punbb-1.2.11/upload/admin_forums.php |
punbb-1.2.17/upload/admin_forums.php |
137: | 137: |
138: while (list($forum_id, $disp_position) = @each($_POST['position'])) | 138: while (list($forum_id, $disp_position) = @each($_POST['position'])) |
139: { | 139: { |
140: if (!preg_match('#^\d+$#', $disp_position)) | 140: if (!@preg_match('#^\d+$#', $disp_position)) |
141: message('Position must be a positive integer value.'); | 141: message('Position must be a positive integer value.'); |
142: | 142: |
143: $db->query('UPDATE '.$db->prefix.'forums SET disp_position='.$disp_position.' WHERE id='.$forum_id) or error('Unable to update forum', __FILE__, __LINE__, $db->error()); | 143: $db->query('UPDATE '.$db->prefix.'forums SET disp_position='.$disp_position.' WHERE id='.intval($forum_id)) or error('Unable to update forum', __FILE__, __LINE__, $db->error()); |
144: } | 144: } |
145: | 145: |
146: // Regenerate the quickjump cache | 146: // Regenerate the quickjump cache |
186: $result = $db->query('SELECT g_id, g_read_board, g_post_replies, g_post_topics FROM '.$db->prefix.'groups WHERE g_id!='.PUN_ADMIN) or error('Unable to fetch user group list', __FILE__, __LINE__, $db->error()); | 186: $result = $db->query('SELECT g_id, g_read_board, g_post_replies, g_post_topics FROM '.$db->prefix.'groups WHERE g_id!='.PUN_ADMIN) or error('Unable to fetch user group list', __FILE__, __LINE__, $db->error()); |
187: while ($cur_group = $db->fetch_assoc($result)) | 187: while ($cur_group = $db->fetch_assoc($result)) |
188: { | 188: { |
189: $read_forum_new = ($cur_group['g_read_board'] == '1') ? isset($_POST['read_forum_new'][$cur_group['g_id']]) ? $_POST['read_forum_new'][$cur_group['g_id']] : '0' : $_POST['read_forum_old'][$cur_group['g_id']]; | 189: $read_forum_new = ($cur_group['g_read_board'] == '1') ? isset($_POST['read_forum_new'][$cur_group['g_id']]) ? '1' : '0' : intval($_POST['read_forum_old'][$cur_group['g_id']]); |
190: $post_replies_new = isset($_POST['post_replies_new'][$cur_group['g_id']]) ? $_POST['post_replies_new'][$cur_group['g_id']] : '0'; | 190: $post_replies_new = isset($_POST['post_replies_new'][$cur_group['g_id']]) ? '1' : '0'; |
191: $post_topics_new = isset($_POST['post_topics_new'][$cur_group['g_id']]) ? $_POST['post_topics_new'][$cur_group['g_id']] : '0'; | 191: $post_topics_new = isset($_POST['post_topics_new'][$cur_group['g_id']]) ? '1' : '0'; |
192: | 192: |
193: // Check if the new settings differ from the old | 193: // Check if the new settings differ from the old |
194: if ($read_forum_new != $_POST['read_forum_old'][$cur_group['g_id']] || $post_replies_new != $_POST['post_replies_old'][$cur_group['g_id']] || $post_topics_new != $_POST['post_topics_old'][$cur_group['g_id']]) | 194: if ($read_forum_new != $_POST['read_forum_old'][$cur_group['g_id']] || $post_replies_new != $_POST['post_replies_old'][$cur_group['g_id']] || $post_topics_new != $_POST['post_topics_old'][$cur_group['g_id']]) |
385: <?php | 385: <?php |
386: | 386: |
387: $result = $db->query('SELECT id, cat_name FROM '.$db->prefix.'categories ORDER BY disp_position') or error('Unable to fetch category list', __FILE__, __LINE__, $db->error()); | 387: $result = $db->query('SELECT id, cat_name FROM '.$db->prefix.'categories ORDER BY disp_position') or error('Unable to fetch category list', __FILE__, __LINE__, $db->error()); |
388: while ($cur_cat = $db->fetch_assoc($result)) | 388: if ($db->num_rows($result) > 0) |
389: echo "\t\t\t\t\t\t\t\t\t".'<option value="'.$cur_cat['id'].'">'.pun_htmlspecialchars($cur_cat['cat_name']).'</option>'."\n"; | 389: { |
| 390: while ($cur_cat = $db->fetch_assoc($result)) |
| 391: echo "\t\t\t\t\t\t\t\t\t".'<option value="'.$cur_cat['id'].'">'.pun_htmlspecialchars($cur_cat['cat_name']).'</option>'."\n"; |
| 392: } |
| 393: else |
| 394: echo "\t\t\t\t\t\t\t\t\t".'<option value="0" disabled="disabled">No categories exist</option>'."\n"; |
390: | 395: |
391: ?> | 396: ?> |
392: </select> | 397: </select> |
399: </div> | 404: </div> |
400: </form> | 405: </form> |
401: </div> | 406: </div> |
| 407: <?php |
| 408: |
| 409: // Display all the categories and forums |
| 410: $result = $db->query('SELECT c.id AS cid, c.cat_name, f.id AS fid, f.forum_name, f.disp_position FROM '.$db->prefix.'categories AS c INNER JOIN '.$db->prefix.'forums AS f ON c.id=f.cat_id ORDER BY c.disp_position, c.id, f.disp_position') or error('Unable to fetch category/forum list', __FILE__, __LINE__, $db->error()); |
| 411: |
| 412: if ($db->num_rows($result) > 0) |
| 413: { |
402: | 414: |
| 415: ?> |
403: <h2 class="block2"><span>Edit forums</span></h2> | 416: <h2 class="block2"><span>Edit forums</span></h2> |
404: <div class="box"> | 417: <div class="box"> |
405: <form id="edforum" method="post" action="admin_forums.php?action=edit"> | 418: <form id="edforum" method="post" action="admin_forums.php?action=edit"> |
408: | 421: |
409: $tabindex_count = 4; | 422: $tabindex_count = 4; |
410: | 423: |
411: // Display all the categories and forums | |
412: $result = $db->query('SELECT c.id AS cid, c.cat_name, f.id AS fid, f.forum_name, f.disp_position FROM '.$db->prefix.'categories AS c INNER JOIN '.$db->prefix.'forums AS f ON c.id=f.cat_id ORDER BY c.disp_position, c.id, f.disp_position') or error('Unable to fetch category/forum list', __FILE__, __LINE__, $db->error()); | |
413: | |
414: $cur_category = 0; | 424: $cur_category = 0; |
415: while ($cur_forum = $db->fetch_assoc($result)) | 425: while ($cur_forum = $db->fetch_assoc($result)) |
416: { | 426: { |
