// This usually doesn't happen since the form element only accepts 25 characters message_backstage(__('Passwords must be at least 6 characters long. Please choose another (longer) password.', 'luna')); } elseif (!strcasecmp($username, 'Guest') || !strcasecmp($username, __('Guest', 'luna'))) { message_backstage(__('The username guest is reserved. Please choose another username.', 'luna')); } elseif (preg_match('/[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}/', $username)) { message_backstage(__('Usernames may not be in the form of an IP address. Please choose another username.', 'luna')); } elseif ((strpos($username, '[') !== false || strpos($username, ']') !== false) && strpos($username, '\'') !== false && strpos($username, '"') !== false) { message_backstage(__('Usernames may not contain all the characters \', " and [ or ] at once. Please choose another username.', 'luna')); } elseif (preg_match('#\\[b\\]|\\[/b\\]|\\[u\\]|\\[/u\\]|\\[i\\]|\\[/i\\]|\\[color|\\[/color\\]|\\[quote\\]|\\[quote=|\\[/quote\\]|\\[code\\]|\\[/code\\]|\\[img\\]|\\[/img\\]|\\[url|\\[/url\\]|\\[email|\\[/email\\]#i', $username)) { message_backstage(__('Usernames may not contain any of the text formatting tags (BBCode) that the forum uses. Please choose another username.', 'luna')); } // Check that the username (or a too similar username) is not already registered $result = $db->query('SELECT username FROM ' . $db->prefix . 'users WHERE username=\'' . $db->escape($username) . '\' OR username=\'' . $db->escape(preg_replace('/[^\\w]/', '', $username)) . '\'') or error('Unable to fetch user info', __FILE__, __LINE__, $db->error()); if ($db->num_rows($result)) { $busy = $db->result($result); message_backstage(__('Someone is already registered with the username', 'luna') . ' ' . luna_htmlspecialchars($busy) . '. ' . __('The username you entered is too similar. The username must differ from that by at least one alphanumerical character (a-z or 0-9). Please choose a different username.', 'luna')); } $timezone = '0'; $language = $luna_config['o_default_lang']; $email_setting = intval(1); // Insert the new user into the database. We do this now to get the last inserted id for later use. $now = time(); $intial_group_id = $_POST['random_pass'] == '0' ? $luna_config['o_default_user_group'] : LUNA_UNVERIFIED; $password_hash = luna_hash($password); // Add the user $db->query('INSERT INTO ' . $db->prefix . 'users (username, group_id, password, email, email_setting, php_timezone, language, style, registered, registration_ip, last_visit) VALUES(\'' . $db->escape($username) . '\', ' . $intial_group_id . ', \'' . $password_hash . '\', \'' . $email1 . '\', ' . $email_setting . ', ' . $timezone . ' , \'' . $language . '\', \'' . $luna_config['o_default_style'] . '\', ' . $now . ', \'' . get_remote_address() . '\', ' . $now . ')') or error('Unable to create user', __FILE__, __LINE__, $db->error()); $new_uid = $db->insert_id(); // Must the user verify the registration? if ($_POST['random_pass'] == '1') { // Validate e-mail require LUNA_ROOT . 'include/email.php';
