diff -r 5e1f1e916419 -r 98bbc533541c punbb/include/functions.php --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/punbb/include/functions.php Sun Apr 06 00:28:50 2008 -0400 @@ -0,0 +1,2634 @@ + 'eu.username AS username, u.*, g.*, o.logged, o.idle, o.csrf_token, o.prev_url', + 'FROM' => 'users AS u', + 'JOINS' => array( + array( + 'INNER JOIN' => 'groups AS g', + 'ON' => 'g.g_id=u.group_id' + ), + array( + 'LEFT JOIN' => 'online AS o', + 'ON' => 'o.user_id=u.id' + ) + ) + ); + + // Are we looking for a user ID or a username? + $query['WHERE'] = is_int($user) ? 'u.id='.intval($user) : 'u.username=\''.$pun_db->escape($user).'\''; + + ($hook = get_hook('fn_qr_get_user')) ? eval($hook) : null; + $result = $pun_db->query_build($query) or error(__FILE__, __LINE__); + $pun_user = $pun_db->fetch_assoc($result); + + if (!isset($pun_user['id']) || + ($password_is_hash && $password != $pun_user['password']) || + (!$password_is_hash && sha1($pun_user['salt'].sha1($password)) != $pun_user['password'])) + set_default_user(); + + ($hook = get_hook('fn_authenticate_user_end')) ? eval($hook) : null; +} + +// +// Replacement for authenticate_user() for Enano. +// + +function authenticate_user_enano() +{ + global $pun_db, $pun_user; + // import Enano globals + global $db, $session, $paths, $template, $plugins; // Common objects + + ($hook = get_hook('fn_authenticate_user_start')) ? eval($hook) : null; + + // Check if there's a user matching $user and $password + $query = array( + 'SELECT' => 'eu.username AS username_authoritative, u.*, u.username AS bla, g.*, o.logged, o.idle, o.csrf_token, o.prev_url', + 'FROM' => $pun_db->prefix . 'users AS u', + 'JOINS' => array( + array( + 'LEFT JOIN' => table_prefix . 'users AS eu', + 'ON' => 'eu.user_id = u.id' + ), + array( + 'INNER JOIN' => $pun_db->prefix . 'groups AS g', + 'ON' => 'g.g_id=u.group_id' + ), + array( + 'LEFT JOIN' => $pun_db->prefix . 'online AS o', + 'ON' => 'o.user_id=u.id' + ) + ), + 'PARAMS' => array( + 'NO_PREFIX' => '' + ) + ); + + // Are we looking for a user ID or a username? + $query['WHERE'] = 'u.id=' . $session->user_id; + + ($hook = get_hook('fn_qr_get_user')) ? eval($hook) : null; + $result = $pun_db->query_build($query) or error(__FILE__, __LINE__); + $pun_user = $pun_db->fetch_assoc($result); + $pun_user['username'] =& $pun_user['username_authoritative']; + + if (!$session->user_logged_in) + set_default_user(); + + ($hook = get_hook('fn_authenticate_user_end')) ? eval($hook) : null; +} + +// +// Attempt to login with the user ID and password hash from the cookie +// +function cookie_login(&$pun_user) +{ + global $pun_db, $db_type, $pun_config, $cookie_name, $cookie_path, $cookie_domain, $cookie_secure, $pun_time_formats, $pun_date_formats; + // import Enano globals + global $db, $session, $paths, $template, $plugins; // Common objects + + ($hook = get_hook('fn_cookie_login_start')) ? eval($hook) : null; + + $now = time(); + + ($hook = get_hook('fn_cookie_login_fetch_cookie')) ? eval($hook) : null; + + if ( $session->user_logged_in ) + { + authenticate_user_enano(); + + // If we got back the default user, the login failed + if ($pun_user['id'] == '1') + { + // pun_setcookie($cookie_name, base64_encode('1|'.random_key(8, true)), $expire); + return; + } + + // Set a default language if the user selected language no longer exists + if (!@file_exists(PUN_ROOT.'lang/'.$pun_user['language'])) + $pun_user['language'] = $pun_config['o_default_lang']; + + // Set a default style if the user selected style no longer exists + if (!@file_exists(PUN_ROOT.'style/'.$pun_user['style'].'/'.$pun_user['style'].'.css')) + $pun_user['style'] = $pun_config['o_default_style']; + + if (!$pun_user['disp_topics']) + $pun_user['disp_topics'] = $pun_config['o_disp_topics_default']; + if (!$pun_user['disp_posts']) + $pun_user['disp_posts'] = $pun_config['o_disp_posts_default']; + + if ($pun_user['save_pass'] == '0') + $expire = 0; + + // Check user has a valid date and time format + if (!isset($pun_time_formats[$pun_user['time_format']])) + $pun_user['time_format'] = 0; + if (!isset($pun_date_formats[$pun_user['date_format']])) + $pun_user['date_format'] = 0; + + // Define this if you want this visit to affect the online list and the users last visit data + if (!defined('PUN_QUIET_VISIT')) + { + // Update the online list + if (!$pun_user['logged']) + { + $pun_user['logged'] = $now; + $pun_user['csrf_token'] = random_key(40, false, true); + $pun_user['prev_url'] = get_current_url(); + + // With MySQL/MySQLi/SQLite, REPLACE INTO avoids a user having two rows in the online table + switch ($db_type) + { + case 'pgsql': + $query = 'INSERT INTO '.$pun_db->prefix.'online (user_id, ident, logged, csrf_token, prev_url) SELECT '.$pun_user['id'].', \''.$pun_db->escape($pun_user['username']).'\', '.$pun_user['logged'].', \''.$pun_user['csrf_token'].'\', \''.$pun_db->escape($pun_user['prev_url']).'\' FROM '.$pun_db->prefix.'users WHERE id = '.$pun_user['id'].' AND NOT EXISTS (SELECT 1 FROM '.$pun_db->prefix.'online WHERE user_id='.$pun_user['id'].')'; + ($hook = get_hook('fn_qr_add_online_user')) ? eval($hook) : null; + $pun_db->query($query) or error(__FILE__, __LINE__); + break; + + default: + $query = array( + 'REPLACE' => 'user_id, ident, logged, csrf_token, prev_url', + 'INTO' => 'online', + 'VALUES' => $pun_user['id'].', \''.$pun_db->escape($pun_user['username']).'\', '.$pun_user['logged'].', \''.$pun_user['csrf_token'].'\', \''.$pun_db->escape($pun_user['prev_url']).'\'' + ); + ($hook = get_hook('fn_qr_add_online_user')) ? eval($hook) : null; + $pun_db->query_build($query) or error(__FILE__, __LINE__); + break; + } + + // Reset tracked topics + set_tracked_topics(null); + } + else + { + // Special case: We've timed out, but no other user has browsed the forums since we timed out + if ($pun_user['logged'] < ($now-$pun_config['o_timeout_visit'])) + { + $query = array( + 'UPDATE' => 'users', + 'SET' => 'last_visit='.$pun_user['logged'], + 'WHERE' => 'id='.$pun_user['id'] + ); + + ($hook = get_hook('fn_qr_update_user_visit')) ? eval($hook) : null; + $pun_db->query_build($query) or error(__FILE__, __LINE__); + + $pun_user['last_visit'] = $pun_user['logged']; + } + + // Now update the logged time and save the current URL in the online list + $query = array( + 'UPDATE' => 'online', + 'SET' => 'logged='.$now.', prev_url=\''.$pun_db->escape(get_current_url()).'\'', + 'WHERE' => 'user_id='.$pun_user['id'] + ); + + if ($pun_user['idle'] == '1') + $query['SET'] .= ', idle=0'; + + ($hook = get_hook('fn_qr_update_online_user')) ? eval($hook) : null; + $pun_db->query_build($query) or error(__FILE__, __LINE__); + + // Update tracked topics with the current expire time + if (isset($_COOKIE[$cookie_name.'_track'])) + pun_setcookie($cookie_name.'_track', $_COOKIE[$cookie_name.'_track'], time() + $pun_config['o_timeout_visit']); + } + } + + $pun_user['is_guest'] = false; + $pun_user['is_admmod'] = $session->user_level >= USER_LEVEL_MOD || $pun_user['g_moderator'] == '1'; + } + else + set_default_user(); + + ($hook = get_hook('fn_cookie_login_end')) ? eval($hook) : null; +} + + +// +// Fill $pun_user with default values (for guests) +// +function set_default_user() +{ + global $pun_db, $db_type, $pun_user, $pun_config; + + ($hook = get_hook('fn_set_default_user_start')) ? eval($hook) : null; + + $remote_addr = get_remote_address(); + + // Fetch guest user + $query = array( + 'SELECT' => 'u.*, g.*, o.logged, o.csrf_token, o.prev_url', + 'FROM' => 'users AS u', + 'JOINS' => array( + array( + 'INNER JOIN' => 'groups AS g', + 'ON' => 'g.g_id=u.group_id' + ), + array( + 'LEFT JOIN' => 'online AS o', + 'ON' => 'o.ident=\''.$remote_addr.'\'' + ) + ), + 'WHERE' => 'u.id=1' + ); + + ($hook = get_hook('fn_qr_get_default_user')) ? eval($hook) : null; + $result = $pun_db->query_build($query) or error(__FILE__, __LINE__); + if (!$pun_db->num_rows($result)) + exit('Unable to fetch guest information. The table \''.$pun_db->prefix.'users\' must contain an entry with id = 1 that represents anonymous users.'); + + $pun_user = $pun_db->fetch_assoc($result); + + // Update online list + if (!$pun_user['logged']) + { + $pun_user['logged'] = time(); + $pun_user['csrf_token'] = random_key(40, false, true); + $pun_user['prev_url'] = get_current_url(); + + // With MySQL/MySQLi/SQLite, REPLACE INTO avoids a user having two rows in the online table + switch ($db_type) + { + case 'pgsql': + $query = 'INSERT INTO '.$pun_db->prefix.'online (user_id, ident, logged, csrf_token, prev_url) SELECT 1, \''.$pun_db->escape($remote_addr).'\', '.$pun_user['logged'].', \''.$pun_user['csrf_token'].'\', \''.$pun_db->escape($pun_user['prev_url']).'\' FROM '.$pun_db->prefix.'users WHERE id=1 AND NOT EXISTS (SELECT 1 FROM '.$pun_db->prefix.'online WHERE user_id=1 AND ident=\''.$pun_db->escape($remote_addr).'\')'; + ($hook = get_hook('fn_qr_add_online_guest_user')) ? eval($hook) : null; + $pun_db->query($query) or error(__FILE__, __LINE__); + break; + + default: + $query = array( + 'REPLACE' => 'user_id, ident, logged, csrf_token, prev_url', + 'INTO' => 'online', + 'VALUES' => '1, \''.$pun_db->escape($remote_addr).'\', '.$pun_user['logged'].', \''.$pun_user['csrf_token'].'\', \''.$pun_db->escape($pun_user['prev_url']).'\'' + ); + ($hook = get_hook('fn_qr_add_online_guest_user')) ? eval($hook) : null; + $pun_db->query_build($query) or error(__FILE__, __LINE__); + break; + } + } + else + { + $query = array( + 'UPDATE' => 'online', + 'SET' => 'logged='.time().', prev_url=\''.$pun_db->escape(get_current_url()).'\'', + 'WHERE' => 'ident=\''.$pun_db->escape($remote_addr).'\'' + ); + + ($hook = get_hook('fn_qr_update_online_guest_user')) ? eval($hook) : null; + $pun_db->query_build($query) or error(__FILE__, __LINE__); + } + + $pun_user['disp_topics'] = $pun_config['o_disp_topics_default']; + $pun_user['disp_posts'] = $pun_config['o_disp_posts_default']; + $pun_user['timezone'] = $pun_config['o_default_timezone']; + $pun_user['language'] = $pun_config['o_default_lang']; + $pun_user['style'] = $pun_config['o_default_style']; + $pun_user['is_guest'] = true; + $pun_user['is_admmod'] = false; +} + + +// +// Set a cookie, PunBB style! +// +function pun_setcookie($name, $value, $expire) +{ + global $cookie_path, $cookie_domain, $cookie_secure; + + ($hook = get_hook('fn_pun_setcookie_start')) ? eval($hook) : null; + + // Enable sending of a P3P header by removing // from the following line (try this if login is failing in IE6) +// @header('P3P: CP="CUR ADM"'); + + if (version_compare(PHP_VERSION, '5.2.0', '>=')) + setcookie($name, $value, $expire, $cookie_path, $cookie_domain, $cookie_secure, true); + else + setcookie($name, $value, $expire, $cookie_path.'; HttpOnly', $cookie_domain, $cookie_secure); +} + + +// +// Check whether the connecting user is banned (and delete any expired bans while we're at it) +// +function check_bans() +{ + global $pun_db, $pun_config, $lang_common, $pun_user, $pun_bans; + // import Enano globals + global $db, $session, $paths, $template, $plugins; // Common objects + + ($hook = get_hook('fn_check_bans_start')) ? eval($hook) : null; + + // Admins aren't affected + if (defined('PUN_ADMIN') && $session->user_level >= USER_LEVEL_ADMIN || !$pun_bans) + return; + + // Add a dot at the end of the IP address to prevent banned address 192.168.0.5 from matching e.g. 192.168.0.50 + $user_ip = get_remote_address().'.'; + $bans_altered = false; + + foreach ($pun_bans as $cur_ban) + { + // Has this ban expired? + if ($cur_ban['expire'] != '' && $cur_ban['expire'] <= time()) + { + $query = array( + 'DELETE' => 'bans', + 'WHERE' => 'id='.$cur_ban['id'] + ); + + ($hook = get_hook('fn_qr_delete_expired_ban')) ? eval($hook) : null; + $pun_db->query_build($query) or error(__FILE__, __LINE__); + + $bans_altered = true; + continue; + } + + if ($cur_ban['username'] != '' && strtolower($pun_user['username']) == strtolower($cur_ban['username'])) + { + $query = array( + 'DELETE' => 'online', + 'WHERE' => 'ident=\''.$pun_db->escape($pun_user['username']).'\'' + ); + + ($hook = get_hook('fn_qr_delete_online_user')) ? eval($hook) : null; + $pun_db->query_build($query) or error(__FILE__, __LINE__); + + message($lang_common['Ban message'].' '.(($cur_ban['expire'] != '') ? sprintf($lang_common['Ban message 2'], strtolower(format_time($cur_ban['expire'], true))) : '').(($cur_ban['message'] != '') ? ' '.$lang_common['Ban message 3'].'