449: <p class="submitend"><input type="submit" name="update_positions" value="Update positions" tabindex="<?php echo $tabindex_count ?>" /></p> | 459: <p class="submitend"><input type="submit" name="update_positions" value="Update positions" tabindex="<?php echo $tabindex_count ?>" /></p> |
450: </form> | 460: </form> |
451: </div> | 461: </div> |
| 462: <?php |
| 463: |
| 464: } |
| 465: |
| 466: ?> |
452: </div> | 467: </div> |
453: <div class="clearer"></div> | 468: <div class="clearer"></div> |
454: </div> | 469: </div> |
punbb-1.2.11/upload/include/functions.php |
punbb-1.2.17/upload/include/functions.php |
27: // | 27: // |
28: function check_cookie(&$pun_user) | 28: function check_cookie(&$pun_user) |
29: { | 29: { |
30: global $db, $pun_config, $cookie_name, $cookie_seed; | 30: global $db, $db_type, $pun_config, $cookie_name, $cookie_seed; |
31: | 31: |
32: $now = time(); | 32: $now = time(); |
33: $expire = $now + 31536000; // The cookie expires after a year | 33: $expire = $now + 31536000; // The cookie expires after a year |
48: // If user authorisation failed | 48: // If user authorisation failed |
49: if (!isset($pun_user['id']) || md5($cookie_seed.$pun_user['password']) !== $cookie['password_hash']) | 49: if (!isset($pun_user['id']) || md5($cookie_seed.$pun_user['password']) !== $cookie['password_hash']) |
50: { | 50: { |
51: pun_setcookie(0, random_pass(8), $expire); | 51: pun_setcookie(1, md5(uniqid(rand(), true)), $expire); |
52: set_default_user(); | 52: set_default_user(); |
53: | 53: |
54: return; | 54: return; |
75: { | 75: { |
76: // Update the online list | 76: // Update the online list |
77: if (!$pun_user['logged']) | 77: if (!$pun_user['logged']) |
78: $db->query('INSERT INTO '.$db->prefix.'online (user_id, ident, logged) VALUES('.$pun_user['id'].', \''.$db->escape($pun_user['username']).'\', '.$now.')') or error('Unable to insert into online list', __FILE__, __LINE__, $db->error()); | 78: { |
| 79: $pun_user['logged'] = $now; |
| 80: |
| 81: // With MySQL/MySQLi, REPLACE INTO avoids a user having two rows in the online table |
| 82: switch ($db_type) |
| 83: { |
| 84: case 'mysql': |
| 85: case 'mysqli': |
| 86: $db->query('REPLACE INTO '.$db->prefix.'online (user_id, ident, logged) VALUES('.$pun_user['id'].', \''.$db->escape($pun_user['username']).'\', '.$pun_user['logged'].')') or error('Unable to insert into online list', __FILE__, __LINE__, $db->error()); |
| 87: break; |
| 88: |
| 89: default: |
| 90: $db->query('INSERT INTO '.$db->prefix.'online (user_id, ident, logged) VALUES('.$pun_user['id'].', \''.$db->escape($pun_user['username']).'\', '.$pun_user['logged'].')') or error('Unable to insert into online list', __FILE__, __LINE__, $db->error()); |
| 91: break; |
| 92: } |
| 93: } |
79: else | 94: else |
80: { | 95: { |
81: // Special case: We've timed out, but no other user has browsed the forums since we timed out | 96: // Special case: We've timed out, but no other user has browsed the forums since we timed out |
102: // | 117: // |
103: function set_default_user() | 118: function set_default_user() |
104: { | 119: { |
105: global $db, $pun_user, $pun_config; | 120: global $db, $db_type, $pun_user, $pun_config; |
106: | 121: |
107: $remote_addr = get_remote_address(); | 122: $remote_addr = get_remote_address(); |
108: | 123: |
115: | 130: |
116: // Update online list | 131: // Update online list |
117: if (!$pun_user['logged']) | 132: if (!$pun_user['logged']) |
118: $db->query('INSERT INTO '.$db->prefix.'online (user_id, ident, logged) VALUES(1, \''.$db->escape($remote_addr).'\', '.time().')') or error('Unable to insert into online list', __FILE__, __LINE__, $db->error()); | 133: { |
| 134: $pun_user['logged'] = time(); |
| 135: |
| 136: // With MySQL/MySQLi, REPLACE INTO avoids a user having two rows in the online table |
| 137: switch ($db_type) |
| 138: { |
| 139: case 'mysql': |
| 140: case 'mysqli': |
| 141: $db->query('REPLACE INTO '.$db->prefix.'online (user_id, ident, logged) VALUES(1, \''.$db->escape($remote_addr).'\', '.$pun_user['logged'].')') or error('Unable to insert into online list', __FILE__, __LINE__, $db->error()); |
| 142: break; |
| 143: |
| 144: default: |
| 145: $db->query('INSERT INTO '.$db->prefix.'online (user_id, ident, logged) VALUES(1, \''.$db->escape($remote_addr).'\', '.$pun_user['logged'].')') or error('Unable to insert into online list', __FILE__, __LINE__, $db->error()); |
| 146: break; |
| 147: } |
| 148: } |
119: else | 149: else |
120: $db->query('UPDATE '.$db->prefix.'online SET logged='.time().' WHERE ident=\''.$db->escape($remote_addr).'\'') or error('Unable to update online list', __FILE__, __LINE__, $db->error()); | 150: $db->query('UPDATE '.$db->prefix.'online SET logged='.time().' WHERE ident=\''.$db->escape($remote_addr).'\'') or error('Unable to update online list', __FILE__, __LINE__, $db->error()); |
121: | 151: |
138: // Enable sending of a P3P header by removing // from the following line (try this if login is failing in IE6) | 168: // Enable sending of a P3P header by removing // from the following line (try this if login is failing in IE6) |
139: // @header('P3P: CP="CUR ADM"'); | 169: // @header('P3P: CP="CUR ADM"'); |
140: | 170: |
141: setcookie($cookie_name, serialize(array($user_id, md5($cookie_seed.$password_hash))), $expire, $cookie_path, $cookie_domain, $cookie_secure); | 171: if (version_compare(PHP_VERSION, '5.2.0', '>=')) |
| 172: setcookie($cookie_name, serialize(array($user_id, md5($cookie_seed.$password_hash))), $expire, $cookie_path, $cookie_domain, $cookie_secure, true); |
| 173: else |
| 174: setcookie($cookie_name, serialize(array($user_id, md5($cookie_seed.$password_hash))), $expire, $cookie_path.'; HttpOnly', $cookie_domain, $cookie_secure); |
