0ct0pu5/FluxBB_by_Visman
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Compare commits

merge into: 0ct0pu5:master
Branches Tags
0ct0pu5:master
0ct0pu5:emoji2
0ct0pu5:emoji
0ct0pu5:my_parser
0ct0pu5:1.5.11.85
0ct0pu5:1.5.11.84
0ct0pu5:1.5.11.83
0ct0pu5:emoji_test2
0ct0pu5:emoji_test
0ct0pu5:1.5.11.82
0ct0pu5:1.5.11.81
0ct0pu5:1.5.11.80
0ct0pu5:1.5.10.79
0ct0pu5:1.5.10.78
0ct0pu5:1.5.10.77
0ct0pu5:1.5.10.76
...
pull from: 0ct0pu5:my_parser
Branches Tags
0ct0pu5:master
0ct0pu5:emoji2
0ct0pu5:emoji
0ct0pu5:my_parser
0ct0pu5:1.5.11.85
0ct0pu5:1.5.11.84
0ct0pu5:1.5.11.83
0ct0pu5:emoji_test2
0ct0pu5:emoji_test
0ct0pu5:1.5.11.82
0ct0pu5:1.5.11.81
0ct0pu5:1.5.11.80
0ct0pu5:1.5.10.79
0ct0pu5:1.5.10.78
0ct0pu5:1.5.10.77
0ct0pu5:1.5.10.76

150 commits
master ... my_parser

Author SHA1 Message Date
Visman
cd3ff4d3ca Fix merge post 2020-08-12 16:26:29 +07:00
Visman
4ca429d0a0 Fix typos 2020-08-04 18:49:25 +07:00
Visman
20e26af787 Add test for DB for a list of actions required to update 2020-08-03 21:06:52 +07:00
Visman
95890ad892 Change language files of the Not Sum plugin 2020-07-29 22:33:51 +07:00
Visman
15f6817e94 Change links to https 2020-07-28 23:03:25 +07:00
Visman
0cb49b0e74 Apply data formatting for server load 2020-07-28 22:56:52 +07:00
Visman
09e435ec74 Update links to accelerators 2020-07-28 22:46:26 +07:00
Visman
a55a31ec95 Change getting data about server load 2020-07-28 22:45:06 +07:00
Visman
f2a1454f41 Fix SQLite(3) drivers 2020-07-28 22:42:57 +07:00
Visman
e46c09f828 Upload Mod v3.0.3 2020-07-28 22:40:37 +07:00
Visman
e23cbd7a8b Upload Mod v3.0.2 
Fix for Opera 12.18
Fix english language
 2020-07-28 22:38:35 +07:00
Visman
387dc6fedd Set http headers for rebuild index 2020-07-28 22:34:38 +07:00
Visman
c31f723be0 SameSite for cookie 2 2020-07-14 22:17:24 +07:00
Visman
3cb8b44290 SameSite for cookie 1 2020-07-14 22:13:33 +07:00
Visman
c28b00d6ea Update .htaccess 2020-06-04 15:01:49 +07:00
Visman
2bf9b334d2 Update revision to 81 2020-05-31 10:02:51 +07:00
Visman
ca85596298 Return to post after reporting 2020-05-31 09:50:21 +07:00
Visman
a3645accae Update .htaccess 2020-05-30 13:22:46 +07:00
Visman
199ff9a519 Update install.php 2020-04-20 12:41:36 +07:00
Visman
89849f21ad Update install.php 2020-04-15 10:01:40 +07:00
Visman
863814662d Update install.php 2020-04-15 10:00:24 +07:00
Visman
68463cece3 Move error configuration 
Now you can configure the error output in the config.php file
 2019-12-22 23:10:08 +07:00
Visman
e90e2d4ba6 Repository configuration 2019-12-22 22:33:46 +07:00
Visman
d1b5ef976d Change add_field() method for SQLite3 
Use the ALTER TABLE command instead of creating a temporary table.
 2019-12-11 16:44:32 +07:00
Visman
c17d9b5b81 Fix decreasing transaction counter 
in database drivers
 2019-12-11 15:51:28 +07:00
Visman
09eac48b4b Remove query length limit for SQLite3 2019-11-30 22:27:00 +07:00
Visman
95eb7f547b Hide name of db for SQLite(3) in errors 2019-11-30 14:27:35 +07:00
Visman
71721a361f Fix censoring for user title (2) 2019-11-30 13:01:54 +07:00
Visman
8f01450b49 Fix censoring for user title 2019-11-30 13:00:36 +07:00
Visman
3a71586c87 Minor change for Upload Mod 
Remove double serialization during automatic reconfiguration of the
modification.
 2019-11-29 18:35:13 +07:00
Visman
df89798cfe Update vendors 2019-11-29 18:23:58 +07:00
Visman
4140fc9bba Change field_exists() method for SQLite3 2019-11-29 17:45:37 +07:00
Visman
d1d50d7031 Fix for PHP 7.4 (4) 2019-11-28 19:32:00 +07:00
Visman
6025cbe42f Fix for PHP 7.4 (3) 
Deprecated: Unparenthesized `a ? b : c ? d : e` is deprecated. Use
either `(a ? b : c) ? d : e` or `a ? b : (c ? d : e)` in
 2019-11-28 18:42:48 +07:00
Visman
2ecdc696ec Fix for PHP 7.4 (2) 
PHP Notice:  Trying to access array offset on value of type null in ...
 2019-11-28 18:16:33 +07:00
Visman
4a32b51692 Fix for PHP 7.4 
PHP Deprecated:  Array and string offset access syntax with curly braces
is deprecated in ...
 2019-11-28 18:01:06 +07:00
Visman
c1c52a67fc Minor change of captcha 2019-11-28 14:17:41 +07:00
Visman
d973ec4c14 Fix pages with email errors 
Removes the output of the file name and line number. This information is
not needed for smtp server error pages.
 2019-11-25 20:26:35 +07:00
Visman
ddcd3ca87d Media.js v2.2.0 2019-11-19 13:42:24 +07:00
Visman
c2404afa78 Add 2 new constants to control SQLite3 
FORUM_SQLITE3_BUSY_TIMEOUT and FORUM_SQLITE3_WAL_ON.
Fix SQLite3 'db is locked' issue.
 2019-11-19 13:39:31 +07:00
Visman
6d80c9b5e9 Upload Mod v3.0.0 + related compatibility changes 2019-11-09 21:16:24 +07:00
Visman
767087546b Updated .htaccess for Uplode Mod 2019-10-17 14:48:53 +07:00
Visman
b6f65dcd79 Fix for SQLite (2) 2019-10-12 20:12:36 +07:00
Visman
def5725370 Fix for SQLite 2019-10-12 20:02:47 +07:00
Visman
2009fc0789 For PHP 7.4 (2) + variable name - typo fix 2019-10-11 18:42:38 +07:00
Visman
f43835c5fd For PHP 7.4 2019-10-11 18:32:19 +07:00
Visman
be6d450c08 Fix for check the markup (HTML, XHTML, …) of Web documents 5 2019-10-10 20:58:20 +07:00
Visman
9d2a55f21f Fix for check the markup (HTML, XHTML, …) of Web documents 4 2019-10-03 21:51:49 +07:00
Visman
22902f7a18 Fix for check the markup (HTML, XHTML, …) of Web documents 3 2019-10-03 17:40:40 +07:00
Visman
f377a23dde Fix for check the markup (HTML, XHTML, …) of Web documents 2 2019-10-03 13:22:52 +07:00
Visman
e551df8eb3 Fix for check the markup (HTML, XHTML, …) of Web documents 2019-10-03 13:05:00 +07:00
Visman
421c4338a3 Fix js for help type page 2019-09-28 18:55:46 +07:00
Visman
e12d22013e upload mod (4) 2019-09-17 12:59:13 +07:00
Visman
a1b833d555 upload mod (3) 2019-09-17 12:54:10 +07:00
Visman
3cb1805f38 upload mod (2) 2019-09-17 12:46:14 +07:00
Visman
cab6bf4a03 upload mod (1) 2019-09-17 12:40:09 +07:00
Visman
d7500f7835 Check for successful resizing avatars changed 2019-09-17 12:34:48 +07:00
Visman
cb130fa8e1 Extended blacklist of file types for upload #2 2019-09-15 20:25:14 +07:00
Visman
212fcd0e53 Extended blacklist of file types for upload 2019-09-15 18:58:21 +07:00
Visman
1fdca90287 Cleaning of avatars_dir 2019-09-12 23:09:08 +07:00
Visman
576f84569b Media.js v2.1.0 2019-07-21 14:23:10 +07:00
Visman
4d998b800e Added cache cleaning when installing 2019-05-23 21:00:33 +07:00
Visman
dce5656d03 Sqlite3 error message 
When installing the engine in Sqlite3 you receive an error message if
you do not check for the users table
 2019-05-23 20:50:44 +07:00
Visman
162320aee8 Version and revision change 2019-01-12 10:56:34 +07:00
Visman
d524641499 Check for duplicates when banning 2019-01-09 15:54:07 +07:00
Visman
1a630085cb Use HTML escaping for some more values 2019-01-07 13:13:41 +07:00
Visman
ab5b9a659b Fix CSRF on register 2019-01-07 11:44:19 +07:00
Visman
f1cae51dab Fix CSRF on forget password 2019-01-07 11:33:22 +07:00
Visman
64009e8061 Fix time formatting when viewing other user's profile 2019-01-06 21:11:00 +07:00
Visman
228d50cf6d Fix CSRF on login 2019-01-06 14:47:27 +07:00
Visman
8bd58446a9 Seed the random number generator, always 2019-01-03 12:11:30 +07:00
Visman
0fc6fe1078 Require more characters for password 2019-01-01 13:07:51 +07:00
Visman
a8f0d6a16c Media.js v1.6.2 2018-11-08 08:31:42 +07:00
Visman
436990e6bb Media.js v1.6.1 2018-10-10 13:21:23 +07:00
Visman
e147c576a0 Corrects the display of bread crumbs when displaying subforums 2018-09-17 18:35:54 +07:00
Visman
89bc8289e8 fix list ordered for bans 
https://fluxbb.org/development/core/tickets/1125/
 2018-09-02 21:05:14 +07:00
Visman
a0722cee75 Avoiding $db->num_rows() in pms_new 2018-09-02 18:30:12 +07:00
Visman
e5d7613978 Avoiding $db->num_rows() in plugins/AP_Smilies.php 2018-09-02 16:56:29 +07:00
Visman
53728b578a Avoiding $db->num_rows() in plugins/AP_Not_Sum.php 2018-09-02 16:53:15 +07:00
Visman
ace3db72cd Avoiding $db->num_rows() in plugins/AP_MergePosts.php 2018-09-02 16:50:19 +07:00
Visman
49e9cf3e6f Avoiding $db->num_rows() in include/subforums_view.php 2018-09-02 16:19:22 +07:00
Visman
aee7312a47 Avoiding $db->num_rows() in include/search_idx.php 2018-09-02 16:14:40 +07:00
Visman
f1d74a7856 Avoiding $db->num_rows() in include/poll.php 2018-09-02 16:10:36 +07:00
Visman
faaf5304a1 Avoiding $db->num_rows() in include/functions.php 2018-09-02 16:07:14 +07:00
Visman
c02be43afe Avoiding $db->num_rows() in include/common_admin.php 2018-09-02 15:59:28 +07:00
Visman
b4116b872a Avoiding $db->num_rows() in include/cache.php 2018-09-02 15:55:46 +07:00
Visman
ba5380a8f8 Avoiding $db->num_rows() in viewtopic.php 2018-09-02 14:25:31 +07:00
Visman
093bf12f11 Avoiding $db->num_rows() in viewforum.php 2018-09-02 14:18:45 +07:00
Visman
c155927642 Avoiding $db->num_rows() in userlist.php 2018-09-02 14:14:43 +07:00
Visman
4a7d892b85 Avoiding $db->num_rows() in upfiles.php 2018-09-02 14:12:27 +07:00
Visman
0a247bf8b9 Avoiding $db->num_rows() in search.php 2018-09-02 14:09:30 +07:00
Visman
3f2a2f43ed Avoiding $db->num_rows() in register.php 2018-09-02 13:48:59 +07:00
Visman
03524165cc Avoiding $db->num_rows() in profile.php 2018-09-02 12:04:53 +07:00
Visman
9ce858f146 Avoiding $db->num_rows() in post.php 2018-09-02 11:34:36 +07:00
Visman
672b507b68 Avoiding $db->num_rows() in pmsnew.php 2018-09-02 11:24:22 +07:00
Visman
e06f053ce4 Avoiding $db->num_rows() in pjq.php 2018-09-02 11:10:21 +07:00
Visman
edd8d2258f Avoiding $db->num_rows() in moderate.php 2018-09-02 11:08:07 +07:00
Visman
faba141ff0 Avoiding $db->num_rows() in misc.php 2018-09-01 23:37:27 +07:00
Visman
822e808581 Avoiding $db->num_rows() in login.php 2018-09-01 21:02:52 +07:00
Visman
4078bd9c8b Avoiding $db->num_rows() in install.php 2018-09-01 20:58:43 +07:00
Visman
6d29804678 Avoiding $db->num_rows() in extern.php 2018-09-01 20:55:20 +07:00
Visman
d8f71af37e Avoiding $db->num_rows() in edit.php 2018-09-01 20:47:36 +07:00
Visman
15bf6c7498 Avoiding $db->num_rows() in delete.php 2018-09-01 20:42:26 +07:00
Visman
a02f249232 Avoiding $db->num_rows() in db_update.php 2018-09-01 20:37:53 +07:00
Visman
590dcc7d02 Added start of transaction to db_update.php 2018-09-01 19:06:15 +07:00
Visman
ee0580989b Avoiding $db->num_rows() in admin_users.php 2018-09-01 18:21:12 +07:00
Visman
e67eb4b086 Avoiding $db->num_rows() in admin_reports.php 2018-09-01 17:37:29 +07:00
Visman
e4659bdf82 Avoiding $db->num_rows() in admin_maintenance.php 2018-09-01 17:22:47 +07:00
Visman
96bae26f92 Avoiding $db->num_rows() in admin_groups.php 2018-09-01 17:07:08 +07:00
Visman
575325d51d Avoiding $db->num_rows() in admin_forums.php 2018-09-01 16:46:03 +07:00
Visman
02890dbff3 Avoiding $db->num_rows() in admin_censoring.php 2018-09-01 16:37:18 +07:00
Visman
005c3e270a Avoiding $db->num_rows() in admin_categories.php 2018-09-01 16:24:31 +07:00
Visman
65d562f66a Avoiding $db->num_rows() in admin_bans.php 2018-09-01 15:39:15 +07:00
Visman
db958f8d8c Avoiding $db->num_rows() 1 2018-08-31 23:15:12 +07:00
Visman
d8b42762d2 Media.js v1.6.0 2018-08-29 21:04:31 +07:00
Visman
ef3c68ce97 Allow errors from mysqli_set_charset() 2018-07-25 14:25:53 +07:00
Visman
54de57c1a6 Changes in readme 2018-07-25 09:21:15 +07:00
Visman
7eb5252512 Require at least PHP 5.6.12 2018-07-22 13:26:04 +07:00
Visman
6563151acb Remove handling of register_globals 2018-07-22 13:16:47 +07:00
Visman
c717363b69 Media.js v1.5.2 2018-07-20 12:00:06 +07:00
Visman
eb049e0b4e HTTP 503 to 500 for error page 2018-07-19 08:58:18 +07:00
Visman
38102c3234 Remove some conditionals for older PHP versions 2018-07-18 21:37:28 +07:00
Visman
14b0c533b3 Change admin alert font color to be readable across all themes 
Ticket #1095
 2018-07-18 12:25:25 +07:00
Visman
3f76732068 503 status for maintenance and error pages 2018-06-30 19:28:03 +07:00
Visman
43ac16d52b New http headers for no-cache pages 
Ticket #1060
 2018-06-29 23:46:43 +07:00
Visman
f690333b2e Store query times independent of locale setting 
Fixes #1098
 2018-06-26 20:41:39 +07:00
Visman
d9c85cd1a0 Remove maxlength for SMTP settings 
Fixes #1101
 2018-06-26 20:29:37 +07:00
Visman
39f8b352fd Improve error message for very short searches 
Fixes #1108.
 2018-06-11 21:10:12 +07:00
Visman
9172a01cca Escape underscore in all LIKE queries 
Fixes #1087.
 2018-06-11 20:58:02 +07:00
Visman
b4600ce090 Support for 4-Byte UTF-8 for MySQL 
It is recommended to do a backup of both your files and database before
upgrading.
Slow DB update.
 2018-05-26 21:44:37 +07:00
Visman
01cc170eff Delete support MySQL (Original) 
This extension was deprecated in PHP 5.5.0, and it was removed in PHP
7.0.0.
 2018-05-22 10:46:36 +07:00
Visman
03c84cdb5b Fix for deprecated mcrypt_create_iv() in PHP 7.2+ 2018-05-20 18:20:49 +07:00
Visman
70e2efc33b Do not return passwords when a registration error occurs 2018-05-19 11:15:01 +07:00
Visman
48ca1bca82 Changing the result returned by forum_password_verify() 2018-05-19 11:01:44 +07:00
Visman
378675aab1 password_hash() and password_verify() for passwords 2018-05-19 10:44:08 +07:00
Visman
89d0fcc821 Merge remote-tracking branch 'refs/remotes/origin/master' into my_parser 2018-05-17 20:02:05 +07:00
Visman
7fba21cb6b Merge remote-tracking branch 'refs/remotes/origin/master' into my_parser 2018-05-17 19:45:59 +07:00
Visman
7f8ad31e10 Merge remote-tracking branch 'refs/remotes/origin/master' into my_parser 2018-05-16 22:46:59 +07:00
Visman
2261af714b Merge remote-tracking branch 'refs/remotes/origin/master' into my_parser 2018-05-16 22:25:45 +07:00
Visman
9da22b9b41 Merge remote-tracking branch 'refs/remotes/origin/master' into my_parser 2018-04-27 09:35:53 +07:00
Visman
7023e4ca9a parserus 0.9.3 2018-04-20 18:35:04 +07:00
Visman
526ea71622 Merge remote-tracking branch 'refs/remotes/origin/master' into my_parser 2018-03-21 12:20:52 +07:00
Visman
05c7a8fca1 Merge remote-tracking branch 'refs/remotes/origin/master' into my_parser 2018-01-28 12:17:36 +07:00
Visman
5833cccead Merge remote-tracking branch 'refs/remotes/origin/master' into my_parser 2018-01-21 20:24:06 +07:00
Visman
e451fb90f2 Merge remote-tracking branch 'refs/remotes/origin/master' into my_parser 2017-11-29 10:37:52 +07:00
Visman
0c8ff17194 Merge remote-tracking branch 'refs/remotes/origin/master' into my_parser 2017-11-27 16:50:45 +07:00
Visman
a533573411 Merge remote-tracking branch 'refs/remotes/origin/master' into my_parser 2017-11-26 23:03:21 +07:00
Visman
9bebc7d677 Fix for 'url' bb-code 2017-11-21 22:59:25 +07:00
Visman
ab6e740466 Removing the old parser 2017-11-15 19:06:02 +07:00
Visman
24d10ada40 My parser for bb-codes 2017-11-15 16:44:43 +07:00
128 changed files with 7151 additions and 4700 deletions
Show stats Expand all files Collapse all files

2
.gitattributes vendored Normal file
View file

@ -0,0 +1,2 @@
.gitattributes export-ignore
.gitignore export-ignore

23
.gitignore vendored Normal file
View file

@ -0,0 +1,23 @@
/cache/*
!/cache/.htaccess
!/cache/index.html
/img/avatars/*
!/img/avatars/index.html
/img/members/*
!/img/members/.htaccess
!/img/members/nofile.gif
/img/smilies/*
!/img/smilies/index.html
!/img/smilies/big_smile.png
!/img/smilies/cool.png
!/img/smilies/hmm.png
!/img/smilies/lol.png
!/img/smilies/mad.png
!/img/smilies/neutral.png
!/img/smilies/roll.png
!/img/smilies/sad.png
!/img/smilies/smile.png
!/img/smilies/tongue.png
!/img/smilies/wink.png
!/img/smilies/yikes.png
/include/config.php

12
addons/security_for_login.php
View file

@ -1,7 +1,7 @@
<?php
/**
* Copyright (C) 2015 Visman (mio.visman@yandex.ru)
* Copyright (C) 2015-2018 Visman (mio.visman@yandex.ru)
* License: http://www.gnu.org/licenses/gpl.html GPL version 2 or higher
*/
@ -14,7 +14,7 @@ class addon_security_for_login extends flux_addon
var $time_max;
var $form_key;
function register($manager)
{
global $pun_user;
@ -96,8 +96,8 @@ class addon_security_for_login extends flux_addon
$key = pun_hash($now.$ip.uniqid(rand(), true));
$form_captcha = '';
$result = $db->query('SELECT 1 FROM '.$db->prefix.'sec_of_login WHERE form_time>'.($now - $this->att_period).' LIMIT '.($this->att_max)) or error('Unable to get sec_of_login data', __FILE__, __LINE__, $db->error());
if ($db->num_rows($result) == $this->att_max)
$result = $db->query('SELECT COUNT(*) FROM '.$db->prefix.'sec_of_login WHERE form_time>'.($now - $this->att_period)) or error('Unable to get sec_of_login data', __FILE__, __LINE__, $db->error());
if ($db->result($result) >= $this->att_max)
{
if (!defined('FORUM_SEC_FUNCTIONS_LOADED'))
include PUN_ROOT.'include/security.php';
@ -107,14 +107,14 @@ class addon_security_for_login extends flux_addon
$db->query('INSERT INTO '.$db->prefix.'sec_of_login (form_key, form_time, form_ip, form_captcha) VALUES(\''.$db->escape($key).'\', '.$now.', \''.$db->escape($ip).'\', \''.$db->escape($form_captcha).'\')') or error('Unable to insert data in sec_of_login', __FILE__, __LINE__, $db->error());
echo "\t\t\t".'<input type="hidden" name="'.pun_htmlspecialchars($this->form_key).'" value="'.pun_htmlspecialchars($key).'" />'."\n";
echo "\t\t\t".'<div><input type="hidden" name="'.pun_htmlspecialchars($this->form_key).'" value="'.pun_htmlspecialchars($key).'" /></div>'."\n";
}
function hook_login_before_validation()
{
global $db, $errors;
if (!defined('FORUM_SEC_FUNCTIONS_LOADED'))
include PUN_ROOT.'include/security.php';

10
addons/security_for_post.php
View file

@ -1,7 +1,7 @@
<?php
/**
* Copyright (C) 2015 Visman (mio.visman@yandex.ru)
* Copyright (C) 2015-2018 Visman (mio.visman@yandex.ru)
* License: http://www.gnu.org/licenses/gpl.html GPL version 2 or higher
*/
@ -14,7 +14,7 @@ class addon_security_for_post extends flux_addon
var $time_max;
var $form_key;
function register($manager)
{
global $pun_user;
@ -100,22 +100,20 @@ class addon_security_for_post extends flux_addon
$ip = get_remote_address();
$key = pun_hash($now.$ip.uniqid(rand(), true));
// $result = $db->query('SELECT 1 FROM '.$db->prefix.'sec_of_post WHERE form_time>'.($now - $this->att_period).' LIMIT '.($this->att_max)) or error('Unable to get sec_of_post data', __FILE__, __LINE__, $db->error());
// $type = ($db->num_rows($result) == $this->att_max);
$enable_acaptcha = isset($pun_config['o_enable_acaptcha']) && $pun_config['o_enable_acaptcha'] == '1';
$form_captcha = security_show_captcha(0, $enable_acaptcha, true);
$db->query('INSERT INTO '.$db->prefix.'sec_of_post (form_key, form_time, form_ip, form_captcha) VALUES(\''.$db->escape($key).'\', '.$now.', \''.$db->escape($ip).'\', \''.$db->escape($form_captcha).'\')') or error('Unable to insert data in sec_of_post', __FILE__, __LINE__, $db->error());
echo "\t\t\t".'<input type="hidden" name="'.pun_htmlspecialchars($this->form_key).'" value="'.pun_htmlspecialchars($key).'" />'."\n";
echo "\t\t\t".'<div><input type="hidden" name="'.pun_htmlspecialchars($this->form_key).'" value="'.pun_htmlspecialchars($key).'" /></div>'."\n";
}
function hook_post_after_validation()
{
global $db, $pun_config, $errors;
if (!defined('FORUM_SEC_FUNCTIONS_LOADED'))
include PUN_ROOT.'include/security.php';

10
addons/security_for_register.php
View file

@ -1,7 +1,7 @@
<?php
/**
* Copyright (C) 2015 Visman (mio.visman@yandex.ru)
* Copyright (C) 2015-2018 Visman (mio.visman@yandex.ru)
* License: http://www.gnu.org/licenses/gpl.html GPL version 2 or higher
*/
@ -14,7 +14,7 @@ class addon_security_for_register extends flux_addon
var $time_max;
var $form_key;
function register($manager)
{
global $pun_user;
@ -98,22 +98,20 @@ class addon_security_for_register extends flux_addon
$ip = get_remote_address();
$key = pun_hash($now.$ip.uniqid(rand(), true));
// $result = $db->query('SELECT 1 FROM '.$db->prefix.'sec_of_register WHERE form_time>'.($now - $this->att_period).' LIMIT '.($this->att_max)) or error('Unable to get sec_of_register data', __FILE__, __LINE__, $db->error());
// $type = ($db->num_rows($result) == $this->att_max);
$enable_acaptcha = isset($pun_config['o_enable_acaptcha']) && $pun_config['o_enable_acaptcha'] == '1';
$form_captcha = security_show_captcha(0, $enable_acaptcha, true);
$db->query('INSERT INTO '.$db->prefix.'sec_of_register (form_key, form_time, form_ip, form_captcha) VALUES(\''.$db->escape($key).'\', '.$now.', \''.$db->escape($ip).'\', \''.$db->escape($form_captcha).'\')') or error('Unable to insert data in sec_of_register', __FILE__, __LINE__, $db->error());
echo "\t\t\t".'<input type="hidden" name="'.pun_htmlspecialchars($this->form_key).'" value="'.pun_htmlspecialchars($key).'" />'."\n";
echo "\t\t\t".'<div><input type="hidden" name="'.pun_htmlspecialchars($this->form_key).'" value="'.pun_htmlspecialchars($key).'" /></div>'."\n";
}
function hook_register_after_validation()
{
global $db, $errors;
if (!defined('FORUM_SEC_FUNCTIONS_LOADED'))
include PUN_ROOT.'include/security.php';

91
admin_bans.php
View file

@ -33,10 +33,12 @@ if (isset($_REQUEST['add_ban']) || isset($_GET['edit_ban']))
message($lang_common['Bad request'], false, '404 Not Found');
$result = $db->query('SELECT group_id, username, email FROM '.$db->prefix.'users WHERE id='.$user_id) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());
if ($db->num_rows($result))
list($group_id, $ban_user, $ban_email) = $db->fetch_row($result);
else
$banned_user_info = $db->fetch_row($result);
if (!$banned_user_info)
message($lang_admin_bans['No user ID message']);
list($group_id, $ban_user, $ban_email) = $banned_user_info;
}
else // Otherwise the username is in POST
{
@ -45,10 +47,12 @@ if (isset($_REQUEST['add_ban']) || isset($_GET['edit_ban']))
if ($ban_user != '')
{
$result = $db->query('SELECT id, group_id, username, email FROM '.$db->prefix.'users WHERE username=\''.$db->escape($ban_user).'\' AND id>1') or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());
if ($db->num_rows($result))
list($user_id, $group_id, $ban_user, $ban_email) = $db->fetch_row($result);
else
$banned_user_info = $db->fetch_row($result);
if (!$banned_user_info)
message($lang_admin_bans['No user message']);
list($user_id, $group_id, $ban_user, $ban_email) = $banned_user_info;
}
}
@ -69,12 +73,15 @@ if (isset($_REQUEST['add_ban']) || isset($_GET['edit_ban']))
if (isset($user_id))
{
$result = $db->query('SELECT poster_ip FROM '.$db->prefix.'posts WHERE poster_id='.$user_id.' ORDER BY posted DESC LIMIT 1') or error('Unable to fetch post info', __FILE__, __LINE__, $db->error());
$ban_ip = ($db->num_rows($result)) ? $db->result($result) : '';
$ban_ip = $db->result($result);
if ($ban_ip == '')
if (!$ban_ip)
{
$result = $db->query('SELECT registration_ip FROM '.$db->prefix.'users WHERE id='.$user_id) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());
$ban_ip = ($db->num_rows($result)) ? $db->result($result) : '';
$ban_ip = $db->result($result);
if (!$ban_ip)
$ban_ip = '';
}
}
@ -87,11 +94,13 @@ if (isset($_REQUEST['add_ban']) || isset($_GET['edit_ban']))
message($lang_common['Bad request'], false, '404 Not Found');
$result = $db->query('SELECT username, ip, email, message, expire FROM '.$db->prefix.'bans WHERE id='.$ban_id) or error('Unable to fetch ban info', __FILE__, __LINE__, $db->error());
if ($db->num_rows($result))
list($ban_user, $ban_ip, $ban_email, $ban_message, $ban_expire) = $db->fetch_row($result);
else
$banned_user_info = $db->fetch_row($result);
if (!$banned_user_info)
message($lang_common['Bad request'], false, '404 Not Found');
list($ban_user, $ban_ip, $ban_email, $ban_message, $ban_expire) = $banned_user_info;
$diff = ($pun_user['timezone'] + $pun_user['dst']) * 3600;
$ban_expire = ($ban_expire != '') ? gmdate('Y-m-d', $ban_expire + $diff) : '';
@ -111,10 +120,10 @@ if (isset($_REQUEST['add_ban']) || isset($_GET['edit_ban']))
<div class="box">
<form id="bans2" method="post" action="admin_bans.php">
<div class="inform">
<input type="hidden" name="mode" value="<?php echo $mode ?>" />
<input type="hidden" name="csrf_hash" value="<?php echo csrf_hash() ?>" />
<?php if ($mode == 'edit'): ?> <input type="hidden" name="ban_id" value="<?php echo $ban_id ?>" />
<?php endif; ?> <fieldset>
<input type="hidden" name="mode" value="<?php echo $mode ?>" />
<input type="hidden" name="csrf_hash" value="<?php echo csrf_hash() ?>" />
<?php if ($mode == 'edit'): ?> <input type="hidden" name="ban_id" value="<?php echo $ban_id ?>" />
<?php endif; ?> <fieldset>
<legend><?php echo $lang_admin_bans['Ban advanced subhead'] ?></legend>
<div class="infldset">
<table class="aligntop">
@ -198,9 +207,11 @@ else if (isset($_POST['add_edit_ban']))
if (!empty($ban_user))
{
$result = $db->query('SELECT group_id FROM '.$db->prefix.'users WHERE username=\''.$db->escape($ban_user).'\' AND id>1') or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());
if ($db->num_rows($result))
$row = $db->fetch_row($result);
if (is_array($row))
{
$group_id = $db->result($result);
$group_id = $row[0];
if ($group_id == PUN_ADMIN)
message(sprintf($lang_admin_bans['User is admin message'], pun_htmlspecialchars($ban_user)));
@ -258,10 +269,26 @@ else if (isset($_POST['add_edit_ban']))
}
require PUN_ROOT.'include/email.php';
if ($ban_email != '' && !is_valid_email($ban_email))
if ($ban_email != '')
{
if (!preg_match('%^[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,63})$%', $ban_email))
$domain = false === strpos($ban_email, '@');
$ban_email_cl = $domain && '.' === $ban_email[0]
? substr($ban_email, 1)
: $ban_email;
if (!is_valid_email($ban_email_cl) && !is_valid_email('test@' . $ban_email_cl))
message($lang_admin_bans['Invalid e-mail message']);
$match = $_POST['mode'] == 'edit' ? intval($_POST['ban_id']) : -1;
$match = is_banned_email(($domain ? '.' : '') . $ban_email_cl, $match);
if (false !== $match)
{
if (true === $match)
message(sprintf($lang_admin_bans['Duplicate e-mail message'], $ban_email));
else
message(sprintf($lang_admin_bans['Duplicate domain message'], $match));
}
}
if ($ban_expire != '' && $ban_expire != 'Never')
@ -333,7 +360,7 @@ else if (isset($_GET['find_ban']))
$expire_after = isset($_GET['expire_after']) ? pun_trim($_GET['expire_after']) : '';
$expire_before = isset($_GET['expire_before']) ? pun_trim($_GET['expire_before']) : '';
$order_by = isset($_GET['order_by']) && in_array($_GET['order_by'], array('username', 'ip', 'email', 'expire')) ? 'b.'.$_GET['order_by'] : 'b.username';
$order_by = isset($_GET['order_by']) && in_array($_GET['order_by'], array('username', 'ip', 'email', 'expire')) ? $_GET['order_by'] : 'username';
$direction = isset($_GET['direction']) && $_GET['direction'] == 'DESC' ? 'DESC' : 'ASC';
$query_str[] = 'order_by='.$order_by;
@ -366,7 +393,7 @@ else if (isset($_GET['find_ban']))
{
if ($input != '' && in_array($key, array('username', 'ip', 'email', 'message')))
{
$conditions[] = 'b.'.$db->escape($key).' '.$like_command.' \''.$db->escape(str_replace('*', '%', $input)).'\'';
$conditions[] = 'b.'.$db->escape($key).' '.$like_command.' \''.$db->escape(str_replace(array('*', '_'), array('%', '\\_'), $input)).'\'';
$query_str[] = 'form%5B'.$key.'%5D='.urlencode($input);
}
}
@ -423,14 +450,14 @@ else if (isset($_GET['find_ban']))
<tbody>
<?php
$result = $db->query('SELECT b.id, b.username, b.ip, b.email, b.message, b.expire, b.ban_creator, u.username AS ban_creator_username FROM '.$db->prefix.'bans AS b LEFT JOIN '.$db->prefix.'users AS u ON b.ban_creator=u.id WHERE b.id>0'.(!empty($conditions) ? ' AND '.implode(' AND ', $conditions) : '').' ORDER BY '.$db->escape($order_by).' '.$db->escape($direction).' LIMIT '.$start_from.', 50') or error('Unable to fetch ban list', __FILE__, __LINE__, $db->error());
if ($db->num_rows($result))
{
while ($ban_data = $db->fetch_assoc($result))
{
$result = $db->query('SELECT b.id, b.username, b.ip, b.email, b.message, b.expire, b.ban_creator, u.username AS ban_creator_username FROM '.$db->prefix.'bans AS b LEFT JOIN '.$db->prefix.'users AS u ON b.ban_creator=u.id WHERE b.id>0'.(!empty($conditions) ? ' AND '.implode(' AND ', $conditions) : '').' ORDER BY b.'.$db->escape($order_by).' '.$db->escape($direction).' LIMIT '.$start_from.', 50') or error('Unable to fetch ban list', __FILE__, __LINE__, $db->error());
$actions = false;
$actions = '<a href="admin_bans.php?edit_ban='.$ban_data['id'].'">'.$lang_admin_common['Edit'].'</a> | <a href="admin_bans.php?del_ban='.$ban_data['id'].'&amp;csrf_hash='.csrf_hash().'">'.$lang_admin_common['Remove'].'</a>';
$expire = format_time($ban_data['expire'], true);
while ($ban_data = $db->fetch_assoc($result))
{
$actions = '<a href="admin_bans.php?edit_ban='.$ban_data['id'].'">'.$lang_admin_common['Edit'].'</a> | <a href="admin_bans.php?del_ban='.$ban_data['id'].'&amp;csrf_hash='.csrf_hash().'">'.$lang_admin_common['Remove'].'</a>';
$expire = format_time($ban_data['expire'], true);
?>
<tr>
@ -444,9 +471,9 @@ else if (isset($_GET['find_ban']))
</tr>
<?php
}
}
else
if (false === $actions)
echo "\t\t\t\t".'<tr><td class="tcl" colspan="7">'.$lang_admin_bans['No match'].'</td></tr>'."\n";
?>
@ -510,8 +537,8 @@ generate_admin_menu('bans');
<div class="box">
<form id="find_bans" method="get" action="admin_bans.php">
<p class="submittop"><input type="submit" name="find_ban" value="<?php echo $lang_admin_bans['Submit search'] ?>" tabindex="3" /></p>
<input type="hidden" name="csrf_hash" value="<?php echo csrf_hash() ?>" />
<div class="inform">
<input type="hidden" name="csrf_hash" value="<?php echo csrf_hash() ?>" />
<fieldset>
<legend><?php echo $lang_admin_bans['Ban search subhead'] ?></legend>
<div class="infldset">

42
admin_categories.php
View file

@ -48,30 +48,26 @@ else if (isset($_POST['del_cat']) || isset($_POST['del_cat_comply']))
@set_time_limit(0);
$result = $db->query('SELECT id FROM '.$db->prefix.'forums WHERE cat_id='.$cat_to_delete) or error('Unable to fetch forum list', __FILE__, __LINE__, $db->error());
$num_forums = $db->num_rows($result);
for ($i = 0; $i < $num_forums; ++$i)
while ($cur_forum = $db->fetch_row($result))
{
$cur_forum = $db->result($result, $i);
// Prune all posts and topics
prune($cur_forum, 1, -1);
prune($cur_forum[0], 1, -1);
// Delete the forum
$db->query('DELETE FROM '.$db->prefix.'forums WHERE id='.$cur_forum) or error('Unable to delete forum', __FILE__, __LINE__, $db->error());
$db->query('DELETE FROM '.$db->prefix.'forums WHERE id='.$cur_forum[0]) or error('Unable to delete forum', __FILE__, __LINE__, $db->error());
}
// Locate any "orphaned redirect topics" and delete them
$result = $db->query('SELECT t1.id FROM '.$db->prefix.'topics AS t1 LEFT JOIN '.$db->prefix.'topics AS t2 ON t1.moved_to=t2.id WHERE t2.id IS NULL AND t1.moved_to IS NOT NULL') or error('Unable to fetch redirect topics', __FILE__, __LINE__, $db->error());
$num_orphans = $db->num_rows($result);
$orphans = [];
if ($num_orphans)
{
for ($i = 0; $i < $num_orphans; ++$i)
$orphans[] = $db->result($result, $i);
while ($row = $db->fetch_row($result))
$orphans[] = $row[0];
if (!empty($orphans))
$db->query('DELETE FROM '.$db->prefix.'topics WHERE id IN('.implode(',', $orphans).')') or error('Unable to delete redirect topics', __FILE__, __LINE__, $db->error());
}
// Delete the category
$db->query('DELETE FROM '.$db->prefix.'categories WHERE id='.$cat_to_delete) or error('Unable to delete category', __FILE__, __LINE__, $db->error());
@ -102,8 +98,8 @@ else if (isset($_POST['del_cat']) || isset($_POST['del_cat_comply']))
<div class="box">
<form method="post" action="admin_categories.php">
<div class="inform">
<input type="hidden" name="cat_to_delete" value="<?php echo $cat_to_delete ?>" />
<input type="hidden" name="csrf_hash" value="<?php echo csrf_hash() ?>" />
<input type="hidden" name="cat_to_delete" value="<?php echo $cat_to_delete ?>" />
<input type="hidden" name="csrf_hash" value="<?php echo csrf_hash() ?>" />
<fieldset>
<legend><?php echo $lang_admin_categories['Confirm delete subhead'] ?></legend>
<div class="infldset">
@ -158,10 +154,12 @@ else if (isset($_POST['update'])) // Change position and name of the categories
// Generate an array with all categories
$result = $db->query('SELECT id, cat_name, disp_position FROM '.$db->prefix.'categories ORDER BY disp_position') or error('Unable to fetch category list', __FILE__, __LINE__, $db->error());
$num_cats = $db->num_rows($result);
$cat_list = [];
for ($i = 0; $i < $num_cats; ++$i)
$cat_list[] = $db->fetch_assoc($result);
while ($row = $db->fetch_assoc($result))
{
$cat_list[] = $row;
}
$page_title = array(pun_htmlspecialchars($pun_config['o_board_title']), $lang_admin_common['Admin'], $lang_admin_common['Categories']);
define('PUN_ACTIVE_PAGE', 'admin');
@ -174,8 +172,8 @@ generate_admin_menu('categories');
<h2><span><?php echo $lang_admin_categories['Add categories head'] ?></span></h2>
<div class="box">
<form method="post" action="admin_categories.php">
<input type="hidden" name="csrf_hash" value="<?php echo csrf_hash() ?>" />
<div class="inform">
<input type="hidden" name="csrf_hash" value="<?php echo csrf_hash() ?>" />
<fieldset>
<legend><?php echo $lang_admin_categories['Add categories subhead'] ?></legend>
<div class="infldset">
@ -194,11 +192,11 @@ generate_admin_menu('categories');
</form>
</div>
<?php if ($num_cats): ?> <h2 class="block2"><span><?php echo $lang_admin_categories['Delete categories head'] ?></span></h2>
<?php if (!empty($cat_list)): ?> <h2 class="block2"><span><?php echo $lang_admin_categories['Delete categories head'] ?></span></h2>
<div class="box">
<form method="post" action="admin_categories.php">
<input type="hidden" name="csrf_hash" value="<?php echo csrf_hash() ?>" />
<div class="inform">
<input type="hidden" name="csrf_hash" value="<?php echo csrf_hash() ?>" />
<fieldset>
<legend><?php echo $lang_admin_categories['Delete categories subhead'] ?></legend>
<div class="infldset">
@ -225,11 +223,11 @@ generate_admin_menu('categories');
</div>
<?php endif; ?>
<?php if ($num_cats): ?> <h2 class="block2"><span><?php echo $lang_admin_categories['Edit categories head'] ?></span></h2>
<?php if (!empty($cat_list)): ?> <h2 class="block2"><span><?php echo $lang_admin_categories['Edit categories head'] ?></span></h2>
<div class="box">
<form method="post" action="admin_categories.php">
<input type="hidden" name="csrf_hash" value="<?php echo csrf_hash() ?>" />
<div class="inform">
<input type="hidden" name="csrf_hash" value="<?php echo csrf_hash() ?>" />
<fieldset>
<legend><?php echo $lang_admin_categories['Edit categories subhead'] ?></legend>
<div class="infldset">

13
admin_censoring.php
View file

@ -36,7 +36,7 @@ if (isset($_POST['add_word']))
$word = $db->escape($search_for);
$result = $db->query('SELECT COUNT(id) FROM '.$db->prefix.'censoring WHERE search_for IN (\''.$word.'\',\'*'.$word.'\',\''.$word.'*\',\'*'.$word.'*\')') or error('Unable to fetch censor word', __FILE__, __LINE__, $db->error());
$nwords = $db->result($result);
// Regenerate the censoring cache
if (!defined('FORUM_CACHE_FUNCTIONS_LOADED'))
require PUN_ROOT.'include/cache.php';
@ -104,8 +104,8 @@ generate_admin_menu('censoring');
<h2><span><?php echo $lang_admin_censoring['Censoring head'] ?></span></h2>
<div class="box">
<form id="censoring" method="post" action="admin_censoring.php">
<input type="hidden" name="csrf_hash" value="<?php echo csrf_hash() ?>" />
<div class="inform">
<input type="hidden" name="csrf_hash" value="<?php echo csrf_hash() ?>" />
<fieldset>
<legend><?php echo $lang_admin_censoring['Add word subhead'] ?></legend>
<div class="infldset">
@ -146,7 +146,9 @@ generate_admin_menu('censoring');
<?php
$result = $db->query('SELECT id, search_for, replace_with FROM '.$db->prefix.'censoring ORDER BY id') or error('Unable to fetch censor word list', __FILE__, __LINE__, $db->error());
if ($db->num_rows($result))
$cur_word = $db->fetch_assoc($result);
if (is_array($cur_word))
{
?>
@ -161,8 +163,11 @@ if ($db->num_rows($result))
<tbody>
<?php
while ($cur_word = $db->fetch_assoc($result))
do
{
echo "\t\t\t\t\t\t\t\t".'<tr><td class="tcl"><input type="text" name="search_for['.$cur_word['id'].']" value="'.pun_htmlspecialchars($cur_word['search_for']).'" size="24" maxlength="60" /></td><td class="tc2"><input type="text" name="replace_with['.$cur_word['id'].']" value="'.pun_htmlspecialchars($cur_word['replace_with']).'" size="24" maxlength="60" /></td><td><input type="submit" name="update['.$cur_word['id'].']" value="'.$lang_admin_common['Update'].'" />&#160;<input type="submit" name="remove['.$cur_word['id'].']" value="'.$lang_admin_common['Remove'].'" /></td></tr>'."\n";
}
while ($cur_word = $db->fetch_assoc($result))
?>
</tbody>

37
admin_forums.php
View file

@ -60,15 +60,13 @@ else if (isset($_GET['del_forum']))
// Locate any "orphaned redirect topics" and delete them
$result = $db->query('SELECT t1.id FROM '.$db->prefix.'topics AS t1 LEFT JOIN '.$db->prefix.'topics AS t2 ON t1.moved_to=t2.id WHERE t2.id IS NULL AND t1.moved_to IS NOT NULL') or error('Unable to fetch redirect topics', __FILE__, __LINE__, $db->error());
$num_orphans = $db->num_rows($result);
$orphans = [];
if ($num_orphans)
{
for ($i = 0; $i < $num_orphans; ++$i)
$orphans[] = $db->result($result, $i);
while ($row = $db->fetch_row($result))
$orphans[] = $row[0];
if (!empty($orphans))
$db->query('DELETE FROM '.$db->prefix.'topics WHERE id IN('.implode(',', $orphans).')') or error('Unable to delete redirect topics', __FILE__, __LINE__, $db->error());
}
// Delete the forum and any forum specific group permissions
$db->query('DELETE FROM '.$db->prefix.'forums WHERE id='.$forum_id) or error('Unable to delete forum', __FILE__, __LINE__, $db->error());
@ -102,8 +100,8 @@ else if (isset($_GET['del_forum']))
<h2><span><?php echo $lang_admin_forums['Confirm delete head'] ?></span></h2>
<div class="box">
<form method="post" action="admin_forums.php?del_forum=<?php echo $forum_id ?>">
<input type="hidden" name="csrf_hash" value="<?php echo csrf_hash() ?>" />
<div class="inform">
<input type="hidden" name="csrf_hash" value="<?php echo csrf_hash() ?>" />
<fieldset>
<legend><?php echo $lang_admin_forums['Confirm delete subhead'] ?></legend>
<div class="infldset">
@ -239,10 +237,11 @@ else if (isset($_GET['edit_forum']))
// Fetch forum info
$result = $db->query('SELECT id, forum_name, forum_desc, redirect_url, num_topics, sort_by, cat_id, parent_forum_id FROM '.$db->prefix.'forums WHERE id='.$forum_id) or error('Unable to fetch forum info', __FILE__, __LINE__, $db->error()); // MOD subforums - Visman
if (!$db->num_rows($result))
$cur_forum = $db->fetch_assoc($result);
if (!$cur_forum)
message($lang_common['Bad request'], false, '404 Not Found');
$cur_forum = $db->fetch_assoc($result);
// MOD subforums - Visman
if (file_exists(PUN_ROOT.'lang/'.$pun_user['language'].'/subforums.php'))
@ -261,9 +260,9 @@ else if (isset($_GET['edit_forum']))
<h2><span><?php echo $lang_admin_forums['Edit forum head'] ?></span></h2>
<div class="box">
<form id="edit_forum" method="post" action="admin_forums.php?edit_forum=<?php echo $forum_id ?>">
<input type="hidden" name="csrf_hash" value="<?php echo csrf_hash() ?>" />
<p class="submittop"><input type="submit" name="save" value="<?php echo $lang_admin_common['Save changes'] ?>" tabindex="6" /></p>
<div class="inform">
<input type="hidden" name="csrf_hash" value="<?php echo csrf_hash() ?>" />
<fieldset>
<legend><?php echo $lang_admin_forums['Edit details subhead'] ?></legend>
<div class="infldset">
@ -317,7 +316,7 @@ else if (isset($_GET['edit_forum']))
function sf_select_view ($id, $cur_forum, $space = '')
{
global $sf_array_tree, $sf_array_asc;
if (empty($sf_array_tree[$id])) return;
$cur_category = 0;
foreach ($sf_array_tree[$id] as $forum_list)
@ -434,13 +433,14 @@ generate_admin_menu('forums');
<?php
$result = $db->query('SELECT id, cat_name FROM '.$db->prefix.'categories ORDER BY disp_position') or error('Unable to fetch category list', __FILE__, __LINE__, $db->error());
$cur_cat = $db->fetch_assoc($result);
if ($db->num_rows($result) > 0)
if (is_array($cur_cat))
{
?>
<input type="hidden" name="csrf_hash" value="<?php echo csrf_hash() ?>" />
<div class="inform">
<input type="hidden" name="csrf_hash" value="<?php echo csrf_hash() ?>" />
<fieldset>
<legend><?php echo $lang_admin_forums['Create new subhead'] ?></legend>
<div class="infldset">
@ -451,8 +451,11 @@ if ($db->num_rows($result) > 0)
<select name="add_to_cat" tabindex="1">
<?php
while ($cur_cat = $db->fetch_assoc($result))
do
{
echo "\t\t\t\t\t\t\t\t\t\t\t".'<option value="'.$cur_cat['id'].'">'.pun_htmlspecialchars($cur_cat['cat_name']).'</option>'."\n";
}
while ($cur_cat = $db->fetch_assoc($result))
?>
</select>
@ -498,8 +501,10 @@ if (!empty($sf_array_tree[0])) // MOD subforums - Visman
<h2 class="block2"><span><?php echo $lang_admin_forums['Edit forums head'] ?></span></h2>
<div class="box">
<form id="edforum" method="post" action="admin_forums.php?action=edit">
<input type="hidden" name="csrf_hash" value="<?php echo csrf_hash() ?>" />
<p class="submittop"><input type="submit" name="update_positions" value="<?php echo $lang_admin_forums['Update positions'] ?>" tabindex="3" /></p>
<p class="submittop">
<input type="hidden" name="csrf_hash" value="<?php echo csrf_hash() ?>" />
<input type="submit" name="update_positions" value="<?php echo $lang_admin_forums['Update positions'] ?>" tabindex="3" />
</p>
<?php
$cur_index = 4;

