function validate_search_word($word, $idx)
{
static $stopwords;
// If the word is a keyword we don't want to index it, but we do want to be allowed to search it
if (is_keyword($word)) {
return !$idx;
}
if (!isset($stopwords)) {
if (file_exists(FORUM_CACHE_DIR . 'cache_stopwords.php')) {
include FORUM_CACHE_DIR . 'cache_stopwords.php';
}
if (!defined('PANTHER_STOPWORDS_LOADED')) {
if (!defined('FORUM_CACHE_FUNCTIONS_LOADED')) {
require PANTHER_ROOT . 'include/cache.php';
}
generate_stopwords_cache();
require FORUM_CACHE_DIR . 'cache_stopwords.php';
}
}
// If it is a stopword it isn't valid
if (in_array($word, $stopwords)) {
return false;
}
// If the word is CJK we don't want to index it, but we do want to be allowed to search it
if (is_cjk($word)) {
return !$idx;
}
// Exclude % and * when checking whether current word is valid
$word = str_replace(array('%', '*'), '', $word);
// Check the word is within the min/max length
$num_chars = panther_strlen($word);
return $num_chars >= PANTHER_SEARCH_MIN_WORD && $num_chars <= PANTHER_SEARCH_MAX_WORD;
}
$forum_sql = '';
$url_forums = array_map('intval', $url_forums);
// If a search_id was supplied
if (isset($_GET['search_id'])) {
$search_id = intval($_GET['search_id']);
if ($search_id < 1) {
message($lang_common['Bad request'], false, '404 Not Found');
}
} else {
if ($action == 'search') {
$keywords = isset($_GET['keywords']) ? utf8_strtolower(panther_trim($_GET['keywords'])) : null;
$author = isset($_GET['author']) ? utf8_strtolower(panther_trim($_GET['author'])) : null;
if (preg_match('%^[\\*\\%]+$%', $keywords) || panther_strlen(str_replace(array('*', '%'), '', $keywords)) < PANTHER_SEARCH_MIN_WORD && !is_cjk($keywords)) {
$keywords = '';
}
if (preg_match('%^[\\*\\%]+$%', $author) || panther_strlen(str_replace(array('*', '%'), '', $author)) < 2) {
$author = '';
}
if (!$keywords && !$author) {
message($lang_search['No terms']);
}
if ($author) {
$author = str_replace('*', '%', $author);
}
$show_as = isset($_GET['show_as']) && $_GET['show_as'] == 'topics' ? 'topics' : 'posts';
$sort_by = isset($_GET['sort_by']) ? intval($_GET['sort_by']) : 0;
$search_in = !isset($_GET['search_in']) || $_GET['search_in'] == '0' ? 0 : ($_GET['search_in'] == '1' ? 1 : -1);
} else {
if ($action == 'show_user_posts' || $action == 'show_user_topics' || $action == 'show_subscriptions') {
$user_id = isset($_GET['user_id']) ? intval($_GET['user_id']) : $panther_user['id'];
if ($user_id < 2) {
$errors = array();
$username = isset($_POST['username']) ? panther_trim($_POST['username']) : '';
$random_pass = isset($_POST['random_pass']) && $_POST['random_pass'] == '1' ? 1 : 0;
$email = isset($_POST['email']) ? strtolower(panther_trim($_POST['email'])) : '';
$password_salt = random_pass(16);
if ($random_pass == '1') {
$password1 = random_pass(12);
$password2 = $password1;
} else {
$password1 = isset($_POST['password1']) ? panther_trim($_POST['password1']) : '';
$password2 = isset($_POST['password2']) ? panther_trim($_POST['password2']) : '';
}
require PANTHER_ROOT . 'lang/' . $panther_user['language'] . '/prof_reg.php';
// Validate username and passwords
check_username($username);
if (panther_strlen($password1) < 6) {
$errors[] = $lang_prof_reg['Pass too short'];
} else {
if ($password1 != $password2) {
$errors[] = $lang_prof_reg['Pass not match'];
}
}
// Validate email
