if (($tid && ($cur_posting['post_replies'] == '' && $pun_user['g_post_replies'] == '0' || $cur_posting['post_replies'] == '0') || $fid && ($cur_posting['post_topics'] == '' && $pun_user['g_post_topics'] == '0' || $cur_posting['post_topics'] == '0') || isset($cur_posting['closed']) && $cur_posting['closed'] == '1') && !$is_admmod) {
message($lang_common['No permission'], false, '403 Forbidden');
}
// Load the post.php language file
require PUN_ROOT . 'lang/' . $pun_user['language'] . '/post.php';
// Start with a clean slate
$errors = array();
// Did someone just hit "Submit" or "Preview"?
if (isset($_POST['form_sent'])) {
flux_hook('post_before_validation');
// Flood protection
if (!isset($_POST['preview']) && $pun_user['last_post'] != '' && time() - $pun_user['last_post'] < $pun_user['g_post_flood']) {
$errors[] = sprintf($lang_post['Flood start'], $pun_user['g_post_flood'], $pun_user['g_post_flood'] - (time() - $pun_user['last_post']));
}
// Make sure they got here from the site
confirm_referrer(array('post.php', 'viewtopic.php'));
// If it's a new topic
if ($fid) {
$subject = pun_trim($_POST['req_subject']);
if ($pun_config['o_censoring'] == '1') {
$censored_subject = pun_trim(censor_words($subject));
}
if ($subject == '') {
$errors[] = $lang_post['No subject'];
} else {
if ($pun_config['o_censoring'] == '1' && $censored_subject == '') {
$errors[] = $lang_post['No subject after censoring'];
} else {
if (pun_strlen($subject) > 70) {
$errors[] = $lang_post['Too long subject'];
} else {
* based on code by Rickard Andersson copyright (C) 2002-2008 PunBB
* License: http://www.gnu.org/licenses/gpl.html GPL version 2 or higher
*/
// Tell header.php to use the admin template
define('PUN_ADMIN_CONSOLE', 1);
define('PUN_ROOT', dirname(__FILE__) . '/');
require PUN_ROOT . 'include/common.php';
require PUN_ROOT . 'include/common_admin.php';
if (!$pun_user['is_admmod']) {
message($lang_common['No permission']);
}
// Load the admin_reports.php language file
require PUN_ROOT . 'lang/' . $admin_language . '/admin_reports.php';
// Zap a report
if (isset($_POST['zap_id'])) {
confirm_referrer('admin_reports.php');
$zap_id = intval(key($_POST['zap_id']));
$result = $db->query('SELECT zapped FROM ' . $db->prefix . 'reports WHERE id=' . $zap_id) or error('Unable to fetch report info', __FILE__, __LINE__, $db->error());
$zapped = $db->result($result);
if ($zapped == '') {
$db->query('UPDATE ' . $db->prefix . 'reports SET zapped=' . time() . ', zapped_by=' . $pun_user['id'] . ' WHERE id=' . $zap_id) or error('Unable to zap report', __FILE__, __LINE__, $db->error());
}
// Delete old reports (which cannot be viewed anyway)
$result = $db->query('SELECT zapped FROM ' . $db->prefix . 'reports WHERE zapped IS NOT NULL ORDER BY zapped DESC LIMIT 10,1') or error('Unable to fetch read reports to delete', __FILE__, __LINE__, $db->error());
if ($db->num_rows($result) > 0) {
$zapped_threshold = $db->result($result);
$db->query('DELETE FROM ' . $db->prefix . 'reports WHERE zapped <= ' . $zapped_threshold) or error('Unable to delete old read reports', __FILE__, __LINE__, $db->error());
}
redirect('admin_reports.php', $lang_admin_reports['Report zapped redirect']);
}
$page_title = array(pun_htmlspecialchars($pun_config['o_board_title']), $lang_admin_common['Admin'], $lang_admin_common['Reports']);
<?php
/*
* Copyright (C) 2013-2015 Luna
* Based on code by FluxBB copyright (C) 2008-2012 FluxBB
* Based on code by Rickard Andersson copyright (C) 2002-2008 PunBB
* Licensed under GPLv3 (http://getluna.org/license.php)
*/
define('FORUM_ROOT', '../');
require FORUM_ROOT . 'include/common.php';
if (!$is_admin) {
header("Location: login.php");
}
if (isset($_POST['form_sent'])) {
confirm_referrer('backstage/appearance.php', __('Bad HTTP_REFERER. If you have moved these forums from one location to another or switched domains, you need to update the Base URL manually in the database (look for o_base_url in the config table) and then clear the cache by deleting all .php files in the /cache directory.', 'luna'));
$form = array('default_accent' => intval($_POST['form']['default_accent']), 'allow_accent_color' => isset($_POST['form']['allow_accent_color']) ? '1' : '0', 'allow_night_mode' => isset($_POST['form']['allow_night_mode']) ? '1' : '0', 'show_user_info' => isset($_POST['form']['show_user_info']) ? '1' : '0', 'show_post_count' => isset($_POST['form']['show_post_count']) ? '1' : '0', 'moderated_by' => isset($_POST['form']['moderated_by']) ? '1' : '0', 'emoji' => isset($_POST['form']['emoji']) ? '1' : '0', 'emoji_size' => intval($_POST['form']['emoji_size']), 'topic_review' => intval($_POST['form']['topic_review']) >= 0 ? intval($_POST['form']['topic_review']) : 0, 'disp_topics_default' => intval($_POST['form']['disp_topics_default']), 'disp_posts_default' => intval($_POST['form']['disp_posts_default']), 'board_statistics' => isset($_POST['form']['board_statistics']) ? '1' : '0', 'back_to_top' => isset($_POST['form']['back_to_top']) ? '1' : '0', 'notification_flyout' => isset($_POST['form']['notification_flyout']) ? '1' : '0', 'header_search' => isset($_POST['form']['header_search']) ? '1' : '0', 'show_copyright' => isset($_POST['form']['show_copyright']) ? '1' : '0', 'copyright_type' => intval($_POST['form']['copyright_type']), 'custom_copyright' => luna_trim($_POST['form']['custom_copyright']));
// Make sure the number of displayed topics and posts is between 3 and 75
if ($form['disp_topics_default'] < 3) {
$form['disp_topics_default'] = 3;
} elseif ($form['disp_topics_default'] > 75) {
$form['disp_topics_default'] = 75;
}
if ($form['disp_posts_default'] < 3) {
$form['disp_posts_default'] = 3;
} elseif ($form['disp_posts_default'] > 75) {
$form['disp_posts_default'] = 75;
}
foreach ($form as $key => $input) {
// Only update values that have changed
if (array_key_exists('o_' . $key, $luna_config) && $luna_config['o_' . $key] != $input) {
if ($input != '' || is_int($input)) {
require PUN_ROOT . 'include/common.php';
require PUN_ROOT . 'include/common_admin.php';
if ($pun_user['g_id'] > PUN_ADMIN) {
message($lang_common['No permission']);
}
if (isset($_GET['i_per_page']) && isset($_GET['i_start_at'])) {
$per_page = intval($_GET['i_per_page']);
$start_at = intval($_GET['i_start_at']);
if ($per_page < 1 || $start_at < 1) {
message($lang_common['Bad request']);
}
@set_time_limit(0);
// If this is the first cycle of posts we empty the search index before we proceed
if (isset($_GET['i_empty_index'])) {
// This is the only potentially "dangerous" thing we can do here, so we check the referer
confirm_referrer('admin_maintenance.php');
$truncate_sql = $db_type != 'sqlite' && $db_type != 'pgsql' ? 'TRUNCATE TABLE ' : 'DELETE FROM ';
$db->query($truncate_sql . $db->prefix . 'search_matches') or error('Unable to empty search index match table', __FILE__, __LINE__, $db->error());
$db->query($truncate_sql . $db->prefix . 'search_words') or error('Unable to empty search index words table', __FILE__, __LINE__, $db->error());
// Reset the sequence for the search words (not needed for SQLite)
switch ($db_type) {
case 'mysql':
case 'mysqli':
$result = $db->query('ALTER TABLE ' . $db->prefix . 'search_words auto_increment=1') or error('Unable to update table auto_increment', __FILE__, __LINE__, $db->error());
break;
case 'pgsql':
$result = $db->query('SELECT setval(\'' . $db->prefix . 'search_words_id_seq\', 1, false)') or error('Unable to update sequence', __FILE__, __LINE__, $db->error());
}
}
$end_at = $start_at + $per_page;
?>
// Sort out who the moderators are and if we are currently a moderator (or an admin)
$mods_array = $cur_post['moderators'] != '' ? unserialize($cur_post['moderators']) : array();
$is_admmod = $pun_user['g_id'] == PUN_ADMIN || $pun_user['g_id'] == PUN_MOD && array_key_exists($pun_user['username'], $mods_array) ? true : false;
// Determine whether this post is the "topic post" or not
$result = $db->query('SELECT id FROM ' . $db->prefix . 'posts WHERE topic_id=' . $cur_post['tid'] . ' ORDER BY posted LIMIT 1') or error('Unable to fetch post info', __FILE__, __LINE__, $db->error());
$topic_post_id = $db->result($result);
$is_topic_post = $id == $topic_post_id ? true : false;
// Do we have permission to edit this post?