27
admin_groups.php
View file

@ -329,11 +329,11 @@ else if (isset($_POST['add_edit_group']))
$view_users = (isset($_POST['view_users']) && $_POST['view_users'] == '1') || $is_admin_group ? '1' : '0';
$post_replies = isset($_POST['post_replies']) ? intval($_POST['post_replies']) : '1';
$post_topics = isset($_POST['post_topics']) ? intval($_POST['post_topics']) : '1';
$edit_posts = isset($_POST['edit_posts']) ? intval($_POST['edit_posts']) : ($is_admin_group) ? '1' : '0';
$delete_posts = isset($_POST['delete_posts']) ? intval($_POST['delete_posts']) : ($is_admin_group) ? '1' : '0';
$delete_topics = isset($_POST['delete_topics']) ? intval($_POST['delete_topics']) : ($is_admin_group) ? '1' : '0';
$edit_posts = (isset($_POST['edit_posts']) && $_POST['edit_posts'] == '1') || $is_admin_group ? '1' : '0';
$delete_posts = (isset($_POST['delete_posts']) && $_POST['delete_posts'] == '1') || $is_admin_group ? '1' : '0';
$delete_topics = (isset($_POST['delete_topics']) && $_POST['delete_topics'] == '1') || $is_admin_group ? '1' : '0';
$post_links = isset($_POST['post_links']) ? intval($_POST['post_links']) : '1';
$set_title = isset($_POST['set_title']) ? intval($_POST['set_title']) : ($is_admin_group) ? '1' : '0';
$set_title = (isset($_POST['set_title']) && $_POST['set_title'] == '1') || $is_admin_group ? '1' : '0';
$search = isset($_POST['search']) ? intval($_POST['search']) : '1';
$search_users = isset($_POST['search_users']) ? intval($_POST['search_users']) : '1';
$send_email = (isset($_POST['send_email']) && $_POST['send_email'] == '1') || $is_admin_group ? '1' : '0';
@ -350,7 +350,7 @@ else if (isset($_POST['add_edit_group']))
if ($_POST['mode'] == 'add')
{
$result = $db->query('SELECT 1 FROM '.$db->prefix.'groups WHERE g_title=\''.$db->escape($title).'\'') or error('Unable to check group title collision', __FILE__, __LINE__, $db->error());
if ($db->num_rows($result))
if ($db->result($result))
message(sprintf($lang_admin_groups['Title already exists message'], pun_htmlspecialchars($title)));
$db->query('INSERT INTO '.$db->prefix.'groups (g_title, g_user_title, g_promote_min_posts, g_promote_next_group, g_moderator, g_mod_edit_users, g_mod_rename_users, g_mod_change_passwords, g_mod_ban_users, g_mod_promote_users, g_read_board, g_view_users, g_post_replies, g_post_topics, g_edit_posts, g_delete_posts, g_delete_topics, g_post_links, g_set_title, g_search, g_search_users, g_send_email, g_post_flood, g_search_flood, g_email_flood, g_report_flood) VALUES(\''.$db->escape($title).'\', '.$user_title.', '.$promote_min_posts.', '.$promote_next_group.', '.$moderator.', '.$mod_edit_users.', '.$mod_rename_users.', '.$mod_change_passwords.', '.$mod_ban_users.', '.$mod_promote_users.', '.$read_board.', '.$view_users.', '.$post_replies.', '.$post_topics.', '.$edit_posts.', '.$delete_posts.', '.$delete_topics.', '.$post_links.', '.$set_title.', '.$search.', '.$search_users.', '.$send_email.', '.$post_flood.', '.$search_flood.', '.$email_flood.', '.$report_flood.')') or error('Unable to add group', __FILE__, __LINE__, $db->error());
@ -364,7 +364,7 @@ else if (isset($_POST['add_edit_group']))
else
{
$result = $db->query('SELECT 1 FROM '.$db->prefix.'groups WHERE g_title=\''.$db->escape($title).'\' AND g_id!='.intval($_POST['group_id'])) or error('Unable to check group title collision', __FILE__, __LINE__, $db->error());
if ($db->num_rows($result))
if ($db->result($result))
message(sprintf($lang_admin_groups['Title already exists message'], pun_htmlspecialchars($title)));
$db->query('UPDATE '.$db->prefix.'groups SET g_title=\''.$db->escape($title).'\', g_user_title='.$user_title.', g_promote_min_posts='.$promote_min_posts.', g_promote_next_group='.$promote_next_group.', g_moderator='.$moderator.', g_mod_edit_users='.$mod_edit_users.', g_mod_rename_users='.$mod_rename_users.', g_mod_change_passwords='.$mod_change_passwords.', g_mod_ban_users='.$mod_ban_users.', g_mod_promote_users='.$mod_promote_users.', g_read_board='.$read_board.', g_view_users='.$view_users.', g_post_replies='.$post_replies.', g_post_topics='.$post_topics.', g_edit_posts='.$edit_posts.', g_delete_posts='.$delete_posts.', g_delete_topics='.$delete_topics.', g_post_links='.$post_links.', g_set_title='.$set_title.', g_search='.$search.', g_search_users='.$search_users.', g_send_email='.$send_email.', g_post_flood='.$post_flood.', g_search_flood='.$search_flood.', g_email_flood='.$email_flood.', g_report_flood='.$report_flood.' WHERE g_id='.intval($_POST['group_id'])) or error('Unable to update group', __FILE__, __LINE__, $db->error());
@ -430,9 +430,10 @@ else if (isset($_GET['del_group']))
// Check if this group has any members
$result = $db->query('SELECT g.g_title, COUNT(u.id) FROM '.$db->prefix.'groups AS g INNER JOIN '.$db->prefix.'users AS u ON g.g_id=u.group_id WHERE g.g_id='.$group_id.' GROUP BY g.g_id, g_title') or error('Unable to fetch group info', __FILE__, __LINE__, $db->error());
$group_info = $db->fetch_row($result);
// If the group doesn't have any members or if we've already selected a group to move the members to
if (!$db->num_rows($result) || isset($_POST['del_group']))
if (!$group_info || isset($_POST['del_group']))
{
if (isset($_POST['del_group_comply']) || isset($_POST['del_group']))
{
@ -468,8 +469,8 @@ else if (isset($_GET['del_group']))
<div class="box">
<form method="post" action="admin_groups.php?del_group=<?php echo $group_id ?>">
<div class="inform">
<input type="hidden" name="group_to_delete" value="<?php echo $group_id ?>" />
<input type="hidden" name="csrf_hash" value="<?php echo csrf_hash() ?>" />
<input type="hidden" name="group_to_delete" value="<?php echo $group_id ?>" />
<input type="hidden" name="csrf_hash" value="<?php echo csrf_hash() ?>" />
<fieldset>
<legend><?php echo $lang_admin_groups['Confirm delete subhead'] ?></legend>
<div class="infldset">
@ -490,7 +491,7 @@ else if (isset($_GET['del_group']))
}
}
list($group_title, $group_members) = $db->fetch_row($result);
list($group_title, $group_members) = $group_info;
$page_title = array(pun_htmlspecialchars($pun_config['o_board_title']), $lang_admin_common['Admin'], $lang_admin_common['User groups']);
define('PUN_ACTIVE_PAGE', 'admin');
@ -503,8 +504,8 @@ else if (isset($_GET['del_group']))
<h2><span><?php echo $lang_admin_groups['Delete group head'] ?></span></h2>
<div class="box">
<form id="groups" method="post" action="admin_groups.php?del_group=<?php echo $group_id ?>">
<input type="hidden" name="csrf_hash" value="<?php echo csrf_hash() ?>" />
<div class="inform">
<input type="hidden" name="csrf_hash" value="<?php echo csrf_hash() ?>" />
<fieldset>
<legend><?php echo $lang_admin_groups['Move users subhead'] ?></legend>
<div class="infldset">
@ -552,8 +553,8 @@ generate_admin_menu('groups');
<h2><span><?php echo $lang_admin_groups['Add groups head'] ?></span></h2>
<div class="box">
<form id="groups" method="post" action="admin_groups.php">
<input type="hidden" name="csrf_hash" value="<?php echo csrf_hash() ?>" />
<div class="inform">
<input type="hidden" name="csrf_hash" value="<?php echo csrf_hash() ?>" />
<fieldset>
<legend><?php echo $lang_admin_groups['Add group subhead'] ?></legend>
<div class="infldset">
@ -633,7 +634,7 @@ $cur_index = 5;
foreach ($groups as $cur_group)
echo "\t\t\t\t\t\t\t\t".'<tr><th scope="row"><a href="admin_groups.php?edit_group='.$cur_group['g_id'].'" tabindex="'.$cur_index++.'">'.$lang_admin_groups['Edit link'].'</a>'.(($cur_group['g_id'] > PUN_MEMBER) ? ' | <a href="admin_groups.php?del_group='.$cur_group['g_id'].'&amp;csrf_hash='.csrf_hash().'" tabindex="'.$cur_index++.'">'.$lang_admin_groups['Delete link'].'</a>' : '').'</th><td>'.pun_htmlspecialchars($cur_group['g_title']).'</td></tr>'."\n";
?>
</table>
</div>

6
admin_index.php
View file

@ -28,14 +28,14 @@ if ($action == 'check_upgrade')
if (!ini_get('allow_url_fopen'))
message($lang_admin_index['fopen disabled message']);
$latest_version = trim(@file_get_contents('http://fluxbb.org/latest_version'));
$latest_version = trim(@file_get_contents('https://fluxbb.org/latest_version'));
if (empty($latest_version))
message($lang_admin_index['Upgrade check failed message']);
if (version_compare($pun_config['o_cur_version'], $latest_version, '>='))
message($lang_admin_index['Running latest version message']);
else
message(sprintf($lang_admin_index['New version available message'], '<a href="http://fluxbb.org/">FluxBB.org</a>'));
message(sprintf($lang_admin_index['New version available message'], '<a href="https://fluxbb.org/">FluxBB.org</a>'));
}
// Remove install.php
else if ($action == 'remove_install_file')
@ -97,7 +97,7 @@ generate_admin_menu('index');
</dd>
<dt><?php echo $lang_admin_index['Support label'] ?></dt>
<dd>
<a href="http://fluxbb.org/forums/index.php"><?php echo $lang_admin_index['Forum label'] ?></a> - <a href="http://fluxbb.org/community/irc.html"><?php echo $lang_admin_index['IRC label'] ?></a>
<a href="https://fluxbb.org/forums/index.php"><?php echo $lang_admin_index['Forum label'] ?></a> - <a href="https://fluxbb.org/community/irc.html"><?php echo $lang_admin_index['IRC label'] ?></a>
</dd>
</dl>
</div>

31
admin_maintenance.php
View file

@ -60,6 +60,8 @@ if ($action == 'rebuild')
$page_title = array(pun_htmlspecialchars($pun_config['o_board_title']), $lang_admin_maintenance['Rebuilding search index']);
forum_http_headers();
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
@ -111,9 +113,10 @@ h1 {
if ($end_at > 0)
{
$result = $db->query('SELECT id FROM '.$db->prefix.'posts WHERE id > '.$end_at.' ORDER BY id ASC LIMIT 1') or error('Unable to fetch next ID', __FILE__, __LINE__, $db->error());
$next = $db->result($result);
if ($db->num_rows($result) > 0)
$query_str = '?action=rebuild&csrf_hash='.csrf_hash().'&i_per_page='.$per_page.'&i_start_at='.$db->result($result);
if (!empty($next))
$query_str = '?action=rebuild&csrf_hash='.csrf_hash().'&i_per_page='.$per_page.'&i_start_at='.$next;
}
$db->end_transaction();
@ -139,14 +142,11 @@ if ($action == 'prune')
if ($prune_from == 'all')
{
$result = $db->query('SELECT id FROM '.$db->prefix.'forums') or error('Unable to fetch forum list', __FILE__, __LINE__, $db->error());
$num_forums = $db->num_rows($result);
for ($i = 0; $i < $num_forums; ++$i)
while ($forum = $db->fetch_row($result))
{
$fid = $db->result($result, $i);
prune($fid, $prune_sticky, $prune_date);
update_forum($fid);
prune($forum[0], $prune_sticky, $prune_date);
update_forum($forum[0]);
}
}
else
@ -158,15 +158,13 @@ if ($action == 'prune')
// Locate any "orphaned redirect topics" and delete them
$result = $db->query('SELECT t1.id FROM '.$db->prefix.'topics AS t1 LEFT JOIN '.$db->prefix.'topics AS t2 ON t1.moved_to=t2.id WHERE t2.id IS NULL AND t1.moved_to IS NOT NULL') or error('Unable to fetch redirect topics', __FILE__, __LINE__, $db->error());
$num_orphans = $db->num_rows($result);
$orphans = [];
if ($num_orphans)
{
for ($i = 0; $i < $num_orphans; ++$i)
$orphans[] = $db->result($result, $i);
while ($row = $db->fetch_row($result))
$orphans[] = $row[0];
if (!empty($orphans))
$db->query('DELETE FROM '.$db->prefix.'topics WHERE id IN('.implode(',', $orphans).')') or error('Unable to delete redirect topics', __FILE__, __LINE__, $db->error());
}
redirect('admin_maintenance.php', $lang_admin_maintenance['Posts pruned redirect']);
}
@ -242,8 +240,7 @@ if ($action == 'prune')
// Get the first post ID from the db
$result = $db->query('SELECT id FROM '.$db->prefix.'posts ORDER BY id ASC LIMIT 1') or error('Unable to fetch topic info', __FILE__, __LINE__, $db->error());
if ($db->num_rows($result))
$first_id = $db->result($result);
$first_id = $db->result($result);
$page_title = array(pun_htmlspecialchars($pun_config['o_board_title']), $lang_admin_common['Admin'], $lang_admin_common['Maintenance']);
define('PUN_ACTIVE_PAGE', 'admin');
@ -274,7 +271,7 @@ generate_admin_menu('maintenance');
<tr>
<th scope="row"><?php echo $lang_admin_maintenance['Starting post label'] ?></th>
<td>
<input type="text" name="i_start_at" size="7" maxlength="7" value="<?php echo (isset($first_id)) ? $first_id : 0 ?>" tabindex="2" />
<input type="text" name="i_start_at" size="7" maxlength="7" value="<?php echo (empty($first_id) ? 0 : $first_id) ?>" tabindex="2" />
<span><?php echo $lang_admin_maintenance['Starting post help'] ?></span>
</td>
</tr>

8
admin_options.php
View file

@ -63,7 +63,7 @@ if (isset($_POST['form_sent']))
'report_method' => intval($_POST['form']['report_method']),
'mailing_list' => pun_trim($_POST['form']['mailing_list']),
'avatars' => $_POST['form']['avatars'] != '1' ? '0' : '1',
'avatars_dir' => pun_trim($_POST['form']['avatars_dir']),
'avatars_dir' => str_replace([':', '//'], '', pun_trim($_POST['form']['avatars_dir'])),
'avatars_width' => (intval($_POST['form']['avatars_width']) > 0) ? intval($_POST['form']['avatars_width']) : 1,
'avatars_height' => (intval($_POST['form']['avatars_height']) > 0) ? intval($_POST['form']['avatars_height']) : 1,
'avatars_size' => (intval($_POST['form']['avatars_size']) > 0) ? intval($_POST['form']['avatars_size']) : 1,
@ -736,14 +736,14 @@ generate_admin_menu('options');
<tr>
<th scope="row"><?php echo $lang_admin_options['SMTP address label'] ?></th>
<td>
<input type="text" name="form[smtp_host]" size="30" maxlength="100" value="<?php echo pun_htmlspecialchars($pun_config['o_smtp_host']) ?>" />
<input type="text" name="form[smtp_host]" size="30" value="<?php echo pun_htmlspecialchars($pun_config['o_smtp_host']) ?>" />
<span><?php echo $lang_admin_options['SMTP address help'] ?></span>
</td>
</tr>
<tr>
<th scope="row"><?php echo $lang_admin_options['SMTP username label'] ?></th>
<td>
<input type="text" name="form[smtp_user]" size="25" maxlength="50" value="<?php echo pun_htmlspecialchars($pun_config['o_smtp_user']) ?>" />
<input type="text" name="form[smtp_user]" size="25" value="<?php echo pun_htmlspecialchars($pun_config['o_smtp_user']) ?>" />
<span><?php echo $lang_admin_options['SMTP username help'] ?></span>
</td>
</tr>
@ -780,7 +780,7 @@ generate_admin_menu('options');
<label class="conl"><input type="radio" name="form[regs_allow]" value="1"<?php if ($pun_config['o_regs_allow'] == '1') echo ' checked="checked"' ?> />&#160;<strong><?php echo $lang_admin_common['Yes'] ?></strong></label>
<label class="conl"><input type="radio" name="form[regs_allow]" value="0"<?php if ($pun_config['o_regs_allow'] == '0') echo ' checked="checked"' ?> />&#160;<strong><?php echo $lang_admin_common['No'] ?></strong></label>
<span class="clearb"><?php echo $lang_admin_options['Allow new help'] ?></span>
</td>
</td>
</tr>
<tr>
<th scope="row"><?php echo $lang_admin_options['Verify label'] ?></th>

21
admin_reports.php
View file

@ -35,9 +35,10 @@ if (isset($_POST['zap_id']))
// Delete old reports (which cannot be viewed anyway)
$result = $db->query('SELECT zapped FROM '.$db->prefix.'reports WHERE zapped IS NOT NULL ORDER BY zapped DESC LIMIT 10,1') or error('Unable to fetch read reports to delete', __FILE__, __LINE__, $db->error());
if ($db->num_rows($result) > 0)
$zapped_threshold = $db->result($result);
if (!empty($zapped_threshold))
{
$zapped_threshold = $db->result($result);
$db->query('DELETE FROM '.$db->prefix.'reports WHERE zapped <= '.$zapped_threshold) or error('Unable to delete old read reports', __FILE__, __LINE__, $db->error());
}
@ -56,14 +57,17 @@ generate_admin_menu('reports');
<h2><span><?php echo $lang_admin_reports['New reports head'] ?></span></h2>
<div class="box">
<form method="post" action="admin_reports.php?action=zap">
<input type="hidden" name="csrf_hash" value="<?php echo csrf_hash() ?>" />
<div>
<input type="hidden" name="csrf_hash" value="<?php echo csrf_hash() ?>" />
</div>
<?php
$result = $db->query('SELECT r.id, r.topic_id, r.forum_id, r.reported_by, r.created, r.message, p.id AS pid, t.subject, f.forum_name, u.username AS reporter FROM '.$db->prefix.'reports AS r LEFT JOIN '.$db->prefix.'posts AS p ON r.post_id=p.id LEFT JOIN '.$db->prefix.'topics AS t ON r.topic_id=t.id LEFT JOIN '.$db->prefix.'forums AS f ON r.forum_id=f.id LEFT JOIN '.$db->prefix.'users AS u ON r.reported_by=u.id WHERE r.zapped IS NULL ORDER BY created DESC') or error('Unable to fetch report list', __FILE__, __LINE__, $db->error());
$cur_report = $db->fetch_assoc($result);
if ($db->num_rows($result))
if (is_array($cur_report))
{
while ($cur_report = $db->fetch_assoc($result))
do
{
$reporter = ($cur_report['reporter'] != '') ? '<a href="profile.php?id='.$cur_report['reported_by'].'">'.pun_htmlspecialchars($cur_report['reporter']).'</a>' : $lang_admin_reports['Deleted user'];
$forum = ($cur_report['forum_name'] != '') ? '<span><a href="viewforum.php?id='.$cur_report['forum_id'].'">'.pun_htmlspecialchars($cur_report['forum_name']).'</a></span>' : '<span>'.$lang_admin_reports['Deleted'].'</span>';
@ -93,6 +97,7 @@ if ($db->num_rows($result))
<?php
}
while ($cur_report = $db->fetch_assoc($result));
}
else
{
@ -122,10 +127,11 @@ else
<?php
$result = $db->query('SELECT r.id, r.topic_id, r.forum_id, r.reported_by, r.message, r.zapped, r.zapped_by AS zapped_by_id, p.id AS pid, t.subject, f.forum_name, u.username AS reporter, u2.username AS zapped_by FROM '.$db->prefix.'reports AS r LEFT JOIN '.$db->prefix.'posts AS p ON r.post_id=p.id LEFT JOIN '.$db->prefix.'topics AS t ON r.topic_id=t.id LEFT JOIN '.$db->prefix.'forums AS f ON r.forum_id=f.id LEFT JOIN '.$db->prefix.'users AS u ON r.reported_by=u.id LEFT JOIN '.$db->prefix.'users AS u2 ON r.zapped_by=u2.id WHERE r.zapped IS NOT NULL ORDER BY zapped DESC LIMIT 10') or error('Unable to fetch report list', __FILE__, __LINE__, $db->error());
$cur_report = $db->fetch_assoc($result);
if ($db->num_rows($result))
if (is_array($cur_report))
{
while ($cur_report = $db->fetch_assoc($result))
do
{
$reporter = ($cur_report['reporter'] != '') ? '<a href="profile.php?id='.$cur_report['reported_by'].'">'.pun_htmlspecialchars($cur_report['reporter']).'</a>' : $lang_admin_reports['Deleted user'];
$forum = ($cur_report['forum_name'] != '') ? '<span><a href="viewforum.php?id='.$cur_report['forum_id'].'">'.pun_htmlspecialchars($cur_report['forum_name']).'</a></span>' : '<span>'.$lang_admin_reports['Deleted'].'</span>';
@ -157,6 +163,7 @@ if ($db->num_rows($result))
<?php
}
while ($cur_report = $db->fetch_assoc($result));
}
else
{

50
admin_statistics.php
View file

@ -36,29 +36,31 @@ if ($action == 'phpinfo' && $pun_user['g_id'] == PUN_ADMIN)
// Get the server load averages (if possible)
if (@file_exists('/proc/loadavg') && is_readable('/proc/loadavg'))
$server_load = $lang_admin_index['Not available'];
switch (strtoupper(substr(PHP_OS, 0, 3)))
{
// We use @ just in case
$fh = @fopen('/proc/loadavg', 'r');
$load_averages = @fread($fh, 64);
@fclose($fh);
case 'WIN':
@exec('wmic cpu get loadpercentage /all', $output_load);
if (!empty($output_load) && preg_match('%(?:^|==)(\d+)(?:$|==)%', implode('==', $output_load) , $load_percentage))
{
$server_load = $load_percentage[1].' %';
}
break;
default:
if (function_exists('sys_getloadavg'))
{
$load_averages = sys_getloadavg();
$server_load = forum_number_format($load_averages[0], 2).' '.forum_number_format($load_averages[1], 2).' '.forum_number_format($load_averages[2], 2);
break;
}
if (($fh = @fopen('/proc/loadavg', 'r')))
{
$load_averages = fread($fh, 64);
fclose($fh);
}
else
$load_averages = '';
$load_averages = @explode(' ', $load_averages);
$server_load = isset($load_averages[2]) ? $load_averages[0].' '.$load_averages[1].' '.$load_averages[2] : $lang_admin_index['Not available'];
@exec('uptime', $output_load);
if (!empty($output_load) && preg_match('%averages?: ([0-9\.]+),?\s+([0-9\.]+),?\s+([0-9\.]+)%i', implode(' ', $output_load) , $load_averages))
{
$server_load = forum_number_format($load_averages[1], 2).' '.forum_number_format($load_averages[2], 2).' '.forum_number_format($load_averages[3], 2);
break;
}
}
else if (!in_array(PHP_OS, array('WINNT', 'WIN32')) && preg_match('%averages?: ([0-9\.]+),?\s+([0-9\.]+),?\s+([0-9\.]+)%i', @exec('uptime'), $load_averages))
$server_load = $load_averages[1].' '.$load_averages[2].' '.$load_averages[3];
else
$server_load = $lang_admin_index['Not available'];
// Get number of current visitors
$result = $db->query('SELECT COUNT(user_id) FROM '.$db->prefix.'online WHERE idle=0') or error('Unable to fetch online count', __FILE__, __LINE__, $db->error());
@ -84,17 +86,17 @@ if ($db_type == 'mysql' || $db_type == 'mysqli' || $db_type == 'mysql_innodb' ||
// Check for the existence of various PHP opcode caches/optimizers
if (ini_get('opcache.enable') && function_exists('opcache_invalidate'))
$php_accelerator = '<a href="https://secure.php.net/opcache/">Zend OPcache</a>';
$php_accelerator = '<a href="https://www.php.net/opcache/">Zend OPcache</a>';
elseif (ini_get('wincache.fcenabled'))
$php_accelerator = '<a href="https://secure.php.net/wincache/">Windows Cache for PHP</a>';
$php_accelerator = '<a href="https://www.php.net/wincache/">Windows Cache for PHP</a>';
elseif (ini_get('apc.enabled') && function_exists('apc_delete_file'))
$php_accelerator = '<a href="https://secure.php.net/apc/">Alternative PHP Cache (APC)</a>';
$php_accelerator = '<a href="https://www.php.net/apc/">Alternative PHP Cache (APC)</a>';
elseif (isset($_PHPA))
$php_accelerator = '<a href="https://www.ioncube.com/">ionCube PHP Accelerator</a>';
else if (ini_get('eaccelerator.enable'))
$php_accelerator = '<a href="http://eaccelerator.net/">eAccelerator</a>';
elseif (ini_get('xcache.cacher'))
$php_accelerator = '<a href="https://xcache.lighttpd.net/">XCache</a>';
$php_accelerator = '<a href="https://web.archive.org/web/20120224193029/http://xcache.lighttpd.net/">XCache</a>';
else
$php_accelerator = $lang_admin_index['NA'];

79
admin_users.php
View file

@ -36,8 +36,8 @@ if (isset($_GET['ip_stats']))
message($lang_common['Bad request'], false, '404 Not Found');
// Fetch ip count
$result = $db->query('SELECT poster_ip, MAX(posted) AS last_used FROM '.$db->prefix.'posts WHERE poster_id='.$ip_stats.' GROUP BY poster_ip') or error('Unable to fetch post info', __FILE__, __LINE__, $db->error());
$num_ips = $db->num_rows($result);
$result = $db->query('SELECT COUNT(*) FROM (SELECT DISTINCT poster_ip FROM '.$db->prefix.'posts WHERE poster_id='.$ip_stats.') AS temp') or error('Unable to fetch post info', __FILE__, __LINE__, $db->error());
$num_ips = $db->result($result);
// Determine the ip offset (based on $_GET['p'])
$num_pages = ceil($num_ips / 50);
@ -84,9 +84,11 @@ if (isset($_GET['ip_stats']))
<?php
$result = $db->query('SELECT poster_ip, MAX(posted) AS last_used, COUNT(id) AS used_times FROM '.$db->prefix.'posts WHERE poster_id='.$ip_stats.' GROUP BY poster_ip ORDER BY last_used DESC LIMIT '.$start_from.', 50') or error('Unable to fetch post info', __FILE__, __LINE__, $db->error());
if ($db->num_rows($result))
$cur_ip = $db->fetch_assoc($result);
if (is_array($cur_ip))
{
while ($cur_ip = $db->fetch_assoc($result))
do
{
?>
@ -99,6 +101,7 @@ if (isset($_GET['ip_stats']))
<?php
}
while ($cur_ip = $db->fetch_assoc($result));
}
else
echo "\t\t\t\t".'<tr><td class="tcl" colspan="4">'.$lang_admin_users['Results no posts found'].'</td></tr>'."\n";
@ -137,8 +140,8 @@ if (isset($_GET['show_users']))
message($lang_admin_users['Bad IP message']);
// Fetch user count
$result = $db->query('SELECT DISTINCT poster_id, poster FROM '.$db->prefix.'posts WHERE poster_ip=\''.$db->escape($ip).'\'') or error('Unable to fetch post info', __FILE__, __LINE__, $db->error());
$num_users = $db->num_rows($result);
$result = $db->query('SELECT COUNT(*) FROM (SELECT DISTINCT poster_id FROM '.$db->prefix.'posts WHERE poster_ip=\''.$db->escape($ip).'\') AS temp') or error('Unable to fetch post info', __FILE__, __LINE__, $db->error());
$num_users = $db->result($result);
// Determine the user offset (based on $_GET['p'])
$num_pages = ceil($num_users / 50);
@ -187,17 +190,16 @@ if (isset($_GET['show_users']))
<?php
$result = $db->query('SELECT DISTINCT poster_id, poster FROM '.$db->prefix.'posts WHERE poster_ip=\''.$db->escape($ip).'\' ORDER BY poster ASC LIMIT '.$start_from.', 50') or error('Unable to fetch post info', __FILE__, __LINE__, $db->error());
$num_posts = $db->num_rows($result);
$posters = $poster_ids = array();
if ($num_posts)
while ($cur_poster = $db->fetch_assoc($result))
{
$posters = $poster_ids = array();
while ($cur_poster = $db->fetch_assoc($result))
{
$posters[] = $cur_poster;
$poster_ids[] = $cur_poster['poster_id'];
}
$posters[] = $cur_poster;
$poster_ids[] = $cur_poster['poster_id'];
}
if (!empty($posters))
{
$result = $db->query('SELECT u.id, u.username, u.email, u.title, u.num_posts, u.admin_note, g.g_id, g.g_user_title FROM '.$db->prefix.'users AS u INNER JOIN '.$db->prefix.'groups AS g ON g.g_id=u.group_id WHERE u.id>1 AND u.id IN('.implode(',', $poster_ids).')') or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());
$user_data = array();
@ -363,10 +365,10 @@ else if (isset($_POST['move_users']) || isset($_POST['move_users_comply']))
<div class="blockform">
<h2><span><?php echo $lang_admin_users['Move users'] ?></span></h2>
<div class="box">
<form name="confirm_move_users" method="post" action="admin_users.php">
<input type="hidden" name="users" value="<?php echo implode(',', $user_ids) ?>" />
<input type="hidden" name="csrf_hash" value="<?php echo csrf_hash() ?>" />
<form method="post" action="admin_users.php">
<div class="inform">
<input type="hidden" name="users" value="<?php echo implode(',', $user_ids) ?>" />
<input type="hidden" name="csrf_hash" value="<?php echo csrf_hash() ?>" />
<fieldset>
<legend><?php echo $lang_admin_users['Move users subhead'] ?></legend>
<div class="infldset">
@ -474,20 +476,18 @@ else if (isset($_POST['delete_users']) || isset($_POST['delete_users_comply']))
// Find all posts made by this user
$result = $db->query('SELECT p.id, p.topic_id, t.forum_id FROM '.$db->prefix.'posts AS p INNER JOIN '.$db->prefix.'topics AS t ON t.id=p.topic_id INNER JOIN '.$db->prefix.'forums AS f ON f.id=t.forum_id WHERE p.poster_id IN ('.implode(',', $user_ids).')') or error('Unable to fetch posts', __FILE__, __LINE__, $db->error());
if ($db->num_rows($result))
while ($cur_post = $db->fetch_assoc($result))
{
while ($cur_post = $db->fetch_assoc($result))
{
// Determine whether this post is the "topic post" or not
$result2 = $db->query('SELECT id FROM '.$db->prefix.'posts WHERE topic_id='.$cur_post['topic_id'].' ORDER BY posted LIMIT 1') or error('Unable to fetch post info', __FILE__, __LINE__, $db->error());
// Determine whether this post is the "topic post" or not
$result2 = $db->query('SELECT id FROM '.$db->prefix.'posts WHERE topic_id='.$cur_post['topic_id'].' ORDER BY posted LIMIT 1') or error('Unable to fetch post info', __FILE__, __LINE__, $db->error());
if ($db->result($result2) == $cur_post['id'])
delete_topic($cur_post['topic_id']);
else
delete_post($cur_post['id'], $cur_post['topic_id']);
if ($db->result($result2) == $cur_post['id'])
delete_topic($cur_post['topic_id']);
else
delete_post($cur_post['id'], $cur_post['topic_id']);
update_forum($cur_post['forum_id']);
}
update_forum($cur_post['forum_id']);
}
}
else
@ -527,10 +527,10 @@ else if (isset($_POST['delete_users']) || isset($_POST['delete_users_comply']))
<div class="blockform">
<h2><span><?php echo $lang_admin_users['Delete users'] ?></span></h2>
<div class="box">
<form name="confirm_del_users" method="post" action="admin_users.php">
<input type="hidden" name="users" value="<?php echo implode(',', $user_ids) ?>" />
<input type="hidden" name="csrf_hash" value="<?php echo csrf_hash() ?>" />
<form method="post" action="admin_users.php">
<div class="inform">
<input type="hidden" name="users" value="<?php echo implode(',', $user_ids) ?>" />
<input type="hidden" name="csrf_hash" value="<?php echo csrf_hash() ?>" />
<fieldset>
<legend><?php echo $lang_admin_users['Confirm delete legend'] ?></legend>
<div class="infldset">
@ -654,10 +654,10 @@ else if (isset($_POST['ban_users']) || isset($_POST['ban_users_comply']))
<div class="blockform">
<h2><span><?php echo $lang_admin_users['Ban users'] ?></span></h2>
<div class="box">
<form id="bans2" name="confirm_ban_users" method="post" action="admin_users.php">
<input type="hidden" name="users" value="<?php echo implode(',', $user_ids) ?>" />
<input type="hidden" name="csrf_hash" value="<?php echo csrf_hash() ?>" />
<form id="bans2" method="post" action="admin_users.php">
<div class="inform">
<input type="hidden" name="users" value="<?php echo implode(',', $user_ids) ?>" />
<input type="hidden" name="csrf_hash" value="<?php echo csrf_hash() ?>" />
<fieldset>
<legend><?php echo $lang_admin_users['Message expiry subhead'] ?></legend>
<div class="infldset">
@ -794,7 +794,7 @@ else if (isset($_GET['find_user']))
{
if ($input != '' && in_array($key, array('username', 'email', 'title', 'realname', 'gender', 'url', 'jabber', 'icq', 'msn', 'aim', 'yahoo', 'location', 'signature', 'admin_note'))) // мод пола - Visman
{
$conditions[] = 'u.'.$db->escape($key).' '.$like_command.' \''.$db->escape(str_replace('*', '%', $input)).'\'';
$conditions[] = 'u.'.$db->escape($key).' '.$like_command.' \''.$db->escape(str_replace(array('*', '_'), array('%', '\\_'), $input)).'\'';
$query_str[] = 'form%5B'.$key.'%5D='.urlencode($input);
}
}
@ -853,10 +853,10 @@ else if (isset($_GET['find_user']))
<form id="search-users-form" action="admin_users.php" method="post">
<input type="hidden" name="csrf_hash" value="<?php echo csrf_hash() ?>" />
<div id="users2" class="blocktable">
<h2><span><?php echo $lang_admin_users['Results head'] ?></span></h2>
<div class="box">
<input type="hidden" name="csrf_hash" value="<?php echo csrf_hash() ?>" />
<div class="inbox">
<table>
<thead>
@ -875,9 +875,11 @@ else if (isset($_GET['find_user']))
<?php
$result = $db->query('SELECT u.id, u.username, u.email, u.title, u.num_posts, u.admin_note, g.g_id, g.g_user_title FROM '.$db->prefix.'users AS u LEFT JOIN '.$db->prefix.'groups AS g ON g.g_id=u.group_id WHERE u.id>1'.(!empty($conditions) ? ' AND '.implode(' AND ', $conditions) : '').' ORDER BY '.$db->escape($order_by).' '.$db->escape($direction).' LIMIT '.$start_from.', 50') or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());
if ($db->num_rows($result))
$user_data = $db->fetch_assoc($result);
if (is_array($user_data))
{
while ($user_data = $db->fetch_assoc($result))
do
{
$user_title = get_title($user_data);
@ -901,6 +903,7 @@ else if (isset($_GET['find_user']))
<?php
}
while ($user_data = $db->fetch_assoc($result));
}
else
echo "\t\t\t\t".'<tr><td class="tcl" colspan="6">'.$lang_admin_users['No match'].'</td></tr>'."\n";

11
cache/.htaccess vendored
View file

@ -1,4 +1,7 @@
<Limit GET POST PUT>
Order Allow,Deny
Deny from All
</Limit>
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
Order Allow,Deny
Deny from All
</IfModule>

22
composer.json Normal file
View file

@ -0,0 +1,22 @@
{
"name": "miovisman/fluxbb_by_visman",
"description": "My modification of FluxBB",
"type": "project",
"license": "GPL 2.0",
"authors": [
{
"name": "Visman",
"email": "mio.visman@yandex.ru",
"homepage": "https://github.com/MioVisman"
}
],
"autoload": {
"psr-4": {
"FbV\\": "include/class/"
}
},
"require": {
"php": ">=5.6.12",
"miovisman/parserus": "dev-master"
}
}

65
composer.lock generated Normal file
View file

@ -0,0 +1,65 @@
{
"_readme": [
"This file locks the dependencies of your project to a known state",
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file",
"This file is @generated automatically"
],
"hash": "3db732e6232da3bbd257c5b27ee2cdd2",
"content-hash": "c7a8634939b62dea638e34af509b91e3",
"packages": [
{
"name": "miovisman/parserus",
"version": "dev-master",
"source": {
"type": "git",
"url": "https://github.com/MioVisman/Parserus.git",
"reference": "ac9a8fa047083229f7e50df0342fd3871cdbe931"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/MioVisman/Parserus/zipball/ac9a8fa047083229f7e50df0342fd3871cdbe931",
"reference": "ac9a8fa047083229f7e50df0342fd3871cdbe931",
"shasum": ""
},
"require": {
"php": ">=5.4.0"
},
"type": "library",
"autoload": {
"psr-0": {
"Parserus": ""
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"authors": [
{
"name": "Visman",
"email": "mio.visman@yandex.ru",
"homepage": "https://github.com/MioVisman"
}
],
"description": "BBCode parser.",
"homepage": "https://github.com/MioVisman/Parserus",
"keywords": [
"bbcode",
"parser"
],
"time": "2019-10-11 12:06:27"
}
],
"packages-dev": [],
"aliases": [],
"minimum-stability": "stable",
"stability-flags": {
"miovisman/parserus": 20
},
"prefer-stable": false,
"prefer-lowest": false,
"platform": {
"php": ">=5.6.12"
},
"platform-dev": []
}

1254
db_update.php
View file

File diff suppressed because it is too large Load diff

14
delete.php
View file

@ -20,11 +20,11 @@ if ($id < 1)
// Fetch some info about the post, the topic and the forum
$result = $db->query('SELECT f.id AS fid, f.forum_name, f.moderators, f.redirect_url, f.no_sum_mess, fp.post_replies, fp.post_topics, t.id AS tid, t.subject, t.first_post_id, t.closed, p.posted, p.poster, p.poster_id, p.message, p.hide_smilies FROM '.$db->prefix.'posts AS p INNER JOIN '.$db->prefix.'topics AS t ON t.id=p.topic_id INNER JOIN '.$db->prefix.'forums AS f ON f.id=t.forum_id LEFT JOIN '.$db->prefix.'forum_perms AS fp ON (fp.forum_id=f.id AND fp.group_id='.$pun_user['g_id'].') WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND p.id='.$id) or error('Unable to fetch post info', __FILE__, __LINE__, $db->error()); // not sum - f.no_sum_mess, - Visman
if (!$db->num_rows($result))
message($lang_common['Bad request'], false, '404 Not Found');
$cur_post = $db->fetch_assoc($result);
if (!$cur_post)
message($lang_common['Bad request'], false, '404 Not Found');
// MOD subforums - Visman
if (!isset($sf_array_asc[$cur_post['fid']]))
message($lang_common['Bad request'], false, '404 Not Found');
@ -77,7 +77,7 @@ if (isset($_POST['delete']))
// Delete just this one post
delete_post($id, $cur_post['tid']);
update_forum($cur_post['fid']);
// При удалении одиночного сообщения, уменьшим кол-во сообщений у пользователя - Visman
// not sum - Visman
if ($cur_post['no_sum_mess'] == 0 && $cur_post['poster_id'] > 1)
@ -96,8 +96,8 @@ $page_title = array(pun_htmlspecialchars($pun_config['o_board_title']), $lang_de
define ('PUN_ACTIVE_PAGE', 'index');
require PUN_ROOT.'header.php';
require PUN_ROOT.'include/parser.php';
$cur_post['message'] = parse_message($cur_post['message'], $cur_post['hide_smilies']);
$parser = new FbV\Parser($pun_config, $pun_user, $lang_common);
$cur_post['message'] = $parser->parseMessage($cur_post['message'], (bool) $cur_post['hide_smilies']);
?>
<div class="linkst">
@ -115,8 +115,8 @@ $cur_post['message'] = parse_message($cur_post['message'], $cur_post['hide_smili
<h2><span><?php echo $lang_delete['Delete post'] ?></span></h2>
<div class="box">
<form method="post" action="delete.php?id=<?php echo $id ?>">
<input type="hidden" name="csrf_hash" value="<?php echo csrf_hash() ?>" />
<div class="inform">
<input type="hidden" name="csrf_hash" value="<?php echo csrf_hash() ?>" />
<div class="forminfo">
<h3><span><?php printf($is_topic_post ? $lang_delete['Topic by'] : $lang_delete['Reply by'], '<strong>'.pun_htmlspecialchars($cur_post['poster']).'</strong>', format_time($cur_post['posted'])) ?></span></h3>
<p><?php echo ($is_topic_post) ? '<strong>'.$lang_delete['Topic warning'].'</strong>' : '<strong>'.$lang_delete['Warning'].'</strong>' ?><br /><?php echo $lang_delete['Delete info'] ?></p>

26
edit.php
View file

@ -21,11 +21,11 @@ if ($id < 1)
// MOD last topic on index - f.last_post_id, - мод ограничения времени редактирвания, добавил p.posted as pposted, p.edit_post - StickFP Add t.stick_fp, - MOD warnings Add , w.message AS warning - t.poll_type, t.poll_time, t.poll_term, t.poll_kol, - Visman
// Fetch some info about the post, the topic and the forum
$result = $db->query('SELECT f.id AS fid, f.forum_name, f.moderators, f.redirect_url, fp.post_replies, fp.post_topics, f.last_post_id, t.id AS tid, t.stick_fp, t.subject, t.posted, t.first_post_id, t.sticky, t.closed, t.poll_type, t.poll_time, t.poll_term, t.poll_kol, p.poster, p.poster_id, p.message, p.hide_smilies, p.posted as pposted, p.edit_post, w.message AS warning FROM '.$db->prefix.'posts AS p INNER JOIN '.$db->prefix.'topics AS t ON t.id=p.topic_id INNER JOIN '.$db->prefix.'forums AS f ON f.id=t.forum_id LEFT JOIN '.$db->prefix.'warnings AS w ON p.id=w.id LEFT JOIN '.$db->prefix.'forum_perms AS fp ON (fp.forum_id=f.id AND fp.group_id='.$pun_user['g_id'].') WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND p.id='.$id) or error('Unable to fetch post info', __FILE__, __LINE__, $db->error());
if (!$db->num_rows($result))
message($lang_common['Bad request'], false, '404 Not Found');
$cur_post = $db->fetch_assoc($result);
if (!$cur_post)
message($lang_common['Bad request'], false, '404 Not Found');
// MOD subforums - Visman
if (!isset($sf_array_asc[$cur_post['fid']]))
message($lang_common['Bad request'], false, '404 Not Found');
@ -88,7 +88,7 @@ if (isset($_POST['form_sent']))
$errors[] = $lang_post['No subject after censoring'];
poll_form_validate($cur_post['tid'], $errors);
} else { // MOD warnings - Visman
$subject = $cur_post['subject'];
}
@ -105,8 +105,9 @@ if (isset($_POST['form_sent']))
// Validate BBCode syntax
if ($pun_config['p_message_bbcode'] == '1')
{
require PUN_ROOT.'include/parser.php';
$message = preparse_bbcode($message, $errors);
$parser = new FbV\Parser($pun_config, $pun_user, $lang_common);
$message = $parser->prepare($message);
$errors = $parser->getErrors($lang_common['errors'], $errors);
}
if (empty($errors))
@ -128,9 +129,6 @@ if (isset($_POST['form_sent']))
if (!$is_admmod)
$stick_topic = $cur_post['sticky'];
// Replace four-byte characters (MySQL cannot handle them)
$message = strip_bad_multibyte_chars($message);
// Visman
$edit_post = isset($_POST['editpost']) ? '1' : '0';
if ($pun_user['g_id'] != PUN_ADMIN)
@ -162,10 +160,10 @@ if (isset($_POST['form_sent']))
{
// Update the topic and any redirect topics
$db->query('UPDATE '.$db->prefix.'topics SET stick_fp='.$stick_fp.', subject=\''.$db->escape($subject).'\', sticky='.$stick_topic.' WHERE id='.$cur_post['tid'].' OR moved_to='.$cur_post['tid']) or error('Unable to update topic', __FILE__, __LINE__, $db->error());
// Is the current topic last? - last topic on index - Visman
$result = $db->query('SELECT 1 FROM '.$db->prefix.'posts WHERE id='.$cur_post['last_post_id'].' AND topic_id='.$cur_post['tid']);
if ($db->num_rows($result))
if ($db->result($result))
$db->query('UPDATE '.$db->prefix.'forums SET last_topic=\''.$db->escape($subject).'\' WHERE id='.$cur_post['fid']) or error('Unable to update last topic', __FILE__, __LINE__, $db->error());
// We changed the subject, so we need to take that into account when we update the search words
@ -259,8 +257,10 @@ if (!empty($errors))
}
else if (isset($_POST['preview']))
{
require_once PUN_ROOT.'include/parser.php';
$preview_message = parse_message($message, $hide_smilies);
if (! isset($parser)) {
$parser = new FbV\Parser($pun_config, $pun_user, $lang_common);
}
$preview_message = $parser->parseMessage($message, (bool) $hide_smilies);
?>
<div id="postpreview" class="blockpost">

48
extern.php
View file

@ -113,10 +113,7 @@ function output_rss($feed)
global $lang_common, $pun_config;
// Send XML/no cache headers
header('Content-Type: application/xml; charset=utf-8');
header('Expires: '.gmdate('D, d M Y H:i:s').' GMT');
header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
header('Pragma: public');
forum_http_headers('application/xml');
echo '<?xml version="1.0" encoding="utf-8"?>'."\n";
echo '<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">'."\n";
@ -158,10 +155,7 @@ function output_atom($feed)
global $lang_common, $pun_config;
// Send XML/no cache headers
header('Content-Type: application/atom+xml; charset=utf-8');
header('Expires: '.gmdate('D, d M Y H:i:s').' GMT');
header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
header('Pragma: public');
forum_http_headers('application/atom+xml');
echo '<?xml version="1.0" encoding="utf-8"?>'."\n";
echo '<feed xmlns="http://www.w3.org/2005/Atom">'."\n";
@ -214,10 +208,7 @@ function output_xml($feed)
global $lang_common, $pun_config;
// Send XML/no cache headers
header('Content-Type: application/xml; charset=utf-8');
header('Expires: '.gmdate('D, d M Y H:i:s').' GMT');
header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
header('Pragma: public');
forum_http_headers('application/xml');
echo '<?xml version="1.0" encoding="utf-8"?>'."\n";
echo '<source>'."\n";
@ -258,10 +249,7 @@ function output_html($feed)
{
// Send the Content-type header in case the web server is setup to send something else
header('Content-type: text/html; charset=utf-8');
header('Expires: '.gmdate('D, d M Y H:i:s').' GMT');
header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
header('Pragma: public');
forum_http_headers();
foreach ($feed['items'] as $item)
{
@ -277,7 +265,7 @@ function output_html($feed)
// Show recent discussions
if ($action == 'feed')
{
require PUN_ROOT.'include/parser.php';
$parser = new FbV\Parser($pun_config, $pun_user, $lang_common);
// Determine what type of feed to output
$type = isset($_GET['type']) ? strtolower($_GET['type']) : 'html';
@ -295,14 +283,14 @@ if ($action == 'feed')
// Fetch topic subject
$result = $db->query('SELECT t.subject, t.first_post_id FROM '.$db->prefix.'topics AS t LEFT JOIN '.$db->prefix.'forum_perms AS fp ON (fp.forum_id=t.forum_id AND fp.group_id='.$pun_user['g_id'].') WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND t.moved_to IS NULL AND t.id='.$tid) or error('Unable to fetch topic info', __FILE__, __LINE__, $db->error());
if (!$db->num_rows($result))
$cur_topic = $db->fetch_assoc($result);
if (!$cur_topic)
{
http_authenticate_user();
exit($lang_common['Bad request']);
}
$cur_topic = $db->fetch_assoc($result);
if ($pun_config['o_censoring'] == '1')
$cur_topic['subject'] = censor_words($cur_topic['subject']);
@ -319,7 +307,7 @@ if ($action == 'feed')
$result = $db->query('SELECT p.id, p.poster, p.message, p.hide_smilies, p.posted, p.poster_id, u.email_setting, u.email, p.poster_email FROM '.$db->prefix.'posts AS p INNER JOIN '.$db->prefix.'users AS u ON u.id=p.poster_id WHERE p.topic_id='.$tid.' ORDER BY p.posted DESC LIMIT '.$show) or error('Unable to fetch post info', __FILE__, __LINE__, $db->error());
while ($cur_post = $db->fetch_assoc($result))
{
$cur_post['message'] = parse_message($cur_post['message'], $cur_post['hide_smilies']);
$cur_post['message'] = $parser->parseMessage($cur_post['message'], (bool) $cur_post['hide_smilies']);
$item = array(
'id' => $cur_post['id'],
@ -367,8 +355,10 @@ if ($action == 'feed')
{
// Fetch forum name
$result = $db->query('SELECT f.forum_name FROM '.$db->prefix.'forums AS f LEFT JOIN '.$db->prefix.'forum_perms AS fp ON (fp.forum_id=f.id AND fp.group_id='.$pun_user['g_id'].') WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND f.id='.$fids[0]) or error('Unable to fetch forum name', __FILE__, __LINE__, $db->error());
if ($db->num_rows($result))
$forum_name = $lang_common['Title separator'].$db->result($result);
$forum = $db->fetch_row($result);
if (is_array($forum))
$forum_name = $lang_common['Title separator'].$forum[0];
}
}
@ -409,7 +399,7 @@ if ($action == 'feed')
if ($pun_config['o_censoring'] == '1')
$cur_topic['subject'] = censor_words($cur_topic['subject']);
$cur_topic['message'] = parse_message($cur_topic['message'], $cur_topic['hide_smilies']);
$cur_topic['message'] = $parser->parseMessage($cur_topic['message'], (bool) $cur_topic['hide_smilies']);
$item = array(
'id' => $cur_topic['id'],
@ -492,10 +482,7 @@ else if ($action == 'online' || $action == 'online_full')
}
// Send the Content-type header in case the web server is setup to send something else
header('Content-type: text/html; charset=utf-8');
header('Expires: '.gmdate('D, d M Y H:i:s').' GMT');
header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
header('Pragma: public');
forum_http_headers();
echo sprintf($lang_index['Guests online'], forum_number_format($num_guests)).'<br />'."\n";
@ -530,10 +517,7 @@ else if ($action == 'stats')
list($stats['total_topics'], $stats['total_posts']) = $db->fetch_row($result);
// Send the Content-type header in case the web server is setup to send something else
header('Content-type: text/html; charset=utf-8');
header('Expires: '.gmdate('D, d M Y H:i:s').' GMT');
header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
header('Pragma: public');
forum_http_headers();
echo sprintf($lang_index['No of users'], forum_number_format($stats['total_users'])).'<br />'."\n";
echo sprintf($lang_index['Newest user'], (($pun_user['g_view_users'] == '1') ? '<a href="'.pun_htmlspecialchars(get_base_url(true)).'/profile.php?id='.$stats['last_user']['id'].'">'.pun_htmlspecialchars($stats['last_user']['username']).'</a>' : pun_htmlspecialchars($stats['last_user']['username']))).'<br />'."\n";

