function pun_mail($to, $subject, $message, $reply_to_email = '', $reply_to_name = '')
{
global $pun_config, $lang_common;
// Default sender/return address
$from_name = str_replace('"', '', $pun_config['o_board_title'] . ' ' . $lang_common['Mailer']);
$from_email = $pun_config['o_webmaster_email'];
// Do a little spring cleaning
$to = pun_trim(preg_replace('#[\\n\\r]+#s', '', $to));
$subject = pun_trim(preg_replace('#[\\n\\r]+#s', '', $subject));
$from_email = pun_trim(preg_replace('#[\\n\\r:]+#s', '', $from_email));
$from_name = pun_trim(preg_replace('#[\\n\\r:]+#s', '', str_replace('"', '', $from_name)));
$reply_to_email = pun_trim(preg_replace('#[\\n\\r:]+#s', '', $reply_to_email));
$reply_to_name = pun_trim(preg_replace('#[\\n\\r:]+#s', '', str_replace('"', '', $reply_to_name)));
// Set up some headers to take advantage of UTF-8
$from = "=?UTF-8?B?" . base64_encode($from_name) . "?=" . ' <' . $from_email . '>';
$subject = "=?UTF-8?B?" . base64_encode($subject) . "?=";
$headers = 'From: ' . $from . "\r\n" . 'Date: ' . gmdate('r') . "\r\n" . 'MIME-Version: 1.0' . "\r\n" . 'Content-transfer-encoding: 8bit' . "\r\n" . 'Content-type: text/plain; charset=utf-8' . "\r\n" . 'X-Mailer: FluxBB Mailer';
// If we specified a reply-to email, we deal with it here
if (!empty($reply_to_email)) {
$reply_to = "=?UTF-8?B?" . base64_encode($reply_to_name) . "?=" . ' <' . $reply_to_email . '>';
$headers .= "\r\n" . 'Reply-To: ' . $reply_to;
}
// Make sure all linebreaks are CRLF in message (and strip out any NULL bytes)
$message = str_replace(array("\n", ""), array("\r\n", ''), pun_linebreaks($message));
if ($pun_config['o_smtp_host'] != '') {
smtp_mail($to, $subject, $message, $headers);
} else {
// Change the linebreaks used in the headers according to OS
if (strtoupper(substr(PHP_OS, 0, 3)) == 'MAC') {
$headers = str_replace("\r\n", "\r", $headers);
} else {
if (strtoupper(substr(PHP_OS, 0, 3)) != 'WIN') {
$headers = str_replace("\r\n", "\n", $headers);
}
}
mail($to, $subject, $message, $headers);
}
}
}
$db->query('DELETE FROM ' . $db->prefix . 'bans WHERE id=' . $ban_id) or error('Unable to delete ban', __FILE__, __LINE__, $db->error());
// Regenerate the bans cache
if (!defined('FORUM_CACHE_FUNCTIONS_LOADED')) {
require PUN_ROOT . 'include/cache.php';
}
generate_bans_cache();
redirect('admin_bans.php', $lang_admin_bans['Ban removed redirect']);
} else {
if (isset($_GET['find_ban'])) {
$form = isset($_GET['form']) ? $_GET['form'] : array();
// trim() all elements in $form
$form = array_map('pun_trim', $form);
$conditions = $query_str = array();
$expire_after = isset($_GET['expire_after']) ? pun_trim($_GET['expire_after']) : '';
$expire_before = isset($_GET['expire_before']) ? pun_trim($_GET['expire_before']) : '';
$order_by = isset($_GET['order_by']) && in_array($_GET['order_by'], array('username', 'ip', 'email', 'expire')) ? 'b.' . $_GET['order_by'] : 'b.username';
$direction = isset($_GET['direction']) && $_GET['direction'] == 'DESC' ? 'DESC' : 'ASC';
$query_str[] = 'order_by=' . $order_by;
$query_str[] = 'direction=' . $direction;
// Try to convert date/time to timestamps
if ($expire_after != '') {
$query_str[] = 'expire_after=' . $expire_after;
$expire_after = strtotime($expire_after);
if ($expire_after === false || $expire_after == -1) {
message($lang_admin_bans['Invalid date message']);
}
$conditions[] = 'b.expire>' . $expire_after;
}
if ($expire_before != '') {
$query_str[] = 'expire_before=' . $expire_before;
message($lang_common['Bad request']);
}
if ($num_post == 1) {
$del_old_topic = TRUE;
}
// Load the movepost.php language file
require PUN_ROOT . 'lang/' . $pun_user['language'] . '/movepost.php';
if (isset($_POST['form_sent'])) {
$form_sent = intval($_POST['form_sent']);
$new_topic_id = $_POST['topic_to_move'];
if ($new_topic_id == '' && $form_sent != 2) {
message($lang_movepost['Bad topic']);
}
// If it's a creation of a new topic
if ($form_sent == 2) {
$new_subject = pun_trim($_POST['create_topic']);
if ($new_subject == '') {
message($form_sent . $lang_movepost['Bad new topic']);
}
if ($pun_config['p_subject_all_caps'] == '0' && strtoupper($new_subject) == $new_subject && $pun_user['g_id'] > PUN_MOD) {
}
$new_subject = ucwords(strtolower($new_subject));
// Create the topic
$db->query('INSERT INTO ' . $db->prefix . 'topics (subject, forum_id) VALUES(\'' . $db->escape($new_subject) . '\', ' . $fid . ')') or error('Unable to create topic', __FILE__, __LINE__, $db->error());
$new_topic_id = $db->insert_id();
}
// If all the posts move
if (isset($_POST['move_all_post'])) {
// Create the list of the post
$result = $db->query('SELECT id FROM ' . $db->prefix . 'posts WHERE topic_id=' . $old_topic_id) or error('Unable to update user last visit data', __FILE__, __LINE__, $db->error());
if ($db->num_rows($result)) {
function pun_mail($to, $subject, $message, $reply_to_email = '', $reply_to_name = '')
{
global $pun_config, $lang;
// Default sender/return address
$from_name = $lang->t('Mailer', $pun_config['o_board_title']);
$from_email = $pun_config['o_webmaster_email'];
// Do a little spring cleaning
$to = pun_trim(preg_replace('%[\\n\\r]+%s', '', $to));
$subject = pun_trim(preg_replace('%[\\n\\r]+%s', '', $subject));
$from_email = pun_trim(preg_replace('%[\\n\\r:]+%s', '', $from_email));
$from_name = pun_trim(preg_replace('%[\\n\\r:]+%s', '', str_replace('"', '', $from_name)));
$reply_to_email = pun_trim(preg_replace('%[\\n\\r:]+%s', '', $reply_to_email));
$reply_to_name = pun_trim(preg_replace('%[\\n\\r:]+%s', '', str_replace('"', '', $reply_to_name)));
// Set up some headers to take advantage of UTF-8
$from = '"' . encode_mail_text($from_name) . '" <' . $from_email . '>';
$subject = encode_mail_text($subject);
$headers = 'From: ' . $from . "\r\n" . 'Date: ' . gmdate('r') . "\r\n" . 'MIME-Version: 1.0' . "\r\n" . 'Content-transfer-encoding: 8bit' . "\r\n" . 'Content-type: text/plain; charset=utf-8' . "\r\n" . 'X-Mailer: FluxBB Mailer';
// If we specified a reply-to email, we deal with it here
if (!empty($reply_to_email)) {
$reply_to = '"' . encode_mail_text($reply_to_name) . '" <' . $reply_to_email . '>';
$headers .= "\r\n" . 'Reply-To: ' . $reply_to;
}
// Make sure all linebreaks are LF in message (and strip out any NULL bytes)
$message = str_replace("", '', pun_linebreaks($message));
if ($pun_config['o_smtp_host'] != '') {
// Headers should be \r\n
// Message should be ??
