public function run($sql, $parameters = array(), $type = '') { global $panther_config; if ($panther_config['o_show_queries'] == '1') { $q_start = microtime(true); } $this->sql = panther_trim($sql); try { $ps = $this->prepare($this->sql); if ($ps->execute($parameters) !== false) { if ($panther_config['o_show_queries'] == '1') { $this->saved_queries[] = array($this->sql, sprintf('%.5f', microtime(true) - $q_start)); } ++$this->num_queries; if (in_array($type, array('update', 'delete', 'insert'))) { return $ps->rowCount(); } else { $ps->setFetchMode(PDO::FETCH_ASSOC); return $ps; } } else { error('Unable to execute query', $this->sql, $parameters); } } catch (PDOException $e) { error($e->getMessage(), $this->sql, $parameters); } }
require PANTHER_ROOT . 'footer.php'; } else { if (isset($_GET['report'])) { if ($panther_user['is_guest']) { message($lang_common['No permission'], false, '403 Forbidden'); } $post_id = intval($_GET['report']); if ($post_id < 1) { message($lang_common['Bad request'], false, '404 Not Found'); } $errors = array(); if (isset($_POST['form_sent'])) { // Make sure they got here from the site confirm_referrer('misc.php'); // Clean up reason from POST $reason = isset($_POST['req_reason']) ? panther_linebreaks(panther_trim($_POST['req_reason'])) : ''; if ($reason == '') { $errors[] = $lang_misc['No reason']; } else { if (strlen($reason) > 65535) { // TEXT field can only hold 65535 bytes $errors[] = $lang_misc['Reason too long']; } } if ($panther_user['last_report_sent'] != '' && time() - $panther_user['last_report_sent'] < $panther_user['g_report_flood'] && time() - $panther_user['last_report_sent'] >= 0) { $errors[] = sprintf($lang_misc['Report flood'], $panther_user['g_report_flood'], $panther_user['g_report_flood'] - (time() - $panther_user['last_report_sent'])); } ($hook = get_extensions('report_after_validation')) ? eval($hook) : null; if (empty($errors)) { // Get the topic ID $data = array(':id' => $post_id);
$author_results[$temp['post_id']] = $temp['topic_id']; } $db->free_result($ps); } } // If we searched for both keywords and author name we want the intersection between the results if ($author && $keywords) { $search_ids = array_intersect_assoc($keyword_results, $author_results); $search_type = array('both', array($keywords, panther_trim($_GET['author'])), implode(',', $forums), $search_in); } else { if ($keywords) { $search_ids = $keyword_results; $search_type = array('keywords', $keywords, implode(',', $forums), $search_in); } else { $search_ids = $author_results; $search_type = array('author', panther_trim($_GET['author']), implode(',', $forums), $search_in); } } unset($keyword_results, $author_results); $search_ids = $show_as == 'topics' ? array_values($search_ids) : array_keys($search_ids); $markers = array(); $search_ids = array_unique($search_ids); for ($i = 0; $i < count($search_ids); $i++) { $markers[] = '?'; } $num_hits = count($search_ids); if (!$num_hits) { message($lang_search['No hits']); } } else { if ($action == 'show_new' || $action == 'show_recent' || $action == 'show_replies' || $action == 'show_user_posts' || $action == 'show_user_topics' || $action == 'show_subscriptions' || $action == 'show_unanswered') {
public function version_friendly($str) { $str = strtolower(utf8_decode($str)); $str = panther_trim(preg_replace(array('/[^a-z0-9\\s.]/', '/[\\s]+/'), array('', '-'), $str), '-'); return $str; }
$data[] = $tid; // Verify that the post IDs are valid $ps = $db->select('posts', 'id', $data, 'id IN (' . implode(',', $markers) . ') AND topic_id=?'); if ($ps->rowCount() != $num_posts_splitted) { message($lang_common['Bad request'], false, '404 Not Found'); } // Verify that the move to forum ID is valid $data = array(':gid' => $panther_user['g_id'], ':fid' => $move_to_forum); $ps = $db->run('SELECT 1 FROM ' . $db->prefix . 'forums AS f LEFT JOIN ' . $db->prefix . 'forum_perms AS fp ON (fp.group_id=:gid AND fp.forum_id=:fid) WHERE f.redirect_url IS NULL AND (fp.post_topics IS NULL OR fp.post_topics=1)', $data); if (!$ps->rowCount()) { message($lang_common['Bad request'], false, '404 Not Found'); } // Load the post.php language file require PANTHER_ROOT . 'lang/' . $panther_user['language'] . '/post.php'; // Check subject $new_subject = isset($_POST['new_subject']) ? panther_trim($_POST['new_subject']) : ''; if ($new_subject == '') { message($lang_post['No subject']); } else { if (panther_strlen($new_subject) > 70) { message($lang_post['Too long subject']); } } ($hook = get_extensions('moderate_split_posts')) ? eval($hook) : null; // Get data from the new first post $ps = $db->run('SELECT p.id, p.poster, p.posted FROM ' . $db->prefix . 'posts AS p WHERE id IN(' . implode(',', $markers) . ') ORDER BY p.id ASC LIMIT 1', $posts); $first_post_data = $ps->fetch(); // Create the new topic $insert = array('poster' => $first_post_data['poster'], 'subject' => $new_subject, 'posted' => $first_post_data['posted'], 'first_post_id' => $first_post_data['id'], 'forum_id' => $move_to_forum); $db->insert('topics', $insert); $new_tid = $db->lastInsertId('topics');