12
footer.php
View file

@ -18,6 +18,7 @@ ob_end_clean();
// START SUBST - <pun_footer>
ob_start();
require PUN_ROOT.'include/uploadf.php'; // Upload mod - Visman
// START быстрое переключение языка - Visman
if (!isset($languages) || !is_array($languages))
@ -36,7 +37,7 @@ if (count($languages) > 1)
}
$lang_temp .= "\t\t\t\t\t\t".'</select></label>'."\n\t\t\t\t\t\t".'<input id="qjump2input" type="submit" value="'.$lang_common['Go'].'" />'."\n\t\t\t\t\t".'</div>'."\n\t\t\t\t".'</form>'."\n";
$page_js['c'][] = 'document.getElementById("qjump2input").style.display = "none";';
$page_js['c'][] = 'if (document.getElementById("qjump2input")) document.getElementById("qjump2input").style.display = "none";';
}
// END быстрое переключение языка - Visman
@ -101,7 +102,7 @@ if ($pun_config['o_quickjump'] == '1')
generate_quickjump_cache($pun_user['g_id']);
require FORUM_CACHE_DIR.'cache_quickjump_'.$pun_user['g_id'].'.php';
}
$page_js['c'][] = 'document.getElementById("qjump").getElementsByTagName("div")[0].getElementsByTagName("input")[0].style.display = "none";'; // Visman - скрываем кнопку перехода при включенном js
$page_js['c'][] = 'if (document.getElementById("qjump")) document.getElementById("qjump").getElementsByTagName("div")[0].getElementsByTagName("input")[0].style.display = "none";'; // Visman - скрываем кнопку перехода при включенном js
}
echo $lang_temp; // быстрое переключение языка - Visman
@ -137,7 +138,7 @@ else if ($footer_style == 'viewtopic')
}
?>
<p id="poweredby"><?php printf($lang_common['Powered by'], '<a href="http://fluxbb.org/">FluxBB</a>'.(($pun_config['o_show_version'] == '1') ? ' '.$pun_config['o_cur_version'] : '')) ?></p>
<p id="poweredby"><?php printf($lang_common['Powered by'], '<a href="https://fluxbb.org/">FluxBB</a>'.(($pun_config['o_show_version'] == '1') ? ' '.$pun_config['o_cur_version'] : '')) ?></p>
</div>
<div class="clearer"></div>
</div>
@ -181,7 +182,10 @@ ob_end_clean();
// Close the db connection (and free up any result data)
$db->close();
if (isset($page_js))
if (isset($parser)) {
$page_js = $parser->mergeJs($page_js);
}
if (! empty($page_js))
$tpl_main = str_replace('<!-- forum_javascript -->', generation_js($page_js), $tpl_main);
// Spit out the page

13
header.php
View file

@ -9,15 +9,10 @@
// Make sure no one attempts to run this script "directly"
if (!defined('PUN'))
exit;
// Send no-cache headers
header('Expires: Thu, 21 Jul 1977 07:30:00 GMT'); // When yours truly first set eyes on this world! :)
header('Last-Modified: '.gmdate('D, d M Y H:i:s').' GMT');
header('Cache-Control: post-check=0, pre-check=0', false);
header('Pragma: no-cache'); // For HTTP/1.0 compatibility
// Send no-cache headers
// Send the Content-type header in case the web server is setup to send something else
header('Content-type: text/html; charset=utf-8');
forum_http_headers();
// Prevent site from being embedded in a frame unless FORUM_FRAME_OPTIONS is set
// to a valid X-Frame-Options header value or false
@ -154,11 +149,11 @@ function process_form(the_form)
}
require PUN_ROOT.'include/fancybox.php';
// New PMS - Visman
require PUN_ROOT.'include/pms_new/pmsnheader.php';
require PUN_ROOT.'include/fancybox.php';
if (!empty($page_head))
echo implode("\n", $page_head)."\n";

14
help.php
View file

@ -136,7 +136,19 @@ require PUN_ROOT.'header.php';
<?php
// Display the smiley set
require PUN_ROOT.'include/parser.php';
if (!isset($smilies))
{
if (file_exists(FORUM_CACHE_DIR.'cache_smilies.php'))
include FORUM_CACHE_DIR.'cache_smilies.php';
else
{
if (!defined('FORUM_CACHE_FUNCTIONS_LOADED'))
require PUN_ROOT.'include/cache.php';
generate_smiley_cache();
require FORUM_CACHE_DIR.'cache_smilies.php';
}
}
$smiley_groups = array();

80
img/members/.htaccess
View file

@ -1,18 +1,72 @@
Options -Indexes -ExecCGI
# ----------------------------------------------------------------------
# If something is broken, then see the apache config for your site,
# the AllowOverride directive https://httpd.apache.org/docs/2.4/mod/core.html#allowoverride
# ----------------------------------------------------------------------
php_flag engine 0
# ----------------------------------------------------------------------
# Disable directory listing.
#-----------------------------------------------------------------------
RemoveHandler .phtml .php .php3 .php4 .php5 .php6 .php7 .phps .cgi .exe .pl .asp .aspx .shtml .shtm .fcgi .fpl .jsp .htm .html .wml
AddType text/plain .phtml .php .php3 .php4 .php5 .php6 .php7 .phps .cgi .exe .pl .asp .aspx .shtml .shtm .fcgi .fpl .jsp .htm .html .wml
<IfModule mod_autoindex.c>
Options -Indexes
</IfModule>
# ----------------------------------------------------------------------
# Disable CGI script execution.
#-----------------------------------------------------------------------
<IfModule mod_cgi.c>
Options -ExecCGI
</IfModule>
<IfModule mod_cgid.c>
Options -ExecCGI
</IfModule>
<IfModule mod_fcgid.c>
Options -ExecCGI
</IfModule>
# ----------------------------------------------------------------------
# Disable PHP script execution if php as apache module.
# If your php has a module name other than "mod_php", "mod_php_null",
# "mod_php5" and "mod_php7", then add here one more condition with your name.
#-----------------------------------------------------------------------
<IfModule mod_php.c>
php_flag engine 0
</IfModule>
<IfModule mod_php_null.c>
php_flag engine 0
</IfModule>
<IfModule mod_php5.c>
php_flag engine 0
</IfModule>
<IfModule mod_php7.c>
php_flag engine 0
</IfModule>
# ----------------------------------------------------------------------
# Treat these files as plain text.
# ----------------------------------------------------------------------
<IfModule mod_mime.c>
RemoveHandler .asmx .asp .aspx .cgi .dll .exe .fcgi .fpl .htm .html .js .jsp .php .php3 .php4 .php5 .php6 .php7 .phar .phps .phtm .phtml .pl .py .rb .shtm .shtml .wml .xml
AddType text/plain .asmx .asp .aspx .cgi .dll .exe .fcgi .fpl .htm .html .js .jsp .php .php3 .php4 .php5 .php6 .php7 .phar .phps .phtm .phtml .pl .py .rb .shtm .shtml .wml .xml
</IfModule>
# ----------------------------------------------------------------------
# All files are given through the default handler for static content (Disable script execution).
# ----------------------------------------------------------------------
SetHandler default-handler
# ----------------------------------------------------------------------
# Show nofile.gif instead of missing files.
# ----------------------------------------------------------------------
<IfModule mod_rewrite.c>
RewriteEngine On
# Uncomment and properly set the RewriteBase if the rewrite rules are not working properly
#RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule .* nofile.gif [L]
RewriteEngine On
# Uncomment and properly set the RewriteBase if the rewrite rules are not working properly
# RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule .* nofile.gif [L]
</IfModule>

13
include/bbcode.inc.php
View file

@ -40,14 +40,6 @@ foreach ($smilies as $smileyt => $smileyi)
$bbres = '<style type="text/css">div.grippie {background:#EEEEEE url(img/grippie.png) no-repeat scroll center 2px;border-color:#DDDDDD;border-style:solid;border-width:0pt 1px 1px;cursor:s-resize;height:9px;overflow:hidden;} .resizable-textarea textarea {display:block;margin-bottom:0pt;width:95%;height: 20%;}</style>';
$tpl_main = str_replace('</head>', $bbres."\n".'</head>', $tpl_main);
// mod upload
$bbflagup = 0;
if (!$pun_user['is_guest'] && !empty($pun_user['g_up_ext']))
{
if ($pun_user['g_id'] == PUN_ADMIN || ($pun_user['g_up_limit'] > 0 && $pun_user['g_up_max'] > 0))
$bbflagup = 1;
}
$page_js['j'] = 1; // for resize textarea :(
$page_js['f']['bbcode'] = 'js/post.js';
$page_js['c'][] = 'if (typeof FluxBB === \'undefined\' || !FluxBB) {var FluxBB = {};}
@ -55,9 +47,8 @@ FluxBB.vars = {
bbDir: "'.$btndir.'",
bbGuest: '.($pun_user['is_guest'] ? 1 : 0).',
bbCIndex: '.$cur_index.',
bbFlagUp: '.$bbflagup.',
bbSmImg: ['.implode(',',$smil_i).'],
bbSmTxt: ['.implode(',',$smil_t).']
bbSmImg: ['.implode(',', $smil_i).'],
bbSmTxt: ['.implode(',', $smil_t).']
};
FluxBB.post.init();';

513
include/bbcode/bbcode.dist.php Normal file
View file

@ -0,0 +1,513 @@
<?php
return [
[
'tag' => 'ROOT',
'type' => 'block',
'handler' => function($body) {
// Replace any breaks next to paragraphs so our replace below catches them
$body = preg_replace('%(</?p>)(?:\s*<br />){1,2}%', '$1', '<p>' . $body . '</p>');
$body = preg_replace('%(?:<br />\s*){1,2}(</?p>)%', '$1', $body);
// Remove any empty paragraph tags (inserted via quotes/lists/code/etc) which should be stripped
$body = str_replace('<p></p>', '', $body);
$body = preg_replace('%<br />\s*<br />%', '</p><p>', $body);
$body = str_replace('<p><br />', '<br /><p>', $body);
$body = str_replace('<br /></p>', '</p><br />', $body);
$body = str_replace('<p></p>', '<br /><br />', $body);
return $body;
},
],
[
'tag' => 'code',
'type' => 'block',
'recursive' => true,
'text only' => true,
'pre' => true,
'attrs' => [
'Def' => true,
'no attr' => true,
],
'handler' => function($body, $attrs) {
$body = trim($body, "\n\r");
$class = substr_count($body, "\n") > 28 ? ' class="vscroll"' : '';
return '</p><div class="codebox"><pre' . $class . '><code>' . $body . '</code></pre></div><p>';
},
],
[
'tag' => 'b',
'handler' => function($body) {
return '<strong>' . $body . '</strong>';
},
],
[
'tag' => 'i',
'handler' => function($body) {
return '<em>' . $body . '</em>';
},
],
[
'tag' => 'em',
'handler' => function($body) {
return '<em>' . $body . '</em>';
},
],
[
'tag' => 'u',
'handler' => function($body) {
return '<span class="bbu">' . $body . '</span>';
},
],
[
'tag' => 's',
'handler' => function($body) {
return '<span class="bbs">' . $body . '</span>';
},
],
[
'tag' => 'del',
'handler' => function($body) {
return '<del>' . $body . '</del>';
},
],
[
'tag' => 'ins',
'handler' => function($body) {
return '<ins>' . $body . '</ins>';
},
],
[
'tag' => 'h',
'type' => 'h',
'handler' => function($body) {
return '</p><h5>' . $body . '</h5><p>';
},
],
[
'tag' => 'hr',
'type' => 'block',
'single' => true,
'handler' => function() {
return '</p><hr /><p>';
},
],
[
'tag' => 'color',
'self nesting' => 5,
'attrs' => [
'Def' => [
'format' => '%^(?:\#(?:[\dA-Fa-f]{3}){1,2}|(?:aqua|black|blue|fuchsia|gray|green|lime|maroon|navy|olive|orange|purple|red|silver|teal|yellow|white))$%',
],
],
'handler' => function($body, $attrs) {
return '<span style="color:' . $attrs['Def'] . ';">' . $body . '</span>';
},
],
[
'tag' => 'colour',
'self nesting' => 5,
'attrs' => [
'Def' => [
'format' => '%^(?:\#(?:[\dA-Fa-f]{3}){1,2}|(?:aqua|black|blue|fuchsia|gray|green|lime|maroon|navy|olive|orange|purple|red|silver|teal|yellow|white))$%',
],
],
'handler' => function($body, $attrs) {
return '<span style="color:' . $attrs['Def'] . ';">' . $body . '</span>';
},
],
[
'tag' => 'size',
'self nesting' => 5,
'attrs' => [
'Def' => [
'format' => '%^[1-9]\d{0,2}(?:em|ex|pt|px|\%)?$%',
],
],
'handler' => function($body, $attrs) {
if (is_numeric($attrs['Def'])) {
$attrs['Def'] .= 'px';
}
return '<span style="font-size:' . $attrs['Def'] . ';">' . $body . '</span>';
},
],
[
'tag' => 'right',
'type' => 'block',
'handler' => function($body) {
return '</p><p style="text-align: right;">' . $body . '</p><p>';
},
],
[
'tag' => 'center',
'type' => 'block',
'handler' => function($body) {
return '</p><p style="text-align: center;">' . $body . '</p><p>';
},
],
[
'tag' => 'justify',
'type' => 'block',
'handler' => function($body) {
return '</p><p style="text-align: justify;">' . $body . '</p><p>';
},
],
[
'tag' => 'mono',
'handler' => function($body) {
return '<code>' . $body . '</code>';
},
],
[
'tag' => 'email',
'type' => 'email',
'attrs' => [
'Def' => [
'format' => '%^[^\x00-\x1f\s]+?@[^\x00-\x1f\s]+$%',
],
'no attr' => [
'body format' => '%^[^\x00-\x1f\s]+?@[^\x00-\x1f\s]+$%D',
'text only' => true,
],
],
'handler' => function($body, $attrs) {
if (empty($attrs['Def'])) {
return '<a href="mailto:' . $body . '">' . $body . '</a>';
} else {
return '<a href="mailto:' . $attrs['Def'] . '">' . $body . '</a>';
}
},
],
[
'tag' => '*',
'type' => 'block',
'self nesting' => 5,
'parents' => ['list'],
'auto' => true,
'handler' => function($body) {
return '<li><p>' . $body . '</p></li>';
},
],
[
'tag' => 'list',
'type' => 'list',
'self nesting' => 5,
'tags only' => true,
'attrs' => [
'Def' => true,
'no attr' => true,
],
'handler' => function($body, $attrs) {
if (!isset($attrs['Def'])) {
$attrs['Def'] = '*';
}
switch ($attrs['Def'][0]) {
case 'a':
return '</p><ol class="alpha">' . $body . '</ol><p>';
case '1':
return '</p><ol class="decimal">' . $body . '</ol><p>';
default:
return '</p><ul>' . $body . '</ul><p>';
}
},
],
[
'tag' => 'after',
'type' => 'block',
'single' => true,
'attrs' => [
'Def' => [
'format' => '%^\d+$%',
],
],
'handler' => function($body, $attrs, $parser) {
$lang = $parser->attr('lang');
$arr = array();
$sec = $attrs['Def'] % 60;
$min = ($attrs['Def'] / 60) % 60;
$hours = ($attrs['Def'] / 3600) % 24;
$days = (int) ($attrs['Def'] / 86400);
if ($days > 0) {
$arr[] = $days . $lang['After time d'];
}
if ($hours > 0) {
$arr[] = $hours . $lang['After time H'];
}
if ($min > 0) {
$arr[] = (($min < 10) ? '0' . $min : $min) . $lang['After time i'];
}
if ($sec > 0) {
$arr[] = (($sec < 10) ? '0' . $sec : $sec) . $lang['After time s'];
}
$attr = $lang['After time'] . ' ' . implode(' ', $arr);
return '<span style="color: #808080"><em>' . $attr . ':</em></span><br />';
},
],
[
'tag' => 'quote',
'type' => 'block',
'self nesting' => 5,
'attrs' => [
'Def' => true,
'no attr' => true,
],
'handler' => function($body, $attrs, $parser) {
if (isset($attrs['Def'])) {
$lang = $parser->attr('lang');
$st = '</p><div class="quotebox"><cite>' . $attrs['Def'] . ' ' . $lang['wrote'] . '</cite><blockquote><div><p>';
} else {
$st = '</p><div class="quotebox"><blockquote><div><p>';
}
return $st . $body . '</p></div></blockquote></div><p>';
},
],
[
'tag' => 'spoiler',
'type' => 'block',
'self nesting' => 5,
'attrs' => [
'Def' => true,
'no attr' => true,
],
'handler' => function($body, $attrs, $parser) {
if (isset($attrs['Def'])) {
$st = '</p><div class="quotebox" style="padding: 0px;"><div onclick="var e,d,c=this.parentNode,a=c.getElementsByTagName(\'div\')[1],b=this.getElementsByTagName(\'span\')[0];if(a.style.display!=\'\'){while(c.parentNode&&(!d||!e||d==e)){e=d;d=(window.getComputedStyle?getComputedStyle(c, null):c.currentStyle)[\'backgroundColor\'];if(d==\'transparent\'||d==\'rgba(0, 0, 0, 0)\')d=e;c=c.parentNode;}a.style.display=\'\';a.style.backgroundColor=d;b.innerHTML=\'&#9650;\';}else{a.style.display=\'none\';b.innerHTML=\'&#9660;\';}" style="font-weight: bold; cursor: pointer; font-size: 0.9em;"><span style="padding: 0 5px;">&#9660;</span>' . $attrs['Def'] . '</div><div style="padding: 6px; margin: 0; display: none;"><p>';
} else {
$lang = $parser->attr('lang');
$st = '</p><div class="quotebox" style="padding: 0px;"><div onclick="var e,d,c=this.parentNode,a=c.getElementsByTagName(\'div\')[1],b=this.getElementsByTagName(\'span\')[0];if(a.style.display!=\'\'){while(c.parentNode&&(!d||!e||d==e)){e=d;d=(window.getComputedStyle?getComputedStyle(c, null):c.currentStyle)[\'backgroundColor\'];if(d==\'transparent\'||d==\'rgba(0, 0, 0, 0)\')d=e;c=c.parentNode;}a.style.display=\'\';a.style.backgroundColor=d;b.innerHTML=\'&#9650;\';}else{a.style.display=\'none\';b.innerHTML=\'&#9660;\';}" style="font-weight: bold; cursor: pointer; font-size: 0.9em;"><span style="padding: 0 5px;">&#9660;</span>' . $lang['Hidden text'] . '</div><div style="padding: 6px; margin: 0; display: none;"><p>';
}
return $st . $body . '</p></div></div><p>';
},
],
[
'tag' => 'img',
'type' => 'img',
'parents' => ['inline', 'block', 'url'],
'text only' => true,
'attrs' => [
'Def' => [
'body format' => '%^(?:(?:ht|f)tps?://[^\x00-\x1f\s<"]+|data:image/[a-z]+;base64,(?:[a-zA-Z\d/\+\=]+))$%D'
],
'no attr' => [
'body format' => '%^(?:(?:ht|f)tps?://[^\x00-\x1f\s<"]+|data:image/[a-z]+;base64,(?:[a-zA-Z\d/\+\=]+))$%D'
],
],
'handler' => function($body, $attrs, $parser) {
if (! isset($attrs['Def'])) {
$attrs['Def'] = (substr($body, 0, 11) === 'data:image/') ? 'base64' : basename($body);
}
// тег в подписи
if ($parser->attr('isSign')) {
if ($parser->attr('showImgSign')) {
return '<img src="' . $body . '" alt="' . $attrs['Def'] . '" class="sigimage" />';
}
// тег в теле сообщения
} else {
if ($parser->attr('showImg')) {
return '<span class="postimg"><img src="' . $body . '" alt="' . $attrs['Def'] . '" /></span>';
}
}
$lang = $parser->attr('lang');
return '<a href="' . $body . '" rel="nofollow">&lt;' . $lang['Image link']. ' - ' . $attrs['Def'] . '&gt;</a>';
},
],
[
'tag' => 'imgr',
'type' => 'img',
'parents' => ['inline', 'block', 'url'],
'text only' => true,
'attrs' => [
'Def' => [
'body format' => '%^(?:(?:ht|f)tps?://[^\x00-\x1f\s<"]+|data:image/[a-z]+;base64,(?:[a-zA-Z\d/\+\=]+))$%D'
],
'no attr' => [
'body format' => '%^(?:(?:ht|f)tps?://[^\x00-\x1f\s<"]+|data:image/[a-z]+;base64,(?:[a-zA-Z\d/\+\=]+))$%D'
],
],
'handler' => function($body, $attrs, $parser) {
if (! isset($attrs['Def'])) {
$attrs['Def'] = (substr($body, 0, 11) === 'data:image/') ? 'base64' : basename($body);
}
// тег в подписи
if ($parser->attr('isSign')) {
if ($parser->attr('showImgSign')) {
return '<img src="' . $body . '" alt="' . $attrs['Def'] . '" class="sigimage" />';
}
// тег в теле сообщения
} else {
if ($parser->attr('showImg')) {
return '<span class="postimg"><img src="' . $body . '" alt="' . $attrs['Def'] . '" style="float: right; clear: right;" /></span>';
}
}
$lang = $parser->attr('lang');
return '<a href="' . $body . '" rel="nofollow">&lt;' . $lang['Image link']. ' - ' . $attrs['Def'] . '&gt;</a>';
},
],
[
'tag' => 'imgl',
'type' => 'img',
'parents' => ['inline', 'block', 'url'],
'text only' => true,
'attrs' => [
'Def' => [
'body format' => '%^(?:(?:ht|f)tps?://[^\x00-\x1f\s<"]+|data:image/[a-z]+;base64,(?:[a-zA-Z\d/\+\=]+))$%D'
],
'no attr' => [
'body format' => '%^(?:(?:ht|f)tps?://[^\x00-\x1f\s<"]+|data:image/[a-z]+;base64,(?:[a-zA-Z\d/\+\=]+))$%D'
],
],
'handler' => function($body, $attrs, $parser) {
if (! isset($attrs['Def'])) {
$attrs['Def'] = (substr($body, 0, 11) === 'data:image/') ? 'base64' : basename($body);
}
// тег в подписи
if ($parser->attr('isSign')) {
if ($parser->attr('showImgSign')) {
return '<img src="' . $body . '" alt="' . $attrs['Def'] . '" class="sigimage" />';
}
// тег в теле сообщения
} else {
if ($parser->attr('showImg')) {
return '<span class="postimg"><img src="' . $body . '" alt="' . $attrs['Def'] . '" style="float: left; clear: left;" /></span>';
}
}
$lang = $parser->attr('lang');
return '<a href="' . $body . '" rel="nofollow">&lt;' . $lang['Image link']. ' - ' . $attrs['Def'] . '&gt;</a>';
},
],
[
'tag' => 'url',
'type' => 'url',
'parents' => ['inline', 'block'],
'attrs' => [
'Def' => [
'format' => '%^[^\x00-\x1f]+$%',
],
'no attr' => [
'body format' => '%^[^\x00-\x1f]+$%D',
],
],
'handler' => function($body, $attrs, $parser) {
if (isset($attrs['Def'])) {
$url = $attrs['Def'];
} else {
$url = $body;
// возможно внутри была картинка, которая отображается как ссылка
if (preg_match('%^<a href=".++(?<=</a>)$%D', $url)) {
return $url;
}
// возможно внутри картинка
if (preg_match('%<img src="([^"]+)"%', $url, $match)) {
$url = $match[1];
}
}
$fUrl = str_replace(array(' ', '\'', '`', '"'), array('%20', '', '', ''), $url);
if (strpos($url, 'www.') === 0) {
$fUrl = 'http://'.$fUrl;
} else if (strpos($url, 'ftp.') === 0) {
$fUrl = 'ftp://'.$fUrl;
} else if (strpos($url, '/') === 0) {
$fUrl = $parser->attr('baseUrl') . $fUrl;
} else if (!preg_match('%^([a-z0-9]{3,6})://%', $url)) {
$fUrl = 'http://'.$fUrl;
}
if ($url === $body) {
$url = htmlspecialchars_decode($url, ENT_QUOTES | ENT_XHTML);
$url = mb_strlen($url, 'UTF-8') > 55 ? mb_substr($url, 0, 39, 'UTF-8') . ' … ' . mb_substr($url, -10, null, 'UTF-8') : $url;
$body = $parser->e($url);
}
$parser->setJsLink('media', 'js/media.min.js');
return '<a href="' . $fUrl . '" rel="nofollow">' . $body . '</a>';
},
],
[
'tag' => 'topic',
'type' => 'url',
'parents' => ['inline', 'block'],
'attrs' => [
'Def' => [
'format' => '%^[1-9]\d*$%',
],
'no attr' => [
'body format' => '%^[1-9]\d*$%D',
],
],
'handler' => function($body, $attrs, $parser) {
$id = isset($attrs['Def']) ? $attrs['Def'] : $body;
return '<a href="' . $parser->attr('baseUrl') . '/viewtopic.php?id=' . $id . '">' . $body . '</a>';
},
],
[
'tag' => 'post',
'type' => 'url',
'parents' => ['inline', 'block'],
'attrs' => [
'Def' => [
'format' => '%^[1-9]\d*$%',
],
'no attr' => [
'body format' => '%^[1-9]\d*$%D',
],
],
'handler' => function($body, $attrs, $parser) {
$id = isset($attrs['Def']) ? $attrs['Def'] : $body;
return '<a href="' . $parser->attr('baseUrl') . '/viewtopic.php?pid=' . $id . '#p' . $id . '">' . $body . '</a>';
},
],
[
'tag' => 'forum',
'type' => 'url',
'parents' => ['inline', 'block'],
'attrs' => [
'Def' => [
'format' => '%^[1-9]\d*$%',
],
'no attr' => [
'body format' => '%^[1-9]\d*$%D',
],
],
'handler' => function($body, $attrs, $parser) {
$id = isset($attrs['Def']) ? $attrs['Def'] : $body;
return '<a href="' . $parser->attr('baseUrl') . '/viewforum.php?id=' . $id . '">' . $body . '</a>';
},
],
[
'tag' => 'user',
'type' => 'url',
'parents' => ['inline', 'block'],
'attrs' => [
'Def' => [
'format' => '%^[1-9]\d*$%',
],
'no attr' => [
'body format' => '%^[1-9]\d*$%D',
],
],
'handler' => function($body, $attrs, $parser) {
$id = isset($attrs['Def']) ? $attrs['Def'] : $body;
return '<a href="' . $parser->attr('baseUrl') . '/profile.php?id=' . $id . '">' . $body . '</a>';
},
],
];

1
include/bbcode/index.html Normal file
View file

@ -0,0 +1 @@
<html><head><title>.</title></head><body>.</body></html>

7
include/cache.php
View file

@ -145,12 +145,11 @@ function generate_censoring_cache()
global $db;
$result = $db->query('SELECT search_for, replace_with FROM '.$db->prefix.'censoring') or error('Unable to fetch censoring list', __FILE__, __LINE__, $db->error());
$num_words = $db->num_rows($result);
$search_for = $replace_with = array();
for ($i = 0; $i < $num_words; $i++)
for ($i = 0; $row = $db->fetch_row($result); $i++)
{
list($search_for[$i], $replace_with[$i]) = $db->fetch_row($result);
list($search_for[$i], $replace_with[$i]) = $row;
$search_for[$i] = '%(?<=[^\p{L}\p{N}])('.str_replace('\*', '[\p{L}\p{N}]*?', preg_quote($search_for[$i], '%')).')(?=[^\p{L}\p{N}])%iu';
}
@ -170,7 +169,7 @@ function generate_stopwords_cache()
$d = dir(PUN_ROOT.'lang');
while (($entry = $d->read()) !== false)
{
if ($entry{0} == '.')
if ($entry[0] == '.')
continue;
if (is_dir(PUN_ROOT.'lang/'.$entry) && file_exists(PUN_ROOT.'lang/'.$entry.'/stopwords.txt'))

267
include/class/Parser.php Normal file
View file

@ -0,0 +1,267 @@
<?php
/**
* @copyright Copyright (c) 2017 Visman. All rights reserved.
* @author Visman <mio.visman@yandex.ru>
* @link https://github.com/MioVisman
* @license https://opensource.org/licenses/MIT The MIT License (MIT)
*/
namespace FbV;
use Parserus;
class Parser extends Parserus
{
/**
* Конфиг форума
* @var array
*/
protected $config;
/**
* Текущий юзер
* @var array
*/
protected $user;
/**
* @var array
*/
protected $js = [];
/**
* Конструктор
*
* @param array $config
* @param array $user
* @param array $lang
*/
public function __construct(array $config, array $user, array $lang)
{
parent::__construct(ENT_XHTML);
$this->config = $config;
$this->user = $user;
$this->setAttr('lang', $lang)
->setAttr('whiteListForSign', ['b', 'i', 'u', 's', 'em', 'del', 'ins', 'color', 'colour', 'email', 'img', 'url', 'topic', 'post', 'forum', 'user'])
->setAttr('baseUrl', get_base_url(true))
->setAttr('showImg', $user['show_img'] != '0')
->setAttr('showImgSign', $user['show_img_sig'] != '0');
if ($config['p_message_bbcode'] == '1' || $config['p_sig_bbcode'] == '1') {
$this->loadBBCodes();
}
if ($user['show_smilies'] == '1' && ($config['o_smilies_sig'] == '1' || $config['o_smilies'] == '1')) {
$this->loadSmilies();
}
}
/**
* Метод добавляет один bb-код
*
* @param array $bb Массив описания bb-кода
*
* @return Parser
*/
public function addBBCode(array $bb)
{
if ($bb['tag'] == 'quote') {
$bb['self nesting'] = (int) $this->config['o_quote_depth'];
}
return parent::addBBCode($bb);
}
/**
* Подгружает и инициализирует бб-коды
*/
protected function loadBBCodes()
{
if (file_exists(PUN_ROOT . 'include/bbcode/bbcode.php')) {
$bb = include PUN_ROOT . 'include/bbcode/bbcode.php';
} else {
$bb = include PUN_ROOT . 'include/bbcode/bbcode.dist.php';
}
$this->setBBCodes($bb);
}
/**
* Подгружает и инициализирует смайлы
*/
protected function loadSmilies()
{
if (file_exists(FORUM_CACHE_DIR.'cache_smilies.php')) {
include FORUM_CACHE_DIR.'cache_smilies.php';
} else {
if (!defined('FORUM_CACHE_FUNCTIONS_LOADED')) {
require PUN_ROOT.'include/cache.php';
}
generate_smiley_cache();
require FORUM_CACHE_DIR.'cache_smilies.php';
}
$link = get_base_url(true) . '/img/smilies/';
foreach ($smilies as &$sm) {
$sm = $link . $sm;
}
unset($sm);
$this->setSmilies($smilies)
->setSmTpl('<img src="{url}" alt="{alt}" />');
}
/**
* Преобразует бб-коды в html в сообщениях
*
* @param string $text
* @param bool $hideSmilies
*
* @return string
*/
public function parseMessage($text, $hideSmilies)
{
if ($this->config['o_censoring'] == '1') {
$text = censor_words($text);
}
$whiteList = $this->config['p_message_bbcode'] == '1' ? null : [];
$blackList = $this->config['p_message_img_tag'] == '1' ? [] : ['img'];
$this->setAttr('isSign', false)
->setWhiteList($whiteList)
->setBlackList($blackList)
->parse($text);
if ($this->config['o_smilies'] == '1' && $this->user['show_smilies'] == '1' && ! $hideSmilies) {
$this->detectSmilies();
}
$text = $this->getHtml();
// search HL - Visman
global $string_shl;
if (! empty($string_shl)) {
$pattern = '%(?<=[^\p{L}\p{N}])('.str_replace(array('*', '\'', 'е'), array('(?:[\p{L}\p{N}]|&#039;||`|-)*', '(?:&#039;||`)', '[её]'), $string_shl).')(?![\p{L}\p{N}])(?=[^>]*<)%ui';
$text = preg_replace($pattern, '<span class="shlight">$1</span>', '>' . $text . '<');
$text = substr($text, 1, -1);
}
// search HL - Visman
return $text;
}
/**
* Преобразует бб-коды в html в подписях пользователей
*
* @param string $text
*
* @return string
*/
public function parseSignature($text)
{
if ($this->config['o_censoring'] == '1') {
$text = censor_words($text);
}
$whiteList = $this->config['p_sig_bbcode'] == '1' ? $this->attr('whiteListForSign') : [];
$blackList = $this->config['p_sig_img_tag'] == '1' ? [] : ['img'];
$this->setAttr('isSign', true)
->setWhiteList($whiteList)
->setBlackList($blackList)
->parse($text);
if ($this->config['o_smilies_sig'] == '1' && $this->user['show_smilies'] == '1') {
$this->detectSmilies();
}
return $this->getHtml();
}
/**
* Проверяет разметку сообщения с бб-кодами
* Пытается исправить неточности разметки
* Генерирует ошибки разметки
*
* @param string $text
* @param bool $isSignature
*
* @return string
*/
public function prepare($text, $isSignature = false)
{
if ($isSignature) {
$whiteList = $this->config['p_sig_bbcode'] == '1' ? $this->attr('whiteListForSign') : [];
$blackList = $this->config['p_sig_img_tag'] == '1' ? [] : ['img'];
} else {
$whiteList = $this->config['p_message_bbcode'] == '1' ? null : [];
$blackList = $this->config['p_message_img_tag'] == '1' ? [] : ['img'];
}
$this->setWhiteList($whiteList)
->setBlackList($blackList)
->parse($text, ['strict' => true])
->stripEmptyTags(" \n\t\r\v", true);
if ($this->config['o_make_links'] == '1') {
$this->detectUrls();
}
return trim($this->getCode());
}
/**
* Устанавливает ссылку на js
*
* @param string $name
* @param string $link
*
* @return Parser
*/
public function setJsLink($name, $link)
{
$this->js['f'][$name] = $link;
return $this;
}
/**
* Устанавливает js в виде кода
*
* @param string $name
* @param string $link
*
* @return Parser
*/
public function setJsCode($name, $code)
{
$this->js['c'][$name] = $code;
return $this;
}
/**
* Включает jQuery
*
* @return Parser
*/
public function enablejQuery()
{
$this->js['j'] = true;
return $this;
}
/**
* Объединяет массивы js у страницы и парсера
*
* @param array $js
*
* @return array
*/
public function mergeJs(array $js)
{
if (empty($this->js)) {
return $js;
} else {
return array_merge_recursive($js, $this->js);
}
}
}

1
include/class/index.html Normal file
View file

@ -0,0 +1 @@
<html><head><title>.</title></head><body>.</body></html>

28
include/common.php
View file

@ -9,13 +9,21 @@
if (!defined('PUN_ROOT'))
exit('The constant PUN_ROOT must be defined and point to a valid FluxBB installation root directory.');
// Make sure PHP reports all errors except E_NOTICE. FluxBB supports E_ALL, but a lot of scripts it may interact with, do not
error_reporting(E_ALL ^ E_NOTICE);
ini_set('display_errors', 0);
ini_set('log_errors', 1);
// Record the start time (will be used to calculate the generation time for the page)
$pun_start = empty($_SERVER['REQUEST_TIME_FLOAT']) ? microtime(true) : (float) $_SERVER['REQUEST_TIME_FLOAT'];
// Define the version and database revision that this code was written for
define('FORUM_VERSION', '1.5.10');
// Seed the random number generator for systems where this does not happen automatically
mt_srand();
define('FORUM_VER_REVISION', 78); // номер сборки - Visman
// Define the version and database revision that this code was written for
define('FORUM_VERSION', '1.5.11');
define('FORUM_VER_REVISION', 81); // номер сборки - Visman
$page_js = array();
@ -29,10 +37,7 @@ if (isset($_SERVER['HTTP_X_MOZ']) && $_SERVER['HTTP_X_MOZ'] == 'prefetch')
header('HTTP/1.1 403 Prefetching Forbidden');
// Send no-cache headers
header('Expires: Thu, 21 Jul 1977 07:30:00 GMT'); // When yours truly first set eyes on this world! :)
header('Last-Modified: '.gmdate('D, d M Y H:i:s').' GMT');
header('Cache-Control: post-check=0, pre-check=0', false);
header('Pragma: no-cache'); // For HTTP/1.0 compatibility
forum_http_headers();
exit;
}
@ -52,6 +57,8 @@ if (!defined('PUN'))
exit;
}
require PUN_ROOT.'vendor/autoload.php';
// Load the functions script
require PUN_ROOT.'include/functions.php';
@ -64,16 +71,9 @@ require PUN_ROOT.'include/utf8/utf8.php';
// Strip out "bad" UTF-8 characters
forum_remove_bad_characters();
// Reverse the effect of register_globals
forum_unregister_globals();
// The addon manager is responsible for storing the hook listeners and communicating with the addons
$flux_addons = new flux_addon_manager();
// Make sure PHP reports all errors except E_NOTICE. FluxBB supports E_ALL, but a lot of scripts it may interact with, do not
error_reporting(E_ALL ^ E_NOTICE);
//error_reporting(E_ALL);
// Force POSIX locale (to prevent functions such as strtolower() from messing up UTF-8 strings)
setlocale(LC_CTYPE, 'C');

7
include/common_admin.php
View file

@ -152,10 +152,9 @@ function prune($forum_id, $prune_sticky, $prune_date)
{
// not sum - Visman
$result = $db->query('SELECT no_sum_mess FROM '.$db->prefix.'forums WHERE id='.$forum_id) or error('Unable to fetch forums', __FILE__, __LINE__, $db->error());
if (!$db->num_rows($result))
$flag_f = 1;
else
$flag_f = $db->result($result);
$row = $db->fetch_row($result);
$flag_f = !$row ? 1 : $row[0];
// уменьшение постов у юзеров и not sum - Visman
if ($flag_f == 0)

8
include/dblayer/common_db.php
View file

@ -15,17 +15,11 @@ if (!defined('PUN'))
switch ($db_type)
{
case 'mysql':
require_once PUN_ROOT.'include/dblayer/mysql.php';
break;
case 'mysql_innodb':
require_once PUN_ROOT.'include/dblayer/mysql_innodb.php';
break;
case 'mysqli':
require_once PUN_ROOT.'include/dblayer/mysqli.php';
break;
case 'mysql_innodb':
case 'mysqli_innodb':
require_once PUN_ROOT.'include/dblayer/mysqli_innodb.php';
break;

373
include/dblayer/mysql.php
View file

@ -1,373 +0,0 @@
<?php
/**
* Copyright (C) 2008-2012 FluxBB
* based on code by Rickard Andersson copyright (C) 2002-2008 PunBB
* License: http://www.gnu.org/licenses/gpl.html GPL version 2 or higher
*/
// Make sure we have built in support for MySQL
if (!function_exists('mysql_connect'))
exit('This PHP environment doesn\'t have MySQL support built in. MySQL support is required if you want to use a MySQL database to run this forum. Consult the PHP documentation for further assistance.');
class DBLayer
{
var $prefix;
var $link_id;
var $query_result;
var $saved_queries = array();
var $num_queries = 0;
var $error_no = false;
var $error_msg = 'Unknown';
var $datatype_transformations = array(
'%^SERIAL$%' => 'INT(10) UNSIGNED AUTO_INCREMENT'
);
function __construct($db_host, $db_username, $db_password, $db_name, $db_prefix, $p_connect)
{
$this->prefix = $db_prefix;
if ($p_connect)
$this->link_id = @mysql_pconnect($db_host, $db_username, $db_password);
else
$this->link_id = @mysql_connect($db_host, $db_username, $db_password);
if ($this->link_id)
{
if (!@mysql_select_db($db_name, $this->link_id))
error('Unable to select database. MySQL reported: '.mysql_error(), __FILE__, __LINE__);
}
else
error('Unable to connect to MySQL server. MySQL reported: '.mysql_error(), __FILE__, __LINE__);
// Setup the client-server character set (UTF-8)
if (!defined('FORUM_NO_SET_NAMES'))
{
if (!$this->set_names('utf8'))
error('Unable to set the character set.', __FILE__, __LINE__);
}
}
function start_transaction()
{
return;
}
function end_transaction()
{
return;
}
function query($sql, $unbuffered = false)
{
if (defined('PUN_SHOW_QUERIES'))
$q_start = microtime(true);
if ($unbuffered)
$this->query_result = @mysql_unbuffered_query($sql, $this->link_id);
else
$this->query_result = @mysql_query($sql, $this->link_id);
if ($this->query_result)
{
if (defined('PUN_SHOW_QUERIES'))
$this->saved_queries[] = array($sql, sprintf('%.5f', microtime(true) - $q_start));
++$this->num_queries;
return $this->query_result;
}
else
{
if (defined('PUN_SHOW_QUERIES'))
$this->saved_queries[] = array($sql, 0);
$this->error_no = @mysql_errno($this->link_id);
$this->error_msg = @mysql_error($this->link_id);
return false;
}
}
function result($query_id = 0, $row = 0, $col = 0)
{
return ($query_id) ? @mysql_result($query_id, $row, $col) : false;
}
function fetch_assoc($query_id = 0)
{
return ($query_id) ? @mysql_fetch_assoc($query_id) : false;
}
function fetch_row($query_id = 0)
{
return ($query_id) ? @mysql_fetch_row($query_id) : false;
}
function num_rows($query_id = 0)
{
return ($query_id) ? @mysql_num_rows($query_id) : false;
}
function affected_rows()
{
return ($this->link_id) ? @mysql_affected_rows($this->link_id) : false;
}
function insert_id()
{
return ($this->link_id) ? @mysql_insert_id($this->link_id) : false;
}
function get_num_queries()
{
return $this->num_queries;
}
function get_saved_queries()
{
return $this->saved_queries;
}
function free_result($query_id = false)
{
return ($query_id) ? @mysql_free_result($query_id) : false;
}
function escape($str)
{
if (is_array($str))
return '';
else if (function_exists('mysql_real_escape_string'))
return mysql_real_escape_string($str, $this->link_id);
else
return mysql_escape_string($str);
}
function error()
{
$result['error_sql'] = @current(@end($this->saved_queries));
$result['error_no'] = $this->error_no;
$result['error_msg'] = $this->error_msg;
return $result;
}
function close()
{
if ($this->link_id)
{
if (is_resource($this->query_result))
@mysql_free_result($this->query_result);
return @mysql_close($this->link_id);
}
else
return false;
}
function get_names()
{
$result = $this->query('SHOW VARIABLES LIKE \'character_set_connection\'');
return $this->result($result, 0, 1);
}
function set_names($names)
{
return @mysql_set_charset($names, $this->link_id);
}
function get_version()
{
$result = $this->query('SELECT VERSION()');
return array(
'name' => 'MySQL Standard',
'version' => preg_replace('%^([^-]+).*$%', '\\1', $this->result($result))
);
}
function table_exists($table_name, $no_prefix = false)
{
$result = $this->query('SHOW TABLES LIKE \''.($no_prefix ? '' : $this->prefix).$this->escape($table_name).'\'');
return $this->num_rows($result) > 0;
}
function field_exists($table_name, $field_name, $no_prefix = false)
{
$result = $this->query('SHOW COLUMNS FROM '.($no_prefix ? '' : $this->prefix).$table_name.' LIKE \''.$this->escape($field_name).'\'');
return $this->num_rows($result) > 0;
}
function index_exists($table_name, $index_name, $no_prefix = false)
{
$exists = false;
$result = $this->query('SHOW INDEX FROM '.($no_prefix ? '' : $this->prefix).$table_name);
while ($cur_index = $this->fetch_assoc($result))
{
if (strtolower($cur_index['Key_name']) == strtolower(($no_prefix ? '' : $this->prefix).$table_name.'_'.$index_name))
{
$exists = true;
break;
}
}
return $exists;
}
function create_table($table_name, $schema, $no_prefix = false)
{
if ($this->table_exists($table_name, $no_prefix))
return true;
$query = 'CREATE TABLE '.($no_prefix ? '' : $this->prefix).$table_name." (\n";
// Go through every schema element and add it to the query
foreach ($schema['FIELDS'] as $field_name => $field_data)
{
$field_data['datatype'] = preg_replace(array_keys($this->datatype_transformations), array_values($this->datatype_transformations), $field_data['datatype']);
$query .= $field_name.' '.$field_data['datatype'];
if (isset($field_data['collation']))
$query .= 'CHARACTER SET utf8 COLLATE utf8_'.$field_data['collation'];
if (!$field_data['allow_null'])
$query .= ' NOT NULL';
if (isset($field_data['default']))
$query .= ' DEFAULT '.$field_data['default'];
$query .= ",\n";
}
// If we have a primary key, add it
if (isset($schema['PRIMARY KEY']))
$query .= 'PRIMARY KEY ('.implode(',', $schema['PRIMARY KEY']).'),'."\n";
// Add unique keys
if (isset($schema['UNIQUE KEYS']))
{
foreach ($schema['UNIQUE KEYS'] as $key_name => $key_fields)
$query .= 'UNIQUE KEY '.($no_prefix ? '' : $this->prefix).$table_name.'_'.$key_name.'('.implode(',', $key_fields).'),'."\n";
}
// Add indexes
if (isset($schema['INDEXES']))
{
foreach ($schema['INDEXES'] as $index_name => $index_fields)
$query .= 'KEY '.($no_prefix ? '' : $this->prefix).$table_name.'_'.$index_name.'('.implode(',', $index_fields).'),'."\n";
}
// We remove the last two characters (a newline and a comma) and add on the ending
$query = substr($query, 0, strlen($query) - 2)."\n".') ENGINE = '.(isset($schema['ENGINE']) ? $schema['ENGINE'] : 'MyISAM').' CHARACTER SET utf8';
return $this->query($query) ? true : false;
}
function drop_table($table_name, $no_prefix = false)
{
if (!$this->table_exists($table_name, $no_prefix))
return true;
return $this->query('DROP TABLE '.($no_prefix ? '' : $this->prefix).$table_name) ? true : false;
}
function rename_table($old_table, $new_table, $no_prefix = false)
{
// If the new table exists and the old one doesn't, then we're happy
if ($this->table_exists($new_table, $no_prefix) && !$this->table_exists($old_table, $no_prefix))
return true;
return $this->query('ALTER TABLE '.($no_prefix ? '' : $this->prefix).$old_table.' RENAME TO '.($no_prefix ? '' : $this->prefix).$new_table) ? true : false;
}
function add_field($table_name, $field_name, $field_type, $allow_null, $default_value = null, $after_field = null, $no_prefix = false)
{
if ($this->field_exists($table_name, $field_name, $no_prefix))
return true;
$field_type = preg_replace(array_keys($this->datatype_transformations), array_values($this->datatype_transformations), $field_type);
if (!is_null($default_value) && !is_int($default_value) && !is_float($default_value))
$default_value = '\''.$this->escape($default_value).'\'';
return $this->query('ALTER TABLE '.($no_prefix ? '' : $this->prefix).$table_name.' ADD '.$field_name.' '.$field_type.($allow_null ? '' : ' NOT NULL').(!is_null($default_value) ? ' DEFAULT '.$default_value : '').(!is_null($after_field) ? ' AFTER '.$after_field : '')) ? true : false;
}
function alter_field($table_name, $field_name, $field_type, $allow_null, $default_value = null, $after_field = null, $no_prefix = false)
{
if (!$this->field_exists($table_name, $field_name, $no_prefix))
return true;
$field_type = preg_replace(array_keys($this->datatype_transformations), array_values($this->datatype_transformations), $field_type);
if (!is_null($default_value) && !is_int($default_value) && !is_float($default_value))
$default_value = '\''.$this->escape($default_value).'\'';
return $this->query('ALTER TABLE '.($no_prefix ? '' : $this->prefix).$table_name.' MODIFY '.$field_name.' '.$field_type.($allow_null ? '' : ' NOT NULL').(!is_null($default_value) ? ' DEFAULT '.$default_value : '').(!is_null($after_field) ? ' AFTER '.$after_field : '')) ? true : false;
}
function drop_field($table_name, $field_name, $no_prefix = false)
{
if (!$this->field_exists($table_name, $field_name, $no_prefix))
return true;
return $this->query('ALTER TABLE '.($no_prefix ? '' : $this->prefix).$table_name.' DROP '.$field_name) ? true : false;
}
function add_index($table_name, $index_name, $index_fields, $unique = false, $no_prefix = false)
{
if ($this->index_exists($table_name, $index_name, $no_prefix))
return true;
return $this->query('ALTER TABLE '.($no_prefix ? '' : $this->prefix).$table_name.' ADD '.($unique ? 'UNIQUE ' : '').'INDEX '.($no_prefix ? '' : $this->prefix).$table_name.'_'.$index_name.' ('.implode(',', $index_fields).')') ? true : false;
}
function drop_index($table_name, $index_name, $no_prefix = false)
{
if (!$this->index_exists($table_name, $index_name, $no_prefix))
return true;
return $this->query('ALTER TABLE '.($no_prefix ? '' : $this->prefix).$table_name.' DROP INDEX '.($no_prefix ? '' : $this->prefix).$table_name.'_'.$index_name) ? true : false;
}
function truncate_table($table_name, $no_prefix = false)
{
return $this->query('TRUNCATE TABLE '.($no_prefix ? '' : $this->prefix).$table_name) ? true : false;
}
}

