" . ANONYMOUS; $result = $db->sql_query($sql); return ($row = $db->sql_fetchrow($result)) ? $row : false; } function get_forum_branch($forum_id, $type = 'all', $order = 'descending', $include_forum = TRUE) { global $db; switch ($type) { case 'parents': $condition = 'f1.left_id BETWEEN f2.left_id AND f2.right_id'; break; case 'children': $condition = 'f2.left_id BETWEEN f1.left_id AND f1.right_id'; break; default: $condition = 'f2.left_id BETWEEN f1.left_id AND f1.right_id OR f1.left_id BETWEEN f2.left_id AND f2.right_id'; } $rows = array(); $sql = 'SELECT f2.* FROM (' . FORUMS_TABLE . ' f1 LEFT JOIN ' . FORUMS_TABLE . " f2 ON $condition) WHERE f1.forum_id = $forum_id ORDER BY f2.left_id " . (($order == 'descending') ? 'ASC' : 'DESC'); $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) { if (!$include_forum && $row['forum_id'] == $forum_id) { continue; } $rows[] = $row; } return $rows; } // Create forum navigation links for given forum, create parent // list if currently null, assign basic forum info to template function generate_forum_nav(&$forum_data) { global $db, $user, $template; // Get forum parents $forum_parents = array(); if ($forum_data['parent_id'] > 0) { if (empty($forum_data['forum_parents'])) { $sql = 'SELECT forum_id, forum_name FROM ' . FORUMS_TABLE . ' WHERE left_id < ' . $forum_data['left_id'] . ' AND right_id > ' . $forum_data['right_id'] . ' ORDER BY left_id ASC'; $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) { $forum_parents[$row['forum_id']] = $row['forum_name']; } $sql = 'UPDATE ' . FORUMS_TABLE . " SET forum_parents = '" . sql_escape(serialize($forum_parents)) . "' WHERE parent_id = " . $forum_data['parent_id']; $db->sql_query($sql); } else { $forum_parents = unserialize($forum_data['forum_parents']); } } // Build navigation links foreach ($forum_parents as $parent_forum_id => $parent_name) { $template->assign_block_vars('navlinks', array( 'FORUM_NAME' => $parent_name, 'U_VIEW_FORUM' => 'viewforum.' . $phpEx . $SID . '&f=' . $parent_forum_id )); } $template->assign_block_vars('navlinks', array( 'FORUM_NAME' => $forum_data['forum_name'], 'U_VIEW_FORUM' => 'viewforum.' . $phpEx . $SID . '&f=' . $forum_id )); $template->assign_vars(array( 'FORUM_ID' => $forum_id, 'FORUM_NAME' => $forum_data['forum_name'], 'FORUM_DESC' => strip_tags($forum_data['forum_desc']) )); return; } // Obtain list of moderators of each forum function get_moderators(&$forum_moderators, $forum_id = false) { global $SID, $db, $acl_options, $phpEx; if (!empty($forum_id) && is_array($forum_id)) { $forum_sql = 'AND forum_id IN (' . implode(', ', $forum_id) . ')'; } else { $forum_sql = ($forum_id) ? 'AND forum_id = ' . $forum_id : ''; } $sql = 'SELECT * FROM ' . MODERATOR_TABLE . " WHERE display_on_index = 1 $forum_sql"; $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) { $forum_moderators[$row['forum_id']][] = (!empty($row['user_id'])) ? '' . $row['username'] . '' : '' . $row['groupname'] . ''; } $db->sql_freeresult($result); return; } // User authorisation levels output function get_forum_rules($mode, &$rules, &$forum_id) { global $SID, $auth, $user; $rules .= (($auth->acl_gets('f_post', 'm_', 'a_', $forum_id)) ? $user->lang['Rules_post_can'] : $user->lang['Rules_post_cannot']) . '
'; $rules .= (($auth->acl_gets('f_reply', 'm_', 'a_', $forum_id)) ? $user->lang['Rules_reply_can'] : $user->lang['Rules_reply_cannot']) . '
'; $rules .= (($auth->acl_gets('f_edit', 'm_', 'a_', $forum_id)) ? $user->lang['Rules_edit_can'] : $user->lang['Rules_edit_cannot']) . '
'; $rules .= (($auth->acl_gets('f_delete', 'm_', 'a_', $forum_id) || $auth->acl_get('m_delete', $forum_id)) ? $user->lang['Rules_delete_can'] : $user->lang['Rules_delete_cannot']) . '
'; $rules .= (($auth->acl_gets('f_attach', 'm_', 'a_', $forum_id)) ? $user->lang['Rules_attach_can'] : $user->lang['Rules_attach_cannot']) . '
