Fix: replace the obsolete column name "filename" with the new name "pathname"

According to https://en.wikipedia.org/wiki/Date_and_time_notation_in_Bahrain

CHANGELOG

@@ -1,6 +1,382 @@
 my little forum changelog
 -------------------------
 
+20250323.1 (2025-03-23)
+-----------------------
+
+- feature: add database entries for uploaded images that was uploaded before the upload management was introduced, add new icons for it as SVG
+- change: change the appearance of the sidebar toggle in its heading, add new icons for it as SVG
+- change: replace a few occurences of JS-based focus setting to form fields with the corresponding HTML attributes
+- change: all index columns and columns, that stores indexes as foreign keys are unsigned now, this doubles their value range
+- change: new appearance of the templates for login, registration and sending forgotten passwords
+- fix: added INTL time format strings to all language files according the languages own rules when known
+- fix: remove the emtying of a search field when setting the focus to the field
+- fix: display MySQL errors in the upgrade script, was broken before
+- fix: a user list, restricted to logged-in users, was still displayed after users logout
+- fix: several errors in the HTML structure in the posting form template
+
+20241215.1 (2024-12-15)
+-----------------------
+
+- change: use modern form elements and field types, where it is appropriate
+- change: set autofocus into the first input element of a form after loading the page, where it is appropriate
+- change: add attribute required for form fields, that must be completed, this might prevent unnecessarily sending form contents
+- change: rearrange the text input field and the formatting buttons in the posting form
+- change: make the posting form behaviour better on mobile devices and for screen-reader programs
+- change: rework of the popups for uploading images for use in postings and also the form for uploading avatar images
+- change: reformatting of the thread tree items with breaking points to behave better in narrow viewports
+- change: move the no-text icon from the end of the subject to the icon list after the metadata (author and date)
+- change: set the posting date into a time element, enhances the machine readability
+- fix: broken SQL query for selecting the postings of a specified category on a thread overview page
+- fix: make images of type WebP appear in the uploaded images gallery in the upload images popup
+- fix: restrict the sidebar in narrow viewports to its width
+- fix: prevent the use of unhidden passwords for the AI training of browser vendors
+- fix: added forgotten writing direction aware formatting for form elements
+- fix: take the time of a posting and the time of registration of a user into account, when checking for a username collision
+- fix: do not check for a username collision when an administrator or moderatior edits a posting of an unregistered forum user
+- fix: remove tabindex attributes from form elements which caused a weird tab order on the posting form page
+
+20240827.1 (2024-08-27)
+-----------------------
+
+- change: rewrite the styling (CSS) to support languages, written from right to left
+- change: far better support of displaying the forum on mobile devices
+- change: translate "Sidebar" to "Barre laterale" in italian language
+- fix: display hours in 24-hours-format in german language
+- fix: display date and time according to the syntax of the PHP DateTimeInterface in arabic language
+- fix: include the column mlf2_entries.last_reply into the select, which is used in the ORDER-BY-clause
+- fix: a few issues in the upgrade script
+
+20240729.1 (2024-07-29)
+-----------------------
+
+- feature: lazy loading of images in forum entries, that are not in the viewport when loading a page with entries
+- feature: add BB-codes [ins], [del] and [s], mainly intended to mark subsequent changes
+- change: new upgrade script, from now on it is possible to use also version 2.4.19 as starting point of an upgrade
+- change: apply database performance enhancements, this was provided by @joeiacoponi1 (thank you)
+- change: enhancements and corrections in a few translations (simplified chinese, traditional chinese, danish, english, french, spanish)
+- change: add new language arabic, this has been contributed by Abdul Salam in the project forum
+- change: unify the use of the pagination link lists (from now on they are shown above and below the page content, where in use)
+- change: set the new source URL for the MathJax CDN, that is recommended by the project
+- change: remove the spam prevention method Bad Behavior because the projects seems to be dead since a longer time
+- change: all tables use now the charset utf8mb4, the previously in some cases used utf8 (a.k.a. utf8mb3) will be deprecated by MySQL in one of the next server main versions
+- change: use the SameSite attribute in cookies
+- fix: resize the columns mlf2_useronline.ip and mlf2_logincontrol.ip to 128  bytes, mlf2_useronline.ip was 15 bytes long and caused HTTP-500-errors in case of visitors with IPv6
+- fix: the mouse cursor should show up as pointer when hovering buttons
+- fix: prevent passwords being sent for spell checking to Google when the content of a password field is shown as plain text
+- fix: a few occurences of dates and times, that did not follow the new time formatting
+- fix: add missing strings for the administration of the Bayes based spam prevention filter (B8)
+- fix: correct a few errors in the HTML-structure of several templates
+- fix: replace function imagerotate with imageflip in the captcha class because imagerotate failed to work in some cases
+- fix: check for existince of a given category before using it in the template
+
+20220803.1 (2022-08-03)
+-----------------------
+
+- feature: support the upload of WebP-images
+- change: semantic HTML-elements on several places and modern CSS-rules (flexboxes instead floating boxes here and there)
+- fix: remove outdated query partsthat tried to access column mlf2_entries.email_notifications
+- fix: ensure, that suígnatures are reliably positioned under all content of a forum entry
+- fix: putting the cursor into the empty search field in the page header and pressing [Enter] led to a PHP warning
+- fix: (partially) When classifying entries in locked threads the get unlocked sometimes, happens more seldom now but there is a remaining corner case to inspect
+- fix: wrong order of altering the column mlf2_userdata.user_email, defining the unique-key for this column before changing its charset to utf8 (without 'mb4') leads to the error of a to long index in some MySQL-versions
+- fix: remove multiple definitions of unique indexes for the columns mlf2_userdata.user_name and mlf2_userdata.user_email in the installation and update scripts, the indexes does not break the structure but they are superfluous
+
+20220529.1 (2022-05-29)
+-----------------------
+
+- feature: show an icon to admins and mods for entries that are not classified as ham or spam, if spam detection service B8 or Akismet is activated
+- change: first overhaul of the main section of forum pages, affects mainly the main views (thread listings) and the administration start page
+- fix: when deleting a user delete also the notification switch in the entries table, normally we use the subscriptions table for this but in forums with entries that was handled with the old subscription handling it may be possible, that there are old subscriptions for registered users left
+
+20220517.1 (2022-05-17)
+-----------------------
+
+- fixed: the feature inactivity notification sent an unlimited number of e-mails, what caused the project domain to get blacklisted; to prevent this for external forum operators, the number of e-mails is now limited to 5 per daily action
+- fixed: because of the fixed height of the page header the user menu was inaccessible on narrow viewports since the change from XHTML 1.0 to HTML (5)
+- the column `mlf2_userdata.user_email` was to large for using an index with charset utf8mb4 on MySQL 5.5 and 5.6, reset it to charset utf8 (3 byte chars only)
+
+20220509.1 (2022-05-09)
+-----------------------
+
+- feature: stick the page footer to the bottom of the viewport with the help of a CSS-flexbox
+- changed: removed CSS-fixes for Internet Explorers 6 and 7 (RIP)
+- changed: replaced main block elements (<div>) for the page with semantic HTML-elements
+- fixed: a syntax error that prevented the update script from working (PR #597)
+- fixed: a wrong used English word (a IMHO typical false friend for native German speakers)
+
+20220508.1 (2022-05-08)
+-----------------------
+
+- feature: provide a forum wide setting to store a target name for breaking out of a frame or iframe (_self, _parent, _top or a given name of a target frame)
+- feature: add BB-code tags for marking text as right-to-left or as left-to-right written
+- feature: unify the HTML-structure of a user name to make it possible to style the HTML-element of the user name in every place with the same CSS-rules
+- feature: provide a user setting to make it possible for users to open links in a forum entry in a new browser window or tab
+- feature: request a reaction of an inactive user or delete the account after an additional waiting time
+- featurette: provide a back-to-top-link on every page and every single forum entry
+- changed: minimal PHP version 7.3
+- changed: compatibility up to PHP 8.1
+- changed: removed the compatibility to ancient browsers down to IE6 from the JavaScript sources
+- updated: upgrade of the external modules, where one was available
+- updated: overhaul of the swedish language file
+- added: language file for Traditional Chinese
+- fixed: database table columns for user names and e-mail-addresses are set to be unique to prevent the use of similar user names (in the meaning of the MySQL-database-system) or the double use of e-mail-addresses
+
+2.4.24 (2020-10-12)
+-------------------
+- fixed: broken layout of the links to the RSS-feed of a single thread in thread.inc.tpl and thread_linear.inc.tpl
+- fixed: unintended text-transform: lowercase; for the link to top of the page in the options of an entry
+- added: add classes for the user type to the thread tree below the entry in the single-entry-view
+
+2.4.23 (2020-09-30)
+-------------------
+- fixed: wrong formatting of the link for a threads own RSS-feed, got broken by the work on formatting the RSS-links in the page footer
+- fixed: the non-English and non-German strings for the to-top-of-page-links had a broken comment part
+
+2.4.22 (2020-09-29)
+-------------------
+- fixed: broken backup restoring function for the entries table, rework of the backup function for better code readability
+- fixed: corrected file size computation for the list of backup files; very small file sizes (up to a few hundred bytes) was shown as "0.00 MB" instead i.e. "0.0006 MB"
+- fixed: remove of since PHP 7.2 deprecated function each(), replaced with foreach()
+- fixed: wrong key name for error message in admin area about an incorrect e-mail-address
+- added: link to top of the page in the page footer and in the options menu of every entry
+- added: backup function for subscriptions and tags
+- added: natural sorting of the tag list, makes sorting case insensitive
+
+2.4.21 (2020-04-25)
+-------------------
+- fixed: regex for e-mail-validation followed a lazy syntax style, that invalidated with PRCE2. which was introduced with PHP 7.3; because of that one was unable to register a new account when running MLF 2.4.x under PHP 7.3 or newer
+- fixed: image URLs in the RSS-feed was specified with only the local, relative path on the domain, we do need a complete URl with protocol, domain and path because the feed reader requests the feed from outside the domain
+
+2.4.99.3 (2019-09-24)
+---------------------
+
+- fixed: show spam entries in the thread tree not for authors of spammy postings
+- fixed: delete the new tables when uninstalling the forum
+
+2.4.99.2 (2019-08-08)
+---------------------
+
+- feature: send the notification mail about a new entry after an entry was manually classified as ham
+- feature: tags can be inserted not only by admins and moderators but also from unregistered and registered users from now on (optional setting)
+- feature: e-mails can be sent with a SMTP-class or via PHP's own mail()-function
+- feature: a regsitered user can decide, if he is contactable for the forum team, for all registered users or for all users and visitors of a forum
+- fixed: the column size of mlf2_tags.tag exceeded the possible index size (768 bytes) when the charset of the column is utf8mb4, limit the column size to 128 chars
+- changed: create all tables with the engine InnoDB
+- changed: list the spam entries in the main view with all elements for manipulation instead listing the entries in the search view
+- changed: when an entry was detected as spam redirect the user to the single-entry-view because the notification can be placed reproducible inside the viewport
+
+2.4.99.1 (2019-06-01)
+---------------------
+
+- feature: restrict access to the user list to the forum team (administrators and moderators)
+- feature: allow topics to be pinned/sticked to the certain category or to all categories
+- feature: change the charset of most of the tables to support 4-byte-characters, i.e. emojis
+- fixed: unify mail encoding, was different depending of the checked characters
+- fixed: added a CSRF-token to posting delete function calls
+- fixed: relative pathes in the src-attribute of images in the RSS feed made the images inaccessible in the feed
+- changed: the quote-message-link is now a button
+
+2.4.20 (2019-05-15)
+-------------------
+- fixed: call for a removed function in the JS-code
+- fixed: inconsistend mail encoding, depended on an input string and could therefore result in wrong encoding, now fixed to the encoding, provided in the language file (normally UTF-8)
+- fixed: missing CSRF-token in case of deleting postings
+
+2.4.99.0 (2019-02-11)
+---------------------
+
+- feature: upload management page in the admin area, list all uploaded images, delete images groupwise
+- feature: information about the user who uploads a new image gets stored in a database table
+- feature: Bayes based spam filter
+- feature: optional TeX support through MathJax library (has to be linked manually)
+- removed: optional TeX support through the Google online service, service got abandoned
+- removed: flash button and flash bb-code
+- fixed: replace while loops with deprecated PHP-function "each" with foreach loops
+
+2.4.19.1 (2019-02-07)
+---------------------
+- fixed: reading the setting next_daily_action failed because of checking for a wrong structure, caused HTTP-status 500 every when and then
+- fixed: function mysqli_fetch_all is not available in every PHP-installation, caused error messages, HTTP-status 500 or white pages in such cases
+
+2.4.19 (2019-02-03)
+-------------------
+- fixed: when editing a posting, an activated subscription can not be saved in the database because of a syntax error on the database query
+- fixed: images, included in a posting, got elongated in the Ajax-preview of a posting
+- changed: a few settings moved to the table mlf2_temp_infos because they are no settings at all
+
+2.4.18.1 (2019-01-14)
+---------------------
+- fixed: table name in install.sql MUST NOT be surrounded by backticks, this makes the prefix replacement during installation impossible; this is only relevant during first installation
+
+2.4.18 (2019-01-13)
+-------------------
+- fixed: unregistered users was not able to subscribe to their own postings because of field user_id being NOT NULL in the subscriptions table
+- fixed: because of failing subscriptions of unregistered users for thread opening postings the thread in itself was broken and not deletable
+- fixed: sending e-mails over the contact form failed because of forgotten function call for form time handling
+- fixed: deleting a posting with subscriptions left orphaned subscriptions because they got not removed from the database
+- fixed: the check for password strength failed when more than one char in a category was required and these chars did not follow one after the other
+- fixed: if one used the thumbnail funtion to include an image to a posting, the image got the right width but was elongated to the complete possible height of the posting.
+- change: the default protocol, used in the JS-prompts for links and images when creating a posting is from now on "https://" instead "http://"
+- change: changed the language strings, key: show_spam_link, for english and german language, led to danger of confusion ("show spam (no. of entries)" vs. "list spam") (enahncement for admins and mods)
+- change: the update script disables the forum during the database operations of the update and reenables it afterwards (admin only feature), at the moment it got enabled before one updates the files and folders; @admins: please check the status after an update in the settings page
+
+2.4.17 (2019-01-06)
+-------------------
+- fixed: set the decimal point as fix char because different decimal separators (i.e. comma in german language) causes errors in floating number operations in PHP
+- fixed: the checkbox for the Flash-bb-code-setting got reintroduced (will definitely get removed with version 2.5, change was removed by accident in the 2.4.x-branch)
+- fixed: remove the confirm-password-field from the form for change ones own password, function was removed for the other forms in versions 2.4.16
+- feature: minimal and maximal time between requesting a form and sending the filled form back to the forum-server as separate settings for posting form, e-mail form and registration form
+- feature: a user is from now on able to close her/his own forum account, until now this was only possible for the admin/forum operator
+- feature: a by the registered users granted acceptance to the terms of use and/or the data privacy statement can be recalled and a newly acceptance can be enforced for the case of changes in the terms of use and/or the data privacy statement
+- feature: further possible requirements for password quality (enforce a number of lowercase and/or capital letters, ciphers and/or "special" chars), disabled by default
+- change: removed the JS-function to create the bb-code [msg] for forum entries, it needed a blacklist of not covered exceptions that was incomplete; entries will from now on handled as [link] or [url] like all other links; existing msg-bb-codes will still get interpreted
+- change: not selected checkboxes and radio buttons in the settings forms of the admin panel will not grayed out from now on, was a misleading UI-feature because the form fields looked like disabled but was still accessible
+
+2.4.16 (2018-12-07)
+-------------------
+- fixed: do not create a list item for a non existing bookmark tag for the users bookmark list
+- fixed: errorneous use of a hardcoded table name that led to failing read attempts of a users subscriptions
+
+2.4.15 (2018-11-30)
+-------------------
+- fixed: entries could not be edited
+- fixed: subscribung to or unsubscribing from an entry was not possible when saving the edit of an entry
+
+2.4.14 (2018-11-26)
+-------------------
+- fixed: several forms in the admin area lacked the CSRF-token
+- fixed: remove underscores from "data privacy statement" in the language files
+- fixed: removed the workaround of setting the language to en-us in the turkish language file, underlying problem was solved with PHP5.2
+- feature: add a checkbox to make the password visible for input verification during registration, remove therefore the second password field
+- feature: add a unsubscribe link to the e-mails with a notification about a new reply
+- feature: add a new table to store the subscriptions independent from the entry in itself
+- feature: allow SVG-graphics as smilies, graphics have to be uploaded per FTP
+- update: danish language file updated by project-forum-user Tommy Nillson
+- update: norwegian language file updated by Github-user @flatnick
+
+2.4.13 (2018-08-12)
+-------------------
+- fixed: icon for Ajax-preview of an entry was not displayed, if the entry is locked
+- fixed: reordering registration-form fields because firefox users could be unable to register dependent from the browser settings (prefilled form fields)
+- fixed: status of the checkbox for accepting the data privacy statement got lost when previewing the entry
+- fixed: display data privacy statement in a popup like the terms of use in case of an entry from an unregistered user
+- fixed: missing fields for the dates of the acceptance of the terms of use and the data privacy statement in the backup script for the user data
+- fixed: set a birthday date in single quotes in the backup script for the user data
+- fixed: remove field mlf2_entries.tags from the backup script for the forum entries because it does no longer exist
+- fixed: masked an occurence of single quotes in the german language file
+- fixed: set the forums own e-mail-address as sender of an e-mail in every case, set a possibly given divergent address as Reply-To-header; prevents not sending e-mails because of not matching domain names (forum domain versus domain part of an e-mail-address)
+
+2.4.12 (2018-06-29)
+-------------------
+- fixed array of update targets for versions 2.4.10 and 2.4.11 because versions from 2.3.5 to 2.3.7 got no update of the table structure
+
+2.4.11 (2018-06-25)
+-------------------
+- fixed: used the wrong setting for the terms-of-use-URL in the new template user_agreement.inc.tpl because of a copy'n'paste error, one was unable to read the terms of use before accepting it
+- fixed: a lost underscore in the admin template
+
+2.4.10 (2018-06-13)
+-------------------
+- fixed: the russian language had a few syntax errors, introduced with the reformatting of the language files (2.4.7)
+- fixed: the version check in the admin panel was broken, when the update was executed before the forum itself found the new version on Github
+- fixed: the meta element for the charset definition moved to top of the title to apply also for the title
+- feature: make it possible to force an agreement to a data privacy statement in the same manner as with the terms of rules
+- feature: store the date of the agreement (data privacy statement and/or terms of use) with the users data
+- feature: enforce a new agreement to adata privacy statement and/or terms of use with the deletion of the timestamp of the old agreement (no user interface yet!)
+- change: actualised Bad Behavior from 2.2.19 to version 2.2.20
+- change: actualised GesHi from 1.0.8.11 to version 1.0.9
+- change: actualised Smarty from 3.1.30 to version 3.1.32
+- change: because of the minimal system requirement for Bad Behavior the minimal MySQL version raises to 5.0
+
+2.4.9 (2018-04-13)
+------------------
+- fixed: use the function get_avatar also in the admin panel, used before only the code for the old file name scheme whcih leads to only displaying avatars with names in this old name scheme
+- fixed: avatar field in the user data form of the admin panel had no label because of missing string in the language files
+- fixed: adapt changed URL-parameter behaviour for folding threads to the JS-sources, didn't work with the switch instead the toggle
+- fixed: changed long date format for german language to month as number with leading zero, out written month name "März" can cause encoding problem on some servers
+- fixed: the deletion of entries about read postings was broken in the case of deletion after X days, used the old and removed setting name read_state_expiration_date instead read_state_expiration_value
+- added: sentence about automatic generation of e-mails to inform about new entries
+- added: make the mouse cursor a hand (pointer) when hovering over a (visible) label element
+- added: put pixel dimensions of uploaded images into the HTMl source, when included in entries, prevents page jumping during load process for only this case(!)
+
+2.4.8 (2018-02-18)
+------------------
+- fixed double closing tag of a select in the admin.inc.tpl
+- fixed the use of a table alias in a database query that caused a MySQL error
+- removed a few empty lines in the code in search.inc.php because some of them caused headers-sent-erros
+- fixed the use of a wrong variable name in bookmark.inc.php
+- fixed forgotten masking of single quotes, used as apostrophe in the german language file
+- fixed wrong cases range for partial backups, the three cases that was introduced in the 2.4-branch wasn't recognised as valid
+- fixed the invalid use of column name tags in the entries table because the column no longer exists
+- fixed wrong path names of files that have to be updated in the update to version 2.4.7, yet relevant because of updates from earlier versions
+- fixed superfluous column name "tags" in create statement of table mlf2_entries
+- added the version number of the minimal required PHP-version
+- added CSRF-tokens to user_edit.inc.tpl, user_edit_email.inc.tpl, user_edit_pw.inc.tpl and the corresponding code in user.inc.php
+- added the links to the original project site and forum again, was changed to the interim site and forum because of the temporary inaccessibility of the original site
+- added danish language file, translation by Tommy Nielsson (tommy@jernbanen.dk)
+- added a rework of the swedish language file, mainly based on the work of Tommy Nielsson (tommy@svenska-lok.se)
+- replace "Bookmarks" with "Lesezeichen" in the german language file
+- removed a few line breaks and spaces at a line end in bookmarks.inc.tpl
+- removed a size attribute in an input submit button
+
+2.4.7 (2018-01-05)
+------------------
+- fixed database issue because of the obsolete field *_userdata.entries_read, can cause error in some database configurations
+- fixed the use of a wrong string for too long user name in the create-new-user-function of the admin panel
+- fixed an check for existence of categories in the main script, can cause error in PHP 7.2 when no categories are present
+- fixed handling of not given birthday date, set it to NULL in that case, can cause error in some MySQL-configurations
+- added redirect to the last page, one has visited, after the users login
+- added the availability of tags to the bookmark function
+- added new tables for tag handling, existing tags for postings will be handed over to one of the new tables
+- added a few fields as honeypots for spammers to the registration and the posting form
+- changed handling of the URL-parameters 'fold_threads', 'toggle_view' and 'toggle_thread_view', are not toggles anymore, fix reproducible behaviour for every value instead
+
+2.4.6 (2017-11-05)
+------------------
+- fix for displaying the new version number after update in the update script itself
+- fix for missing rules for visited links in the list of latest entries
+- fix for wrong syntax in the meta element "referrer", that was introduced in version 2.4.5 (author: https://github.com/Romchik)
+- removed doubled title attributes (author: https://github.com/Romchik)
+- rework of the HTML-structure in the side- and bottombar, removal of a few obsolete CSS-rules
+- refactoring of the *.inc.php-files, better readability for future development, no functional changes at that point
+- fix for broken toggling of check for banned IPs or user agents, should toggle automatically when listing bans but didn't
+- fix broken query for reading user data for notification in case of account creation through the admin
+- fix for doubled key in the german language file
+- fix for ordering of user data lists when sorted by the user names, collation led to sorting in the order names beginning with numbers, capital letters and in the end low letters, now capitals and low letters are sorted mixed in their natural order
+
+2.4.5 (2017-10-09)
+------------------
+- fix for wrong variable name in the function getMessageStatus
+- removed orphaned code fragment, was never used
+- add a meta element named "referrer", that causes not sending a referrer when open an external link or (for older browsers) sending a referrer with onlythe domain part, it's a small contribution for forum users privacy
+
+2.4.4 (2017-10-03)
+------------------
+- fix for by mistake overwritten user type
+- fix for not accepted email addresses with a TLD longer than four chars
+- fix for not marking the opening message of a thread as new if the thread is folded and a new answer was posted
+- make the error message of the update script for wrong or non existing file config/VERSION more descriptive
+
+2.4.3 (2017-07-09)
+------------------
+- fix for lost CSS-rule for element #image-canvas
+- fix, remove graphical separator for link list
+- fix cache handling, newer IE-versions was not taken into account
+- fix marking as unread for visited entries which was dropped from the list of visited entries
+- fix collation of the user name field to distinguish between "a" and "ä" (examlpe)
+- fix doubled key in the language files
+- prepopulate the field for the forum-URL in the installation script with the protocol which is actually in use
+- add indices to several database tables to speed up the loading time of the forum
+- enhanced handling of read status (new setting for selection of handling scheme), in general higher values
+
+2.4.2 (2017-03-12)
+------------------
+- fixed the installation of the settings table without a PK on the column 'name' (in update procedure since 2.3.99.1)
+- fixed the lack of the third gender-radio-button in the user editing form of the admin area
+- fixed the undesirably setting of class .read for not registered and not logged in visitors of a forum
+- added alphabetical ordering of the list of files and directories that has to be updated
+
 2.4.1 (2017-02-20)
 ------------------
 - fixed a lost 'a' in the defaults template style.css, only relevant, when using style.css instead style.min.css

README.md

@@ -1,20 +1,160 @@
-my little forum
-===============
+# my little forum
 
-<a href="http://mylittleforum.net/">my little forum</a> is a simple PHP and MySQL based internet forum that displays the messages in classical threaded view (tree structure). It is Open Source licensed under the GNU General Public License. The main claim of this web forum is simplicity. Furthermore it should be easy to install and run on a standard server configuration with PHP and MySQL.
+[my little forum](https://mylittleforum.net/) is a simple PHP and MySQL based internet forum that displays the messages in classical threaded view (tree structure). It is Open Source licensed under the GNU General Public License. The main claim of this web forum is simplicity. Furthermore it should be easy to install and run on a standard server configuration with PHP and MySQL.
 
-* <a href="https://github.com/ilosuna/mylittleforum/wiki">More about my little forum</a>
-* <a href="http://mylittleforum.net/forum/">Demo and project discussion forum</a>
+* [More about my little forum](https://github.com/My-Little-Forum/mylittleforum/wiki)
+* [Demo and project discussion forum](https://mylittleforum.net/forum/)
 
-System requirements
--------------------
+## System requirements
 
-* Webserver with PHP >= 5.2 and MySQL >= 4.1
+- Webserver with PHP >= 7.3
+- MySQL >= 5.7.7 or MariaDB >= 10.2.2
 
-Installation
-------------
+## Features
+
+### General
+
+- thread based forum script
+- optional restriction of access to writing and/or reading entries to registered users only
+- user management
+- categories
+- forum script is highly configurable
+- theming support, using [Smarty](https://www.smarty.net/) as template language
+- data storage in a MySQL or MariaDB database
+- currently 14 available languages (more or less complete) with the strings for the user interface
+    - arabic (beta)
+    - simplified chinese
+    - traditional chinese
+    - croatian
+    - danish
+    - english (default if not set otherwise during the installation)
+    - french
+    - german
+    - italian
+    - norwegian
+    - russian
+    - spanish
+    - swedish
+    - tamil
+    - turkish
+- since version 20220508.1 (2.5.0) the forum can store the whole utf-8-range including emojis 🎉
+- formatting of entries with BB-codes, most BB-codes are accessible by buttons, the system is extendable
+    - common text formatting (bold, italic, strike through and so on)
+    - coloured text, text size
+    - links
+    - images
+    - code exapmles
+    - preformatted text
+    - mathematical formulas, realised with LaTex (optional with including the MathJax library)
+
+### Main views
+
+- paginated main view with a configurable count of threads per page
+- general and user based configuration for a thread view or a table view, second looking more message board like
+- optional list of latest X entries
+- optional tag cloud
+- management functions for administrators and moderators
+
+### Forum entries
+
+- allowing or forbidding creation of forum posts by unregistered users (restricting it to registered users only)
+- allowing or forbidding time based editing of forum posts after their initial saving
+- displaying the time of the last editing and the editors user name of a posting, optionally hiding it in case of editing by a moderator or administrator
+
+### Entry view
+
+- three possible views of forum entries
+    - single entry view with the thread structure shown like in the main views below the entry
+    - nested entry view with all entries of the thread indented according to their thread nesting level
+    - flat entry view ordered by their posting dates like in a message board
+
+### Categories
+
+- optional creation of categories
+- restricting access to certain categories to registered users or to administrators and moderators
+- management of categories
+    - sorting of the existing categories for the selection in the user interface
+    - renaming a category
+    - deleting an category
+    - changing the access restrictions
+
+### Spam prevention
+
+- optional Bayed based content categorisation as ham or spam for forum posts and/or e-mails, to be sent over the contact form (*local service*)
+- ~~optional spam prevention with Bad behavior (*local service*)~~ removed with version 20240729.1 because the project is dead
+- optional bad word list (*local service*)
+- optional blacklist for certain IPs and IP-ranges (*local service*)
+- optional blacklist for user agents (*local service*)
+- optional check of e-mail-addresses during the registration process with Stop Forum Spam (*external service*)
+- optional content check of forum posts and/or e-mails, to be sent over the contact form, with Akismet (*external service*)
+- perform the activated checks only for content of unregistered visitors or also for content of registered users (if check is applicable)
+
+### User account management
+
+- optional user registration
+- options to registering an account by one self or by restricting the registration to be done by an administrator
+- enforcement of a consent to the terms of use and/or the privacy policy, date of consent will be saved with the user data
+- enforcement of a renewed consent in case of changes in one of these documents
+- in general three possible user ranks (beside unregistered visitors) with different permissions and restrictions
+    - registered user
+    - moderator
+    - administrator
+- user profile with optional …
+    - … avatar
+    - … signature
+    - … profile information
+    - … website
+    - … location
+    - … birthday
+    - … sex/gender
+- technical user settings
+    - password
+    - e-mail-address
+    - deleting the account
+    - extent of e-mail-contact
+        - user is contactable only by the forum team
+        - user is contactable by all registered users
+        - or the whole forum audience
+    - user based category selection (if categories are defined)
+    - user based choice of the user interface language
+    - user based choice of the time zone
+    - user based choice of how links are opened
+        - open all links based on the forum setting (set by the forum administrator)
+        - open all links in the currently active browser window/tab
+        - open only links to external sites in a new browser window/tab
+        - open all links in a new browser window/tab
+    - for moderators and administrators: e-mail-notification about new forum posts and/or registration of new users
+- for administrators: separate user management list with the following functions
+    - adding new users
+    - editing the data of a single user
+    - deleting single users
+    - deleting uxsers according to definable criteria
+    - reset previous consents to the terms of use and/or the privacy policy because of changes in one or the other document
+
+### Additional pages
+
+- creation of website pages as supplement to the forum, in example a help page, the terms of use or the privacy policy
+- formatting the pages content with HTML and the CSS rules of the applied forum theme
+- pages have a fix URL and a link can optionally be displayed in the user menu
+
+## Installation
 
 1. Unzip the script package.
 2. Upload the complete folder "forum" to your server.
 3. Depending on your server configuration the write permissions of the subdirectory templates_c (CHMOD 770, 775 or 777) and the file config/db_settings.php (CHMOD 666) might need to be changed in order that they are writable by the script.
 4. Run the installation script by accessing yourdomain.tld/forum/install/ in your web browser and follow the instructions.
+5. Remove the directory "install" from your installation of My Little Forum.
+6. Change the write permissions for config/db_settings.php to (CHMOD 440), what prevents reading the files content for unauthorised users
+
+## Upgrade
+
+1. Download the new package.
+2. Unzip the script package.
+3. Upload the folder "update" into the main folder of the forum installation.
+4. Upload the file "config/VERSION" to the folder "config" of the forum installation. An existing file VERSION will be overwritten.
+5. Login as forum administrator and go to the admin area
+6. Open the link "Update", you will see a list of available update script files below the instructions. It is possible, that there are more than one items listed, because old, outdated update files never got deleted from the server.
+7. Open the link to the currently valid update script.
+8. Insert the password of your administrator account to confirm the run of the update script.
+9. On the following page you'll get the success message for step one of the update (database operations) or an error message. In case of success you'll see a list of all script files that changed between your and the new version. You have to load up all the listed files and directories to your webspace (this is because not every file got altered with every version). After loading all changed files and directories of the new version to your webspace, you are done. If you encountered errors, please report it instantaneously [in the project forum](https://mylittleforum.net/forum/) or open an [issue on Github](https://github.com/My-Little-Forum/mylittleforum/issues).
+

config/VERSION

@@ -1 +1 @@
-2.4.1
+20250323.1

config/b8_config.php

@@ -0,0 +1,45 @@
+<?php
+if (!defined('IN_INDEX')) {
+	header('Location: ../index.php');
+	exit;
+}
+
+/** config for b8 filter **/
+$B8_CONFIG_LEXER = array(
+	'min_size'      => 3,
+	'max_size'      => 30,
+	'allow_numbers' => FALSE,
+	'get_html'      => TRUE,
+	'get_uris'      => TRUE,
+	'get_bbcode'    => FALSE
+);
+
+$B8_CONFIG_DEGENERATOR = array(
+	'encoding'  => isset($lang['charset']) ? $lang['charset'] : 'UTF-8',
+	'multibyte' => function_exists('mb_strtolower') && function_exists('mb_strtoupper') && function_exists('mb_substr')
+);
+
+/** config for new b8 version **/
+$B8_CONFIG_DATABASE_TYPE = array(
+	'storage' => 'mysql'
+);
+
+$B8_CONFIG_STORAGE = array(
+	'resource' => new mysqli($db_settings['host'], $db_settings['user'], $db_settings['password'], $db_settings['database']),
+	'table'    => $db_settings['b8_wordlist_table']
+);
+
+/** config for old b8 version **/
+$B8_CONFIG_DATABASE = array(
+	'storage' => 'mysqli'
+);
+
+$B8_CONFIG_AUTHENTICATION = array(
+	'database'   => $db_settings['database'],
+	'table_name' => $db_settings['b8_wordlist_table'],
+	'host'       => $db_settings['host'],
+	'user'       => $db_settings['user'],
+	'pass'       => $db_settings['password']
+);
+/** config for b8 filter **/
+?>

config/db_settings.php

@@ -11,19 +11,27 @@ $db_settings['user'] = '';
 // Database password:
 $db_settings['password'] = '';
 
-// Database tables (normally not necessary to edit): 
-$db_settings['settings_table'] =       'mlf2_settings';
-$db_settings['forum_table'] =          'mlf2_entries';
-$db_settings['category_table'] =       'mlf2_categories';
-$db_settings['userdata_table'] =       'mlf2_userdata';
-$db_settings['smilies_table'] =        'mlf2_smilies';
-$db_settings['pages_table'] =          'mlf2_pages';
-$db_settings['banlists_table'] =       'mlf2_banlists';
-$db_settings['useronline_table'] =     'mlf2_useronline';
-$db_settings['login_control_table'] =  'mlf2_logincontrol';
-$db_settings['entry_cache_table'] =    'mlf2_entries_cache';
+// Database tables (normally not necessary to edit):
+$db_settings['settings_table']       = 'mlf2_settings';
+$db_settings['forum_table']          = 'mlf2_entries';
+$db_settings['category_table']       = 'mlf2_categories';
+$db_settings['userdata_table']       = 'mlf2_userdata';
+$db_settings['smilies_table']        = 'mlf2_smilies';
+$db_settings['pages_table']          = 'mlf2_pages';
+$db_settings['banlists_table']       = 'mlf2_banlists';
+$db_settings['useronline_table']     = 'mlf2_useronline';
+$db_settings['login_control_table']  = 'mlf2_logincontrol';
+$db_settings['entry_cache_table']    = 'mlf2_entries_cache';
 $db_settings['userdata_cache_table'] = 'mlf2_userdata_cache';
-$db_settings['bookmark_table'] =       'mlf2_bookmarks';
-$db_settings['read_status_table'] =    'mlf2_read_entries';
-$db_settings['temp_infos_table'] =     'mlf2_temp_infos';
+$db_settings['bookmark_table']       = 'mlf2_bookmarks';
+$db_settings['read_status_table']    = 'mlf2_read_entries';
+$db_settings['temp_infos_table']     = 'mlf2_temp_infos';
+$db_settings['tags_table']           = 'mlf2_tags';
+$db_settings['bookmark_tags_table']  = 'mlf2_bookmark_tags';
+$db_settings['entry_tags_table']     = 'mlf2_entry_tags';
+$db_settings['subscriptions_table']  = 'mlf2_subscriptions';
+$db_settings['b8_wordlist_table']    = 'mlf2_b8_wordlist';
+$db_settings['b8_rating_table']      = 'mlf2_b8_rating';
+$db_settings['akismet_rating_table'] = 'mlf2_akismet_rating';
+$db_settings['uploads_table']        = 'mlf2_uploads';
 ?>

config/php_mailer.php

@@ -0,0 +1,23 @@
+<?php
+if (!defined('IN_INDEX')) {
+	header('Location: ../index.php');
+	exit;
+}
+
+/** config for PHPMailer **/
+// Please read https://github.com/PHPMailer/PHPMailer/blob/master/src/PHPMailer.php 
+// for further configuration properties
+$PHP_MAILER_CONFIG = array(
+	'Mailer'		=> 'smtp',				// 'smtp', 'mail', 'sendmail' or 'qmail'
+	'Port'			=> '587',				// well-known ports are 25 (default), 587 (TLS) or 465 (SSL)
+	'SMTPSecure'	=> 'tls',				// '', 'tls' or 'ssl'
+	'ContentType'	=> 'text/plain',		// 'text/plain' or 'text/html'
+	'Encoding'		=> 'quoted-printable',	// '8bit', '7bit', 'binary', 'base64', and 'quoted-printable'
+	'CharSet'		=> 'utf-8',				// 'iso-8859-1' or 'utf-8'
+	'SMTPAuth'		=> true,				// true, for SMTP authentication via username/password
+	'Host'			=> 'smtp.example.org',  	
+	'Username'		=> 'mail@example.org', 
+	'Password'		=> 'secret password'			
+);
+/** config for PHPMailer **/
+?>

includes/account_locked.inc.php

@@ -1,12 +1,11 @@
 <?php
-if(!defined('IN_INDEX'))
- {
-  header('Location: ../index.php');
-  exit;
- }
+if (!defined('IN_INDEX')) {
+	header('Location: ../index.php');
+	exit;
+}
 
-$smarty->assign('message','user_locked_message');
-$smarty->assign('subnav_location','subnav_locked');
-$smarty->assign('subtemplate','info.inc.tpl');
+$smarty->assign('message', 'user_locked_message');
+$smarty->assign('subnav_location', 'subnav_locked');
+$smarty->assign('subtemplate', 'info.inc.tpl');
 $template = 'main.tpl';
 ?>

includes/auto_login.inc.php

@@ -1,108 +1,87 @@
 <?php
-if(!defined('IN_INDEX'))
- {
-  header('Location: ../index.php');
-  exit;
- }
+if (!defined('IN_INDEX')) {
+	header('Location: ../index.php');
+	exit;
+}
 
-if(empty($_SESSION[$settings['session_prefix'].'user_id']) && isset($_COOKIE[$settings['session_prefix'].'auto_login']) && isset($settings['autologin']) && $settings['autologin'] == 1)
- {
-  $auto_login_code = substr($_COOKIE[$settings['session_prefix'].'auto_login'],0,50);
-  $auto_login_id = intval(substr($_COOKIE[$settings['session_prefix'].'auto_login'],50));
-  if(isset($auto_login_id) && $auto_login_id>0 && isset($auto_login_code) && trim($auto_login_code)!='')
-   {
-    $result = mysqli_query($connid, "SELECT user_id, user_name, user_pw, user_type, UNIX_TIMESTAMP(last_login) AS last_login, UNIX_TIMESTAMP(last_logout) AS last_logout, thread_order, user_view, sidebar, fold_threads, thread_display, category_selection, auto_login_code, activate_code, language, time_zone, time_difference, theme FROM ".$db_settings['userdata_table']." WHERE user_id = ".intval($auto_login_id)) or raise_error('database_error',mysqli_error($connid));
-    if(mysqli_num_rows($result)==1)
-     {
-      $feld = mysqli_fetch_array($result);
-      if(strlen($feld['auto_login_code'])==50 && $auto_login_code==$feld['auto_login_code'] && trim($feld['activate_code']==''))
-       {
-        $user_id = $feld['user_id'];
-        $user_name = $feld['user_name'];
-        $user_type = $feld['user_type'];
-        $usersettings['newtime'] = $feld['last_logout'];
-        $usersettings['user_view'] = $feld['user_view'];
-        $usersettings['thread_order'] = $feld['thread_order'];
-        $usersettings['sidebar'] = $feld['sidebar'];
-        $usersettings['fold_threads'] = $feld['fold_threads'];
-        $usersettings['thread_display'] = $feld['thread_display'];
-        $usersettings['page'] = 1;
-        $usersettings['category'] = 0;
-        $usersettings['latest_postings'] = 1;
+if (empty($_SESSION[$settings['session_prefix'].'user_id']) && isset($_COOKIE[$settings['session_prefix'].'auto_login']) && isset($settings['autologin']) && $settings['autologin'] == 1) {
+	$auto_login_code = substr($_COOKIE[$settings['session_prefix'].'auto_login'], 0, 50);
+	$auto_login_id = intval(substr($_COOKIE[$settings['session_prefix'].'auto_login'], 50));
+	if (isset($auto_login_id) && $auto_login_id > 0 && isset($auto_login_code) && trim($auto_login_code) != '') {
+		$result = mysqli_query($connid, "SELECT user_id, user_name, user_pw, user_type, UNIX_TIMESTAMP(last_login) AS last_login, UNIX_TIMESTAMP(last_logout) AS last_logout, thread_order, user_view, sidebar, fold_threads, thread_display, category_selection, browser_window_target, auto_login_code, activate_code, language, time_zone, time_difference, theme FROM ". $db_settings['userdata_table'] ." WHERE user_id = ". intval($auto_login_id)) or raise_error('database_error', mysqli_error($connid));
+		if (mysqli_num_rows($result) == 1) {
+			$feld = mysqli_fetch_array($result);
+			if (strlen($feld['auto_login_code']) == 50 && $auto_login_code == $feld['auto_login_code'] && empty($feld['activate_code'])) {
+				$user_id = $feld['user_id'];
+				$user_name = $feld['user_name'];
+				$user_type = $feld['user_type'];
+				$usersettings['newtime'] = $feld['last_logout'];
+				$usersettings['user_view'] = $feld['user_view'];
+				$usersettings['thread_order'] = $feld['thread_order'];
+				$usersettings['sidebar'] = $feld['sidebar'];
+				$usersettings['fold_threads'] = $feld['fold_threads'];
+				$usersettings['thread_display'] = $feld['thread_display'];
+				$usersettings['browser_window_target'] = $feld['browser_window_target'];
+				$usersettings['page'] = 1;
+				$usersettings['category'] = 0;
+				$usersettings['latest_postings'] = 1;
 
-        if(!is_null($feld['category_selection']))
-         {
-          $category_selection = explode(',',$feld['category_selection']);
-          $usersettings['category_selection'] = $category_selection;
-         }
+				if (!is_null($feld['category_selection'])) {
+					$category_selection = explode(',', $feld['category_selection']);
+					$usersettings['category_selection'] = $category_selection;
+				}
 
-        if($feld['language']!='')
-          {
-           $languages = get_languages();
-           if(isset($languages) && in_array($feld['language'], $languages))
-            {
-             $usersettings['language'] = $feld['language'];
-             $language_update = $feld['language'];
-            }
-          }
-        if(empty($language_update)) $language_update = '';
+				if ($feld['language'] != '') {
+					$languages = get_languages();
+					if (isset($languages) && in_array($feld['language'], $languages)) {
+						$usersettings['language'] = $feld['language'];
+						$language_update = $feld['language'];
+					}
+				}
+				if (empty($language_update)) $language_update = '';
 
-        if($feld['theme']!='')
-          {
-           $themes = get_themes();
-           if(isset($themes) && in_array($feld['theme'], $themes))
-            {
-             $usersettings['theme'] = $feld['theme'];
-             $theme_update = $feld['theme'];
-            }
-          }
-        if(empty($theme_update)) $theme_update = '';
+				if ($feld['theme'] != '') {
+					$themes = get_themes();
+					if(isset($themes) && in_array($feld['theme'], $themes)) {
+						$usersettings['theme'] = $feld['theme'];
+						$theme_update = $feld['theme'];
+					}
+				}
+				if (empty($theme_update)) $theme_update = '';
 
-        if($feld['time_zone']!='')
-          {
-           if(function_exists('date_default_timezone_set') && $time_zones = get_timezones())
-            {
-             if(in_array($feld['time_zone'], $time_zones))
-              {
-               $usersettings['time_zone'] = $feld['time_zone'];
-               $time_zone_update = $feld['time_zone'];
-              }
-            }
-          }
-        if(empty($time_zone_update)) $time_zone_update = '';
+				if ($feld['time_zone'] != '') {
+					if (function_exists('date_default_timezone_set') && $time_zones = get_timezones()) {
+						if (in_array($feld['time_zone'], $time_zones)) {
+							$usersettings['time_zone'] = $feld['time_zone'];
+							$time_zone_update = $feld['time_zone'];
+						}
+					}
+				}
+				if (empty($time_zone_update)) $time_zone_update = '';
 
-        if(!empty($feld['time_difference'])) $usersettings['time_difference'] = $feld['time_difference'];
+				if (!empty($feld['time_difference'])) $usersettings['time_difference'] = $feld['time_difference'];
 
-        $_SESSION[$settings['session_prefix'].'user_id'] = $user_id;
-        $_SESSION[$settings['session_prefix'].'user_name'] = $user_name;
-        $_SESSION[$settings['session_prefix'].'user_type'] = $user_type;
-        $_SESSION[$settings['session_prefix'].'usersettings'] = $usersettings;
+				$_SESSION[$settings['session_prefix'].'user_id'] = $user_id;
+				$_SESSION[$settings['session_prefix'].'user_name'] = $user_name;
+				$_SESSION[$settings['session_prefix'].'user_type'] = $user_type;
+				$_SESSION[$settings['session_prefix'].'usersettings'] = $usersettings;
 
-        @mysqli_query($connid, "UPDATE ".$db_settings['userdata_table']." SET logins=logins+1, last_login=NOW(), last_logout=NOW(), user_ip='".mysqli_real_escape_string($connid, $_SERVER['REMOTE_ADDR'])."', pwf_code='', language='".mysqli_real_escape_string($connid, $language_update)."', time_zone='".mysqli_real_escape_string($connid, $time_zone_update)."', theme='".mysqli_real_escape_string($connid, $theme_update)."' WHERE user_id=".intval($user_id));
+				@mysqli_query($connid, "UPDATE ". $db_settings['userdata_table'] ." SET logins=logins+1, last_login=NOW(), last_logout=NOW(), `inactivity_notification` = FALSE, user_ip='". mysqli_real_escape_string($connid, $_SERVER['REMOTE_ADDR']) ."', pwf_code='', language='". mysqli_real_escape_string($connid, $language_update) ."', time_zone='". mysqli_real_escape_string($connid, $time_zone_update) ."', theme='". mysqli_real_escape_string($connid, $theme_update) ."' WHERE user_id=". intval($user_id));
 
-        // auto delete spam:
-        if($user_type>0 && $settings['auto_delete_spam']>0) @mysqli_query($connid, "DELETE FROM ".$db_settings['forum_table']." WHERE time < (NOW() - INTERVAL ".$settings['auto_delete_spam']." HOUR) AND spam=1");
-        setcookie($settings['session_prefix'].'auto_login',$_COOKIE[$settings['session_prefix'].'auto_login'],TIMESTAMP+(3600*24*$settings['cookie_validity_days']));
-        if($db_settings['useronline_table'] != "")
-         {
-          @mysqli_query($connid, "DELETE FROM ".$db_settings['useronline_table']." WHERE ip = '".$_SERVER['REMOTE_ADDR']."'");
-         }
-       }
-      else
-       {
-        if($settings['temp_block_ip_after_repeated_failed_logins'] > 0) count_failed_logins();
-        setcookie($settings['session_prefix'].'auto_login','',0);
-       }
-     }
-    else
-     {
-      if($settings['temp_block_ip_after_repeated_failed_logins'] > 0) count_failed_logins();
-      setcookie($settings['session_prefix'].'auto_login','',0);
-     }
-    }
-   else
-    {
-     if($settings['temp_block_ip_after_repeated_failed_logins'] > 0) count_failed_logins();
-     setcookie($settings['session_prefix'].'auto_login','',0);
-    }
- }
+				setcookie($settings['session_prefix'].'auto_login', $_COOKIE[$settings['session_prefix'].'auto_login'], cookie_options(TIMESTAMP + (3600 * 24 * $settings['cookie_validity_days'])));
+				if ($db_settings['useronline_table'] != "") {
+					@mysqli_query($connid, "DELETE FROM ". $db_settings['useronline_table'] ." WHERE ip = '". mysqli_real_escape_string($connid, $_SERVER['REMOTE_ADDR']) ."'");
+				}
+			} else {
+				if ($settings['temp_block_ip_after_repeated_failed_logins'] > 0) count_failed_logins();
+				setcookie($settings['session_prefix'].'auto_login', '', cookie_options(0));
+			}
+		} else {
+			if ($settings['temp_block_ip_after_repeated_failed_logins'] > 0) count_failed_logins();
+			setcookie($settings['session_prefix'].'auto_login', '', cookie_options(0));
+		}
+	} else {
+		if($settings['temp_block_ip_after_repeated_failed_logins'] > 0) count_failed_logins();
+		setcookie($settings['session_prefix'].'auto_login','', cookie_options(0));
+	}
+}

includes/avatar.inc.php

@@ -7,13 +7,13 @@ if(!defined('IN_INDEX')) {
 // upload folder:
 $uploaded_images_path = 'images/avatars/';
 
-if($settings['avatars']>0 && isset($_SESSION[$settings['session_prefix'].'user_id'])) {
+if ($settings['avatars'] > 0 && isset($_SESSION[$settings['session_prefix'].'user_id'])) {
 	$avatarInfo = getAvatar($_SESSION[$settings['session_prefix'].'user_id']);
 	$filename = $avatarInfo === false ? false : $avatarInfo[1];
-	
+
 	// remove existing avatar
-	if(isset($_GET['delete'])) {
-		if($filename !== false && file_exists($uploaded_images_path.$filename)) {
+	if (isset($_POST['delete'])) {
+		if ($filename !== false && file_exists($uploaded_images_path.$filename)) {
 			@chmod($uploaded_images_path.$filename, 0777);
 			@unlink($uploaded_images_path.$filename);
 		}
@@ -22,7 +22,7 @@ if($settings['avatars']>0 && isset($_SESSION[$settings['session_prefix'].'user_i
 	}
 
 	// upload a new avatar
-	if(isset($_FILES['probe']) && $_FILES['probe']['size'] != 0 && !$_FILES['probe']['error']) {
+	if (isset($_FILES['probe']) && $_FILES['probe']['size'] != 0 && !$_FILES['probe']['error']) {
 		unset($errors);
 		$image_info = getimagesize($_FILES['probe']['tmp_name']);
 
@@ -30,7 +30,6 @@ if($settings['avatars']>0 && isset($_SESSION[$settings['session_prefix'].'user_i
 
 		if(empty($errors)) {
 			if($_FILES['probe']['size'] > $settings['avatar_max_filesize']*1000 || $image_info[0] > $settings['avatar_max_width'] || $image_info[1] > $settings['avatar_max_height']) {
-				#$compression = 10;
 				$width  = $image_info[0];
 				$height = $image_info[1];
 
@@ -97,37 +96,35 @@ if($settings['avatars']>0 && isset($_SESSION[$settings['session_prefix'].'user_i
 				@move_uploaded_file($_FILES['probe']['tmp_name'], $uploaded_images_path.$filename) or $errors[] = 'upload_error';
 			}
 		}
-		
-		if(empty($errors)) {
+
+		if (empty($errors)) {
 			@chmod($uploaded_images_path.$filename, 0644);
-			$smarty->assign('avatar_uploaded',true);
+			$smarty->assign('avatar_uploaded', true);
 		}
 		else {
 			$smarty->assign('errors',$errors);
-			$smarty->assign('form',true);
+			$smarty->assign('form', true);
 		}
 	}
 
 	// show avatar
-	if($filename !== false && file_exists($uploaded_images_path.$filename)) {
+	if ($filename !== false && file_exists($uploaded_images_path.$filename)) {
 		$avatar = $uploaded_images_path.$filename;
 	}
 
-	if(isset($avatar)) {
+	if (isset($avatar)) {
 		//$avatar .= '?u='.uniqid();
 		$smarty->assign('avatar', $avatar);
-	}
-	else 
+	} else {
 		$smarty->assign('upload', 'true');
-
-	if(isset($_GET['deleted'])) 
+	}
+	if (isset($_GET['deleted']))
 		$smarty->assign('avatar_deleted', true);
 
-
-	if(empty($errors) && isset($_FILES['probe']['error'])) {
+	if (empty($errors) && isset($_FILES['probe']['error'])) {
 		$smarty->assign('server_max_filesize', ini_get('upload_max_filesize'));
 		$errors[] = 'upload_error_2';
-		$smarty->assign('errors',$errors);
+		$smarty->assign('errors', $errors);
 	}
 }
 

includes/b8.inc.php

@@ -0,0 +1,16 @@
+<?php
+if (!defined('IN_INDEX')) {
+	header('Location: ../index.php');
+	exit;
+}
+
+// include B8 php resources
+require 'modules/b8/b8.php';
+
+// include config
+require 'config/b8_config.php';
+
+// create instance
+//$B8_BAYES_FILTER = new b8($B8_CONFIG_DATABASE_TYPE, $B8_CONFIG_AUTHENTICATION, $B8_CONFIG_LEXER, $B8_CONFIG_DEGENERATOR);
+$B8_BAYES_FILTER = new b8\b8($B8_CONFIG_DATABASE_TYPE, $B8_CONFIG_STORAGE, $B8_CONFIG_LEXER, $B8_CONFIG_DEGENERATOR);
+?>

includes/bookmark.inc.php

@@ -1,71 +1,107 @@
 <?php
-if(!defined('IN_INDEX')) {
+if (!defined('IN_INDEX')) {
 	header('Location: ../index.php');
 	exit;
 }
 
-if(isset($_SESSION[$settings['session_prefix'].'user_id'])) {
+if (isset($_SESSION[$settings['session_prefix'].'user_id'])) {
 	$user_id = $_SESSION[$settings['session_prefix'].'user_id'];
-	
 	// Derzeit kann nur reorder von aussen kommen.
-	if(isset($_REQUEST['action']) && $_REQUEST['action'] == 'reorder')
+	if (isset($_REQUEST['action']) && $_REQUEST['action'] == 'reorder')
 		$action = $_REQUEST['action'];
-	elseif(isset($_GET['delete_bookmark']))
+	elseif (isset($_GET['delete_bookmark']))
 		$action = 'delete_bookmark';
-	elseif(isset($_POST['delete_bookmark_submit']))
+	elseif (isset($_POST['delete_bookmark_submit']))
 		$action = 'delete_bookmark_submit';
-	elseif(isset($_GET['move_up_bookmark']) || isset($_GET['move_down_bookmark'])) 
+	elseif (isset($_GET['move_up_bookmark']) || isset($_GET['move_down_bookmark']))
 		$action = 'move_bookmark';
 	elseif (isset($_GET['edit_bookmark']))
 		$action = 'edit_bookmark';
-	elseif(isset($_POST['edit_bookmark_submit']) && isset($_POST['bookmark']) && !empty($_POST['bookmark']))
+	elseif (isset($_POST['edit_bookmark_submit']) && isset($_POST['bookmark']))
 		$action = 'edit_bookmark_submit';
-	else
+	else {
 		$action = 'main';
+		$filter = isset($_GET['filter']) && $_GET['filter'] != '' ? trim(urldecode(trim($_GET['filter']))) : false;
+		// Taken from search.inc.php
+		if ($filter !== false) {
+			// split search query at spaces, but not between double quotes:
+			$help_pattern = '[!/*/~/?]'; // pattern to hide spaces between quotes
+			$x_filter = preg_replace_callback(
+					"#\"(.+?)\"#is", 
+					function ($string) {
+						global $help_pattern; 
+						return str_replace(" ", $help_pattern,$string[1]);
+					},
+					$filter
+			);
+			$x_filter_array = explode(' ', my_strtolower($x_filter, $lang['charset']));
+			foreach($x_filter_array as $item)
+				$filter_array[] = mysqli_real_escape_string($connid, str_replace($help_pattern, ' ', $item));
+			$filter_string = "AND LOWER(`".$db_settings['tags_table']."`.`tag`) LIKE '%".implode("%' OR LOWER(".$db_settings['tags_table'].".`tag`) LIKE '%",$filter_array)."%'";
+		}
+	}
 
 	switch($action) {
-		case 'main':				
-			$bookmark_result = mysqli_query($connid, "SELECT ".$db_settings['bookmark_table'].".`subject`, ".$db_settings['forum_table'].".`user_id`, 
-													".$db_settings['forum_table'].".`id`, IF (".$db_settings['forum_table'].".`user_id` = 0, `name`, 
-													(SELECT `user_name` FROM ".$db_settings['userdata_table']." WHERE ".$db_settings['userdata_table'].".`user_id` = ".$db_settings['forum_table'].".`user_id` ) ) AS `user_name`, 
-													UNIX_TIMESTAMP(".$db_settings['bookmark_table'].".`time` + INTERVAL ".$time_difference." MINUTE) AS `bookmark_time`, 
-													UNIX_TIMESTAMP(".$db_settings['forum_table'].".`time` + INTERVAL ".$time_difference." MINUTE) AS `disp_time`, 
-													UNIX_TIMESTAMP(".$db_settings['forum_table'].".`last_reply` + INTERVAL ".$time_difference." MINUTE) AS `reply_time`, 
-													".$db_settings['bookmark_table'].".`id` AS `bid` FROM ".$db_settings['forum_table']." JOIN ".$db_settings['bookmark_table']." 
-													ON ".$db_settings['forum_table'].".`id` = `posting_id` WHERE ".$db_settings['bookmark_table'].".`user_id` = ".intval($user_id)." 
-													ORDER BY ".$db_settings['bookmark_table'].".`order_id` ASC") or raise_error('database_error',mysqli_error($connid));
+		case 'main':
+			$bookmark_result = @mysqli_query($connid, "SELECT `".$db_settings['bookmark_table']."`.`subject`, `".$db_settings['forum_table']."`.`user_id`,
+				".$db_settings['forum_table'].".`id`, IF (`".$db_settings['forum_table']."`.`user_id` = 0, `name`, 
+				(SELECT `user_name` FROM `".$db_settings['userdata_table']."` WHERE `".$db_settings['userdata_table']."`.`user_id` = `".$db_settings['forum_table']."`.`user_id` ) ) AS `user_name`,
+				UNIX_TIMESTAMP(`".$db_settings['bookmark_table']."`.`time` + INTERVAL ".$time_difference." MINUTE) AS `bookmark_time`, 
+				UNIX_TIMESTAMP(`".$db_settings['forum_table']."`.`time` + INTERVAL ".$time_difference." MINUTE) AS `disp_time`, 
+				UNIX_TIMESTAMP(`".$db_settings['forum_table']."`.`last_reply` + INTERVAL ".$time_difference." MINUTE) AS `reply_time`, 
+				`".$db_settings['bookmark_table']."`.`id` AS `bid`, `".$db_settings['tags_table']."`.`id` AS `tag_id`, `".$db_settings['tags_table']."`.`tag`
+				FROM `".$db_settings['bookmark_table']."`
+				JOIN `".$db_settings['forum_table']."` ON `".$db_settings['forum_table']."`.`id` = `".$db_settings['bookmark_table']."`.`posting_id`
+				LEFT JOIN `".$db_settings['bookmark_tags_table']."` ON `".$db_settings['bookmark_table']."`.`id` = `".$db_settings['bookmark_tags_table']."`.`bid` 
+				LEFT JOIN `".$db_settings['tags_table']."` ON `".$db_settings['bookmark_tags_table']."`.`tid` = `".$db_settings['tags_table']."`.`id`
+				WHERE `".$db_settings['bookmark_table']."`.`user_id` = ".intval($user_id)." ".(isset($filter_string) ? $filter_string : ""  )." 
+				ORDER BY ".$db_settings['bookmark_table'].".`order_id` ASC") or raise_error('database_error',mysqli_error($connid));
+
 			$total_bookmarks = mysqli_num_rows($bookmark_result);
-			$i=0;
 			$bookmarkdata = false;
 			
 			if (empty($row['user_name']))
 				$row['user_name'] = $lang['unknown_user'];
 			
-			while($row = mysqli_fetch_array($bookmark_result)) {
-				$bookmarkdata[$i]['subject']       = htmlspecialchars($row['subject']);
-				$bookmarkdata[$i]['user_name']     = htmlspecialchars($row['user_name']);
-				$bookmarkdata[$i]['user_id']       = intval($row['user_id']);
-				$bookmarkdata[$i]['id']            = intval($row['id']);
-				$bookmarkdata[$i]['bid']           = intval($row['bid']);
-				$bookmarkdata[$i]['bookmark_time'] = format_time($lang['time_format_full'],$row['bookmark_time']);
-				$bookmarkdata[$i]['posting_time']  = format_time($lang['time_format_full'],$row['disp_time']);
-				$bookmarkdata[$i]['reply_time']    = format_time($lang['time_format_full'],$row['reply_time']);
-				$i++;
+			while ($row = mysqli_fetch_array($bookmark_result)) {
+				$tag = $row['tag'];
+				$tags_array = false;
+				if (!is_null($tag)) {
+					if (my_strpos($tag, ' ', 0, $lang['charset']))
+						$tag_escaped='"'.$tag.'"';
+					else 
+						$tag_escaped = $tag;
+				
+					$tags_array = [
+						'escaped' => urlencode($tag_escaped),
+						'display' => htmlspecialchars($tag),
+					];
+				}
+				$bookmarkdata[$row['bid']]['subject']       = htmlspecialchars($row['subject']);
+				$bookmarkdata[$row['bid']]['user_name']     = htmlspecialchars($row['user_name']);
+				$bookmarkdata[$row['bid']]['user_id']       = intval($row['user_id']);
+				$bookmarkdata[$row['bid']]['id']            = intval($row['id']);
+				$bookmarkdata[$row['bid']]['bid']           = intval($row['bid']);
+				$bookmarkdata[$row['bid']]['bookmark_time'] = format_time($lang['time_format_full'], $row['bookmark_time']);
+				$bookmarkdata[$row['bid']]['posting_time']  = format_time($lang['time_format_full'], $row['disp_time']);
+				$bookmarkdata[$row['bid']]['reply_time']    = format_time($lang['time_format_full'], $row['reply_time']);
+				if ($tags_array !== false)
+					$bookmarkdata[$row['bid']]['tags'][]    = $tags_array;
 			}
-			
+
 			mysqli_free_result($bookmark_result);
 			if ($bookmarkdata)
 				$smarty->assign('bookmarkdata',$bookmarkdata);
 
-			//$breadcrumbs[0]['link'] = 'index.php?mode=bookmarks';
-			//$breadcrumbs[0]['linkname'] = 'subnav_bookmarks';
-			//$smarty->assign('breadcrumbs',$breadcrumbs);
-			$smarty->assign('subnav_location','subnav_bookmarks');
-			$smarty->assign('total_bookmarks',$total_bookmarks);
-			$smarty->assign('action','bookmark');
-			$smarty->assign('subtemplate','bookmark.inc.tpl');
+			$breadcrumbs[0]['link'] = 'index.php?mode=bookmarks';
+			$breadcrumbs[0]['linkname'] = 'subnav_bookmarks';
+			$smarty->assign('breadcrumbs',$breadcrumbs);
+			$smarty->assign('subnav_location', 'subnav_bookmarks');
+			$smarty->assign('filter', isset($filter_string));
+			$smarty->assign('total_bookmarks', $total_bookmarks);
+			$smarty->assign('action', 'bookmark');
+			$smarty->assign('subtemplate', 'bookmark.inc.tpl');
 			$template = 'main.tpl';
-
 			break;
 			
 		case 'move_bookmark':
@@ -79,11 +115,10 @@ if(isset($_SESSION[$settings['session_prefix'].'user_id'])) {
 			
 		case 'delete_bookmark':
 			$id = intval($_GET['delete_bookmark']);
-			$result = mysqli_query($connid, "SELECT `posting_id`, `subject` FROM ".$db_settings['bookmark_table']." WHERE id= ".$id." LIMIT 1") or raise_error('database_error', mysqli_error($connid));
+			$result = @mysqli_query($connid, "SELECT `subject` FROM ".$db_settings['bookmark_table']." WHERE id= ".$id." LIMIT 1") or raise_error('database_error', mysqli_error($connid));
 			if(mysqli_num_rows($result) > 0) {
 				$row = mysqli_fetch_array($result);
 				$bookmark['id']    = $id;
-				$bookmark['pid']   = intval($row['posting_id']);
 				$bookmark['title'] = htmlspecialchars($row['subject']);
 				$smarty->assign('bookmark', $bookmark);
 			}
@@ -97,59 +132,115 @@ if(isset($_SESSION[$settings['session_prefix'].'user_id'])) {
 			$template = 'main.tpl';
 			break;
 			
-		case 'delete_bookmark_submit':	
-			mysqli_query($connid, "DELETE FROM ".$db_settings['bookmark_table']." WHERE `id` = ".intval($_POST['id'])." AND `user_id` = ".intval($user_id)." LIMIT 1") or raise_error('database_error',mysqli_error($connid));
+		case 'delete_bookmark_submit':
+			$result = @mysqli_query($connid, "SELECT `id` FROM ".$db_settings['bookmark_table']." WHERE `id` = ". intval($_POST['id']) ." AND `user_id` = ". intval($user_id) ." LIMIT 1") or raise_error('database_error', mysqli_error($connid));
+			if(mysqli_num_rows($result) > 0) {
+				$row = mysqli_fetch_array($result);
+				deleteBookmark($row['id']);
+			}
+			mysqli_free_result($result);
 			header("Location: index.php?mode=bookmarks");
 			exit;
 			break;
 			
 		case 'edit_bookmark':
 			$id = intval($_GET['edit_bookmark']);
-			$result = mysqli_query($connid, "SELECT `posting_id`, `subject` FROM ".$db_settings['bookmark_table']." WHERE id= ".$id." LIMIT 1") or raise_error('database_error', mysqli_error($connid));
-			if(mysqli_num_rows($result) > 0) {
+			$tags = getBookmarkTags($id);
+			
+			$result = @mysqli_query($connid, "SELECT `subject` FROM ".$db_settings['bookmark_table']." WHERE id= ".$id." LIMIT 1") or raise_error('database_error', mysqli_error($connid));
+			if (mysqli_num_rows($result) > 0) {
 				$row = mysqli_fetch_array($result);
 				$bookmark['id']    = $id;
-				$bookmark['pid']   = intval($row['posting_id']);
 				$bookmark['title'] = htmlspecialchars($row['subject']);
+				if (!empty($tags))
+					$bookmark['tags'] = implode(", ", array_filter(array_map('htmlspecialchars', $tags), function($value) { return $value !== ''; }));
 				$smarty->assign('bookmark', $bookmark);
 			}
 			mysqli_free_result($result);
 			$breadcrumbs[0]['link'] = 'index.php?mode=bookmarks';
 			$breadcrumbs[0]['linkname'] = 'subnav_bookmarks';
-			$smarty->assign('breadcrumbs',$breadcrumbs);
-			$smarty->assign('action','edit_bookmark');
-			$smarty->assign('subnav_location','subnav_edit_bookmark');
-			$smarty->assign('subtemplate','bookmark.inc.tpl');
+			$smarty->assign('breadcrumbs', $breadcrumbs);
+			$smarty->assign('action', 'edit_bookmark');
+			$smarty->assign('subnav_location', 'subnav_edit_bookmark');
+			$smarty->assign('subtemplate', 'bookmark.inc.tpl');
 			$template = 'main.tpl';
 			break;
 			
 		case 'edit_bookmark_submit':
-			mysqli_query($connid, "UPDATE ".$db_settings['bookmark_table']." SET `subject` = '".mysqli_real_escape_string($connid, $_POST['bookmark'])."' WHERE `id` = ".intval($_POST['id'])." AND `user_id` = ".intval($user_id)." LIMIT 1") or raise_error('database_error',mysqli_error($connid));
-			header("Location: index.php?mode=bookmarks");
-			exit;
+			if (empty($_POST['bookmark']))
+				$errors[] = 'error_no_bookmark_subject';
+			if (my_strlen(trim($_POST['bookmark']), $lang['charset']) > $settings['subject_maxlength'])
+				$errors[] = 'error_bookmark_subject_too_long';
+            
+			if (isset($_POST['tags']) && trim($_POST['tags']) != '') {
+				$tagsArray = array_filter(array_map('trim', explode(',', $_POST['tags'])), function($value) { return $value !== ''; });
+				
+				if (count($tagsArray) > 10) {
+					$errors[] = 'error_bookmark_tags_limit_reached'; 
+				}
+				else {
+					foreach ($tagsArray as $tag) {
+						unset($too_long_word);
+						$too_long_word = too_long_word($tag, $settings['text_word_maxlength'], $lang['word_delimiters']);
+						if ($too_long_word) { 
+							$errors[] = 'error_bookmark_word_too_long'; 
+							break;
+						}
+					}
+				}
+			}
+			
+			if (empty($errors)) {
+				setBookmarkTags($_POST['id'], $tagsArray);
+				@mysqli_query($connid, "UPDATE ".$db_settings['bookmark_table']." SET `subject` = '". mysqli_real_escape_string($connid, trim($_POST['bookmark'])) ."' WHERE `id` = ". intval($_POST['id']) ." AND `user_id` = ". intval($user_id) ." LIMIT 1") or raise_error('database_error', mysqli_error($connid));
+				header("Location: index.php?mode=bookmarks");
+				exit;
+			}
+			else {
+				$bookmark['id']    = intval($_POST['id']);
+				$bookmark['title'] = htmlspecialchars(trim($_POST['bookmark']));
+				$bookmark['tags']  = htmlspecialchars(trim($_POST['tags']));
+				$smarty->assign('bookmark', $bookmark);
+				$smarty->assign('errors', $errors);
+				if (isset($too_long_word))
+					$smarty->assign('word', $too_long_word);
+				$breadcrumbs[0]['link'] = 'index.php?mode=bookmarks';
+				$breadcrumbs[0]['linkname'] = 'subnav_bookmarks';
+				$smarty->assign('breadcrumbs', $breadcrumbs);
+				$smarty->assign('action', 'edit_bookmark');
+				$smarty->assign('subnav_location', 'subnav_edit_bookmark');
+				$smarty->assign('subtemplate', 'bookmark.inc.tpl');
+				$template = 'main.tpl';
+			}
 			break;
 			
 		case 'reorder':
-			if (isset($_POST['bookmarks'])) {			
-				$items = explode(',', $_POST['bookmarks']);
-				$order_id = 1;
-				foreach($items as $id) {
-					mysqli_query($connid, "UPDATE ".$db_settings['bookmark_table']." SET `order_id` = ".$order_id." WHERE id = ".intval($id)." AND `user_id` = ".intval($user_id)." LIMIT 1") or raise_error('database_error',mysqli_error($connid));
-					$order_id++;
+			if (isset($_POST['bookmarks'])) {		
+				$items = array_map(function($item) use($connid) { return mysqli_real_escape_string($connid, $item); }, explode(',', $_POST['bookmarks']));
+				$order_result = @mysqli_query($connid, "SELECT `id`, `order_id` FROM ".$db_settings['bookmark_table']." WHERE `id` IN (".implode(",", $items).") ORDER BY `order_id` ASC");
+				$order = false;
+				
+				while ($row = mysqli_fetch_array($order_result))
+					$order[] = $row["order_id"];
+				mysqli_free_result($order_result);
+				
+				if ($order !== false && count($order) == count($items)) {
+					for ($i = 0; $i < count($items); $i++) {
+						$order_id = $order[$i];
+						$item_id  = $items[$i];
+						@mysqli_query($connid, "UPDATE ".$db_settings['bookmark_table']." SET `order_id` = ". intval($order_id) ." WHERE `id` = ". intval($item_id) ." AND `user_id` = ". intval($user_id) ." LIMIT 1") or raise_error('database_error', mysqli_error($connid));
+					}
 				}
 			}
 			exit;
-			break;	
+			break;
 			
 		default:
 			header("Location: index.php");
 			exit;
 			break;
 	}
- 
- 
-}
-else {
+} else {
 	header("Location: index.php");
 	exit;
 }

includes/classes/Backup.class.php

@@ -1,95 +0,0 @@
-<?php
-/**
- * creates a backup file with buffering every 500 lines
- * in order to prevent timeout or exhausting memory size
- */
-class Backup
- {
-  var $start_time;
-  var $check_time;
-  var $file;
-  var $dump = '';
-  var $queries = 0;
-  var $max_queries = 300;
-  var $errors = Array();
-
-  function Backup()
-   {
-    @set_time_limit(30);
-    $this->start_time = time();
-    $this->check_time = $this->start_time;
-   }
-
-  function set_max_queries($max_queries=500)
-   {
-    $this->max_queries = $max_queries;
-   }
-
-  function set_file($file)
-   {
-    $this->file = $file;
-   }
-
-  function assign($data)
-   {
-    #$this->dump .= utf8_encode($data);
-    $this->dump .= $data;
-    $this->queries++;
-
-    $now = time();
-    if(($now-25) >= $this->check_time)
-     {
-      $this->check_time = $now;
-      @set_time_limit(30);
-     }
-
-    if($this->queries >= $this->max_queries)
-     {
-      // buffer:
-      if(!$this->save()) $buffering_failed = true;
-      $this->queries = 0;
-     }
-
-    if(empty($buffering_failed))
-     {
-      return true;
-     }
-    else
-     {
-      return false;
-     }
-   }
-
-  function save()
-   {
-    if($this->dump != '')
-     {
-      if(empty($this->file))
-       {
-        $this->file = 'backup_'.date("YmdHis").'.sql';
-       }
-      if($handle = @fopen($this->file, 'a+'))
-       {
-        #flock($fp, 2);
-        @fwrite($handle, $this->dump);
-        #flock($fp, 3);
-        @fclose($handle);
-        $this->dump = '';
-       }
-      else
-       {
-        $write_error = true;
-       }
-     }
-    if(empty($write_error))
-     {
-      return true;
-     }
-    else
-     {
-      $this->errors[] = 'write_error';
-      return false;
-     }
-   }
- }
-?>

includes/contact.inc.php

@@ -1,328 +1,305 @@
 <?php
-if(!defined('IN_INDEX'))
- {
-  header('Location: ../index.php');
-  exit;
- }
+if (!defined('IN_INDEX')) {
+	header('Location: ../index.php');
+	exit;
+}
 
-if(empty($_SESSION[$settings['session_prefix'].'user_id']) && $settings['captcha_email']>0)
- {
-  require('modules/captcha/captcha.php');
-  $captcha = new Captcha();
- }
+if (empty($_SESSION[$settings['session_prefix'].'user_id']) && $settings['captcha_email'] > 0) {
+	require('modules/captcha/captcha.php');
+	$captcha = new Captcha();
+}
 
-if(isset($_REQUEST['action'])) $action = $_REQUEST['action'];
-else $action = 'main';
+if (isset($_REQUEST['action'])) 
+	$action = $_REQUEST['action'];
+else 
+	$action = 'main';
 
-if(isset($_POST['message_submit'])) $action = 'message_submit';
+if(isset($_POST['message_submit'])) 
+	$action = 'message_submit';
 
-switch($action)
- {
-  case 'main':
-   // sender:
-   if(isset($_SESSION[$settings['session_prefix'].'user_id']))
-    {
-     $result = @mysqli_query($connid, "SELECT user_email FROM ".$db_settings['userdata_table']." WHERE user_id = '".intval($_SESSION[$settings['session_prefix'].'user_id'])."' LIMIT 1") or raise_error('database_error',mysqli_error($connid));
-     $data = mysqli_fetch_array($result);
-     mysqli_free_result($result);
-     $smarty->assign('sender_email',htmlspecialchars($data['user_email']));
-    }
-   else
-    {
-     $smarty->assign('sender_email','');
-    }
+$isUser = isset($_SESSION[$settings['session_prefix'].'user_type']) && isset($_SESSION[$settings['session_prefix'].'user_id']);
+$isModOrAdmin = $isUser && ($_SESSION[$settings['session_prefix'].'user_type'] == 1 || $_SESSION[$settings['session_prefix'].'user_type'] == 2);
 
-   if(isset($_REQUEST['id']))
-    {
-     // contact by entry:
-     $result = @mysqli_query($connid, "SELECT user_id, name, email FROM ".$db_settings['forum_table']." WHERE id = ".intval($_REQUEST['id'])." LIMIT 1") or raise_error('database_error',mysqli_error($connid));
-     if(mysqli_num_rows($result)!=1)
-      {
-       header('Location: index.php');
-       exit;
-      }
-     $data = mysqli_fetch_array($result);
-     mysqli_free_result($result);
-     if($data['user_id']>0)
-      {
-       // registered user, get  data from userdata table:
-       $result = @mysqli_query($connid, "SELECT user_name, email_contact FROM ".$db_settings['userdata_table']." WHERE user_id = ".intval($data['user_id'])." LIMIT 1") or raise_error('database_error',mysqli_error($connid));
-       $userdata = mysqli_fetch_array($result);
-       mysqli_free_result($result);
-       if($userdata['email_contact']!=1)
-        {
-         $smarty->assign('error_message','impossible_to_contact');
-        }
-       else
-        {
-         $smarty->assign('recipient_name',htmlspecialchars($userdata['user_name']));
-         $smarty->assign('recipient_user_id',intval($data['user_id']));
-        }
-      }
-     else
-      {
-       // not registered user, get data from forum table:
-       if($data['email']=='')
-        {
-         $smarty->assign('error_message','impossible_to_contact');
-        }
-       else
-        {
-         $smarty->assign('recipient_name',htmlspecialchars($data['name']));
-         $smarty->assign('id',intval($_REQUEST['id']));
-        }
-      }
-    }
-   elseif(isset($_REQUEST['user_id']))
-    {
-     $result = @mysqli_query($connid, "SELECT user_name, email_contact FROM ".$db_settings['userdata_table']." WHERE user_id = '".intval($_REQUEST['user_id'])."' LIMIT 1") or raise_error('database_error',mysqli_error($connid));
-      if(mysqli_num_rows($result)!=1)
-      {
-       header('Location: index.php');
-       exit;
-      }
-     $userdata = mysqli_fetch_array($result);
-     mysqli_free_result($result);
-     if($userdata['email_contact']!=1)
-      {
-       $smarty->assign('error_message','impossible_to_contact');
-      }
-     else
-      {
-       $smarty->assign('recipient_name',htmlspecialchars($userdata['user_name']));
-       $smarty->assign('recipient_user_id',intval($_REQUEST['user_id']));
-      }
-    }
-   $_SESSION[$settings['session_prefix'].'formtime'] = TIMESTAMP;
-  break;
-  case 'message_submit':
-   if(isset($_POST['id'])) $id = intval($_POST['id']);
-   if(isset($_POST['user_id'])) $user_id = intval($_POST['user_id']);
-   if(isset($_POST['sender_email'])) $sender_email = trim(preg_replace("/\r/", "", $_POST['sender_email']));
-   if(isset($_POST['text'])) $text = trim($_POST['text']);
-   if(isset($_POST['subject'])) $subject = trim($_POST['subject']);
+switch($action) {
+	case 'main':
+		// set timestamp for SPAM protection
+		setReceiptTimestamp();
+		
+		// sender id
+		$smarty->assign('user_id', isset($_SESSION[$settings['session_prefix'].'user_id']) ? intval($_SESSION[$settings['session_prefix'].'user_id']) : FALSE);
 
-   // check form session and time used to complete the form:
-   if(empty($_SESSION[$settings['session_prefix'].'user_id']))
-    {
-     if(empty($_SESSION[$settings['session_prefix'].'formtime'])) $errors[] = 'error_invalid_form';
-     else
-      {
-       $time_need = TIMESTAMP - intval($_SESSION[$settings['session_prefix'].'formtime']);
-       if($time_need<10) $errors[] = 'error_form_sent_too_fast';
-       elseif($time_need>10800) $errors[] = 'error_form_sent_too_slow';
-       unset($_SESSION[$settings['session_prefix'].'formtime']);
-      }
-    }
+		if (isset($_REQUEST['id'])) {
+			// contact by entry:
+			$result = @mysqli_query($connid, "SELECT user_id AS recipient_user_id, name, email FROM ".$db_settings['forum_table']." WHERE id = ".intval($_REQUEST['id'])." LIMIT 1") or raise_error('database_error', mysqli_error($connid));
+			if (mysqli_num_rows($result) != 1) {
+				header('Location: index.php');
+				exit;
+			}
+			$data = mysqli_fetch_array($result);
+			mysqli_free_result($result);
+			if ($data['recipient_user_id'] > 0) {
+				// registered user, get  data from userdata table:
+				$result = @mysqli_query($connid, "SELECT user_name, email_contact FROM ".$db_settings['userdata_table']." WHERE user_id = ".intval($data['recipient_user_id'])." LIMIT 1") or raise_error('database_error', mysqli_error($connid));
+				$userdata = mysqli_fetch_array($result);
+				mysqli_free_result($result);
+				if ($isModOrAdmin || $isUser && $userdata['email_contact'] > 0 || $userdata['email_contact'] == 2) {
+					$smarty->assign('recipient_name', htmlspecialchars($userdata['user_name']));
+					$smarty->assign('recipient_user_id', intval($data['recipient_user_id']));
+				} else {
+					$smarty->assign('error_message', 'impossible_to_contact');
+				}
+			} else {
+				// not registered user, get data from forum table:
+				if($data['email'] == '') {
+					$smarty->assign('error_message','impossible_to_contact');
+				} else {
+					$smarty->assign('recipient_name', htmlspecialchars($data['name']));
+					$smarty->assign('id', intval($_REQUEST['id']));
+				}
+			}
+		} elseif (isset($_REQUEST['recipient_user_id'])) {
+			$result = @mysqli_query($connid, "SELECT user_name, email_contact FROM ".$db_settings['userdata_table']." WHERE user_id = '".intval($_REQUEST['recipient_user_id'])."' LIMIT 1") or raise_error('database_error', mysqli_error($connid));
+			if(mysqli_num_rows($result) != 1) {
+				header('Location: index.php');
+				exit;
+			}
+			$userdata = mysqli_fetch_array($result);
+			mysqli_free_result($result);
+			if ($isModOrAdmin || $isUser && $userdata['email_contact'] > 0 || $userdata['email_contact'] == 2) {
+				$smarty->assign('recipient_name', htmlspecialchars($userdata['user_name']));
+				$smarty->assign('recipient_user_id', intval($_REQUEST['recipient_user_id']));
+			} else {
+				$smarty->assign('error_message', 'impossible_to_contact');
+			}
+		}
+	break;
+	case 'message_submit':
+		if (isset($_POST['id'])) 
+			$id = intval($_POST['id']);
+		if (isset($_POST['recipient_user_id'])) 
+			$recipient_user_id = intval($_POST['recipient_user_id']);
+		if (isset($_POST['text']) && !empty($_POST['text']))
+			$text = trim($_POST['text']);
+		if (isset($_POST['subject']) && !empty($_POST['subject']))
+			$subject = trim($_POST['subject']);
+		if (isset($_SESSION[$settings['session_prefix'].'user_id'])) {
+			$result = @mysqli_query($connid, "SELECT user_email FROM ".$db_settings['userdata_table']." WHERE user_id = '".intval($_SESSION[$settings['session_prefix'].'user_id'])."' LIMIT 1") or raise_error('database_error', mysqli_error($connid));
+			$data = mysqli_fetch_array($result);
+			mysqli_free_result($result);
+			$sender_email = $data['user_email']; // email of reg. user taken from profil
+			$confirmation_mail_to_sender = isset($_POST['confirmation_email']) && intval($_POST['confirmation_email']) == 1 ? TRUE : FALSE;
+		}
+		else {
+			$sender_email = $_POST['sender_email'];
+			$confirmation_mail_to_sender = FALSE;
+		}
+		$sender_email = trim(preg_replace("/\r/", "", $sender_email));
 
-   if(empty($errors))
-    {
-     if(empty($sender_email) || $sender_email=='') $errors[] = 'error_message_no_email';
-     elseif(!is_valid_email($sender_email)) $errors[] = 'error_email_invalid';
-     if(empty($subject) || $subject=='') $errors[] = 'error_message_no_subject';
-     if(empty($text) || $text=='') $errors[] = 'error_message_no_text';
-     if(my_strlen($subject,$lang['charset']) > $settings['email_subject_maxlength']) $errors[] = 'error_email_subject_too_long';
-     if(my_strlen($text,$lang['charset']) > $settings['email_text_maxlength']) $errors[] = 'error_email_text_too_long';
-     $smarty->assign('text_length',my_strlen($text,$lang['charset']));
-    }
+		// check form session and time used to complete the form:
+		setReceiptTimestamp();
+		// if (empty($_SESSION[$settings['session_prefix'].'user_id'])) {
+		if (!isset($_SESSION[$settings['session_prefix'] . 'receipt_timestamp_difference']) || intval($_SESSION[$settings['session_prefix'] . 'receipt_timestamp_difference']) <= 0)
+			$errors[] = 'error_invalid_form';
+		else {
+			if ($_SESSION[$settings['session_prefix'] . 'receipt_timestamp_difference'] < $settings['min_email_time'])
+				$errors[] = 'error_form_sent_too_fast';
+			elseif ($_SESSION[$settings['session_prefix'] . 'receipt_timestamp_difference'] > $settings['max_email_time'])
+				$errors[] = 'error_form_sent_too_slow';
+		}
 