message_backstage(__('You must enter a word to censor.', 'luna')); } $db->query('INSERT INTO ' . $db->prefix . 'censoring (search_for, replace_with) VALUES (\'' . $db->escape($search_for) . '\', \'' . $db->escape($replace_with) . '\')') or error('Unable to add censor word', __FILE__, __LINE__, $db->error()); // Regenerate the censoring cache if (!defined('LUNA_CACHE_FUNCTIONS_LOADED')) { require LUNA_ROOT . 'include/cache.php'; } generate_censoring_cache(); redirect('backstage/censoring.php'); } elseif (isset($_POST['update'])) { confirm_referrer('backstage/censoring.php'); $id = intval(key($_POST['update'])); $search_for = luna_trim($_POST['search_for'][$id]); $replace_with = luna_trim($_POST['replace_with'][$id]); if ($search_for == '') { message_backstage(__('You must enter a word to censor.', 'luna')); } $db->query('UPDATE ' . $db->prefix . 'censoring SET search_for=\'' . $db->escape($search_for) . '\', replace_with=\'' . $db->escape($replace_with) . '\' WHERE id=' . $id) or error('Unable to update censor word', __FILE__, __LINE__, $db->error()); // Regenerate the censoring cache if (!defined('LUNA_CACHE_FUNCTIONS_LOADED')) { require LUNA_ROOT . 'include/cache.php'; } generate_censoring_cache(); redirect('backstage/censoring.php'); } elseif (isset($_POST['remove'])) { confirm_referrer('backstage/censoring.php'); $id = intval(key($_POST['remove'])); $db->query('DELETE FROM ' . $db->prefix . 'censoring WHERE id=' . $id) or error('Unable to delete censor word', __FILE__, __LINE__, $db->error()); // Regenerate the censoring cache if (!defined('LUNA_CACHE_FUNCTIONS_LOADED')) { require LUNA_ROOT . 'include/cache.php';
function get_table_content_mysql($table, $handler) { global $db; // Grab the data from the table. if (!($result = $db->query("SELECT * FROM {$table}"))) { message_backstage('Failed to get table content'); } // Loop through the resulting rows and build the sql statement. if ($row = $db->fetch_assoc($result)) { $handler("\n#\n# Table Data for {$table}\n#\n"); $field_names = array(); // Grab the list of field names. $num_fields = num_fields($result); $table_list = '('; for ($j = 0; $j < $num_fields; $j++) { $field_names[$j] = field_name($j, $result); $table_list .= ($j > 0 ? ', ' : '') . $field_names[$j]; } $table_list .= ')'; do { // Start building the SQL statement. $schema_insert = "INSERT INTO {$table} {$table_list} VALUES("; // Loop through the rows and fill in data for each column for ($j = 0; $j < $num_fields; $j++) { $schema_insert .= $j > 0 ? ', ' : ''; if (!isset($row[$field_names[$j]])) { // // If there is no data for the column set it to null. // There was a problem here with an extra space causing the // sql file not to reimport if the last column was null in // any table. Should be fixed now :) JLH // $schema_insert .= 'NULL'; } elseif ($row[$field_names[$j]] != '') { $schema_insert .= '\'' . addslashes($row[$field_names[$j]]) . '\''; } else { $schema_insert .= '\'\''; } } $schema_insert .= ');'; // Go ahead and send the insert statement to the handler function. $handler(trim($schema_insert)); } while ($row = $db->fetch_assoc($result)); } return true; }
} $conditions[] = 'u.last_visit<' . $last_visit_before; } if ($registered_after != '') { $query_str[] = 'registered_after=' . $registered_after; $registered_after = strtotime($registered_after); if ($registered_after === false || $registered_after == -1) { message_backstage(__('You entered an invalid date/time.', 'luna')); } $conditions[] = 'u.registered>' . $registered_after; } if ($registered_before != '') { $query_str[] = 'registered_before=' . $registered_before; $registered_before = strtotime($registered_before); if ($registered_before === false || $registered_before == -1) { message_backstage(__('You entered an invalid date/time.', 'luna')); } $conditions[] = 'u.registered<' . $registered_before; } $like_command = $db_type == 'pgsql' ? 'ILIKE' : 'LIKE'; foreach ($form as $key => $input) { if ($input != '' && in_array($key, array('username', 'email', 'title', 'realname', 'url', 'facebook', 'msn', 'twitter', 'google', 'location', 'signature', 'admin_note'))) { $conditions[] = 'u.' . $db->escape($key) . ' ' . $like_command . ' \'' . $db->escape(str_replace('*', '%', $input)) . '\''; $query_str[] = 'form%5B' . $key . '%5D=' . urlencode($input); } } if ($posts_greater != '') { $query_str[] = 'posts_greater=' . $posts_greater; $conditions[] = 'u.num_posts>' . $posts_greater; } if ($posts_less != '') {
