function split_words($text) { global $pun_user; static $noise_match, $noise_replace, $stopwords; if (empty($noise_match)) { $noise_match = array('[quote', '[code', '[url', '[img', '[email', '[color', '[colour', 'quote]', 'code]', 'url]', 'img]', 'email]', 'color]', 'colour]', '^', '$', '&', '(', ')', '<', '>', '`', '\'', '"', '|', ',', '@', '_', '?', '%', '~', '+', '[', ']', '{', '}', ':', '\\', '/', '=', '#', ';', '!', '*'); $noise_replace = array('', '', '', '', '', '', '', '', '', '', '', '', '', '', ' ', ' ', ' ', ' ', ' ', ' ', ' ', '', '', ' ', ' ', ' ', ' ', '', ' ', ' ', ' ', ' ', ' ', ' ', ' ', ' ', ' ', '', ' ', ' ', ' ', ' ', ' ', ' '); $stopwords = (array) @file(PUN_ROOT . 'lang/' . $pun_user['language'] . '/stopwords.txt'); $stopwords = array_map('trim', $stopwords); } // Clean up $patterns[] = '#&[\\#a-z0-9]+?;#i'; $patterns[] = '#\\b[\\w]+:\\/\\/[a-z0-9\\.\\-]+(\\/[a-z0-9\\?\\.%_\\-\\+=&\\/~]+)?#'; $patterns[] = '#\\[\\/?[a-z\\*=\\+\\-]+(\\:?[0-9a-z]+)?:[a-z0-9]{10,}(\\:[a-z0-9]+)?=?.*?\\]#'; $text = preg_replace($patterns, ' ', ' ' . strtolower($text) . ' '); // Filter out junk $text = str_replace($noise_match, $noise_replace, $text); // Strip out extra whitespace between words $text = trim(preg_replace('#\\s+#', ' ', $text)); // Fill an array with all the words $words = explode(' ', $text); if (!empty($words)) { while (list($i, $word) = @each($words)) { $words[$i] = trim($word, '.'); $num_chars = pun_strlen($word); if ($num_chars < 3 || $num_chars > 20 || in_array($word, $stopwords)) { unset($words[$i]); } } } return array_unique($words); }
function validate_search_word($word, $idx) { static $stopwords; // If the word is a keyword we don't want to index it, but we do want to be allowed to search it if (is_keyword($word)) { return !$idx; } if (!isset($stopwords)) { if (file_exists(FORUM_CACHE_DIR . 'cache_stopwords.php')) { include FORUM_CACHE_DIR . 'cache_stopwords.php'; } if (!defined('PUN_STOPWORDS_LOADED')) { if (!defined('FORUM_CACHE_FUNCTIONS_LOADED')) { require PUN_ROOT . 'include/cache.php'; } generate_stopwords_cache(); require FORUM_CACHE_DIR . 'cache_stopwords.php'; } } // If it is a stopword it isn't valid if (in_array($word, $stopwords)) { return false; } // If the word if CJK we don't want to index it, but we do want to be allowed to search it if (is_cjk($word)) { return !$idx; } // Check the word is within the min/max length $num_chars = pun_strlen($word); return $num_chars >= PUN_SEARCH_MIN_WORD && $num_chars <= PUN_SEARCH_MAX_WORD; }
function validate_search_word($word, $idx) { global $cache; static $stopwords; // If the word is a keyword we don't want to index it, but we do want to be allowed to search it if (is_keyword($word)) { return !$idx; } if (!isset($stopwords)) { $cache_id = generate_stopwords_cache_id(); $stopwords = $cache->get('stopwords.' . $cache_id); if ($stopwords === Flux_Cache::NOT_FOUND) { $stopwords = array(); $d = dir(PUN_ROOT . 'lang'); while (($entry = $d->read()) !== false) { if ($entry[0] == '.') { continue; } if (is_dir(PUN_ROOT . 'lang/' . $entry) && file_exists(PUN_ROOT . 'lang/' . $entry . '/stopwords.txt')) { $stopwords = array_merge($stopwords, file(PUN_ROOT . 'lang/' . $entry . '/stopwords.txt')); } } $d->close(); // Tidy up and filter the stopwords $stopwords = array_map('pun_trim', $stopwords); $stopwords = array_filter($stopwords); $cache->set('stopwords.' . $cache_id, $stopwords); } } // If it is a stopword it isn't valid if (in_array($word, $stopwords)) { return false; } // If the word if CJK we don't want to index it, but we do want to be allowed to search it if (is_cjk($word)) { return !$idx; } // Exclude % and * when checking whether current word is valid $word = str_replace(array('%', '*'), '', $word); // Check the word is within the min/max length $num_chars = pun_strlen($word); return $num_chars >= PUN_SEARCH_MIN_WORD && $num_chars <= PUN_SEARCH_MAX_WORD; }
?> </span> </td> </tr> <tr> <th scope="row"><?php echo $lang->t('SMTP password label'); ?> </th> <td> <span><input type="checkbox" name="form[smtp_change_pass]" value="1" />  <?php echo $lang->t('SMTP change password help'); ?> </span> <?php $smtp_pass = !empty($pun_config['o_smtp_pass']) ? random_key(pun_strlen($pun_config['o_smtp_pass']), true) : ''; ?> <input type="password" name="form[smtp_pass1]" size="25" maxlength="50" value="<?php echo $smtp_pass; ?> " /> <input type="password" name="form[smtp_pass2]" size="25" maxlength="50" value="<?php echo $smtp_pass; ?> " /> <span><?php echo $lang->t('SMTP password help'); ?> </span> </td> </tr>