if ($panther_config['p_message_all_caps'] == '0' && is_all_uppercase($message) && !$panther_user['is_admmod']) { $errors[] = $lang_post['All caps message']; } } // Validate BBCode syntax if ($panther_config['p_message_bbcode'] == '1') { require PANTHER_ROOT . 'include/parser.php'; $message = $parser->preparse_bbcode($message, $errors); } if (empty($errors)) { if ($message == '') { $errors[] = $lang_post['No message']; } else { if ($panther_config['o_censoring'] == '1') { // Censor message to see if that causes problems $censored_message = panther_trim(censor_words($message)); if ($censored_message == '') { $errors[] = $lang_post['No message after censoring']; } } } } $hide_smilies = isset($_POST['hide_smilies']) ? '1' : '0'; $subscribe = isset($_POST['subscribe']) ? '1' : '0'; $stick_topic = isset($_POST['stick_topic']) && $is_admmod ? '1' : '0'; $add_poll = isset($_POST['add_poll']) && $fid && $cur_posting['post_polls'] != '0' && $panther_user['g_post_polls'] == '1' && $panther_config['o_polls'] == '1' ? 1 : 0; $topic_approve = !$is_admmod && ($cur_posting['force_approve'] == '1' || $cur_posting['force_approve'] == '3' || $panther_user['g_moderate_posts'] == '1') ? 0 : 1; $post_approve = !$is_admmod && ($cur_posting['force_approve'] == '2' || $cur_posting['force_approve'] == '3' || $panther_user['g_moderate_posts'] == '1') ? 0 : 1; // Replace four-byte characters (MySQL cannot handle them) $message = strip_bad_multibyte_chars($message); $now = time();
} $mods_array = $cur_topic['moderators'] != '' ? unserialize($cur_topic['moderators']) : array(); $is_admmod = $panther_user['is_admin'] || ($panther_user['g_moderator'] == '1' && $panther_user['g_global_moderator'] || array_key_exists($panther_user['username'], $mods_array)) ? true : false; $options = $cur_topic['options'] != '' ? unserialize($cur_topic['options']) : array(); if ($cur_topic['archived'] == '1') { message($lang_common['No permission']); } if (isset($_GET['edit'])) { // Do we have permission to edit this poll? if ($cur_topic['poster'] != $panther_user['username'] && $cur_topic['closed'] == '1' && !$is_admmod) { message($lang_common['No permission']); } $errors = array(); if (isset($_POST['form_sent'])) { confirm_referrer('poll_misc.php'); $question = isset($_POST['req_question']) ? panther_trim($_POST['req_question']) : ''; $options = isset($_POST['options']) && is_array($_POST['options']) ? array_map('panther_trim', $_POST['options']) : array(); if ($question == '') { $errors[] = $lang_poll['No question']; } else { if (panther_strlen($question) > 70) { $errors[] = $lang_poll['Too long question']; } else { if ($panther_config['p_subject_all_caps'] == '0' && is_all_uppercase($question) && !$panther_user['is_admmod']) { $errors[] = $lang_poll['All caps question']; } } } if (empty($options)) { $errors[] = $lang_poll['No options']; }
$update = array('title' => $warning_title, 'description' => $warning_description, 'points' => $points, 'expiration_time' => $expiration_time); if (isset($_POST['id']) && $id > 0) { $data = array(':id' => $id); $ps = $db->select('warning_types', 'id, title, description, points, expiration_time', $data, 'id=:id'); if ($ps->rowCount()) { $warning_type = $ps->fetch(); $data = array(':id' => $warning_type['id']); $db->update('warning_types', $update, 'id=:id', $data); $redirect_msg = $lang_warnings['Type updated redirect']; } } else { $db->insert('warning_types', $update); $redirect_msg = $lang_warnings['Type added redirect']; } } else { $warning_title = isset($_POST['warning_title']) ? panther_trim($_POST['warning_title']) : ''; $warning_points = isset($_POST['warning_points']) ? intval($_POST['warning_points']) : 0; if ($warning_title == '') { message($lang_warnings['No title']); } // Determine expiration time $expiration_time = get_expiration_time($_POST['expiration_time'], $_POST['expiration_unit']); $update = array('points' => $warning_points, 'message' => $warning_title, 'period' => $expiration_time); if (isset($_POST['id']) && $id > 0) { $data = array(':id' => $id); $db->update('warning_levels', $update, 'id=:id', $data); $redirect_msg = $lang_warnings['Level update redirect']; } else { $db->insert('warning_levels', $update); $redirect_msg = $lang_warnings['Level added redirect']; }
</div> </div> </div> </body> </html> <?php } else { $alerts = array(); // Make sure we support sha512 (Overkill really - after PHP 5.1.2 all installations do by default) if (!in_array('sha512', hash_algos())) { error_handler(E_ERROR, $lang_install['sha512 not supported'], __FILE__, __LINE__); } $email_title = panther_trim(preg_replace('/[^a-zA-Z0-9 ]/', '', $title)); if ($email_title == '') { error_handler(E_ERROR, $lang_install['Email name problem'], __FILE__, __LINE__); } // Load the database class require PANTHER_ROOT . 'include/database.php'; // Validate prefix if (strlen($config['prefix']) > 0 && (!preg_match('%^[a-zA-Z_][a-zA-Z0-9_]*$%', $config['prefix']) || strlen($config['prefix']) > 40)) { error_handler(E_ERROR, sprintf($lang_install['Table prefix error'], $db->prefix), __FILE__, __LINE__); } // Do some DB type specific checks $mysql_info = $db->get_version(); if (version_compare($mysql_info['version'], MIN_MYSQL_VERSION, '<')) { error(sprintf($lang_install['You are running error'], $mysql_info['version'], FORUM_VERSION, MIN_MYSQL_VERSION)); } // Make sure Panther isn't already installed
$data = array(':image' => $img); $ps = $db->select('smilies', 1, $data, 'image=:image'); if ($ps->rowCount()) { message(sprintf($lang_admin_smilies['Smiley in use'], $img)); } // Only remove if it's a valid image if (preg_match('/^[a-zA-Z0-9\\-_]+\\.(png|jpg|jpeg|gif)$/i', $img)) { @unlink($smiley_path . '/' . $img); } } redirect(panther_link($panther_url['admin_smilies']), $lang_admin_smilies['Images deleted']); } else { if (isset($_POST['add_smiley'])) { confirm_referrer(PANTHER_ADMIN_DIR . '/smilies.php'); $code = isset($_POST['smiley_code']) ? panther_trim($_POST['smiley_code']) : ''; $image = isset($_POST['smiley_image']) ? panther_trim($_POST['smiley_image']) : ''; if ($code == '') { message($lang_admin_smilies['Create Smiley Code None']); } if ($image == '') { message($lang_admin_smilies['Create Smiley Image None']); } $insert = array('image' => $image, 'code' => $code); // Add the smiley $db->insert('smilies', $insert); if (!defined('FORUM_CACHE_FUNCTIONS_LOADED')) { require PANTHER_ROOT . 'include/cache.php'; } generate_smilies_cache(); redirect(panther_link($panther_url['admin_smilies']), $lang_admin_smilies['Successful Creation']); } else {
