| author | Dan |
| Thu, 12 Jul 2007 01:04:01 -0400 | |
| changeset 2 | a8a21e1c7afa |
| parent 0 | f9ffdbd96607 |
| child 3 | c0c445d4a13e |
| permissions | -rw-r--r-- |
| 0 | 1 |
<?php |
2 |
/*********************************************************************** |
|
3 |
||
4 |
Copyright (C) 2002-2005 Rickard Andersson (rickard@punbb.org) |
|
5 |
||
6 |
This file is part of PunBB. |
|
7 |
||
8 |
PunBB is free software; you can redistribute it and/or modify it |
|
9 |
under the terms of the GNU General Public License as published |
|
10 |
by the Free Software Foundation; either version 2 of the License, |
|
11 |
or (at your option) any later version. |
|
12 |
||
13 |
PunBB is distributed in the hope that it will be useful, but |
|
14 |
WITHOUT ANY WARRANTY; without even the implied warranty of |
|
15 |
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
16 |
GNU General Public License for more details. |
|
17 |
||
18 |
You should have received a copy of the GNU General Public License |
|
19 |
along with this program; if not, write to the Free Software |
|
20 |
Foundation, Inc., 59 Temple Place, Suite 330, Boston, |
|
21 |
MA 02111-1307 USA |
|
22 |
||
23 |
************************************************************************/ |
|
24 |
||
25 |
// |
|
26 |
// Cookie stuff! |
|
27 |
// |
|
28 |
function check_cookie(&$pun_user) |
|
29 |
{
|
|
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
30 |
// Import Enano |
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
31 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
32 |
|
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
33 |
// Import PunBB |
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
34 |
global $pun_db, $db_type, $pun_config, $cookie_name, $cookie_seed; |
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
35 |
|
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
36 |
$now = time(); |
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
37 |
|
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
38 |
if(!$session->started) |
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
39 |
$session->start(); |
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
40 |
|
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
41 |
if($session->user_logged_in) |
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
42 |
{
|
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
43 |
$result = $pun_db->query( |
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
44 |
'SELECT eu.*, u.*, eu.real_name AS realname, eu.user_level AS g_id, g.*, o.logged, o.idle |
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
45 |
FROM '.$pun_db->prefix.'users AS u |
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
46 |
LEFT JOIN '.table_prefix.'users AS eu |
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
47 |
ON eu.user_id=u.id |
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
48 |
INNER JOIN '.$pun_db->prefix.'groups AS g |
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
49 |
ON u.group_id=g.g_id |
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
50 |
LEFT JOIN '.$pun_db->prefix.'online AS o |
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
51 |
ON o.user_id=u.id |
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
52 |
WHERE u.id='.intval($session->user_id)) |
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
53 |
or error('Unable to fetch user information', __FILE__, __LINE__, $pun_db->error());
|
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
54 |
$pun_user = $pun_db->fetch_assoc($result); |
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
55 |
// Set a default language if the user selected language no longer exists |
| 0 | 56 |
if (!@file_exists(PUN_ROOT.'lang/'.$pun_user['language'])) |
57 |
$pun_user['language'] = $pun_config['o_default_lang']; |
|
58 |
||
59 |
// Set a default style if the user selected style no longer exists |
|
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
60 |
// if (!@file_exists(PUN_ROOT.'style/'.$pun_user['style'].'.css')) |
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
61 |
// $pun_user['style'] = $pun_config['o_default_style']; |
| 0 | 62 |
|
63 |
if (!$pun_user['disp_topics']) |
|
64 |
$pun_user['disp_topics'] = $pun_config['o_disp_topics_default']; |
|
65 |
if (!$pun_user['disp_posts']) |
|
66 |
$pun_user['disp_posts'] = $pun_config['o_disp_posts_default']; |
|
67 |
||
68 |
if ($pun_user['save_pass'] == '0') |
|
69 |
$expire = 0; |
|
70 |
||
71 |
// Define this if you want this visit to affect the online list and the users last visit data |
|
72 |
if (!defined('PUN_QUIET_VISIT'))
|
|
73 |
{
|
|
74 |
// Update the online list |
|
75 |
if (!$pun_user['logged']) |
|
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
76 |
$pun_db->query('INSERT INTO '.$pun_db->prefix.'online (user_id, ident, logged) VALUES('.$pun_user['id'].', \''.$pun_db->escape($pun_user['username']).'\', '.$now.')') or error('Unable to insert into online list', __FILE__, __LINE__, $pun_db->error());
|
| 0 | 77 |
else |
78 |
{
|
|
79 |
// Special case: We've timed out, but no other user has browsed the forums since we timed out |
|
80 |
if ($pun_user['logged'] < ($now-$pun_config['o_timeout_visit'])) |
|
81 |
{
|
|
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
82 |
$pun_db->query('UPDATE '.$pun_db->prefix.'users SET last_visit='.$pun_user['logged'].' WHERE id='.$pun_user['id']) or error('Unable to update user visit data', __FILE__, __LINE__, $pun_db->error());
|
| 0 | 83 |
$pun_user['last_visit'] = $pun_user['logged']; |
84 |
} |
|
85 |
||
86 |
$idle_sql = ($pun_user['idle'] == '1') ? ', idle=0' : ''; |
|
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
87 |
$pun_db->query('UPDATE '.$pun_db->prefix.'online SET logged='.$now.$idle_sql.' WHERE user_id='.$pun_user['id']) or error('Unable to update online list', __FILE__, __LINE__, $pun_db->error());
|
| 0 | 88 |
} |
89 |
} |
|
90 |
||
91 |
$pun_user['is_guest'] = false; |
|
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
92 |
} |
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
93 |
else |
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
94 |
{
|
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
95 |
set_default_user(); |
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
96 |
} |
| 0 | 97 |
} |
98 |
||
99 |
||
100 |
// |
|
101 |
// Fill $pun_user with default values (for guests) |
|
102 |
// |
|
103 |