$noval = ucfirst(strtolower($noval)); } } } } // This isn't exactly a good way todo it, but it works. I may rethink this code later $option = array(); $lastoption = "null"; while (list($key, $value) = each($_POST['poll_option'])) { $value = pun_trim($value); if ($value != "") { if ($lastoption == '') { $errors[] = $lang_polls['Empty option']; } else { $option[$key] = pun_trim($value); if (pun_strlen($option[$key]) > 80) { $errors[] = $lang_polls['Too long option']; } else { if ($key > $pun_config['poll_max_fields']) { message($lang_common['Bad request']); } else { if ($pun_config['p_subject_all_caps'] == '0' && strtoupper($option[$key]) == $option[$key] && ($pun_user['g_id'] > PUN_MOD && !$pun_user['g_global_moderation'])) { $option[$key] = ucfirst(strtolower($option[$key])); } } } } } $lastoption = pun_trim($value); } // People are naughty
if ($db->num_rows($result) != $num_posts_splitted) { message($lang_common['Bad request'], false, '404 Not Found'); } // Verify that the move to forum ID is valid $result = $db->query('SELECT 1 FROM ' . $db->prefix . 'forums AS f LEFT JOIN ' . $db->prefix . 'forum_perms AS fp ON (fp.group_id=' . $pun_user['g_id'] . ' AND fp.forum_id=' . $move_to_forum . ') WHERE f.redirect_url IS NULL AND (fp.post_topics IS NULL OR fp.post_topics=1)') or error('Unable to fetch forum permissions', __FILE__, __LINE__, $db->error()); if (!$db->num_rows($result)) { message($lang_common['Bad request'], false, '404 Not Found'); } // Load the post.php language file require PUN_ROOT . 'lang/' . $pun_user['language'] . '/post.php'; // Check subject $new_subject = isset($_POST['new_subject']) ? pun_trim($_POST['new_subject']) : ''; if ($new_subject == '') { message($lang_post['No subject']); } else { if (pun_strlen($new_subject) > 70) { message($lang_post['Too long subject']); } } // Get data from the new first post $result = $db->query('SELECT p.id, p.poster, p.posted FROM ' . $db->prefix . 'posts AS p WHERE id IN(' . $posts . ') ORDER BY p.id ASC LIMIT 1') or error('Unable to get first post', __FILE__, __LINE__, $db->error()); $first_post_data = $db->fetch_assoc($result); // Create the new topic $db->query('INSERT INTO ' . $db->prefix . 'topics (poster, subject, posted, first_post_id, forum_id) VALUES (\'' . $db->escape($first_post_data['poster']) . '\', \'' . $db->escape($new_subject) . '\', ' . $first_post_data['posted'] . ', ' . $first_post_data['id'] . ', ' . $move_to_forum . ')') or error('Unable to create new topic', __FILE__, __LINE__, $db->error()); $new_tid = $db->insert_id(); // Move the posts to the new topic $db->query('UPDATE ' . $db->prefix . 'posts SET topic_id=' . $new_tid . ' WHERE id IN(' . $posts . ')') or error('Unable to move posts into new topic', __FILE__, __LINE__, $db->error()); // Apply every subscription to both topics $db->query('INSERT INTO ' . $db->prefix . 'topic_subscriptions (user_id, topic_id) SELECT user_id, ' . $new_tid . ' FROM ' . $db->prefix . 'topic_subscriptions WHERE topic_id=' . $tid) or error('Unable to copy existing subscriptions', __FILE__, __LINE__, $db->error()); // Get last_post, last_post_id, and last_poster from the topic and update it $result = $db->query('SELECT id, poster, posted FROM ' . $db->prefix . 'posts WHERE topic_id=' . $tid . ' ORDER BY id DESC LIMIT 1') or error('Unable to fetch post info', __FILE__, __LINE__, $db->error());
// Handle any duplicate users which occured due to conversion case 'conv_users_dupe': $query_str = '?stage=preparse_posts'; if (!$mysql || empty($_SESSION['dupe_users'])) { break; } if (isset($_POST['form_sent'])) { $errors = array(); require PUN_ROOT . 