142: } | 175: } |
143: | 176: |
144: | 177: |
262: $links[] = '<li id="navsearch"><a href="search.php">'.$lang_common['Search'].'</a>'; | 295: $links[] = '<li id="navsearch"><a href="search.php">'.$lang_common['Search'].'</a>'; |
263: | 296: |
264: $links[] = '<li id="navprofile"><a href="profile.php?id='.$pun_user['id'].'">'.$lang_common['Profile'].'</a>'; | 297: $links[] = '<li id="navprofile"><a href="profile.php?id='.$pun_user['id'].'">'.$lang_common['Profile'].'</a>'; |
265: $links[] = '<li id="navlogout"><a href="login.php?action=out&id='.$pun_user['id'].'">'.$lang_common['Logout'].'</a>'; | 298: $links[] = '<li id="navlogout"><a href="login.php?action=out&id='.$pun_user['id'].'&csrf_token='.sha1($pun_user['id'].sha1(get_remote_address())).'">'.$lang_common['Logout'].'</a>'; |
266: } | 299: } |
267: else | 300: else |
268: { | 301: { |
269: $links[] = '<li id="navsearch"><a href="search.php">'.$lang_common['Search'].'</a>'; | 302: $links[] = '<li id="navsearch"><a href="search.php">'.$lang_common['Search'].'</a>'; |
270: $links[] = '<li id="navprofile"><a href="profile.php?id='.$pun_user['id'].'">'.$lang_common['Profile'].'</a>'; | 303: $links[] = '<li id="navprofile"><a href="profile.php?id='.$pun_user['id'].'">'.$lang_common['Profile'].'</a>'; |
271: $links[] = '<li id="navadmin"><a href="admin_index.php">'.$lang_common['Admin'].'</a>'; | 304: $links[] = '<li id="navadmin"><a href="admin_index.php">'.$lang_common['Admin'].'</a>'; |
272: $links[] = '<li id="navlogout"><a href="login.php?action=out&id='.$pun_user['id'].'">'.$lang_common['Logout'].'</a>'; | 305: $links[] = '<li id="navlogout"><a href="login.php?action=out&id='.$pun_user['id'].'&csrf_token='.sha1($pun_user['id'].sha1(get_remote_address())).'">'.$lang_common['Logout'].'</a>'; |
273: } | 306: } |
274: } | 307: } |
275: | 308: |
319: | 352: |
320: | 353: |
321: // | 354: // |
322: // Update posts, topics, last_post, last_post_id and last_poster for a forum (redirect topics are not included) | 355: // Update posts, topics, last_post, last_post_id and last_poster for a forum |
323: // | 356: // |
324: function update_forum($forum_id) | 357: function update_forum($forum_id) |
325: { | 358: { |
326: global $db; | 359: global $db; |
327: | 360: |
328: $result = $db->query('SELECT COUNT(id), SUM(num_replies) FROM '.$db->prefix.'topics WHERE moved_to IS NULL AND forum_id='.$forum_id) or error('Unable to fetch forum topic count', __FILE__, __LINE__, $db->error()); | 361: $result = $db->query('SELECT COUNT(id), SUM(num_replies) FROM '.$db->prefix.'topics WHERE forum_id='.$forum_id) or error('Unable to fetch forum topic count', __FILE__, __LINE__, $db->error()); |
329: list($num_topics, $num_posts) = $db->fetch_row($result); | 362: list($num_topics, $num_posts) = $db->fetch_row($result); |
330: | 363: |
331: $num_posts = $num_posts + $num_topics; // $num_posts is only the sum of all replies (we have to add the topic posts) | 364: $num_posts = $num_posts + $num_topics; // $num_posts is only the sum of all replies (we have to add the topic posts) |
338: $db->query('UPDATE '.$db->prefix.'forums SET num_topics='.$num_topics.', num_posts='.$num_posts.', last_post='.$last_post.', last_post_id='.$last_post_id.', last_poster=\''.$db->escape($last_poster).'\' WHERE id='.$forum_id) or error('Unable to update last_post/last_post_id/last_poster', __FILE__, __LINE__, $db->error()); | 371: $db->query('UPDATE '.$db->prefix.'forums SET num_topics='.$num_topics.', num_posts='.$num_posts.', last_post='.$last_post.', last_post_id='.$last_post_id.', last_poster=\''.$db->escape($last_poster).'\' WHERE id='.$forum_id) or error('Unable to update last_post/last_post_id/last_poster', __FILE__, __LINE__, $db->error()); |
339: } | 372: } |
340: else // There are no topics | 373: else // There are no topics |
341: $db->query('UPDATE '.$db->prefix.'forums SET num_topics=0, num_posts=0, last_post=NULL, last_post_id=NULL, last_poster=NULL WHERE id='.$forum_id) or error('Unable to update last_post/last_post_id/last_poster', __FILE__, __LINE__, $db->error()); | 374: $db->query('UPDATE '.$db->prefix.'forums SET num_topics='.$num_topics.', num_posts='.$num_posts.', last_post=NULL, last_post_id=NULL, last_poster=NULL WHERE id='.$forum_id) or error('Unable to update last_post/last_post_id/last_poster', __FILE__, __LINE__, $db->error()); |
342: } | 375: } |
343: | 376: |
344: | 377: |
749: $tpl_maint = trim(file_get_contents(PUN_ROOT.'include/template/maintenance.tpl')); | 782: $tpl_maint = trim(file_get_contents(PUN_ROOT.'include/template/maintenance.tpl')); |
750: | 783: |
751: | 784: |
| 785: // START SUBST - <pun_include "*"> |
| 786: while (preg_match('#<pun_include "([^/\\\\]*?)\.(php[45]?|inc|html?|txt)">#', $tpl_maint, $cur_include)) |
| 787: { |
| 788: if (!file_exists(PUN_ROOT.'include/user/'.$cur_include[1].'.'.$cur_include[2])) |
| 789: error('Unable to process user include '.htmlspecialchars($cur_include[0]).' from template maintenance.tpl. There is no such file in folder /include/user/'); |
| 790: |
| 791: ob_start(); |
| 792: include PUN_ROOT.'include/user/'.$cur_include[1].'.'.$cur_include[2]; |
| 793: $tpl_temp = ob_get_contents(); |
| 794: $tpl_maint = str_replace($cur_include[0], $tpl_temp, $tpl_maint); |
| 795: ob_end_clean(); |
| 796: } |
| 797: // END SUBST - <pun_include "*"> |
| 798: |
| 799: |
752: // START SUBST - <pun_content_direction> | 800: // START SUBST - <pun_content_direction> |
753: $tpl_maint = str_replace('<pun_content_direction>', $lang_common['lang_direction'], $tpl_maint); | 801: $tpl_maint = str_replace('<pun_content_direction>', $lang_common['lang_direction'], $tpl_maint); |
