|
1 <?php |
|
2 /*********************************************************************** |
|
3 |
|
4 Copyright (C) 2002-2008 PunBB.org |
|
5 |
|
6 This file is part of PunBB. |
|
7 |
|
8 PunBB is free software; you can redistribute it and/or modify it |
|
9 under the terms of the GNU General Public License as published |
|
10 by the Free Software Foundation; either version 2 of the License, |
|
11 or (at your option) any later version. |
|
12 |
|
13 PunBB is distributed in the hope that it will be useful, but |
|
14 WITHOUT ANY WARRANTY; without even the implied warranty of |
|
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
16 GNU General Public License for more details. |
|
17 |
|
18 You should have received a copy of the GNU General Public License |
|
19 along with this program; if not, write to the Free Software |
|
20 Foundation, Inc., 59 Temple Place, Suite 330, Boston, |
|
21 MA 02111-1307 USA |
|
22 |
|
23 ************************************************************************/ |
|
24 |
|
25 |
|
26 // |
|
27 // Return all code blocks that hook into $hook_id |
|
28 // |
|
29 function get_hook($hook_id) |
|
30 { |
|
31 global $pun_hooks; |
|
32 |
|
33 return !defined('PUN_DISABLE_HOOKS') && isset($pun_hooks[$hook_id]) ? implode("\n", $pun_hooks[$hook_id]) : false; |
|
34 } |
|
35 |
|
36 |
|
37 // |
|
38 // Authenticates the provided username and password against the user database |
|
39 // $user can be either a user ID (integer) or a username (string) |
|
40 // $password can be either a plaintext password or a password hash including salt ($password_is_hash must be set accordingly) |
|
41 // |
|
42 function authenticate_user($user, $password, $password_is_hash = false) |
|
43 { |
|
44 global $pun_db, $pun_user; |
|
45 |
|
46 ($hook = get_hook('fn_authenticate_user_start')) ? eval($hook) : null; |
|
47 |
|
48 // Check if there's a user matching $user and $password |
|
49 $query = array( |
|
50 'SELECT' => 'eu.username AS username, u.*, g.*, o.logged, o.idle, o.csrf_token, o.prev_url', |
|
51 'FROM' => 'users AS u', |
|
52 'JOINS' => array( |
|
53 array( |
|
54 'INNER JOIN' => 'groups AS g', |
|
55 'ON' => 'g.g_id=u.group_id' |
|
56 ), |
|
57 array( |
|
58 'LEFT JOIN' => 'online AS o', |
|
59 'ON' => 'o.user_id=u.id' |
|
60 ) |
|
61 ) |
|
62 ); |
|
63 |
|
64 // Are we looking for a user ID or a username? |
|
65 $query['WHERE'] = is_int($user) ? 'u.id='.intval($user) : 'u.username=\''.$pun_db->escape($user).'\''; |
|
66 |
|
67 ($hook = get_hook('fn_qr_get_user')) ? eval($hook) : null; |
|
68 $result = $pun_db->query_build($query) or error(__FILE__, __LINE__); |
|
69 $pun_user = $pun_db->fetch_assoc($result); |
|
70 |
|
71 if (!isset($pun_user['id']) || |
|
72 ($password_is_hash && $password != $pun_user['password']) || |
|
73 (!$password_is_hash && sha1($pun_user['salt'].sha1($password)) != $pun_user['password'])) |
|
74 set_default_user(); |
|
75 |
|
76 ($hook = get_hook('fn_authenticate_user_end')) ? eval($hook) : null; |
|
77 } |
|
78 |
|
79 // |
|
80 // Replacement for authenticate_user() for Enano. |
|
81 // |
|
82 |
|
83 function authenticate_user_enano() |
|
84 { |
|
85 global $pun_db, $pun_user; |
|
86 // import Enano globals |
|
87 global $db, $session, $paths, $template, $plugins; // Common objects |
|
88 |
|
89 ($hook = get_hook('fn_authenticate_user_start')) ? eval($hook) : null; |
|
90 |
|
91 // Check if there's a user matching $user and $password |
|
92 $query = array( |
|
93 'SELECT' => 'eu.username AS username_authoritative, u.*, u.username AS bla, g.*, o.logged, o.idle, o.csrf_token, o.prev_url', |
|
94 'FROM' => $pun_db->prefix . 'users AS u', |
|
95 'JOINS' => array( |
|
96 array( |
|
97 'LEFT JOIN' => table_prefix . 'users AS eu', |
|
98 'ON' => 'eu.user_id = u.id' |
|
99 ), |
|
100 array( |
|
101 'INNER JOIN' => $pun_db->prefix . 'groups AS g', |
|
102 'ON' => 'g.g_id=u.group_id' |
|
103 ), |
|
104 array( |
|
105 'LEFT JOIN' => $pun_db->prefix . 'online AS o', |
|
106 'ON' => 'o.user_id=u.id' |
|
107 ) |
|
108 ), |
|
109 'PARAMS' => array( |
|
110 'NO_PREFIX' => '' |
|
111 ) |
|
112 ); |
|
113 |
|
114 // Are we looking for a user ID or a username? |
|
115 $query['WHERE'] = 'u.id=' . $session->user_id; |
|
116 |
|
117 ($hook = get_hook('fn_qr_get_user')) ? eval($hook) : null; |
|
118 $result = $pun_db->query_build($query) or error(__FILE__, __LINE__); |
|
119 $pun_user = $pun_db->fetch_assoc($result); |
|
120 $pun_user['username'] =& $pun_user['username_authoritative']; |
|
121 |
|
122 if (!$session->user_logged_in) |
|
123 set_default_user(); |
|
124 |
|
125 ($hook = get_hook('fn_authenticate_user_end')) ? eval($hook) : null; |
|
126 } |
|
127 |
|
128 // |
|
129 // Attempt to login with the user ID and password hash from the cookie |
|
130 // |
|
131 function cookie_login(&$pun_user) |
|
132 { |
|
133 global $pun_db, $db_type, $pun_config, $cookie_name, $cookie_path, $cookie_domain, $cookie_secure, $pun_time_formats, $pun_date_formats; |
|
134 // import Enano globals |
|
135 global $db, $session, $paths, $template, $plugins; // Common objects |
|
136 |
|
137 ($hook = get_hook('fn_cookie_login_start')) ? eval($hook) : null; |
|
138 |
|
139 $now = time(); |
|
140 |
|
141 ($hook = get_hook('fn_cookie_login_fetch_cookie')) ? eval($hook) : null; |
|
142 |
|
143 if ( $session->user_logged_in ) |
|
144 { |
|
145 authenticate_user_enano(); |
|
146 |
|
147 // If we got back the default user, the login failed |
|
148 if ($pun_user['id'] == '1') |
|
149 { |
|
150 // pun_setcookie($cookie_name, base64_encode('1|'.random_key(8, true)), $expire); |
|
151 return; |
|
152 } |
|
153 |
|
154 // Set a default language if the user selected language no longer exists |
|
155 if (!@file_exists(PUN_ROOT.'lang/'.$pun_user['language'])) |
|
156 $pun_user['language'] = $pun_config['o_default_lang']; |
|
157 |
|
158 // Set a default style if the user selected style no longer exists |
|
159 if (!@file_exists(PUN_ROOT.'style/'.$pun_user['style'].'/'.$pun_user['style'].'.css')) |
|
160 $pun_user['style'] = $pun_config['o_default_style']; |
|
161 |
|
162 if (!$pun_user['disp_topics']) |
|
163 $pun_user['disp_topics'] = $pun_config['o_disp_topics_default']; |
|
164 if (!$pun_user['disp_posts']) |
|
165 $pun_user['disp_posts'] = $pun_config['o_disp_posts_default']; |
|
166 |
|
167 if ($pun_user['save_pass'] == '0') |
|
168 $expire = 0; |
|
169 |
|
170 // Check user has a valid date and time format |
|
171 if (!isset($pun_time_formats[$pun_user['time_format']])) |
|
172 $pun_user['time_format'] = 0; |
|
173 if (!isset($pun_date_formats[$pun_user['date_format']])) |
|
174 $pun_user['date_format'] = 0; |
|
175 |
|
176 // Define this if you want this visit to affect the online list and the users last visit data |
|
177 if (!defined('PUN_QUIET_VISIT')) |
|
178 { |
|
179 // Update the online list |
|
180 if (!$pun_user['logged']) |
|
181 { |
|
182 $pun_user['logged'] = $now; |
|
183 $pun_user['csrf_token'] = random_key(40, false, true); |
|
184 $pun_user['prev_url'] = get_current_url(); |
|
185 |
|
186 // With MySQL/MySQLi/SQLite, REPLACE INTO avoids a user having two rows in the online table |
|
187 switch ($db_type) |
|
188 { |
|
189 case 'pgsql': |
|
190 $query = 'INSERT INTO '.$pun_db->prefix.'online (user_id, ident, logged, csrf_token, prev_url) SELECT '.$pun_user['id'].', \''.$pun_db->escape($pun_user['username']).'\', '.$pun_user['logged'].', \''.$pun_user['csrf_token'].'\', \''.$pun_db->escape($pun_user['prev_url']).'\' FROM '.$pun_db->prefix.'users WHERE id = '.$pun_user['id'].' AND NOT EXISTS (SELECT 1 FROM '.$pun_db->prefix.'online WHERE user_id='.$pun_user['id'].')'; |
|
191 ($hook = get_hook('fn_qr_add_online_user')) ? eval($hook) : null; |
|
192 $pun_db->query($query) or error(__FILE__, __LINE__); |
|
193 break; |
|
194 |
|
195 default: |
|
196 $query = array( |
|
197 'REPLACE' => 'user_id, ident, logged, csrf_token, prev_url', |
|
198 'INTO' => 'online', |
|
199 'VALUES' => $pun_user['id'].', \''.$pun_db->escape($pun_user['username']).'\', '.$pun_user['logged'].', \''.$pun_user['csrf_token'].'\', \''.$pun_db->escape($pun_user['prev_url']).'\'' |
|
200 ); |
|
201 ($hook = get_hook('fn_qr_add_online_user')) ? eval($hook) : null; |
|
202 $pun_db->query_build($query) or error(__FILE__, __LINE__); |
|
203 break; |
|
204 } |
|
205 |
|
206 // Reset tracked topics |
|
207 set_tracked_topics(null); |
|
208 } |
|
209 else |
|
210 { |
|
211 // Special case: We've timed out, but no other user has browsed the forums since we timed out |
|
212 if ($pun_user['logged'] < ($now-$pun_config['o_timeout_visit'])) |
|
213 { |
|
214 $query = array( |
|
215 'UPDATE' => 'users', |
|
216 'SET' => 'last_visit='.$pun_user['logged'], |
|
217 'WHERE' => 'id='.$pun_user['id'] |
|
218 ); |
|
219 |
|
220 ($hook = get_hook('fn_qr_update_user_visit')) ? eval($hook) : null; |
|
221 $pun_db->query_build($query) or error(__FILE__, __LINE__); |
|
222 |
|
223 $pun_user['last_visit'] = $pun_user['logged']; |
|
224 } |
|
225 |
|
226 // Now update the logged time and save the current URL in the online list |
|
227 $query = array( |
|
228 'UPDATE' => 'online', |
|
229 'SET' => 'logged='.$now.', prev_url=\''.$pun_db->escape(get_current_url()).'\'', |
|
230 'WHERE' => 'user_id='.$pun_user['id'] |
|
231 ); |
|
232 |
|
233 if ($pun_user['idle'] == '1') |
|
234 $query['SET'] .= ', idle=0'; |
|
235 |
|
236 ($hook = get_hook('fn_qr_update_online_user')) ? eval($hook) : null; |
|
237 $pun_db->query_build($query) or error(__FILE__, __LINE__); |
|
238 |
|
239 // Update tracked topics with the current expire time |
|
240 if (isset($_COOKIE[$cookie_name.'_track'])) |
|
241 pun_setcookie($cookie_name.'_track', $_COOKIE[$cookie_name.'_track'], time() + $pun_config['o_timeout_visit']); |
|
242 } |
|
243 } |
|
244 |
|
245 $pun_user['is_guest'] = false; |
|
246 $pun_user['is_admmod'] = $session->user_level >= USER_LEVEL_MOD || $pun_user['g_moderator'] == '1'; |
|
247 } |
|
248 else |
|
249 set_default_user(); |
|
250 |
|
251 ($hook = get_hook('fn_cookie_login_end')) ? eval($hook) : null; |
|
252 } |
|
253 |
|
254 |
|
255 // |
|
256 // Fill $pun_user with default values (for guests) |
|
257 // |
|
258 function set_default_user() |
|
259 { |
|
260 global $pun_db, $db_type, $pun_user, $pun_config; |
|
261 |
|
262 ($hook = get_hook('fn_set_default_user_start')) ? eval($hook) : null; |
|
263 |
|
264 $remote_addr = get_remote_address(); |
|
265 |
|
266 // Fetch guest user |
|
267 $query = array( |
|
268 'SELECT' => 'u.*, g.*, o.logged, o.csrf_token, o.prev_url', |
|
269 'FROM' => 'users AS u', |
|
270 'JOINS' => array( |
|
271 array( |
|
272 'INNER JOIN' => 'groups AS g', |
|
273 'ON' => 'g.g_id=u.group_id' |
|
274 ), |
|
275 array( |
|
276 'LEFT JOIN' => 'online AS o', |
|
277 'ON' => 'o.ident=\''.$remote_addr.'\'' |
|
278 ) |
|
279 ), |
|
280 'WHERE' => 'u.id=1' |
|
281 ); |
|
282 |
|
283 ($hook = get_hook('fn_qr_get_default_user')) ? eval($hook) : null; |
|
284 $result = $pun_db->query_build($query) or error(__FILE__, __LINE__); |
|
285 if (!$pun_db->num_rows($result)) |
|
286 exit('Unable to fetch guest information. The table \''.$pun_db->prefix.'users\' must contain an entry with id = 1 that represents anonymous users.'); |
|
287 |
|
288 $pun_user = $pun_db->fetch_assoc($result); |
|
289 |
|
290 // Update online list |
|
291 if (!$pun_user['logged']) |
|
292 { |
|
293 $pun_user['logged'] = time(); |
|
294 $pun_user['csrf_token'] = random_key(40, false, true); |
|
295 $pun_user['prev_url'] = get_current_url(); |
|
296 |
|
297 // With MySQL/MySQLi/SQLite, REPLACE INTO avoids a user having two rows in the online table |
|
298 switch ($db_type) |
|
299 { |
|
300 case 'pgsql': |
|
301 $query = 'INSERT INTO '.$pun_db->prefix.'online (user_id, ident, logged, csrf_token, prev_url) SELECT 1, \''.$pun_db->escape($remote_addr).'\', '.$pun_user['logged'].', \''.$pun_user['csrf_token'].'\', \''.$pun_db->escape($pun_user['prev_url']).'\' FROM '.$pun_db->prefix.'users WHERE id=1 AND NOT EXISTS (SELECT 1 FROM '.$pun_db->prefix.'online WHERE user_id=1 AND ident=\''.$pun_db->escape($remote_addr).'\')'; |
|
302 ($hook = get_hook('fn_qr_add_online_guest_user')) ? eval($hook) : null; |
|
303 $pun_db->query($query) or error(__FILE__, __LINE__); |
|
304 break; |
|
305 |
|
306 default: |
|
307 $query = array( |
|
308 'REPLACE' => 'user_id, ident, logged, csrf_token, prev_url', |
|
309 'INTO' => 'online', |
|
310 'VALUES' => '1, \''.$pun_db->escape($remote_addr).'\', '.$pun_user['logged'].', \''.$pun_user['csrf_token'].'\', \''.$pun_db->escape($pun_user['prev_url']).'\'' |
|
311 ); |
|
312 ($hook = get_hook('fn_qr_add_online_guest_user')) ? eval($hook) : null; |
|
313 $pun_db->query_build($query) or error(__FILE__, __LINE__); |
|
314 break; |
|
315 } |
|
316 } |
|
317 else |
|
318 { |
|
319 $query = array( |
|
320 'UPDATE' => 'online', |
|
321 'SET' => 'logged='.time().', prev_url=\''.$pun_db->escape(get_current_url()).'\'', |
|
322 'WHERE' => 'ident=\''.$pun_db->escape($remote_addr).'\'' |
|
323 ); |
|
324 |
|
325 ($hook = get_hook('fn_qr_update_online_guest_user')) ? eval($hook) : null; |
|
326 $pun_db->query_build($query) or error(__FILE__, __LINE__); |
|