'; return; } function make_jumpbox($action, $forum_id = false) { global $auth, $template, $user, $db, $nav_links, $phpEx; $boxstring = ''; $template->assign_vars(array( 'L_GO' => $user->lang['Go'], 'L_JUMP_TO' => $user->lang['Jump_to'], 'S_JUMPBOX_SELECT' => $boxstring, 'S_JUMPBOX_ACTION' => $action) ); return; } // Pick a language, any language ... function language_select($default, $select_name = "language", $dirname="language") { global $phpEx; $dir = @opendir($dirname); $user = array(); while ($file = readdir($dir)) { if (!is_dir($dirname . '/' . $file)) { continue; } if (@file_exists($dirname . '/' . $file . '/iso.txt')) { list($displayname) = file($dirname . '/' . $file . '/iso.txt'); $lang[$displayname] = $file; } } @closedir($dir); @asort($lang); @reset($lang); $user_select = ''; return $user_select; } // Pick a template/theme combo, function style_select($default_style, $select_name = 'style', $dirname = 'templates') { global $db; $sql = "SELECT style_id, style_name FROM " . STYLES_TABLE . " ORDER BY style_name, style_id"; $result = $db->sql_query($sql); $style_select = '"; return $style_select; } // Pick a timezone function tz_select($default, $select_name = 'timezone') { global $sys_timezone, $user; $tz_select = ''; return $tz_select; } // Topic and forum watching common code function watch_topic_forum($mode, &$s_watching, &$s_watching_img, $user_id, $match_id, $notify_status = 'unset') { global $template, $db, $user, $phpEx, $SID, $start; $table_sql = ($mode == 'forum') ? FORUMS_WATCH_TABLE : TOPICS_WATCH_TABLE; $where_sql = ($mode == 'forum') ? 'forum_id' : 'topic_id'; $u_url = ($mode == 'forum') ? 'f' : 't'; // Is user watching this thread? if ($user_id) { $can_watch = TRUE; if ($notify_status == 'unset') { $sql = "SELECT notify_status FROM $table_sql WHERE $where_sql = $match_id AND user_id = $user_id"; $result = $db->sql_query($sql); if ($row = $db->sql_fetchrow($result)) { $notify_status = $row['notify_status']; } else { $notify_status = NULL; } } if (!is_null($notify_status)) { if (isset($_GET['unwatch'])) { if ($_GET['unwatch'] == $mode) { $is_watching = 0; $sql = "DELETE FROM " . $table_sql . " WHERE $where_sql = $match_id AND user_id = $user_id"; $db->sql_query($sql); } $template->assign_vars(array( 'META' => '') ); $message = $user->lang['No_longer_watching_' . $mode] . '

' . sprintf($user->lang['Click_return_' . $mode], '', ''); trigger_error($message); } else { $is_watching = TRUE; if ($notify_status) { $sql = "UPDATE " . $table_sql . " SET notify_status = 0 WHERE $where_sql = $match_id AND user_id = $user_id"; $db->sql_query($sql); } } } else { if (isset($_GET['watch'])) { if ($_GET['watch'] == $mode) { $is_watching = TRUE; $sql = "INSERT INTO " . $table_sql . " (user_id, $where_sql, notify_status) VALUES ($user_id, $match_id, 0)"; $db->sql_query($sql); } $template->assign_vars(array( 'META' => '') ); $message = $user->lang['You_are_watching_' . $mode] . '

' . sprintf($user->lang['Click_return_' . $mode], '', ''); trigger_error($message); } else { $is_watching = 0; } } } else { if (isset($_GET['unwatch'])) { if ($_GET['unwatch'] == $mode) { redirect("login.$phpEx$SID&redirect=view$mode.$phpEx&" . $u_url . "=$match_id&unwatch=forum"); } } else { $can_watch = 0; $is_watching = 0; } } if ($can_watch) { $s_watching = ($is_watching) ? '' . $user->lang['Stop_watching_' . $mode] . '' : '' . $user->lang['Start_watching_' . $mode] . ''; } return; } // Marks a topic or form as read in the 'lastread' table. function markread($mode, $forum_id=0, $topic_id=0, $post_id=0) { global $db; global $user; $user_id = $user->data['user_id']; if( $user_id == ANONYMOUS) { return; } switch($mode) { case 'mark': // Mark one forum as read. // Do this by inserting a record with -$forum_id in the 'forum_id' field. $sql = "SELECT forum_id FROM ".LASTREAD_TABLE." WHERE user_id = $user_id AND forum_id = -$forum_id"; if( !($result = $db->sql_query($sql)) ) { trigger_error('Could not select marked read data.'); } if( $db->sql_numrows($result) > 0 ) { // User has marked this topic as read before: Update the record $sql = "UPDATE LOW_PRIORITY ".LASTREAD_TABLE." SET lastread_time = UNIX_TIMESTAMP() WHERE user_id = $user_id AND forum_id = -$forum_id"; if( !