function validate_username($username, $check_ban_and_taken = true) { global $user, $lang; static $name_chars = 'a-z0-9а-яё_@$%^&;(){}\\#\\-\'.:+ '; $username = str_compact($username); $username = clean_username($username); // Length if (mb_strlen($username, 'UTF-8') > USERNAME_MAX_LENGTH) { return $lang['USERNAME_TOO_LONG']; } else { if (mb_strlen($username, 'UTF-8') < USERNAME_MIN_LENGTH) { return $lang['USERNAME_TOO_SMALL']; } } // Allowed symbols if (!preg_match('#^[' . $name_chars . ']+$#iu', $username, $m)) { $invalid_chars = preg_replace('#[' . $name_chars . ']#iu', '', $username); return "{$lang['USERNAME_INVALID']}: <b>" . htmlCHR($invalid_chars) . "</b>"; } // HTML Entities if (preg_match_all('/&(#[0-9]+|[a-z]+);/iu', $username, $m)) { foreach ($m[0] as $ent) { if (!preg_match('/^(&|<|>)$/iu', $ent)) { return $lang['USERNAME_INVALID']; } } } if ($check_ban_and_taken) { // Занято $username_sql = DB()->escape($username); if ($row = DB()->fetch_row("SELECT username FROM " . BB_USERS . " WHERE username = '******' LIMIT 1")) { if (!IS_GUEST && $row['username'] != $user->name || IS_GUEST) { return $lang['USERNAME_TAKEN']; } } // Запрещено $banned_names = array(); foreach (DB()->fetch_rowset("SELECT disallow_username FROM " . BB_DISALLOW . " ORDER BY NULL") as $row) { $banned_names[] = str_replace('\\*', '.*?', preg_quote($row['disallow_username'], '#u')); } if ($banned_names_exp = join('|', $banned_names)) { if (preg_match("#^({$banned_names_exp})\$#iu", $username)) { return $lang['USERNAME_DISALLOWED']; } } } return false; }
function update_forum_feed($forum_id, $forum_data) { global $bb_cfg; $file_path = $bb_cfg['atom']['path'] . '/f/' . $forum_id . '.atom'; $select_tor_sql = $join_tor_sql = ''; if ($forum_id == 0) { $forum_data['forum_name'] = 'Общая по всем разделам'; } if ($forum_id > 0 && $forum_data['allow_reg_tracker']) { $select_tor_sql = ', tor.size AS tor_size, tor.tor_status'; $join_tor_sql = "LEFT JOIN " . BB_BT_TORRENTS . " tor ON(t.topic_id = tor.topic_id)"; } if ($forum_id == 0) { $sql = "\n\t\t\tSELECT\n\t\t\t\tt.topic_id, t.topic_title, t.topic_status,\n\t\t\t\tu1.username AS first_username,\n\t\t\t\tp1.post_time AS topic_first_post_time, p1.post_edit_time AS topic_first_post_edit_time,\n\t\t\t\tp2.post_time AS topic_last_post_time, p2.post_edit_time AS topic_last_post_edit_time,\n\t\t\t\ttor.size AS tor_size, tor.tor_status\n\t\t\tFROM " . BB_BT_TORRENTS . " tor\n\t\t\tLEFT JOIN " . BB_TOPICS . " t ON(tor.topic_id = t.topic_id)\n\t\t\tLEFT JOIN " . BB_USERS . " u1 ON(t.topic_poster = u1.user_id)\n\t\t\tLEFT JOIN " . BB_POSTS . " p1 ON(t.topic_first_post_id = p1.post_id)\n\t\t\tLEFT JOIN " . BB_POSTS . " p2 ON(t.topic_last_post_id = p2.post_id)\n\t\t\tORDER BY t.topic_last_post_time DESC\n\t\t\tLIMIT 100\n\t\t"; } else { if ($forum_id > 0) { $sql = "\n\t\t\tSELECT\n\t\t\t\tt.topic_id, t.topic_title, t.topic_status,\n\t\t\t\tu1.username AS first_username,\n\t\t\t\tp1.post_time AS topic_first_post_time, p1.post_edit_time AS topic_first_post_edit_time,\n\t\t\t\tp2.post_time AS topic_last_post_time, p2.post_edit_time AS topic_last_post_edit_time\n\t\t\t\t{$select_tor_sql}\n\t\t\tFROM " . BB_TOPICS . " t\n\t\t\tLEFT JOIN " . BB_USERS . " u1 ON(t.topic_poster = u1.user_id)\n\t\t\tLEFT JOIN " . BB_POSTS . " p1 ON(t.topic_first_post_id = p1.post_id)\n\t\t\tLEFT JOIN " . BB_POSTS . " p2 ON(t.topic_last_post_id = p2.post_id)\n\t\t\t\t{$join_tor_sql}\n\t\t\tWHERE t.forum_id = {$forum_id}\n\t\t\tORDER BY t.topic_last_post_time DESC\n\t\t\tLIMIT 50\n\t\t"; } } $topics_tmp = DB()->fetch_rowset($sql); $topics = array(); foreach ($topics_tmp as $topic) { if (isset($topic['topic_status'])) { if ($topic['topic_status'] == TOPIC_MOVED) { continue; } } if (isset($topic['tor_status'])) { if (isset($bb_cfg['tor_frozen'][$topic['tor_status']])) { continue; } } $topics[] = $topic; } if (!count($topics)) { @unlink($file_path); return false; } if (create_atom($file_path, 'f', $forum_id, htmlCHR($forum_data['forum_name']), $topics)) { return true; } else { return false; } }
function short_query($sql, $esc_html = false) { $max_len = 100; $sql = str_compact($sql); if (!empty($_COOKIE['sql_log_full'])) { if (mb_strlen($sql, 'UTF-8') > $max_len) { $sql = mb_substr($sql, 0, 50) . ' [...cut...] ' . mb_substr($sql, -50); } } return $esc_html ? htmlCHR($sql, true) : $sql; }
$releasing[] = $rowset; } elseif ($rowset['seeder']) { $seeding[] = $rowset; } else { $leeching[] = $rowset; } } if ($releasing) { foreach ($releasing as $i => $row) { $topic_title = wbr($row['topic_title']); $template->assign_block_vars('released', array('ROW_CLASS' => !($i % 2) ? 'row1' : 'row2', 'FORUM_NAME' => htmlCHR($row['forum_name']), 'TOPIC_TITLE' => $row['update_time'] ? $topic_title : "<s>{$topic_title}</s>", 'U_VIEW_FORUM' => FORUM_URL . $row['forum_id'], 'U_VIEW_TOPIC' => TOPIC_URL . $row['topic_id'], 'TOR_TYPE' => is_gold($row['tor_type']), 'TOPIC_SEEDERS' => $row['seeders'] ? $row['seeders'] : 0, 'TOPIC_LEECHERS' => $row['leechers'] ? $row['leechers'] : 0, 'SPEED_UP' => $row['speed_up'] ? humn_size($row['speed_up'], 0, 'KB') . '/s' : '-')); $releasing_count++; } } if ($seeding) { foreach ($seeding as $i => $row) { $topic_title = wbr($row['topic_title']); $template->assign_block_vars('seed', array('ROW_CLASS' => !($i % 2) ? 'row1' : 'row2', 'FORUM_NAME' => htmlCHR($row['forum_name']), 'TOPIC_TITLE' => $row['update_time'] ? $topic_title : "<s>{$topic_title}</s>", 'U_VIEW_FORUM' => FORUM_URL . $row['forum_id'], 'U_VIEW_TOPIC' => TOPIC_URL . $row['topic_id'], 'TOR_TYPE' => is_gold($row['tor_type']), 'TOPIC_SEEDERS' => $row['seeders'] ? $row['seeders'] : 0, 'TOPIC_LEECHERS' => $row['leechers'] ? $row['leechers'] : 0, 'SPEED_UP' => $row['speed_up'] ? humn_size($row['speed_up'], 0, 'KB') . '/s' : '-')); $seeding_count++; } } if ($leeching) { foreach ($leeching as $i => $row) { $compl_size = $row['remain'] && $row['size'] && $row['size'] > $row['remain'] ? $row['size'] - $row['remain'] : 0; $compl_perc = $compl_size ? floor($compl_size * 100 / $row['size']) : 0; $topic_title = wbr($row['topic_title']); $template->assign_block_vars('leech', array('ROW_CLASS' => !($i % 2) ? 'row1' : 'row2', 'FORUM_NAME' => htmlCHR($row['forum_name']), 'TOPIC_TITLE' => $row['update_time'] ? $topic_title : "<s>{$topic_title}</s>", 'U_VIEW_FORUM' => FORUM_URL . $row['forum_id'], 'U_VIEW_TOPIC' => TOPIC_URL . $row['topic_id'], 'COMPL_PERC' => $compl_perc, 'TOR_TYPE' => is_gold($row['tor_type']), 'TOPIC_SEEDERS' => $row['seeders'] ? $row['seeders'] : 0, 'TOPIC_LEECHERS' => $row['leechers'] ? $row['leechers'] : 0, 'SPEED_DOWN' => $row['speed_down'] ? humn_size($row['speed_down'], 0, 'KB') . '/s' : '-')); $leeching_count++; } } $template->assign_vars(array('SHOW_SEARCH_DL' => IS_AM || $profile_user_id, 'USERNAME' => $profiledata['username'], 'L_RELEASINGS' => "{$lang['RELEASING']}: " . ($releasing_count ? "<b>{$releasing_count}</b>" : '0'), 'L_SEEDINGS' => "{$lang['SEEDING']}: " . ($seeding_count ? "<b>{$seeding_count}</b>" : '0'), 'L_LEECHINGS' => "{$lang['LEECHING']}: " . ($leeching_count ? "<b>{$leeching_count}</b>" : '0'), 'USER_DLS' => $releasing_count || $seeding_count || $leeching_count));