message($lang_common['No permission']); } if ($panther_user['g_read_board'] == '0') { message($lang_common['No view'], false, '403 Forbidden'); } else { if ($panther_user['g_view_users'] == '0') { message($lang_common['No permission'], false, '403 Forbidden'); } } // Load language files require PANTHER_ROOT . 'lang/' . $panther_user['language'] . '/userlist.php'; require PANTHER_ROOT . 'lang/' . $panther_user['language'] . '/search.php'; require PANTHER_ROOT . 'lang/' . $panther_user['language'] . '/online.php'; // Determine if we are allowed to view post counts $show_post_count = $panther_config['o_show_post_count'] == '1' || $panther_user['is_admmod'] ? true : false; $username = isset($_GET['username']) && $panther_user['g_search_users'] == '1' ? panther_trim($_GET['username']) : ''; $show_group = isset($_GET['show_group']) ? intval($_GET['show_group']) : -1; $sort_by = isset($_GET['sort_by']) && (in_array($_GET['sort_by'], array('username', 'registered')) || $_GET['sort_by'] == 'num_posts' && $show_post_count) ? $_GET['sort_by'] : 'username'; $sort_dir = isset($_GET['sort_dir']) && $_GET['sort_dir'] == 'DESC' ? 'DESC' : 'ASC'; // Create any applicable SQL generated from the GET array $data = array(':unverified' => PANTHER_UNVERIFIED); $fields = array(); $sql = 'SELECT COUNT(id) FROM ' . $db->prefix . 'users AS u WHERE u.id > 1 AND u.group_id != :unverified'; $sql1 = 'SELECT u.id, u.username, u.title, u.num_posts, u.registered, u.email, u.use_gravatar, u.group_id AS g_id, g.g_user_title, o.user_id AS is_online FROM ' . $db->prefix . 'users AS u LEFT JOIN ' . $db->prefix . 'groups AS g ON g.g_id=u.group_id LEFT JOIN ' . $db->prefix . 'online AS o ON (o.user_id=u.id AND o.user_id!=1) WHERE u.id>1 AND u.group_id!=:unverified'; if ($username != '') { $fields['username'] = '******'; $data[':username'] = str_replace('*', '%', $username); } if ($show_group > -1) { $fields['gid'] = ' AND u.group_id = :gid'; $data[':gid'] = $show_group;
echo $tpl->render(array('lang_admin_common' => $lang_admin_common, 'lang_admin_users' => $lang_admin_users, 'form_action' => panther_link($panther_url['admin_users']), 'user_ids' => $user_ids, 'csrf_token' => generate_csrf_token(PANTHER_ADMIN_DIR . '/users.php'))); require PANTHER_ROOT . 'footer.php'; } else { if (isset($_GET['find_user'])) { $form = isset($_GET['form']) ? $_GET['form'] : array(); // trim() all elements in $form $form = array_map('panther_trim', $form); $conditions = $query_str = $sql = $data = array(); $posts_greater = isset($_GET['posts_greater']) ? panther_trim($_GET['posts_greater']) : ''; $posts_less = isset($_GET['posts_less']) ? panther_trim($_GET['posts_less']) : ''; $last_post_after = isset($_GET['last_post_after']) ? panther_trim($_GET['last_post_after']) : ''; $last_post_before = isset($_GET['last_post_before']) ? panther_trim($_GET['last_post_before']) : ''; $last_visit_after = isset($_GET['last_visit_after']) ? panther_trim($_GET['last_visit_after']) : ''; $last_visit_before = isset($_GET['last_visit_before']) ? panther_trim($_GET['last_visit_before']) : ''; $registered_after = isset($_GET['registered_after']) ? panther_trim($_GET['registered_after']) : ''; $registered_before = isset($_GET['registered_before']) ? panther_trim($_GET['registered_before']) : ''; $order_by = isset($_GET['order_by']) && in_array($_GET['order_by'], array('username', 'email', 'num_posts', 'last_post', 'last_visit', 'registered')) ? $_GET['order_by'] : 'username'; $direction = isset($_GET['direction']) && $_GET['direction'] == 'DESC' ? 'DESC' : 'ASC'; $user_group = isset($_GET['user_group']) ? intval($_GET['user_group']) : -1; $query_str[] = 'order_by=' . $order_by; $query_str[] = 'direction=' . $direction; $query_str[] = 'user_group=' . $user_group; if (preg_match('%[^0-9]%', $posts_greater . $posts_less)) { message($lang_admin_users['Non numeric message']); } $sql[] = 'u.id>1'; // Try to convert date/time to timestamps if ($last_post_after != '') { $query_str[] = 'last_post_after=' . $last_post_after; $last_post_after = strtotime($last_post_after); if ($last_post_after === false || $last_post_after == -1) {
function xml_to_array($raw_xml) { $xml_array = array(); $xml_parser = xml_parser_create(); xml_parser_set_option($xml_parser, XML_OPTION_CASE_FOLDING, 0); xml_parser_set_option($xml_parser, XML_OPTION_SKIP_WHITE, 0); xml_parse_into_struct($xml_parser, $raw_xml, $parsed_xml); xml_parser_free($xml_parser); foreach ($parsed_xml as $xml_elem) { $x_tag = $xml_elem['tag']; $x_level = $xml_elem['level']; $x_type = $xml_elem['type']; if ($x_level != 1 && $x_type == 'close') { if (isset($multi_key[$x_tag][$x_level])) { $multi_key[$x_tag][$x_level] = 1; } else { $multi_key[$x_tag][$x_level] = 0; } } if ($x_level != 1 && $x_type == 'complete') { if (isset($tmp) && $tmp == $x_tag) { $multi_key[$x_tag][$x_level] = 1; } $tmp = $x_tag; } } foreach ($parsed_xml as $xml_elem) { $x_tag = $xml_elem['tag']; $x_level = $xml_elem['level']; $x_type = $xml_elem['type']; if ($x_type == 'open') { $level[$x_level] = $x_tag; } $start_level = 1; $php_stmt = '$xml_array'; if ($x_type == 'close' && $x_level != 1) { $multi_key[$x_tag][$x_level]++; } while ($start_level < $x_level) { $php_stmt .