'.htmlspecialchars($cur_ban['message']).'

' : '

').sprintf($lang_common['Ban message 4'], ''.$pun_config['o_admin_email'].''), true); + } + + if ($cur_ban['ip'] != '') + { + $cur_ban_ips = explode(' ', $cur_ban['ip']); + + $num_ips = count($cur_ban_ips); + for ($i = 0; $i < $num_ips; ++$i) + { + $cur_ban_ips[$i] = $cur_ban_ips[$i].'.'; + + if (substr($user_ip, 0, strlen($cur_ban_ips[$i])) == $cur_ban_ips[$i]) + { + $query = array( + 'DELETE' => 'online', + 'WHERE' => 'ident=\''.$pun_db->escape($pun_user['username']).'\'' + ); + + ($hook = get_hook('fn_qr_delete_online_user2')) ? eval($hook) : null; + $pun_db->query_build($query) or error(__FILE__, __LINE__); + + message($lang_common['Ban message'].' '.(($cur_ban['expire'] != '') ? sprintf($lang_common['Ban message 2'], strtolower(format_time($cur_ban['expire'], true))) : '').(($cur_ban['message'] != '') ? ' '.$lang_common['Ban message 3'].'

'.htmlspecialchars($cur_ban['message']).'

' : '

').sprintf($lang_common['Ban message 4'], ''.$pun_config['o_admin_email'].''), true); + } + } + } + } + + // If we removed any expired bans during our run-through, we need to regenerate the bans cache + if ($bans_altered) + { + require_once PUN_ROOT.'include/cache.php'; + generate_bans_cache(); + } +} + + +// +// Update "Users online" +// +function update_users_online() +{ + global $pun_db, $pun_config, $pun_user; + + $now = time(); + + ($hook = get_hook('fn_update_users_online_start')) ? eval($hook) : null; + + // Fetch all online list entries that are older than "o_timeout_online" + $query = array( + 'SELECT' => 'o.*', + 'FROM' => 'online AS o', + 'WHERE' => 'o.logged<'.($now-$pun_config['o_timeout_online']) + ); + + ($hook = get_hook('fn_qr_get_old_online_users')) ? eval($hook) : null; + $result = $pun_db->query_build($query) or error(__FILE__, __LINE__); + while ($cur_user = $pun_db->fetch_assoc($result)) + { + // If the entry is a guest, delete it + if ($cur_user['user_id'] == '1') + { + $query = array( + 'DELETE' => 'online', + 'WHERE' => 'ident=\''.$pun_db->escape($cur_user['ident']).'\'' + ); + + ($hook = get_hook('fn_qr_delete_online_guest_user')) ? eval($hook) : null; + $pun_db->query_build($query) or error(__FILE__, __LINE__); + } + else + { + // If the entry is older than "o_timeout_visit", update last_visit for the user in question, then delete him/her from the online list + if ($cur_user['logged'] < ($now-$pun_config['o_timeout_visit'])) + { + $query = array( + 'UPDATE' => 'users', + 'SET' => 'last_visit='.$cur_user['logged'], + 'WHERE' => 'id='.$cur_user['user_id'] + ); + + ($hook = get_hook('fn_qr_update_user_visit2')) ? eval($hook) : null; + $pun_db->query_build($query) or error(__FILE__, __LINE__); + + $query = array( + 'DELETE' => 'online', + 'WHERE' => 'user_id='.$cur_user['user_id'] + ); + + ($hook = get_hook('fn_qr_delete_online_user3')) ? eval($hook) : null; + $pun_db->query_build($query) or error(__FILE__, __LINE__); + } + else if ($cur_user['idle'] == '0') + { + $query = array( + 'UPDATE' => 'online', + 'SET' => 'idle=1', + 'WHERE' => 'user_id='.$cur_user['user_id'] + ); + + ($hook = get_hook('fn_qr_update_online_user2')) ? eval($hook) : null; + $pun_db->query_build($query) or error(__FILE__, __LINE__); + } + } + } + + ($hook = get_hook('fn_update_users_online_end')) ? eval($hook) : null; +} + + +// +// Generate the "navigator" that appears at the top of every page +// +function generate_navlinks() +{ + global $pun_config, $lang_common, $pun_url, $pun_user; + + // Index should always be displayed + $links[] = ''; + + if ($pun_user['g_view_users'] == '1') + $links[] = ''; + + if ($pun_config['o_rules'] == '1') + $links[] = ''; + + if ($pun_user['is_guest']) + { + if ($pun_user['g_search'] == '1') + $links[] = ''; + + $links[] = ''; + $links[] = ''; + } + else + { + if (!$pun_user['is_admmod']) + { + if ($pun_user['g_search'] == '1') + $links[] = ''; + + $links[] = ''; + } + else + { + $links[] = ''; + $links[] = ''; + $links[] = ''; + } + + $links[] = ''; + } + + // Are there any additional navlinks we should insert into the array before imploding it? + if ($pun_config['o_additional_navlinks'] != '') + { + if (preg_match_all('#([0-9]+)\s*=\s*(.*?)\n#s', $pun_config['o_additional_navlinks']."\n", $extra_links)) + { + // Insert any additional links into the $links array (at the correct index) + $num_links = count($extra_links[1]); + for ($i = 0; $i < $num_links; ++$i) + array_insert($links, $extra_links[1][$i], ''); + } + } + + ($hook = get_hook('fn_generate_navlinks_end')) ? eval($hook) : null; + + return implode("\n\t\t", $links); +} + + +// +// Display the profile navigation menu +// +function generate_profile_menu() +{ + global $lang_profile, $pun_url, $pun_config, $pun_user, $id; + + // Setup links for profile menu + $profilenav_links = array( + '' : '>').''.$lang_profile['Section about'].'', + '' : '>').''.$lang_profile['Section identity'].'', + '' : '>').''.$lang_profile['Section settings'].'', + ); + + if ($pun_config['o_signatures'] == '1') + $profilenav_links[] = '' : '>').''.$lang_profile['Section signature'].''; + + if ($pun_config['o_avatars'] == '1') + $profilenav_links[] = '' : '>').''.$lang_profile['Section avatar'].''; + + if ($session->user_level >= USER_LEVEL_ADMIN || ($pun_user['g_moderator'] == '1' && $pun_user['g_mod_ban_users'] == '1')) + $profilenav_links[] = '' : '>').''.$lang_profile['Section admin'].''; + + ($hook = get_hook('fn_generate_profile_menu_end')) ? eval($hook) : null; + +?> + += 0; --$i) + $crumbs .= (is_array($pun_page['crumbs'][$i]) ? htmlspecialchars($pun_page['crumbs'][$i][0]) : htmlspecialchars($pun_page['crumbs'][$i])).((isset($pun_page['page']) && $i == ($num_crumbs - 1)) ? ' ('.$lang_common['Page'].' '.$pun_page['page'].')' : '').($i > 0 ? $lang_common['Title separator'] : ''); + } + else + { + for ($i = 0; $i < $num_crumbs; ++$i) + { + if ($i < ($num_crumbs - 1)) + $crumbs .= ''.(($i >= 1) ? $lang_common['Crumb separator'] : '').$lang_common['Back to'].' '.(is_array($pun_page['crumbs'][$i]) ? ''.htmlspecialchars($pun_page['crumbs'][$i][0]).'' : htmlspecialchars($pun_page['crumbs'][$i])).''; + else + $crumbs .= ''.(($i >= 1) ? $lang_common['Crumb separator'] : '').$lang_common['You are here'].' '.(is_array($pun_page['crumbs'][$i]) ? ''.htmlspecialchars($pun_page['crumbs'][$i][0]).'' : htmlspecialchars($pun_page['crumbs'][$i])).''; + } + } + + ($hook = get_hook('fn_generate_crumbs_end')) ? eval($hook) : null; + + return $crumbs; +} + + +// +// Save array of tracked topics in cookie +// +function set_tracked_topics($tracked_topics) +{ + global $cookie_name, $cookie_path, $cookie_domain, $cookie_secure, $pun_config; + + ($hook = get_hook('fn_set_tracked_topics_start')) ? eval($hook) : null; + + $cookie_data = ''; + if (!empty($tracked_topics)) + { + // Sort the arrays (latest read first) + arsort($tracked_topics['topics'], SORT_NUMERIC); + arsort($tracked_topics['forums'], SORT_NUMERIC); + + // Homebrew serialization (to avoid having to run unserialize() on cookie data) + foreach ($tracked_topics['topics'] as $id => $timestamp) + $cookie_data .= 't'.$id.'='.$timestamp.';'; + foreach ($tracked_topics['forums'] as $id => $timestamp) + $cookie_data .= 'f'.$id.'='.$timestamp.';'; + + // Enforce a 4048 byte size limit (4096 minus some space for the cookie name) + if (strlen($cookie_data) > 4048) + { + $cookie_data = substr($cookie_data, 0, 4048); + $cookie_data = substr($cookie_data, 0, strrpos($cookie_data, ';')).';'; + } + } + + pun_setcookie($cookie_name.'_track', $cookie_data, time() + $pun_config['o_timeout_visit']); + $_COOKIE[$cookie_name.'_track'] = $cookie_data; // Set it directly in $_COOKIE as well +} + + +// +// Extract array of tracked topics from cookie +// +function get_tracked_topics() +{ + global $cookie_name; + + $cookie_data = isset($_COOKIE[$cookie_name.'_track']) ? $_COOKIE[$cookie_name.'_track'] : false; + if (!$cookie_data) + return array('topics' => array(), 'forums' => array()); + + if (strlen($cookie_data) > 4048) + return array('topics' => array(), 'forums' => array()); + + // Unserialize data from cookie + $tracked_topics = array('topics' => array(), 'forums' => array()); + $temp = explode(';', $cookie_data); + foreach ($temp as $t) + { + $type = substr($t, 0, 1) == 'f' ? 'forums' : 'topics'; + $id = intval(substr($t, 1)); + $timestamp = intval(@substr($t, strpos($t, '=') + 1)); + if ($id > 0 && $timestamp > 0) + $tracked_topics[$type][$id] = $timestamp; + } + + ($hook = get_hook('fn_get_tracked_topics_end')) ? eval($hook) : null; + + return $tracked_topics; +} + + +// +// Update posts, topics, last_post, last_post_id and last_poster for a forum +// +function sync_forum($forum_id) +{ + global $pun_db; + + ($hook = get_hook('fn_sync_forum_start')) ? eval($hook) : null; + + // Get topic and post count for forum + $query = array( + 'SELECT' => 'COUNT(t.id), SUM(t.num_replies)', + 'FROM' => 'topics AS t', + 'WHERE' => 't.forum_id='.