1

Topic: Smartys come in,about guest flood protection.

i installed the plugin you made, guest flood protection(control)
just control how long time the guest's new post after 1st post.

but i have find a problem,
i setup the time to 9999 seconds, but the guest don't need to wait 9999 seconds for posting another,just 1 or 2 minuets,

what's wrong?

Re: Smartys come in,about guest flood protection.

Well, I can't connect to PunRes to take a look at the code, so I'll just double check one thing: the person is posting from the same IP, right?

Re: Smartys come in,about guest flood protection.

I just checked the code and I see absolutely nothing wrong with it offhand smile

Re: Smartys come in,about guest flood protection.

Oh, right. 9999 probably won't work because it's greater than the timeout for an entry in the online table. As soon as the online table entry goes away, the last posted time goes away.

5 (edited by qie 2007-11-06 04:08)

Re: Smartys come in,about guest flood protection.

Smartys wrote:

Well, I can't connect to PunRes to take a look at the code, so I'll just double check one thing: the person is posting from the same IP, right?

right.

but i set up the time to 150 seconds or 300 seconds it still don't work rightly but using shorter time the guest can post?just shorter than 1 minutes.
i didn't know what's wrong.

Re: Smartys come in,about guest flood protection.

Post your copy of post.php

7

Re: Smartys come in,about guest flood protection.

post.php


<?php
define('PUN_ROOT', './');

require PUN_ROOT.'include/common.php';





if ($pun_user['g_read_board'] == '0')

    message($lang_common['No view']);





$tid = isset($_GET['tid']) ? intval($_GET['tid']) : 0;

$fid = isset($_GET['fid']) ? intval($_GET['fid']) : 0;

if ($tid < 1 && $fid < 1 || $tid > 0 && $fid > 0)

    message($lang_common['Bad request']);



// Fetch some info about the topic and/or the forum

if ($tid)

    $result = $db->query('SELECT f.id, f.forum_name, f.moderators, f.redirect_url, fp.post_replies, fp.post_topics, t.subject, t.closed FROM '.$db->prefix.'topics AS t INNER JOIN '.$db->prefix.'forums AS f ON f.id=t.forum_id LEFT JOIN '.$db->prefix.'forum_perms AS fp ON (fp.forum_id=f.id AND fp.group_id='.$pun_user['g_id'].') WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND t.id='.$tid) or error('Unable to fetch forum info', __FILE__, __LINE__, $db->error());

else

    $result = $db->query('SELECT f.id, f.forum_name, f.moderators, f.redirect_url, fp.post_replies, fp.post_topics FROM '.$db->prefix.'forums AS f LEFT JOIN '.$db->prefix.'forum_perms AS fp ON (fp.forum_id=f.id AND fp.group_id='.$pun_user['g_id'].') WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND f.id='.$fid) or error('Unable to fetch forum info', __FILE__, __LINE__, $db->error());



if (!$db->num_rows($result))

    message($lang_common['Bad request']);



$cur_posting = $db->fetch_assoc($result);



// Is someone trying to post into a redirect forum?

if ($cur_posting['redirect_url'] != '')

    message($lang_common['Bad request']);



// Sort out who the moderators are and if we are currently a moderator (or an admin)

$mods_array = ($cur_posting['moderators'] != '') ? unserialize($cur_posting['moderators']) : array();

$is_admmod = ($pun_user['g_id'] == PUN_ADMIN || ($pun_user['g_id'] == PUN_MOD && array_key_exists($pun_user['username'], $mods_array))) ? true : false;



// Do we have permission to post?

if ((($tid && (($cur_posting['post_replies'] == '' && $pun_user['g_post_replies'] == '0') || $cur_posting['post_replies'] == '0')) ||

    ($fid && (($cur_posting['post_topics'] == '' && $pun_user['g_post_topics'] == '0') || $cur_posting['post_topics'] == '0')) ||

    (isset($cur_posting['closed']) && $cur_posting['closed'] == '1')) &&

    !$is_admmod)

    message($lang_common['No permission']);



// Load the post.php language file

require PUN_ROOT.'lang/'.$pun_user['language'].'/post.php';



// Start with a clean slate

$errors = array();





// Did someone just hit "Submit" or "Preview"?

if (isset($_POST['form_sent']))

{

    // Make sure form_user is correct

    if (($pun_user['is_guest'] && $_POST['form_user'] != 'Guest') || (!$pun_user['is_guest'] && $_POST['form_user'] != $pun_user['username']))

        message($lang_common['Bad request']);



    // Flood protection

    if (!$pun_user['is_guest'] && !isset($_POST['preview']) && $pun_user['last_post'] != '' && (time() - $pun_user['last_post']) < $pun_user['g_post_flood'])

        $errors[] = $lang_post['Flood start'].' '.$pun_user['g_post_flood'].' '.$lang_post['flood end'];

       
        else if ($pun_user['is_guest'] && !isset($_POST['preview']) && $pun_user['o_last_post'] != '' && (time() - $pun_user['o_last_post']) < $pun_user['g_post_flood'])
    $errors[] = $lang_post['Flood start'].' '.$pun_user['g_post_flood'].' '.$lang_post['flood end'];



    // If it's a new topic

    if ($fid)

    {

        $subject = pun_trim($_POST['req_subject']);



        if ($subject == '')

            $errors[] = $lang_post['No subject'];

        else if (pun_strlen($subject) > 70)

            $errors[] = $lang_post['Too long subject'];

        else if ($pun_config['p_subject_all_caps'] == '0' && strtoupper($subject) == $subject && $pun_user['g_id'] > PUN_MOD)

            $subject = ucwords(strtolower($subject));

    }



    // If the user is logged in we get the username and e-mail from $pun_user

    if (!$pun_user['is_guest'])

    {

        $username = $pun_user['username'];

        $email = $pun_user['email'];

    }

    // Otherwise it should be in $_POST

    else

    {

        $username = trim($_POST['req_username']);

        $email = strtolower(trim(($pun_config['p_force_guest_email'] == '1') ? $_POST['req_email'] : $_POST['email']));



        // Load the register.php/profile.php language files

        require PUN_ROOT.'lang/'.$pun_user['language'].'/prof_reg.php';

        require PUN_ROOT.'lang/'.$pun_user['language'].'/register.php';



        // It's a guest, so we have to validate the username

        if (strlen($username) < 2)

            $errors[] = $lang_prof_reg['Username too short'];

        else if (!strcasecmp($username, 'Guest') || !strcasecmp($username, $lang_common['Guest']))

            $errors[] = $lang_prof_reg['Username guest'];

        else if (preg_match('/[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/', $username))

            $errors[] = $lang_prof_reg['Username IP'];



        if ((strpos($username, '[') !== false || strpos($username, ']') !== false) && strpos($username, '\'') !== false && strpos($username, '"') !== false)

            $errors[] = $lang_prof_reg['Username reserved chars'];

        if (preg_match('#\[b\]|\[/b\]|\[u\]|\[/u\]|\[i\]|\[/i\]|\[color|\[/color\]|\[quote\]|\[quote=|\[/quote\]|\[code\]|\[/code\]|\[img\]|\[/img\]|\[url|\[/url\]|\[email|\[/email\]#i', $username))

            $errors[] = $lang_prof_reg['Username BBCode'];



        // Check username for any censored words

        $temp = censor_words($username);

        if ($temp != $username)

            $errors[] = $lang_register['Username censor'];



        // Check that the username (or a too similar username) is not already registered

        $result = $db->query('SELECT username FROM '.$db->prefix.'users WHERE username=\''.$db->escape($username).'\' OR username=\''.$db->escape(preg_replace('/[^\w]/', '', $username)).'\'') or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());

        if ($db->num_rows($result))

        {

            $busy = $db->result($result);

            $errors[] = $lang_register['Username dupe 1'].' '.pun_htmlspecialchars($busy).'. '.$lang_register['Username dupe 2'];

        }



        if ($pun_config['p_force_guest_email'] == '1' || $email != '')

        {

            require PUN_ROOT.'include/email.php';

            if (!is_valid_email($email))

                $errors[] = $lang_common['Invalid e-mail'];

        }

    }



    // Clean up message from POST

    $message = pun_linebreaks(pun_trim($_POST['req_message']));



    if ($message == '')

        $errors[] = $lang_post['No message'];

    else if (strlen($message) > 65535)

        $errors[] = $lang_post['Too long message'];

    else if ($pun_config['p_message_all_caps'] == '0' && strtoupper($message) == $message && $pun_user['g_id'] > PUN_MOD)

        $message = ucwords(strtolower($message));





    // simple spam filter

    $pun_spamwords = array();

    @include('cache/cache_spamwords.php');

    foreach ($pun_spamwords as $word)

    {

        if(substr_count(strtolower($subject . ' ' . $message),strtolower($word)))

        {

            $errors[] = sprintf($lang_post['Remove spam word'],$word);

        }

    }



    // Validate BBCode syntax

    if ($pun_config['p_message_bbcode'] == '1' && strpos($message, '[') !== false && strpos($message, ']') !== false)

    {

        require PUN_ROOT.'include/parser.php';

        $message = preparse_bbcode($message, $errors);

    }





    require PUN_ROOT.'include/search_idx.php';



    $hide_smilies = isset($_POST['hide_smilies']) ? 1 : 0;