387
include/dblayer/mysql_innodb.php
View file

@ -1,387 +0,0 @@
<?php
/**
* Copyright (C) 2008-2012 FluxBB
* based on code by Rickard Andersson copyright (C) 2002-2008 PunBB
* License: http://www.gnu.org/licenses/gpl.html GPL version 2 or higher
*/
// Make sure we have built in support for MySQL
if (!function_exists('mysql_connect'))
exit('This PHP environment doesn\'t have MySQL support built in. MySQL support is required if you want to use a MySQL database to run this forum. Consult the PHP documentation for further assistance.');
class DBLayer
{
var $prefix;
var $link_id;
var $query_result;
var $in_transaction = 0;
var $saved_queries = array();
var $num_queries = 0;
var $error_no = false;
var $error_msg = 'Unknown';
var $datatype_transformations = array(
'%^SERIAL$%' => 'INT(10) UNSIGNED AUTO_INCREMENT'
);
function __construct($db_host, $db_username, $db_password, $db_name, $db_prefix, $p_connect)
{
$this->prefix = $db_prefix;
if ($p_connect)
$this->link_id = @mysql_pconnect($db_host, $db_username, $db_password);
else
$this->link_id = @mysql_connect($db_host, $db_username, $db_password);
if ($this->link_id)
{
if (!@mysql_select_db($db_name, $this->link_id))
error('Unable to select database. MySQL reported: '.mysql_error(), __FILE__, __LINE__);
}
else
error('Unable to connect to MySQL server. MySQL reported: '.mysql_error(), __FILE__, __LINE__);
// Setup the client-server character set (UTF-8)
if (!defined('FORUM_NO_SET_NAMES'))
{
if (!$this->set_names('utf8'))
error('Unable to set the character set.', __FILE__, __LINE__);
}
}
function start_transaction()
{
++$this->in_transaction;
mysql_query('START TRANSACTION', $this->link_id);
return;
}
function end_transaction()
{
--$this->in_transaction;
mysql_query('COMMIT', $this->link_id);
return;
}
function query($sql, $unbuffered = false)
{
if (defined('PUN_SHOW_QUERIES'))
$q_start = microtime(true);
if ($unbuffered)
$this->query_result = @mysql_unbuffered_query($sql, $this->link_id);
else
$this->query_result = @mysql_query($sql, $this->link_id);
if ($this->query_result)
{
if (defined('PUN_SHOW_QUERIES'))
$this->saved_queries[] = array($sql, sprintf('%.5f', microtime(true) - $q_start));
++$this->num_queries;
return $this->query_result;
}
else
{
if (defined('PUN_SHOW_QUERIES'))
$this->saved_queries[] = array($sql, 0);
$this->error_no = @mysql_errno($this->link_id);
$this->error_msg = @mysql_error($this->link_id);
// Rollback transaction
if ($this->in_transaction)
mysql_query('ROLLBACK', $this->link_id);
--$this->in_transaction;
return false;
}
}
function result($query_id = 0, $row = 0, $col = 0)
{
return ($query_id) ? @mysql_result($query_id, $row, $col) : false;
}
function fetch_assoc($query_id = 0)
{
return ($query_id) ? @mysql_fetch_assoc($query_id) : false;
}
function fetch_row($query_id = 0)
{
return ($query_id) ? @mysql_fetch_row($query_id) : false;
}
function num_rows($query_id = 0)
{
return ($query_id) ? @mysql_num_rows($query_id) : false;
}
function affected_rows()
{
return ($this->link_id) ? @mysql_affected_rows($this->link_id) : false;
}
function insert_id()
{
return ($this->link_id) ? @mysql_insert_id($this->link_id) : false;
}
function get_num_queries()
{
return $this->num_queries;
}
function get_saved_queries()
{
return $this->saved_queries;
}
function free_result($query_id = false)
{
return ($query_id) ? @mysql_free_result($query_id) : false;
}
function escape($str)
{
if (is_array($str))
return '';
else if (function_exists('mysql_real_escape_string'))
return mysql_real_escape_string($str, $this->link_id);
else
return mysql_escape_string($str);
}
function error()
{
$result['error_sql'] = @current(@end($this->saved_queries));
$result['error_no'] = $this->error_no;
$result['error_msg'] = $this->error_msg;
return $result;
}
function close()
{
if ($this->link_id)
{
if (is_resource($this->query_result))
@mysql_free_result($this->query_result);
return @mysql_close($this->link_id);
}
else
return false;
}
function get_names()
{
$result = $this->query('SHOW VARIABLES LIKE \'character_set_connection\'');
return $this->result($result, 0, 1);
}
function set_names($names)
{
return @mysql_set_charset($names, $this->link_id);
}
function get_version()
{
$result = $this->query('SELECT VERSION()');
return array(
'name' => 'MySQL Standard (InnoDB)',
'version' => preg_replace('%^([^-]+).*$%', '\\1', $this->result($result))
);
}
function table_exists($table_name, $no_prefix = false)
{
$result = $this->query('SHOW TABLES LIKE \''.($no_prefix ? '' : $this->prefix).$this->escape($table_name).'\'');
return $this->num_rows($result) > 0;
}
function field_exists($table_name, $field_name, $no_prefix = false)
{
$result = $this->query('SHOW COLUMNS FROM '.($no_prefix ? '' : $this->prefix).$table_name.' LIKE \''.$this->escape($field_name).'\'');
return $this->num_rows($result) > 0;
}
function index_exists($table_name, $index_name, $no_prefix = false)
{
$exists = false;
$result = $this->query('SHOW INDEX FROM '.($no_prefix ? '' : $this->prefix).$table_name);
while ($cur_index = $this->fetch_assoc($result))
{
if (strtolower($cur_index['Key_name']) == strtolower(($no_prefix ? '' : $this->prefix).$table_name.'_'.$index_name))
{
$exists = true;
break;
}
}
return $exists;
}
function create_table($table_name, $schema, $no_prefix = false)
{
if ($this->table_exists($table_name, $no_prefix))
return true;
$query = 'CREATE TABLE '.($no_prefix ? '' : $this->prefix).$table_name." (\n";
// Go through every schema element and add it to the query
foreach ($schema['FIELDS'] as $field_name => $field_data)
{
$field_data['datatype'] = preg_replace(array_keys($this->datatype_transformations), array_values($this->datatype_transformations), $field_data['datatype']);
$query .= $field_name.' '.$field_data['datatype'];
if (isset($field_data['collation']))
$query .= 'CHARACTER SET utf8 COLLATE utf8_'.$field_data['collation'];
if (!$field_data['allow_null'])
$query .= ' NOT NULL';
if (isset($field_data['default']))
$query .= ' DEFAULT '.$field_data['default'];
$query .= ",\n";
}
// If we have a primary key, add it
if (isset($schema['PRIMARY KEY']))
$query .= 'PRIMARY KEY ('.implode(',', $schema['PRIMARY KEY']).'),'."\n";
// Add unique keys
if (isset($schema['UNIQUE KEYS']))
{
foreach ($schema['UNIQUE KEYS'] as $key_name => $key_fields)
$query .= 'UNIQUE KEY '.($no_prefix ? '' : $this->prefix).$table_name.'_'.$key_name.'('.implode(',', $key_fields).'),'."\n";
}
// Add indexes
if (isset($schema['INDEXES']))
{
foreach ($schema['INDEXES'] as $index_name => $index_fields)
$query .= 'KEY '.($no_prefix ? '' : $this->prefix).$table_name.'_'.$index_name.'('.implode(',', $index_fields).'),'."\n";
}
// We remove the last two characters (a newline and a comma) and add on the ending
$query = substr($query, 0, strlen($query) - 2)."\n".') ENGINE = '.(isset($schema['ENGINE']) ? $schema['ENGINE'] : 'InnoDB').' CHARACTER SET utf8';
return $this->query($query) ? true : false;
}
function drop_table($table_name, $no_prefix = false)
{
if (!$this->table_exists($table_name, $no_prefix))
return true;
return $this->query('DROP TABLE '.($no_prefix ? '' : $this->prefix).$table_name) ? true : false;
}
function rename_table($old_table, $new_table, $no_prefix = false)
{
// If the new table exists and the old one doesn't, then we're happy
if ($this->table_exists($new_table, $no_prefix) && !$this->table_exists($old_table, $no_prefix))
return true;
return $this->query('ALTER TABLE '.($no_prefix ? '' : $this->prefix).$old_table.' RENAME TO '.($no_prefix ? '' : $this->prefix).$new_table) ? true : false;
}
function add_field($table_name, $field_name, $field_type, $allow_null, $default_value = null, $after_field = null, $no_prefix = false)
{
if ($this->field_exists($table_name, $field_name, $no_prefix))
return true;
$field_type = preg_replace(array_keys($this->datatype_transformations), array_values($this->datatype_transformations), $field_type);
if (!is_null($default_value) && !is_int($default_value) && !is_float($default_value))
$default_value = '\''.$this->escape($default_value).'\'';
return $this->query('ALTER TABLE '.($no_prefix ? '' : $this->prefix).$table_name.' ADD '.$field_name.' '.$field_type.($allow_null ? '' : ' NOT NULL').(!is_null($default_value) ? ' DEFAULT '.$default_value : '').(!is_null($after_field) ? ' AFTER '.$after_field : '')) ? true : false;
}
function alter_field($table_name, $field_name, $field_type, $allow_null, $default_value = null, $after_field = null, $no_prefix = false)
{
if (!$this->field_exists($table_name, $field_name, $no_prefix))
return true;
$field_type = preg_replace(array_keys($this->datatype_transformations), array_values($this->datatype_transformations), $field_type);
if (!is_null($default_value) && !is_int($default_value) && !is_float($default_value))
$default_value = '\''.$this->escape($default_value).'\'';
return $this->query('ALTER TABLE '.($no_prefix ? '' : $this->prefix).$table_name.' MODIFY '.$field_name.' '.$field_type.($allow_null ? '' : ' NOT NULL').(!is_null($default_value) ? ' DEFAULT '.$default_value : '').(!is_null($after_field) ? ' AFTER '.$after_field : '')) ? true : false;
}
function drop_field($table_name, $field_name, $no_prefix = false)
{
if (!$this->field_exists($table_name, $field_name, $no_prefix))
return true;
return $this->query('ALTER TABLE '.($no_prefix ? '' : $this->prefix).$table_name.' DROP '.$field_name) ? true : false;
}
function add_index($table_name, $index_name, $index_fields, $unique = false, $no_prefix = false)
{
if ($this->index_exists($table_name, $index_name, $no_prefix))
return true;
return $this->query('ALTER TABLE '.($no_prefix ? '' : $this->prefix).$table_name.' ADD '.($unique ? 'UNIQUE ' : '').'INDEX '.($no_prefix ? '' : $this->prefix).$table_name.'_'.$index_name.' ('.implode(',', $index_fields).')') ? true : false;
}
function drop_index($table_name, $index_name, $no_prefix = false)
{
if (!$this->index_exists($table_name, $index_name, $no_prefix))
return true;
return $this->query('ALTER TABLE '.($no_prefix ? '' : $this->prefix).$table_name.' DROP INDEX '.($no_prefix ? '' : $this->prefix).$table_name.'_'.$index_name) ? true : false;
}
function truncate_table($table_name, $no_prefix = false)
{
return $this->query('TRUNCATE TABLE '.($no_prefix ? '' : $this->prefix).$table_name) ? true : false;
}
}

20
include/dblayer/mysqli.php
View file

@ -37,7 +37,7 @@ class DBLayer
list($db_host, $db_port) = explode(':', $db_host);
// Persistent connection in MySQLi are only available in PHP 5.3 and later releases
$p_connect = $p_connect && version_compare(PHP_VERSION, '5.3.0', '>=') ? 'p:' : '';
$p_connect = $p_connect ? 'p:' : '';
if (isset($db_port))
$this->link_id = @mysqli_connect($p_connect.$db_host, $db_username, $db_password, $db_name, $db_port);
@ -54,8 +54,8 @@ class DBLayer
error('Unable to set the character set.', __FILE__, __LINE__);
}
}
function start_transaction()
{
return;
@ -78,7 +78,7 @@ class DBLayer
if ($this->query_result)
{
if (defined('PUN_SHOW_QUERIES'))
$this->saved_queries[] = array($sql, sprintf('%.5f', microtime(true) - $q_start));
$this->saved_queries[] = array($sql, sprintf('%.5F', microtime(true) - $q_start));
++$this->num_queries;
@ -105,7 +105,7 @@ class DBLayer
return false;
$cur_row = @mysqli_fetch_row($query_id);
if ($cur_row === false)
if ($cur_row === null)
return false;
return $cur_row[$col];
@ -202,7 +202,11 @@ class DBLayer
function set_names($names)
{
return @mysqli_set_charset($this->link_id, $names);
if ('utf8' === $names)
{
$names = 'utf8mb4';
}
return mysqli_set_charset($this->link_id, $names);
}
@ -264,7 +268,7 @@ class DBLayer
$query .= $field_name.' '.$field_data['datatype'];
if (isset($field_data['collation']))
$query .= 'CHARACTER SET utf8 COLLATE utf8_'.$field_data['collation'];
$query .= 'CHARACTER SET utf8mb4 COLLATE utf8mb4_'.$field_data['collation'];
if (!$field_data['allow_null'])
$query .= ' NOT NULL';
@ -294,7 +298,7 @@ class DBLayer
}
// We remove the last two characters (a newline and a comma) and add on the ending
$query = substr($query, 0, strlen($query) - 2)."\n".') ENGINE = '.(isset($schema['ENGINE']) ? $schema['ENGINE'] : 'MyISAM').' CHARACTER SET utf8';
$query = substr($query, 0, strlen($query) - 2)."\n".') ENGINE = '.(isset($schema['ENGINE']) ? $schema['ENGINE'] : 'MyISAM').' CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci';
return $this->query($query) ? true : false;
}

22
include/dblayer/mysqli_innodb.php
View file

@ -38,7 +38,7 @@ class DBLayer
list($db_host, $db_port) = explode(':', $db_host);
// Persistent connection in MySQLi are only available in PHP 5.3 and later releases
$p_connect = $p_connect && version_compare(PHP_VERSION, '5.3.0', '>=') ? 'p:' : '';
$p_connect = $p_connect ? 'p:' : '';
if (isset($db_port))
$this->link_id = @mysqli_connect($p_connect.$db_host, $db_username, $db_password, $db_name, $db_port);
@ -85,7 +85,7 @@ class DBLayer
if ($this->query_result)
{
if (defined('PUN_SHOW_QUERIES'))
$this->saved_queries[] = array($sql, sprintf('%.5f', microtime(true) - $q_start));
$this->saved_queries[] = array($sql, sprintf('%.5F', microtime(true) - $q_start));
++$this->num_queries;
@ -101,9 +101,11 @@ class DBLayer
// Rollback transaction
if ($this->in_transaction)
mysqli_query($this->link_id, 'ROLLBACK');
{
--$this->in_transaction;
--$this->in_transaction;
mysqli_query($this->link_id, 'ROLLBACK');
}
return false;
}
@ -118,7 +120,7 @@ class DBLayer
return false;
$cur_row = @mysqli_fetch_row($query_id);
if ($cur_row === false)
if ($cur_row === null)
return false;
return $cur_row[$col];
@ -215,7 +217,11 @@ class DBLayer
function set_names($names)
{
return @mysqli_set_charset($this->link_id, $names);
if ('utf8' === $names)
{
$names = 'utf8mb4';
}
return mysqli_set_charset($this->link_id, $names);
}
@ -277,7 +283,7 @@ class DBLayer
$query .= $field_name.' '.$field_data['datatype'];
if (isset($field_data['collation']))
$query .= 'CHARACTER SET utf8 COLLATE utf8_'.$field_data['collation'];
$query .= 'CHARACTER SET utf8mb4 COLLATE utf8mb4_'.$field_data['collation'];
if (!$field_data['allow_null'])
$query .= ' NOT NULL';
@ -307,7 +313,7 @@ class DBLayer
}
// We remove the last two characters (a newline and a comma) and add on the ending
$query = substr($query, 0, strlen($query) - 2)."\n".') ENGINE = '.(isset($schema['ENGINE']) ? $schema['ENGINE'] : 'InnoDB').' CHARACTER SET utf8';
$query = substr($query, 0, strlen($query) - 2)."\n".') ENGINE = '.(isset($schema['ENGINE']) ? $schema['ENGINE'] : 'InnoDB').' CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci';
return $this->query($query) ? true : false;
}

10
include/dblayer/pgsql.php
View file

@ -71,7 +71,7 @@ class DBLayer
if (!defined('FORUM_NO_SET_NAMES'))
$this->set_names('utf8');
}
function start_transaction()
{
@ -109,7 +109,7 @@ class DBLayer
if (pg_result_status($this->query_result) != PGSQL_FATAL_ERROR)
{
if (defined('PUN_SHOW_QUERIES'))
$this->saved_queries[] = array($sql, sprintf('%.5f', microtime(true) - $q_start));
$this->saved_queries[] = array($sql, sprintf('%.5F', microtime(true) - $q_start));
++$this->num_queries;
@ -126,9 +126,11 @@ class DBLayer
$this->error_msg = @pg_result_error($this->query_result);
if ($this->in_transaction)
@pg_query($this->link_id, 'ROLLBACK');
{
--$this->in_transaction;
--$this->in_transaction;
@pg_query($this->link_id, 'ROLLBACK');
}
return false;
}

26
include/dblayer/sqlite.php
View file

@ -43,14 +43,14 @@ class DBLayer
@touch($db_name);
@chmod($db_name, 0666);
if (!file_exists($db_name))
error('Unable to create new database \''.$db_name.'\'. Permission denied', __FILE__, __LINE__);
error('Unable to create new SQLite database. Permission denied', __FILE__, __LINE__);
}
if (!is_readable($db_name))
error('Unable to open database \''.$db_name.'\' for reading. Permission denied', __FILE__, __LINE__);
error('Unable to open SQLite database for reading. Permission denied', __FILE__, __LINE__);
if (!forum_is_writable($db_name))
error('Unable to open database \''.$db_name.'\' for writing. Permission denied', __FILE__, __LINE__);
error('Unable to open SQLite database for writing. Permission denied', __FILE__, __LINE__);
if ($p_connect)
$this->link_id = @sqlite_popen($db_name, 0666, $sqlite_error);
@ -58,10 +58,10 @@ class DBLayer
$this->link_id = @sqlite_open($db_name, 0666, $sqlite_error);
if (!$this->link_id)
error('Unable to open database \''.$db_name.'\'. SQLite reported: '.$sqlite_error, __FILE__, __LINE__);
error('Unable to open SQLite database. SQLite reported: '.$sqlite_error, __FILE__, __LINE__);
}
function start_transaction()
{
++$this->in_transaction;
@ -97,7 +97,7 @@ class DBLayer
if ($this->query_result)
{
if (defined('PUN_SHOW_QUERIES'))
$this->saved_queries[] = array($sql, sprintf('%.5f', microtime(true) - $q_start));
$this->saved_queries[] = array($sql, sprintf('%.5F', microtime(true) - $q_start));
++$this->num_queries;
@ -111,10 +111,12 @@ class DBLayer
$this->error_no = @sqlite_last_error($this->link_id);
$this->error_msg = @sqlite_error_string($this->error_no);
if ($this->in_transaction)
@sqlite_query($this->link_id, 'ROLLBACK');
if ($this->in_transaction > 0)
{
--$this->in_transaction;
--$this->in_transaction;
@sqlite_query($this->link_id, 'ROLLBACK');
}
return false;
}
@ -228,7 +230,7 @@ class DBLayer
{
if ($this->link_id)
{
if ($this->in_transaction)
if ($this->in_transaction > 0)
{
if (defined('PUN_SHOW_QUERIES'))
$this->saved_queries[] = array('COMMIT', 0);
@ -454,6 +456,8 @@ class DBLayer
if (!is_null($default_value))
$query .= ' DEFAULT '.$default_value;
else if (!$allow_null)
$query .= ' DEFAULT \'\'';
$old_columns = array_keys($table['columns']);

123
include/dblayer/sqlite3.php
View file

@ -44,19 +44,25 @@ class DBLayer
@touch($db_name);
@chmod($db_name, 0666);
if (!file_exists($db_name))
error('Unable to create new database \''.$db_name.'\'. Permission denied', __FILE__, __LINE__);
error('Unable to create new SQLite3 database. Permission denied', __FILE__, __LINE__);
}
if (!is_readable($db_name))
error('Unable to open database \''.$db_name.'\' for reading. Permission denied', __FILE__, __LINE__);
error('Unable to open SQLite3 database for reading. Permission denied', __FILE__, __LINE__);
if (!forum_is_writable($db_name))
error('Unable to open database \''.$db_name.'\' for writing. Permission denied', __FILE__, __LINE__);
error('Unable to open SQLite3 database for writing. Permission denied', __FILE__, __LINE__);
@$this->link_id = new SQLite3($db_name, SQLITE3_OPEN_READWRITE);
if (!$this->link_id)
error('Unable to open database \''.$db_name.'\'.', __FILE__, __LINE__);
if (! $this->link_id instanceof SQLite3)
error('Unable to open SQLite3 database.', __FILE__, __LINE__);
if (defined('FORUM_SQLITE3_BUSY_TIMEOUT'))
$this->link_id->busyTimeout(FORUM_SQLITE3_BUSY_TIMEOUT);
if (defined('FORUM_SQLITE3_WAL_ON'))
$this->link_id->exec('PRAGMA journal_mode=WAL;');
}
function start_transaction()
@ -82,9 +88,6 @@ class DBLayer
function query($sql, $unbuffered = false)
{
if (strlen($sql) > 140000)
exit('Insane query. Aborting.');
$this->last_query = $sql;
if (defined('PUN_SHOW_QUERIES'))
@ -95,7 +98,7 @@ class DBLayer
if ($this->query_result)
{
if (defined('PUN_SHOW_QUERIES'))
$this->saved_queries[] = array($sql, sprintf('%.5f', microtime(true) - $q_start));
$this->saved_queries[] = array($sql, sprintf('%.5F', microtime(true) - $q_start));
++$this->num_queries;
@ -109,10 +112,12 @@ class DBLayer
$this->error_no = $this->link_id->lastErrorCode();
$this->error_msg = $this->link_id->lastErrorMsg();
if ($this->in_transaction)
$this->link_id->exec('ROLLBACK');
if ($this->in_transaction > 0)
{
--$this->in_transaction;
--$this->in_transaction;
$this->link_id->exec('ROLLBACK');
}
return false;
}
@ -242,11 +247,13 @@ class DBLayer
{
if ($this->link_id)
{
if ($this->in_transaction)
if ($this->in_transaction > 0)
{
if (defined('PUN_SHOW_QUERIES'))
$this->saved_queries[] = array('COMMIT', 0);
--$this->in_transaction;
$this->link_id->exec('COMMIT');
}
@ -297,13 +304,20 @@ class DBLayer
function field_exists($table_name, $field_name, $no_prefix = false)
{
$result = $this->query('SELECT sql FROM sqlite_master WHERE name = \''.($no_prefix ? '' : $this->prefix).$this->escape($table_name).'\' AND type=\'table\'');
$sql = $this->result($result);
$result = $this->query('PRAGMA table_info(\'' . ($no_prefix ? '' : $this->prefix) . $this->escape($table_name) . '\');');
if (is_null($sql) || $sql === false)
return false;
return (preg_match('%[\r\n]'.preg_quote($field_name).' %', $sql) === 1);
if ($result instanceof Sqlite3Result)
{
while ($row = $this->fetch_assoc($result))
{
if ($row['name'] == $field_name)
{
$this->free_result($result);
return true;
}
}
}
return false;
}
@ -448,6 +462,9 @@ class DBLayer
return;
// fix multiple fields in one line
$table['sql'] = str_replace(', ', ",\n", $table['sql']);
// Work out the columns in the table currently
$table_lines = explode("\n", $table['sql']);
$table['columns'] = array();
@ -473,77 +490,23 @@ class DBLayer
if ($this->field_exists($table_name, $field_name, $no_prefix))
return true;
$table = $this->get_table_info($table_name, $no_prefix);
// Create temp table
$now = time();
$tmptable = str_replace('CREATE TABLE '.($no_prefix ? '' : $this->prefix).$this->escape($table_name).' (', 'CREATE TABLE '.($no_prefix ? '' : $this->prefix).$this->escape($table_name).'_t'.$now.' (', $table['sql']);
$result = $this->query($tmptable) ? true : false;
$result &= $this->query('INSERT INTO '.($no_prefix ? '' : $this->prefix).$this->escape($table_name).'_t'.$now.' SELECT * FROM '.($no_prefix ? '' : $this->prefix).$this->escape($table_name)) ? true : false;
// Create new table sql
$field_type = preg_replace(array_keys($this->datatype_transformations), array_values($this->datatype_transformations), $field_type);
$query = $field_type;
$query = 'ALTER TABLE '.($no_prefix ? '' : $this->prefix).$this->escape($table_name).' ADD '.$field_name.' '.$field_type;
if (!$allow_null)
$query .= ' NOT NULL';
if (is_string($default_value))
$default_value = '\''.$this->escape($default_value).'\'';
if (!is_null($default_value))
$query .= ' DEFAULT '.$default_value;
else if (!$allow_null)
$query .= ' DEFAULT \'\'';
$old_columns = array_keys($table['columns']);
// Determine the proper offset
if (!is_null($after_field))
$offset = array_search($after_field, array_keys($table['columns']), true) + 1;
else
$offset = count($table['columns']);
// Out of bounds checks
if ($offset > count($table['columns']))
$offset = count($table['columns']);
else if ($offset < 0)
$offset = 0;
if (!is_null($field_name) && $field_name !== '')
$table['columns'] = array_merge(array_slice($table['columns'], 0, $offset), array($field_name => $query), array_slice($table['columns'], $offset));
$new_table = 'CREATE TABLE '.($no_prefix ? '' : $this->prefix).$this->escape($table_name).' (';
foreach ($table['columns'] as $cur_column => $column_details)
$new_table .= "\n".$cur_column.' '.$column_details.',';
if (isset($table['unique']))
$new_table .= "\n".$table['unique'].',';
if (isset($table['primary_key']))
$new_table .= "\n".$table['primary_key'].',';
$new_table = trim($new_table, ',')."\n".');';
// Drop old table
$result &= $this->drop_table($table_name, $no_prefix);
// Create new table
$result &= $this->query($new_table) ? true : false;
// Recreate indexes
if (!empty($table['indices']))
{
foreach ($table['indices'] as $cur_index)
$result &= $this->query($cur_index) ? true : false;
}
// Copy content back
$result &= $this->query('INSERT INTO '.($no_prefix ? '' : $this->prefix).$this->escape($table_name).' ('.implode(', ', $old_columns).') SELECT * FROM '.($no_prefix ? '' : $this->prefix).$this->escape($table_name).'_t'.$now) ? true : false;
// Drop temp table
$result &= $this->drop_table($table_name.'_t'.$now, $no_prefix);
return $result;
$this->query($query) or error(__FILE__, __LINE__);
return true;
}

14
include/email.php
View file

@ -31,7 +31,7 @@ function is_valid_email($email)
//
// Check if $email is banned
//
function is_banned_email($email)
function is_banned_email($email, $id = false)
{
global $pun_bans;
@ -39,18 +39,20 @@ function is_banned_email($email)
{
if (empty($cur_ban['email'])) {
continue;
} elseif (false !== $id && $cur_ban['id'] == $id) {
continue;
}
if (false === strpos($cur_ban['email'], '@')) {
$len = strlen($cur_ban['email']);
if ($cur_ban['email'][0] == '.') {
if (substr($email, -$len) == $cur_ban['email']) {
return true;
return false === $id ? true : $cur_ban['email'];
}
} else {
$tmp = substr($email, -1-$len);
if ($tmp == '.'.$cur_ban['email'] || $tmp == '@'.$cur_ban['email']) {
return true;
return false === $id ? true : $cur_ban['email'];
}
}
} else if ($email == $cur_ban['email']) {
@ -296,11 +298,11 @@ function server_parse($socket, $expected_response)
while (substr($server_response, 3, 1) != ' ')
{
if (!($server_response = fgets($socket, 256)))
error('Couldn\'t get mail server response codes. Please contact the forum administrator.', __FILE__, __LINE__);
error('Couldn\'t get mail server response codes. Please contact the forum administrator.');
}
if (!(substr($server_response, 0, 3) == $expected_response))
error('Unable to send email. Please contact the forum administrator with the following error message reported by the SMTP server: "'.$server_response.'"', __FILE__, __LINE__);
error('Unable to send email. Please contact the forum administrator with the following error message reported by the SMTP server: "'.$server_response.'"');
}
@ -332,7 +334,7 @@ function smtp_mail($to, $subject, $message, $headers = '')
$smtp_host = 'ssl://'.$smtp_host;
if (!($socket = fsockopen($smtp_host, $smtp_port, $errno, $errstr, 15)))
error('Could not connect to smtp host "'.$pun_config['o_smtp_host'].'" ('.$errno.') ('.$errstr.')', __FILE__, __LINE__);
error('Could not connect to smtp host "'.$pun_config['o_smtp_host'].'" ('.$errno.') ('.$errstr.')');
server_parse($socket, '220');

236
include/functions.php
View file

@ -168,7 +168,7 @@ function authenticate_user($user, $password, $password_is_hash = false)
$pun_user = $db->fetch_assoc($result);
$is_password_authorized = hash_equals($password, $pun_user['password']);
$is_hash_authorized = hash_equals(pun_hash($password), $pun_user['password']);
$is_hash_authorized = forum_password_verify($password, $pun_user);
if (!isset($pun_user['id']) ||
($password_is_hash && !$is_password_authorized ||
@ -283,11 +283,11 @@ function set_default_user()
// Кто в этой теме - , o.witt_data - Visman
// Fetch guest user
$result = $db->query('SELECT u.*, g.*, o.logged, o.last_post, o.last_search, o.witt_data FROM '.$db->prefix.'users AS u INNER JOIN '.$db->prefix.'groups AS g ON u.group_id=g.g_id LEFT JOIN '.$db->prefix.'online AS o ON o.ident=\''.$db->escape($remote_addr).'\' WHERE u.id=1') or error('Unable to fetch guest information', __FILE__, __LINE__, $db->error());
if (!$db->num_rows($result))
exit('Unable to fetch guest information. Your database must contain both a guest user and a guest user group.');
$pun_user = $db->fetch_assoc($result);
if (!$pun_user)
exit('Unable to fetch guest information. Your database must contain both a guest user and a guest user group.');
// Update online list
if (!$pun_user['logged'])
{
@ -305,7 +305,7 @@ function set_default_user()
witt_query('REPLACE INTO '.$db->prefix.'online (user_id, ident, logged:?comma?::?column?:) VALUES(1, \''.$db->escape($remote_addr).'\', '.$pun_user['logged'].':?comma?::?value?:)'); // MOD Кто в этой теме - Visman
break;
default:
default:
witt_query('INSERT INTO '.$db->prefix.'online (user_id, ident, logged:?comma?::?column?:) SELECT 1, \''.$db->escape($remote_addr).'\', '.$pun_user['logged'].':?comma?::?value?: WHERE NOT EXISTS (SELECT 1 FROM '.$db->prefix.'online WHERE ident=\''.$db->escape($remote_addr).'\')'); // MOD Кто в этой теме - Visman
break;
}
@ -361,15 +361,30 @@ function pun_setcookie($user_id, $password_hash, $expire)
//
function forum_setcookie($name, $value, $expire)
{
global $cookie_path, $cookie_domain, $cookie_secure, $pun_config;
global $cookie_path, $cookie_domain, $cookie_secure, $pun_config, $cookie_samesite;
if ($expire - time() - $pun_config['o_timeout_visit'] < 1)
$expire = 0;
if (empty($cookie_samesite))
$cookie_samesite = 'Lax';
else if ($cookie_samesite !== 'Strict' && $cookie_samesite !== 'Lax' && $cookie_samesite !== 'None')
$cookie_samesite = 'Lax';
// Enable sending of a P3P header
header('P3P: CP="CUR ADM"');
setcookie($name, $value, $expire, $cookie_path, $cookie_domain, $cookie_secure, true);
if (PHP_VERSION_ID < 70300)
setcookie($name, $value, $expire, $cookie_path.'; SameSite='.$cookie_samesite, $cookie_domain, $cookie_secure, true);
else
setcookie($name, $value, [
'expires' => $expire,
'path' => $cookie_path,
'domain' => $cookie_domain,
'secure' => $cookie_secure,
'httponly' => true,
'samesite' => $cookie_samesite,
]);
}
@ -481,11 +496,11 @@ function check_username($username, $exclude_id = null)
$query = (!is_null($exclude_id)) ? ' AND id!='.$exclude_id : '';
$result = $db->query('SELECT username FROM '.$db->prefix.'users WHERE (UPPER(username)=UPPER(\''.$db->escape($username).'\') OR UPPER(username)=UPPER(\''.$db->escape(preg_replace('%[^\p{L}\p{N}]%u', '', $username)).'\')) AND id>1'.$query) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());
$busy = $db->fetch_row($result);
if ($db->num_rows($result))
if (is_array($busy))
{
$busy = $db->result($result);
$errors[] = $lang_register['Username dupe 1'].' '.pun_htmlspecialchars($busy).'. '.$lang_register['Username dupe 2'];
$errors[] = $lang_register['Username dupe 1'].' '.pun_htmlspecialchars($busy[0]).'. '.$lang_register['Username dupe 2'];
}
// Check username for any banned usernames
@ -740,9 +755,11 @@ function update_forum($forum_id)
$num_posts = $num_posts + $num_topics; // $num_posts is only the sum of all replies (we have to add the topic posts)
$result = $db->query('SELECT last_post, last_post_id, last_poster, subject FROM '.$db->prefix.'topics WHERE forum_id='.$forum_id.' AND moved_to IS NULL ORDER BY last_post DESC LIMIT 1') or error('Unable to fetch last_post/last_post_id/last_poster', __FILE__, __LINE__, $db->error()); // last topic on index - Visman
if ($db->num_rows($result)) // There are topics in the forum
$post_info = $db->fetch_row($result);
if (is_array($post_info)) // There are topics in the forum
{
list($last_post, $last_post_id, $last_poster, $last_topic) = $db->fetch_row($result);
list($last_post, $last_post_id, $last_poster, $last_topic) = $post_info;
$db->query('UPDATE '.$db->prefix.'forums SET num_topics='.$num_topics.', num_posts='.$num_posts.', last_post='.$last_post.', last_post_id='.$last_post_id.', last_poster=\''.$db->escape($last_poster).'\', last_topic=\''.$db->escape($last_topic).'\' WHERE id='.$forum_id) or error('Unable to update last_post/last_post_id/last_poster', __FILE__, __LINE__, $db->error()); // last topic on index - Visman
}
@ -906,7 +923,7 @@ function censor_words($text)
//
function get_title($user)
{
global $pun_bans, $lang_common;
global $pun_bans, $lang_common, $pun_config;
static $ban_list;
// If not already built in a previous call, build an array of lowercase banned usernames
@ -923,7 +940,7 @@ function get_title($user)
$user_title = $lang_common['Banned'];
// If the user has a custom title
else if ($user['title'] != '')
$user_title = pun_htmlspecialchars($user['title']);
$user_title = pun_htmlspecialchars($pun_config['o_censoring'] == '1' ? censor_words($user['title']) : $user['title']);
// If the user group has a default user title
else if ($user['g_user_title'] != '')
$user_title = pun_htmlspecialchars($user['g_user_title']);
@ -1009,7 +1026,7 @@ function message($message, $no_back_link = false, $http_status = null)
witt_query(); // MOD Кто в этой теме - Visman
// Did we receive a custom header?
if(!is_null($http_status)) {
if (!is_null($http_status)) {
header('HTTP/1.1 ' . $http_status);
}
@ -1040,28 +1057,31 @@ function message($message, $no_back_link = false, $http_status = null)
//
// Format a time string according to $time_format and time zones
//
function format_time($timestamp, $date_only = false, $date_format = null, $time_format = null, $time_only = false, $no_text = false)
function format_time($timestamp, $date_only = false, $date_format = null, $time_format = null, $time_only = false, $no_text = false, $user = null)
{
global $lang_common, $pun_user, $forum_date_formats, $forum_time_formats;
if ($timestamp == '')
return $lang_common['Never'];
$diff = ($pun_user['timezone'] + $pun_user['dst']) * 3600;
if (is_null($user))
$user = $pun_user;
$diff = ($user['timezone'] + $user['dst']) * 3600;
$timestamp += $diff;
$now = time();
if(is_null($date_format))
$date_format = $forum_date_formats[$pun_user['date_format']];
if (is_null($date_format))
$date_format = $forum_date_formats[$user['date_format']];
if(is_null($time_format))
$time_format = $forum_time_formats[$pun_user['time_format']];
if (is_null($time_format))
$time_format = $forum_time_formats[$user['time_format']];
$date = gmdate($date_format, $timestamp);
$today = gmdate($date_format, $now+$diff);
$yesterday = gmdate($date_format, $now+$diff-86400);
if(!$no_text)
if (!$no_text)
{
if ($date == $today)
$date = $lang_common['Today'];
@ -1094,10 +1114,22 @@ function forum_number_format($number, $decimals = 0)
//
function random_key($len, $readable = false, $hash = false)
{
if (!function_exists('secure_random_bytes'))
include PUN_ROOT.'include/srand.php';
$key = secure_random_bytes($len);
$key = '';
if (function_exists('random_bytes')) {
$key .= (string) random_bytes($len);
}
if (strlen($key) < $len && function_exists('mcrypt_create_iv')) {
$key .= (string) mcrypt_create_iv($len, MCRYPT_DEV_URANDOM);
}
if (strlen($key) < $len && function_exists('openssl_random_pseudo_bytes')) {
$tmp = (string) openssl_random_pseudo_bytes($len, $strong);
if ($strong) {
$key .= $tmp;
}
}
if (strlen($key) < $len) {
exit('Could not gather sufficient random data');
}
if ($hash)
return substr(bin2hex($key), 0, $len);
@ -1362,14 +1394,11 @@ function maintenance_message()
{
global $db, $pun_config, $lang_common, $pun_user;
// Send no-cache headers
header('Expires: Thu, 21 Jul 1977 07:30:00 GMT'); // When yours truly first set eyes on this world! :)
header('Last-Modified: '.gmdate('D, d M Y H:i:s').' GMT');
header('Cache-Control: post-check=0, pre-check=0', false);
header('Pragma: no-cache'); // For HTTP/1.0 compatibility
header('HTTP/1.1 503 Service Unavailable');
// Send no-cache headers
// Send the Content-type header in case the web server is setup to send something else
header('Content-type: text/html; charset=utf-8');
forum_http_headers();
// Deal with newlines, tabs and multiple spaces
$pattern = array("\t", ' ', ' ');
@ -1493,13 +1522,8 @@ function redirect($destination_url, $message)
}
// Send no-cache headers
header('Expires: Thu, 21 Jul 1977 07:30:00 GMT'); // When yours truly first set eyes on this world! :)
header('Last-Modified: '.gmdate('D, d M Y H:i:s').' GMT');
header('Cache-Control: post-check=0, pre-check=0', false);
header('Pragma: no-cache'); // For HTTP/1.0 compatibility
// Send the Content-type header in case the web server is setup to send something else
header('Content-type: text/html; charset=utf-8');
forum_http_headers();
if (file_exists(PUN_ROOT.'style/'.$pun_user['style'].'/redirect.tpl'))
{
@ -1638,14 +1662,11 @@ function error($message, $file = null, $line = null, $db_error = false)
if ($pun_config['o_gzip'] && extension_loaded('zlib'))
ob_start('ob_gzhandler');
// Send no-cache headers
header('Expires: Thu, 21 Jul 1977 07:30:00 GMT'); // When yours truly first set eyes on this world! :)
header('Last-Modified: '.gmdate('D, d M Y H:i:s').' GMT');
header('Cache-Control: post-check=0, pre-check=0', false);
header('Pragma: no-cache'); // For HTTP/1.0 compatibility
header('HTTP/1.1 500 Internal Server Error');
// Send no-cache headers
// Send the Content-type header in case the web server is setup to send something else
header('Content-type: text/html; charset=utf-8');
forum_http_headers();
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
@ -1685,7 +1706,7 @@ H2 {MARGIN: 0; COLOR: #FFFFFF; BACKGROUND-COLOR: #B84623; FONT-SIZE: 1.1em; PADD
}
}
else
echo "\t\t".'Error: <strong>'.$message.'.</strong>'."\n";
echo "\t\t".'Error: <strong>'.pun_htmlspecialchars($message).'.</strong>'."\n";
?>
</div>
@ -1703,35 +1724,6 @@ H2 {MARGIN: 0; COLOR: #FFFFFF; BACKGROUND-COLOR: #B84623; FONT-SIZE: 1.1em; PADD
}
//
// Unset any variables instantiated as a result of register_globals being enabled
//
function forum_unregister_globals()
{
$register_globals = ini_get('register_globals');
if ($register_globals === '' || $register_globals === '0' || strtolower($register_globals) === 'off')
return;
// Prevent script.php?GLOBALS[foo]=bar
if (isset($_REQUEST['GLOBALS']) || isset($_FILES['GLOBALS']))
exit('I\'ll have a steak sandwich and... a steak sandwich.');
// Variables that shouldn't be unset
$no_unset = array('GLOBALS', '_GET', '_POST', '_COOKIE', '_REQUEST', '_SERVER', '_ENV', '_FILES');
// Remove elements in $GLOBALS that are present in any of the superglobals
$input = array_merge($_GET, $_POST, $_COOKIE, $_SERVER, $_ENV, $_FILES, isset($_SESSION) && is_array($_SESSION) ? $_SESSION : array());
foreach ($input as $k => $v)
{
if (!in_array($k, $no_unset) && isset($GLOBALS[$k]))
{
unset($GLOBALS[$k]);
unset($GLOBALS[$k]); // Double unset to circumvent the zend_hash_del_key_or_index hole in PHP <4.4.3 and <5.1.4
}
}
}
//
// Removes any "bad" characters (characters which mess with the display of a page, are invisible, etc) from user input
//
@ -1836,7 +1828,7 @@ function forum_list_styles()
$d = dir(PUN_ROOT.'style');
while (($entry = $d->read()) !== false)
{
if ($entry{0} == '.')
if ($entry[0] == '.')
continue;
if (substr($entry, -4) == '.css')
@ -1860,7 +1852,7 @@ function forum_list_langs()
$d = dir(PUN_ROOT.'lang');
while (($entry = $d->read()) !== false)
{
if ($entry{0} == '.')
if ($entry[0] == '.')
continue;
if (is_dir(PUN_ROOT.'lang/'.$entry) && file_exists(PUN_ROOT.'lang/'.$entry.'/common.php'))
@ -2064,7 +2056,7 @@ function url_valid($url)
return FALSE; // Unrecognised URI scheme. Default to FALSE.
}
// Validate host name conforms to DNS "dot-separated-parts".
if ($m{'regname'}) // If host regname specified, check for DNS conformance.
if ($m['regname']) // If host regname specified, check for DNS conformance.
{
if (!preg_match('/# HTTP DNS host name.
^ # Anchor to beginning of string.
@ -2088,35 +2080,6 @@ function url_valid($url)
return $m; // return TRUE == array of useful named $matches plus the valid $url.
}
//
// Replace four-byte characters with a question mark
//
// As MySQL cannot properly handle four-byte characters with the default utf-8
// charset up until version 5.5.3 (where a special charset has to be used), they
// need to be replaced, by question marks in this case.
//
function strip_bad_multibyte_chars($str)
{
$result = '';
$length = strlen($str);
for ($i = 0; $i < $length; $i++)
{
// Replace four-byte characters (11110www 10zzzzzz 10yyyyyy 10xxxxxx)
$ord = ord($str[$i]);
if ($ord >= 240 && $ord <= 244)
{
$result .= '?';
$i += 3;
}
else
{
$result .= $str[$i];
}
}
return $result;
}
//
// Check whether a file/folder is writable.
@ -2291,3 +2254,64 @@ function sf_crumbs($id)
return $str;
}
//
// Checks the password on the user's data array
//
function forum_password_verify($password, $user)
{
global $salt1;
if (empty($user['password']) || ! is_string($user['password']) || ! is_string($password))
{
return false;
}
// v 1.5.10.79 or later
if (password_verify($password, $user['password']))
{
return 1;
}
// If there is a salt in the database we have upgraded from 1.3-legacy though haven't yet logged in
else if (!empty($user['salt']))
{
if (hash_equals(sha1($user['salt'].sha1($password)), $user['password']))
{
return 3;
}
}
// If the length isn't 40 then the password isn't using sha1, so it must be md5 from 1.2
else if (strlen($user['password']) === 32)
{
if (hash_equals(md5($password . $salt1), $user['password']))
{
return 2;
}
}
// Otherwise we should have a normal sha1 password (v 1.5.10.78 and less)
else if (strlen($user['password']) === 40)
{
if (hash_equals(pun_hash($password), $user['password']))
{
return 2;
}
}
return false;
}
//
// Sets common http headers
//
function forum_http_headers($type = 'text/html')
{
$now = gmdate('D, d M Y H:i:s') . ' GMT';
header('Content-type: ' . $type . '; charset=utf-8');
header('Cache-Control: no-cache, no-store, must-revalidate');
header('Date: ' . $now);
header('Last-Modified: ' . $now);
header('Expires: ' . $now);
}

1067
include/parser.php
View file

File diff suppressed because it is too large Load diff

16
include/pms_new/mdl/blocked.php
View file

@ -1,7 +1,7 @@
<?php
/**
* Copyright (C) 2010-2015 Visman (mio.visman@yandex.ru)
* Copyright (C) 2010-2018 Visman (mio.visman@yandex.ru)
* Copyright (C) 2008-2010 FluxBB
* based on code by Rickard Andersson copyright (C) 2002-2008 PunBB
* License: http://www.gnu.org/licenses/gpl.html GPL version 2 or higher
@ -43,7 +43,7 @@ $paging_links = '<span class="pages-label">'.$lang_common['Pages'].' </span>'.pa
$pmsn_f_savedel = '<input type="submit" name="delete" value="'.$lang_pmsn['Delete'].'" />';
?>
<script language="JavaScript" type="text/JavaScript">
<script type="text/javascript">
/* <![CDATA[ */
function ChekUncheck()
{
@ -65,10 +65,10 @@ function ChekUncheck()
<div class="pagepost">
<p class="pagelink conl"><?php echo $paging_links ?></p>
</div>
<form method="post" action="pmsnew.php?mdl=blockedq" name="usernumb">
<input type="hidden" name="csrf_hash" value="<?php echo $pmsn_csrf_hash; ?>" />
<input type="hidden" name="p" value="<?php echo $p; ?>" />
<form method="post" action="pmsnew.php?mdl=blockedq">
<div id="users1" class="blocktable">
<input type="hidden" name="csrf_hash" value="<?php echo $pmsn_csrf_hash; ?>" />
<input type="hidden" name="p" value="<?php echo $p; ?>" />
<div class="box">
<div class="inbox">
<table>
@ -84,10 +84,11 @@ function ChekUncheck()
<?php
$result = $db->query('SELECT b.bl_user_id, u.username, u.id, u.title, u.registered, u.num_posts, g.g_id, g.g_user_title FROM '.$db->prefix.'pms_new_block AS b LEFT JOIN '.$db->prefix.'users AS u ON b.bl_user_id=u.id LEFT JOIN '.$db->prefix.'groups AS g ON g.g_id=u.group_id WHERE b.bl_id='.$pun_user['id'].' ORDER BY u.username LIMIT '.$start_from.','.$pun_user['disp_topics']) or error('Unable to fetch pms_new_block and users', __FILE__, __LINE__, $db->error());
$user_data = $db->fetch_assoc($result);
if ($db->num_rows($result))
if (is_array($user_data))
{
while ($user_data = $db->fetch_assoc($result))
do
{
if (!$user_data['id'])
{
@ -115,6 +116,7 @@ if ($db->num_rows($result))
<?php
}
while ($user_data = $db->fetch_assoc($result));
}
else
{

15
include/pms_new/mdl/blocking.php
View file

@ -1,7 +1,7 @@
<?php
/**
* Copyright (C) 2010-2015 Visman (mio.visman@yandex.ru)
* Copyright (C) 2010-2018 Visman (mio.visman@yandex.ru)
* Copyright (C) 2008-2010 FluxBB
* based on code by Rickard Andersson copyright (C) 2002-2008 PunBB
* License: http://www.gnu.org/licenses/gpl.html GPL version 2 or higher
@ -31,7 +31,7 @@ else if ($cur_user['group_id'] == PUN_ADMIN)
message($lang_pmsn['No block admin']);
$result = $db->query('SELECT bl_id FROM '.$db->prefix.'pms_new_block WHERE bl_id='.$pun_user['id'].' AND bl_user_id='.$uid) or error('Unable to fetch block information', __FILE__, __LINE__, $db->error());
if (!$db->num_rows($result))
if (!$db->result($result))
{
$mh2 = $lang_pmsn['InfoBlocking'].' '.pun_htmlspecialchars($cur_user['username']);
$mhm = $lang_pmsn['InfoBlockingm'];
@ -58,14 +58,13 @@ if (isset($_POST['action2']))
if (isset($_POST['delete_dlg'])) // удаление диалогов
{
$result = $db->query('SELECT id FROM '.$db->prefix.'pms_new_topics WHERE (starter_id = '.$pun_user['id'].' AND topic_st < 2 AND to_id='.$uid.') OR (to_id = '.$pun_user['id'].' AND topic_to < 2 AND starter_id='.$uid.')') or error('Unable to fetch pms topics IDs', __FILE__, __LINE__, $db->error());
if ($db->num_rows($result))
{
$ts = array();
for ($i = 0;$ctid = $db->result($result, $i);$i++)
$ts[] = $ctid;
$ts = array();
while ($ctid = $db->fetch_row($result))
$ts[] = $ctid[0];
if (!empty($ts))
pmsn_user_delete($pun_user['id'], 2, $ts);
}
}
}
else

14
include/pms_new/mdl/del.php
View file

@ -1,7 +1,7 @@
<?php
/**
* Copyright (C) 2010-2015 Visman (mio.visman@yandex.ru)
* Copyright (C) 2010-2018 Visman (mio.visman@yandex.ru)
* Copyright (C) 2008-2010 FluxBB
* based on code by Rickard Andersson copyright (C) 2002-2008 PunBB
* License: http://www.gnu.org/licenses/gpl.html GPL version 2 or higher
@ -22,11 +22,11 @@ if ($pid)
else
$result = $db->query('SELECT id AS tid, topic, starter_id, to_id, replies FROM '.$db->prefix.'pms_new_topics WHERE id='.$tid) or error('Unable to fetch pms_new_topics info', __FILE__, __LINE__, $db->error());
if (!$db->num_rows($result))
message($lang_common['Bad request'], false, '404 Not Found');
$cur_post = $db->fetch_assoc($result);
if (!$cur_post)
message($lang_common['Bad request'], false, '404 Not Found');
if (!in_array($cur_post['tid'], $pmsn_arr_list) && !in_array($cur_post['tid'], $pmsn_arr_save))
message($lang_common['Bad request'], false, '404 Not Found');
@ -59,7 +59,7 @@ if (isset($_POST['action2']))
if ($pun_user['id'] == $cur_post['starter_id'] && $cur_post['topic_to'] == 1)
{
$result = $db->query('SELECT id FROM '.$db->prefix.'pms_new_posts WHERE poster_id='.$pun_user['id'].' AND topic_id='.$cur_post['tid'].' AND post_new=1') or error('Unable to fetch post count', __FILE__, __LINE__, $db->error());
if (!$db->num_rows($result))
if (!$db->result($result))
{
$mquery[] = 'topic_to=0';
$muser = $cur_post['to_id'];
@ -68,7 +68,7 @@ if (isset($_POST['action2']))
else if ($pun_user['id'] == $cur_post['to_id'] && $cur_post['topic_st'] == 1)
{
$result = $db->query('SELECT id FROM '.$db->prefix.'pms_new_posts WHERE poster_id='.$pun_user['id'].' AND topic_id='.$cur_post['tid'].' AND post_new=1') or error('Unable to fetch post count', __FILE__, __LINE__, $db->error());
if (!$db->num_rows($result))
if (!$db->result($result))
{
$mquery[] = 'topic_st=0';
$muser = $cur_post['starter_id'];
@ -85,7 +85,7 @@ if (isset($_POST['action2']))
else
{
pmsn_user_delete($pun_user['id'], 2, array($cur_post['tid']));
if (in_array($cur_post['tid'], $pmsn_arr_new))
redirect('pmsnew.php?mdl=new'.$sidamp, $lang_pmsn['DelTop redirect']);
else if (in_array($cur_post['tid'], $pmsn_arr_save))

