1 Reply by Peter

(8 replies, posted in Programming)

MattF, Smartys, quaker, thanks so much again! I should have described my problem more clearly.

MattF's latest solution looks very helpful. I'll take that, try some things and post the result when I have it. :-)

Edit: I've added the lines to register.php (and a line in lang_register):

    ...
        // Convert multiple whitespace characters into one (to prevent people from registering with indistinguishable usernames)
    $username = preg_replace('#\s+#s', ' ', $username);

    // block spammers with double names
    if (strtolower($firstname) == strtolower($surname)) { 
        message($lang_register['Double name spammer']);
        exit;
    }

    // Validate username and passwords ...

When I test signing up with the same name in firstname and surname, it gets through without problems. So if (strtolower($firstname) == strtolower($surname)) is ignored, it doesn't do anything.

Or did I put it in the wrong place?

I'll get back to this when I have more time...

Go to forum: Programming

2 Reply by Peter

(8 replies, posted in Programming)

No, that's useless, as useless as blocking individual IP numbers. They never use the same name.

I meant they always use the same "name" in my custom firstname and surname fields, so something like this: Brezwkljklj Brezwkljklj

That should make them relatively easy to filter out. I'm asking for suggestions what the PHP for that would look like:

if firstname=surname, then insert nothing in the database and redirect to 'Succes, now get lost!'

Go to forum: Programming

3 Topic by Peter

(8 replies, posted in Programming)

I use a modified version of PunBB as my central registration system. I have an increasing problem with spammers signing up.

Spammers (almost) always sign up using the same "name" in my custom firstname and surname fields. It should be easy to check for that and discard those registrations, even without letting whoever's trying to register know that it didn't go through.

Any suggestions how to do that?

Any other suggestions how to block this type of spammer? Would more required custom sign-up fields make any difference?

I've already added a math captcha...

I'm not a real php programmer. I copy/paste php code and know some basics. I'm getting better at it, but can't write scripts from scratch. Any suggestions are very much appreciated!

Go to forum: Programming

4 Reply by Peter

(20 replies, posted in PunBB 1.2 troubleshooting)

I see three mentions of smtp in the database:

o_smtp_host
o_smtp_user
o_smtp_pass

Should it work if I fill in those values? Or should I change anything else in the database as well?

Edit: I've added the smtp information, but I still get that same system address in the email source.

MattF wrote:

I wouldn't spend too much time trying to make them filter friendly. You'll find the likes of Yahoo/Gmail/AOL/Hotmail are a law unto themselves regarding what they term as spam. You will most likely fail to get most of them through. big_smile

So what's the solution? I have too many 3200's in my database. I don't get it...

Go to forum: PunBB 1.2 troubleshooting

5 Reply by Peter

(20 replies, posted in PunBB 1.2 troubleshooting)

In the admin options panel, the smtp server settings. If those are left empty, the forum will default to using the local mail pickup. The envelope sender address then becomes whatever the system or httpd username is.

My admin panel has gone the way of the dodo... :-(

Where in the database are these SMTP settings supposed to end up? Or can I change the PHP code somewhere?

And how can I remove the word 'Mailer' from the confirmation email? I suspect that word could contribute to higher spam ratings in bayesian filters.

Go to forum: PunBB 1.2 troubleshooting

6 Reply by Peter

(20 replies, posted in PunBB 1.2 troubleshooting)

MattF wrote:

You're using local mail delivery then, rather than smtp.

How/where would I change that?

I can never wrap my head around the email stuff... :-(

(BTW, I've added a link to my site to my profile.)

Go to forum: PunBB 1.2 troubleshooting

7 Reply by Peter

(20 replies, posted in PunBB 1.2 troubleshooting)

OK, I checked o_webmaster_email and it has the correct email address. So that's not where return-path (envelope-from etc.) get the email address from.

Go to forum: PunBB 1.2 troubleshooting

8 Reply by Peter

(20 replies, posted in PunBB 1.2 troubleshooting)

elbekko wrote:

You'll have to either set the webmaster email in the admin panel, or create the email address in your hosting config.

Thanks.

Do you know where in MySQL the webmaster email is supposed to end up? I've destroyed my admin panel after heavy customization... :-(

I've already created many email addresses in my hosting configuration. How can I connect one of them to return-path etc. for PunBB registration? (I've sent my hosting provider the same question.)

BTW, the From: line is fine. That's something like From:  "MyWebsite Mailer" <peter@mywebsite.com>

Or could the word 'Mailer' ruin it? Where in the code can I remove that word?

Go to forum: PunBB 1.2 troubleshooting

9 Reply by Peter

(20 replies, posted in PunBB 1.2 troubleshooting)

The return-path (envelope-from etc.) on the emails is something like this:

myaccount@box555.bluehost.com

I can imagine that is causing problems with some spam filters.

Where can I fix that? In the server email settings? In PunBB code somewhere? A field in MySQL?

Go to forum: PunBB 1.2 troubleshooting

10 Reply by Peter

(20 replies, posted in PunBB 1.2 troubleshooting)

I think a large percentage of my verification emails end up in spam filters, because I have a lot of 32000's in my member database and people complaining they can't sign up.

Why are these emails mistaken for spam? How can I guarantee they get passed spam filters?

Go to forum: PunBB 1.2 troubleshooting

11 Reply by Peter

(4 replies, posted in PunBB 1.2 troubleshooting)

Has this been added now? I really need to add something like this to my forum, which is a business networking type forum.

I need to prevent multi-level marketers and Nigerian scammers from signing up as users. Any suggestions?

I've just started looking into this. An approval queu (with optional email alerts to the admin) would be best.