} $prune = $_POST['prune_by'] == 1 ? 'registered' : 'last_visit'; $user_time = time() - $_POST['days'] * 86400; $result = $db->query('SELECT id FROM ' . $db->prefix . 'users WHERE (num_comments < ' . intval($_POST['comments']) . ') AND (' . $prune . ' < ' . intval($user_time) . ') AND (id > 2) AND (' . $admod_delete . ')' . $verified, true) or error('Unable to fetch users to prune', __FILE__, __LINE__, $db->error()); $user_ids = array(); while ($id = $db->result($result)) { $user_ids[] = $id; } if (!empty($user_ids)) { $db->query('DELETE FROM ' . $db->prefix . 'users WHERE id IN (' . implode(',', $user_ids) . ')') or error('Unable to delete users', __FILE__, __LINE__, $db->error()); $db->query('UPDATE ' . $db->prefix . 'comments SET commenter_id=1 WHERE commenter_id IN (' . implode(',', $user_ids) . ')') or error('Unable to mark comments as guest comments', __FILE__, __LINE__, $db->error()); } // Regenerate the users info cache generate_users_info_cache(); $users_pruned = count($user_ids); message_backstage(__('Pruning complete, all users that matched the requirements have been pruned.', 'luna')); } // Get the first comment ID from the db $result = $db->query('SELECT id FROM ' . $db->prefix . 'comments ORDER BY id ASC LIMIT 1') or error('Unable to fetch thread info', __FILE__, __LINE__, $db->error()); if ($db->num_rows($result)) { $first_id = $db->result($result); } $page_title = array(luna_htmlspecialchars($luna_config['o_board_title']), __('Admin', 'luna'), __('Maintenance', 'luna')); define('LUNA_ACTIVE_PAGE', 'admin'); require 'header.php'; load_admin_nav('maintenance', 'prune'); ?> <form class="form-horizontal" id="notiprune" method="post" action="<?php echo $_SERVER['REQUEST_URI']; ?>
* Based on code by Rickard Andersson copyright (C) 2002-2008 PunBB * Licensed under GPLv3 (http://getluna.org/license.php) */ define('FORUM_ROOT', '../'); require FORUM_ROOT . 'include/common.php'; if (!$luna_user['is_admmod']) { header("Location: login.php"); } $action = isset($_GET['action']) ? $_GET['action'] : null; // Check if install.php is a thing if ($action == 'remove_install_file') { $deleted = @unlink(FORUM_ROOT . 'install.php'); if ($deleted) { redirect('backstage/index.php'); } else { message_backstage(__('Could not remove install.php. Please do so by hand.', 'luna')); } } $install_file_exists = is_file(FORUM_ROOT . 'install.php'); if (isset($_POST['form_sent'])) { confirm_referrer(array('backstage/index.php', 'backstage/')); $db->query('UPDATE ' . $db->prefix . 'config SET conf_value=\'' . $db->escape(luna_htmlspecialchars($_POST['form']['admin_note'])) . '\' WHERE conf_name=\'o_admin_note\'') or error('Unable to update board config', __FILE__, __LINE__, $db->error()); // Regenerate the config cache if (!defined('FORUM_CACHE_FUNCTIONS_LOADED')) { require FORUM_ROOT . 'include/cache.php'; } generate_config_cache(); clear_feed_cache(); redirect('backstage/index.php?saved=true'); } if (isset($_POST['first_run_disable'])) {