require PANTHER_ROOT . 'include/email.php';
if (!$mailer->is_valid_email($email)) {
$errors[] = $lang_common['Invalid email'];
}
// Check if it's a banned email address
if ($mailer->is_banned_email($email)) {
if ($panther_config['p_allow_banned_email'] == '0') {
$errors[] = $lang_prof_reg['Banned email'];
if (isset($_POST['form_sent'])) {
// Make sure they got here from the site
confirm_referrer('edit.php');
// If it's a topic it must contain a subject
if ($can_edit_subject) {
$subject = isset($_POST['req_subject']) ? panther_trim($_POST['req_subject']) : '';
if ($panther_config['o_censoring'] == '1') {
$censored_subject = panther_trim(censor_words($subject));
}
if ($subject == '') {
$errors[] = $lang_post['No subject'];
} else {
if ($panther_config['o_censoring'] == '1' && $censored_subject == '') {
$errors[] = $lang_post['No subject after censoring'];
} else {
if (panther_strlen($subject) > 70) {
$errors[] = $lang_post['Too long subject'];
} else {
if ($panther_config['p_subject_all_caps'] == '0' && is_all_uppercase($subject) && !$panther_user['is_admmod']) {
$errors[] = $lang_post['All caps subject'];
}
}
}
}
}
// Clean up message from POST
$message = isset($_POST['req_message']) ? panther_linebreaks(panther_trim($_POST['req_message'])) : '';
// Here we use strlen() not panther_strlen() as we want to limit the post to PANTHER_MAX_POSTSIZE bytes, not characters
if (strlen($message) > PANTHER_MAX_POSTSIZE) {
$errors[] = sprintf($lang_post['Too long message'], forum_number_format(PANTHER_MAX_POSTSIZE));
} else {
message($lang_common['Bad request'], false, '404 Not Found');
}
// Verify that the move to forum ID is valid
$data = array(':gid' => $panther_user['g_id'], ':fid' => $move_to_forum);
$ps = $db->run('SELECT 1 FROM ' . $db->prefix . 'forums AS f LEFT JOIN ' . $db->prefix . 'forum_perms AS fp ON (fp.group_id=:gid AND fp.forum_id=:fid) WHERE f.redirect_url IS NULL AND (fp.post_topics IS NULL OR fp.post_topics=1)', $data);
if (!$ps->rowCount()) {
message($lang_common['Bad request'], false, '404 Not Found');
}
// Load the post.php language file
require PANTHER_ROOT . 'lang/' . $panther_user['language'] . '/post.php';
// Check subject
$new_subject = isset($_POST['new_subject']) ? panther_trim($_POST['new_subject']) : '';
if ($new_subject == '') {
message($lang_post['No subject']);
} else {
if (panther_strlen($new_subject) > 70) {
message($lang_post['Too long subject']);
}
}
($hook = get_extensions('moderate_split_posts')) ? eval($hook) : null;
// Get data from the new first post
$ps = $db->run('SELECT p.id, p.poster, p.posted FROM ' . $db->prefix . 'posts AS p WHERE id IN(' . implode(',', $markers) . ') ORDER BY p.id ASC LIMIT 1', $posts);
$first_post_data = $ps->fetch();
// Create the new topic
$insert = array('poster' => $first_post_data['poster'], 'subject' => $new_subject, 'posted' => $first_post_data['posted'], 'first_post_id' => $first_post_data['id'], 'forum_id' => $move_to_forum);
$db->insert('topics', $insert);
$new_tid = $db->lastInsertId('topics');
$update_data[0] = $new_tid;
// Move the posts to the new topic
$db->run('UPDATE ' . $db->prefix . 'posts SET topic_id=? WHERE id IN(' . implode(',', $markers) . ')', $update_data);
// Apply every subscription to both topics
$errors[] = $lang_poll['Too long question'];
} else {
