Context Navigation

functions.php

Last change on this file was 6, checked in by dj3c1t, 13 years ago
mise a jour du trunk
File size: 65.9 KB

Line
1	<?php
2
3	/**
4	* Copyright (C) 2008-2011 FluxBB
5	* based on code by Rickard Andersson copyright (C) 2002-2008 PunBB
6	* License: http://www.gnu.org/licenses/gpl.html GPL version 2 or higher
7	*/
8
9
10	//
11	// Return current timestamp (with microseconds) as a float
12	//
13	function get_microtime()
14	{
15	list($usec, $sec) = explode(' ', microtime());
16	return ((float)$usec + (float)$sec);
17	}
18
19	//
20	// Cookie stuff!
21	//
22	function check_cookie(&$pun_user)
23	{
24	global $db, $db_type, $pun_config, $cookie_name, $cookie_seed;
25
26	$now = time();
27
28	// If the cookie is set and it matches the correct pattern, then read the values from it
29	if (isset($_COOKIE[$cookie_name]) && preg_match('%^(\d+)\\|([0-9a-fA-F]+)\\|(\d+)\\|([0-9a-fA-F]+)$%', $_COOKIE[$cookie_name], $matches))
30	{
31	$cookie = array(
32	'user_id' => intval($matches[1]),
33	'password_hash' => $matches[2],
34	'expiration_time' => intval($matches[3]),
35	'cookie_hash' => $matches[4],
36	);
37	}
38
39	// If it has a non-guest user, and hasn't expired
40	if (isset($cookie) && $cookie['user_id'] > 1 && $cookie['expiration_time'] > $now)
41	{
42	// If the cookie has been tampered with
43	if (forum_hmac($cookie['user_id'].'\|'.$cookie['expiration_time'], $cookie_seed.'_cookie_hash') != $cookie['cookie_hash'])
44	{
45	$expire = $now + 31536000; // The cookie expires after a year
46	pun_setcookie(1, pun_hash(uniqid(rand(), true)), $expire);
47	set_default_user();
48
49	return;
50	}
51
52	// Check if there's a user with the user ID and password hash from the cookie
53	$result = $db->query('SELECT u., g., o.logged, o.idle FROM '.$db->prefix.'users AS u INNER JOIN '.$db->prefix.'groups AS g ON u.group_id=g.g_id LEFT JOIN '.$db->prefix.'online AS o ON o.user_id=u.id WHERE u.id='.intval($cookie['user_id'])) or error('Unable to fetch user information', __FILE__, __LINE__, $db->error());
54	$pun_user = $db->fetch_assoc($result);
55
56	// If user authorisation failed
57	if (!isset($pun_user['id']) \|\| forum_hmac($pun_user['password'], $cookie_seed.'_password_hash') !== $cookie['password_hash'])
58	{
59	$expire = $now + 31536000; // The cookie expires after a year
60	pun_setcookie(1, pun_hash(uniqid(rand(), true)), $expire);
61	set_default_user();
62
63	return;
64	}
65
66	// Send a new, updated cookie with a new expiration timestamp
67	$expire = ($cookie['expiration_time'] > $now + $pun_config['o_timeout_visit']) ? $now + 1209600 : $now + $pun_config['o_timeout_visit'];
68	pun_setcookie($pun_user['id'], $pun_user['password'], $expire);
69
70	// Set a default language if the user selected language no longer exists
71	if (!file_exists(PUN_ROOT.'lang/'.$pun_user['language']))
72	$pun_user['language'] = $pun_config['o_default_lang'];
73
74	// Set a default style if the user selected style no longer exists
75	if (!file_exists(PUN_ROOT.'style/'.$pun_user['style'].'.css'))
76	$pun_user['style'] = $pun_config['o_default_style'];
77
78	if (!$pun_user['disp_topics'])
79	$pun_user['disp_topics'] = $pun_config['o_disp_topics_default'];
80	if (!$pun_user['disp_posts'])
81	$pun_user['disp_posts'] = $pun_config['o_disp_posts_default'];
82
83	// Define this if you want this visit to affect the online list and the users last visit data
84	if (!defined('PUN_QUIET_VISIT'))
85	{
86	// Update the online list
87	if (!$pun_user['logged'])
88	{
89	$pun_user['logged'] = $now;
90
91	// With MySQL/MySQLi/SQLite, REPLACE INTO avoids a user having two rows in the online table
92	switch ($db_type)
93	{
94	case 'mysql':
95	case 'mysqli':
96	case 'mysql_innodb':
97	case 'mysqli_innodb':
98	case 'sqlite':
99	$db->query('REPLACE INTO '.$db->prefix.'online (user_id, ident, logged) VALUES('.$pun_user['id'].', \''.$db->escape($pun_user['username']).'\', '.$pun_user['logged'].')') or error('Unable to insert into online list', __FILE__, __LINE__, $db->error());
100	break;
101
102	default:
103	$db->query('INSERT INTO '.$db->prefix.'online (user_id, ident, logged) SELECT '.$pun_user['id'].', \''.$db->escape($pun_user['username']).'\', '.$pun_user['logged'].' WHERE NOT EXISTS (SELECT 1 FROM '.$db->prefix.'online WHERE user_id='.$pun_user['id'].')') or error('Unable to insert into online list', __FILE__, __LINE__, $db->error());
104	break;
105	}
106
107	// Reset tracked topics
108	set_tracked_topics(null);
109	}
110	else
111	{
112	// Special case: We've timed out, but no other user has browsed the forums since we timed out
113	if ($pun_user['logged'] < ($now-$pun_config['o_timeout_visit']))
114	{
115	$db->query('UPDATE '.$db->prefix.'users SET last_visit='.$pun_user['logged'].' WHERE id='.$pun_user['id']) or error('Unable to update user visit data', __FILE__, __LINE__, $db->error());
116	$pun_user['last_visit'] = $pun_user['logged'];
117	}
118
119	$idle_sql = ($pun_user['idle'] == '1') ? ', idle=0' : '';
120	$db->query('UPDATE '.$db->prefix.'online SET logged='.$now.$idle_sql.' WHERE user_id='.$pun_user['id']) or error('Unable to update online list', __FILE__, __LINE__, $db->error());
121
122	// Update tracked topics with the current expire time
123	if (isset($_COOKIE[$cookie_name.'_track']))
124	forum_setcookie($cookie_name.'_track', $_COOKIE[$cookie_name.'_track'], $now + $pun_config['o_timeout_visit']);
125	}
126	}
127	else
128	{
129	if (!$pun_user['logged'])
130	$pun_user['logged'] = $pun_user['last_visit'];
131	}
132
133	$pun_user['is_guest'] = false;
134	$pun_user['is_admmod'] = $pun_user['g_id'] == PUN_ADMIN \|\| $pun_user['g_moderator'] == '1';
135	}
136	else
137	set_default_user();
138	}
139
140
141	//
142	// Converts the CDATA end sequence ]]> into ]]>
143	//
144	function escape_cdata($str)
145	{
146	return str_replace(']]>', ']]>', $str);
147	}
148
149
150	//
151	// Authenticates the provided username and password against the user database
152	// $user can be either a user ID (integer) or a username (string)
153	// $password can be either a plaintext password or a password hash including salt ($password_is_hash must be set accordingly)
154	//
155	function authenticate_user($user, $password, $password_is_hash = false)
156	{
157	global $db, $pun_user;
158
159	// Check if there's a user matching $user and $password
160	$result = $db->query('SELECT u., g., o.logged, o.idle FROM '.$db->prefix.'users AS u INNER JOIN '.$db->prefix.'groups AS g ON g.g_id=u.group_id LEFT JOIN '.$db->prefix.'online AS o ON o.user_id=u.id WHERE '.(is_int($user) ? 'u.id='.intval($user) : 'u.username=\''.$db->escape($user).'\'')) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());
161	$pun_user = $db->fetch_assoc($result);
162
163	if (!isset($pun_user['id']) \|\|
164	($password_is_hash && $password != $pun_user['password']) \|\|
165	(!$password_is_hash && pun_hash($password) != $pun_user['password']))
166	set_default_user();
167	else
168	$pun_user['is_guest'] = false;
169	}
170
171
172	//
173	// Try to determine the current URL
174	//
175	function get_current_url($max_length = 0)
176	{
177	$protocol = get_current_protocol();
178	$port = (isset($_SERVER['SERVER_PORT']) && (($_SERVER['SERVER_PORT'] != '80' && $protocol == 'http') \|\| ($_SERVER['SERVER_PORT'] != '443' && $protocol == 'https')) && strpos($_SERVER['HTTP_HOST'], ':') === false) ? ':'.$_SERVER['SERVER_PORT'] : '';
179
180	$url = urldecode($protocol.'://'.$_SERVER['HTTP_HOST'].$port.$_SERVER['REQUEST_URI']);
181
182	if (strlen($url) <= $max_length \|\| $max_length == 0)
183	return $url;
184
185	// We can't find a short enough url
186	return null;
187	}
188
189
190	//
191	// Fetch the current protocol in use - http or https
192	//
193	function get_current_protocol()
194	{
195	$protocol = 'http';
196
197	// Check if the server is claiming to using HTTPS
198	if (!empty($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) != 'off')
199	$protocol = 'https';
200
201	// If we are behind a reverse proxy try to decide which protocol it is using
202	if (defined('FORUM_BEHIND_REVERSE_PROXY'))
203	{
204	// Check if we are behind a Microsoft based reverse proxy
205	if (!empty($_SERVER['HTTP_FRONT_END_HTTPS']) && strtolower($_SERVER['HTTP_FRONT_END_HTTPS']) != 'off')
206	$protocol = 'https';
207
208	// Check if we're behind a "proper" reverse proxy, and what protocol it's using
209	if (!empty($_SERVER['HTTP_X_FORWARDED_PROTO']))
210	$protocol = strtolower($_SERVER['HTTP_X_FORWARDED_PROTO']);
211	}
212
213	return $protocol;
214	}
215
216	//
217	// Fetch the base_url, optionally support HTTPS and HTTP
218	//
219	function get_base_url($support_https = false)
220	{
221	global $pun_config;
222	static $base_url;
223
224	if (!$support_https)
225	return $pun_config['o_base_url'];
226
227	if (!isset($base_url))
228	{
229	// Make sure we are using the correct protocol
230	$base_url = str_replace(array('http://', 'https://'), get_current_protocol().'://', $pun_config['o_base_url']);
231	}
232
233	return $base_url;
234	}
235
236
237	//
238	// Fill $pun_user with default values (for guests)
239	//
240	function set_default_user()
241	{
242	global $db, $db_type, $pun_user, $pun_config;
243
244	$remote_addr = get_remote_address();
245
246	// Fetch guest user
247	$result = $db->query('SELECT u., g., o.logged, o.last_post, o.last_search FROM '.$db->prefix.'users AS u INNER JOIN '.$db->prefix.'groups AS g ON u.group_id=g.g_id LEFT JOIN '.$db->prefix.'online AS o ON o.ident=\''.$remote_addr.'\' WHERE u.id=1') or error('Unable to fetch guest information', __FILE__, __LINE__, $db->error());
248	if (!$db->num_rows($result))
249	exit('Unable to fetch guest information. Your database must contain both a guest user and a guest user group.');
250
251	$pun_user = $db->fetch_assoc($result);
252
253	// Update online list
254	if (!$pun_user['logged'])
255	{
256	$pun_user['logged'] = time();
257
258	// With MySQL/MySQLi/SQLite, REPLACE INTO avoids a user having two rows in the online table
259	switch ($db_type)
260	{
261	case 'mysql':
262	case 'mysqli':
263	case 'mysql_innodb':
264	case 'mysqli_innodb':
265	case 'sqlite':
266	$db->query('REPLACE INTO '.$db->prefix.'online (user_id, ident, logged) VALUES(1, \''.$db->escape($remote_addr).'\', '.$pun_user['logged'].')') or error('Unable to insert into online list', __FILE__, __LINE__, $db->error());
267	break;
268
269	default:
270	$db->query('INSERT INTO '.$db->prefix.'online (user_id, ident, logged) SELECT 1, \''.$db->escape($remote_addr).'\', '.$pun_user['logged'].' WHERE NOT EXISTS (SELECT 1 FROM '.$db->prefix.'online WHERE ident=\''.$db->escape($remote_addr).'\')') or error('Unable to insert into online list', __FILE__, __LINE__, $db->error());
271	break;
272	}
273	}
274	else
275	$db->query('UPDATE '.$db->prefix.'online SET logged='.time().' WHERE ident=\''.$db->escape($remote_addr).'\'') or error('Unable to update online list', __FILE__, __LINE__, $db->error());
276
277	$pun_user['disp_topics'] = $pun_config['o_disp_topics_default'];
278	$pun_user['disp_posts'] = $pun_config['o_disp_posts_default'];
279	$pun_user['timezone'] = $pun_config['o_default_timezone'];
280	$pun_user['dst'] = $pun_config['o_default_dst'];
281	$pun_user['language'] = $pun_config['o_default_lang'];
282	$pun_user['style'] = $pun_config['o_default_style'];
283	$pun_user['is_guest'] = true;
284	$pun_user['is_admmod'] = false;
285	}
286
287
288	//
289	// SHA1 HMAC with PHP 4 fallback
290	//
291	function forum_hmac($data, $key, $raw_output = false)
292	{
293	if (function_exists('hash_hmac'))
294	return hash_hmac('sha1', $data, $key, $raw_output);
295
296	// If key size more than blocksize then we hash it once
297	if (strlen($key) > 64)
298	$key = pack('H*', sha1($key)); // we have to use raw output here to match the standard
299
300	// Ensure we're padded to exactly one block boundary
301	$key = str_pad($key, 64, chr(0x00));
302
303	$hmac_opad = str_repeat(chr(0x5C), 64);
304	$hmac_ipad = str_repeat(chr(0x36), 64);
305
306	// Do inner and outer padding
307	for ($i = 0;$i < 64;$i++) {
308	$hmac_opad[$i] = $hmac_opad[$i] ^ $key[$i];
309	$hmac_ipad[$i] = $hmac_ipad[$i] ^ $key[$i];
310	}
311
312	// Finally, calculate the HMAC
313	$hash = sha1($hmac_opad.pack('H*', sha1($hmac_ipad.$data)));
314
315	// If we want raw output then we need to pack the final result
316	if ($raw_output)
317	$hash = pack('H*', $hash);
318
319	return $hash;
320	}
321
322
323	//
324	// Set a cookie, FluxBB style!