= '[$level[' . $start_level . ']]'; if (isset($multi_key[$level[$start_level]][$start_level]) && $multi_key[$level[$start_level]][$start_level]) { $php_stmt .= '[' . ($multi_key[$level[$start_level]][$start_level] - 1) . ']'; } ++$start_level; } $add = ''; if (isset($multi_key[$x_tag][$x_level]) && $multi_key[$x_tag][$x_level] && ($x_type == 'open' || $x_type == 'complete')) { if (!isset($multi_key2[$x_tag][$x_level])) { $multi_key2[$x_tag][$x_level] = 0; } else { $multi_key2[$x_tag][$x_level]++; } $add = '[' . $multi_key2[$x_tag][$x_level] . ']'; } if (isset($xml_elem['value']) && panther_trim($xml_elem['value']) != '' && !isset($xml_elem['attributes'])) { if ($x_type == 'open') { $php_stmt_main = $php_stmt . '[$x_type]' . $add . '[\'content\'] = $xml_elem[\'value\'];'; } else { $php_stmt_main = $php_stmt . '[$x_tag]' . $add . ' = $xml_elem[\'value\'];'; } eval($php_stmt_main); } if (isset($xml_elem['attributes'])) { if (isset($xml_elem['value'])) { $php_stmt_main = $php_stmt . '[$x_tag]' . $add . '[\'content\'] = $xml_elem[\'value\'];'; eval($php_stmt_main); } foreach ($xml_elem['attributes'] as $key => $value) { $php_stmt_att = $php_stmt . '[$x_tag]' . $add . '[\'attributes\'][$key] = $value;'; eval($php_stmt_att); } } } // Make sure there's an array of hooks (even if there is only one) if (isset($xml_array['extension']['hooks']) && isset($xml_array['extension']['hooks']['hook'])) { if (!is_array(current($xml_array['extension']['hooks']['hook']))) { $xml_array['extension']['hooks']['hook'] = array($xml_array['extension']['hooks']['hook']); } } return $xml_array; }
} $img_size = array(); if ($mode == 'edit' && $group['g_image'] != '') { $img_size = @getimagesize($panther_config['o_image_group_path'] . '/' . $group_id . '.' . $group['g_image']); } $tpl = load_template('edit_group.tpl'); echo $tpl->render(array('lang_admin_groups' => $lang_admin_groups, 'lang_admin_common' => $lang_admin_common, 'form_action' => panther_link($panther_url['admin_groups']), 'csrf_token' => generate_csrf_token(PANTHER_ADMIN_DIR . '/groups.php'), 'mode' => $mode, 'group_id' => $group_id, 'group' => $group, 'lang' => $group['g_id'] != PANTHER_GUEST ? $lang_common['Member'] : $lang_common['Guest'], 'is_not_admin_group' => $group['g_id'] != PANTHER_ADMIN ? true : false, 'robots_link' => panther_link($panther_url['admin_robots']), 'is_not_guest_group' => $group['g_id'] != PANTHER_GUEST ? true : false, 'group_options' => $group_options, 'upload_link' => panther_link($panther_url['upload_image'], array($group_id)), 'img_size' => $img_size, 'delete_link' => panther_link($panther_url['delete_image'], array($group_id)), 'image_dir' => $panther_config['o_image_group_dir'] != '' ? $panther_config['o_image_group_dir'] : get_base_url() . '/' . $panther_config['o_image_group_path'] . '/')); require PANTHER_ROOT . 'footer.php'; } else { if (isset($_POST['add_edit_group'])) { confirm_referrer(PANTHER_ADMIN_DIR . '/groups.php'); // Is this the original admin group? (special rules apply) $is_admin_group = isset($_POST['group_id']) && $_POST['group_id'] == PANTHER_ADMIN ? true : false; $title = isset($_POST['req_title']) ? panther_trim($_POST['req_title']) : ''; $user_title = isset($_POST['user_title']) ? panther_trim($_POST['user_title']) : ''; $group_colour = isset($_POST['group_colour']) ? panther_trim($_POST['group_colour']) : ''; $promote_min_posts = isset($_POST['promote_min_posts']) ? intval($_POST['promote_min_posts']) : 0; $promote_next_group = isset($_POST['promote_next_group']) && isset($panther_groups[$_POST['promote_next_group']]) && !in_array($_POST['promote_next_group'], array(PANTHER_ADMIN, PANTHER_GUEST)) && $panther_groups[$_POST['promote_next_group']]['g_admin'] != '1' && (!isset($_POST['group_id']) || $_POST['promote_next_group'] != $_POST['group_id']) ? $_POST['promote_next_group'] : 0; $moderator = isset($_POST['moderator']) && $_POST['moderator'] == '1' ? '1' : '0'; $global_moderator = $moderator == '1' && isset($_POST['global_moderator']) && $_POST['global_moderator'] == '1' ? '1' : '0'; $mod_cp = $moderator == '1' && isset($_POST['mod_cp']) && $_POST['mod_cp'] == '1' ? '1' : '0'; $admin = $moderator == '1' && isset($_POST['admin']) && $_POST['admin'] == '1' ? '1' : '0'; $mod_edit_users = $moderator == '1' && isset($_POST['mod_edit_users']) && $_POST['mod_edit_users'] == '1' ? '1' : '0'; $mod_rename_users = $moderator == '1' && isset($_POST['mod_rename_users']) && $_POST['mod_rename_users'] == '1' ? '1' : '0'; $mod_change_passwords = $moderator == '1' && isset($_POST['mod_change_passwords']) && $_POST['mod_change_passwords'] == '1' ? '1' : '0'; $mod_ban_users = $moderator == '1' && isset($_POST['mod_ban_users']) && $_POST['mod_ban_users'] == '1' ? '1' : '0'; $mod_warn_users = $moderator == '1' && isset($_POST['mod_warn_users']) && $_POST['mod_warn_users'] == '1' ? '1' : '0'; $mod_promote_users = $moderator == '1' && isset($_POST['mod_promote_users']) && $_POST['mod_promote_users'] == '1' ? '1' : '0'; $read_board = isset($_POST['read_board']) ? intval($_POST['read_board']) : '1'; $view_users = isset($_POST['view_users']) && $_POST['view_users'] == '1' || $is_admin_group ? '1' : '0'; $post_replies = isset($_POST['post_replies']) ? intval($_POST['post_replies']) : '1';
