* // Return a 404 Not found error instead of redirecting * // the user back to the index. * header("HTTP/1.0 404 Not Found"); * print "<html><head>\n"; * print " <title>404 - Not Found</title>\n"; * print "</head><body>"; * print " <h1>404 - Forum Not Found</h1>"; * print "</body></html>"; * exit(); * } * </hookcode> */ if (isset($PHORUM["hooks"]["common_no_forum"])) { phorum_api_hook("common_no_forum", ""); } phorum_api_redirect(PHORUM_INDEX_URL); } $PHORUM = array_merge($PHORUM, $forum_settings); } elseif (isset($PHORUM["forum_id"]) && $PHORUM["forum_id"] == 0) { $PHORUM = array_merge($PHORUM, $PHORUM["default_forum_options"]); // some hard settings are needed if we are looking at forum_id 0 $PHORUM['vroot'] = 0; $PHORUM['parent_id'] = 0; $PHORUM['active'] = 1; $PHORUM['folder_flag'] = 1; $PHORUM['cache_version'] = 0; } // handling vroots if (!empty($PHORUM['vroot'])) { $vroot_folders = $PHORUM['DB']->get_forums($PHORUM['vroot']); $PHORUM["title"] = $vroot_folders[$PHORUM['vroot']]['name'];
} break; } if ($error) { break; } } if (empty($error)) { unset($_POST["module"]); unset($_POST["phorum_admin_token"]); if ($PHORUM['DB']->update_settings($_POST)) { $redir = phorum_admin_build_url(array('module=settings', 'message=success'), TRUE); if ($need_display_name_updates) { $redir = phorum_admin_build_url(array('module=update_display_names'), TRUE); } phorum_api_redirect($redir); exit; } else { $error = "Database error while updating settings."; } } } if ($error) { phorum_admin_error($error); } elseif (isset($_GET['message']) && $_GET['message'] == 'success') { $okmsg = "Settings updated"; phorum_admin_okmsg($okmsg); } // create the time zone drop down array for ($x = -23; $x <= 23; $x++) { $tz_range[$x] = $x;
} // If this thread is unapproved, then get out. $unapproved = empty($top_parent) || empty($parent) || $top_parent["status"] != PHORUM_STATUS_APPROVED || $parent["status"] != PHORUM_STATUS_APPROVED; if ($unapproved) { // In case we run the editor included in the read page, // we should not redirect to the listpage for moderators. // Else a moderator can never read an unapproved message. if (isset($PHORUM["postingargs"]["as_include"])) { if ($PHORUM["DATA"]["MODERATOR"]) { $PHORUM["DATA"]["OKMSG"] = $PHORUM["DATA"]["LANG"]["UnapprovedMessage"]; return; } } // In other cases, redirect users that are replying to // unapproved messages to the message list. phorum_api_redirect(PHORUM_LIST_URL); } // closed topic, show a message if ($top_parent["closed"]) { $PHORUM["DATA"]["OKMSG"] = $PHORUM["DATA"]["LANG"]["ThreadClosed"]; $PHORUM["posting_template"] = "message"; return; } } // Do permission checks for editing messages. if ($mode == "edit") { // Check if the user is allowed to edit this post. $timelim = $PHORUM["user_edit_timelimit"]; $useredit = $message["user_id"] == $PHORUM["user"]["user_id"] && phorum_api_user_check_access(PHORUM_USER_ALLOW_EDIT) && !empty($top_parent) && !$top_parent["closed"] && (!$timelim || $message["datestamp"] + $timelim * 60 >= time()); // Moderators are allowed to edit messages. $moderatoredit = $PHORUM["DATA"]["MODERATOR"] && $message["forum_id"] == $PHORUM["forum_id"];