-   if(empty($errors))
-    {
-     // check for not accepted words:
-     $joined_mail = my_strtolower($sender_email.' '.$subject.' '.$text, $lang['charset']);
-     $not_accepted_words = get_not_accepted_words($joined_mail);
-     if($not_accepted_words!=false)
-      {
-       $not_accepted_words_listing = implode(', ',$not_accepted_words);
-       if(count($not_accepted_words)==1)
-        {
-         $smarty->assign('not_accepted_word',htmlspecialchars($not_accepted_words_listing));
-         $errors[] = 'error_not_accepted_word';
-        }
-       else
-        {
-         $smarty->assign('not_accepted_words',htmlspecialchars($not_accepted_words_listing));
-         $errors[] = 'error_not_accepted_words';
-        }
-      }
-    }
+		if (empty($errors)) {
+			if (empty($sender_email) || $sender_email == '') 
+				$errors[] = 'error_message_no_email';
+			elseif (!is_valid_email($sender_email)) 
+				$errors[] = 'error_email_invalid';
+			if (empty($subject) || $subject == '') 
+				$errors[] = 'error_message_no_subject';
+			if (empty($text) || $text == '') 
+				$errors[] = 'error_message_no_text';
+			if (my_strlen($subject, $lang['charset']) > $settings['email_subject_maxlength']) 
+				$errors[] = 'error_email_subject_too_long';
+			if (my_strlen($text, $lang['charset']) > $settings['email_text_maxlength']) 
+				$errors[] = 'error_email_text_too_long';
+			$smarty->assign('text_length', my_strlen($text,$lang['charset']));
+		}
 
-   // CAPTCHA check:
-   if(empty($errors) && empty($_SESSION[$settings['session_prefix'].'user_id']) && $settings['captcha_email']>0)
-    {
-     if($settings['captcha_email']==2)
-      {
-       if(empty($_SESSION['captcha_session']) || empty($_POST['captcha_code']) || $captcha->check_captcha($_SESSION['captcha_session'],$_POST['captcha_code'])!=true) $errors[] = 'captcha_check_failed';
-      }
-     else
-      {
-       if(empty($_SESSION['captcha_session']) || empty($_POST['captcha_code']) || $captcha->check_math_captcha($_SESSION['captcha_session'][2],$_POST['captcha_code'])!=true) $errors[] = 'captcha_check_failed';
-      }
-     unset($_SESSION['captcha_session']);
-    }
+		if (empty($errors)) {
+			// check for not accepted words:
+			$joined_mail = my_strtolower($sender_email.' '.$subject.' '.$text, $lang['charset']);
+			$not_accepted_words = get_not_accepted_words($joined_mail);
+			if ($not_accepted_words != false) {
+				$not_accepted_words_listing = implode(', ',$not_accepted_words);
+				if (count($not_accepted_words) == 1) {
+					$smarty->assign('not_accepted_word', htmlspecialchars($not_accepted_words_listing));
+					$errors[] = 'error_not_accepted_word';
+				} else {
+					$smarty->assign('not_accepted_words', htmlspecialchars($not_accepted_words_listing));
+					$errors[] = 'error_not_accepted_words';
+				}
+			}
+		}
 
-   // Akismet spam check:
-   if(empty($errors) && $settings['akismet_key']!='' && $settings['akismet_mail_check']==1)
-    {
-     if(empty($_SESSION[$settings['session_prefix'].'user_id']) || isset($_SESSION[$settings['session_prefix'].'user_type']) && $_SESSION[$settings['session_prefix'].'user_type']==0 && $settings['akismet_check_registered']==1)
-      {
-       require('modules/akismet/akismet.class.php');
-       $mail_parts = explode("@", $sender_email);
-       $sender_name = $mail_parts[0];
-       $check_mail['author'] = $mail_parts[0];
-       $check_mail['email'] = $sender_email;
-       $check_mail['body'] = $text;
-       $akismet = new Akismet($settings['forum_address'], $settings['akismet_key'], $check_mail);
-       // test for errors
-       if($akismet->errorsExist())
-        {
-         // returns true if any errors exist
-         if($akismet->isError(AKISMET_INVALID_KEY))
-          {
-           $errors[] = 'error_akismet_api_key';
-          }
-         elseif($akismet->isError(AKISMET_RESPONSE_FAILED))
-          {
-           $errors[] = 'error_akismet_connection';
-          }
-         elseif($akismet->isError(AKISMET_SERVER_NOT_FOUND))
-          {
-           $errors[] = 'error_akismet_connection';
-          }
-        }
-       else
-        {
-         // No errors, check for spam
-         if($akismet->isSpam())
-          {
-           $errors[] = 'error_spam_suspicion';
-          }
-        }
-      }
-    }
-   if(isset($id))
-    {
-     // get email address from entry:
-     $result = @mysqli_query($connid, "SELECT user_id, name, email FROM ".$db_settings['forum_table']." WHERE id = ".intval($id)." LIMIT 1") or raise_error('database_error',mysqli_error($connid));
-     if(mysqli_num_rows($result)!=1)
-      {
-       header('Location: index.php');
-       exit;
-      }
-     $data = mysqli_fetch_array($result);
-     mysqli_free_result($result);
-     if($data['user_id']>0)
-      {
-       // registered user, get  data from userdata table:
-       $result = @mysqli_query($connid, "SELECT user_email, email_contact FROM ".$db_settings['userdata_table']." WHERE user_id = ".intval($data['user_id'])." LIMIT 1") or raise_error('database_error',mysqli_error($connid));
-       $userdata = mysqli_fetch_array($result);
-       mysqli_free_result($result);
-       if($userdata['email_contact']!=1)
-        {
-         $errors[] = TRUE;
-         $smarty->assign('error_message','impossible_to_contact');
-        }
-       else
-        {
-         $smarty->assign('recipient_name',htmlspecialchars($userdata['user_name']));
-         $recipient_email = $data['user_email'];
-        }
-      }
-     else
-      {
-       // not registered user, get data from forum table:
-       if($data['email']=='')
-        {
-         $errors[] = TRUE;
-         $smarty->assign('error_message','impossible_to_contact');
-        }
-       else
-        {
-         $recipient_name = htmlspecialchars($data['name']);
-         $recipient_email = $data['email'];
-         $smarty->assign('recipient_name',$recipient_name);
-        }
-      }
-    }
-   elseif(isset($user_id))
-    {
-     $result = @mysqli_query($connid, "SELECT user_name, user_email, email_contact FROM ".$db_settings['userdata_table']." WHERE user_id = '".intval($user_id)."' LIMIT 1") or raise_error('database_error',mysqli_error($connid));
-     if(mysqli_num_rows($result)!=1)
-      {
-       header('Location: index.php');
-       exit;
-      }
-     $userdata = mysqli_fetch_array($result);
-     mysqli_free_result($result);
-     if($userdata['email_contact']!=1)
-      {
-       $errors[] = TRUE;
-       $smarty->assign('error_message','impossible_to_contact');
-      }
-     else
-      {
-       $recipient_name = htmlspecialchars($userdata['user_name']);
-       $recipient_email = $userdata['user_email'];
-       $smarty->assign('recipient_name',$recipient_name);
-      }
-    }
-   else
-    {
-     $recipient_name = $settings['forum_name'];
-     $recipient_email = $settings['forum_email'];
-    }
+		// CAPTCHA check:
+		if (empty($errors) && empty($_SESSION[$settings['session_prefix'].'user_id']) && $settings['captcha_email'] > 0) {
+			if ($settings['captcha_email'] == 2) {
+			if (empty($_SESSION['captcha_session']) || empty($_POST['captcha_code']) || $captcha->check_captcha($_SESSION['captcha_session'], $_POST['captcha_code']) != true) $errors[] = 'captcha_check_failed';
+			} else {
+				if (empty($_SESSION['captcha_session']) || empty($_POST['captcha_code']) || $captcha->check_math_captcha($_SESSION['captcha_session'][2], $_POST['captcha_code']) != true) $errors[] = 'captcha_check_failed';
+			}
+			unset($_SESSION['captcha_session']);
+		}
 
-   if(empty($errors))
-    {
-     // load e-mail strings from default language file:
-     $smarty->configLoad($settings['language_file'], 'emails');
-     $lang = $smarty->getConfigVars();
-     if(isset($_SESSION[$settings['session_prefix'].'user_name'])) $emailbody = str_replace("[user]", $_SESSION[$settings['session_prefix'].'user_name'], $lang['contact_email_txt_user']);
-     else $emailbody = $lang['contact_email_txt'];
-     $emailbody = str_replace("[message]", $text, $emailbody);
-     $emailbody = str_replace("[forum_address]", $settings['forum_address'], $emailbody);
-     if(!my_mail($recipient_email, $subject, $emailbody, $sender_email)) $errors[] = 'mail_error';
-    }
-   if(isset($errors))
-    {
-     $_SESSION[$settings['session_prefix'].'formtime'] = TIMESTAMP - 7; // 7 seconds credit (form already sent)
-     $smarty->assign('errors',$errors);
-     if(isset($id)) $smarty->assign('id',intval($id));
-     if(isset($user_id)) $smarty->assign('recipient_user_id',intval($user_id));
-     if(isset($sender_email)) $smarty->assign('sender_email',htmlspecialchars($sender_email));
-     if(isset($text)) $smarty->assign('text',htmlspecialchars($text));
-     if(isset($subject)) $smarty->assign('subject',htmlspecialchars($subject));
-    }
-   else
-    {
-     $smarty->assign('sent',TRUE);
-    }
-  break;
- }
+		// Spam check: 
+		if (empty($errors) && (empty($_SESSION[$settings['session_prefix'].'user_id']) || isset($_SESSION[$settings['session_prefix'].'user_type']) && $_SESSION[$settings['session_prefix'].'user_type'] == 0 && $settings['spam_check_registered'] == 1)) {
+			$mail_parts = explode("@", $sender_email);
+			$sender_name = $mail_parts[0];
+			$check_mail['author'] = $mail_parts[0];
+			$check_mail['email'] = $sender_email;
+			$check_mail['body'] = $text;
+				
+			// Akismet spam check: 
+			if ($settings['akismet_key'] != '' && $settings['akismet_mail_check'] == 1) {
+				require('modules/akismet/akismet.class.php');
+				$akismet = new Akismet($settings['forum_address'], $settings['akismet_key'], $check_mail);
+				// test for errors
+				if ($akismet->errorsExist()) {
+					// returns true if any errors exist
+					if ($akismet->isError(AKISMET_INVALID_KEY)) {
+						$errors[] = 'error_akismet_api_key';
+					} elseif ($akismet->isError(AKISMET_RESPONSE_FAILED)) {
+						$errors[] = 'error_akismet_connection';
+					} elseif($akismet->isError(AKISMET_SERVER_NOT_FOUND)) {
+						$errors[] = 'error_akismet_connection';
+					}
+				} else {
+					// No errors, check for spam
+					if ($akismet->isSpam()) {
+						$errors[] = 'error_email_spam_suspicion';
+					}
+				}
+			}
+		
+			// B8 spam check: 
+			if ($settings['b8_mail_check'] == 1) {
+				try {
+					$check_text = implode("\r\n", $check_mail);
+					$b8_spam_probability = 100.0 * $B8_BAYES_FILTER->classify($check_text);
+					if ($b8_spam_probability > intval($settings['b8_spam_probability_threshold']))
+						$errors[] = 'error_email_spam_suspicion';
+				}
+				catch(Exception $e) {
+					raise_error('database_error', $e->getMessage()); // What should we do here?
+					$b8_spam = 0;
+				}
+			}
+		}
+
+		if (empty($errors)) {
+			if (isset($id)) {
+				// get email address from entry:
+				$result = @mysqli_query($connid, "SELECT user_id AS recipient_user_id, name, email FROM ".$db_settings['forum_table']." WHERE id = ".intval($id)." LIMIT 1") or raise_error('database_error', mysqli_error($connid));
+				if(mysqli_num_rows($result) != 1) {
+					header('Location: index.php');
+					exit;
+				}
+				$data = mysqli_fetch_array($result);
+				mysqli_free_result($result);
+				if ($data['recipient_user_id'] > 0) {
+					// registered user, get  data from userdata table:
+					$result = @mysqli_query($connid, "SELECT user_email, email_contact FROM ".$db_settings['userdata_table']." WHERE user_id = ".intval($data['recipient_user_id'])." LIMIT 1") or raise_error('database_error', mysqli_error($connid));
+					$userdata = mysqli_fetch_array($result);
+					mysqli_free_result($result);
+					if ($isModOrAdmin || $isUser && $userdata['email_contact'] > 0 || $userdata['email_contact'] == 2) {
+						$smarty->assign('recipient_name', htmlspecialchars($userdata['user_name']));
+						$recipient_email = $data['user_email'];
+					} else {
+						$errors[] = TRUE;
+						$smarty->assign('error_message', 'impossible_to_contact');
+					}
+				} else {
+					// not registered user, get data from forum table:
+					if ($data['email'] == '') {
+						$errors[] = TRUE;
+						$smarty->assign('error_message','impossible_to_contact');
+					} else {
+						$recipient_name = htmlspecialchars($data['name']);
+						$recipient_email = $data['email'];
+						$smarty->assign('recipient_name', $recipient_name);
+					}
+				}
+			} elseif (isset($recipient_user_id)) {
+				$result = @mysqli_query($connid, "SELECT user_name, user_email, email_contact FROM ".$db_settings['userdata_table']." WHERE user_id = '".intval($recipient_user_id)."' LIMIT 1") or raise_error('database_error', mysqli_error($connid));
+				if (mysqli_num_rows($result) != 1) {
+					header('Location: index.php');
+					exit;
+				}
+				$userdata = mysqli_fetch_array($result);
+				mysqli_free_result($result);
+				if ($isModOrAdmin || $isUser && $userdata['email_contact'] > 0 || $userdata['email_contact'] == 2) {
+					$recipient_name = htmlspecialchars($userdata['user_name']);
+					$recipient_email = $userdata['user_email'];
+					$smarty->assign('recipient_name', $recipient_name);
+				} else {
+					$errors[] = TRUE;
+					$smarty->assign('error_message', 'impossible_to_contact');
+				}
+			} else {
+				$recipient_name = $settings['forum_name'];
+				$recipient_email = $settings['forum_email'];
+			}
+		}
+
+		if (empty($errors)) {
+			// load e-mail strings from default language file:
+			$smarty->configLoad($settings['language_file'], 'emails');
+			$lang = $smarty->getConfigVars();
+			if (isset($_SESSION[$settings['session_prefix'].'user_name'])) 
+				$emailbody = str_replace("[user]", $_SESSION[$settings['session_prefix'].'user_name'], $lang['contact_email_txt_user']);
+			else 
+				$emailbody = $lang['contact_email_txt'];
+			$emailbody = str_replace("[message]", $text, $emailbody);
+			$emailbody = str_replace("[forum_address]", $settings['forum_address'], $emailbody);
+			if (!my_mail($recipient_email, $subject, $emailbody, $sender_email)) 
+				$errors[] = 'mail_error';
+			if (isset($_SESSION[$settings['session_prefix'].'user_id']) && $confirmation_mail_to_sender && !my_mail($sender_email, $subject, $emailbody, $sender_email))
+				$errors[] = 'mail_error';
+		}
+		if (isset($errors)) {
+			$smarty->assign('errors',$errors);
+			if (isset($id)) 
+				$smarty->assign('id', intval($id));
+			if (isset($recipient_user_id)) 
+				$smarty->assign('recipient_user_id', intval($recipient_user_id));
+			if (isset($sender_email)) 
+				$smarty->assign('sender_email', htmlspecialchars($sender_email));
+			if (isset($text)) 
+				$smarty->assign('text', htmlspecialchars($text));
+			if (isset($subject)) 
+				$smarty->assign('subject', htmlspecialchars($subject));
+		} else {
+			$smarty->assign('sent', TRUE);
+		}
+	break;
+}
 
 // CAPTCHA:
-if(empty($_SESSION[$settings['session_prefix'].'user_id']) && $settings['captcha_email']>0)
- {
-  if($settings['captcha_email']==2)
-   {
-    $_SESSION['captcha_session'] = $captcha->generate_code();
-   }
-  else
-   {
-    $_SESSION['captcha_session'] = $captcha->generate_math_captcha();
-    $captcha_tpl['number_1'] = $_SESSION['captcha_session'][0];
-    $captcha_tpl['number_2'] = $_SESSION['captcha_session'][1];
-   }
-  $captcha_tpl['type'] = $settings['captcha_email'];
-  $smarty->assign('captcha',$captcha_tpl);
- }
+if (empty($_SESSION[$settings['session_prefix'].'user_id']) && $settings['captcha_email'] > 0) {
+	if($settings['captcha_email'] == 2) {
+		$_SESSION['captcha_session'] = $captcha->generate_code();
+	} else {
+		$_SESSION['captcha_session'] = $captcha->generate_math_captcha();
+		$captcha_tpl['number_1'] = $_SESSION['captcha_session'][0];
+		$captcha_tpl['number_2'] = $_SESSION['captcha_session'][1];
+	}
+	$captcha_tpl['type'] = $settings['captcha_email'];
+	$smarty->assign('captcha', $captcha_tpl);
+}
 
-if(empty($_SESSION[$settings['session_prefix'].'user_id']))
- {
-  $session['name'] = session_name();
-  $session['id'] = session_id();
-  $smarty->assign('session',$session);
- }
+if (empty($_SESSION[$settings['session_prefix'].'user_id'])) {
+	$session['name'] = session_name();
+	$session['id'] = session_id();
+	$smarty->assign('session', $session);
+}
 
 $smarty->assign('subnav_location','subnav_contact');
 $smarty->assign('subtemplate','contact.inc.tpl');

includes/delete_cookie.inc.php

@@ -1,19 +1,18 @@
 <?php
-if(!defined('IN_INDEX'))
- {
-  header('Location: ../index.php');
-  exit;
- }
+if (!defined('IN_INDEX')) {
+	header('Location: ../index.php');
+	exit;
+}
 
-setcookie($settings['session_prefix'].'userdata','',0);
+setcookie($settings['session_prefix'].'userdata', '', cookie_options(0));
 
-if(isset($_POST['method']) && $_POST['method']=='ajax') exit;
+if (isset($_POST['method']) && $_POST['method'] == 'ajax') exit;
+
+else {
+	$smarty->assign('message', 'cookie_deleted');
+	$smarty->assign('subnav_location', 'subnav_delete_cookie');
+	$smarty->assign('subtemplate', 'info.inc.tpl');
+	$template = 'main.tpl';
+}
 
-else
- {
-  $smarty->assign('message','cookie_deleted');
-  $smarty->assign('subnav_location','subnav_delete_cookie');
-  $smarty->assign('subtemplate','info.inc.tpl');
-  $template = 'main.tpl';
- }
 ?>

includes/disabled.inc.php

@@ -1,20 +1,16 @@
 <?php
-if(!defined('IN_INDEX'))
- {
-  header('Location: ../index.php');
-  exit;
- }
+if (!defined('IN_INDEX')) {
+	header('Location: ../index.php');
+	exit;
+}
 
-if($settings['forum_disabled_message']!='')
- {
-  $smarty->assign('custom_message',$settings['forum_disabled_message']);
- }
-else
- {
-  $smarty->assign('message','forum_disabled');
- }
+if ($settings['forum_disabled_message'] != '') {
+	$smarty->assign('custom_message', $settings['forum_disabled_message']);
+} else {
+	$smarty->assign('message', 'forum_disabled');
+}
 
-$smarty->assign('subnav_location','subnav_disabled');
-$smarty->assign('subtemplate','info.inc.tpl');
+$smarty->assign('subnav_location', 'subnav_disabled');
+$smarty->assign('subtemplate', 'info.inc.tpl');
 $template = 'main.tpl';
 ?>

includes/entry.inc.php

@@ -1,343 +1,375 @@
 <?php
-if(!defined('IN_INDEX'))
- {
-  header('Location: ../index.php');
-  exit;
- }
-
-if(isset($_REQUEST['id'])) $id = intval($_REQUEST['id']);
-else
- {
-  header('Location: index.php');
-  exit;
- }
-
-if(isset($_GET['page'])) $page = intval($_GET['page']);
-else $page = 1;
-
-if(isset($_GET['order']) && $_GET['order']=='last_reply') $order = 'last_reply';
-else $order = 'time';
-
-if(isset($_SESSION[$settings['session_prefix'].'user_id'])) {
-	$tmp_user_id = $_SESSION[$settings['session_prefix'].'user_id'];
-} else {
-	$tmp_user_id = 0;
-}
-
-if(isset($id) && $id > 0)
-  {
-   $result=@mysqli_query($connid, "SELECT id, pid, tid, ft.user_id, UNIX_TIMESTAMP(ft.time + INTERVAL ".$time_difference." MINUTE) AS disp_time,
-                         UNIX_TIMESTAMP(ft.time) AS time, UNIX_TIMESTAMP(edited + INTERVAL ".$time_difference." MINUTE) AS edit_time,
-                         UNIX_TIMESTAMP(edited - INTERVAL ".$settings['edit_delay']." MINUTE) AS edited_diff, edited_by, name, email,
-                         subject, hp, location, ip, text, cache_text, tags, show_signature, category, locked, views, spam, spam_check_status, edit_key,
-                         user_name, user_type, user_email, email_contact, user_hp, user_location, signature, cache_signature, rst.user_id AS req_user
-                         FROM ".$db_settings['forum_table']." AS ft
-                         LEFT JOIN ".$db_settings['entry_cache_table']." ON ".$db_settings['entry_cache_table'].".cache_id=ft.id
-                         LEFT JOIN ".$db_settings['userdata_table']." ON ".$db_settings['userdata_table'].".user_id=ft.user_id
-                         LEFT JOIN ".$db_settings['userdata_cache_table']." ON ".$db_settings['userdata_cache_table'].".cache_id=".$db_settings['userdata_table'].".user_id
-                         LEFT JOIN ".$db_settings['read_status_table']." AS rst ON rst.posting_id = ft.id AND rst.user_id = ". intval($tmp_user_id) ."
-                         WHERE id = ".$id) or raise_error('database_error',mysqli_error($connid));
-
-   if(mysqli_num_rows($result) == 1)
-    {
-     $entrydata = mysqli_fetch_array($result);
-     mysqli_free_result($result);
-
-     $entrydata['formated_time'] = format_time($lang['time_format_full'],$entrydata['disp_time']);
-
-     // category of this posting accessible by user?
-     if(is_array($category_ids) && !in_array($entrydata['category'], $category_ids))
-      {
-       header("Location: index.php");
-       exit;
-      }
-
-	 if(isset($_SESSION[$settings['session_prefix'].'user_id'])) {
-		 // bookmark handling
-		 $user_id  = $_SESSION[$settings['session_prefix'].'user_id'];
-		 $bookmark_result = mysqli_query($connid, "SELECT TRUE AS 'bookmark' FROM ".$db_settings['bookmark_table']." WHERE `user_id` = ".intval($user_id)." AND `posting_id` = ".intval($id)."") or raise_error('database_error',mysqli_error($connid));
-		 $bookmark = mysqli_fetch_row($bookmark_result);
-		 mysqli_free_result($bookmark_result);
-		 if (isset($bookmark) && intval($bookmark) == 1)
-				$entrydata['bookmarkedby'] = intval($user_id);
-		 // read-status handling
-		 $rstatus = save_read_status($connid, $user_id, $id);
-	 }
-
-     if ($entrydata['req_user'] !== NULL and is_numeric($entrydata['req_user'])) {
-      $entrydata['is_read'] = true;
-     } else {
-      $entrydata['is_read'] = false;
-     }
-     $smarty->assign('is_read', $entrydata['is_read']);
-
-     if(isset($settings['count_views']) && $settings['count_views'] == 1) mysqli_query($connid, "UPDATE ".$db_settings['forum_table']." SET time=time, last_reply=last_reply, edited=edited, views=views+1 WHERE id=".$id);
-
-		if($entrydata['user_id'] > 0) {
-			if($settings['avatars']==2) {
-				$avatarInfo = getAvatar($entrydata['user_id']);
-				$avatar['image'] = $avatarInfo === false ? false : $avatarInfo[2];
-
-				if(isset($avatar) && $avatar['image'] !== false) {
-					$image_info = getimagesize($avatar['image']);
-					$avatar['width']  = $image_info[0];
-					$avatar['height'] = $image_info[1];
-					$smarty->assign('avatar', $avatar);
-				}
-			}
-
-			$entrydata['email'] = $entrydata['user_email'];
-			#$entrydata['email_contact'] = $userdata['email_contact'];
-			$entrydata['location'] = $entrydata['user_location'];
-			$entrydata['hp'] = $entrydata['user_hp'];
-		}
-		else 
-			$entrydata['email_contact']=1;
-   }
-   else
-    {
-     header("Location: index.php");
-     exit;
-    }
-  }
- else
-  {
-   header("Location: index.php");
-   exit;
-  }
-
- if($entrydata['cache_text']=='')
-  {
-   // no cached text so parse it and cache it:
-   $ftext = html_format($entrydata['text']);
-   // make sure not to make a double entry:
-   @mysqli_query($connid, "DELETE FROM ".$db_settings['entry_cache_table']." WHERE cache_id=".intval($entrydata['id']));
-   @mysqli_query($connid, "INSERT INTO ".$db_settings['entry_cache_table']." (cache_id, cache_text) VALUES (".intval($entrydata['id']).",'".mysqli_real_escape_string($connid, $ftext)."')");
-  }
- else
-  {
-   $ftext = $entrydata['cache_text'];
-  }
-
- if(isset($_REQUEST['ajax_preview']))
-  {
-   header('Content-Type: application/xml; charset=UTF-8');
-   echo '<?xml version="1.0"?>';
-   ?><posting><content><![CDATA[<?php echo $ftext; ?>]]></content><locked><?php echo $entrydata['locked']; ?></locked></posting><?php
-   exit;
-  }
-
- // thread-data:
- $thread = $entrydata['tid'];
- if($entrydata['spam']==1) $display_spam_query_and='';
- $result = mysqli_query($connid, "SELECT id, pid, tid, ft.user_id, UNIX_TIMESTAMP(ft.time) AS time, UNIX_TIMESTAMP(ft.time + INTERVAL ".$time_difference." MINUTE) AS disp_time,
-                        UNIX_TIMESTAMP(last_reply) AS last_reply, name, user_name, subject, category, marked, text, spam, rst.user_id AS req_user FROM ".$db_settings['forum_table']." AS ft
-                        LEFT JOIN ".$db_settings['userdata_table']." ON ".$db_settings['userdata_table'].".user_id=ft.user_id
-                        LEFT JOIN ".$db_settings['read_status_table']." AS rst ON rst.posting_id = ft.id AND rst.user_id = ". intval($tmp_user_id) ."
-                        WHERE tid = ".$thread.$display_spam_query_and." ORDER BY time ASC");
- if(!$result) raise_error('database_error',mysqli_error($connid));
-
- while($data = mysqli_fetch_array($result))
-  {
-   if($data['user_id']>0)
-    {
-     if(!$data['user_name']) $data['name'] = $lang['unknown_user'];
-     else $data['name'] = htmlspecialchars($data['user_name']);
-    }
-   else $data['name'] = htmlspecialchars($data['name']);
-   $data['subject'] = htmlspecialchars($data['subject']);
-   $data['formated_time'] = format_time($lang['time_format'],$data['disp_time']);
-   if ($data['req_user'] !== NULL and is_numeric($data['req_user'])) {
-       $data['is_read'] = true;
-      } else {
-       $data['is_read'] = false;
-      }
-   if($data['pid']==0)
-    {
-     if(isset($_SESSION[$settings['session_prefix'].'usersettings']['newtime']) && $_SESSION[$settings['session_prefix'].'usersettings']['newtime']<$data['last_reply'] || $last_visit && $data['last_reply'] > $last_visit) $data['new'] = true;
-     else $data['new'] = false;
-    }
-   else
-    { 
-     if(isset($_SESSION[$settings['session_prefix'].'usersettings']['newtime']) && $_SESSION[$settings['session_prefix'].'usersettings']['newtime']<$data['time'] || $last_visit && $data['time'] > $last_visit) $data['new'] = true;
-     else $data['new'] = false;
-    }
-   
-   if($data['text']=='') $data['no_text'] = true;
-   unset($data['text']);
-
-   if(isset($categories[$data['category']]) && $categories[$data['category']]!='') $data['category_name']=$categories[$data["category"]];
-   $data_array[$data['id']] = $data;
-   $child_array[$data['pid']][] =  $data['id'];
-   if($data['pid']==$id) $direct_replies[] = $data['id'];
-   $last = $data['id'];
-   if($data['pid']>$last) $last = $data['id'];
-  }
- if(isset($child_array))
-  {
-   $smarty->assign('child_array',$child_array);
-   get_thread_items($child_array, $entrydata['tid'], $entrydata['id']);
-   $thread_items_count = count($thread_items);
-   if($thread_items_count>1)
-    {
-     foreach($thread_items as $key => $val)
-      {
-       if($val==$entrydata['id']) $current_key = $key;
-      }
-     if($entrydata['id']!=$thread_items[0]) $smarty->assign('link_rel_first', 'index.php?id='.$thread_items[0]);
-     if(isset($thread_items[$current_key-1])) $smarty->assign('link_rel_prev', 'index.php?id='.$thread_items[$current_key-1]);
-     if(isset($thread_items[$current_key+1])) $smarty->assign('link_rel_next', 'index.php?id='.$thread_items[$current_key+1]);
-     if($entrydata['id']!=$thread_items[$thread_items_count-1]) $smarty->assign('link_rel_last', 'index.php?id='.$thread_items[$thread_items_count-1]);
-    }
-  }
-  
- mysqli_free_result($result);
-
-// tags:
-$tags = $entrydata['tags'];
-if($tags!='')
- {
-  $tags_help_array = explode(';',$tags);
-  $i=0;
-  foreach($tags_help_array as $tag)
-   {
-    if($tag!='')
-     {
-      if(my_strpos($tag, ' ', 0, $lang['charset'])) $tag_escaped='"'.$tag.'"';
-      else $tag_escaped = $tag;
-      $tags_array[$i]['escaped'] = urlencode($tag_escaped);
-      $tags_array[$i]['display'] = htmlspecialchars($tag);
-      $keywords[] = htmlspecialchars($tag);
-      $i++;
-     }
-   }
-  if(isset($tags_array)) $smarty->assign('tags',$tags_array);
-  if(isset($keywords)) $smarty->assign('keywords',implode(', ',$keywords));
- }
-
-$category = $category;
-$smarty->assign('id',intval($entrydata['id']));
-$smarty->assign('tid',intval($entrydata['tid']));
-$smarty->assign('pid',intval($entrydata['pid']));
-$smarty->assign('posting_user_id', intval($entrydata['user_id']));
-$smarty->assign('page_title',htmlspecialchars($entrydata['subject']));
-$smarty->assign('subject',htmlspecialchars($entrydata['subject']));
-
-if($entrydata['user_id']>0)
- {
-  if(!$entrydata['user_name']) $name = $lang['unknown_user'];
-  else $name = htmlspecialchars($entrydata['user_name']);
- }
-else $name = htmlspecialchars($entrydata['name']);
-
-$smarty->assign('name',$name);
-
-$smarty->assign('user_type', htmlspecialchars($entrydata['user_type']));
-$smarty->assign('disp_time', htmlspecialchars($entrydata['disp_time']));
-$smarty->assign('formated_time', htmlspecialchars($entrydata['formated_time']));
-$smarty->assign('locked', htmlspecialchars($entrydata['locked']));
-
-$ago['days'] = floor((TIMESTAMP - $entrydata['time'])/86400);
-$ago['hours'] = floor(((TIMESTAMP - $entrydata['time'])/3600)-($ago['days']*24));
-$ago['minutes'] = floor(((TIMESTAMP - $entrydata['time'])/60)-($ago['hours']*60+$ago['days']*1440));
-if($ago['hours']>12) $ago['days_rounded'] = $ago['days'] + 1;
-else $ago['days_rounded'] = $ago['days'];
-$smarty->assign('ago',$ago);
-
-$authorization = get_edit_authorization($id, $entrydata['user_id'], $entrydata['edit_key'], $entrydata['time'], $entrydata['locked']);
-if($authorization['edit']==true) $options['edit'] = true;
-if($authorization['delete']==true) $options['delete'] = true;
-
-if(isset($direct_replies)) $smarty->assign('direct_replies',$direct_replies);
-if($settings['count_views'] == 1)
- {
-  $views = $entrydata['views']-1; // this subtracts the first view by the author after posting
-  if($views<0) $views=0; // prevents negative number of views
-  $smarty->assign('views',$entrydata['views']);
- }
-$smarty->assign('ip',$entrydata['ip']);
-if($entrydata['spam']==1) $smarty->assign('spam',true);
-if (isset($categories[$entrydata["category"]]) && $categories[$entrydata['category']]!='')
- {
-  $smarty->assign('category_name',$categories[$entrydata["category"]]);
- }
-
-if(empty($entrydata['email_contact'])) $entrydata["email_contact"]=0;
-if ($entrydata['hp']!='')
- {
-  $entrydata['hp'] = add_http_if_no_protocol($entrydata['hp']);
-  $smarty->assign('hp',$entrydata["hp"]);
- }
-if($entrydata['email']!='' && $entrydata["email_contact"]==1) $smarty->assign('email',true);
-if($entrydata['location'] != '') $smarty->assign('location',htmlspecialchars($entrydata['location']));
-
-$subnav_link = array('mode'=>'index', 'name'=>'thread_entry_back_link', 'title'=>'thread_entry_back_title');
-
-// edited:
-if($entrydata["edited_diff"] > 0 && $entrydata["edited_diff"] > $entrydata["time"] && $settings['show_if_edited'] == 1)
- {
-  $smarty->assign('edited',true);
-  $smarty->assign('edit_time', htmlspecialchars($entrydata['edit_time']));
-  $entrydata['formated_edit_time'] = format_time($lang['time_format_full'],$entrydata['edit_time']);
-  $smarty->assign('formated_edit_time', htmlspecialchars($entrydata['formated_edit_time']));
-
-  if($entrydata['user_id'] == $entrydata['edited_by']) $edited_by = $name;
-  else
-   {
-    $result = @mysqli_query($connid, "SELECT user_name FROM ".$db_settings['userdata_table']." WHERE user_id = ".intval($entrydata['edited_by'])." LIMIT 1");
-    $edited_data = mysqli_fetch_array($result);
-    @mysqli_free_result($result);
-    if(!$edited_data['user_name']) $edited_by = $lang['unknown_user'];
-    else $edited_by = htmlspecialchars($edited_data['user_name']);
-   }
-  $smarty->assign('edited_by',$edited_by);
- }
-
-if(isset($entrydata['signature']) && $entrydata['signature'] != '' && $entrydata["show_signature"]==1)
- {
-  // user has a signature and wants it to be displayed in this posting. Check if it's already cached:
-  if($entrydata['cache_signature']!='')
-  {
-   $smarty->assign('signature',$entrydata['cache_signature']);
-  }
-  else
-  {
-   $signature = signature_format($entrydata['signature']);
-   // cache signature:
-   list($row_count) = @mysqli_fetch_row(mysqli_query($connid, "SELECT COUNT(*) FROM ".$db_settings['userdata_cache_table']." WHERE cache_id=".intval($entrydata['user_id'])));
-   if($row_count==1)
-    {
-     mysqli_query($connid, "UPDATE ".$db_settings['userdata_cache_table']." SET cache_signature='".mysqli_real_escape_string($connid, $signature)."' WHERE cache_id=".intval($entrydata['user_id']));
-    }
-   else
-    {
-     @mysqli_query($connid, "DELETE FROM ".$db_settings['userdata_cache_table']." WHERE cache_id=".intval($entrydata['user_id']));
-     @mysqli_query($connid, "INSERT INTO ".$db_settings['userdata_cache_table']." (cache_id, cache_signature, cache_profile) VALUES (".intval($entrydata['user_id']).",'".mysqli_real_escape_string($connid, $signature)."','')");
-    }
-   $smarty->assign('signature',$signature);
-  }
- }
-
-if(isset($branch)) $smarty->assign('branch',$branch);
-if(isset($data_array)) $smarty->assign("data",$data_array);
-$smarty->assign('posting',$ftext);
-$smarty->assign('subnav_link',$subnav_link);
-$smarty->assign('page',$page);
-$smarty->assign('order',$order);
-$smarty->assign('category',$category);
-if(isset($_SESSION[$settings['session_prefix'].'user_type']) && $_SESSION[$settings['session_prefix'].'user_type']>0) {
-	$options['move'] = true;
-	$options['lock'] = true;
-}
-if(isset($_SESSION[$settings['session_prefix'].'user_id'])) {
-	if (isset($entrydata['bookmarkedby']))
-		$options['delete_bookmark'] = true;
+	if (!defined('IN_INDEX')) {
+		header('Location: ../index.php');
+		exit;
+	}
+	
+	if (isset($_REQUEST['id']))
+		$id = intval($_REQUEST['id']);
+	else {
+		header('Location: index.php');
+		exit;
+	}
+	
+	if (isset($_GET['page']))
+		$page = intval($_GET['page']);
 	else
-		$options['add_bookmark'] = true;
-}
-if(isset($_SESSION[$settings['session_prefix'].'user_type']) && $_SESSION[$settings['session_prefix'].'user_type']>0 && $settings['akismet_key']!='' && $settings['akismet_entry_check']==1 && $entrydata['spam']==0 && $entrydata['spam_check_status']>0) $options['report_spam'] = true;
-if(isset($_SESSION[$settings['session_prefix'].'user_type']) && $_SESSION[$settings['session_prefix'].'user_type']>0 && $entrydata['spam']==1) $options['flag_ham'] = true;
-if(isset($options)) $smarty->assign('options', $options);
-$smarty->assign('subtemplate','entry.inc.tpl');
-$template = 'main.tpl';
-?>
+		$page = 1;
+	
+	if (isset($_GET['order']) && $_GET['order'] == 'last_reply')
+		$order = 'last_reply';
+	else
+		$order = 'time';
+	
+	if (isset($_SESSION[$settings['session_prefix'] . 'user_id'])) {
+		$tmp_user_id = $_SESSION[$settings['session_prefix'] . 'user_id'];
+	} else {
+		$tmp_user_id = 0;
+	}
+	
+	$isUser = isset($_SESSION[$settings['session_prefix'].'user_type']) && isset($_SESSION[$settings['session_prefix'].'user_id']);
+	$isModOrAdmin = $isUser && ($_SESSION[$settings['session_prefix'].'user_type'] == 1 || $_SESSION[$settings['session_prefix'].'user_type'] == 2);
+	
+	if (isset($id) && $id > 0) {
+		$result = @mysqli_query($connid, "SELECT ft.id, ft.pid, ft.tid, ft.user_id, UNIX_TIMESTAMP(ft.time + INTERVAL " . $time_difference . " MINUTE) AS disp_time,
+                         UNIX_TIMESTAMP(ft.time) AS time, UNIX_TIMESTAMP(edited) as etime, UNIX_TIMESTAMP(edited + INTERVAL " . $time_difference . " MINUTE) AS edit_time,
+                         UNIX_TIMESTAMP(edited - INTERVAL " . $settings['edit_delay'] . " MINUTE) AS edited_diff, edited_by, name, email,
+                         subject, hp, location, ip, text, cache_text, show_signature, category, locked, views, edit_key,
+                         user_name, user_type, user_email, email_contact, user_hp, user_location, signature, cache_signature, rst.user_id AS req_user,
+						 " . $db_settings['akismet_rating_table'] . ".spam AS akismet_spam, spam_check_status,
+						 " . $db_settings['b8_rating_table'] . ".spam AS b8_spam, training_type
+                         FROM " . $db_settings['forum_table'] . " AS ft
+                         LEFT JOIN " . $db_settings['entry_cache_table'] . " ON " . $db_settings['entry_cache_table'] . ".cache_id = ft.id
+                         LEFT JOIN " . $db_settings['userdata_table'] . " ON " . $db_settings['userdata_table'] . ".user_id = ft.user_id
+                         LEFT JOIN " . $db_settings['userdata_cache_table'] . " ON " . $db_settings['userdata_cache_table'] . ".cache_id = " . $db_settings['userdata_table'] . ".user_id
+                         LEFT JOIN " . $db_settings['read_status_table'] . " AS rst ON rst.posting_id = ft.id AND rst.user_id = " . intval($tmp_user_id) . "
+						 LEFT JOIN " . $db_settings['akismet_rating_table'] . " ON " . $db_settings['akismet_rating_table'] . ".eid = ft.id 
+						 LEFT JOIN " . $db_settings['b8_rating_table'] . " ON " . $db_settings['b8_rating_table'] . ".eid = ft.id 
+                         WHERE ft.id = " . intval($id)) or raise_error('database_error', mysqli_error($connid));
+
+		if (mysqli_num_rows($result) == 1) {
+			$entrydata = mysqli_fetch_array($result);
+			mysqli_free_result($result);
+			
+			$entrydata['ISO_time']      = format_time('YYYY-MM-dd HH:mm:ss', $entrydata['time']);
+			$entrydata['edit_ISO_time'] = format_time('YYYY-MM-dd HH:mm:ss', $entrydata['etime']);
+			$entrydata['formated_time'] = format_time($lang['time_format_full'], $entrydata['disp_time']);
+			$entrydata['tags']          = getEntryTags($id);
+			
+			// category of this posting accessible by user?
+			if (is_array($category_ids) && !in_array($entrydata['category'], $category_ids)) {
+				header("Location: index.php");
+				exit;
+			}
+			
+			if (isset($_SESSION[$settings['session_prefix'] . 'user_id'])) {
+				// bookmark handling
+				$user_id = $_SESSION[$settings['session_prefix'] . 'user_id'];
+				$bookmark_result = mysqli_query($connid, "SELECT TRUE AS 'bookmark' FROM " . $db_settings['bookmark_table'] . " WHERE `user_id` = " . intval($user_id) . " AND `posting_id` = " . intval($id) . "") or raise_error('database_error', mysqli_error($connid));
+				$bookmark = mysqli_fetch_row($bookmark_result);
+				mysqli_free_result($bookmark_result);
+				if (isset($bookmark) && intval($bookmark) == 1)
+					$entrydata['bookmarkedby'] = intval($user_id);
+				// read-status handling
+				$rstatus = save_read_status($connid, $user_id, $id);
+			}
+			
+			if ($entrydata['req_user'] !== NULL and is_numeric($entrydata['req_user']))
+				$entrydata['is_read'] = true;
+			else
+				$entrydata['is_read'] = false;
+			
+			$entrydata['spam'] = $entrydata['akismet_spam'] || $entrydata['b8_spam'] ? 1 : 0;
+
+			$smarty->assign('is_read', $entrydata['is_read']);
+			
+			if (isset($settings['count_views']) && $settings['count_views'] == 1)
+				mysqli_query($connid, "UPDATE " . $db_settings['forum_table'] . " SET time=time, last_reply=last_reply, edited=edited, views=views+1 WHERE id=" . $id);
+			
+			if ($entrydata['user_id'] > 0) {
+				if ($settings['avatars'] == 2) {
+					$avatarInfo      = getAvatar($entrydata['user_id']);
+					$avatar['image'] = $avatarInfo === false ? false : $avatarInfo[2];
+					
+					if (isset($avatar) && $avatar['image'] !== false) {
+						$image_info       = getimagesize($avatar['image']);
+						$avatar['width']  = $image_info[0];
+						$avatar['height'] = $image_info[1];
+						$smarty->assign('avatar', $avatar);
+					}
+				}
+				
+				$entrydata['email']    = $entrydata['user_email'];
+				$entrydata['location'] = $entrydata['user_location'];
+				$entrydata['hp']       = $entrydata['user_hp'];
+			} else
+				$entrydata['email_contact'] = 2;
+		} else {
+			header("Location: index.php");
+			exit;
+		}
+	} else {
+		header("Location: index.php");
+		exit;
+	}
+	
+	if ($entrydata['cache_text'] == '') {
+		// no cached text so parse it and cache it:
+		$ftext = html_format($entrydata['text']);
+		// make sure not to make a double entry:
+		@mysqli_query($connid, "DELETE FROM " . $db_settings['entry_cache_table'] . " WHERE cache_id=" . intval($entrydata['id']));
+		@mysqli_query($connid, "INSERT INTO " . $db_settings['entry_cache_table'] . " (cache_id, cache_text) VALUES (" . intval($entrydata['id']) . ",'" . mysqli_real_escape_string($connid, $ftext) . "')");
+	} else {
+		$ftext = $entrydata['cache_text'];
+	}
+	
+	if (isset($_REQUEST['ajax_preview'])) {
+		header('Content-Type: application/xml; charset=UTF-8');
+		echo '<?xml version="1.0"?>';
+?><posting><content><![CDATA[<?php
+		echo $ftext;
+?>]]></content><locked><?php
+		echo $entrydata['locked'];
+?></locked></posting><?php
+		exit;
+	}
+	
+	// Select data for thread-tree
+	$thread = $entrydata['tid'];
+	// Override spam variable, which was set in main.inc.php, to display current message in tree
+	if ($entrydata['spam'] == 1 && isset($id)) {
+		$spam_sql_and .= " OR ft.id = " . intval($id);
+	}
+	$entry_sql = 
+		"SELECT ft.id, ft.pid, ft.tid, ft.user_id, UNIX_TIMESTAMP(ft.time) AS time, UNIX_TIMESTAMP(ft.time + INTERVAL " . $time_difference . " MINUTE) AS disp_time, UNIX_TIMESTAMP(last_reply) AS last_reply, name, user_name, user_type, subject, category, marked, text, rst.user_id AS req_user, " . $db_settings['akismet_rating_table'] . ".spam AS akismet_spam, " . $db_settings['b8_rating_table'] . ".spam AS b8_spam, " . $db_settings['akismet_rating_table'] . ".spam_check_status AS akismet_checked, " . $db_settings['b8_rating_table'] . ".training_type AS b8_checked 
+		FROM " . $db_settings['forum_table'] . " AS ft LEFT JOIN " . $db_settings['userdata_table'] . " ON " . $db_settings['userdata_table'] . ".user_id = ft.user_id LEFT JOIN " . $db_settings['read_status_table'] . " AS rst ON rst.posting_id = ft.id AND rst.user_id = " . intval($tmp_user_id) . " LEFT JOIN " . $db_settings['akismet_rating_table'] . " ON " . $db_settings['akismet_rating_table'] . ".eid = ft.id LEFT JOIN " . $db_settings['b8_rating_table'] . " ON " . $db_settings['b8_rating_table'] . ".eid = ft.id 
+		LEFT JOIN (SELECT eid AS id FROM " . $db_settings['akismet_rating_table'] . " WHERE " . $db_settings['akismet_rating_table'] . ".spam = 1 UNION SELECT eid AS id FROM " . $db_settings['b8_rating_table'] . " WHERE " . $db_settings['b8_rating_table'] . ".spam = 1) AS spam_list ON spam_list.id = ft.id 
+		WHERE tid = " . $thread . $spam_sql_and . " ORDER BY time ASC";
+	$result = mysqli_query($connid, $entry_sql);
+
+	if (!$result)
+		raise_error('database_error', mysqli_error($connid));
+	
+	while ($data = mysqli_fetch_array($result)) {
+		if ($data['user_id'] > 0) {
+			if (!$data['user_name'])
+				$data['name'] = $lang['unknown_user'];
+			else
+				$data['name'] = htmlspecialchars($data['user_name']);
+		} else
+			$data['name'] = htmlspecialchars($data['name']);
+		
+		$data['subject']       = htmlspecialchars($data['subject']);
+		$data['formated_time'] = format_time($lang['time_format'], $data['disp_time']);
+		$data['ISO_time']      = format_time('YYYY-MM-dd HH:mm:ss', $data['time']);
+		
+		// set read or new status of messages
+		$data = getMessageStatus($data, $last_visit);
+		
+		if ($data['text'] == '')
+			$data['no_text'] = true;
+		unset($data['text']);
+		
+		if (isset($categories[$data['category']]) && $categories[$data['category']] != '')
+			$data['category_name'] = $categories[$data["category"]];
+		if ($data['pid'] == $id)
+			$direct_replies[] = $data['id'];
+		$last = $data['id'];
+		if ($data['pid'] > $last)
+			$last = $data['id'];
+		// set key 'not_classified_spam_ham' to decide, if an mod or admin should get notified about need of classification with an icon
+		if ((isset($_SESSION[$settings['session_prefix'].'user_id']) && isset($_SESSION[$settings['session_prefix'].'user_type']) && $_SESSION[$settings['session_prefix'].'user_type'] >= 1) && (($settings['akismet_entry_check'] == 1 && $data['akismet_checked'] == 0) || ($settings['b8_entry_check'] == 1 && $data['b8_checked'] == 0))) {
+		  $data['not_classified_spam_ham'] = 1;
+		} else {
+		  $data['not_classified_spam_ham'] = 0;
+		}
+		// flag spam
+		$data['spam'] = $data['akismet_spam'] || $data['b8_spam'] ? 1 : 0;
+		$data_array[$data['id']]     = $data;
+		$child_array[$data['pid']][] = $data['id'];
+	}
+	if (isset($child_array)) {
+		$smarty->assign('child_array', $child_array);
+		get_thread_items($child_array, $entrydata['tid'], $entrydata['id']);
+		$thread_items_count = count($thread_items);
+		if ($thread_items_count > 1) {
+			foreach ($thread_items as $key => $val) {
+				if ($val == $entrydata['id'])
+					$current_key = $key;
+			}
+			if ($entrydata['id'] != $thread_items[0])
+				$smarty->assign('link_rel_first', 'index.php?id=' . $thread_items[0]);
+			if (isset($current_key) && isset($thread_items[$current_key - 1]))
+				$smarty->assign('link_rel_prev', 'index.php?id=' . $thread_items[$current_key - 1]);
+			if (isset($current_key) && isset($thread_items[$current_key + 1]))
+				$smarty->assign('link_rel_next', 'index.php?id=' . $thread_items[$current_key + 1]);
+			if ($entrydata['id'] != $thread_items[$thread_items_count - 1])
+				$smarty->assign('link_rel_last', 'index.php?id=' . $thread_items[$thread_items_count - 1]);
+		}
+	}
+	
+	mysqli_free_result($result);
+	
+	// tags:
+	if (isset($entrydata['tags']) && $entrydata['tags']) {
+		$tags_array = array();
+		$i          = 0;
+		foreach ($entrydata['tags'] as $tag) {
+			if (my_strpos($tag, ' ', 0, $lang['charset']))
+				$tag_escaped = '"' . $tag . '"';
+			else
+				$tag_escaped = $tag;
+			
+			$tags_array[$i]['escaped'] = urlencode($tag_escaped);
+			$tags_array[$i]['display'] = htmlspecialchars($tag);
+			$keywords[]                = htmlspecialchars($tag);
+			$i++;
+		}
+		if (isset($tags_array) && !empty($tags_array))
+			$smarty->assign('tags', $tags_array);
+		if (isset($keywords) && !empty($keywords))
+			$smarty->assign('keywords', implode(', ', $keywords));
+	}
+	$category = $category;
+	$smarty->assign('id', intval($entrydata['id']));
+	$smarty->assign('tid', intval($entrydata['tid']));
+	$smarty->assign('pid', intval($entrydata['pid']));
+	$smarty->assign('posting_user_id', intval($entrydata['user_id']));
+	$smarty->assign('page_title', htmlspecialchars($entrydata['subject']));
+	$smarty->assign('subject', htmlspecialchars($entrydata['subject']));
+	
+	if ($entrydata['user_id'] > 0) {
+		if (!$entrydata['user_name'])
+			$name = $lang['unknown_user'];
+		else
+			$name = htmlspecialchars($entrydata['user_name']);
+	} else
+		$name = htmlspecialchars($entrydata['name']);
+	
+	$smarty->assign('name', $name);
+	
+	$smarty->assign('user_type', htmlspecialchars($entrydata['user_type']));
+	$smarty->assign('disp_time', htmlspecialchars($entrydata['disp_time']));
+	$smarty->assign('ISO_time',  htmlspecialchars($entrydata['ISO_time']));
+	$smarty->assign('formated_time', htmlspecialchars($entrydata['formated_time']));
+	$smarty->assign('locked', htmlspecialchars($entrydata['locked']));
+	
+	$ago['days']    = floor((TIMESTAMP - $entrydata['time']) / 86400);
+	$ago['hours']   = floor(((TIMESTAMP - $entrydata['time']) / 3600) - ($ago['days'] * 24));
+	$ago['minutes'] = floor(((TIMESTAMP - $entrydata['time']) / 60) - ($ago['hours'] * 60 + $ago['days'] * 1440));
+	if ($ago['hours'] > 12)
+		$ago['days_rounded'] = $ago['days'] + 1;
+	else
+		$ago['days_rounded'] = $ago['days'];
+	$smarty->assign('ago', $ago);
+	
+	$authorization = get_edit_authorization($id, $entrydata['user_id'], $entrydata['edit_key'], $entrydata['time'], $entrydata['locked']);
+	if ($authorization['edit'] == true)
+		$options['edit'] = true;
+	if ($authorization['delete'] == true)
+		$options['delete'] = true;
+	
+	if (isset($direct_replies))
+		$smarty->assign('direct_replies', $direct_replies);
+	if ($settings['count_views'] == 1) {
+		$views = $entrydata['views'] - 1; // this subtracts the first view by the author after posting
+		if ($views < 0)
+			$views = 0; // prevents negative number of views
+		$smarty->assign('views', $entrydata['views']);
+	}
+	$smarty->assign('ip', $entrydata['ip']);
+	if ($entrydata['akismet_spam'] == 1 || $entrydata['b8_spam'] == 1)
+		$smarty->assign('spam', true);
+	if (isset($categories[$entrydata["category"]]) && $categories[$entrydata['category']] != '') {
+		$smarty->assign('category_name', $categories[$entrydata["category"]]);
+	}
+	
+	if (empty($entrydata['email_contact']))
+		$entrydata["email_contact"] = 0;
+	if ($entrydata['hp'] != '') {
+		$entrydata['hp'] = add_http_if_no_protocol($entrydata['hp']);
+		$smarty->assign('hp', $entrydata["hp"]);
+	}
+	if ($entrydata['email'] != '' && ($isModOrAdmin || $isUser && $entrydata['email_contact'] > 0 || $entrydata['email_contact'] == 2))
+		$smarty->assign('email', true);
+	if ($entrydata['location'] != '')
+		$smarty->assign('location', htmlspecialchars($entrydata['location']));
+	
+	$subnav_link = array(
+		'mode' => 'index',
+		'name' => 'thread_entry_back_link',
+		'title' => 'thread_entry_back_title'
+	);
+	
+	// edited:
+	if ($entrydata["edited_diff"] > 0 && $entrydata["edited_diff"] > $entrydata["time"] && $settings['show_if_edited'] == 1) {
+		$smarty->assign('edited', true);
+		$smarty->assign('edit_time', htmlspecialchars($entrydata['edit_time']));
+		$smarty->assign('edit_ISO_time', htmlspecialchars($entrydata['edit_ISO_time']));
+		$entrydata['formated_edit_time'] = format_time($lang['time_format_full'], $entrydata['edit_time']);
+		$smarty->assign('formated_edit_time', htmlspecialchars($entrydata['formated_edit_time']));
+		
+		if ($entrydata['user_id'] == $entrydata['edited_by'])
+			$edited_by = $name;
+		else {
+			$result      = @mysqli_query($connid, "SELECT user_name FROM " . $db_settings['userdata_table'] . " WHERE user_id = " . intval($entrydata['edited_by']) . " LIMIT 1");
+			$edited_data = mysqli_fetch_array($result);
+			@mysqli_free_result($result);
+			if (!$edited_data['user_name'])
+				$edited_by = $lang['unknown_user'];
+			else
+				$edited_by = htmlspecialchars($edited_data['user_name']);
+		}
+		$smarty->assign('edited_by', $edited_by);
+	}
+	
+	if (isset($entrydata['signature']) && $entrydata['signature'] != '' && $entrydata["show_signature"] == 1) {
+		// user has a signature and wants it to be displayed in this posting. Check if it's already cached:
+		if ($entrydata['cache_signature'] != '') {
+			$smarty->assign('signature', $entrydata['cache_signature']);
+		} else {
+			$signature = signature_format($entrydata['signature']);
+			// cache signature:
+			list($row_count) = @mysqli_fetch_row(mysqli_query($connid, "SELECT COUNT(*) FROM " . $db_settings['userdata_cache_table'] . " WHERE cache_id=" . intval($entrydata['user_id'])));
+			if ($row_count == 1) {
+				mysqli_query($connid, "UPDATE " . $db_settings['userdata_cache_table'] . " SET cache_signature='" . mysqli_real_escape_string($connid, $signature) . "' WHERE cache_id=" . intval($entrydata['user_id']));
+			} else {
+				@mysqli_query($connid, "DELETE FROM " . $db_settings['userdata_cache_table'] . " WHERE cache_id=" . intval($entrydata['user_id']));
+				@mysqli_query($connid, "INSERT INTO " . $db_settings['userdata_cache_table'] . " (cache_id, cache_signature, cache_profile) VALUES (" . intval($entrydata['user_id']) . ",'" . mysqli_real_escape_string($connid, $signature) . "','')");
+			}
+			$smarty->assign('signature', $signature);
+		}
+	}
+	
+	if (isset($branch))
+		$smarty->assign('branch', $branch);
+	if (isset($data_array))
+		$smarty->assign("data", $data_array);
+	$smarty->assign('posting', $ftext);
+	$smarty->assign('subnav_link', $subnav_link);
+	$smarty->assign('page', $page);
+	$smarty->assign('order', $order);
+	$smarty->assign('category', $category);
+	if (isset($_SESSION[$settings['session_prefix'] . 'user_type']) && $_SESSION[$settings['session_prefix'] . 'user_type'] > 0) {
+		$options['move'] = true;
+		$options['lock'] = true;
+	}
+	if (isset($_SESSION[$settings['session_prefix'] . 'user_id'])) {
+		if (isset($entrydata['bookmarkedby']))
+			$options['delete_bookmark'] = true;
+		else
+			$options['add_bookmark'] = true;
+	}
+	if (isset($_SESSION[$settings['session_prefix'] . 'user_type']) && $_SESSION[$settings['session_prefix'] . 'user_type'] > 0) {
+		if (($settings['akismet_key'] != '' && $settings['akismet_entry_check'] == 1 && $entrydata['akismet_spam'] == 0 && $entrydata['spam_check_status'] > 0) || ($settings['b8_entry_check'] == 1 && $entrydata['b8_spam'] == 0 || $entrydata['training_type'] == 0))
+			$options['report_spam'] = true;
+		if (($settings['akismet_key'] != '' && $settings['akismet_entry_check'] == 1 && $entrydata['akismet_spam'] == 1 && $entrydata['spam_check_status'] > 0) || ($settings['b8_entry_check'] == 1 && $entrydata['b8_spam'] == 1 || $entrydata['training_type'] == 0))
+			$options['flag_ham'] = true;
+	}
+
+	if (isset($options))
+		$smarty->assign('options', $options);
+	$smarty->assign('subtemplate', 'entry.inc.tpl');
+	$template = 'main.tpl';
+
+?>

includes/index.inc.php

@@ -1,259 +1,245 @@
 <?php
-if(!defined('IN_INDEX'))
- {
-  header('Location: ../index.php');
-  exit;
- }
+if(!defined('IN_INDEX')) {
+	header('Location: ../index.php');
+	exit;
+}
 
-if(isset($_SESSION[$settings['session_prefix'].'user_id'])) {
+if (isset($_SESSION[$settings['session_prefix'].'user_id'])) {
 	$tmp_user_id = $_SESSION[$settings['session_prefix'].'user_id'];
 } else {
 	$tmp_user_id = 0;
 }
 
-if(isset($_SESSION[$settings['session_prefix'].'usersettings']['user_view'])) $user_view = $_SESSION[$settings['session_prefix'].'usersettings']['user_view'];
+if (isset($_SESSION[$settings['session_prefix'].'usersettings']['user_view'])) $user_view = $_SESSION[$settings['session_prefix'].'usersettings']['user_view'];
 else $user_view = $settings['default_view'];
 
-if(isset($_SESSION[$settings['session_prefix'].'usersettings']['fold_threads'])) $fold_threads = $_SESSION[$settings['session_prefix'].'usersettings']['fold_threads'];
-else $fold_threads = $settings['fold_threads'];
+if (isset($_SESSION[$settings['session_prefix'].'usersettings']['fold_threads'])) $fold_threads = (boolean) $_SESSION[$settings['session_prefix'].'usersettings']['fold_threads'];
+else $fold_threads = (boolean) $settings['fold_threads'];
 
-if(isset($_SESSION[$settings['session_prefix'].'usersettings']['thread_order']))
- {
-  if($_SESSION[$settings['session_prefix'].'usersettings']['thread_order']==0) $thread_order = 0;
-  else $thread_order = 1;
- }
-elseif(isset($_GET['thread_order']))
- {
-  if(isset($_GET['thread_order'])) $thread_order = 0;
-  else $thread_order = 1;
- }
+if (isset($_SESSION[$settings['session_prefix'].'usersettings']['thread_order'])) {
+	if ($_SESSION[$settings['session_prefix'].'usersettings']['thread_order'] == 0) $thread_order = 0;
+	else $thread_order = 1;
+} elseif (isset($_GET['thread_order'])) {
+	if (isset($_GET['thread_order'])) $thread_order = 0;
+	else $thread_order = 1;
+}
 else $thread_order = 0;
 
-if(isset($_SESSION[$settings['session_prefix'].'usersettings']['category'])) $category = intval($_SESSION[$settings['session_prefix'].'usersettings']['category']);
-elseif(isset($_GET['category'])) $category = intval($_GET['category']);
+if (isset($_SESSION[$settings['session_prefix'].'usersettings']['category'])) $category = intval($_SESSION[$settings['session_prefix'].'usersettings']['category']);
+elseif (isset($_GET['category'])) $category = intval($_GET['category']);
 else $category = 0;
 
-if(isset($_GET['page']))
- {
-  $page = intval($_GET['page']);
-  $_SESSION[$settings['session_prefix'].'usersettings']['page']=$page;
- }
-elseif(isset($_SESSION[$settings['session_prefix'].'usersettings']['page']))
- {
-  $page = intval($_SESSION[$settings['session_prefix'].'usersettings']['page']);
- }
-if(empty($page)) $page = 1;
+if (isset($_GET['page'])) {
+	$page = intval($_GET['page']);
+	$_SESSION[$settings['session_prefix'].'usersettings']['page']=$page;
+} elseif (isset($_SESSION[$settings['session_prefix'].'usersettings']['page'])) {
+	$page = intval($_SESSION[$settings['session_prefix'].'usersettings']['page']);
+}
+if (empty($page)) $page = 1;
 
-if($thread_order==0) $db_thread_order = 'time';
-else $db_thread_order = 'last_reply';
+if ($thread_order == 0) $db_thread_order = 'ft.time';
+else $db_thread_order = 'ft.last_reply';
 
 $_SESSION[$settings['session_prefix'].'usersettings']['current_page'] = $page;
 
-$descasc="DESC";
-$ul = ($page-1) * $settings['threads_per_page'];
+$descasc = "DESC";
+$ul = ($page - 1) * $settings['threads_per_page'];
 
 // database request
-if($categories == false) // no categories defined
- {
-  $result=mysqli_query($connid, "SELECT id, tid FROM ".$db_settings['forum_table']." WHERE pid = 0".$display_spam_query_and." ORDER BY sticky DESC, ".$db_thread_order." ".$descasc." LIMIT ".$ul.", ".$settings['threads_per_page']) or raise_error('database_error',mysqli_error($connid));
- }
-elseif(is_array($categories) && $category <= 0) // there are categories and all categories or category selection should be shown
- {
-  if(isset($category_selection_query) && $category==-1) // category selection
-   {
-    $category_ids_query = $category_selection_query;
-    $pid_result = mysqli_query($connid, "SELECT COUNT(*) FROM ".$db_settings['forum_table']." WHERE pid = 0".$display_spam_query_and." AND category IN (".$category_ids_query.")");
-    list($total_threads) = mysqli_fetch_row($pid_result);
-    mysqli_free_result($pid_result);
-   }
-  $result=mysqli_query($connid, "SELECT id, tid FROM ".$db_settings['forum_table']." WHERE pid = 0".$display_spam_query_and." AND category IN (".$category_ids_query.") ORDER BY sticky DESC, ".$db_thread_order." ".$descasc." LIMIT ".$ul.", ".$settings['threads_per_page']) or raise_error('database_error',mysqli_error($connid));
- }
-elseif(is_array($categories) && $category > 0) // there are categories and only one category should be shown
- {
-  if(in_array($category, $category_ids))
-   {
-    $result=mysqli_query($connid, "SELECT id, tid FROM ".$db_settings['forum_table']." WHERE category = '".mysqli_real_escape_string($connid, $category)."' AND pid = 0".$display_spam_query_and." ORDER BY sticky DESC, ".$db_thread_order." ".$descasc." LIMIT ".$ul.", ".$settings['threads_per_page']) or raise_error('database_error',mysqli_error($connid));
-    // how many entries?
-    $pid_result = mysqli_query($connid, "SELECT COUNT(*) FROM ".$db_settings['forum_table']." WHERE pid = 0".$display_spam_query_and." AND category = '".mysqli_real_escape_string($connid, $category)."'");
-    list($total_threads) = mysqli_fetch_row($pid_result);
-    mysqli_free_result($pid_result);
-   }
-  else // invalid category
-   {
-    header('Location: index.php');
-    exit;
-   }
- }
+if ($categories == false) {
+	// no categories defined
+	$page_threads_and = "";
+}
+elseif (is_array($categories)) {
+	$page_threads_and = "";
+	
+	if ($category > 0 && !in_array($category, $category_ids)) {  // $category_ids defined in main.inc.php
+		// invalid category
+		header('Location: index.php');
+		exit;
+	}
+	// there are categories and only one category should be shown
+	elseif ($category > 0 && in_array($category, $category_ids)) {
+		// how many entries?
+		$page_threads_and = " AND (sticky = 2 OR category = '". mysqli_real_escape_string($connid, $category) ."') ";
+	}
+	// there are categories and all categories or category selection should be shown
+	elseif ($category == -1 && isset($category_selection_query)) { // $category_selection_query defined in main.inc.php
+		// category selection
+		$category_ids_query = $category_selection_query;           // overwrite $category_ids_query, originally defined in main.inc.php
+		$page_threads_and = " AND (sticky = 2 OR category IN (". mysqli_real_escape_string($connid, $category_ids_query) .")) ";
+	}
+	elseif ($category == 0 && isset($category_ids_query)) { // $category_ids_query defined in main.inc.php
+		// show all categories (restricted to user type)
+		$page_threads_and = " AND (sticky = 2 OR category IN (". mysqli_real_escape_string($connid, $category_ids_query) .")) ";
+	}
+	
+	if (!empty($page_threads_and)) {
+		$pid_result_sql = 
+			"SELECT COUNT(*) FROM " . $db_settings['forum_table'] . " AS ft
+			LEFT JOIN (SELECT eid AS id FROM " . $db_settings['akismet_rating_table'] . " WHERE " . $db_settings['akismet_rating_table'] . ".spam = 1 UNION SELECT eid AS id FROM " . $db_settings['b8_rating_table'] . " WHERE " . $db_settings['b8_rating_table'] . ".spam = 1) AS spam_list ON spam_list.id = ft.id 
+			WHERE pid = 0";
+		$display_pid_result = $pid_result_sql . $spam_sql_and . $page_threads_and;  // $spam_sql_and defined in main.inc.php
+		
+		$pid_result = mysqli_query($connid, $display_pid_result);
+		list($total_threads) = mysqli_fetch_row($pid_result);
+		mysqli_free_result($pid_result);
+	}
+}
+
+$display_page_threads = 
+	"SELECT DISTINCT ft.tid, ft.sticky, ft.time, ft.last_reply FROM ".$db_settings['forum_table']." AS ft 
+	LEFT JOIN (SELECT id, tid FROM " . $db_settings['forum_table'] . " INNER JOIN " . $db_settings['akismet_rating_table'] . " ON " . $db_settings['forum_table'] . ".id = " . $db_settings['akismet_rating_table'] . ".eid WHERE " . $db_settings['akismet_rating_table'] . ".spam = 1 UNION SELECT id, tid FROM " . $db_settings['forum_table'] . " INNER JOIN " . $db_settings['b8_rating_table'] . " ON " . $db_settings['forum_table'] . ".id = " . $db_settings['b8_rating_table'] .".eid WHERE " . $db_settings['b8_rating_table'] . ".spam = 1) spam_list ON spam_list.tid = ft.id 
+	WHERE ft.pid = 0";  
+
+if ($show_spam) {
+	$page_spam = " AND spam_list.id IS NOT NULL";
+} else {
+	$page_spam = " AND IFNULL(spam_list.id, 0) <> ft.tid";
+}
+
+$page_threads_SQL = $display_page_threads . $page_spam . $page_threads_and . " ORDER BY sticky DESC, ". $db_thread_order ." ". $descasc ." LIMIT ". intval($ul) .", ". intval($settings['threads_per_page']);
+$result = mysqli_query($connid, $page_threads_SQL) or raise_error('database_error', mysqli_error($connid));
 
 $result_count = @mysqli_num_rows($result);
-if($result_count > 0)
- {
-  while($zeile = mysqli_fetch_array($result))
-   {
-    $thread_result = @mysqli_query($connid, "SELECT id, pid, tid, ft.user_id, user_type, UNIX_TIMESTAMP(ft.time) AS time, UNIX_TIMESTAMP(ft.time + INTERVAL ".intval($time_difference)." MINUTE) AS timestamp, UNIX_TIMESTAMP(last_reply) AS last_reply, name, user_name, subject, IF(text='',true,false) AS no_text, category, views, marked, locked, sticky, spam, rst.user_id AS req_user
-                                   FROM ".$db_settings['forum_table']." AS ft
-                                   LEFT JOIN ".$db_settings['userdata_table']." ON ".$db_settings['userdata_table'].".user_id=ft.user_id
-                                   LEFT JOIN ".$db_settings['read_status_table']." AS rst ON rst.posting_id = ft.id AND rst.user_id = ". intval($tmp_user_id) ."
-                                   WHERE tid = ".$zeile['tid'].$display_spam_query_and."
-                                   ORDER BY ft.time ASC") or raise_error('database_error',mysqli_error($connid));
+if ($result_count > 0) {
+	while ($zeile = mysqli_fetch_array($result)) {
 
-	// put result into arrays:
-    while($data = mysqli_fetch_array($thread_result))
-     {
-      // count replies:
-      if(!isset($replies[$data['tid']])) $replies[$data['tid']] = 0;
-      else ++$replies[$data['tid']];
-      
-	  // count number of views of single posting, if option is enabled
-      if($settings['count_views'] != 0) {
-        $data['views'] = max($data['views']-1, 0); // this subtracts the first view by the author after posting and prevents negative number of views
-		
-		// count total number of views of thread
-	    if(!isset($total_views[$data['tid']])) 
-			$total_views[$data['tid']] = 0;
-		$total_views[$data['tid']] += $data['views'];
-		
-       }
+		if ($show_spam) $thread_spam = "";
+		else $thread_spam = " AND spam_list.id IS NULL";
 
-      if($data['user_id']>0)
-       {
-        if(!$data['user_name']) $data['name'] = $lang['unknown_user'];
-        else $data['name'] = htmlspecialchars($data['user_name']);
-       }
-      else $data['name'] = htmlspecialchars($data['name']);
+		$thread_result_sql = 
+			"SELECT DISTINCT ft.id, ft.pid, ft.tid, ft.user_id, user_type, ft.time AS rawtime, UNIX_TIMESTAMP(ft.time) AS time, UNIX_TIMESTAMP(ft.time + INTERVAL ".intval($time_difference)." MINUTE) AS timestamp, UNIX_TIMESTAMP(last_reply) AS last_reply, name, user_name, subject, IF(text='',true,false) AS no_text, category, views, marked, locked, sticky, rst.user_id AS req_user, " . $db_settings['akismet_rating_table'] . ".spam AS akismet_spam, " . $db_settings['b8_rating_table'] . ".spam AS b8_spam, " . $db_settings['akismet_rating_table'] . ".spam_check_status AS akismet_checked, " . $db_settings['b8_rating_table'] . ".training_type AS b8_checked 
+			FROM ".$db_settings['forum_table']." AS ft LEFT JOIN ".$db_settings['userdata_table']." ON ".$db_settings['userdata_table'].".user_id = ft.user_id LEFT JOIN ".$db_settings['read_status_table']." AS rst ON rst.posting_id = ft.id AND rst.user_id = ". intval($tmp_user_id) ." LEFT JOIN " . $db_settings['akismet_rating_table'] . " ON " . $db_settings['akismet_rating_table'] . ".eid = ft.id LEFT JOIN " . $db_settings['b8_rating_table'] . " ON " . $db_settings['b8_rating_table'] . ".eid = ft.id 
+			LEFT JOIN (SELECT ".$db_settings['forum_table'].".id, ".$db_settings['forum_table'].".tid FROM ".$db_settings['forum_table']." INNER JOIN " . $db_settings['akismet_rating_table'] . " ON ".$db_settings['forum_table'].".id = " . $db_settings['akismet_rating_table'] . ".eid WHERE " . $db_settings['akismet_rating_table'] . ".spam = 1 UNION SELECT ".$db_settings['forum_table'].".id, ".$db_settings['forum_table'].".tid FROM ".$db_settings['forum_table']." INNER JOIN " . $db_settings['b8_rating_table'] . " ON ".$db_settings['forum_table'].".id = " . $db_settings['b8_rating_table'] . ".eid WHERE " . $db_settings['b8_rating_table'] . ".spam = 1) AS spam_list ON spam_list.id = ft.id 
+			WHERE ft.tid = ".$zeile['tid'] . $thread_spam . " 
+			ORDER BY rawtime ASC";
+			$thread_result = @mysqli_query($connid, $thread_result_sql) or raise_error('database_error', mysqli_error($connid));
 
-      $data['subject'] = htmlspecialchars($data['subject']);
-      if(isset($categories[$data['category']]) && $categories[$data['category']]!='') $data['category_name']=$categories[$data['category']];
-			if ($data['req_user'] !== NULL and is_numeric($data['req_user'])) {
-				$data['is_read'] = true;
-				$data['new'] = false;
-			} else {
-				if (isset($_SESSION[$settings['session_prefix'].'user_id'])) {
-					$data['is_read'] = false;
-					$data['new'] = true;
-				} else {
-					if (isset($_SESSION[$settings['session_prefix'].'usersettings']['newtime']) && $_SESSION[$settings['session_prefix'].'usersettings']['newtime'] < $data['time'] || ($last_visit && ($data['last_reply'] > $last_visit or $data['time'] > $last_visit))) {
-						$data['is_read'] = false;
-						$data['new'] = true;
-					} else {
-						$data['is_read'] = true;
-						$data['new'] = false;
-					}
-				}
+		// put result into arrays:
+		while ($data = mysqli_fetch_array($thread_result)) {
+			// count replies:
+			if (!isset($replies[$data['tid']])) $replies[$data['tid']] = 0;
+			else ++$replies[$data['tid']];
+			// count number of views of single posting, if option is enabled
+			if ($settings['count_views'] != 0) {
+				$data['views'] = max($data['views']-1, 0); // this subtracts the first view by the author after posting and prevents negative number of views
+				// count total number of views of thread
+				if (!isset($total_views[$data['tid']])) $total_views[$data['tid']] = 0;
+				$total_views[$data['tid']] += $data['views'];
 			}
 
-      // convert formated time to a utf-8:
-      $data['formated_time'] = format_time($lang['time_format'],$data['timestamp']);
+			if ($data['user_id'] > 0) {
+				if (!$data['user_name']) $data['name'] = $lang['unknown_user'];
+				else $data['name'] = htmlspecialchars($data['user_name']);
+			}
+			else 
+				$data['name'] = htmlspecialchars($data['name']);
 
-
-      if($data['pid']==0) $threads[] = $data['id'];
-      $data_array[$data['id']] = $data;
-      $child_array[$data['pid']][] =  $data['id'];
-     }
-    mysqli_free_result($thread_result);
-   }
-  @mysqli_free_result($result);
- }
+			$data['subject'] = htmlspecialchars($data['subject']);
+			if (isset($categories[$data['category']]) && $categories[$data['category']] != '') 
+				$data['category_name']=$categories[$data['category']];
+			// set read or new status of messages
+			$data = getMessageStatus($data, $last_visit, $fold_threads);
+			// convert formated time to a utf-8:
+			$data['formated_time'] = format_time($lang['time_format'], $data['timestamp']);
+			$data['ISO_time'] = format_time('YYYY-MM-dd HH:mm:ss', $data['time']);
+			// set key 'not_classified_spam_ham' to decide, if an mod or admin should get notified about need of classification with an icon
+			if ((isset($_SESSION[$settings['session_prefix'].'user_id']) && isset($_SESSION[$settings['session_prefix'].'user_type']) && $_SESSION[$settings['session_prefix'].'user_type'] >= 1) && (($settings['akismet_entry_check'] == 1 && $data['akismet_checked'] == 0) || ($settings['b8_entry_check'] == 1 && $data['b8_checked'] == 0))) {
+			  $data['not_classified_spam_ham'] = 1;
+			} else {
+			  $data['not_classified_spam_ham'] = 0;
+			}
+			// flag spam
+			$data['spam'] = $data['akismet_spam'] || $data['b8_spam'] ? 1 : 0;
+			if ($data['pid'] == 0) $threads[] = $data['id'];
+			$data_array[$data['id']] = $data;
+			$child_array[$data['pid']][] =  $data['id'];
+		}
+		mysqli_free_result($thread_result);
+	}
+	@mysqli_free_result($result);
+}
 
 // latest postings:
-if($settings['latest_postings']>0)
- {
-  if($categories == false)
-   {
-    $latest_postings_result = @mysqli_query($connid, "SELECT id, pid, tid, name, user_name, ft.user_id, UNIX_TIMESTAMP(ft.time) AS time, UNIX_TIMESTAMP(ft.time + INTERVAL ".intval($time_difference)." MINUTE) AS timestamp, UNIX_TIMESTAMP(last_reply) AS last_reply, subject, category, rst.user_id AS req_user
-                                            FROM ".$db_settings['forum_table']." AS ft
-                                            LEFT JOIN ".$db_settings['userdata_table']." ON ".$db_settings['userdata_table'].".user_id=ft.user_id
-                                            LEFT JOIN ".$db_settings['read_status_table']." AS rst ON rst.posting_id = ft.id AND rst.user_id = ". intval($tmp_user_id) ."
-                                            WHERE spam=0
-                                            ORDER BY ft.time DESC LIMIT ".$settings['latest_postings']) or raise_error('database_error',mysqli_error($connid));
-   }
-  else
-   {
-    if($category>0)
-     {
-      $latest_postings_result = @mysqli_query($connid, "SELECT id, pid, tid, name, user_name, ft.user_id, UNIX_TIMESTAMP(ft.time) AS time, UNIX_TIMESTAMP(ft.time + INTERVAL ".intval($time_difference)." MINUTE) AS timestamp, UNIX_TIMESTAMP(last_reply) AS last_reply, subject, category, rst.user_id AS req_user
-                                              FROM ".$db_settings['forum_table']." AS ft
-                                              LEFT JOIN ".$db_settings['userdata_table']." ON ".$db_settings['userdata_table'].".user_id=ft.user_id
-                                              LEFT JOIN ".$db_settings['read_status_table']." AS rst ON rst.posting_id = ft.id AND rst.user_id = ". intval($tmp_user_id) ."
-                                              WHERE spam=0 AND category = ".intval($category)."
-                                              ORDER BY ft.time DESC LIMIT ".$settings['latest_postings']) or raise_error('database_error',mysqli_error($connid));
-     }
-    else
-     {
-      $latest_postings_result = @mysqli_query($connid, "SELECT id, pid, tid, name, user_name, ft.user_id, UNIX_TIMESTAMP(ft.time) AS time, UNIX_TIMESTAMP(ft.time + INTERVAL ".intval($time_difference)." MINUTE) AS timestamp, UNIX_TIMESTAMP(last_reply) AS last_reply, subject, category, rst.user_id AS req_user
-                                              FROM ".$db_settings['forum_table']." AS ft
-                                              LEFT JOIN ".$db_settings['userdata_table']." ON ".$db_settings['userdata_table'].".user_id=ft.user_id
-                                              LEFT JOIN ".$db_settings['read_status_table']." AS rst ON rst.posting_id = ft.id AND rst.user_id = ". intval($tmp_user_id) ."
-                                              WHERE spam=0 AND category IN (".$category_ids_query.")
-                                              ORDER BY ft.time DESC LIMIT ".$settings['latest_postings']) or raise_error('database_error',mysqli_error($connid));
-     }
-   }
-  if(mysqli_num_rows($latest_postings_result)>0)
-   {
-    $i=0;
-    while($latest_postings_data = mysqli_fetch_array($latest_postings_result))
-     {
-      $latest_postings[$i]['id'] = intval($latest_postings_data['id']);
-      $latest_postings[$i]['tid'] = intval($latest_postings_data['tid']);
-      $latest_postings[$i]['pid'] = intval($latest_postings_data['pid']);
-      $latest_postings[$i]['subject'] = htmlspecialchars($latest_postings_data['subject']);
+if ($settings['latest_postings'] > 0) {
+	$latest_postings_body_sql = 
+		"SELECT ft.id, ft.pid, ft.tid, name, user_name, ft.user_id, UNIX_TIMESTAMP(ft.time) AS time, UNIX_TIMESTAMP(ft.time + INTERVAL ".intval($time_difference)." MINUTE) AS timestamp, UNIX_TIMESTAMP(last_reply) AS last_reply, subject, category, rst.user_id AS req_user, rst.time AS read_time
+		FROM ".$db_settings['forum_table']." AS ft LEFT JOIN ".$db_settings['userdata_table']." ON ".$db_settings['userdata_table'].".user_id = ft.user_id LEFT JOIN ".$db_settings['read_status_table']." AS rst ON rst.posting_id = ft.id AND rst.user_id = ". intval($tmp_user_id) ."
+		LEFT JOIN (SELECT eid AS id FROM " . $db_settings['akismet_rating_table'] . " WHERE " . $db_settings['akismet_rating_table'] . ".spam = 1 UNION SELECT eid AS id FROM " . $db_settings['b8_rating_table'] . " WHERE " . $db_settings['b8_rating_table'] . ".spam = 1) AS spam_list ON spam_list.id = ft.id WHERE spam_list.id IS NULL";
+	$latest_postings_order_by_sql = " ORDER BY ft.time DESC LIMIT " . $settings['latest_postings'];		
+	if ($categories == false) {
+		$latest_postings_category_sql = "";		
+	} else {
+		if ($category > 0) {
+			$latest_postings_category_sql = " AND category = " . intval($category);		
+		} else {
+			$latest_postings_category_sql = " AND category IN (". mysqli_real_escape_string($connid, $category_ids_query) .")";		
+		}
+	}
+	$latest_postings_sql = $latest_postings_body_sql . $latest_postings_category_sql . $latest_postings_order_by_sql;
+	$latest_postings_result = @mysqli_query($connid, $latest_postings_sql) or raise_error('database_error', mysqli_error($connid));
 
-      if($latest_postings_data['user_id']>0)
-       {
-        if(!$latest_postings_data['user_name']) $latest_postings[$i]['name'] = $lang['unknown_user'];
-        else $latest_postings[$i]['name'] = htmlspecialchars($latest_postings_data['user_name']);
-       }
-      else
-       {
-        $latest_postings[$i]['name'] = htmlspecialchars($latest_postings_data['name']);
-       }
-      if ($latest_postings_data['req_user'] !== NULL and is_numeric($latest_postings_data['req_user'])) {
-       $latest_postings[$i]['is_read'] = true;
-      } else {
-       $latest_postings[$i]['is_read'] = false;
-      }
+	if (mysqli_num_rows($latest_postings_result) > 0) {
+		$i = 0;
+		while ($latest_postings_data = mysqli_fetch_array($latest_postings_result)) {
+			$latest_postings[$i]['id'] = intval($latest_postings_data['id']);
+			$latest_postings[$i]['tid'] = intval($latest_postings_data['tid']);
+			$latest_postings[$i]['pid'] = intval($latest_postings_data['pid']);
+			$latest_postings[$i]['subject'] = htmlspecialchars($latest_postings_data['subject']);
 
