From 1039231a67b3fbf17015a06c134ea96269e88cfb Mon Sep 17 00:00:00 2001 From: Kenji ITO Date: Sat, 19 Mar 2016 20:53:57 +0900 Subject: [PATCH 1/6] Cleaned up some code --- public_html/404.php | 4 +- public_html/article.php | 178 +++--- public_html/comment.php | 10 +- public_html/directory.php | 76 +-- public_html/getimage.php | 31 +- public_html/index.php | 122 ++-- public_html/pingback.php | 180 +++--- public_html/profiles.php | 217 +++---- public_html/search.php | 6 +- public_html/stats.php | 172 +++-- public_html/submit.php | 175 +++--- public_html/switchlang.php | 24 +- public_html/trackback.php | 56 +- public_html/users.php | 1031 +++++++++++++++--------------- public_html/usersettings.php | 1155 +++++++++++++++++----------------- 15 files changed, 1729 insertions(+), 1708 deletions(-) diff --git a/public_html/404.php b/public_html/404.php index c6cb94fec..e456c2b9d 100644 --- a/public_html/404.php +++ b/public_html/404.php @@ -2,7 +2,7 @@ /* Reminder: always indent with 4 spaces (no tabs). */ // +---------------------------------------------------------------------------+ -// | Geeklog 1.6 | +// | Geeklog 2.1 | // +---------------------------------------------------------------------------+ // | 404.php | // | | @@ -34,5 +34,3 @@ require_once 'lib-common.php'; COM_handle404(); - -?> diff --git a/public_html/article.php b/public_html/article.php index 3d1f4dd32..31618526f 100644 --- a/public_html/article.php +++ b/public_html/article.php @@ -2,7 +2,7 @@ /* Reminder: always indent with 4 spaces (no tabs). */ // +---------------------------------------------------------------------------+ -// | Geeklog 1.7 | +// | Geeklog 2.1 | // +---------------------------------------------------------------------------+ // | article.php | // | | @@ -66,81 +66,80 @@ $reply = ''; $page = 0; $mode = ''; -if (isset ($_POST['mode'])) { - $mode = COM_applyFilter ($_POST['mode']); -} else if (isset ($_POST['format'])) { - $mode = COM_applyFilter ($_POST['format']); +if (isset($_POST['mode'])) { + $mode = COM_applyFilter($_POST['mode']); +} elseif (isset($_POST['format'])) { + $mode = COM_applyFilter($_POST['format']); } if (!empty($mode)) { - if (isset ($_POST['story'])) { - $sid = COM_applyFilter ($_POST['story']); + if (isset($_POST['story'])) { + $sid = COM_applyFilter($_POST['story']); } - if (isset ($_POST['order'])) { - $order = COM_applyFilter ($_POST['order']); + if (isset($_POST['order'])) { + $order = COM_applyFilter($_POST['order']); } - if (isset ($_POST['query'])) { + if (isset($_POST['query'])) { $query = $_POST['query']; } - if (isset ($_POST['reply'])) { - $reply = COM_applyFilter ($_POST['reply']); + if (isset($_POST['reply'])) { + $reply = COM_applyFilter($_POST['reply']); } - if (isset ($_POST['cpage'])) { - $page = COM_applyFilter ($_POST['cpage'], true); + if (isset($_POST['cpage'])) { + $page = COM_applyFilter($_POST['cpage'], true); } } else { - COM_setArgNames (array ('story', 'mode')); - $sid = COM_applyFilter (COM_getArgument ('story')); - $mode = COM_applyFilter (COM_getArgument ('mode')); - if (isset ($_GET['order'])) { - $order = COM_applyFilter ($_GET['order']); + COM_setArgNames (array('story', 'mode')); + $sid = COM_applyFilter(COM_getArgument('story')); + $mode = COM_applyFilter(COM_getArgument('mode')); + if (isset($_GET['order'])) { + $order = COM_applyFilter($_GET['order']); } - if (isset ($_GET['query'])) { + if (isset($_GET['query'])) { $query = $_GET['query']; } - if (isset ($_GET['reply'])) { - $reply = COM_applyFilter ($_GET['reply']); + if (isset($_GET['reply'])) { + $reply = COM_applyFilter($_GET['reply']); } - if (isset ($_GET['cpage'])) { - $page = COM_applyFilter ($_GET['cpage'], true); + if (isset($_GET['cpage'])) { + $page = COM_applyFilter($_GET['cpage'], true); } } -if (!empty ($_REQUEST['sid'])) { - $sid = COM_applyFilter ($_REQUEST['sid']); +if (!empty($_REQUEST['sid'])) { + $sid = COM_applyFilter($_REQUEST['sid']); } -if (empty ($sid) && !empty ($_POST['cmt_sid'])) { - $sid = COM_applyFilter ($_POST['cmt_sid']); +if (empty($sid) && !empty($_POST['cmt_sid'])) { + $sid = COM_applyFilter($_POST['cmt_sid']); } -if (empty ($sid)) { +if (empty($sid)) { COM_handle404(); } // Get topic TOPIC_getTopic('article', $sid); -if ((strcasecmp ($order, 'ASC') != 0) && (strcasecmp ($order, 'DESC') != 0)) { +if ((strcasecmp($order, 'ASC') !