$query_str[] = 'order_by=' . $order_by; $query_str[] = 'direction=' . $direction; // Try to convert date/time to timestamps if ($expire_after != '') { $query_str[] = 'expire_after=' . $expire_after; $expire_after = strtotime($expire_after); if ($expire_after === false || $expire_after == -1) { message_backstage(__('You entered an invalid expire date.', 'luna')); } $conditions[] = 'b.expire>' . $expire_after; } if ($expire_before != '') { $query_str[] = 'expire_before=' . $expire_before; $expire_before = strtotime($expire_before); if ($expire_before === false || $expire_before == -1) { message_backstage(__('You entered an invalid expire date.', 'luna')); } $conditions[] = 'b.expire<' . $expire_before; } $like_command = $db_type == 'pgsql' ? 'ILIKE' : 'LIKE'; foreach ($form as $key => $input) { if ($input != '' && in_array($key, array('username', 'ip', 'email', 'message'))) { $conditions[] = 'b.' . $db->escape($key) . ' ' . $like_command . ' \'' . $db->escape(str_replace('*', '%', $input)) . '\''; $query_str[] = 'form%5B' . $key . '%5D=' . urlencode($input); } } // Fetch ban count $result = $db->query('SELECT COUNT(id) FROM ' . $db->prefix . 'bans as b WHERE b.id>0' . (!empty($conditions) ? ' AND ' . implode(' AND ', $conditions) : '')) or error('Unable to fetch ban list', __FILE__, __LINE__, $db->error()); $num_bans = $db->result($result); // Determine the ban offset (based on $_GET['p']) $num_pages = ceil($num_bans / 50);
*/ // Tell common.php that we don't want output buffering define('LUNA_DISABLE_BUFFERING', 1); define('LUNA_ROOT', '../'); require LUNA_ROOT . 'include/common.php'; if (!$is_admin) { header("Location: login.php"); } $action = isset($_REQUEST['action']) ? luna_trim($_REQUEST['action']) : ''; if ($action == 'rebuild') { ob_start(); $per_page = isset($_GET['i_per_page']) ? intval($_GET['i_per_page']) : 0; $start_at = isset($_GET['i_start_at']) ? intval($_GET['i_start_at']) : 0; // Check per page is > 0 if ($per_page < 1) { message_backstage(__('Comments per cycle must be a positive integer value.', 'luna')); } @set_time_limit(0); // If this is the first cycle of comments we empty the search index before we proceed if (isset($_GET['i_empty_index'])) { confirm_referrer('backstage/maintenance.php'); $db->truncate_table('search_matches') or error('Unable to empty search index match table', __FILE__, __LINE__, $db->error()); $db->truncate_table('search_words') or error('Unable to empty search index words table', __FILE__, __LINE__, $db->error()); // Reset the sequence for the search words (not needed for SQLite) switch ($db_type) { case 'mysql': case 'mysqli': case 'mysql_innodb': case 'mysqli_innodb': $result = $db->query('ALTER TABLE ' . $db->prefix . 'search_words auto_increment=1') or error('Unable to update table auto_increment', __FILE__, __LINE__, $db->error()); break;
* Copyright (C) 2013-2015 Luna * Based on code by FluxBB copyright (C) 2008-2012 FluxBB * Based on code by Rickard Andersson copyright (C) 2002-2008 PunBB * Licensed under GPLv3 (http://getluna.org/license.php) */ define('FORUM_ROOT', '../'); require FORUM_ROOT . 'include/common.php'; if (!$is_admin) { header("Location: login.php"); } $action = isset($_GET['action']) ? $_GET['action'] : null; // Show phpinfo() output if ($action == 'phpinfo' && $luna_user['g_id'] == FORUM_ADMIN) { // Is phpinfo() a disabled function? if (strpos(strtolower((string) ini_get('disable_functions')), 'phpinfo') !== false) { message_backstage(__('The PHP function phpinfo() has been disabled on this server.', 'luna')); } phpinfo(); exit; } // Get the server load averages (if possible) if (@file_exists('/proc/loadavg') && is_readable('/proc/loadavg')) { // We use @ just in case $fh = @fopen('/proc/loadavg', 'r'); $load_averages = @fread($fh, 64); @fclose($fh); if ($fh = @fopen('/proc/loadavg', 'r')) { $load_averages = fread($fh, 64); fclose($fh); } else { $load_averages = '';
