<?php
/**
* AlQuran Login file
* @author Shahriar
* @version 1.0.1
*/
session_start();
if (!isset($_SESSION['logged'])) {
header('location: login');
}
require_once 'config/function.php';
require_once 'config/connect.php';
require_once 'config/db.php';
require_once 'admin/header.php';
if (!url_valid()) {
//require_once('admin/'.$_GET['page'].'.php');
//require_once('admin/404.php');
}
require_once 'admin/footer.php';
}
if ($pun_config['o_regs_verify'] == '0' || $pun_user['is_admmod']) {
require PUN_ROOT . 'include/email.php';
// Validate the email address
$form['email'] = strtolower(pun_trim($_POST['req_email']));
if (!is_valid_email($form['email'])) {
message($lang_common['Invalid email']);
}
}
break;
case 'personal':
$form = array('realname' => isset($_POST['form']['realname']) ? pun_trim($_POST['form']['realname']) : '', 'url' => isset($_POST['form']['url']) ? pun_trim($_POST['form']['url']) : '', 'location' => isset($_POST['form']['location']) ? pun_trim($_POST['form']['location']) : '');
// Add http:// if the URL doesn't contain it already (while allowing https://, too)
if ($pun_user['g_post_links'] == '1') {
if ($form['url'] != '') {
$url = url_valid($form['url']);
if ($url === false) {
message($lang_profile['Invalid website URL']);
}
$form['url'] = $url['url'];
}
} else {
if (!empty($form['url'])) {
message($lang_profile['Website not allowed']);
}
$form['url'] = '';
}
if ($pun_user['g_id'] == PUN_ADMIN) {
$form['title'] = pun_trim($_POST['title']);
} else {
if ($pun_user['g_set_title'] == '1') {
function _preparse_bbcode_callback($matches)
{
global $lang_common, $errors, $pd;
// Get Slim current session
$feather = \Slim\Slim::getInstance();
// Initialize some local variables. Use reference variables where possible.
$tagname =& $matches[1];
// BBCode tag name.
$contents =& $matches[6];
// BBCode tag contents.
$tag =& $pd['bbcd'][$tagname];
// alias to this tags array element of the BBCD database
$parent = end($pd['tag_stack']);
// Name of parent tag. ("_ROOT_" is base parent tag).
/* $new_errors = array(); */
// BBCode tag error messages. (Create on error.)
// First things first.
$tag['depth']++;
// Increment tag-specific nesting level depth.
$tagname = strtolower($tagname);
// Force lowercase tags name.
array_push($pd['tag_stack'], $tagname);
// Push this tags name onto the tag stack.
// ---------------------------------------------------------------------------
// Recursively parse any nested BBCode tag markup (unless tag type is hidden):
// ---------------------------------------------------------------------------
if ($tag['tag_type'] !== 'hidden' && strpos($contents, '[') !== false) {
$contents = preg_replace_callback($pd['re_bbcode'], '_preparse_bbcode_callback', $contents);
if ($contents === null) {
// On error, preg_replace_callback returns NULL.
// Error #1: '(%s) Message is too long or too complex. Please shorten.'
$new_errors[] = sprintf($lang_common['BBerr pcre'], preg_error());
$contents = '';
// Zero out the contents.
}
}
// ---------------------------------------------------------------------------------------
// Process optional $attribute. Set $fmt_open, $fmt_close and $handler based on attribute.
// ---------------------------------------------------------------------------------------
$fmt_close = '[/' . $tagname . ']';
// BBCode closing tag format specifier string.
if ($matches[2]) {
// Check if attribute specified?
// Attribute specified. Pick value from one of the three possible quote delimitations.
if ($matches[3]) {
// Non-empty single-quoted value.
$attribute =& $matches[3];
// Set attribute to quoted content.
$fmt_open = '[' . $tagname . '=\'%a_str%\']';
// Set 'single-quoted' opening format.
} elseif ($matches[4]) {
// Non-empty double-quoted value.
$attribute =& $matches[4];
// Set attribute to quoted content.
$fmt_open = '[' . $tagname . '="%a_str%"]';
// Set "double-quoted" opening format.
} elseif ($matches[5]) {
// Non-empty un-or-any-quoted value.
$attribute =& $matches[5];
// Set attribute to unquoted content.
$fmt_open = '[' . $tagname . '=%a_str%]';
// Set un-'or'-"any"-quoted opening format.
} else {
// Otherwise must be empty.
$attribute = '';
// Set empty attribute.
$fmt_open = '[' . $tagname . '=%a_str%]';
// Set empty-attribute opening format.
}
// Consolidate consecutive attribute whitespace to a single space. Trim start and end.
$attribute = preg_replace(array('/\\s++/S', '/^ /', '/ $/'), array(' ', '', ''), $attribute);
// Determine attribute handler: fixed or variable or none.
if (isset($tag['handlers'][$attribute])) {
// If attribute matches handler key
$handler =& $tag['handlers'][$attribute];
// use the fixed-attribute handler.
