punbb-1.2.9/upload/admin_forums.php |
punbb-1.2.14/upload/admin_forums.php |
140: if (!preg_match('#^\d+$#', $disp_position)) | 140: if (!preg_match('#^\d+$#', $disp_position)) |
141: message('Position must be a positive integer value.'); | 141: message('Position must be a positive integer value.'); |
142: | 142: |
143: $db->query('UPDATE '.$db->prefix.'forums SET disp_position='.$disp_position.' WHERE id='.$forum_id) or error('Unable to update forum', __FILE__, __LINE__, $db->error()); | 143: $db->query('UPDATE '.$db->prefix.'forums SET disp_position='.$disp_position.' WHERE id='.intval($forum_id)) or error('Unable to update forum', __FILE__, __LINE__, $db->error()); |
144: } | 144: } |
145: | 145: |
146: // Regenerate the quickjump cache | 146: // Regenerate the quickjump cache |
186: $result = $db->query('SELECT g_id, g_read_board, g_post_replies, g_post_topics FROM '.$db->prefix.'groups WHERE g_id!='.PUN_ADMIN) or error('Unable to fetch user group list', __FILE__, __LINE__, $db->error()); | 186: $result = $db->query('SELECT g_id, g_read_board, g_post_replies, g_post_topics FROM '.$db->prefix.'groups WHERE g_id!='.PUN_ADMIN) or error('Unable to fetch user group list', __FILE__, __LINE__, $db->error()); |
187: while ($cur_group = $db->fetch_assoc($result)) | 187: while ($cur_group = $db->fetch_assoc($result)) |
188: { | 188: { |
189: $read_forum_new = ($cur_group['g_read_board'] == '1') ? isset($_POST['read_forum_new'][$cur_group['g_id']]) ? $_POST['read_forum_new'][$cur_group['g_id']] : '0' : $_POST['read_forum_old'][$cur_group['g_id']]; | 189: $read_forum_new = ($cur_group['g_read_board'] == '1') ? isset($_POST['read_forum_new'][$cur_group['g_id']]) ? '1' : '0' : intval($_POST['read_forum_old'][$cur_group['g_id']]); |
190: $post_replies_new = isset($_POST['post_replies_new'][$cur_group['g_id']]) ? $_POST['post_replies_new'][$cur_group['g_id']] : '0'; | 190: $post_replies_new = isset($_POST['post_replies_new'][$cur_group['g_id']]) ? '1' : '0'; |
191: $post_topics_new = isset($_POST['post_topics_new'][$cur_group['g_id']]) ? $_POST['post_topics_new'][$cur_group['g_id']] : '0'; | 191: $post_topics_new = isset($_POST['post_topics_new'][$cur_group['g_id']]) ? '1' : '0'; |
192: | 192: |
193: // Check if the new settings differ from the old | 193: // Check if the new settings differ from the old |
194: if ($read_forum_new != $_POST['read_forum_old'][$cur_group['g_id']] || $post_replies_new != $_POST['post_replies_old'][$cur_group['g_id']] || $post_topics_new != $_POST['post_topics_old'][$cur_group['g_id']]) | 194: if ($read_forum_new != $_POST['read_forum_old'][$cur_group['g_id']] || $post_replies_new != $_POST['post_replies_old'][$cur_group['g_id']] || $post_topics_new != $_POST['post_topics_old'][$cur_group['g_id']]) |
punbb-1.2.9/upload/admin_options.php |
punbb-1.2.14/upload/admin_options.php |
46: if ($form['board_title'] == '') | 46: if ($form['board_title'] == '') |
47: message('You must enter a board title.'); | 47: message('You must enter a board title.'); |
48: | 48: |
| 49: // Clean default_lang |
| 50: $form['default_lang'] = preg_replace('#[\.\\\/]#', '', $form['default_lang']); |