325	// Wrapper for forum_setcookie
326	//
327	function pun_setcookie($user_id, $password_hash, $expire)
328	{
329	global $cookie_name, $cookie_seed;
330
331	forum_setcookie($cookie_name, $user_id.'\|'.forum_hmac($password_hash, $cookie_seed.'_password_hash').'\|'.$expire.'\|'.forum_hmac($user_id.'\|'.$expire, $cookie_seed.'_cookie_hash'), $expire);
332	}
333
334
335	//
336	// Set a cookie, FluxBB style!
337	//
338	function forum_setcookie($name, $value, $expire)
339	{
340	global $cookie_path, $cookie_domain, $cookie_secure;
341
342	// Enable sending of a P3P header
343	header('P3P: CP="CUR ADM"');
344
345	if (version_compare(PHP_VERSION, '5.2.0', '>='))
346	setcookie($name, $value, $expire, $cookie_path, $cookie_domain, $cookie_secure, true);
347	else
348	setcookie($name, $value, $expire, $cookie_path.'; HttpOnly', $cookie_domain, $cookie_secure);
349	}
350
351
352	//
353	// Check whether the connecting user is banned (and delete any expired bans while we're at it)
354	//
355	function check_bans()
356	{
357	global $db, $pun_config, $lang_common, $pun_user, $pun_bans;
358
359	// Admins and moderators aren't affected
360	if ($pun_user['is_admmod'] \|\| !$pun_bans)
361	return;
362
363	// Add a dot or a colon (depending on IPv4/IPv6) at the end of the IP address to prevent banned address
364	// 192.168.0.5 from matching e.g. 192.168.0.50
365	$user_ip = get_remote_address();
366	$user_ip .= (strpos($user_ip, '.') !== false) ? '.' : ':';
367
368	$bans_altered = false;
369	$is_banned = false;
370
371	foreach ($pun_bans as $cur_ban)
372	{
373	// Has this ban expired?
374	if ($cur_ban['expire'] != '' && $cur_ban['expire'] <= time())
375	{
376	$db->query('DELETE FROM '.$db->prefix.'bans WHERE id='.$cur_ban['id']) or error('Unable to delete expired ban', __FILE__, __LINE__, $db->error());
377	$bans_altered = true;
378	continue;
379	}
380
381	if ($cur_ban['username'] != '' && utf8_strtolower($pun_user['username']) == utf8_strtolower($cur_ban['username']))
382	$is_banned = true;
383
384	if ($cur_ban['ip'] != '')
385	{
386	$cur_ban_ips = explode(' ', $cur_ban['ip']);
387
388	$num_ips = count($cur_ban_ips);
389	for ($i = 0; $i < $num_ips; ++$i)
390	{
391	// Add the proper ending to the ban
392	if (strpos($user_ip, '.') !== false)
393	$cur_ban_ips[$i] = $cur_ban_ips[$i].'.';
394	else
395	$cur_ban_ips[$i] = $cur_ban_ips[$i].':';
396
397	if (substr($user_ip, 0, strlen($cur_ban_ips[$i])) == $cur_ban_ips[$i])
398	{
399	$is_banned = true;
400	break;
401	}
402	}
403	}
404
405	if ($is_banned)
406	{
407	$db->query('DELETE FROM '.$db->prefix.'online WHERE ident=\''.$db->escape($pun_user['username']).'\'') or error('Unable to delete from online list', __FILE__, __LINE__, $db->error());
408	message($lang_common['Ban message'].' '.(($cur_ban['expire'] != '') ? $lang_common['Ban message 2'].' '.strtolower(format_time($cur_ban['expire'], true)).'. ' : '').(($cur_ban['message'] != '') ? $lang_common['Ban message 3'].'<br /><br /><strong>'.pun_htmlspecialchars($cur_ban['message']).'</strong><br /><br />' : '<br /><br />').$lang_common['Ban message 4'].' <a href="mailto:'.$pun_config['o_admin_email'].'">'.$pun_config['o_admin_email'].'</a>.', true);
409	}
410	}
411
412	// If we removed any expired bans during our run-through, we need to regenerate the bans cache
413	if ($bans_altered)
414	{
415	if (!defined('FORUM_CACHE_FUNCTIONS_LOADED'))
416	require PUN_ROOT.'include/cache.php';
417
418	generate_bans_cache();
419	}
420	}
421
422
423	//
424	// Check username
425	//
426	function check_username($username, $exclude_id = null)
427	{
428	global $db, $pun_config, $errors, $lang_prof_reg, $lang_register, $lang_common, $pun_bans;
429
430	// Convert multiple whitespace characters into one (to prevent people from registering with indistinguishable usernames)
431	$username = preg_replace('%\s+%s', ' ', $username);
432
433	// Validate username
434	if (pun_strlen($username) < 2)
435	$errors[] = $lang_prof_reg['Username too short'];
436	else if (pun_strlen($username) > 25) // This usually doesn't happen since the form element only accepts 25 characters
437	$errors[] = $lang_prof_reg['Username too long'];
438	else if (!strcasecmp($username, 'Guest') \|\| !strcasecmp($username, $lang_common['Guest']))
439	$errors[] = $lang_prof_reg['Username guest'];
440	else if (preg_match('%[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}%', $username) \|\| preg_match('%((([0-9A-Fa-f]{1,4}:){7}[0-9A-Fa-f]{1,4})\|(([0-9A-Fa-f]{1,4}:){6}:[0-9A-Fa-f]{1,4})\|(([0-9A-Fa-f]{1,4}:){5}:([0-9A-Fa-f]{1,4}:)?[0-9A-Fa-f]{1,4})\|(([0-9A-Fa-f]{1,4}:){4}:([0-9A-Fa-f]{1,4}:){0,2}[0-9A-Fa-f]{1,4})\|(([0-9A-Fa-f]{1,4}:){3}:([0-9A-Fa-f]{1,4}:){0,3}[0-9A-Fa-f]{1,4})\|(([0-9A-Fa-f]{1,4}:){2}:([0-9A-Fa-f]{1,4}:){0,4}[0-9A-Fa-f]{1,4})\|(([0-9A-Fa-f]{1,4}:){6}((\b((25[0-5])\|(1\d{2})\|(2[0-4]\d)\|(\d{1,2}))\b)\.){3}(\b((25[0-5])\|(1\d{2})\|(2[0-4]\d)\|(\d{1,2}))\b))\|(([0-9A-Fa-f]{1,4}:){0,5}:((\b((25[0-5])\|(1\d{2})\|(2[0-4]\d)\|(\d{1,2}))\b)\.){3}(\b((25[0-5])\|(1\d{2})\|(2[0-4]\d)\|(\d{1,2}))\b))\|(::([0-9A-Fa-f]{1,4}:){0,5}((\b((25[0-5])\|(1\d{2})\|(2[0-4]\d)\|(\d{1,2}))\b)\.){3}(\b((25[0-5])\|(1\d{2})\|(2[0-4]\d)\|(\d{1,2}))\b))\|([0-9A-Fa-f]{1,4}::([0-9A-Fa-f]{1,4}:){0,5}[0-9A-Fa-f]{1,4})\|(::([0-9A-Fa-f]{1,4}:){0,6}[0-9A-Fa-f]{1,4})\|(([0-9A-Fa-f]{1,4}:){1,7}:))%', $username))
441	$errors[] = $lang_prof_reg['Username IP'];
442	else if ((strpos($username, '[') !== false \|\| strpos($username, ']') !== false) && strpos($username, '\'') !== false && strpos($username, '"') !== false)
443	$errors[] = $lang_prof_reg['Username reserved chars'];
444	else if (preg_match('%(?:\[/?(?:b\|u\|s\|ins\|del\|em\|i\|h\|colou?r\|quote\|code\|img\|url\|email\|list\|\*\|topic\|post\|forum\|user)\]\|\[(?:img\|url\|quote\|list)=)%i', $username))
445	$errors[] = $lang_prof_reg['Username BBCode'];
446
447	// Check username for any censored words
448	if ($pun_config['o_censoring'] == '1' && censor_words($username) != $username)
449	$errors[] = $lang_register['Username censor'];
450
451	// Check that the username (or a too similar username) is not already registered
452	$query = ($exclude_id) ? ' AND id!='.$exclude_id : '';
453
454	$result = $db->query('SELECT username FROM '.$db->prefix.'users WHERE (UPPER(username)=UPPER(\''.$db->escape($username).'\') OR UPPER(username)=UPPER(\''.$db->escape(ucp_preg_replace('%[^\p{L}\p{N}]%u', '', $username)).'\')) AND id>1'.$query) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());
455
456	if ($db->num_rows($result))
457	{
458	$busy = $db->result($result);
459	$errors[] = $lang_register['Username dupe 1'].' '.pun_htmlspecialchars($busy).'. '.$lang_register['Username dupe 2'];
460	}
461
462	// Check username for any banned usernames
463	foreach ($pun_bans as $cur_ban)
464	{
465	if ($cur_ban['username'] != '' && utf8_strtolower($username) == utf8_strtolower($cur_ban['username']))
466	{
467	$errors[] = $lang_prof_reg['Banned username'];
468	break;
469	}
470	}
471	}
472
473
474	//
475	// Update "Users online"
476	//
477	function update_users_online()
478	{
479	global $db, $pun_config;
480
481	$now = time();
482
483	// Fetch all online list entries that are older than "o_timeout_online"
484	$result = $db->query('SELECT user_id, ident, logged, idle FROM '.$db->prefix.'online WHERE logged<'.($now-$pun_config['o_timeout_online'])) or error('Unable to fetch old entries from online list', __FILE__, __LINE__, $db->error());
485	while ($cur_user = $db->fetch_assoc($result))
486	{
487	// If the entry is a guest, delete it
488	if ($cur_user['user_id'] == '1')
489	$db->query('DELETE FROM '.$db->prefix.'online WHERE ident=\''.$db->escape($cur_user['ident']).'\'') or error('Unable to delete from online list', __FILE__, __LINE__, $db->error());
490	else
491	{
492	// If the entry is older than "o_timeout_visit", update last_visit for the user in question, then delete him/her from the online list
493	if ($cur_user['logged'] < ($now-$pun_config['o_timeout_visit']))
494	{
495	$db->query('UPDATE '.$db->prefix.'users SET last_visit='.$cur_user['logged'].' WHERE id='.$cur_user['user_id']) or error('Unable to update user visit data', __FILE__, __LINE__, $db->error());
496	$db->query('DELETE FROM '.$db->prefix.'online WHERE user_id='.$cur_user['user_id']) or error('Unable to delete from online list', __FILE__, __LINE__, $db->error());
497	}
498	else if ($cur_user['idle'] == '0')
499	$db->query('UPDATE '.$db->prefix.'online SET idle=1 WHERE user_id='.$cur_user['user_id']) or error('Unable to insert into online list', __FILE__, __LINE__, $db->error());
500	}
501	}
502	}
503
504
505	//
506	// Display the profile navigation menu
507	//
508	function generate_profile_menu($page = '')
509	{
510	global $lang_profile, $pun_config, $pun_user, $id;
511
512	?>
513	<div id="profile" class="block2col">
514	<div class="blockmenu">
515	<h2><span><?php echo $lang_profile['Profile menu'] ?></span></h2>
516	<div class="box">
517	<div class="inbox">
518	<ul>
519	<li<?php if ($page == 'essentials') echo ' class="isactive"'; ?>><a href="profile.php?section=essentials&id=<?php echo $id ?>"><?php echo $lang_profile['Section essentials'] ?></a></li>
520	<li<?php if ($page == 'personal') echo ' class="isactive"'; ?>><a href="profile.php?section=personal&id=<?php echo $id ?>"><?php echo $lang_profile['Section personal'] ?></a></li>