} elseif (isset($tag['handlers']['ATTRIB'])) {
// Else if we have one, use this tags
$handler =& $tag['handlers']['ATTRIB'];
// variable attribute handler. Otherwise...
} elseif (isset($tag['handlers']['NO_ATTRIB']) && count($tag['handlers']) === 1) {
// which is either unexpected or unrecognized.
// Error #2: 'Unexpected attribute: "%1$s". (No attribute allowed for [%2$s].'.
$handler =& $pd['bbcd']['_ROOT_']['handlers']['NO_ATTRIB'];
$new_errors[] = sprintf($lang_common['BBerr unexpected attribute'], $attribute, $tagname);
} else {
// Error #3: 'Unrecognized attribute: "%1$s", is not valid for [%2$s].'
$handler =& $pd['bbcd']['_ROOT_']['handlers']['NO_ATTRIB'];
$new_errors[] = sprintf($lang_common['BBerr unrecognized attribute'], $attribute, $tagname);
}
// Make sure attribute does nor contain a valid BBcode tag.
if (preg_match($pd['re_bbtag'], $attribute)) {
// Error #4: 'Attribute may NOT contain open or close bbcode tags'
$handler =& $pd['bbcd']['_ROOT_']['handlers']['NO_ATTRIB'];
$new_errors[] = $lang_common['BBerr bbcode attribute'];
}
// Validate and filter tag's attribute value if and according to custom attribute regex.
if (isset($handler['a_regex'])) {
// Check if this tag has an attribute regex? (very rare)
if (preg_match($handler['a_regex'], $attribute, $m)) {
// Yes. Check if regex matches attribute?
$attribute = $m[1];
} else {
// Error #4b: 'Invalid attribute, [%s] requires specific attribute.'
$new_errors[] = sprintf($lang_common['BBerr invalid attrib'], $tagname);
}
}
} else {
// Attribute not specified. Use the NO_ATTRIB handler if it exixts else error.
$attribute = '';
// No attribute? Make it so.
$fmt_open = '[' . $tagname . ']';
// Set no-attribute fmt_open string.
if (isset($tag['handlers']['NO_ATTRIB'])) {
// If we have one, use this tags
$handler =& $tag['handlers']['NO_ATTRIB'];
// no-attribute handler. Otherwise...
} else {
// Error #5: '[%1$s] is missing a required attribute.'.
$handler =& $pd['bbcd']['_ROOT_']['handlers']['NO_ATTRIB'];
$new_errors[] = sprintf($lang_common['BBerr missing attribute'], $tagname);
}
}
// -------------------------------------------------------
// Do some validation checks. Fix problems where possible:
// -------------------------------------------------------
// Handle tag nesting depth overflow.
if ($tag['depth'] > $tag['depth_max']) {
// Allowable tag nesting level exceeded?
switch ($tag['nest_type']) {
// Overflow. Handle based upon tag's "nest_type"
case 'clip':
// Silently strip overly nested tags and content.
$contents = '';
break;
case 'fix':
// Silently strip overly-nested tags (keep contents).
$fmt_open = $fmt_close = '';
break;
case 'err':
// Error #6: '[%1$s] tag nesting depth: %2$d exceeds allowable limit: %3$d.'.
$new_errors[] = sprintf($lang_common['BBerr nesting overflow'], $tagname, $tag['depth'], $tag['depth_max']);
break;
default:
}
}
// Verify this tag is not in its parent's excluded tags list.
if (isset($pd['bbcd'][$parent]['tags_excluded'][$tagname])) {
// Are we illegitimate?
// Yes. Pick between error #6 and #7.
if ($parent === $tagname) {
// Error #7: '[%s] was opened within itself, this is not allowed.'
$new_errors[] = sprintf($lang_common['BBerr self-nesting'], $tagname);
} else {
// Error #8: '[%1$s] was opened within [%2$s], this is not allowed.'
$new_errors[] = sprintf($lang_common['BBerr invalid nesting'], $tagname, $parent);
}
}
// Verfify our parent tag is in our 'parents' allowable array if it exists.
if (isset($tag['parents']) && !isset($tag['parents'][$parent])) {
// Error #9: '[%1$s] cannot be within: [%2$s]. Allowable parent tags: %3$s.'.
$new_errors[] = sprintf($lang_common['BBerr invalid parent'], $tagname, $parent, '(' . implode('), (', array_keys($tag['parents'])) . ')');
}
// -----------------------------------------
// Perform content-type-specific processing:
// -----------------------------------------
switch ($handler['c_type']) {
case 'width_height':
if (preg_match('/\\b(\\d++)[Xx](\\d++)\\b/S', $contents, $m)) {
$width = (int) $m[1];
$height = (int) $m[2];
}
if (preg_match('/\\bw(?:idth)?+\\s*+=\\s*+[\'"]?+(\\d++)\\b/Si', $contents, $m)) {
$width = (int) $m[1];
}
if (preg_match('/\\bh(?:eight)?+\\s*+=\\s*+[\'"]?+(\\d++)\\b/Si', $contents, $m)) {
$height = (int) $m[1];
}
if (isset($height, $tag['x_padding'], $tag['y_padding'])) {
$height -= $tag['y_padding'] - $tag['x_padding'];
// Adjust for height of embedded controller.