Go to forum: PunBB 1.2 troubleshooting

12 Reply by Peter

(9 replies, posted in PunBB 1.2 modifications, plugins and integrations)

Smartys wrote:

Just confirmed that it's still spitting out firstname, not username.

Damn. Apologies! Probably had CuteFTP in View instead of Edit again. Dumb.

It works again. So I have to be more careful replacing username with firstname etc. I did have to make some edits, because obviously I don't want email addresses showing up on the site.

Thanks!

Fixing the copyrights now...

Go to forum: PunBB 1.2 modifications, plugins and integrations

13 Reply by Peter

(9 replies, posted in PunBB 1.2 modifications, plugins and integrations)

Smartys wrote:

I'm going to pretend I didn't just notice that you removed the copyright from the code itself, which is illegal smile
The issue, as you guessed, is that you're mixing the username and the email. In the form, this line is wrong:

<input type="hidden" name="form_user" value="<? echo (!$pun_user['is_guest']) ? pun_htmlspecialchars($pun_user['firstname']) : 'Guest'; ?>" />

you shouldn't be using firstname, but username.

OK, I'll put the copyright back in. I took a lot of stuff out, mostly to reduce distractions in trying to customize and figure out how everything works.

I've changed firstname back to username. It has no effect. I get the same bad request error.

Go to forum: PunBB 1.2 modifications, plugins and integrations

14 Reply by Peter

(9 replies, posted in PunBB 1.2 modifications, plugins and integrations)

Smartys wrote:

Paste a copy of your post.php?

<?

define('PUN_ROOT', './');
require PUN_ROOT.'include/common.php';


if ($pun_user['g_read_board'] == '0')
    message($lang_common['No view']);


$tid = isset($_GET['tid']) ? intval($_GET['tid']) : 0;
$fid = isset($_GET['fid']) ? intval($_GET['fid']) : 0;
if ($tid < 1 && $fid < 1 || $tid > 0 && $fid > 0)
    message($lang_common['Bad request']);

// Fetch some info about the topic and/or the forum
if ($tid)
    $result = $db->query('SELECT f.id, f.forum_name, f.moderators, f.redirect_url, fp.post_replies, fp.post_topics, t.subject, t.closed FROM '.$db->prefix.'topics AS t INNER JOIN '.$db->prefix.'forums AS f ON f.id=t.forum_id LEFT JOIN '.$db->prefix.'forum_perms AS fp ON (fp.forum_id=f.id AND fp.group_id='.$pun_user['g_id'].') WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND t.id='.$tid) or error('Unable to fetch forum info', __FILE__, __LINE__, $db->error());
else
    $result = $db->query('SELECT f.id, f.forum_name, f.moderators, f.redirect_url, fp.post_replies, fp.post_topics FROM '.$db->prefix.'forums AS f LEFT JOIN '.$db->prefix.'forum_perms AS fp ON (fp.forum_id=f.id AND fp.group_id='.$pun_user['g_id'].') WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND f.id='.$fid) or error('Unable to fetch forum info', __FILE__, __LINE__, $db->error());

if (!$db->num_rows($result))
    message($lang_common['Bad request']);

$cur_posting = $db->fetch_assoc($result);

// Is someone trying to post into a redirect forum?
if ($cur_posting['redirect_url'] != '')
    message($lang_common['Bad request']);

// Sort out who the moderators are and if we are currently a moderator (or an admin)
$mods_array = ($cur_posting['moderators'] != '') ? unserialize($cur_posting['moderators']) : array();
$is_admmod = ($pun_user['g_id'] == PUN_ADMIN || ($pun_user['g_id'] == PUN_MOD && array_key_exists($pun_user['username'], $mods_array))) ? true : false;

// Do we have permission to post?
if ((($tid && (($cur_posting['post_replies'] == '' && $pun_user['g_post_replies'] == '0') || $cur_posting['post_replies'] == '0')) ||
    ($fid && (($cur_posting['post_topics'] == '' && $pun_user['g_post_topics'] == '0') || $cur_posting['post_topics'] == '0')) ||
    (isset($cur_posting['closed']) && $cur_posting['closed'] == '1')) &&
    !$is_admmod)
    message($lang_common['No permission']);

// Load the post.php language file
require PUN_ROOT.'lang/'.$pun_user['language'].'/post.php';

// Start with a clean slate
$errors = array();


// Did someone just hit "Submit" or "Preview"?
if (isset($_POST['form_sent']))
{
    // Make sure form_user is correct
    if (($pun_user['is_guest'] && $_POST['form_user'] != 'Guest') || (!$pun_user['is_guest'] && $_POST['form_user'] != $pun_user['username']))
        message($lang_common['Bad request']);

    // Flood protection
    if (!$pun_user['is_guest'] && !isset($_POST['preview']) && $pun_user['last_post'] != '' && (time() - $pun_user['last_post']) < $pun_user['g_post_flood'])
        $errors[] = $lang_post['Flood start'].' '.$pun_user['g_post_flood'].' '.$lang_post['flood end'];

    // If it's a new topic
    if ($fid)
    {
        $subject = pun_trim($_POST['req_subject']);

        if ($subject == '')
            $errors[] = $lang_post['No subject'];
        else if (pun_strlen($subject) > 70)
            $errors[] = $lang_post['Too long subject'];
        else if ($pun_config['p_subject_all_caps'] == '0' && strtoupper($subject) == $subject && $pun_user['g_id'] > PUN_MOD)
            $subject = ucwords(strtolower($subject));
    }

    // If the user is logged in we get the username and e-mail from $pun_user
    if (!$pun_user['is_guest'])
    {
        $username = $pun_user['username'];
        $email = $pun_user['email'];
    }
    // Otherwise it should be in $_POST
    else
    {
        $username = trim($_POST['req_username']);
        $email = strtolower(trim(($pun_config['p_force_guest_email'] == '1') ? $_POST['req_email'] : $_POST['email']));