    $subscribe = isset($_POST['subscribe']) ? 1 : 0;



    $now = time();



    // Did everything go according to plan?

    if (empty($errors) && !isset($_POST['preview']))

    {

        // If it's a reply

        if ($tid)

        {

            if (!$pun_user['is_guest'])

            {

                // Insert the new post

                $db->query('INSERT INTO '.$db->prefix.'posts (poster, poster_id, poster_ip, message, hide_smilies, posted, topic_id) VALUES(\''.$db->escape($username).'\', '.$pun_user['id'].', \''.get_remote_address().'\', \''.$db->escape($message).'\', \''.$hide_smilies.'\', '.$now.', '.$tid.')') or error('Unable to create post', __FILE__, __LINE__, $db->error());

                $new_pid = $db->insert_id();



                // To subscribe or not to subscribe, that ...

                if ($pun_config['o_subscriptions'] == '1' && $subscribe)

                {

                    $result = $db->query('SELECT 1 FROM '.$db->prefix.'subscriptions WHERE user_id='.$pun_user['id'].' AND topic_id='.$tid) or error('Unable to fetch subscription info', __FILE__, __LINE__, $db->error());

                    if (!$db->num_rows($result))

                        $db->query('INSERT INTO '.$db->prefix.'subscriptions (user_id, topic_id) VALUES('.$pun_user['id'].' ,'.$tid.')') or error('Unable to add subscription', __FILE__, __LINE__, $db->error());

                }

            }

            else

            {

                // It's a guest. Insert the new post

                $email_sql = ($pun_config['p_force_guest_email'] == '1' || $email != '') ? '\''.$email.'\'' : 'NULL';

                $db->query('INSERT INTO '.$db->prefix.'posts (poster, poster_ip, poster_email, message, hide_smilies, posted, topic_id) VALUES(\''.$db->escape($username).'\', \''.get_remote_address().'\', '.$email_sql.', \''.$db->escape($message).'\', \''.$hide_smilies.'\', '.$now.', '.$tid.')') or error('Unable to create post', __FILE__, __LINE__, $db->error());

                $new_pid = $db->insert_id();

            }



            // Count number of replies in the topic

            $result = $db->query('SELECT COUNT(id) FROM '.$db->prefix.'posts WHERE topic_id='.$tid) or error('Unable to fetch post count for topic', __FILE__, __LINE__, $db->error());

            $num_replies = $db->result($result, 0) - 1;



            // Update topic

            $db->query('UPDATE '.$db->prefix.'topics SET num_replies='.$num_replies.', last_post='.$now.', last_post_id='.$new_pid.', last_poster=\''.$db->escape($username).'\' WHERE id='.$tid) or error('Unable to update topic', __FILE__, __LINE__, $db->error());



            update_search_index('post', $new_pid, $message);



            update_forum($cur_posting['id']);



            // Should we send out notifications?

            if ($pun_config['o_subscriptions'] == '1')

            {

                // Get the post time for the previous post in this topic

                $result = $db->query('SELECT posted FROM '.$db->prefix.'posts WHERE topic_id='.$tid.' ORDER BY id DESC LIMIT 1, 1') or error('Unable to fetch post info', __FILE__, __LINE__, $db->error());

                $previous_post_time = $db->result($result);



                // Get any subscribed users that should be notified (banned users are excluded)

                $result = $db->query('SELECT u.id, u.email, u.notify_with_post, u.language FROM '.$db->prefix.'users AS u INNER JOIN '.$db->prefix.'subscriptions AS s ON u.id=s.user_id LEFT JOIN '.$db->prefix.'forum_perms AS fp ON (fp.forum_id='.$cur_posting['id'].' AND fp.group_id=u.group_id) LEFT JOIN '.$db->prefix.'online AS o ON u.id=o.user_id LEFT JOIN '.$db->prefix.'bans AS b ON u.username=b.username WHERE b.username IS NULL AND COALESCE(o.logged, u.last_visit)>'.$previous_post_time.' AND (fp.read_forum IS NULL OR fp.read_forum=1) AND s.topic_id='.$tid.' AND u.id!='.intval($pun_user['id'])) or error('Unable to fetch subscription info', __FILE__, __LINE__, $db->error());

                if ($db->num_rows($result))

                {

                    require_once PUN_ROOT.'include/email.php';



                    $notification_emails = array();



                    // Loop through subscribed users and send e-mails

                    while ($cur_subscriber = $db->fetch_assoc($result))

                    {

                        // Is the subscription e-mail for $cur_subscriber['language'] cached or not?

                        if (!isset($notification_emails[$cur_subscriber['language']]))

                        {

                            if (file_exists(PUN_ROOT.'lang/'.$cur_subscriber['language'].'/mail_templates/new_reply.tpl'))

                            {

                                // Load the "new reply" template

                                $mail_tpl = trim(file_get_contents(PUN_ROOT.'lang/'.$cur_subscriber['language'].'/mail_templates/new_reply.tpl'));



                                // Load the "new reply full" template (with post included)

                                $mail_tpl_full = trim(file_get_contents(PUN_ROOT.'lang/'.$cur_subscriber['language'].'/mail_templates/new_reply_full.tpl'));



                                // The first row contains the subject (it also starts with "Subject:")

                                $first_crlf = strpos($mail_tpl, "\n");

                                $mail_subject = trim(substr($mail_tpl, 8, $first_crlf-8));

                                $mail_message = trim(substr($mail_tpl, $first_crlf));



                                $first_crlf = strpos($mail_tpl_full, "\n");

                                $mail_subject_full = trim(substr($mail_tpl_full, 8, $first_crlf-8));

                                $mail_message_full = trim(substr($mail_tpl_full, $first_crlf));



                                $mail_subject = str_replace('<topic_subject>', '\''.$cur_posting['subject'].'\'', $mail_subject);

                                $mail_message = str_replace('<topic_subject>', '\''.$cur_posting['subject'].'\'', $mail_message);

                                $mail_message = str_replace('<replier>', $username, $mail_message);

                                $mail_message = str_replace('<post_url>', $pun_config['o_base_url'].'/viewtopic.php?pid='.$new_pid.'#p'.$new_pid, $mail_message);

                                $mail_message = str_replace('<unsubscribe_url>', $pun_config['o_base_url'].'/misc.php?unsubscribe='.$tid, $mail_message);

                                $mail_message = str_replace('<board_mailer>', $pun_config['o_board_title'].' '.$lang_common['Mailer'], $mail_message);



                                $mail_subject_full = str_replace('<topic_subject>', '\''.$cur_posting['subject'].'\'', $mail_subject_full);

                                $mail_message_full = str_replace('<topic_subject>', '\''.$cur_posting['subject'].'\'', $mail_message_full);

                                $mail_message_full = str_replace('<replier>', $username, $mail_message_full);

                                $mail_message_full = str_replace('<message>', $message, $mail_message_full);

                                $mail_message_full = str_replace('<post_url>', $pun_config['o_base_url'].'/viewtopic.php?pid='.$new_pid.'#p'.$new_pid, $mail_message_full);

                                $mail_message_full = str_replace('<unsubscribe_url>', $pun_config['o_base_url'].'/misc.php?unsubscribe='.$tid, $mail_message_full);

                                $mail_message_full = str_replace('<board_mailer>', $pun_config['o_board_title'].' '.$lang_common['Mailer'], $mail_message_full);



                                $notification_emails[$cur_subscriber['language']][0] = $mail_subject;

                                $notification_emails[$cur_subscriber['language']][1] = $mail_message;

                                $notification_emails[$cur_subscriber['language']][2] = $mail_subject_full;

                                $notification_emails[$cur_subscriber['language']][3] = $mail_message_full;



                                $mail_subject = $mail_message = $mail_subject_full = $mail_message_full = null;

                            }

                        }



                        // We have to double check here because the templates could be missing

                        if (isset($notification_emails[$cur_subscriber['language']]))

                        {

                            if ($cur_subscriber['notify_with_post'] == '0')

                                pun_mail($cur_subscriber['email'], $notification_emails[$cur_subscriber['language']][0], $notification_emails[$cur_subscriber['language']][1]);

                            else

                                pun_mail($cur_subscriber['email'], $notification_emails[$cur_subscriber['language']][2], $notification_emails[$cur_subscriber['language']][3]);

                        }

                    }

                }

            }

        }

        // If it's a new topic

        else if ($fid)

        {

            // Create the topic

            $db->query('INSERT INTO '.$db->prefix.'topics (poster, subject, posted, last_post, last_poster, forum_id) VALUES(\''.$db->escape($username).'\', \''.$db->escape($subject).'\', '.$now.', '.$now.', \''.$db->escape($username).'\', '.$fid.')') or error('Unable to create topic', __FILE__, __LINE__, $db->error());

            $new_tid = $db->insert_id();



            if (!$pun_user['is_guest'])

            {

                // To subscribe or not to subscribe, that ...

                if ($pun_config['o_subscriptions'] == '1' && (isset($_POST['subscribe']) && $_POST['subscribe'] == '1'))

                    $db->query('INSERT INTO '.$db->prefix.'subscriptions (user_id, topic_id) VALUES('.$pun_user['id'].' ,'.$new_tid.')') or error('Unable to add subscription', __FILE__, __LINE__, $db->error());



