function ArcadeSilverScore()
{
global $scripturl, $txt, $db_prefix, $context, $sourcedir, $modSettings, $smcFunc;
file_put_contents('./debug/' . sha1(serialize($_REQUEST)) . '.txt', print_r(array($_REQUEST, $_SESSION['arcade']['v2_play']), true));
ArcadeXMLOutput(array('test' => 'ok'));
obExit(false);
}
function ArcadeVbPermRequest()
{
global $scripturl, $context, $modSettings, $smcFunc;
if (!($game = getGameInfo($_SESSION['arcade_play_vb3g'][$_POST['id']]))) {
return false;
}
$session =& $_SESSION['arcade_play_' . $game['id']];
$noteid = $_POST['note'] / ($_POST['fakekey'] * ceil($_POST['score']));
if ($_POST['id'] != $session['last_id'] || $noteid != $_POST['id'] || $_POST['gametime'] != $session['start_time']) {
ob_end_clean();
if (!empty($modSettings['enableCompressedOutput'])) {
@ob_start('ob_gzhandler');
} else {
ob_start();
}
echo '&validate=0';
obExit(false);
}
$session['end_time'] = microtime_float();
$session['score'] = $_POST['score'];
ob_end_clean();
if (!empty($modSettings['enableCompressedOutput'])) {
@ob_start('ob_gzhandler');
} else {
ob_start();
}
echo '&validate=1µone=', microtime_float(), '&result=OK';
obExit(false);
}
/**
* Display some useful/interesting board statistics.
*
* What it does:
* - Gets all the statistics in order and puts them in.
* - Uses the Stats template and language file. (and main sub template.)
* - Requires the view_stats permission.
* - Accessed from ?action=stats.
*
* @uses Stats language file
* @uses Stats template, statistics sub template
*/
public function action_stats()
{
global $txt, $scripturl, $modSettings, $context;
// You have to be able to see these
isAllowedTo('view_stats');
// Page disabled - redirect them out
if (empty($modSettings['trackStats'])) {
fatal_lang_error('feature_disabled', true);
}
if (!empty($_REQUEST['expand'])) {
$context['robot_no_index'] = true;
$month = (int) substr($_REQUEST['expand'], 4);
$year = (int) substr($_REQUEST['expand'], 0, 4);
if ($year > 1900 && $year < 2200 && $month >= 1 && $month <= 12) {
$_SESSION['expanded_stats'][$year][] = $month;
}
} elseif (!empty($_REQUEST['collapse'])) {
$context['robot_no_index'] = true;
$month = (int) substr($_REQUEST['collapse'], 4);
$year = (int) substr($_REQUEST['collapse'], 0, 4);
if (!empty($_SESSION['expanded_stats'][$year])) {
$_SESSION['expanded_stats'][$year] = array_diff($_SESSION['expanded_stats'][$year], array($month));
}
}
// Just a lil' help from our friend :P
require_once SUBSDIR . '/Stats.subs.php';
// Handle the XMLHttpRequest.
if (isset($_REQUEST['xml'])) {
// Collapsing stats only needs adjustments of the session variables.
if (!empty($_REQUEST['collapse'])) {
obExit(false);
}
$context['sub_template'] = 'stats';
getDailyStats('YEAR(date) = {int:year} AND MONTH(date) = {int:month}', array('year' => $year, 'month' => $month));
$context['yearly'][$year]['months'][$month]['date'] = array('month' => sprintf('%02d', $month), 'year' => $year);
return;
}
// Stats it is
loadLanguage('Stats');
loadTemplate('Stats');
loadJavascriptFile('stats.js');
// Build the link tree......
$context['linktree'][] = array('url' => $scripturl . '?action=stats', 'name' => $txt['stats_center']);
// Prepare some things for the template page
$context['page_title'] = $context['forum_name'] . ' - ' . $txt['stats_center'];
$context['sub_template'] = 'statistics';
// These are the templates that will be used to render the statistics
$context['statistics_callbacks'] = array('general_statistics', 'top_statistics');
// Call each area of statics to load our friend $context
$this->loadGeneralStatistics();
$this->loadTopStatistics();
$this->loadMontlyActivity();
// Custom stats (just add a template_layer or another callback to add it to the page!)
call_integration_hook('integrate_forum_stats');
}
/**
* Output a block of XML that contains the details of our draft.
*
* @param int $draft
*/
function draftXmlReturn($draft)
{
if (empty($draft)) {
return;
}
global $txt, $context;
header('Content-Type: text/xml; charset=UTF-8');
echo '<', '?xml version="1.0" encoding="UTF-8"?', '>
<response>
<lastsave id="', $draft, '"><![CDATA[', $txt['last_saved_on'], ': ', timeformat(time()), ']', ']></lastsave>
</response>';
obExit(false);
}
/**
* Related Topics
*
* @package RelatedTopics
* @author Niko Pahajoki http://madjoki.com/
* @version 1.5
* @license http://madjoki.com/smf-mods/license/ New-BSD
*/
function RelatedTopicsAdminBuildIndex()
{
global $smcFunc, $scripturl, $modSettings, $context, $txt;
loadTemplate('Admin');
loadLanguage('Admin');
if (!isset($context['relatedClass']) && !initRelated()) {
fatal_lang_error('no_methods_selected');
}
$context['step'] = empty($_REQUEST['step']) ? 0 : (int) $_REQUEST['step'];
if ($context['step'] == 0) {
// Clear caches
foreach ($context['relatedClass'] as $class) {
$class->recreateIndexTables();
}
$smcFunc['db_query']('', '
DELETE FROM {db_prefix}related_topics');
}
$request = $smcFunc['db_query']('', '
SELECT MAX(id_topic)
FROM {db_prefix}topics');
list($max_topics) = $smcFunc['db_fetch_row']($request);
$smcFunc['db_free_result']($request);
// How many topics to do per page load?
$perStep = 150;
$last = $context['step'] + $perStep;
// Search for topic ids between first and last which are not in ignored boards
$request = $smcFunc['db_query']('', '
SELECT t.id_topic
FROM {db_prefix}topics AS t
WHERE t.id_topic > {int:start}
AND t.id_topic <= {int:last}' . (!empty($context['rt_ignore']) ? '
AND t.id_board NOT IN({array_int:ignored})' : ''), array('start' => $context['step'], 'last' => $last, 'ignored' => $context['rt_ignore']));
$topics = array();
while ($row = $smcFunc['db_fetch_assoc']($request)) {
$topics[] = $row['id_topic'];
}
$smcFunc['db_free_result']($request);
// Update topics
relatedUpdateTopics($topics, true);
if ($last >= $max_topics) {
redirectexit('action=admin;area=relatedtopics;sa=methods');
}
$context['sub_template'] = 'not_done';
$context['continue_get_data'] = '?action=admin;area=relatedtopics;sa=buildIndex;step=' . $last;
$context['continue_percent'] = round(100 * ($last / $max_topics));
$context['continue_post_data'] = '';
$context['continue_countdown'] = '2';
obExit();
}
function GroupRequests()
{
global $txt, $context, $scripturl, $user_info, $sourcedir, $smcFunc, $modSettings, $language;
// Set up the template stuff...
$context['page_title'] = $txt['mc_group_requests'];
$context['sub_template'] = 'show_list';
// Verify we can be here.
if ($user_info['mod_cache']['gq'] == '0=1') {
isAllowedTo('manage_membergroups');
}
// Normally, we act normally...
$where = $user_info['mod_cache']['gq'] == '1=1' || $user_info['mod_cache']['gq'] == '0=1' ? $user_info['mod_cache']['gq'] : 'lgr.' . $user_info['mod_cache']['gq'];
$where_parameters = array();
// We've submitted?
if (isset($_POST[$context['session_var']]) && !empty($_POST['groupr']) && !empty($_POST['req_action'])) {
checkSession('post');
// Clean the values.
foreach ($_POST['groupr'] as $k => $request) {
$_POST['groupr'][$k] = (int) $request;
}
// If we are giving a reason (And why shouldn't we?), then we don't actually do much.
if ($_POST['req_action'] == 'reason') {
// Different sub template...
$context['sub_template'] = 'group_request_reason';
// And a limitation. We don't care that the page number bit makes no sense, as we don't need it!
$where .= ' AND lgr.id_request IN ({array_int:request_ids})';
$where_parameters['request_ids'] = $_POST['groupr'];
$context['group_requests'] = list_getGroupRequests(0, $modSettings['defaultMaxMessages'], 'lgr.id_request', $where, $where_parameters);
// Let obExit etc sort things out.
obExit();
} else {
// Get the details of all the members concerned...
$request = $smcFunc['db_query']('', '
SELECT lgr.id_request, lgr.id_member, lgr.id_group, mem.email_address, mem.id_group AS primary_group,
mem.additional_groups AS additional_groups, mem.lngfile, mem.member_name, mem.notify_types,
mg.hidden, mg.group_name
FROM {db_prefix}log_group_requests AS lgr
INNER JOIN {db_prefix}members AS mem ON (mem.id_member = lgr.id_member)
INNER JOIN {db_prefix}membergroups AS mg ON (mg.id_group = lgr.id_group)
WHERE ' . $where . '
AND lgr.id_request IN ({array_int:request_list})
ORDER BY mem.lngfile', array('request_list' => $_POST['groupr']));
$email_details = array();
$group_changes = array();
while ($row = $smcFunc['db_fetch_assoc']($request)) {
$row['lngfile'] = empty($row['lngfile']) || empty($modSettings['userLanguage']) ? $language : $row['lngfile'];
// If we are approving work out what their new group is.
if ($_POST['req_action'] == 'approve') {
// For people with more than one request at once.
if (isset($group_changes[$row['id_member']])) {
$row['additional_groups'] = $group_changes[$row['id_member']]['add'];
$row['primary_group'] = $group_changes[$row['id_member']]['primary'];
} else {
$row['additional_groups'] = explode(',', $row['additional_groups']);
}
// Don't have it already?
if ($row['primary_group'] == $row['id_group'] || in_array($row['id_group'], $row['additional_groups'])) {
continue;
}
// Should it become their primary?
if ($row['primary_group'] == 0 && $row['hidden'] == 0) {
$row['primary_group'] = $row['id_group'];
} else {
$row['additional_groups'][] = $row['id_group'];
}
// Add them to the group master list.
$group_changes[$row['id_member']] = array('primary' => $row['primary_group'], 'add' => $row['additional_groups']);
}
// Add required information to email them.
if ($row['notify_types'] != 4) {
$email_details[] = array('rid' => $row['id_request'], 'member_id' => $row['id_member'], 'member_name' => $row['member_name'], 'group_id' => $row['id_group'], 'group_name' => $row['group_name'], 'email' => $row['email_address'], 'language' => $row['lngfile']);
}
}
$smcFunc['db_free_result']($request);
// Remove the evidence...
$smcFunc['db_query']('', '
DELETE FROM {db_prefix}log_group_requests
WHERE id_request IN ({array_int:request_list})', array('request_list' => $_POST['groupr']));
// Ensure everyone who is online gets their changes right away.
updateSettings(array('settings_updated' => time()));
if (!empty($email_details)) {
require_once $sourcedir . '/Subs-Post.php';
// They are being approved?
if ($_POST['req_action'] == 'approve') {
// Make the group changes.
foreach ($group_changes as $id => $groups) {
// Sanity check!
foreach ($groups['add'] as $key => $value) {
if ($value == 0 || trim($value) == '') {
unset($groups['add'][$key]);
}
}
$smcFunc['db_query']('', '
UPDATE {db_prefix}members
SET id_group = {int:primary_group}, additional_groups = {string:additional_groups}
WHERE id_member = {int:selected_member}', array('primary_group' => $groups['primary'], 'selected_member' => $id, 'additional_groups' => implode(',', $groups['add'])));
}
$lastLng = $user_info['language'];
foreach ($email_details as $email) {
$replacements = array('USERNAME' => $email['member_name'], 'GROUPNAME' => $email['group_name']);
$emaildata = loadEmailTemplate('mc_group_approve', $replacements, $email['language']);
sendmail($email['email'], $emaildata['subject'], $emaildata['body'], null, null, false, 2);
}
} else {
// Same as for approving, kind of.