        // Load the register.php/profile.php language files
        require PUN_ROOT.'lang/'.$pun_user['language'].'/prof_reg.php';
        require PUN_ROOT.'lang/'.$pun_user['language'].'/register.php';

        // It's a guest, so we have to validate the username
        if (strlen($username) < 2)
            $errors[] = $lang_prof_reg['Username too short'];
        else if (!strcasecmp($username, 'Guest') || !strcasecmp($username, $lang_common['Guest']))
            $errors[] = $lang_prof_reg['Username guest'];
        else if (preg_match('/[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/', $username))
            $errors[] = $lang_prof_reg['Username IP'];

        if ((strpos($username, '[') !== false || strpos($username, ']') !== false) && strpos($username, '\'') !== false && strpos($username, '"') !== false)
            $errors[] = $lang_prof_reg['Username reserved chars'];
        if (preg_match('#\[b\]|\[/b\]|\[u\]|\[/u\]|\[i\]|\[/i\]|\[color|\[/color\]|\[quote\]|\[quote=|\[/quote\]|\[code\]|\[/code\]|\[img\]|\[/img\]|\[url|\[/url\]|\[email|\[/email\]#i', $username))
            $errors[] = $lang_prof_reg['Username BBCode'];

        // Check username for any censored words
        $temp = censor_words($username);
        if ($temp != $username)
            $errors[] = $lang_register['Username censor'];

        // Check that the username (or a too similar username) is not already registered
        $result = $db->query('SELECT username FROM members WHERE (username=\''.$db->escape($username).'\' OR username=\''.$db->escape(preg_replace('/[^\w]/', '', $username)).'\') AND id>1') or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());
        if ($db->num_rows($result))
        {
            $busy = $db->result($result);
            $errors[] = $lang_register['Username dupe 1'].' '.pun_htmlspecialchars($busy).'. '.$lang_register['Username dupe 2'];
        }

        if ($pun_config['p_force_guest_email'] == '1' || $email != '')
        {
            require PUN_ROOT.'include/email.php';
            if (!is_valid_email($email))
                $errors[] = $lang_common['Invalid e-mail'];
        }
    }

    // Clean up message from POST
    $message = pun_linebreaks(pun_trim($_POST['req_message']));

    if ($message == '')
        $errors[] = $lang_post['No message'];
    else if (strlen($message) > 65535)
        $errors[] = $lang_post['Too long message'];
    else if ($pun_config['p_message_all_caps'] == '0' && strtoupper($message) == $message && $pun_user['g_id'] > PUN_MOD)
        $message = ucwords(strtolower($message));

    // Validate BBCode syntax
    if ($pun_config['p_message_bbcode'] == '1' && strpos($message, '[') !== false && strpos($message, ']') !== false)
    {
        require PUN_ROOT.'include/parser.php';
        $message = preparse_bbcode($message, $errors);
    }


    require PUN_ROOT.'include/search_idx.php';

    $hide_smilies = isset($_POST['hide_smilies']) ? 1 : 0;
    $subscribe = isset($_POST['subscribe']) ? 1 : 0;

    $now = time();

    // Did everything go according to plan?
    if (empty($errors) && !isset($_POST['preview']))
    {
        // If it's a reply
        if ($tid)
        {
            if (!$pun_user['is_guest'])
            {
                // Insert the new post
                $db->query('INSERT INTO '.$db->prefix.'posts (poster, poster_id, poster_ip, message, hide_smilies, posted, topic_id) VALUES(\''.$db->escape($username).'\', '.$pun_user['id'].', \''.get_remote_address().'\', \''.$db->escape($message).'\', \''.$hide_smilies.'\', '.$now.', '.$tid.')') or error('Unable to create post', __FILE__, __LINE__, $db->error());
                $new_pid = $db->insert_id();

                // To subscribe or not to subscribe, that ...
                if ($pun_config['o_subscriptions'] == '1' && $subscribe)
                {
                    $result = $db->query('SELECT 1 FROM '.$db->prefix.'subscriptions WHERE user_id='.$pun_user['id'].' AND topic_id='.$tid) or error('Unable to fetch subscription info', __FILE__, __LINE__, $db->error());
                    if (!$db->num_rows($result))
                        $db->query('INSERT INTO '.$db->prefix.'subscriptions (user_id, topic_id) VALUES('.$pun_user['id'].' ,'.$tid.')') or error('Unable to add subscription', __FILE__, __LINE__, $db->error());
                }
            }
            else
            {
                // It's a guest. Insert the new post
                $email_sql = ($pun_config['p_force_guest_email'] == '1' || $email != '') ? '\''.$email.'\'' : 'NULL';
                $db->query('INSERT INTO '.$db->prefix.'posts (poster, poster_ip, poster_email, message, hide_smilies, posted, topic_id) VALUES(\''.$db->escape($username).'\', \''.get_remote_address().'\', '.$email_sql.', \''.$db->escape($message).'\', \''.$hide_smilies.'\', '.$now.', '.$tid.')') or error('Unable to create post', __FILE__, __LINE__, $db->error());
                $new_pid = $db->insert_id();
            }

            // Count number of replies in the topic
            $result = $db->query('SELECT COUNT(id) FROM '.$db->prefix.'posts WHERE topic_id='.$tid) or error('Unable to fetch post count for topic', __FILE__, __LINE__, $db->error());
            $num_replies = $db->result($result, 0) - 1;

            // Update topic
            $db->query('UPDATE '.$db->prefix.'topics SET num_replies='.$num_replies.', last_post='.$now.', last_post_id='.$new_pid.', last_poster=\''.$db->escape($username).'\' WHERE id='.$tid) or error('Unable to update topic', __FILE__, __LINE__, $db->error());

            update_search_index('post', $new_pid, $message);

            update_forum($cur_posting['id']);

