* return $user;
* }
* </hookcode>
*/
if ($hook_args && isset($PHORUM['hooks']['password_reset'])) {
phorum_api_hook("password_reset", $hook_args);
}
}
// ----------------------------------------------------------------------------
// Build template data and output the page
// ----------------------------------------------------------------------------
$redir = htmlspecialchars($redir, ENT_COMPAT, $PHORUM['DATA']['HCHARSET']);
// Fill the breadcrumbs-info.
$PHORUM['DATA']['BREADCRUMBS'][] = array('URL' => '', 'TEXT' => $PHORUM['DATA']['LANG']['LogIn'], 'TYPE' => 'login');
// Fill the page heading info.
$PHORUM['DATA']['HEADING'] = $heading;
$PHORUM['DATA']['HTML_DESCRIPTION'] = '';
$PHORUM['DATA']['DESCRIPTION'] = '';
// Setup template data.
$PHORUM['DATA']['LOGIN']['redir'] = $redir;
$PHORUM['DATA']['URL']['REGISTER'] = phorum_api_url(PHORUM_REGISTER_URL);
$PHORUM['DATA']['URL']['ACTION'] = phorum_api_url(PHORUM_LOGIN_ACTION_URL);
$PHORUM['DATA']['LOGIN']['forum_id'] = (int) $PHORUM['forum_id'];
$PHORUM['DATA']['LOGIN']['username'] = !empty($_POST['username']) ? htmlspecialchars($_POST['username'], ENT_COMPAT, $PHORUM['DATA']['HCHARSET']) : '';
$PHORUM['DATA']['ERROR'] = $error;
$PHORUM['DATA']['OKMSG'] = $okmsg;
$PHORUM['DATA']['POST_VARS'] .= "<input type=\"hidden\" name=\"redir\" value=\"{$redir}\" />\n";
$PHORUM['DATA']['FOCUS_TO_ID'] = $focus;
// Display the login page.
phorum_api_output($template);
$PHORUM["DATA"]["PM_USERFOLDERS"] = count($pm_userfolders) ? $pm_userfolders : 0;
// Set some default template data.
$PHORUM["DATA"]["URL"]["ACTION"] = phorum_api_url(PHORUM_PM_ACTION_URL);
$PHORUM["DATA"]["FOLDER_ID"] = $folder_id;
$PHORUM["DATA"]["FOLDER_IS_INCOMING"] = $folder_id == PHORUM_PM_OUTBOX ? 0 : 1;
$PHORUM["DATA"]["PM_PAGE"] = $page;
$PHORUM["DATA"]["PM_TEMPLATE"] = $template;
$PHORUM["DATA"]["HIDE_USERSELECT"] = $hide_userselect;
// fill the breadcrumbs-info
$PHORUM['DATA']['BREADCRUMBS'][] = array('URL' => $PHORUM['DATA']['URL']['PM'], 'TEXT' => $page == 'buddies' ? $PHORUM['DATA']['LANG']['Buddies'] : $PHORUM['DATA']['LANG']['PrivateMessages'], 'TYPE' => $page == 'buddies' ? 'buddies' : 'pm');
if ($error_msg) {
$PHORUM["DATA"]["ERROR"] = $error_msg;
unset($PHORUM["DATA"]["MESSAGE"]);
phorum_api_output("message");
} else {
phorum_api_output("pm");
}
// ------------------------------------------------------------------------
// Utility functions
// ------------------------------------------------------------------------
// Apply the default forum message formatting to a private message.
function phorum_pm_format($messages)
{
global $PHORUM;
// Reformat message so it looks like a forum message (so we can run it
// through phorum_api_message_format()) and do some PM specific formatting.
foreach ($messages as $id => $message) {
// The formatting code expects a message id.
$messages[$id]["message_id"] = $id;
// Read URLs need a folder id, so we only create that URL if
// one's available.
* argument, possibly with some updated fields in it.
*
* [example]
* <hookcode>
* function phorum_mod_foo_index($data)
* {
* global $PHORUM;
*
* // An example to add some data to the description of
* // forums on the index page in flat view.