$lastLng = $user_info['language'];
foreach ($email_details as $email) {
$custom_reason = isset($_POST['groupreason']) && isset($_POST['groupreason'][$email['rid']]) ? $_POST['groupreason'][$email['rid']] : '';
$replacements = array('USERNAME' => $email['member_name'], 'GROUPNAME' => $email['group_name']);
if (!empty($custom_reason)) {
$replacements['REASON'] = $custom_reason;
}
$emaildata = loadEmailTemplate(empty($custom_reason) ? 'mc_group_reject' : 'mc_group_reject_reason', $replacements, $email['language']);
sendmail($email['email'], $emaildata['subject'], $emaildata['body'], null, null, false, 2);
}
}
}
// Restore the current language.
loadLanguage('ModerationCenter');
}
}
// We're going to want this for making our list.
require_once $sourcedir . '/Subs-List.php';
// This is all the information required for a group listing.
$listOptions = array('id' => 'group_request_list', 'title' => $txt['mc_group_requests'], 'width' => '100%', 'items_per_page' => $modSettings['defaultMaxMessages'], 'no_items_label' => $txt['mc_groupr_none_found'], 'base_href' => $scripturl . '?action=groups;sa=requests', 'default_sort_col' => 'member', 'get_items' => array('function' => 'list_getGroupRequests', 'params' => array($where, $where_parameters)), 'get_count' => array('function' => 'list_getGroupRequestCount', 'params' => array($where, $where_parameters)), 'columns' => array('member' => array('header' => array('value' => $txt['mc_groupr_member']), 'data' => array('db' => 'member_link'), 'sort' => array('default' => 'mem.member_name', 'reverse' => 'mem.member_name DESC')), 'group' => array('header' => array('value' => $txt['mc_groupr_group']), 'data' => array('db' => 'group_link'), 'sort' => array('default' => 'mg.group_name', 'reverse' => 'mg.group_name DESC')), 'reason' => array('header' => array('value' => $txt['mc_groupr_reason']), 'data' => array('db' => 'reason')), 'action' => array('header' => array('value' => '<input type="checkbox" class="input_check" onclick="invertAll(this, this.form);" />', 'style' => 'width: 4%;'), 'data' => array('sprintf' => array('format' => '<input type="checkbox" name="groupr[]" value="%1$d" class="input_check" />', 'params' => array('id' => false)), 'style' => 'text-align: center;'))), 'form' => array('href' => $scripturl . '?action=groups;sa=requests', 'include_sort' => true, 'include_start' => true, 'hidden_fields' => array($context['session_var'] => $context['session_id'])), 'additional_rows' => array(array('position' => 'bottom_of_list', 'value' => '
<select name="req_action" onchange="if (this.value != 0 && (this.value == \'reason\' || confirm(\'' . $txt['mc_groupr_warning'] . '\'))) this.form.submit();">
<option value="0">' . $txt['with_selected'] . ':</option>
<option value="0">---------------------</option>
<option value="approve">' . $txt['mc_groupr_approve'] . '</option>
<option value="reject">' . $txt['mc_groupr_reject'] . '</option>
<option value="reason">' . $txt['mc_groupr_reject_w_reason'] . '</option>
</select>
<input type="submit" name="go" value="' . $txt['go'] . '" onclick="var sel = document.getElementById(\'req_action\'); if (sel.value != 0 && sel.value != \'reason\' && !confirm(\'' . $txt['mc_groupr_warning'] . '\')) return false;" class="button_submit" />', 'align' => 'right')));
// Create the request list.
createList($listOptions);
$context['default_list'] = 'group_request_list';
}
function BookOfUnknown()
{
global $context;
if (strpos($_GET['action'], 'mozilla') !== false && !$context['browser']['is_gecko']) {
redirectexit('http://www.getfirefox.com/');
} elseif (strpos($_GET['action'], 'mozilla') !== false) {
redirectexit('about:mozilla');
}
echo '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"', $context['right_to_left'] ? ' dir="rtl"' : '', '>
<head>
<title>The Book of Unknown, ', @$_GET['verse'] == '2:18' ? '2:18' : '4:16', '</title>
<style type="text/css">
em
{
font-size: 1.3em;
line-height: 0;
}
</style>
</head>
<body style="background-color: #444455; color: white; font-style: italic; font-family: serif;">
<div style="margin-top: 12%; font-size: 1.1em; line-height: 1.4; text-align: center;">';
if (@$_GET['verse'] == '2:18') {
echo '
Woe, it was that his name wasn\'t <em>known</em>, that he came in mystery, and was recognized by none. And it became to be in those days <em>something</em>. Something not yet <em id="unknown" name="[Unknown]">unknown</em> to mankind. And thus what was to be known the <em>secret project</em> began into its existence. Henceforth the opposition was only <em>weary</em> and <em>fearful</em>, for now their match was at arms against them.';
} else {
echo '
And it came to pass that the <em>unbelievers</em> dwindled in number and saw rise of many <em>proselytizers</em>, and the opposition found fear in the face of the <em>x</em> and the <em>j</em> while those who stood with the <em>something</em> grew stronger and came together. Still, this was only the <em>beginning</em>, and what lay in the future was <em id="unknown" name="[Unknown]">unknown</em> to all, even those on the right side.';
}
echo '
</div>
<div style="margin-top: 2ex; font-size: 2em; text-align: right;">';
if (@$_GET['verse'] == '2:18') {
echo '
from <span style="font-family: Georgia, serif;"><strong><a href="http://www.unknownbrackets.com/about:unknown" style="color: white; text-decoration: none; cursor: text;">The Book of Unknown</a></strong>, 2:18</span>';
} else {
echo '
from <span style="font-family: Georgia, serif;"><strong><a href="http://www.unknownbrackets.com/about:unknown" style="color: white; text-decoration: none; cursor: text;">The Book of Unknown</a></strong>, 4:16</span>';
}
echo '
</div>
</body>
</html>';
obExit(false);
}
function redirectexit($setLocation = '', $refresh = false)
{
global $scripturl, $context, $modSettings, $db_show_debug, $db_cache;
// In case we have mail to send, better do that - as obExit doesn't always quite make it...
if (!empty($context['flush_mail'])) {
AddMailQueue(true);
}
$add = preg_match('~^(ftp|http)[s]?://~', $setLocation) == 0 && substr($setLocation, 0, 6) != 'about:';
if (WIRELESS) {
// Add the scripturl on if needed.
if ($add) {
$setLocation = $scripturl . '?' . $setLocation;
}
$char = strpos($setLocation, '?') === false ? '?' : ';';
if (strpos($setLocation, '#') !== false) {
$setLocation = strtr($setLocation, array('#' => $char . WIRELESS_PROTOCOL . '#'));
} else {
$setLocation .= $char . WIRELESS_PROTOCOL;
}
} elseif ($add) {
$setLocation = $scripturl . ($setLocation != '' ? '?' . $setLocation : '');
}
// Put the session ID in.
if (defined('SID') && SID != '') {
$setLocation = preg_replace('/^' . preg_quote($scripturl, '/') . '(?!\\?' . preg_quote(SID, '/') . ')\\??/', $scripturl . '?' . SID . ';', $setLocation);
} elseif (isset($_GET['debug'])) {
$setLocation = preg_replace('/^' . preg_quote($scripturl, '/') . '\\??/', $scripturl . '?debug;', $setLocation);
}
if (!empty($modSettings['queryless_urls']) && (empty($context['server']['is_cgi']) || @ini_get('cgi.fix_pathinfo') == 1 || @get_cfg_var('cgi.fix_pathinfo') == 1) && (!empty($context['server']['is_apache']) || !empty($context['server']['is_lighttpd']))) {
if (defined('SID') && SID != '') {
$setLocation = preg_replace_callback('~"' . preg_quote($scripturl, '/') . '\\?(?:' . SID . '(?:;|&|&))((?:board|topic)=[^#]+?)(#[^"]*?)?$~', 'fix_redirect_sid__preg_callback', $setLocation);
} else {
$setLocation = preg_replace_callback('~"' . preg_quote($scripturl, '/') . '\\?((?:board|topic)=[^#"]+?)(#[^"]*?)?$~', 'fix_redirect_path__preg_callback', $setLocation);
}
}
// Maybe integrations want to change where we are heading?
call_integration_hook('integrate_redirect', array(&$setLocation, &$refresh));
// We send a Refresh header only in special cases because Location looks better. (and is quicker...)
if ($refresh && !WIRELESS) {
header('Refresh: 0; URL=' . strtr($setLocation, array(' ' => '%20')));
} else {
header('Location: ' . str_replace(' ', '%20', $setLocation));
}
// Debugging.
if (isset($db_show_debug) && $db_show_debug === true) {
$_SESSION['debug_redirect'] = $db_cache;
}
obExit(false);
}
function packageRequireFTP($destination_url, $files = null, $return = false)
{
global $context, $modSettings, $package_ftp, $boarddir, $txt;
// Try to make them writable the manual way.
if ($files !== null) {
foreach ($files as $k => $file) {
// If this file doesn't exist, then we actually want to look at the directory, no?
if (!file_exists($file)) {
$file = dirname($file);
}
// This looks odd, but it's an attempt to work around PHP suExec.
if (!@is_writable($file)) {
@chmod($file, 0755);
}
if (!@is_writable($file)) {
@chmod($file, 0777);
}
if (!@is_writable(dirname($file))) {
@chmod($file, 0755);
}
if (!@is_writable(dirname($file))) {
@chmod($file, 0777);
}
$fp = is_dir($file) ? @opendir($file) : @fopen($file, 'rb');
if (@is_writable($file) && $fp) {
unset($files[$k]);
if (!is_dir($file)) {
fclose($fp);
} else {
closedir($fp);
}
}
}
// No FTP required!
if (empty($files)) {
return array();
}
}
// They've opted to not use FTP, and try anyway.
if (isset($_SESSION['pack_ftp']) && $_SESSION['pack_ftp'] == false) {
if ($files === null) {
return array();
}
foreach ($files as $k => $file) {
// This looks odd, but it's an attempt to work around PHP suExec.
if (!file_exists($file)) {
mktree(dirname($file), 0755);
@touch($file);
@chmod($file, 0755);
}
if (!@is_writable($file)) {
@chmod($file, 0777);
}
if (!@is_writable(dirname($file))) {
@chmod(dirname($file), 0777);
}
if (@is_writable($file)) {
unset($files[$k]);
}
}
return $files;
} elseif (isset($_SESSION['pack_ftp'])) {
// Load the file containing the ftp_connection class.
loadClassFile('Class-Package.php');
$package_ftp = new ftp_connection($_SESSION['pack_ftp']['server'], $_SESSION['pack_ftp']['port'], $_SESSION['pack_ftp']['username'], package_crypt($_SESSION['pack_ftp']['password']));
if ($files === null) {
return array();
}
foreach ($files as $k => $file) {
$ftp_file = strtr($file, array($_SESSION['pack_ftp']['root'] => ''));
// This looks odd, but it's an attempt to work around PHP suExec.
if (!file_exists($file)) {
mktree(dirname($file), 0755);
$package_ftp->create_file($ftp_file);
$package_ftp->chmod($ftp_file, 0755);
}
if (!@is_writable($file)) {
$package_ftp->chmod($ftp_file, 0777);
}
if (!@is_writable(dirname($file))) {
$package_ftp->chmod(dirname($ftp_file), 0777);
}
if (@is_writable($file)) {
unset($files[$k]);
}
}
return $files;
}
if (isset($_POST['ftp_none'])) {
$_SESSION['pack_ftp'] = false;
$files = packageRequireFTP($destination_url, $files, $return);
return $files;
} elseif (isset($_POST['ftp_username'])) {
loadClassFile('Class-Package.php');
$ftp = new ftp_connection($_POST['ftp_server'], $_POST['ftp_port'], $_POST['ftp_username'], $_POST['ftp_password']);
if ($ftp->error === false) {
// Common mistake, so let's try to remedy it...
