punbb-1.1/upload/admin_prune.php |
punbb-1.1.2/upload/admin_prune.php |
87: $prune_from = $_POST['prune_from']; | 87: $prune_from = $_POST['prune_from']; |
88: | 88: |
89: // Concatenate together the query for counting number or topics to prune | 89: // Concatenate together the query for counting number or topics to prune |
90: $sql = 'SELECT COUNT(id) FROM '.$db->prefix.'topics WHERE last_post<'.$prune_date; | 90: $sql = 'SELECT COUNT(id) FROM '.$db->prefix.'topics WHERE last_post<'.$prune_date.' AND moved_to IS NULL'; |
91: | 91: |
92: if ($_POST['prune_sticky'] == '0') | 92: if ($_POST['prune_sticky'] == '0') |
93: $sql .= ' AND sticky=\'0\''; | 93: $sql .= ' AND sticky=\'0\''; |
98: | 98: |
99: // Fetch the forum name (just for cosmetic reasons) | 99: // Fetch the forum name (just for cosmetic reasons) |
100: $result = $db->query('SELECT forum_name FROM '.$db->prefix.'forums WHERE id='.$prune_from) or error('Unable to fetch forum name', __FILE__, __LINE__, $db->error()); | 100: $result = $db->query('SELECT forum_name FROM '.$db->prefix.'forums WHERE id='.$prune_from) or error('Unable to fetch forum name', __FILE__, __LINE__, $db->error()); |
101: $forum = '"'.$db->result($result, 0).'"'; | 101: $forum = '"'.pun_htmlspecialchars($db->result($result, 0)).'"'; |
102: } | 102: } |
103: else | 103: else |
104: $forum = 'all forums'; | 104: $forum = 'all forums'; |
punbb-1.1/upload/admin_users.php |
punbb-1.1.2/upload/admin_users.php |
362: <tr> | 362: <tr> |
363: <td class="punright" style="width: 35%">Username</td> | 363: <td class="punright" style="width: 35%">Username</td> |
364: <td style="width: 35%"><input type="text" name="username" size="25" maxlength="25" tabindex="1"></td> | 364: <td style="width: 35%"><input type="text" name="username" size="25" maxlength="25" tabindex="1"></td> |
365: <td style="width: 30%" rowspan="16"><input type="submit" name="find_user" value=" Find " tabindex="21"></td> | 365: <td style="width: 30%" rowspan="16"><input type="submit" name="find_user" value=" Find " tabindex="22"></td> |
366: </tr> | 366: </tr> |
367: <tr> | 367: <tr> |
368: <td class="punright" style="width: 35%">E-mail address</td> | 368: <td class="punright" style="width: 35%">E-mail address</td> |
385: <td style="width: 35%"><input type="text" name="form[icq]" size="12" maxlength="12" tabindex="6"></td> | 385: <td style="width: 35%"><input type="text" name="form[icq]" size="12" maxlength="12" tabindex="6"></td> |
386: </tr> | 386: </tr> |
387: <tr> | 387: <tr> |
| 388: <td class="punright" style="width: 35%">MSN Messenger</td> |
| 389: <td style="width: 35%"><input type="text" name="form[msn]" size="30" maxlength="50" tabindex="7"></td> |
| 390: </tr> |
| 391: <tr> |
388: <td class="punright" style="width: 35%">AOL IM</td> | 392: <td class="punright" style="width: 35%">AOL IM</td> |
389: <td style="width: 35%"><input type="text" name="form[aim]" size="20" maxlength="20" tabindex="7"></td> | 393: <td style="width: 35%"><input type="text" name="form[aim]" size="20" maxlength="20" tabindex="8"></td> |
390: </tr> | 394: </tr> |
391: <tr> | 395: <tr> |
392: <td class="punright" style="width: 35%">Yahoo! Messenger</td> | 396: <td class="punright" style="width: 35%">Yahoo! Messenger</td> |
393: <td style="width: 35%"><input type="text" name="form[yahoo]" size="20" maxlength="20" tabindex="8"></td> | 397: <td style="width: 35%"><input type="text" name="form[yahoo]" size="20" maxlength="20" tabindex="9"></td> |
394: </tr> | 398: </tr> |
395: <tr> | 399: <tr> |
396: <td class="punright" style="width: 35%">Location</td> | 400: <td class="punright" style="width: 35%">Location</td> |
397: <td style="width: 35%"><input type="text" name="form[location]" size="30" maxlength="30" tabindex="9"></td> | 401: <td style="width: 35%"><input type="text" name="form[location]" size="30" maxlength="30" tabindex="10"></td> |
398: </tr> | 402: </tr> |
399: <tr> | 403: <tr> |
400: <td class="punright" style="width: 35%">Signature</td> | 404: <td class="punright" style="width: 35%">Signature</td> |
401: <td style="width: 35%"><input type="text" name="form[signature]" size="35" maxlength="512" tabindex="10"></td> | 405: <td style="width: 35%"><input type="text" name="form[signature]" size="35" maxlength="512" tabindex="11"></td> |
402: </tr> | 406: </tr> |
403: <tr> | 407: <tr> |
404: <td class="punright" style="width: 35%">Admin note</td> | 408: <td class="punright" style="width: 35%">Admin note</td> |
405: <td style="width: 35%"><input type="text" name="form[admin_note]" size="30" maxlength="30" tabindex="11"></td> | 409: <td style="width: 35%"><input type="text" name="form[admin_note]" size="30" maxlength="30" tabindex="12"></td> |
406: </tr> | 410: </tr> |
407: <tr> | 411: <tr> |
408: <td class="punright" style="width: 35%">Number of posts greater than</td> | 412: <td class="punright" style="width: 35%">Number of posts greater than</td> |