            // Should we send out notifications?
            if ($pun_config['o_subscriptions'] == '1')
            {
                // Get the post time for the previous post in this topic
                $result = $db->query('SELECT posted FROM '.$db->prefix.'posts WHERE topic_id='.$tid.' ORDER BY id DESC LIMIT 1, 1') or error('Unable to fetch post info', __FILE__, __LINE__, $db->error());
                $previous_post_time = $db->result($result);

                // Get any subscribed users that should be notified (banned users are excluded)
                $result = $db->query('SELECT u.id, u.email, u.notify_with_post, u.language FROM members AS u INNER JOIN '.$db->prefix.'subscriptions AS s ON u.id=s.user_id LEFT JOIN '.$db->prefix.'forum_perms AS fp ON (fp.forum_id='.$cur_posting['id'].' AND fp.group_id=u.group_id) LEFT JOIN '.$db->prefix.'online AS o ON u.id=o.user_id LEFT JOIN '.$db->prefix.'bans AS b ON u.username=b.username WHERE b.username IS NULL AND COALESCE(o.logged, u.last_visit)>'.$previous_post_time.' AND (fp.read_forum IS NULL OR fp.read_forum=1) AND s.topic_id='.$tid.' AND u.id!='.intval($pun_user['id'])) or error('Unable to fetch subscription info', __FILE__, __LINE__, $db->error());
                if ($db->num_rows($result))
                {
                    require_once PUN_ROOT.'include/email.php';

                    $notification_emails = array();

                    // Loop through subscribed users and send e-mails
                    while ($cur_subscriber = $db->fetch_assoc($result))
                    {
                        // Is the subscription e-mail for $cur_subscriber['language'] cached or not?
                        if (!isset($notification_emails[$cur_subscriber['language']]))
                        {
                            if (file_exists(PUN_ROOT.'lang/'.$cur_subscriber['language'].'/mail_templates/new_reply.tpl'))
                            {
                                // Load the "new reply" template
                                $mail_tpl = trim(file_get_contents(PUN_ROOT.'lang/'.$cur_subscriber['language'].'/mail_templates/new_reply.tpl'));

                                // Load the "new reply full" template (with post included)
                                $mail_tpl_full = trim(file_get_contents(PUN_ROOT.'lang/'.$cur_subscriber['language'].'/mail_templates/new_reply_full.tpl'));

                                // The first row contains the subject (it also starts with "Subject:")
                                $first_crlf = strpos($mail_tpl, "\n");
                                $mail_subject = trim(substr($mail_tpl, 8, $first_crlf-8));
                                $mail_message = trim(substr($mail_tpl, $first_crlf));

                                $first_crlf = strpos($mail_tpl_full, "\n");
                                $mail_subject_full = trim(substr($mail_tpl_full, 8, $first_crlf-8));
                                $mail_message_full = trim(substr($mail_tpl_full, $first_crlf));

                                $mail_subject = str_replace('<topic_subject>', '\''.$cur_posting['subject'].'\'', $mail_subject);
                                $mail_message = str_replace('<topic_subject>', '\''.$cur_posting['subject'].'\'', $mail_message);
                                $mail_message = str_replace('<replier>', $username, $mail_message);
                                $mail_message = str_replace('<post_url>', $pun_config['o_base_url'].'/viewtopic.php?pid='.$new_pid.'#p'.$new_pid, $mail_message);
                                $mail_message = str_replace('<unsubscribe_url>', $pun_config['o_base_url'].'/misc.php?unsubscribe='.$tid, $mail_message);
                                $mail_message = str_replace('<board_mailer>', $pun_config['o_board_title'].' '.$lang_common['Mailer'], $mail_message);

                                $mail_subject_full = str_replace('<topic_subject>', '\''.$cur_posting['subject'].'\'', $mail_subject_full);
                                $mail_message_full = str_replace('<topic_subject>', '\''.$cur_posting['subject'].'\'', $mail_message_full);
                                $mail_message_full = str_replace('<replier>', $username, $mail_message_full);
                                $mail_message_full = str_replace('<message>', $message, $mail_message_full);
                                $mail_message_full = str_replace('<post_url>', $pun_config['o_base_url'].'/viewtopic.php?pid='.$new_pid.'#p'.$new_pid, $mail_message_full);
                                $mail_message_full = str_replace('<unsubscribe_url>', $pun_config['o_base_url'].'/misc.php?unsubscribe='.$tid, $mail_message_full);
                                $mail_message_full = str_replace('<board_mailer>', $pun_config['o_board_title'].' '.$lang_common['Mailer'], $mail_message_full);

                                $notification_emails[$cur_subscriber['language']][0] = $mail_subject;
                                $notification_emails[$cur_subscriber['language']][1] = $mail_message;
                                $notification_emails[$cur_subscriber['language']][2] = $mail_subject_full;
                                $notification_emails[$cur_subscriber['language']][3] = $mail_message_full;

                                $mail_subject = $mail_message = $mail_subject_full = $mail_message_full = null;
                            }
                        }