}
break;
case 'url':
// Sanitize contents which is (hopefully) a url link. Trim spaces.
$contents = preg_replace(array('/^\\s+/', '/\\s+$/S'), '', $contents);
// Handle special case link to a
if ($feather->user->g_post_links != '1') {
$new_errors[] = $lang_common['BBerr cannot post URLs'];
} else {
if ($m = url_valid($contents)) {
$contents = $m['url'];
// Fetch possibly more complete url address.
} else {
// Error #10a: 'Invalid URL name: %s'.
$new_errors[] = sprintf($lang_common['BBerr Invalid URL name'], $contents);
}
}
break;
case 'email':
if (filter_var($contents, FILTER_VALIDATE_EMAIL)) {
// Error #10c: 'Invalid email address: %s'.
$new_errors[] = sprintf($lang_common['BBerr Invalid email address'], $contents);
}
break;
default:
}
// End c_type switch().
// -------------------------------------------
// Perform attribute-type-specific processing:
// -------------------------------------------
switch ($handler['a_type']) {
case 'width_height':
if ($attribute) {
if (preg_match('/\\b(\\d++)[Xx](\\d++)\\b/', $attribute, $m)) {
// Check for a "123x456" WxH spec?
$width = (int) $m[1];
// Yes. Set both dimensions.
$height = (int) $m[2];
}
if (preg_match('/\\bw(?:idth)?+\\s*+=\\s*+[\'"]?+(\\d++)\\b/i', $attribute, $m)) {
$width = (int) $m[1];
}
if (preg_match('/\\bh(?:eight)?+\\s*+=\\s*+[\'"]?+(\\d++)\\b/i', $attribute, $m)) {
$height = (int) $m[1];
}
$attribute = preg_replace('/[;\\s]?+\\b(?:(?:w(?:idth)?+|h(?:eight)?+)\\s*+=\\s*+|\\d++[Xx])\\d++\\b/Si', '', $attribute);
}
break;
case 'url':
if ($m = url_valid($attribute)) {
$attribute = $m['url'];
// Fetch possibly more complete url address.
} else {
// Error #10b: 'Invalid URL name: %s'.
$new_errors[] = sprintf($lang_common['BBerr Invalid URL name'], $attribute);
}
break;
case 'color':
if (!preg_match($pd['re_color'], $attribute)) {
// Error #11: 'Invalid color attribute: %s'.
$new_errors[] = sprintf($lang_common['BBerr Invalid color'], $attribute);
}
break;
case 'email':
// TODO: improve this quick-n-dirty email check.
if (!preg_match('/^[A-Z0-9._%+-]+@[A-Z0-9.-]+\\.[A-Z]{2,6}$/i', $attribute)) {
// Error #10c: 'Invalid email address: %s'.
$new_errors[] = sprintf($lang_common['BBerr Invalid email address'], $attribute);
}
break;
default:
}
// End a_type switch().
// ----------------------------------------------------------
// Perform tag-specific processing of attribute and contents:
// ----------------------------------------------------------
switch ($tagname) {
case 'img':
// Handle bad image url, file too big, then scale-to-fit within forum defaults if too large.
if ($tag['depth'] === 1) {
// Check if not overly nested?
if ($pd['ipass'] === 2 && $pd['config']['valid_imgs'] && url_valid($contents)) {
// Valid URI?
// Yes. Fetch file headers containing file type and size ("Content-Type" and "Content-Length").
if (($http = @get_headers($contents)) !== false && is_array($http)) {
if (preg_match('/\\b200\\s++OK\\s*+$/i', $http[0])) {
// Good response header?
for ($i = 1, $len = count($http); $i < $len; ++$i) {
// Yes. Loop through HTTP response headers.
if (preg_match('/^\\s*+Content-Length\\s*+:\\s*+(\\d++)\\s*+$/i', $http[$i], $m)) {
$size = (int) $m[1];
}
// File size found.
if (preg_match('/^\\s*+Content-Type\\s*+:\\s*+image\\/(.++)$/i', $http[$i], $m)) {
$type = $m[1];
}
// Image file type found.
}
// Verify Content-Type is an image.
if (isset($type)) {
// Verify remote file size is not too big. (If too big, handle error.)
if (isset($size)) {
if ($size <= $pd['config']['max_size']) {
// Filesize is ok. Do nothing.
if (($info = @getimagesize($contents)) && is_array($info)) {
// Fetch width & height.
// Now we know the filesize, width and height of remote image.
if (($iwidth = (int) $info[0]) && ($iheight = (int) $info[1])) {
// To resize or not resize, that is the question.