== 0) && (strcasecmp($order, 'DESC') !== 0)) { $order = ''; } -$result = DB_query("SELECT COUNT(*) AS count FROM {$_TABLES['stories']} WHERE sid = '$sid'" . COM_getPermSql ('AND')); +$result = DB_query("SELECT COUNT(*) AS count FROM {$_TABLES['stories']} WHERE sid = '$sid'" . COM_getPermSql('AND')); $A = DB_fetchArray($result); if ($A['count'] > 0) { - $story = new Story(); - $args = array ( - 'sid' => $sid, - 'mode' => 'view' - ); + $args = array( + 'sid' => $sid, + 'mode' => 'view' + ); $output = STORY_LOADED_OK; $result = PLG_invokeService('story', 'get', $args, $output, $svc_msg); - if($result == PLG_RET_OK) { - /* loadFromArray cannot be used, since it overwrites the timestamp */ + if ($result == PLG_RET_OK) { + // loadFromArray cannot be used, since it overwrites the timestamp reset($story->_dbFields); - while (list($fieldname,$save) = each($story->_dbFields)) { + while (list($fieldname, $save) = each($story->_dbFields)) { $varname = '_' . $fieldname; if (array_key_exists($fieldname, $output)) { @@ -154,9 +153,9 @@ if ($output == STORY_PERMISSION_DENIED) { $display = COM_showMessageText($LANG_ACCESS['storydenialmsg'], $LANG_ACCESS['accessdenied']); $display = COM_createHTMLDocument($display, array('pagetitle' => $LANG_ACCESS['accessdenied'])); - } elseif ( $output == STORY_INVALID_SID ) { + } elseif ($output == STORY_INVALID_SID ) { COM_handle404(); - } elseif (($mode == 'print') && ($_CONF['hideprintericon'] == 0)) { + } elseif (($mode === 'print') && ($_CONF['hideprintericon'] == 0)) { $story_template = COM_newTemplate($_CONF['path_layout'] . 'article'); $story_template->set_file('article', 'printable.thtml'); if (XHTML != '') { @@ -297,30 +296,29 @@ } // Display whats related - $story_template = COM_newTemplate($_CONF['path_layout'] . 'article'); $story_template->set_file('article','article.thtml'); $story_template->set_var('story_id', $story->getSid()); $story_template->set_var('story_title', $pagetitle); - $story_options = array (); + $story_options = array(); if (($_CONF['hideemailicon'] == 0) && (!COM_isAnonUser() || (($_CONF['loginrequired'] == 0) && ($_CONF['emailstoryloginrequired'] == 0)))) { $emailUrl = $_CONF['site_url'] . '/profiles.php?sid=' . $story->getSid() . '&what=emailstory'; $story_options[] = COM_createLink($LANG11[2], $emailUrl); - $story_template->set_var ('email_story_url', $emailUrl); - $story_template->set_var ('lang_email_story', $LANG11[2]); - $story_template->set_var ('lang_email_story_alt', $LANG01[64]); + $story_template->set_var('email_story_url', $emailUrl); + $story_template->set_var('lang_email_story', $LANG11[2]); + $story_template->set_var('lang_email_story_alt', $LANG01[64]); } - $printUrl = COM_buildUrl ($_CONF['site_url'] + $printUrl = COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $story->getSid() . '&mode=print'); if ($_CONF['hideprintericon'] == 0) { $story_options[] = COM_createLink($LANG11[3], $printUrl, array('rel' => 'nofollow')); - $story_template->set_var ('print_story_url', $printUrl); - $story_template->set_var ('lang_print_story', $LANG11[3]); - $story_template->set_var ('lang_print_story_alt', $LANG01[65]); + $story_template->set_var('print_story_url', $printUrl); + $story_template->set_var('lang_print_story', $LANG11[3]); + $story_template->set_var('lang_print_story_alt', $LANG01[65]); } if ($_CONF['backend'] == 1) { $tid = $story->displayElements('tid'); @@ -332,7 +330,7 @@ $feedTitle = sprintf($LANG11[6], $title); $feedType = SYND_getMimeType($format); $feedClass = 'feed-link'; - if (!empty($LANG_DIRECTION) && ($LANG_DIRECTION == 'rtl')) { + if (!empty($LANG_DIRECTION) && ($LANG_DIRECTION === 'rtl')) { $feedClass .