define('FORUM_ROOT', '../'); require FORUM_ROOT . 'include/common.php'; if (!$is_admin) { header("Location: login.php"); } if (isset($_POST['form_sent'])) { confirm_referrer('backstage/email.php', __('Bad HTTP_REFERER. If you have moved these forums from one location to another or switched domains, you need to update the Base URL manually in the database (look for o_base_url in the config table) and then clear the cache by deleting all .php files in the /cache directory.', 'luna')); $form = array('admin_email' => strtolower(luna_trim($_POST['form']['admin_email'])), 'webmaster_email' => strtolower(luna_trim($_POST['form']['webmaster_email'])), 'forum_subscriptions' => isset($_POST['form']['forum_subscriptions']) ? '1' : '0', 'topic_subscriptions' => isset($_POST['form']['topic_subscriptions']) ? '1' : '0', 'smtp_host' => luna_trim($_POST['form']['smtp_host']), 'smtp_user' => luna_trim($_POST['form']['smtp_user']), 'smtp_ssl' => isset($_POST['form']['smtp_ssl']) ? '1' : '0'); // Change or enter a SMTP password if (isset($_POST['form']['smtp_change_pass'])) { $smtp_pass1 = isset($_POST['form']['smtp_pass1']) ? luna_trim($_POST['form']['smtp_pass1']) : ''; $smtp_pass2 = isset($_POST['form']['smtp_pass2']) ? luna_trim($_POST['form']['smtp_pass2']) : ''; if ($smtp_pass1 == $smtp_pass2) { $form['smtp_pass'] = $smtp_pass1; } else { message_backstage(__('You need to enter the SMTP password twice exactly the same to change it.', 'luna')); } } foreach ($form as $key => $input) { // Only update values that have changed if (array_key_exists('o_' . $key, $luna_config) && $luna_config['o_' . $key] != $input) { if ($input != '' || is_int($input)) { $value = '\'' . $db->escape($input) . '\''; } else { $value = 'NULL'; } $db->query('UPDATE ' . $db->prefix . 'config SET conf_value=' . $value . ' WHERE conf_name=\'o_' . $db->escape($key) . '\'') or error('Unable to update board config', __FILE__, __LINE__, $db->error()); } } // Regenerate the config cache if (!defined('FORUM_CACHE_FUNCTIONS_LOADED')) {
confirm_referrer('backstage/ranks.php'); $rank = $_POST['rank']; if (empty($rank)) { message_backstage(__('Bad request. The link you followed is incorrect, outdated or you are simply not allowed to hang around here.', 'luna'), false, '404 Not Found'); } foreach ($rank as $item_id => $cur_rank) { $cur_rank['rank'] = luna_trim($cur_rank['rank']); $cur_rank['min_comments'] = luna_trim($cur_rank['min_comments']); if ($cur_rank['rank'] == '') { message_backstage(__('You must enter a title.', 'luna')); } elseif ($cur_rank['min_comments'] == '' || preg_match('%[^0-9]%', $cur_rank['min_comments'])) { message_backstage(__('Minimum comments must be a positive integer value.', 'luna')); } else { $rank_check = $db->query('SELECT 1 FROM ' . $db->prefix . 'ranks WHERE id!=' . intval($item_id) . ' AND min_comments=' . $cur_rank['min_comments']) or error('Unable to fetch rank info', __FILE__, __LINE__, $db->error()); if ($db->num_rows($rank_check) != 0) { message_backstage(sprintf(__('There is already a rank with a minimum amount of %s comments.', 'luna'), $cur_rank['min_comments'])); } } $db->query('UPDATE ' . $db->prefix . 'ranks SET rank=\'' . $db->escape($cur_rank['rank']) . '\', min_comments=\'' . $cur_rank['min_comments'] . '\' WHERE id=' . intval($item_id)) or error('Unable to update ranks', __FILE__, __LINE__, $db->error()); } redirect('backstage/ranks.php'); } elseif (isset($_POST['remove'])) { $id = intval(key($_POST['remove'])); $db->query('DELETE FROM ' . $db->prefix . 'ranks WHERE id=' . $id) or error('Unable to delete rank', __FILE__, __LINE__, $db->error()); // Regenerate the ranks cache if (!defined('LUNA_CACHE_FUNCTIONS_LOADED')) { require LUNA_ROOT . 'include/cache.php'; } generate_ranks_cache(); redirect('backstage/ranks.php'); }