// If bigger than default, scale down. Otherwise dont touch.
// Scale image to fit within forum default width/height box dimensions.
$ar = (double) $iwidth / (double) $iheight;
// Otherwise, for images that naturally fit inside the box,
// leave the attribute clean (or unset).
if (!isset($width) && !isset($height) && ($iwidth > $pd['config']['def_width'] || $iheight > $pd['config']['def_height'])) {
// Remote file dimensions are too big to fit within default box.
// Explicitly scale a new width and height in IMG attribute.
$width = $pd['config']['def_width'];
$height = (int) ((double) $width / $ar + 0.5);
if ($height > $pd['config']['def_height']) {
$height = $pd['config']['def_height'];
$width = (int) ((double) $height * $ar + 0.5);
}
}
// Else remote image fits. Do nothing special with width and height.
}
} else {
// Error #13: 'Unable to retrieve image data from remote url: %s'.
$new_errors[] = sprintf($lang_common['BBerr bad meta data'], $contents);
}
// NOTE: cannot generate this error.
} else {
// Filesize of remote image is too big. Silently convert to link if possible.
if (isset($pd['bbcd']['url']) && $pd['bbcd']['url']['depth'] === 0) {
$fmt_open = '{[url=' . $contents . ']';
$fmt_close = '[/url]}';
$contents = $lang_common['BBmsg big image'];
} else {
// Image within a url cannot be linkified. Just display url name.
$contents = '{' . $contents . '}';
$fmt_open = '';
$fmt_close = '';
}
}
} else {
// $size not set.
// Error #14: 'Unable to determine remote file size.'.
$new_errors[] = $lang_common['BBerr no file size'];
}
// NOTE: cannot generate this error.
} else {
// Error #15: 'Remote url does not have Content-Type: "image".'
$new_errors[] = $lang_common['BBerr non image'];
}
} else {
// Error #16: 'Bad HTTP response header: "%s"'.
$new_errors[] = sprintf($lang_common['BBerr bad http response'], $http[0]);
}
} else {
// Error #17: 'Unable to read remote image http headers.'.
$new_errors[] = $lang_common['BBerr bad headers'];
}
}
// Image validation turned off. Do nothing.
} else {
// Non-Error: IMG tag self nesting. Handle by silently stripping tags with no error.
$fmt_open = $fmt_close = '';
}
break;
case 'list':
// Fixup lists within lists. In lists, everything must be in a [*] tag.
// Check if LIST contents well-formed.
if ($pd['ipass'] === 2 && !preg_match('% # Rev:20110220_1200
^\\s*+ # This regex validates well-formed list content.
(?:
\\[\\*\\]
[^[]*+(?:(?!\\[/?\\*\\])\\[[^[]*+)*+
\\[/\\*\\]\\s*+
)++
$
%x', $contents)) {
// Not well formed. Do fixup to ensure list contents are only * tags.
// First regex wraps invalid characters at start of LIST in a [*]...[/*] tag.
$contents = preg_replace($pd['re_fixlist_1'], '[*]$1[/*]', $contents);
// Second regex wraps invalid characters between [/*] and [*] (or [/list]).
$contents = preg_replace($pd['re_fixlist_2'], '$1[/*]', $contents);
}
// Well-formed LIST contents!
if ($parent === 'list') {
$fmt_open = '[*]' . $fmt_open;
$fmt_close .= '[/*]';
}
break;
default:
break;
}
// End switch statement.
// -------------------------------------------
// Process width and height values if present.
// -------------------------------------------
if (isset($width) || isset($height)) {
// Check if dimension specified in attrib or contents?
// Yes. Clip both $width and/or $height to their respective config maximums.
if (isset($width)) {
// Clip to max. Set to default if zero.
if ($width > $pd['config']['max_width']) {
$width = $pd['config']['max_width'];
} elseif ($width === 0) {
$width = $pd['config']['def_width'];
}
}
if (isset($height)) {
// Clip to max. Set to default if zero.
if ($height > $pd['config']['max_height']) {
$height = $pd['config']['max_height'];
} elseif ($height === 0) {
$height = $pd['config']['def_height'];
}
}
if (isset($ar)) {
// If the real image dimensions are known ($ar), then adjust to fit in box and maintain $ar.
if (isset($width) && isset($height)) {
// Check if both dimensions set?
if ($ar > (double) $width / (double) $height) {
// Yes. Check if $width more precise than $height?