-      $latest_postings[$i]['timestamp'] = $latest_postings_data['timestamp'];
-      $latest_postings[$i]['formated_time'] = format_time($lang['time_format'],$latest_postings_data['timestamp']);
-      if(isset($categories[$latest_postings_data['category']]) && $categories[$latest_postings_data['category']]!='') $latest_postings[$i]['category_name']=$categories[$latest_postings_data['category']];
+			if ($latest_postings_data['user_id'] > 0) {
+				if (!$latest_postings_data['user_name']) $latest_postings[$i]['name'] = $lang['unknown_user'];
+				else $latest_postings[$i]['name'] = htmlspecialchars($latest_postings_data['user_name']);
+			} else {
+				$latest_postings[$i]['name'] = htmlspecialchars($latest_postings_data['name']);
+			}
+			if ($latest_postings_data['req_user'] !== NULL and is_numeric($latest_postings_data['req_user'])) {
+				$latest_postings[$i]['is_read'] = true;
+			} else {
+				$latest_postings[$i]['is_read'] = false;
+			}
 
-      $ago['days'] = floor((TIMESTAMP - $latest_postings_data['time'])/86400);
-      $ago['hours'] = floor(((TIMESTAMP - $latest_postings_data['time'])/3600)-($ago['days']*24));
-      $ago['minutes'] = floor(((TIMESTAMP - $latest_postings_data['time'])/60)-($ago['hours']*60+$ago['days']*1440));
-      if($ago['hours']>12) $ago['days_rounded'] = $ago['days'] + 1;
-      else $ago['days_rounded'] = $ago['days'];
-      $latest_postings[$i]['ago'] = $ago;
-      $i++;
-     }
-    $smarty->assign('latest_postings',$latest_postings);
-   }
-  mysqli_free_result($latest_postings_result);
- }
+			$latest_postings[$i]['timestamp'] = $latest_postings_data['timestamp'];
+			$latest_postings[$i]['formated_time'] = format_time($lang['time_format'], $latest_postings_data['timestamp']);
+			if (isset($categories[$latest_postings_data['category']]) && $categories[$latest_postings_data['category']] != '') $latest_postings[$i]['category_name'] = $categories[$latest_postings_data['category']];
+
+			$ago['days'] = floor((TIMESTAMP - $latest_postings_data['time']) / 86400);
+			$ago['hours'] = floor(((TIMESTAMP - $latest_postings_data['time']) / 3600) - ($ago['days'] * 24));
+			$ago['minutes'] = floor(((TIMESTAMP - $latest_postings_data['time']) / 60) - ($ago['hours'] * 60 + $ago['days'] * 1440));
+			if ($ago['hours'] > 12) $ago['days_rounded'] = $ago['days'] + 1;
+			else $ago['days_rounded'] = $ago['days'];
+			$latest_postings[$i]['ago'] = $ago;
+			$i++;
+		}
+		$smarty->assign('latest_postings',$latest_postings);
+	}
+	mysqli_free_result($latest_postings_result);
+}
 
 // Check for unlock users
-if(isset($_SESSION[$settings['session_prefix'].'user_id']) && isset($_SESSION[$settings['session_prefix'].'user_type']) && $_SESSION[$settings['session_prefix'].'user_type'] >= 1) {
+if (isset($_SESSION[$settings['session_prefix'].'user_id']) && isset($_SESSION[$settings['session_prefix'].'user_type']) && $_SESSION[$settings['session_prefix'].'user_type'] >= 1) {
 	// Pruefe, ob es registrierte aber bisher nicht freigeschaltete Accounts gibt (Anz. der Logins == 0 && Lock-Status == TRUE)
-	$unlocked_user_result = mysqli_query($connid, "SELECT count(*) AS 'non_activated_users' FROM ".$db_settings['userdata_table']." WHERE `logins` = 0 AND `user_lock` = 1 AND `activate_code` = '' AND (SELECT TRUE FROM ".$db_settings['settings_table']." WHERE `name` = 'register_mode' AND `value` = 1) = TRUE") or raise_error('database_error',mysqli_error($connid));
-	if(mysqli_num_rows($unlocked_user_result) > 0 && $row = mysqli_fetch_assoc($unlocked_user_result)) {
+	$unlocked_user_result = mysqli_query($connid, "SELECT count(*) AS 'non_activated_users' FROM ".$db_settings['userdata_table']." WHERE logins = 0 AND user_lock = 1 AND activate_code = '' AND (SELECT TRUE FROM ".$db_settings['settings_table']." WHERE name = 'register_mode' AND value = 1) = TRUE") or raise_error('database_error', mysqli_error($connid));
+	if (mysqli_num_rows($unlocked_user_result) > 0 && $row = mysqli_fetch_assoc($unlocked_user_result)) {
 		$smarty->assign('number_of_non_activated_users', intval($row['non_activated_users']));
 	}
 	mysqli_free_result($unlocked_user_result);
 }
- 
+
 // tag cloud:
-if($settings['tag_cloud']==1) $smarty->assign("tag_cloud",tag_cloud($settings['tag_cloud_day_period'],$settings['tag_cloud_scale_min'],$settings['tag_cloud_scale_max']));
+if ($settings['tag_cloud'] == 1) $smarty->assign("tag_cloud", tag_cloud($settings['tag_cloud_day_period'], $settings['tag_cloud_scale_min'], $settings['tag_cloud_scale_max']));
 
 $page_count = ceil($total_threads / $settings['threads_per_page']);
 
 $subnav_link = array('mode'=>'posting', 'title'=>'new_topic_link_title', 'name'=>'new_topic_link');
 
-if(isset($data_array)) $smarty->assign('data',$data_array);
-#if(isset($tree)) $smarty->assign("tree",$tree);
-if(isset($threads)) {
-	$smarty->assign("threads",$threads);
-	$smarty->assign('replies',$replies);
+if (isset($data_array)) $smarty->assign('data', $data_array);
+if (isset($threads)) {
+	$smarty->assign("threads", $threads);
+	$smarty->assign('replies', $replies);
 	if (isset($total_views))
-		$smarty->assign('total_views',$total_views);
+		$smarty->assign('total_views', $total_views);
 }
 if(isset($child_array)) $smarty->assign("child_array",$child_array);
 
@@ -268,25 +254,32 @@ $smarty->assign("thread_order",$thread_order);
 $smarty->assign("descasc",$descasc);
 $smarty->assign('fold_threads',$fold_threads);
 
-if($category!=0) $cqsa = '&amp;category='.$category;
+if ($category != 0) $cqsa = '&amp;category='.$category;
 else $cqsa = '';
-if($page>1)
- {
-  $smarty->assign('link_rel_first', 'index.php?mode=index&amp;page=1'.$cqsa);
-  $smarty->assign('link_rel_prev', 'index.php?mode=index&amp;page='.($page-1).$cqsa);
- }
-if($page<$page_count)
- {
-  $smarty->assign('link_rel_next', 'index.php?mode=index&amp;page='.($page+1).$cqsa);
-  $smarty->assign('link_rel_last', 'index.php?mode=index&amp;page='.$page_count.$cqsa); 
- }
+if ($page > 1) {
+	$smarty->assign('link_rel_first', 'index.php?mode=index&amp;page=1'.$cqsa);
+	$smarty->assign('link_rel_prev', 'index.php?mode=index&amp;page='.($page-1).$cqsa);
+}
+if ($page < $page_count) {
+	$smarty->assign('link_rel_next', 'index.php?mode=index&amp;page='.($page+1).$cqsa);
+	$smarty->assign('link_rel_last', 'index.php?mode=index&amp;page='.$page_count.$cqsa);
+}
 
-if($total_spam>0 && !isset($_SESSION[$settings['session_prefix'].'usersettings']['show_spam'])) $smarty->assign('show_spam_link',true);
-elseif($total_spam>0 && isset($_SESSION[$settings['session_prefix'].'usersettings']['show_spam'])) $smarty->assign('hide_spam_link',true);
-if($total_spam>0) $smarty->assign('delete_spam_link',true);
+// check if SPAM exists and show a link to switch between HAM and SPAM threads
+if ($total_spam > 0) {
+	if (!isset($_SESSION[$settings['session_prefix'].'usersettings']['show_spam'])) 
+		$smarty->assign('show_spam_link', true);
+	else //if(isset($_SESSION[$settings['session_prefix'].'usersettings']['show_spam'])) 
+		$smarty->assign('hide_spam_link',true);
+	$smarty->assign('delete_spam_link', true);
+}
+// if no SPAM exists but the option to show SPAM threads is enabled, remove this option
+elseif(isset($_SESSION[$settings['session_prefix'].'usersettings']['show_spam'])) {
+	unset($_SESSION[$settings['session_prefix'].'usersettings']['show_spam']);
+}
 
-$smarty->assign("subnav_link",$subnav_link);
-if($user_view==1) $smarty->assign('subtemplate','index_table.inc.tpl');
-else $smarty->assign('subtemplate','index.inc.tpl');
+$smarty->assign("subnav_link", $subnav_link);
+if ($user_view == 1) $smarty->assign('subtemplate', 'index_table.inc.tpl');
+else $smarty->assign('subtemplate', 'index.inc.tpl');
 $template = 'main.tpl';
 ?>

includes/insert_flash.inc.php

@@ -1,9 +0,0 @@
-<?php
-if(!defined('IN_INDEX'))
- {
-  header('Location: ../index.php');
-  exit;
- }
-
-if($settings['bbcode_flash']==1) $template = 'insert_flash.tpl';
-?>

includes/js_defaults.inc.php

@@ -1,28 +1,26 @@
 <?php
-if(!defined('IN_INDEX'))
- {
-  header('Location: ../index.php');
-  exit;
- }
+if (!defined('IN_INDEX')) {
+	header('Location: ../index.php');
+	exit;
+}
 
-if(isset($_SESSION[$settings['session_prefix'].'usersettings']['theme']) && $smarty->templateExists($_SESSION[$settings['session_prefix'].'usersettings']['theme'].'/main.tpl')) $theme = $_SESSION[$settings['session_prefix'].'usersettings']['theme'];
+if (isset($_SESSION[$settings['session_prefix'].'usersettings']['theme']) && $smarty->templateExists($_SESSION[$settings['session_prefix'].'usersettings']['theme'].'/main.tpl')) $theme = $_SESSION[$settings['session_prefix'].'usersettings']['theme'];
 else $theme = $settings['theme'];
 
 $theme_config = parse_ini_file('./'.THEMES_DIR.'/'.$theme.'/js_config.ini');
 
-if(isset($_GET['user_type'])) $user_type = intval($_GET['user_type']); 
-if(isset($user_type) && $user_type > 2) unset($user_type);
+if (isset($_GET['user_type'])) $user_type = intval($_GET['user_type']);
+if (isset($user_type) && $user_type > 2) unset($user_type);
 
 $smarty->configLoad($language_file, 'general');
 $lang = $smarty->getConfigVars();
 
-if($settings['ajax_preview'])
- {
-  $template = 'ajax_preview.tpl';
-  $smarty->assign('theme',$theme);
-  $ajax_preview_structure = $smarty->fetch($theme.'/'.$template);
-  $ajax_preview_structure = addslashes(preg_replace("/\015\012|\015|\012/", "", $ajax_preview_structure));
- }
+if ($settings['ajax_preview']) {
+	$template = 'ajax_preview.tpl';
+	$smarty->assign('theme', $theme);
+	$ajax_preview_structure = $smarty->fetch($theme.'/'.$template);
+	$ajax_preview_structure = addslashes(preg_replace("/\015\012|\015|\012/", "", $ajax_preview_structure));
+}
 
 $expires = 2592000; // 30 days
 header("Pragma: public");
@@ -31,11 +29,11 @@ header('Expires: ' . gmdate('D, d M Y H:i:s', TIMESTAMP + $expires) . ' GMT');
 header('Content-type: application/javascript');
 
 ?>var lang = new Array();
-<?php if($settings['ajax_preview']): ?>
-lang["ajax_preview_title"] =               "<?php echo addslashes($lang['ajax_preview_title']); ?>";
-lang["close"] =                            "<?php echo addslashes($lang['close']); ?>";
-lang["no_text"] =                          "<?php echo addslashes($lang['no_text']); ?>";
-lang["reply_link"] =                       "<?php echo addslashes($lang['reply_link']); ?>";
+<?php if ($settings['ajax_preview']): ?>
+	lang["ajax_preview_title"] =               "<?php echo addslashes($lang['ajax_preview_title']); ?>";
+	lang["close"] =                            "<?php echo addslashes($lang['close']); ?>";
+	lang["no_text"] =                          "<?php echo addslashes($lang['no_text']); ?>";
+	lang["reply_link"] =                       "<?php echo addslashes($lang['reply_link']); ?>";
 <?php endif; ?>
 lang["fold_threads"] =                     "<?php echo addslashes($lang['fold_threads']); ?>";
 lang["fold_threads_linktitle"] =           "<?php echo addslashes($lang['fold_threads_linktitle']); ?>";
@@ -45,43 +43,43 @@ lang["expand_fold_thread_linktitle"] =     "<?php echo addslashes($lang['expand_
 lang["fold_posting_title"] =               "<?php echo addslashes($lang['fold_posting_title']); ?>";
 lang["fold_postings"] =                    "<?php echo addslashes($lang['fold_postings']); ?>";
 lang["fold_postings_title"] =              "<?php echo addslashes($lang['fold_postings_title']); ?>";
+lang["show_password_title"] =              "<?php echo addslashes($lang['show_password_title']); ?>";
+lang["hide_password_title"] =              "<?php echo addslashes($lang['hide_password_title']); ?>";
 <?php if(isset($user_type) && $user_type >= 0): ?>
-lang["drag_and_drop_title"] =              "<?php echo addslashes($lang['drag_and_drop_title']); ?>";
+	lang["drag_and_drop_title"] =              "<?php echo addslashes($lang['drag_and_drop_title']); ?>";
 <?php endif; ?>
 <?php if($settings['entries_by_users_only']==0 || isset($user_type)): ?>
-lang["quote_label"] =                      "<?php echo addslashes($lang['quote_label']); ?>";
-lang["quote_title"] =                      "<?php echo addslashes($lang['quote_title']); ?>";
-<?php if($settings['bbcode']): ?>
-lang["bbcode_link_text"] =                 "<?php echo addslashes($lang['bbcode_link_text']); ?>";
-lang["bbcode_link_url"] =                  "<?php echo addslashes($lang['bbcode_link_url']); ?>";
-lang["bbcode_image_url"] =                 "<?php echo addslashes($lang['bbcode_image_url']); ?>";
-<?php if($settings['bbcode_tex']): ?>
-<?php endif; ?>
-lang["bbcode_tex_code"] =                  "<?php echo addslashes($lang['bbcode_tex_code']); ?>";
-<?php endif; ?>
-<?php if($settings['smilies']): ?>
-lang["more_smilies_label"] =               "<?php echo addslashes($lang['more_smilies_label']); ?>";
-lang["more_smilies_title"] =               "<?php echo addslashes($lang['more_smilies_title']); ?>";
-<?php endif; ?>
-lang["error_no_name"] =                    "<?php echo addslashes($lang['error_no_name']); ?>";
-lang["error_no_subject"] =                 "<?php echo addslashes($lang['error_no_subject']); ?>";
-lang["error_no_text"] =                    "<?php echo addslashes($lang['error_no_text']); ?>";
-lang["terms_of_use_error_posting"] =       "<?php echo addslashes($lang['terms_of_use_error_posting']); ?>";
+	lang["quote_label"] =                      "<?php echo addslashes($lang['quote_label']); ?>";
+	lang["quote_title"] =                      "<?php echo addslashes($lang['quote_title']); ?>";
+	<?php if($settings['bbcode']): ?>
+		lang["bbcode_link_text"] =                 "<?php echo addslashes($lang['bbcode_link_text']); ?>";
+		lang["bbcode_link_url"] =                  "<?php echo addslashes($lang['bbcode_link_url']); ?>";
+		lang["bbcode_image_url"] =                 "<?php echo addslashes($lang['bbcode_image_url']); ?>";
+	<?php endif; ?>
+	<?php if($settings['bbcode_latex'] && !empty($settings['bbcode_latex_uri'])): ?>
+		lang["bbcode_tex_code"] =                  "<?php echo addslashes($lang['bbcode_tex_code']); ?>";
+	<?php endif; ?>
+	<?php if($settings['smilies']): ?>
+		lang["more_smilies_label"] =               "<?php echo addslashes($lang['more_smilies_label']); ?>";
+		lang["more_smilies_title"] =               "<?php echo addslashes($lang['more_smilies_title']); ?>";
+	<?php endif; ?>
+	lang["error_no_name"] =                    "<?php echo addslashes($lang['error_no_name']); ?>";
+	lang["error_no_subject"] =                 "<?php echo addslashes($lang['error_no_subject']); ?>";
+	lang["error_no_text"] =                    "<?php echo addslashes($lang['error_no_text']); ?>";
+	lang["terms_of_use_error_posting"] =       "<?php echo addslashes($lang['terms_of_use_error_posting']); ?>";
 <?php endif; ?>
 <?php if(isset($user_type) && $user_type==0 && $settings['user_edit']>0 || !isset($user_type) && $settings['user_edit']==2): ?>
-lang["delete_posting_confirm"] =           "<?php echo addslashes($lang['delete_posting_confirm']); ?>";
+	lang["delete_posting_confirm"] =           "<?php echo addslashes($lang['delete_posting_confirm']); ?>";
 <?php elseif(isset($user_type) && $user_type>0): ?>
-lang["delete_posting_confirm"] =           "<?php echo addslashes($lang['delete_posting_replies_confirm']); ?>";
+	lang["delete_posting_confirm"] =           "<?php echo addslashes($lang['delete_posting_replies_confirm']); ?>";
 <?php endif; ?>
 <?php if(isset($user_type) && $user_type>0): ?>
-lang["mark_linktitle"] =                   "<?php echo addslashes($lang['mark_linktitle']); ?>";
-lang["unmark_linktitle"] =                 "<?php echo addslashes($lang['unmark_linktitle']); ?>";
+	lang["mark_linktitle"] =                   "<?php echo addslashes($lang['mark_linktitle']); ?>";
+	lang["unmark_linktitle"] =                 "<?php echo addslashes($lang['unmark_linktitle']); ?>";
 <?php endif; ?>
 <?php if(isset($user_type) && $user_type==2): ?>
-lang["check_all"] =                        "<?php echo addslashes($lang['check_all']); ?>";
-lang["uncheck_all"] =                      "<?php echo addslashes($lang['uncheck_all']); ?>";
-lang["delete_backup_confirm"] =            "<?php echo addslashes($lang['delete_backup_confirm']); ?>";
-lang["delete_sel_backup_confirm"] =        "<?php echo addslashes($lang['delete_sel_backup_confirm']); ?>";
+	lang["check_all"] =                        "<?php echo addslashes($lang['check_all']); ?>";
+	lang["uncheck_all"] =                      "<?php echo addslashes($lang['uncheck_all']); ?>";
 <?php endif; ?>
 
 var settings = new Array();
@@ -95,29 +93,46 @@ settings["expand_thread_inactive_image"] = "<?php echo $theme_config['expand_thr
 settings["terms_of_use_popup_width"] =     <?php echo $theme_config['terms_of_use_popup_width']; ?>;
 settings["terms_of_use_popup_height"] =    <?php echo $theme_config['terms_of_use_popup_height']; ?>;
 <?php endif; ?>
-<?php if($settings['ajax_preview']): ?>
+<?php if ($settings['ajax_preview']): ?>
 settings["ajaxPreviewStructure"] =         "<?php echo $ajax_preview_structure; ?>";
 settings["ajax_preview_image"] =           "<?php echo $theme_config['ajax_preview_image']; ?>";
 settings["ajax_preview_throbber_image"] =  "<?php echo $theme_config['ajax_preview_throbber_image']; ?>";
 settings["ajax_preview_onmouseover"] =     <?php echo ($settings['ajax_preview'] > 1 ? 'true':'false'); ?>;
 <?php endif; ?>
-<?php if(isset($user_type) && $user_type>0 && $settings['upload_images'] > 0 || isset($user_type) && $settings['upload_images'] > 1 || $settings['upload_images']>2): ?>
+<?php if (isset($user_type) && $user_type>0 && $settings['upload_images'] > 0 || isset($user_type) && $settings['upload_images'] > 1 || $settings['upload_images'] > 2): ?>
 settings["upload_popup_width"] =           <?php echo $theme_config['upload_popup_width']; ?>;
 settings["upload_popup_height"] =          <?php echo $theme_config['upload_popup_height']; ?>;
 <?php endif; ?>
-<?php if($settings['bbcode_flash']): ?>
-settings["flash_popup_width"] =            <?php echo $theme_config['flash_popup_width']; ?>;
-settings["flash_popup_height"] =           <?php echo $theme_config['flash_popup_height']; ?>;
-<?php endif; ?>
-<?php if(isset($user_type) && $settings['avatars']): ?>
+<?php if (isset($user_type) && $settings['avatars']): ?>
 settings["avatar_popup_width"] =           <?php echo $theme_config['avatar_popup_width']; ?>;
 settings["avatar_popup_height"] =          <?php echo $theme_config['avatar_popup_height']; ?>;
 <?php endif; ?>
-<?php if(isset($user_type) && $user_type>0): ?>
+<?php if (isset($user_type) && $user_type > 0): ?>
 settings["mark_process_image"] =           "<?php echo $theme_config['mark_process_image']; ?>";
 settings["marked_image"] =                 "<?php echo $theme_config['marked_image']; ?>";
 settings["unmarked_image"] =               "<?php echo $theme_config['unmarked_image']; ?>";
 <?php endif; ?>
+<?php if (!empty($settings['link_open_target']) && (in_array($settings['link_open_target'], ['_self', '_parent', '_top']) || preg_match("/^[a-z]{1}[a-z0-9\-\_]{1,254}$/iu", $settings['link_open_target']))): ?>
+settings["forum_based_link_target"] =      "<?php echo $settings['link_open_target']; ?>";
+<?php else: ?>
+settings["forum_based_link_target"] =      "";
+<?php endif; ?>
+
+<?php if (isset ($_SESSION[$settings['session_prefix'].'usersettings']['browser_window_target'])): ?>
+var user_settings = new Array();
+	<?php if ($_SESSION[$settings['session_prefix'].'usersettings']['browser_window_target'] == 1): ?>
+user_settings["open_links_in_new_window"] = "NONE";
+	<?php elseif ($_SESSION[$settings['session_prefix'].'usersettings']['browser_window_target'] == 2): ?>
+user_settings["open_links_in_new_window"] = "EXTERNAL";
+	<?php elseif ($_SESSION[$settings['session_prefix'].'usersettings']['browser_window_target'] == 3): ?>
+user_settings["open_links_in_new_window"] = "ALL";
+	<?php else: ?>
+user_settings["open_links_in_new_window"] = "DEFAULT";
+	<?php endif; ?>
+<?php else: ?>
+var user_settings = new Array();
+user_settings["open_links_in_new_window"] = "DEFAULT";
+<?php endif; ?>
 
 <?php if(isset($theme_config['preload'])): ?>
 var preload = new Array();

includes/login.inc.php

@@ -1,327 +1,390 @@
 <?php
-if(!defined('IN_INDEX'))
- {
-  header('Location: ../index.php');
-  exit;
- }
+if(!defined('IN_INDEX')) {
+	header('Location: ../index.php');
+	exit;
+}
 
-if(isset($_REQUEST['action'])) $action = $_REQUEST['action'];
-if(isset($_POST['pwf_submit'])) $action = 'pw_forgotten_submitted';
+if (isset($_REQUEST['action'])) $action = $_REQUEST['action'];
+if (isset($_POST['pwf_submit'])) $action = 'pw_forgotten_submitted';
+if (isset($_POST['sort_of_agreement']) && $_POST['sort_of_agreement'] === 'dps_agreement') $action = 'dps_agreement';
+if (isset($_POST['sort_of_agreement']) && $_POST['sort_of_agreement'] === 'tou_agreement') $action = 'tou_agreement';
 
 // import posted or got username and password:
-if(isset($_POST['username']) && trim($_POST['username'])!='') $request_username = $_POST['username'];
-elseif(isset($_GET['username']) && trim($_GET['username'])!='') $request_username = $_GET['username'];
-if(isset($_POST['userpw']) && trim($_POST['userpw'])!='') $request_userpw = $_POST['userpw'];
-elseif(isset($_GET['userpw']) && trim($_GET['userpw'])!='') $request_userpw = $_GET['userpw'];
+if (isset($_POST['username']) && trim($_POST['username']) != '') $request_username = $_POST['username'];
+elseif (isset($_GET['username']) && trim($_GET['username']) != '') $request_username = $_GET['username'];
+if (isset($_POST['userpw']) && trim($_POST['userpw']) != '') $request_userpw = $_POST['userpw'];
+elseif (isset($_GET['userpw']) && trim($_GET['userpw']) != '') $request_userpw = $_GET['userpw'];
 
 // look if session is active, if not: login
-if(isset($_SESSION[$settings['session_prefix'].'user_id']) && empty($action))
- {
-  $action = "logout";
- }
-elseif(empty($_SESSION[$settings['session_prefix'].'user_id']) && isset($request_username) && isset($request_userpw))
- {
-  $action = "do_login";
- }
-elseif(empty($_SESSION[$settings['session_prefix'].'user_id']) && empty($action) && empty($_GET['activate']))
- {
-  $action = "login";
- }
-elseif(empty($_SESSION[$settings['session_prefix'].'user_id']) && empty($action) && isset($_GET['activate']))
- {
-  $action = "activate";
- }
+if (isset($_SESSION[$settings['session_prefix'].'user_id']) && empty($action)) {
+	$action = "logout";
+}
+elseif (empty($_SESSION[$settings['session_prefix'].'user_id']) && isset($request_username) && isset($request_userpw)) {
+	$action = "do_login";
+}
+elseif (empty($_SESSION[$settings['session_prefix'].'user_id']) && empty($action) && empty($_GET['activate'])) {
+	$action = "login";
+}
+elseif (empty($_SESSION[$settings['session_prefix'].'user_id']) && empty($action) && isset($_GET['activate'])) {
+	$action = "activate";
+}
 
-if(isset($_GET['login_message'])) $smarty->assign('login_message',$_GET['login_message']);
+if (isset($_GET['login_message'])) $smarty->assign('login_message', $_GET['login_message']);
 
 // clear failed logins and check if there are failed logins from this ip:
 // a value greater than zero is interpreted as time in minutes.
-if($settings['temp_block_ip_after_repeated_failed_logins'] > 0)
- {
-  @mysqli_query($connid, "DELETE FROM ".$db_settings['login_control_table']." WHERE time < (NOW()-INTERVAL (SELECT CONVERT(`value`,UNSIGNED INTEGER) FROM ".$db_settings['settings_table']." WHERE `name` = 'temp_block_ip_after_repeated_failed_logins') MINUTE)");
-  $failed_logins_result = @mysqli_query($connid, "SELECT logins FROM ".$db_settings['login_control_table']." WHERE ip='".mysqli_real_escape_string($connid, $_SERVER["REMOTE_ADDR"])."'");
-  if(mysqli_num_rows($failed_logins_result)==1)
-   {
-    $data = mysqli_fetch_array($failed_logins_result);
-    if($data['logins']>=3) $action = 'ip_temporarily_blocked';
-   }
-  mysqli_free_result($failed_logins_result);
- }
+if ($settings['temp_block_ip_after_repeated_failed_logins'] > 0) {
+	@mysqli_query($connid, "DELETE FROM ".$db_settings['login_control_table']." WHERE time < (NOW()-INTERVAL (SELECT CONVERT(`value`, UNSIGNED INTEGER) FROM ".$db_settings['settings_table']." WHERE `name` = 'temp_block_ip_after_repeated_failed_logins') MINUTE)");
+	$failed_logins_result = @mysqli_query($connid, "SELECT logins FROM ".$db_settings['login_control_table']." WHERE ip='". mysqli_real_escape_string($connid, $_SERVER["REMOTE_ADDR"]) ."'");
+	if (mysqli_num_rows($failed_logins_result) == 1) {
+		$data = mysqli_fetch_array($failed_logins_result);
+		if ($data['logins'] >= 3) $action = 'ip_temporarily_blocked';
+	}
+	mysqli_free_result($failed_logins_result);
+}
 
-switch ($action)
- {
-  case "do_login":
-   if(isset($request_username) && isset($request_userpw))
-    {
-     $result = mysqli_query($connid, "SELECT user_id, user_name, user_pw, user_type, UNIX_TIMESTAMP(last_login) AS last_login, UNIX_TIMESTAMP(last_logout) AS last_logout, thread_order, user_view, sidebar, fold_threads, thread_display, category_selection, auto_login_code, activate_code, language, time_zone, time_difference, theme FROM ".$db_settings['userdata_table']." WHERE lower(user_name) = '".mysqli_real_escape_string($connid, my_strtolower($request_username, $lang['charset']))."'") or raise_error('database_error',mysqli_error($connid));
-     if (mysqli_num_rows($result) == 1)
-      {
-       $feld = mysqli_fetch_array($result);
+switch ($action) {
+	case "do_login":
+		if (isset($request_username) && isset($request_userpw)) {
+			$result = mysqli_query($connid, "SELECT user_id, user_name, user_pw, user_type, UNIX_TIMESTAMP(last_login) AS last_login, UNIX_TIMESTAMP(last_logout) AS last_logout, thread_order, user_view, sidebar, fold_threads, thread_display, browser_window_target, category_selection, auto_login_code, activate_code, language, time_zone, time_difference, theme, tou_accepted, dps_accepted FROM ".$db_settings['userdata_table']." WHERE lower(user_name) = '". mysqli_real_escape_string($connid, my_strtolower($request_username, $lang['charset'])) ."'") or raise_error('database_error', mysqli_error($connid));
+			if (mysqli_num_rows($result) == 1) {
+				$feld = mysqli_fetch_array($result);
+				if (is_pw_correct($request_userpw, $feld['user_pw'])) {
+					if (!empty($feld["activate_code"]) && trim($feld["activate_code"]) != '') {
+						header("location: index.php?mode=login&login_message=account_not_activated");
+						exit;
+					}
 
-       if(is_pw_correct($request_userpw,$feld['user_pw']))
-        {
-         if(trim($feld["activate_code"]) != '')
-          {
-           header("location: index.php?mode=login&login_message=account_not_activated");
-           exit;
-          }
+					if (isset($_POST['autologin_checked']) && isset($settings['autologin']) && $settings['autologin'] == 1) {
+						if (strlen($feld['auto_login_code']) != 50) {
+							$auto_login_code = random_string(50);
+						} else {
+							$auto_login_code = $feld['auto_login_code'];
+						}
+						$auto_login_code_cookie = $auto_login_code . intval($feld['user_id']);
+						setcookie($settings['session_prefix'].'auto_login', $auto_login_code_cookie, cookie_options(TIMESTAMP + (3600 * 24 * $settings['cookie_validity_days'])));
+						$save_auto_login = true;
+					} else {
+						setcookie($settings['session_prefix'].'auto_login', '', cookie_options(0));
+					}
+					$user_id = $feld["user_id"];
+					$user_name = $feld["user_name"];
+					$user_type = $feld["user_type"];
+					$usersettings['newtime'] = $feld['last_logout'];
+					$usersettings['user_view'] = $feld['user_view'];
+					$usersettings['thread_order'] = $feld['thread_order'];
+					$usersettings['sidebar'] = $feld['sidebar'];
+					$usersettings['fold_threads'] = $feld['fold_threads'];
+					$usersettings['thread_display'] = $feld['thread_display'];
+					$usersettings['page'] = 1;
+					$usersettings['category'] = 0;
+					$usersettings['latest_postings'] = 1;
+					$usersettings['browser_window_target'] = $feld['browser_window_target'];
+					if (!is_null($feld['category_selection'])) {
+						$category_selection = explode(',',$feld['category_selection']);
+						$usersettings['category_selection'] = $category_selection;
+					}
+					if($feld['language'] != '') {
+						$languages = get_languages();
+						if (isset($languages) && in_array($feld['language'], $languages)) {
+							$usersettings['language'] = $feld['language'];
+							$language_update = $feld['language'];
+						}
+					}
+					if (empty($language_update)) $language_update = '';
 
-         if(isset($_POST['autologin_checked']) && isset($settings['autologin']) && $settings['autologin'] == 1)
-          {
-           if(strlen($feld['auto_login_code'])!=50)
-            {
-             $auto_login_code = random_string(50);
-            }
-           else
-            {
-             $auto_login_code = $feld['auto_login_code'];
-            }
-           $auto_login_code_cookie = $auto_login_code . intval($feld['user_id']);
-           setcookie($settings['session_prefix'].'auto_login',$auto_login_code_cookie,TIMESTAMP+(3600*24*$settings['cookie_validity_days']));
-           $save_auto_login = true;
-          }
-         else
-          {
-           setcookie($settings['session_prefix'].'auto_login','',0);
-          }
-         $user_id = $feld["user_id"];
-         $user_name = $feld["user_name"];
-         $user_type = $feld["user_type"];
-         #$usersettings['view'] = $feld["user_view"];
-         $usersettings['newtime'] = $feld['last_logout'];
-         $usersettings['user_view'] = $feld['user_view'];
-         $usersettings['thread_order'] = $feld['thread_order'];
-         $usersettings['sidebar'] = $feld['sidebar'];
-         $usersettings['fold_threads'] = $feld['fold_threads'];
-         $usersettings['thread_display'] = $feld['thread_display'];
-         $usersettings['page'] = 1;
-         $usersettings['category'] = 0;
-         $usersettings['latest_postings'] = 1;
-         if(!is_null($feld['category_selection']))
-          {
-           $category_selection = explode(',',$feld['category_selection']);
-           $usersettings['category_selection'] = $category_selection;
-          }
-         if($feld['language']!='')
-          {
-           $languages = get_languages();
-           if(isset($languages) && in_array($feld['language'], $languages))
-            {
-             $usersettings['language'] = $feld['language'];
-             $language_update = $feld['language'];
-            }
-          }
-         if(empty($language_update)) $language_update = '';
+					if ($feld['theme'] != '') {
+						$themes = get_themes();
+						if (isset($themes) && in_array($feld['theme'], $themes)) {
+							$usersettings['theme'] = $feld['theme'];
+							$theme_update = $feld['theme'];
+						}
+					}
+					if (empty($theme_update)) $theme_update = '';
 
-         if($feld['theme']!='')
-          {
-           $themes = get_themes();
-           if(isset($themes) && in_array($feld['theme'], $themes))
-            {
-             $usersettings['theme'] = $feld['theme'];
-             $theme_update = $feld['theme'];
-            }
-          }
-         if(empty($theme_update)) $theme_update = '';
+					if ($feld['time_zone'] != '') {
+						if (function_exists('date_default_timezone_set') && $time_zones = get_timezones()) {
+							if (in_array($feld['time_zone'], $time_zones)) {
+								$usersettings['time_zone'] = $feld['time_zone'];
+								$time_zone_update = $feld['time_zone'];
+							}
+						}
+					}
+					if (empty($time_zone_update)) $time_zone_update = '';
 
-         if($feld['time_zone']!='')
-          {
-           if(function_exists('date_default_timezone_set') && $time_zones = get_timezones())
-            {
-             if(in_array($feld['time_zone'], $time_zones))
-              {
-               $usersettings['time_zone'] = $feld['time_zone'];
-               $time_zone_update = $feld['time_zone'];
-              }
-            }
-          }
-         if(empty($time_zone_update)) $time_zone_update = '';
+					if (!empty($feld['time_difference'])) $usersettings['time_difference'] = $feld['time_difference'];
 
-         if(!empty($feld['time_difference'])) $usersettings['time_difference'] = $feld['time_difference'];
+					if (isset($read)) $read_before_logged_in = $read; // get read postings from cookie (read before logged in)
 
-         if(isset($read)) $read_before_logged_in = $read; // get read postings from cookie (read before logged in)
+					$_SESSION[$settings['session_prefix'].'user_id'] = $user_id;
+					$_SESSION[$settings['session_prefix'].'user_name'] = $user_name;
+					$_SESSION[$settings['session_prefix'].'user_type'] = $user_type;
+					$_SESSION[$settings['session_prefix'].'usersettings'] = $usersettings;
 
-         $_SESSION[$settings['session_prefix'].'user_id'] = $user_id;
-         $_SESSION[$settings['session_prefix'].'user_name'] = $user_name;
-         $_SESSION[$settings['session_prefix'].'user_type'] = $user_type;
-         $_SESSION[$settings['session_prefix'].'usersettings'] = $usersettings;
+					if(isset($save_auto_login)) {
+						@mysqli_query($connid, "UPDATE ".$db_settings['userdata_table']." SET logins = logins + 1, last_login = NOW(), last_logout = NOW(), inactivity_notification = FALSE, user_ip = '". mysqli_real_escape_string($connid, $_SERVER['REMOTE_ADDR']) ."', auto_login_code = '". mysqli_real_escape_string($connid, $auto_login_code) ."', pwf_code = '', language = '". mysqli_real_escape_string($connid, $language_update) ."', time_zone = '". mysqli_real_escape_string($connid, $time_zone_update) ."', theme = '". mysqli_real_escape_string($connid, $theme_update) ."' WHERE user_id = ". intval($user_id));
+					} else {
+						@mysqli_query($connid, "UPDATE ".$db_settings['userdata_table']." SET logins = logins + 1, last_login = NOW(), last_logout = NOW(), inactivity_notification = FALSE, user_ip = '". mysqli_real_escape_string($connid, $_SERVER['REMOTE_ADDR']) ."', pwf_code = '', language = '". mysqli_real_escape_string($connid, $language_update) ."', time_zone = '". mysqli_real_escape_string($connid, $time_zone_update) ."', theme = '". mysqli_real_escape_string($connid, $theme_update) ."' WHERE user_id = ".intval($user_id));
+					}
 
-         if(isset($save_auto_login))
-          {
-           @mysqli_query($connid, "UPDATE ".$db_settings['userdata_table']." SET logins=logins+1, last_login=NOW(), last_logout=NOW(), user_ip='".mysqli_real_escape_string($connid, $_SERVER['REMOTE_ADDR'])."', auto_login_code='".mysqli_real_escape_string($connid, $auto_login_code)."', pwf_code='', language='".mysqli_real_escape_string($connid, $language_update)."', time_zone='".mysqli_real_escape_string($connid, $time_zone_update)."', theme='".mysqli_real_escape_string($connid, $theme_update)."' WHERE user_id=".intval($user_id));
-          }
-         else
-          {
-           @mysqli_query($connid, "UPDATE ".$db_settings['userdata_table']." SET logins=logins+1, last_login=NOW(), last_logout=NOW(), user_ip='".mysqli_real_escape_string($connid, $_SERVER['REMOTE_ADDR'])."', pwf_code='', language='".mysqli_real_escape_string($connid, $language_update)."', time_zone='".mysqli_real_escape_string($connid, $time_zone_update)."', theme='".mysqli_real_escape_string($connid, $theme_update)."' WHERE user_id=".intval($user_id));
-          }
+					if ($db_settings['useronline_table'] != "") {
+						@mysqli_query($connid, "DELETE FROM ".$db_settings['useronline_table']." WHERE ip = '". mysqli_real_escape_string($connid, $_SERVER['REMOTE_ADDR']) ."'");
+					}
 
-         // auto delete spam:
-         if($user_type>0 && $settings['auto_delete_spam']>0) @mysqli_query($connid, "DELETE FROM ".$db_settings['forum_table']." WHERE time < (NOW() - INTERVAL ".$settings['auto_delete_spam']." HOUR) AND spam=1");
+					if ($settings['data_privacy_agreement'] == 1 && $feld['dps_accepted'] === NULL) {
+						$redir = 'index.php?mode=login&action=dps';
+					} else if ($settings['terms_of_use_agreement'] == 1 && $feld['tou_accepted'] === NULL) {
+						$redir = 'index.php?mode=login&action=tou';
+					} else if (isset($_SESSION[$settings['session_prefix'].'last_visited_uri'])) {
+						$redir = $_SESSION[$settings['session_prefix'].'last_visited_uri'];
+					} else if (isset($_POST['back']) && isset($_POST['id'])) {
+						$redir = 'index.php?mode='.$_POST['back'].'&id='.$_POST['id'].'&back=entry';
+					} elseif (isset($_POST['back'])) {
+						$redir = 'index.php?mode='.$_POST['back'];
+					} elseif (isset($_POST['id'])) {
+						$redir = 'index.php?id='.$_POST['id'].'&back=entry';
+					} else {
+						$redir = 'index.php';
+					}
 
-         if ($db_settings['useronline_table'] != "")
-          {
-           @mysqli_query($connid, "DELETE FROM ".$db_settings['useronline_table']." WHERE ip = '".$_SERVER['REMOTE_ADDR']."'");
-          }
+					header('Location: '.$redir);
+					exit;
+				} else {
+					if ($settings['temp_block_ip_after_repeated_failed_logins'] > 0) count_failed_logins();
+					$action = 'login';
+					$login_message = 'login_failed';
+				}
+			} else {
+				if ($settings['temp_block_ip_after_repeated_failed_logins'] > 0) count_failed_logins();
+				$action = 'login';
+				$login_message = 'login_failed';
+			}
+		} else {
+			if ($settings['temp_block_ip_after_repeated_failed_logins'] > 0) count_failed_logins();
+			$action = 'login';
+			$login_message = 'login_failed';
+		}
+	break;
+	case "logout":
+		log_out($_SESSION[$settings['session_prefix'].'user_id']);
+		header("location: index.php");
+		exit;
+	break;
+	case "dps":
+		// the user has to accept (again) the data privacy statement
+		if ($settings['data_privacy_agreement'] == 1 && isset($_SESSION[$settings['session_prefix'].'user_id'])) {
+			// user is logged in and accepting of the data privacy statement is necessary
+			$resultDPS = mysqli_query($connid, "SELECT dps_accepted, tou_accepted FROM ".$db_settings['userdata_table']." WHERE user_id = ". intval($_SESSION[$settings['session_prefix'].'user_id'])) or raise_error('database_error', mysqli_error($connid));
+			$feld = mysqli_fetch_assoc($resultDPS);
+			if ($feld['dps_accepted'] === NULL) {
+				// display the form for accepting the data privacy statement
+				$action = 'show_dps';
+			} else {
+				// data privacy statement was accepted before, redirect
+				if ($settings['terms_of_use_agreement'] == 1 && $feld['tou_accepted'] === NULL) {
+					$redir = 'index.php?mode=login&action=tou';
+				} else if (isset($_SESSION[$settings['session_prefix'].'last_visited_uri'])) {
+					$redir = $_SESSION[$settings['session_prefix'].'last_visited_uri'];
+				} else {
+					$redir = 'index.php';
+				}
+				header('Location: '.$redir);
+				exit;
+			}
+		} else {
+			// redirect to the index view
+			header("location: index.php");
+			exit;
+		}
+	break;
+	case "tou":
+		// the user has to accept (again) the terms of use
+		if ($settings['terms_of_use_agreement'] == 1 && isset($_SESSION[$settings['session_prefix'].'user_id'])) {
+			// user is logged in and accepting of the terms of use agreement is necessary
+			$resultTOU = mysqli_query($connid, "SELECT dps_accepted, tou_accepted FROM ".$db_settings['userdata_table']." WHERE user_id = ". intval($_SESSION[$settings['session_prefix'].'user_id'])) or raise_error('database_error', mysqli_error($connid));
+			$feld = mysqli_fetch_assoc($resultTOU);
+			if ($feld['tou_accepted'] === NULL) {
+				// display the form for accepting the terms of use agreement
+				$action = 'show_tou';
+			} else {
+				// terms of use agreement was accepted before, redirect
+				if ($settings['data_privacy_agreement'] == 1 && $feld['dps_accepted'] === NULL) {
+					$redir = 'index.php?mode=login&action=dps';
+				} else if (isset($_SESSION[$settings['session_prefix'].'last_visited_uri'])) {
+					$redir = $_SESSION[$settings['session_prefix'].'last_visited_uri'];
+				} else {
+					$redir = 'index.php';
+				}
+				header('Location: '.$redir);
+				exit;
+			}
+		} else {
+			// redirect to the index view
+			header("location: index.php");
+			exit;
+		}
+	break;
+	case "dps_agreement":
+		if ($settings['data_privacy_agreement'] == 1 && isset($_POST['agreed']) && isset($_SESSION[$settings['session_prefix'].'user_id'])) {
+			$resultDPS = mysqli_query($connid, "SELECT dps_accepted, tou_accepted FROM ".$db_settings['userdata_table']." WHERE user_id = ". intval($_SESSION[$settings['session_prefix'].'user_id'])) or raise_error('database_error', mysqli_error($connid));
+			$feld = mysqli_fetch_assoc($resultDPS);
+			if ($feld['dps_accepted'] === NULL) {
+				$writeDPS = mysqli_query($connid, "UPDATE ".$db_settings['userdata_table']." SET dps_accepted = NOW() WHERE user_id = ". intval($_SESSION[$settings['session_prefix'].'user_id'])) or raise_error('database_error', mysqli_error($connid));
+			}
+			// data privacy statement got accepted, redirect
+			if ($settings['terms_of_use_agreement'] == 1 && $feld['tou_accepted'] === NULL) {
+				$redir = 'index.php?mode=login&action=tou';
+			} else if (isset($_SESSION[$settings['session_prefix'].'last_visited_uri'])) {
+				$redir = $_SESSION[$settings['session_prefix'].'last_visited_uri'];
+			} else {
+				$redir = 'index.php';
+			}
+			header('Location: '.$redir);
+			exit;
+		} else {
+			if (isset($_SESSION[$settings['session_prefix'].'last_visited_uri'])) {
+				$redir = $_SESSION[$settings['session_prefix'].'last_visited_uri'];
+			} else {
+				$redir = 'index.php';
+			}
+			header('Location: '.$redir);
+			exit;
+		}
+	break;
+	case "tou_agreement":
+		if ($settings['terms_of_use_agreement'] == 1 && isset($_POST['agreed']) && isset($_SESSION[$settings['session_prefix'].'user_id'])) {
+			$resultTOU = mysqli_query($connid, "SELECT dps_accepted, tou_accepted FROM ".$db_settings['userdata_table']." WHERE user_id = ". intval($_SESSION[$settings['session_prefix'].'user_id'])) or raise_error('database_error', mysqli_error($connid));
+			$feld = mysqli_fetch_assoc($resultTOU);
+			if ($feld['tou_accepted'] === NULL) {
+				$writeTOU = mysqli_query($connid, "UPDATE ".$db_settings['userdata_table']." SET tou_accepted = NOW() WHERE user_id = ". intval($_SESSION[$settings['session_prefix'].'user_id'])) or raise_error('database_error', mysqli_error($connid));
+			}
+			// terms of use got accepted, redirect
+			if ($settings['data_privacy_agreement'] == 1 && $feld['dps_accepted'] === NULL) {
+				$redir = 'index.php?mode=login&action=dps';
+			} else if (isset($_SESSION[$settings['session_prefix'].'last_visited_uri'])) {
+				$redir = $_SESSION[$settings['session_prefix'].'last_visited_uri'];
+			} else {
+				$redir = 'index.php';
+			}
+			header('Location: '.$redir);
+			exit;
+		} else {
+			if (isset($_SESSION[$settings['session_prefix'].'last_visited_uri'])) {
+				$redir = $_SESSION[$settings['session_prefix'].'last_visited_uri'];
+			} else {
+				$redir = 'index.php';
+			}
+			header('Location: '.$redir);
+			exit;
+		}
+	break;
+	case "pw_forgotten_submitted":
+		if (!empty($_POST['pwf_email']) && trim($_POST['pwf_email']) == '') $error = true;
+		if (empty($error)) {
+			$pwf_result = @mysqli_query($connid, "SELECT user_id, user_name, user_email FROM ".$db_settings['userdata_table']." WHERE user_email = '". mysqli_real_escape_string($connid, $_POST['pwf_email']) ."' LIMIT 1") or raise_error('database_error', mysqli_error($connid));
+			if (mysqli_num_rows($pwf_result) != 1) $error = true;
+			else $field = mysqli_fetch_array($pwf_result);
+			mysqli_free_result($pwf_result);
+		}
+		if (empty($error)) {
+			$pwf_code = random_string(20);
+			$pwf_code_hash = generate_pw_hash($pwf_code);
+			$update_result = mysqli_query($connid, "UPDATE ".$db_settings['userdata_table']." SET last_login = last_login, registered = registered, pwf_code = '". mysqli_real_escape_string($connid, $pwf_code_hash) ."' WHERE user_id = ". intval($field['user_id']) ." LIMIT 1");
+			// send mail with activating link:
+			$smarty->configLoad($settings['language_file'], 'emails');
+			$lang = $smarty->getConfigVars();
+			$lang['pwf_activating_email_txt'] = str_replace("[name]", $field["user_name"], $lang['pwf_activating_email_txt']);
+			$lang['pwf_activating_email_txt'] = str_replace("[forum_address]", $settings['forum_address'], $lang['pwf_activating_email_txt']);
+			$lang['pwf_activating_email_txt'] = str_replace("[activating_link]", $settings['forum_address'].basename($_SERVER['PHP_SELF'])."?mode=login&activate=".$field["user_id"]."&code=".$pwf_code, $lang['pwf_activating_email_txt']);
 
-         if(isset($_POST['back']) && isset($_POST['id']))
-          {
-           $redir_qs = '?mode='.$_POST['back'].'&id='.$_POST['id'].'&back=entry';;
-          }
-         elseif(isset($_POST['back']))
-          {
-           $redir_qs = '?mode='.$_POST['back'];
-          }
-         elseif(isset($_POST['id']))
-          {
-           $redir_qs = '?id='.$_POST['id'].'&back=entry';
-          }
-         else
-          {
-           $redir_qs = '';
-          }
+			if (my_mail($field["user_email"], $lang['pwf_activating_email_sj'], $lang['pwf_activating_email_txt'])) {
+				header("location: index.php?mode=login&login_message=mail_sent");
+				exit;
+			} else {
+				header("Location: index.php?mode=login&login_message=mail_error");
+				exit;
+			}
+		}
+		header("Location: index.php?mode=login&login_message=pwf_failed");
+		exit;
+	break;
+	case "activate":
+		if (isset($_GET['activate']) && trim($_GET['activate']) != "" && isset($_GET['code']) && trim($_GET['code']) != "") {
+			$pwf_result = mysqli_query($connid, "SELECT user_id, user_name, user_email, pwf_code FROM ".$db_settings['userdata_table']." WHERE user_id = ". intval($_GET["activate"]));
+			if (!$pwf_result) raise_error('database_error', mysqli_error($connid));
+			$field = mysqli_fetch_array($pwf_result);
+			mysqli_free_result($pwf_result);
+			if (!empty($field['pwf_code']) && trim($field['pwf_code']) != '' && $field['user_id'] == $_GET['activate'] && is_pw_correct($_GET['code'],$field['pwf_code'])) {
+				// generate new password:
+				if ($settings['min_pw_length'] < 8) $pwl = 8;
+				else $pwl = $settings['min_pw_length'];
+				$new_pw = random_string($pwl);
+				$pw_hash = generate_pw_hash($new_pw);
+				$update_result = mysqli_query($connid, "UPDATE ".$db_settings['userdata_table']." SET last_login = last_login, registered = registered, user_pw = '". mysqli_real_escape_string($connid, $pw_hash) ."', pwf_code = '' WHERE user_id = ". intval($field["user_id"]) ." LIMIT 1");
 
-         header('Location: index.php'.$redir_qs);
-         exit;
-        }
-       else
-        {
-         if($settings['temp_block_ip_after_repeated_failed_logins'] > 0) count_failed_logins();
-         $action = 'login';
-         $login_message='login_failed';
-        }
-     }
-    else
-     {
-      if($settings['temp_block_ip_after_repeated_failed_logins'] > 0) count_failed_logins();
-      $action = 'login';
-      $login_message='login_failed';
-     }
-    }
-   else
-    {
-     if($settings['temp_block_ip_after_repeated_failed_logins'] > 0) count_failed_logins();
-     $action = 'login';
-     $login_message='login_failed';
-    }
-  break;
+				// send new password:
+				$smarty->configLoad($settings['language_file'], 'emails');
+				$lang = $smarty->getConfigVars();
 
-  case "logout":
-   log_out($_SESSION[$settings['session_prefix'].'user_id']);
-   header("location: index.php");
-   exit;
-  break;
+				$lang['new_pw_email_txt'] = str_replace("[name]", $field['user_name'], $lang['new_pw_email_txt']);
+				$lang['new_pw_email_txt'] = str_replace("[password]", $new_pw, $lang['new_pw_email_txt']);
+				$lang['new_pw_email_txt'] = str_replace("[login_link]", $settings['forum_address'].basename($_SERVER['PHP_SELF'])."?mode=login&username=". urlencode($field['user_name']) ."&userpw=".$new_pw, $lang['new_pw_email_txt']);
+				$lang['new_pw_email_txt'] = $lang['new_pw_email_txt'];
 
-  case "pw_forgotten_submitted":
-   if(trim($_POST['pwf_email'])=='') $error=true;
-   if(empty($error))
-    {
-     $pwf_result = @mysqli_query($connid, "SELECT user_id, user_name, user_email FROM ".$db_settings['userdata_table']." WHERE user_email = '".mysqli_real_escape_string($connid, $_POST['pwf_email'])."' LIMIT 1") or raise_error('database_error',mysqli_error($connid));
-     if(mysqli_num_rows($pwf_result)!=1) $error=true;
-     else $field = mysqli_fetch_array($pwf_result);
-     mysqli_free_result($pwf_result);
-    }
-   if(empty($error))
-    {
-     $pwf_code = random_string(20);
-     $pwf_code_hash = generate_pw_hash($pwf_code);
-     $update_result = mysqli_query($connid, "UPDATE ".$db_settings['userdata_table']." SET last_login=last_login, registered=registered, pwf_code='".mysqli_real_escape_string($connid, $pwf_code_hash)."' WHERE user_id = ".intval($field['user_id'])." LIMIT 1");
-     // send mail with activating link:
-     $smarty->configLoad($settings['language_file'], 'emails');
-     $lang = $smarty->getConfigVars();
-     $lang['pwf_activating_email_txt'] = str_replace("[name]", $field["user_name"], $lang['pwf_activating_email_txt']);
-     $lang['pwf_activating_email_txt'] = str_replace("[forum_address]", $settings['forum_address'], $lang['pwf_activating_email_txt']);
-     $lang['pwf_activating_email_txt'] = str_replace("[activating_link]", $settings['forum_address'].basename($_SERVER['PHP_SELF'])."?mode=login&activate=".$field["user_id"]."&code=".$pwf_code, $lang['pwf_activating_email_txt']);
-
-     if(my_mail($field["user_email"], $lang['pwf_activating_email_sj'], $lang['pwf_activating_email_txt']))
-      {
-       header("location: index.php?mode=login&login_message=mail_sent");
-       exit;
-      }
-     else
-      {
-       header("Location: index.php?mode=login&login_message=mail_error");
-       exit;
-      }
-    }
-   header("Location: index.php?mode=login&login_message=pwf_failed");
-   exit;
-  break;
-
-  case "activate":
-  if(isset($_GET['activate']) && trim($_GET['activate']) != "" && isset($_GET['code']) && trim($_GET['code']) != "")
-   {
-    $pwf_result = mysqli_query($connid, "SELECT user_id, user_name, user_email, pwf_code FROM ".$db_settings['userdata_table']." WHERE user_id = '".intval($_GET["activate"])."'");
-    if (!$pwf_result) raise_error('database_error',mysqli_error($connid));
-    $field = mysqli_fetch_array($pwf_result);
-    mysqli_free_result($pwf_result);
-    if(trim($field['pwf_code'])!='' && $field['user_id'] == $_GET['activate'] && is_pw_correct($_GET['code'],$field['pwf_code']))
-     {
-      // generate new password:
-      if($settings['min_pw_length']<8) $pwl = 8;
-      else $pwl = $settings['min_pw_length'];
-      $new_pw = random_string($pwl);
-      $pw_hash = generate_pw_hash($new_pw);
-      $update_result = mysqli_query($connid, "UPDATE ".$db_settings['userdata_table']." SET last_login=last_login, registered=registered, user_pw='".mysqli_real_escape_string($connid, $pw_hash)."', pwf_code='' WHERE user_id='".$field["user_id"]."' LIMIT 1");
-
-      // send new password:
-      $smarty->configLoad($settings['language_file'], 'emails');
-      $lang = $smarty->getConfigVars();
-
-      $lang['new_pw_email_txt'] = str_replace("[name]", $field['user_name'], $lang['new_pw_email_txt']);
-      $lang['new_pw_email_txt'] = str_replace("[password]", $new_pw, $lang['new_pw_email_txt']);
-      $lang['new_pw_email_txt'] = str_replace("[login_link]", $settings['forum_address'].basename($_SERVER['PHP_SELF'])."?mode=login&username=".urlencode($field['user_name'])."&userpw=".$new_pw, $lang['new_pw_email_txt']);
-      $lang['new_pw_email_txt'] = $lang['new_pw_email_txt'];
-
-      if(my_mail($field['user_email'], $lang['new_pw_email_sj'], $lang['new_pw_email_txt']))
-       {
-        header("location: index.php?mode=login&login_message=pw_sent");
-        exit;
-       }
-      else
-       {
-        echo $lang['mail_error'];
-        exit;
-       }
-     }
-    else
-     {
-      header("location: index.php?mode=login&login_message=code_invalid");
-      exit;
-     }
-   }
-   else
-    {
-     header("location: index.php?mode=login&login_message=code_invalid");
-     exit;
-    }
-  break;
- }
+				if (my_mail($field['user_email'], $lang['new_pw_email_sj'], $lang['new_pw_email_txt'])) {
+					header("location: index.php?mode=login&login_message=pw_sent");
+					exit;
+				} else {
+					echo $lang['mail_error'];
+					exit;
+				}
+			} else {
+				header("location: index.php?mode=login&login_message=code_invalid");
+				exit;
+			}
+		} else {
+			header("location: index.php?mode=login&login_message=code_invalid");
+			exit;
+		}
+	break;
+}
 
 $smarty->assign('action',$action);
 
-switch($action)
- {
-  case "login":
-   $smarty->assign('subnav_location','subnav_login');
-   $smarty->assign('subtemplate','login.inc.tpl');
-   if(isset($login_message)) $smarty->assign('login_message',$login_message);
-   if(isset($_REQUEST['id'])) $smarty->assign('id',intval($_REQUEST['id']));
-   if(isset($_REQUEST['back'])) $smarty->assign('back',htmlspecialchars($_REQUEST['back']));
-   $template = 'main.tpl';
-  break;
-  case "pw_forgotten":
-   $breadcrumbs[0]['link'] = 'index.php?mode=login';
-   $breadcrumbs[0]['linkname'] = 'subnav_login';
-   $smarty->assign('breadcrumbs',$breadcrumbs);
-   $smarty->assign('subnav_location','subnav_pw_forgotten');
-   $smarty->assign('subtemplate','login_pw_forgotten.inc.tpl');
-   $template = 'main.tpl';
-  break;
-  case "ip_temporarily_blocked":
-   $smarty->assign('ip_temporarily_blocked',true);
-   $smarty->assign('subnav_location','subnav_login');
-   $smarty->assign('subtemplate','login.inc.tpl');
-   $template = 'main.tpl';
-  break;
- }
+switch($action) {
+	case "login":
+		$smarty->assign('subnav_location', 'subnav_login');
+		$smarty->assign('subtemplate', 'login.inc.tpl');
+		if (isset($login_message)) $smarty->assign('login_message', $login_message);
+		if (isset($_REQUEST['id'])) $smarty->assign('id', intval($_REQUEST['id']));
+		if (isset($_REQUEST['back'])) $smarty->assign('back', htmlspecialchars($_REQUEST['back']));
+		$template = 'main.tpl';
+	break;
+	case "pw_forgotten":
+		$breadcrumbs[0]['link'] = 'index.php?mode=login';
+		$breadcrumbs[0]['linkname'] = 'subnav_login';
+		$smarty->assign('breadcrumbs', $breadcrumbs);
+		$smarty->assign('subnav_location', 'subnav_pw_forgotten');
+		$smarty->assign('subtemplate', 'login_pw_forgotten.inc.tpl');
+		$template = 'main.tpl';
+	break;
+	case "ip_temporarily_blocked":
+		$smarty->assign('ip_temporarily_blocked', true);
+		$smarty->assign('subnav_location', 'subnav_login');
+		$smarty->assign('subtemplate', 'login.inc.tpl');
+		$template = 'main.tpl';
+	break;
+	case "show_dps":
+		$smarty->assign('show_dps_page', true);
+		$smarty->assign('subnav_location', 'subnav_accept_dps');
+		$smarty->assign('subtemplate', 'user_agreement.inc.tpl');
+		$template = 'main.tpl';
+	break;
+	case "show_tou":
+		$smarty->assign('show_tou_page', true);
+		$smarty->assign('subnav_location', 'subnav_accept_tou');
+		$smarty->assign('subtemplate', 'user_agreement.inc.tpl');
+		$template = 'main.tpl';
+	break;
+}
 ?>

includes/mailer.inc.php

@@ -0,0 +1,33 @@
+<?php
+if (!defined('IN_INDEX')) {
+	header('Location: ../index.php');
+	exit;
+}
+
+//Import the PHPMailer class into the global namespace
+use PHPMailer\PHPMailer\PHPMailer;
+use PHPMailer\PHPMailer\Exception;
+use PHPMailer\PHPMailer\SMTP;
+//use PHPMailer\PHPMailer\OAuthTokenProvider;
+//use PHPMailer\PHPMailer\OAuth;
+//use PHPMailer\PHPMailer\POP3;
+
+// include php resources
+require 'modules/phpmailer/PHPMailer.php';
+require 'modules/phpmailer/Exception.php';
+require 'modules/phpmailer/SMTP.php';
+//require 'modules/phpmailer/OAuthTokenProvider.php';
+//require 'modules/phpmailer/OAuth.php';
+//require 'modules/phpmailer/POP3.php';
+
+// include config
+require 'config/php_mailer.php';
+
+// create instance
+$PHP_MAILER = new PHPMailer();
+
+// add specified properties
+foreach($PHP_MAILER_CONFIG as $key => $value) {
+	$PHP_MAILER->set($key, $value);
+}
+?>

includes/main.inc.php

@@ -1,23 +1,8 @@
 <?php
-if(!defined('IN_INDEX'))
- {
-  header('Location: ../index.php');
-  exit;
- }
-
-// stripslashes on GPC if magic_quotes_gpc is enabled:
-if(get_magic_quotes_gpc())
- {
-  function stripslashes_deep($value)
-   {
-    $value = is_array($value) ? array_map('stripslashes_deep', $value) : stripslashes($value);
-    return $value;
-   }
-  $_POST = array_map('stripslashes_deep', $_POST);
-  $_GET = array_map('stripslashes_deep', $_GET);
-  $_COOKIE = array_map('stripslashes_deep', $_COOKIE);
-  $_REQUEST = array_map('stripslashes_deep', $_REQUEST);
- }
+if (!defined('IN_INDEX')) {
+	header('Location: ../index.php');
+	exit;
+}
 
 // database connection:
 $connid = connect_db($db_settings['host'], $db_settings['user'], $db_settings['password'], $db_settings['database']);
@@ -35,347 +20,274 @@ if (!isset($_SESSION['csrf_token'])) {
 }
 
 // auto login:
-if(!isset($_SESSION[$settings['session_prefix'].'user_id']) && isset($_COOKIE[$settings['session_prefix'].'auto_login']) && isset($settings['autologin']) && $settings['autologin'] == 1)
- {
-  include('includes/auto_login.inc.php');
- }
-
-// Bad Behavior check:
-if($settings['bad_behavior']==1 && !isset($_SESSION[$settings['session_prefix'].'user_id']))
- {
-  require_once("modules/bad-behavior/bad-behavior-generic.php");
- }
+if (!isset($_SESSION[$settings['session_prefix'].'user_id']) && isset($_COOKIE[$settings['session_prefix'].'auto_login']) && isset($settings['autologin']) && $settings['autologin'] == 1) {
+	include('includes/auto_login.inc.php');
+}
 
 // access permission checks for not registered users:
-if($settings['access_permission_checks']==1 && !isset($_SESSION[$settings['session_prefix'].'user_id']))
- {
-  // look if IP or user agent is banned:
-  $ip_result=mysqli_query($connid, "SELECT name, list FROM ".$db_settings['banlists_table']." WHERE name = 'ips' OR name = 'user_agents'") or raise_error('database_error',mysqli_error($connid));
-  while($data = mysqli_fetch_array($ip_result))
-   {
-    if($data['name'] == 'ips') $ips = $data['list'];
-    if($data['name'] == 'user_agents') $user_agents = $data['list'];
-   }
-  mysqli_free_result($ip_result);
-  if(isset($ips) && trim($ips) != '')
-   {
-    $banned_ips = explode("\n",$ips);
-    if(is_ip_banned($_SERVER['REMOTE_ADDR'], $banned_ips)) raise_error('403');
-   }
-  if(isset($user_agents) && trim($user_agents) != '')
-   {
-    $banned_user_agents = explode("\n",$user_agents);
-    if(is_user_agent_banned($_SERVER['HTTP_USER_AGENT'], $banned_user_agents)) raise_error('403');
-   }
- }
+if ($settings['access_permission_checks'] == 1 && !isset($_SESSION[$settings['session_prefix'].'user_id'])) {
+	// look if IP or user agent is banned:
+	$ip_result = mysqli_query($connid, "SELECT name, list FROM ".$db_settings['banlists_table']." WHERE name = 'ips' OR name = 'user_agents'") or raise_error('database_error', mysqli_error($connid));
+	while ($data = mysqli_fetch_array($ip_result)) {
+		if ($data['name'] == 'ips') $ips = $data['list'];
+		if ($data['name'] == 'user_agents') $user_agents = $data['list'];
+	}
+	mysqli_free_result($ip_result);
+	if (isset($ips) && !empty($ips) && trim($ips) != '') {
+		$banned_ips = explode("\n",$ips);
+		if (is_ip_banned($_SERVER['REMOTE_ADDR'], $banned_ips)) raise_error('403');
+	}
+	if (isset($user_agents) && !empty($user_agents) && trim($user_agents) != '') {
+		$banned_user_agents = explode("\n", $user_agents);
+		if (is_user_agent_banned($_SERVER['HTTP_USER_AGENT'], $banned_user_agents)) raise_error('403');
+	}
+}
 
 // look if user blocked:
-if(isset($_SESSION[$settings['session_prefix'].'user_id']))
- {
-  $block_result=mysqli_query($connid, "SELECT user_lock FROM ".$db_settings['userdata_table']." WHERE user_id = ".intval($_SESSION[$settings['session_prefix'].'user_id'])." LIMIT 1") or raise_error('database_error',mysqli_error($connid));
-  $data = mysqli_fetch_array($block_result);
-  mysqli_free_result($block_result);
-  if($data['user_lock']==1)
-   {
-    log_out($_SESSION[$settings['session_prefix'].'user_id'],'account_locked');
-   }
- }
+if (isset($_SESSION[$settings['session_prefix'].'user_id'])) {
+	$block_result = mysqli_query($connid, "SELECT user_lock FROM ".$db_settings['userdata_table']." WHERE user_id = ". intval($_SESSION[$settings['session_prefix'].'user_id']) ." LIMIT 1") or raise_error('database_error', mysqli_error($connid));
+	$data = mysqli_fetch_array($block_result);
+	mysqli_free_result($block_result);
+	if ($data['user_lock'] == 1) {
+		log_out($_SESSION[$settings['session_prefix'].'user_id'], 'account_locked');
+	}
+}
 
 // set time zone:
-if(function_exists('date_default_timezone_set'))
- {
-  if(isset($_SESSION[$settings['session_prefix'].'usersettings']['time_zone']) && $_SESSION[$settings['session_prefix'].'usersettings']['time_zone']!='')
-   {
-    date_default_timezone_set($_SESSION[$settings['session_prefix'].'usersettings']['time_zone']);
-    $forum_time_zone = $_SESSION[$settings['session_prefix'].'usersettings']['time_zone'];
-    if(isset($_SESSION[$settings['session_prefix'].'usersettings']['time_difference']) && $_SESSION[$settings['session_prefix'].'usersettings']['time_difference']!=0)
-     {
-      if($_SESSION[$settings['session_prefix'].'usersettings']['time_difference']>0) $uds = '+'; else $uds = '-'; 
-      $udm = abs($_SESSION[$settings['session_prefix'].'usersettings']['time_difference']);
-      $udh = floor($udm / 60);
-      $udmr = $udm - $udh*60;
-      if($udmr<10) $udmr = '0'.$udmr;
-      $udf = $uds.$udh.':'.$udmr;
-      $forum_time_zone = $_SESSION[$settings['session_prefix'].'usersettings']['time_zone'].' '.$udf;
-     }
-    else
-     {
-      $forum_time_zone = $_SESSION[$settings['session_prefix'].'usersettings']['time_zone'];
-     }
-   }
-  elseif($settings['time_zone']!='')
-   {
-    date_default_timezone_set($settings['time_zone']);
-    $forum_time_zone = $settings['time_zone'];
-   }
-  else
-   {
-    date_default_timezone_set('UTC');
-    $forum_time_zone = 'UTC';
-   }
- }
+if (function_exists('date_default_timezone_set')) {
+	if (isset($_SESSION[$settings['session_prefix'].'usersettings']['time_zone']) && $_SESSION[$settings['session_prefix'].'usersettings']['time_zone'] != '') {
+		date_default_timezone_set($_SESSION[$settings['session_prefix'].'usersettings']['time_zone']);
+		$forum_time_zone = $_SESSION[$settings['session_prefix'].'usersettings']['time_zone'];
+		if (isset($_SESSION[$settings['session_prefix'].'usersettings']['time_difference']) && $_SESSION[$settings['session_prefix'].'usersettings']['time_difference'] != 0) {
+			if ($_SESSION[$settings['session_prefix'].'usersettings']['time_difference'] > 0) $uds = '+'; else $uds = '-';
+			$udm = abs($_SESSION[$settings['session_prefix'].'usersettings']['time_difference']);
+			$udh = floor($udm / 60);
+			$udmr = $udm - $udh * 60;
+			if ($udmr < 10) $udmr = '0'.$udmr;
+			$udf = $uds.$udh.':'.$udmr;
+			$forum_time_zone = $_SESSION[$settings['session_prefix'].'usersettings']['time_zone'].' '.$udf;
+		} else {
+			$forum_time_zone = $_SESSION[$settings['session_prefix'].'usersettings']['time_zone'];
+		}
+	} elseif($settings['time_zone'] != '') {
+		date_default_timezone_set($settings['time_zone']);
+		$forum_time_zone = $settings['time_zone'];
+	} else {
+		date_default_timezone_set('UTC');
+		$forum_time_zone = 'UTC';
+	}
+}
 
 // do daily actions:
-daily_actions(TIMESTAMP);
+//daily_actions(TIMESTAMP);
 
 $categories = get_categories();
 $category_ids = get_category_ids($categories);
-if($category_ids!=false) $category_ids_query = implode(', ', $category_ids);
-if(empty($category)) $category=0;
+if ($category_ids != false) $category_ids_query = implode(', ', $category_ids);
+if (empty($category)) $category = 0;
 
 // user settings:
-if(isset($_COOKIE[$settings['session_prefix'].'usersettings']))
- {
-  $usersettings_cookie = explode('.',$_COOKIE[$settings['session_prefix'].'usersettings']);
- }
+if (isset($_COOKIE[$settings['session_prefix'].'usersettings'])) {
+	$usersettings_cookie = explode('.', $_COOKIE[$settings['session_prefix'].'usersettings']);
+}
 
-if(empty($_SESSION[$settings['session_prefix'].'usersettings']))
- {
-  if(isset($usersettings_cookie[0]))
-   {
-    $usersettings['user_view'] = $usersettings_cookie[0]==1 ? 1 : 0;
-   }
-  else
-   {
-    $usersettings['user_view'] = $settings['default_view'];
-   }
-  $usersettings['thread_order'] = isset($usersettings_cookie[1]) && $usersettings_cookie[1]==1 ? 1 : 0;
-  $usersettings['sidebar'] = isset($usersettings_cookie[2]) && $usersettings_cookie[2]==0 ? 0 : 1;
-  if(isset($usersettings_cookie[3]))
-   {
-    $usersettings['fold_threads'] = $usersettings_cookie[3]==1 ? 1 : 0;
-   }
-  else
-   {
-    $usersettings['fold_threads'] = $settings['fold_threads'];
-   }
-  $usersettings['thread_display'] = isset($usersettings_cookie[4]) && $usersettings_cookie[4]==1 ? 1 : 0;
-  $usersettings['page'] = 1;
-  $usersettings['category'] = 0;
-  $_SESSION[$settings['session_prefix'].'usersettings'] = $usersettings;
-  setcookie($settings['session_prefix'].'usersettings',$_SESSION[$settings['session_prefix'].'usersettings']['user_view'].'.'.$_SESSION[$settings['session_prefix'].'usersettings']['thread_order'].'.'.$_SESSION[$settings['session_prefix'].'usersettings']['sidebar'].'.'.$_SESSION[$settings['session_prefix'].'usersettings']['fold_threads'].'.'.$_SESSION[$settings['session_prefix'].'usersettings']['thread_display'],TIMESTAMP+(3600*24*$settings['cookie_validity_days']));
- }
+if (empty($_SESSION[$settings['session_prefix'].'usersettings'])) {
+	if (isset($usersettings_cookie[0])) {
+		$usersettings['user_view'] = $usersettings_cookie[0] == 1 ? 1 : 0;
+	} else {
+		$usersettings['user_view'] = $settings['default_view'];
+	}
+	$usersettings['thread_order'] = isset($usersettings_cookie[1]) && $usersettings_cookie[1] == 1 ? 1 : 0;
+	$usersettings['sidebar'] = isset($usersettings_cookie[2]) && $usersettings_cookie[2] == 0 ? 0 : 1;
+	if(isset($usersettings_cookie[3])) {
+    $usersettings['fold_threads'] = $usersettings_cookie[3] == 1 ? 1 : 0;
+	} else {
+		$usersettings['fold_threads'] = $settings['fold_threads'];
+	}
+	$usersettings['thread_display'] = isset($usersettings_cookie[4]) && $usersettings_cookie[4] == 1 ? 1 : 0;
+	$usersettings['page'] = 1;
+	$usersettings['category'] = 0;
+	$_SESSION[$settings['session_prefix'].'usersettings'] = $usersettings;
+	setcookie($settings['session_prefix'].'usersettings', $_SESSION[$settings['session_prefix'].'usersettings']['user_view'].'.'.$_SESSION[$settings['session_prefix'].'usersettings']['thread_order'].'.'.$_SESSION[$settings['session_prefix'].'usersettings']['sidebar'].'.'.$_SESSION[$settings['session_prefix'].'usersettings']['fold_threads'].'.'.$_SESSION[$settings['session_prefix'].'usersettings']['thread_display'], cookie_options(TIMESTAMP + (3600 * 24 * $settings['cookie_validity_days'])));
+}
 
-if(isset($_REQUEST['toggle_sidebar']))
- {
-  if(empty($_SESSION[$settings['session_prefix'].'usersettings']['sidebar'])) $_SESSION[$settings['session_prefix'].'usersettings']['sidebar']=1;
-  else $_SESSION[$settings['session_prefix'].'usersettings']['sidebar']=0;
-  setcookie($settings['session_prefix'].'usersettings',$_SESSION[$settings['session_prefix'].'usersettings']['user_view'].'.'.$_SESSION[$settings['session_prefix'].'usersettings']['thread_order'].'.'.$_SESSION[$settings['session_prefix'].'usersettings']['sidebar'].'.'.$_SESSION[$settings['session_prefix'].'usersettings']['fold_threads'].'.'.$_SESSION[$settings['session_prefix'].'usersettings']['thread_display'],TIMESTAMP+(3600*24*$settings['cookie_validity_days']));
-  // update database for registered users:
-  if(isset($_SESSION[$settings['session_prefix'].'user_id']))
-   {
-    @mysqli_query($connid, "UPDATE ".$db_settings['userdata_table']." SET last_login=last_login, last_logout=last_logout, registered=registered, sidebar = ".intval($_SESSION[$settings['session_prefix'].'usersettings']['sidebar'])." WHERE user_id=".intval($_SESSION[$settings['session_prefix'].'user_id']));
-   }
+if (isset($_REQUEST['toggle_sidebar'])) {
+	if (empty($_SESSION[$settings['session_prefix'].'usersettings']['sidebar'])) $_SESSION[$settings['session_prefix'].'usersettings']['sidebar'] = 1;
+	else $_SESSION[$settings['session_prefix'].'usersettings']['sidebar'] = 0;
+	setcookie($settings['session_prefix'].'usersettings', $_SESSION[$settings['session_prefix'].'usersettings']['user_view'].'.'.$_SESSION[$settings['session_prefix'].'usersettings']['thread_order'].'.'.$_SESSION[$settings['session_prefix'].'usersettings']['sidebar'].'.'.$_SESSION[$settings['session_prefix'].'usersettings']['fold_threads'].'.'.$_SESSION[$settings['session_prefix'].'usersettings']['thread_display'], cookie_options(TIMESTAMP + (3600 * 24 * $settings['cookie_validity_days'])));
+	// update database for registered users:
+	if (isset($_SESSION[$settings['session_prefix'].'user_id'])) {
+		@mysqli_query($connid, "UPDATE ".$db_settings['userdata_table']." SET last_login = last_login, last_logout = last_logout, registered = registered, sidebar = ". intval($_SESSION[$settings['session_prefix'].'usersettings']['sidebar']) ." WHERE user_id = ". intval($_SESSION[$settings['session_prefix'].'user_id']));
+	}
 
-  if(isset($_POST['toggle_sidebar'])) exit; // AJAX request
+	if (isset($_POST['toggle_sidebar'])) exit; // AJAX request
 
-  if(isset($_GET['category']) && isset($_GET['page']) && isset($_GET['order'])) $q = '?page='.$_GET['page'].'&category='.$_GET['category'].'&order='.$_GET['order']; else $q = '';
-  header('location: index.php'.$q);
-  exit;
- }
+	if (isset($_GET['category']) && isset($_GET['page']) && isset($_GET['order'])) $q = '?page='.$_GET['page'].'&category='.$_GET['category'].'&order='.$_GET['order']; else $q = '';
+	header('location: index.php'.$q);
+	exit;
+}
 
-if(isset($_GET['thread_order']) && isset($_SESSION[$settings['session_prefix'].'usersettings']['thread_order']))
- {
-  $page = 1;
-  if($_GET['thread_order']==1) $thread_order = 1;
-  else $thread_order = 0;
-  if($thread_order != $_SESSION[$settings['session_prefix'].'usersettings']['thread_order'])
-   {
-    $_SESSION[$settings['session_prefix'].'usersettings']['page']=1;
-    $_SESSION[$settings['session_prefix'].'usersettings']['thread_order']=$thread_order;
-    setcookie($settings['session_prefix'].'usersettings',$_SESSION[$settings['session_prefix'].'usersettings']['user_view'].'.'.$thread_order.'.'.$_SESSION[$settings['session_prefix'].'usersettings']['sidebar'].'.'.$_SESSION[$settings['session_prefix'].'usersettings']['fold_threads'].'.'.$_SESSION[$settings['session_prefix'].'usersettings']['thread_display'],TIMESTAMP+(3600*24*$settings['cookie_validity_days']));
-    if(isset($_SESSION[$settings['session_prefix'].'user_id'])) @mysqli_query($connid, "UPDATE ".$db_settings['userdata_table']." SET last_login=last_login, last_logout=last_logout, registered=registered, thread_order=".intval($thread_order)." WHERE user_id='".intval($_SESSION[$settings['session_prefix'].'user_id'])."'");
-   }
- }
+if (isset($_GET['thread_order']) && isset($_SESSION[$settings['session_prefix'].'usersettings']['thread_order'])) {
+	$page = 1;
+	if ($_GET['thread_order'] == 1) $thread_order = 1;
+	else $thread_order = 0;
+	if ($thread_order != $_SESSION[$settings['session_prefix'].'usersettings']['thread_order']) {
+		$_SESSION[$settings['session_prefix'].'usersettings']['page'] = 1;
+		$_SESSION[$settings['session_prefix'].'usersettings']['thread_order'] = $thread_order;
+		setcookie($settings['session_prefix'].'usersettings', $_SESSION[$settings['session_prefix'].'usersettings']['user_view'].'.'.$thread_order.'.'.$_SESSION[$settings['session_prefix'].'usersettings']['sidebar'].'.'.$_SESSION[$settings['session_prefix'].'usersettings']['fold_threads'].'.'.$_SESSION[$settings['session_prefix'].'usersettings']['thread_display'], cookie_options(TIMESTAMP + (3600 * 24 * $settings['cookie_validity_days'])));
+		if (isset($_SESSION[$settings['session_prefix'].'user_id'])) @mysqli_query($connid, "UPDATE ".$db_settings['userdata_table']." SET last_login = last_login, last_logout = last_logout, registered = registered, thread_order = ". intval($thread_order) ." WHERE user_id = ". intval($_SESSION[$settings['session_prefix'].'user_id']));
+	}
+}
+if (isset($_SESSION[$settings['session_prefix'].'usersettings']) && isset($_GET['toggle_view']) && in_array($_GET['toggle_view'], array(0, 1))) {
+	$_SESSION[$settings['session_prefix'].'usersettings']['user_view'] = intval($_GET['toggle_view']);
+	setcookie($settings['session_prefix'].'usersettings', $_SESSION[$settings['session_prefix'].'usersettings']['user_view'].'.'.$_SESSION[$settings['session_prefix'].'usersettings']['thread_order'].'.'.$_SESSION[$settings['session_prefix'].'usersettings']['sidebar'].'.'.$_SESSION[$settings['session_prefix'].'usersettings']['fold_threads'].'.'.$_SESSION[$settings['session_prefix'].'usersettings']['thread_display'], cookie_options(TIMESTAMP+(3600*24*$settings['cookie_validity_days'])));
+	// update database for registered users:
+	if (isset($_SESSION[$settings['session_prefix'].'user_id'])) {
+		@mysqli_query($connid, "UPDATE ".$db_settings['userdata_table']." SET last_login = last_login, last_logout = last_logout, registered = registered, user_view = ". intval($_SESSION[$settings['session_prefix'].'usersettings']['user_view']) ." WHERE user_id = ". intval($_SESSION[$settings['session_prefix'].'user_id'])) or die(mysqli_error($connid));
+	}
+	if (isset($_GET['category']) && isset($_GET['page']) && isset($_GET['order'])) $q = '&page='.$_GET['page'].'&category='.$_GET['category'].'&order='.$_GET['order']; else $q = '';
+	header('location: index.php?mode=index'.$q);
+	exit;
+}
+if (isset($_SESSION[$settings['session_prefix'].'usersettings']) && isset($_GET['toggle_thread_display']) && in_array($_GET['toggle_thread_display'], array(0, 1)) && isset($_GET['id'])) {
+	$_SESSION[$settings['session_prefix'].'usersettings']['thread_display'] = intval($_GET['toggle_thread_display']);
+	setcookie($settings['session_prefix'].'usersettings', $_SESSION[$settings['session_prefix'].'usersettings']['user_view'].'.'.$_SESSION[$settings['session_prefix'].'usersettings']['thread_order'].'.'.$_SESSION[$settings['session_prefix'].'usersettings']['sidebar'].'.'.$_SESSION[$settings['session_prefix'].'usersettings']['fold_threads'].'.'.$_SESSION[$settings['session_prefix'].'usersettings']['thread_display'], cookie_options(TIMESTAMP + (3600 * 24 * $settings['cookie_validity_days'])));
+	// update database for registered users:
+	if (isset($_SESSION[$settings['session_prefix'].'user_id'])) {
+		@mysqli_query($connid, "UPDATE ".$db_settings['userdata_table']." SET last_login = last_login, last_logout = last_logout, registered = registered, thread_display = ". intval($_SESSION[$settings['session_prefix'].'usersettings']['thread_display']) ." WHERE user_id = ". intval($_SESSION[$settings['session_prefix'].'user_id'])) or die(mysqli_error($connid));
+	}
+	header('location: index.php?mode=thread&id='.intval($_GET['id']));
+	exit;
+}
 
