function validate_search_word($word, $idx) { static $stopwords; // If the word is a keyword we don't want to index it, but we do want to be allowed to search it if (is_keyword($word)) { return !$idx; } if (!isset($stopwords)) { if (file_exists(FORUM_CACHE_DIR . 'cache_stopwords.php')) { include FORUM_CACHE_DIR . 'cache_stopwords.php'; } if (!defined('PANTHER_STOPWORDS_LOADED')) { if (!defined('FORUM_CACHE_FUNCTIONS_LOADED')) { require PANTHER_ROOT . 'include/cache.php'; } generate_stopwords_cache(); require FORUM_CACHE_DIR . 'cache_stopwords.php'; } } // If it is a stopword it isn't valid if (in_array($word, $stopwords)) { return false; } // If the word is CJK we don't want to index it, but we do want to be allowed to search it if (is_cjk($word)) { return !$idx; } // Exclude % and * when checking whether current word is valid $word = str_replace(array('%', '*'), '', $word); // Check the word is within the min/max length $num_chars = panther_strlen($word); return $num_chars >= PANTHER_SEARCH_MIN_WORD && $num_chars <= PANTHER_SEARCH_MAX_WORD; }
$forum_sql = ''; $url_forums = array_map('intval', $url_forums); // If a search_id was supplied if (isset($_GET['search_id'])) { $search_id = intval($_GET['search_id']); if ($search_id < 1) { message($lang_common['Bad request'], false, '404 Not Found'); } } else { if ($action == 'search') { $keywords = isset($_GET['keywords']) ? utf8_strtolower(panther_trim($_GET['keywords'])) : null; $author = isset($_GET['author']) ? utf8_strtolower(panther_trim($_GET['author'])) : null; if (preg_match('%^[\\*\\%]+$%', $keywords) || panther_strlen(str_replace(array('*', '%'), '', $keywords)) < PANTHER_SEARCH_MIN_WORD && !is_cjk($keywords)) { $keywords = ''; } if (preg_match('%^[\\*\\%]+$%', $author) || panther_strlen(str_replace(array('*', '%'), '', $author)) < 2) { $author = ''; } if (!$keywords && !$author) { message($lang_search['No terms']); } if ($author) { $author = str_replace('*', '%', $author); } $show_as = isset($_GET['show_as']) && $_GET['show_as'] == 'topics' ? 'topics' : 'posts'; $sort_by = isset($_GET['sort_by']) ? intval($_GET['sort_by']) : 0; $search_in = !isset($_GET['search_in']) || $_GET['search_in'] == '0' ? 0 : ($_GET['search_in'] == '1' ? 1 : -1); } else { if ($action == 'show_user_posts' || $action == 'show_user_topics' || $action == 'show_subscriptions') { $user_id = isset($_GET['user_id']) ? intval($_GET['user_id']) : $panther_user['id']; if ($user_id < 2) {
$errors = array(); $username = isset($_POST['username']) ? panther_trim($_POST['username']) : ''; $random_pass = isset($_POST['random_pass']) && $_POST['random_pass'] == '1' ? 1 : 0; $email = isset($_POST['email']) ? strtolower(panther_trim($_POST['email'])) : ''; $password_salt = random_pass(16); if ($random_pass == '1') { $password1 = random_pass(12); $password2 = $password1; } else { $password1 = isset($_POST['password1']) ? panther_trim($_POST['password1']) : ''; $password2 = isset($_POST['password2']) ? panther_trim($_POST['password2']) : ''; } require PANTHER_ROOT . 'lang/' . $panther_user['language'] . '/prof_reg.php'; // Validate username and passwords check_username($username); if (panther_strlen($password1) < 6) { $errors[] = $lang_prof_reg['Pass too short']; } else { if ($password1 != $password2) { $errors[] = $lang_prof_reg['Pass not match']; } } // Validate email require PANTHER_ROOT . 'include/email.php'; if (!$mailer->is_valid_email($email)) { $errors[] = $lang_common['Invalid email']; } // Check if it's a banned email address if ($mailer->is_banned_email($email)) { if ($panther_config['p_allow_banned_email'] == '0') { $errors[] = $lang_prof_reg['Banned email'];
