* // Return a 404 Not found error instead of redirecting
* // the user back to the index.
* header("HTTP/1.0 404 Not Found");
* print "<html><head>\n";
* print " <title>404 - Not Found</title>\n";
* print "</head><body>";
* print " <h1>404 - Forum Not Found</h1>";
* print "</body></html>";
* exit();
* }
* </hookcode>
*/
if (isset($PHORUM["hooks"]["common_no_forum"])) {
phorum_api_hook("common_no_forum", "");
}
phorum_api_redirect(PHORUM_INDEX_URL);
}
$PHORUM = array_merge($PHORUM, $forum_settings);
} elseif (isset($PHORUM["forum_id"]) && $PHORUM["forum_id"] == 0) {
$PHORUM = array_merge($PHORUM, $PHORUM["default_forum_options"]);
// some hard settings are needed if we are looking at forum_id 0
$PHORUM['vroot'] = 0;
$PHORUM['parent_id'] = 0;
$PHORUM['active'] = 1;
$PHORUM['folder_flag'] = 1;
$PHORUM['cache_version'] = 0;
}
// handling vroots
if (!empty($PHORUM['vroot'])) {
$vroot_folders = $PHORUM['DB']->get_forums($PHORUM['vroot']);
$PHORUM["title"] = $vroot_folders[$PHORUM['vroot']]['name'];
}
break;
}
if ($error) {
break;
}
}
if (empty($error)) {
unset($_POST["module"]);
unset($_POST["phorum_admin_token"]);
if ($PHORUM['DB']->update_settings($_POST)) {
$redir = phorum_admin_build_url(array('module=settings', 'message=success'), TRUE);
if ($need_display_name_updates) {
$redir = phorum_admin_build_url(array('module=update_display_names'), TRUE);
}
phorum_api_redirect($redir);
exit;
} else {
$error = "Database error while updating settings.";
}
}
}
if ($error) {
phorum_admin_error($error);
} elseif (isset($_GET['message']) && $_GET['message'] == 'success') {
$okmsg = "Settings updated";
phorum_admin_okmsg($okmsg);
}
// create the time zone drop down array
for ($x = -23; $x <= 23; $x++) {
$tz_range[$x] = $x;
}
// If this thread is unapproved, then get out.
$unapproved = empty($top_parent) || empty($parent) || $top_parent["status"] != PHORUM_STATUS_APPROVED || $parent["status"] != PHORUM_STATUS_APPROVED;
if ($unapproved) {
// In case we run the editor included in the read page,
// we should not redirect to the listpage for moderators.
// Else a moderator can never read an unapproved message.
if (isset($PHORUM["postingargs"]["as_include"])) {
if ($PHORUM["DATA"]["MODERATOR"]) {
$PHORUM["DATA"]["OKMSG"] = $PHORUM["DATA"]["LANG"]["UnapprovedMessage"];
return;
}
}
// In other cases, redirect users that are replying to
// unapproved messages to the message list.
phorum_api_redirect(PHORUM_LIST_URL);
}
// closed topic, show a message
if ($top_parent["closed"]) {
$PHORUM["DATA"]["OKMSG"] = $PHORUM["DATA"]["LANG"]["ThreadClosed"];
$PHORUM["posting_template"] = "message";
return;
}
}
// Do permission checks for editing messages.
if ($mode == "edit") {
// Check if the user is allowed to edit this post.
$timelim = $PHORUM["user_edit_timelimit"];
$useredit = $message["user_id"] == $PHORUM["user"]["user_id"] && phorum_api_user_check_access(PHORUM_USER_ALLOW_EDIT) && !empty($top_parent) && !$top_parent["closed"] && (!$timelim || $message["datestamp"] + $timelim * 60 >= time());
// Moderators are allowed to edit messages.