-if(isset($_GET['toggle_view']))
- {
-  if(isset($_SESSION[$settings['session_prefix'].'usersettings']) && $_SESSION[$settings['session_prefix'].'usersettings']['user_view'] == 0)
-   {
-    $_SESSION[$settings['session_prefix'].'usersettings']['user_view'] = 1;
-    setcookie($settings['session_prefix'].'usersettings','1.'.$_SESSION[$settings['session_prefix'].'usersettings']['thread_order'].'.'.$_SESSION[$settings['session_prefix'].'usersettings']['sidebar'].'.'.$_SESSION[$settings['session_prefix'].'usersettings']['fold_threads'].'.'.$_SESSION[$settings['session_prefix'].'usersettings']['thread_display'],TIMESTAMP+(3600*24*$settings['cookie_validity_days']));
-   }
-  elseif(isset($_SESSION[$settings['session_prefix'].'usersettings']) && $_SESSION[$settings['session_prefix'].'usersettings']['user_view'] == 1)
-   {
-    $_SESSION[$settings['session_prefix'].'usersettings']['user_view'] = 0;
-    setcookie($settings['session_prefix'].'usersettings','0.'.$_SESSION[$settings['session_prefix'].'usersettings']['thread_order'].'.'.$_SESSION[$settings['session_prefix'].'usersettings']['sidebar'].'.'.$_SESSION[$settings['session_prefix'].'usersettings']['fold_threads'].'.'.$_SESSION[$settings['session_prefix'].'usersettings']['thread_display'],TIMESTAMP+(3600*24*$settings['cookie_validity_days']));
-   }
-  // update database for registered users:
-  if(isset($_SESSION[$settings['session_prefix'].'user_id']))
-   {
-    @mysqli_query($connid, "UPDATE ".$db_settings['userdata_table']." SET last_login=last_login, last_logout=last_logout, registered=registered, user_view = ".intval($_SESSION[$settings['session_prefix'].'usersettings']['user_view'])." WHERE user_id='".intval($_SESSION[$settings['session_prefix'].'user_id'])."'") or die(mysqli_error($connid));
-   }
-  #$clear_cache=true;
-  if(isset($_GET['category']) && isset($_GET['page']) && isset($_GET['order'])) $q = '&page='.$_GET['page'].'&category='.$_GET['category'].'&order='.$_GET['order']; else $q = '';
-  header('location: index.php?mode=index'.$q);
-  exit;
- }
+if (isset($_SESSION[$settings['session_prefix'].'usersettings']) && isset($_GET['fold_threads']) && in_array($_GET['fold_threads'], array(0, 1))) {
+	$_SESSION[$settings['session_prefix'].'usersettings']['fold_threads'] = intval($_GET['fold_threads']);
+	setcookie($settings['session_prefix'].'usersettings', $_SESSION[$settings['session_prefix'].'usersettings']['user_view'].'.'.$_SESSION[$settings['session_prefix'].'usersettings']['thread_order'].'.'.$_SESSION[$settings['session_prefix'].'usersettings']['sidebar'].'.'.$_SESSION[$settings['session_prefix'].'usersettings']['fold_threads'].'.'.$_SESSION[$settings['session_prefix'].'usersettings']['thread_display'], cookie_options(TIMESTAMP + (3600 * 24 * $settings['cookie_validity_days'])));
+	// update database for registered users:
+	if (isset($_SESSION[$settings['session_prefix'].'user_id'])) {
+		@mysqli_query($connid, "UPDATE ".$db_settings['userdata_table']." SET last_login = last_login, last_logout = last_logout, registered = registered, fold_threads = ". intval($_SESSION[$settings['session_prefix'].'usersettings']['fold_threads']) ." WHERE user_id = ". intval($_SESSION[$settings['session_prefix'].'user_id'])) or die(mysqli_error($connid));
+	}
+	if (isset($_GET['category']) && isset($_GET['page']) && isset($_GET['order'])) $q = '&page='.$_GET['page'].'&category='.$_GET['category'].'&order='.$_GET['order']; else $q = '';
+	if (isset($_GET['ajax'])) exit;
+	header('Location: index.php?mode=index'.$q);
+	exit;
+}
 
-if(isset($_GET['toggle_thread_display']) && isset($_GET['id']))
- {
-  if(isset($_SESSION[$settings['session_prefix'].'usersettings']) && $_SESSION[$settings['session_prefix'].'usersettings']['thread_display'] == 0)
-   {
-    $_SESSION[$settings['session_prefix'].'usersettings']['thread_display'] = 1;
-    setcookie($settings['session_prefix'].'usersettings',$_SESSION[$settings['session_prefix'].'usersettings']['user_view'].'.'.$_SESSION[$settings['session_prefix'].'usersettings']['thread_order'].'.'.$_SESSION[$settings['session_prefix'].'usersettings']['sidebar'].'.'.$_SESSION[$settings['session_prefix'].'usersettings']['fold_threads'].'.1',TIMESTAMP+(3600*24*$settings['cookie_validity_days']));
-   }
-  elseif(isset($_SESSION[$settings['session_prefix'].'usersettings']) && $_SESSION[$settings['session_prefix'].'usersettings']['thread_display'] == 1)
-   {
-    $_SESSION[$settings['session_prefix'].'usersettings']['thread_display'] = 0;
-    setcookie($settings['session_prefix'].'usersettings',$_SESSION[$settings['session_prefix'].'usersettings']['user_view'].'.'.$_SESSION[$settings['session_prefix'].'usersettings']['thread_order'].'.'.$_SESSION[$settings['session_prefix'].'usersettings']['sidebar'].'.'.$_SESSION[$settings['session_prefix'].'usersettings']['fold_threads'].'.0',TIMESTAMP+(3600*24*$settings['cookie_validity_days']));
-   }
-  // update database for registered users:
-  if(isset($_SESSION[$settings['session_prefix'].'user_id']))
-   {
-    @mysqli_query($connid, "UPDATE ".$db_settings['userdata_table']." SET last_login=last_login, last_logout=last_logout, registered=registered, thread_display = ".intval($_SESSION[$settings['session_prefix'].'usersettings']['thread_display'])." WHERE user_id='".intval($_SESSION[$settings['session_prefix'].'user_id'])."'") or die(mysqli_error($connid));
-   }
-  #$clear_cache=true;
-  header('location: index.php?mode=thread&id='.intval($_GET['id']));
-  exit;
- }
+if(isset($_GET['refresh'])) {
+	if (isset($_SESSION[$settings['session_prefix'].'usersettings']['newtime'])) {
+		$_SESSION[$settings['session_prefix'].'usersettings']['newtime'] = TIMESTAMP;
+	}
+	setcookie($settings['session_prefix'].'last_visit', TIMESTAMP.".".TIMESTAMP, cookie_options(TIMESTAMP + (3600 * 24 * $settings['cookie_validity_days'])));
+	setcookie($settings['session_prefix'].'read', '', cookie_options(0));
+	header('location: index.php?mode=index');
+	exit;
+}
 
-if(isset($_GET['fold_threads']))
- {
-  if($_SESSION[$settings['session_prefix'].'usersettings']['fold_threads'] == 0)
-   {
-    $_SESSION[$settings['session_prefix'].'usersettings']['fold_threads'] = 1;
-    setcookie($settings['session_prefix'].'usersettings',$_SESSION[$settings['session_prefix'].'usersettings']['user_view'].'.'.$_SESSION[$settings['session_prefix'].'usersettings']['thread_order'].'.'.$_SESSION[$settings['session_prefix'].'usersettings']['sidebar'].'.1.'.$_SESSION[$settings['session_prefix'].'usersettings']['thread_display'],TIMESTAMP+(3600*24*$settings['cookie_validity_days']));
-   }
-  else
-   {
-    $_SESSION[$settings['session_prefix'].'usersettings']['fold_threads'] = 0;
-    setcookie($settings['session_prefix'].'usersettings',$_SESSION[$settings['session_prefix'].'usersettings']['user_view'].'.'.$_SESSION[$settings['session_prefix'].'usersettings']['thread_order'].'.'.$_SESSION[$settings['session_prefix'].'usersettings']['sidebar'].'.0.'.$_SESSION[$settings['session_prefix'].'usersettings']['thread_display'],TIMESTAMP+(3600*24*$settings['cookie_validity_days']));
-   }
-  #$clear_cache=true;
-  // update database for registered users:
-  if(isset($_SESSION[$settings['session_prefix'].'user_id']))
-   {
-    @mysqli_query($connid, "UPDATE ".$db_settings['userdata_table']." SET last_login=last_login, last_logout=last_logout, registered=registered, fold_threads = ".intval($_SESSION[$settings['session_prefix'].'usersettings']['fold_threads'])." WHERE user_id='".intval($_SESSION[$settings['session_prefix'].'user_id'])."'") or die(mysqli_error($connid));
-   }
-
-  if(isset($_GET['category']) && isset($_GET['page']) && isset($_GET['order'])) $q = '&page='.$_GET['page'].'&category='.$_GET['category'].'&order='.$_GET['order']; else $q = '';
-  if(isset($_GET['ajax'])) exit;
-  header('Location: index.php?mode=index'.$q);
-  exit;
- }
-
-if(isset($_GET['refresh']))
- {
-  if(isset($_SESSION[$settings['session_prefix'].'usersettings']['newtime']))
-   {
-    $_SESSION[$settings['session_prefix'].'usersettings']['newtime'] = TIMESTAMP;
-    #$_SESSION[$settings['session_prefix'].'usersettings']['read'] = array();
-    #@mysqli_query($connid, "UPDATE ".$db_settings['userdata_table']." SET last_logout=NOW(), entries_read='' WHERE user_id='".intval($_SESSION[$settings['session_prefix'].'user_id'])."'");
-   }
-  setcookie($settings['session_prefix'].'last_visit',TIMESTAMP.".".TIMESTAMP,TIMESTAMP+(3600*24*$settings['cookie_validity_days']));
-  setcookie($settings['session_prefix'].'read','',0);
-  header('location: index.php?mode=index');
-  exit;
- }
-
-if(isset($_GET['show_spam']) && isset($_SESSION[$settings['session_prefix'].'user_id']) && $_SESSION[$settings['session_prefix'].'user_id']>0)
- {
-  if(isset($_SESSION[$settings['session_prefix'].'usersettings']['show_spam'])) unset($_SESSION[$settings['session_prefix'].'usersettings']['show_spam']);
-  else $_SESSION[$settings['session_prefix'].'usersettings']['show_spam'] = true;
-  header('location: index.php?mode=index');
-  exit;
- }
+if (isset($_GET['show_spam']) && isset($_SESSION[$settings['session_prefix'].'user_id']) && $_SESSION[$settings['session_prefix'].'user_id'] > 0) {
+	if (isset($_SESSION[$settings['session_prefix'].'usersettings']['show_spam'])) unset($_SESSION[$settings['session_prefix'].'usersettings']['show_spam']);
+	else $_SESSION[$settings['session_prefix'].'usersettings']['show_spam'] = true;
+	header('location: index.php?mode=index');
+	exit;
+}
 
 // determine last visit:
-if(empty($_SESSION[$settings['session_prefix'].'user_id']) && $settings['remember_last_visit'] == 1)
- {
-  if(isset($_COOKIE[$settings['session_prefix'].'last_visit']))
-   {
-    $c_last_visit = explode(".", $_COOKIE[$settings['session_prefix'].'last_visit']);
-    if(isset($c_last_visit[0])) $c_last_visit[0] = intval(trim($c_last_visit[0])); else $c_last_visit[0] = TIMESTAMP;
-    if(isset($c_last_visit[1])) $c_last_visit[1] = intval(trim($c_last_visit[1])); else $c_last_visit[1] = TIMESTAMP;
-    if($c_last_visit[1] < (TIMESTAMP - 600))
-     {
-      $c_last_visit[0] = $c_last_visit[1];
-      $c_last_visit[1] = TIMESTAMP;
-      setcookie($settings['session_prefix'].'last_visit',$c_last_visit[0].".".$c_last_visit[1],TIMESTAMP+(3600*24*$settings['cookie_validity_days']));
-     }
-   }
-  else setcookie($settings['session_prefix'].'last_visit',TIMESTAMP.".".TIMESTAMP,TIMESTAMP+(3600*24*$settings['cookie_validity_days']));
- }
-if(isset($c_last_visit)) $last_visit = intval($c_last_visit[0]); else $last_visit = TIMESTAMP;
+if (empty($_SESSION[$settings['session_prefix'].'user_id']) && $settings['remember_last_visit'] == 1) {
+	if (isset($_COOKIE[$settings['session_prefix'].'last_visit'])) {
+		$c_last_visit = explode(".", $_COOKIE[$settings['session_prefix'].'last_visit']);
+		if (isset($c_last_visit[0])) $c_last_visit[0] = intval(trim($c_last_visit[0])); else $c_last_visit[0] = TIMESTAMP;
+		if (isset($c_last_visit[1])) $c_last_visit[1] = intval(trim($c_last_visit[1])); else $c_last_visit[1] = TIMESTAMP;
+		if ($c_last_visit[1] < (TIMESTAMP - 600)) {
+			$c_last_visit[0] = $c_last_visit[1];
+			$c_last_visit[1] = TIMESTAMP;
+			setcookie($settings['session_prefix'].'last_visit', $c_last_visit[0].".".$c_last_visit[1], cookie_options(TIMESTAMP + (3600 * 24 * $settings['cookie_validity_days'])));
+		}
+	}
+	else 
+		setcookie($settings['session_prefix'].'last_visit', TIMESTAMP.".".TIMESTAMP, cookie_options(TIMESTAMP + (3600 * 24 * $settings['cookie_validity_days'])));
+}
 
-if(isset($_GET['category']))
- {
-  $category = intval($_GET['category']);
-  $_SESSION[$settings['session_prefix'].'usersettings']['category']=$category;
-  $_SESSION[$settings['session_prefix'].'usersettings']['page']=1;
- }
+if (isset($c_last_visit)) $last_visit = intval($c_last_visit[0]); else $last_visit = TIMESTAMP;
 
-if(isset($category_ids) && isset($_SESSION[$settings['session_prefix'].'usersettings']['category_selection']))
- {
-  $category_selection = filter_category_selection($_SESSION[$settings['session_prefix'].'usersettings']['category_selection'], $category_ids);
-  if(!empty($category_selection)) $category_selection_query = implode(', ', $category_selection);
- }
+if (isset($_GET['category'])) {
+	$category = intval($_GET['category']);
+	$_SESSION[$settings['session_prefix'].'usersettings']['category'] = $category;
+	$_SESSION[$settings['session_prefix'].'usersettings']['page'] = 1;
+}
 
-// show spam?
-$display_spam_query_and = ' AND spam = 0';
-$display_spam_query_where = ' WHERE spam = 0';
-if(isset($_SESSION[$settings['session_prefix'].'usersettings']['show_spam']))
- {
-  $display_spam_query_and = '';
-  $display_spam_query_where = '';
- }
+if (isset($category_ids) && isset($_SESSION[$settings['session_prefix'].'usersettings']['category_selection'])) {
+	$category_selection = filter_category_selection($_SESSION[$settings['session_prefix'].'usersettings']['category_selection'], $category_ids);
+	if (!empty($category_selection)) $category_selection_query = implode(', ', $category_selection);
+}
 
-// count postings, threads, users and users online:
-if($categories == false) // no categories defined
-  {
-   $count_result = mysqli_query($connid, "SELECT COUNT(*) FROM ".$db_settings['forum_table']." WHERE pid = 0".$display_spam_query_and);
-   list($total_threads) = mysqli_fetch_row($count_result);
-   mysqli_free_result($count_result);
-   $count_result = mysqli_query($connid, "SELECT COUNT(*) FROM ".$db_settings['forum_table'].$display_spam_query_where);
-   list($total_postings) = mysqli_fetch_row($count_result);
-   mysqli_free_result($count_result);
-  }
- else // there are categories
-  {
-   $count_result = mysqli_query($connid, "SELECT COUNT(*) FROM ".$db_settings['forum_table']." WHERE pid = 0".$display_spam_query_and." AND category IN (".$category_ids_query.")");
-   list($total_threads) = mysqli_fetch_row($count_result);
-   mysqli_free_result($count_result);
-   $count_result = mysqli_query($connid, "SELECT COUNT(*) FROM ".$db_settings['forum_table']." WHERE category IN (".$category_ids_query.")".$display_spam_query_and);
-   list($total_postings) = mysqli_fetch_row($count_result);
-   mysqli_free_result($count_result);
-  }
 // count spam:
-$count_spam_result = mysqli_query($connid, "SELECT COUNT(*) FROM ".$db_settings['forum_table']." WHERE spam = 1");
+$count_spam_sql = 
+	"SELECT COUNT(*) FROM " . $db_settings['forum_table'] . " AS ft INNER JOIN (SELECT eid FROM " . $db_settings['akismet_rating_table'] . " WHERE " . $db_settings['akismet_rating_table'] . ".spam = 1 UNION SELECT eid FROM " . $db_settings['b8_rating_table'] . " WHERE " . $db_settings['b8_rating_table'] . ".spam = 1) AS spam_list ON spam_list.eid = ft.id";
+
+$count_spam_result = mysqli_query($connid, $count_spam_sql);
 list($total_spam) = mysqli_fetch_row($count_spam_result);
 mysqli_free_result($count_spam_result);
 
+// show spam?  NOTE: variables are used in several php files, i.e. index.inc.php, thread.inc.php, entry.inc.php
+$show_spam = false;
+$spam_sql_and = " AND spam_list.id IS NULL";
 
-$count_result = mysqli_query($connid, "SELECT COUNT(*) FROM ".$db_settings['userdata_table']." WHERE activate_code=''");
-list($registered_users) = mysqli_fetch_row($count_result);
+if ($total_spam > 0 && isset($_SESSION[$settings['session_prefix'].'usersettings']['show_spam'])) {
+	$show_spam = true;
+	$spam_sql_and = " AND spam_list.id IS NOT NULL";
+}
 
-if($settings['count_users_online']>0)
- {
-  user_online($settings['count_users_online']);
-  $count_result = mysqli_query($connid, "SELECT COUNT(*) FROM ".$db_settings['useronline_table']." WHERE user_id > 0");
-  list($registered_users_online) = mysqli_fetch_row($count_result);
-  $count_result = mysqli_query($connid, "SELECT COUNT(*) FROM ".$db_settings['useronline_table']." WHERE user_id = 0");
-  list($unregistered_users_online) = mysqli_fetch_row($count_result);
-  $total_users_online = $unregistered_users_online + $registered_users_online;
- }
+// count postings, threads, users and users online:
+$total_threads_postings_body = 
+	"SELECT COUNT(DISTINCT ft.id) FROM " . $db_settings['forum_table'] . " AS ft LEFT JOIN (SELECT ".$db_settings['forum_table'].".id, ".$db_settings['forum_table'].".tid FROM ".$db_settings['forum_table']." INNER JOIN " . $db_settings['akismet_rating_table'] . " ON ".$db_settings['forum_table'].".id = " . $db_settings['akismet_rating_table'] . ".eid WHERE " . $db_settings['akismet_rating_table'] . ".spam = 1 UNION SELECT ".$db_settings['forum_table'].".id, ".$db_settings['forum_table'].".tid FROM ".$db_settings['forum_table']." INNER JOIN " . $db_settings['b8_rating_table'] . " ON ".$db_settings['forum_table'].".id = " . $db_settings['b8_rating_table'] . ".eid WHERE " . $db_settings['b8_rating_table'] . ".spam = 1)";
+$threads_check_sql = " AND pid = 0";
+if ($show_spam) {
+	$spam_totals =  " AS spam_list ON spam_list.tid = ft.tid WHERE spam_list.id IS NOT NULL";
+} else {
+	$spam_totals = " AS spam_list ON spam_list.id = ft.id WHERE spam_list.id IS NULL";
+}
+if ($categories == false) {
+	$total_postings_category = "";
+} else {
+	// there are categories
+	$total_postings_category = " AND category IN (" . $category_ids_query . ")";		
+}
+$total_threads_sql = $total_threads_postings_body . $spam_totals . $total_postings_category . $threads_check_sql;
+$count_result = mysqli_query($connid, $total_threads_sql);
+list($total_threads) = mysqli_fetch_row($count_result);
 mysqli_free_result($count_result);
 
-if(isset($settings['time_difference'])) $time_difference = intval($settings['time_difference']);
+$total_postings_sql = $total_threads_postings_body . $spam_totals . $total_postings_category;
+$count_result = mysqli_query($connid, $total_postings_sql);
+list($total_postings) = mysqli_fetch_row($count_result);
+mysqli_free_result($count_result);
+
+$count_result = mysqli_query($connid, "SELECT COUNT(*) FROM " . $db_settings['userdata_table'] . " WHERE activate_code = ''");
+list($registered_users) = mysqli_fetch_row($count_result);
+
+if ($settings['count_users_online'] > 0) {
+	user_online($settings['count_users_online']);
+	$count_result = mysqli_query($connid, "SELECT COUNT(*) FROM ".$db_settings['useronline_table']." WHERE user_id > 0");
+	list($registered_users_online) = mysqli_fetch_row($count_result);
+	$count_result = mysqli_query($connid, "SELECT COUNT(*) FROM ".$db_settings['useronline_table']." WHERE user_id = 0");
+	list($unregistered_users_online) = mysqli_fetch_row($count_result);
+	$total_users_online = $unregistered_users_online + $registered_users_online;
+}
+mysqli_free_result($count_result);
+
+if (isset($settings['time_difference'])) $time_difference = intval($settings['time_difference']);
 else $time_difference = 0;
-if(isset($_SESSION[$settings['session_prefix'].'usersettings']['time_difference'])) $time_difference = $_SESSION[$settings['session_prefix'].'usersettings']['time_difference']+$time_difference;
+if (isset($_SESSION[$settings['session_prefix'].'usersettings']['time_difference'])) $time_difference = $_SESSION[$settings['session_prefix'].'usersettings']['time_difference'] + $time_difference;
 
 // page menu:
-if(isset($_SESSION[$settings['session_prefix'].'user_id'])) $menu_result = @mysqli_query($connid, "SELECT id, menu_linkname FROM ".$db_settings['pages_table']." WHERE menu_linkname!='' ORDER BY order_id ASC") or raise_error('database_error',mysqli_error($connid));
-else $menu_result = @mysqli_query($connid, "SELECT id, menu_linkname FROM ".$db_settings['pages_table']." WHERE menu_linkname!='' AND access=0 ORDER BY order_id ASC") or raise_error('database_error',mysqli_error($connid));
-if(mysqli_num_rows($menu_result)>0)
- {
-  $i=0;
-  while($pages_data = mysqli_fetch_array($menu_result))
-   {
-    $menu[$i]['id'] = $pages_data['id'];
-    $menu[$i]['linkname'] = $pages_data['menu_linkname'];
-    $i++;
-   }
- }
+if (isset($_SESSION[$settings['session_prefix'].'user_id'])) $menu_result = @mysqli_query($connid, "SELECT id, menu_linkname FROM ".$db_settings['pages_table']." WHERE menu_linkname != '' ORDER BY order_id ASC") or raise_error('database_error', mysqli_error($connid));
+else $menu_result = @mysqli_query($connid, "SELECT id, menu_linkname FROM ".$db_settings['pages_table']." WHERE menu_linkname != '' AND access = 0 ORDER BY order_id ASC") or raise_error('database_error', mysqli_error($connid));
+if (mysqli_num_rows($menu_result) > 0) {
+	$i = 0;
+	while ($pages_data = mysqli_fetch_array($menu_result)) {
+		$menu[$i]['id'] = $pages_data['id'];
+		$menu[$i]['linkname'] = $pages_data['menu_linkname'];
+		$i++;
+	}
+}
 mysqli_free_result($menu_result);
 ?>

includes/page.inc.php

@@ -1,38 +1,33 @@
 <?php
-if(!defined('IN_INDEX'))
- {
-  header('Location: ../index.php');
-  exit;
- }
+if (!defined('IN_INDEX')) {
+	header('Location: ../index.php');
+	exit;
+}
 
-if(isset($_GET['id']))
- {
-  $id = intval($_GET['id']);
-  $result = @mysqli_query($connid, "SELECT id, title, content, access FROM ".$db_settings['pages_table']." WHERE id= ".$id." LIMIT 1") or raise_error('database_error',mysqli_error($connid));
-   if(mysqli_num_rows($result)>0)
-    {
-     $data = mysqli_fetch_array($result);
-     if($data['access']==0||isset($_SESSION[$settings['session_prefix'].'user_id']))
-      {
-       $page['id'] = intval($data['id']);
-       $page['access'] = intval($data['access']);
-       $page['title'] = $data['title'];
-       $page['content'] = $data['content'];
-       $smarty->assign('page',$page);
-      }
-     else $smarty->assign('no_authorisation',true);
-    }
-   else $smarty->assign('page_doesnt_exist',true);
-   mysqli_free_result($result);
- }
+if (isset($_GET['id'])) {
+	$id = intval($_GET['id']);
+	$result = @mysqli_query($connid, "SELECT id, title, content, access FROM ".$db_settings['pages_table']." WHERE id= ". intval($id) ." LIMIT 1") or raise_error('database_error', mysqli_error($connid));
+	if (mysqli_num_rows($result) > 0) {
+		$data = mysqli_fetch_array($result);
+		if ($data['access'] == 0 || isset($_SESSION[$settings['session_prefix'].'user_id'])) {
+			$page['id'] = intval($data['id']);
+			$page['access'] = intval($data['access']);
+			$page['title'] = $data['title'];
+			$page['content'] = $data['content'];
+			$smarty->assign('page', $page);
+		}
+		else $smarty->assign('no_authorisation', true);
+	}
+	else $smarty->assign('page_doesnt_exist', true);
+	mysqli_free_result($result);
+}
 
-if(isset($page))
- {
-  $smarty->assign('subnav_location','subnav_page');
-  $smarty->assign('subnav_location_var',$page['title']);
- }
-else $smarty->assign('subnav_location','subnav_page_error');
+if(isset($page)) {
+	$smarty->assign('subnav_location', 'subnav_page');
+	$smarty->assign('subnav_location_var', $page['title']);
+}
+else $smarty->assign('subnav_location', 'subnav_page_error');
 
-$smarty->assign('subtemplate','page.inc.tpl');
+$smarty->assign('subtemplate', 'page.inc.tpl');
 $template = 'main.tpl';
 ?>

includes/register.inc.php

@@ -1,234 +1,290 @@
 <?php
-if(!defined('IN_INDEX'))
- {
-  header('Location: ../index.php');
-  exit;
- }
+if (!defined('IN_INDEX')) {
+	header('Location: ../index.php');
+	exit;
+}
 
 $smarty->configLoad($settings['language_file'], 'emails');
 $lang = $smarty->getConfigVars();
 
 // remove not activated user accounts:
-@mysqli_query($connid, "DELETE FROM ".$db_settings['userdata_table']." WHERE registered < (NOW() - INTERVAL 24 HOUR) AND activate_code != '' AND logins=0");
+@mysqli_query($connid, "DELETE FROM ".$db_settings['userdata_table']." WHERE registered < (NOW() - INTERVAL 24 HOUR) AND activate_code != '' AND logins = 0");
 
-if(empty($_SESSION[$settings['session_prefix'].'user_id']) && $settings['captcha_register']>0)
- {
-  require('modules/captcha/captcha.php');
-  $captcha = new Captcha();
- }
+if(empty($_SESSION[$settings['session_prefix'].'user_id']) && $settings['captcha_register'] > 0) {
+	require('modules/captcha/captcha.php');
+	$captcha = new Captcha();
+}
 
-if(isset($_REQUEST['action'])) $action = $_REQUEST['action'];
-else $action = 'main';
+if (isset($_REQUEST['action'])) 
+	$action = $_REQUEST['action'];
+else 
+	$action = 'main';
 
-if(isset($_POST['register_submit'])) $action = 'register_submitted';
-if(isset($_GET['key'])) $action = 'activate';
+if (isset($_POST['register_submit'])) 
+	$action = 'register_submitted';
+if (isset($_GET['key'])) 
+	$action = 'activate';
 
-switch($action)
- {
-  case 'main':
-   if($settings['register_mode']<2)
-    {
-     if($settings['terms_of_use_agreement']==1) $smarty->assign("terms_of_use_agreement",true);
-     $smarty->assign('subnav_location','subnav_register');
-     $smarty->assign('subtemplate','register.inc.tpl');
-     $template = 'main.tpl';
-    }
-   else
-    {
-     $smarty->assign('lang_section','register');
-     $smarty->assign('message','register_only_by_admin');
-     $smarty->assign('subnav_location','subnav_register');
-     $smarty->assign('subtemplate','info.inc.tpl');
-     $template = 'main.tpl';
-    }
-  break;
-  case 'register_submitted':
-   if($settings['register_mode']>1 || !isset($_POST['csrf_token']) || $_POST['csrf_token'] !== $_SESSION['csrf_token']) die('No authorisation!');
-   else
-    {
-     $new_user_name = trim($_POST['new_user_name']);
-     $new_user_email = trim($_POST['new_user_email']);
-     $reg_pw = $_POST['reg_pw'];
-     $reg_pw_conf = $_POST['reg_pw_conf'];
-     if(isset($_POST['terms_of_use_agree']) && $_POST['terms_of_use_agree']==1) $terms_of_use_agree=1; else $terms_of_use_agree=0;
+$fname_user = hash("sha256", 'new_user_name' . $_SESSION['csrf_token']);
+$fname_email = hash("sha256", 'new_user_email' . $_SESSION['csrf_token']);
+$fname_pword = hash("sha256", 'reg_pw' . $_SESSION['csrf_token']);
+$fname_phone = hash("sha256", 'phone' . $_SESSION['csrf_token']);
+$fname_repemail = hash("sha256", 'repeat_email' . $_SESSION['csrf_token']);
 
-     // form complete?
-     if($new_user_name=='' || $new_user_email=='' || $reg_pw=='' || $reg_pw_conf=='') $errors[] = 'error_form_uncomplete';
+switch ($action) {
+	case 'main':
+		// set timestamp for SPAM protection
+		setReceiptTimestamp();
+		if ($settings['register_mode'] < 2) {
+			if ($settings['terms_of_use_agreement'] == 1)
+				$smarty->assign("terms_of_use_agreement", true);
+			if ($settings['data_privacy_agreement'] == 1)
+				$smarty->assign("data_privacy_agreement", true);
+			$smarty->assign('subnav_location', 'subnav_register');
+			$smarty->assign('subtemplate', 'register.inc.tpl');
+			$smarty->assign('fld_user_name', $fname_user);
+			$smarty->assign('fld_user_email', $fname_email);
+			$smarty->assign('fld_pword', $fname_pword);
+			$smarty->assign('fld_phone', $fname_phone);
+			$smarty->assign('fld_repeat_email', $fname_repemail);
+			$template = 'main.tpl';
+		} else {
+			$smarty->assign('lang_section', 'register');
+			$smarty->assign('message', 'register_only_by_admin');
+			$smarty->assign('subnav_location', 'subnav_register');
+			$smarty->assign('subtemplate', 'info.inc.tpl');
+			$template = 'main.tpl';
+		}
+	break;
+	case 'register_submitted':
+		if ($settings['register_mode'] > 1 || !isset($_POST['csrf_token']) || $_POST['csrf_token'] !== $_SESSION['csrf_token']) 
+			die('No authorisation!');
+		else {
+			$new_user_name  = (!empty($_POST[$fname_user])) ? trim($_POST[$fname_user]) : '';
+			$new_user_email = (!empty($_POST[$fname_email])) ? trim($_POST[$fname_email]) : '';
+			$reg_pw = $_POST[$fname_pword];
+			$terms_of_use_agree = (isset($_POST['terms_of_use_agree']) && $_POST['terms_of_use_agree'] == 1) ? 1 : 0;
+			$data_privacy_statement_agree = (isset($_POST['data_privacy_statement_agree']) && $_POST['data_privacy_statement_agree'] == 1) ? 1 : 0;
 
-     if(empty($errors))
-      {
-       // password too short?
-       if(my_strlen($reg_pw, $lang['charset']) < $settings['min_pw_length']) $errors[] = 'error_password_too_short';
-       // password and repeatet Password equal?
-       if($reg_pw != $reg_pw_conf) $errors[] = 'error_pw_conf_wrong';
-       // name too long?
-       if(my_strlen($new_user_name, $lang['charset']) > $settings['username_maxlength']) $errors[] = 'error_name_too_long';
-       // e-mail address too long?
-       if(my_strlen($new_user_email, $lang['charset']) > $settings['email_maxlength']) $errors[] = 'error_email_too_long';
+			// form complete and are honey pot fields empty?
+			if ($new_user_name == '' || $new_user_email == '' || $new_user_name == $new_user_email || $reg_pw == '' || !isset($_POST[$fname_repemail]) || !empty($_POST[$fname_repemail]) || !isset($_POST[$fname_phone]) || !empty($_POST[$fname_phone]))
+				$errors[] = 'error_form_uncomplete';
+			
+			if (empty($errors)) {
+				setReceiptTimestamp();
+				if (!isset($_SESSION[$settings['session_prefix'] . 'receipt_timestamp_difference']) || intval($_SESSION[$settings['session_prefix'] . 'receipt_timestamp_difference']) <= 0)
+					$errors[] = 'error_invalid_form';
+				else {
+					if ($_SESSION[$settings['session_prefix'] . 'receipt_timestamp_difference'] < $settings['min_register_time'])
+						$errors[] = 'error_form_sent_too_fast';
+					elseif ($_SESSION[$settings['session_prefix'] . 'receipt_timestamp_difference'] > $settings['max_register_time'])
+						$errors[] = 'error_form_sent_too_slow';
+				}
+			}
 
-       // word in username too long?
-       $too_long_word = too_long_word($new_user_name,$settings['name_word_maxlength']);
-       if($too_long_word) $errors[] = 'error_word_too_long';
+			if (empty($errors)) {
+				$min_password_length_by_restrictions = intval($settings['min_pw_digits']) + intval($settings['min_pw_lowercase_letters']) + intval($settings['min_pw_uppercase_letters']) + intval($settings['min_pw_special_characters']);
+				// password too short?
+				if ($min_password_length_by_restrictions < intval($settings['min_pw_length']) && my_strlen($reg_pw, $lang['charset']) < intval($settings['min_pw_length'])) 
+					$errors[] = 'error_password_too_short';
+				// see: http://php.net/manual/en/regexp.reference.unicode.php
+				// \p{N}                == numbers
+				// [\p{Ll}\p{Lm}\p{Lo}] == lowercase, modifier, other letters
+				// [\p{Lu}\p{Lt}]       == uppercase, titlecase letters
+				// [\p{S}\p{P}\p{Z}]    == symbols, punctuations, separator
+				// password contains numbers?
+				if ($settings['min_pw_digits'] > 0 && !preg_match("/(?=(.*\p{N}){" . intval($settings['min_pw_digits']) . ",})/u", $reg_pw))
+					$errors[] = 'error_pw_needs_digit';
+				// password contains lowercase letter?
+				if ($settings['min_pw_lowercase_letters'] > 0 && !preg_match("/(?=(.*[\p{Ll}\p{Lm}\p{Lo}]){" . intval($settings['min_pw_lowercase_letters']) . ",})/u", $reg_pw))
+					$errors[] = 'error_pw_needs_lowercase_letter';
+				// password contains uppercase letter?
+				if ($settings['min_pw_uppercase_letters'] > 0 && !preg_match("/(?=(.*[\p{Lu}\p{Lt}]){" . intval($settings['min_pw_uppercase_letters']) . ",})/u", $reg_pw))
+					$errors[] = 'error_pw_needs_uppercase_letter';
+				// password contains special character?
+				if ($settings['min_pw_special_characters'] > 0 && !preg_match("/(?=(.*[\p{S}\p{P}\p{Z}]){" . intval($settings['min_pw_special_characters']) . ",})/u", $reg_pw))
+					$errors[] = 'error_pw_needs_special_character';
+				// name too long?
+				if (my_strlen($new_user_name, $lang['charset']) > $settings['username_maxlength']) 
+					$errors[] = 'error_name_too_long';
+				// e-mail address too long?
+				if (my_strlen($new_user_email, $lang['charset']) > $settings['email_maxlength']) 
+					$errors[] = 'error_email_too_long';
+				// word in username too long?
+				$too_long_word = too_long_word($new_user_name,$settings['name_word_maxlength']);
+				if ($too_long_word) 
+					$errors[] = 'error_word_too_long';
 
-       // look if name already exists:
-       $name_result = mysqli_query($connid, "SELECT user_name FROM ".$db_settings['userdata_table']." WHERE lower(user_name) = '".mysqli_real_escape_string($connid, my_strtolower($new_user_name, $lang['charset']))."'") or raise_error('database_error',mysqli_error($connid));
-       if(mysqli_num_rows($name_result)>0) $errors[] = 'user_name_already_exists';
-       mysqli_free_result($name_result);
+				// look if name already exists:
+				$name_result = mysqli_query($connid, "SELECT user_name FROM ".$db_settings['userdata_table']." WHERE lower(user_name) = '". mysqli_real_escape_string($connid, my_strtolower($new_user_name, $lang['charset'])) ."'") or raise_error('database_error', mysqli_error($connid));
+				if (mysqli_num_rows($name_result) > 0) 
+					$errors[] = 'user_name_already_exists';
+				mysqli_free_result($name_result);
 
-       // look, if e-mail already exists:
-       $email_result = mysqli_query($connid, "SELECT user_email FROM ".$db_settings['userdata_table']." WHERE lower(user_email) = '".mysqli_real_escape_string($connid, my_strtolower($new_user_email, $lang['charset']))."'") or raise_error('database_error',mysqli_error($connid));
-       if(mysqli_num_rows($email_result)>0) $errors[] = 'error_email_alr_exists';
-       mysqli_free_result($email_result);
+				// look, if e-mail already exists:
+				$email_result = mysqli_query($connid, "SELECT user_email FROM ".$db_settings['userdata_table']." WHERE lower(user_email) = '". mysqli_real_escape_string($connid, my_strtolower($new_user_email, $lang['charset'])) ."'") or raise_error('database_error', mysqli_error($connid));
+				if (mysqli_num_rows($email_result) > 0) 
+					$errors[] = 'error_email_alr_exists';
+				mysqli_free_result($email_result);
 
-       // e-mail correct?
-       if(!is_valid_email($new_user_email)) $errors[] = 'error_email_wrong';
+				// e-mail correct?
+				if (!is_valid_email($new_user_email)) 
+					$errors[] = 'error_email_wrong';
 
-       if($settings['terms_of_use_agreement']==1 && $terms_of_use_agree!=1) $errors[] = 'terms_of_use_error_register';
+				if ($settings['terms_of_use_agreement'] == 1 && $terms_of_use_agree != 1)
+					$errors[] = 'terms_of_use_error_register';
+				if ($settings['data_privacy_agreement'] == 1 && $data_privacy_statement_agree != 1)
+					$errors[] = 'data_priv_statement_error_reg';
 
-       if(contains_special_characters($new_user_name)) $errors[] = 'error_username_invalid_chars';
-      }
+				if (contains_special_characters($new_user_name))
+					$errors[] = 'error_username_invalid_chars';
+			}
 
-     // check for not accepted words:
-     $checkstring = my_strtolower($new_user_name.' '.$new_user_email, $lang['charset']);
-     $not_accepted_words = get_not_accepted_words($checkstring);
-     if($settings['stop_forum_spam']==1) $infamous_email = isInfamousEmail($new_user_email);
-     else $infamous_email = false;
-     if($not_accepted_words!=false || $infamous_email) $errors[] = 'error_reg_not_accepted_word';
+			// check for not accepted words:
+			$checkstring = my_strtolower($new_user_name.' '.$new_user_email, $lang['charset']);
+			$not_accepted_words = get_not_accepted_words($checkstring);
+			if ($settings['stop_forum_spam'] == 1) 
+				$infamous_email = isInfamousEmail($new_user_email);
+			else 
+				$infamous_email = false;
+			if ($not_accepted_words != false || $infamous_email) 
+				$errors[] = 'error_reg_not_accepted_word';
 
-     // CAPTCHA check:
-     if(empty($errors) && empty($_SESSION[$settings['session_prefix'].'user_id']) && $settings['captcha_register']>0)
-      {
-       if($settings['captcha_register']==2)
-        {
-         if(empty($_SESSION['captcha_session']) || empty($_POST['captcha_code']) || $captcha->check_captcha($_SESSION['captcha_session'],$_POST['captcha_code'])!=true) $errors[] = 'captcha_check_failed';
-        }
-       else
-        {
-         if(empty($_SESSION['captcha_session']) || empty($_POST['captcha_code']) || $captcha->check_math_captcha($_SESSION['captcha_session'][2],$_POST['captcha_code'])!=true) $errors[] = 'captcha_check_failed';
-        }
-       unset($_SESSION['captcha_session']);
-      }
+			// CAPTCHA check:
+			if (empty($errors) && empty($_SESSION[$settings['session_prefix'].'user_id']) && $settings['captcha_register'] > 0) {
+				if ($settings['captcha_register'] == 2) {
+					if (empty($_SESSION['captcha_session']) || empty($_POST['captcha_code']) || $captcha->check_captcha($_SESSION['captcha_session'], $_POST['captcha_code']) != true)
+						$errors[] = 'captcha_check_failed';
+				} 
+				else {
+					if (empty($_SESSION['captcha_session']) || empty($_POST['captcha_code']) || $captcha->check_math_captcha($_SESSION['captcha_session'][2], $_POST['captcha_code']) != true)
+						$errors[] = 'captcha_check_failed';
+				}
+				unset($_SESSION['captcha_session']);
+			}
 
-     // save user if no errors:
-     if(empty($errors))
-      {
-       $pw_hash = generate_pw_hash($reg_pw);
-       $activate_code = random_string(20);
-       $activate_code_hash = generate_pw_hash($activate_code);
-       if($settings['register_mode']==1) $user_lock = 1;
-       else $user_lock = 0;
-       @mysqli_query($connid, "INSERT INTO ".$db_settings['userdata_table']." (user_type, user_name, user_real_name, user_pw, user_email, user_hp, user_location, signature, profile, email_contact, last_login, last_logout, user_ip, registered, user_view, fold_threads, user_lock, auto_login_code, pwf_code, activate_code) VALUES (0,'".mysqli_real_escape_string($connid, $new_user_name)."','','".mysqli_real_escape_string($connid, $pw_hash)."','".mysqli_real_escape_string($connid, $new_user_email)."','','','','',".$settings['default_email_contact'].",NULL,NOW(),'".mysqli_real_escape_string($connid, $_SERVER["REMOTE_ADDR"])."',NOW(),".intval($settings['default_view']).", ".intval($settings['fold_threads']).", ".$user_lock.", '', '', '".mysqli_real_escape_string($connid, $activate_code_hash)."')") or raise_error('database_error',mysqli_error($connid));
+			// save user if no errors:
+			if (empty($errors)) {
+				$pw_hash = generate_pw_hash($reg_pw);
+				$activate_code = random_string(20);
+				$activate_code_hash = generate_pw_hash($activate_code);
+				if ($settings['register_mode'] == 1)
+					$user_lock = 1;
+				else
+					$user_lock = 0;
+				@mysqli_query($connid, "INSERT INTO ".$db_settings['userdata_table']." (user_type, user_name, user_real_name, user_pw, user_email, user_hp, user_location, signature, profile, email_contact, last_login, last_logout, user_ip, registered, user_view, fold_threads, user_lock, auto_login_code, pwf_code, activate_code, tou_accepted, dps_accepted) VALUES (0, '". mysqli_real_escape_string($connid, $new_user_name) ."', '', '". mysqli_real_escape_string($connid, $pw_hash) ."', '". mysqli_real_escape_string($connid, $new_user_email) ."', '', '', '', '', ".$settings['default_email_contact'].", NULL, NOW(), '". mysqli_real_escape_string($connid, $_SERVER["REMOTE_ADDR"]) ."', NOW(), ". intval($settings['default_view']) .", ". intval($settings['fold_threads']) .", ". $user_lock .", '', '', '". mysqli_real_escape_string($connid, $activate_code_hash) ."', ". ($terms_of_use_agree == 1 ? "NOW()" : "NULL") .", ". ($data_privacy_statement_agree == 1 ? "NOW()" : "NULL") .")") or raise_error('database_error', mysqli_error($connid));
 
-       // get new user ID:
-       $new_user_id_result = mysqli_query($connid, "SELECT user_id FROM ".$db_settings['userdata_table']." WHERE user_name = '".mysqli_real_escape_string($connid, $new_user_name)."' LIMIT 1");
-       if (!$new_user_id_result) raise_error('database_error',mysqli_error($connid));
-       $field = mysqli_fetch_array($new_user_id_result);
-       $new_user_id = $field['user_id'];
-       mysqli_free_result($new_user_id_result);
+				// get new user ID:
+				$new_user_id_result = mysqli_query($connid, "SELECT user_id FROM ".$db_settings['userdata_table']." WHERE user_name = '". mysqli_real_escape_string($connid, $new_user_name) ."' LIMIT 1");
+				if (!$new_user_id_result) 
+					raise_error('database_error', mysqli_error($connid));
+				$field = mysqli_fetch_array($new_user_id_result);
+				$new_user_id = $field['user_id'];
+				mysqli_free_result($new_user_id_result);
 
-       // send e-mail with activation key to new user:
-       $lang['new_user_email_txt'] = str_replace("[name]", $new_user_name, $lang['new_user_email_txt']);
-       $lang['new_user_email_txt'] = str_replace("[activate_link]", $settings['forum_address']."index.php?mode=register&id=".$new_user_id."&key=".$activate_code, $lang['new_user_email_txt']);
+				// send e-mail with activation key to new user:
+				$lang['new_user_email_txt'] = str_replace("[name]", $new_user_name, $lang['new_user_email_txt']);
+				$lang['new_user_email_txt'] = str_replace("[activate_link]", $settings['forum_address']."index.php?mode=register&id=".$new_user_id."&key=".$activate_code, $lang['new_user_email_txt']);
 
-       if(my_mail($new_user_email, $lang['new_user_email_sj'], $lang['new_user_email_txt'])) $smarty->assign('message','registered');
-       else $smarty->assign('message','registered_send_error');
+				if (my_mail($new_user_email, $lang['new_user_email_sj'], $lang['new_user_email_txt'])) 
+					$smarty->assign('message', 'registered');
+				else 
+					$smarty->assign('message', 'registered_send_error');
 
-       $smarty->assign('lang_section','register');
-       $smarty->assign('var',htmlspecialchars($new_user_email));
-       $smarty->assign('subnav_location','subnav_register');
-       $smarty->assign('subtemplate','info.inc.tpl');
-       $template = 'main.tpl';
-      }
-     else
-      {
-       $smarty->assign('errors',$errors);
-       if(isset($too_long_word)) $smarty->assign('word',$too_long_word);
-       $smarty->assign('subnav_location','subnav_register');
-       $smarty->assign('subtemplate','register.inc.tpl');
-       $smarty->assign('new_user_name',htmlspecialchars($new_user_name));
-       $smarty->assign('new_user_email',htmlspecialchars($new_user_email));
-       if($settings['terms_of_use_agreement']==1) $smarty->assign("terms_of_use_agreement",true);
-       $template = 'main.tpl';
-      }
-    }
-  break;
-  case 'activate':
-   if(isset($_GET['id'])) $id = intval($_GET['id']); else $error = TRUE;
-   if(isset($_GET['key'])) $key = trim($_GET['key']); else $error = TRUE;
-   if(empty($error))
-    {
-     if($id==0) $error = TRUE;
-     if($key=='') $error = TRUE;
-    }
-   if(empty($error))
-    {
-     $result = mysqli_query($connid, "SELECT user_name, user_email, logins, activate_code FROM ".$db_settings['userdata_table']." WHERE user_id = ".intval($id)." LIMIT 1") or raise_error('database_error',mysqli_error($connid));
-     if(mysqli_num_rows($result) != 1) $errors[] = true;
-     $data = mysqli_fetch_array($result);
-     mysqli_free_result($result);
-    }
-   if(empty($error))
-    {
-     if(trim($data['activate_code']) == '') $error = true;
-    }
-   if(empty($error))
-    {
-     if(is_pw_correct($key,$data['activate_code']))
-      {
-       @mysqli_query($connid, "UPDATE ".$db_settings['userdata_table']." SET activate_code = '' WHERE user_id=".intval($id)) or raise_error('database_error',mysqli_error($connid));
+				$smarty->assign('lang_section', 'register');
+				$smarty->assign('var', htmlspecialchars($new_user_email));
+				$smarty->assign('subnav_location', 'subnav_register');
+				$smarty->assign('subtemplate', 'info.inc.tpl');
+				$template = 'main.tpl';
+			} else {
+				$smarty->assign('errors', $errors);
+				if (isset($too_long_word))
+					$smarty->assign('word', $too_long_word);
+				$smarty->assign('subnav_location', 'subnav_register');
+				$smarty->assign('subtemplate', 'register.inc.tpl');
+				$smarty->assign('fld_user_name', $fname_user);
+				$smarty->assign('fld_user_email', $fname_email);
+				$smarty->assign('fld_pword', $fname_pword);
+				$smarty->assign('fld_phone', $fname_phone);
+				$smarty->assign('fld_repeat_email', $fname_repemail);
+				$smarty->assign('new_user_name',   htmlspecialchars($new_user_name));
+				$smarty->assign('new_user_email',  htmlspecialchars($new_user_email));
+				$smarty->assign('honey_pot_email', htmlspecialchars(isset($_POST[$fname_repemail]) ? $_POST[$fname_repemail] : ''));
+				$smarty->assign('honey_pot_phone', htmlspecialchars(isset($_POST[$fname_phone])   ? $_POST[$fname_phone]   : ''));
+				if ($settings['terms_of_use_agreement'] == 1)
+					$smarty->assign("terms_of_use_agreement", true);
+				if ($settings['data_privacy_agreement'] == 1)
+					$smarty->assign("data_privacy_agreement", true);
+				$template = 'main.tpl';
+			}
+		}
+	break;
+	case 'activate':
+		if (isset($_GET['id'])) $id = intval($_GET['id']); else $error = TRUE;
+		if (isset($_GET['key']) && !empty($_GET['key'])) $key = trim($_GET['key']); else $error = TRUE;
+		if (empty($error)) {
+			if ($id == 0) $error = TRUE;
+			if ($key == '') $error = TRUE;
+		}
+		if (empty($error)) {
+			$result = mysqli_query($connid, "SELECT user_name, user_email, logins, activate_code FROM ".$db_settings['userdata_table']." WHERE user_id = ". intval($id) ." LIMIT 1") or raise_error('database_error', mysqli_error($connid));
+			if (mysqli_num_rows($result) != 1) $errors[] = true;
+			$data = mysqli_fetch_array($result);
+			mysqli_free_result($result);
+		}
+		if (empty($error)) {
+			if (!empty($data['activate_code']) && trim($data['activate_code']) == '') $error = true;
+		}
+		if (empty($error)) {
+			if (is_pw_correct($key,$data['activate_code'])) {
+				@mysqli_query($connid, "UPDATE ".$db_settings['userdata_table']." SET activate_code = '' WHERE user_id = ". intval($id)) or raise_error('database_error', mysqli_error($connid));
 
-       // E-mail notification to mods and admins:
-       if($data['logins']==0) // if != 0 user has changed his e-mail address
-        {
-         if($settings['register_mode']==1) $new_user_notif_txt = $lang['new_user_notif_txt_locked'];
-         else $new_user_notif_txt = $lang['new_user_notif_txt'];
-         $new_user_notif_txt = str_replace("[name]", $data['user_name'], $new_user_notif_txt);
-         $new_user_notif_txt = str_replace("[email]", $data['user_email'], $new_user_notif_txt);
-         $new_user_notif_txt = str_replace("[user_link]", $settings['forum_address']."index.php?mode=user&show_user=".$id, $new_user_notif_txt);
+				// E-mail notification to mods and admins:
+				if ($data['logins'] == 0) {
+					// if != 0 user has changed his e-mail address
+					if ($settings['register_mode'] == 1) $new_user_notif_txt = $lang['new_user_notif_txt_locked'];
+					else $new_user_notif_txt = $lang['new_user_notif_txt'];
+					$new_user_notif_txt = str_replace("[name]", $data['user_name'], $new_user_notif_txt);
+					$new_user_notif_txt = str_replace("[email]", $data['user_email'], $new_user_notif_txt);
+					$new_user_notif_txt = str_replace("[user_link]", $settings['forum_address']."index.php?mode=user&show_user=".$id, $new_user_notif_txt);
 
-         // who gets a notification?
-         $admin_result = @mysqli_query($connid, "SELECT user_name, user_email FROM ".$db_settings['userdata_table']." WHERE user_type>0 AND new_user_notification=1");
-         if(!$admin_result) raise_error('database_error',mysqli_error($connid));
-         while($admin_array = mysqli_fetch_array($admin_result))
-          {
-           $ind_reg_emailbody = str_replace("[recipient]", $admin_array['user_name'], $new_user_notif_txt);
-           $admin_mailto = my_mb_encode_mimeheader($admin_array['user_name'], CHARSET, "Q")." <".$admin_array['user_email'].">";
-           my_mail($admin_mailto, $lang['new_user_notif_sj'], $ind_reg_emailbody);
-          }
-        }
-       if($settings['register_mode']==1) header("Location: index.php?mode=login&login_message=account_activated_but_locked");
-       else header("Location: index.php?mode=login&login_message=account_activated");
-       exit;
-      }
-     else $error = true;
-    }
-   if(isset($error))
-    {
-     $smarty->assign('lang_section','register');
-     $smarty->assign('message','activation_failed');
-     $smarty->assign('subnav_location','subnav_register');
-     $smarty->assign('subtemplate','info.inc.tpl');
-     $template = 'main.tpl';
-    }
-  break;
- }
+					// who gets a notification?
+					$admin_result = @mysqli_query($connid, "SELECT user_name, user_email FROM ".$db_settings['userdata_table']." WHERE user_type > 0 AND new_user_notification = 1");
+					if (!$admin_result) raise_error('database_error', mysqli_error($connid));
+					while ($admin_array = mysqli_fetch_array($admin_result)) {
+						$ind_reg_emailbody = str_replace("[recipient]", $admin_array['user_name'], $new_user_notif_txt);
+						$admin_mailto = my_mb_encode_mimeheader($admin_array['user_name'], CHARSET, "Q")." <".$admin_array['user_email'].">";
+						my_mail($admin_mailto, $lang['new_user_notif_sj'], $ind_reg_emailbody);
+					}
+				}
+				if ($settings['register_mode'] == 1) header("Location: index.php?mode=login&login_message=account_activated_but_locked");
+				else header("Location: index.php?mode=login&login_message=account_activated");
+				exit;
+			}
+			else $error = true;
+		}
+		if(isset($error)) {
+			$smarty->assign('lang_section', 'register');
+			$smarty->assign('message', 'activation_failed');
+			$smarty->assign('subnav_location', 'subnav_register');
+			$smarty->assign('subtemplate', 'info.inc.tpl');
+			$template = 'main.tpl';
+		}
+	break;
+}
 
 // CAPTCHA:
-if(empty($_SESSION[$settings['session_prefix'].'user_id']) && $settings['captcha_register']>0)
- {
-  if($settings['captcha_register']==2)
-   {
-    $_SESSION['captcha_session'] = $captcha->generate_code();
-   }
-  else
-   {
-    $_SESSION['captcha_session'] = $captcha->generate_math_captcha();
-    $captcha_tpl['number_1'] = $_SESSION['captcha_session'][0];
-    $captcha_tpl['number_2'] = $_SESSION['captcha_session'][1];
-   }
-  $captcha_tpl['session_name'] = session_name();
-  $captcha_tpl['session_id'] = session_id();
-  $captcha_tpl['type'] = $settings['captcha_register'];
-  $smarty->assign('captcha',$captcha_tpl);
- }
+if (empty($_SESSION[$settings['session_prefix'].'user_id']) && $settings['captcha_register'] > 0) {
+	if ($settings['captcha_register'] == 2) {
+		$_SESSION['captcha_session'] = $captcha->generate_code();
+	} else {
+		$_SESSION['captcha_session'] = $captcha->generate_math_captcha();
+		$captcha_tpl['number_1'] = $_SESSION['captcha_session'][0];
+		$captcha_tpl['number_2'] = $_SESSION['captcha_session'][1];
+	}
+	$captcha_tpl['session_name'] = session_name();
+	$captcha_tpl['session_id'] = session_id();
+	$captcha_tpl['type'] = $settings['captcha_register'];
+	$smarty->assign('captcha', $captcha_tpl);
+}
 ?>

includes/rss.inc.php

@@ -1,97 +1,79 @@
 <?php
-if(!defined('IN_INDEX'))
- {
-  header('Location: ../index.php');
-  exit;
- }
+if (!defined('IN_INDEX')) {
+	header('Location: ../index.php');
+	exit;
+}
 
-if($settings['rss_feed'] == 1 && $settings['forum_enabled']==1)
- {
-  if(isset($_GET['items']) && $_GET['items']=='thread_starts')
-   {
-    $query_addition = ' AND pid=0';
-    $thread_starts = true;
-    $smarty->assign('thread_starts',true);
-    if(isset($_GET['category'])) $query_addition .= ' AND category='.intval($_GET['category']);
-   }
-  elseif(isset($_GET['thread']))
-   {
-    $query_addition = ' AND tid='.intval($_GET['thread']);
-    $smarty->assign('thread',true);
-   }
-  elseif(isset($_GET['replies']))
-   {
-    $query_addition = ' AND tid='.intval($_GET['replies']).' AND pid!=0';
-    $smarty->assign('replies',true);
-   }
-  else
-   {
-    $query_addition = '';
-    if(isset($_GET['category'])) $query_addition .= ' AND category='.intval($_GET['category']);
-   }
-  // database request
-  if($categories == false)
-   {
-    $result = @mysqli_query($connid, "SELECT id, pid, ".$db_settings['forum_table'].".user_id, UNIX_TIMESTAMP(time + INTERVAL ".$time_difference." MINUTE) AS timestamp, UNIX_TIMESTAMP(time) AS pubdate_timestamp, name, user_name, subject, text, cache_text
-                            FROM ".$db_settings['forum_table']."
-                            LEFT JOIN ".$db_settings['entry_cache_table']." ON ".$db_settings['entry_cache_table'].".cache_id=id
-                            LEFT JOIN ".$db_settings['userdata_table']." ON ".$db_settings['userdata_table'].".user_id=".$db_settings['forum_table'].".user_id
-                            WHERE spam=0".$query_addition."
-                            ORDER BY time DESC LIMIT ".$settings['rss_feed_max_items']) or raise_error('database_error',mysqli_error($connid));
-    if(!$result) raise_error('database_error',mysqli_error($connid));
-    }
-  else
-   {
-    $result = @mysqli_query($connid, "SELECT id, pid, ".$db_settings['forum_table'].".user_id, UNIX_TIMESTAMP(time + INTERVAL ".$time_difference." MINUTE) AS timestamp, UNIX_TIMESTAMP(time) AS pubdate_timestamp, name, user_name, category, subject, text, cache_text
-    FROM ".$db_settings['forum_table']."
-    LEFT JOIN ".$db_settings['entry_cache_table']." ON ".$db_settings['entry_cache_table'].".cache_id=id
-    LEFT JOIN ".$db_settings['userdata_table']." ON ".$db_settings['userdata_table'].".user_id=".$db_settings['forum_table'].".user_id
-    WHERE category IN (".$category_ids_query.") AND spam=0".$query_addition."
-    ORDER BY time DESC LIMIT ".$settings['rss_feed_max_items']) or raise_error('database_error',mysqli_error($connid));
-   }
-  $result_count = mysqli_num_rows($result);
+if ($settings['rss_feed'] == 1 && $settings['forum_enabled'] == 1) {
+	if (isset($_GET['items']) && $_GET['items'] == 'thread_starts') {
+		$query_addition = ' AND pid = 0';
+		$thread_starts = true;
+		$smarty->assign('thread_starts', true);
+		if (isset($_GET['category'])) $query_addition .= ' AND category='.intval($_GET['category']);
+	} elseif (isset($_GET['thread'])) {
+		$query_addition = ' AND tid = '. intval($_GET['thread']);
+		$smarty->assign('thread', true);
+	} elseif (isset($_GET['replies'])) {
+		$query_addition = ' AND tid = '. intval($_GET['replies']) .' AND pid != 0';
+		$smarty->assign('replies', true);
+	} else {
+		$query_addition = '';
+		if (isset($_GET['category'])) $query_addition .= ' AND category = '. intval($_GET['category']);
+	}
+	// database request
+	if ($categories == false) {
+		$result = @mysqli_query($connid, "SELECT id, pid, ".$db_settings['forum_table'].".user_id, UNIX_TIMESTAMP(time + INTERVAL ".$time_difference." MINUTE) AS timestamp, UNIX_TIMESTAMP(time) AS pubdate_timestamp, name, user_name, subject, text, cache_text
+			FROM ".$db_settings['forum_table']."
+			LEFT JOIN " . $db_settings['entry_cache_table'] .    " ON " . $db_settings['entry_cache_table'] . ".cache_id = id
+			LEFT JOIN " . $db_settings['userdata_table'] .       " ON " . $db_settings['userdata_table'] . ".user_id = ".$db_settings['forum_table'].".user_id
+			LEFT JOIN " . $db_settings['akismet_rating_table'] . " ON " . $db_settings['akismet_rating_table'] . ".`eid` = `".$db_settings['forum_table']."`.`id` 
+			LEFT JOIN " . $db_settings['b8_rating_table'] .      " ON " . $db_settings['b8_rating_table'] . ".`eid` = `".$db_settings['forum_table']."`.`id` 
+			WHERE (" . $db_settings['akismet_rating_table'] . ".spam = 0 AND " . $db_settings['b8_rating_table'] . ".spam = 0) ".$query_addition."
+			ORDER BY time DESC LIMIT ".$settings['rss_feed_max_items']) or raise_error('database_error', mysqli_error($connid));
+		if (!$result) raise_error('database_error', mysqli_error($connid));
+	} else {
+		$result = @mysqli_query($connid, "SELECT id, pid, ".$db_settings['forum_table'].".user_id, UNIX_TIMESTAMP(time + INTERVAL ".$time_difference." MINUTE) AS timestamp, UNIX_TIMESTAMP(time) AS pubdate_timestamp, name, user_name, category, subject, text, cache_text
+			FROM ".$db_settings['forum_table']."
+			LEFT JOIN " . $db_settings['entry_cache_table'] .    " ON " . $db_settings['entry_cache_table'] . ".cache_id = id
+			LEFT JOIN " . $db_settings['userdata_table'] .       " ON " . $db_settings['userdata_table'] . ".user_id = ".$db_settings['forum_table'].".user_id
+			LEFT JOIN " . $db_settings['akismet_rating_table'] . " ON " . $db_settings['akismet_rating_table'] . ".`eid` = `".$db_settings['forum_table']."`.`id` 
+			LEFT JOIN " . $db_settings['b8_rating_table'] .      " ON " . $db_settings['b8_rating_table'] . ".`eid` = `".$db_settings['forum_table']."`.`id` 
+			WHERE category IN (".$category_ids_query.") AND (" . $db_settings['akismet_rating_table'] . ".spam = 0 AND " . $db_settings['b8_rating_table'] . ".spam = 0) ".$query_addition."
+			ORDER BY time DESC LIMIT ".$settings['rss_feed_max_items']) or raise_error('database_error', mysqli_error($connid));
+	}
+	$result_count = mysqli_num_rows($result);
 
-  if($result_count > 0)
-   {
-    $i=0;
-    while ($row = mysqli_fetch_array($result))
-     {
-      if($row['pid']!=0) $rss_items[$i]['reply'] = true;
-      
-      if($row['cache_text']=='') 
-       {
-        $rss_items[$i]['text'] = html_format($row['text']);
-        @mysqli_query($connid, "DELETE FROM ".$db_settings['entry_cache_table']." WHERE cache_id=".intval($row['id']));
-        @mysqli_query($connid, "INSERT INTO ".$db_settings['entry_cache_table']." (cache_id, cache_text) VALUES (".intval($row['id']).",'".mysqli_real_escape_string($connid, $rss_items[$i]['text'])."')");
-       }
-      else
-       {
-        $rss_items[$i]['text'] = $row['cache_text'];
-       }
-  
-      #$text = html_format($row['text']);
-      #$rss_items[$i]['text'] = $text;
-      
-      $rss_items[$i]['title'] = htmlspecialchars(filter_control_characters($row['subject']));
+	if ($result_count > 0) {
+		$i = 0;
+		while ($row = mysqli_fetch_array($result)) {
+			if ($row['pid'] != 0) $rss_items[$i]['reply'] = true;
+			if ($row['cache_text'] == '') {
+				$rss_items[$i]['text'] = html_format($row['text']);
+				@mysqli_query($connid, "DELETE FROM ".$db_settings['entry_cache_table']." WHERE cache_id = ". intval($row['id']));
+        @mysqli_query($connid, "INSERT INTO ".$db_settings['entry_cache_table']." (cache_id, cache_text) VALUES (". intval($row['id']) .",'". mysqli_real_escape_string($connid, $rss_items[$i]['text']) ."')");
+			} else {
+				$rss_items[$i]['text'] = $row['cache_text'];
+			}
+			$rss_items[$i]['text'] = str_replace('src="images', 'src="'. htmlspecialchars($settings['forum_address']) .'images', $rss_items[$i]['text']);
+			$rss_items[$i]['title'] = htmlspecialchars(filter_control_characters($row['subject']));
 
-      if($categories!=false && isset($categories[$row['category']]) && $categories[$row['category']]!='') $rss_items[$i]['category'] = $categories[$row['category']];
+			if ($categories != false && isset($categories[$row['category']]) && $categories[$row['category']] != '') $rss_items[$i]['category'] = $categories[$row['category']];
 
-      if($row['user_id']>0)
-       {
-        if(!$row['user_name']) $rss_items[$i]['name'] = $lang['unknown_user'];
-        else $rss_items[$i]['name'] = htmlspecialchars(filter_control_characters($row['user_name']));
-       }
-      else $rss_items[$i]['name'] = htmlspecialchars(filter_control_characters($row['name']));
+			if ($row['user_id'] > 0) {
+				if (!$row['user_name']) $rss_items[$i]['name'] = $lang['unknown_user'];
+				else $rss_items[$i]['name'] = htmlspecialchars(filter_control_characters($row['user_name']));
+			}
+			else $rss_items[$i]['name'] = htmlspecialchars(filter_control_characters($row['name']));
 
-      $rss_items[$i]['link'] = $settings['forum_address']."index.php?id=".$row['id'];
-      if(isset($thread_starts)) $rss_items[$i]['commentRss'] = $settings['forum_address']."index.php?mode=rss&amp;replies=".$row['id'];
-      $rss_items[$i]['timestamp'] = $row['timestamp'];
-      $rss_items[$i]['formated_time'] = format_time($lang['time_format_full'],$row['timestamp']);
-      $rss_items[$i]['pubdate'] = gmdate('r', $row['pubdate_timestamp']);
-      $i++;
-     }
-    $smarty->assign("rss_items",$rss_items);
-   }
- }
+			$rss_items[$i]['link'] = $settings['forum_address']."index.php?id=".$row['id'];
+			if (isset($thread_starts)) $rss_items[$i]['commentRss'] = $settings['forum_address']."index.php?mode=rss&amp;replies=".$row['id'];
+			$rss_items[$i]['timestamp'] = $row['timestamp'];
+			$rss_items[$i]['formated_time'] = format_time($lang['time_format_full'],$row['timestamp']);
+			$rss_items[$i]['pubdate'] = gmdate('r', $row['pubdate_timestamp']);
+			$i++;
+		}
+		$smarty->assign("rss_items",$rss_items);
+	}
+}
 $template = 'rss.tpl';
 ?>

includes/search.inc.php

@@ -1,232 +1,208 @@
 <?php
-if(!defined('IN_INDEX'))
- {
-  header('Location: ../index.php');
-  exit;
- }
+if (!defined('IN_INDEX')) {
+	header('Location: ../index.php');
+	exit;
+}
 
-if(isset($_SESSION[$settings['session_prefix'].'user_id'])) {
-	$tmp_user_id = $_SESSION[$settings['session_prefix'].'user_id'];
+if (isset($_SESSION[$settings['session_prefix'] . 'user_id'])) {
+	$tmp_user_id = $_SESSION[$settings['session_prefix'] . 'user_id'];
 } else {
 	$tmp_user_id = 0;
 }
 
-if(isset($_GET['list_spam']) && isset($_SESSION[$settings['session_prefix'].'user_type']) && $_SESSION[$settings['session_prefix'].'user_type']>0)
- {
-  // list spam postings:
-  $count_result = mysqli_query($connid, "SELECT COUNT(*) FROM ".$db_settings['forum_table']." WHERE spam=1");
-  list($search_results_count) = mysqli_fetch_row($count_result);
-  $total_pages = ceil($search_results_count / $settings['search_results_per_page']);
-  if(isset($_GET['page'])) $page = intval($_GET['page']); else $page = 1;
-  if($page < 1) $page = 1;
-  if($page > $total_pages) $page = $total_pages;
-  $ul = ($page-1) * $settings['search_results_per_page'];
-  // data for browse navigation:
-  $page_browse['page'] = $page;
-  $page_browse['total_items'] = $search_results_count;
-  $page_browse['items_per_page'] = $settings['search_results_per_page'];
-  $page_browse['browse_array'][] = 1;
-  if($page > 5) $page_browse['browse_array'][] = 0;
-  for($browse=$page-3; $browse<$page+4; $browse++)
-   {
-    if ($browse > 1 && $browse < $total_pages) $page_browse['browse_array'][] = $browse;
-   }
-  if($page < $total_pages-4) $page_browse['browse_array'][] = 0;
-  if($total_pages > 1) $page_browse['browse_array'][] = $total_pages;
-  if($page < $total_pages) $page_browse['next_page'] = $page + 1; else $page_browse['next_page'] = 0;
-  if($page > 1) $page_browse['previous_page'] = $page - 1; else $page_browse['previous_page'] = 0;
-  $smarty->assign('page_browse',$page_browse);
-  if($search_results_count>0)
-   {
-    $result = @mysqli_query($connid, "SELECT id, pid, tid, ".$db_settings['forum_table'].".user_id, UNIX_TIMESTAMP(time) AS time, UNIX_TIMESTAMP(time + INTERVAL ".$time_difference." MINUTE) AS timestamp, UNIX_TIMESTAMP(last_reply) AS last_reply, name, user_name, subject, IF(text='',true,false) AS no_text, category, marked, sticky
-                            FROM ".$db_settings['forum_table']."
-                            LEFT JOIN ".$db_settings['userdata_table']." ON ".$db_settings['userdata_table'].".user_id=".$db_settings['forum_table'].".user_id
-                            WHERE spam=1
-                            ORDER BY tid DESC, time ASC LIMIT ".$ul.", ".$settings['search_results_per_page']) or die(mysqli_error($connid));
-    $i=0;
-    while($row = mysqli_fetch_array($result))
-     {
-      $search_results[$i]['id'] = intval($row['id']);
-      $search_results[$i]['pid'] = intval($row['pid']);
+if (isset($_GET['search'])) {
+	// regular serach:
+	$search = urldecode($_GET['search']);
+	if (isset($_GET['p_category']))
+		$p_category = intval($_GET['p_category']);
+	else
+		$p_category = 0;
+	if (isset($_GET['method']) && $_GET['method'] == 'tags')
+		$method = 'tags';
+	elseif (isset($_GET['method']) && $_GET['method'] == 'fulltext_or')
+		$method = 'fulltext_or';
+	else
+		$method = 'fulltext';
+	if (!empty($search)) $search = trim($search);
+	
+	// split search query at spaces, but not between double quotes:
+	$help_pattern = '[!/*/~/?]'; // pattern to hide spaces between quotes
+	$x_search     = preg_replace_callback(
+			"#\"(.+?)\"#is", 
+			function ($string) {
+				global $help_pattern;
+				return str_replace(" ", $help_pattern,$string[1]);
+			},
+			$search
+	);
+	
+	$x_search_array = explode(' ', my_strtolower($x_search, $lang['charset']));
+	foreach ($x_search_array as $item) {
+		$search_array[] = mysqli_real_escape_string($connid, str_replace($help_pattern, ' ', $item));
+	}
+	$search_array = array_filter(array_map('trim', $search_array), function($value) { return $value !== ''; });
+	
+	// limit to 3 words:
+	if (count($search_array) > 3) {
+		for ($i = 0; $i < 3; ++$i) {
+			$stripped_search_array[] = $search_array[$i];
+		}
+		$search_array = $stripped_search_array;
+	}
+	$search_string_array = array();
+	foreach ($search_array as $item) {
+		if (my_strpos($item, ' ', 0, CHARSET)) {
+			$item = '"' . $item . '"';
+		}
+		$search_string_array[] = $item;
+	}
+	$search = implode(' ', $search_string_array);
+	
+	// search...
+	$ham_filter = " (`" . $db_settings['akismet_rating_table'] . "`.`spam` = 0 AND `" . $db_settings['b8_rating_table'] . "`.`spam` = 0) ";
+	if ($method == 'fulltext_or') {
+		// fulltext or
+		$search_string = "CONCAT(LOWER(`subject`), LOWER(IF(`ft`.`user_id` > 0, (SELECT `user_name` FROM `" . $db_settings['userdata_table'] . "` WHERE `user_id` = `ft`.`user_id`), `name`)), LOWER(`text`), IFNULL(LOWER(`tag`), '')) LIKE '%" . implode("%' OR " . $ham_filter . " AND CONCAT(LOWER(`subject`), LOWER(IF(`ft`.`user_id` > 0, (SELECT `user_name` FROM `" . $db_settings['userdata_table'] . "` WHERE `user_id` = `ft`.`user_id`), `name`)), LOWER(`text`), IFNULL(LOWER(`tag`), '')) LIKE '%", $search_array) . "%'";
+	} elseif ($method == 'tags') {
+		// tags
+		$search_string = "(IFNULL(LOWER(`tag`), '') LIKE '%" . implode("%' OR IFNULL(LOWER(`tag`), '') LIKE '%", $search_array) . "%') ";
+	} else {
+		// fulltext
+		$search_string = "CONCAT(LOWER(`subject`), LOWER(IF(`ft`.`user_id` > 0, (SELECT `user_name` FROM `" . $db_settings['userdata_table'] . "` WHERE `user_id` = `ft`.`user_id`), `name`)), LOWER(`text`), IFNULL(LOWER(`tag`), '')) LIKE '%" . implode("%' AND CONCAT(LOWER(`subject`), LOWER(IF(`ft`.`user_id` > 0, (SELECT `user_name` FROM `" . $db_settings['userdata_table'] . "` WHERE `user_id` = `ft`.`user_id`), `name`)), LOWER(`text`), IFNULL(LOWER(`tag`), '')) LIKE '%", $search_array) . "%' ";
+	}
+	
+	$search_string = $ham_filter . " AND " . $search_string;
+	
+	// restrict to category
+	if (isset($p_category) && $p_category != 0)	
+		$search_string = "category = " . $p_category . " AND " . $search_string;
+	
+	// count results:
+	if ($search != '') {
+		$sql = "SELECT COUNT(DISTINCT `ft`.`id`) 
+				FROM `" . $db_settings['forum_table'] . "` AS `ft`		
+				LEFT JOIN `" . $db_settings['entry_tags_table'] .     "` ON `" . $db_settings['entry_tags_table'] . "`.`bid`     = `ft`.`id`
+				LEFT JOIN `" . $db_settings['tags_table'] .           "` ON `" . $db_settings['entry_tags_table'] . "`.`tid`     = `" . $db_settings['tags_table']  . "`.`id` 
+				LEFT JOIN `" . $db_settings['akismet_rating_table'] . "` ON `" . $db_settings['akismet_rating_table'] . "`.`eid` = `ft`.`id` 
+				LEFT JOIN `" . $db_settings['b8_rating_table'] .      "` ON `" . $db_settings['b8_rating_table'] . "`.`eid`      = `ft`.`id` 
+				WHERE ";
 
-      if($row['user_id']>0)
-       {
-        if(!$row['user_name']) $search_results[$i]['name'] = $lang['unknown_user'];
-        else $search_results[$i]['name'] = htmlspecialchars($row['user_name']);
-       }
-      else $search_results[$i]['name'] = htmlspecialchars($row['name']);
-      $search_results[$i]['subject'] = htmlspecialchars($row['subject']);
-      $search_results[$i]['timestamp'] = $row['timestamp'];
-      $search_results[$i]['no_text'] = $row['no_text'];
-      $search_results[$i]['formated_time'] = format_time($lang['time_format'],$row['timestamp']);
-      if(isset($categories[$row["category"]]) && $categories[$row['category']]!='')
-       {
-        $search_results[$i]['category']=$row["category"];
-        $search_results[$i]['category_name']=$categories[$row["category"]];
-       }
-      $i++;
-     }
-    mysqli_free_result($result);
-   }
-  $smarty->assign('search_results_count',$search_results_count);
-  if(isset($search_results)) $smarty->assign('search_results',$search_results);
-  $smarty->assign('list_spam', true);
-  $smarty->assign('subnav_location','subnav_list_spam');
- }
-elseif(isset($_GET['search']))
- {
-  // regular serach:
-  $search = urldecode($_GET['search']);
-  if(isset($_GET['p_category'])) $p_category = intval($_GET['p_category']);
-  else $p_category = 0;
-  if(isset($_GET['method']) && $_GET['method']=='tags') $method = 'tags';
-  elseif(isset($_GET['method']) && $_GET['method']=='fulltext_or') $method = 'fulltext_or';
-  else $method = 'fulltext';
-  $search = trim($search);
+		if ($categories != false)
+			$count_result = @mysqli_query($connid, $sql . $search_string . " AND `category` IN (" . $category_ids_query . ")");
+		else
+			$count_result = @mysqli_query($connid, $sql . $search_string);
 
-  // split search query at spaces, but not between double quotes:
-  $help_pattern = '[!/*/~/?]'; // pattern to hide spaces between quotes
-  $x_search = preg_replace_callback("#\"(.+?)\"#is", create_function('$string','global $help_pattern; return str_replace(" ",$help_pattern,$string[1]);'), $search);
+		list($search_results_count) = mysqli_fetch_row($count_result);
+	} 
+	else
+		$search_results_count = 0;
+	
+	$total_pages = ceil($search_results_count / $settings['search_results_per_page']);
+	
+	if (isset($_GET['page']))
+		$page = intval($_GET['page']);
+	else
+		$page = 1;
+	if ($page < 1)
+		$page = 1;
+	if ($page > $total_pages)
+		$page = $total_pages;
+	$ul                            = ($page - 1) * $settings['search_results_per_page'];
+	// data for browse navigation:
+	$page_browse['page']           = $page;
+	$page_browse['total_items']    = $search_results_count;
+	$page_browse['items_per_page'] = $settings['search_results_per_page'];
+	$page_browse['browse_array'][] = 1;
+	if ($page > 5)
+		$page_browse['browse_array'][] = 0;
+	for ($browse = $page - 3; $browse < $page + 4; $browse++) {
+		if ($browse > 1 && $browse < $total_pages)
+			$page_browse['browse_array'][] = $browse;
+	}
+	if ($page < $total_pages - 4)
+		$page_browse['browse_array'][] = 0;
+	if ($total_pages > 1)
+		$page_browse['browse_array'][] = $total_pages;
+	if ($page < $total_pages)
+		$page_browse['next_page'] = $page + 1;
+	else
+		$page_browse['next_page'] = 0;
+	if ($page > 1)
+		$page_browse['previous_page'] = $page - 1;
+	else
+		$page_browse['previous_page'] = 0;
+	$smarty->assign('page_browse', $page_browse);
 
-  $x_search_array = explode(' ', my_strtolower($x_search, $lang['charset']));
-  foreach($x_search_array as $item)
-   {
-    $search_array[] = mysqli_real_escape_string($connid, str_replace($help_pattern,' ',$item));
-   }
+	if ($search_results_count > 0) {
+		if ($categories != false) {
+			$result = @mysqli_query($connid, "SELECT DISTINCT ft.id, ft.pid, ft.tid, ft.user_id, UNIX_TIMESTAMP(ft.time) AS time, UNIX_TIMESTAMP(ft.time + INTERVAL " . $time_difference . " MINUTE) AS timestamp, UNIX_TIMESTAMP(last_reply) AS last_reply, name, user_name, subject, IF(text='',true,false) AS no_text, category, marked, sticky, rst.user_id AS req_user
+				FROM " . $db_settings['forum_table'] . " AS ft
+				LEFT JOIN " . $db_settings['userdata_table'] . " ON " . $db_settings['userdata_table'] . ".user_id = ft.user_id
+				LEFT JOIN " . $db_settings['read_status_table'] . " AS rst ON rst.posting_id = ft.id AND rst.user_id = " . intval($tmp_user_id) . "
+				LEFT JOIN `" . $db_settings['entry_tags_table'] . "` ON `" . $db_settings['entry_tags_table'] . "`.`bid` = `ft`.`id`
+				LEFT JOIN `" . $db_settings['tags_table'] . "` ON `" . $db_settings['entry_tags_table'] . "`.`tid` = `" . $db_settings['tags_table'] . "`.`id`
+				LEFT JOIN `" . $db_settings['akismet_rating_table'] . "` ON `" . $db_settings['akismet_rating_table'] . "`.`eid` = `ft`.`id` 
+				LEFT JOIN `" . $db_settings['b8_rating_table'] .      "` ON `" . $db_settings['b8_rating_table'] . "`.`eid`      = `ft`.`id` 
+				WHERE " . $search_string . " AND category IN (" . $category_ids_query . ")
+				ORDER BY tid DESC, time ASC LIMIT " . $ul . ", " . $settings['search_results_per_page']) or die(mysqli_error($connid));
+		} else {
+			$result = @mysqli_query($connid, "SELECT DISTINCT ft.id, ft.pid, ft.tid, ft.user_id, UNIX_TIMESTAMP(ft.time) AS time, UNIX_TIMESTAMP(ft.time + INTERVAL " . $time_difference . " MINUTE) AS timestamp, UNIX_TIMESTAMP(last_reply) AS last_reply, name, user_name, subject, IF(text='',true,false) AS no_text, category, marked, sticky, rst.user_id AS req_user
+				FROM " . $db_settings['forum_table'] . " AS ft
+				LEFT JOIN " . $db_settings['userdata_table'] . " ON " . $db_settings['userdata_table'] . ".user_id = ft.user_id
+				LEFT JOIN " . $db_settings['read_status_table'] . " AS rst ON rst.posting_id = ft.id AND rst.user_id = " . intval($tmp_user_id) . "
+				LEFT JOIN `" . $db_settings['entry_tags_table'] . "` ON `" . $db_settings['entry_tags_table'] . "`.`bid` = `ft`.`id`
+				LEFT JOIN `" . $db_settings['tags_table'] . "` ON `" . $db_settings['entry_tags_table'] . "`.`tid` = `" . $db_settings['tags_table'] . "`.`id`
+				LEFT JOIN `" . $db_settings['akismet_rating_table'] . "` ON `" . $db_settings['akismet_rating_table'] . "`.`eid` = `ft`.`id` 
+				LEFT JOIN `" . $db_settings['b8_rating_table'] .      "` ON `" . $db_settings['b8_rating_table'] . "`.`eid`      = `ft`.`id` 
+				WHERE " . $search_string . "
+				ORDER BY tid DESC, time ASC LIMIT " . $ul . ", " . $settings['search_results_per_page']) or die(mysqli_error($connid));
+		}
 
-  // limit to 3 words:
-  if(count($search_array)>3)
-   {
-    for($i=0;$i<3;++$i)
-     {
-      $stripped_search_array[] = $search_array[$i];
-     }
-    $search_array = $stripped_search_array;
-   }
-  foreach($search_array as $item)
-   {
-    if(my_strpos($item, ' ', 0, CHARSET))
-     {
-      $item = '"'.$item.'"';
-     }
-    $serch_string_array[] = $item;
-   }
-  $search = implode(' ',$serch_string_array);
+		$i = 0;
+		while ($row = mysqli_fetch_array($result)) {
+			$search_results[$i]['id']  = intval($row['id']);
+			$search_results[$i]['pid'] = intval($row['pid']);
+			
+			if ($row['user_id'] > 0) {
+				if (!$row['user_name'])
+					$search_results[$i]['name'] = $lang['unknown_user'];
+				else
+					$search_results[$i]['name'] = htmlspecialchars($row['user_name']);
+			} else
+				$search_results[$i]['name'] = htmlspecialchars($row['name']);
+			
+			$search_results[$i]['subject']       = htmlspecialchars($row['subject']);
+			$search_results[$i]['timestamp']     = $row['timestamp'];
+			$search_results[$i]['no_text']       = $row['no_text'];
+			$search_results[$i]['formated_time'] = format_time($lang['time_format'], $row['timestamp']);
+			if (isset($categories[$row["category"]]) && $categories[$row['category']] != '') {
+				$search_results[$i]['category']      = $row["category"];
+				$search_results[$i]['category_name'] = $categories[$row["category"]];
+			}
+			if ($row['req_user'] !== NULL and is_numeric($row['req_user'])) {
+				$search_results[$i]['is_read'] = true;
+			} else {
+				$search_results[$i]['is_read'] = false;
+			}
+			$i++;
+		}
+		mysqli_free_result($result);
+	}
 