$height = (int) ((double) $width / $ar + 0.5);
// Yes. Compute height from width and AR.
if ($height > $pd['config']['max_height']) {
$height = $pd['config']['max_height'];
$width = (int) ((double) $height * $ar + 0.5);
}
} else {
$width = (int) ((double) $height * $ar + 0.5);
// Compute width from height and AR.
if ($width > $pd['config']['max_width']) {
$width = $pd['config']['max_width'];
$height = (int) ((double) $width / $ar + 0.5);
}
}
} elseif (isset($width)) {
$height = (int) ((double) $width / $ar + 0.5);
// Compute height from width and AR.
if ($height > $pd['config']['max_height']) {
$height = $pd['config']['max_height'];
$width = (int) ((double) $height * $ar + 0.5);
}
} else {
$width = (int) ((double) $height * $ar + 0.5);
// Compute width from height and AR.
if ($width > $pd['config']['max_width']) {
$width = $pd['config']['max_width'];
$height = (int) ((double) $width / $ar + 0.5);
}
}
}
// Unconditionally write width and/or height data back into attribute.
if ($width === 0) {
$width = 1;
}
if ($height === 0) {
$height = 1;
}
if ($attribute) {
$attribute .= ';';
}
// Add delimiter for non-empty attrib.
if (isset($width) && isset($height)) {
$attribute .= $width . 'x' . $height;
} elseif (isset($width)) {
$attribute .= 'w=' . $width;
} else {
$attribute .= 'h=' . $height;
}
$fmt_open = '[' . $tagname . '=%a_str%]';
// Set open tag format to receive attribute.
}
// Validate and filter tag's contents if and according to optional contents regex.
if (isset($handler['c_regex'])) {
// Check if this tag has a contents regex? (youtube, vimeo, etc.)
// Yes. Check if regex matches contents?
if (preg_match($handler['c_regex'], $contents, $m)) {
$contents = $m[1];
} else {
// Error #12: 'Invalid content, [%s] requires specific content.'
$new_errors[] = sprintf($lang_common['BBerr invalid content'], $tagname);
}
}
// Silently strip empty or all-white tags:
if (preg_match('/^\\s*+$/', $contents)) {
$contents = '';
}
// Unconditionally hide all opening square brackets within hidden CODE contents.
// This is necessary otherwise the LIST fixup code would process "[*]" within CODE tags.
// These \3 byte markers are subsequently removed by preparse_bbcode().
if ($tag['tag_type'] === 'hidden') {
$contents = str_replace('[', "", $contents);
}
// On first pass, fix inline tags which span paragraphs by closting then re-opening.
if ($pd['ipass'] === 1 && $tag['html_type'] === 'inline' && $tag['tag_type'] !== 'hidden' && strpos($contents, "\n") !== false) {
$contents = preg_replace('/\\n\\s*?\\n\\s*/', "" . $fmt_close . "" . '$0' . "" . str_replace('%a_str%', $attribute, $fmt_open) . "", $contents);
}
// ***********************************************************************************
// Handle errors. Wrap this tags open and close BBCode tag each in a valid [err] tag.
// ***********************************************************************************
if (isset($new_errors) && $fmt_open) {
// check if we detected any errors?
// Yes, we have detected one or more new error conditions.
foreach ($new_errors as $errmsg) {
// Push all new errors on g errors array.
$pd['new_errors'][] = htmlspecialchars($errmsg);
}
// Wrap offending BBCode open and close tags each in its own valid error tag (last err only).
$fmt_open = '[err=' . $errmsg . ']' . $fmt_open . '[/err]';
// Wrap tags in the last error message.
$fmt_close = '[err=' . $errmsg . ']' . $fmt_close . '[/err]';
}
// -----------------------------------------------------------------------------
// All done processing. Substitute $attribute and $contents into format strings:
// -----------------------------------------------------------------------------
if ($contents) {
if ($pd['ipass'] === 1) {
// Add byte markers on first pass.
if ($tag['tag_type'] === 'hidden' || $handler['c_type'] == 'url') {
$text = "" . $fmt_open . '%c_str%' . $fmt_close . "";
} else {
$text = "" . $fmt_open . "%c_str%" . $fmt_close . "";
}
} else {
$text = $fmt_open . '%c_str%' . $fmt_close;
}
// Pass 2, dont bother with byte markers.
$text = str_replace('%a_str%', $attribute, $text);
$text = str_replace('%c_str%', $contents, $text);
} else {
$text = '';
}
array_pop($pd['tag_stack']);
// Were done. Pop this tag off the stack.
$tag['depth']--;
// Restore pre-call tag specific depth.