                // Create the post ("topic post")

                $db->query('INSERT INTO '.$db->prefix.'posts (poster, poster_id, poster_ip, message, hide_smilies, posted, topic_id) VALUES(\''.$db->escape($username).'\', '.$pun_user['id'].', \''.get_remote_address().'\', \''.$db->escape($message).'\', \''.$hide_smilies.'\', '.$now.', '.$new_tid.')') or error('Unable to create post', __FILE__, __LINE__, $db->error());

            }

            else

            {

                // Create the post ("topic post")

                $email_sql = ($pun_config['p_force_guest_email'] == '1' || $email != '') ? '\''.$email.'\'' : 'NULL';

                $db->query('INSERT INTO '.$db->prefix.'posts (poster, poster_ip, poster_email, message, hide_smilies, posted, topic_id) VALUES(\''.$db->escape($username).'\', \''.get_remote_address().'\', '.$email_sql.', \''.$db->escape($message).'\', \''.$hide_smilies.'\', '.$now.', '.$new_tid.')') or error('Unable to create post', __FILE__, __LINE__, $db->error());

            }

            $new_pid = $db->insert_id();



            // Update the topic with last_post_id

            $db->query('UPDATE '.$db->prefix.'topics SET last_post_id='.$new_pid.' WHERE id='.$new_tid) or error('Unable to update topic', __FILE__, __LINE__, $db->error());



            update_search_index('post', $new_pid, $message, $subject);



            update_forum($fid);

        }



        // If the posting user is logged in, increment his/her post count

        if (!$pun_user['is_guest'])

        {

            $low_prio = ($db_type == 'mysql') ? 'LOW_PRIORITY ' : '';

            $db->query('UPDATE '.$low_prio.$db->prefix.'users SET num_posts=num_posts+1, last_post='.$now.' WHERE id='.$pun_user['id']) or error('Unable to update user', __FILE__, __LINE__, $db->error());

        }

                else
{
    $db->query('UPDATE '.$db->prefix.'online SET last_post='.$now.' WHERE ident=\''.$db->escape(get_remote_address()).'\'') or error('Unable to update user', __FILE__, __LINE__, $db->error());
}


        redirect('viewtopic.php?pid='.$new_pid.'#p'.$new_pid, $lang_post['Post redirect']);

    }

}





// If a topic id was specified in the url (it's a reply).

if ($tid)

{

    $action = $lang_post['Post a reply'];

    $form = '<form id="post" method="post" action="post.php?action=post&tid='.$tid.'" onsubmit="this.submit.disabled=true;if(process_form(this)){return true;}else{this.submit.disabled=false;return false;}">';



    // If a quote-id was specified in the url.

    if (isset($_GET['qid']))

    {

        $qid = intval($_GET['qid']);

        if ($qid < 1)

            message($lang_common['Bad request']);



        $result = $db->query('SELECT poster, message FROM '.$db->prefix.'posts WHERE id='.$qid.' AND topic_id='.$tid) or error('Unable to fetch quote info', __FILE__, __LINE__, $db->error());

        if (!$db->num_rows($result))

            message($lang_common['Bad request']);



        list($q_poster, $q_message) = $db->fetch_row($result);



        $q_message = str_replace('[img]', '[url]', $q_message);

        $q_message = str_replace('[/img]', '[/url]', $q_message);

        $q_message = pun_htmlspecialchars($q_message);



        if ($pun_config['p_message_bbcode'] == '1')

        {

            // If username contains a square bracket, we add "" or '' around it (so we know when it starts and ends)

            if (strpos($q_poster, '[') !== false || strpos($q_poster, ']') !== false)

            {

                if (strpos($q_poster, '\'') !== false)

                    $q_poster = '"'.$q_poster.'"';

                else

                    $q_poster = '\''.$q_poster.'\'';

            }

            else

            {

                // Get the characters at the start and end of $q_poster

                $ends = substr($q_poster, 0, 1).substr($q_poster, -1, 1);



                // Deal with quoting "Username" or 'Username' (becomes '"Username"' or "'Username'")

                if ($ends == '\'\'')

                    $q_poster = '"'.$q_poster.'"';

                else if ($ends == '""')

                    $q_poster = '\''.$q_poster.'\'';

            }



            $quote = '[quote='.$q_poster.']'.$q_message.'[/quote]
'."\n";

        }

        else

            $quote = '> '.$q_poster.' '.$lang_common['wrote'].':'."\n\n".'> '.$q_message."\n";

    }



    $forum_name = '<a href="viewforum.php?id='.$cur_posting['id'].'">'.pun_htmlspecialchars($cur_posting['forum_name']).'</a>';

}

// If a forum_id was specified in the url (new topic).

else if ($fid)

{

    $action = $lang_post['Post new topic'];

    $form = '<form id="post" method="post" action="post.php?action=post&fid='.$fid.'" onsubmit="return process_form(this)">';



    $forum_name = pun_htmlspecialchars($cur_posting['forum_name']);

}

else

    message($lang_common['Bad request']);





$page_title = pun_htmlspecialchars($pun_config['o_board_title']).' / '.$action;

$required_fields = array('req_email' => $lang_common['E-mail'], 'req_subject' => $lang_common['Subject'], 'req_message' => $lang_common['Message']);

$focus_element = array('post');



if (!$pun_user['is_guest'])

    $focus_element[] = ($fid) ? 'req_subject' : 'req_message';

else

{

    $required_fields['req_username'] = $lang_post['Guest name'];

    $focus_element[] = 'req_username';

}



require PUN_ROOT.'header.php';



?>

<div class="linkst">

    <div class="inbox">

        <ul><li><a href="index.php"><?php echo $lang_common['Index'] ?></a></li><li> » <?php echo $forum_name ?><?php if (isset($cur_posting['subject'])) echo '</li><li> » '.pun_htmlspecialchars($cur_posting['subject']) ?></li></ul>

    </div>

</div>



<?php



// If there are errors, we display them

if (!empty($errors))

{



?>

<div id="posterror" class="block">

    <h2><span><?php echo $lang_post['Post errors'] ?></span></h2>

    <div class="box">

        <div class="inbox">

            <p><?php echo $lang_post['Post errors info'] ?></p>

            <ul>

<?php



    while (list(, $cur_error) = each($errors))

        echo "\t\t\t\t".'<li><strong>'.$cur_error.'</strong></li>'."\n";

?>

            </ul>

        </div>

    </div>

</div>



<?php



}

else if (isset($_POST['preview']))

{

    require_once PUN_ROOT.'include/parser.php';

    $preview_message = parse_message($message, $hide_smilies);



?>

<div id="postpreview" class="blockpost">

    <h2><span><?php echo $lang_post['Post preview'] ?></span></h2>

    <div class="box">

        <div class="inbox">

            <div class="postright">

                <div class="postmsg">

                    <?php echo $preview_message."\n" ?>

                </div>

            </div>

        </div>

    </div>

</div>



<?php



}





$cur_index = 1;



?>

<div class="blockform">

    <h2><span><?php echo $action ?></span></h2>

    <div class="box">

        <?php echo $form."\n" ?>

            <div class="inform">

                <fieldset>

                    <legend><?php echo $lang_common['Write message legend'] ?></legend>

                    <div class="infldset txtarea">

                        <input type="hidden" name="form_sent" value="1" />

                        <input type="hidden" name="form_user" value="<?php echo (!$pun_user['is_guest']) ? pun_htmlspecialchars($pun_user['username']) : 'Guest'; ?>" />

<?php



if ($pun_user['is_guest'])

{

    $email_label = ($pun_config['p_force_guest_email'] == '1') ? '<strong>'.$lang_common['E-mail'].'</strong>' : $lang_common['E-mail'];

    $email_form_name = ($pun_config['p_force_guest_email'] == '1') ? 'req_email' : 'email';



?>                        <label class="conl"><strong><?php echo $lang_post['Guest name'] ?></strong><br /><input type="text" name="req_username" value="<?php if (isset($_POST['req_username'])) echo pun_htmlspecialchars($username); ?>" size="25" maxlength="25" tabindex="<?php echo $cur_index++ ?>" /><br /></label>

                        <label class="conl"><?php echo $email_label ?><br /><input type="text" name="<?php echo $email_form_name ?>" value="<?php if (isset($_POST[$email_form_name])) echo pun_htmlspecialchars($email); ?>" size="50" maxlength="50" tabindex="<?php echo $cur_index++ ?>" /><br /></label>

                        <div class="clearer"></div>

<?php



}



if ($fid): ?>

                        <label><strong><?php echo $lang_common['Subject'] ?></strong><br /><input class="longinput" type="text" name="req_subject" value="<?php if (isset($_POST['req_subject'])) echo pun_htmlspecialchars($subject); ?>" size="80" maxlength="70" tabindex="<?php echo $cur_index++ ?>" /><br /></label>

<?php endif; ?>                        <label><strong><?php echo $lang_common['Message'] ?></strong><br />

                        <textarea name="req_message" rows="20" cols="95" tabindex="<?php echo $cur_index++ ?>"><?php echo isset($_POST['req_message']) ? pun_htmlspecialchars($message) : (isset($quote) ? $quote : ''); ?></textarea><br /></label>

