/
Subs.php
2613 lines (2300 loc) · 95.6 KB
/
Subs.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
<?php
/**
* This file carries many useful functions that will come into use on most page loads, but not tied to a specific area of operations.
*
* Wedge (http://wedge.org)
* Copyright © 2010 René-Gilles Deberdt, wedge.org
* Portions are © 2011 Simple Machines.
* License: http://wedge.org/license/
*/
if (!defined('WEDGE'))
die('Hacking attempt...');
loadSource(array(
'Subs-BBC',
'Subs-Cache',
'Subs-Template',
'Class-Skeleton',
));
// Fallback for unlikely missing JSON.
if (!function_exists('json_encode') || !function_exists('json_decode'))
loadSource('Class-JSON');
/**
* This function updates some internal statistics as necessary.
*
* Although there are three parameters listed, the second and third parameters may be ignored depending on the first.
*
* This function handles four distinct branches of statistic/data management, reflected by the type: member, message, subject, topic.
* - If type is member, two operations can be carried out. If neither parameter 1 or parameter 2 is set, recalculate the total number of members, and obtain the user id and name of the latest member (and update the $settings with this for the board index), and also ensure the count of unapproved users is correct (excluding COPPA users). Alternatively, when coming directly from registration etc, supply parameter 1 as the numeric user id and parameter 2 as the user name.
* - If type is message, two operations can be carried out. If parameter 1 is boolean true, and parameter 2 is not null, have {@link updateSettings()} recalculate the total messages, and supply to it the contents of parameter 2 to be used as the id of the 'highest known message at this time', which is used for tracking read/unread status. Alternatively, recalculate the forum-wide total number of messages and the highest message id using the general board data.
* - If type is subject, this function should be being called to update search data when a subject changes in a message. Parameter 1 should be the topic id, parameter 2 the new subject of the topic.
* - If type is topic, two operations can be carried out. If parameter 1 is boolean true, increment the total number of topics (parameter 2 is ignored). Otherwise manually recalculate the forum-wide number of topics from the board data.
* - If type is postgroups, this function is to ensure post count groups are updated. Parameter 1 can be either null (update all members), an integer (a single user id) or an array (of user ids) as the scope of update. Parameter 2 will either be null, or an array of columns which should include 'posts' as a value (for when called from other areas where multiple other columns are being updated)
*
* @param string $type An string denoting the operation, can be any one of: member, message, subject, topic, postgroups.
* @param mixed $parameter1 See notes above as for operations
* @param mixed $parameter2 See notes above as for operations
*/
function updateStats($type, $parameter1 = null, $parameter2 = null)
{
global $settings;
if ($type === 'member')
{
$changes = array(
'memberlist_updated' => time(),
);
// #1 latest member ID, #2 the real name for a new registration.
if (is_numeric($parameter1))
{
$changes['latestMember'] = $parameter1;
$changes['latestRealName'] = $parameter2;
updateSettings(array('totalMembers' => true), true);
}
// We need to calculate the totals.
else
{
// Update the latest activated member (highest id_member) and count.
$result = wesql::query('
SELECT COUNT(*), MAX(id_member)
FROM {db_prefix}members
WHERE is_activated = {int:is_activated}',
array(
'is_activated' => 1,
)
);
list ($changes['totalMembers'], $changes['latestMember']) = wesql::fetch_row($result);
wesql::free_result($result);
// Get the latest activated member's display name.
$result = wesql::query('
SELECT real_name
FROM {db_prefix}members
WHERE id_member = {int:id_member}
LIMIT 1',
array(
'id_member' => (int) $changes['latestMember'],
)
);
list ($changes['latestRealName']) = wesql::fetch_row($result);
wesql::free_result($result);
// Are we using registration approval?
if ((!empty($settings['registration_method']) && $settings['registration_method'] == 2) || !empty($settings['approveAccountDeletion']))
{
// Update the amount of members awaiting approval - ignoring COPPA accounts, as you can't approve them until you get permission.
$result = wesql::query('
SELECT COUNT(*)
FROM {db_prefix}members
WHERE is_activated IN ({array_int:activation_status})',
array(
'activation_status' => array(3, 4),
)
);
list ($changes['unapprovedMembers']) = wesql::fetch_row($result);
wesql::free_result($result);
}
}
updateSettings($changes);
}
elseif ($type === 'message')
{
if ($parameter1 === true && $parameter2 !== null)
updateSettings(array('totalMessages' => true, 'maxMsgID' => $parameter2), true);
else
{
// SUM and MAX on a smaller table is better for InnoDB tables.