'include/email.php'; foreach ($_SESSION['dupe_users'] as $id => $cur_user) { $errors[$id] = array(); $username = pun_trim($_POST['dupe_users'][$id]); if (pun_strlen($username) < 2) { $errors[$id][] = $lang_update['Username too short error']; } else { if (pun_strlen($username) > 25) { // This usually doesn't happen since the form element only accepts 25 characters $errors[$id][] = $lang_update['Username too long error']; } else { if (!strcasecmp($username, 'Guest')) { $errors[$id][] = $lang_update['Username Guest reserved error']; } else { if (preg_match('%[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}%', $username) || preg_match('%((([0-9A-Fa-f]{1,4}:){7}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){6}:[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){5}:([0-9A-Fa-f]{1,4}:)?[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){4}:([0-9A-Fa-f]{1,4}:){0,2}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){3}:([0-9A-Fa-f]{1,4}:){0,3}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){2}:([0-9A-Fa-f]{1,4}:){0,4}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){6}((\\b((25[0-5])|(1\\d{2})|(2[0-4]\\d)|(\\d{1,2}))\\b)\\.){3}(\\b((25[0-5])|(1\\d{2})|(2[0-4]\\d)|(\\d{1,2}))\\b))|(([0-9A-Fa-f]{1,4}:){0,5}:((\\b((25[0-5])|(1\\d{2})|(2[0-4]\\d)|(\\d{1,2}))\\b)\\.){3}(\\b((25[0-5])|(1\\d{2})|(2[0-4]\\d)|(\\d{1,2}))\\b))|(::([0-9A-Fa-f]{1,4}:){0,5}((\\b((25[0-5])|(1\\d{2})|(2[0-4]\\d)|(\\d{1,2}))\\b)\\.){3}(\\b((25[0-5])|(1\\d{2})|(2[0-4]\\d)|(\\d{1,2}))\\b))|([0-9A-Fa-f]{1,4}::([0-9A-Fa-f]{1,4}:){0,5}[0-9A-Fa-f]{1,4})|(::([0-9A-Fa-f]{1,4}:){0,6}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){1,7}:))%', $username)) { $errors[$id][] = $lang_update['Username IP format error']; } else { if ((strpos($username, '[') !== false || strpos($username, ']') !== false) && strpos($username, '\'') !== false && strpos($username, '"') !== false) { $errors[$id][] = $lang_update['Username bad characters error']; } else { if (preg_match('%(?:\\[/?(?:b|u|s|ins|del|em|i|h|colou?r|quote|code|img|url|email|list|\\*)\\]|\\[(?:img|url|quote|list)=)%i', $username)) { $errors[$id][] = $lang_update['Username BBCode error']; }
} // Load the post.php/edit.php language file require PUN_ROOT . 'lang/' . $pun_user['language'] . '/post.php'; // Start with a clean slate $errors = array(); if (isset($_POST['form_sent'])) { if ($is_admmod) { confirm_referrer('edit.php'); } // If it is a topic it must contain a subject if ($can_edit_subject) { $subject = pun_trim($_POST['req_subject']); if ($subject == '') { $errors[] = $lang_post['No subject']; } else { if (pun_strlen($subject) > 70) { $errors[] = $lang_post['Too long subject']; } else { if ($pun_config['p_subject_all_caps'] == '0' && strtoupper($subject) == $subject && $pun_user['g_id'] > PUN_MOD) { $subject = ucwords(strtolower($subject)); } } } } // Clean up message from POST $message = pun_linebreaks(pun_trim($_POST['req_message'])); if ($message == '') { $errors[] = $lang_post['No message']; } else { if (strlen($message) > 65535) { $errors[] = $lang_post['Too long message'];
$form['url'] = 'http://' . $form['url']; } break; case 'messaging': $form = extract_elements(array('jabber', 'icq', 'msn', 'aim', 'yahoo')); // If the ICQ UIN contains anything other than digits it's invalid if ($form['icq'] != '' && @preg_match('/[^0-9]/', $form['icq'])) { message($lang_prof_reg['Bad ICQ']); } break; case 'personality': $form = extract_elements(array('use_avatar')); // Clean up signature from POST $form['signature'] = pun_linebreaks(trim($_POST['signature'])); // Validate signature if (pun_strlen($form['signature']) > $pun_config['p_sig_length']) { message($lang_prof_reg['Sig too long'] . ' ' . $pun_config['p_sig_length'] . ' ' . $lang_prof_reg['characters'] . '.'); } else { if (substr_count($form['signature'], "\n") > $pun_config['p_sig_lines'] - 1) { message($lang_prof_reg['Sig too many lines'] . ' ' . $pun_config['p_sig_lines'] . ' ' . $lang_prof_reg['lines'] . '.'); } else { if ($form['signature'] && $pun_config['p_sig_all_caps'] == '0' && strtoupper($form['signature']) == $form['signature'] && $pun_user['g_id'] > PUN_MOD) { $form['signature'] = ucwords(strtolower($form['signature'])); } } } // Validate BBCode syntax if ($pun_config['p_sig_bbcode'] == '1' && strpos($form['signature'], '[') !== false && strpos($form['signature'], ']') !== false) { require PUN_ROOT . 'include/parser.php'; $form['signature'] = preparse_bbcode($form['signature'], $foo, true); }