$forum_id + ); + + ($hook = get_hook('fn_qr_get_forum_stats')) ? eval($hook) : null; + $result = $pun_db->query_build($query) or error(__FILE__, __LINE__); + list($num_topics, $num_posts) = $pun_db->fetch_row($result); + + $num_posts = $num_posts + $num_topics; // $num_posts is only the sum of all replies (we have to add the topic posts) + + // Get last_post, last_post_id and last_poster for forum (if any) + $query = array( + 'SELECT' => 't.last_post, t.last_post_id, t.last_poster', + 'FROM' => 'topics AS t', + 'WHERE' => 't.forum_id='.$forum_id.' AND t.moved_to is NULL', + 'ORDER BY' => 't.last_post DESC', + 'LIMIT' => '1' + ); + + ($hook = get_hook('fn_qr_get_forum_last_post_data')) ? eval($hook) : null; + $result = $pun_db->query_build($query) or error(__FILE__, __LINE__); + if ($pun_db->num_rows($result)) + { + list($last_post, $last_post_id, $last_poster) = $pun_db->fetch_row($result); + $last_poster = '\''.$pun_db->escape($last_poster).'\''; + } + else + $last_post = $last_post_id = $last_poster = 'NULL'; + + // Now update the forum + $query = array( + 'UPDATE' => 'forums', + 'SET' => 'num_topics='.$num_topics.', num_posts='.$num_posts.', last_post='.$last_post.', last_post_id='.$last_post_id.', last_poster='.$last_poster, + 'WHERE' => 'id='.$forum_id + ); + + ($hook = get_hook('fn_qr_update_forum')) ? eval($hook) : null; + $pun_db->query_build($query) or error(__FILE__, __LINE__); +} + + +// +// Update replies, last_post, last_post_id and last_poster for a topic +// +function sync_topic($topic_id) +{ + global $pun_db; + + ($hook = get_hook('fn_sync_topic_start')) ? eval($hook) : null; + + // Count number of replies in the topic + $query = array( + 'SELECT' => 'COUNT(p.id)', + 'FROM' => 'posts AS p', + 'WHERE' => 'p.topic_id='.$topic_id + ); + + ($hook = get_hook('fn_qr_get_topic_reply_count')) ? eval($hook) : null; + $result = $pun_db->query_build($query) or error(__FILE__, __LINE__); + $num_replies = $pun_db->result($result, 0) - 1; + + // Get last_post, last_post_id and last_poster + $query = array( + 'SELECT' => 'p.posted, p.id, p.poster', + 'FROM' => 'posts AS p', + 'WHERE' => 'p.topic_id='.$topic_id, + 'ORDER BY' => 'p.id DESC', + 'LIMIT' => '1' + ); + + ($hook = get_hook('fn_qr_get_topic_last_post_data')) ? eval($hook) : null; + $result = $pun_db->query_build($query) or error(__FILE__, __LINE__); + list($last_post, $last_post_id, $last_poster) = $pun_db->fetch_row($result); + + // Now update the topic + $query = array( + 'UPDATE' => 'topics', + 'SET' => 'num_replies='.$num_replies.', last_post='.$last_post.', last_post_id='.$last_post_id.', last_poster=\''.$pun_db->escape($last_poster).'\'', + 'WHERE' => 'id='.$topic_id + ); + + ($hook = get_hook('fn_qr_update_topic')) ? eval($hook) : null; + $pun_db->query_build($query) or error(__FILE__, __LINE__); +} + + +// +// Verifies that the provided username is OK for insertion into the database +// +function validate_username($username, $exclude_id = null) +{ + global $lang_common, $lang_register, $lang_profile, $pun_config; + + $errors = array(); + + ($hook = get_hook('fn_validate_username_start')) ? eval($hook) : null; + + // Convert multiple whitespace characters into one (to prevent people from registering with indistinguishable usernames) + $username = preg_replace('#\s+#s', ' ', $username); + + // Validate username + if (pun_strlen($username) < 2) + $errors[] = $lang_profile['Username too short']; + else if (pun_strlen($username) > 25) + $errors[] = $lang_profile['Username too long']; + else if (strtolower($username) == 'guest' || strtolower($username) == strtolower($lang_common['Guest'])) + $errors[] = $lang_profile['Username guest']; + else if (preg_match('/[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/', $username)) + $errors[] = $lang_profile['Username IP']; + else if ((strpos($username, '[') !== false || strpos($username, ']') !== false) && strpos($username, '\'') !== false && strpos($username, '"') !== false) + $errors[] = $lang_profile['Username reserved chars']; + else if (preg_match('#\[b\]|\[/b\]|\[u\]|\[/u\]|\[i\]|\[/i\]|\[color|\[/color\]|\[quote\]|\[quote=|\[/quote\]|\[code\]|\[/code\]|\[img\]|\[/img\]|\[url|\[/url\]|\[email|\[/email\]#i', $username)) + $errors[] = $lang_profile['Username BBCode']; + + // Check username for any censored words + if ($pun_config['o_censoring'] == '1' && censor_words($username) != $username) + $errors[] = $lang_register['Username censor']; + + // Check for username dupe + $dupe = check_username_dupe($username, $exclude_id); + if ($dupe !== false) + $errors[] = sprintf($lang_profile['Username dupe'], htmlspecialchars($dupe)); + + return $errors; +} + + +// +// Adds a new user. The username must be passed through validate_username() first. +// +function add_user($user_info, &$new_uid) +{ + global $pun_db, $base_url, $lang_common, $pun_config, $pun_user, $pun_url; + + ($hook = get_hook('fn_add_user_start')) ? eval($hook) : null; + + // Add the user + $query = array( + 'INSERT' => 'username, group_id, password, email, email_setting, save_pass, timezone, language, style, registered, registration_ip, last_visit, salt, activate_key', + 'INTO' => 'users', + 'VALUES' => '\''.$pun_db->escape($user_info['username']).'\', '.$user_info['group_id'].', \''.$pun_db->escape($user_info['password_hash']).'\', \''.$pun_db->escape($user_info['email']).'\', '.$user_info['email_setting'].', '.$user_info['save_pass'].', '.floatval($user_info['timezone']).', \''.$pun_db->escape($user_info['language']).'\', \''.$pun_db->escape($user_info['style']).'\', '.$user_info['registered'].', \''.$pun_db->escape($user_info['registration_ip']).'\', '.$user_info['registered'].', \''.$pun_db->escape($user_info['salt']).'\', '.$user_info['activate_key'].'' + ); + + ($hook = get_hook('fn_qr_add_user')) ? eval($hook) : null; + $pun_db->query_build($query) or error(__FILE__, __LINE__); + $new_uid = $pun_db->insert_id(); + + // Must the user verify the registration? + if ($user_info['require_verification']) + { + // Load the "welcome" template + $mail_tpl = trim(file_get_contents(PUN_ROOT.'lang/'.$pun_user['language'].'/mail_templates/welcome.tpl')); + + // The first row contains the subject + $first_crlf = strpos($mail_tpl, "\n"); + $mail_subject = trim(substr($mail_tpl, 8, $first_crlf-8)); + $mail_message = trim(substr($mail_tpl, $first_crlf)); + + $mail_subject = str_replace('', $pun_config['o_board_title'], $mail_subject); + $mail_message = str_replace('', $base_url.'/', $mail_message); + $mail_message = str_replace('', $user_info['username'], $mail_message); + $mail_message = str_replace('', str_replace('&', '&', pun_link($pun_url['change_password_key'], array($new_uid, substr($user_info['activate_key'], 1, -1)))), $mail_message); + $mail_message = str_replace('', sprintf($lang_common['Forum mailer'], $pun_config['o_board_title']), $mail_message); + + ($hook = get_hook('fn_add_user_send_verification')) ? eval($hook) : null; + + pun_mail($user_info['email'], $mail_subject, $mail_message); + } + + // Should we alert people on the admin mailing list that a new user has registered? + if ($user_info['notify_admins'] && $pun_config['o_mailing_list'] != '') + { + $mail_subject = 'Alert - New registration'; + $mail_message = 'User \''.$user_info['username'].'\' registered in the forums at '.$base_url.'/'."\n\n".'User profile: '.pun_link($pun_url['user'], $new_uid)."\n\n".'-- '."\n".'Forum Mailer'."\n".'(Do not reply to this message)'; + + pun_mail($pun_config['o_mailing_list'], $mail_subject, $mail_message); + } + + ($hook = get_hook('fn_add_user_end')) ? eval($hook) : null; + + return $new_uid; +} + + +// +// Delete a user and all information associated with it +// +function delete_user($user_id) +{ + global $pun_db, $db_type, $pun_config; + + ($hook = get_hook('fn_delete_user_start')) ? eval($hook) : null; + + // First we need to get some data on the user + $query = array( + 'SELECT' => 'u.username, u.group_id, g.g_moderator', + 'FROM' => 'users AS u', + 'JOINS' => array( + array( + 'INNER JOIN' => 'groups AS g', + 'ON' => 'g.g_id=u.group_id' + ) + ), + 'WHERE' => 'u.id='.$user_id + ); + + ($hook = get_hook('fn_qr_get_user_data')) ? eval($hook) : null; + $result = $pun_db->query_build($query) or error(__FILE__, __LINE__); + $user = $pun_db->fetch_assoc($result); + + // If the user is a moderator or an administrator, we remove him/her from the moderator list in all forums + // and regenerate the bans cache + if ($user['group_id'] == PUN_ADMIN || $user['g_moderator'] == '1') + { + clean_forum_moderators(); + + // Regenerate the bans cache + require_once PUN_ROOT.'include/cache.php'; + generate_bans_cache(); + } + + // Delete any subscriptions + $query = array( + 'DELETE' => 'subscriptions', + 'WHERE' => 'user_id='.