= '-rtl'; } $story_options[] = COM_createLink($feedTitle, $feedUrl, @@ -365,38 +363,38 @@ if (true) { // can subscribe $commentSubscribeURL = ''; $story_options[] = COM_createLink('Nubbies', $commentSubscribeURL, array('rel' => 'nofollow')); - $story_template->set_var ('comment_subscribe_url', $commentSubscribeURL); - $story_template->set_var ('lang_comment_subscribe', 'Nubbies'); + $story_template->set_var('comment_subscribe_url', $commentSubscribeURL); + $story_template->set_var('lang_comment_subscribe', 'Nubbies'); } */ $related = STORY_whatsRelated($story->displayElements('related'), $story->displayElements('uid'), $story->getSid()); - if (!empty ($related)) { - $related = COM_startBlock ($LANG11[1], '', - COM_getBlockTemplate ('whats_related_block', 'header')) + if (!empty($related)) { + $related = COM_startBlock($LANG11[1], '', + COM_getBlockTemplate('whats_related_block', 'header')) . $related - . COM_endBlock (COM_getBlockTemplate ('whats_related_block', + . COM_endBlock(COM_getBlockTemplate('whats_related_block', 'footer')); } if (count ($story_options) > 0) { - $optionsblock = COM_startBlock ($LANG11[4], '', - COM_getBlockTemplate ('story_options_block', 'header')) - . COM_makeList ($story_options, 'list-story-options') - . COM_endBlock (COM_getBlockTemplate ('story_options_block', + $optionsblock = COM_startBlock($LANG11[4], '', + COM_getBlockTemplate('story_options_block', 'header')) + . COM_makeList($story_options, 'list-story-options') + . COM_endBlock(COM_getBlockTemplate('story_options_block', 'footer')); } else { $optionsblock = ''; } - $story_template->set_var ('whats_related', $related); - $story_template->set_var ('story_options', $optionsblock); - $story_template->set_var ('whats_related_story_options', + $story_template->set_var('whats_related', $related); + $story_template->set_var('story_options', $optionsblock); + $story_template->set_var('whats_related_story_options', $related . $optionsblock); // Another option here could be to figure out if story is first on page $tmpl = $_CONF['showfirstasfeatured'] ? 'featuredstorytext.thtml' : ''; - $story_template->set_var ('formatted_article', - STORY_renderArticle ($story, 'n', $tmpl, $query)); + $story_template->set_var('formatted_article', + STORY_renderArticle($story, 'n', $tmpl, $query)); // display comments or not? if ($_CONF['allow_page_breaks'] == 1) { @@ -407,18 +405,18 @@ $mode = ''; } - if( $story_page <= 0 ) { + if ($story_page <= 0) { $story_page = 1; } - $article_arr = explode( '[page_break]', $story->displayElements('bodytext')); + $article_arr = explode('[page_break]', $story->displayElements('bodytext')); $page_break_count = count($article_arr); if ($page_break_count > 1) { $conf = $_CONF['page_break_comments']; - if ( - ($conf == 'all') or - ( ($conf =='first') and ($story_page == 1) ) or - ( ($conf == 'last') and ($page_break_count == $story_page) ) + if ( + ($conf ==='all') || + (($conf ==='first') && ($story_page == 1)) || + (($conf === 'last') && ($page_break_count == $story_page)) ) { $show_comments = true; } else { @@ -432,11 +430,10 @@ } // Display the comments, if there are any .. - if (($story->displayElements('commentcode') >= 0) and $show_comments) { - $delete_option = (SEC_hasRights('story.edit') && ($story->getAccess() == 3) - ? true : false); - $story_template->set_var ('commentbar', - CMT_userComments ($story->getSid(), $story->displayElements('title'), 'article', + if (($story->displayElements('commentcode') >= 0) && $show_comments) { + $delete_option = (SEC_hasRights('story.edit') && ($story->getAccess() == 3)); + $story_template->set_var('commentbar', + CMT_userComments($story->getSid(), $story->displayElements('title'), 'article', $order, $mode, 0, $page, false, $delete_option, $story->displayElements('commentcode'))); } if ($_CONF['trackback_enabled'] && ($story->displayElements('trackbackcode') >= 0) && @@ -446,32 +443,37 @@ ($story->displayElements('day') < time ())) { $url = $_CONF['site_admin_url'] . '/trackback.php?mode=sendall&id=' . $story->getSid(); - $story_template->set_var ('send_trackback_link', + $story_template->set_var('send_trackback_link', COM_createLink($LANG_TRB['send_trackback'], $url)); - $story_template->set_var ('send_trackback_url', $url); - $story_template->set_var ('lang_send_trackback_text', + $story_template->set_var('send_trackback_url', $url); + $story_template->set_var('lang_send_trackback_text', $LANG_TRB['send_trackback']); } } - $permalink = COM_buildUrl ($_CONF['site_url'] + $permalink = COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $story->getSid()); - $story_template->set_var ('trackback', - TRB_renderTrackbackComments ($story->getSID(), 'article', + $story_template->set_var('trackback', + TRB_renderTrackbackComments($story->getSID(), 'article', $story->displayElements('title'), $permalink)); } else { - $story_template->set_var ('trackback', ''); + $story_template->set_var('trackback', ''); } - $display .= $story_template->finish ($story_template->parse ('output', 'article')); + $display .= $story_template->finish($story_template->parse('output', 'article')); $breadcrumbs = TOPIC_breadcrumbs('article', $story->getSid()); - $display = COM_createHTMLDocument($display, array('pagetitle' => $pagetitle, 'breadcrumbs' => $breadcrumbs, 'headercode' => $headercode)); + $display = COM_createHTMLDocument( + $display, + array( + 'pagetitle' => $pagetitle, + 'breadcrumbs' => $breadcrumbs, + 'headercode' => $headercode + ) + ); } } else { COM_handle404(); } COM_output($display); - -?> diff --git a/public_html/comment.php b/public_html/comment.php index df136094e..d605f5477 100644 --- a/public_html/comment.php +++ b/public_html/comment.php @@ -2,7 +2,7 @@ /* Reminder: always indent with 4 spaces (no tabs). */ // +---------------------------------------------------------------------------+ -// | Geeklog 1.8 | +// | Geeklog 2.1 | // +---------------------------------------------------------------------------+ // | comment.php | // | | @@ -65,17 +65,15 @@ $display = ''; // If reply specified, force comment submission form -if (isset ($_REQUEST['reply'])) { +if (isset($_REQUEST['reply'])) { $_REQUEST['mode'] = ''; } $mode = ''; -if (!empty ($_REQUEST['mode'])) { - $mode = COM_applyFilter ($_REQUEST['mode']); +if (!empty($_REQUEST['mode'])) { + $mode = COM_applyFilter($_REQUEST['mode']); } $display .= CMT_handleComment($mode); COM_output($display); - -?> diff --git a/public_html/directory.php b/public_html/directory.php index 9c49b1a5e..5b4a3e41b 100644 --- a/public_html/directory.php +++ b/public_html/directory.php @@ -2,7 +2,7 @@ /* Reminder: always indent with 4 spaces (no tabs). */ // +---------------------------------------------------------------------------+ -// | Geeklog 1.6 | +// | Geeklog 2.1 | // +---------------------------------------------------------------------------+ // | directory.php | // | | @@ -40,14 +40,17 @@ $conf_list_current_month = false; // name of this script -define ('THIS_SCRIPT', 'directory.php'); +define('THIS_SCRIPT', 'directory.php'); $display = ''; if (COM_isAnonUser() && (($_CONF['loginrequired'] == 1) || ($_CONF['directoryloginrequired'] == 1))) { - $display = COM_createHTMLDocument(SEC_loginRequiredForm(), - array('pagetitle' => $LANG_DIR['title'])); + $display = COM_createHTMLDocument( + SEC_loginRequiredForm(), + array('pagetitle' => $LANG_DIR['title'] + ) + ); COM_output($display); exit; } @@ -124,7 +127,7 @@ function DIR_monthLink($dir_topic, $year, $month, $count) { global $_CONF, $LANG_MONTH; - $retval = $LANG_MONTH[$month] . ' (' . COM_numberFormat ($count) . ')' . LB; + $retval = $LANG_MONTH[$month] . ' (' . COM_numberFormat($count) . ')' . LB; if ($count > 0) { $month_url = COM_buildUrl($_CONF['site_url'] . '/' @@ -203,7 +206,7 @@ function DIR_navBar($dir_topic, $year, $month = 0) $retval .= ' | '; $url = $_CONF['site_url'] . '/' . THIS_SCRIPT; - if ($dir_topic != 'all') { + if ($dir_topic !== 'all') { $url = COM_buildUrl($url . '?topic=' . urlencode($dir_topic)); } @@ -228,14 +231,14 @@ function DIR_navBar($dir_topic, $year, $month = 0) /** * Display month view * -* @param ref &$template reference of the template -* @param string $dir_topic current topic -* @param int $year year to display -* @param int $month month to display -* @return string list of articles for the given month +* @param Template $template reference of the template +* @param string $dir_topic current topic +* @param int $year year to display +* @param int $month month to display +* @return string list of articles for the given month * */ -function DIR_displayMonth(&$template, $dir_topic, $year, $month) +function DIR_displayMonth($template, $dir_topic, $year, $month) { global $_CONF, $_TABLES, $LANG_MONTH, $LANG_DIR; @@ -258,7 +261,7 @@ function DIR_displayMonth(&$template, $dir_topic, $year, $month) WHERE (date >= '$start') AND (date <= '$end') AND (draft_flag = 0) AND (date <= NOW()) AND ta.type = 'article' AND ta.id = sid "; - if ($dir_topic != 'all') { + if ($dir_topic !== 'all') { // Retrieve list of inherited topics $tid_list = TOPIC_getChildList($dir_topic); $sql['mysql'] .= " AND (ta.tid IN({$tid_list}) AND (ta.inherit = 1 OR (ta.inherit = 0 AND ta.tid = '{$dir_topic}')))"; @@ -326,13 +329,13 @@ function DIR_displayMonth(&$template, $dir_topic, $year, $month) /** * Display year view * -* @param ref &$template reference of the template -* @param string $dir_topic current topic -* @param int $year year to display -* @return string list of months (+ number of stories) for given year +* @param Template $template reference of the template +* @param string $dir_topic current topic +* @param int $year year to display +* @return string list of months (+ number of stories) for given year * */ -function DIR_displayYear(&$template, $dir_topic, $year) +function DIR_displayYear($template, $dir_topic, $year) { global $_CONF, $_TABLES, $LANG_MONTH, $LANG_DIR; @@ -361,7 +364,7 @@ function DIR_displayYear(&$template, $dir_topic, $year) WHERE (date >= '$start') AND (date <= '$end') AND (draft_flag = 0) AND (date <= NOW()) AND ta.type = 'article' AND ta.id = sid "; - if ($dir_topic != 'all') { + if ($dir_topic !== 'all') { // Retrieve list of inherited topics $tid_list = TOPIC_getChildList($dir_topic); $monthsql['mysql'] .= " AND (ta.tid IN({$tid_list}) AND (ta.inherit = 1 OR (ta.inherit = 0 AND ta.tid = '{$dir_topic}')))"; @@ -425,12 +428,12 @@ function DIR_displayYear(&$template, $dir_topic, $year) * year for which a story has been posted. Can optionally display a list of * the stories for the current month at the top of the page. * -* @param ref &$template reference of the template -* @param string $dir_topic current topic -* @return string list of all the years in the db +* @param Template $template reference of the template +* @param string $dir_topic current topic +* @return string list of all the years in the db * */ -function DIR_displayAll(&$template, $dir_topic) +function DIR_displayAll($template, $dir_topic) { global $_TABLES, $LANG_DIR; @@ -507,7 +510,7 @@ function DIR_canonicalLink($dir_topic, $year = 0, $month = 0) $parts .