if ($num_folders >= $panther_user['g_pm_folder_limit']) { $errors[] = sprintf($lang_pm['Folder limit'], $panther_user['g_pm_folder_limit']); } } ($hook = get_extensions('pms_folders_after_validation')) ? eval($hook) : null; if (empty($errors)) { $insert = array('user_id' => $panther_user['id'], 'name' => $folder); $db->insert('folders', $insert); redirect(panther_link($panther_url['pms_folders']), $lang_pm['Folder added']); } } else { if (isset($_POST['update'])) { $id = intval(key($_POST['update'])); $folder = panther_trim($_POST['folder'][$id]); if ($panther_config['o_censoring'] == '1') { $censored_folder = panther_trim(censor_words($folder)); } if ($folder == '') { $errors[] = $lang_pm['No folder name']; } else { if (panther_strlen($folder) < 4) { $errors[] = $lang_pm['Folder too short']; } else { if (panther_strlen($folder) > 30) { $errors[] = $lang_pm['Folder too long']; } else { if ($panther_config['o_censoring'] == '1' && $folder == '') { $errors[] = $lang_pm['No folder after censoring']; } } }
panther_setcookie(1, panther_hash(uniqid(rand(), true)), time() + 31536000); redirect(panther_link($panther_url['index']), $lang_login['Logout redirect']); } else { if ($action == 'forget') { if (!$panther_user['is_guest']) { header('Location: ' . panther_link($panther_url['index'])); exit; } if (isset($_POST['form_sent'])) { confirm_referrer('login.php'); ($hook = get_extensions('forget_password_before_validation')) ? eval($hook) : null; // Start with a clean slate $errors = array(); require PANTHER_ROOT . 'include/email.php'; // Validate the email address $email = isset($_POST['req_email']) ? strtolower(panther_trim($_POST['req_email'])) : ''; if (!$mailer->is_valid_email($email)) { $errors[] = $lang_common['Invalid email']; } ($hook = get_extensions('forget_password_after_validation')) ? eval($hook) : null; // Did everything go according to plan? if (empty($errors)) { $data = array(':email' => $email); $ps = $db->select('users', 'id, username, last_email_sent', $data, 'email=:email'); if ($ps->rowCount()) { // Loop through users we found foreach ($ps as $cur_hit) { if ($cur_hit['last_email_sent'] != '' && time() - $cur_hit['last_email_sent'] < 3600 && time() - $cur_hit['last_email_sent'] >= 0) { message(sprintf($lang_login['Email flood'], intval((3600 - (time() - $cur_hit['last_email_sent'])) / 60)), true); } // Generate a new password and a new password activation code
} } if ($form['disp_posts'] != '') { $form['disp_posts'] = intval($form['disp_posts']); if ($form['disp_posts'] < 3) { $form['disp_posts'] = 3; } else { if ($form['disp_posts'] > 75) { $form['disp_posts'] = 75; } } } // Make sure we got a valid style string if (isset($_POST['form']['style'])) { $styles = forum_list_styles(); $form['style'] = panther_trim($_POST['form']['style']); if (!in_array($form['style'], $styles)) { message($lang_common['Bad request'], false, '404 Not Found'); } } else { $form['style'] = $panther_config['o_default_style']; } break; case 'privacy': $form = array('email_setting' => intval($_POST['form']['email_setting']), 'notify_with_post' => isset($_POST['form']['notify_with_post']) ? '1' : '0', 'auto_notify' => isset($_POST['form']['auto_notify']) ? '1' : '0', 'pm_enabled' => isset($_POST['form']['pm_enabled']) ? '1' : '0', 'pm_notify' => isset($_POST['form']['pm_notify']) ? '1' : '0'); if ($form['email_setting'] < 0 || $form['email_setting'] > 2) { $form['email_setting'] = $panther_config['o_default_email_setting']; } break; default: message($lang_common['Bad request'], false, '404 Not Found');
message($lang_admin_censoring['Must enter word message']); } $insert = array('search_for' => $search_for, 'replace_with' => $replace_with); $db->insert('censoring', $insert); // Regenerate the censoring cache if (!defined('FORUM_CACHE_FUNCTIONS_LOADED')) { require PANTHER_ROOT . 'include/cache.php'; } generate_censoring_cache(); redirect(panther_link($panther_url['admin_censoring']), $lang_admin_censoring['Word added redirect']); } else { if (isset($_POST['update'])) { confirm_referrer(PANTHER_ADMIN_DIR . '/censoring.php'); $id = intval(key($_POST['update'])); $search_for = isset($_POST['search_for'][$id]) ? panther_trim($_POST['search_for'][$id]) : ''; $replace_with = isset($_POST['replace_with'][$id]) ? panther_trim($_POST['replace_with'][$id]) : ''; if ($search_for == '') { message($lang_admin_censoring['Must enter word message']); } $update = array('search_for' => $search_for, 'replace_with' => $replace_with); $data = array(':id' => $id); $db->update('censoring', $update, 'id=:id', $data); // Regenerate the censoring cache if (!defined('FORUM_CACHE_FUNCTIONS_LOADED')) { require PANTHER_ROOT . 'include/cache.php'; } generate_censoring_cache(); redirect(panther_link($panther_url['admin_censoring']), $lang_admin_censoring['Word updated redirect']); } else { if (isset($_POST['remove'])) { confirm_referrer(PANTHER_ADMIN_DIR . '/censoring.php');
function output_html($feed) { // Send the Content-type header in case the web server is setup to send something else header('Content-type: text/html; charset=utf-8'); header('Expires: ' . gmdate('D, d M Y H:i:s') . ' GMT'); header('Cache-Control: must-revalidate, post-check=0, pre-check=0'); header('Pragma: public'); foreach ($feed['items'] as $item) { if (utf8_strlen($item['title']) > FORUM_EXTERN_MAX_SUBJECT_LENGTH) { $subject_truncated = panther_htmlspecialchars(panther_trim(utf8_substr($item['title'], 0, FORUM_EXTERN_MAX_SUBJECT_LENGTH - 5))) . ' …'; } else { $subject_truncated = panther_htmlspecialchars($item['title']); } echo '<li><a href="' . panther_htmlspecialchars($item['link']) . '" title="' . panther_htmlspecialchars($item['title']) . '">' . $subject_truncated . '</a></li>' . "\n"; } }