$user_id + ); + + ($hook = get_hook('fn_qr_delete_subscriptions')) ? eval($hook) : null; + $pun_db->query_build($query) or error(__FILE__, __LINE__); + + // Remove him/her from the online list (if they happen to be logged in) + $query = array( + 'DELETE' => 'online', + 'WHERE' => 'user_id='.$user_id + ); + + ($hook = get_hook('fn_qr_delete_online_user3')) ? eval($hook) : null; + $pun_db->query_build($query) or error(__FILE__, __LINE__); + + // Should we delete all posts made by this user? + if (isset($_POST['delete_posts'])) + { + @set_time_limit(0); + + // Find all posts made by this user + $query = array( + 'SELECT' => 'p.id, p.topic_id, t.forum_id, t.first_post_id', + 'FROM' => 'posts AS p', + 'JOINS' => array( + array( + 'INNER JOIN' => 'topics AS t', + 'ON' => 't.id=p.topic_id' + ) + ), + 'WHERE' => 'p.poster_id='.$user_id + ); + + ($hook = get_hook('fn_qr_get_user_posts')) ? eval($hook) : null; + $result = $pun_db->query_build($query) or error(__FILE__, __LINE__); + while ($cur_post = $pun_db->fetch_assoc($result)) + { + if ($cur_post['first_post_id'] == $cur_post['id']) + delete_topic($cur_post['topic_id'], $cur_post['forum_id']); + else + delete_post($cur_post['id'], $cur_post['topic_id'], $cur_post['forum_id']); + } + } + else + { + // Set all his/her posts to guest + $query = array( + 'UPDATE' => 'posts', + 'SET' => 'poster_id=1', + 'WHERE' => 'poster_id='.$user_id + ); + + ($hook = get_hook('fn_qr_reset_user_posts')) ? eval($hook) : null; + $pun_db->query_build($query) or error(__FILE__, __LINE__); + } + + // Delete the user + $query = array( + 'DELETE' => 'users', + 'WHERE' => 'id='.$user_id + ); + + ($hook = get_hook('fn_qr_delete_user')) ? eval($hook) : null; + $pun_db->query_build($query) or error(__FILE__, __LINE__); + + // Delete user avatar + if (file_exists($pun_config['o_avatars_dir'].'/'.$user_id.'.gif')) + @unlink($pun_config['o_avatars_dir'].'/'.$user_id.'.gif'); + if (file_exists($pun_config['o_avatars_dir'].'/'.$user_id.'.jpg')) + @unlink($pun_config['o_avatars_dir'].'/'.$user_id.'.jpg'); + if (file_exists($pun_config['o_avatars_dir'].'/'.$user_id.'.png')) + @unlink($pun_config['o_avatars_dir'].'/'.$user_id.'.png'); + + ($hook = get_hook('fn_delete_user_end')) ? eval($hook) : null; +} + + +// +// Iterates through all forum moderator lists and removes any erroneous entries +// +function clean_forum_moderators() +{ + global $pun_db; + + ($hook = get_hook('fn_clean_forum_moderators_start')) ? eval($hook) : null; + + // Get a list of forums and their respective lists of moderators + $query = array( + 'SELECT' => 'f.id, f.moderators', + 'FROM' => 'forums AS f', + 'WHERE' => 'f.moderators IS NOT NULL' + ); + + ($hook = get_hook('fn_qr_get_forum_moderators')) ? eval($hook) : null; + $result = $pun_db->query_build($query) or error(__FILE__, __LINE__); + + while ($cur_forum = $pun_db->fetch_assoc($result)) + { + $cur_moderators = unserialize($cur_forum['moderators']); + $new_moderators = $cur_moderators; + + // Iterate through each user in the list and check if he/she is in a moderator or admin group + foreach ($cur_moderators as $username => $user_id) + { + $query = array( + 'SELECT' => '1', + 'FROM' => 'users AS u', + 'JOINS' => array( + array( + 'INNER JOIN' => 'groups AS g', + 'ON' => 'g.g_id=u.group_id' + ) + ), + 'WHERE' => '(g.g_moderator=1 OR u.group_id=1) AND u.id='.$user_id + ); + + ($hook = get_hook('fn_qr_check_user_in_moderator_group')) ? eval($hook) : null; + $result2 = $pun_db->query_build($query) or error(__FILE__, __LINE__); + + if (!$pun_db->num_rows($result2)) // If the user isn't in a moderator or admin group, remove him/her from the list + unset($new_moderators[$username]); + } + + // If we changed anything, update the forum + if ($cur_moderators != $new_moderators) + { + $new_moderators = (!empty($new_moderators)) ? '\''.$pun_db->escape(serialize($new_moderators)).'\'' : 'NULL'; + + $query = array( + 'UPDATE' => 'forums', + 'SET' => 'moderators='.$new_moderators, + 'WHERE' => 'id='.$cur_forum['id'] + ); + + ($hook = get_hook('fn_qr_set_forum_moderators')) ? eval($hook) : null; + $pun_db->query_build($query) or error(__FILE__, __LINE__); + } + } + + ($hook = get_hook('fn_clean_forum_moderators_end')) ? eval($hook) : null; +} + + +// +// Locate and delete any orphaned redirect topics +// +function delete_orphans() +{ + global $pun_db; + + ($hook = get_hook('fn_delete_orphans_start')) ? eval($hook) : null; + + // Locate any orphaned redirect topics + $query = array( + 'SELECT' => 't1.id', + 'FROM' => 'topics AS t1', + 'JOINS' => array( + array( + 'LEFT JOIN' => 'topics AS t2', + 'ON' => 't1.moved_to=t2.id' + ) + ), + 'WHERE' => 't2.id IS NULL AND t1.moved_to IS NOT NULL' + ); + + ($hook = get_hook('fn_qr_get_orphans')) ? eval($hook) : null; + $result = $pun_db->query_build($query) or error(__FILE__, __LINE__); + $num_orphans = $pun_db->num_rows($result); + + if ($num_orphans) + { + for ($i = 0; $i < $num_orphans; ++$i) + $orphans[] = $pun_db->result($result, $i); + + // Delete the orphan + $query = array( + 'DELETE' => 'topics', + 'WHERE' => 'id IN('.implode(',', $orphans).')' + ); + + ($hook = get_hook('fn_qr_delete_orphan')) ? eval($hook) : null; + $pun_db->query_build($query) or error(__FILE__, __LINE__); + } +} + + +// +// Delete a topic and all of it's posts +// +function delete_topic($topic_id, $forum_id) +{ + global $pun_db, $db_type; + + ($hook = get_hook('fn_delete_topic_start')) ? eval($hook) : null; + + // Delete the topic and any redirect topics + $query = array( + 'DELETE' => 'topics', + 'WHERE' => 'id='.$topic_id.' OR moved_to='.$topic_id + ); + + ($hook = get_hook('fn_qr_delete_topic')) ? eval($hook) : null; + $pun_db->query_build($query) or error(__FILE__, __LINE__); + + // Create a list of the post ID's in this topic + $post_ids = ''; + $query = array( + 'SELECT' => 'p.id', + 'FROM' => 'posts AS p', + 'WHERE' => 'p.topic_id='.$topic_id + ); + + ($hook = get_hook('fn_qr_get_posts_to_delete')) ? eval($hook) : null; + $result = $pun_db->query_build($query) or error(__FILE__, __LINE__); + while ($row = $pun_db->fetch_row($result)) + $post_ids .= ($post_ids != '') ? ','.$row[0] : $row[0]; + + // Make sure we have a list of post ID's + if ($post_ids != '') + { + // Delete posts in topic + $query = array( + 'DELETE' => 'posts', + 'WHERE' => 'topic_id='.$topic_id + ); + + ($hook = get_hook('fn_qr_delete_topic_posts')) ? eval($hook) : null; + $pun_db->query_build($query) or error(__FILE__, __LINE__); + + if ($db_type != 'mysql' && $db_type != 'mysqli') + { + require PUN_ROOT.'include/search_idx.php'; + strip_search_index($post_ids); + } + } + + // Delete any subscriptions for this topic + $query = array( + 'DELETE' => 'subscriptions', + 'WHERE' => 'topic_id='.$topic_id + ); + + ($hook = get_hook('fn_qr_delete_topic_subscriptions')) ? eval($hook) : null; + $pun_db->query_build($query) or error(__FILE__, __LINE__); + + sync_forum($forum_id); + + ($hook = get_hook('fn_delete_topic_end')) ? eval($hook) : null; +} + + +// +// Delete a single post +// +function delete_post($post_id, $topic_id, $forum_id) +{ + global $pun_db, $db_type; + + ($hook = get_hook('fn_delete_post_start')) ? eval($hook) : null; + + $query = array( + 'SELECT' => 'p.id, p.poster, p.posted', + 'FROM' => 'posts AS p', + 'WHERE' => 'p.topic_id='.$topic_id, + 'ORDER BY' => 'p.id DESC', + 'LIMIT' => '2' + ); + + ($hook = get_hook('fn_qr_get_topic_lastposts_info')) ? eval($hook) : null; + $result = $pun_db->query_build($query) or error(__FILE__, __LINE__); + list($last_id, ,) = $pun_db->fetch_row($result); + list($second_last_id, $second_poster, $second_posted) = $pun_db->fetch_row($result); + + // Delete the post + $query = array( + 'DELETE' => 'posts', + 'WHERE' => 'id='.$post_id + ); + + ($hook = get_hook('fn_qr_delete_post')) ? eval($hook) : null; + $pun_db->query_build($query) or error(__FILE__, __LINE__); + + if ($db_type != 'mysql' && $db_type != 'mysqli') + { + require PUN_ROOT.'include/search_idx.php'; + strip_search_index($post_id); + } + + // Count number of replies in the topic + $query = array( + 'SELECT' => 'COUNT(p.id)', + 'FROM' => 'posts AS p', + 'WHERE' => 'p.topic_id='.$topic_id + ); + + ($hook = get_hook('fn_qr_get_topic_reply_count2')) ? eval($hook) : null; + $result = $pun_db->query_build($query) or error(__FILE__, __LINE__); + $num_replies = $pun_db->result($result, 0) - 1; + + // Update the topic now that a post has been deleted + $query = array( + 'UPDATE' => 'topics', + 'SET' => 'num_replies='.$num_replies, + 'WHERE' => 'id='.$topic_id + ); + + // If we deleted the most recent post, we need to sync up last post data as wel + if ($last_id == $post_id) + $query['SET'] .= ', last_post='.$second_posted.', last_post_id='.$second_last_id.', last_poster=\''.$pun_db->escape($second_poster).'