= "&year=$year&month=$month"; } elseif ($year != 0) { $parts .= "&year=$year"; - } elseif ($dir_topic == 'all') { + } elseif ($dir_topic === 'all') { $tp = ''; } $url = COM_buildUrl($script . $tp . $parts); @@ -536,7 +539,7 @@ function DIR_canonicalLink($dir_topic, $year = 0, $month = 0) // Topic stuff already set in lib-common but need to double check if URL_Write is_a enabled //Set topic for rest of site -if ($dir_topic == 'all') { +if ($dir_topic === 'all') { $topic = ''; } else { $topic = $dir_topic; @@ -544,7 +547,7 @@ function DIR_canonicalLink($dir_topic, $year = 0, $month = 0) // See if user has access to view topic. if ($topic != '') { $test_topic = DB_getItem($_TABLES['topics'], 'tid', "tid = '$topic' " . COM_getPermSQL('AND')); - if (strtolower($topic) != strtolower($test_topic)) { + if (strtolower($topic) !== strtolower($test_topic)) { $topic = ''; $dir_topic = 'all'; } else { @@ -563,7 +566,7 @@ function DIR_canonicalLink($dir_topic, $year = 0, $month = 0) } $dir_topicName = ''; -if ($dir_topic != 'all') { +if ($dir_topic !== 'all') { $dir_topicName = DB_getItem($_TABLES['topics'], 'topic', "tid = '" . DB_escapeString($dir_topic) . "'"); } @@ -580,7 +583,7 @@ function DIR_canonicalLink($dir_topic, $year = 0, $month = 0) if (($year != 0) && ($month != 0)) { $title = sprintf ($LANG_DIR['title_month_year'], $LANG_MONTH[$month], $year); - if ($dir_topic != 'all') { + if ($dir_topic !== 'all') { $title .= ': ' . $dir_topicName; } $headercode = DIR_canonicalLink($dir_topic, $year, $month); @@ -590,9 +593,9 @@ function DIR_canonicalLink($dir_topic, $year = 0, $month = 0) $val_year = $year; $val_month = $month; -} else if ($year != 0) { +} elseif ($year != 0) { $title = sprintf($LANG_DIR['title_year'], $year); - if ($dir_topic != 'all') { + if ($dir_topic !== 'all') { $title .= ': ' . $dir_topicName; } $headercode = DIR_canonicalLink($dir_topic, $year); @@ -604,7 +607,7 @@ function DIR_canonicalLink($dir_topic, $year = 0, $month = 0) } else { $title = $LANG_DIR['title']; - if ($dir_topic != 'all') { + if ($dir_topic !== 'all') { $title .= ': ' . $dir_topicName; } $headercode = DIR_canonicalLink($dir_topic); @@ -652,8 +655,11 @@ function DIR_canonicalLink($dir_topic, $year = 0, $month = 0) $display .= COM_endBlock(); } -$display = COM_createHTMLDocument($display, array('pagetitle' => $title, - 'headercode' => $headercode)); +$display = COM_createHTMLDocument( + $display, + array( + 'pagetitle' => $title, + 'headercode' => $headercode + ) +); COM_output($display); - -?> diff --git a/public_html/getimage.php b/public_html/getimage.php index 0e83670bb..993d52ba8 100644 --- a/public_html/getimage.php +++ b/public_html/getimage.php @@ -2,7 +2,7 @@ /* Reminder: always indent with 4 spaces (no tabs). */ // +---------------------------------------------------------------------------+ -// | Geeklog 1.6 | +// | Geeklog 2.1 | // +---------------------------------------------------------------------------+ // | getimage.php | // | | @@ -43,18 +43,17 @@ require_once $_CONF['path_system'] . 'classes/downloader.class.php'; $downloader = new downloader(); - $downloader->setLogFile($_CONF['path_log'] . 'error.log'); - $downloader->setLogging(true); - -$downloader->setAllowedExtensions(array('gif' => 'image/gif', - 'jpg' => 'image/jpeg', - 'jpeg' => 'image/jpeg', - 'png' => 'image/png', - 'png' => 'image/x-png' - ) - ); +$downloader->setAllowedExtensions( + array( + 'gif' => 'image/gif', + 'jpg' => 'image/jpeg', + 'jpeg' => 'image/jpeg', + 'png' => 'image/png', + 'png' => 'image/x-png' + ) +); COM_setArgNames(array('mode', 'image')); $mode = COM_applyFilter(COM_getArgument('mode')); @@ -73,12 +72,15 @@ case 'articles': $downloader->setPath($_CONF['path_images'] . 