$moderatoredit = $PHORUM["DATA"]["MODERATOR"] && $message["forum_id"] == $PHORUM["forum_id"];
// Allow the activated cache layer to check if it is working correctly.
if (function_exists('phorum_api_cache_check')) {
$error = phorum_api_cache_check();
if ($error) {
echo "The cache test has failed. Please check your cache " . "configuration in include/config/cache.php. If the " . "configuration is okay, check if the application used " . "for caching is running.<br/><br/>" . "The error as returned by the cache layer is:<br/>" . "<b>" . htmlspecialchars($error) . "</b>";
exit;
}
}
// Check for an upgrade or a new install.
if (!defined('PHORUM_ADMIN')) {
if (!isset($PHORUM['internal_version'])) {
echo "<html><head><title>Phorum error</title></head><body>\n <h2>No Phorum settings were found</h2>\n Either this is a brand new installation of Phorum<br/>\n or there is a problem with your database server.<br/>\n <br/>\n If this is a new install, please\n <a href=\"admin.php\">go to the admin page</a> to complete\n the installation.<br/>\n If not, then check your database server.\n </body></html>";
exit;
} elseif ($PHORUM['internal_version'] < PHORUM_SCHEMA_VERSION || !isset($PHORUM['internal_patchlevel']) || $PHORUM['internal_patchlevel'] < PHORUM_SCHEMA_PATCHLEVEL) {
if (isset($PHORUM["DBCONFIG"]["upgrade_page"])) {
phorum_api_redirect($PHORUM["DBCONFIG"]["upgrade_page"]);
} else {
echo "<html><head><title>Upgrade notification</title></head><body>\n <h2>Phorum upgrade</h2>\n It looks like you have installed a new version of Phorum.<br/>\n Please visit the admin page to complete the upgrade!\n </body></html>";
exit;
}
}
}
// The internal_patchlevel can be unset, because this setting was
// added in 5.2. When upgrading from 5.1, this settings is not yet
// available. To make things work, we'll fake a value for this
// setting which will always be lower than the available patch ids.
if (!isset($PHORUM["internal_patchlevel"])) {
$PHORUM["internal_patchlevel"] = "1111111111";
}
// If we have no private key for signing data, generate one now,
// but only if we are not in the middle of a fresh install.
// This script is used for handling Ajax calls to the Phorum system.
// Ajax calls can either be implemented as scripts files in
// "./include/ajax/call.<callname>.php" or through modules that implement
// the "ajax_<call>" hook.
define('phorum_page', 'ajax');
require_once './common.php';
require_once PHORUM_PATH . '/include/api/json.php';
// Registration of some language strings that can be used by Ajax clients.
// We put them in here, so the language tool can find them.
// $PHORUM['DATA']['LANG']['ActionPending']
// $PHORUM['DATA']['LANG']['ActionsPending']
// ----------------------------------------------------------------------
// Client JavaScript library
// ----------------------------------------------------------------------
if (isset($PHORUM['args'][0]) && $PHORUM['args'][0] == 'client') {
phorum_api_redirect(PHORUM_JAVASCRIPT_URL);
}
// ----------------------------------------------------------------------
// Show examples page.
// ----------------------------------------------------------------------
if (isset($PHORUM['args'][0]) && $PHORUM['args'][0] == 'examples') {
include './include/ajax/examples.php';
exit;
}
// ----------------------------------------------------------------------
// Dispatch Ajax calls
// ----------------------------------------------------------------------
$PHORUM['ajax_args'] = array();
// Check if this is a JSONP request.