521	<li<?php if ($page == 'messaging') echo ' class="isactive"'; ?>><a href="profile.php?section=messaging&id=<?php echo $id ?>"><?php echo $lang_profile['Section messaging'] ?></a></li>
522	<?php if ($pun_config['o_avatars'] == '1' \|\| $pun_config['o_signatures'] == '1'): ?> <li<?php if ($page == 'personality') echo ' class="isactive"'; ?>><a href="profile.php?section=personality&id=<?php echo $id ?>"><?php echo $lang_profile['Section personality'] ?></a></li>
523	<?php endif; ?> <li<?php if ($page == 'display') echo ' class="isactive"'; ?>><a href="profile.php?section=display&id=<?php echo $id ?>"><?php echo $lang_profile['Section display'] ?></a></li>
524	<li<?php if ($page == 'privacy') echo ' class="isactive"'; ?>><a href="profile.php?section=privacy&id=<?php echo $id ?>"><?php echo $lang_profile['Section privacy'] ?></a></li>
525	<?php if ($pun_user['g_id'] == PUN_ADMIN \|\| ($pun_user['g_moderator'] == '1' && $pun_user['g_mod_ban_users'] == '1')): ?> <li<?php if ($page == 'admin') echo ' class="isactive"'; ?>><a href="profile.php?section=admin&id=<?php echo $id ?>"><?php echo $lang_profile['Section admin'] ?></a></li>
526	<?php endif; ?> </ul>
527	</div>
528	</div>
529	</div>
530	<?php
531
532	}
533
534
535	//
536	// Outputs markup to display a user's avatar
537	//
538	function generate_avatar_markup($user_id)
539	{
540	global $pun_config;
541
542	$filetypes = array('jpg', 'gif', 'png');
543	$avatar_markup = '';
544
545	foreach ($filetypes as $cur_type)
546	{
547	$path = $pun_config['o_avatars_dir'].'/'.$user_id.'.'.$cur_type;
548
549	if (file_exists(PUN_ROOT.$path) && $img_size = getimagesize(PUN_ROOT.$path))
550	{
551	$avatar_markup = '<img src="'.pun_htmlspecialchars(get_base_url(true).'/'.$path.'?m='.filemtime(PUN_ROOT.$path)).'" '.$img_size[3].' alt="" />';
552	break;
553	}
554	}
555
556	return $avatar_markup;
557	}
558
559
560	//
561	// Generate browser's title
562	//
563	function generate_page_title($page_title, $p = null)
564	{
565	global $pun_config, $lang_common;
566
567	$page_title = array_reverse($page_title);
568
569	if ($p != null)
570	$page_title[0] .= ' ('.sprintf($lang_common['Page'], forum_number_format($p)).')';
571
572	$crumbs = implode($lang_common['Title separator'], $page_title);
573
574	return $crumbs;
575	}
576
577
578	//
579	// Save array of tracked topics in cookie
580	//
581	function set_tracked_topics($tracked_topics)
582	{
583	global $cookie_name, $cookie_path, $cookie_domain, $cookie_secure, $pun_config;
584
585	$cookie_data = '';
586	if (!empty($tracked_topics))
587	{
588	// Sort the arrays (latest read first)
589	arsort($tracked_topics['topics'], SORT_NUMERIC);
590	arsort($tracked_topics['forums'], SORT_NUMERIC);
591
592	// Homebrew serialization (to avoid having to run unserialize() on cookie data)
593	foreach ($tracked_topics['topics'] as $id => $timestamp)
594	$cookie_data .= 't'.$id.'='.$timestamp.';';
595	foreach ($tracked_topics['forums'] as $id => $timestamp)
596	$cookie_data .= 'f'.$id.'='.$timestamp.';';
597
598	// Enforce a byte size limit (4096 minus some space for the cookie name - defaults to 4048)
599	if (strlen($cookie_data) > FORUM_MAX_COOKIE_SIZE)
600	{
601	$cookie_data = substr($cookie_data, 0, FORUM_MAX_COOKIE_SIZE);
602	$cookie_data = substr($cookie_data, 0, strrpos($cookie_data, ';')).';';
603	}
604	}
605
606	forum_setcookie($cookie_name.'_track', $cookie_data, time() + $pun_config['o_timeout_visit']);
607	$_COOKIE[$cookie_name.'_track'] = $cookie_data; // Set it directly in $_COOKIE as well
608	}
609
610
611	//
612	// Extract array of tracked topics from cookie
613	//
614	function get_tracked_topics()
615	{
616	global $cookie_name;
617
618	$cookie_data = isset($_COOKIE[$cookie_name.'_track']) ? $_COOKIE[$cookie_name.'_track'] : false;
619	if (!$cookie_data)
620	return array('topics' => array(), 'forums' => array());
621
622	if (strlen($cookie_data) > 4048)
623	return array('topics' => array(), 'forums' => array());
624
625	// Unserialize data from cookie
626	$tracked_topics = array('topics' => array(), 'forums' => array());
627	$temp = explode(';', $cookie_data);
628	foreach ($temp as $t)
629	{
630	$type = substr($t, 0, 1) == 'f' ? 'forums' : 'topics';
631	$id = intval(substr($t, 1));
632	$timestamp = intval(substr($t, strpos($t, '=') + 1));
633	if ($id > 0 && $timestamp > 0)
634	$tracked_topics[$type][$id] = $timestamp;
635	}
636
637	return $tracked_topics;
638	}
639
640
641	//
642	// Update posts, topics, last_post, last_post_id and last_poster for a forum
643	//
644	function update_forum($forum_id)
645	{
646	global $db;
647
648	$result = $db->query('SELECT COUNT(id), SUM(num_replies) FROM '.$db->prefix.'topics WHERE forum_id='.$forum_id) or error('Unable to fetch forum topic count', __FILE__, __LINE__, $db->error());
649	list($num_topics, $num_posts) = $db->fetch_row($result);
650
651	$num_posts = $num_posts + $num_topics; // $num_posts is only the sum of all replies (we have to add the topic posts)
652
653	$result = $db->query('SELECT last_post, last_post_id, last_poster FROM '.$db->prefix.'topics WHERE forum_id='.$forum_id.' AND moved_to IS NULL ORDER BY last_post DESC LIMIT 1') or error('Unable to fetch last_post/last_post_id/last_poster', __FILE__, __LINE__, $db->error());
654	if ($db->num_rows($result)) // There are topics in the forum
655	{
656	list($last_post, $last_post_id, $last_poster) = $db->fetch_row($result);
657
658	$db->query('UPDATE '.$db->prefix.'forums SET num_topics='.$num_topics.', num_posts='.$num_posts.', last_post='.$last_post.', last_post_id='.$last_post_id.', last_poster=\''.$db->escape($last_poster).'\' WHERE id='.$forum_id) or error('Unable to update last_post/last_post_id/last_poster', __FILE__, __LINE__, $db->error());
659	}
660	else // There are no topics
661	$db->query('UPDATE '.$db->prefix.'forums SET num_topics='.$num_topics.', num_posts='.$num_posts.', last_post=NULL, last_post_id=NULL, last_poster=NULL WHERE id='.$forum_id) or error('Unable to update last_post/last_post_id/last_poster', __FILE__, __LINE__, $db->error());
662	}
663
664
665	//
666	// Deletes any avatars owned by the specified user ID
667	//
668	function delete_avatar($user_id)
669	{
670	global $pun_config;
671
672	$filetypes = array('jpg', 'gif', 'png');
673
674	// Delete user avatar
675	foreach ($filetypes as $cur_type)
676	{
677	if (file_exists(PUN_ROOT.$pun_config['o_avatars_dir'].'/'.$user_id.'.'.$cur_type))
678	@unlink(PUN_ROOT.$pun_config['o_avatars_dir'].'/'.$user_id.'.'.$cur_type);
679	}
680	}
681
682
683	//
684	// Delete a topic and all of it's posts
685	//
686	function delete_topic($topic_id)
687	{
688	global $db;
689
690	// Delete the topic and any redirect topics
691	$db->query('DELETE FROM '.$db->prefix.'topics WHERE id='.$topic_id.' OR moved_to='.$topic_id) or error('Unable to delete topic', __FILE__, __LINE__, $db->error());
692
693	// Create a list of the post IDs in this topic
694	$post_ids = '';
695	$result = $db->query('SELECT id FROM '.$db->prefix.'posts WHERE topic_id='.$topic_id) or error('Unable to fetch posts', __FILE__, __LINE__, $db->error());
696	while ($row = $db->fetch_row($result))
697	$post_ids .= ($post_ids != '') ? ','.$row[0] : $row[0];
698
699	// Make sure we have a list of post IDs
700	if ($post_ids != '')
701	{
702	strip_search_index($post_ids);
703
704	// Delete posts in topic
705	$db->query('DELETE FROM '.$db->prefix.'posts WHERE topic_id='.$topic_id) or error('Unable to delete posts', __FILE__, __LINE__, $db->error());
706	}
707
708	// Delete any subscriptions for this topic
709	$db->query('DELETE FROM '.$db->prefix.'topic_subscriptions WHERE topic_id='.$topic_id) or error('Unable to delete subscriptions', __FILE__, __LINE__, $db->error());
710	}
711
712
713	//
714	// Delete a single post
715	//
716	function delete_post($post_id, $topic_id)
717	{
718	global $db;
719
720	$result = $db->query('SELECT id, poster, posted FROM '.$db->prefix.'posts WHERE topic_id='.$topic_id.' ORDER BY id DESC LIMIT 2') or error('Unable to fetch post info', __FILE__, __LINE__, $db->error());
721	list($last_id, ,) = $db->fetch_row($result);
722	list($second_last_id, $second_poster, $second_posted) = $db->fetch_row($result);
723
724	// Delete the post
725	$db->query('DELETE FROM '.$db->prefix.'posts WHERE id='.$post_id) or error('Unable to delete post', __FILE__, __LINE__, $db->error());
726
727	strip_search_index($post_id);
728
729	// Count number of replies in the topic
730	$result = $db->query('SELECT COUNT(id) FROM '.$db->prefix.'posts WHERE topic_id='.$topic_id) or error('Unable to fetch post count for topic', __FILE__, __LINE__, $db->error());
731	$num_replies = $db->result($result, 0) - 1;
732
733	// If the message we deleted is the most recent in the topic (at the end of the topic)
734	if ($last_id == $post_id)
735	{
736	// If there is a $second_last_id there is more than 1 reply to the topic
737	if (!empty($second_last_id))
738	$db->query('UPDATE '.$db->prefix.'topics SET last_post='.$second_posted.', last_post_id='.$second_last_id.', last_poster=\''.$db->escape($second_poster).'\', num_replies='.$num_replies.' WHERE id='.$topic_id) or error('Unable to update topic', __FILE__, __LINE__, $db->error());
739	else
740	// We deleted the only reply, so now last_post/last_post_id/last_poster is posted/id/poster from the topic itself
741	$db->query('UPDATE '.$db->prefix.'topics SET last_post=posted, last_post_id=id, last_poster=poster, num_replies='.$num_replies.' WHERE id='.$topic_id) or error('Unable to update topic', __FILE__, __LINE__, $db->error());
