punbb-1.2.7/upload/include/common.php |
punbb-1.2.11/upload/include/common.php |
32: if (!defined('PUN_ROOT')) | 32: if (!defined('PUN_ROOT')) |
33: exit('The constant PUN_ROOT must be defined and point to a valid PunBB installation root directory.'); | 33: exit('The constant PUN_ROOT must be defined and point to a valid PunBB installation root directory.'); |
34: | 34: |
| 35: |
| 36: // Load the functions script |
| 37: require PUN_ROOT.'include/functions.php'; |
| 38: |
| 39: // Reverse the effect of register_globals |
| 40: if (@ini_get('register_globals')) |
| 41: unregister_globals(); |
| 42: |
| 43: |
35: @include PUN_ROOT.'config.php'; | 44: @include PUN_ROOT.'config.php'; |
36: | 45: |
37: // If PUN isn't defined, config.php is missing or corrupt | 46: // If PUN isn't defined, config.php is missing or corrupt |
76: define('PUN_GUEST', 3); | 85: define('PUN_GUEST', 3); |
77: define('PUN_MEMBER', 4); | 86: define('PUN_MEMBER', 4); |
78: | 87: |
79: | |
80: // Load the functions script | |
81: require PUN_ROOT.'include/functions.php'; | |
82: | 88: |
83: // Load DB abstraction layer and connect | 89: // Load DB abstraction layer and connect |
84: require PUN_ROOT.'include/dblayer/common_db.php'; | 90: require PUN_ROOT.'include/dblayer/common_db.php'; |
punbb-1.2.7/upload/include/email.php |
punbb-1.2.11/upload/include/email.php |
75: $subject = trim(preg_replace('#[\n\r]+#s', '', $subject)); | 75: $subject = trim(preg_replace('#[\n\r]+#s', '', $subject)); |
76: $from = trim(preg_replace('#[\n\r:]+#s', '', $from)); | 76: $from = trim(preg_replace('#[\n\r:]+#s', '', $from)); |
77: | 77: |
78: // Detect what linebreak we should use for the headers | 78: $headers = 'From: '.$from."\r\n".'Date: '.date('r')."\r\n".'MIME-Version: 1.0'."\r\n".'Content-transfer-encoding: 8bit'."\r\n".'Content-type: text/plain; charset='.$lang_common['lang_encoding']."\r\n".'X-Mailer: PunBB Mailer'; |
79: if (strtoupper(substr(PHP_OS, 0, 3) == 'WIN')) | |
80: $eol = "\r\n"; | |
81: else if (strtoupper(substr(PHP_OS, 0, 3) == 'MAC')) | |
82: $eol = "\r"; | |
83: else | |
84: $eol = "\n"; | |
85: | |
86: $headers = 'From: '.$from.$eol.'Date: '.date('r').$eol.'MIME-Version: 1.0'.$eol.'Content-transfer-encoding: 8bit'.$eol.'Content-type: text/plain; charset='.$lang_common['lang_encoding'].$eol.'X-Mailer: PunBB Mailer'; | |
87: | 79: |
88: // Make sure all linebreaks are CRLF in message | 80: // Make sure all linebreaks are CRLF in message |
89: $message = str_replace("\n", "\r\n", pun_linebreaks($message)); | 81: $message = str_replace("\n", "\r\n", pun_linebreaks($message)); |
91: if ($pun_config['o_smtp_host'] != '') | 83: if ($pun_config['o_smtp_host'] != '') |
92: smtp_mail($to, $subject, $message, $headers); | 84: smtp_mail($to, $subject, $message, $headers); |
93: else | 85: else |
| 86: { |
| 87: // Change the linebreaks used in the headers according to OS |
| 88: if (strtoupper(substr(PHP_OS, 0, 3)) == 'MAC') |
| 89: $headers = str_replace("\r\n", "\r", $headers); |
| 90: else if (strtoupper(substr(PHP_OS, 0, 3)) != 'WIN') |
| 91: $headers = str_replace("\r\n", "\n", $headers); |
| 92: |
94: mail($to, $subject, $message, $headers); | 93: mail($to, $subject, $message, $headers); |
| 94: } |
95: } | 95: } |
96: | 96: |
97: | 97: |
punbb-1.2.7/upload/include/functions.php |