$message = str_replace("\n", "\r\n", $message);
smtp_mail($to, $subject, $message, $headers);
} else {
// Headers should be \r\n
// Message should be \n
mail($to, $subject, $message, $headers);
}
}
$_POST['merge'] = 1;
} else {
$_POST['merge'] = 0;
}
if (!$pun_user['is_guest'] && !$fid && (($is_admmod && $_POST['merge']) == 1 || !$is_admmod) && $cur_posting['poster_id'] && $cur_posting['message'] && $_SERVER['REQUEST_TIME'] - $cur_posting['posted'] < $pun_config['o_timeout_merge']) {
// Preparing separator
$merged_after = $_SERVER['REQUEST_TIME'] - $cur_posting['posted'];
$merged_sec = $merged_after % 60;
$merged_min = $merged_after / 60 % 60;
$merged_hours = $merged_after / 3600 % 24;
$merged_days = $merged_after / 86400 % 31;
$s_st = $merged_sec ? seconds_st($merged_sec) : '';
$m_st = $merged_min ? minutes_st($merged_min) : '';
$h_st = $merged_hours ? hours_st($merged_hours) : '';
$d_st = $merged_days ? days_st($merged_days) : '';
$message = pun_linebreaks(pun_trim('[color=#bbb][i]' . $lang_post['Added'] . $d_st . ' ' . $h_st . ' ' . $m_st . ' ' . $s_st . ': [/i][/color]')) . "\n" . $message;
$merged = true;
}
// MERGE POSTS END
// If it's a reply
if ($tid) {
if (!$pun_user['is_guest']) {
// Insert the new post
if ($merged) {
$message = $cur_posting['message'] . "\n" . $message;
$db->query('UPDATE ' . $db->prefix . 'posts SET message=\'' . $db->escape($message) . '\' WHERE id=' . $cur_posting['post_id']) or error('Unable to merge post', __FILE__, __LINE__, $db->error());
$new_pid = $cur_posting['post_id'];
} else {
// Insert the new post
$db->query('INSERT INTO ' . $db->prefix . 'posts (poster, poster_id, poster_ip, message, hide_smilies, posted, topic_id) VALUES(\'' . $db->escape($username) . '\', ' . $pun_user['id'] . ', \'' . get_remote_address() . '\', \'' . $db->escape($message) . '\', \'' . $hide_smilies . '\', ' . $_SERVER['REQUEST_TIME'] . ', ' . $tid . ')') or error('Unable to create post', __FILE__, __LINE__, $db->error());
$new_pid = $db->insert_id();
}
}
if ($form['disp_posts'] != '') {
$form['disp_posts'] = intval($form['disp_posts']);
if ($form['disp_posts'] < 3) {
$form['disp_posts'] = 3;
} else {
if ($form['disp_posts'] > 75) {
$form['disp_posts'] = 75;
}
}
}
// Make sure we got a valid style string
if (isset($_POST['form']['style'])) {
$styles = forum_list_styles();
$form['style'] = pun_trim($_POST['form']['style']);
if (!in_array($form['style'], $styles)) {
message($lang_common['Bad request']);
}
}
break;
case 'privacy':
$form = array('email_setting' => intval($_POST['form']['email_setting']), 'notify_with_post' => isset($_POST['form']['notify_with_post']) ? '1' : '0', 'auto_notify' => isset($_POST['form']['auto_notify']) ? '1' : '0');
if ($form['email_setting'] < 0 || $form['email_setting'] > 2) {
$form['email_setting'] = $pun_config['o_default_email_setting'];
}
break;
default:
message($lang_common['Bad request']);
}
// Single quotes around non-empty values and NULL for empty values
$author_results[$temp['post_id']] = $temp['topic_id'];
}
$db->free_result($result);
}
}
// If we searched for both keywords and author name we want the intersection between the results
if ($author && $keywords) {
$search_ids = array_intersect_assoc($keyword_results, $author_results);
$search_type = array('both', array($keywords, pun_trim($_GET['author'])), implode(',', $forums), $search_in);
} else {
if ($keywords) {
$search_ids = $keyword_results;
$search_type = array('keywords', $keywords, implode(',', $forums), $search_in);
} else {
$search_ids = $author_results;
$search_type = array('author', pun_trim($_GET['author']), implode(',', $forums), $search_in);
}
}
unset($keyword_results, $author_results);
if ($show_as == 'topics') {
$search_ids = array_values($search_ids);
} else {
$search_ids = array_keys($search_ids);
}
$search_ids = array_unique($search_ids);
$num_hits = count($search_ids);
if (!$num_hits) {
message($lang_search['No hits']);
}
} else {
if ($action == 'show_new' || $action == 'show_recent' || $action == 'show_replies' || $action == 'show_user_posts' || $action == 'show_user_topics' || $action == 'show_subscriptions' || $action == 'show_unanswered') {
?>
" tabindex="6" /></p>
</form>
</div>
</div>
<div class="clearer"></div>
</div>
<?php
require PUN_ROOT . 'footer.php';
} else {
if (isset($_POST['add_edit_ban'])) {
confirm_referrer('admin_bans.php');
$ban_user = pun_trim($_POST['ban_user']);
$ban_ip = trim($_POST['ban_ip']);
$ban_email = strtolower(trim($_POST['ban_email']));
$ban_message = pun_trim($_POST['ban_message']);
$ban_expire = trim($_POST['ban_expire']);
if ($ban_user == '' && $ban_ip == '' && $ban_email == '') {
message($lang_admin_bans['Must enter message']);
} else {
if (strtolower($ban_user) == 'guest') {
message($lang_admin_bans['Cannot ban guest message']);
}
}