409: <td style="width: 35%"><input type="text" name="posts_greater" size="5" maxlength="8" tabindex="12"></td> | 413: <td style="width: 35%"><input type="text" name="posts_greater" size="5" maxlength="8" tabindex="13"></td> |
410: </tr> | 414: </tr> |
411: <tr> | 415: <tr> |
412: <td class="punright" style="width: 35%">Number of posts less than</td> | 416: <td class="punright" style="width: 35%">Number of posts less than</td> |
413: <td style="width: 35%"><input type="text" name="posts_less" size="5" maxlength="8" tabindex="13"></td> | 417: <td style="width: 35%"><input type="text" name="posts_less" size="5" maxlength="8" tabindex="14"></td> |
414: </tr> | 418: </tr> |
415: <tr> | 419: <tr> |
416: <td class="punright" style="width: 35%">Last post is after<br>(yyyy-mm-dd hh:mm:ss)</td> | 420: <td class="punright" style="width: 35%">Last post is after<br>(yyyy-mm-dd hh:mm:ss)</td> |
417: <td style="width: 35%"><input type="text" name="last_post_after" size="24" maxlength="19" tabindex="14"></td> | 421: <td style="width: 35%"><input type="text" name="last_post_after" size="24" maxlength="19" tabindex="15"></td> |
418: </tr> | 422: </tr> |
419: <tr> | 423: <tr> |
420: <td class="punright" style="width: 35%">Last post is before<br>(yyyy-mm-dd hh:mm:ss)</td> | 424: <td class="punright" style="width: 35%">Last post is before<br>(yyyy-mm-dd hh:mm:ss)</td> |
421: <td style="width: 35%"><input type="text" name="last_post_before" size="24" maxlength="19" tabindex="15"></td> | 425: <td style="width: 35%"><input type="text" name="last_post_before" size="24" maxlength="19" tabindex="16"></td> |
422: </tr> | 426: </tr> |
423: <tr> | 427: <tr> |
424: <td class="punright" style="width: 35%">Registered after<br>(yyyy-mm-dd hh:mm:ss)</td> | 428: <td class="punright" style="width: 35%">Registered after<br>(yyyy-mm-dd hh:mm:ss)</td> |
425: <td style="width: 35%"><input type="text" name="registered_after" size="24" maxlength="19" tabindex="16"></td> | 429: <td style="width: 35%"><input type="text" name="registered_after" size="24" maxlength="19" tabindex="17"></td> |
426: </tr> | 430: </tr> |
427: <tr> | 431: <tr> |
428: <td class="punright" style="width: 35%">Registered before<br>(yyyy-mm-dd hh:mm:ss)</td> | 432: <td class="punright" style="width: 35%">Registered before<br>(yyyy-mm-dd hh:mm:ss)</td> |
429: <td style="width: 35%"><input type="text" name="registered_before" size="24" maxlength="19" tabindex="17"></td> | 433: <td style="width: 35%"><input type="text" name="registered_before" size="24" maxlength="19" tabindex="18"></td> |
430: </tr> | 434: </tr> |
431: <tr> | 435: <tr> |
432: <td class="punright" style="width: 35%">Order by</td> | 436: <td class="punright" style="width: 35%">Order by</td> |
433: <td style="width: 35%"> | 437: <td style="width: 35%"> |
434: <select name="order_by" tabindex="18"> | 438: <select name="order_by" tabindex="19"> |
435: <option value="username" selected>username</option> | 439: <option value="username" selected>username</option> |
436: <option value="email">e-mail</option> | 440: <option value="email">e-mail</option> |
437: <option value="num_posts">posts</option> | 441: <option value="num_posts">posts</option> |
438: <option value="last_post">last post</option> | 442: <option value="last_post">last post</option> |
439: <option value="registered">registered</option> | 443: <option value="registered">registered</option> |
440: </select> <select name="direction" tabindex="19"> | 444: </select> <select name="direction" tabindex="20"> |
441: <option value="ASC" selected>ascending</option> | 445: <option value="ASC" selected>ascending</option> |
442: <option value="DESC">descending</option> | 446: <option value="DESC">descending</option> |
443: </select> | 447: </select> |
446: <tr> | 450: <tr> |
447: <td class="punright" style="width: 35%">User group</td> | 451: <td class="punright" style="width: 35%">User group</td> |
448: <td style="width: 35%"> | 452: <td style="width: 35%"> |
449: <select name="user_group" tabindex="20"> | 453: <select name="user_group" tabindex="21"> |
450: <option value="all" selected>All groups</option> | 454: <option value="all" selected>All groups</option> |
451: <option value="<?php echo PUN_USER ?>">Users</option> | 455: <option value="<?php echo PUN_USER ?>">Users</option> |
452: <option value="<?php echo PUN_MOD ?>">Moderators</option> | 456: <option value="<?php echo PUN_MOD ?>">Moderators</option> |
474: <table class="punplain" cellspacing="0" cellpadding="4"> | 478: <table class="punplain" cellspacing="0" cellpadding="4"> |
475: <tr> | 479: <tr> |
476: <td class="punright" style="width: 35%"><b>IP address</b><br>The IP address to search for in the post database.</td> | 480: <td class="punright" style="width: 35%"><b>IP address</b><br>The IP address to search for in the post database.</td> |