redirect('viewtopic.php?id=' . $stick); } elseif (isset($_GET['unstick'])) { confirm_referrer(array('viewtopic.php', 'backstage/moderate.php')); check_csrf($_GET['csrf_token']); $unstick = intval($_GET['unstick']); if ($unstick < 1) { message_backstage(__('Bad request. The link you followed is incorrect, outdated or you are simply not allowed to hang around here.', 'luna'), false, '404 Not Found'); } $db->query('UPDATE ' . $db->prefix . 'topics SET sticky=\'0\' WHERE id=' . $unstick . ' AND forum_id=' . $fid) or error('Unable to Unpin thread', __FILE__, __LINE__, $db->error()); redirect('viewtopic.php?id=' . $unstick); } elseif (!isset($_GET['unstick']) && !isset($_GET['stick']) && !isset($_REQUEST['open']) && !isset($_REQUEST['close']) && !isset($_POST['delete_topics']) && !isset($_POST['delete_topics_comply']) && !isset($_GET['tid']) && !isset($_POST['merge_topics']) && !isset($_POST['merge_topics_comply'])) { // No specific forum moderation action was specified in the query string, so we'll display the moderator forum // Fetch some info about the forum $result = $db->query('SELECT f.forum_name, f.num_topics, f.sort_by FROM ' . $db->prefix . 'forums AS f LEFT JOIN ' . $db->prefix . 'forum_perms AS fp ON (fp.forum_id=f.id AND fp.group_id=' . $luna_user['g_id'] . ') WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND f.id=' . $fid) or error('Unable to fetch forum info', __FILE__, __LINE__, $db->error()); if (!$db->num_rows($result)) { message_backstage(__('Bad request. The link you followed is incorrect, outdated or you are simply not allowed to hang around here.', 'luna'), false, '404 Not Found'); } $cur_forum = $db->fetch_assoc($result); switch ($cur_forum['sort_by']) { case 0: $sort_by = 'last_post DESC'; break; case 1: $sort_by = 'posted DESC'; break; case 2: $sort_by = 'subject ASC'; break; default: $sort_by = 'last_post DESC'; break;
if (empty($menu_items)) { message_backstage(__('Bad request. The link you followed is incorrect, outdated or you are simply not allowed to hang around here.', 'luna'), false, '404 Not Found'); } foreach ($menu_items as $item_id => $cur_item) { $cur_item['url'] = luna_trim($cur_item['url']); $cur_item['name'] = luna_trim($cur_item['name']); $cur_item['order'] = luna_trim($cur_item['order']); if (!isset($cur_item['visible'])) { $cur_item['visible'] = 0; } if ($cur_item['name'] == '') { message_backstage(__('You must give your menu item a title.', 'luna')); } elseif ($cur_item['url'] == '') { message_backstage(__('You must give your menu item an URL.', 'luna')); } elseif ($cur_item['order'] == '' || preg_match('%[^0-9]%', $cur_item['order'])) { message_backstage(__('Position must be a positive integer value.', 'luna')); } else { $db->query('UPDATE ' . $db->prefix . 'menu SET url=\'' . $db->escape($cur_item['url']) . '\', name=\'' . $db->escape($cur_item['name']) . '\', disp_position=' . $cur_item['order'] . ', visible=\'' . $cur_item['visible'] . '\' WHERE id=' . intval($item_id)) or error('Unable to update menu', __FILE__, __LINE__, $db->error()); } } redirect('backstage/menu.php'); } $result = $db->query('SELECT * FROM ' . $db->prefix . 'menu ORDER BY disp_position') or error('Unable to fetch menu items', __FILE__, __LINE__, $db->error()); require 'header.php'; load_admin_nav('settings', 'menu'); ?> <div class="row"> <div class="col-sm-4 col-md-3"> <form method="post" action="menu.php?action=add_item"> <fieldset> <div class="panel panel-default">
