function split_words($text)
{
global $pun_user;
static $noise_match, $noise_replace, $stopwords;
if (empty($noise_match)) {
$noise_match = array('[quote', '[code', '[url', '[img', '[email', '[color', '[colour', 'quote]', 'code]', 'url]', 'img]', 'email]', 'color]', 'colour]', '^', '$', '&', '(', ')', '<', '>', '`', '\'', '"', '|', ',', '@', '_', '?', '%', '~', '+', '[', ']', '{', '}', ':', '\\', '/', '=', '#', ';', '!', '*');
$noise_replace = array('', '', '', '', '', '', '', '', '', '', '', '', '', '', ' ', ' ', ' ', ' ', ' ', ' ', ' ', '', '', ' ', ' ', ' ', ' ', '', ' ', ' ', ' ', ' ', ' ', ' ', ' ', ' ', ' ', '', ' ', ' ', ' ', ' ', ' ', ' ');
$stopwords = (array) @file(PUN_ROOT . 'lang/' . $pun_user['language'] . '/stopwords.txt');
$stopwords = array_map('trim', $stopwords);
}
// Clean up
$patterns[] = '#&[\\#a-z0-9]+?;#i';
$patterns[] = '#\\b[\\w]+:\\/\\/[a-z0-9\\.\\-]+(\\/[a-z0-9\\?\\.%_\\-\\+=&\\/~]+)?#';
$patterns[] = '#\\[\\/?[a-z\\*=\\+\\-]+(\\:?[0-9a-z]+)?:[a-z0-9]{10,}(\\:[a-z0-9]+)?=?.*?\\]#';
$text = preg_replace($patterns, ' ', ' ' . strtolower($text) . ' ');
// Filter out junk
$text = str_replace($noise_match, $noise_replace, $text);
// Strip out extra whitespace between words
$text = trim(preg_replace('#\\s+#', ' ', $text));
// Fill an array with all the words
$words = explode(' ', $text);
if (!empty($words)) {
while (list($i, $word) = @each($words)) {
$words[$i] = trim($word, '.');
$num_chars = pun_strlen($word);
if ($num_chars < 3 || $num_chars > 20 || in_array($word, $stopwords)) {
unset($words[$i]);
}
}
}
return array_unique($words);
}
function validate_search_word($word, $idx)
{
static $stopwords;
// If the word is a keyword we don't want to index it, but we do want to be allowed to search it
if (is_keyword($word)) {
return !$idx;
}
if (!isset($stopwords)) {
if (file_exists(FORUM_CACHE_DIR . 'cache_stopwords.php')) {
include FORUM_CACHE_DIR . 'cache_stopwords.php';
}
if (!defined('PUN_STOPWORDS_LOADED')) {
if (!defined('FORUM_CACHE_FUNCTIONS_LOADED')) {
require PUN_ROOT . 'include/cache.php';
}
generate_stopwords_cache();
require FORUM_CACHE_DIR . 'cache_stopwords.php';
}
}
// If it is a stopword it isn't valid
if (in_array($word, $stopwords)) {
return false;
}
// If the word if CJK we don't want to index it, but we do want to be allowed to search it
if (is_cjk($word)) {
return !$idx;
}
// Check the word is within the min/max length
$num_chars = pun_strlen($word);
return $num_chars >= PUN_SEARCH_MIN_WORD && $num_chars <= PUN_SEARCH_MAX_WORD;
}
function validate_search_word($word, $idx)
{
global $cache;
static $stopwords;
// If the word is a keyword we don't want to index it, but we do want to be allowed to search it
if (is_keyword($word)) {
return !$idx;
}
if (!isset($stopwords)) {
$cache_id = generate_stopwords_cache_id();
$stopwords = $cache->get('stopwords.' . $cache_id);
if ($stopwords === Flux_Cache::NOT_FOUND) {
$stopwords = array();
$d = dir(PUN_ROOT . 'lang');
while (($entry = $d->read()) !== false) {
if ($entry[0] == '.') {
continue;
}
if (is_dir(PUN_ROOT . 'lang/' . $entry) && file_exists(PUN_ROOT . 'lang/' . $entry . '/stopwords.txt')) {
$stopwords = array_merge($stopwords, file(PUN_ROOT . 'lang/' . $entry . '/stopwords.txt'));
}
}
$d->close();
// Tidy up and filter the stopwords
$stopwords = array_map('pun_trim', $stopwords);
$stopwords = array_filter($stopwords);
$cache->set('stopwords.' . $cache_id, $stopwords);
}
}
// If it is a stopword it isn't valid
if (in_array($word, $stopwords)) {
return false;
}
// If the word if CJK we don't want to index it, but we do want to be allowed to search it
if (is_cjk($word)) {
return !$idx;
}
// Exclude % and * when checking whether current word is valid
$word = str_replace(array('%', '*'), '', $word);
// Check the word is within the min/max length
$num_chars = pun_strlen($word);
return $num_chars >= PUN_SEARCH_MIN_WORD && $num_chars <= PUN_SEARCH_MAX_WORD;
}
?>
</span>
</td>
</tr>
<tr>
<th scope="row"><?php
echo $lang->t('SMTP password label');
?>
</th>
<td>
<span><input type="checkbox" name="form[smtp_change_pass]" value="1" />  <?php
echo $lang->t('SMTP change password help');
?>
</span>
<?php
$smtp_pass = !empty($pun_config['o_smtp_pass']) ? random_key(pun_strlen($pun_config['o_smtp_pass']), true) : '';
?>