return $text;
}
public function edit_forum($forum_id)
{
global $lang_common, $lang_admin_common, $lang_admin_forums;
if ($this->user->g_id != FEATHER_ADMIN) {
message($lang_common['No permission'], '403');
}
// Load the admin_options.php language file
require FEATHER_ROOT . 'include/common_admin.php';
require FEATHER_ROOT . 'lang/' . $admin_language . '/forums.php';
if ($this->request->isPost()) {
if ($this->request->post('save') && $this->request->post('read_forum_old')) {
// Forums parameters / TODO : better handling of wrong parameters
$forum_data = array('forum_name' => feather_escape($this->request->post('forum_name')), 'forum_desc' => $this->request->post('forum_desc') ? feather_linebreaks(feather_trim($this->request->post('forum_desc'))) : NULL, 'cat_id' => (int) $this->request->post('cat_id'), 'sort_by' => (int) $this->request->post('sort_by'), 'redirect_url' => url_valid($this->request->post('redirect_url')) ? feather_escape($this->request->post('redirect_url')) : NULL);
if ($forum_data['forum_name'] == '') {
redirect(get_link('admin/forums/edit/' . $forum_id . '/'), $lang_admin_forums['Must enter name message']);
}
if ($forum_data['cat_id'] < 1) {
redirect(get_link('admin/forums/edit/' . $forum_id . '/'), $lang_admin_forums['Must be valid category']);
}
$this->model->update_forum($forum_id, $forum_data);
// Permissions
$permissions = $this->model->get_default_group_permissions(false);
foreach ($permissions as $perm_group) {
$permissions_data = array('group_id' => $perm_group['g_id'], 'forum_id' => $forum_id);
if ($perm_group['g_read_board'] == '1' && isset($this->request->post('read_forum_new')[$perm_group['g_id']]) && $this->request->post('read_forum_new')[$perm_group['g_id']] == '1') {
$permissions_data['read_forum'] = '1';
} else {
$permissions_data['read_forum'] = '0';
}
$permissions_data['post_replies'] = isset($this->request->post('post_replies_new')[$perm_group['g_id']]) ? '1' : '0';
$permissions_data['post_topics'] = isset($this->request->post('post_topics_new')[$perm_group['g_id']]) ? '1' : '0';
// Check if the new settings differ from the old
if ($permissions_data['read_forum'] != $this->request->post('read_forum_old')[$perm_group['g_id']] || $permissions_data['post_replies'] != $this->request->post('post_replies_old')[$perm_group['g_id']] || $permissions_data['post_topics'] != $this->request->post('post_topics_old')[$perm_group['g_id']]) {
// If there is no group permissions override for this forum
if ($permissions_data['read_forum'] == '1' && $permissions_data['post_replies'] == $perm_group['g_post_replies'] && $permissions_data['post_topics'] == $perm_group['g_post_topics']) {
$this->model->delete_permissions($forum_id, $perm_group['g_id']);
} else {
// Run an UPDATE and see if it affected a row, if not, INSERT
$this->model->update_permissions($permissions_data);
}
}
}
// Regenerate the quick jump cache
if (!defined('FORUM_CACHE_FUNCTIONS_LOADED')) {
require FEATHER_ROOT . 'include/cache.php';
}
generate_quickjump_cache();
redirect(get_link('admin/forums/edit/' . $forum_id . '/'), $lang_admin_forums['Forum updated redirect']);
} elseif ($this->request->post('revert_perms')) {
$this->model->delete_permissions($forum_id);
// Regenerate the quick jump cache
if (!defined('FORUM_CACHE_FUNCTIONS_LOADED')) {
require FEATHER_ROOT . 'include/cache.php';
}
generate_quickjump_cache();
redirect(get_link('admin/forums/edit/' . $forum_id . '/'), $lang_admin_forums['Perms reverted redirect']);
}
} else {
define('FEATHER_ADMIN_CONSOLE', 1);
$page_title = array(feather_escape($this->config['o_board_title']), $lang_admin_common['Admin'], $lang_admin_common['Forums']);
define('FEATHER_ACTIVE_PAGE', 'admin');
$this->header->setTitle($page_title)->display();
generate_admin_menu('forums');
$this->feather->render('admin/forums/permissions.php', array('lang_admin_forums' => $lang_admin_forums, 'lang_admin_common' => $lang_admin_common, 'feather_config' => $this->config, 'perm_data' => $this->model->get_permissions($forum_id), 'cur_index' => 7, 'cur_forum' => $this->model->get_forum_info($forum_id), 'forum_data' => $this->model->get_forums()));
$this->footer->display();
}
}
/**
* Creates a unique ID (subdomain) for a form and writes this to the database
* @return {string} ID (subdomain)
**/
private function _launch($server_url, $form_id, $submission_url = NULL)
{
if (strrpos($server_url, '/') === strlen($server_url) - 1) {
$server_url = substr($server_url, 0, -1);
}
if ($server_url && url_valid($server_url) && !empty($form_id)) {
//TODO: CHECK URLS FOR LIVENESS?
