1

(71 replies, posted in News)

Maybe I'm wrong but I ain't got the lines shown in previous posts which need to be modify for security,
When I compare the updated file include /functions.php with the one I got from 1.2.15 there's this differences

old :

// Update posts, topics, last_post, last_post_id and last_poster for a forum (redirect topics are not included)

new :

// Update posts, topics, last_post, last_post_id and last_poster for a forum

old :

    $result = $db->query('SELECT COUNT(id), SUM(num_replies) FROM '.$db->prefix.'topics WHERE moved_to IS NULL AND forum_id='.$forum_id) or error('Unable to fetch forum topic count', __FILE__, __LINE__, $db->error());

new :

    $result = $db->query('SELECT COUNT(id), SUM(num_replies) FROM '.$db->prefix.'topics WHERE forum_id='.$forum_id) or error('Unable to fetch forum topic count', __FILE__, __LINE__, $db->error());

old :

        $db->query('UPDATE '.$db->prefix.'forums SET num_topics=0, num_posts=0, last_post=NULL, last_post_id=NULL, last_poster=NULL WHERE id='.$forum_id) or error('Unable to update last_post/last_post_id/last_poster', __FILE__, __LINE__, $db->error());

new :

        $db->query('UPDATE '.$db->prefix.'forums SET num_topics='.$num_topics.', num_posts='.$num_posts.', last_post=NULL, last_post_id=NULL, last_poster=NULL WHERE id='.$forum_id) or error('Unable to update last_post/last_post_id/last_poster', __FILE__, __LINE__, $db->error());

old :

    if ($destination_url == '')
        $destination_url = 'index.php';

new :

    // Prefix with o_base_url (unless it's there already)
    if (strpos($destination_url, $pun_config['o_base_url']) !== 0)
        $destination_url = $pun_config['o_base_url'].'/'.$destination_url;

    // Do a little spring cleaning
    $destination_url = preg_replace('/([\r\n])|(%0[ad])|(;[\s]*data[\s]*:)/i', '', $destination_url);

old :

    if ($register_globals === "" || $register_globals === "0" || strtolower($register_globals === "off"))

new :

    if ($register_globals === "" || $register_globals === "0" || strtolower($register_globals) === "off")

Do I need to do the changes ? if yes , is it enough or I need to do something else like it's indicated in "Instructions on upgrading PunBB using patch files"

Hi all,
I can't find some lines to replace them like in the readme install , in index.php, viewtopic.php and search.php because I'm using the sub_forum_mod-1.0.9.2 and PunBB1.2.15
Can you tell me please how can I do to use this rewriting ?
Here are my actually files:

index.php
[code]<?php
/***********************************************************************

  Copyright (C) 2002-2005  Rickard Andersson (rickard@punbb.org)

  This file is part of PunBB.

  PunBB is free software; you can redistribute it and/or modify it
  under the terms of the GNU General Public License as published
  by the Free Software Foundation; either version 2 of the License,
  or (at your option) any later version.

  PunBB is distributed in the hope that it will be useful, but
  WITHOUT ANY WARRANTY; without even the implied warranty of
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  GNU General Public License for more details.

  You should have received a copy of the GNU General Public License
  along with this program; if not, write to the Free Software
  Foundation, Inc., 59 Temple Place, Suite 330, Boston,
  MA  02111-1307  USA

************************************************************************/


define('PUN_ROOT', './');
require PUN_ROOT.'include/common.php';


if ($pun_user['g_read_board'] == '0')
    message($lang_common['No view']);


// Load the index.php language file
require PUN_ROOT.'lang/'.$pun_user['language'].'/index.php';

$page_title = pun_htmlspecialchars($pun_config['o_board_title']);
define('PUN_ALLOW_INDEX', 1);
require PUN_ROOT.'header.php';

################################################################################
########################### Sub Forum MOD (start) ##############################
################################################################################
$sfcount=0;
$sfdb = array($_parent_id_, $_topics_, $_posts_, $_last_post_id_, $_last_poster_, $_last_post_);
$forums_info = $db->query('SELECT num_topics, num_posts, parent_forum_id, last_post_id, last_poster, last_post, id, forum_name FROM '.$db->prefix.'forums ORDER BY disp_position') or error(implode($db->error(),''),__FILE__,__LINE__,$db->error());
while($current = $db->fetch_assoc($forums_info)) {
if ($current['parent_forum_id'] != 0)
  {
   $sfdb[$sfcount][0] = $current['parent_forum_id'];
   $sfdb[$sfcount][1] = $current['num_topics'];
   $sfdb[$sfcount][2] = $current['num_posts'];
   $sfdb[$sfcount][3] = $current['last_post_id'];
   $sfdb[$sfcount][4] = $current['last_poster'];
   $sfdb[$sfcount][5] = $current['last_post'];
   $sfdb[$sfcount][6] = $current['id'];
   $sfdb[$sfcount][7] = $current['forum_name'];
   $sfcount++;
  }
}
################################################################################
########################### Sub Forum MOD ( end ) ##############################
################################################################################

// Print the categories and forums
$result = $db->query('SELECT c.id AS cid, c.cat_name, f.id AS fid, f.forum_name, f.forum_desc, f.redirect_url, f.moderators, f.num_topics, f.num_posts, f.last_post, f.last_post_id, f.last_poster, f.parent_forum_id FROM '.$db->prefix.'categories AS c INNER JOIN '.$db->prefix.'forums AS f ON c.id=f.cat_id LEFT JOIN '.$db->prefix.'forum_perms AS fp ON (fp.forum_id=f.id AND fp.group_id='.$pun_user['g_id'].') WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND (f.parent_forum_id IS NULL OR f.parent_forum_id=0) ORDER BY c.disp_position, c.id, f.disp_position', true) or error('Unable to fetch category/forum list', __FILE__, __LINE__, $db->error());

$cur_category = 0;
$cat_count = 0;
while ($cur_forum = $db->fetch_assoc($result))
{
    $moderators = '';

    if ($cur_forum['cid'] != $cur_category)    // A new category since last iteration?
    {
        if ($cur_category != 0)
            echo "\t\t\t".'</tbody>'."\n\t\t\t".'</table>'."\n\t\t".'</div>'."\n\t".'</div>'."\n".'</div>'."\n\n";

        ++$cat_count;

?>
<div id="idx<?php echo $cat_count ?>" class="blocktable">
    <h2><span><?php echo pun_htmlspecialchars($cur_forum['cat_name']) ?></span></h2>
    <div class="box">
        <div class="inbox">
            <table cellspacing="0">
            <thead>
                <tr>
                    <th class="tcl" scope="col"><?php echo $lang_common['Forum'] ?></th>
                    <th class="tc2" scope="col"><?php echo $lang_index['Topics'] ?></th>
                    <th class="tc3" scope="col"><?php echo $lang_common['Posts'] ?></th>
                    <th class="tcr" scope="col"><?php echo $lang_common['Last post'] ?></th>
                </tr>
            </thead>
            <tbody>
<?php

        $cur_category = $cur_forum['cid'];
    }

    $item_status = '';
    $icon_text = $lang_common['Normal icon'];
    $icon_type = 'icon';

    // Are there new posts?
    if (!$pun_user['is_guest'] && $cur_forum['last_post'] > $pun_user['last_visit'])
    {
        $item_status = 'inew';
        $icon_text = $lang_common['New icon'];
        $icon_type = 'icon inew';
    }

    // Is this a redirect forum?
    if ($cur_forum['redirect_url'] != '')
    {
        $forum_field = '<h3><a href="'.pun_htmlspecialchars($cur_forum['redirect_url']).'" title="'.$lang_index['Link to'].' '.pun_htmlspecialchars($cur_forum['redirect_url']).'">'.pun_htmlspecialchars($cur_forum['forum_name']).'</a></h3>';
        $num_topics = $num_posts = ' ';
        $item_status = 'iredirect';
        $icon_text = $lang_common['Redirect icon'];
        $icon_type = 'icon';
    }
    else
    {
        $forum_field = '<h3><a href="viewforum.php?id='.$cur_forum['fid'].'">'.pun_htmlspecialchars($cur_forum['forum_name']).'</a></h3>';
################################################################################
########################### Sub Forum MOD (start) ##############################
################################################################################
  $n_t = 0;
  $n_p = 0;
  $l_pid = $cur_forum['last_post_id'];
  $l_pr = $cur_forum['last_poster'];
  $l_post = $cur_forum['last_post'];
  for ($i = 0; $i < $sfcount; $i++)
  {
   if ($sfdb[$i][0] == $cur_forum['fid'])
    {
     $n_t = $n_t + $sfdb[$i][1];
     $n_p = $n_p + $sfdb[$i][2];
     if ($l_pid < $sfdb[$i][3])
      {
       $l_pid = $sfdb[$i][3];
       $l_pr = $sfdb[$i][4];
       $l_post = $sfdb[$i][5];
      }
    }
  }
  $num_topics = $n_t + $cur_forum['num_topics'];
  $num_posts = $n_p + $cur_forum['num_posts'];
################################################################################
########################### Sub Forum MOD ( end ) ##############################
################################################################################
    }

    if ($cur_forum['forum_desc'] != '')
        $forum_field .= "\n\t\t\t\t\t\t\t\t".$cur_forum['forum_desc'];