if (($pun_user['g_delete_posts'] == '0' || $pun_user['g_delete_topics'] == '0' && $is_topic_post || $cur_post['poster_id'] != $pun_user['id'] || $cur_post['closed'] == '1') && !$is_admmod) {
message($lang_common['No permission']);
}
// Load the delete.php language file
require PUN_ROOT . 'lang/' . $pun_user['language'] . '/delete.php';
if (isset($_POST['delete'])) {
if ($is_admmod) {
confirm_referrer('delete.php');
}
require PUN_ROOT . 'include/search_idx.php';
if ($is_topic_post) {
// Delete the topic and all of it's posts
delete_topic($cur_post['tid']);
update_forum($cur_post['fid']);
redirect('viewforum.php?id=' . $cur_post['fid'], $lang_delete['Topic del redirect']);
} else {
// Delete just this one post
delete_post($id, $cur_post['tid']);
update_forum($cur_post['fid']);
redirect('viewtopic.php?id=' . $cur_post['tid'], $lang_delete['Post del redirect']);
}
}
$page_title = pun_htmlspecialchars($pun_config['o_board_title']) . ' / ' . $lang_delete['Delete post'];
if (!defined('PANTHER')) {
define('PANTHER_ROOT', __DIR__ . '/../');
require PANTHER_ROOT . 'include/common.php';
}
require PANTHER_ROOT . 'include/common_admin.php';
if ($panther_user['is_admmod'] && $panther_user['g_mod_cp'] == '0' && !$panther_user['is_admin'] || !$panther_user['is_admmod']) {
message($lang_common['No permission'], false, '403 Forbidden');
}
check_authentication();
if ($panther_config['o_delete_full'] == '1') {
message($lang_common['Bad request']);
}
// Load the admin_deleted.php language file
require PANTHER_ROOT . 'lang/' . $admin_language . '/admin_deleted.php';
if (isset($_POST['post_id'])) {
confirm_referrer(PANTHER_ADMIN_DIR . '/deleted.php');
$post_id = intval(key($_POST['post_id']));
$action = isset($_POST['action']) && is_array($_POST['action']) ? intval($_POST['action'][$post_id]) : '1';
$data = array(':id' => $post_id);
$ps = $db->run('SELECT t.first_post_id, p.topic_id, p.message, t.subject, t.forum_id FROM ' . $db->prefix . 'posts AS p INNER JOIN ' . $db->prefix . 'topics AS t ON p.topic_id=t.id WHERE p.id=:id AND p.deleted=1', $data);
if (!$ps->rowCount()) {
message($lang_common['Bad request']);
} else {
$post = $ps->fetch();
}
$is_topic_post = $post_id == $post['first_post_id'] ? true : false;
if ($action == '1') {
if ($is_topic_post) {
$update = array('deleted' => 0);
$data = array(':id' => $post['topic_id']);
$db->update('topics', $update, 'id=:id', $data);
$is_admmod = $pun_user['g_id'] == PUN_ADMIN || $pun_user['g_id'] == PUN_MOD && array_key_exists($pun_user['username'], $mods_array) ? true : false;
// Determine whether this post is the "topic post" or not
$result = $db->query('SELECT id FROM ' . $db->prefix . 'posts WHERE topic_id=' . $cur_post['tid'] . ' ORDER BY posted LIMIT 1') or error('Unable to fetch post info', __FILE__, __LINE__, $db->error());
$topic_post_id = $db->result($result);
$can_edit_subject = $id == $topic_post_id && ($pun_user['g_edit_subjects_interval'] == '0' || time() - $cur_post['posted'] < $pun_user['g_edit_subjects_interval'] || $is_admmod) ? true : false;
// Do we have permission to edit this post?
if (($pun_user['g_edit_posts'] == '0' || $cur_post['poster_id'] != $pun_user['id'] || $cur_post['closed'] == '1') && !$is_admmod) {
message($lang_common['No permission']);
}
// Load the post.php/edit.php language file
require PUN_ROOT . 'lang/' . $pun_user['language'] . '/post.php';
// Start with a clean slate
$errors = array();
if (isset($_POST['form_sent'])) {
if ($is_admmod) {
confirm_referrer('edit.php');
}
// If it is a topic it must contain a subject
if ($can_edit_subject) {
$subject = pun_trim($_POST['req_subject']);
if ($subject == '') {
$errors[] = $lang_post['No subject'];
} else {
if (pun_strlen($subject) > 70) {
$errors[] = $lang_post['Too long subject'];
} else {
if ($pun_config['p_subject_all_caps'] == '0' && strtoupper($subject) == $subject && $pun_user['g_id'] > PUN_MOD) {
$subject = ucwords(strtolower($subject));
}
}
}
list($num_replies) = $db->fetch_row($result);
// Determine the comment offset (based on $_GET['p'])
$num_pages = ceil($num_replies / $luna_user['disp_posts']);
// Page ?
$page = !isset($_REQUEST['p']) || $_REQUEST['p'] <= '1' ? '1' : intval($_REQUEST['p']);
$start_from = $luna_user['disp_posts'] * ($page - 1);
// Check that $mid looks good
if ($mid <= 0) {
message(__('Bad request. The link you followed is incorrect, outdated or you are simply not allowed to hang around here.', 'luna'));
}
// Action ?