$result = wesql::query('
SELECT SUM(num_posts + unapproved_posts) AS total_messages, MAX(id_last_msg) AS max_msg_id
FROM {db_prefix}boards
WHERE redirect = {string:blank_redirect}' . (!empty($settings['recycle_enable']) && $settings['recycle_board'] > 0 ? '
AND id_board != {int:recycle_board}' : ''),
array(
'recycle_board' => isset($settings['recycle_board']) ? $settings['recycle_board'] : 0,
'blank_redirect' => '',
)
);
$row = wesql::fetch_assoc($result);
wesql::free_result($result);
updateSettings(array(
'totalMessages' => $row['total_messages'] === null ? 0 : $row['total_messages'],
'maxMsgID' => $row['max_msg_id'] === null ? 0 : $row['max_msg_id']
));
}
}
elseif ($type === 'subject')
{
// Remove the previous subject (if any).
wesql::query('
DELETE FROM {db_prefix}log_search_subjects
WHERE id_topic = {int:id_topic}',
array(
'id_topic' => $parameter1,
)
);
wesql::query('
DELETE FROM {db_prefix}pretty_topic_urls
WHERE id_topic = {int:id_topic}',
array(
'id_topic' => $parameter1,
)
);
if (!empty($settings['pretty_enable_cache']) && is_numeric($parameter1) && $parameter1 > 0)
wesql::query('
DELETE FROM {db_prefix}pretty_urls_cache
WHERE url_id LIKE {string:topic_search}',
array(
'topic_search' => '%topic=' . $parameter1 . '%',
)
);
// Insert the new subject.
if ($parameter2 !== null)
{
loadSource('Subs-PrettyUrls');
pretty_update_topic($parameter2, $parameter1);
$parameter1 = (int) $parameter1;
$parameter2 = text2words($parameter2);
$inserts = array();
foreach ($parameter2 as $word)
$inserts[] = array($word, $parameter1);
if (!empty($inserts))
wesql::insert('ignore',
'{db_prefix}log_search_subjects',
array('word' => 'string', 'id_topic' => 'int'),
$inserts
);
}
}
elseif ($type === 'topic')
{
if ($parameter1 === true)
updateSettings(array('totalTopics' => true), true);
else
{
// Get the number of topics - a SUM is better for InnoDB tables.
// We also ignore the recycle bin here because there will probably be a bunch of one-post topics there.
$result = wesql::query('
SELECT SUM(num_topics + unapproved_topics) AS total_topics
FROM {db_prefix}boards' . (!empty($settings['recycle_enable']) && $settings['recycle_board'] > 0 ? '
WHERE id_board != {int:recycle_board}' : ''),
array(
'recycle_board' => !empty($settings['recycle_board']) ? $settings['recycle_board'] : 0,
)
);
$row = wesql::fetch_assoc($result);
wesql::free_result($result);
updateSettings(array('totalTopics' => $row['total_topics'] === null ? 0 : $row['total_topics']));
}
}
elseif ($type === 'postgroups')
{
// Parameter two is the updated columns: we should check to see if we base groups off any of these.
if ($parameter2 !== null && !in_array('posts', $parameter2))
return;
if (($postgroups = cache_get_data('updateStats:postgroups', 360)) === null)
{
// Fetch the postgroups!
$request = wesql::query('
SELECT id_group, min_posts
FROM {db_prefix}membergroups
WHERE min_posts != {int:min_posts}',
array(
'min_posts' => -1,
)
);
$postgroups = array();
while ($row = wesql::fetch_assoc($request))
$postgroups[$row['id_group']] = $row['min_posts'];
wesql::free_result($request);
// Sort them this way because if it's done with MySQL it causes a filesort :(.
arsort($postgroups);
cache_put_data('updateStats:postgroups', $postgroups, 360);
}
// Oh great, they've screwed their post groups.
if (empty($postgroups))
return;
// Set all membergroups from most posts to least posts.
$conditions = '';
foreach ($postgroups as $id => $min_posts)
{
$conditions .= '
WHEN posts >= ' . $min_posts . (!empty($lastMin) ? ' AND posts <= ' . $lastMin : '') . ' THEN ' . $id;
$lastMin = $min_posts;
}
// A big fat CASE WHEN... END should be faster than a zillion UPDATE's ;)
wesql::query('
UPDATE {db_prefix}members
SET id_post_group = CASE ' . $conditions . '
ELSE 0
END' . ($parameter1 != null ? '
WHERE ' . (is_array($parameter1) ? 'id_member IN ({array_int:members})' : 'id_member = {int:members}') : ''),
array(
'members' => $parameter1,
)
);
// If one of the members switched to a different postgroup, clear the group color cache for them.
if (wesql::affected_rows() > 0)
cache_put_data('member-colors', null, 5000);
}
else
trigger_error('updateStats(): Invalid statistic type \'' . $type . '\'', E_USER_NOTICE);
}
/**
* Update the members table's data field with serialized data.