    // If there is a last_post/last_poster.
    if ($l_post != '')
            $last_post = '<a href="viewtopic.php?pid='.$l_pid.'#p'.$l_pid.'">'.format_time($l_post).'</a> <span class="byuser">'.$lang_common['by'].' '.pun_htmlspecialchars($l_pr).'</span>';
    else
        $last_post = ' ';

    if ($cur_forum['moderators'] != '')
    {
        $mods_array = unserialize($cur_forum['moderators']);
        $moderators = array();

        while (list($mod_username, $mod_id) = @each($mods_array))
            $moderators[] = '<a href="profile.php?id='.$mod_id.'">'.pun_htmlspecialchars($mod_username).'</a>';

        $moderators = "\t\t\t\t\t\t\t\t".'<p><em>('.$lang_common['Moderated by'].'</em> '.implode(', ', $moderators).')</p>'."\n";
    }
            if (!empty($sfdb))
            {
                foreach ($sfdb as $sub_forums)
                {
                    if ($cur_forum['fid'] == $sub_forums[0] && !$pun_user['is_guest'] && $sub_forums[5] > $pun_user['last_visit'])
                    {
                        $item_status = 'inew';
                        $icon_text = $lang_common['New icon'];
                        $icon_type = 'icon inew';
                    }
                }
            }
?>
                 <tr<?php if ($item_status != '') echo ' class="'.$item_status.'"'; ?>>
                    <td class="tcl">
                        <div class="intd">
                            <div class="<?php echo $icon_type ?>"><div class="nosize"><?php echo $icon_text ?></div></div>
                            <div class="tclcon">
                                <?php echo $forum_field."\n".$moderators ?>
<?php
                        $sub_forums_list = array();
                        if(!empty($sfdb)) {
                           foreach ($sfdb as $sub_forums) {
                                 if($cur_forum['fid'] == $sub_forums[0]) {
                                    $sub_forums_list[] = '<a href="viewforum.php?id='.$sub_forums[6].'">'.pun_htmlspecialchars($sub_forums[7]).'</a>';
                                 }
                             }
                           // EDIT THIS FOR THE DISPLAY STYLE OF THE SUBFORUMS ON MAIN PAGE
                           if(!empty($sub_forums_list)) {
                                 // Leave one $sub_forums_list commented out to use the other (between the ###..)
                                 ################################
                                 // This is Single Line Wrap Style
                                 $sub_forums_list = "\t\t\t\t\t\t\t\t".'<em>Sous Forums:</em> '.implode(', ', $sub_forums_list)."\n";
                                 // This is List Style
                                 //$sub_forums_list = "\n".'<b><em>Sub Forums:</em></b><br />  --  '.implode('<br />  --  ', $sub_forums_list)."\n";
                                 ################################
                                 if ($cur_forum['forum_desc'] != NULL) {
                                    echo "<br />";
                                 }
                                 // TO TURN OFF DISPLAY OF SUBFORUMS ON INDEX PAGE, COMMENT OUT THE FOLLOWING LINE
                           }
                        }
?>                               
                            </div>
                        </div>
                    </td>
                    <td class="tc2"><?php echo $num_topics ?></td>
                    <td class="tc3"><?php echo $num_posts ?></td>
                    <td class="tcr"><?php echo $last_post ?></td>
                </tr>
<?php

}

// Did we output any categories and forums?
if ($cur_category > 0)
    echo "\t\t\t".'</tbody>'."\n\t\t\t".'</table>'."\n\t\t".'</div>'."\n\t".'</div>'."\n".'</div>'."\n\n";
else
    echo '<div id="idx0" class="block"><div class="box"><div class="inbox"><p>'.$lang_index['Empty board'].'</p></div></div></div>';


// Collect some statistics from the database
$result = $db->query('SELECT COUNT(id)-1 FROM '.$db->prefix.'users') or error('Unable to fetch total user count', __FILE__, __LINE__, $db->error());
$stats['total_users'] = $db->result($result);

$result = $db->query('SELECT id, username FROM '.$db->prefix.'users ORDER BY registered DESC LIMIT 1') or error('Unable to fetch newest registered user', __FILE__, __LINE__, $db->error());
$stats['last_user'] = $db->fetch_assoc($result);

$result = $db->query('SELECT SUM(num_topics), SUM(num_posts) FROM '.$db->prefix.'forums') or error('Unable to fetch topic/post count', __FILE__, __LINE__, $db->error());
list($stats['total_topics'], $stats['total_posts']) = $db->fetch_row($result);

?>
<div id="brdstats" class="block">
    <h2><span><?php echo $lang_index['Board info'] ?></span></h2>
    <div class="box">
        <div class="inbox">
            <dl class="conr">
                <dt><strong><?php echo $lang_index['Board stats'] ?></strong></dt>
                <dd><?php echo $lang_index['No of users'].': <strong>'. $stats['total_users'] ?></strong></dd>
                <dd><?php echo $lang_index['No of topics'].': <strong>'.$stats['total_topics'] ?></strong></dd>
                <dd><?php echo $lang_index['No of posts'].': <strong>'.$stats['total_posts'] ?></strong></dd>
            </dl>
            <dl class="conl">
                <dt><strong><?php echo $lang_index['User info'] ?></strong></dt>
                <dd><?php echo $lang_index['Newest user'] ?>: <a href="profile.php?id=<?php echo $stats['last_user']['id'] ?>"><?php echo pun_htmlspecialchars($stats['last_user']['username']) ?></a></dd>

<?php

if ($pun_config['o_users_online'] == '1')
{
    // Fetch users online info and generate strings for output
    $num_guests = 0;
    $users = array();
    $result = $db->query('SELECT user_id, ident FROM '.$db->prefix.'online WHERE idle=0 ORDER BY ident', true) or error('Unable to fetch online list', __FILE__, __LINE__, $db->error());

    while ($pun_user_online = $db->fetch_assoc($result))
    {
        if ($pun_user_online['user_id'] > 1)
            $users[] = "\n\t\t\t\t".'<dd><a href="profile.php?id='.$pun_user_online['user_id'].'">'.pun_htmlspecialchars($pun_user_online['ident']).'</a>';
        else
            ++$num_guests;
    }

    $num_users = count($users);
    echo "\t\t\t\t".'<dd>'. $lang_index['Users online'].': <strong>'.$num_users.'</strong></dd>'."\n\t\t\t\t".'<dd>'.$lang_index['Guests online'].': <strong>'.$num_guests.'</strong></dd>'."\n\t\t\t".'</dl>'."\n";


    if ($num_users > 0)
        echo "\t\t\t".'<dl id="onlinelist" class= "clearb">'."\n\t\t\t\t".'<dt><strong>'.$lang_index['Online'].': </strong></dt>'."\t\t\t\t".implode(',</dd> ', $users).'</dd>'."\n\t\t\t".'</dl>'."\n";
    else
        echo "\t\t\t".'<div class="clearer"></div>'."\n";

}
else
    echo "\t\t".'</dl>'."\n\t\t\t".'<div class="clearer"></div>'."\n";


?>
        </div>
    </div>
</div>
<?php

$footer_style = 'index';
require PUN_ROOT.'footer.php';[/code]
viewtopic.php
[code]<?php
/***********************************************************************

  Copyright (C) 2002-2005  Rickard Andersson (rickard@punbb.org)

  This file is part of PunBB.

  PunBB is free software; you can redistribute it and/or modify it
  under the terms of the GNU General Public License as published
  by the Free Software Foundation; either version 2 of the License,
  or (at your option) any later version.

  PunBB is distributed in the hope that it will be useful, but
  WITHOUT ANY WARRANTY; without even the implied warranty of
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  GNU General Public License for more details.

