intval($matches[1]),
'password_hash' => $matches[2],
'expiration_time' => intval($matches[3]),
'cookie_hash' => $matches[4],
);
}
// If it has a non-guest user, and hasn't expired
if (isset($cookie) && $cookie['user_id'] > 1 && $cookie['expiration_time'] > $now)
{
// If the cookie has been tampered with
$is_authorized = pun_hash_equals(forum_hmac($cookie['user_id'].'|'.$cookie['expiration_time'], $cookie_seed.'_cookie_hash'), $cookie['cookie_hash']);
if (!$is_authorized)
{
$expire = $now + 31536000; // The cookie expires after a year
pun_setcookie(1, pun_hash(uniqid(rand(), true)), $expire);
set_default_user();
return;
}
// Check if there's a user with the user ID and password hash from the cookie
$result = $db->query('SELECT u.*, g.*, o.logged, o.idle FROM '.$db->prefix.'users AS u INNER JOIN '.$db->prefix.'groups AS g ON u.group_id=g.g_id LEFT JOIN '.$db->prefix.'online AS o ON o.user_id=u.id WHERE u.id='.intval($cookie['user_id'])) or error('Unable to fetch user information', __FILE__, __LINE__, $db->error());
$pun_user = $db->fetch_assoc($result);
// If user authorisation failed
$is_authorized = pun_hash_equals(forum_hmac($pun_user['password'], $cookie_seed.'_password_hash'), $cookie['password_hash']);
if (!isset($pun_user['id']) || !$is_authorized)
{
$expire = $now + 31536000; // The cookie expires after a year
pun_setcookie(1, pun_hash(uniqid(rand(), true)), $expire);
set_default_user();
return;
}
// Send a new, updated cookie with a new expiration timestamp
$expire = ($cookie['expiration_time'] > $now + $pun_config['o_timeout_visit']) ? $now + 1209600 : $now + $pun_config['o_timeout_visit'];
pun_setcookie($pun_user['id'], $pun_user['password'], $expire);
// Set a default language if the user selected language no longer exists
if (!file_exists(PUN_ROOT.'lang/'.$pun_user['language']))
$pun_user['language'] = $pun_config['o_default_lang'];
// Set a default style if the user selected style no longer exists
if (!file_exists(PUN_ROOT.'style/'.$pun_user['style'].'.css'))
$pun_user['style'] = $pun_config['o_default_style'];
if (!$pun_user['disp_topics'])
$pun_user['disp_topics'] = $pun_config['o_disp_topics_default'];
if (!$pun_user['disp_posts'])
$pun_user['disp_posts'] = $pun_config['o_disp_posts_default'];
// Define this if you want this visit to affect the online list and the users last visit data
if (!defined('PUN_QUIET_VISIT'))
{
// Update the online list
if (!$pun_user['logged'])
{
$pun_user['logged'] = $now;
// With MySQL/MySQLi/SQLite, REPLACE INTO avoids a user having two rows in the online table
switch ($db_type)
{
case 'mysql':
case 'mysqli':
case 'mysql_innodb':
case 'mysqli_innodb':
case 'sqlite':
$db->query('REPLACE INTO '.$db->prefix.'online (user_id, ident, logged) VALUES('.$pun_user['id'].', \''.$db->escape($pun_user['username']).'\', '.$pun_user['logged'].')') or error('Unable to insert into online list', __FILE__, __LINE__, $db->error());
break;
default:
$db->query('INSERT INTO '.$db->prefix.'online (user_id, ident, logged) SELECT '.$pun_user['id'].', \''.$db->escape($pun_user['username']).'\', '.$pun_user['logged'].' WHERE NOT EXISTS (SELECT 1 FROM '.$db->prefix.'online WHERE user_id='.$pun_user['id'].')') or error('Unable to insert into online list', __FILE__, __LINE__, $db->error());
break;
}
// Reset tracked topics
set_tracked_topics(null);
}
else
{
// Special case: We've timed out, but no other user has browsed the forums since we timed out
if ($pun_user['logged'] < ($now-$pun_config['o_timeout_visit']))
{
$db->query('UPDATE '.$db->prefix.'users SET last_visit='.$pun_user['logged'].' WHERE id='.$pun_user['id']) or error('Unable to update user visit data', __FILE__, __LINE__, $db->error());
$pun_user['last_visit'] = $pun_user['logged'];
}
$idle_sql = ($pun_user['idle'] == '1') ? ', idle=0' : '';
$db->query('UPDATE '.$db->prefix.'online SET logged='.$now.$idle_sql.' WHERE user_id='.$pun_user['id']) or error('Unable to update online list', __FILE__, __LINE__, $db->error());
// Update tracked topics with the current expire time
if (isset($_COOKIE[$cookie_name.'_track']))
forum_setcookie($cookie_name.'_track', $_COOKIE[$cookie_name.'_track'], $now + $pun_config['o_timeout_visit']);
}
}
else
{
if (!$pun_user['logged'])
$pun_user['logged'] = $pun_user['last_visit'];
}
$pun_user['is_guest'] = false;
$pun_user['is_admmod'] = $pun_user['g_id'] == PUN_ADMIN || $pun_user['g_moderator'] == '1';
}
else
set_default_user();
}
//
// Converts the CDATA end sequence ]]> into ]]>
//
function escape_cdata($str)
{
return str_replace(']]>', ']]>', $str);
}
//
// Authenticates the provided username and password against the user database
// $user can be either a user ID (integer) or a username (string)
// $password can be either a plaintext password or a password hash including salt ($password_is_hash must be set accordingly)
//
function authenticate_user($user, $password, $password_is_hash = false)
{
global $db, $pun_user;
// Check if there's a user matching $user and $password
$result = $db->query('SELECT u.*, g.*, o.logged, o.idle FROM '.$db->prefix.'users AS u INNER JOIN '.$db->prefix.'groups AS g ON g.g_id=u.group_id LEFT JOIN '.$db->prefix.'online AS o ON o.user_id=u.id WHERE '.(is_int($user) ? 'u.id='.intval($user) : 'u.username=\''.$db->escape($user).'\'')) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());
$pun_user = $db->fetch_assoc($result);
$is_password_authorized = pun_hash_equals($password, $pun_user['password']);