if ($panther_config['p_subject_all_caps'] == '0' && is_all_uppercase($question) && !$panther_user['is_admmod']) {
$errors[] = $lang_poll['All caps question'];
}
}
}
if (empty($options)) {
$errors[] = $lang_poll['No options'];
}
$option_data = array();
for ($i = 0; $i <= $panther_config['o_max_poll_fields']; $i++) {
if (!empty($errors)) {
break;
}
if (panther_strlen($options[$i]) > 55) {
$errors[] = $lang_poll['Too long option'];
} else {
if ($panther_config['p_subject_all_caps'] == '0' && is_all_uppercase($options[$i]) && !$panther_user['is_admmod']) {
$errors[] = $lang_poll['All caps option'];
} else {
if ($options[$i] != '') {
$option_data[] = $options[$i];
}
}
}
}
if (count($options) < 2) {
$errors[] = $lang_poll['Low options'];
}
($hook = get_extensions('edit_poll_after_validation')) ? eval($hook) : null;
// Determine expiration time
$expiration_time = get_expiration_time($_POST['expiration_time'], $_POST['expiration_unit']);
$warning_title = isset($_POST['warning_title']) ? panther_trim($_POST['warning_title']) : '';
$warning_description = isset($_POST['warning_description']) ? panther_trim($_POST['warning_description']) : '';
$points = isset($_POST['warning_points']) ? intval($_POST['warning_points']) : 0;
if (strlen($warning_title) < 1) {
message($lang_warnings['No title']);
} else {
if (strlen($warning_title) > 70) {
message($lang_warnings['Title too long']);
}
}
if ($warning_description == '') {
message($lang_warnings['Must enter descripiton']);
} else {
if (panther_strlen($warning_description) > PANTHER_MAX_POSTSIZE) {
message(sprintf($lang_warnings['Must enter descripiton'], forum_number_format(PANTHER_MAX_POSTSIZE)));
}
}
$update = array('title' => $warning_title, 'description' => $warning_description, 'points' => $points, 'expiration_time' => $expiration_time);
if (isset($_POST['id']) && $id > 0) {
$data = array(':id' => $id);
$ps = $db->select('warning_types', 'id, title, description, points, expiration_time', $data, 'id=:id');
if ($ps->rowCount()) {
$warning_type = $ps->fetch();
$data = array(':id' => $warning_type['id']);
$db->update('warning_types', $update, 'id=:id', $data);
$redirect_msg = $lang_warnings['Type updated redirect'];
}
} else {
$db->insert('warning_types', $update);
}
}
}
}
break;
case 'messaging':
$form = array('facebook' => panther_trim($_POST['form']['facebook']), 'steam' => panther_trim($_POST['form']['steam']), 'skype' => panther_trim($_POST['form']['skype']), 'google' => panther_trim($_POST['form']['google']), 'twitter' => panther_trim($_POST['form']['twitter']));
break;
case 'personality':
$form = array();
// Clean up signature from POST
if ($panther_config['o_signatures'] == '1') {
$form['signature'] = isset($_POST['signature']) ? panther_linebreaks(panther_trim($_POST['signature'])) : '';
// Validate signature
if (panther_strlen($form['signature']) > $panther_config['p_sig_length']) {
message(sprintf($lang_prof_reg['Sig too long'], $panther_config['p_sig_length'], panther_strlen($form['signature']) - $panther_config['p_sig_length']));
} else {
if (substr_count($form['signature'], "\n") > $panther_config['p_sig_lines'] - 1) {
message(sprintf($lang_prof_reg['Sig too many lines'], $panther_config['p_sig_lines']));
} else {
if ($form['signature'] && $panther_config['p_sig_all_caps'] == '0' && is_all_uppercase($form['signature']) && !$panther_user['is_admmod']) {