*
* This function is mainly an alias to easily store custom data.
* The data field is a convenient way to store data that is only used by the member related to it, such as the current thought for display in the sidebar.
*
* @param array $data A key/value pair array that contains the field to be updated and the new value.
*/
function updateMyData($data)
{
if (empty($data) || !is_array($data))
return;
foreach ($data as $key => $val)
{
we::$user['data'][$key] = $val;
if ($val === '')
unset(we::$user['data'][$key]);
}
// @todo: should we add a hook for individual variables in the data field?
updateMemberData(
MID,
array(
'data' => serialize(we::$user['data'])
)
);
}
/**
* Update the members table with data.
*
* This function ensures the member table is updated for one, multiple or all users. Note:
* - If level 2 caching is in use, the appropriate cache data will be flushed with the new values.
* - The change_member_data hook where any of the common values are updated.
* - {@link updateStats() is also called so that if we have updated post count, post count groups will also be managed automatically.
* - This function should always be called for updating member data rather than updating the members table directly.
* - All string data should have been processed with htmlspecialchars for security; no sanitization is performed on the data.
*
* @param mixed $members The member or members that are to be updated. null for all members, an integer for an individual user, or an array of integers for multiple users to be affected.
* @param array $data A key/value pair array that contains the field to be updated and the new value. Additionally, if the field is known to be an integer (of which a list of known columns is stated), supplying a value of + or - will allow the column to be incremented or decremented without explicitly specifying the new value.
*/
function updateMemberData($members, $data)
{
global $settings;
$parameters = array();
if (is_array($members))
{
$condition = 'id_member IN ({array_int:members})';
$parameters['members'] = $members;
}
elseif ($members === null)
$condition = '1=1';
else
{
$condition = 'id_member = {int:member}';
$parameters['member'] = $members;
}
if (!empty($settings['hooks']['change_member_data']))
{
// Only a few member variables are really interesting for hooks.
$hook_vars = array(
'member_name',
'real_name',
'email_address',
'id_group',
'gender',
'birthdate',
'website_title',
'website_url',
'location',
'hide_email',
'time_format',
'time_offset',
'avatar',
'lngfile',
);
$vars_to_integrate = array_intersect($hook_vars, array_keys($data));
// Only proceed if there are any variables left to call the hook.
if (count($vars_to_integrate) != 0)
{
// Fetch a list of member_names if necessary
if ((array) $members === (array) MID)
$member_names = array(we::$user['username']);
else
{
$member_names = array();
$request = wesql::query('
SELECT member_name
FROM {db_prefix}members
WHERE ' . $condition,
$parameters
);
while ($row = wesql::fetch_assoc($request))
$member_names[] = $row['member_name'];
wesql::free_result($request);
}
if (!empty($member_names))
foreach ($vars_to_integrate as $var)
call_hook('change_member_data', array($member_names, $var, &$data[$var]));
}
}
// Everything is assumed to be a string unless it's in the below.
$knownInts = array(
'date_registered', 'posts', 'id_group', 'last_login', 'instant_messages', 'unread_messages',
'pm_prefs', 'gender', 'hide_email', 'show_online', 'pm_email_notify', 'pm_receive_from',
'notify_announcements', 'notify_send_body', 'notify_regularity', 'notify_types', 'hey_not', 'hey_pm',
'is_activated', 'id_msg_last_visit', 'id_post_group', 'total_time_logged_in', 'warning',
);
$knownFloats = array(
'time_offset',
);
$setString = '';
foreach ($data as $var => $val)
{
$type = 'string';
if (in_array($var, $knownInts))
$type = 'int';
elseif (in_array($var, $knownFloats))
$type = 'float';
elseif ($var == 'birthdate')
$type = 'date';
// Doing an increment?
if ($type == 'int' && ($val === '+' || $val === '-'))
{
$val = $var . ' ' . $val . ' 1';
$type = 'raw';
}
// Ensure posts, instant_messages, and unread_messages don't underflow.
