<?php /** * AlQuran Login file * @author Shahriar * @version 1.0.1 */ session_start(); if (!isset($_SESSION['logged'])) { header('location: login'); } require_once 'config/function.php'; require_once 'config/connect.php'; require_once 'config/db.php'; require_once 'admin/header.php'; if (!url_valid()) { //require_once('admin/'.$_GET['page'].'.php'); //require_once('admin/404.php'); } require_once 'admin/footer.php';
} if ($pun_config['o_regs_verify'] == '0' || $pun_user['is_admmod']) { require PUN_ROOT . 'include/email.php'; // Validate the email address $form['email'] = strtolower(pun_trim($_POST['req_email'])); if (!is_valid_email($form['email'])) { message($lang_common['Invalid email']); } } break; case 'personal': $form = array('realname' => isset($_POST['form']['realname']) ? pun_trim($_POST['form']['realname']) : '', 'url' => isset($_POST['form']['url']) ? pun_trim($_POST['form']['url']) : '', 'location' => isset($_POST['form']['location']) ? pun_trim($_POST['form']['location']) : ''); // Add http:// if the URL doesn't contain it already (while allowing https://, too) if ($pun_user['g_post_links'] == '1') { if ($form['url'] != '') { $url = url_valid($form['url']); if ($url === false) { message($lang_profile['Invalid website URL']); } $form['url'] = $url['url']; } } else { if (!empty($form['url'])) { message($lang_profile['Website not allowed']); } $form['url'] = ''; } if ($pun_user['g_id'] == PUN_ADMIN) { $form['title'] = pun_trim($_POST['title']); } else { if ($pun_user['g_set_title'] == '1') {
function _preparse_bbcode_callback($matches) { global $lang_common, $errors, $pd; // Get Slim current session $feather = \Slim\Slim::getInstance(); // Initialize some local variables. Use reference variables where possible. $tagname =& $matches[1]; // BBCode tag name. $contents =& $matches[6]; // BBCode tag contents. $tag =& $pd['bbcd'][$tagname]; // alias to this tags array element of the BBCD database $parent = end($pd['tag_stack']); // Name of parent tag. ("_ROOT_" is base parent tag). /* $new_errors = array(); */ // BBCode tag error messages. (Create on error.) // First things first. $tag['depth']++; // Increment tag-specific nesting level depth. $tagname = strtolower($tagname); // Force lowercase tags name. array_push($pd['tag_stack'], $tagname); // Push this tags name onto the tag stack. // --------------------------------------------------------------------------- // Recursively parse any nested BBCode tag markup (unless tag type is hidden): // --------------------------------------------------------------------------- if ($tag['tag_type'] !== 'hidden' && strpos($contents, '[') !== false) { $contents = preg_replace_callback($pd['re_bbcode'], '_preparse_bbcode_callback', $contents); if ($contents === null) { // On error, preg_replace_callback returns NULL. // Error #1: '(%s) Message is too long or too complex. Please shorten.' $new_errors[] = sprintf($lang_common['BBerr pcre'], preg_error()); $contents = ''; // Zero out the contents. } } // --------------------------------------------------------------------------------------- // Process optional $attribute. Set $fmt_open, $fmt_close and $handler based on attribute. // --------------------------------------------------------------------------------------- $fmt_close = '[/' . $tagname . ']'; // BBCode closing tag format specifier string. if ($matches[2]) { // Check if attribute specified? // Attribute specified. Pick value from one of the three possible quote delimitations. if ($matches[3]) { // Non-empty single-quoted value. $attribute =& $matches[3]; // Set attribute to quoted content. $fmt_open = '[' . $tagname . '=\'%a_str%\']'; // Set 'single-quoted' opening format. } elseif ($matches[4]) { // Non-empty double-quoted value. $attribute =& $matches[4]; // Set attribute to quoted content. $fmt_open = '[' . $tagname . '="%a_str%"]'; // Set "double-quoted" opening format. } elseif ($matches[5]) { // Non-empty un-or-any-quoted value. $attribute =& $matches[5]; // Set attribute to unquoted content. $fmt_open = '[' . $tagname . '=%a_str%]'; // Set un-'or'-"any"-quoted opening format. } else { // Otherwise must be empty. $attribute = ''; // Set empty attribute. $fmt_open = '[' . $tagname . '=%a_str%]'; // Set empty-attribute opening format. } // Consolidate consecutive attribute whitespace to a single space. Trim start and end. $attribute = preg_replace(array('/\\s++/S', '/^ /', '/ $/'), array(' ', '', ''), $attribute); // Determine attribute handler: fixed or variable or none. if (isset($tag['handlers'][$attribute])) { // If attribute matches handler key $handler =& $tag['handlers'][$attribute]; // use the fixed-attribute handler. } elseif (isset($tag['handlers']['ATTRIB'])) { // Else if we have one, use this tags $handler =& $tag['handlers']['ATTRIB']; // variable attribute handler. Otherwise... } elseif (isset($tag['handlers']['NO_ATTRIB']) && count($tag['handlers']) === 1) { // which is either unexpected or unrecognized. // Error #2: 'Unexpected attribute: "%1$s". (No attribute allowed for [%2$s].'