punbb-1.2.11/upload/include/functions.php |
209: $now = time(); | 209: $now = time(); |
210: | 210: |
211: // Fetch all online list entries that are older than "o_timeout_online" | 211: // Fetch all online list entries that are older than "o_timeout_online" |
212: $result = $db->query('SELECT * FROM '.$db->prefix.'online WHERE logged<'.($now-$pun_config['o_timeout_online'])) or error('Unable to delete from online list', __FILE__, __LINE__, $db->error()); | 212: $result = $db->query('SELECT * FROM '.$db->prefix.'online WHERE logged<'.($now-$pun_config['o_timeout_online'])) or error('Unable to fetch old entries from online list', __FILE__, __LINE__, $db->error()); |
213: while ($cur_user = $db->fetch_assoc($result)) | 213: while ($cur_user = $db->fetch_assoc($result)) |
214: { | 214: { |
215: // If the entry is a guest, delete it | 215: // If the entry is a guest, delete it |
681: // | 681: // |
682: function get_remote_address() | 682: function get_remote_address() |
683: { | 683: { |
684: $remote_address = $_SERVER['REMOTE_ADDR']; | 684: return $_SERVER['REMOTE_ADDR']; |
685: | |
686: // If HTTP_X_FORWARDED_FOR is set, we try to grab the first non-LAN IP | |
687: if (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) | |
688: { | |
689: if (preg_match_all('/[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/', $_SERVER['HTTP_X_FORWARDED_FOR'], $address_list)) | |
690: { | |
691: $lan_ips = array('/^0\./', '/^127\.0\.0\.1/', '/^192\.168\..*/', '/^172\.((1[6-9])|(2[0-9])|(3[0-1]))\..*/', '/^10\..*/', '/^224\..*/', '/^240\..*/'); | |
692: $address_list = preg_replace($lan_ips, null, $address_list[0]); | |
693: | |
694: while (list(, $cur_address) = each($address_list)) | |
695: { | |
696: if ($cur_address) | |
697: { | |
698: $remote_address = $cur_address; | |
699: break; | |
700: } | |
701: } | |
702: } | |
703: } | |
704: | |
705: return $remote_address; | |
706: } | 685: } |
707: | 686: |
708: | 687: |
1046: </div> | 1025: </div> |
1047: <?php | 1026: <?php |
1048: | 1027: |
| 1028: } |
| 1029: |
| 1030: |
| 1031: // |
| 1032: // Unset any variables instantiated as a result of register_globals being enabled |
| 1033: // |
| 1034: function unregister_globals() |
| 1035: { |
| 1036: // Prevent script.php?GLOBALS[foo]=bar |
| 1037: if (isset($_REQUEST['GLOBALS']) || isset($_FILES['GLOBALS'])) |
| 1038: exit('I\'ll have a steak sandwich and... a steak sandwich.'); |
| 1039: |
| 1040: // Variables that shouldn't be unset |
| 1041: $no_unset = array('GLOBALS', '_GET', '_POST', '_COOKIE', '_REQUEST', '_SERVER', '_ENV', '_FILES'); |
| 1042: |
| 1043: // Remove elements in $GLOBALS that are present in any of the superglobals |
| 1044: $input = array_merge($_GET, $_POST, $_COOKIE, $_SERVER, $_ENV, $_FILES, isset($_SESSION) && is_array($_SESSION) ? $_SESSION : array()); |
| 1045: foreach ($input as $k => $v) |
| 1046: { |
| 1047: if (!in_array($k, $no_unset) && isset($GLOBALS[$k])) |
| 1048: unset($GLOBALS[$k]); |
| 1049: } |
1049: } | 1050: } |
1050: | 1051: |
1051: | 1052: |
punbb-1.2.7/upload/profile.php |
punbb-1.2.11/upload/profile.php |
201: } | 201: } |
202: else if (isset($_POST['form_sent'])) | 202: else if (isset($_POST['form_sent'])) |
203: { | 203: { |
| 204: if (pun_hash($_POST['req_password']) !== $pun_user['password']) |
| 205: message($lang_profile['Wrong pass']); |