} require './pagestart.php'; $all_forums = -1; $pruned_total = 0; $prune_performed = false; if (isset($_REQUEST['submit'])) { if (!($var =& $_REQUEST['f']) or !($f_selected = get_id_ary($var))) { bb_die('Forum not selected'); } if (!($var =& $_REQUEST['prunedays']) or !($prunedays = abs(intval($var)))) { bb_die($lang['NOT_DAYS']); } $prunetime = TIMENOW - 86400 * $prunedays; $forum_csv = in_array($all_forums, $f_selected) ? $all_forums : join(',', $f_selected); $where_sql = $forum_csv != $all_forums ? "WHERE forum_id IN({$forum_csv})" : ''; $sql = "SELECT forum_id, forum_name FROM " . BB_FORUMS . " {$where_sql}"; foreach (DB()->fetch_rowset($sql) as $i => $row) { $pruned_topics = topic_delete('prune', $row['forum_id'], $prunetime, !empty($_POST['prune_all_topic_types'])); $pruned_total += $pruned_topics; $prune_performed = true; $template->assign_block_vars('pruned', array('ROW_CLASS' => !($i % 2) ? 'row1' : 'row2', 'FORUM_NAME' => htmlCHR($row['forum_name']), 'PRUNED_TOPICS' => $pruned_topics)); } if (!$prune_performed) { bb_die($lang['NONE_SELECTED']); } if (!$pruned_total) { bb_die($lang['NO_SEARCH_MATCH']); } } $template->assign_vars(array('PRUNED_TOTAL' => $pruned_total, 'S_PRUNE_ACTION' => basename(__FILE__), 'SEL_FORUM' => get_forum_select('admin', 'f[]', null, 65, 16, '', $all_forums))); print_page('admin_forum_prune.tpl', 'admin');
function init($cfg = array(), $post_params = array(), $uploaded_only = true) { global $bb_cfg, $lang; $this->cfg = array_merge($this->cfg, $cfg); $this->file = $post_params; // upload errors from $_FILES if ($this->file['error']) { $msg = $lang['UPLOAD_ERROR_COMMON']; $msg .= ($err_desc =& $lang['UPLOAD_ERRORS'][$this->file['error']]) ? " ({$err_desc})" : ''; $this->errors[] = $msg; return false; } // file_exists if (!file_exists($this->file['tmp_name'])) { $this->errors[] = "Uploaded file not exists: {$this->file['tmp_name']}"; return false; } // size if (!($this->file_size = filesize($this->file['tmp_name']))) { $this->errors[] = "Uploaded file is empty: {$this->file['tmp_name']}"; return false; } if ($this->cfg['max_size'] && $this->file_size > $this->cfg['max_size']) { $this->errors[] = sprintf($lang['UPLOAD_ERROR_SIZE'], humn_size($this->cfg['max_size'])); return false; } // is_uploaded_file if ($uploaded_only && !is_uploaded_file($this->file['tmp_name'])) { $this->errors[] = "Not uploaded file: {$this->file['tmp_name']}"; return false; } // get ext $this->ext_ids = array_flip($bb_cfg['file_id_ext']); $file_name_ary = explode('.', $this->file['name']); $this->file_ext = strtolower(end($file_name_ary)); // img if ($this->cfg['max_width'] || $this->cfg['max_height']) { if ($img_info = getimagesize($this->file['tmp_name'])) { list($width, $height, $type, $attr) = $img_info; // redefine ext if (!$width || !$height || !$type || !isset($this->img_types[$type])) { $this->errors[] = $lang['UPLOAD_ERROR_FORMAT']; return false; } $this->file_ext = $this->img_types[$type]; // width & height if ($this->cfg['max_width'] && $width > $this->cfg['max_width'] || $this->cfg['max_height'] && $height > $this->cfg['max_height']) { $this->errors[] = sprintf($lang['UPLOAD_ERROR_DIMENSIONS'], $this->cfg['max_width'], $this->cfg['max_height']); return false; } } else { $this->errors[] = $lang['UPLOAD_ERROR_NOT_IMAGE']; return false; } } // check ext if ($uploaded_only && (!isset($this->ext_ids[$this->file_ext]) || !in_array($this->file_ext, $this->cfg['allowed_ext'], true))) { $this->errors[] = sprintf($lang['UPLOAD_ERROR_NOT_ALLOWED'], htmlCHR($this->file_ext)); return false; } $this->file_ext_id = $this->ext_ids[$this->file_ext]; return true; }
} } switch ($mode) { case 'config_mods': $template->assign_vars(array('S_CONFIG_ACTION' => 'admin_board.php?mode=config_mods', 'CONFIG_MODS' => true, 'MAGNET_LINKS_ENABLED' => $new['magnet_links_enabled'], 'GENDER' => $new['gender'], 'CALLSEED' => $new['callseed'], 'TOR_STATS' => $new['tor_stats'], 'SHOW_LATEST_NEWS' => $new['show_latest_news'], 'MAX_NEWS_TITLE' => $new['max_news_title'], 'LATEST_NEWS_COUNT' => $new['latest_news_count'], 'LATEST_NEWS_FORUM_ID' => $new['latest_news_forum_id'], 'SHOW_NETWORK_NEWS' => $new['show_network_news'], 'MAX_NET_TITLE' => $new['max_net_title'], 'NETWORK_NEWS_COUNT' => $new['network_news_count'], 'NETWORK_NEWS_FORUM_ID' => $new['network_news_forum_id'], 'WHOIS_INFO' => $new['whois_info'], 'SHOW_MOD_INDEX' => $new['show_mod_index'], 'BIRTHDAY_ENABLED' => $new['birthday_enabled'], 'BIRTHDAY_MAX_AGE' => $new['birthday_max_age'], 'BIRTHDAY_MIN_AGE' => $new['birthday_min_age'], 'BIRTHDAY_CHECK_DAY' => $new['birthday_check_day'], 'PREMOD' => $new['premod'], 'TOR_COMMENT' => $new['tor_comment'], 'NEW_TPLS' => $new['new_tpls'], 'SEED_BONUS_ENABLED' => $new['seed_bonus_enabled'], 'SEED_BONUS_TOR_SIZE' => $new['seed_bonus_tor_size'], 'SEED_BONUS_USER_REGDATE' => $new['seed_bonus_user_regdate'])); if ($new['seed_bonus_points'] && $new['seed_bonus_release']) { $seed_bonus = unserialize($new['seed_bonus_points']); $seed_release = unserialize($new['seed_bonus_release']); foreach ($seed_bonus as $i => $row) { if (!$row || !$seed_release[$i]) { continue; } $template->assign_block_vars('seed_bonus', array('RELEASE' => $seed_release[$i], 'POINTS' => $row)); } } if ($new['bonus_upload'] && $new['bonus_upload_price']) { $upload_row = unserialize($new['bonus_upload']); $price_row = unserialize($new['bonus_upload_price']); foreach ($upload_row as $i => $row) { if (!