$action = isset($_REQUEST['action']) && $_REQUEST['action'] == 'delete' ? $_REQUEST['action'] : '';
// Delete a single message or a full topic
if ($action == 'delete') {
// Make sure they got here from the site
confirm_referrer('viewinbox.php');
if (isset($_POST['delete_comply'])) {
if ($topic_msg > '1' || $topic_msg < '0') {
message(__('Bad request. The link you followed is incorrect, outdated or you are simply not allowed to hang around here.', 'luna'));
}
if ($topic_msg == '0') {
if ($luna_user['is_admmod']) {
if ($delete_all == '1') {
$result_msg = $db->query('SELECT message FROM ' . $db->prefix . 'messages WHERE id=' . $mid) or error('Unable to get the informations of the message', __FILE__, __LINE__, $db->error());
if (!$db->num_rows($result_msg)) {
message(__('Bad request. The link you followed is incorrect, outdated or you are simply not allowed to hang around here.', 'luna'));
}
$delete_msg = $db->fetch_assoc($result_msg);
// To devs: maybe this query is unsafe? Maybe you know how to secure it? I'm open to your suggestions ;) !
$result_ids = $db->query('SELECT id FROM ' . $db->prefix . 'messages WHERE message=\'' . $db->escape($delete_msg) . '\'') or error('Unable to get the informations of the message', __FILE__, __LINE__, $db->error());
if (!$db->num_rows($result_ids)) {
$result = $db->query('SELECT * FROM ' . $db->prefix . 'messages WHERE id=' . $id) or error('Unable to fetch post info', __FILE__, __LINE__, $db->error());
if (!$db->num_rows($result)) {
message($lang_common['Bad request']);
}
$cur_post = $db->fetch_assoc($result);
// Check permissions
if ($cur_post['owner'] != $pun_user['id']) {
message($lang_common['No permission']);
}
if (isset($_POST['delete'])) {
// Check id
if (empty($_GET['id'])) {
message($lang_common['Bad request']);
}
$id = intval($_GET['id']);
confirm_referrer('message_delete.php');
// Delete message
$db->query('DELETE FROM ' . $db->prefix . 'messages WHERE id=' . $id) or error('Unable to delete messages', __FILE__, __LINE__, $db->error());
// Redirect
redirect('message_list.php?box=' . $_POST['box'] . '&p=' . $_POST['p'], $lang_pms['Del redirect']);
} else {
$page_title = $lang_pms['Delete message'] . ' / ' . pun_htmlspecialchars($pun_config['o_board_title']);
require PUN_ROOT . 'header.php';
require PUN_ROOT . 'include/parser.php';
$cur_post['message'] = parse_message($cur_post['message'], (int) (!$cur_post['smileys']));
?>
<div class="blockform">
<h2><span><?php
echo $lang_pms['Delete message'];
?>
</span></h2>
if ($panther_user['id'] != '2') {
if (!is_null($admins[$panther_user['id']]['admin_archive'])) {
if ($admins[$panther_user['id']]['admin_archive'] == '0') {
message($lang_common['No permission'], false, '403 Forbidden');
}
}
}
check_authentication();
// Load the admin_ranks.php language file
require PANTHER_ROOT . 'lang/' . $admin_language . '/admin_archive.php';
$ps = $db->select('topics', 'COUNT(id)', array(), 'deleted=0 AND approved=1');
$total = $ps->fetchColumn();
$ps = $db->select('topics', 'COUNT(id)', array(), 'archived=1 AND deleted=0 AND approved=1');
$archived = $ps->fetchColumn();
if (isset($_POST['form_sent'])) {
confirm_referrer(PANTHER_ADMIN_DIR . '/archive.php');
$units = array('day', 'months', 'years');
// Set an array of valid time expiration strings
$time = isset($_POST['time']) ? intval($_POST['time']) : 0;
$unit = isset($_POST['unit']) && in_array($_POST['unit'], $units) ? panther_trim($_POST['unit']) : 'days';
$closed = isset($_POST['closed']) ? intval($_POST['closed']) : 0;
$sticky = isset($_POST['sticky']) ? intval($_POST['sticky']) : 0;
$forums = isset($_POST['forums']) && is_array($_POST['forums']) ? array_map('intval', $_POST['forums']) : array(0);
if (in_array(0, $forums) && count($forums) > 1) {
message($lang_admin_archive['All forums message']);
}
if ($sticky > 2 || $sticky < 0 || $closed > 2 || $closed < 0) {
message($lang_admin_archive['Open/close message']);
}
if ($time < 1) {
message(sprintf($lang_admin_archive['Invalid time value'], strtolower($unit)));
confirm_referrer('backstage/censoring.php');
$id = intval(key($_POST['update']));
$search_for = luna_trim($_POST['search_for'][$id]);
$replace_with = luna_trim($_POST['replace_with'][$id]);
if ($search_for == '') {
message_backstage(__('You must enter a word to censor.', 'luna'));
}
$db->query('UPDATE ' . $db->prefix . 'censoring SET search_for=\'' . $db->escape($search_for) . '\', replace_with=\'' . $db->escape($replace_with) . '\' WHERE id=' . $id) or error('Unable to update censor word', __FILE__, __LINE__, $db->error());
// Regenerate the censoring cache
if (!defined('LUNA_CACHE_FUNCTIONS_LOADED')) {
require LUNA_ROOT . 'include/cache.php';
}
generate_censoring_cache();
redirect('backstage/censoring.php');
} elseif (isset($_POST['remove'])) {
confirm_referrer('backstage/censoring.php');
$id = intval(key($_POST['remove']));
$db->query('DELETE FROM ' . $db->prefix . 'censoring WHERE id=' . $id) or error('Unable to delete censor word', __FILE__, __LINE__, $db->error());
// Regenerate the censoring cache
if (!defined('LUNA_CACHE_FUNCTIONS_LOADED')) {
require LUNA_ROOT . 'include/cache.php';
}
generate_censoring_cache();
redirect('backstage/censoring.php');
}
$page_title = array(luna_htmlspecialchars($luna_config['o_board_title']), __('Admin', 'luna'), __('Censoring', 'luna'));
$focus_element = array('censoring', 'new_search_for');
define('LUNA_ACTIVE_PAGE', 'admin');
require 'header.php';
load_admin_nav('content', 'censoring');
?>
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston,
MA 02111-1307 USA
************************************************************************/
// Tell header.php to use the admin template
define('PUN_ADMIN_CONSOLE', 1);
define('PUN_ROOT', './');
require PUN_ROOT . 'include/common.php';
require PUN_ROOT . 'include/common_admin.php';
if ($pun_user['g_id'] > PUN_ADMIN) {
message($lang_common['No permission']);
}
if (isset($_POST['form_sent'])) {
confirm_referrer('admin_permissions.php');
$form = array_map('intval', $_POST['form']);
while (list($key, $input) = @each($form)) {
// Only update values that have changed
if (array_key_exists('p_' . $key, $pun_config) && $pun_config['p_' . $key] != $input) {
$db->query('UPDATE ' . $db->prefix . 'config SET conf_value=' . $input . ' WHERE conf_name=\'p_' . $db->escape($key) . '\'') or error('Unable to update board config', __FILE__, __LINE__, $db->error());