$existing_subdomain = $this->_get_subdomain($server_url, $form_id, NULL);
$submission_url = !empty($submission_url) ? $submission_url : $this->_get_submission_url($server_url);
if ($existing_subdomain) {
$this->db_subdomain = $existing_subdomain;
if (!$this->_is_active()) {
$this->_update_item('active', TRUE);
}
// always update server_url in case protocol has changed
// ending once-and-for-all the need to manually correct this in the db
$this->_update_items(array('server_url' => $server_url, 'submission_url' => $submission_url));
return $existing_subdomain;
}
$subdomain = $this->_generate_subdomain();
$data = array('subdomain' => $subdomain, 'server_url' => $server_url, 'form_id' => $form_id, 'submission_url' => $submission_url, 'data_url' => NULL, 'email' => NULL, 'launch_date' => date('Y-m-d H:i:s', time()));
$result = $this->db->insert('surveys', $data);
if ($result) {
return $subdomain;
}
log_message('error', 'could not insert data in surveys table: ' . json_encode($data));
}
return NULL;
}
public function update_profile($id, $info, $section)
{
global $lang_common, $lang_profile, $lang_prof_reg, $pd;
$username_updated = false;
// Validate input depending on section
switch ($section) {
case 'essentials':
$form = array('timezone' => floatval($this->request->post('form_timezone')), 'dst' => $this->request->post('form_dst') ? '1' : '0', 'time_format' => intval($this->request->post('form_time_format')), 'date_format' => intval($this->request->post('form_date_format')));
// Make sure we got a valid language string
if ($this->request->post('form_language')) {
$languages = forum_list_langs();
$form['language'] = feather_trim($this->request->post('form_language'));
if (!in_array($form['language'], $languages)) {
message($lang_common['Bad request'], '404');
}
}
if ($this->user->is_admmod) {
$form['admin_note'] = feather_trim($this->request->post('admin_note'));
// Are we allowed to change usernames?
if ($this->user->g_id == FEATHER_ADMIN || $this->user->g_moderator == '1' && $this->user->g_mod_rename_users == '1') {
$form['username'] = feather_trim($this->request->post('req_username'));
if ($form['username'] != $info['old_username']) {
// Check username
require FEATHER_ROOT . 'lang/' . $this->user->language . '/register.php';
$errors = '';
$errors = check_username($form['username'], $errors, $id);
if (!empty($errors)) {
message($errors[0]);
}
$username_updated = true;
}
}
// We only allow administrators to update the post count
if ($this->user->g_id == FEATHER_ADMIN) {
$form['num_posts'] = intval($this->request->post('num_posts'));
}
}
if ($this->config['o_regs_verify'] == '0' || $this->user->is_admmod) {
require FEATHER_ROOT . 'include/email.php';
// Validate the email address
$form['email'] = strtolower(feather_trim($this->request->post('req_email')));
if (!is_valid_email($form['email'])) {
message($lang_common['Invalid email']);
}
}
break;
case 'personal':
$form = array('realname' => $this->request->post('form_realname') ? feather_trim($this->request->post('form_realname')) : '', 'url' => $this->request->post('form_url') ? feather_trim($this->request->post('form_url')) : '', 'location' => $this->request->post('form_location') ? feather_trim($this->request->post('form_location')) : '');
// Add http:// if the URL doesn't contain it already (while allowing https://, too)
if ($this->user->g_post_links == '1') {
if ($form['url'] != '') {
$url = url_valid($form['url']);
if ($url === false) {
message($lang_profile['Invalid website URL']);
}
$form['url'] = $url['url'];
}
} else {
if (!empty($form['url'])) {
message($lang_profile['Website not allowed']);
}
$form['url'] = '';
}
if ($this->user->g_id == FEATHER_ADMIN) {
$form['title'] = feather_trim($this->request->post('title'));
} elseif ($this->user->g_set_title == '1') {
$form['title'] = feather_trim($this->request->post('title'));
if ($form['title'] != '') {
// A list of words that the title may not contain
// If the language is English, there will be some duplicates, but it's not the end of the world
$forbidden = array('member', 'moderator', 'administrator', 'banned', 'guest', utf8_strtolower($lang_common['Member']), utf8_strtolower($lang_common['Moderator']), utf8_strtolower($lang_common['Administrator']), utf8_strtolower($lang_common['Banned']), utf8_strtolower($lang_common['Guest']));
if (in_array(utf8_strtolower($form['title']), $forbidden)) {
message($lang_profile['Forbidden title']);
}
}
}
break;
case 'messaging':
$form = array('jabber' => feather_trim($this->request->post('form_jabber')), 'icq' => feather_trim($this->request->post('form_icq')), 'msn' => feather_trim($this->request->post('form_msn')), 'aim' => feather_trim($this->request->post('form_aim')), 'yahoo' => feather_trim($this->request->post('form_yahoo')));
// If the ICQ UIN contains anything other than digits it's invalid
if (preg_match('%[^0-9]%', $form['icq'])) {
message($lang_prof_reg['Bad ICQ']);
}
break;
case 'personality':
$form = array();
// Clean up signature from POST
if ($this->config['o_signatures'] == '1') {
$form['signature'] = feather_linebreaks(feather_trim($this->request->post('signature')));