$row || !$price_row[$i]) { continue; } $template->assign_block_vars('bonus_upload', array('UP' => $row, 'PRICE' => $price_row[$i])); } } break; default: $template->assign_vars(array('S_CONFIG_ACTION' => 'admin_board.php?mode=config', 'CONFIG' => true, 'SITENAME' => htmlCHR($new['sitename']), 'CONFIG_SITE_DESCRIPTION' => htmlCHR($new['site_desc']), 'DISABLE_BOARD' => $new['board_disable'] ? true : false, 'ALLOW_AUTOLOGIN' => $new['allow_autologin'] ? true : false, 'AUTOLOGIN_TIME' => (int) $new['max_autologin_time'], 'MAX_POLL_OPTIONS' => $new['max_poll_options'], 'FLOOD_INTERVAL' => $new['flood_interval'], 'TOPICS_PER_PAGE' => $new['topics_per_page'], 'POSTS_PER_PAGE' => $new['posts_per_page'], 'HOT_TOPIC' => $new['hot_threshold'], 'DEFAULT_DATEFORMAT' => $new['default_dateformat'], 'LANG_SELECT' => language_select($new['default_lang'], 'default_lang'), 'TIMEZONE_SELECT' => tz_select($new['board_timezone'], 'board_timezone'), 'MAX_LOGIN_ATTEMPTS' => $new['max_login_attempts'], 'LOGIN_RESET_TIME' => $new['login_reset_time'], 'PRUNE_ENABLE' => $new['prune_enable'] ? true : false, 'ALLOW_BBCODE' => $new['allow_bbcode'] ? true : false, 'ALLOW_SMILIES' => $new['allow_smilies'] ? true : false, 'ALLOW_SIG' => $new['allow_sig'] ? true : false, 'SIG_SIZE' => $new['max_sig_chars'], 'ALLOW_NAMECHANGE' => $new['allow_namechange'] ? true : false, 'SMILIES_PATH' => $new['smilies_path'])); break; } print_page('admin_board.tpl', 'admin');
$timezone_type = intval($timezone_type); $total_sql .= "SELECT COUNT(user_id) AS total\n\t\t\t\t\t\t\tFROM " . BB_USERS . "\n\t\t\t\t\t\t\t\tWHERE user_timezone = {$timezone_type}\n\t\t\t\t\t\t\t\t\tAND user_id <> " . GUEST_UID; $select_sql .= "\tWHERE u.user_timezone = {$timezone_type}\n\t\t\t\t\t\t\t\t\tAND u.user_id <> " . GUEST_UID; break; case 'search_moderators': $base_url .= '&search_moderators=true&moderators_forum=' . rawurlencode(stripslashes($moderators_forum)); $moderators_forum = intval($moderators_forum); $sql = "SELECT forum_name FROM " . BB_FORUMS . " WHERE forum_id = " . $moderators_forum; if (!($result = DB()->sql_query($sql))) { bb_die('Could not select forum data'); } if (DB()->num_rows($result) == 0) { bb_die($lang['SEARCH_INVALID_MODERATORS']); } $forum_name = DB()->sql_fetchrow($result); $text = sprintf($lang['SEARCH_FOR_MODERATORS'], htmlCHR($forum_name['forum_name'])); $total_sql .= "SELECT COUNT(DISTINCT u.user_id) AS total\n\t\t\t\t\t\t\tFROM " . BB_USERS . " AS u, " . BB_GROUPS . " AS g, " . BB_USER_GROUP . " AS ug, " . BB_AUTH_ACCESS . " AS aa\n\t\t\t\t\t\t\t\tWHERE u.user_id = ug.user_id\n\t\t\t\t\t\t\t\t\tAND ug.group_id = g.group_id\n\t\t\t\t\t\t\t\t\tAND\tg.group_id = aa.group_id\n\t\t\t\t\t\t\t\t\tAND aa.forum_id = " . $moderators_forum . "\n\t\t\t\t\t\t\t\t\tAND aa.forum_perm & " . BF_AUTH_MOD . "\n\t\t\t\t\t\t\t\t\tAND u.user_id <> " . GUEST_UID; $select_sql .= ", " . BB_GROUPS . " AS g, " . BB_USER_GROUP . " AS ug, " . BB_AUTH_ACCESS . " AS aa\n\t\t\t\t\t\t\t\tWHERE u.user_id = ug.user_id\n\t\t\t\t\t\t\t\t\tAND ug.group_id = g.group_id\n\t\t\t\t\t\t\t\t\tAND\tg.group_id = aa.group_id\n\t\t\t\t\t\t\t\t\tAND aa.forum_id = " . $moderators_forum . "\n\t\t\t\t\t\t\t\t\tAND aa.forum_perm & " . BF_AUTH_MOD . "\n\t\t\t\t\t\t\t\t\tAND u.user_id <> " . GUEST_UID . "\n\t\t\t\t\t\t\t\tGROUP BY u.user_id, u.username, u.user_email, u.user_posts, u.user_regdate, u.user_level, u.user_active, u.user_lastvisit"; break; case 'search_misc': default: $misc = trim(strtolower($misc)); $base_url .= '&search_misc=true&misc=' . rawurlencode(stripslashes($misc)); switch ($misc) { case 'admins': $text = $lang['SEARCH_FOR_ADMINS']; $total_sql .= "SELECT COUNT(user_id) AS total\n\t\t\t\t\t\t\t\t\tFROM " . BB_USERS . "\n\t\t\t\t\t\t\t\t\t\tWHERE user_level = " . ADMIN . "\n\t\t\t\t\t\t\t\t\t\t\tAND user_id <> " . GUEST_UID; $select_sql .= "\tWHERE u.user_level = " . ADMIN . "\n\t\t\t\t\t\t\t\t\t\t\tAND u.user_id <> " . GUEST_UID; break; case 'mods': $text = $lang['SEARCH_FOR_MODS'];
$poster = $poster_id == GUEST_UID ? $lang['GUEST'] : $postrow[$i]['username']; $poster_birthday = $poster_id != GUEST_UID ? date('md', strtotime($postrow[$i]['user_birthday'])) : ''; $post_date = bb_date($postrow[$i]['post_time'], $bb_cfg['post_date_format']); $max_post_time = max($max_post_time, $postrow[$i]['post_time']); $poster_posts = $poster_id != GUEST_UID ? $postrow[$i]['user_posts'] : ''; $poster_from = $postrow[$i]['user_from'] && $poster_id != GUEST_UID ? $postrow[$i]['user_from'] : ''; $poster_joined = $poster_id != GUEST_UID ? $lang['JOINED'] . ': ' . bb_date($postrow[$i]['user_regdate'], $bb_cfg['date_format']) : ''; $poster_longevity = $poster_id != GUEST_UID ? delta_time($postrow[$i]['user_regdate']) : ''; $post_id = $postrow[$i]['post_id']; $mc_type = $postrow[$i]['mc_type']; $mc_comment = $postrow[$i]['mc_comment']; $mc_user_id = profile_url(array('username' => $postrow[$i]['mc_username'], 'user_id' => $postrow[$i]['mc_user_id'], 'user_rank' => $postrow[$i]['mc_user_rank'])); $rg_id = $postrow[$i]['poster_rg_id'] ? $postrow[$i]['poster_rg_id'] : 0; $rg_avatar = get_avatar(GROUP_AVATAR_MASK . $rg_id, $postrow[$i]['rg_avatar_id']); $rg_name = $postrow[$i]['group_name'] ? htmlCHR($postrow[$i]['group_name']) : ''; $rg_signature = $postrow[$i]['group_signature'] ? bbcode2html(htmlCHR($postrow[$i]['group_signature'])) : ''; $poster_avatar = ''; if (!$user->opt_js['h_av'] && $poster_id != GUEST_UID) { $poster_avatar = get_avatar($poster_id, $postrow[$i]['avatar_ext_id'], !bf($postrow[$i]['user_opt'], 'user_opt', 'dis_avatar')); } $poster_rank = $rank_image = ''; $user_rank = $postrow[$i]['user_rank']; if (!$user->opt_js['h_rnk_i'] and isset($ranks[$user_rank])) { $rank_image = $bb_cfg['show_rank_image'] && $ranks[$user_rank]['rank_image'] ? '<img src="' . $ranks[$user_rank]['rank_image'] . '" alt="" title="" border="0" />' : ''; $poster_rank = $bb_cfg['show_rank_text'] ? $ranks[$user_rank]['rank_title'] : ''; } // Handle anon users posting with usernames if ($poster_id == GUEST_UID && $postrow[$i]['post_username'] != '') { $poster = $postrow[$i]['post_username']; } // Buttons