$is_hash_authorized = pun_password_verify($password, $pun_user['password']);
if (!isset($pun_user['id']) ||
($password_is_hash && !$is_password_authorized ||
(!$password_is_hash && !$is_hash_authorized)))
set_default_user();
else
$pun_user['is_guest'] = false;
}
//
// Try to determine the current URL
//
function get_current_url($max_length = 0)
{
$protocol = get_current_protocol();
$port = (isset($_SERVER['SERVER_PORT']) && (($_SERVER['SERVER_PORT'] != '80' && $protocol == 'http') || ($_SERVER['SERVER_PORT'] != '443' && $protocol == 'https')) && strpos($_SERVER['HTTP_HOST'], ':') === false) ? ':'.$_SERVER['SERVER_PORT'] : '';
$url = urldecode($protocol.'://'.$_SERVER['HTTP_HOST'].$port.$_SERVER['REQUEST_URI']);
if (strlen($url) <= $max_length || $max_length == 0)
return $url;
// We can't find a short enough url
return null;
}
//
// Fetch the current protocol in use - http or https
//
function get_current_protocol()
{
$protocol = 'http';
// Check if the server is claiming to using HTTPS
if (!empty($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) != 'off')
$protocol = 'https';
// If we are behind a reverse proxy try to decide which protocol it is using
if (defined('FORUM_BEHIND_REVERSE_PROXY'))
{
// Check if we are behind a Microsoft based reverse proxy
if (!empty($_SERVER['HTTP_FRONT_END_HTTPS']) && strtolower($_SERVER['HTTP_FRONT_END_HTTPS']) != 'off')
$protocol = 'https';
// Check if we're behind a "proper" reverse proxy, and what protocol it's using
if (!empty($_SERVER['HTTP_X_FORWARDED_PROTO']))
$protocol = strtolower($_SERVER['HTTP_X_FORWARDED_PROTO']);
}
return $protocol;
}
//
// Fetch the base_url, optionally support HTTPS and HTTP
//
function get_base_url($support_https = false)
{
global $pun_config;
static $base_url;
if (!$support_https)
return $pun_config['o_base_url'];
if (!isset($base_url))
{
// Make sure we are using the correct protocol
$base_url = str_replace(array('http://', 'https://'), get_current_protocol().'://', $pun_config['o_base_url']);
}
return $base_url;
}
//
// Fetch admin IDs
//
function get_admin_ids()
{
if (file_exists(FORUM_CACHE_DIR.'cache_admins.php'))
include FORUM_CACHE_DIR.'cache_admins.php';
if (!defined('PUN_ADMINS_LOADED'))
{
if (!defined('FORUM_CACHE_FUNCTIONS_LOADED'))
require PUN_ROOT.'include/cache.php';
generate_admins_cache();
require FORUM_CACHE_DIR.'cache_admins.php';
}
return $pun_admins;
}
//
// Fill $pun_user with default values (for guests)
//
function set_default_user()
{
global $db, $db_type, $pun_user, $pun_config;
$remote_addr = get_remote_address();
// Fetch guest user
$result = $db->query('SELECT u.*, g.*, o.logged, o.last_post, o.last_search FROM '.$db->prefix.'users AS u INNER JOIN '.$db->prefix.'groups AS g ON u.group_id=g.g_id LEFT JOIN '.$db->prefix.'online AS o ON o.ident=\''.$db->escape($remote_addr).'\' WHERE u.id=1') or error('Unable to fetch guest information', __FILE__, __LINE__, $db->error());
if (!$db->num_rows($result))
exit('Unable to fetch guest information. Your database must contain both a guest user and a guest user group.');
$pun_user = $db->fetch_assoc($result);
// Update online list
if (!$pun_user['logged'])
{
$pun_user['logged'] = time();
// With MySQL/MySQLi/SQLite, REPLACE INTO avoids a user having two rows in the online table
switch ($db_type)
{
case 'mysql':
case 'mysqli':
case 'mysql_innodb':
case 'mysqli_innodb':
case 'sqlite':
$db->query('REPLACE INTO '.$db->prefix.'online (user_id, ident, logged) VALUES(1, \''.$db->escape($remote_addr).'\', '.$pun_user['logged'].')') or error('Unable to insert into online list', __FILE__, __LINE__, $db->error());
break;
default:
$db->query('INSERT INTO '.$db->prefix.'online (user_id, ident, logged) SELECT 1, \''.$db->escape($remote_addr).'\', '.$pun_user['logged'].' WHERE NOT EXISTS (SELECT 1 FROM '.$db->prefix.'online WHERE ident=\''.$db->escape($remote_addr).'\')') or error('Unable to insert into online list', __FILE__, __LINE__, $db->error());
break;
}
}
else
$db->query('UPDATE '.$db->prefix.'online SET logged='.time().' WHERE ident=\''.$db->escape($remote_addr).'\'') or error('Unable to update online list', __FILE__, __LINE__, $db->error());
$pun_user['disp_topics'] = $pun_config['o_disp_topics_default'];
$pun_user['disp_posts'] = $pun_config['o_disp_posts_default'];
$pun_user['timezone'] = $pun_config['o_default_timezone'];
$pun_user['dst'] = $pun_config['o_default_dst'];
$pun_user['language'] = $pun_config['o_default_lang'];
$pun_user['style'] = $pun_config['o_default_style'];
$pun_user['is_guest'] = true;
$pun_user['is_admmod'] = false;
}
//
// SHA1 HMAC with PHP 4 fallback
//
function forum_hmac($data, $key, $raw_output = false)
{
if (function_exists('hash_hmac'))
return hash_hmac('sha1', $data, $key, $raw_output);
// If key size more than blocksize then we hash it once
if (strlen($key) > 64)
$key = pack('H*', sha1($key)); // we have to use raw output here to match the standard
// Ensure we're padded to exactly one block boundary
$key = str_pad($key, 64, chr(0x00));
$hmac_opad = str_repeat(chr(0x5C), 64);
$hmac_ipad = str_repeat(chr(0x36), 64);
// Do inner and outer padding
for ($i = 0;$i < 64;$i++) {
$hmac_opad[$i] = $hmac_opad[$i] ^ $key[$i];
$hmac_ipad[$i] = $hmac_ipad[$i] ^ $key[$i];
}
// Finally, calculate the HMAC
$hash = sha1($hmac_opad.pack('H*', sha1($hmac_ipad.$data)));
// If we want raw output then we need to pack the final result
if ($raw_output)
$hash = pack('H*', $hash);
return $hash;
}
//
// Set a cookie, FluxBB style!