* if ($PHORUM['index_style'] == PHORUM_INDEX_FLAT)
* {
* foreach ($data as $id => $item)
* {
* if (!$item['folder_flag'])
* {
* $data[$id]['description'] .= '<br/>Blah foo bar baz';
* }
* }
* }
*
* return $data;
* }
* </hookcode>
*/
if (isset($PHORUM['hooks']['index'])) {
$PHORUM['DATA']['FORUMS'] = phorum_api_hook('index', $PHORUM['DATA']['FORUMS']);
}
// Display the page.
phorum_api_output('index_flat');
/**
* Check if the user has read permission for a forum page.
*
* If the user does not have read permission for the currently active
* forum, then an error message is shown. What message to show depends
* on the exact case. Possible cases are:
*
* - The user is logged in: final missing read permission message;
* - The user is not logged in, but wouldn't be allowed to read the
* forum, even if he were logged in: final missing read permission message;
* - The user is not logged in, but could be allowed to read the
* forum if he were logged in: please login message.
*
* @return boolean
* TRUE in case the user is allowed to read the forum,
* FALSE otherwise.
*/
function phorum_check_read_common()
{
global $PHORUM;
$retval = TRUE;
if ($PHORUM["forum_id"] > 0 && !$PHORUM["folder_flag"] && !phorum_api_user_check_access(PHORUM_USER_ALLOW_READ)) {
if ($PHORUM["DATA"]["LOGGEDIN"]) {
// if they are logged in and not allowed, they don't have rights
$PHORUM["DATA"]["OKMSG"] = $PHORUM["DATA"]["LANG"]["NoRead"];
} else {
// Check if they could read if logged in.
// If so, let them know to log in.
if (empty($PHORUM["DATA"]["POST"]["parentid"]) && $PHORUM["reg_perms"] & PHORUM_USER_ALLOW_READ) {
$PHORUM["DATA"]["OKMSG"] = $PHORUM["DATA"]["LANG"]["PleaseLoginRead"];
} else {
$PHORUM["DATA"]["OKMSG"] = $PHORUM["DATA"]["LANG"]["NoRead"];
}
}
phorum_build_common_urls();
phorum_api_output("message");
$retval = FALSE;
}
return $retval;
}
// Set the field to focus. Only set the focus if we have
// no message to display to the user and if we're not in a preview.
// In those cases, it's better to stay at the top of the
// page, so the user can see it.
if (phorum_page == "post" && !isset($PHORUM["DATA"]["OKMSG"]) && !isset($PHORUM["DATA"]["ERROR"]) && !$preview) {
$focus = "subject";
if (!empty($message["subject"])) {
$focus = "body";
}
$PHORUM["DATA"]["FOCUS_TO_ID"] = $focus;
}
}
if (isset($PHORUM["postingargs"]["as_include"]) && isset($templates)) {
$templates[] = $PHORUM["posting_template"];
} else {
phorum_api_output($PHORUM["posting_template"]);
}
// ----------------------------------------------------------------------
// Functions
// ----------------------------------------------------------------------
// Merge data from a database message record into the form fields
// that we use. If $apply_readonly is set to a true value, then
// only the fields which are flagged as read-only will be copied.
function phorum_posting_merge_db2form($form, $db, $apply_readonly = false)
{
global $PHORUM;
// If we have a user linked to the current message, then get the
// user data from the database, if it has to be applied as
// read-only data. We fetch the data here, so later on we
// can apply it to the message.