                        // We have to double check here because the templates could be missing
                        if (isset($notification_emails[$cur_subscriber['language']]))
                        {
                            if ($cur_subscriber['notify_with_post'] == '0')
                                pun_mail($cur_subscriber['email'], $notification_emails[$cur_subscriber['language']][0], $notification_emails[$cur_subscriber['language']][1]);
                            else
                                pun_mail($cur_subscriber['email'], $notification_emails[$cur_subscriber['language']][2], $notification_emails[$cur_subscriber['language']][3]);
                        }
                    }
                }
            }
        }
        // If it's a new topic
        else if ($fid)
        {
            // Create the topic
            $db->query('INSERT INTO '.$db->prefix.'topics (poster, subject, posted, last_post, last_poster, forum_id) VALUES(\''.$db->escape($username).'\', \''.$db->escape($subject).'\', '.$now.', '.$now.', \''.$db->escape($username).'\', '.$fid.')') or error('Unable to create topic', __FILE__, __LINE__, $db->error());
            $new_tid = $db->insert_id();

            if (!$pun_user['is_guest'])
            {
                // To subscribe or not to subscribe, that ...
                if ($pun_config['o_subscriptions'] == '1' && (isset($_POST['subscribe']) && $_POST['subscribe'] == '1'))
                    $db->query('INSERT INTO '.$db->prefix.'subscriptions (user_id, topic_id) VALUES('.$pun_user['id'].' ,'.$new_tid.')') or error('Unable to add subscription', __FILE__, __LINE__, $db->error());

                // Create the post ("topic post")
                $db->query('INSERT INTO '.$db->prefix.'posts (poster, poster_id, poster_ip, message, hide_smilies, posted, topic_id) VALUES(\''.$db->escape($username).'\', '.$pun_user['id'].', \''.get_remote_address().'\', \''.$db->escape($message).'\', \''.$hide_smilies.'\', '.$now.', '.$new_tid.')') or error('Unable to create post', __FILE__, __LINE__, $db->error());
            }
            else
            {
                // Create the post ("topic post")
                $email_sql = ($pun_config['p_force_guest_email'] == '1' || $email != '') ? '\''.$email.'\'' : 'NULL';
                $db->query('INSERT INTO '.$db->prefix.'posts (poster, poster_ip, poster_email, message, hide_smilies, posted, topic_id) VALUES(\''.$db->escape($username).'\', \''.get_remote_address().'\', '.$email_sql.', \''.$db->escape($message).'\', \''.$hide_smilies.'\', '.$now.', '.$new_tid.')') or error('Unable to create post', __FILE__, __LINE__, $db->error());
            }
            $new_pid = $db->insert_id();

            // Update the topic with last_post_id
            $db->query('UPDATE '.$db->prefix.'topics SET last_post_id='.$new_pid.' WHERE id='.$new_tid) or error('Unable to update topic', __FILE__, __LINE__, $db->error());

            update_search_index('post', $new_pid, $message, $subject);

            update_forum($fid);
        }

        // If the posting user is logged in, increment his/her post count
        if (!$pun_user['is_guest'])
        {
            $low_prio = ($db_type == 'mysql') ? 'LOW_PRIORITY ' : '';
            $db->query('UPDATE '.$low_prio.$db->prefix.'users SET num_posts=num_posts+1, last_post='.$now.' WHERE id='.$pun_user['id']) or error('Unable to update user', __FILE__, __LINE__, $db->error());
        }

        redirect('viewtopic.php?pid='.$new_pid.'#p'.$new_pid, $lang_post['Post redirect']);
    }
}


// If a topic id was specified in the url (it's a reply).
if ($tid)
{
    $action = $lang_post['Post a reply'];
    $form = '<form id="post" method="post" action="post.php?action=post&tid='.$tid.'" onsubmit="this.submit.disabled=true;if(process_form(this)){return true;}else{this.submit.disabled=false;return false;}">';

    // If a quote-id was specified in the url.
    if (isset($_GET['qid']))
    {
        $qid = intval($_GET['qid']);
        if ($qid < 1)
            message($lang_common['Bad request']);

        $result = $db->query('SELECT poster, message FROM '.$db->prefix.'posts WHERE id='.$qid.' AND topic_id='.$tid) or error('Unable to fetch quote info', __FILE__, __LINE__, $db->error());
        if (!$db->num_rows($result))
            message($lang_common['Bad request']);

        list($q_poster, $q_message) = $db->fetch_row($result);

        $q_message = str_replace('[img]', '[url]', $q_message);
        $q_message = str_replace('[/img]', '[/url]', $q_message);
        $q_message = pun_htmlspecialchars($q_message);

        if ($pun_config['p_message_bbcode'] == '1')
        {
            // If username contains a square bracket, we add "" or '' around it (so we know when it starts and ends)
            if (strpos($q_poster, '[') !== false || strpos($q_poster, ']') !== false)
            {
                if (strpos($q_poster, '\'') !== false)
                    $q_poster = '"'.$q_poster.'"';
                else
                    $q_poster = '\''.$q_poster.'\'';
            }
            else
            {
                // Get the characters at the start and end of $q_poster
                $ends = substr($q_poster, 0, 1).substr($q_poster, -1, 1);

                // Deal with quoting "Username" or 'Username' (becomes '"Username"' or "'Username'")
                if ($ends == '\'\'')
                    $q_poster = '"'.$q_poster.'"';
                else if ($ends == '""')
                    $q_poster = '\''.$q_poster.'\'';
            }

            $quote = '[quote='.$q_poster.']'.$q_message.'[/quote]
'."\n";
        }
        else
            $quote = '> '.$q_poster.' '.$lang_common['wrote'].':'."\n\n".'> '.$q_message."\n";
    }

    $forum_name = '<a href="viewforum.php?id='.$cur_posting['id'].'">'.pun_htmlspecialchars($cur_posting['forum_name']).'</a>';
}
// If a forum_id was specified in the url (new topic).
else if ($fid)
{
    $action = $lang_post['Post new topic'];
    $form = '<form id="post" method="post" action="post.php?action=post&fid='.$fid.'" onsubmit="return process_form(this)">';

    $forum_name = pun_htmlspecialchars($cur_posting['forum_name']);
}
else
    message($lang_common['Bad request']);