// Wrapper for forum_setcookie
//
function pun_setcookie($user_id, $password_hash, $expire)
{
global $cookie_name, $cookie_seed;
forum_setcookie($cookie_name, $user_id.'|'.forum_hmac($password_hash, $cookie_seed.'_password_hash').'|'.$expire.'|'.forum_hmac($user_id.'|'.$expire, $cookie_seed.'_cookie_hash'), $expire);
}
//
// Set a cookie, FluxBB style!
//
function forum_setcookie($name, $value, $expire)
{
global $cookie_path, $cookie_domain, $cookie_secure, $pun_config;
if ($expire - time() - $pun_config['o_timeout_visit'] < 1)
$expire = 0;
// Enable sending of a P3P header
header('P3P: CP="CUR ADM"');
if (version_compare(PHP_VERSION, '5.2.0', '>='))
setcookie($name, $value, $expire, $cookie_path, $cookie_domain, $cookie_secure, true);
else
setcookie($name, $value, $expire, $cookie_path.'; HttpOnly', $cookie_domain, $cookie_secure);
}
//
// Check whether the connecting user is banned (and delete any expired bans while we're at it)
//
function check_bans()
{
global $db, $pun_config, $lang_common, $pun_user, $pun_bans;
// Admins and moderators aren't affected
if ($pun_user['is_admmod'] || !$pun_bans)
return;
// Add a dot or a colon (depending on IPv4/IPv6) at the end of the IP address to prevent banned address
// 192.168.0.5 from matching e.g. 192.168.0.50
$user_ip = get_remote_address();
$user_ip .= (strpos($user_ip, '.') !== false) ? '.' : ':';
$bans_altered = false;
$is_banned = false;
foreach ($pun_bans as $cur_ban)
{
// Has this ban expired?
if ($cur_ban['expire'] != '' && $cur_ban['expire'] <= time())
{
$db->query('DELETE FROM '.$db->prefix.'bans WHERE id='.$cur_ban['id']) or error('Unable to delete expired ban', __FILE__, __LINE__, $db->error());
$bans_altered = true;
continue;
}
if ($cur_ban['username'] != '' && utf8_strtolower($pun_user['username']) == utf8_strtolower($cur_ban['username']))
$is_banned = true;
if ($cur_ban['ip'] != '')
{
$cur_ban_ips = explode(' ', $cur_ban['ip']);
$num_ips = count($cur_ban_ips);
for ($i = 0; $i < $num_ips; ++$i)
{
// Add the proper ending to the ban
if (strpos($user_ip, '.') !== false)
$cur_ban_ips[$i] = $cur_ban_ips[$i].'.';
else
$cur_ban_ips[$i] = $cur_ban_ips[$i].':';
if (substr($user_ip, 0, strlen($cur_ban_ips[$i])) == $cur_ban_ips[$i])
{
$is_banned = true;
break;
}
}
}
if ($is_banned)
{
$db->query('DELETE FROM '.$db->prefix.'online WHERE ident=\''.$db->escape($pun_user['username']).'\'') or error('Unable to delete from online list', __FILE__, __LINE__, $db->error());
message($lang_common['Ban message'].' '.(($cur_ban['expire'] != '') ? $lang_common['Ban message 2'].' '.strtolower(format_time($cur_ban['expire'], true)).'. ' : '').(($cur_ban['message'] != '') ? $lang_common['Ban message 3'].'
'.pun_htmlspecialchars($cur_ban['message']).'
' : '
').$lang_common['Ban message 4'].' '.pun_htmlspecialchars($pun_config['o_admin_email']).'.', true);
}
}
// If we removed any expired bans during our run-through, we need to regenerate the bans cache
if ($bans_altered)
{
if (!defined('FORUM_CACHE_FUNCTIONS_LOADED'))
require PUN_ROOT.'include/cache.php';
generate_bans_cache();
}
}
//
// Check username
//
function check_username($username, $exclude_id = null)
{
global $db, $pun_config, $errors, $lang_prof_reg, $lang_register, $lang_common, $pun_bans;
// Include UTF-8 function
require_once PUN_ROOT.'include/utf8/strcasecmp.php';
// Convert multiple whitespace characters into one (to prevent people from registering with indistinguishable usernames)
$username = preg_replace('%\s+%s', ' ', $username);
// Validate username
if (pun_strlen($username) < 2)
$errors[] = $lang_prof_reg['Username too short'];
else if (pun_strlen($username) > 25) // This usually doesn't happen since the form element only accepts 25 characters
$errors[] = $lang_prof_reg['Username too long'];
else if (!strcasecmp($username, 'Guest') || !utf8_strcasecmp($username, $lang_common['Guest']))
$errors[] = $lang_prof_reg['Username guest'];
else if (preg_match('%[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}%', $username) || preg_match('%((([0-9A-Fa-f]{1,4}:){7}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){6}:[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){5}:([0-9A-Fa-f]{1,4}:)?[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){4}:([0-9A-Fa-f]{1,4}:){0,2}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){3}:([0-9A-Fa-f]{1,4}:){0,3}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){2}:([0-9A-Fa-f]{1,4}:){0,4}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){6}((\b((25[0-5])|(1\d{2})|(2[0-4]\d)|(\d{1,2}))\b)\.){3}(\b((25[0-5])|(1\d{2})|(2[0-4]\d)|(\d{1,2}))\b))|(([0-9A-Fa-f]{1,4}:){0,5}:((\b((25[0-5])|(1\d{2})|(2[0-4]\d)|(\d{1,2}))\b)\.){3}(\b((25[0-5])|(1\d{2})|(2[0-4]\d)|(\d{1,2}))\b))|(::([0-9A-Fa-f]{1,4}:){0,5}((\b((25[0-5])|(1\d{2})|(2[0-4]\d)|(\d{1,2}))\b)\.){3}(\b((25[0-5])|(1\d{2})|(2[0-4]\d)|(\d{1,2}))\b))|([0-9A-Fa-f]{1,4}::([0-9A-Fa-f]{1,4}:){0,5}[0-9A-Fa-f]{1,4})|(::([0-9A-Fa-f]{1,4}:){0,6}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){1,7}:))%', $username))
$errors[] = $lang_prof_reg['Username IP'];
else if ((strpos($username, '[') !== false || strpos($username, ']') !== false) && strpos($username, '\'') !== false && strpos($username, '"') !== false)
$errors[] = $lang_prof_reg['Username reserved chars'];
else if (preg_match('%(?:\[/?(?:b|u|s|ins|del|em|i|h|colou?r|quote|code|img|url|email|list|\*|topic|post|forum|user)\]|\[(?:img|url|quote|list)=)%i', $username))
$errors[] = $lang_prof_reg['Username BBCode'];
// Check username for any censored words
if ($pun_config['o_censoring'] == '1' && censor_words($username) != $username)
$errors[] = $lang_register['Username censor'];
// Check that the username (or a too similar username) is not already registered