($result = $db->sql_query($sql)) ) { trigger_error('Could not update marked read data.'); } } else { // User is marking this forum for the first time. // Insert dummy topic_id to satisfy PRIMARY KEY (user_id, topic_id) // dummy id = -forum_id $sql = "INSERT DELAYED INTO ".LASTREAD_TABLE." (user_id, forum_id, topic_id, lastread_time) VALUES ($user_id, -$forum_id, -$forum_id, UNIX_TIMESTAMP() )"; if( !($result = $db->sql_query($sql)) ) { trigger_error('Could not insert marked read data.'); } } break; case 'markall': // Mark all forums as read. // Select all forum_id's that are not yet in the lastread table $sql = "SELECT f.forum_id FROM ".FORUMS_TABLE." f LEFT JOIN ".LASTREAD_TABLE." lr ON ( lr.user_id = $user_id AND f.forum_id = -lr.forum_id) WHERE lr.forum_id IS NULL"; if( !($result = $db->sql_query($sql)) ) { trigger_error('Could not join lastread and forums table.'); } if( $db->sql_numrows($result) > 0) { // Some forum_id's are missing // We are not taking into account the auth data, even forums the user can't see are marked as read. $sql = "INSERT DELAYED INTO ".LASTREAD_TABLE." (user_id, forum_id, topic_id, lastread_time) VALUES\n"; $forum_insert = array(); while($row = $db->sql_fetchrow($result)) { // Insert dummy topic_id to satisfy PRIMARY KEY // dummy id = -forum_id $forum_insert[] = "($user_id, -".$row['forum_id'].", -".$row['forum_id'].", UNIX_TIMESTAMP())"; } $forum_insert = implode(",\n", $forum_insert); $sql .= $forum_insert; // Insert all missing forum id's if( !($result = $db->sql_query($sql)) ) { trigger_error('Could not insert forum rows in lastread table.'); } } // Mark all forums as read $sql = "UPDATE LOW_PRIORITY ".LASTREAD_TABLE." SET lastread_time = UNIX_TIMESTAMP() WHERE user_id = $user_id AND forum_id < 0"; if( !($result = $db->sql_query($sql)) ) { trigger_error('Could not update forum_id rows in lastread table.'); } break; case 'post': // Mark a topic as read and mark it as a topic where the user has made a post. $type = 1; case 'topic': // Mark a topic as read. // Type: // 0 = Normal topic // 1 = user made a post in this topic $type_update = (isset($type) && $type = 1) ? 'lastread_type = 1,' : ''; $sql = "UPDATE LOW_PRIORITY ".LASTREAD_TABLE." SET $type_update forum_id = $forum_id, lastread_time = UNIX_TIMESTAMP() WHERE topic_id = $topic_id AND user_id = $user_id"; if( !($result = $db->sql_query($sql)) ) { trigger_error('Could not update forum_id rows in lastread table.'); } else if ($db->sql_affectedrows($result) == 0) { // Couldn't update. Row probably doesn't exist. Insert one. if(isset($type) && $type = 1) { $type_name = 'lastread_type, '; $type_value = '1, '; } else { $type_name = ''; $type_value = ''; } $sql = "INSERT DELAYED INTO ".LASTREAD_TABLE." (user_id, topic_id, forum_id, $type_name lastread_time) VALUES ($user_id, $topic_id, $forum_id, $type_value UNIX_TIMESTAMP())"; if( !($result = $db->sql_query($sql)) ) { trigger_error('Could not update or insert row in lastread table.'); } } break; } } // Pagination routine, generates page number sequence function generate_pagination($base_url, $num_items, $per_page, $start_item, $add_prevnext_text = TRUE) { global $user; $total_pages = ceil($num_items/$per_page); if ($total_pages == 1 || !$num_items) { return ''; } $on_page = floor($start_item / $per_page) + 1; $page_string = ($on_page == 1) ? '1' : '' . $user->lang['Previous'] . '  1'; if ($total_pages > 5) { $start_cnt = min(max(1, $on_page - 4), $total_pages - 5); $end_cnt = max(min($total_pages, $on_page + 4), 6); $page_string .= ($start_cnt > 1) ? ' ... ' : ', '; for($i = $start_cnt + 1; $i < $end_cnt; $i++) { $page_string .= ($i == $on_page) ? '' . $i . '' : '' . $i . ''; if ($i < $end_cnt - 1) { $page_string .= ', '; } } $page_string .= ($end_cnt < $total_pages) ? ' ... ' : ', '; } else { $page_string .= ', '; for($i = 2; $i < $total_pages; $i++) { $page_string .= ($i == $on_page) ? '' . $i . '' : '' . $i . ''; if ($i < $total_pages) { $page_string .