// Validate IP/IP range (it's overkill, I know)
if ($ban_ip != '') {
$ban_ip = preg_replace('/\\s{2,}/S', ' ', $ban_ip);
$addresses = explode(' ', $ban_ip);
$addresses = array_map('pun_trim', $addresses);
for ($i = 0; $i < count($addresses); ++$i) {
if (strpos($addresses[$i], ':') !== false) {
/**
* setMessage
*
* @param array $args
* @return array
* @throws Exception
*/
public function setMessage($args)
{
$message = $args['message'];
$topicId = $args['topicId'];
$hideSmiles = $args['hideSmiles'];
$topicId = intval($topicId);
if ($topicId <= 0) {
throw new Exception($this->_lang['Bad request']);
}
if ($this->_pun_user['is_guest']) {
throw new Exception($this->_lang['Bad request']);
}
if ($this->_pun_user['last_post'] && $_SERVER['REQUEST_TIME'] - $this->_pun_user['last_post'] < $this->_pun_user['g_post_flood']) {
throw new Exception($this->_lang['Bad request']);
}
// Clean up message
$message = pun_linebreaks(pun_trim($message));
if (!$message) {
throw new Exception($this->_lang['Bad request']);
} else {
if (mb_strlen($message) > 65535) {
throw new Exception($this->_lang['Bad request']);
} else {
if (!$this->_pun_config['p_message_all_caps'] && mb_strtoupper($message) == $message && $this->_pun_user['g_id'] > PUN_MOD) {
$message = ucwords(mb_strtolower($message));
}
}
}
convert_forum_url($message);
// Insert the new post
$r = $this->_db->query('
INSERT INTO ' . $this->_db->prefix . 'posts (
poster, poster_id, poster_ip, message, hide_smilies, posted, topic_id
) VALUES (
\'' . $this->_db->escape($this->_pun_user['username']) . '\',
' . $this->_pun_user['id'] . ',
\'' . get_remote_address() . '\',
\'' . $this->_db->escape($message) . '\',
\'' . intval($hideSmiles) . '\',
' . $_SERVER['REQUEST_TIME'] . ',
' . $topicId . '
)
');
if (!$r) {
throw new Exception($this->_db->error());
}
if (!$this->_db->affected_rows()) {
throw new Exception($this->_lang['Bad request']);
}
$id = $this->_db->insert_id();
// Count number of replies in the topic
$result = $this->_db->query('
SELECT COUNT(1)
FROM ' . $this->_db->prefix . 'posts
WHERE topic_id=' . $topicId);
$num_replies = $this->_db->result($result, 0) - 1;
// Update topic
$this->_db->query('
UPDATE ' . $this->_db->prefix . 'topics
SET num_replies=' . $num_replies . ',
last_post=' . $_SERVER['REQUEST_TIME'] . ',
last_post_id=' . $id . ',
last_poster=\'' . $this->_db->escape($this->_pun_user['username']) . '\'
WHERE id=' . $topicId);
//update_search_index('post', $id, $message);
$result = $this->_db->query('
SELECT f.id
FROM ' . $this->_db->prefix . 'topics AS t
INNER JOIN ' . $this->_db->prefix . 'forums AS f ON f.id=t.forum_id
LEFT JOIN ' . $this->_db->prefix . 'forum_perms AS fp ON (fp.forum_id=f.id AND fp.group_id=' . $this->_pun_user['g_id'] . ')
WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND t.id=' . $topicId);
$forumId = $this->_db->result($result, 0);
update_forum($forumId);
generate_rss();
return array('message' => $this->_parseMessage($message, $hideSmiles), 'poster' => $this->_pun_user['username'], 'posted' => $_SERVER['REQUEST_TIME']);
}
<?php
$skill = isset($_GET['skill']) ? strtolower(pun_trim($_GET['skill'])) : 'combat';
$username = isset($_GET['username']) ? pun_trim($_GET['username']) : '';
$show_group = !isset($_GET['show_group']) || intval($_GET['show_group']) < -1 && intval($_GET['show_group']) > 2 ? -1 : intval($_GET['show_group']);
$sort_by = !isset($_GET['sort_by']) || $_GET['sort_by'] != 'username' && $_GET['sort_by'] != 'owner' && $_GET['sort_by'] != $skill && $_GET['sort_by'] != 'skill_total' && $_GET['sort_by'] != 'creation_date' ? isset($_GET['skill']) ? 'skl_' . $skill : 'skill_total' : trim($_GET['sort_by']);
$sort_dir = !isset($_GET['sort_dir']) || $_GET['sort_dir'] != 'ASC' && $_GET['sort_dir'] != 'DESC' ? 'DESC' : strtoupper($_GET['sort_dir']);
$country = isset($_GET['country']) ? pun_trim($_GET['country']) : false;
$char = isset($_GET['sort_char']) ? trim($_GET['sort_char']) : false;
$sort_friends = isset($_GET['sort_friends']);
$sort_kills = isset($_GET['sort_kills']);
if ($char) {
$result = $db->query('SELECT 1 FROM ' . $db->prefix . 'rscd_players WHERE user='******' AND owner=' . $pun_user['id']) or error('Unable to check characters owner', __FILE__, __LINE__, $db->error());
if (!$db->num_rows($result)) {
message('Invalid character (or maybe not yours!)');
}
}
function extract_value($user)
{
global $skill;
if ($skill == 'combat') {
return $user['combat'];
} else {
if ($skill == 'kills') {
return $user['kills'];
}
}
return experience_to_level($user['exp_' . $skill]);
}
function extract_exp($user)
{
} else {
$db_type = $_POST['req_db_type'];
$db_host = pun_trim($_POST['req_db_host']);
$db_name = pun_trim($_POST['req_db_name']);
$db_username = pun_trim($_POST['db_username']);
$db_password = pun_trim($_POST['db_password']);