327 } |
|
328 |
|
329 $pun_user['disp_topics'] = $pun_config['o_disp_topics_default']; |
|
330 $pun_user['disp_posts'] = $pun_config['o_disp_posts_default']; |
|
331 $pun_user['timezone'] = $pun_config['o_default_timezone']; |
|
332 $pun_user['language'] = $pun_config['o_default_lang']; |
|
333 $pun_user['style'] = $pun_config['o_default_style']; |
|
334 $pun_user['is_guest'] = true; |
|
335 $pun_user['is_admmod'] = false; |
|
336 } |
|
337 |
|
338 |
|
339 // |
|
340 // Set a cookie, PunBB style! |
|
341 // |
|
342 function pun_setcookie($name, $value, $expire) |
|
343 { |
|
344 global $cookie_path, $cookie_domain, $cookie_secure; |
|
345 |
|
346 ($hook = get_hook('fn_pun_setcookie_start')) ? eval($hook) : null; |
|
347 |
|
348 // Enable sending of a P3P header by removing // from the following line (try this if login is failing in IE6) |
|
349 // @header('P3P: CP="CUR ADM"'); |
|
350 |
|
351 if (version_compare(PHP_VERSION, '5.2.0', '>=')) |
|
352 setcookie($name, $value, $expire, $cookie_path, $cookie_domain, $cookie_secure, true); |
|
353 else |
|
354 setcookie($name, $value, $expire, $cookie_path.'; HttpOnly', $cookie_domain, $cookie_secure); |
|
355 } |
|
356 |
|
357 |
|
358 // |
|
359 // Check whether the connecting user is banned (and delete any expired bans while we're at it) |
|
360 // |
|
361 function check_bans() |
|
362 { |
|
363 global $pun_db, $pun_config, $lang_common, $pun_user, $pun_bans; |
|
364 // import Enano globals |
|
365 global $db, $session, $paths, $template, $plugins; // Common objects |
|
366 |
|
367 ($hook = get_hook('fn_check_bans_start')) ? eval($hook) : null; |
|
368 |
|
369 // Admins aren't affected |
|
370 if (defined('PUN_ADMIN') && $session->user_level >= USER_LEVEL_ADMIN || !$pun_bans) |
|
371 return; |
|
372 |
|
373 // Add a dot at the end of the IP address to prevent banned address 192.168.0.5 from matching e.g. 192.168.0.50 |
|
374 $user_ip = get_remote_address().'.'; |
|
375 $bans_altered = false; |
|
376 |
|
377 foreach ($pun_bans as $cur_ban) |
|
378 { |
|
379 // Has this ban expired? |
|
380 if ($cur_ban['expire'] != '' && $cur_ban['expire'] <= time()) |
|
381 { |
|
382 $query = array( |
|
383 'DELETE' => 'bans', |
|
384 'WHERE' => 'id='.$cur_ban['id'] |
|
385 ); |
|
386 |
|
387 ($hook = get_hook('fn_qr_delete_expired_ban')) ? eval($hook) : null; |
|
388 $pun_db->query_build($query) or error(__FILE__, __LINE__); |
|
389 |
|
390 $bans_altered = true; |
|
391 continue; |
|
392 } |
|
393 |
|
394 if ($cur_ban['username'] != '' && strtolower($pun_user['username']) == strtolower($cur_ban['username'])) |
|
395 { |
|
396 $query = array( |
|
397 'DELETE' => 'online', |
|
398 'WHERE' => 'ident=\''.$pun_db->escape($pun_user['username']).'\'' |
|
399 ); |
|
400 |
|
401 ($hook = get_hook('fn_qr_delete_online_user')) ? eval($hook) : null; |
|
402 $pun_db->query_build($query) or error(__FILE__, __LINE__); |
|
403 |
|
404 message($lang_common['Ban message'].' '.(($cur_ban['expire'] != '') ? sprintf($lang_common['Ban message 2'], strtolower(format_time($cur_ban['expire'], true))) : '').(($cur_ban['message'] != '') ? ' '.$lang_common['Ban message 3'].'<br /><br /><strong>'.htmlspecialchars($cur_ban['message']).'</strong><br /><br />' : '<br /><br />').sprintf($lang_common['Ban message 4'], '<a href="mailto:'.$pun_config['o_admin_email'].'">'.$pun_config['o_admin_email'].'</a>'), true); |
|
405 } |
|
406 |
|
407 if ($cur_ban['ip'] != '') |
|
408 { |
|
409 $cur_ban_ips = explode(' ', $cur_ban['ip']); |
|
410 |
|
411 $num_ips = count($cur_ban_ips); |
|
412 for ($i = 0; $i < $num_ips; ++$i) |
|
413 { |
|
414 $cur_ban_ips[$i] = $cur_ban_ips[$i].'.'; |
|
415 |
|
416 if (substr($user_ip, 0, strlen($cur_ban_ips[$i])) == $cur_ban_ips[$i]) |
|
417 { |
|
418 $query = array( |
|
419 'DELETE' => 'online', |
|
420 'WHERE' => 'ident=\''.$pun_db->escape($pun_user['username']).'\'' |
|
421 ); |
|
422 |
|
423 ($hook = get_hook('fn_qr_delete_online_user2')) ? eval($hook) : null; |
|
424 $pun_db->query_build($query) or error(__FILE__, __LINE__); |
|
425 |
|
426 message($lang_common['Ban message'].' '.(($cur_ban['expire'] != '') ? sprintf($lang_common['Ban message 2'], strtolower(format_time($cur_ban['expire'], true))) : '').(($cur_ban['message'] != '') ? ' '.$lang_common['Ban message 3'].'<br /><br /><strong>'.htmlspecialchars($cur_ban['message']).'</strong><br /><br />' : '<br /><br />').sprintf($lang_common['Ban message 4'], '<a href="mailto:'.$pun_config['o_admin_email'].'">'.$pun_config['o_admin_email'].'</a>'), true); |
|
427 } |
|
428 } |
|
429 } |
|
430 } |
|
431 |
|
432 // If we removed any expired bans during our run-through, we need to regenerate the bans cache |
|
433 if ($bans_altered) |
|
434 { |
|
435 require_once PUN_ROOT.'include/cache.php'; |
|
436 generate_bans_cache(); |
|
437 } |
|
438 } |
|
439 |
|
440 |
|
441 // |
|
442 // Update "Users online" |
|
443 // |
|
444 function update_users_online() |
|
445 { |
|
446 global $pun_db, $pun_config, $pun_user; |
|
447 |
|
448 $now = time(); |
|
449 |
|
450 ($hook = get_hook('fn_update_users_online_start')) ? eval($hook) : null; |
|
451 |
|
452 // Fetch all online list entries that are older than "o_timeout_online" |
|
453 $query = array( |
|
454 'SELECT' => 'o.*', |
|
455 'FROM' => 'online AS o', |
|
456 'WHERE' => 'o.logged<'.($now-$pun_config['o_timeout_online']) |
|
457 ); |
|
458 |
|
459 ($hook = get_hook('fn_qr_get_old_online_users')) ? eval($hook) : null; |
|
460 $result = $pun_db->query_build($query) or error(__FILE__, __LINE__); |
|
461 while ($cur_user = $pun_db->fetch_assoc($result)) |
|
462 { |
|
463 // If the entry is a guest, delete it |
|
464 if ($cur_user['user_id'] == '1') |
|
465 { |
|
466 $query = array( |
|
467 'DELETE' => 'online', |
|
468 'WHERE' => 'ident=\''.$pun_db->escape($cur_user['ident']).'\'' |
|
469 ); |
|
470 |
|
471 ($hook = get_hook('fn_qr_delete_online_guest_user')) ? eval($hook) : null; |
|
472 $pun_db->query_build($query) or error(__FILE__, __LINE__); |
|
473 } |
|
474 else |
|
475 { |
|
476 // If the entry is older than "o_timeout_visit", update last_visit for the user in question, then delete him/her from the online list |
|
477 if ($cur_user['logged'] < ($now-$pun_config['o_timeout_visit'])) |
|
478 { |
|
479 $query = array( |
|
480 'UPDATE' => 'users', |
|
481 'SET' => 'last_visit='.$cur_user['logged'], |
|
482 'WHERE' => 'id='.$cur_user['user_id'] |
|
483 ); |
|
484 |
|
485 ($hook = get_hook('fn_qr_update_user_visit2')) ? eval($hook) : null; |
|
486 $pun_db->query_build($query) or error(__FILE__, __LINE__); |
|
487 |
|
488 $query = array( |
|
489 'DELETE' => 'online', |
|
490 'WHERE' => 'user_id='.$cur_user['user_id'] |
|
491 ); |
|
492 |
|
493 ($hook = get_hook('fn_qr_delete_online_user3')) ? eval($hook) : null; |
|
494 $pun_db->query_build($query) or error(__FILE__, __LINE__); |
|
495 } |
|
496 else if ($cur_user['idle'] == '0') |
|
497 { |
|
498 $query = array( |
|
499 'UPDATE' => 'online', |
|
500 'SET' => 'idle=1', |
|
501 'WHERE' => 'user_id='.$cur_user['user_id'] |
|
502 ); |
|
503 |
|
504 ($hook = get_hook('fn_qr_update_online_user2')) ? eval($hook) : null; |
|
505 $pun_db->query_build($query) or error(__FILE__, __LINE__); |
|
506 } |
|
507 } |
|
508 } |
|
509 |
|
510 ($hook = get_hook('fn_update_users_online_end')) ? eval($hook) : null; |
|
511 } |
|
512 |
|
513 |
|
514 // |
|
515 // Generate the "navigator" that appears at the top of every page |
|
516 // |
|
517 function generate_navlinks() |
|
518 { |
|
519 global $pun_config, $lang_common, $pun_url, $pun_user; |
|
520 |
|
521 // Index should always be displayed |
|
522 $links[] = '<li id="navindex"'.((PUN_PAGE == 'index') ? ' class="isactive"' : '').'><a href="'.pun_link($pun_url['index']).'"><span>'.$lang_common['Index'].'</span></a></li>'; |
|
523 |
|
524 if ($pun_user['g_view_users'] == '1') |
|
525 $links[] = '<li id="navuserlist"'.((PUN_PAGE == 'userlist') ? ' class="isactive"' : '').'><a href="'.pun_link($pun_url['users']).'"><span>'.$lang_common['User list'].'</span></a></li>'; |
|
526 |
|
527 if ($pun_config['o_rules'] == '1') |
|
528 $links[] = '<li id="navrules"'.((PUN_PAGE == 'rules') ? ' class="isactive"' : '').'><a href="'.pun_link($pun_url['rules']).'"><span>'.$lang_common['Rules'].'</span></a></li>'; |
|
529 |
|
530 if ($pun_user['is_guest']) |
|
531 { |
|
532 if ($pun_user['g_search'] == '1') |
|
533 $links[] = '<li id="navsearch"'.((PUN_PAGE == 'search') ? ' class="isactive"' : '').'><a href="'.pun_link($pun_url['search']).'"><span>'.$lang_common['Search'].'</span></a></li>'; |
|
534 |
|
535 $links[] = '<li id="navregister"'.((PUN_PAGE == 'register') ? ' class="isactive"' : '').'><a href="'.pun_link($pun_url['register']).'"><span>'.$lang_common['Register'].'</span></a></li>'; |
|
536 $links[] = '<li id="navlogin"'.((PUN_PAGE == 'login') ? ' class="isactive"' : '').'><a href="'.pun_link($pun_url['login']).'"><span>'.$lang_common['Login'].'</span></a></li>'; |
|
537 } |
|
538 else |
|
539 { |
|
540 if (!$pun_user['is_admmod']) |
|
541 { |
|
542 if ($pun_user['g_search'] == '1') |
|
543 $links[] = '<li id="navsearch"'.((PUN_PAGE == 'search') ? ' class="isactive"' : '').'><a href="'.pun_link($pun_url['search']).'"><span>'.$lang_common['Search'].'</span></a></li>'; |
|
544 |
|
545 $links[] = '<li id="navprofile"'.((PUN_PAGE == 'editprofile' || PUN_PAGE == 'viewprofile') ? ' class="isactive"' : '').'><a href="'.pun_link($pun_url['user'], $pun_user['id']).'"><span>'.$lang_common['Profile'].'</span></a></li>'; |
|
546 } |
|
547 else |
|
548 { |
|
549 $links[] = '<li id="navsearch"'.((PUN_PAGE == 'search') ? ' class="isactive"' : '').'><a href="'.pun_link($pun_url['search']).'"><span>'.$lang_common['Search'].'</span></a></li>'; |
|
550 $links[] = '<li id="navprofile"'.((PUN_PAGE == 'editprofile' || PUN_PAGE == 'viewprofile') ? ' class="isactive"' : '').'><a href="'.pun_link($pun_url['user'], $pun_user['id']).'"><span>'.$lang_common['Profile'].'</span></a></li>'; |
|
551 $links[] = '<li id="navadmin"'.((substr(PUN_PAGE, 0, 5) == 'admin') ? ' class="isactive"' : '').'><a href="'.pun_link($pun_url['admin_index']).'"><span>'.$lang_common['Admin'].'</span></a></li>'; |
|
552 } |
|
553 |
|
554 $links[] = '<li id="navlogout"><a href="'.pun_link($pun_url['logout'], array($pun_user['id'], generate_form_token('logout'.$pun_user['id']))).'"><span>'.$lang_common['Logout'].'</span></a></li>'; |
|
555 } |
|
556 |
|
557 // Are there any additional navlinks we should insert into the array before imploding it? |
|
558 if ($pun_config['o_additional_navlinks'] != '') |
|
559 { |
|
560 if (preg_match_all('#([0-9]+)\s*=\s*(.*?)\n#s', $pun_config['o_additional_navlinks']."\n", $extra_links)) |
|
561 { |
|
562 // Insert any additional links into the $links array (at the correct index) |
|
563 $num_links = count($extra_links[1]); |
|
564 for ($i = 0; $i < $num_links; ++$i) |
|
565 array_insert($links, $extra_links[1][$i], '<li id="navextra'.($i + 1).'">'.$extra_links[2][$i].'</li>'); |
|
566 } |
|
567 } |
|
568 |
|
569 ($hook = get_hook('fn_generate_navlinks_end')) ? eval($hook) : null; |
|
570 |
|
571 return implode("\n\t\t", $links); |
|
572 } |
|
573 |
|
574 |
|
575 // |
|
576 // Display the profile navigation menu |
|
577 // |
|
578 function generate_profile_menu() |
|
579 { |
|
580 global $lang_profile, $pun_url, $pun_config, $pun_user, $id; |
|
581 |
|
582 // Setup links for profile menu |
|
583 $profilenav_links = array( |
|
584 '<li'.((PUN_PAGE == 'profile-about') ? ' class="topactive">' : '>').'<a href="'.pun_link($pun_url['profile_about'], $id).'"><span>'.$lang_profile['Section about'].'</span></a></li>', |
|
585 '<li'.((PUN_PAGE == 'profile-identity') ? ' class="topactive">' : '>').'<a href="'.pun_link($pun_url['profile_identity'], $id).'"><span>'.$lang_profile['Section identity'].'</span></a></li>', |
|
586 '<li'.((PUN_PAGE == 'profile-settings') ? ' class="topactive">' : '>').'<a href="'.pun_link($pun_url['profile_settings'], $id).'"><span>'.$lang_profile['Section settings'].'</span></a></li>', |
|
587 ); |
|
588 |
|
589 if ($pun_config['o_signatures'] == '1') |
|
590 $profilenav_links[] = '<li'.((PUN_PAGE == 'profile-signature') ? ' class="topactive">' : '>').'<a href="'.pun_link($pun_url['profile_signature'], $id).'"><span>'.$lang_profile['Section signature'].'</span></a></li>'; |
|
591 |
|
592 if ($pun_config['o_avatars'] == '1') |
|
593 $profilenav_links[] = '<li'.((PUN_PAGE == 'profile-avatar') ? ' class="topactive">' : '>').'<a href="'.pun_link($pun_url['profile_avatar'], $id).'"><span>'.$lang_profile['Section avatar'].'</span></a></li>'; |
|
594 |
|
595 if ($session->user_level >= USER_LEVEL_ADMIN || ($pun_user['g_moderator'] == '1' && $pun_user['g_mod_ban_users'] == '1')) |
|
596 $profilenav_links[] = '<li'.((PUN_PAGE == 'profile-admin') ? ' class="topactive">' : '>').'<a href="'.pun_link($pun_url['profile_admin'], $id).'"><span>'.$lang_profile['Section admin'].'</span></a></li>'; |
|
597 |
|
598 ($hook = get_hook('fn_generate_profile_menu_end')) ? eval($hook) : null; |
|
599 |
|
600 ?> |
|
601 <div id="profilenav" class="main-nav"> |
|
602 <ul> |
|
603 <?php echo implode("\n\t\t\t", $profilenav_links)."\n"; ?> |