define('PANTHER_ACTIVE_PAGE', 'admin'); require PANTHER_ROOT . 'header.php'; generate_admin_menu('categories'); $tpl = load_template('delete_category.tpl'); echo $tpl->render(array('lang_admin_categories' => $lang_admin_categories, 'lang_admin_common' => $lang_admin_common, 'form_action' => panther_link($panther_url['admin_categories']), 'csrf_token' => generate_csrf_token(PANTHER_ADMIN_DIR . '/categories.php'), 'cat_name' => $cat_name, 'cat_to_delete' => $cat_to_delete)); require PANTHER_ROOT . 'footer.php'; } } else { if (isset($_POST['update'])) { confirm_referrer(PANTHER_ADMIN_DIR . '/categories.php'); $categories = isset($_POST['cat']) && is_array($_POST['cat']) ? $_POST['cat'] : array(); if (empty($categories)) { message($lang_common['Bad request'], false, '404 Not Found'); } foreach ($categories as $cat_id => $cur_cat) { $cur_cat['name'] = isset($cur_cat['name']) ? panther_trim($cur_cat['name']) : ''; $cur_cat['order'] = isset($cur_cat['order']) ? intval($cur_cat['order']) : 0; if ($cur_cat['name'] == '') { message($lang_admin_categories['Must enter name message']); } if ($cur_cat['order'] < 0) { message($lang_admin_categories['Must enter integer message']); } $update = array('cat_name' => $cur_cat['name'], 'disp_position' => $cur_cat['order']); $data = array(':id' => intval($cat_id)); $db->update('categories', $update, 'id=:id', $data); } // Regenerate the quick jump cache if (!defined('FORUM_CACHE_FUNCTIONS_LOADED')) { require PANTHER_ROOT . 'include/cache.php'; }
} $id = sha1($content); // Make sure this extension is 'panther approved' $content = @file_get_contents('https://www.pantherforum.org/extension_check.php?id=' . $id); if (!$content || $content != $id) { $warnings[] = $lang_admin_extensions['Extension not approved']; } $page_title = array($panther_config['o_board_title'], $lang_admin_common['Admin'], $lang_admin_common['Extensions']); define('PANTHER_ACTIVE_PAGE', 'admin'); require PANTHER_ROOT . 'header.php'; generate_admin_menu('extensions'); $tpl = load_template('install_extension.tpl'); echo $tpl->render(array('lang_admin_extensions' => $lang_admin_extensions, 'lang_common' => $lang_common, 'form_action' => panther_link($panther_url['install_extension'], array($file)), 'csrf_token' => generate_csrf_token(PANTHER_ADMIN_DIR . '/addons.php'), 'extension' => $extension, 'warnings' => $warnings, 'errors' => $errors)); } else { if ($action == 'uninstall') { $file = isset($_GET['file']) ? panther_trim($_GET['file']) : ''; if (!file_exists(PANTHER_ROOT . PANTHER_ADMIN_DIR . '/extensions/' . $file . '.xml')) { message($lang_common['Bad request']); } $data = array(':id' => $file); $ps = $db->select('extensions', 'uninstall_note, uninstall', $data, 'id=:id'); if (!$ps->rowCount()) { message($lang_common['Bad request']); } $extension = $ps->fetch(); if (isset($_POST['form_sent'])) { $data = array('id' => $file); $db->delete('extensions', 'id=:id', $data); $db->delete('extension_code', 'extension_id=:id', $data); eval($extension['uninstall']); if (!defined('FORUM_CACHE_FUNCTIONS_LOADED')) {
public function parse_message($text, $hide_smilies) { if ($this->config['o_censoring'] == '1') { $text = censor_words($text); } // Convert applicable characters to HTML entities $text = panther_htmlspecialchars($text); // If the message contains a code tag we have to split it up (text within [code][/code] shouldn't be touched) if (strpos($text, '[code]') !== false && strpos($text, '[/code]') !== false) { list($inside, $text) = extract_blocks($text, '[code]', '[/code]'); } if ($this->config['p_message_bbcode'] == '1' && strpos($text, '[') !== false && strpos($text, ']') !== false) { $text = $this->do_bbcode($text); } if ($this->config['o_smilies'] == '1' && $this->user['show_smilies'] == '1' && $hide_smilies == '0') { $text = $this->do_smilies($text); } // Deal with newlines, tabs and multiple spaces $pattern = array("\n", "\t", ' ', ' '); $replace = array('<br />', '    ', '  ', '  '); $text = str_replace($pattern, $replace, $text); // If we split up the message before we have to concatenate it together again (code tags) if (isset($inside)) { $parts = explode("", $text); $text = ''; foreach ($parts as $i => $part) { $text .= $part; if (isset($inside[$i])) { $num_lines = substr_count($inside[$i], "\n"); $text .= '</p><div class="codebox"><pre' . ($num_lines > 28 ? ' class="vscroll"' : '') . '><code>' . panther_trim($inside[$i], "\n\r") . '</code></pre></div><p>'; } } } return $this->clean_paragraphs($text); }
} } } check_authentication(); // Load the admin_ranks.php language file require PANTHER_ROOT . 'lang/' . $admin_language . '/admin_archive.php'; $ps = $db->select('topics', 'COUNT(id)', array(), 'deleted=0 AND approved=1'); $total = $ps->fetchColumn(); $ps = $db->select('topics', 'COUNT(id)', array(), 'archived=1 AND deleted=0 AND approved=1'); $archived = $ps->fetchColumn(); if (isset($_POST['form_sent'])) { confirm_referrer(PANTHER_ADMIN_DIR . '/archive.php'); $units = array('day', 'months', 'years'); // Set an array of valid time expiration strings $time = isset($_POST['time']) ? intval($_POST['time']) : 0; $unit = isset($_POST['unit']) && in_array($_POST['unit'], $units) ? panther_trim($_POST['unit']) : 'days'; $closed = isset($_POST['closed']) ? intval($_POST['closed']) : 0; $sticky = isset($_POST['sticky']) ? intval($_POST['sticky']) : 0; $forums = isset($_POST['forums']) && is_array($_POST['forums']) ? array_map('intval', $_POST['forums']) : array(0); if (in_array(0, $forums) && count($forums) > 1) { message($lang_admin_archive['All forums message']); } if ($sticky > 2 || $sticky < 0 || $closed > 2 || $closed < 0) { message($lang_admin_archive['Open/close message']); } if ($time < 1) { message(sprintf($lang_admin_archive['Invalid time value'], strtolower($unit))); } if (!defined('FORUM_CACHE_FUNCTIONS_LOADED')) { require PANTHER_ROOT . 'include/cache.php'; }