if ($pun_user['g_id'] > PUN_GUEST) { $result = $db->query('SELECT posted FROM ' . $db->prefix . 'messages ORDER BY id DESC LIMIT 1') or error('Unable to fetch message time for flood protection', __FILE__, __LINE__, $db->error()); if (list($last) = $db->fetch_row($result)) { if (time() - $last < $pun_user['g_post_flood']) { message($lang_pms['Flood start'] . ' ' . $pun_user['g_post_flood'] . ' ' . $lang_pms['Flood end']); } } } // Smileys $hide_smilies = isset($_POST['hide_smilies']) ? 1 : 0; // Check subject $subject = pun_trim($_POST['req_subject']); if ($subject == '') { message($lang_post['No subject']); } else { if (pun_strlen($subject) > 100) { message($lang_post['Too long subject']); } else { if ($pun_config['p_subject_all_caps'] == '0' && strtoupper($subject) == $subject && $pun_user['g_id'] > PUN_GUEST) { $subject = ucfirst(strtolower($subject)); } } } if (isset($_POST['preview'])) { $subject = str_replace('\'', ''', $subject); } // Clean up message from POST $message = pun_linebreaks(pun_trim($_POST['req_message'])); // Check message if ($message == '') { message($lang_post['No message']);
$recipient = $result[0]; unset($result, $query, $params); if ($recipient['email_setting'] == 2 && !$pun_user['is_admmod']) { message($lang->t('Form email disabled')); } if (isset($_POST['form_sent'])) { // Clean up message and subject from POST $subject = pun_trim($_POST['req_subject']); $message = pun_trim($_POST['req_message']); if ($subject == '') { message($lang->t('No email subject')); } else { if ($message == '') { message($lang->t('No email message')); } else { if (pun_strlen($message) > PUN_MAX_POSTSIZE) { message($lang->t('Too long email message')); } } } if ($pun_user['last_email_sent'] != '' && time() - $pun_user['last_email_sent'] < $pun_user['g_email_flood'] && time() - $pun_user['last_email_sent'] >= 0) { message($lang->t('Email flood', $pun_user['g_email_flood'])); } // Load the "form email" template $mail_tpl = trim(file_get_contents(PUN_ROOT . 'lang/' . $pun_user['language'] . '/mail_templates/form_email.tpl')); // The first row contains the subject $first_crlf = strpos($mail_tpl, "\n"); $mail_subject = pun_trim(substr($mail_tpl, 8, $first_crlf - 8)); $mail_message = pun_trim(substr($mail_tpl, $first_crlf)); $mail_subject = str_replace('<mail_subject>', $subject, $mail_subject); $mail_message = str_replace('<sender>', $pun_user['username'], $mail_message);
$username = decode_username($username_hash); // Validate username and passwords if (!$username_hash) { message('Invalid username'); } else { if (strlen($username) < 2) { message($lang_prof_reg['Username too short']); } else { if (pun_strlen($username) > 12) { // This usually doesn't happen since the form element only accepts 12 characters message($lang_common['Bad request']); } else { if (strlen($password1) < 4) { message($lang_prof_reg['Pass too short']); } else { if (pun_strlen($password1) > 16) { // This usually doesn't happen since the form element only accepts 16 characters message($lang_common['Bad request']); } else { if ($password1 != $password2) { message($lang_prof_reg['Pass not match']); } else { if (preg_match('/^Mod\\s+/i', $username) || preg_match('/^Admin\\s+/i', $username)) { message('Usernames may not start with "Mod " or "Admin ". Please choose another username.'); } } } } } } }
break; case 'messaging': $form = array('jabber' => pun_trim($_POST['form']['jabber']), 'icq' => pun_trim($_POST['form']['icq']), 'msn' => pun_trim($_POST['form']['msn']), 'aim' => pun_trim($_POST['form']['aim']), 'yahoo' => pun_trim($_POST['form']['yahoo'])); // If the ICQ UIN contains anything other than digits it's invalid if (preg_match('%[^0-9]%', $form['icq'])) { message($lang->t('Bad ICQ')); } break; case 'personality': $form = array(); // Clean up signature from POST if ($pun_config['o_signatures'] == '1') { $form['signature'] = pun_linebreaks(pun_trim($_POST['signature'])); // Validate signature if (pun_strlen($form['signature']) > $pun_config['p_sig_length']) { message($lang->t('Sig too long', $pun_config['p_sig_length'], pun_strlen($form['signature']) - $pun_config['p_sig_length'])); } else { if (substr_count($form['signature'], "\n") > $pun_config['p_sig_lines'] - 1) { message($lang->t('Sig too many lines', $pun_config['p_sig_lines'])); } else { if ($form['signature'] && $pun_config['p_sig_all_caps'] == '0' && is_all_uppercase($form['signature']) && !$pun_user['is_admmod']) { $form['signature'] = utf8_ucwords(utf8_strtolower($form['signature'])); } } } // Validate BBCode syntax if ($pun_config['p_sig_bbcode'] == '1') { require PUN_ROOT . 'include/parser.php'; $errors = array(); $form['signature'] = preparse_bbcode($form['signature'], $errors, true); if (count($errors) > 0) {