function set_default_user() |
|
104 |
{
|
|
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
105 |
global $pun_db, $pun_user, $pun_config; |
| 0 | 106 |
|
107 |
$remote_addr = get_remote_address(); |
|
108 |
||
109 |
// Fetch guest user |
|
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
110 |
$result = $pun_db->query('SELECT u.*, g.*, o.logged FROM '.$pun_db->prefix.'users AS u INNER JOIN '.$pun_db->prefix.'groups AS g ON u.group_id=g.g_id LEFT JOIN '.$pun_db->prefix.'online AS o ON o.ident=\''.$remote_addr.'\' WHERE u.id=1') or error('Unable to fetch guest information', __FILE__, __LINE__, $pun_db->error());
|
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
111 |
if (!$pun_db->num_rows($result)) |
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
112 |
exit('Unable to fetch guest information. The table \''.$pun_db->prefix.'users\' must contain an entry with id = 1 that represents anonymous users.');
|
| 0 | 113 |
|
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
114 |
$pun_user = $pun_db->fetch_assoc($result); |
| 0 | 115 |
|
116 |
// Update online list |
|
117 |
if (!$pun_user['logged']) |
|
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
118 |
$pun_db->query('INSERT INTO '.$pun_db->prefix.'online (user_id, ident, logged) VALUES(1, \''.$pun_db->escape($remote_addr).'\', '.time().')') or error('Unable to insert into online list', __FILE__, __LINE__, $pun_db->error());
|
| 0 | 119 |
else |
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
120 |
$pun_db->query('UPDATE '.$pun_db->prefix.'online SET logged='.time().' WHERE ident=\''.$pun_db->escape($remote_addr).'\'') or error('Unable to update online list', __FILE__, __LINE__, $pun_db->error());
|
| 0 | 121 |
|
122 |
$pun_user['disp_topics'] = $pun_config['o_disp_topics_default']; |
|
123 |
$pun_user['disp_posts'] = $pun_config['o_disp_posts_default']; |
|
124 |
$pun_user['timezone'] = $pun_config['o_server_timezone']; |
|
125 |
$pun_user['language'] = $pun_config['o_default_lang']; |
|
126 |
$pun_user['style'] = $pun_config['o_default_style']; |
|
127 |
$pun_user['is_guest'] = true; |
|
128 |
} |
|
129 |
||
130 |
||
131 |
// |
|
132 |
// Set a cookie, PunBB style! |
|
133 |
// |
|
134 |
function pun_setcookie($user_id, $password_hash, $expire) |
|
135 |
{
|
|
136 |
global $cookie_name, $cookie_path, $cookie_domain, $cookie_secure, $cookie_seed; |
|
137 |
||
138 |
// Enable sending of a P3P header by removing // from the following line (try this if login is failing in IE6) |
|
139 |
// @header('P3P: CP="CUR ADM"');
|
|
140 |
||
141 |
if (version_compare(PHP_VERSION, '5.2.0', '>=')) |
|
142 |
setcookie($cookie_name, serialize(array($user_id, md5($cookie_seed.$password_hash))), $expire, $cookie_path, $cookie_domain, $cookie_secure, true); |
|
143 |
else |
|
144 |
setcookie($cookie_name, serialize(array($user_id, md5($cookie_seed.$password_hash))), $expire, $cookie_path.'; HttpOnly', $cookie_domain, $cookie_secure); |
|
145 |
} |
|
146 |
||
147 |
||
148 |
// |
|
149 |
// Check whether the connecting user is banned (and delete any expired bans while we're at it) |
|
150 |
// |
|
151 |
function check_bans() |
|
152 |
{
|
|
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
153 |
global $pun_db, $pun_config, $lang_common, $pun_user, $pun_bans; |
| 0 | 154 |
|
155 |
// Admins aren't affected |
|
156 |
if ($pun_user['g_id'] == PUN_ADMIN || !$pun_bans) |
|
157 |
return; |
|
158 |
||
159 |
// Add a dot at the end of the IP address to prevent banned address 192.168.0.5 from matching e.g. 192.168.0.50 |
|
160 |
$user_ip = get_remote_address().'.'; |
|
161 |
$bans_altered = false; |
|
162 |
||
163 |
foreach ($pun_bans as $cur_ban) |
|
164 |
{
|
|
165 |
// Has this ban expired? |
|
166 |
if ($cur_ban['expire'] != '' && $cur_ban['expire'] <= time()) |
|
167 |
{
|
|
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
168 |
$pun_db->query('DELETE FROM '.$pun_db->prefix.'bans WHERE id='.$cur_ban['id']) or error('Unable to delete expired ban', __FILE__, __LINE__, $pun_db->error());
|
| 0 | 169 |
$bans_altered = true; |
170 |
continue; |
|
171 |
} |
|
172 |
||
173 |
if ($cur_ban['username'] != '' && !strcasecmp($pun_user['username'], $cur_ban['username'])) |
|
174 |
{
|
|
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
175 |
$pun_db->query('DELETE FROM '.$pun_db->prefix.'online WHERE ident=\''.$pun_db->escape($pun_user['username']).'\'') or error('Unable to delete from online list', __FILE__, __LINE__, $pun_db->error());
|
| 0 | 176 |
message($lang_common['Ban message'].' '.(($cur_ban['expire'] != '') ? $lang_common['Ban message 2'].' '.strtolower(format_time($cur_ban['expire'], true)).'. ' : '').(($cur_ban['message'] != '') ? $lang_common['Ban message 3'].'<br /><br /><strong>'.pun_htmlspecialchars($cur_ban['message']).'</strong><br /><br />' : '<br /><br />').$lang_common['Ban message 4'].' <a href="mailto:'.$pun_config['o_admin_email'].'">'.$pun_config['o_admin_email'].'</a>.', true); |
177 |
} |
|
178 |
||
179 |
if ($cur_ban['ip'] != '') |
|
180 |
{
|
|
181 |
$cur_ban_ips = explode(' ', $cur_ban['ip']);
|
|
182 |
||
183 |
for ($i = 0; $i < count($cur_ban_ips); ++$i) |
|
184 |
{
|
|
185 |
$cur_ban_ips[$i] = $cur_ban_ips[$i].'.'; |
|
186 |
||
187 |
if (substr($user_ip, 0, strlen($cur_ban_ips[$i])) == $cur_ban_ips[$i]) |
|
188 |
{
|
|
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
189 |
$pun_db->query('DELETE FROM '.$pun_db->prefix.'online WHERE ident=\''.$pun_db->escape($pun_user['username']).'\'') or error('Unable to delete from online list', __FILE__, __LINE__, $pun_db->error());
|
| 0 | 190 |
message($lang_common['Ban message'].' '.(($cur_ban['expire'] != '') ? $lang_common['Ban message 2'].' '.strtolower(format_time($cur_ban['expire'], true)).'. ' : '').(($cur_ban['message'] != '') ? $lang_common['Ban message 3'].'<br /><br /><strong>'.pun_htmlspecialchars($cur_ban['message']).'</strong><br /><br />' : '<br /><br />').$lang_common['Ban message 4'].' <a href="mailto:'.$pun_config['o_admin_email'].'">'.$pun_config['o_admin_email'].'</a>.', true); |
191 |
} |
|
192 |
} |
|
193 |
} |
|
194 |
} |
|
195 |
||
196 |
// If we removed any expired bans during our run-through, we need to regenerate the bans cache |
|
197 |
if ($bans_altered) |
|
198 |
{
|
|
199 |
require_once PUN_ROOT.'include/cache.php'; |
|
200 |
generate_bans_cache(); |
|
201 |
} |
|
202 |
} |
|
203 |
||
204 |
||
205 |
// |
|
206 |
// Update "Users online" |
|
207 |
// |
|
208 |