742	}
743	else
744	// Otherwise we just decrement the reply counter
745	$db->query('UPDATE '.$db->prefix.'topics SET num_replies='.$num_replies.' WHERE id='.$topic_id) or error('Unable to update topic', __FILE__, __LINE__, $db->error());
746	}
747
748
749	//
750	// Delete every .php file in the forum's cache directory
751	//
752	function forum_clear_cache()
753	{
754	$d = dir(FORUM_CACHE_DIR);
755	while (($entry = $d->read()) !== false)
756	{
757	if (substr($entry, -4) == '.php')
758	@unlink(FORUM_CACHE_DIR.$entry);
759	}
760	$d->close();
761	}
762
763
764	//
765	// Replace censored words in $text
766	//
767	function censor_words($text)
768	{
769	global $db;
770	static $search_for, $replace_with;
771
772	// If not already built in a previous call, build an array of censor words and their replacement text
773	if (!isset($search_for))
774	{
775	if (file_exists(FORUM_CACHE_DIR.'cache_censoring.php'))
776	include FORUM_CACHE_DIR.'cache_censoring.php';
777
778	if (!defined('PUN_CENSOR_LOADED'))
779	{
780	if (!defined('FORUM_CACHE_FUNCTIONS_LOADED'))
781	require PUN_ROOT.'include/cache.php';
782
783	generate_censoring_cache();
784	require FORUM_CACHE_DIR.'cache_censoring.php';
785	}
786	}
787
788	if (!empty($search_for))
789	$text = substr(ucp_preg_replace($search_for, $replace_with, ' '.$text.' '), 1, -1);
790
791	return $text;
792	}
793
794
795	//
796	// Determines the correct title for $user
797	// $user must contain the elements 'username', 'title', 'posts', 'g_id' and 'g_user_title'
798	//
799	function get_title($user)
800	{
801	global $db, $pun_config, $pun_bans, $lang_common;
802	static $ban_list, $pun_ranks;
803
804	// If not already built in a previous call, build an array of lowercase banned usernames
805	if (empty($ban_list))
806	{
807	$ban_list = array();
808
809	foreach ($pun_bans as $cur_ban)
810	$ban_list[] = strtolower($cur_ban['username']);
811	}
812
813	// If not already loaded in a previous call, load the cached ranks
814	if ($pun_config['o_ranks'] == '1' && !defined('PUN_RANKS_LOADED'))
815	{
816	if (file_exists(FORUM_CACHE_DIR.'cache_ranks.php'))
817	include FORUM_CACHE_DIR.'cache_ranks.php';
818
819	if (!defined('PUN_RANKS_LOADED'))
820	{
821	if (!defined('FORUM_CACHE_FUNCTIONS_LOADED'))
822	require PUN_ROOT.'include/cache.php';
823
824	generate_ranks_cache();
825	require FORUM_CACHE_DIR.'cache_ranks.php';
826	}
827	}
828
829	// If the user has a custom title
830	if ($user['title'] != '')
831	$user_title = pun_htmlspecialchars($user['title']);
832	// If the user is banned
833	else if (in_array(strtolower($user['username']), $ban_list))
834	$user_title = $lang_common['Banned'];
835	// If the user group has a default user title
836	else if ($user['g_user_title'] != '')
837	$user_title = pun_htmlspecialchars($user['g_user_title']);
838	// If the user is a guest
839	else if ($user['g_id'] == PUN_GUEST)
840	$user_title = $lang_common['Guest'];
841	else
842	{
843	// Are there any ranks?
844	if ($pun_config['o_ranks'] == '1' && !empty($pun_ranks))
845	{
846	foreach ($pun_ranks as $cur_rank)
847	{
848	if ($user['num_posts'] >= $cur_rank['min_posts'])
849	$user_title = pun_htmlspecialchars($cur_rank['rank']);
850	}
851	}
852
853	// If the user didn't "reach" any rank (or if ranks are disabled), we assign the default
854	if (!isset($user_title))
855	$user_title = $lang_common['Member'];
856	}
857
858	return $user_title;
859	}
860
861
862	//
863	// Generate a string with numbered links (for multipage scripts)
864	//
865	function paginate($num_pages, $cur_page, $link)
866	{
867	global $lang_common;
868
869	$pages = array();
870	$link_to_all = false;
871
872	// If $cur_page == -1, we link to all pages (used in viewforum.php)
873	if ($cur_page == -1)
874	{
875	$cur_page = 1;
876	$link_to_all = true;
877	}
878
879	if ($num_pages <= 1)
880	$pages = array('<strong class="item1">1</strong>');
881	else
882	{
883	// Add a previous page link
884	if ($num_pages > 1 && $cur_page > 1)
885	$pages[] = '<a'.(empty($pages) ? ' class="item1"' : '').' href="'.$link.'&p='.($cur_page - 1).'">'.$lang_common['Previous'].'</a>';
886
887	if ($cur_page > 3)
888	{
889	$pages[] = '<a'.(empty($pages) ? ' class="item1"' : '').' href="'.$link.'&p=1">1</a>';
890
891	if ($cur_page > 5)
892	$pages[] = '<span class="spacer">'.$lang_common['Spacer'].'</span>';
893	}
894
895	// Don't ask me how the following works. It just does, OK? :-)
896	for ($current = ($cur_page == 5) ? $cur_page - 3 : $cur_page - 2, $stop = ($cur_page + 4 == $num_pages) ? $cur_page + 4 : $cur_page + 3; $current < $stop; ++$current)
897	{
898	if ($current < 1 \|\| $current > $num_pages)
899	continue;
900	else if ($current != $cur_page \|\| $link_to_all)
901	$pages[] = '<a'.(empty($pages) ? ' class="item1"' : '').' href="'.$link.'&p='.$current.'">'.forum_number_format($current).'</a>';
902	else
903	$pages[] = '<strong'.(empty($pages) ? ' class="item1"' : '').'>'.forum_number_format($current).'</strong>';
904	}
905
906	if ($cur_page <= ($num_pages-3))
907	{
908	if ($cur_page != ($num_pages-3) && $cur_page != ($num_pages-4))
909	$pages[] = '<span class="spacer">'.$lang_common['Spacer'].'</span>';
910
911	$pages[] = '<a'.(empty($pages) ? ' class="item1"' : '').' href="'.$link.'&p='.$num_pages.'">'.forum_number_format($num_pages).'</a>';
912	}
913
914	// Add a next page link
915	if ($num_pages > 1 && !$link_to_all && $cur_page < $num_pages)
916	$pages[] = '<a'.(empty($pages) ? ' class="item1"' : '').' href="'.$link.'&p='.($cur_page +1).'">'.$lang_common['Next'].'</a>';
917	}
918
919	return implode(' ', $pages);
920	}
921
922
923	//
924	// Display a message
925	//
926	function message($message, $no_back_link = false)
927	{
928	global $db, $lang_common, $pun_config, $pun_start, $tpl_main, $pun_user;
929
930	if (!defined('PUN_HEADER'))
931	{
932	$page_title = array(pun_htmlspecialchars($pun_config['o_board_title']), $lang_common['Info']);
933	define('PUN_ACTIVE_PAGE', 'index');
934	require PUN_ROOT.'header.php';
935	}
936
937	?>
938
939	<div id="msg" class="block">
940	<h2><span><?php echo $lang_common['Info'] ?></span></h2>
941	<div class="box">
942	<div class="inbox">
943	<p><?php echo $message ?></p>
944	<?php if (!$no_back_link): ?> <p><a href="javascript: history.go(-1)"><?php echo $lang_common['Go back'] ?></a></p>
945	<?php endif; ?> </div>
946	</div>
947	</div>
948	<?php
949
950	require PUN_ROOT.'footer.php';
951	}
952
953
954	//
955	// Format a time string according to $time_format and time zones
956	//
957	function format_time($timestamp, $date_only = false, $date_format = null, $time_format = null, $time_only = false, $no_text = false)
958	{
959	global $pun_config, $lang_common, $pun_user, $forum_date_formats, $forum_time_formats;
960
961	if ($timestamp == '')
962	return $lang_common['Never'];
963
964	$diff = ($pun_user['timezone'] + $pun_user['dst']) * 3600;
965	$timestamp += $diff;
966	$now = time();
967
968	if($date_format == null)
969	$date_format = $forum_date_formats[$pun_user['date_format']];
970
971	if($time_format == null)
972	$time_format = $forum_time_formats[$pun_user['time_format']];
973
974	$date = gmdate($date_format, $timestamp);
975	$today = gmdate($date_format, $now+$diff);
976	$yesterday = gmdate($date_format, $now+$diff-86400);
977
978	if(!$no_text)
979	{
980	if ($date == $today)
981	$date = $lang_common['Today'];
982	else if ($date == $yesterday)
983	$date = $lang_common['Yesterday'];
984	}
985
986	if ($date_only)
987	return $date;
988	else if ($time_only)
989	return gmdate($time_format, $timestamp);
990	else
991	return $date.' '.gmdate($time_format, $timestamp);
992	}
993
994
995	//
996	// A wrapper for PHP's number_format function
997	//
998	function forum_number_format($number, $decimals = 0)
999	{
1000	global $lang_common;
1001
1002	return is_numeric($number) ? number_format($number, $decimals, $lang_common['lang_decimal_point'], $lang_common['lang_thousands_sep']) : $number;
1003	}
1004
1005
1006	//
1007	// Generate a random key of length $len
1008	//
1009	function random_key($len, $readable = false, $hash = false)
1010	{
1011	$key = '';
1012
1013	if ($hash)
1014	$key = substr(pun_hash(uniqid(rand(), true)), 0, $len);
1015	else if ($readable)
1016	{
1017	$chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
1018
1019	for ($i = 0; $i < $len; ++$i)
1020	$key .= substr($chars, (mt_rand() % strlen($chars)), 1);
1021	}
1022	else
1023	{
1024	for ($i = 0; $i < $len; ++$i)
1025	$key .= chr(mt_rand(33, 126));
1026	}
1027
1028	return $key;
1029	}
1030
1031
1032	//
1033	// Make sure that HTTP_REFERER matches base_url/script
1034	//
1035	function confirm_referrer($script, $error_msg = false)
1036	{
1037	global $pun_config, $lang_common;
1038
1039	// There is no referrer
1040	if (empty($_SERVER['HTTP_REFERER']))
1041	message($error_msg ? $error_msg : $lang_common['Bad referrer']);
1042
1043	$referrer = parse_url(strtolower($_SERVER['HTTP_REFERER']));
1044	// Remove www subdomain if it exists
1045	if (strpos($referrer['host'], 'www.') === 0)
1046	$referrer['host'] = substr($referrer['host'], 4);
1047
1048	$valid = parse_url(strtolower(get_base_url().'/'.$script));
1049	// Remove www subdomain if it exists
1050	if (strpos($valid['host'], 'www.') === 0)
1051	$valid['host'] = substr($valid['host'], 4);
1052
1053	// Check the host and path match. Ignore the scheme, port, etc.