}
}
// Regenerate the config cache
require_once PUN_ROOT . 'include/cache.php';
generate_config_cache();
redirect('admin_permissions.php', 'Permissions updated. Redirecting …');
}
$page_title = pun_htmlspecialchars($pun_config['o_board_title']) . ' / Admin / Permissions';
require PUN_ROOT . 'header.php';
generate_admin_menu('permissions');
if (!@preg_match('#^\\d+$#', $min_posts)) {
message('Minimum posts must be a positive integer value.');
}
// Make sure there isn't already a rank with the same min_posts value
$result = $db->query('SELECT 1 FROM ' . $db->prefix . 'ranks WHERE id!=' . $id . ' AND min_posts=' . $min_posts) or error('Unable to fetch rank info', __FILE__, __LINE__, $db->error());
if ($db->num_rows($result)) {
message('There is already a rank with a minimun posts value of ' . $min_posts . '.');
}
$db->query('UPDATE ' . $db->prefix . 'ranks SET rank=\'' . $db->escape($rank) . '\', min_posts=' . $min_posts . ' WHERE id=' . $id) or error('Unable to update rank', __FILE__, __LINE__, $db->error());
// Regenerate the ranks cache
require_once PUN_ROOT . 'include/cache.php';
generate_ranks_cache();
redirect('admin_ranks.php', 'Rank updated. Redirecting …');
} else {
if (isset($_POST['remove'])) {
confirm_referrer('admin_ranks.php');
$id = intval(key($_POST['remove']));
$db->query('DELETE FROM ' . $db->prefix . 'ranks WHERE id=' . $id) or error('Unable to delete rank', __FILE__, __LINE__, $db->error());
// Regenerate the ranks cache
require_once PUN_ROOT . 'include/cache.php';
generate_ranks_cache();
redirect('admin_ranks.php', 'Rank removed. Redirecting …');
}
}
}
$page_title = pun_htmlspecialchars($pun_config['o_board_title']) . ' / Admin / Ranks';
$focus_element = array('ranks', 'new_rank');
require PUN_ROOT . 'header.php';
generate_admin_menu('ranks');
?>
<div class="blockform">
require PANTHER_ROOT . 'lang/' . $panther_user['language'] . '/post.php';
check_posting_ban();
if ($cur_posting['archived'] == '1') {
message($lang_post['Topic archived']);
}
// Start with a clean slate
$errors = array();
// Did someone just hit "Submit" or "Preview"?
if (isset($_POST['form_sent'])) {
($hook = get_extensions('post_before_validation')) ? eval($hook) : null;
// Flood protection
if (!isset($_POST['preview']) && $panther_user['last_post'] != '' && time() - $panther_user['last_post'] < $panther_user['g_post_flood']) {
$errors[] = sprintf($lang_post['Flood start'], $panther_user['g_post_flood'], $panther_user['g_post_flood'] - (time() - $panther_user['last_post']));
}
// Make sure they got here from the site
confirm_referrer('post.php');
// If it's a new topic
if ($fid) {
$subject = isset($_POST['req_subject']) ? panther_trim($_POST['req_subject']) : '';
if ($panther_config['o_censoring'] == '1') {
$censored_subject = panther_trim(censor_words($subject));
}
if ($subject == '') {
$errors[] = $lang_post['No subject'];
} else {
if ($panther_config['o_censoring'] == '1' && $censored_subject == '') {
$errors[] = $lang_post['No subject after censoring'];
} else {
if (panther_strlen($subject) > 70) {
$errors[] = $lang_post['Too long subject'];
} else {
* Copyright (C) 2008-2012 FluxBB
* based on code by Rickard Andersson copyright (C) 2002-2008 PunBB
* License: http://www.gnu.org/licenses/gpl.html GPL version 2 or higher
*/
// Tell header.php to use the admin template
define('PUN_ADMIN_CONSOLE', 1);
define('PUN_ROOT', dirname(__FILE__) . '/');
require PUN_ROOT . 'include/common.php';
require PUN_ROOT . 'include/common_admin.php';
if ($pun_user['g_id'] != PUN_ADMIN) {
message($lang->t('No permission'));
}
// Load the admin_options.php language file
$lang->load('admin_options');
if (isset($_POST['form_sent'])) {
confirm_referrer('admin_options.php', $lang->t('Bad HTTP Referer message'));
$form = array('board_title' => pun_trim($_POST['form']['board_title']), 'board_desc' => pun_trim($_POST['form']['board_desc']), 'default_timezone' => floatval($_POST['form']['default_timezone']), 'default_dst' => $_POST['form']['default_dst'] != '1' ? '0' : '1', 'default_lang' => pun_trim($_POST['form']['default_lang']), 'default_style' => pun_trim($_POST['form']['default_style']), 'time_format' => pun_trim($_POST['form']['time_format']), 'date_format' => pun_trim($_POST['form']['date_format']), 'timeout_visit' => intval($_POST['form']['timeout_visit']), 'timeout_online' => intval($_POST['form']['timeout_online']), 'redirect_delay' => intval($_POST['form']['redirect_delay']), 'show_version' => $_POST['form']['show_version'] != '1' ? '0' : '1', 'show_user_info' => $_POST['form']['show_user_info'] != '1' ? '0' : '1', 'show_post_count' => $_POST['form']['show_post_count'] != '1' ? '0' : '1', 'smilies' => $_POST['form']['smilies'] != '1' ? '0' : '1', 'smilies_sig' => $_POST['form']['smilies_sig'] != '1' ? '0' : '1', 'make_links' => $_POST['form']['make_links'] != '1' ? '0' : '1', 'topic_review' => intval($_POST['form']['topic_review']), 'disp_topics_default' => intval($_POST['form']['disp_topics_default']), 'disp_posts_default' => intval($_POST['form']['disp_posts_default']), 'indent_num_spaces' => intval($_POST['form']['indent_num_spaces']), 'quote_depth' => intval($_POST['form']['quote_depth']), 'quickpost' => $_POST['form']['quickpost'] != '1' ? '0' : '1', 'users_online' => $_POST['form']['users_online'] != '1' ? '0' : '1', 'censoring' => $_POST['form']['censoring'] != '1' ? '0' : '1', 'signatures' => $_POST['form']['signatures'] != '1' ? '0' : '1', 'ranks' => $_POST['form']['ranks'] != '1' ? '0' : '1', 'show_dot' => $_POST['form']['show_dot'] != '1' ? '0' : '1', 'topic_views' => $_POST['form']['topic_views'] != '1' ? '0' : '1', 'quickjump' => $_POST['form']['quickjump'] != '1' ? '0' : '1', 'gzip' => $_POST['form']['gzip'] != '1' ? '0' : '1', 'search_all_forums' => $_POST['form']['search_all_forums'] != '1' ? '0' : '1', 'additional_navlinks' => pun_trim($_POST['form']['additional_navlinks']), 'feed_type' => intval($_POST['form']['feed_type']), 'feed_ttl' => intval($_POST['form']['feed_ttl']), 'report_method' => intval($_POST['form']['report_method']), 'mailing_list' => pun_trim($_POST['form']['mailing_list']), 'avatars' => $_POST['form']['avatars'] != '1' ? '0' : '1', 'avatars_dir' => pun_trim($_POST['form']['avatars_dir']), 'avatars_width' => intval($_POST['form']['avatars_width']), 