= ', '; } } } $page_string .= ($on_page == $total_pages) ? '' . $total_pages . '' : '' . $total_pages . '  ' . $user->lang['Next'] . ''; $page_string = $user->lang['Goto_page'] . ' ' . $page_string; return $page_string; } function on_page($num_items, $per_page, $start) { global $user; return sprintf($user->lang['Page_of'], floor($start / $per_page) + 1, max(ceil($num_items / $per_page), 1)); } // Obtain list of naughty words and build preg style replacement arrays for use by the // calling script, note that the vars are passed as references this just makes it easier // to return both sets of arrays function obtain_word_list(&$orig_word, &$replacement_word) { global $db; $sql = "SELECT word, replacement FROM " . WORDS_TABLE; $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) { $orig_word[] = '#\b(' . str_replace('\*', '\w*?', preg_quote($row['word'], '#')) . ')\b#i'; $replacement_word[] = $row['replacement']; } return true; } // Redirects the user to another page then exits the script nicely function redirect($url) { global $db, $config; if (isset($db)) { $db->sql_close(); } $protocol = ($config['cookie_secure']) ? 'https://' : 'http://'; $server = preg_replace('/^\/?(.*?)\/?$/', '\1', trim($config['server_name'])); $path = preg_replace('/^\/?(.*?)\/?$/', '/\1', trim($config['script_path'])); $port = ($config['server_port'] <> 80) ? ':' . trim($config['server_port']) . '/' : '/'; if (@preg_match('/Microsoft|WebSTAR|Xitami/', getenv('SERVER_SOFTWARE'))) { header('HTTP/1.0 302 Redirect'); } header('Location: ' . $protocol . $server . $path . $port . $url); exit; } // Check to see if the username has been taken, or if it is disallowed. // Also checks if it includes the " character, which we don't allow in usernames. // Used for registering, changing names, and posting anonymously with a username function validate_username($username) { global $db, $user; $username = sql_quote($username); $sql = "SELECT username FROM " . USERS_TABLE . " WHERE LOWER(username) = '" . strtolower($username) . "'"; $result = $db->sql_query($sql); if (($row = $db->sql_fetchrow($result)) && $row['username'] != $user->data['username']) { return $user->lang['Username_taken']; } $sql = "SELECT group_name FROM " . GROUPS_TABLE . " WHERE LOWER(group_name) = '" . strtolower($username) . "'"; $result = $db->sql_query($sql); if ($row = $db->sql_fetchrow($result)) { return $user->lang['Username_taken']; } $sql = "SELECT disallow_username FROM " . DISALLOW_TABLE; $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) { if (preg_match('#\b(' . str_replace('\*', '.*?', preg_quote($row['disallow_username'])) . ')\b#i', $username)) { return $user->lang['Username_disallowed']; } } $sql = "SELECT word FROM " . WORDS_TABLE; $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) { if (preg_match('#\b(' . str_replace('\*', '.*?', preg_quote($row['word'])) . ')\b#i', $username)) { return $user->lang['Username_disallowed']; } } // Don't allow " in username. if (strstr($username, '"')) { return $user->lang['Username_invalid']; } return false; } // Check to see if email address is banned or already present in the DB function validate_email($email) { global $db, $user; if ($email != '') { if (preg_match('/^[a-z0-9\.\-_\+]+@[a-z0-9\-_]+\.([a-z0-9\-_]+\.)*?[a-z]+$/is', $email)) { $sql = "SELECT ban_email FROM " . BANLIST_TABLE; $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) { if (preg_match('/^' . str_replace('*', '.