  You should have received a copy of the GNU General Public License
  along with this program; if not, write to the Free Software
  Foundation, Inc., 59 Temple Place, Suite 330, Boston,
  MA  02111-1307  USA

************************************************************************/


define('PUN_ROOT', './');
require PUN_ROOT.'include/common.php';


if ($pun_user['g_read_board'] == '0')
    message($lang_common['No view']);


$action = isset($_GET['action']) ? $_GET['action'] : null;
$id = isset($_GET['id']) ? intval($_GET['id']) : 0;
$pid = isset($_GET['pid']) ? intval($_GET['pid']) : 0;
if ($id < 1 && $pid < 1)
    message($lang_common['Bad request']);

// Load the viewtopic.php language file
require PUN_ROOT.'lang/'.$pun_user['language'].'/topic.php';


// If a post ID is specified we determine topic ID and page number so we can redirect to the correct message
if ($pid)
{
    $result = $db->query('SELECT topic_id FROM '.$db->prefix.'posts WHERE id='.$pid) or error('Unable to fetch post info', __FILE__, __LINE__, $db->error());
    if (!$db->num_rows($result))
        message($lang_common['Bad request']);

    $id = $db->result($result);

    // Determine on what page the post is located (depending on $pun_user['disp_posts'])
    $result = $db->query('SELECT id FROM '.$db->prefix.'posts WHERE topic_id='.$id.' ORDER BY posted') or error('Unable to fetch post info', __FILE__, __LINE__, $db->error());
    $num_posts = $db->num_rows($result);

    for ($i = 0; $i < $num_posts; ++$i)
    {
        $cur_id = $db->result($result, $i);
        if ($cur_id == $pid)
            break;
    }
    ++$i;    // we started at 0

    $_GET['p'] = ceil($i / $pun_user['disp_posts']);
}

// If action=new, we redirect to the first new post (if any)
else if ($action == 'new' && !$pun_user['is_guest'])
{
    $result = $db->query('SELECT MIN(id) FROM '.$db->prefix.'posts WHERE topic_id='.$id.' AND posted>'.$pun_user['last_visit']) or error('Unable to fetch post info', __FILE__, __LINE__, $db->error());
    $first_new_post_id = $db->result($result);

    if ($first_new_post_id)
        header('Location: viewtopic.php?pid='.$first_new_post_id.'#p'.$first_new_post_id);
    else    // If there is no new post, we go to the last post
        header('Location: viewtopic.php?id='.$id.'&action=last');

    exit;
}

// If action=last, we redirect to the last post
else if ($action == 'last')
{
    $result = $db->query('SELECT MAX(id) FROM '.$db->prefix.'posts WHERE topic_id='.$id) or error('Unable to fetch post info', __FILE__, __LINE__, $db->error());
    $last_post_id = $db->result($result);

    if ($last_post_id)
    {
        header('Location: viewtopic.php?pid='.$last_post_id.'#p'.$last_post_id);
        exit;
    }
}


// Fetch some info about the topic
if (!$pun_user['is_guest'])
    $result = $db->query('SELECT pf.forum_name AS parent_forum, f.parent_forum_id, t.subject, t.closed, t.num_replies, t.sticky, f.id AS forum_id, f.forum_name, f.moderators, fp.post_replies, s.user_id AS is_subscribed FROM '.$db->prefix.'topics AS t INNER JOIN '.$db->prefix.'forums AS f ON f.id=t.forum_id LEFT JOIN '.$db->prefix.'subscriptions AS s ON (t.id=s.topic_id AND s.user_id='.$pun_user['id'].') LEFT JOIN '.$db->prefix.'forum_perms AS fp ON (fp.forum_id=f.id AND fp.group_id='.$pun_user['g_id'].') LEFT JOIN '.$db->prefix.'forums AS pf ON f.parent_forum_id=pf.id WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND t.id='.$id.' AND t.moved_to IS NULL') or error('Unable to fetch topic info', __FILE__, __LINE__, $db->error());
else
    $result = $db->query('SELECT pf.forum_name AS parent_forum, f.parent_forum_id, t.subject, t.closed, t.num_replies, t.sticky, f.id AS forum_id, f.forum_name, f.moderators, fp.post_replies, 0 FROM '.$db->prefix.'topics AS t INNER JOIN '.$db->prefix.'forums AS f ON f.id=t.forum_id LEFT JOIN '.$db->prefix.'forum_perms AS fp ON (fp.forum_id=f.id AND fp.group_id='.$pun_user['g_id'].') LEFT JOIN '.$db->prefix.'forums AS pf ON f.parent_forum_id=pf.id WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND t.id='.$id.' AND t.moved_to IS NULL') or error('Unable to fetch topic info', __FILE__, __LINE__, $db->error());

if (!$db->num_rows($result))
    message($lang_common['Bad request']);

$cur_topic = $db->fetch_assoc($result);

// Sort out who the moderators are and if we are currently a moderator (or an admin)
$mods_array = ($cur_topic['moderators'] != '') ? unserialize($cur_topic['moderators']) : array();
$is_admmod = ($pun_user['g_id'] == PUN_ADMIN || ($pun_user['g_id'] == PUN_MOD && array_key_exists($pun_user['username'], $mods_array))) ? true : false;

// Can we or can we not post replies?
if ($cur_topic['closed'] == '0')
{
    if (($cur_topic['post_replies'] == '' && $pun_user['g_post_replies'] == '1') || $cur_topic['post_replies'] == '1' || $is_admmod)
        $post_link = '<a href="post.php?tid='.$id.'">'.$lang_topic['Post reply'].'</a>';
    else
        $post_link = ' ';
}
else
{
    $post_link = $lang_topic['Topic closed'];

    if ($is_admmod)
        $post_link .= ' / <a href="post.php?tid='.$id.'">'.$lang_topic['Post reply'].'</a>';
}


// Determine the post offset (based on $_GET['p'])
$num_pages = ceil(($cur_topic['num_replies'] + 1) / $pun_user['disp_posts']);

$p = (!isset($_GET['p']) || $_GET['p'] <= 1 || $_GET['p'] > $num_pages) ? 1 : $_GET['p'];
$start_from = $pun_user['disp_posts'] * ($p - 1);

// Generate paging links
$paging_links = $lang_common['Pages'].': '.paginate($num_pages, $p, 'viewtopic.php?id='.$id);


if ($pun_config['o_censoring'] == '1')
    $cur_topic['subject'] = censor_words($cur_topic['subject']);


$quickpost = false;
if ($pun_config['o_quickpost'] == '1' &&
    !$pun_user['is_guest'] &&
    ($cur_topic['post_replies'] == '1' || ($cur_topic['post_replies'] == '' && $pun_user['g_post_replies'] == '1')) &&
    ($cur_topic['closed'] == '0' || $is_admmod))
{
    $required_fields = array('req_message' => $lang_common['Message']);
    $quickpost = true;
}

if (!$pun_user['is_guest'] && $pun_config['o_subscriptions'] == '1')
{
    if ($cur_topic['is_subscribed'])
        // I apologize for the variable naming here. It's a mix of subscription and action I guess :-)
        $subscraction = '<p class="subscribelink clearb">'.$lang_topic['Is subscribed'].' - <a href="misc.php?unsubscribe='.$id.'">'.$lang_topic['Unsubscribe'].'</a></p>'."\n";
    else
        $subscraction = '<p class="subscribelink clearb"><a href="misc.php?subscribe='.$id.'">'.$lang_topic['Subscribe'].'</a></p>'."\n";
}
else
    $subscraction = '<div class="clearer"></div>'."\n";

$page_title = pun_htmlspecialchars($pun_config['o_board_title'].' / '.$cur_topic['subject']);
define('PUN_ALLOW_INDEX', 1);
require PUN_ROOT.'header.php';

?>
<div class="linkst">
    <div class="inbox">
        <p class="pagelink conl"><?php echo $paging_links ?></p>
        <p class="postlink conr"><?php echo $post_link ?></p>
<?php

if($cur_topic['parent_forum'])
    echo "\t\t".'<ul><li><a href="index.php">'.$lang_common['Index'].'</a> </li><li>» <a href="viewforum.php?id='.$cur_topic['parent_forum_id'].'">'.pun_htmlspecialchars($cur_topic['parent_forum']).'</a> </li><li>» <a href="viewforum.php?id='.$cur_topic['forum_id'].'">'.pun_htmlspecialchars($cur_topic['forum_name']).'</a> </li><li>» '.pun_htmlspecialchars($cur_topic['subject']).'</li></ul>';
else
    echo "\t\t".'<ul><li><a href="index.php">'.$lang_common['Index'].'</a></li><li> » <a href="viewforum.php?id='.$cur_topic['forum_id'].'">'.pun_htmlspecialchars($cur_topic['forum_name']).'</a></li><li> » '.pun_htmlspecialchars($cur_topic['subject']).'</li></ul>';

?>
        <div class="clearer"></div>
    </div>
</div>

<?php


require PUN_ROOT.'include/parser.php';

$bg_switch = true;    // Used for switching background color in posts
$post_count = 0;    // Keep track of post numbers

// Retrieve the posts (and their respective poster/online status)
$result = $db->query('SELECT u.email, u.title, u.url, u.location, u.use_avatar, u.signature, u.email_setting, u.num_posts, u.registered, u.admin_note, p.id, p.poster AS username, p.poster_id, p.poster_ip, p.poster_email, p.message, p.hide_smilies, p.posted, p.edited, p.edited_by, g.g_id, g.g_user_title, o.user_id AS is_online FROM '.$db->prefix.'posts AS p INNER JOIN '.$db->prefix.'users AS u ON u.id=p.poster_id INNER JOIN '.$db->prefix.'groups AS g ON g.g_id=u.group_id LEFT JOIN '.$db->prefix.'online AS o ON (o.user_id=u.id AND o.user_id!=1 AND o.idle=0) WHERE p.topic_id='.$id.' ORDER BY p.id LIMIT '.$start_from.','.$pun_user['disp_posts'], true) or error('Unable to fetch post info', __FILE__, __LINE__, $db->error());
while ($cur_post = $db->fetch_assoc($result))
{
    $post_count++;
    $user_avatar = '';
    $user_info = array();
    $user_contacts = array();
    $post_actions = array();
    $is_online = '';
    $signature = '';