$form['signature'] = utf8_ucwords(utf8_strtolower($form['signature']));
}
}
}
// Validate BBCode syntax
if ($panther_config['p_sig_bbcode'] == '1') {
require PANTHER_ROOT . 'include/parser.php';
$errors = array();
$form['signature'] = $parser->preparse_bbcode($form['signature'], $errors, true);
if (count($errors) > 0) {
redirect(panther_link($panther_url['pms_folders']), $lang_pm['Folder added']);
}
} else {
if (isset($_POST['update'])) {
$id = intval(key($_POST['update']));
$folder = panther_trim($_POST['folder'][$id]);
if ($panther_config['o_censoring'] == '1') {
$censored_folder = panther_trim(censor_words($folder));
}
if ($folder == '') {
$errors[] = $lang_pm['No folder name'];
} else {
if (panther_strlen($folder) < 4) {
$errors[] = $lang_pm['Folder too short'];
} else {
if (panther_strlen($folder) > 30) {
$errors[] = $lang_pm['Folder too long'];
} else {
if ($panther_config['o_censoring'] == '1' && $folder == '') {
$errors[] = $lang_pm['No folder after censoring'];
}
}
}
}
if (empty($errors)) {
$update = array('name' => $folder);
$data = array(':id' => $id, ':uid' => $panther_user['id']);
$db->update('folders', $update, 'id=:id AND user_id=:uid', $data);
redirect(panther_link($panther_url['pms_folders']), $lang_pm['Folder edit redirect']);
}
} else {
$new = false;
if (!$panther_user['is_guest'] && $cur_subforum['last_post'] > $panther_user['last_visit'] && (empty($tracked_topics['forums'][$cur_subforum['id']]) || $cur_subforum['last_post'] > $tracked_topics['forums'][$cur_subforum['id']])) {
// There are new posts in this forum, but have we read all of them already?
foreach ($new_topics[$cur_subforum['id']] as $check_topic_id => $check_last_post) {
if ((empty($tracked_topics['topics'][$check_topic_id]) || $tracked_topics['topics'][$check_topic_id] < $check_last_post) && (empty($tracked_topics['forums'][$cur_subforum['id']]) || $tracked_topics['forums'][$cur_subforum['id']] < $check_last_post)) {
$new = true;
break;
}
}
}
$forums[$cur_subforum['id']] = array('moderators' => $moderators, 'last_post' => $cur_subforum['last_post'] ? format_time($cur_subforum['last_post']) : '', 'num_topics' => $num_topics, 'num_posts' => $num_posts, 'forum_count' => forum_number_format($forum_count++), 'search_link' => panther_link($panther_url['search_new_results'], array($cur_subforum['id'])), 'link' => panther_link($panther_url['forum'], array($cur_subforum['id'], url_friendly($cur_subforum['forum_name']))), 'forum_name' => $cur_subforum['forum_name'], 'forum_desc' => $cur_subforum['forum_desc'], 'redirect_url' => $cur_forum['redirect_url'], 'show_post_info' => $cur_subforum['show_post_info'], 'new' => $new);
if ($cur_subforum['last_post']) {
$forums[$cur_subforum['id']]['last_post_avatar'] = generate_avatar_markup($cur_subforum['uid'], $cur_subforum['email'], $cur_subforum['use_gravatar'], array(32, 32));
$forums[$cur_subforum['id']]['last_post_link'] = panther_link($panther_url['post'], array($cur_subforum['last_post_id']));
$forums[$cur_subforum['id']]['last_topic_link'] = panther_link($panther_url['topic'], array($cur_subforum['last_topic_id'], url_friendly($cur_subforum['last_topic'])));
$forums[$cur_subforum['id']]['last_topic'] = panther_strlen($cur_subforum['last_topic']) > 30 ? utf8_substr($cur_subforum['last_topic'], 0, 30) . ' …' : $cur_subforum['last_topic'];