$db->query('UPDATE ' . $db->prefix . 'config SET conf_value=' . $group_id . ' WHERE conf_name=\'o_default_user_group\'') or error('Unable to update board config', __FILE__, __LINE__, $db->error()); // Regenerate the config cache if (!defined('FORUM_CACHE_FUNCTIONS_LOADED')) { require FORUM_ROOT . 'include/cache.php'; } generate_config_cache(); redirect('backstage/groups.php'); } elseif (isset($_GET['del_group'])) { confirm_referrer('backstage/groups.php'); $group_id = isset($_POST['group_to_delete']) ? intval($_POST['group_to_delete']) : intval($_GET['del_group']); if ($group_id < 5) { message_backstage(__('Bad request. The link you followed is incorrect, outdated or you\'re simply not allowed to hang around here.', 'luna'), false, '404 Not Found'); } // Make sure we don't remove the default group if ($group_id == $luna_config['o_default_user_group']) { message_backstage(__('The default group cannot be removed. In order to delete this group, you must first setup a different group as the default.', 'luna')); } // Check if this group has any members $result = $db->query('SELECT g.g_title, COUNT(u.id) FROM ' . $db->prefix . 'groups AS g INNER JOIN ' . $db->prefix . 'users AS u ON g.g_id=u.group_id WHERE g.g_id=' . $group_id . ' GROUP BY g.g_id, g_title') or error('Unable to fetch group info', __FILE__, __LINE__, $db->error()); // If the group doesn't have any members or if we've already selected a group to move the members to if (!$db->num_rows($result) || isset($_POST['del_group'])) { if (isset($_POST['del_group_comply']) || isset($_POST['del_group'])) { if (isset($_POST['del_group'])) { $move_to_group = intval($_POST['move_to_group']); $db->query('UPDATE ' . $db->prefix . 'users SET group_id=' . $move_to_group . ' WHERE group_id=' . $group_id) or error('Unable to move users into group', __FILE__, __LINE__, $db->error()); } // Delete the group and any forum specific permissions $db->query('DELETE FROM ' . $db->prefix . 'groups WHERE g_id=' . $group_id) or error('Unable to delete group', __FILE__, __LINE__, $db->error()); $db->query('DELETE FROM ' . $db->prefix . 'forum_perms WHERE group_id=' . $group_id) or error('Unable to delete group forum permissions', __FILE__, __LINE__, $db->error()); redirect('backstage/groups.php'); } else {
if (!preg_match('%^AM?P_(\\w*?)\\.php$%i', $plugin)) { message_backstage(__('Bad request. The link you followed is incorrect, outdated or you are simply not allowed to hang around here.', 'luna'), false, '404 Not Found'); } // AP_ == Admins only, AMP_ == admins and moderators $prefix = substr($plugin, 0, strpos($plugin, '_')); if ($luna_user['g_moderator'] == '1' && $prefix == 'AP') { message_backstage(__('You do not have permission to access this page.', 'luna'), false, '403 Forbidden'); } // Make sure the file actually exists if (!file_exists(FORUM_ROOT . 'plugins/' . $plugin)) { message_backstage(sprintf(__('There is no plugin called %s in the plugin directory.', 'luna'), $plugin)); } // Construct REQUEST_URI if it isn't set if (!isset($_SERVER['REQUEST_URI'])) { $_SERVER['REQUEST_URI'] = (isset($_SERVER['PHP_SELF']) ? $_SERVER['PHP_SELF'] : '') . '?' . (isset($_SERVER['QUERY_STRING']) ? $_SERVER['QUERY_STRING'] : ''); } $page_title = array(luna_htmlspecialchars($luna_config['o_board_title']), __('Admin', 'luna'), str_replace('_', ' ', substr($plugin, strpos($plugin, '_') + 1, -4))); define('FORUM_ACTIVE_PAGE', 'admin'); require 'header.php'; // Attempt to load the plugin. We don't use @ here to suppress error messages, // because if we did and a parse error occurred in the plugin, we would only // get the "blank page of death" include FORUM_ROOT . 'plugins/' . $plugin; if (!defined('FORUM_PLUGIN_LOADED')) { message_backstage(sprintf(__('Loading of the plugin - <strong>%s</strong> - failed.', 'luna'), $plugin)); } // Output the clearer div ?> </div> <?php require 'footer.php';