// Allow the activated cache layer to check if it is working correctly. if (function_exists('phorum_api_cache_check')) { $error = phorum_api_cache_check(); if ($error) { echo "The cache test has failed. Please check your cache " . "configuration in include/config/cache.php. If the " . "configuration is okay, check if the application used " . "for caching is running.<br/><br/>" . "The error as returned by the cache layer is:<br/>" . "<b>" . htmlspecialchars($error) . "</b>"; exit; } } // Check for an upgrade or a new install. if (!defined('PHORUM_ADMIN')) { if (!isset($PHORUM['internal_version'])) { echo "<html><head><title>Phorum error</title></head><body>\n <h2>No Phorum settings were found</h2>\n Either this is a brand new installation of Phorum<br/>\n or there is a problem with your database server.<br/>\n <br/>\n If this is a new install, please\n <a href=\"admin.php\">go to the admin page</a> to complete\n the installation.<br/>\n If not, then check your database server.\n </body></html>"; exit; } elseif ($PHORUM['internal_version'] < PHORUM_SCHEMA_VERSION || !isset($PHORUM['internal_patchlevel']) || $PHORUM['internal_patchlevel'] < PHORUM_SCHEMA_PATCHLEVEL) { if (isset($PHORUM["DBCONFIG"]["upgrade_page"])) { phorum_api_redirect($PHORUM["DBCONFIG"]["upgrade_page"]); } else { echo "<html><head><title>Upgrade notification</title></head><body>\n <h2>Phorum upgrade</h2>\n It looks like you have installed a new version of Phorum.<br/>\n Please visit the admin page to complete the upgrade!\n </body></html>"; exit; } } } // The internal_patchlevel can be unset, because this setting was // added in 5.2. When upgrading from 5.1, this settings is not yet // available. To make things work, we'll fake a value for this // setting which will always be lower than the available patch ids. if (!isset($PHORUM["internal_patchlevel"])) { $PHORUM["internal_patchlevel"] = "1111111111"; } // If we have no private key for signing data, generate one now, // but only if we are not in the middle of a fresh install.
// This script is used for handling Ajax calls to the Phorum system. // Ajax calls can either be implemented as scripts files in // "./include/ajax/call.<callname>.php" or through modules that implement // the "ajax_<call>" hook. define('phorum_page', 'ajax'); require_once './common.php'; require_once PHORUM_PATH . '/include/api/json.php'; // Registration of some language strings that can be used by Ajax clients. // We put them in here, so the language tool can find them. // $PHORUM['DATA']['LANG']['ActionPending'] // $PHORUM['DATA']['LANG']['ActionsPending'] // ---------------------------------------------------------------------- // Client JavaScript library // ---------------------------------------------------------------------- if (isset($PHORUM['args'][0]) && $PHORUM['args'][0] == 'client') { phorum_api_redirect(PHORUM_JAVASCRIPT_URL); } // ---------------------------------------------------------------------- // Show examples page. // ---------------------------------------------------------------------- if (isset($PHORUM['args'][0]) && $PHORUM['args'][0] == 'examples') { include './include/ajax/examples.php'; exit; } // ---------------------------------------------------------------------- // Dispatch Ajax calls // ---------------------------------------------------------------------- $PHORUM['ajax_args'] = array(); // Check if this is a JSONP request. $PHORUM['ajax_jsonp'] = NULL; if (isset($PHORUM['args']['callback'])) {