$PHORUM['ajax_jsonp'] = NULL;
if (isset($PHORUM['args']['callback'])) {
// //
// This program is distributed in the hope that it will be useful, //
// but WITHOUT ANY WARRANTY, without even the implied warranty of //
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. //
// //
// You should have received a copy of the Phorum License //
// along with this program. //
// //
////////////////////////////////////////////////////////////////////////////////
if (!defined("PHORUM_CONTROL_CENTER")) {
return;
}
require_once PHORUM_PATH . '/include/api/file.php';
require_once PHORUM_PATH . '/include/api/format/messages.php';
if (!$PHORUM["DATA"]["MESSAGE_MODERATOR"]) {
phorum_api_redirect(PHORUM_CONTROLCENTER_URL);
}
// the number of days to show
if (isset($_POST['moddays']) && is_numeric($_POST['moddays'])) {
$moddays = (int) $_POST['moddays'];
} elseif (isset($PHORUM['args']['moddays']) && !empty($PHORUM["args"]['moddays']) && is_numeric($PHORUM["args"]['moddays'])) {
$moddays = (int) $PHORUM['args']['moddays'];
} else {
$moddays = phorum_api_user_get_setting("cc_messages_moddays");
}
if ($moddays === NULL) {
$moddays = 2;
}
if (isset($_POST['onlyunapproved']) && is_numeric($_POST['onlyunapproved'])) {
$showwaiting = (int) $_POST['onlyunapproved'];
} elseif (isset($PHORUM['args']['onlyunapproved']) && !empty($PHORUM["args"]['onlyunapproved']) && is_numeric($PHORUM["args"]['onlyunapproved'])) {
if ($PHORUM["folder_flag"]) {
phorum_api_redirect(PHORUM_INDEX_URL, $PHORUM['forum_id']);
}
if (isset($PHORUM["args"][1]) && is_numeric($PHORUM["args"][1])) {
$message_id = $PHORUM["args"][1];
} else {
phorum_api_redirect(PHORUM_INDEX_URL, $PHORUM['forum_id']);
}
$message = $PHORUM['DB']->get_message($message_id);
if (empty($message)) {
phorum_api_redirect(PHORUM_INDEX_URL, $PHORUM["forum_id"]);
}
$PHORUM["DATA"]["MODERATOR"] = phorum_api_user_check_access(PHORUM_USER_ALLOW_MODERATE_MESSAGES);
$edit_tracks = $PHORUM['DB']->get_message_edits($message_id);
if (count($edit_tracks) == 0 || $PHORUM["track_edits"] == PHORUM_EDIT_TRACK_OFF || $PHORUM["track_edits"] == PHORUM_EDIT_TRACK_MODERATOR && !$PHORUM["DATA"]["MODERATOR"]) {
phorum_api_redirect(PHORUM_READ_URL, $message['thread'], $message_id);
}
$diffs = array_reverse($edit_tracks);
// push an empty diff for the current status
array_push($diffs, array());
$prev_body = -1;
$prev_subject = -1;
foreach ($diffs as $diff_info) {
if (!isset($diff_info["user_id"])) {
$this_version["username"] = empty($PHORUM['custom_display_name']) ? htmlspecialchars($message["author"], ENT_COMPAT, $PHORUM["DATA"]["HCHARSET"]) : $message["author"];
$this_version["user_id"] = $message["user_id"];
$this_version["date"] = phorum_api_format_date($PHORUM["long_date_time"], $message["datestamp"]);
$this_version["original"] = true;
} else {
$edit_user = phorum_api_user_get($diff_info['user_id']);
$this_version["username"] = empty($PHORUM['custom_display_name']) ? htmlspecialchars($edit_user["display_name"], ENT_COMPAT, $PHORUM["DATA"]["HCHARSET"]) : $edit_user["display_name"];
} else {
// for threaded
$dest_url = phorum_api_url(PHORUM_READ_URL, $thread, $new_message);
}
}
break;
}
if (empty($dest_url)) {
if ($thread > 0) {
$dest_url = phorum_api_url(PHORUM_READ_URL, $thread);
} else {
// we are either at the top or the bottom, go back to the list.
$dest_url = phorum_api_url(PHORUM_LIST_URL);
}
}
phorum_api_redirect($dest_url);
}
$thread = (int) $PHORUM["args"][1];
$message_id = (int) $PHORUM["args"][2];
if (isset($PHORUM["args"][3]) && $PHORUM["args"][3] == "printview") {
$PHORUM["DATA"]["PRINTVIEW"] = 1;
} else {
$PHORUM["DATA"]["PRINTVIEW"] = 0;
}
}
// determining the page if page isn't given and message_id != thread
$page = 0;
if (!$PHORUM["threaded_read"]) {
if (isset($PHORUM['args']['page']) && is_numeric($PHORUM["args"]["page"]) && $PHORUM["args"]["page"] > 0) {
$page = (int) $PHORUM["args"]["page"];
} elseif ($message_id != $thread) {
// dst is time + 1 hour
if (isset($_POST['tz_offset']) && $_POST['tz_offset'] != -99) {
if ($_POST['tz_offset'] && isset($_POST['is_dst']) && $_POST['is_dst']) {
$_POST['tz_offset'] = ++$_POST['tz_offset'] . "";
}
}
// unsetting dst if not checked
if (!isset($_POST['is_dst'])) {
$_POST['is_dst'] = 0;
}
$oldtemplate = $PHORUM["user"]["user_template"];
list($error, $okmsg) = phorum_controlcenter_user_save($panel);
// No error and the template changed? The reload the page to
// reflect the new template.