                        <!--<ul class="bblinks">

                            <li><a href="help.php#bbcode" onclick="window.open(this.href); return false;"><?php echo $lang_common['BBCode'] ?></a>: <?php echo ($pun_config['p_message_bbcode'] == '1') ? $lang_common['on'] : $lang_common['off']; ?></li>

                            <li><a href="help.php#img" onclick="window.open(this.href); return false;"><?php echo $lang_common['img tag'] ?></a>: <?php echo ($pun_config['p_message_img_tag'] == '1') ? $lang_common['on'] : $lang_common['off']; ?></li>

                            <li><a href="help.php#smilies" onclick="window.open(this.href); return false;"><?php echo $lang_common['Smilies'] ?></a>: <?php echo ($pun_config['o_smilies'] == '1') ? $lang_common['on'] : $lang_common['off']; ?></li>

                        </ul>-->

                    </div>

                </fieldset>

<?php



$checkboxes = array();

if (!$pun_user['is_guest'])

{

    if ($pun_config['o_smilies'] == '1')

        $checkboxes[] = '<label><input type="checkbox" name="hide_smilies" value="1" tabindex="'.($cur_index++).'"'.(isset($_POST['hide_smilies']) ? ' checked="checked"' : '').' />'.$lang_post['Hide smilies'];



    if ($pun_config['o_subscriptions'] == '1')

        $checkboxes[] = '<label><input type="checkbox" name="subscribe" value="1" tabindex="'.($cur_index++).'"'.(isset($_POST['subscribe']) ? ' checked="checked"' : '').' />'.$lang_post['Subscribe'];

}

else if ($pun_config['o_smilies'] == '1')

    $checkboxes[] = '<label><input type="checkbox" name="hide_smilies" value="1" tabindex="'.($cur_index++).'"'.(isset($_POST['hide_smilies']) ? ' checked="checked"' : '').' />'.$lang_post['Hide smilies'];



if (!empty($checkboxes))

{



?>

            </div>

            <div class="inform">

                <fieldset>

                    <legend><?php echo $lang_common['Options'] ?></legend>

                    <div class="infldset">

                        <div class="rbox">

                            <?php echo implode('<br /></label>'."\n\t\t\t\t", $checkboxes).'<br /></label>'."\n" ?>

                        </div>

                    </div>

                </fieldset>

<?php



}



?>

            </div>

            <p><input type="submit" name="submit" value="<?php echo $lang_common['Submit'] ?>" tabindex="<?php echo $cur_index++ ?>" accesskey="s" /><input type="submit" name="preview" value="<?php echo $lang_post['Preview'] ?>" tabindex="<?php echo $cur_index++ ?>" accesskey="p" /><a href="javascript:history.go(-1)"><?php echo $lang_common['Go back'] ?></a></p>

        </form>

    </div>

</div>



<?php



// Check to see if the topic review is to be displayed.

if ($tid && $pun_config['o_topic_review'] != '0')

{

    require_once PUN_ROOT.'include/parser.php';



    $result = $db->query('SELECT poster, message, hide_smilies, posted FROM '.$db->prefix.'posts WHERE topic_id='.$tid.' ORDER BY id DESC LIMIT '.$pun_config['o_topic_review']) or error('Unable to fetch topic review', __FILE__, __LINE__, $db->error());



?>



<div id="postreview" class="blockpost">

    <h2><span><?php echo $lang_post['Topic review'] ?></span></h2>

<?php



    //Set background switching on

    $bg_switch = true;

    $post_count = 0;



    while ($cur_post = $db->fetch_assoc($result))

    {

        // Switch the background color for every message.

        $bg_switch = ($bg_switch) ? $bg_switch = false : $bg_switch = true;

        $vtbg = ($bg_switch) ? ' roweven' : ' rowodd';

        $post_count++;



        $cur_post['message'] = parse_message($cur_post['message'], $cur_post['hide_smilies']);



?>

    <div class="box<?php echo $vtbg ?>">

        <div class="inbox">

            <div class="postleft">

                <dl>

                    <dt><strong><?php echo pun_htmlspecialchars($cur_post['poster']) ?></strong></dt>

                    <dd><?php echo format_time($cur_post['posted']) ?></dd>

                </dl>

            </div>

            <div class="postright">

                <div class="postmsg">

                    <?php echo $cur_post['message'] ?>

                </div>

            </div>

            <div class="clearer"></div>

        </div>

    </div>

<?php



    }



?>

</div>

<?php



}



require PUN_ROOT.'footer.php';

Re: Smartys come in,about guest flood protection.

OK, that looks right.
How about include/functions.php?

9

Re: Smartys come in,about guest flood protection.

include/functions.php

<?php



//

// Cookie stuff!

//

function check_cookie(&$pun_user)

{

    global $db, $pun_config, $cookie_name, $cookie_seed;



    $now = time();

    $expire = $now + 31536000;    // The cookie expires after a year



    // We assume it's a guest

    $cookie = array('user_id' => 1, 'password_hash' => 'Guest');



    // If a cookie is set, we get the user_id and password hash from it

    if (isset($_COOKIE[$cookie_name]))

        list($cookie['user_id'], $cookie['password_hash']) = @unserialize($_COOKIE[$cookie_name]);



    if ($cookie['user_id'] > 1)

    {

        // Check if there's a user with the user ID and password hash from the cookie

        $result = $db->query('SELECT u.*, g.*, o.logged, o.idle FROM '.$db->prefix.'users AS u INNER JOIN '.$db->prefix.'groups AS g ON u.group_id=g.g_id LEFT JOIN '.$db->prefix.'online AS o ON o.user_id=u.id WHERE u.id='.intval($cookie['user_id'])) or error('Unable to fetch user information', __FILE__, __LINE__, $db->error());

        $pun_user = $db->fetch_assoc($result);



        // If user authorisation failed

        if (!isset($pun_user['id']) || md5($cookie_seed.$pun_user['password']) !== $cookie['password_hash'])

        {

            pun_setcookie(0, random_pass(8), $expire);

            set_default_user();



            return;

        }



        // Set a default language if the user selected language no longer exists

        if (!@file_exists(PUN_ROOT.'lang/'.$pun_user['language']))

            $pun_user['language'] = $pun_config['o_default_lang'];



        // Set a default style if the user selected style no longer exists

        if (!@file_exists(PUN_ROOT.'style/'.$pun_user['style'].'.css'))

            $pun_user['style'] = $pun_config['o_default_style'];



        if (!$pun_user['disp_topics'])

            $pun_user['disp_topics'] = $pun_config['o_disp_topics_default'];

        if (!$pun_user['disp_posts'])

            $pun_user['disp_posts'] = $pun_config['o_disp_posts_default'];



        if ($pun_user['save_pass'] == '0')

            $expire = 0;



        // Define this if you want this visit to affect the online list and the users last visit data

        if (!defined('PUN_QUIET_VISIT'))

        {

            // Update the online list

            if (!$pun_user['logged'])

                $db->query('INSERT INTO '.$db->prefix.'online (user_id, ident, logged) VALUES('.$pun_user['id'].', \''.$db->escape($pun_user['username']).'\', '.$now.')') or error('Unable to insert into online list', __FILE__, __LINE__, $db->error());

            else

            {

                // Special case: We've timed out, but no other user has browsed the forums since we timed out

                if ($pun_user['logged'] < ($now-$pun_config['o_timeout_visit']))

                {

                    $db->query('UPDATE '.$db->prefix.'users SET last_visit='.$pun_user['logged'].' WHERE id='.$pun_user['id']) or error('Unable to update user visit data', __FILE__, __LINE__, $db->error());

                    $pun_user['last_visit'] = $pun_user['logged'];

                }



                $idle_sql = ($pun_user['idle'] == '1') ? ', idle=0' : '';

                $db->query('UPDATE '.$db->prefix.'online SET logged='.$now.$idle_sql.' WHERE user_id='.$pun_user['id']) or error('Unable to update online list', __FILE__, __LINE__, $db->error());

            }

        }



        $pun_user['is_guest'] = false;

    }

    else

        set_default_user();

}





//

// Fill $pun_user with default values (for guests)

//

function set_default_user()

{

    global $db, $pun_user, $pun_config;



    $remote_addr = get_remote_address();



    // Fetch guest user

    $result = $db->query('SELECT u.*, g.*, o.logged, o.last_post AS o_last_post FROM '.$db->prefix.'users AS u INNER JOIN '.$db->prefix.'groups AS g ON u.group_id=g.g_id LEFT JOIN '.$db->prefix.'online AS o ON o.ident=\''.$remote_addr.'\' WHERE u.id=1') or error('Unable to fetch guest information', __FILE__, __LINE__, $db->error());




    if (!$db->num_rows($result))

        exit('Unable to fetch guest information. The table \''.$db->prefix.'users\' must contain an entry with id = 1 that represents anonymous users.');



    $pun_user = $db->fetch_assoc($result);



    // Update online list

    if (!$pun_user['logged'])

        $db->query('INSERT INTO '.$db->prefix.'online (user_id, ident, logged) VALUES(1, \''.$db->escape($remote_addr).'\', '.time().')') or error('Unable to insert into online list', __FILE__, __LINE__, $db->error());

    else

        $db->query('UPDATE '.$db->prefix.'online SET logged='.time().' WHERE ident=\''.$db->escape($remote_addr).'\'') or error('Unable to update online list', __FILE__, __LINE__, $db->error());



    $pun_user['disp_topics'] = $pun_config['o_disp_topics_default'];

    $pun_user['disp_posts'] = $pun_config['o_disp_posts_default'];

    $pun_user['timezone'] = $pun_config['o_server_timezone'];

    $pun_user['language'] = $pun_config['o_default_lang'];

    $pun_user['style'] = $pun_config['o_default_style'];

    $pun_user['is_guest'] = true;

}





//

// Set a cookie, PunBB style!