<input type="password" name="form[smtp_pass1]" size="25" maxlength="50" value="<?php
echo $smtp_pass;
?>
" />
<input type="password" name="form[smtp_pass2]" size="25" maxlength="50" value="<?php
echo $smtp_pass;
?>
" />
<span><?php
echo $lang->t('SMTP password help');
?>
</span>
</td>
</tr>
$noval = ucfirst(strtolower($noval));
}
}
}
}
// This isn't exactly a good way todo it, but it works. I may rethink this code later
$option = array();
$lastoption = "null";
while (list($key, $value) = each($_POST['poll_option'])) {
$value = pun_trim($value);
if ($value != "") {
if ($lastoption == '') {
$errors[] = $lang_polls['Empty option'];
} else {
$option[$key] = pun_trim($value);
if (pun_strlen($option[$key]) > 80) {
$errors[] = $lang_polls['Too long option'];
} else {
if ($key > $pun_config['poll_max_fields']) {
message($lang_common['Bad request']);
} else {
if ($pun_config['p_subject_all_caps'] == '0' && strtoupper($option[$key]) == $option[$key] && ($pun_user['g_id'] > PUN_MOD && !$pun_user['g_global_moderation'])) {
$option[$key] = ucfirst(strtolower($option[$key]));
}
}
}
}
}
$lastoption = pun_trim($value);
}
// People are naughty
if ($db->num_rows($result) != $num_posts_splitted) {
message($lang_common['Bad request'], false, '404 Not Found');
}
// Verify that the move to forum ID is valid
$result = $db->query('SELECT 1 FROM ' . $db->prefix . 'forums AS f LEFT JOIN ' . $db->prefix . 'forum_perms AS fp ON (fp.group_id=' . $pun_user['g_id'] . ' AND fp.forum_id=' . $move_to_forum . ') WHERE f.redirect_url IS NULL AND (fp.post_topics IS NULL OR fp.post_topics=1)') or error('Unable to fetch forum permissions', __FILE__, __LINE__, $db->error());
if (!$db->num_rows($result)) {
message($lang_common['Bad request'], false, '404 Not Found');
}
// Load the post.php language file
require PUN_ROOT . 'lang/' . $pun_user['language'] . '/post.php';
// Check subject
$new_subject = isset($_POST['new_subject']) ? pun_trim($_POST['new_subject']) : '';
if ($new_subject == '') {
message($lang_post['No subject']);
} else {
if (pun_strlen($new_subject) > 70) {
message($lang_post['Too long subject']);
}
}
// Get data from the new first post
$result = $db->query('SELECT p.id, p.poster, p.posted FROM ' . $db->prefix . 'posts AS p WHERE id IN(' . $posts . ') ORDER BY p.id ASC LIMIT 1') or error('Unable to get first post', __FILE__, __LINE__, $db->error());
$first_post_data = $db->fetch_assoc($result);
// Create the new topic
$db->query('INSERT INTO ' . $db->prefix . 'topics (poster, subject, posted, first_post_id, forum_id) VALUES (\'' . $db->escape($first_post_data['poster']) . '\', \'' . $db->escape($new_subject) . '\', ' . $first_post_data['posted'] . ', ' . $first_post_data['id'] . ', ' . $move_to_forum . ')') or error('Unable to create new topic', __FILE__, __LINE__, $db->error());
$new_tid = $db->insert_id();
// Move the posts to the new topic
$db->query('UPDATE ' . $db->prefix . 'posts SET topic_id=' . $new_tid . ' WHERE id IN(' . $posts . ')') or error('Unable to move posts into new topic', __FILE__, __LINE__, $db->error());
// Apply every subscription to both topics
$db->query('INSERT INTO ' . $db->prefix . 'topic_subscriptions (user_id, topic_id) SELECT user_id, ' . $new_tid . ' FROM ' . $db->prefix . 'topic_subscriptions WHERE topic_id=' . $tid) or error('Unable to copy existing subscriptions', __FILE__, __LINE__, $db->error());
// Get last_post, last_post_id, and last_poster from the topic and update it
$result = $db->query('SELECT id, poster, posted FROM ' . $db->prefix . 'posts WHERE topic_id=' . $tid . ' ORDER BY id DESC LIMIT 1') or error('Unable to fetch post info', __FILE__, __LINE__, $db->error());
// Handle any duplicate users which occured due to conversion
case 'conv_users_dupe':
$query_str = '?stage=preparse_posts';
if (!$mysql || empty($_SESSION['dupe_users'])) {
break;
}
if (isset($_POST['form_sent'])) {
$errors = array();
require PUN_ROOT . 'include/email.php';
foreach ($_SESSION['dupe_users'] as $id => $cur_user) {
$errors[$id] = array();
$username = pun_trim($_POST['dupe_users'][$id]);
if (pun_strlen($username) < 2) {
$errors[$id][] = $lang_update['Username too short error'];
} else {
if (pun_strlen($username) > 25) {
// This usually doesn't happen since the form element only accepts 25 characters