. $handler =& $pd['bbcd']['_ROOT_']['handlers']['NO_ATTRIB']; $new_errors[] = sprintf($lang_common['BBerr unexpected attribute'], $attribute, $tagname); } else { // Error #3: 'Unrecognized attribute: "%1$s", is not valid for [%2$s].' $handler =& $pd['bbcd']['_ROOT_']['handlers']['NO_ATTRIB']; $new_errors[] = sprintf($lang_common['BBerr unrecognized attribute'], $attribute, $tagname); } // Make sure attribute does nor contain a valid BBcode tag. if (preg_match($pd['re_bbtag'], $attribute)) { // Error #4: 'Attribute may NOT contain open or close bbcode tags' $handler =& $pd['bbcd']['_ROOT_']['handlers']['NO_ATTRIB']; $new_errors[] = $lang_common['BBerr bbcode attribute']; } // Validate and filter tag's attribute value if and according to custom attribute regex. if (isset($handler['a_regex'])) { // Check if this tag has an attribute regex? (very rare) if (preg_match($handler['a_regex'], $attribute, $m)) { // Yes. Check if regex matches attribute? $attribute = $m[1]; } else { // Error #4b: 'Invalid attribute, [%s] requires specific attribute.' $new_errors[] = sprintf($lang_common['BBerr invalid attrib'], $tagname); } } } else { // Attribute not specified. Use the NO_ATTRIB handler if it exixts else error. $attribute = ''; // No attribute? Make it so. $fmt_open = '[' . $tagname . ']'; // Set no-attribute fmt_open string. if (isset($tag['handlers']['NO_ATTRIB'])) { // If we have one, use this tags $handler =& $tag['handlers']['NO_ATTRIB']; // no-attribute handler. Otherwise... } else { // Error #5: '[%1$s] is missing a required attribute.'. $handler =& $pd['bbcd']['_ROOT_']['handlers']['NO_ATTRIB']; $new_errors[] = sprintf($lang_common['BBerr missing attribute'], $tagname); } } // ------------------------------------------------------- // Do some validation checks. Fix problems where possible: // ------------------------------------------------------- // Handle tag nesting depth overflow. if ($tag['depth'] > $tag['depth_max']) { // Allowable tag nesting level exceeded? switch ($tag['nest_type']) { // Overflow. Handle based upon tag's "nest_type" case 'clip': // Silently strip overly nested tags and content. $contents = ''; break; case 'fix': // Silently strip overly-nested tags (keep contents). $fmt_open = $fmt_close = ''; break; case 'err': // Error #6: '[%1$s] tag nesting depth: %2$d exceeds allowable limit: %3$d.'. $new_errors[] = sprintf($lang_common['BBerr nesting overflow'], $tagname, $tag['depth'], $tag['depth_max']); break; default: } } // Verify this tag is not in its parent's excluded tags list. if (isset($pd['bbcd'][$parent]['tags_excluded'][$tagname])) { // Are we illegitimate? // Yes. Pick between error #6 and #7. if ($parent === $tagname) { // Error #7: '[%s] was opened within itself, this is not allowed.' $new_errors[] = sprintf($lang_common['BBerr self-nesting'], $tagname); } else { // Error #8: '[%1$s] was opened within [%2$s], this is not allowed.' $new_errors[] = sprintf($lang_common['BBerr invalid nesting'], $tagname, $parent); } } // Verfify our parent tag is in our 'parents' allowable array if it exists. if (isset($tag['parents']) && !isset($tag['parents'][$parent])) { // Error #9: '[%1$s] cannot be within: [%2$s]. Allowable parent tags: %3$s.'. $new_errors[] = sprintf($lang_common['BBerr invalid parent'], $tagname, $parent, '(' . implode('), (', array_keys($tag['parents'])) . ')'); } // ----------------------------------------- // Perform content-type-specific processing: // ----------------------------------------- switch ($handler['c_type']) { case 'width_height': if (preg_match('/\\b(\\d++)[Xx](\\d++)\\b/S', $contents, $m)) { $width = (int) $m[1]; $height = (int) $m[2]; } if (preg_match('/\\bw(?:idth)?+\\s*+=\\s*+[\'"]?+(\\d++)\\b/Si', $contents, $m)) { $width = (int) $m[1]; } if (preg_match('/\\bh(?:eight)?+\\s*+=\\s*+[\'"]?