// Make sure avatars_dir doesn't end with a slash
if (substr($form['avatars_dir'], -1) == '/') {
$form['avatars_dir'] = substr($form['avatars_dir'], 0, -1);
}
// Change or enter a SMTP password
if (isset($_POST['form']['smtp_change_pass'])) {
$smtp_pass1 = isset($_POST['form']['smtp_pass1']) ? luna_trim($_POST['form']['smtp_pass1']) : '';
$smtp_pass2 = isset($_POST['form']['smtp_pass2']) ? luna_trim($_POST['form']['smtp_pass2']) : '';
if ($smtp_pass1 == $smtp_pass2) {
$form['smtp_pass'] = $smtp_pass1;
} else {
message_backstage(__('You need to enter the SMTP password twice exactly the same to change it.', 'luna'));
}
}
if ($form['announcement_message'] != '') {
$form['announcement_message'] = luna_linebreaks($form['announcement_message']);
} else {
$form['announcement_message'] = __('Enter your announcement here.', 'luna');
$form['announcement'] = '0';
}
if ($form['feed_type'] < 0 || $form['feed_type'] > 2) {
message_backstage(__('Bad request. The link you followed is incorrect, outdated or you are simply not allowed to hang around here.', 'luna'), false, '404 Not Found');
}
if ($form['feed_ttl'] < 0) {
message_backstage(__('Bad request. The link you followed is incorrect, outdated or you are simply not allowed to hang around here.', 'luna'), false, '404 Not Found');
}
if ($form['report_method'] < 0 || $form['report_method'] > 2) {
message_backstage(__('Bad request. The link you followed is incorrect, outdated or you are simply not allowed to hang around here.', 'luna'), false, '404 Not Found');
}
if ($form['timeout_online'] >= $form['timeout_visit']) {
message_backstage(__('The value of "Timeout online" must be smaller than the value of "Timeout visit".', 'luna'));
function luna_mail($to, $subject, $message, $reply_to_email = '', $reply_to_name = '')
{
global $luna_config;
// Default sender/return address
$from_name = sprintf(__('%s Mailer', 'luna'), $luna_config['o_board_title']);
$from_email = $luna_config['o_webmaster_email'];
// Do a little spring cleaning
$to = luna_trim(preg_replace('%[\\n\\r]+%s', '', $to));
$subject = luna_trim(preg_replace('%[\\n\\r]+%s', '', $subject));
$from_email = luna_trim(preg_replace('%[\\n\\r:]+%s', '', $from_email));
$from_name = luna_trim(preg_replace('%[\\n\\r:]+%s', '', str_replace('"', '', $from_name)));
$reply_to_email = luna_trim(preg_replace('%[\\n\\r:]+%s', '', $reply_to_email));
$reply_to_name = luna_trim(preg_replace('%[\\n\\r:]+%s', '', str_replace('"', '', $reply_to_name)));
// Set up some headers to take advantage of UTF-8
$from = '"' . encode_mail_text($from_name) . '" <' . $from_email . '>';
$subject = encode_mail_text($subject);
$headers = 'From: ' . $from . FORUM_EOL . 'Date: ' . gmdate('r') . FORUM_EOL . 'MIME-Version: 1.0' . FORUM_EOL . 'Content-transfer-encoding: 8bit' . FORUM_EOL . 'Content-type: text/plain; charset=utf-8' . FORUM_EOL . 'X-Mailer: Luna Mailer';
// If we specified a reply-to email, we deal with it here
if (!empty($reply_to_email)) {
$reply_to = '"' . encode_mail_text($reply_to_name) . '" <' . $reply_to_email . '>';
$headers .= FORUM_EOL . 'Reply-To: ' . $reply_to;
}
// Make sure all linebreaks are LF in message (and strip out any NULL bytes)
$message = str_replace("", '', luna_linebreaks($message));
if ($luna_config['o_smtp_host'] != '') {
// Headers should be \r\n
// Message should be ??