if (isset($_POST['form_sent'])) { // Make sure they got here from the site confirm_referrer('edit.php'); // If it's a topic it must contain a subject if ($can_edit_subject) { $subject = isset($_POST['req_subject']) ? panther_trim($_POST['req_subject']) : ''; if ($panther_config['o_censoring'] == '1') { $censored_subject = panther_trim(censor_words($subject)); } if ($subject == '') { $errors[] = $lang_post['No subject']; } else { if ($panther_config['o_censoring'] == '1' && $censored_subject == '') { $errors[] = $lang_post['No subject after censoring']; } else { if (panther_strlen($subject) > 70) { $errors[] = $lang_post['Too long subject']; } else { if ($panther_config['p_subject_all_caps'] == '0' && is_all_uppercase($subject) && !$panther_user['is_admmod']) { $errors[] = $lang_post['All caps subject']; } } } } } // Clean up message from POST $message = isset($_POST['req_message']) ? panther_linebreaks(panther_trim($_POST['req_message'])) : ''; // Here we use strlen() not panther_strlen() as we want to limit the post to PANTHER_MAX_POSTSIZE bytes, not characters if (strlen($message) > PANTHER_MAX_POSTSIZE) { $errors[] = sprintf($lang_post['Too long message'], forum_number_format(PANTHER_MAX_POSTSIZE)); } else {
message($lang_common['Bad request'], false, '404 Not Found'); } // Verify that the move to forum ID is valid $data = array(':gid' => $panther_user['g_id'], ':fid' => $move_to_forum); $ps = $db->run('SELECT 1 FROM ' . $db->prefix . 'forums AS f LEFT JOIN ' . $db->prefix . 'forum_perms AS fp ON (fp.group_id=:gid AND fp.forum_id=:fid) WHERE f.redirect_url IS NULL AND (fp.post_topics IS NULL OR fp.post_topics=1)', $data); if (!$ps->rowCount()) { message($lang_common['Bad request'], false, '404 Not Found'); } // Load the post.php language file require PANTHER_ROOT . 'lang/' . $panther_user['language'] . '/post.php'; // Check subject $new_subject = isset($_POST['new_subject']) ? panther_trim($_POST['new_subject']) : ''; if ($new_subject == '') { message($lang_post['No subject']); } else { if (panther_strlen($new_subject) > 70) { message($lang_post['Too long subject']); } } ($hook = get_extensions('moderate_split_posts')) ? eval($hook) : null; // Get data from the new first post $ps = $db->run('SELECT p.id, p.poster, p.posted FROM ' . $db->prefix . 'posts AS p WHERE id IN(' . implode(',', $markers) . ') ORDER BY p.id ASC LIMIT 1', $posts); $first_post_data = $ps->fetch(); // Create the new topic $insert = array('poster' => $first_post_data['poster'], 'subject' => $new_subject, 'posted' => $first_post_data['posted'], 'first_post_id' => $first_post_data['id'], 'forum_id' => $move_to_forum); $db->insert('topics', $insert); $new_tid = $db->lastInsertId('topics'); $update_data[0] = $new_tid; // Move the posts to the new topic $db->run('UPDATE ' . $db->prefix . 'posts SET topic_id=? WHERE id IN(' . implode(',', $markers) . ')', $update_data); // Apply every subscription to both topics
$errors[] = $lang_poll['Too long question']; } else { if ($panther_config['p_subject_all_caps'] == '0' && is_all_uppercase($question) && !$panther_user['is_admmod']) { $errors[] = $lang_poll['All caps question']; } } } if (empty($options)) { $errors[] = $lang_poll['No options']; } $option_data = array(); for ($i = 0; $i <= $panther_config['o_max_poll_fields']; $i++) { if (!empty($errors)) { break; } if (panther_strlen($options[$i]) > 55) { $errors[] = $lang_poll['Too long option']; } else { if ($panther_config['p_subject_all_caps'] == '0' && is_all_uppercase($options[$i]) && !$panther_user['is_admmod']) { $errors[] = $lang_poll['All caps option']; } else { if ($options[$i] != '') { $option_data[] = $options[$i]; } } } } if (count($options) < 2) { $errors[] = $lang_poll['Low options']; } ($hook = get_extensions('edit_poll_after_validation')) ? eval($hook) : null;