if (in_array($var, array('posts', 'instant_messages', 'unread_messages')) && preg_match('~^' . $var . ' (\+ |- |\+ -)([\d]+)~', $val, $match))
{
if ($match[1] != '+ ')
$val = 'CASE WHEN ' . $var . ' <= ' . abs($match[2]) . ' THEN 0 ELSE ' . $val . ' END';
$type = 'raw';
}
$setString .= ' ' . $var . ' = {' . $type . ':p_' . $var . '},';
$parameters['p_' . $var] = $val;
}
wesql::query('
UPDATE {db_prefix}members
SET' . substr($setString, 0, -1) . '
WHERE ' . $condition,
$parameters
);
updateStats('postgroups', $members, array_keys($data));
// Clear any caching?
if (!empty($settings['cache_enable']) && $settings['cache_enable'] >= 2 && !empty($members))
{
if (!is_array($members))
$members = array($members);
foreach ($members as $member)
{
if ($settings['cache_enable'] >= 3)
{
cache_put_data('member_data-profile-' . $member, null, 120);
cache_put_data('member_data-normal-' . $member, null, 120);
cache_put_data('member_data-minimal-' . $member, null, 120);
}
cache_put_data('user_settings-' . $member, null, 60);
}
}
}
/**
* Updates settings in the primary forum-wide settings table, and its local $settings equivalent.
*
* If a value to be updated would not be changed (is the same), that change will not be issued as a query. Also note that $settings will be updated too, and that the cache entry for $settings will be purged so that next page load is using the current (recached) settings.
*
* @param array $changeArray A key/value pair where the array key specifies the entry in the settings table and $settings array to be updated, and the value specifies the new value. Additionally, when $update is true, the value can be specified as true or false to increment or decrement (respectively) the current value.
* @param bool $update If the value is known to already exist, this can be specified as true to have the data in the table be managed through an UPDATE query, rather than a REPLACE query. Note that UPDATE queries are run individually, while a REPLACE applies all changes simultaneously to the table.
*/
function updateSettings($changeArray, $update = false)
{
global $settings;
if (empty($changeArray) || !is_array($changeArray))
return;
if (defined('WEDGE_INSTALLER'))
{
global $incontext;
if (empty($incontext['enable_update_settings']))
return;
}
// In some cases, this may be better and faster, but for large sets we don't want so many UPDATEs.
if ($update)
{
foreach ($changeArray as $variable => $value)
{
wesql::query('
UPDATE {db_prefix}settings
SET value = {' . ($value === false || $value === true ? 'raw' : 'string') . ':value}
WHERE variable = {string:variable}',
array(
'value' => $value === true ? 'value + 1' : ($value === false ? 'value - 1' : $value),
'variable' => $variable,
)
);
$settings[$variable] = $value === true ? $settings[$variable] + 1 : ($value === false ? $settings[$variable] - 1 : $value);
}
// Clean out the cache and make sure the cobwebs are gone too.
cache_put_data('settings', null, 'forever');
return;
}
$replaceArray = array();
foreach ($changeArray as $variable => $value)
{
// Don't bother if it's already like that ;)
if (isset($settings[$variable]) && $settings[$variable] == $value)
continue;
// If the variable isn't set, but would only be set to nothingness, then don't bother setting it.
elseif (!isset($settings[$variable]) && empty($value))
continue;
$replaceArray[] = array($variable, $value);
$settings[$variable] = $value;
}
if (empty($replaceArray))
return;
wesql::insert('replace',
'{db_prefix}settings',
array('variable' => 'string-255', 'value' => 'string-65534'),
$replaceArray
);
// Kill the cache.
cache_put_data('settings', null, 'forever');
}
/**
* Inserts elements into an indexed array, before or after a specific key.
* This will only work if $array doesn't have keys in common with $input.
*
* @param array $input The array to be modified
* @param string $to The target array key; for child arrays, use 'parent child'.
* @param array $array The array to insert
* @param boolean $after Set to true to insert $array after $to, leave empty to insert before it.
*/
function array_insert($input, $to, $array, $after = false)
{
$to = array_map('trim', explode(' ', $to));
$offset = array_search($to[0], array_keys($input), true) + ($after && empty($to[1]) ? 1 : 0);
if (empty($to[1]))
return array_merge(array_slice($input, 0, $offset, true), $array, array_slice($input, $offset, null, true));
return array_merge(array_slice($input, 0, $offset, true), array($to[0] => array_insert($input[array_shift($to)], implode(' ', $to), $array, $after)), array_slice($input, $offset + 1, null, true));
}
/**
* Prunes non-valid XML/XHTML characters from a string intended for XML/XHTML transport use.