} else { message($lang_admin_index['Delete install.php failed']); } } else { if ($action == 'phpinfo' && $panther_user['is_admin']) { // Is phpinfo() a disabled function? if (strpos(strtolower((string) ini_get('disable_functions')), 'phpinfo') !== false) { message($lang_admin_index['PHPinfo disabled message']); } phpinfo(); exit; } elseif ($action == 'save_notes') { if (!defined('PANTHER_AJAX_REQUEST')) { message($lang_common['No permission']); } $notes = isset($_POST['notes']) ? panther_trim($_POST['notes']) : $lang_admin_index['admin notes']; $update = array('conf_value' => $notes); $db->update('config', $update, 'conf_name=\'o_admin_notes\''); if (!defined('FORUM_CACHE_FUNCTIONS_LOADED')) { require PANTHER_ROOT . 'include/cache.php'; } generate_config_cache(); $db->end_transaction(); exit; } } } $alerts = array(); if ($panther_user['is_admin']) { if (is_file(PANTHER_ROOT . 'install.php')) { $alerts[] = sprintf($lang_admin_index['Install file exists'], '<a href="' . panther_link($panther_url['remove_install_file']) . '">' . $lang_admin_index['Delete install file'] . '</a>');
$errors[] = $lang_post['No message after censoring']; } } } } $hide_smilies = isset($_POST['hide_smilies']) ? '1' : '0'; $stick_topic = isset($_POST['stick_topic']) ? '1' : '0'; $add_poll = isset($_POST['add_poll']) && $cur_post['post_polls'] != '0' && $panther_user['g_post_polls'] == '1' && $panther_config['o_polls'] == '1' ? '1' : '0'; if (!$is_admmod) { $stick_topic = $cur_post['sticky']; } // Replace four-byte characters (MySQL cannot handle them) $message = strip_bad_multibyte_chars($message); // Did everything go according to plan? if (empty($errors) && !isset($_POST['preview'])) { $edit_reason = isset($_POST['edit_reason']) && $is_admmod ? panther_trim($_POST['edit_reason']) : $cur_post['edit_reason']; require PANTHER_ROOT . 'include/search_idx.php'; if ($can_edit_subject) { $update = array('subject' => $subject, 'sticky' => $stick_topic); $data = array(':id' => $cur_post['tid'], ':moved' => $cur_post['tid']); // Update the topic and any redirect topics $db->update('topics', $update, 'id=:id OR moved_to=:moved', $data); // We changed the subject, so we need to take that into account when we update the search words update_search_index('edit', $id, $message, $subject); // If this is the last topic in the forum, and we've changed the subject, we need to update that if ($cur_post['last_topic_id'] == $cur_post['tid'] && $subject != $cur_post['subject']) { update_forum($cur_post['fid']); } } else { update_search_index('edit', $id, $message); }
message($lang_admin_robots['Must enter question message']); } $insert = array('question' => $question, 'answer' => $answer); $db->insert('robots', $insert); // Regenerate the robots cache if (!defined('FORUM_CACHE_FUNCTIONS_LOADED')) { require PANTHER_ROOT . 'include/cache.php'; } generate_robots_cache(); redirect(panther_link($panther_url['admin_robots']), $lang_admin_robots['Question added redirect']); } else { if (isset($_POST['update'])) { confirm_referrer(PANTHER_ADMIN_DIR . '/robots.php'); $id = intval(key($_POST['update'])); $question = isset($_POST['question'][$id]) ? panther_trim($_POST['question'][$id]) : ''; $answer = isset($_POST['answer'][$id]) ? panther_trim($_POST['answer'][$id]) : ''; if ($question == '' || $answer == '') { message($lang_admin_robots['Must enter question message']); } $update = array('question' => $question, 'answer' => $answer); $data = array(':id' => $id); $db->update('robots', $update, 'id=:id', $data); // Regenerate the robots cache if (!defined('FORUM_CACHE_FUNCTIONS_LOADED')) { require PANTHER_ROOT . 'include/cache.php'; } generate_robots_cache(); redirect(panther_link($panther_url['admin_robots']), $lang_admin_robots['Question updated redirect']); } else { if (isset($_POST['remove'])) { confirm_referrer(PANTHER_ADMIN_DIR . '/robots.php');
$tpl = load_template('confirm_prune.tpl'); echo $tpl->render(array('lang_admin_maintenance' => $lang_admin_maintenance, 'lang_admin_common' => $lang_admin_common, 'link' => panther_link($panther_url['admin_maintenance']), 'csrf_token' => generate_csrf_token(PANTHER_ADMIN_DIR . '/maintenance.php'), 'prune_days' => $prune_days, 'prune_sticky' => $prune_sticky, 'prune_from' => $prune_from, 'forum' => $forum, 'num_topics' => forum_number_format($num_topics))); require PANTHER_ROOT . 'footer.php'; } if ($action == 'add_user') { $errors = array(); $username = isset($_POST['username']) ? panther_trim($_POST['username']) : ''; $random_pass = isset($_POST['random_pass']) && $_POST['random_pass'] == '1' ? 1 : 0; $email = isset($_POST['email']) ? strtolower(panther_trim($_POST['email'])) : ''; $password_salt = random_pass(16); if ($random_pass == '1') { $password1 = random_pass(12); $password2 = $password1; } else { $password1 = isset($_POST['password1']) ? panther_trim($_POST['password1']) : ''; $password2 = isset($_POST['password2']) ? panther_trim($_POST['password2']) : ''; } require PANTHER_ROOT . 'lang/' . $panther_user['language'] . '/prof_reg.php'; // Validate username and passwords check_username($username); if (panther_strlen($password1) < 6) { $errors[] = $lang_prof_reg['Pass too short']; } else { if ($password1 != $password2) { $errors[] = $lang_prof_reg['Pass not match']; } } // Validate email require PANTHER_ROOT . 'include/email.php'; if (!$mailer->is_valid_email($email)) { $errors[] = $lang_common['Invalid email'];