*?', $row['ban_email']) . '$/is', $email)) { return $user->lang['Email_banned']; } } $sql = "SELECT user_email FROM " . USERS_TABLE . " WHERE user_email = '" . sql_quote($email) . "'"; $result = $db->sql_query($sql); if ($row = $db->sql_fetchrow($result)) { return $user->lang['Email_taken']; } return false; } } return $user->lang['Email_invalid']; } // Does supplementary validation of optional profile fields. This // expects common stuff like trim() and strip_tags() to have already // been run. Params are passed by-ref, so we can set them to the empty // string if they fail. function validate_optional_fields(&$icq, &$aim, &$msnm, &$yim, &$website, &$location, &$occupation, &$interests, &$sig) { $check_var_length = array('aim', 'msnm', 'yim', 'location', 'occupation', 'interests', 'sig'); for($i = 0; $i < count($check_var_length); $i++) { if (strlen($$check_var_length[$i]) < 2) { $$check_var_length[$i] = ''; } } // ICQ number has to be only numbers. if (!preg_match('/^[0-9]+$/', $icq)) { $icq = ''; } // website has to start with http://, followed by something with length at least 3 that // contains at least one dot. if ($website != '') { if (!preg_match('#^http[s]?:\/\/#i', $website)) { $website = 'http://' . $website; } if (!preg_match('#^http[s]?\\:\\/\\/[a-z0-9\-]+\.([a-z0-9\-]+\.)?[a-z]+#i', $website)) { $website = ''; } } return; } // This is general replacement for die(), allows templated output in users (or default) // language, etc. $msg_code can be one of these constants: // // -> MESSAGE : Use for any simple text message, eg. results of an operation, authorisation // failures, etc. // -> ERROR : Use for any error, a simple page will be output function message_die($msg_code, $msg_text = '', $msg_title = '') { global $db, $auth, $template, $config, $user, $nav_links; global $phpEx, $phpbb_root_path, $starttime; switch ($msg_code) { case MESSAGE: $msg_title = ($msg_title == '') ? $user->lang['Information'] : $msg_title; $msg_text = (!empty($user->lang[$msg_text])) ? $user->lang[$msg_text] : $msg_text; if (!defined('HEADER_INC')) { if (empty($user->lang)) { echo '' . $msg_title . '' . "\n"; echo '
' . $msg_title . '
' . $msg_text . '
'; $db->sql_close(); exit; } else if (defined('IN_ADMIN')) { page_header('', '', false); } else { include($phpbb_root_path . 'includes/page_header.' . $phpEx); } } if (defined('IN_ADMIN')) { page_message($msg_title, $msg_text, $display_header); page_footer(); } else { $template->set_filenames(array( 'body' => 'message_body.html') ); $template->assign_vars(array( 'MESSAGE_TITLE' => $msg_title, 'MESSAGE_TEXT' => $msg_text) ); include($phpbb_root_path . 'includes/page_tail.' . $phpEx); } break; case ERROR: $db->sql_close(); echo '' . $msg_title . '
» ' . $msg_title . '   

' . $msg_text . '

'; break; } exit; } // Error and message handler, call with trigger_error if reqd function msg_handler($errno, $msg_text, $errfile, $errline) { global $db, $auth, $template, $config, $user, $nav_links; global $phpEx, $phpbb_root_path, $starttime; switch ($errno) { case E_WARNING: // if (defined('DEBUG')) // { // echo "PHP Warning on line $errline in $errfile :: $msg_text"; // } break; case E_NOTICE: // if (defined('DEBUG_EXTRA')) // { // echo "PHP Notice on line $errline in $errfile :: $msg_text"; // } break; case E_USER_ERROR: if (isset($db)) { $db->sql_close(); } echo '' . $msg_title . ''; echo '
phpBB LogoGeneral Error      


' . $msg_text . '
Please notify the board administrator or webmaster : ' . $config['board_email'] . '

'; exit; break; case E_USER_NOTICE: // 20021125 Bartvb (todo) // This is a hack just to show something useful. // $msg_text won't contain anything if $user isn't there yet. // I ran into this problem when installing without makeing config_cache.php writable if (!isset($user)) { die("Unable to show notice, \$user class hasn't been instantiated yet.
Error triggered in: " . $errfile .":". $errline); } if (empty($user->session_id)) { $user->start(); } if (empty($user->lang)) { $user->setup(); } $msg_text = (!empty($user->lang[$msg_text])) ? $user->lang[$msg_text] : $msg_text; if (!defined('HEADER_INC')) { if (defined('IN_ADMIN')) { page_header('', '', false); } else { include($phpbb_root_path . 'includes/page_header.' . $phpEx); } } if (defined('IN_ADMIN')) { page_message($msg_title, $msg_text, $display_header); page_footer(); } else { $template->set_filenames(array( 'body' => 'message_body.html') ); $template->assign_vars(array( 'MESSAGE_TITLE' => $msg_title, 'MESSAGE_TEXT' => $msg_text) ); include($phpbb_root_path . 'includes/page_tail.' . $phpEx); } break; } } ?>