// Determine expiration time $expiration_time = get_expiration_time($_POST['expiration_time'], $_POST['expiration_unit']); $warning_title = isset($_POST['warning_title']) ? panther_trim($_POST['warning_title']) : ''; $warning_description = isset($_POST['warning_description']) ? panther_trim($_POST['warning_description']) : ''; $points = isset($_POST['warning_points']) ? intval($_POST['warning_points']) : 0; if (strlen($warning_title) < 1) { message($lang_warnings['No title']); } else { if (strlen($warning_title) > 70) { message($lang_warnings['Title too long']); } } if ($warning_description == '') { message($lang_warnings['Must enter descripiton']); } else { if (panther_strlen($warning_description) > PANTHER_MAX_POSTSIZE) { message(sprintf($lang_warnings['Must enter descripiton'], forum_number_format(PANTHER_MAX_POSTSIZE))); } } $update = array('title' => $warning_title, 'description' => $warning_description, 'points' => $points, 'expiration_time' => $expiration_time); if (isset($_POST['id']) && $id > 0) { $data = array(':id' => $id); $ps = $db->select('warning_types', 'id, title, description, points, expiration_time', $data, 'id=:id'); if ($ps->rowCount()) { $warning_type = $ps->fetch(); $data = array(':id' => $warning_type['id']); $db->update('warning_types', $update, 'id=:id', $data); $redirect_msg = $lang_warnings['Type updated redirect']; } } else { $db->insert('warning_types', $update);
} } } } break; case 'messaging': $form = array('facebook' => panther_trim($_POST['form']['facebook']), 'steam' => panther_trim($_POST['form']['steam']), 'skype' => panther_trim($_POST['form']['skype']), 'google' => panther_trim($_POST['form']['google']), 'twitter' => panther_trim($_POST['form']['twitter'])); break; case 'personality': $form = array(); // Clean up signature from POST if ($panther_config['o_signatures'] == '1') { $form['signature'] = isset($_POST['signature']) ? panther_linebreaks(panther_trim($_POST['signature'])) : ''; // Validate signature if (panther_strlen($form['signature']) > $panther_config['p_sig_length']) { message(sprintf($lang_prof_reg['Sig too long'], $panther_config['p_sig_length'], panther_strlen($form['signature']) - $panther_config['p_sig_length'])); } else { if (substr_count($form['signature'], "\n") > $panther_config['p_sig_lines'] - 1) { message(sprintf($lang_prof_reg['Sig too many lines'], $panther_config['p_sig_lines'])); } else { if ($form['signature'] && $panther_config['p_sig_all_caps'] == '0' && is_all_uppercase($form['signature']) && !$panther_user['is_admmod']) { $form['signature'] = utf8_ucwords(utf8_strtolower($form['signature'])); } } } // Validate BBCode syntax if ($panther_config['p_sig_bbcode'] == '1') { require PANTHER_ROOT . 'include/parser.php'; $errors = array(); $form['signature'] = $parser->preparse_bbcode($form['signature'], $errors, true); if (count($errors) > 0) {
redirect(panther_link($panther_url['pms_folders']), $lang_pm['Folder added']); } } else { if (isset($_POST['update'])) { $id = intval(key($_POST['update'])); $folder = panther_trim($_POST['folder'][$id]); if ($panther_config['o_censoring'] == '1') { $censored_folder = panther_trim(censor_words($folder)); } if ($folder == '') { $errors[] = $lang_pm['No folder name']; } else { if (panther_strlen($folder) < 4) { $errors[] = $lang_pm['Folder too short']; } else { if (panther_strlen($folder) > 30) { $errors[] = $lang_pm['Folder too long']; } else { if ($panther_config['o_censoring'] == '1' && $folder == '') { $errors[] = $lang_pm['No folder after censoring']; } } } } if (empty($errors)) { $update = array('name' => $folder); $data = array(':id' => $id, ':uid' => $panther_user['id']); $db->update('folders', $update, 'id=:id AND user_id=:uid', $data); redirect(panther_link($panther_url['pms_folders']), $lang_pm['Folder edit redirect']); } } else {
$new = false; if (!$panther_user['is_guest'] && $cur_subforum['last_post'] > $panther_user['last_visit'] && (empty($tracked_topics['forums'][$cur_subforum['id']]) || $cur_subforum['last_post'] > $tracked_topics['forums'][$cur_subforum['id']])) { // There are new posts in this forum, but have we read all of them already? foreach ($new_topics[$cur_subforum['id']] as $check_topic_id => $check_last_post) { if ((empty($tracked_topics['topics'][$check_topic_id]) || $tracked_topics['topics'][$check_topic_id] < $check_last_post) && (empty($tracked_topics['forums'][$cur_subforum['id']]) || $tracked_topics['forums'][$cur_subforum['id']] < $check_last_post)) { $new = true; break; } } } $forums[$cur_subforum['id']] = array('moderators' => $moderators, 