-  // search...
-  if($method == 'fulltext_or')
-   {
-    if(isset($p_category) && $p_category != 0) $search_string = "category=".$p_category." AND spam=0 AND concat(lower(subject), lower(name), lower(text), lower(tags)) LIKE '%".implode("%' OR category=".$p_category." AND spam=0 AND concat(lower(subject), lower(name), lower(text), lower(tags)) LIKE '%",$search_array)."%'";
-    else $search_string = "spam=0 AND concat(lower(subject), lower(name), lower(text), lower(tags)) LIKE '%".implode("%' OR spam=0 AND concat(lower(subject), lower(name), lower(text), lower(tags)) LIKE '%",$search_array)."%'";
-   }
-  elseif ($method == 'tags')
-   {
-    if(isset($p_category) && $p_category != 0) $search_string = "lower(tags) LIKE '%;".implode(";%' AND lower(tags) LIKE '%",$search_array)."%' AND category=".$p_category." AND spam=0";
-    else $search_string = "lower(tags) LIKE '%;".implode(";%' AND lower(tags) LIKE '%;",$search_array).";%' AND spam=0";
-   }
-  else // fulltext
-   {
-    if(isset($p_category) && $p_category != 0) $search_string = "concat(lower(subject), lower(name), lower(text), lower(tags)) LIKE '%".implode("%' AND concat(lower(subject), lower(name), lower(text), lower(tags)) LIKE '%",$search_array)."%' AND category=".$p_category." AND spam=0";
-    else $search_string = "concat(lower(subject), lower(name), lower(text), lower(tags)) LIKE '%".implode("%' AND concat(lower(subject), lower(name), lower(text), lower(tags)) LIKE '%",$search_array)."%' AND spam=0";
-   }
+	$smarty->assign('search_results_count', $search_results_count);
+	if (isset($search_results))
+		$smarty->assign('search_results', $search_results);
+	
+	$smarty->assign('search', htmlspecialchars($_GET['search']));
+	$smarty->assign('search_encoded', urlencode($search));
+	$smarty->assign('p_category', $p_category);
+	$smarty->assign('method', $method);
+	$smarty->assign('subnav_location', 'subnav_search');
+} else {
+	$smarty->assign('p_category', 0);
+	$smarty->assign('method', 'fulltext');
+}
 
-  // count results:
-  if($search!='')
-   {
-    if($categories!=false) $count_result = mysqli_query($connid, "SELECT COUNT(*) FROM ".$db_settings['forum_table']." WHERE ".$search_string." AND category IN (".$category_ids_query.")");
-    else $count_result = mysqli_query($connid, "SELECT COUNT(*) FROM ".$db_settings['forum_table']." WHERE ".$search_string);
-    list($search_results_count) = mysqli_fetch_row($count_result);
-   }
-  else $search_results_count = 0;
-
-     $total_pages = ceil($search_results_count / $settings['search_results_per_page']);
-     if(isset($_GET['page'])) $page = intval($_GET['page']); else $page = 1;
-     if($page < 1) $page = 1;
-     if($page > $total_pages) $page = $total_pages;
-     $ul = ($page-1) * $settings['search_results_per_page'];
-     // data for browse navigation:
-     $page_browse['page'] = $page;
-     $page_browse['total_items'] = $search_results_count;
-     $page_browse['items_per_page'] = $settings['search_results_per_page'];
-     $page_browse['browse_array'][] = 1;
-     if($page > 5) $page_browse['browse_array'][] = 0;
-     for($browse=$page-3; $browse<$page+4; $browse++)
-      {
-       if ($browse > 1 && $browse < $total_pages) $page_browse['browse_array'][] = $browse;
-      }
-     if($page < $total_pages-4) $page_browse['browse_array'][] = 0;
-     if($total_pages > 1) $page_browse['browse_array'][] = $total_pages;
-     if($page < $total_pages) $page_browse['next_page'] = $page + 1; else $page_browse['next_page'] = 0;
-     if($page > 1) $page_browse['previous_page'] = $page - 1; else $page_browse['previous_page'] = 0;
-     $smarty->assign('page_browse',$page_browse);
-
-  if($search_results_count>0)
-   {
-    if($categories!=false)
-     {
-      $result = @mysqli_query($connid, "SELECT id, pid, tid, ft.user_id, UNIX_TIMESTAMP(ft.time) AS time, UNIX_TIMESTAMP(ft.time + INTERVAL ".$time_difference." MINUTE) AS timestamp, UNIX_TIMESTAMP(last_reply) AS last_reply, name, user_name, subject, IF(text='',true,false) AS no_text, category, marked, sticky, rst.user_id AS req_user
-                              FROM ".$db_settings['forum_table']." AS ft
-                              LEFT JOIN ".$db_settings['userdata_table']." ON ".$db_settings['userdata_table'].".user_id=ft.user_id
-                              LEFT JOIN ".$db_settings['read_status_table']." AS rst ON rst.posting_id = ft.id AND rst.user_id = ". intval($tmp_user_id) ."
-                              WHERE ".$search_string." AND category IN (".$category_ids_query.")
-                              ORDER BY tid DESC, ft.time ASC LIMIT ".$ul.", ".$settings['search_results_per_page']) or die(mysqli_error($connid));
-     }
-    else
-     {
-      $result = @mysqli_query($connid, "SELECT id, pid, tid, ft.user_id, UNIX_TIMESTAMP(ft.time) AS time, UNIX_TIMESTAMP(ft.time + INTERVAL ".$time_difference." MINUTE) AS timestamp, UNIX_TIMESTAMP(last_reply) AS last_reply, name, user_name, subject, IF(text='',true,false) AS no_text, category, marked, sticky, rst.user_id AS req_user
-                              FROM ".$db_settings['forum_table']." AS ft
-                              LEFT JOIN ".$db_settings['userdata_table']." ON ".$db_settings['userdata_table'].".user_id=ft.user_id
-                              LEFT JOIN ".$db_settings['read_status_table']." AS rst ON rst.posting_id = ft.id AND rst.user_id = ". intval($tmp_user_id) ."
-                              WHERE ".$search_string."
-                              ORDER BY tid DESC, ft.time ASC LIMIT ".$ul.", ".$settings['search_results_per_page']) or die(mysqli_error($connid));
-     }
-    $i=0;
-    while($row = mysqli_fetch_array($result))
-     {
-      $search_results[$i]['id'] = intval($row['id']);
-      $search_results[$i]['pid'] = intval($row['pid']);
-
-      if($row['user_id']>0)
-       {
-        if(!$row['user_name']) $search_results[$i]['name'] = $lang['unknown_user'];
-        else $search_results[$i]['name'] = htmlspecialchars($row['user_name']);
-       }
-      else $search_results[$i]['name'] = htmlspecialchars($row['name']);
-
-      $search_results[$i]['subject'] = htmlspecialchars($row['subject']);
-      $search_results[$i]['timestamp'] = $row['timestamp'];
-      $search_results[$i]['no_text'] = $row['no_text'];
-      $search_results[$i]['formated_time'] = format_time($lang['time_format'],$row['timestamp']);
-      if(isset($categories[$row["category"]]) && $categories[$row['category']]!='')
-       {
-        $search_results[$i]['category']=$row["category"];
-        $search_results[$i]['category_name']=$categories[$row["category"]];
-       }
-      if ($row['req_user'] !== NULL and is_numeric($row['req_user'])) {
-       $search_results[$i]['is_read'] = true;
-      } else {
-       $search_results[$i]['is_read'] = false;
-      }
-      $i++;
-     }
-    mysqli_free_result($result);
-   }
-
-  $smarty->assign('search_results_count',$search_results_count);
-  if(isset($search_results)) $smarty->assign('search_results',$search_results);
-
-  $smarty->assign('search',htmlspecialchars($_GET['search']));
-  $smarty->assign('search_encoded',urlencode($search));
-  $smarty->assign('p_category',$p_category);
-  $smarty->assign('method',$method);
-  $smarty->assign('subnav_location','subnav_search');
- }
-else
- {
-  $smarty->assign('p_category',0);
-  $smarty->assign('method','fulltext');
- }
-
-$smarty->assign('subtemplate','search.inc.tpl');
+$smarty->assign('subtemplate', 'search.inc.tpl');
 $template = 'main.tpl';
 ?>

includes/thread.inc.php

@@ -1,300 +1,294 @@
 <?php
-if(!defined('IN_INDEX'))
- {
-  header('Location: ../index.php');
-  exit;
- }
 
-if(isset($_REQUEST['id']))
- {
-  $id = intval($_REQUEST['id']);
- }
 
-if(empty($id))
- {
-  header('location: index.php');
-  exit;
- }
+if (!defined('IN_INDEX')) {
+	header('Location: ../index.php');
+	exit;
+}
 
-if(isset($_SESSION[$settings['session_prefix'].'user_id'])) {
-	$tmp_user_id = $_SESSION[$settings['session_prefix'].'user_id'];
+if (isset($_REQUEST['id'])) {
+	$id = intval($_REQUEST['id']);
+}
+
+if (empty($id)) {
+	header('location: index.php');
+	exit;
+}
+
+if (isset($_SESSION[$settings['session_prefix'] . 'user_id'])) {
+	$tmp_user_id = $_SESSION[$settings['session_prefix'] . 'user_id'];
 } else {
 	$tmp_user_id = 0;
 }
 
-if(isset($_SESSION[$settings['session_prefix'].'usersettings']['thread_display'])) $thread_display = $_SESSION[$settings['session_prefix'].'usersettings']['thread_display'];
-else $thread_display = 0;
+if (isset($_SESSION[$settings['session_prefix'] . 'usersettings']['thread_display']))
+	$thread_display = $_SESSION[$settings['session_prefix'] . 'usersettings']['thread_display'];
+else
+	$thread_display = 0;
 
-if(isset($_GET['page'])) $page = intval($_GET['page']);
-else $page = 1;
+if (isset($_GET['page']))
+	$page = intval($_GET['page']);
+else
+	$page = 1;
 
-if(isset($_GET['order']) && $_GET['order']=='last_reply') $order = 'last_reply';
-else $order = 'time';
+if (isset($_GET['order']) && $_GET['order'] == 'last_reply')
+	$order = 'last_reply';
+else
+	$order = 'time';
+
+$isUser = isset($_SESSION[$settings['session_prefix'].'user_type']) && isset($_SESSION[$settings['session_prefix'].'user_id']);
+$isModOrAdmin = $isUser && ($_SESSION[$settings['session_prefix'].'user_type'] == 1 || $_SESSION[$settings['session_prefix'].'user_type'] == 2);
 
 // tid, subject and category of starting posting:
-  $result=mysqli_query($connid, "SELECT tid, subject, category FROM ".$db_settings['forum_table']." WHERE id = ".intval($id)." LIMIT 1") or raise_error('database_error',mysqli_error($connid));
-  if(mysqli_num_rows($result)!=1)
-   {
-    header('Location: index.php');
-    exit;
-   }
-  else
-   {
-    $data = mysqli_fetch_array($result);
-    mysqli_free_result($result);
-   }
+$result = mysqli_query($connid, "SELECT tid, subject, category FROM " . $db_settings['forum_table'] . " WHERE id = " . intval($id) . " LIMIT 1") or raise_error('database_error', mysqli_error($connid));
+if (mysqli_num_rows($result) != 1) {
+	header('Location: index.php');
+	exit;
+} else {
+	$data = mysqli_fetch_array($result);
+	mysqli_free_result($result);
+}
 
-  // category of this posting accessible by user?
-  if(is_array($category_ids) && !in_array($data['category'], $category_ids))
-   {
-    header("location: index.php");
-    exit;
-   }
-  elseif($data['tid'] != $id)
-   {
-    // it wasn't the id of the thread start
-    header('Location: index.php?mode=thread&id='.$data['tid'].'#p'.$id);
-    exit;
-   }
-  else
-   {
-    $tid = $data['tid'];
-    $smarty->assign("tid",$tid);
-
-    if(isset($settings['count_views']) && $settings['count_views'] == 1) @mysqli_query($connid, "UPDATE ".$db_settings['forum_table']." SET time=time, last_reply=last_reply, edited=edited, views=views+1 WHERE tid=".$id);
-
-    $smarty->assign('page_title',htmlspecialchars($data['subject']));
-    $smarty->assign('category_name',$categories[$data["category"]]);
-
-    // get all postings of thread:
-    $result = mysqli_query($connid, "SELECT id, pid, tid, ft.user_id, UNIX_TIMESTAMP(ft.time + INTERVAL ".intval($time_difference)." MINUTE) AS disp_time,
-                           UNIX_TIMESTAMP(ft.time) AS time, UNIX_TIMESTAMP(edited + INTERVAL ".intval($time_difference)." MINUTE) AS e_time,
-                           UNIX_TIMESTAMP(edited - INTERVAL ".$settings['edit_delay']." MINUTE) AS edited_diff, edited_by, name, email,
-                           subject, hp, location, ip, text, cache_text, tags, show_signature, views, spam, spam_check_status, category, locked, ip,
-                           user_name, user_type, user_email, email_contact, user_hp, user_location, signature, cache_signature, edit_key, rst.user_id AS req_user
-                           FROM ".$db_settings['forum_table']." AS ft
-                           LEFT JOIN ".$db_settings['entry_cache_table']." ON ".$db_settings['entry_cache_table'].".cache_id=ft.id
-                           LEFT JOIN ".$db_settings['userdata_table']." ON ".$db_settings['userdata_table'].".user_id=ft.user_id
-                           LEFT JOIN ".$db_settings['userdata_cache_table']." ON ".$db_settings['userdata_cache_table'].".cache_id=".$db_settings['userdata_table'].".user_id
-                           LEFT JOIN ".$db_settings['read_status_table']." AS rst ON rst.posting_id = ft.id AND rst.user_id = ". intval($tmp_user_id) ."
-                           WHERE tid = ".$tid.$display_spam_query_and." ORDER BY ft.time ASC") or raise_error('database_error',mysqli_error($connid));
-
-    if(mysqli_num_rows($result) > 0)
-     {
-      while($data = mysqli_fetch_array($result))
-      {
-       $new_read[] = $data['id'];
-
-      // tags:
-      unset($tags_array);
-      $tags = $data['tags'];
-      if($tags!='')
-       {
-        $tags_help_array = explode(';',$tags);
-        $i=0;
-        foreach($tags_help_array as $tag)
-         {
-          if($tag!='')
-           {
-            if(my_strpos($tag, ' ', 0, $lang['charset'])) $tag_escaped='"'.$tag.'"';
-            else $tag_escaped = $tag;
-            $tags_array[$i]['escaped'] = urlencode($tag_escaped);
-            $tags_array[$i]['display'] = htmlspecialchars($tag);
-            $i++;
-           }
-         }
-        if(isset($tags_array)) $data['tags'] = $tags_array;
-       }
-
-      $data['formated_time'] = format_time($lang['time_format_full'],$data['disp_time']);
-      $ago['days'] = floor((TIMESTAMP - $data['time'])/86400);
-      $ago['hours'] = floor(((TIMESTAMP - $data['time'])/3600)-($ago['days']*24));
-      $ago['minutes'] = floor(((TIMESTAMP - $data['time'])/60)-($ago['hours']*60+$ago['days']*1440));
-      if($ago['hours']>12) $ago['days_rounded'] = $ago['days'] + 1;
-      else $ago['days_rounded'] = $ago['days'];
-      $data['ago'] = $ago;
-
-      if($data['user_id']>0)
-       {
-        if(!$data['user_name']) $data['name'] = $lang['unknown_user'];
-        else $data['name'] = htmlspecialchars($data['user_name']);
-       }
-      else $data['name'] = htmlspecialchars($data['name']);
-
-
-      $data['subject'] = htmlspecialchars($data['subject']);
-
-      $authorization = get_edit_authorization($data['id'], $data['user_id'], $data['edit_key'], $data['time'], $data['locked']);
-      if($authorization['edit']==true) $data['options']['edit']=true;
-      if($authorization['delete']==true) $data['options']['delete']=true;
-
-		if($data['user_id'] > 0) {
-			$data['email'] = $data['user_email'];
-			$data['location'] = $data['user_location'];
-			$data['hp'] = $data['user_hp'];
+// category of this posting accessible by user?
+if (is_array($category_ids) && !in_array($data['category'], $category_ids)) {
+	header("location: index.php");
+	exit;
+} elseif ($data['tid'] != $id) {
+	// it wasn't the id of the thread start
+	header('Location: index.php?mode=thread&id=' . $data['tid'] . '#p' . $id);
+	exit;
+} else {
+	$tid = $data['tid'];
+	$smarty->assign("tid", $tid);
+	
+	if (isset($settings['count_views']) && $settings['count_views'] == 1)
+		@mysqli_query($connid, "UPDATE " . $db_settings['forum_table'] . " SET time=time, last_reply=last_reply, edited=edited, views=views+1 WHERE tid=" . $id);
+	
+	$smarty->assign('page_title', htmlspecialchars($data['subject']));
+	if (isset($categories[$data['category']]) && $categories[$data['category']] != '')
+		$smarty->assign('category_name', $categories[$data["category"]]);
+	
+	if ($show_spam) {
+		$thread_spam =  " AS spam_list ON spam_list.tid = ft.tid WHERE spam_list.id IS NOT NULL";
+	} else {
+		$thread_spam = " AS spam_list ON spam_list.id = ft.id WHERE spam_list.id IS NULL";
+	}
+		
+	// get all postings of thread:
+    $thread_sql = 
+		"SELECT ft.id, ft.pid, ft.tid, ft.user_id, UNIX_TIMESTAMP(ft.time + INTERVAL " . intval($time_difference) . " MINUTE) AS disp_time,
+        UNIX_TIMESTAMP(last_reply + INTERVAL " . intval($time_difference) . " MINUTE) AS last_reply,	
+        UNIX_TIMESTAMP(ft.time) AS time, UNIX_TIMESTAMP(edited) AS edited_time, UNIX_TIMESTAMP(edited + INTERVAL " . intval($time_difference) . " MINUTE) AS e_time,
+        UNIX_TIMESTAMP(edited - INTERVAL " . $settings['edit_delay'] . " MINUTE) AS edited_diff, edited_by, name, email,
+        subject, hp, location, ip, text, cache_text, show_signature, views, category, locked, ip,
+        user_name, user_type, user_email, email_contact, user_hp, user_location, signature, cache_signature, edit_key, rst.user_id AS req_user,
+        " . $db_settings['akismet_rating_table'] . ".spam AS akismet_spam, spam_check_status,
+        " . $db_settings['b8_rating_table'] . ".spam AS b8_spam, training_type
+        FROM " . $db_settings['forum_table'] . " AS ft
+        LEFT JOIN " . $db_settings['entry_cache_table'] . " ON " . $db_settings['entry_cache_table'] . ".cache_id = ft.id
+        LEFT JOIN " . $db_settings['userdata_table'] . " ON " . $db_settings['userdata_table'] . ".user_id = ft.user_id
+        LEFT JOIN " . $db_settings['userdata_cache_table'] . " ON " . $db_settings['userdata_cache_table'] . ".cache_id = " . $db_settings['userdata_table'] . ".user_id
+        LEFT JOIN " . $db_settings['read_status_table'] . " AS rst ON rst.posting_id = ft.id AND rst.user_id = " . intval($tmp_user_id) . "
+		LEFT JOIN " . $db_settings['akismet_rating_table'] . " ON " . $db_settings['akismet_rating_table'] . ".eid = ft.id 
+		LEFT JOIN " . $db_settings['b8_rating_table'] . " ON " . $db_settings['b8_rating_table'] . ".eid = ft.id 
+		LEFT JOIN (SELECT " . $db_settings['forum_table'] . ".id, " . $db_settings['forum_table'] . ".tid FROM " . $db_settings['forum_table'] . " INNER JOIN " . $db_settings['akismet_rating_table'] . " ON " . $db_settings['forum_table'] . ".id = " . $db_settings['akismet_rating_table'] . ".eid WHERE " . $db_settings['akismet_rating_table'] . ".spam = 1 UNION SELECT " . $db_settings['forum_table'] . ".id, " . $db_settings['forum_table'] . ".tid FROM " . $db_settings['forum_table'] . " INNER JOIN " . $db_settings['b8_rating_table'] . " ON " . $db_settings['forum_table'] . ".id = " . $db_settings['b8_rating_table'] . ".eid WHERE " . $db_settings['b8_rating_table'] . ".spam = 1) 
+        " . $thread_spam . " AND ft.tid = " . $tid . " ORDER BY ft.time ASC";
+	$result = mysqli_query($connid, $thread_sql) or raise_error('database_error', mysqli_error($connid));
+	
+	if (mysqli_num_rows($result) > 0) {
+		while ($data = mysqli_fetch_array($result)) {
 			
-			if($settings['avatars']==2){
-				$avatarInfo = getAvatar($data['user_id']);
-				$avatar['image'] = $avatarInfo === false ? false : $avatarInfo[2];
-				if(isset($avatar) && $avatar['image'] !== false) {
-					$image_info = getimagesize($avatar['image']);
-					$avatar['width']  = $image_info[0];
-					$avatar['height'] = $image_info[1];
-					$data['avatar']   = $avatar;
-					unset($avatar);
+			// tags:
+			$tags = getEntryTags($data['id']);
+			if (!empty($tags)) {
+				unset($tags_array);
+				$i=0;
+				foreach ($tags as $tag) {
+					if (my_strpos($tag, ' ', 0, $lang['charset']))
+						$tag_escaped = '"' . $tag . '"';
+					else
+						$tag_escaped = $tag;
+					
+					$tags_array[$i]['escaped'] = urlencode($tag_escaped);
+					$tags_array[$i]['display'] = htmlspecialchars($tag);
+					$i++;
 				}
+				if (isset($tags_array))
+					$data['tags'] = $tags_array;
 			}
-		}
-		else {
-			$data["email_contact"]=1;
-		}
-
-      if($data['edited_diff'] > 0 && $data["edited_diff"] > $data["time"] && $settings['show_if_edited'] == 1)
-       {
-        $data['edited'] = true;
-        $data['formated_edit_time'] = format_time($lang['time_format_full'],$data['e_time']);
-        if($data['user_id'] == $data['edited_by']) $data['edited_by'] = $data['name'];
-        else
-         {
-          $edited_result = @mysqli_query($connid, "SELECT user_name FROM ".$db_settings['userdata_table']." WHERE user_id = ".intval($data['edited_by'])." LIMIT 1");
-          $edited_data = mysqli_fetch_array($edited_result);
-          @mysqli_free_result($edited_result);
-          if(!$edited_data['user_name']) $data['edited_by'] = $lang['unknown_user'];
-          else $data['edited_by'] = htmlspecialchars($edited_data['user_name']);
-         }
-       }
-
-      if($data['cache_text']=='')
-       {
-        // no cached text so parse it and cache it:
-        $data['posting'] = html_format($data['text']);
-        // make sure not to make a double entry:
-        @mysqli_query($connid, "DELETE FROM ".$db_settings['entry_cache_table']." WHERE cache_id=".intval($data['id']));
-        @mysqli_query($connid, "INSERT INTO ".$db_settings['entry_cache_table']." (cache_id, cache_text) VALUES (".intval($data['id']).",'".mysqli_real_escape_string($connid, $data['posting'])."')");
-       }
-      else
-       {
-        $data['posting'] = $data['cache_text'];
-       }
-
-      if(isset($data['signature']) && $data['signature'] != '' && $data["show_signature"]==1)
-       {
-        // user has a signature and wants it to be displaed in this posting. Check if it's already cached:
-        if($data['cache_signature']!='')
-        {
-         $data['signature'] = $data['cache_signature'];
-        }
-        else
-        {
-         $s_result = @mysqli_query($connid, "SELECT cache_signature FROM ".$db_settings['userdata_cache_table']." WHERE cache_id=".intval($data['user_id'])." LIMIT 1");
-         $s_data = mysqli_fetch_array($s_result);
-         if($s_data['cache_signature']!='')
-          {
-           $data['signature'] = $s_data['cache_signature'];
-          }
-         else
-          {
-           $data['signature'] = signature_format($data['signature']);
-           // cache signature:
-           $xxx = mysqli_query($connid, "SELECT COUNT(*) FROM ".$db_settings['userdata_cache_table']." WHERE cache_id=".intval($data['user_id'])) or die(mysqli_error($connid));
-           list($row_count) = mysqli_fetch_row($xxx);
-           #echo 'row count: '.$row_count.' user_id: '.$data['user_id'].'<br />';
-           if($row_count==1)
-            {
-             @mysqli_query($connid, "UPDATE ".$db_settings['userdata_cache_table']." SET cache_signature='".mysqli_real_escape_string($connid, $data['signature'])."' WHERE cache_id=".intval($data['user_id']));
-            }
-           else
-            {
-             @mysqli_query($connid, "DELETE FROM ".$db_settings['userdata_cache_table']." WHERE cache_id=".intval($data['user_id']));
-             @mysqli_query($connid, "INSERT INTO ".$db_settings['userdata_cache_table']." (cache_id, cache_signature, cache_profile) VALUES (".intval($data['user_id']).",'".mysqli_real_escape_string($connid, $data['signature'])."','')");
-            }
-          }
-        }
-      }
-      else
-      {
-       unset($data['signature']);
-      }
-      if(empty($data["email_contact"])) $data["email_contact"]=0;
-      if($data['hp']!='')
-       {
-        $data['hp'] = add_http_if_no_protocol($data['hp']);
-       }
-
-      if($data['email']!='' && $data['email_contact']==1) $data['email']=true;
-      else $data['email']=false;
-      if($data['location'] != '') $data['location']=htmlspecialchars($data['location']);
-      if(isset($_SESSION[$settings['session_prefix'].'user_type']) && $_SESSION[$settings['session_prefix'].'user_type']>0)
-       {
-        $data['options']['move'] = true;
-        $data['options']['lock'] = true;
-       }
-      if(isset($_SESSION[$settings['session_prefix'].'user_type']) && $_SESSION[$settings['session_prefix'].'user_type']>0 && $settings['akismet_key']!='' && $settings['akismet_entry_check']==1 && $data['spam']==0 && $data['spam_check_status']>0) $data['options']['report_spam']=true;
-      if(isset($_SESSION[$settings['session_prefix'].'user_type']) && $_SESSION[$settings['session_prefix'].'user_type']>0 && $data['spam']==1) $data['options']['flag_ham']=true;
-
-      if($settings['count_views'] == 1)
-       {
-        $views = $data['views']-1; // this subtracts the first view by the author after posting
-        if($views<0) $views=0; // prevents negative number of views
-        $data['views'] = $views;
-       }
-      else $data['views']=0;
-
-		if(isset($_SESSION[$settings['session_prefix'].'user_id'])) {
-			// bookmark handling
-			$user_id  = $_SESSION[$settings['session_prefix'].'user_id'];
-			$bookmark_result = mysqli_query($connid, "SELECT TRUE AS 'bookmark' FROM ".$db_settings['bookmark_table']." WHERE `user_id` = ".intval($user_id)." AND `posting_id` = ".intval($data['id'])."") or raise_error('database_error',mysqli_error($connid));
-			$bookmark = mysqli_fetch_row($bookmark_result);
-			mysqli_free_result($bookmark_result);
-			if (isset($bookmark) && intval($bookmark) == 1) {
-				$data['bookmarkedby'] = intval($user_id);
-				$data['options']['delete_bookmark'] = true;
-			}
+			$data['formated_time'] = format_time($lang['time_format_full'], $data['disp_time']);
+			$data['ISO_time']      = format_time('YYYY-MM-dd HH:mm:ss', $data['time']);
+			
+			$ago['days']           = floor((TIMESTAMP - $data['time']) / 86400);
+			$ago['hours']          = floor(((TIMESTAMP - $data['time']) / 3600) - ($ago['days'] * 24));
+			$ago['minutes']        = floor(((TIMESTAMP - $data['time']) / 60) - ($ago['hours'] * 60 + $ago['days'] * 1440));
+			if ($ago['hours'] > 12)
+				$ago['days_rounded'] = $ago['days'] + 1;
 			else
-				$data['options']['add_bookmark'] = true;
-			// read-status handling
-			$rstatus = save_read_status($connid, $user_id, $data['id']);
-		}
-			if ($data['req_user'] !== NULL and is_numeric($data['req_user'])) {
-				$data['is_read'] = true;
-				$data['new'] = false;
-			} else {
-				if (isset($_SESSION[$settings['session_prefix'].'user_id'])) {
-					$data['is_read'] = false;
-					$data['new'] = true;
-				} else {
-					if (isset($_SESSION[$settings['session_prefix'].'usersettings']['newtime']) && $_SESSION[$settings['session_prefix'].'usersettings']['newtime'] < $data['time'] || ($last_visit && ($data['last_reply'] > $last_visit or $data['time'] > $last_visit))) {
-						$data['is_read'] = false;
-						$data['new'] = true;
-					} else {
-						$data['is_read'] = true;
-						$data['new'] = false;
+				$ago['days_rounded'] = $ago['days'];
+			$data['ago'] = $ago;
+			
+			if ($data['user_id'] > 0) {
+				if (!$data['user_name'])
+					$data['name'] = $lang['unknown_user'];
+				else
+					$data['name'] = htmlspecialchars($data['user_name']);
+			} else
+				$data['name'] = htmlspecialchars($data['name']);
+			
+			
+			$data['subject'] = htmlspecialchars($data['subject']);
+			
+			$authorization = get_edit_authorization($data['id'], $data['user_id'], $data['edit_key'], $data['time'], $data['locked']);
+			if ($authorization['edit'] == true)
+				$data['options']['edit'] = true;
+			if ($authorization['delete'] == true)
+				$data['options']['delete'] = true;
+			
+			if ($data['user_id'] > 0) {
+				$data['email']    = $data['user_email'];
+				$data['location'] = $data['user_location'];
+				$data['hp']       = $data['user_hp'];
+				
+				if ($settings['avatars'] == 2) {
+					$avatarInfo      = getAvatar($data['user_id']);
+					$avatar['image'] = $avatarInfo === false ? false : $avatarInfo[2];
+					if (isset($avatar) && $avatar['image'] !== false) {
+						$image_info       = getimagesize($avatar['image']);
+						$avatar['width']  = $image_info[0];
+						$avatar['height'] = $image_info[1];
+						$data['avatar']   = $avatar;
+						unset($avatar);
 					}
 				}
+			} else {
+				$data["email_contact"] = 2;
 			}
+			
+			if ($data['edited_diff'] > 0 && $data["edited_diff"] > $data["time"] && $settings['show_if_edited'] == 1) {
+				$data['edited']             = true;
+				$data['formated_edit_time'] = format_time($lang['time_format_full'], $data['e_time']);
+				$data['ISO_edit_time']      = format_time('YYYY-MM-dd HH:mm:ss', $data['edited_time']);
+				if ($data['user_id'] == $data['edited_by'])
+					$data['edited_by'] = $data['name'];
+				else {
+					$edited_result = @mysqli_query($connid, "SELECT user_name FROM " . $db_settings['userdata_table'] . " WHERE user_id = " . intval($data['edited_by']) . " LIMIT 1");
+					$edited_data   = mysqli_fetch_array($edited_result);
+					@mysqli_free_result($edited_result);
+					if (!$edited_data['user_name'])
+						$data['edited_by'] = $lang['unknown_user'];
+					else
+						$data['edited_by'] = htmlspecialchars($edited_data['user_name']);
+				}
+			}
+			
+			if ($data['cache_text'] == '') {
+				// no cached text so parse it and cache it:
+				$data['posting'] = html_format($data['text']);
+				// make sure not to make a double entry:
+				@mysqli_query($connid, "DELETE FROM " . $db_settings['entry_cache_table'] . " WHERE cache_id=" . intval($data['id']));
+				@mysqli_query($connid, "INSERT INTO " . $db_settings['entry_cache_table'] . " (cache_id, cache_text) VALUES (" . intval($data['id']) . ",'" . mysqli_real_escape_string($connid, $data['posting']) . "')");
+			} else {
+				$data['posting'] = $data['cache_text'];
+			}
+			
+			if (isset($data['signature']) && $data['signature'] != '' && $data["show_signature"] == 1) {
+				// user has a signature and wants it to be displayed in this posting. Check if it's already cached:
+				if ($data['cache_signature'] != '') {
+					$data['signature'] = $data['cache_signature'];
+				} else {
+					$s_result = @mysqli_query($connid, "SELECT cache_signature FROM " . $db_settings['userdata_cache_table'] . " WHERE cache_id=" . intval($data['user_id']) . " LIMIT 1");
+					$s_data   = mysqli_fetch_array($s_result);
+					if ($s_data['cache_signature'] != '') {
+						$data['signature'] = $s_data['cache_signature'];
+					} else {
+						$data['signature'] = signature_format($data['signature']);
+						// cache signature:
+						$xxx = mysqli_query($connid, "SELECT COUNT(*) FROM " . $db_settings['userdata_cache_table'] . " WHERE cache_id=" . intval($data['user_id'])) or die(mysqli_error($connid));
+						list($row_count) = mysqli_fetch_row($xxx);
+						if ($row_count == 1) {
+							@mysqli_query($connid, "UPDATE " . $db_settings['userdata_cache_table'] . " SET cache_signature='" . mysqli_real_escape_string($connid, $data['signature']) . "' WHERE cache_id=" . intval($data['user_id']));
+						} else {
+							@mysqli_query($connid, "DELETE FROM " . $db_settings['userdata_cache_table'] . " WHERE cache_id=" . intval($data['user_id']));
+							@mysqli_query($connid, "INSERT INTO " . $db_settings['userdata_cache_table'] . " (cache_id, cache_signature, cache_profile) VALUES (" . intval($data['user_id']) . ",'" . mysqli_real_escape_string($connid, $data['signature']) . "','')");
+						}
+					}
+				}
+			} else {
+				unset($data['signature']);
+			}
+			if (empty($data["email_contact"]))
+				$data["email_contact"] = 0;
+			if ($data['hp'] != '') {
+				$data['hp'] = add_http_if_no_protocol($data['hp']);
+			}
+			
+			if ($data['email'] != '' && ($isModOrAdmin || $isUser && $data['email_contact'] > 0 || $data['email_contact'] == 2))
+				$data['email'] = true;
+			else
+				$data['email'] = false;
+			if ($data['location'] != '')
+				$data['location'] = htmlspecialchars($data['location']);
+			if (isset($_SESSION[$settings['session_prefix'] . 'user_type']) && $_SESSION[$settings['session_prefix'] . 'user_type'] > 0) {
+				$data['options']['move'] = true;
+				$data['options']['lock'] = true;
+				if (($settings['akismet_key'] != '' && $settings['akismet_entry_check'] == 1 && $data['akismet_spam'] == 0 && $data['spam_check_status'] > 0) || ($settings['b8_entry_check'] == 1 && $data['b8_spam'] == 0 || $data['training_type'] == 0))
+					$data['options']['report_spam'] = true;
+				if (($settings['akismet_key'] != '' && $settings['akismet_entry_check'] == 1 && $data['akismet_spam'] == 1 && $data['spam_check_status'] > 0) || ($settings['b8_entry_check'] == 1 && $data['b8_spam'] == 1 || $data['training_type'] == 0))
+					$data['options']['flag_ham'] = true;
+			}
+			if ($settings['count_views'] == 1) {
+				$views = $data['views'] - 1; // this subtracts the first view by the author after posting
+				if ($views < 0)
+					$views = 0; // prevents negative number of views
+				$data['views'] = $views;
+			} else
+				$data['views'] = 0;
+			
+			if (isset($_SESSION[$settings['session_prefix'] . 'user_id'])) {
+				// bookmark handling
+				$user_id = $_SESSION[$settings['session_prefix'] . 'user_id'];
+				$bookmark_result = mysqli_query($connid, "SELECT TRUE AS 'bookmark' FROM " . $db_settings['bookmark_table'] . " WHERE `user_id` = " . intval($user_id) . " AND `posting_id` = " . intval($data['id']) . "") or raise_error('database_error', mysqli_error($connid));
+				$bookmark = mysqli_fetch_row($bookmark_result);
+				mysqli_free_result($bookmark_result);
+				if (isset($bookmark) && intval($bookmark) == 1) {
+					$data['bookmarkedby']               = intval($user_id);
+					$data['options']['delete_bookmark'] = true;
+				} else
+					$data['options']['add_bookmark'] = true;
+				// read-status handling
+				$rstatus = save_read_status($connid, $user_id, $data['id']);
+			}
+			// set read or new status of messages
+			$data = getMessageStatus($data, $last_visit);
+			
+			$data_array[$data["id"]]     = $data;
+			$child_array[$data["pid"]][] = $data["id"];
+		}
+		mysqli_free_result($result);
+	} else {
+		header("location: index.php");
+		exit;
+	}
+	
+	$subnav_link = array(
+		'mode' => 'index',
+		'name' => 'thread_entry_back_link',
+		'title' => 'thread_entry_back_title'
+	);
+	$smarty->assign('id', $id);
+	$smarty->assign('data', $data_array);
+	if (isset($child_array))
+		$smarty->assign('child_array', $child_array);
+	$smarty->assign('subnav_link', $subnav_link);
+	$smarty->assign('page', $page);
+	$smarty->assign('order', $order);
+	$smarty->assign('category', $category);
+	if ($thread_display == 0)
+		$smarty->assign('subtemplate', 'thread.inc.tpl');
+	else
+		$smarty->assign('subtemplate', 'thread_linear.inc.tpl');
+	$template = 'main.tpl';
+}
 
-	  $data_array[$data["id"]] = $data;
-      $child_array[$data["pid"]][] =  $data["id"];
-     }
-    mysqli_free_result($result);
-
-    }
-    else
-     {
-      header("location: index.php");
-      exit;
-     }
-
-    $subnav_link = array('mode'=>'index', 'name'=>'thread_entry_back_link', 'title'=>'thread_entry_back_title');
-    $smarty->assign('id',$id);
-    $smarty->assign('data',$data_array);
-    if(isset($child_array)) $smarty->assign('child_array', $child_array);
-    $smarty->assign('subnav_link',$subnav_link);
-    $smarty->assign('page',$page);
-    $smarty->assign('order',$order);
-    $smarty->assign('category',$category);
-    if($thread_display==0) $smarty->assign('subtemplate','thread.inc.tpl');
-    else $smarty->assign('subtemplate','thread_linear.inc.tpl');
-    $template = 'main.tpl';
-   }
 ?>

includes/upload_image.inc.php

@@ -1,196 +1,165 @@
 <?php
-if(!defined('IN_INDEX'))
- {
-  header('Location: ../index.php');
-  exit;
- }
+if(!defined('IN_INDEX')) {
+	header('Location: ../index.php');
+	exit;
+}
 
 // upload folder:
 $uploaded_images_path = 'images/uploaded/';
 $images_per_page = 5;
 
-if(($settings['upload_images']==1 && isset($_SESSION[$settings['session_prefix'].'user_type']) && $_SESSION[$settings['session_prefix'].'user_type']>0)||($settings['upload_images']==2 && isset($_SESSION[$settings['session_prefix'].'user_id']))||($settings['upload_images']==3))
- {
-  // upload:image:
-  if(isset($_FILES['probe']) && $_FILES['probe']['size'] != 0 && !$_FILES['probe']['error'])
-   {
-    unset($errors);
-    $image_info = getimagesize($_FILES['probe']['tmp_name']);
+if (($settings['upload_images'] == 1 && isset($_SESSION[$settings['session_prefix'].'user_type']) && $_SESSION[$settings['session_prefix'].'user_type'] > 0) || ($settings['upload_images'] == 2 && isset($_SESSION[$settings['session_prefix'].'user_id'])) || ($settings['upload_images'] == 3)) {
+	// upload:image:
+	if (isset($_FILES['probe']) && $_FILES['probe']['size'] != 0 && !$_FILES['probe']['error']) {
+		unset($errors);
+		$user_id = (isset($_SESSION[$settings['session_prefix'].'user_id'])) ? intval($_SESSION[$settings['session_prefix'].'user_id']) : NULL;
+		$image_info = getimagesize($_FILES['probe']['tmp_name']);
+		$imageMIME = mime_content_type($_FILES['probe']['tmp_name']);
+		if (!is_array($image_info) || !in_array($imageMIME, ['image/gif', 'image/jpeg', 'image/png', 'image/webp']))
+			$errors[] = 'invalid_file_format';
 
-    if(!is_array($image_info) || $image_info[2] != 1 && $image_info[2] != 2 && $image_info[2] != 3) $errors[] = 'invalid_file_format';
+		if (empty($errors)) {
+			if ($_FILES['probe']['size'] > $settings['upload_max_img_size'] * 1000 || $image_info[0] > $settings['upload_max_img_width'] || $image_info[1] > $settings['upload_max_img_height']) {
+				$width = $image_info[0];
+				$height = $image_info[1];
+				// resize if too large:
+				if ($width > $settings['upload_max_img_width'] || $height > $settings['upload_max_img_height']) {
+					if ($width >= $height) {
+						$new_width = $settings['upload_max_img_width'];
+						$new_height = intval($height*$new_width/$width);
+					} else {
+						$new_height = $settings['upload_max_img_height'];
+						$new_width = intval($width*$new_height/$height);
+					}
+				} else {
+					$new_width = $width;
+					$new_height = $height;
+				}
+				$img_tmp_name = uniqid(rand()).'.tmp';
+				for ($compression = 100; $compression > 1; $compression = $compression - 10) {
+					if (!resize_image($_FILES['probe']['tmp_name'], $uploaded_images_path.$img_tmp_name, $new_width, $new_height, $compression)) {
+						$file_size = $_FILES['probe']['size']; // @filesize($_FILES['probe']['tmp_name']);
+						break;
+					}
+					$file_size = @filesize($uploaded_images_path.$img_tmp_name);
+					if ($imageMIME != 'image/jpeg' && $file_size > $settings['upload_max_img_size'] * 1000) break;
+					if ($file_size <= $settings['upload_max_img_size'] * 1000) break;
+				}
+				if ($file_size > $settings['upload_max_img_size'] * 1000) {
+					$smarty->assign('width', $image_info[0]);
+					$smarty->assign('height', $image_info[1]);
+					$smarty->assign('filesize', number_format($_FILES['probe']['size'] / 1000, 0, ',', ''));
+					$smarty->assign('max_width', $settings['upload_max_img_width']);
+					$smarty->assign('max_height', $settings['upload_max_img_height']);
+					$smarty->assign('max_filesize', $settings['upload_max_img_size']);
+					$errors[] = 'file_too_large';
+				}
+				if (isset($errors)) {
+					if (file_exists($uploaded_images_path.$img_tmp_name)) {
+						@chmod($uploaded_images_path.$img_tmp_name, 0777);
+						@unlink($uploaded_images_path.$img_tmp_name);
+					}
+				}
+			}
+		}
 
-    if(empty($errors))
-     {
-      if($_FILES['probe']['size'] > $settings['upload_max_img_size']*1000 || $image_info[0] > $settings['upload_max_img_width'] || $image_info[1] > $settings['upload_max_img_height'])
-       {
-        $width=$image_info[0];
-        $height=$image_info[1];
+		if (empty($errors)) {
+			$filename = gmdate("YmdHis").uniqid('');
+			switch($imageMIME) {
+				case 'image/gif':
+					$filename .= '.gif';
+				break;
+				case 'image/jpeg':
+					$filename .= '.jpg';
+				break;
+				case 'image/png':
+					$filename .= '.png';
+				break;
+				case 'image/webp':
+					$filename .= '.webp';
+				break;
+			}
+			if (isset($img_tmp_name)) {
+				@rename($uploaded_images_path.$img_tmp_name, $uploaded_images_path.$filename) or $errors[] = 'upload_error';
+				$smarty->assign('image_downsized', true);
+				$smarty->assign('new_width', $new_width);
+				$smarty->assign('new_height', $new_height);
+				$smarty->assign('new_filesize', number_format($file_size / 1000, 0, ',', ''));
+			} else {
+				@move_uploaded_file($_FILES['probe']['tmp_name'], $uploaded_images_path.$filename) or $errors[] = 'upload_error';
+			}
+		}
+		if (empty($errors)) {
+			@chmod($uploaded_images_path.$filename, 0644);
+			// $user_id can be NULL (see around line #15), because of that do not handle it with intval()
+			// see therefore variable definition of $user_id around line 15 of this script
+			$qSetUpload = "INSERT INTO " . $db_settings['uploads_table'] . " (uploader, pathname, tstamp) VALUES (". $user_id .", '" . mysqli_real_escape_string($connid, $filename) . "', NOW())";
+			mysqli_query($connid, $qSetUpload);
+			$smarty->assign('uploaded_file', $filename);
+		} else {
+			$smarty->assign('errors', $errors);
+			$smarty->assign('form', true);
+		}
+	}
 
-        // resize if too large:
-        if($width > $settings['upload_max_img_width'] || $height > $settings['upload_max_img_height'])
-         {
-          if($width >= $height)
-           {
-            $new_width = $settings['upload_max_img_width'];
-            $new_height = intval($height*$new_width/$width);
-           }
-          else
-           {
-            $new_height = $settings['upload_max_img_height'];
-            $new_width = intval($width*$new_height/$height);
-           }
-         }
-        else
-         {
-          $new_width=$width;
-          $new_height=$height;
-         }
+	// delete image:
+	elseif (isset($_REQUEST['delete']) && isset($_SESSION[$settings['session_prefix'].'user_type']) && $_SESSION[$settings['session_prefix'].'user_type'] > 0) {
+		if (empty($_REQUEST['delete_confirm'])) {
+			$smarty->assign('delete_confirm', true);
+			$smarty->assign('delete', htmlspecialchars($_REQUEST['delete']));
+			if (isset($_REQUEST['current'])) $smarty->assign('current', intval($_REQUEST['current']));
+		} else {
+			if (preg_match('/^([a-z0-9]+)\.(gif|jpg|png|webp)$/', $_REQUEST['delete']) && file_exists($uploaded_images_path.$_REQUEST['delete'])) {
+				@chmod($uploaded_images_path.$_REQUEST['delete'], 0777);
+				@unlink($uploaded_images_path.$_REQUEST['delete']);
+			}
+			if (isset($_REQUEST['current'])) $bi = '&browse_images='.intval($_REQUEST['current']);
+			else $bi = '&browse_images=1';
+			header('Location: index.php?mode=upload_image'.$bi);
+			exit;
+		}
+	}
 
-        $img_tmp_name = uniqid(rand()).'.tmp';
+	// browse uploaded images:
+	elseif (isset($_GET['browse_images'])) {
+		$images = array();
+		$browse_images = intval($_GET['browse_images']);
+		if ($browse_images < 1) $browse_images = 1;
+		$handle = opendir($uploaded_images_path);
+		while ($file = readdir($handle)) {
+			if (preg_match('/\.(gif|png|jpe?g|svg|webp)$/i', $file)) {
+				$images[] = $file;
+			}
+		}
+		closedir($handle);
+		if ($images) {
+			rsort($images);
+			$images_count = count($images);
+			if ($browse_images > ceil($images_count / $images_per_page)) $browse_images = ceil($images_count / $images_per_page);
+			$start = $browse_images * $images_per_page - $images_per_page;
+			$show_images_to = $browse_images * $images_per_page;
+			if ($show_images_to > $images_count) $show_images_to = $images_count;
+		}
+		else $images_count = 0;
+		$smarty->assign('current',$browse_images);
+		if ($browse_images*$images_per_page < $images_count) $smarty->assign('next', $browse_images + 1);
+		if ($browse_images > 1) $smarty->assign('previous', $browse_images - 1);
+		$smarty->assign('browse_images', true);
+		$smarty->assign('images_per_page', $images_per_page);
+		if (isset($images)) $smarty->assign('images', $images);
+		if (isset($start)) $smarty->assign('start', $start);
+	}
 
-        for($compression = 100; $compression>1; $compression=$compression-10)
-         {
-          if(!resize_image($_FILES['probe']['tmp_name'], $uploaded_images_path.$img_tmp_name, $new_width, $new_height, $compression))
-           {
-            $file_size = $_FILES['probe']['size']; // @filesize($_FILES['probe']['tmp_name']);
-            break;
-           }
-          $file_size = @filesize($uploaded_images_path.$img_tmp_name);
-          if($image_info[2]!=2 && $file_size > $settings['upload_max_img_size']*1000) break;
-          if($file_size <= $settings['upload_max_img_size']*1000) break;
-         }
-        if($file_size > $settings['upload_max_img_size']*1000)
-         {
-          $smarty->assign('width',$image_info[0]);
-          $smarty->assign('height',$image_info[1]);
-          $smarty->assign('filesize',number_format($_FILES['probe']['size']/1000,0,',',''));
-          $smarty->assign('max_width',$settings['upload_max_img_width']);
-          $smarty->assign('max_height',$settings['upload_max_img_height']);
-          $smarty->assign('max_filesize',$settings['upload_max_img_size']);
-          $errors[] = 'file_too_large';
-         }
-        if(isset($errors))
-         {
-          if(file_exists($uploaded_images_path.$img_tmp_name))
-           {
-            @chmod($uploaded_images_path.$img_tmp_name, 0777);
-            @unlink($uploaded_images_path.$img_tmp_name);
-           }
-         }
-       }
-     }
-
-    if(empty($errors))
-     {
-      $filename = gmdate("YmdHis").uniqid('');
-      switch($image_info[2])
-       {
-        case 1:
-         $filename .= '.gif';
-         break;
-        case 2:
-         $filename .= '.jpg';
-         break;
-        case 3:
-         $filename .= '.png';
-         break;
-       }
-      if(isset($img_tmp_name))
-       {
-        @rename($uploaded_images_path.$img_tmp_name, $uploaded_images_path.$filename) or $errors[] = 'upload_error';
-        $smarty->assign('image_downsized',true);
-        $smarty->assign('new_width',$new_width);
-        $smarty->assign('new_height',$new_height);
-        $smarty->assign('new_filesize',number_format($file_size/1000,0,',',''));
-       }
-      else
-       {
-        @move_uploaded_file($_FILES['probe']['tmp_name'], $uploaded_images_path.$filename) or $errors[] = 'upload_error';
-       }
-     }
-    if(empty($errors))
-     {
-      @chmod($uploaded_images_path.$filename, 0644);
-      $smarty->assign('uploaded_file',$filename);
-     }
-    else
-     {
-      $smarty->assign('errors',$errors);
-      $smarty->assign('form',true);
-     }
-   }
-
-  // delete image:
-  elseif(isset($_REQUEST['delete']) && isset($_SESSION[$settings['session_prefix'].'user_type']) && $_SESSION[$settings['session_prefix'].'user_type']>0)
-   {
-    if(empty($_REQUEST['delete_confirm']))
-     {
-      $smarty->assign('delete_confirm',true);
-      $smarty->assign('delete',htmlspecialchars($_REQUEST['delete']));
-      if(isset($_REQUEST['current'])) $smarty->assign('current',intval($_REQUEST['current']));
-     }
-    else
-     {
-      if(preg_match('/^([a-z0-9]+)\.(gif|jpg|png)$/', $_REQUEST['delete']) && file_exists($uploaded_images_path.$_REQUEST['delete']))
-       {
-        @chmod($uploaded_images_path.$_REQUEST['delete'], 0777);
-        @unlink($uploaded_images_path.$_REQUEST['delete']);
-       }
-      if(isset($_REQUEST['current'])) $bi = '&browse_images='.intval($_REQUEST['current']);
-      else $bi = '&browse_images=1';
-      header('Location: index.php?mode=upload_image'.$bi);
-      exit;
-     }
-   }
-
-  // browse uploaded images:
-  elseif(isset($_GET['browse_images']))
-   {
-      $images = array();
-      $browse_images = intval($_GET['browse_images']);
-      if($browse_images<1)$browse_images=1;
-      $handle=opendir($uploaded_images_path);
-      while ($file = readdir($handle))
-       {
-        if(preg_match('/\.jpg$/i', $file) || preg_match('/\.png$/i', $file) || preg_match('/\.gif$/i', $file))
-         {
-          $images[] = $file;
-         }
-        }
-      closedir($handle);
-      if($images)
-       {
-        rsort($images);
-        $images_count = count($images);
-        if($browse_images > ceil($images_count/$images_per_page)) $browse_images=ceil($images_count/$images_per_page);
-        $start = $browse_images * $images_per_page - $images_per_page;
-        $show_images_to = $browse_images * $images_per_page;
-        if($show_images_to>$images_count) $show_images_to = $images_count;
-       }
-      else $images_count = 0;
-      $smarty->assign('current',$browse_images);
-      if($browse_images*$images_per_page < $images_count) $smarty->assign('next',$browse_images+1);
-      if($browse_images > 1) $smarty->assign('previous',$browse_images-1);
-      $smarty->assign('browse_images',true);
-      $smarty->assign('images_per_page',$images_per_page);
-      if(isset($images)) $smarty->assign('images',$images);
-      if(isset($start)) $smarty->assign('start',$start);
-   }
-
-  // display form to upload image:
-  elseif(empty($_GET['browse_images']))
-   {
-    $smarty->assign('form',true);
-   }
-
-  if(empty($errors) && isset($_FILES['probe']['error']))
-   {
-    $smarty->assign('server_max_filesize', ini_get('upload_max_filesize'));
-    $errors[] = 'upload_error_2';
-    $smarty->assign('errors',$errors);
-   }
-
- }
+	// display form to upload image:
+	elseif (empty($_GET['browse_images'])) {
+		$smarty->assign('form',true);
+	}
+	if (empty($errors) && isset($_FILES['probe']['error'])) {
+		$smarty->assign('server_max_filesize', ini_get('upload_max_filesize'));
+		$errors[] = 'upload_error_2';
+		$smarty->assign('errors', $errors);
+	}
+}
 
 $template = 'upload_image.tpl';
 ?>

index.php

@@ -4,11 +4,11 @@
  * the messages in classical threaded view
  *
  * @author Mark Alexander Hoschek < alex at mylittleforum dot net >
- * @author Michael Lösler (https://github.com/derletztekick)
- * @author H. August (https://github.com/auge8472)
- * @copyright 2006-2017 Mark Alexander Hoschek
- * @version 2.4.1 (2017-02-20)
- * @link http://mylittleforum.net/
+ * @author Michael Lösler (https://github.com/loesler)
+ * @author Heiko August (https://github.com/auge8472)
+ * @copyright 2006-2025 Mark Alexander Hoschek
+ * @version 20250323.1 (2025-03-23)
+ * @link https://mylittleforum.net/
  *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -17,7 +17,7 @@
  *
  * This program is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  * GNU General Public License for more details.
  *
  * You should have received a copy of the GNU General Public License
@@ -28,195 +28,206 @@ define('IN_INDEX', true);
 define('LANG_DIR', 'lang');
 define('THEMES_DIR', 'themes');
 
+session_set_cookie_params(['samesite' => 'strict']);
 session_start();
 
 include('config/db_settings.php');
+include('includes/mailer.inc.php');
 include('includes/functions.inc.php');
 include('includes/main.inc.php');
 
 require('modules/smarty/Smarty.class.php');
-$smarty = new Smarty;
-$smarty->error_reporting = 'E_ALL & ~E_NOTICE';
-$smarty->template_dir = THEMES_DIR;
+$smarty                  = new Smarty;
+$smarty->error_reporting = '0'; //'E_ALL & ~E_NOTICE';
+$smarty->template_dir    = THEMES_DIR;
 $smarty->assign('THEMES_DIR', THEMES_DIR);
 $smarty->assign('CSRF_TOKEN', $_SESSION['csrf_token']);
-$smarty->assign('FORUM_ADDRESS', rtrim($settings['forum_address'],"/"));
-$smarty->compile_dir = 'templates_c';
-$smarty->config_dir = LANG_DIR;
-$smarty->config_overwrite = false;
+$smarty->assign('FORUM_ADDRESS', rtrim($settings['forum_address'], "/"));
+$smarty->compile_dir       = 'templates_c';
+$smarty->config_dir        = LANG_DIR;
+$smarty->config_overwrite  = false;
 $smarty->config_booleanize = false;
-if(isset($_SESSION[$settings['session_prefix'].'usersettings']['language']) && file_exists(LANG_DIR.'/'.$_SESSION[$settings['session_prefix'].'usersettings']['language']))
- {
-  $language_file = $_SESSION[$settings['session_prefix'].'usersettings']['language'];
- }
-else
- {
-  $language_file = $settings['language_file'];
- }
+if (isset($_SESSION[$settings['session_prefix'] . 'usersettings']['language']) && file_exists(LANG_DIR . '/' . $_SESSION[$settings['session_prefix'] . 'usersettings']['language'])) {
+    $language_file = $_SESSION[$settings['session_prefix'] . 'usersettings']['language'];
+} else {
+    $language_file = $settings['language_file'];
+}
 $smarty->assign('language_file', $language_file);
 $smarty->configLoad($language_file, 'default');
 $lang = $smarty->getConfigVars();
 
 define('CHARSET', $lang['charset']);
-if($lang['locale_charset']!=$lang['charset']) define('LOCALE_CHARSET', $lang['locale_charset']);
+if ($lang['locale_charset'] != $lang['charset'])
+    define('LOCALE_CHARSET', $lang['locale_charset']);
 @ini_set('default_charset', $lang['charset']);
 setlocale(LC_ALL, $lang['locale']);
+setlocale(LC_NUMERIC, "C");
+
+include('includes/b8.inc.php');
 
 $smarty->assign('settings', $settings);
 
-$smarty->assign('forum_time', format_time($lang['time_format'],TIMESTAMP+intval($time_difference)*60));
-if(isset($forum_time_zone)) $smarty->assign('forum_time_zone', htmlspecialchars($forum_time_zone));
+$smarty->assign('forum_time', format_time($lang['time_format'], TIMESTAMP + intval($time_difference) * 60));
+if (isset($forum_time_zone))
+    $smarty->assign('forum_time_zone', htmlspecialchars($forum_time_zone));
 
-if(isset($_SESSION[$settings['session_prefix'].'usersettings'])) $smarty->assign('usersettings', $_SESSION[$settings['session_prefix'].'usersettings']);
+if (isset($_SESSION[$settings['session_prefix'] . 'usersettings']))
+    $smarty->assign('usersettings', $_SESSION[$settings['session_prefix'] . 'usersettings']);
 #$smarty->assign('category', $category);
-if(isset($categories))
- {
-  $smarty->assign('categories', $categories);
-  $smarty->assign('number_of_categories', count($categories)-1);
- }
-if(isset($category_selection))
- {
-  $smarty->assign('category_selection', true);
- }
+if (isset($categories) and !empty($categories)) {
+    $smarty->assign('categories', $categories);
+    $smarty->assign('number_of_categories', count($categories) - 1);
+}
+if (isset($category_selection)) {
+    $smarty->assign('category_selection', true);
+}
 
 $smarty->assign('total_postings', $total_postings);
 $smarty->assign('total_spam', $total_spam);
 $smarty->assign('total_threads', $total_threads);
 $smarty->assign('registered_users', $registered_users);
-if(isset($total_users_online))
- {
-  $smarty->assign('total_users_online', $total_users_online);
-  $smarty->assign('unregistered_users_online', $unregistered_users_online);
-  $smarty->assign('registered_users_online', $registered_users_online);
- }
+if (isset($total_users_online)) {
+    $smarty->assign('total_users_online', $total_users_online);
+    $smarty->assign('unregistered_users_online', $unregistered_users_online);
+    $smarty->assign('registered_users_online', $registered_users_online);
+}
 
-if(isset($_SESSION[$settings['session_prefix'].'user_id']) && isset($_SESSION[$settings['session_prefix'].'user_name']))
- {
-  $smarty->assign('user_id', $_SESSION[$settings['session_prefix'].'user_id']);
-  $smarty->assign('user', htmlspecialchars($_SESSION[$settings['session_prefix'].'user_name']));
-  $smarty->assign('user_type', intval($_SESSION[$settings['session_prefix'].'user_type']));
- }
-if(isset($_SESSION[$settings['session_prefix'].'user_type']) && $_SESSION[$settings['session_prefix'].'user_type']==1) $smarty->assign('mod', true);
-if(isset($_SESSION[$settings['session_prefix'].'user_type']) && $_SESSION[$settings['session_prefix'].'user_type']==2) $smarty->assign('admin', true);
-if(isset($_SESSION[$settings['session_prefix'].'usersettings']['newtime'])) $smarty->assign('newtime', $_SESSION[$settings['session_prefix'].'usersettings']['newtime']);
-if(isset($last_visit)) $smarty->assign('last_visit',$last_visit);
-if(isset($menu)) $smarty->assign('menu',$menu);
-if(isset($read)) $smarty->assign('read',$read);
+if (isset($_SESSION[$settings['session_prefix'] . 'user_id']) && isset($_SESSION[$settings['session_prefix'] . 'user_name'])) {
+    $smarty->assign('user_id', $_SESSION[$settings['session_prefix'] . 'user_id']);
+    $smarty->assign('user', htmlspecialchars($_SESSION[$settings['session_prefix'] . 'user_name']));
+    $smarty->assign('user_type', intval($_SESSION[$settings['session_prefix'] . 'user_type']));
+}
+if (isset($_SESSION[$settings['session_prefix'] . 'user_type']) && $_SESSION[$settings['session_prefix'] . 'user_type'] == 1)
+    $smarty->assign('mod', true);
+if (isset($_SESSION[$settings['session_prefix'] . 'user_type']) && $_SESSION[$settings['session_prefix'] . 'user_type'] == 2)
+    $smarty->assign('admin', true);
+if (isset($_SESSION[$settings['session_prefix'] . 'usersettings']['newtime']))
+    $smarty->assign('newtime', $_SESSION[$settings['session_prefix'] . 'usersettings']['newtime']);
+if (isset($last_visit))
+    $smarty->assign('last_visit', $last_visit);
+if (isset($menu))
+    $smarty->assign('menu', $menu);
+if (isset($read))
+    $smarty->assign('read', $read);
 
 $mode = isset($_REQUEST['mode']) ? $_REQUEST['mode'] : '';
 
-if($settings['access_for_users_only'] == 1 && empty($_SESSION[$settings['session_prefix'].'user_id']))
- {
-  if(empty($mode) || $mode!='account_locked' && $mode!='register' && $mode!='page' && $mode!='js_defaults') $mode = 'login';
- }
-if($settings['forum_enabled']!=1 && (empty($_SESSION[$settings['session_prefix'].'user_type']) || $_SESSION[$settings['session_prefix'].'user_type']<2))
- {
-  if(empty($mode) || $mode!='disabled' && $mode!='rss' && $mode!='login' && $mode!='js_defaults') $mode = 'disabled';
- }
-if(empty($mode) && isset($_REQUEST['id'])) $mode = 'entry';
+if ($settings['access_for_users_only'] == 1 && empty($_SESSION[$settings['session_prefix'] . 'user_id'])) {
+    if (empty($mode) || $mode != 'account_locked' && $mode != 'register' && $mode != 'page' && $mode != 'js_defaults')
+        $mode = 'login';
+}
+if ($settings['forum_enabled'] != 1 && (empty($_SESSION[$settings['session_prefix'] . 'user_type']) || $_SESSION[$settings['session_prefix'] . 'user_type'] < 2)) {
+    if (empty($mode) || $mode != 'disabled' && $mode != 'rss' && $mode != 'login' && $mode != 'js_defaults')
+        $mode = 'disabled';
+}
+if (empty($mode) && isset($_REQUEST['id']))
+    $mode = 'entry';
 
-if(empty($mode))
- {
-  // set user settings to default values if index page is requested
-  $_SESSION[$settings['session_prefix'].'usersettings']['page']=1;
-  if(isset($_SESSION[$settings['session_prefix'].'usersettings']['category_selection'])) $_SESSION[$settings['session_prefix'].'usersettings']['category']=-1;
-  else $_SESSION[$settings['session_prefix'].'usersettings']['category']=0;
-  $smarty->assign('top', true);
-  $mode = 'index';
- }
-
-switch($mode)
- {
-  case 'index':
-     include('includes/index.inc.php');
-     break;
-  case 'admin':
-     include('includes/admin.inc.php');
-     break;
-  case 'bookmarks':
-     include('includes/bookmark.inc.php');
-     break;
-  case 'contact':
-     include('includes/contact.inc.php');
-     break;
-  case 'delete_cookie':
-     include('includes/delete_cookie.inc.php');
-     break;
-  case 'login':
-     include('includes/login.inc.php');
-     break;
-  case 'posting':
-     include('includes/posting.inc.php');
-     break;
-  case 'register':
-     include('includes/register.inc.php');
-     break;
-  case 'rss':
-     include('includes/rss.inc.php');
-     break;
-  case 'search':
-     include('includes/search.inc.php');
-     break;
-  case 'entry':
-     include('includes/entry.inc.php');
-     break;
-  case 'thread':
-     include('includes/thread.inc.php');
-     break;
-  case 'user':
-     include('includes/user.inc.php');
-     break;
-  case 'page':
-     include('includes/page.inc.php');
-     break;
-  case 'js_defaults':
-     include('includes/js_defaults.inc.php');
-     break;
-  case 'upload_image':
-     include('includes/upload_image.inc.php');
-     break;
-  case 'insert_flash':
-     include('includes/insert_flash.inc.php');
-     break;
-  case 'avatar':
-     include('includes/avatar.inc.php');
-     break;
-  case 'account_locked':
-     include('includes/account_locked.inc.php');
-     break;
-  case 'disabled':
-     include('includes/disabled.inc.php');
-     break;
-  default:
-     $mode='index';
-     include('includes/index.inc.php');
- }
+if (empty($mode)) {
+    // set user settings to default values if index page is requested
+    $_SESSION[$settings['session_prefix'] . 'usersettings']['page'] = 1;
+    if (isset($_SESSION[$settings['session_prefix'] . 'usersettings']['category_selection']))
+        $_SESSION[$settings['session_prefix'] . 'usersettings']['category'] = -1;
+    else
+        $_SESSION[$settings['session_prefix'] . 'usersettings']['category'] = 0;
+    $smarty->assign('top', true);
+    $mode = 'index';
+}
 
+switch ($mode) {
+    case 'index':
+        include('includes/index.inc.php');
+        break;
+    case 'admin':
+        include('includes/admin.inc.php');
+        break;
+    case 'bookmarks':
+        include('includes/bookmark.inc.php');
+        break;
+    case 'contact':
+        include('includes/contact.inc.php');
+        break;
+    case 'delete_cookie':
+        include('includes/delete_cookie.inc.php');
+        break;
+    case 'login':
+        include('includes/login.inc.php');
+        break;
+    case 'posting':
+        include('includes/posting.inc.php');
+        break;
+    case 'register':
+        include('includes/register.inc.php');
+        break;
+    case 'rss':
+        include('includes/rss.inc.php');
+        break;
+    case 'search':
+        include('includes/search.inc.php');
+        break;
+    case 'entry':
+        include('includes/entry.inc.php');
+        break;
+    case 'thread':
+        include('includes/thread.inc.php');
+        break;
+    case 'user':
+        include('includes/user.inc.php');
+        break;
+    case 'page':
+        include('includes/page.inc.php');
+        break;
+    case 'js_defaults':
+        include('includes/js_defaults.inc.php');
+        break;
+    case 'upload_image':
+        include('includes/upload_image.inc.php');
+        break;
+    case 'avatar':
+        include('includes/avatar.inc.php');
+        break;
+    case 'account_locked':
+        include('includes/account_locked.inc.php');
+        break;
+    case 'disabled':
+        include('includes/disabled.inc.php');
+        break;
+    default:
+        $mode = 'index';
+        include('includes/index.inc.php');
+}
 $smarty->assign('mode', $mode);
 
-if(empty($template))
- {
-  header('Location: index.php');
-  exit;
- }
+if (empty($template)) {
+    header('Location: index.php');
+    exit;
+}
 
-if($mode=='rss')
- {
-  header("Content-Type: text/xml; charset=".$lang['charset']);
- }
-else
- {
-  if(strpos($_SERVER['HTTP_USER_AGENT'], 'MSIE')===false)
-   {
-    // do not send cache-control header to Internet Explorer
-    // causes problems when toggeling views or folding threads
-    header('Cache-Control: public, max-age=300');
-   }
-  header('Content-Type: text/html; charset='.$lang['charset']);
- }
+if ($mode == 'rss') {
+    header("Content-Type: text/xml; charset=" . $lang['charset']);
+} else {
+    header('Cache-Control: private, no-cache="set-cookie"');
+    header('Content-Type: text/html; charset=' . $lang['charset']);
+    
+    $currentURI = (isProtocolHTTPS() ? 'https' : 'http') . '://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
+    if ($mode != 'login' && (!isset($_SESSION[$settings['session_prefix'] . 'last_visited_uri']) || $_SESSION[$settings['session_prefix'] . 'last_visited_uri'] != $currentURI))
+        $_SESSION[$settings['session_prefix'] . 'last_visited_uri'] = $currentURI;
+}
 
-if(isset($_SESSION[$settings['session_prefix'].'usersettings']['theme']) && $smarty->templateExists($_SESSION[$settings['session_prefix'].'usersettings']['theme'].'/'.$template)) $theme = $_SESSION[$settings['session_prefix'].'usersettings']['theme'];
-else $theme = $settings['theme'];
-$smarty->assign('theme',$theme);
-$smarty->display($theme.'/'.$template);
-?>
+if (isset($_SESSION[$settings['session_prefix'] . 'usersettings']['theme']) && $smarty->templateExists($_SESSION[$settings['session_prefix'] . 'usersettings']['theme'] . '/' . $template)) {
+    $theme = $_SESSION[$settings['session_prefix'] . 'usersettings']['theme'];
+} else {
+    $theme = $settings['theme'];
+}
+$smarty->assign('theme', $theme);
+$smarty->display($theme . '/' . $template);
+
+// daily actions needs content from lang-file to create email 
+// load e-mail strings from language file:
+$smarty->configLoad($settings['language_file'], 'emails');
+$lang = $smarty->getConfigVars();
+if ($language_file != $settings['language_file'])
+	setlocale(LC_ALL, $lang['locale']);
+// do daily actions:
+daily_actions(TIMESTAMP);
+?>

install/index.php

@@ -20,212 +20,233 @@
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.        *
 *******************************************************************************/
 
-$default_settings['forum_name'] = 'my little forum';
-$default_settings['forum_address'] = 'http://'.$_SERVER['HTTP_HOST'].substr(rtrim(dirname($_SERVER['PHP_SELF']), '/\\'),0,strrpos(rtrim(dirname($_SERVER['PHP_SELF']), '/\\'),'/')).'/';
-$default_settings['table_prefix'] = 'mlf2_';
-
 define('IN_INDEX', TRUE);
 include('../config/db_settings.php');
 include('../includes/functions.inc.php');
 
-// stripslashes on GPC if get_magic_quotes_gpc is enabled:
-if(get_magic_quotes_gpc())
- {
-  function stripslashes_deep($value)
-   {
-    $value = is_array($value) ? array_map('stripslashes_deep', $value) : stripslashes($value);
-    return $value;
-   }
-  $_POST = array_map('stripslashes_deep', $_POST);
-  $_GET = array_map('stripslashes_deep', $_GET);
-  $_COOKIE = array_map('stripslashes_deep', $_COOKIE);
-  $_REQUEST = array_map('stripslashes_deep', $_REQUEST);
- }
+$default_settings['forum_name'] = 'my little forum';
+$default_settings['forum_address'] = ((isProtocolHTTPS() === true) ? 'https' : 'http') .'://'. $_SERVER['HTTP_HOST'] . substr(rtrim(dirname($_SERVER['SCRIPT_NAME']), '/\\'), 0, strrpos(rtrim(dirname($_SERVER['SCRIPT_NAME']), '/\\'), '/')) . '/';
+$default_settings['table_prefix'] = 'mlf2_';
 
-function table_exists($table)
- {
-  global $connid;
-  $result = @mysqli_query($connid, "SHOW TABLES");
-  while($row = mysqli_fetch_array($result))
-   {
-    if($table==$row[0]) return true;
-   }
-  return false;
- }
+function table_exists($table) {
+	global $connid;
+	$result = @mysqli_query($connid, "SHOW TABLES");
+	while ($row = mysqli_fetch_array($result)) {
+		if ($table == $row[0]) return true;
+		}
+	return false;
+}
+
+/**
+ * parses the relavant language file parts for the installation script
+ *
+ * the function reads the language file like a ini-file
+ * this function comes without multiline support (no e-mail templates)
+ * the code is based on the function in a comment on the
+ * manual page for the PHP-function parse_ini_string
+ * https://www.php.net/manual/de/function.parse-ini-string.php#111845
+ *
+ */
+function my_parse_ini_file($path) {
+	if (empty($path)) return false;
+	
+	$lines = file($path);
+	$ret = Array();
+	$inside_section = false;
+	
+	foreach ($lines as $line) {
+		$line = trim($line);
+		if (!$line || $line[0] == "#" || $line[0] == ";") continue;
+		
+		if ($line[0] == "[" && $endIdx = strpos($line, "]")) {
+			$inside_section = substr($line, 1, $endIdx-1);
+			continue;
+		}
+		if (!strpos($line, '=')) continue;
+		$tmp = explode("=", $line, 2);
+		
+		$key = rtrim($tmp[0]);
+		$value = ltrim($tmp[1]);
+		if (preg_match("/^\".*\"$/", $value) || preg_match("/^'.*'$/", $value)) {
+			$value = mb_substr($value, 1, mb_strlen($value) - 2);
+		}
+		$value = stripslashes($value);
+		
+		if ($inside_section) {
+			$t = preg_match("^\[(.*?)\]^", $key, $matches);
+			if (!empty($matches) && isset($matches[0])) {
+				$arr_name = preg_replace('#\[(.*?)\]#is', '', $key);
+				if (!isset($ret[$inside_section][$arr_name]) || !is_array($ret[$inside_section][$arr_name])) {
+					$ret[$inside_section][$arr_name] = array();
+				}
+				if (isset($matches[1]) && !empty($matches[1])) {
+					$ret[$inside_section][$arr_name][$matches[1]] = $value;
+				} else {
+					$ret[$inside_section][$arr_name][] = $value;
+				}
+			} else {
+				if (isset($ret[$inside_section][$key])) {
+					if (!is_array($ret[$inside_section][$key])) {
+						$atmp = $ret[$inside_section][$key];
+						$ret[$inside_section][$key] = [];
+						$ret[$inside_section][$key][] = $atmp;
+						$ret[$inside_section][$key][] = $value;
+					} else {
+						$ret[$inside_section][$key][] = $value;
+					}
+				} else {
+					$ret[$inside_section][$key] = $value;
+				}
+			}
+		} else {
+			if (isset($ret[$key])) {
+				if (!is_array($ret[$key])) {
+					$atmp = $ret[$key];
+					$ret[$key] = [];
+					$ret[$key][] = $atmp;
+					$ret[$key][] = $value;
+				} else {
+					$ret[$key][] = $value;
+				}
+			} else {
+				$ret[$key] = $value;
+			}
+		}
+	}
+	return $ret;
+}
 
 // check version:
 if(!file_exists('../config/VERSION')) {
 	die('Error in line '.__LINE__.': Missing the file config/VERSION.');
+} else {
+	$newVersion = file_get_contents('../config/VERSION');
+	if (empty($newVersion)) die('Error in line '.__LINE__.': No value for the script version in the file config/VERSION.');
+	else $newVersion = trim($newVersion);
 }
-$newVersion = trim(file_get_contents('../config/VERSION'));
 
-if(isset($_POST['language_file'])) $language_file = $_POST['language_file'];
+if (isset($_POST['language_file'])) $language_file = $_POST['language_file'];
 
-// try to connect to the database...
-if($connid = @mysqli_connect($db_settings['host'], $db_settings['user'], $db_settings['password']))
- {
-  if(@mysqli_select_db($connid, $db_settings['database']))
-   {
-    @mysqli_query($connid, 'SET NAMES utf8');
-    if(table_exists($db_settings['forum_table']))
-     {
-      // the forum seems to be installed
-      header('Location: ../');
-      exit;
-     }
-   }
- }
+// try to connect to the database …
+if (!empty($db_settings['database']) && $connid = @mysqli_connect($db_settings['host'], $db_settings['user'], $db_settings['password'], $db_settings['database'])) {
+	@mysqli_query($connid, 'SET NAMES utf8');
+	if (table_exists($db_settings['forum_table'])) {
+		// the forum seems to be installed
+		header('Location: ../');
+		exit;
+	}
+}
 
 // language already selected?
-if(empty($language_file))
- {
-  // get available languages:
-  $handle=opendir('../lang/');
-  while ($file = readdir($handle))
-   {
-    if(strrchr($file, ".")==".lang")
-     {
-      $file_array[] = $file;
-     }
-   }
-  closedir($handle);
-  natcasesort($file_array);
-  $i=0;
-  foreach($file_array as $file)
-   {
-    $language_files[$i]['file'] = $file;
-    $language_files[$i]['language'] = ucfirst(str_replace(".lang","",$file));
-    $language_parts = explode('.', $language_files[$i]['language']);
-    if(isset($language_parts[1])) $language_files[$i]['language'] = $language_parts[0].' ('.$language_parts[1].')';
-    $i++;
-   }
-
-  if(empty($language_files)) die('No language file available.');
-  elseif(count($language_files)==1)
-   {
-    // there's only one language file so take this one:
-    $language_file = $language_files[0]['file'];
-   }
-  else
-   {
-    // there are several language files so let the user choose one:
-    $action = 'choose_language';
-   }
- }
-
-// set provisional language file:
-if(empty($language_file)) $language_file = 'english.lang';
-
-if(isset($language_file))
-{
-
-if(!file_exists('../lang/'.$language_file) && isset($language_files[0]['file'])) $language_file = $language_files[0]['file'];
-if(!file_exists('../lang/'.$language_file)) die('Language file not available.');
-
-// quick & dirty method to get the config vars without smarty (prevents
-// creation of a compiled template which would only be used once for the
-// installation - doesn't get multi-line-strings properly!):
-$config_file = file('../lang/'.$language_file);
-foreach($config_file as $line)
- {
-  $line = trim($line);
-  if($line!='' && $line[0]!='[')
-   {
-    $line_parts = explode('=',$line,2);
-    if(isset($line_parts[1]))
-     {
-      $key = trim($line_parts[0]);
-      if(isset($lang[$key]))
-       {
-        if(is_array($lang[$key]))
-         {
-          $lang[$key][] = trim($line_parts[1]);
-         }
-        else
-         {
-          $lang[$key] = array($lang[$key]);
-          $lang[$key][] = trim($line_parts[1]);
-         }
-       }
-      else
-       {
-        $lang[$key] = trim($line_parts[1]);
-       }
-     }
-   }
- }
+if(empty($language_file)) {
+	// get available languages:
+	$handle = opendir('../lang/');
+	while ($file = readdir($handle)) {
+		if (strrchr($file, ".") == ".lang") {
+			$file_array[] = $file;
+		}
+	}
+	closedir($handle);
+	natcasesort($file_array);
+	$i = 0;
+	foreach ($file_array as $file) {
+		$language_files[$i]['file'] = $file;
+		$language_files[$i]['language'] = ucfirst(str_replace(".lang","",$file));
+		$language_parts = explode('.', $language_files[$i]['language']);
+		if (isset($language_parts[1]))
+			$language_files[$i]['language'] = $language_parts[0].' ('.$language_parts[1].')';
+		$i++;
+	}
 
+	if (empty($language_files)) die('No language file available.');
+	elseif (count($language_files) == 1) {
+		// there's only one language file so take this one:
+		$language_file = $language_files[0]['file'];
+	} else {
+		// there are several language files so let the user choose one:
+		$action = 'choose_language';
+	}
 }
 
-if(isset($_POST['install_submit']))
- {
-  // are all fields filled out?
-  foreach ($_POST as $post)
-   {
-    if(trim($post) == "")
-     {
-      $errors[] = $lang['error_form_uncomplete'];
-      break;
-     }
-   }
+// set provisional language file:
+if (empty($language_file)) $language_file = 'english.lang';
 
-  if(empty($errors))
-   {
-    if($_POST['admin_pw'] != $_POST['admin_pw_conf']) $errors[] = $lang['error_conf_pw'];
-   }
+if (isset($language_file)) {
+	if(!file_exists('../lang/'.$language_file) && isset($language_files[0]['file'])) $language_file = $language_files[0]['file'];
+	if(!file_exists('../lang/'.$language_file)) die('Language file not available.');
 
-  // try to connect the database with posted access data:
-  if(empty($errors))
-   {
-    $connid = @mysqli_connect($_POST['host'], $_POST['user'], $_POST['password']);
-    if(!$connid) $errors[] = $lang['error_db_connection']." (MySQL: ".mysqli_connect_error().")";
-   }
+	// quick & dirty method to get the config vars without smarty (prevents
+	// creation of a compiled template which would only be used once for the
+	// installation - doesn't get multi-line-strings properly!):
+	$lang = my_parse_ini_file('../lang/'.$language_file);
+}
 
-  if(empty($errors))
-   {
-    if(!file_exists('install.sql')) $errors[] = $lang['error_sql_file_doesnt_exist'];
-   }
+if (isset($_POST['install_submit'])) {
+	// are all fields filled out?
+	foreach ($_POST as $post) {
+		if (trim($post) == "") {
+			$errors[] = $lang['general']['error_form_uncomplete'];
+			break;
+		}
+	}
+	if (empty($errors)) {
+		if ($_POST['admin_pw'] != $_POST['admin_pw_conf']) $errors[] = $lang['install']['error_conf_pw'];
+	}
+	// try to connect the database with posted access data:
+	if (empty($errors)) {
+		$connid = @mysqli_connect($_POST['host'], $_POST['user'], $_POST['password']);
+		if (!$connid) $errors[] = $lang['install']['error_db_connection']." (MySQL: ".mysqli_connect_error().")";
+	}
+	if (empty($errors)) {
+		if (!file_exists('install.sql')) $errors[] = $lang['install']['error_sql_file_doesnt_exist'];
+	}
 
 	// overwrite database settings file:
 	if(empty($errors) && empty($_POST['dont_overwrite_settings'])) {
 		// Keys of database array
 		$db_connection_keys = array('host', 'user', 'password', 'database');
 		$db_setting_keys = array(
-								'settings_table'       => 'settings', 
-								'forum_table'          => 'entries',
-								'category_table'       => 'categories',
-								'userdata_table'       => 'userdata',
-								'smilies_table'        => 'smilies', 
-								'pages_table'          => 'pages',
-								'banlists_table'       => 'banlists',
-								'useronline_table'     => 'useronline',
-								'login_control_table'  => 'logincontrol',
-								'entry_cache_table'    => 'entries_cache',
-								'userdata_cache_table' => 'userdata_cache',
-								'bookmark_table'       => 'bookmarks',
-								'read_status_table'    => 'read_entries',
-								'temp_infos_table'     => 'temp_infos'
-							);
-
+			'settings_table'       => 'settings', 
+			'forum_table'          => 'entries',
+			'category_table'       => 'categories',
+			'userdata_table'       => 'userdata',
+			'smilies_table'        => 'smilies', 
+			'pages_table'          => 'pages',
+			'banlists_table'       => 'banlists',
+			'useronline_table'     => 'useronline',
+			'login_control_table'  => 'logincontrol',
+			'entry_cache_table'    => 'entries_cache',
+			'userdata_cache_table' => 'userdata_cache',
+			'bookmark_table'       => 'bookmarks',
+			'read_status_table'    => 'read_entries',
+			'temp_infos_table'     => 'temp_infos',
+			'tags_table'           => 'tags',
+			'bookmark_tags_table'  => 'bookmark_tags',
+			'entry_tags_table'     => 'entry_tags',
+			'subscriptions_table'  => 'subscriptions',
+			'b8_wordlist_table'    => 'b8_wordlist',
+			'b8_rating_table'      => 'b8_rating',
+			'akismet_rating_table' => 'akismet_rating',
+			'uploads_table'        => 'uploads'
+		);
 		clearstatcache();
 		$chmod = decoct(fileperms("../config/db_settings.php"));
 		
 		foreach ($db_connection_keys as $key) {
 			// Check POST-data and reject data that contains html or php code like <?php
 			if (!isset($_POST[$key]) || $_POST[$key] != strip_tags($_POST[$key])) {
-				$errors[] = $lang['error_form_uncomplete'];
+				$errors[] = $lang['general']['error_form_uncomplete'];
 				break;
 			}
 			$db_settings[$key] = $_POST[$key];
 		}
-		
 		// check table_prefix
 		if (!isset($_POST['table_prefix']) || $_POST['table_prefix'] != strip_tags($_POST['table_prefix'])) {
-			$errors[] = $lang['error_form_uncomplete'];
+			$errors[] = $lang['general']['error_form_uncomplete'];
 		}
 
 		if (empty($errors)) {
-			$db_settings_file = @fopen("../config/db_settings.php", "w") or $errors[] = str_replace("[CHMOD]",$chmod,$lang['error_overwrite_config_file']);
+			$db_settings_file = @fopen("../config/db_settings.php", "w") or $errors[] = str_replace("[CHMOD]", $chmod, $lang['install']['error_overwrite_config_file']);
 			flock($db_settings_file, 2);
 			fwrite($db_settings_file, "<?php\n");
 			foreach ($db_connection_keys as $key) {
@@ -241,214 +262,407 @@ if(isset($_POST['install_submit']))
 		}
 	}
 