754: // END SUBST - <pun_content_direction> | 802: // END SUBST - <pun_content_direction> |
787: $db->end_transaction(); | 835: $db->end_transaction(); |
788: | 836: |
789: | 837: |
790: // START SUBST - <pun_include "*"> | |
791: while (preg_match('#<pun_include "([^/\\\\]*?)">#', $tpl_maint, $cur_include)) | |
792: { | |
793: if (!file_exists(PUN_ROOT.'include/user/'.$cur_include[1])) | |
794: error('Unable to process user include <pun_include "'.htmlspecialchars($cur_include[1]).'"> from template maintenance.tpl. There is no such file in folder /include/user/'); | |
795: | |
796: ob_start(); | |
797: include PUN_ROOT.'include/user/'.$cur_include[1]; | |
798: $tpl_temp = ob_get_contents(); | |
799: $tpl_maint = str_replace($cur_include[0], $tpl_temp, $tpl_maint); | |
800: ob_end_clean(); | |
801: } | |
802: // END SUBST - <pun_include "*"> | |
803: | |
804: | |
805: // Close the db connection (and free up any result data) | 838: // Close the db connection (and free up any result data) |
806: $db->close(); | 839: $db->close(); |
807: | 840: |
816: { | 849: { |
817: global $db, $pun_config, $lang_common, $pun_user; | 850: global $db, $pun_config, $lang_common, $pun_user; |
818: | 851: |
819: if ($destination_url == '') | 852: // Prefix with o_base_url (unless there's already a valid URI) |
820: $destination_url = 'index.php'; | 853: if (strpos($destination_url, 'http://') !== 0 && strpos($destination_url, 'https://') !== 0 && strpos($destination_url, '/') !== 0) |
| 854: $destination_url = $pun_config['o_base_url'].'/'.$destination_url; |
| 855: |
| 856: // Do a little spring cleaning |
| 857: $destination_url = preg_replace('/([\r\n])|(%0[ad])|(;[\s]*data[\s]*:)/i', '', $destination_url); |
821: | 858: |
822: // If the delay is 0 seconds, we might as well skip the redirect all together | 859: // If the delay is 0 seconds, we might as well skip the redirect all together |
823: if ($pun_config['o_redirect_delay'] == '0') | 860: if ($pun_config['o_redirect_delay'] == '0') |
828: $tpl_redir = trim(file_get_contents(PUN_ROOT.'include/template/redirect.tpl')); | 865: $tpl_redir = trim(file_get_contents(PUN_ROOT.'include/template/redirect.tpl')); |
829: | 866: |
830: | 867: |
| 868: // START SUBST - <pun_include "*"> |
| 869: while (preg_match('#<pun_include "([^/\\\\]*?)\.(php[45]?|inc|html?|txt)">#', $tpl_redir, $cur_include)) |
| 870: { |
| 871: if (!file_exists(PUN_ROOT.'include/user/'.$cur_include[1].'.'.$cur_include[2])) |
| 872: error('Unable to process user include '.htmlspecialchars($cur_include[0]).' from template redirect.tpl. There is no such file in folder /include/user/'); |
| 873: |
| 874: ob_start(); |
| 875: include PUN_ROOT.'include/user/'.$cur_include[1].'.'.$cur_include[2]; |
| 876: $tpl_temp = ob_get_contents(); |
| 877: $tpl_redir = str_replace($cur_include[0], $tpl_temp, $tpl_redir); |
| 878: ob_end_clean(); |
| 879: } |
| 880: // END SUBST - <pun_include "*"> |
| 881: |
| 882: |
831: // START SUBST - <pun_content_direction> | 883: // START SUBST - <pun_content_direction> |
832: $tpl_redir = str_replace('<pun_content_direction>', $lang_common['lang_direction'], $tpl_redir); | 884: $tpl_redir = str_replace('<pun_content_direction>', $lang_common['lang_direction'], $tpl_redir); |
833: // END SUBST - <pun_content_direction> | 885: // END SUBST - <pun_content_direction> |
880: // END SUBST - <pun_footer> | 932: // END SUBST - <pun_footer> |
881: | 933: |
882: | 934: |
883: // START SUBST - <pun_include "*"> | |
884: while (preg_match('#<pun_include "([^/\\\\]*?)">#', $tpl_redir, $cur_include)) | |
885: { | |
886: if (!file_exists(PUN_ROOT.'include/user/'.$cur_include[1])) | |
887: error('Unable to process user include <pun_include "'.htmlspecialchars($cur_include[1]).'"> from template redirect.tpl. There is no such file in folder /include/user/'); | |
888: | |
889: ob_start(); | |
890: include PUN_ROOT.'include/user/'.$cur_include[1]; | |
891: $tpl_temp = ob_get_contents(); | |
892: $tpl_redir = str_replace($cur_include[0], $tpl_temp, $tpl_redir); | |
893: ob_end_clean(); | |
894: } | |
895: // END SUBST - <pun_include "*"> | |
896: | |
897: | |
898: // Close the db connection (and free up any result data) | 935: // Close the db connection (and free up any result data) |
899: $db->close(); | 936: $db->close(); |
900: | 937: |
922: | 959: |
923: ?> | 960: ?> |
924: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> | 961: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> |
925: <html dir="ltr"> | 962: <html xmlns="http://www.w3.org/1999/xhtml" dir="ltr"> |
926: <head> | 963: <head> |
927: <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> | 964: <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> |
928: <title><?php echo pun_htmlspecialchars($pun_config['o_board_title']) ?> / Error</title> | 965: <title><?php echo pun_htmlspecialchars($pun_config['o_board_title']) ?> / Error</title> |
1031: // | 1068: // |
1032: // Unset any variables instantiated as a result of register_globals being enabled | 1069: // Unset any variables instantiated as a result of register_globals being enabled |
1033: // | 1070: // |
1034: function unregister_globals() | 1071: function unregister_globals() |
1035: { | 1072: { |
1036: // Prevent script.php?GLOBALS[foo]=bar | 1073: $register_globals = @ini_get('register_globals'); |
1037: if (isset($_REQUEST['GLOBALS']) || isset($_FILES['GLOBALS'])) | 1074: if ($register_globals === "" || $register_globals === "0" || strtolower($register_globals) === "off") |
1038: exit('I\'ll have a steak sandwich and... a steak sandwich.'); | 1075: return; |
1039: | 1076: |