'last_post' => $cur_subforum['last_post'] ? format_time($cur_subforum['last_post']) : '', 'num_topics' => $num_topics, 'num_posts' => $num_posts, 'forum_count' => forum_number_format($forum_count++), 'search_link' => panther_link($panther_url['search_new_results'], array($cur_subforum['id'])), 'link' => panther_link($panther_url['forum'], array($cur_subforum['id'], url_friendly($cur_subforum['forum_name']))), 'forum_name' => $cur_subforum['forum_name'], 'forum_desc' => $cur_subforum['forum_desc'], 'redirect_url' => $cur_forum['redirect_url'], 'show_post_info' => $cur_subforum['show_post_info'], 'new' => $new); if ($cur_subforum['last_post']) { $forums[$cur_subforum['id']]['last_post_avatar'] = generate_avatar_markup($cur_subforum['uid'], $cur_subforum['email'], $cur_subforum['use_gravatar'], array(32, 32)); $forums[$cur_subforum['id']]['last_post_link'] = panther_link($panther_url['post'], array($cur_subforum['last_post_id'])); $forums[$cur_subforum['id']]['last_topic_link'] = panther_link($panther_url['topic'], array($cur_subforum['last_topic_id'], url_friendly($cur_subforum['last_topic']))); $forums[$cur_subforum['id']]['last_topic'] = panther_strlen($cur_subforum['last_topic']) > 30 ? utf8_substr($cur_subforum['last_topic'], 0, 30) . ' …' : $cur_subforum['last_topic']; $forums[$cur_subforum['id']]['last_poster'] = isset($cur_subforum['group_id']) ? colourize_group($cur_subforum['last_poster'], $cur_subforum['group_id'], $cur_subforum['uid']) : colourize_group($cur_subforum['last_poster'], PANTHER_GUEST); } } } $announcements = array(); if (!empty($panther_announcements[$id])) { $announce_count = 0; foreach ($panther_announcements[$id] as $cur_announce) { $data = array(':id' => $cur_announce['user_id']); $ps = $db->select('users', 'username, group_id', $data, 'id=:id'); list($username, $group_id) = $ps->fetch(PDO::FETCH_NUM); $announcements[] = array('count' => forum_number_format($announce_count++), 'user' => colourize_group($username, $group_id, $cur_announce['user_id']), 'link' => panther_link($panther_url['announcement_fid'], array($cur_announce['id'], $id, $cur_announce['url_subject'])), 'subject' => $cur_announce['subject']); } } // Retrieve a list of topic IDs, LIMIT is (really) expensive so we only fetch the IDs here then later fetch the remaining data
function check_username($username, $exclude_id = null) { global $db, $panther_config, $errors, $lang_prof_reg, $lang_register, $lang_common, $panther_bans; // Include UTF-8 function require_once PANTHER_ROOT . 'include/utf8/strcasecmp.php'; // Convert multiple whitespace characters into one (to prevent people from registering with indistinguishable usernames) $username = preg_replace('%\\s+%s', ' ', $username); // Validate username if (panther_strlen($username) < 2) { $errors[] = $lang_prof_reg['Username too short']; } else { if (panther_strlen($username) > 25) { // This usually doesn't happen since the form element only accepts 25 characters $errors[] = $lang_prof_reg['Username too long']; } else { if (!strcasecmp($username, 'Guest') || !utf8_strcasecmp($username, $lang_common['Guest'])) { $errors[] = $lang_prof_reg['Username guest']; } else { if (preg_match('%[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}%', $username) || preg_match('%((([0-9A-Fa-f]{1,4}:){7}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){6}:[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){5}:([0-9A-Fa-f]{1,4}:)?[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){4}:([0-9A-Fa-f]{1,4}:){0,2}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){3}:([0-9A-Fa-f]{1,4}:){0,3}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){2}:([0-9A-Fa-f]{1,4}:){0,4}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){6}((\\b((25[0-5])|(1\\d{2})|(2[0-4]\\d)|(\\d{1,2}))\\b)\\.){3}(\\b((25[0-5])|(1\\d{2})|(2[0-4]\\d)|(\\d{1,2}))\\b))|(([0-9A-Fa-f]{1,4}:){0,5}:((\\b((25[0-5])|(1\\d{2})|(2[0-4]\\d)|(\\d{1,2}))\\b)\\.){3}(\\b((25[0-5])|(1\\d{2})|(2[0-4]\\d)|(\\d{1,2}))\\b))|(::([0-9A-Fa-f]{1,4}:){0,5}((\\b((25[0-5])|(1\\d{2})|(2[0-4]\\d)|(\\d{1,2}))\\b)\\.){3}(\\b((25[0-5])|(1\\d{2})|(2[0-4]\\d)|(\\d{1,2}))\\b))|([0-9A-Fa-f]{1,4}::([0-9A-Fa-f]{1,4}:){0,5}[0-9A-Fa-f]{1,4})|(::([0-9A-Fa-f]{1,4}:){0,6}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){1,7}:))%', $username)) { $errors[] = $lang_prof_reg['Username IP']; } else { if ((strpos($username, '[') !