+(\\d++)\\b/Si', $contents, $m)) { $height = (int) $m[1]; } if (isset($height, $tag['x_padding'], $tag['y_padding'])) { $height -= $tag['y_padding'] - $tag['x_padding']; // Adjust for height of embedded controller. } break; case 'url': // Sanitize contents which is (hopefully) a url link. Trim spaces. $contents = preg_replace(array('/^\\s+/', '/\\s+$/S'), '', $contents); // Handle special case link to a if ($feather->user->g_post_links != '1') { $new_errors[] = $lang_common['BBerr cannot post URLs']; } else { if ($m = url_valid($contents)) { $contents = $m['url']; // Fetch possibly more complete url address. } else { // Error #10a: 'Invalid URL name: %s'. $new_errors[] = sprintf($lang_common['BBerr Invalid URL name'], $contents); } } break; case 'email': if (filter_var($contents, FILTER_VALIDATE_EMAIL)) { // Error #10c: 'Invalid email address: %s'. $new_errors[] = sprintf($lang_common['BBerr Invalid email address'], $contents); } break; default: } // End c_type switch(). // ------------------------------------------- // Perform attribute-type-specific processing: // ------------------------------------------- switch ($handler['a_type']) { case 'width_height': if ($attribute) { if (preg_match('/\\b(\\d++)[Xx](\\d++)\\b/', $attribute, $m)) { // Check for a "123x456" WxH spec? $width = (int) $m[1]; // Yes. Set both dimensions. $height = (int) $m[2]; } if (preg_match('/\\bw(?:idth)?+\\s*+=\\s*+[\'"]?+(\\d++)\\b/i', $attribute, $m)) { $width = (int) $m[1]; } if (preg_match('/\\bh(?:eight)?+\\s*+=\\s*+[\'"]?+(\\d++)\\b/i', $attribute, $m)) { $height = (int) $m[1]; } $attribute = preg_replace('/[;\\s]?+\\b(?:(?:w(?:idth)?+|h(?:eight)?+)\\s*+=\\s*+|\\d++[Xx])\\d++\\b/Si', '', $attribute); } break; case 'url': if ($m = url_valid($attribute)) { $attribute = $m['url']; // Fetch possibly more complete url address. } else { // Error #10b: 'Invalid URL name: %s'. $new_errors[] = sprintf($lang_common['BBerr Invalid URL name'], $attribute); } break; case 'color': if (!preg_match($pd['re_color'], $attribute)) { // Error #11: 'Invalid color attribute: %s'. $new_errors[] = sprintf($lang_common['BBerr Invalid color'], $attribute); } break; case 'email': // TODO: improve this quick-n-dirty email check. if (!preg_match('/^[A-Z0-9._%+-]+@[A-Z0-9.-]+\\.[A-Z]{2,6}$/i', $attribute)) { // Error #10c: 'Invalid email address: %s'. $new_errors[] = sprintf($lang_common['BBerr Invalid email address'], $attribute); } break; default: } // End a_type switch(). // ---------------------------------------------------------- // Perform tag-specific processing of attribute and contents: // ---------------------------------------------------------- switch ($tagname) { case 'img': // Handle bad image url, file too big, then scale-to-fit within forum defaults if too large. if ($tag['depth'] === 1) { // Check if not overly nested? if ($pd['ipass'] === 2 && $pd['config']['valid_imgs'] && url_valid($contents)) { // Valid URI? // Yes. Fetch file headers containing file type and size ("Content-Type" and "Content-Length"). if (($http = @get_headers($contents)) !== false && is_array($http)) { if (preg_match('/\\b200\\s++OK\\s*+$/i', $http[0])) { // Good response header? for ($i = 1, $len = count($http); $i < $len; ++$i) { // Yes. Loop through HTTP response headers. if (preg_match('/^\\s*+Content-Length\\s*+:\\s*+(\\d++)\\s*+$/i', $http[$i], $m)) { $size = (int) $m[1]; } // File size found. if (preg_match('/^\\s*+Content-Type\\s*+:\\s*+image\\/(.++)$/i', $http[$i], $m)) { $type = $m[1]; } // Image file type found. } // Verify Content-Type is an image. if (isset($type)) { // Verify remote file size is not too big. (If too big, handle error.) if (isset($size)) { if ($size <= $pd['config']['max_size']) { // Filesize is ok. Do nothing. if (($info = @getimagesize($contents)) && is_array($info)) { // Fetch width & height. // Now we know the filesize, width and height of remote image. if (($iwidth = (int) $info[0]) && ($iheight = (int) $info[1])) { // To resize or not resize, that is the question. // If bigger than default, scale down. Otherwise dont touch. // Scale image to fit within forum default width/height box dimensions. $ar = (double) $iwidth / (double) $iheight; // Otherwise, for images that naturally fit inside the box, // leave the attribute clean (or unset). if (!isset($width) && !isset($height) && ($iwidth > $pd['config']['def_width'] || $iheight > $pd['config']['def_height'])) { // Remote file dimensions are too big to fit within default box. // Explicitly scale a new width and height in IMG attribute. $width = $pd['config']['def_width']; $height = (int) ((double) $width / $ar + 0.5); if ($height > $pd['config']['def_height']) { $height = $pd['config']['def_height']; $width = (int) ((double) $height * $ar + 0.5); } } // Else remote image fits. Do nothing special with width and height. } } else { // Error #13: 'Unable to retrieve image data from remote url: %s'. $new_errors[] = sprintf($lang_common['BBerr bad meta data'], $contents); } // NOTE: cannot generate this error. } else { // Filesize of remote image is too big. Silently convert to link if possible. if (isset($pd['bbcd']['url']) && $pd['bbcd']['url']['depth'] === 0) { $fmt_open = '{[url=' . $contents . ']'; $fmt_close = '[/url]}'; $contents = $lang_common['BBmsg big image']; } else { // Image within a url cannot be linkified. Just display url name. $contents = '{' . $contents . '}'; $fmt_open = ''; $fmt_close = ''; } } } else { // $size not set. // Error #14: 'Unable to determine remote file size.'. $new_errors[] = $lang_common['BBerr no file size']; } // NOTE: cannot generate this error. } else { // Error #15: 'Remote url does not have Content-Type: "image".' $new_errors[] = $lang_common['BBerr non image']; } } else { // Error #16: 'Bad HTTP response header: "%s"'. $new_errors[] = sprintf($lang_common['BBerr bad http response'], $http[0]); } } else { // Error #17: 'Unable to read remote image http headers.'. $new_errors[] = $lang_common['BBerr bad headers']; } } // Image validation turned off. Do nothing. } else { // Non-Error: IMG tag self nesting. Handle by silently stripping tags with no error. $fmt_open = $fmt_close = ''; } break; case 'list': // Fixup lists within lists. In lists, everything must be in a [*] tag. // Check if LIST contents well-formed. if ($pd['ipass'] === 2 && !preg_match('% # Rev:20110220_1200 ^\\s*+ # This regex validates well-formed list content. (?: \\[\\*\\] [^[]*+(?:(?!\\[/?\\*\\])\\[[^[]*+)*+ \\[/\\*\\]\\s*+ )++ $ %x', $contents)) { // Not well formed. Do fixup to ensure list contents are only * tags. // First regex wraps invalid characters at start of LIST in a [*]...[/*] tag. $contents = preg_replace($pd['re_fixlist_1'], '[*]$1[/*]', $contents); // Second regex wraps invalid characters between [/*] and [*] (or [/list]). $contents = preg_replace($pd['re_fixlist_2'], '$1[/*]', $contents); } // Well-formed LIST contents! if ($parent === 'list') { $fmt_open = '[*]' . $fmt_open; $fmt_close .= '[/*]'; } break; default: break; } // End switch statement. // ------------------------------------------- // Process width and height values if present. // ------------------------------------------- if (isset($width) || isset($height)) { // Check if dimension specified in attrib or contents? // Yes. Clip both $width and/or $height to their respective config maximums. if (isset($width)) { // Clip to max. Set to default if zero. if ($width > $pd['config']['max_width']) { $width = $pd['config']['max_width']; } elseif ($width === 0) { $width = $pd['config']['def_width']; } } if (isset($height)) { // Clip to max. Set to default if zero. if ($height > $pd['config']['max_height']) { $height = $pd['config']['max_height']; } elseif ($height === 0) { $height = $pd['config']['def_height']; } } if (isset($ar)) { // If the real image dimensions are known ($ar), then adjust to fit in box and maintain $ar. if (isset($width) && isset($height)) { // Check if both dimensions set? if ($ar > (double) $width / (double) $height) { // Yes. Check if $width more precise than $height? $height = (int) ((double) $width / $ar + 0.5); // Yes. Compute height from width and AR. if ($height > $pd['config']['max_height']) { $height = $pd['config']['max_height']; $width = (int) ((double) $height * $ar + 0.5); } } else { $width = (int) ((double) $height * $ar + 0.5); // Compute width from height and AR. if ($width > $pd['config']['max_width']) { $width = $pd['config']['max_width']; $height = (int) ((double) $width / $ar + 0.5); } } } elseif (isset($width)) { $height = (int) ((double) $width / $ar + 0.5); // Compute height from width and AR. if ($height > $pd['config']['max_height']) { $height = $pd['config']['max_height']; $width = (int) ((double) $height * $ar + 0.5); } } else { $width = (int) ((double) $height * $ar + 0.5); // Compute width from height and AR. if ($width > $pd['config']['max_width']) { $width = $pd['config']['max_width']; $height = (int) ((double) $width / $ar + 0.5); } } } // Unconditionally write width and/or height data back into attribute. if ($width === 0) { $width = 1; } if ($height === 0) { $height = 1; } if ($attribute) { $attribute .