function insert_post($mode, $topic_id, $forum_id = '', $old_forum_id = '', $new_topic_id = '', $new_topic_title = '', $old_topic_id = '', $message = '', $poster_id = '') { global $userdata, $lang; if (!$topic_id) { return; } $post_username = $post_subject = $post_text = $poster_ip = ''; $post_time = $current_time = TIMENOW; if ($mode == 'after_move') { if (!$forum_id || !$old_forum_id) { return; } $sql = "SELECT forum_id, forum_name\n\t\t\tFROM " . BB_FORUMS . "\n\t\t\tWHERE forum_id IN({$forum_id}, {$old_forum_id})"; $forum_names = array(); foreach (DB()->fetch_rowset($sql) as $row) { $forum_names[$row['forum_id']] = htmlCHR($row['forum_name']); } if (!$forum_names) { return; } $post_text = sprintf($lang['BOT_TOPIC_MOVED_FROM_TO'], '[url=' . make_url(FORUM_URL . $old_forum_id) . ']' . $forum_names[$old_forum_id] . '[/url]', '[url=' . make_url(FORUM_URL . $forum_id) . ']' . $forum_names[$forum_id] . '[/url]', profile_url($userdata)); $poster_id = BOT_UID; $poster_ip = '7f000001'; } else { if ($mode == 'after_split_to_old') { $post_text = sprintf($lang['BOT_MESS_SPLITS'], '[url=' . make_url(TOPIC_URL . $new_topic_id) . ']' . htmlCHR($new_topic_title) . '[/url]', profile_url($userdata)); $poster_id = BOT_UID; $poster_ip = '7f000001'; } else { if ($mode == 'after_split_to_new') { $sql = "SELECT t.topic_title, p.post_time\n\t\t\tFROM " . BB_TOPICS . " t, " . BB_POSTS . " p\n\t\t\tWHERE t.topic_id = {$old_topic_id}\n\t\t\t\tAND p.post_id = t.topic_first_post_id"; if ($row = DB()->fetch_row($sql)) { $post_time = $row['post_time'] - 1; $post_text = sprintf($lang['BOT_TOPIC_SPLITS'], '[url=' . make_url(TOPIC_URL . $old_topic_id) . ']' . $row['topic_title'] . '[/url]', profile_url($userdata)); $poster_id = BOT_UID; $poster_ip = '7f000001'; } else { return; } } else { return; } } } $post_columns = 'topic_id, forum_id, poster_id, post_username, post_time, poster_ip'; $post_values = "{$topic_id}, {$forum_id}, {$poster_id}, '{$post_username}', {$post_time}, '{$poster_ip}'"; DB()->query("INSERT INTO " . BB_POSTS . " ({$post_columns}) VALUES ({$post_values})"); $post_id = DB()->sql_nextid(); $post_text = DB()->escape($post_text); $post_text_columns = 'post_id, post_text'; $post_text_values = "{$post_id}, '{$post_text}'"; DB()->query("INSERT INTO " . BB_POSTS_TEXT . " ({$post_text_columns}) VALUES ({$post_text_values})"); }
$msg_userid = $row['user_id']; $msg_user = profile_url($row); $msg_subject = $row['privmsgs_subject']; if (count($orig_word)) { $msg_subject = preg_replace($orig_word, $replacement_word, $msg_subject); } $u_subject = PM_URL . "?folder={$folder}&mode=read&" . POST_POST_URL . "={$privmsg_id}"; $msg_date = bb_date($row['privmsgs_date']); if ($flag == PRIVMSGS_NEW_MAIL && $folder == 'inbox') { $msg_subject = '<b>' . $msg_subject . '</b>'; $msg_date = '<b>' . $msg_date . '</b>'; $msg_user = '******' . $msg_user . '</b>'; } $row_class = !($i & 1) ? 'row1' : 'row2'; $i++; $template->assign_block_vars('listrow', array('ROW_CLASS' => $row_class, 'FROM' => $msg_user, 'SUBJECT' => htmlCHR($msg_subject), 'DATE' => $msg_date, 'PRIVMSG_FOLDER_IMG' => $icon_flag, 'L_PRIVMSG_FOLDER_ALT' => $icon_flag_alt, 'S_MARK_ID' => $privmsg_id, 'U_READ' => $u_subject)); } while ($row = DB()->sql_fetchrow($result)); generate_pagination(PM_URL . "?folder={$folder}", $pm_total, $bb_cfg['topics_per_page'], $start); } else { $template->assign_block_vars("switch_no_messages", array()); } } } } } $template->assign_vars(array('PAGE_TITLE' => @$page_title)); require PAGE_HEADER; $template->pparse('body'); require PAGE_FOOTER; // // Functions
foreach (DB()->fetch_rowset($sql) as $row) { $class = $row['user_pending'] ? 'med' : 'med bold'; $class .= $row['group_moderator'] == $user_id ? ' colorMod' : ''; $href = "group.php?g={$row['group_id']}"; if (IS_ADMIN) { $href .= "&u={$user_id}"; $link = '<a href="' . $href . '" class="' . $class . '" target="_blank">' . htmlCHR($row['group_name']) . '</a>'; $html[] = $link; } else { // скрытая группа и сам юзер не является ее членом if ($row['group_type'] == GROUP_HIDDEN && !$row['can_view']) { continue; } if ($row['group_moderator'] == $user->id) { $class .= ' selfMod'; $href .= "&u={$user_id}"; // сам юзер модератор этой группы } $link = '<a href="' . $href . '" class="' . $class . '" target="_blank">' . htmlCHR($row['group_name']) . '</a>'; $html[] = $link; } } if ($html) { $this->response['group_list_html'] = '<ul><li>' . join('</li><li>', $html) . '</li></ul>'; } else { $this->response['group_list_html'] = $lang['GROUP_LIST_HIDDEN']; } break; default: $this->ajax_die("invalid mode: {$mode}"); }
foreach ($forums_ary as $forum_id) { $forum_name = $forum_name_html[$forum_id]; $forum_name = str_short($forum_name, $max_forum_name_len - 2); $style = ''; if (!isset($cat_forum['subforums'][$forum_id])) { $class = 'root_forum has_sf'; $class .= isset($cat_forum['forums_with_sf'][$forum_id]) ? ' has_sf' : ''; $style = " class=\"{$class}\""; } $selected = isset($search_in_forums_fary[$forum_id]) ? HTML_SELECTED : ''; $opt .= '<option id="fs-' . $forum_id . '" value="' . $forum_id . '"' . $style . $selected . '>' . (isset($cat_forum['subforums'][$forum_id]) ? HTML_SF_SPACER : '') . $forum_name . " </option>\n"; } $opt .= "</optgroup>\n"; } $search_all_opt = '<option value="' . $search_all . '" value="fs-' . $search_all . '"' . ($forum_val == $search_all ? HTML_SELECTED : '') . '> ' . htmlCHR($lang['ALL_AVAILABLE']) . "</option>\n"; $cat_forum_select = "\n" . '<select id="fs-main" style="width: 100%;" name="' . $forum_key . '[]" multiple="multiple" size="' . $forum_select_size . "\">\n" . $search_all_opt . $opt . "</select>\n"; // Sort dir $template->assign_vars(array('SORT_NAME' => $sort_key, 'SORT_ASC' => $sort_asc, 'SORT_DESC' => $sort_desc, 'SORT_ASC_CHECKED' => $sort_val == $sort_asc ? HTML_CHECKED : '', 'SORT_DESC_CHECKED' => $sort_val == $sort_desc ? HTML_CHECKED : '')); // Displaying options $tor_type_lang = $lang['GOLD'] . ' / ' . $lang['SILVER']; $template->assign_vars(array('SHOW_CAT_CHBOX' => build_checkbox($show_cat_key, $lang['BT_SHOW_CAT'], $show_cat_val), 'SHOW_FORUM_CHBOX' => build_checkbox($show_forum_key, $lang['BT_SHOW_FORUM'], $show_forum_val), 'SHOW_AUTHOR_CHBOX' => build_checkbox($show_author_key, $lang['BT_SHOW_AUTHOR'], $show_author_val), 'SHOW_SPEED_CHBOX' => build_checkbox($show_speed_key, $lang['BT_SHOW_SPEED'], $show_speed_val), 'ALL_WORDS_CHBOX' => build_checkbox($all_words_key, $lang['SEARCH_ALL_WORDS'], $all_words_val), 