| 51: |
49: require PUN_ROOT.'include/email.php'; | 52: require PUN_ROOT.'include/email.php'; |
50: | 53: |
51: $form['admin_email'] = strtolower($form['admin_email']); | 54: $form['admin_email'] = strtolower($form['admin_email']); |
62: // Make sure base_url doesn't end with a slash | 65: // Make sure base_url doesn't end with a slash |
63: if (substr($form['base_url'], -1) == '/') | 66: if (substr($form['base_url'], -1) == '/') |
64: $form['base_url'] = substr($form['base_url'], 0, -1); | 67: $form['base_url'] = substr($form['base_url'], 0, -1); |
| 68: |
| 69: // Clean avatars_dir |
| 70: $form['avatars_dir'] = str_replace("\0", '', $form['avatars_dir']); |
65: | 71: |
66: // Make sure avatars_dir doesn't end with a slash | 72: // Make sure avatars_dir doesn't end with a slash |
67: if (substr($form['avatars_dir'], -1) == '/') | 73: if (substr($form['avatars_dir'], -1) == '/') |
punbb-1.2.9/upload/admin_users.php |
punbb-1.2.14/upload/admin_users.php |
257: $like_command = ($db_type == 'pgsql') ? 'ILIKE' : 'LIKE'; | 257: $like_command = ($db_type == 'pgsql') ? 'ILIKE' : 'LIKE'; |
258: while (list($key, $input) = @each($form)) | 258: while (list($key, $input) = @each($form)) |
259: { | 259: { |
260: if ($input != '') | 260: if ($input != '' && in_array($key, array('username', 'email', 'title', 'realname', 'url', 'jabber', 'icq', 'msn', 'aim', 'yahoo', 'location', 'signature', 'admin_note'))) |
261: $conditions[] = 'u.'.$db->escape($key).' '.$like_command.' \''.$db->escape(str_replace('*', '%', $input)).'\''; | 261: $conditions[] = 'u.'.$db->escape($key).' '.$like_command.' \''.$db->escape(str_replace('*', '%', $input)).'\''; |
262: } | 262: } |
263: | 263: |
267: $conditions[] = 'u.num_posts<'.$posts_less; | 267: $conditions[] = 'u.num_posts<'.$posts_less; |
268: | 268: |
269: if ($user_group != 'all') | 269: if ($user_group != 'all') |
270: $conditions[] = 'u.group_id='.$db->escape($user_group); | 270: $conditions[] = 'u.group_id='.intval($user_group); |
271: | 271: |
272: if (empty($conditions)) | 272: if (empty($conditions)) |
273: message('You didn\'t enter any search terms.'); | 273: message('You didn\'t enter any search terms.'); |
punbb-1.2.9/upload/include/common.php |
punbb-1.2.14/upload/include/common.php |
32: if (!defined('PUN_ROOT')) | 32: if (!defined('PUN_ROOT')) |
33: exit('The constant PUN_ROOT must be defined and point to a valid PunBB installation root directory.'); | 33: exit('The constant PUN_ROOT must be defined and point to a valid PunBB installation root directory.'); |
34: | 34: |
| 35: |
| 36: // Load the functions script |
| 37: require PUN_ROOT.'include/functions.php'; |
| 38: |
| 39: // Reverse the effect of register_globals |
| 40: if (@ini_get('register_globals')) |
| 41: unregister_globals(); |
| 42: |
| 43: |
35: @include PUN_ROOT.'config.php'; | 44: @include PUN_ROOT.'config.php'; |
36: | 45: |
37: // If PUN isn't defined, config.php is missing or corrupt | 46: // If PUN isn't defined, config.php is missing or corrupt |
75: define('PUN_MOD', 2); | 84: define('PUN_MOD', 2); |