if (empty($error) && !empty($_POST["user_template"]) && $oldtemplate != $_POST["user_template"]) {
phorum_api_redirect($PHORUM['DATA']['URL']['CC6']);
}
}
if (isset($PHORUM["user_time_zone"])) {
$PHORUM['DATA']['PROFILE']['TZSELECTION'] = $PHORUM["user_time_zone"];
}
// compute the tz-array
if (!isset($PHORUM['DATA']['PROFILE']['tz_offset']) || $PHORUM['DATA']['PROFILE']['tz_offset'] == -99) {
$defsel = " selected=\"selected\"";
} else {
$defsel = "";
}
// remove dst from tz_offset
if (isset($PHORUM['DATA']['PROFILE']['is_dst']) && $PHORUM['DATA']['PROFILE']['is_dst']) {
$PHORUM['DATA']['PROFILE']['tz_offset'] = --$PHORUM['DATA']['PROFILE']['tz_offset'];
$PHORUM['DATA']['PROFILE']['tz_offset'] = number_format($PHORUM['DATA']['PROFILE']['tz_offset'], 2);
if (isset($PHORUM["status"]) && $PHORUM["status"] == PHORUM_MASTER_STATUS_READ_ONLY && empty($PHORUM['user']['admin'])) {
if (!(isset($PHORUM["postingargs"]["as_include"]) && $PHORUM["postingargs"]["as_include"])) {
phorum_build_common_urls();
// Only show header and footer when not included in another page.
phorum_api_output("message");
}
return;
}
// No forum id was set. Take the user back to the index.
if (!isset($PHORUM["forum_id"])) {
phorum_api_redirect(PHORUM_INDEX_URL);
}
// Somehow we got to a folder in posting.php. Take the
// user back to the folder.
if ($PHORUM["folder_flag"]) {
phorum_api_redirect(PHORUM_INDEX_URL, $PHORUM["forum_id"]);
}
// ----------------------------------------------------------------------
// Definitions
// ----------------------------------------------------------------------
// A list of valid posting modes.
$valid_modes = array("post", "reply", "quote", "edit", "moderation");
// Form field configuration:
// -------------------------
//
// Configuration that we use for fields that we use in the editor form.
// The format for the array elements is:
//
// [0] The type of field. One of: string, integer, boolean, array.
// [1] Whether the value must be included as a hidden form field
// This is used for identifying values which are always implemented
/**
* Require that the user is logged in.
*
* A check is done to see if the user is logged in.
* If not, then the user is redirected to the login page.
*
* @param bool $tight_security
* When this parameter has a true value (default is FALSE),
* then a tight security check is done. This means that a check
* is done to see if a short term session is active. An available
* long term session is not good enough in this case.
*
* Tight Security is an option that can be enabled from Phorum's
* admin interface.
*/
function phorum_api_request_require_login($tight_security = FALSE)
{
global $PHORUM;
// Check if we have an authenticated user.
if (!$PHORUM['user']['user_id']) {
phorum_api_redirect(PHORUM_LOGIN_URL, 'redir=' . urlencode(phorum_api_url_current()));
}
// Handle tight security.
if ($tight_security && !$PHORUM['DATA']['FULLY_LOGGEDIN']) {
phorum_api_redirect(PHORUM_LOGIN_URL, 'redir=' . urlencode(phorum_api_url_current()));
}
}
/**
* @deprecated Replaced by {@link phorum_api_redirect()}.