\''; + + ($hook = get_hook('fn_qr_update_topic2')) ? eval($hook) : null; + $pun_db->query_build($query) or error(__FILE__, __LINE__); + + sync_forum($forum_id); + + ($hook = get_hook('fn_delete_post_end')) ? eval($hook) : null; +} + + +// +// Creates a new topic with its first post +// +function add_topic($post_info, &$new_tid, &$new_pid) +{ + global $pun_db, $db_type, $pun_config, $lang_common; + + ($hook = get_hook('fn_add_topic_start')) ? eval($hook) : null; + + // Add the topic + $query = array( + 'INSERT' => 'poster, subject, posted, last_post, last_poster, forum_id', + 'INTO' => 'topics', + 'VALUES' => '\''.$pun_db->escape($post_info['poster']).'\', \''.$pun_db->escape($post_info['subject']).'\', '.$post_info['posted'].', '.$post_info['posted'].', \''.$pun_db->escape($post_info['poster']).'\', '.$post_info['forum_id'] + ); + + ($hook = get_hook('fn_qr_add_topic')) ? eval($hook) : null; + $pun_db->query_build($query) or error(__FILE__, __LINE__); + $new_tid = $pun_db->insert_id(); + + // To subscribe or not to subscribe, that ... + if (!$post_info['is_guest'] && $post_info['subscribe']) + { + $query = array( + 'INSERT' => 'user_id, topic_id', + 'INTO' => 'subscriptions', + 'VALUES' => $post_info['poster_id'].' ,'.$new_tid + ); + + ($hook = get_hook('fn_qr_add_subscription')) ? eval($hook) : null; + $pun_db->query_build($query) or error(__FILE__, __LINE__); + } + + // Create the post ("topic post") + $query = array( + 'INSERT' => 'poster, poster_id, poster_ip, message, hide_smilies, posted, topic_id', + 'INTO' => 'posts', + 'VALUES' => '\''.$pun_db->escape($post_info['poster']).'\', '.$post_info['poster_id'].', \''.get_remote_address().'\', \''.$pun_db->escape($post_info['message']).'\', '.$post_info['hide_smilies'].', '.$post_info['posted'].', '.$new_tid + ); + + // If it's a guest post, there might be an e-mail address we need to include + if ($post_info['is_guest'] && $post_info['poster_email'] != null) + { + $query['INSERT'] .= ', poster_email'; + $query['VALUES'] .= ', \''.$post_info['poster_email'].'\''; + } + + ($hook = get_hook('fn_qr_add_topic_post')) ? eval($hook) : null; + $pun_db->query_build($query) or error(__FILE__, __LINE__); + $new_pid = $pun_db->insert_id(); + + // Update the topic with last_post_id and first_post_id + $query = array( + 'UPDATE' => 'topics', + 'SET' => 'last_post_id='.$new_pid.', first_post_id='.$new_pid, + 'WHERE' => 'id='.$new_tid + ); + + ($hook = get_hook('fn_qr_update_topic3')) ? eval($hook) : null; + $pun_db->query_build($query) or error(__FILE__, __LINE__); + + if ($db_type != 'mysql' && $db_type != 'mysqli') + { + require PUN_ROOT.'include/search_idx.php'; + update_search_index('post', $new_pid, $post_info['message'], $post_info['subject']); + } + + sync_forum($post_info['forum_id']); + + ($hook = get_hook('fn_add_topic_end')) ? eval($hook) : null; +} + + +// +// Creates a new post +// +function add_post($post_info, &$new_pid) +{ + global $pun_db, $db_type, $pun_config, $lang_common; + + ($hook = get_hook('fn_add_post_start')) ? eval($hook) : null; + + // Add the post + $query = array( + 'INSERT' => 'poster, poster_id, poster_ip, message, hide_smilies, posted, topic_id', + 'INTO' => 'posts', + 'VALUES' => '\''.$pun_db->escape($post_info['poster']).'\', '.$post_info['poster_id'].', \''.get_remote_address().'\', \''.$pun_db->escape($post_info['message']).'\', '.$post_info['hide_smilies'].', '.$post_info['posted'].', '.$post_info['topic_id'] + ); + + // If it's a guest post, there might be an e-mail address we need to include + if ($post_info['is_guest'] && $post_info['poster_email'] != null) + { + $query['INSERT'] .= ', poster_email'; + $query['VALUES'] .= ', \''.$post_info['poster_email'].'\''; + } + + ($hook = get_hook('fn_qr_add_post')) ? eval($hook) : null; + $pun_db->query_build($query) or error(__FILE__, __LINE__); + $new_pid = $pun_db->insert_id(); + + if (!$post_info['is_guest']) + { + // Subscribe or unsubscribe? + if ($post_info['subscr_action'] == 1) + { + $query = array( + 'INSERT' => 'user_id, topic_id', + 'INTO' => 'subscriptions', + 'VALUES' => $post_info['poster_id'].' ,'.$post_info['topic_id'] + ); + + ($hook = get_hook('fn_qr_add_subscription2')) ? eval($hook) : null; + $pun_db->query_build($query) or error(__FILE__, __LINE__); + } + else if ($post_info['subscr_action'] == 2) + { + $query = array( + 'DELETE' => 'subscriptions', + 'WHERE' => 'topic_id='.$post_info['topic_id'].' AND user_id='.$post_info['poster_id'] + ); + + ($hook = get_hook('fn_qr_delete_subscription')) ? eval($hook) : null; + $pun_db->query_build($query) or error(__FILE__, __LINE__); + } + } + + // Count number of replies in the topic + $query = array( + 'SELECT' => 'COUNT(p.id)', + 'FROM' => 'posts AS p', + 'WHERE' => 'p.topic_id='.$post_info['topic_id'] + ); + + ($hook = get_hook('fn_qr_get_topic_reply_count3')) ? eval($hook) : null; + $result = $pun_db->query_build($query) or error(__FILE__, __LINE__); + $num_replies = $pun_db->result($result, 0) - 1; + + // Update topic + $query = array( + 'UPDATE' => 'topics', + 'SET' => 'num_replies='.$num_replies.', last_post='.$post_info['posted'].', last_post_id='.$new_pid.', last_poster=\''.$pun_db->escape($post_info['poster']).'\'', + 'WHERE' => 'id='.$post_info['topic_id'] + ); + + ($hook = get_hook('fn_qr_update_topic4')) ? eval($hook) : null; + $pun_db->query_build($query) or error(__FILE__, __LINE__); + + sync_forum($post_info['forum_id']); + + if ($db_type != 'mysql' && $db_type != 'mysqli') + { + require PUN_ROOT.'include/search_idx.php'; + update_search_index('post', $new_pid, $post_info['message']); + } + + send_subscriptions($post_info, $new_pid); + + ($hook = get_hook('fn_add_post_end')) ? eval($hook) : null; +} + + +// +// Send out subscription emails +// +function send_subscriptions($post_info, $new_pid) +{ + global $pun_config, $pun_db, $pun_url, $lang_common; + + ($hook = get_hook('fn_send_subscriptions_start')) ? eval($hook) : null; + + if ($pun_config['o_subscriptions'] != '1') + return; + + // Get the post time for the previous post in this topic + $query = array( + 'SELECT' => 'p.posted', + 'FROM' => 'posts AS p', + 'WHERE' => 'p.topic_id='.$post_info['topic_id'], + 'ORDER BY' => 'p.id DESC', + 'LIMIT' => '1, 1' + ); + + ($hook = get_hook('fn_qr_get_previous_post_time')) ? eval($hook) : null; + $result = $pun_db->query_build($query) or error(__FILE__, __LINE__); + $previous_post_time = $pun_db->result($result); + + // Get any subscribed users that should be notified (banned users are excluded) + $query = array( + 'SELECT' => 'u.id, u.email, u.notify_with_post, u.language', + 'FROM' => 'users AS u', + 'JOINS' => array( + array( + 'INNER JOIN' => 'subscriptions AS s', + 'ON' => 'u.id=s.user_id' + ), + array( + 'LEFT JOIN' => 'forum_perms AS fp', + 'ON' => '(fp.forum_id='.$post_info['forum_id'].' AND fp.group_id=u.group_id)' + ), + array( + 'INNER JOIN' => 'online AS o', + 'ON' => 'u.id=o.user_id' + ), + array( + 'INNER JOIN' => 'bans AS b', + 'ON' => 'u.username=b.username' + ), + ), + 'WHERE' => 'b.username IS NULL AND COALESCE(o.logged, u.last_visit)>'.$previous_post_time.' AND (fp.read_forum IS NULL OR fp.read_forum=1) AND s.topic_id='.$post_info['topic_id'].' AND u.id!='.$post_info['poster_id'] + ); + + ($hook = get_hook('fn_qr_get_users_to_notify')) ? eval($hook) : null; + $result = $pun_db->query_build($query) or error(__FILE__, __LINE__); + + if ($pun_db->num_rows($result)) + { + require_once PUN_ROOT.'include/email.php'; + + $notification_emails = array(); + + // Loop through subscribed users and send e-mails + while ($cur_subscriber = $pun_db->fetch_assoc($result)) + { + // Is the subscription e-mail for $cur_subscriber['language'] cached or not? + if (!isset($notification_emails[$cur_subscriber['language']])) + { + if (file_exists(PUN_ROOT.'lang/'.$cur_subscriber['language'].'/mail_templates/new_reply.tpl')) + { + // Load the "new reply" template + $mail_tpl = trim(file_get_contents(PUN_ROOT.'lang/'.$cur_subscriber['language'].'/mail_templates/new_reply.tpl')); + + // Load the "new reply full" template (with post included) + $mail_tpl_full = trim(file_get_contents(PUN_ROOT.'lang/'.$cur_subscriber['language'].'/mail_templates/new_reply_full.tpl')); + + // The first row contains the subject (it also starts with "Subject:") + $first_crlf = strpos($mail_tpl, "\n"); + $mail_subject = trim(substr($mail_tpl, 8, $first_crlf-8)); + $mail_message = trim(substr($mail_tpl, $first_crlf)); + + $first_crlf = strpos($mail_tpl_full, "\n"); + $mail_subject_full = trim(substr($mail_tpl_full, 8, $first_crlf-8)); + $mail_message_full = trim(substr($mail_tpl_full, $first_crlf)); + + $mail_subject = str_replace('', '\''.$post_info['subject'].'\'', $mail_subject); + $mail_message = str_replace('', '\''.$post_info['subject'].'