1054	if ($referrer['host'] != $valid['host'] \|\| $referrer['path'] != $valid['path'])
1055	message($error_msg ? $error_msg : $lang_common['Bad referrer']);
1056	}
1057
1058
1059	//
1060	// Generate a random password of length $len
1061	// Compatibility wrapper for random_key
1062	//
1063	function random_pass($len)
1064	{
1065	return random_key($len, true);
1066	}
1067
1068
1069	//
1070	// Compute a hash of $str
1071	//
1072	function pun_hash($str)
1073	{
1074	return sha1($str);
1075	}
1076
1077
1078	//
1079	// Try to determine the correct remote IP-address
1080	//
1081	function get_remote_address()
1082	{
1083	$remote_addr = $_SERVER['REMOTE_ADDR'];
1084
1085	// If we are behind a reverse proxy try to find the real users IP
1086	if (defined('FORUM_BEHIND_REVERSE_PROXY'))
1087	{
1088	if (isset($_SERVER['HTTP_X_FORWARDED_FOR']))
1089	{
1090	// The general format of the field is:
1091	// X-Forwarded-For: client1, proxy1, proxy2
1092	// where the value is a comma+space separated list of IP addresses, the left-most being the farthest downstream client,
1093	// and each successive proxy that passed the request adding the IP address where it received the request from.
1094	$forwarded_for = explode(',', $_SERVER['HTTP_X_FORWARDED_FOR']);
1095	$forwarded_for = trim($forwarded_for[0]);
1096
1097	if (@preg_match('%^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$%', $forwarded_for) \|\| @preg_match('%^((([0-9A-Fa-f]{1,4}:){7}[0-9A-Fa-f]{1,4})\|(([0-9A-Fa-f]{1,4}:){6}:[0-9A-Fa-f]{1,4})\|(([0-9A-Fa-f]{1,4}:){5}:([0-9A-Fa-f]{1,4}:)?[0-9A-Fa-f]{1,4})\|(([0-9A-Fa-f]{1,4}:){4}:([0-9A-Fa-f]{1,4}:){0,2}[0-9A-Fa-f]{1,4})\|(([0-9A-Fa-f]{1,4}:){3}:([0-9A-Fa-f]{1,4}:){0,3}[0-9A-Fa-f]{1,4})\|(([0-9A-Fa-f]{1,4}:){2}:([0-9A-Fa-f]{1,4}:){0,4}[0-9A-Fa-f]{1,4})\|(([0-9A-Fa-f]{1,4}:){6}((\b((25[0-5])\|(1\d{2})\|(2[0-4]\d)\|(\d{1,2}))\b)\.){3}(\b((25[0-5])\|(1\d{2})\|(2[0-4]\d)\|(\d{1,2}))\b))\|(([0-9A-Fa-f]{1,4}:){0,5}:((\b((25[0-5])\|(1\d{2})\|(2[0-4]\d)\|(\d{1,2}))\b)\.){3}(\b((25[0-5])\|(1\d{2})\|(2[0-4]\d)\|(\d{1,2}))\b))\|(::([0-9A-Fa-f]{1,4}:){0,5}((\b((25[0-5])\|(1\d{2})\|(2[0-4]\d)\|(\d{1,2}))\b)\.){3}(\b((25[0-5])\|(1\d{2})\|(2[0-4]\d)\|(\d{1,2}))\b))\|([0-9A-Fa-f]{1,4}::([0-9A-Fa-f]{1,4}:){0,5}[0-9A-Fa-f]{1,4})\|(::([0-9A-Fa-f]{1,4}:){0,6}[0-9A-Fa-f]{1,4})\|(([0-9A-Fa-f]{1,4}:){1,7}:))$%', $forwarded_for))
1098	$remote_addr = $forwarded_for;
1099	}
1100	}
1101
1102	return $remote_addr;
1103	}
1104
1105
1106	//
1107	// Calls htmlspecialchars with a few options already set
1108	//
1109	function pun_htmlspecialchars($str)
1110	{
1111	return htmlspecialchars($str, ENT_QUOTES, 'UTF-8');
1112	}
1113
1114
1115	//
1116	// Calls htmlspecialchars_decode with a few options already set
1117	//
1118	function pun_htmlspecialchars_decode($str)
1119	{
1120	if (function_exists('htmlspecialchars_decode'))
1121	return htmlspecialchars_decode($str, ENT_QUOTES);
1122
1123	static $translations;
1124	if (!isset($translations))
1125	{
1126	$translations = get_html_translation_table(HTML_SPECIALCHARS, ENT_QUOTES);
1127	$translations['''] = '\''; // get_html_translation_table doesn't include ' which is what htmlspecialchars translates ' to, but apparently that is okay?! http://bugs.php.net/bug.php?id=25927
1128	$translations = array_flip($translations);
1129	}
1130
1131	return strtr($str, $translations);
1132	}
1133
1134
1135	//
1136	// A wrapper for utf8_strlen for compatibility
1137	//
1138	function pun_strlen($str)
1139	{
1140	return utf8_strlen($str);
1141	}
1142
1143
1144	//
1145	// Convert \r\n and \r to \n
1146	//
1147	function pun_linebreaks($str)
1148	{
1149	return str_replace("\r", "\n", str_replace("\r\n", "\n", $str));
1150	}
1151
1152
1153	//
1154	// A wrapper for utf8_trim for compatibility
1155	//
1156	function pun_trim($str, $charlist = false)
1157	{
1158	return utf8_trim($str, $charlist);
1159	}
1160
1161	//
1162	// Checks if a string is in all uppercase
1163	//
1164	function is_all_uppercase($string)
1165	{
1166	return utf8_strtoupper($string) == $string && utf8_strtolower($string) != $string;
1167	}
1168
1169
1170	//
1171	// Inserts $element into $input at $offset
1172	// $offset can be either a numerical offset to insert at (eg: 0 inserts at the beginning of the array)
1173	// or a string, which is the key that the new element should be inserted before
1174	// $key is optional: it's used when inserting a new key/value pair into an associative array
1175	//
1176	function array_insert(&$input, $offset, $element, $key = null)
1177	{
1178	if ($key == null)
1179	$key = $offset;
1180
1181	// Determine the proper offset if we're using a string
1182	if (!is_int($offset))
1183	$offset = array_search($offset, array_keys($input), true);
1184
1185	// Out of bounds checks
1186	if ($offset > count($input))
1187	$offset = count($input);
1188	else if ($offset < 0)
1189	$offset = 0;
1190
1191	$input = array_merge(array_slice($input, 0, $offset), array($key => $element), array_slice($input, $offset));
1192	}
1193
1194
1195	//
1196	// Display a message when board is in maintenance mode
1197	//
1198	function maintenance_message()
1199	{
1200	global $db, $pun_config, $lang_common, $pun_user;
1201
1202	// Send no-cache headers
1203	header('Expires: Thu, 21 Jul 1977 07:30:00 GMT'); // When yours truly first set eyes on this world! :)
1204	header('Last-Modified: '.gmdate('D, d M Y H:i:s').' GMT');
1205	header('Cache-Control: post-check=0, pre-check=0', false);
1206	header('Pragma: no-cache'); // For HTTP/1.0 compatibility
1207
1208	// Send the Content-type header in case the web server is setup to send something else
1209	header('Content-type: text/html; charset=utf-8');
1210
1211	// Deal with newlines, tabs and multiple spaces
1212	$pattern = array("\t", ' ', ' ');
1213	$replace = array('    ', '  ', '  ');
1214	$message = str_replace($pattern, $replace, $pun_config['o_maintenance_message']);
1215
1216	if (file_exists(PUN_ROOT.'style/'.$pun_user['style'].'/maintenance.tpl'))
1217	{
1218	$tpl_file = PUN_ROOT.'style/'.$pun_user['style'].'/maintenance.tpl';
1219	$tpl_inc_dir = PUN_ROOT.'style/'.$pun_user['style'].'/';
1220	}
1221	else
1222	{
1223	$tpl_file = PUN_ROOT.'include/template/maintenance.tpl';
1224	$tpl_inc_dir = PUN_ROOT.'include/user/';
1225	}
1226
1227	$tpl_maint = file_get_contents($tpl_file);
1228
1229	// START SUBST - <pun_include "*">
1230	preg_match_all('%<pun_include "([^/\\\\]*?)\.(php[45]?\|inc\|html?\|txt)">%i', $tpl_maint, $pun_includes, PREG_SET_ORDER);
1231
1232	foreach ($pun_includes as $cur_include)
1233	{
1234	ob_start();
1235
1236	// Allow for overriding user includes, too.