477: <td style="width: 35%"><input type="text" name="show_users" size="18" maxlength="15" tabindex="22"></td> | 481: <td style="width: 35%"><input type="text" name="show_users" size="18" maxlength="15" tabindex="23"></td> |
478: <td style="width: 30%"><input type="submit" value=" Find " tabindex="23"></td> | 482: <td style="width: 30%"><input type="submit" value=" Find " tabindex="24"></td> |
479: </tr> | 483: </tr> |
480: </table> | 484: </table> |
481: </td> | 485: </td> |
punbb-1.1/upload/footer.php |
punbb-1.1.2/upload/footer.php |
72: <select name="id" onchange="window.location=('viewforum.php?id='+this.options[this.selectedIndex].value)"> | 72: <select name="id" onchange="window.location=('viewforum.php?id='+this.options[this.selectedIndex].value)"> |
73: <?php | 73: <?php |
74: | 74: |
75: if ($cur_user['status'] < PUN_MOD) | 75: $extra_sql = ($cur_user['status'] < PUN_MOD) ? ' WHERE f.admmod_only=\'0\'' : ''; |
76: $extra = ' WHERE f.admmod_only=\'0\''; | |
77: | 76: |
78: $result = $db->query('SELECT c.id AS cid, c.cat_name, f.id AS fid, f.forum_name FROM '.$db->prefix.'categories AS c INNER JOIN '.$db->prefix.'forums AS f ON c.id=f.cat_id'.$extra.' ORDER BY c.disp_position, c.id, f.disp_position') or error('Unable to fetch category/forum list', __FILE__, __LINE__, $db->error()); | 77: $result = $db->query('SELECT c.id AS cid, c.cat_name, f.id AS fid, f.forum_name FROM '.$db->prefix.'categories AS c INNER JOIN '.$db->prefix.'forums AS f ON c.id=f.cat_id'.$extra_sql.' ORDER BY c.disp_position, c.id, f.disp_position') or error('Unable to fetch category/forum list', __FILE__, __LINE__, $db->error()); |
79: | 78: |
80: while ($cur_forum = $db->fetch_assoc($result)) | 79: while ($cur_forum = $db->fetch_assoc($result)) |
81: { | 80: { |
108: else if ($footer_style == 'topic' && $is_admmod) | 107: else if ($footer_style == 'topic' && $is_admmod) |
109: { | 108: { |
110: echo "\t\t\t\t\t\t".'<br><a href="moderate.php?fid='.$forum_id.'&tid='.$id.'&p='.$p.'">'.$lang_common['Delete posts'].'</a><br>'."\n"; | 109: echo "\t\t\t\t\t\t".'<br><a href="moderate.php?fid='.$forum_id.'&tid='.$id.'&p='.$p.'">'.$lang_common['Delete posts'].'</a><br>'."\n"; |
111: echo "\t\t\t\t\t\t".'<a href="moderate.php?fid='.$forum_id.'&move='.$id.'">'.$lang_common['Move topic'].'</a><br>'."\n"; | 110: echo "\t\t\t\t\t\t".'<a href="moderate.php?fid='.$forum_id.'&move_topics='.$id.'">'.$lang_common['Move topic'].'</a><br>'."\n"; |
112: | 111: |
113: if ($closed == '1') | 112: if ($closed == '1') |
114: echo "\t\t\t\t\t\t".'<a href="moderate.php?fid='.$forum_id.'&open='.$id.'">'.$lang_common['Open topic'].'</a><br>'."\n"; | 113: echo "\t\t\t\t\t\t".'<a href="moderate.php?fid='.$forum_id.'&open='.$id.'">'.$lang_common['Open topic'].'</a><br>'."\n"; |
punbb-1.1/upload/include/dblayer/pgsql.php |
punbb-1.1.2/upload/include/dblayer/pgsql.php |
23: ************************************************************************/ | 23: ************************************************************************/ |
24: | 24: |
25: | 25: |
26: // Make sure we have built in support for MySQL | 26: // Make sure we have built in support for PostgreSQL |
27: if (!function_exists('pg_connect')) | 27: if (!function_exists('pg_connect')) |
28: exit('This PHP environment doesn\'t have PostgreSQL support built in. PostgreSQL support is required if you want to use a PostgreSQL database to run this forum. Consult the PHP documentation for further assistance.'); | 28: exit('This PHP environment doesn\'t have PostgreSQL support built in. PostgreSQL support is required if you want to use a PostgreSQL database to run this forum. Consult the PHP documentation for further assistance.'); |
29: | 29: |
111: if (defined('PUN_SHOW_QUERIES')) | 111: if (defined('PUN_SHOW_QUERIES')) |
112: $this->saved_queries[] = array('BEGIN', 0); | 112: $this->saved_queries[] = array('BEGIN', 0); |
113: | 113: |
114: if (!@pg_exec($this->link_id, 'BEGIN')) | 114: if (!@pg_query($this->link_id, 'BEGIN')) |
115: return false; | 115: return false; |
116: } | 116: } |
117: | 117: |
118: if (defined('PUN_SHOW_QUERIES')) | 118: if (defined('PUN_SHOW_QUERIES')) |
119: $q_start = get_microtime(); | 119: $q_start = get_microtime(); |
120: | 120: |
121: $this->query_result = @pg_exec($this->link_id, $sql); | 121: $this->query_result = @pg_query($this->link_id, $sql); |
122: if ($this->query_result) | 122: if ($this->query_result) |
123: { | 123: { |
124: if (defined('PUN_SHOW_QUERIES')) | 124: if (defined('PUN_SHOW_QUERIES')) |
131: if (defined('PUN_SHOW_QUERIES')) | 131: if (defined('PUN_SHOW_QUERIES')) |
132: $this->saved_queries[] = array('COMMIT', 0); | 132: $this->saved_queries[] = array('COMMIT', 0); |
133: | 133: |
134: if (!@pg_exec($this->link_id, 'COMMIT')) | 134: if (!@pg_query($this->link_id, 'COMMIT')) |