-  if(empty($errors) && isset($_POST['create_database']))
-   {
-    // create database if desired:
-    @mysqli_query($connid, "CREATE DATABASE ".$db_settings['database']) or $errors[] = $lang['create_db_error']." (MySQL: ".mysqli_error($connid).")";
-   }
+	if (empty($errors) && isset($_POST['create_database'])) {
+		// create database if desired:
+		@mysqli_query($connid, "CREATE DATABASE ".$db_settings['database']) or $errors[] = $lang['install']['create_db_error']." (MySQL: ".mysqli_error($connid).")";
+	}
 
-  // select database:
-  if(empty($errors))
-   {
-    @mysqli_select_db($connid, $db_settings['database']) or $errors[] = $lang['error_db_inexistent']." (MySQL: ".mysqli_error($connid).")";
-    @mysqli_query($connid, 'SET NAMES utf8');
-   }
+	// select database:
+	if (empty($errors)) {
+		@mysqli_select_db($connid, $db_settings['database']) or $errors[] = $lang['install']['error_db_inexistent']." (MySQL: ".mysqli_error($connid).")";
+		@mysqli_query($connid, 'SET NAMES utf8');
+	}
 
 	// run installation sql file:
 	if(empty($errors)) {
 		if (!isset($_POST['table_prefix']) || $_POST['table_prefix'] != strip_tags($_POST['table_prefix'])) {
-			$errors[] = $lang['error_form_uncomplete'];
-		}
-		else {
+			$errors[] = $lang['general']['error_form_uncomplete'];
+		} else {
 			$lines = file('install.sql');
 			$cleared_lines = array();
-			foreach($lines as $line) {
+			foreach ($lines as $line) {
 				$line = str_replace(' mlf2_', ' '.$_POST['table_prefix'], $line);
+				$line = str_replace('`smbl_mlf2_', '`smbl_'.$_POST['table_prefix'], $line);
 				$line = trim($line);
-				if(my_substr($line, -1, my_strlen($line,$lang['charset']), $lang['charset'])==';') 
-					$line = my_substr($line,0,-1,$lang['charset']);
-				if($line != '' && my_substr($line,0,1,$lang['charset'])!='#') 
+				if (my_substr($line, -1, my_strlen($line, $lang['default']['charset']), $lang['default']['charset']) == ';')
+					$line = my_substr($line,0,-1,$lang['default']['charset']);
+				if ($line != '' && my_substr($line,0,1,$lang['default']['charset']) != '#')
 					$cleared_lines[] = $line;
 			}
 			
 			@mysqli_query($connid, "START TRANSACTION") or die(mysqli_error($connid));
-			foreach($cleared_lines as $line) {
-				if(!@mysqli_query($connid, $line)) {
-					$errors[] = $lang['error_sql']." (MySQL: ".mysqli_error($connid).")";
+			foreach ($cleared_lines as $line) {
+				if (!@mysqli_query($connid, $line)) {
+					$errors[] = $lang['install']['error_sql']." (MySQL: ".mysqli_error($connid).")";
 				}
 			}
-			if(!@mysqli_query($connid, "INSERT INTO ".$db_settings['settings_table']." VALUES ('version', '". mysqli_real_escape_string($connid, $newVersion) ."');")) {
-				$errors[] = $lang['error_sql']." (MySQL: ".mysqli_error($connid).")";
+			if (!@mysqli_query($connid, "INSERT INTO " . $db_settings['temp_infos_table'] . " (`name`, `value`) VALUES ('version', '". mysqli_real_escape_string($connid, $newVersion) ."');")) {
+				$errors[] = $lang['install']['error_sql']." (MySQL: ".mysqli_error($connid).")";
 			}
 			@mysqli_query($connid, "COMMIT");
 		}
 	}
 
 	// insert admin in userdata table:
-	if(empty($errors)) {
+	if (empty($errors)) {
 		$pw_hash = generate_pw_hash($_POST['admin_pw']);
-		@mysqli_query($connid, "UPDATE ".$db_settings['userdata_table']." SET user_name='".mysqli_real_escape_string($connid, $_POST['admin_name'])."', user_pw = '".mysqli_real_escape_string($connid, $pw_hash)."', user_email = '".mysqli_real_escape_string($connid, $_POST['admin_email'])."' WHERE user_id=1") or $errors[] = $lang['error_create_admin']." (MySQL: ".mysqli_error($connid).")";
+		@mysqli_query($connid, "UPDATE ".$db_settings['userdata_table']." SET user_name='".mysqli_real_escape_string($connid, $_POST['admin_name'])."', user_pw = '".mysqli_real_escape_string($connid, $pw_hash)."', user_email = '".mysqli_real_escape_string($connid, $_POST['admin_email'])."' WHERE user_id=1") or $errors[] = $lang['install']['error_create_admin']." (MySQL: ".mysqli_error($connid).")";
 	}
 
-   // set forum name, address and email address:
-   if(empty($errors))
-    {
-     @mysqli_query($connid, "UPDATE ".$db_settings['settings_table']." SET value='".mysqli_real_escape_string($connid, $_POST['forum_name'])."' WHERE name='forum_name' LIMIT 1") or $errors[] = $lang['error_update_settings']." (MySQL: ".mysqli_error($connid).")";
-     @mysqli_query($connid, "UPDATE ".$db_settings['settings_table']." SET value='".mysqli_real_escape_string($connid, $_POST['forum_address'])."' WHERE name='forum_address' LIMIT 1") or $errors[] = $lang['error_update_settings']." (MySQL: ".mysqli_error($connid).")";
-     @mysqli_query($connid, "UPDATE ".$db_settings['settings_table']." SET value='".mysqli_real_escape_string($connid, $_POST['forum_email'])."' WHERE name='forum_email' LIMIT 1") or $errors[] = $lang['error_update_settings']." (MySQL: ".mysqli_error($connid).")";
-     @mysqli_query($connid, "UPDATE ".$db_settings['settings_table']." SET value='".mysqli_real_escape_string($connid, $_POST['language_file'])."' WHERE name='language_file' LIMIT 1") or $errors[] = $lang['error_update_settings']." (MySQL: ".mysqli_error($connid).")";
-    }
+	// set forum name, address and email address:
+	if (empty($errors)) {
+		@mysqli_query($connid, "UPDATE ".$db_settings['settings_table']." SET value='".mysqli_real_escape_string($connid, $_POST['forum_name'])."' WHERE name='forum_name' LIMIT 1") or $errors[] = $lang['install']['error_update_settings']." (MySQL: ".mysqli_error($connid).")";
+		@mysqli_query($connid, "UPDATE ".$db_settings['settings_table']." SET value='".mysqli_real_escape_string($connid, $_POST['forum_address'])."' WHERE name='forum_address' LIMIT 1") or $errors[] = $lang['install']['error_update_settings']." (MySQL: ".mysqli_error($connid).")";
+		@mysqli_query($connid, "UPDATE ".$db_settings['settings_table']." SET value='".mysqli_real_escape_string($connid, $_POST['forum_email'])."' WHERE name='forum_email' LIMIT 1") or $errors[] = $lang['install']['error_update_settings']." (MySQL: ".mysqli_error($connid).")";
+		@mysqli_query($connid, "UPDATE ".$db_settings['settings_table']." SET value='".mysqli_real_escape_string($connid, $_POST['language_file'])."' WHERE name='language_file' LIMIT 1") or $errors[] = $lang['install']['error_update_settings']." (MySQL: ".mysqli_error($connid).")";
+	}
+	if (empty($errors)) {
+		header('Location: ../');
+		exit;
+	}
+}
 
-   if(empty($errors))
-    {
-     header('Location: ../');
-     exit;
-    }
- }
+if (empty($action)) $action = 'install';
 
-if(empty($action)) $action = 'install';
+header('Content-Type: text/html; charset='.$lang['default']['charset']);
 
-header('Content-Type: text/html; charset='.$lang['charset']);
-
-?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="<?php echo $lang['language']; ?>">
+?><!DOCTYPE html>
+<html lang="<?php echo $lang['default']['language']; ?>" dir="<?php echo $lang['default']['dir']; ?>">
 <head>
-<title>my little forum - <?php echo $lang['installation_title']; ?></title>
-<meta http-equiv="content-type" content="text/html; charset=<?php echo $lang['charset']; ?>" />
-<link rel="shortcut icon" href="../themes/default/images/favicon.ico" />
-<style type="text/css">
-<!--
-body              { color:#000; background:#fff; margin:0; padding:0; font-family: verdana, arial, sans-serif; font-size:100.1%; }
-h1                { font-size:1.25em; }
-p,ul              { font-size:0.82em; line-height:1.45em; }
-#top              { margin:0; padding:0 20px 0 20px; color:#000000; background:#d2ddea; border-bottom: 1px solid #bacbdf; }
-#top h1           { font-size:2.2em; line-height:2em; margin:0; padding:0; color:#000080; }
-#content          { padding:20px; }
-table.admintab    { border: 1px solid #bacbdf; }
-td.admintab-hl    { width: 100%; vertical-align: top; font-family: verdana, arial, sans-serif; font-size: 13px; background:#e1eaf3; }
-td.admintab-hl h2 { margin: 3px 0px 3px 0px; font-size: 15px; font-weight: bold; }
-td.admintab-hl p  { font-size: 11px; line-height: 16px; margin: 0px 0px 3px 0px; padding: 0px; }
-td.admintab-l     { width: 50%; vertical-align: top; font-family: verdana, arial, sans-serif; font-size: 13px; background: #f5f5f5; }
-td.admintab-r     { width: 50%; vertical-align: top; font-family: verdana, arial, sans-serif; font-size: 13px; background: #f5f5f5; }
-.caution          { color: red; font-weight: bold; }
-.small            { font-size: 11px; line-height:16px; }
-a:link            { color: #0000cc; text-decoration: none; }
-a:visited         { color: #0000cc; text-decoration: none; }
-a:hover           { color: #0000ff; text-decoration: underline; }
-a:active          { color: #ff0000; text-decoration: none; }
-
--->
-</style>
+ <meta charset="<?php echo $lang['default']['charset']; ?>">
+ <title>my little forum - <?php echo $lang['install']['installation_title']; ?></title>
+ <link rel="shortcut icon" href="../themes/default/images/favicon.ico">
+ <style type="text/css">
+*, ::before, ::after {
+  box-sizing: border-box;
+}
+body {
+  color: #000;
+  background: #fff;
+  margin: 0;
+  padding: 0;
+  font-family: verdana, arial, sans-serif;
+  font-size: 1em;
+  font-size: 1rem;
+}
+p, ul, button {
+  font-size: 1em;
+  line-height: 145%;
+}
+header, main {
+  margin: 0;
+}
+header {
+  background: #d2ddea;
+  background: linear-gradient(to bottom, #d2deec 0%, #edf2f5 100%);
+  border-bottom: 1px solid #bacbdf;
+}
+header h1 {
+  margin: 0  auto;
+  padding: 0;
+  min-width: 28em;
+  width: 60vw;
+}
+section, main > h2 {
+  margin: 1rem auto;
+  padding: 1rem;
+  min-width: 28em;
+  width: 60vw;
+}
+header > h1, main > h2 {
+  padding: 0.5rem 1rem;
+}
+section {
+  padding: 1rem;
+  border: 1px solid #bacbdf;
+  border-radius: 0.5rem;
+}
+h1, h2, h3 {
+  line-height: 140%;
+  margin: 0;
+  padding: 0;
+}
+h1 {
+  font-size: 1.5em;
+  color: #000080;
+}
+h2 {
+  font-size: 1.15em;
+}
+section h2 {
+  border-bottom: 1px solid #bacbdf;
+  padding: 0 0 0.5rem 0;
+}
+section > ul {
+  margin: 1rem 0 0 0;
+  padding: 0 0 0 1.5rem;
+}
+.error {
+  background-color: #ffb;
+  border-color: #c00;
+}
+.error h2 {
+  color: #c00;
+  border-color: #c00;
+}
+h2 + form {
+  margin-top: 1rem;
+}
+form h3, input[type="text"], input[type="password"], input[type="url"], input[type="email"], option {
+  font-size: 1em;
+}
+fieldset {
+  border: none;
+  padding: 0;
+}
+fieldset:not(:last-of-type) {
+  margin-bottom: 2.5rem;
+}
+legend {
+  display: block;
+  width: 100%;
+  padding: 0 0 0.5rem 0;
+  font-weight: bold;
+  font-size: 1.15em;
+  line-height: 140%;
+  border-bottom: 1px solid #bacbdf;
+}
+legend + p {
+  margin: 0.5rem 0 0.75rem 0;
+}
+fieldset div:not(:last-of-type) {
+  margin: 0 0 0.75rem 0;
+}
+label {
+  cursor: pointer;
+}
+.button-bar {
+  margin: 1rem 0 0 0;
+}
+#forum-install label:not(.for-selectors), .label-like {
+  display: block;
+  margin: 0 0 0.5rem 0;
+}
+#forum-install label h3, #forum-install label p, .label-like h3, .label-like p {
+  margin: 0;
+  font-size: 1em;
+}
+#forum-install input:not([type="checkbox"]) {
+  display: block;
+}
+#forum-install input[type="checkbox"] {
+  margin: 0 0.5rem 0 0;
+}
+#lang-select ul {
+  padding: 0;
+  list-style: none;
+  border: 1px solid #bacbdf;
+}
+#lang-select li:not(:last-child) {
+  border-bottom: 1px solid #bacbdf;
+}
+#lang-select input[type="radio"] {
+  display: none;
+}
+#lang-select label {
+  display: inline-block;
+  width: 100%;
+  padding: 0.35rem;
+  background: #fff;
+  color: #744;
+  cursor: pointer;
+}
+#lang-select input[type="radio"]:checked ~ label {
+  background: #aaffc8;
+  color: #000;
+}
+#lang-select input[type="radio"]:checked ~ label::after {
+  font-size: 0.8em;
+  content: ' ✔';
+}
+a {
+  color: #0000cc;
+  text-decoration: none;
+}
+a:focus, a:hover {
+  color: #0000ff;
+  text-decoration: underline;
+}
+a:active {
+  color: #ff0000;
+}
+ </style>
 </head>
-
 <body>
+ <header>
+  <h1>my little forum - Installation</h1>
+ </header>
+ <main>
+<?php
+switch($action):
+case 'install': ?>
+  <h2><?php echo $lang['install']['installation_title']; ?></h2>
+  <section>
+   <ul>
+<?php foreach ($lang['install']['installation_instructions'] as $instruction): ?>
+    <li><?php echo $instruction; ?></li>
+<?php endforeach; ?>
+   </ul>
+  </section>
+<?php if (isset($errors)): ?>
+  <section class="error">
+   <h2><?php echo $lang['general']['error_headline']; ?></h2>
+   <ul>
+<?php foreach($errors as $error): ?>
+    <li><?php echo $error; ?></li>
+<?php endforeach; ?>
+   </ul>
+  </section>
+<?php endif; ?>
+  <section>
+   <form action="index.php" method="post" id="forum-install">
+    <input type="hidden" name="language_file" value="<?php echo $language_file; ?>">
+    <fieldset>
+     <legend><?php echo $lang['install']['inst_basic_settings']; ?></legend>
+     <p><?php echo $lang['install']['inst_main_settings_desc']; ?></p>
+     <div>
+      <label for="id-forum-name">
+       <h3><?php echo $lang['admin']['forum_name']; ?></h3>
+       <p><?php echo $lang['admin']['forum_name_desc']; ?></p>
+      </label>
+      <input type="text" id="id-forum-name" name="forum_name" value="<?php if (isset($_POST['forum_name'])) echo $_POST['forum_name']; else echo $default_settings['forum_name']; ?>" size="40">
+     </div>
+     <div>
+      <label for="id-forum-address">
+       <h3><?php echo $lang['admin']['forum_address']; ?></h3>
+       <p><?php echo $lang['admin']['forum_address_desc']; ?></p>
+      </label>
+      <input type="url" id="id-forum-address" name="forum_address" value="<?php if (isset($_POST['forum_address'])) echo $_POST['forum_address']; else { if ($default_settings['forum_address'] != "") echo $default_settings['forum_address']; } ?>" size="40">
+     </div>
+     <div>
+      <label for="id-forum-email">
+       <h3><?php echo $lang['admin']['forum_email']; ?></h3>
+       <p><?php echo $lang['admin']['forum_email_desc']; ?></p>
+      </label>
+      <input type="email" id="id-forum-email" name="forum_email" value="<?php if (isset($_POST['forum_email'])) echo $_POST['forum_email']; else echo "@"; ?>" size="40">
+     </div>
+    </fieldset>
+    <fieldset>
+     <legend><?php echo $lang['install']['inst_admin_settings']; ?></legend>
+     <p><?php echo $lang['install']['inst_admin_settings_desc']; ?></p>
+     <div>
+      <label for="id-admin-name">
+       <h3><?php echo $lang['install']['inst_admin_name']; ?></h3>
+       <p><?php echo $lang['install']['inst_admin_name_desc']; ?></p>
+      </label>
+      <input type="text" id="id-admin-name" name="admin_name" value="<?php if (isset($_POST['admin_name'])) echo $_POST['admin_name']; ?>" size="40">
+     </div>
+     <div>
+      <label for="id-admin-email">
+       <h3><?php echo $lang['install']['inst_admin_email']; ?></h3>
+       <p><?php echo $lang['install']['inst_admin_email_desc']; ?></p>
+      </label>
+      <input type="email" id="id-admin-email" name="admin_email" value="<?php if (isset($_POST['admin_email'])) echo $_POST['admin_email']; else echo "@"; ?>" size="40">
+     </div>
+     <div>
+      <label for="id-admin-pw">
+       <h3><?php echo $lang['install']['inst_admin_pw']; ?></h3>
+       <p><?php echo $lang['install']['inst_admin_pw_desc']; ?></p>
+      </label>
+      <input type="password" id="id-admin-pw" name="admin_pw" value="" size="40">
+     </div>
+     <div>
+      <label for="id-admin-pw-conf">
+       <h3><?php echo $lang['install']['inst_admin_pw_conf']; ?></h3>
+       <p><?php echo $lang['install']['inst_admin_pw_conf_desc']; ?></p>
+      </label>
+      <input type="password" id="id-admin-pw-conf" name="admin_pw_conf" value="" size="40">
+     </div>
+    </fieldset>
+    <fieldset>
+     <legend><?php echo $lang['install']['inst_db_settings']; ?></legend>
+     <p><?php echo $lang['install']['inst_db_settings_desc']; ?></p>
+     <div>
+      <label for="id-db-host">
+       <h3><?php echo $lang['install']['inst_db_host']; ?></h3>
+       <p><?php echo $lang['install']['inst_db_host_desc']; ?></p>
+      </label>
+      <input type="text" id="id-db-host" name="host" value="<?php if (isset($_POST['host'])) echo $_POST['host']; else echo $db_settings['host']; ?>" size="40">
+     </div>
+     <div>
+      <label for="id-db-name">
+       <h3><?php echo $lang['install']['inst_db_name']; ?></h3>
+       <p><?php echo $lang['install']['inst_db_name_desc']; ?></p>
+      </label>
+      <input type="text" id="id-db-name" name="database" value="<?php if (isset($_POST['database'])) echo $_POST['database']; else echo $db_settings['database']; ?>" size="40">
+     </div>
+     <div>
+      <label for="id-db-user">
+       <h3><?php echo $lang['install']['inst_db_user']; ?></h3>
+       <p><?php echo $lang['install']['inst_db_user_desc']; ?></p>
+      </label>
+      <input type="text" id="id-db-user" name="user" value="<?php if (isset($_POST['user'])) echo $_POST['user']; else echo $db_settings['user']; ?>" size="40">
+     </div>
+     <div>
+      <label for="id-db-password">
+       <h3><?php echo $lang['install']['inst_db_pw']; ?></h3>
+       <p><?php echo $lang['install']['inst_db_pw_desc']; ?></p>
+      </label>
+      <input type="password" id="id-db-password" name="password" value="" size="40">
+     </div>
+     <div>
+      <label for="id-table-prefix">
+       <h3><?php echo $lang['install']['inst_table_prefix']; ?></h3>
+       <p><?php echo $lang['install']['inst_table_prefix_desc']; ?></p>
+      </label>
+      <input type="text" id="id-table-prefix" name="table_prefix" value="<?php if (isset($_POST['table_prefix'])) echo $_POST['table_prefix']; else echo $default_settings['table_prefix']; ?>" size="40">
+     </div>
+    </fieldset>
+    <fieldset>
+     <legend><?php echo $lang['install']['inst_advanced_options']; ?></legend>
+     <p><?php echo $lang['install']['inst_advanced_options_desc']; ?></p>
+     <div>
+      <div class="label-like">
+       <h3><?php echo $lang['install']['inst_advanced_database']; ?></h3>
+       <p><?php echo $lang['install']['inst_advanced_database_desc']; ?></p>
+      </div>
+      <input id="create_database" type="checkbox" name="create_database" value="true"<?php if (isset($_POST['create_database'])) echo ' checked'; ?>><label for="create_database" class="for-selectors"><?php echo $lang['install']['create_database']; ?></label>
+     </div>
+     <div>
+      <div class="label-like">
+       <h3><?php echo $lang['install']['inst_advanced_conf_file']; ?></h3>
+       <p><?php echo $lang['install']['inst_advanced_conf_file_desc']; ?></p>
+      </div>
+      <input id="dont_overwrite_settings" type="checkbox" name="dont_overwrite_settings" value="true"<?php if (isset($_POST['dont_overwrite_settings'])) echo ' checked'; ?>><label for="dont_overwrite_settings" class="for-selectors"><?php echo $lang['install']['dont_overwrite_settings']; ?></label>
+     </div>
+    </fieldset>
+    <p class="button-bar"><button name="install_submit" value="<?php echo $lang['install']['forum_install_ok']; ?>"><?php echo $lang['install']['forum_install_ok']; ?></button></p>
+   </form>
+  </section>
+<?php
+break;
+case 'choose_language':
+?>
+  <section>
+   <h2><?php echo $lang['install']['label_choose_language']; ?></h2>
+   <form action="index.php" method="post" id="lang-select">
+    <ul>
+<?php foreach ($language_files as $file):
+if ($file['file'] == $language_file): ?>
+     <li><input id="id_<?php echo $file['language']; ?>" name="language_file" value="<?php echo $file['file']; ?>" type="radio" checked><label for="id_<?php echo $file['language']; ?>"><?php echo $file['language']; ?></label></li>
+<?php else: ?>
+     <li><input id="id_<?php echo $file['language']; ?>" name="language_file" value="<?php echo $file['file']; ?>" type="radio"><label for="id_<?php echo $file['language']; ?>"><?php echo $file['language']; ?></label></li>
 
-<div id="top">
-<h1>my little forum</h1>
-</div>
-<div id="content"><h1><?php echo $lang['installation_title']; ?></h1><?php
-switch($action)
- {
-  case 'install':
-   ?><ul><?php
-   foreach($lang['installation_instructions'] as $instruction)
-    {
-     ?><li><?php echo $instruction; ?></li><?php
-    }
-   ?></ul><?php
-   if(isset($errors))
-    {
-     ?><p class="caution" style="margin-top: 10px;"><?php echo $lang['error_headline']; ?><ul><?php foreach($errors as $error) { ?><li><?php echo $error; ?></li><?php } ?></ul></p><p>&nbsp;</p><?php
-    }
-   ?><form action="index.php" method="post">
-       <table class="admintab" border="0" cellpadding="5" cellspacing="1">
-       <tr>
-       <td class="admintab-hl" colspan="2"><h2><?php echo $lang['inst_basic_settings']; ?></h2><p><?php echo $lang['inst_main_settings_desc']; ?></p></td>
-       </tr>
-       <tr>
-       <td class="admintab-l"><b><?php echo $lang['forum_name']; ?></b><br /><span class="small"><?php echo $lang['forum_name_desc']; ?></span></td>
-       <td class="admintab-r"><input type="text" name="forum_name" value="<?php if (isset($_POST['forum_name'])) echo $_POST['forum_name']; else echo $default_settings['forum_name']; ?>" size="40" /></td>
-       </tr>
-       <tr>
-       <td class="admintab-l"><b><?php echo $lang['forum_address']; ?></b><br /><span class="small"><?php echo $lang['forum_address_desc']; ?></span></td>
-       <td class="admintab-r"><input type="text" name="forum_address" value="<?php if (isset($_POST['forum_address'])) echo $_POST['forum_address']; else { if ($default_settings['forum_address'] != "") echo $default_settings['forum_address']; } ?>" size="40" /></td>
-       </tr>
-       <tr>
-       <td class="admintab-l"><b><?php echo $lang['forum_email']; ?></b><br /><span class="small"><?php echo $lang['forum_email_desc']; ?></span></td>
-       <td class="admintab-r"><input type="text" name="forum_email" value="<?php if (isset($_POST['forum_email'])) echo $_POST['forum_email']; else echo "@"; ?>" size="40" /></td>
-       </tr>
-       <tr>
-       <td class="admintab-hl" colspan="2"><h2><?php echo $lang['inst_admin_settings']; ?></h2><p><?php echo $lang['inst_admin_settings_desc']; ?></p></td>
-       </tr>
-       <tr>
-       <td class="admintab-l"><b><?php echo $lang['inst_admin_name']; ?></b><br /><span class="small"><?php echo $lang['inst_admin_name_desc']; ?></span></td>
-       <td class="admintab-r"><input type="text" name="admin_name" value="<?php if (isset($_POST['admin_name'])) echo $_POST['admin_name']; ?>" size="40" /></td>
-       </tr>
-       <tr>
-       <td class="admintab-l"><b><?php echo $lang['inst_admin_email']; ?></b><br /><span class="small"><?php echo $lang['inst_admin_email_desc']; ?></span></td>
-       <td class="admintab-r"><input type="text" name="admin_email" value="<?php if (isset($_POST['admin_email'])) echo $_POST['admin_email']; else echo "@"; ?>" size="40" /></td>
-       </tr>
-       <tr>
-       <td class="admintab-l"><b><?php echo $lang['inst_admin_pw']; ?></b><br /><span class="small"><?php echo $lang['inst_admin_pw_desc']; ?></span></td>
-       <td class="admintab-r"><input type="password" name="admin_pw" value="" size="40" /></td>
-       </tr>
-       <tr>
-       <td class="admintab-l"><b><?php echo $lang['inst_admin_pw_conf']; ?></b><br /><span class="small"><?php echo $lang['inst_admin_pw_conf_desc']; ?></span></td>
-       <td class="admintab-r"><input type="password" name="admin_pw_conf" value="" size="40" /></td>
-       </tr>
-       <tr>
-       <td class="admintab-hl" colspan="2"><h2><?php echo $lang['inst_db_settings']; ?></h2><p><?php echo $lang['inst_db_settings_desc']; ?></p></td>
-       </tr>
-       <tr>
-       <td class="admintab-l"><b><?php echo $lang['inst_db_host']; ?></b><br /><span class="small"><?php echo $lang['inst_db_host_desc']; ?></span></td>
-       <td class="admintab-r"><input type="text" name="host" value="<?php if (isset($_POST['host'])) echo $_POST['host']; else echo $db_settings['host']; ?>" size="40" /></td>
-       </tr>
-       <tr>
-       <td class="admintab-l"><b><?php echo $lang['inst_db_name']; ?></b><br /><span class="small"><?php echo $lang['inst_db_name_desc']; ?></span></td>
-       <td class="admintab-r"><input type="text" name="database" value="<?php if (isset($_POST['database'])) echo $_POST['database']; else echo $db_settings['database']; ?>" size="40" /></td>
-       </tr>
-       <tr>
-       <td class="admintab-l"><b><?php echo $lang['inst_db_user']; ?></b><br /><span class="small"><?php echo $lang['inst_db_user_desc']; ?></span></td>
-       <td class="admintab-r"><input type="text" name="user" value="<?php if (isset($_POST['user'])) echo $_POST['user']; else echo $db_settings['user']; ?>" size="40" /></td>
-       </tr>
-       <tr>
-       <td class="admintab-l"><b><?php echo $lang['inst_db_pw']; ?></b><br /><span class="small"><?php echo $lang['inst_db_pw_desc']; ?></span></td>
-       <td class="admintab-r"><input type="password" name="password" value="<?php /*if(isset($_POST['password'])) echo $_POST['password'];*/ ?>" size="40" /></td>
-       </tr>
-       <tr>
-       <td class="admintab-l"><b><?php echo $lang['inst_table_prefix']; ?></b><br /><span class="small"><?php echo $lang['inst_table_prefix_desc']; ?></span></td>
-       <td class="admintab-r"><input type="text" name="table_prefix" value="<?php if (isset($_POST['table_prefix'])) echo $_POST['table_prefix']; else echo $default_settings['table_prefix']; ?>" size="40" /></td>
-       </tr>
-       <tr>
-       <td class="admintab-hl" colspan="2"><h2><?php echo $lang['inst_advanced_options']; ?></h2><p><?php echo $lang['inst_advanced_options_desc']; ?></p></td>
-       </tr>
-       <tr>
-       <td class="admintab-l"><b><?php echo $lang['inst_advanced_database']; ?></b><br /><span class="small"><?php echo $lang['inst_advanced_database_desc']; ?></span></td>
-       <td class="admintab-r"><input id="create_database" type="checkbox" name="create_database" value="true"<?php if (isset($_POST['create_database'])) echo ' checked="checked"'; ?> /> <label for="create_database"><?php echo $lang['create_database']; ?></label></td>
-       </tr>
-       <tr>
-       <td class="admintab-l"><b><?php echo $lang['inst_advanced_conf_file']; ?></b><br /><span class="small"><?php echo $lang['inst_advanced_conf_file_desc']; ?></span></td>
-       <td class="admintab-r"><input id="dont_overwrite_settings" type="checkbox" name="dont_overwrite_settings" value="true"<?php if (isset($_POST['dont_overwrite_settings'])) echo ' checked="checked"'; ?> /> <label for="dont_overwrite_settings"><?php echo $lang['dont_overwrite_settings']; ?></label></td>
-       </tr>
-       <tr>
-       <td class="admintab-hl" colspan="2"><input type="submit" name="install_submit" value="<?php echo $lang['forum_install_ok']; ?>" /><input type="hidden" name="language_file" value="<?php echo $language_file; ?>" /></td>
-       </tr>
-       </table>
-       </form><?php
-   break;
-  case 'choose_language':
-   ?><p><label for="language_file"><?php echo $lang['label_choose_language']; ?></label></p>
-   <form action="index.php" method="post">
-   <p><select id="language_file" name="language_file" size="1"><?php
-   foreach($language_files as $file)
-    {
-     ?><option value="<?php echo $file['file']; ?>"<?php if($language_file==$file['file']) echo " selected=\"selected\""; ?>><?php echo $file['language']; ?></option><?php
-    }
-   ?></select>
-   <input type="submit" value="<?php echo $lang['submit_button_ok']; ?>" /></p>
-   </form><?php
-   break;
- }
-?></div>
+<?php endif;
+endforeach; ?>
+    </ul>
+    <p class="button-bar"><button name="submit"><?php echo $lang['general']['submit_button_ok']; ?></button></p>
+   </form>
+  </section>
+<?php
+break;
+endswitch
+?>
+ </main>
 </body>
 </html>

install/install.sql

@@ -1,19 +1,27 @@
 # note: the installation script expects one query per line!
 
-CREATE TABLE mlf2_banlists (name varchar(255) NOT NULL default '', list text NOT NULL) CHARSET=utf8 COLLATE=utf8_general_ci;
-CREATE TABLE mlf2_categories (id int(11) NOT NULL auto_increment, order_id int(11) NOT NULL default '0', category varchar(255) NOT NULL default '', description varchar(255) NOT NULL default '',accession tinyint(4) NOT NULL default '0', PRIMARY KEY (id)) CHARSET=utf8 COLLATE=utf8_general_ci;
-CREATE TABLE mlf2_entries (id int(11) NOT NULL auto_increment, pid int(11) NOT NULL default '0', tid int(11) NOT NULL default '0', uniqid varchar(255) NOT NULL default '', time timestamp NOT NULL default CURRENT_TIMESTAMP, last_reply timestamp NULL DEFAULT NULL, edited timestamp NULL DEFAULT NULL, edited_by int(11) default NULL, user_id int(11) default '0', name varchar(255) NOT NULL default '', subject varchar(255) NOT NULL default '',category int(11) NOT NULL default '0', email varchar(255) NOT NULL default '', hp varchar(255) NOT NULL default '', location varchar(255) NOT NULL default '', ip varchar(128) NOT NULL default '', text text NOT NULL, tags varchar(255) NOT NULL default '', show_signature tinyint(4) default '0', email_notification tinyint(4) default '0', marked tinyint(4) default '0', locked tinyint(4) default '0', sticky tinyint(4) default '0', views int(11) default '0', spam tinyint(4) default '0', spam_check_status tinyint(4) default '0', edit_key varchar(255) NOT NULL default '', PRIMARY KEY (id), UNIQUE KEY id (id), KEY tid (tid),KEY category (category), KEY pid (pid), KEY sticky (sticky)) CHARSET=utf8 COLLATE=utf8_general_ci;
-CREATE TABLE mlf2_settings (name varchar(255) NOT NULL default '', value varchar(255) NOT NULL default '') CHARSET=utf8 COLLATE=utf8_general_ci;
-CREATE TABLE mlf2_smilies (id int(11) NOT NULL auto_increment, order_id int(11) NOT NULL default '0', file varchar(100) NOT NULL default '', code_1 varchar(50) NOT NULL default '', code_2 varchar(50) NOT NULL default '', code_3 varchar(50) NOT NULL default '', code_4 varchar(50) NOT NULL default '', code_5 varchar(50) NOT NULL default '', title varchar(255) NOT NULL default '', PRIMARY KEY (id)) CHARSET=utf8 COLLATE=utf8_general_ci;
-CREATE TABLE mlf2_userdata (user_id int(11) NOT NULL auto_increment, user_type tinyint(4) NOT NULL default '0', user_name varchar(255) NOT NULL default '', user_real_name varchar(255) NOT NULL default '', gender tinyint(4) NOT NULL default '0', birthday date NULL default NULL, user_pw varchar(255) NOT NULL default '', user_email varchar(255) NOT NULL default '', email_contact tinyint(4) default '0', user_hp varchar(255) NOT NULL default '', user_location varchar(255) NOT NULL default '', signature varchar(255) NOT NULL default '', profile text NOT NULL, logins int(11) NOT NULL default '0', last_login timestamp NULL default CURRENT_TIMESTAMP, last_logout timestamp NULL DEFAULT NULL, user_ip varchar(128) NOT NULL default '', registered timestamp NULL DEFAULT NULL, category_selection varchar(255) DEFAULT NULL, thread_order tinyint(4) NOT NULL default '0', user_view tinyint(4) NOT NULL default '0', sidebar tinyint(4) NOT NULL default '1', fold_threads tinyint(4) NOT NULL default '0', thread_display tinyint(4) NOT NULL default '0', new_posting_notification tinyint(4) default '0', new_user_notification tinyint(4) default '0', user_lock tinyint(4) default '0', auto_login_code varchar(50) NOT NULL default '', pwf_code varchar(50) NOT NULL, activate_code varchar(50) NOT NULL default '', language VARCHAR(255) NOT NULL DEFAULT '', time_zone VARCHAR(255) NOT NULL DEFAULT '', time_difference smallint(4) default '0', theme VARCHAR(255) NOT NULL DEFAULT '', entries_read TEXT NOT NULL, PRIMARY KEY (user_id)) CHARSET=utf8 COLLATE=utf8_general_ci;
-CREATE TABLE mlf2_pages (id int(11) NOT NULL auto_increment,order_id int(11) NOT NULL, title varchar(255) NOT NULL default '', content text NOT NULL, menu_linkname varchar(255) NOT NULL default '', access tinyint(4) NOT NULL default '0', PRIMARY KEY (id)) CHARSET=utf8 COLLATE=utf8_general_ci;
-CREATE TABLE mlf2_useronline (ip char(15) NOT NULL default '',time int(14) NOT NULL default '0',user_id int(11) default '0') CHARSET=utf8 COLLATE=utf8_general_ci;
-CREATE TABLE mlf2_logincontrol (time timestamp NOT NULL default CURRENT_TIMESTAMP, ip varchar(255) NOT NULL default '', logins int(11) NOT NULL default '0') CHARSET=utf8 COLLATE=utf8_general_ci;
-CREATE TABLE mlf2_entries_cache (cache_id int(11) NOT NULL, cache_text mediumtext NOT NULL, PRIMARY KEY (cache_id)) CHARSET=utf8 COLLATE=utf8_general_ci;
-CREATE TABLE mlf2_userdata_cache (cache_id int(11) NOT NULL, cache_signature text NOT NULL, cache_profile text NOT NULL, PRIMARY KEY (cache_id)) CHARSET=utf8 COLLATE=utf8_general_ci;
-CREATE TABLE mlf2_bookmarks (id int(11) NOT NULL AUTO_INCREMENT, user_id int(11) NOT NULL, posting_id int(11) NOT NULL, time timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP, subject varchar(255) NOT NULL, order_id int(11) NOT NULL DEFAULT '0', PRIMARY KEY (id), UNIQUE KEY UNIQUE_uid_pid (user_id,posting_id)) ENGINE=InnoDB CHARSET=utf8 COLLATE=utf8_general_ci;
-CREATE TABLE mlf2_read_entries (user_id int(11) UNSIGNED NOT NULL, posting_id int(11) UNSIGNED NOT NULL, time timestamp NOT NULL, PRIMARY KEY (user_id, posting_id)) ENGINE=InnoDB CHARSET=utf8 COLLATE=utf8_general_ci;
-CREATE TABLE mlf2_temp_infos (name varchar(50) NOT NULL, value varchar(255) NOT NULL, time timestamp NULL DEFAULT NULL, PRIMARY KEY (name)) ENGINE=InnoDB CHARSET=utf8 COLLATE=utf8_general_ci;
+CREATE TABLE mlf2_banlists (name varchar(255) NOT NULL, list text NOT NULL, PRIMARY KEY (name)) ENGINE=InnoDB CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
+CREATE TABLE mlf2_categories (id int(11) UNSIGNED NOT NULL AUTO_INCREMENT, order_id int(11) NOT NULL default '0', category varchar(255) NOT NULL default '', description varchar(255) NOT NULL default '', accession tinyint(4) NOT NULL default '0', PRIMARY KEY (id)) ENGINE=InnoDB CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
+CREATE TABLE mlf2_entries (id int(11) UNSIGNED NOT NULL AUTO_INCREMENT, pid int(11) UNSIGNED NOT NULL default '0', tid int(11) UNSIGNED NOT NULL default '0', uniqid varchar(255) NOT NULL default '', time timestamp NOT NULL default CURRENT_TIMESTAMP, last_reply timestamp NULL DEFAULT NULL, edited timestamp NULL DEFAULT NULL, edited_by int(11) UNSIGNED default NULL, user_id int(11) UNSIGNED default '0', name varchar(255) NOT NULL default '', subject varchar(255) NOT NULL default '',category int(11) UNSIGNED NOT NULL default '0', email varchar(255) NOT NULL default '', hp varchar(255) NOT NULL default '', location varchar(255) NOT NULL default '', ip varchar(128) NOT NULL default '', text text NOT NULL, show_signature tinyint(4) default '0', marked tinyint(4) default '0', locked tinyint(4) default '0', sticky tinyint(4) default '0', views int(11) UNSIGNED default '0', edit_key varchar(255) NOT NULL default '', PRIMARY KEY (id), UNIQUE KEY id (id), KEY tid (tid),KEY category (category), KEY pid (pid), KEY sticky (sticky), KEY user_id (user_id), KEY time (time), KEY last_reply (last_reply)) ENGINE=InnoDB CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
+CREATE TABLE mlf2_settings (name varchar(255) NOT NULL, value varchar(255) NOT NULL default '', PRIMARY KEY (name)) ENGINE=InnoDB CHARSET=utf8mb4 COLLATE=utf8mb4_bin;
+CREATE TABLE mlf2_smilies (id int(11) UNSIGNED NOT NULL AUTO_INCREMENT, order_id int(11) NOT NULL default '0', file varchar(100) NOT NULL default '', code_1 varchar(50) NOT NULL default '', code_2 varchar(50) NOT NULL default '', code_3 varchar(50) NOT NULL default '', code_4 varchar(50) NOT NULL default '', code_5 varchar(50) NOT NULL default '', title varchar(255) NOT NULL default '', PRIMARY KEY (id)) ENGINE=InnoDB CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
+CREATE TABLE mlf2_userdata (user_id int(11) UNSIGNED NOT NULL AUTO_INCREMENT, user_type tinyint(4) NOT NULL default '0', user_name varchar(128) NOT NULL COLLATE utf8mb4_bin, user_real_name varchar(255) NOT NULL default '', gender tinyint(4) NOT NULL default '0', birthday date NULL default NULL, user_pw varchar(255) NOT NULL default '', user_email varchar(255) NOT NULL, email_contact tinyint(4) default '0', user_hp varchar(255) NOT NULL default '', user_location varchar(255) NOT NULL default '', signature varchar(255) NOT NULL default '', profile text NOT NULL, logins int(11) NOT NULL default '0', last_login timestamp NULL default CURRENT_TIMESTAMP, last_logout timestamp NULL DEFAULT NULL, user_ip varchar(128) NOT NULL default '', registered timestamp NULL DEFAULT NULL, category_selection varchar(255) DEFAULT NULL, thread_order tinyint(4) NOT NULL default '0', user_view tinyint(4) NOT NULL default '0', sidebar tinyint(4) NOT NULL default '1', fold_threads tinyint(4) NOT NULL default '0', thread_display tinyint(4) NOT NULL default '0', new_posting_notification tinyint(4) default '0', new_user_notification tinyint(4) default '0', user_lock tinyint(4) default '0', browser_window_target tinyint(4) NOT NULL default '0', auto_login_code varchar(50) NOT NULL default '', pwf_code varchar(50) NOT NULL, activate_code varchar(50) NOT NULL default '', language VARCHAR(255) NOT NULL DEFAULT '', time_zone VARCHAR(255) NOT NULL DEFAULT '', time_difference smallint(4) default '0', theme VARCHAR(255) NOT NULL DEFAULT '', tou_accepted DATETIME NULL DEFAULT NULL, dps_accepted DATETIME NULL DEFAULT NULL, inactivity_notification BOOLEAN NOT NULL DEFAULT FALSE, PRIMARY KEY (user_id), KEY key_user_type (user_type), UNIQUE KEY key_user_name (user_name), UNIQUE KEY key_user_email (user_email)) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
+CREATE TABLE mlf2_pages (id int(11) UNSIGNED NOT NULL AUTO_INCREMENT, order_id int(11) NOT NULL, title varchar(255) NOT NULL default '', content text NOT NULL, menu_linkname varchar(255) NOT NULL default '', access tinyint(4) NOT NULL default '0', PRIMARY KEY (id)) ENGINE=InnoDB CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
+CREATE TABLE mlf2_useronline (ip varchar(128) NOT NULL default '', time int(14) NOT NULL default '0', user_id int(11) UNSIGNED default '0') ENGINE=InnoDB CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
+CREATE TABLE mlf2_logincontrol (time timestamp NOT NULL default CURRENT_TIMESTAMP, ip varchar(128) NOT NULL default '', logins int(11) NOT NULL default '0') ENGINE=InnoDB CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
+CREATE TABLE mlf2_entries_cache (cache_id int(11) NOT NULL, cache_text mediumtext NOT NULL, PRIMARY KEY (cache_id)) ENGINE=InnoDB CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
+CREATE TABLE mlf2_userdata_cache (cache_id int(11) NOT NULL, cache_signature text NOT NULL, cache_profile text NOT NULL, PRIMARY KEY (cache_id)) ENGINE=InnoDB CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
+CREATE TABLE mlf2_bookmarks (id int(11) UNSIGNED NOT NULL AUTO_INCREMENT, user_id int(11) UNSIGNED NOT NULL, posting_id int(11) UNSIGNED NOT NULL, time timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP, subject varchar(255) NOT NULL, order_id int(11) NOT NULL DEFAULT '0', PRIMARY KEY (id), UNIQUE KEY UNIQUE_uid_pid (user_id,posting_id)) ENGINE=InnoDB CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
+CREATE TABLE mlf2_read_entries (user_id int(11) UNSIGNED NOT NULL, posting_id int(11) UNSIGNED NOT NULL, time timestamp NOT NULL, PRIMARY KEY (user_id, posting_id), KEY `user_id` (`user_id`), KEY `posting_id` (`posting_id`)) ENGINE=InnoDB CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
+CREATE TABLE mlf2_temp_infos (name varchar(50) NOT NULL, value varchar(255) NOT NULL, time timestamp NULL DEFAULT NULL, PRIMARY KEY (name)) ENGINE=InnoDB CHARSET=utf8mb4 COLLATE=utf8mb4_bin;
+CREATE TABLE mlf2_entry_tags (`bid` int(11) NOT NULL, `tid` int(11) NOT NULL, PRIMARY KEY (`bid`,`tid`)) ENGINE=InnoDB CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
+CREATE TABLE mlf2_bookmark_tags (`bid` int(11) NOT NULL, `tid` int(11) NOT NULL, PRIMARY KEY (`bid`,`tid`)) ENGINE=InnoDB CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
+CREATE TABLE mlf2_tags (`id` int(11) UNSIGNED NOT NULL AUTO_INCREMENT, `tag` varchar(128) NOT NULL, PRIMARY KEY (`id`), UNIQUE KEY `tag` (`tag`)) ENGINE=InnoDB CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
+CREATE TABLE mlf2_subscriptions (`user_id` int(12) UNSIGNED NULL, `eid` int(12) UNSIGNED NOT NULL, `unsubscribe_code` varchar(36) NOT NULL, `tstamp` datetime DEFAULT NULL, UNIQUE `user_thread` (`user_id`, `eid`) USING HASH, INDEX `hash` (`unsubscribe_code`)) ENGINE = InnoDB CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
+CREATE TABLE mlf2_b8_rating (`eid` int(11) NOT NULL, `spam` tinyint(1) NOT NULL DEFAULT '0', `training_type` tinyint(1) NOT NULL DEFAULT '0', PRIMARY KEY (`eid`), KEY `b8_spam` (`spam`), KEY `B8_training_type` (`training_type`)) ENGINE=InnoDB CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
+CREATE TABLE mlf2_akismet_rating (`eid` int(11) NOT NULL, `spam` tinyint(1) NOT NULL DEFAULT '0', `spam_check_status` tinyint(1) NOT NULL DEFAULT '0', PRIMARY KEY (`eid`), KEY `akismet_spam` (`spam`), KEY spam_check_status (spam_check_status)) ENGINE=InnoDB CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
+CREATE TABLE mlf2_b8_wordlist (`token` varchar(255) NOT NULL, `count_ham` int unsigned default NULL, `count_spam` int unsigned default NULL, PRIMARY KEY (`token`)) ENGINE=InnoDB CHARSET=utf8mb4 COLLATE=utf8mb4_bin;
+CREATE TABLE mlf2_uploads (`id` int(10) UNSIGNED NOT NULL AUTO_INCREMENT, `uploader` int(10) UNSIGNED NULL, `pathname` varchar(128) NOT NULL, `tstamp` datetime NULL, PRIMARY KEY (id), UNIQUE KEY `pathname` (`pathname`), CONSTRAINT `smbl_mlf2_uploader` FOREIGN KEY `fk_uploader` (`uploader`) REFERENCES mlf2_userdata(`user_id`) ON UPDATE CASCADE ON DELETE SET NULL) ENGINE=InnoDB CHARSET=utf8mb4 COLLATE=utf8mb4_bin;
 
 INSERT INTO mlf2_banlists VALUES ('user_agents', '');
 INSERT INTO mlf2_banlists VALUES ('ips', '');
@@ -31,7 +39,7 @@ INSERT INTO mlf2_settings VALUES ('access_for_users_only', '0');
 INSERT INTO mlf2_settings VALUES ('entries_by_users_only', '0');
 INSERT INTO mlf2_settings VALUES ('register_mode', '0');
 INSERT INTO mlf2_settings VALUES ('default_email_contact', '0');
-INSERT INTO mlf2_settings VALUES ('user_area_public', '0');
+INSERT INTO mlf2_settings VALUES ('user_area_access', '1');
 INSERT INTO mlf2_settings VALUES ('rss_feed', '1');
 INSERT INTO mlf2_settings VALUES ('rss_feed_max_items', '20');
 INSERT INTO mlf2_settings VALUES ('session_prefix', 'mlf2_');
@@ -53,10 +61,6 @@ INSERT INTO mlf2_settings VALUES ('bbcode_img', '1');
 INSERT INTO mlf2_settings VALUES ('bbcode_color', '1');
 INSERT INTO mlf2_settings VALUES ('bbcode_size', '1');
 INSERT INTO mlf2_settings VALUES ('bbcode_code', '0');
-INSERT INTO mlf2_settings VALUES ('bbcode_tex', '0');
-INSERT INTO mlf2_settings VALUES ('bbcode_flash', '0');
-INSERT INTO mlf2_settings VALUES ('flash_default_width', '425');
-INSERT INTO mlf2_settings VALUES ('flash_default_height', '344');
 INSERT INTO mlf2_settings VALUES ('upload_images', '0');
 INSERT INTO mlf2_settings VALUES ('smilies', '1');
 INSERT INTO mlf2_settings VALUES ('autolink', '1');
@@ -97,11 +101,9 @@ INSERT INTO mlf2_settings VALUES ('deep_reply', '15');
 INSERT INTO mlf2_settings VALUES ('very_deep_reply', '30');
 INSERT INTO mlf2_settings VALUES ('users_per_page', '20');
 INSERT INTO mlf2_settings VALUES ('username_maxlength', '40');
-INSERT INTO mlf2_settings VALUES ('bad_behavior', '0');
 INSERT INTO mlf2_settings VALUES ('akismet_entry_check', '0');
 INSERT INTO mlf2_settings VALUES ('akismet_mail_check', '0');
 INSERT INTO mlf2_settings VALUES ('akismet_key', '');
-INSERT INTO mlf2_settings VALUES ('akismet_check_registered', '0');
 INSERT INTO mlf2_settings VALUES ('stop_forum_spam', '0');
 INSERT INTO mlf2_settings VALUES ('tags', '1');
 INSERT INTO mlf2_settings VALUES ('tag_cloud', '0');
@@ -127,14 +129,37 @@ INSERT INTO mlf2_settings VALUES ('captcha_email', '0');
 INSERT INTO mlf2_settings VALUES ('captcha_register', '0');
 INSERT INTO mlf2_settings VALUES ('min_pw_length', '8');
 INSERT INTO mlf2_settings VALUES ('cookie_validity_days', '30');
-INSERT INTO mlf2_settings VALUES ('access_permission_checks', '0');
 INSERT INTO mlf2_settings VALUES ('daily_actions_time', '3:30');
-INSERT INTO mlf2_settings VALUES ('next_daily_actions', '0');
-INSERT INTO mlf2_settings VALUES ('max_read_items', '200');
 INSERT INTO mlf2_settings VALUES ('delete_ips', '0');
-INSERT INTO mlf2_settings VALUES ('last_changes', '0');
 INSERT INTO mlf2_settings VALUES ('ajax_preview', '1');
-INSERT INTO mlf2_settings VALUES ('read_state_expiration_date', '150');
+INSERT INTO mlf2_settings VALUES ('read_state_expiration_value', '500');
+INSERT INTO mlf2_settings VALUES ('read_state_expiration_method', '0');
+INSERT INTO mlf2_settings VALUES ('uploads_per_page', '20');
+INSERT INTO mlf2_settings VALUES ('data_privacy_agreement', '0');
+INSERT INTO mlf2_settings VALUES ('data_privacy_statement_url', '');
+INSERT INTO mlf2_settings VALUES ('bbcode_latex', '0');
+INSERT INTO mlf2_settings VALUES ('bbcode_latex_uri', 'https://cdn.jsdelivr.net/npm/mathjax@3/es5/tex-mml-chtml.js');
+INSERT INTO mlf2_settings VALUES ('min_posting_time', '5'); 
+INSERT INTO mlf2_settings VALUES ('min_register_time', '5');
+INSERT INTO mlf2_settings VALUES ('min_email_time', '5');
+INSERT INTO mlf2_settings VALUES ('max_posting_time', '10800'); 
+INSERT INTO mlf2_settings VALUES ('max_register_time', '10800');
+INSERT INTO mlf2_settings VALUES ('max_email_time', '10800');
+INSERT INTO mlf2_settings VALUES ('b8_entry_check', '1');
+INSERT INTO mlf2_settings VALUES ('b8_auto_training', '1');
+INSERT INTO mlf2_settings VALUES ('b8_mail_check', '0');
+INSERT INTO mlf2_settings VALUES ('b8_spam_probability_threshold', '80');
+INSERT INTO mlf2_settings VALUES ('spam_check_registered', '0');
+INSERT INTO mlf2_settings VALUES ('min_pw_digits', '0');
+INSERT INTO mlf2_settings VALUES ('min_pw_lowercase_letters', '0');
+INSERT INTO mlf2_settings VALUES ('min_pw_uppercase_letters', '0');
+INSERT INTO mlf2_settings VALUES ('min_pw_special_characters', '0');
+INSERT INTO mlf2_settings VALUES ('php_mailer', '0');
+INSERT INTO mlf2_settings VALUES ('delete_inactive_users', '30');
+INSERT INTO mlf2_settings VALUES ('notify_inactive_users', '3');
+INSERT INTO mlf2_settings VALUES ('link_open_target', '');
+
+INSERT INTO mlf2_temp_infos (`name`, `value`) VALUES ('access_permission_checks', '0'), ('last_changes', '0'), ('next_daily_actions', '0');
 
 INSERT INTO mlf2_smilies VALUES (1, 1, 'smile.png', ':-)', '', '', '', '', '');
 INSERT INTO mlf2_smilies VALUES (2, 2, 'wink.png', ';-)', '', '', '', '', '');
@@ -143,6 +168,8 @@ INSERT INTO mlf2_smilies VALUES (4, 4, 'biggrin.png', ':-D', '', '', '', '', '')
 INSERT INTO mlf2_smilies VALUES (5, 5, 'neutral.png', ':-|', '', '', '', '', '');
 INSERT INTO mlf2_smilies VALUES (6, 6, 'frown.png', ':-(', '', '', '', '', '');
 
-INSERT INTO mlf2_userdata VALUES (1, 2, 'admin', '', 0, NULL, 'c3ccb88dc0a985b9b5da20bb9333854194dfbc7767d91c6936', 'admin@example.com', 1, '', '', '', '', 0, NULL, NULL, '', NOW(), NULL, 0, 0, 1, 0, 0, 0, 0, 0, '', '', '', '', '', 0, '', '');
+INSERT INTO mlf2_b8_wordlist (`token`, `count_ham`, `count_spam`) VALUES ('b8*dbversion', '3', NULL), ('b8*texts', '0', '0');
+
+INSERT INTO mlf2_userdata (user_type, user_name, user_pw, user_email, email_contact, profile, logins, last_login, last_logout, registered, pwf_code, theme) VALUES (2, 'admin', 'c3ccb88dc0a985b9b5da20bb9333854194dfbc7767d91c6936', 'admin@example.com', 1, '', 0, NULL, NULL, NOW(), '', '');
 
 

js/admin.js

@@ -1,143 +0,0 @@
-/***********************************************************************
-*                         MyLittleJavaScript                           *
-************************************************************************
-* Created by Michael Loesler <http://derletztekick.com>                *
-*                                                                      *
-* This script is part of my little forum <http://mylittleforum.net>    *
-*                                                                      *
-* This program is free software; you can redistribute it and/or modify *
-* it under the terms of the GNU General Public License as published by *
-* the Free Software Foundation; either version 3 of the License, or    *
-* (at your option) any later version.                                  *
-*                                                                      *
-* This program is distributed in the hope that it will be useful,      *
-* but WITHOUT ANY WARRANTY; without even the implied warranty of       *
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the        *
-* GNU General Public License for more details.                         *
-*                                                                      *
-* You should have received a copy of the GNU General Public License    *
-* along with this program; if not, write to the                        *
-* Free Software Foundation, Inc.,                                      *
-* 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.            *
-***********************************************************************/
-
-/***********************************************************************
-* NOTICE: In order to reduce bandwidth usage, a minimized version of   *
-* this script is used by default (admin.min.js). Changes in this file  *
-* do not have any effect unless it is loaded by the template           *
-* (themes/[THEME FOLDER]/main.tpl).                                    *
-* The minimized version was created with the YUI Compressor            *
-* <http://developer.yahoo.com/yui/compressor/>, i.e.                   *
-* <http://ganquan.info/yui/>.                                          *
-***********************************************************************/
-
-/**
- * Kleiner Feature im Adminbereich werden
- * von diesem Objekt realisiert.
- * Hauptsaechlich handelt es sich um Sicherheitsabfragen
- */
-function MyLittleAdmin() {
-
-	/**
-	 * Initialisiert in den globalen Einstellungen
-	 * den CSS-Klassenwechsel bei RADIO und CHECKBOX
-	 */
-	var initGlobalSettings = function() {
-		var f = document.getElementById("settings");
-		
-		if (!f)
-			return;
-			
-		var changeClassName = function(id, active) {
-			if (id && document.getElementById(id+"_label"))
-				document.getElementById(id+"_label").className = active?"active":"inactive";		
-		};
-		
-		var changeCollectionClassName = function(col) {
-			for (var i=0; i<col.length; i++)
-				changeClassName(col[i].id, col[i].checked);
-		};
-		
-		for (var i=0; i<f.elements.length; i++) {
-			var el = f.elements[i];
-			if (el.type == "checkbox" || el.type == "radio") {
-				el.onchange = function(e) {
-					var els = f.elements[this.name];
-					if (els) {
-						if (typeof els.length != "number") 
-							els = [els];
-						changeCollectionClassName(els);
-					}
-				};
-			}
-		}
-	};
-
-	/**
-	 * Initialisiert die Backup-Loesch-Abfragen
-	 *
-	 */
-	var initBackupControls = function() {
-		var el = document.getElementById("selectioncontrols");
-		var f  = document.getElementById("selectform")
-		if (!el || !f)
-			return;
-		var cb = f.elements["delete_backup_files[]"];
-		// Elements liefert bei einem Element leider kein Array sondern nur das Element.
-		if (cb && typeof cb.length != "number") 
-			cb = [cb];
-		
-		var links = f.getElementsByTagName("a");
-		for (var i=0; i<links.length; i++) {
-			if (links[i].href.search("delete_backup_files") != -1) {
-				links[i].onclick = function(e) {
-					var confirmed = window.confirm( lang["delete_backup_confirm"] );
-					if (confirmed) 
-						this.href += "&delete_backup_files_confirm="+true;
-					this.blur();
-					return confirmed;	
-				};
-			}							
-		}
-		
-		var selectAll = function(s) {
-			for (var i=0; i<cb.length; i++)
-				cb[i].checked = s;
-		};
-		
-		f.onsubmit = function(e) {
-			// Pruefe, ob ein File geloescht werden soll
-			var c = false;
-			for (var i=0; i<cb.length; i++)
-				if ((c = cb[i].checked) != false)
-					break;
-			if (!c)
-				return false;
-				
-			c = window.confirm( lang["delete_sel_backup_confirm"] );
-			if (c && this.elements["delete_backup_files_confirm"])
-				this.elements["delete_backup_files_confirm"].value = true;
-			return c;
-		};
-		
-		var wrapperEl = document.createElementWithAttributes("span", {"className": "checkall"}, el);
-		var checkAll  = document.createElementWithAttributes("a", {"onclick": function(e) {selectAll(this.setSelect); return false;}, "href": "#", "setSelect": true}, wrapperEl);
-		wrapperEl.appendChild(document.createTextNode(" / "));
-		var checkNone = document.createElementWithAttributes("a", {"onclick": function(e) {selectAll(this.setSelect); return false;}, "href": "#", "setSelect": false}, wrapperEl);
-		checkAll.appendChild( document.createTextNode( lang["check_all"] ));
-		checkNone.appendChild( document.createTextNode( lang["uncheck_all"] ));
-	};
-	
-	/**
-	 * Initialisiert die moeglichen Admin-Funktionen
-	 */
-	(function() {
-		initGlobalSettings();
-		initBackupControls();
-	}());
-}
-
-window.ready.push(function() {
-	new MyLittleAdmin();
-	new DragAndDropTable(document.getElementById("sortable"), "admin", "action");
-});

js/admin.min.js

@@ -1 +0,0 @@
-function MyLittleAdmin(){var a=function(){var g=document.getElementById("settings");if(!g){return}var h=function(i,f){if(i&&document.getElementById(i+"_label")){document.getElementById(i+"_label").className=f?"active":"inactive"}};var c=function(f){for(var j=0;j<f.length;j++){h(f[j].id,f[j].checked)}};for(var d=0;d<g.elements.length;d++){var e=g.elements[d];if(e.type=="checkbox"||e.type=="radio"){e.onchange=function(i){var f=g.elements[this.name];if(f){if(typeof f.length!="number"){f=[f]}c(f)}}}}};var b=function(){var c=document.getElementById("selectioncontrols");var j=document.getElementById("selectform");if(!c||!j){return}var g=j.elements["delete_backup_files[]"];if(g&&typeof g.length!="number"){g=[g]}var l=j.getElementsByTagName("a");for(var h=0;h<l.length;h++){if(l[h].href.search("delete_backup_files")!=-1){l[h].onclick=function(f){var i=window.confirm(lang.delete_backup_confirm);if(i){this.href+="&delete_backup_files_confirm="+true}this.blur();return i}}}var e=function(n){for(var f=0;f<g.length;f++){g[f].checked=n}};j.onsubmit=function(n){var o=false;for(var f=0;f<g.length;f++){if((o=g[f].checked)!=false){break}}if(!o){return false}o=window.confirm(lang.delete_sel_backup_confirm);if(o&&this.elements.delete_backup_files_confirm){this.elements.delete_backup_files_confirm.value=true}return o};var k=document.createElementWithAttributes("span",{className:"checkall"},c);var m=document.createElementWithAttributes("a",{onclick:function(f){e(this.setSelect);return false},href:"#",setSelect:true},k);k.appendChild(document.createTextNode(" / "));var d=document.createElementWithAttributes("a",{onclick:function(f){e(this.setSelect);return false},href:"#",setSelect:false},k);m.appendChild(document.createTextNode(lang.check_all));d.appendChild(document.createTextNode(lang.uncheck_all))};(function(){a();b()}())}window.ready.push(function(){new MyLittleAdmin();new DragAndDropTable(document.getElementById("sortable"),"admin","action")});

js/posting.js

@@ -1,9 +1,9 @@
 /***********************************************************************
 *                         MyLittleJavaScript                           *
 ************************************************************************
-* Created by Michael Loesler <http://derletztekick.com>                *
+* Created by Michael Loesler <https://github.com/loesler>              *
 *                                                                      *
-* This script is part of my little forum <http://mylittleforum.net>    *
+* This script is part of my little forum <https://mylittleforum.net>   *
 *                                                                      *
 * This program is free software; you can redistribute it and/or modify *
 * it under the terms of the GNU General Public License as published by *
@@ -27,12 +27,10 @@
 * file do not have any effect unless it is loaded by the template      *
 * (themes/[THEME FOLDER]/main.tpl).                                    *
 * The minimized version was created with the YUI Compressor            *
-* <http://developer.yahoo.com/yui/compressor/>, i.e.                   *
-* <http://ganquan.info/yui/>.                                          *
 ***********************************************************************/
 
 /**
- * Klasse fuer BB-Code Schaltflaechen
+ * BB-Code button object
  * @param el
  */
 function BBCodeButton(el) {
@@ -68,7 +66,7 @@ function BBCodeButton(el) {
 	this.setHTMLElement = function(el) {
 		htmlEl = el;
 		htmlEl.onclick = function(e) {
-			self.insertCode(this); 
+			self.insertCode(this);
 			return false;
 		}
 	};
@@ -81,15 +79,13 @@ function BBCodeButton(el) {
 };
 
 /**
- * Sonderbutton - LINK
+ * Special button for link elements
  * @param el
  */
 function BBCodeLinkButton(el) {
 	this.constructor(el);
 	var link_bb_code = "link";
 	var regExpURI = new RegExp(/[http|https|ftp|ftps]:\/\/[a-zA-Z0-9-.][a-zA-Z0-9-.]+(S+)?/);
-	var regExpFID = new RegExp(/[?|&]id=([0-9]+)/);
-	var forumURI = window.location.hostname + window.location.pathname;
 	this.insertCode = function(obj) {
 		if (!this.canInsert()) 
 			return;
@@ -97,18 +93,10 @@ function BBCodeLinkButton(el) {
 		window.setTimeout(function(){ 
 			var txtarea = buttonGroup.getTextArea();
 			var selectionRange = txtarea.getSelection().trim();
+			var insert_link = (regExpURI.test( selectionRange ))?window.prompt(lang["bbcode_link_url"], selectionRange):window.prompt(lang["bbcode_link_url"],"https://");
 	
-			var insert_link = (regExpURI.test( selectionRange ))?window.prompt(lang["bbcode_link_url"], selectionRange):window.prompt(lang["bbcode_link_url"],"http://");
-	
-			if (!insert_link || insert_link == '' || insert_link == "http://") 
+			if (!insert_link || insert_link == '' || insert_link == "https://" || insert_link == "http://" || insert_link == "ftp://" || insert_link == "ftps://") 
 				return;
-			if (insert_link.indexOf(forumURI) > 0 && insert_link.indexOf("mode=page") < 0 && insert_link.indexOf("mode=contact") < 0 && regExpFID.test(insert_link)) {
-				var msgQuery = regExpFID.exec(insert_link);
-				link_bb_code = "msg";
-				insert_link = msgQuery[1];
-			}
-			else
-				link_bb_code = "link";
 			
 			if (selectionRange == '' || regExpURI.test( selectionRange )) 
 				selectionRange = window.prompt(lang["bbcode_link_text"], "");
@@ -119,11 +107,11 @@ function BBCodeLinkButton(el) {
 					txtarea.insertTextRange( "["+link_bb_code+"]" + insert_link + "[/"+link_bb_code+"]" );
 			}
 		}, 150);
-    };
+	};
 };
 
 /**
- * Sonderbutton mit Promt-Box
+ * Special button with PROMT option
  * @param el
  * @param quest
  * @param par
@@ -152,7 +140,7 @@ function BBCodePromtButton(el, quest, par) {
 };
 
 /**
- * Sonderbutton - COLOR
+ * Special Color-Picker button
  * @param el
  */
 function BBCodeColorChooserButton(el) {
@@ -190,10 +178,10 @@ function BBCodeColorChooserButton(el) {
 	this.insertOptionCode = function(obj) {
 		if (!this.canInsert()) 
 			return;
-		var buttonGroup = this.getButtonGroup();	
+		var buttonGroup = this.getButtonGroup();
 		var txtarea = buttonGroup.getTextArea();
 		var code = this.getCode();
-		txtarea.insertTextRange( "[" + code + obj.extension + "]" + txtarea.getSelection() + "[/" + code + "]" );			
+		txtarea.insertTextRange( "[" + code + obj.extension + "]" + txtarea.getSelection() + "[/" + code + "]" );
 		buttonGroup.getAdditionalOptionsWindow().enableOptionList(false);
 	};
 	
@@ -203,12 +191,12 @@ function BBCodeColorChooserButton(el) {
 		var buttonGroup = this.getButtonGroup();
 		var objPos = document.getElementPoSi(obj);
 		buttonGroup.getAdditionalOptionsWindow().setOptionList(colorTable);
-		buttonGroup.getAdditionalOptionsWindow().enableOptionList(true, objPos);	
+		buttonGroup.getAdditionalOptionsWindow().enableOptionList(true, objPos);
 	};
 };
 
 /**
- * Sonderbutton mit zusaetzlichen Optionen
+ * Special button which provides additional options e.g. font-size [small large]
  * @param el
  * @param list
  * @param quest
@@ -234,16 +222,17 @@ function BBCodeOptionButton(el, list, quest, par) {
 			return;
 		var buttonGroup = this.getButtonGroup();
 		// Ausnahme INLINECODE
-		var codestart = this.getCode(), codeend = this.getCode();	
+		var codestart = this.getCode(), codeend = this.getCode();
 		window.setTimeout(function(){
 			var txtarea = buttonGroup.getTextArea();
 			var selectionRange = txtarea.getSelection();
-		
-			if (obj.attribute.toLowerCase() == "inlinecode") {
-				codestart = codeend = obj.attribute;
+			
+			if (obj.attribute != null && obj.attribute.trim() != "") {
+				if (obj.attribute.trim().toLowerCase() == "inlinecode")
+					codestart = codeend = obj.attribute;
+				else
+					codestart += "=" + obj.attribute;
 			}
-			if (obj.attribute.trim() && obj.attribute.toLowerCase() != "inlinecode")
-				codestart += "=" + obj.attribute;
 			
 			if (quest && selectionRange == "") {
 				var p = window.prompt(quest, par);
@@ -260,15 +249,15 @@ function BBCodeOptionButton(el, list, quest, par) {
 	this.insertCode = function(obj) {
 		if (!this.canInsert()) 
 			return;
-		var buttonGroup = this.getButtonGroup();	
+		var buttonGroup = this.getButtonGroup();
 		var objPos = document.getElementPoSi(obj);
 		buttonGroup.getAdditionalOptionsWindow().setOptionList(optionList);
-		buttonGroup.getAdditionalOptionsWindow().enableOptionList(true, objPos);	
+		buttonGroup.getAdditionalOptionsWindow().enableOptionList(true, objPos);
 	};
 };
 
 /**
- * Sonderbutton - LIST
+ * Special button to create a LIST
  * @param el
  */
 function BBCodeListButton(el) {
@@ -276,7 +265,7 @@ function BBCodeListButton(el) {
 	this.insertCode = function(obj) {
 		if (!this.canInsert()) 
 			return;
-		var buttonGroup = this.getButtonGroup();	
+		var buttonGroup = this.getButtonGroup();
 		var txtarea = buttonGroup.getTextArea();
 		var selectionRange = txtarea.getSelection();
 		var listStr = "";
@@ -292,7 +281,7 @@ function BBCodeListButton(el) {
 };
 
 /**
- * Sonderbutton - einzelnes Smilies
+ * Special button for emotional icon
  * @param el
  */
 function BBCodeSingleSmilieButton(el) {
@@ -300,7 +289,7 @@ function BBCodeSingleSmilieButton(el) {
 	this.insertCode = function(obj) {
 		if (!this.canInsert()) 
 			return;
-		var buttonGroup = this.getButtonGroup();	
+		var buttonGroup = this.getButtonGroup();
 		var txtarea = buttonGroup.getTextArea();
 		
 		var selectionRange = txtarea.getSelection();
@@ -309,49 +298,42 @@ function BBCodeSingleSmilieButton(el) {
 };
 
 /**
- * Sonderbutton - Smilies
+ * Special button for larger list of emotional icons
  * @param el
  * @param list
  */
 function BBCodeSmilieButton(el, list) {
 	this.constructor(el, list);
 	var self = this;
-	//var smilies = document.createElement("div");
-	var smilies = document.createElementWithAttributes("div", {"id": "additional-smilies"}, null);
+	var smilies = document.createElementWithAttributes("ul", {"id": "additional-smilies"}, null);
 	
 	for (var i=0; i<list.length; i++) {
-		var link = document.createElementWithAttributes("a", {"href": "#", "title": list[i].title, "code": list[i].code, "onclick": function(e) { self.insertOptionCode(this); return false; } }, smilies);
-		link.appendChild( list[i].label );
-		//if ((i+1)%5==0)
-		//	document.createElementWithAttributes("br", {}, smilies);
-		//else
-		//smilies.appendChild( document.createTextNode( String.fromCharCode(32) ) );
+		let item = document.createElementWithAttributes("li",{}, smilies);
+		let btn = document.createElementWithAttributes("button",{"type": "button", "title": list[i].title, "value": list[i].code, "onclick": function(e) { self.insertButtonCode(this); return false; }}, item);
+		btn.appendChild( list[i].label);
 	}
-		
-	this.insertOptionCode = function(obj) {
-		if (!this.canInsert()) 
-			return;
-		var buttonGroup = this.getButtonGroup();	
+	
+	this.insertButtonCode = function(obj) {
+		if (!this.canInsert()) return;
+		var buttonGroup = this.getButtonGroup();
 		var txtarea = buttonGroup.getTextArea();
-		var code = obj.code;
-		txtarea.insertTextRange( txtarea.getSelection() +code + " " );
+		const val = event.target.closest("button").getAttribute("value");
+		txtarea.insertTextRange( txtarea.getSelection() + val + " " );
 		buttonGroup.getAdditionalOptionsWindow().enableOptionList(false);
 	}
 	
 	this.insertCode = function(obj) {
 		if (!this.canInsert()) 
 			return;
-		var buttonGroup = this.getButtonGroup();	
-		//var txtarea = buttonGroup.getTextArea();
-		//selectionRange = txtarea.getSelection();
+		var buttonGroup = this.getButtonGroup();
 		var objPos = document.getElementPoSi(obj);
 		buttonGroup.getAdditionalOptionsWindow().setOptionList(smilies);
-		buttonGroup.getAdditionalOptionsWindow().enableOptionList(true, objPos);	
-	};	
+		buttonGroup.getAdditionalOptionsWindow().enableOptionList(true, objPos);
+	};
 };
 
 /**
- * Sonderbutton mit Zusatzfenster
+ * Special button to open a pop-up
  * @param el
  * @param uri
  * @param width
@@ -386,7 +368,7 @@ BBCodePopUpButton.prototype   = new BBCodeButton;
 BBCodePromtButton.prototype  = new BBCodeButton;
 
 /**
- * ButtonGroup, die allte BB-Code-Button verwaltet
+ * ButtonGroup, which handles the created BB-code buttons
  * @param form
  */
 function ButtonGroup(f) {
@@ -404,8 +386,8 @@ function ButtonGroup(f) {
 	var self = this;
 		
 	/**
-	 * Pruefe das Formaular, ob alle notwendigen Felder ausgefuellt sind!
-	 * return isComplete
+	 * Check form
+	 * return complete
 	 */
 	f.onsubmit = function(e) {
 		var error_message = '';
@@ -427,58 +409,65 @@ function ButtonGroup(f) {
 			return false;
 		}
 		if (document.getElementById('throbber-submit')) {
-			document.getElementById('throbber-submit').classList.remove('js-visibility-hidden'); //style.visibility = 'visible';
+			document.getElementById('throbber-submit').classList.remove('js-visibility-hidden');
 		}
 		return true;
 	};
 	
 	/**
-	 * Wandelt die Smilie-Anleitung in klickbare Elemente um
+	 * Transform introduction (for adding emotional icons) into button elements
 	 */
-	convertInstructionsToSmilies = function() {
+	var convertInstructionsToSmilies = function() {
 		if (!document.getElementById("smiley-bar"))
 			return;
 		var buttonBar = document.getElementById("smiley-bar");
+		
 		if (document.getElementById("smiley-instructions")) {
-			var el = document.getElementById("smiley-instructions").firstChild;
+			let elems = document.getElementById("smiley-instructions").querySelectorAll("div");
 			var obj = null;
 			var list = [];
-			while (el != null) {
-				if (el.nodeName && el.nodeName.toLowerCase() == "dt") {
+			
+			for (const el of elems) {
+				const term = el.querySelector("dt");
+				const desc = el.querySelectorAll("dd");
+				if (term) {
 					obj = {
-						code    : el.firstChild.nodeValue,
-						title   : el.title,
-						classes : el.className,
+						code    : term.textContent,
+						title   : term.getAttribute("title"),
+						classes : term.getAttribute("class"),
 						isSmilie: true,
 						childs  : []
+					};
+				}
+				if (obj && desc) {
+					for (const d of desc) {
+						obj.label = d.firstChild;
+						if (obj.classes.search(/default/) != -1)
+							createSingleButton(obj, buttonBar);
+						else
+							list.push(obj);
+						obj = null;
 					}
 				}
-				else if (obj && el.nodeName && el.nodeName.toLowerCase() == "dd") {
-					obj.label = el.firstChild;
-					if (obj.classes.search(/default/) != -1)
-						createSingleButton(obj, buttonBar);
-					else
-						list.push(obj);
-					obj = null;
-				}				
-				el = el.nextSibling;
 			}
+			
 			if (list && list.length > 0) {
 				obj = {
 					code    : "",
 					title   : lang["more_smilies_title"],
 					label   : lang["more_smilies_label"],
-					classes : "more-smilies",
+					classes : "",
 					isSmilie: true,
 					childs  : list
 				};
-				createSingleButton(obj, buttonBar);
+				if (obj)
+					createSingleButton(obj, buttonBar);
 			}
 		}
 	}
 	
 	/**
-	 * Wandelt die BB-Code-Anleitung in klickbare Elemente um
+	 * Transform introduction (for adding source code) into button elements
 	 */
 	var convertInstructionsToButton = function() {
 		if (!document.getElementById("bbcode-bar"))
@@ -486,38 +475,38 @@ function ButtonGroup(f) {
 		var buttonBar = document.getElementById("bbcode-bar");
 		
 		if (document.getElementById("bbcode-instructions")) {
-			var el = document.getElementById("bbcode-instructions").firstChild;
+			let elems = document.getElementById("bbcode-instructions").querySelectorAll("div");
 			var obj = null;
-
-			while (el != null) {
-				if (el.nodeName && el.nodeName.toLowerCase() == "dt") {
-					if (obj)
-						createSingleButton(obj, buttonBar);
+			
+			for (const el of elems) {
+				const term = el.querySelector("dt");
+				const desc = el.querySelectorAll("dd");
+				if (term) {
 					obj = {
-						code    : el.id,
-						label   : el.title,
-						title   : el.firstChild.nodeValue,
-						classes : el.className,
+						code    : term.getAttribute("id"),
+						label   : term.getAttribute("title"),
+						title   : term.textContent,
+						classes : term.getAttribute("class"),
 						childs  : []
-					}
-
+					};
 				}
-				else if (obj && el.nodeName && el.nodeName.toLowerCase() == "dd") {
-					var attChild = {
-						attribute : el.id,
-						label : el.title
+				if (obj && desc) {
+					for (const d of desc) {
+						var attChild = {
+							attribute : d.getAttribute("id"),
+							label     : d.getAttribute("title")
+						}
+						obj.childs.push(attChild);
 					}
-					obj.childs.push( attChild );
 				}
-				el = el.nextSibling;
+				if (obj)
+					createSingleButton(obj, buttonBar);
 			}
-			if (obj)
-				createSingleButton(obj, buttonBar);
 		}
 	};
 	
 	/**
-	 * Fuegt einen BB-Button dem Dokument hinzu.
+	 * Add a bb code button element to the document
 	 * @param button
 	 * @param isUserButton
 	 */
@@ -542,8 +531,7 @@ function ButtonGroup(f) {
 	}
 	
 	/**
-	 * Erzeugt einen einfachen Klick-Button, der ein SPAN-Element enthaelt
-	 * aus einem spezifischen Objekt
+	 * Creates a simple button, which contains a SPAN element for labeling
 	 * @param obj
 	 * @param buttonBar
 	 */
@@ -566,58 +554,53 @@ function ButtonGroup(f) {
 	};
 	
 	/**
-	 * Erzeugt aus einem normalen Klick-Button ein
-	 * BBCodeButton-Objekt (ggf. mit Zusatzoptionen)
+	 * Transform a normal button element to a bb-code button elemement
+	 *
 	 * @param button
 	 * @param list
 	 * @return button
 	 */
 	var createBBCodeButton = function(button, list) {
 		var bbCodeButton = null;
-		var bname=button&&button.name?button.name.toLowerCase():"";
-		//switch(button.name.toLowerCase()) {
+		var bname = button && button.name ? button.name.toLowerCase() : "";
 		switch(bname) {
 		case "link":
-		bbCodeButton = new BBCodeLinkButton( button );
+			bbCodeButton = new BBCodeLinkButton( button );
 		break;
 		case "img":
-		if (list && list.length > 1)
-		bbCodeButton = new BBCodeOptionButton(button, list, lang["bbcode_image_url"], "http://" );
-		else
-		bbCodeButton = new BBCodePromtButton( button, lang["bbcode_image_url"], "http://" ); 
+			if (list && list.length > 1)
+				bbCodeButton = new BBCodeOptionButton(button, list, lang["bbcode_image_url"], "https://" );
+			else
+				bbCodeButton = new BBCodePromtButton( button, lang["bbcode_image_url"], "https://" );
 		break;
 		case "color":
-		bbCodeButton = new BBCodeColorChooserButton( button );
+			bbCodeButton = new BBCodeColorChooserButton( button );
 		break;
 		case "list":
-		bbCodeButton = new BBCodeListButton( button );
-		break;
-		case "flash":
-		bbCodeButton = new BBCodePopUpButton( button, "index.php?mode=insert_flash", settings["flash_popup_width"], settings["flash_popup_height"]);
+			bbCodeButton = new BBCodeListButton( button );
 		break;
 		case "upload":
-		bbCodeButton = new BBCodePopUpButton( button, "index.php?mode=upload_image", settings["upload_popup_width"], settings["upload_popup_height"]); 
+			bbCodeButton = new BBCodePopUpButton( button, "index.php?mode=upload_image", settings["upload_popup_width"], settings["upload_popup_height"]);
 		break;
 		case "tex":
-		bbCodeButton = new BBCodePromtButton( button, lang["bbcode_tex_code"] ); 
+			bbCodeButton = new BBCodePromtButton( button, lang["bbcode_tex_code"] );
 		break;
 		default:
-		if (button.isSmilie && list && list.length > 0)
-		bbCodeButton = new BBCodeSmilieButton( button, list );
-		else if (button.isSmilie)
-		bbCodeButton = new BBCodeSingleSmilieButton( button );
-		else if (list && list.length > 1) 
-		bbCodeButton = new BBCodeOptionButton( button, list );
-		else
-		bbCodeButton = new BBCodeButton( button );
+			if (button.isSmilie && list && list.length > 0)
+				bbCodeButton = new BBCodeSmilieButton( button, list );
+			else if (button.isSmilie)
+				bbCodeButton = new BBCodeSingleSmilieButton( button );
+			else if (list && list.length > 1) 
+				bbCodeButton = new BBCodeOptionButton( button, list );
+			else
+				bbCodeButton = new BBCodeButton( button );
 		break;
 		}
 		return bbCodeButton;
 	};
-		
-	/** 
-	 * Erzeugt ein Fenster, in dem die Zusatzoptionen
-	 * angezeigt werden koennen
+	
+	/**
+	 * Creates a window to show further options of the clicked button
 	 * @return win
 	 */
 	var createAdditionalOptionsWindow = function() {
@@ -649,10 +632,10 @@ function ButtonGroup(f) {
 			else
 				content.replaceChild(list, content.firstChild);
 		};
-	
+		
 		w.enableOptionList = function(enable, pos) {
 			if (pos) {
-				this.style.left = pos.left + "px"; 
+				this.style.left = pos.left + "px";
 				this.style.top = pos.top + "px";
 			}
 			if (enable)
@@ -662,43 +645,40 @@ function ButtonGroup(f) {
 		};
 		
 		var oldOnKeyPressFunc = window.document.onmousedown;
-		window.document.onkeypress = function(e) { 
-			var keyCode = document.getKeyCode(e);
-			if (keyCode == 27)
-				self.enableOptionList(false);	
-				
+		window.document.onkeypress = function(e) {
+			if (e.key == "Esc")
+				self.enableOptionList(false);
+			
 			if (typeof oldOnKeyPressFunc == "function")
 				oldOnKeyPressFunc(e);
-		}	
+		}
 		
 		return w;
 	};
 	