function check_username($username, $exclude_id = null) { global $db, $pun_config, $errors, $lang, $lang, $pun_bans; $lang->load('prof_reg'); $lang->load('register'); // Convert multiple whitespace characters into one (to prevent people from registering with indistinguishable usernames) $username = preg_replace('%\\s+%s', ' ', $username); // Validate username if (pun_strlen($username) < 2) { $errors[] = $lang->t('Username too short'); } else { if (pun_strlen($username) > 25) { // This usually doesn't happen since the form element only accepts 25 characters $errors[] = $lang->t('Username too long'); } else { if (!strcasecmp($username, 'Guest') || !strcasecmp($username, $lang->t('Guest'))) { $errors[] = $lang->t('Username guest'); } else { if (preg_match('%[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}%', $username) || preg_match('%((([0-9A-Fa-f]{1,4}:){7}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){6}:[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){5}:([0-9A-Fa-f]{1,4}:)?[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){4}:([0-9A-Fa-f]{1,4}:){0,2}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){3}:([0-9A-Fa-f]{1,4}:){0,3}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){2}:([0-9A-Fa-f]{1,4}:){0,4}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){6}((\\b((25[0-5])|(1\\d{2})|(2[0-4]\\d)|(\\d{1,2}))\\b)\\.){3}(\\b((25[0-5])|(1\\d{2})|(2[0-4]\\d)|(\\d{1,2}))\\b))|(([0-9A-Fa-f]{1,4}:){0,5}:((\\b((25[0-5])|(1\\d{2})|(2[0-4]\\d)|(\\d{1,2}))\\b)\\.){3}(\\b((25[0-5])|(1\\d{2})|(2[0-4]\\d)|(\\d{1,2}))\\b))|(::([0-9A-Fa-f]{1,4}:){0,5}((\\b((25[0-5])|(1\\d{2})|(2[0-4]\\d)|(\\d{1,2}))\\b)\\.){3}(\\b((25[0-5])|(1\\d{2})|(2[0-4]\\d)|(\\d{1,2}))\\b))|([0-9A-Fa-f]{1,4}::([0-9A-Fa-f]{1,4}:){0,5}[0-9A-Fa-f]{1,4})|(::([0-9A-Fa-f]{1,4}:){0,6}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){1,7}:))%', $username)) { $errors[] = $lang->t('Username IP'); } else { if ((strpos($username, '[') !== false || strpos($username, ']') !== false) && strpos($username, '\'') !== false && strpos($username, '"') !== false) { $errors[] = $lang->t('Username reserved chars'); } else { if (preg_match('%(?:\\[/?(?:b|u|s|ins|del|em|i|h|colou?r|quote|code|img|url|email|list|\\*|topic|post|forum|user)\\]|\\[(?:img|url|quote|list)=)%i', $username)) { $errors[] = $lang->t('Username BBCode'); } } } } } } // Check username for any censored words if ($pun_config['o_censoring'] == '1' && censor_words($username) != $username) { $errors[] = $lang->t('Username censor'); } // Check that the username (or a too similar username) is not already registered $query = $db->select(array('username' => 'u.username'), 'users AS u'); $query->where = '(u.username LIKE :username OR u.username LIKE :clean_username) AND u.id > 1'; $params = array(':username' => $username, ':clean_username' => ucp_preg_replace('%[^\\p{L}\\p{N}]%u', '', $username)); if ($exclude_id) { $query->where .= ' AND u.id != :exclude_id'; $params[':exclude_id'] = $exclude_id; } $result = $query->run($params); if (!empty($result)) { $errors[] = $lang->t('Username dupe 1') . ' ' . pun_htmlspecialchars($result[0]['username']) . '. ' . $lang->t('Username dupe 2'); } unset($query, $params, $result); // Check username for any banned usernames foreach ($pun_bans as $cur_ban) { if ($cur_ban['username'] != '' && utf8_strtolower($username) == utf8_strtolower($cur_ban['username'])) { $errors[] = $lang->t('Banned username'); break; } } }