$message = str_replace("\n", "\r\n", $message);
smtp_mail($to, $subject, $message, $headers);
} else {
// Headers should be \r\n
// Message should be \n
mail($to, $subject, $message, $headers);
}
}
if (!is_valid_email($email)) {
$errors[] = __('The email address you entered is invalid.', 'luna');
}
// Check if it's a banned email address
// we should only check guests because members' addresses are already verified
if ($luna_user['is_guest'] && is_banned_email($email)) {
if ($luna_config['p_allow_banned_email'] == '0') {
$errors[] = __('The email address you entered is banned in this forum. Please choose another email address.', 'luna');
}
$banned_email = true;
// Used later when we send an alert email
}
}
}
// Clean up message from POST
$orig_message = $message = luna_linebreaks(luna_trim($_POST['req_message']));
// Here we use strlen() not luna_strlen() as we want to limit the comment to FORUM_MAX_POSTSIZE bytes, not characters
if (strlen($message) > FORUM_MAX_POSTSIZE) {
$errors[] = sprintf(__('Comments cannot be longer than %s bytes.', 'luna'), forum_number_format(FORUM_MAX_POSTSIZE));
} elseif ($luna_config['p_message_all_caps'] == '0' && is_all_uppercase($message) && !$luna_user['is_admmod']) {
$errors[] = __('Comments cannot contain only capital letters.', 'luna');
}
// Validate BBCode syntax
require FORUM_ROOT . 'include/parser.php';
$message = preparse_bbcode($message, $errors);
if (empty($errors)) {
if ($message == '') {
$errors[] = __('You must enter a message.', 'luna');
} elseif ($luna_config['o_censoring'] == '1') {
// Censor message to see if that causes problems
$censored_message = luna_trim(censor_words($message));
require load_page('header.php');
require load_page('mail.php');
require load_page('footer.php');
} elseif (isset($_GET['report'])) {
if ($luna_user['is_guest']) {
message(__('You do not have permission to access this page.', 'luna'), false, '403 Forbidden');
}
$comment_id = intval($_GET['report']);
if ($comment_id < 1) {
message(__('Bad request. The link you followed is incorrect, outdated or you are simply not allowed to hang around here.', 'luna'), false, '404 Not Found');
}
if (isset($_POST['form_sent'])) {
// Make sure they got here from the site
confirm_referrer('misc.php');
// Clean up reason from POST
$reason = luna_linebreaks(luna_trim($_POST['req_reason']));
if ($reason == '') {
message(__('You must enter a reason.', 'luna'));
} elseif (strlen($reason) > 65535) {
// TEXT field can only hold 65535 bytes
message(__('Your message must be under 65535 bytes (~64kb).', 'luna'));
}
if ($luna_user['last_report_sent'] != '' && time() - $luna_user['last_report_sent'] < $luna_user['g_report_flood'] && time() - $luna_user['last_report_sent'] >= 0) {
message(sprintf(__('At least %s seconds have to pass between reports. Please wait %s seconds and try sending again.', 'luna'), $luna_user['g_report_flood'], $luna_user['g_report_flood'] - (time() - $luna_user['last_report_sent'])));
}
// Get the thread ID
$result = $db->query('SELECT thread_id FROM ' . $db->prefix . 'comments WHERE id=' . $comment_id) or error('Unable to fetch comment info', __FILE__, __LINE__, $db->error());
if (!$db->num_rows($result)) {
message(__('Bad request. The link you followed is incorrect, outdated or you are simply not allowed to hang around here.', 'luna'), false, '404 Not Found');
}
$thread_id = $db->result($result);
$db->close();
ob_end_clean();
ob_start();
header('Location: backstage/maintenance.php' . $query_str);
exit;
}
// Get the first comment ID from the db
$result = $db->query('SELECT id FROM ' . $db->prefix . 'comments ORDER BY id ASC LIMIT 1') or error('Unable to fetch thread info', __FILE__, __LINE__, $db->error());
if ($db->num_rows($result)) {
$first_id = $db->result($result);
}
if (isset($_POST['form_sent'])) {
confirm_referrer('backstage/maintenance.php');
$form = array('maintenance' => isset($_POST['form']['maintenance']) ? '1' : '0', 'maintenance_message' => luna_trim($_POST['form']['maintenance_message']));
if ($form['maintenance_message'] != '') {
$form['maintenance_message'] = luna_linebreaks($form['maintenance_message']);
} else {
$form['maintenance_message'] = __('The forums are temporarily down for maintenance. Please try again in a few minutes.', 'luna');
$form['maintenance'] = '0';
}
foreach ($form as $key => $input) {
// Only update values that have changed
if (array_key_exists('o_' . $key, $luna_config) && $luna_config['o_' . $key] != $input) {
if ($input != '' || is_int($input)) {
$value = '\'' . $db->escape($input) . '\'';
} else {
$value = 'NULL';
}
$db->query('UPDATE ' . $db->prefix . 'config SET conf_value=' . $value . ' WHERE conf_name=\'o_' . $db->escape($key) . '\'') or error('Unable to update board config', __FILE__, __LINE__, $db->error());
}
}
if ($luna_user['g_id'] == FORUM_ADMIN) {
$form['title'] = luna_trim($_POST['title']);
} elseif ($luna_user['g_set_title'] == '1') {
$form['title'] = luna_trim($_POST['title']);
if ($form['title'] != '') {
// A list of words that the title may not contain
// If the language is English, there will be some duplicates, but it's not the end of the world