21
include/pms_new/mdl/edit.php
View file

@ -1,7 +1,7 @@
<?php
/**
* Copyright (C) 2010-2015 Visman (mio.visman@yandex.ru)
* Copyright (C) 2010-2018 Visman (mio.visman@yandex.ru)
* Copyright (C) 2008-2010 FluxBB
* based on code by Rickard Andersson copyright (C) 2002-2008 PunBB
* License: http://www.gnu.org/licenses/gpl.html GPL version 2 or higher
@ -17,17 +17,17 @@ if ($pid < 1)
message($lang_common['Bad request'], false, '404 Not Found');
$result = $db->query('SELECT t.id AS tid, t.topic, t.starter, t.starter_id, t.to_user, t.to_id, t.see_to, t.topic_st, t.topic_to, p.poster, p.poster_id, p.message, p.hide_smilies, p.post_new FROM '.$db->prefix.'pms_new_posts AS p INNER JOIN '.$db->prefix.'pms_new_topics AS t ON t.id=p.topic_id WHERE p.id='.$pid) or error('Unable to fetch pms_new_posts info', __FILE__, __LINE__, $db->error());
if (!$db->num_rows($result))
message($lang_common['Bad request'], false, '404 Not Found');
$cur_post = $db->fetch_assoc($result);
if (!$cur_post)
message($lang_common['Bad request'], false, '404 Not Found');
if ($cur_post['poster_id'] != $pun_user['id'])
message($lang_common['No permission'], false, '403 Forbidden');
if ($cur_post['post_new'] != 1)
message($lang_pmsn['No edit post']);
if (in_array($cur_post['tid'], $pmsn_arr_new))
$mmodul = 'new';
else if (in_array($cur_post['tid'], $pmsn_arr_list))
@ -78,8 +78,9 @@ if (isset($_POST['csrf_hash']))
// Validate BBCode syntax
if ($pun_config['p_message_bbcode'] == '1')
{
require PUN_ROOT.'include/parser.php';
$message = preparse_bbcode($message, $errors);
$parser = new FbV\Parser($pun_config, $pun_user, $lang_common);
$message = $parser->prepare($message);
$errors = $parser->getErrors($lang_common['errors'], $errors);
}
if ($message == '')
@ -154,8 +155,10 @@ if (!empty($errors))
}
else if (isset($_POST['preview']))
{
require_once PUN_ROOT.'include/parser.php';
$preview_message = parse_message($message, $hide_smilies);
if (! isset($parser)) {
$parser = new FbV\Parser($pun_config, $pun_user, $lang_common);
}
$preview_message = $parser->parseMessage($message, (bool) $hide_smilies);
?>
<div class="block">

16
include/pms_new/mdl/list.php
View file

@ -1,7 +1,7 @@
<?php
/**
* Copyright (C) 2010-2015 Visman (mio.visman@yandex.ru)
* Copyright (C) 2010-2018 Visman (mio.visman@yandex.ru)
* Copyright (C) 2008-2010 FluxBB
* based on code by Rickard Andersson copyright (C) 2002-2008 PunBB
* License: http://www.gnu.org/licenses/gpl.html GPL version 2 or higher
@ -68,7 +68,7 @@ else
$pmsn_f_savedel .= '<input type="submit" name="delete" value="'.$lang_pmsn['Delete'].'" />';
?>
<script language="JavaScript" type="text/JavaScript">
<script type="text/javascript">
/* <![CDATA[ */
function ChekUncheck()
{
@ -91,10 +91,10 @@ function ChekUncheck()
<p class="pagelink conl"><?php echo $paging_links ?></p>
<p class="postlink actions conr"><?php echo $pmsn_f_cnt ?></p>
</div>
<form method="post" action="pmsnew.php?mdl=listq<?php echo $sidamp ?>" name="posttopic">
<input type="hidden" name="csrf_hash" value="<?php echo $pmsn_csrf_hash ?>" />
<input type="hidden" name="p" value="<?php echo $p ?>" />
<form method="post" action="pmsnew.php?mdl=listq<?php echo $sidamp ?>">
<div id="vf" class="blocktable">
<input type="hidden" name="csrf_hash" value="<?php echo $pmsn_csrf_hash ?>" />
<input type="hidden" name="p" value="<?php echo $p ?>" />
<div class="box">
<div class="inbox">
<table>
@ -115,11 +115,12 @@ function ChekUncheck()
LEFT JOIN '.$db->prefix.'users AS s ON (s.id = t.starter_id)
LEFT JOIN '.$db->prefix.'users AS u ON (u.id = t.to_id)
WHERE t.id IN ('.implode(',', $viewt).') ORDER BY t.last_posted DESC') or error('Unable to fetch pms topics IDs', __FILE__, __LINE__, $db->error());
$cur_topic = $db->fetch_assoc($result);
if ($db->num_rows($result))
if (is_array($cur_topic))
{
$topic_count = 0;
while ($cur_topic = $db->fetch_assoc($result))
do
{
++$topic_count;
$status_text = array();
@ -195,6 +196,7 @@ function ChekUncheck()
</tr>
<?php
}
while ($cur_topic = $db->fetch_assoc($result));
}
else
{

18
include/pms_new/mdl/new.php
View file

@ -1,7 +1,7 @@
<?php
/**
* Copyright (C) 2010-2015 Visman (mio.visman@yandex.ru)
* Copyright (C) 2010-2018 Visman (mio.visman@yandex.ru)
* Copyright (C) 2008-2010 FluxBB
* based on code by Rickard Andersson copyright (C) 2002-2008 PunBB
* License: http://www.gnu.org/licenses/gpl.html GPL version 2 or higher
@ -68,7 +68,7 @@ else
$pmsn_f_savedel .= '<input type="submit" name="delete" value="'.$lang_pmsn['Delete'].'" />';
?>
<script language="JavaScript" type="text/JavaScript">
<script type="text/javascript">
/* <![CDATA[ */
function ChekUncheck()
{
@ -91,10 +91,10 @@ function ChekUncheck()
<p class="pagelink conl"><?php echo $paging_links ?></p>
<p class="postlink actions conr"><?php echo $pmsn_f_cnt ?></p>
</div>
<form method="post" action="pmsnew.php?mdl=newq<?php echo $sidamp ?>" name="posttopic">
<input type="hidden" name="csrf_hash" value="<?php echo $pmsn_csrf_hash ?>" />
<input type="hidden" name="p" value="<?php echo $p ?>" />
<form method="post" action="pmsnew.php?mdl=newq<?php echo $sidamp ?>">
<div id="vf" class="blocktable">
<input type="hidden" name="csrf_hash" value="<?php echo $pmsn_csrf_hash ?>" />
<input type="hidden" name="p" value="<?php echo $p ?>" />
<div class="box">
<div class="inbox">
<table>
@ -115,11 +115,12 @@ function ChekUncheck()
LEFT JOIN '.$db->prefix.'users AS s ON (s.id = t.starter_id)
LEFT JOIN '.$db->prefix.'users AS u ON (u.id = t.to_id)
WHERE t.id IN ('.implode(',', $viewt).') ORDER BY t.last_posted DESC') or error('Unable to fetch pms topics IDs', __FILE__, __LINE__, $db->error());
$cur_topic = $db->fetch_assoc($result);
if ($db->num_rows($result))
if (is_array($cur_topic))
{
$topic_count = 0;
while ($cur_topic = $db->fetch_assoc($result))
do
{
++$topic_count;
$status_text = array();
@ -166,7 +167,7 @@ function ChekUncheck()
$subject .= !empty($subject_new_posts) ? ' '.$subject_new_posts : '';
$subject .= !empty($subject_multipage) ? ' '.$subject_multipage : '';
}
if ($pun_user['g_view_users'] != '1' || !$cur_topic['starter_gid'] || $cur_topic['starter_gid'] == PUN_GUEST)
$user_st = pun_htmlspecialchars($cur_topic['starter']);
else
@ -195,6 +196,7 @@ function ChekUncheck()
</tr>
<?php
}
while ($cur_topic = $db->fetch_assoc($result));
}
else
{

46
include/pms_new/mdl/post.php
View file

@ -1,7 +1,7 @@
<?php
/**
* Copyright (C) 2010-2015 Visman (mio.visman@yandex.ru)
* Copyright (C) 2010-2018 Visman (mio.visman@yandex.ru)
* Copyright (C) 2008-2010 FluxBB
* based on code by Rickard Andersson copyright (C) 2002-2008 PunBB
* License: http://www.gnu.org/licenses/gpl.html GPL version 2 or higher
@ -15,7 +15,7 @@ define('PUN_PMS_LOADED', 1);
$tid = isset($_GET['tid']) ? intval($_GET['tid']) : 0;
if ($tid < 0)
message($lang_common['Bad request'], false, '404 Not Found');
// Проверка на минимум сообщений
if ($pun_user['g_id'] != PUN_ADMIN && $pun_config['o_pms_min_kolvo'] > $pun_user['num_posts'])
message(sprintf($lang_pmsn['Min post'], $pun_config['o_pms_min_kolvo']));
@ -29,12 +29,11 @@ if ($tid > 0)
else
{
$result = $db->query('SELECT * FROM '.$db->prefix.'pms_new_topics WHERE id='.$tid) or error('Unable to fetch pmsn topic info', __FILE__, __LINE__, $db->error());
if (!$db->num_rows($result))
message($lang_common['Bad request'], false, '404 Not Found');
$cur_topic = $db->fetch_assoc($result);
if (!$cur_topic)
message($lang_common['Bad request'], false, '404 Not Found');
if ($pun_config['o_censoring'] == '1')
$cur_topic['topic'] = censor_words($cur_topic['topic']);
@ -70,7 +69,7 @@ else
{
if ($pun_user['g_pm_limit'] != 0 && $pmsn_kol_list >= $pun_user['g_pm_limit'] && $pmsn_kol_save >= $pun_user['g_pm_limit'] )
message($lang_pmsn['Full folders']);
if ($pun_user['g_pm_limit'] == 0 || $pmsn_kol_list < $pun_user['g_pm_limit'])
$mbutsubmit = 1;
@ -112,7 +111,7 @@ if (!isset($_POST['req_addressee']) && (isset($_GET['uid']) || $sid))
message($lang_pmsn['Addr block you']);
$addressee = $cur_user['username'];
$to_user['id'] = $cur_user['id'];
$to_user['username'] = $cur_user['username'];
@ -147,7 +146,7 @@ if (isset($_POST['csrf_hash']))
$errors[] = $lang_post['Too long subject'];
else if ($pun_config['p_subject_all_caps'] == '0' && is_all_uppercase($subject) && !$pun_user['is_admmod'])
$errors[] = $lang_post['All caps subject'];
$result = $db->query('SELECT u.*, g.* FROM '.$db->prefix.'users AS u INNER JOIN '.$db->prefix.'groups AS g ON u.group_id=g.g_id WHERE u.username=\''.$db->escape($addressee).'\'') or error('Unable to fetch user information', __FILE__, __LINE__, $db->error());
$cur_addressee = $db->fetch_assoc($result);
@ -217,8 +216,9 @@ if (isset($_POST['csrf_hash']))
// Validate BBCode syntax
if ($pun_config['p_message_bbcode'] == '1')
{
require PUN_ROOT.'include/parser.php';
$message = preparse_bbcode($message, $errors);
$parser = new FbV\Parser($pun_config, $pun_user, $lang_common);
$message = $parser->prepare($message);
$errors = $parser->getErrors($lang_common['errors'], $errors);
}
if ($message == '')
@ -230,7 +230,7 @@ if (isset($_POST['csrf_hash']))
if (empty($errors) && !isset($_POST['preview']))
{
$flag2 = 0;
if ($tid) // new post
{
// создаем новое сообщение
@ -285,7 +285,7 @@ if (isset($_POST['csrf_hash']))
// создаем новую тему
$db->query('INSERT INTO '.$db->prefix.'pms_new_topics (topic, starter, starter_id, to_user, to_id, replies, last_posted, last_poster, see_st, see_to, topic_st, topic_to) VALUES(\''.$db->escape($subject).'\', \''.$db->escape($pun_user['username']).'\', '.$pun_user['id'].', \''.$db->escape($cur_addressee['username']).'\', '.$cur_addressee['id'].', 0, '.$now.', 0, '.$now.', 0, '.$flag1.', '.$flag2.')') or error('Unable to create pms_new_topics', __FILE__, __LINE__, $db->error());
$new_tid = $db->insert_id();
// создаем новое сообщение
$db->query('INSERT INTO '.$db->prefix.'pms_new_posts (poster, poster_id, poster_ip, message, hide_smilies, posted, post_new, topic_id) VALUES(\''.$db->escape($pun_user['username']).'\', '.$pun_user['id'].', \''.$db->escape(get_remote_address()).'\', \''.$db->escape($message).'\', '.$hide_smilies.', '.$now.', 1, '.$new_tid.')') or error('Unable to create pms_new_posts', __FILE__, __LINE__, $db->error());
$new_pid = $db->insert_id();
@ -297,7 +297,7 @@ if (isset($_POST['csrf_hash']))
if ($flag2 != 2)
pmsn_user_update($cur_addressee['id'], true);
}
if ($cur_addressee['messages_email'] == 1 && isset($mbutsubmit) && $flag2 != 2)
{
$mail_tpl = trim(file_get_contents(PUN_ROOT.'lang/'.$cur_addressee['language'].'/mail_templates/form_pmsn.tpl'));
@ -347,10 +347,12 @@ if ($tid)
message($lang_common['Bad request'], false, '404 Not Found');
$result = $db->query('SELECT poster, message FROM '.$db->prefix.'pms_new_posts WHERE id='.$qid.' AND topic_id='.$tid) or error('Unable to fetch quote info', __FILE__, __LINE__, $db->error());
if (!$db->num_rows($result))
$post_info = $db->fetch_row($result);
if (!$post_info)
message($lang_common['Bad request'], false, '404 Not Found');
list($q_poster, $q_message) = $db->fetch_row($result);
list($q_poster, $q_message) = $post_info;
if ($pun_config['o_censoring'] == '1')
$q_message = censor_words($q_message);
@ -463,8 +465,10 @@ if (!empty($errors))
}
else if (isset($_POST['preview']))
{
require_once PUN_ROOT.'include/parser.php';
$preview_message = parse_message($message, $hide_smilies);
if (! isset($parser)) {
$parser = new FbV\Parser($pun_config, $pun_user, $lang_common);
}
$preview_message = $parser->parseMessage($message, (bool) $hide_smilies);
?>
<div class="block">
@ -554,7 +558,9 @@ require PUN_ROOT.'include/bbcode.inc.php';
// Check to see if the topic review is to be displayed
if ($tid && $pun_config['o_topic_review'] != '0')
{
require_once PUN_ROOT.'include/parser.php';
if (! isset($parser)) {
$parser = new FbV\Parser($pun_config, $pun_user, $lang_common);
}
$result = $db->query('SELECT poster, message, hide_smilies, posted FROM '.$db->prefix.'pms_new_posts WHERE topic_id='.$tid.' ORDER BY id DESC LIMIT '.$pun_config['o_topic_review']) or error('Unable to fetch pms topic review', __FILE__, __LINE__, $db->error());
@ -570,7 +576,7 @@ if ($tid && $pun_config['o_topic_review'] != '0')
{
$post_count++;
$cur_post['message'] = parse_message($cur_post['message'], $cur_post['hide_smilies']);
$cur_post['message'] = $parser->parseMessage($cur_post['message'], (bool) $cur_post['hide_smilies']);
?>
<div class="blockpost">

16
include/pms_new/mdl/save.php
View file

@ -1,7 +1,7 @@
<?php
/**
* Copyright (C) 2010-2015 Visman (mio.visman@yandex.ru)
* Copyright (C) 2010-2018 Visman (mio.visman@yandex.ru)
* Copyright (C) 2008-2010 FluxBB
* based on code by Rickard Andersson copyright (C) 2002-2008 PunBB
* License: http://www.gnu.org/licenses/gpl.html GPL version 2 or higher
@ -64,7 +64,7 @@ else
$pmsn_f_savedel = '<input type="submit" name="delete" value="'.$lang_pmsn['Delete'].'" />';
?>
<script language="JavaScript" type="text/JavaScript">
<script type="text/javascript">
/* <![CDATA[ */
function ChekUncheck()
{
@ -87,10 +87,10 @@ function ChekUncheck()
<p class="pagelink conl"><?php echo $paging_links ?></p>
<p class="postlink actions conr"><?php echo $pmsn_f_cnt ?></p>
</div>
<form method="post" action="pmsnew.php?mdl=saveq<?php echo $sidamp ?>" name="posttopic">
<input type="hidden" name="csrf_hash" value="<?php echo $pmsn_csrf_hash ?>" />
<input type="hidden" name="p" value="<?php echo $p ?>" />
<form method="post" action="pmsnew.php?mdl=saveq<?php echo $sidamp ?>">
<div id="vf" class="blocktable">
<input type="hidden" name="csrf_hash" value="<?php echo $pmsn_csrf_hash ?>" />
<input type="hidden" name="p" value="<?php echo $p ?>" />
<div class="box">
<div class="inbox">
<table>
@ -111,11 +111,12 @@ function ChekUncheck()
LEFT JOIN '.$db->prefix.'users AS s ON (s.id = t.starter_id)
LEFT JOIN '.$db->prefix.'users AS u ON (u.id = t.to_id)
WHERE t.id IN ('.implode(',', $viewt).') ORDER BY t.last_posted DESC') or error('Unable to fetch pms topics IDs', __FILE__, __LINE__, $db->error());
$cur_topic = $db->fetch_assoc($result);
if ($db->num_rows($result))
if (is_array($cur_topic))
{
$topic_count = 0;
while ($cur_topic = $db->fetch_assoc($result))
do
{
++$topic_count;
$status_text = array();
@ -189,6 +190,7 @@ function ChekUncheck()
</tr>
<?php
}
while ($cur_topic = $db->fetch_assoc($result));
}
else
{

11
include/pms_new/mdl/send.php
View file

@ -1,7 +1,7 @@
<?php
/**
* Copyright (C) 2010-2015 Visman (mio.visman@yandex.ru)
* Copyright (C) 2010-2018 Visman (mio.visman@yandex.ru)
* Copyright (C) 2008-2010 FluxBB
* based on code by Rickard Andersson copyright (C) 2002-2008 PunBB
* License: http://www.gnu.org/licenses/gpl.html GPL version 2 or higher
@ -21,12 +21,11 @@ if (!in_array($tid, $pmsn_arr_save))
message($lang_common['Bad request'], false, '404 Not Found');
$result = $db->query('SELECT * FROM '.$db->prefix.'pms_new_topics WHERE id='.$tid) or error('Unable to fetch pms_new_topics info', __FILE__, __LINE__, $db->error());
if (!$db->num_rows($result))
message($lang_common['Bad request'], false, '404 Not Found');
$cur_topic = $db->fetch_assoc($result);
if (!$cur_topic)
message($lang_common['Bad request'], false, '404 Not Found');
if ($pun_user['id'] != $cur_topic['starter_id'] || $cur_topic['see_to'] != 0)
message($lang_common['Bad request'], false, '404 Not Found');
@ -54,7 +53,7 @@ if (isset($_POST['action2']))
message($lang_common['Bad referrer']);
$db->query('UPDATE '.$db->prefix.'pms_new_topics SET topic_st=0, topic_to=1 WHERE id='.$tid) or error('Unable to update pms_new_topics', __FILE__, __LINE__, $db->error());
pmsn_user_update($cur_user['id'], true);
pmsn_user_update($pun_user['id']);

31
include/pms_new/mdl/topic.php
View file

@ -1,7 +1,7 @@
<?php
/**
* Copyright (C) 2010-2015 Visman (mio.visman@yandex.ru)
* Copyright (C) 2010-2018 Visman (mio.visman@yandex.ru)
* Copyright (C) 2008-2010 FluxBB
* based on code by Rickard Andersson copyright (C) 2002-2008 PunBB
* License: http://www.gnu.org/licenses/gpl.html GPL version 2 or higher
@ -20,11 +20,11 @@ if ($tid < 1 && $pid < 1)
if ($pid)
{
$result = $db->query('SELECT topic_id FROM '.$db->prefix.'pms_new_posts WHERE id='.$pid) or error('Unable to fetch pms_new_posts info', __FILE__, __LINE__, $db->error());
if (!$db->num_rows($result))
message($lang_common['Bad request'], false, '404 Not Found');
$tid = $db->result($result);
if (!$tid)
message($lang_common['Bad request'], false, '404 Not Found');
$result = $db->query('SELECT COUNT(id) FROM '.$db->prefix.'pms_new_posts WHERE topic_id='.$tid.' AND id<'.$pid) or error('Unable to fetch pms_new_posts info', __FILE__, __LINE__, $db->error());
$i = $db->result($result) + 1;
$_GET['p'] = ceil($i / $pun_user['disp_posts']);
@ -50,11 +50,11 @@ else
message($lang_common['Bad request'], false, '404 Not Found');
$result = $db->query('SELECT t.*, u.num_posts, u.id AS userid, u.group_id FROM '.$db->prefix.'pms_new_topics AS t LEFT JOIN '.$db->prefix.'users AS u ON (u.id!='.$pun_user['id'].' AND (u.id=t.starter_id OR u.id=t.to_id)) WHERE t.id='.$tid) or error('Unable to fetch pms_new_topics info', __FILE__, __LINE__, $db->error());
$cur_topic = $db->fetch_assoc($result);
if (!$db->num_rows($result))
if (!$cur_topic)
message($lang_common['Bad request'], false, '404 Not Found');
$cur_topic = $db->fetch_assoc($result);
$to_user = array();
if ($cur_topic['starter_id'] == $pun_user['id'])
@ -166,7 +166,7 @@ generate_pmsn_menu($pmsn_modul);
</div>
<?php
require PUN_ROOT.'include/parser.php';
$parser = new FbV\Parser($pun_config, $pun_user, $lang_common);
$post_count = 0; // Keep track of post numbers
@ -176,7 +176,7 @@ $result = $db->query('SELECT id FROM '.$db->prefix.'pms_new_posts WHERE topic_id
$post_ids = array();
for ($i = 0;$cur_post_id = $db->result($result, $i);$i++)
$post_ids[] = $cur_post_id;
$post_view_new = array();
// мод пола, добавлен u.gender
@ -231,11 +231,6 @@ while ($cur_post = $db->fetch_assoc($result))
else
$username = pun_htmlspecialchars($cur_post['username']);
$user_title = get_title($cur_post);
if ($pun_config['o_censoring'] == '1')
$user_title = censor_words($user_title);
if ($cur_post['g_id'] == PUN_GUEST)
{
$is_online = '&#160;';
@ -294,15 +289,15 @@ while ($cur_post = $db->fetch_assoc($result))
$signature = $signature_cache[$cur_post['poster_id']];
else
{
$signature = parse_signature($cur_post['signature']);
$signature = $parser->parseSignature($cur_post['signature']);
$signature_cache[$cur_post['poster_id']] = $signature;
}
}
}
// Perform the main parsing of the message (BBCode, smilies, censor words etc)
$cur_post['message'] = parse_message($cur_post['message'], $cur_post['hide_smilies']);
$cur_post['message'] = $parser->parseMessage($cur_post['message'], (bool) $cur_post['hide_smilies']);
?>
<div id="p<?php echo $cur_post['id'] ?>" class="blockpost<?php echo ($post_count % 2 == 0) ? ' roweven' : ' rowodd' ?><?php if ($post_count == 1) echo ' blockpost1'; ?>">
<h2><span><span class="conr">#<?php echo ($start_from + $post_count) ?></span> <a href="pmsnew.php?mdl=topic&amp;pid=<?php echo $cur_post['id'].'#p'.$cur_post['id'] ?>"><?php echo format_time($cur_post['posted']) ?></a></span></h2>
@ -312,7 +307,7 @@ while ($cur_post = $db->fetch_assoc($result))
<div class="postleft">
<dl>
<dt><strong<?php echo(is_null($cur_post['gender']) ? '' : ' class="gender '.$cur_post['gender'].'"'); ?>><?php echo $username ?></strong></dt>
<dd class="usertitle"><strong><?php echo $user_title ?></strong></dd>
<dd class="usertitle"><strong><?php echo get_title($cur_post) ?></strong></dd>
<?php if ($user_avatar != '') echo "\t\t\t\t\t\t\t\t".'<dd class="postavatar">'.$user_avatar.'</dd>'."\n"; ?>
<?php if (count($user_info)) echo "\t\t\t\t\t\t\t\t".implode("\n\t\t\t\t\t\t\t\t", $user_info)."\n"; ?>
<?php if (count($user_contacts)) echo "\t\t\t\t\t\t\t\t".'<dd class="usercontacts">'.implode(' ', $user_contacts).'</dd>'."\n"; ?>

52
include/poll.php
View file

@ -60,9 +60,9 @@ function poll_can_vote($tid, $uid)
if (is_null($uid) || $uid < 2) return false;
if (isset($cur_topic['closed']) && $cur_topic['closed'] != '0') return false;
$result = $db->query('SELECT 1 FROM '.$db->prefix.'poll_voted WHERE tid='.$tid.' AND uid='.$uid) or error('Unable to fetch poll voted info', __FILE__, __LINE__, $db->error());
return ($db->num_rows($result) == 0);
return empty($db->result($result));
}
// получение информации по опросу **********************************************
@ -71,10 +71,10 @@ function poll_info($tid, $uid = null)
global $db;
if ($tid == 0) return null;
if (file_exists(FORUM_CACHE_DIR.'polls/'.$tid.'.php'))
include FORUM_CACHE_DIR.'polls/'.$tid.'.php';
if (!isset($kol))
{
$result = $db->query('SELECT question, field, choice, votes FROM '.$db->prefix.'poll WHERE tid='.$tid.' ORDER BY question, field') or error('Unable to fetch poll info', __FILE__, __LINE__, $db->error());
@ -99,7 +99,7 @@ function poll_info($tid, $uid = null)
}
if ($kol == 0) return null;
$rez = array(
'questions' => $questions,
'choices' => $choices,
@ -125,7 +125,7 @@ function poll_info($tid, $uid = null)
if (function_exists('apc_delete_file'))
@apc_delete_file(FORUM_CACHE_DIR.'polls/'.$tid.'.php');
}
if ($kol == 0) return null;
$rez['canVote'] = (is_null($uid)) ? false : poll_can_vote($tid, $uid);
@ -151,7 +151,7 @@ function poll_form_edit($tid)
function poll_topic($tid)
{
global $cur_post, $cur_topic;
if ($tid == 0)
$rez = array(0,time(),0,0);
else if (isset($cur_topic['poll_type']))
@ -164,7 +164,7 @@ function poll_topic($tid)
$rez = array($cur_post['poll_type'], $cur_post['poll_time'], $cur_post['poll_term'], $cur_post['poll_kol']);
else
$rez = array(0,time(),0,0);
return $rez;
}
@ -179,7 +179,7 @@ function poll_form($tid)
$enabled = ($top[0] > 0);
$resu = ($top[2] > 1);
$term = max($top[2],$pun_config['o_poll_term']);
$edit = (poll_noedit($tid)) ? false : true;
$questions = $type = $choices = array();
@ -307,7 +307,7 @@ function poll_form($tid)
if (empty($question))
$fk = false;
$fi = $fk;
for ($i = 1; $i <= $pun_config['o_poll_max_field']; $i++)
{
$choice = (isset($choices[$k][$i]) && $fi) ? pun_htmlspecialchars(pun_trim($choices[$k][$i])) : '';
@ -514,12 +514,12 @@ function poll_display_topic($tid, $uid, $p = 0, $f = false)
$top = poll_topic($tid);
if ($top[0] == 0) return;
$top[4] = $p;
if (is_null($info))
$info = poll_info($tid, $uid);
if ($f) return;
poll_display($tid, $uid, $info, $top);
}
@ -598,7 +598,7 @@ function poll_display($tid, $uid, $info, $top, $prev = false)
global $db, $lang_poll, $pun_config, $lang_common;
if (is_null($info)) return;
$can_vote = ($info['canVote'] && $top[0] != 2 && poll_post('poll_view') === null);
$can_visi = ((($info['isGuest'] && $pun_config['o_poll_guest'] == '1') || !$info['isGuest']) && $top[2] <= $top[3]);
$fmess = '';
@ -632,7 +632,7 @@ function poll_display($tid, $uid, $info, $top, $prev = false)
}
$amax = array();
foreach($questions as $k => $question)
{
$choice = $choices[$k];
@ -647,10 +647,10 @@ function poll_display($tid, $uid, $info, $top, $prev = false)
$maxPercent = ($top[3] == 0 || !$max) ? 1 : 100 * $max / $top[3];
?>
<?php if ($can_vote && !$prev): ?>
<input type="hidden" name="poll_max[<?php echo $k ?>]" value="<?php echo $amax[$k] ?>" />
<?php endif ?>
<fieldset class="poll">
<?php if ($can_vote && !$prev): ?>
<input type="hidden" name="poll_max[<?php echo $k ?>]" value="<?php echo $amax[$k] ?>" />
<?php endif ?>
<p><?php echo pun_htmlspecialchars($question) ?></p>
<?php if ($can_vote && $types[$k]>1): ?>
<div class="poss"><?php printf($lang_poll['Possible choose'], $types[$k]) ?></div>
@ -701,19 +701,25 @@ function poll_display($tid, $uid, $info, $top, $prev = false)
}
if ($can_vote && !$prev)
{
?>
<div>
<?php
$csrf = pun_hash($tid.(pun_hash($uid.count($questions).implode('0',$types))).get_remote_address().implode('.',$amax));
foreach ($types as $i => $type)
{
?>
<input type="hidden" name="poll_type[<?php echo $i ?>]" value="<?php echo $type ?>" />
<input type="hidden" name="poll_type[<?php echo $i ?>]" value="<?php echo $type ?>" />
<?php
}
?>
<input type="hidden" name="poll_ques" value="<?php echo count($questions) ?>" />
<input type="hidden" name="poll_csrf" value="<?php echo $csrf ?>" />
<input type="hidden" name="poll_ques" value="<?php echo count($questions) ?>" />
<input type="hidden" name="poll_csrf" value="<?php echo $csrf ?>" />
</div>
<p class="pollbut"><input type="submit" name="poll_submit" value="<?php echo $lang_poll['Vote button'] ?>" /><?php echo (($can_visi && $top[3] > 0) ? '<input type="submit" name="poll_view" value="'.$lang_poll['View'].'" />' : '') ?></p>
</form>
</div>
@ -744,9 +750,9 @@ function poll_vote($tid, $uid)
$type = array_map('intval', $type);
$amax = array_map('intval', $amax);
$ques = intval($ques);
$csrf2 = pun_hash($tid.(pun_hash($uid.$ques.implode('0',$type))).get_remote_address().implode('.',$amax));
if ($csrf2 != $csrf) poll_mess('Err2');
$kol = 0;
@ -788,6 +794,6 @@ function poll_vote($tid, $uid)
$db->query('INSERT INTO '.$db->prefix.'poll_voted (tid, uid, rez) VALUES ('.$tid.','.$uid.',\''.$db->escape(serialize($votes)).'\')') or error('Unable to save vote', __FILE__, __LINE__, $db->error());
$db->query('UPDATE '.$db->prefix.'topics SET poll_kol=poll_kol+1 WHERE id='.$tid) or error('Unable to update topic', __FILE__, __LINE__, $db->error());
poll_cache_delete($tid);
}

16
include/search_idx.php
View file

@ -369,20 +369,20 @@ function strip_search_index($post_ids)
{
$result = $db->query('SELECT word_id FROM '.$db->prefix.'search_matches WHERE post_id IN('.$post_ids.') GROUP BY word_id') or error('Unable to fetch search index word match', __FILE__, __LINE__, $db->error());
if ($db->num_rows($result))
$word_ids = '';
while ($row = $db->fetch_row($result))
$word_ids .= ($word_ids != '') ? ','.$row[0] : $row[0];
if ($word_ids != '')
{
$result = $db->query('SELECT word_id FROM '.$db->prefix.'search_matches WHERE word_id IN('.$word_ids.') GROUP BY word_id HAVING COUNT(word_id)=1') or error('Unable to fetch search index word match', __FILE__, __LINE__, $db->error());
$word_ids = '';
while ($row = $db->fetch_row($result))
$word_ids .= ($word_ids != '') ? ','.$row[0] : $row[0];
$result = $db->query('SELECT word_id FROM '.$db->prefix.'search_matches WHERE word_id IN('.$word_ids.') GROUP BY word_id HAVING COUNT(word_id)=1') or error('Unable to fetch search index word match', __FILE__, __LINE__, $db->error());
if ($db->num_rows($result))
if ($word_ids != '')
{
$word_ids = '';
while ($row = $db->fetch_row($result))
$word_ids .= ($word_ids != '') ? ','.$row[0] : $row[0];
$db->query('DELETE FROM '.$db->prefix.'search_words WHERE id IN('.$word_ids.')') or error('Unable to delete search index word', __FILE__, __LINE__, $db->error());
}
}

19
include/security.php
View file

@ -23,7 +23,7 @@ function security_lang($val, $isset = false)
else
require PUN_ROOT.'lang/English/security.php';
}
if ($isset)
return isset($lang_sec[$val]);
else
@ -47,7 +47,7 @@ function security_encode_for_js($s)
function security_show_random_value($val)
{
static $random;
if ($val === false)
{
$random = 0;
@ -111,7 +111,7 @@ function security_show_captcha($tabindex, $acaptcha = true, $qcaptcha = false)
if ($acaptcha || $qcaptcha)
{
?>
<div class="inform">
<fieldset>
@ -146,7 +146,7 @@ function security_show_captcha($tabindex, $acaptcha = true, $qcaptcha = false)
<?php
} // $qcaptcha
if ($acaptcha)
{
$len = mt_rand(2, 3);
@ -154,15 +154,16 @@ function security_show_captcha($tabindex, $acaptcha = true, $qcaptcha = false)
$a = $d = array();
for ($i = 1; $i < $len; $i++)
$d[$i] = $c[array_rand($c)];
{
$y = array_rand($c);
$d[$i] = $c[$y];
array_splice($c, $y, 1);
}
$pred = $prea = 0;
for ($i = $len; $i > 0; $i--)
{
if (($i > 1 && strstr('/*', $d[$i - 1])) || ($i < $len && $d[$i] == '*'))
$a[$i] = mt_rand(1, 5);
else
$a[$i] = mt_rand(1, 9);
$a[$i] = mt_rand(1, 9);
if ($i < $len && $d[$i] == '/')
{

150
include/srand.php
View file

@ -1,150 +0,0 @@
<?php
/*
* Author:
* George Argyros <argyros.george@gmail.com>
*
* Copyright (c) 2012, George Argyros
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* * Neither the name of the <organization> nor the
* names of its contributors may be used to endorse or promote products
* derived from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL GEORGE ARGYROS BE LIABLE FOR ANY
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*
*
* The function is providing, at least at the systems tested :),
* $len bytes of entropy under any PHP installation or operating system.
* The execution time should be at most 10-20 ms in any system.
*/
function secure_random_bytes($len = 10)
{
/*
* Our primary choice for a cryptographic strong randomness function is
* openssl_random_pseudo_bytes.
*/
$SSLstr = '4'; // http://xkcd.com/221/
if (function_exists('openssl_random_pseudo_bytes') &&
(version_compare(PHP_VERSION, '5.3.4') >= 0 ||
substr(PHP_OS, 0, 3) !== 'WIN'))
{
$SSLstr = openssl_random_pseudo_bytes($len, $strong);
if ($strong) {
return $SSLstr;
}
}
/*
* If mcrypt extension is available then we use it to gather entropy from
* the operating system's PRNG. This is better than reading /dev/urandom
* directly since it avoids reading larger blocks of data than needed.
* Older versions of mcrypt_create_iv may be broken or take too much time
* to finish so we only use this function with PHP 5.3.7 and above.
* @see https://bugs.php.net/bug.php?id=55169
*/
if (function_exists('mcrypt_create_iv') &&
(version_compare(PHP_VERSION, '5.3.7') >= 0 ||
substr(PHP_OS, 0, 3) !== 'WIN')) {
$str = mcrypt_create_iv($len, MCRYPT_DEV_URANDOM);
if ($str !== false) {
return $str;
}
}
/*
* No build-in crypto randomness function found. We collect any entropy
* available in the PHP core PRNGs along with some filesystem info and memory
* stats. To make this data cryptographically strong we add data either from
* /dev/urandom or if its unavailable, we gather entropy by measuring the
* time needed to compute a number of SHA-1 hashes.
*/
$str = '';
$bits_per_round = 2; // bits of entropy collected in each clock drift round
$msec_per_round = 400; // expected running time of each round in microseconds
$hash_len = 20; // SHA-1 Hash length
$total = $len; // total bytes of entropy to collect
$handle = @fopen('/dev/urandom', 'rb');
if ($handle && function_exists('stream_set_read_buffer')) {
@stream_set_read_buffer($handle, 0);
}
do
{
$bytes = ($total > $hash_len)? $hash_len : $total;
$total -= $bytes;
//collect any entropy available from the PHP system and filesystem
$entropy = rand() . uniqid(mt_rand(), true) . $SSLstr;
$entropy .= implode('', @fstat(@fopen( __FILE__, 'r')));
$entropy .= memory_get_usage() . getmypid();
$entropy .= serialize($_ENV) . serialize($_SERVER);
if (function_exists('posix_times')) {
$entropy .= serialize(posix_times());
}
if (function_exists('zend_thread_id')) {
$entropy .= zend_thread_id();
}
if ($handle) {
$entropy .= @fread($handle, $bytes);
} else {
// Measure the time that the operations will take on average
for ($i = 0; $i < 3; $i++)
{
$c1 = microtime(true);
$var = sha1(mt_rand());
for ($j = 0; $j < 50; $j++) {
$var = sha1($var);
}
$c2 = microtime(true);
$entropy .= $c1 . $c2;
}
// Based on the above measurement determine the total rounds
// in order to bound the total running time.
$rounds = (int) ($msec_per_round * 50 / (int) (($c2 - $c1) * 1000000));
// Take the additional measurements. On average we can expect
// at least $bits_per_round bits of entropy from each measurement.
$iter = $bytes * (int) (ceil(8 / $bits_per_round));
for ($i = 0; $i < $iter; $i++)
{
$c1 = microtime(true);
$var = sha1(mt_rand());
for ($j = 0; $j < $rounds; $j++) {
$var = sha1($var);
}
$c2 = microtime(true);
$entropy .= $c1 . $c2;
}
}
// We assume sha1 is a deterministic extractor for the $entropy variable.
$str .= sha1($entropy, true);
} while ($len > strlen($str));
if ($handle) {
@fclose($handle);
}
return substr($str, 0, $len);
}

14
include/subforums_view.php
View file

@ -1,7 +1,7 @@
<?php
/**
* Copyright (C) 2013-2015 Visman (mio.visman@yandex.ru)
* Copyright (C) 2013-2018 Visman (mio.visman@yandex.ru)
* Copyright (C) 2008-2012 FluxBB
* based on code by Rickard Andersson copyright (C) 2002-2008 PunBB
* License: http://www.gnu.org/licenses/gpl.html GPL version 2 or higher
@ -13,7 +13,7 @@ if (!defined('PUN'))
function sf_status_new($cur_forum)
{
global $new_topics;
return isset($new_topics[$cur_forum['fid']]);
}
@ -59,18 +59,20 @@ if (!$pun_user['is_guest'])
{
// $result = $db->query('SELECT f.id, f.last_post FROM '.$db->prefix.'forums AS f LEFT JOIN '.$db->prefix.'forum_perms AS fp ON (fp.forum_id=f.id AND fp.group_id='.$pun_user['g_id'].') WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND f.last_post>'.$pun_user['last_visit']) or error('Unable to fetch forum list', __FILE__, __LINE__, $db->error());
$result = $db->query('SELECT f.id, f.last_post FROM '.$db->prefix.'forums AS f WHERE f.last_post>'.$pun_user['last_visit'].' AND f.id IN ('.implode(',', $sf_array_asc[$sf_cur_forum]).')') or error('Unable to fetch forum list', __FILE__, __LINE__, $db->error());
$cur_forum_ = $db->fetch_assoc($result);
if ($db->num_rows($result))
if (is_array($cur_forum_))
{
$forums = $new_topics = array();
if (!isset($tracked_topics))
$tracked_topics = get_tracked_topics();
while ($cur_forum = $db->fetch_assoc($result))
do
{
if (!isset($tracked_topics['forums'][$cur_forum['id']]) || $tracked_topics['forums'][$cur_forum['id']] < $cur_forum['last_post'])
$forums[$cur_forum['id']] = $cur_forum['last_post'];
if (!isset($tracked_topics['forums'][$cur_forum_['id']]) || $tracked_topics['forums'][$cur_forum_['id']] < $cur_forum_['last_post'])
$forums[$cur_forum_['id']] = $cur_forum_['last_post'];
}
while ($cur_forum_ = $db->fetch_assoc($result));
if (!empty($forums))
{

1117
include/upload.php
View file

File diff suppressed because it is too large Load diff

116
include/uploadf.php Normal file
View file

@ -0,0 +1,116 @@
<?php
/**
* Copyright (C) 2011-2020 Visman (visman@inbox.ru)
* License: http://www.gnu.org/licenses/gpl.html GPL version 2 or higher
*/
// Make sure no one attempts to run this script "directly"
if (! defined('PUN')) {
exit;
}
if (!$pun_user['is_guest'] && isset($pun_config['o_upload_config'], $required_fields['req_message'])) {
if ($pun_user['g_id'] == PUN_ADMIN || ($pun_user['g_up_limit'] > 0 && $pun_user['g_up_max'] > 0)) {
// Load language file
if (! isset($lang_up)) {
if (file_exists(PUN_ROOT.'lang/'.$pun_user['language'].'/upload.php')) {
require PUN_ROOT.'lang/'.$pun_user['language'].'/upload.php';
} else {
require PUN_ROOT.'lang/English/upload.php';
}
}
if (file_exists(PUN_ROOT.'style/'.$pun_user['style'].'/upfiles.css')) {
$style = 'style/'.$pun_user['style'].'/upfiles.css';
} else {
$style = 'style/imports/upfiles.css';
}
$upf_conf = unserialize($pun_config['o_upload_config']);
$upf_max_size = (int) (10485.76 * $pun_user['g_up_max'])
?>
<script type="text/javascript">
/* <![CDATA[ */
if (typeof FluxBB === 'undefined' || !FluxBB) {var FluxBB = {};}
FluxBB.uploadvars = {
action: 'upfiles.php',
style: '<?= addslashes($style) ?>',
lang: {
upfiles: '<strong><?= addslashes($lang_up['upfiles']) ?></strong>',
confirmation: '<?= addslashes($lang_up['delete file']) ?>',
large: '<?= addslashes($lang_up['Too large']) ?>',
bad_type: '<?= addslashes($lang_up['Bad type']) ?>'
},
maxsize: <?= $upf_max_size ?>,
exts: ['<?= str_replace([' ', ','], ['', '\', \''], addslashes($pun_user['g_up_ext'])) ?>'],
token: '<?= addslashes(function_exists('csrf_hash') ? csrf_hash('upfiles.php') : pun_csrf_token()) ?>'
};
/* ]]> */
</script>
<script type="text/javascript" src="js/upload.js"></script>
<div id="upf-template" style="width: 0; height: 0; overflow: hidden; margin: 0; padding: 0;">
<div class="inform upf-fmess">
<fieldset>
<legend><?= $lang_up['upfiles'] ?></legend>
<div class="infldset">
<button id="upf-button" type="button"><?= $lang_up['fichier'] ?></button>
<span><?= sprintf($lang_up['info_2'], pun_htmlspecialchars(str_replace([' ', ','], ['', ', '], $pun_user['g_up_ext'])), pun_htmlspecialchars(file_size($upf_max_size))) ?></span>
</div>
</fieldset>
</div>
<div class="inform upf-fmess">
<fieldset id="upf-list-fls">
<div class="infldset">
<div id="upf-container">
<ul id="upf-list">
<li id="upf--">
<div class="upf-name" title="End">
<span>&#160;</span>
</div>
<div class="upf-file" style="height: <?= max((int) $upf_conf['thumb_size'], 100) ?>px;">
<a>
<span>&#160;</span>
</a>
</div>
<div class="upf-size">
<span>&#160;</span>
</div>
<div class="upf-but upf-delete">
<a title="<?= $lang_up['delete'] ?>">
<span></span>
</a>
</div>
<div class="upf-but upf-insert">
<a title="<?= $lang_up['insert'] ?>">
<span></span>
</a>
</div>
<div class="upf-but upf-insert-t">
<a title="<?= $lang_up['insert_thumb'] ?>">
<span></span>
</a>
</div>
</li>
</ul>
</div>
</div>
</fieldset>
</div>
<div class="inform upf-fmess">
<fieldset>
<div class="infldset">
<div id="upf-legend">
<div style="background-color: rgb(0, 255, 0); width: 0%;"><span>0%</span></div>
</div>
<p id="upf-legend-p"><?= sprintf($lang_up['info_4'], 0, pun_htmlspecialchars(file_size(1048576 * $pun_user['g_up_limit']))) ?></p>
</div>
</fieldset>
</div>
</div>
<?php
}
}

22
include/uploadp.php
View file

@ -1,23 +1,23 @@
<?php
/**
* Copyright (C) 2011-2013 Visman (mio.visman@yandex.ru)
* Copyright (C) 2011-2019 Visman (mio.visman@yandex.ru)
* License: http://www.gnu.org/licenses/gpl.html GPL version 2 or higher
*/
// Make sure no one attempts to run this script "directly"
if (!defined('PUN'))
if (! defined('PUN')) {
exit;
}
if (isset($pun_user['g_up_ext']))
{
if ($pun_user['g_id'] == PUN_ADMIN || ($id == $pun_user['id'] && $pun_user['g_up_limit'] > 0 && $pun_user['g_up_max'] > 0))
{
if (file_exists(PUN_ROOT.'lang/'.$pun_user['language'].'/upload.php'))
require PUN_ROOT.'lang/'.$pun_user['language'].'/upload.php';
else
require PUN_ROOT.'lang/English/upload.php';
if (isset($pun_config['o_upload_config'])) {
if ($pun_user['g_id'] == PUN_ADMIN || ($id == $pun_user['id'] && $pun_user['g_up_limit'] > 0 && $pun_user['g_up_max'] > 0)) {
if (file_exists(PUN_ROOT . 'lang/' . $pun_user['language'] . '/upload.php')) {
require PUN_ROOT . 'lang/' . $pun_user['language'] . '/upload.php';
} else {
require PUN_ROOT . 'lang/English/upload.php';
}
echo "\t\t\t\t\t".'<li'.(($page == 'upload') ? ' class="isactive"' : '').'><a href="upfiles.php?id='.$id.'">'.$lang_up['upfiles'].'</a></li>'."\n";
echo "\t\t\t\t\t" . '<li' . (($page == 'upload') ? ' class="isactive"' : '') . '><a href="upfiles.php?id=' . $id . '">' . $lang_up['upfiles'] . '</a></li>' . "\n";
}
}

20
include/utf8/ord.php
View file

@ -21,54 +21,54 @@ function utf8_ord($chr)
if ($ord0 >= 0 && $ord0 <= 127)
return $ord0;
if (!isset($chr{1}))
if (!isset($chr[1]))
{
trigger_error('Short sequence - at least 2 bytes expected, only 1 seen');
return false;
}
$ord1 = ord($chr{1});
$ord1 = ord($chr[1]);
if ($ord0 >= 192 && $ord0 <= 223)
return ($ord0 - 192) * 64 + ($ord1 - 128);
if (!isset($chr{2}))
if (!isset($chr[2]))
{
trigger_error('Short sequence - at least 3 bytes expected, only 2 seen');
return false;
}
$ord2 = ord($chr{2});
$ord2 = ord($chr[2]);
if ($ord0 >= 224 && $ord0 <= 239)
return ($ord0-224)*4096 + ($ord1-128)*64 + ($ord2-128);
if (!isset($chr{3}))
if (!isset($chr[3]))
{
trigger_error('Short sequence - at least 4 bytes expected, only 3 seen');
return false;
}
$ord3 = ord($chr{3});
$ord3 = ord($chr[3]);
if ($ord0>=240 && $ord0<=247)
return ($ord0-240)*262144 + ($ord1-128)*4096 + ($ord2-128)*64 + ($ord3-128);
if (!isset($chr{4}))
if (!isset($chr[4]))
{
trigger_error('Short sequence - at least 5 bytes expected, only 4 seen');
return false;
}
$ord4 = ord($chr{4});
$ord4 = ord($chr[4]);
if ($ord0>=248 && $ord0<=251)
return ($ord0-248)*16777216 + ($ord1-128)*262144 + ($ord2-128)*4096 + ($ord3-128)*64 + ($ord4-128);
if (!isset($chr{5}))
if (!isset($chr[5]))
{
trigger_error('Short sequence - at least 6 bytes expected, only 5 seen');
return false;
}
if ($ord0>=252 && $ord0<=253)
return ($ord0-252) * 1073741824 + ($ord1-128)*16777216 + ($ord2-128)*262144 + ($ord3-128)*4096 + ($ord4-128)*64 + (ord($c{5})-128);
return ($ord0-252) * 1073741824 + ($ord1-128)*16777216 + ($ord2-128)*262144 + ($ord3-128)*4096 + ($ord4-128)*64 + (ord($chr[5])-128);
if ($ord0 >= 254 && $ord0 <= 255)
{

2
include/utf8/utils/bad.php
View file

@ -270,7 +270,7 @@ function utf8_bad_identify($str, &$i)
for($i=0; $i < $len; $i++)
{
$in = ord($str{$i});
$in = ord($str[$i]);
if ( $mState == 0)
{

2
include/utf8/utils/validation.php
View file

@ -40,7 +40,7 @@ function utf8_is_valid($str)
for($i = 0; $i < $len; $i++)
{
$in = ord($str{$i});
$in = ord($str[$i]);
if ( $mState == 0)
{