//

function pun_setcookie($user_id, $password_hash, $expire)

{

    global $cookie_name, $cookie_path, $cookie_domain, $cookie_secure, $cookie_seed;



    // Enable sending of a P3P header by removing // from the following line (try this if login is failing in IE6)

//    @header('P3P: CP="CUR ADM"');



    if (version_compare(PHP_VERSION, '5.2.0', '>='))

        setcookie($cookie_name, serialize(array($user_id, md5($cookie_seed.$password_hash))), $expire, $cookie_path, $cookie_domain, $cookie_secure, true);

    else

        setcookie($cookie_name, serialize(array($user_id, md5($cookie_seed.$password_hash))), $expire, $cookie_path.'; HttpOnly', $cookie_domain, $cookie_secure);

}





//

// Check whether the connecting user is banned (and delete any expired bans while we're at it)

//

function check_bans()

{

    global $db, $pun_config, $lang_common, $pun_user, $pun_bans;



    // Admins aren't affected

    if ($pun_user['g_id'] == PUN_ADMIN || !$pun_bans)

        return;



    // Add a dot at the end of the IP address to prevent banned address 192.168.0.5 from matching e.g. 192.168.0.50

    $user_ip = get_remote_address().'.';

    $bans_altered = false;



    foreach ($pun_bans as $cur_ban)

    {

        // Has this ban expired?

        if ($cur_ban['expire'] != '' && $cur_ban['expire'] <= time())

        {

            $db->query('DELETE FROM '.$db->prefix.'bans WHERE id='.$cur_ban['id']) or error('Unable to delete expired ban', __FILE__, __LINE__, $db->error());

            $bans_altered = true;

            continue;

        }



        if ($cur_ban['username'] != '' && !strcasecmp($pun_user['username'], $cur_ban['username']))

        {

            $db->query('DELETE FROM '.$db->prefix.'online WHERE ident=\''.$db->escape($pun_user['username']).'\'') or error('Unable to delete from online list', __FILE__, __LINE__, $db->error());

            message($lang_common['Ban message'].' '.(($cur_ban['expire'] != '') ? $lang_common['Ban message 2'].' '.strtolower(format_time($cur_ban['expire'], true)).'. ' : '').(($cur_ban['message'] != '') ? $lang_common['Ban message 3'].'<br /><br /><strong>'.pun_htmlspecialchars($cur_ban['message']).'</strong><br /><br />' : '<br /><br />').$lang_common['Ban message 4'].' <a href="mailto:'.$pun_config['o_admin_email'].'">'.$pun_config['o_admin_email'].'</a>.', true);

        }



        if ($cur_ban['ip'] != '')

        {

            $cur_ban_ips = explode(' ', $cur_ban['ip']);



            for ($i = 0; $i < count($cur_ban_ips); ++$i)

            {

                $cur_ban_ips[$i] = $cur_ban_ips[$i].'.';



                if (substr($user_ip, 0, strlen($cur_ban_ips[$i])) == $cur_ban_ips[$i])

                {

                    $db->query('DELETE FROM '.$db->prefix.'online WHERE ident=\''.$db->escape($pun_user['username']).'\'') or error('Unable to delete from online list', __FILE__, __LINE__, $db->error());

                    message($lang_common['Ban message'].' '.(($cur_ban['expire'] != '') ? $lang_common['Ban message 2'].' '.strtolower(format_time($cur_ban['expire'], true)).'. ' : '').(($cur_ban['message'] != '') ? $lang_common['Ban message 3'].'<br /><br /><strong>'.pun_htmlspecialchars($cur_ban['message']).'</strong><br /><br />' : '<br /><br />').$lang_common['Ban message 4'].' <a href="mailto:'.$pun_config['o_admin_email'].'">'.$pun_config['o_admin_email'].'</a>.', true);

                }

            }

        }

    }



    // If we removed any expired bans during our run-through, we need to regenerate the bans cache

    if ($bans_altered)

    {

        require_once PUN_ROOT.'include/cache.php';

        generate_bans_cache();

    }

}





//

// Update "Users online"

//

function update_users_online()

{

    global $db, $pun_config, $pun_user;



    $now = time();



    // Fetch all online list entries that are older than "o_timeout_online"

    $result = $db->query('SELECT * FROM '.$db->prefix.'online WHERE logged<'.($now-$pun_config['o_timeout_online'])) or error('Unable to fetch old entries from online list', __FILE__, __LINE__, $db->error());

    while ($cur_user = $db->fetch_assoc($result))

    {

        // If the entry is a guest, delete it

        if ($cur_user['user_id'] == '1')

            $db->query('DELETE FROM '.$db->prefix.'online WHERE ident=\''.$db->escape($cur_user['ident']).'\'') or error('Unable to delete from online list', __FILE__, __LINE__, $db->error());

        else

        {

            // If the entry is older than "o_timeout_visit", update last_visit for the user in question, then delete him/her from the online list

            if ($cur_user['logged'] < ($now-$pun_config['o_timeout_visit']))

            {

                $db->query('UPDATE '.$db->prefix.'users SET last_visit='.$cur_user['logged'].' WHERE id='.$cur_user['user_id']) or error('Unable to update user visit data', __FILE__, __LINE__, $db->error());

                $db->query('DELETE FROM '.$db->prefix.'online WHERE user_id='.$cur_user['user_id']) or error('Unable to delete from online list', __FILE__, __LINE__, $db->error());

            }

            else if ($cur_user['idle'] == '0')

                $db->query('UPDATE '.$db->prefix.'online SET idle=1 WHERE user_id='.$cur_user['user_id']) or error('Unable to insert into online list', __FILE__, __LINE__, $db->error());

        }

    }

}





//

// Generate the "navigator" that appears at the top of every page

//

function generate_navlinks()

{

    global $pun_config, $lang_common, $pun_user;



    // Index and Userlist should always be displayed

    $links[] = '<li id="navindex"><a href="index.php">'.$lang_common['Index'].'</a>';



    if ($pun_config['o_rules'] == '1')

        $links[] = '<li id="navrules"><a href="misc.php?action=rules">'.$lang_common['Rules'].'</a>';



    if ($pun_user['is_guest'])

    {

        if ($pun_user['g_search'] == '1')

            $links[] = '<li id="navsearch"><a href="search.php">'.$lang_common['Search'].'</a>';



        $links[] = '<li id="navregister"><a href="register.php">'.$lang_common['Register'].'</a>';

        $links[] = '<li id="navlogin"><a href="login.php">'.$lang_common['Login'].'</a>';



        $info = $lang_common['Not logged in'];

    }

    else

    {

        if ($pun_user['g_id'] > PUN_MOD)

        {

            if ($pun_user['g_search'] == '1')

                $links[] = '<li id="navsearch"><a href="search.php">'.$lang_common['Search'].'</a>';



            $links[] = '<li id="navprofile"><a href="profile.php?id='.$pun_user['id'].'">'.$lang_common['Profile'].'</a>';

            $links[] = '<li id="navlogout"><a href="login.php?action=out&id='.$pun_user['id'].'">'.$lang_common['Logout'].'</a>';

        }

        else

        {

            $links[] = '<li id="navsearch"><a href="search.php">'.$lang_common['Search'].'</a>';

            $links[] = '<li id="navprofile"><a href="profile.php?id='.$pun_user['id'].'">'.$lang_common['Profile'].'</a>';

            $links[] = '<li id="navadmin"><a href="admin_index.php">'.$lang_common['Admin'].'</a>';

            $links[] = '<li id="navlogout"><a href="login.php?action=out&id='.$pun_user['id'].'">'.$lang_common['Logout'].'</a>';

        }

    }



    // Are there any additional navlinks we should insert into the array before imploding it?

    if ($pun_config['o_additional_navlinks'] != '')

    {

        if (preg_match_all('#([0-9]+)\s*=\s*(.*?)\n#s', $pun_config['o_additional_navlinks']."\n", $extra_links))

        {

            // Insert any additional links into the $links array (at the correct index)

            for ($i = 0; $i < count($extra_links[1]); ++$i)

                array_splice($links, $extra_links[1][$i], 0, array('<li id="navextra'.($i + 1).'">'.$extra_links[2][$i]));

        }

    }



    return '<ul>'."\n\t\t\t\t".implode($lang_common['Link separator'].'</li>'."\n\t\t\t\t", $links).'</li>'."\n\t\t\t".'</ul>';

}





//

// Display the profile navigation menu

//

function generate_profile_menu($page = '')

{

    global $lang_profile, $pun_config, $pun_user, $id;