135: { | 135: { |
136: if (defined('PUN_SHOW_QUERIES')) | 136: if (defined('PUN_SHOW_QUERIES')) |
137: $this->saved_queries[] = array('ROLLBACK', 0); | 137: $this->saved_queries[] = array('ROLLBACK', 0); |
138: | 138: |
139: @pg_exec($this->link_id, 'ROLLBACK'); | 139: @pg_query($this->link_id, 'ROLLBACK'); |
140: return false; | 140: return false; |
141: } | 141: } |
142: } | 142: } |
154: $this->saved_queries[] = array('ROLLBACK', 0); | 154: $this->saved_queries[] = array('ROLLBACK', 0); |
155: | 155: |
156: if ($this->in_transaction) | 156: if ($this->in_transaction) |
157: @pg_exec($this->link_id, 'ROLLBACK'); | 157: @pg_query($this->link_id, 'ROLLBACK'); |
158: | 158: |
159: $this->in_transaction = false; | 159: $this->in_transaction = false; |
160: | 160: |
170: if (defined('PUN_SHOW_QUERIES')) | 170: if (defined('PUN_SHOW_QUERIES')) |
171: $this->saved_queries[] = array('COMMIT', 0); | 171: $this->saved_queries[] = array('COMMIT', 0); |
172: | 172: |
173: if (!@pg_exec($this->link_id, 'COMMIT')) | 173: if (!@pg_query($this->link_id, 'COMMIT')) |
174: { | 174: { |
175: if (defined('PUN_SHOW_QUERIES')) | 175: if (defined('PUN_SHOW_QUERIES')) |
176: $this->saved_queries[] = array('ROLLBACK', 0); | 176: $this->saved_queries[] = array('ROLLBACK', 0); |
177: | 177: |
178: @pg_exec($this->link_id, 'ROLLBACK'); | 178: @pg_query($this->link_id, 'ROLLBACK'); |
179: return false; | 179: return false; |
180: } | 180: } |
181: } | 181: } |
260: function num_rows($query_id = 0) | 260: function num_rows($query_id = 0) |
261: { | 261: { |
262: if (!$query_id) | 262: if (!$query_id) |
263: { | |
264: $query_id = $this->query_result; | 263: $query_id = $this->query_result; |
265: } | |
266: | 264: |
267: return ($query_id) ? @pg_num_rows($query_id) : false; | 265: return ($query_id) ? @pg_num_rows($query_id) : false; |
268: } | 266: } |
286: if (preg_match('/^INSERT[\t\n ]+INTO[\t\n ]+([a-z0-9\_\-]+)/is', $this->last_query_text[$query_id], $tablename)) | 284: if (preg_match('/^INSERT[\t\n ]+INTO[\t\n ]+([a-z0-9\_\-]+)/is', $this->last_query_text[$query_id], $tablename)) |
287: { | 285: { |
288: $sql = 'SELECT currval(\''.$tablename[1].'_id_seq\') AS lastval'; | 286: $sql = 'SELECT currval(\''.$tablename[1].'_id_seq\') AS lastval'; |
289: $temp_q_id = @pg_exec($this->link_id, $sql); | 287: $temp_q_id = @pg_query($this->link_id, $sql); |
290: | 288: |
291: if (!$temp_q_id) | 289: if (!$temp_q_id) |
292: return false; | 290: return false; |
318: if (!$query_id) | 316: if (!$query_id) |
319: $query_id = $this->query_result; | 317: $query_id = $this->query_result; |
320: | 318: |
321: return ($query_id) ? @pg_freeresult($query_id) : false; | 319: return ($query_id) ? @pg_free_result($query_id) : false; |
322: } | 320: } |
323: | 321: |
324: | 322: |
343: if (defined('PUN_SHOW_QUERIES')) | 341: if (defined('PUN_SHOW_QUERIES')) |
344: $this->saved_queries[] = array('COMMIT', 0); | 342: $this->saved_queries[] = array('COMMIT', 0); |
345: | 343: |
346: @pg_exec($this->link_id, 'COMMIT'); | 344: @pg_query($this->link_id, 'COMMIT'); |
347: } | 345: } |
348: | 346: |
349: if ($this->query_result) | 347: if ($this->query_result) |
350: @pg_freeresult($this->query_result); | 348: @pg_free_result($this->query_result); |
351: | 349: |
352: return @pg_close($this->link_id); | 350: return @pg_close($this->link_id); |
353: } | 351: } |
punbb-1.1/upload/include/parser.php |
punbb-1.1.2/upload/include/parser.php |
72: { | 72: { |
73: global $lang_common; | 73: global $lang_common; |
74: | 74: |
75: set_time_limit(3); | |
76: | |
77: // The maximum allowed quote depth | 75: // The maximum allowed quote depth |
78: $max_depth = 3; | 76: $max_depth = 3; |
79: | 77: |
207: '#\[email=(.*?)\](.*?)\[/email\]#', | 205: '#\[email=(.*?)\](.*?)\[/email\]#', |
208: '#\[color=([a-zA-Z]*|\#?[0-9a-fA-F]{6})](.*?)\[/color\]#s'); | 206: '#\[color=([a-zA-Z]*|\#?[0-9a-fA-F]{6})](.*?)\[/color\]#s'); |
209: | 207: |
210: $replace = array('<b>$1</b>', | 208: $replace = array('<strong>$1</strong>', |
211: '<i>$1</i>', | 209: '<em>$1</em>', |
212: '<u>$1</u>', | 210: '<u>$1</u>', |
213: 'truncate_url("$1")', | 211: 'truncate_url(\'$1\')', |
214: 'truncate_url("$1", "$2")', | 212: 'truncate_url(\'$1\', \'$2\')', |
215: '<a href="mailto:$1">$1</a>', | 213: '<a href="mailto:$1">$1</a>', |
216: '<a href="mailto:$1">$2</a>', | 214: '<a href="mailto:$1">$2</a>', |
217: '<span style="color: $1">$2</span>'); | 215: '<span style="color: $1">$2</span>'); |
239: | 237: |
240: $message = ' '.$message; | 238: $message = ' '.$message; |
241: | 239: |
242: $message = preg_replace('#([\t\n\(\) ])(https?|ftp|news){1}://([\w\-]+\.([\w\-]+\.)*[\w]+(:[0-9]+)?(/[^ "\(\)\n\r\t<]*)?)#ie', '"$1".truncate_url("$2://$3")', $message); | 240: $message = preg_replace('#([\s\(\)])(https?|ftp|news){1}://([\w\-]+\.([\w\-]+\.)*[\w]+(:[0-9]+)?(/[^"\s\(\)<\[]*)?)#ie', '\'$1\'.truncate_url(\'$2://$3\')', $message); |