$forums[$cur_subforum['id']]['last_poster'] = isset($cur_subforum['group_id']) ? colourize_group($cur_subforum['last_poster'], $cur_subforum['group_id'], $cur_subforum['uid']) : colourize_group($cur_subforum['last_poster'], PANTHER_GUEST);
}
}
}
$announcements = array();
if (!empty($panther_announcements[$id])) {
$announce_count = 0;
foreach ($panther_announcements[$id] as $cur_announce) {
$data = array(':id' => $cur_announce['user_id']);
$ps = $db->select('users', 'username, group_id', $data, 'id=:id');
list($username, $group_id) = $ps->fetch(PDO::FETCH_NUM);
$announcements[] = array('count' => forum_number_format($announce_count++), 'user' => colourize_group($username, $group_id, $cur_announce['user_id']), 'link' => panther_link($panther_url['announcement_fid'], array($cur_announce['id'], $id, $cur_announce['url_subject'])), 'subject' => $cur_announce['subject']);
}
}
// Retrieve a list of topic IDs, LIMIT is (really) expensive so we only fetch the IDs here then later fetch the remaining data
function check_username($username, $exclude_id = null)
{
global $db, $panther_config, $errors, $lang_prof_reg, $lang_register, $lang_common, $panther_bans;
// Include UTF-8 function
require_once PANTHER_ROOT . 'include/utf8/strcasecmp.php';
// Convert multiple whitespace characters into one (to prevent people from registering with indistinguishable usernames)
$username = preg_replace('%\\s+%s', ' ', $username);
// Validate username
if (panther_strlen($username) < 2) {
$errors[] = $lang_prof_reg['Username too short'];
} else {
if (panther_strlen($username) > 25) {
// This usually doesn't happen since the form element only accepts 25 characters
$errors[] = $lang_prof_reg['Username too long'];
} else {
if (!strcasecmp($username, 'Guest') || !utf8_strcasecmp($username, $lang_common['Guest'])) {
$errors[] = $lang_prof_reg['Username guest'];
} else {
if (preg_match('%[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}%', $username) || preg_match('%((([0-9A-Fa-f]{1,4}:){7}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){6}:[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){5}:([0-9A-Fa-f]{1,4}:)?[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){4}:([0-9A-Fa-f]{1,4}:){0,2}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){3}:([0-9A-Fa-f]{1,4}:){0,3}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){2}:([0-9A-Fa-f]{1,4}:){0,4}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){6}((\\b((25[0-5])|(1\\d{2})|(2[0-4]\\d)|(\\d{1,2}))\\b)\\.){3}(\\b((25[0-5])|(1\\d{2})|(2[0-4]\\d)|(\\d{1,2}))\\b))|(([0-9A-Fa-f]{1,4}:){0,5}:((\\b((25[0-5])|(1\\d{2})|(2[0-4]\\d)|(\\d{1,2}))\\b)\\.){3}(\\b((25[0-5])|(1\\d{2})|(2[0-4]\\d)|(\\d{1,2}))\\b))|(::([0-9A-Fa-f]{1,4}:){0,5}((\\b((25[0-5])|(1\\d{2})|(2[0-4]\\d)|(\\d{1,2}))\\b)\\.){3}(\\b((25[0-5])|(1\\d{2})|(2[0-4]\\d)|(\\d{1,2}))\\b))|([0-9A-Fa-f]{1,4}::([0-9A-Fa-f]{1,4}:){0,5}[0-9A-Fa-f]{1,4})|(::([0-9A-Fa-f]{1,4}:){0,6}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){1,7}:))%', $username)) {
$errors[] = $lang_prof_reg['Username IP'];
} else {
if ((strpos($username, '[') !== false || strpos($username, ']') !== false) && strpos($username, '\'') !== false && strpos($username, '"') !== false) {
$errors[] = $lang_prof_reg['Username reserved chars'];
} else {
if (preg_match('%(?:\\[/?(?:b|u|s|ins|del|em|i|h|colou?r|quote|code|img|url|email|list|\\*|topic|post|forum|user)\\]|\\[(?:img|url|quote|list)=)%i', $username)) {