'avatars_height' => intval($_POST['form']['avatars_height']), 'avatars_size' => intval($_POST['form']['avatars_size']), 'admin_email' => strtolower(pun_trim($_POST['form']['admin_email'])), 'webmaster_email' => strtolower(pun_trim($_POST['form']['webmaster_email'])), 'forum_subscriptions' => $_POST['form']['forum_subscriptions'] != '1' ? '0' : '1', 'topic_subscriptions' => $_POST['form']['topic_subscriptions'] != '1' ? '0' : '1', 'smtp_host' => pun_trim($_POST['form']['smtp_host']), 'smtp_user' => pun_trim($_POST['form']['smtp_user']), 'smtp_ssl' => $_POST['form']['smtp_ssl'] != '1' ? '0' : '1', 'regs_allow' => $_POST['form']['regs_allow'] != '1' ? '0' : '1', 'regs_verify' => $_POST['form']['regs_verify'] != '1' ? '0' : '1', 'regs_report' => $_POST['form']['regs_report'] != '1' ? '0' : '1', 'rules' => $_POST['form']['rules'] != '1' ? '0' : '1', 'rules_message' => pun_trim($_POST['form']['rules_message']), 'default_email_setting' => intval($_POST['form']['default_email_setting']), 'announcement' => $_POST['form']['announcement'] != '1' ? '0' : '1', 'announcement_message' => pun_trim($_POST['form']['announcement_message']), 'maintenance' => $_POST['form']['maintenance'] != '1' ? '0' : '1', 'maintenance_message' => pun_trim($_POST['form']['maintenance_message']));
if ($form['board_title'] == '') {
message($lang->t('Must enter title message'));
}
if (!Flux_Lang::languageExists($form['default_lang'])) {
message($lang->t('Bad request'));
}
$styles = forum_list_styles();
if (!in_array($form['default_style'], $styles)) {
message($lang->t('Bad request'));
}
if ($form['time_format'] == '') {
$form['time_format'] = 'H:i:s';
}
if ($form['date_format'] == '') {
$result = $db->query('SELECT sender_id, message, receiver FROM ' . $db->prefix . 'messages WHERE id=' . $edit) or error('Unable to get the informations of the message', __FILE__, __LINE__, $db->error());
if (!$db->num_rows($result)) {
message(__('Bad request. The link you followed is incorrect, outdated or you are simply not allowed to hang around here.', 'luna'));
}
$edit_msg = $db->fetch_assoc($result);
// If you're not the owner of this message, why do you want to edit it?
if ($edit_msg['sender_id'] != $luna_user['id'] && !$luna_user['is_admmod'] || $edit_msg['receiver'] == '0' && !$luna_user['is_admmod']) {
message(__('You do not have permission to access this page.', 'luna'));
}
// Insert the message
$p_message = censor_words($edit_msg['message']);
}
if (isset($_POST['form_sent'])) {
// The comment button has been pressed
// Make sure they got here from the site
confirm_referrer(array('new_inbox.php', 'viewinbox.php'));
$hide_smilies = isset($_POST['hide_smilies']) ? '1' : '0';
// Make sure form_user is correct
if ($_POST['form_user'] != $luna_user['username']) {
message(__('Bad request. The link you followed is incorrect, outdated or you are simply not allowed to hang around here.', 'luna'));
}
// Flood protection by Newman
if (!isset($_SESSION)) {
session_start();
}
if (isset($_SESION['last_session_request'])) {
if (!$edit && !isset($_POST['preview']) && $_SESSION['last_session_request'] > time() - $luna_user['g_comment_flood']) {
$errors[] = sprintf(__('At least % seconds have to pass between sends. Please wait a little while and try send the message again.', 'luna'), $luna_user['g_comment_flood']);
}
}
// Check users boxes
}
}
}
}
}
}
if ($luna_config['o_feed_type'] == '1') {
$page_head = array('feed' => '<link rel="alternate" type="application/rss+xml" href="extern.php?action=feed&type=rss" title="' . __('RSS active topics feed', 'luna') . '" />');
} elseif ($luna_config['o_feed_type'] == '2') {
$page_head = array('feed' => '<link rel="alternate" type="application/atom+xml" href="extern.php?action=feed&type=atom" title="' . __('Atom active topics feed', 'luna') . '" />');
}
$forum_actions = array();
// Someone clicked "Do not show again"
$action = isset($_GET['action']) ? $_GET['action'] : null;
if ($action == 'do_not_show') {
confirm_referrer(array('index.php', ''));
$db->query('UPDATE ' . $db->prefix . 'users SET first_run = 1 WHERE id=' . $luna_user['id']) or error('Unable to disable first run', __FILE__, __LINE__, $db->error());
redirect('index.php');
}
// Or want to disable the cookiebar
if ($action == 'disable_cookiebar') {
luna_cookiebarcookie();
redirect('index.php');
}
$page_title = array(luna_htmlspecialchars($luna_config['o_board_title']));
define('FORUM_ALLOW_INDEX', 1);
define('FORUM_ACTIVE_PAGE', 'index');
$footer_style = 'index';
require load_page('header.php');
require load_page('index.php');
require load_page('footer.php');
message_backstage(__('Bad request. The link you followed is incorrect, outdated or you\'re simply not allowed to hang around here.', 'luna'), false, '404 Not Found');
}
// Make sure it's not a moderator group
$result = $db->query('SELECT 1 FROM ' . $db->prefix . 'groups WHERE g_id=' . $group_id . ' AND g_moderator=0') or error('Unable to check group moderator status', __FILE__, __LINE__, $db->error());
if (!$db->num_rows($result)) {
message_backstage(__('Bad request. The link you followed is incorrect, outdated or you\'re simply not allowed to hang around here.', 'luna'), false, '404 Not Found');
}
$db->query('UPDATE ' . $db->prefix . 'config SET conf_value=' . $group_id . ' WHERE conf_name=\'o_default_user_group\'') or error('Unable to update board config', __FILE__, __LINE__, $db->error());
// Regenerate the config cache
if (!defined('FORUM_CACHE_FUNCTIONS_LOADED')) {
require FORUM_ROOT . 'include/cache.php';
}
generate_config_cache();
redirect('backstage/groups.php');
} elseif (isset($_GET['del_group'])) {
confirm_referrer('backstage/groups.php');
$group_id = isset($_POST['group_to_delete']) ? intval($_POST['group_to_delete']) : intval($_GET['del_group']);
if ($group_id < 5) {
message_backstage(__('Bad request. The link you followed is incorrect, outdated or you\'re simply not allowed to hang around here.', 'luna'), false, '404 Not Found');
}
// Make sure we don't remove the default group
if ($group_id == $luna_config['o_default_user_group']) {
message_backstage(__('The default group cannot be removed. In order to delete this group, you must first setup a different group as the default.', 'luna'));
}
// Check if this group has any members
