} elseif ($toforum = phorum_check_moved_message($thread)) { // is it a moved thread? $PHORUM["DATA"]["OKMSG"] = $PHORUM["DATA"]["LANG"]["MovedMessage"]; $PHORUM['DATA']["URL"]["REDIRECT"] = phorum_get_url(PHORUM_FOREIGN_READ_URL, $toforum, $thread); $PHORUM['DATA']["BACKMSG"] = $PHORUM["DATA"]["LANG"]["MovedMessageTo"]; $PHORUM["DATA"]["HTML_TITLE"] = htmlspecialchars($PHORUM["DATA"]["HTML_TITLE"], ENT_COMPAT, $PHORUM["DATA"]["HCHARSET"]); // have to include the header here for the Redirect phorum_output("message"); } else { // message not found $PHORUM["DATA"]["ERROR"] = $PHORUM["DATA"]["LANG"]["MessageNotFound"]; $PHORUM['DATA']["URL"]["REDIRECT"] = $PHORUM["DATA"]["URL"]["LIST"]; $PHORUM['DATA']["BACKMSG"] = $PHORUM["DATA"]["LANG"]["BackToList"]; $PHORUM["DATA"]["HTML_TITLE"] = htmlspecialchars($PHORUM["DATA"]["HTML_TITLE"], ENT_COMPAT, $PHORUM["DATA"]["HCHARSET"]); // have to include the header here for the Redirect phorum_output("message"); } // find out if the given thread has been moved to another forum function phorum_check_moved_message($thread) { $forum_id = $GLOBALS['PHORUM']['forum_id']; $message = phorum_db_get_message($thread, 'message_id', true); if (!empty($message) && $message['forum_id'] != $forum_id) { $ret = $message['forum_id']; } else { $ret = false; } return $ret; } //timing_mark("end"); //timing_print();
phorum_email_user($mail_users, $mail_data); $PHORUM["DATA"]["URL"]["REDIRECT"] = phorum_get_url(PHORUM_FOREIGN_READ_URL, $message["forum_id"], $message["thread"]); $PHORUM["DATA"]["BACKMSG"] = $PHORUM["DATA"]["LANG"]["BackToThread"]; $PHORUM["DATA"]["OKMSG"] = $PHORUM["DATA"]["LANG"]["ReportPostSuccess"]; $template = "message"; $report = true; } } else { $PHORUM["DATA"]["ReportPostMessage"] = $PHORUM["DATA"]["LANG"]['ReportPostNotAllowed']; } } // format message list($message) = phorum_format_messages(array($message)); $PHORUM["DATA"]["PostSubject"] = $message["subject"]; $PHORUM["DATA"]["PostAuthor"] = $message["author"]; $PHORUM["DATA"]["PostBody"] = $message["body"]; $PHORUM["DATA"]["raw_PostDate"] = $message["datestamp"]; $PHORUM["DATA"]["PostDate"] = phorum_date($PHORUM["short_date_time"], $message["datestamp"]); $PHORUM["DATA"]["ReportURL"] = phorum_get_url(PHORUM_REPORT_URL, $message_id); // if the report was not successfully sent, keep whatever explanation they gave already if (isset($_POST["explanation"]) && !$report) { $PHORUM["DATA"]["explanation"] = $_POST["explanation"]; } else { $PHORUM["DATA"]["explanation"] = ""; } } else { $PHORUM["DATA"]["ERROR"] = $PHORUM['DATA']['LANG']['MessageNotFound']; $template = 'message'; } phorum_output($template);
$redir_url = $not_viewable ? phorum_get_url(PHORUM_LIST_URL) : phorum_get_url(PHORUM_READ_URL, $message["thread"]); } } else { $redir_url = phorum_get_url(PHORUM_LIST_URL); } if ($message["status"] > 0) { phorum_redirect_by_url($redir_url); } else { // give a message about this being a moderated forum before redirecting $PHORUM['DATA']['OKMSG'] = $PHORUM['DATA']['LANG']['ModeratedForum']; $PHORUM['DATA']["URL"]["REDIRECT"] = $redir_url; // BACKMSG is depending on the place we are returning to if ($PHORUM["redirect_after_post"] == "read") { $PHORUM['DATA']['BACKMSG'] = $PHORUM['DATA']['LANG']['BackToThread']; } else { $PHORUM['DATA']['BACKMSG'] = $PHORUM['DATA']['LANG']['BackToList']; } // make it a little bit more visible $PHORUM['DATA']["URL"]["REDIRECT_TIME"] = 10; phorum_output('message'); exit(0); } return; } // If we get here, the posting was not successful. The return value from // the post function is 0 in case of duplicate posting and FALSE in case // a database problem occured. // Restore the original message. $message = $message_copy; // Setup the data for displaying an error to the user. $PHORUM["DATA"]["ERROR"] = $success === 0 ? $PHORUM["DATA"]["LANG"]['PostErrorDuplicate'] : $PHORUM["DATA"]["LANG"]['PostErrorOccured'];