$errors[] = sprintf($lang_pms['User disable PM'], pun_htmlspecialchars($destinataire)); } elseif ($destinataires[$i]['g_id'] > PUN_GUEST && $destinataires[$i]['g_pm_limit'] != 0 && $destinataires[$i]['total_pm'] >= $destinataires[$i]['g_pm_limit']) { $errors[] = sprintf($lang_pms['Dest full'], pun_htmlspecialchars($destinataire)); } elseif ($pun_user['g_id'] > PUN_GUEST && $destinataires[$i]['allow_msg'] !== null && $destinataires[$i]['allow_msg'] == 0) { $errors[] = sprintf($lang_pms['User blocked'], pun_htmlspecialchars($destinataire)); } } else { $errors[] = sprintf($lang_pms['No user'], pun_htmlspecialchars($destinataire)); } $i++; } // Check subject $p_subject = pun_trim($_POST['req_subject']); if ($p_subject == '') { $errors[] = $lang_post['No subject']; } elseif (pun_strlen($p_subject) > 70) { $errors[] = $lang_post['Too long subject']; } elseif ($pun_config['p_subject_all_caps'] == '0' && strtoupper($p_subject) == $p_subject && $pun_user['g_id'] > PUN_GUEST) { $p_subject = ucwords(strtolower($p_subject)); } // Clean up message from POST $p_message = pun_linebreaks(pun_trim($_POST['req_message'])); // Check message if ($p_message == '') { $errors[] = $lang_post['No message']; } else { if (strlen($p_message) > 65535) { $errors[] = $lang_post['Too long message']; } else { if ($pun_config['p_message_all_caps'] == '0' && strtoupper($p_message) == $p_message && $pun_user['g_id'] > PUN_GUEST) { $p_message = ucwords(strtolower($p_message));
echo "\t" . '</item>' . "\r\n"; } echo '</channel>' . "\r\n"; echo '</rss>'; } else { $show = isset($_GET['show']) ? intval($_GET['show']) : 15; if ($show < 1 || $show > 50) { $show = 15; } // Fetch $show topics $result = $db->query('SELECT t.id, t.subject FROM ' . $db->prefix . 'topics AS t INNER JOIN ' . $db->prefix . 'forums AS f ON f.id=t.forum_id LEFT JOIN ' . $db->prefix . 'forum_perms AS fp ON (fp.forum_id=f.id AND fp.group_id=3) WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND t.moved_to IS NULL' . $forum_sql . ' ORDER BY ' . $order_by . ' DESC LIMIT ' . $show) or error('Unable to fetch topic list', __FILE__, __LINE__, $db->error()); while ($cur_topic = $db->fetch_assoc($result)) { if ($pun_config['o_censoring'] == '1') { $cur_topic['subject'] = censor_words($cur_topic['subject']); } if (pun_strlen($cur_topic['subject']) > $max_subject_length) { $subject_truncated = pun_htmlspecialchars(trim(substr($cur_topic['subject'], 0, $max_subject_length - 5))) . ' …'; } else { $subject_truncated = pun_htmlspecialchars($cur_topic['subject']); } echo '<li><a href="' . $pun_config['o_base_url'] . '/viewtopic.php?id=' . $cur_topic['id'] . '&action=new" title="' . pun_htmlspecialchars($cur_topic['subject']) . '">' . $subject_truncated . '</a></li>' . "\n"; } } return; } else { if ($_GET['action'] == 'online' || $_GET['action'] == 'online_full') { // Load the index.php language file require PUN_ROOT . 'lang/' . $pun_config['o_default_lang'] . '/index.php'; // Fetch users online info and generate strings for output $num_guests = $num_users = 0; $users = array();
function check_username($username, $exclude_id = null) { global $db, $pun_config, $errors, $lang_prof_reg, $lang_register, $lang_common, $pun_bans; // Include UTF-8 function require_once PUN_ROOT . 'include/utf8/strcasecmp.php'; // Convert multiple whitespace characters into one (to prevent people from registering with indistinguishable usernames) $username = preg_replace('%\\s+%s', ' ', $username); // Validate username if (pun_strlen($username) < 2) { $errors[] = $lang_prof_reg['Username too short']; } else { if (pun_strlen($username) > 25) { // This usually doesn't happen since the form element only accepts 25 characters $errors[] = $lang_prof_reg['Username too long']; } else { if (!strcasecmp($username, 'Guest') || !utf8_strcasecmp($username, $lang_common['Guest'])) { $errors[] = $lang_prof_reg['Username guest']; } else { if (preg_match('%[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}%', $username) || preg_match('%((([0-9A-Fa-f]{1,4}:){7}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){6}:[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){5}:([0-9A-Fa-f]{1,4}:)?[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){4}:([0-9A-Fa-f]{1,4}:){0,2}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){3}:([0-9A-Fa-f]{1,4}:){0,3}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){2}:([0-9A-Fa-f]{1,4}:){0,4}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){6}((\\b((25[0-5])|(1\\d{2})|(2[0-4]\\d)|(\\d{1,2}))\\b)\\.){3}(\\b((25[0-5])|(1\\d{2})|(2[0-4]\\d)|(\\d{1,2}))\\b))|(([0-9A-Fa-f]{1,4}:){0,5}:((\\b((25[0-5])|(1\\d{2})|(2[0-4]\\d)|(\\d{1,2}))\\b)\\.){3}(\\b((25[0-5])|(1\\d{2})|(2[0-4]\\d)|(\\d{1,2}))\\b))|(::([0-9A-Fa-f]{1,4}:){0,5}((\\b((25[0-5])|(1\\d{2})|(2[0-4]\\d)|(\\d{1,2}))\\b)\\.){3}(\\b((25[0-5])|(1\\d{2})|(2[0-4]\\d)|(\\d{1,2}))\\b))|([0-9A-Fa-f]{1,4}::([0-9A-Fa-f]{1,4}:){0,5}[0-9A-Fa-f]{1,4})|(::([0-9A-Fa-f]{1,4}:){0,6}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){1,7}:))%', $username)) { $errors[] = $lang_prof_reg['Username IP']; } else { if ((strpos($username, '[') !