87
install.php
View file

@ -7,16 +7,16 @@
*/
// The FluxBB version this script installs
define('FORUM_VERSION', '1.5.10');
define('FORUM_VERSION', '1.5.11');
define('FORUM_VER_REVISION', 78); // номер сборки - Visman
define('FORUM_VER_REVISION', 81); // номер сборки - Visman
define('FORUM_DB_REVISION', 21);
define('FORUM_SI_REVISION', 2.1);
define('FORUM_PARSER_REVISION', 2);
define('MIN_PHP_VERSION', '5.6.0');
define('MIN_MYSQL_VERSION', '5.0.7');
define('MIN_PHP_VERSION', '5.6.12');
define('MIN_MYSQL_VERSION', '5.5.3');
define('MIN_PGSQL_VERSION', '7.0.0');
define('PUN_SEARCH_MIN_WORD', 3);
define('PUN_SEARCH_MAX_WORD', 20);
@ -36,9 +36,6 @@ require PUN_ROOT.'include/utf8/utf8.php';
// Strip out "bad" UTF-8 characters
forum_remove_bad_characters();
// Reverse the effect of register_globals
forum_unregister_globals();
// Disable error reporting for uninitialized variables
error_reporting(E_ALL);
@ -94,7 +91,33 @@ function generate_config_file()
{
global $db_type, $db_host, $db_name, $db_username, $db_password, $db_prefix, $cookie_name, $cookie_seed, $salt1;
return '<?php'."\n\n".'$db_type = \''.$db_type."';\n".'$db_host = \''.$db_host."';\n".'$db_name = \''.addslashes($db_name)."';\n".'$db_username = \''.addslashes($db_username)."';\n".'$db_password = \''.addslashes($db_password)."';\n".'$db_prefix = \''.addslashes($db_prefix)."';\n".'$p_connect = false;'."\n\n".'$cookie_name = '."'".$cookie_name."';\n".'$cookie_domain = '."'';\n".'$cookie_path = '."'/';\n".'$cookie_secure = 0;'."\n".'$cookie_seed = \''.random_key(16, false, true)."';\n\n".'$salt1 = \''.$salt1."';\n\ndefine('PUN', 1);\n"."\ndefine('PUN_DEBUG', 1);\n//define('PUN_SHOW_QUERIES', 1);\ndefine('PUN_MAX_POSTSIZE', 65535);\n".'//define(\'FORUM_EOL\', "\r\n"); // possible values can be PHP_EOL, "\r\n", "\n" or "\r"'."\n//define('FORUM_UA_OFF', 1);\ndefine('FORUM_AJAX_JQUERY', '//ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js');\n";
return '<?php'."\n\n"
.'$db_type = \''.$db_type."';\n"
.'$db_host = \''.$db_host."';\n"
.'$db_name = \''.addslashes($db_name)."';\n"
.'$db_username = \''.addslashes($db_username)."';\n"
.'$db_password = \''.addslashes($db_password)."';\n"
.'$db_prefix = \''.addslashes($db_prefix)."';\n"
.'$p_connect = false;'."\n\n"
.'$cookie_name = '."'".$cookie_name."';\n"
.'$cookie_domain = '."'';\n"
.'$cookie_path = '."'/';\n"
.'$cookie_secure = 0;'."\n"
.'$cookie_samesite = \'Lax\'; // Strict, Lax or None'."\n"
.'$cookie_seed = \''.random_key(16, false, true)."';\n\n"
.'$salt1 = \''.$salt1."';\n\n"
."define('PUN', 1);\n\n"
."define('PUN_DEBUG', 1);\n"
."//define('PUN_SHOW_QUERIES', 1);\n"
."define('PUN_MAX_POSTSIZE', 65535);\n"
.'//define(\'FORUM_EOL\', "\r\n"); // possible values can be PHP_EOL, "\r\n", "\n" or "\r"'."\n"
."//define('FORUM_UA_OFF', 1);\n"
."define('FORUM_AJAX_JQUERY', 'https://ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js');\n"
."//define('FORUM_SQLITE3_BUSY_TIMEOUT', 10000);\n"
."//define('FORUM_SQLITE3_WAL_ON', 1);\n\n"
."//error_reporting(E_ALL);\n"
."//ini_set('display_errors', 1);\n"
."//ini_set('log_errors', 1);\n";
}
@ -175,7 +198,7 @@ else
else if (pun_strlen($salt1) < 10)
$alerts[] = 'Salt must be at least 10 characters long.';
if (pun_strlen($password1) < 6)
if (pun_strlen($password1) < 9)
$alerts[] = $lang_install['Short password'];
else if ($password1 != $password2)
$alerts[] = $lang_install['Passwords not match'];
@ -218,15 +241,6 @@ if (!isset($_POST['form_sent']) || !empty($alerts))
$db_extensions[] = array('mysqli_innodb', 'MySQL Improved (InnoDB)');
$mysql_innodb = true;
}
if (function_exists('mysql_connect'))
{
$db_extensions[] = array('mysql', 'MySQL Standard');
$db_extensions[] = array('mysql_innodb', 'MySQL Standard (InnoDB)');
$mysql_innodb = true;
if (count($db_extensions) > 2)
$dual_mysql = true;
}
if (function_exists('sqlite_open'))
$db_extensions[] = array('sqlite', 'SQLite');
if (class_exists('SQLite3'))
@ -246,7 +260,7 @@ if (!isset($_POST['form_sent']) || !empty($alerts))
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title><?php echo $lang_install['FluxBB Installation'] ?></title>
<link rel="stylesheet" type="text/css" href="style/<?php echo $default_style ?>.css" />
<link rel="stylesheet" type="text/css" href="style/<?php echo pun_htmlspecialchars($default_style) ?>.css" />
<script type="text/javascript">
/* <![CDATA[ */
function process_form(the_form)
@ -500,17 +514,11 @@ else
switch ($db_type)
{
case 'mysql':
require PUN_ROOT.'include/dblayer/mysql.php';
break;
case 'mysql_innodb':
require PUN_ROOT.'include/dblayer/mysql_innodb.php';
break;
case 'mysqli':
require PUN_ROOT.'include/dblayer/mysqli.php';
break;
case 'mysql_innodb':
case 'mysqli_innodb':
require PUN_ROOT.'include/dblayer/mysqli_innodb.php';
break;
@ -528,7 +536,7 @@ else
break;
default:
error(sprintf($lang_install['DB type not valid'], pun_htmlspecialchars($db_type)));
error(sprintf($lang_install['DB type not valid'], $db_type));
}
// Create the database object (and connect/select db)
@ -565,9 +573,12 @@ else
// Make sure FluxBB isn't already installed
$result = $db->query('SELECT 1 FROM '.$db_prefix.'users WHERE id=1');
if ($db->num_rows($result))
error(sprintf($lang_install['Existing table error'], $db_prefix, $db_name));
if ($db->table_exists('users'))
{
$result = $db->query('SELECT 1 FROM '.$db_prefix.'users WHERE id=1');
if ($db->result($result))
error(sprintf($lang_install['Existing table error'], $db_prefix, $db_name));
}
// Check if InnoDB is available
if ($db_type == 'mysql_innodb' || $db_type == 'mysqli_innodb')
@ -677,7 +688,7 @@ else
$schema = array(
'FIELDS' => array(
'conf_name' => array(
'datatype' => 'VARCHAR(255)',
'datatype' => 'VARCHAR(190)',
'allow_null' => false,
'default' => '\'\''
),
@ -1943,7 +1954,7 @@ else
$db->query('INSERT INTO '.$db_prefix.'users (group_id, username, password, email) VALUES(3, \''.$db->escape($lang_install['Guest']).'\', \''.$db->escape($lang_install['Guest']).'\', \''.$db->escape($lang_install['Guest']).'\')')
or error('Unable to add guest user. Please check your configuration and try again', __FILE__, __LINE__, $db->error());
$db->query('INSERT INTO '.$db_prefix.'users (group_id, username, password, email, language, style, num_posts, last_post, registered, registration_ip, last_visit) VALUES(1, \''.$db->escape($username).'\', \''.pun_hash($password1).'\', \''.$email.'\', \''.$db->escape($default_lang).'\', \''.$db->escape($default_style).'\', 1, '.$now.', '.$now.', \''.$db->escape(get_remote_address()).'\', '.$now.')')
$db->query('INSERT INTO '.$db_prefix.'users (group_id, username, password, email, language, style, num_posts, last_post, registered, registration_ip, last_visit) VALUES(1, \''.$db->escape($username).'\', \''.$db->escape(password_hash($password1, PASSWORD_DEFAULT)).'\', \''.$email.'\', \''.$db->escape($default_lang).'\', \''.$db->escape($default_style).'\', 1, '.$now.', '.$now.', \''.$db->escape(get_remote_address()).'\', '.$now.')')
or error('Unable to add administrator user. Please check your configuration and try again', __FILE__, __LINE__, $db->error());
// New PMS - Visman
@ -2010,7 +2021,7 @@ else
'o_smtp_pass' => NULL,
'o_smtp_ssl' => 0,
'o_regs_allow' => 1,
'o_regs_verify' => 0,
'o_regs_verify' => 1,
'o_announcement' => 0,
'o_announcement_message' => $lang_install['Announcement'],
'o_rules' => 0,
@ -2029,7 +2040,7 @@ else
'p_sig_img_tag' => 0,
'p_sig_length' => 400,
'p_sig_lines' => 4,
'p_allow_banned_email' => 1,
'p_allow_banned_email' => 0,
'p_allow_dupe_email' => 0,
'p_force_guest_email' => 1,
'o_pms_enabled' => 1, // New PMS - Visman
@ -2084,6 +2095,8 @@ else
$db->end_transaction();
forum_clear_cache();
$alerts = array();
// Check if we disabled uploading avatars because file_uploads was disabled
@ -2118,7 +2131,7 @@ else
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title><?php echo $lang_install['FluxBB Installation'] ?></title>
<link rel="stylesheet" type="text/css" href="style/<?php echo $default_style ?>.css" />
<link rel="stylesheet" type="text/css" href="style/<?php echo pun_htmlspecialchars($default_style) ?>.css" />
</head>
<body>
@ -2153,8 +2166,8 @@ if (!$written)
<p><?php echo $lang_install['Info 18'] ?></p>
</div>
<input type="hidden" name="generate_config" value="1" />
<input type="hidden" name="db_type" value="<?php echo $db_type; ?>" />
<input type="hidden" name="db_host" value="<?php echo $db_host; ?>" />
<input type="hidden" name="db_type" value="<?php echo pun_htmlspecialchars($db_type); ?>" />
<input type="hidden" name="db_host" value="<?php echo pun_htmlspecialchars($db_host); ?>" />
<input type="hidden" name="db_name" value="<?php echo pun_htmlspecialchars($db_name); ?>" />
<input type="hidden" name="db_username" value="<?php echo pun_htmlspecialchars($db_username); ?>" />
<input type="hidden" name="db_password" value="<?php echo pun_htmlspecialchars($db_password); ?>" />

4
js/media.min.js vendored
View file

File diff suppressed because one or more lines are too long

42
js/post.js
View file

@ -1,9 +1,9 @@
// post.js v2.1.1 Copyright (C) 2014-2016 Visman (mio.visman@yandex.ru)
// post.js v2.2.0 Copyright (C) 2014-2019 Visman (mio.visman@yandex.ru)
if (typeof FluxBB === 'undefined' || !FluxBB) {var FluxBB = {};}
FluxBB.post = (function (doc, win) {
'use strict';
var nameusers = [],
bbcode = [],
lang = [],
@ -52,14 +52,14 @@ FluxBB.post = (function (doc, win) {
}
return !1;
}
function check_apq () {
if (apq_id != -1) {
get('pq' + apq_id).innerHTML = apq_temp;
apq_id = -1;
}
}
function orsc(req) {
if (req.readyState == 4) {
check_apq();
@ -80,7 +80,7 @@ FluxBB.post = (function (doc, win) {
}
return html;
}
function ColorMapBB() {
var colors = [], a = ['00', '33', '66', '99', 'cc', 'ff'];
for (var x = 0; x < 6; x++) {
@ -106,7 +106,7 @@ FluxBB.post = (function (doc, win) {
init : function () {
if (fls) return false;
fls = true;
textarea = doc.getElementsByName('req_message')[0];
if (typeof textarea === 'undefined') return false;
@ -136,11 +136,11 @@ FluxBB.post = (function (doc, win) {
{i:'smile.png', a:'smileys', f:'return FluxBB.post.overlay(this, \'bbcode_smileys\');'}];
if (doc.getElementsByTagName('html')[0].getAttribute('lang') == 'ru') {
lang = {'b':'Полужирный текст', 'i':'Наклонный текст', 'u':'Подчеркнутый текст', 's':'Зачёркнутый текст', 'center':'По центру', 'right':'По правому краю', 'justify':'По ширине', 'mono':'Моношрифт', 'url':'Ссылка', 'email':'Электронная почта', 'img':'Картинка', 'list':'Список', '*':'Элемент списка', 'quote':'Цитата', 'code':'Блок кода', 'hr':'Горизонтальная линия', 'color':'Цвет текста', 'spoiler':'Скрытый текст', 'smileys':'Смайлы', 'upfiles':'Загрузки', 'QQ':'Цитировать', 'Loading':'Загрузка...', 'Must':'Вы должны выделить текст для цитирования'};
lang = {'b':'Полужирный текст', 'i':'Наклонный текст', 'u':'Подчеркнутый текст', 's':'Зачёркнутый текст', 'center':'По центру', 'right':'По правому краю', 'justify':'По ширине', 'mono':'Моношрифт', 'url':'Ссылка', 'email':'Электронная почта', 'img':'Картинка', 'list':'Список', '*':'Элемент списка', 'quote':'Цитата', 'code':'Блок кода', 'hr':'Горизонтальная линия', 'color':'Цвет текста', 'spoiler':'Скрытый текст', 'smileys':'Смайлы', 'QQ':'Цитировать', 'Loading':'Загрузка...', 'Must':'Вы должны выделить текст для цитирования'};
} else {
lang = {'b':'Bold text', 'i':'Italic text', 'u':'Underlined text', 's':'Strike-through text', 'center':'Center', 'right':'Right', 'justify':'Justify', 'mono':'Mono', 'url':'Link', 'email':'E-mail', 'img':'Image', 'list':'List', '*':'List element', 'quote':'Quote', 'code':'Code block', 'hr':'Horizontal line', 'color':'Colour of text', 'spoiler':'Spoiler', 'smileys':'Smileys', 'upfiles':'Uploads', 'QQ':'Quote', 'Loading':'Loading...', 'Must':'You must select text before quoting'};
lang = {'b':'Bold text', 'i':'Italic text', 'u':'Underlined text', 's':'Strike-through text', 'center':'Center', 'right':'Right', 'justify':'Justify', 'mono':'Mono', 'url':'Link', 'email':'E-mail', 'img':'Image', 'list':'List', '*':'List element', 'quote':'Quote', 'code':'Code block', 'hr':'Horizontal line', 'color':'Colour of text', 'spoiler':'Spoiler', 'smileys':'Smileys', 'QQ':'Quote', 'Loading':'Loading...', 'Must':'You must select text before quoting'};
}
var div = createElement('div');
div.setAttribute('id', 'bbcode_bar');
@ -173,7 +173,7 @@ FluxBB.post = (function (doc, win) {
if (typeof dt !== 'undefined') {
var a = dt.innerHTML;
var n = a.replace(/<[^>]+>/g, '');
// Decode html special chars
nameusers[id] = n.replace(/&lt;/g, '<')
.replace(/&gt;/g, '>')
@ -193,18 +193,6 @@ FluxBB.post = (function (doc, win) {
}
}
}
if (!!FluxBB.vars.bbFlagUp && !FluxBB.vars.bbGuest) {
var all_ul = doc.getElementsByTagName('ul'),
i = all_ul.length - 1;
while (i > -1) {
if (all_ul[i].className == 'bblinks') {
all_ul[i].insertAdjacentHTML('beforeEnd', '<li><span><a href="upfiles.php" onclick="return FluxBB.post.popUp(this.href);"><strong>' + lang['upfiles'] + '</strong></a></span></li>');
i = 0;
}
i--;
}
}
},
insText : function (open, close) {
@ -234,16 +222,16 @@ FluxBB.post = (function (doc, win) {
textarea.focus();
return false;
},
insName: function (id) {
return FluxBB.post.insText('', '[b]@' + nameusers[id] + '[/b], ');
},
getText: function () {
if (win.getSelection) quote_text = win.getSelection().toString();
else if (doc.selection && doc.selection.createRange) quote_text = doc.selection.createRange().text;
},
quote: function (id) {
if (typeof id !== 'number' || id < 1) return false;
if (quote_text != '') {
@ -276,7 +264,7 @@ FluxBB.post = (function (doc, win) {
win.open(url, 'gest', 'top=' + t + ',left=' + l + ',width=' + w + ',height=' + h + ',resizable=yes,location=no,menubar=no,status=no,scrollbars=yes');
return false;
},
overlay : function (prt, str) {
var m = get(str);
if (m.style.display != 'block') {
@ -308,7 +296,7 @@ FluxBB.post = (function (doc, win) {
return false;
},
showMapColor : function (color) {
get('selectedMapColor').style.backgroundColor = color;
get('selectedMapColorBox').value = color;

407
js/upload.js Normal file
View file

@ -0,0 +1,407 @@
// upload.js v3.0.2 Copyright (C) 2020 Visman (mio.visman@yandex.ru)
if (typeof FluxBB === 'undefined' || !FluxBB) {var FluxBB = {};}
FluxBB.upload = (function (doc, win) {
'use strict';
var state = 0,
anchor,
files = {},
page = 0,
pages = 1,
textarea;
function get(elem) {
return doc.getElementById(elem);
}
function newXhr() {
if (typeof XMLHttpRequest === 'undefined') {
try {
return new ActiveXObject('Microsoft.XMLHTTP');
} catch (e) {}
} else {
return new XMLHttpRequest();
}
return false;
}
function createStartLink(ul) {
var a = doc.createElement('a'),
span = doc.createElement('span'),
li = doc.createElement('li');
a.innerHTML = FluxBB.uploadvars.lang.upfiles;
a.href = FluxBB.uploadvars.action;
span.appendChild(a);
li.appendChild(span);
ul.appendChild(li);
return a;
}
function findAnchor(node) {
while (node) {
if ('FIELDSET' === node.tagName) {
anchor = node.parentNode;
return true;
}
node = node.parentNode;
}
return false;
}
function popUp(url) {
var h = Math.min(430, screen.height),
w = Math.min(820, screen.width),
t = Math.max((screen.height - h) / 3, 0),
l = (screen.width - w) / 2;
win.open(url, 'gest', 'top=' + t + ',left=' + l + ',width=' + w + ',height=' + h + ',resizable=yes,location=no,menubar=no,status=no,scrollbars=yes');
}
function insertAfter(newNode, node) {
if (node.parentNode.lastChild === node) {
return node.parentNode.appendChild(newNode);
} else {
return node.parentNode.insertBefore(newNode, node.nextSibling);
}
}
function setInput(name, value, type) {
var input = doc.createElement('input');
input.type = type || 'hidden';
input.name = name;
input.value = value;
return input;
}
function initLoader() {
var style = doc.createElement('link'),
head = doc.querySelector('head');
style.href = FluxBB.uploadvars.style;
style.rel = 'stylesheet';
style.type = 'text/css';
head.appendChild(style);
var tmp = get('upf-template').children;
while (tmp[0]) {
anchor = insertAfter(tmp[0], anchor);
}
var form = doc.createElement('form');
form.id = 'upf-dataform';
var div = doc.createElement('div');
form.appendChild(div);
var input = setInput('upfile', '', 'file');
input.id = 'upfile';
div.appendChild(input);
div.appendChild(setInput('csrf_hash', FluxBB.uploadvars.token));
div.appendChild(setInput('ajx', '1'));
div.appendChild(setInput('action', 'upload'));
get('upf-template').appendChild(form);
get('upf-button').addEventListener('click', FluxBB.upload.buttonHandler, false);
input.addEventListener('change', FluxBB.upload.changeHandler, false);
files['-'] = {link: get('upf--')};
loadFileData();
}
function postData(data, successHandler, errorHandler) {
var xhr = newXhr();
if (!xhr) {
errorHandler && errorHandler(0, 'XMLHttpRequest not working');
return;
}
xhr.open('POST', FluxBB.uploadvars.action, true);
xhr.onreadystatechange = function() {
if (xhr.readyState == 4) {
if (xhr.status == 200) {
var data = xhr.responseText;
if (typeof data === 'string') {
try {
data = JSON.parse(data);
} catch (e) {
errorHandler && errorHandler(0, e.message);
return;
}
}
if ('error' in data) {
errorHandler && errorHandler(0, data.error);
} else {
successHandler && successHandler(data);
}
} else {
errorHandler && errorHandler(xhr.status, xhr.statusText);
}
}
};
if (data instanceof FormData) {
xhr.send(data);
} else {
xhr.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded');
data.ajx = 1;
data.csrf_hash = FluxBB.uploadvars.token;
var query = '',
separator = '';
for (var key in data) {
query += separator + key + '=' + encodeURIComponent(data[key]);
separator = '&';
}
xhr.send(query);
}
}
function updateData(data, auto) {
pages = data.pages;
setLegend(data.size, data.percent);
for (var key in data.files) {
addFileToGallery(key, data.files[key]);
if (auto) {
insertCode(key, true);
}
}
get('upf-container').addEventListener('scroll', FluxBB.upload.listHandler, false);
var event;
if (typeof Event === 'function') {
event = new Event('scroll');
} else {
event = document.createEvent('Event');
event.initEvent('scroll', false, false);
}
get('upf-container').dispatchEvent(event);
}
function loadFileData() {
get('upf-container').removeEventListener('scroll', FluxBB.upload.listHandler, false);
if (page >= pages) {
return;
}
++page;
postData({action: 'view', p: page}, function (data) {
updateData(data);
}, function (status, text) {
alert(text);
});
}
function addFileToGallery(key, data) {
if (key in files) {
return;
}
var max = '';
for (var cur in files) {
if (key > cur && cur > max) {
max = cur;
}
}
var node = files['-'].link.cloneNode(true);
node.id = 'upf-' + key;
var name = node.querySelector('.upf-name');
name.title = data.filename;
name.querySelector('span').textContent = data.alt;
node.querySelector('.upf-size').querySelector('span').textContent = data.size;
var url = node.querySelector('.upf-file').querySelector('a');
url.href = data.url;
var child = url.querySelector('span');
if (data.mini) {
url.removeChild(child);
var child = doc.createElement('img');
child.src = data.mini;
child.alt = data.alt;
url.appendChild(child);
} else {
child.textContent = data.alt;
}
node.querySelector('.upf-delete').querySelector('a').addEventListener('click', FluxBB.upload.actionHandler, false);
node.querySelector('.upf-insert').querySelector('a').addEventListener('click', FluxBB.upload.actionHandler, false);
if (data.mini) {
node.querySelector('.upf-insert-t').querySelector('a').addEventListener('click', FluxBB.upload.actionHandler, false);
} else {
node.querySelector('.upf-insert-t').style.display = 'none';
}
files[max].link.parentNode.insertBefore(node, files[max].link);
data.link = node;
files[key] = data;
}
function setLegend(size, percent)
{
try {
var rgb = 'rgb(' + Math.ceil((percent > 50 ? 50 : percent)*255/50) + ', ' + Math.ceil((percent < 50 ? 50 : 100 - percent)*255/50) + ', 0)',
legend = get('upf-legend'),
div = legend.querySelector('div'),
span = div.querySelector('span');
legend.style.borderColor = div.style.backgroundColor = rgb;
div.style.width = span.textContent = percent + '%';
} catch (e) {}
try {
get('upf-legend-p').querySelector('span').textContent = size;
} catch (e) {}
}
function deleteFile(key) {
if (!confirm(FluxBB.uploadvars.lang.confirmation)) {
return;
}
var file = files[key];
file.link.classList.add('upf-removal');
postData({action: 'delete', file: file.filename, p: page}, function (data) {
file.link.parentNode.removeChild(file.link);
file.link = null;
delete files[key];
updateData(data);
}, function (status, text) {
file.link.classList.remove('upf-removal');
alert(text);
});
}
function insertCode(key, thumb) {
var file = files[key];
thumb = thumb && file.mini;
if (thumb) {
insertText('', '[url=' + file.url + '][img]' + file.mini + '[/img][/url]', '');
} else if (['jpg', 'jpeg', 'png', 'gif', 'bmp', 'webp'].indexOf(file.ext) > -1) {
insertText('', '[img]' + file.url + '[/img]', '');
} else {
insertText('[url=' + file.url + ']', '[/url]', file.filename);
}
}
function insertText(open, close, text) {
textarea.focus();
// all and IE9+
if ('selectionStart' in textarea) {
var len = textarea.value.length,
sp = Math.min(textarea.selectionStart, len), // IE bug
ep = Math.min(textarea.selectionEnd, len); // IE bug
textarea.value = textarea.value.substring(0, sp)
+ open
+ (sp == ep ? text : textarea.value.substring(sp, ep))
+ close
+ textarea.value.substring(ep);
textarea.selectionStart = textarea.selectionEnd = ep + close.length + open.length + (sp == ep ? text.length : 0);
}
// IE9-
else if (doc.selection && doc.selection.createRange) {
var sel = doc.selection.createRange();
sel.text = open + (!sel.text ? text : sel.text) + close;
}
textarea.focus();
}
//*********************//
return {
init : function () {
if (0 !== state) {
return false;
}
state = -1;
doc.removeEventListener("DOMContentLoaded", FluxBB.upload.init, false);
textarea = doc.getElementsByName('req_message')[0];
if (textarea && false !== findAnchor(textarea)) {
var bblinks = anchor.querySelector('.bblinks');
if (bblinks) {
var link = createStartLink(bblinks);
link.addEventListener('click', FluxBB.upload.clickStart, false);
state = (typeof FormData === 'undefined') ? 1 : 2;
}
}
},
clickStart : function (event) {
event.preventDefault();
switch (state) {
case 1:
popUp(FluxBB.uploadvars.action);
break;
case 2:
initLoader();
state = 3;
break;
}
},
listHandler : function (event) {
var list = event.currentTarget;
if (list.scrollWidth - list.scrollLeft - list.clientWidth < 140) {
loadFileData();
}
},
actionHandler : function (event) {
event.preventDefault();
var target = event.currentTarget.parentNode,
cl = target.className,
key = target.parentNode.id.substring(4);
if (!(key in files)) {
return;
}
if (cl.indexOf('delete') > -1) {
deleteFile(key);
} else if (cl.indexOf('insert-t') > -1) {
insertCode(key, true)
} else if (cl.indexOf('insert') > -1) {
insertCode(key, false)
}
},
buttonHandler : function(event) {
var event;
try {
event = new MouseEvent('click');
} catch (e) {
event = document.createEvent('MouseEvent');
event.initEvent('click', false, false);
}
get('upfile').dispatchEvent(event);
},
changeHandler : function(event) {
var files = event.target.files;
if (1 !== files.length) {
return;
}
var file = files[0];
if (file.size > FluxBB.uploadvars.maxsize) {
alert(FluxBB.uploadvars.lang.large);
} else if (FluxBB.uploadvars.exts.indexOf(file.name.match(/\.([^.]*)$/)[1].toLowerCase()) < 0) {
alert(FluxBB.uploadvars.lang.bad_type);
} else {
var form = new FormData(get('upf-dataform'));
get('upf-button').classList.add('upf-uploading');
postData(form, function (data) {
get('upf-button').classList.remove('upf-uploading');
updateData(data, true);
}, function (status, text) {
get('upf-button').classList.remove('upf-uploading');
alert(text);
});
}
}
};
}(document, window));
if (document.addEventListener) {
document.addEventListener("DOMContentLoaded", FluxBB.upload.init, false);
}

2
lang/English/admin_bans.php
View file

@ -11,6 +11,8 @@ $lang_admin_bans = array(
'Cannot ban guest message' => 'The guest user cannot be banned.',
'Invalid IP message' => 'You entered an invalid IP/IP-range.',
'Invalid e-mail message' => 'The email address (e.g. user@domain.com) or partial email address domain (e.g. domain.com) you entered is invalid.',
'Duplicate domain message' => 'The domain %s has already been banned.',
'Duplicate e-mail message' => 'The email address %s has already been banned.',
'Invalid date message' => 'You entered an invalid expire date.',
'Invalid date reasons' => 'The format should be YYYY-MM-DD and the date must be at least one day in the future.',
'Ban added redirect' => 'Ban added. Redirecting …' ,

2
lang/English/admin_options.php
View file

@ -112,7 +112,7 @@ $lang_admin_options = array(
'Indent label' => 'Indent size',
'Indent help' => 'If set to 8, a regular tab will be used when displaying text within the [code][/code] tag. Otherwise this many spaces will be used to indent the text.',
'Quote depth label' => 'Maximum [quote] depth',
'Quote depth help' => 'The maximum times a [quote] tag can go inside other [quote] tags, any tags deeper than this will be discarded.',
'Quote depth help' => 'The maximum times a [quote] tag can go inside other [quote] tags.',
// Features section
'Features subhead' => 'Features',

7
lang/English/admin_plugin_not_sum.php
View file

@ -2,10 +2,9 @@
$lang_admin_plugin_not_sum = array(
'Plugin title' => 'Not Sum - We switch off calculation of messages',
'Explanation 1' => 'The plugin serves for deenergizing of calculation of messages of users in certain sections.',
'Explanation 2' => 'In addition the plugin synchronizes quantity of messages at users.',
'Show text button' => 'Save changes',
'Plugin title' => 'Not to sum',
'Explanation 1' => 'This plugin is used to turn off the counting of user messages in the marked forums and to recalculate the number of messages in users, regardless of changing settings.',
'Show text button' => 'Recalculate and save',
'Not Sum' => 'Not to sum',
);

28
lang/English/common.php
View file

@ -87,16 +87,6 @@ $lang_common = array(
'Banned' => 'Banned',
'Guest' => 'Guest',
// Stuff for include/parser.php
'BBCode error no opening tag' => '[/%1$s] was found without a matching [%1$s]',
'BBCode error invalid nesting' => '[%1$s] was opened within [%2$s], this is not allowed',
'BBCode error invalid self-nesting' => '[%s] was opened within itself, this is not allowed',
'BBCode error no closing tag' => '[%1$s] was found without a matching [/%1$s]',
'BBCode error empty attribute' => '[%s] tag had an empty attribute section',
'BBCode error tag not allowed' => 'You are not allowed to use [%s] tags',
'BBCode error tag url not allowed' => 'You are not allowed to post links',
'BBCode list size error' => 'Your list was too long to parse, please make it smaller!',
// Stuff for the navigator (top of every page)
'Index' => 'Index',
'User list' => 'User list',
@ -183,4 +173,22 @@ $lang_common = array(
'Size unit PiB' => '%s PiB',
'Size unit EiB' => '%s EiB',
'errors' => [
1 => '[%1$s] is in the black list',
2 => '[%1$s] is absent in the white list',
3 => '[%1$s] can\'t be opened in the [%2$s]',
4 => '[/%1$s] was found without a matching [%1$s]',
5 => '[/%1$s] is found for single [%1$s]',
6 => 'There are no attributes in [%1$s]',
7 => 'Primary attribute is forbidden in [%1$s=...]',
8 => 'Secondary attributes are forbidden in [%1$s ...]',
9 => 'The attribute \'%2$s\' doesn\'t correspond to a template in the [%1$s]',
10 => '[%1$s ...] contains unknown secondary attribute \'%2$s\'',
11 => 'The body of [%1$s] doesn\'t correspond to a template',
12 => '[%1$s] was opened within itself, this is not allowed',
13 => 'In the [%1$s] is absent mandatory attribute \'%2$s\'',
14 => 'All tags are empty',
15 => 'The depth of the tag tree is greater than %1$s',
16 => '[%1$s] is enclosed in itself more than %2$s times',
],
);

4
lang/English/install.php
View file

@ -18,7 +18,7 @@ $lang_install = array(
'Username 4' => 'Usernames may not be in the form of an IP address.',
'Username 5' => 'Usernames may not contain all the characters \', " and [ or ] at once.',
'Username 6' => 'Usernames may not contain any of the text formatting tags (BBCode) that the forum uses.',
'Short password' => 'Passwords must be at least 6 characters long.',
'Short password' => 'Passwords must be at least 9 characters long.',
'Passwords not match' => 'Passwords do not match.',
'Wrong email' => 'The administrator email address you entered is invalid.',
'No board title' => 'You must enter a board title.',
@ -55,7 +55,7 @@ $lang_install = array(
'Table prefix' => 'Table prefix',
'Administration setup' => 'Administration setup',
'Info 7' => 'Create the very first account on your board.',
'Info 8' => 'Your username should be between 2 and 25 characters long. Your password must be at least 6 characters long. Salt must be at least 10 characters long. Remember that passwords and salt are case-sensitive.',
'Info 8' => 'Your username should be between 2 and 25 characters long. Your password must be at least 9 characters long. Salt must be at least 10 characters long. Remember that passwords and salt are case-sensitive.',
'Password' => 'Password',
'Confirm password' => 'Confirm password',
'Board setup' => 'Board setup',

2
lang/English/prof_reg.php
View file

@ -30,7 +30,7 @@ $lang_prof_reg = array(
'Username reserved chars' => 'Usernames may not contain all the characters \', " and [ or ] at once. Please choose another username.',
'Username BBCode' => 'Usernames may not contain any of the text formatting tags (BBCode) that the forum uses. Please choose another username.',
'Banned username' => 'The username you entered is banned in this forum. Please choose another username.',
'Pass too short' => 'Passwords must be at least 6 characters long. Please choose another (longer) password.',
'Pass too short' => 'Passwords must be at least 9 characters long. Please choose another (longer) password.',
'Pass not match' => 'Passwords do not match.',
'Banned email' => 'The email address you entered is banned in this forum. Please choose another email address.',
'Dupe email' => 'Someone else is already registered with that email address. Please choose another email address.',

2
lang/English/profile.php
View file

@ -30,7 +30,7 @@ $lang_profile = array(
'Old pass' => 'Old password',
'New pass' => 'New password',
'Confirm new pass' => 'Confirm new password',
'Pass info' => 'Passwords must be at least 6 characters long. Passwords are case sensitive.',
'Pass info' => 'Passwords must be at least 9 characters long. Passwords are case sensitive.',
// Email stuff
'Email key bad' => 'The specified email activation key was incorrect or has expired. Please re-request change of email address. If that fails, contact the forum administrator at',

2
lang/English/register.php
View file

@ -30,7 +30,7 @@ $lang_register = array(
'Desc 2' => 'Below is a form you must fill out in order to register. Once you are registered you should visit your profile and review the different settings you can change. The fields below only make up a small part of all the settings you can alter in your profile.',
'Username legend' => 'Please enter a username between 2 and 25 characters long',
'Pass legend' => 'Please enter and confirm your chosen password',
'Pass info' => 'Passwords must be at least 6 characters long. Passwords are case sensitive.',
'Pass info' => 'Passwords must be at least 9 characters long. Passwords are case sensitive.',
'Email info' => 'You must enter a valid email address as your randomly generated password will be sent to that address.',
'Confirm email' => 'Confirm email address',

2
lang/English/search.php
View file

@ -51,7 +51,7 @@ $lang_search = array(
'By user show as posts' => 'Posts by %s',
'By both show as topics' => 'Topics with posts containing \'%s\', by %s',
'By both show as posts' => 'Posts containing \'%s\', by %s',
'No terms' => 'You have to enter at least one keyword and/or an author to search for.',
'No terms' => 'You have to enter at least one keyword and/or an author to search for. Search terms need to be at least three characters long.',
'No hits' => 'Your search returned no hits.',
'No user posts' => 'There are no posts by this user in this forum.',
'No user topics' => 'There are no topics by this user in this forum.',

30
lang/English/upload.php
View file

@ -11,6 +11,7 @@ $lang_up = array(
'Error no mod img' => 'The picture has crash at updating.',
'Error open' => 'Uploaded file doesn\'t open.',
'Error inject' => 'Uploaded file contains the forbidden string. Archive this file and try again, Or speak to administrator.',
'Error usage' => 'File used in %d post(s).',
'Redirect' => 'Options updated. Redirecting …',
'Install info' => 'Prepare the database and cache to operate Uploadile.',
@ -27,12 +28,12 @@ $lang_up = array(
'thumb' => 'Activate thumbnails',
'thumb_size' => 'Thumbs size: ',
'quality' => 'Quality: ',
'maxsize_member' => 'Max size members can upload.',
'limit_member' => 'Space allocated to members.',
'maxsize_member' => 'Max size members can upload (MBytes).',
'limit_member' => 'Space allocated to members (MBytes).',
'px' => 'Pixel',
'bytes' => 'Bytes',
'kbytes' => 'KBytes',
'pictures' => 'Pictures',
'for pictures' => 'For a picture in weight it is more',
'for pictures' => 'For files greater than',
'Install quality' => 'Install quality:',
'Size not more' => 'Size not more (WxH):',
'to jpeg' => 'Convert to jpeg',
@ -45,8 +46,8 @@ $lang_up = array(
'titre_4' => 'My uploads',
'popup_title' => 'File manager',
'info_2' => 'Your file must not be bigger than %s and must be a %s file.',
'info_4' => 'Storage space used: %s in %s',
'info_2' => '%1$s (%2$s max file size)',
'info_4' => 'Storage space used: <span>%s</span> of %s allowed.',
'legend' => 'File',
'fichier' => 'Select a file',
@ -74,13 +75,18 @@ $lang_up = array(
'group' => 'Group',
// Avatar upload stuff
'Too large ini' => 'The selected file was too large to upload. The server didn\'t allow the upload.',
'Partial upload' => 'The selected file was only partially uploaded. Please try again.',
'No tmp directory' => 'PHP was unable to save the uploaded file to a temporary location.',
'No file' => 'You did not select a file for upload.',
'Bad type' => 'The file you tried to upload is not of an allowed type.',
'Too large' => 'The file you tried to upload is larger than the maximum allowed',
'Move failed' => 'The server was unable to save the uploaded file. Please contact the forum administrator at',
'Unknown failure' => 'An unknown error occurred. Please try again.',
'Move failed' => 'The server was unable to save the uploaded file.',
'Unknown failure' => 'An unknown error occurred.',
'Upload' => 'Upload',
'UPLOAD_ERR_INI_SIZE' => 'The uploaded file exceeds the upload_max_filesize directive in php.ini.',
'UPLOAD_ERR_FORM_SIZE' => 'The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form.',
'UPLOAD_ERR_PARTIAL' => 'The uploaded file was only partially uploaded.',
'UPLOAD_ERR_NO_FILE' => 'No file was uploaded.',
'UPLOAD_ERR_NO_TMP_DIR' => 'Missing a temporary folder.',
'UPLOAD_ERR_CANT_WRITE' => 'Failed to write file to disk.',
'UPLOAD_ERR_EXTENSION' => 'A PHP extension stopped the file upload.',
'UPLOAD_ERR_UNKNOWN' => 'Unknown upload error.',
);

2
lang/Russian/admin_bans.php
View file

@ -11,6 +11,8 @@ $lang_admin_bans = array(
'Cannot ban guest message' => 'Гостя нельзя забанить.',
'Invalid IP message' => 'Вы ввели неверный IP или IP-диапазон.',
'Invalid e-mail message' => 'Email (т.е. user@domain.com) или доменная часть (т.е. domain.com) введена неверно.',
'Duplicate domain message' => 'Домен %s уже забанен.',
'Duplicate e-mail message' => 'Email %s уже забанен.',
'Invalid date message' => 'Вы ввели неправильную дату окончания.',
'Invalid date reasons' => 'Дата должна быть в формате YYYY-MM-DD и должна быть не ранее, чем завтрашнее число.',
'Ban added redirect' => 'Бан добавлен. Переадресация …' ,

2
lang/Russian/admin_options.php
View file

@ -112,7 +112,7 @@ $lang_admin_options = array(
'Indent label' => 'Размер отступа',
'Indent help' => 'Если поставить 8, отступы внутри тегов [code][/code] будут делаться табуляцими. Иначе отступы будут отбиваться пробелами.',
'Quote depth label' => 'Макс. глубина [quote]',
'Quote depth help' => 'Сколько раз тег [quote] может вкладываться в другие [quote], все теги свыше указанного порога будут игнорироваться.',
'Quote depth help' => 'Сколько раз тег [quote] может вкладываться в другие [quote].',
// Features section
'Features subhead' => 'Тонкости',

7
lang/Russian/admin_plugin_not_sum.php
View file

@ -2,10 +2,9 @@
$lang_admin_plugin_not_sum = array(
'Plugin title' => 'Not Sum - Выключаем подсчет сообщений',
'Explanation 1' => 'Плагин служит для выключения подсчета сообщений пользователей в определенных разделах.',
'Explanation 2' => 'Дополнительно плагин синхронизирует количество сообщений у пользователей.',
'Show text button' => 'Сохранить изменения',
'Plugin title' => 'Не считать',
'Explanation 1' => 'Этот плагин служит для выключения подсчета сообщений пользователей в отмеченных разделах и для пересчета количества сообщений у пользователей, вне зависимости от изменения настроек.',
'Show text button' => 'Пересчитать и сохранить',
'Not Sum' => 'Не считать',
);

28
lang/Russian/common.php
View file

@ -87,16 +87,6 @@ $lang_common = array(
'Banned' => 'Забанен',
'Guest' => 'Гость',
// Stuff for include/parser.php
'BBCode error no opening tag' => 'Обнаружен парный тег [/%1$s] без соответствующего начального тега [%1$s]',
'BBCode error invalid nesting' => 'Тег [%1$s] открывается внутри [%2$s], это недопустимо',
'BBCode error invalid self-nesting' => 'Тег [%s] открывается внутри такого же тега, это недопустимо',
'BBCode error no closing tag' => 'Обнаружен парный тег [%1$s] без соответствующего закрывающего тега [/%1$s]',
'BBCode error empty attribute' => 'Тег [%s] с пустым атрибутом',
'BBCode error tag not allowed' => 'Вам нельзя использовать тег [%s]',
'BBCode error tag url not allowed' => 'Вам нельзя использовать ссылки в сообщениях',
'BBCode list size error' => 'Ваш список слишком велик, пожалуйста уменьшите его!',
// Stuff for the navigator (top of every page)
'Index' => 'Форум',
'User list' => 'Пользователи',
@ -183,4 +173,22 @@ $lang_common = array(
'Size unit PiB' => '%s Пбайт',
'Size unit EiB' => '%s Эбайт',
'errors' => [
1 => 'Тег [%1$s] находится в черном списке',
2 => 'Тег [%1$s] отсутствует в белом списке',
3 => 'Тег [%1$s] нельзя открыть внутри тега [%2$s]',
4 => 'Не найден начальный тег для парного тега [/%1$s]',
5 => 'Найден парный тег [/%1$s] для одиночного тега [%1$s]',
6 => 'В теге [%1$s] отсутствуют атрибуты',
7 => 'Тег [%1$s=...] не может содержать первичный атрибут',
8 => 'Тег [%1$s ...] не может содержать вторичные атрибуты',
9 => 'Атрибут \'%2$s\' тега [%1$s] не соответствует шаблону',
10 => 'Тег [%1$s ...] содержит неизвестный вторичный атрибут \'%2$s\'',
11 => 'Тело тега [%1$s] не соответствует шаблону',
12 => 'Тег [%1$s] нельзя открыть внутри аналогичного тега',
13 => 'В теге [%1$s] отсутствует обязательный атрибут \'%2$s\'',
14 => 'Все теги пустые',
15 => 'Глубина дерева тегов больше %1$s',
16 => 'Тег [%1$s] вложен в себя больше %2$s раз',
],
);

4
lang/Russian/install.php
View file

@ -18,7 +18,7 @@ $lang_install = array(
'Username 4' => 'Имя пользователя не может быть похоже на IP адрес.',
'Username 5' => 'Имя не может содержать символы \', " или [ и ] одновременно.',
'Username 6' => 'Имя не должно содержать символы форматирования (BBCode) которые используются на форуме.',
'Short password' => 'Пароль должен иметь длину не менее 6 символов.',
'Short password' => 'Пароль должен иметь длину не менее 9 символов.',
'Passwords not match' => 'Пароли не совпадают.',
'Wrong email' => 'Ошибка в email администратора.',
'No board title' => 'Вы забыли ввести заголовок для форума.',
@ -55,7 +55,7 @@ $lang_install = array(
'Table prefix' => 'Префикс таблиц',
'Administration setup' => 'Настройки администратора',
'Info 7' => 'Создайте первый аккаунт на вашем форуме.',
'Info 8' => 'Длина имени должна быть от 2 до 25 символов. Пароль должен иметь длину не менее 6 символов. Соль должна иметь длину не менее 10 символов. Пароль и соль чувствительны к регистру.',
'Info 8' => 'Длина имени должна быть от 2 до 25 символов. Пароль должен иметь длину не менее 9 символов. Соль должна иметь длину не менее 10 символов. Пароль и соль чувствительны к регистру.',
'Password' => 'Пароль',
'Confirm password' => 'Подтверждение пароля',
'Board setup' => 'Настройки форума',

2
lang/Russian/prof_reg.php
View file

@ -30,7 +30,7 @@ $lang_prof_reg = array(
'Username reserved chars' => 'Имя пользователя не может содержать символы \', " или [ и ] одновременно. Пожалуйста, выберите другое имя.',
'Username BBCode' => 'Имя пользователя не должно содержать символы форматирования (BB-коды), которые используются на форуме. Пожалуйста, выберите другое имя.',
'Banned username' => 'Введенное имя пользователя заблокировано. Пожалуйста, выберите другое имя.',
'Pass too short' => 'Пароль должен состоять минимум из 6 символов. Пожалуйста, выберите другой (более длинный) пароль.',
'Pass too short' => 'Пароль должен состоять минимум из 9 символов. Пожалуйста, выберите другой (более длинный) пароль.',
'Pass not match' => 'Пароли не совпали. Вернитесь и исправьте.',
'Banned email' => 'Введенный почтовый адрес заблокирован. Пожалуйста, выберите другой адрес.',
'Dupe email' => 'Введенный почтовый адрес используется кем-то другим. Пожалуйста, выберите другой адрес.',

2
lang/Russian/profile.php
View file

@ -30,7 +30,7 @@ $lang_profile = array(
'Old pass' => 'Старый пароль',
'New pass' => 'Новый пароль',
'Confirm new pass' => 'Ещё раз',
'Pass info' => 'Пароль должен состоять минимум из 6 символов. Пароль чувствителен к регистру вводимых букв.',
'Pass info' => 'Пароль должен состоять минимум из 9 символов. Пароль чувствителен к регистру вводимых букв.',
// Email stuff
'Email key bad' => 'Указанный ключ активации почтового адреса неверен или истек срок его действия. Пожалуйста, повторно запросите смену почтового адреса. Если ничего не получится, то свяжитесь с администрацией; почтовый адрес для связи',

2
lang/Russian/register.php
View file

@ -30,7 +30,7 @@ $lang_register = array(
'Desc 2' => 'Ниже представлена форма, которую вы должны заполнить для регистрации и получения личной учетной записи. Как только процесс будет завершен, вы получите доступ к настройкам профиля с различными параметрами для внесения любых доступных изменений. Страница регистрации содержит малую толику всех доступных настроек.',
'Username legend' => 'Введите имя пользователя, содержащее от 2 до 25 символов',
'Pass legend' => 'Ввод и подтверждение выбранного пароля',
'Pass info' => 'Пароль должен состоять минимум из 6 символов. Пароль чувствителен к регистру вводимых букв.',
'Pass info' => 'Пароль должен состоять минимум из 9 символов. Пароль чувствителен к регистру вводимых букв.',
'Email info' => 'Вы должны указать действующий почтовый адрес, на который будет выслан сгенерированный пароль. Указав неверный адрес, вы не сможете завершить процедуру регистрации.',
'Confirm email' => 'Подтвердите e-mail',

2
lang/Russian/search.php
View file

@ -51,7 +51,7 @@ $lang_search = array(
'By user show as posts' => 'Автор %s (сообщения)',
'By both show as topics' => 'Ключевые слова "%s" и автор %s (темы)',
'By both show as posts' => 'Ключевые слова "%s" и автор %s (сообщения)',
'No terms' => 'Необходимо ввести хотя бы одно ключевое слово или автора для проведения поиска.',
'No terms' => 'Необходимо ввести хотя бы одно ключевое слово или автора для проведения поиска. Поиск идет минимум по трем символам.',
'No hits' => 'Ничего не найдено.',
'No user posts' => 'На форуме нет сообщений указанного пользователя.',
'No user topics' => 'На форуме нет тем указанного пользователя.',

28
lang/Russian/upload.php
View file

@ -11,6 +11,7 @@ $lang_up = array(
'Error no mod img' => 'Модификация картинки не удалась.',
'Error open' => 'Загруженный файл не открывается.',
'Error inject' => 'Загруженный файл содержит запрещенную последовательность символов. Заархивируйте файл и попробуйте снова, или обратитесь к администрации форума.',
'Error usage' => 'Файл используется в %d сообщении(ях).',
'Redirect' => 'Настройки изменены. Переадресация …',
'Install info' => 'Плагин внесет нужные изменения в базу форума и обновит кэш.',
@ -27,10 +28,10 @@ $lang_up = array(
'thumb' => 'Использовать превьюшки',
'thumb_size' => 'Высота превью: ',
'quality' => 'Качество: ',
'maxsize_member' => 'Максимальный размер файла для загрузки.',
'limit_member' => 'Лимит дискового пространства.',
'maxsize_member' => 'Максимальный размер файла для загрузки (Мбайт).',
'limit_member' => 'Лимит дискового пространства (Мбайт).',
'px' => 'точек',
'bytes' => 'байт',
'kbytes' => 'Кбайт',
'pictures' => 'Картинки',
'for pictures' => 'Для картинки весом больше',
'Install quality' => 'Установить качество:',
@ -45,8 +46,8 @@ $lang_up = array(
'titre_4' => 'Мои загрузки',
'popup_title' => 'Управление файлами',
'info_2' => 'Файл по размеру не должен превышать %s и должен иметь расширение из списка: %s.',
'info_4' => 'Использовано: %s из %s',
'info_2' => '%1$s (макс. %2$s)',
'info_4' => 'Использовано: <span>%s</span> из %s',
'legend' => 'Файл',
'fichier' => 'Выберите файл',
@ -73,16 +74,19 @@ $lang_up = array(
'groups' => 'Настройка групп',
'group' => 'Группа',
// Avatar upload stuff
'Too large ini' => 'Выбранный файл слишком велик для загрузки. Сервер отклонил загрузку.',
'Partial upload' => 'Выбранный файл был загружен частично. Пожалуйста, повторите попытку.',
'No tmp directory' => 'PHP не может сохранить загруженный файл по временному адресу.',
'No file' => 'Не выбран файл для загрузки.',
'Bad type' => 'Загрузка файла с используемым расширением запрещена.',
'Too large' => 'Выбранный файл больше максимально допустимых размеров',
'Move failed' => 'Сервер не смог сохранить загруженный файл.',
'Unknown failure' => 'Произошла неизвестная ошибка. Пожалуйста, повторите попытку.',
'Unknown failure' => 'Произошла неизвестная ошибка.',
'Upload' => 'Загрузить',
'UPLOAD_ERR_INI_SIZE' => 'Размер принятого файла превысил максимально допустимый размер, который задан директивой upload_max_filesize конфигурационного файла php.ini.',
'UPLOAD_ERR_FORM_SIZE' => 'Размер загружаемого файла превысил значение MAX_FILE_SIZE, указанное в HTML-форме.',
'UPLOAD_ERR_PARTIAL' => 'Загружаемый файл был получен только частично.',
'UPLOAD_ERR_NO_FILE' => 'Файл не был загружен.',
'UPLOAD_ERR_NO_TMP_DIR' => 'Отсутствует временная папка.',
'UPLOAD_ERR_CANT_WRITE' => 'Не удалось записать файл на диск.',
'UPLOAD_ERR_EXTENSION' => 'PHP-расширение остановило загрузку файла.',
'UPLOAD_ERR_UNKNOWN' => 'Неизвестная ошибка загрузки.',
);