*
* Primarily this function removes non-printable control codes from an XML output (tab, CR, LF are preserved), including non-valid UTF-8 character signatures if appropriate.
* See http://www.w3.org/TR/2000/REC-xml-20001006#NT-Char
*
* @param string $string A string of potential output.
* @return string The sanitized string.
*/
function cleanXml($string)
{
return str_replace(']]>', ']]]]><![CDATA[>', preg_replace('~[\x00-\x08\x0B\x0C\x0E-\x19\x{FFFE}\x{FFFF}]~u', '', $string));
}
/**
* Takes a message ID, and returns its parsed body.
* Can be useful.
*/
function get_single_post($id_msg)
{
$req = wesql::query('
SELECT
id_msg, poster_time, id_member, body, smileys_enabled, poster_name, m.approved, m.data
FROM {db_prefix}messages AS m
INNER JOIN {db_prefix}topics AS t ON t.id_topic = m.id_topic AND {query_see_topic}
WHERE id_msg = {int:id_msg}',
array('id_msg' => $id_msg)
);
$row = wesql::fetch_assoc($req);
wesql::free_result($req);
if (empty($row['id_msg']))
return false;
return parse_bbc($row['body'], 'post', array('smileys' => $row['smileys_enabled'], 'cache' => $row['id_msg'], 'user' => $row['id_member']));
}
/**
* Helper functions to return an Ajax request, either xml, JS object or plain text, bypassing the skeleton system
* but going through post-processing (ob_sessrewrite), except for return_raw() which skips everything.
*/
function return_raw()
{
header('Content-Type: text/plain; charset=UTF-8');
$args = func_get_args();
exit(implode('', $args));
}
// The callback function can return a value to print, or simply echo it by itself and return nothing.
function return_callback($callback, $args = array())
{
clean_output();
header('Content-Type: text/plain; charset=UTF-8');
echo call_user_func_array($callback, $args);
exit();
}
function return_text()
{
clean_output();
header('Content-Type: text/plain; charset=UTF-8');
$args = func_get_args();
exit(implode('', $args));
}
function return_xml()
{
clean_output();
header('Content-Type: text/xml; charset=UTF-8');
$args = func_get_args();
exit('<?xml version="1.0" encoding="UTF-8"?' . '>' . implode('', $args));
}
function return_json($json)
{
clean_output();
header('Content-Type: application/json; charset=UTF-8');
exit(str_replace('\\/', '/', json_encode($json)));
}
/**
* Sanitizes strings that might be passed through to JavaScript.
*
* Multiple instances of scripts will need to be adjusted through the codebase if passed to JavaScript through the template. This function will handle quoting of the string's contents, including providing the encapsulating quotes (so no need to echo '"', JavaScriptEscape($var), '"'; but simply echo JavaScriptEscape($var); instead.)
*
* Other protections include dealing with newlines, carriage returns (through suppression), single quotes, links, inline script tags, and SCRIPT. (Probably to prevent search bots from indexing JS-only URLs.)
*
* @param string $string A string whose contents to be quoted.
* @param string $q (for quote) The quote character to use around the string. Defaults to '. Can be useful to switch to " if called within a string already declared with single quotes.
* @return string A transformed string with contents suitably quoted for use in JavaScript.
*/
function JavaScriptEscape($string, $q = "'")
{
$xq = $q == '"' ? "\x0f" : "\x10";
return $xq . str_replace(
array('\\', "\n", 'script', 'href=', '"' . SCRIPT, "'" . SCRIPT, $q == '"' ? "'" : '"', $q),
array('\\\\', "\\\n", 'scr\\ipt', 'hr\\ef=', '"' . SCRIPT . '"+"', "'" . SCRIPT . "'+'", $q == '"' ? "\x10" : "\x0f", '\\' . $xq),
$string
) . $xq;
}
/**
* A helper function for AutoSuggest popup declarations.
* The more members your forum has, the more results you'll get,
* so we need to increase the minimum number of characters to type before we trigger a search.
*/
function min_chars()
{
global $settings;
if (empty($settings['totalMembers']) || $settings['totalMembers'] > 1000)
return 'minChars: 3';
if ($settings['totalMembers'] > 100)
return 'minChars: 2';
return 'minChars: 1';
}
/**
* Formats a number in a localized fashion.
*
* Each of the language packs should declare $txt['number_format'] in the index language file, which is simply a string that consists of the number 1234.00 localized to that region. This function detects the thousands and decimal separators, and uses those in its place. It also detects the number of digits in the decimal position, and rounds to that many digits. Note that the style is cached locally (statically) for the life of the page.