$result = $db->query('SELECT g.g_title, COUNT(u.id) FROM ' . $db->prefix . 'groups AS g INNER JOIN ' . $db->prefix . 'users AS u ON g.g_id=u.group_id WHERE g.g_id=' . $group_id . ' GROUP BY g.g_id, g_title') or error('Unable to fetch group info', __FILE__, __LINE__, $db->error());
// If the group doesn't have any members or if we've already selected a group to move the members to
if (!$db->num_rows($result) || isset($_POST['del_group'])) {
if (isset($_POST['del_group_comply']) || isset($_POST['del_group'])) {
if (isset($_POST['del_group'])) {
$move_to_group = intval($_POST['move_to_group']);
$db->query('UPDATE ' . $db->prefix . 'messages SET showed=1 WHERE shared_id IN (' . $idlist . ') AND owner=\'' . $luna_user['id'] . '\' AND show_message=1') or error('Unable to update the status of the messages', __FILE__, __LINE__, $db->error());
redirect('inbox.php');
} elseif (isset($_REQUEST['markunread'])) {
// Mark as unread
confirm_referrer('inbox.php');
if (empty($_POST['selected_messages'])) {
message(__('You must select some messages', 'luna'));
}
$idlist = array_values($_POST['selected_messages']);
$idlist = array_map('intval', $idlist);
$idlist = implode(',', array_values($idlist));
$db->query('UPDATE ' . $db->prefix . 'messages SET showed=0 WHERE shared_id IN (' . $idlist . ') AND owner=\'' . $luna_user['id'] . '\' AND show_message=1') or error('Unable to update the status of the messages', __FILE__, __LINE__, $db->error());
redirect('inbox.php');
} elseif (isset($_REQUEST['delete_multiple'])) {
// Delete comments
confirm_referrer('inbox.php');
if (empty($_POST['selected_messages'])) {
message(__('You must select some messages', 'luna'));
}
$idlist = array_values($_POST['selected_messages']);
$idlist = array_map('intval', $idlist);
$idlist = implode(',', array_values($idlist));
$number = explode(',', $_POST['selected_messages']);
$number = array_map('intval', $number);
$number = count($number);
$db->query('DELETE FROM ' . $db->prefix . 'messages WHERE shared_id IN (' . $idlist . ') AND owner=\'' . $luna_user['id'] . '\'') or error('Unable to delete the messages', __FILE__, __LINE__, $db->error());
$db->query('UPDATE ' . $db->prefix . 'users SET num_inbox=num_inbox-' . $number . ' WHERE id=' . $luna_user['id']) or error('Unable to update user', __FILE__, __LINE__, $db->error());
redirect('inbox.php');
} else {
// Get message count for this box
$result = $db->query("SELECT COUNT(*) FROM " . $db->prefix . "messages WHERE show_message=1 AND owner='" . $luna_user['id'] . "'") or error("Unable to count the messages", __FILE__, __LINE__, $db->error());
$db->query('INSERT INTO ' . $db->prefix . 'censoring (search_for, replace_with) VALUES (\'' . $db->escape($search_for) . '\', \'' . $db->escape($replace_with) . '\')') or error('Unable to add censor word', __FILE__, __LINE__, $db->error());
redirect('admin_censoring.php', 'Censor word added. Redirecting …');
} else {
if (isset($_POST['update'])) {
confirm_referrer('admin_censoring.php');
$id = intval(key($_POST['update']));
$search_for = trim($_POST['search_for'][$id]);
$replace_with = trim($_POST['replace_with'][$id]);
if ($search_for == '' || $replace_with == '') {
message('You must enter both text to search for and text to replace with.');
}
$db->query('UPDATE ' . $db->prefix . 'censoring SET search_for=\'' . $db->escape($search_for) . '\', replace_with=\'' . $db->escape($replace_with) . '\' WHERE id=' . $id) or error('Unable to update censor word', __FILE__, __LINE__, $db->error());
redirect('admin_censoring.php', 'Censor word updated. Redirecting …');
} else {
if (isset($_POST['remove'])) {
confirm_referrer('admin_censoring.php');
$id = intval(key($_POST['remove']));
$db->query('DELETE FROM ' . $db->prefix . 'censoring WHERE id=' . $id) or error('Unable to delete censor word', __FILE__, __LINE__, $db->error());
redirect('admin_censoring.php', 'Censor word removed. Redirecting …');
}
}
}
$page_title = pun_htmlspecialchars($pun_config['o_board_title']) . ' / Admin / Censoring';
$focus_element = array('censoring', 'new_search_for');
require PUN_ROOT . 'header.php';
generate_admin_menu('censoring');
?>
<div class="blockform">
<h2><span>Censoring</span></h2>
<div class="box">
<form id="censoring" method="post" action="admin_censoring.php?action=foo">
<?php
require PUN_ROOT . 'footer.php';
} else {
if (isset($_POST['form_sent'])) {
// Fetch the user group of the user we are editing
$result = $db->query('SELECT u.username, u.group_id, g.g_moderator FROM ' . $db->prefix . 'users AS u INNER JOIN ' . $db->prefix . 'groups AS g ON (g.g_id=u.group_id) WHERE u.id=' . $id) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());
if (!$db->num_rows($result)) {
message($lang_common['Bad request']);
}
list($old_username, $group_id, $is_moderator) = $db->fetch_row($result);
if ($pun_user['id'] != $id && (!$pun_user['is_admmod'] || $pun_user['g_id'] != PUN_ADMIN && ($pun_user['g_mod_edit_users'] == '0' || $group_id == PUN_ADMIN || $is_moderator))) {
// or the user is another mod
message($lang_common['No permission']);
}
if ($pun_user['is_admmod']) {
confirm_referrer('profile.php');
}
$username_updated = false;
// Validate input depending on section
switch ($section) {
case 'essentials':
$form = array('timezone' => floatval($_POST['form']['timezone']), 'dst' => isset($_POST['form']['dst']) ? '1' : '0', 'time_format' => intval($_POST['form']['time_format']), 'date_format' => intval($_POST['form']['date_format']));
// Make sure we got a valid language string
if (isset($_POST['form']['language'])) {
$languages = forum_list_langs();
$form['language'] = pun_trim($_POST['form']['language']);
if (!in_array($form['language'], $languages)) {
message($lang_common['Bad request']);
}
}
if ($pun_user['is_admmod']) {
$result = $query->run($params);
if (empty($result)) {
message($lang->t('Bad request'));
}
unset($result, $query, $params);
$query = $db->update(array('conf_value' => ':group_id'), 'config');
$query->where = 'conf_name = \'o_default_user_group\'';
$params = array(':group_id' => $group_id);
$query->run($params);
unset($query, $params);
// Regenerate the config cache
$cache->delete('config');
redirect('admin_groups.php', $lang->t('Default group redirect'));
} else {
if (isset($_GET['del_group'])) {
confirm_referrer('admin_groups.php');
$group_id = isset($_POST['group_to_delete']) ? intval($_POST['group_to_delete']) : intval($_GET['del_group']);
if ($group_id < 5) {