243: $message = preg_replace('#([\t\n\(\) ])(www|ftp)\.(([\w\-]+\.)*[\w]+(:[0-9]+)?(/[^ "\(\)\n\r\t<]*)?)#ie', '"$1".truncate_url("$2.$3", "$2.$3")', $message); | 241: $message = preg_replace('#([\s\(\)])(www|ftp)\.(([\w\-]+\.)*[\w]+(:[0-9]+)?(/[^"\s\(\)<\[]*)?)#ie', '\'$1\'.truncate_url(\'$2.$3\', \'$2.$3\')', $message); |
244: | 242: |
245: return substr($message, 1); | 243: return substr($message, 1); |
246: } | 244: } |
punbb-1.1/upload/index.php |
punbb-1.1.2/upload/index.php |
53: | 53: |
54: | 54: |
55: // Print the categories and forums | 55: // Print the categories and forums |
56: if ($cur_user['status'] < PUN_MOD) | 56: $extra_sql = ($cur_user['status'] < PUN_MOD) ? ' WHERE f.admmod_only=\'0\'' : ''; |
57: $extra = ' WHERE f.admmod_only=\'0\''; | |
58: | 57: |
59: $result = $db->query('SELECT c.id AS cid, c.cat_name, f.id AS fid, f.forum_name, f.forum_desc, f.moderators, f.num_topics, f.num_posts, f.last_post, f.last_post_id, f.last_poster, f.closed FROM '.$db->prefix.'categories AS c INNER JOIN '.$db->prefix.'forums AS f ON c.id=f.cat_id'.$extra.' ORDER BY c.disp_position, c.id, f.disp_position') or error('Unable to fetch category/forum list', __FILE__, __LINE__, $db->error()); | 58: $result = $db->query('SELECT c.id AS cid, c.cat_name, f.id AS fid, f.forum_name, f.forum_desc, f.moderators, f.num_topics, f.num_posts, f.last_post, f.last_post_id, f.last_poster, f.closed FROM '.$db->prefix.'categories AS c INNER JOIN '.$db->prefix.'forums AS f ON c.id=f.cat_id'.$extra_sql.' ORDER BY c.disp_position, c.id, f.disp_position') or error('Unable to fetch category/forum list', __FILE__, __LINE__, $db->error()); |
60: | 59: |
61: while ($cur_forum = $db->fetch_assoc($result)) | 60: while ($cur_forum = $db->fetch_assoc($result)) |
62: { | 61: { |
punbb-1.1/upload/install.php |
punbb-1.1.2/upload/install.php |
24: | 24: |
25: | 25: |
26: // The PunBB version this script installs | 26: // The PunBB version this script installs |
27: $punbb_version = '1.1'; | 27: $punbb_version = '1.1.2'; |
28: | 28: |
29: | 29: |
30: $pun_root = './'; | 30: $pun_root = './'; |
289: break; | 289: break; |
290: | 290: |
291: default: | 291: default: |
292: exit('\''.$db_type.'\' is not a valid database type. <a href="JavaScript: history.go(-1)">Go back</a>.'); | 292: exit('\''.htmlspecialchars($db_type).'\' is not a valid database type. <a href="JavaScript: history.go(-1)">Go back</a>.'); |
293: break; | 293: break; |
294: } | 294: } |
295: | 295: |
864: $db->query('INSERT INTO '.$db_prefix."users (username, password, email) VALUES('Guest', 'Guest', 'Guest')", 1) | 864: $db->query('INSERT INTO '.$db_prefix."users (username, password, email) VALUES('Guest', 'Guest', 'Guest')", 1) |
865: or exit('Unable to insert into table '.$db_prefix.'users. Please check your configuration and try again. <a href="JavaScript: history.go(-1)">Go back</a>.'); | 865: or exit('Unable to insert into table '.$db_prefix.'users. Please check your configuration and try again. <a href="JavaScript: history.go(-1)">Go back</a>.'); |
866: | 866: |
867: $db->query('INSERT INTO '.$db_prefix."users (username, password, email, num_posts, status, last_post, registered, last_visit) VALUES('".addslashes($username)."', '".pun_hash($password1)."', '$email', 1, 2, ".$now.", ".$now.", ".$now.')') | 867: $db->query('INSERT INTO '.$db_prefix."users (username, password, email, num_posts, status, last_post, registered, last_visit, last_action) VALUES('".addslashes($username)."', '".pun_hash($password1)."', '$email', 1, 2, ".$now.", ".$now.", ".$now.", ".$now.')') |
868: or exit('Unable to insert into table '.$db_prefix.'users. Please check your configuration and try again. <a href="JavaScript: history.go(-1)">Go back</a>.'); | 868: or exit('Unable to insert into table '.$db_prefix.'users. Please check your configuration and try again. <a href="JavaScript: history.go(-1)">Go back</a>.'); |
869: | 869: |
870: // Insert config data | 870: // Insert config data |
975: | 975: |
976: | 976: |
977: /// Display config.php and give further instructions | 977: /// Display config.php and give further instructions |
978: $config = '<?php'."\n\n".'$db_type = \''.$db_type."';\n".'$db_host = \''.$db_host."';\n".'$db_name = \''.$db_name."';\n".'$db_username = \''.$db_username."';\n".'$db_password = \''.$db_password."';\n".'$db_prefix = \''.$db_prefix."';\n".'$p_connect = true;'."\n\n".'$cookie_name = '."'punbb_cookie';\n".'$cookie_domain = '."'';\n".'$cookie_path = '."'/';\n".'$cookie_secure = 0;'."\n\n".'$language = \'en\';'."\n\ndefine('PUN', 1);\n\n?>"; | 978: $config = '<?php'."\n\n".'$db_type = \''.$db_type."';\n".'$db_host = \''.$db_host."';\n".'$db_name = \''.$db_name."';\n".'$db_username = \''.$db_username."';\n".'$db_password = \''.$db_password."';\n".'$db_prefix = \''.$db_prefix."';\n".'$p_connect = false;'."\n\n".'$cookie_name = '."'punbb_cookie';\n".'$cookie_domain = '."'';\n".'$cookie_path = '."'/';\n".'$cookie_secure = 0;'."\n\n".'$language = \'en\';'."\n\ndefine('PUN', 1);\n\n?>"; |