 	/**
-	 * Sucht nach Button, die der Nutzer
-	 * ins Dokument eingefuegt hat
+	 * Search for added buttons within the document
 	 * @param isSmilie
 	 */
 	var initUserBBCodeButtons = function(isSmilie) {
 		isSmilie = isSmilie || false;
 		hasUserButtons = false;
-		var id = isSmilie?"smiley-bar":"bbcode-bar";
+		var id = isSmilie ? "smiley-bar" : "bbcode-bar";
 		if (!document.getElementById(id)) 
 			return;
 		var userButtons = document.getElementById(id).getElementsByTagName("button");
 		if (userButtons && userButtons.length > 0) {
-			for (var i=0; i<userButtons.length; i++) {
+			var j = userButtons.length;
+			for (var i=0; i<j; i++) {
 				hasUserButtons = true;
 				userButtons[i].isSmilie = isSmilie;
 				addButton(createBBCodeButton(userButtons[i], null), true);
 			}
-		}		
+		}
 	};
 	
 	/**
-	 * Initialisiert die Textarea
-	 * und setzt Funktionen zum Ermitteln 
-	 * des selektierten Textes
+	 *  Init. text area of the posting form
 	 */
 	var initTextArea = function() {
 		// Sichert den (alten) Text in der Area
@@ -707,25 +687,24 @@ function ButtonGroup(f) {
 			textarea.quote = textarea.value;
 			textarea.value = "";
 		}
-			
+		
 		textarea.getQuote = function() {
 			return textarea.quote.trim();
 		}
 		
-		// Zitieren-Link einfuegen
+		// insert the quotation-link
 		if (textarea.getQuote() != "" && document.getElementById("message")) {
-			var labels = document.getElementById("message").getElementsByTagName("label");
-			var label = null;
-			for (var i=0; i<labels.length; i++) { 
-				if (labels[i].className.search(/textarea/) != -1) {
-					label = labels[i];
-					break;
-				}
-			}
+			var label = document.querySelector('label[for="text"]');
 			if (label) {
-				label.appendChild( document.createTextNode( String.fromCharCode(160) ) );
-				var quoteLink = document.createElementWithAttributes("a", {"onclick": function(e) {textarea.value = textarea.getQuote() + "\r\n\r\n" + textarea.value; this.classList.add("js-display-none"); textarea.focus(); return false;}, "id": "insert-quote", "href": window.location.href, "title": lang["quote_title"], "tabIndex": -1 }, label);
-				quoteLink.appendChild( document.createTextNode(lang["quote_label"]) );
+				var quoteButton = document.createElementWithAttributes("button", {"type": "button", "id": "insert-quote", "title": lang["quote_title"], "tabIndex": -1});
+				quoteButton.onclick = function(e) {
+					textarea.value = textarea.getQuote() + "\r\n\r\n" + textarea.value;
+					this.classList.add("js-display-none");
+					textarea.focus();
+					return false;
+				};
+				quoteButton.appendChild( document.createTextNode(lang["quote_label"]) )
+				label.parentNode.insertBefore(quoteButton, label.nextSibling);
 			}
 		}
 		
@@ -765,15 +744,15 @@ function ButtonGroup(f) {
 	};
 	
 	/**
-	 * Liefert die Textarea
+	 * Returns the text area of the form
 	 * @return area
 	 */
 	this.getTextArea = function() {
 		return textarea;
-	};	
+	};
 	
 	/**
-	 * Liefert das Option-Window
+	 * Returns the property window of the button
 	 * @return win
 	 */
 	this.getAdditionalOptionsWindow = function() {
@@ -788,20 +767,19 @@ function ButtonGroup(f) {
 		link.onclick = function(e) {
 			document.cookie = settings["session_prefix"]+'userdata=; expires=Thu, 01-Jan-70 00:00:01 GMT;';
 			span.innerHTML = "";
-                        if(f.elements["setcookie"]) f.elements["setcookie"].checked = false;
+			if(f.elements["setcookie"]) f.elements["setcookie"].checked = false;
 			return false;
-		};		
+		};
+	};
+	
+	var removeIntroductionElements = function() {
+		if (document.getElementById("formatting-help")) {
+			var el = document.getElementById("formatting-help");
+			el.classList.add('js-display-none');
+		}
 	};
 
-	/**
-	 * Initialisiert ButtonGroup
-	 *
-	 */
 	(function() {
-		if (document.getElementById("bbcode-instructions"))
-			document.getElementById("bbcode-instructions").classList.add("js-display-none");
-		if (document.getElementById("smiley-instructions"))
-			document.getElementById("smiley-instructions").classList.add("js-display-none");
 		additionalOptionsWindow = createAdditionalOptionsWindow();
 		// Erzeuge Textarea
 		initTextArea();
@@ -811,10 +789,12 @@ function ButtonGroup(f) {
 		initUserBBCodeButtons(true);
 		convertInstructionsToSmilies();
 		initDeleteCookieLink();
+		// entferne die Introduction-Elemente zur Definition der Button
+		removeIntroductionElements();
 	}());
 }
 
-window.ready.push(function() {
+document.addEventListener("DOMContentLoaded", function(e) {
 	if (typeof settings == "object" && typeof lang == "object") 
 		new ButtonGroup( document.getElementById("postingform") );
 });

modules/b8/b8.php

@@ -0,0 +1,407 @@
+<?php
+
+/* Copyright (C) 2006-2019 Tobias Leupold <tobias.leupold@gmx.de>
+
+   b8 - A statistical ("Bayesian") spam filter written in PHP
+
+   This program is free software; you can redistribute it and/or modify it
+   under the terms of the GNU Lesser General Public License as published by
+   the Free Software Foundation in version 2.1 of the License.
+
+   This program is distributed in the hope that it will be useful, but
+   WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+   or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+   License for more details.
+
+   You should have received a copy of the GNU Lesser General Public License
+   along with this program; if not, write to the Free Software Foundation,
+   Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA.
+*/
+
+/**
+ * The b8 spam filter library
+ *
+ * @license LGPL 2.1
+ * @package b8
+ * @author Tobias Leupold <tobias.leupold@gmx.de>
+ * @author Oliver Lillie <ollie@buggedcom.co.uk> (original PHP 5 port)
+ */
+
+namespace b8;
+
+spl_autoload_register(
+    function ($class) {
+		$parts = explode('\\', $class);
+		if (count($parts) > 2 && $parts[0] == 'b8') {
+			require_once __DIR__ . DIRECTORY_SEPARATOR . $parts[1]
+                     . DIRECTORY_SEPARATOR . $parts[2] . '.php';
+		}
+    }
+);
+
+class b8
+{
+    const DBVERSION = 3;
+
+    const SPAM    = 'spam';
+    const HAM     = 'ham';
+    const LEARN   = 'learn';
+    const UNLEARN = 'unlearn';
+
+    const CLASSIFIER_TEXT_MISSING = 'CLASSIFIER_TEXT_MISSING';
+
+    const TRAINER_TEXT_MISSING     = 'TRAINER_TEXT_MISSING';
+    const TRAINER_CATEGORY_MISSING = 'TRAINER_CATEGORY_MISSING';
+    const TRAINER_CATEGORY_FAIL    = 'TRAINER_CATEGORY_FAIL';
+
+    const INTERNALS_TEXTS     = 'b8*texts';
+    const INTERNALS_DBVERSION = 'b8*dbversion';
+
+    const KEY_DB_VERSION = 'dbversion';
+    const KEY_COUNT_HAM  = 'count_ham';
+    const KEY_COUNT_SPAM = 'count_spam';
+    const KEY_TEXTS_HAM  = 'texts_ham';
+    const KEY_TEXTS_SPAM = 'texts_spam';
+
+    private $config = [ 'lexer'        => 'standard',
+                        'degenerator'  => 'standard',
+                        'storage'      => 'dba',
+                        'use_relevant' => 15,
+                        'min_dev'      => 0.2,
+                        'rob_s'        => 0.3,
+                        'rob_x'        => 0.5 ];
+
+    private $storage     = null;
+    private $lexer       = null;
+    private $degenerator = null;
+    private $token_data  = null;
+
+    /**
+     * Constructs b8
+     *
+     * @access public
+     * @param array b8's configuration: [ 'lexer'        => string,
+                                          'degenerator'  => string,
+                                          'storage'      => string,
+                                          'use_relevant' => int,
+                                          'min_dev'      => float,
+                                          'rob_s'        => float,
+                                          'rob_x'        => float ]
+     * @param array The storage backend's config (depending on the backend used)
+     * @param array The lexer's config (depending on the lexer used)
+     * @param array The degenerator's config (depending on the degenerator used)
+     * @return void
+     */
+    function __construct(array $config             = [],
+                         array $config_storage     = [],
+                         array $config_lexer       = [],
+                         array $config_degenerator = [])
+    {
+        // Validate config data
+        foreach ($config as $name => $value) {
+            switch ($name) {
+                case 'min_dev':
+                case 'rob_s':
+                case 'rob_x':
+                    $this->config[$name] = (float) $value;
+                    break;
+                case 'use_relevant':
+                    $this->config[$name] = (int) $value;
+                    break;
+                case 'lexer':
+                case 'degenerator':
+                case 'storage':
+                    $this->config[$name] = (string) $value;
+                    break;
+                default:
+                    throw new \Exception(b8::class . ": Unknown configuration key: \"$name\"");
+            }
+        }
+
+        // Setup the degenerator class
+        $class = '\\b8\\degenerator\\' . $this->config['degenerator'];
+        $this->degenerator = new $class($config_degenerator);
+
+        // Setup the lexer class
+        $class = '\\b8\\lexer\\' . $this->config['lexer'];
+        $this->lexer = new $class($config_lexer);
+
+        // Setup the storage backend
+        $class = '\\b8\\storage\\' . $this->config['storage'];
+        $this->storage = new $class($config_storage, $this->degenerator);
+    }
+
+    /**
+     * Classifies a text
+     *
+     * @access public
+     * @param string The text to classify
+     * @return mixed float The rating between 0 (ham) and 1 (spam) or an error code
+     */
+    public function classify(string $text = null)
+    {
+        // Let's first see if the user called the function correctly
+        if ($text === null) {
+            return \b8\b8::CLASSIFIER_TEXT_MISSING;
+        }
+
+        // Get the internal database variables, containing the number of ham and spam texts so the
+        // spam probability can be calculated in relation to them
+        $internals = $this->storage->get_internals();
+
+        // Calculate the spaminess of all tokens
+
+        // Get all tokens we want to rate
+        $tokens = $this->lexer->get_tokens($text);
+
+        // Check if the lexer failed (if so, $tokens will be a lexer error code, if not, $tokens
+        //  will be an array)
+        if (! is_array($tokens)) {
+            return $tokens;
+        }
+
+        // Fetch all available data for the token set from the database
+        $this->token_data = $this->storage->get(array_keys($tokens));
+
+        // Calculate the spaminess and importance for each token (or a degenerated form of it)
+
+        $word_count = [];
+        $rating     = [];
+        $importance = [];
+
+        foreach ($tokens as $word => $count) {
+            $word_count[$word] = $count;
+
+            // Although we only call this function only here ... let's do the calculation stuff in a
+            // function to make this a bit less confusing ;-)
+            $rating[$word] = $this->get_probability($word, $internals);
+            $importance[$word] = abs(0.5 - $rating[$word]);
+        }
+
+        // Order by importance
+        arsort($importance);
+        reset($importance);
+
+        // Get the most interesting tokens (use all if we have less than the given number)
+        $relevant = [];
+        for ($i = 0; $i < $this->config['use_relevant']; $i++) {
+            if ($token = key($importance)) {
+                // Important tokens remain
+
+                // If the token's rating is relevant enough, use it
+                if (abs(0.5 - $rating[$token]) > $this->config['min_dev']) {
+                    // Tokens that appear more than once also count more than once
+                    for ($x = 0, $l = $word_count[$token]; $x < $l; $x++) {
+                        array_push($relevant, $rating[$token]);
+                    }
+                }
+            } else {
+                // We have less words as we want to use, so we already use what we have and can
+                // break here
+                break;
+            }
+
+            next($importance);
+        }
+
+        // Calculate the spaminess of the text (thanks to Mr. Robinson ;-)
+
+        // We set both haminess and spaminess to 1 for the first multiplying
+        $haminess  = 1;
+        $spaminess = 1;
+
+        // Consider all relevant ratings
+        foreach ($relevant as $value) {
+            $haminess  *= (1.0 - $value);
+            $spaminess *= $value;
+        }
+
+        // If no token was good for calculation, we really don't know how to rate this text, so
+        // we can return 0.5 without further calculations.
+        if ($haminess == 1 && $spaminess == 1) {
+            return 0.5;
+        }
+
+        // Calculate the combined rating
+
+        // Get the number of relevant ratings
+        $n = count($relevant);
+
+        // The actual haminess and spaminess
+        $haminess  = 1 - pow($haminess,  (1 / $n));
+        $spaminess = 1 - pow($spaminess, (1 / $n));
+
+        // Calculate the combined indicator
+        $probability = ($haminess - $spaminess) / ($haminess + $spaminess);
+
+        // We want a value between 0 and 1, not between -1 and +1, so ...
+        $probability = (1 + $probability) / 2;
+
+        // Alea iacta est
+        return $probability;
+    }
+
+    /**
+     * Calculate the spaminess of a single token also considering "degenerated" versions
+     *
+     * @access private
+     * @param string The word to rate
+     * @param array The "internals" array
+     * @return float The word's rating
+     */
+    private function get_probability(string $word, array $internals)
+    {
+        // Let's see what we have!
+        if (isset($this->token_data['tokens'][$word])) {
+            // The token is in the database, so we can use it's data as-is and calculate the
+            // spaminess of this token directly
+            return $this->calculate_probability($this->token_data['tokens'][$word], $internals);
+        }
+
+        // The token was not found, so do we at least have similar words?
+        if (isset($this->token_data['degenerates'][$word])) {
+            // We found similar words, so calculate the spaminess for each one and choose the most
+            // important one for the further calculation
+
+            // The default rating is 0.5 simply saying nothing
+            $rating = 0.5;
+
+            foreach ($this->token_data['degenerates'][$word] as $degenerate => $count) {
+                // Calculate the rating of the current degenerated token
+                $rating_tmp = $this->calculate_probability($count, $internals);
+
+                // Is it more important than the rating of another degenerated version?
+                if(abs(0.5 - $rating_tmp) > abs(0.5 - $rating)) {
+                    $rating = $rating_tmp;
+                }
+            }
+
+            return $rating;
+        } else {
+            // The token is really unknown, so choose the default rating for completely unknown
+            // tokens. This strips down to the robX parameter so we can cheap out the freaky math
+            // ;-)
+            return $this->config['rob_x'];
+        }
+    }
+
+    /**
+     * Do the actual spaminess calculation of a single token
+     *
+     * @access private
+     * @param array The token's data [ \b8\b8::KEY_COUNT_HAM  => int,
+                                       \b8\b8::KEY_COUNT_SPAM => int ]
+     * @param array The "internals" array
+     * @return float The rating
+     */
+    private function calculate_probability(array $data, array $internals)
+    {
+        // Calculate the basic probability as proposed by Mr. Graham
+
+        // But: consider the number of ham and spam texts saved instead of the number of entries
+        // where the token appeared to calculate a relative spaminess because we count tokens
+        // appearing multiple times not just once but as often as they appear in the learned texts.
+
+        $rel_ham = $data[\b8\b8::KEY_COUNT_HAM];
+        $rel_spam = $data[\b8\b8::KEY_COUNT_SPAM];
+
+        if ($internals[\b8\b8::KEY_TEXTS_HAM] > 0) {
+            $rel_ham = $data[\b8\b8::KEY_COUNT_HAM] / $internals[\b8\b8::KEY_TEXTS_HAM];
+        }
+
+        if ($internals[\b8\b8::KEY_TEXTS_SPAM] > 0) {
+            $rel_spam = $data[\b8\b8::KEY_COUNT_SPAM] / $internals[\b8\b8::KEY_TEXTS_SPAM];
+        }
+
+        $rating = $rel_spam / ($rel_ham + $rel_spam);
+
+        // Calculate the better probability proposed by Mr. Robinson
+        $all = $data[\b8\b8::KEY_COUNT_HAM] + $data[\b8\b8::KEY_COUNT_SPAM];
+        return (($this->config['rob_s'] * $this->config['rob_x']) + ($all * $rating))
+               / ($this->config['rob_s'] + $all);
+    }
+
+    /**
+     * Check the validity of the category of a request
+     *
+     * @access private
+     * @param string The category
+     * @return void
+     */
+    private function check_category(string $category)
+    {
+        return $category === \b8\b8::HAM || $category === \b8\b8::SPAM;
+    }
+
+    /**
+     * Learn a reference text
+     *
+     * @access public
+     * @param string The text to learn
+     * @param string Either b8::SPAM or b8::HAM
+     * @return mixed void or an error code
+     */
+    public function learn(string $text = null, string $category = null)
+    {
+        // Let's first see if the user called the function correctly
+        if ($text === null) {
+            return \b8\b8::TRAINER_TEXT_MISSING;
+        }
+        if ($category === null) {
+            return \b8\b8::TRAINER_CATEGORY_MISSING;
+        }
+
+        return $this->process_text($text, $category, \b8\b8::LEARN);
+    }
+
+    /**
+     * Unlearn a reference text
+     *
+     * @access public
+     * @param string The text to unlearn
+     * @param string Either b8::SPAM or b8::HAM
+     * @return mixed void or an error code
+     */
+    public function unlearn(string $text = null, string $category = null)
+    {
+        // Let's first see if the user called the function correctly
+        if ($text === null) {
+            return \b8\b8::TRAINER_TEXT_MISSING;
+        }
+        if ($category === null) {
+            return \b8\b8::TRAINER_CATEGORY_MISSING;
+        }
+
+        return $this->process_text($text, $category, \b8\b8::UNLEARN);
+    }
+
+    /**
+     * Does the actual interaction with the storage backend for learning or unlearning texts
+     *
+     * @access private
+     * @param string The text to process
+     * @param string Either b8::SPAM or b8::HAM
+     * @param string Either b8::LEARN or b8::UNLEARN
+     * @return mixed void or an error code
+     */
+    private function process_text(string $text, string $category, string $action)
+    {
+        // Look if the request is okay
+        if (! $this->check_category($category)) {
+            return \b8\b8::TRAINER_CATEGORY_FAIL;
+        }
+
+        // Get all tokens from $text
+        $tokens = $this->lexer->get_tokens($text);
+
+        // Check if the lexer failed (if so, $tokens will be a lexer error code, if not, $tokens
+        //  will be an array)
+        if (! is_array($tokens)) {
+            return $tokens;
+        }
+
+        // Pass the tokens and what to do with it to the storage backend
+        return $this->storage->process_text($tokens, $category, $action);
+    }
+
+}

modules/b8/degenerator/standard.php

@@ -0,0 +1,176 @@
+<?php
+
+/* Copyright (C) 2006-2019 Tobias Leupold <tobias.leupold@gmx.de>
+
+   This file is part of the b8 package
+
+   This program is free software; you can redistribute it and/or modify it
+   under the terms of the GNU Lesser General Public License as published by
+   the Free Software Foundation in version 2.1 of the License.
+
+   This program is distributed in the hope that it will be useful, but
+   WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+   or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+   License for more details.
+
+   You should have received a copy of the GNU Lesser General Public License
+   along with this program; if not, write to the Free Software Foundation,
+   Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA.
+*/
+
+/**
+ * A helper class to derive simplified tokens
+ *
+ * @license LGPL 2.1
+ * @package b8
+ * @author Tobias Leupold <tobias.leupold@gmx.de>
+ */
+
+namespace b8\degenerator;
+
+class standard
+{
+    public $config = [ 'multibyte' => true,
+                       'encoding'  => 'UTF-8' ];
+
+    public $degenerates = [];
+
+    /**
+     * Constructs the degenerator.
+     *
+     * @access public
+     * @param array $config The configuration: [ 'multibyte' => bool,
+                                                 'encoding'  => string ]
+     * @return void
+     */
+    public function __construct(array $config)
+    {
+        // Validate config data
+        foreach ($config as $name => $value) {
+            switch($name) {
+                case 'multibyte':
+                    $this->config[$name] = (bool) $value;
+                    break;
+                case 'encoding':
+                    $this->config[$name] = (string) $value;
+                    break;
+                default:
+                    throw new \Exception(standard::class . ": Unknown configuration key: "
+                                         . "\"$name\"");
+            }
+        }
+    }
+
+    /**
+     * Generates a list of "degenerated" words for a list of words.
+     *
+     * @access public
+     * @param array $words The words to degenerate
+     * @return array An array containing an array of degenerated tokens for each token
+     */
+    public function degenerate(array $words)
+    {
+        $degenerates = [];
+
+        foreach ($words as $word) {
+            $degenerates[$word] = $this->degenerate_word($word);
+        }
+
+        return $degenerates;
+    }
+
+    /**
+     * Remove duplicates from a list of degenerates of a word.
+     *
+     * @access private
+     * @param string $word The word
+     * @param array $list The list to process
+     * @return array The list without duplicates
+     */
+    private function delete_duplicates(string $word, array $list)
+    {
+        $list_processed = [];
+
+        // Check each upper/lower version
+        foreach ($list as $alt_word) {
+            if ($alt_word != $word) {
+                array_push($list_processed, $alt_word);
+            }
+        }
+
+        return $list_processed;
+    }
+
+    /**
+     * Builds a list of "degenerated" versions of a word.
+     *
+     * @access private
+     * @param string $word The word
+     * @return array An array of degenerated words
+     */
+    private function degenerate_word(string $word)
+    {
+        // Check for any stored words so the process doesn't have to repeat
+        if (isset($this->degenerates[$word]) === true) {
+            return $this->degenerates[$word];
+        }
+
+        // Create different versions of upper and lower case
+        if ($this->config['multibyte'] === false) {
+            // The standard upper/lower versions
+            $lower = strtolower($word);
+            $upper = strtoupper($word);
+            $first = substr($upper, 0, 1) . substr($lower, 1, strlen($word));
+        } elseif ($this->config['multibyte'] === true) {
+            // The multibyte upper/lower versions
+            $lower = mb_strtolower($word, $this->config['encoding']);
+            $upper = mb_strtoupper($word, $this->config['encoding']);
+            $first = mb_substr($upper, 0, 1, $this->config['encoding'])
+                     . mb_substr($lower, 1, mb_strlen($word), $this->config['encoding']);
+        }
+
+        // Add the versions
+        $upper_lower = [];
+        array_push($upper_lower, $lower);
+        array_push($upper_lower, $upper);
+        array_push($upper_lower, $first);
+
+        // Delete duplicate upper/lower versions
+        $degenerate = $this->delete_duplicates($word, $upper_lower);
+
+        // Append the original word
+        array_push($degenerate, $word);
+
+        // Degenerate all versions
+        foreach ($degenerate as $alt_word) {
+            // Look for stuff like !!! and ???
+            if (preg_match('/[!?]$/', $alt_word) > 0) {
+                // Add versions with different !s and ?s
+                if (preg_match('/[!?]{2,}$/', $alt_word) > 0) {
+                    $tmp = preg_replace('/([!?])+$/', '$1', $alt_word);
+                    array_push($degenerate, $tmp);
+                }
+
+                $tmp = preg_replace('/([!?])+$/', '', $alt_word);
+                array_push($degenerate, $tmp);
+            }
+
+            // Look for "..." at the end of the word
+            $alt_word_int = $alt_word;
+            while (preg_match('/[\.]$/', $alt_word_int) > 0) {
+                $alt_word_int = substr($alt_word_int, 0, strlen($alt_word_int) - 1);
+                array_push($degenerate, $alt_word_int);
+            }
+        }
+
+        // Some degenerates are the same as the original word. These don't have to be fetched, so we
+        // create a new array with only new tokens
+        $degenerate = $this->delete_duplicates($word, $degenerate);
+
+        // Store the list of degenerates for the token to prevent unnecessary re-processing
+        $this->degenerates[$word] = $degenerate;
+
+        return $degenerate;
+    }
+
+}

modules/b8/lexer/standard.php

@@ -0,0 +1,267 @@
+<?php
+
+/* Copyright (C) 2006-2019 Tobias Leupold <tobias.leupold@gmx.de>
+
+   This file is part of the b8 package
+
+   This program is free software; you can redistribute it and/or modify it
+   under the terms of the GNU Lesser General Public License as published by
+   the Free Software Foundation in version 2.1 of the License.
+
+   This program is distributed in the hope that it will be useful, but
+   WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+   or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+   License for more details.
+
+   You should have received a copy of the GNU Lesser General Public License
+   along with this program; if not, write to the Free Software Foundation,
+   Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA.
+*/
+
+/**
+ * A helper class to disassemble a text to tokens
+ *
+ * @license LGPL 2.1
+ * @package b8
+ * @author Tobias Leupold <tobias.leupold@gmx.de>
+ * @author Oliver Lillie <ollie@buggedcom.co.uk> (original PHP 5 port)
+ */
+
+namespace b8\lexer;
+
+class standard
+{
+    const LEXER_TEXT_NOT_STRING = 'LEXER_TEXT_NOT_STRING';
+    const LEXER_TEXT_EMPTY      = 'LEXER_TEXT_EMPTY';
+
+    const LEXER_NO_TOKENS = 'b8*no_tokens';
+
+    private $config = [ 'min_size'      => 3,
+                        'max_size'      => 30,
+                        'get_uris'      => true,
+                        'get_html'      => true,
+                        'get_bbcode'    => false,
+                        'allow_numbers' => false ];
+
+    private $tokens         = null;
+    private $processed_text = null;
+
+    // The regular expressions we use to split the text to tokens
+    private $regexp = [ 'raw_split' => '/[\s,\.\/"\:;\|<>\-_\[\]{}\+=\)\(\*\&\^%]+/',
+                        'ip'        => '/([A-Za-z0-9\_\-\.]+)/',
+                        'uris'      => '/([A-Za-z0-9\_\-]*\.[A-Za-z0-9\_\-\.]+)/',
+                        'html'      => '/(<.+?>)/',
+                        'bbcode'    => '/(\[.+?\])/',
+                        'tagname'   => '/(.+?)\s/',
+                        'numbers'   => '/^[0-9]+$/' ];
+
+    /**
+     * Constructs the lexer.
+     *
+     * @access public
+     * @param array $config The configuration: [ 'min_size'      => int,
+     *                                           'max_size'      => int,
+     *                                           'get_uris'      => bool,
+     *                                           'get_html'      => bool,
+     *                                           'get_bbcode'    => bool,
+     *                                           'allow_numbers' => bool ]
+     * @return void
+     */
+    function __construct(array $config)
+    {
+        // Validate config data
+        foreach ($config as $name=>$value) {
+            switch ($name) {
+                case 'min_size':
+                case 'max_size':
+                    $this->config[$name] = (int) $value;
+                    break;
+                case 'allow_numbers':
+                case 'get_uris':
+                case 'get_html':
+                case 'get_bbcode':
+                    $this->config[$name] = (bool) $value;
+                    break;
+                default:
+                    throw new \Exception(standard::class . ": Unknown configuration key: "
+                                         . "\"$name\"");
+            }
+        }
+    }
+
+    /**
+     * Splits a text to tokens.
+     *
+     * @access public
+     * @param string $text The text to disassemble
+     * @return mixed Returns a list of tokens or an error code
+     */
+    public function get_tokens(string $text)
+    {
+        // Check if we actually have a string ...
+        if (is_string($text) === false) {
+            return self::LEXER_TEXT_NOT_STRING;
+        }
+
+        // ... and if it's empty
+        if (empty($text) === true) {
+            return self::LEXER_TEXT_EMPTY;
+        }
+
+        // Re-convert the text to the original characters coded in UTF-8, as they have been coded in
+        // html entities during the post process
+        $this->processed_text = html_entity_decode($text, ENT_QUOTES, 'UTF-8');
+
+        // Reset the token list
+        $this->tokens = array();
+
+        if ($this->config['get_uris'] === true) {
+            // Get URIs
+            $this->get_uris($this->processed_text);
+        }
+
+        if ($this->config['get_html'] === true) {
+            // Get HTML
+            $this->get_markup($this->processed_text, $this->regexp['html']);
+        }
+
+        if ($this->config['get_bbcode'] === true) {
+            // Get BBCode
+            $this->get_markup($this->processed_text, $this->regexp['bbcode']);
+        }
+
+        // We always want to do a raw split of the (remaining) text, so:
+        $this->raw_split($this->processed_text);
+
+        // Be sure not to return an empty array
+        if (count($this->tokens) == 0) {
+            $this->tokens[self::LEXER_NO_TOKENS] = 1;
+        }
+
+        // Return a list of all found tokens
+        return $this->tokens;
+    }
+
+    /**
+     * Validates a token.
+     *
+     * @access private
+     * @param string $token The token string
+     * @return bool Returns true if the token is valid, otherwise returns false.
+     */
+    private function is_valid(string $token)
+    {
+        // Just to be sure that the token's name won't collide with b8's internal variables
+        if (substr($token, 0, 3) == 'b8*') {
+            return false;
+        }
+
+        // Validate the size of the token
+        $len = strlen($token);
+        if ($len < $this->config['min_size'] || $len > $this->config['max_size']) {
+            return false;
+        }
+
+        // We may want to exclude pure numbers
+        if ($this->config['allow_numbers'] === false
+            && preg_match($this->regexp['numbers'], $token) > 0) {
+
+            return false;
+        }
+
+        // Token is okay
+        return true;
+    }
+
+    /**
+     * Checks the validity of a token and adds it to the token list if it's valid.
+     *
+     * @access private
+     * @param string $token
+     * @param string $word_to_remove Word to remove from the processed string
+     * @return void
+     */
+    private function add_token(string $token, string $word_to_remove = null)
+    {
+        // Check the validity of the token
+        if (! $this->is_valid($token)) {
+            return;
+        }
+
+        // Add it to the list or increase it's counter
+        if (! isset($this->tokens[$token])) {
+            $this->tokens[$token] = 1;
+        } else {
+            $this->tokens[$token] += 1;
+        }
+
+        // If requested, remove the word or it's original version from the text
+        if ($word_to_remove !== null) {
+            $this->processed_text = str_replace($word_to_remove, '', $this->processed_text);
+        }
+    }
+
+    /**
+     * Gets URIs.
+     *
+     * @access private
+     * @param string $text
+     * @return void
+     */
+    private function get_uris(string $text)
+    {
+        // Find URIs
+        preg_match_all($this->regexp['uris'], $text, $raw_tokens);
+        foreach ($raw_tokens[1] as $word) {
+            // Remove a possible trailing dot
+            $word = rtrim($word, '.');
+            // Try to add the found tokens to the list
+            $this->add_token($word, $word);
+            // Also process the parts of the found URIs
+            $this->raw_split($word);
+        }
+    }
+
+    /**
+     * Gets HTML or BBCode markup, depending on the regexp used.
+     *
+     * @access private
+     * @param string $text
+     * @param string $regexp
+     * @return void
+     */
+    private function get_markup(string $text, string $regexp)
+    {
+        // Search for the markup
+        preg_match_all($regexp, $text, $raw_tokens);
+        foreach ($raw_tokens[1] as $word) {
+            $actual_word = $word;
+
+            // If the tag has parameters, just use the tag itself
+            if (strpos($word, ' ') !== false) {
+                preg_match($this->regexp['tagname'], $word, $match);
+                $actual_word = $match[1];
+                $word = "$actual_word..." . substr($word, -1);
+            }
+
+            // Try to add the found tokens to the list
+            $this->add_token($word, $actual_word);
+        }
+    }
+
+    /**
+     * Does a raw split.
+     *
+     * @access private
+     * @param string $text
+     * @return void
+     */
+    private function raw_split(string $text)
+    {
+        foreach (preg_split($this->regexp['raw_split'], $text) as $word) {
+            // Check the word and add it to the token list if it's valid
+            $this->add_token($word);
+        }
+    }
+
+}

modules/b8/storage/mysql.php

@@ -0,0 +1,110 @@
+<?php
+
+/* Copyright (C) 2019 Tobias Leupold <tobias.leupold@gmx.de>
+
+   This file is part of the b8 package
+
+   This program is free software; you can redistribute it and/or modify it
+   under the terms of the GNU Lesser General Public License as published by
+   the Free Software Foundation in version 2.1 of the License.
+
+   This program is distributed in the hope that it will be useful, but
+   WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+   or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+   License for more details.
+
+   You should have received a copy of the GNU Lesser General Public License
+   along with this program; if not, write to the Free Software Foundation,
+   Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA.
+*/
+
+namespace b8\storage;
+
+/**
+ * A MySQL storage backend
+ *
+ * @license LGPL 2.1
+ * @package b8
+ * @author Tobias Leupold <tobias.leupold@gmx.de>
+ */
+
+class mysql extends storage_base
+{
+
+    private $mysql = null;
+    private $table = null;
+
+    protected function setup_backend(array $config)
+    {
+        if (! isset($config['resource'])
+            || get_class($config['resource']) !== 'mysqli') {
+
+            throw new \Exception(mysql::class . ": No valid mysqli object passed");
+        }
+        $this->mysql = $config['resource'];
+
+        if (! isset($config['table'])) {
+            throw new \Exception(mysql::class . ": No b8 wordlist table name passed");
+        }
+        $this->table = $config['table'];
+    }
+
+    protected function fetch_token_data(array $tokens)
+    {
+        $data = [];
+
+        $escaped = [];
+        foreach ($tokens as $token) {
+            $escaped[] = $this->mysql->real_escape_string($token);
+        }
+        $result = $this->mysql->query('SELECT token, count_ham, count_spam'
+                                      . ' FROM ' . $this->table
+                                      . ' WHERE token IN '
+                                      . "('" . implode("','", $escaped) . "')");
+
+        while ($row = $result->fetch_row()) {
+            $data[$row[0]] = [ \b8\b8::KEY_COUNT_HAM  => $row[1],
+                               \b8\b8::KEY_COUNT_SPAM => $row[2] ];
+        }
+
+        $result->free_result();
+
+        return $data;
+    }
+
+    protected function add_token(string $token, array $count)
+    {
+        $query = $this->mysql->prepare('INSERT INTO ' . $this->table
+                                       . '(token, count_ham, count_spam) VALUES(?, ?, ?)');
+        $query->bind_param('sii', $token, $count[\b8\b8::KEY_COUNT_HAM],
+                                          $count[\b8\b8::KEY_COUNT_SPAM]);
+        $query->execute();
+    }
+
+    protected function update_token(string $token, array $count)
+    {
+        $query = $this->mysql->prepare('UPDATE ' . $this->table
+                                       . ' SET count_ham = ?, count_spam = ? WHERE token = ?');
+        $query->bind_param('iis', $count[\b8\b8::KEY_COUNT_HAM], $count[\b8\b8::KEY_COUNT_SPAM],
+                                  $token);
+        $query->execute();
+    }
+
+    protected function delete_token(string $token)
+    {
+        $query = $this->mysql->prepare('DELETE FROM ' . $this->table . ' WHERE token = ?');
+        $query->bind_param('s', $token);
+        $query->execute();
+    }
+
+    protected function start_transaction()
+    {
+        $this->mysql->begin_transaction();
+    }
+
+    protected function finish_transaction()
+    {
+        $this->mysql->commit();
+    }
+
+}

modules/b8/storage/storage_base.php

@@ -0,0 +1,316 @@
+<?php
+
+/* Copyright (C) 2006-2019 Tobias Leupold <tobias.leupold@gmx.de>
+
+   This file is part of the b8 package
+
+   This program is free software; you can redistribute it and/or modify it
+   under the terms of the GNU Lesser General Public License as published by
+   the Free Software Foundation in version 2.1 of the License.
+
+   This program is distributed in the hope that it will be useful, but
+   WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+   or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+   License for more details.
+
+   You should have received a copy of the GNU Lesser General Public License
+   along with this program; if not, write to the Free Software Foundation,
+   Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA.
+*/
+
+/**
+ * Abstract base class for storage backends
+ *
+ * @license LGPL 2.1
+ * @package b8
+ * @author Tobias Leupold <tobias.leupold@gmx.de>
+ */
+
+namespace b8\storage;
+
+abstract class storage_base
+{
+    protected $degenerator = null;
+
+    /**
+     * Sets up the backend
+     *
+     * @access public
+     * @param array The configuration for the respective backend
+     */
+    abstract protected function setup_backend(array $config);
+
+    /**
+     * Does the actual interaction with the database when fetching data
+     *
+     * @access protected
+     * @param array $tokens List of token names to fetch
+     * @return mixed Returns an array of the returned data in the format array(token => data)
+               or an empty array if there was no data.
+     */
+    abstract protected function fetch_token_data(array $tokens);
+
+    /**
+     * Stores a new token to the database
+     *
+     * @access protected
+     * @param string $token The token's name
+     * @param array $count The ham and spam counters [ \b8\b8::KEY_COUNT_HAM => int,
+                                                       \b8\b8::KEY_COUNT_SPAM => int ]
+     * @return bool true on success or false on failure
+     */
+    abstract protected function add_token(string $token, array $count);
+
+    /**
+     * Updates an existing token
+     *
+     * @access protected
+     * @param string $token The token's name
+     * @param array $count The ham and spam counters [ \b8\b8::KEY_COUNT_HAM => int,
+                                                       \b8\b8::KEY_COUNT_SPAM => int ]
+     * @return bool true on success or false on failure
+     */
+    abstract protected function update_token(string $token, array $count);
+
+    /**
+     * Removes a token from the database
+     *
+     * @access protected
+     * @param string $token The token's name
+     * @return bool true on success or false on failure
+     */
+    abstract protected function delete_token(string $token);
+
+    /**
+     * Starts a transaction (if the underlying database supports/needs this)
+     *
+     * @access protected
+     * @return void
+     */
+    abstract protected function start_transaction();
+
+    /**
+     * Finishes a transaction (if the underlying database supports/needs this)
+     *
+     * @access protected
+     * @return void
+     */
+    abstract protected function finish_transaction();
+
+    /**
+     * Passes the degenerator to the instance and calls the backend setup
+     *
+     * @access public
+     * @param array The respective backen's configuration
+     * @param object The degenerator to use
+     * @return void
+     */
+    public function __construct(array $config, object $degenerator)
+    {
+        $this->degenerator = $degenerator;
+        $this->setup_backend($config);
+
+        $internals = $this->get_internals();
+        if (! isset($internals[\b8\b8::KEY_DB_VERSION])
+            || $internals[\b8\b8::KEY_DB_VERSION] !== \b8\b8::DBVERSION) {
+
+            throw new \Exception(storage_base::class . ': The connected database is not a b8 v'
+                                 . \b8\b8::DBVERSION . ' database.');
+        }
+    }
+
+    /**
+     * Get the database's internal variables.
+     *
+     * @access public
+     * @return array Returns an array of all internals.
+     */
+    public function get_internals()
+    {
+        $internals = $this->fetch_token_data([ \b8\b8::INTERNALS_TEXTS,
+                                               \b8\b8::INTERNALS_DBVERSION ]);
+
+        // Just in case this is called by check_database() and it's not yet clear if we actually
+        // have a b8 database
+        $texts_ham = null;
+        $texts_spam = null;
+        $dbversion = null;
+        if(isset($internals[\b8\b8::INTERNALS_TEXTS][\b8\b8::KEY_COUNT_HAM])) {
+            $texts_ham = (int) $internals[\b8\b8::INTERNALS_TEXTS][\b8\b8::KEY_COUNT_HAM];
+        }
+        if(isset($internals[\b8\b8::INTERNALS_TEXTS][\b8\b8::KEY_COUNT_SPAM])) {
+            $texts_spam = (int) $internals[\b8\b8::INTERNALS_TEXTS][\b8\b8::KEY_COUNT_SPAM];
+        }
+        if(isset($internals[\b8\b8::INTERNALS_DBVERSION][\b8\b8::KEY_COUNT_HAM])) {
+            $dbversion = (int) $internals[\b8\b8::INTERNALS_DBVERSION][\b8\b8::KEY_COUNT_HAM];
+        }
+
+        return [ \b8\b8::KEY_TEXTS_HAM  => $texts_ham,
+                 \b8\b8::KEY_TEXTS_SPAM => $texts_spam,
+                 \b8\b8::KEY_DB_VERSION => $dbversion ];
+    }
+
+    /**
+     * Get all data about a list of tokens from the database.
+     *
+     * @access public
+     * @param array The tokens list
+     * @return mixed Returns False on failure, otherwise returns array of returned data
+               in the format [ 'tokens'      => [ token => count ],
+                               'degenerates' => [ token => [ degenerate => count ] ] ].
+     */
+    public function get(array $tokens)
+    {
+        // First we see what we have in the database
+        $token_data = $this->fetch_token_data($tokens);
+
+        // Check if we have to degenerate some tokens
+        $missing_tokens = array();
+        foreach ($tokens as $token) {
+            if (! isset($token_data[$token])) {
+                $missing_tokens[] = $token;
+            }
+        }
+
+        if (count($missing_tokens) > 0) {
+            // We have to degenerate some tokens
+            $degenerates_list = [];
+
+            // Generate a list of degenerated tokens for the missing tokens ...
+            $degenerates = $this->degenerator->degenerate($missing_tokens);
+
+            // ... and look them up
+            foreach ($degenerates as $token => $token_degenerates) {
+                $degenerates_list = array_merge($degenerates_list, $token_degenerates);
+            }
+
+            $token_data = array_merge($token_data, $this->fetch_token_data($degenerates_list));
+        }
+
+        // Here, we have all available data in $token_data.
+
+        $return_data_tokens = [];
+        $return_data_degenerates = [];
+
+        foreach ($tokens as $token) {
+            if (isset($token_data[$token])) {
+                // The token was found in the database
+                $return_data_tokens[$token] = $token_data[$token];
+            } else {
+                // The token was not found, so we look if we can return data for degenerated tokens
+                foreach ($this->degenerator->degenerates[$token] as $degenerate) {
+                    if (isset($token_data[$degenerate])) {
+                        // A degenertaed version of the token way found in the database
+                        $return_data_degenerates[$token][$degenerate] = $token_data[$degenerate];
+                    }
+                }
+            }
+        }
+
+        // Now, all token data directly found in the database is in $return_data_tokens  and all
+        // data for degenerated versions is in $return_data_degenerates, so
+        return [ 'tokens'      => $return_data_tokens,
+                 'degenerates' => $return_data_degenerates ];
+    }
+
+    /**
+     * Stores or deletes a list of tokens from the given category.
+     *
+     * @access public
+     * @param array The tokens list
+     * @param string Either \b8\b8::HAM or \b8\b8::SPAM
+     * @param string Either \b8\b8::LEARN or \b8\b8::UNLEARN
+     * @return void
+     */
+    public function process_text(array $tokens, string $category, string $action)
+    {
+        // No matter what we do, we first have to check what data we have.
+
+        // First get the internals, including the ham texts and spam texts counter
+        $internals = $this->get_internals();
+        // Then, fetch all data for all tokens we have
+        $token_data = $this->fetch_token_data(array_keys($tokens));
+
+        $this->start_transaction();
+
+        // Process all tokens to learn/unlearn
+        foreach ($tokens as $token => $count) {
+            if (isset($token_data[$token])) {
+                // We already have this token, so update it's data
+
+                // Get the existing data
+                $count_ham  = $token_data[$token][\b8\b8::KEY_COUNT_HAM];
+                $count_spam = $token_data[$token][\b8\b8::KEY_COUNT_SPAM];
+
+                // Increase or decrease the right counter
+                if ($action === \b8\b8::LEARN) {
+                    if ($category === \b8\b8::HAM) {
+                        $count_ham += $count;
+                    } elseif ($category === \b8\b8::SPAM) {
+                        $count_spam += $count;
+                    }
+                } elseif ($action == \b8\b8::UNLEARN) {
+                    if ($category === \b8\b8::HAM) {
+                        $count_ham -= $count;
+                    } elseif ($category === \b8\b8::SPAM) {
+                        $count_spam -= $count;
+                    }
+                }
+
+                // We don't want to have negative values
+                if ($count_ham < 0) {
+                    $count_ham = 0;
+                }
+                if ($count_spam < 0) {
+                    $count_spam = 0;
+                }
+
+                // Now let's see if we have to update or delete the token
+                if ($count_ham != 0 or $count_spam != 0) {
+                    $this->update_token($token, [ \b8\b8::KEY_COUNT_HAM => $count_ham,
+                                                  \b8\b8::KEY_COUNT_SPAM => $count_spam ]);
+                } else {
+                    $this->delete_token($token);
+                }
+            } else {
+                // We don't have the token. If we unlearn a text, we can't delete it as we don't
+                // have it anyway, so just do something if we learn a text
+                if ($action === \b8\b8::LEARN) {
+                    if ($category === \b8\b8::HAM) {
+                        $this->add_token($token, [ \b8\b8::KEY_COUNT_HAM => $count,
+                                                   \b8\b8::KEY_COUNT_SPAM => 0 ]);
+                    } elseif ($category === \b8\b8::SPAM) {
+                        $this->add_token($token, [ \b8\b8::KEY_COUNT_HAM => 0,
+                                                   \b8\b8::KEY_COUNT_SPAM => $count ]);
+                    }
+                }
+            }
+        }
+
+        // Now, all token have been processed, so let's update the right text
+        if ($action === \b8\b8::LEARN) {
+            if ($category === \b8\b8::HAM) {
+                $internals[\b8\b8::KEY_TEXTS_HAM]++;
+            } elseif ($category === \b8\b8::SPAM) {
+                $internals[\b8\b8::KEY_TEXTS_SPAM]++;
+            }
+        } elseif ($action === \b8\b8::UNLEARN) {
+            if ($category === \b8\b8::HAM) {
+                if ($internals[\b8\b8::KEY_TEXTS_HAM] > 0) {
+                    $internals[\b8\b8::KEY_TEXTS_HAM]--;
+                }
+            } elseif ($category === \b8\b8::SPAM) {
+                if ($internals[\b8\b8::KEY_TEXTS_SPAM] > 0) {
+                    $internals[\b8\b8::KEY_TEXTS_SPAM]--;
+                }
+            }
+        }
+
+        $this->update_token(\b8\b8::INTERNALS_TEXTS,
+                            [ \b8\b8::KEY_COUNT_HAM  => $internals[\b8\b8::KEY_TEXTS_HAM],
+                              \b8\b8::KEY_COUNT_SPAM => $internals[\b8\b8::KEY_TEXTS_SPAM] ]);
+
+        $this->finish_transaction();
+    }
+
+}

modules/bad-behavior/bad-behavior-generic.php

@@ -1,155 +0,0 @@
-<?php
-/*
-Bad Behavior - detects and blocks unwanted Web accesses
-Copyright (C) 2005,2006,2007,2008,2009,2010,2011,2012 Michael Hampton
-
-Bad Behavior is free software; you can redistribute it and/or modify it under
-the terms of the GNU Lesser General Public License as published by the Free
-Software Foundation; either version 3 of the License, or (at your option) any
-later version.
-
-This program is distributed in the hope that it will be useful, but WITHOUT ANY
-WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
-
-You should have received a copy of the GNU Lesser General Public License along
-with this program. If not, see <http://www.gnu.org/licenses/>.
-
-Please report any problems to bad . bots AT ioerror DOT us
-http://bad-behavior.ioerror.us/
-*/
-
-###############################################################################
-###############################################################################
-
-define('BB2_CWD', dirname(__FILE__));
-
-// Settings you can adjust for Bad Behavior.
-// Most of these are unused in non-database mode.
-// DO NOT EDIT HERE; instead make changes in settings.ini.
-// These settings are used when settings.ini is not present.
-$bb2_settings_defaults = array(
-	'log_table' => 'bad_behavior',
-	'display_stats' => false,
-	'strict' => false,
-	'verbose' => false,
-	'logging' => true,
-	'httpbl_key' => '',
-	'httpbl_threat' => '25',
-	'httpbl_maxage' => '30',
-	'offsite_forms' => false,
-	'eu_cookie' => false,
-	'reverse_proxy' => false,
-	'reverse_proxy_header' => 'X-Forwarded-For',
-	'reverse_proxy_addresses' => array(),
-);
-
-// Bad Behavior callback functions.
-
-// Return current time in the format preferred by your database.
-function bb2_db_date() {
-	return gmdate('Y-m-d H:i:s');	// Example is MySQL format
-}
-
-// Return affected rows from most recent query.
-function bb2_db_affected_rows() {
-	return false;
-}
-
-// Escape a string for database usage
-function bb2_db_escape($string) {
-	// return mysql_real_escape_string($string);
-	return $string;	// No-op when database not in use.
-}
-
-// Return the number of rows in a particular query.
-function bb2_db_num_rows($result) {
-	if ($result !== FALSE)
-		return count($result);
-	return 0;
-}
-
-// Run a query and return the results, if any.
-// Should return FALSE if an error occurred.
-// Bad Behavior will use the return value here in other callbacks.
-function bb2_db_query($query) {
-	return FALSE;
-}
-
-// Return all rows in a particular query.
-// Should contain an array of all rows generated by calling mysql_fetch_assoc()
-// or equivalent and appending the result of each call to an array.
-function bb2_db_rows($result) {
-	return $result;
-}
-
-// Create the SQL query for inserting a record in the database.
-// See example for MySQL elsewhere.
-function bb2_insert($settings, $package, $key)
-{
-	return "--";
-}
-
-// Return emergency contact email address.
-function bb2_email() {
-	return "example@example.com";	// You need to change this.
-}
-
-// retrieve whitelist
-function bb2_read_whitelist() {
-	return @parse_ini_file(dirname(BB2_CORE) . "/whitelist.ini");
-}
-
-// retrieve settings from database
-// Settings are hard-coded for non-database use
-function bb2_read_settings() {
-	global $bb2_settings_defaults;
-	$settings = @parse_ini_file(dirname(__FILE__) . "/settings.ini");
-	if (!$settings) $settings = array();
-	return @array_merge($bb2_settings_defaults, $settings);
-}
-
-// write settings to database
-function bb2_write_settings($settings) {
-	return false;
-}
-
-// installation
-function bb2_install() {
-	return false;
-}
-
-// Screener
-// Insert this into the <head> section of your HTML through a template call
-// or whatever is appropriate. This is optional we'll fall back to cookies
-// if you don't use it.
-function bb2_insert_head() {
-	global $bb2_javascript;
-	echo $bb2_javascript;
-}
-
-// Display stats? This is optional.
-function bb2_insert_stats($force = false) {
-	$settings = bb2_read_settings();
-
-	if ($force || $settings['display_stats']) {
-		$blocked = bb2_db_query("SELECT COUNT(*) FROM " . $settings['log_table'] . " WHERE `key` NOT LIKE '00000000'");
-		if ($blocked !== FALSE) {
-			echo sprintf('<p><a href="http://bad-behavior.ioerror.us/">%1$s</a> %2$s <strong>%3$s</strong> %4$s</p>', __('Bad Behavior'), __('has blocked'), $blocked[0]["COUNT(*)"], __('access attempts in the last 7 days.'));
-		}
-	}
-}
-
-// Return the top-level relative path of wherever we are (for cookies)
-// You should provide in $url the top-level URL for your site.
-function bb2_relative_path() {
-	//$url = parse_url(get_bloginfo('url'));
-	//return $url['path'] . '/';
-	return '/';
-}
-
-// Calls inward to Bad Behavor itself.
-require_once(BB2_CWD . "/bad-behavior/core.inc.php");
-bb2_install();	// FIXME: see above
-
-bb2_start(bb2_read_settings());

modules/bad-behavior/bad-behavior/banned.inc.php

@@ -1,65 +0,0 @@
-<?php if (!defined('BB2_CORE')) die('I said no cheating!');
-
-// Functions called when a request has been denied
-// This part can be gawd-awful slow, doesn't matter :)
-
-require_once(BB2_CORE . "/responses.inc.php");
-
-function bb2_housekeeping($settings, $package)
-{
-	if (!$settings['logging']) return;
-
-	// FIXME Yes, the interval's hard coded (again) for now.
-	$query = "DELETE FROM `" . $settings['log_table'] . "` WHERE `date` < DATE_SUB('" . bb2_db_date() . "', INTERVAL 7 DAY)";
-	bb2_db_query($query);
-
-	// Waste a bunch more of the spammer's time, sometimes.
-	if (rand(1,1000) == 1) {
-		$query = "OPTIMIZE TABLE `" . $settings['log_table'] . "`";
-		bb2_db_query($query);
-	}
-}
-
-function bb2_display_denial($settings, $package, $key, $previous_key = false)
-{
-	define('DONOTCACHEPAGE', true);	// WP Super Cache
-	if (!$previous_key) $previous_key = $key;
-	if ($key == "e87553e1") {
-		// FIXME: lookup the real key
-	}
-	// Create support key
-	$ip = explode(".", $package['ip']);
-	$ip_hex = "";
-	foreach ($ip as $octet) {
-		$ip_hex .= str_pad(dechex($octet), 2, 0, STR_PAD_LEFT);
-	}
-	$support_key = implode("-", str_split("$ip_hex$key", 4));
-
-	// Get response data
-	$response = bb2_get_response($previous_key);
-	header("HTTP/1.1 " . $response['response'] . " Bad Behavior");
-	header("Status: " . $response['response'] . " Bad Behavior");
-	$request_uri = $_SERVER["REQUEST_URI"];
-	if (!$request_uri) $request_uri = $_SERVER['SCRIPT_NAME'];	# IIS
-?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<!--< html xmlns="http://www.w3.org/1999/xhtml">-->
-<head>
-<title>HTTP Error <?php echo $response['response']; ?></title>
-</head>
-<body>
-<h1>Error <?php echo $response['response']; ?></h1>
-<p>We're sorry, but we could not fulfill your request for
-<?php echo htmlspecialchars($request_uri) ?> on this server.</p>
-<p><?php echo $response['explanation']; ?></p>
-<p>Your technical support key is: <strong><?php echo $support_key; ?></strong></p>
-<p>You can use this key to <a href="http://www.ioerror.us/bb2-support-key?key=<?php echo $support_key; ?>">fix this problem yourself</a>.</p>
-<p>If you are unable to fix the problem yourself, please contact <a href="mailto:<?php echo htmlspecialchars(str_replace("@", "+nospam@nospam.", bb2_email())); ?>"><?php echo htmlspecialchars(str_replace("@", " at ", bb2_email())); ?></a> and be sure to provide the technical support key shown above.</p>
-<?php
-}
-
-function bb2_log_denial($settings, $package, $key, $previous_key=false)
-{
-	if (!$settings['logging']) return;
-	bb2_db_query(bb2_insert($settings, $package, $key));
-}

modules/bad-behavior/bad-behavior/blackhole.inc.php

@@ -1,67 +0,0 @@
-<?php if (!defined('BB2_CORE')) die('I said no cheating!');
-
-// Look up address on various blackhole lists.
-// These should not be used for GET requests under any circumstances!
-// FIXME: Note that this code is no longer in use
-function bb2_blackhole($package) {
-	// Can't use IPv6 addresses yet
-	if (@is_ipv6($package['ip'])) return false;
-
-	// Workaround for "MySQL server has gone away"
-	bb2_db_query("SET @@session.wait_timeout = 90");
-
-	// Only conservative lists
-	$bb2_blackhole_lists = array(
-		"sbl-xbl.spamhaus.org",	// All around nasties
-//		"dnsbl.sorbs.net",	// Old useless data.
-//		"list.dsbl.org",	// Old useless data.
-//		"dnsbl.ioerror.us",	// Bad Behavior Blackhole
-	);
-	
-	// Things that shouldn't be blocked, from aggregate lists
-	$bb2_blackhole_exceptions = array(
-		"sbl-xbl.spamhaus.org" => array("127.0.0.4"),	// CBL is problematic
-		"dnsbl.sorbs.net" => array("127.0.0.10",),	// Dynamic IPs only
-		"list.dsbl.org" => array(),
-		"dnsbl.ioerror.us" => array(),
-	);
-
-	// Check the blackhole lists
-	$ip = $package['ip'];
-	$find = implode('.', array_reverse(explode('.', $ip)));
-	foreach ($bb2_blackhole_lists as $dnsbl) {
-		$result = gethostbynamel($find . "." . $dnsbl . ".");
-		if (!empty($result)) {
-			// Got a match and it isn't on the exception list
-			$result = @array_diff($result, $bb2_blackhole_exceptions[$dnsbl]);
-			if (!empty($result)) {
-				return '136673cd';
-			}
-		}
-	}
-	return false;
-}
-
-function bb2_httpbl($settings, $package) {
-	// Can't use IPv6 addresses yet
-	if (@is_ipv6($package['ip'])) return false;
-
-	if (@!$settings['httpbl_key']) return false;
-
-	// Workaround for "MySQL server has gone away"
-	bb2_db_query("SET @@session.wait_timeout = 90");
-
-	$find = implode('.', array_reverse(explode('.', $package['ip'])));
-	$result = gethostbynamel($settings['httpbl_key'].".${find}.dnsbl.httpbl.org.");
-	if (!empty($result)) {
-		$ip = explode('.', $result[0]);
-		if ($ip[0] == 127 && ($ip[3] & 7) && $ip[2] >= $settings['httpbl_threat'] && $ip[1] <= $settings['httpbl_maxage']) {
-			return '2b021b1f';
-		}
-		// Check if search engine
-		if ($ip[3] == 0) {
-			return 1;
-		}
-	}
-	return false;
-}

modules/bad-behavior/bad-behavior/blacklist.inc.php

@@ -1,195 +0,0 @@
-<?php if (!defined('BB2_CORE')) die('I said no cheating!');
-
-function bb2_blacklist($package) {
-
-	// Blacklisted user agents
-	// These user agent strings occur at the beginning of the line.
-	$bb2_spambots_0 = array(
-		"-",	// brute force password attempts, malicious botnet
-		"8484 Boston Project",	// video poker/porn spam
-		"ArchiveTeam",	// ignores robots.txt and hammers server
-		"adwords",		// referrer spam
-		"autoemailspider",	// spam harvester
-		"blogsearchbot-martin",	// from honeypot
-		"BrowserEmulator/",	// open proxy software
-		"CherryPicker",		// spam harvester
-		"core-project/",	// FrontPage extension exploits
-		"Diamond",		// delivers spyware/adware
-		"Digger",		// spam harvester
-		"ecollector",		// spam harvester
-		"EmailCollector",	// spam harvester
-		"Email Siphon",		// spam harvester
-		"EmailSiphon",		// spam harvester
-		"Forum Poster",		// forum spambot
-		"grub crawler",		// misc comment/email spam
-		"HttpProxy",		// misc comment/email spam
-		"Internet Explorer",	// XMLRPC exploits seen
-		"ISC Systems iRc",	// spam harvester
-		"Jakarta Commons",	// customised spambots
-		"Java 1.",		// unidentified robots
-		"Java/1.",		// unidentified robots
-		"libwww-perl",		// unidentified robots
-		"LWP",			// unidentified robots
-		"lwp",			// unidentified robots
-		"Microsoft Internet Explorer/",	// too old; assumed robot
-		"Microsoft URL",	// unidentified robots
-		"Missigua",		// spam harvester
-		"MJ12bot/v1.0.8",	// malicious botnet
-		"Morfeus",		// vulnerability scanner
-		"Movable Type",		// customised spambots
-// msnbot is using this fake user agent string now
-		//"Mozilla ",		// malicious software
-		"Mozilla/0",		// malicious software
-		"Mozilla/1",		// malicious software
-		"Mozilla/2",		// malicious software
-		"Mozilla/3",		// malicious software
-		"Mozilla/4.0(",		// from honeypot
-		"Mozilla/4.0+(compatible;+",	// suspicious harvester
-		"Mozilla/4.0 (Hydra)",	// brute force tool
-		"MSIE",			// malicious software
-		"MVAClient",		// automated hacking attempts
-		"Nessus",		// vulnerability scanner
-		"NutchCVS",		// unidentified robots
-		"Nutscrape/",		// misc comment spam
-		"OmniExplorer",		// spam harvester
-		"Opera/9.64(",		// comment spam bot
-		"PMAFind",		// vulnerability scanner
-		"psycheclone",		// spam harvester
-		"PussyCat ",		// misc comment spam
-		"PycURL",		// misc comment spam
-		"Python-urllib",	// commonly abused
-		"revolt",		// vulnerability scanner
-//		WP 2.5 now has Flash; FIXME
-//		"Shockwave Flash",	// spam harvester
-		"sqlmap/",		// SQL injection
-		"Super Happy Fun ",	// spam harvester
-		"TrackBack/",		// trackback spam
-		"user",			// suspicious harvester
-		"User Agent: ",		// spam harvester
-		"User-Agent: ",		// spam harvester
-		"w3af",			// vulnerability scanner
-		"WebSite-X Suite",	// misc comment spam
-		"Winnie Poh",		// Automated Coppermine hacks
-		"Wordpress",		// malicious software
-		"\"",			// malicious software
-	);
-
-	// These user agent strings occur anywhere within the line.
-	$bb2_spambots = array(
-		"\r",			// A really dumb bot
-		"<sc",			// XSS exploit attempts
-		"; Widows ",		// misc comment/email spam
-		": ;",			// shellshock
-		":;",			// shellshock
-		"a href=",		// referrer spam
-		"ArchiveBot",	// ignores robots.txt and hammers server
-		"Bad Behavior Test",	// Add this to your user-agent to test BB
-		"compatible ; MSIE",	// misc comment/email spam
-		"compatible-",		// misc comment/email spam
-		"DTS Agent",		// misc comment/email spam
-		"Email Extractor",	// spam harvester
-		"Firebird/",		// too old; assumed robot
-		"Gecko/2525",		// revisit this in 500 years
-		"grub-client",		// search engine ignores robots.txt
-		"hanzoweb",		// very badly behaved crawler
-		"Havij",		// SQL injection tool
-		"Indy Library",		// misc comment/email spam
-		"Ming Mong",		// brute force tool
-		"MSIE 7.0;  Windows NT 5.2",	// Cyveillance
-		"Murzillo compatible",	// comment spam bot
-		".NET CLR 1)",		// free poker, etc.
-		".NET CLR1",		// spam harvester
-		"Netsparker",		// vulnerability scanner
-		"Nikto/",		// vulnerability scanner
-		"Perman Surfer",	// old and very broken harvester
-		"POE-Component-Client",	// free poker, etc.
-		"Teh Forest Lobster",	// brute force tool
-		"Turing Machine",	// www.anonymizer.com abuse
-		"Ubuntu/9.25",		// comment spam bot
-		"unspecified.mail",	// stealth harvesters
-		"User-agent: ",		// spam harvester/splogger
-		"WebaltBot",		// spam harvester
-		"WISEbot",		// spam harvester
-		"WISEnutbot",		// spam harvester
-		"Win95",		// too old; assumed robot
-		"Win98",		// too old; assumed robot
-		"WinME",		// too old; assumed robot
-		"Win 9x 4.90",		// too old; assumed robot
-		"Windows 3",		// too old; assumed robot
-		"Windows 95",		// too old; assumed robot
-		"Windows 98",		// too old; assumed robot
-		"Windows NT 4",		// too old; assumed robot
-		"Windows NT;",		// too old; assumed robot
-		#"Windows NT 4.0;)",	// wikispam bot
-		"Windows NT 5.0;)",	// wikispam bot
-		"Windows NT 5.1;)",	// wikispam bot
-		"Windows XP 5",		// spam harvester
-		"WordPress/4.01",	// pingback spam
-		"Xedant Human Emulator",// spammer script engine
-		"ZmEu",			// exploit scanner
-		"\\\\)",		// spam harvester
-	);
-
-	// These are regular expression matches.
-	$bb2_spambots_regex = array(
-		"/^[A-Z]{10}$/",	// misc email spam
-		"/[bcdfghjklmnpqrstvwxz ]{8,}/",
-//		"/(;\){1,2}$/",		// misc spammers/harvesters
-		"/MSIE.*Windows XP/",	// misc comment spam
-		"/MSIE [2345]/",	// too old; assumed robot
-	);
-
-	// Blacklisted URL strings
-	// These strings are considered case-insensitive.
-	$bb2_spambots_url = array(
-		"0x31303235343830303536",	// Havij
-		"../",				// path traversal
-		"..\\",				// path traversal
-		"%60information_schema%60",	// SQL injection probe
-		"+%2F*%21",			// SQL injection probe
-		"%27--",			// SQL injection
-		"%27 --",			// SQL injection
-		"%27%23",			// SQL injection
-		"%27 %23",			// SQL injection
-		"benchmark%28",			// SQL injection probe
-		"insert+into+",			// SQL injection
-		"r3dm0v3",			// SQL injection probe
-		"select+1+from",		// SQL injection probe
-		"union+all+select",		// SQL injection probe
-		"union+select",			// SQL injection probe
-		"waitfor+delay+",		// SQL injection probe
-		"w00tw00t",			// vulnerability scanner
-	);
-
-	// Do not edit below this line.
-
-	@$ua = $package['headers_mixed']['User-Agent'];
-	@$uri = $package['request_uri'];
-
-	foreach ($bb2_spambots_0 as $spambot) {
-		$pos = strpos($ua, $spambot);
-		if ($pos !== FALSE && $pos == 0) {
-			return "17f4e8c8";
-		}
-	}
-
-	foreach ($bb2_spambots as $spambot) {
-		if (strpos($ua, $spambot) !== FALSE) {
-			return "17f4e8c8";
-		}
-	}
-
-	foreach ($bb2_spambots_regex as $spambot) {
-		if (preg_match($spambot, $ua)) {
-			return "17f4e8c8";
-		}
-	}
-
-	foreach ($bb2_spambots_url as $spambot) {
-		if (stripos($uri, $spambot) !== FALSE) {
-			return "96c0bd29";
-		}
-	}
-
-	return FALSE;
-}

modules/bad-behavior/bad-behavior/browser.inc.php

@@ -1,84 +0,0 @@
-<?php if (!defined('BB2_CORE')) die('I said no cheating!');
-
-// Analyze user agents claiming to be Konqueror
-
-function bb2_konqueror($package)
-{
-	// CafeKelsa is a dev project at Yahoo which indexes job listings for
-	// Yahoo! HotJobs. It identifies as Konqueror so we skip these checks.
-	if (stripos($package['headers_mixed']['User-Agent'], "YahooSeeker/CafeKelsa") === FALSE || match_cidr($package['ip'], "209.73.160.0/19") === FALSE) {
-		if (!array_key_exists('Accept', $package['headers_mixed'])) {
-			return "17566707";
-		}
-	}
-	return false;
-}
-
-// Analyze user agents claiming to be Lynx
-
-function bb2_lynx($package)
-{
-	if (!array_key_exists('Accept', $package['headers_mixed'])) {
-		return "17566707";
-	}
-	return false;
-}
-
-// Analyze user agents claiming to be Mozilla
-
-function bb2_mozilla($package)
-{
-	// First off, workaround for Google Desktop, until they fix it FIXME
-	// Google Desktop fixed it, but apparently some old versions are
-	// still out there. :(
-	// Always check accept header for Mozilla user agents
-	if (strpos($package['headers_mixed']['User-Agent'], "Google Desktop") === FALSE && strpos($package['headers_mixed']['User-Agent'], "PLAYSTATION 3") === FALSE) {
-		if (!array_key_exists('Accept', $package['headers_mixed'])) {
-			return "17566707";
-		}
-	}
-	return false;
-}
-
-// Analyze user agents claiming to be MSIE
-
-function bb2_msie($package)
-{
-	if (!array_key_exists('Accept', $package['headers_mixed'])) {
-		return "17566707";
-	}
-
-	// MSIE does NOT send "Windows ME" or "Windows XP" in the user agent
-	if (strpos($package['headers_mixed']['User-Agent'], "Windows ME") !== FALSE || strpos($package['headers_mixed']['User-Agent'], "Windows XP") !== FALSE || strpos($package['headers_mixed']['User-Agent'], "Windows 2000") !== FALSE || strpos($package['headers_mixed']['User-Agent'], "Win32") !== FALSE) {
-		return "a1084bad";
-	}
-
-	// MSIE does NOT send Connection: TE but Akamai does
-	// Bypass this test when Akamai detected
-	// The latest version of IE for Windows CE also uses Connection: TE
-	if (!array_key_exists('Akamai-Origin-Hop', $package['headers_mixed']) && strpos($package['headers_mixed']['User-Agent'], "IEMobile") === FALSE && @preg_match('/\bTE\b/i', $package['headers_mixed']['Connection'])) {
-		return "2b90f772";
-	}
-
-	return false;
-}
-
-// Analyze user agents claiming to be Opera
-
-function bb2_opera($package)
-{
-	if (!array_key_exists('Accept', $package['headers_mixed'])) {
-		return "17566707";
-	}
-	return false;
-}
-
-// Analyze user agents claiming to be Safari
-
-function bb2_safari($package)
-{
-	if (!array_key_exists('Accept', $package['headers_mixed'])) {
-		return "17566707";
-	}
-	return false;
-}

modules/bad-behavior/bad-behavior/cloudflare.inc.php

@@ -1,14 +0,0 @@
-<?php if (!defined('BB2_CORE')) die('I said no cheating!');
-
-// Analyze requests claiming to be from CloudFlare
-
-require_once(BB2_CORE . "/roundtripdns.inc.php");
-
-function bb2_cloudflare($package)
-{
-#	Disabled due to http://bugs.php.net/bug.php?id=53092
-#	if (!bb2_roundtripdns($package['cloudflare'], "cloudflare.com")) {
-#		return '70e45496';
-#	}
-	return false;
-}

modules/bad-behavior/bad-behavior/common_tests.inc.php

@@ -1,152 +0,0 @@
-<?php if (!defined('BB2_CORE')) die('I said no cheating!');
-
-// Enforce adherence to protocol version claimed by user-agent.
-
-function bb2_protocol($settings, $package)
-{
-	// We should never see Expect: for HTTP/1.0 requests
-	if (array_key_exists('Expect', $package['headers_mixed']) && stripos($package['headers_mixed']['Expect'], "100-continue") !== FALSE && !strcmp($package['server_protocol'], "HTTP/1.0")) {
-		return "a0105122";
-	}
-
-	// Is it claiming to be HTTP/1.1?  Then it shouldn't do HTTP/1.0 things
-	// Blocks some common corporate proxy servers in strict mode
-	if ($settings['strict'] && !strcmp($package['server_protocol'], "HTTP/1.1")) {
-		if (array_key_exists('Pragma', $package['headers_mixed']) && strpos($package['headers_mixed']['Pragma'], "no-cache") !== FALSE && !array_key_exists('Cache-Control', $package['headers_mixed'])) {
-			return "41feed15";
-		}
-	}
-	return false;
-}
-
-function bb2_cookies($settings, $package)
-{
-	// Enforce RFC 2965 sec 3.3.5 and 9.1
-	// The only valid value for $Version is 1 and when present,
-	// the user agent MUST send a Cookie2 header.
-	// First-gen Amazon Kindle is broken; Amazon has been notified 9/24/08
-	// NOTE: RFC 2965 is obsoleted by RFC 6265. Current software MUST NOT
-	// use Cookie2 or $Version in Cookie.
-	if (@strpos($package['headers_mixed']['Cookie'], '$Version=0') !== FALSE && !array_key_exists('Cookie2', $package['headers_mixed']) && strpos($package['headers_mixed']['User-Agent'], "Kindle/") === FALSE) {
-		return '6c502ff1';
-	}
-	return false;
-}
-
-function bb2_misc_headers($settings, $package)
-{
-	@$ua = $package['headers_mixed']['User-Agent'];
-
-	if (!strcmp($package['request_method'], "POST") && empty($ua)) {
-		return "f9f2b8b9";
-	}
-
-	// Broken spambots send URLs with various invalid characters
-	// Some broken browsers send the #vector in the referer field :(
-	// Worse yet, some Javascript client-side apps do the same in
-	// blatant violation of the protocol and good sense.
-	// if (strpos($package['request_uri'], "#") !== FALSE || strpos($package['headers_mixed']['Referer'], "#") !== FALSE) {
-	if ($settings['strict'] && strpos($package['request_uri'], "#") !== FALSE) {
-		return "dfd9b1ad";
-	}
-	// A pretty nasty SQL injection attack on IIS servers
-	if (strpos($package['request_uri'], ";DECLARE%20@") !== FALSE) {
-		return "dfd9b1ad";
-	}
-
-	// Range: field exists and begins with 0
-	// Real user-agents do not start ranges at 0
-	// NOTE: this blocks the whois.sc bot. No big loss.
-	// Exceptions: MT (not fixable); LJ (refuses to fix; may be
-	// blocked again in the future); Facebook
-	if ($settings['strict'] && array_key_exists('Range', $package['headers_mixed']) && strpos($package['headers_mixed']['Range'], "=0-") !== FALSE) {
-		if (strncmp($ua, "MovableType", 11) && strncmp($ua, "URI::Fetch", 10) && strncmp($ua, "php-openid/", 11) && strncmp($ua, "facebookexternalhit", 19)) {
-			return "7ad04a8a";
-		}
-	}
-
-	// Content-Range is a response header, not a request header
-	if (array_key_exists('Content-Range', $package['headers_mixed'])) {
-		return '7d12528e';
-	}
-
-	// Lowercase via is used by open proxies/referrer spammers
-	// Exceptions: Clearswift uses lowercase via (refuses to fix;
-	// may be blocked again in the future)
-	if ($settings['strict'] &&
-		array_key_exists('via', $package['headers']) &&
-		strpos($package['headers']['via'],'Clearswift') === FALSE &&
-		strpos($ua,'CoralWebPrx') === FALSE) {
-		return "9c9e4979";
-	}
-
-	// pinappleproxy is used by referrer spammers
-	if (array_key_exists('Via', $package['headers_mixed'])) {
-		if (stripos($package['headers_mixed']['Via'], "pinappleproxy") !== FALSE || stripos($package['headers_mixed']['Via'], "PCNETSERVER") !== FALSE || stripos($package['headers_mixed']['Via'], "Invisiware") !== FALSE) {
-			return "939a6fbb";
-		}
-	}
-
-	// TE: if present must have Connection: TE
-	// RFC 2616 14.39
-	// Blocks Microsoft ISA Server 2004 in strict mode. Contact Microsoft
-	// to obtain a hotfix.
-	if ($settings['strict'] && array_key_exists('Te', $package['headers_mixed'])) {
-		if (!preg_match('/\bTE\b/', $package['headers_mixed']['Connection'])) {
-			return "582ec5e4";
-		}
-	}
-
-	if (array_key_exists('Connection', $package['headers_mixed'])) {
-		// Connection: keep-alive and close are mutually exclusive
-		if (preg_match('/\bKeep-Alive\b/i', $package['headers_mixed']['Connection']) && preg_match('/\bClose\b/i', $package['headers_mixed']['Connection'])) {
-			return "a52f0448";
-		}
-		// Close shouldn't appear twice
-		if (preg_match('/\bclose,\s?close\b/i', $package['headers_mixed']['Connection'])) {
-			return "a52f0448";
-		}
-		// Keey-Alive shouldn't appear twice either
-		if (preg_match('/\bkeep-alive,\s?keep-alive\b/i', $package['headers_mixed']['Connection'])) {
-			return "a52f0448";
-		}
-		// Keep-Alive format in RFC 2068; some bots mangle these headers
-		if (stripos($package['headers_mixed']['Connection'], "Keep-Alive: ") !== FALSE) {
-			return "b0924802";
-		}
-	}
-	
-
-	// Headers which are not seen from normal user agents; only malicious bots
-	if (array_key_exists('X-Aaaaaaaaaaaa', $package['headers_mixed']) || array_key_exists('X-Aaaaaaaaaa', $package['headers_mixed'])) {
-		return "b9cc1d86";
-	}
-	// Proxy-Connection does not exist and should never be seen in the wild
-	// http://lists.w3.org/Archives/Public/ietf-http-wg-old/1999JanApr/0032.html
-	// http://lists.w3.org/Archives/Public/ietf-http-wg-old/1999JanApr/0040.html
-	if ($settings['strict'] && array_key_exists('Proxy-Connection', $package['headers_mixed'])) {
-		return "b7830251";
-	}
-
-	if (array_key_exists('Referer', $package['headers_mixed'])) {
-		// Referer, if it exists, must not be blank
-		if (empty($package['headers_mixed']['Referer'])) {
-			return "69920ee5";
-		}
-
-		// Referer, if it exists, must contain a :
-		// While a relative URL is technically valid in Referer, all known
-		// legitimate user-agents send an absolute URL
-		if (strpos($package['headers_mixed']['Referer'], ":") === FALSE) {
-			return "45b35e30";
-		}
-	}
-	
-	// "uk" is not a language (ISO 639) nor a country (ISO 3166)
-	// oops, yes it is :( Please shoot any Ukrainian spammers you see.
-#	if (preg_match('/\buk\b/', $package['headers_mixed']['Accept-Language'])) {
-#		return "35ea7ffa";
-#	}
-
-	return false;
-}

modules/bad-behavior/bad-behavior/core.inc.php

@@ -1,241 +0,0 @@
-<?php if (!defined('BB2_CWD')) die("I said no cheating!");
-define('BB2_VERSION', "2.2.19");
-
-// Bad Behavior entry point is bb2_start()
-// If you're reading this, you are probably lost.
-// Go read the bad-behavior-generic.php file.
-
-define('BB2_CORE', dirname(__FILE__));
-define('BB2_COOKIE', 'bb2_screener_');
-
-require_once(BB2_CORE . "/functions.inc.php");
-
-// Kill 'em all!
-function bb2_banned($settings, $package, $key, $previous_key=false)
-{
-	// Some spambots hit too hard. Slow them down a bit.
-	sleep(2);
-
-	require_once(BB2_CORE . "/banned.inc.php");
-	bb2_display_denial($settings, $package, $key, $previous_key);
-	bb2_log_denial($settings, $package, $key, $previous_key);
-	if (is_callable('bb2_banned_callback')) {
-		bb2_banned_callback($settings, $package, $key);
-	}
-	// Penalize the spammers some more
-	bb2_housekeeping($settings, $package);
-	die();
-}
-
-function bb2_approved($settings, $package)
-{
-	// Dirk wanted this
-	if (is_callable('bb2_approved_callback')) {
-		bb2_approved_callback($settings, $package);
-	}
-
-	// Decide what to log on approved requests.
-	if (($settings['verbose'] && $settings['logging']) || empty($package['user_agent'])) {
-		bb2_db_query(bb2_insert($settings, $package, "00000000"));
-	}
-}
-
-# If this is reverse-proxied or load balanced, obtain the actual client IP
-function bb2_reverse_proxy($settings, $headers_mixed)
-{
-	# Detect if option is on when it should be off
-	$header = uc_all($settings['reverse_proxy_header']);
-	if (!array_key_exists($header, $headers_mixed)) {
-		return false;
-	}
-	
-	$addrs = @array_reverse(preg_split("/[\s,]+/", $headers_mixed[$header]));
-	# Skip our known reverse proxies and private addresses
-	if (!empty($settings['reverse_proxy_addresses'])) {
-		foreach ($addrs as $addr) {
-			if (!match_cidr($addr, $settings['reverse_proxy_addresses']) && !is_rfc1918($addr)) {
-				return $addr;
-			}
-		}
-	} else {
-		foreach ($addrs as $addr) {
-			if (!is_rfc1918($addr)) {
-				return $addr;
-			}
-		}
-	}
-	# If we got here, someone is playing a trick on us.
-	return false;
-}
-
-# FIXME: Bug #12. But this code doesn't currently work.
-function bb2_unpack_php_post_array($key, $value)
-{
-	$unpacked = array();
-	foreach ($value as $k => $v) {
-		$i = $key. '[' . $k . ']';
-		if (is_array($v))
-			$v = bb2_unpack_php_post_array($i, $v);
-		$unpacked[$i] = $v;
-	}
-	return $unpacked;
-}
-
-// Let God sort 'em out!
-function bb2_start($settings)
-{
-	// Gather up all the information we need, first of all.
-	$headers = bb2_load_headers();
-	// Postprocess the headers to mixed-case
-	// TODO: get the world to stop using PHP as CGI
-	$headers_mixed = array();
-	foreach ($headers as $h => $v) {
-		$headers_mixed[uc_all($h)] = $v;
-	}
-
-	// IPv6 - IPv4 compatibility mode hack
-	$_SERVER['REMOTE_ADDR'] = preg_replace("/^::ffff:/", "", $_SERVER['REMOTE_ADDR']);
-
-	// Reconstruct the HTTP entity, if present.
-	$request_entity = array();
-	if (!strcasecmp($_SERVER['REQUEST_METHOD'], "POST") || !strcasecmp($_SERVER['REQUEST_METHOD'], "PUT")) {
-		foreach ($_POST as $h => $v) {
-			if (is_array($v)) {
-				# Workaround, see Bug #12
-				$v = "Array";
-			}
-			$request_entity[$h] = $v;
-		}
-	}
-
-	$request_uri = $_SERVER["REQUEST_URI"];
-	if (!$request_uri) $request_uri = $_SERVER['SCRIPT_NAME'];	# IIS
-
-	if ($settings['reverse_proxy'] && $ip = bb2_reverse_proxy($settings, $headers_mixed)) {
-		$headers['X-Bad-Behavior-Remote-Address'] = $_SERVER['REMOTE_ADDR'];
-		$headers_mixed['X-Bad-Behavior-Remote-Address'] = $_SERVER['REMOTE_ADDR'];
-	} else {
-		$ip = $_SERVER['REMOTE_ADDR'];
-	}
-
-	@$package = array('ip' => $ip, 'headers' => $headers, 'headers_mixed' => $headers_mixed, 'request_method' => $_SERVER['REQUEST_METHOD'], 'request_uri' => $request_uri, 'server_protocol' => $_SERVER['SERVER_PROTOCOL'], 'request_entity' => $request_entity, 'user_agent' => $_SERVER['HTTP_USER_AGENT'], 'is_browser' => false,);
-
-	$result = bb2_screen($settings, $package);
-	if ($result && !defined('BB2_TEST')) bb2_banned($settings, $package, $result);
-	return $result;
-}
-
-function bb2_screen($settings, $package)
-{
-	// Please proceed to the security checkpoint, have your identification
-	// and boarding pass ready, and prepare to be nakedized or fondled.
-
-	// CloudFlare-specific checks not handled by reverse proxy code
-	// Thanks to butchs at Simple Machines
-	if (array_key_exists('Cf-Connecting-Ip', $package['headers_mixed'])) {
-		require_once(BB2_CORE . "/cloudflare.inc.php");
-		$r = bb2_cloudflare($package);
-		if ($r !== false && $r != $package['ip']) return $r;
-	}
-
-	// First check the whitelist
-	require_once(BB2_CORE . "/whitelist.inc.php");
-	if (!bb2_run_whitelist($package)) {
-		// Now check the blacklist
-		require_once(BB2_CORE . "/blacklist.inc.php");
-		if ($r = bb2_blacklist($package)) return $r;
-
-		// Check the http:BL
-		require_once(BB2_CORE . "/blackhole.inc.php");
-		if ($r = bb2_httpbl($settings, $package)) {
-			if ($r == 1) return false;	# whitelisted
-			return $r;
-		}
-
-		// Check for common stuff
-		require_once(BB2_CORE . "/common_tests.inc.php");
-		if ($r = bb2_protocol($settings, $package)) return $r;
-		if ($r = bb2_cookies($settings, $package)) return $r;
-		if ($r = bb2_misc_headers($settings, $package)) return $r;
-
-		// Specific checks
-		@$ua = $package['user_agent'];
-		// Search engine checks come first
-		if (stripos($ua, "bingbot") !== FALSE || stripos($ua, "msnbot") !== FALSE || stripos($ua, "MS Search") !== FALSE) {
-			require_once(BB2_CORE . "/searchengine.inc.php");
-			if ($r = bb2_msnbot($package)) {
-				if ($r == 1) return false;	# whitelisted
-				return $r;
-			}
-			return false;
-		} elseif (stripos($ua, "Googlebot") !== FALSE || stripos($ua, "Mediapartners-Google") !== FALSE || stripos($ua, "Google Web Preview") !== FALSE) {
-			require_once(BB2_CORE . "/searchengine.inc.php");
-			if ($r = bb2_google($package)) {
-				if ($r == 1) return false;	# whitelisted
-				return $r;
-			}
-			return false;
-		} elseif (stripos($ua, "Yahoo! Slurp") !== FALSE || stripos($ua, "Yahoo! SearchMonkey") !== FALSE) {
-			require_once(BB2_CORE . "/searchengine.inc.php");
-			if ($r = bb2_yahoo($package)) {
-				if ($r == 1) return false;	# whitelisted
-				return $r;
-			}
-			return false;
-		} elseif (stripos($ua, "Baidu") !== FALSE) {
-			require_once(BB2_CORE . "/searchengine.inc.php");
-			if ($r = bb2_baidu($package)) {
-				if ($r == 1) return false;	# whitelisted
-				return $r;
-			}
-			return false;
-		}
-		// MSIE checks
-		if (stripos($ua, "; MSIE") !== FALSE) {
-			$package['is_browser'] = true;
-			require_once(BB2_CORE . "/browser.inc.php");
-			if (stripos($ua, "Opera") !== FALSE) {
-				if ($r = bb2_opera($package)) return $r;
-			} else {
-				if ($r = bb2_msie($package)) return $r;
-			}
-		} elseif (stripos($ua, "Konqueror") !== FALSE) {
-			$package['is_browser'] = true;
-			require_once(BB2_CORE . "/browser.inc.php");
-			if ($r = bb2_konqueror($package)) return $r;
-		} elseif (stripos($ua, "Opera") !== FALSE) {
-			$package['is_browser'] = true;
-			require_once(BB2_CORE . "/browser.inc.php");
-			if ($r = bb2_opera($package)) return $r;
-		} elseif (stripos($ua, "Safari") !== FALSE) {
-			$package['is_browser'] = true;
-			require_once(BB2_CORE . "/browser.inc.php");
-			if ($r = bb2_safari($package)) return $r;
-		} elseif (stripos($ua, "Lynx") !== FALSE) {
-			$package['is_browser'] = true;
-			require_once(BB2_CORE . "/browser.inc.php");
-			if ($r = bb2_lynx($package)) return $r;
-		} elseif (stripos($ua, "MovableType") !== FALSE) {
-			require_once(BB2_CORE . "/movabletype.inc.php");
-			if ($r = bb2_movabletype($package)) return $r;
-		} elseif (stripos($ua, "Mozilla") !== FALSE && stripos($ua, "Mozilla") == 0) {
-			$package['is_browser'] = true;
-			require_once(BB2_CORE . "/browser.inc.php");
-			if ($r = bb2_mozilla($package)) return $r;
-		}
-
-		// More intensive screening applies to POST requests
-		if (!strcasecmp('POST', $package['request_method'])) {
-			require_once(BB2_CORE . "/post.inc.php");
-			if ($r = bb2_post($settings, $package)) return $r;
-		}
-	}
-
-	// Last chance screening.
-	require_once(BB2_CORE . "/screener.inc.php");
-	bb2_screener($settings, $package);
-
-	// And that's about it.
-	bb2_approved($settings, $package);
-	return false;
-}

modules/bad-behavior/bad-behavior/functions.inc.php

@@ -1,78 +0,0 @@
-<?php if (!defined('BB2_CORE')) die("I said no cheating!");
-
-// Miscellaneous helper functions.
-
-// Quick and dirty check for an IPv6 address
-function is_ipv6($address) {
-	return (strpos($address, ":")) ? TRUE : FALSE;
-}
-
-// stripos() needed because stripos is only present on PHP 5
-if (!function_exists('stripos')) {
-	function stripos($haystack,$needle,$offset = 0) {
-		return(strpos(strtolower($haystack),strtolower($needle),$offset));
-	}
-}
-
-// str_split() needed because str_split is only present on PHP 5
-if (!function_exists('str_split')) {
-	function str_split($string, $split_length=1)
-	{
-		if ($split_length < 1) {
-			return false;
-		}
-
-		for ($pos=0, $chunks = array(); $pos < strlen($string); $pos+=$split_length) {
-			$chunks[] = substr($string, $pos, $split_length);
-		}
-		return $chunks;
-	}
-}
-
-// Convert a string to mixed-case on word boundaries.
-function uc_all($string) {
-	$temp = preg_split('/(\W)/', str_replace("_", "-", $string), -1, PREG_SPLIT_DELIM_CAPTURE);
-	foreach ($temp as $key=>$word) {
-		$temp[$key] = ucfirst(strtolower($word));
-	}
-	return join ('', $temp);
-}
-
-// Determine if an IP address resides in a CIDR netblock or netblocks.
-function match_cidr($addr, $cidr) {
-	$output = false;
-
-	if (is_array($cidr)) {
-		foreach ($cidr as $cidrlet) {
-			if (match_cidr($addr, $cidrlet)) {
-				$output = true;
-				break;
-			}
-		}
-	} else {
-		@list($ip, $mask) = explode('/', $cidr);
-		if (!$mask) $mask = 32;
-		$mask = pow(2,32) - pow(2, (32 - $mask));
-		$output = ((ip2long($addr) & $mask) == (ip2long($ip) & $mask));
-	}
-	return $output;
-}
-
-// Determine if an IP address is reserved by RFC 1918.
-function is_rfc1918($addr) {
-	return match_cidr($addr, array("10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16"));
-}
-// Obtain all the HTTP headers.
-// NB: on PHP-CGI we have to fake it out a bit, since we can't get the REAL
-// headers. Run PHP as Apache 2.0 module if possible for best results.
-function bb2_load_headers() {
-	if (!is_callable('getallheaders')) {
-		$headers = array();
-		foreach ($_SERVER as $h => $v)
-			if (preg_match('/HTTP_(.+)/', $h, $hp))
-				$headers[str_replace("_", "-", uc_all($hp[1]))] = $v;
-	} else {
-		$headers = getallheaders();
-	}
-	return $headers;
-}

modules/bad-behavior/bad-behavior/index.html

@@ -1 +0,0 @@
-Viewing directory contents is not permitted.