|
604 </ul> |
|
605 </div> |
|
606 <?php |
|
607 |
|
608 } |
|
609 |
|
610 |
|
611 // |
|
612 // Generate breadcrumb navigation |
|
613 // |
|
614 function generate_crumbs($reverse) |
|
615 { |
|
616 global $lang_common, $pun_url, $pun_config, $pun_page; |
|
617 |
|
618 if (empty($pun_page['crumbs'])) |
|
619 $pun_page['crumbs'][0] = $pun_config['o_board_title']; |
|
620 |
|
621 $crumbs = ''; |
|
622 $num_crumbs = count($pun_page['crumbs']); |
|
623 |
|
624 if ($reverse) |
|
625 { |
|
626 for ($i = ($num_crumbs - 1); $i >= 0; --$i) |
|
627 $crumbs .= (is_array($pun_page['crumbs'][$i]) ? htmlspecialchars($pun_page['crumbs'][$i][0]) : htmlspecialchars($pun_page['crumbs'][$i])).((isset($pun_page['page']) && $i == ($num_crumbs - 1)) ? ' ('.$lang_common['Page'].' '.$pun_page['page'].')' : '').($i > 0 ? $lang_common['Title separator'] : ''); |
|
628 } |
|
629 else |
|
630 { |
|
631 for ($i = 0; $i < $num_crumbs; ++$i) |
|
632 { |
|
633 if ($i < ($num_crumbs - 1)) |
|
634 $crumbs .= '<span class="crumb'.(($i == 0) ? ' crumbfirst' : '').'"><span>'.(($i >= 1) ? $lang_common['Crumb separator'] : '').$lang_common['Back to'].' </span>'.(is_array($pun_page['crumbs'][$i]) ? '<a href="'.$pun_page['crumbs'][$i][1].'">'.htmlspecialchars($pun_page['crumbs'][$i][0]).'</a>' : htmlspecialchars($pun_page['crumbs'][$i])).'</span>'; |
|
635 else |
|
636 $crumbs .= '<strong class="crumb crumblast'.(($i == 0) ? ' crumbfirst' : '').'"><span>'.(($i >= 1) ? $lang_common['Crumb separator'] : '').$lang_common['You are here'].' </span>'.(is_array($pun_page['crumbs'][$i]) ? '<a href="'.$pun_page['crumbs'][$i][1].'">'.htmlspecialchars($pun_page['crumbs'][$i][0]).'</a>' : htmlspecialchars($pun_page['crumbs'][$i])).'</strong>'; |
|
637 } |
|
638 } |
|
639 |
|
640 ($hook = get_hook('fn_generate_crumbs_end')) ? eval($hook) : null; |
|
641 |
|
642 return $crumbs; |
|
643 } |
|
644 |
|
645 |
|
646 // |
|
647 // Save array of tracked topics in cookie |
|
648 // |
|
649 function set_tracked_topics($tracked_topics) |
|
650 { |
|
651 global $cookie_name, $cookie_path, $cookie_domain, $cookie_secure, $pun_config; |
|
652 |
|
653 ($hook = get_hook('fn_set_tracked_topics_start')) ? eval($hook) : null; |
|
654 |
|
655 $cookie_data = ''; |
|
656 if (!empty($tracked_topics)) |
|
657 { |
|
658 // Sort the arrays (latest read first) |
|
659 arsort($tracked_topics['topics'], SORT_NUMERIC); |
|
660 arsort($tracked_topics['forums'], SORT_NUMERIC); |
|
661 |
|
662 // Homebrew serialization (to avoid having to run unserialize() on cookie data) |
|
663 foreach ($tracked_topics['topics'] as $id => $timestamp) |
|
664 $cookie_data .= 't'.$id.'='.$timestamp.';'; |
|
665 foreach ($tracked_topics['forums'] as $id => $timestamp) |
|
666 $cookie_data .= 'f'.$id.'='.$timestamp.';'; |
|
667 |
|
668 // Enforce a 4048 byte size limit (4096 minus some space for the cookie name) |
|
669 if (strlen($cookie_data) > 4048) |
|
670 { |
|
671 $cookie_data = substr($cookie_data, 0, 4048); |
|
672 $cookie_data = substr($cookie_data, 0, strrpos($cookie_data, ';')).';'; |
|
673 } |
|
674 } |
|
675 |
|
676 pun_setcookie($cookie_name.'_track', $cookie_data, time() + $pun_config['o_timeout_visit']); |
|
677 $_COOKIE[$cookie_name.'_track'] = $cookie_data; // Set it directly in $_COOKIE as well |
|
678 } |
|
679 |
|
680 |
|
681 // |
|
682 // Extract array of tracked topics from cookie |
|
683 // |
|
684 function get_tracked_topics() |
|
685 { |
|
686 global $cookie_name; |
|
687 |
|
688 $cookie_data = isset($_COOKIE[$cookie_name.'_track']) ? $_COOKIE[$cookie_name.'_track'] : false; |
|
689 if (!$cookie_data) |
|
690 return array('topics' => array(), 'forums' => array()); |
|
691 |
|
692 if (strlen($cookie_data) > 4048) |
|
693 return array('topics' => array(), 'forums' => array()); |
|
694 |
|
695 // Unserialize data from cookie |
|
696 $tracked_topics = array('topics' => array(), 'forums' => array()); |
|
697 $temp = explode(';', $cookie_data); |
|
698 foreach ($temp as $t) |
|
699 { |
|
700 $type = substr($t, 0, 1) == 'f' ? 'forums' : 'topics'; |
|
701 $id = intval(substr($t, 1)); |
|
702 $timestamp = intval(@substr($t, strpos($t, '=') + 1)); |
|
703 if ($id > 0 && $timestamp > 0) |
|
704 $tracked_topics[$type][$id] = $timestamp; |
|
705 } |
|
706 |
|
707 ($hook = get_hook('fn_get_tracked_topics_end')) ? eval($hook) : null; |
|
708 |
|
709 return $tracked_topics; |
|
710 } |
|
711 |
|
712 |
|
713 // |
|
714 // Update posts, topics, last_post, last_post_id and last_poster for a forum |
|
715 // |
|
716 function sync_forum($forum_id) |
|
717 { |
|
718 global $pun_db; |
|
719 |
|
720 ($hook = get_hook('fn_sync_forum_start')) ? eval($hook) : null; |
|
721 |
|
722 // Get topic and post count for forum |
|
723 $query = array( |
|
724 'SELECT' => 'COUNT(t.id), SUM(t.num_replies)', |
|
725 'FROM' => 'topics AS t', |
|
726 'WHERE' => 't.forum_id='.$forum_id |
|
727 ); |
|
728 |
|
729 ($hook = get_hook('fn_qr_get_forum_stats')) ? eval($hook) : null; |
|
730 $result = $pun_db->query_build($query) or error(__FILE__, __LINE__); |
|
731 list($num_topics, $num_posts) = $pun_db->fetch_row($result); |
|
732 |
|
733 $num_posts = $num_posts + $num_topics; // $num_posts is only the sum of all replies (we have to add the topic posts) |
|
734 |
|
735 // Get last_post, last_post_id and last_poster for forum (if any) |
|
736 $query = array( |
|
737 'SELECT' => 't.last_post, t.last_post_id, t.last_poster', |
|
738 'FROM' => 'topics AS t', |
|
739 'WHERE' => 't.forum_id='.$forum_id.' AND t.moved_to is NULL', |
|
740 'ORDER BY' => 't.last_post DESC', |
|
741 'LIMIT' => '1' |
|
742 ); |
|
743 |
|
744 ($hook = get_hook('fn_qr_get_forum_last_post_data')) ? eval($hook) : null; |
|
745 $result = $pun_db->query_build($query) or error(__FILE__, __LINE__); |
|
746 if ($pun_db->num_rows($result)) |
|
747 { |
|
748 list($last_post, $last_post_id, $last_poster) = $pun_db->fetch_row($result); |
|
749 $last_poster = '\''.$pun_db->escape($last_poster).'\''; |
|
750 } |
|
751 else |
|
752 $last_post = $last_post_id = $last_poster = 'NULL'; |
|
753 |
|
754 // Now update the forum |
|
755 $query = array( |
|
756 'UPDATE' => 'forums', |
|
757 'SET' => 'num_topics='.$num_topics.', num_posts='.$num_posts.', last_post='.$last_post.', last_post_id='.$last_post_id.', last_poster='.$last_poster, |
|
758 'WHERE' => 'id='.$forum_id |
|
759 ); |
|
760 |
|
761 ($hook = get_hook('fn_qr_update_forum')) ? eval($hook) : null; |
|
762 $pun_db->query_build($query) or error(__FILE__, __LINE__); |
|
763 } |
|
764 |
|
765 |
|
766 // |
|
767 // Update replies, last_post, last_post_id and last_poster for a topic |
|
768 // |
|
769 function sync_topic($topic_id) |
|
770 { |
|
771 global $pun_db; |
|
772 |
|
773 ($hook = get_hook('fn_sync_topic_start')) ? eval($hook) : null; |
|
774 |
|
775 // Count number of replies in the topic |
|
776 $query = array( |
|
777 'SELECT' => 'COUNT(p.id)', |
|
778 'FROM' => 'posts AS p', |
|
779 'WHERE' => 'p.topic_id='.$topic_id |
|
780 ); |
|
781 |
|
782 ($hook = get_hook('fn_qr_get_topic_reply_count')) ? eval($hook) : null; |
|
783 $result = $pun_db->query_build($query) or error(__FILE__, __LINE__); |
|
784 $num_replies = $pun_db->result($result, 0) - 1; |
|
785 |
|
786 // Get last_post, last_post_id and last_poster |
|
787 $query = array( |
|
788 'SELECT' => 'p.posted, p.id, p.poster', |
|
789 'FROM' => 'posts AS p', |
|
790 'WHERE' => 'p.topic_id='.$topic_id, |
|
791 'ORDER BY' => 'p.id DESC', |
|
792 'LIMIT' => '1' |
|
793 ); |
|
794 |
|
795 ($hook = get_hook('fn_qr_get_topic_last_post_data')) ? eval($hook) : null; |
|
796 $result = $pun_db->query_build($query) or error(__FILE__, __LINE__); |
|
797 list($last_post, $last_post_id, $last_poster) = $pun_db->fetch_row($result); |
|
798 |
|
799 // Now update the topic |
|
800 $query = array( |
|
801 'UPDATE' => 'topics', |
|
802 'SET' => 'num_replies='.$num_replies.', last_post='.$last_post.', last_post_id='.$last_post_id.', last_poster=\''.$pun_db->escape($last_poster).'\'', |
|
803 'WHERE' => 'id='.$topic_id |
|
804 ); |
|
805 |
|
806 ($hook = get_hook('fn_qr_update_topic')) ? eval($hook) : null; |
|
807 $pun_db->query_build($query) or error(__FILE__, __LINE__); |
|
808 } |
|
809 |
|
810 |
|
811 // |
|
812 // Verifies that the provided username is OK for insertion into the database |
|
813 // |
|
814 function validate_username($username, $exclude_id = null) |
|
815 { |
|
816 global $lang_common, $lang_register, $lang_profile, $pun_config; |
|
817 |
|
818 $errors = array(); |
|
819 |
|
820 ($hook = get_hook('fn_validate_username_start')) ? eval($hook) : null; |
|
821 |
|
822 // Convert multiple whitespace characters into one (to prevent people from registering with indistinguishable usernames) |
|
823 $username = preg_replace('#\s+#s', ' ', $username); |
|
824 |
|
825 // Validate username |
|
826 if (pun_strlen($username) < 2) |
|
827 $errors[] = $lang_profile['Username too short']; |
|
828 else if (pun_strlen($username) > 25) |
|
829 $errors[] = $lang_profile['Username too long']; |
|
830 else if (strtolower($username) == 'guest' || strtolower($username) == strtolower($lang_common['Guest'])) |
|
831 $errors[] = $lang_profile['Username guest']; |
|
832 else if (preg_match('/[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/', $username)) |
|
833 $errors[] = $lang_profile['Username IP']; |
|
834 else if ((strpos($username, '[') !== false || strpos($username, ']') !== false) && strpos($username, '\'') !== false && strpos($username, '"') !== false) |
|
835 $errors[] = $lang_profile['Username reserved chars']; |
|
836 else if (preg_match('#\[b\]|\[/b\]|\[u\]|\[/u\]|\[i\]|\[/i\]|\[color|\[/color\]|\[quote\]|\[quote=|\[/quote\]|\[code\]|\[/code\]|\[img\]|\[/img\]|\[url|\[/url\]|\[email|\[/email\]#i', $username)) |
|
837 $errors[] = $lang_profile['Username BBCode']; |
|
838 |
|
839 // Check username for any censored words |
|
840 if ($pun_config['o_censoring'] == '1' && censor_words($username) != $username) |
|
841 $errors[] = $lang_register['Username censor']; |
|
842 |
|
843 // Check for username dupe |
|
844 $dupe = check_username_dupe($username, $exclude_id); |
|
845 if ($dupe !== false) |
|
846 $errors[] = sprintf($lang_profile['Username dupe'], htmlspecialchars($dupe)); |
|
847 |
|
848 return $errors; |
|
849 } |
|
850 |
|
851 |
|
852 // |
|
853 // Adds a new user. The username must be passed through validate_username() first. |
|
854 // |
|
855 function add_user($user_info, &$new_uid) |
|
856 { |
|
857 global $pun_db, $base_url, $lang_common, $pun_config, $pun_user, $pun_url; |
|
858 |
|
859 ($hook = get_hook('fn_add_user_start')) ? eval($hook) : null; |
|
860 |
|
861 // Add the user |
|
862 $query = array( |
|
863 'INSERT' => 'username, group_id, password, email, email_setting, save_pass, timezone, language, style, registered, registration_ip, last_visit, salt, activate_key', |
|
864 'INTO' => 'users', |
|
865 'VALUES' => '\''.$pun_db->escape($user_info['username']).'\', '.$user_info['group_id'].', \''.$pun_db->escape($user_info['password_hash']).'\', \''.$pun_db->escape($user_info['email']).'\', '.$user_info['email_setting'].', '.$user_info['save_pass'].', '.floatval($user_info['timezone']).', \''.$pun_db->escape($user_info['language']).'\', \''.$pun_db->escape($user_info['style']).'\', '.$user_info['registered'].', \''.$pun_db->escape($user_info['registration_ip']).'\', '.$user_info['registered'].', \''.$pun_db->escape($user_info['salt']).'\', '.$user_info['activate_key'].'' |
|
866 ); |
|
867 |
|
868 ($hook = get_hook('fn_qr_add_user')) ? eval($hook) : null; |
|
869 $pun_db->query_build($query) or error(__FILE__, __LINE__); |
|
870 $new_uid = $pun_db->insert_id(); |
|
871 |
|
872 // Must the user verify the registration? |
|
873 if ($user_info['require_verification']) |
|
874 { |
|
875 // Load the "welcome" template |
|
876 $mail_tpl = trim(file_get_contents(PUN_ROOT.'lang/'.$pun_user['language'].'/mail_templates/welcome.tpl')); |
|
877 |
|
878 // The first row contains the subject |
|
879 $first_crlf = strpos($mail_tpl, "\n"); |
|
880 $mail_subject = trim(substr($mail_tpl, 8, $first_crlf-8)); |
|
881 $mail_message = trim(substr($mail_tpl, $first_crlf)); |
|
882 |
|
883 $mail_subject = str_replace('<board_title>', $pun_config['o_board_title'], $mail_subject); |
|
884 $mail_message = str_replace('<base_url>', $base_url.'/', $mail_message); |
|
885 $mail_message = str_replace('<username>', $user_info['username'], $mail_message); |
|
886 $mail_message = str_replace('<activation_url>', str_replace('&', '&', pun_link($pun_url['change_password_key'], array($new_uid, substr($user_info['activate_key'], 1, -1)))), $mail_message); |
|
887 $mail_message = str_replace('<board_mailer>', sprintf($lang_common['Forum mailer'], $pun_config['o_board_title']), $mail_message); |
|
888 |
|
889 ($hook = get_hook('fn_add_user_send_verification')) ? eval($hook) : null; |
|
890 |
|
891 pun_mail($user_info['email'], $mail_subject, $mail_message); |
|
892 } |
|
893 |
|
894 // Should we alert people on the admin mailing list that a new user has registered? |
|
895 if ($user_info['notify_admins'] && $pun_config['o_mailing_list'] != '') |
|
896 { |
|