// // // This program is distributed in the hope that it will be useful, // // but WITHOUT ANY WARRANTY, without even the implied warranty of // // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. // // // // You should have received a copy of the Phorum License // // along with this program. // // // //////////////////////////////////////////////////////////////////////////////// if (!defined("PHORUM_CONTROL_CENTER")) { return; } require_once PHORUM_PATH . '/include/api/file.php'; require_once PHORUM_PATH . '/include/api/format/messages.php'; if (!$PHORUM["DATA"]["MESSAGE_MODERATOR"]) { phorum_api_redirect(PHORUM_CONTROLCENTER_URL); } // the number of days to show if (isset($_POST['moddays']) && is_numeric($_POST['moddays'])) { $moddays = (int) $_POST['moddays']; } elseif (isset($PHORUM['args']['moddays']) && !empty($PHORUM["args"]['moddays']) && is_numeric($PHORUM["args"]['moddays'])) { $moddays = (int) $PHORUM['args']['moddays']; } else { $moddays = phorum_api_user_get_setting("cc_messages_moddays"); } if ($moddays === NULL) { $moddays = 2; } if (isset($_POST['onlyunapproved']) && is_numeric($_POST['onlyunapproved'])) { $showwaiting = (int) $_POST['onlyunapproved']; } elseif (isset($PHORUM['args']['onlyunapproved']) && !empty($PHORUM["args"]['onlyunapproved']) && is_numeric($PHORUM["args"]['onlyunapproved'])) {
if ($PHORUM["folder_flag"]) { phorum_api_redirect(PHORUM_INDEX_URL, $PHORUM['forum_id']); } if (isset($PHORUM["args"][1]) && is_numeric($PHORUM["args"][1])) { $message_id = $PHORUM["args"][1]; } else { phorum_api_redirect(PHORUM_INDEX_URL, $PHORUM['forum_id']); } $message = $PHORUM['DB']->get_message($message_id); if (empty($message)) { phorum_api_redirect(PHORUM_INDEX_URL, $PHORUM["forum_id"]); } $PHORUM["DATA"]["MODERATOR"] = phorum_api_user_check_access(PHORUM_USER_ALLOW_MODERATE_MESSAGES); $edit_tracks = $PHORUM['DB']->get_message_edits($message_id); if (count($edit_tracks) == 0 || $PHORUM["track_edits"] == PHORUM_EDIT_TRACK_OFF || $PHORUM["track_edits"] == PHORUM_EDIT_TRACK_MODERATOR && !$PHORUM["DATA"]["MODERATOR"]) { phorum_api_redirect(PHORUM_READ_URL, $message['thread'], $message_id); } $diffs = array_reverse($edit_tracks); // push an empty diff for the current status array_push($diffs, array()); $prev_body = -1; $prev_subject = -1; foreach ($diffs as $diff_info) { if (!isset($diff_info["user_id"])) { $this_version["username"] = empty($PHORUM['custom_display_name']) ? htmlspecialchars($message["author"], ENT_COMPAT, $PHORUM["DATA"]["HCHARSET"]) : $message["author"]; $this_version["user_id"] = $message["user_id"]; $this_version["date"] = phorum_api_format_date($PHORUM["long_date_time"], $message["datestamp"]); $this_version["original"] = true; } else { $edit_user = phorum_api_user_get($diff_info['user_id']); $this_version["username"] = empty($PHORUM['custom_display_name']) ? htmlspecialchars($edit_user["display_name"], ENT_COMPAT, $PHORUM["DATA"]["HCHARSET"]) : $edit_user["display_name"];
} else { // for threaded $dest_url = phorum_api_url(PHORUM_READ_URL, $thread, $new_message); } } break; } if (empty($dest_url)) { if ($thread > 0) { $dest_url = phorum_api_url(PHORUM_READ_URL, $thread); } else { // we are either at the top or the bottom, go back to the list. $dest_url = phorum_api_url(PHORUM_LIST_URL); } } phorum_api_redirect($dest_url); } $thread = (int) $PHORUM["args"][1]; $message_id = (int) $PHORUM["args"][2]; if (isset($PHORUM["args"][3]) && $PHORUM["args"][3] == "printview") { $PHORUM["DATA"]["PRINTVIEW"] = 1; } else { $PHORUM["DATA"]["PRINTVIEW"] = 0; } } // determining the page if page isn't given and message_id != thread $page = 0; if (!$PHORUM["threaded_read"]) { if (isset($PHORUM['args']['page']) && is_numeric($PHORUM["args"]["page"]) && $PHORUM["args"]["page"] > 0) { $page = (int) $PHORUM["args"]["page"]; } elseif ($message_id != $thread) {
