I entered some rss feed to test, but nothing was published. What could be wrong?
By the way, I am using the 1.0.3 version.
26 2008-05-12 21:48
Re: Feed Aggregator Plugin 1.0 (30 replies, posted in PunBB 1.2 modifications, plugins and integrations)
27 2008-05-11 22:52
Re: Feed Aggregator Plugin 1.0 (30 replies, posted in PunBB 1.2 modifications, plugins and integrations)
Quaker, how did you define that it's a guest named Bunpai that is posting ?
28 2008-05-11 14:31
Re: A "Logout" button instead of "Login" (15 replies, posted in PunBB 1.2 troubleshooting)
Done.
29 2008-05-11 14:19
Re: A "Logout" button instead of "Login" (15 replies, posted in PunBB 1.2 troubleshooting)
No idea if it is working or not. Yesterday it did not solve my problem, that's why I said it's not working. And today, neither http://www. nor http:// are redirecting to one or the other.
I did set the cookie_domain in config.php to speakmoroccan.com [Without the dot in the beginning?] too.
30 2008-05-11 14:13
Re: A "Logout" button instead of "Login" (15 replies, posted in PunBB 1.2 troubleshooting)
Problem solved.
Conclusion: It was my mistake while upgrading. The thing is that I had no idea what file had the bug.
Is the .htaccess file still useful?
Thank you Smartys, this is not the first time you help me . I appreciate it.
31 2008-05-11 12:32
Re: A "Logout" button instead of "Login" (15 replies, posted in PunBB 1.2 troubleshooting)
Here it is:
<?php
/***********************************************************************
Copyright (C) 2002-2005 Rickard Andersson (rickard@punbb.org)
This file is part of PunBB.
PunBB is free software; you can redistribute it and/or modify it
under the terms of the GNU General Public License as published
by the Free Software Foundation; either version 2 of the License,
or (at your option) any later version.
PunBB is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston,
MA 02111-1307 USA
************************************************************************/
//
// Cookie stuff!
//
function check_cookie(&$pun_user)
{
global $db, $db_type, $pun_config, $cookie_name, $cookie_seed;
$now = time();
$expire = $now + 31536000; // The cookie expires after a year
// We assume it's a guest
$cookie = array('user_id' => 1, 'password_hash' => 'Guest');
// If a cookie is set, we get the user_id and password hash from it
if (isset($_COOKIE[$cookie_name]))
list($cookie['user_id'], $cookie['password_hash']) = @unserialize($_COOKIE[$cookie_name]);
if ($cookie['user_id'] > 1)
{
// Check if there's a user with the user ID and password hash from the cookie
$result = $db->query('SELECT u.*, g.*, o.logged, o.idle FROM '.$db->prefix.'users AS u INNER JOIN '.$db->prefix.'groups AS g ON u.group_id=g.g_id LEFT JOIN '.$db->prefix.'online AS o ON o.user_id=u.id WHERE u.id='.intval($cookie['user_id'])) or error('Unable to fetch user information', __FILE__, __LINE__, $db->error());
$pun_user = $db->fetch_assoc($result);
// If user authorisation failed
if (!isset($pun_user['id']) || md5($cookie_seed.$pun_user['password']) !== $cookie['password_hash'])
{
pun_setcookie(1, md5(uniqid(rand(), true)), $expire);
set_default_user();
return;
}
// Set a default language if the user selected language no longer exists
if (!@file_exists(PUN_ROOT.'lang/'.$pun_user['language']))
$pun_user['language'] = $pun_config['o_default_lang'];
// Set a default style if the user selected style no longer exists
if (!@file_exists(PUN_ROOT.'style/'.$pun_user['style'].'.css'))
$pun_user['style'] = $pun_config['o_default_style'];
if (!$pun_user['disp_topics'])
$pun_user['disp_topics'] = $pun_config['o_disp_topics_default'];
if (!$pun_user['disp_posts'])
$pun_user['disp_posts'] = $pun_config['o_disp_posts_default'];
if ($pun_user['save_pass'] == '0')
$expire = 0;
// Define this if you want this visit to affect the online list and the users last visit data
if (!defined('PUN_QUIET_VISIT'))
{
// Update the online list
if (!$pun_user['logged'])
{
$pun_user['logged'] = $now;
switch ($db_type)
{
case 'mysql':
case 'mysqli':
$db->query('REPLACE INTO '.$db->prefix.'online (user_id, ident, logged) VALUES('.$pun_user['id'].', \''.$db->escape($pun_user['username']).'\', '.$pun_user['logged'].')') or error('Unable to insert into online list', __FILE__, __LINE__, $db->error());
break;
default:
$db->query('INSERT INTO '.$db->prefix.'online (user_id, ident, logged) VALUES('.$pun_user['id'].', \''.$db->escape($pun_user['username']).'\', '.$pun_user['logged'].')') or error('Unable to insert into online list', __FILE__, __LINE__, $db->error());
break;
}
}
else
{
// Special case: We've timed out, but no other user has browsed the forums since we timed out
if ($pun_user['logged'] < ($now-$pun_config['o_timeout_visit']))
{
$db->query('UPDATE '.$db->prefix.'users SET last_visit='.$pun_user['logged'].' WHERE id='.$pun_user['id']) or error('Unable to update user visit data', __FILE__, __LINE__, $db->error());
$pun_user['last_visit'] = $pun_user['logged'];
}
$idle_sql = ($pun_user['idle'] == '1') ? ', idle=0' : '';
$db->query('UPDATE '.$db->prefix.'online SET logged='.$now.$idle_sql.' WHERE user_id='.$pun_user['id']) or error('Unable to update online list', __FILE__, __LINE__, $db->error());
}
}
$pun_user['is_guest'] = false;
}
else
set_default_user();
}
//
// Fill $pun_user with default values (for guests)
//
function set_default_user()
{
global $db, $db_type, $pun_user, $pun_config;
$remote_addr = get_remote_address();
// Fetch guest user
$result = $db->query('SELECT u.*, g.*, o.logged FROM '.$db->prefix.'users AS u INNER JOIN '.$db->prefix.'groups AS g ON u.group_id=g.g_id LEFT JOIN '.$db->prefix.'online AS o ON o.ident=\''.$remote_addr.'\' WHERE u.id=1') or error('Unable to fetch guest information', __FILE__, __LINE__, $db->error());
if (!$db->num_rows($result))
exit('Unable to fetch guest information. The table \''.$db->prefix.'users\' must contain an entry with id = 1 that represents anonymous users.');
$pun_user = $db->fetch_assoc($result);
// Update online list
if (!$pun_user['logged'])
{
$pun_user['logged'] = time();
// With MySQL/MySQLi, REPLACE INTO avoids a user having two rows in the online table
switch ($db_type)
{
case 'mysql':
case 'mysqli':
$db->query('REPLACE INTO '.$db->prefix.'online (user_id, ident, logged) VALUES(1, \''.$db->escape($remote_addr).'\', '.$pun_user['logged'].')') or error('Unable to insert into online list', __FILE__, __LINE__, $db->error());
break;
default:
$db->query('INSERT INTO '.$db->prefix.'online (user_id, ident, logged) VALUES(1, \''.$db->escape($remote_addr).'\', '.$pun_user['logged'].')') or error('Unable to insert into online list', __FILE__, __LINE__, $db->error());
break;
}
}
else
$db->query('UPDATE '.$db->prefix.'online SET logged='.time().' WHERE ident=\''.$db->escape($remote_addr).'\'') or error('Unable to update online list', __FILE__, __LINE__, $db->error());
$pun_user['disp_topics'] = $pun_config['o_disp_topics_default'];
$pun_user['disp_posts'] = $pun_config['o_disp_posts_default'];
$pun_user['timezone'] = 0;
$pun_user['language'] = $pun_config['o_default_lang'];
$pun_user['style'] = $pun_config['o_default_style'];
$pun_user['is_guest'] = true;
}
//
// Set a cookie, PunBB style!
//
function pun_setcookie($user_id, $password_hash, $expire)
{
global $cookie_name, $cookie_path, $cookie_domain, $cookie_secure, $cookie_seed;
// Enable sending of a P3P header by removing // from the following line (try this if login is failing in IE6)
// @header('P3P: CP="CUR ADM"');
if (version_compare(PHP_VERSION, '5.2.0', '>='))
setcookie($cookie_name, serialize(array($user_id, md5($cookie_seed.$password_hash))), $expire, $cookie_path, $cookie_domain, $cookie_secure, true);
else
setcookie($cookie_name, serialize(array($user_id, md5($cookie_seed.$password_hash))), $expire, $cookie_path.'; HttpOnly', $cookie_domain, $cookie_secure);
}
//
// Check whether the connecting user is banned (and delete any expired bans while we're at it)
//
function check_bans()
{
global $db, $pun_config, $lang_common, $pun_user, $pun_bans;
// Admins aren't affected
if ($pun_user['g_id'] == PUN_ADMIN || !$pun_bans)
return;
// Add a dot at the end of the IP address to prevent banned address 192.168.0.5 from matching e.g. 192.168.0.50
$user_ip = get_remote_address().'.';
$bans_altered = false;
foreach ($pun_bans as $cur_ban)
{
// Has this ban expired?
if ($cur_ban['expire'] != '' && $cur_ban['expire'] <= time())
{
$db->query('DELETE FROM '.$db->prefix.'bans WHERE id='.$cur_ban['id']) or error('Unable to delete expired ban', __FILE__, __LINE__, $db->error());
$bans_altered = true;
continue;
}
if ($cur_ban['username'] != '' && !strcasecmp($pun_user['username'], $cur_ban['username']))
{
$db->query('DELETE FROM '.$db->prefix.'online WHERE ident=\''.$db->escape($pun_user['username']).'\'') or error('Unable to delete from online list', __FILE__, __LINE__, $db->error());
message($lang_common['Ban message'].' '.(($cur_ban['expire'] != '') ? $lang_common['Ban message 2'].' '.strtolower(format_time($cur_ban['expire'], true)).'. ' : '').(($cur_ban['message'] != '') ? $lang_common['Ban message 3'].'<br /><br /><strong>'.pun_htmlspecialchars($cur_ban['message']).'</strong><br /><br />' : '<br /><br />').$lang_common['Ban message 4'].' <a href="mailto:'.$pun_config['o_admin_email'].'">'.$pun_config['o_admin_email'].'</a>.', true);
}
if ($cur_ban['ip'] != '')
{
$cur_ban_ips = explode(' ', $cur_ban['ip']);
for ($i = 0; $i < count($cur_ban_ips); ++$i)
{
$cur_ban_ips[$i] = $cur_ban_ips[$i].'.';
if (substr($user_ip, 0, strlen($cur_ban_ips[$i])) == $cur_ban_ips[$i])
{
$db->query('DELETE FROM '.$db->prefix.'online WHERE ident=\''.$db->escape($pun_user['username']).'\'') or error('Unable to delete from online list', __FILE__, __LINE__, $db->error());
message($lang_common['Ban message'].' '.(($cur_ban['expire'] != '') ? $lang_common['Ban message 2'].' '.strtolower(format_time($cur_ban['expire'], true)).'. ' : '').(($cur_ban['message'] != '') ? $lang_common['Ban message 3'].'<br /><br /><strong>'.pun_htmlspecialchars($cur_ban['message']).'</strong><br /><br />' : '<br /><br />').$lang_common['Ban message 4'].' <a href="mailto:'.$pun_config['o_admin_email'].'">'.$pun_config['o_admin_email'].'</a>.', true);
}
}
}
}
// If we removed any expired bans during our run-through, we need to regenerate the bans cache
if ($bans_altered)
{
require_once PUN_ROOT.'include/cache.php';
generate_bans_cache();
}
}
//
// Update "Users online"
//
function update_users_online()
{
global $db, $pun_config, $pun_user;
$now = time();
// Fetch all online list entries that are older than "o_timeout_online"
$result = $db->query('SELECT * FROM '.$db->prefix.'online WHERE logged<'.($now-$pun_config['o_timeout_online'])) or error('Unable to fetch old entries from online list', __FILE__, __LINE__, $db->error());
while ($cur_user = $db->fetch_assoc($result))
{
// If the entry is a guest, delete it
if ($cur_user['user_id'] == '1')
$db->query('DELETE FROM '.$db->prefix.'online WHERE ident=\''.$db->escape($cur_user['ident']).'\'') or error('Unable to delete from online list', __FILE__, __LINE__, $db->error());
else
{
// If the entry is older than "o_timeout_visit", update last_visit for the user in question, then delete him/her from the online list
if ($cur_user['logged'] < ($now-$pun_config['o_timeout_visit']))
{
$db->query('UPDATE '.$db->prefix.'users SET last_visit='.$cur_user['logged'].' WHERE id='.$cur_user['user_id']) or error('Unable to update user visit data', __FILE__, __LINE__, $db->error());
$db->query('DELETE FROM '.$db->prefix.'online WHERE user_id='.$cur_user['user_id']) or error('Unable to delete from online list', __FILE__, __LINE__, $db->error());
}
else if ($cur_user['idle'] == '0')
$db->query('UPDATE '.$db->prefix.'online SET idle=1 WHERE user_id='.$cur_user['user_id']) or error('Unable to insert into online list', __FILE__, __LINE__, $db->error());
}
}
}
//
// Generate the "navigator" that appears at the top of every page
//
function generate_navlinks()
{
global $pun_config, $lang_common, $pun_user;
// Index and Userlist should always be displayed
$links[] = '<li id="navindex"><a href="/forum/">'.$lang_common['Index'].'</a>';
$links[] = '<li id="navuserlist"><a href="userlist.php">'.$lang_common['User list'].'</a>';
if ($pun_config['o_rules'] == '1')
$links[] = '<li id="navrules"><a href="misc.php?action=rules">'.$lang_common['Rules'].'</a>';
if ($pun_user['is_guest'])
{
if ($pun_user['g_search'] == '1')
$links[] = '<li id="navsearch"><a href="search.php">'.$lang_common['Search'].'</a>';
$links[] = '<li id="navregister"><a href="register.php">'.$lang_common['Register'].'</a>';
$links[] = '<li id="navlogout"><a href="login.php?action=out&id='.$pun_user['id'].'&csrf_token='.sha1($pun_user['id'].sha1(get_remote_address())).'">'.$lang_common['Logout'].'</a>';
$info = $lang_common['Not logged in'];
}
else
{
if ($pun_user['g_id'] > PUN_MOD)
{
if ($pun_user['g_search'] == '1')
$links[] = '<li id="navsearch"><a href="search.php">'.$lang_common['Search'].'</a>';
$links[] = '<li id="navprofile"><a href="profile.php?id='.$pun_user['id'].'">'.$lang_common['Profile'].'</a>';
$links[] = '<li id="navlogout"><a href="login.php?action=out&id='.$pun_user['id'].'">'.$lang_common['Logout'].'</a>';
}
else
{
$links[] = '<li id="navsearch"><a href="search.php">'.$lang_common['Search'].'</a>';
$links[] = '<li id="navprofile"><a href="profile.php?id='.$pun_user['id'].'">'.$lang_common['Profile'].'</a>';
$links[] = '<li id="navadmin"><a href="admin_index.php">'.$lang_common['Admin'].'</a>';
$links[] = '<li id="navlogout"><a href="login.php?action=out&id='.$pun_user['id'].'&csrf_token='.sha1($pun_user['id'].sha1(get_remote_address())).'">'.$lang_common['Logout'].'</a>';
}
}
// Are there any additional navlinks we should insert into the array before imploding it?
if ($pun_config['o_additional_navlinks'] != '')
{
if (preg_match_all('#([0-9]+)\s*=\s*(.*?)\n#s', $pun_config['o_additional_navlinks']."\n", $extra_links))
{
// Insert any additional links into the $links array (at the correct index)
for ($i = 0; $i < count($extra_links[1]); ++$i)
array_splice($links, $extra_links[1][$i], 0, array('<li id="navextra'.($i + 1).'">'.$extra_links[2][$i]));
}
}
return '<ul>'."\n\t\t\t\t".implode($lang_common['Link separator'].'</li>'."\n\t\t\t\t", $links).'</li>'."\n\t\t\t".'</ul>';
}
//
// Display the profile navigation menu
//
function generate_profile_menu($page = '')
{
global $lang_profile, $pun_config, $pun_user, $id;
?>
<div id="profile" class="block2col">
<div class="blockmenu">
<h2><span><?php echo $lang_profile['Profile menu'] ?></span></h2>
<div class="box">
<div class="inbox">
<ul>
<li<?php if ($page == 'essentials') echo ' class="isactive"'; ?>><a href="profile.php?section=essentials&id=<?php echo $id ?>"><?php echo $lang_profile['Section essentials'] ?></a></li>
<li<?php if ($page == 'personal') echo ' class="isactive"'; ?>><a href="profile.php?section=personal&id=<?php echo $id ?>"><?php echo $lang_profile['Section personal'] ?></a></li>
<li<?php if ($page == 'messaging') echo ' class="isactive"'; ?>><a href="profile.php?section=messaging&id=<?php echo $id ?>"><?php echo $lang_profile['Section messaging'] ?></a></li>
<li<?php if ($page == 'personality') echo ' class="isactive"'; ?>><a href="profile.php?section=personality&id=<?php echo $id ?>"><?php echo $lang_profile['Section personality'] ?></a></li>
<li<?php if ($page == 'display') echo ' class="isactive"'; ?>><a href="profile.php?section=display&id=<?php echo $id ?>"><?php echo $lang_profile['Section display'] ?></a></li>
<li<?php if ($page == 'privacy') echo ' class="isactive"'; ?>><a href="profile.php?section=privacy&id=<?php echo $id ?>"><?php echo $lang_profile['Section privacy'] ?></a></li>
<?php if ($pun_user['g_id'] == PUN_ADMIN || ($pun_user['g_id'] == PUN_MOD && $pun_config['p_mod_ban_users'] == '1')): ?> <li<?php if ($page == 'admin') echo ' class="isactive"'; ?>><a href="profile.php?section=admin&id=<?php echo $id ?>"><?php echo $lang_profile['Section admin'] ?></a></li>
<?php endif; ?> </ul>
</div>
</div>
</div>
<?php
}
//
// Update posts, topics, last_post, last_post_id and last_poster for a forum
//
function update_forum($forum_id)
{
global $db;
$result = $db->query('SELECT COUNT(id), SUM(num_replies) FROM '.$db->prefix.'topics WHERE forum_id='.$forum_id) or error('Unable to fetch forum topic count', __FILE__, __LINE__, $db->error());
list($num_topics, $num_posts) = $db->fetch_row($result);
$num_posts = $num_posts + $num_topics; // $num_posts is only the sum of all replies (we have to add the topic posts)
$result = $db->query('SELECT last_post, last_post_id, last_poster FROM '.$db->prefix.'topics WHERE forum_id='.$forum_id.' AND moved_to IS NULL ORDER BY last_post DESC LIMIT 1') or error('Unable to fetch last_post/last_post_id/last_poster', __FILE__, __LINE__, $db->error());
if ($db->num_rows($result)) // There are topics in the forum
{
list($last_post, $last_post_id, $last_poster) = $db->fetch_row($result);
$db->query('UPDATE '.$db->prefix.'forums SET num_topics='.$num_topics.', num_posts='.$num_posts.', last_post='.$last_post.', last_post_id='.$last_post_id.', last_poster=\''.$db->escape($last_poster).'\' WHERE id='.$forum_id) or error('Unable to update last_post/last_post_id/last_poster', __FILE__, __LINE__, $db->error());
}
else // There are no topics
$db->query('UPDATE '.$db->prefix.'forums SET num_topics='.$num_topics.', num_posts='.$num_posts.', last_post=NULL, last_post_id=NULL, last_poster=NULL WHERE id='.$forum_id) or error('Unable to update last_post/last_post_id/last_poster', __FILE__, __LINE__, $db->error());
}
//Movepost Mod 1.2 Block Start
//
// Update num_replies, poster, , posted, last_post, last_post_id, last_poster for a topic
//
function update_topic($topic_id)
{
global $db;
// Count number of replies in the topic
$result = $db->query('SELECT COUNT(id) FROM '.$db->prefix.'posts WHERE topic_id='.$topic_id) or error('Unable to fetch post count for topic', __FILE__, __LINE__, $db->error());
$num_replies = $db->result($result, 0) - 1;
// find the first poster and posted (could be different from the original topic)
$result = $db->query('SELECT poster, posted FROM '.$db->prefix.'posts WHERE topic_id='.$topic_id.' ORDER BY posted LIMIT 1') or error('Unable to fetch poster for topic', __FILE__, __LINE__, $db->error());
list($poster, $posted ) = $db->fetch_row($result);
// last_post, last_post_id, last_poster (could be different from the original topic)
$result = $db->query('SELECT posted, id, poster FROM '.$db->prefix.'posts WHERE topic_id='.$topic_id.' ORDER BY posted DESC LIMIT 1') or error('Unable to fetch last_post/last_post_id/last_poster for topic', __FILE__, __LINE__, $db->error());
list($last_post, $last_post_id, $last_poster) = $db->fetch_row($result);
//Finally update the Topic
$db->query('UPDATE '.$db->prefix.'topics SET num_replies='.$num_replies.', poster=\''.$db->escape($poster).'\', posted='.$posted.', last_post='.$last_post.', last_post_id='.$last_post_id.', last_poster=\''.$db->escape($last_poster).'\' WHERE id='.$topic_id) or error('Unable to update last_post/last_post_id/last_poster', __FILE__, __LINE__, $db->error());
}
//Movepost Mod 1.2 Block End
//
// Delete a topic and all of it's posts
//
function delete_topic($topic_id)
{
global $db;
// Delete the topic and any redirect topics
$db->query('DELETE FROM '.$db->prefix.'topics WHERE id='.$topic_id.' OR moved_to='.$topic_id) or error('Unable to delete topic', __FILE__, __LINE__, $db->error());
// Create a list of the post ID's in this topic
$post_ids = '';
$result = $db->query('SELECT id FROM '.$db->prefix.'posts WHERE topic_id='.$topic_id) or error('Unable to fetch posts', __FILE__, __LINE__, $db->error());
while ($row = $db->fetch_row($result))
$post_ids .= ($post_ids != '') ? ','.$row[0] : $row[0];
// Make sure we have a list of post ID's
if ($post_ids != '')
{
strip_search_index($post_ids);
// Delete posts in topic
$db->query('DELETE FROM '.$db->prefix.'posts WHERE topic_id='.$topic_id) or error('Unable to delete posts', __FILE__, __LINE__, $db->error());
}
// Delete any subscriptions for this topic
$db->query('DELETE FROM '.$db->prefix.'subscriptions WHERE topic_id='.$topic_id) or error('Unable to delete subscriptions', __FILE__, __LINE__, $db->error());
}
//
// Delete a single post
//
function delete_post($post_id, $topic_id)
{
global $db;
$result = $db->query('SELECT id, poster, posted FROM '.$db->prefix.'posts WHERE topic_id='.$topic_id.' ORDER BY id DESC LIMIT 2') or error('Unable to fetch post info', __FILE__, __LINE__, $db->error());
list($last_id, ,) = $db->fetch_row($result);
list($second_last_id, $second_poster, $second_posted) = $db->fetch_row($result);
// Delete the post
$db->query('DELETE FROM '.$db->prefix.'posts WHERE id='.$post_id) or error('Unable to delete post', __FILE__, __LINE__, $db->error());
strip_search_index($post_id);
// Count number of replies in the topic
$result = $db->query('SELECT COUNT(id) FROM '.$db->prefix.'posts WHERE topic_id='.$topic_id) or error('Unable to fetch post count for topic', __FILE__, __LINE__, $db->error());
$num_replies = $db->result($result, 0) - 1;
// If the message we deleted is the most recent in the topic (at the end of the topic)
if ($last_id == $post_id)
{
// If there is a $second_last_id there is more than 1 reply to the topic
if (!empty($second_last_id))
$db->query('UPDATE '.$db->prefix.'topics SET last_post='.$second_posted.', last_post_id='.$second_last_id.', last_poster=\''.$db->escape($second_poster).'\', num_replies='.$num_replies.' WHERE id='.$topic_id) or error('Unable to update topic', __FILE__, __LINE__, $db->error());
else
// We deleted the only reply, so now last_post/last_post_id/last_poster is posted/id/poster from the topic itself
$db->query('UPDATE '.$db->prefix.'topics SET last_post=posted, last_post_id=id, last_poster=poster, num_replies='.$num_replies.' WHERE id='.$topic_id) or error('Unable to update topic', __FILE__, __LINE__, $db->error());
}
else
// Otherwise we just decrement the reply counter
$db->query('UPDATE '.$db->prefix.'topics SET num_replies='.$num_replies.' WHERE id='.$topic_id) or error('Unable to update topic', __FILE__, __LINE__, $db->error());
}
//
// Replace censored words in $text
//
function censor_words($text)
{
global $db;
static $search_for, $replace_with;
// If not already built in a previous call, build an array of censor words and their replacement text
if (!isset($search_for))
{
$result = $db->query('SELECT search_for, replace_with FROM '.$db->prefix.'censoring') or error('Unable to fetch censor word list', __FILE__, __LINE__, $db->error());
$num_words = $db->num_rows($result);
$search_for = array();
for ($i = 0; $i < $num_words; ++$i)
{
list($search_for[$i], $replace_with[$i]) = $db->fetch_row($result);
$search_for[$i] = '/\b('.str_replace('\*', '\w*?', preg_quote($search_for[$i], '/')).')\b/i';
}
}
if (!empty($search_for))
$text = substr(preg_replace($search_for, $replace_with, ' '.$text.' '), 1, -1);
return $text;
}
//
// Determines the correct title for $user
// $user must contain the elements 'username', 'title', 'posts', 'g_id' and 'g_user_title'
//
function get_title($user)
{
global $db, $pun_config, $pun_bans, $lang_common;
static $ban_list, $pun_ranks;
// If not already built in a previous call, build an array of lowercase banned usernames
if (empty($ban_list))
{
$ban_list = array();
foreach ($pun_bans as $cur_ban)
$ban_list[] = strtolower($cur_ban['username']);
}
// If not already loaded in a previous call, load the cached ranks
if ($pun_config['o_ranks'] == '1' && empty($pun_ranks))
{
@include PUN_ROOT.'cache/cache_ranks.php';
if (!defined('PUN_RANKS_LOADED'))
{
require_once PUN_ROOT.'include/cache.php';
generate_ranks_cache();
require PUN_ROOT.'cache/cache_ranks.php';
}
}
// If the user has a custom title
if ($user['title'] != '')
$user_title = pun_htmlspecialchars($user['title']);
// If the user is banned
else if (in_array(strtolower($user['username']), $ban_list))
$user_title = $lang_common['Banned'];
// If the user group has a default user title
else if ($user['g_user_title'] != '')
$user_title = pun_htmlspecialchars($user['g_user_title']);
// If the user is a guest
else if ($user['g_id'] == PUN_GUEST)
$user_title = $lang_common['Guest'];
else
{
// Are there any ranks?
if ($pun_config['o_ranks'] == '1' && !empty($pun_ranks))
{
@reset($pun_ranks);
while (list(, $cur_rank) = @each($pun_ranks))
{
if (intval($user['num_posts']) >= $cur_rank['min_posts'])
$user_title = pun_htmlspecialchars($cur_rank['rank']);
}
}
// If the user didn't "reach" any rank (or if ranks are disabled), we assign the default
if (!isset($user_title))
$user_title = $lang_common['Member'];
}
return $user_title;
}
//
// Generate a string with numbered links (for multipage scripts)
//
function paginate($num_pages, $cur_page, $link_to)
{
$pages = array();
$link_to_all = false;
// If $cur_page == -1, we link to all pages (used in viewforum.php)
if ($cur_page == -1)
{
$cur_page = 1;
$link_to_all = true;
}
if ($num_pages <= 1)
$pages = array('<strong>1</strong>');
else
{
if ($cur_page > 3)
{
$pages[] = '<a href="'.$link_to.'&p=1">1</a>';
if ($cur_page != 4)
$pages[] = '…';
}
// Don't ask me how the following works. It just does, OK? :-)
for ($current = $cur_page - 2, $stop = $cur_page + 3; $current < $stop; ++$current)
{
if ($current < 1 || $current > $num_pages)
continue;
else if ($current != $cur_page || $link_to_all)
$pages[] = '<a href="'.$link_to.'&p='.$current.'">'.$current.'</a>';
else
$pages[] = '<strong>'.$current.'</strong>';
}
if ($cur_page <= ($num_pages-3))
{
if ($cur_page != ($num_pages-3))
$pages[] = '…';
$pages[] = '<a href="'.$link_to.'&p='.$num_pages.'">'.$num_pages.'</a>';
}
}
return implode(' ', $pages);
}
//
// Display a message
//
function message($message, $no_back_link = false)
{
global $db, $lang_common, $pun_config, $pun_start, $tpl_main;
if (!defined('PUN_HEADER'))
{
global $pun_user;
$page_title = pun_htmlspecialchars($pun_config['o_board_title']).' / '.$lang_common['Info'];
require PUN_ROOT.'header.php';
}
?>
<div id="msg" class="block">
<h2><span><?php echo $lang_common['Info'] ?></span></h2>
<div class="box">
<div class="inbox">
<p><?php echo $message ?></p>
<?php if (!$no_back_link): ?> <p><a href="javascript: history.go(-1)"><?php echo $lang_common['Go back'] ?></a></p>
<?php endif; ?> </div>
</div>
</div>
<?php
require PUN_ROOT.'footer.php';
}
//
// Format a time string according to $time_format and timezones
//
function format_time($timestamp, $date_only = false)
{
global $pun_config, $lang_common, $pun_user;
if ($timestamp == '')
return $lang_common['Never'];
$diff = ($pun_user['timezone'] - $pun_config['o_server_timezone']) * 3600;
$timestamp += $diff;
$now = time();
$date = date($pun_config['o_date_format'], $timestamp);
$today = date($pun_config['o_date_format'], $now+$diff);
$yesterday = date($pun_config['o_date_format'], $now+$diff-86400);
if ($date == $today)
$date = $lang_common['Today'];
else if ($date == $yesterday)
$date = $lang_common['Yesterday'];
if (!$date_only)
return $date.' '.date($pun_config['o_time_format'], $timestamp);
else
return $date;
}
//
// If we are running pre PHP 4.3.0, we add our own implementation of file_get_contents
//
if (!function_exists('file_get_contents'))
{
function file_get_contents($filename, $use_include_path = 0)
{
$data = '';
if ($fh = fopen($filename, 'rb', $use_include_path))
{
$data = fread($fh, filesize($filename));
fclose($fh);
}
return $data;
}
}
//
// Make sure that HTTP_REFERER matches $pun_config['o_base_url']/$script
//
function confirm_referrer($script)
{
global $pun_config, $lang_common;
if (!preg_match('#^'.preg_quote(str_replace('www.', '', $pun_config['o_base_url']).'/'.$script, '#').'#i', str_replace('www.', '', (isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : ''))))
message($lang_common['Bad referrer']);
}
//
// Generate a random password of length $len
//
function random_pass($len)
{
$chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
$password = '';
for ($i = 0; $i < $len; ++$i)
$password .= substr($chars, (mt_rand() % strlen($chars)), 1);
return $password;
}
//
// Compute a hash of $str
// Uses sha1() if available. If not, SHA1 through mhash() if available. If not, fall back on md5().
//
function pun_hash($str)
{
if (function_exists('sha1')) // Only in PHP 4.3.0+
return sha1($str);
else if (function_exists('mhash')) // Only if Mhash library is loaded
return bin2hex(mhash(MHASH_SHA1, $str));
else
return md5($str);
}
//
// Try to determine the correct remote IP-address
//
function get_remote_address()
{
return $_SERVER['REMOTE_ADDR'];
}
//
// Equivalent to htmlspecialchars(), but allows &#[0-9]+ (for unicode)
//
function pun_htmlspecialchars($str)
{
$str = preg_replace('/&(?!#[0-9]+;)/s', '&', $str);
$str = str_replace(array('<', '>', '"'), array('<', '>', '"'), $str);
return $str;
}
//
// Equivalent to strlen(), but counts &#[0-9]+ as one character (for unicode)
//
function pun_strlen($str)
{
return strlen(preg_replace('/&#([0-9]+);/', '!', $str));
}
//
// Convert \r\n and \r to \n
//
function pun_linebreaks($str)
{
return str_replace("\r", "\n", str_replace("\r\n", "\n", $str));
}
//
// A more aggressive version of trim()
//
function pun_trim($str)
{
global $lang_common;
if (strpos($lang_common['lang_encoding'], '8859') !== false)
{
$fishy_chars = array(chr(0x81), chr(0x8D), chr(0x8F), chr(0x90), chr(0x9D), chr(0xA0));
return trim(str_replace($fishy_chars, ' ', $str));
}
else
return trim($str);
}
//
// Display a message when board is in maintenance mode
//
function maintenance_message()
{
global $db, $pun_config, $lang_common, $pun_user;
// Deal with newlines, tabs and multiple spaces
$pattern = array("\t", ' ', ' ');
$replace = array(' ', ' ', ' ');
$message = str_replace($pattern, $replace, $pun_config['o_maintenance_message']);
// Load the maintenance template
global $style;
if(is_file(PUN_ROOT.'include/template/'.$style.'/maintenance.tpl'))
$tpl_maint = trim(file_get_contents(PUN_ROOT.'include/template/'.$style.'/maintenance.tpl'));
else
$tpl_maint = trim(file_get_contents(PUN_ROOT.'include/template/maintenance.tpl'));
// START SUBST - <pun_include "*">
while (preg_match('#<pun_include "([^/\\\\]*?)\.(php[45]?|inc|html?|txt)">#', $tpl_maint, $cur_include))
{
if (!file_exists(PUN_ROOT.'include/user/'.$cur_include[1].'.'.$cur_include[2]))
error('Unable to process user include '.htmlspecialchars($cur_include[0]).' from template maintenance.tpl. There is no such file in folder /include/user/');
ob_start();
include PUN_ROOT.'include/user/'.$cur_include[1].'.'.$cur_include[2];
$tpl_temp = ob_get_contents();
$tpl_maint = str_replace($cur_include[0], $tpl_temp, $tpl_maint);
ob_end_clean();
}
// END SUBST - <pun_include "*">
// START SUBST - <pun_content_direction>
$tpl_maint = str_replace('<pun_content_direction>', $lang_common['lang_direction'], $tpl_maint);
// END SUBST - <pun_content_direction>
// START SUBST - <pun_char_encoding>
$tpl_maint = str_replace('<pun_char_encoding>', $lang_common['lang_encoding'], $tpl_maint);
// END SUBST - <pun_char_encoding>
// START SUBST - <pun_head>
ob_start();
?>
<title><?php echo pun_htmlspecialchars($pun_config['o_board_title']).' / '.$lang_common['Maintenance'] ?></title>
<link rel="stylesheet" type="text/css" href="style/<?php echo $pun_user['style'].'.css' ?>" />
<?php
$tpl_temp = trim(ob_get_contents());
$tpl_maint = str_replace('<pun_head>', $tpl_temp, $tpl_maint);
ob_end_clean();
// END SUBST - <pun_head>
// START SUBST - <pun_maint_heading>
$tpl_maint = str_replace('<pun_maint_heading>', $lang_common['Maintenance'], $tpl_maint);
// END SUBST - <pun_maint_heading>
// START SUBST - <pun_maint_message>
$tpl_maint = str_replace('<pun_maint_message>', $message, $tpl_maint);
// END SUBST - <pun_maint_message>
// End the transaction
$db->end_transaction();
// Close the db connection (and free up any result data)
$db->close();
exit($tpl_maint);
}
//
// Display $message and redirect user to $destination_url
//
function redirect($destination_url, $message)
{
global $db, $pun_config, $lang_common, $pun_user;
// Prefix with o_base_url (unless there's already a valid URI)
if (strpos($destination_url, 'http://') !== 0 && strpos($destination_url, 'https://') !== 0 && strpos($destination_url, '/') !== 0)
$destination_url = $pun_config['o_base_url'].'/'.$destination_url;
// Do a little spring cleaning
$destination_url = preg_replace('/([\r\n])|(%0[ad])|(;[\s]*data[\s]*:)/i', '', $destination_url);
// If the delay is 0 seconds, we might as well skip the redirect all together
if ($pun_config['o_redirect_delay'] == '0')
header('Location: '.str_replace('&', '&', $destination_url));
// Load the redirect template
global $style;
if(is_file(PUN_ROOT.'include/template/'.$style.'/redirect.tpl'))
$tpl_redir = trim(file_get_contents(PUN_ROOT.'include/template/'.$style.'/redirect.tpl'));
else
$tpl_redir = trim(file_get_contents(PUN_ROOT.'include/template/redirect.tpl'));
// START SUBST - <pun_include "*">
while (preg_match('#<pun_include "([^/\\\\]*?)\.(php[45]?|inc|html?|txt)">#', $tpl_redir, $cur_include))
{
if (!file_exists(PUN_ROOT.'include/user/'.$cur_include[1].'.'.$cur_include[2]))
error('Unable to process user include '.htmlspecialchars($cur_include[0]).' from template redirect.tpl. There is no such file in folder /include/user/');
ob_start();
include PUN_ROOT.'include/user/'.$cur_include[1].'.'.$cur_include[2];
$tpl_temp = ob_get_contents();
$tpl_redir = str_replace($cur_include[0], $tpl_temp, $tpl_redir);
ob_end_clean();
}
// END SUBST - <pun_include "*">
// START SUBST - <pun_content_direction>
$tpl_redir = str_replace('<pun_content_direction>', $lang_common['lang_direction'], $tpl_redir);
// END SUBST - <pun_content_direction>
// START SUBST - <pun_char_encoding>
$tpl_redir = str_replace('<pun_char_encoding>', $lang_common['lang_encoding'], $tpl_redir);
// END SUBST - <pun_char_encoding>
// START SUBST - <pun_head>
ob_start();
?>
<meta http-equiv="refresh" content="<?php echo $pun_config['o_redirect_delay'] ?>;URL=<?php echo str_replace(array('<', '>', '"'), array('<', '>', '"'), $destination_url) ?>" />
<title><?php echo pun_htmlspecialchars($pun_config['o_board_title']).' / '.$lang_common['Redirecting'] ?></title>
<link rel="stylesheet" type="text/css" href="style/<?php echo $pun_user['style'].'.css' ?>" />
<?php
$tpl_temp = trim(ob_get_contents());
$tpl_redir = str_replace('<pun_head>', $tpl_temp, $tpl_redir);
ob_end_clean();
// END SUBST - <pun_head>
// START SUBST - <pun_redir_heading>
$tpl_redir = str_replace('<pun_redir_heading>', $lang_common['Redirecting'], $tpl_redir);
// END SUBST - <pun_redir_heading>
// START SUBST - <pun_redir_text>
$tpl_temp = $message.'<br /><br />'.'<a href="'.$destination_url.'">'.$lang_common['Click redirect'].'</a>';
$tpl_redir = str_replace('<pun_redir_text>', $tpl_temp, $tpl_redir);
// END SUBST - <pun_redir_text>
// START SUBST - <pun_footer>
ob_start();
// End the transaction
$db->end_transaction();
// Display executed queries (if enabled)
if (defined('PUN_SHOW_QUERIES'))
display_saved_queries();
$tpl_temp = trim(ob_get_contents());
$tpl_redir = str_replace('<pun_footer>', $tpl_temp, $tpl_redir);
ob_end_clean();
// END SUBST - <pun_footer>
// Close the db connection (and free up any result data)
$db->close();
exit($tpl_redir);
}
//
// Display a simple error message
//
function error($message, $file, $line, $db_error = false)
{
global $pun_config;
// Set a default title if the script failed before $pun_config could be populated
if (empty($pun_config))
$pun_config['o_board_title'] = 'PunBB';
// Empty output buffer and stop buffering
@ob_end_clean();
// "Restart" output buffering if we are using ob_gzhandler (since the gzip header is already sent)
if (!empty($pun_config['o_gzip']) && extension_loaded('zlib') && (strpos($_SERVER['HTTP_ACCEPT_ENCODING'], 'gzip') !== false || strpos($_SERVER['HTTP_ACCEPT_ENCODING'], 'deflate') !== false))
ob_start('ob_gzhandler');
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title><?php echo pun_htmlspecialchars($pun_config['o_board_title']) ?> / Error</title>
<style type="text/css">
<!--
BODY {MARGIN: 10% 20% auto 20%; font: 10px Verdana, Arial, Helvetica, sans-serif}
#errorbox {BORDER: 1px solid #B84623}
H2 {MARGIN: 0; COLOR: #FFFFFF; BACKGROUND-COLOR: #B84623; FONT-SIZE: 1.1em; PADDING: 5px 4px}
#errorbox DIV {PADDING: 6px 5px; BACKGROUND-COLOR: #F1F1F1}
-->
</style>
</head>
<body>
<div id="errorbox">
<h2>An error was encountered</h2>
<div>
<?php
if (defined('PUN_DEBUG'))
{
echo "\t\t".'<strong>File:</strong> '.$file.'<br />'."\n\t\t".'<strong>Line:</strong> '.$line.'<br /><br />'."\n\t\t".'<strong>PunBB reported</strong>: '.$message."\n";
if ($db_error)
{
echo "\t\t".'<br /><br /><strong>Database reported:</strong> '.pun_htmlspecialchars($db_error['error_msg']).(($db_error['error_no']) ? ' (Errno: '.$db_error['error_no'].')' : '')."\n";
if ($db_error['error_sql'] != '')
echo "\t\t".'<br /><br /><strong>Failed query:</strong> '.pun_htmlspecialchars($db_error['error_sql'])."\n";
}
}
else
echo "\t\t".'Error: <strong>'.$message.'.</strong>'."\n";
?>
</div>
</div>
</body>
</html>
<?php
// If a database connection was established (before this error) we close it
if ($db_error)
$GLOBALS['db']->close();
exit;
}
// DEBUG FUNCTIONS BELOW
//
// Display executed queries (if enabled)
//
function display_saved_queries()
{
global $db, $lang_common;
// Get the queries so that we can print them out
$saved_queries = $db->get_saved_queries();
?>
<div id="debug" class="blocktable">
<h2><span><?php echo $lang_common['Debug table'] ?></span></h2>
<div class="box">
<div class="inbox">
<table cellspacing="0">
<thead>
<tr>
<th class="tcl" scope="col">Time (s)</th>
<th class="tcr" scope="col">Query</th>
</tr>
</thead>
<tbody>
<?php
$query_time_total = 0.0;
while (list(, $cur_query) = @each($saved_queries))
{
$query_time_total += $cur_query[1];
?>
<tr>
<td class="tcl"><?php echo ($cur_query[1] != 0) ? $cur_query[1] : ' ' ?></td>
<td class="tcr"><?php echo pun_htmlspecialchars($cur_query[0]) ?></td>
</tr>
<?php
}
?>
<tr>
<td class="tcl" colspan="2">Total query time: <?php echo $query_time_total ?> s</td>
</tr>
</tbody>
</table>
</div>
</div>
</div>
<?php
}
//
// Unset any variables instantiated as a result of register_globals being enabled
//
function unregister_globals()
{
$register_globals = @ini_get('register_globals');
if ($register_globals === "" || $register_globals === "0" || strtolower($register_globals) === "off")
return;
// Prevent script.php?GLOBALS[foo]=bar
if (isset($_REQUEST['GLOBALS']) || isset($_FILES['GLOBALS']))
exit('I\'ll have a steak sandwich and... a steak sandwich.');
// Variables that shouldn't be unset
$no_unset = array('GLOBALS', '_GET', '_POST', '_COOKIE', '_REQUEST', '_SERVER', '_ENV', '_FILES');
// Remove elements in $GLOBALS that are present in any of the superglobals
$input = array_merge($_GET, $_POST, $_COOKIE, $_SERVER, $_ENV, $_FILES, isset($_SESSION) && is_array($_SESSION) ? $_SESSION : array());
foreach ($input as $k => $v)
{
if (!in_array($k, $no_unset) && isset($GLOBALS[$k]))
{
unset($GLOBALS[$k]);
unset($GLOBALS[$k]); // Double unset to circumvent the zend_hash_del_key_or_index hole in PHP <4.4.3 and <5.1.4
}
}
}
//
// Dump contents of variable(s)
//
function dump()
{
echo '<pre>';
$num_args = func_num_args();
for ($i = 0; $i < $num_args; ++$i)
{
print_r(func_get_arg($i));
echo "\n\n";
}
echo '</pre>';
exit;
}
32 2008-05-11 11:44
Re: A "Logout" button instead of "Login" (15 replies, posted in PunBB 1.2 troubleshooting)
Do I need specific permissions from the hosting company to be able to use those two lines of code for the .htaccess?
Some members (probably those who have their accounts connected all the time) could post yesterday. Now at least I can log in if I type myself the /login.php and log out. But the logout button is still there by itself, and I just can't figure out what's wrong.
Any help is appreciated.
33 2008-05-10 19:29
Re: A "Logout" button instead of "Login" (15 replies, posted in PunBB 1.2 troubleshooting)
It did not work .
34 2008-05-10 15:34
Topic: Like the punres portal (1 replies, posted in PunBB 1.2 discussion)
Hello.
Which portal is used to have the punres homepage with two columns to which it's possible to add links?
I checked miniportal and it only added one sidebar.
Thanks.
35 2008-05-10 14:30
Re: Cache error (6 replies, posted in PunBB 1.2 troubleshooting)
Solved.
Thanks .
36 2008-05-10 14:21
Re: Cache error (6 replies, posted in PunBB 1.2 troubleshooting)
Well, it's a brand new domain name ^_^. I installed the forum in the wrong location, so I wanted to delete everything and start all over.
37 2008-05-10 14:17
Re: Cache error (6 replies, posted in PunBB 1.2 troubleshooting)
There are no files in my cache folder, but I still can't delete it. I tried to chmod it, and chmod the folder that contains it. In vain.
Any ideas?
38 2008-05-10 13:00
Re: A "Logout" button instead of "Login" (15 replies, posted in PunBB 1.2 troubleshooting)
Er... And where do I normally add this code?
39 2008-05-10 12:53
Re: A "Logout" button instead of "Login" (15 replies, posted in PunBB 1.2 troubleshooting)
Thanks for responding :-).
How do I make the redirect? I only made the redirect once from /forum/index.php to /forum, that could be what caused the problem?
40 2008-05-10 12:17
Topic: A "Logout" button instead of "Login" (15 replies, posted in PunBB 1.2 troubleshooting)
Hi everyone,
I just upgraded my forum from 1.2.16 to 1.2.17. I hoped to see my login problem disappear: Whenever I log in, I was redirected to the index page and had to attempt to log in again. So logging in takes two attempts. And it's mostly the same thing with logging out, and sometimes the cookies keep me just logged in all the time.
Now, I logged out after upgrading to 1.2.17, and although the forum says "you're not logged in", but instead of the login button, there is a logout one! Can you please check my login.php and tell me what's going wrong?
Many thanks in advance.
<?php
/***********************************************************************
Copyright (C) 2002-2005 Rickard Andersson (rickard@punbb.org)
This file is part of PunBB.
PunBB is free software; you can redistribute it and/or modify it
under the terms of the GNU General Public License as published
by the Free Software Foundation; either version 2 of the License,
or (at your option) any later version.
PunBB is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston,
MA 02111-1307 USA
************************************************************************/
if (isset($_GET['action']))
define('PUN_QUIET_VISIT', 1);
define('PUN_ROOT', './');
require PUN_ROOT.'include/common.php';
// Load the login.php language file
require PUN_ROOT.'lang/'.$pun_user['language'].'/login.php';
$action = isset($_GET['action']) ? $_GET['action'] : null;
if (isset($_POST['form_sent']) && $action == 'in')
{
$form_username = trim($_POST['req_username']);
$form_password = trim($_POST['req_password']);
$username_sql = ($db_type == 'mysql' || $db_type == 'mysqli') ? 'username=\''.$db->escape($form_username).'\'' : 'LOWER(username)=LOWER(\''.$db->escape($form_username).'\')';
$result = $db->query('SELECT id, group_id, password, save_pass FROM '.$db->prefix.'users WHERE '.$username_sql) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());
list($user_id, $group_id, $db_password_hash, $save_pass) = $db->fetch_row($result);
$authorized = false;
if (!empty($db_password_hash))
{
$sha1_in_db = (strlen($db_password_hash) == 40) ? true : false;
$sha1_available = (function_exists('sha1') || function_exists('mhash')) ? true : false;
$form_password_hash = pun_hash($form_password); // This could result in either an SHA-1 or an MD5 hash (depends on $sha1_available)
if ($sha1_in_db && $sha1_available && $db_password_hash == $form_password_hash)
$authorized = true;
else if (!$sha1_in_db && $db_password_hash == md5($form_password))
{
$authorized = true;
if ($sha1_available) // There's an MD5 hash in the database, but SHA1 hashing is available, so we update the DB
$db->query('UPDATE '.$db->prefix.'users SET password=\''.$form_password_hash.'\' WHERE id='.$user_id) or error('Unable to update user password', __FILE__, __LINE__, $db->error());
}
}
if (!$authorized)
message($lang_login['Wrong user/pass'].' <a href="login.php?action=forget">'.$lang_login['Forgotten pass'].'</a>');
// Update the status if this is the first time the user logged in
if ($group_id == PUN_UNVERIFIED)
$db->query('UPDATE '.$db->prefix.'users SET group_id='.$pun_config['o_default_user_group'].' WHERE id='.$user_id) or error('Unable to update user status', __FILE__, __LINE__, $db->error());
// Remove this users guest entry from the online list
$db->query('DELETE FROM '.$db->prefix.'online WHERE ident=\''.$db->escape(get_remote_address()).'\'') or error('Unable to delete from online list', __FILE__, __LINE__, $db->error());
$expire = ($save_pass == '1') ? time() + 31536000 : 0;
pun_setcookie($user_id, $form_password_hash, $expire);
redirect(htmlspecialchars($_POST['redirect_url']), $lang_login['Login redirect']);
}
else if ($action == 'out')
{
if ($pun_user['is_guest'] || !isset($_GET['id']) || $_GET['id'] != $pun_user['id'] || !isset($_GET['csrf_token']) || $_GET['csrf_token'] != sha1($pun_user['id'].sha1(get_remote_address())))
{
header('Location: index.php');
exit;
}
// Remove user from "users online" list.
$db->query('DELETE FROM '.$db->prefix.'online WHERE user_id='.$pun_user['id']) or error('Unable to delete from online list', __FILE__, __LINE__, $db->error());
// Update last_visit (make sure there's something to update it with)
if (isset($pun_user['logged']))
$db->query('UPDATE '.$db->prefix.'users SET last_visit='.$pun_user['logged'].' WHERE id='.$pun_user['id']) or error('Unable to update user visit data', __FILE__, __LINE__, $db->error());
pun_setcookie(1, md5(uniqid(rand(), true)), time() + 31536000);
redirect('index.php', $lang_login['Logout redirect']);
}
else if ($action == 'forget' || $action == 'forget_2')
{
if (!$pun_user['is_guest'])
header('Location: index.php');
if (isset($_POST['form_sent']))
{
require PUN_ROOT.'include/email.php';
// Validate the email-address
$email = strtolower(trim($_POST['req_email']));
if (!is_valid_email($email))
message($lang_common['Invalid e-mail']);
$result = $db->query('SELECT id, username FROM '.$db->prefix.'users WHERE email=\''.$db->escape($email).'\'') or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());
if ($db->num_rows($result))
{
// Load the "activate password" template
$mail_tpl = trim(file_get_contents(PUN_ROOT.'lang/'.$pun_user['language'].'/mail_templates/activate_password.tpl'));
// The first row contains the subject
$first_crlf = strpos($mail_tpl, "\n");
$mail_subject = trim(substr($mail_tpl, 8, $first_crlf-8));
$mail_message = trim(substr($mail_tpl, $first_crlf));
// Do the generic replacements first (they apply to all e-mails sent out here)
$mail_message = str_replace('<base_url>', $pun_config['o_base_url'].'/', $mail_message);
$mail_message = str_replace('<board_mailer>', $pun_config['o_board_title'].' '.$lang_common['Mailer'], $mail_message);
// Loop through users we found
while ($cur_hit = $db->fetch_assoc($result))
{
// Generate a new password and a new password activation code
$new_password = random_pass(8);
$new_password_key = random_pass(8);
$db->query('UPDATE '.$db->prefix.'users SET activate_string=\''.pun_hash($new_password).'\', activate_key=\''.$new_password_key.'\' WHERE id='.$cur_hit['id']) or error('Unable to update activation data', __FILE__, __LINE__, $db->error());
// Do the user specific replacements to the template
$cur_mail_message = str_replace('<username>', $cur_hit['username'], $mail_message);
$cur_mail_message = str_replace('<activation_url>', $pun_config['o_base_url'].'/profile.php?id='.$cur_hit['id'].'&action=change_pass&key='.$new_password_key, $cur_mail_message);
$cur_mail_message = str_replace('<new_password>', $new_password, $cur_mail_message);
pun_mail($email, $mail_subject, $cur_mail_message);
}
message($lang_login['Forget mail'].' <a href="mailto:'.$pun_config['o_admin_email'].'">'.$pun_config['o_admin_email'].'</a>.');
}
else
message($lang_login['No e-mail match'].' '.htmlspecialchars($email).'.');
}
$page_title = pun_htmlspecialchars($pun_config['o_board_title']).' / '.$lang_login['Request pass'];
$required_fields = array('req_email' => $lang_common['E-mail']);
$focus_element = array('request_pass', 'req_email');
require PUN_ROOT.'header.php';
?>
<div class="blockform">
<h2><span><?php echo $lang_login['Request pass'] ?></span></h2>
<div class="box">
<form id="request_pass" method="post" action="login.php?action=forget_2" onsubmit="this.request_pass.disabled=true;if(process_form(this)){return true;}else{this.request_pass.disabled=false;return false;}">
<div class="inform">
<fieldset>
<legend><?php echo $lang_login['Request pass legend'] ?></legend>
<div class="infldset">
<input type="hidden" name="form_sent" value="1" />
<input id="req_email" type="text" name="req_email" size="50" maxlength="50" />
<p><?php echo $lang_login['Request pass info'] ?></p>
</div>
</fieldset>
</div>
<p><input type="submit" name="request_pass" value="<?php echo $lang_common['Submit'] ?>" /><a href="javascript:history.go(-1)"><?php echo $lang_common['Go back'] ?></a></p>
</form>
</div>
</div>
<?php
require PUN_ROOT.'footer.php';
}
if (!$pun_user['is_guest'])
header('Location: index.php');
// Try to determine if the data in HTTP_REFERER is valid (if not, we redirect to index.php after login)
$redirect_url = (isset($_SERVER['HTTP_REFERER']) && preg_match('#^'.preg_quote($pun_config['o_base_url']).'/(.*?)\.php#i', $_SERVER['HTTP_REFERER'])) ? htmlspecialchars($_SERVER['HTTP_REFERER']) : 'index.php';
$page_title = pun_htmlspecialchars($pun_config['o_board_title']).' / '.$lang_common['Login'];
$required_fields = array('req_username' => $lang_common['Username'], 'req_password' => $lang_common['Password']);
$focus_element = array('login', 'req_username');
require PUN_ROOT.'header.php';
?>
<div class="blockform">
<h2><span><?php echo $lang_common['Login'] ?></span></h2>
<div class="box">
<form id="login" method="post" action="login.php?action=in" onsubmit="return process_form(this)">
<div class="inform">
<fieldset>
<legend><?php echo $lang_login['Login legend'] ?></legend>
<div class="infldset">
<input type="hidden" name="form_sent" value="1" />
<input type="hidden" name="redirect_url" value="<?php echo $redirect_url ?>" />
<label class="conl"><strong><?php echo $lang_common['Username'] ?></strong><br /><input type="text" name="req_username" size="25" maxlength="25" tabindex="1" /><br /></label>
<label class="conl"><strong><?php echo $lang_common['Password'] ?></strong><br /><input type="password" name="req_password" size="16" maxlength="16" tabindex="2" /><br /></label>
<p class="clearb"><?php echo $lang_login['Login info'] ?></p>
<p><a href="register.php" tabindex="4"><?php echo $lang_login['Not registered'] ?></a>
<a href="login.php?action=forget" tabindex="5"><?php echo $lang_login['Forgotten pass'] ?></a></p>
</div>
</fieldset>
</div>
<p><input type="submit" name="login" value="<?php echo $lang_common['Login'] ?>" tabindex="3" /></p>
</form>
</div>
</div>
<?php
require PUN_ROOT.'footer.php';
41 2008-05-10 11:56
Re: PunBB 1.2.17 (69 replies, posted in News)
@elbekko:
It's "uniform".
@Jarkko:
Thanks. I just wasn't quite sure about the relationship between the two. This answered my question.
42 2008-05-10 11:48
Re: PunBB 1.2.17 (69 replies, posted in News)
Hello everyone, I have a very minor remark. It's something I can't understand, so maybe I am just not seeing this right.
In the hdiff from 1.2.16 to 1.2.17, in [punbb-1.2.17/upload/include/functions.php] there is this line:
// Prefix with o_base_url (unless there's already a valid URI)
I know it's just a title and won't affect the code, but where is there an URI instead of URL? Was that a typo? I noticed this in some wordpress themes as well, and I just can't get why could this typo be universal... If it's one.
43 2008-05-10 08:41
Re: Recent Posts (10 replies, posted in Feature requests)
In 1.2.16, the code to replace is a little bit different:
// If it's a search for todays posts
else if ($action == 'show_24h')
{
$result = $db->query('SELECT t.id FROM '.$db->prefix.'topics AS t INNER JOIN '.$db->prefix.'forums AS f ON f.id=t.forum_id LEFT JOIN '.$db->prefix.'forum_perms AS fp ON (fp.forum_id=f.id AND fp.group_id='.$pun_user['g_id'].') WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND t.last_post>'.(time() - 86400).' AND t.moved_to IS NULL') or error('Unable to fetch topic list', __FILE__, __LINE__, $db->error());
$num_hits = $db->num_rows($result);
if (!$num_hits)
message($lang_search['No recent posts']);
}
But it still worked when I replaced it by the one suggested above. But I'd like to make sure that I didn't mess up the code.
Thanks.
44 2008-03-28 18:13
Re: Arcade scores "hacked"? (16 replies, posted in PunBB 1.2 modifications, plugins and integrations)
The info about the cheating is in the post of matt1298. I deleted the account of that member, and thus his scores, so the link above won't show anything anymore. After I banned him, he actually registered with another similar account today.
I appreciate all your feedback on the matter. And I also would love to know if there is anything to be done to stop the cheating.
45 2008-03-27 22:53
Re: Arcade scores "hacked"? (16 replies, posted in PunBB 1.2 modifications, plugins and integrations)
Here is the mod I am using:
http://www.berger-feld.de/index.php?opt … ;Itemid=37
Smartys told me before that it had serious DB bugs apparently.
46 2008-03-27 20:56
Re: Arcade scores "hacked"? (16 replies, posted in PunBB 1.2 modifications, plugins and integrations)
Er... How can I check?
47 2008-03-27 19:31
Re: Arcade scores "hacked"? (16 replies, posted in PunBB 1.2 modifications, plugins and integrations)
Er... Sure. Can I send you that by e-mail?
Edit: Do you mean as a regular member? (Registration is done in a few seconds ^_^ no verification required)
48 2008-03-27 19:28
Topic: Arcade scores "hacked"? (16 replies, posted in PunBB 1.2 modifications, plugins and integrations)
Someone registered in our forums today, and had managed to put some strange scores in the arcade.
Is this a hack? Some security problem? What should I do?
49 2008-03-06 14:27
Re: newsbot - post RSS news (28 replies, posted in PunBB 1.2 modifications, plugins and integrations)
Solovey, can you please re-eplain to me how it worked for you?
Can I add many RSS feeds? Can I determine a limit of feeds to be published a day?
Thanks in advance.
50 2008-03-02 08:49
Re: newsbot - post RSS news (28 replies, posted in PunBB 1.2 modifications, plugins and integrations)
Thank you so much for your work!
Did it work for you? Url?