    // If the poster is a registered user.
    if ($cur_post['poster_id'] > 1)
    {
        $username = '<a href="profile.php?id='.$cur_post['poster_id'].'">'.pun_htmlspecialchars($cur_post['username']).'</a>';
        $user_title = get_title($cur_post);

        if ($pun_config['o_censoring'] == '1')
            $user_title = censor_words($user_title);

        // Format the online indicator
        $is_online = ($cur_post['is_online'] == $cur_post['poster_id']) ? '<strong>'.$lang_topic['Online'].'</strong>' : $lang_topic['Offline'];

        if ($pun_config['o_avatars'] == '1' && $cur_post['use_avatar'] == '1' && $pun_user['show_avatars'] != '0')
        {
            if ($img_size = @getimagesize($pun_config['o_avatars_dir'].'/'.$cur_post['poster_id'].'.gif'))
                $user_avatar = '<img src="'.$pun_config['o_avatars_dir'].'/'.$cur_post['poster_id'].'.gif" '.$img_size[3].' alt="" />';
            else if ($img_size = @getimagesize($pun_config['o_avatars_dir'].'/'.$cur_post['poster_id'].'.jpg'))
                $user_avatar = '<img src="'.$pun_config['o_avatars_dir'].'/'.$cur_post['poster_id'].'.jpg" '.$img_size[3].' alt="" />';
            else if ($img_size = @getimagesize($pun_config['o_avatars_dir'].'/'.$cur_post['poster_id'].'.png'))
                $user_avatar = '<img src="'.$pun_config['o_avatars_dir'].'/'.$cur_post['poster_id'].'.png" '.$img_size[3].' alt="" />';
        }
        else
            $user_avatar = '';

        // We only show location, register date, post count and the contact links if "Show user info" is enabled
        if ($pun_config['o_show_user_info'] == '1')
        {
            if ($cur_post['location'] != '')
            {
                if ($pun_config['o_censoring'] == '1')
                    $cur_post['location'] = censor_words($cur_post['location']);

                $user_info[] = '<dd>'.$lang_topic['From'].': '.pun_htmlspecialchars($cur_post['location']);
            }

            $user_info[] = '<dd>'.$lang_common['Registered'].': '.date($pun_config['o_date_format'], $cur_post['registered']);

            if ($pun_config['o_show_post_count'] == '1' || $pun_user['g_id'] < PUN_GUEST)
                $user_info[] = '<dd>'.$lang_common['Posts'].': '.$cur_post['num_posts'];

            // Now let's deal with the contact links (E-mail and URL)
            if (($cur_post['email_setting'] == '0' && !$pun_user['is_guest']) || $pun_user['g_id'] < PUN_GUEST)
                $user_contacts[] = '<a href="mailto:'.$cur_post['email'].'">'.$lang_common['E-mail'].'</a>';
            else if ($cur_post['email_setting'] == '1' && !$pun_user['is_guest'])
                $user_contacts[] = '<a href="misc.php?email='.$cur_post['poster_id'].'">'.$lang_common['E-mail'].'</a>';

            if ($cur_post['url'] != '')
                $user_contacts[] = '<a href="'.pun_htmlspecialchars($cur_post['url']).'">'.$lang_topic['Website'].'</a>';
        }

        if ($pun_user['g_id'] < PUN_GUEST)
        {
            $user_info[] = '<dd>IP: <a href="moderate.php?get_host='.$cur_post['id'].'">'.$cur_post['poster_ip'].'</a>';

            if ($cur_post['admin_note'] != '')
                $user_info[] = '<dd>'.$lang_topic['Note'].': <strong>'.pun_htmlspecialchars($cur_post['admin_note']).'</strong>';
        }
    }
    // If the poster is a guest (or a user that has been deleted)
    else
    {
        $username = pun_htmlspecialchars($cur_post['username']);
        $user_title = get_title($cur_post);

        if ($pun_user['g_id'] < PUN_GUEST)
            $user_info[] = '<dd>IP: <a href="moderate.php?get_host='.$cur_post['id'].'">'.$cur_post['poster_ip'].'</a>';

        if ($pun_config['o_show_user_info'] == '1' && $cur_post['poster_email'] != '' && !$pun_user['is_guest'])
            $user_contacts[] = '<a href="mailto:'.$cur_post['poster_email'].'">'.$lang_common['E-mail'].'</a>';
    }

    // Generation post action array (quote, edit, delete etc.)
    if (!$is_admmod)
    {
        if (!$pun_user['is_guest'])
            $post_actions[] = '<li class="postreport"><a href="misc.php?report='.$cur_post['id'].'">'.$lang_topic['Report'].'</a>';

        if ($cur_topic['closed'] == '0')
        {
            if ($cur_post['poster_id'] == $pun_user['id'])
            {
                if ((($start_from + $post_count) == 1 && $pun_user['g_delete_topics'] == '1') || (($start_from + $post_count) > 1 && $pun_user['g_delete_posts'] == '1'))
                    $post_actions[] = '<li class="postdelete"><a href="delete.php?id='.$cur_post['id'].'">'.$lang_topic['Delete'].'</a>';
                if ($pun_user['g_edit_posts'] == '1')
                    $post_actions[] = '<li class="postedit"><a href="edit.php?id='.$cur_post['id'].'">'.$lang_topic['Edit'].'</a>';
            }

            if (($cur_topic['post_replies'] == '' && $pun_user['g_post_replies'] == '1') || $cur_topic['post_replies'] == '1')
                $post_actions[] = '<li class="postquote"><a href="post.php?tid='.$id.'&qid='.$cur_post['id'].'">'.$lang_topic['Quote'].'</a>';
        }
    }
    else
        $post_actions[] = '<li class="postreport"><a href="misc.php?report='.$cur_post['id'].'">'.$lang_topic['Report'].'</a>'.$lang_topic['Link separator'].'</li><li class="postdelete"><a href="delete.php?id='.$cur_post['id'].'">'.$lang_topic['Delete'].'</a>'.$lang_topic['Link separator'].'</li><li class="postedit"><a href="edit.php?id='.$cur_post['id'].'">'.$lang_topic['Edit'].'</a>'.$lang_topic['Link separator'].'</li><li class="postquote"><a href="post.php?tid='.$id.'&qid='.$cur_post['id'].'">'.$lang_topic['Quote'].'</a>';


    // Switch the background color for every message.
    $bg_switch = ($bg_switch) ? $bg_switch = false : $bg_switch = true;
    $vtbg = ($bg_switch) ? ' roweven' : ' rowodd';


    // Perform the main parsing of the message (BBCode, smilies, censor words etc)
    $cur_post['message'] = parse_message($cur_post['message'], $cur_post['hide_smilies']);

    // Do signature parsing/caching
    if ($cur_post['signature'] != '' && $pun_user['show_sig'] != '0')
    {
        if (isset($signature_cache[$cur_post['poster_id']]))
            $signature = $signature_cache[$cur_post['poster_id']];
        else
        {
            $signature = parse_signature($cur_post['signature']);
            $signature_cache[$cur_post['poster_id']] = $signature;
        }
    }

?>
<div id="p<?php echo $cur_post['id'] ?>" class="blockpost<?php echo $vtbg ?><?php if (($post_count + $start_from) == 1) echo ' firstpost'; ?>">
    <h2><span><span class="conr">#<?php echo ($start_from + $post_count) ?> </span><a href="viewtopic.php?pid=<?php echo $cur_post['id'].'#p'.$cur_post['id'] ?>"><?php echo format_time($cur_post['posted']) ?></a></span></h2>
    <div class="box">
        <div class="inbox">
            <div class="postleft">
                <dl>
                    <dt><strong><?php echo $username ?></strong></dt>
                    <dd class="usertitle"><strong><?php echo $user_title ?></strong></dd>
                    <dd class="postavatar"><?php echo $user_avatar ?></dd>
<?php if (count($user_info)) echo "\t\t\t\t\t".implode('</dd>'."\n\t\t\t\t\t", $user_info).'</dd>'."\n"; ?>
<?php if (count($user_contacts)) echo "\t\t\t\t\t".'<dd class="usercontacts">'.implode('  ', $user_contacts).'</dd>'."\n"; ?>
                </dl>
            </div>
            <div class="postright">
                <h3><?php if (($post_count + $start_from) > 1) echo ' Re: '; ?><?php echo pun_htmlspecialchars($cur_topic['subject']) ?></h3>
                <div class="postmsg">
                    <?php echo $cur_post['message']."\n" ?>
<?php if ($cur_post['edited'] != '') echo "\t\t\t\t\t".'<p class="postedit"><em>'.$lang_topic['Last edit'].' '.pun_htmlspecialchars($cur_post['edited_by']).' ('.format_time($cur_post['edited']).')</em></p>'."\n"; ?>
                </div>
<?php if ($signature != '') echo "\t\t\t\t".'<div class="postsignature"><hr />'.$signature.'</div>'."\n"; ?>
            </div>
            <div class="clearer"></div>
            <div class="postfootleft"><?php if ($cur_post['poster_id'] > 1) echo '<p>'.$is_online.'</p>'; ?></div>
            <div class="postfootright"><?php echo (count($post_actions)) ? '<ul>'.implode($lang_topic['Link separator'].'</li>', $post_actions).'</li></ul></div>'."\n" : '<div> </div></div>'."\n" ?>
        </div>
    </div>
</div>