$page_title = pun_htmlspecialchars($pun_config['o_board_title']).' | '.$action;
$required_fields = array('req_email' => $lang_common['E-mail'], 'req_subject' => $lang_common['Subject'], 'req_message' => $lang_common['Message']);
$focus_element = array('post');

if (!$pun_user['is_guest'])
    $focus_element[] = ($fid) ? 'req_subject' : 'req_message';
else
{
    $required_fields['req_username'] = $lang_post['Guest name'];
    $focus_element[] = 'req_username';
}

require PUN_ROOT.'header.php';

?>
<div class="leftbar">

</div>
<div class="forumarea">
        <ul><li><a href="index.php"><? echo $lang_common['Index'] ?></a></li><li> » <? echo $forum_name ?><? if (isset($cur_posting['subject'])) echo '</li><li> » '.pun_htmlspecialchars($cur_posting['subject']) ?></li></ul>
<?

// If there are errors, we display them
if (!empty($errors))
{

?>
<h2><? echo $lang_post['Post errors'] ?></h2>
<p><? echo $lang_post['Post errors info'] ?></p>
<ul>
<?

    while (list(, $cur_error) = each($errors))
        echo "\t\t\t\t".'<li><strong>'.$cur_error.'</strong></li>'."\n";
?>
</ul>

<?

}
else if (isset($_POST['preview']))
{
    require_once PUN_ROOT.'include/parser.php';
    $preview_message = parse_message($message, $hide_smilies);

?>
<h2><? echo $lang_post['Post preview'] ?></h2>
<? echo $preview_message."\n" ?>

<?

}


$cur_index = 1;

?>
<h2><? echo $action ?></h2>
<? echo $form."\n" ?>
<? echo $lang_common['Write message legend'] ?>
<div>
<input type="hidden" name="form_sent" value="1" />
<input type="hidden" name="form_user" value="<? echo (!$pun_user['is_guest']) ? pun_htmlspecialchars($pun_user['firstname']) : 'Guest'; ?>" />
<?

if ($pun_user['is_guest'])
{
    $email_label = ($pun_config['p_force_guest_email'] == '1') ? '<strong>'.$lang_common['E-mail'].'</strong>' : $lang_common['E-mail'];
    $email_form_name = ($pun_config['p_force_guest_email'] == '1') ? 'req_email' : 'email';

?>
<strong><? echo $lang_post['Guest name'] ?></strong><br /><input type="text" name="req_username" value="<? if (isset($_POST['req_username'])) echo pun_htmlspecialchars($username); ?>" size="25" maxlength="25" tabindex="<? echo $cur_index++ ?>" /><br />
<? echo $email_label ?><br /><input type="text" name="<? echo $email_form_name ?>" value="<? if (isset($_POST[$email_form_name])) echo pun_htmlspecialchars($email); ?>" size="50" maxlength="50" tabindex="<? echo $cur_index++ ?>" /><br />
<?

}

if ($fid): ?>
<strong><? echo $lang_common['Subject'] ?></strong><br /><input type="text" name="req_subject" value="<? if (isset($_POST['req_subject'])) echo pun_htmlspecialchars($subject); ?>" size="70" maxlength="70" tabindex="<? echo $cur_index++ ?>" /><br />
<? endif; ?>
<textarea name="req_message" rows="20" cols="70" tabindex="<? echo $cur_index++ ?>"><? echo isset($_POST['req_message']) ? pun_htmlspecialchars($message) : (isset($quote) ? $quote : ''); ?></textarea><br />
<ul class="bblinks">
<li><a href="help.php#bbcode" onclick="window.open(this.href); return false;"><? echo $lang_common['BBCode'] ?></a>: <? echo ($pun_config['p_message_bbcode'] == '1') ? $lang_common['on'] : $lang_common['off']; ?></li>
<li><a href="help.php#img" onclick="window.open(this.href); return false;"><? echo $lang_common['img tag'] ?></a>: <? echo ($pun_config['p_message_img_tag'] == '1') ? $lang_common['on'] : $lang_common['off']; ?></li>
<li><a href="help.php#smilies" onclick="window.open(this.href); return false;"><? echo $lang_common['Smilies'] ?></a>: <? echo ($pun_config['o_smilies'] == '1') ? $lang_common['on'] : $lang_common['off']; ?></li>
</ul>
<?

$checkboxes = array();
if (!$pun_user['is_guest'])
{
    if ($pun_config['o_smilies'] == '1')
        $checkboxes[] = '<label><input type="checkbox" name="hide_smilies" value="1" tabindex="'.($cur_index++).'"'.(isset($_POST['hide_smilies']) ? ' checked="checked"' : '').' /> '.$lang_post['Hide smilies'];

    if ($pun_config['o_subscriptions'] == '1')
        $checkboxes[] = '<label><input type="checkbox" name="subscribe" value="1" tabindex="'.($cur_index++).'"'.(isset($_POST['subscribe']) ? ' checked="checked"' : '').' /> '.$lang_post['Subscribe'];
}
else if ($pun_config['o_smilies'] == '1')
    $checkboxes[] = '<label><input type="checkbox" name="hide_smilies" value="1" tabindex="'.($cur_index++).'"'.(isset($_POST['hide_smilies']) ? ' checked="checked"' : '').' /> '.$lang_post['Hide smilies'];

if (!empty($checkboxes))
{

echo $lang_common['Options'] ?><br />
<? 
echo implode('<br />', $checkboxes).'<br />';

}

?>
<p><button type="submit" name="submit" tabindex="<? echo $cur_index++ ?>" accesskey="s">Submit</button> | <button type="submit" name="preview" tabindex="<? echo $cur_index++ ?>" accesskey="p">Preview</button> | <a href="javascript:history.go(-1)">Go back</a></p>
</form>
<?