?>

<div id="profile" class="block2col">

    <div class="blockmenu">

        <h2><span><?php echo $lang_profile['Profile menu'] ?></span></h2>

        <div class="box">

            <div class="inbox">

                <ul>

                    <li<?php if ($page == 'essentials') echo ' class="isactive"'; ?>><a href="profile.php?section=essentials&id=<?php echo $id ?>"><?php echo $lang_profile['Section essentials'] ?></a></li>

                    <li<?php if ($page == 'personal') echo ' class="isactive"'; ?>><a href="profile.php?section=personal&id=<?php echo $id ?>"><?php echo $lang_profile['Section personal'] ?></a></li>

                    <li<?php if ($page == 'messaging') echo ' class="isactive"'; ?>><a href="profile.php?section=messaging&id=<?php echo $id ?>"><?php echo $lang_profile['Section messaging'] ?></a></li>

                    <li<?php if ($page == 'personality') echo ' class="isactive"'; ?>><a href="profile.php?section=personality&id=<?php echo $id ?>"><?php echo $lang_profile['Section personality'] ?></a></li>

                    <li<?php if ($page == 'display') echo ' class="isactive"'; ?>><a href="profile.php?section=display&id=<?php echo $id ?>"><?php echo $lang_profile['Section display'] ?></a></li>

                    <li<?php if ($page == 'privacy') echo ' class="isactive"'; ?>><a href="profile.php?section=privacy&id=<?php echo $id ?>"><?php echo $lang_profile['Section privacy'] ?></a></li>

<?php if ($pun_user['g_id'] == PUN_ADMIN || ($pun_user['g_id'] == PUN_MOD && $pun_config['p_mod_ban_users'] == '1')): ?>                    <li<?php if ($page == 'admin') echo ' class="isactive"'; ?>><a href="profile.php?section=admin&id=<?php echo $id ?>"><?php echo $lang_profile['Section admin'] ?></a></li>

<?php endif; ?>                </ul>

            </div>

        </div>

    </div>

<?php



}





//

// Update posts, topics, last_post, last_post_id and last_poster for a forum (redirect topics are not included)

//

function update_forum($forum_id)

{

    global $db;



    $result = $db->query('SELECT COUNT(id), SUM(num_replies) FROM '.$db->prefix.'topics WHERE moved_to IS NULL AND forum_id='.$forum_id) or error('Unable to fetch forum topic count', __FILE__, __LINE__, $db->error());

    list($num_topics, $num_posts) = $db->fetch_row($result);



    $num_posts = $num_posts + $num_topics;        // $num_posts is only the sum of all replies (we have to add the topic posts)



    $result = $db->query('SELECT last_post, last_post_id, last_poster FROM '.$db->prefix.'topics WHERE forum_id='.$forum_id.' AND moved_to IS NULL ORDER BY last_post DESC LIMIT 1') or error('Unable to fetch last_post/last_post_id/last_poster', __FILE__, __LINE__, $db->error());

    if ($db->num_rows($result))        // There are topics in the forum

    {

        list($last_post, $last_post_id, $last_poster) = $db->fetch_row($result);



        $db->query('UPDATE '.$db->prefix.'forums SET num_topics='.$num_topics.', num_posts='.$num_posts.', last_post='.$last_post.', last_post_id='.$last_post_id.', last_poster=\''.$db->escape($last_poster).'\' WHERE id='.$forum_id) or error('Unable to update last_post/last_post_id/last_poster', __FILE__, __LINE__, $db->error());

    }

    else    // There are no topics

        $db->query('UPDATE '.$db->prefix.'forums SET num_topics=0, num_posts=0, last_post=NULL, last_post_id=NULL, last_poster=NULL WHERE id='.$forum_id) or error('Unable to update last_post/last_post_id/last_poster', __FILE__, __LINE__, $db->error());

}





//

// Delete a topic and all of it's posts

//

function delete_topic($topic_id)

{

    global $db;



    // Delete the topic and any redirect topics

    $db->query('DELETE FROM '.$db->prefix.'topics WHERE id='.$topic_id.' OR moved_to='.$topic_id) or error('Unable to delete topic', __FILE__, __LINE__, $db->error());



    // Create a list of the post ID's in this topic

    $post_ids = '';

    $result = $db->query('SELECT id FROM '.$db->prefix.'posts WHERE topic_id='.$topic_id) or error('Unable to fetch posts', __FILE__, __LINE__, $db->error());

    while ($row = $db->fetch_row($result))

        $post_ids .= ($post_ids != '') ? ','.$row[0] : $row[0];



    // Make sure we have a list of post ID's

    if ($post_ids != '')

    {

        strip_search_index($post_ids);



        // Delete posts in topic

        $db->query('DELETE FROM '.$db->prefix.'posts WHERE topic_id='.$topic_id) or error('Unable to delete posts', __FILE__, __LINE__, $db->error());

    }



    // Delete any subscriptions for this topic

    $db->query('DELETE FROM '.$db->prefix.'subscriptions WHERE topic_id='.$topic_id) or error('Unable to delete subscriptions', __FILE__, __LINE__, $db->error());

}





//

// Delete a single post

//

function delete_post($post_id, $topic_id)

{

    global $db;



    $result = $db->query('SELECT id, poster, posted FROM '.$db->prefix.'posts WHERE topic_id='.$topic_id.' ORDER BY id DESC LIMIT 2') or error('Unable to fetch post info', __FILE__, __LINE__, $db->error());

    list($last_id, ,) = $db->fetch_row($result);

    list($second_last_id, $second_poster, $second_posted) = $db->fetch_row($result);



    // Delete the post

    $db->query('DELETE FROM '.$db->prefix.'posts WHERE id='.$post_id) or error('Unable to delete post', __FILE__, __LINE__, $db->error());



    strip_search_index($post_id);



    // Count number of replies in the topic

    $result = $db->query('SELECT COUNT(id) FROM '.$db->prefix.'posts WHERE topic_id='.$topic_id) or error('Unable to fetch post count for topic', __FILE__, __LINE__, $db->error());

    $num_replies = $db->result($result, 0) - 1;



    // If the message we deleted is the most recent in the topic (at the end of the topic)

    if ($last_id == $post_id)

    {

        // If there is a $second_last_id there is more than 1 reply to the topic

        if (!empty($second_last_id))

            $db->query('UPDATE '.$db->prefix.'topics SET last_post='.$second_posted.', last_post_id='.$second_last_id.', last_poster=\''.$db->escape($second_poster).'\', num_replies='.$num_replies.' WHERE id='.$topic_id) or error('Unable to update topic', __FILE__, __LINE__, $db->error());

        else

            // We deleted the only reply, so now last_post/last_post_id/last_poster is posted/id/poster from the topic itself

            $db->query('UPDATE '.$db->prefix.'topics SET last_post=posted, last_post_id=id, last_poster=poster, num_replies='.$num_replies.' WHERE id='.$topic_id) or error('Unable to update topic', __FILE__, __LINE__, $db->error());

    }

    else

        // Otherwise we just decrement the reply counter

        $db->query('UPDATE '.$db->prefix.'topics SET num_replies='.$num_replies.' WHERE id='.$topic_id) or error('Unable to update topic', __FILE__, __LINE__, $db->error());

}





//

// Replace censored words in $text

//

function censor_words($text)

{

    global $db;

    static $search_for, $replace_with;



    // If not already built in a previous call, build an array of censor words and their replacement text

    if (!isset($search_for))

    {

        $result = $db->query('SELECT search_for, replace_with FROM '.$db->prefix.'censoring') or error('Unable to fetch censor word list', __FILE__, __LINE__, $db->error());

        $num_words = $db->num_rows($result);



        $search_for = array();

        for ($i = 0; $i < $num_words; ++$i)

        {

            list($search_for[$i], $replace_with[$i]) = $db->fetch_row($result);

            $search_for[$i] = '/\b('.str_replace('\*', '\w*?', preg_quote($search_for[$i], '/')).')\b/i';

        }

    }



    if (!empty($search_for))

        $text = substr(preg_replace($search_for, $replace_with, ' '.$text.' '), 1, -1);



    return $text;

}





//

// Determines the correct title for $user

// $user must contain the elements 'username', 'title', 'posts', 'g_id' and 'g_user_title'

//

function get_title($user)

{

    global $db, $pun_config, $pun_bans, $lang_common;

    static $ban_list, $pun_ranks;



    // If not already built in a previous call, build an array of lowercase banned usernames

    if (empty($ban_list))

    {

        $ban_list = array();



        foreach ($pun_bans as $cur_ban)

            $ban_list[] = strtolower($cur_ban['username']);

    }



    // If not already loaded in a previous call, load the cached ranks

    if ($pun_config['o_ranks'] == '1' && empty($pun_ranks))

    {

        @include PUN_ROOT.'cache/cache_ranks.php';

        if (!defined('PUN_RANKS_LOADED'))

        {

            require_once PUN_ROOT.'include/cache.php';

            generate_ranks_cache();

            require PUN_ROOT.'cache/cache_ranks.php';

        }

    }



    // If the user has a custom title

    if ($user['title'] != '')

        $user_title = pun_htmlspecialchars($user['title']);

    // If the user is banned

    else if (in_array(strtolower($user['username']), $ban_list))

        $user_title = $lang_common['Banned'];

    // If the user group has a default user title

    else if ($user['g_user_title'] != '')

        $user_title = pun_htmlspecialchars($user['g_user_title']);