897 $mail_subject = 'Alert - New registration'; |
|
898 $mail_message = 'User \''.$user_info['username'].'\' registered in the forums at '.$base_url.'/'."\n\n".'User profile: '.pun_link($pun_url['user'], $new_uid)."\n\n".'-- '."\n".'Forum Mailer'."\n".'(Do not reply to this message)'; |
|
899 |
|
900 pun_mail($pun_config['o_mailing_list'], $mail_subject, $mail_message); |
|
901 } |
|
902 |
|
903 ($hook = get_hook('fn_add_user_end')) ? eval($hook) : null; |
|
904 |
|
905 return $new_uid; |
|
906 } |
|
907 |
|
908 |
|
909 // |
|
910 // Delete a user and all information associated with it |
|
911 // |
|
912 function delete_user($user_id) |
|
913 { |
|
914 global $pun_db, $db_type, $pun_config; |
|
915 |
|
916 ($hook = get_hook('fn_delete_user_start')) ? eval($hook) : null; |
|
917 |
|
918 // First we need to get some data on the user |
|
919 $query = array( |
|
920 'SELECT' => 'u.username, u.group_id, g.g_moderator', |
|
921 'FROM' => 'users AS u', |
|
922 'JOINS' => array( |
|
923 array( |
|
924 'INNER JOIN' => 'groups AS g', |
|
925 'ON' => 'g.g_id=u.group_id' |
|
926 ) |
|
927 ), |
|
928 'WHERE' => 'u.id='.$user_id |
|
929 ); |
|
930 |
|
931 ($hook = get_hook('fn_qr_get_user_data')) ? eval($hook) : null; |
|
932 $result = $pun_db->query_build($query) or error(__FILE__, __LINE__); |
|
933 $user = $pun_db->fetch_assoc($result); |
|
934 |
|
935 // If the user is a moderator or an administrator, we remove him/her from the moderator list in all forums |
|
936 // and regenerate the bans cache |
|
937 if ($user['group_id'] == PUN_ADMIN || $user['g_moderator'] == '1') |
|
938 { |
|
939 clean_forum_moderators(); |
|
940 |
|
941 // Regenerate the bans cache |
|
942 require_once PUN_ROOT.'include/cache.php'; |
|
943 generate_bans_cache(); |
|
944 } |
|
945 |
|
946 // Delete any subscriptions |
|
947 $query = array( |
|
948 'DELETE' => 'subscriptions', |
|
949 'WHERE' => 'user_id='.$user_id |
|
950 ); |
|
951 |
|
952 ($hook = get_hook('fn_qr_delete_subscriptions')) ? eval($hook) : null; |
|
953 $pun_db->query_build($query) or error(__FILE__, __LINE__); |
|
954 |
|
955 // Remove him/her from the online list (if they happen to be logged in) |
|
956 $query = array( |
|
957 'DELETE' => 'online', |
|
958 'WHERE' => 'user_id='.$user_id |
|
959 ); |
|
960 |
|
961 ($hook = get_hook('fn_qr_delete_online_user3')) ? eval($hook) : null; |
|
962 $pun_db->query_build($query) or error(__FILE__, __LINE__); |
|
963 |
|
964 // Should we delete all posts made by this user? |
|
965 if (isset($_POST['delete_posts'])) |
|
966 { |
|
967 @set_time_limit(0); |
|
968 |
|
969 // Find all posts made by this user |
|
970 $query = array( |
|
971 'SELECT' => 'p.id, p.topic_id, t.forum_id, t.first_post_id', |
|
972 'FROM' => 'posts AS p', |
|
973 'JOINS' => array( |
|
974 array( |
|
975 'INNER JOIN' => 'topics AS t', |
|
976 'ON' => 't.id=p.topic_id' |
|
977 ) |
|
978 ), |
|
979 'WHERE' => 'p.poster_id='.$user_id |
|
980 ); |
|
981 |
|
982 ($hook = get_hook('fn_qr_get_user_posts')) ? eval($hook) : null; |
|
983 $result = $pun_db->query_build($query) or error(__FILE__, __LINE__); |
|
984 while ($cur_post = $pun_db->fetch_assoc($result)) |
|
985 { |
|
986 if ($cur_post['first_post_id'] == $cur_post['id']) |
|
987 delete_topic($cur_post['topic_id'], $cur_post['forum_id']); |
|
988 else |
|
989 delete_post($cur_post['id'], $cur_post['topic_id'], $cur_post['forum_id']); |
|
990 } |
|
991 } |
|
992 else |
|
993 { |
|
994 // Set all his/her posts to guest |
|
995 $query = array( |
|
996 'UPDATE' => 'posts', |
|
997 'SET' => 'poster_id=1', |
|
998 'WHERE' => 'poster_id='.$user_id |
|
999 ); |
|
1000 |
|
1001 ($hook = get_hook('fn_qr_reset_user_posts')) ? eval($hook) : null; |
|
1002 $pun_db->query_build($query) or error(__FILE__, __LINE__); |
|
1003 } |
|
1004 |
|
1005 // Delete the user |
|
1006 $query = array( |
|
1007 'DELETE' => 'users', |
|
1008 'WHERE' => 'id='.$user_id |
|
1009 ); |
|
1010 |
|
1011 ($hook = get_hook('fn_qr_delete_user')) ? eval($hook) : null; |
|
1012 $pun_db->query_build($query) or error(__FILE__, __LINE__); |
|
1013 |
|
1014 // Delete user avatar |
|
1015 if (file_exists($pun_config['o_avatars_dir'].'/'.$user_id.'.gif')) |
|
1016 @unlink($pun_config['o_avatars_dir'].'/'.$user_id.'.gif'); |
|
1017 if (file_exists($pun_config['o_avatars_dir'].'/'.$user_id.'.jpg')) |
|
1018 @unlink($pun_config['o_avatars_dir'].'/'.$user_id.'.jpg'); |
|
1019 if (file_exists($pun_config['o_avatars_dir'].'/'.$user_id.'.png')) |
|
1020 @unlink($pun_config['o_avatars_dir'].'/'.$user_id.'.png'); |
|
1021 |
|
1022 ($hook = get_hook('fn_delete_user_end')) ? eval($hook) : null; |
|
1023 } |
|
1024 |
|
1025 |
|
1026 // |
|
1027 // Iterates through all forum moderator lists and removes any erroneous entries |
|
1028 // |
|
1029 function clean_forum_moderators() |
|
1030 { |
|
1031 global $pun_db; |
|
1032 |
|
1033 ($hook = get_hook('fn_clean_forum_moderators_start')) ? eval($hook) : null; |
|
1034 |
|
1035 // Get a list of forums and their respective lists of moderators |
|
1036 $query = array( |
|
1037 'SELECT' => 'f.id, f.moderators', |
|
1038 'FROM' => 'forums AS f', |
|
1039 'WHERE' => 'f.moderators IS NOT NULL' |
|
1040 ); |
|
1041 |
|
1042 ($hook = get_hook('fn_qr_get_forum_moderators')) ? eval($hook) : null; |
|
1043 $result = $pun_db->query_build($query) or error(__FILE__, __LINE__); |
|
1044 |
|
1045 while ($cur_forum = $pun_db->fetch_assoc($result)) |
|
1046 { |
|
1047 $cur_moderators = unserialize($cur_forum['moderators']); |
|
1048 $new_moderators = $cur_moderators; |
|
1049 |
|
1050 // Iterate through each user in the list and check if he/she is in a moderator or admin group |
|
1051 foreach ($cur_moderators as $username => $user_id) |
|
1052 { |
|
1053 $query = array( |
|
1054 'SELECT' => '1', |
|
1055 'FROM' => 'users AS u', |
|
1056 'JOINS' => array( |
|
1057 array( |
|
1058 'INNER JOIN' => 'groups AS g', |
|
1059 'ON' => 'g.g_id=u.group_id' |
|
1060 ) |
|
1061 ), |
|
1062 'WHERE' => '(g.g_moderator=1 OR u.group_id=1) AND u.id='.$user_id |
|
1063 ); |
|
1064 |
|
1065 ($hook = get_hook('fn_qr_check_user_in_moderator_group')) ? eval($hook) : null; |
|
1066 $result2 = $pun_db->query_build($query) or error(__FILE__, __LINE__); |
|
1067 |
|
1068 if (!$pun_db->num_rows($result2)) // If the user isn't in a moderator or admin group, remove him/her from the list |
|
1069 unset($new_moderators[$username]); |
|
1070 } |
|
1071 |
|
1072 // If we changed anything, update the forum |
|
1073 if ($cur_moderators != $new_moderators) |
|
1074 { |
|
1075 $new_moderators = (!empty($new_moderators)) ? '\''.$pun_db->escape(serialize($new_moderators)).'\'' : 'NULL'; |
|
1076 |
|
1077 $query = array( |
|
1078 'UPDATE' => 'forums', |
|
1079 'SET' => 'moderators='.$new_moderators, |
|
1080 'WHERE' => 'id='.$cur_forum['id'] |
|
1081 ); |
|
1082 |
|
1083 ($hook = get_hook('fn_qr_set_forum_moderators')) ? eval($hook) : null; |
|
1084 $pun_db->query_build($query) or error(__FILE__, __LINE__); |
|
1085 } |
|
1086 } |
|
1087 |
|
1088 ($hook = get_hook('fn_clean_forum_moderators_end')) ? eval($hook) : null; |
|
1089 } |
|
1090 |
|
1091 |
|
1092 // |
|
1093 // Locate and delete any orphaned redirect topics |
|
1094 // |
|
1095 function delete_orphans() |
|
1096 { |
|
1097 global $pun_db; |
|
1098 |
|
1099 ($hook = get_hook('fn_delete_orphans_start')) ? eval($hook) : null; |
|
1100 |
|
1101 // Locate any orphaned redirect topics |
|
1102 $query = array( |
|
1103 'SELECT' => 't1.id', |
|
1104 'FROM' => 'topics AS t1', |
|
1105 'JOINS' => array( |
|
1106 array( |
|
1107 'LEFT JOIN' => 'topics AS t2', |
|
1108 'ON' => 't1.moved_to=t2.id' |
|
1109 ) |
|
1110 ), |
|
1111 'WHERE' => 't2.id IS NULL AND t1.moved_to IS NOT NULL' |
|
1112 ); |
|
1113 |
|
1114 ($hook = get_hook('fn_qr_get_orphans')) ? eval($hook) : null; |
|
1115 $result = $pun_db->query_build($query) or error(__FILE__, __LINE__); |
|
1116 $num_orphans = $pun_db->num_rows($result); |
|
1117 |
|
1118 if ($num_orphans) |
|
1119 { |
|
1120 for ($i = 0; $i < $num_orphans; ++$i) |
|
1121 $orphans[] = $pun_db->result($result, $i); |
|
1122 |
|
1123 // Delete the orphan |
|
1124 $query = array( |
|
1125 'DELETE' => 'topics', |
|
1126 'WHERE' => 'id IN('.implode(',', $orphans).')' |
|
1127 ); |
|
1128 |
|
1129 ($hook = get_hook('fn_qr_delete_orphan')) ? eval($hook) : null; |
|
1130 $pun_db->query_build($query) or error(__FILE__, __LINE__); |
|
1131 } |
|
1132 } |
|
1133 |
|
1134 |
|
1135 // |
|
1136 // Delete a topic and all of it's posts |
|
1137 // |
|
1138 function delete_topic($topic_id, $forum_id) |
|
1139 { |
|
1140 global $pun_db, $db_type; |
|
1141 |
|
1142 ($hook = get_hook('fn_delete_topic_start')) ? eval($hook) : null; |
|
1143 |
|
1144 // Delete the topic and any redirect topics |
|
1145 $query = array( |
|
1146 'DELETE' => 'topics', |
|
1147 'WHERE' => 'id='.$topic_id.' OR moved_to='.$topic_id |
|
1148 ); |
|
1149 |
|
1150 ($hook = get_hook('fn_qr_delete_topic')) ? eval($hook) : null; |
|
1151 $pun_db->query_build($query) or error(__FILE__, __LINE__); |
|
1152 |
|
1153 // Create a list of the post ID's in this topic |
|
1154 $post_ids = ''; |
|
1155 $query = array( |
|
1156 'SELECT' => 'p.id', |
|
1157 'FROM' => 'posts AS p', |
|
1158 'WHERE' => 'p.topic_id='.$topic_id |
|
1159 ); |
|
1160 |
|
1161 ($hook = get_hook('fn_qr_get_posts_to_delete')) ? eval($hook) : null; |
|
1162 $result = $pun_db->query_build($query) or error(__FILE__, __LINE__); |
|
1163 while ($row = $pun_db->fetch_row($result)) |
|
1164 $post_ids .= ($post_ids != '') ? ','.$row[0] : $row[0]; |
|
1165 |
|
1166 // Make sure we have a list of post ID's |
|
1167 if ($post_ids != '') |
|
1168 { |
|
1169 // Delete posts in topic |
|
1170 $query = array( |
|
1171 'DELETE' => 'posts', |
|
1172 'WHERE' => 'topic_id='.$topic_id |
|
1173 ); |
|
1174 |
|
1175 ($hook = get_hook('fn_qr_delete_topic_posts')) ? eval($hook) : null; |
|
1176 $pun_db->query_build($query) or error(__FILE__, __LINE__); |
|
1177 |
|
1178 if ($db_type != 'mysql' && $db_type != 'mysqli') |
|
1179 { |
|
1180 require PUN_ROOT.'include/search_idx.php'; |
|
1181 strip_search_index($post_ids); |
|
1182 } |
|
1183 } |
|
1184 |
|
1185 // Delete any subscriptions for this topic |
|
1186 $query = array( |
|
1187 'DELETE' => 'subscriptions', |
|
1188 'WHERE' => 'topic_id='.$topic_id |
|
1189 ); |
|
1190 |
|
1191 ($hook = get_hook('fn_qr_delete_topic_subscriptions')) ? eval($hook) : null; |
|
1192 $pun_db->query_build($query) or error(__FILE__, __LINE__); |
|
1193 |
|
1194 sync_forum($forum_id); |
|
1195 |
|
1196 ($hook = get_hook('fn_delete_topic_end')) ? eval($hook) : null; |
|
1197 } |
|
1198 |
|
1199 |
|
1200 // |
|
1201 // Delete a single post |
|
1202 // |
|
1203 function delete_post($post_id, $topic_id, $forum_id) |
|
1204 { |
|
1205 global $pun_db, $db_type; |
|
1206 |
|
1207 ($hook = get_hook('fn_delete_post_start')) ? eval($hook) : null; |
|
1208 |
|
1209 $query = array( |
|
1210 'SELECT' => 'p.id, p.poster, p.posted', |
|
1211 'FROM' => 'posts AS p', |
|
1212 'WHERE' => 'p.topic_id='.$topic_id, |
|
1213 'ORDER BY' => 'p.id DESC', |
|
1214 'LIMIT' => '2' |
|
1215 ); |
|
1216 |
|
1217 ($hook = get_hook('fn_qr_get_topic_lastposts_info')) ? eval($hook) : null; |
|
1218 $result = $pun_db->query_build($query) or error(__FILE__, __LINE__); |
|
1219 list($last_id, ,) = $pun_db->fetch_row($result); |
|
1220 list($second_last_id, $second_poster, $second_posted) = $pun_db->fetch_row($result); |
|
1221 |
|
1222 // Delete the post |
|
1223 $query = array( |
|
1224 'DELETE' => 'posts', |
|
1225 'WHERE' => 'id='.$post_id |
|
1226 ); |
|
1227 |
|
1228 ($hook = get_hook('fn_qr_delete_post')) ? eval($hook) : null; |
|
1229 $pun_db->query_build($query) or error(__FILE__, __LINE__); |
|
1230 |
|
1231 if ($db_type != 'mysql' && $db_type != 'mysqli') |
|
1232 { |
|
1233 require PUN_ROOT.'include/search_idx.php'; |
|
1234 strip_search_index($post_id); |
|
1235 } |
|
1236 |
|
1237 // Count number of replies in the topic |
|
1238 $query = array( |
|
1239 'SELECT' => 'COUNT(p.id)', |
|
1240 'FROM' => 'posts AS p', |
|
1241 'WHERE' => 'p.topic_id='.$topic_id |
|
1242 ); |
|
1243 |
|
1244 ($hook = get_hook('fn_qr_get_topic_reply_count2')) ? eval($hook) : null; |
|
1245 $result = $pun_db->query_build($query) or error(__FILE__, __LINE__); |
|
1246 $num_replies = $pun_db->result($result, 0) - 1; |
|
1247 |
|
1248 // Update the topic now that a post has been deleted |
|
1249 $query = array( |
|
1250 'UPDATE' => 'topics', |
|
1251 'SET' => 'num_replies='.$num_replies, |
|
1252 'WHERE' => 'id='.$topic_id |
|
1253 ); |
|
1254 |
|
1255 // If we deleted the most recent post, we need to sync up last post data as wel |
|
1256 if ($last_id == $post_id) |
|
1257 $query['SET'] .= ', last_post='.$second_posted.', last_post_id='.$second_last_id.', last_poster=\''.$pun_db->escape($second_poster).'\''; |
|
1258 |
|
1259 ($hook = get_hook('fn_qr_update_topic2')) ? eval($hook) : null; |
|
1260 $pun_db->query_build($query) or error(__FILE__, __LINE__); |
|
1261 |
|
1262 sync_forum($forum_id); |
|
1263 |
|
1264 ($hook = get_hook('fn_delete_post_end')) ? eval($hook) : null; |
|
1265 } |
|
1266 |
|
1267 |
|
1268 // |
|