*
* @param float $number The number to format.
* @param bool $override_decimal_count If true, $number will be treated as an integer even if it is not (numbers will be rounded to suit)
*/
function comma_format($number, $override_decimal_count = false)
{
global $txt;
static $thousands_separator = null, $decimal_separator = null, $decimal_count = null;
// Skip formatting if number needs no separators. (is_integer($number) && abs($number) < 1000, optimized for speed.)
if (((int) $number) === $number && $number > -1000 && $number < 1000)
return $number;
// Cache these values...
if ($decimal_separator === null)
{
// Not set for whatever reason?
if (empty($txt['number_format']) || preg_match('~^1([^\d]*)?234([^\d]*)(0*?)$~', $txt['number_format'], $matches) != 1)
return $number;
// Cache these each load...
$thousands_separator = $matches[1];
$decimal_separator = $matches[2];
$decimal_count = strlen($matches[3]);
}
// Format the string with our friend, number_format.
return number_format($number, is_float($number) ? ($override_decimal_count === false ? $decimal_count : $override_decimal_count) : 0, $decimal_separator, $thousands_separator);
}
/**
* Attempts to find the correct language string for a given numeric string. For example, to be able to find the right string to use for '1 cookie' vs '2 cookies'.
*
* $txt is checked for prefix_number as a string, e.g. calling $string as 'cookie' and $number as 1, $txt['cookie]['1'] will be examined, if present it will be used, otherwise $txt['cookie']['n'] will be used instead. Different languages have different needs in this case, so it is up to the language files to provide the different constructions necessary. Note that there will be a call to sprintf as well since the string should contain %s for the number if appropriate as it will be passed through comma_format.
*
* @param $string The $txt string to check against.
* @param $number The number of items to look for.
* @param bool $format_comma Specify whether to comma-format the number.
* @return The string as found in $txt (note: the case where _n is used but not present will return an error, it is up to the language files to present a minimum fallback)
*/
function number_context($string, $number, $format_comma = true)
{
global $txt;
$cnum = $format_comma ? comma_format($number) : $number;
if ($txt[$string] !== (array) $txt[$string])
return sprintf($txt[$string], $cnum);
if (isset($txt[$string][$number]))
return sprintf($txt[$string][$number], $cnum);
return sprintf($txt[$string]['n'], $cnum);
}
/**
* Formats a given timestamp, optionally applying the forum and user offsets, for display including 'Today' and 'Yesterday' prefixes.
*
* This function also applies the date/time format string the admin can specify in the admin panel (General Options / General) user can specify in their Look and Layout Preferences through strftime.
*
* @param int $log_time Timestamp to use. No default is given, will often be derived from stored content.
* @param mixed $show_today When calling from outside this function, it is whether to use 'Today' format at all, or override the forum settings and not use it (use it is default). This function also makes use of this function to call itself for formatting the time part of 'Today' dates, and uses this to pass the time-only format back.
* @param mixed $offset_type The offset type to use when considering the timestamp; Boolean false (default) means to apply forum and user offsets to the given timestamp, 'forum' to apply only the forum's time offset, any other value to bypass any offsets being applied.
*
* @return string The formatted time and date, will include localized strings with HTML formatting the case of 'Today' and 'Yesterday' strings.
*/
function timeformat($log_time, $show_today = true, $offset_type = false)
{
global $context, $txt, $settings;
static $non_twelve_hour, $year_shortcut, $nowtime, $now;
// Offset the time.
if (!$offset_type)
$time = $log_time + (we::$user['time_offset'] + $settings['time_offset']) * 3600;
// Just the forum offset?
else
$time = $log_time + ($offset_type == 'forum' ? $settings['time_offset'] * 3600 : 0);
// We can't have a negative date (on Windows, at least.)
if ($log_time < 0)
$log_time = 0;
$format =& we::$user['time_format'];
// Today and Yesterday?
if ($show_today === true && $settings['todayMod'] >= 1)
{
// Get the current time.
if (!isset($nowtime))
{
$nowtime = forum_time();
$now = @getdate($nowtime);
}
$then = @getdate($time);
// Try to make something of a time format string...