$db_prefix = pun_trim($_POST['db_prefix']);
$username = pun_trim($_POST['req_username']);
$email = strtolower(pun_trim($_POST['req_email']));
$password1 = pun_trim($_POST['req_password1']);
$password2 = pun_trim($_POST['req_password2']);
$title = pun_trim($_POST['req_title']);
$description = pun_trim($_POST['desc']);
$base_url = pun_trim($_POST['req_base_url']);
$default_lang = pun_trim($_POST['req_default_lang']);
$default_style = pun_trim($_POST['req_default_style']);
$alerts = array();
// Make sure base_url doesn't end with a slash
if (substr($base_url, -1) == '/') {
$base_url = substr($base_url, 0, -1);
}
// Validate username and passwords
if (pun_strlen($username) < 2) {
$alerts[] = $lang_install['Username 1'];
} else {
if (pun_strlen($username) > 25) {
// This usually doesn't happen since the form element only accepts 25 characters
$alerts[] = $lang_install['Username 2'];
} else {
if (!strcasecmp($username, 'Guest')) {
$alerts[] = $lang_install['Username 3'];
function parse_message($text, $hide_smilies)
{
global $pun_config, $lang_common, $pun_user;
if ($pun_config['o_censoring'] == '1') {
$text = censor_words($text);
}
// Convert applicable characters to HTML entities
$text = pun_htmlspecialchars($text);
// If the message contains a code tag we have to split it up (text within [code][/code] shouldn't be touched)
if (strpos($text, '[code]') !== false && strpos($text, '[/code]') !== false) {
list($inside, $text) = extract_blocks($text, '[code]', '[/code]');
}
if ($pun_config['p_message_bbcode'] == '1' && strpos($text, '[') !== false && strpos($text, ']') !== false) {
$text = do_bbcode($text);
}
if ($pun_config['o_smilies'] == '1' && $pun_user['show_smilies'] == '1' && $hide_smilies == '0') {
$text = do_smilies($text);
}
// Deal with newlines, tabs and multiple spaces
$pattern = array("\n", "\t", ' ', ' ');
$replace = array('<br />', '    ', '  ', '  ');
$text = str_replace($pattern, $replace, $text);
// If we split up the message before we have to concatenate it together again (code tags)
if (isset($inside)) {
$parts = explode("", $text);
$text = '';
foreach ($parts as $i => $part) {
$text .= $part;
if (isset($inside[$i])) {
$num_lines = substr_count($inside[$i], "\n");
$text .= '</p><div class="codebox"><pre' . ($num_lines > 28 ? ' class="vscroll"' : '') . '><code>' . pun_trim($inside[$i], "\n\r") . '</code></pre></div><p>';
}
}
}
return clean_paragraphs($text);
}
if ($search_for == '') {
message($lang_admin_censoring['Must enter word message']);
}
$db->query('INSERT INTO ' . $db->prefix . 'censoring (search_for, replace_with) VALUES (\'' . $db->escape($search_for) . '\', \'' . $db->escape($replace_with) . '\')') or error('Unable to add censor word', __FILE__, __LINE__, $db->error());
// Regenerate the censoring cache
if (!defined('FORUM_CACHE_FUNCTIONS_LOADED')) {
require PUN_ROOT . 'include/cache.php';
}
generate_censoring_cache();
redirect('admin_censoring.php', $lang_admin_censoring['Word added redirect']);
} else {
if (isset($_POST['update'])) {
confirm_referrer('admin_censoring.php');
$id = intval(key($_POST['update']));
$search_for = pun_trim($_POST['search_for'][$id]);
$replace_with = pun_trim($_POST['replace_with'][$id]);
if ($search_for == '') {
message($lang_admin_censoring['Must enter word message']);
}
$db->query('UPDATE ' . $db->prefix . 'censoring SET search_for=\'' . $db->escape($search_for) . '\', replace_with=\'' . $db->escape($replace_with) . '\' WHERE id=' . $id) or error('Unable to update censor word', __FILE__, __LINE__, $db->error());
// Regenerate the censoring cache
if (!defined('FORUM_CACHE_FUNCTIONS_LOADED')) {
require PUN_ROOT . 'include/cache.php';
}
generate_censoring_cache();
redirect('admin_censoring.php', $lang_admin_censoring['Word updated redirect']);
} else {
if (isset($_POST['remove'])) {
confirm_referrer('admin_censoring.php');
$id = intval(key($_POST['remove']));
$db->query('DELETE FROM ' . $db->prefix . 'censoring WHERE id=' . $id) or error('Unable to delete censor word', __FILE__, __LINE__, $db->error());
$db->query('UPDATE ' . $db->prefix . 'users SET last_visit=' . $pun_user['logged'] . ' WHERE id=' . $pun_user['id']) or error('Unable to update user visit data', __FILE__, __LINE__, $db->error());
}
pun_setcookie(1, pun_hash(uniqid(rand(), true)), time() + 31536000);
redirect('index.php', $lang_login['Logout redirect']);
} else {
if ($action == 'forget' || $action == 'forget_2') {
if (!$pun_user['is_guest']) {
header('Location: index.php');
exit;
}
if (isset($_POST['form_sent'])) {
// Start with a clean slate
$errors = array();
require PUN_ROOT . 'include/email.php';
// Validate the email address
$email = strtolower(pun_trim($_POST['req_email']));
if (!is_valid_email($email)) {
$errors[] = $lang_common['Invalid email'];
}
// Did everything go according to plan?