// Validate signature
if (feather_strlen($form['signature']) > $this->config['p_sig_length']) {
message(sprintf($lang_prof_reg['Sig too long'], $this->config['p_sig_length'], feather_strlen($form['signature']) - $this->config['p_sig_length']));
} elseif (substr_count($form['signature'], "\n") > $this->config['p_sig_lines'] - 1) {
message(sprintf($lang_prof_reg['Sig too many lines'], $this->config['p_sig_lines']));
} elseif ($form['signature'] && $this->config['p_sig_all_caps'] == '0' && is_all_uppercase($form['signature']) && !$this->user->is_admmod) {
$form['signature'] = utf8_ucwords(utf8_strtolower($form['signature']));
}
// Validate BBCode syntax
if ($this->config['p_sig_bbcode'] == '1') {
require FEATHER_ROOT . 'include/parser.php';
$errors = array();
$form['signature'] = preparse_bbcode($form['signature'], $errors, true);
if (count($errors) > 0) {
message('<ul><li>' . implode('</li><li>', $errors) . '</li></ul>');
}
}
}
break;
case 'display':
$form = array('disp_topics' => feather_trim($this->request->post('form_disp_topics')), 'disp_posts' => feather_trim($this->request->post('form_disp_posts')), 'show_smilies' => $this->request->post('form_show_smilies') ? '1' : '0', 'show_img' => $this->request->post('form_show_img') ? '1' : '0', 'show_img_sig' => $this->request->post('form_show_img_sig') ? '1' : '0', 'show_avatars' => $this->request->post('form_show_avatars') ? '1' : '0', 'show_sig' => $this->request->post('form_show_sig') ? '1' : '0');
if ($form['disp_topics'] != '') {
$form['disp_topics'] = intval($form['disp_topics']);
if ($form['disp_topics'] < 3) {
$form['disp_topics'] = 3;
} elseif ($form['disp_topics'] > 75) {
$form['disp_topics'] = 75;
}
}
if ($form['disp_posts'] != '') {
$form['disp_posts'] = intval($form['disp_posts']);
if ($form['disp_posts'] < 3) {
$form['disp_posts'] = 3;
} elseif ($form['disp_posts'] > 75) {
$form['disp_posts'] = 75;
}
}
// Make sure we got a valid style string
if ($this->request->post('form_style')) {
$styles = forum_list_styles();
$form['style'] = feather_trim($this->request->post('form_style'));
if (!in_array($form['style'], $styles)) {
message($lang_common['Bad request'], '404');
}
}
break;
case 'privacy':
$form = array('email_setting' => intval($this->request->post('form_email_setting')), 'notify_with_post' => $this->request->post('form_notify_with_post') ? '1' : '0', 'auto_notify' => $this->request->post('form_auto_notify') ? '1' : '0');
if ($form['email_setting'] < 0 || $form['email_setting'] > 2) {
$form['email_setting'] = $this->config['o_default_email_setting'];
}
break;
default:
message($lang_common['Bad request'], '404');
}
// Single quotes around non-empty values and nothing for empty values
$temp = array();
foreach ($form as $key => $input) {
$temp[$key] = $input;
}
if (empty($temp)) {
message($lang_common['Bad request'], '404');
}
DB::for_table('users')->where('id', $id)->find_one()->set($temp)->save();
// If we changed the username we have to update some stuff
if ($username_updated) {
$bans_updated = DB::for_table('bans')->where('username', $info['old_username'])->update_many('username', $form['username']);
DB::for_table('posts')->where('poster_id', $id)->update_many('poster', $form['username']);
DB::for_table('posts')->where('edited_by', $info['old_username'])->update_many('edited_by', $form['username']);
DB::for_table('topics')->where('poster', $info['old_username'])->update_many('poster', $form['username']);
DB::for_table('topics')->where('last_poster', $info['old_username'])->update_many('last_poster', $form['username']);
DB::for_table('forums')->where('last_poster', $info['old_username'])->update_many('last_poster', $form['username']);
DB::for_table('online')->where('ident', $info['old_username'])->update_many('ident', $form['username']);
// If the user is a moderator or an administrator we have to update the moderator lists
$group_id = DB::for_table('users')->where('id', $id)->find_one_col('group_id');
$group_mod = DB::for_table('groups')->where('g_id', $group_id)->find_one_col('g_moderator');
if ($group_id == FEATHER_ADMIN || $group_mod == '1') {
$select_mods = array('id', 'moderators');
$result = DB::for_table('forums')->select_many($select_mods)->find_many();
foreach ($result as $cur_forum) {
$cur_moderators = $cur_forum['moderators'] != '' ? unserialize($cur_forum['moderators']) : array();
if (in_array($id, $cur_moderators)) {
unset($cur_moderators[$info['old_username']]);
$cur_moderators[$form['username']] = $id;
uksort($cur_moderators, 'utf8_strcasecmp');
DB::for_table('forums')->where('id', $cur_forum['id'])->find_one()->set('moderators', serialize($cur_moderators))->save();
}
}
}
// Regenerate the users info cache
if (!defined('FORUM_CACHE_FUNCTIONS_LOADED')) {
require FEATHER_ROOT . 'include/cache.php';
}
generate_users_info_cache();
// Check if the bans table was updated and regenerate the bans cache when needed
if ($bans_updated) {
generate_bans_cache();
}
}
redirect(get_link('user/' . $id . '/section/' . $section . '/'), $lang_profile['Profile redirect']);
}