$errors[$id][] = $lang_update['Username too long error'];
} else {
if (!strcasecmp($username, 'Guest')) {
$errors[$id][] = $lang_update['Username Guest reserved error'];
} else {
if (preg_match('%[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}%', $username) || preg_match('%((([0-9A-Fa-f]{1,4}:){7}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){6}:[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){5}:([0-9A-Fa-f]{1,4}:)?[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){4}:([0-9A-Fa-f]{1,4}:){0,2}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){3}:([0-9A-Fa-f]{1,4}:){0,3}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){2}:([0-9A-Fa-f]{1,4}:){0,4}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){6}((\\b((25[0-5])|(1\\d{2})|(2[0-4]\\d)|(\\d{1,2}))\\b)\\.){3}(\\b((25[0-5])|(1\\d{2})|(2[0-4]\\d)|(\\d{1,2}))\\b))|(([0-9A-Fa-f]{1,4}:){0,5}:((\\b((25[0-5])|(1\\d{2})|(2[0-4]\\d)|(\\d{1,2}))\\b)\\.){3}(\\b((25[0-5])|(1\\d{2})|(2[0-4]\\d)|(\\d{1,2}))\\b))|(::([0-9A-Fa-f]{1,4}:){0,5}((\\b((25[0-5])|(1\\d{2})|(2[0-4]\\d)|(\\d{1,2}))\\b)\\.){3}(\\b((25[0-5])|(1\\d{2})|(2[0-4]\\d)|(\\d{1,2}))\\b))|([0-9A-Fa-f]{1,4}::([0-9A-Fa-f]{1,4}:){0,5}[0-9A-Fa-f]{1,4})|(::([0-9A-Fa-f]{1,4}:){0,6}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){1,7}:))%', $username)) {
$errors[$id][] = $lang_update['Username IP format error'];
} else {
if ((strpos($username, '[') !== false || strpos($username, ']') !== false) && strpos($username, '\'') !== false && strpos($username, '"') !== false) {
$errors[$id][] = $lang_update['Username bad characters error'];
} else {
if (preg_match('%(?:\\[/?(?:b|u|s|ins|del|em|i|h|colou?r|quote|code|img|url|email|list|\\*)\\]|\\[(?:img|url|quote|list)=)%i', $username)) {
$errors[$id][] = $lang_update['Username BBCode error'];
}
}
// Load the post.php/edit.php language file
require PUN_ROOT . 'lang/' . $pun_user['language'] . '/post.php';
// Start with a clean slate
$errors = array();
if (isset($_POST['form_sent'])) {
if ($is_admmod) {
confirm_referrer('edit.php');
}
// If it is a topic it must contain a subject
if ($can_edit_subject) {
$subject = pun_trim($_POST['req_subject']);
if ($subject == '') {
$errors[] = $lang_post['No subject'];
} else {
if (pun_strlen($subject) > 70) {
$errors[] = $lang_post['Too long subject'];
} else {
if ($pun_config['p_subject_all_caps'] == '0' && strtoupper($subject) == $subject && $pun_user['g_id'] > PUN_MOD) {
$subject = ucwords(strtolower($subject));
}
}
}
}
// Clean up message from POST
$message = pun_linebreaks(pun_trim($_POST['req_message']));
if ($message == '') {
$errors[] = $lang_post['No message'];
} else {
if (strlen($message) > 65535) {
$errors[] = $lang_post['Too long message'];
$form['url'] = 'http://' . $form['url'];
}
break;
case 'messaging':
$form = extract_elements(array('jabber', 'icq', 'msn', 'aim', 'yahoo'));
// If the ICQ UIN contains anything other than digits it's invalid
if ($form['icq'] != '' && @preg_match('/[^0-9]/', $form['icq'])) {
message($lang_prof_reg['Bad ICQ']);
}
break;
case 'personality':
$form = extract_elements(array('use_avatar'));
// Clean up signature from POST
$form['signature'] = pun_linebreaks(trim($_POST['signature']));
// Validate signature
if (pun_strlen($form['signature']) > $pun_config['p_sig_length']) {
message($lang_prof_reg['Sig too long'] . ' ' . $pun_config['p_sig_length'] . ' ' . $lang_prof_reg['characters'] . '.');
} else {
if (substr_count($form['signature'], "\n") > $pun_config['p_sig_lines'] - 1) {
message($lang_prof_reg['Sig too many lines'] . ' ' . $pun_config['p_sig_lines'] . ' ' . $lang_prof_reg['lines'] . '.');
} else {
if ($form['signature'] && $pun_config['p_sig_all_caps'] == '0' && strtoupper($form['signature']) == $form['signature'] && $pun_user['g_id'] > PUN_MOD) {
$form['signature'] = ucwords(strtolower($form['signature']));
}
}
}
// Validate BBCode syntax
if ($pun_config['p_sig_bbcode'] == '1' && strpos($form['signature'], '[') !== false && strpos($form['signature'], ']') !== false) {
require PUN_ROOT . 'include/parser.php';
$form['signature'] = preparse_bbcode($form['signature'], $foo, true);
}
if ($pun_user['g_id'] > PUN_GUEST) {
$result = $db->query('SELECT posted FROM ' . $db->prefix . 'messages ORDER BY id DESC LIMIT 1') or error('Unable to fetch message time for flood protection', __FILE__, __LINE__, $db->error());