function update_users_online() |
|
209 |
{
|
|
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
210 |
global $pun_db, $pun_config, $pun_user; |
| 0 | 211 |
|
212 |
$now = time(); |
|
213 |
||
214 |
// Fetch all online list entries that are older than "o_timeout_online" |
|
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
215 |
$result = $pun_db->query('SELECT * FROM '.$pun_db->prefix.'online WHERE logged<'.($now-$pun_config['o_timeout_online'])) or error('Unable to fetch old entries from online list', __FILE__, __LINE__, $pun_db->error());
|
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
216 |
while ($cur_user = $pun_db->fetch_assoc($result)) |
| 0 | 217 |
{
|
218 |
// If the entry is a guest, delete it |
|
219 |
if ($cur_user['user_id'] == '1') |
|
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
220 |
$pun_db->query('DELETE FROM '.$pun_db->prefix.'online WHERE ident=\''.$pun_db->escape($cur_user['ident']).'\'') or error('Unable to delete from online list', __FILE__, __LINE__, $pun_db->error());
|
| 0 | 221 |
else |
222 |
{
|
|
223 |
// If the entry is older than "o_timeout_visit", update last_visit for the user in question, then delete him/her from the online list |
|
224 |
if ($cur_user['logged'] < ($now-$pun_config['o_timeout_visit'])) |
|
225 |
{
|
|
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
226 |
$pun_db->query('UPDATE '.$pun_db->prefix.'users SET last_visit='.$cur_user['logged'].' WHERE id='.$cur_user['user_id']) or error('Unable to update user visit data', __FILE__, __LINE__, $pun_db->error());
|
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
227 |
$pun_db->query('DELETE FROM '.$pun_db->prefix.'online WHERE user_id='.$cur_user['user_id']) or error('Unable to delete from online list', __FILE__, __LINE__, $pun_db->error());
|
| 0 | 228 |
} |
229 |
else if ($cur_user['idle'] == '0') |
|
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
230 |
$pun_db->query('UPDATE '.$pun_db->prefix.'online SET idle=1 WHERE user_id='.$cur_user['user_id']) or error('Unable to insert into online list', __FILE__, __LINE__, $pun_db->error());
|
| 0 | 231 |
} |
232 |
} |
|
233 |
} |
|
234 |
||
235 |
// |
|
236 |
// Generate the "navigator" that appears at the top of every page |
|
237 |
// |
|
238 |
function generate_navlinks() |
|
239 |
{
|
|
240 |
global $pun_config, $lang_common, $pun_user; |
|
241 |
||
242 |
// Index and Userlist should always be displayed |
|
243 |
$links[] = '<li id="navindex"><a href="index.php">'.$lang_common['Index'].'</a>'; |
|
244 |
$links[] = '<li id="navuserlist"><a href="userlist.php">'.$lang_common['User list'].'</a>'; |
|
245 |
||
246 |
if ($pun_config['o_rules'] == '1') |
|
247 |
$links[] = '<li id="navrules"><a href="misc.php?action=rules">'.$lang_common['Rules'].'</a>'; |
|
248 |
||
249 |
if ($pun_user['is_guest']) |
|
250 |
{
|
|
251 |
if ($pun_user['g_search'] == '1') |
|
252 |
$links[] = '<li id="navsearch"><a href="search.php">'.$lang_common['Search'].'</a>'; |
|
253 |
||
254 |
$links[] = '<li id="navregister"><a href="register.php">'.$lang_common['Register'].'</a>'; |
|
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
255 |
// $links[] = '<li id="navlogin"><a href="login.php">'.$lang_common['Login'].'</a>'; |
| 0 | 256 |
|
257 |
$info = $lang_common['Not logged in']; |
|
258 |
} |
|
259 |
else |
|
260 |
{
|
|
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
261 |
if ($pun_user['g_id'] < PUN_MOD) |
| 0 | 262 |
{
|
263 |
if ($pun_user['g_search'] == '1') |
|
264 |
$links[] = '<li id="navsearch"><a href="search.php">'.$lang_common['Search'].'</a>'; |
|
265 |
||
266 |
$links[] = '<li id="navprofile"><a href="profile.php?id='.$pun_user['id'].'">'.$lang_common['Profile'].'</a>'; |
|
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
267 |
// $links[] = '<li id="navlogout"><a href="login.php?action=out&id='.$pun_user['id'].'">'.$lang_common['Logout'].'</a>'; |
| 0 | 268 |
} |
269 |
else |
|
270 |
{
|
|
271 |
$links[] = '<li id="navsearch"><a href="search.php">'.$lang_common['Search'].'</a>'; |
|
272 |
$links[] = '<li id="navprofile"><a href="profile.php?id='.$pun_user['id'].'">'.$lang_common['Profile'].'</a>'; |
|
273 |
$links[] = '<li id="navadmin"><a href="admin_index.php">'.$lang_common['Admin'].'</a>'; |
|
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
274 |
// $links[] = '<li id="navlogout"><a href="login.php?action=out&id='.$pun_user['id'].'">'.$lang_common['Logout'].'</a>'; |
| 0 | 275 |
} |
276 |
} |
|
277 |
||
278 |
// Are there any additional navlinks we should insert into the array before imploding it? |
|
279 |
if ($pun_config['o_additional_navlinks'] != '') |
|
280 |
{
|
|
281 |
if (preg_match_all('#([0-9]+)\s*=\s*(.*?)\n#s', $pun_config['o_additional_navlinks']."\n", $extra_links))
|
|
282 |
{
|
|
283 |
// Insert any additional links into the $links array (at the correct index) |
|
284 |
for ($i = 0; $i < count($extra_links[1]); ++$i) |
|
285 |
array_splice($links, $extra_links[1][$i], 0, array('<li id="navextra'.($i + 1).'">'.$extra_links[2][$i]));
|
|
286 |
} |
|
287 |
} |
|
288 |
||
289 |
return '<ul>'."\n\t\t\t\t".implode($lang_common['Link separator'].'</li>'."\n\t\t\t\t", $links).'</li>'."\n\t\t\t".'</ul>'; |
|
290 |
} |
|
291 |
||
292 |
||
293 |
// |
|
294 |
// Display the profile navigation menu |
|
295 |
// |
|
296 |
function generate_profile_menu($page = '') |
|
297 |
{
|
|
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
298 |
global $lang_profile, $pun_config, $pun_user, $id, $lang_common; |
| 0 | 299 |
|
300 |
?> |
|
301 |
<div id="profile" class="block2col"> |
|
302 |
<div class="blockmenu"> |
|
303 |
<h2><span><?php echo $lang_profile['Profile menu'] ?></span></h2> |
|
304 |
<div class="box"> |
|
305 |
<div class="inbox"> |
|
306 |
<ul> |
|
307 |
<li<?php if ($page == 'essentials') echo ' class="isactive"'; ?>><a href="profile.php?section=essentials&id=<?php echo $id ?>"><?php echo $lang_profile['Section essentials'] ?></a></li> |
|
308 |
<li<?php if ($page == 'personal') echo ' class="isactive"'; ?>><a href="profile.php?section=personal&id=<?php echo $id ?>"><?php echo $lang_profile['Section personal'] ?></a></li> |
|
309 |
<li<?php if ($page == 'messaging') echo ' class="isactive"'; ?>><a href="profile.php?section=messaging&id=<?php echo $id ?>"><?php echo $lang_profile['Section messaging'] ?></a></li> |
|
310 |
<li<?php if ($page == 'personality') echo ' class="isactive"'; ?>><a href="profile.php?section=personality&id=<?php echo $id ?>"><?php echo $lang_profile['Section personality'] ?></a></li> |