$s = strpos($format, '%S') === false ? '' : ':%S';
if (!strhas($format, array('%H', '%T')))
{
$h = strpos($format, '%l') === false ? '%I' : '%l';
$today_fmt = $h . ':%M' . $s . ' %p';
}
else
$today_fmt = '%H:%M' . $s;
// Same day of the year, same year.... Today!
if ($then['yday'] == $now['yday'] && $then['year'] == $now['year'])
return $txt['today'] . timeformat($log_time, $today_fmt, $offset_type);
// Day-of-year is one less and same year, or it's the first of the year and that's the last of the year...
if ($settings['todayMod'] == '2' && (($then['yday'] == $now['yday'] - 1 && $then['year'] == $now['year']) || ($now['yday'] == 0 && $then['year'] == $now['year'] - 1) && $then['mon'] == 12 && $then['mday'] == 31))
return $txt['yesterday'] . timeformat($log_time, $today_fmt, $offset_type);
// Is this the current year? Then why bother printing out the year?
if ($then['year'] == $now['year'])
{
if ($format === $txt['time_format'])
$show_today = $txt['time_format_this_year'];
else
{
// Determine what to delete from the string. This should take care of all common permutations,
// but we'll give up on more complex formats like Japanese or Chinese (i.e. <year ideogram><year>)
if (!isset($year_shortcut))
{
if (strpos($format, ', %Y') !== false)
$y = ', %Y';
elseif (strpos($format, ' %Y') !== false)
$y = ' %Y';
elseif (preg_match('~[./-]%Y|%Y[./-]~', $format, $match))
$y = $match[0];
$year_shortcut = isset($y) ? $y : false;
}
if (!empty($year_shortcut))
$show_today = str_replace($year_shortcut, '', $format);
}
}
}
$str = !is_bool($show_today) ? $show_today : $format;
if (!isset($non_twelve_hour))
$non_twelve_hour = trim(strftime('%p')) === '';
if ($non_twelve_hour && strpos($str, '%p') !== false)
$str = str_replace('%p', strftime('%H', $time) < 12 ? 'am' : 'pm', $str);
// Do-it-yourself time localization. Fun.
if (empty(we::$user['setlocale']))
foreach (array('%a' => 'days_short', '%A' => 'days', '%b' => 'months_short', '%B' => 'months') as $token => $text_label)
if (strpos($str, $token) !== false)
$str = str_replace($token, $txt[$text_label][(int) strftime($token === '%a' || $token === '%A' ? '%w' : '%m', $time)], $str);
// Windows doesn't support %e; on some versions, strftime fails altogether if used, so let's prevent that.
if ($context['server']['is_windows'] && strpos($str, '%e') !== false)
$str = str_replace('%e', '%#d', $str);
if (strpos($str, '%@') !== false)
$str = str_replace('%@', number_context('day_suffix', (int) strftime('%d', $time), false), $str);
// Format any other characters..
return strftime($str, $time);
}
/**
* Formats a time, and adds "on" if not "today" or "yesterday"
*
* @param int $log_time See timeformat()
* @param mixed $show_today See timeformat()
* @param mixed $offset_type See timeformat()
*
* @return string Same as timeformat(), except that "on" will be shown before numeric dates.
*/
function on_timeformat($log_time, $show_today = true, $offset_type = false)
{
global $txt;
$ret = timeformat($log_time, $show_today, $offset_type);
if (strpos($ret, '<strong>') === false)
return sprintf($txt['on_date'], $ret);
return $ret;
}
/**
* Returns 'On March 21' or 'Today', depending on the date. Not actually used in Wedge, though.
*
* @param int $time Human-readable date
* @param bool $upper Set to true if this starts a sentence or a block
*
* @return string Human-readable date in a "on" context.
*/
function on_date($time, $upper = false)
{
global $txt;
if (strpos($time, '<strong>') === false)
return $upper ? ucfirst(sprintf($txt['on_date'], $time)) : sprintf($txt['on_date'], $time);
return $time;
}
/**
* Returns the current timestamp (seconds since midnight 1/1/1970) with forum offset and optionally user's preference for time offset.
*
* @param bool $use_user_offset Specifies that the time returned should include the user's time offset set in their Look and Layout Preferences.
* @param mixed $timestamp Specifies a timestamp to be used for calculation; this will return the timestamp modified by the forum/user options. If unspecified or null, return the current time modified by these options.
*
* @return int Timestamp since Unix epoch in seconds
*/
function forum_time($use_user_offset = true, $timestamp = null)
{
global $settings;
if ($timestamp === null)
$timestamp = time();
if ($use_user_offset)
return $timestamp + ($settings['time_offset'] + we::$user['time_offset']) * 3600;
return $timestamp + $settings['time_offset'] * 3600;
}
/**
* A quick helper function to avoid typing these tags everywhere.