1269 // Creates a new topic with its first post |
|
1270 // |
|
1271 function add_topic($post_info, &$new_tid, &$new_pid) |
|
1272 { |
|
1273 global $pun_db, $db_type, $pun_config, $lang_common; |
|
1274 |
|
1275 ($hook = get_hook('fn_add_topic_start')) ? eval($hook) : null; |
|
1276 |
|
1277 // Add the topic |
|
1278 $query = array( |
|
1279 'INSERT' => 'poster, subject, posted, last_post, last_poster, forum_id', |
|
1280 'INTO' => 'topics', |
|
1281 'VALUES' => '\''.$pun_db->escape($post_info['poster']).'\', \''.$pun_db->escape($post_info['subject']).'\', '.$post_info['posted'].', '.$post_info['posted'].', \''.$pun_db->escape($post_info['poster']).'\', '.$post_info['forum_id'] |
|
1282 ); |
|
1283 |
|
1284 ($hook = get_hook('fn_qr_add_topic')) ? eval($hook) : null; |
|
1285 $pun_db->query_build($query) or error(__FILE__, __LINE__); |
|
1286 $new_tid = $pun_db->insert_id(); |
|
1287 |
|
1288 // To subscribe or not to subscribe, that ... |
|
1289 if (!$post_info['is_guest'] && $post_info['subscribe']) |
|
1290 { |
|
1291 $query = array( |
|
1292 'INSERT' => 'user_id, topic_id', |
|
1293 'INTO' => 'subscriptions', |
|
1294 'VALUES' => $post_info['poster_id'].' ,'.$new_tid |
|
1295 ); |
|
1296 |
|
1297 ($hook = get_hook('fn_qr_add_subscription')) ? eval($hook) : null; |
|
1298 $pun_db->query_build($query) or error(__FILE__, __LINE__); |
|
1299 } |
|
1300 |
|
1301 // Create the post ("topic post") |
|
1302 $query = array( |
|
1303 'INSERT' => 'poster, poster_id, poster_ip, message, hide_smilies, posted, topic_id', |
|
1304 'INTO' => 'posts', |
|
1305 'VALUES' => '\''.$pun_db->escape($post_info['poster']).'\', '.$post_info['poster_id'].', \''.get_remote_address().'\', \''.$pun_db->escape($post_info['message']).'\', '.$post_info['hide_smilies'].', '.$post_info['posted'].', '.$new_tid |
|
1306 ); |
|
1307 |
|
1308 // If it's a guest post, there might be an e-mail address we need to include |
|
1309 if ($post_info['is_guest'] && $post_info['poster_email'] != null) |
|
1310 { |
|
1311 $query['INSERT'] .= ', poster_email'; |
|
1312 $query['VALUES'] .= ', \''.$post_info['poster_email'].'\''; |
|
1313 } |
|
1314 |
|
1315 ($hook = get_hook('fn_qr_add_topic_post')) ? eval($hook) : null; |
|
1316 $pun_db->query_build($query) or error(__FILE__, __LINE__); |
|
1317 $new_pid = $pun_db->insert_id(); |
|
1318 |
|
1319 // Update the topic with last_post_id and first_post_id |
|
1320 $query = array( |
|
1321 'UPDATE' => 'topics', |
|
1322 'SET' => 'last_post_id='.$new_pid.', first_post_id='.$new_pid, |
|
1323 'WHERE' => 'id='.$new_tid |
|
1324 ); |
|
1325 |
|
1326 ($hook = get_hook('fn_qr_update_topic3')) ? eval($hook) : null; |
|
1327 $pun_db->query_build($query) or error(__FILE__, __LINE__); |
|
1328 |
|
1329 if ($db_type != 'mysql' && $db_type != 'mysqli') |
|
1330 { |
|
1331 require PUN_ROOT.'include/search_idx.php'; |
|
1332 update_search_index('post', $new_pid, $post_info['message'], $post_info['subject']); |
|
1333 } |
|
1334 |
|
1335 sync_forum($post_info['forum_id']); |
|
1336 |
|
1337 ($hook = get_hook('fn_add_topic_end')) ? eval($hook) : null; |
|
1338 } |
|
1339 |
|
1340 |
|
1341 // |
|
1342 // Creates a new post |
|
1343 // |
|
1344 function add_post($post_info, &$new_pid) |
|
1345 { |
|
1346 global $pun_db, $db_type, $pun_config, $lang_common; |
|
1347 |
|
1348 ($hook = get_hook('fn_add_post_start')) ? eval($hook) : null; |
|
1349 |
|
1350 // Add the post |
|
1351 $query = array( |
|
1352 'INSERT' => 'poster, poster_id, poster_ip, message, hide_smilies, posted, topic_id', |
|
1353 'INTO' => 'posts', |
|
1354 'VALUES' => '\''.$pun_db->escape($post_info['poster']).'\', '.$post_info['poster_id'].', \''.get_remote_address().'\', \''.$pun_db->escape($post_info['message']).'\', '.$post_info['hide_smilies'].', '.$post_info['posted'].', '.$post_info['topic_id'] |
|
1355 ); |
|
1356 |
|
1357 // If it's a guest post, there might be an e-mail address we need to include |
|
1358 if ($post_info['is_guest'] && $post_info['poster_email'] != null) |
|
1359 { |
|
1360 $query['INSERT'] .= ', poster_email'; |
|
1361 $query['VALUES'] .= ', \''.$post_info['poster_email'].'\''; |
|
1362 } |
|
1363 |
|
1364 ($hook = get_hook('fn_qr_add_post')) ? eval($hook) : null; |
|
1365 $pun_db->query_build($query) or error(__FILE__, __LINE__); |
|
1366 $new_pid = $pun_db->insert_id(); |
|
1367 |
|
1368 if (!$post_info['is_guest']) |
|
1369 { |
|
1370 // Subscribe or unsubscribe? |
|
1371 if ($post_info['subscr_action'] == 1) |
|
1372 { |
|
1373 $query = array( |
|
1374 'INSERT' => 'user_id, topic_id', |
|
1375 'INTO' => 'subscriptions', |
|
1376 'VALUES' => $post_info['poster_id'].' ,'.$post_info['topic_id'] |
|
1377 ); |
|
1378 |
|
1379 ($hook = get_hook('fn_qr_add_subscription2')) ? eval($hook) : null; |
|
1380 $pun_db->query_build($query) or error(__FILE__, __LINE__); |
|
1381 } |
|
1382 else if ($post_info['subscr_action'] == 2) |
|
1383 { |
|
1384 $query = array( |
|
1385 'DELETE' => 'subscriptions', |
|
1386 'WHERE' => 'topic_id='.$post_info['topic_id'].' AND user_id='.$post_info['poster_id'] |
|
1387 ); |
|
1388 |
|
1389 ($hook = get_hook('fn_qr_delete_subscription')) ? eval($hook) : null; |
|
1390 $pun_db->query_build($query) or error(__FILE__, __LINE__); |
|
1391 } |
|
1392 } |
|
1393 |
|
1394 // Count number of replies in the topic |
|
1395 $query = array( |
|
1396 'SELECT' => 'COUNT(p.id)', |
|
1397 'FROM' => 'posts AS p', |
|
1398 'WHERE' => 'p.topic_id='.$post_info['topic_id'] |
|
1399 ); |
|
1400 |
|
1401 ($hook = get_hook('fn_qr_get_topic_reply_count3')) ? eval($hook) : null; |
|
1402 $result = $pun_db->query_build($query) or error(__FILE__, __LINE__); |
|
1403 $num_replies = $pun_db->result($result, 0) - 1; |
|
1404 |
|
1405 // Update topic |
|
1406 $query = array( |
|
1407 'UPDATE' => 'topics', |
|
1408 'SET' => 'num_replies='.$num_replies.', last_post='.$post_info['posted'].', last_post_id='.$new_pid.', last_poster=\''.$pun_db->escape($post_info['poster']).'\'', |
|
1409 'WHERE' => 'id='.$post_info['topic_id'] |
|
1410 ); |
|
1411 |
|
1412 ($hook = get_hook('fn_qr_update_topic4')) ? eval($hook) : null; |
|
1413 $pun_db->query_build($query) or error(__FILE__, __LINE__); |
|
1414 |
|
1415 sync_forum($post_info['forum_id']); |
|
1416 |
|
1417 if ($db_type != 'mysql' && $db_type != 'mysqli') |
|
1418 { |
|
1419 require PUN_ROOT.'include/search_idx.php'; |
|
1420 update_search_index('post', $new_pid, $post_info['message']); |
|
1421 } |
|
1422 |
|
1423 send_subscriptions($post_info, $new_pid); |
|
1424 |
|
1425 ($hook = get_hook('fn_add_post_end')) ? eval($hook) : null; |
|
1426 } |
|
1427 |
|
1428 |
|
1429 // |
|
1430 // Send out subscription emails |
|
1431 // |
|
1432 function send_subscriptions($post_info, $new_pid) |
|
1433 { |
|
1434 global $pun_config, $pun_db, $pun_url, $lang_common; |
|
1435 |
|
1436 ($hook = get_hook('fn_send_subscriptions_start')) ? eval($hook) : null; |
|
1437 |
|
1438 if ($pun_config['o_subscriptions'] != '1') |
|
1439 return; |
|
1440 |
|
1441 // Get the post time for the previous post in this topic |
|
1442 $query = array( |
|
1443 'SELECT' => 'p.posted', |
|
1444 'FROM' => 'posts AS p', |
|
1445 'WHERE' => 'p.topic_id='.$post_info['topic_id'], |
|
1446 'ORDER BY' => 'p.id DESC', |
|
1447 'LIMIT' => '1, 1' |
|
1448 ); |
|
1449 |
|
1450 ($hook = get_hook('fn_qr_get_previous_post_time')) ? eval($hook) : null; |
|
1451 $result = $pun_db->query_build($query) or error(__FILE__, __LINE__); |
|
1452 $previous_post_time = $pun_db->result($result); |
|
1453 |
|
1454 // Get any subscribed users that should be notified (banned users are excluded) |
|
1455 $query = array( |
|
1456 'SELECT' => 'u.id, u.email, u.notify_with_post, u.language', |
|
1457 'FROM' => 'users AS u', |
|
1458 'JOINS' => array( |
|
1459 array( |
|
1460 'INNER JOIN' => 'subscriptions AS s', |
|
1461 'ON' => 'u.id=s.user_id' |
|
1462 ), |
|
1463 array( |
|
1464 'LEFT JOIN' => 'forum_perms AS fp', |
|
1465 'ON' => '(fp.forum_id='.$post_info['forum_id'].' AND fp.group_id=u.group_id)' |
|
1466 ), |
|
1467 array( |
|
1468 'INNER JOIN' => 'online AS o', |
|
1469 'ON' => 'u.id=o.user_id' |
|
1470 ), |
|
1471 array( |
|
1472 'INNER JOIN' => 'bans AS b', |
|
1473 'ON' => 'u.username=b.username' |
|
1474 ), |
|
1475 ), |
|
1476 'WHERE' => 'b.username IS NULL AND COALESCE(o.logged, u.last_visit)>'.$previous_post_time.' AND (fp.read_forum IS NULL OR fp.read_forum=1) AND s.topic_id='.$post_info['topic_id'].' AND u.id!='.$post_info['poster_id'] |
|
1477 ); |
|
1478 |
|
1479 ($hook = get_hook('fn_qr_get_users_to_notify')) ? eval($hook) : null; |
|
1480 $result = $pun_db->query_build($query) or error(__FILE__, __LINE__); |
|
1481 |
|
1482 if ($pun_db->num_rows($result)) |
|
1483 { |
|
1484 require_once PUN_ROOT.'include/email.php'; |
|
1485 |
|
1486 $notification_emails = array(); |
|
1487 |
|
1488 // Loop through subscribed users and send e-mails |
|
1489 while ($cur_subscriber = $pun_db->fetch_assoc($result)) |
|
1490 { |
|
1491 // Is the subscription e-mail for $cur_subscriber['language'] cached or not? |
|
1492 if (!isset($notification_emails[$cur_subscriber['language']])) |
|
1493 { |
|
1494 if (file_exists(PUN_ROOT.'lang/'.$cur_subscriber['language'].'/mail_templates/new_reply.tpl')) |
|
1495 { |
|
1496 // Load the "new reply" template |
|
1497 $mail_tpl = trim(file_get_contents(PUN_ROOT.'lang/'.$cur_subscriber['language'].'/mail_templates/new_reply.tpl')); |
|
1498 |
|
1499 // Load the "new reply full" template (with post included) |
|
1500 $mail_tpl_full = trim(file_get_contents(PUN_ROOT.'lang/'.$cur_subscriber['language'].'/mail_templates/new_reply_full.tpl')); |
|
1501 |
|
1502 // The first row contains the subject (it also starts with "Subject:") |
|
1503 $first_crlf = strpos($mail_tpl, "\n"); |
|
1504 $mail_subject = trim(substr($mail_tpl, 8, $first_crlf-8)); |
|
1505 $mail_message = trim(substr($mail_tpl, $first_crlf)); |
|
1506 |
|
1507 $first_crlf = strpos($mail_tpl_full, "\n"); |
|
1508 $mail_subject_full = trim(substr($mail_tpl_full, 8, $first_crlf-8)); |
|
1509 $mail_message_full = trim(substr($mail_tpl_full, $first_crlf)); |
|
1510 |
|
1511 $mail_subject = str_replace('<topic_subject>', '\''.$post_info['subject'].'\'', $mail_subject); |
|
1512 $mail_message = str_replace('<topic_subject>', '\''.$post_info['subject'].'\'', $mail_message); |
|
1513 $mail_message = str_replace('<replier>', $post_info['poster'], $mail_message); |
|
1514 $mail_message = str_replace('<post_url>', pun_link($pun_url['post'], $new_pid), $mail_message); |
|
1515 $mail_message = str_replace('<unsubscribe_url>', pun_link($pun_url['unsubscribe'], $post_info['topic_id']), $mail_message); |
|
1516 $mail_message = str_replace('<board_mailer>', sprintf($lang_common['Forum mailer'], $pun_config['o_board_title']), $mail_message); |
|
1517 |
|
1518 $mail_subject_full = str_replace('<topic_subject>', '\''.$post_info['subject'].'\'', $mail_subject_full); |
|
1519 $mail_message_full = str_replace('<topic_subject>', '\''.$post_info['subject'].'\'', $mail_message_full); |
|
1520 $mail_message_full = str_replace('<replier>', $post_info['poster'], $mail_message_full); |
|
1521 $mail_message_full = str_replace('<message>', $post_info['message'], $mail_message_full); |
|
1522 $mail_message_full = str_replace('<post_url>', pun_link($pun_url['post'], $new_pid), $mail_message_full); |
|
1523 $mail_message_full = str_replace('<unsubscribe_url>', pun_link($pun_url['unsubscribe'], $post_info['topic_id']), $mail_message_full); |
|
1524 $mail_message_full = str_replace('<board_mailer>', sprintf($lang_common['Forum mailer'], $pun_config['o_board_title']), $mail_message_full); |
|
1525 |
|
1526 $notification_emails[$cur_subscriber['language']][0] = $mail_subject; |
|
1527 $notification_emails[$cur_subscriber['language']][1] = $mail_message; |
|
1528 $notification_emails[$cur_subscriber['language']][2] = $mail_subject_full; |
|
1529 $notification_emails[$cur_subscriber['language']][3] = $mail_message_full; |
|
1530 |
|
1531 $mail_subject = $mail_message = $mail_subject_full = $mail_message_full = null; |
|
1532 } |
|
1533 } |
|
1534 |
|
1535 // We have to double check here because the templates could be missing |
|
1536 if (isset($notification_emails[$cur_subscriber['language']])) |
|
1537 { |
|
1538 // Make sure the e-mail address format is valid before sending |
|
1539 if (is_valid_email($cur_subscriber['email'])) |
|
1540 { |
|
1541 if ($cur_subscriber['notify_with_post'] == '0') |
|
1542 pun_mail($cur_subscriber['email'], $notification_emails[$cur_subscriber['language']][0], $notification_emails[$cur_subscriber['language']][1]); |
|
1543 else |
|
1544 pun_mail($cur_subscriber['email'], $notification_emails[$cur_subscriber['language']][2], $notification_emails[$cur_subscriber['language']][3]); |
|
1545 } |
|
1546 } |
|
1547 } |
|
1548 } |
|
1549 |
|
1550 ($hook = get_hook('fn_send_subscriptions_end')) ? eval($hook) : null; |
|
1551 } |
|
1552 |
|
1553 |
|
1554 // |
|
1555 // Make a string safe to use in a URL |
|
1556 // |
|
1557 function sef_friendly($string) |
|
1558 { |
|
1559 ($hook = get_hook('fn_sef_friendly_start')) ? eval($hook) : null; |
|
1560 |
|
1561 $reserved_words = array('atom', 'last'); |