<?php if ($post_count == '1' && $adsense_config['google_adsense_enabled'] == '1' && strpos($adsense_config['google_exclude_forums'], ','.$cur_topic['forum_id'].',') === FALSE && strpos($adsense_config['google_exclude_groups'], ','.$pun_user['g_id'].',') === FALSE)
    {
?>
<div class="blockpost<?php echo $vtbg ?>">
    <h2><span><?php echo format_time($cur_post['posted']) ?></span></h2>
    <div class="box">
        <div class="inbox">
            <div class="postleft">
                <dl>
                    <dt><strong><?php echo $adsense_config['google_bot_name'] ?></strong></dt>
                    <dd class="usertitle"><?php echo $adsense_config['google_bot_tag'] ?></dd>
                </dl>
            </div>
            <div class="postright">
                <div class="postmsg">
                    <?php echo "<br /><div style=\"TEXT-ALIGN: center\">
    <script type=\"text/javascript\">
    <!--
        google_ad_client = \"".$adsense_config['google_ad_client']."\";
        google_ad_width = ".$adsense_config['google_ad_width'].";
        google_ad_height = ".$adsense_config['google_ad_height'].";
        google_ad_format = \"".$adsense_config['google_ad_format']."\";
        google_ad_channel = \"".$adsense_config['google_ad_channel']."\";
        google_ad_type = \"".$adsense_config['google_ad_type']."\";
        google_color_border = \"".$adsense_config['google_color_border']."\";
        google_color_bg = \"".$adsense_config['google_color_bg']."\";
        google_color_link = \"".$adsense_config['google_color_link']."\";
        google_color_url = \"".$adsense_config['google_color_url']."\";
        google_color_text = \"".$adsense_config['google_color_text']."\";
    //-->
    </script>
    <script type=\"text/javascript\" src=\"http://pagead2.googlesyndication.com/pagead/show_ads.js\"></script>
</div><br />\n" ?>
                </div>
            </div>
            <div class="clearer"></div>
        </div>
    </div>
</div>
<?php
    }

}

?>
<div class="postlinksb">
    <div class="inbox">
        <p class="postlink conr"><?php echo $post_link ?></p>
        <p class="pagelink conl"><?php echo $paging_links ?></p>
<?php

if($cur_topic['parent_forum'])
    echo "\t\t".'<ul><li><a href="index.php">'.$lang_common['Index'].'</a> </li><li>» <a href="viewforum.php?id='.$cur_topic['parent_forum_id'].'">'.pun_htmlspecialchars($cur_topic['parent_forum']).'</a> </li><li>» <a href="viewforum.php?id='.$cur_topic['forum_id'].'">'.pun_htmlspecialchars($cur_topic['forum_name']).'</a> </li><li>» '.pun_htmlspecialchars($cur_topic['subject']).'</li></ul>';
else
    echo "\t\t".'<ul><li><a href="index.php">'.$lang_common['Index'].'</a></li><li> » <a href="viewforum.php?id='.$cur_topic['forum_id'].'">'.pun_htmlspecialchars($cur_topic['forum_name']).'</a></li><li> » '.pun_htmlspecialchars($cur_topic['subject']).'</li></ul>';

?>
        <?php echo $subscraction ?>
    </div>
</div>

<?php

// Display quick post if enabled
if ($quickpost)
{

?>
<div class="blockform">
    <h2><span><?php echo $lang_topic['Quick post'] ?></span></h2>
    <div class="box">
        <form method="post" action="post.php?tid=<?php echo $id ?>" onsubmit="this.submit.disabled=true;if(process_form(this)){return true;}else{this.submit.disabled=false;return false;}">
            <div class="inform">
                <fieldset>
                    <legend><?php echo $lang_common['Write message legend'] ?></legend>
                    <div class="infldset txtarea">
                        <input type="hidden" name="form_sent" value="1" />
                        <input type="hidden" name="form_user" value="<?php echo (!$pun_user['is_guest']) ? pun_htmlspecialchars($pun_user['username']) : 'Guest'; ?>" />
                        <label><textarea name="req_message" rows="7" cols="75" tabindex="1"></textarea></label>
                        <ul class="bblinks">
                            <li><a href="help.php#bbcode" onclick="window.open(this.href); return false;"><?php echo $lang_common['BBCode'] ?></a>: <?php echo ($pun_config['p_message_bbcode'] == '1') ? $lang_common['on'] : $lang_common['off']; ?></li>
                            <li><a href="help.php#img" onclick="window.open(this.href); return false;"><?php echo $lang_common['img tag'] ?></a>: <?php echo ($pun_config['p_message_img_tag'] == '1') ? $lang_common['on'] : $lang_common['off']; ?></li>
                            <li><a href="help.php#smilies" onclick="window.open(this.href); return false;"><?php echo $lang_common['Smilies'] ?></a>: <?php echo ($pun_config['o_smilies'] == '1') ? $lang_common['on'] : $lang_common['off']; ?></li>
                        </ul>
                    </div>
                </fieldset>
            </div>
            <p><input type="submit" name="submit" tabindex="2" value="<?php echo $lang_common['Submit'] ?>" accesskey="s" /></p>
        </form>
    </div>
</div>
<?php

}

// Increment "num_views" for topic
$low_prio = ($db_type == 'mysql') ? 'LOW_PRIORITY ' : '';
$db->query('UPDATE '.$low_prio.$db->prefix.'topics SET num_views=num_views+1 WHERE id='.$id) or error('Unable to update topic', __FILE__, __LINE__, $db->error());

$forum_id = $cur_topic['forum_id'];
$footer_style = 'viewtopic';
require PUN_ROOT.'footer.php';[/code]
search.php
[code]<?php
/***********************************************************************

  Copyright (C) 2002-2005  Rickard Andersson (rickard@punbb.org)

  This file is part of PunBB.

  PunBB is free software; you can redistribute it and/or modify it
  under the terms of the GNU General Public License as published
  by the Free Software Foundation; either version 2 of the License,
  or (at your option) any later version.

  PunBB is distributed in the hope that it will be useful, but
  WITHOUT ANY WARRANTY; without even the implied warranty of
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  GNU General Public License for more details.

  You should have received a copy of the GNU General Public License
  along with this program; if not, write to the Free Software
  Foundation, Inc., 59 Temple Place, Suite 330, Boston,
  MA  02111-1307  USA

************************************************************************/


// The contents of this file are very much inspired by the file search.php
// from the phpBB Group forum software phpBB2 (http://www.phpbb.com).


define('PUN_ROOT', './');
require PUN_ROOT.'include/common.php';


// Load the search.php language file
require PUN_ROOT.'lang/'.$pun_user['language'].'/search.php';


if ($pun_user['g_read_board'] == '0')
    message($lang_common['No view']);
else if ($pun_user['g_search'] == '0')
    message($lang_search['No search permission']);


// Detect two byte character sets
$multibyte = (isset($lang_common['lang_multibyte']) && $lang_common['lang_multibyte']) ? true : false;


// Figure out what to do :-)
if (isset($_GET['action']) || isset($_GET['search_id']))
{
    $action = (isset($_GET['action'])) ? $_GET['action'] : null;
    $forum = (isset($_GET['forum'])) ? intval($_GET['forum']) : -1;
    $sort_dir = (isset($_GET['sort_dir'])) ? (($_GET['sort_dir'] == 'DESC') ? 'DESC' : 'ASC') : 'DESC';
    if (isset($search_id)) unset($search_id);

    // If a search_id was supplied
    if (isset($_GET['search_id']))
    {
        $search_id = intval($_GET['search_id']);
        if ($search_id < 1)
            message($lang_common['Bad request']);
    }
    // If it's a regular search (keywords and/or author)
    else if ($action == 'search')
    {
        $keywords = (isset($_GET['keywords'])) ? strtolower(trim($_GET['keywords'])) : null;
        $author = (isset($_GET['author'])) ? strtolower(trim($_GET['author'])) : null;

        if (preg_match('#^[\*%]+$#', $keywords) || strlen(str_replace(array('*', '%'), '', $keywords)) < 3)
            $keywords = '';

        if (preg_match('#^[\*%]+$#', $author) || strlen(str_replace(array('*', '%'), '', $author)) < 3)
            $author = '';

        if (!$keywords && !$author)
            message($lang_search['No terms']);

        if ($author)
            $author = str_replace('*', '%', $author);