| 206: |
204: require PUN_ROOT.'include/email.php'; | 207: require PUN_ROOT.'include/email.php'; |
205: | 208: |
206: // Validate the email-address | 209: // Validate the email-address |
264: } | 267: } |
265: | 268: |
266: $page_title = pun_htmlspecialchars($pun_config['o_board_title']).' / '.$lang_common['Profile']; | 269: $page_title = pun_htmlspecialchars($pun_config['o_board_title']).' / '.$lang_common['Profile']; |
267: $required_fields = array('req_new_email' => $lang_profile['New e-mail']); | 270: $required_fields = array('req_new_email' => $lang_profile['New e-mail'], 'req_password' => $lang_common['Password']); |
268: $focus_element = array('change_email', 'req_new_email'); | 271: $focus_element = array('change_email', 'req_new_email'); |
269: require PUN_ROOT.'header.php'; | 272: require PUN_ROOT.'header.php'; |
270: | 273: |
279: <div class="infldset"> | 282: <div class="infldset"> |
280: <input type="hidden" name="form_sent" value="1" /> | 283: <input type="hidden" name="form_sent" value="1" /> |
281: <label><strong><?php echo $lang_profile['New e-mail'] ?></strong><br /><input type="text" name="req_new_email" size="50" maxlength="50" /><br /></label> | 284: <label><strong><?php echo $lang_profile['New e-mail'] ?></strong><br /><input type="text" name="req_new_email" size="50" maxlength="50" /><br /></label> |
| 285: <label><strong><?php echo $lang_common['Password'] ?></strong><br /><input type="password" name="req_password" size="16" maxlength="16" /><br /></label> |
282: <p><?php echo $lang_profile['E-mail instructions'] ?></p> | 286: <p><?php echo $lang_profile['E-mail instructions'] ?></p> |
283: </div> | 287: </div> |
284: </fieldset> | 288: </fieldset> |
362: message($lang_profile['Move failed'].' <a href="mailto:'.$pun_config['o_admin_email'].'">'.$pun_config['o_admin_email'].'</a>.'); | 366: message($lang_profile['Move failed'].' <a href="mailto:'.$pun_config['o_admin_email'].'">'.$pun_config['o_admin_email'].'</a>.'); |
363: | 367: |
364: // Now check the width/height | 368: // Now check the width/height |
365: list($width, $height, ,) = getimagesize($pun_config['o_avatars_dir'].'/'.$id.'.tmp'); | 369: list($width, $height, $type,) = getimagesize($pun_config['o_avatars_dir'].'/'.$id.'.tmp'); |
366: if (empty($width) || empty($height) || $width > $pun_config['o_avatars_width'] || $height > $pun_config['o_avatars_height']) | 370: if (empty($width) || empty($height) || $width > $pun_config['o_avatars_width'] || $height > $pun_config['o_avatars_height']) |
367: { | 371: { |
368: @unlink($pun_config['o_avatars_dir'].'/'.$id.'.tmp'); | 372: @unlink($pun_config['o_avatars_dir'].'/'.$id.'.tmp'); |
369: message($lang_profile['Too wide or high'].' '.$pun_config['o_avatars_width'].'x'.$pun_config['o_avatars_height'].' '.$lang_profile['pixels'].'.'); | 373: message($lang_profile['Too wide or high'].' '.$pun_config['o_avatars_width'].'x'.$pun_config['o_avatars_height'].' '.$lang_profile['pixels'].'.'); |
370: } | 374: } |
| 375: else if ($type == 1 && $uploaded_file['type'] != 'image/gif') // Prevent dodgy uploads |
| 376: { |
| 377: @unlink($pun_config['o_avatars_dir'].'/'.$id.'.tmp'); |
| 378: message($lang_profile['Bad type']); |
| 379: } |
371: | 380: |
372: // Delete any old avatars and put the new one in place | 381: // Delete any old avatars and put the new one in place |