*/
function phorum_redirect_by_url($url)
{
return phorum_api_redirect($url);
}
include PHORUM_PATH . '/include/moderation/split_thread.php';
break;
case PHORUM_DO_THREAD_SPLIT:
// this is the last step of a thread split
include PHORUM_PATH . '/include/moderation/do_thread_split.php';
break;
case PHORUM_MAKE_STICKY:
// make a thread sticky
include PHORUM_PATH . '/include/moderation/make_sticky.php';
break;
case PHORUM_MAKE_UNSTICKY:
// make a thread unsticky
include PHORUM_PATH . '/include/moderation/make_unsticky.php';
break;
default:
phorum_api_redirect(phorum_moderation_back_url());
}
// Remove the affected messages from the cache if caching is enabled.
if ($PHORUM['cache_messages']) {
$invalidate_forums = array();
foreach ($invalidate_message_cache as $message) {
phorum_api_cache_remove('message', $message['forum_id'] . "-" . $message["message_id"]);
$invalidate_forums[$message['forum_id']] = $message['forum_id'];
}
if (is_array($invalidate_forums) && count($invalidate_forums)) {
// increment the cache version for all involved forums once
foreach ($invalidate_forums as $forum_id) {
phorum_api_forums_increment_cache_version($forum_id);
}
}
}
}
// The action has been completed successfully.
// Redirect the user to the result page.
if ($redirect) {
$args = array(PHORUM_PM_URL, "page=" . $page, "folder_id=" . $folder_id);
if (isset($pm_rcpts)) {
$args[] = "to_id=" . implode(':', $pm_rcpts);
}
if (!empty($pm_id)) {
$args[] = "pm_id=" . $pm_id;
}
if (!empty($redirect_message)) {
$args[] = "okmsg=" . $redirect_message;
}
$redir_url = call_user_func_array('phorum_api_url', $args);
phorum_api_redirect($redir_url);
}
}
// ------------------------------------------------------------------------
// Display a PM page
// ------------------------------------------------------------------------
if (empty($PHORUM["DATA"]["HEADING"])) {
$PHORUM["DATA"]["HEADING"] = $PHORUM["DATA"]["LANG"]["PrivateMessages"];
}
// unset default description
$PHORUM['DATA']['DESCRIPTION'] = '';
$PHORUM['DATA']['HTML_DESCRIPTION'] = '';
// Use the message list as the default page.
if (!$page) {
$page = "list";
$folder_id = PHORUM_PM_INBOX;
}
$report = false;
$template = "report";
$message = array();
$message_id = 0;
// get the message
if (isset($PHORUM["args"][1]) && is_numeric($PHORUM["args"][1])) {
$message_id = $PHORUM["args"][1];
$message = $PHORUM['DB']->get_message($message_id);
} else {
phorum_api_redirect(PHORUM_LIST_URL);
}
if (is_array($message) && count($message)) {
// check for report requests
if (!empty($_POST["cancel"])) {
return phorum_api_redirect(phorum_api_url(PHORUM_FOREIGN_READ_URL, $message["forum_id"], $message["thread"], $message['message_id']));
}
if (!empty($_POST["report"])) {
if ($PHORUM["DATA"]["LOGGEDIN"]) {
if (empty($_POST["explanation"])) {
$_POST["explanation"] = "<" . $PHORUM["DATA"]["LANG"]["None"] . ">";
}
$mail_users = phorum_api_user_list_moderators($PHORUM['forum_id'], $PHORUM['email_ignore_admin'], TRUE);
if (count($mail_users)) {
$mail_data = array("mailmessage" => $PHORUM["DATA"]["LANG"]['ReportPostEmailBody'], "mailsubject" => $PHORUM["DATA"]["LANG"]['ReportPostEmailSubject'], "forumname" => $PHORUM["DATA"]["NAME"], "reportedby" => $PHORUM["user"]["display_name"], "author" => $message["author"], "subject" => $message["subject"], "body" => wordwrap($message["body"], 72), "ip" => $message["ip"], "raw_date" => $message["datestamp"], "date" => phorum_api_format_date($PHORUM["short_date_time"], $message["datestamp"]), "explanation" => wordwrap($_POST["explanation"], 72), "url" => phorum_api_url(PHORUM_READ_URL, $message["thread"], $message_id), "delete_url" => phorum_api_url(PHORUM_MODERATION_URL, PHORUM_DELETE_MESSAGE, $message_id), "hide_url" => phorum_api_url(PHORUM_MODERATION_URL, PHORUM_HIDE_POST, $message_id), "edit_url" => phorum_api_url(PHORUM_POSTING_URL, 'moderation', $message_id), "reporter_url" => phorum_api_url(PHORUM_PROFILE_URL, $PHORUM["user"]["user_id"]), "message" => $message);