*
* @param int $timestamp Server-based Unix timestamp to transform.
* @param string $on_time Default date text to show. If empty, shows "Today" or "On March 21", for instance.
*
* @return string A valid <time> tag. You're welcome.
*/
function time_tag($timestamp, $on_time = '')
{
return '<time datetime="' . date(DATE_W3C, $timestamp) . '">' . ($on_time ?: on_timeformat($timestamp)) . '</time>';
}
/**
* Reconverts a number of the translations performed by {@link preparsecode()} with respect to HTML entity characters (e.g. angle brackets, quotes, apostrophes)
*
* This function effectively performs htmlspecialchars_decode(ENT_QUOTES) for the important characters, adding to it the apostrophe and non-breaking spaces.
*
* @param string $string A string that has been converted through {@link preparsecode()} previously; this ensures the common HTML entities, non breaking spaces and apostrophes are not subject to double conversion or being over-escaped when submitted back to the editor component.
* @return string The string, with the characters converted back.
*/
function un_htmlspecialchars($string)
{
return strtr(htmlspecialchars_decode($string, ENT_QUOTES), array(''' => '\'', ''' => '\'', ' ' => ' '));
}
/**
* Location location location!
* Returns whether $string contains any $items (can be either a string, or an array of strings.)
* For the record, this is way faster than preg_match('~elem1|elem2~', $str).
*/
function strhas($string, $items)
{
foreach ((array) $items as $item)
if (strpos($string, $item) !== false)
return $item;
return false;
}
/**
* Performance performance performance!
* Case-insensitive version.
* Provide lowercase search items ONLY!
**/
function strihas($string, $items)
{
return strhas(strtolower($string), $items);
}
/**
* Shortens a string, typically a thread subject, in a way that is intended to avoid breaking in internationalization ways.
*
* Specifically, if a string is longer than the specified length, shorten it and add an ellipsis. Internationlized characters and entities are respected as 'one' character for length calculations, and also trailing entities are avoided too.
*
* @param string $subject The string of the full subject.
* @param int $length The maximum length in characters of the shortened string.
*
* @return string The shortened string
*/
function shorten_subject($subject, $len)
{
// It was already short enough!
if (westr::strlen($subject) <= $len)
return $subject;
// Shorten it by the length it was too long, and strip off junk from the end.
return westr::substr($subject, 0, $len) . '…';
}
/**
* Just a quick function to convert generic contact list names to be human readable.
*/
function generic_contacts($str)
{
global $txt;
if (strpos($str, '{') === false || strpos($str, '}') === false)
return $str;
$type = substr($str, 1, -1);
return isset($txt['contacts_' . $type]) ? $txt['contacts_' . $type] : '<em>' . $type . '</em>';
}
/**
* Log the current user (even as a guest), as being online and optionally including their current location.
*
* - If the theme settings are set to display users in a board or topic, ensure the user is listed as being in those places (adjusting $force as necessary)
* - If the user is possibly a robot, carry on with spider logging.
* - If the last time the user was logged online is less than 8 seconds ago, and force is off; exit.
* - If "Who's Online" is enabled, grab everything from $_GET, plus the user agent, prepare to store it.
* - Ensure we have their user id, check to see if older things need to be purged and if so, do so.
* - Log them online, store it in the session, and update how long the user has been online.
*
* @param bool $force Whether to force there to be an update of the table or not.
*/
function writeLog($force = false)
{
global $user_settings, $context, $settings, $topic, $board;
// If we are showing who is viewing a topic, let's see if we are, and force an update if so - to make it accurate.
if (!empty($settings['display_who_viewing']) && ($topic || $board))
{
// Take the opposite approach!
$force = true;
// Don't update for every page - this isn't wholly accurate but who cares.
if ($topic)
{
if (isset($_SESSION['last_topic_id']) && $_SESSION['last_topic_id'] == $topic)
$force = false;
$_SESSION['last_topic_id'] = $topic;
}
}
// Are they a spider we should be tracking? Mode = 1 gets tracked on its spider check...
if (!empty(we::$user['possibly_robot']) && !empty($settings['spider_mode']) && $settings['spider_mode'] > 1)
{
loadSource('ManageSearchEngines');
logSpider();
}
// Don't mark them as online more than every so often.
if (!empty($_SESSION['log_time']) && $_SESSION['log_time'] >= (time() - 8) && !$force)
return;
if (!empty($settings['who_enabled']))
{
$serialized = $_GET + array('USER_AGENT' => $_SERVER['HTTP_USER_AGENT']);