if (empty($errors)) {
$result = $db->query('SELECT id, username, last_email_sent FROM ' . $db->prefix . 'users WHERE email=\'' . $db->escape($email) . '\'') or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());
if ($db->num_rows($result)) {
// Load the "activate password" template
$mail_tpl = trim(file_get_contents(PUN_ROOT . 'lang/' . $pun_user['language'] . '/mail_templates/activate_password.tpl'));
// The first row contains the subject
$first_crlf = strpos($mail_tpl, "\n");
$mail_subject = trim(substr($mail_tpl, 8, $first_crlf - 8));
$mail_message = trim(substr($mail_tpl, $first_crlf));
// Do the generic replacements first (they apply to all emails sent out here)
$mail_message = str_replace('<base_url>', get_base_url() . '/', $mail_message);
if ($_POST['verified'] == 1) {
$verified = '';
} elseif ($_POST['verified'] == 0) {
$verified = 'AND (group_id < 32000)';
} else {
$verified = 'AND (group_id = 32000)';
}
$prune = $_POST['prune_by'] == 1 ? 'registered' : 'last_visit';
$user_time = time() - $_POST['days'] * 86400;
$result = $db->query('DELETE FROM ' . $db->prefix . 'users WHERE (num_posts < ' . intval($_POST['posts']) . ') AND (' . $prune . ' < ' . intval($user_time) . ') AND (id > 2) AND (' . $admod_delete . ')' . $verified, true) or error('Unable to delete users', __FILE__, __LINE__, $db->error());
$users_pruned = $db->affected_rows();
message('Pruning complete. Users pruned ' . $users_pruned . '.');
} elseif (isset($_POST['add_user'])) {
require PUN_ROOT . 'lang/' . $pun_user['language'] . '/prof_reg.php';
require PUN_ROOT . 'lang/' . $pun_user['language'] . '/register.php';
$username = pun_trim($_POST['username']);
$email1 = strtolower(trim($_POST['email']));
$email2 = strtolower(trim($_POST['email']));
if ($_POST['random_pass'] == '1') {
$password1 = random_pass(8);
$password2 = $password1;
} else {
$password1 = trim($_POST['password']);
$password2 = trim($_POST['password']);
}
// Convert multiple whitespace characters into one (to prevent people from registering with indistinguishable usernames)
$username = preg_replace('#\\s+#s', ' ', $username);
// Validate username and passwords
if (strlen($username) < 2) {
message($lang_prof_reg['Username too short']);
} else {
redirect('admin_forums.php', $lang_admin_forums['Forums updated redirect']);
} else {
if (isset($_GET['edit_forum'])) {
$forum_id = intval($_GET['edit_forum']);
if ($forum_id < 1) {
message($lang_common['Bad request'], false, '404 Not Found');
}
// Update group permissions for $forum_id
if (isset($_POST['save'])) {
confirm_referrer('admin_forums.php');
// Start with the forum details
$forum_name = pun_trim($_POST['forum_name']);
$forum_desc = pun_linebreaks(pun_trim($_POST['forum_desc']));
$cat_id = intval($_POST['cat_id']);
$sort_by = intval($_POST['sort_by']);
$redirect_url = isset($_POST['redirect_url']) ? pun_trim($_POST['redirect_url']) : null;
if ($forum_name == '') {
message($lang_admin_forums['Must enter name message']);
}
if ($cat_id < 1) {
message($lang_common['Bad request'], false, '404 Not Found');
}
$forum_desc = $forum_desc != '' ? '\'' . $db->escape($forum_desc) . '\'' : 'NULL';
$redirect_url = $redirect_url != '' ? '\'' . $db->escape($redirect_url) . '\'' : 'NULL';
$db->query('UPDATE ' . $db->prefix . 'forums SET forum_name=\'' . $db->escape($forum_name) . '\', forum_desc=' . $forum_desc . ', redirect_url=' . $redirect_url . ', sort_by=' . $sort_by . ', cat_id=' . $cat_id . ' WHERE id=' . $forum_id) or error('Unable to update forum', __FILE__, __LINE__, $db->error());
// Now let's deal with the permissions
if (isset($_POST['read_forum_old'])) {
$result = $db->query('SELECT g_id, g_read_board, g_post_replies, g_post_topics FROM ' . $db->prefix . 'groups WHERE g_id!=' . PUN_ADMIN) or error('Unable to fetch user group list', __FILE__, __LINE__, $db->error());
while ($cur_group = $db->fetch_assoc($result)) {
$read_forum_new = $cur_group['g_read_board'] == '1' ? isset($_POST['read_forum_new'][$cur_group['g_id']]) ? '1' : '0' : intval($_POST['read_forum_old'][$cur_group['g_id']]);
$post_replies_new = isset($_POST['post_replies_new'][$cur_group['g_id']]) ? '1' : '0';
message($lang->t('Invalid webmaster email message'));
}
if ($form['mailing_list'] != '') {
$form['mailing_list'] = strtolower(preg_replace('%\\s%S', '', $form['mailing_list']));
}
// Make sure avatars_dir doesn't end with a slash
if (substr($form['avatars_dir'], -1) == '/') {
$form['avatars_dir'] = substr($form['avatars_dir'], 0, -1);
}
if ($form['additional_navlinks'] != '') {
$form['additional_navlinks'] = pun_trim(pun_linebreaks($form['additional_navlinks']));
}
// Change or enter a SMTP password
if (isset($_POST['form']['smtp_change_pass'])) {
$smtp_pass1 = isset($_POST['form']['smtp_pass1']) ? pun_trim($_POST['form']['smtp_pass1']) : '';
$smtp_pass2 = isset($_POST['form']['smtp_pass2']) ? pun_trim($_POST['form']['smtp_pass2']) : '';
if ($smtp_pass1 == $smtp_pass2) {
$form['smtp_pass'] = $smtp_pass1;
} else {
message($lang->t('SMTP passwords did not match'));
}
}
if ($form['announcement_message'] != '') {
$form['announcement_message'] = pun_linebreaks($form['announcement_message']);
} else {
$form['announcement_message'] = $lang->t('Enter announcement here');
$form['announcement'] = '0';
}
if ($form['rules_message'] != '') {
$form['rules_message'] = pun_linebreaks($form['rules_message']);
} else {
$result = $db->query('SELECT 1 FROM ' . $db->prefix . 'ranks WHERE min_posts=' . $min_posts) or error('Unable to fetch rank info', __FILE__, __LINE__, $db->error());
if ($db->num_rows($result)) {
message(sprintf($lang_admin_ranks['Dupe min posts message'], $min_posts));
}
$db->query('INSERT INTO ' . $db->prefix . 'ranks (rank, min_posts) VALUES(\'' . $db->escape($rank) . '\', ' . $min_posts . ')') or error('Unable to add rank', __FILE__, __LINE__, $db->error());
// Regenerate the ranks cache
if (!defined('FORUM_CACHE_FUNCTIONS_LOADED')) {
require PUN_ROOT . 'include/cache.php';
}
generate_ranks_cache();
redirect('admin_ranks.php', $lang_admin_ranks['Rank added redirect']);
} else {
if (isset($_POST['update'])) {
confirm_referrer('admin_ranks.php');
$id = intval(key($_POST['update']));
$rank = pun_trim($_POST['rank'][$id]);
$min_posts = trim($_POST['min_posts'][$id]);
if ($rank == '') {
message($lang_admin_ranks['Must enter title message']);
}
if ($min_posts == '' || preg_match('/[^0-9]/', $min_posts)) {
message($lang_admin_ranks['Must be integer message']);
}
// Make sure there isn't already a rank with the same min_posts value
$result = $db->query('SELECT 1 FROM ' . $db->prefix . 'ranks WHERE id!=' . $id . ' AND min_posts=' . $min_posts) or error('Unable to fetch rank info', __FILE__, __LINE__, $db->error());
if ($db->num_rows($result)) {
message(sprintf($lang_admin_ranks['Dupe min posts message'], $min_posts));
}