$query = (!is_null($exclude_id)) ? ' AND id!='.$exclude_id : '';
$result = $db->query('SELECT username FROM '.$db->prefix.'users WHERE (UPPER(username)=UPPER(\''.$db->escape($username).'\') OR UPPER(username)=UPPER(\''.$db->escape(ucp_preg_replace('%[^\p{L}\p{N}]%u', '', $username)).'\')) AND id>1'.$query) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());
if ($db->num_rows($result))
{
$busy = $db->result($result);
$errors[] = $lang_register['Username dupe 1'].' '.pun_htmlspecialchars($busy).'. '.$lang_register['Username dupe 2'];
}
// Check username for any banned usernames
foreach ($pun_bans as $cur_ban)
{
if ($cur_ban['username'] != '' && utf8_strtolower($username) == utf8_strtolower($cur_ban['username']))
{
$errors[] = $lang_prof_reg['Banned username'];
break;
}
}
}
//
// Update "Users online"
//
function update_users_online()
{
global $db, $pun_config;
$now = time();
// Fetch all online list entries that are older than "o_timeout_online"
$result = $db->query('SELECT user_id, ident, logged, idle FROM '.$db->prefix.'online WHERE logged<'.($now-$pun_config['o_timeout_online'])) or error('Unable to fetch old entries from online list', __FILE__, __LINE__, $db->error());
while ($cur_user = $db->fetch_assoc($result))
{
// If the entry is a guest, delete it
if ($cur_user['user_id'] == '1')
$db->query('DELETE FROM '.$db->prefix.'online WHERE ident=\''.$db->escape($cur_user['ident']).'\'') or error('Unable to delete from online list', __FILE__, __LINE__, $db->error());
else
{
// If the entry is older than "o_timeout_visit", update last_visit for the user in question, then delete him/her from the online list
if ($cur_user['logged'] < ($now-$pun_config['o_timeout_visit']))
{
$db->query('UPDATE '.$db->prefix.'users SET last_visit='.$cur_user['logged'].' WHERE id='.$cur_user['user_id']) or error('Unable to update user visit data', __FILE__, __LINE__, $db->error());
$db->query('DELETE FROM '.$db->prefix.'online WHERE user_id='.$cur_user['user_id']) or error('Unable to delete from online list', __FILE__, __LINE__, $db->error());
}
else if ($cur_user['idle'] == '0')
$db->query('UPDATE '.$db->prefix.'online SET idle=1 WHERE user_id='.$cur_user['user_id']) or error('Unable to insert into online list', __FILE__, __LINE__, $db->error());
}
}
}
//
// Display the profile navigation menu
//
function generate_profile_menu($page = '')
{
global $lang_profile, $pun_config, $pun_user, $id;
?>
>
>
>
>
>
>
>
';
break;
}
}
return $avatar_markup;
}
//
// Generate browser's title
//
function generate_page_title($page_title, $p = null)
{
global $lang_common;
if (!is_array($page_title))
$page_title = array($page_title);
$page_title = array_reverse($page_title);
if ($p > 1)
$page_title[0] .= ' ('.sprintf($lang_common['Page'], forum_number_format($p)).')';
$crumbs = implode($lang_common['Title separator'], $page_title);
return $crumbs;
}
//
// Save array of tracked topics in cookie
//
function set_tracked_topics($tracked_topics)
{
global $cookie_name, $cookie_path, $cookie_domain, $cookie_secure, $pun_config;
$cookie_data = '';
if (!empty($tracked_topics))
{
// Sort the arrays (latest read first)
arsort($tracked_topics['topics'], SORT_NUMERIC);
arsort($tracked_topics['forums'], SORT_NUMERIC);
// Homebrew serialization (to avoid having to run unserialize() on cookie data)
foreach ($tracked_topics['topics'] as $id => $timestamp)
$cookie_data .= 't'.$id.'='.$timestamp.';';
foreach ($tracked_topics['forums'] as $id => $timestamp)
$cookie_data .= 'f'.$id.'='.$timestamp.';';
// Enforce a byte size limit (4096 minus some space for the cookie name - defaults to 4048)
if (strlen($cookie_data) > FORUM_MAX_COOKIE_SIZE)
{
$cookie_data = substr($cookie_data, 0, FORUM_MAX_COOKIE_SIZE);
$cookie_data = substr($cookie_data, 0, strrpos($cookie_data, ';')).';';
}
}
forum_setcookie($cookie_name.'_track', $cookie_data, time() + $pun_config['o_timeout_visit']);
$_COOKIE[$cookie_name.'_track'] = $cookie_data; // Set it directly in $_COOKIE as well
}
//
// Extract array of tracked topics from cookie
//
function get_tracked_topics()
{
global $cookie_name;
$cookie_data = isset($_COOKIE[$cookie_name.'_track']) ? $_COOKIE[$cookie_name.'_track'] : false;
if (!$cookie_data)
return array('topics' => array(), 'forums' => array());
if (strlen($cookie_data) > FORUM_MAX_COOKIE_SIZE)
return array('topics' => array(), 'forums' => array());
// Unserialize data from cookie
$tracked_topics = array('topics' => array(), 'forums' => array());
$temp = explode(';', $cookie_data);
foreach ($temp as $t)
{
$type = substr($t, 0, 1) == 'f' ? 'forums' : 'topics';
$id = intval(substr($t, 1));
$timestamp = intval(substr($t, strpos($t, '=') + 1));
if ($id > 0 && $timestamp > 0)
$tracked_topics[$type][$id] = $timestamp;
}
return $tracked_topics;
}
//
// Shortcut method for executing all callbacks registered with the addon manager for the given hook
//
function flux_hook($name)
{
global $flux_addons;
$flux_addons->hook($name);
}
//
// Update posts, topics, last_post, last_post_id and last_poster for a forum
//
function update_forum($forum_id)
{
global $db;
$result = $db->query('SELECT COUNT(id), SUM(num_replies) FROM '.$db->prefix.'topics WHERE forum_id='.$forum_id) or error('Unable to fetch forum topic count', __FILE__, __LINE__, $db->error());
list($num_topics, $num_posts) = $db->fetch_row($result);
$num_posts = $num_posts + $num_topics; // $num_posts is only the sum of all replies (we have to add the topic posts)
$result = $db->query('SELECT last_post, last_post_id, last_poster FROM '.$db->prefix.'topics WHERE forum_id='.$forum_id.' AND moved_to IS NULL ORDER BY last_post DESC LIMIT 1') or error('Unable to fetch last_post/last_post_id/last_poster', __FILE__, __LINE__, $db->error());
if ($db->num_rows($result)) // There are topics in the forum