373: @unlink($pun_config['o_avatars_dir'].'/'.$id.$extensions[0]); | 382: @unlink($pun_config['o_avatars_dir'].'/'.$id.$extensions[0]); |
708: $form['email'] = strtolower(trim($_POST['req_email'])); | 717: $form['email'] = strtolower(trim($_POST['req_email'])); |
709: if (!is_valid_email($form['email'])) | 718: if (!is_valid_email($form['email'])) |
710: message($lang_common['Invalid e-mail']); | 719: message($lang_common['Invalid e-mail']); |
| 720: } |
| 721: |
| 722: // Make sure we got a valid language string |
| 723: if (isset($form['language'])) |
| 724: { |
| 725: $form['language'] = preg_replace('#[\.\\\/]#', '', $form['language']); |
| 726: if (!file_exists(PUN_ROOT.'lang/'.$form['language'].'/common.php')) |
| 727: message($lang_common['Bad request']); |
711: } | 728: } |
712: | 729: |
713: break; | 730: break; |
punbb-1.2.7/upload/register.php |
punbb-1.2.11/upload/register.php |
79: | 79: |
80: else if (isset($_POST['form_sent'])) | 80: else if (isset($_POST['form_sent'])) |
81: { | 81: { |
| 82: // Check that someone from this IP didn't register a user within the last hour (DoS prevention) |
| 83: $result = $db->query('SELECT 1 FROM '.$db->prefix.'users WHERE registration_ip=\''.get_remote_address().'\' AND registered>'.(time() - 3600)) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error()); |
| 84: |
| 85: if ($db->num_rows($result)) |
| 86: message('A new user was registered with the same IP address as you within the last hour. To prevent registration flooding, at least an hour has to pass between registrations from the same IP. Sorry for the inconvenience.'); |
| 87: |
| 88: |
82: $username = pun_trim($_POST['req_username']); | 89: $username = pun_trim($_POST['req_username']); |
83: $email1 = strtolower(trim($_POST['req_email1'])); | 90: $email1 = strtolower(trim($_POST['req_email1'])); |
84: | 91: |
punbb-1.2.7/upload/search.php |
punbb-1.2.11/upload/search.php |
51: $action = (isset($_GET['action'])) ? $_GET['action'] : null; | 51: $action = (isset($_GET['action'])) ? $_GET['action'] : null; |
52: $forum = (isset($_GET['forum'])) ? intval($_GET['forum']) : -1; | 52: $forum = (isset($_GET['forum'])) ? intval($_GET['forum']) : -1; |
53: $sort_dir = (isset($_GET['sort_dir'])) ? (($_GET['sort_dir'] == 'DESC') ? 'DESC' : 'ASC') : 'DESC'; | 53: $sort_dir = (isset($_GET['sort_dir'])) ? (($_GET['sort_dir'] == 'DESC') ? 'DESC' : 'ASC') : 'DESC'; |
| 54: if (isset($search_id)) unset($search_id); |
54: | 55: |
55: // If a search_id was supplied | 56: // If a search_id was supplied |
56: if (isset($_REQUEST['search_id'])) | 57: if (isset($_GET['search_id'])) |
57: { | 58: { |
58: $search_id = intval($_GET['search_id']); | 59: $search_id = intval($_GET['search_id']); |
59: if ($search_id < 1) | 60: if ($search_id < 1) |
386: | 387: |
387: | 388: |
388: // Prune "old" search results | 389: // Prune "old" search results |
| 390: $old_searches = array(); |
389: $result = $db->query('SELECT ident FROM '.$db->prefix.'online') or error('Unable to fetch online list', __FILE__, __LINE__, $db->error()); | 391: $result = $db->query('SELECT ident FROM '.$db->prefix.'online') or error('Unable to fetch online list', __FILE__, __LINE__, $db->error()); |
390: | 392: |
391: if ($db->num_rows($result)) | 393: if ($db->num_rows($result)) |