1237	if (file_exists($tpl_inc_dir.$cur_include[1].'.'.$cur_include[2]))
1238	require $tpl_inc_dir.$cur_include[1].'.'.$cur_include[2];
1239	else if (file_exists(PUN_ROOT.'include/user/'.$cur_include[1].'.'.$cur_include[2]))
1240	require PUN_ROOT.'include/user/'.$cur_include[1].'.'.$cur_include[2];
1241	else
1242	error(sprintf($lang_common['Pun include error'], htmlspecialchars($cur_include[0]), basename($tpl_file)));
1243
1244	$tpl_temp = ob_get_contents();
1245	$tpl_maint = str_replace($cur_include[0], $tpl_temp, $tpl_maint);
1246	ob_end_clean();
1247	}
1248	// END SUBST - <pun_include "*">
1249
1250
1251	// START SUBST - <pun_language>
1252	$tpl_maint = str_replace('<pun_language>', $lang_common['lang_identifier'], $tpl_maint);
1253	// END SUBST - <pun_language>
1254
1255
1256	// START SUBST - <pun_content_direction>
1257	$tpl_maint = str_replace('<pun_content_direction>', $lang_common['lang_direction'], $tpl_maint);
1258	// END SUBST - <pun_content_direction>
1259
1260
1261	// START SUBST - <pun_head>
1262	ob_start();
1263
1264	$page_title = array(pun_htmlspecialchars($pun_config['o_board_title']), $lang_common['Maintenance']);
1265
1266	?>
1267	<title><?php echo generate_page_title($page_title) ?></title>
1268	<link rel="stylesheet" type="text/css" href="style/<?php echo $pun_user['style'].'.css' ?>" />
1269	<?php
1270
1271	$tpl_temp = trim(ob_get_contents());
1272	$tpl_maint = str_replace('<pun_head>', $tpl_temp, $tpl_maint);
1273	ob_end_clean();
1274	// END SUBST - <pun_head>
1275
1276
1277	// START SUBST - <pun_maint_main>
1278	ob_start();
1279
1280	?>
1281	<div class="block">
1282	<h2><?php echo $lang_common['Maintenance'] ?></h2>
1283	<div class="box">
1284	<div class="inbox">
1285	<p><?php echo $message ?></p>
1286	</div>
1287	</div>
1288	</div>
1289	<?php
1290
1291	$tpl_temp = trim(ob_get_contents());
1292	$tpl_maint = str_replace('<pun_maint_main>', $tpl_temp, $tpl_maint);
1293	ob_end_clean();
1294	// END SUBST - <pun_maint_main>
1295
1296
1297	// End the transaction
1298	$db->end_transaction();
1299
1300
1301	// Close the db connection (and free up any result data)
1302	$db->close();
1303
1304	exit($tpl_maint);
1305	}
1306
1307
1308	//
1309	// Display $message and redirect user to $destination_url
1310	//
1311	function redirect($destination_url, $message)
1312	{
1313	global $db, $pun_config, $lang_common, $pun_user;
1314
1315	// Prefix with base_url (unless there's already a valid URI)
1316	if (strpos($destination_url, 'http://') !== 0 && strpos($destination_url, 'https://') !== 0 && strpos($destination_url, '/') !== 0)
1317	$destination_url = get_base_url(true).'/'.$destination_url;
1318
1319	// Do a little spring cleaning
1320	$destination_url = preg_replace('%([\r\n])\|(\%0[ad])\|(;\sdata\s:)%i', '', $destination_url);
1321
1322	// If the delay is 0 seconds, we might as well skip the redirect all together
1323	if ($pun_config['o_redirect_delay'] == '0')
1324	header('Location: '.str_replace('&', '&', $destination_url));
1325
1326	// Send no-cache headers
1327	header('Expires: Thu, 21 Jul 1977 07:30:00 GMT'); // When yours truly first set eyes on this world! :)
1328	header('Last-Modified: '.gmdate('D, d M Y H:i:s').' GMT');
1329	header('Cache-Control: post-check=0, pre-check=0', false);
1330	header('Pragma: no-cache'); // For HTTP/1.0 compatibility
1331
1332	// Send the Content-type header in case the web server is setup to send something else
1333	header('Content-type: text/html; charset=utf-8');
1334
1335	if (file_exists(PUN_ROOT.'style/'.$pun_user['style'].'/redirect.tpl'))
1336	{
1337	$tpl_file = PUN_ROOT.'style/'.$pun_user['style'].'/redirect.tpl';
1338	$tpl_inc_dir = PUN_ROOT.'style/'.$pun_user['style'].'/';
1339	}
1340	else
1341	{
1342	$tpl_file = PUN_ROOT.'include/template/redirect.tpl';
1343	$tpl_inc_dir = PUN_ROOT.'include/user/';
1344	}
1345
1346	$tpl_redir = file_get_contents($tpl_file);
1347
1348	// START SUBST - <pun_include "*">
1349	preg_match_all('%<pun_include "([^/\\\\]*?)\.(php[45]?\|inc\|html?\|txt)">%i', $tpl_redir, $pun_includes, PREG_SET_ORDER);
1350
1351	foreach ($pun_includes as $cur_include)
1352	{
1353	ob_start();
1354
1355	// Allow for overriding user includes, too.
1356	if (file_exists($tpl_inc_dir.$cur_include[1].'.'.$cur_include[2]))
1357	require $tpl_inc_dir.$cur_include[1].'.'.$cur_include[2];
1358	else if (file_exists(PUN_ROOT.'include/user/'.$cur_include[1].'.'.$cur_include[2]))
1359	require PUN_ROOT.'include/user/'.$cur_include[1].'.'.$cur_include[2];
1360	else
1361	error(sprintf($lang_common['Pun include error'], htmlspecialchars($cur_include[0]), basename($tpl_file)));
1362
1363	$tpl_temp = ob_get_contents();
1364	$tpl_redir = str_replace($cur_include[0], $tpl_temp, $tpl_redir);
1365	ob_end_clean();
1366	}
1367	// END SUBST - <pun_include "*">
1368
1369
1370	// START SUBST - <pun_language>
1371	$tpl_redir = str_replace('<pun_language>', $lang_common['lang_identifier'], $tpl_redir);
1372	// END SUBST - <pun_language>
1373
1374
1375	// START SUBST - <pun_content_direction>
1376	$tpl_redir = str_replace('<pun_content_direction>', $lang_common['lang_direction'], $tpl_redir);
1377	// END SUBST - <pun_content_direction>
1378
1379
1380	// START SUBST - <pun_head>
1381	ob_start();
1382
1383	$page_title = array(pun_htmlspecialchars($pun_config['o_board_title']), $lang_common['Redirecting']);
1384
1385	?>
1386	<meta http-equiv="refresh" content="<?php echo $pun_config['o_redirect_delay'] ?>;URL=<?php echo str_replace(array('<', '>', '"'), array('<', '>', '"'), $destination_url) ?>" />
1387	<title><?php echo generate_page_title($page_title) ?></title>
1388	<link rel="stylesheet" type="text/css" href="style/<?php echo $pun_user['style'].'.css' ?>" />
1389	<?php
1390
1391	$tpl_temp = trim(ob_get_contents());
1392	$tpl_redir = str_replace('<pun_head>', $tpl_temp, $tpl_redir);
1393	ob_end_clean();
1394	// END SUBST - <pun_head>
1395
1396
1397	// START SUBST - <pun_redir_main>
1398	ob_start();
1399
1400	?>
1401	<div class="block">
1402	<h2><?php echo $lang_common['Redirecting'] ?></h2>
1403	<div class="box">
1404	<div class="inbox">
1405	<p><?php echo $message.'<br /><br /><a href="'.$destination_url.'">'.$lang_common['Click redirect'].'</a>' ?></p>
1406	</div>
1407	</div>
1408	</div>
1409	<?php
1410
1411	$tpl_temp = trim(ob_get_contents());
1412	$tpl_redir = str_replace('<pun_redir_main>', $tpl_temp, $tpl_redir);
1413	ob_end_clean();
1414	// END SUBST - <pun_redir_main>
1415
1416
1417	// START SUBST - <pun_footer>
1418	ob_start();
1419
1420	// End the transaction
1421	$db->end_transaction();
1422
1423	// Display executed queries (if enabled)
1424	if (defined('PUN_SHOW_QUERIES'))
1425	display_saved_queries();
1426
1427	$tpl_temp = trim(ob_get_contents());
1428	$tpl_redir = str_replace('<pun_footer>', $tpl_temp, $tpl_redir);
1429	ob_end_clean();
1430	// END SUBST - <pun_footer>
1431
1432
1433	// Close the db connection (and free up any result data)
1434	$db->close();
1435
1436	exit($tpl_redir);
1437	}
1438
1439
1440	//
1441	// Display a simple error message
1442	//
1443	function error($message, $file = null, $line = null, $db_error = false)
1444	{
1445	global $pun_config, $lang_common;
1446
1447	// Set some default settings if the script failed before $pun_config could be populated
1448	if (empty($pun_config))
1449	{
1450	$pun_config = array(
1451	'o_board_title' => 'FluxBB',
1452	'o_gzip' => '0'
1453	);
1454	}
1455
1456	// Set some default translations if the script failed before $lang_common could be populated
1457	if (empty($lang_common))
1458	{
1459	$lang_common = array(
1460	'Title separator' => ' / ',
1461	'Page' => 'Page %s'
1462	);
1463	}
1464
1465	// Empty all output buffers and stop buffering
1466	while (@ob_end_clean());
1467
1468	// "Restart" output buffering if we are using ob_gzhandler (since the gzip header is already sent)
1469	if ($pun_config['o_gzip'] && extension_loaded('zlib'))
1470	ob_start('ob_gzhandler');
1471
1472	// Send no-cache headers
1473	header('Expires: Thu, 21 Jul 1977 07:30:00 GMT'); // When yours truly first set eyes on this world! :)
1474	header('Last-Modified: '.gmdate('D, d M Y H:i:s').' GMT');
1475	header('Cache-Control: post-check=0, pre-check=0', false);
1476	header('Pragma: no-cache'); // For HTTP/1.0 compatibility
1477
1478	// Send the Content-type header in case the web server is setup to send something else
1479	header('Content-type: text/html; charset=utf-8');
1480
1481	?>
1482	<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
1483	<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr">
1484	<head>
1485	<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
1486	<?php $page_title = array(pun_htmlspecialchars($pun_config['o_board_title']), 'Error') ?>
1487	<title><?php echo generate_page_title($page_title) ?></title>
1488	<style type="text/css">
1489	<!--
1490	BODY {MARGIN: 10% 20% auto 20%; font: 10px Verdana, Arial, Helvetica, sans-serif}
1491	#errorbox {BORDER: 1px solid #B84623}
1492	H2 {MARGIN: 0; COLOR: #FFFFFF; BACKGROUND-COLOR: #B84623; FONT-SIZE: 1.1em; PADDING: 5px 4px}
1493	#errorbox DIV {PADDING: 6px 5px; BACKGROUND-COLOR: #F1F1F1}
1494	-->
1495	</style>
1496	</head>
1497	<body>
1498
1499	<div id="errorbox">
1500	<h2>An error was encountered</h2>
1501	<div>
1502	<?php
1503
1504	if (defined('PUN_DEBUG') && $file !== null && $line !== null)
1505	{
1506	echo "\t\t".'<strong>File:</strong> '.$file.'<br />'."\n\t\t".'<strong>Line:</strong> '.$line.'<br /><br />'."\n\t\t".'<strong>FluxBB reported</strong>: '.$message."\n";
1507
1508	if ($db_error)
1509	{
1510	echo "\t\t".'<br /><br /><strong>Database reported:</strong> '.pun_htmlspecialchars($db_error['error_msg']).(($db_error['error_no']) ? ' (Errno: '.$db_error['error_no'].')' : '')."\n";
1511
1512	if ($db_error['error_sql'] != '')
1513	echo "\t\t".'<br /><br /><strong>Failed query:</strong> '.pun_htmlspecialchars($db_error['error_sql'])."\n";
1514	}
1515	}
1516	else
1517	echo "\t\t".'Error: <strong>'.$message.'.</strong>'."\n";
1518
1519	?>
1520	</div>
1521	</div>
1522
1523	</body>
1524	</html>
1525	<?php
1526