if (isset($_POST[PHORUM_SESSION_LONG_TERM])) {
// strip any auth info from the created urls
$mail_data["url"] = preg_replace("!,{0,1}" . PHORUM_SESSION_LONG_TERM . "=" . urlencode($_POST[PHORUM_SESSION_LONG_TERM]) . "!", "", $mail_data["url"]);
$mail_data["delete_url"] = preg_replace("!,{0,1}" . PHORUM_SESSION_LONG_TERM . "=" . urlencode($_POST[PHORUM_SESSION_LONG_TERM]) . "!", "", $mail_data["delete_url"]);
$mail_data["hide_url"] = preg_replace("!,{0,1}" . PHORUM_SESSION_LONG_TERM . "=" . urlencode($_POST[PHORUM_SESSION_LONG_TERM]) . "!", "", $mail_data["hide_url"]);
$mail_data["edit_url"] = preg_replace("!,{0,1}" . PHORUM_SESSION_LONG_TERM . "=" . urlencode($_POST[PHORUM_SESSION_LONG_TERM]) . "!", "", $mail_data["edit_url"]);
// token timeout.
$post = $_POST;
unset($post['module']);
unset($post['phorum_admin_token']);
$get = $_GET;
unset($get['module']);
unset($get['phorum_admin_token']);
if (empty($post) && empty($get)) {
$module = '';
if (isset($_POST['module'])) {
$module = basename($_POST['module']);
} elseif (isset($_GET['module'])) {
$module = basename($_GET['module']);
}
$url = phorum_admin_build_url('module=' . urlencode($module), TRUE);
phorum_api_redirect($url);
}
$targetargs = $_SERVER['QUERY_STRING'];
$target_html = phorum_admin_build_url($targetargs);
$targs_html = htmlspecialchars($targetargs);
$post_url = phorum_admin_build_url();
?>
You are accessing the admin after a security timeout.<br /><br />
The requested URL was:
<pre><?php
echo $target_html;
?>
</pre><br />
<strong>Please make sure that you really want to access this URL and weren't tricked to go to the admin.</strong><br />
Please click on <strong>continue</strong> to go to this URL or on <strong>cancel</strong> to go to the forum homepage.
<br /><br />
// This program is distributed in the hope that it will be useful, //
// but WITHOUT ANY WARRANTY, without even the implied warranty of //
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. //
// //
// You should have received a copy of the Phorum License //
// along with this program. //
// //
////////////////////////////////////////////////////////////////////////////////
if (!defined("PHORUM_CONTROL_CENTER")) {
return;
}
if (count($_POST)) {
$old_password = trim($_POST["password_old"]);
$new_password = trim($_POST['password_new']);
// attempt to authenticate the user
if (empty($old_password) || !phorum_api_user_authenticate(PHORUM_FORUM_SESSION, $PHORUM['user']['username'], $old_password)) {
$error = $PHORUM["DATA"]["LANG"]["ErrOriginalPassword"];
} elseif (empty($new_password) || empty($_POST['password_new2']) || $_POST['password_new'] !== $_POST['password_new2']) {
$error = $PHORUM["DATA"]["LANG"]["ErrPassword"];
} else {
// everything's good, save
$_POST['password_temp'] = $_POST['password'] = $new_password;
list($error, $okmsg) = phorum_controlcenter_user_save($panel);
// Redirect to the password page, to make sure that the
// CSRF token is refreshed. This token is partly based on the
// session id and this session id changed along with the password.
phorum_api_redirect(phorum_api_url(PHORUM_CONTROLCENTER_URL, "panel=" . PHORUM_CC_PASSWORD, "okmsg=" . urlencode($okmsg)));
}
}
$PHORUM['DATA']['PROFILE']['CHANGEPASSWORD'] = 1;
$template = "cc_usersettings";