|
311 |
<li<?php if ($page == 'display') echo ' class="isactive"'; ?>><a href="profile.php?section=display&id=<?php echo $id ?>"><?php echo $lang_profile['Section display'] ?></a></li> |
|
312 |
<li<?php if ($page == 'privacy') echo ' class="isactive"'; ?>><a href="profile.php?section=privacy&id=<?php echo $id ?>"><?php echo $lang_profile['Section privacy'] ?></a></li> |
|
313 |
<?php if ($pun_user['g_id'] == PUN_ADMIN || ($pun_user['g_id'] == PUN_MOD && $pun_config['p_mod_ban_users'] == '1')): ?> <li<?php if ($page == 'admin') echo ' class="isactive"'; ?>><a href="profile.php?section=admin&id=<?php echo $id ?>"><?php echo $lang_profile['Section admin'] ?></a></li> |
|
314 |
<?php endif; ?> </ul> |
|
315 |
</div> |
|
316 |
</div> |
|
317 |
</div> |
|
318 |
<?php |
|
319 |
||
320 |
} |
|
321 |
||
322 |
||
323 |
// |
|
324 |
// Update posts, topics, last_post, last_post_id and last_poster for a forum (redirect topics are not included) |
|
325 |
// |
|
326 |
function update_forum($forum_id) |
|
327 |
{
|
|
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
328 |
global $pun_db; |
| 0 | 329 |
|
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
330 |
$result = $pun_db->query('SELECT COUNT(id), SUM(num_replies) FROM '.$pun_db->prefix.'topics WHERE moved_to IS NULL AND forum_id='.$forum_id) or error('Unable to fetch forum topic count', __FILE__, __LINE__, $pun_db->error());
|
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
331 |
list($num_topics, $num_posts) = $pun_db->fetch_row($result); |
| 0 | 332 |
|
333 |
$num_posts = $num_posts + $num_topics; // $num_posts is only the sum of all replies (we have to add the topic posts) |
|
334 |
||
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
335 |
$result = $pun_db->query('SELECT last_post, last_post_id, last_poster FROM '.$pun_db->prefix.'topics WHERE forum_id='.$forum_id.' AND moved_to IS NULL ORDER BY last_post DESC LIMIT 1') or error('Unable to fetch last_post/last_post_id/last_poster', __FILE__, __LINE__, $pun_db->error());
|
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
336 |
if ($pun_db->num_rows($result)) // There are topics in the forum |
| 0 | 337 |
{
|
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
338 |
list($last_post, $last_post_id, $last_poster) = $pun_db->fetch_row($result); |
| 0 | 339 |
|
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
340 |
$pun_db->query('UPDATE '.$pun_db->prefix.'forums SET num_topics='.$num_topics.', num_posts='.$num_posts.', last_post='.$last_post.', last_post_id='.$last_post_id.', last_poster=\''.$pun_db->escape($last_poster).'\' WHERE id='.$forum_id) or error('Unable to update last_post/last_post_id/last_poster', __FILE__, __LINE__, $pun_db->error());
|
| 0 | 341 |
} |
342 |
else // There are no topics |
|
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
343 |
$pun_db->query('UPDATE '.$pun_db->prefix.'forums SET num_topics=0, num_posts=0, last_post=NULL, last_post_id=NULL, last_poster=NULL WHERE id='.$forum_id) or error('Unable to update last_post/last_post_id/last_poster', __FILE__, __LINE__, $pun_db->error());
|
| 0 | 344 |
} |
345 |
||
346 |
||
347 |
// |
|
348 |
// Delete a topic and all of it's posts |
|
349 |
// |
|
350 |
function delete_topic($topic_id) |
|
351 |
{
|
|
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
352 |
global $pun_db; |
| 0 | 353 |
|
354 |
// Delete the topic and any redirect topics |
|
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
355 |
$pun_db->query('DELETE FROM '.$pun_db->prefix.'topics WHERE id='.$topic_id.' OR moved_to='.$topic_id) or error('Unable to delete topic', __FILE__, __LINE__, $pun_db->error());
|
| 0 | 356 |
|
357 |
// Create a list of the post ID's in this topic |
|
358 |
$post_ids = ''; |
|
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
359 |
$result = $pun_db->query('SELECT id FROM '.$pun_db->prefix.'posts WHERE topic_id='.$topic_id) or error('Unable to fetch posts', __FILE__, __LINE__, $pun_db->error());
|
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
360 |
while ($row = $pun_db->fetch_row($result)) |
| 0 | 361 |
$post_ids .= ($post_ids != '') ? ','.$row[0] : $row[0]; |
362 |
||
363 |
// Make sure we have a list of post ID's |
|
364 |
if ($post_ids != '') |
|
365 |
{
|
|
366 |
strip_search_index($post_ids); |
|
367 |
||
368 |
// Delete posts in topic |
|
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
369 |
$pun_db->query('DELETE FROM '.$pun_db->prefix.'posts WHERE topic_id='.$topic_id) or error('Unable to delete posts', __FILE__, __LINE__, $pun_db->error());
|
| 0 | 370 |
} |
371 |
||
372 |
// Delete any subscriptions for this topic |
|
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
373 |
$pun_db->query('DELETE FROM '.$pun_db->prefix.'subscriptions WHERE topic_id='.$topic_id) or error('Unable to delete subscriptions', __FILE__, __LINE__, $pun_db->error());
|
| 0 | 374 |
} |
375 |
||
376 |
||
377 |
// |
|
378 |
// Delete a single post |
|
379 |
// |
|
380 |
function delete_post($post_id, $topic_id) |
|
381 |
{
|
|
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
382 |
global $pun_db; |
| 0 | 383 |
|
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
384 |
$result = $pun_db->query('SELECT id, poster, posted FROM '.$pun_db->prefix.'posts WHERE topic_id='.$topic_id.' ORDER BY id DESC LIMIT 2') or error('Unable to fetch post info', __FILE__, __LINE__, $pun_db->error());
|
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
385 |
list($last_id, ,) = $pun_db->fetch_row($result); |
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
386 |
list($second_last_id, $second_poster, $second_posted) = $pun_db->fetch_row($result); |
| 0 | 387 |
|
388 |
// Delete the post |
|
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
389 |
$pun_db->query('DELETE FROM '.$pun_db->prefix.'posts WHERE id='.$post_id) or error('Unable to delete post', __FILE__, __LINE__, $pun_db->error());
|
| 0 | 390 |
|
391 |
strip_search_index($post_id); |
|
392 |
||
393 |
// Count number of replies in the topic |
|
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
394 |
$result = $pun_db->query('SELECT COUNT(id) FROM '.$pun_db->prefix.'posts WHERE topic_id='.$topic_id) or error('Unable to fetch post count for topic', __FILE__, __LINE__, $pun_db->error());
|
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
395 |
$num_replies = $pun_db->result($result, 0) - 1; |