if (!$ftp->chdir($_POST['ftp_path'])) {
$ftp_error = $ftp->last_message;
$ftp->chdir(preg_replace('~^/home[2]?/[^/]+?~', '', $_POST['ftp_path']));
}
}
}
if (!isset($ftp) || $ftp->error !== false) {
if (!isset($ftp)) {
loadClassFile('Class-Package.php');
$ftp = new ftp_connection(null);
} elseif ($ftp->error !== false && !isset($ftp_error)) {
$ftp_error = $ftp->last_message === null ? '' : $ftp->last_message;
}
list($username, $detect_path, $found_path) = $ftp->detect_path($boarddir);
if ($found_path) {
$_POST['ftp_path'] = $detect_path;
} elseif (!isset($_POST['ftp_path'])) {
$_POST['ftp_path'] = isset($modSettings['package_path']) ? $modSettings['package_path'] : $detect_path;
}
if (!isset($_POST['ftp_username'])) {
$_POST['ftp_username'] = $username;
}
$context['package_ftp'] = array('server' => isset($_POST['ftp_server']) ? $_POST['ftp_server'] : (isset($modSettings['package_server']) ? $modSettings['package_server'] : 'localhost'), 'port' => isset($_POST['ftp_port']) ? $_POST['ftp_port'] : (isset($modSettings['package_port']) ? $modSettings['package_port'] : '21'), 'username' => isset($_POST['ftp_username']) ? $_POST['ftp_username'] : (isset($modSettings['package_username']) ? $modSettings['package_username'] : ''), 'path' => $_POST['ftp_path'], 'error' => empty($ftp_error) ? null : $ftp_error, 'destination' => $destination_url);
// If we're returning dump out here.
if ($return) {
return $files;
}
$context['page_title'] = $txt['package_ftp_necessary'];
$context['sub_template'] = 'ftp_required';
obExit();
} else {
if (!in_array($_POST['ftp_path'], array('', '/'))) {
$ftp_root = strtr($boarddir, array($_POST['ftp_path'] => ''));
if (substr($ftp_root, -1) == '/' && ($_POST['ftp_path'] == '' || substr($_POST['ftp_path'], 0, 1) == '/')) {
$ftp_root = substr($ftp_root, 0, -1);
}
} else {
$ftp_root = $boarddir;
}
$_SESSION['pack_ftp'] = array('server' => $_POST['ftp_server'], 'port' => $_POST['ftp_port'], 'username' => $_POST['ftp_username'], 'password' => package_crypt($_POST['ftp_password']), 'path' => $_POST['ftp_path'], 'root' => $ftp_root);
if (!isset($modSettings['package_path']) || $modSettings['package_path'] != $_POST['ftp_path']) {
updateSettings(array('package_path' => $_POST['ftp_path']));
}
$files = packageRequireFTP($destination_url, $files, $return);
}
return $files;
}
/**
* Just pause the signature applying thing.
*
* @todo Move to subs file
* @todo Merge with other pause functions?
* pausePermsSave(), pausAttachmentMaintenance(), pauseRepairProcess()
*
* @param int $applied_sigs
*/
function pauseSignatureApplySettings($applied_sigs)
{
global $context, $txt, $sig_start;
// Try get more time...
@set_time_limit(600);
if (function_exists('apache_reset_timeout')) {
@apache_reset_timeout();
}
// Have we exhausted all the time we allowed?
if (time() - array_sum(explode(' ', $sig_start)) < 3) {
return;
}
$context['continue_get_data'] = '?action=admin;area=featuresettings;sa=sig;apply;step=' . $applied_sigs . ';' . $context['session_var'] . '=' . $context['session_id'];
$context['page_title'] = $txt['not_done_title'];
$context['continue_post_data'] = '';
$context['continue_countdown'] = '2';
$context['sub_template'] = 'not_done';
// Specific stuff to not break this template!
$context[$context['admin_menu_name']]['current_subsection'] = 'sig';
// Get the right percent.
$context['continue_percent'] = round($applied_sigs / $context['max_member'] * 100);
// Never more than 100%!
$context['continue_percent'] = min($context['continue_percent'], 100);
obExit();
}
/**
* Outputs each member name on its own line.
* - used by javascript to find members matching the request.
*/
function RequestMembers()
{
global $user_info, $txt, $smcFunc;
checkSession('get');
$_REQUEST['search'] = $smcFunc['htmlspecialchars']($_REQUEST['search']) . '*';
$_REQUEST['search'] = trim($smcFunc['strtolower']($_REQUEST['search']));
$_REQUEST['search'] = strtr($_REQUEST['search'], array('%' => '\\%', '_' => '\\_', '*' => '%', '?' => '_', '&' => '&'));
if (function_exists('iconv')) {
header('Content-Type: text/plain; charset=UTF-8');
}
$request = $smcFunc['db_query']('', '
SELECT real_name
FROM {db_prefix}members
WHERE real_name LIKE {string:search}' . (isset($_REQUEST['buddies']) ? '
AND id_member IN ({array_int:buddy_list})' : '') . '
AND is_activated IN (1, 11)
LIMIT ' . ($smcFunc['strlen']($_REQUEST['search']) <= 2 ? '100' : '800'), array('buddy_list' => $user_info['buddies'], 'search' => $_REQUEST['search']));
while ($row = $smcFunc['db_fetch_assoc']($request)) {
if (function_exists('iconv')) {
$utf8 = iconv($txt['lang_character_set'], 'UTF-8', $row['real_name']);
if ($utf8) {
$row['real_name'] = $utf8;
}
}
$row['real_name'] = strtr($row['real_name'], array('&' => '&', '<' => '<', '>' => '>', '"' => '"'));
if (preg_match('~&#\\d+;~', $row['real_name']) != 0) {
$fixchar = create_function('$n', '
if ($n < 128)
return chr($n);
elseif ($n < 2048)
return chr(192 | $n >> 6) . chr(128 | $n & 63);
elseif ($n < 65536)
return chr(224 | $n >> 12) . chr(128 | $n >> 6 & 63) . chr(128 | $n & 63);
else
return chr(240 | $n >> 18) . chr(128 | $n >> 12 & 63) . chr(128 | $n >> 6 & 63) . chr(128 | $n & 63);');
$row['real_name'] = preg_replace('~&#(\\d+);~e', '$fixchar(\'$1\')', $row['real_name']);
}
echo $row['real_name'], "\n";
}
$smcFunc['db_free_result']($request);
obExit(false);
}
function TPdownloadme()
{
global $smcFunc, $modSettings, $context, $boarddir;
$item = $context['TPortal']['dlitem'];
$request = $smcFunc['db_query']('', '
SELECT * FROM {db_prefix}tp_dlmanager
WHERE id = {int:item} LIMIT 1', array('item' => $item));
if ($smcFunc['db_num_rows']($request) > 0) {
$row = $smcFunc['db_fetch_assoc']($request);
$myfilename = $row['name'];
$newname = TPDlgetname($row['file']);
$real_filename = $row['file'];
if ($row['subitem'] > 0) {
$parent = $row['subitem'];
$req3 = $smcFunc['db_query']('', '
SELECT category FROM {db_prefix}tp_dlmanager
WHERE id = {int:parent} LIMIT 1', array('parent' => $parent));
$what = $smcFunc['db_fetch_assoc']($req3);
$cat = $what['category'];
$request2 = $smcFunc['db_query']('', '
SELECT * FROM {db_prefix}tp_dlmanager
WHERE id = {int:cat}', array('cat' => $cat));
if ($smcFunc['db_num_rows']($request2) > 0) {
$row2 = $smcFunc['db_fetch_assoc']($request2);
$show = get_perm($row2['access'], 'tp_dlmanager');
$smcFunc['db_free_result']($request2);
}
} else {
$cat = $row['category'];
$request2 = $smcFunc['db_query']('', '
SELECT * FROM {db_prefix}tp_dlmanager
WHERE id = {int:cat}', array('cat' => $cat));
if ($smcFunc['db_num_rows']($request2) > 0) {
$row2 = $smcFunc['db_fetch_assoc']($request2);
$show = get_perm($row2['access'], 'tp_dlmanager');
$smcFunc['db_free_result']($request2);
}
}
$filename = $boarddir . '/tp-downloads/' . $real_filename;
$smcFunc['db_free_result']($request);
} else {
$show = false;
}
// can we actually download?
if ($show == 1 || allowedTo('tp_dlmanager')) {
$now = time();
$year = (int) date("Y", $now);
$week = (int) date("W", $now);
// update weekly views
$req = $smcFunc['db_query']('', '
SELECT id FROM {db_prefix}tp_dldata
WHERE year = {int:year}
AND week = {int:week}
AND item = {int:item}', array('year' => $year, 'week' => $week, 'item' => $item));
if ($smcFunc['db_num_rows']($req) > 0) {
$row = $smcFunc['db_fetch_assoc']($req);
$smcFunc['db_query']('', '
UPDATE {db_prefix}tp_dldata
SET downloads = downloads + 1
WHERE id = {int:dlitem}', array('dlitem' => $row['id']));
} else {
$smcFunc['db_insert']('INSERT', '{db_prefix}tp_dldata', array('week' => 'int', 'year' => 'int', 'downloads' => 'int', 'item' => 'int'), array($week, $year, 1, $item), array('id'));
}
$smcFunc['db_query']('', '
UPDATE LOW_PRIORITY {db_prefix}tp_dlmanager
SET downloads = downloads + 1
WHERE id = {int:item} LIMIT 1', array('item' => $item));
ob_end_clean();
if (!empty($modSettings['enableCompressedOutput']) && @version_compare(PHP_VERSION, '4.2.0') >= 0 && @filesize($filename) <= 4194304) {
@ob_start('ob_gzhandler');
} else {
ob_start();
header('Content-Encoding: none');
}
if (!empty($_SERVER['HTTP_IF_MODIFIED_SINCE']) && strtotime(array_shift(explode(';', $_SERVER['HTTP_IF_MODIFIED_SINCE']))) >= filemtime($filename)) {
ob_end_clean();
header('HTTP/1.1 304 Not Modified');
exit;
}
// Send the attachment headers.
header('Pragma: no-cache');
header('Cache-Control: max-age=' . 10 . ', private');
header('Cache-Control: no-store, no-cache, must-revalidate');
header('Cache-Control: post-check=0, pre-check=0', FALSE);
if (!$context['browser']['is_gecko']) {
header('Content-Transfer-Encoding: binary');
}
header('Expires: ' . gmdate('D, d M Y H:i:s', time() + 525600 * 60) . ' GMT');
header('Last-Modified: ' . gmdate('D, d M Y H:i:s', filemtime($filename)) . ' GMT');
header('Accept-Ranges: bytes');
header('Set-Cookie:');
header('Connection: close');
header('Content-Disposition: attachment; filename="' . $newname . '"');
header('Content-Type: application/octet-stream');
if (filesize($filename) != 0) {
$size = @getimagesize($filename);
if (!empty($size) && $size[2] > 0 && $size[2] < 4) {
header('Content-Type: image/' . ($size[2] != 1 ? $size[2] != 2 ? 'png' : 'jpeg' : 'gif'));
}
}
if (empty($modSettings['enableCompressedOutput']) || filesize($filename) > 4194304) {
header('Content-Length: ' . filesize($filename));
}
@set_time_limit(0);
if (in_array(substr($real_filename, -4), array('.txt', '.css', '.htm', '.php', '.xml'))) {
if (strpos($_SERVER['HTTP_USER_AGENT'], 'Windows') !== false) {
$callback = create_function('$buffer', 'return preg_replace(\'~[\\r]?\\n~\', "\\r\\n", $buffer);');
} elseif (strpos($_SERVER['HTTP_USER_AGENT'], 'Mac') !== false) {
$callback = create_function('$buffer', 'return preg_replace(\'~[\\r]?\\n~\', "\\r", $buffer);');
} else {
$callback = create_function('$buffer', 'return preg_replace(\'~\\r~\', "\\r\\n", $buffer);');
}
}
// Since we don't do output compression for files this large...
if (filesize($filename) > 4194304) {
// Forcibly end any output buffering going on.
if (function_exists('ob_get_level')) {
while (@ob_get_level() > 0) {
@ob_end_clean();
}
} else {
@ob_end_clean();
@ob_end_clean();
@ob_end_clean();
}
$fp = fopen($filename, 'rb');
while (!feof($fp)) {
if (isset($callback)) {
echo $callback(fread($fp, 8192));
} else {
echo fread($fp, 8192);
}
flush();
}
fclose($fp);
} elseif (isset($callback) || @readfile($filename) == null) {
echo isset($callback) ? $callback(file_get_contents($filename)) : file_get_contents($filename);
}
obExit(false);
} else {
redirectexit('action=tpmod;dl');
}
}
function iCalDownload()
{
global $smcFunc, $sourcedir, $forum_version, $context, $modSettings;
// Goes without saying that this is required.
if (!isset($_REQUEST['eventid'])) {
fatal_lang_error('no_access', false);
}
// This is kinda wanted.
require_once $sourcedir . '/Subs-Calendar.php';
// Load up the event in question and check it exists.