{
list($last_post, $last_post_id, $last_poster) = $db->fetch_row($result);
$db->query('UPDATE '.$db->prefix.'forums SET num_topics='.$num_topics.', num_posts='.$num_posts.', last_post='.$last_post.', last_post_id='.$last_post_id.', last_poster=\''.$db->escape($last_poster).'\' WHERE id='.$forum_id) or error('Unable to update last_post/last_post_id/last_poster', __FILE__, __LINE__, $db->error());
}
else // There are no topics
$db->query('UPDATE '.$db->prefix.'forums SET num_topics='.$num_topics.', num_posts='.$num_posts.', last_post=NULL, last_post_id=NULL, last_poster=NULL WHERE id='.$forum_id) or error('Unable to update last_post/last_post_id/last_poster', __FILE__, __LINE__, $db->error());
}
//
// Deletes any avatars owned by the specified user ID
//
function delete_avatar($user_id)
{
global $pun_config;
$filetypes = array('jpg', 'gif', 'png');
// Delete user avatar
foreach ($filetypes as $cur_type)
{
if (file_exists(PUN_ROOT.$pun_config['o_avatars_dir'].'/'.$user_id.'.'.$cur_type))
@unlink(PUN_ROOT.$pun_config['o_avatars_dir'].'/'.$user_id.'.'.$cur_type);
}
}
//
// Delete a topic and all of its posts
//
function delete_topic($topic_id)
{
global $db;
// Delete the topic and any redirect topics
$db->query('DELETE FROM '.$db->prefix.'topics WHERE id='.$topic_id.' OR moved_to='.$topic_id) or error('Unable to delete topic', __FILE__, __LINE__, $db->error());
// Create a list of the post IDs in this topic
$post_ids = '';
$result = $db->query('SELECT id FROM '.$db->prefix.'posts WHERE topic_id='.$topic_id) or error('Unable to fetch posts', __FILE__, __LINE__, $db->error());
while ($row = $db->fetch_row($result))
$post_ids .= ($post_ids != '') ? ','.$row[0] : $row[0];
// Make sure we have a list of post IDs
if ($post_ids != '')
{
strip_search_index($post_ids);
// Delete posts in topic
$db->query('DELETE FROM '.$db->prefix.'posts WHERE topic_id='.$topic_id) or error('Unable to delete posts', __FILE__, __LINE__, $db->error());
}
// Delete any subscriptions for this topic
$db->query('DELETE FROM '.$db->prefix.'topic_subscriptions WHERE topic_id='.$topic_id) or error('Unable to delete subscriptions', __FILE__, __LINE__, $db->error());
}
//
// Delete a single post
//
function delete_post($post_id, $topic_id)
{
global $db;
$result = $db->query('SELECT id, poster, posted FROM '.$db->prefix.'posts WHERE topic_id='.$topic_id.' ORDER BY id DESC LIMIT 2') or error('Unable to fetch post info', __FILE__, __LINE__, $db->error());
list($last_id, ,) = $db->fetch_row($result);
list($second_last_id, $second_poster, $second_posted) = $db->fetch_row($result);
// Delete the post
$db->query('DELETE FROM '.$db->prefix.'posts WHERE id='.$post_id) or error('Unable to delete post', __FILE__, __LINE__, $db->error());
strip_search_index($post_id);
// Count number of replies in the topic
$result = $db->query('SELECT COUNT(id) FROM '.$db->prefix.'posts WHERE topic_id='.$topic_id) or error('Unable to fetch post count for topic', __FILE__, __LINE__, $db->error());
$num_replies = $db->result($result, 0) - 1;
// If the message we deleted is the most recent in the topic (at the end of the topic)
if ($last_id == $post_id)
{
// If there is a $second_last_id there is more than 1 reply to the topic
if (!empty($second_last_id))
$db->query('UPDATE '.$db->prefix.'topics SET last_post='.$second_posted.', last_post_id='.$second_last_id.', last_poster=\''.$db->escape($second_poster).'\', num_replies='.$num_replies.' WHERE id='.$topic_id) or error('Unable to update topic', __FILE__, __LINE__, $db->error());
else
// We deleted the only reply, so now last_post/last_post_id/last_poster is posted/id/poster from the topic itself
$db->query('UPDATE '.$db->prefix.'topics SET last_post=posted, last_post_id=id, last_poster=poster, num_replies='.$num_replies.' WHERE id='.$topic_id) or error('Unable to update topic', __FILE__, __LINE__, $db->error());
}
else
// Otherwise we just decrement the reply counter
$db->query('UPDATE '.$db->prefix.'topics SET num_replies='.$num_replies.' WHERE id='.$topic_id) or error('Unable to update topic', __FILE__, __LINE__, $db->error());
}
//
// Delete every .php file in the forum's cache directory
//
function forum_clear_cache()
{
$d = dir(FORUM_CACHE_DIR);
while (($entry = $d->read()) !== false)
{
if (substr($entry, -4) == '.php')
@unlink(FORUM_CACHE_DIR.$entry);
}
$d->close();
}
//
// Replace censored words in $text
//
function censor_words($text)
{
global $db;
static $search_for, $replace_with;
// If not already built in a previous call, build an array of censor words and their replacement text
if (!isset($search_for))
{
if (file_exists(FORUM_CACHE_DIR.'cache_censoring.php'))
include FORUM_CACHE_DIR.'cache_censoring.php';
if (!defined('PUN_CENSOR_LOADED'))
{
if (!defined('FORUM_CACHE_FUNCTIONS_LOADED'))
require PUN_ROOT.'include/cache.php';
generate_censoring_cache();
require FORUM_CACHE_DIR.'cache_censoring.php';
}
}
if (!empty($search_for))
$text = substr(ucp_preg_replace($search_for, $replace_with, ' '.$text.' '), 1, -1);
return $text;
}
//
// Determines the correct title for $user
// $user must contain the elements 'username', 'title', 'posts', 'g_id' and 'g_user_title'
//
function get_title($user)
{
global $pun_bans, $lang_common;
static $ban_list;
// If not already built in a previous call, build an array of lowercase banned usernames
if (empty($ban_list))
{
$ban_list = array();
foreach ($pun_bans as $cur_ban)
$ban_list[] = utf8_strtolower($cur_ban['username']);
}
// If the user is banned
if (in_array(utf8_strtolower($user['username']), $ban_list))
$user_title = $lang_common['Banned'];
// If the user has a custom title
else if ($user['title'] != '')
$user_title = pun_htmlspecialchars($user['title']);
// If the user group has a default user title