// dst is time + 1 hour if (isset($_POST['tz_offset']) && $_POST['tz_offset'] != -99) { if ($_POST['tz_offset'] && isset($_POST['is_dst']) && $_POST['is_dst']) { $_POST['tz_offset'] = ++$_POST['tz_offset'] . ""; } } // unsetting dst if not checked if (!isset($_POST['is_dst'])) { $_POST['is_dst'] = 0; } $oldtemplate = $PHORUM["user"]["user_template"]; list($error, $okmsg) = phorum_controlcenter_user_save($panel); // No error and the template changed? The reload the page to // reflect the new template. if (empty($error) && !empty($_POST["user_template"]) && $oldtemplate != $_POST["user_template"]) { phorum_api_redirect($PHORUM['DATA']['URL']['CC6']); } } if (isset($PHORUM["user_time_zone"])) { $PHORUM['DATA']['PROFILE']['TZSELECTION'] = $PHORUM["user_time_zone"]; } // compute the tz-array if (!isset($PHORUM['DATA']['PROFILE']['tz_offset']) || $PHORUM['DATA']['PROFILE']['tz_offset'] == -99) { $defsel = " selected=\"selected\""; } else { $defsel = ""; } // remove dst from tz_offset if (isset($PHORUM['DATA']['PROFILE']['is_dst']) && $PHORUM['DATA']['PROFILE']['is_dst']) { $PHORUM['DATA']['PROFILE']['tz_offset'] = --$PHORUM['DATA']['PROFILE']['tz_offset']; $PHORUM['DATA']['PROFILE']['tz_offset'] = number_format($PHORUM['DATA']['PROFILE']['tz_offset'], 2);
if (isset($PHORUM["status"]) && $PHORUM["status"] == PHORUM_MASTER_STATUS_READ_ONLY && empty($PHORUM['user']['admin'])) { if (!(isset($PHORUM["postingargs"]["as_include"]) && $PHORUM["postingargs"]["as_include"])) { phorum_build_common_urls(); // Only show header and footer when not included in another page. phorum_api_output("message"); } return; } // No forum id was set. Take the user back to the index. if (!isset($PHORUM["forum_id"])) { phorum_api_redirect(PHORUM_INDEX_URL); } // Somehow we got to a folder in posting.php. Take the // user back to the folder. if ($PHORUM["folder_flag"]) { phorum_api_redirect(PHORUM_INDEX_URL, $PHORUM["forum_id"]); } // ---------------------------------------------------------------------- // Definitions // ---------------------------------------------------------------------- // A list of valid posting modes. $valid_modes = array("post", "reply", "quote", "edit", "moderation"); // Form field configuration: // ------------------------- // // Configuration that we use for fields that we use in the editor form. // The format for the array elements is: // // [0] The type of field. One of: string, integer, boolean, array. // [1] Whether the value must be included as a hidden form field // This is used for identifying values which are always implemented
/** * Require that the user is logged in. * * A check is done to see if the user is logged in. * If not, then the user is redirected to the login page. * * @param bool $tight_security * When this parameter has a true value (default is FALSE), * then a tight security check is done. This means that a check * is done to see if a short term session is active. An available * long term session is not good enough in this case. * * Tight Security is an option that can be enabled from Phorum's * admin interface. */ function phorum_api_request_require_login($tight_security = FALSE) { global $PHORUM; // Check if we have an authenticated user. if (!$PHORUM['user']['user_id']) { phorum_api_redirect(PHORUM_LOGIN_URL, 'redir=' . urlencode(phorum_api_url_current())); } // Handle tight security. if ($tight_security && !$PHORUM['DATA']['FULLY_LOGGEDIN']) { phorum_api_redirect(PHORUM_LOGIN_URL, 'redir=' . urlencode(phorum_api_url_current())); } }
/** * @deprecated Replaced by {@link phorum_api_redirect()}. */ function phorum_redirect_by_url($url) { return phorum_api_redirect($url); }