} elseif ($PHORUM["show_new_on_index"] == 2) { $forum["new_message_check"] = $new_checks[$forum["forum_id"]]; } } } $forums_shown = true; if ($forum["folder_flag"]) { $PHORUM["DATA"]["FOLDERS"][] = $forum; } else { $PHORUM["DATA"]["FORUMS"][] = $forum; } } if (!$forums_shown) { // we did not show any forums here, show an error-message // set all our URL's phorum_build_common_urls(); unset($PHORUM["DATA"]["URL"]["TOP"]); $PHORUM["DATA"]["OKMSG"] = $PHORUM["DATA"]["LANG"]["NoForums"]; phorum_output("message"); } else { if (isset($PHORUM["hooks"]["index"])) { $PHORUM["DATA"]["FORUMS"] = phorum_hook("index", $PHORUM["DATA"]["FORUMS"]); } // set all our URL's phorum_build_common_urls(); // should we show the top-link? if ($PHORUM['forum_id'] == 0 || $PHORUM['vroot'] == $PHORUM['forum_id']) { unset($PHORUM["DATA"]["URL"]["INDEX"]); } phorum_output("index_classic"); }
$PHORUM["DATA"]["URL"]["BUDDIES"] = phorum_get_url(PHORUM_PM_URL, "page=buddies"); $PHORUM["DATA"]["PM_FOLDERS"] = $pm_folders; $PHORUM["DATA"]["PM_USERFOLDERS"] = count($pm_userfolders) ? $pm_userfolders : 0; // Set some default template data. $PHORUM["DATA"]["URL"]["ACTION"] = phorum_get_url(PHORUM_PM_ACTION_URL); $PHORUM["DATA"]["FOLDER_ID"] = $folder_id; $PHORUM["DATA"]["FOLDER_IS_INCOMING"] = $folder_id == PHORUM_PM_OUTBOX ? 0 : 1; $PHORUM["DATA"]["PM_PAGE"] = $page; $PHORUM["DATA"]["PM_TEMPLATE"] = $template; $PHORUM["DATA"]["HIDE_USERSELECT"] = $hide_userselect; if ($error_msg) { $PHORUM["DATA"]["ERROR"] = $error_msg; unset($PHORUM["DATA"]["MESSAGE"]); phorum_output("message"); } else { phorum_output("pm"); } // ------------------------------------------------------------------------ // Utility functions // ------------------------------------------------------------------------ // Apply the default forum message formatting to a private message. function phorum_pm_format($messages) { $PHORUM = $GLOBALS["PHORUM"]; include_once "./include/format_functions.php"; // Reformat message so it looks like a forum message (so we can run it // through phorum_format_messages) and do some PM specific formatting. foreach ($messages as $id => $message) { // The formatting code expects a message id. $messages[$id]["message_id"] = $id; // Read URLs need a folder id, so we only create that URL if
* [input] * An array containing all the forums and folders that will be shown * on the index page. * * [output] * The same array as the one that was used for the hook call * argument, possibly with some updated fields in it. * * [example] * <hookcode> * function phorum_mod_foo_index($data) * { * global $PHORUM; * * foreach ($data as $id => $item) * { * if (!$item['folder_flag']) * { * $data[$id]['description'] .= '<br/>Blah foo bar baz'; * } * } * * return $data; * } * </hookcode> */ if (isset($PHORUM["hooks"]["index"])) { $PHORUM["DATA"]["FORUMS"] = phorum_hook("index", $PHORUM["DATA"]["FORUMS"]); } phorum_output("index_new");