message($lang->t('Bad request'));
}
// Make sure we don't remove the default group
if ($group_id == $pun_config['o_default_user_group']) {
message($lang->t('Cannot remove default message'));
}
// Check if this group has any members
$query = $db->select(array('g_title' => 'g.g_title', 'num_members' => 'COUNT(u.id) AS num_members'), 'groups AS g');
$query->innerJoin('u', 'users AS u', 'g.g_id = u.group_id');
$query->where = 'g.g_id = :group_id';
$query->group = array('g_id' => 'g.g_id', 'g_title' => 'g.g_title');
$params = array(':group_id' => $group_id);
$result = $query->run($params);
$ban_user = $ban_user != '' ? '\'' . $db->escape($ban_user) . '\'' : 'NULL';
$ban_ip = $ban_ip != '' ? '\'' . $db->escape($ban_ip) . '\'' : 'NULL';
$ban_email = $ban_email != '' ? '\'' . $db->escape($ban_email) . '\'' : 'NULL';
$ban_message = $ban_message != '' ? '\'' . $db->escape($ban_message) . '\'' : 'NULL';
if ($_POST['mode'] == 'add') {
$db->query('INSERT INTO ' . $db->prefix . 'bans (username, ip, email, message, expire) VALUES(' . $ban_user . ', ' . $ban_ip . ', ' . $ban_email . ', ' . $ban_message . ', ' . $ban_expire . ')') or error('Unable to add ban', __FILE__, __LINE__, $db->error());
} else {
$db->query('UPDATE ' . $db->prefix . 'bans SET username='******', ip=' . $ban_ip . ', email=' . $ban_email . ', message=' . $ban_message . ', expire=' . $ban_expire . ' WHERE id=' . intval($_POST['ban_id'])) or error('Unable to update ban', __FILE__, __LINE__, $db->error());
}
// Regenerate the bans cache
require_once PUN_ROOT . 'include/cache.php';
generate_bans_cache();
redirect('admin_bans.php', 'Ban ' . ($_POST['mode'] == 'edit' ? 'edited' : 'added') . '. Redirecting …');
} else {
if (isset($_GET['del_ban'])) {
confirm_referrer('admin_bans.php');
$ban_id = intval($_GET['del_ban']);
if ($ban_id < 1) {
message($lang_common['Bad request']);
}
$db->query('DELETE FROM ' . $db->prefix . 'bans WHERE id=' . $ban_id) or error('Unable to delete ban', __FILE__, __LINE__, $db->error());
// Regenerate the bans cache
require_once PUN_ROOT . 'include/cache.php';
generate_bans_cache();
redirect('admin_bans.php', 'Ban removed. Redirecting …');
}
}
}
$page_title = pun_htmlspecialchars($pun_config['o_board_title']) . ' / Admin / Bans';
$focus_element = array('bans', 'new_ban_user');
require PUN_ROOT . 'header.php';
}
$result = $db->query('SELECT u.username, u.email, u.title, u.realname, u.url, u.facebook, u.msn, u.twitter, u.google, u.location, u.signature, u.disp_topics, u.disp_posts, u.email_setting, u.notify_with_post, u.auto_notify, u.show_smilies, u.show_img, u.show_img_sig, u.show_avatars, u.show_sig, u.timezone, u.dst, u.language, u.style, u.num_posts, u.last_post, u.registered, u.registration_ip, u.admin_note, u.date_format, u.time_format, u.last_visit, u.color_scheme, u.accent, g.g_id, g.g_user_title, g.g_moderator FROM ' . $db->prefix . 'users AS u LEFT JOIN ' . $db->prefix . 'groups AS g ON g.g_id=u.group_id WHERE u.id=' . $id) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());
if (!$db->num_rows($result)) {
message(__('Bad request. The link you followed is incorrect, outdated or you are simply not allowed to hang around here.', 'luna'), false, '404 Not Found');
}
$user = $db->fetch_assoc($result);
$user_username = luna_htmlspecialchars($user['username']);
$avatar_field = generate_avatar_markup($id);
$avatar_user_card = draw_user_avatar($id);
if ($action == 'readnoti') {
set_user_notifications_viewed($id);
confirm_referrer('notifications.php');
redirect('notifications.php?id=' . $id);
} elseif ($action == 'delnoti') {
delete_user_notifications($id, $viewed = 1);
confirm_referrer('notifications.php');
redirect('notifications.php?id=' . $id);
}
$viewed_notifications = array();
$unviewed_notifications = array();
$num_viewed = has_viewed_notifications();
$num_unviewed = has_unviewed_notifications();
if ($num_viewed) {
$viewed_notifications = get_user_viewed_notifications();
}
if ($num_unviewed) {
$unviewed_notifications = get_user_unviewed_notifications();
}
$page_title = array(luna_htmlspecialchars($luna_config['o_board_title']) . ' / ' . __('Profile', 'luna'));
define('FORUM_ACTIVE_PAGE', 'me');
require load_page('header.php');
}
// Check if there is more work to do
if ($end_at > 0) {
$data = array(':id' => $end_at);
$ps = $db->run('SELECT id FROM ' . $db->prefix . 'posts WHERE id>:id ORDER BY id ASC LIMIT 1', $data);
if ($ps->rowCount()) {
$query_str = '?action=rebuild&i_per_page=' . $per_page . '&i_start_at=' . $ps->fetchColumn();
}
}
redirect(panther_link($panther_url['admin_maintenance']) . $query_str, sprintf($lang_admin_maintenance['Rebuilding search index'], $per_page, $end_at));
}
if ($action == 'prune') {
$prune_from = isset($_POST['prune_from']) ? panther_trim($_POST['prune_from']) : '';
$prune_sticky = isset($_POST['prne_sticky']) ? intval($_POST['prune_sticky']) : '';
if (isset($_POST['prune_comply'])) {
confirm_referrer(PANTHER_ADMIN_DIR . '/maintenance.php');
$prune_days = intval($_POST['prune_days']);
$prune_date = $prune_days ? time() - $prune_days * 86400 : -1;
@set_time_limit(0);
if ($prune_from == 'all') {
$ps = $db->select('forums', 'id');
$num_forums = $ps->rowCount();
for ($i = 0; $i < $num_forums; ++$i) {
$fid = $ps->fetchColumn();
prune($fid, $prune_sticky, $prune_date);
update_forum($fid);
}
} else {
$prune_from = intval($prune_from);
prune($prune_from, $prune_sticky, $prune_date);
update_forum($prune_from);
if (!$db->affected_rows()) {
$db->query('INSERT INTO ' . $db->prefix . 'forum_perms (group_id, forum_id, read_forum, post_replies, post_topics) VALUES(' . $cur_group['g_id'] . ', ' . $forum_id . ', ' . $read_forum_new . ', ' . $post_replies_new . ', ' . $post_topics_new . ')') or error('Unable to insert group forum permissions', __FILE__, __LINE__, $db->error());
}
}
}
}
}
// Regenerate the quick jump cache
if (!defined('FORUM_CACHE_FUNCTIONS_LOADED')) {
require PUN_ROOT . 'include/cache.php';
}
generate_quickjump_cache();
redirect('admin_forums.php', $lang_admin_forums['Forum updated redirect']);
} else {
if (isset($_POST['revert_perms'])) {
confirm_referrer('admin_forums.php');
$db->query('DELETE FROM ' . $db->prefix . 'forum_perms WHERE forum_id=' . $forum_id) or error('Unable to delete group forum permissions', __FILE__, __LINE__, $db->error());
// Regenerate the quick jump cache