$db->query('UPDATE ' . $db->prefix . 'ranks SET rank=\'' . $db->escape($rank) . '\', min_posts=' . $min_posts . ' WHERE id=' . $id) or error('Unable to update rank', __FILE__, __LINE__, $db->error());
// Regenerate the ranks cache
if (!defined('FORUM_CACHE_FUNCTIONS_LOADED')) {
</div>
</div>
<?php
require PUN_ROOT . 'footer.php';
} else {
if (isset($_GET['report'])) {
if ($pun_user['is_guest']) {
message($lang_common['No permission']);
}
$post_id = intval($_GET['report']);
if ($post_id < 1) {
message($lang_common['Bad request']);
}
if (isset($_POST['form_sent'])) {
// Clean up reason from POST
$reason = pun_linebreaks(pun_trim($_POST['req_reason']));
if ($reason == '') {
message($lang_misc['No reason']);
}
// Get the topic ID
$result = $db->query('SELECT topic_id FROM ' . $db->prefix . 'posts WHERE id=' . $post_id) or error('Unable to fetch post info', __FILE__, __LINE__, $db->error());
if (!$db->num_rows($result)) {
message($lang_common['Bad request']);
}
$topic_id = $db->result($result);
// Get the subject and forum ID
$result = $db->query('SELECT subject, forum_id FROM ' . $db->prefix . 'topics WHERE id=' . $topic_id) or error('Unable to fetch topic info', __FILE__, __LINE__, $db->error());
if (!$db->num_rows($result)) {
message($lang_common['Bad request']);
}
list($subject, $forum_id) = $db->fetch_row($result);
function output_html($feed)
{
// Send the Content-type header in case the web server is setup to send something else
header('Content-type: text/html; charset=utf-8');
header('Expires: ' . gmdate('D, d M Y H:i:s') . ' GMT');
header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
header('Pragma: public');
foreach ($feed['items'] as $item) {
if (utf8_strlen($item['title']) > FORUM_EXTERN_MAX_SUBJECT_LENGTH) {
$subject_truncated = pun_htmlspecialchars(pun_trim(utf8_substr($item['title'], 0, FORUM_EXTERN_MAX_SUBJECT_LENGTH - 5))) . ' …';
} else {
$subject_truncated = pun_htmlspecialchars($item['title']);
}
echo '<li><a href="' . pun_htmlspecialchars($item['link']) . '" title="' . pun_htmlspecialchars($item['title']) . '">' . $subject_truncated . '</a></li>' . "\n";
}
}
}
// Check subject
$subject = pun_trim($_POST['req_subject']);
if (!$subject) {
wap_message($lang_post['No subject']);
} else {
if (mb_strlen($subject) > 70) {
wap_message($lang_post['Too long subject']);
} else {
if (!$pun_config['p_subject_all_caps'] && mb_strtoupper($subject) == $subject && $pun_user['g_id'] > PUN_GUEST) {
$subject = ucwords(mb_strtolower($subject));
}
}
}
// Clean up message from POST
$message = pun_linebreaks(pun_trim($_POST['req_message']));
// Check message
if (!$message) {
wap_message($lang_post['No message']);
} else {
if (mb_strlen($message) > 65535) {
wap_message($lang_post['Too long message']);
} else {
if (!$pun_config['p_message_all_caps'] && mb_strtoupper($message) == $message && $pun_user['g_id'] > PUN_GUEST) {
$message = ucwords(strtolower($message));
}
}
}
// Validate BBCode syntax
if ($pun_config['p_message_bbcode'] == 1 && strpos($message, '[') !== false && strpos($message, ']') !== false) {
include_once PUN_ROOT . 'include/parser.php';
<?php
/***********************************************************************
Caleb Champlin (med_mediator@hotmail.com)
************************************************************************/
// Tell admin_loader.php that this is indeed a plugin and that it is loaded
define('PUN_PLUGIN_LOADED', 1);
// Did someone just hit "Submit"
if (isset($_POST['form_sent'])) {
$options = intval(pun_trim($_POST['max_options']));
$db->query('UPDATE ' . $db->prefix . 'config SET conf_value=' . $options . ' WHERE conf_name=\'poll_max_fields\'') or error('Unable to update configuration', __FILE__, __LINE__, $db->error());
$d = dir(PUN_ROOT . 'cache');
while (($entry = $d->read()) !== false) {
if (substr($entry, strlen($entry) - 4) == '.php') {
@unlink(PUN_ROOT . 'cache/' . $entry);
}
}
redirect('admin_loader.php?plugin=AP_Sondage.php', 'Options des sondages mises à jour.');
} else {
if (isset($_POST['save'])) {
// Permission Updating Code here
} else {
// Display the admin navigation menu
generate_admin_menu($plugin);
?>
<div id="pollplugin" class="blockform">
<h2><span>Easy Poll +</span></h2>
<div class="box">
<div class="inbox">
Foundation, Inc., 59 Temple Place, Suite 330, Boston,
MA 02111-1307 USA
************************************************************************/
define('PUN_ROOT', './');
require PUN_ROOT . 'include/common.php';
if ($pun_user['g_read_board'] == '0') {
message($lang_common['No view']);
}
// Load the userlist.php language file
require PUN_ROOT . 'lang/' . $pun_user['language'] . '/userlist.php';
// Load the search.php language file
require PUN_ROOT . 'lang/' . $pun_user['language'] . '/search.php';
// Determine if we are allowed to view post counts
$show_post_count = $pun_config['o_show_post_count'] == '1' || $pun_user['g_id'] < PUN_GUEST ? true : false;
$username = isset($_GET['username']) && $pun_user['g_search_users'] == '1' ? pun_trim($_GET['username']) : '';
$show_group = !isset($_GET['show_group']) || intval($_GET['show_group']) < -1 && intval($_GET['show_group']) > 2 ? -1 : intval($_GET['show_group']);
$sort_by = !isset($_GET['sort_by']) || $_GET['sort_by'] != 'username' && $_GET['sort_by'] != 'registered' && ($_GET['sort_by'] != 'num_posts' || !$show_post_count) ? 'username' : $_GET['sort_by'];
$sort_dir = !isset($_GET['sort_dir']) || $_GET['sort_dir'] != 'ASC' && $_GET['sort_dir'] != 'DESC' ? 'ASC' : strtoupper($_GET['sort_dir']);
$page_title = pun_htmlspecialchars($pun_config['o_board_title']) . ' / ' . $lang_common['User list'];
if ($pun_user['g_search_users'] == '1') {
$focus_element = array('userlist', 'username');
}
define('PUN_ALLOW_INDEX', 1);
require PUN_ROOT . 'header.php';
?>
<div class="blockform">
<h2><span><?php
echo $lang_search['User search'];
?>
</span></h2>
if ($pun_config['p_message_all_caps'] == '0' && is_all_uppercase($message) && !$pun_user['is_admmod']) {
$errors[] = $lang_post['All caps message'];
}
}
// Validate BBCode syntax
if ($pun_config['p_message_bbcode'] == '1') {
require PUN_ROOT . 'include/parser.php';
$message = preparse_bbcode($message, $errors);
}
if (empty($errors)) {
if ($message == '') {
$errors[] = $lang_post['No message'];
} else {
if ($pun_config['o_censoring'] == '1') {
// Censor message to see if that causes problems
$censored_message = pun_trim(censor_words($message));
if ($censored_message == '') {
$errors[] = $lang_post['No message after censoring'];
}
}
}
}
$hide_smilies = isset($_POST['hide_smilies']) ? '1' : '0';
$subscribe = isset($_POST['subscribe']) ? '1' : '0';
$stick_topic = isset($_POST['stick_topic']) && $is_admmod ? '1' : '0';
// Replace four-byte characters (MySQL cannot handle them)
$message = strip_bad_multibyte_chars($message);
$now = time();
flux_hook('post_after_validation');
// Did everything go according to plan?