else if ($user['g_user_title'] != '')
$user_title = pun_htmlspecialchars($user['g_user_title']);
// If the user is a guest
else if ($user['g_id'] == PUN_GUEST)
$user_title = $lang_common['Guest'];
// If nothing else helps, we assign the default
else
$user_title = $lang_common['Member'];
return $user_title;
}
//
// Generate a string with numbered links (for multipage scripts)
//
function paginate($num_pages, $cur_page, $link)
{
global $lang_common;
$pages = array();
$link_to_all = false;
// If $cur_page == -1, we link to all pages (used in viewforum.php)
if ($cur_page == -1)
{
$cur_page = 1;
$link_to_all = true;
}
if ($num_pages <= 1)
$pages = array('1');
else
{
// Add a previous page link
if ($num_pages > 1 && $cur_page > 1)
$pages[] = ''.$lang_common['Previous'].'';
if ($cur_page > 3)
{
$pages[] = '1';
if ($cur_page > 5)
$pages[] = ''.$lang_common['Spacer'].'';
}
// Don't ask me how the following works. It just does, OK? :-)
for ($current = ($cur_page == 5) ? $cur_page - 3 : $cur_page - 2, $stop = ($cur_page + 4 == $num_pages) ? $cur_page + 4 : $cur_page + 3; $current < $stop; ++$current)
{
if ($current < 1 || $current > $num_pages)
continue;
else if ($current != $cur_page || $link_to_all)
$pages[] = ''.forum_number_format($current).'';
else
$pages[] = ''.forum_number_format($current).'';
}
if ($cur_page <= ($num_pages-3))
{
if ($cur_page != ($num_pages-3) && $cur_page != ($num_pages-4))
$pages[] = ''.$lang_common['Spacer'].'';
$pages[] = ''.forum_number_format($num_pages).'';
}
// Add a next page link
if ($num_pages > 1 && !$link_to_all && $cur_page < $num_pages)
$pages[] = ''.$lang_common['Next'].'';
}
return implode(' ', $pages);
}
//
// Display a message
//
function message($message, $no_back_link = false, $http_status = null)
{
global $db, $lang_common, $pun_config, $pun_start, $tpl_main, $pun_user;
// Did we receive a custom header?
if(!is_null($http_status)) {
header('HTTP/1.1 ' . $http_status);
}
if (!defined('PUN_HEADER'))
{
$page_title = array(pun_htmlspecialchars($pun_config['o_board_title']), $lang_common['Info']);
define('PUN_ACTIVE_PAGE', 'index');
require PUN_ROOT.'header.php';
}
?>
=PHP5.5)
//
function pun_password_hash($pass)
{
global $password_hash_cost;
$cost = $password_hash_cost;
if (empty($cost))
$cost = 10;
if (function_exists('password_hash'))
return password_hash($pass, PASSWORD_DEFAULT, array('cost' => $cost));
else
return pun_hash($pass);
}
//
// Verify that $pass and $hash match
// This supports any password hashing algorithm
// used by pun_password_hash
//
function pun_password_verify($pass, $hash)
{
if (!empty($hash) && $hash[0] !== '$')
return pun_hash_equals(pun_hash($pass), $hash);
else
return password_verify($pass, $hash);
}
//
// Verify that $pass and $hash match
// This supports any password hashing algorithm
// used by pun_password_hash, but is also
// backwards-compatable with older versions of this software.
//
function pun_password_verify_legacy($pass, $hash, $salt = null)
{
// MD5 from 1.2
if (strlen($hash) < 40)
return pun_hash_equals(md5($pass), $hash);
// SHA1-With-Salt from 1.3
if (!empty($salt))
return pun_hash_equals(sha1($salt . sha1($pass)), $hash);
// SHA1-Without-Salt from 1.4
if (strlen($hash) == 40)
return pun_hash_equals(sha1($pass), $hash);
// Support current password standard
return pun_password_verify($pass, $hash);
}
//
// Check if $hash is outdated and needs to be rehashed
//
function pun_password_needs_rehash($hash)
{
global $password_hash_cost;
// Determine appropriate cost
$cost = $password_hash_cost;
if (empty($cost))
$cost = 10;
// Check for legacy md5 hash
if (strlen($hash) < 40)
return true;
// Check for legacy sha1 hash. Note: legacy sha1 is used
// if password_hash is not available
if (function_exists('password_hash') && strlen($hash) == 40)
return true;
// Check for out-of-date hash type or cost
if (function_exists('password_needs_rehash'))
return password_needs_rehash($hash, PASSWORD_DEFAULT, array('cost' => $cost));
return false;
}
//
// Generate a random password of length $len
// Compatibility wrapper for random_key
//
function random_pass($len)
{
return random_key($len, true);
}
//
// Compute a hash of $str
//
function pun_hash($str)
{
return sha1($str);
}
//
// Compare two strings in constant time
// Inspired by WordPress
//
function pun_hash_equals($a, $b)
{
if (function_exists('hash_equals'))
return hash_equals((string) $a, (string) $b);
$a_length = strlen($a);
if ($a_length !== strlen($b))
return false;
$result = 0;
// Do not attempt to "optimize" this.
for ($i = 0; $i < $a_length; $i++)
$result |= ord($a[$i]) ^ ord($b[$i]);
return $result === 0;
}
//
// Compute a random hash used against CSRF attacks
//
function pun_csrf_token()
{
global $pun_user;
static $token;
if (!isset($token))
$token = pun_hash($pun_user['id'].$pun_user['password'].pun_hash(get_remote_address()));
return $token;
}
//
// Check if the CSRF hash is correct
//
function check_csrf($token)
{
global $lang_common;
$is_hash_authorized = pun_hash_equals($token, pun_csrf_token());
if (!isset($token) || !$is_hash_authorized)
message($lang_common['Bad csrf hash'], false, '404 Not Found');
}
//
// Try to determine the correct remote IP-address
//
function get_remote_address()
{
$remote_addr = $_SERVER['REMOTE_ADDR'];
// If we are behind a reverse proxy try to find the real users IP
if (defined('FORUM_BEHIND_REVERSE_PROXY'))
{
if (isset($_SERVER['HTTP_X_FORWARDED_FOR']))
{
// The general format of the field is:
// X-Forwarded-For: client1, proxy1, proxy2
// where the value is a comma+space separated list of IP addresses, the left-most being the farthest downstream client,
// and each successive proxy that passed the request adding the IP address where it received the request from.