'TOR_TYPE_CHBOX' => build_checkbox($tor_type_key, $tor_type_lang, $tor_type_val), 'ONLY_MY_CHBOX' => build_checkbox($my_key, $lang['BT_ONLY_MY'], $only_my, IS_GUEST), 'ONLY_ACTIVE_CHBOX' => build_checkbox($active_key, $lang['BT_ONLY_ACTIVE'], $active_val), 'SEED_EXIST_CHBOX' => build_checkbox($seed_exist_key, $lang['BT_SEED_EXIST'], $seed_exist), 'ONLY_NEW_CHBOX' => build_checkbox($new_key, $lang['BT_ONLY_NEW'], $only_new, IS_GUEST), 'DL_CANCEL_CHBOX' => build_checkbox($dl_cancel_key, $lang['SEARCH_DL_CANCEL'], $dl_cancel_val, IS_GUEST, 'dlCancel'), 'DL_COMPL_CHBOX' => build_checkbox($dl_compl_key, $lang['SEARCH_DL_COMPLETE'], $dl_compl_val, IS_GUEST, 'dlComplete'), 'DL_DOWN_CHBOX' => build_checkbox($dl_down_key, $lang['SEARCH_DL_DOWN'], $dl_down_val, IS_GUEST, 'dlDown'), 'DL_WILL_CHBOX' => build_checkbox($dl_will_key, $lang['SEARCH_DL_WILL'], $dl_will_val, IS_GUEST, 'dlWill'), 'POSTER_NAME_NAME' => $poster_name_key, 'POSTER_NAME_VAL' => htmlCHR($poster_name_val), 'TITLE_MATCH_NAME' => $title_match_key, 'TITLE_MATCH_VAL' => htmlCHR($title_match_val), 'AJAX_TOPICS' => $user->opt_js['tr_t_ax'], 'SHOW_TIME_TOPICS' => $user->opt_js['tr_t_t'], 'SHOW_CURSOR' => $user->opt_js['hl_tr'], 'HIDE_CONTENTS' => $user->opt_js['h_tsp'], 'U_SEARCH_USER' => "search.php?mode=searchuser&input_name={$poster_name_key}")); // Hidden fields $save_through_pages = array('all_words', 'active', 'dl_cancel', 'dl_compl', 'dl_down', 'dl_will', 'my', 'new', 'seed_exist', 'show_author', 'show_cat', 'show_forum', 'show_speed', 'tor_type'); $hidden_fields = array(); foreach ($save_through_pages as $name) { $hidden_fields['prev_' . ${"{$name}_key"}] = ${"{$name}_val"}; } // Set colspan $tor_colspan = $tor_colspan - $hide_cat - $hide_forum - $hide_author - $hide_speed; $template->assign_vars(array('PAGE_TITLE' => $lang['TRACKER'], 'S_HIDDEN_FIELDS' => build_hidden_fields($hidden_fields), 'CAT_FORUM_SELECT' => $cat_forum_select, 'ORDER_SELECT' => build_select($order_key, $order_select, $order_val), 'TIME_SELECT' => build_select($time_key, $time_select, $time_val), 'S_NOT_SEEN_SELECT' => build_select($s_not_seen_key, $s_not_seen_select, $s_not_seen_val), 'S_RG_SELECT' => build_select($s_rg_key, $s_release_group_select, $s_rg_val), 'TOR_SEARCH_ACTION' => $tracker_url, 'TOR_COLSPAN' => $tor_colspan, 'TITLE_MATCH_MAX' => $title_match_max_len, 'POSTER_NAME_MAX' => $poster_name_max_len, 'POSTER_ERROR' => $poster_error, 'SHOW_SEARCH_OPT' => (bool) $allowed_forums, 'SHOW_CAT' => $show_cat_val, 'SHOW_FORUM' => $show_forum_val, 'SHOW_AUTHOR' => $show_author_val, 'SHOW_SPEED' => $show_speed_val, 'MAX_FS' => $max_forums_selected, 'L_MAX_FS' => sprintf($lang['SEL_CHAPTERS_HELP'], $max_forums_selected), 'TRACKER_URL' => make_url('tracker.php?'), 'TR_CAT_URL' => "{$tracker_url}?{$cat_key}=", 'TR_FORUM_URL' => "{$tracker_url}?{$forum_key}=", 'TR_POSTER_URL' => "{$tracker_url}?{$poster_id_key}=")); print_page('tracker.tpl');
} for ($i = 0; $i < sizeof($forum_perm); $i++) { $template->assign_block_vars('allow_option_values', array('VALUE' => $forum_perm[$i]['forum_id'], 'OPTION' => htmlCHR($forum_perm[$i]['forum_name']))); } $template->assign_vars(array('TPL_ATTACH_EXTENSION_GROUPS_PERMISSIONS' => true, 'L_GROUP_PERMISSIONS_TITLE' => sprintf($lang['GROUP_PERMISSIONS_TITLE_ADMIN'], trim($group_name)), 'A_PERM_ACTION' => "admin_extensions.php?mode=groups&e_mode=perm&e_group={$group}")); $forum_option_values = array(0 => $lang['PERM_ALL_FORUMS']); $sql = "SELECT forum_id, forum_name FROM " . BB_FORUMS; if (!($result = DB()->sql_query($sql))) { bb_die('Could not get forums #1'); } while ($row = DB()->sql_fetchrow($result)) { $forum_option_values[intval($row['forum_id'])] = $row['forum_name']; } DB()->sql_freeresult($result); foreach ($forum_option_values as $value => $option) { $template->assign_block_vars('forum_option_values', array('VALUE' => $value, 'OPTION' => htmlCHR($option))); } $empty_perm_forums = array(); $sql = "SELECT forum_id, forum_name FROM " . BB_FORUMS . " WHERE auth_attachments < " . AUTH_ADMIN; if (!($f_result = DB()->sql_query($sql))) { bb_die('Could not get forums #2'); } while ($row = DB()->sql_fetchrow($f_result)) { $forum_id = $row['forum_id']; $sql = "SELECT forum_permissions\n\t\tFROM " . BB_EXTENSION_GROUPS . "\n\t\tWHERE allow_group = 1\n\t\tORDER BY group_name ASC"; if (!($result = DB()->sql_query($sql))) { bb_die('Could not query extension groups'); } $rows = DB()->sql_fetchrowset($result); $num_rows = DB()->num_rows($result); DB()->sql_freeresult($result);
if (!$login_errors) { if ($user->login($_POST, $mod_admin_login)) { $redirect_url = defined('FIRST_LOGON') ? $bb_cfg['first_logon_redirect_url'] : $redirect_url; // Обнуление при введении правильно комбинации логин/пароль CACHE('bb_login_err')->set('l_err_' . USER_IP, 0, 3600); if ($redirect_url == '/' . LOGIN_URL || $redirect_url == LOGIN_URL) { $redirect_url = 'index.php'; } redirect($redirect_url); } $login_errors[] = $lang['ERROR_LOGIN']; if (!$mod_admin_login) { $login_err = CACHE('bb_login_err')->get('l_err_' . USER_IP); if ($login_err > $bb_cfg['invalid_logins']) { $need_captcha = true; } if ($login_err > 50) { // TODO temp ban ip } CACHE('bb_login_err')->set('l_err_' . USER_IP, $login_err + 1, 3600); } else { $need_captcha = false; } } } // Login page if (IS_GUEST || $mod_admin_login) { $template->assign_vars(array('LOGIN_USERNAME' => htmlCHR($login_username), 'LOGIN_PASSWORD' => htmlCHR($login_password), 'ERROR_MESSAGE' => join('<br />', $login_errors), 'ADMIN_LOGIN' => $mod_admin_login, 'REDIRECT_URL' => htmlCHR($redirect_url), 'CAPTCHA_HTML' => $need_captcha && !$bb_cfg['captcha']['disabled'] ? bb_captcha('get') : '', 'PAGE_TITLE' => $lang['LOGIN'], 'S_LOGIN_ACTION' => LOGIN_URL)); print_page('login.tpl'); } redirect($redirect_url);