== false || strpos($username, ']') !== false) && strpos($username, '\'') !== false && strpos($username, '"') !== false) { $errors[] = $lang_prof_reg['Username reserved chars']; } else { if (preg_match('%(?:\\[/?(?:b|u|s|ins|del|em|i|h|colou?r|quote|code|img|url|email|list|\\*|topic|post|forum|user)\\]|\\[(?:img|url|quote|list)=)%i', $username)) { $errors[] = $lang_prof_reg['Username BBCode']; } } } } } } // Check username for any censored words if ($panther_config['o_censoring'] == '1' && censor_words($username) != $username) { $errors[] = $lang_register['Username censor']; } $where_cond = '(UPPER(username)=UPPER(:username) OR UPPER(username)=UPPER(:username2)) AND id>1'; $data = array(':username' => $username, ':username2' => ucp_preg_replace('%[^\\p{L}\\p{N}]%u', '', $username)); // Check that the username (or a too similar username) is not already registered if (!is_null($exclude_id)) { $where_cond .= ' AND id!=:id'; $data[':id'] = $exclude_id; } $ps = $db->select('users', 'username', $data, $where_cond); if ($ps->rowCount()) { $busy = $ps->fetchColumn(); $errors[] = $lang_register['Username dupe 1'] . ' ' . $busy . '. ' . $lang_register['Username dupe 2']; } // Check username for any banned usernames foreach ($panther_bans as $cur_ban) { if ($cur_ban['username'] != '' && utf8_strtolower($username) == utf8_strtolower($cur_ban['username'])) { $errors[] = $lang_prof_reg['Banned username']; break; } } }
// Regenerate the config cache if (!defined('FORUM_CACHE_FUNCTIONS_LOADED')) { require PANTHER_ROOT . 'include/cache.php'; } generate_config_cache(); clear_feed_cache(); if ($form['url_type'] != $panther_config['o_url_type']) { //Load new URL pack to avoid 404 error after redirecting if (file_exists(PANTHER_ROOT . 'include/url/' . $form['url_type'] . '.php')) { require PANTHER_ROOT . 'include/url/' . $form['url_type'] . '.php'; } else { require PANTHER_ROOT . 'include/url/default.php'; } generate_quickjump_cache(); } redirect(panther_link($panther_url['admin_options']), $lang_admin_options['Options updated redirect']); } $page_title = array($panther_config['o_board_title'], $lang_admin_common['Admin'], $lang_admin_common['Options']); define('PANTHER_ACTIVE_PAGE', 'admin'); require PANTHER_ROOT . 'header.php'; generate_admin_menu('options'); $diff = ($panther_user['timezone'] + $panther_user['dst']) * 3600; $timestamp = time() + $diff; $schemes = get_url_schemes(); $scheme_options = array(); foreach ($schemes as $scheme) { $scheme_options[] = array('file' => $scheme, 'title' => substr(ucwords(str_replace('_', ' ', $scheme)), 0, -4)); } $tpl = load_template('admin_options.tpl'); echo $tpl->render(array('lang_admin_options' => $lang_admin_options, 'lang_admin_common' => $lang_admin_common, 'panther_config' => $panther_config, 'form_action' => panther_link($panther_url['admin_options']), 'csrf_token' => generate_csrf_token(PANTHER_ADMIN_DIR . '/options.php'), 'max_file_size' => $max_file_size, 'types' => $scheme_options, 'languages' => forum_list_langs(), 'styles' => forum_list_styles(), 'time_format' => gmdate($panther_config['o_time_format'], $timestamp), 'date_format' => gmdate($panther_config['o_date_format'], $timestamp), 'censoring_link' => panther_link($panther_url['admin_censoring']), 'archive_link' => panther_link($panther_url['admin_archive']), 'ranks_link' => panther_link($panther_url['admin_ranks']), 'tasks_link' => panther_link($panther_url['admin_tasks']), 'feeds' => array(5, 15, 30, 60), 'smtp_pass' => !empty($panther_config['o_smtp_pass']) ? random_key(panther_strlen($panther_config['o_smtp_pass']), true) : '', 'themes' => forum_list_themes())); require PANTHER_ROOT . 'footer.php';