979: | 979: |
980: | 980: |
981: ?> | 981: ?> |
punbb-1.1/upload/misc.php |
punbb-1.1.2/upload/misc.php |
105: | 105: |
106: pun_mail($recipient_email, $mail_subject, $mail_message, $cur_user['username'].' <'.$cur_user['email'].'>'); | 106: pun_mail($recipient_email, $mail_subject, $mail_message, $cur_user['username'].' <'.$cur_user['email'].'>'); |
107: | 107: |
108: redirect('profile.php?id='.$recipient_id, $lang_misc['E-mail sent redirect']); | 108: redirect($_POST['redirect_url'], $lang_misc['E-mail sent redirect']); |
109: } | 109: } |
110: | 110: |
111: | 111: |
| 112: // Try to determine if the data in HTTP_REFERER is valid (if not, we redirect to the users profile after the e-mail is sent) |
| 113: $redirect_url = (isset($_SERVER['HTTP_REFERER']) && preg_match('#^'.preg_quote($pun_config['o_base_url']).'/(.*?)\.php#i', $_SERVER['HTTP_REFERER'])) ? $_SERVER['HTTP_REFERER'] : 'index.php'; |
| 114: |
112: $page_title = pun_htmlspecialchars($pun_config['o_board_title']).' / '.$lang_misc['Send e-mail']; | 115: $page_title = pun_htmlspecialchars($pun_config['o_board_title']).' / '.$lang_misc['Send e-mail']; |
113: $validate_form = true; | 116: $validate_form = true; |
114: $element_names = array('req_subject' => $lang_misc['E-mail subject'], 'req_message' => $lang_misc['E-mail message']); | 117: $element_names = array('req_subject' => $lang_misc['E-mail subject'], 'req_message' => $lang_misc['E-mail message']); |
121: | 124: |
122: <form method="post" action="misc.php?email=<?php echo $recipient_id ?>" id="email" onsubmit="return process_form(this)"> | 125: <form method="post" action="misc.php?email=<?php echo $recipient_id ?>" id="email" onsubmit="return process_form(this)"> |
123: <input type="hidden" name="form_sent" value="1"> | 126: <input type="hidden" name="form_sent" value="1"> |
| 127: <input type="hidden" name="redirect_url" value="<?php echo $redirect_url ?>"> |
124: <table class="punmain" cellspacing="1" cellpadding="4"> | 128: <table class="punmain" cellspacing="1" cellpadding="4"> |
125: <tr class="punhead"> | 129: <tr class="punhead"> |
126: <td class="punhead" colspan="2"><?php echo $lang_misc['Send e-mail'] ?></td> | 130: <td class="punhead" colspan="2"><?php echo $lang_misc['Send e-mail'] ?></td> |
punbb-1.1/upload/post.php |
punbb-1.1.2/upload/post.php |
116: require $pun_root.'lang/'.$language.'/'.$language.'_prof_reg.php'; | 116: require $pun_root.'lang/'.$language.'/'.$language.'_prof_reg.php'; |
117: require $pun_root.'lang/'.$language.'/'.$language.'_register.php'; | 117: require $pun_root.'lang/'.$language.'/'.$language.'_register.php'; |
118: | 118: |
119: // It's a guest, so we have to check the username | 119: // It's a guest, so we have to validate the username |
120: if (strlen($username) < 2) | 120: if (strlen($username) < 2) |
121: message($lang_prof_reg['Username too short']); | 121: message($lang_prof_reg['Username too short']); |
122: else if (!strcasecmp($username, 'Guest') || !strcasecmp($username, $lang_common['Guest'])) | 122: else if (!strcasecmp($username, 'Guest') || !strcasecmp($username, $lang_common['Guest'])) |
123: message($lang_prof_reg['Username guest']); | 123: message($lang_prof_reg['Username guest']); |
124: else if (preg_match('/[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/', $username)) | 124: else if (preg_match('/[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/', $username)) |
125: message($lang_prof_reg['Username IP']); | 125: message($lang_prof_reg['Username IP']); |
126: else if (preg_match('#\[b\]|\[/b\]|\[u\]|\[/u\]|\[i\]|\[/i\]|\[color|\[/color\]|\[quote\]|\[/quote\]|\[code\]|\[/code\]|\[img\]|\[/img\]|\[url|\[/url\]|\[email|\[/email\]#i', $username)) | 126: else if ((strpos($username, '[') !== false || strpos($username, ']') !== false) && strpos($username, '\'') !== false && strpos($username, '"') !== false) |
| 127: message($lang_prof_reg['Username reserved chars']); |
| 128: else if (preg_match('#\[b\]|\[/b\]|\[u\]|\[/u\]|\[i\]|\[/i\]|\[color|\[/color\]|\[quote\]|\[quote=|\[/quote\]|\[code\]|\[/code\]|\[img\]|\[/img\]|\[url|\[/url\]|\[email|\[/email\]#i', $username)) |
127: message($lang_prof_reg['Username BBCode']); | 129: message($lang_prof_reg['Username BBCode']); |
128: | 130: |
129: // Check username for any censored words | 131: // Check username for any censored words |
364: if (strpos($q_poster, '[') !== false || strpos($q_poster, ']') !== false) | 366: if (strpos($q_poster, '[') !== false || strpos($q_poster, ']') !== false) |
365: { | 367: { |