if (!defined('FORUM_CACHE_FUNCTIONS_LOADED')) { require PANTHER_ROOT . 'include/cache.php'; } generate_task_cache(); redirect(panther_link($panther_url['admin_tasks']), $lang_admin_tasks['Task added redirect']); } else { if (isset($_POST['update'])) { confirm_referrer(PANTHER_ADMIN_DIR . '/tasks.php'); $id = isset($_POST['id']) ? intval($_POST['id']) : ''; $title = isset($_POST['task_title']) ? panther_trim($_POST['task_title']) : ''; $minute = isset($_POST['minute']) && $_POST['minute'] != '*' && $_POST['minute'] >= 0 && $_POST['minute'] <= 59 ? intval($_POST['minute']) : '*'; $hour = isset($_POST['hour']) && $_POST['hour'] != '*' && $_POST['hour'] >= 0 && $_POST['hour'] <= 23 ? intval($_POST['hour']) : '*'; $day = isset($_POST['day']) && $_POST['day'] != '*' && $_POST['day'] >= 1 && $_POST['day'] <= 31 ? intval($_POST['day']) : '*'; $month = isset($_POST['month']) && $_POST['month'] != '*' && $_POST['month'] >= 1 && $_POST['month'] <= 12 ? intval($_POST['month']) : '*'; $week_day = isset($_POST['week_day']) && $_POST['week_day'] != '*' && $_POST['week_day'] >= 0 && $_POST['week_day'] <= 6 ? intval($_POST['week_day']) : '*'; $script = isset($_POST['script']) ? panther_trim($_POST['script']) : ''; if (!file_exists(PANTHER_ROOT . 'include/tasks/' . $script . '.php') || !preg_match('/^[a-z-_0-9]+$/i', $script)) { message(sprintf($lang_admin_tasks['Not valid task'], $script)); } if (strlen($title) < 5) { message($lang_admin_tasks['Too short title']); } $data = array(':id' => $id); $ps = $db->select('tasks', 'minute, hour, day, month, week_day, script', $data, 'id=:id'); $cur_task = $ps->fetch(); $update = array('title' => $title, 'next_run' => $tasks->get_next_run($minute, $hour, $day, $month, $week_day), 'script' => $script, 'minute' => $minute, 'hour' => $hour, 'day' => $day, 'month' => $month, 'week_day' => $week_day); $db->update('tasks', $update, 'id=:id', $data); if ($panther_config['o_task_type'] == '1' && function_exists('exec')) { $delete = $cur_task['minute'] . ' ' . $cur_task['hour'] . ' ' . $cur_task['day'] . ' ' . $cur_task['month'] . ' ' . $cur_task['week_day'] . ' ' . substr(PANTHER_ROOT, 0, -3) . 'cron.php'; exec('crontab -l', $cron_jobs); $cron = array_search($delete, $cron_jobs);
message($lang_admin_moderate['addition too long']); } if (strlen($title) < 1) { message($lang_common['Bad request']); } $close = isset($_POST['close']) ? intval($_POST['close']) : '2'; $stick = isset($_POST['stick']) ? intval($_POST['stick']) : '2'; $archive = isset($_POST['archive']) ? intval($_POST['archive']) : '2'; $move = isset($_POST['forum']) ? intval($_POST['forum']) : '0'; $leave_redirect = isset($_POST['redirect']) ? intval($_POST['redirect']) : '0'; $insert = array('title' => $title, 'close' => $close, 'stick' => $stick, 'archive' => $archive, 'move' => $move, 'leave_redirect' => $leave_redirect, 'reply_message' => $message, 'add_start' => $add_start, 'add_end' => $add_end, 'send_email' => $send_email, 'increment_posts' => $increment); $db->insert('multi_moderation', $insert); redirect(panther_link($panther_url['admin_moderate']), $lang_admin_moderate['added redirect']); } elseif ($action == 'edit' && $id > '0') { $message = isset($_POST['message']) ? panther_trim($_POST['message']) : null; $title = isset($_POST['title']) ? panther_trim($_POST['title']) : null; $add_start = isset($_POST['add_start']) ? utf8_ltrim($_POST['add_start']) : null; $add_end = isset($_POST['add_end']) ? utf8_rtrim($_POST['add_end']) : null; if (strlen($title) > 50) { message($lang_admin_moderate['title too long']); } if (strlen($add_start) > 50 || strlen($add_end) > 50) { message($lang_admin_moderate['addition too long']); } if (strlen($title) < 1) { message($lang_common['Bad request']); } $close = isset($_POST['close']) ? intval($_POST['close']) : '2'; $stick = isset($_POST['stick']) ? intval($_POST['stick']) : '2'; $archive = isset($_POST['archive']) ? intval($_POST['archive']) : '2'; $move = isset($_POST['forum']) ? intval($_POST['forum']) : '0';
} // Make sure attachment_icon_path doesn't end with a slash if (substr($form['attachment_icon_path'], -1) == '/') { $form['attachment_icon_path'] = substr($form['attachment_icon_path'], 0, -1); } // Make sure attachment_icon_dir ends with a slash if (substr($form['attachment_icon_dir'], -1) != '/' && $form['attachment_icon_dir'] != '') { $form['attachment_icon_dir'] .= '/'; } if ($form['additional_navlinks'] != '') { $form['additional_navlinks'] = panther_trim(panther_linebreaks($form['additional_navlinks'])); } // Change or enter a SMTP password if (isset($_POST['form']['smtp_change_pass'])) { $smtp_pass1 = isset($_POST['form']['smtp_pass1']) ? panther_trim($_POST['form']['smtp_pass1']) : ''; $smtp_pass2 = isset($_POST['form']['smtp_pass2']) ? panther_trim($_POST['form']['smtp_pass2']) : ''; if ($smtp_pass1 == $smtp_pass2) { $form['smtp_pass'] = $smtp_pass1; } else { message($lang_admin_options['SMTP passwords did not match']); } } if ($form['announcement_message'] != '') { $form['announcement_message'] = panther_linebreaks($form['announcement_message']); } else { $form['announcement_message'] = $lang_admin_options['Enter announcement here']; $form['announcement'] = '0'; } if ($form['rules_message'] != '') { $form['rules_message'] = panther_linebreaks($form['rules_message']); } else {