1040: // Variables that shouldn't be unset | 1077: // Prevent script.php?GLOBALS[foo]=bar |
1041: $no_unset = array('GLOBALS', '_GET', '_POST', '_COOKIE', '_REQUEST', '_SERVER', '_ENV', '_FILES'); | 1078: if (isset($_REQUEST['GLOBALS']) || isset($_FILES['GLOBALS'])) |
| 1079: exit('I\'ll have a steak sandwich and... a steak sandwich.'); |
| 1080: |
| 1081: // Variables that shouldn't be unset |
| 1082: $no_unset = array('GLOBALS', '_GET', '_POST', '_COOKIE', '_REQUEST', '_SERVER', '_ENV', '_FILES'); |
1042: | 1083: |
1043: // Remove elements in $GLOBALS that are present in any of the superglobals | 1084: // Remove elements in $GLOBALS that are present in any of the superglobals |
1044: $input = array_merge($_GET, $_POST, $_COOKIE, $_SERVER, $_ENV, $_FILES, isset($_SESSION) && is_array($_SESSION) ? $_SESSION : array()); | 1085: $input = array_merge($_GET, $_POST, $_COOKIE, $_SERVER, $_ENV, $_FILES, isset($_SESSION) && is_array($_SESSION) ? $_SESSION : array()); |
1045: foreach ($input as $k => $v) | 1086: foreach ($input as $k => $v) |
1046: { | 1087: { |
1047: if (!in_array($k, $no_unset) && isset($GLOBALS[$k])) | 1088: if (!in_array($k, $no_unset) && isset($GLOBALS[$k])) |
1048: unset($GLOBALS[$k]); | 1089: { |
1049: } | 1090: unset($GLOBALS[$k]); |
| 1091: unset($GLOBALS[$k]); // Double unset to circumvent the zend_hash_del_key_or_index hole in PHP <4.4.3 and <5.1.4 |
| 1092: } |
| 1093: } |
1050: } | 1094: } |
1051: | 1095: |
1052: | 1096: |
punbb-1.2.11/upload/install.php |
punbb-1.2.17/upload/install.php |
24: | 24: |
25: | 25: |
26: // The PunBB version this script installs | 26: // The PunBB version this script installs |
27: $punbb_version = '1.2.11'; | 27: $punbb_version = '1.2.17'; |
28: | 28: |
29: | 29: |
30: define('PUN_ROOT', './'); | 30: define('PUN_ROOT', './'); |
757: poster_id INT(10) UNSIGNED NOT NULL DEFAULT 1, | 757: poster_id INT(10) UNSIGNED NOT NULL DEFAULT 1, |
758: poster_ip VARCHAR(15), | 758: poster_ip VARCHAR(15), |
759: poster_email VARCHAR(50), | 759: poster_email VARCHAR(50), |
760: message TEXT NOT NULL DEFAULT '', | 760: message TEXT, |
761: hide_smilies TINYINT(1) NOT NULL DEFAULT 0, | 761: hide_smilies TINYINT(1) NOT NULL DEFAULT 0, |
762: posted INT(10) UNSIGNED NOT NULL DEFAULT 0, | 762: posted INT(10) UNSIGNED NOT NULL DEFAULT 0, |
763: edited INT(10) UNSIGNED, | 763: edited INT(10) UNSIGNED, |
774: poster_id INT NOT NULL DEFAULT 1, | 774: poster_id INT NOT NULL DEFAULT 1, |
775: poster_ip VARCHAR(15), | 775: poster_ip VARCHAR(15), |
776: poster_email VARCHAR(50), | 776: poster_email VARCHAR(50), |
777: message TEXT NOT NULL DEFAULT '', | 777: message TEXT, |
778: hide_smilies SMALLINT NOT NULL DEFAULT 0, | 778: hide_smilies SMALLINT NOT NULL DEFAULT 0, |
779: posted INT NOT NULL DEFAULT 0, | 779: posted INT NOT NULL DEFAULT 0, |
780: edited INT, | 780: edited INT, |
791: poster_id INTEGER NOT NULL DEFAULT 1, | 791: poster_id INTEGER NOT NULL DEFAULT 1, |
792: poster_ip VARCHAR(15), | 792: poster_ip VARCHAR(15), |
793: poster_email VARCHAR(50), | 793: poster_email VARCHAR(50), |
794: message TEXT NOT NULL DEFAULT '', | 794: message TEXT, |
795: hide_smilies INTEGER NOT NULL DEFAULT 0, | 795: hide_smilies INTEGER NOT NULL DEFAULT 0, |
796: posted INTEGER NOT NULL DEFAULT 0, | 796: posted INTEGER NOT NULL DEFAULT 0, |
797: edited INTEGER, | 797: edited INTEGER, |
852: forum_id INT(10) UNSIGNED NOT NULL DEFAULT 0, | 852: forum_id INT(10) UNSIGNED NOT NULL DEFAULT 0, |
853: reported_by INT(10) UNSIGNED NOT NULL DEFAULT 0, | 853: reported_by INT(10) UNSIGNED NOT NULL DEFAULT 0, |
854: created INT(10) UNSIGNED NOT NULL DEFAULT 0, | 854: created INT(10) UNSIGNED NOT NULL DEFAULT 0, |
855: message TEXT NOT NULL DEFAULT '', | 855: message TEXT, |
856: zapped INT(10) UNSIGNED, | 856: zapped INT(10) UNSIGNED, |
857: zapped_by INT(10) UNSIGNED, | 857: zapped_by INT(10) UNSIGNED, |
858: PRIMARY KEY (id) | 858: PRIMARY KEY (id) |
867: forum_id INT NOT NULL DEFAULT 0, | 867: forum_id INT NOT NULL DEFAULT 0, |
868: reported_by INT NOT NULL DEFAULT 0, | 868: reported_by INT NOT NULL DEFAULT 0, |
869: created INT NOT NULL DEFAULT 0, | 869: created INT NOT NULL DEFAULT 0, |
870: message TEXT NOT NULL DEFAULT '', | 870: message TEXT, |
871: zapped INT, | 871: zapped INT, |
872: zapped_by INT, | 872: zapped_by INT, |
873: PRIMARY KEY (id) | 873: PRIMARY KEY (id) |
882: forum_id INTEGER NOT NULL DEFAULT 0, | 882: forum_id INTEGER NOT NULL DEFAULT 0, |
883: reported_by INTEGER NOT NULL DEFAULT 0, | 883: reported_by INTEGER NOT NULL DEFAULT 0, |
884: created INTEGER NOT NULL DEFAULT 0, | 884: created INTEGER NOT NULL DEFAULT 0, |
885: message TEXT NOT NULL DEFAULT '', | 885: message TEXT, |
886: zapped INTEGER, | 886: zapped INTEGER, |
887: zapped_by INTEGER, | 887: zapped_by INTEGER, |
888: PRIMARY KEY (id) | 888: PRIMARY KEY (id) |
901: $sql = 'CREATE TABLE '.$db_prefix."search_cache ( | 901: $sql = 'CREATE TABLE '.$db_prefix."search_cache ( |
902: id INT(10) UNSIGNED NOT NULL DEFAULT 0, | 902: id INT(10) UNSIGNED NOT NULL DEFAULT 0, |
903: ident VARCHAR(200) NOT NULL DEFAULT '', | 903: ident VARCHAR(200) NOT NULL DEFAULT '', |
904: search_data TEXT NOT NULL DEFAULT '', | 904: search_data TEXT, |
905: PRIMARY KEY (id) | 905: PRIMARY KEY (id) |
906: ) TYPE=MyISAM;"; | 906: ) TYPE=MyISAM;"; |
907: break; | 907: break; |
910: $sql = 'CREATE TABLE '.$db_prefix."search_cache ( | 910: $sql = 'CREATE TABLE '.$db_prefix."search_cache ( |
911: id INT NOT NULL DEFAULT 0, | 911: id INT NOT NULL DEFAULT 0, |
912: ident VARCHAR(200) NOT NULL DEFAULT '', | 912: ident VARCHAR(200) NOT NULL DEFAULT '', |