case 'new': if (!($tpl_name = htmlCHR(str_compact($this->request['tpl_name'])))) { $this->ajax_die('не заполнено название шаблона'); } $tpl_name = substr($tpl_name, 0, 60); if (!($tpl_src_form = htmlCHR($this->request['tpl_src_form']))) { $this->ajax_die('не заполнен скрипт формы шаблона'); } if (!($tpl_src_title = htmlCHR($this->request['tpl_src_title']))) { $this->ajax_die('не заполнен формат названия темы'); } $tpl_src_title = str_compact($tpl_src_title); if (!($tpl_src_msg = htmlCHR($this->request['tpl_src_msg']))) { $this->ajax_die('не заполнен формат создания сообщения'); } $tpl_comment = htmlCHR($this->request['tpl_comment']); preg_match('#\\d+#', (string) $this->request['tpl_rules'], $m); $tpl_rules_post_id = isset($m[0]) ? (int) $m[0] : 0; $sql_args = array('tpl_name' => (string) $tpl_name, 'tpl_src_form' => (string) $tpl_src_form, 'tpl_src_title' => (string) $tpl_src_title, 'tpl_src_msg' => (string) $tpl_src_msg, 'tpl_comment' => (string) $tpl_comment, 'tpl_rules_post_id' => (int) $tpl_rules_post_id, 'tpl_last_edit_tm' => (int) TIMENOW, 'tpl_last_edit_by' => (int) $userdata['user_id']); break; } // выполнение switch ($mode) { // загрузка шаблона case 'load': $this->response['val']['tpl-name-save'] = $tpl_data['tpl_name']; $this->response['val']['tpl-src-form'] = $tpl_data['tpl_src_form']; $this->response['val']['tpl-src-title'] = $tpl_data['tpl_src_title']; $this->response['val']['tpl-src-msg'] = $tpl_data['tpl_src_msg']; $this->response['val']['tpl-comment-save'] = $tpl_data['tpl_comment']; $this->response['val']['tpl-rules-save'] = $tpl_data['tpl_rules_post_id'];
$table = BB_BT_USERS; $value = (double) str_replace(',', '.', $this->request['value']); foreach (array('KB' => 1, 'MB' => 2, 'GB' => 3, 'TB' => 4) as $s => $m) { if (strpos($this->request['value'], $s) !== false) { $value *= pow(1024, $m); break; } } $value = sprintf('%.0f', $value); $this->response['new_value'] = humn_size($value, null, null, ' '); if (!($btu = get_bt_userdata($user_id))) { require INC_DIR . 'functions_torrent.php'; generate_passkey($user_id, true); $btu = get_bt_userdata($user_id); } $btu[$field] = $value; $this->response['update_ids']['u_ratio'] = (string) get_bt_ratio($btu); break; case 'user_points': $value = htmlCHR($value); $value = (double) str_replace(',', '.', $this->request['value']); $value = sprintf('%.2f', $value); $this->response['new_value'] = $value; break; default: $this->ajax_die("invalid profile field: {$field}"); } $value_sql = DB()->escape($value, true); DB()->query("UPDATE {$table} SET {$field} = {$value_sql} WHERE user_id = {$user_id} LIMIT 1"); cache_rm_user_sessions($user_id); $this->response['edit_id'] = $this->request['edit_id'];
} $template->assign_block_vars('c.f.acl', array('DISABLED' => $disabled, 'PERM_SIGN' => $perm_sign, 'ACL_CLASS' => $acl_class, 'FORUM_ID' => $f_id, 'ACL_TYPE_BF' => $bf_num, 'ACL_VAL' => $auth_via_acl ? 1 : 0)); } } } $template->assign_vars(array('AUTH_MOD_BF' => AUTH_MOD)); $s_column_span = 2; foreach ($forum_auth_fields as $auth_type) { $template->assign_block_vars('acltype', array('ACL_TYPE_NAME' => preg_replace("#(.{5})#u", "\\1<br />", $lang[strtoupper($auth_type)]), 'ACL_TYPE_BF' => $bf['forum_perm'][$auth_type])); $s_column_span++; } unset($forums, $ug_data, $u_access); $datastore->rm('cat_forums'); $s_hidden_fields = ' <input type="hidden" name="mode" value="' . $mode . '" /> <input type="hidden" name="g" value="' . $group_id . '" /> '; $template->assign_vars(array('TPL_AUTH_UG_MAIN' => true, 'T_USER_OR_GROUPNAME' => $lang['GROUP_NAME'], 'USER_LEVEL' => false, 'T_AUTH_TITLE' => $lang['AUTH_CONTROL_GROUP'], 'T_AUTH_EXPLAIN' => $lang['GROUP_AUTH_EXPLAIN'], 'USER_OR_GROUPNAME' => htmlCHR($group_data['group_name']), 'S_COLUMN_SPAN' => $s_column_span, 'S_HIDDEN_FIELDS' => $s_hidden_fields)); } else { // Select a user/group if ($mode == 'user') { $template->assign_vars(array('TPL_SELECT_USER' => true, 'U_SEARCH_USER' => BB_ROOT . "search.php?mode=searchuser")); } else { $template->assign_vars(array('TPL_SELECT_GROUP' => true, 'S_GROUP_SELECT' => get_select('groups'))); } $s_hidden_fields = '<input type="hidden" name="mode" value="' . $mode . '" />'; $template->assign_vars(array('S_HIDDEN_FIELDS' => $s_hidden_fields)); } } $template->assign_vars(array('YES_SIGN' => $yes_sign, 'NO_SIGN' => $no_sign, 'T_MOD_YES' => $lang['MODERATOR'], 'T_MOD_NO' => $lang['NO'], 'S_AUTH_ACTION' => "admin_ug_auth.php", 'SELECTED_CAT' => !empty($_REQUEST['c']) ? $_REQUEST['c'] : '', 'U_ALL_FORUMS' => !empty($base_url) ? "{$base_url}&c=all" : '')); print_page('admin_ug_auth.tpl', 'admin');
// редакторование // редакторование case 'poll_edit': if (!$t_data['topic_vote']) { bb_die($lang['POST_HAS_NO_POLL']); } $poll->build_poll_data($_POST); if ($poll->err_msg) { bb_die($poll->err_msg); } $poll->insert_votes_into_db($topic_id); CACHE('bb_poll_data')->rm("poll_{$topic_id}"); bb_die($lang['NEW_POLL_RESULTS']); break; default: bb_die('Invalid mode: ' . htmlCHR($mode)); } // Functions class bb_poll { var $err_msg = ''; var $poll_votes = array(); var $max_votes = 0; function bb_poll() { global $bb_cfg; $this->max_votes = $bb_cfg['max_poll_options']; } function build_poll_data($posted_data) { $poll_caption = (string) @$posted_data['poll_caption'];
if ($row['auth_read'] != AUTH_ALL && $row['auth_read'] != AUTH_REG) { $not_auth['user_read'][] = $fid; } $data['forum'][$fid] = $row; // Store forums data if ($parent_id = $row['forum_parent']) { $parent =& $data['f'][$parent_id]; $parent['subforums'][] = $fid; $parent['forum_posts'] += $row['forum_posts']; $parent['forum_topics'] += $row['forum_topics']; } if ($row['allow_reg_tracker']) { $data['tracker_forums'][] = $fid; } $data['f'][$fid] = array_intersect_key($row, $forum_store_fields); $data['forum_name_html'][$fid] = htmlCHR($row['forum_name']); // Forum ids in cat $data['c'][$row['cat_id']]['forums'][] = $fid; } foreach ($data['not_auth_forums'] as $key => $val) { $data['not_auth_forums'][$key] = join(',', $val); } $data['tracker_forums'] = join(',', $data['tracker_forums']); $this->store('cat_forums', $data); // // jumpbox // $data = array('guest' => get_forum_select('guest', 'f', null, null, null, 'id="jumpbox" onchange="window.location.href=\'viewforum.php?f=\'+this.value;"'), 'user' => get_forum_select('user', 'f', null, null, null, 'id="jumpbox" onchange="window.location.href=\'viewforum.php?f=\'+this.value;"')); $this->store('jumpbox', $data); file_write($data['guest'], AJAX_HTML_DIR . 'jumpbox_guest.html', false, true, true); file_write($data['user'], AJAX_HTML_DIR . 'jumpbox_user.html', false, true, true);