$forbidden = array('member', 'moderator', 'administrator', 'banned', 'guest', utf8_strtolower(__('Member', 'luna')), utf8_strtolower(__('Moderator', 'luna')), utf8_strtolower(__('Administrator', 'luna')), utf8_strtolower(__('Banned', 'luna')), utf8_strtolower(__('Guest', 'luna')));
if (in_array(utf8_strtolower($form['title']), $forbidden)) {
message(__('The title you entered contains a forbidden word. You must choose a different title.', 'luna'));
}
}
}
// Clean up signature from POST
if ($luna_config['o_signatures'] == '1') {
$form['signature'] = luna_linebreaks(luna_trim($_POST['signature']));
// Validate signature
if (luna_strlen($form['signature']) > $luna_config['p_sig_length']) {
message(sprintf(__('Signatures cannot be longer than %1$s characters. Please reduce your signature by %2$s characters.', 'luna'), $luna_config['p_sig_length'], luna_strlen($form['signature']) - $luna_config['p_sig_length']));
} elseif (substr_count($form['signature'], "\n") > $luna_config['p_sig_lines'] - 1) {
message(sprintf(__('Signatures cannot have more than %s lines.', 'luna'), $luna_config['p_sig_lines']));
} elseif ($form['signature'] && $luna_config['p_sig_all_caps'] == '0' && is_all_uppercase($form['signature']) && !$luna_user['is_admmod']) {
$form['signature'] = utf8_ucwords(utf8_strtolower($form['signature']));
}
$errors = array();
$form['signature'] = preparse_bbcode($form['signature'], $errors, true);
if (count($errors) > 0) {
message('<ul><li>' . implode('</li><li>', $errors) . '</li></ul>');
}
}
if ($form['disp_topics'] != '') {
if (!defined('FORUM_CACHE_FUNCTIONS_LOADED')) {
require FORUM_ROOT . 'include/cache.php';
}
generate_forum_cache();
redirect('backstage/board.php?saved=true');
} elseif (isset($_GET['edit_forum'])) {
$forum_id = intval($_GET['edit_forum']);
if ($forum_id < 1) {
message_backstage(__('Bad request. The link you followed is incorrect, outdated or you are simply not allowed to hang around here.', 'luna'), false, '404 Not Found');
}
// Update group permissions for $forum_id
if (isset($_POST['save'])) {
confirm_referrer('backstage/board.php');
// Start with the forum details
$forum_name = luna_trim($_POST['forum_name']);
$forum_desc = luna_linebreaks(luna_trim($_POST['forum_desc']));
$parent_id = intval($_POST['parent_id']);
$cat_id = intval($_POST['cat_id']);
$sort_by = intval($_POST['sort_by']);
$icon = luna_trim($_POST['icon']);
$color = luna_trim($_POST['color']);
$solved = isset($_POST['solved']) ? '1' : '0';
if ($forum_name == '') {
message_backstage(__('You must enter a name', 'luna'));
}
if ($cat_id < 1) {
message_backstage(__('Bad request. The link you followed is incorrect, outdated or you are simply not allowed to hang around here.', 'luna'), false, '404 Not Found');
}
$forum_desc = $forum_desc != '' ? '\'' . $db->escape($forum_desc) . '\'' : 'NULL';
$db->query('UPDATE ' . $db->prefix . 'forums SET forum_name=\'' . $db->escape($forum_name) . '\', forum_desc=' . $forum_desc . ', parent_id=' . $parent_id . ', sort_by=' . $sort_by . ', cat_id=' . $cat_id . ', icon=\'' . $db->escape($icon) . '\', color=\'' . $color . '\', solved=' . $solved . ' WHERE id=' . $forum_id) or error('Unable to update forum', __FILE__, __LINE__, $db->error());
// Now let's deal with the permissions
/*
* Copyright (C) 2013-2015 Luna
* Based on code by FluxBB copyright (C) 2008-2012 FluxBB
* Based on code by Rickard Andersson copyright (C) 2002-2008 PunBB
* Licensed under GPLv3 (http://getluna.org/license.php)
*/
define('FORUM_ROOT', '../');
require FORUM_ROOT . 'include/common.php';
if (!$is_admin) {
header("Location: login.php");
}
if (isset($_POST['form_sent'])) {
confirm_referrer('backstage/registration.php', __('Bad HTTP_REFERER. If you have moved these forums from one location to another or switched domains, you need to update the Base URL manually in the database (look for o_base_url in the config table) and then clear the cache by deleting all .php files in the /cache directory.', 'luna'));
$form = array('regs_allow' => isset($_POST['form']['regs_allow']) ? '1' : '0', 'regs_verify' => isset($_POST['form']['regs_verify']) ? '1' : '0', 'regs_report' => isset($_POST['form']['regs_report']) ? '1' : '0', 'rules' => isset($_POST['form']['rules']) ? '1' : '0', 'rules_message' => luna_trim($_POST['form']['rules_message']), 'default_email_setting' => intval($_POST['form']['default_email_setting']));
if ($form['rules_message'] != '') {
$form['rules_message'] = luna_linebreaks($form['rules_message']);
} else {
$form['rules_message'] = __('Enter your rules here.', 'luna');
$form['rules'] = '0';
}
if ($form['default_email_setting'] < 0 || $form['default_email_setting'] > 2) {
message_backstage(__('Bad request. The link you followed is incorrect, outdated or you are simply not allowed to hang around here.', 'luna'), false, '404 Not Found');
}
foreach ($form as $key => $input) {
// Only update values that have changed
if (array_key_exists('o_' . $key, $luna_config) && $luna_config['o_' . $key] != $input) {
if ($input != '' || is_int($input)) {
$value = '\'' . $db->escape($input) . '\'';
} else {
$value = 'NULL';
}