76: define('PUN_GUEST', 3); | 85: define('PUN_GUEST', 3); |
77: define('PUN_MEMBER', 4); | 86: define('PUN_MEMBER', 4); |
78: | |
79: | |
80: // Load the functions script | |
81: require PUN_ROOT.'include/functions.php'; | |
82: | |
83: // Reverse the effect of register_globals | |
84: if (@ini_get('register_globals')) | |
85: unregister_globals(); | |
86: | 87: |
87: | 88: |
88: // Load DB abstraction layer and connect | 89: // Load DB abstraction layer and connect |
punbb-1.2.9/upload/include/functions.php |
punbb-1.2.14/upload/include/functions.php |
138: // Enable sending of a P3P header by removing // from the following line (try this if login is failing in IE6) | 138: // Enable sending of a P3P header by removing // from the following line (try this if login is failing in IE6) |
139: // @header('P3P: CP="CUR ADM"'); | 139: // @header('P3P: CP="CUR ADM"'); |
140: | 140: |
141: setcookie($cookie_name, serialize(array($user_id, md5($cookie_seed.$password_hash))), $expire, $cookie_path, $cookie_domain, $cookie_secure); | 141: if (version_compare(PHP_VERSION, '5.2.0', '>=')) |
| 142: setcookie($cookie_name, serialize(array($user_id, md5($cookie_seed.$password_hash))), $expire, $cookie_path, $cookie_domain, $cookie_secure, true); |
| 143: else |
| 144: setcookie($cookie_name, serialize(array($user_id, md5($cookie_seed.$password_hash))), $expire, $cookie_path.'; HttpOnly', $cookie_domain, $cookie_secure); |
142: } | 145: } |
143: | 146: |
144: | 147: |
681: // | 684: // |
682: function get_remote_address() | 685: function get_remote_address() |
683: { | 686: { |
684: $remote_address = $_SERVER['REMOTE_ADDR']; | 687: return $_SERVER['REMOTE_ADDR']; |
685: | |
686: // If HTTP_X_FORWARDED_FOR is set, we try to grab the first non-LAN IP | |
687: if (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) | |
688: { | |
689: if (preg_match_all('/[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/', $_SERVER['HTTP_X_FORWARDED_FOR'], $address_list)) | |
690: { | |
691: $lan_ips = array('/^0\./', '/^127\.0\.0\.1/', '/^192\.168\..*/', '/^172\.((1[6-9])|(2[0-9])|(3[0-1]))\..*/', '/^10\..*/', '/^224\..*/', '/^240\..*/'); | |
692: $address_list = preg_replace($lan_ips, null, $address_list[0]); | |
693: | |
694: while (list(, $cur_address) = each($address_list)) | |
695: { | |
696: if ($cur_address) | |
697: { | |
698: $remote_address = $cur_address; | |
699: break; | |
700: } | |
701: } | |
702: } | |
703: } | |
704: | |
705: return $remote_address; | |
706: } | 688: } |
707: | 689: |
708: | 690: |
1052: // | 1034: // |
1053: // Unset any variables instantiated as a result of register_globals being enabled | 1035: // Unset any variables instantiated as a result of register_globals being enabled |
1054: // | 1036: // |
1055: function unregister_globals() | 1037: function unregister_globals() |
1056: { | 1038: { |
1057: // Prevent script.php?GLOBALS[foo]=bar | 1039: // Prevent script.php?GLOBALS[foo]=bar |
1058: if (isset($_REQUEST['GLOBALS']) || isset($_FILES['GLOBALS'])) | 1040: if (isset($_REQUEST['GLOBALS']) || isset($_FILES['GLOBALS'])) |