    // If the user is a guest

    else if ($user['g_id'] == PUN_GUEST)

        $user_title = $lang_common['Guest'];

    else

    {

        // Are there any ranks?

        if ($pun_config['o_ranks'] == '1' && !empty($pun_ranks))

        {

            @reset($pun_ranks);

            while (list(, $cur_rank) = @each($pun_ranks))

            {

                if (intval($user['num_posts']) >= $cur_rank['min_posts'])

                    $user_title = pun_htmlspecialchars($cur_rank['rank']);

            }

        }



        // If the user didn't "reach" any rank (or if ranks are disabled), we assign the default

        if (!isset($user_title))

            $user_title = $lang_common['Member'];

    }



    return $user_title;

}





//

// Generate a string with numbered links (for multipage scripts)

//

function paginate($num_pages, $cur_page, $link_to)

{

    $pages = array();

    $link_to_all = false;

$nav_links = true;



    // If $cur_page == -1, we link to all pages (used in viewforum.php)

    if ($cur_page == -1)

    {

        $cur_page = 1;

        $link_to_all = true;

$nav_links = false;

    }



    if ($num_pages <= 1)

        $pages = array('<strong>1</strong>');

    else

    {

        if ($cur_page > 3)

        {

            $pages[] = '<a href="'.$link_to.'&p=1">1</a>';



            if ($cur_page != 4)

                $pages[] = '…';

        }



        // Don't ask me how the following works. It just does, OK? :-)

        for ($current = $cur_page - 2, $stop = $cur_page + 3; $current < $stop; ++$current)

        {

            if ($current < 1 || $current > $num_pages)

                continue;

            else if ($current != $cur_page || $link_to_all)

                $pages[] = '<a href="'.$link_to.'&p='.$current.'">'.$current.'</a>';

            else

                $pages[] = '<strong>'.$current.'</strong>';

        }



        if ($cur_page <= ($num_pages-3))

        {

            if ($cur_page != ($num_pages-3))

                $pages[] = '…';



            $pages[] = '<a href="'.$link_to.'&p='.$num_pages.'">'.$num_pages.'</a>';

        }

    }

if($nav_links)

{

    if($cur_page > 1){

        $back_page_number = $cur_page-1;

        $back_page = '<a href="'.$link_to.'&p='.$back_page_number.'">«--</a>';

        array_splice($pages, 0, 0, $back_page);

    }

    if($cur_page < $num_pages){

        $next_page_number =  $cur_page+1;

        $next_page = '<a href="'.$link_to.'&p='.$next_page_number.'">--»</a>';

        array_push($pages, $next_page);

    }

}

    return implode(' ', $pages);

}





//

// Display a message

//

function message($message, $no_back_link = false)

{

    global $db, $lang_common, $pun_config, $pun_start, $tpl_main;



    if (!defined('PUN_HEADER'))

    {

        global $pun_user;



        $page_title = pun_htmlspecialchars($pun_config['o_board_title']).' / '.$lang_common['Info'];

        require PUN_ROOT.'header.php';

    }



?>



<div id="msg" class="block">

    <h2><span><?php echo $lang_common['Info'] ?></span></h2>

    <div class="box">

        <div class="inbox">

        <p><?php echo $message ?></p>

<?php if (!$no_back_link): ?>        <p><a href="javascript: history.go(-1)"><?php echo $lang_common['Go back'] ?></a></p>

<?php endif; ?>        </div>

    </div>

</div>

<?php



    require PUN_ROOT.'footer.php';

}





//

// Format a time string according to $time_format and timezones

//

function format_time($timestamp, $date_only = false)

{

    global $pun_config, $lang_common, $pun_user;



    if ($timestamp == '')

        return $lang_common['Never'];



    $diff = ($pun_user['timezone'] - $pun_config['o_server_timezone']) * 3600;

    $timestamp += $diff;

    $now = time();



    $date = date($pun_config['o_date_format'], $timestamp);

    $today = date($pun_config['o_date_format'], $now+$diff);

    $yesterday = date($pun_config['o_date_format'], $now+$diff-86400);



    if ($date == $today)

        $date = $lang_common['Today'];

    else if ($date == $yesterday)

        $date = $lang_common['Yesterday'];



    if (!$date_only)

        return $date.' '.date($pun_config['o_time_format'], $timestamp);

    else

        return $date;

}





//

// If we are running pre PHP 4.3.0, we add our own implementation of file_get_contents

//

if (!function_exists('file_get_contents'))

{

    function file_get_contents($filename, $use_include_path = 0)

    {

        $data = '';



        if ($fh = fopen($filename, 'rb', $use_include_path))

        {

            $data = fread($fh, filesize($filename));

            fclose($fh);

        }



        return $data;

    }

}





//

// Make sure that HTTP_REFERER matches $pun_config['o_base_url']/$script

//

function confirm_referrer($script)

{

    global $pun_config, $lang_common;



    if (!preg_match('#^'.preg_quote(str_replace('www.', '', $pun_config['o_base_url']).'/'.$script, '#').'#i', str_replace('www.', '', (isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : ''))))

        message($lang_common['Bad referrer']);

}





//

// Generate a random password of length $len

//

function random_pass($len)

{

    $chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';



    $password = '';

    for ($i = 0; $i < $len; ++$i)

        $password .= substr($chars, (mt_rand() % strlen($chars)), 1);



    return $password;

}





//

// Compute a hash of $str

// Uses sha1() if available. If not, SHA1 through mhash() if available. If not, fall back on md5().

//

function pun_hash($str)

{

    if (function_exists('sha1'))    // Only in PHP 4.3.0+

        return sha1($str);

    else if (function_exists('mhash'))    // Only if Mhash library is loaded

        return bin2hex(mhash(MHASH_SHA1, $str));

    else

        return md5($str);

}





//

// Try to determine the correct remote IP-address

//

function get_remote_address()

{

    return $_SERVER['REMOTE_ADDR'];

}





//

// Equivalent to htmlspecialchars(), but allows &#[0-9]+ (for unicode)

//

function pun_htmlspecialchars($str)

{

    $str = preg_replace('/&(?!#[0-9]+;)/s', '&', $str);

    $str = str_replace(array('<', '>', '"'), array('<', '>', '"'), $str);



    return $str;

}





//

// Equivalent to strlen(), but counts &#[0-9]+ as one character (for unicode)

//

function pun_strlen($str)

{

    return strlen(preg_replace('/&#([0-9]+);/', '!', $str));

}





//

// Convert \r\n and \r to \n

//

function pun_linebreaks($str)

{

    return str_replace("\r", "\n", str_replace("\r\n", "\n", $str));

}





//

// A more aggressive version of trim()

//

function pun_trim($str)

{

    global $lang_common;



    if (strpos($lang_common['lang_encoding'], '8859') !== false)

    {

        $fishy_chars = array(chr(0x81), chr(0x8D), chr(0x8F), chr(0x90), chr(0x9D), chr(0xA0));

        return trim(str_replace($fishy_chars, ' ', $str));

    }

    else

        return trim($str);

}





//

// Display a message when board is in maintenance mode

//

function maintenance_message()

{

    global $db, $pun_config, $lang_common, $pun_user;



    // Deal with newlines, tabs and multiple spaces

    $pattern = array("\t", '  ', '  ');

    $replace = array('    ', '  ', '  ');

    $message = str_replace($pattern, $replace, $pun_config['o_maintenance_message']);





    // Load the maintenance template

    $tpl_maint = trim(file_get_contents(PUN_ROOT.'include/template/maintenance.tpl'));





    // START SUBST - <pun_content_direction>

    $tpl_maint = str_replace('<pun_content_direction>', $lang_common['lang_direction'], $tpl_maint);

    // END SUBST - <pun_content_direction>





    // START SUBST - <pun_char_encoding>

    $tpl_maint = str_replace('<pun_char_encoding>', $lang_common['lang_encoding'], $tpl_maint);

    // END SUBST - <pun_char_encoding>





    // START SUBST - <pun_head>

    ob_start();



?>

<title><?php echo pun_htmlspecialchars($pun_config['o_board_title']).' / '.$lang_common['Maintenance'] ?></title>

<link rel="stylesheet" type="text/css" href="style/<?php echo $pun_user['style'].'.css' ?>" />

<?php



    $tpl_temp = trim(ob_get_contents());

    $tpl_maint = str_replace('<pun_head>', $tpl_temp, $tpl_maint);

    ob_end_clean();

    // END SUBST - <pun_head>





    // START SUBST - <pun_maint_heading>

    $tpl_maint = str_replace('<pun_maint_heading>', $lang_common['Maintenance'], $tpl_maint);

    // END SUBST - <pun_maint_heading>





    // START SUBST - <pun_maint_message>

    $tpl_maint = str_replace('<pun_maint_message>', $message, $tpl_maint);

    // END SUBST - <pun_maint_message>





    // End the transaction

    $db->end_transaction();





    // START SUBST - <pun_include "*">

    while (preg_match('#<pun_include "([^/\\\\]*?)">#', $tpl_maint, $cur_include))

    {

        if (!file_exists(PUN_ROOT.'include/user/'.$cur_include[1]))

            error('Unable to process user include <pun_include "'.htmlspecialchars($cur_include[1]).'"> from template maintenance.tpl. There is no such file in folder /include/user/');



        ob_start();

        include PUN_ROOT.'include/user/'.$cur_include[1];