1527	// If a database connection was established (before this error) we close it
1528	if ($db_error)
1529	$GLOBALS['db']->close();
1530
1531	exit;
1532	}
1533
1534
1535	//
1536	// Unset any variables instantiated as a result of register_globals being enabled
1537	//
1538	function forum_unregister_globals()
1539	{
1540	$register_globals = ini_get('register_globals');
1541	if ($register_globals === '' \|\| $register_globals === '0' \|\| strtolower($register_globals) === 'off')
1542	return;
1543
1544	// Prevent script.php?GLOBALS[foo]=bar
1545	if (isset($_REQUEST['GLOBALS']) \|\| isset($_FILES['GLOBALS']))
1546	exit('I\'ll have a steak sandwich and... a steak sandwich.');
1547
1548	// Variables that shouldn't be unset
1549	$no_unset = array('GLOBALS', '_GET', '_POST', '_COOKIE', '_REQUEST', '_SERVER', '_ENV', '_FILES');
1550
1551	// Remove elements in $GLOBALS that are present in any of the superglobals
1552	$input = array_merge($_GET, $_POST, $_COOKIE, $_SERVER, $_ENV, $_FILES, isset($_SESSION) && is_array($_SESSION) ? $_SESSION : array());
1553	foreach ($input as $k => $v)
1554	{
1555	if (!in_array($k, $no_unset) && isset($GLOBALS[$k]))
1556	{
1557	unset($GLOBALS[$k]);
1558	unset($GLOBALS[$k]); // Double unset to circumvent the zend_hash_del_key_or_index hole in PHP <4.4.3 and <5.1.4
1559	}
1560	}
1561	}
1562
1563
1564	//
1565	// Removes any "bad" characters (characters which mess with the display of a page, are invisible, etc) from user input
1566	//
1567	function forum_remove_bad_characters()
1568	{
1569	$_GET = remove_bad_characters($_GET);
1570	$_POST = remove_bad_characters($_POST);
1571	$_COOKIE = remove_bad_characters($_COOKIE);
1572	$_REQUEST = remove_bad_characters($_REQUEST);
1573	}
1574
1575	//
1576	// Removes any "bad" characters (characters which mess with the display of a page, are invisible, etc) from the given string
1577	// See: http://kb.mozillazine.org/Network.IDN.blacklist_chars
1578	//
1579	function remove_bad_characters($array)
1580	{
1581	static $bad_utf8_chars;
1582
1583	if (!isset($bad_utf8_chars))
1584	{
1585	$bad_utf8_chars = array(
1586	"\xcc\xb7" => '', // COMBINING SHORT SOLIDUS OVERLAY 0337 *
1587	"\xcc\xb8" => '', // COMBINING LONG SOLIDUS OVERLAY 0338 *
1588	"\xe1\x85\x9F" => '', // HANGUL CHOSEONG FILLER 115F *
1589	"\xe1\x85\xA0" => '', // HANGUL JUNGSEONG FILLER 1160 *
1590	"\xe2\x80\x8b" => '', // ZERO WIDTH SPACE 200B *
1591	"\xe2\x80\x8c" => '', // ZERO WIDTH NON-JOINER 200C
1592	"\xe2\x80\x8d" => '', // ZERO WIDTH JOINER 200D
1593	"\xe2\x80\x8e" => '', // LEFT-TO-RIGHT MARK 200E
1594	"\xe2\x80\x8f" => '', // RIGHT-TO-LEFT MARK 200F
1595	"\xe2\x80\xaa" => '', // LEFT-TO-RIGHT EMBEDDING 202A
1596	"\xe2\x80\xab" => '', // RIGHT-TO-LEFT EMBEDDING 202B
1597	"\xe2\x80\xac" => '', // POP DIRECTIONAL FORMATTING 202C
1598	"\xe2\x80\xad" => '', // LEFT-TO-RIGHT OVERRIDE 202D
1599	"\xe2\x80\xae" => '', // RIGHT-TO-LEFT OVERRIDE 202E
1600	"\xe2\x80\xaf" => '', // NARROW NO-BREAK SPACE 202F *
1601	"\xe2\x81\x9f" => '', // MEDIUM MATHEMATICAL SPACE 205F *
1602	"\xe2\x81\xa0" => '', // WORD JOINER 2060
1603	"\xe3\x85\xa4" => '', // HANGUL FILLER 3164 *
1604	"\xef\xbb\xbf" => '', // ZERO WIDTH NO-BREAK SPACE FEFF
1605	"\xef\xbe\xa0" => '', // HALFWIDTH HANGUL FILLER FFA0 *
1606	"\xef\xbf\xb9" => '', // INTERLINEAR ANNOTATION ANCHOR FFF9 *
1607	"\xef\xbf\xba" => '', // INTERLINEAR ANNOTATION SEPARATOR FFFA *
1608	"\xef\xbf\xbb" => '', // INTERLINEAR ANNOTATION TERMINATOR FFFB *
1609	"\xef\xbf\xbc" => '', // OBJECT REPLACEMENT CHARACTER FFFC *
1610	"\xef\xbf\xbd" => '', // REPLACEMENT CHARACTER FFFD *
1611	"\xe2\x80\x80" => ' ', // EN QUAD 2000 *
1612	"\xe2\x80\x81" => ' ', // EM QUAD 2001 *
1613	"\xe2\x80\x82" => ' ', // EN SPACE 2002 *
1614	"\xe2\x80\x83" => ' ', // EM SPACE 2003 *
1615	"\xe2\x80\x84" => ' ', // THREE-PER-EM SPACE 2004 *
1616	"\xe2\x80\x85" => ' ', // FOUR-PER-EM SPACE 2005 *
1617	"\xe2\x80\x86" => ' ', // SIX-PER-EM SPACE 2006 *
1618	"\xe2\x80\x87" => ' ', // FIGURE SPACE 2007 *
1619	"\xe2\x80\x88" => ' ', // PUNCTUATION SPACE 2008 *
1620	"\xe2\x80\x89" => ' ', // THIN SPACE 2009 *
1621	"\xe2\x80\x8a" => ' ', // HAIR SPACE 200A *
1622	"\xE3\x80\x80" => ' ', // IDEOGRAPHIC SPACE 3000 *
1623	);
1624	}
1625
1626	if (is_array($array))
1627	return array_map('remove_bad_characters', $array);
1628
1629	// Strip out any invalid characters
1630	$array = utf8_bad_strip($array);
1631
1632	// Remove control characters
1633	$array = preg_replace('%[\x{00}-\x{08}\x{0b}-\x{0c}\x{0e}-\x{1f}]%', '', $array);
1634
1635	// Replace some "bad" characters
1636	$array = str_replace(array_keys($bad_utf8_chars), array_values($bad_utf8_chars), $array);
1637
1638	return $array;
1639	}
1640
1641
1642	//
1643	// Converts the file size in bytes to a human readable file size
1644	//
1645	function file_size($size)
1646	{
1647	global $lang_common;
1648
1649	$units = array('B', 'KiB', 'MiB', 'GiB', 'TiB', 'PiB', 'EiB');
1650
1651	for ($i = 0; $size > 1024; $i++)
1652	$size /= 1024;
1653
1654	return sprintf($lang_common['Size unit '.$units[$i]], round($size, 2));;
1655	}
1656
1657
1658	//
1659	// Fetch a list of available styles
1660	//
1661	function forum_list_styles()
1662	{
1663	$styles = array();
1664
1665	$d = dir(PUN_ROOT.'style');
1666	while (($entry = $d->read()) !== false)
1667	{
1668	if ($entry{0} == '.')
1669	continue;
1670
1671	if (substr($entry, -4) == '.css')
1672	$styles[] = substr($entry, 0, -4);
1673	}
1674	$d->close();
1675
1676	natcasesort($styles);
1677
1678	return $styles;
1679	}
1680
1681
1682	//
1683	// Fetch a list of available language packs
1684	//
1685	function forum_list_langs()
1686	{
1687	$languages = array();
1688
1689	$d = dir(PUN_ROOT.'lang');
1690	while (($entry = $d->read()) !== false)
1691	{
1692	if ($entry{0} == '.')
1693	continue;
1694
1695	if (is_dir(PUN_ROOT.'lang/'.$entry) && file_exists(PUN_ROOT.'lang/'.$entry.'/common.php'))
1696	$languages[] = $entry;
1697	}
1698	$d->close();
1699
1700	natcasesort($languages);
1701
1702	return $languages;
1703	}
1704
1705
1706	//
1707	// Generate a cache ID based on the last modification time for all stopwords files
1708	//
1709	function generate_stopwords_cache_id()
1710	{
1711	$files = glob(PUN_ROOT.'lang/*/stopwords.txt');
1712	if ($files === false)
1713	return 'cache_id_error';
1714
1715	$hash = array();
1716
1717	foreach ($files as $file)
1718	{
1719	$hash[] = $file;
1720	$hash[] = filemtime($file);
1721	}
1722
1723	return sha1(implode('\|', $hash));
1724	}
1725
1726
1727	//
1728	// Fetch a list of available admin plugins
1729	//
1730	function forum_list_plugins($is_admin)
1731	{
1732	$plugins = array();
1733
1734	$d = dir(PUN_ROOT.'plugins');
1735	while (($entry = $d->read()) !== false)
1736	{
1737	if ($entry{0} == '.')
1738	continue;
1739
1740	$prefix = substr($entry, 0, strpos($entry, '_'));
1741	$suffix = substr($entry, strlen($entry) - 4);
1742
1743	if ($suffix == '.php' && ((!$is_admin && $prefix == 'AMP') \|\| ($is_admin && ($prefix == 'AP' \|\| $prefix == 'AMP'))))
1744	$plugins[$entry] = substr($entry, strpos($entry, '_') + 1, -4);
1745	}
1746	$d->close();
1747
1748	natcasesort($plugins);
1749
1750	return $plugins;
1751	}
1752
1753
1754	//
1755	// Split text into chunks ($inside contains all text inside $start and $end, and $outside contains all text outside)
1756	//
1757	function split_text($text, $start, $end, &$errors, $retab = true)
1758	{
1759	global $pun_config, $lang_common;
1760
1761	$result = array(0 => array(), 1 => array()); // 0 = inside, 1 = outside
1762
1763	// split the text into parts
1764	$parts = preg_split('%'.preg_quote($start, '%').'(.*)'.preg_quote($end, '%').'%Us', $text, -1, PREG_SPLIT_DELIM_CAPTURE);
1765	$num_parts = count($parts);
1766
1767	// preg_split results in outside parts having even indices, inside parts having odd
1768	for ($i = 0;$i < $num_parts;$i++)
1769	$result[1 - ($i % 2)][] = $parts[$i];
1770
1771	if ($pun_config['o_indent_num_spaces'] != 8 && $retab)
1772	{
1773	$spaces = str_repeat(' ', $pun_config['o_indent_num_spaces']);
1774	$result[1] = str_replace("\t", $spaces, $result[1]);
1775	}
1776
1777	return $result;
1778	}
1779
1780
1781	//
1782	// Extract blocks from a text with a starting and ending string
1783	// This function always matches the most outer block so nesting is possible
1784	//
1785	function extract_blocks($text, $start, $end, &$errors = array(), $retab = true)
1786	{
1787	global $pun_config;
1788
1789	$code = array();
1790	$start_len = strlen($start);
1791	$end_len = strlen($end);
1792	$regex = '%(?:'.preg_quote($start, '%').'\|'.preg_quote($end, '%').')%';
1793	$matches = array();
1794
1795	if (preg_match_all($regex, $text, $matches))
1796	{
1797	$counter = $offset = 0;
1798	$start_pos = $end_pos = false;
1799
1800	foreach ($matches[0] as $match)
1801	{
1802	if ($match == $start)
1803	{
1804	if ($counter == 0)
1805	$start_pos = strpos($text, $start);
1806	$counter++;
1807	}
1808	elseif ($match == $end)
1809	{
1810	$counter--;
1811	if ($counter == 0)
1812	$end_pos = strpos($text, $end, $offset + 1);
1813	$offset = strpos($text, $end, $offset + 1);
1814	}
1815
1816	if ($start_pos !== false && $end_pos !== false)
1817	{
1818	$code[] = substr($text, $start_pos + $start_len,
1819	$end_pos - $start_pos - $start_len);
1820	$text = substr_replace($text, "\1", $start_pos,
1821	$end_pos - $start_pos + $end_len);
1822	$start_pos = $end_pos = false;
1823	$offset = 0;
1824	}
1825	}
1826	}
1827
1828	if ($pun_config['o_indent_num_spaces'] != 8 && $retab)
1829	{
1830	$spaces = str_repeat(' ', $pun_config['o_indent_num_spaces']);
1831	$text = str_replace("\t", $spaces, $text);
1832	}
1833
1834	return array($code, $text);
1835	}
1836
1837
1838	//
1839	// function url_valid($url) {
1840	//
1841	// Return associative array of valid URI components, or FALSE if $url is not
1842	// RFC-3986 compliant. If the passed URL begins with: "www." or "ftp.", then
1843	// "http://" or "ftp://" is prepended and the corrected full-url is stored in
1844	// the return array with a key name "url". This value should be used by the caller.