include PHORUM_PATH . '/include/moderation/split_thread.php'; break; case PHORUM_DO_THREAD_SPLIT: // this is the last step of a thread split include PHORUM_PATH . '/include/moderation/do_thread_split.php'; break; case PHORUM_MAKE_STICKY: // make a thread sticky include PHORUM_PATH . '/include/moderation/make_sticky.php'; break; case PHORUM_MAKE_UNSTICKY: // make a thread unsticky include PHORUM_PATH . '/include/moderation/make_unsticky.php'; break; default: phorum_api_redirect(phorum_moderation_back_url()); } // Remove the affected messages from the cache if caching is enabled. if ($PHORUM['cache_messages']) { $invalidate_forums = array(); foreach ($invalidate_message_cache as $message) { phorum_api_cache_remove('message', $message['forum_id'] . "-" . $message["message_id"]); $invalidate_forums[$message['forum_id']] = $message['forum_id']; } if (is_array($invalidate_forums) && count($invalidate_forums)) { // increment the cache version for all involved forums once foreach ($invalidate_forums as $forum_id) { phorum_api_forums_increment_cache_version($forum_id); } } }
} // The action has been completed successfully. // Redirect the user to the result page. if ($redirect) { $args = array(PHORUM_PM_URL, "page=" . $page, "folder_id=" . $folder_id); if (isset($pm_rcpts)) { $args[] = "to_id=" . implode(':', $pm_rcpts); } if (!empty($pm_id)) { $args[] = "pm_id=" . $pm_id; } if (!empty($redirect_message)) { $args[] = "okmsg=" . $redirect_message; } $redir_url = call_user_func_array('phorum_api_url', $args); phorum_api_redirect($redir_url); } } // ------------------------------------------------------------------------ // Display a PM page // ------------------------------------------------------------------------ if (empty($PHORUM["DATA"]["HEADING"])) { $PHORUM["DATA"]["HEADING"] = $PHORUM["DATA"]["LANG"]["PrivateMessages"]; } // unset default description $PHORUM['DATA']['DESCRIPTION'] = ''; $PHORUM['DATA']['HTML_DESCRIPTION'] = ''; // Use the message list as the default page. if (!$page) { $page = "list"; $folder_id = PHORUM_PM_INBOX;
} $report = false; $template = "report"; $message = array(); $message_id = 0; // get the message if (isset($PHORUM["args"][1]) && is_numeric($PHORUM["args"][1])) { $message_id = $PHORUM["args"][1]; $message = $PHORUM['DB']->get_message($message_id); } else { phorum_api_redirect(PHORUM_LIST_URL); } if (is_array($message) && count($message)) { // check for report requests if (!empty($_POST["cancel"])) { return phorum_api_redirect(phorum_api_url(PHORUM_FOREIGN_READ_URL, $message["forum_id"], $message["thread"], $message['message_id'])); } if (!empty($_POST["report"])) { if ($PHORUM["DATA"]["LOGGEDIN"]) { if (empty($_POST["explanation"])) { $_POST["explanation"] = "<" . $PHORUM["DATA"]["LANG"]["None"] . ">"; } $mail_users = phorum_api_user_list_moderators($PHORUM['forum_id'], $PHORUM['email_ignore_admin'], TRUE); if (count($mail_users)) { $mail_data = array("mailmessage" => $PHORUM["DATA"]["LANG"]['ReportPostEmailBody'], "mailsubject" => $PHORUM["DATA"]["LANG"]['ReportPostEmailSubject'], "forumname" => $PHORUM["DATA"]["NAME"], "reportedby" => $PHORUM["user"]["display_name"], "author" => $message["author"], "subject" => $message["subject"], "body" => wordwrap($message["body"], 72), "ip" => $message["ip"], "raw_date" => $message["datestamp"], "date" => phorum_api_format_date($PHORUM["short_date_time"], $message["datestamp"]), "explanation" => wordwrap($_POST["explanation"], 