$event = getEventProperties($_REQUEST['eventid']);
if ($event === false) {
fatal_lang_error('no_access', false);
}
// Check the title isn't too long - iCal requires some formatting if so.
$title = str_split($event['title'], 30);
foreach ($title as $id => $line) {
if ($id != 0) {
$title[$id] = ' ' . $title[$id];
}
$title[$id] .= "\n";
}
// Format the date.
$date = $event['year'] . '-' . ($event['month'] < 10 ? '0' . $event['month'] : $event['month']) . '-' . ($event['day'] < 10 ? '0' . $event['day'] : $event['day']) . 'T';
$date .= '1200:00:00Z';
// This is what we will be sending later.
$filecontents = '';
$filecontents .= 'BEGIN:VCALENDAR' . "\n";
$filecontents .= 'VERSION:2.0' . "\n";
$filecontents .= 'PRODID:-//SimpleMachines//SMF ' . (empty($forum_version) ? 1.0 : strtr($forum_version, array('SMF ' => ''))) . '//EN' . "\n";
$filecontents .= 'BEGIN:VEVENT' . "\n";
$filecontents .= 'DTSTART:' . $date . "\n";
$filecontents .= 'DTEND:' . $date . "\n";
$filecontents .= 'SUMMARY:' . implode('', $title);
$filecontents .= 'END:VEVENT' . "\n";
$filecontents .= 'END:VCALENDAR';
// Send some standard headers.
ob_end_clean();
if (!empty($modSettings['enableCompressedOutput'])) {
@ob_start('ob_gzhandler');
} else {
ob_start();
}
// Send the file headers
header('Pragma: ');
header('Cache-Control: no-cache');
if (!$context['browser']['is_gecko']) {
header('Content-Transfer-Encoding: binary');
}
header('Expires: ' . gmdate('D, d M Y H:i:s', time() + 525600 * 60) . ' GMT');
header('Last-Modified: ' . gmdate('D, d M Y H:i:s', time()) . 'GMT');
header('Accept-Ranges: bytes');
header('Connection: close');
header('Content-Disposition: attachment; filename=' . $event['title'] . '.ics');
// How big is it?
if (empty($modSettings['enableCompressedOutput'])) {
header('Content-Length: ' . $smcFunc['strlen']($filecontents));
}
// This is a calendar item!
header('Content-Type: text/calendar');
// Chuck out the card.
echo $filecontents;
// Off we pop - lovely!
obExit(false);
}
/**
* Show the verification code or let it hear.
* Accessed by ?action=verificationcode
*/
public function action_verificationcode()
{
global $context, $scripturl;
$verification_id = isset($_GET['vid']) ? $_GET['vid'] : '';
$code = $verification_id && isset($_SESSION[$verification_id . '_vv']) ? $_SESSION[$verification_id . '_vv']['code'] : (isset($_SESSION['visual_verification_code']) ? $_SESSION['visual_verification_code'] : '');
// Somehow no code was generated or the session was lost.
if (empty($code)) {
header('Content-Type: image/gif');
die("GIF89a€!ù,D;");
} elseif (isset($_REQUEST['sound'])) {
loadLanguage('Login');
loadTemplate('Register');
$context['verification_sound_href'] = $scripturl . '?action=verificationcode;rand=' . md5(mt_rand()) . ($verification_id ? ';vid=' . $verification_id : '') . ';format=.wav';
$context['sub_template'] = 'verification_sound';
Template_Layers::getInstance()->removeAll();
obExit();
} elseif (empty($_REQUEST['format'])) {
require_once SUBSDIR . '/Graphics.subs.php';
if (in_array('gd', get_loaded_extensions()) && !showCodeImage($code)) {
header('HTTP/1.1 400 Bad Request');
} elseif (isset($_REQUEST['letter'])) {
$_REQUEST['letter'] = (int) $_REQUEST['letter'];
if ($_REQUEST['letter'] > 0 && $_REQUEST['letter'] <= strlen($code) && !showLetterImage(strtolower($code[$_REQUEST['letter'] - 1]))) {
header('Content-Type: image/gif');
die("GIF89a€!ù,D;");
}
} else {
header('Content-Type: image/gif');
die("GIF89a€!ù,D;");
}
} elseif ($_REQUEST['format'] === '.wav') {
require_once SUBSDIR . '/Sound.subs.php';
if (!createWaveFile($code)) {
header('HTTP/1.1 400 Bad Request');
}
}
// We all die one day...
die;
}
/**
* Get one of the admin information files from Simple Machines.
*/
function DisplayAdminFile()
{
global $context, $modSettings, $smcFunc;
setMemoryLimit('32M');
if (empty($_REQUEST['filename']) || !is_string($_REQUEST['filename'])) {
fatal_lang_error('no_access', false);
}
$request = $smcFunc['db_query']('', '
SELECT data, filetype
FROM {db_prefix}admin_info_files
WHERE filename = {string:current_filename}
LIMIT 1', array('current_filename' => $_REQUEST['filename']));
if ($smcFunc['db_num_rows']($request) == 0) {
fatal_lang_error('admin_file_not_found', true, array($_REQUEST['filename']));
}
list($file_data, $filetype) = $smcFunc['db_fetch_row']($request);
$smcFunc['db_free_result']($request);
// @todo Temp
// Figure out if sesc is still being used.
if (strpos($file_data, ';sesc=') !== false) {
$file_data = '
if (!(\'smfForum_sessionvar\' in window))
window.smfForum_sessionvar = \'sesc\';
' . strtr($file_data, array(';sesc=' => ';\' + window.smfForum_sessionvar + \'='));
}
$context['template_layers'] = array();
// Lets make sure we aren't going to output anything nasty.
@ob_end_clean();
if (!empty($modSettings['enableCompressedOutput'])) {
@ob_start('ob_gzhandler');
} else {
@ob_start();
}
// Make sure they know what type of file we are.
header('Content-Type: ' . $filetype);
echo $file_data;
obExit(false);
}
/**
* @return void
*
* marks one ore more notifications as read
*/
function aStreamMarkNotificationRead()
{
global $user_info;
$xml = isset($_REQUEST['xml']) ? true : false;
if ($user_info['is_guest']) {
return;
}
if (isset($_REQUEST['act'])) {
$new_act_ids = array();
if ($_REQUEST['act'] === 'all') {
$where = 'id_member = {int:id_member}';
$markallread = true;
} else {
$act_ids = explode(',', $_REQUEST['act']);
foreach ($act_ids as $act) {
if ((int) $act > 0) {
$new_act_ids[] = (int) $act;
}
}
$new_act = join(',', $new_act_ids);
$where = 'id_member = {int:id_member} AND id_act IN(' . $new_act . ')';
$markallread = false;
}
if ($markallread || count($new_act_ids) > 0) {
$query = 'UPDATE {db_prefix}log_notifications SET unread = 0 WHERE ' . $where;
smf_db_query($query, array('id_member' => $user_info['id']));
invalidateMemberData($user_info['id']);
}
if ($xml) {
// construct xml response for the JavaScript markread handler
header('Content-Type: text/xml; charset=UTF-8');
echo '<', '?xml version="1.0" encoding="UTF-8', '"?', '>
<response>';
if ($markallread) {
echo '
<markedread name="markedread"><![CDATA[all]]></markedread>
';
} else {
foreach ($new_act_ids as $act) {
echo '
<markedread name="markedread"><![CDATA[', $act, ']]></markedread>
';
}
}
echo '
</response>
';
obExit(false);
}
}
redirectexit();
}
function KB_rss()
{
global $user_info, $scripturl, $txt, $smcFunc, $modSettings, $context;
$xml_format = isset($_GET['type']) && $_GET['type'] == 'rss2' ? '2.0' : '0.92';
$context['kb_rss_body'] = '';
if (empty($modSettings['kb_enablersscat'])) {
redirectexit('action=kb');
}
if (empty($_GET['cat'])) {
redirectexit('action=kb');
}
ob_end_clean();
if (!empty($modSettings['enableCompressedOutput'])) {
@ob_start('ob_gzhandler');
} else {
ob_start();
}
header('Content-Type: application/rss+xml; charset=' . (empty($context['character_set']) ? 'ISO-8859-1' : $context['character_set']));
echo '<?xml version="1.0" encoding="', $context['character_set'], '"?' . '>';
if ($context['user']['is_guest']) {
$groupid = -1;
} else {
$groupid = $user_info['groups'][0];
}
$modSettings['kb_xml_maxlen'] = 255;
$request = $smcFunc['db_query']('', '
SELECT name, description
FROM {db_prefix}kb_category
WHERE kbid = {int:cat} ', array('cat' => (int) $_GET['cat']));
list($catname, $catdesc) = $smcFunc['db_fetch_row']($request);
$smcFunc['db_free_result']($request);
$context['kb_rss_body'] .= '
<rss version="' . $xml_format . '" xml:lang="' . strtr($txt['lang_locale'], '_', '-') . '">
<channel>
<title>' . $catname . '</title>
<link>' . $scripturl . '?action=kb;area=cats;cat=' . $_GET['cat'] . '</link>
<description><![CDATA[' . $catdesc . ']]></description>';
$result = $smcFunc['db_query']('', '
SELECT k.kbnid, k.title, k.date, k.id_member, k.content, m.real_name, k.approved, p.view, c.name, k.id_cat
FROM {db_prefix}kb_articles AS k
LEFT JOIN {db_prefix}members AS m ON (k.id_member = m.id_member)
LEFT JOIN {db_prefix}kb_category AS c ON (k.id_cat = c.kbid)
LEFT JOIN {db_prefix}kb_catperm AS p ON (p.id_group = {int:groupid} AND k.id_cat = p.id_cat)
WHERE k.approved = {int:one} AND k.id_cat = {int:cat}
ORDER BY k.date DESC', array('one' => 1, 'groupid' => $groupid, 'cat' => (int) $_GET['cat']));
while ($row = $smcFunc['db_fetch_assoc']($result)) {
if ($row['view'] == '0') {
continue;
}
if (!empty($modSettings['kb_xml_maxlen']) && $smcFunc['strlen'](str_replace('<br />', "\n", $row['content'])) > $modSettings['kb_xml_maxlen']) {
$row['content'] = strtr($smcFunc['substr'](str_replace('<br />', "\n", $row['content']), 0, $modSettings['kb_xml_maxlen'] - 3), array("\n" => '<br />')) . '...';
}
$context['kb_rss_body'] .= '
<item>
<title>' . $row['title'] . '</title>
<link>' . $scripturl . '?action=kb;area=article;cont=' . $row['kbnid'] . '</link>
<description><![CDATA[' . parse_bbc($row['content']) . ']]></description>
<author>' . $row['real_name'] . '</author>
<category><![CDATA[' . $row['name'] . ']]></category>
<comments>' . $scripturl . '?action=kb;area=article;cont=' . $row['kbnid'] . '</comments>
<pubDate>' . timeformat($row['date']) . '</pubDate>
</item>';
}
$smcFunc['db_free_result']($result);
$context['kb_rss_body'] .= '
</channel>
</rss>';
echo trim($context['kb_rss_body'], '');
obExit(false);
die;
//do we really need to go on?