        $show_as = (isset($_GET['show_as'])) ? $_GET['show_as'] : 'posts';
        $sort_by = (isset($_GET['sort_by'])) ? intval($_GET['sort_by']) : null;
        $search_in = (!isset($_GET['search_in']) || $_GET['search_in'] == 'all') ? 0 : (($_GET['search_in'] == 'message') ? 1 : -1);
    }
    // If it's a user search (by id)
    else if ($action == 'show_user')
    {
        $user_id = intval($_GET['user_id']);
        if ($user_id < 2)
            message($lang_common['Bad request']);
    }
    else
    {
        if ($action != 'show_new' && $action != 'show_24h' && $action != 'show_unanswered' && $action != 'show_subscriptions')
            message($lang_common['Bad request']);
    }


    // If a valid search_id was supplied we attempt to fetch the search results from the db
    if (isset($search_id))
    {
        $ident = ($pun_user['is_guest']) ? get_remote_address() : $pun_user['username'];

        $result = $db->query('SELECT search_data FROM '.$db->prefix.'search_cache WHERE id='.$search_id.' AND ident=\''.$db->escape($ident).'\'') or error('Unable to fetch search results', __FILE__, __LINE__, $db->error());
        if ($row = $db->fetch_assoc($result))
        {
            $temp = unserialize($row['search_data']);

            $search_results = $temp['search_results'];
            $num_hits = $temp['num_hits'];
            $sort_by = $temp['sort_by'];
            $sort_dir = $temp['sort_dir'];
            $show_as = $temp['show_as'];

            unset($temp);
        }
        else
            message($lang_search['No hits']);
    }
    else
    {
        $keyword_results = $author_results = array();

        // Search a specific forum?
        $forum_sql = ($forum != -1 || ($forum == -1 && $pun_config['o_search_all_forums'] == '0')) ? ' AND t.forum_id = '.$forum : '';

        if (!empty($author) || !empty($keywords))
        {
            // If it's a search for keywords
            if ($keywords)
            {
                $stopwords = (array)@file(PUN_ROOT.'lang/'.$pun_user['language'].'/stopwords.txt');
                $stopwords = array_map('trim', $stopwords);

                // Are we searching for multibyte charset text?
                if ($multibyte)
                {
                    // Strip out excessive whitespace
                    $keywords = trim(preg_replace('#\s+#', ' ', $keywords));

                    $keywords_array = explode(' ', $keywords);
                }
                else
                {
                    // Filter out non-alphabetical chars
                    $noise_match = array('^', '$', '&', '(', ')', '<', '>', '`', '\'', '"', '|', ',', '@', '_', '?', '%', '~', '[', ']', '{', '}', ':', '\\', '/', '=', '#', '\'', ';', '!', '¤');
                    $noise_replace = array(' ', ' ', ' ', ' ', ' ', ' ', ' ', '',  '',   ' ', ' ', ' ', ' ', '',  ' ', ' ', ' ', ' ', ' ', ' ', ' ', ' ', '' ,  ' ', ' ', ' ', ' ',  ' ', ' ', ' ');
                    $keywords = str_replace($noise_match, $noise_replace, $keywords);

                    // Strip out excessive whitespace
                    $keywords = trim(preg_replace('#\s+#', ' ', $keywords));

                    // Fill an array with all the words
                    $keywords_array = explode(' ', $keywords);

                    if (empty($keywords_array))
                        message($lang_search['No hits']);

                    while (list($i, $word) = @each($keywords_array))
                    {
                        $num_chars = pun_strlen($word);

                        if ($num_chars < 3 || $num_chars > 20 || in_array($word, $stopwords))
                            unset($keywords_array[$i]);
                    }

                    // Should we search in message body or topic subject specifically?
                    $search_in_cond = ($search_in) ? (($search_in > 0) ? ' AND m.subject_match = 0' : ' AND m.subject_match = 1') : '';
                }

                $word_count = 0;
                $match_type = 'and';
                $result_list = array();
                @reset($keywords_array);
                while (list(, $cur_word) = @each($keywords_array))
                {
                    switch ($cur_word)
                    {
                        case 'and':
                        case 'or':
                        case 'not':
                            $match_type = $cur_word;
                            break;

                        default:
                        {
                            // Are we searching for multibyte charset text?
                            if ($multibyte)
                            {
                                $cur_word = $db->escape('%'.str_replace('*', '', $cur_word).'%');
                                $cur_word_like = ($db_type == 'pgsql') ? 'ILIKE \''.$cur_word.'\'' : 'LIKE \''.$cur_word.'\'';

                                if ($search_in > 0)
                                    $sql = 'SELECT id FROM '.$db->prefix.'posts WHERE message '.$cur_word_like;
                                else if ($search_in < 0)
                                    $sql = 'SELECT p.id FROM '.$db->prefix.'posts AS p INNER JOIN '.$db->prefix.'topics AS t ON t.id=p.topic_id WHERE t.subject '.$cur_word_like.' GROUP BY p.id, t.id';
                                else
                                    $sql = 'SELECT p.id FROM '.$db->prefix.'posts AS p INNER JOIN '.$db->prefix.'topics AS t ON t.id=p.topic_id WHERE p.message '.$cur_word_like.' OR t.subject '.$cur_word_like.' GROUP BY p.id, t.id';
                            }
                            else
                            {
                                $cur_word = str_replace('*', '%', $cur_word);
                                $sql = 'SELECT m.post_id FROM '.$db->prefix.'search_words AS w INNER JOIN '.$db->prefix.'search_matches AS m ON m.word_id = w.id WHERE w.word LIKE \''.$cur_word.'\''.$search_in_cond;
                            }

                            $result = $db->query($sql, true) or error('Unable to search for posts', __FILE__, __LINE__, $db->error());

                            $row = array();
                            while ($temp = $db->fetch_row($result))
                            {
                                $row[$temp[0]] = 1;

                                if (!$word_count)
                                    $result_list[$temp[0]] = 1;
                                else if ($match_type == 'or')
                                    $result_list[$temp[0]] = 1;
                                else if ($match_type == 'not')
                                    $result_list[$temp[0]] = 0;
                            }

                            if ($match_type == 'and' && $word_count)
                            {
                                @reset($result_list);
                                while (list($post_id,) = @each($result_list))
                                {
                                    if (!isset($row[$post_id]))
                                        $result_list[$post_id] = 0;
                                }
                            }

                            ++$word_count;
                            $db->free_result($result);

                            break;
                        }
                    }
                }

                @reset($result_list);
                while (list($post_id, $matches) = @each($result_list))
                {
                    if ($matches)
                        $keyword_results[] = $post_id;
                }

                unset($result_list);
            }

            // If it's a search for author name (and that author name isn't Guest)
            if ($author && strcasecmp($author, 'Guest') && strcasecmp($author, $lang_common['Guest']))
            {
                switch ($db_type)
                {
                    case 'pgsql':
                        $result = $db->query('SELECT id FROM '.$db->prefix.'users WHERE username ILIKE \''.$db->escape($author).'\'') or error('Unable to fetch users', __FILE__, __LINE__, $db->error());
                        break;

                    default:
                        $result = $db->query('SELECT id FROM '.$db->prefix.'users WHERE username LIKE \''.$db->escape($author).'\'') or error('Unable to fetch users', __FILE__, __LINE__, $db->error());
                        break;
                }

                if ($db->num_rows($result))
                {
                    $user_ids = '';
                    while ($row = $db->fetch_row($result))
                        $user_ids .= (($user_ids != '') ? ',' : '').$row[0];

                    $result = $db->query('SELECT id FROM '.$db->prefix.'posts WHERE poster_id IN('.$user_ids.')') or error('Unable to fetch matched posts list', __FILE__, __LINE__, $db->error());

                    $search_ids = array();
                    while ($row = $db->fetch_row($result))
                        $author_results[] = $row[0];

                    $db->free_result($result);
                }
            }


            if ($author && $keywords)
            {
                // If we searched for both keywords and author name we want the intersection between the results
                $search_ids = array_intersect($keyword_results, $author_results);
                unset($keyword_results, $author_results);
            }
            else if ($keywords)
                $search_ids = $keyword_results;
            else
                $search_ids = $author_results;