/** * Build SQL statement from array (based on same method from phpBB3, idea from Ikonboard) * * Possible $query_type values: INSERT, INSERT_SELECT, MULTI_INSERT, UPDATE, SELECT */ function build_array($query_type, $input_ary, $data_already_escaped = false, $check_data_type_in_escape = true) { $fields = $values = $ary = $query = array(); $dont_escape = $data_already_escaped; $check_type = $check_data_type_in_escape; if (empty($input_ary) || !is_array($input_ary)) { $this->trigger_error(__FUNCTION__ . ' - wrong params: $input_ary'); } if ($query_type == 'INSERT') { foreach ($input_ary as $field => $val) { $fields[] = $field; $values[] = $this->escape($val, $check_type, $dont_escape); } $fields = join(', ', $fields); $values = join(', ', $values); $query = "({$fields})\nVALUES\n({$values})"; } else { if ($query_type == 'INSERT_SELECT') { foreach ($input_ary as $field => $val) { $fields[] = $field; $values[] = $this->escape($val, $check_type, $dont_escape); } $fields = join(', ', $fields); $values = join(', ', $values); $query = "({$fields})\nSELECT\n{$values}"; } else { if ($query_type == 'MULTI_INSERT') { foreach ($input_ary as $id => $sql_ary) { foreach ($sql_ary as $field => $val) { $values[] = $this->escape($val, $check_type, $dont_escape); } $ary[] = '(' . join(', ', $values) . ')'; $values = array(); } $fields = join(', ', array_keys($input_ary[0])); $values = join(",\n", $ary); $query = "({$fields})\nVALUES\n{$values}"; } else { if ($query_type == 'SELECT' || $query_type == 'UPDATE') { foreach ($input_ary as $field => $val) { $ary[] = "{$field} = " . $this->escape($val, $check_type, $dont_escape); } $glue = $query_type == 'SELECT' ? "\nAND " : ",\n"; $query = join($glue, $ary); } } } } if (!$query) { bb_die('<pre><b>' . __FUNCTION__ . "</b>: Wrong params for <b>{$query_type}</b> query type\n\n\$input_ary:\n\n" . htmlCHR(print_r($input_ary, true)) . '</pre>'); } return "\n" . $query . "\n"; }
global $bb_cfg, $userdata, $lang; if (!($group_id = intval($this->request['group_id'])) or !($group_info = get_group_data($group_id))) { $this->ajax_die($lang['NO_GROUP_ID_SPECIFIED']); } if (!($mode = (string) $this->request['mode'])) { $this->ajax_die('No mode specified'); } $value = $this->request['value'] = (string) isset($this->request['value']) ? $this->request['value'] : 0; if (!IS_ADMIN && $userdata['user_id'] != $group_info['group_moderator']) { $this->ajax_die($lang['ONLY_FOR_MOD']); } switch ($mode) { case 'group_name': case 'group_signature': case 'group_description': $value = htmlCHR($value, false, ENT_NOQUOTES); $this->response['new_value'] = $value; break; case 'group_type': $this->response['new_value'] = $value; break; case 'release_group': $this->response['new_value'] = $value; break; case 'delete_avatar': delete_avatar(GROUP_AVATAR_MASK . $group_id, $group_info['avatar_ext_id']); $value = 0; $mode = 'avatar_ext_id'; $this->response['act'] = $value; break; default:
function sf_get_list($mode, $exclude = 0, $select = 0) { global $cat_forums, $forum_parent; $opt = ''; if ($mode == 'forum') { foreach ($cat_forums as $cid => $c) { $opt .= '<optgroup label=" ' . htmlCHR($c['cat_title']) . '">'; foreach ($c['f'] as $fid => $f) { $selected = $fid == $select ? HTML_SELECTED : ''; $disabled = $fid == $exclude && !$forum_parent ? HTML_DISABLED : ''; $style = $disabled ? ' style="color: gray" ' : ($fid == $exclude ? ' style="color: darkred" ' : ''); $opt .= '<option value="' . $fid . '" ' . $selected . $disabled . $style . '>' . ($f['forum_parent'] ? HTML_SF_SPACER : '') . htmlCHR(str_short($f['forum_name'], 60)) . " </option>\n"; } $opt .= '</optgroup>'; } } return $opt; }
} if ($post['post_id'] == $post['topic_first_post_id']) { $message = "[quote]" . $post['topic_title'] . "[/quote]\r"; } if (mb_strlen($message, 'UTF-8') > 1000) { $this->response['redirect'] = make_url(POSTING_URL . '?mode=quote&p=' . $post_id); } $this->response['quote'] = true; $this->response['message'] = $message; break; case 'view_message': $message = (string) $this->request['message']; if (!trim($message)) { $this->ajax_die($lang['EMPTY_MESSAGE']); } $message = htmlCHR($message, false, ENT_NOQUOTES); $this->response['message_html'] = bbcode2html($message); $this->response['res_id'] = @$this->request['res_id']; break; case 'edit': case 'editor': if (bf($userdata['user_opt'], 'user_opt', 'dis_post_edit')) { $this->ajax_die($lang['POST_EDIT_CANNOT']); } if ($post['poster_id'] != $userdata['user_id'] && !$is_auth['auth_mod']) { $this->ajax_die($lang['EDIT_OWN_POSTS']); } if (mb_strlen($post['post_text'], 'UTF-8') > 1000 || $post['post_attachment'] || $post['topic_first_post_id'] == $post_id) { $this->response['redirect'] = make_url(POSTING_URL . '?mode=editpost&p=' . $post_id); } elseif ($this->request['type'] == 'editor') { $text = (string) $this->request['text'];
/** * Spam filter */ private function spam_filter($text) { global $bb_cfg; static $spam_words = null; static $spam_replace = ' СПАМ'; if (isset($this)) { $found_spam =& $this->found_spam; } // set $spam_words and $spam_replace if (!$bb_cfg['spam_filter_file_path']) { return $text; } if (is_null($spam_words)) { $spam_words = file_get_contents($bb_cfg['spam_filter_file_path']); $spam_words = strtolower($spam_words); $spam_words = explode("\n", $spam_words); } $found_spam = array(); $tm_start = utime(); $msg_decoded = $text; $msg_decoded = html_entity_decode($msg_decoded); $msg_decoded = urldecode($msg_decoded); $msg_decoded = str_replace('&', ' &', $msg_decoded); $msg_search = strtolower($msg_decoded); foreach ($spam_words as $spam_str) { if (!($spam_str = trim($spam_str))) { continue; } if (strpos($msg_search, $spam_str) !== false) { $found_spam[] = $spam_str; } } if ($found_spam) { $spam_exp = array(); foreach ($found_spam as $keyword) { $spam_exp[] = preg_quote($keyword, '/'); } $spam_exp = join('|', $spam_exp); $text = preg_replace("/({$spam_exp})(\\S*)/i", $spam_replace, $msg_decoded); $text = htmlCHR($text, false, ENT_NOQUOTES); # bb_log(date("H:i:s") ." | ". sprintf('%.4f', (utime() - $tm_start)) ." | ". sprintf('%-6s', strlen($text)) ." | ". join(' ** ', $found_spam) ."\n", 'spam_filter'); } return $text; }