| 0 | 396 |
|
397 |
// If the message we deleted is the most recent in the topic (at the end of the topic) |
|
398 |
if ($last_id == $post_id) |
|
399 |
{
|
|
400 |
// If there is a $second_last_id there is more than 1 reply to the topic |
|
401 |
if (!empty($second_last_id)) |
|
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
402 |
$pun_db->query('UPDATE '.$pun_db->prefix.'topics SET last_post='.$second_posted.', last_post_id='.$second_last_id.', last_poster=\''.$pun_db->escape($second_poster).'\', num_replies='.$num_replies.' WHERE id='.$topic_id) or error('Unable to update topic', __FILE__, __LINE__, $pun_db->error());
|
| 0 | 403 |
else |
404 |
// We deleted the only reply, so now last_post/last_post_id/last_poster is posted/id/poster from the topic itself |
|
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
405 |
$pun_db->query('UPDATE '.$pun_db->prefix.'topics SET last_post=posted, last_post_id=id, last_poster=poster, num_replies='.$num_replies.' WHERE id='.$topic_id) or error('Unable to update topic', __FILE__, __LINE__, $pun_db->error());
|
| 0 | 406 |
} |
407 |
else |
|
408 |
// Otherwise we just decrement the reply counter |
|
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
409 |
$pun_db->query('UPDATE '.$pun_db->prefix.'topics SET num_replies='.$num_replies.' WHERE id='.$topic_id) or error('Unable to update topic', __FILE__, __LINE__, $pun_db->error());
|
| 0 | 410 |
} |
411 |
||
412 |
||
413 |
// |
|
414 |
// Replace censored words in $text |
|
415 |
// |
|
416 |
function censor_words($text) |
|
417 |
{
|
|
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
418 |
global $pun_db; |
| 0 | 419 |
static $search_for, $replace_with; |
420 |
||
421 |
// If not already built in a previous call, build an array of censor words and their replacement text |
|
422 |
if (!isset($search_for)) |
|
423 |
{
|
|
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
424 |
$result = $pun_db->query('SELECT search_for, replace_with FROM '.$pun_db->prefix.'censoring') or error('Unable to fetch censor word list', __FILE__, __LINE__, $pun_db->error());
|
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
425 |
$num_words = $pun_db->num_rows($result); |
| 0 | 426 |
|
427 |
$search_for = array(); |
|
428 |
for ($i = 0; $i < $num_words; ++$i) |
|
429 |
{
|
|
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
430 |
list($search_for[$i], $replace_with[$i]) = $pun_db->fetch_row($result); |
| 0 | 431 |
$search_for[$i] = '/\b('.str_replace('\*', '\w*?', preg_quote($search_for[$i], '/')).')\b/i';
|
432 |
} |
|
433 |
} |
|
434 |
||
435 |
if (!empty($search_for)) |
|
436 |
$text = substr(preg_replace($search_for, $replace_with, ' '.$text.' '), 1, -1); |
|
437 |
||
438 |
return $text; |
|
439 |
} |
|
440 |
||
441 |
||
442 |
// |
|
443 |
// Determines the correct title for $user |
|
444 |
// $user must contain the elements 'username', 'title', 'posts', 'g_id' and 'g_user_title' |
|
445 |
// |
|
446 |
function get_title($user) |
|
447 |
{
|
|
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
448 |
global $pun_db, $pun_config, $pun_bans, $lang_common; |
| 0 | 449 |
static $ban_list, $pun_ranks; |
450 |
||
451 |
// If not already built in a previous call, build an array of lowercase banned usernames |
|
452 |
if (empty($ban_list)) |
|
453 |
{
|
|
454 |
$ban_list = array(); |
|
455 |
||
456 |
foreach ($pun_bans as $cur_ban) |
|
457 |
$ban_list[] = strtolower($cur_ban['username']); |
|
458 |
} |
|
459 |
||
460 |
// If not already loaded in a previous call, load the cached ranks |
|
461 |
if ($pun_config['o_ranks'] == '1' && empty($pun_ranks)) |
|
462 |
{
|
|
463 |
@include PUN_ROOT.'cache/cache_ranks.php'; |
|
464 |
if (!defined('PUN_RANKS_LOADED'))
|
|
465 |
{
|
|
466 |
require_once PUN_ROOT.'include/cache.php'; |
|
467 |
generate_ranks_cache(); |
|
468 |
require PUN_ROOT.'cache/cache_ranks.php'; |
|
469 |
} |
|
470 |
} |
|
471 |
||
472 |
// If the user has a custom title |
|
473 |
if ($user['title'] != '') |
|
474 |
$user_title = pun_htmlspecialchars($user['title']); |
|
475 |
// If the user is banned |
|
476 |
else if (in_array(strtolower($user['username']), $ban_list)) |
|
477 |
$user_title = $lang_common['Banned']; |
|
478 |
// If the user group has a default user title |
|
479 |
else if ($user['g_user_title'] != '') |
|
480 |
$user_title = pun_htmlspecialchars($user['g_user_title']); |
|
481 |
// If the user is a guest |
|
482 |
else if ($user['g_id'] == PUN_GUEST) |
|
483 |
$user_title = $lang_common['Guest']; |
|
484 |
else |
|
485 |
{
|
|
486 |
// Are there any ranks? |
|
487 |
if ($pun_config['o_ranks'] == '1' && !empty($pun_ranks)) |
|
488 |
{
|
|
489 |
@reset($pun_ranks); |
|
490 |
while (list(, $cur_rank) = @each($pun_ranks)) |
|
491 |
{
|
|
492 |
if (intval($user['num_posts']) >= $cur_rank['min_posts']) |
|
493 |
$user_title = pun_htmlspecialchars($cur_rank['rank']); |
|
494 |
} |
|
495 |
} |
|
496 |
||
497 |
// If the user didn't "reach" any rank (or if ranks are disabled), we assign the default |
|
498 |
if (!isset($user_title)) |
|
499 |
$user_title = $lang_common['Member']; |
|
500 |
} |
|
501 |
||
502 |
return $user_title; |
|
503 |
} |
|
504 |
||
505 |
||
506 |
// |
|
507 |
// Generate a string with numbered links (for multipage scripts) |
|
508 |
// |
|
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
509 |
function pun_paginate($num_pages, $cur_page, $link_to) |
| 0 | 510 |
{
|
511 |
$pages = array(); |
|
512 |
$link_to_all = false; |
|
513 |
||
514 |
// If $cur_page == -1, we link to all pages (used in viewforum.php) |
|
515 |
if ($cur_page == -1) |
|
516 |
{
|
|
517 |
$cur_page = 1; |
|
518 |
$link_to_all = true; |
|
519 |
} |
|
520 |
||
521 |
if ($num_pages <= 1) |
|
522 |
$pages = array('<strong>1</strong>');
|
|
523 |
else |
|
524 |
{
|
|
525 |
if ($cur_page > 3) |
|
526 |
{
|
|
527 |
$pages[] = '<a href="'.$link_to.'&p=1">1</a>'; |
|
528 |
||
529 |
if ($cur_page != 4) |
|
530 |
$pages[] = '…'; |
|
531 |
} |
|
532 |
||
533 |
// Don't ask me how the following works. It just does, OK? :-) |
|
534 |
for ($current = $cur_page - 2, $stop = $cur_page + 3; $current < $stop; ++$current) |
|
535 |
{
|
|
536 |
if ($current < 1 || $current > $num_pages) |
|
537 |
continue; |
|
538 |
else if ($current != $cur_page || $link_to_all) |
|
539 |
$pages[] = '<a href="'.$link_to.'&p='.$current.'">'.$current.'</a>'; |
|
540 |
else |
|
541 |
$pages[] = '<strong>'.$current.'</strong>'; |
|
542 |