1845	//
1846	// Return value: FALSE if $url is not valid, otherwise array of URI components:
1847	// e.g.
1848	// Given: "http://www.jmrware.com:80/articles?height=10&width=75#fragone"
1849	// Array(
1850	// [scheme] => http
1851	// [authority] => www.jmrware.com:80
1852	// [userinfo] =>
1853	// [host] => www.jmrware.com
1854	// [IP_literal] =>
1855	// [IPV6address] =>
1856	// [ls32] =>
1857	// [IPvFuture] =>
1858	// [IPv4address] =>
1859	// [regname] => www.jmrware.com
1860	// [port] => 80
1861	// [path_abempty] => /articles
1862	// [query] => height=10&width=75
1863	// [fragment] => fragone
1864	// [url] => http://www.jmrware.com:80/articles?height=10&width=75#fragone
1865	// )
1866	function url_valid($url)
1867	{
1868	if (strpos($url, 'www.') === 0) $url = 'http://'. $url;
1869	if (strpos($url, 'ftp.') === 0) $url = 'ftp://'. $url;
1870	if (!preg_match('/# Valid absolute URI having a non-empty, valid DNS host.
1871	^
1872	(?P<scheme>[A-Za-z][A-Za-z0-9+\-.]*):\/\/
1873	(?P<authority>
1874	(?:(?P<userinfo>(?:[A-Za-z0-9\-._~!$&\'()+,;=:]\|%[0-9A-Fa-f]{2}))@)?
1875	(?P<host>
1876	(?P<IP_literal>
1877	\[
1878	(?:
1879	(?P<IPV6address>
1880	(?: (?:[0-9A-Fa-f]{1,4}:){6}
1881	\| ::(?:[0-9A-Fa-f]{1,4}:){5}
1882	\| (?: [0-9A-Fa-f]{1,4})?::(?:[0-9A-Fa-f]{1,4}:){4}
1883	\| (?:(?:[0-9A-Fa-f]{1,4}:){0,1}[0-9A-Fa-f]{1,4})?::(?:[0-9A-Fa-f]{1,4}:){3}
1884	\| (?:(?:[0-9A-Fa-f]{1,4}:){0,2}[0-9A-Fa-f]{1,4})?::(?:[0-9A-Fa-f]{1,4}:){2}
1885	\| (?:(?:[0-9A-Fa-f]{1,4}:){0,3}[0-9A-Fa-f]{1,4})?:: [0-9A-Fa-f]{1,4}:
1886	\| (?:(?:[0-9A-Fa-f]{1,4}:){0,4}[0-9A-Fa-f]{1,4})?::
1887	)
1888	(?P<ls32>[0-9A-Fa-f]{1,4}:[0-9A-Fa-f]{1,4}
1889	\| (?:(?:25[0-5]\|2[0-4][0-9]\|[01]?[0-9][0-9]?)\.){3}
1890	(?:25[0-5]\|2[0-4][0-9]\|[01]?[0-9][0-9]?)
1891	)
1892	\| (?:(?:[0-9A-Fa-f]{1,4}:){0,5}[0-9A-Fa-f]{1,4})?:: [0-9A-Fa-f]{1,4}
1893	\| (?:(?:[0-9A-Fa-f]{1,4}:){0,6}[0-9A-Fa-f]{1,4})?::
1894	)
1895	\| (?P<IPvFuture>[Vv][0-9A-Fa-f]+\.[A-Za-z0-9\-._~!$&\'()*+,;=:]+)
1896	)
1897	\]
1898	)
1899	\| (?P<IPv4address>(?:(?:25[0-5]\|2[0-4][0-9]\|[01]?[0-9][0-9]?)\.){3}
1900	(?:25[0-5]\|2[0-4][0-9]\|[01]?[0-9][0-9]?))
1901	\| (?P<regname>(?:[A-Za-z0-9\-._~!$&\'()*+,;=]\|%[0-9A-Fa-f]{2})+)
1902	)
1903	(?::(?P<port>[0-9]*))?
1904	)
1905	(?P<path_abempty>(?:\/(?:[A-Za-z0-9\-._~!$&\'()+,;=:@]\|%[0-9A-Fa-f]{2}))*)
1906	(?:\?(?P<query> (?:[A-Za-z0-9\-._~!$&\'()+,;=:@\\/?]\|%[0-9A-Fa-f]{2})))?
1907	(?:\#(?P<fragment> (?:[A-Za-z0-9\-._~!$&\'()+,;=:@\\/?]\|%[0-9A-Fa-f]{2})))?
1908	$
1909	/mx', $url, $m)) return FALSE;
1910	switch ($m['scheme'])
1911	{
1912	case 'https':
1913	case 'http':
1914	if ($m['userinfo']) return FALSE; // HTTP scheme does not allow userinfo.
1915	break;
1916	case 'ftps':
1917	case 'ftp':
1918	break;
1919	default:
1920	return FALSE; // Unrecognised URI scheme. Default to FALSE.
1921	}
1922	// Validate host name conforms to DNS "dot-separated-parts".
1923	if ($m{'regname'}) // If host regname specified, check for DNS conformance.
1924	{
1925	if (!preg_match('/# HTTP DNS host name.
1926	^ # Anchor to beginning of string.
1927	(?!.{256}) # Overall host length is less than 256 chars.
1928	(?: # Group dot separated host part alternatives.
1929	[0-9A-Za-z]\. # Either a single alphanum followed by dot
1930	\| # or... part has more than one char (63 chars max).
1931	[0-9A-Za-z] # Part first char is alphanum (no dash).
1932	[\-0-9A-Za-z]{0,61} # Internal chars are alphanum plus dash.
1933	[0-9A-Za-z] # Part last char is alphanum (no dash).
1934	\. # Each part followed by literal dot.
1935	)* # One or more parts before top level domain.
1936	(?: # Explicitly specify top level domains.
1937	com\|edu\|gov\|int\|mil\|net\|org\|biz\|
1938	info\|name\|pro\|aero\|coop\|museum\|
1939	asia\|cat\|jobs\|mobi\|tel\|travel\|
1940	[A-Za-z]{2}) # Country codes are exqactly two alpha chars.
1941	$ # Anchor to end of string.
1942	/ix', $m['host'])) return FALSE;
1943	}
1944	$m['url'] = $url;
1945	for ($i = 0; isset($m[$i]); ++$i) unset($m[$i]);
1946	return $m; // return TRUE == array of useful named $matches plus the valid $url.
1947	}
1948
1949	//
1950	// Replace string matching regular expression
1951	//
1952	// This function takes care of possibly disabled unicode properties in PCRE builds
1953	//
1954	function ucp_preg_replace($pattern, $replace, $subject)
1955	{
1956	$replaced = preg_replace($pattern, $replace, $subject);
1957
1958	// If preg_replace() returns false, this probably means unicode support is not built-in, so we need to modify the pattern a little
1959	if ($replaced === false)
1960	{
1961	if (is_array($pattern))
1962	{
1963	foreach ($pattern as $cur_key => $cur_pattern)
1964	$pattern[$cur_key] = str_replace('\p{L}\p{N}', '\w', $cur_pattern);
1965
1966	$replaced = preg_replace($pattern, $replace, $subject);
1967	}
1968	else
1969	$replaced = preg_replace(str_replace('\p{L}\p{N}', '\w', $pattern), $replace, $subject);
1970	}
1971
1972	return $replaced;
1973	}
1974
1975	// DEBUG FUNCTIONS BELOW
1976
1977	//
1978	// Display executed queries (if enabled)
1979	//
1980	function display_saved_queries()
1981	{
1982	global $db, $lang_common;
1983
1984	// Get the queries so that we can print them out
1985	$saved_queries = $db->get_saved_queries();
1986
1987	?>
1988
1989	<div id="debug" class="blocktable">
1990	<h2><span><?php echo $lang_common['Debug table'] ?></span></h2>
1991	<div class="box">
1992	<div class="inbox">
1993	<table cellspacing="0">
1994	<thead>
1995	<tr>
1996	<th class="tcl" scope="col"><?php echo $lang_common['Query times'] ?></th>
1997	<th class="tcr" scope="col"><?php echo $lang_common['Query'] ?></th>
1998	</tr>
1999	</thead>
2000	<tbody>
2001	<?php
2002
2003	$query_time_total = 0.0;
2004	foreach ($saved_queries as $cur_query)
2005	{
2006	$query_time_total += $cur_query[1];
2007
2008	?>
2009	<tr>
2010	<td class="tcl"><?php echo ($cur_query[1] != 0) ? $cur_query[1] : ' ' ?></td>
2011	<td class="tcr"><?php echo pun_htmlspecialchars($cur_query[0]) ?></td>
2012	</tr>
2013	<?php
2014
2015	}
2016
2017	?>
2018	<tr>
2019	<td class="tcl" colspan="2"><?php printf($lang_common['Total query time'], $query_time_total.' s') ?></td>
2020	</tr>
2021	</tbody>
2022	</table>
2023	</div>
2024	</div>
2025	</div>
2026	<?php
2027
2028	}
2029
2030
2031	//
2032	// Dump contents of variable(s)
2033	//
2034	function dump()
2035	{
2036	echo '<pre>';
2037
2038	$num_args = func_num_args();
2039
2040	for ($i = 0; $i < $num_args; ++$i)
2041	{
2042	print_r(func_get_arg($i));
2043	echo "\n\n";
2044	}
2045
2046	echo '</pre>';
2047	exit;
2048	}

Note: See TracBrowser for help on using the repository browser.

rsr - v.5

Context Navigation

source: trunk/web/punbb/include/functions.php

Download in other formats: