Beispiel #1
0
<?php

/*
 * Copyright (C) 2013-2015 Luna
 * Based on code by FluxBB copyright (C) 2008-2012 FluxBB
 * Based on code by Rickard Andersson copyright (C) 2002-2008 PunBB
 * Licensed under GPLv2 (http://getluna.org/license.php)
 */
define('LUNA_ROOT', '../');
require LUNA_ROOT . 'include/common.php';
if (!$is_admin) {
    header("Location: login.php");
}
if (isset($_POST['form_sent'])) {
    confirm_referrer('backstage/features.php', __('Bad HTTP_REFERER. If you have moved these forums from one location to another or switched domains, you need to update the Base URL manually in the database (look for o_base_url in the config table) and then clear the cache by deleting all .php files in the /cache directory.', 'luna'));
    $form = array('users_online' => isset($_POST['form']['users_online']) ? '1' : '0', 'censoring' => isset($_POST['form']['censoring']) ? '1' : '0', 'signatures' => isset($_POST['form']['signatures']) ? '1' : '0', 'ranks' => isset($_POST['form']['ranks']) ? '1' : '0', 'thread_views' => isset($_POST['form']['thread_views']) ? '1' : '0', 'has_commented' => isset($_POST['form']['has_commented']) ? '1' : '0', 'show_first_run' => isset($_POST['form']['show_first_run']) ? '1' : '0', 'first_run_guests' => isset($_POST['form']['first_run_guests']) ? '1' : '0', 'first_run_message' => luna_trim($_POST['form']['first_run_message']), 'smilies_sig' => isset($_POST['form']['smilies_sig']) ? '1' : '0', 'make_links' => isset($_POST['form']['make_links']) ? '1' : '0', 'allow_center' => isset($_POST['form']['allow_center']) ? '1' : '0', 'allow_size' => isset($_POST['form']['allow_size']) ? '1' : '0', 'indent_num_spaces' => intval($_POST['form']['indent_num_spaces']) >= 0 ? intval($_POST['form']['indent_num_spaces']) : 0, 'quote_depth' => intval($_POST['form']['quote_depth']) > 0 ? intval($_POST['form']['quote_depth']) : 1, 'gzip' => isset($_POST['form']['gzip']) ? '1' : '0', 'search_all_forums' => isset($_POST['form']['search_all_forums']) ? '1' : '0', 'enable_advanced_search' => isset($_POST['form']['enable_advanced_search']) ? '1' : '0', 'inbox_enabled' => isset($_POST['form']['inbox_enabled']) ? '1' : '0', 'inbox_notification' => isset($_POST['form']['inbox_notification']) ? '1' : '0', 'inbox_max_receiver' => intval($_POST['form']['inbox_max_receiver']) > 0 ? intval($_POST['form']['inbox_max_receiver']) : 5);
    foreach ($form as $key => $input) {
        // Only update values that have changed
        if (array_key_exists('o_' . $key, $luna_config) && $luna_config['o_' . $key] != $input) {
            if ($input != '' || is_int($input)) {
                $value = '\'' . $db->escape($input) . '\'';
            } else {
                $value = 'NULL';
            }
            $db->query('UPDATE ' . $db->prefix . 'config SET conf_value=' . $value . ' WHERE conf_name=\'o_' . $db->escape($key) . '\'') or error('Unable to update board config', __FILE__, __LINE__, $db->error());
        }
    }
    // Regenerate the config cache
    if (!defined('LUNA_CACHE_FUNCTIONS_LOADED')) {
        require LUNA_ROOT . 'include/cache.php';
    }
Beispiel #2
0
    if (isset($luna_user['logged'])) {
        $db->query('UPDATE ' . $db->prefix . 'users SET last_visit=' . $luna_user['logged'] . ' WHERE id=' . $luna_user['id']) or error('Unable to update user visit data', __FILE__, __LINE__, $db->error());
    }
    luna_setcookie(1, luna_hash(uniqid(rand(), true)), time() + 31536000);
    redirect('index.php');
} elseif ($action == 'forget' || $action == 'forget_2') {
    if (!$luna_user['is_guest']) {
        header('Location: index.php');
        exit;
    }
    if (isset($_POST['form_sent'])) {
        // Start with a clean slate
        $errors = array();
        require FORUM_ROOT . 'include/email.php';
        // Validate the email address
        $email = strtolower(luna_trim($_POST['req_email']));
        if (!is_valid_email($email)) {
            message(__('The email address you entered is invalid.', 'luna'));
            exit;
        }
        // Did everything go according to plan?
        if (empty($errors)) {
            $result = $db->query('SELECT id, username, last_email_sent FROM ' . $db->prefix . 'users WHERE email=\'' . $db->escape($email) . '\'') or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());
            if ($db->num_rows($result)) {
                // Load the "activate password" template
                $mail_tpl = trim(__('Subject: New password requested

Hello <username>,

You have requested to have a new password assigned to your account in the discussion forum at <base_url>. If you did not request this or if you do not want to change your password you should just ignore this message. Only if you visit the activation page below will your password be changed.
Beispiel #3
0
function output_html($feed)
{
    // Send the Content-type header in case the web server is setup to send something else
    header('Content-type: text/html; charset=utf-8');
    header('Expires: ' . date('D, d M Y H:i:s') . ' GMT');
    header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
    header('Pragma: public');
    foreach ($feed['items'] as $item) {
        if (utf8_strlen($item['title']) > LUNA_EXTERN_MAX_SUBJECT_LENGTH) {
            $subject_truncated = luna_htmlspecialchars(luna_trim(utf8_substr($item['title'], 0, LUNA_EXTERN_MAX_SUBJECT_LENGTH - 5))) . ' …';
        } else {
            $subject_truncated = luna_htmlspecialchars($item['title']);
        }
        echo '<li><a href="' . luna_htmlspecialchars($item['link']) . '" title="' . luna_htmlspecialchars($item['title']) . '">' . $subject_truncated . '</a></li>' . "\n";
    }
}
Beispiel #4
0
function luna_mail($to, $subject, $message, $reply_to_email = '', $reply_to_name = '')
{
    global $luna_config;
    // Default sender/return address
    $from_name = sprintf(__('%s Mailer', 'luna'), $luna_config['o_board_title']);
    $from_email = $luna_config['o_webmaster_email'];
    // Do a little spring cleaning
    $to = luna_trim(preg_replace('%[\\n\\r]+%s', '', $to));
    $subject = luna_trim(preg_replace('%[\\n\\r]+%s', '', $subject));
    $from_email = luna_trim(preg_replace('%[\\n\\r:]+%s', '', $from_email));
    $from_name = luna_trim(preg_replace('%[\\n\\r:]+%s', '', str_replace('"', '', $from_name)));
    $reply_to_email = luna_trim(preg_replace('%[\\n\\r:]+%s', '', $reply_to_email));
    $reply_to_name = luna_trim(preg_replace('%[\\n\\r:]+%s', '', str_replace('"', '', $reply_to_name)));
    // Set up some headers to take advantage of UTF-8
    $from = '"' . encode_mail_text($from_name) . '" <' . $from_email . '>';
    $subject = encode_mail_text($subject);
    $headers = 'From: ' . $from . FORUM_EOL . 'Date: ' . gmdate('r') . FORUM_EOL . 'MIME-Version: 1.0' . FORUM_EOL . 'Content-transfer-encoding: 8bit' . FORUM_EOL . 'Content-type: text/plain; charset=utf-8' . FORUM_EOL . 'X-Mailer: Luna Mailer';
    // If we specified a reply-to email, we deal with it here
    if (!empty($reply_to_email)) {
        $reply_to = '"' . encode_mail_text($reply_to_name) . '" <' . $reply_to_email . '>';
        $headers .= FORUM_EOL . 'Reply-To: ' . $reply_to;
    }
    // Make sure all linebreaks are LF in message (and strip out any NULL bytes)
    $message = str_replace("", '', luna_linebreaks($message));
    if ($luna_config['o_smtp_host'] != '') {
        // Headers should be \r\n
        // Message should be ??
        $message = str_replace("\n", "\r\n", $message);
        smtp_mail($to, $subject, $message, $headers);
    } else {
        // Headers should be \r\n
        // Message should be \n
        mail($to, $subject, $message, $headers);
    }
}
Beispiel #5
0
 $orig_message = $message = luna_linebreaks(luna_trim($_POST['req_message']));
 // Here we use strlen() not luna_strlen() as we want to limit the comment to FORUM_MAX_POSTSIZE bytes, not characters
 if (strlen($message) > FORUM_MAX_POSTSIZE) {
     $errors[] = sprintf(__('Comments cannot be longer than %s bytes.', 'luna'), forum_number_format(FORUM_MAX_POSTSIZE));
 } elseif ($luna_config['p_message_all_caps'] == '0' && is_all_uppercase($message) && !$luna_user['is_admmod']) {
     $errors[] = __('Comments cannot contain only capital letters.', 'luna');
 }
 // Validate BBCode syntax
 require FORUM_ROOT . 'include/parser.php';
 $message = preparse_bbcode($message, $errors);
 if (empty($errors)) {
     if ($message == '') {
         $errors[] = __('You must enter a message.', 'luna');
     } elseif ($luna_config['o_censoring'] == '1') {
         // Censor message to see if that causes problems
         $censored_message = luna_trim(censor_words($message));
         if ($censored_message == '') {
             $errors[] = __('You must enter a message. After applying censoring filters, your message was empty.', 'luna');
         }
     }
 }
 $hide_smilies = isset($_POST['hide_smilies']) ? '1' : '0';
 $subscribe = isset($_POST['subscribe']) ? '1' : '0';
 $stick_topic = isset($_POST['stick_topic']) && $is_admmod ? '1' : '0';
 // Replace four-byte characters (MySQL cannot handle them)
 $message = strip_bad_multibyte_chars($message);
 $now = time();
 // Did everything go according to plan?
 if (empty($errors) && !isset($_POST['preview'])) {
     require FORUM_ROOT . 'include/search_idx.php';
     // If it's a reply
Beispiel #6
0
function parse_message($text)
{
    global $luna_config, $luna_user;
    if ($luna_config['o_censoring'] == '1') {
        $text = censor_words($text);
    }
    // Convert applicable characters to HTML entities
    $text = luna_htmlspecialchars($text);
    // If the message contains a code tag we have to split it up (text within [code][/code] shouldn't be touched)
    if (strpos($text, '[code]') !== false && strpos($text, '[/code]') !== false) {
        list($inside, $text) = extract_blocks($text, '[code]', '[/code]');
    }
    if (strpos($text, '[') !== false && strpos($text, ']') !== false) {
        $text = do_bbcode($text);
    }
    $text = do_smilies($text);
    // Deal with newlines, tabs and multiple spaces
    $pattern = array("\n", "\t", '  ', '  ');
    $replace = array('<br />', '&#160; &#160; ', '&#160; ', ' &#160;');
    $text = str_replace($pattern, $replace, $text);
    // If we split up the message before we have to concatenate it together again (code tags)
    if (isset($inside)) {
        $parts = explode("", $text);
        $text = '';
        foreach ($parts as $i => $part) {
            $text .= $part;
            if (isset($inside[$i])) {
                $num_lines = substr_count($inside[$i], "\n");
                $code_line = explode("\n", $inside[$i]);
                $first_line = trim($code_line[1]);
                if (strpos($first_line, '[[') !== false && strpos($first_line, ']]') !== false) {
                    // fetching the language name
                    $language = strtolower(trim(str_replace(array('[[', ']]'), '', $first_line)));
                    if ($language == 'html' || $language == 'xhtml' || $language == 'xml') {
                        // Markup case
                        $h_class = ' class="language-markup"';
                    } elseif ($language == 'php' || $language == 'c++' || $language == 'perl') {
                        // C-like languages case
                        $h_class = ' class="language-clike"';
                    } elseif ($language == 'javascript') {
                        // JavaScript case
                        $h_class = ' class="language-javascript"';
                    } elseif ($language == 'php') {
                        // C-like languages case
                        $h_class = ' class="language-php"';
                    } else {
                        // Other cases
                        $h_class = '';
                    }
                    // Deleting the line giving the code name
                    $inside[$i] = str_replace($first_line, '', $inside[$i]);
                    // Generating the the HTML code block
                    $text .= '</p><div class="codebox"><pre' . ($num_lines > 28 ? ' class="vscroll"' : '') . '><code' . $h_class . '>' . luna_trim($inside[$i], "\n\r") . '</code></pre></div><p>';
                } else {
                    $text .= '</p><div class="codebox"><pre' . ($num_lines > 28 ? ' class="vscroll"' : '') . '><code>' . luna_trim($inside[$i], "\n\r") . '</code></pre></div><p>';
                }
            }
        }
    }
    return clean_paragraphs($text);
}
Beispiel #7
0
<?php

/*
 * Copyright (C) 2013-2015 Luna
 * Based on code by FluxBB copyright (C) 2008-2012 FluxBB
 * Based on code by Rickard Andersson copyright (C) 2002-2008 PunBB
 * Licensed under GPLv2 (http://getluna.org/license.php)
 */
define('LUNA_ROOT', '../');
require LUNA_ROOT . 'include/common.php';
if (!$is_admin) {
    header("Location: login.php");
}
// Create new user
if (isset($_POST['add_user'])) {
    $username = luna_trim($_POST['username']);
    $email1 = strtolower(trim($_POST['email']));
    $email2 = strtolower(trim($_POST['email']));
    $trimpassword = trim($_POST['password']);
    if (isset($_POST['random_pass'])) {
        $password = random_pass(8);
    } elseif (!empty($trimpassword)) {
        $password = trim($_POST['password']);
    } else {
        redirect('backstage/users.php?user_failed=true');
    }
    $errors = array();
    // Convert multiple whitespace characters into one (to prevent people from registering with indistinguishable usernames)
    $username = preg_replace('#\\s+#s', ' ', $username);
    // Validate username and passwords
    if (strlen($username) < 2) {
Beispiel #8
0
/*
 * Copyright (C) 2013-2015 Luna
 * Based on code by FluxBB copyright (C) 2008-2012 FluxBB
 * Based on code by Rickard Andersson copyright (C) 2002-2008 PunBB
 * Licensed under GPLv2 (http://getluna.org/license.php)
 */
define('LUNA_ROOT', dirname(__FILE__) . '/');
require LUNA_ROOT . 'include/common.php';
if ($luna_user['g_read_board'] == '0') {
    message(__('You do not have permission to view this page.', 'luna'), false, '403 Forbidden');
} elseif ($luna_user['g_view_users'] == '0') {
    message(__('You do not have permission to access this page.', 'luna'), false, '403 Forbidden');
}
// Determine if we are allowed to view comment counts
$show_comment_count = $luna_config['o_show_comment_count'] == '1' || $luna_user['is_admmod'] ? true : false;
$username = isset($_GET['username']) && $luna_user['g_search_users'] == '1' ? luna_trim($_GET['username']) : '';
if (isset($_GET['sort'])) {
    if ($_GET['sort'] == 'username') {
        $sort_query = 'username ASC';
    } elseif ($_GET['sort'] == 'registered') {
        $sort_query = 'registered ASC';
    } else {
        $sort_query = 'num_comments DESC';
    }
    $sort_by = $_GET['sort'];
} else {
    $sort_query = 'username ASC';
    $sort_by = '';
}
// Create any SQL for the WHERE clause
$where_sql = array();
Beispiel #9
0
    }
    $db->end_transaction();
    $db->close();
    ob_end_clean();
    ob_start();
    header('Location: backstage/maintenance.php' . $query_str);
    exit;
}
// Get the first comment ID from the db
$result = $db->query('SELECT id FROM ' . $db->prefix . 'comments ORDER BY id ASC LIMIT 1') or error('Unable to fetch thread info', __FILE__, __LINE__, $db->error());
if ($db->num_rows($result)) {
    $first_id = $db->result($result);
}
if (isset($_POST['form_sent'])) {
    confirm_referrer('backstage/maintenance.php');
    $form = array('maintenance' => isset($_POST['form']['maintenance']) ? '1' : '0', 'maintenance_message' => luna_trim($_POST['form']['maintenance_message']));
    if ($form['maintenance_message'] != '') {
        $form['maintenance_message'] = luna_linebreaks($form['maintenance_message']);
    } else {
        $form['maintenance_message'] = __('The forums are temporarily down for maintenance. Please try again in a few minutes.', 'luna');
        $form['maintenance'] = '0';
    }
    foreach ($form as $key => $input) {
        // Only update values that have changed
        if (array_key_exists('o_' . $key, $luna_config) && $luna_config['o_' . $key] != $input) {
            if ($input != '' || is_int($input)) {
                $value = '\'' . $db->escape($input) . '\'';
            } else {
                $value = 'NULL';
            }
            $db->query('UPDATE ' . $db->prefix . 'config SET conf_value=' . $value . ' WHERE conf_name=\'o_' . $db->escape($key) . '\'') or error('Unable to update board config', __FILE__, __LINE__, $db->error());
Beispiel #10
0
 // Generate an array with all categories
 $result = $db->query('SELECT id, cat_name, disp_position FROM ' . $db->prefix . 'categories ORDER BY disp_position') or error('Unable to fetch category list', __FILE__, __LINE__, $db->error());
 $num_cats = $db->num_rows($result);
 for ($i = 0; $i < $num_cats; ++$i) {
     $cat_list[] = $db->fetch_assoc($result);
 }
 if (isset($_POST['update'])) {
     // Change position and name of the categories
     confirm_referrer('backstage/board.php');
     $categories = $_POST['cat'];
     if (empty($categories)) {
         message_backstage(__('Bad request. The link you followed is incorrect, outdated or you are simply not allowed to hang around here.', 'luna'), false, '404 Not Found');
     }
     foreach ($categories as $cat_id => $cur_cat) {
         $cur_cat['name'] = luna_trim($cur_cat['name']);
         $cur_cat['order'] = luna_trim($cur_cat['order']);
         if ($cur_cat['name'] == '') {
             message_backstage(__('You must enter a name', 'luna'));
         }
         if ($cur_cat['order'] == '' || preg_match('%[^0-9]%', $cur_cat['order'])) {
             message_backstage(__('Position must be a positive integer value.', 'luna'));
         }
         $db->query('UPDATE ' . $db->prefix . 'categories SET cat_name=\'' . $db->escape($cur_cat['name']) . '\', disp_position=' . $cur_cat['order'] . ' WHERE id=' . intval($cat_id)) or error('Unable to update category', __FILE__, __LINE__, $db->error());
     }
     redirect('backstage/board.php?saved=true');
 }
 $page_title = array(luna_htmlspecialchars($luna_config['o_board_title']), __('Admin', 'luna'), __('Board', 'luna'));
 define('FORUM_ACTIVE_PAGE', 'admin');
 require 'header.php';
 load_admin_nav('content', 'board');
 if (isset($_GET['saved'])) {
Beispiel #11
0
     } elseif ($form['disp_posts'] > 75) {
         $form['disp_posts'] = 75;
     }
 }
 // Make sure we got a valid language string
 if (isset($_POST['form']['language'])) {
     $languages = forum_list_langs();
     $form['language'] = luna_trim($_POST['form']['language']);
     if (!in_array($form['language'], $languages)) {
         message(__('Bad request. The link you followed is incorrect, outdated or you are simply not allowed to hang around here.', 'luna'), false, '404 Not Found');
     }
 }
 // Make sure we got a valid style string
 if (isset($_POST['form']['style'])) {
     $styles = forum_list_styles();
     $form['style'] = luna_trim($_POST['form']['style']);
     if (!in_array($form['style'], $styles)) {
         message(__('Bad request. The link you followed is incorrect, outdated or you are simply not allowed to hang around here.', 'luna'), false, '404 Not Found');
     }
 }
 if ($form['email_setting'] < 0 || $form['email_setting'] > 2) {
     $form['email_setting'] = $luna_config['o_default_email_setting'];
 }
 // Single quotes around non-empty values and NULL for empty values
 $temp = array();
 foreach ($form as $key => $input) {
     $value = $input !== '' ? '\'' . $db->escape($input) . '\'' : 'NULL';
     $temp[] = $key . '=' . $value;
 }
 if (empty($temp)) {
     message(__('Bad request. The link you followed is incorrect, outdated or you are simply not allowed to hang around here.', 'luna'), false, '404 Not Found');
Beispiel #12
0
<?php

/*
 * Copyright (C) 2013-2015 Luna
 * Based on code by FluxBB copyright (C) 2008-2012 FluxBB
 * Based on code by Rickard Andersson copyright (C) 2002-2008 PunBB
 * Licensed under GPLv3 (http://getluna.org/license.php)
 */
define('FORUM_ROOT', '../');
require FORUM_ROOT . 'include/common.php';
if (!$is_admin) {
    header("Location: login.php");
}
if (isset($_POST['form_sent'])) {
    confirm_referrer('backstage/features.php', __('Bad HTTP_REFERER. If you have moved these forums from one location to another or switched domains, you need to update the Base URL manually in the database (look for o_base_url in the config table) and then clear the cache by deleting all .php files in the /cache directory.', 'luna'));
    $form = array('users_online' => isset($_POST['form']['users_online']) ? '1' : '0', 'censoring' => isset($_POST['form']['censoring']) ? '1' : '0', 'signatures' => isset($_POST['form']['signatures']) ? '1' : '0', 'ranks' => isset($_POST['form']['ranks']) ? '1' : '0', 'topic_views' => isset($_POST['form']['topic_views']) ? '1' : '0', 'has_posted' => isset($_POST['form']['has_posted']) ? '1' : '0', 'show_first_run' => isset($_POST['form']['show_first_run']) ? '1' : '0', 'first_run_guests' => isset($_POST['form']['first_run_guests']) ? '1' : '0', 'first_run_message' => luna_trim($_POST['form']['first_run_message']), 'smilies_sig' => isset($_POST['form']['smilies_sig']) ? '1' : '0', 'make_links' => isset($_POST['form']['make_links']) ? '1' : '0', 'indent_num_spaces' => intval($_POST['form']['indent_num_spaces']) >= 0 ? intval($_POST['form']['indent_num_spaces']) : 0, 'quote_depth' => intval($_POST['form']['quote_depth']) > 0 ? intval($_POST['form']['quote_depth']) : 1, 'video_width' => intval($_POST['form']['video_width']) > 0 ? intval($_POST['form']['video_width']) : 640, 'video_height' => intval($_POST['form']['video_height']) > 0 ? intval($_POST['form']['video_height']) : 360, 'gzip' => isset($_POST['form']['gzip']) ? '1' : '0', 'search_all_forums' => isset($_POST['form']['search_all_forums']) ? '1' : '0', 'enable_advanced_search' => isset($_POST['form']['enable_advanced_search']) ? '1' : '0', 'pms_enabled' => isset($_POST['form']['pms_enabled']) ? '1' : '0', 'pms_notification' => isset($_POST['form']['pms_notification']) ? '1' : '0', 'pms_max_receiver' => intval($_POST['form']['pms_max_receiver']) > 0 ? intval($_POST['form']['pms_max_receiver']) : 5);
    foreach ($form as $key => $input) {
        // Only update values that have changed
        if (array_key_exists('o_' . $key, $luna_config) && $luna_config['o_' . $key] != $input) {
            if ($input != '' || is_int($input)) {
                $value = '\'' . $db->escape($input) . '\'';
            } else {
                $value = 'NULL';
            }
            $db->query('UPDATE ' . $db->prefix . 'config SET conf_value=' . $value . ' WHERE conf_name=\'o_' . $db->escape($key) . '\'') or error('Unable to update board config', __FILE__, __LINE__, $db->error());
        }
    }
    // Regenerate the config cache
    if (!defined('FORUM_CACHE_FUNCTIONS_LOADED')) {
        require FORUM_ROOT . 'include/cache.php';
    }
Beispiel #13
0
    $db->query('INSERT INTO ' . $db->prefix . 'ranks (rank, min_posts) VALUES(\'' . $db->escape($rank) . '\', ' . $min_posts . ')') or error('Unable to add rank', __FILE__, __LINE__, $db->error());
    // Regenerate the ranks cache
    if (!defined('FORUM_CACHE_FUNCTIONS_LOADED')) {
        require FORUM_ROOT . 'include/cache.php';
    }
    generate_ranks_cache();
    redirect('backstage/ranks.php');
} elseif (isset($_POST['update'])) {
    confirm_referrer('backstage/ranks.php');
    $rank = $_POST['rank'];
    if (empty($rank)) {
        message_backstage(__('Bad request. The link you followed is incorrect, outdated or you are simply not allowed to hang around here.', 'luna'), false, '404 Not Found');
    }
    foreach ($rank as $item_id => $cur_rank) {
        $cur_rank['rank'] = luna_trim($cur_rank['rank']);
        $cur_rank['min_posts'] = luna_trim($cur_rank['min_posts']);
        if ($cur_rank['rank'] == '') {
            message_backstage(__('You must enter a title.', 'luna'));
        } elseif ($cur_rank['min_posts'] == '' || preg_match('%[^0-9]%', $cur_rank['min_posts'])) {
            message_backstage(__('Minimum posts must be a positive integer value.', 'luna'));
        } else {
            $rank_check = $db->query('SELECT 1 FROM ' . $db->prefix . 'ranks WHERE id!=' . intval($item_id) . ' AND min_posts=' . $cur_rank['min_posts']) or error('Unable to fetch rank info', __FILE__, __LINE__, $db->error());
            if ($db->num_rows($rank_check) != 0) {
                message_backstage(sprintf(__('There is already a rank with a minimum posts value of %s.', 'luna'), $cur_rank['min_posts']));
            }
        }
        $db->query('UPDATE ' . $db->prefix . 'ranks SET rank=\'' . $db->escape($cur_rank['rank']) . '\', min_posts=\'' . $cur_rank['min_posts'] . '\' WHERE id=' . intval($item_id)) or error('Unable to update ranks', __FILE__, __LINE__, $db->error());
    }
    redirect('backstage/ranks.php');
} elseif (isset($_POST['remove'])) {
    $id = intval(key($_POST['remove']));
Beispiel #14
0
} else {
    $db_type = $_POST['req_db_type'];
    $db_host = luna_trim($_POST['req_db_host']);
    $db_name = luna_trim($_POST['req_db_name']);
    $db_username = luna_trim($_POST['db_username']);
    $db_password = luna_trim($_POST['db_password']);
    $db_prefix = luna_trim($_POST['db_prefix']);
    $username = luna_trim($_POST['req_username']);
    $email = strtolower(luna_trim($_POST['req_email']));
    $password1 = luna_trim($_POST['req_password1']);
    $password2 = luna_trim($_POST['req_password2']);
    $title = luna_trim($_POST['req_title']);
    $description = luna_trim($_POST['desc']);
    $base_url = luna_trim($_POST['req_base_url']);
    $default_lang = luna_trim($_POST['req_default_lang']);
    $default_style = luna_trim($_POST['req_default_style']);
    // Make sure base_url doesn't end with a slash
    if (substr($base_url, -1) == '/') {
        $base_url = substr($base_url, 0, -1);
    }
    $alerts = Installer::validate_config($username, $password1, $password2, $email, $title, $default_lang, $default_style);
}
// Check if the cache directory is writable
if (!forum_is_writable(FORUM_CACHE_DIR)) {
    $alerts[] = sprintf(__('<strong>The cache directory is currently not writable!</strong> In order for Luna to function properly, the directory <em>%s</em> must be writable by PHP. Use chmod to set the appropriate directory permissions. If in doubt, chmod to 0777.', 'luna'), FORUM_CACHE_DIR);
}
// Check if default avatar directory is writable
if (!forum_is_writable(FORUM_ROOT . 'img/avatars/')) {
    $alerts[] = sprintf(__('<strong>The avatar directory is currently not writable!</strong> If you want users to be able to upload their own avatar images you must see to it that the directory <em>%s</em> is writable by PHP. You can later choose to save avatar images in a different directory (see Admin/Options). Use chmod to set the appropriate directory permissions. If in doubt, chmod to 0777.', 'luna'), FORUM_ROOT . 'img/avatars/');
}
if (!isset($_POST['form_sent']) || !empty($alerts)) {
Beispiel #15
0
             while ($temp = $db->fetch_assoc($result)) {
                 $author_results[$temp['post_id']] = $temp['topic_id'];
             }
             $db->free_result($result);
         }
     }
     // If we searched for both keywords and author name we want the intersection between the results
     if ($author && $keywords) {
         $search_ids = array_intersect_assoc($keyword_results, $author_results);
         $search_type = array('both', array($keywords, luna_trim($_GET['author'])), implode(',', $forums), $search_in);
     } elseif ($keywords) {
         $search_ids = $keyword_results;
         $search_type = array('keywords', $keywords, implode(',', $forums), $search_in);
     } else {
         $search_ids = $author_results;
         $search_type = array('author', luna_trim($_GET['author']), implode(',', $forums), $search_in);
     }
     unset($keyword_results, $author_results);
     if ($show_as == 'topics') {
         $search_ids = array_values($search_ids);
     } else {
         $search_ids = array_keys($search_ids);
     }
     $search_ids = array_unique($search_ids);
     $num_hits = count($search_ids);
     if (!$num_hits) {
         message(__('Your search returned no hits.', 'luna'));
     }
 } elseif ($action == 'show_new' || $action == 'show_recent' || $action == 'show_user_posts' || $action == 'show_user_topics' || $action == 'show_subscriptions' || $action == 'show_unanswered') {
     $search_type = array('action', $action);
     $show_as = 'topics';
Beispiel #16
0
    $item_id = intval($_GET['del_item']);
    if ($item_id < 4) {
        message_backstage(__('Bad request. The link you followed is incorrect, outdated or you are simply not allowed to hang around here.', 'luna'), false, '404 Not Found');
    }
    $db->query('DELETE FROM ' . $db->prefix . 'menu WHERE id=' . $item_id) or error('Unable to delete menu item', __FILE__, __LINE__, $db->error());
    redirect('backstage/menu.php');
} elseif (isset($_POST['update'])) {
    confirm_referrer('backstage/menu.php');
    $menu_items = $_POST['item'];
    if (empty($menu_items)) {
        message_backstage(__('Bad request. The link you followed is incorrect, outdated or you are simply not allowed to hang around here.', 'luna'), false, '404 Not Found');
    }
    foreach ($menu_items as $item_id => $cur_item) {
        $cur_item['url'] = luna_trim($cur_item['url']);
        $cur_item['name'] = luna_trim($cur_item['name']);
        $cur_item['order'] = luna_trim($cur_item['order']);
        if (!isset($cur_item['visible'])) {
            $cur_item['visible'] = 0;
        }
        if ($cur_item['name'] == '') {
            message_backstage(__('You must give your menu item a title.', 'luna'));
        } elseif ($cur_item['url'] == '') {
            message_backstage(__('You must give your menu item an URL.', 'luna'));
        } elseif ($cur_item['order'] == '' || preg_match('%[^0-9]%', $cur_item['order'])) {
            message_backstage(__('Position must be a positive integer value.', 'luna'));
        } else {
            $db->query('UPDATE ' . $db->prefix . 'menu SET url=\'' . $db->escape($cur_item['url']) . '\', name=\'' . $db->escape($cur_item['name']) . '\', disp_position=' . $cur_item['order'] . ', visible=\'' . $cur_item['visible'] . '\' WHERE id=' . intval($item_id)) or error('Unable to update menu', __FILE__, __LINE__, $db->error());
        }
    }
    redirect('backstage/menu.php');
}
Beispiel #17
0
         $prune_from = intval($prune_from);
         prune($prune_from, $prune_pinned, $prune_date);
         update_forum($prune_from);
     }
     // Locate any "orphaned redirect threads" and delete them
     $result = $db->query('SELECT t1.id FROM ' . $db->prefix . 'threads AS t1 LEFT JOIN ' . $db->prefix . 'threads AS t2 ON t1.moved_to=t2.id WHERE t2.id IS NULL AND t1.moved_to IS NOT NULL') or error('Unable to fetch redirect threads', __FILE__, __LINE__, $db->error());
     $num_orphans = $db->num_rows($result);
     if ($num_orphans) {
         for ($i = 0; $i < $num_orphans; ++$i) {
             $orphans[] = $db->result($result, $i);
         }
         $db->query('DELETE FROM ' . $db->prefix . 'threads WHERE id IN(' . implode(',', $orphans) . ')') or error('Unable to delete redirect threads', __FILE__, __LINE__, $db->error());
     }
     redirect('backstage/prune.php');
 }
 $prune_days = luna_trim($_POST['req_prune_days']);
 if ($prune_days == '' || preg_match('%[^0-9]%', $prune_days)) {
     message_backstage(__('Days to prune must be a positive integer value.', 'luna'));
 }
 $prune_date = time() - $prune_days * 86400;
 // Concatenate together the query for counting number of threads to prune
 $sql = 'SELECT COUNT(id) FROM ' . $db->prefix . 'threads WHERE last_comment<' . $prune_date . ' AND moved_to IS NULL';
 if ($prune_pinned == '0') {
     $sql .= ' AND pinned=0';
 }
 if ($prune_from != 'all') {
     $prune_from = intval($prune_from);
     $sql .= ' AND forum_id=' . $prune_from;
     // Fetch the forum name (just for cosmetic reasons)
     $result = $db->query('SELECT forum_name FROM ' . $db->prefix . 'forums WHERE id=' . $prune_from) or error('Unable to fetch forum name', __FILE__, __LINE__, $db->error());
     $forum = '"' . luna_htmlspecialchars($db->result($result)) . '"';
Beispiel #18
0
     message_backstage(__('Bad request. The link you followed is incorrect, outdated or you are simply not allowed to hang around here.', 'luna'), false, '404 Not Found');
 }
 // How many posts did we just split off?
 $num_posts_splitted = substr_count($posts, ',') + 1;
 // Verify that the comment IDs are valid
 $result = $db->query('SELECT 1 FROM ' . $db->prefix . 'posts WHERE id IN(' . $posts . ') AND topic_id=' . $tid) or error('Unable to check posts', __FILE__, __LINE__, $db->error());
 if ($db->num_rows($result) != $num_posts_splitted) {
     message_backstage(__('Bad request. The link you followed is incorrect, outdated or you are simply not allowed to hang around here.', 'luna'), false, '404 Not Found');
 }
 // Verify that the move to forum ID is valid
 $result = $db->query('SELECT 1 FROM ' . $db->prefix . 'forums AS f LEFT JOIN ' . $db->prefix . 'forum_perms AS fp ON (fp.group_id=' . $luna_user['g_id'] . ' AND fp.forum_id=' . $move_to_forum . ') WHERE (fp.post_topics IS NULL OR fp.post_topics=1)') or error('Unable to fetch forum permissions', __FILE__, __LINE__, $db->error());
 if (!$db->num_rows($result)) {
     message_backstage(__('Bad request. The link you followed is incorrect, outdated or you are simply not allowed to hang around here.', 'luna'), false, '404 Not Found');
 }
 // Check subject
 $new_subject = isset($_POST['new_subject']) ? luna_trim($_POST['new_subject']) : '';
 if ($new_subject == '') {
     message_backstage(__('Threads must contain a subject.', 'luna'));
 } elseif (luna_strlen($new_subject) > 70) {
     message_backstage(__('Subjects cannot be longer than 70 characters.', 'luna'));
 }
 // Get data from the new first post
 $result = $db->query('SELECT p.id, p.poster, p.posted FROM ' . $db->prefix . 'posts AS p WHERE id IN(' . $posts . ') ORDER BY p.id ASC LIMIT 1') or error('Unable to get first post', __FILE__, __LINE__, $db->error());
 $first_post_data = $db->fetch_assoc($result);
 // Create the new thread
 $db->query('INSERT INTO ' . $db->prefix . 'topics (poster, subject, posted, first_post_id, forum_id) VALUES (\'' . $db->escape($first_post_data['poster']) . '\', \'' . $db->escape($new_subject) . '\', ' . $first_post_data['posted'] . ', ' . $first_post_data['id'] . ', ' . $move_to_forum . ')') or error('Unable to create new thread', __FILE__, __LINE__, $db->error());
 $new_tid = $db->insert_id();
 // Move the comments to the new thread
 $db->query('UPDATE ' . $db->prefix . 'posts SET topic_id=' . $new_tid . ' WHERE id IN(' . $posts . ')') or error('Unable to move posts into new thread', __FILE__, __LINE__, $db->error());
 // Apply every subscription to both topics
 $db->query('INSERT INTO ' . $db->prefix . 'topic_subscriptions (user_id, topic_id) SELECT user_id, ' . $new_tid . ' FROM ' . $db->prefix . 'topic_subscriptions WHERE topic_id=' . $tid) or error('Unable to copy existing subscriptions', __FILE__, __LINE__, $db->error());
Beispiel #19
0
</form>
<?php 
    require 'footer.php';
} elseif (isset($_GET['find_user'])) {
    $form = isset($_GET['form']) ? $_GET['form'] : array();
    // trim() all elements in $form
    $form = array_map('luna_trim', $form);
    $conditions = $query_str = array();
    $posts_greater = isset($_GET['posts_greater']) ? luna_trim($_GET['posts_greater']) : '';
    $posts_less = isset($_GET['posts_less']) ? luna_trim($_GET['posts_less']) : '';
    $last_post_after = isset($_GET['last_post_after']) ? luna_trim($_GET['last_post_after']) : '';
    $last_post_before = isset($_GET['last_post_before']) ? luna_trim($_GET['last_post_before']) : '';
    $last_visit_after = isset($_GET['last_visit_after']) ? luna_trim($_GET['last_visit_after']) : '';
    $last_visit_before = isset($_GET['last_visit_before']) ? luna_trim($_GET['last_visit_before']) : '';
    $registered_after = isset($_GET['registered_after']) ? luna_trim($_GET['registered_after']) : '';
    $registered_before = isset($_GET['registered_before']) ? luna_trim($_GET['registered_before']) : '';
    $order_by = isset($_GET['order_by']) && in_array($_GET['order_by'], array('username', 'email', 'num_posts', 'last_post', 'last_visit', 'registered')) ? $_GET['order_by'] : 'username';
    $direction = isset($_GET['direction']) && $_GET['direction'] == 'DESC' ? 'DESC' : 'ASC';
    $user_group = isset($_GET['user_group']) ? intval($_GET['user_group']) : -1;
    $query_str[] = 'order_by=' . $order_by;
    $query_str[] = 'direction=' . $direction;
    $query_str[] = 'user_group=' . $user_group;
    if (preg_match('%[^0-9]%', $posts_greater . $posts_less)) {
        message_backstage(__('You entered a non-numeric value into a numeric only column.', 'luna'));
    }
    // Try to convert date/time to timestamps
    if ($last_post_after != '') {
        $query_str[] = 'last_post_after=' . $last_post_after;
        $last_post_after = strtotime($last_post_after);
        if ($last_post_after === false || $last_post_after == -1) {
            message_backstage(__('You entered an invalid date/time.', 'luna'));
Beispiel #20
0
     // Used later when we send an alert email
 } else {
     $banned_email = false;
 }
 // Check if someone else already has registered with that email address
 $dupe_list = array();
 $result = $db->query('SELECT username FROM ' . $db->prefix . 'users WHERE email=\'' . $db->escape($email1) . '\'') or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());
 if ($db->num_rows($result)) {
     if ($luna_config['p_allow_dupe_email'] == '0') {
         $errors[] = __('Someone else is already registered with that email address. Please choose another email address.', 'luna');
     }
     while ($cur_dupe = $db->fetch_assoc($result)) {
         $dupe_list[] = $cur_dupe['username'];
     }
 }
 $req_username = empty($username) ? luna_trim($_POST['req_username']) : $username;
 if (!empty($_POST['req_username'])) {
     // Since we found a spammer, lets report the bastard!
     message(__('Unfortunately it looks like your request is spam. If you feel this is a mistake, please direct any inquiries to the forum administrator at', 'luna') . ' <a href="mailto:' . luna_htmlspecialchars($luna_config['o_admin_email']) . '">' . luna_htmlspecialchars($luna_config['o_admin_email']) . '</a>.', true);
 }
 // Did everything go according to plan?
 if (empty($errors)) {
     // Insert the new user into the database. We do this now to get the last inserted ID for later use
     $now = time();
     $intial_group_id = $luna_config['o_regs_verify'] == '0' ? $luna_config['o_default_user_group'] : LUNA_UNVERIFIED;
     $password_hash = luna_hash($password1);
     // Add the user
     $db->query('INSERT INTO ' . $db->prefix . 'users (username, group_id, password, email, language, style, color_scheme, registered, registration_ip, last_visit, php_timezone) VALUES(\'' . $db->escape($username) . '\', ' . $intial_group_id . ', \'' . $password_hash . '\', \'' . $db->escape($email1) . '\', \'' . $luna_config['o_default_lang'] . '\', \'' . $luna_config['o_default_style'] . '\', \'' . $luna_config['o_default_accent'] . '\', ' . $now . ', \'' . $db->escape(get_remote_address()) . '\', ' . $now . ', \'' . $luna_config['o_timezone'] . '\')') or error('Unable to create user', __FILE__, __LINE__, $db->error());
     $new_uid = $db->insert_id();
     if ($luna_config['o_regs_verify'] == '0') {
         // Regenerate the users info cache
Beispiel #21
0
    $replace_with = luna_trim($_POST['new_replace_with']);
    if ($search_for == '') {
        message_backstage(__('You must enter a word to censor.', 'luna'));
    }
    $db->query('INSERT INTO ' . $db->prefix . 'censoring (search_for, replace_with) VALUES (\'' . $db->escape($search_for) . '\', \'' . $db->escape($replace_with) . '\')') or error('Unable to add censor word', __FILE__, __LINE__, $db->error());
    // Regenerate the censoring cache
    if (!defined('LUNA_CACHE_FUNCTIONS_LOADED')) {
        require LUNA_ROOT . 'include/cache.php';
    }
    generate_censoring_cache();
    redirect('backstage/censoring.php');
} elseif (isset($_POST['update'])) {
    confirm_referrer('backstage/censoring.php');
    $id = intval(key($_POST['update']));
    $search_for = luna_trim($_POST['search_for'][$id]);
    $replace_with = luna_trim($_POST['replace_with'][$id]);
    if ($search_for == '') {
        message_backstage(__('You must enter a word to censor.', 'luna'));
    }
    $db->query('UPDATE ' . $db->prefix . 'censoring SET search_for=\'' . $db->escape($search_for) . '\', replace_with=\'' . $db->escape($replace_with) . '\' WHERE id=' . $id) or error('Unable to update censor word', __FILE__, __LINE__, $db->error());
    // Regenerate the censoring cache
    if (!defined('LUNA_CACHE_FUNCTIONS_LOADED')) {
        require LUNA_ROOT . 'include/cache.php';
    }
    generate_censoring_cache();
    redirect('backstage/censoring.php');
} elseif (isset($_POST['remove'])) {
    confirm_referrer('backstage/censoring.php');
    $id = intval(key($_POST['remove']));
    $db->query('DELETE FROM ' . $db->prefix . 'censoring WHERE id=' . $id) or error('Unable to delete censor word', __FILE__, __LINE__, $db->error());
    // Regenerate the censoring cache
Beispiel #22
0
    require load_page('header.php');
    require load_page('mail.php');
    require load_page('footer.php');
} elseif (isset($_GET['report'])) {
    if ($luna_user['is_guest']) {
        message(__('You do not have permission to access this page.', 'luna'), false, '403 Forbidden');
    }
    $comment_id = intval($_GET['report']);
    if ($comment_id < 1) {
        message(__('Bad request. The link you followed is incorrect, outdated or you are simply not allowed to hang around here.', 'luna'), false, '404 Not Found');
    }
    if (isset($_POST['form_sent'])) {
        // Make sure they got here from the site
        confirm_referrer('misc.php');
        // Clean up reason from POST
        $reason = luna_linebreaks(luna_trim($_POST['req_reason']));
        if ($reason == '') {
            message(__('You must enter a reason.', 'luna'));
        } elseif (strlen($reason) > 65535) {
            // TEXT field can only hold 65535 bytes
            message(__('Your message must be under 65535 bytes (~64kb).', 'luna'));
        }
        if ($luna_user['last_report_sent'] != '' && time() - $luna_user['last_report_sent'] < $luna_user['g_report_flood'] && time() - $luna_user['last_report_sent'] >= 0) {
            message(sprintf(__('At least %s seconds have to pass between reports. Please wait %s seconds and try sending again.', 'luna'), $luna_user['g_report_flood'], $luna_user['g_report_flood'] - (time() - $luna_user['last_report_sent'])));
        }
        // Get the thread ID
        $result = $db->query('SELECT thread_id FROM ' . $db->prefix . 'comments WHERE id=' . $comment_id) or error('Unable to fetch comment info', __FILE__, __LINE__, $db->error());
        if (!$db->num_rows($result)) {
            message(__('Bad request. The link you followed is incorrect, outdated or you are simply not allowed to hang around here.', 'luna'), false, '404 Not Found');
        }
        $thread_id = $db->result($result);
Beispiel #23
0
     $i++;
 }
 // Build IDs' & usernames' list : the end
 $ids_list = implode(', ', $list_ids);
 $usernames_list = implode(', ', $list_usernames);
 // Check subject
 $p_subject = luna_trim($_POST['req_subject']);
 if ($p_subject == '' && $edit == '0') {
     $errors[] = __('Threads must contain a subject.', 'luna');
 } elseif (luna_strlen($p_subject) > '70') {
     $errors[] = __('Subjects cannot be longer than 70 characters.', 'luna');
 } elseif ($luna_config['p_subject_all_caps'] == '0' && strtoupper($p_subject) == $p_subject && $luna_user['is_admmod']) {
     $p_subject = ucwords(strtolower($p_subject));
 }
 // Clean up message from POST
 $p_message = luna_linebreaks(luna_trim($_POST['req_message']));
 // Check message
 if ($p_message == '') {
     $errors[] = __('You must enter a message.', 'luna');
 } elseif (strlen($p_message) > LUNA_MAX_COMMENT_SIZE) {
     $errors[] = sprintf(__('Comments cannot be longer than %s bytes.', 'luna'), forum_number_format(LUNA_MAX_COMMENT_SIZE));
 } elseif ($luna_config['p_message_all_caps'] == '0' && strtoupper($p_message) == $p_message && $luna_user['is_admmod']) {
     $p_message = ucwords(strtolower($p_message));
 }
 // Validate BBCode syntax
 require LUNA_ROOT . 'include/parser.php';
 $p_message = preparse_bbcode($p_message, $errors);
 if (empty($errors) && !isset($_POST['preview'])) {
     // Send message(s)
     $_SESSION['last_session_request'] = $now = time();
     // Send message(s)
Beispiel #24
0
    $db->query('INSERT INTO ' . $db->prefix . 'ranks (rank, min_comments) VALUES(\'' . $db->escape($rank) . '\', ' . $min_comments . ')') or error('Unable to add rank', __FILE__, __LINE__, $db->error());
    // Regenerate the ranks cache
    if (!defined('LUNA_CACHE_FUNCTIONS_LOADED')) {
        require LUNA_ROOT . 'include/cache.php';
    }
    generate_ranks_cache();
    redirect('backstage/ranks.php');
} elseif (isset($_POST['update'])) {
    confirm_referrer('backstage/ranks.php');
    $rank = $_POST['rank'];
    if (empty($rank)) {
        message_backstage(__('Bad request. The link you followed is incorrect, outdated or you are simply not allowed to hang around here.', 'luna'), false, '404 Not Found');
    }
    foreach ($rank as $item_id => $cur_rank) {
        $cur_rank['rank'] = luna_trim($cur_rank['rank']);
        $cur_rank['min_comments'] = luna_trim($cur_rank['min_comments']);
        if ($cur_rank['rank'] == '') {
            message_backstage(__('You must enter a title.', 'luna'));
        } elseif ($cur_rank['min_comments'] == '' || preg_match('%[^0-9]%', $cur_rank['min_comments'])) {
            message_backstage(__('Minimum comments must be a positive integer value.', 'luna'));
        } else {
            $rank_check = $db->query('SELECT 1 FROM ' . $db->prefix . 'ranks WHERE id!=' . intval($item_id) . ' AND min_comments=' . $cur_rank['min_comments']) or error('Unable to fetch rank info', __FILE__, __LINE__, $db->error());
            if ($db->num_rows($rank_check) != 0) {
                message_backstage(sprintf(__('There is already a rank with a minimum amount of %s comments.', 'luna'), $cur_rank['min_comments']));
            }
        }
        $db->query('UPDATE ' . $db->prefix . 'ranks SET rank=\'' . $db->escape($cur_rank['rank']) . '\', min_comments=\'' . $cur_rank['min_comments'] . '\' WHERE id=' . intval($item_id)) or error('Unable to update ranks', __FILE__, __LINE__, $db->error());
    }
    redirect('backstage/ranks.php');
} elseif (isset($_POST['remove'])) {
    $id = intval(key($_POST['remove']));
Beispiel #25
0
        ?>
</p>
	<?php 
    }
    ?>
	
			</fieldset>
		</div>
	</div>
</form>
<?php 
    require 'footer.php';
} elseif (isset($_POST['add_edit_group'])) {
    confirm_referrer('backstage/groups.php');
    $title = luna_trim($_POST['req_title']);
    $user_title = luna_trim($_POST['user_title']);
    if ($_POST['group_id'] != FORUM_ADMIN) {
        $moderator = isset($_POST['moderator']) ? '1' : '0';
        $mod_edit_users = $moderator == '1' && isset($_POST['mod_edit_users']) ? '1' : '0';
        $mod_rename_users = $moderator == '1' && isset($_POST['mod_rename_users']) ? '1' : '0';
        $mod_change_passwords = $moderator == '1' && isset($_POST['mod_change_passwords']) ? '1' : '0';
        $mod_ban_users = $moderator == '1' && isset($_POST['mod_ban_users']) ? '1' : '0';
        $inbox_allow = isset($_POST['inbox_allow']) ? '1' : '0';
        $inbox_limit = isset($_POST['inbox_limit']) && $_POST['inbox_limit'] >= 0 ? intval($_POST['inbox_limit']) : '0';
        $read_board = isset($_POST['read_board']) ? '1' : '0';
        $view_users = isset($_POST['view_users']) ? '1' : '0';
        $post_replies = isset($_POST['post_replies']) ? '1' : '0';
        $post_topics = isset($_POST['post_topics']) ? '1' : '0';
        $edit_posts = isset($_POST['edit_posts']) ? '1' : '0';
        $delete_posts = isset($_POST['delete_posts']) ? '1' : '0';
        $delete_topics = isset($_POST['delete_topics']) ? '1' : '0';
Beispiel #26
0
<?php

/*
 * Copyright (C) 2013-2015 Luna
 * Based on code by FluxBB copyright (C) 2008-2012 FluxBB
 * Based on code by Rickard Andersson copyright (C) 2002-2008 PunBB
 * Licensed under GPLv3 (http://getluna.org/license.php)
 */
define('FORUM_ROOT', '../');
require FORUM_ROOT . 'include/common.php';
if (!$is_admin) {
    header("Location: login.php");
}
if (isset($_POST['form_sent'])) {
    confirm_referrer('backstage/permissions.php');
    $form = array('message_img_tag' => isset($_POST['form']['message_img_tag']) ? '1' : '0', 'message_all_caps' => isset($_POST['form']['message_all_caps']) ? '1' : '0', 'subject_all_caps' => isset($_POST['form']['subject_all_caps']) ? '1' : '0', 'force_guest_email' => isset($_POST['form']['force_guest_email']) ? '1' : '0', 'sig_img_tag' => isset($_POST['form']['sig_img_tag']) ? '1' : '0', 'sig_all_caps' => isset($_POST['form']['sig_all_caps']) ? '1' : '0', 'allow_banned_email' => isset($_POST['form']['allow_banned_email']) ? '1' : '0', 'allow_dupe_email' => isset($_POST['form']['allow_dupe_email']) ? '1' : '0', 'sig_length' => luna_trim($_POST['form']['sig_length']), 'sig_lines' => luna_trim($_POST['form']['sig_lines']));
    foreach ($form as $key => $input) {
        // Make sure the input is never a negative value
        if ($input < 0) {
            $input = 0;
        }
        // Only update values that have changed
        if (array_key_exists('p_' . $key, $luna_config) && $luna_config['p_' . $key] != $input) {
            $db->query('UPDATE ' . $db->prefix . 'config SET conf_value=' . $input . ' WHERE conf_name=\'p_' . $db->escape($key) . '\'') or error('Unable to update board config', __FILE__, __LINE__, $db->error());
        }
    }
    // Regenerate the config cache
    if (!defined('FORUM_CACHE_FUNCTIONS_LOADED')) {
        require FORUM_ROOT . 'include/cache.php';
    }
    generate_config_cache();
Beispiel #27
0
 }
 if ($form['date_format'] == '') {
     $form['date_format'] = 'Y-m-d';
 }
 require LUNA_ROOT . 'include/email.php';
 if ($form['mailing_list'] != '') {
     $form['mailing_list'] = strtolower(preg_replace('%\\s%S', '', $form['mailing_list']));
 }
 // Make sure avatars_dir doesn't end with a slash
 if (substr($form['avatars_dir'], -1) == '/') {
     $form['avatars_dir'] = substr($form['avatars_dir'], 0, -1);
 }
 // Change or enter a SMTP password
 if (isset($_POST['form']['smtp_change_pass'])) {
     $smtp_pass1 = isset($_POST['form']['smtp_pass1']) ? luna_trim($_POST['form']['smtp_pass1']) : '';
     $smtp_pass2 = isset($_POST['form']['smtp_pass2']) ? luna_trim($_POST['form']['smtp_pass2']) : '';
     if ($smtp_pass1 == $smtp_pass2) {
         $form['smtp_pass'] = $smtp_pass1;
     } else {
         message_backstage(__('You need to enter the SMTP password twice exactly the same to change it.', 'luna'));
     }
 }
 if ($form['announcement_message'] != '') {
     $form['announcement_message'] = luna_linebreaks($form['announcement_message']);
 } else {
     $form['announcement_message'] = __('Enter your announcement here.', 'luna');
     $form['announcement'] = '0';
 }
 if ($form['feed_type'] < 0 || $form['feed_type'] > 2) {
     message_backstage(__('Bad request. The link you followed is incorrect, outdated or you are simply not allowed to hang around here.', 'luna'), false, '404 Not Found');
 }
Beispiel #28
0
        message_backstage(__('Bad request. The link you followed is incorrect, outdated or you are simply not allowed to hang around here.', 'luna'), false, '404 Not Found');
    }
    $db->query('DELETE FROM ' . $db->prefix . 'bans WHERE id=' . $ban_id) or error('Unable to delete ban', __FILE__, __LINE__, $db->error());
    // Regenerate the bans cache
    if (!defined('FORUM_CACHE_FUNCTIONS_LOADED')) {
        require FORUM_ROOT . 'include/cache.php';
    }
    generate_bans_cache();
    redirect('backstage/bans.php');
} elseif (isset($_GET['find_ban'])) {
    $form = isset($_GET['form']) ? $_GET['form'] : array();
    // trim() all elements in $form
    $form = array_map('luna_trim', $form);
    $conditions = $query_str = array();
    $expire_after = isset($_GET['expire_after']) ? luna_trim($_GET['expire_after']) : '';
    $expire_before = isset($_GET['expire_before']) ? luna_trim($_GET['expire_before']) : '';
    $order_by = isset($_GET['order_by']) && in_array($_GET['order_by'], array('username', 'ip', 'email', 'expire')) ? 'b.' . $_GET['order_by'] : 'b.username';
    $direction = isset($_GET['direction']) && $_GET['direction'] == 'DESC' ? 'DESC' : 'ASC';
    $query_str[] = 'order_by=' . $order_by;
    $query_str[] = 'direction=' . $direction;
    // Try to convert date/time to timestamps
    if ($expire_after != '') {
        $query_str[] = 'expire_after=' . $expire_after;
        $expire_after = strtotime($expire_after);
        if ($expire_after === false || $expire_after == -1) {
            message_backstage(__('You entered an invalid expire date.', 'luna'));
        }
        $conditions[] = 'b.expire>' . $expire_after;
    }
    if ($expire_before != '') {
        $query_str[] = 'expire_before=' . $expire_before;
Beispiel #29
0
<?php

/*
 * Copyright (C) 2013-2015 Luna
 * Based on code by FluxBB copyright (C) 2008-2012 FluxBB
 * Based on code by Rickard Andersson copyright (C) 2002-2008 PunBB
 * Licensed under GPLv3 (http://getluna.org/license.php)
 */
define('FORUM_ROOT', '../');
require FORUM_ROOT . 'include/common.php';
if (!$is_admin) {
    header("Location: login.php");
}
if (isset($_POST['form_sent'])) {
    confirm_referrer('backstage/appearance.php', __('Bad HTTP_REFERER. If you have moved these forums from one location to another or switched domains, you need to update the Base URL manually in the database (look for o_base_url in the config table) and then clear the cache by deleting all .php files in the /cache directory.', 'luna'));
    $form = array('default_accent' => intval($_POST['form']['default_accent']), 'allow_accent_color' => isset($_POST['form']['allow_accent_color']) ? '1' : '0', 'allow_night_mode' => isset($_POST['form']['allow_night_mode']) ? '1' : '0', 'show_user_info' => isset($_POST['form']['show_user_info']) ? '1' : '0', 'show_post_count' => isset($_POST['form']['show_post_count']) ? '1' : '0', 'moderated_by' => isset($_POST['form']['moderated_by']) ? '1' : '0', 'emoji' => isset($_POST['form']['emoji']) ? '1' : '0', 'emoji_size' => intval($_POST['form']['emoji_size']), 'topic_review' => intval($_POST['form']['topic_review']) >= 0 ? intval($_POST['form']['topic_review']) : 0, 'disp_topics_default' => intval($_POST['form']['disp_topics_default']), 'disp_posts_default' => intval($_POST['form']['disp_posts_default']), 'board_statistics' => isset($_POST['form']['board_statistics']) ? '1' : '0', 'back_to_top' => isset($_POST['form']['back_to_top']) ? '1' : '0', 'notification_flyout' => isset($_POST['form']['notification_flyout']) ? '1' : '0', 'header_search' => isset($_POST['form']['header_search']) ? '1' : '0', 'show_copyright' => isset($_POST['form']['show_copyright']) ? '1' : '0', 'copyright_type' => intval($_POST['form']['copyright_type']), 'custom_copyright' => luna_trim($_POST['form']['custom_copyright']));
    // Make sure the number of displayed topics and posts is between 3 and 75
    if ($form['disp_topics_default'] < 3) {
        $form['disp_topics_default'] = 3;
    } elseif ($form['disp_topics_default'] > 75) {
        $form['disp_topics_default'] = 75;
    }
    if ($form['disp_posts_default'] < 3) {
        $form['disp_posts_default'] = 3;
    } elseif ($form['disp_posts_default'] > 75) {
        $form['disp_posts_default'] = 75;
    }
    foreach ($form as $key => $input) {
        // Only update values that have changed
        if (array_key_exists('o_' . $key, $luna_config) && $luna_config['o_' . $key] != $input) {
            if ($input != '' || is_int($input)) {
Beispiel #30
0
<?php

/*
 * Copyright (C) 2013-2015 Luna
 * Based on code by FluxBB copyright (C) 2008-2012 FluxBB
 * Based on code by Rickard Andersson copyright (C) 2002-2008 PunBB
 * Licensed under GPLv3 (http://getluna.org/license.php)
 */
define('FORUM_ROOT', '../');
require FORUM_ROOT . 'include/common.php';
if (!$is_admin) {
    header("Location: login.php");
}
if (isset($_POST['form_sent'])) {
    confirm_referrer('backstage/registration.php', __('Bad HTTP_REFERER. If you have moved these forums from one location to another or switched domains, you need to update the Base URL manually in the database (look for o_base_url in the config table) and then clear the cache by deleting all .php files in the /cache directory.', 'luna'));
    $form = array('regs_allow' => isset($_POST['form']['regs_allow']) ? '1' : '0', 'regs_verify' => isset($_POST['form']['regs_verify']) ? '1' : '0', 'regs_report' => isset($_POST['form']['regs_report']) ? '1' : '0', 'rules' => isset($_POST['form']['rules']) ? '1' : '0', 'rules_message' => luna_trim($_POST['form']['rules_message']), 'default_email_setting' => intval($_POST['form']['default_email_setting']));
    if ($form['rules_message'] != '') {
        $form['rules_message'] = luna_linebreaks($form['rules_message']);
    } else {
        $form['rules_message'] = __('Enter your rules here.', 'luna');
        $form['rules'] = '0';
    }
    if ($form['default_email_setting'] < 0 || $form['default_email_setting'] > 2) {
        message_backstage(__('Bad request. The link you followed is incorrect, outdated or you are simply not allowed to hang around here.', 'luna'), false, '404 Not Found');
    }
    foreach ($form as $key => $input) {
        // Only update values that have changed
        if (array_key_exists('o_' . $key, $luna_config) && $luna_config['o_' . $key] != $input) {
            if ($input != '' || is_int($input)) {
                $value = '\'' . $db->escape($input) . '\'';
            } else {