= ';'; } // Add delimiter for non-empty attrib. if (isset($width) && isset($height)) { $attribute .= $width . 'x' . $height; } elseif (isset($width)) { $attribute .= 'w=' . $width; } else { $attribute .= 'h=' . $height; } $fmt_open = '[' . $tagname . '=%a_str%]'; // Set open tag format to receive attribute. } // Validate and filter tag's contents if and according to optional contents regex. if (isset($handler['c_regex'])) { // Check if this tag has a contents regex? (youtube, vimeo, etc.) // Yes. Check if regex matches contents? if (preg_match($handler['c_regex'], $contents, $m)) { $contents = $m[1]; } else { // Error #12: 'Invalid content, [%s] requires specific content.' $new_errors[] = sprintf($lang_common['BBerr invalid content'], $tagname); } } // Silently strip empty or all-white tags: if (preg_match('/^\\s*+$/', $contents)) { $contents = ''; } // Unconditionally hide all opening square brackets within hidden CODE contents. // This is necessary otherwise the LIST fixup code would process "[*]" within CODE tags. // These \3 byte markers are subsequently removed by preparse_bbcode(). if ($tag['tag_type'] === 'hidden') { $contents = str_replace('[', "", $contents); } // On first pass, fix inline tags which span paragraphs by closting then re-opening. if ($pd['ipass'] === 1 && $tag['html_type'] === 'inline' && $tag['tag_type'] !== 'hidden' && strpos($contents, "\n") !== false) { $contents = preg_replace('/\\n\\s*?\\n\\s*/', "" . $fmt_close . "" . '$0' . "" . str_replace('%a_str%', $attribute, $fmt_open) . "", $contents); } // *********************************************************************************** // Handle errors. Wrap this tags open and close BBCode tag each in a valid [err] tag. // *********************************************************************************** if (isset($new_errors) && $fmt_open) { // check if we detected any errors? // Yes, we have detected one or more new error conditions. foreach ($new_errors as $errmsg) { // Push all new errors on g errors array. $pd['new_errors'][] = htmlspecialchars($errmsg); } // Wrap offending BBCode open and close tags each in its own valid error tag (last err only). $fmt_open = '[err=' . $errmsg . ']' . $fmt_open . '[/err]'; // Wrap tags in the last error message. $fmt_close = '[err=' . $errmsg . ']' . $fmt_close . '[/err]'; } // ----------------------------------------------------------------------------- // All done processing. Substitute $attribute and $contents into format strings: // ----------------------------------------------------------------------------- if ($contents) { if ($pd['ipass'] === 1) { // Add byte markers on first pass. if ($tag['tag_type'] === 'hidden' || $handler['c_type'] == 'url') { $text = "" . $fmt_open . '%c_str%' . $fmt_close . ""; } else { $text = "" . $fmt_open . "%c_str%" . $fmt_close . ""; } } else { $text = $fmt_open . '%c_str%' . $fmt_close; } // Pass 2, dont bother with byte markers. $text = str_replace('%a_str%', $attribute, $text); $text = str_replace('%c_str%', $contents, $text); } else { $text = ''; } array_pop($pd['tag_stack']); // Were done. Pop this tag off the stack. $tag['depth']--; // Restore pre-call tag specific depth. return $text; }
public function edit_forum($forum_id) { global $lang_common, $lang_admin_common, $lang_admin_forums; if ($this->user->g_id != FEATHER_ADMIN) { message($lang_common['No permission'], '403'); } // Load the admin_options.php language file require FEATHER_ROOT . 'include/common_admin.php'; require FEATHER_ROOT . 'lang/' . $admin_language . '/forums.php'; if ($this->request->isPost()) { if ($this->request->post('save') && $this->request->post('read_forum_old')) { // Forums parameters / TODO : better handling of wrong parameters $forum_data = array('forum_name' => feather_escape($this->request->post('forum_name')), 'forum_desc' => $this->request->post('forum_desc') ? feather_linebreaks(feather_trim($this->request->post('forum_desc'))) : NULL, 'cat_id' => (int) $this->request->post('cat_id'), 'sort_by' => (int) $this->request->post('sort_by'), 'redirect_url' => url_valid($this->request->post('redirect_url')) ? feather_escape($this->request->post('redirect_url')) : NULL); if ($forum_data['forum_name'] == '') { redirect(get_link('admin/forums/edit/' . $forum_id . '/'), $lang_admin_forums['Must enter name message']); } if ($forum_data['cat_id'] < 1) { redirect(get_link('admin/forums/edit/' . $forum_id . '/'), $lang_admin_forums['Must be valid category']); } $this->model->update_forum($forum_id, $forum_data); // Permissions $permissions = $this->model->get_default_group_permissions(false); foreach ($permissions as $perm_group) { $permissions_data = array('group_id' => $perm_group['g_id'], 'forum_id' => $forum_id); if ($perm_group['g_read_board'] == '1' && isset($this->request->post('read_forum_new')[$perm_group['g_id']]) && $this->request->post('read_forum_new')[$perm_group['g_id']] == '1') { $permissions_data['read_forum'] = '1'; } else { $permissions_data['read_forum'] = '0'; } $permissions_data['post_replies'] = isset($this->request->post('post_replies_new')[$perm_group['g_id']]) ? '1' : '0'; $permissions_data['post_topics'] = isset($this->request->post('post_topics_new')[$perm_group['g_id']]) ? '1' : '0'; // Check if the new settings differ from the old if ($permissions_data['read_forum'] != $this->request->post('read_forum_old')[$perm_group['g_id']] || $permissions_data['post_replies'] != $this->request->post('post_replies_old')[$perm_group['g_id']] || $permissions_data['post_topics'] != $this->request->post('post_topics_old')[$perm_group['g_id']]) { // If there is no group permissions override for this forum if ($permissions_data['read_forum'] == '1' && $permissions_data['post_replies'] == $perm_group['g_post_replies'] && $permissions_data['post_topics'] == $perm_group['g_post_topics']) { $this->model->delete_permissions($forum_id, $perm_group['g_id']); } else { // Run an UPDATE and see if it affected a row, if not, INSERT $this->model->update_permissions($permissions_data); } } } // Regenerate the quick jump cache if (!defined('FORUM_CACHE_FUNCTIONS_LOADED')) { require FEATHER_ROOT . 'include/cache.php'; } generate_quickjump_cache(); redirect(get_link('admin/forums/edit/' . $forum_id . '/'), $lang_admin_forums['Forum updated redirect']); } elseif ($this->request->post('revert_perms')) { $this->model->delete_permissions($forum_id); // Regenerate the quick jump cache if (!defined('FORUM_CACHE_FUNCTIONS_LOADED')) { require FEATHER_ROOT . 'include/cache.php'; } generate_quickjump_cache(); redirect(get_link('admin/forums/edit/' . $forum_id . '/'), $lang_admin_forums['Perms reverted redirect']); } } else { define('FEATHER_ADMIN_CONSOLE', 1); $page_title = array(feather_escape($this->config['o_board_title']), $lang_admin_common['Admin'], $lang_admin_common['Forums']); define('FEATHER_ACTIVE_PAGE', 'admin'); $this->header->setTitle($page_title)->display(); generate_admin_menu('forums'); $this->feather->render('admin/forums/permissions.php', array('lang_admin_forums' => $lang_admin_forums, 'lang_admin_common' => $lang_admin_common, 'feather_config' => $this->config, 'perm_data' => $this->model->get_permissions($forum_id), 'cur_index' => 7, 'cur_forum' => $this->model->get_forum_info($forum_id), 'forum_data' => $this->model->get_forums())); $this->footer->display(); } }
/** * Creates a unique ID (subdomain) for a form and writes this to the database * @return {string} ID (subdomain) **/ private function _launch($server_url, $form_id, $submission_url = NULL) { if (strrpos($server_url, '/') === strlen($server_url) - 1) { $server_url = substr($server_url, 0, -1); } if ($server_url && url_valid($server_url) && !empty($form_id)) { //TODO: CHECK URLS FOR LIVENESS? $existing_subdomain = $this->_get_subdomain($server_url, $form_id, NULL); $submission_url = !empty($submission_url) ? $submission_url : $this->_get_submission_url($server_url); if ($existing_subdomain) { $this->db_subdomain = $existing_subdomain; if (!$this->_is_active()) { $this->_update_item('active', TRUE); } // always update server_url in case protocol has changed // ending once-and-for-all the need to manually correct this in the db $this->_update_items(array('server_url' => $server_url, 'submission_url' => $submission_url)); return $existing_subdomain; } $subdomain = $this->_generate_subdomain(); $data = array('subdomain' => $subdomain, 'server_url' => $server_url, 'form_id' => $form_id, 'submission_url' => $submission_url, 'data_url' => NULL, 'email' => NULL, 'launch_date' => date('Y-m-d H:i:s', time())); $result = $this->db->insert('surveys', $data); if ($result) { return $subdomain; } log_message('error', 'could not insert data in surveys table: ' . json_encode($data)); } return NULL; }