if (!defined('FORUM_CACHE_FUNCTIONS_LOADED')) {
require PUN_ROOT . 'include/cache.php';
}
generate_quickjump_cache();
redirect('admin_forums.php?edit_forum=' . $forum_id, $lang_admin_forums['Perms reverted redirect']);
}
}
// Fetch forum info
$result = $db->query('SELECT id, forum_name, forum_desc, redirect_url, num_topics, sort_by, cat_id FROM ' . $db->prefix . 'forums WHERE id=' . $forum_id) or error('Unable to fetch forum info', __FILE__, __LINE__, $db->error());
if (!$db->num_rows($result)) {
message($lang_common['Bad request'], false, '404 Not Found');
}
$cur_forum = $db->fetch_assoc($result);
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston,
MA 02111-1307 USA
************************************************************************/
// Tell header.php to use the admin template
define('PUN_ADMIN_CONSOLE', 1);
define('PUN_ROOT', './');
require PUN_ROOT . 'include/common.php';
require PUN_ROOT . 'include/common_admin.php';
if ($pun_user['g_id'] > PUN_ADMIN) {
message($lang_common['No permission']);
}
if (isset($_GET['action']) || isset($_POST['prune']) || isset($_POST['prune_comply'])) {
if (isset($_POST['prune_comply'])) {
confirm_referrer('admin_prune.php');
$prune_from = $_POST['prune_from'];
$prune_days = intval($_POST['prune_days']);
$prune_date = $prune_days ? time() - $prune_days * 86400 : -1;
@set_time_limit(0);
if ($prune_from == 'all') {
$result = $db->query('SELECT id FROM ' . $db->prefix . 'forums') or error('Unable to fetch forum list', __FILE__, __LINE__, $db->error());
$num_forums = $db->num_rows($result);
for ($i = 0; $i < $num_forums; ++$i) {
$fid = $db->result($result, $i);
prune($fid, $_POST['prune_sticky'], $prune_date);
update_forum($fid);
}
} else {
$prune_from = intval($prune_from);
prune($prune_from, $_POST['prune_sticky'], $prune_date);
if (!$ps->rowCount()) {
message($lang_common['Bad request'], false, '404 Not Found');
}
$cur_poll = $ps->fetch();
if ($cur_poll['password'] != '') {
check_forum_login_cookie($cur_poll['id'], $cur_poll['password']);
}
$mods_array = $cur_poll['moderators'] != '' ? unserialize($cur_poll['moderators']) : array();
$is_admmod = $panther_user['is_admin'] || ($panther_user['g_moderator'] == '1' && $panther_user['g_global_moderator'] || array_key_exists($panther_user['username'], $mods_array)) ? true : false;
// Make sure we have permission to vote
if (($cur_poll['post_replies'] == '' && $panther_user['g_post_replies'] == '0' || $cur_poll['post_replies'] == '0' || $panther_user['is_guest'] || $cur_poll['closed'] == '1') && !$is_admmod || $cur_poll['archived'] == '1') {
message($lang_common['No permission'], false, '403 Forbidden');
}
require PANTHER_ROOT . 'lang/' . $panther_user['language'] . '/poll.php';
if (isset($_POST['form_sent'])) {
confirm_referrer('viewtopic.php');
$options = $cur_poll['options'] != '' ? unserialize($cur_poll['options']) : array();
$voters = $cur_poll['voters'] != '' ? unserialize($cur_poll['voters']) : array();
$votes = $cur_poll['votes'] != '' ? unserialize($cur_poll['votes']) : array();
($hook = get_extensions('poll_vote_before_validation')) ? eval($hook) : null;
if (in_array($panther_user['id'], $voters)) {
message($lang_poll['Already voted']);
}
if ($cur_poll['type'] == '1') {
$vote = isset($_POST['vote']) ? intval($_POST['vote']) : -1;
if ($vote < 0) {
message($lang_common['Bad request'], false, '404 Not Found');
}
// Increment the amount of votes for this option
$votes[$vote] = isset($votes[$vote]) ? $votes[$vote]++ : 1;
} else {
$page = !isset($_GET['p']) || $_GET['p'] <= '1' ? '1' : intval($_GET['p']);
if (!$panther_user['is_admin']) {
message($lang_common['No permission'], false, '403 Forbidden');
}
if ($panther_user['id'] != '2') {
if (!is_null($admins[$panther_user['id']]['admin_moderate'])) {
if ($admins[$panther_user['id']]['admin_moderate'] == '0') {
message($lang_common['No permission'], false, '403 Forbidden');
}
}
}
check_authentication();
// Load the admin_moderate.php language file
require PANTHER_ROOT . 'lang/' . $admin_language . '/admin_moderate.php';
if (isset($_POST['form_sent'])) {
confirm_referrer(PANTHER_ADMIN_DIR . '/moderate.php');
if ($action == 'add') {
$message = isset($_POST['message']) ? panther_trim($_POST['message']) : null;
$title = isset($_POST['title']) ? panther_trim($_POST['title']) : null;
$add_start = isset($_POST['add_start']) ? utf8_ltrim($_POST['add_start']) : null;
$add_end = isset($_POST['add_end']) ? utf8_rtrim($_POST['add_end']) : null;
$increment = isset($_POST['increment']) ? intval($_POST['increment']) : '0';
$send_email = isset($_POST['send_email']) ? intval($_POST['send_email']) : '0';
if (strlen($title) > 50) {
message($lang_admin_moderate['title too long']);
}
if (strlen($add_start) > 50 || strlen($add_end) > 50) {
message($lang_admin_moderate['addition too long']);
}
if (strlen($title) < 1) {
message($lang_common['Bad request']);
if (!defined('PANTHER')) {
define('PANTHER_ROOT', __DIR__ . '/../');
require PANTHER_ROOT . 'include/common.php';
}
require PANTHER_ROOT . 'include/common_admin.php';
$action = isset($_GET['action']) ? $_GET['action'] : null;
$id = isset($_GET['id']) ? intval($_GET['id']) : '0';
$page = !isset($_GET['p']) || $_GET['p'] <= '1' ? '1' : intval($_GET['p']);
if ($panther_user['is_admmod'] && $panther_user['g_mod_cp'] == '0' && !$panther_user['is_admin'] || !$panther_user['is_admmod']) {
message($lang_common['No permission'], false, '403 Forbidden');
}
check_authentication();
// Load the admin_announcements.php language file
require PANTHER_ROOT . 'lang/' . $admin_language . '/admin_announcements.php';
if (isset($_POST['form_sent'])) {
confirm_referrer(PANTHER_ADMIN_DIR . '/announcements.php');
$action = isset($_POST['action']) ? panther_trim($_POST['action']) : '';
if ($action == 'add' || $action == 'edit') {
$forums = isset($_POST['forums']) && is_array($_POST['forums']) ? array_map('intval', $_POST['forums']) : array();
if (empty($forums)) {
message($lang_common['Bad request']);
}
$announcement = isset($_POST['message']) ? panther_trim($_POST['message']) : '';
$title = isset($_POST['title']) ? panther_trim($_POST['title']) : '';
$id = isset($_POST['id']) ? intval($_POST['id']) : 0;
if (strlen($title) > 50) {
message($lang_admin_announcements['title too long']);
}
if (strlen($announcement) < 1 || strlen($title) < 1) {
message($lang_common['Bad request']);
}