== false || strpos($username, ']') !== false) && strpos($username, '\'') !== false && strpos($username, '"') !== false) { $errors[] = $lang_prof_reg['Username reserved chars']; } else { if (preg_match('%(?:\\[/?(?:b|u|s|ins|del|em|i|h|colou?r|quote|code|img|url|email|list|\\*|topic|post|forum|user)\\]|\\[(?:img|url|quote|list)=)%i', $username)) { $errors[] = $lang_prof_reg['Username BBCode']; } } } } } } // Check username for any censored words if ($pun_config['o_censoring'] == '1' && censor_words($username) != $username) { $errors[] = $lang_register['Username censor']; } // Check that the username (or a too similar username) is not already registered $query = !is_null($exclude_id) ? ' AND id!=' . $exclude_id : ''; $result = $db->query('SELECT username FROM ' . $db->prefix . 'users WHERE (UPPER(username)=UPPER(\'' . $db->escape($username) . '\') OR UPPER(username)=UPPER(\'' . $db->escape(ucp_preg_replace('%[^\\p{L}\\p{N}]%u', '', $username)) . '\')) AND id>1' . $query) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error()); if ($db->num_rows($result)) { $busy = $db->result($result); $errors[] = $lang_register['Username dupe 1'] . ' ' . pun_htmlspecialchars($busy) . '. ' . $lang_register['Username dupe 2']; } // Check username for any banned usernames foreach ($pun_bans as $cur_ban) { if ($cur_ban['username'] != '' && utf8_strtolower($username) == utf8_strtolower($cur_ban['username'])) { $errors[] = $lang_prof_reg['Banned username']; break; } } }
} } // If a search_id was supplied if (isset($_GET['search_id'])) { $search_id = intval($_GET['search_id']); if ($search_id < 1) { message($lang_common['Bad request'], false, '404 Not Found'); } } else { if ($action == 'search') { $keywords = isset($_GET['keywords']) ? utf8_strtolower(pun_trim($_GET['keywords'])) : null; $author = isset($_GET['author']) ? utf8_strtolower(pun_trim($_GET['author'])) : null; if (preg_match('%^[\\*\\%]+$%', $keywords) || pun_strlen(str_replace(array('*', '%'), '', $keywords)) < PUN_SEARCH_MIN_WORD && !is_cjk($keywords)) { $keywords = ''; } if (preg_match('%^[\\*\\%]+$%', $author) || pun_strlen(str_replace(array('*', '%'), '', $author)) < 2) { $author = ''; } if (!$keywords && !$author) { message($lang_search['No terms']); } if ($author) { $author = str_replace('*', '%', $author); } $show_as = isset($_GET['show_as']) && $_GET['show_as'] == 'topics' ? 'topics' : 'posts'; $sort_by = isset($_GET['sort_by']) ? intval($_GET['sort_by']) : 0; $search_in = !isset($_GET['search_in']) || $_GET['search_in'] == '0' ? 0 : ($_GET['search_in'] == '1' ? 1 : -1); } else { if ($action == 'show_user_posts' || $action == 'show_user_topics' || $action == 'show_subscriptions') { $user_id = isset($_GET['user_id']) ? intval($_GET['user_id']) : $pun_user['id']; if ($user_id < 2) {
$noval = ucwords(strtolower($noval)); } } } } // This isn't exactly a good way todo it, but it works. I may rethink this code later $option = array(); $lastoption = "null"; while (list($key, $value) = each($_POST['poll_option'])) { $value = pun_trim($value); if ($value != "") { if ($lastoption == '') { $errors[] = $lang_polls['Empty option']; } else { $option[$key] = pun_trim($value); if (pun_strlen($option[$key]) > 55) { $errors[] = $lang_polls['Too long option']; } else { if ($key > $pun_config['poll_max_fields']) { message($lang_common['Bad request']); } else { if ($pun_config['p_subject_all_caps'] == '0' && strtoupper($option[$key]) == $option[$key] && ($pun_user['g_id'] > PUN_MOD && !$pun_user['g_global_moderation'])) { $option[$key] = ucwords(strtolower($option[$key])); } } } } } $lastoption = pun_trim($value); } // People are naughty