913: search_data TEXT NOT NULL DEFAULT '', | 913: search_data TEXT, |
914: PRIMARY KEY (id) | 914: PRIMARY KEY (id) |
915: )"; | 915: )"; |
916: break; | 916: break; |
919: $sql = 'CREATE TABLE '.$db_prefix."search_cache ( | 919: $sql = 'CREATE TABLE '.$db_prefix."search_cache ( |
920: id INTEGER NOT NULL DEFAULT 0, | 920: id INTEGER NOT NULL DEFAULT 0, |
921: ident VARCHAR(200) NOT NULL DEFAULT '', | 921: ident VARCHAR(200) NOT NULL DEFAULT '', |
922: search_data TEXT NOT NULL DEFAULT '', | 922: search_data TEXT, |
923: PRIMARY KEY (id) | 923: PRIMARY KEY (id) |
924: )"; | 924: )"; |
925: break; | 925: break; |
1234: case 'mysql': | 1234: case 'mysql': |
1235: case 'mysqli': | 1235: case 'mysqli': |
1236: // We use MySQL's ALTER TABLE ... ADD INDEX syntax instead of CREATE INDEX to avoid problems with users lacking the INDEX privilege | 1236: // We use MySQL's ALTER TABLE ... ADD INDEX syntax instead of CREATE INDEX to avoid problems with users lacking the INDEX privilege |
| 1237: $queries[] = 'ALTER TABLE '.$db_prefix.'online ADD UNIQUE INDEX '.$db_prefix.'online_user_id_ident_idx(user_id,ident)'; |
1237: $queries[] = 'ALTER TABLE '.$db_prefix.'online ADD INDEX '.$db_prefix.'online_user_id_idx(user_id)'; | 1238: $queries[] = 'ALTER TABLE '.$db_prefix.'online ADD INDEX '.$db_prefix.'online_user_id_idx(user_id)'; |
1238: $queries[] = 'ALTER TABLE '.$db_prefix.'posts ADD INDEX '.$db_prefix.'posts_topic_id_idx(topic_id)'; | 1239: $queries[] = 'ALTER TABLE '.$db_prefix.'posts ADD INDEX '.$db_prefix.'posts_topic_id_idx(topic_id)'; |
1239: $queries[] = 'ALTER TABLE '.$db_prefix.'posts ADD INDEX '.$db_prefix.'posts_multi_idx(poster_id, topic_id)'; | 1240: $queries[] = 'ALTER TABLE '.$db_prefix.'posts ADD INDEX '.$db_prefix.'posts_multi_idx(poster_id, topic_id)'; |
1400: | 1401: |
1401: | 1402: |
1402: /// Display config.php and give further instructions | 1403: /// Display config.php and give further instructions |
1403: $config = '<?php'."\n\n".'$db_type = \''.$db_type."';\n".'$db_host = \''.$db_host."';\n".'$db_name = \''.$db_name."';\n".'$db_username = \''.$db_username."';\n".'$db_password = \''.$db_password."';\n".'$db_prefix = \''.$db_prefix."';\n".'$p_connect = false;'."\n\n".'$cookie_name = '."'punbb_cookie';\n".'$cookie_domain = '."'';\n".'$cookie_path = '."'/';\n".'$cookie_secure = 0;'."\n".'$cookie_seed = \''.substr(md5(time()), -8)."';\n\ndefine('PUN', 1);"; | 1404: $config = '<?php'."\n\n".'$db_type = \''.$db_type."';\n".'$db_host = \''.$db_host."';\n".'$db_name = \''.$db_name."';\n".'$db_username = \''.$db_username."';\n".'$db_password = \''.$db_password."';\n".'$db_prefix = \''.$db_prefix."';\n".'$p_connect = false;'."\n\n".'$cookie_name = '."'punbb_cookie';\n".'$cookie_domain = '."'';\n".'$cookie_path = '."'/';\n".'$cookie_secure = 0;'."\n".'$cookie_seed = \''.substr(sha1(uniqid(rand(), true)), 0, 16)."';\n\ndefine('PUN', 1);"; |
1404: | 1405: |
1405: | 1406: |
1406: ?> | 1407: ?> |
punbb-1.2.11/upload/moderate.php |
punbb-1.2.17/upload/moderate.php |
35: message($lang_common['No permission']); | 35: message($lang_common['No permission']); |
36: | 36: |
37: // Is get_host an IP address or a post ID? | 37: // Is get_host an IP address or a post ID? |
38: if (preg_match('/[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/', $_GET['get_host'])) | 38: if (@preg_match('/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$/', $_GET['get_host'])) |
39: $ip = $_GET['get_host']; | 39: $ip = $_GET['get_host']; |
40: else | 40: else |
41: { | 41: { |
98: { | 98: { |
99: confirm_referrer('moderate.php'); | 99: confirm_referrer('moderate.php'); |
100: | 100: |
101: if (preg_match('/[^0-9,]/', $posts)) | 101: if (@preg_match('/[^0-9,]/', $posts)) |
| 102: message($lang_common['Bad request']); |
| 103: |
| 104: // Verify that the post IDs are valid |
| 105: $result = $db->query('SELECT 1 FROM '.$db->prefix.'posts WHERE id IN('.$posts.') AND topic_id='.$tid) or error('Unable to check posts', __FILE__, __LINE__, $db->error()); |
| 106: |
| 107: if ($db->num_rows($result) != substr_count($posts, ',') + 1) |
102: message($lang_common['Bad request']); | 108: message($lang_common['Bad request']); |
103: | 109: |
104: // Delete the posts | 110: // Delete the posts |
281: { | 287: { |
282: confirm_referrer('moderate.php'); | 288: confirm_referrer('moderate.php'); |
283: | 289: |
284: if (preg_match('/[^0-9,]/', $_POST['topics'])) | 290: if (@preg_match('/[^0-9,]/', $_POST['topics'])) |
285: message($lang_common['Bad request']); | 291: message($lang_common['Bad request']); |
286: | 292: |
287: $topics = explode(',', $_POST['topics']); | 293: $topics = explode(',', $_POST['topics']); |
289: if (empty($topics) || $move_to_forum < 1) | 295: if (empty($topics) || $move_to_forum < 1) |
290: message($lang_common['Bad request']); | 296: message($lang_common['Bad request']); |
291: | 297: |
| 298: // Verify that the topic IDs are valid |
| 299: $result = $db->query('SELECT 1 FROM '.$db->prefix.'topics WHERE id IN('.implode(',',$topics).') AND forum_id='.$fid) or error('Unable to check topics', __FILE__, __LINE__, $db->error()); |
| 300: |
| 301: if ($db->num_rows($result) != count($topics)) |
| 302: message($lang_common['Bad request']); |
| 303: |
292: // Delete any redirect topics if there are any (only if we moved/copied the topic back to where it where it was once moved from) | 304: // Delete any redirect topics if there are any (only if we moved/copied the topic back to where it where it was once moved from) |