|
1562 $words = explode(' ', $string); |
|
1563 $string = ''; |
|
1564 |
|
1565 foreach ($words as $word) |
|
1566 { |
|
1567 if (strlen($word) > 3 && !in_array(strtolower($word), $reserved_words)) |
|
1568 $string .= '-'.$word; |
|
1569 } |
|
1570 |
|
1571 $string = urlencode(strtr(str_replace('?', '', utf8_decode($string)), utf8_decode('ÀÁÂÃÄÅàáâãäåÒÓÔÕÖØòóôõöøÈÉÊËèéêëÇçÌÍÎÏìíîïÙÚÛÜùúûüÿÑñ/'), 'AAAAAAaaaaaaOOOOOOooooooEEEEeeeeCcIIIIiiiiUUUUuuuuyNn-')); |
|
1572 |
|
1573 return $string; |
|
1574 } |
|
1575 |
|
1576 |
|
1577 // |
|
1578 // Replace censored words in $text |
|
1579 // |
|
1580 function censor_words($text) |
|
1581 { |
|
1582 global $pun_db; |
|
1583 static $search_for, $replace_with; |
|
1584 |
|
1585 ($hook = get_hook('fn_censor_words_start')) ? eval($hook) : null; |
|
1586 |
|
1587 // If not already loaded in a previous call, load the cached censors |
|
1588 if (!defined('PUN_CENSORS_LOADED')) |
|
1589 { |
|
1590 if (file_exists(PUN_CACHE_DIR.'cache_censors.php')) |
|
1591 include PUN_CACHE_DIR.'cache_censors.php'; |
|
1592 |
|
1593 if (!defined('PUN_CENSORS_LOADED')) |
|
1594 { |
|
1595 require_once PUN_ROOT.'include/cache.php'; |
|
1596 generate_censors_cache(); |
|
1597 require PUN_CACHE_DIR.'cache_censors.php'; |
|
1598 } |
|
1599 |
|
1600 $search_for = array(); |
|
1601 $replace_with = array(); |
|
1602 |
|
1603 foreach ($pun_censors as $censor_key => $cur_word) |
|
1604 { |
|
1605 $search_for[$censor_key] = '/\b('.str_replace('\*', '\w*?', preg_quote($cur_word['search_for'], '/')).')\b/iu'; |
|
1606 $replace_with[$censor_key] = $cur_word['replace_with']; |
|
1607 |
|
1608 ($hook = get_hook('fn_censor_words_setup_regex')) ? eval($hook) : null; |
|
1609 } |
|
1610 } |
|
1611 |
|
1612 if (!empty($search_for)) |
|
1613 $text = substr(preg_replace($search_for, $replace_with, ' '.$text.' '), 1, -1); |
|
1614 |
|
1615 return $text; |
|
1616 } |
|
1617 |
|
1618 |
|
1619 // |
|
1620 // Check if a username is occupied |
|
1621 // |
|
1622 function check_username_dupe($username, $exclude_id = null) |
|
1623 { |
|
1624 global $pun_db; |
|
1625 |
|
1626 ($hook = get_hook('fn_check_username_dupe_start')) ? eval($hook) : null; |
|
1627 |
|
1628 $query = array( |
|
1629 'SELECT' => 'u.username', |
|
1630 'FROM' => 'users AS u', |
|
1631 'WHERE' => '(UPPER(username)=UPPER(\''.$pun_db->escape($username).'\') OR UPPER(username)=UPPER(\''.$pun_db->escape(preg_replace('/[^\w]/u', '', $username)).'\')) AND id>1' |
|
1632 ); |
|
1633 |
|
1634 if ($exclude_id) |
|
1635 $query['WHERE'] .= ' AND id!='.$exclude_id; |
|
1636 |
|
1637 ($hook = get_hook('fn_qr_check_username_dupe')) ? eval($hook) : null; |
|
1638 $result = $pun_db->query_build($query) or error(__FILE__, __LINE__); |
|
1639 |
|
1640 return $pun_db->num_rows($result) ? $pun_db->result($result) : false; |
|
1641 } |
|
1642 |
|
1643 |
|
1644 // |
|
1645 // Determines the correct title for $user |
|
1646 // $user must contain the elements 'username', 'title', 'posts', 'g_id' and 'g_user_title' |
|
1647 // |
|
1648 function get_title($user) |
|
1649 { |
|
1650 global $pun_db, $pun_config, $pun_bans, $lang_common; |
|
1651 static $ban_list, $pun_ranks; |
|
1652 |
|
1653 ($hook = get_hook('fn_get_title_start')) ? eval($hook) : null; |
|
1654 |
|
1655 // If not already built in a previous call, build an array of lowercase banned usernames |
|
1656 if (empty($ban_list)) |
|
1657 { |
|
1658 $ban_list = array(); |
|
1659 |
|
1660 foreach ($pun_bans as $cur_ban) |
|
1661 $ban_list[] = strtolower($cur_ban['username']); |
|
1662 } |
|
1663 |
|
1664 // If not already loaded in a previous call, load the cached ranks |
|
1665 if ($pun_config['o_ranks'] == '1' && !defined('PUN_RANKS_LOADED')) |
|
1666 { |
|
1667 if (file_exists(PUN_CACHE_DIR.'cache_ranks.php')) |
|
1668 include PUN_CACHE_DIR.'cache_ranks.php'; |
|
1669 |
|
1670 if (!defined('PUN_RANKS_LOADED')) |
|
1671 { |
|
1672 require_once PUN_ROOT.'include/cache.php'; |
|
1673 generate_ranks_cache(); |
|
1674 require PUN_CACHE_DIR.'cache_ranks.php'; |
|
1675 } |
|
1676 } |
|
1677 |
|
1678 // If the user has a custom title |
|
1679 if ($user['title'] != '') |
|
1680 $user_title = htmlspecialchars($pun_config['o_censoring'] == '1' ? censor_words($user['title']) : $user['title']); |
|
1681 // If the user is banned |
|
1682 else if (in_array(strtolower($user['username']), $ban_list)) |
|
1683 $user_title = $lang_common['Banned']; |
|
1684 // If the user group has a default user title |
|
1685 else if ($user['g_user_title'] != '') |
|
1686 $user_title = htmlspecialchars($user['g_user_title']); |
|
1687 // If the user is a guest |
|
1688 else if ($user['g_id'] == PUN_GUEST) |
|
1689 $user_title = $lang_common['Guest']; |
|
1690 else |
|
1691 { |
|
1692 // Are there any ranks? |
|
1693 if ($pun_config['o_ranks'] == '1' && !empty($pun_ranks)) |
|
1694 { |
|
1695 @reset($pun_ranks); |
|
1696 while (list(, $cur_rank) = @each($pun_ranks)) |
|
1697 { |
|
1698 if (intval($user['num_posts']) >= $cur_rank['min_posts']) |
|
1699 $user_title = htmlspecialchars($cur_rank['rank']); |
|
1700 } |
|
1701 } |
|
1702 |
|
1703 // If the user didn't "reach" any rank (or if ranks are disabled), we assign the default |
|
1704 if (!isset($user_title)) |
|
1705 $user_title = $lang_common['Member']; |
|
1706 } |
|
1707 |
|
1708 ($hook = get_hook('fn_get_title_end')) ? eval($hook) : null; |
|
1709 |
|
1710 return $user_title; |
|
1711 } |
|
1712 |
|
1713 |
|
1714 // |
|
1715 // Generate a string with numbered links (for multipage scripts) |
|
1716 // |
|
1717 function pun_paginate($num_pages, $cur_page, $link, $args = null) |
|
1718 { |
|
1719 global $pun_url, $lang_common; |
|
1720 |
|
1721 $pages = array(); |
|
1722 $link_to_all = false; |
|
1723 |
|
1724 ($hook = get_hook('fn_paginate_start')) ? eval($hook) : null; |
|
1725 |
|
1726 // If $cur_page == -1, we link to all pages (used in viewforum.php) |
|
1727 if ($cur_page == -1) |
|
1728 { |
|
1729 $cur_page = 1; |
|
1730 $link_to_all = true; |
|
1731 } |
|
1732 |
|
1733 if ($num_pages <= 1) |
|
1734 $pages = array('<strong>1</strong>'); |
|
1735 else |
|
1736 { |
|
1737 // Add a previous page link |
|
1738 if ($num_pages > 1 && $cur_page > 1) |
|
1739 $pages[] = '<a class="prev" href="'.pun_sublink($link, $pun_url['page'], ($cur_page - 1), $args).'">'.$lang_common['Previous'].'</a> '; |
|
1740 |
|
1741 if ($cur_page > 3) |
|
1742 { |
|
1743 $pages[] = '<a href="'.pun_sublink($link, $pun_url['page'], 1, $args).'">1</a>'; |
|
1744 |
|
1745 if ($cur_page > 5) |
|
1746 $pages[] = '…'; |
|
1747 } |
|
1748 |
|
1749 // Don't ask me how the following works. It just does, OK? :-) |
|
1750 for ($current = ($cur_page == 5) ? $cur_page - 3 : $cur_page - 2, $stop = ($cur_page + 4 == $num_pages) ? $cur_page + 4 : $cur_page + 3; $current < $stop; ++$current) |
|
1751 { |
|
1752 if ($current < 1 || $current > $num_pages) |
|
1753 continue; |
|
1754 else if ($current != $cur_page || $link_to_all) |
|
1755 $pages[] = '<a href="'.pun_sublink($link, $pun_url['page'], $current, $args).'">'.$current.'</a>'; |
|
1756 else |
|
1757 $pages[] = '<strong>'.$current.'</strong>'; |
|
1758 } |
|
1759 |
|
1760 if ($cur_page <= ($num_pages-3)) |
|
1761 { |
|
1762 if ($cur_page != ($num_pages-3) && $cur_page != ($num_pages-4)) |
|
1763 $pages[] = '…'; |
|
1764 |
|
1765 $pages[] = '<a href="'.pun_sublink($link, $pun_url['page'], $num_pages, $args).'">'.$num_pages.'</a>'; |
|
1766 } |
|
1767 |
|
1768 // Add a next page link |
|
1769 if ($num_pages > 1 && !$link_to_all && $cur_page < $num_pages) |
|
1770 $pages[] = ' <a class="next" href="'.pun_sublink($link, $pun_url['page'], ($cur_page + 1), $args).'">'.$lang_common['Next'].'</a>'; |
|
1771 } |
|
1772 |
|
1773 ($hook = get_hook('fn_paginate_end')) ? eval($hook) : null; |
|
1774 |
|
1775 return implode($lang_common['Page separator'], $pages); |
|
1776 } |
|
1777 |
|
1778 |
|
1779 // |
|
1780 // Clean version string from trailing '.0's |
|
1781 // |
|
1782 function clean_version($version) |
|
1783 { |
|
1784 return preg_replace('/(\.0)+(?!\.)|(\.0+$)/', '$2', $version); |
|
1785 } |
|
1786 |
|
1787 |
|
1788 // |
|
1789 // Display a message |
|
1790 // |
|
1791 function message($message, $link = '') |
|
1792 { |
|
1793 global $pun_db, $pun_url, $lang_common, $pun_config, $base_url, $pun_start, $tpl_main, $pun_user, $pun_page, $pun_updates; |
|
1794 |
|
1795 ($hook = get_hook('fn_message_start')) ? eval($hook) : null; |
|
1796 |
|
1797 if (!defined('PUN_HEADER')) |
|
1798 { |
|
1799 // Setup breadcrumbs |
|
1800 $pun_page['crumbs'] = array( |
|
1801 array($pun_config['o_board_title'], pun_link($pun_url['index'])), |
|
1802 $lang_common['Info'] |
|
1803 ); |
|
1804 |
|
1805 define('PUN_PAGE', 'message'); |
|
1806 require PUN_ROOT.'header.php'; |
|
1807 } |
|
1808 |
|
1809 ?> |
|
1810 <div id="pun-main" class="main"> |
|
1811 |
|
1812 <h1><span><?php echo end($pun_page['crumbs']) ?></span></h1> |
|
1813 |
|
1814 <div class="main-head"> |
|
1815 <h2><span><?php echo $lang_common['Forum message'] ?></span></h2> |
|
1816 </div> |
|
1817 <div class="main-content message"> |
|
1818 <p><?php echo $message ?> <?php if ($link != '') echo '<span>'.$link.'</span>' ?></p> |
|
1819 </div> |
|
1820 |
|
1821 </div> |
|
1822 <?php |
|
1823 |
|
1824 require PUN_ROOT.'footer.php'; |
|
1825 } |
|
1826 |
|
1827 |
|
1828 // |
|
1829 // Display a form that the user can use to confirm that they want to undertake an action. |
|
1830 // Used when the CSRF token from the request does not match the token stored in the database. |
|
1831 // |
|
1832 function csrf_confirm_form() |
|
1833 { |
|
1834 global $pun_db, $pun_url, $lang_common, $pun_config, $base_url, $pun_start, $tpl_main, $pun_user, $pun_page, $pun_updates; |
|
1835 |
|
1836 // User pressed the cancel button |
|
1837 if (isset($_POST['confirm_cancel'])) |
|
1838 pun_redirect(htmlspecialchars($_POST['prev_url']), $lang_common['Cancel redirect']); |
|
1839 |
|
1840 // |
|
1841 // A helper function for csrf_confirm_form. It takes a multi-dimensional array and returns it as a |
|
1842 // single-dimensional array suitable for use in hidden fields. |
|
1843 // |
|
1844 function _csrf_confirm_form($key, $values) |
|
1845 { |
|
1846 $fields = array(); |
|
1847 |
|
1848 if (is_array($values)) |
|
1849 { |
|
1850 foreach ($values as $cur_key => $cur_values) |
|
1851 $fields = array_merge($fields, _csrf_confirm_form($key.'['.$cur_key.']', $cur_values)); |
|
1852 |
|
1853 return $fields; |
|
1854 } |
|
1855 else |
|
1856 $fields[$key] = $values; |
|
1857 |
|
1858 return $fields; |
|
1859 } |
|
1860 |
|
1861 ($hook = get_hook('fn_csrf_confirm_form_start')) ? eval($hook) : null; |
|
1862 |
|
1863 // Setup breadcrumbs |
|
1864 $pun_page['crumbs'] = array( |
|
1865 array($pun_config['o_board_title'], pun_link($pun_url['index'])), |
|
1866 $lang_common['Confirm action'] |
|
1867 ); |
|
1868 |
|
1869 $pun_page['form_action'] = get_current_url(); |
|
1870 |
|
1871 $pun_page['hidden_fields'] = array( |
|
1872 '<input type="hidden" name="csrf_token" value="'.generate_form_token($pun_page['form_action']).'" />', |
|
1873 '<input type="hidden" name="prev_url" value="'.htmlspecialchars($pun_user['prev_url']).'" />' |
|
1874 ); |
|
1875 |
|
1876 foreach ($_POST as $submitted_key => $submitted_val) |
|
1877 { |
|
1878 if ($submitted_key != 'csrf_token' && $submitted_key != 'prev_url') |
|
1879 { |
|
1880 $hidden_fields = _csrf_confirm_form($submitted_key, $submitted_val); |
|
1881 foreach ($hidden_fields as $field_key => $field_val) |
|
1882 $pun_page['hidden_fields'][] = '<input type="hidden" name="'.htmlspecialchars($field_key).'" value="'.htmlspecialchars($field_val).'" />'; |
|
1883 } |
|
1884 } |
|
1885 |
|
1886 define('PUN_PAGE', 'dialogue'); |
|
1887 require PUN_ROOT.'header.php'; |
|
1888 |
|
1889 ($hook = get_hook('fn_csrf_confirm_form_pre_header_load')) ? eval($hook) : null; |
|
1890 |
|
1891 ?> |
|
1892 <div id="pun-main" class="main"> |
|
1893 |
|
1894 <h1><span><?php echo end($pun_page['crumbs']) ?></span></h1> |
|
1895 |
|
1896 <div class="main-head"> |
|
1897 <h2><span><?php echo $lang_common['Confirm action head'] ?></span></h2> |
|
1898 </div> |
|
1899 <div class="main-content frm"> |
|
1900 <div class="frm-info"> |
|
1901 <p><?php echo $lang_common['CSRF token mismatch'] ?></p> |
|
1902 </div> |
|
1903 <form class="frm-form" method="post" accept-charset="utf-8" action="<?php echo $pun_page['form_action'] ?>"> |
|
1904 <div class="hidden"> |
|
1905 <?php echo implode("\n\t\t\t\t", $pun_page['hidden_fields'])."\n" ?> |
|
1906 </div> |
|
1907 <div class="frm-buttons"> |
|
1908 <span class="submit"><input type="submit" value="<?php echo $lang_common['Confirm'] ?>" /></span> |
|
1909 <span class="cancel"><input type="submit" name="confirm_cancel" value="<?php echo $lang_common['Cancel'] ?>" /></span> |
|
1910 </div> |
|
1911 </form> |
|
1912 </div> |
|
1913 </div> |
|
1914 <?php |
|
1915 |
|
1916 require PUN_ROOT.'footer.php'; |
|
1917 } |
|
1918 |
|
1919 |
|
1920 // |
|
1921 // Generate a hyperlink with parameters and anchor |
|
1922 // |
|
1923 function pun_link($link, $args = null) |
|
1924 { |
|