if (list($last) = $db->fetch_row($result)) {
if (time() - $last < $pun_user['g_post_flood']) {
message($lang_pms['Flood start'] . ' ' . $pun_user['g_post_flood'] . ' ' . $lang_pms['Flood end']);
}
}
}
// Smileys
$hide_smilies = isset($_POST['hide_smilies']) ? 1 : 0;
// Check subject
$subject = pun_trim($_POST['req_subject']);
if ($subject == '') {
message($lang_post['No subject']);
} else {
if (pun_strlen($subject) > 100) {
message($lang_post['Too long subject']);
} else {
if ($pun_config['p_subject_all_caps'] == '0' && strtoupper($subject) == $subject && $pun_user['g_id'] > PUN_GUEST) {
$subject = ucfirst(strtolower($subject));
}
}
}
if (isset($_POST['preview'])) {
$subject = str_replace('\'', ''', $subject);
}
// Clean up message from POST
$message = pun_linebreaks(pun_trim($_POST['req_message']));
// Check message
if ($message == '') {
message($lang_post['No message']);
$recipient = $result[0];
unset($result, $query, $params);
if ($recipient['email_setting'] == 2 && !$pun_user['is_admmod']) {
message($lang->t('Form email disabled'));
}
if (isset($_POST['form_sent'])) {
// Clean up message and subject from POST
$subject = pun_trim($_POST['req_subject']);
$message = pun_trim($_POST['req_message']);
if ($subject == '') {
message($lang->t('No email subject'));
} else {
if ($message == '') {
message($lang->t('No email message'));
} else {
if (pun_strlen($message) > PUN_MAX_POSTSIZE) {
message($lang->t('Too long email message'));
}
}
}
if ($pun_user['last_email_sent'] != '' && time() - $pun_user['last_email_sent'] < $pun_user['g_email_flood'] && time() - $pun_user['last_email_sent'] >= 0) {
message($lang->t('Email flood', $pun_user['g_email_flood']));
}
// Load the "form email" template
$mail_tpl = trim(file_get_contents(PUN_ROOT . 'lang/' . $pun_user['language'] . '/mail_templates/form_email.tpl'));
// The first row contains the subject
$first_crlf = strpos($mail_tpl, "\n");
$mail_subject = pun_trim(substr($mail_tpl, 8, $first_crlf - 8));
$mail_message = pun_trim(substr($mail_tpl, $first_crlf));
$mail_subject = str_replace('<mail_subject>', $subject, $mail_subject);
$mail_message = str_replace('<sender>', $pun_user['username'], $mail_message);
$username = decode_username($username_hash);
// Validate username and passwords
if (!$username_hash) {
message('Invalid username');
} else {
if (strlen($username) < 2) {
message($lang_prof_reg['Username too short']);
} else {
if (pun_strlen($username) > 12) {
// This usually doesn't happen since the form element only accepts 12 characters
message($lang_common['Bad request']);
} else {
if (strlen($password1) < 4) {
message($lang_prof_reg['Pass too short']);
} else {
if (pun_strlen($password1) > 16) {
// This usually doesn't happen since the form element only accepts 16 characters
message($lang_common['Bad request']);
} else {
if ($password1 != $password2) {
message($lang_prof_reg['Pass not match']);
} else {
if (preg_match('/^Mod\\s+/i', $username) || preg_match('/^Admin\\s+/i', $username)) {
message('Usernames may not start with "Mod " or "Admin ". Please choose another username.');
}
}
}
}
}
}
}
break;
case 'messaging':
$form = array('jabber' => pun_trim($_POST['form']['jabber']), 'icq' => pun_trim($_POST['form']['icq']), 'msn' => pun_trim($_POST['form']['msn']), 'aim' => pun_trim($_POST['form']['aim']), 'yahoo' => pun_trim($_POST['form']['yahoo']));
// If the ICQ UIN contains anything other than digits it's invalid
if (preg_match('%[^0-9]%', $form['icq'])) {
message($lang->t('Bad ICQ'));
}
break;
case 'personality':
$form = array();
// Clean up signature from POST
if ($pun_config['o_signatures'] == '1') {
$form['signature'] = pun_linebreaks(pun_trim($_POST['signature']));
// Validate signature
if (pun_strlen($form['signature']) > $pun_config['p_sig_length']) {
message($lang->t('Sig too long', $pun_config['p_sig_length'], pun_strlen($form['signature']) - $pun_config['p_sig_length']));
} else {
if (substr_count($form['signature'], "\n") > $pun_config['p_sig_lines'] - 1) {
message($lang->t('Sig too many lines', $pun_config['p_sig_lines']));
} else {
if ($form['signature'] && $pun_config['p_sig_all_caps'] == '0' && is_all_uppercase($form['signature']) && !$pun_user['is_admmod']) {
$form['signature'] = utf8_ucwords(utf8_strtolower($form['signature']));