set_tpl_vars($default_cfg_str, $cfg); set_tpl_vars_lang($default_cfg_str); set_tpl_vars_bool($default_cfg_bool, $cfg); set_tpl_vars_lang($default_cfg_bool); set_tpl_vars($default_cfg_num, $cfg); set_tpl_vars_lang($default_cfg_num); set_tpl_vars_lang($db_fields_bool); // Get Forums list $sql = "SELECT f.*\n\tFROM " . BB_CATEGORIES . " c, " . BB_FORUMS . " f\n\tWHERE f.cat_id = c.cat_id\n\tORDER BY c.cat_order, f.forum_order"; if (!($result = DB()->sql_query($sql))) { bb_die('Could not obtain forum names'); } $rowset = DB()->sql_fetchrowset($result); $forum_rows = min($max_forum_rows, count($rowset)); foreach ($db_fields_bool as $field_name => $field_def_val) { ${$field_name} = ''; } foreach ($rowset as $rid => $forum) { foreach ($db_fields_bool as $field_name => $field_def_val) { $forum_name = $forum['forum_name']; $selected = $forum[$field_name] ? ' selected="selected"' : ''; $forum_name = str_short($forum_name, $max_forum_name_len); ${$field_name} .= '<option value="' . $forum['forum_id'] . '" ' . $selected . '> ' . ($forum['forum_parent'] ? HTML_SF_SPACER : '') . htmlCHR($forum_name) . "</option>\n"; } } foreach ($db_fields_bool as $field_name => $field_def_val) { ${$field_name} = '<select name="' . $field_name . "[]\" multiple=\"multiple\" size=\"{$forum_rows}\">" . ${$field_name} . '</select>'; $template->assign_vars(array('S_' . strtoupper($field_name) => ${$field_name})); } $template->assign_vars(array('L_BT_SHOW_PEERS_MODE_COUNT' => $cfg['bt_show_peers_mode'] == SHOW_PEERS_COUNT ? '<u>' . $lang['BT_SHOW_PEERS_MODE_COUNT'] . '</u>' : $lang['BT_SHOW_PEERS_MODE_COUNT'], 'L_BT_SHOW_PEERS_MODE_NAMES' => $cfg['bt_show_peers_mode'] == SHOW_PEERS_NAMES ? '<u>' . $lang['BT_SHOW_PEERS_MODE_NAMES'] . '</u>' : $lang['BT_SHOW_PEERS_MODE_NAMES'], 'L_BT_SHOW_PEERS_MODE_FULL' => $cfg['bt_show_peers_mode'] == SHOW_PEERS_FULL ? '<u>' . $lang['BT_SHOW_PEERS_MODE_FULL'] . '</u>' : $lang['BT_SHOW_PEERS_MODE_FULL'], 'BT_SHOW_PEERS_MODE_COUNT_VAL' => SHOW_PEERS_COUNT, 'BT_SHOW_PEERS_MODE_NAMES_VAL' => SHOW_PEERS_NAMES, 'BT_SHOW_PEERS_MODE_FULL_VAL' => SHOW_PEERS_FULL, 'BT_SHOW_PEERS_MODE_COUNT_SEL' => $cfg['bt_show_peers_mode'] == SHOW_PEERS_COUNT ? HTML_CHECKED : '', 'BT_SHOW_PEERS_MODE_NAMES_SEL' => $cfg['bt_show_peers_mode'] == SHOW_PEERS_NAMES ? HTML_CHECKED : '', 'BT_SHOW_PEERS_MODE_FULL_SEL' => $cfg['bt_show_peers_mode'] == SHOW_PEERS_FULL ? HTML_CHECKED : '', 'S_HIDDEN_FIELDS' => '', 'S_CONFIG_ACTION' => 'admin_bt_forum_cfg.php')); print_page('admin_bt_forum_cfg.tpl', 'admin');
$item_auth_value = $forum_rows[$j][$forum_auth_fields[$k]]; for ($l = 0; $l < count($forum_auth_const); $l++) { if ($item_auth_value == $forum_auth_const[$l]) { $item_auth_level = $forum_auth_levels[$l]; break; } } $template->assign_block_vars('cat_row.forum_row.forum_auth_data', array('CELL_VALUE' => $lang['FORUM_' . $item_auth_level], 'AUTH_EXPLAIN' => sprintf($lang[strtoupper('FORUM_AUTH_LIST_EXPLAIN_' . $forum_auth_fields[$k])], $lang[strtoupper('FORUM_AUTH_LIST_EXPLAIN_' . $item_auth_level)]))); } } } // // next generate the information to allow the permissions to be changed // note: we always read from the first forum in the category // for ($j = 0; $j < count($forum_auth_fields); $j++) { $custom_auth[$j] = '<select name="' . $forum_auth_fields[$j] . '">'; for ($k = 0; $k < count($forum_auth_levels); $k++) { $selected = !empty($forum_rows) && $forum_rows[0][$forum_auth_fields[$j]] == $forum_auth_const[$k] ? ' selected="selected"' : ''; $custom_auth[$j] .= '<option value="' . $forum_auth_const[$k] . '"' . $selected . '>' . $lang['FORUM_' . $forum_auth_levels[$k]] . '</option>'; } $custom_auth[$j] .= '</select>'; $template->assign_block_vars('forum_auth_data', array('S_AUTH_LEVELS_SELECT' => $custom_auth[$j])); } // // finally pass any remaining items to the template // $s_hidden_fields = '<input type="hidden" name="' . POST_CAT_URL . '" value="' . $cat_id . '">'; $template->assign_vars(array('TPL_AUTH_CAT' => true, 'CAT_NAME' => htmlCHR($cat_name), 'S_FORUMAUTH_ACTION' => 'admin_forumauth_list.php', 'S_COLUMN_SPAN' => count($forum_auth_fields) + 1, 'S_HIDDEN_FIELDS' => $s_hidden_fields)); } print_page('admin_forumauth_list.tpl', 'admin');
$errors[] = $lang['TWITTER_ERROR']; } $pr_data['user_twitter'] = $twitter; $db_data['user_twitter'] = (string) $twitter; } $tp_data['USER_TWITTER'] = $pr_data['user_twitter']; break; /** * Выбор шаблона (edit) */ /** * Выбор шаблона (edit) */ case 'tpl_name': $templates = isset($_POST['tpl_name']) ? (string) $_POST['tpl_name'] : $pr_data['tpl_name']; $templates = htmlCHR($templates); if ($submit && $templates != $pr_data['tpl_name']) { $pr_data['tpl_name'] = $bb_cfg['tpl_name']; $db_data['tpl_name'] = (string) $bb_cfg['tpl_name']; foreach ($bb_cfg['templates'] as $folder => $name) { if ($templates == $folder) { $pr_data['tpl_name'] = $templates; $db_data['tpl_name'] = (string) $templates; } } } $tp_data['TEMPLATES_SELECT'] = templates_select($pr_data['tpl_name'], 'tpl_name'); break; /** * default */
function build_group($params) { global $lang; $options = ''; foreach ($params as $name => $data) { $text = htmlCHR(str_short(rtrim($name), HTML_SELECT_MAX_LENGTH)); $members = $data['m'] ? $lang['MEMBERS_IN_GROUP'] . ': ' . $data['m'] : $lang['NO_GROUP_MEMBERS']; $candidates = $data['c'] ? $lang['PENDING_MEMBERS'] . ': ' . $data['c'] : $lang['NO_PENDING_GROUP_MEMBERS']; $options .= '<li class="pad_2"><a href="' . GROUP_URL . $data['id'] . '" class="med bold">' . $text . '</a></li>'; $options .= $data['rg'] ? '<ul><li class="med">' . $lang['RELEASE_GROUP'] . '</li>' : '<ul>'; $options .= '<li class="seedmed">' . $members . '</li>'; if (IS_AM) { $options .= '<li class="leechmed">' . $candidates . '</li>'; } $options .= '</ul>'; } return $options; }
} global $lang; if (!isset($this->request['attach_id'])) { $this->ajax_die($lang['EMPTY_ATTACH_ID']); } $attach_id = (int) $this->request['attach_id']; global $bnc_error; $bnc_error = 0; $torrent = DB()->fetch_row("SELECT at.attach_id, at.physical_filename FROM " . BB_ATTACHMENTS_DESC . " at WHERE at.attach_id = {$attach_id} LIMIT 1"); if (!$torrent) { $this->ajax_die($lang['EMPTY_ATTACH_ID']); } $filename = get_attachments_dir() . '/' . $torrent['physical_filename']; if (($file_contents = @file_get_contents($filename)) === false) { if (IS_AM) { $this->ajax_die($lang['ERROR_NO_ATTACHMENT'] . "\n\n" . htmlCHR($filename)); } else { $this->ajax_die($lang['ERROR_NO_ATTACHMENT']); } } // Построение списка $tor_filelist = build_tor_filelist($file_contents); function build_tor_filelist($file_contents) { global $lang; if (!($tor = bdecode($file_contents))) { return $lang['TORFILE_INVALID']; } $torrent = new torrent($tor); return $torrent->get_filelist(); }