1059: exit('I\'ll have a steak sandwich and... a steak sandwich.'); | 1041: exit('I\'ll have a steak sandwich and... a steak sandwich.'); |
1060: | 1042: |
1061: // Variables that shouldn't be unset | 1043: // Variables that shouldn't be unset |
1062: $no_unset = array('GLOBALS', '_GET', '_POST', '_COOKIE', '_REQUEST', '_SERVER', '_ENV', '_FILES'); | 1044: $no_unset = array('GLOBALS', '_GET', '_POST', '_COOKIE', '_REQUEST', '_SERVER', '_ENV', '_FILES'); |
1063: | 1045: |
1064: // Remove elements in $GLOBALS that are present in any of the superglobals | 1046: // Remove elements in $GLOBALS that are present in any of the superglobals |
1065: $input = array_merge($_GET, $_POST, $_COOKIE, $_SERVER, $_ENV, $_FILES, isset($_SESSION) && is_array($_SESSION) ? $_SESSION : array()); | 1047: $input = array_merge($_GET, $_POST, $_COOKIE, $_SERVER, $_ENV, $_FILES, isset($_SESSION) && is_array($_SESSION) ? $_SESSION : array()); |
1066: foreach ($input as $k => $v) | 1048: foreach ($input as $k => $v) |
1067: { | 1049: { |
1068: if (!in_array($k, $no_unset) && isset($GLOBALS[$k])) | 1050: if (!in_array($k, $no_unset) && isset($GLOBALS[$k])) |
1069: unset($GLOBALS[$k]); | 1051: { |
1070: } | 1052: unset($GLOBALS[$k]); |
| 1053: unset($GLOBALS[$k]); // Double unset to circumvent the zend_hash_del_key_or_index hole in PHP <4.4.3 and <5.1.4 |
| 1054: } |
| 1055: } |
1071: } | 1056: } |
1072: | 1057: |
1073: | 1058: |
punbb-1.2.9/upload/install.php |
punbb-1.2.14/upload/install.php |
24: | 24: |
25: | 25: |
26: // The PunBB version this script installs | 26: // The PunBB version this script installs |
27: $punbb_version = '1.2.9'; | 27: $punbb_version = '1.2.14'; |
28: | 28: |
29: | 29: |
30: define('PUN_ROOT', './'); | 30: define('PUN_ROOT', './'); |
757: poster_id INT(10) UNSIGNED NOT NULL DEFAULT 1, | 757: poster_id INT(10) UNSIGNED NOT NULL DEFAULT 1, |
758: poster_ip VARCHAR(15), | 758: poster_ip VARCHAR(15), |
759: poster_email VARCHAR(50), | 759: poster_email VARCHAR(50), |
760: message TEXT NOT NULL DEFAULT '', | 760: message TEXT, |
761: hide_smilies TINYINT(1) NOT NULL DEFAULT 0, | 761: hide_smilies TINYINT(1) NOT NULL DEFAULT 0, |
762: posted INT(10) UNSIGNED NOT NULL DEFAULT 0, | 762: posted INT(10) UNSIGNED NOT NULL DEFAULT 0, |
763: edited INT(10) UNSIGNED, | 763: edited INT(10) UNSIGNED, |
774: poster_id INT NOT NULL DEFAULT 1, | 774: poster_id INT NOT NULL DEFAULT 1, |
775: poster_ip VARCHAR(15), | 775: poster_ip VARCHAR(15), |
776: poster_email VARCHAR(50), | 776: poster_email VARCHAR(50), |
777: message TEXT NOT NULL DEFAULT '', | 777: message TEXT, |
778: hide_smilies SMALLINT NOT NULL DEFAULT 0, | 778: hide_smilies SMALLINT NOT NULL DEFAULT 0, |
779: posted INT NOT NULL DEFAULT 0, | 779: posted INT NOT NULL DEFAULT 0, |
780: edited INT, | 780: edited INT, |
791: poster_id INTEGER NOT NULL DEFAULT 1, | 791: poster_id INTEGER NOT NULL DEFAULT 1, |
792: poster_ip VARCHAR(15), | 792: poster_ip VARCHAR(15), |
793: poster_email VARCHAR(50), | 793: poster_email VARCHAR(50), |
794: message TEXT NOT NULL DEFAULT '', | 794: message TEXT, |
795: hide_smilies INTEGER NOT NULL DEFAULT 0, | 795: hide_smilies INTEGER NOT NULL DEFAULT 0, |