} |
|
543 |
||
544 |
if ($cur_page <= ($num_pages-3)) |
|
545 |
{
|
|
546 |
if ($cur_page != ($num_pages-3)) |
|
547 |
$pages[] = '…'; |
|
548 |
||
549 |
$pages[] = '<a href="'.$link_to.'&p='.$num_pages.'">'.$num_pages.'</a>'; |
|
550 |
} |
|
551 |
} |
|
552 |
||
553 |
return implode(' ', $pages);
|
|
554 |
} |
|
555 |
||
556 |
||
557 |
// |
|
558 |
// Display a message |
|
559 |
// |
|
560 |
function message($message, $no_back_link = false) |
|
561 |
{
|
|
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
562 |
global $pun_db, $lang_common, $pun_config, $pun_start, $tpl_main; |
| 0 | 563 |
|
564 |
if (!defined('PUN_HEADER'))
|
|
565 |
{
|
|
566 |
global $pun_user; |
|
567 |
||
568 |
$page_title = pun_htmlspecialchars($pun_config['o_board_title']).' / '.$lang_common['Info']; |
|
569 |
require PUN_ROOT.'header.php'; |
|
570 |
} |
|
571 |
||
572 |
?> |
|
573 |
||
574 |
<div id="msg" class="block"> |
|
575 |
<h2><span><?php echo $lang_common['Info'] ?></span></h2> |
|
576 |
<div class="box"> |
|
577 |
<div class="inbox"> |
|
578 |
<p><?php echo $message ?></p> |
|
579 |
<?php if (!$no_back_link): ?> <p><a href="javascript: history.go(-1)"><?php echo $lang_common['Go back'] ?></a></p> |
|
580 |
<?php endif; ?> </div> |
|
581 |
</div> |
|
582 |
</div> |
|
583 |
<?php |
|
584 |
||
585 |
require PUN_ROOT.'footer.php'; |
|
586 |
} |
|
587 |
||
588 |
||
589 |
// |
|
590 |
// Format a time string according to $time_format and timezones |
|
591 |
// |
|
592 |
function format_time($timestamp, $date_only = false) |
|
593 |
{
|
|
594 |
global $pun_config, $lang_common, $pun_user; |
|
595 |
||
596 |
if ($timestamp == '') |
|
597 |
return $lang_common['Never']; |
|
598 |
||
599 |
$diff = ($pun_user['timezone'] - $pun_config['o_server_timezone']) * 3600; |
|
600 |
$timestamp += $diff; |
|
601 |
$now = time(); |
|
602 |
||
603 |
$date = date($pun_config['o_date_format'], $timestamp); |
|
604 |
$today = date($pun_config['o_date_format'], $now+$diff); |
|
605 |
$yesterday = date($pun_config['o_date_format'], $now+$diff-86400); |
|
606 |
||
607 |
if ($date == $today) |
|
608 |
$date = $lang_common['Today']; |
|
609 |
else if ($date == $yesterday) |
|
610 |
$date = $lang_common['Yesterday']; |
|
611 |
||
612 |
if (!$date_only) |
|
613 |
return $date.' '.date($pun_config['o_time_format'], $timestamp); |
|
614 |
else |
|
615 |
return $date; |
|
616 |
} |
|
617 |
||
618 |
||
619 |
// |
|
620 |
// If we are running pre PHP 4.3.0, we add our own implementation of file_get_contents |
|
621 |
// |
|
622 |
if (!function_exists('file_get_contents'))
|
|
623 |
{
|
|
624 |
function file_get_contents($filename, $use_include_path = 0) |
|
625 |
{
|
|
626 |
$data = ''; |
|
627 |
||
628 |
if ($fh = fopen($filename, 'rb', $use_include_path)) |
|
629 |
{
|
|
630 |
$data = fread($fh, filesize($filename)); |
|
631 |
fclose($fh); |
|
632 |
} |
|
633 |
||
634 |
return $data; |
|
635 |
} |
|
636 |
} |
|
637 |
||
638 |
||
639 |
// |
|
640 |
// Make sure that HTTP_REFERER matches $pun_config['o_base_url']/$script |
|
641 |
// |
|
642 |
function confirm_referrer($script) |
|
643 |
{
|
|
644 |
global $pun_config, $lang_common; |
|
645 |
||
646 |
if (!preg_match('#^'.preg_quote(str_replace('www.', '', $pun_config['o_base_url']).'/'.$script, '#').'#i', str_replace('www.', '', (isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : ''))))
|
|
647 |
message($lang_common['Bad referrer']); |
|
648 |
} |
|
649 |
||
650 |
||
651 |
// |
|
652 |
// Generate a random password of length $len |
|
653 |
// |
|
654 |
function random_pass($len) |
|
655 |
{
|
|
656 |
$chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789'; |
|
657 |
||
658 |
$password = ''; |
|
659 |
for ($i = 0; $i < $len; ++$i) |
|
660 |
$password .= substr($chars, (mt_rand() % strlen($chars)), 1); |
|
661 |
||
662 |
return $password; |
|
663 |
} |
|
664 |
||
665 |
||
666 |
// |
|
667 |
// Compute a hash of $str |
|
668 |
// Uses sha1() if available. If not, SHA1 through mhash() if available. If not, fall back on md5(). |
|
669 |
// |
|
670 |
function pun_hash($str) |
|
671 |
{
|
|
672 |
if (function_exists('sha1')) // Only in PHP 4.3.0+
|
|
673 |
return sha1($str); |
|
674 |
else if (function_exists('mhash')) // Only if Mhash library is loaded
|
|
675 |
return bin2hex(mhash(MHASH_SHA1, $str)); |
|
676 |
else |
|
677 |
return md5($str); |
|
678 |
} |
|
679 |
||
680 |
||
681 |
// |
|
682 |
// Try to determine the correct remote IP-address |
|
683 |
// |
|
684 |
function get_remote_address() |
|
685 |
{
|
|
686 |
return $_SERVER['REMOTE_ADDR']; |
|
687 |
} |
|
688 |
||
689 |
||
690 |
// |
|
691 |
// Equivalent to htmlspecialchars(), but allows &#[0-9]+ (for unicode) |
|
692 |
// |
|
693 |
function pun_htmlspecialchars($str) |
|
694 |
{
|
|
695 |
$str = preg_replace('/&(?!#[0-9]+;)/s', '&', $str);
|
|
696 |
$str = str_replace(array('<', '>', '"'), array('<', '>', '"'), $str);
|
|
697 |
||
698 |
return $str; |
|
699 |
} |
|
700 |
||
701 |
||
702 |
// |
|
703 |
// Equivalent to strlen(), but counts &#[0-9]+ as one character (for unicode) |
|
704 |
// |
|
705 |
function pun_strlen($str) |
|
706 |
{
|
|
707 |
return strlen(preg_replace('/&#([0-9]+);/', '!', $str));
|
|
708 |
} |
|
709 |
||
710 |
||
711 |
// |
|
712 |
// Convert \r\n and \r to \n |
|
713 |
// |
|
714 |
function pun_linebreaks($str) |
|
715 |
{
|
|
716 |
return str_replace("\r", "\n", str_replace("\r\n", "\n", $str));
|
|
717 |
} |
|
718 |
||
719 |
||
720 |
// |
|
721 |
// A more aggressive version of trim() |
|
722 |
// |
|
723 |
function pun_trim($str) |
|
724 |
{
|
|
725 |
global $lang_common; |
|
726 |
||
727 |
if (strpos($lang_common['lang_encoding'], '8859') !== false) |
|
728 |
{
|
|
729 |
$fishy_chars = array(chr(0x81), chr(0x8D), chr(0x8F), chr(0x90), chr(0x9D), chr(0xA0)); |
|
730 |
return trim(str_replace($fishy_chars, ' ', $str)); |
|
731 |
} |
|
732 |
else |
|
733 |
return trim($str); |
|
734 |
} |
|
735 |
||
736 |
||
737 |
// |
|
738 |
// Display a message when board is in maintenance mode |
|
739 |
// |
|
740 |
function maintenance_message() |
|
741 |
{
|
|
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
742 |
global $pun_db, $pun_config, $lang_common, $pun_user; |
| 0 | 743 |
|
744 |
// Deal with newlines, tabs and multiple spaces |
|
745 |
$pattern = array("\t", ' ', ' ');
|
|
746 |
$replace = array(' ', ' ', ' ');
|
|
747 |
$message = str_replace($pattern, $replace, $pun_config['o_maintenance_message']); |
|
748 |
||
749 |