$forwarded_for = explode(',', $_SERVER['HTTP_X_FORWARDED_FOR']);
$forwarded_for = trim($forwarded_for[0]);
if (@preg_match('%^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$%', $forwarded_for) || @preg_match('%^((([0-9A-Fa-f]{1,4}:){7}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){6}:[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){5}:([0-9A-Fa-f]{1,4}:)?[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){4}:([0-9A-Fa-f]{1,4}:){0,2}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){3}:([0-9A-Fa-f]{1,4}:){0,3}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){2}:([0-9A-Fa-f]{1,4}:){0,4}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){6}((\b((25[0-5])|(1\d{2})|(2[0-4]\d)|(\d{1,2}))\b)\.){3}(\b((25[0-5])|(1\d{2})|(2[0-4]\d)|(\d{1,2}))\b))|(([0-9A-Fa-f]{1,4}:){0,5}:((\b((25[0-5])|(1\d{2})|(2[0-4]\d)|(\d{1,2}))\b)\.){3}(\b((25[0-5])|(1\d{2})|(2[0-4]\d)|(\d{1,2}))\b))|(::([0-9A-Fa-f]{1,4}:){0,5}((\b((25[0-5])|(1\d{2})|(2[0-4]\d)|(\d{1,2}))\b)\.){3}(\b((25[0-5])|(1\d{2})|(2[0-4]\d)|(\d{1,2}))\b))|([0-9A-Fa-f]{1,4}::([0-9A-Fa-f]{1,4}:){0,5}[0-9A-Fa-f]{1,4})|(::([0-9A-Fa-f]{1,4}:){0,6}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){1,7}:))$%', $forwarded_for))
$remote_addr = $forwarded_for;
}
}
return $remote_addr;
}
//
// Calls htmlspecialchars with a few options already set
//
function pun_htmlspecialchars($str)
{
return htmlspecialchars($str, ENT_QUOTES, 'UTF-8');
}
//
// Calls htmlspecialchars_decode with a few options already set
//
function pun_htmlspecialchars_decode($str)
{
if (function_exists('htmlspecialchars_decode'))
return htmlspecialchars_decode($str, ENT_QUOTES);
static $translations;
if (!isset($translations))
{
$translations = get_html_translation_table(HTML_SPECIALCHARS, ENT_QUOTES);
$translations['''] = '\''; // get_html_translation_table doesn't include ' which is what htmlspecialchars translates ' to, but apparently that is okay?! http://bugs.php.net/bug.php?id=25927
$translations = array_flip($translations);
}
return strtr($str, $translations);
}
//
// A wrapper for utf8_strlen for compatibility
//
function pun_strlen($str)
{
return utf8_strlen($str);
}
//
// Convert \r\n and \r to \n
//
function pun_linebreaks($str)
{
return str_replace(array("\r\n", "\r"), "\n", $str);
}
//
// A wrapper for utf8_trim for compatibility
//
function pun_trim($str, $charlist = false)
{
return is_string($str) ? utf8_trim($str, $charlist) : '';
}
//
// Checks if a string is in all uppercase
//
function is_all_uppercase($string)
{
return utf8_strtoupper($string) == $string && utf8_strtolower($string) != $string;
}
//
// Inserts $element into $input at $offset
// $offset can be either a numerical offset to insert at (eg: 0 inserts at the beginning of the array)
// or a string, which is the key that the new element should be inserted before
// $key is optional: it's used when inserting a new key/value pair into an associative array
//
function array_insert(&$input, $offset, $element, $key = null)
{
if (is_null($key))
$key = $offset;
// Determine the proper offset if we're using a string
if (!is_int($offset))
$offset = array_search($offset, array_keys($input), true);
// Out of bounds checks
if ($offset > count($input))
$offset = count($input);
else if ($offset < 0)
$offset = 0;
$input = array_merge(array_slice($input, 0, $offset), array($key => $element), array_slice($input, $offset));
}
//
// Display a message when board is in maintenance mode
//
function maintenance_message()
{
global $db, $pun_config, $lang_common, $pun_user;
header('HTTP/1.1 503 Service Unavailable');
// Send no-cache headers
header('Expires: Thu, 21 Jul 1977 07:30:00 GMT'); // When yours truly first set eyes on this world! :)
header('Last-Modified: '.gmdate('D, d M Y H:i:s').' GMT');
header('Cache-Control: post-check=0, pre-check=0', false);
header('Pragma: no-cache'); // For HTTP/1.0 compatibility
// Send the Content-type header in case the web server is setup to send something else
header('Content-type: text/html; charset=utf-8');
// Deal with newlines, tabs and multiple spaces
$pattern = array("\t", ' ', ' ');
$replace = array(' ', ' ', ' ');
$message = str_replace($pattern, $replace, $pun_config['o_maintenance_message']);
if (file_exists(PUN_ROOT.'style/'.$pun_user['style'].'/maintenance.tpl'))
{
$tpl_file = PUN_ROOT.'style/'.$pun_user['style'].'/maintenance.tpl';
$tpl_inc_dir = PUN_ROOT.'style/'.$pun_user['style'].'/';
}
else
{
$tpl_file = PUN_ROOT.'include/template/maintenance.tpl';
$tpl_inc_dir = PUN_ROOT.'include/user/';
}
$tpl_maint = file_get_contents($tpl_file);
// START SUBST -
preg_match_all('%%i', $tpl_maint, $pun_includes, PREG_SET_ORDER);
foreach ($pun_includes as $cur_include)
{
ob_start();
// Allow for overriding user includes, too.