366: if (strpos($q_poster, '\'') !== false) | 368: if (strpos($q_poster, '\'') !== false) |
367: $q_poster = '"'.$q_poster.'"'; | 369: $q_poster = '"'.$q_poster.'"'; |
368: else | 370: else |
369: $q_poster = '\''.$q_poster.'\''; | 371: $q_poster = '\''.$q_poster.'\''; |
370: } | 372: } |
| 373: else |
| 374: { |
| 375: // Get the characters at the start and end of $q_poster |
| 376: $ends = substr($q_poster, 0, 1).substr($q_poster, -1, 1); |
| 377: |
| 378: // Deal with quoting "Username" or 'Username' (becomes '"Username"' or "'Username'") |
| 379: if ($ends == '\'\'') |
| 380: $q_poster = '"'.$q_poster.'"'; |
| 381: else if ($ends == '""') |
| 382: $q_poster = '\''.$q_poster.'\''; |
| 383: } |
371: | 384: |
372: $quote = '[quote='.$q_poster.']'.$q_message.'[/quote]'."\n"; | 385: $quote = '[quote='.$q_poster.']'.$q_message.'[/quote]'."\n"; |
373: } | 386: } |
374: else | 387: else |
375: $quote = '> '.$q_poster.' '.$lang_post['wrote'].':'."\n\n".'> '.$q_message."\n"; | 388: $quote = '> '.$q_poster.' '.$lang_common['wrote'].':'."\n\n".'> '.$q_message."\n"; |
376: } | 389: } |
377: | 390: |
378: // We have to fetch the forum name in order to display Title / Forum / Topic | 391: // We have to fetch the forum name in order to display Title / Forum / Topic |
525: ?> | 538: ?> |
526: <tr> | 539: <tr> |
527: <td class="puncon1" style="width: 140px; vertical-align: top"><?php echo pun_htmlspecialchars($cur_post['poster']) ?></td> | 540: <td class="puncon1" style="width: 140px; vertical-align: top"><?php echo pun_htmlspecialchars($cur_post['poster']) ?></td> |
528: <td class="puncon2"><?php echo $cur_post['message'] ?></td> | 541: <td class="puncon2"><span class="puntext"><?php echo $cur_post['message'] ?></span></td> |
529: </tr> | 542: </tr> |
530: <?php | 543: <?php |
531: | 544: |
punbb-1.1/upload/profile.php |
punbb-1.1.2/upload/profile.php |
49: { | 49: { |
50: // If the user is already logged in we shouldn't be here :) | 50: // If the user is already logged in we shouldn't be here :) |
51: if (!$cookie['is_guest']) | 51: if (!$cookie['is_guest']) |
| 52: { |
52: header('Location: index.php'); | 53: header('Location: index.php'); |
| 54: exit; |
| 55: } |
53: | 56: |
54: $key = $_GET['key']; | 57: $key = $_GET['key']; |
55: | 58: |
940: { | 943: { |
941: $username_field = '<input type="hidden" name="old_username" value="'.pun_htmlspecialchars($user['username']).'"><input type="text" name="username" value="'.pun_htmlspecialchars($user['username']).'" size="25" maxlength="25">'; | 944: $username_field = '<input type="hidden" name="old_username" value="'.pun_htmlspecialchars($user['username']).'"><input type="text" name="username" value="'.pun_htmlspecialchars($user['username']).'" size="25" maxlength="25">'; |
942: $email_field = '<input type="text" name="req_email" value="'.$user['email'].'" size="40" maxlength="50"> - <a href="misc.php?email='.$id.'">'.$lang_common['Send e-mail'].'</a>'; | 945: $email_field = '<input type="text" name="req_email" value="'.$user['email'].'" size="40" maxlength="50"> - <a href="misc.php?email='.$id.'">'.$lang_common['Send e-mail'].'</a>'; |
943: $user_title_field = '<input type="text" name="title" value="'.$user['title'].'" size="30" maxlength="50"> '.$lang_prof_reg['Leave blank']; | 946: $user_title_field = '<input type="text" name="title" value="'.$user['title'].'" size="30" maxlength="50"> '.$lang_profile['Leave blank']; |
944: | 947: |
945: if ($cur_user['status'] == PUN_ADMIN && $img_size) | 948: if ($cur_user['status'] == PUN_ADMIN && $img_size) |
946: $avatar_field .= '<br> <a href="profile.php?action=delete_avatar&id='.$id.'">'.$lang_profile['Delete avatar'].'</a>'; | 949: $avatar_field .= '<br> <a href="profile.php?action=delete_avatar&id='.$id.'">'.$lang_profile['Delete avatar'].'</a>'; |
955: $email_field = '<input type="text" name="req_email" value="'.$user['email'].'" size="40" maxlength="50">'; | 958: $email_field = '<input type="text" name="req_email" value="'.$user['email'].'" size="40" maxlength="50">'; |
956: | 959: |
957: if ($pun_config['p_users_set_title'] == '1') | 960: if ($pun_config['p_users_set_title'] == '1') |
958: $user_title_field = '<input type="text" name="title" value="'.$user['title'].'" size="30" maxlength="50"> '.$lang_prof_reg['Leave blank']; | 961: $user_title_field = '<input type="text" name="title" value="'.$user['title'].'" size="30" maxlength="50"> '.$lang_profile['Leave blank']; |
959: else | 962: else |
960: { | 963: { |
961: $user_title_field = get_title($user); | 964: $user_title_field = get_title($user); |
1125: <select name="form[style]"> | 1128: <select name="form[style]"> |
1126: <?php | 1129: <?php |
1127: | 1130: |
1128: $d = dir('style'); | 1131: $d = dir($pun_root.'style'); |
1129: while (($entry = $d->read()) !== false) | 1132: while (($entry = $d->read()) !== false) |