}
}
}
// Validate BBCode syntax
if ($pun_config['p_sig_bbcode'] == '1') {
require PUN_ROOT . 'include/parser.php';
$errors = array();
$form['signature'] = preparse_bbcode($form['signature'], $errors, true);
if (count($errors) > 0) {
function check_username($username, $exclude_id = null)
{
global $db, $pun_config, $errors, $lang, $lang, $pun_bans;
$lang->load('prof_reg');
$lang->load('register');
// Convert multiple whitespace characters into one (to prevent people from registering with indistinguishable usernames)
$username = preg_replace('%\\s+%s', ' ', $username);
// Validate username
if (pun_strlen($username) < 2) {
$errors[] = $lang->t('Username too short');
} else {
if (pun_strlen($username) > 25) {
// This usually doesn't happen since the form element only accepts 25 characters
$errors[] = $lang->t('Username too long');
} else {
if (!strcasecmp($username, 'Guest') || !strcasecmp($username, $lang->t('Guest'))) {
$errors[] = $lang->t('Username guest');
} else {
if (preg_match('%[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}%', $username) || preg_match('%((([0-9A-Fa-f]{1,4}:){7}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){6}:[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){5}:([0-9A-Fa-f]{1,4}:)?[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){4}:([0-9A-Fa-f]{1,4}:){0,2}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){3}:([0-9A-Fa-f]{1,4}:){0,3}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){2}:([0-9A-Fa-f]{1,4}:){0,4}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){6}((\\b((25[0-5])|(1\\d{2})|(2[0-4]\\d)|(\\d{1,2}))\\b)\\.){3}(\\b((25[0-5])|(1\\d{2})|(2[0-4]\\d)|(\\d{1,2}))\\b))|(([0-9A-Fa-f]{1,4}:){0,5}:((\\b((25[0-5])|(1\\d{2})|(2[0-4]\\d)|(\\d{1,2}))\\b)\\.){3}(\\b((25[0-5])|(1\\d{2})|(2[0-4]\\d)|(\\d{1,2}))\\b))|(::([0-9A-Fa-f]{1,4}:){0,5}((\\b((25[0-5])|(1\\d{2})|(2[0-4]\\d)|(\\d{1,2}))\\b)\\.){3}(\\b((25[0-5])|(1\\d{2})|(2[0-4]\\d)|(\\d{1,2}))\\b))|([0-9A-Fa-f]{1,4}::([0-9A-Fa-f]{1,4}:){0,5}[0-9A-Fa-f]{1,4})|(::([0-9A-Fa-f]{1,4}:){0,6}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){1,7}:))%', $username)) {
$errors[] = $lang->t('Username IP');
} else {
if ((strpos($username, '[') !== false || strpos($username, ']') !== false) && strpos($username, '\'') !== false && strpos($username, '"') !== false) {
$errors[] = $lang->t('Username reserved chars');
} else {
if (preg_match('%(?:\\[/?(?:b|u|s|ins|del|em|i|h|colou?r|quote|code|img|url|email|list|\\*|topic|post|forum|user)\\]|\\[(?:img|url|quote|list)=)%i', $username)) {
$errors[] = $lang->t('Username BBCode');
}
}
}
}
}
}
// Check username for any censored words
if ($pun_config['o_censoring'] == '1' && censor_words($username) != $username) {
$errors[] = $lang->t('Username censor');
}
// Check that the username (or a too similar username) is not already registered
$query = $db->select(array('username' => 'u.username'), 'users AS u');
$query->where = '(u.username LIKE :username OR u.username LIKE :clean_username) AND u.id > 1';
$params = array(':username' => $username, ':clean_username' => ucp_preg_replace('%[^\\p{L}\\p{N}]%u', '', $username));
if ($exclude_id) {
$query->where .= ' AND u.id != :exclude_id';
$params[':exclude_id'] = $exclude_id;
}
$result = $query->run($params);
if (!empty($result)) {
$errors[] = $lang->t('Username dupe 1') . ' ' . pun_htmlspecialchars($result[0]['username']) . '. ' . $lang->t('Username dupe 2');
}
unset($query, $params, $result);
// Check username for any banned usernames
foreach ($pun_bans as $cur_ban) {
if ($cur_ban['username'] != '' && utf8_strtolower($username) == utf8_strtolower($cur_ban['username'])) {
$errors[] = $lang->t('Banned username');
break;
}
}
}
$errors[] = sprintf($lang_pms['User disable PM'], pun_htmlspecialchars($destinataire));
} elseif ($destinataires[$i]['g_id'] > PUN_GUEST && $destinataires[$i]['g_pm_limit'] != 0 && $destinataires[$i]['total_pm'] >= $destinataires[$i]['g_pm_limit']) {
$errors[] = sprintf($lang_pms['Dest full'], pun_htmlspecialchars($destinataire));
} elseif ($pun_user['g_id'] > PUN_GUEST && $destinataires[$i]['allow_msg'] !== null && $destinataires[$i]['allow_msg'] == 0) {
$errors[] = sprintf($lang_pms['User blocked'], pun_htmlspecialchars($destinataire));
}
} else {