\'', $mail_message); + $mail_message = str_replace('', $post_info['poster'], $mail_message); + $mail_message = str_replace('', pun_link($pun_url['post'], $new_pid), $mail_message); + $mail_message = str_replace('', pun_link($pun_url['unsubscribe'], $post_info['topic_id']), $mail_message); + $mail_message = str_replace('', sprintf($lang_common['Forum mailer'], $pun_config['o_board_title']), $mail_message); + + $mail_subject_full = str_replace('', '\''.$post_info['subject'].'\'', $mail_subject_full); + $mail_message_full = str_replace('', '\''.$post_info['subject'].'\'', $mail_message_full); + $mail_message_full = str_replace('', $post_info['poster'], $mail_message_full); + $mail_message_full = str_replace('', $post_info['message'], $mail_message_full); + $mail_message_full = str_replace('', pun_link($pun_url['post'], $new_pid), $mail_message_full); + $mail_message_full = str_replace('', pun_link($pun_url['unsubscribe'], $post_info['topic_id']), $mail_message_full); + $mail_message_full = str_replace('', sprintf($lang_common['Forum mailer'], $pun_config['o_board_title']), $mail_message_full); + + $notification_emails[$cur_subscriber['language']][0] = $mail_subject; + $notification_emails[$cur_subscriber['language']][1] = $mail_message; + $notification_emails[$cur_subscriber['language']][2] = $mail_subject_full; + $notification_emails[$cur_subscriber['language']][3] = $mail_message_full; + + $mail_subject = $mail_message = $mail_subject_full = $mail_message_full = null; + } + } + + // We have to double check here because the templates could be missing + if (isset($notification_emails[$cur_subscriber['language']])) + { + // Make sure the e-mail address format is valid before sending + if (is_valid_email($cur_subscriber['email'])) + { + if ($cur_subscriber['notify_with_post'] == '0') + pun_mail($cur_subscriber['email'], $notification_emails[$cur_subscriber['language']][0], $notification_emails[$cur_subscriber['language']][1]); + else + pun_mail($cur_subscriber['email'], $notification_emails[$cur_subscriber['language']][2], $notification_emails[$cur_subscriber['language']][3]); + } + } + } + } + + ($hook = get_hook('fn_send_subscriptions_end')) ? eval($hook) : null; +} + + +// +// Make a string safe to use in a URL +// +function sef_friendly($string) +{ + ($hook = get_hook('fn_sef_friendly_start')) ? eval($hook) : null; + + $reserved_words = array('atom', 'last'); + $words = explode(' ', $string); + $string = ''; + + foreach ($words as $word) + { + if (strlen($word) > 3 && !in_array(strtolower($word), $reserved_words)) + $string .= '-'.$word; + } + + $string = urlencode(strtr(str_replace('?', '', utf8_decode($string)), utf8_decode('ÀÁÂÃÄÅàáâãäåÒÓÔÕÖØòóôõöøÈÉÊËèéêëÇçÌÍÎÏìíîïÙÚÛÜùúûüÿÑñ/'), 'AAAAAAaaaaaaOOOOOOooooooEEEEeeeeCcIIIIiiiiUUUUuuuuyNn-')); + + return $string; +} + + +// +// Replace censored words in $text +// +function censor_words($text) +{ + global $pun_db; + static $search_for, $replace_with; + + ($hook = get_hook('fn_censor_words_start')) ? eval($hook) : null; + + // If not already loaded in a previous call, load the cached censors + if (!defined('PUN_CENSORS_LOADED')) + { + if (file_exists(PUN_CACHE_DIR.'cache_censors.php')) + include PUN_CACHE_DIR.'cache_censors.php'; + + if (!defined('PUN_CENSORS_LOADED')) + { + require_once PUN_ROOT.'include/cache.php'; + generate_censors_cache(); + require PUN_CACHE_DIR.'cache_censors.php'; + } + + $search_for = array(); + $replace_with = array(); + + foreach ($pun_censors as $censor_key => $cur_word) + { + $search_for[$censor_key] = '/\b('.str_replace('\*', '\w*?', preg_quote($cur_word['search_for'], '/')).')\b/iu'; + $replace_with[$censor_key] = $cur_word['replace_with']; + + ($hook = get_hook('fn_censor_words_setup_regex')) ? eval($hook) : null; + } + } + + if (!empty($search_for)) + $text = substr(preg_replace($search_for, $replace_with, ' '.$text.' '), 1, -1); + + return $text; +} + + +// +// Check if a username is occupied +// +function check_username_dupe($username, $exclude_id = null) +{ + global $pun_db; + + ($hook = get_hook('fn_check_username_dupe_start')) ? eval($hook) : null; + + $query = array( + 'SELECT' => 'u.username', + 'FROM' => 'users AS u', + 'WHERE' => '(UPPER(username)=UPPER(\''.$pun_db->escape($username).'\') OR UPPER(username)=UPPER(\''.$pun_db->escape(preg_replace('/[^\w]/u', '', $username)).'\')) AND id>1' + ); + + if ($exclude_id) + $query['WHERE'] .= ' AND id!='.$exclude_id; + + ($hook = get_hook('fn_qr_check_username_dupe')) ? eval($hook) : null; + $result = $pun_db->query_build($query) or error(__FILE__, __LINE__); + + return $pun_db->num_rows($result) ? $pun_db->result($result) : false; +} + + +// +// Determines the correct title for $user +// $user must contain the elements 'username', 'title', 'posts', 'g_id' and 'g_user_title' +// +function get_title($user) +{ + global $pun_db, $pun_config, $pun_bans, $lang_common; + static $ban_list, $pun_ranks; + + ($hook = get_hook('fn_get_title_start')) ? eval($hook) : null; + + // If not already built in a previous call, build an array of lowercase banned usernames + if (empty($ban_list)) + { + $ban_list = array(); + + foreach ($pun_bans as $cur_ban) + $ban_list[] = strtolower($cur_ban['username']); + } + + // If not already loaded in a previous call, load the cached ranks + if ($pun_config['o_ranks'] == '1' && !defined('PUN_RANKS_LOADED')) + { + if (file_exists(PUN_CACHE_DIR.'cache_ranks.php')) + include PUN_CACHE_DIR.'cache_ranks.php'; + + if (!defined('PUN_RANKS_LOADED')) + { + require_once PUN_ROOT.'include/cache.php'; + generate_ranks_cache(); + require PUN_CACHE_DIR.'cache_ranks.php'; + } + } + + // If the user has a custom title + if ($user['title'] != '') + $user_title = htmlspecialchars($pun_config['o_censoring'] == '1' ? censor_words($user['title']) : $user['title']); + // If the user is banned + else if (in_array(strtolower($user['username']), $ban_list)) + $user_title = $lang_common['Banned']; + // If the user group has a default user title + else if ($user['g_user_title'] != '') + $user_title = htmlspecialchars($user['g_user_title']); + // If the user is a guest + else if ($user['g_id'] == PUN_GUEST) + $user_title = $lang_common['Guest']; + else + { + // Are there any ranks? + if ($pun_config['o_ranks'] == '1' && !empty($pun_ranks)) + { + @reset($pun_ranks); + while (list(, $cur_rank) = @each($pun_ranks)) + { + if (intval($user['num_posts']) >= $cur_rank['min_posts']) + $user_title = htmlspecialchars($cur_rank['rank']); + } + } + + // If the user didn't "reach" any rank (or if ranks are disabled), we assign the default + if (!isset($user_title)) + $user_title = $lang_common['Member']; + } + + ($hook = get_hook('fn_get_title_end')) ? eval($hook) : null; + + return $user_title; +} + + +// +// Generate a string with numbered links (for multipage scripts) +// +function pun_paginate($num_pages, $cur_page, $link, $args = null) +{ + global $pun_url, $lang_common; + + $pages = array(); + $link_to_all = false; + + ($hook = get_hook('fn_paginate_start')) ? eval($hook) : null; + + // If $cur_page == -1, we link to all pages (used in viewforum.php) + if ($cur_page == -1) + { + $cur_page = 1; + $link_to_all = true; + } + + if ($num_pages <= 1) + $pages = array('1'); + else + { + // Add a previous page link + if ($num_pages > 1 && $cur_page > 1) + $pages[] = ' '; + + if ($cur_page > 3) + { + $pages[] = '1'; + + if ($cur_page > 5) + $pages[] = '…'; + } + + // Don't ask me how the following works. It just does, OK? :-) + for ($current = ($cur_page == 5) ? $cur_page - 3 : $cur_page - 2, $stop = ($cur_page + 4 == $num_pages) ? $cur_page + 4 : $cur_page + 3; $current < $stop; ++$current) + { + if ($current < 1 || $current > $num_pages) + continue; + else if ($current != $cur_page || $link_to_all) + $pages[] = ''.$current.''; + else + $pages[] = ''.$current.''; + } + + if ($cur_page <= ($num_pages-3)) + { + if ($cur_page != ($num_pages-3) && $cur_page != ($num_pages-4)) + $pages[] = '…'; + + $pages[] = ''.$num_pages.''; + } + + // Add a next page link + if ($num_pages > 1 && !$link_to_all && $cur_page < $num_pages) + $pages[] = ' '; + } + + ($hook = get_hook('fn_paginate_end')) ? eval($hook) : null; + + return implode($lang_common['Page separator'], $pages); +} + + +// +// Clean version string from trailing '.0's +// +function clean_version($version) +{ + return preg_replace('/(\.0)+(?!\.)|(\.0+$)/', '$2', $version); +} + + +// +// Display a message +// +function message($message, $link = '') +{ + global $pun_db, $pun_url, $lang_common, $pun_config, $base_url, $pun_start, $tpl_main, $pun_user, $pun_page, $pun_updates; + + ($hook = get_hook('fn_message_start')) ? eval($hook) : null; + + if (!defined('PUN_HEADER')) + { + // Setup breadcrumbs + $pun_page['crumbs'] = array( + array($pun_config['o_board_title'], pun_link($pun_url['index'])), + $lang_common['Info'] + ); + + define('PUN_PAGE', 'message'); + require PUN_ROOT.'header.php'; + } + +?> +
+ +