public function update_profile($id, $info, $section) { global $lang_common, $lang_profile, $lang_prof_reg, $pd; $username_updated = false; // Validate input depending on section switch ($section) { case 'essentials': $form = array('timezone' => floatval($this->request->post('form_timezone')), 'dst' => $this->request->post('form_dst') ? '1' : '0', 'time_format' => intval($this->request->post('form_time_format')), 'date_format' => intval($this->request->post('form_date_format'))); // Make sure we got a valid language string if ($this->request->post('form_language')) { $languages = forum_list_langs(); $form['language'] = feather_trim($this->request->post('form_language')); if (!in_array($form['language'], $languages)) { message($lang_common['Bad request'], '404'); } } if ($this->user->is_admmod) { $form['admin_note'] = feather_trim($this->request->post('admin_note')); // Are we allowed to change usernames? if ($this->user->g_id == FEATHER_ADMIN || $this->user->g_moderator == '1' && $this->user->g_mod_rename_users == '1') { $form['username'] = feather_trim($this->request->post('req_username')); if ($form['username'] != $info['old_username']) { // Check username require FEATHER_ROOT . 'lang/' . $this->user->language . '/register.php'; $errors = ''; $errors = check_username($form['username'], $errors, $id); if (!empty($errors)) { message($errors[0]); } $username_updated = true; } } // We only allow administrators to update the post count if ($this->user->g_id == FEATHER_ADMIN) { $form['num_posts'] = intval($this->request->post('num_posts')); } } if ($this->config['o_regs_verify'] == '0' || $this->user->is_admmod) { require FEATHER_ROOT . 'include/email.php'; // Validate the email address $form['email'] = strtolower(feather_trim($this->request->post('req_email'))); if (!is_valid_email($form['email'])) { message($lang_common['Invalid email']); } } break; case 'personal': $form = array('realname' => $this->request->post('form_realname') ? feather_trim($this->request->post('form_realname')) : '', 'url' => $this->request->post('form_url') ? feather_trim($this->request->post('form_url')) : '', 'location' => $this->request->post('form_location') ? feather_trim($this->request->post('form_location')) : ''); // Add http:// if the URL doesn't contain it already (while allowing https://, too) if ($this->user->g_post_links == '1') { if ($form['url'] != '') { $url = url_valid($form['url']); if ($url === false) { message($lang_profile['Invalid website URL']); } $form['url'] = $url['url']; } } else { if (!empty($form['url'])) { message($lang_profile['Website not allowed']); } $form['url'] = ''; } if ($this->user->g_id == FEATHER_ADMIN) { $form['title'] = feather_trim($this->request->post('title')); } elseif ($this->user->g_set_title == '1') { $form['title'] = feather_trim($this->request->post('title')); if ($form['title'] != '') { // A list of words that the title may not contain // If the language is English, there will be some duplicates, but it's not the end of the world $forbidden = array('member', 'moderator', 'administrator', 'banned', 'guest', utf8_strtolower($lang_common['Member']), utf8_strtolower($lang_common['Moderator']), utf8_strtolower($lang_common['Administrator']), utf8_strtolower($lang_common['Banned']), utf8_strtolower($lang_common['Guest'])); if (in_array(utf8_strtolower($form['title']), $forbidden)) { message($lang_profile['Forbidden title']); } } } break; case 'messaging': $form = array('jabber' => feather_trim($this->request->post('form_jabber')), 'icq' => feather_trim($this->request->post('form_icq')), 'msn' => feather_trim($this->request->post('form_msn')), 'aim' => feather_trim($this->request->post('form_aim')), 'yahoo' => feather_trim($this->request->post('form_yahoo'))); // If the ICQ UIN contains anything other than digits it's invalid if (preg_match('%[^0-9]%', $form['icq'])) { message($lang_prof_reg['Bad ICQ']); } break; case 'personality': $form = array(); // Clean up signature from POST if ($this->config['o_signatures'] == '1') { $form['signature'] = feather_linebreaks(feather_trim($this->request->post('signature'))); // Validate signature if (feather_strlen($form['signature']) > $this->config['p_sig_length']) { message(sprintf($lang_prof_reg['Sig too long'], $this->config['p_sig_length'], feather_strlen($form['signature']) - $this->config['p_sig_length'])); } elseif (substr_count($form['signature'], "\n") > $this->config['p_sig_lines'] - 1) { message(sprintf($lang_prof_reg['Sig too many lines'], $this->config['p_sig_lines'])); } elseif ($form['signature'] && $this->config['p_sig_all_caps'] == '0' && is_all_uppercase($form['signature']) && !