$errors[] = sprintf($lang_pms['No user'], pun_htmlspecialchars($destinataire));
}
$i++;
}
// Check subject
$p_subject = pun_trim($_POST['req_subject']);
if ($p_subject == '') {
$errors[] = $lang_post['No subject'];
} elseif (pun_strlen($p_subject) > 70) {
$errors[] = $lang_post['Too long subject'];
} elseif ($pun_config['p_subject_all_caps'] == '0' && strtoupper($p_subject) == $p_subject && $pun_user['g_id'] > PUN_GUEST) {
$p_subject = ucwords(strtolower($p_subject));
}
// Clean up message from POST
$p_message = pun_linebreaks(pun_trim($_POST['req_message']));
// Check message
if ($p_message == '') {
$errors[] = $lang_post['No message'];
} else {
if (strlen($p_message) > 65535) {
$errors[] = $lang_post['Too long message'];
} else {
if ($pun_config['p_message_all_caps'] == '0' && strtoupper($p_message) == $p_message && $pun_user['g_id'] > PUN_GUEST) {
$p_message = ucwords(strtolower($p_message));
echo "\t" . '</item>' . "\r\n";
}
echo '</channel>' . "\r\n";
echo '</rss>';
} else {
$show = isset($_GET['show']) ? intval($_GET['show']) : 15;
if ($show < 1 || $show > 50) {
$show = 15;
}
// Fetch $show topics
$result = $db->query('SELECT t.id, t.subject FROM ' . $db->prefix . 'topics AS t INNER JOIN ' . $db->prefix . 'forums AS f ON f.id=t.forum_id LEFT JOIN ' . $db->prefix . 'forum_perms AS fp ON (fp.forum_id=f.id AND fp.group_id=3) WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND t.moved_to IS NULL' . $forum_sql . ' ORDER BY ' . $order_by . ' DESC LIMIT ' . $show) or error('Unable to fetch topic list', __FILE__, __LINE__, $db->error());
while ($cur_topic = $db->fetch_assoc($result)) {
if ($pun_config['o_censoring'] == '1') {
$cur_topic['subject'] = censor_words($cur_topic['subject']);
}
if (pun_strlen($cur_topic['subject']) > $max_subject_length) {
$subject_truncated = pun_htmlspecialchars(trim(substr($cur_topic['subject'], 0, $max_subject_length - 5))) . ' …';
} else {
$subject_truncated = pun_htmlspecialchars($cur_topic['subject']);
}
echo '<li><a href="' . $pun_config['o_base_url'] . '/viewtopic.php?id=' . $cur_topic['id'] . '&action=new" title="' . pun_htmlspecialchars($cur_topic['subject']) . '">' . $subject_truncated . '</a></li>' . "\n";
}
}
return;
} else {
if ($_GET['action'] == 'online' || $_GET['action'] == 'online_full') {
// Load the index.php language file
require PUN_ROOT . 'lang/' . $pun_config['o_default_lang'] . '/index.php';
// Fetch users online info and generate strings for output
$num_guests = $num_users = 0;
$users = array();
function check_username($username, $exclude_id = null)
{
global $db, $pun_config, $errors, $lang_prof_reg, $lang_register, $lang_common, $pun_bans;
// Include UTF-8 function
require_once PUN_ROOT . 'include/utf8/strcasecmp.php';
// Convert multiple whitespace characters into one (to prevent people from registering with indistinguishable usernames)
$username = preg_replace('%\\s+%s', ' ', $username);
// Validate username
if (pun_strlen($username) < 2) {
$errors[] = $lang_prof_reg['Username too short'];
} else {
if (pun_strlen($username) > 25) {
// This usually doesn't happen since the form element only accepts 25 characters
$errors[] = $lang_prof_reg['Username too long'];
} else {
if (!strcasecmp($username, 'Guest') || !utf8_strcasecmp($username, $lang_common['Guest'])) {
$errors[] = $lang_prof_reg['Username guest'];
} else {
if (preg_match('%[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}%', $username) || preg_match('%((([0-9A-Fa-f]{1,4}:){7}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){6}:[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){5}:([0-9A-Fa-f]{1,4}:)?[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){4}:([0-9A-Fa-f]{1,4}:){0,2}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){3}:([0-9A-Fa-f]{1,4}:){0,3}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){2}:([0-9A-Fa-f]{1,4}:){0,4}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){6}((\\b((25[0-5])|(1\\d{2})|(2[0-4]\\d)|(\\d{1,2}))\\b)\\.){3}(\\b((25[0-5])|(1\\d{2})|(2[0-4]\\d)|(\\d{1,2}))\\b))|(([0-9A-Fa-f]{1,4}:){0,5}:((\\b((25[0-5])|(1\\d{2})|(2[0-4]\\d)|(\\d{1,2}))\\b)\\.){3}(\\b((25[0-5])|(1\\d{2})|(2[0-4]\\d)|(\\d{1,2}))\\b))|(::([0-9A-Fa-f]{1,4}:){0,5}((\\b((25[0-5])|(1\\d{2})|(2[0-4]\\d)|(\\d{1,2}))\\b)\\.){3}(\\b((25[0-5])|(1\\d{2})|(2[0-4]\\d)|(\\d{1,2}))\\b))|([0-9A-Fa-f]{1,4}::([0-9A-Fa-f]{1,4}:){0,5}[0-9A-Fa-f]{1,4})|(::([0-9A-Fa-f]{1,4}:){0,6}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){1,7}:))%', $username)) {
