{
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   251
			if ($pun_config['o_censoring'] == '1')
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   252
				$cur_topic['subject'] = censor_words($cur_topic['subject']);
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   253
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   254
			if (pun_strlen($cur_topic['subject']) > $max_subject_length)
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   255
				$subject_truncated = pun_htmlspecialchars(trim(substr($cur_topic['subject'], 0, ($max_subject_length-5)))).' &hellip;';
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   256
			else
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   257
				$subject_truncated = pun_htmlspecialchars($cur_topic['subject']);
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   258
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   259
			echo '<li><a href="'.$pun_config['o_base_url'].'/viewtopic.php?id='.$cur_topic['id'].'&amp;action=new" title="'.pun_htmlspecialchars($cur_topic['subject']).'">'.$subject_truncated.'</a></li>'."\n";
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   260
		}
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   261
	}
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   262
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   263
	return;
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   264
}
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   265
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   266
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   267
//
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   268
// Show users online
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   269
//
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   270
else if ($_GET['action'] == 'online' || $_GET['action'] == 'online_full')
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   271
{
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   272
	// Load the index.php language file
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   273
	require PUN_ROOT.'lang/'.$pun_config['o_default_lang'].'/index.php';
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   274
	
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   275
	// Fetch users online info and generate strings for output
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   276
	$num_guests = $num_users = 0;
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   277
	$users = array();
2
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 0
diff changeset
   278
	$result = $pun_db->query('SELECT user_id, ident FROM '.$pun_db->prefix.'online WHERE idle=0 ORDER BY ident', true) or error('Unable to fetch online list', __FILE__, __LINE__, $pun_db->error());
0
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   279
2
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 0
diff changeset
   280
	while ($pun_user_online = $pun_db->fetch_assoc($result))
0
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   281
	{
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   282
		if ($pun_user_online['user_id'] > 1)
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   283
		{
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   284
			$users[] = '<a href="'.$pun_config['o_base_url'].'/profile.php?id='.$pun_user_online['user_id'].'">'.pun_htmlspecialchars($pun_user_online['ident']).'</a>';
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   285
			++$num_users;
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   286
		}
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   287
		else
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   288
			++$num_guests;
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   289
	}
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   290
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   291
	echo $lang_index['Guests online'].': '.$num_guests.'<br />';
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   292
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   293
	if ($_GET['action'] == 'online_full')
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   294
		echo $lang_index['Users online'].': '.implode(', ', $users).'<br />';
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   295
	else
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   296
		echo $lang_index['Users online'].': '.$num_users.'<br />';
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   297
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   298
	return;
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   299
}
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   300
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   301
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   302
//
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   303
// Show board statistics
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   304
//
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   305
else if ($_GET['action'] == 'stats')
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   306
{
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   307
	// Load the index.php language file
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   308
	require PUN_ROOT.'lang/'.$pun_config['o_default_lang'].'/index.php';
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   309
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   310
	// Collect some statistics from the database
2
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 0
diff changeset
   311
	$result = $pun_db->query('SELECT COUNT(id)-1 FROM '.$pun_db->prefix.'users') or error('Unable to fetch total user count', __FILE__, __LINE__, $pun_db->error());
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 0
diff changeset
   312
	$stats['total_users'] = $pun_db->result($result);
0
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   313
2
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 0
diff changeset
   314
	$result = $pun_db->query('SELECT id, username FROM '.$pun_db->prefix.'users ORDER BY registered DESC LIMIT 1') or error('Unable to fetch newest registered user', __FILE__, __LINE__, $pun_db->error());
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 0
diff changeset
   315
	$stats['last_user'] = $pun_db->fetch_assoc($result);
0
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   316
2
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 0
diff changeset
   317
	$result = $pun_db->query('SELECT SUM(num_topics), SUM(num_posts) FROM '.$pun_db->prefix.'forums') or error('Unable to fetch topic/post count', __FILE__, __LINE__, $pun_db->error());
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 0
diff changeset
   318
	list($stats['total_topics'], $stats['total_posts']) = $pun_db->fetch_row($result);
0
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   319
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   320
	echo $lang_index['No of users'].': '.$stats['total_users'].'<br />';
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   321
	echo $lang_index['Newest user'].': <a href="'.$pun_config['o_base_url'].'/profile.php?id='.$stats['last_user']['id'].'">'.pun_htmlspecialchars($stats['last_user']['username']).'</a><br />';
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   322
	echo $lang_index['No of topics'].': '.$stats['total_topics'].'<br />';
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   323
	echo $lang_index['No of posts'].': '.$stats['total_posts'];
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   324
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   325
	return;
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   326
}
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   327
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   328
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   329
else
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
   330
	exit('Bad request');