$this->user->is_admmod) { $form['signature'] = utf8_ucwords(utf8_strtolower($form['signature'])); } // Validate BBCode syntax if ($this->config['p_sig_bbcode'] == '1') { require FEATHER_ROOT . 'include/parser.php'; $errors = array(); $form['signature'] = preparse_bbcode($form['signature'], $errors, true); if (count($errors) > 0) { message('<ul><li>' . implode('</li><li>', $errors) . '</li></ul>'); } } } break; case 'display': $form = array('disp_topics' => feather_trim($this->request->post('form_disp_topics')), 'disp_posts' => feather_trim($this->request->post('form_disp_posts')), 'show_smilies' => $this->request->post('form_show_smilies') ? '1' : '0', 'show_img' => $this->request->post('form_show_img') ? '1' : '0', 'show_img_sig' => $this->request->post('form_show_img_sig') ? '1' : '0', 'show_avatars' => $this->request->post('form_show_avatars') ? '1' : '0', 'show_sig' => $this->request->post('form_show_sig') ? '1' : '0'); if ($form['disp_topics'] != '') { $form['disp_topics'] = intval($form['disp_topics']); if ($form['disp_topics'] < 3) { $form['disp_topics'] = 3; } elseif ($form['disp_topics'] > 75) { $form['disp_topics'] = 75; } } if ($form['disp_posts'] != '') { $form['disp_posts'] = intval($form['disp_posts']); if ($form['disp_posts'] < 3) { $form['disp_posts'] = 3; } elseif ($form['disp_posts'] > 75) { $form['disp_posts'] = 75; } } // Make sure we got a valid style string if ($this->request->post('form_style')) { $styles = forum_list_styles(); $form['style'] = feather_trim($this->request->post('form_style')); if (!in_array($form['style'], $styles)) { message($lang_common['Bad request'], '404'); } } break; case 'privacy': $form = array('email_setting' => intval($this->request->post('form_email_setting')), 'notify_with_post' => $this->request->post('form_notify_with_post') ? '1' : '0', 'auto_notify' => $this->request->post('form_auto_notify') ? '1' : '0'); if ($form['email_setting'] < 0 || $form['email_setting'] > 2) { $form['email_setting'] = $this->config['o_default_email_setting']; } break; default: message($lang_common['Bad request'], '404'); } // Single quotes around non-empty values and nothing for empty values $temp = array(); foreach ($form as $key => $input) { $temp[$key] = $input; } if (empty($temp)) { message($lang_common['Bad request'], '404'); } DB::for_table('users')->where('id', $id)->find_one()->set($temp)->save(); // If we changed the username we have to update some stuff if ($username_updated) { $bans_updated = DB::for_table('bans')->where('username', $info['old_username'])->update_many('username', $form['username']); DB::for_table('posts')->where('poster_id', $id)->update_many('poster', $form['username']); DB::for_table('posts')->where('edited_by', $info['old_username'])->update_many('edited_by', $form['username']); DB::for_table('topics')->where('poster', $info['old_username'])->update_many('poster', $form['username']); DB::for_table('topics')->where('last_poster', $info['old_username'])->update_many('last_poster', $form['username']); DB::for_table('forums')->where('last_poster', $info['old_username'])->update_many('last_poster', $form['username']); DB::for_table('online')->where('ident', $info['old_username'])->update_many('ident', $form['username']); // If the user is a moderator or an administrator we have to update the moderator lists $group_id = DB::for_table('users')->where('id', $id)->find_one_col('group_id'); $group_mod = DB::for_table('groups')->where('g_id', $group_id)->find_one_col('g_moderator'); if ($group_id == FEATHER_ADMIN || $group_mod == '1') { $select_mods = array('id', 'moderators'); $result = DB::for_table('forums')->select_many($select_mods)->find_many(); foreach ($result as $cur_forum) { $cur_moderators = $cur_forum['moderators'] != '' ? unserialize($cur_forum['moderators']) : array(); if (in_array($id, $cur_moderators)) { unset($cur_moderators[$info['old_username']]); $cur_moderators[$form['username']] = $id; uksort($cur_moderators, 'utf8_strcasecmp'); DB::for_table('forums')->where('id', $cur_forum['id'])->find_one()->set('moderators', serialize($cur_moderators))->save(); } } } // Regenerate the users info cache if (!defined('FORUM_CACHE_FUNCTIONS_LOADED')) { require FEATHER_ROOT . 'include/cache.php'; } generate_users_info_cache(); // Check if the bans table was updated and regenerate the bans cache when needed if ($bans_updated) { generate_bans_cache(); } } redirect(get_link('user/' . $id . '/section/' . $section . '/'), $lang_profile['Profile redirect']); }