if (empty($errors) && !isset($_POST['preview'])) {
}
//if( strcasecmp( $hum_answer, $hum_qna_line) == 0 )
}
//for( $hum_x=1 ; $hum_x >= $hum_answ_cnt ; $hum_x++ )
//The loop is over, check if the correct answer was given and issue error if not
if ($hum_answ_correct == False) {
message('You supplied and incorrect answer at the "Human Test" field, please try again');
}
//if( $hum_answ_correct == False )
//This should be it, the user should be human and not a bot
// Check that someone from this IP didn't register a user within the last hour (DoS prevention)
$result = $db->query('SELECT 1 FROM ' . $db->prefix . 'users WHERE registration_ip=\'' . get_remote_address() . '\' AND registered>' . (time() - 3600)) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());
if ($db->num_rows($result)) {
message('A new user was registered with the same IP address as you within the last hour. To prevent registration flooding, at least an hour has to pass between registrations from the same IP. Sorry for the inconvenience.');
}
$username = pun_trim($_POST['req_username']);
$email1 = strtolower(trim($_POST['req_email1']));
if ($pun_config['o_regs_verify'] == '1') {
$email2 = strtolower(trim($_POST['req_email2']));
$password1 = random_pass(8);
$password2 = $password1;
} else {
$password1 = trim($_POST['req_password1']);
$password2 = trim($_POST['req_password2']);
}
// Convert multiple whitespace characters into one (to prevent people from registering with indistinguishable usernames)
$username = preg_replace('#\\s+#s', ' ', $username);
// Validate username and passwords
if (strlen($username) < 2) {
message($lang_prof_reg['Username too short']);
} else {
?>
" tabindex="39" /></p>
</form>
</div>
</div>
<div class="clearer"></div>
</div>
<?php
require PUN_ROOT . 'footer.php';
} else {
if (isset($_POST['add_edit_group'])) {
confirm_referrer('admin_groups.php');
// Is this the admin group? (special rules apply)
$is_admin_group = isset($_POST['group_id']) && $_POST['group_id'] == PUN_ADMIN ? true : false;
$title = pun_trim($_POST['req_title']);
$user_title = pun_trim($_POST['user_title']);
$moderator = isset($_POST['moderator']) && $_POST['moderator'] == '1' ? '1' : '0';
$mod_edit_users = $moderator == '1' && isset($_POST['mod_edit_users']) && $_POST['mod_edit_users'] == '1' ? '1' : '0';
$mod_rename_users = $moderator == '1' && isset($_POST['mod_rename_users']) && $_POST['mod_rename_users'] == '1' ? '1' : '0';
$mod_change_passwords = $moderator == '1' && isset($_POST['mod_change_passwords']) && $_POST['mod_change_passwords'] == '1' ? '1' : '0';
$mod_ban_users = $moderator == '1' && isset($_POST['mod_ban_users']) && $_POST['mod_ban_users'] == '1' ? '1' : '0';
$read_board = isset($_POST['read_board']) ? intval($_POST['read_board']) : '1';
$view_users = isset($_POST['view_users']) && $_POST['view_users'] == '1' || $is_admin_group ? '1' : '0';
$post_replies = isset($_POST['post_replies']) ? intval($_POST['post_replies']) : '1';
$post_topics = isset($_POST['post_topics']) ? intval($_POST['post_topics']) : '1';
$edit_posts = isset($_POST['edit_posts']) ? intval($_POST['edit_posts']) : $is_admin_group ? '1' : '0';
$delete_posts = isset($_POST['delete_posts']) ? intval($_POST['delete_posts']) : $is_admin_group ? '1' : '0';
$delete_topics = isset($_POST['delete_topics']) ? intval($_POST['delete_topics']) : $is_admin_group ? '1' : '0';
$set_title = isset($_POST['set_title']) ? intval($_POST['set_title']) : $is_admin_group ? '1' : '0';
$search = isset($_POST['search']) ? intval($_POST['search']) : '1';
$search_users = isset($_POST['search_users']) ? intval($_POST['search_users']) : '1';
}
}
break;
// Handle any duplicate users which occured due to conversion
// Handle any duplicate users which occured due to conversion
case 'conv_users_dupe':
$query_str = '?stage=preparse_posts';
if (!$mysql || empty($_SESSION['dupe_users'])) {
break;
}
if (isset($_POST['form_sent'])) {
$errors = array();
require PUN_ROOT . 'include/email.php';
foreach ($_SESSION['dupe_users'] as $id => $cur_user) {
$errors[$id] = array();
$username = pun_trim($_POST['dupe_users'][$id]);
if (pun_strlen($username) < 2) {
$errors[$id][] = $lang_update['Username too short error'];
} else {
if (pun_strlen($username) > 25) {
// This usually doesn't happen since the form element only accepts 25 characters
$errors[$id][] = $lang_update['Username too long error'];
} else {
if (!strcasecmp($username, 'Guest')) {
$errors[$id][] = $lang_update['Username Guest reserved error'];
} else {
if (preg_match('%[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}%', $username) || preg_match('%((([0-9A-Fa-f]{1,4}:){7}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){6}:[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){5}:([0-9A-Fa-f]{1,4}:)?[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){4}:([0-9A-Fa-f]{1,4}:){0,2}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){3}:([0-9A-Fa-f]{1,4}:){0,3}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){2}:([0-9A-Fa-f]{1,4}:){0,4}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){6}((\\b((25[0-5])|(1\\d{2})|(2[0-4]\\d)|(\\d{1,2}))\\b)\\.){3}(\\b((25[0-5])|(1\\d{2})|(2[0-4]\\d)|(\\d{1,2}))\\b))|(([0-9A-Fa-f]{1,4}:){0,5}:((\\b((25[0-5])|(1\\d{2})|(2[0-4]\\d)|(\\d{1,2}))\\b)\\.){3}(\\b((25[0-5])|(1\\d{2})|(2[0-4]\\d)|(\\d{1,2}))\\b))|(::([0-9A-Fa-f]{1,4}:){0,5}((\\b((25[0-5])|(1\\d{2})|(2[0-4]\\d)|(\\d{1,2}))\\b)\\.){3}(\\b((25[0-5])|(1\\d{2})|(2[0-4]\\d)|(\\d{1,2}))\\b))|([0-9A-Fa-f]{1,4}::([0-9A-Fa-f]{1,4}:){0,5}[0-9A-Fa-f]{1,4})|(::([0-9A-Fa-f]{1,4}:){0,6}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){1,7}:))%', $username)) {
$errors[$id][] = $lang_update['Username IP format error'];
} else {
if ((strpos($username, '[') !== false || strpos($username, ']') !== false) && strpos($username, '\'') !== false && strpos($username, '"') !== false) {
$errors[$id][] = $lang_update['Username bad characters error'];
// How many posts did we just split off?