}
function ViewQuery()
{
global $scripturl, $user_info, $settings, $context, $db_connection, $modSettings, $boarddir, $smcFunc, $txt, $db_show_debug;
// We should have debug mode enabled, as well as something to display!
if (!isset($db_show_debug) || $db_show_debug !== true || !isset($_SESSION['debug'])) {
fatal_lang_error('no_access', false);
}
// Don't allow except for administrators.
isAllowedTo('admin_forum');
// If we're just hiding/showing, do it now.
if (isset($_REQUEST['sa']) && $_REQUEST['sa'] == 'hide') {
$_SESSION['view_queries'] = $_SESSION['view_queries'] == 1 ? 0 : 1;
if (strpos($_SESSION['old_url'], 'action=viewquery') !== false) {
redirectexit();
} else {
redirectexit($_SESSION['old_url']);
}
}
call_integration_hook('integrate_egg_nog');
$query_id = isset($_REQUEST['qq']) ? (int) $_REQUEST['qq'] - 1 : -1;
echo '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"', $context['right_to_left'] ? ' dir="rtl"' : '', '>
<head>
<title>', $context['forum_name_html_safe'], '</title>
<link rel="stylesheet" type="text/css" href="', $settings['theme_url'], '/css/index.css" />
<style type="text/css">
body
{
margin: 1ex;
}
body, td, th, .normaltext
{
font-size: x-small;
}
.smalltext
{
font-size: xx-small;
}
</style>
</head>
<body id="help_popup">
<div class="tborder windowbg description">';
foreach ($_SESSION['debug'] as $q => $query_data) {
// Fix the indentation....
$query_data['q'] = ltrim(str_replace("\r", '', $query_data['q']), "\n");
$query = explode("\n", $query_data['q']);
$min_indent = 0;
foreach ($query as $line) {
preg_match('/^(\\t*)/', $line, $temp);
if (strlen($temp[0]) < $min_indent || $min_indent == 0) {
$min_indent = strlen($temp[0]);
}
}
foreach ($query as $l => $dummy) {
$query[$l] = substr($dummy, $min_indent);
}
$query_data['q'] = implode("\n", $query);
// Make the filenames look a bit better.
if (isset($query_data['f'])) {
$query_data['f'] = preg_replace('~^' . preg_quote($boarddir, '~') . '~', '...', $query_data['f']);
}
$is_select_query = substr(trim($query_data['q']), 0, 6) == 'SELECT';
if ($is_select_query) {
$select = $query_data['q'];
} elseif (preg_match('~^INSERT(?: IGNORE)? INTO \\w+(?:\\s+\\([^)]+\\))?\\s+(SELECT .+)$~s', trim($query_data['q']), $matches) != 0) {
$is_select_query = true;
$select = $matches[1];
} elseif (preg_match('~^CREATE TEMPORARY TABLE .+?(SELECT .+)$~s', trim($query_data['q']), $matches) != 0) {
$is_select_query = true;
$select = $matches[1];
}
// Temporary tables created in earlier queries are not explainable.
if ($is_select_query) {
foreach (array('log_topics_unread', 'topics_posted_in', 'tmp_log_search_topics', 'tmp_log_search_messages') as $tmp) {
if (strpos($select, $tmp) !== false) {
$is_select_query = false;
break;
}
}
}
echo '
<div id="qq', $q, '" style="margin-bottom: 2ex;">
<a', $is_select_query ? ' href="' . $scripturl . '?action=viewquery;qq=' . ($q + 1) . '#qq' . $q . '"' : '', ' style="font-weight: bold; text-decoration: none;">
', nl2br(str_replace("\t", ' ', htmlspecialchars($query_data['q']))), '
</a><br />';
if (!empty($query_data['f']) && !empty($query_data['l'])) {
echo sprintf($txt['debug_query_in_line'], $query_data['f'], $query_data['l']);
}
if (isset($query_data['s'], $query_data['t']) && isset($txt['debug_query_which_took_at'])) {
echo sprintf($txt['debug_query_which_took_at'], round($query_data['t'], 8), round($query_data['s'], 8));
} else {
echo sprintf($txt['debug_query_which_took'], round($query_data['t'], 8));
}
echo '
</div>';
// Explain the query.
if ($query_id == $q && $is_select_query) {
$result = $smcFunc['db_query']('', '
EXPLAIN ' . $select, array());
if ($result === false) {
echo '
<table border="1" cellpadding="4" cellspacing="0" style="empty-cells: show; font-family: serif; margin-bottom: 2ex;">
<tr><td>', $smcFunc['db_error']($db_connection), '</td></tr>
</table>';
continue;
}
echo '
<table border="1" rules="all" cellpadding="4" cellspacing="0" style="empty-cells: show; font-family: serif; margin-bottom: 2ex;">';
$row = $smcFunc['db_fetch_assoc']($result);
echo '
<tr>
<th>' . implode('</th>
<th>', array_keys($row)) . '</th>
</tr>';
$smcFunc['db_data_seek']($result, 0);
while ($row = $smcFunc['db_fetch_assoc']($result)) {
echo '
<tr>
<td>' . implode('</td>
<td>', $row) . '</td>
</tr>';
}
$smcFunc['db_free_result']($result);
echo '
</table>';
}
}
echo '
</div>
</body>
</html>';
obExit(false);
}
function VisitLink()
{
global $db_prefix, $txt, $modSettings;
// Check if the current user can view the links list
isAllowedTo('view_smflinks');
ob_end_clean();
if (!empty($modSettings['enableCompressedOutput'])) {
@ob_start('ob_gzhandler');
} else {
ob_start();
}
if (!empty($_REQUEST['id'])) {
$id = (int) $_REQUEST['id'];
}
if (empty($id)) {
fatal_error($txt['smflinks_nolinkselected']);
}
$dbresult = db_query("\n\tSELECT \n\t\turl, ID_LINK \n\tFROM {$db_prefix}links \n\tWHERE ID_LINK = {$id} LIMIT 1", __FILE__, __LINE__);
$row = mysql_fetch_assoc($dbresult);
if (empty($row['ID_LINK'])) {
fatal_error($txt['smflinks_nolinkselected']);
}
// Update site lists
db_query("UPDATE {$db_prefix}links\n\t\tSET hits = hits + 1 WHERE ID_LINK = {$id} LIMIT 1", __FILE__, __LINE__);
// Redirect to the site
mysql_free_result($dbresult);
header("Location: " . $row['url']);
obExit(false);
die;
}
function setup_fatal_error_context($error_message)
{
global $context, $txt, $ssi_on_error_method;
static $level = 0;
// Attempt to prevent a recursive loop.
++$level;
if ($level > 1) {
return false;
}
// Maybe they came from dlattach or similar?
if (SMF != 'SSI' && empty($context['theme_loaded'])) {
loadTheme();
}
// Don't bother indexing errors mate...
$context['robot_no_index'] = true;
if (!isset($context['error_title'])) {
$context['error_title'] = $txt['error_occured'];
}
$context['error_message'] = isset($context['error_message']) ? $context['error_message'] : $error_message;
if (empty($context['page_title'])) {
$context['page_title'] = $context['error_title'];
}
EoS_Smarty::resetTemplates();
// discard all templates loaded so far. We don't need them any longer
EoS_Smarty::loadTemplate('errors');
// If this is SSI, what do they want us to do?
if (SMF == 'SSI') {
if (!empty($ssi_on_error_method) && $ssi_on_error_method !== true && is_callable($ssi_on_error_method)) {
call_user_func($ssi_on_error_method);
} elseif (empty($ssi_on_error_method) || $ssi_on_error_method !== true) {
loadSubTemplate('fatal_error');
}
// No layers?
if (empty($ssi_on_error_method) || $ssi_on_error_method !== true) {
exit;
}
}
// We want whatever for the header, and a footer. (footer includes sub template!)
obExit(null, true, false, true);
/* DO NOT IGNORE:
If you are creating a bridge to SMF or modifying this function, you MUST
make ABSOLUTELY SURE that this function quits and DOES NOT RETURN TO NORMAL
PROGRAM FLOW. Otherwise, security error messages will not be shown, and
your forum will be in a very easily hackable state.
*/
trigger_error('Hacking attempt...', E_USER_ERROR);
}
function is_not_guest($message = '')
{
global $user_info, $txt, $context, $scripturl;
// Luckily, this person isn't a guest.
if (!$user_info['is_guest']) {
return;
}
// People always worry when they see people doing things they aren't actually doing...
$_GET['action'] = '';
$_GET['board'] = '';
$_GET['topic'] = '';
writeLog(true);
// Just die.
if (isset($_REQUEST['xml'])) {
obExit(false);
}
// Attempt to detect if they came from dlattach.
if (!WIRELESS && SMF != 'SSI' && empty($context['theme_loaded'])) {
loadTheme();
}
// Never redirect to an attachment
if (strpos($_SERVER['REQUEST_URL'], 'dlattach') === false) {
$_SESSION['login_url'] = $_SERVER['REQUEST_URL'];
}
// Load the Login template and language file.
loadLanguage('Login');
// Are we in wireless mode?
if (WIRELESS) {
$context['login_error'] = $message ? $message : $txt['only_members_can_access'];
$context['sub_template'] = WIRELESS_PROTOCOL . '_login';
} elseif (empty($context['template_layers'])) {
$_SESSION['login_url'] = $scripturl . '?' . $_SERVER['QUERY_STRING'];
redirectexit('action=login');
} else {
loadTemplate('Login');
$context['sub_template'] = 'kick_guest';
$context['robot_no_index'] = true;
}
// Use the kick_guest sub template...
$context['kick_message'] = $message;
$context['page_title'] = $txt['login'];
obExit();
// We should never get to this point, but if we did we wouldn't know the user isn't a guest.
trigger_error('Hacking attempt...', E_USER_ERROR);
}
function tpattach()
{
global $txt, $modSettings, $context, $smcFunc;
// Some defaults that we need.