            $num_hits = count($search_ids);
            if (!$num_hits)
                message($lang_search['No hits']);


            if ($show_as == 'topics')
            {
                $result = $db->query('SELECT t.id FROM '.$db->prefix.'posts AS p INNER JOIN '.$db->prefix.'topics AS t ON t.id=p.topic_id INNER JOIN '.$db->prefix.'forums AS f ON f.id=t.forum_id LEFT JOIN '.$db->prefix.'forum_perms AS fp ON (fp.forum_id=f.id AND fp.group_id='.$pun_user['g_id'].') WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND p.id IN('.implode(',', $search_ids).')'.$forum_sql.' GROUP BY t.id', true) or error('Unable to fetch topic list', __FILE__, __LINE__, $db->error());

                $search_ids = array();
                while ($row = $db->fetch_row($result))
                    $search_ids[] = $row[0];

                $db->free_result($result);

                $num_hits = count($search_ids);
            }
            else
            {
                $result = $db->query('SELECT p.id FROM '.$db->prefix.'posts AS p INNER JOIN '.$db->prefix.'topics AS t ON t.id=p.topic_id INNER JOIN '.$db->prefix.'forums AS f ON f.id=t.forum_id LEFT JOIN '.$db->prefix.'forum_perms AS fp ON (fp.forum_id=f.id AND fp.group_id='.$pun_user['g_id'].') WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND p.id IN('.implode(',', $search_ids).')'.$forum_sql, true) or error('Unable to fetch topic list', __FILE__, __LINE__, $db->error());

                $search_ids = array();
                while ($row = $db->fetch_row($result))
                    $search_ids[] = $row[0];

                $db->free_result($result);

                $num_hits = count($search_ids);
            }
        }
        else if ($action == 'show_new' || $action == 'show_24h' || $action == 'show_user' || $action == 'show_subscriptions' || $action == 'show_unanswered')
        {
            // If it's a search for new posts
            if ($action == 'show_new')
            {
                if ($pun_user['is_guest'])
                    message($lang_common['No permission']);

                $result = $db->query('SELECT t.id FROM '.$db->prefix.'topics AS t INNER JOIN '.$db->prefix.'forums AS f ON f.id=t.forum_id LEFT JOIN '.$db->prefix.'forum_perms AS fp ON (fp.forum_id=f.id AND fp.group_id='.$pun_user['g_id'].') WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND t.last_post>'.$pun_user['last_visit'].' AND t.moved_to IS NULL') or error('Unable to fetch topic list', __FILE__, __LINE__, $db->error());
                $num_hits = $db->num_rows($result);

                if (!$num_hits)
                    message($lang_search['No new posts']);
            }
            // If it's a search for todays posts
            else if ($action == 'show_24h')
            {
                $result = $db->query('SELECT t.id FROM '.$db->prefix.'topics AS t INNER JOIN '.$db->prefix.'forums AS f ON f.id=t.forum_id LEFT JOIN '.$db->prefix.'forum_perms AS fp ON (fp.forum_id=f.id AND fp.group_id='.$pun_user['g_id'].') WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND t.last_post>'.(time() - 86400).' AND t.moved_to IS NULL') or error('Unable to fetch topic list', __FILE__, __LINE__, $db->error());
                $num_hits = $db->num_rows($result);

                if (!$num_hits)
                    message($lang_search['No recent posts']);
            }
            // If it's a search for posts by a specific user ID
            else if ($action == 'show_user')
            {
                $result = $db->query('SELECT t.id FROM '.$db->prefix.'topics AS t INNER JOIN '.$db->prefix.'posts AS p ON t.id=p.topic_id INNER JOIN '.$db->prefix.'forums AS f ON f.id=t.forum_id LEFT JOIN '.$db->prefix.'forum_perms AS fp ON (fp.forum_id=f.id AND fp.group_id='.$pun_user['g_id'].') WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND p.poster_id='.$user_id.' GROUP BY t.id') or error('Unable to fetch topic list', __FILE__, __LINE__, $db->error());
                $num_hits = $db->num_rows($result);

                if (!$num_hits)
                    message($lang_search['No user posts']);
            }
            // If it's a search for subscribed topics
            else if ($action == 'show_subscriptions')
            {
                if ($pun_user['is_guest'])
                    message($lang_common['Bad request']);

                $result = $db->query('SELECT t.id FROM '.$db->prefix.'topics AS t INNER JOIN '.$db->prefix.'subscriptions AS s ON (t.id=s.topic_id AND s.user_id='.$pun_user['id'].') INNER JOIN '.$db->prefix.'forums AS f ON f.id=t.forum_id LEFT JOIN '.$db->prefix.'forum_perms AS fp ON (fp.forum_id=f.id AND fp.group_id='.$pun_user['g_id'].') WHERE (fp.read_forum IS NULL OR fp.read_forum=1)') or error('Unable to fetch topic list', __FILE__, __LINE__, $db->error());
                $num_hits = $db->num_rows($result);

                if (!$num_hits)
                    message($lang_search['No subscriptions']);
            }
            // If it's a search for unanswered posts
            else
            {
                $result = $db->query('SELECT t.id FROM '.$db->prefix.'topics AS t INNER JOIN '.$db->prefix.'forums AS f ON f.id=t.forum_id LEFT JOIN '.$db->prefix.'forum_perms AS fp ON (fp.forum_id=f.id AND fp.group_id='.$pun_user['g_id'].') WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND t.num_replies=0 AND t.moved_to IS NULL') or error('Unable to fetch topic list', __FILE__, __LINE__, $db->error());
                $num_hits = $db->num_rows($result);

                if (!$num_hits)
                    message($lang_search['No unanswered']);
            }

            // We want to sort things after last post
            $sort_by = 4;

            $search_ids = array();
            while ($row = $db->fetch_row($result))
                $search_ids[] = $row[0];

            $db->free_result($result);

            $show_as = 'topics';
        }
        else
            message($lang_common['Bad request']);


        // Prune "old" search results
        $old_searches = array();
        $result = $db->query('SELECT ident FROM '.$db->prefix.'online') or error('Unable to fetch online list', __FILE__, __LINE__, $db->error());

        if ($db->num_rows($result))
        {
            while ($row = $db->fetch_row($result))
                $old_searches[] = '\''.$db->escape($row[0]).'\'';

            $db->query('DELETE FROM '.$db->prefix.'search_cache WHERE ident NOT IN('.implode(',', $old_searches).')') or error('Unable to delete search results', __FILE__, __LINE__, $db->error());
        }

        // Final search results
        $search_results = implode(',', $search_ids);

        // Fill an array with our results and search properties
        $temp['search_results'] = $search_results;
        $temp['num_hits'] = $num_hits;
        $temp['sort_by'] = $sort_by;
        $temp['sort_dir'] = $sort_dir;
        $temp['show_as'] = $show_as;
        $temp = serialize($temp);
        $search_id = mt_rand(1, 2147483647);

        $ident = ($pun_user['is_guest']) ? get_remote_address() : $pun_user['username'];

        $db->query('INSERT INTO '.$db->prefix.'search_cache (id, ident, search_data) VALUES('.$search_id.', \''.$db->escape($ident).'\', \''.$db->escape($temp).'\')') or error('Unable to insert search results', __FILE__, __LINE__, $db->error());

        if ($action != 'show_new' && $action != 'show_24h')
        {
            $db->end_transaction();
            $db->close();

            // Redirect the user to the cached result page
            header('Location: search.php?search_id='.$search_id);
            exit;
        }
    }


    // Fetch results to display
    if ($search_results != '')
    {
        switch ($sort_by)
        {
            case 1:
                $sort_by_sql = ($show_as == 'topics') ? 't.poster' : 'p.poster';
                break;

            case 2:
                $sort_by_sql = 't.subject';
                break;

            case 3:
                $sort_by_sql = 't.forum_id';
                break;

            case 4:
                $sort_by_sql = 't.last_post';
                break;

            default:
                $sort_by_sql = ($show_as == 'topics') ? 't.posted' : 'p.posted';
                break;
        }

        if ($show_as == 'posts')
        {
            $substr_sql = ($db_type != 'sqlite') ? 'SUBSTRING' : 'SUBSTR';
            $sql = 'SELECT p.id AS pid, p.poster AS pposter, p.posted AS pposted, p.poster_id, '.$substr_sql.'(p.message, 1, 1000) AS message, t.id AS tid, t.poster, t.subject, t.last_post, t.last_post_id, t.last_poster, t.num_replies, t.forum_id FROM '.$db->prefix.'posts AS p INNER JOIN '.$db->prefix.'topics AS t ON t.id=p.topic_id WHERE p.id IN('.$search_results.') ORDER BY '.$sort_by_sql;
        }
        else
            $sql = 'SELECT t.id AS tid, t.poster, t.subject, t.last_post, t.last_post_id, t.last_poster, t.num_replies, t.closed, t.forum_id FROM '.$db->prefix.'topics AS t WHERE t.id IN('.$search_results.') ORDER BY '.$sort_by_sql;


        // Determine the topic or post offset (based on $_GET['p'])
        $per_page = ($show_as == 'posts') ? $pun_user['disp_posts'] : $pun_user['disp_topics'];
        $num_pages = ceil($num_hits / $per_page);