$errors[] = $lang_prof_reg['Username IP'];
} else {
if ((strpos($username, '[') !== false || strpos($username, ']') !== false) && strpos($username, '\'') !== false && strpos($username, '"') !== false) {
$errors[] = $lang_prof_reg['Username reserved chars'];
} else {
if (preg_match('%(?:\\[/?(?:b|u|s|ins|del|em|i|h|colou?r|quote|code|img|url|email|list|\\*|topic|post|forum|user)\\]|\\[(?:img|url|quote|list)=)%i', $username)) {
$errors[] = $lang_prof_reg['Username BBCode'];
}
}
}
}
}
}
// Check username for any censored words
if ($pun_config['o_censoring'] == '1' && censor_words($username) != $username) {
$errors[] = $lang_register['Username censor'];
}
// Check that the username (or a too similar username) is not already registered
$query = !is_null($exclude_id) ? ' AND id!=' . $exclude_id : '';
$result = $db->query('SELECT username FROM ' . $db->prefix . 'users WHERE (UPPER(username)=UPPER(\'' . $db->escape($username) . '\') OR UPPER(username)=UPPER(\'' . $db->escape(ucp_preg_replace('%[^\\p{L}\\p{N}]%u', '', $username)) . '\')) AND id>1' . $query) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());
if ($db->num_rows($result)) {
$busy = $db->result($result);
$errors[] = $lang_register['Username dupe 1'] . ' ' . pun_htmlspecialchars($busy) . '. ' . $lang_register['Username dupe 2'];
}
// Check username for any banned usernames
foreach ($pun_bans as $cur_ban) {
if ($cur_ban['username'] != '' && utf8_strtolower($username) == utf8_strtolower($cur_ban['username'])) {
$errors[] = $lang_prof_reg['Banned username'];
break;
}
}
}
}
}
// If a search_id was supplied
if (isset($_GET['search_id'])) {
$search_id = intval($_GET['search_id']);
if ($search_id < 1) {
message($lang_common['Bad request'], false, '404 Not Found');
}
} else {
if ($action == 'search') {
$keywords = isset($_GET['keywords']) ? utf8_strtolower(pun_trim($_GET['keywords'])) : null;
$author = isset($_GET['author']) ? utf8_strtolower(pun_trim($_GET['author'])) : null;
if (preg_match('%^[\\*\\%]+$%', $keywords) || pun_strlen(str_replace(array('*', '%'), '', $keywords)) < PUN_SEARCH_MIN_WORD && !is_cjk($keywords)) {
$keywords = '';
}
if (preg_match('%^[\\*\\%]+$%', $author) || pun_strlen(str_replace(array('*', '%'), '', $author)) < 2) {
$author = '';
}
if (!$keywords && !$author) {
message($lang_search['No terms']);
}
if ($author) {
$author = str_replace('*', '%', $author);
}
$show_as = isset($_GET['show_as']) && $_GET['show_as'] == 'topics' ? 'topics' : 'posts';
$sort_by = isset($_GET['sort_by']) ? intval($_GET['sort_by']) : 0;
$search_in = !isset($_GET['search_in']) || $_GET['search_in'] == '0' ? 0 : ($_GET['search_in'] == '1' ? 1 : -1);
} else {
if ($action == 'show_user_posts' || $action == 'show_user_topics' || $action == 'show_subscriptions') {
$user_id = isset($_GET['user_id']) ? intval($_GET['user_id']) : $pun_user['id'];
if ($user_id < 2) {
$noval = ucwords(strtolower($noval));
}
}
}
}
// This isn't exactly a good way todo it, but it works. I may rethink this code later
$option = array();
$lastoption = "null";
while (list($key, $value) = each($_POST['poll_option'])) {
$value = pun_trim($value);
if ($value != "") {
if ($lastoption == '') {
$errors[] = $lang_polls['Empty option'];
} else {
$option[$key] = pun_trim($value);
if (pun_strlen($option[$key]) > 55) {
$errors[] = $lang_polls['Too long option'];
} else {
if ($key > $pun_config['poll_max_fields']) {
message($lang_common['Bad request']);
} else {
if ($pun_config['p_subject_all_caps'] == '0' && strtoupper($option[$key]) == $option[$key] && ($pun_user['g_id'] > PUN_MOD && !$pun_user['g_global_moderation'])) {
$option[$key] = ucwords(strtolower($option[$key]));
}
}
}
}
}
$lastoption = pun_trim($value);
}
// People are naughty
break;
case 'messaging':
$form = array('jabber' => pun_trim($_POST['form']['jabber']), 'icq' => pun_trim($_POST['form']['icq']), 'msn' => pun_trim($_POST['form']['msn']), 'aim' => pun_trim($_POST['form']['aim']), 'yahoo' => pun_trim($_POST['form']['yahoo']));
// If the ICQ UIN contains anything other than digits it's invalid
if (preg_match('/[^0-9]/', $form['icq'])) {
message($lang_prof_reg['Bad ICQ']);