/** * Outputs a confirmation form. To maintain backwards compatibility with * the templates, we generate a form in code and output it using stdblock * * The function exits the script after displaying the form * * @param string $message Message to display to users * @param string $action The URI to post the form to * @param array $args The hidden form values to be used in the form * @return void * */ function phorum_show_confirmation_form($title, $message, $action, $args) { global $PHORUM; ob_start(); ?> <form action="<?php echo htmlspecialchars($action, ENT_COMPAT, $PHORUM["DATA"]["HCHARSET"]); ?> " method="post"> <?php echo htmlspecialchars($message, ENT_COMPAT, $PHORUM["DATA"]["HCHARSET"]); ?> <input type="hidden" name="forum_id" value="<?php echo $PHORUM["forum_id"]; ?> " /> <?php foreach ($args as $name => $value) { ?> <input type="hidden" name="<?php echo htmlspecialchars($name, ENT_COMPAT, $PHORUM["DATA"]["HCHARSET"]); ?> " value="<?php echo htmlspecialchars($value, ENT_COMPAT, $PHORUM["DATA"]["HCHARSET"]); ?> " /> <?php } ?> <?php echo $PHORUM["DATA"]["POST_VARS"]; ?> <input class="button button-small" type="submit" name="confirmation" value="<?php echo $PHORUM["DATA"]["LANG"]["Yes"]; ?> " /> <input class="button button-small" type="submit" name="confirmation" value="<?php echo $PHORUM["DATA"]["LANG"]["No"]; ?> " /> </form> <?php $PHORUM["DATA"]["BLOCK_TITLE"] = $title; $PHORUM["DATA"]["BLOCK_CONTENT"] = ob_get_clean(); phorum_output("stdblock"); }
$this_version["colored_subject"] = $message["subject"]; }*/ // only happens in first loop if ($prev_subject == -1) { $prev_subject = $message["subject"]; } // subject diffs if (isset($diff_info['diff_subject']) && !empty($diff_info['diff_subject'])) { $colored_subject = phorum_unpatch_color($prev_subject, $diff_info['diff_subject']); $prev_subject = phorum_unpatch($prev_subject, $diff_info['diff_subject']); $colored_subject = htmlspecialchars($colored_subject, ENT_COMPAT, $PHORUM["DATA"]["HCHARSET"]); $colored_subject = str_replace(array("[phorum addition]", "[phorum removal]", "[/phorum addition]", "[/phorum removal]"), array("<span class=\"addition\">", "<span class=\"removal\">", "</span>", "</span>"), $colored_subject); $colored_subject = nl2br($colored_subject); $this_version["colored_subject"] = $colored_subject; } elseif (!isset($diff_info['diff_subject'])) { $this_version['colored_subject'] = nl2br($prev_subject); } else { $this_version["colored_subject"] = nl2br($prev_subject); } // no nl2br for subject //$this_version["colored_subject"] = nl2br($this_version["colored_subject"]); $message_hist[] = $this_version; } $PHORUM["DATA"]["HEADING"] = $PHORUM["DATA"]["LANG"]["ChangeHistory"]; // unset default description $PHORUM["DATA"]["DESCRIPTION"] = ""; $PHORUM["DATA"]["MESSAGE"]["subject"] = htmlspecialchars($message["subject"], ENT_COMPAT, $PHORUM["DATA"]["HCHARSET"]); $PHORUM["DATA"]["MESSAGE"]["URL"]["READ"] = phorum_get_url(PHORUM_READ_URL, $message["thread"], $message_id); $PHORUM["DATA"]["CHANGES"] = $message_hist; phorum_output("changes");
$PHORUM["post_fields"]["email"][pf_READONLY] = false; } } if (isset($PHORUM["DATA"]["SHOW_SPECIALOPTIONS"]) && $PHORUM["DATA"]["SHOW_SPECIALOPTIONS"]) { $PHORUM["post_fields"]["special"][pf_READONLY] = false; } if (isset($PHORUM["DATA"]["OPTION_ALLOWED"]["allow_reply"]) && $PHORUM["DATA"]["OPTION_ALLOWED"]["allow_reply"]) { $PHORUM["post_fields"]["allow_reply"][pf_READONLY] = false; } // Check permissions and apply read-only data. // Only do this on entering and on finishing up. // No checking is needed on intermediate requests. if ($initial || $finish) { include './include/posting/check_permissions.php'; if ($PHORUM["posting_template"] == 'message' && empty($PHORUM["postingargs"]["as_include"])) { return phorum_output('message'); } } // Do permission checks for attachment management. if ($do_attach || $do_detach) { if (!$PHORUM["DATA"]["ATTACHMENTS"]) { $PHORUM["DATA"]["ERROR"] = $PHORUM["DATA"]["LANG"]["AttachNotAllowed"]; } } // ---------------------------------------------------------------------- // Perform actions // ---------------------------------------------------------------------- /* * [hook] * posting_custom_action *