break; case 'messaging': $form = array('jabber' => pun_trim($_POST['form']['jabber']), 'icq' => pun_trim($_POST['form']['icq']), 'msn' => pun_trim($_POST['form']['msn']), 'aim' => pun_trim($_POST['form']['aim']), 'yahoo' => pun_trim($_POST['form']['yahoo'])); // If the ICQ UIN contains anything other than digits it's invalid if (preg_match('/[^0-9]/', $form['icq'])) { message($lang_prof_reg['Bad ICQ']); } break; case 'personality': $form = array(); // Clean up signature from POST if ($pun_config['o_signatures'] == '1') { $form['signature'] = pun_linebreaks(pun_trim($_POST['signature'])); // Validate signature if (pun_strlen($form['signature']) > $pun_config['p_sig_length']) { message(sprintf($lang_prof_reg['Sig too long'], $pun_config['p_sig_length'], pun_strlen($form['signature']) - $pun_config['p_sig_length'])); } else { if (substr_count($form['signature'], "\n") > $pun_config['p_sig_lines'] - 1) { message(sprintf($lang_prof_reg['Sig too many lines'], $pun_config['p_sig_lines'])); } else { if ($form['signature'] && $pun_config['p_sig_all_caps'] == '0' && is_all_uppercase($form['signature']) && !$pun_user['is_admmod']) { $form['signature'] = utf8_ucwords(utf8_strtolower($form['signature'])); } } } // Validate BBCode syntax if ($pun_config['p_sig_bbcode'] == '1') { require PUN_ROOT . 'include/parser.php'; $errors = array(); $form['signature'] = preparse_bbcode($form['signature'], $errors, true); if (count($errors) > 0) {
$subject = '<a href="viewtopic.php?id=' . $search_set[$i]['tid'] . '"' . $rel . '>' . pun_htmlspecialchars($search_set[$i]['subject']) . '</a>'; } else { $subject = $lang_polls['Poll'] . ': <a href="viewtopic.php?id=' . $search_set[$i]['tid'] . '"' . $rel . '>' . pun_htmlspecialchars($search_set[$i]['subject']) . '</a>'; } if (!$pun_user['is_guest'] && $search_set[$i]['last_post'] > $pun_user['last_visit']) { $icon = '<div class="icon inew"><div class="nosize">' . $lang_common['New icon'] . '</div></div>' . "\n"; } if ($pun_config['o_censoring'] == '1') { $search_set[$i]['message'] = censor_words($search_set[$i]['message']); } $message = str_replace("\n", '<br />', pun_htmlspecialchars($search_set[$i]['message'])); $pposter = pun_htmlspecialchars($search_set[$i]['pposter']); if ($search_set[$i]['poster_id'] > 1) { $pposter = '<strong><a href="/users/' . $search_set[$i]['poster_id'] . '">' . $pposter . '</a></strong>'; } if (pun_strlen($message) >= 1000) { $message .= ' …'; } $vtpost1 = $i == 0 ? ' vtp1' : ''; // Switch the background color for every message. $bg_switch = $bg_switch ? $bg_switch = false : ($bg_switch = true); $vtbg = $bg_switch ? ' rowodd' : ' roweven'; ?> <div class="blockpost searchposts<?php echo $vtbg; ?> "> <h2><?php echo $forum; ?> » <?php
message($lang->t('Registration flood')); } unset($result, $query, $params); $username = pun_trim($_POST['req_user']); $email1 = strtolower(trim($_POST['req_email1'])); if ($pun_config['o_regs_verify'] == '1') { $email2 = strtolower(trim($_POST['req_email2'])); $password1 = random_pass(8); $password2 = $password1; } else { $password1 = pun_trim($_POST['req_password1']); $password2 = pun_trim($_POST['req_password2']); } // Validate username and passwords check_username($username); if (pun_strlen($password1) < 4) { $errors[] = $lang->t('Pass too short'); } else { if ($password1 != $password2) { $errors[] = $lang->t('Pass not match'); } } // Validate email require PUN_ROOT . 'include/email.php'; if (!is_valid_email($email1)) { $errors[] = $lang->t('Invalid email'); } else { if ($pun_config['o_regs_verify'] == '1' && $email1 != $email2) { $errors[] = $lang->t('Email not match'); } }
' . $db->prefix . 'posts AS p WHERE p.topic_id=' . $_GET['tid'] . ' ORDER BY p.edited ;'; $result = $db->query($sql) or error('Unable to fetch posts list', __FILE__, __LINE__, $db->error()); if (isset($_GET['max_subject_length']) && is_numeric($_GET['max_subject_length']) && !empty($_GET['max_subject_length'])) { $max_subject_length = $_GET['max_subject_length']; } while ($cur_post = $db->fetch_assoc($result)) { if ($pun_config['o_censoring'] == '1') { $cur_post['message'] = censor_words($cur_post['message']); } $subject_truncated = $cur_post['message']; if (pun_strlen($cur_post['message']) > $max_subject_length) { $subject_truncated = pun_htmlspecialchars(trim(substr($cur_post['message'], 0, $max_subject_length - 5))) . ' …'; } else { $subject_truncated = pun_htmlspecialchars($cur_post['message']); } echo '<li>' . $subject_truncated . '</li>'; } } else { // No error for a nice show in strip-it :-) //error( 'Unable to fetch posts list, you must ask for a topic id or title', __FILE__, __LINE__, $db->error() ); } } else { exit('Bad request'); } } }