||
750 |
// Load the maintenance template |
|
751 |
$tpl_maint = trim(file_get_contents(PUN_ROOT.'include/template/maintenance.tpl')); |
|
752 |
||
753 |
||
754 |
// START SUBST - <pun_include "*"> |
|
755 |
while (preg_match('#<pun_include "([^/\\\\]*?)\.(php[45]?|inc|html?|txt)">#', $tpl_maint, $cur_include))
|
|
756 |
{
|
|
757 |
if (!file_exists(PUN_ROOT.'include/user/'.$cur_include[1].'.'.$cur_include[2])) |
|
758 |
error('Unable to process user include '.htmlspecialchars($cur_include[0]).' from template maintenance.tpl. There is no such file in folder /include/user/');
|
|
759 |
||
760 |
ob_start(); |
|
761 |
include PUN_ROOT.'include/user/'.$cur_include[1].'.'.$cur_include[2]; |
|
762 |
$tpl_temp = ob_get_contents(); |
|
763 |
$tpl_maint = str_replace($cur_include[0], $tpl_temp, $tpl_maint); |
|
764 |
ob_end_clean(); |
|
765 |
} |
|
766 |
// END SUBST - <pun_include "*"> |
|
767 |
||
768 |
||
769 |
// START SUBST - <pun_content_direction> |
|
770 |
$tpl_maint = str_replace('<pun_content_direction>', $lang_common['lang_direction'], $tpl_maint);
|
|
771 |
// END SUBST - <pun_content_direction> |
|
772 |
||
773 |
||
774 |
// START SUBST - <pun_char_encoding> |
|
775 |
$tpl_maint = str_replace('<pun_char_encoding>', $lang_common['lang_encoding'], $tpl_maint);
|
|
776 |
// END SUBST - <pun_char_encoding> |
|
777 |
||
778 |
||
779 |
// START SUBST - <pun_head> |
|
780 |
ob_start(); |
|
781 |
||
782 |
?> |
|
783 |
<title><?php echo pun_htmlspecialchars($pun_config['o_board_title']).' / '.$lang_common['Maintenance'] ?></title> |
|
784 |
<link rel="stylesheet" type="text/css" href="style/<?php echo $pun_user['style'].'.css' ?>" /> |
|
785 |
<?php |
|
786 |
||
787 |
$tpl_temp = trim(ob_get_contents()); |
|
788 |
$tpl_maint = str_replace('<pun_head>', $tpl_temp, $tpl_maint);
|
|
789 |
ob_end_clean(); |
|
790 |
// END SUBST - <pun_head> |
|
791 |
||
792 |
||
793 |
// START SUBST - <pun_maint_heading> |
|
794 |
$tpl_maint = str_replace('<pun_maint_heading>', $lang_common['Maintenance'], $tpl_maint);
|
|
795 |
// END SUBST - <pun_maint_heading> |
|
796 |
||
797 |
||
798 |
// START SUBST - <pun_maint_message> |
|
799 |
$tpl_maint = str_replace('<pun_maint_message>', $message, $tpl_maint);
|
|
800 |
// END SUBST - <pun_maint_message> |
|
801 |
||
802 |
||
803 |
// End the transaction |
|
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
804 |
$pun_db->end_transaction(); |
| 0 | 805 |
|
806 |
||
807 |
// Close the db connection (and free up any result data) |
|
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
808 |
$pun_db->close(); |
| 0 | 809 |
|
810 |
exit($tpl_maint); |
|
811 |
} |
|
812 |
||
813 |
||
814 |
// |
|
815 |
// Display $message and redirect user to $destination_url |
|
816 |
// |
|
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
817 |
function pun_redirect($destination_url, $message) |
| 0 | 818 |
{
|
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
819 |
global $pun_db, $pun_config, $lang_common, $pun_user; |
| 0 | 820 |
|
821 |
if ($destination_url == '') |
|
822 |
$destination_url = 'index.php'; |
|
823 |
||
824 |
// If the delay is 0 seconds, we might as well skip the redirect all together |
|
825 |
if ($pun_config['o_redirect_delay'] == '0') |
|
826 |
header('Location: '.str_replace('&', '&', $destination_url));
|
|
827 |
||
828 |
||
829 |
// Load the redirect template |
|
830 |
$tpl_redir = trim(file_get_contents(PUN_ROOT.'include/template/redirect.tpl')); |
|
831 |
||
832 |
||
833 |
// START SUBST - <pun_include "*"> |
|
834 |
while (preg_match('#<pun_include "([^/\\\\]*?)\.(php[45]?|inc|html?|txt)">#', $tpl_redir, $cur_include))
|
|
835 |
{
|
|
836 |
if (!file_exists(PUN_ROOT.'include/user/'.$cur_include[1].'.'.$cur_include[2])) |
|
837 |
error('Unable to process user include '.htmlspecialchars($cur_include[0]).' from template redirect.tpl. There is no such file in folder /include/user/');
|
|
838 |
||
839 |
ob_start(); |
|
840 |
include PUN_ROOT.'include/user/'.$cur_include[1].'.'.$cur_include[2]; |
|
841 |
$tpl_temp = ob_get_contents(); |
|
842 |
$tpl_redir = str_replace($cur_include[0], $tpl_temp, $tpl_redir); |
|
843 |
ob_end_clean(); |
|
844 |
} |
|
845 |
// END SUBST - <pun_include "*"> |
|
846 |
||
847 |
||
848 |
// START SUBST - <pun_content_direction> |
|
849 |
$tpl_redir = str_replace('<pun_content_direction>', $lang_common['lang_direction'], $tpl_redir);
|
|
850 |
// END SUBST - <pun_content_direction> |
|
851 |
||
852 |
||
853 |
// START SUBST - <pun_char_encoding> |
|
854 |
$tpl_redir = str_replace('<pun_char_encoding>', $lang_common['lang_encoding'], $tpl_redir);
|
|
855 |
// END SUBST - <pun_char_encoding> |
|
856 |
||
857 |
||
858 |
// START SUBST - <pun_head> |
|
859 |
ob_start(); |
|
860 |
||
861 |
?> |
|
862 |
<meta http-equiv="refresh" content="<?php echo $pun_config['o_redirect_delay'] ?>;URL=<?php echo str_replace(array('<', '>', '"'), array('<', '>', '"'), $destination_url) ?>" />
|
|
863 |
<title><?php echo pun_htmlspecialchars($pun_config['o_board_title']).' / '.$lang_common['Redirecting'] ?></title> |
|
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
864 |
<link rel="stylesheet" type="text/css" href="<?php echo scriptPath; ?>/punbb/style/<?php echo $pun_user['style'].'.css' ?>" /> |
| 0 | 865 |
<?php |
866 |
||
867 |
$tpl_temp = trim(ob_get_contents()); |
|
868 |
$tpl_redir = str_replace('<pun_head>', $tpl_temp, $tpl_redir);
|
|
869 |
ob_end_clean(); |
|
870 |
// END SUBST - <pun_head> |
|
871 |
||
872 |
||
873 |
// START SUBST - <pun_redir_heading> |
|
874 |
$tpl_redir = str_replace('<pun_redir_heading>', $lang_common['Redirecting'], $tpl_redir);
|
|
875 |
// END SUBST - <pun_redir_heading> |
|
876 |
||
877 |
||
878 |
// START SUBST - <pun_redir_text> |
|
879 |
$tpl_temp = $message.'<br /><br />'.'<a href="'.$destination_url.'">'.$lang_common['Click redirect'].'</a>'; |
|
880 |
$tpl_redir = str_replace('<pun_redir_text>', $tpl_temp, $tpl_redir);
|
|
881 |
// END SUBST - <pun_redir_text> |
|
882 |
||
883 |
||
884 |
// START SUBST - <pun_footer> |
|
885 |
ob_start(); |
|
886 |
||
887 |
// End the transaction |
|
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
888 |
$pun_db->end_transaction(); |
| 0 | 889 |
|
890 |
// Display executed queries (if enabled) |
|
891 |
if (defined('PUN_SHOW_QUERIES'))
|
|
892 |
display_saved_queries(); |
|
893 |
||
894 |
$tpl_temp = trim(ob_get_contents()); |
|
895 |
$tpl_redir = str_replace('<pun_footer>', $tpl_temp, $tpl_redir);