1925 global $pun_config, $base_url; |
|
1926 |
|
1927 $gen_link = $link; |
|
1928 if ($args == null) |
|
1929 $gen_link = $link; |
|
1930 else if (!is_array($args)) |
|
1931 $gen_link = str_replace('$1', $args, $link); |
|
1932 else |
|
1933 { |
|
1934 for ($i = 0; isset($args[$i]); ++$i) |
|
1935 $gen_link = str_replace('$'.($i + 1), $args[$i], $gen_link); |
|
1936 } |
|
1937 |
|
1938 $gen_link = makeUrlNS('Special', "Forum/$gen_link"); |
|
1939 |
|
1940 ($hook = get_hook('fn_pun_link_end')) ? eval($hook) : null; |
|
1941 |
|
1942 return $gen_link; |
|
1943 } |
|
1944 |
|
1945 |
|
1946 // |
|
1947 // Generate a hyperlink with parameters and anchor and a subsection such as a subpage |
|
1948 // |
|
1949 function pun_sublink($link, $sublink, $subarg, $args = null) |
|
1950 { |
|
1951 global $pun_config, $pun_url, $base_url; |
|
1952 |
|
1953 $gen_link = $link; |
|
1954 if (!is_array($args) && $args != null) |
|
1955 $gen_link = str_replace('$1', $args, $link); |
|
1956 else |
|
1957 { |
|
1958 for ($i = 0; isset($args[$i]); ++$i) |
|
1959 $gen_link = str_replace('$'.($i + 1), $args[$i], $gen_link); |
|
1960 } |
|
1961 |
|
1962 if (isset($pun_url['insertion_find'])) |
|
1963 $gen_link = $base_url.'/'.str_replace($pun_url['insertion_find'], str_replace('$1', str_replace('$1', $subarg, $sublink), $pun_url['insertion_replace']), $gen_link); |
|
1964 else |
|
1965 $gen_link = $base_url.'/'.$gen_link.str_replace('$1', $subarg, $sublink); |
|
1966 |
|
1967 ($hook = get_hook('fn_pun_sublink_end')) ? eval($hook) : null; |
|
1968 |
|
1969 return $gen_link; |
|
1970 } |
|
1971 |
|
1972 |
|
1973 // |
|
1974 // Format a time string according to $time_format and timezones |
|
1975 // |
|
1976 function format_time($timestamp, $date_only = false) |
|
1977 { |
|
1978 global $pun_config, $lang_common, $pun_user, $pun_time_formats, $pun_date_formats; |
|
1979 |
|
1980 ($hook = get_hook('fn_format_time_start')) ? eval($hook) : null; |
|
1981 |
|
1982 if ($timestamp == '') |
|
1983 return $lang_common['Never']; |
|
1984 |
|
1985 $diff = ($pun_user['timezone'] + $pun_user['dst']) * 3600; |
|
1986 $timestamp += $diff; |
|
1987 $now = time(); |
|
1988 |
|
1989 $date = gmdate($pun_date_formats[$pun_user['date_format']], $timestamp); |
|
1990 $base = gmdate('Y-m-d', $timestamp); |
|
1991 $today = gmdate('Y-m-d', $now+$diff); |
|
1992 $yesterday = gmdate('Y-m-d', $now+$diff-86400); |
|
1993 |
|
1994 if ($base == $today) |
|
1995 $date = $lang_common['Today']; |
|
1996 else if ($base == $yesterday) |
|
1997 $date = $lang_common['Yesterday']; |
|
1998 |
|
1999 if (!$date_only) |
|
2000 $date .= ' '.gmdate($pun_time_formats[$pun_user['time_format']], $timestamp); |
|
2001 |
|
2002 return $date; |
|
2003 } |
|
2004 |
|
2005 |
|
2006 // |
|
2007 // Generate a random key of length $len |
|
2008 // |
|
2009 function random_key($len, $readable = false, $hash = false) |
|
2010 { |
|
2011 $key = ''; |
|
2012 |
|
2013 if ($hash) |
|
2014 $key = substr(sha1(uniqid(rand(), true)), 0, $len); |
|
2015 else if ($readable) |
|
2016 { |
|
2017 $chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789'; |
|
2018 |
|
2019 for ($i = 0; $i < $len; ++$i) |
|
2020 $key .= substr($chars, (mt_rand() % strlen($chars)), 1); |
|
2021 } |
|
2022 else |
|
2023 { |
|
2024 for ($i = 0; $i < $len; ++$i) |
|
2025 $key .= chr(mt_rand(33, 126)); |
|
2026 } |
|
2027 |
|
2028 ($hook = get_hook('fn_random_key_end')) ? eval($hook) : null; |
|
2029 |
|
2030 return $key; |
|
2031 } |
|
2032 |
|
2033 |
|
2034 // |
|
2035 // Generates a valid CSRF token for use when submitting a form to $target_url |
|
2036 // $target_url should be an absolute URL and it should be exactly the URL that the user is going to |
|
2037 // Alternately, if the form token is going to be used in GET (which would mean the token is going to be |
|
2038 // a part of the URL itself), $target_url may be a plain string containing information related to the URL. |
|
2039 // |
|
2040 function generate_form_token ($target_url) |
|
2041 { |
|
2042 global $pun_user; |
|
2043 |
|
2044 ($hook = get_hook('fn_generate_form_token_start')) ? eval($hook) : null; |
|
2045 |
|
2046 return sha1(str_replace('&', '&', $target_url).$pun_user['csrf_token']); |
|
2047 } |
|
2048 |
|
2049 // |
|
2050 // Try to determine the correct remote IP-address |
|
2051 // |
|
2052 function get_remote_address() |
|
2053 { |
|
2054 ($hook = get_hook('fn_get_remote_address_start')) ? eval($hook) : null; |
|
2055 |
|
2056 return $_SERVER['REMOTE_ADDR']; |
|
2057 } |
|
2058 |
|
2059 |
|
2060 // |
|
2061 // Try to determine the current URL |
|
2062 // |
|
2063 function get_current_url() |
|
2064 { |
|
2065 global $base_url; |
|
2066 |
|
2067 ($hook = get_hook('fn_get_current_url')) ? eval($hook) : null; |
|
2068 |
|
2069 $protocol = (!isset($_SERVER['HTTPS']) || strtolower($_SERVER['HTTPS']) == 'off') ? 'http://' : 'https://'; |
|
2070 $port = (isset($_SERVER['SERVER_PORT']) && $_SERVER['SERVER_PORT'] != '80' && strpos($_SERVER['HTTP_HOST'], ':') === false) ? ':'.$_SERVER['SERVER_PORT'] : ''; |
|
2071 |
|
2072 return /* $protocol.$_SERVER['HTTP_HOST'].$port. */ $_SERVER['REQUEST_URI']; |
|
2073 } |
|
2074 |
|
2075 |
|
2076 // |
|
2077 // An UTF-8 aware version of strlen() |
|
2078 // |
|
2079 function pun_strlen($str) |
|
2080 { |
|
2081 return strlen(utf8_decode($str)); |
|
2082 } |
|
2083 |
|
2084 |
|
2085 // |
|
2086 // Convert \r\n and \r to \n |
|
2087 // |
|
2088 function pun_linebreaks($str) |
|
2089 { |
|
2090 return str_replace(array("\r\n", "\r"), "\n", $str); |
|
2091 } |
|
2092 |
|
2093 |
|
2094 // |
|
2095 // Inserts $element into $input at $offset |
|
2096 // |
|
2097 function array_insert(&$input, $offset, $element) |
|
2098 { |
|
2099 // Out of bounds checks |
|
2100 if ($offset > count($input)) |
|
2101 $offset = count($input); |
|
2102 else if ($offset < 0) |
|
2103 $offset = 0; |
|
2104 |
|
2105 array_splice($input, $offset, 0, 0); |
|
2106 $input[$offset] = $element; |
|
2107 } |
|
2108 |
|
2109 |
|
2110 // |
|
2111 // Attempts to fetch the provided URL using any available means |
|
2112 // |
|
2113 function get_remote_file($url, $timeout, $head_only = false) |
|
2114 { |
|
2115 $result = null; |
|
2116 $parsed_url = parse_url($url); |
|
2117 $allow_url_fopen = strtolower(@ini_get('allow_url_fopen')); |
|
2118 |
|
2119 // Quite unlikely that this will be allowed on a shared host, but it can't hurt |
|
2120 if (function_exists('ini_set')) |
|
2121 @ini_set('default_socket_timeout', $timeout); |
|
2122 |
|
2123 // If we have cURL, we might as well use it |
|
2124 if (function_exists('curl_init')) |
|
2125 { |
|
2126 // Setup the transfer |
|
2127 $ch = curl_init(); |
|
2128 curl_setopt($ch, CURLOPT_URL, $url); |
|
2129 curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_0); |
|
2130 curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); |
|
2131 curl_setopt($ch, CURLOPT_HEADER, true); |
|
2132 curl_setopt($ch, CURLOPT_NOBODY, $head_only); |
|
2133 curl_setopt($ch, CURLOPT_TIMEOUT, $timeout); |
|
2134 curl_setopt($ch, CURLOPT_USERAGENT, 'PunBB'); |
|
2135 |
|
2136 // Grab the page |
|
2137 $content = @curl_exec($ch); |
|
2138 |
|
2139 // Ignore everything except a 200 response code |
|
2140 if ($content !== false && curl_getinfo($ch, CURLINFO_HTTP_CODE) == '200') |
|
2141 { |
|
2142 if ($head_only) |
|
2143 $result['headers'] = explode("\r\n", trim($content)); |
|
2144 else |
|
2145 { |
|
2146 $content_start = strpos($content, "\r\n\r\n"); |
|
2147 if ($content_start !== false) |
|
2148 { |
|
2149 $result['headers'] = explode("\r\n", substr($content, 0, $content_start)); |
|
2150 $result['content'] = trim(substr($content, $content_start)); |
|
2151 } |
|
2152 } |
|
2153 } |
|
2154 |
|
2155 curl_close($ch); |
|
2156 } |
|
2157 // fsockopen() is the second best thing |
|
2158 else if (function_exists('fsockopen')) |
|
2159 { |
|
2160 $remote = @fsockopen($parsed_url['host'], !empty($parsed_url['port']) ? intval($parsed_url['port']) : 80, $errno, $errstr, $timeout); |
|
2161 if ($remote) |
|
2162 { |
|
2163 // Send a standard HTTP 1.0 request for the page |
|
2164 $method = $head_only ? 'HEAD' : 'GET'; |
|
2165 fwrite($remote, ($head_only ? 'HEAD' : 'GET').' '.(!empty($parsed_url['path']) ? $parsed_url['path'] : '/').(!empty($parsed_url['query']) ? '?'.$parsed_url['query'] : '').' HTTP/1.0'."\r\n"); |
|
2166 fwrite($remote, 'Host: '.$parsed_url['host']."\r\n"); |
|
2167 fwrite($remote, 'User-Agent: PunBB'."\r\n"); |
|
2168 fwrite($remote, 'Connection: Close'."\r\n\r\n"); |
|
2169 |
|
2170 stream_set_timeout($remote, $timeout); |
|
2171 $stream_meta = stream_get_meta_data($remote); |
|
2172 |
|
2173 // Fetch the response 1024 bytes at a time and watch out for a timeout |
|
2174 $content = false; |
|
2175 while (!feof($remote) && !$stream_meta['timed_out']) |
|
2176 { |
|
2177 $content .= fgets($remote, 1024); |
|
2178 $stream_meta = stream_get_meta_data($remote); |
|
2179 } |
|
2180 |
|
2181 fclose($remote); |
|
2182 |
|
2183 // Ignore everything except a 200 response code (we don't support redirects) |
|
2184 if ($content !== false && preg_match('#^HTTP/1.[01] 200 OK#', $content)) |
|
2185 { |
|
2186 if ($head_only) |
|
2187 $result['headers'] = explode("\r\n", trim($content)); |
|
2188 else |
|
2189 { |
|
2190 $content_start = strpos($content, "\r\n\r\n"); |
|
2191 if ($content_start !== false) |
|
2192 { |
|
2193 $result['headers'] = explode("\r\n", substr($content, 0, $content_start)); |
|
2194 $result['content'] = trim(substr($content, $content_start)); |
|
2195 } |
|
2196 } |
|
2197 } |
|
2198 } |
|
2199 } |
|
2200 // Last case scenario, we use file_get_contents provided allow_url_fopen is enabled (any non 200 response results in a failure) |
|
2201 else if (in_array($allow_url_fopen, array('on', 'true', '1'))) |
|
2202 { |
|
2203 // PHP5's version of file_get_contents() supports stream options |
|
2204 if (version_compare(PHP_VERSION, '5.0.0', '>=')) |
|
2205 { |
|
2206 // Setup a stream context |
|
2207 $stream_context = stream_context_create( |
|
2208 array( |
|
2209 'http' => array( |
|
2210 'method' => $head_only ? 'HEAD' : 'GET', |
|
2211 'user_agent' => 'PunBB', |
|
2212 'max_redirects' => 3, // PHP >=5.1.0 only |
|
2213 'timeout' => $timeout // PHP >=5.2.1 only |
|
2214 ) |
|
2215 ) |
|
2216 ); |
|
2217 |
|
2218 $content = @file_get_contents($url, false, $stream_context); |
|
2219 } |
|
2220 else |
|
2221 $content = @file_get_contents($url); |
|
2222 |
|
2223 // Did we get anything? |
|
2224 if ($content !== false) |
|
2225 { |
|
2226 // Gotta love the fact that $http_response_header just appears in the global scope (*cough* hack! *cough*) |
|
2227 $result['headers'] = $http_response_header; |
|
2228 if (!$head_only) |
|
2229 $result['content'] = trim($content); |
|
2230 } |
|
2231 } |
|
2232 |
|
2233 return $result; |
|
2234 } |
|
2235 |
|
2236 |
|
2237 // |
|
2238 // Display a message when board is in maintenance mode |
|
2239 // |
|
2240 function maintenance_message() |
|
2241 { |
|
2242 global $pun_db, $pun_config, $lang_common, $pun_user, $base_url; |
|
2243 |
|
2244 ($hook = get_hook('fn_maintenance_message_start')) ? eval($hook) : null; |
|
2245 |
|
2246 // Deal with newlines, tabs and multiple spaces |
|
2247 $pattern = array("\t\t", ' ', ' '); |
|
2248 $replace = array('    ', '  ', '  '); |
|
2249 $message = str_replace($pattern, $replace, $pun_config['o_maintenance_message']); |
|
2250 |
|
2251 // Send the Content-type header in case the web server is setup to send something else |
|
2252 header('Content-type: text/html; charset=utf-8'); |
|
2253 |
|
2254 // Send a 503 HTTP response code to prevent search bots from indexing the maintenace message |
|
2255 header('HTTP/1.1 503 Service Temporarily Unavailable'); |
|
2256 |
|
2257 // Load the maintenance template |
|
2258 $tpl_maint = trim(file_get_contents(PUN_ROOT.'include/template/maintenance.tpl')); |
|
2259 |
|
2260 // START SUBST - <!-- pun_local --> |
|
2261 $tpl_maint = str_replace('<!-- pun_local -->', 'xml:lang="'.$lang_common['lang_identifier'].'" lang="'.$lang_common['lang_identifier'].'" dir="'.$lang_common['lang_direction'].'"', $tpl_maint); |
|
2262 // END SUBST - <!-- pun_local --> |
|
2263 |
|
2264 |
|
2265 // START SUBST - <!-- pun_head --> |
|
2266 ob_start(); |
|
2267 |
|
2268 ?> |
|
2269 <title><?php echo $lang_common['Maintenance'].' - '.htmlspecialchars($pun_config['o_board_title']) ?></title> |
|
2270 <link rel="stylesheet" type="text/css" media="screen" href="<?php echo $base_url ?>/style/<?php echo $pun_user['style'] ?>/<?php echo $pun_user['style'].'.css' ?>" /> |
|
2271 <!--[if lte IE 6]><link rel="stylesheet" type="text/css" href="<?php echo $base_url ?>/style/<?php echo $pun_user['style'] ?>/<?php echo $pun_user['style'].'_fix.css' ?>" /><![endif]--> |
|
2272 <!--[if IE 7]><link rel="stylesheet" type="text/css" href="<?php echo $base_url ?>/style/<?php echo $pun_user['style'] ?>/<?php echo $pun_user['style'].'_fix7.css' ?>" /><![endif]--> |
|
2273 <?php |
|
2274 |
|
2275 $tpl_temp = trim(ob_get_contents()); |
|
2276 $tpl_maint = str_replace('<!-- pun_head -->', $tpl_temp, $tpl_maint); |
|
2277 ob_end_clean(); |