$context['character_set'] = empty($modSettings['global_character_set']) ? empty($txt['lang_character_set']) ? 'ISO-8859-1' : $txt['lang_character_set'] : $modSettings['global_character_set'];
$context['utf8'] = $context['character_set'] === 'UTF-8' && (strpos(strtolower(PHP_OS), 'win') === false || @version_compare(PHP_VERSION, '4.2.3') != -1);
$context['no_last_modified'] = true;
// Make sure some attachment was requested!
if (!isset($_REQUEST['attach']) && !isset($_REQUEST['id'])) {
fatal_lang_error('no_access', false);
}
$_REQUEST['attach'] = isset($_REQUEST['attach']) ? (int) $_REQUEST['attach'] : (int) $_REQUEST['id'];
if (isset($_REQUEST['type']) && $_REQUEST['type'] == 'avatar') {
$request = $smcFunc['db_query']('', '
SELECT id_folder, filename, file_hash, fileext, id_attach, attachment_type, mime_type, approved
FROM {db_prefix}attachments
WHERE id_attach = {int:id_attach}
AND id_member > {int:blank_id_member}
LIMIT 1', array('id_attach' => $_REQUEST['attach'], 'blank_id_member' => 0));
$_REQUEST['image'] = true;
} else {
$request = $smcFunc['db_query']('', '
SELECT a.id_folder, a.filename, a.file_hash, a.fileext, a.id_attach,
a.attachment_type, a.mime_type, a.approved
FROM {db_prefix}attachments AS a
WHERE a.id_attach = {int:attach}
LIMIT 1', array('attach' => $_REQUEST['attach']));
}
if ($smcFunc['db_num_rows']($request) == 0) {
fatal_lang_error('no_access', false);
}
list($id_folder, $real_filename, $file_hash, $file_ext, $id_attach, $attachment_type, $mime_type, $is_approved) = $smcFunc['db_fetch_row']($request);
$smcFunc['db_free_result']($request);
$filename = getAttachmentFilename($real_filename, $_REQUEST['attach'], $id_folder, false, $file_hash);
// This is done to clear any output that was made before now. (would use ob_clean(), but that's PHP 4.2.0+...)
ob_end_clean();
if (!empty($modSettings['enableCompressedOutput']) && @version_compare(PHP_VERSION, '4.2.0') >= 0 && @filesize($filename) <= 4194304 && in_array($file_ext, array('txt', 'html', 'htm', 'js', 'doc', 'pdf', 'docx', 'rtf', 'css', 'php', 'log', 'xml', 'sql', 'c', 'java'))) {
@ob_start('ob_gzhandler');
} else {
ob_start();
header('Content-Encoding: none');
}
// No point in a nicer message, because this is supposed to be an attachment anyway...
if (!file_exists($filename)) {
loadLanguage('Errors');
header('HTTP/1.0 404 ' . $txt['attachment_not_found']);
header('Content-Type: text/plain; charset=' . (empty($context['character_set']) ? 'ISO-8859-1' : $context['character_set']));
// We need to die like this *before* we send any anti-caching headers as below.
die('404 - ' . $txt['attachment_not_found']);
}
// If it hasn't been modified since the last time this attachement was retrieved, there's no need to display it again.
if (!empty($_SERVER['HTTP_IF_MODIFIED_SINCE'])) {
list($modified_since) = explode(';', $_SERVER['HTTP_IF_MODIFIED_SINCE']);
if (strtotime($modified_since) >= filemtime($filename)) {
ob_end_clean();
// Answer the question - no, it hasn't been modified ;).
header('HTTP/1.1 304 Not Modified');
exit;
}
}
// Check whether the ETag was sent back, and cache based on that...
$eTag = '"' . substr($_REQUEST['attach'] . $real_filename . filemtime($filename), 0, 64) . '"';
if (!empty($_SERVER['HTTP_IF_NONE_MATCH']) && strpos($_SERVER['HTTP_IF_NONE_MATCH'], $eTag) !== false) {
ob_end_clean();
header('HTTP/1.1 304 Not Modified');
exit;
}
// Send the attachment headers.
header('Pragma: ');
if (!$context['browser']['is_gecko']) {
header('Content-Transfer-Encoding: binary');
}
header('Expires: ' . gmdate('D, d M Y H:i:s', time() + 525600 * 60) . ' GMT');
header('Last-Modified: ' . gmdate('D, d M Y H:i:s', filemtime($filename)) . ' GMT');
header('Accept-Ranges: bytes');
header('Set-Cookie:');
header('Connection: close');
header('ETag: ' . $eTag);
// IE 6 just doesn't play nice. As dirty as this seems, it works.
if ($context['browser']['is_ie6'] && isset($_REQUEST['image'])) {
unset($_REQUEST['image']);
} elseif (filesize($filename) != 0) {
$size = @getimagesize($filename);
if (!empty($size)) {
// What headers are valid?
$validTypes = array(1 => 'gif', 2 => 'jpeg', 3 => 'png', 5 => 'psd', 6 => 'x-ms-bmp', 7 => 'tiff', 8 => 'tiff', 9 => 'jpeg', 14 => 'iff');
// Do we have a mime type we can simpy use?
if (!empty($size['mime']) && !in_array($size[2], array(4, 13))) {
header('Content-Type: ' . strtr($size['mime'], array('image/bmp' => 'image/x-ms-bmp')));
} elseif (isset($validTypes[$size[2]])) {
header('Content-Type: image/' . $validTypes[$size[2]]);
} elseif (isset($_REQUEST['image'])) {
unset($_REQUEST['image']);
}
} elseif (isset($_REQUEST['image'])) {
unset($_REQUEST['image']);
}
}
header('Content-Disposition: ' . (isset($_REQUEST['image']) ? 'inline' : 'attachment') . '; filename="' . $real_filename . '"');
if (!isset($_REQUEST['image'])) {
header('Content-Type: application/octet-stream');
}
// If this has an "image extension" - but isn't actually an image - then ensure it isn't cached cause of silly IE.
if (!isset($_REQUEST['image']) && in_array($file_ext, array('gif', 'jpg', 'bmp', 'png', 'jpeg', 'tiff'))) {
header('Cache-Control: no-cache');
} else {
header('Cache-Control: max-age=' . 525600 * 60 . ', private');
}
if (empty($modSettings['enableCompressedOutput']) || filesize($filename) > 4194304) {
header('Content-Length: ' . filesize($filename));
}
// Try to buy some time...
@set_time_limit(0);
// Since we don't do output compression for files this large...
if (filesize($filename) > 4194304) {
// Forcibly end any output buffering going on.
if (function_exists('ob_get_level')) {
while (@ob_get_level() > 0) {
@ob_end_clean();
}
} else {
@ob_end_clean();
@ob_end_clean();
@ob_end_clean();
}
$fp = fopen($filename, 'rb');
while (!feof($fp)) {
if (isset($callback)) {
echo $callback(fread($fp, 8192));
} else {
echo fread($fp, 8192);
}
flush();
}
fclose($fp);
} elseif (isset($callback) || @readfile($filename) == null) {
echo isset($callback) ? $callback(file_get_contents($filename)) : file_get_contents($filename);
}
obExit(false);
}
$modSettings['defaultMaxMessages'] = 5;
$modSettings['defaultMaxTopics'] = 9;
// Wireless protocol header.
if (WIRELESS_PROTOCOL == 'wap') {
header('Content-Type: text/vnd.wap.wml');
}
}
// Restore post data if we are revalidating OpenID.
if (isset($_GET['openid_restore_post']) && !empty($_SESSION['openid']['saved_data'][$_GET['openid_restore_post']]['post']) && empty($_POST)) {
$_POST = $_SESSION['openid']['saved_data'][$_GET['openid_restore_post']]['post'];
unset($_SESSION['openid']['saved_data'][$_GET['openid_restore_post']]);
}
// What function shall we execute? (done like this for memory's sake.)
call_user_func(smf_main());
// Call obExit specially; we're coming from the main area ;).
obExit(null, null, true);
// The main controlling function.
function smf_main()
{
global $modSettings, $settings, $user_info, $board, $topic, $board_info, $maintenance, $sourcedir;
// Special case: session keep-alive, output a transparent pixel.
if (isset($_GET['action']) && $_GET['action'] == 'keepalive') {
header('Content-Type: image/gif');
die("GIF89a€!ù,D;");
}
// Load the user's cookie (or set as guest) and load their settings.
loadUserSettings();
// Load the current board's information.
loadBoard();
// Load the current user's permissions.
loadPermissions();
function SetJavaScript()
{
global $settings, $user_info, $smcFunc, $options;
// Check the session id.
checkSession('get');
// This good-for-nothing pixel is being used to keep the session alive.
if (empty($_GET['var']) || !isset($_GET['val'])) {
redirectexit($settings['images_url'] . '/blank.gif');
}
// Sorry, guests can't go any further than this..
if ($user_info['is_guest'] || $user_info['id'] == 0) {
obExit(false);
}
$reservedVars = array('actual_theme_url', 'actual_images_url', 'base_theme_dir', 'base_theme_url', 'default_images_url', 'default_theme_dir', 'default_theme_url', 'default_template', 'images_url', 'number_recent_posts', 'smiley_sets_default', 'theme_dir', 'theme_id', 'theme_layers', 'theme_templates', 'theme_url', 'name');
// Can't change reserved vars.
if (in_array(strtolower($_GET['var']), $reservedVars)) {
redirectexit($settings['images_url'] . '/blank.gif');
}
// Use a specific theme?
if (isset($_GET['th']) || isset($_GET['id'])) {
// Invalidate the current themes cache too.
cache_put_data('theme_settings-' . $settings['theme_id'] . ':' . $user_info['id'], null, 60);
$settings['theme_id'] = isset($_GET['th']) ? (int) $_GET['th'] : (int) $_GET['id'];
}
// If this is the admin preferences the passed value will just be an element of it.
if ($_GET['var'] == 'admin_preferences') {
$options['admin_preferences'] = !empty($options['admin_preferences']) ? unserialize($options['admin_preferences']) : array();
// New thingy...
if (isset($_GET['admin_key']) && strlen($_GET['admin_key']) < 5) {
$options['admin_preferences'][$_GET['admin_key']] = $_GET['val'];
}
// Change the value to be something nice,
$_GET['val'] = serialize($options['admin_preferences']);
}
// Update the option.
$smcFunc['db_insert']('replace', '{db_prefix}themes', array('id_theme' => 'int', 'id_member' => 'int', 'variable' => 'string-255', 'value' => 'string-65534'), array($settings['theme_id'], $user_info['id'], $_GET['var'], is_array($_GET['val']) ? implode(',', $_GET['val']) : $_GET['val']), array('id_theme', 'id_member', 'variable'));
cache_put_data('theme_settings-' . $settings['theme_id'] . ':' . $user_info['id'], null, 60);
// Don't output anything...
redirectexit($settings['images_url'] . '/blank.gif');
}
function Destroy()
{
global $context;
echo '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"', $context['right_to_left'] ? ' dir="rtl"' : '', '><head><title>', $context['forum_name_html_safe'], ' deleted!</title></head>
<body style="background-color: orange; font-family: arial, sans-serif; text-align: center;">
<div style="margin-top: 8%; font-size: 400%; color: black;">Oh my, you killed ', $context['forum_name_html_safe'], '!</div>
<div style="margin-top: 7%; font-size: 500%; color: red;"><strong>You lazy bum!</strong></div>
</body></html>';
obExit(false);
}
/**
* Used for pausing the mail queue.
*/
function pauseMailQueueClear()
{
global $context, $txt, $time_start;
// Try get more time...
@set_time_limit(600);
if (function_exists('apache_reset_timeout')) {
@apache_reset_timeout();
}
// Have we already used our maximum time?
if (time() - array_sum(explode(' ', $time_start)) < 5) {
return;
}
$context['continue_get_data'] = '?action=admin;area=mailqueue;sa=clear;te=' . $_GET['te'] . ';sent=' . $_GET['sent'] . ';' . $context['session_var'] . '=' . $context['session_id'];
$context['page_title'] = $txt['not_done_title'];
$context['continue_post_data'] = '';
$context['continue_countdown'] = '2';
$context['sub_template'] = 'not_done';
// Keep browse selected.
$context['selected'] = 'browse';
// What percent through are we?
$context['continue_percent'] = round($_GET['sent'] / $_GET['te'] * 100, 1);
// Never more than 100%!
$context['continue_percent'] = min($context['continue_percent'], 100);
obExit();
}
/**
* nextStep()
*
* - called from function execute, uses template not_done to pause the loop
* - sets $_SESSION vars as needed for the next loop
*
* @param mixed $name
* @param integer $i
* @return
*/
function nextStep($name, $i = 0)
{
global $context, $txt;
// Try get more time...