796: posted INTEGER NOT NULL DEFAULT 0, | 796: posted INTEGER NOT NULL DEFAULT 0, |
797: edited INTEGER, | 797: edited INTEGER, |
852: forum_id INT(10) UNSIGNED NOT NULL DEFAULT 0, | 852: forum_id INT(10) UNSIGNED NOT NULL DEFAULT 0, |
853: reported_by INT(10) UNSIGNED NOT NULL DEFAULT 0, | 853: reported_by INT(10) UNSIGNED NOT NULL DEFAULT 0, |
854: created INT(10) UNSIGNED NOT NULL DEFAULT 0, | 854: created INT(10) UNSIGNED NOT NULL DEFAULT 0, |
855: message TEXT NOT NULL DEFAULT '', | 855: message TEXT, |
856: zapped INT(10) UNSIGNED, | 856: zapped INT(10) UNSIGNED, |
857: zapped_by INT(10) UNSIGNED, | 857: zapped_by INT(10) UNSIGNED, |
858: PRIMARY KEY (id) | 858: PRIMARY KEY (id) |
867: forum_id INT NOT NULL DEFAULT 0, | 867: forum_id INT NOT NULL DEFAULT 0, |
868: reported_by INT NOT NULL DEFAULT 0, | 868: reported_by INT NOT NULL DEFAULT 0, |
869: created INT NOT NULL DEFAULT 0, | 869: created INT NOT NULL DEFAULT 0, |
870: message TEXT NOT NULL DEFAULT '', | 870: message TEXT, |
871: zapped INT, | 871: zapped INT, |
872: zapped_by INT, | 872: zapped_by INT, |
873: PRIMARY KEY (id) | 873: PRIMARY KEY (id) |
882: forum_id INTEGER NOT NULL DEFAULT 0, | 882: forum_id INTEGER NOT NULL DEFAULT 0, |
883: reported_by INTEGER NOT NULL DEFAULT 0, | 883: reported_by INTEGER NOT NULL DEFAULT 0, |
884: created INTEGER NOT NULL DEFAULT 0, | 884: created INTEGER NOT NULL DEFAULT 0, |
885: message TEXT NOT NULL DEFAULT '', | 885: message TEXT, |
886: zapped INTEGER, | 886: zapped INTEGER, |
887: zapped_by INTEGER, | 887: zapped_by INTEGER, |
888: PRIMARY KEY (id) | 888: PRIMARY KEY (id) |
901: $sql = 'CREATE TABLE '.$db_prefix."search_cache ( | 901: $sql = 'CREATE TABLE '.$db_prefix."search_cache ( |
902: id INT(10) UNSIGNED NOT NULL DEFAULT 0, | 902: id INT(10) UNSIGNED NOT NULL DEFAULT 0, |
903: ident VARCHAR(200) NOT NULL DEFAULT '', | 903: ident VARCHAR(200) NOT NULL DEFAULT '', |
904: search_data TEXT NOT NULL DEFAULT '', | 904: search_data TEXT, |
905: PRIMARY KEY (id) | 905: PRIMARY KEY (id) |
906: ) TYPE=MyISAM;"; | 906: ) TYPE=MyISAM;"; |
907: break; | 907: break; |
910: $sql = 'CREATE TABLE '.$db_prefix."search_cache ( | 910: $sql = 'CREATE TABLE '.$db_prefix."search_cache ( |
911: id INT NOT NULL DEFAULT 0, | 911: id INT NOT NULL DEFAULT 0, |
912: ident VARCHAR(200) NOT NULL DEFAULT '', | 912: ident VARCHAR(200) NOT NULL DEFAULT '', |
913: search_data TEXT NOT NULL DEFAULT '', | 913: search_data TEXT, |
914: PRIMARY KEY (id) | 914: PRIMARY KEY (id) |
915: )"; | 915: )"; |
916: break; | 916: break; |
919: $sql = 'CREATE TABLE '.$db_prefix."search_cache ( | 919: $sql = 'CREATE TABLE '.$db_prefix."search_cache ( |
920: id INTEGER NOT NULL DEFAULT 0, | 920: id INTEGER NOT NULL DEFAULT 0, |
921: ident VARCHAR(200) NOT NULL DEFAULT '', | 921: ident VARCHAR(200) NOT NULL DEFAULT '', |
922: search_data TEXT NOT NULL DEFAULT '', | 922: search_data TEXT, |
923: PRIMARY KEY (id) | 923: PRIMARY KEY (id) |
924: )"; | 924: )"; |
925: break; | 925: break; |
punbb-1.2.9/upload/profile.php |
punbb-1.2.14/upload/profile.php |