if (file_exists($tpl_inc_dir.$cur_include[1].'.'.$cur_include[2]))
require $tpl_inc_dir.$cur_include[1].'.'.$cur_include[2];
else if (file_exists(PUN_ROOT.'include/user/'.$cur_include[1].'.'.$cur_include[2]))
require PUN_ROOT.'include/user/'.$cur_include[1].'.'.$cur_include[2];
else
error(sprintf($lang_common['Pun include error'], htmlspecialchars($cur_include[0]), basename($tpl_file)));
$tpl_temp = ob_get_contents();
$tpl_maint = str_replace($cur_include[0], $tpl_temp, $tpl_maint);
ob_end_clean();
}
// END SUBST -
// START SUBST -
$tpl_maint = str_replace('', $lang_common['lang_identifier'], $tpl_maint);
// END SUBST -
// START SUBST -
$tpl_maint = str_replace('', $lang_common['lang_direction'], $tpl_maint);
// END SUBST -
// START SUBST -
ob_start();
$page_title = array(pun_htmlspecialchars($pun_config['o_board_title']), $lang_common['Maintenance']);
?>
', $tpl_temp, $tpl_maint);
ob_end_clean();
// END SUBST -
// START SUBST -
ob_start();
?>
', $tpl_temp, $tpl_maint);
ob_end_clean();
// END SUBST -
// End the transaction
$db->end_transaction();
// Close the db connection (and free up any result data)
$db->close();
exit($tpl_maint);
}
//
// Display $message and redirect user to $destination_url
//
function redirect($destination_url, $message)
{
global $db, $pun_config, $lang_common, $pun_user;
// Prefix with base_url (unless there's already a valid URI)
if (strpos($destination_url, 'http://') !== 0 && strpos($destination_url, 'https://') !== 0 && strpos($destination_url, '/') !== 0)
$destination_url = get_base_url(true).'/'.$destination_url;
// Do a little spring cleaning
$destination_url = preg_replace('%([\r\n])|(\%0[ad])|(;\s*data\s*:)%i', '', $destination_url);
// If the delay is 0 seconds, we might as well skip the redirect all together
if ($pun_config['o_redirect_delay'] == '0')
{
$db->end_transaction();
$db->close();
header('Location: '.str_replace('&', '&', $destination_url));
exit;
}
// Send no-cache headers
header('Expires: Thu, 21 Jul 1977 07:30:00 GMT'); // When yours truly first set eyes on this world! :)
header('Last-Modified: '.gmdate('D, d M Y H:i:s').' GMT');
header('Cache-Control: post-check=0, pre-check=0', false);
header('Pragma: no-cache'); // For HTTP/1.0 compatibility
// Send the Content-type header in case the web server is setup to send something else
header('Content-type: text/html; charset=utf-8');
if (file_exists(PUN_ROOT.'style/'.$pun_user['style'].'/redirect.tpl'))
{
$tpl_file = PUN_ROOT.'style/'.$pun_user['style'].'/redirect.tpl';
$tpl_inc_dir = PUN_ROOT.'style/'.$pun_user['style'].'/';
}
else
{
$tpl_file = PUN_ROOT.'include/template/redirect.tpl';
$tpl_inc_dir = PUN_ROOT.'include/user/';
}
$tpl_redir = file_get_contents($tpl_file);
// START SUBST -
preg_match_all('%%i', $tpl_redir, $pun_includes, PREG_SET_ORDER);
foreach ($pun_includes as $cur_include)
{
ob_start();
// Allow for overriding user includes, too.
if (file_exists($tpl_inc_dir.$cur_include[1].'.'.$cur_include[2]))
require $tpl_inc_dir.$cur_include[1].'.'.$cur_include[2];
else if (file_exists(PUN_ROOT.'include/user/'.$cur_include[1].'.'.$cur_include[2]))
require PUN_ROOT.'include/user/'.$cur_include[1].'.'.$cur_include[2];
else
error(sprintf($lang_common['Pun include error'], htmlspecialchars($cur_include[0]), basename($tpl_file)));
$tpl_temp = ob_get_contents();
$tpl_redir = str_replace($cur_include[0], $tpl_temp, $tpl_redir);
ob_end_clean();
}
// END SUBST -
// START SUBST -
$tpl_redir = str_replace('', $lang_common['lang_identifier'], $tpl_redir);
// END SUBST -
// START SUBST -
$tpl_redir = str_replace('', $lang_common['lang_direction'], $tpl_redir);
// END SUBST -
// START SUBST -
ob_start();
$page_title = array(pun_htmlspecialchars($pun_config['o_board_title']), $lang_common['Redirecting']);
?>
', $tpl_temp, $tpl_redir);
ob_end_clean();
// END SUBST -
// START SUBST -
ob_start();
?>
', $tpl_temp, $tpl_redir);
ob_end_clean();
// END SUBST -
// START SUBST -
ob_start();
// End the transaction
$db->end_transaction();
// Display executed queries (if enabled)
if (defined('PUN_SHOW_QUERIES'))
display_saved_queries();
$tpl_temp = trim(ob_get_contents());
$tpl_redir = str_replace('', $tpl_temp, $tpl_redir);
ob_end_clean();
// END SUBST -
// Close the db connection (and free up any result data)
$db->close();
exit($tpl_redir);
}
//
// Display a simple error message
//
function error($message, $file = null, $line = null, $db_error = false)
{
global $pun_config, $lang_common;
// Set some default settings if the script failed before $pun_config could be populated
if (empty($pun_config))
{
$pun_config = array(
'o_board_title' => 'FluxBB',
'o_gzip' => '0'
);
}
// Set some default translations if the script failed before $lang_common could be populated
if (empty($lang_common))
{
$lang_common = array(
'Title separator' => ' / ',
'Page' => 'Page %s'
);
}
// Empty all output buffers and stop buffering
while (@ob_end_clean());
// "Restart" output buffering if we are using ob_gzhandler (since the gzip header is already sent)
if ($pun_config['o_gzip'] && extension_loaded('zlib'))
ob_start('ob_gzhandler');
header('HTTP/1.1 500 Internal Server Error');
// Send no-cache headers
header('Expires: Thu, 21 Jul 1977 07:30:00 GMT'); // When yours truly first set eyes on this world! :)
header('Last-Modified: '.gmdate('D, d M Y H:i:s').' GMT');
header('Cache-Control: post-check=0, pre-check=0', false);
header('Pragma: no-cache'); // For HTTP/1.0 compatibility
// Send the Content-type header in case the web server is setup to send something else
header('Content-type: text/html; charset=utf-8');
?>
An error was encountered
File: '.$file.' '."\n\t\t".'Line: '.$line.'
'."\n\t\t".'FluxBB reported: '.$message."\n";
if ($db_error)
{
echo "\t\t".'