293: $db->query('DELETE FROM '.$db->prefix.'topics WHERE forum_id='.$move_to_forum.' AND moved_to IN('.implode(',',$topics).')') or error('Unable to delete redirect topics', __FILE__, __LINE__, $db->error()); | 305: $db->query('DELETE FROM '.$db->prefix.'topics WHERE forum_id='.$move_to_forum.' AND moved_to IN('.implode(',',$topics).')') or error('Unable to delete redirect topics', __FILE__, __LINE__, $db->error()); |
294: | 306: |
400: { | 412: { |
401: confirm_referrer('moderate.php'); | 413: confirm_referrer('moderate.php'); |
402: | 414: |
403: if (preg_match('/[^0-9,]/', $topics)) | 415: if (@preg_match('/[^0-9,]/', $topics)) |
404: message($lang_common['Bad request']); | 416: message($lang_common['Bad request']); |
405: | 417: |
406: require PUN_ROOT.'include/search_idx.php'; | 418: require PUN_ROOT.'include/search_idx.php'; |
407: | 419: |
| 420: // Verify that the topic IDs are valid |
| 421: $result = $db->query('SELECT 1 FROM '.$db->prefix.'topics WHERE id IN('.$topics.') AND forum_id='.$fid) or error('Unable to check topics', __FILE__, __LINE__, $db->error()); |
| 422: |
| 423: if ($db->num_rows($result) != substr_count($topics, ',') + 1) |
| 424: message($lang_common['Bad request']); |
| 425: |
408: // Delete the topics and any redirect topics | 426: // Delete the topics and any redirect topics |
409: $db->query('DELETE FROM '.$db->prefix.'topics WHERE id IN('.$topics.') OR moved_to IN('.$topics.')') or error('Unable to delete topic', __FILE__, __LINE__, $db->error()); | 427: $db->query('DELETE FROM '.$db->prefix.'topics WHERE id IN('.$topics.') OR moved_to IN('.$topics.')') or error('Unable to delete topic', __FILE__, __LINE__, $db->error()); |
410: | 428: |
472: if (empty($topics)) | 490: if (empty($topics)) |
473: message($lang_misc['No topics selected']); | 491: message($lang_misc['No topics selected']); |
474: | 492: |
475: $db->query('UPDATE '.$db->prefix.'topics SET closed='.$action.' WHERE id IN('.implode(',', $topics).')') or error('Unable to close topics', __FILE__, __LINE__, $db->error()); | 493: $db->query('UPDATE '.$db->prefix.'topics SET closed='.$action.' WHERE id IN('.implode(',', $topics).') AND forum_id='.$fid) or error('Unable to close topics', __FILE__, __LINE__, $db->error()); |
476: | 494: |
477: $redirect_msg = ($action) ? $lang_misc['Close topics redirect'] : $lang_misc['Open topics redirect']; | 495: $redirect_msg = ($action) ? $lang_misc['Close topics redirect'] : $lang_misc['Open topics redirect']; |
478: redirect('moderate.php?fid='.$fid, $redirect_msg); | 496: redirect('moderate.php?fid='.$fid, $redirect_msg); |
486: if ($topic_id < 1) | 504: if ($topic_id < 1) |
487: message($lang_common['Bad request']); | 505: message($lang_common['Bad request']); |
488: | 506: |
489: $db->query('UPDATE '.$db->prefix.'topics SET closed='.$action.' WHERE id='.$topic_id) or error('Unable to close topic', __FILE__, __LINE__, $db->error()); | 507: $db->query('UPDATE '.$db->prefix.'topics SET closed='.$action.' WHERE id='.$topic_id.' AND forum_id='.$fid) or error('Unable to close topic', __FILE__, __LINE__, $db->error()); |
490: | 508: |
491: $redirect_msg = ($action) ? $lang_misc['Close topic redirect'] : $lang_misc['Open topic redirect']; | 509: $redirect_msg = ($action) ? $lang_misc['Close topic redirect'] : $lang_misc['Open topic redirect']; |
492: redirect('viewtopic.php?id='.$topic_id, $redirect_msg); | 510: redirect('viewtopic.php?id='.$topic_id, $redirect_msg); |
503: if ($stick < 1) | 521: if ($stick < 1) |
504: message($lang_common['Bad request']); | 522: message($lang_common['Bad request']); |
505: | 523: |
506: $db->query('UPDATE '.$db->prefix.'topics SET sticky=\'1\' WHERE id='.$stick) or error('Unable to stick topic', __FILE__, __LINE__, $db->error()); | 524: $db->query('UPDATE '.$db->prefix.'topics SET sticky=\'1\' WHERE id='.$stick.' AND forum_id='.$fid) or error('Unable to stick topic', __FILE__, __LINE__, $db->error()); |
507: | 525: |
508: redirect('viewtopic.php?id='.$stick, $lang_misc['Stick topic redirect']); | 526: redirect('viewtopic.php?id='.$stick, $lang_misc['Stick topic redirect']); |
509: } | 527: } |
518: if ($unstick < 1) | 536: if ($unstick < 1) |
519: message($lang_common['Bad request']); | 537: message($lang_common['Bad request']); |
520: | 538: |
521: $db->query('UPDATE '.$db->prefix.'topics SET sticky=\'0\' WHERE id='.$unstick) or error('Unable to unstick topic', __FILE__, __LINE__, $db->error()); | 539: $db->query('UPDATE '.$db->prefix.'topics SET sticky=\'0\' WHERE id='.$unstick.' AND forum_id='.$fid) or error('Unable to unstick topic', __FILE__, __LINE__, $db->error()); |
522: | 540: |
523: redirect('viewtopic.php?id='.$unstick, $lang_misc['Unstick topic redirect']); | 541: redirect('viewtopic.php?id='.$unstick, $lang_misc['Unstick topic redirect']); |
524: } | 542: } |
punbb-1.2.11/upload/search.php |
punbb-1.2.17/upload/search.php |
122: $keyword_results = $author_results = array(); | 122: $keyword_results = $author_results = array(); |
123: | 123: |
124: // Search a specific forum? | 124: // Search a specific forum? |
125: $forum_sql = ($forum != -1) ? ' AND t.forum_id = '.$forum : ''; | 125: $forum_sql = ($forum != -1 || ($forum == -1 && $pun_config['o_search_all_forums'] == '0' && $pun_user['g_id'] >= PUN_GUEST)) ? ' AND t.forum_id = '.$forum : ''; |
126: | 126: |
127: if (!empty($author) || !empty($keywords)) | 127: if (!empty($author) || !empty($keywords)) |
128: { | 128: { |
160: { | 160: { |
161: $num_chars = pun_strlen($word); | 161: $num_chars = pun_strlen($word); |
162: | 162: |
163: if ($num_chars < 3 || $num_chars > 20 || in_array($word, $stopwords)) | 163: if ($word !== 'or' && ($num_chars < 3 || $num_chars > 20 || in_array($word, $stopwords))) |
164: unset($keywords_array[$i]); | 164: unset($keywords_array[$i]); |
165: } | 165: } |
166: | 166: |
170: | 170: |
171: $word_count = 0; | 171: $word_count = 0; |
172: $match_type = 'and'; | 172: $match_type = 'and'; |
| 173: $result_list = array(); |
173: @reset($keywords_array); | 174: @reset($keywords_array); |
174: while (list(, $cur_word) = @each($keywords_array)) | 175: while (list(, $cur_word) = @each($keywords_array)) |
175: { | 176: { |
198: } | 199: } |
199: else | 200: else |
200: { | 201: { |
201: $cur_word = str_replace('*', '%', $cur_word); | 202: $cur_word = $db->escape(str_replace('*', '%', $cur_word)); |
202: $sql = 'SELECT m.post_id FROM '.$db->prefix.'search_words AS w INNER JOIN '.$db->prefix.'search_matches AS m ON m.word_id = w.id WHERE w.word LIKE \''.$cur_word.'\''.$search_in_cond; | 203: $sql = 'SELECT m.post_id FROM '.$db->prefix.'search_words AS w INNER JOIN '.$db->prefix.'search_matches AS m ON m.word_id = w.id WHERE w.word LIKE \''.$cur_word.'\''.$search_in_cond; |
203: } | 204: } |
204: | 205: |
325: if ($pun_user['is_guest']) | 326: if ($pun_user['is_guest']) |
326: message($lang_common['No permission']); | 327: message($lang_common['No permission']); |
327: | 328: |
328: $result = $db->query('SELECT t.id FROM '.$db->prefix.'topics AS t INNER JOIN '.$db->prefix.'forums AS f ON f.id=t.forum_id LEFT JOIN '.$db->prefix.'forum_perms AS fp ON (fp.forum_id=f.id AND fp.group_id='.$pun_user['g_id'].') WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND t.last_post>'.$pun_user['last_visit']) or error('Unable to fetch topic list', __FILE__, __LINE__, $db->error()); | 329: $result = $db->query('SELECT t.id FROM '.$db->prefix.'topics AS t INNER JOIN '.$db->prefix.'forums AS f ON f.id=t.forum_id LEFT JOIN '.$db->prefix.'forum_perms AS fp ON (fp.forum_id=f.id AND fp.group_id='.$pun_user['g_id'].') WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND t.last_post>'.$pun_user['last_visit'].' AND t.moved_to IS NULL') or error('Unable to fetch topic list', __FILE__, __LINE__, $db->error()); |
329: $num_hits = $db->num_rows($result); | 330: $num_hits = $db->num_rows($result); |
330: | 331: |
331: if (!$num_hits) | 332: if (!$num_hits) |
334: // If it's a search for todays posts | 335: // If it's a search for todays posts |
335: else if ($action == 'show_24h') | 336: else if ($action == 'show_24h') |
336: { | 337: { |
337: $result = $db->query('SELECT t.id FROM '.$db->prefix.'topics AS t INNER JOIN '.$db->prefix.'forums AS f ON f.id=t.forum_id LEFT JOIN '.$db->prefix.'forum_perms AS fp ON (fp.forum_id=f.id AND fp.group_id='.$pun_user['g_id'].') WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND t.last_post>'.(time() - 86400)) or error('Unable to fetch topic list', __FILE__, __LINE__, $db->error()); | 338: $result = $db->query('SELECT t.id FROM '.$db->prefix.'topics AS t INNER JOIN '.$db->prefix.'forums AS f ON f.id=t.forum_id LEFT JOIN '.$db->prefix.'forum_perms AS fp ON (fp.forum_id=f.id AND fp.group_id='.$pun_user['g_id'].') WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND t.last_post>'.(time() - 86400).' AND t.moved_to IS NULL') or error('Unable to fetch topic list', __FILE__, __LINE__, $db->error()); |
338: $num_hits = $db->num_rows($result); | 339: $num_hits = $db->num_rows($result); |
339: | 340: |
340: if (!$num_hits) | 341: if (!$num_hits) |
429: // Fetch results to display | 430: // Fetch results to display |
430: if ($search_results != '') | 431: if ($search_results != '') |
431: { | 432: { |
432: $group_by_sql = ''; | |
433: switch ($sort_by) | 433: switch ($sort_by) |
434: { | 434: { |
435: case 1: | 435: case 1: |
449: break; | 449: break; |
450: | 450: |
451: default: | 451: default: |
452: { | |
453: $sort_by_sql = ($show_as == 'topics') ? 't.posted' : 'p.posted'; | 452: $sort_by_sql = ($show_as == 'topics') ? 't.posted' : 'p.posted'; |
454: | |
455: if ($show_as == 'topics') | |
456: $group_by_sql = ', t.posted'; | |
457: | |
458: break; | 453: break; |
459: } | |
460: } | 454: } |
461: | 455: |
462: if ($show_as == 'posts') | 456: if ($show_as == 'posts') |
465: $sql = 'SELECT p.id AS pid, p.poster AS pposter, p.posted AS pposted, p.poster_id, '.$substr_sql.'(p.message, 1, 1000) AS message, t.id AS tid, t.poster, t.subject, t.last_post, t.last_post_id, t.last_poster, t.num_replies, t.forum_id FROM '.$db->prefix.'posts AS p INNER JOIN '.$db->prefix.'topics AS t ON t.id=p.topic_id WHERE p.id IN('.$search_results.') ORDER BY '.$sort_by_sql; | 459: $sql = 'SELECT p.id AS pid, p.poster AS pposter, p.posted AS pposted, p.poster_id, '.$substr_sql.'(p.message, 1, 1000) AS message, t.id AS tid, t.poster, t.subject, t.last_post, t.last_post_id, t.last_poster, t.num_replies, t.forum_id FROM '.$db->prefix.'posts AS p INNER JOIN '.$db->prefix.'topics AS t ON t.id=p.topic_id WHERE p.id IN('.$search_results.') ORDER BY '.$sort_by_sql; |
466: } | 460: } |
467: else | 461: else |
468: $sql = 'SELECT t.id AS tid, t.poster, t.subject, t.last_post, t.last_post_id, t.last_poster, t.num_replies, t.closed, t.forum_id FROM '.$db->prefix.'posts AS p INNER JOIN '.$db->prefix.'topics AS t ON t.id=p.topic_id WHERE t.id IN('.$search_results.') GROUP BY t.id, t.poster, t.subject, t.last_post, t.last_post_id, t.last_poster, t.num_replies, t.closed, t.forum_id'.$group_by_sql.' ORDER BY '.$sort_by_sql; | 462: $sql = 'SELECT t.id AS tid, t.poster, t.subject, t.last_post, t.last_post_id, t.last_poster, t.num_replies, t.closed, t.forum_id FROM '.$db->prefix.'topics AS t WHERE t.id IN('.$search_results.') ORDER BY '.$sort_by_sql; |
469: | 463: |
470: | 464: |
471: // Determine the topic or post offset (based on $_GET['p']) | 465: // Determine the topic or post offset (based on $_GET['p']) |