72), "url" => phorum_api_url(PHORUM_READ_URL, $message["thread"], $message_id), "delete_url" => phorum_api_url(PHORUM_MODERATION_URL, PHORUM_DELETE_MESSAGE, $message_id), "hide_url" => phorum_api_url(PHORUM_MODERATION_URL, PHORUM_HIDE_POST, $message_id), "edit_url" => phorum_api_url(PHORUM_POSTING_URL, 'moderation', $message_id), "reporter_url" => phorum_api_url(PHORUM_PROFILE_URL, $PHORUM["user"]["user_id"]), "message" => $message); if (isset($_POST[PHORUM_SESSION_LONG_TERM])) { // strip any auth info from the created urls $mail_data["url"] = preg_replace("!,{0,1}" . PHORUM_SESSION_LONG_TERM . "=" . urlencode($_POST[PHORUM_SESSION_LONG_TERM]) . "!", "", $mail_data["url"]); $mail_data["delete_url"] = preg_replace("!,{0,1}" . PHORUM_SESSION_LONG_TERM . "=" . urlencode($_POST[PHORUM_SESSION_LONG_TERM]) . "!", "", $mail_data["delete_url"]); $mail_data["hide_url"] = preg_replace("!,{0,1}" . PHORUM_SESSION_LONG_TERM . "=" . urlencode($_POST[PHORUM_SESSION_LONG_TERM]) . "!", "", $mail_data["hide_url"]); $mail_data["edit_url"] = preg_replace("!,{0,1}" . PHORUM_SESSION_LONG_TERM . "=" . urlencode($_POST[PHORUM_SESSION_LONG_TERM]) . "!", "", $mail_data["edit_url"]);
// token timeout. $post = $_POST; unset($post['module']); unset($post['phorum_admin_token']); $get = $_GET; unset($get['module']); unset($get['phorum_admin_token']); if (empty($post) && empty($get)) { $module = ''; if (isset($_POST['module'])) { $module = basename($_POST['module']); } elseif (isset($_GET['module'])) { $module = basename($_GET['module']); } $url = phorum_admin_build_url('module=' . urlencode($module), TRUE); phorum_api_redirect($url); } $targetargs = $_SERVER['QUERY_STRING']; $target_html = phorum_admin_build_url($targetargs); $targs_html = htmlspecialchars($targetargs); $post_url = phorum_admin_build_url(); ?> You are accessing the admin after a security timeout.<br /><br /> The requested URL was: <pre><?php echo $target_html; ?> </pre><br /> <strong>Please make sure that you really want to access this URL and weren't tricked to go to the admin.</strong><br /> Please click on <strong>continue</strong> to go to this URL or on <strong>cancel</strong> to go to the forum homepage. <br /><br />
// This program is distributed in the hope that it will be useful, // // but WITHOUT ANY WARRANTY, without even the implied warranty of // // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. // // // // You should have received a copy of the Phorum License // // along with this program. // // // //////////////////////////////////////////////////////////////////////////////// if (!defined("PHORUM_CONTROL_CENTER")) { return; } if (count($_POST)) { $old_password = trim($_POST["password_old"]); $new_password = trim($_POST['password_new']); // attempt to authenticate the user if (empty($old_password) || !phorum_api_user_authenticate(PHORUM_FORUM_SESSION, $PHORUM['user']['username'], $old_password)) { $error = $PHORUM["DATA"]["LANG"]["ErrOriginalPassword"]; } elseif (empty($new_password) || empty($_POST['password_new2']) || $_POST['password_new'] !== $_POST['password_new2']) { $error = $PHORUM["DATA"]["LANG"]["ErrPassword"]; } else { // everything's good, save $_POST['password_temp'] = $_POST['password'] = $new_password; list($error, $okmsg) = phorum_controlcenter_user_save($panel); // Redirect to the password page, to make sure that the // CSRF token is refreshed. This token is partly based on the // session id and this session id changed along with the password. phorum_api_redirect(phorum_api_url(PHORUM_CONTROLCENTER_URL, "panel=" . PHORUM_CC_PASSWORD, "okmsg=" . urlencode($okmsg))); } } $PHORUM['DATA']['PROFILE']['CHANGEPASSWORD'] = 1; $template = "cc_usersettings";