69
login.php
View file

@ -23,6 +23,9 @@ if (isset($_POST['form_sent']) && $action == 'in')
{
flux_hook('login_before_validation');
// Make sure they got here from the site
confirm_referrer('login.php');
$form_username = pun_trim($_POST['req_username']);
$form_password = pun_trim($_POST['req_password']);
$save_pass = isset($_POST['save_pass']);
@ -34,43 +37,28 @@ if (isset($_POST['form_sent']) && $action == 'in')
$result = $db->query('SELECT u.*, g.g_id, g.g_moderator FROM '.$db->prefix.'users AS u LEFT JOIN '.$db->prefix.'groups AS g ON u.group_id=g.g_id WHERE '.$username_sql) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());
else
$result = $db->query('SELECT * FROM '.$db->prefix.'users WHERE '.$username_sql) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());
$cur_user = $db->fetch_assoc($result);
$authorized = false;
$authorized = forum_password_verify($form_password, $cur_user);
if (!empty($cur_user['password']))
if (false === $authorized)
{
$form_password_hash = pun_hash($form_password); // Will result in a SHA-1 hash
// If there is a salt in the database we have upgraded from 1.3-legacy though haven't yet logged in
if (!empty($cur_user['salt']))
{
$is_salt_authorized = hash_equals(sha1($cur_user['salt'].sha1($form_password)), $cur_user['password']);
if ($is_salt_authorized) // 1.3 used sha1(salt.sha1(pass))
{
$authorized = true;
$db->query('UPDATE '.$db->prefix.'users SET password=\''.$form_password_hash.'\', salt=NULL WHERE id='.$cur_user['id']) or error('Unable to update user password', __FILE__, __LINE__, $db->error());
}
}
// If the length isn't 40 then the password isn't using sha1, so it must be md5 from 1.2
else if (strlen($cur_user['password']) != 40)
{
$is_md5_authorized = hash_equals(md5($form_password.$salt1), $cur_user['password']); // Visman
if ($is_md5_authorized)
{
$authorized = true;
$db->query('UPDATE '.$db->prefix.'users SET password=\''.$form_password_hash.'\' WHERE id='.$cur_user['id']) or error('Unable to update user password', __FILE__, __LINE__, $db->error());
}
}
// Otherwise we should have a normal sha1 password
else
$authorized = hash_equals($cur_user['password'], $form_password_hash);
}
if (!$authorized)
$errors[] = $lang_login['Wrong user/pass'];
}
else if ($authorized > 1)
{
$cur_user['password'] = password_hash($form_password, PASSWORD_DEFAULT);
if (3 === $authorized)
{
$db->query('UPDATE '.$db->prefix.'users SET password=\''.$db->escape($cur_user['password']).'\', salt=NULL WHERE id='.$cur_user['id']) or error('Unable to update user password', __FILE__, __LINE__, $db->error());
}
else
{
$db->query('UPDATE '.$db->prefix.'users SET password=\''.$db->escape($cur_user['password']).'\' WHERE id='.$cur_user['id']) or error('Unable to update user password', __FILE__, __LINE__, $db->error());
}
}
flux_hook('login_after_validation');
@ -80,7 +68,7 @@ if (isset($_POST['form_sent']) && $action == 'in')
// Update the status if this is the first time the user logged in
if ($cur_user['group_id'] == PUN_UNVERIFIED)
{
$db->query('UPDATE '.$db->prefix.'users SET group_id='.$pun_config['o_default_user_group'].' WHERE id='.$cur_user['id']) or error('Unable to update user status', __FILE__, __LINE__, $db->error());
$db->query('UPDATE '.$db->prefix.'users SET group_id='.((int) $pun_config['o_default_user_group']).' WHERE id='.$cur_user['id']) or error('Unable to update user status', __FILE__, __LINE__, $db->error());
// Regenerate the users info cache
if (!defined('FORUM_CACHE_FUNCTIONS_LOADED'))
@ -100,7 +88,7 @@ if (isset($_POST['form_sent']) && $action == 'in')
$db->query('DELETE FROM '.$db->prefix.'online WHERE ident=\''.$db->escape(get_remote_address()).'\'') or error('Unable to delete from online list', __FILE__, __LINE__, $db->error());
$expire = ($save_pass == '1') ? time() + 1209600 : time() + $pun_config['o_timeout_visit'];
pun_setcookie($cur_user['id'], $form_password_hash, $expire);
pun_setcookie($cur_user['id'], $cur_user['password'], $expire);
// Reset tracked topics
set_tracked_topics(null);
@ -149,6 +137,9 @@ else if ($action == 'forget' || $action == 'forget_2')
{
flux_hook('forget_password_before_validation');
// Make sure they got here from the site
confirm_referrer('login.php');
require PUN_ROOT.'include/email.php';
// Validate the email address
@ -162,8 +153,9 @@ else if ($action == 'forget' || $action == 'forget_2')
if (empty($errors))
{
$result = $db->query('SELECT id, username, last_email_sent FROM '.$db->prefix.'users WHERE email=\''.$db->escape($email).'\'') or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());
$cur_hit = $db->fetch_assoc($result);
if ($db->num_rows($result))
if (is_array($cur_hit))
{
// Load the "activate password" template
$mail_tpl = trim(file_get_contents(PUN_ROOT.'lang/'.$pun_user['language'].'/mail_templates/activate_password.tpl'));
@ -178,7 +170,7 @@ else if ($action == 'forget' || $action == 'forget_2')
$mail_message = str_replace('<board_mailer>', $pun_config['o_board_title'], $mail_message);
// Loop through users we found
while ($cur_hit = $db->fetch_assoc($result))
do
{
if ($cur_hit['last_email_sent'] != '' && (time() - $cur_hit['last_email_sent']) < 3600 && (time() - $cur_hit['last_email_sent']) >= 0)
message(sprintf($lang_login['Email flood'], intval((3600 - (time() - $cur_hit['last_email_sent'])) / 60)), true);
@ -187,7 +179,7 @@ else if ($action == 'forget' || $action == 'forget_2')
$new_password = random_pass(12);
$new_password_key = random_pass(8);
$db->query('UPDATE '.$db->prefix.'users SET activate_string=\''.pun_hash($new_password).'\', activate_key=\''.$new_password_key.'\', last_email_sent = '.time().' WHERE id='.$cur_hit['id']) or error('Unable to update activation data', __FILE__, __LINE__, $db->error());
$db->query('UPDATE '.$db->prefix.'users SET activate_string=\''.$db->escape(password_hash($new_password, PASSWORD_DEFAULT)).'\', activate_key=\''.$db->escape($new_password_key).'\', last_email_sent = '.time().' WHERE id='.$cur_hit['id']) or error('Unable to update activation data', __FILE__, __LINE__, $db->error());
// Do the user specific replacements to the template
$cur_mail_message = str_replace('<username>', $cur_hit['username'], $mail_message);
@ -196,6 +188,7 @@ else if ($action == 'forget' || $action == 'forget_2')
pun_mail($email, $mail_subject, $cur_mail_message);
}
while ($cur_hit = $db->fetch_assoc($result));
message($lang_login['Forget mail'].' <a href="mailto:'.pun_htmlspecialchars($pun_config['o_admin_email']).'">'.pun_htmlspecialchars($pun_config['o_admin_email']).'</a>.', true);
}
@ -247,6 +240,7 @@ if (!empty($errors))
<legend><?php echo $lang_login['Request pass legend'] ?></legend>
<div class="infldset">
<input type="hidden" name="form_sent" value="1" />
<input type="hidden" name="csrf_hash" value="<?php echo csrf_hash() ?>" />
<label class="required"><strong><?php echo $lang_common['Email'] ?> <span><?php echo $lang_common['Required'] ?></span></strong><br /><input id="req_email" type="text" name="req_email" value="<?php if (isset($_POST['req_email'])) echo pun_htmlspecialchars($_POST['req_email']); ?>" size="50" maxlength="80" /><br /></label>
<p><?php echo $lang_login['Request pass info'] ?></p>
</div>
@ -322,6 +316,7 @@ if (!empty($errors))
<div class="infldset">
<input type="hidden" name="form_sent" value="1" />
<input type="hidden" name="redirect_url" value="<?php echo pun_htmlspecialchars($redirect_url) ?>" />
<input type="hidden" name="csrf_hash" value="<?php echo csrf_hash() ?>" />
<label class="conl required"><strong><?php echo $lang_common['Username'] ?> <span><?php echo $lang_common['Required'] ?></span></strong><br /><input type="text" name="req_username" value="<?php if (isset($_POST['req_username'])) echo pun_htmlspecialchars($_POST['req_username']); ?>" size="25" maxlength="25" tabindex="1" /><br /></label>
<label class="conl required"><strong><?php echo $lang_common['Password'] ?> <span><?php echo $lang_common['Required'] ?></span></strong><br /><input type="password" name="req_password" size="25" tabindex="2" /><br /></label>

40
misc.php
View file

@ -120,10 +120,12 @@ else if (isset($_GET['email']))
message($lang_common['Bad request'], false, '404 Not Found');
$result = $db->query('SELECT username, email, email_setting FROM '.$db->prefix.'users WHERE id='.$recipient_id) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());
if (!$db->num_rows($result))
$user_data = $db->fetch_row($result);
if (!$user_data)
message($lang_common['Bad request'], false, '404 Not Found');
list($recipient, $recipient_email, $email_setting) = $db->fetch_row($result);
list($recipient, $recipient_email, $email_setting) = $user_data;
if ($email_setting == 2 && !$pun_user['is_admmod'])
message($lang_misc['Form email disabled']);
@ -233,7 +235,7 @@ else if (isset($_GET['report']))
{
// Make sure they got here from the site
confirm_referrer('misc.php');
// Clean up reason from POST
$reason = pun_linebreaks(pun_trim($_POST['req_reason']));
if ($reason == '')
@ -246,17 +248,19 @@ else if (isset($_GET['report']))
// Get the topic ID
$result = $db->query('SELECT topic_id FROM '.$db->prefix.'posts WHERE id='.$post_id) or error('Unable to fetch post info', __FILE__, __LINE__, $db->error());
if (!$db->num_rows($result))
message($lang_common['Bad request'], false, '404 Not Found');
$topic_id = $db->result($result);
if (!$topic_id)
message($lang_common['Bad request'], false, '404 Not Found');
// Get the subject and forum ID
$result = $db->query('SELECT subject, forum_id FROM '.$db->prefix.'topics WHERE id='.$topic_id) or error('Unable to fetch topic info', __FILE__, __LINE__, $db->error());
if (!$db->num_rows($result))
$topic_data = $db->fetch_row($result);
if (!$topic_data)
message($lang_common['Bad request'], false, '404 Not Found');
list($subject, $forum_id) = $db->fetch_row($result);
list($subject, $forum_id) = $topic_data;
// Should we use the internal report handling?
if ($pun_config['o_report_method'] == '0' || $pun_config['o_report_method'] == '2')
@ -291,16 +295,16 @@ else if (isset($_GET['report']))
$db->query('UPDATE '.$db->prefix.'users SET last_report_sent='.time().' WHERE id='.$pun_user['id']) or error('Unable to update user', __FILE__, __LINE__, $db->error());
redirect('viewforum.php?id='.$forum_id, $lang_misc['Report redirect']);
redirect('viewtopic.php?pid='.$post_id.'#p'.$post_id, $lang_misc['Report redirect']);
}
// Fetch some info about the post, the topic and the forum
$result = $db->query('SELECT f.id AS fid, f.forum_name, t.id AS tid, t.subject FROM '.$db->prefix.'posts AS p INNER JOIN '.$db->prefix.'topics AS t ON t.id=p.topic_id INNER JOIN '.$db->prefix.'forums AS f ON f.id=t.forum_id LEFT JOIN '.$db->prefix.'forum_perms AS fp ON (fp.forum_id=f.id AND fp.group_id='.$pun_user['g_id'].') WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND p.id='.$post_id) or error('Unable to fetch post info', __FILE__, __LINE__, $db->error());
if (!$db->num_rows($result))
message($lang_common['Bad request'], false, '404 Not Found');
$cur_post = $db->fetch_assoc($result);
if (!$cur_post)
message($lang_common['Bad request'], false, '404 Not Found');
if ($pun_config['o_censoring'] == '1')
$cur_post['subject'] = censor_words($cur_post['subject']);
@ -365,11 +369,11 @@ else if ($action == 'subscribe')
// Make sure the user can view the topic
$result = $db->query('SELECT 1 FROM '.$db->prefix.'topics AS t LEFT JOIN '.$db->prefix.'forum_perms AS fp ON (fp.forum_id=t.forum_id AND fp.group_id='.$pun_user['g_id'].') WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND t.id='.$topic_id.' AND t.moved_to IS NULL') or error('Unable to fetch topic info', __FILE__, __LINE__, $db->error());
if (!$db->num_rows($result))
if (!$db->result($result))
message($lang_common['Bad request'], false, '404 Not Found');
$result = $db->query('SELECT 1 FROM '.$db->prefix.'topic_subscriptions WHERE user_id='.$pun_user['id'].' AND topic_id='.$topic_id) or error('Unable to fetch subscription info', __FILE__, __LINE__, $db->error());
if ($db->num_rows($result))
if ($db->result($result))
message($lang_misc['Already subscribed topic']);
$db->query('INSERT INTO '.$db->prefix.'topic_subscriptions (user_id, topic_id) VALUES('.$pun_user['id'].' ,'.$topic_id.')') or error('Unable to add subscription', __FILE__, __LINE__, $db->error());
@ -384,11 +388,11 @@ else if ($action == 'subscribe')
// Make sure the user can view the forum
$result = $db->query('SELECT 1 FROM '.$db->prefix.'forums AS f LEFT JOIN '.$db->prefix.'forum_perms AS fp ON (fp.forum_id=f.id AND fp.group_id='.$pun_user['g_id'].') WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND f.id='.$forum_id) or error('Unable to fetch forum info', __FILE__, __LINE__, $db->error());
if (!$db->num_rows($result))
if (!$db->result($result))
message($lang_common['Bad request'], false, '404 Not Found');
$result = $db->query('SELECT 1 FROM '.$db->prefix.'forum_subscriptions WHERE user_id='.$pun_user['id'].' AND forum_id='.$forum_id) or error('Unable to fetch subscription info', __FILE__, __LINE__, $db->error());
if ($db->num_rows($result))
if ($db->result($result))
message($lang_misc['Already subscribed forum']);
$db->query('INSERT INTO '.$db->prefix.'forum_subscriptions (user_id, forum_id) VALUES('.$pun_user['id'].' ,'.$forum_id.')') or error('Unable to add subscription', __FILE__, __LINE__, $db->error());
@ -416,7 +420,7 @@ else if ($action == 'unsubscribe')
message($lang_common['No permission'], false, '403 Forbidden');
$result = $db->query('SELECT 1 FROM '.$db->prefix.'topic_subscriptions WHERE user_id='.$pun_user['id'].' AND topic_id='.$topic_id) or error('Unable to fetch subscription info', __FILE__, __LINE__, $db->error());
if (!$db->num_rows($result))
if (!$db->result($result))
message($lang_misc['Not subscribed topic']);
$db->query('DELETE FROM '.$db->prefix.'topic_subscriptions WHERE user_id='.$pun_user['id'].' AND topic_id='.$topic_id) or error('Unable to remove subscription', __FILE__, __LINE__, $db->error());
@ -430,7 +434,7 @@ else if ($action == 'unsubscribe')
message($lang_common['No permission'], false, '403 Forbidden');
$result = $db->query('SELECT 1 FROM '.$db->prefix.'forum_subscriptions WHERE user_id='.$pun_user['id'].' AND forum_id='.$forum_id) or error('Unable to fetch subscription info', __FILE__, __LINE__, $db->error());
if (!$db->num_rows($result))
if (!$db->result($result))
message($lang_misc['Not subscribed forum']);
$db->query('DELETE FROM '.$db->prefix.'forum_subscriptions WHERE user_id='.$pun_user['id'].' AND forum_id='.$forum_id) or error('Unable to remove subscription', __FILE__, __LINE__, $db->error());

126
moderate.php
View file

@ -27,10 +27,10 @@ if (isset($_GET['get_host']))
message($lang_common['Bad request'], false, '404 Not Found');
$result = $db->query('SELECT poster_ip FROM '.$db->prefix.'posts WHERE id='.$get_host) or error('Unable to fetch post IP address', __FILE__, __LINE__, $db->error());
if (!$db->num_rows($result))
message($lang_common['Bad request'], false, '404 Not Found');
$ip = $db->result($result);
if (!$ip)
message($lang_common['Bad request'], false, '404 Not Found');
}
// Load the misc.php language file
@ -46,8 +46,12 @@ if ($fid < 1)
message($lang_common['Bad request'], false, '404 Not Found');
$result = $db->query('SELECT moderators, no_sum_mess FROM '.$db->prefix.'forums WHERE id='.$fid) or error('Unable to fetch forum info', __FILE__, __LINE__, $db->error()); // not sum - Visman
$forum_info = $db->fetch_row($result);
list($moderators, $flag_f) = $db->fetch_row($result);
if (!$forum_info)
message($lang_common['Bad request'], false, '404 Not Found');
list($moderators, $flag_f) = $forum_info;
$mods_array = ($moderators != '') ? unserialize($moderators) : array();
if ($pun_user['g_id'] != PUN_ADMIN && ($pun_user['g_moderator'] == '0' || !array_key_exists($pun_user['username'], $mods_array)))
@ -108,11 +112,11 @@ if (isset($_GET['tid']))
// Fetch some info about the topic
$result = $db->query('SELECT t.subject, t.num_replies, t.first_post_id, f.id AS forum_id, forum_name FROM '.$db->prefix.'topics AS t INNER JOIN '.$db->prefix.'forums AS f ON f.id=t.forum_id LEFT JOIN '.$db->prefix.'forum_perms AS fp ON (fp.forum_id=f.id AND fp.group_id='.$pun_user['g_id'].') WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND f.id='.$fid.' AND t.id='.$tid.' AND t.moved_to IS NULL') or error('Unable to fetch topic info', __FILE__, __LINE__, $db->error());
if (!$db->num_rows($result))
message($lang_common['Bad request'], false, '404 Not Found');
$cur_topic = $db->fetch_assoc($result);
if (!$cur_topic)
message($lang_common['Bad request'], false, '404 Not Found');
// Delete one or more posts
if (isset($_POST['delete_posts']) || isset($_POST['delete_posts_comply']))
{
@ -129,9 +133,9 @@ if (isset($_GET['tid']))
// Verify that the post IDs are valid
$admins_sql = ($pun_user['g_id'] != PUN_ADMIN) ? ' AND poster_id NOT IN('.implode(',', get_admin_ids()).')' : '';
$result = $db->query('SELECT 1 FROM '.$db->prefix.'posts WHERE id IN('.$posts.') AND topic_id='.$tid.$admins_sql) or error('Unable to check posts', __FILE__, __LINE__, $db->error());
$result = $db->query('SELECT COUNT(*) FROM '.$db->prefix.'posts WHERE id IN('.$posts.') AND topic_id='.$tid.$admins_sql) or error('Unable to check posts', __FILE__, __LINE__, $db->error());
if ($db->num_rows($result) != substr_count($posts, ',') + 1)
if ($db->result($result) != substr_count($posts, ',') + 1)
message($lang_common['Bad request'], false, '404 Not Found');
// уменьшение постов у юзеров и not sum - Visman
@ -217,13 +221,13 @@ if (isset($_GET['tid']))
$num_posts_splitted = substr_count($posts, ',') + 1;
// Verify that the post IDs are valid
$result = $db->query('SELECT 1 FROM '.$db->prefix.'posts WHERE id IN('.$posts.') AND topic_id='.$tid) or error('Unable to check posts', __FILE__, __LINE__, $db->error());
if ($db->num_rows($result) != $num_posts_splitted)
$result = $db->query('SELECT COUNT(*) FROM '.$db->prefix.'posts WHERE id IN('.$posts.') AND topic_id='.$tid) or error('Unable to check posts', __FILE__, __LINE__, $db->error());
if ($db->result($result) != $num_posts_splitted)
message($lang_common['Bad request'], false, '404 Not Found');
// Verify that the move to forum ID is valid
$result = $db->query('SELECT 1 FROM '.$db->prefix.'forums AS f LEFT JOIN '.$db->prefix.'forum_perms AS fp ON (fp.group_id='.$pun_user['g_id'].' AND fp.forum_id='.$move_to_forum.') WHERE f.redirect_url IS NULL AND (fp.post_topics IS NULL OR fp.post_topics=1)') or error('Unable to fetch forum permissions', __FILE__, __LINE__, $db->error());
if (!$db->num_rows($result))
if (!$db->result($result))
message($lang_common['Bad request'], false, '404 Not Found');
// Load the post.php language file
@ -330,7 +334,7 @@ if (isset($_GET['tid']))
message($lang_common['Bad request'], false, '404 Not Found');
$result = $db->query('SELECT f.id FROM '.$db->prefix.'forums AS f LEFT JOIN '.$db->prefix.'forum_perms AS fp ON (fp.forum_id=f.id AND fp.group_id='.$pun_user['g_id'].') WHERE f.id='.$move_to_forum.' AND (fp.read_forum IS NULL OR fp.read_forum=1) AND f.redirect_url IS NULL') or error('Unable to fetch forum', __FILE__, __LINE__, $db->error());
if (!$db->num_rows($result))
if (!$db->result($result))
message($lang_common['Bad request'], false, '404 Not Found');
if (isset($_POST['move_posts_topic']))
@ -340,13 +344,12 @@ if (isset($_GET['tid']))
message($lang_common['Bad request'], false, '404 Not Found');
$result = $db->query('SELECT id FROM '.$db->prefix.'topics WHERE id='.$move_to_topic.' AND forum_id='.$move_to_forum) or error('Unable to fetch topic', __FILE__, __LINE__, $db->error());
if (!$db->num_rows($result))
if (!$db->result($result))
message($lang_common['Bad request'], false, '404 Not Found');
// Verify that the post IDs are valid
$result = $db->query('SELECT 1 FROM '.$db->prefix.'posts WHERE id IN('.$posts.') AND topic_id='.$tid) or error('Unable to check posts', __FILE__, __LINE__, $db->error());
if ($db->num_rows($result) != substr_count($posts, ',') + 1)
$result = $db->query('SELECT COUNT(*) FROM '.$db->prefix.'posts WHERE id IN('.$posts.') AND topic_id='.$tid) or error('Unable to check posts', __FILE__, __LINE__, $db->error());
if ($db->result($result) != substr_count($posts, ',') + 1)
message($lang_common['Bad request'], false, '404 Not Found');
// перемещаем
@ -377,7 +380,9 @@ if (isset($_GET['tid']))
require PUN_ROOT.'header.php';
$result = $db->query('SELECT id, subject FROM '.$db->prefix.'topics WHERE forum_id='.$move_to_forum.' AND id<>'.$tid.' ORDER BY sticky DESC, last_post DESC') or error('Unable to fetch forum', __FILE__, __LINE__, $db->error());
if (!$db->num_rows($result))
$cur_topic = $db->fetch_assoc($result);
if (!$cur_topic)
message($lang_common['Bad request'], false, '404 Not Found');
?>
@ -392,8 +397,13 @@ if (isset($_GET['tid']))
<label><?php echo $lang_misc['Move to'].' '.$lang_common['Topic'] ?>
<select name="move_to_topic">
<?php
while ($cur_topic = $db->fetch_assoc($result))
do
{
echo "\t\t\t\t\t\t\t\t".'<option value="'.$cur_topic['id'].'">'.pun_htmlspecialchars($cur_topic['subject']).'</option>'."\n";
}
while ($cur_topic = $db->fetch_assoc($result))
?>
</select>
</label>
@ -505,7 +515,7 @@ if (isset($_GET['tid']))
<form method="post" action="moderate.php?fid=<?php echo $fid ?>&amp;tid=<?php echo $tid ?>">
<?php
require PUN_ROOT.'include/parser.php';
$parser = new FbV\Parser($pun_config, $pun_user, $lang_common);
$post_count = 0; // Keep track of post numbers
@ -534,9 +544,6 @@ if (isset($_GET['tid']))
// get_title() requires that an element 'username' be present in the array
$cur_post['username'] = $cur_post['poster'];
$user_title = get_title($cur_post);
if ($pun_config['o_censoring'] == '1')
$user_title = censor_words($user_title);
}
// If the poster is a guest (or a user that has been deleted)
else
@ -546,7 +553,7 @@ if (isset($_GET['tid']))
}
// Perform the main parsing of the message (BBCode, smilies, censor words etc)
$cur_post['message'] = parse_message($cur_post['message'], $cur_post['hide_smilies']);
$cur_post['message'] = $parser->parseMessage($cur_post['message'], (bool) $cur_post['hide_smilies']);
?>
@ -623,21 +630,20 @@ if (isset($_REQUEST['move_topics']) || isset($_POST['move_topics_to']))
message($lang_common['Bad request'], false, '404 Not Found');
// Verify that the topic IDs are valid
$result = $db->query('SELECT 1 FROM '.$db->prefix.'topics WHERE id IN('.implode(',',$topics).') AND forum_id='.$fid) or error('Unable to check topics', __FILE__, __LINE__, $db->error());
if ($db->num_rows($result) != count($topics))
$result = $db->query('SELECT COUNT(*) FROM '.$db->prefix.'topics WHERE id IN('.implode(',', $topics).') AND forum_id='.$fid) or error('Unable to check topics', __FILE__, __LINE__, $db->error());
if ($db->result($result) != count($topics))
message($lang_common['Bad request'], false, '404 Not Found');
// Verify that the move to forum ID is valid
$result = $db->query('SELECT 1 FROM '.$db->prefix.'forums AS f LEFT JOIN '.$db->prefix.'forum_perms AS fp ON (fp.group_id='.$pun_user['g_id'].' AND fp.forum_id='.$move_to_forum.') WHERE f.redirect_url IS NULL AND (fp.post_topics IS NULL OR fp.post_topics=1)') or error('Unable to fetch forum permissions', __FILE__, __LINE__, $db->error());
if (!$db->num_rows($result))
if (!$db->result($result))
message($lang_common['Bad request'], false, '404 Not Found');
// Delete any redirect topics if there are any (only if we moved/copied the topic back to where it was once moved from)
$db->query('DELETE FROM '.$db->prefix.'topics WHERE forum_id='.$move_to_forum.' AND moved_to IN('.implode(',',$topics).')') or error('Unable to delete redirect topics', __FILE__, __LINE__, $db->error());
$db->query('DELETE FROM '.$db->prefix.'topics WHERE forum_id='.$move_to_forum.' AND moved_to IN('.implode(',', $topics).')') or error('Unable to delete redirect topics', __FILE__, __LINE__, $db->error());
// Move the topic(s)
$db->query('UPDATE '.$db->prefix.'topics SET forum_id='.$move_to_forum.' WHERE id IN('.implode(',',$topics).')') or error('Unable to move topics', __FILE__, __LINE__, $db->error());
$db->query('UPDATE '.$db->prefix.'topics SET forum_id='.$move_to_forum.' WHERE id IN('.implode(',', $topics).')') or error('Unable to move topics', __FILE__, __LINE__, $db->error());
// Should we create redirect topics?
if (isset($_POST['with_redirect']))
@ -679,7 +685,13 @@ if (isset($_REQUEST['move_topics']) || isset($_POST['move_topics_to']))
}
$result = $db->query('SELECT f.id AS fid FROM '.$db->prefix.'categories AS c INNER JOIN '.$db->prefix.'forums AS f ON c.id=f.cat_id LEFT JOIN '.$db->prefix.'forum_perms AS fp ON (fp.forum_id=f.id AND fp.group_id='.$pun_user['g_id'].') WHERE (fp.post_topics IS NULL OR fp.post_topics=1) AND f.redirect_url IS NULL ORDER BY c.disp_position, c.id, f.disp_position') or error('Unable to fetch category/forum list', __FILE__, __LINE__, $db->error());
if ($db->num_rows($result) < 2)
$forums = [];
while ($cur = $db->fetch_assoc($result)) {
$forums[$cur['fid']] = true;
}
unset($forums[$fid]);
if (empty($forums))
message($lang_misc['Nowhere to move']);
$page_title = array(pun_htmlspecialchars($pun_config['o_board_title']), $lang_misc['Moderate']);
@ -692,8 +704,8 @@ if (isset($_REQUEST['move_topics']) || isset($_POST['move_topics_to']))
<div class="box">
<form method="post" action="moderate.php?fid=<?php echo $fid ?>">
<div class="inform">
<input type="hidden" name="topics" value="<?php echo $topics ?>" />
<input type="hidden" name="csrf_hash" value="<?php echo csrf_hash() ?>" />
<input type="hidden" name="topics" value="<?php echo $topics ?>" />
<input type="hidden" name="csrf_hash" value="<?php echo csrf_hash() ?>" />
<fieldset>
<legend><?php echo $lang_misc['Move legend'] ?></legend>
<div class="infldset">
@ -701,11 +713,6 @@ if (isset($_REQUEST['move_topics']) || isset($_POST['move_topics_to']))
<br /><select name="move_to_forum">
<?php
$forums = [];
while ($cur = $db->fetch_assoc($result)) {
$forums[$cur['fid']] = true;
}
unset($forums[$fid]);
echo generate_list_of_forums($sf_array_tree, $fid, $forums);
?>
@ -741,12 +748,14 @@ else if (isset($_POST['merge_topics']) || isset($_POST['merge_topics_comply']))
message($lang_misc['Not enough topics selected']);
// Verify that the topic IDs are valid (redirect links will point to the merged topic after the merge)
$result = $db->query('SELECT id FROM '.$db->prefix.'topics WHERE id IN('.implode(',', $topics).') AND forum_id='.$fid.' ORDER BY id ASC') or error('Unable to check topics', __FILE__, __LINE__, $db->error());
if ($db->num_rows($result) != count($topics))
$result = $db->query('SELECT COUNT(id), MIN(id) FROM '.$db->prefix.'topics WHERE id IN('.implode(',', $topics).') AND forum_id='.$fid) or error('Unable to check topics', __FILE__, __LINE__, $db->error());
$row = $db->fetch_row($result);
if ($row[0] != count($topics))
message($lang_common['Bad request'], false, '404 Not Found');
// The topic that we are merging into is the one with the smallest ID
$merge_to_tid = $db->result($result);
$merge_to_tid = $row[1];
// Make any redirect topics point to our new, merged topic
$query = 'UPDATE '.$db->prefix.'topics SET moved_to='.$merge_to_tid.' WHERE moved_to IN('.implode(',', $topics).')';
@ -805,9 +814,9 @@ else if (isset($_POST['merge_topics']) || isset($_POST['merge_topics_comply']))
<h2><span><?php echo $lang_misc['Merge topics'] ?></span></h2>
<div class="box">
<form method="post" action="moderate.php?fid=<?php echo $fid ?>">
<input type="hidden" name="topics" value="<?php echo implode(',', array_map('intval', array_keys($topics))) ?>" />
<input type="hidden" name="csrf_hash" value="<?php echo csrf_hash() ?>" />
<div class="inform">
<input type="hidden" name="topics" value="<?php echo implode(',', array_map('intval', array_keys($topics))) ?>" />
<input type="hidden" name="csrf_hash" value="<?php echo csrf_hash() ?>" />
<fieldset>
<legend><?php echo $lang_misc['Confirm merge legend'] ?></legend>
<div class="infldset">
@ -843,16 +852,15 @@ else if (isset($_POST['delete_topics']) || isset($_POST['delete_topics_comply'])
require PUN_ROOT.'include/search_idx.php';
// Verify that the topic IDs are valid
$result = $db->query('SELECT 1 FROM '.$db->prefix.'topics WHERE id IN('.$topics.') AND forum_id='.$fid) or error('Unable to check topics', __FILE__, __LINE__, $db->error());
if ($db->num_rows($result) != substr_count($topics, ',') + 1)
$result = $db->query('SELECT COUNT(*) FROM '.$db->prefix.'topics WHERE id IN('.$topics.') AND forum_id='.$fid) or error('Unable to check topics', __FILE__, __LINE__, $db->error());
if ($db->result($result) != substr_count($topics, ',') + 1)
message($lang_common['Bad request'], false, '404 Not Found');
// Verify that the posts are not by admins
if ($pun_user['g_id'] != PUN_ADMIN)
{
$result = $db->query('SELECT 1 FROM '.$db->prefix.'posts WHERE topic_id IN('.$topics.') AND poster_id IN('.implode(',', get_admin_ids()).')') or error('Unable to check posts', __FILE__, __LINE__, $db->error());
if ($db->num_rows($result))
$result = $db->query('SELECT COUNT(*) FROM '.$db->prefix.'posts WHERE topic_id IN('.$topics.') AND poster_id IN('.implode(',', get_admin_ids()).')') or error('Unable to check posts', __FILE__, __LINE__, $db->error());
if ($db->result($result))
message($lang_common['No permission'], false, '403 Forbidden');
}
@ -885,7 +893,7 @@ else if (isset($_POST['delete_topics']) || isset($_POST['delete_topics_comply'])
{
// MOD warnings - Visman
$db->query('DELETE FROM '.$db->prefix.'warnings WHERE id IN ('.$post_ids.')') or error('Unable to delete warnings', __FILE__, __LINE__, $db->error());
strip_search_index($post_ids);
}
@ -907,9 +915,9 @@ else if (isset($_POST['delete_topics']) || isset($_POST['delete_topics_comply'])
<h2><span><?php echo $lang_misc['Delete topics'] ?></span></h2>
<div class="box">
<form method="post" action="moderate.php?fid=<?php echo $fid ?>">
<input type="hidden" name="topics" value="<?php echo implode(',', array_map('intval', array_keys($topics))) ?>" />
<input type="hidden" name="csrf_hash" value="<?php echo csrf_hash() ?>" />
<div class="inform">
<input type="hidden" name="topics" value="<?php echo implode(',', array_map('intval', array_keys($topics))) ?>" />
<input type="hidden" name="csrf_hash" value="<?php echo csrf_hash() ?>" />
<fieldset>
<legend><?php echo $lang_misc['Confirm delete legend'] ?></legend>
<div class="infldset">
@ -1000,11 +1008,11 @@ require PUN_ROOT.'lang/'.$pun_user['language'].'/forum.php';
// Fetch some info about the forum
$result = $db->query('SELECT f.forum_name, f.redirect_url, f.num_topics, f.sort_by FROM '.$db->prefix.'forums AS f LEFT JOIN '.$db->prefix.'forum_perms AS fp ON (fp.forum_id=f.id AND fp.group_id='.$pun_user['g_id'].') WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND f.id='.$fid) or error('Unable to fetch forum info', __FILE__, __LINE__, $db->error());
if (!$db->num_rows($result))
message($lang_common['Bad request'], false, '404 Not Found');
$cur_forum = $db->fetch_assoc($result);
if (!$cur_forum)
message($lang_common['Bad request'], false, '404 Not Found');
// Is this a redirect forum? In that case, abort!
if ($cur_forum['redirect_url'] != '')
message($lang_common['Bad request'], false, '404 Not Found');
@ -1076,14 +1084,14 @@ require PUN_ROOT.'header.php';
// Retrieve a list of topic IDs, LIMIT is (really) expensive so we only fetch the IDs here then later fetch the remaining data
$result = $db->query('SELECT id FROM '.$db->prefix.'topics WHERE forum_id='.$fid.' ORDER BY sticky DESC, '.$sort_by.', id DESC LIMIT '.$start_from.', '.$pun_user['disp_topics']) or error('Unable to fetch topic IDs', __FILE__, __LINE__, $db->error());
$topic_ids = [];
while ($row = $db->fetch_row($result))
$topic_ids[] = $row[0];
// If there are topics in this forum
if ($db->num_rows($result))
if (!empty($topic_ids))
{
$topic_ids = array();
for ($i = 0;$cur_topic_id = $db->result($result, $i);$i++)
$topic_ids[] = $cur_topic_id;
// Select topics
$result = $db->query('SELECT id, poster, subject, posted, last_post, last_post_id, last_poster, num_views, num_replies, closed, sticky, moved_to FROM '.$db->prefix.'topics WHERE id IN('.implode(',', $topic_ids).') ORDER BY sticky DESC, '.$sort_by.', id DESC') or error('Unable to fetch topic list for forum', __FILE__, __LINE__, $db->error());

16
pjq.php
View file

@ -1,7 +1,7 @@
<?php
/**
* Copyright (C) 2010-2013 Visman (mio.visman@yandex.ru)
* Copyright (C) 2010-2018 Visman (mio.visman@yandex.ru)
* License: http://www.gnu.org/licenses/gpl.html GPL version 2 or higher
*/
@ -10,7 +10,7 @@ define('PUN_QUIET_VISIT', 1);
define('PUN_ROOT', dirname(__FILE__).'/');
require PUN_ROOT.'include/common.php';
header('Content-type: text/html; charset=utf-8');
forum_http_headers();
if ($pun_user['g_read_board'] == '0')
exit($lang_common['No view']);
@ -27,11 +27,11 @@ if ($action == "quote")
{
// Fetch some info about the post, the topic and the forum
$result = $db->query('SELECT p.message FROM '.$db->prefix.'posts AS p INNER JOIN '.$db->prefix.'topics AS t ON t.id=p.topic_id INNER JOIN '.$db->prefix.'forums AS f ON f.id=t.forum_id LEFT JOIN '.$db->prefix.'forum_perms AS fp ON (fp.forum_id=f.id AND fp.group_id='.$pun_user['g_id'].') WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND p.id='.$id) or exit('Unable to fetch post info '.$db->error());
if (!$db->num_rows($result))
exit($lang_common['Bad request']);
$cur_post = $db->fetch_assoc($result);
if (!$cur_post)
exit($lang_common['Bad request']);
if ($pun_config['o_censoring'] == '1')
$cur_post['message'] = censor_words($cur_post['message']);
@ -47,11 +47,11 @@ else if ($action == "pmquote")
// Fetch some info about the post, the topic and the forum
$result = $db->query('SELECT p.message FROM '.$db->prefix.'pms_new_posts AS p INNER JOIN '.$db->prefix.'pms_new_topics AS t ON t.id=p.topic_id WHERE p.id='.$id.' AND (t.starter_id='.$pun_user['id'].' OR t.to_id='.$pun_user['id'].')') or exit('Unable to fetch pms_new_posts info '.$db->error());
if (!$db->num_rows($result))
exit($lang_common['Bad request']);
$cur_post = $db->fetch_assoc($result);
if (!$cur_post)
exit($lang_common['Bad request']);
if ($pun_config['o_censoring'] == '1')
$cur_post['message'] = censor_words($cur_post['message']);

22
plugins/AP_Fancybox.php
View file

@ -40,7 +40,7 @@ $arr_new = array(
function InstallModInFiles ()
{
global $arr_files, $arr_search, $arr_new, $lang_fb;
$max = count($arr_files);
$errors = array();
@ -72,7 +72,7 @@ function InstallModInFiles ()
fwrite ($fp, $file_content);
fclose ($fp);
}
return $errors;
}
@ -115,7 +115,8 @@ function DeleteModInFiles ()
// Установка плагина/мода
if (isset($_POST['installation']))
{
$db->query('DELETE FROM '.$db->prefix.'config WHERE conf_name LIKE \'o\_fbox\_%\'') or error('Unable to remove config entries', __FILE__, __LINE__, $db->error());;
$db->query('DELETE FROM '.$db->prefix.'config WHERE conf_name=\'o_fbox_guest\'') or error('Unable to remove config entries', __FILE__, __LINE__, $db->error());;
$db->query('DELETE FROM '.$db->prefix.'config WHERE conf_name=\'o_fbox_files\'') or error('Unable to remove config entries', __FILE__, __LINE__, $db->error());;
$db->query('INSERT INTO '.$db->prefix.'config (conf_name, conf_value) VALUES(\'o_fbox_guest\', \'0\')') or error('Unable to insert into table config.', __FILE__, __LINE__, $db->error());
$db->query('INSERT INTO '.$db->prefix.'config (conf_name, conf_value) VALUES(\'o_fbox_files\', \''.$db->escape(PLUGIN_FILES).'\')') or error('Unable to insert into table config.', __FILE__, __LINE__, $db->error());
@ -123,7 +124,7 @@ if (isset($_POST['installation']))
require PUN_ROOT.'include/cache.php';
generate_config_cache();
$err = InstallModInFiles();
if (empty($err))
redirect(PLUGIN_URL, $lang_fb['Red installation']);
@ -145,7 +146,8 @@ else if (isset($_POST['update']))
$fls[] = $file;
}
$db->query('DELETE FROM '.$db->prefix.'config WHERE conf_name LIKE \'o\_fbox\_%\'') or error('Unable to remove config entries', __FILE__, __LINE__, $db->error());;
$db->query('DELETE FROM '.$db->prefix.'config WHERE conf_name=\'o_fbox_guest\'') or error('Unable to remove config entries', __FILE__, __LINE__, $db->error());;
$db->query('DELETE FROM '.$db->prefix.'config WHERE conf_name=\'o_fbox_files\'') or error('Unable to remove config entries', __FILE__, __LINE__, $db->error());;
$db->query('INSERT INTO '.$db->prefix.'config (conf_name, conf_value) VALUES(\'o_fbox_guest\', \''.$gst.'\')') or error('Unable to insert into table config.', __FILE__, __LINE__, $db->error());
$db->query('INSERT INTO '.$db->prefix.'config (conf_name, conf_value) VALUES(\'o_fbox_files\', \''.$db->escape(implode(',', $fls)).'\')') or error('Unable to insert into table config.', __FILE__, __LINE__, $db->error());
@ -160,13 +162,14 @@ else if (isset($_POST['update']))
// Удаление мода
else if (isset($_POST['delete']))
{
$db->query('DELETE FROM '.$db->prefix.'config WHERE conf_name LIKE \'o\_fbox\_%\'') or error('Unable to remove config entries', __FILE__, __LINE__, $db->error());;
$db->query('DELETE FROM '.$db->prefix.'config WHERE conf_name=\'o_fbox_guest\'') or error('Unable to remove config entries', __FILE__, __LINE__, $db->error());;
$db->query('DELETE FROM '.$db->prefix.'config WHERE conf_name=\'o_fbox_files\'') or error('Unable to remove config entries', __FILE__, __LINE__, $db->error());;
if (!defined('FORUM_CACHE_FUNCTIONS_LOADED'))
require PUN_ROOT.'include/cache.php';
generate_config_cache();
$err = DeleteModInFiles();
if (empty($err))
redirect(PLUGIN_URL, $lang_fb['Red delete']);
@ -181,7 +184,8 @@ if ($file_content === false)
$f_inst = (strpos($file_content, $fd_str) !== false);
if ($f_inst && !isset($pun_config['o_fbox_files'])) // непредвиденная ситуация при обновлении
{
$db->query('DELETE FROM '.$db->prefix.'config WHERE conf_name LIKE \'o\_fbox\_%\'') or error('Unable to remove config entries', __FILE__, __LINE__, $db->error());;
$db->query('DELETE FROM '.$db->prefix.'config WHERE conf_name=\'o_fbox_guest\'') or error('Unable to remove config entries', __FILE__, __LINE__, $db->error());;
$db->query('DELETE FROM '.$db->prefix.'config WHERE conf_name=\'o_fbox_files\'') or error('Unable to remove config entries', __FILE__, __LINE__, $db->error());;
$db->query('INSERT INTO '.$db->prefix.'config (conf_name, conf_value) VALUES(\'o_fbox_guest\', \'0\')') or error('Unable to insert into table config.', __FILE__, __LINE__, $db->error());
$db->query('INSERT INTO '.$db->prefix.'config (conf_name, conf_value) VALUES(\'o_fbox_files\', \''.$db->escape(PLUGIN_FILES).'\')') or error('Unable to insert into table config.', __FILE__, __LINE__, $db->error());
@ -267,7 +271,7 @@ else
$ar_file[] = 'AP_Upload.php';
natcasesort($ar_file);
foreach ($ar_file as $id => $file)
{

10
plugins/AP_MergePosts.php
View file

@ -45,13 +45,17 @@ else
if (!isset($pun_config['o_merge_timeout']))
{
$result = $db->query('SELECT conf_value FROM '.$db->prefix.'config WHERE conf_name=\'o_merge_timeout\'') or error('Unable to fetch config info', __FILE__, __LINE__, $db->error());
if (!$db->num_rows($result))
$row = $db->fetch_row($result);
if (is_array($row))
{
$merge_timeout = $row[0];
}
else
{
$db->query('INSERT INTO '.$db->prefix.'config (conf_name, conf_value) VALUES(\'o_merge_timeout\', \'86400\')') or error('Unable to insert into table config', __FILE__, __LINE__, $db->error());
$merge_timeout = '86400';
}
else
$merge_timeout = $db->result($result);
if (!defined('FORUM_CACHE_FUNCTIONS_LOADED'))
require PUN_ROOT.'include/cache.php';

10
plugins/AP_Not_Sum.php
View file

@ -49,7 +49,6 @@ else
<div class="box">
<div class="inbox">
<p><?php echo $lang_admin_plugin_not_sum['Explanation 1'] ?></p>
<p><?php echo $lang_admin_plugin_not_sum['Explanation 2'] ?></p>
</div>
</div>
@ -57,8 +56,9 @@ else
// Display all the categories and forums
$result = $db->query('SELECT c.id AS cid, c.cat_name, f.id AS fid, f.forum_name, f.no_sum_mess FROM '.$db->prefix.'categories AS c INNER JOIN '.$db->prefix.'forums AS f ON c.id=f.cat_id ORDER BY c.disp_position, c.id, f.disp_position') or error('Unable to fetch category/forum list', __FILE__, __LINE__, $db->error());
$cur_forum = $db->fetch_assoc($result);
if ($db->num_rows($result) > 0)
if (is_array($cur_forum))
{
?>
@ -73,7 +73,7 @@ $tabindex = 2;
$cur_category = 0;
$vcsrf_hash = csrf_hash();
while ($cur_forum = $db->fetch_assoc($result))
do
{
if ($cur_forum['cid'] != $cur_category) // A new category since last iteration?
{
@ -97,13 +97,17 @@ while ($cur_forum = $db->fetch_assoc($result))
$cur_category = $cur_forum['cid'];
}
?>
<tr>
<td class="tcl"><input type="checkbox" name="no_sum_mess[<?php echo $cur_forum['fid'] ?>]" value="1" tabindex="<?php echo ($tabindex++) ?>"<?php echo ($cur_forum['no_sum_mess'] == 1 ? ' checked="checked"' : '')?> /></td>
<td class="tcr"><strong><?php echo pun_htmlspecialchars($cur_forum['forum_name']) ?></strong></td>
</tr>
<?php
}
while ($cur_forum = $db->fetch_assoc($result))
?>
</tbody>
</table>

67
plugins/AP_Smilies.php
View file

@ -211,34 +211,50 @@ elseif (isset($_POST['add_image']))
{
include PUN_ROOT.'include/upload.php';
$filename = parse_file(substr($uploaded_file['name'], 0, strpos($uploaded_file['name'], '.')));
if (empty($filename))
message($lang_smiley['Bad name']);
if (isXSSattack($uploaded_file['tmp_name']) !== false)
message($lang_smiley['Bad type']);
// Check types
$allowed_types = array('image/gif', 'image/jpeg', 'image/pjpeg', 'image/png', 'image/x-png');
if (!in_array($uploaded_file['type'], $allowed_types))
message($lang_smiley['Bad type']);
// Make sure the file isn't too big
if ($uploaded_file['size'] > $smilies_config_image_size)
if ($uploaded_file['size'] > $smilies_config_image_size) {
message($lang_smiley['Too large'].' '.$smilies_config_image_size.' '.$lang_smiley['bytes'].'.');
}
if (false === $upf_class->loadFile($uploaded_file['tmp_name'], $uploaded_file['name'])) {
message($lang_up['Unknown failure'] . ' (' . pun_htmlspecialchars($upf_class->getError()) . ')');
}
if (true !== $upf_class->isImage() || ! in_array($upf_class->getFileExt(), ['jpg', 'gif', 'png'])) {
message($lang_smiley['Bad type']);
}
if (false !== $upf_class->isUnsafeContent()) {
message($lang_up['Error inject']);
}
$upf_class->prepFileName();
if (false === $upf_class->loadImage()) {
message($lang_up['Error img'] . ' (' . pun_htmlspecialchars($upf_class->getError()) . ')');
}
$filename = $upf_class->getFileName();
// Determine type
$extensions = null;
if ($uploaded_file['type'] == 'image/gif')
$extensions = array('.gif', '.jpg', '.png');
else if ($uploaded_file['type'] == 'image/jpeg' || $uploaded_file['type'] == 'image/pjpeg')
$extensions = array('.jpg', '.gif', '.png');
else
$extensions = array('.png', '.gif', '.jpg');
switch ($upf_class->getFileExt()) {
case 'gif':
$extensions = array('.gif', '.jpg', '.png');
break;
case 'jpg':
$extensions = array('.jpg', '.gif', '.png');
break;
case 'png':
$extensions = array('.png', '.gif', '.jpg');
break;
default:
message($lang_smiley['Bad type']);
}
// Move the file to the avatar directory. We do this before checking the width/height to circumvent open_basedir restrictions.
if (!@move_uploaded_file($uploaded_file['tmp_name'], PUN_ROOT.'img/smilies/'.$filename.'.tmp'))
message($lang_smiley['Move failed']);
$fileinfo = $upf_class->saveFile(PUN_ROOT . 'img/smilies/' . $filename . '.tmp', true);
if (false === $fileinfo) {
message($lang_smiley['Move failed'] . ' (' . pun_htmlspecialchars($upf_class->getError()) . ')');
}
// Now check the width/height
list($width, $height, $type,) = getimagesize(PUN_ROOT.'img/smilies/'.$filename.'.tmp');
@ -287,9 +303,9 @@ else
<?php
$result = $db->query('SELECT * FROM '.$db->prefix.'smilies ORDER BY disp_position') or error('Unable to retrieve smilies', __FILE__, __LINE__, $db->error());
$num_db_smilies = $db->num_rows($result);
$db_smilies = $db->fetch_assoc($result);
if ($num_db_smilies > 0)
if (is_array($db_smilies))
{
?>
@ -309,7 +325,7 @@ else
<tbody>
<?php
while ($db_smilies = $db->fetch_assoc($result))
do
{
?>
@ -335,6 +351,7 @@ else
<?php
}
while ($db_smilies = $db->fetch_assoc($result));
?>
</tbody>