$num_posts_splitted = substr_count($posts, ',') + 1;
// Verify that the post IDs are valid
$result = $db->query('SELECT 1 FROM ' . $db->prefix . 'posts WHERE id IN(' . $posts . ') AND topic_id=' . $tid) or error('Unable to check posts', __FILE__, __LINE__, $db->error());
if ($db->num_rows($result) != $num_posts_splitted) {
message($lang_common['Bad request'], false, '404 Not Found');
}
// Verify that the move to forum ID is valid
$result = $db->query('SELECT 1 FROM ' . $db->prefix . 'forums AS f LEFT JOIN ' . $db->prefix . 'forum_perms AS fp ON (fp.group_id=' . $pun_user['g_id'] . ' AND fp.forum_id=' . $move_to_forum . ') WHERE f.redirect_url IS NULL AND (fp.post_topics IS NULL OR fp.post_topics=1)') or error('Unable to fetch forum permissions', __FILE__, __LINE__, $db->error());
if (!$db->num_rows($result)) {
message($lang_common['Bad request'], false, '404 Not Found');
}
// Load the post.php language file
require PUN_ROOT . 'lang/' . $pun_user['language'] . '/post.php';
// Check subject
$new_subject = isset($_POST['new_subject']) ? pun_trim($_POST['new_subject']) : '';
if ($new_subject == '') {
message($lang_post['No subject']);
} else {
if (pun_strlen($new_subject) > 70) {
message($lang_post['Too long subject']);
}
}
// Get data from the new first post
$result = $db->query('SELECT p.id, p.poster, p.posted FROM ' . $db->prefix . 'posts AS p WHERE id IN(' . $posts . ') ORDER BY p.id ASC LIMIT 1') or error('Unable to get first post', __FILE__, __LINE__, $db->error());
$first_post_data = $db->fetch_assoc($result);
// Create the new topic
$db->query('INSERT INTO ' . $db->prefix . 'topics (poster, subject, posted, first_post_id, forum_id) VALUES (\'' . $db->escape($first_post_data['poster']) . '\', \'' . $db->escape($new_subject) . '\', ' . $first_post_data['posted'] . ', ' . $first_post_data['id'] . ', ' . $move_to_forum . ')') or error('Unable to create new topic', __FILE__, __LINE__, $db->error());
$new_tid = $db->insert_id();
// Move the posts to the new topic
$db->query('UPDATE ' . $db->prefix . 'posts SET topic_id=' . $new_tid . ' WHERE id IN(' . $posts . ')') or error('Unable to move posts into new topic', __FILE__, __LINE__, $db->error());
$query->where = 'u.registration_ip = :remote_addr AND u.registered > :last_hour';
$params = array(':remote_addr' => get_remote_address(), ':last_hour' => time() - 3600);
$result = $query->run($params);
if (!empty($result)) {
message($lang->t('Registration flood'));
}
unset($result, $query, $params);
$username = pun_trim($_POST['req_user']);
$email1 = strtolower(trim($_POST['req_email1']));
if ($pun_config['o_regs_verify'] == '1') {
$email2 = strtolower(trim($_POST['req_email2']));
$password1 = random_pass(8);
$password2 = $password1;
} else {
$password1 = pun_trim($_POST['req_password1']);
$password2 = pun_trim($_POST['req_password2']);
}
// Validate username and passwords
check_username($username);
if (pun_strlen($password1) < 4) {
$errors[] = $lang->t('Pass too short');
} else {
if ($password1 != $password2) {
$errors[] = $lang->t('Pass not match');
}
}
// Validate email
require PUN_ROOT . 'include/email.php';
if (!is_valid_email($email1)) {
$errors[] = $lang->t('Invalid email');
} else {
function parse_message($text, $hide_smilies)
{
global $pun_config, $lang_common, $pun_user;
if ($pun_config['o_censoring'] == '1') {
$text = censor_words($text);
}
// Convert applicable characters to HTML entities
$text = pun_htmlspecialchars($text);
// If the message contains a code tag we have to split it up (text within [code][/code] shouldn't be touched)
if (strpos($text, '[code]') !== false && strpos($text, '[/code]') !== false) {
list($inside, $outside) = split_text($text, '[code]', '[/code]', $errors);
$text = implode("", $outside);
}
if ($pun_config['p_message_bbcode'] == '1' && strpos($text, '[') !== false && strpos($text, ']') !== false) {
$text = do_bbcode($text);
}
if ($pun_config['o_smilies'] == '1' && $pun_user['show_smilies'] == '1' && $hide_smilies == '0') {
$text = do_smilies($text);
}
// Deal with newlines, tabs and multiple spaces
$pattern = array("\n", "\t", ' ', ' ');
$replace = array('<br />', '    ', '  ', '  ');
$text = str_replace($pattern, $replace, $text);
// If we split up the message before we have to concatenate it together again (code tags)
if (isset($inside)) {
$outside = explode("", $text);
$text = '';
$num_tokens = count($outside);
for ($i = 0; $i < $num_tokens; ++$i) {
$text .= $outside[$i];
if (isset($inside[$i])) {
$num_lines = substr_count($inside[$i], "\n");
$text .= '</p><div class="codebox"><pre' . ($num_lines > 28 ? ' class="vscroll"' : '') . '><code>' . pun_trim($inside[$i], "\n\r") . '</code></pre></div><p>';
}
}
}
// Add paragraph tag around post, but make sure there are no empty paragraphs
$text = preg_replace('#<br />\\s*?<br />((\\s*<br />)*)#i', "</p>\$1<p>", $text);
$text = str_replace('<p><br />', '<p>', $text);
$text = str_replace('<p></p>', '', '<p>' . $text . '</p>');
return $text;
}