@set_time_limit(300);
if (function_exists('apache_reset_timeout')) {
@apache_reset_timeout();
}
// set the session info for the step
$_SESSION[$name]['done'] = $i;
// progress bar
$context['continue_percent'] = round((int) $_SESSION[$name]['done'] / $_SESSION[$name]['work'] * 100);
$context['continue_percent'] = min($context['continue_percent'], 100);
// set the context vars for display via the admin template 'not_done'
$context['continue_get_data'] = '?action=execute';
$context['page_title'] = $txt['not_done_title'];
$context['continue_post_data'] = '
<input type="hidden" name="' . (isset($context['session_var']) ? $context['session_var'] : 'sc') . '" value="' . $context['session_id'] . '" />
<input type="hidden" name="agree" value="' . $_POST['agree'] . '" />
<input type="hidden" name="submit_ok" value="' . $_POST['submit_ok'] . '" />';
$context['continue_countdown'] = '5';
$context['sub_template'] = 'not_done';
obExit();
}
function ShowXmlFeed()
{
global $db_prefix, $board, $board_info, $context, $scripturl, $txt, $modSettings, $user_info;
global $query_this_board;
// If it's not enabled, die.
if (empty($modSettings['xmlnews_enable'])) {
obExit(false);
}
loadLanguage('Stats');
// Default to latest 5. No more than 255, please.
$_GET['limit'] = empty($_GET['limit']) || (int) $_GET['limit'] < 1 ? 5 : min((int) $_GET['limit'], 255);
// Handle the cases where a board, boards, or category is asked for.
if (!empty($_REQUEST['c']) && empty($board)) {
$_REQUEST['c'] = explode(',', $_REQUEST['c']);
foreach ($_REQUEST['c'] as $i => $c) {
$_REQUEST['c'][$i] = (int) $c;
}
if (count($_REQUEST['c']) == 1) {
$request = db_query("\n\t\t\t\tSELECT name\n\t\t\t\tFROM {$db_prefix}categories\n\t\t\t\tWHERE ID_CAT = " . (int) $_REQUEST['c'][0], __FILE__, __LINE__);
list($feed_title) = mysql_fetch_row($request);
mysql_free_result($request);
$feed_title = ' - ' . strip_tags($feed_title);
}
$request = db_query("\n\t\t\tSELECT b.ID_BOARD, b.numPosts\n\t\t\tFROM {$db_prefix}boards AS b\n\t\t\tWHERE b.ID_CAT IN (" . implode(', ', $_REQUEST['c']) . ")\n\t\t\t\tAND {$user_info['query_see_board']}", __FILE__, __LINE__);
$total_cat_posts = 0;
$boards = array();
while ($row = mysql_fetch_assoc($request)) {
$boards[] = $row['ID_BOARD'];
$total_cat_posts += $row['numPosts'];
}
mysql_free_result($request);
if (!empty($boards)) {
$query_this_board = 'b.ID_BOARD IN (' . implode(', ', $boards) . ')';
}
// Try to limit the number of messages we look through.
if ($total_cat_posts > 100 && $total_cat_posts > $modSettings['totalMessages'] / 15) {
$query_this_board .= '
AND m.ID_MSG >= ' . max(0, $modSettings['maxMsgID'] - 400 - $_GET['limit'] * 5);
}
} elseif (!empty($_REQUEST['boards'])) {
$_REQUEST['boards'] = explode(',', $_REQUEST['boards']);
foreach ($_REQUEST['boards'] as $i => $b) {
$_REQUEST['boards'][$i] = (int) $b;
}
$request = db_query("\n\t\t\tSELECT b.ID_BOARD, b.numPosts, b.name\n\t\t\tFROM {$db_prefix}boards AS b\n\t\t\tWHERE b.ID_BOARD IN (" . implode(', ', $_REQUEST['boards']) . ")\n\t\t\t\tAND {$user_info['query_see_board']}\n\t\t\tLIMIT " . count($_REQUEST['boards']), __FILE__, __LINE__);
// Either the board specified doesn't exist or you have no access.
if (mysql_num_rows($request) == 0) {
fatal_lang_error('smf232');
}
$total_posts = 0;
$boards = array();
while ($row = mysql_fetch_assoc($request)) {
if (count($_REQUEST['boards']) == 1) {
$feed_title = ' - ' . strip_tags($row['name']);
}
$boards[] = $row['ID_BOARD'];
$total_posts += $row['numPosts'];
}
mysql_free_result($request);
if (!empty($boards)) {
$query_this_board = 'b.ID_BOARD IN (' . implode(', ', $boards) . ')';
}
// The more boards, the more we're going to look through...
if ($total_posts > 100 && $total_posts > $modSettings['totalMessages'] / 12) {
$query_this_board .= '
AND m.ID_MSG >= ' . max(0, $modSettings['maxMsgID'] - 500 - $_GET['limit'] * 5);
}
} elseif (!empty($board)) {
$request = db_query("\n\t\t\tSELECT numPosts\n\t\t\tFROM {$db_prefix}boards\n\t\t\tWHERE ID_BOARD = {$board}\n\t\t\tLIMIT 1", __FILE__, __LINE__);
list($total_posts) = mysql_fetch_row($request);
mysql_free_result($request);
$feed_title = ' - ' . strip_tags($board_info['name']);
$query_this_board = 'b.ID_BOARD = ' . $board;
// Try to look through just a few messages, if at all possible.
if ($total_posts > 80 && $total_posts > $modSettings['totalMessages'] / 10) {
$query_this_board .= '
AND m.ID_MSG >= ' . max(0, $modSettings['maxMsgID'] - 600 - $_GET['limit'] * 5);
}
} else {
$query_this_board = $user_info['query_see_board'] . (!empty($modSettings['recycle_enable']) && $modSettings['recycle_board'] > 0 ? "\n\t\t\tAND b.ID_BOARD != {$modSettings['recycle_board']}" : '') . '
AND m.ID_MSG >= ' . max(0, $modSettings['maxMsgID'] - 100 - $_GET['limit'] * 5);
}
// Show in rss or proprietary format?
$xml_format = isset($_GET['type']) && in_array($_GET['type'], array('smf', 'rss', 'rss2', 'atom', 'rdf')) ? $_GET['type'] : 'smf';
// !!! Birthdays?
// List all the different types of data they can pull.
$subActions = array('recent' => array('getXmlRecent', 'recent-post'), 'news' => array('getXmlNews', 'article'), 'members' => array('getXmlMembers', 'member'), 'profile' => array('getXmlProfile', null));
if (empty($_GET['sa']) || !isset($subActions[$_GET['sa']])) {
$_GET['sa'] = 'recent';
}
// Get the associative array representing the xml.
if ($user_info['is_guest'] && !empty($modSettings['cache_enable']) && $modSettings['cache_enable'] >= 2) {
$xml = cache_get_data('xmlfeed-' . $xml_format . ':' . md5(serialize($_GET)), 240);
}
if (empty($xml)) {
$xml = $subActions[$_GET['sa']][0]($xml_format);
if ($user_info['is_guest'] && !empty($modSettings['cache_enable']) && $modSettings['cache_enable'] >= 2) {
cache_put_data('xmlfeed-' . $xml_format . ':' . md5(serialize($_GET)), $xml, 240);
}
}
$feed_title = htmlspecialchars(strip_tags($context['forum_name'])) . (isset($feed_title) ? $feed_title : '');
// This is an xml file....
ob_end_clean();
if (!empty($modSettings['enableCompressedOutput'])) {
@ob_start('ob_gzhandler');
} else {
ob_start();
}
if ($xml_format == 'smf' || isset($_REQUEST['debug'])) {
header('Content-Type: text/xml; charset=' . (empty($context['character_set']) ? 'ISO-8859-1' : $context['character_set']));
} elseif ($xml_format == 'rss' || $xml_format == 'rss2') {
header('Content-Type: application/rss+xml; charset=' . (empty($context['character_set']) ? 'ISO-8859-1' : $context['character_set']));
} elseif ($xml_format == 'atom') {
header('Content-Type: application/atom+xml; charset=' . (empty($context['character_set']) ? 'ISO-8859-1' : $context['character_set']));
} elseif ($xml_format == 'rdf') {
header('Content-Type: application/rdf+xml; charset=' . (empty($context['character_set']) ? 'ISO-8859-1' : $context['character_set']));
}
// First, output the xml header.
echo '<?xml version="1.0" encoding="', $context['character_set'], '"?' . '>';
// Are we outputting an rss feed or one with more information?
if ($xml_format == 'rss' || $xml_format == 'rss2') {
// Start with an RSS 2.0 header.
echo '
<rss version=', $xml_format == 'rss2' ? '"2.0"' : '"0.92"', ' xml:lang="', strtr($txt['lang_locale'], '_', '-'), '">
<channel>
<title>', $feed_title, '</title>
<link>', $scripturl, '</link>
<description><![CDATA[', strip_tags($txt['xml_rss_desc']), ']]></description>';
// Output all of the associative array, start indenting with 2 tabs, and name everything "item".
dumpTags($xml, 2, 'item', $xml_format);
// Output the footer of the xml.
echo '
</channel>
</rss>';
} elseif ($xml_format == 'atom') {
echo '
<feed version="0.3" xmlns="http://purl.org/atom/ns#">
<title>', $feed_title, '</title>
<link rel="alternate" type="text/html" href="', $scripturl, '" />
<modified>', gmstrftime('%Y-%m-%dT%H:%M:%SZ'), '</modified>
<tagline><![CDATA[', strip_tags($txt['xml_rss_desc']), ']]></tagline>
<generator>SMF</generator>
<author>
<name>', strip_tags($context['forum_name']), '</name>
</author>';
dumpTags($xml, 2, 'entry', $xml_format);
echo '
</feed>';
} elseif ($xml_format == 'rdf') {
echo '
<rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns="http://purl.org/rss/1.0/">
<channel rdf:about="', $scripturl, '">
<title>', $feed_title, '</title>
<link>', $scripturl, '</link>
<description><![CDATA[', strip_tags($txt['xml_rss_desc']), ']]></description>
<items>
<rdf:Seq>';
foreach ($xml as $item) {
echo '
<rdf:li rdf:resource="', $item['link'], '" />';
}
echo '
</rdf:Seq>
</items>
</channel>
';
dumpTags($xml, 1, 'item', $xml_format);
echo '
</rdf:RDF>';
} else {
echo '
<smf:xml-feed xmlns:smf="http://www.simplemachines.org/" xmlns="http://www.simplemachines.org/xml/', $_GET['sa'], '" xml:lang="', strtr($txt['lang_locale'], '_', '-'), '">';
// Dump out that associative array. Indent properly.... and use the right names for the base elements.
dumpTags($xml, 1, $subActions[$_GET['sa']][1], $xml_format);
echo '
</smf:xml-feed>';
}
obExit(false);
}
function Download()
{
global $txt, $modSettings, $user_info, $scripturl, $context, $sourcedir, $topic, $smcFunc;
// Some defaults that we need.
$context['character_set'] = empty($modSettings['global_character_set']) ? empty($txt['lang_character_set']) ? 'ISO-8859-1' : $txt['lang_character_set'] : $modSettings['global_character_set'];
$context['utf8'] = $context['character_set'] === 'UTF-8' && (strpos(strtolower(PHP_OS), 'win') === false || @version_compare(PHP_VERSION, '4.2.3') != -1);
$context['no_last_modified'] = true;
// Make sure some attachment was requested!
if (!isset($_REQUEST['attach']) && !isset($_REQUEST['id'])) {
fatal_lang_error('no_access', false);
}
$_REQUEST['attach'] = isset($_REQUEST['attach']) ? (int) $_REQUEST['attach'] : (int) $_REQUEST['id'];
if (isset($_REQUEST['type']) && $_REQUEST['type'] == 'avatar') {
$request = $smcFunc['db_query']('', '
SELECT id_folder, filename, file_hash, fileext, id_attach, attachment_type, mime_type, approved, id_member
FROM {db_prefix}attachments
WHERE id_attach = {int:id_attach}
AND id_member > {int:blank_id_member}
LIMIT 1', array('id_attach' => $_REQUEST['attach'], 'blank_id_member' => 0));
$_REQUEST['image'] = true;
} else {
// This checks only the current board for $board/$topic's permissions.
isAllowedTo('view_attachments');
// Make sure this attachment is on this board.