|
|
896 |
ob_end_clean(); |
|
897 |
// END SUBST - <pun_footer> |
|
898 |
||
899 |
||
900 |
// Close the db connection (and free up any result data) |
|
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
901 |
$pun_db->close(); |
| 0 | 902 |
|
903 |
exit($tpl_redir); |
|
904 |
} |
|
905 |
||
906 |
||
907 |
// |
|
908 |
// Display a simple error message |
|
909 |
// |
|
910 |
function error($message, $file, $line, $db_error = false) |
|
911 |
{
|
|
912 |
global $pun_config; |
|
913 |
||
914 |
// Set a default title if the script failed before $pun_config could be populated |
|
915 |
if (empty($pun_config)) |
|
916 |
$pun_config['o_board_title'] = 'PunBB'; |
|
917 |
||
918 |
// Empty output buffer and stop buffering |
|
919 |
@ob_end_clean(); |
|
920 |
||
921 |
// "Restart" output buffering if we are using ob_gzhandler (since the gzip header is already sent) |
|
922 |
if (!empty($pun_config['o_gzip']) && extension_loaded('zlib') && (strpos($_SERVER['HTTP_ACCEPT_ENCODING'], 'gzip') !== false || strpos($_SERVER['HTTP_ACCEPT_ENCODING'], 'deflate') !== false))
|
|
923 |
ob_start('ob_gzhandler');
|
|
924 |
||
925 |
?> |
|
926 |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> |
|
927 |
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr"> |
|
928 |
<head> |
|
929 |
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> |
|
930 |
<title><?php echo pun_htmlspecialchars($pun_config['o_board_title']) ?> / Error</title> |
|
931 |
<style type="text/css"> |
|
932 |
<!-- |
|
933 |
BODY {MARGIN: 10% 20% auto 20%; font: 10px Verdana, Arial, Helvetica, sans-serif}
|
|
934 |
#errorbox {BORDER: 1px solid #B84623}
|
|
935 |
H2 {MARGIN: 0; COLOR: #FFFFFF; BACKGROUND-COLOR: #B84623; FONT-SIZE: 1.1em; PADDING: 5px 4px}
|
|
936 |
#errorbox DIV {PADDING: 6px 5px; BACKGROUND-COLOR: #F1F1F1}
|
|
937 |
--> |
|
938 |
</style> |
|
939 |
</head> |
|
940 |
<body> |
|
941 |
||
942 |
<div id="errorbox"> |
|
943 |
<h2>An error was encountered</h2> |
|
944 |
<div> |
|
945 |
<?php |
|
946 |
||
947 |
if (defined('PUN_DEBUG'))
|
|
948 |
{
|
|
949 |
echo "\t\t".'<strong>File:</strong> '.$file.'<br />'."\n\t\t".'<strong>Line:</strong> '.$line.'<br /><br />'."\n\t\t".'<strong>PunBB reported</strong>: '.$message."\n"; |
|
950 |
||
951 |
if ($db_error) |
|
952 |
{
|
|
953 |
echo "\t\t".'<br /><br /><strong>Database reported:</strong> '.pun_htmlspecialchars($db_error['error_msg']).(($db_error['error_no']) ? ' (Errno: '.$db_error['error_no'].')' : '')."\n"; |
|
954 |
||
955 |
if ($db_error['error_sql'] != '') |
|
956 |
echo "\t\t".'<br /><br /><strong>Failed query:</strong> '.pun_htmlspecialchars($db_error['error_sql'])."\n"; |
|
957 |
} |
|
958 |
} |
|
959 |
else |
|
960 |
echo "\t\t".'Error: <strong>'.$message.'.</strong>'."\n"; |
|
961 |
||
962 |
?> |
|
963 |
</div> |
|
964 |
</div> |
|
965 |
||
966 |
</body> |
|
967 |
</html> |
|
968 |
<?php |
|
969 |
||
970 |
// If a database connection was established (before this error) we close it |
|
971 |
if ($db_error) |
|
972 |
$GLOBALS['db']->close(); |
|
973 |
||
974 |
exit; |
|
975 |
} |
|
976 |
||
977 |
// DEBUG FUNCTIONS BELOW |
|
978 |
||
979 |
// |
|
980 |
// Display executed queries (if enabled) |
|
981 |
// |
|
982 |
function display_saved_queries() |
|
983 |
{
|
|
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
984 |
global $pun_db, $lang_common; |
| 0 | 985 |
|
986 |
// Get the queries so that we can print them out |
|
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
987 |
$saved_queries = $pun_db->get_saved_queries(); |
| 0 | 988 |
|
989 |
?> |
|
990 |
||
991 |
<div id="debug" class="blocktable"> |
|
992 |
<h2><span><?php echo $lang_common['Debug table'] ?></span></h2> |
|
993 |
<div class="box"> |
|
994 |
<div class="inbox"> |
|
995 |
<table cellspacing="0"> |
|
996 |
<thead> |
|
997 |
<tr> |
|
998 |
<th class="tcl" scope="col">Time (s)</th> |
|
999 |
<th class="tcr" scope="col">Query</th> |
|
1000 |
</tr> |
|
1001 |
</thead> |
|
1002 |
<tbody> |
|
1003 |
<?php |
|
1004 |
||
1005 |
$query_time_total = 0.0; |
|
1006 |
while (list(, $cur_query) = @each($saved_queries)) |
|
1007 |
{
|
|
1008 |
$query_time_total += $cur_query[1]; |
|
1009 |
||
1010 |
?> |
|
1011 |
<tr> |
|
1012 |
<td class="tcl"><?php echo ($cur_query[1] != 0) ? $cur_query[1] : ' ' ?></td> |
|
1013 |
<td class="tcr"><?php echo pun_htmlspecialchars($cur_query[0]) ?></td> |
|
1014 |
</tr> |
|
1015 |
<?php |
|
1016 |
||
1017 |
} |
|
1018 |
||
1019 |
?> |
|
1020 |
<tr> |
|
1021 |
<td class="tcl" colspan="2">Total query time: <?php echo $query_time_total ?> s</td> |
|
1022 |
</tr> |
|
1023 |
</tbody> |
|
1024 |
</table> |
|
1025 |
</div> |
|
1026 |
</div> |
|
1027 |
</div> |
|
1028 |
<?php |
|
1029 |
||
1030 |
} |
|
1031 |
||
1032 |
||
1033 |
// |
|
1034 |
// Unset any variables instantiated as a result of register_globals being enabled |
|
1035 |
// |
|
1036 |
function unregister_globals() |
|
1037 |
{
|
|
1038 |
$register_globals = @ini_get('register_globals');
|
|
1039 |
if ($register_globals === "" || $register_globals === "0" || strtolower($register_globals === "off")) |
|
1040 |
return; |
|
1041 |
||
1042 |
// Prevent script.php?GLOBALS[foo]=bar |
|
1043 |
if (isset($_REQUEST['GLOBALS']) || isset($_FILES['GLOBALS'])) |
|
1044 |
exit('I\'ll have a steak sandwich and... a steak sandwich.');
|
|
1045 |
||
1046 |
// Variables that shouldn't be unset |
|
1047 |
$no_unset = array('GLOBALS', '_GET', '_POST', '_COOKIE', '_REQUEST', '_SERVER', '_ENV', '_FILES');
|
|
1048 |
||
1049 |
// Remove elements in $GLOBALS that are present in any of the superglobals |
|
1050 |
$input = array_merge($_GET, $_POST, $_COOKIE, $_SERVER, $_ENV, $_FILES, isset($_SESSION) && is_array($_SESSION) ? $_SESSION : array()); |
|
1051 |
foreach ($input as $k => $v) |
|
1052 |
{
|
|
1053 |
if (!in_array($k, $no_unset) && isset($GLOBALS[$k])) |
|
1054 |
{
|
|
1055 |
unset($GLOBALS[$k]); |
|
1056 |
unset($GLOBALS[$k]); // Double unset to circumvent the zend_hash_del_key_or_index hole in PHP <4.4.3 and <5.1.4 |
|
1057 |
} |
|
1058 |
} |
|
1059 |
} |
|
1060 |
||
1061 |
||
1062 |
// |
|
1063 |
// Dump contents of variable(s) |
|
1064 |
// |
|
1065 |
function dump() |
|
1066 |
{
|
|
1067 |
echo '<pre>'; |
|
1068 |
||
1069 |
$num_args = func_num_args(); |
|
1070 |
||
1071 |
for ($i = 0; $i < $num_args; ++$i) |
|
1072 |
{
|
|
1073 |
print_r(func_get_arg($i)); |
|
1074 |
echo "\n\n"; |
|
1075 |
} |
|
1076 |
||
1077 |
echo '</pre>'; |
|
1078 |
exit; |
|
1079 |
} |