$errors[] = $lang_prof_reg['Username BBCode'];
}
}
}
}
}
}
// Check username for any censored words
if ($panther_config['o_censoring'] == '1' && censor_words($username) != $username) {
$errors[] = $lang_register['Username censor'];
}
$where_cond = '(UPPER(username)=UPPER(:username) OR UPPER(username)=UPPER(:username2)) AND id>1';
$data = array(':username' => $username, ':username2' => ucp_preg_replace('%[^\\p{L}\\p{N}]%u', '', $username));
// Check that the username (or a too similar username) is not already registered
if (!is_null($exclude_id)) {
$where_cond .= ' AND id!=:id';
$data[':id'] = $exclude_id;
}
$ps = $db->select('users', 'username', $data, $where_cond);
if ($ps->rowCount()) {
$busy = $ps->fetchColumn();
$errors[] = $lang_register['Username dupe 1'] . ' ' . $busy . '. ' . $lang_register['Username dupe 2'];
}
// Check username for any banned usernames
foreach ($panther_bans as $cur_ban) {
if ($cur_ban['username'] != '' && utf8_strtolower($username) == utf8_strtolower($cur_ban['username'])) {
$errors[] = $lang_prof_reg['Banned username'];
break;
}
}
}
// Regenerate the config cache
if (!defined('FORUM_CACHE_FUNCTIONS_LOADED')) {
require PANTHER_ROOT . 'include/cache.php';
}
generate_config_cache();
clear_feed_cache();
if ($form['url_type'] != $panther_config['o_url_type']) {
//Load new URL pack to avoid 404 error after redirecting
if (file_exists(PANTHER_ROOT . 'include/url/' . $form['url_type'] . '.php')) {
require PANTHER_ROOT . 'include/url/' . $form['url_type'] . '.php';
} else {
require PANTHER_ROOT . 'include/url/default.php';
}
generate_quickjump_cache();
}
redirect(panther_link($panther_url['admin_options']), $lang_admin_options['Options updated redirect']);
}
$page_title = array($panther_config['o_board_title'], $lang_admin_common['Admin'], $lang_admin_common['Options']);
define('PANTHER_ACTIVE_PAGE', 'admin');
require PANTHER_ROOT . 'header.php';
generate_admin_menu('options');
$diff = ($panther_user['timezone'] + $panther_user['dst']) * 3600;
$timestamp = time() + $diff;
$schemes = get_url_schemes();
$scheme_options = array();
foreach ($schemes as $scheme) {
$scheme_options[] = array('file' => $scheme, 'title' => substr(ucwords(str_replace('_', ' ', $scheme)), 0, -4));
}
$tpl = load_template('admin_options.tpl');
echo $tpl->render(array('lang_admin_options' => $lang_admin_options, 'lang_admin_common' => $lang_admin_common, 'panther_config' => $panther_config, 'form_action' => panther_link($panther_url['admin_options']), 'csrf_token' => generate_csrf_token(PANTHER_ADMIN_DIR . '/options.php'), 'max_file_size' => $max_file_size, 'types' => $scheme_options, 'languages' => forum_list_langs(), 'styles' => forum_list_styles(), 'time_format' => gmdate($panther_config['o_time_format'], $timestamp), 'date_format' => gmdate($panther_config['o_date_format'], $timestamp), 'censoring_link' => panther_link($panther_url['admin_censoring']), 'archive_link' => panther_link($panther_url['admin_archive']), 'ranks_link' => panther_link($panther_url['admin_ranks']), 'tasks_link' => panther_link($panther_url['admin_tasks']), 'feeds' => array(5, 15, 30, 60), 'smtp_pass' => !empty($panther_config['o_smtp_pass']) ? random_key(panther_strlen($panther_config['o_smtp_pass']), true) : '', 'themes' => forum_list_themes()));
require PANTHER_ROOT . 'footer.php';