|
2278 // END SUBST - <!-- pun_head --> |
|
2279 |
|
2280 |
|
2281 // START SUBST - <!-- pun_maint_main --> |
|
2282 ob_start(); |
|
2283 |
|
2284 ?> |
|
2285 <div id="pun-main" class="main"> |
|
2286 |
|
2287 <h1><span><?php echo $lang_common['Maintenance'] ?></span></h1> |
|
2288 |
|
2289 <div class="main-content message"> |
|
2290 <div class="userbox"> |
|
2291 <?php echo $message."\n" ?> |
|
2292 </div> |
|
2293 </div> |
|
2294 |
|
2295 </div> |
|
2296 <?php |
|
2297 |
|
2298 $tpl_temp = "\t".trim(ob_get_contents()); |
|
2299 $tpl_maint = str_replace('<!-- pun_maint_main -->', $tpl_temp, $tpl_maint); |
|
2300 ob_end_clean(); |
|
2301 // END SUBST - <!-- pun_maint_main --> |
|
2302 |
|
2303 |
|
2304 // End the transaction |
|
2305 $pun_db->end_transaction(); |
|
2306 |
|
2307 |
|
2308 // START SUBST - <!-- pun_include "*" --> |
|
2309 while (preg_match('#<!-- ?pun_include "([^/\\\\]*?)" ?-->#', $tpl_maint, $cur_include)) |
|
2310 { |
|
2311 if (!file_exists(PUN_ROOT.'include/user/'.$cur_include[1])) |
|
2312 error('Unable to process user include <!-- pun_include "'.htmlspecialchars($cur_include[1]).'" --> from template maintenance.tpl. There is no such file in folder /include/user/.'); |
|
2313 |
|
2314 ob_start(); |
|
2315 include PUN_ROOT.'include/user/'.$cur_include[1]; |
|
2316 $tpl_temp = ob_get_contents(); |
|
2317 $tpl_maint = str_replace($cur_include[0], $tpl_temp, $tpl_maint); |
|
2318 ob_end_clean(); |
|
2319 } |
|
2320 // END SUBST - <!-- pun_include "*" --> |
|
2321 |
|
2322 |
|
2323 // Close the db connection (and free up any result data) |
|
2324 $pun_db->close(); |
|
2325 |
|
2326 exit($tpl_maint); |
|
2327 } |
|
2328 |
|
2329 |
|
2330 // |
|
2331 // Display $message and redirect user to $destination_url |
|
2332 // |
|
2333 function pun_redirect($destination_url, $message) |
|
2334 { |
|
2335 global $pun_db, $pun_config, $lang_common, $pun_user, $base_url; |
|
2336 |
|
2337 ($hook = get_hook('fn_redirect_start')) ? eval($hook) : null; |
|
2338 |
|
2339 // Prefix with base_url (unless it's there already) |
|
2340 // if (strpos($destination_url, 'http') !== 0) |
|
2341 // $destination_url = $base_url.'/'.$destination_url; |
|
2342 |
|
2343 // Do a little spring cleaning |
|
2344 $destination_url = preg_replace('/([\r\n])|(%0[ad])|(;[\s]*data[\s]*:)/i', '', $destination_url); |
|
2345 |
|
2346 // If the delay is 0 seconds, we might as well skip the redirect all together |
|
2347 if ($pun_config['o_redirect_delay'] == '0') |
|
2348 header('Location: '.str_replace('&', '&', $destination_url)); |
|
2349 |
|
2350 // Send no-cache headers |
|
2351 header('Expires: Thu, 21 Jul 1977 07:30:00 GMT'); // When yours truly first set eyes on this world! :) |
|
2352 header('Last-Modified: '.gmdate('D, d M Y H:i:s').' GMT'); |
|
2353 header('Cache-Control: post-check=0, pre-check=0', false); |
|
2354 header('Pragma: no-cache'); // For HTTP/1.0 compability |
|
2355 |
|
2356 // Send the Content-type header in case the web server is setup to send something else |
|
2357 header('Content-type: text/html; charset=utf-8'); |
|
2358 |
|
2359 // Load the redirect template |
|
2360 $tpl_redir = trim(file_get_contents(PUN_ROOT.'include/template/redirect.tpl')); |
|
2361 |
|
2362 |
|
2363 // START SUBST - <!-- pun_local --> |
|
2364 $tpl_redir = str_replace('<!-- pun_local -->', 'xml:lang="'.$lang_common['lang_identifier'].'" lang="'.$lang_common['lang_identifier'].'" dir="'.$lang_common['lang_direction'].'"', $tpl_redir); |
|
2365 // END SUBST - <!-- pun_local --> |
|
2366 |
|
2367 |
|
2368 // START SUBST - <!-- pun_head --> |
|
2369 ob_start(); |
|
2370 |
|
2371 ?> |
|
2372 <meta http-equiv="refresh" content="<?php echo $pun_config['o_redirect_delay'] ?>;URL=<?php echo str_replace(array('<', '>', '"'), array('<', '>', '"'), $destination_url) ?>" /> |
|
2373 <title><?php echo $lang_common['Redirecting'].' - '.htmlspecialchars($pun_config['o_board_title']) ?></title> |
|
2374 <?php |
|
2375 |
|
2376 // Include the stylesheets |
|
2377 require PUN_ROOT.'style/'.$pun_user['style'].'/'.$pun_user['style'].'.php'; |
|
2378 |
|
2379 $tpl_temp = "\t".trim(ob_get_contents()); |
|
2380 $tpl_redir = str_replace('<!-- pun_head -->', $tpl_temp, $tpl_redir); |
|
2381 ob_end_clean(); |
|
2382 // END SUBST - <!-- pun_head --> |
|
2383 |
|
2384 |
|
2385 // START SUBST - <!-- pun_redir_main --> |
|
2386 ob_start(); |
|
2387 |
|
2388 ?> |
|
2389 <div id="pun-main" class="main"> |
|
2390 |
|
2391 <h1><span><?php echo $lang_common['Redirecting'] ?></span></h1> |
|
2392 |
|
2393 <div class="main-head"> |
|
2394 <h2><span><?php echo $message ?></span></h2> |
|
2395 </div> |
|
2396 <div class="main-content message"> |
|
2397 <p><?php printf($lang_common['Forwarding info'], $pun_config['o_redirect_delay']) ?><span> <a href="<?php echo $destination_url ?>"><?php echo $lang_common['Click redirect'] ?></a></span></p> |
|
2398 </div> |
|
2399 |
|
2400 </div> |
|
2401 <?php |
|
2402 |
|
2403 $tpl_temp = "\t".trim(ob_get_contents()); |
|
2404 $tpl_redir = str_replace('<!-- pun_redir_main -->', $tpl_temp, $tpl_redir); |
|
2405 ob_end_clean(); |
|
2406 // END SUBST - <!-- pun_redir_main --> |
|
2407 |
|
2408 |
|
2409 // START SUBST - <!-- pun_debug --> |
|
2410 if (defined('PUN_SHOW_QUERIES')) |
|
2411 $tpl_redir = str_replace('<!-- pun_debug -->', get_saved_queries(), $tpl_redir); |
|
2412 |
|
2413 // End the transaction |
|
2414 $pun_db->end_transaction(); |
|
2415 // END SUBST - <!-- pun_debug --> |
|
2416 |
|
2417 |
|
2418 // START SUBST - <!-- pun_include "*" --> |
|
2419 while (preg_match('#<!-- ?pun_include "([^/\\\\]*?)" ?-->#', $tpl_redir, $cur_include)) |
|
2420 { |
|
2421 if (!file_exists(PUN_ROOT.'include/user/'.$cur_include[1])) |
|
2422 error('Unable to process user include <!-- pun_include "'.htmlspecialchars($cur_include[1]).'" --> from template redirect.tpl. There is no such file in folder /include/user/.'); |
|
2423 |
|
2424 ob_start(); |
|
2425 include PUN_ROOT.'include/user/'.$cur_include[1]; |
|
2426 $tpl_temp = ob_get_contents(); |
|
2427 $tpl_redir = str_replace($cur_include[0], $tpl_temp, $tpl_redir); |
|
2428 ob_end_clean(); |
|
2429 } |
|
2430 // END SUBST - <!-- pun_include "*" --> |
|
2431 |
|
2432 |
|
2433 // Close the db connection (and free up any result data) |
|
2434 $pun_db->close(); |
|
2435 |
|
2436 exit($tpl_redir); |
|
2437 } |
|
2438 |
|
2439 |
|
2440 // |
|
2441 // Display a simple error message |
|
2442 // |
|
2443 function error() |
|
2444 { |
|
2445 global $pun_config; |
|
2446 |
|
2447 /* |
|
2448 Parse input parameters. Possible function signatures: |
|
2449 error('Error message.'); |
|
2450 error(__FILE__, __LINE__); |
|
2451 error('Error message.', __FILE__, __LINE__); |
|
2452 */ |
|
2453 $num_args = func_num_args(); |
|
2454 if ($num_args == 3) |
|
2455 { |
|
2456 $message = func_get_arg(0); |
|
2457 $file = func_get_arg(1); |
|
2458 $line = func_get_arg(2); |
|
2459 } |
|
2460 else if ($num_args == 2) |
|
2461 { |
|
2462 $file = func_get_arg(0); |
|
2463 $line = func_get_arg(1); |
|
2464 } |
|
2465 else if ($num_args == 1) |
|
2466 $message = func_get_arg(0); |
|
2467 |
|
2468 // Set a default title if the script failed before $pun_config could be populated |
|
2469 if (empty($pun_config)) |
|
2470 $pun_config['o_board_title'] = 'PunBB'; |
|
2471 |
|
2472 // Empty all output buffers and stop buffering |
|
2473 while (@ob_end_clean()); |
|
2474 |
|
2475 // "Restart" output buffering if we are using ob_gzhandler (since the gzip header is already sent) |
|
2476 if (!empty($pun_config['o_gzip']) && extension_loaded('zlib') && (strpos($_SERVER['HTTP_ACCEPT_ENCODING'], 'gzip') !== false || strpos($_SERVER['HTTP_ACCEPT_ENCODING'], 'deflate') !== false)) |
|
2477 ob_start('ob_gzhandler'); |
|
2478 |
|
2479 ?> |
|
2480 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> |
|
2481 |
|
2482 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr"> |
|
2483 <head> |
|
2484 <title>Error - <?php echo htmlspecialchars($pun_config['o_board_title']) ?></title> |
|
2485 </head> |
|
2486 <body style="margin: 40px; font: 85%/130% verdana, arial, sans-serif; color: #333;"> |
|
2487 |
|
2488 <h1>An error was encountered</h1> |
|
2489 <hr /> |
|
2490 <?php |
|
2491 |
|
2492 if (isset($message)) |
|
2493 echo '<p>'.$message.'</p>'."\n"; |
|
2494 |
|
2495 if ($num_args > 1) |
|
2496 { |
|
2497 if (defined('PUN_DEBUG')) |
|
2498 { |
|
2499 if (isset($file) && isset($line)) |
|
2500 echo '<p><em>The error occurred on line '.$line.' in '.$file.'</em></p>'."\n"; |
|
2501 |
|
2502 $db_error = isset($GLOBALS['pun_db']) ? $GLOBALS['pun_db']->error() : array(); |
|
2503 if (!empty($db_error['error_msg'])) |
|
2504 { |
|
2505 echo '<p><strong>Database reported:</strong> '.htmlspecialchars($db_error['error_msg']).(($db_error['error_no']) ? ' (Errno: '.$db_error['error_no'].')' : '').'.</p>'."\n"; |
|
2506 |
|
2507 if ($db_error['error_sql'] != '') |
|
2508 echo '<p><strong>Failed query:</strong> <code>'.htmlspecialchars($db_error['error_sql']).'</code></p>'."\n"; |
|
2509 } |
|
2510 } |
|
2511 else |
|
2512 echo '<p><strong>Note:</strong> For detailed error information (necessary for troubleshooting), enable "DEBUG mode". To enable "DEBUG mode", open up the file include/common.php in a text editor and locate the line "//define(\'PUN_DEBUG\', 1);". It it located at the very top of the file below the software license preamble. Then remove the two slashes in the beginning of the line and save/upload the script. Once you\'ve solved the problem, it is recommended that "DEBUG mode" be turned off again (just add the two slashes back again).</p>'."\n"; |
|
2513 } |
|
2514 |
|
2515 ?> |
|
2516 |
|
2517 </body> |
|
2518 </html> |
|
2519 <?php |
|
2520 |
|
2521 // If a database connection was established (before this error) we close it |
|
2522 if (isset($GLOBALS['db'])) |
|
2523 $GLOBALS['db']->close(); |
|
2524 |
|
2525 exit; |
|
2526 } |
|
2527 |
|
2528 |
|
2529 // |
|
2530 // Unset any variables instantiated as a result of register_globals being enabled |
|
2531 // |
|
2532 function pun_unregister_globals() |
|
2533 { |
|
2534 $register_globals = @ini_get('register_globals'); |
|
2535 if ($register_globals === "" || $register_globals === "0" || strtolower($register_globals) === "off") |
|
2536 return; |
|
2537 |
|
2538 // Prevent script.php?GLOBALS[foo]=bar |
|
2539 if (isset($_REQUEST['GLOBALS']) || isset($_FILES['GLOBALS'])) |
|
2540 exit('I\'ll have a steak sandwich and... a steak sandwich.'); |
|
2541 |
|
2542 // Variables that shouldn't be unset |
|
2543 $no_unset = array('GLOBALS', '_GET', '_POST', '_COOKIE', '_REQUEST', '_SERVER', '_ENV', '_FILES'); |
|
2544 |
|
2545 // Remove elements in $GLOBALS that are present in any of the superglobals |
|
2546 $input = array_merge($_GET, $_POST, $_COOKIE, $_SERVER, $_ENV, $_FILES, isset($_SESSION) && is_array($_SESSION) ? $_SESSION : array()); |
|
2547 foreach ($input as $k => $v) |
|
2548 { |
|
2549 if (!in_array($k, $no_unset) && isset($GLOBALS[$k])) |
|
2550 { |
|
2551 unset($GLOBALS[$k]); |
|
2552 unset($GLOBALS[$k]); // Double unset to circumvent the zend_hash_del_key_or_index hole in PHP <4.4.3 and <5.1.4 |
|
2553 } |
|
2554 } |
|
2555 } |
|
2556 |
|
2557 |
|
2558 // DEBUG FUNCTIONS BELOW |
|
2559 |
|
2560 // |
|
2561 // Display executed queries (if enabled) |
|
2562 // |
|
2563 function get_saved_queries() |
|
2564 { |
|
2565 global $pun_db, $lang_common; |
|
2566 |
|
2567 // Get the queries so that we can print them out |
|
2568 $saved_queries = $pun_db->get_saved_queries(); |
|
2569 |
|
2570 $output = ' |
|
2571 <div id="pun-debug" class="main"> |
|
2572 |
|
2573 <div class="main-head"> |
|
2574 <h2><span>'.$lang_common['Debug table'].'</span></h2> |
|
2575 </div> |
|
2576 |
|
2577 <div class="main-content debug"> |
|
2578 <table cellspacing="0" summary="Database query performance information"> |
|
2579 <thead> |
|
2580 <tr> |
|
2581 <th class="tcl" scope="col">Time (s)</th> |
|
2582 <th class="tcr" scope="col">Query</th> |
|
2583 </tr> |
|
2584 </thead> |
|
2585 <tbody> |
|
2586 '; |
|
2587 |
|
2588 $query_time_total = 0.0; |
|
2589 while (list(, $cur_query) = @each($saved_queries)) |
|
2590 { |
|
2591 $query_time_total += $cur_query[1]; |
|
2592 |
|
2593 $output .= ' |
|
2594 <tr> |
|
2595 <td class="tcl">'.(($cur_query[1] != 0) ? $cur_query[1] : ' ').'</td> |
|
2596 <td class="tcr">'.htmlspecialchars($cur_query[0]).'</td> |
|
2597 </tr> |
|
2598 '; |
|
2599 |
|
2600 } |
|
2601 |
|
2602 $output .= ' |
|
2603 <tr class="totals"> |
|
2604 <td class="tcl"><em>'.$query_time_total.' s</em></td> |
|
2605 <td class="tcr"><em>Total query time</em></td> |
|
2606 </tr> |
|
2607 </tbody> |
|
2608 </table> |
|
2609 </div> |
|
2610 </div> |
|
2611 '; |
|
2612 |
|
2613 return $output; |
|
2614 } |
|
2615 |
|
2616 |
|
2617 // |
|
2618 // Dump contents of variable(s) |
|
2619 // |
|
2620 function dump() |
|
2621 { |
|
2622 echo '<pre>'; |
|
2623 |
|
2624 $num_args = func_num_args(); |
|
2625 |
|
2626 for ($i = 0; $i < $num_args; ++$i) |
|
2627 { |
|
2628 print_r(func_get_arg($i)); |
|
2629 echo "\n\n"; |
|
2630 } |
|
2631 |
|
2632 echo '</pre>'; |
|
2633 exit; |
|
2634 } |