// Check to see if the topic review is to be displayed.
if ($tid && $pun_config['o_topic_review'] != '0')
{
    require_once PUN_ROOT.'include/parser.php';

$result = $db->query('SELECT poster, message, hide_smilies, posted FROM '.$db->prefix.'posts WHERE topic_id='.$tid.' ORDER BY id DESC LIMIT '.$pun_config['o_topic_review']) or error('Unable to fetch topic review', __FILE__, __LINE__, $db->error());

?>
<h2><? echo $lang_post['Topic review'] ?></h2>
<?

    //Set background switching on
    $bg_switch = true;
    $post_count = 0;

    while ($cur_post = $db->fetch_assoc($result))
    {
        // Switch the background color for every message.
        $bg_switch = ($bg_switch) ? $bg_switch = false : $bg_switch = true;
        $vtbg = ($bg_switch) ? ' roweven' : ' rowodd';
        $post_count++;

        $cur_post['message'] = parse_message($cur_post['message'], $cur_post['hide_smilies']);

?>
    <div class="box<? echo $vtbg ?>">
        <div class="inbox">
            <div class="postleft">
                <dl>
                    <dt><strong><? echo pun_htmlspecialchars($cur_post['poster']) ?></strong></dt>
                    <dd><? echo format_time($cur_post['posted']) ?></dd>
                </dl>
            </div>
            <div class="postright">
                <div class="postmsg">
                    <? echo $cur_post['message'] ?>
                </div>
            </div>
        </div>
    </div>
<?

    }

?>
</div>
<?

}

?>
<br />
<br />
</div>
</div>
<?

require PUN_ROOT.'footer.php';

Go to forum: PunBB 1.2 modifications, plugins and integrations

15 Reply by Peter

(9 replies, posted in PunBB 1.2 modifications, plugins and integrations)

Smartys wrote:

If you linked to your site, it might be easier for someone to tell where the problem is? wink

Access is behind a login at http://web2newyork.com/forum/ :

user: test@user.com
pass: punbb

I got myself into this mess, so I should try to find some way out of it myself as well. But I don't even know where to start with this one, because I don't recognize what's going on at the 'bad request' producing bits of code in post.php. So any help with that is appreciated.

Go to forum: PunBB 1.2 modifications, plugins and integrations

16 Topic by Peter

(9 replies, posted in PunBB 1.2 modifications, plugins and integrations)

I'm using PunBB as the central registration script for my site. I have customized/pulled apart PunBB for over a year. The forum is buried somewhere deep in my site, but I thought it still worked.

It doesn't. I get those pesky 'Bad request' errors when I try to preview a post or do other things with post.php:

Bad request. The link you followed is incorrect or outdated.

The bad request producing pieces of code look like this:

$tid = isset($_GET['tid']) ? intval($_GET['tid']) : 0;
$fid = isset($_GET['fid']) ? intval($_GET['fid']) : 0;
if ($tid < 1 && $fid < 1 || $tid > 0 && $fid > 0)
    message($lang_common['Bad request']);
if (!$db->num_rows($result))
    message($lang_common['Bad request']);
// Is someone trying to post into a redirect forum?
if ($cur_posting['redirect_url'] != '')
    message($lang_common['Bad request']);
    // Make sure form_user is correct
    if (($pun_user['is_guest'] && $_POST['form_user'] != 'Guest') || (!$pun_user['is_guest'] && $_POST['form_user'] != $pun_user['username']))
        message($lang_common['Bad request']);
// If a forum_id was specified in the url (new topic).
else if ($fid)
{
    $action = $lang_post['Post new topic'];
    $form = '<form id="post" method="post" action="post.php?action=post&fid='.$fid.'" onsubmit="return process_form(this)">';

    $forum_name = pun_htmlspecialchars($cur_posting['forum_name']);
}
else
    message($lang_common['Bad request']);

Etc.

In none of these cases it's clear to me what's going on. I don't know PHP. I can work with PHP on a copy/paste level and I understand some general principles.

I'm using the email address as username, so that's an obvious potential cause for problems, but only one of these pieces of code mentions username.

Where should I start? Any help, suggestions very much appreciated!

Go to forum: PunBB 1.2 modifications, plugins and integrations

17 Reply by Peter

(154 replies, posted in PunBB 1.2 modifications, plugins and integrations)

Koos wrote:

Automatic Image Upload with Thumbnails 1.3.4 now available. ...

Where?

Go to forum: PunBB 1.2 modifications, plugins and integrations

18 Reply by Peter

(92 replies, posted in Programming)

elbekko wrote:

See if this works:
...

It does! smile

I'll email you to settle payment.

Just had to insert $info['id'] here and there to get the member pictures (only one at the moment) to show up.

Finally ready to put it live!!

Go to forum: Programming

19 Reply by Peter

(92 replies, posted in Programming)

MattF wrote:

I've edited that code I posted above. Not sure if it'll make any difference, but give it a whirl. smile
Edit: I've just given it a second edit to move the $xi lower in the loop.

Thanks MattF!

I've just tried it. It gives a weird mixed result. It screws up the layout, CSS is gone. So far that happened with this page whenever I screwed up syntax (don't know why), but there's no explanation what error exactly in the page.

Some posts with correct id's and usernames actually do show up with the script, on two of the three posts, but nothing at all on the third. So some result, but very messy and I can't call it a success.

Go to forum: Programming

20 Reply by Peter

(92 replies, posted in Programming)

I'll pay $20 for the first fully working solution coming in, assuming the solution is simple for any experienced PHP-coder. If it's more complicated, more compensation is negotiable. I'm not rich...

Starting point is the script at post #82, which you can see in action here. I need the correct id, username and other data to show up with each feed. In the test version posts from different feeds all get the same id, username etc.