201: } | 201: } |
202: else if (isset($_POST['form_sent'])) | 202: else if (isset($_POST['form_sent'])) |
203: { | 203: { |
| 204: if (pun_hash($_POST['req_password']) !== $pun_user['password']) |
| 205: message($lang_profile['Wrong pass']); |
| 206: |
204: require PUN_ROOT.'include/email.php'; | 207: require PUN_ROOT.'include/email.php'; |
205: | 208: |
206: // Validate the email-address | 209: // Validate the email-address |
264: } | 267: } |
265: | 268: |
266: $page_title = pun_htmlspecialchars($pun_config['o_board_title']).' / '.$lang_common['Profile']; | 269: $page_title = pun_htmlspecialchars($pun_config['o_board_title']).' / '.$lang_common['Profile']; |
267: $required_fields = array('req_new_email' => $lang_profile['New e-mail']); | 270: $required_fields = array('req_new_email' => $lang_profile['New e-mail'], 'req_password' => $lang_common['Password']); |
268: $focus_element = array('change_email', 'req_new_email'); | 271: $focus_element = array('change_email', 'req_new_email'); |
269: require PUN_ROOT.'header.php'; | 272: require PUN_ROOT.'header.php'; |
270: | 273: |
279: <div class="infldset"> | 282: <div class="infldset"> |
280: <input type="hidden" name="form_sent" value="1" /> | 283: <input type="hidden" name="form_sent" value="1" /> |
281: <label><strong><?php echo $lang_profile['New e-mail'] ?></strong><br /><input type="text" name="req_new_email" size="50" maxlength="50" /><br /></label> | 284: <label><strong><?php echo $lang_profile['New e-mail'] ?></strong><br /><input type="text" name="req_new_email" size="50" maxlength="50" /><br /></label> |
| 285: <label><strong><?php echo $lang_common['Password'] ?></strong><br /><input type="password" name="req_password" size="16" maxlength="16" /><br /></label> |
282: <p><?php echo $lang_profile['E-mail instructions'] ?></p> | 286: <p><?php echo $lang_profile['E-mail instructions'] ?></p> |
283: </div> | 287: </div> |
284: </fieldset> | 288: </fieldset> |
362: message($lang_profile['Move failed'].' <a href="mailto:'.$pun_config['o_admin_email'].'">'.$pun_config['o_admin_email'].'</a>.'); | 366: message($lang_profile['Move failed'].' <a href="mailto:'.$pun_config['o_admin_email'].'">'.$pun_config['o_admin_email'].'</a>.'); |
363: | 367: |
364: // Now check the width/height | 368: // Now check the width/height |
365: list($width, $height, ,) = getimagesize($pun_config['o_avatars_dir'].'/'.$id.'.tmp'); | 369: list($width, $height, $type,) = getimagesize($pun_config['o_avatars_dir'].'/'.$id.'.tmp'); |
366: if (empty($width) || empty($height) || $width > $pun_config['o_avatars_width'] || $height > $pun_config['o_avatars_height']) | 370: if (empty($width) || empty($height) || $width > $pun_config['o_avatars_width'] || $height > $pun_config['o_avatars_height']) |
367: { | 371: { |
368: @unlink($pun_config['o_avatars_dir'].'/'.$id.'.tmp'); | 372: @unlink($pun_config['o_avatars_dir'].'/'.$id.'.tmp'); |
369: message($lang_profile['Too wide or high'].' '.$pun_config['o_avatars_width'].'x'.$pun_config['o_avatars_height'].' '.$lang_profile['pixels'].'.'); | 373: message($lang_profile['Too wide or high'].' '.$pun_config['o_avatars_width'].'x'.$pun_config['o_avatars_height'].' '.$lang_profile['pixels'].'.'); |