1130: { | 1133: { |
1131: if (substr($entry, strlen($entry)-4) == '.css') | 1134: if (substr($entry, strlen($entry)-4) == '.css') |
punbb-1.1/upload/search.php |
punbb-1.1.2/upload/search.php |
189: { | 189: { |
190: $word = trim($word); | 190: $word = trim($word); |
191: if ($word != 'and' || $word != 'or' || $word != 'not') | 191: if ($word != 'and' || $word != 'or' || $word != 'not') |
192: $text = preg_replace('#\b'.preg_quote($word).'\b#', ' ', $text); | 192: $keywords = preg_replace('#\b'.preg_quote($word).'\b#', ' ', $keywords); |
193: } | 193: } |
194: } | 194: } |
195: | 195: |
196: // Split up keywords | 196: // Split up keywords |
197: $keywords_array = preg_split('#[\s]+#', substr($keywords, 1, -1)); | 197: $keywords_array = preg_split('#[\s]+#', trim($keywords)); |
198: | 198: |
199: // Should we search in message body or topic subject specifically? | 199: // Should we search in message body or topic subject specifically? |
200: if ($search_in) | 200: $search_in_cond = ($search_in) ? (($search_in > 0) ? ' AND m.subject_match = 0' : ' AND m.subject_match = 1') : ''; |
201: $search_in_cond = ($search_in > 0) ? ' AND m.subject_match = 0' : ' AND m.subject_match = 1'; | |
202: } | 201: } |
203: | 202: |
204: $match_type = 'or'; | 203: $match_type = 'or'; |
693: echo "\t\t\t\t\t".'<option value="-1">'.$lang_search['All forums'].'</option>'."\n"; | 692: echo "\t\t\t\t\t".'<option value="-1">'.$lang_search['All forums'].'</option>'."\n"; |
694: | 693: |
695: | 694: |
696: if ($cur_user['status'] < PUN_USER) | 695: $extra_sql = ($cur_user['status'] < PUN_MOD) ? ' WHERE f.admmod_only=\'0\'' : ''; |
697: $extra = ' WHERE f.admmod_only=\'0\''; | |
698: | 696: |
699: $result = $db->query('SELECT c.id AS cid, c.cat_name, f.id AS fid, f.forum_name FROM '.$db->prefix.'categories AS c INNER JOIN '.$db->prefix.'forums AS f ON c.id=f.cat_id'.$extra.' ORDER BY c.disp_position, c.id, f.disp_position') or error('Unable to fetch category/forum list', __FILE__, __LINE__, $db->error()); | 697: $result = $db->query('SELECT c.id AS cid, c.cat_name, f.id AS fid, f.forum_name FROM '.$db->prefix.'categories AS c INNER JOIN '.$db->prefix.'forums AS f ON c.id=f.cat_id'.$extra.' ORDER BY c.disp_position, c.id, f.disp_position') or error('Unable to fetch category/forum list', __FILE__, __LINE__, $db->error()); |
700: $num_forums = $db->num_rows($result); | 698: $num_forums = $db->num_rows($result); |
punbb-1.1/upload/viewtopic.php |
punbb-1.1.2/upload/viewtopic.php |
81: header('Location: viewtopic.php?pid='.$first_new_post_id.'#'.$first_new_post_id); | 81: header('Location: viewtopic.php?pid='.$first_new_post_id.'#'.$first_new_post_id); |
82: else // If there is no new post, we go to the last post | 82: else // If there is no new post, we go to the last post |
83: header('Location: viewtopic.php?id='.$id.'&action=last'); | 83: header('Location: viewtopic.php?id='.$id.'&action=last'); |
| 84: |
| 85: exit; |
84: } | 86: } |
85: | 87: |
86: | 88: |
91: $last_post_id = $db->result($result, 0); | 93: $last_post_id = $db->result($result, 0); |
92: | 94: |
93: if ($last_post_id) | 95: if ($last_post_id) |
| 96: { |
94: header('Location: viewtopic.php?pid='.$last_post_id.'#'.$last_post_id); | 97: header('Location: viewtopic.php?pid='.$last_post_id.'#'.$last_post_id); |
| 98: exit; |
| 99: } |
95: } | 100: } |
96: | 101: |
97: | 102: |
257: | 262: |
258: $info .= $lang_common['Registered'].': '.$registered.'<br>'; | 263: $info .= $lang_common['Registered'].': '.$registered.'<br>'; |
259: | 264: |
260: if ($pun_config['o_show_post_count'] == '1') | |
261: $info .= "\n\t\t\t\t\t\t\t".$lang_common['Posts'].': '.$cur_post['num_posts']; | |
262: | |
263: if ($cur_user['status'] > PUN_USER) | 265: if ($cur_user['status'] > PUN_USER) |
264: { | 266: { |
265: $info .= '<br>'."\n\t\t\t\t\t\t\t".'IP: <a href="moderate.php?get_host='.$cur_post['id'].'">'.$cur_post['poster_ip'].'</a>'; | 267: $info .= "\n\t\t\t\t\t\t\t".$lang_common['Posts'].': '.$cur_post['num_posts'].'<br>'."\n\t\t\t\t\t\t\t".'IP: <a href="moderate.php?get_host='.$cur_post['id'].'">'.$cur_post['poster_ip'].'</a>'; |
266: | 268: |
267: if ($cur_post['admin_note'] != '') | 269: if ($cur_post['admin_note'] != '') |
268: $info .= '<br><br>'."\n\t\t\t\t\t\t\t".$lang_topic['Note'].': <b>'.$cur_post['admin_note'].'</b>'; | 270: $info .= '<br><br>'."\n\t\t\t\t\t\t\t".$lang_topic['Note'].': <b>'.$cur_post['admin_note'].'</b>'; |
269: } | 271: } |
| 272: else if ($pun_config['o_show_post_count'] == '1') |
| 273: $info .= "\n\t\t\t\t\t\t\t".$lang_common['Posts'].': '.$cur_post['num_posts']; |
270: | 274: |
271: // Generate an array of links that appear at the bottom of every message. | 275: // Generate an array of links that appear at the bottom of every message. |
272: $links = array(); | 276: $links = array(); |