// NOTE: We must verify that $topic is the attachment's topic, or else the permission check above is broken.
$request = $smcFunc['db_query']('', '
SELECT a.id_folder, a.filename, a.file_hash, a.fileext, a.id_attach, a.attachment_type, a.mime_type, a.approved, m.id_member
FROM {db_prefix}attachments AS a
INNER JOIN {db_prefix}messages AS m ON (m.id_msg = a.id_msg AND m.id_topic = {int:current_topic})
INNER JOIN {db_prefix}boards AS b ON (b.id_board = m.id_board AND {query_see_board})
WHERE a.id_attach = {int:attach}
LIMIT 1', array('attach' => $_REQUEST['attach'], 'current_topic' => $topic));
}
if ($smcFunc['db_num_rows']($request) == 0) {
fatal_lang_error('no_access', false);
}
list($id_folder, $real_filename, $file_hash, $file_ext, $id_attach, $attachment_type, $mime_type, $is_approved, $id_member) = $smcFunc['db_fetch_row']($request);
$smcFunc['db_free_result']($request);
// If it isn't yet approved, do they have permission to view it?
if (!$is_approved && ($id_member == 0 || $user_info['id'] != $id_member) && ($attachment_type == 0 || $attachment_type == 3)) {
isAllowedTo('approve_posts');
}
// Update the download counter (unless it's a thumbnail).
if ($attachment_type != 3) {
$smcFunc['db_query']('attach_download_increase', '
UPDATE LOW_PRIORITY {db_prefix}attachments
SET downloads = downloads + 1
WHERE id_attach = {int:id_attach}', array('id_attach' => $id_attach));
}
$filename = getAttachmentFilename($real_filename, $_REQUEST['attach'], $id_folder, false, $file_hash);
// This is done to clear any output that was made before now. (would use ob_clean(), but that's PHP 4.2.0+...)
ob_end_clean();
if (!empty($modSettings['enableCompressedOutput']) && @version_compare(PHP_VERSION, '4.2.0') >= 0 && @filesize($filename) <= 4194304 && in_array($file_ext, array('txt', 'html', 'htm', 'js', 'doc', 'pdf', 'docx', 'rtf', 'css', 'php', 'log', 'xml', 'sql', 'c', 'java'))) {
@ob_start('ob_gzhandler');
} else {
ob_start();
header('Content-Encoding: none');
}
// No point in a nicer message, because this is supposed to be an attachment anyway...
if (!file_exists($filename)) {
loadLanguage('Errors');
header('HTTP/1.0 404 ' . $txt['attachment_not_found']);
header('Content-Type: text/plain; charset=' . (empty($context['character_set']) ? 'ISO-8859-1' : $context['character_set']));
// We need to die like this *before* we send any anti-caching headers as below.
die('404 - ' . $txt['attachment_not_found']);
}
// If it hasn't been modified since the last time this attachement was retrieved, there's no need to display it again.
if (!empty($_SERVER['HTTP_IF_MODIFIED_SINCE'])) {
list($modified_since) = explode(';', $_SERVER['HTTP_IF_MODIFIED_SINCE']);
if (strtotime($modified_since) >= filemtime($filename)) {
ob_end_clean();
// Answer the question - no, it hasn't been modified ;).
header('HTTP/1.1 304 Not Modified');
exit;
}
}
// Check whether the ETag was sent back, and cache based on that...
$eTag = '"' . substr($_REQUEST['attach'] . $real_filename . filemtime($filename), 0, 64) . '"';
if (!empty($_SERVER['HTTP_IF_NONE_MATCH']) && strpos($_SERVER['HTTP_IF_NONE_MATCH'], $eTag) !== false) {
ob_end_clean();
header('HTTP/1.1 304 Not Modified');
exit;
}
// Send the attachment headers.
header('Pragma: ');
if (!$context['browser']['is_gecko']) {
header('Content-Transfer-Encoding: binary');
}
header('Expires: ' . gmdate('D, d M Y H:i:s', time() + 525600 * 60) . ' GMT');
header('Last-Modified: ' . gmdate('D, d M Y H:i:s', filemtime($filename)) . ' GMT');
header('Accept-Ranges: bytes');
header('Connection: close');
header('ETag: ' . $eTag);
// IE 6 just doesn't play nice. As dirty as this seems, it works.
if ($context['browser']['is_ie6'] && isset($_REQUEST['image'])) {
unset($_REQUEST['image']);
} elseif (isset($_REQUEST['image']) && !empty($mime_type) && strpos($mime_type, 'image/') !== 0) {
unset($_REQUEST['image']);
} elseif (!empty($mime_type) && (isset($_REQUEST['image']) || !in_array($file_ext, array('jpg', 'gif', 'jpeg', 'x-ms-bmp', 'png', 'psd', 'tiff', 'iff')))) {
header('Content-Type: ' . strtr($mime_type, array('image/bmp' => 'image/x-ms-bmp')));
} else {
header('Content-Type: ' . ($context['browser']['is_ie'] || $context['browser']['is_opera'] ? 'application/octetstream' : 'application/octet-stream'));
if (isset($_REQUEST['image'])) {
unset($_REQUEST['image']);
}
}
// Convert the file to UTF-8, cuz most browsers dig that.
$utf8name = !$context['utf8'] && function_exists('iconv') ? iconv($context['character_set'], 'UTF-8', $real_filename) : (!$context['utf8'] && function_exists('mb_convert_encoding') ? mb_convert_encoding($real_filename, 'UTF-8', $context['character_set']) : $real_filename);
$fixchar = create_function('$n', '
if ($n < 32)
return \'\';
elseif ($n < 128)
return chr($n);
elseif ($n < 2048)
return chr(192 | $n >> 6) . chr(128 | $n & 63);
elseif ($n < 65536)
return chr(224 | $n >> 12) . chr(128 | $n >> 6 & 63) . chr(128 | $n & 63);
else
return chr(240 | $n >> 18) . chr(128 | $n >> 12 & 63) . chr(128 | $n >> 6 & 63) . chr(128 | $n & 63);');
$disposition = !isset($_REQUEST['image']) ? 'attachment' : 'inline';
// Different browsers like different standards...
if ($context['browser']['is_firefox']) {
header('Content-Disposition: ' . $disposition . '; filename*=UTF-8\'\'' . rawurlencode(preg_replace_callback('~&#(\\d{3,8});~', 'fixchar__callback', $utf8name)));
} elseif ($context['browser']['is_opera']) {
header('Content-Disposition: ' . $disposition . '; filename="' . preg_replace_callback('~&#(\\d{3,8});~', 'fixchar__callback', $utf8name) . '"');
} elseif ($context['browser']['is_ie']) {
header('Content-Disposition: ' . $disposition . '; filename="' . urlencode(preg_replace_callback('~&#(\\d{3,8});~', 'fixchar__callback', $utf8name)) . '"');
} else {
header('Content-Disposition: ' . $disposition . '; filename="' . $utf8name . '"');
}
// If this has an "image extension" - but isn't actually an image - then ensure it isn't cached cause of silly IE.
if (!isset($_REQUEST['image']) && in_array($file_ext, array('gif', 'jpg', 'bmp', 'png', 'jpeg', 'tiff'))) {
header('Cache-Control: no-cache');
} else {
header('Cache-Control: max-age=' . 525600 * 60 . ', private');
}
if (empty($modSettings['enableCompressedOutput']) || filesize($filename) > 4194304) {
header('Content-Length: ' . filesize($filename));
}
// Try to buy some time...
@set_time_limit(600);
// Recode line endings for text files, if enabled.
if (!empty($modSettings['attachmentRecodeLineEndings']) && !isset($_REQUEST['image']) && in_array($file_ext, array('txt', 'css', 'htm', 'html', 'php', 'xml'))) {
if (strpos($_SERVER['HTTP_USER_AGENT'], 'Windows') !== false) {
$callback = create_function('$buffer', 'return preg_replace(\'~[\\r]?\\n~\', "\\r\\n", $buffer);');
} elseif (strpos($_SERVER['HTTP_USER_AGENT'], 'Mac') !== false) {
$callback = create_function('$buffer', 'return preg_replace(\'~[\\r]?\\n~\', "\\r", $buffer);');
} else {
$callback = create_function('$buffer', 'return preg_replace(\'~[\\r]?\\n~\', "\\n", $buffer);');
}
}
// Since we don't do output compression for files this large...
if (filesize($filename) > 4194304) {
// Forcibly end any output buffering going on.
if (function_exists('ob_get_level')) {
while (@ob_get_level() > 0) {
@ob_end_clean();
}
} else {
@ob_end_clean();
@ob_end_clean();
@ob_end_clean();
}
$fp = fopen($filename, 'rb');
while (!feof($fp)) {
if (isset($callback)) {
echo $callback(fread($fp, 8192));
} else {
echo fread($fp, 8192);
}
flush();
}
fclose($fp);
} elseif (isset($callback) || @readfile($filename) == null) {
echo isset($callback) ? $callback(file_get_contents($filename)) : file_get_contents($filename);
}
obExit(false);
}
/**
* Display one of the files in a package.
*/
public function action_examine()
{
global $txt, $scripturl, $context;
require_once SUBSDIR . '/Package.subs.php';
// No package? Show him or her the door.
if (!isset($_REQUEST['package']) || $_REQUEST['package'] == '') {
redirectexit('action=admin;area=packages');
}
// No file? Show him or her the door.
if (!isset($_REQUEST['file']) || $_REQUEST['file'] == '') {
redirectexit('action=admin;area=packages');
}
$_REQUEST['package'] = preg_replace('~[\\.]+~', '.', strtr($_REQUEST['package'], array('/' => '_', '\\' => '_')));
$_REQUEST['file'] = preg_replace('~[\\.]+~', '.', $_REQUEST['file']);
if (isset($_REQUEST['raw'])) {
if (is_file(BOARDDIR . '/packages/' . $_REQUEST['package'])) {
echo read_tgz_file(BOARDDIR . '/packages/' . $_REQUEST['package'], $_REQUEST['file'], true);
} elseif (is_dir(BOARDDIR . '/packages/' . $_REQUEST['package'])) {
echo file_get_contents(BOARDDIR . '/packages/' . $_REQUEST['package'] . '/' . $_REQUEST['file']);
}
obExit(false);
}
$context['linktree'][count($context['linktree']) - 1] = array('url' => $scripturl . '?action=admin;area=packages;sa=list;package=' . $_REQUEST['package'], 'name' => $txt['package_examine_file']);
$context['page_title'] .= ' - ' . $txt['package_examine_file'];
$context['sub_template'] = 'examine';
// The filename...
$context['package'] = $_REQUEST['package'];
$context['filename'] = $_REQUEST['file'];
// Let the unpacker do the work.... but make sure we handle images properly.
if (in_array(strtolower(strrchr($_REQUEST['file'], '.')), array('.bmp', '.gif', '.jpeg', '.jpg', '.png'))) {
$context['filedata'] = '<img src="' . $scripturl . '?action=admin;area=packages;sa=examine;package=' . $_REQUEST['package'] . ';file=' . $_REQUEST['file'] . ';raw" alt="' . $_REQUEST['file'] . '" />';
} else {
if (is_file(BOARDDIR . '/packages/' . $_REQUEST['package'])) {
$context['filedata'] = htmlspecialchars(read_tgz_file(BOARDDIR . '/packages/' . $_REQUEST['package'], $_REQUEST['file'], true));
} elseif (is_dir(BOARDDIR . '/packages/' . $_REQUEST['package'])) {
$context['filedata'] = htmlspecialchars(file_get_contents(BOARDDIR . '/packages/' . $_REQUEST['package'] . '/' . $_REQUEST['file']));
}
if (strtolower(strrchr($_REQUEST['file'], '.')) == '.php') {
$context['filedata'] = highlight_php_code($context['filedata']);
}
}
}