You should be able to reach me through this forum's internal mail system. Or try info at web2newyork.

(This forum should have a job section or even a more elaborate programming job trading system, with paypal etc.) wink

Go to forum: Programming

21 Reply by Peter

(92 replies, posted in Programming)

Thanks so much MattF! I obviously know far less about multi-dimensional arrays.

I did try the code. It doesn't do anything unfortunately. Only one post shows up, with any related id, username etc.

Apologies again I suck at this myself, but the complete end result would be useful to many people.

On my site (test version of the page) a third blogger now added his RSS feed. smile

Go to forum: Programming

22 Reply by Peter

(92 replies, posted in Programming)

MattF wrote:

Post the complete script you're using.

<?
// Include the SimplePie library 
require_once 'simplepie.inc';
require 'shorten.php';

// Because we're using multiple feeds, let's just set the headers here.
header('Content-type:text/html; charset=utf-8');

// These are the feeds we want to use
mysql_connect(localhost,$db_username,$db_password);
@mysql_select_db($db_name) or die( "Unable to select database");

$query="SELECT id, firstname, username, rssfeed FROM members WHERE rssfeed!=''";
$result=mysql_query($query);

$feeds = array();
$id_array = array();
$first = array();
$user = array();

while ($cur_feed = mysql_fetch_assoc($result))
{
    $feeds[] = $cur_feed['rssfeed'];
    $id_array[] = $cur_feed['id'];
    $first[] = $cur_feed['firstname'];
    $user[] = $cur_feed['username'];
}

// This array will hold the items we'll be grabbing.
$first_items = array();
 
// Let's go through the array, feed by feed, and store the items we want.

$ix = 0;

foreach ($feeds as $url)
{
    $user_id = $id_array[$ix];
    $firstname = $first[$ix];
    $username = $user[$ix];
    $ix++;

    // Use the long syntax
    $feed = new SimplePie();
    $feed->set_feed_url($url);
    $feed->init();

    // How many items per feed should we try to grab?
    $items_per_feed = 1;
 
// As long as we're not trying to grab more items than the feed has, go through them one by one and add them to the array.
    for ($x = 0; $x < $feed->get_item_quantity($items_per_feed); $x++)
    {
        $first_items[] = $feed->get_item($x);
    }
 
    // We're done with this feed, so let's release some memory.
    unset($feed);
}
 
// We need to sort the items by date with a user-defined sorting function.  Since usort() won't accept "SimplePie::sort_items", we need to wrap it in a new function.
function sort_items($a, $b)
{
    return SimplePie::sort_items($a, $b);
}
 
// Now we can sort $first_items with our custom sorting function.
usort($first_items, "sort_items");

$counter=0;
foreach($first_items as $item):
$feed = $item->get_feed();

$counter++;
if($counter>=10){
break;
}

if ($img_size = @getimagesize($pun_config['o_avatars_dir'].'/'.$id.'.jpg'))
$avatar_field = '<img src="'.$pun_config['o_avatars_dir'].'/'.$id.'.jpg" alt="" />';
else
$avatar_field = '<img src="'.$pun_config['o_avatars_dir'].'/nopicture.png" alt="" />';

$picture = '<div id="feedpicture"><a href="member.php?id='.$user_id.'" title="'.$firstname.'\'s Member Page">'.$avatar_field.'</a></div>';

// Begin the (X)HTML page.
?>

<h3><?php echo $picture; ?><a href="<?php echo $item->get_permalink(); ?>" target="_blank"><?php echo html_entity_decode($item->get_title(), ENT_QUOTES, 'UTF-8'); ?></a></h3>

<!-- get_content() prefers full content over summaries -->
<? echo trim(substr((str_replace("\n", ' ', str_replace("\r", ' ', strip_tags($item->get_description())))),0,300)); ?>
... <i>more</i></a><br />

<p class="footnote"><a href="member.php?id=<?php echo $user_id; ?>" title="<?php echo $firstname.'\'s Member Page'; ?>"><?php echo $username; ?></a> | <a href="<?php echo $feed->get_permalink(); ?>" target="_blank"><?php echo $feed->get_title(); ?></a> | <?php echo $item->get_date('M j, Y | g:i a'); ?></p><br />

<?php
endforeach;
?>

Go to forum: Programming

23 Reply by Peter

(92 replies, posted in Programming)

MattF wrote:

... You have already set user_id and firstname at the top of the loop. You shouldn't have them in that loop too. All you are achieving there is running through the array without doing anything with the info. They're already set. Echo the output where you need it.

I was trying that as an alternative, so without also setting user_id, firstname at the top of the loop. The result was slightly different, but still the same id etc. on all posts.

The version here is copied straight from your post. It has the same problem.

Go to forum: Programming

24 Reply by Peter

(92 replies, posted in Programming)

Aarrgg, it's an obsession!

Copying MattF's latest code I get a result similar to my first attempt; id, username etc. associated with one feed shows up on all posts. In this case it's the id, username from the top/latest post.

With this I get the id, username from the first row in the database again, showing up on all posts:

// As long as we're not trying to grab more items than the feed has, go through them one by one and add them to the array.
    for ($x = 0; $x < $feed->get_item_quantity($items_per_feed); $x++)
    {
        $first_items[] = $feed->get_item($x);

    $user_id = $id_array[$x];
    $firstname = $first[$x];
    $x++;

    }

Here's a link to see MattF's suggestion in action. The live version is members only, but I've now removed that code from the test.php. The posts are from two different feeds, but get the same id etc.

Go to forum: Programming

25 Reply by Peter

(92 replies, posted in Programming)

I give up for now. I really have to put some time in my day job...

Thanks for all the suggestions! smile

Go to forum: Programming