659
plugins/AP_Upload.php
View file

@ -1,49 +1,115 @@
<?php
/**
* Copyright (C) 2011-2017 Visman (mio.visman@yandex.ru)
* Copyright (C) 2011-2020 Visman (mio.visman@yandex.ru)
* Copyright (C) 2007 BN (bnmaster@la-bnbox.info)
* License: http://www.gnu.org/licenses/gpl.html GPL version 2 or higher
*/
// Make sure no one attempts to run this script "directly"
if (!defined('PUN'))
if (! defined('PUN')) {
exit;
}
// Tell admin_loader.php that this is indeed a plugin and that it is loaded
define('PUN_PLUGIN_LOADED', 1);
define('PLUGIN_VERSION', '2.1.0');
define('PLUGIN_URL', pun_htmlspecialchars('admin_loader.php?plugin='.$plugin));
define('PLUGIN_EXTS', 'jpg,jpeg,png,gif,mp3,zip,rar,7z');
define('PLUGIN_VERSION', '3.0.3');
define('PLUGIN_URL', pun_htmlspecialchars('admin_loader.php?plugin=' . $plugin));
define('PLUGIN_EXTS', 'webp,jpg,jpeg,png,gif,mp3,zip,rar,7z');
define('PLUGIN_NF', 25);
require PUN_ROOT.'include/upload.php';
require PUN_ROOT . 'include/upload.php';
$sconf = array(
'thumb' => ($gd ? 1 : 0),
// Any action must be confirmed by token
if (! empty($_POST)) {
if (function_exists('csrf_hash')) {
confirm_referrer('AP_Upload.php');
} else {
check_csrf(isset($_POST['csrf_hash']) ? $_POST['csrf_hash'] : null);
}
}
$sconf = [
'thumb' => (true === $upf_class->isResize()) ? 1 : 0,
'thumb_size' => 100,
'thumb_perc' => 75,
'pic_mass' => 307200,
'pic_mass' => 300, //килобайт
'pic_perc' => 75,
'pic_w' => 1680,
'pic_h' => 1050,
);
'pic_w' => 1920,
'pic_h' => 1200,
];
// обновление до версии 2.3.0
if (isset($pun_config['o_uploadile_other'])) {
if (! isset($pun_config['o_upload_config'])) {
$aconf = unserialize($pun_config['o_uploadile_other']);
$aconf['pic_mass'] = (int) ($aconf['pic_mass'] / 1024);
$pun_config['o_upload_config'] = serialize($aconf);
$db->query('INSERT INTO ' . $db->prefix . 'config (conf_name, conf_value) VALUES(\'o_upload_config\', \'' . $db->escape($pun_config['o_upload_config']) . '\')') or error($lang_up['Error DB ins-up'], __FILE__, __LINE__, $db->error());
}
$db->query('DELETE FROM ' . $db->prefix . 'config WHERE conf_name=\'o_uploadile_other\'') or error('Unable to remove config entries', __FILE__, __LINE__, $db->error());;
if (! defined('FORUM_CACHE_FUNCTIONS_LOADED')) {
require PUN_ROOT . 'include/cache.php';
}
generate_config_cache();
$data_grs = [];
if (isset($pun_user['g_up_ext'], $pun_user['g_up_limit'], $pun_user['g_up_max'])) {
$result = $db->query('SELECT * FROM ' . $db->prefix . 'groups ORDER BY g_id') or error('Unable to fetch user group list', __FILE__, __LINE__, $db->error());
while ($cur_group = $db->fetch_assoc($result)) {
if ($cur_group['g_id'] == PUN_GUEST) {
continue;
}
$data_grs[$cur_group['g_id']] = [
'g_up_ext' => $cur_group['g_up_ext'],
'g_up_max' => (int) ($cur_group['g_up_max'] / 10485.76),
'g_up_limit' => (int) ($cur_group['g_up_limit'] / 1048576),
];
}
}
$db->drop_field('groups', 'g_up_ext') or error('Unable to drop g_up_ext field', __FILE__, __LINE__, $db->error());
$db->drop_field('groups', 'g_up_max') or error('Unable to drop g_up_max field', __FILE__, __LINE__, $db->error());
$db->drop_field('groups', 'g_up_limit') or error('Unable to drop g_up_limit field', __FILE__, __LINE__, $db->error());
// Установка плагина/мода
if (isset($_POST['installation']))
{
$db->add_field('users', 'upload', 'INT(15)', false, 0) or error(sprintf($lang_up['Error DB'], 'users'), __FILE__, __LINE__, $db->error());
$db->add_field('groups', 'g_up_ext', 'VARCHAR(255)', false, PLUGIN_EXTS) or error(sprintf($lang_up['Error DB'], 'groups'), __FILE__, __LINE__, $db->error());
$db->add_field('groups', 'g_up_max', 'INT(10)', false, 0) or error(sprintf($lang_up['Error DB'], 'groups'), __FILE__, __LINE__, $db->error());
$db->add_field('groups', 'g_up_limit', 'INT(10)', false, 0) or error(sprintf($lang_up['Error DB'], 'groups'), __FILE__, __LINE__, $db->error());
$db->query('UPDATE '.$db->prefix.'groups SET g_up_ext=\''.$db->escape(PLUGIN_EXTS).'\', g_up_limit=1073741824, g_up_max='.min(return_bytes(ini_get('upload_max_filesize')), return_bytes(ini_get('post_max_size'))).' WHERE g_id='.PUN_ADMIN) or error('Unable to update user group list', __FILE__, __LINE__, $db->error());
foreach ($data_grs as $g_id => $cur_group) {
$db->query('UPDATE ' . $db->prefix . 'groups SET g_up_ext=\'' . $db->escape($cur_group['g_up_ext']) . '\', g_up_limit=' . $cur_group['g_up_limit'] . ', g_up_max=' . $cur_group['g_up_max'] . ' WHERE g_id=' . $g_id) or error('Unable to update user group list', __FILE__, __LINE__, $db->error());
}
$db->query('DELETE FROM '.$db->prefix.'config WHERE conf_name LIKE \'o\_uploadile\_%\'') or error('Unable to remove config entries', __FILE__, __LINE__, $db->error());;
$db->query('INSERT INTO '.$db->prefix.'config (conf_name, conf_value) VALUES(\'o_uploadile_other\', \''.$db->escape(serialize($sconf)).'\')') or error($lang_up['Error DB ins-up'], __FILE__, __LINE__, $db->error());
$db->add_field('users', 'upload_size', 'INT(10)', false, 0) or error(sprintf($lang_up['Error DB'], 'users'), __FILE__, __LINE__, $db->error());
if (!defined('FORUM_CACHE_FUNCTIONS_LOADED'))
require PUN_ROOT.'include/cache.php';
if (isset($pun_user['upload'])) {
$db->query('UPDATE ' . $db->prefix . 'users SET upload_size=ROUND(upload/10485.76)') or error('Unable to update upload size of users', __FILE__, __LINE__, $db->error());
}
$db->drop_field('users', 'upload') or error('Unable to drop upload field', __FILE__, __LINE__, $db->error());
}
// Установка плагина/мода
if (isset($_POST['installation'])) {
$db->add_field('users', 'upload_size', 'INT(10)', false, 0) or error(sprintf($lang_up['Error DB'], 'users'), __FILE__, __LINE__, $db->error());
$db->add_field('groups', 'g_up_ext', 'VARCHAR(255)', false, PLUGIN_EXTS) or error(sprintf($lang_up['Error DB'], 'groups'), __FILE__, __LINE__, $db->error());
$db->add_field('groups', 'g_up_max', 'INT(10)', false, 0) or error(sprintf($lang_up['Error DB'], 'groups'), __FILE__, __LINE__, $db->error());
$db->add_field('groups', 'g_up_limit', 'INT(10)', false, 0) or error(sprintf($lang_up['Error DB'], 'groups'), __FILE__, __LINE__, $db->error());
$adm_max = (int) (min($upf_class->size(ini_get('upload_max_filesize')), $upf_class->size(ini_get('post_max_size'))) / 10485.76);
$db->query('UPDATE ' . $db->prefix . 'groups SET g_up_ext=\'' . $db->escape(PLUGIN_EXTS) . '\', g_up_limit=1024, g_up_max=' . $adm_max . ' WHERE g_id=' . PUN_ADMIN) or error('Unable to update user group list', __FILE__, __LINE__, $db->error());
$db->query('DELETE FROM ' . $db->prefix . 'config WHERE conf_name=\'o_upload_config\'') or error('Unable to remove config entries', __FILE__, __LINE__, $db->error());;
$db->query('INSERT INTO ' . $db->prefix . 'config (conf_name, conf_value) VALUES(\'o_upload_config\', \'' . $db->escape(serialize($sconf)) . '\')') or error($lang_up['Error DB ins-up'], __FILE__, __LINE__, $db->error());
if (! defined('FORUM_CACHE_FUNCTIONS_LOADED')) {
require PUN_ROOT . 'include/cache.php';
}
generate_config_cache();
@ -51,70 +117,70 @@ if (isset($_POST['installation']))
}
// Обновления параметров
else if (isset($_POST['update']))
{
if (!isset($pun_user['g_up_ext']))
{
$db->add_field('groups', 'g_up_ext', 'VARCHAR(255)', false, PLUGIN_EXTS) or error(sprintf($lang_up['Error DB'], 'groups'), __FILE__, __LINE__, $db->error());
$db->add_field('groups', 'g_up_max', 'INT(10)', false, 0) or error(sprintf($lang_up['Error DB'], 'groups'), __FILE__, __LINE__, $db->error());
$db->add_field('groups', 'g_up_limit', 'INT(15)', false, 0) or error(sprintf($lang_up['Error DB'], 'groups'), __FILE__, __LINE__, $db->error());
else if (isset($_POST['update'])) {
$g_up_ext = isset($_POST['g_up_ext']) ? array_map('pun_trim', $_POST['g_up_ext']) : [];
$g_up_max = isset($_POST['g_up_max']) ? array_map('floatval', $_POST['g_up_max']) : [];
$g_up_limit = isset($_POST['g_up_limit']) ? array_map('intval', $_POST['g_up_limit']) : [];
if (empty($g_up_limit)) {
$g_up_limit[PUN_ADMIN] = 1024;
$g_up_max[PUN_ADMIN] = 1024;
}
$g_up_ext = isset($_POST['g_up_ext']) ? array_map('pun_trim', $_POST['g_up_ext']) : array();
$g_up_limit = isset($_POST['g_up_limit']) ? array_map('intval', $_POST['g_up_limit']) : array();
$g_up_max = isset($_POST['g_up_max']) ? array_map('intval', $_POST['g_up_max']) : array();
$result = $db->query('SELECT g_id FROM '.$db->prefix.'groups ORDER BY g_id') or error('Unable to fetch user group list', __FILE__, __LINE__, $db->error());
while ($cur_group = $db->fetch_assoc($result))
if ($cur_group['g_id'] != PUN_GUEST)
{
if (isset($g_up_ext[$cur_group['g_id']]))
{
$g_ext = str_replace(' ', '', $g_up_ext[$cur_group['g_id']]);
$g_ext = preg_replace('%[,]+%u', ',', $g_ext);
if (preg_match('%^[0-9a-zA-Z][0-9a-zA-Z,]*[0-9a-zA-Z]$%uD', $g_ext) == 0)
$g_ext = PLUGIN_EXTS;
$g_ext = strtolower($g_ext);
}
else
$g_ext = PLUGIN_EXTS;
if ($cur_group['g_id'] == PUN_ADMIN)
{
$g_lim = 1073741824;
$g_max = min(return_bytes(ini_get('upload_max_filesize')), return_bytes(ini_get('post_max_size')));
}
else
{
$g_lim = (!isset($g_up_limit[$cur_group['g_id']]) || $g_up_limit[$cur_group['g_id']] < 0) ? 0 : $g_up_limit[$cur_group['g_id']];
$g_max = (!isset($g_up_max[$cur_group['g_id']]) || $g_up_max[$cur_group['g_id']] < 0) ? 0 : $g_up_max[$cur_group['g_id']];
$g_max = min($g_max, return_bytes(ini_get('upload_max_filesize')), return_bytes(ini_get('post_max_size')));
}
$db->query('UPDATE '.$db->prefix.'groups SET g_up_ext=\''.$db->escape($g_ext).'\', g_up_limit='.$g_lim.', g_up_max='.$g_max.' WHERE g_id='.$cur_group['g_id']) or error('Unable to update user group list', __FILE__, __LINE__, $db->error());
$result = $db->query('SELECT g_id FROM ' . $db->prefix . 'groups ORDER BY g_id') or error('Unable to fetch user group list', __FILE__, __LINE__, $db->error());
while ($cur_group = $db->fetch_assoc($result)) {
if ($cur_group['g_id'] == PUN_GUEST) {
continue;
}
if (isset($_POST['thumb']))
$sconf['thumb'] = ($_POST['thumb'] == '1' ? 1 : 0);
if (isset($_POST['thumb_size']) && $_POST['thumb_size'] > 0)
$sconf['thumb_size'] = intval($_POST['thumb_size']);
if (isset($_POST['thumb_perc']) && $_POST['thumb_perc'] > 0 && $_POST['thumb_perc'] <= 100)
$sconf['thumb_perc'] = intval($_POST['thumb_perc']);
if (isset($g_up_ext[$cur_group['g_id']])) {
$g_ext = str_replace(' ', '', $g_up_ext[$cur_group['g_id']]);
$g_ext = preg_replace('%[,]+%u', ',', $g_ext);
if (preg_match('%^[0-9a-zA-Z][0-9a-zA-Z,]*[0-9a-zA-Z]$%uD', $g_ext) == 0) {
$g_ext = PLUGIN_EXTS;
}
$g_ext = strtolower($g_ext);
} else {
$g_ext = PLUGIN_EXTS;
}
if (isset($_POST['pic_mass']) && $_POST['pic_mass'] >= 0)
$sconf['pic_mass'] = intval($_POST['pic_mass']);
if (isset($_POST['pic_perc']) && $_POST['pic_perc'] > 0 && $_POST['pic_perc'] <= 100)
$sconf['pic_perc'] = intval($_POST['pic_perc']);
if (isset($_POST['pic_w']) && $_POST['pic_w'] >= 100)
$sconf['pic_w'] = intval($_POST['pic_w']);
if (isset($_POST['pic_h']) && $_POST['pic_h'] >= 100)
$sconf['pic_h'] = intval($_POST['pic_h']);
$g_max = (! isset($g_up_max[$cur_group['g_id']]) || $g_up_max[$cur_group['g_id']] < 0) ? 0 : $g_up_max[$cur_group['g_id']];
$g_max = (int) (100 * min($g_max, $upf_class->size(ini_get('upload_max_filesize')) / 1048576, $upf_class->size(ini_get('post_max_size')) / 1048576));
$g_lim = (! isset($g_up_limit[$cur_group['g_id']]) || $g_up_limit[$cur_group['g_id']] < 0) ? 0 : $g_up_limit[$cur_group['g_id']];
$g_lim = min($g_lim, 20971520);
$db->query('DELETE FROM '.$db->prefix.'config WHERE conf_name LIKE \'o\_uploadile\_%\'') or error('Unable to remove config entries', __FILE__, __LINE__, $db->error());;
$db->query('INSERT INTO '.$db->prefix.'config (conf_name, conf_value) VALUES(\'o_uploadile_other\', \''.$db->escape(serialize($sconf)).'\')') or error($lang_up['Error DB ins-up'], __FILE__, __LINE__, $db->error());
$db->query('UPDATE ' . $db->prefix . 'groups SET g_up_ext=\'' . $db->escape($g_ext) . '\', g_up_limit=' . $g_lim . ', g_up_max=' . $g_max . ' WHERE g_id=' . $cur_group['g_id']) or error('Unable to update user group list', __FILE__, __LINE__, $db->error());
}
if (!defined('FORUM_CACHE_FUNCTIONS_LOADED'))
require PUN_ROOT.'include/cache.php';
if (isset($_POST['thumb'])) {
$sconf['thumb'] = $_POST['thumb'] == '1' ? 1 : 0;
}
if (isset($_POST['thumb_size']) && $_POST['thumb_size'] > 0) {
$sconf['thumb_size'] = (int) $_POST['thumb_size'];
}
if (isset($_POST['thumb_perc']) && $_POST['thumb_perc'] > 0 && $_POST['thumb_perc'] <= 100) {
$sconf['thumb_perc'] = (int) $_POST['thumb_perc'];
}
if (isset($_POST['pic_mass']) && $_POST['pic_mass'] >= 0) {
$sconf['pic_mass'] = (int) $_POST['pic_mass'];
}
if (isset($_POST['pic_perc']) && $_POST['pic_perc'] > 0 && $_POST['pic_perc'] <= 100) {
$sconf['pic_perc'] = (int) $_POST['pic_perc'];
}
if (isset($_POST['pic_w']) && $_POST['pic_w'] >= 100) {
$sconf['pic_w'] = (int) $_POST['pic_w'];
}
if (isset($_POST['pic_h']) && $_POST['pic_h'] >= 100) {
$sconf['pic_h'] = (int) $_POST['pic_h'];
}
$db->query('DELETE FROM ' . $db->prefix . 'config WHERE conf_name=\'o_upload_config\'') or error('Unable to remove config entries', __FILE__, __LINE__, $db->error());;
$db->query('INSERT INTO ' . $db->prefix . 'config (conf_name, conf_value) VALUES(\'o_upload_config\', \'' . $db->escape(serialize($sconf)) . '\')') or error($lang_up['Error DB ins-up'], __FILE__, __LINE__, $db->error());
if (! defined('FORUM_CACHE_FUNCTIONS_LOADED')) {
require PUN_ROOT . 'include/cache.php';
}
generate_config_cache();
@ -122,182 +188,165 @@ else if (isset($_POST['update']))
}
// Удаление мода
else if (isset($_POST['restore']))
{
$db->drop_field('users', 'upload') or error('Unable to drop upload field', __FILE__, __LINE__, $db->error());
else if (isset($_POST['restore'])) {
$db->drop_field('users', 'upload_size') or error('Unable to drop upload field', __FILE__, __LINE__, $db->error());
$db->drop_field('groups', 'g_up_ext') or error('Unable to drop g_up_ext field', __FILE__, __LINE__, $db->error());
$db->drop_field('groups', 'g_up_max') or error('Unable to drop g_up_max field', __FILE__, __LINE__, $db->error());
$db->drop_field('groups', 'g_up_limit') or error('Unable to drop g_up_limit field', __FILE__, __LINE__, $db->error());
$db->query('DELETE FROM '.$db->prefix.'config WHERE conf_name LIKE \'o\_uploadile\_%\'') or error('Unable to remove config entries', __FILE__, __LINE__, $db->error());;
$db->query('DELETE FROM ' . $db->prefix . 'config WHERE conf_name=\'o_upload_config\'') or error('Unable to remove config entries', __FILE__, __LINE__, $db->error());;
if (!defined('FORUM_CACHE_FUNCTIONS_LOADED'))
require PUN_ROOT.'include/cache.php';
if (! defined('FORUM_CACHE_FUNCTIONS_LOADED')) {
require PUN_ROOT . 'include/cache.php';
}
generate_config_cache();
redirect(PLUGIN_URL, $lang_up['Redirect']);
}
if (isset($pun_config['o_uploadile_other']))
$aconf = unserialize($pun_config['o_uploadile_other']);
else
{
if (isset($pun_config['o_upload_config'])) {
$aconf = unserialize($pun_config['o_upload_config']);
} else {
$aconf = $sconf;
$aconf['thumb'] = 0;
define('PLUGIN_OFF', 1);
}
$mem = 'img/members/';
$regx = '%^img/members/(\d+)/(.+)\.([0-9a-zA-Z]+)$%i';
$upf_mem = 'img/members/';
$upf_regx = '%^img/members/(\d+)/([\w-]+)\.(\w+)$%iD';
// #############################################################################
// Удаление файлов
if (isset($_POST['delete']) && isset($_POST['delete_f']) && is_array($_POST['delete_f']))
{
$error = 0;
if (isset($_POST['delete'], $_POST['delete_f']) && is_array($_POST['delete_f'])) {
$error = false;
if (is_dir(PUN_ROOT.$mem))
{
$au = array();
foreach ($_POST['delete_f'] as $file)
{
preg_match($regx, $file, $fi);
if (!isset($fi[1]) || !isset($fi[2]) || !isset($fi[3])) continue;
$f = parse_file($fi[2].'.'.$fi[3]);
$dir = $mem.$fi[1].'/';
if (is_file(PUN_ROOT.$dir.$f))
{
$au[$fi[1]] = $fi[1];
if (unlink(PUN_ROOT.$dir.$f))
{
if (is_file(PUN_ROOT.$dir.'mini_'.$f))
unlink(PUN_ROOT.$dir.'mini_'.$f);
if (is_dir(PUN_ROOT . $upf_mem)) {
$au = [];
foreach ($_POST['delete_f'] as $file) {
if (
preg_match($upf_regx, $file, $matches)
&& false === $upf_class->inBlackList($matches[3])
&& 'mini_' !== substr($matches[2], 0, 5)
&& is_file(PUN_ROOT . $file)
) {
if (unlink(PUN_ROOT . $file)) {
$id = (int) $matches[1];
$au[$id] = $id;
if (is_file(PUN_ROOT . $upf_mem . $matches[1] . '/mini_' . $matches[2] . '.' . $matches[3])) {
unlink(PUN_ROOT . $upf_mem . $matches[1] . '/mini_' . $matches[2] . '.' . $matches[3]);
}
} else {
$error = true;
}
else
$error++;
} else {
$error = true;
}
}
if (!defined('PLUGIN_OFF'))
{
foreach ($au as $user)
{
if (! defined('PLUGIN_OFF')) {
foreach ($au as $user) {
// Считаем общий размер файлов юзера
$upload = dir_size($mem.$user.'/');
$db->query('UPDATE '.$db->prefix.'users SET upload=\''.$upload.'\' WHERE id='.$user) or error($lang_up['Error DB ins-up'], __FILE__, __LINE__, $db->error());
$upload = (int) ($upf_class->dirSize(PUN_ROOT . $upf_mem . $user . '/') / 10485.76);
$db->query('UPDATE ' . $db->prefix . 'users SET upload_size=\'' . $upload . '\' WHERE id=' . $user) or error($lang_up['Error DB ins-up'], __FILE__, __LINE__, $db->error());
}
}
}
$p = (!isset($_GET['p']) || $_GET['p'] <= 1) ? 1 : intval($_GET['p']);
$p = empty($_GET['p']) || $_GET['p'] < 1 ? 1 : (int) $_GET['p'];
if ($error == 0)
redirect(PLUGIN_URL.($p > 1 ? '&amp;p='.$p : ''), $lang_up['Redirect delete']);
else
{
$pun_config['o_redirect_delay'] = 5;
redirect(PLUGIN_URL.($p > 1 ? '&amp;p='.$p : ''), $lang_up['Error'].$lang_up['Error delete']);
if ($error) {
if ($pun_config['o_redirect_delay'] < 5) {
$pun_config['o_redirect_delay'] = 5;
}
redirect(PLUGIN_URL . ($p > 1 ? '&amp;p=' . $p : ''), $lang_up['Error'] . $lang_up['Error delete']);
} else {
redirect(PLUGIN_URL . ($p > 1 ? '&amp;p=' . $p : ''), $lang_up['Redirect delete']);
}
}
if (file_exists(PUN_ROOT.'style/'.$pun_user['style'].'/upfiles.css'))
$s = '<link rel="stylesheet" type="text/css" href="style/'.$pun_user['style'].'/upfiles.css" />';
else
if (file_exists(PUN_ROOT . 'style/' . $pun_user['style'] . '/upfiles.css')) {
$s = '<link rel="stylesheet" type="text/css" href="style/' . $pun_user['style'] . '/upfiles.css" />';
} else {
$s = '<link rel="stylesheet" type="text/css" href="style/imports/upfiles.css" />';
$tpl_main = str_replace('</head>', $s."\n</head>", $tpl_main);
}
$tpl_main = str_replace('</head>', $s . "\n</head>", $tpl_main);
// Display the admin navigation menu
generate_admin_menu($plugin);
$tabindex = 1;
$upf_token = function_exists('csrf_hash') ? csrf_hash('AP_Upload.php') : pun_csrf_token();
?>
<div id="upf-block" class="plugin blockform">
<h2><span>Plugin Upload Files v.<?php echo PLUGIN_VERSION ?></span></h2>
<h2><span>Plugin Upload Files v.<?= PLUGIN_VERSION ?></span></h2>
<div class="box">
<div class="inbox">
<p><?php echo $lang_up['plugin_desc'] ?></p>
<form action="<?php echo PLUGIN_URL ?>" method="post">
<p><?= $lang_up['plugin_desc'] ?></p>
<form action="<?= PLUGIN_URL ?>" method="post">
<p>
<input type="hidden" name="csrf_hash" value="<?= $upf_token ?>" />
<?php
$stthumb = '" disabled="disabled';
if (defined('PLUGIN_OFF'))
{
if (defined('PLUGIN_OFF')) {
?>
<input type="submit" name="installation" value="<?php echo $lang_up['Install'] ?>" />&#160;<?php echo $lang_up['Install info'] ?><br />
<input type="submit" name="installation" value="<?= $lang_up['Install'] ?>" />&#160;<?= $lang_up['Install info'] ?><br />
</p>
</form>
</div>
</div>
<?php
}
else
{
if ($aconf['thumb'] == 1 && $gd)
$stthumb = '';
if ($gd)
{
$disbl = '';
$gd_vers = gd_info();
$gd_vers = $gd_vers['GD Version'];
}
else
{
$disbl = '" disabled="disabled';
$gd_vers = '-';
}
} else {
$disbl = (true === $upf_class->isResize()) ? '' : '" disabled="disabled';
$stthumb = ('' === $disbl && 1 == $aconf['thumb']) ? '' : '" disabled="disabled';
?>
<input type="submit" name="update" value="<?php echo $lang_up['Update'] ?>" />&#160;<?php echo $lang_up['Update info'] ?><br />
<input type="submit" name="restore" value="<?php echo $lang_up['Uninstall'] ?>" />&#160;<?php echo $lang_up['Uninstall info'] ?><br /><br />
<input type="submit" name="update" value="<?= $lang_up['Update'] ?>" />&#160;<?= $lang_up['Update info'] ?><br />
<input type="submit" name="restore" value="<?= $lang_up['Uninstall'] ?>" />&#160;<?= $lang_up['Uninstall info'] ?><br /><br />
</p>
</form>
</div>
</div>
<h2 class="block2"><span><?php echo $lang_up['configuration'] ?></span></h2>
<h2 class="block2"><span><?= $lang_up['configuration'] ?></span></h2>
<div class="box">
<form method="post" action="<?php echo PLUGIN_URL ?>">
<p class="submittop"><input type="submit" name="update" value="<?php echo $lang_up['Update'] ?>" tabindex="<?php echo $tabindex++ ?>" /></p>
<form method="post" action="<?= PLUGIN_URL ?>">
<p class="submittop"><input type="submit" name="update" value="<?= $lang_up['Update'] ?>" tabindex="<?= $tabindex++ ?>" /></p>
<div class="inform">
<fieldset>
<legend><?php echo $lang_up['legend_2'] ?></legend>
<legend><?= $lang_up['legend_2'] ?></legend>
<div class="infldset">
<table>
<tr>
<th scope="row"><label>GD Version</label></th>
<td><?php echo pun_htmlspecialchars($gd_vers) ?></td>
<th scope="row"><label><?= $upf_class->getLibName() ?></label></th>
<td><?= pun_htmlspecialchars($upf_class->getLibVersion()) ?></td>
</tr>
<tr>
<th scope="row"><label for="pic_mass"><?php echo $lang_up['pictures'] ?></label></th>
<th scope="row"><label><?= $lang_up['pictures'] ?></label></th>
<td>
<?php echo $lang_up['for pictures']."\n" ?>
<input type="text" name="pic_mass" size="8" maxlength="8" tabindex="<?php echo $tabindex++ ?>" value="<?php echo pun_htmlspecialchars($aconf['pic_mass']).$disbl ?>" />&#160;<?php echo $lang_up['bytes'].":\n" ?><br />
&#160;*&#160;<?php echo $lang_up['to jpeg'] ?><br />
&#160;*&#160;<?php echo $lang_up['Install quality']."\n" ?>
<input type="text" name="pic_perc" size="4" maxlength="3" tabindex="<?php echo $tabindex++ ?>" value="<?php echo pun_htmlspecialchars($aconf['pic_perc']).$disbl ?>" />&#160;%<br />
&#160;*&#160;<?php echo $lang_up['Size not more']."\n" ?>
<input type="text" name="pic_w" size="4" maxlength="4" tabindex="<?php echo $tabindex++ ?>" value="<?php echo pun_htmlspecialchars($aconf['pic_w']).$disbl ?>" />&#160;x
<input type="text" name="pic_h" size="4" maxlength="4" tabindex="<?php echo $tabindex++ ?>" value="<?php echo pun_htmlspecialchars($aconf['pic_h']).$disbl ?>" />&#160;<?php echo $lang_up['px']."\n" ?>
<?= $lang_up['for pictures'] . "\n" ?>
<input type="text" name="pic_mass" size="8" maxlength="8" tabindex="<?= $tabindex++ ?>" value="<?= pun_htmlspecialchars($aconf['pic_mass']) . $disbl ?>" />&#160;<?= $lang_up['kbytes'] . ":\n" ?><br />
&#160;*&#160;<?= $lang_up['Install quality'] . "\n" ?>
<input type="text" name="pic_perc" size="4" maxlength="3" tabindex="<?= $tabindex++ ?>" value="<?= pun_htmlspecialchars($aconf['pic_perc']) . $disbl ?>" />&#160;%<br />
&#160;*&#160;<?= $lang_up['Size not more'] . "\n" ?>
<input type="text" name="pic_w" size="4" maxlength="4" tabindex="<?= $tabindex++ ?>" value="<?= pun_htmlspecialchars($aconf['pic_w']) . $disbl ?>" />&#160;x
<input type="text" name="pic_h" size="4" maxlength="4" tabindex="<?= $tabindex++ ?>" value="<?= pun_htmlspecialchars($aconf['pic_h']) . $disbl ?>" />&#160;<?= $lang_up['px'] . "\n" ?>
</td>
</tr>
<tr>
<th scope="row"><label for="thumb"><?php echo $lang_up['thumb'] ?></label></th>
<th scope="row"><label><?= $lang_up['thumb'] ?></label></th>
<td>
<input type="radio" tabindex="<?php echo ($tabindex++).$disbl ?>" name="thumb" value="1"<?php if ($aconf['thumb'] == 1) echo ' checked="checked"' ?> /> <strong><?php echo $lang_admin_common['Yes'] ?></strong>
<input type="radio" tabindex="<?= ($tabindex++) . $disbl ?>" name="thumb" value="1"<?= $aconf['thumb'] == 1 ? ' checked="checked"' : '' ?> /> <strong><?= $lang_admin_common['Yes'] ?></strong>
&#160;&#160;&#160;
<input type="radio" tabindex="<?php echo ($tabindex++).$disbl ?>" name="thumb" value="0"<?php if ($aconf['thumb'] == 0) echo ' checked="checked"' ?> /> <strong><?php echo $lang_admin_common['No'] ?></strong>
<input type="radio" tabindex="<?= ($tabindex++) . $disbl ?>" name="thumb" value="0"<?= $aconf['thumb'] == 0 ? ' checked="checked"' : '' ?> /> <strong><?= $lang_admin_common['No'] ?></strong>
<br />
&#160;*&#160;<?php echo $lang_up['thumb_size']."\n" ?>
<input type="text" name="thumb_size" size="4" maxlength="4" tabindex="<?php echo $tabindex++ ?>" value="<?php echo pun_htmlspecialchars($aconf['thumb_size']).$disbl ?>" />&#160;<?php echo $lang_up['px']."\n" ?><br />
&#160;*&#160;<?php echo $lang_up['quality']."\n" ?>
<input type="text" name="thumb_perc" size="4" maxlength="3" tabindex="<?php echo $tabindex++ ?>" value="<?php echo pun_htmlspecialchars($aconf['thumb_perc']).$disbl ?>" />&#160;%
&#160;*&#160;<?= $lang_up['thumb_size'] . "\n" ?>
<input type="text" name="thumb_size" size="4" maxlength="4" tabindex="<?= $tabindex++ ?>" value="<?= pun_htmlspecialchars($aconf['thumb_size']) . $disbl ?>" />&#160;<?= $lang_up['px'] . "\n" ?><br />
&#160;*&#160;<?= $lang_up['quality'] . "\n" ?>
<input type="text" name="thumb_perc" size="4" maxlength="3" tabindex="<?= $tabindex++ ?>" value="<?= pun_htmlspecialchars($aconf['thumb_perc']) . $disbl ?>" />&#160;%
</td>
</tr>
</table>
@ -307,17 +356,17 @@ else
<div class="inform">
<fieldset>
<legend><?php echo $lang_up['groups'] ?></legend>
<legend><?= $lang_up['groups'] ?></legend>
<div class="infldset">
<div class="inbox">
<p>1* - <?php echo $lang_up['laws'] ?></p>
<p>2* - <?php echo $lang_up['maxsize_member'] ?></p>
<p>3* - <?php echo $lang_up['limit_member'] ?></p>
<p>1* - <?= $lang_up['laws'] ?></p>
<p>2* - <?= $lang_up['maxsize_member'] ?></p>
<p>3* - <?= $lang_up['limit_member'] ?></p>
</div>
<table class="aligntop">
<thead>
<tr>
<th class="tcl" scope="col"><?php echo $lang_up['group'] ?></th>
<th class="tcl" scope="col"><?= $lang_up['group'] ?></th>
<th class="tc2" scope="col">1*</th>
<th class="tcr" scope="col">2*</th>
<th class="tcr" scope="col">3*</th>
@ -326,27 +375,26 @@ else
<tbody>
<?php
$result = $db->query('SELECT * FROM '.$db->prefix.'groups ORDER BY g_id') or error('Unable to fetch user group list', __FILE__, __LINE__, $db->error());
$result = $db->query('SELECT * FROM ' . $db->prefix . 'groups ORDER BY g_id') or error('Unable to fetch user group list', __FILE__, __LINE__, $db->error());
while ($cur_group = $db->fetch_assoc($result))
if ($cur_group['g_id'] != PUN_GUEST)
{
if (!isset($cur_group['g_up_ext']))
{
while ($cur_group = $db->fetch_assoc($result)) {
if ($cur_group['g_id'] != PUN_GUEST) {
if (! isset($cur_group['g_up_ext'])) {
$cur_group['g_up_max'] = $cur_group['g_up_limit'] = 0;
$cur_group['g_up_ext'] = '';
}
?>
<tr>
<td class="tcl"><?php echo pun_htmlspecialchars($cur_group['g_title']) ?></td>
<td class="tc2"><input type="text" name="g_up_ext[<?php echo $cur_group['g_id'] ?>]" value="<?php echo pun_htmlspecialchars($cur_group['g_up_ext']) ?>" tabindex="<?php echo $tabindex++ ?>" size="40" maxlength="255" /></td>
<td class="tcr"><input type="text" name="g_up_max[<?php echo $cur_group['g_id'] ?>]" value="<?php echo $cur_group['g_up_max'] ?>" tabindex="<?php echo $tabindex++ ?>" size="10" maxlength="10" <?php echo ($cur_group['g_id'] == PUN_ADMIN ? 'disabled="disabled" ' : '')?>/></td>
<td class="tcr"><input type="text" name="g_up_limit[<?php echo $cur_group['g_id'] ?>]" value="<?php echo $cur_group['g_up_limit'] ?>" tabindex="<?php echo $tabindex++ ?>" size="10" maxlength="10" <?php echo ($cur_group['g_id'] == PUN_ADMIN ? 'disabled="disabled" ' : '')?>/></td>
<td class="tcl"><?= pun_htmlspecialchars($cur_group['g_title']) ?></td>
<td class="tc2"><input type="text" name="g_up_ext[<?= $cur_group['g_id'] ?>]" value="<?= pun_htmlspecialchars($cur_group['g_up_ext']) ?>" tabindex="<?= $tabindex++ ?>" size="40" maxlength="255" /></td>
<td class="tcr"><input type="text" name="g_up_max[<?= $cur_group['g_id'] ?>]" value="<?= $cur_group['g_up_max'] / 100 ?>" tabindex="<?= $tabindex++ ?>" size="10" maxlength="10" /></td>
<td class="tcr"><input type="text" name="g_up_limit[<?= $cur_group['g_id'] ?>]" value="<?= $cur_group['g_up_limit'] ?>" tabindex="<?= $tabindex++ ?>" size="10" maxlength="10" /></td>
</tr>
<?php
}
}
?>
</tbody>
@ -355,14 +403,17 @@ else
</fieldset>
</div>
<p class="submitend"><input type="submit" name="update" value="<?php echo $lang_up['Update'] ?>" tabindex="<?php echo $tabindex++ ?>" /></p>
<p class="submitend">
<input type="hidden" name="csrf_hash" value="<?= $upf_token ?>" />
<input type="submit" name="update" value="<?= $lang_up['Update'] ?>" tabindex="<?= $tabindex++ ?>" />
</p>
<div class="inform">
<fieldset>
<legend><?php echo $lang_up['legend_1'] ?></legend>
<legend><?= $lang_up['legend_1'] ?></legend>
<div class="infldset">
<label for="mo"><?php echo $lang_up['mo'] ?></label> <input type="text" name="mo" id="mo" size="15" tabindex="<?php echo $tabindex++ ?>" /> <input type="button" value="<?php echo $lang_up['convert'] ?>" tabindex="<?php echo $tabindex++ ?>" onclick="javascript:document.getElementById('ko').value=document.getElementById('mo').value*1024; document.getElementById('o').value=document.getElementById('mo').value*1048576;" />
<label for="ko"><?php echo $lang_up['ko'] ?></label> <input type="text" name="ko" id="ko" size="15" tabindex="<?php echo $tabindex++ ?>" /> <input type="button" value="<?php echo $lang_up['convert'] ?>" tabindex="<?php echo $tabindex++ ?>" onclick="javascript:document.getElementById('mo').value=document.getElementById('ko').value/1024; document.getElementById('o').value=document.getElementById('ko').value*1024;"/>
<label for="o"><?php echo $lang_up['o'] ?></label> <input type="text" name="o" id="o" size="15" tabindex="<?php echo $tabindex++ ?>" /> <input type="button" value="<?php echo $lang_up['convert'] ?>" tabindex="<?php echo $tabindex++ ?>" onclick="javascript:document.getElementById('mo').value=document.getElementById('o').value/1048576; document.getElementById('ko').value=(document.getElementById('o').value*1024)/1048576;"/>
<label for="mo"><?= $lang_up['mo'] ?></label> <input type="text" name="mo" id="mo" size="15" tabindex="<?= $tabindex++ ?>" /> <input type="button" value="<?= $lang_up['convert'] ?>" tabindex="<?= $tabindex++ ?>" onclick="javascript:document.getElementById('ko').value=document.getElementById('mo').value*1024; document.getElementById('o').value=document.getElementById('mo').value*1048576;" />
<label for="ko"><?= $lang_up['ko'] ?></label> <input type="text" name="ko" id="ko" size="15" tabindex="<?= $tabindex++ ?>" /> <input type="button" value="<?= $lang_up['convert'] ?>" tabindex="<?= $tabindex++ ?>" onclick="javascript:document.getElementById('mo').value=document.getElementById('ko').value/1024; document.getElementById('o').value=document.getElementById('ko').value*1024;"/>
<label for="o"><?= $lang_up['o'] ?></label> <input type="text" name="o" id="o" size="15" tabindex="<?= $tabindex++ ?>" /> <input type="button" value="<?= $lang_up['convert'] ?>" tabindex="<?= $tabindex++ ?>" onclick="javascript:document.getElementById('mo').value=document.getElementById('o').value/1048576; document.getElementById('ko').value=(document.getElementById('o').value*1024)/1048576;"/>
</div>
</fieldset>
</div>
@ -371,48 +422,52 @@ else
<?php
}
// #############################################################################
$files = array();
if (is_dir(PUN_ROOT.$mem))
{
$af = array();
$ad = scandir(PUN_ROOT.$mem);
foreach($ad as $f)
{
if ($f != '.' && $f != '..' && is_dir(PUN_ROOT.$mem.$f))
{
$dir = $mem.$f.'/';
$open = opendir(PUN_ROOT.$dir);
while(($file = readdir($open)) !== false)
{
if (is_file(PUN_ROOT.$dir.$file) && $file[0] != '.' && $file[0] != '#' && substr($file, 0, 5) != 'mini_')
{
$ext = strtolower(substr(strrchr($file, '.'), 1)); // берем расширение файла
if (!in_array($ext, $extforno))
{
$time = filemtime(PUN_ROOT.$dir.$file).$file.$f;
$af[$time] = $dir.$file;
}
}
}
closedir($open);
$files = [];
if (is_dir(PUN_ROOT . $upf_mem)) {
$af = [];
$ad = scandir(PUN_ROOT . $upf_mem);
foreach($ad as $f) {
if ('.' === $f[0] || ! is_dir(PUN_ROOT . $upf_mem . $f)) {
continue;
}
$dir = $upf_mem . $f . '/';
$open = opendir(PUN_ROOT . $dir);
while (false !== ($file = readdir($open))) {
if (
'.' === $file[0]
|| '#' === $file[0]
|| 'mini_' === substr($file, 0, 5)
|| true === $upf_class->inBlackList(substr(strrchr($file, '.'), 1))
|| ! is_file(PUN_ROOT . $dir . $file)
) {
continue;
}
$time = filemtime(PUN_ROOT . $dir . $file) . $file . $f;
$af[$time] = $dir . $file;
}
closedir($open);
}
unset($ad);
if (!empty($af))
{
$num_pages = ceil(sizeof($af) / PLUGIN_NF);
$p = (!isset($_GET['p']) || $_GET['p'] <= 1) ? 1 : intval($_GET['p']);
if ($p > $num_pages)
{
header('Location: '.PLUGIN_URL.'&p='.$num_pages.'#gofile');
if (! empty($af)) {
$num_pages = ceil(count($af) / PLUGIN_NF);
$p = (empty($_GET['p']) || $_GET['p'] < 1) ? 1 : (int) $_GET['p'];
if ($p > $num_pages) {
header('Location: ' . PLUGIN_URL . '&p=' . $num_pages . '#gofile');
exit;
}
$start_from = PLUGIN_NF * ($p - 1);
// Generate paging links
$paging_links = '<span class="pages-label">'.$lang_common['Pages'].' </span>'.paginate($num_pages, $p, PLUGIN_URL);
$paging_links = '<span class="pages-label">' . $lang_common['Pages'] . ' </span>' . paginate($num_pages, $p, PLUGIN_URL);
$paging_links = preg_replace('%href="([^">]+)"%', 'href="$1#gofile"', $paging_links);
krsort($af);
@ -422,106 +477,144 @@ if (is_dir(PUN_ROOT.$mem))
}
?>
<h2 id="gofile" class="block2"><span><?php echo $lang_up['Member files'] ?></span></h2>
<h2 id="gofile" class="block2"><span><?= $lang_up['Member files'] ?></span></h2>
<div class="box">
<?php
if (empty($files))
{
if (empty($files)) {
?>
<div class="inbox">
<p><?php echo $lang_up['No upfiles'] ?></p>
<p><?= $lang_up['No upfiles'] ?></p>
</div>
<?php
}
else
{
} else {
?>
<div class="inbox">
<div class="pagepost">
<p class="pagelink conl"><?php echo $paging_links ?></p>
<p class="pagelink conl"><?= $paging_links ?></p>
</div>
</div>
<form method="post" action="<?php echo PLUGIN_URL.($p > 1 ? '&amp;p='.$p : '').'#gofile' ?>">
<form method="post" action="<?= PLUGIN_URL . ($p > 1 ? '&amp;p=' . $p : '') . '#gofile' ?>">
<div class="inform">
<p class="submittop"><input type="submit" name="update_thumb" value="<?php echo $lang_up['update_thumb'].$stthumb ?>" /></p>
<p class="submittop">
<input type="hidden" name="csrf_hash" value="<?= $upf_token ?>" />
<input type="submit" name="update_thumb" value="<?= $lang_up['update_thumb'] . $stthumb ?>" />
</p>
<div class="infldset">
<table id="upf-table" class="aligntop">
<thead>
<tr>
<th class="upf-c1" scope="col"><?php echo $lang_up['th0'] ?></th>
<th class="upf-c2" scope="col"><?php echo $lang_up['th1'] ?></th>
<th class="upf-c3" scope="col"><?php echo $lang_up['th2'] ?></th>
<th class="upf-c4" scope="col"><input type="submit" value="<?php echo $lang_up['delete'] ?>" name="delete" tabindex="<?php echo $tabindex++ ?>" /></th>
<th class="upf-c1" scope="col"><?= $lang_up['th0'] ?></th>
<th class="upf-c2" scope="col"><?= $lang_up['th1'] ?></th>
<th class="upf-c3" scope="col"><?= $lang_up['th2'] ?></th>
<th class="upf-c4" scope="col"><input type="submit" value="<?= $lang_up['delete'] ?>" name="delete" tabindex="<?= $tabindex++ ?>" /></th>
</tr>
</thead>
<tfoot>
<tr>
<th class="upf-c1"><?php echo $lang_up['th0'] ?></th>
<th class="upf-c2"><?php echo $lang_up['th1'] ?></th>
<th class="upf-c3"><?php echo $lang_up['th2'] ?></th>
<th class="upf-c4"><input type="submit" value="<?php echo $lang_up['delete'] ?>" name="delete" tabindex="<?php echo $tabindex++ ?>" /></th>
<th class="upf-c1"><?= $lang_up['th0'] ?></th>
<th class="upf-c2"><?= $lang_up['th1'] ?></th>
<th class="upf-c3"><?= $lang_up['th2'] ?></th>
<th class="upf-c4"><input type="submit" value="<?= $lang_up['delete'] ?>" name="delete" tabindex="<?= $tabindex++ ?>" /></th>
</tr>
</tfoot>
<tbody>
<?php
// данные по юзерам
$au = $ag = array();
$result = $db->query('SELECT id, username, group_id FROM '.$db->prefix.'users WHERE group_id!='.PUN_UNVERIFIED) or error('Unable to fetch user information', __FILE__, __LINE__, $db->error());
while ($u = $db->fetch_assoc($result))
{
$au = [];
foreach ($files as $file) {
if (preg_match($upf_regx, $file, $fi)) {
$id = (int) $fi[1];
$au[$id] = $id;
}
}
$result = $db->query('SELECT id, username, group_id FROM ' . $db->prefix . 'users WHERE id IN(' . implode(',', $au) . ')') or error('Unable to fetch user information', __FILE__, __LINE__, $db->error());
$au = $ag = [];
while ($u = $db->fetch_assoc($result)) {
$au[$u['id']] = $u['username'];
$ag[$u['id']] = $u['group_id'];
}
$db->free_result($result);
// данные по группам
$extsup = array();
$result = $db->query('SELECT * FROM '.$db->prefix.'groups') or error('Unable to fetch user group list', __FILE__, __LINE__, $db->error());
while ($g = $db->fetch_assoc($result))
{
if (isset($g['g_up_ext']))
$extsup[$g['g_id']] = explode(',', $g['g_up_ext'].','.strtoupper($g['g_up_ext']));
else
$extsup[$g['g_id']] = array();
$extsup = [];
$result = $db->query('SELECT * FROM ' . $db->prefix . 'groups') or error('Unable to fetch user group list', __FILE__, __LINE__, $db->error());
while ($g = $db->fetch_assoc($result)) {
if (isset($g['g_up_ext'])) {
$extsup[$g['g_id']] = explode(',', $g['g_up_ext'] . ',' . strtoupper($g['g_up_ext']));
} else {
$extsup[$g['g_id']] = [];
}
}
$db->free_result($result);
foreach ($files as $file)
{
preg_match($regx, $file, $fi);
if (!isset($fi[1]) || !isset($fi[2]) || !isset($fi[3])) continue;
$fb = in_array(strtolower($fi[3]), array('jpg', 'jpeg', 'gif', 'png', 'bmp')) ? '" class="fancy_zoom" rel="vi001' : '';
$dir = $mem.$fi[1].'/';
$size_file = file_size(filesize(PUN_ROOT.$file));
$miniature = $dir.'mini_'.$fi[2].'.'.$fi[3];
if (isset($_POST['update_thumb']) && $aconf['thumb'] == 1 && array_key_exists(strtolower($fi[3]),$extimageGD))
img_resize(PUN_ROOT.$file, $dir, 'mini_'.$fi[2], $fi[3], 0, $aconf['thumb_size'], $aconf['thumb_perc']);
$upf_img_exts = ['jpg', 'jpeg', 'gif', 'png', 'bmp', 'webp'];
foreach ($files as $file) {
if (! preg_match($upf_regx, $file, $fi)) {
continue;
}
$fancybox = in_array(strtolower($fi[3]), $upf_img_exts) ? '" class="fancy_zoom" rel="vi001' : '';
$dir = $upf_mem . $fi[1] . '/';
$size_file = file_size(filesize(PUN_ROOT . $file));
$miniature = $dir . 'mini_' . $fi[2] . '.' . $fi[3];
if (
isset($_POST['update_thumb'])
&& 1 == $aconf['thumb']
&& true === $upf_class->loadFile(PUN_ROOT . $file)
&& true === $upf_class->isImage()
&& false !== $upf_class->loadImage()
) {
$upf_class->setImageQuality($aconf['thumb_perc']);
$scaleResize = $upf_class->resizeImage(null, $aconf['thumb_size']);
if (false !== $scaleResize) {
if ($scaleResize < 1) {
$upf_class->saveImage(PUN_ROOT . $miniature, true);
} else {
copy(PUN_ROOT . $file, PUN_ROOT . $miniature);
chmod(PUN_ROOT . $miniature, 0644);
}
}
}
?>
<tr>
<td class="upf-c1"><?php echo (isset($au[$fi[1]]) ? pun_htmlspecialchars($au[$fi[1]]) : '&#160;') ?></td>
<td class="upf-c2"><a href="<?php echo pun_htmlspecialchars($file) ?>"><?php echo pun_htmlspecialchars($fi[2]) ?></a> [<?php echo pun_htmlspecialchars($size_file) ?>].[<?php echo (isset($ag[$fi[1]]) && in_array($fi[3], $extsup[$ag[$fi[1]]]) ? pun_htmlspecialchars($fi[3]) : '<span style="color: #ff0000"><strong>'.pun_htmlspecialchars($fi[3]).'</strong></span>') ?>]</td>
<td class="upf-c1"><?= (isset($au[$fi[1]]) ? pun_htmlspecialchars($au[$fi[1]]) : '&#160;') ?></td>
<td class="upf-c2"><a href="<?= pun_htmlspecialchars($file) ?>"><?= pun_htmlspecialchars($fi[2]) ?></a> [<?= pun_htmlspecialchars($size_file) ?>].[<?= (isset($ag[$fi[1]]) && in_array($fi[3], $extsup[$ag[$fi[1]]]) ? pun_htmlspecialchars($fi[3]) : '<span style="color: #ff0000"><strong>' . pun_htmlspecialchars($fi[3]) . '</strong></span>') ?>]</td>
<?php
if (is_file(PUN_ROOT.$miniature) && ($size = getimagesize(PUN_ROOT.$miniature)) !== false)
echo "\t\t\t\t\t\t\t\t\t".'<td class="upf-c3"><a href="'.pun_htmlspecialchars($file).$fb.'"><img style="width:'.min(150, $size[0]).'px" src="'.pun_htmlspecialchars($miniature).'" alt="'.pun_htmlspecialchars($fi[2]).'" /></a></td>'."\n";
else
echo "\t\t\t\t\t\t\t\t\t".'<td class="upf-c3">'.$lang_up['no_preview'].'</td>'."\n";
if (is_file(PUN_ROOT . $miniature)) {
?>
<td class="upf-c4"><input type="checkbox" name="delete_f[]" value="<?php echo pun_htmlspecialchars($file) ?>" tabindex="<?php echo $tabindex++ ?>" /></td>
<td class="upf-c3">
<a href="<?= pun_htmlspecialchars($file) . $fancybox ?>">
<img src="<?= pun_htmlspecialchars($miniature) ?>" alt="<?= pun_htmlspecialchars($fi[2]) ?>" />
</a>
</td>
<?php
} else {
?>
<td class="upf-c3"><?= $lang_up['no_preview'] ?></td>
<?php
}
?>
<td class="upf-c4"><input type="checkbox" name="delete_f[]" value="<?= pun_htmlspecialchars($file) ?>" tabindex="<?= $tabindex++ ?>" /></td>
</tr>
<?php
} // end foreach
?>
</tbody>
</table>
@ -531,7 +624,7 @@ else
<div class="inbox">
<div class="pagepost">
<p class="pagelink conl"><?php echo $paging_links ?></p>
<p class="pagelink conl"><?= $paging_links ?></p>
</div>
</div>

Some files were not shown because too many files have changed in this diff Show more