+ +
+

+
+
+

'.$link.'' ?>

+
+ +
+ $cur_values) + $fields = array_merge($fields, _csrf_confirm_form($key.'['.$cur_key.']', $cur_values)); + + return $fields; + } + else + $fields[$key] = $values; + + return $fields; + } + + ($hook = get_hook('fn_csrf_confirm_form_start')) ? eval($hook) : null; + + // Setup breadcrumbs + $pun_page['crumbs'] = array( + array($pun_config['o_board_title'], pun_link($pun_url['index'])), + $lang_common['Confirm action'] + ); + + $pun_page['form_action'] = get_current_url(); + + $pun_page['hidden_fields'] = array( + '', + '' + ); + + foreach ($_POST as $submitted_key => $submitted_val) + { + if ($submitted_key != 'csrf_token' && $submitted_key != 'prev_url') + { + $hidden_fields = _csrf_confirm_form($submitted_key, $submitted_val); + foreach ($hidden_fields as $field_key => $field_val) + $pun_page['hidden_fields'][] = ''; + } + } + + define('PUN_PAGE', 'dialogue'); + require PUN_ROOT.'header.php'; + + ($hook = get_hook('fn_csrf_confirm_form_pre_header_load')) ? eval($hook) : null; + +?> +
+ +

+ +
+

+
+
+
+

+
+
+ +
+ + +
+
+
+
+ count($input)) + $offset = count($input); + else if ($offset < 0) + $offset = 0; + + array_splice($input, $offset, 0, 0); + $input[$offset] = $element; +} + + +// +// Attempts to fetch the provided URL using any available means +// +function get_remote_file($url, $timeout, $head_only = false) +{ + $result = null; + $parsed_url = parse_url($url); + $allow_url_fopen = strtolower(@ini_get('allow_url_fopen')); + + // Quite unlikely that this will be allowed on a shared host, but it can't hurt + if (function_exists('ini_set')) + @ini_set('default_socket_timeout', $timeout); + + // If we have cURL, we might as well use it + if (function_exists('curl_init')) + { + // Setup the transfer + $ch = curl_init(); + curl_setopt($ch, CURLOPT_URL, $url); + curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_0); + curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); + curl_setopt($ch, CURLOPT_HEADER, true); + curl_setopt($ch, CURLOPT_NOBODY, $head_only); + curl_setopt($ch, CURLOPT_TIMEOUT, $timeout); + curl_setopt($ch, CURLOPT_USERAGENT, 'PunBB'); + + // Grab the page + $content = @curl_exec($ch); + + // Ignore everything except a 200 response code + if ($content !== false && curl_getinfo($ch, CURLINFO_HTTP_CODE) == '200') + { + if ($head_only) + $result['headers'] = explode("\r\n", trim($content)); + else + { + $content_start = strpos($content, "\r\n\r\n"); + if ($content_start !== false) + { + $result['headers'] = explode("\r\n", substr($content, 0, $content_start)); + $result['content'] = trim(substr($content, $content_start)); + } + } + } + + curl_close($ch); + } + // fsockopen() is the second best thing + else if (function_exists('fsockopen')) + { + $remote = @fsockopen($parsed_url['host'], !empty($parsed_url['port']) ? intval($parsed_url['port']) : 80, $errno, $errstr, $timeout); + if ($remote) + { + // Send a standard HTTP 1.0 request for the page + $method = $head_only ? 'HEAD' : 'GET'; + fwrite($remote, ($head_only ? 'HEAD' : 'GET').' '.(!empty($parsed_url['path']) ? $parsed_url['path'] : '/').(!empty($parsed_url['query']) ? '?'.$parsed_url['query'] : '').' HTTP/1.0'."\r\n"); + fwrite($remote, 'Host: '.$parsed_url['host']."\r\n"); + fwrite($remote, 'User-Agent: PunBB'."\r\n"); + fwrite($remote, 'Connection: Close'."\r\n\r\n"); + + stream_set_timeout($remote, $timeout); + $stream_meta = stream_get_meta_data($remote); + + // Fetch the response 1024 bytes at a time and watch out for a timeout + $content = false; + while (!feof($remote) && !$stream_meta['timed_out']) + { + $content .= fgets($remote, 1024); + $stream_meta = stream_get_meta_data($remote); + } + + fclose($remote); + + // Ignore everything except a 200 response code (we don't support redirects) + if ($content !== false && preg_match('#^HTTP/1.[01] 200 OK#', $content)) + { + if ($head_only) + $result['headers'] = explode("\r\n", trim($content)); + else + { + $content_start = strpos($content, "\r\n\r\n"); + if ($content_start !== false) + { + $result['headers'] = explode("\r\n", substr($content, 0, $content_start)); + $result['content'] = trim(substr($content, $content_start)); + } + } + } + } + } + // Last case scenario, we use file_get_contents provided allow_url_fopen is enabled (any non 200 response results in a failure) + else if (in_array($allow_url_fopen, array('on', 'true', '1'))) + { + // PHP5's version of file_get_contents() supports stream options + if (version_compare(PHP_VERSION, '5.0.0', '>=')) + { + // Setup a stream context + $stream_context = stream_context_create( + array( + 'http' => array( + 'method' => $head_only ? 'HEAD' : 'GET', + 'user_agent' => 'PunBB', + 'max_redirects' => 3, // PHP >=5.1.0 only + 'timeout' => $timeout // PHP >=5.2.1 only + ) + ) + ); + + $content = @file_get_contents($url, false, $stream_context); + } + else + $content = @file_get_contents($url); + + // Did we get anything? + if ($content !== false) + { + // Gotta love the fact that $http_response_header just appears in the global scope (*cough* hack! *cough*) + $result['headers'] = $http_response_header; + if (!$head_only) + $result['content'] = trim($content); + } + } + + return $result; +} + + +// +// Display a message when board is in maintenance mode +// +function maintenance_message() +{ + global $pun_db, $pun_config, $lang_common, $pun_user, $base_url; + + ($hook = get_hook('fn_maintenance_message_start')) ? eval($hook) : null; + + // Deal with newlines, tabs and multiple spaces + $pattern = array("\t\t", ' ', ' '); + $replace = array('    ', '  ', '  '); + $message = str_replace($pattern, $replace, $pun_config['o_maintenance_message']); + + // Send the Content-type header in case the web server is setup to send something else + header('Content-type: text/html; charset=utf-8'); + + // Send a 503 HTTP response code to prevent search bots from indexing the maintenace message + header('HTTP/1.1 503 Service Temporarily Unavailable'); + + // Load the maintenance template + $tpl_maint = trim(file_get_contents(PUN_ROOT.'include/template/maintenance.tpl')); + + // START SUBST - + $tpl_maint = str_replace('', 'xml:lang="'.$lang_common['lang_identifier'].'" lang="'.$lang_common['lang_identifier'].'" dir="'.$lang_common['lang_direction'].'"', $tpl_maint); + // END SUBST - + + + // START SUBST - + ob_start(); + +?> +<?php echo $lang_common['Maintenance'].' - '.htmlspecialchars($pun_config['o_board_title']) ?> + + + +', $tpl_temp, $tpl_maint); + ob_end_clean(); + // END SUBST - + + + // START SUBST - + ob_start(); + +?> +
+ +