if (($PHORUM["post_fields"]["email"][pf_READONLY] || $PHORUM["post_fields"]["author"][pf_READONLY]) && !empty($db["user_id"])) {
$this_version['colored_body'] = phorum_api_format_censor($this_version['colored_body']);
// only happens in first loop
if ($prev_subject == -1) {
$prev_subject = $message["subject"];
}
// subject diffs
if (isset($diff_info['diff_subject']) && !empty($diff_info['diff_subject'])) {
$colored_subject = phorum_api_diff_unpatch_color($prev_subject, $diff_info['diff_subject']);
$prev_subject = phorum_api_diff_unpatch($prev_subject, $diff_info['diff_subject']);
$colored_subject = htmlspecialchars($colored_subject, ENT_COMPAT, $PHORUM["DATA"]["HCHARSET"]);
$colored_subject = str_replace(array("[phorum addition]", "[phorum removal]", "[/phorum addition]", "[/phorum removal]"), array("<span class=\"addition\">", "<span class=\"removal\">", "</span>", "</span>"), $colored_subject);
$colored_subject = nl2br($colored_subject);
$this_version["colored_subject"] = $colored_subject;
} elseif (!isset($diff_info['diff_subject'])) {
$this_version['colored_subject'] = nl2br($prev_subject);
} else {
$this_version["colored_subject"] = nl2br($prev_subject);
}
$this_version['colored_subject'] = phorum_api_format_censor($this_version['colored_subject']);
// no nl2br for subject
//$this_version["colored_subject"] = nl2br($this_version["colored_subject"]);
$message_hist[] = $this_version;
}
$PHORUM["DATA"]["HEADING"] = $PHORUM["DATA"]["LANG"]["ChangeHistory"];
// unset default description
$PHORUM["DATA"]["DESCRIPTION"] = "";
$PHORUM["DATA"]["MESSAGE"]["subject"] = htmlspecialchars($message["subject"], ENT_COMPAT, $PHORUM["DATA"]["HCHARSET"]);
$PHORUM["DATA"]["MESSAGE"]["URL"]["READ"] = phorum_api_url(PHORUM_READ_URL, $message["thread"], $message_id);
$PHORUM["DATA"]["CHANGES"] = $message_hist;
phorum_api_output("changes");
/**
* @deprecated Replaced by {@link phorum_api_output()}.
*/
function phorum_output($templates)
{
return phorum_api_output($templates);
}
/**
* Setup and check posting tokens for form POST requests.
*
* For protecting forms against CSRF attacks, a signed posting token
* is utilized. This posting token must be included in the POST request.
* Without the token, Phorum will not accept the POST data.
*
* This function will check whether we are handling a POST request.
* If yes, then check if an anti-CSRF token is provided in the POST data.
* If no token is available or if the token does not match the expected
* token, then the POST request is rejected.
*
* As a side effect, the required token is added to the {POST_VARS}
* template variable. This facilitates protecting scripts. As
* long as the template variable is added to the <form> for the
* script, it will be automatically protected.
*
* @param string $target_page
* The page for which to check a posting token. When no target
* page is provided, then the constant "phorum_page" is used instead.
*
* @return string
* The expected posting token.
*/
function phorum_api_request_check_token($target_page = NULL)
{
global $PHORUM;
if ($target_page === NULL) {
$target_page = phorum_page;
}
$variable = 'posting_token:' . $target_page;
// Generate the posting token.
$posting_token = md5(($target_page !== NULL ? $target_page : phorum_page) . '/' . ($PHORUM['user']['user_id'] ? $PHORUM['user']['password'] . '/' . $PHORUM['user']['sessid_lt'] : (isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : 'unknown')) . '/' . $PHORUM['private_key']);
// Add the posting token to the {POST_VARS}.
$PHORUM['DATA']['POST_VARS'] .= "<input type=\"hidden\" name=\"{$variable}\" " . "value=\"{$posting_token}\"/>\n";
// Check the posting token if a form post is done.
if (!empty($_POST)) {
if (!isset($_POST[$variable]) || $_POST[$variable] != $posting_token) {
$PHORUM['DATA']['ERROR'] = 'Possible hack attempt detected. ' . 'The posted form data was rejected.';
phorum_build_common_urls();
phorum_api_output("message");
exit;
}
}
return $posting_token;
}
/**
* Outputs a confirmation form.
*
* To maintain backwards compatibility with the templates,
* we generate a form in code and output it using stdblock.
*
* The function exits the script after displaying the form.