// No data posted, so this is the first request. Initialize form data. } else { // Initialize fixed fields. $PHORUM["DATA"]["REGISTER"]["username"] = ""; $PHORUM["DATA"]["REGISTER"]["email"] = ""; $PHORUM["DATA"]["ERROR"] = ""; // Initialize custom profile fields. foreach ($PHORUM["PROFILE_FIELDS"] as $id => $field) { if ($id === 'num_fields' || !empty($field['deleted'])) { continue; } $PHORUM["DATA"]["REGISTER"][$field["name"]] = ""; } } // fill the breadcrumbs-info. $PHORUM['DATA']['BREADCRUMBS'][] = array('URL' => '', 'TEXT' => $PHORUM['DATA']['LANG']['Register'], 'TYPE' => 'register'); // fill the page heading info. $PHORUM['DATA']['HEADING'] = $PHORUM['DATA']['LANG']['Register']; $PHORUM['DATA']['HTML_DESCRIPTION'] = ''; $PHORUM['DATA']['DESCRIPTION'] = ''; # Setup static template data. $PHORUM["DATA"]["REGISTERFORM"] = 1; $PHORUM["DATA"]["URL"]["ACTION"] = phorum_get_url(PHORUM_REGISTER_ACTION_URL); $PHORUM["DATA"]["REGISTER"]["forum_id"] = $PHORUM["forum_id"]; $PHORUM["DATA"]["REGISTER"]["block_title"] = $PHORUM["DATA"]["LANG"]["Register"]; // Set the field to set the focus to after loading. // $PHORUM["DATA"]["FOCUS_TO_ID"] = empty($_POST["username"]) ? "username" : "password"; $PHORUM["DATA"]["FOCUS_TO_ID"] = "username"; // Display the registration page. phorum_output("register");
/** * Setup and check posting tokens for form POST requests. * * For protecting forms against CSRF attacks, a signed posting token * is utilized. This posting token must be included in the POST request. * Without the token, Phorum will not accept the POST data. * * This function will check whether we are handling a POST request. * If yes, then check if an anti-CSRF token is provided in the POST data. * If no token is available or if the token does not match the expected * token, then the POST request is rejected. * * As a side effect, the required token is added to the {POST_VARS} * template variable. This facilitates protecting scripts. As * long as the template variable is added to the <form> for the * script, it will be automatically protected. * * @param string $target_page * The page for which to check a posting token. When no target * page is provided, then the constant "phorum_page" is used instead. * * @return string * The expected posting token. */ function phorum_check_posting_token($target_page = NULL) { global $PHORUM; if ($target_page === NULL) { $target_page = phorum_page; } // Generate the posting token. $posting_token = md5(($target_page !== NULL ? $target_page : phorum_page) . '/' . ($PHORUM['user']['user_id'] ? $PHORUM['user']['password'] . '/' . $PHORUM['user']['sessid_lt'] : (isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : 'unknown')) . '/' . $PHORUM['private_key']); // Add the posting token to the {POST_VARS}. $PHORUM['DATA']['POST_VARS'] .= "<input type=\"hidden\" name=\"posting_token:{$target_page}\" " . "value=\"{$posting_token}\"/>\n"; // Check the posting token if a form post is done. if (!empty($_POST)) { if (!isset($_POST["posting_token:{$target_page}"]) || $_POST["posting_token:{$target_page}"] != $posting_token) { $PHORUM['DATA']['ERROR'] = 'Possible hack attempt detected. ' . 'The posted form data was rejected.'; phorum_build_common_urls(); phorum_output("message"); exit; } } return $posting_token; }