$form['announcement_message'] = luna_linebreaks($form['announcement_message']); } else { $form['announcement_message'] = __('Enter your announcement here.', 'luna'); $form['announcement'] = '0'; } if ($form['feed_type'] < 0 || $form['feed_type'] > 2) { message_backstage(__('Bad request. The link you followed is incorrect, outdated or you are simply not allowed to hang around here.', 'luna'), false, '404 Not Found'); } if ($form['feed_ttl'] < 0) { message_backstage(__('Bad request. The link you followed is incorrect, outdated or you are simply not allowed to hang around here.', 'luna'), false, '404 Not Found'); } if ($form['report_method'] < 0 || $form['report_method'] > 2) { message_backstage(__('Bad request. The link you followed is incorrect, outdated or you are simply not allowed to hang around here.', 'luna'), false, '404 Not Found'); } if ($form['timeout_online'] >= $form['timeout_visit']) { message_backstage(__('The value of "Timeout online" must be smaller than the value of "Timeout visit".', 'luna')); } foreach ($form as $key => $input) { // Only update values that have changed if (array_key_exists('o_' . $key, $luna_config) && $luna_config['o_' . $key] != $input) { if ($input != '' || is_int($input)) { $value = '\'' . $db->escape($input) . '\''; } else { $value = 'NULL'; } $db->query('UPDATE ' . $db->prefix . 'config SET conf_value=' . $value . ' WHERE conf_name=\'o_' . $db->escape($key) . '\'') or error('Unable to update board config', __FILE__, __LINE__, $db->error()); } } // Regenerate the config cache if (!defined('LUNA_CACHE_FUNCTIONS_LOADED')) { require LUNA_ROOT . 'include/cache.php';
confirm_referrer('backstage/ranks.php'); $rank = $_POST['rank']; if (empty($rank)) { message_backstage(__('Bad request. The link you followed is incorrect, outdated or you are simply not allowed to hang around here.', 'luna'), false, '404 Not Found'); } foreach ($rank as $item_id => $cur_rank) { $cur_rank['rank'] = luna_trim($cur_rank['rank']); $cur_rank['min_posts'] = luna_trim($cur_rank['min_posts']); if ($cur_rank['rank'] == '') { message_backstage(__('You must enter a title.', 'luna')); } elseif ($cur_rank['min_posts'] == '' || preg_match('%[^0-9]%', $cur_rank['min_posts'])) { message_backstage(__('Minimum posts must be a positive integer value.', 'luna')); } else { $rank_check = $db->query('SELECT 1 FROM ' . $db->prefix . 'ranks WHERE id!=' . intval($item_id) . ' AND min_posts=' . $cur_rank['min_posts']) or error('Unable to fetch rank info', __FILE__, __LINE__, $db->error()); if ($db->num_rows($rank_check) != 0) { message_backstage(sprintf(__('There is already a rank with a minimum posts value of %s.', 'luna'), $cur_rank['min_posts'])); } } $db->query('UPDATE ' . $db->prefix . 'ranks SET rank=\'' . $db->escape($cur_rank['rank']) . '\', min_posts=\'' . $cur_rank['min_posts'] . '\' WHERE id=' . intval($item_id)) or error('Unable to update ranks', __FILE__, __LINE__, $db->error()); } redirect('backstage/ranks.php'); } elseif (isset($_POST['remove'])) { $id = intval(key($_POST['remove'])); $db->query('DELETE FROM ' . $db->prefix . 'ranks WHERE id=' . $id) or error('Unable to delete rank', __FILE__, __LINE__, $db->error()); // Regenerate the ranks cache if (!defined('FORUM_CACHE_FUNCTIONS_LOADED')) { require FORUM_ROOT . 'include/cache.php'; } generate_ranks_cache(); redirect('backstage/ranks.php'); }