        $tpl_temp = ob_get_contents();

        $tpl_maint = str_replace($cur_include[0], $tpl_temp, $tpl_maint);

        ob_end_clean();

    }

    // END SUBST - <pun_include "*">





    // Close the db connection (and free up any result data)

    $db->close();



    exit($tpl_maint);

}





//

// Display $message and redirect user to $destination_url

//

function redirect($destination_url, $message)

{

    global $db, $pun_config, $lang_common, $pun_user;



    if ($destination_url == '')

        $destination_url = 'index.php';



    // If the delay is 0 seconds, we might as well skip the redirect all together

    if ($pun_config['o_redirect_delay'] == '0')

        header('Location: '.str_replace('&', '&', $destination_url));





    // Load the redirect template

    $tpl_redir = trim(file_get_contents(PUN_ROOT.'include/template/redirect.tpl'));





    // START SUBST - <pun_content_direction>

    $tpl_redir = str_replace('<pun_content_direction>', $lang_common['lang_direction'], $tpl_redir);

    // END SUBST - <pun_content_direction>





    // START SUBST - <pun_char_encoding>

    $tpl_redir = str_replace('<pun_char_encoding>', $lang_common['lang_encoding'], $tpl_redir);

    // END SUBST - <pun_char_encoding>





    // START SUBST - <pun_head>

    ob_start();



?>

<meta http-equiv="refresh" content="<?php echo $pun_config['o_redirect_delay'] ?>;URL=<?php echo str_replace(array('<', '>', '"'), array('<', '>', '"'), $destination_url) ?>" />

<title><?php echo pun_htmlspecialchars($pun_config['o_board_title']).' / '.$lang_common['Redirecting'] ?></title>

<link rel="stylesheet" type="text/css" href="style/<?php echo $pun_user['style'].'.css' ?>" />

<?php



    $tpl_temp = trim(ob_get_contents());

    $tpl_redir = str_replace('<pun_head>', $tpl_temp, $tpl_redir);

    ob_end_clean();

    // END SUBST - <pun_head>





    // START SUBST - <pun_redir_heading>

    $tpl_redir = str_replace('<pun_redir_heading>', $lang_common['Redirecting'], $tpl_redir);

    // END SUBST - <pun_redir_heading>





    // START SUBST - <pun_redir_text>

    $tpl_temp = $message.'<br /><br />'.'<a href="'.$destination_url.'">'.$lang_common['Click redirect'].'</a>';

    $tpl_redir = str_replace('<pun_redir_text>', $tpl_temp, $tpl_redir);

    // END SUBST - <pun_redir_text>





    // START SUBST - <pun_footer>

    ob_start();



    // End the transaction

    $db->end_transaction();



    // Display executed queries (if enabled)

    if (defined('PUN_SHOW_QUERIES'))

        display_saved_queries();



    $tpl_temp = trim(ob_get_contents());

    $tpl_redir = str_replace('<pun_footer>', $tpl_temp, $tpl_redir);

    ob_end_clean();

    // END SUBST - <pun_footer>





    // START SUBST - <pun_include "*">

    while (preg_match('#<pun_include "([^/\\\\]*?)">#', $tpl_redir, $cur_include))

    {

        if (!file_exists(PUN_ROOT.'include/user/'.$cur_include[1]))

            error('Unable to process user include <pun_include "'.htmlspecialchars($cur_include[1]).'"> from template redirect.tpl. There is no such file in folder /include/user/');



        ob_start();

        include PUN_ROOT.'include/user/'.$cur_include[1];

        $tpl_temp = ob_get_contents();

        $tpl_redir = str_replace($cur_include[0], $tpl_temp, $tpl_redir);

        ob_end_clean();

    }

    // END SUBST - <pun_include "*">





    // Close the db connection (and free up any result data)

    $db->close();



    exit($tpl_redir);

}





//

// Display a simple error message

//

function error($message, $file, $line, $db_error = false)

{

    global $pun_config;



    // Set a default title if the script failed before $pun_config could be populated

    if (empty($pun_config))

        $pun_config['o_board_title'] = 'PunBB';



    // Empty output buffer and stop buffering

    @ob_end_clean();



    // "Restart" output buffering if we are using ob_gzhandler (since the gzip header is already sent)

    if (!empty($pun_config['o_gzip']) && extension_loaded('zlib') && (strpos($_SERVER['HTTP_ACCEPT_ENCODING'], 'gzip') !== false || strpos($_SERVER['HTTP_ACCEPT_ENCODING'], 'deflate') !== false))

        ob_start('ob_gzhandler');



?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html dir="ltr">

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />

<title><?php echo pun_htmlspecialchars($pun_config['o_board_title']) ?> / Error</title>

<style type="text/css">

<!--

BODY {MARGIN: 10% 20% auto 20%; font: 10px Verdana, Arial, Helvetica, sans-serif}

#errorbox {BORDER: 1px solid #B84623}

H2 {MARGIN: 0; COLOR: #FFFFFF; BACKGROUND-COLOR: #B84623; FONT-SIZE: 1.1em; PADDING: 5px 4px}

#errorbox DIV {PADDING: 6px 5px; BACKGROUND-COLOR: #F1F1F1}

-->

</style>

</head>

<body>



<div id="errorbox">

    <h2>An error was encountered</h2>

    <div>

<?php



    if (defined('PUN_DEBUG'))

    {

        echo "\t\t".'<strong>File:</strong> '.$file.'<br />'."\n\t\t".'<strong>Line:</strong> '.$line.'<br /><br />'."\n\t\t".'<strong>PunBB reported</strong>: '.$message."\n";



        if ($db_error)

        {

            echo "\t\t".'<br /><br /><strong>Database reported:</strong> '.pun_htmlspecialchars($db_error['error_msg']).(($db_error['error_no']) ? ' (Errno: '.$db_error['error_no'].')' : '')."\n";



            if ($db_error['error_sql'] != '')

                echo "\t\t".'<br /><br /><strong>Failed query:</strong> '.pun_htmlspecialchars($db_error['error_sql'])."\n";

        }

    }

    else

        echo "\t\t".'Error: <strong>'.$message.'.</strong>'."\n";



?>

    </div>

</div>



</body>

</html>

<?php



    // If a database connection was established (before this error) we close it

    if ($db_error)

        $GLOBALS['db']->close();



    exit;

}



// DEBUG FUNCTIONS BELOW



//

// Display executed queries (if enabled)

//

function display_saved_queries()

{

    global $db, $lang_common;



    // Get the queries so that we can print them out

    $saved_queries = $db->get_saved_queries();



?>



<div id="debug" class="blocktable">

    <h2><span><?php echo $lang_common['Debug table'] ?></span></h2>

    <div class="box">

        <div class="inbox">

            <table cellspacing="0">

            <thead>

                <tr>

                    <th class="tcl" scope="col">Time (s)</th>

                    <th class="tcr" scope="col">Query</th>

                </tr>

            </thead>

            <tbody>

<?php



    $query_time_total = 0.0;

    while (list(, $cur_query) = @each($saved_queries))

    {

        $query_time_total += $cur_query[1];



?>

                <tr>

                    <td class="tcl"><?php echo ($cur_query[1] != 0) ? $cur_query[1] : ' ' ?></td>

                    <td class="tcr"><?php echo pun_htmlspecialchars($cur_query[0]) ?></td>

                </tr>

<?php



    }



?>

                <tr>

                    <td class="tcl" colspan="2">Total query time: <?php echo $query_time_total ?> s</td>

                </tr>

            </tbody>

            </table>

        </div>

    </div>

</div>

<?php



}





//

// Unset any variables instantiated as a result of register_globals being enabled

//

function unregister_globals()

{

    // Prevent script.php?GLOBALS[foo]=bar

    if (isset($_REQUEST['GLOBALS']) || isset($_FILES['GLOBALS']))

        exit('I\'ll have a steak sandwich and... a steak sandwich.');

    

    // Variables that shouldn't be unset

    $no_unset = array('GLOBALS', '_GET', '_POST', '_COOKIE', '_REQUEST', '_SERVER', '_ENV', '_FILES');



    // Remove elements in $GLOBALS that are present in any of the superglobals

    $input = array_merge($_GET, $_POST, $_COOKIE, $_SERVER, $_ENV, $_FILES, isset($_SESSION) && is_array($_SESSION) ? $_SESSION : array());

    foreach ($input as $k => $v)

    {

        if (!in_array($k, $no_unset) && isset($GLOBALS[$k]))

               {

            unset($GLOBALS[$k]);

                   unset($GLOBALS[$k]);    // Double unset to circumvent the zend_hash_del_key_or_index hole in PHP <4.4.3 and <5.1.4

               }

    }

}





//

// Dump contents of variable(s)

//

function dump()

{

    echo '<pre>';



    $num_args = func_num_args();



    for ($i = 0; $i < $num_args; ++$i)

    {

        print_r(func_get_arg($i));

        echo "\n\n";

    }



    echo '</pre>';

    exit;

}

10

Re: Smartys come in,about guest flood protection.

and i'm using punbb 1.2.14
is that effected?

Re: Smartys come in,about guest flood protection.

No, it shouldn't make a difference.