*
* @param string $message Message to display to users
* @param string $action The URI to post the form to
* @param array $args The hidden form values to be used in the form
* @return void
*
*/
function phorum_show_confirmation_form($message, $action, $args)
{
global $PHORUM;
ob_start();
?>
<div style="text-align: center;">
<strong><?php
echo htmlspecialchars($message, ENT_COMPAT, $PHORUM["DATA"]["HCHARSET"]);
?>
</strong>
<br />
<br />
<form
action="<?php
echo htmlspecialchars($action, ENT_COMPAT, $PHORUM["DATA"]["HCHARSET"]);
?>
"
method="post">
<input type="hidden"
name="forum_id" value="<?php
echo $PHORUM["forum_id"];
?>
" />
<input type="hidden" name="confirmation" value="1" />
<?php
foreach ($args as $name => $value) {
?>
<input type="hidden"
name="<?php
echo htmlspecialchars($name, ENT_COMPAT, $PHORUM["DATA"]["HCHARSET"]);
?>
"
value="<?php
echo htmlspecialchars($value, ENT_COMPAT, $PHORUM["DATA"]["HCHARSET"]);
?>
" />
<?php
}
?>
<?php
echo $PHORUM["DATA"]["POST_VARS"];
?>
<input type="submit"
name="confirmation_yes"
value="<?php
echo $PHORUM["DATA"]["LANG"]["Yes"];
?>
" />
<input type="submit"
name="confirmation_no"
value="<?php
echo $PHORUM["DATA"]["LANG"]["No"];
?>
" />
</form>
<br />
</div>
<?php
$PHORUM["DATA"]["BLOCK_CONTENT"] = ob_get_clean();
phorum_api_output("stdblock");
exit;
}
* </hookcode>
*/
if (isset($PHORUM["hooks"]["after_post_redirect"])) {
$redir_url = phorum_api_hook("after_post_redirect", $redir_url, $message);
}
if ($message["status"] > 0) {
phorum_api_redirect($redir_url);
} else {
// give a message about this being a moderated forum before redirecting
$PHORUM['DATA']['OKMSG'] = $PHORUM['DATA']['LANG']['ModeratedForum'];
$PHORUM['DATA']["URL"]["REDIRECT"] = $redir_url;
// clickheremsg is depending on the place we are returning to
if ($PHORUM["redirect_after_post"] == "read") {
$PHORUM['DATA']['BACKMSG'] = $PHORUM['DATA']['LANG']['BackToThread'];
} else {
$PHORUM['DATA']['BACKMSG'] = $PHORUM['DATA']['LANG']['BackToList'];
}
// make it a little bit longer visible
$PHORUM['DATA']["URL"]["REDIRECT_TIME"] = 10;
phorum_api_output('message');
exit(0);
}
return;
}
// If we get here, the posting was not successful. The return value from
// the post function is 0 in case of duplicate posting and FALSE in case
// a database problem occured.
// Restore the original message.
$message = $message_copy;
// Setup the data for displaying an error to the user.
$PHORUM["DATA"]["ERROR"] = $success === 0 ? $PHORUM["DATA"]["LANG"]['PostErrorDuplicate'] : $PHORUM["DATA"]["LANG"]['PostErrorOccured'];
}
}
phorum_api_output($templates);
} elseif ($toforum = phorum_check_moved_message($thread)) {
$PHORUM["DATA"]["OKMSG"] = $PHORUM["DATA"]["LANG"]["MovedMessage"];
$PHORUM['DATA']["URL"]["REDIRECT"] = phorum_api_url(PHORUM_FOREIGN_READ_URL, $toforum, $thread);
$PHORUM['DATA']["BACKMSG"] = $PHORUM["DATA"]["LANG"]["MovedMessageTo"];
$PHORUM["DATA"]["HTML_TITLE"] = htmlspecialchars($PHORUM["DATA"]["HTML_TITLE"], ENT_COMPAT, $PHORUM["DATA"]["HCHARSET"]);
// have to include the header here for the Redirect
phorum_api_output("message");
} else {
$PHORUM["DATA"]["ERROR"] = $PHORUM["DATA"]["LANG"]["MessageNotFound"];
$PHORUM['DATA']["URL"]["REDIRECT"] = $PHORUM["DATA"]["URL"]["LIST"];
$PHORUM['DATA']["BACKMSG"] = $PHORUM["DATA"]["LANG"]["BackToList"];
$PHORUM["DATA"]["HTML_TITLE"] = htmlspecialchars($PHORUM["DATA"]["HTML_TITLE"], ENT_COMPAT, $PHORUM["DATA"]["HCHARSET"]);
// have to include the header here for the Redirect
phorum_api_output("message");
}
// find out if the given thread has been moved to another forum
function phorum_check_moved_message($thread)
{
global $PHORUM;
$forum_id = $GLOBALS['PHORUM']['forum_id'];
$message = $PHORUM['DB']->get_message($thread, 'message_id', true);
if (!empty($message) && $message['forum_id'] != $forum_id) {
$ret = $message['forum_id'];
} else {
$ret = false;
}
return $ret;
}
// folder visible there, then directly jump to that one.