}
break;
case 'personality':
$form = array();
// Clean up signature from POST
if ($pun_config['o_signatures'] == '1') {
$form['signature'] = pun_linebreaks(pun_trim($_POST['signature']));
// Validate signature
if (pun_strlen($form['signature']) > $pun_config['p_sig_length']) {
message(sprintf($lang_prof_reg['Sig too long'], $pun_config['p_sig_length'], pun_strlen($form['signature']) - $pun_config['p_sig_length']));
} else {
if (substr_count($form['signature'], "\n") > $pun_config['p_sig_lines'] - 1) {
message(sprintf($lang_prof_reg['Sig too many lines'], $pun_config['p_sig_lines']));
} else {
if ($form['signature'] && $pun_config['p_sig_all_caps'] == '0' && is_all_uppercase($form['signature']) && !$pun_user['is_admmod']) {
$form['signature'] = utf8_ucwords(utf8_strtolower($form['signature']));
}
}
}
// Validate BBCode syntax
if ($pun_config['p_sig_bbcode'] == '1') {
require PUN_ROOT . 'include/parser.php';
$errors = array();
$form['signature'] = preparse_bbcode($form['signature'], $errors, true);
if (count($errors) > 0) {
$subject = '<a href="viewtopic.php?id=' . $search_set[$i]['tid'] . '"' . $rel . '>' . pun_htmlspecialchars($search_set[$i]['subject']) . '</a>';
} else {
$subject = $lang_polls['Poll'] . ': <a href="viewtopic.php?id=' . $search_set[$i]['tid'] . '"' . $rel . '>' . pun_htmlspecialchars($search_set[$i]['subject']) . '</a>';
}
if (!$pun_user['is_guest'] && $search_set[$i]['last_post'] > $pun_user['last_visit']) {
$icon = '<div class="icon inew"><div class="nosize">' . $lang_common['New icon'] . '</div></div>' . "\n";
}
if ($pun_config['o_censoring'] == '1') {
$search_set[$i]['message'] = censor_words($search_set[$i]['message']);
}
$message = str_replace("\n", '<br />', pun_htmlspecialchars($search_set[$i]['message']));
$pposter = pun_htmlspecialchars($search_set[$i]['pposter']);
if ($search_set[$i]['poster_id'] > 1) {
$pposter = '<strong><a href="/users/' . $search_set[$i]['poster_id'] . '">' . $pposter . '</a></strong>';
}
if (pun_strlen($message) >= 1000) {
$message .= ' …';
}
$vtpost1 = $i == 0 ? ' vtp1' : '';
// Switch the background color for every message.
$bg_switch = $bg_switch ? $bg_switch = false : ($bg_switch = true);
$vtbg = $bg_switch ? ' rowodd' : ' roweven';
?>
<div class="blockpost searchposts<?php
echo $vtbg;
?>
">
<h2><?php
echo $forum;
?>
» <?php
message($lang->t('Registration flood'));
}
unset($result, $query, $params);
$username = pun_trim($_POST['req_user']);
$email1 = strtolower(trim($_POST['req_email1']));
if ($pun_config['o_regs_verify'] == '1') {
$email2 = strtolower(trim($_POST['req_email2']));
$password1 = random_pass(8);
$password2 = $password1;
} else {
$password1 = pun_trim($_POST['req_password1']);
$password2 = pun_trim($_POST['req_password2']);
}
// Validate username and passwords
check_username($username);
if (pun_strlen($password1) < 4) {
$errors[] = $lang->t('Pass too short');
} else {
if ($password1 != $password2) {
$errors[] = $lang->t('Pass not match');
}
}
// Validate email
require PUN_ROOT . 'include/email.php';
if (!is_valid_email($email1)) {
$errors[] = $lang->t('Invalid email');
} else {
if ($pun_config['o_regs_verify'] == '1' && $email1 != $email2) {
$errors[] = $lang->t('Email not match');
}
}
' . $db->prefix . 'posts AS p
WHERE
p.topic_id=' . $_GET['tid'] . '
ORDER BY
p.edited
;';
$result = $db->query($sql) or error('Unable to fetch posts list', __FILE__, __LINE__, $db->error());
if (isset($_GET['max_subject_length']) && is_numeric($_GET['max_subject_length']) && !empty($_GET['max_subject_length'])) {
$max_subject_length = $_GET['max_subject_length'];
}
while ($cur_post = $db->fetch_assoc($result)) {
if ($pun_config['o_censoring'] == '1') {
$cur_post['message'] = censor_words($cur_post['message']);
}
$subject_truncated = $cur_post['message'];
if (pun_strlen($cur_post['message']) > $max_subject_length) {
$subject_truncated = pun_htmlspecialchars(trim(substr($cur_post['message'], 0, $max_subject_length - 5))) . ' …';
} else {
$subject_truncated = pun_htmlspecialchars($cur_post['message']);
}
echo '<li>' . $subject_truncated . '</li>';
}
} else {
// No error for a nice show in strip-it :-)
//error( 'Unable to fetch posts list, you must ask for a topic id or title', __FILE__, __LINE__, $db->error() );
}
} else {
exit('Bad request');
}
}
}