/** * Outputs a confirmation form. To maintain backwards compatibility with * the templates, we generate a form in code and output it using stdblock * * The function exits the script after displaying the form * * @param string $message Message to display to users * @param string $action The URI to post the form to * @param array $args The hidden form values to be used in the form * @return void * */ function phorum_show_confirmation_form($message, $action, $args) { global $PHORUM; ob_start(); ?> <div style="text-align: center;"> <strong><?php echo htmlspecialchars($message, ENT_COMPAT, $PHORUM["DATA"]["HCHARSET"]); ?> </strong> <br /> <br /> <form action="<?php echo htmlspecialchars($action, ENT_COMPAT, $PHORUM["DATA"]["HCHARSET"]); ?> " method="post"> <input type="hidden" name="forum_id" value="<?php echo $PHORUM["forum_id"]; ?> " /> <?php foreach ($args as $name => $value) { ?> <input type="hidden" name="<?php echo htmlspecialchars($name, ENT_COMPAT, $PHORUM["DATA"]["HCHARSET"]); ?> " value="<?php echo htmlspecialchars($value, ENT_COMPAT, $PHORUM["DATA"]["HCHARSET"]); ?> " /> <?php } ?> <?php echo $PHORUM["DATA"]["POST_VARS"]; ?> <input type="submit" name="confirmation" value="<?php echo $PHORUM["DATA"]["LANG"]["Yes"]; ?> " /> <input type="submit" name="confirmation" value="<?php echo $PHORUM["DATA"]["LANG"]["No"]; ?> " /> </form> <br /> </div> <?php $PHORUM["DATA"]["BLOCK_CONTENT"] = ob_get_clean(); phorum_output("stdblock"); }
// Set the field to focus. Only set the focus if we have // no message to display to the user and if we're not in a preview. // In those cases, it's better to stay at the top of the // page, so the user can see it. if (phorum_page == "post" && !isset($PHORUM["DATA"]["OKMSG"]) && !isset($PHORUM["DATA"]["ERROR"]) && !$preview) { $focus = "subject"; if (!empty($message["subject"])) { $focus = "body"; } $PHORUM["DATA"]["FOCUS_TO_ID"] = $focus; } } if (isset($PHORUM["postingargs"]["as_include"]) && isset($templates)) { $templates[] = $PHORUM["posting_template"]; } else { phorum_output($PHORUM["posting_template"]); } // ---------------------------------------------------------------------- // Functions // ---------------------------------------------------------------------- // Merge data from a database message record into the form fields // that we use. If $apply_readonly is set to a true value, then // only the fields which are flagged as read-only will be copied. function phorum_posting_merge_db2form($form, $db, $apply_readonly = false) { $PHORUM = $GLOBALS['PHORUM']; // If we have a user linked to the current message, then get the // user data from the database, if it has to be applied as // read-only data. We fetch the data here, so later on we // can apply it to the message. if (($PHORUM["post_fields"]["email"][pf_READONLY] || $PHORUM["post_fields"]["author"][pf_READONLY]) && !empty($db["user_id"])) {
/** * A common function for checking the read-permissions for a forum-page * returns false if access is not allowed and an error page-was output */ function phorum_check_read_common() { $PHORUM = $GLOBALS['PHORUM']; $retval = true; if ($PHORUM["forum_id"] > 0 && !$PHORUM["folder_flag"] && !phorum_api_user_check_access(PHORUM_USER_ALLOW_READ)) { if ($PHORUM["DATA"]["LOGGEDIN"]) { // if they are logged in and not allowed, they don't have rights $GLOBALS['PHORUM']["DATA"]["OKMSG"] = $PHORUM["DATA"]["LANG"]["NoRead"]; } else { // check if they could read if logged in. // if so, let them know to log in. if (empty($PHORUM["DATA"]["POST"]["parentid"]) && $PHORUM["reg_perms"] & PHORUM_USER_ALLOW_READ) { $GLOBALS['PHORUM']["DATA"]["OKMSG"] = $PHORUM["DATA"]["LANG"]["PleaseLoginRead"]; } else { $GLOBALS['PHORUM']["DATA"]["OKMSG"] = $PHORUM["DATA"]["LANG"]["NoRead"]; } } phorum_build_common_urls(); phorum_output("message"); $retval = false; } return $retval; }