370: } | 374: } |
| 375: else if ($type == 1 && $uploaded_file['type'] != 'image/gif') // Prevent dodgy uploads |
| 376: { |
| 377: @unlink($pun_config['o_avatars_dir'].'/'.$id.'.tmp'); |
| 378: message($lang_profile['Bad type']); |
| 379: } |
371: | 380: |
372: // Delete any old avatars and put the new one in place | 381: // Delete any old avatars and put the new one in place |
373: @unlink($pun_config['o_avatars_dir'].'/'.$id.$extensions[0]); | 382: @unlink($pun_config['o_avatars_dir'].'/'.$id.$extensions[0]); |
punbb-1.2.9/upload/register.php |
punbb-1.2.14/upload/register.php |
79: | 79: |
80: else if (isset($_POST['form_sent'])) | 80: else if (isset($_POST['form_sent'])) |
81: { | 81: { |
| 82: // Check that someone from this IP didn't register a user within the last hour (DoS prevention) |
| 83: $result = $db->query('SELECT 1 FROM '.$db->prefix.'users WHERE registration_ip=\''.get_remote_address().'\' AND registered>'.(time() - 3600)) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error()); |
| 84: |
| 85: if ($db->num_rows($result)) |
| 86: message('A new user was registered with the same IP address as you within the last hour. To prevent registration flooding, at least an hour has to pass between registrations from the same IP. Sorry for the inconvenience.'); |
| 87: |
| 88: |
82: $username = pun_trim($_POST['req_username']); | 89: $username = pun_trim($_POST['req_username']); |
83: $email1 = strtolower(trim($_POST['req_email1'])); | 90: $email1 = strtolower(trim($_POST['req_email1'])); |
84: | 91: |
166: $dupe_list[] = $cur_dupe['username']; | 173: $dupe_list[] = $cur_dupe['username']; |
167: } | 174: } |
168: | 175: |
| 176: // Make sure we got a valid language string |
| 177: if (isset($_POST['language'])) |
| 178: { |
| 179: $language = preg_replace('#[\.\\\/]#', '', $_POST['language']); |
| 180: if (!file_exists(PUN_ROOT.'lang/'.$language.'/common.php')) |
| 181: message($lang_common['Bad request']); |
| 182: } |
| 183: else |
| 184: $language = $pun_config['o_default_lang']; |
| 185: |
169: $timezone = intval($_POST['timezone']); | 186: $timezone = intval($_POST['timezone']); |
170: $language = isset($_POST['language']) ? $_POST['language'] : $pun_config['o_default_lang']; | |
171: $save_pass = (!isset($_POST['save_pass']) || $_POST['save_pass'] != '1') ? '0' : '1'; | 187: $save_pass = (!isset($_POST['save_pass']) || $_POST['save_pass'] != '1') ? '0' : '1'; |
172: | 188: |
173: $email_setting = intval($_POST['email_setting']); | 189: $email_setting = intval($_POST['email_setting']); |
punbb-1.2.9/upload/search.php |
punbb-1.2.14/upload/search.php |
170: | 170: |
171: $word_count = 0; | 171: $word_count = 0; |
172: $match_type = 'and'; | 172: $match_type = 'and'; |
| 173: $result_list = array(); |
173: @reset($keywords_array); | 174: @reset($keywords_array); |
174: while (list(, $cur_word) = @each($keywords_array)) | 175: while (list(, $cur_word) = @each($keywords_array)) |
175: { | 176: { |