+ +
+
+ +
+
+ +
+', $tpl_temp, $tpl_maint); + ob_end_clean(); + // END SUBST - + + + // End the transaction + $pun_db->end_transaction(); + + + // START SUBST - + while (preg_match('##', $tpl_maint, $cur_include)) + { + if (!file_exists(PUN_ROOT.'include/user/'.$cur_include[1])) + error('Unable to process user include <!-- pun_include "'.htmlspecialchars($cur_include[1]).'" --> from template maintenance.tpl. There is no such file in folder /include/user/.'); + + ob_start(); + include PUN_ROOT.'include/user/'.$cur_include[1]; + $tpl_temp = ob_get_contents(); + $tpl_maint = str_replace($cur_include[0], $tpl_temp, $tpl_maint); + ob_end_clean(); + } + // END SUBST - + + + // Close the db connection (and free up any result data) + $pun_db->close(); + + exit($tpl_maint); +} + + +// +// Display $message and redirect user to $destination_url +// +function pun_redirect($destination_url, $message) +{ + global $pun_db, $pun_config, $lang_common, $pun_user, $base_url; + + ($hook = get_hook('fn_redirect_start')) ? eval($hook) : null; + + // Prefix with base_url (unless it's there already) + // if (strpos($destination_url, 'http') !== 0) + // $destination_url = $base_url.'/'.$destination_url; + + // Do a little spring cleaning + $destination_url = preg_replace('/([\r\n])|(%0[ad])|(;[\s]*data[\s]*:)/i', '', $destination_url); + + // If the delay is 0 seconds, we might as well skip the redirect all together + if ($pun_config['o_redirect_delay'] == '0') + header('Location: '.str_replace('&', '&', $destination_url)); + + // Send no-cache headers + header('Expires: Thu, 21 Jul 1977 07:30:00 GMT'); // When yours truly first set eyes on this world! :) + header('Last-Modified: '.gmdate('D, d M Y H:i:s').' GMT'); + header('Cache-Control: post-check=0, pre-check=0', false); + header('Pragma: no-cache'); // For HTTP/1.0 compability + + // Send the Content-type header in case the web server is setup to send something else + header('Content-type: text/html; charset=utf-8'); + + // Load the redirect template + $tpl_redir = trim(file_get_contents(PUN_ROOT.'include/template/redirect.tpl')); + + + // START SUBST - + $tpl_redir = str_replace('', 'xml:lang="'.$lang_common['lang_identifier'].'" lang="'.$lang_common['lang_identifier'].'" dir="'.$lang_common['lang_direction'].'"', $tpl_redir); + // END SUBST - + + + // START SUBST - + ob_start(); + +?> +" /> +<?php echo $lang_common['Redirecting'].' - '.htmlspecialchars($pun_config['o_board_title']) ?> +', $tpl_temp, $tpl_redir); + ob_end_clean(); + // END SUBST - + + + // START SUBST - + ob_start(); + +?> +
+ +

+ +
+

+
+
+

+
+ +
+', $tpl_temp, $tpl_redir); + ob_end_clean(); + // END SUBST - + + + // START SUBST - + if (defined('PUN_SHOW_QUERIES')) + $tpl_redir = str_replace('', get_saved_queries(), $tpl_redir); + + // End the transaction + $pun_db->end_transaction(); + // END SUBST - + + + // START SUBST - + while (preg_match('##', $tpl_redir, $cur_include)) + { + if (!file_exists(PUN_ROOT.'include/user/'.$cur_include[1])) + error('Unable to process user include <!-- pun_include "'.htmlspecialchars($cur_include[1]).'" --> from template redirect.tpl. There is no such file in folder /include/user/.'); + + ob_start(); + include PUN_ROOT.'include/user/'.$cur_include[1]; + $tpl_temp = ob_get_contents(); + $tpl_redir = str_replace($cur_include[0], $tpl_temp, $tpl_redir); + ob_end_clean(); + } + // END SUBST - + + + // Close the db connection (and free up any result data) + $pun_db->close(); + + exit($tpl_redir); +} + + +// +// Display a simple error message +// +function error() +{ + global $pun_config; + + /* + Parse input parameters. Possible function signatures: + error('Error message.'); + error(__FILE__, __LINE__); + error('Error message.', __FILE__, __LINE__); + */ + $num_args = func_num_args(); + if ($num_args == 3) + { + $message = func_get_arg(0); + $file = func_get_arg(1); + $line = func_get_arg(2); + } + else if ($num_args == 2) + { + $file = func_get_arg(0); + $line = func_get_arg(1); + } + else if ($num_args == 1) + $message = func_get_arg(0); + + // Set a default title if the script failed before $pun_config could be populated + if (empty($pun_config)) + $pun_config['o_board_title'] = 'PunBB'; + + // Empty all output buffers and stop buffering + while (@ob_end_clean()); + + // "Restart" output buffering if we are using ob_gzhandler (since the gzip header is already sent) + if (!empty($pun_config['o_gzip']) && extension_loaded('zlib') && (strpos($_SERVER['HTTP_ACCEPT_ENCODING'], 'gzip') !== false || strpos($_SERVER['HTTP_ACCEPT_ENCODING'], 'deflate') !== false)) + ob_start('ob_gzhandler'); + +?> + + + + +Error - <?php echo htmlspecialchars($pun_config['o_board_title']) ?> + + + +

An error was encountered

+
+'.$message.'

'."\n"; + + if ($num_args > 1) + { + if (defined('PUN_DEBUG')) + { + if (isset($file) && isset($line)) + echo '

The error occurred on line '.$line.' in '.$file.'

'."\n"; + + $db_error = isset($GLOBALS['pun_db']) ? $GLOBALS['pun_db']->error() : array(); + if (!empty($db_error['error_msg'])) + { + echo '

Database reported: '.htmlspecialchars($db_error['error_msg']).(($db_error['error_no']) ? ' (Errno: '.$db_error['error_no'].')' : '').'.

'."\n"; + + if ($db_error['error_sql'] != '') + echo '

Failed query: '.htmlspecialchars($db_error['error_sql']).'

'."\n"; + } + } + else + echo '

Note: For detailed error information (necessary for troubleshooting), enable "DEBUG mode". To enable "DEBUG mode", open up the file include/common.php in a text editor and locate the line "//define(\'PUN_DEBUG\', 1);". It it located at the very top of the file below the software license preamble. Then remove the two slashes in the beginning of the line and save/upload the script. Once you\'ve solved the problem, it is recommended that "DEBUG mode" be turned off again (just add the two slashes back again).

'."\n"; + } + +?> + + + +close(); + + exit; +} + + +// +// Unset any variables instantiated as a result of register_globals being enabled +// +function pun_unregister_globals() +{ + $register_globals = @ini_get('register_globals'); + if ($register_globals === "" || $register_globals === "0" || strtolower($register_globals) === "off") + return; + + // Prevent script.php?GLOBALS[foo]=bar + if (isset($_REQUEST['GLOBALS']) || isset($_FILES['GLOBALS'])) + exit('I\'ll have a steak sandwich and... a steak sandwich.'); + + // Variables that shouldn't be unset + $no_unset = array('GLOBALS', '_GET', '_POST', '_COOKIE', '_REQUEST', '_SERVER', '_ENV', '_FILES'); + + // Remove elements in $GLOBALS that are present in any of the superglobals + $input = array_merge($_GET, $_POST, $_COOKIE, $_SERVER, $_ENV, $_FILES, isset($_SESSION) && is_array($_SESSION) ? $_SESSION : array()); + foreach ($input as $k => $v) + { + if (!in_array($k, $no_unset) && isset($GLOBALS[$k])) + { + unset($GLOBALS[$k]); + unset($GLOBALS[$k]); // Double unset to circumvent the zend_hash_del_key_or_index hole in PHP <4.4.3 and <5.1.4 + } + } +} + + +// DEBUG FUNCTIONS BELOW + +// +// Display executed queries (if enabled) +// +function get_saved_queries() +{ + global $pun_db, $lang_common; + + // Get the queries so that we can print them out + $saved_queries = $pun_db->get_saved_queries(); + + $output = ' +
+ +
+

'.$lang_common['Debug table'].'

+
+ +
+ + + + + + + + +'; + + $query_time_total = 0.0; + while (list(, $cur_query) = @each($saved_queries)) + { + $query_time_total += $cur_query[1]; + + $output .= ' + + + + +'; + + } + + $output .= ' + + + + + +
Time (s)Query
'.(($cur_query[1] != 0) ? $cur_query[1] : ' ').''.htmlspecialchars($cur_query[0]).'
'.$query_time_total.' sTotal query time
+
+
+'; + + return $output; +} + + +// +// Dump contents of variable(s) +// +function dump() +{ + echo '
';
+
+	$num_args = func_num_args();
+
+	for ($i = 0; $i < $num_args; ++$i)
+	{
+		print_r(func_get_arg($i));
+		echo "\n\n";
+	}
+
+	echo '
'; + exit; +}