modules/bad-behavior/bad-behavior/movabletype.inc.php

@@ -1,12 +0,0 @@
-<?php if (!defined('BB2_CORE')) die('I said no cheating!');
-
-function bb2_movabletype($package)
-{
-	// Is it a trackback?
-	if (strcasecmp($package['request_method'], "POST")) {
-		if (strcmp($package['headers_mixed']['Range'], "bytes=0-99999")) {
-			return "7d12528e";
-		}
-	}
-	return false;
-}

modules/bad-behavior/bad-behavior/post.inc.php

@@ -1,109 +0,0 @@
-<?php if (!defined('BB2_CORE')) die('I said no cheating!');
-
-// Specialized screening for trackbacks
-function bb2_trackback($package)
-{
-	// Web browsers don't send trackbacks
-	if ($package['is_browser']) {
-		return 'f0dcb3fd';
-	}
-
-	// Proxy servers don't send trackbacks either
-	if (array_key_exists('Via', $package['headers_mixed']) || array_key_exists('Max-Forwards', $package['headers_mixed']) || array_key_exists('X-Forwarded-For', $package['headers_mixed']) || array_key_exists('Client-Ip', $package['headers_mixed'])) {
-		return 'd60b87c7';
-	}
-
-	// Fake WordPress trackbacks
-	// Real ones do not contain Accept:, and have a charset defined
-	// Real WP trackbacks may contain Accept: depending on the HTTP
-	// transport being used by the sending host
-	if (strpos($package['headers_mixed']['User-Agent'], "WordPress/") !== FALSE) {
-		if (strpos($package['headers_mixed']['Content-Type'], "charset=") === FALSE) {
-			return 'e3990b47';
-		}
-	}
-	return false;
-}
-
-// All tests which apply specifically to POST requests
-function bb2_post($settings, $package)
-{
-	// Check blackhole lists for known spam/malicious activity
-	// require_once(BB2_CORE . "/blackhole.inc.php");
-	// if ($r = bb2_blackhole($package)) return $r;
-
-	// MovableType needs specialized screening
-	if (stripos($package['headers_mixed']['User-Agent'], "MovableType") !== FALSE) {
-		if (strcmp($package['headers_mixed']['Range'], "bytes=0-99999")) {
-			return "7d12528e";
-		}
-	}
-
-	// Trackbacks need special screening
-	$request_entity = $package['request_entity'];
-	if (isset($request_entity['title']) && isset($request_entity['url']) && isset($request_entity['blog_name'])) {
-		return bb2_trackback($package);
-	}
-
-	// Catch a few completely broken spambots
-	foreach ($request_entity as $key => $value) {
-		$pos = strpos($key, "	document.write");
-		if ($pos !== FALSE) {
-			return "dfd9b1ad";
-		}
-	}
-
-	// If Referer exists, it should refer to a page on our site
-	if (!$settings['offsite_forms'] && array_key_exists('Referer', $package['headers_mixed'])) {
-		$url = parse_url($package['headers_mixed']['Referer']);
-		$url['host'] = preg_replace('|^www\.|', '', $url['host']);
-		$host = preg_replace('|^www\.|', '', $package['headers_mixed']['Host']);
-		# Strip port
-		$host = preg_replace('|:\d+$|', '', $host);
-		if (strcasecmp($host, $url['host'])) {
-			return "cd361abb";
-		}
-	}
-
-	// Screen by cookie/JavaScript form add
-	if (isset($_COOKIE[BB2_COOKIE]) && !$settings['eu_cookie']) {
-		$screener1 = explode(" ", $_COOKIE[BB2_COOKIE]);
-	} else {
-		$screener1 = array(0);
-	}
-	if (isset($_POST[BB2_COOKIE])) {
-		$screener2 = explode(" ", $_POST[BB2_COOKIE]);
-	} else {
-		$screener2 = array(0);
-	}
-	$screener = max($screener1[0], $screener2[0]);
-
-	if ($screener > 0) {
-		// Posting too fast? 5 sec
-		// FIXME: even 5 sec is too intrusive
-		// if ($screener + 5 > time())
-		//	return "408d7e72";
-		// Posting too slow? 48 hr
-		if ($screener + 172800 < time())
-			return "b40c8ddc";
-
-		// Screen by IP address
-		$ip = ip2long($package['ip']);
-		$ip_screener = ip2long($screener[1]);
-//		FIXME: This is b0rked, but why?
-//		if ($ip && $ip_screener && abs($ip_screener - $ip) > 256)
-//			return "c1fa729b";
-
-		if (!empty($package['headers_mixed']['X-Forwarded-For'])) {
-			$ip = $package['headers_mixed']['X-Forwarded-For'];
-		}
-		// Screen for user agent changes
-		// User connected previously with blank user agent
-//		$q = bb2_db_query("SELECT `ip` FROM " . $settings['log_table'] . " WHERE (`ip` = '" . $package['ip'] . "' OR `ip` = '" . $screener[1] . "') AND `user_agent` != '" . $package['user_agent'] . "' AND `date` > DATE_SUB('" . bb2_db_date() . "', INTERVAL 5 MINUTE)");
-		// Damnit, too many ways for this to fail :(
-//		if ($q !== FALSE && $q != NULL && bb2_db_num_rows($q) > 0)
-//			return "799165c2";
-	}
-
-	return false;
-}

modules/bad-behavior/bad-behavior/responses.inc.php

@@ -1,52 +0,0 @@
-<?php if (!defined('BB2_CORE')) die('I said no cheating!');
-
-// Defines the responses which Bad Behavior might return.
-
-function bb2_get_response($key) {
-	$bb2_responses = array(
-		'00000000' => array('response' => 200, 'explanation' => '', 'log' => 'Permitted'),
-		'136673cd' => array('response' => 403, 'explanation' => 'Your Internet Protocol address is listed on a blacklist of addresses involved in malicious or illegal activity. See the listing below for more details on specific blacklists and removal procedures.', 'log' => 'IP address found on external blacklist'),
-		'17566707' => array('response' => 403, 'explanation' => 'An invalid request was received from your browser. This may be caused by a malfunctioning proxy server or browser privacy software.', 'log' => 'Required header \'Accept\' missing'),
-		'17f4e8c8' => array('response' => 403, 'explanation' => 'You do not have permission to access this server.', 'log' => 'User-Agent was found on blacklist'),
-		'21f11d3f' => array('response' => 403, 'explanation' => 'An invalid request was received. You claimed to be a mobile Web device, but you do not actually appear to be a mobile Web device.', 'log' => 'User-Agent claimed to be AvantGo, claim appears false'),
-		'2b021b1f' => array('response' => 403, 'explanation' => 'You do not have permission to access this server. Before trying again, run anti-virus and anti-spyware software and remove any viruses and spyware from your computer.', 'log' => 'IP address found on http:BL blacklist'),
-		'2b90f772' => array('response' => 403, 'explanation' => 'You do not have permission to access this server. If you are using the Opera browser, then Opera must appear in your user agent.', 'log' => 'Connection: TE present, not supported by MSIE'),
-		'35ea7ffa' => array('response' => 403, 'explanation' => 'You do not have permission to access this server. Check your browser\'s language and locale settings.', 'log' => 'Invalid language specified'),
-		'408d7e72' => array('response' => 403, 'explanation' => 'You do not have permission to access this server. Before trying again, run anti-virus and anti-spyware software and remove any viruses and spyware from your computer.', 'log' => 'POST comes too quickly after GET'),
-		'41feed15' => array('response' => 400, 'explanation' => 'An invalid request was received. This may be caused by a malfunctioning proxy server. Bypass the proxy server and connect directly, or contact your proxy server administrator.', 'log' => 'Header \'Pragma\' without \'Cache-Control\' prohibited for HTTP/1.1 requests'),
-		'45b35e30' => array('response' => 400, 'explanation' => 'An invalid request was received from your browser. This may be caused by a malfunctioning proxy server or browser privacy software.', 'log' => 'Header \'Referer\' is corrupt'),
-		'57796684' => array('response' => 403, 'explanation' => 'You do not have permission to access this server. Before trying again, run anti-virus and anti-spyware software and remove any viruses and spyware from your computer.', 'log' => 'Prohibited header \'X-Aaaaaaaaaa\' or \'X-Aaaaaaaaaaaa\' present'),
-		'582ec5e4' => array('response' => 400, 'explanation' => 'An invalid request was received. If you are using a proxy server, bypass the proxy server or contact your proxy server administrator. This may also be caused by a bug in the Opera web browser.', 'log' => '"Header \'TE\' present but TE not specified in \'Connection\' header'),
-		'69920ee5' => array('response' => 400, 'explanation' => 'An invalid request was received from your browser. This may be caused by a malfunctioning proxy server or browser privacy software.', 'log' => 'Header \'Referer\' present but blank'),
-		'6c502ff1' => array('response' => 403, 'explanation' => 'You do not have permission to access this server.', 'log' => 'Bot not fully compliant with RFC 2965'),
-		'70e45496' => array('response' => 403, 'explanation' => 'You do not have permission to access this server.', 'log' => 'User agent claimed to be CloudFlare, claim appears false'),
-		'71436a15' => array('response' => 403, 'explanation' => 'An invalid request was received. You claimed to be a major search engine, but you do not appear to actually be a major search engine.', 'log' => 'User-Agent claimed to be Yahoo, claim appears to be false'),
-		'799165c2' => array('response' => 403, 'explanation' => 'You do not have permission to access this server.', 'log' => 'Rotating user-agents detected'),
-		'7a06532b' => array('response' => 400, 'explanation' => 'An invalid request was received from your browser. This may be caused by a malfunctioning proxy server or browser privacy software.', 'log' => 'Required header \'Accept-Encoding\' missing'),
-		'7ad04a8a' => array('response' => 400, 'explanation' => 'The automated program you are using is not permitted to access this server. Please use a different program or a standard Web browser.', 'log' => 'Prohibited header \'Range\' present'),
-		'7d12528e' => array('response' => 403, 'explanation' => 'You do not have permission to access this server.', 'log' => 'Prohibited header \'Range\' or \'Content-Range\' in POST request'),
-		'939a6fbb' => array('response' => 403, 'explanation' => 'The proxy server you are using is not permitted to access this server. Please bypass the proxy server, or contact your proxy server administrator.', 'log' => 'Banned proxy server in use'),
-		'96c0bd29' => array('response' => 403, 'explanation' => 'You do not have permission to access this server.', 'log' => 'URL pattern found on blacklist'),
-		'9c9e4979' => array('response' => 403, 'explanation' => 'The proxy server you are using is not permitted to access this server. Please bypass the proxy server, or contact your proxy server administrator.', 'log' => 'Prohibited header \'via\' present'),
-		'a0105122' => array('response' => 417, 'explanation' => 'Expectation failed. Please retry your request.', 'log' => 'Header \'Expect\' prohibited; resend without Expect'),
-		'a1084bad' => array('response' => 403, 'explanation' => 'You do not have permission to access this server.', 'log' => 'User-Agent claimed to be MSIE, with invalid Windows version'),
-		'a52f0448' => array('response' => 400, 'explanation' => 'An invalid request was received.  This may be caused by a malfunctioning proxy server or browser privacy software. If you are using a proxy server, bypass the proxy server or contact your proxy server administrator.', 'log' => 'Header \'Connection\' contains invalid values'),
-		'b0924802' => array('response' => 400, 'explanation' => 'An invalid request was received. This may be caused by malicious software on your computer.', 'log' => 'Incorrect form of HTTP/1.0 Keep-Alive'),
-		'b40c8ddc' => array('response' => 403, 'explanation' => 'You do not have permission to access this server. Before trying again, close your browser, run anti-virus and anti-spyware software and remove any viruses and spyware from your computer.', 'log' => 'POST more than two days after GET'),
-		'b7830251' => array('response' => 400, 'explanation' => 'Your proxy server sent an invalid request. Please contact the proxy server administrator to have this problem fixed.', 'log' => 'Prohibited header \'Proxy-Connection\' present'),
-		'b9cc1d86' => array('response' => 403, 'explanation' => 'The proxy server you are using is not permitted to access this server. Please bypass the proxy server, or contact your proxy server administrator.', 'log' => 'Prohibited header \'X-Aaaaaaaaaa\' or \'X-Aaaaaaaaaaaa\' present'),
-		'c1fa729b' => array('response' => 403, 'explanation' => 'You do not have permission to access this server. Before trying again, run anti-virus and anti-spyware software and remove any viruses and spyware from your computer.', 'log' => 'Use of rotating proxy servers detected'),
-		'cd361abb' => array('response' => 403, 'explanation' => 'You do not have permission to access this server. Data may not be posted from offsite forms.', 'log' => 'Referer did not point to a form on this site'),
-		'd60b87c7' => array('response' => 403, 'explanation' => 'You do not have permission to access this server. Before trying again, please remove any viruses or spyware from your computer.', 'log' => 'Trackback received via proxy server'),
-		'dfd9b1ad' => array('response' => 403, 'explanation' => 'You do not have permission to access this server.', 'log' => 'Request contained a malicious JavaScript or SQL injection attack'),
-		'e3990b47' => array('response' => 403, 'explanation' => 'You do not have permission to access this server. Before trying again, please remove any viruses or spyware from your computer.', 'log' => 'Obviously fake trackback received'),
-		'e4de0453' => array('response' => 403, 'explanation' => 'An invalid request was received. You claimed to be a major search engine, but you do not appear to actually be a major search engine.', 'log' => 'User-Agent claimed to be msnbot, claim appears to be false'),
-		'e87553e1' => array('response' => 403, 'explanation' => 'You do not have permission to access this server.', 'log' => 'I know you and I don\'t like you, dirty spammer.'),
-		'f0dcb3fd' => array('response' => 403, 'explanation' => 'You do not have permission to access this server. Before trying again, run anti-virus and anti-spyware software and remove any viruses and spyware from your computer.', 'log' => 'Web browser attempted to send a trackback'),
-		'f1182195' => array('response' => 403, 'explanation' => 'An invalid request was received. You claimed to be a major search engine, but you do not appear to actually be a major search engine.', 'log' => 'User-Agent claimed to be Googlebot, claim appears to be false.'),
-		'f9f2b8b9' => array('response' => 403, 'explanation' => 'You do not have permission to access this server. This may be caused by a malfunctioning proxy server or browser privacy software.', 'log' => 'A User-Agent is required but none was provided.'),
-	);
-
-	if (array_key_exists($key, $bb2_responses)) return $bb2_responses[$key];
-	return array('00000000');
-}

modules/bad-behavior/bad-behavior/roundtripdns.inc.php

@@ -1,20 +0,0 @@
-<?php if (!defined('BB2_CORE')) die("I said no cheating!");
-
-# Round trip DNS verification
-
-# Returns TRUE if DNS matches; FALSE on mismatch
-# Returns $ip if an error occurs
-# TODO: Not IPv6 safe
-# FIXME: Returns false on DNS server failure; PHP provides no distinction
-# between no records and error condition
-function bb2_roundtripdns($ip,$domain)
-{
-	if (@is_ipv6($ip)) return $ip;
-
-	$host = gethostbyaddr($ip);
-	$host_result = strpos(strrev($host), strrev($domain));
-	if ($host_result === false || $host_result > 0) return false;
-	$addrs = gethostbynamel($host);
-	if (in_array($ip, $addrs)) return true;
-	return false;
-}

modules/bad-behavior/bad-behavior/screener.inc.php

@@ -1,67 +0,0 @@
-<?php if (!defined('BB2_CWD')) die("I said no cheating!");
-
-// Bad Behavior browser screener
-
-function bb2_screener_cookie($settings, $package, $cookie_name, $cookie_value)
-{
-	if ($settings['eu_cookie']) {
-		// Delete existing cookie, if any
-		setcookie($cookie_name, $cookie_value, 1, bb2_relative_path());
-	} else {
-		// Set session cookie
-		setcookie($cookie_name, $cookie_value, 0, bb2_relative_path());
-	}
-}
-
-function bb2_screener_javascript($settings, $package, $cookie_name, $cookie_value)
-{
-	global $bb2_javascript;
-
-	// FIXME: do something
-	$bb2_javascript = "<script type=\"text/javascript\">
-<!--
-function bb2_addLoadEvent(func) {
-	var oldonload = window.onload;
-	if (typeof window.onload != 'function') {
-		window.onload = func;
-	} else {
-		window.onload = function() {
-			oldonload();
-			func();
-		}
-	}
-}
-
-bb2_addLoadEvent(function() {
-	for ( i=0; i < document.forms.length; i++ ) {
-		if (document.forms[i].method == 'post') {
-			var myElement = document.createElement('input');
-			myElement.setAttribute('type', 'hidden');
-			myElement.name = '$cookie_name';
-			myElement.value = '$cookie_value';
-			document.forms[i].appendChild(myElement);
-		}
-	}
-});
-// --></script>
-		";
-}
-
-function bb2_screener($settings, $package)
-{
-	$cookie_name = BB2_COOKIE;
-
-	// Set up a simple cookie
-	$screener = array(time(), $package['ip']);
-	if (isset($package['headers_mixed']['X-Forwarded-For'])) {
-		array_push($screener, $package['headers_mixed']['X-Forwarded-For']);
-	}
-	if (isset($package['headers_mixed']['Client-Ip'])) {
-		array_push($screener, $package['headers_mixed']['Client-Ip']);
-	}
-
-	$cookie_value = implode(" ", $screener);
-
-	bb2_screener_cookie($settings, $package, BB2_COOKIE, $cookie_value);
-	bb2_screener_javascript($settings, $package, BB2_COOKIE, $cookie_value);
-}

modules/bad-behavior/bad-behavior/searchengine.inc.php

@@ -1,62 +0,0 @@
-<?php if (!defined('BB2_CORE')) die('I said no cheating!');
-
-require_once(BB2_CORE . "/roundtripdns.inc.php");
-
-// Analyze user agents claiming to be Googlebot
-
-function bb2_google($package)
-{
-	if (@is_ipv6($package['ip'])) return false;	# TODO
-	if (match_cidr($package['ip'], array("66.249.64.0/19", "64.233.160.0/19", "72.14.192.0/18", "203.208.32.0/19", "74.125.0.0/16", "216.239.32.0/19", "209.85.128.0/17")) === FALSE) {
-		return false;	# Soft fail, must pass other screening
-		#return "f1182195";	# Hard fail
-	}
-#	Disabled due to http://bugs.php.net/bug.php?id=53092
-#	if (!bb2_roundtripdns($package['ip'], "googlebot.com")) {
-#		return "f1182195";
-#	}
-	return 1;	# Real Googlebot; bypass all other checks
-}
-
-// Analyze user agents claiming to be msnbot
-
-function bb2_msnbot($package)
-{
-	if (@is_ipv6($package['ip'])) return false;	# TODO
-	if (match_cidr($package['ip'], array("207.46.0.0/16", "65.52.0.0/14", "207.68.128.0/18", "207.68.192.0/20", "64.4.0.0/18", "157.54.0.0/15", "157.60.0.0/16", "157.56.0.0/14", "131.253.21.0/24", "131.253.22.0/23", "131.253.24.0/21", "131.253.32.0/20", "40.76.0.0/14")) === FALSE) {
-		return false;	# Soft fail, must pass other screening
-		#return "e4de0453";	# Hard fail
-	}
-#	Disabled due to http://bugs.php.net/bug.php?id=53092
-#	if (!bb2_roundtripdns($package['ip'], "msn.com")) {
-#		return "e4de0453";
-#	}
-	return 1;	# Real msnbot; bypass all other checks
-}
-
-// Analyze user agents claiming to be Yahoo!
-
-function bb2_yahoo($package)
-{
-	if (@is_ipv6($package['ip'])) return false;	# TODO
-	if (match_cidr($package['ip'], array("202.160.176.0/20", "67.195.0.0/16", "203.209.252.0/24", "72.30.0.0/16", "98.136.0.0/14", "74.6.0.0/16")) === FALSE) {
-		return false;	# Soft fail, must pass other screening
-		#return '71436a15';	# Hard fail
-	}
-#	Disabled due to http://bugs.php.net/bug.php?id=53092
-#	if (!bb2_roundtripdns($package['ip'], "crawl.yahoo.net")) {
-#		return "71436a15";
-#	}
-	return 1;	# Real Yahoo bot; bypass all other checks
-}
-
-// Analyze user agents claiming to be Baidu
-
-function bb2_baidu($package)
-{
-	if (@is_ipv6($package['ip'])) return false;	# TODO
-	if (match_cidr($package['ip'], array("119.63.192.0/21", "123.125.71.0/24", "180.76.0.0/16", "220.181.0.0/16")) === FALSE) {
-		return false;	# Soft fail, must pass other screening
-	}
-	return 1;	# Real Baidu bot; bypass all other checks
-}

modules/bad-behavior/bad-behavior/whitelist.inc.php

@@ -1,34 +0,0 @@
-<?php if (!defined('BB2_CORE')) die('I said no cheating!');
-
-function bb2_run_whitelist($package)
-{
-	# FIXME: Transitional, until port maintainters implement bb2_read_whitelist
-	if (function_exists('bb2_read_whitelist')) {
-		$whitelists = bb2_read_whitelist();
-	} else {
-		$whitelists = @parse_ini_file(dirname(BB2_CORE) . "/whitelist.ini");
-	}
-
-	if (@!empty($whitelists['ip'])) {
-		foreach (array_filter($whitelists['ip']) as $range) {
-			if (match_cidr($package['ip'], $range)) return true;
-		}
-	}
-	if (@!empty($whitelists['useragent'])) {
-		foreach (array_filter($whitelists['useragent']) as $user_agent) {
-			if (!strcmp($package['headers_mixed']['User-Agent'], $user_agent)) return true;
-		}
-	}
-	if (@!empty($whitelists['url'])) {
-		if (strpos($package['request_uri'], "?") === FALSE) {
-			$request_uri = $package['request_uri'];
-		} else {
-			$request_uri = substr($package['request_uri'], 0, strpos($package['request_uri'], "?"));
-		}
-		foreach (array_filter($whitelists['url']) as $url) {
-			$pos = strpos($request_uri, $url);
-			if ($pos !== false && $pos == 0) return true;
-		}
-	}
-	return false;
-}

modules/bad-behavior/index.html

@@ -1 +0,0 @@
-Viewing directory contents is not permitted.

modules/captcha/captcha.php

@@ -19,126 +19,110 @@
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.        *
 *******************************************************************************/
 
-class Captcha
- {
-  function check_captcha($code,$entered_code)
-   {
-    if(strtolower($entered_code) == strtolower($code)) return true;
-    else return false;
-   }
+class Captcha {
+	function check_captcha($code, $entered_code) {
+		if (strtolower($entered_code) == strtolower($code)) return true;
+		else return false;
+	}
 
-  function generate_code($letters='abcdefhjkmnpqrstuvwxyz234568')
-   {
-    mt_srand((double)microtime()*1000000);
-    $code='';
-    for($i=0;$i<5;$i++)
-     {
-      $code.=substr($letters,mt_rand(0,strlen($letters)-1),1);
-     }
-    return $code;
-   }
+	function generate_code($letters = 'abcdefhjkmnpqrstuvwxyz234568') {
+		mt_srand((double)microtime()*1000000);
+		$code = '';
+		for ($i = 0; $i < 5; $i++) {
+			$code .= substr($letters, mt_rand(0, strlen($letters) -1), 1);
+		}
+		return $code;
+	}
 
-  function generate_image($code,$backgrounds_folder='',$fonts_folder='')
-   {
-    $font_size = 23;
-    $font_pos_x = 10;
-    $font_pos_y = 30;
+	function generate_image($code, $backgrounds_folder = '', $fonts_folder = '') {
+		$font_size = 23;
+		$font_pos_x = 10;
+		$font_pos_y = 30;
 
-    // get background images:
-    if($backgrounds_folder!='')
-     {
-      $handle=opendir($backgrounds_folder);
-      while ($file = readdir($handle))
-       {
-        if(preg_match('/\.png$/i', $file) || preg_match('/\.gif$/i', $file) || preg_match('/\.jpg$/i', $file)) $backgrounds[] = $file;
-       }
-      closedir($handle);
-     }
+		// get background images:
+		if ($backgrounds_folder != '') {
+			$handle = opendir($backgrounds_folder);
+			while ($file = readdir($handle)) {
+				if (preg_match('/\.png$/i', $file) || preg_match('/\.gif$/i', $file) || preg_match('/\.jpg$/i', $file)) $backgrounds[] = $file;
+			}
+			closedir($handle);
+		}
 
-    // get fonts:
-    if($fonts_folder!='')
-     {
-      $handle=opendir($fonts_folder);
-      while($file = readdir($handle))
-       {
-        if(preg_match('/\.ttf$/i', $file)) $fonts[] = $file;
-       }
-      closedir($handle);
-     }
+		// get fonts:
+		if ($fonts_folder != '') {
+			$handle = opendir($fonts_folder);
+			while ($file = readdir($handle)) {
+				if (preg_match('/\.ttf$/i', $file)) $fonts[] = $file;
+			}
+			closedir($handle);
+		}
 
-    // split code into chars:
-    $code_length = strlen($code);
-      for($i=0;$i<$code_length;$i++)
-       {
-        $code_chars_array[] = substr($code,$i,1);
-       }
+		// split code into chars:
+		$code_length = strlen($code);
+		for ($i = 0; $i < $code_length; $i++) {
+			$code_chars_array[] = substr($code, $i, 1);
+		}
 
-    // if background images are available, craete image from one of them:
-    if(isset($backgrounds))
-     {
-      $bg = $backgrounds[mt_rand(0,count($backgrounds)-1)];
-      if(preg_match('/\.png$/i', $bg)) $im = ImageCreateFromPNG($backgrounds_folder.$bg);
-      elseif(preg_match('/\.gif$/i', $bg)) $im = ImageCreateFromGIF($backgrounds_folder.$bg);
-      else $im = ImageCreateFromJPEG($backgrounds_folder.$bg);
-      if(function_exists('imagerotate') && mt_rand(0,1)==1) $im = imagerotate($im, 180, 0);
-     }
-    // if not, create an empty image:
-    else
-     {
-      $im = ImageCreate(180, 40);
-      $background_color = ImageColorAllocate ($im, 234, 234, 234);
-     }
+		// if background images are available, craete image from one of them:
+		if (isset($backgrounds)) {
+			$bg = $backgrounds[mt_rand(0,count($backgrounds)-1)];
+			if (preg_match('/\.png$/i', $bg)) $im = ImageCreateFromPNG($backgrounds_folder.$bg);
+			else if (preg_match('/\.gif$/i', $bg)) $im = ImageCreateFromGIF($backgrounds_folder.$bg);
+			else $im = ImageCreateFromJPEG($backgrounds_folder.$bg);
+			if (function_exists('imageflip') && mt_rand(0, 5) % 2 == 0) {
+				$flipConsts = [IMG_FLIP_HORIZONTAL, IMG_FLIP_VERTICAL, IMG_FLIP_BOTH];
+				$flipper = mt_rand(0, 2);
+				imageflip($im, $flipConsts[$flipper]);
+			}
+		} else {
+			// if not, create an empty image:
+ 			$im = ImageCreate(180, 40);
+			$background_color = ImageColorAllocate ($im, 234, 234, 234);
+		}
 
-    // set text color:
-    $text_color = ImageColorAllocate ($im, 0, 0, 0);
+		// set text color:
+		$text_color = ImageColorAllocate ($im, 0, 0, 0);
 
-    // use fonts, if available:
-    if(isset($fonts))
-     {
-      foreach($code_chars_array as $char)
-       {
-        $angle = intval(rand((30 * -1), 30));
-        ImageTTFText($im, $font_size, $angle, $font_pos_x, $font_pos_y, $text_color, $fonts_folder.$fonts[mt_rand(0,count($fonts)-1)],$char);
-        $font_pos_x=$font_pos_x+($font_size+13);
-       }
-     }
-    // if not, use internal font:
-    else
-     {
-      ImageString($im, 5, 30, 10, $code, $text_color);
-     }
-    header("Expires: Expires: Sat, 20 Oct 2007 00:00:00 GMT");
-    header("Cache-Control: max-age=0");
-    header("Content-type: image/png");
-    ImagePNG($im);
-    exit();
-   }
+		// use fonts, if available:
+		if (isset($fonts)) {
+			foreach ($code_chars_array as $char) {
+				$angle = intval(rand((30 * -1), 30));
+				ImageTTFText($im, $font_size, $angle, $font_pos_x, $font_pos_y, $text_color, $fonts_folder.$fonts[mt_rand(0, count($fonts) -1)], $char);
+				$font_pos_x = $font_pos_x + ($font_size + 13);
+			}
+		} else {
+			// if not, use internal font:
+			ImageString($im, 5, 30, 10, $code, $text_color);
+		}
+		header("Expires: Expires: Sat, 20 Oct 2007 00:00:00 GMT");
+		header("Cache-Control: max-age=0");
+		header("Content-type: image/png");
+		ImagePNG($im);
+		exit();
+	}
 
-  function generate_dummy_image()
-   {
-    $im = @ImageCreate(180, 40);
-    $background_color = ImageColorAllocate ($im, 234, 234, 234);
-    $text_color = ImageColorAllocate ($im, 0, 0, 0);
-    #ImageString($im, 3, 7, 4, 'CAPTCHA not available', $text_color);
-    header("Expires: Expires: Sat, 20 Oct 2007 00:00:00 GMT");
-    header("Cache-Control: max-age=0");
-    header("Content-type: image/png");
-    ImagePNG($im);
-   }
+	function generate_dummy_image() {
+		$im = @ImageCreate(180, 40);
+		$background_color = ImageColorAllocate ($im, 234, 234, 234);
+		$text_color = ImageColorAllocate ($im, 0, 0, 0);
+		//ImageString($im, 3, 7, 4, 'CAPTCHA not available', $text_color);
+		header("Expires: Expires: Sat, 20 Oct 2007 00:00:00 GMT");
+		header("Cache-Control: max-age=0");
+		header("Content-type: image/png");
+		ImagePNG($im);
+	}
 
-  // for math CAPTCHA:
-  function generate_math_captcha($number1from=1,$number1to=10,$number2from=0,$number2to=10)
-   {
-    $number[0] = rand($number1from,$number1to);
-    $number[1] = rand($number2from,$number2to);
-    $number[2] = $number[0] + $number[1];
-    return $number;
-   }
+	// for math CAPTCHA:
+	function generate_math_captcha($number1from = 1, $number1to = 10, $number2from = 0, $number2to = 10) {
+		$number[0] = rand($number1from, $number1to);
+		$number[1] = rand($number2from, $number2to);
+		$number[2] = $number[0] + $number[1];
+		return $number;
+	}
 
-  function check_math_captcha($result, $entered_result)
-   {
-    if(intval($result) == intval($entered_result)) return true;
-    else return false;
-   }
- }
+	function check_math_captcha($result, $entered_result) {
+		if (intval($result) == intval($entered_result)) return true;
+		else return false;
+	}
+}
 ?>

modules/captcha/captcha_image.php

@@ -1,14 +1,12 @@
 <?php
-ini_set('error_reporting','E_ALL');
+// ini_set('error_reporting', 'E_ALL');
+session_set_cookie_params(['samesite' => 'strict']);
 session_start();
 require('captcha.php');
 $captcha = new Captcha();
-if(isset($_SESSION['captcha_session']))
- {
-  $captcha->generate_image($_SESSION['captcha_session'],'backgrounds/','fonts/');
- }
-else
- {
-  $captcha->generate_dummy_image();
- }
+if (isset($_SESSION['captcha_session'])) {
+	$captcha->generate_image($_SESSION['captcha_session'], 'backgrounds/', 'fonts/');
+} else {
+	$captcha->generate_dummy_image();
+}
 ?>

modules/geshi/geshi/html.php

@@ -1,13 +1,13 @@
 <?php
 /*************************************************************************************
- * html4strict.php
+ * html5.php
  * ---------------
  * Author: Nigel McNie (nigel@geshi.org)
  * Copyright: (c) 2004 Nigel McNie (http://qbnz.com/highlighter/)
- * Release Version: 1.0.8.11
+ * Release Version: 1.0.9.0
  * Date Started: 2004/07/10
  *
- * HTML 4.01 strict language file for GeSHi.
+ * HTML 5 language file for GeSHi.
  *
  * CHANGES
  * -------
@@ -50,7 +50,7 @@
  ************************************************************************************/
 
 $language_data = array (
-    'LANG_NAME' => 'HTML',
+    'LANG_NAME' => 'HTML5',
     'COMMENT_SINGLE' => array(),
     'COMMENT_MULTI' => array(),
     'CASE_KEYWORDS' => GESHI_CAPS_NO_CHANGE,
@@ -58,42 +58,64 @@ $language_data = array (
     'ESCAPE_CHAR' => '',
     'KEYWORDS' => array(
         2 => array(
-            'a', 'abbr', 'acronym', 'address', 'applet', 'area',
-            'base', 'basefont', 'bdo', 'big', 'blockquote', 'body', 'br', 'button', 'b',
-            'caption', 'center', 'cite', 'code', 'colgroup', 'col',
-            'dd', 'del', 'dfn', 'dir', 'div', 'dl', 'dt',
-            'em',
-            'fieldset', 'font', 'form', 'frame', 'frameset',
-            'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'head', 'hr', 'html',
+            'a', 'abbr', 'address', 'article', 'area', 'aside', 'audio',
+
+            'base', 'bdo', 'blockquote', 'body', 'br', 'button', 'b',
+
+            'caption', 'cite', 'code', 'colgroup', 'col', 'canvas', 'command', 'datalist', 'details',
+
+            'dd', 'del', 'dfn', 'div', 'dl', 'dt',
+
+            'em', 'embed',
+
+            'fieldset', 'form', 'figcaption', 'figure', 'footer',
+
+            'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'head', 'hr', 'html', 'header', 'hgroup',
+
             'iframe', 'ilayer', 'img', 'input', 'ins', 'isindex', 'i',
-            'kbd',
+
+            'kbd', 'keygen',
+
             'label', 'legend', 'link', 'li',
-            'map', 'meta',
-            'noframes', 'noscript',
-            'object', 'ol', 'optgroup', 'option',
-            'param', 'pre', 'p',
+
+            'map', 'meta', 'mark', 'meter',
+
+            'noscript', 'nav',
+
+            'object', 'ol', 'optgroup', 'option', 'output',
+
+            'param', 'pre', 'p', 'progress',
+
             'q',
-            'samp', 'script', 'select', 'small', 'span', 'strike', 'strong', 'style', 'sub', 'sup', 's',
-            'table', 'tbody', 'td', 'textarea', 'text', 'tfoot', 'thead', 'th', 'title', 'tr', 'tt',
-            'ul', 'u',
-            'var',
+
+            'rp', 'rt', 'ruby',
+
+            'samp', 'script', 'select', 'small', 'span', 'strong', 'style', 'sub', 'sup', 's', 'section', 'source', 'summary',
+
+            'table', 'tbody', 'td', 'textarea', 'text', 'tfoot', 'thead', 'th', 'title', 'tr', 'time',
+
+            'ul',
+
+            'var', 'video',
+
+            'wbr',
             ),
         3 => array(
-            'abbr', 'accept-charset', 'accept', 'accesskey', 'action', 'align', 'alink', 'alt', 'archive', 'axis',
+            'abbr', 'accept-charset', 'accept', 'accesskey', 'action', 'align', 'alink', 'alt', 'archive', 'axis', 'autocomplete', 'autofocus',
             'background', 'bgcolor', 'border',
-            'cellpadding', 'cellspacing', 'char', 'charoff', 'charset', 'checked', 'cite', 'class', 'classid', 'clear', 'code', 'codebase', 'codetype', 'color', 'cols', 'colspan', 'compact', 'content', 'coords',
-            'data', 'datetime', 'declare', 'defer', 'dir', 'disabled',
+            'cellpadding', 'cellspacing', 'char', 'charoff', 'charset', 'checked', 'cite', 'class', 'classid', 'clear', 'code', 'codebase', 'codetype', 'color', 'cols', 'colspan', 'compact', 'content', 'coords', 'contenteditable', 'contextmenu',
+            'data', 'datetime', 'declare', 'defer', 'dir', 'disabled', 'draggable', 'dropzone',
             'enctype',
-            'face', 'for', 'frame', 'frameborder',
-            'headers', 'height', 'href', 'hreflang', 'hspace', 'http-equiv',
+            'face', 'for', 'frame', 'frameborder', 'form', 'formaction', 'formenctype', 'formmethod', 'formnovalidate', 'formtarget',
+            'headers', 'height', 'href', 'hreflang', 'hspace', 'http-equiv', 'hidden',
             'id', 'ismap',
             'label', 'lang', 'language', 'link', 'longdesc',
-            'marginheight', 'marginwidth', 'maxlength', 'media', 'method', 'multiple',
-            'name', 'nohref', 'noresize', 'noshade', 'nowrap',
-            'object', 'onblur', 'onchange', 'onclick', 'ondblclick', 'onfocus', 'onkeydown', 'onkeypress', 'onkeyup', 'onload', 'onmousedown', 'onmousemove', 'onmouseout', 'onmouseover', 'onmouseup', 'onreset', 'onselect', 'onsubmit', 'onunload',
-            'profile', 'prompt',
-            'readonly', 'rel', 'rev', 'rowspan', 'rows', 'rules',
-            'scheme', 'scope', 'scrolling', 'selected', 'shape', 'size', 'span', 'src', 'standby', 'start', 'style', 'summary',
+            'marginheight', 'marginwidth', 'maxlength', 'media', 'method', 'multiple', 'min', 'max',
+            'name', 'nohref', 'noresize', 'noshade', 'nowrap', 'novalidate',
+            'object', 'onblur', 'onchange', 'onclick', 'ondblclick', 'onfocus', 'onkeydown', 'onkeypress', 'onkeyup', 'onload', 'onmousedown', 'onmousemove', 'onmouseout', 'onmouseover', 'onmouseup', 'onselect', 'onsubmit', 'onunload', 'onafterprint', 'onbeforeprint', 'onbeforeonload', 'onerror', 'onhaschange', 'onmessage', 'onoffline', 'ononline', 'onpagehide', 'onpageshow', 'onpopstate', 'onredo', 'onresize', 'onstorage', 'onundo', 'oncontextmenu', 'onformchange', 'onforminput', 'oninput', 'oninvalid', 'ondrag', 'ondragend', 'ondragenter', 'ondragleave', 'ondragover', 'ondragstart', 'ondrop', 'onmousewheel', 'onscroll', 'oncanplay', 'oncanplaythrough', 'ondurationchange', 'onemptied', 'onended', 'onloadeddata', 'onloadedmetadata', 'onloadstart', 'onpause', 'onplay', 'onplaying', 'onprogress', 'onratechange', 'onreadystatechange', 'onseeked', 'onseeking', 'onstalled', 'onsuspend', 'ontimeupdate', 'onvolumechange', 'onwaiting',
+            'profile', 'prompt', 'pattern', 'placeholder',
+            'readonly', 'rel', 'rev', 'rowspan', 'rows', 'rules', 'required',
+            'scheme', 'scope', 'scrolling', 'selected', 'shape', 'size', 'span', 'src', 'standby', 'start', 'style', 'summary', 'spellcheck', 'step',
             'tabindex', 'target', 'text', 'title', 'type',
             'usemap',
             'valign', 'value', 'valuetype', 'version', 'vlink', 'vspace',
@@ -186,5 +208,3 @@ $language_data = array (
         )
     )
 );
-
-?>

modules/geshi/geshi/javascript.php

@@ -4,7 +4,7 @@
  * --------------
  * Author: Ben Keen (ben.keen@gmail.com)
  * Copyright: (c) 2004 Ben Keen (ben.keen@gmail.com), Nigel McNie (http://qbnz.com/highlighter)
- * Release Version: 1.0.8.11
+ * Release Version: 1.0.9.0
  * Date Started: 2004/06/20
  *
  * JavaScript language file for GeSHi.
@@ -170,5 +170,3 @@ $language_data = array (
         1 => true
         )
 );
-
-?>

modules/geshi/geshi/perl.php

@@ -4,7 +4,7 @@
  * --------
  * Author: Andreas Gohr (andi@splitbrain.org), Ben Keen (ben.keen@gmail.com)
  * Copyright: (c) 2004 Andreas Gohr, Ben Keen (http://www.benjaminkeen.org/), Nigel McNie (http://qbnz.com/highlighter/)
- * Release Version: 1.0.8.11
+ * Release Version: 1.0.9.0
  * Date Started: 2004/08/20
  *
  * Perl language file for GeSHi.
@@ -209,5 +209,3 @@ $language_data = array (
         )
     )
 );
-
-?>

modules/geshi/geshi/php.php

@@ -4,7 +4,7 @@
  * --------
  * Author: Nigel McNie (nigel@geshi.org)
  * Copyright: (c) 2004 Nigel McNie (http://qbnz.com/highlighter/)
- * Release Version: 1.0.8.11
+ * Release Version: 1.0.9.0
  * Date Started: 2004/06/20
  *
  * PHP language file for GeSHi.
@@ -90,15 +90,15 @@ $language_data = array(
             'as','break','case','continue','default','do','else','elseif',
             'endfor','endforeach','endif','endswitch','endwhile','for',
             'foreach','if','include','include_once','require','require_once',
-            'return','switch','throw','while',
+            'return','switch','throw','while', 'yield',
 
             'echo','print'
             ),
         2 => array(
             '&new','</script>','<?php','<script language',
             'abstract','class','const','declare','extends','function','global',
-            'interface','namespace','new','private','protected','public','self',
-            'use','var'
+            'implements', 'interface','namespace','new','private','protected',
+            'public','self','trait','use','var'
             ),
         3 => array(
             'abs','acos','acosh','addcslashes','addslashes','aggregate',
@@ -1113,5 +1113,3 @@ $language_data = array(
         ),
     'TAB_WIDTH' => 4
 );
-
-?>

modules/geshi/geshi/sql.php

@@ -6,7 +6,7 @@
  * Contributors:
  *  - Jürgen Thomas (Juergen.Thomas@vs-polis.de)
  * Copyright: (c) 2004 Nigel McNie (http://qbnz.com/highlighter)
- * Release Version: 1.0.8.11
+ * Release Version: 1.0.9.0
  * Date Started: 2004/06/04
  *
  * SQL language file for GeSHi.
@@ -71,8 +71,8 @@ $language_data = array (
             'DATA', 'DATABASE', 'DATABASES', 'DATE', 'DAY', 'DEC', 'DECIMAL', 'DECLARE',
             'DEFAULT', 'DELAYED', 'DELETE', 'DESC', 'DESCRIBE', 'DISTINCT', 'DOUBLE',
             'DOMAIN', 'DROP',
-            'ELSE', 'ENCLOSED', 'END', 'ESCAPED', 'EXCEPT', 'EXEC', 'EXECUTE', 'EXISTS', 'EXP',
-            'EXPLAIN', 'EXTRACT',
+            'ELSE', 'ELSEIF', 'ENCLOSED', 'END', 'ESCAPED', 'EXCEPT', 'EXEC', 'EXECUTE', 'EXISTS',
+            'EXP', 'EXPLAIN', 'EXTRACT',
             'FALSE', 'FIELD', 'FIELDS', 'FILTER', 'FIRST', 'FLOAT', 'FLOOR', 'FLUSH', 'FOR',
             'FOREIGN', 'FROM', 'FULL', 'FUNCTION',
             'GET', 'GROUP', 'GROUPING', 'GO', 'GOTO', 'GRANT', 'GRANTED',
@@ -159,7 +159,10 @@ $language_data = array (
     'SCRIPT_DELIMITERS' => array(
         ),
     'HIGHLIGHT_STRICT_BLOCK' => array(
+        ),
+    'PARSER_CONTROL' => array(
+        'KEYWORDS' => array( //'
+            'DISALLOWED_BEFORE' => "(?<![a-zA-Z0-9\$_\.\|\#|^&])"
+            )
         )
 );
-
-?>

modules/geshi/geshi/xml.php

@@ -4,7 +4,7 @@
  * -------
  * Author: Nigel McNie (nigel@geshi.org)
  * Copyright: (c) 2004 Nigel McNie (http://qbnz.com/highlighter/)
- * Release Version: 1.0.8.11
+ * Release Version: 1.0.9.0
  * Date Started: 2004/09/01
  *
  * XML language file for GeSHi. Based on the idea/file by Christian Weiske
@@ -153,5 +153,3 @@ $language_data = array (
         )
     )
 );
-
-?>

modules/phpmailer/Exception.php

@@ -0,0 +1,40 @@
+<?php
+
+/**
+ * PHPMailer Exception class.
+ * PHP Version 5.5.
+ *
+ * @see       https://github.com/PHPMailer/PHPMailer/ The PHPMailer GitHub project
+ *
+ * @author    Marcus Bointon (Synchro/coolbru) <phpmailer@synchromedia.co.uk>
+ * @author    Jim Jagielski (jimjag) <jimjag@gmail.com>
+ * @author    Andy Prevost (codeworxtech) <codeworxtech@users.sourceforge.net>
+ * @author    Brent R. Matzelle (original founder)
+ * @copyright 2012 - 2020 Marcus Bointon
+ * @copyright 2010 - 2012 Jim Jagielski
+ * @copyright 2004 - 2009 Andy Prevost
+ * @license   http://www.gnu.org/copyleft/lesser.html GNU Lesser General Public License
+ * @note      This program is distributed in the hope that it will be useful - WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
+namespace PHPMailer\PHPMailer;
+
+/**
+ * PHPMailer exception handler.
+ *
+ * @author Marcus Bointon <phpmailer@synchromedia.co.uk>
+ */
+class Exception extends \Exception
+{
+    /**
+     * Prettify error message output.
+     *
+     * @return string
+     */
+    public function errorMessage()
+    {
+        return '<strong>' . htmlspecialchars($this->getMessage(), ENT_COMPAT | ENT_HTML401) . "</strong><br />\n";
+    }
+}

modules/phpmailer/OAuth.php

@@ -0,0 +1,139 @@
+<?php
+
+/**
+ * PHPMailer - PHP email creation and transport class.
+ * PHP Version 5.5.
+ *
+ * @see       https://github.com/PHPMailer/PHPMailer/ The PHPMailer GitHub project
+ *
+ * @author    Marcus Bointon (Synchro/coolbru) <phpmailer@synchromedia.co.uk>
+ * @author    Jim Jagielski (jimjag) <jimjag@gmail.com>
+ * @author    Andy Prevost (codeworxtech) <codeworxtech@users.sourceforge.net>
+ * @author    Brent R. Matzelle (original founder)
+ * @copyright 2012 - 2020 Marcus Bointon
+ * @copyright 2010 - 2012 Jim Jagielski
+ * @copyright 2004 - 2009 Andy Prevost
+ * @license   http://www.gnu.org/copyleft/lesser.html GNU Lesser General Public License
+ * @note      This program is distributed in the hope that it will be useful - WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
+namespace PHPMailer\PHPMailer;
+
+use League\OAuth2\Client\Grant\RefreshToken;
+use League\OAuth2\Client\Provider\AbstractProvider;
+use League\OAuth2\Client\Token\AccessToken;
+
+/**
+ * OAuth - OAuth2 authentication wrapper class.
+ * Uses the oauth2-client package from the League of Extraordinary Packages.
+ *
+ * @see     http://oauth2-client.thephpleague.com
+ *
+ * @author  Marcus Bointon (Synchro/coolbru) <phpmailer@synchromedia.co.uk>
+ */
+class OAuth implements OAuthTokenProvider
+{
+    /**
+     * An instance of the League OAuth Client Provider.
+     *
+     * @var AbstractProvider
+     */
+    protected $provider;
+
+    /**
+     * The current OAuth access token.
+     *
+     * @var AccessToken
+     */
+    protected $oauthToken;
+
+    /**
+     * The user's email address, usually used as the login ID
+     * and also the from address when sending email.
+     *
+     * @var string
+     */
+    protected $oauthUserEmail = '';
+
+    /**
+     * The client secret, generated in the app definition of the service you're connecting to.
+     *
+     * @var string
+     */
+    protected $oauthClientSecret = '';
+
+    /**
+     * The client ID, generated in the app definition of the service you're connecting to.
+     *
+     * @var string
+     */
+    protected $oauthClientId = '';
+
+    /**
+     * The refresh token, used to obtain new AccessTokens.
+     *
+     * @var string
+     */
+    protected $oauthRefreshToken = '';
+
+    /**
+     * OAuth constructor.
+     *
+     * @param array $options Associative array containing
+     *                       `provider`, `userName`, `clientSecret`, `clientId` and `refreshToken` elements
+     */
+    public function __construct($options)
+    {
+        $this->provider = $options['provider'];
+        $this->oauthUserEmail = $options['userName'];
+        $this->oauthClientSecret = $options['clientSecret'];
+        $this->oauthClientId = $options['clientId'];
+        $this->oauthRefreshToken = $options['refreshToken'];
+    }
+
+    /**
+     * Get a new RefreshToken.
+     *
+     * @return RefreshToken
+     */
+    protected function getGrant()
+    {
+        return new RefreshToken();
+    }
+
+    /**
+     * Get a new AccessToken.
+     *
+     * @return AccessToken
+     */
+    protected function getToken()
+    {
+        return $this->provider->getAccessToken(
+            $this->getGrant(),
+            ['refresh_token' => $this->oauthRefreshToken]
+        );
+    }
+
+    /**
+     * Generate a base64-encoded OAuth token.
+     *
+     * @return string
+     */
+    public function getOauth64()
+    {
+        //Get a new token if it's not available or has expired
+        if (null === $this->oauthToken || $this->oauthToken->hasExpired()) {
+            $this->oauthToken = $this->getToken();
+        }
+
+        return base64_encode(
+            'user=' .
+            $this->oauthUserEmail .
+            "\001auth=Bearer " .
+            $this->oauthToken .
+            "\001\001"
+        );
+    }
+}

modules/phpmailer/OAuthTokenProvider.php

@@ -0,0 +1,44 @@
+<?php
+
+/**
+ * PHPMailer - PHP email creation and transport class.
+ * PHP Version 5.5.
+ *
+ * @see https://github.com/PHPMailer/PHPMailer/ The PHPMailer GitHub project
+ *
+ * @author    Marcus Bointon (Synchro/coolbru) <phpmailer@synchromedia.co.uk>
+ * @author    Jim Jagielski (jimjag) <jimjag@gmail.com>
+ * @author    Andy Prevost (codeworxtech) <codeworxtech@users.sourceforge.net>
+ * @author    Brent R. Matzelle (original founder)
+ * @copyright 2012 - 2020 Marcus Bointon
+ * @copyright 2010 - 2012 Jim Jagielski
+ * @copyright 2004 - 2009 Andy Prevost
+ * @license   http://www.gnu.org/copyleft/lesser.html GNU Lesser General Public License
+ * @note      This program is distributed in the hope that it will be useful - WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
+namespace PHPMailer\PHPMailer;
+
+/**
+ * OAuthTokenProvider - OAuth2 token provider interface.
+ * Provides base64 encoded OAuth2 auth strings for SMTP authentication.
+ *
+ * @see     OAuth
+ * @see     SMTP::authenticate()
+ *
+ * @author  Peter Scopes (pdscopes)
+ * @author  Marcus Bointon (Synchro/coolbru) <phpmailer@synchromedia.co.uk>
+ */
+interface OAuthTokenProvider
+{
+    /**
+     * Generate a base64-encoded OAuth token ensuring that the access token has not expired.
+     * The string to be base 64 encoded should be in the form:
+     * "user=<user_email_address>\001auth=Bearer <access_token>\001\001"
+     *
+     * @return string
+     */
+    public function getOauth64();
+}

modules/phpmailer/POP3.php

@@ -0,0 +1,462 @@
+<?php
+
+/**
+ * PHPMailer POP-Before-SMTP Authentication Class.
+ * PHP Version 5.5.
+ *
+ * @see https://github.com/PHPMailer/PHPMailer/ The PHPMailer GitHub project
+ *
+ * @author    Marcus Bointon (Synchro/coolbru) <phpmailer@synchromedia.co.uk>
+ * @author    Jim Jagielski (jimjag) <jimjag@gmail.com>
+ * @author    Andy Prevost (codeworxtech) <codeworxtech@users.sourceforge.net>
+ * @author    Brent R. Matzelle (original founder)
+ * @copyright 2012 - 2020 Marcus Bointon
+ * @copyright 2010 - 2012 Jim Jagielski
+ * @copyright 2004 - 2009 Andy Prevost
+ * @license   http://www.gnu.org/copyleft/lesser.html GNU Lesser General Public License
+ * @note      This program is distributed in the hope that it will be useful - WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
+namespace PHPMailer\PHPMailer;
+
+/**
+ * PHPMailer POP-Before-SMTP Authentication Class.
+ * Specifically for PHPMailer to use for RFC1939 POP-before-SMTP authentication.
+ * 1) This class does not support APOP authentication.
+ * 2) Opening and closing lots of POP3 connections can be quite slow. If you need
+ *   to send a batch of emails then just perform the authentication once at the start,
+ *   and then loop through your mail sending script. Providing this process doesn't
+ *   take longer than the verification period lasts on your POP3 server, you should be fine.
+ * 3) This is really ancient technology; you should only need to use it to talk to very old systems.
+ * 4) This POP3 class is deliberately lightweight and incomplete, implementing just
+ *   enough to do authentication.
+ *   If you want a more complete class there are other POP3 classes for PHP available.
+ *
+ * @author Richard Davey (original author) <rich@corephp.co.uk>
+ * @author Marcus Bointon (Synchro/coolbru) <phpmailer@synchromedia.co.uk>
+ * @author Jim Jagielski (jimjag) <jimjag@gmail.com>
+ * @author Andy Prevost (codeworxtech) <codeworxtech@users.sourceforge.net>
+ */
+class POP3
+{
+    /**
+     * The POP3 PHPMailer Version number.
+     *
+     * @var string
+     */
+    const VERSION = '6.6.0';
+
+    /**
+     * Default POP3 port number.
+     *
+     * @var int
+     */
+    const DEFAULT_PORT = 110;
+
+    /**
+     * Default timeout in seconds.
+     *
+     * @var int
+     */
+    const DEFAULT_TIMEOUT = 30;
+
+    /**
+     * POP3 class debug output mode.
+     * Debug output level.
+     * Options:
+     * @see POP3::DEBUG_OFF: No output
+     * @see POP3::DEBUG_SERVER: Server messages, connection/server errors
+     * @see POP3::DEBUG_CLIENT: Client and Server messages, connection/server errors
+     *
+     * @var int
+     */
+    public $do_debug = self::DEBUG_OFF;
+
+    /**
+     * POP3 mail server hostname.
+     *
+     * @var string
+     */
+    public $host;
+
+    /**
+     * POP3 port number.
+     *
+     * @var int
+     */
+    public $port;
+
+    /**
+     * POP3 Timeout Value in seconds.
+     *
+     * @var int
+     */
+    public $tval;
+
+    /**
+     * POP3 username.
+     *
+     * @var string
+     */
+    public $username;
+
+    /**
+     * POP3 password.
+     *
+     * @var string
+     */
+    public $password;
+
+    /**
+     * Resource handle for the POP3 connection socket.
+     *
+     * @var resource
+     */
+    protected $pop_conn;
+
+    /**
+     * Are we connected?
+     *
+     * @var bool
+     */
+    protected $connected = false;
+
+    /**
+     * Error container.
+     *
+     * @var array
+     */
+    protected $errors = [];
+
+    /**
+     * Line break constant.
+     */
+    const LE = "\r\n";
+
+    /**
+     * Debug level for no output.
+     *
+     * @var int
+     */
+    const DEBUG_OFF = 0;
+
+    /**
+     * Debug level to show server -> client messages
+     * also shows clients connection errors or errors from server
+     *
+     * @var int
+     */
+    const DEBUG_SERVER = 1;
+
+    /**
+     * Debug level to show client -> server and server -> client messages.
+     *
+     * @var int
+     */
+    const DEBUG_CLIENT = 2;
+
+    /**
+     * Simple static wrapper for all-in-one POP before SMTP.
+     *
+     * @param string   $host        The hostname to connect to
+     * @param int|bool $port        The port number to connect to
+     * @param int|bool $timeout     The timeout value
+     * @param string   $username
+     * @param string   $password
+     * @param int      $debug_level
+     *
+     * @return bool
+     */
+    public static function popBeforeSmtp(
+        $host,
+        $port = false,
+        $timeout = false,
+        $username = '',
+        $password = '',
+        $debug_level = 0
+    ) {
+        $pop = new self();
+
+        return $pop->authorise($host, $port, $timeout, $username, $password, $debug_level);
+    }
+
+    /**
+     * Authenticate with a POP3 server.
+     * A connect, login, disconnect sequence
+     * appropriate for POP-before SMTP authorisation.
+     *
+     * @param string   $host        The hostname to connect to
+     * @param int|bool $port        The port number to connect to
+     * @param int|bool $timeout     The timeout value
+     * @param string   $username
+     * @param string   $password
+     * @param int      $debug_level
+     *
+     * @return bool
+     */
+    public function authorise($host, $port = false, $timeout = false, $username = '', $password = '', $debug_level = 0)
+    {
+        $this->host = $host;
+        //If no port value provided, use default
+        if (false === $port) {
+            $this->port = static::DEFAULT_PORT;
+        } else {
+            $this->port = (int) $port;
+        }
+        //If no timeout value provided, use default
+        if (false === $timeout) {
+            $this->tval = static::DEFAULT_TIMEOUT;
+        } else {
+            $this->tval = (int) $timeout;
+        }
+        $this->do_debug = $debug_level;
+        $this->username = $username;
+        $this->password = $password;
+        //Reset the error log
+        $this->errors = [];
+        //Connect
+        $result = $this->connect($this->host, $this->port, $this->tval);
+        if ($result) {
+            $login_result = $this->login($this->username, $this->password);
+            if ($login_result) {
+                $this->disconnect();
+
+                return true;
+            }
+        }
+        //We need to disconnect regardless of whether the login succeeded
+        $this->disconnect();
+
+        return false;
+    }
+
+    /**
+     * Connect to a POP3 server.
+     *
+     * @param string   $host
+     * @param int|bool $port
+     * @param int      $tval
+     *
+     * @return bool
+     */
+    public function connect($host, $port = false, $tval = 30)
+    {
+        //Are we already connected?
+        if ($this->connected) {
+            return true;
+        }
+
+        //On Windows this will raise a PHP Warning error if the hostname doesn't exist.
+        //Rather than suppress it with @fsockopen, capture it cleanly instead
+        set_error_handler([$this, 'catchWarning']);
+
+        if (false === $port) {
+            $port = static::DEFAULT_PORT;
+        }
+
+        //Connect to the POP3 server
+        $errno = 0;
+        $errstr = '';
+        $this->pop_conn = fsockopen(
+            $host, //POP3 Host
+            $port, //Port #
+            $errno, //Error Number
+            $errstr, //Error Message
+            $tval
+        ); //Timeout (seconds)
+        //Restore the error handler
+        restore_error_handler();
+
+        //Did we connect?
+        if (false === $this->pop_conn) {
+            //It would appear not...
+            $this->setError(
+                "Failed to connect to server $host on port $port. errno: $errno; errstr: $errstr"
+            );
+
+            return false;
+        }
+
+        //Increase the stream time-out
+        stream_set_timeout($this->pop_conn, $tval, 0);
+
+        //Get the POP3 server response
+        $pop3_response = $this->getResponse();
+        //Check for the +OK
+        if ($this->checkResponse($pop3_response)) {
+            //The connection is established and the POP3 server is talking
+            $this->connected = true;
+
+            return true;
+        }
+
+        return false;
+    }
+
+    /**
+     * Log in to the POP3 server.
+     * Does not support APOP (RFC 2828, 4949).
+     *
+     * @param string $username
+     * @param string $password
+     *
+     * @return bool
+     */
+    public function login($username = '', $password = '')
+    {
+        if (!$this->connected) {
+            $this->setError('Not connected to POP3 server');
+            return false;
+        }
+        if (empty($username)) {
+            $username = $this->username;
+        }
+        if (empty($password)) {
+            $password = $this->password;
+        }
+
+        //Send the Username
+        $this->sendString("USER $username" . static::LE);
+        $pop3_response = $this->getResponse();
+        if ($this->checkResponse($pop3_response)) {
+            //Send the Password
+            $this->sendString("PASS $password" . static::LE);
+            $pop3_response = $this->getResponse();
+            if ($this->checkResponse($pop3_response)) {
+                return true;
+            }
+        }
+
+        return false;
+    }
+
+    /**
+     * Disconnect from the POP3 server.
+     */
+    public function disconnect()
+    {
+        $this->sendString('QUIT');
+
+        // RFC 1939 shows POP3 server sending a +OK response to the QUIT command.
+        // Try to get it.  Ignore any failures here.
+        try {
+            $this->getResponse();
+        } catch (Exception $e) {
+            //Do nothing
+        }
+
+        //The QUIT command may cause the daemon to exit, which will kill our connection
+        //So ignore errors here
+        try {
+            @fclose($this->pop_conn);
+        } catch (Exception $e) {
+            //Do nothing
+        }
+
+        // Clean up attributes.
+        $this->connected = false;
+        $this->pop_conn  = false;
+    }
+
+    /**
+     * Get a response from the POP3 server.
+     *
+     * @param int $size The maximum number of bytes to retrieve
+     *
+     * @return string
+     */
+    protected function getResponse($size = 128)
+    {
+        $response = fgets($this->pop_conn, $size);
+        if ($this->do_debug >= self::DEBUG_SERVER) {
+            echo 'Server -> Client: ', $response;
+        }
+
+        return $response;
+    }
+
+    /**
+     * Send raw data to the POP3 server.
+     *
+     * @param string $string
+     *
+     * @return int
+     */
+    protected function sendString($string)
+    {
+        if ($this->pop_conn) {
+            if ($this->do_debug >= self::DEBUG_CLIENT) { //Show client messages when debug >= 2
+                echo 'Client -> Server: ', $string;
+            }
+
+            return fwrite($this->pop_conn, $string, strlen($string));
+        }
+
+        return 0;
+    }
+
+    /**
+     * Checks the POP3 server response.
+     * Looks for for +OK or -ERR.
+     *
+     * @param string $string
+     *
+     * @return bool
+     */
+    protected function checkResponse($string)
+    {
+        if (strpos($string, '+OK') !== 0) {
+            $this->setError("Server reported an error: $string");
+
+            return false;
+        }
+
+        return true;
+    }
+
+    /**
+     * Add an error to the internal error store.
+     * Also display debug output if it's enabled.
+     *
+     * @param string $error
+     */
+    protected function setError($error)
+    {
+        $this->errors[] = $error;
+        if ($this->do_debug >= self::DEBUG_SERVER) {
+            echo '<pre>';
+            foreach ($this->errors as $e) {
+                print_r($e);
+            }
+            echo '</pre>';
+        }
+    }
+
+    /**
+     * Get an array of error messages, if any.
+     *
+     * @return array
+     */
+    public function getErrors()
+    {
+        return $this->errors;
+    }
+
+    /**
+     * POP3 connection error handler.
+     *
+     * @param int    $errno
+     * @param string $errstr
+     * @param string $errfile
+     * @param int    $errline
+     */
+    protected function catchWarning($errno, $errstr, $errfile, $errline)
+    {
+        $this->setError(
+            'Connecting to the POP3 server raised a PHP warning:' .
+            "errno: $errno errstr: $errstr; errfile: $errfile; errline: $errline"
+        );
+    }
+}

modules/smarty/Autoloader.php

@@ -2,20 +2,21 @@
 /**
  * Smarty Autoloader
  *
- * @package    Smarty
+ * @package Smarty
  */
 
 /**
  * Smarty Autoloader
  *
- * @package    Smarty
- * @author     Uwe Tews
+ * @package Smarty
+ * @author  Uwe Tews
  *             Usage:
- *             require_once '...path/Autoloader.php';
- *             Smarty_Autoloader::register();
- *             $smarty = new Smarty();
- *             Note:       This autoloader is not needed if you use Composer.
- *             Composer will automatically add the classes of the Smarty package to it common autoloader.
+ *                  require_once '...path/Autoloader.php';
+ *                  Smarty_Autoloader::register();
+ *             or
+ *                  include '...path/bootstrap.php';
+ *
+ *                  $smarty = new Smarty();
  */
 class Smarty_Autoloader
 {
@@ -24,21 +25,21 @@ class Smarty_Autoloader
      *
      * @var string
      */
-    public static $SMARTY_DIR = '';
+    public static $SMARTY_DIR = null;
 
     /**
      * Filepath to Smarty internal plugins
      *
      * @var string
      */
-    public static $SMARTY_SYSPLUGINS_DIR = '';
+    public static $SMARTY_SYSPLUGINS_DIR = null;
 
     /**
      * Array with Smarty core classes and their filename
      *
      * @var array
      */
-    public static $rootClasses = array('smarty' => 'Smarty.class.php', 'smartybc' => 'SmartyBC.class.php',);
+    public static $rootClasses = array('smarty' => 'Smarty.class.php');
 
     /**
      * Registers Smarty_Autoloader backward compatible to older installations.
@@ -53,8 +54,8 @@ class Smarty_Autoloader
         if (!defined('SMARTY_SPL_AUTOLOAD')) {
             define('SMARTY_SPL_AUTOLOAD', 0);
         }
-        if (SMARTY_SPL_AUTOLOAD &&
-            set_include_path(get_include_path() . PATH_SEPARATOR . SMARTY_SYSPLUGINS_DIR) !== false
+        if (SMARTY_SPL_AUTOLOAD
+            && set_include_path(get_include_path() . PATH_SEPARATOR . SMARTY_SYSPLUGINS_DIR) !== false
         ) {
             $registeredAutoLoadFunctions = spl_autoload_functions();
             if (!isset($registeredAutoLoadFunctions[ 'spl_autoload' ])) {
@@ -75,11 +76,7 @@ class Smarty_Autoloader
         self::$SMARTY_DIR = defined('SMARTY_DIR') ? SMARTY_DIR : dirname(__FILE__) . DIRECTORY_SEPARATOR;
         self::$SMARTY_SYSPLUGINS_DIR = defined('SMARTY_SYSPLUGINS_DIR') ? SMARTY_SYSPLUGINS_DIR :
             self::$SMARTY_DIR . 'sysplugins' . DIRECTORY_SEPARATOR;
-        if (version_compare(phpversion(), '5.3.0', '>=')) {
-            spl_autoload_register(array(__CLASS__, 'autoload'), true, $prepend);
-        } else {
-            spl_autoload_register(array(__CLASS__, 'autoload'));
-        }
+        spl_autoload_register(array(__CLASS__, 'autoload'), true, $prepend);
     }
 
     /**
@@ -89,18 +86,20 @@ class Smarty_Autoloader
      */
     public static function autoload($class)
     {
-        $_class = strtolower($class);
-        if (strpos($_class, 'smarty') !== 0) {
+        if ($class[ 0 ] !== 'S' || strpos($class, 'Smarty') !== 0) {
             return;
         }
-        $file = self::$SMARTY_SYSPLUGINS_DIR . $_class . '.php';
-        if (is_file($file)) {
-            include $file;
-        } else if (isset(self::$rootClasses[ $_class ])) {
+        $_class = strtolower($class);
+        if (isset(self::$rootClasses[ $_class ])) {
             $file = self::$SMARTY_DIR . self::$rootClasses[ $_class ];
             if (is_file($file)) {
                 include $file;
             }
+        } else {
+            $file = self::$SMARTY_SYSPLUGINS_DIR . $_class . '.php';
+            if (is_file($file)) {
+                include $file;
+            }
         }
         return;
     }

modules/smarty/SmartyBC.class.php

@@ -1,455 +0,0 @@
-<?php
-/**
- * Project:     Smarty: the PHP compiling template engine
- * File:        SmartyBC.class.php
- * SVN:         $Id: $
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
- * For questions, help, comments, discussion, etc., please join the
- * Smarty mailing list. Send a blank e-mail to
- * smarty-discussion-subscribe@googlegroups.com
- *
- * @link      http://www.smarty.net/
- * @copyright 2008 New Digital Group, Inc.
- * @author    Monte Ohrt <monte at ohrt dot com>
- * @author    Uwe Tews
- * @author    Rodney Rehm
- * @package   Smarty
- */
-/**
- * @ignore
- */
-require_once(dirname(__FILE__) . '/Smarty.class.php');
-
-/**
- * Smarty Backward Compatibility Wrapper Class
- *
- * @package Smarty
- */
-class SmartyBC extends Smarty
-{
-    /**
-     * Smarty 2 BC
-     *
-     * @var string
-     */
-    public $_version = self::SMARTY_VERSION;
-
-    /**
-     * This is an array of directories where trusted php scripts reside.
-     *
-     * @var array
-     */
-    public $trusted_dir = array();
-
-    /**
-     * Initialize new SmartyBC object
-     *
-     */
-    public function __construct()
-    {
-        parent::__construct();
-    }
-
-    /**
-     * wrapper for assign_by_ref
-     *
-     * @param string $tpl_var the template variable name
-     * @param mixed  &$value  the referenced value to assign
-     */
-    public function assign_by_ref($tpl_var, &$value)
-    {
-        $this->assignByRef($tpl_var, $value);
-    }
-
-    /**
-     * wrapper for append_by_ref
-     *
-     * @param string  $tpl_var the template variable name
-     * @param mixed   &$value  the referenced value to append
-     * @param boolean $merge   flag if array elements shall be merged
-     */
-    public function append_by_ref($tpl_var, &$value, $merge = false)
-    {
-        $this->appendByRef($tpl_var, $value, $merge);
-    }
-
-    /**
-     * clear the given assigned template variable.
-     *
-     * @param string $tpl_var the template variable to clear
-     */
-    public function clear_assign($tpl_var)
-    {
-        $this->clearAssign($tpl_var);
-    }
-
-    /**
-     * Registers custom function to be used in templates
-     *
-     * @param string $function      the name of the template function
-     * @param string $function_impl the name of the PHP function to register
-     * @param bool   $cacheable
-     * @param mixed  $cache_attrs
-     */
-    public function register_function($function, $function_impl, $cacheable = true, $cache_attrs = null)
-    {
-        $this->registerPlugin('function', $function, $function_impl, $cacheable, $cache_attrs);
-    }
-
-    /**
-     * Unregister custom function
-     *
-     * @param string $function name of template function
-     */
-    public function unregister_function($function)
-    {
-        $this->unregisterPlugin('function', $function);
-    }
-
-    /**
-     * Registers object to be used in templates
-     *
-     * @param string  $object        name of template object
-     * @param object  $object_impl   the referenced PHP object to register
-     * @param array   $allowed       list of allowed methods (empty = all)
-     * @param boolean $smarty_args   smarty argument format, else traditional
-     * @param array   $block_methods list of methods that are block format
-     *
-     * @throws SmartyException
-     * @internal param array $block_functs list of methods that are block format
-     */
-    public function register_object($object, $object_impl, $allowed = array(), $smarty_args = true,
-                                    $block_methods = array())
-    {
-        settype($allowed, 'array');
-        settype($smarty_args, 'boolean');
-        $this->registerObject($object, $object_impl, $allowed, $smarty_args, $block_methods);
-    }
-
-    /**
-     * Unregister object
-     *
-     * @param string $object name of template object
-     */
-    public function unregister_object($object)
-    {
-        $this->unregisterObject($object);
-    }
-
-    /**
-     * Registers block function to be used in templates
-     *
-     * @param string $block      name of template block
-     * @param string $block_impl PHP function to register
-     * @param bool   $cacheable
-     * @param mixed  $cache_attrs
-     */
-    public function register_block($block, $block_impl, $cacheable = true, $cache_attrs = null)
-    {
-        $this->registerPlugin('block', $block, $block_impl, $cacheable, $cache_attrs);
-    }
-
-    /**
-     * Unregister block function
-     *
-     * @param string $block name of template function
-     */
-    public function unregister_block($block)
-    {
-        $this->unregisterPlugin('block', $block);
-    }
-
-    /**
-     * Registers compiler function
-     *
-     * @param string $function      name of template function
-     * @param string $function_impl name of PHP function to register
-     * @param bool   $cacheable
-     */
-    public function register_compiler_function($function, $function_impl, $cacheable = true)
-    {
-        $this->registerPlugin('compiler', $function, $function_impl, $cacheable);
-    }
-
-    /**
-     * Unregister compiler function
-     *
-     * @param string $function name of template function
-     */
-    public function unregister_compiler_function($function)
-    {
-        $this->unregisterPlugin('compiler', $function);
-    }
-
-    /**
-     * Registers modifier to be used in templates
-     *
-     * @param string $modifier      name of template modifier
-     * @param string $modifier_impl name of PHP function to register
-     */
-    public function register_modifier($modifier, $modifier_impl)
-    {
-        $this->registerPlugin('modifier', $modifier, $modifier_impl);
-    }
-
-    /**
-     * Unregister modifier
-     *
-     * @param string $modifier name of template modifier
-     */
-    public function unregister_modifier($modifier)
-    {
-        $this->unregisterPlugin('modifier', $modifier);
-    }
-
-    /**
-     * Registers a resource to fetch a template
-     *
-     * @param string $type      name of resource
-     * @param array  $functions array of functions to handle resource
-     */
-    public function register_resource($type, $functions)
-    {
-        $this->registerResource($type, $functions);
-    }
-
-    /**
-     * Unregister a resource
-     *
-     * @param string $type name of resource
-     */
-    public function unregister_resource($type)
-    {
-        $this->unregisterResource($type);
-    }
-
-    /**
-     * Registers a prefilter function to apply
-     * to a template before compiling
-     *
-     * @param callable $function
-     */
-    public function register_prefilter($function)
-    {
-        $this->registerFilter('pre', $function);
-    }
-
-    /**
-     * Unregister a prefilter function
-     *
-     * @param callable $function
-     */
-    public function unregister_prefilter($function)
-    {
-        $this->unregisterFilter('pre', $function);
-    }
-
-    /**
-     * Registers a postfilter function to apply
-     * to a compiled template after compilation
-     *
-     * @param callable $function
-     */
-    public function register_postfilter($function)
-    {
-        $this->registerFilter('post', $function);
-    }
-
-    /**
-     * Unregister a postfilter function
-     *
-     * @param callable $function
-     */
-    public function unregister_postfilter($function)
-    {
-        $this->unregisterFilter('post', $function);
-    }
-
-    /**
-     * Registers an output filter function to apply
-     * to a template output
-     *
-     * @param callable $function
-     */
-    public function register_outputfilter($function)
-    {
-        $this->registerFilter('output', $function);
-    }
-
-    /**
-     * Unregister an outputfilter function
-     *
-     * @param callable $function
-     */
-    public function unregister_outputfilter($function)
-    {
-        $this->unregisterFilter('output', $function);
-    }
-
-    /**
-     * load a filter of specified type and name
-     *
-     * @param string $type filter type
-     * @param string $name filter name
-     */
-    public function load_filter($type, $name)
-    {
-        $this->loadFilter($type, $name);
-    }
-
-    /**
-     * clear cached content for the given template and cache id
-     *
-     * @param  string $tpl_file   name of template file
-     * @param  string $cache_id   name of cache_id
-     * @param  string $compile_id name of compile_id
-     * @param  string $exp_time   expiration time
-     *
-     * @return boolean
-     */
-    public function clear_cache($tpl_file = null, $cache_id = null, $compile_id = null, $exp_time = null)
-    {
-        return $this->clearCache($tpl_file, $cache_id, $compile_id, $exp_time);
-    }
-
-    /**
-     * clear the entire contents of cache (all templates)
-     *
-     * @param  string $exp_time expire time
-     *
-     * @return boolean
-     */
-    public function clear_all_cache($exp_time = null)
-    {
-        return $this->clearCache(null, null, null, $exp_time);
-    }
-
-    /**
-     * test to see if valid cache exists for this template
-     *
-     * @param  string $tpl_file name of template file
-     * @param  string $cache_id
-     * @param  string $compile_id
-     *
-     * @return boolean
-     */
-    public function is_cached($tpl_file, $cache_id = null, $compile_id = null)
-    {
-        return $this->isCached($tpl_file, $cache_id, $compile_id);
-    }
-
-    /**
-     * clear all the assigned template variables.
-     */
-    public function clear_all_assign()
-    {
-        $this->clearAllAssign();
-    }
-
-    /**
-     * clears compiled version of specified template resource,
-     * or all compiled template files if one is not specified.
-     * This function is for advanced use only, not normally needed.
-     *
-     * @param  string $tpl_file
-     * @param  string $compile_id
-     * @param  string $exp_time
-     *
-     * @return boolean results of {@link smarty_core_rm_auto()}
-     */
-    public function clear_compiled_tpl($tpl_file = null, $compile_id = null, $exp_time = null)
-    {
-        return $this->clearCompiledTemplate($tpl_file, $compile_id, $exp_time);
-    }
-
-    /**
-     * Checks whether requested template exists.
-     *
-     * @param  string $tpl_file
-     *
-     * @return boolean
-     */
-    public function template_exists($tpl_file)
-    {
-        return $this->templateExists($tpl_file);
-    }
-
-    /**
-     * Returns an array containing template variables
-     *
-     * @param  string $name
-     *
-     * @return array
-     */
-    public function get_template_vars($name = null)
-    {
-        return $this->getTemplateVars($name);
-    }
-
-    /**
-     * Returns an array containing config variables
-     *
-     * @param  string $name
-     *
-     * @return array
-     */
-    public function get_config_vars($name = null)
-    {
-        return $this->getConfigVars($name);
-    }
-
-    /**
-     * load configuration values
-     *
-     * @param string $file
-     * @param string $section
-     * @param string $scope
-     */
-    public function config_load($file, $section = null, $scope = 'global')
-    {
-        $this->ConfigLoad($file, $section, $scope);
-    }
-
-    /**
-     * return a reference to a registered object
-     *
-     * @param  string $name
-     *
-     * @return object
-     */
-    public function get_registered_object($name)
-    {
-        return $this->getRegisteredObject($name);
-    }
-
-    /**
-     * clear configuration values
-     *
-     * @param string $var
-     */
-    public function clear_config($var = null)
-    {
-        $this->clearConfig($var);
-    }
-
-    /**
-     * trigger Smarty error
-     *
-     * @param string  $error_msg
-     * @param integer $error_type
-     */
-    public function trigger_error($error_msg, $error_type = E_USER_WARNING)
-    {
-        trigger_error("Smarty error: $error_msg", $error_type);
-    }
-}

modules/smarty/bootstrap.php

@@ -0,0 +1,16 @@
+<?php
+/**
+ * This file is part of the Smarty package.
+ *
+ * (c) Sebastian Bergmann <sebastian@phpunit.de>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+/**
+ * Load and register Smarty Autoloader
+ */
+if (!class_exists('Smarty_Autoloader')) {
+    include dirname(__FILE__) . '/Autoloader.php';
+}
+Smarty_Autoloader::register(true);

modules/smarty/debug.tpl

@@ -113,10 +113,10 @@
         <div>
             {foreach $template_data as $template}
                 <font color=brown>{$template.name}</font>
-                <br>&nbsp;&nbsp;<span class="exectime">
+                <br />&nbsp;&nbsp;<span class="exectime">
                 (compile {$template['compile_time']|string_format:"%.5f"}) (render {$template['render_time']|string_format:"%.5f"}) (cache {$template['cache_time']|string_format:"%.5f"})
                  </span>
-                <br>
+                <br />
             {/foreach}
         </div>
     {/if}
@@ -127,7 +127,7 @@
         {foreach $assigned_vars as $vars}
             <tr class="{if $vars@iteration % 2 eq 0}odd{else}even{/if}">
                 <td><h3><font color=blue>${$vars@key}</font></h3>
-                    {if isset($vars['nocache'])}<b>Nocache</b></br>{/if}
+                    {if isset($vars['nocache'])}<b>Nocache</b><br />{/if}
                     {if isset($vars['scope'])}<b>Origin:</b> {$vars['scope']|debug_print_var nofilter}{/if}
                 </td>
                 <td><h3>Value</h3>{$vars['value']|debug_print_var:10:80 nofilter}</td>