        $p = (!isset($_GET['p']) || $_GET['p'] <= 1 || $_GET['p'] > $num_pages) ? 1 : $_GET['p'];
        $start_from = $per_page * ($p - 1);

        // Generate paging links
        $paging_links = $lang_common['Pages'].': '.paginate($num_pages, $p, 'search.php?search_id='.$search_id);


        $sql .= ' '.$sort_dir.' LIMIT '.$start_from.', '.$per_page;

        $result = $db->query($sql) or error('Unable to fetch search results', __FILE__, __LINE__, $db->error());

        $search_set = array();
        while ($row = $db->fetch_assoc($result))
            $search_set[] = $row;

        $db->free_result($result);

        $page_title = pun_htmlspecialchars($pun_config['o_board_title']).' / '.$lang_search['Search results'];
        require PUN_ROOT.'header.php';


?>
<div class="linkst">
    <div class="inbox">
        <p class="pagelink"><?php echo $paging_links ?></p>
    </div>
</div>

<?php

        //Set background switching on for show as posts
        $bg_switch = true;

        if ($show_as == 'topics')
        {

?>
<div id="vf" class="blocktable">
    <h2><span><?php echo $lang_search['Search results']; ?></span></h2>
    <div class="box">
        <div class="inbox">
            <table cellspacing="0">
            <thead>
                <tr>
                    <th class="tcl" scope="col"><?php echo $lang_common['Topic']; ?></th>
                    <th class="tc2" scope="col"><?php echo $lang_common['Forum'] ?></th>
                    <th class="tc3" scope="col"><?php echo $lang_common['Replies'] ?></th>
                    <th class="tcr" scope="col"><?php echo $lang_common['Last post'] ?></th>
                </tr>
            </thead>
            <tbody>
<?php

        }

        // Fetch the list of forums
        $result = $db->query('SELECT id, forum_name FROM '.$db->prefix.'forums') or error('Unable to fetch forum list', __FILE__, __LINE__, $db->error());

        $forum_list = array();
        while ($forum_list[] = $db->fetch_row($result))
            ;

        // Finally, lets loop through the results and output them
        for ($i = 0; $i < count($search_set); ++$i)
        {
            @reset($forum_list);
            while (list(, $temp) = @each($forum_list))
            {
                if ($temp[0] == $search_set[$i]['forum_id'])
                    $forum = '<a href="viewforum.php?id='.$temp[0].'">'.pun_htmlspecialchars($temp[1]).'</a>';
            }

            if ($pun_config['o_censoring'] == '1')
                $search_set[$i]['subject'] = censor_words($search_set[$i]['subject']);


            if ($show_as == 'posts')
            {
                $icon = '<div class="icon"><div class="nosize">'.$lang_common['Normal icon'].'</div></div>'."\n";
                $subject = '<a href="viewtopic.php?id='.$search_set[$i]['tid'].'">'.pun_htmlspecialchars($search_set[$i]['subject']).'</a>';

                if (!$pun_user['is_guest'] && $search_set[$i]['last_post'] > $pun_user['last_visit'])
                    $icon = '<div class="icon inew"><div class="nosize">'.$lang_common['New icon'].'</div></div>'."\n";


                if ($pun_config['o_censoring'] == '1')
                    $search_set[$i]['message'] = censor_words($search_set[$i]['message']);

                $message = str_replace("\n", '<br />', pun_htmlspecialchars($search_set[$i]['message']));
                $pposter = pun_htmlspecialchars($search_set[$i]['pposter']);

                if ($search_set[$i]['poster_id'] > 1)
                    $pposter = '<strong><a href="profile.php?id='.$search_set[$i]['poster_id'].'">'.$pposter.'</a></strong>';

                if (pun_strlen($message) >= 1000)
                    $message .= ' …';

                $vtpost1 = ($i == 0) ? ' vtp1' : '';

                // Switch the background color for every message.
                $bg_switch = ($bg_switch) ? $bg_switch = false : $bg_switch = true;
                $vtbg = ($bg_switch) ? ' rowodd' : ' roweven';


?>
<div class="blockpost searchposts<?php echo $vtbg ?>">
    <h2><?php echo $forum ?> » <?php echo $subject ?> » <a href="viewtopic.php?pid=<?php echo $search_set[$i]['pid'].'#p'.$search_set[$i]['pid'] ?>"><?php echo format_time($search_set[$i]['pposted']) ?></a></h2>
    <div class="box">
        <div class="inbox">
            <div class="postleft">
                <dl>
                    <dt><?php echo $pposter ?></dt>
                    <dd>Replies: <?php echo $search_set[$i]['num_replies'] ?></dd>
                    <dd><?php echo $icon; ?></dd>
                    <dd><p class="clearb"><a href="viewtopic.php?pid=<?php echo $search_set[$i]['pid'].'#p'.$search_set[$i]['pid'] ?>"><?php echo $lang_search['Go to post'] ?></a></p></dd>
                </dl>
            </div>
            <div class="postright">
                <div class="postmsg">
                    <p><?php echo $message ?></p>
                </div>
            </div>
            <div class="clearer"></div>
        </div>
    </div>
</div>
<?php

            }
            else
            {
                $icon = '<div class="icon"><div class="nosize">'.$lang_common['Normal icon'].'</div></div>'."\n";

                $icon_text = $lang_common['Normal icon'];
                $item_status = '';
                $icon_type = 'icon';


                $subject = '<a href="viewtopic.php?id='.$search_set[$i]['tid'].'">'.pun_htmlspecialchars($search_set[$i]['subject']).'</a> <span class="byuser">'.$lang_common['by'].' '.pun_htmlspecialchars($search_set[$i]['poster']).'</span>';

                if ($search_set[$i]['closed'] != '0')
                {
                    $icon_text = $lang_common['Closed icon'];
                    $item_status = 'iclosed';
                }

                if (!$pun_user['is_guest'] && $search_set[$i]['last_post'] > $pun_user['last_visit'])
                {
                    $icon_text .= ' '.$lang_common['New icon'];
                    $item_status .= ' inew';
                    $icon_type = 'icon inew';
                    $subject = '<strong>'.$subject.'</strong>';
                    $subject_new_posts = '<span class="newtext">[ <a href="viewtopic.php?id='.$search_set[$i]['tid'].'&action=new" title="'.$lang_common['New posts info'].'">'.$lang_common['New posts'].'</a> ]</span>';
                }
                else
                    $subject_new_posts = null;

                $num_pages_topic = ceil(($search_set[$i]['num_replies'] + 1) / $pun_user['disp_posts']);

                if ($num_pages_topic > 1)
                    $subject_multipage = '[ '.paginate($num_pages_topic, -1, 'viewtopic.php?id='.$search_set[$i]['tid']).' ]';
                else
                    $subject_multipage = null;

                // S

Even if it's only for admin...

Thanks for the advice, but that's enough for me

No I found it, in index.php
if you want add it to your board find line 166 and modify it, it should look like this

            <dl class="conr">
                <dt><strong><?php echo $lang_index['Board stats'] ?></strong></dt>
                <dd><?php echo $lang_index['No of users'].': <strong>'. $stats['total_users'] ?></strong></dd>
                <dd><?php echo $lang_index['No of topics'].': <strong>'.$stats['total_topics'] ?></strong></dd>
                <dd><?php echo $lang_index['No of posts'].': <strong>'.$stats['total_posts'] ?></strong></dd>
                <dd><?php
include('3en1compteur/compteur.php');
echo "Nombre de visiteurs aujourd'hui : <strong>$v_auj</strong><br />";
echo "Nombre de visites au total: <strong>$v_total</strong><br />";
?></dd>
            </dl>

I have modify it just to show "visits today" and "total visits"
Enjoy

You don't understand what I say, I want know in which file I need to insert this little code to show it here
http://img142.imageshack.us/img142/4800/sanstitre1tq5.jpg

Hi all,
I have found a great counter very simple and easy to configurate, there is just the essential, number of visits today, total, and users on line
My problem is that I want integrate it just under the numer of total of members, number of topics, and number of messages, but I don't know where I need to add the code, I have search in footer.php but it's not that.
Can someone tell me what is the file please?

I found this counter here
http://www.notoon.com/forums/showthread.php?t=3

direct link to download
http://notoon.free.fr/3en1compteur/3en1compteur_01.zip

Hi all,

I think it could be great if the updated and edited posts were shown like new posts in the index with a blue folder, like that we can keep control of all messages that are posted.
If this function already exist please let me know where can I find it.

Je vois que tu es Français, donc tu dis qu'il faut qu'ils soient tous en 777 mais çà dépend de l'hébergeur ?
Pour info je suis chez 1&1
merci d'avance de m'éclairer un peu

Thanks for reply so fast,
for the others folders what is the permission, 755 ?

Hi all,
I have installed this forum and everything is fine, but now I want know what permissions need to be set to the folders, I mean is there some folders or files that need to be chmod to 777 or 755 or 644 when install is done ?
Regards.