465: $sql = 'SELECT p.id AS pid, p.poster AS pposter, p.posted AS pposted, p.poster_id, '.$substr_sql.'(p.message, 1, 1000) AS message, t.id AS tid, t.poster, t.subject, t.last_post, t.last_post_id, t.last_poster, t.num_replies, t.forum_id FROM '.$db->prefix.'posts AS p INNER JOIN '.$db->prefix.'topics AS t ON t.id=p.topic_id WHERE p.id IN('.$search_results.') ORDER BY '.$sort_by_sql; | 466: $sql = 'SELECT p.id AS pid, p.poster AS pposter, p.posted AS pposted, p.poster_id, '.$substr_sql.'(p.message, 1, 1000) AS message, t.id AS tid, t.poster, t.subject, t.last_post, t.last_post_id, t.last_poster, t.num_replies, t.forum_id FROM '.$db->prefix.'posts AS p INNER JOIN '.$db->prefix.'topics AS t ON t.id=p.topic_id WHERE p.id IN('.$search_results.') ORDER BY '.$sort_by_sql; |
466: } | 467: } |
467: else | 468: else |
468: $sql = 'SELECT t.id AS tid, t.poster, t.subject, t.last_post, t.last_post_id, t.last_poster, t.num_replies, t.closed, t.forum_id FROM '.$db->prefix.'posts AS p INNER JOIN '.$db->prefix.'topics AS t ON t.id=p.topic_id WHERE t.id IN('.$search_results.') GROUP BY t.id, t.poster, t.subject, t.last_post, t.last_post_id, t.last_poster, t.num_replies, t.closed, t.forum_id'.$group_by_sql.' ORDER BY '.$sort_by_sql; | 469: $sql = 'SELECT t.id AS tid, t.poster, t.subject, t.last_post, t.last_post_id, t.last_poster, t.num_replies, t.closed, t.forum_id FROM '.$db->prefix.'topics AS t WHERE t.id IN('.$search_results.') GROUP BY t.id, t.poster, t.subject, t.last_post, t.last_post_id, t.last_poster, t.num_replies, t.closed, t.forum_id'.$group_by_sql.' ORDER BY '.$sort_by_sql; |
469: | 470: |
470: | 471: |
471: // Determine the topic or post offset (based on $_GET['p']) | 472: // Determine the topic or post offset (based on $_GET['p']) |
punbb-1.2.9/upload/style/imports/base.css |
punbb-1.2.14/upload/style/imports/base.css |
43: | 43: |
44: DIV>DIV>DIV.postfootleft, DIV>DIV>DIV.postfootright {PADDING-TOP: 1px; MARGIN-TOP: -1px} | 44: DIV>DIV>DIV.postfootleft, DIV>DIV>DIV.postfootright {PADDING-TOP: 1px; MARGIN-TOP: -1px} |
45: | 45: |
46: /* 3.2 This is only visible to IE Windows and cures various bugs. Do not alter comments */ | 46: /* 3.2 This is only visible to IE6 Windows and cures various bugs. Do not alter comments */ |
47: | 47: |
48: /* Begin IEWin Fix \*/ | 48: /* Begin IE6Win Fix \*/ |
49: * HTML .inbox, * HTML .inform, * HTML .pun, * HTML .intd, * HTML .tclcon {HEIGHT: 1px} | 49: * HTML .inbox, * HTML .inform, * HTML .pun, * HTML .intd, * HTML .tclcon {HEIGHT: 1px} |
50: * HTML .inbox DIV.postmsg {WIDTH: 98%} | 50: * HTML .inbox DIV.postmsg {WIDTH: 98%} |
51: /* End of IEWin Fix */ | 51: /* End of IE6Win Fix */ |
| 52: |
| 53: /* 3.3 This is the equivelant of 3.2 but for IE7. It is visible to other browsers |
| 54: but does no harm */ |
| 55: |
| 56: /*Begin IE7Win Fix */ |
| 57: .pun, .pun .inbox, .pun .inform, .pun .intd, .pun .tclcon {min-height: 1px} |
| 58: /* End of IE7Win Fix */ |
52: | 59: |
53: /****************************************************************/ | 60: /****************************************************************/ |
54: /* 4. HIDDEN ELEMENTS */ | 61: /* 4. HIDDEN ELEMENTS */ |