if (!empty($PHORUM['jump_on_single_forum']) && $PHORUM['vroot'] == $PHORUM['forum_id'] && count($forums) == 1) {
$forum = array_pop($forums);
$url = $forum['folder_flag'] ? $forum['URL']['INDEX'] : $forum['URL']['LIST'];
phorum_api_redirect($url);
}
// Build all our standard URL's.
phorum_build_common_urls();
// A message to show if there are no visible forums or folders at all.
if (empty($forums)) {
$PHORUM['DATA']['OKMSG'] = $PHORUM['DATA']['LANG']['NoForums'];
phorum_api_output('message');
return;
}
// Run the "index" hook. This one is documented in include/index/flat.php.
if (isset($PHORUM['hooks']['index'])) {
$forums = phorum_api_hook('index', $forums);
}
// Build the template folders array.
$PHORUM['DATA']['FOLDERS'] = array();
foreach ($folder_ids as $folder_id) {
$PHORUM['DATA']['FOLDERS'][] = $forums[$folder_id];
}
// Build the template forums array.
$PHORUM['DATA']['FORUMS'] = array();
foreach ($forum_ids as $forum_id) {
$PHORUM['DATA']['FORUMS'][] = $forums[$forum_id];
}
// Display the page.
phorum_api_output("index_directory");
$PHORUM["DATA"]["REGISTER"][$key] = htmlspecialchars($val, ENT_COMPAT, $PHORUM["DATA"]["HCHARSET"]);
}
$PHORUM["DATA"]["ERROR"] = $error;
}
// No data posted, so this is the first request. Initialize form data.
} else {
// Initialize fixed fields.
$PHORUM["DATA"]["REGISTER"]["username"] = "";
$PHORUM["DATA"]["REGISTER"]["email"] = "";
$PHORUM["DATA"]["ERROR"] = "";
// Initialize custom profile fields.
foreach ($PHORUM["CUSTOM_FIELDS"][PHORUM_CUSTOM_FIELD_USER] as $id => $field) {
if ($id === 'num_fields' || !empty($field['deleted'])) {
continue;
}
$PHORUM["DATA"]["REGISTER"][$field["name"]] = "";
}
}
// fill the breadcrumbs-info.
$PHORUM['DATA']['BREADCRUMBS'][] = array('URL' => '', 'TEXT' => $PHORUM['DATA']['LANG']['Register'], 'TYPE' => 'register');
// fill the page heading info.
$PHORUM['DATA']['HEADING'] = $PHORUM['DATA']['LANG']['Register'];
$PHORUM['DATA']['HTML_DESCRIPTION'] = '';
$PHORUM['DATA']['DESCRIPTION'] = '';
# Setup static template data.
$PHORUM["DATA"]["URL"]["ACTION"] = phorum_api_url(PHORUM_REGISTER_ACTION_URL);
$PHORUM["DATA"]["REGISTER"]["forum_id"] = $PHORUM["forum_id"];
$PHORUM["DATA"]["REGISTER"]["block_title"] = $PHORUM["DATA"]["LANG"]["Register"];
// Display the registration page.
phorum_api_output("register");