'articles/'); break; + case 'topics': $downloader->setPath($_CONF['path_images'] . 'topics/'); break; + case 'userphotos': $downloader->setPath($_CONF['path_images'] . 'userphotos/'); break; + default: // Hrm, got a bad path, just die exit; @@ -87,7 +89,6 @@ // Let's see if we don't have a legit file. If not bail $pathToImage = $downloader->getPath() . $image; if (is_file($pathToImage)) { - // support conditional GET, if possible $st = @stat($pathToImage); if (is_array($st)) { @@ -115,7 +116,7 @@ header('ETag: ' . $etag); } - if ($mode == 'show') { + if ($mode === 'show') { echo ''; } else { $downloader->downloadFile($image); @@ -127,9 +128,7 @@ header('HTTP/1.1 404 Not Found'); header('Status: 404 Not Found'); - if ($mode == 'show') { + if ($mode === 'show') { echo COM_createHTMLDocument($display); } } - -?> diff --git a/public_html/index.php b/public_html/index.php index 0608aee55..c16cec121 100644 --- a/public_html/index.php +++ b/public_html/index.php @@ -2,7 +2,7 @@ /* Reminder: always indent with 4 spaces (no tabs). */ // +---------------------------------------------------------------------------+ -// | Geeklog 1.6 | +// | Geeklog 2.1 | // +---------------------------------------------------------------------------+ // | index.php | // | | @@ -38,8 +38,8 @@ /** * Update array if need be with correct topic. * -* @param array A Array of articles from db -* @param string tid_list List of child topics of current topic +* @param array $A Array of articles from db +* @param string $tid_list List of child topics of current topic * */ function fixTopic(&$A, $tid_list) @@ -98,20 +98,19 @@ function fixTopic(&$A, $tid_list) } } - $displayall = false; -if (isset ($_GET['display'])) { - if (($_GET['display'] == 'all') && (empty ($topic))) { +if (isset($_GET['display'])) { + if (($_GET['display'] == 'all') && (empty($topic))) { $displayall = true; } } // Retrieve the archive topic - currently only one supported -$archivetid = DB_getItem ($_TABLES['topics'], 'tid', "archive_flag=1"); +$archivetid = DB_getItem($_TABLES['topics'], 'tid', "archive_flag=1"); $page = 1; -if (isset ($_GET['page'])) { - $page = COM_applyFilter ($_GET['page'], true); +if (isset($_GET['page'])) { + $page = COM_applyFilter($_GET['page'], true); if ($page == 0) { $page = 1; } @@ -121,19 +120,19 @@ function fixTopic(&$A, $tid_list) if (!$displayall) { // give plugins a chance to replace this page entirely - $newcontent = PLG_showCenterblock (0, $page, $topic); - if (!empty ($newcontent)) { + $newcontent = PLG_showCenterblock(0, $page, $topic); + if (!empty($newcontent)) { COM_output($newcontent); exit; } } -if (isset ($_GET['msg'])) { +if (isset($_GET['msg'])) { $plugin = ''; - if (isset ($_GET['plugin'])) { - $plugin = COM_applyFilter ($_GET['plugin']); + if (isset($_GET['plugin'])) { + $plugin = COM_applyFilter($_GET['plugin']); } - $display .= COM_showMessage (COM_applyFilter ($_GET['msg'], true), $plugin); + $display .= COM_showMessage(COM_applyFilter($_GET['msg'], true), $plugin); } if (SEC_inGroup('Root') && ($page == 1)) { @@ -168,16 +167,16 @@ function fixTopic(&$A, $tid_list) // Show any Plugin formatted blocks // Requires a plugin to have a function called plugin_centerblock_ -$displayBlock = PLG_showCenterblock (1, $page, $topic); // top blocks -if (!empty ($displayBlock)) { +$displayBlock = PLG_showCenterblock(1, $page, $topic); // top blocks +if (!empty($displayBlock)) { $display .= $displayBlock; // Check if theme has added the template which allows the centerblock // to span the top over the rightblocks if (file_exists($_CONF['path_layout'] . 'topcenterblock-span.thtml')) { $topspan = COM_newTemplate($_CONF['path_layout']); - $topspan->set_file (array ('topspan'=>'topcenterblock-span.thtml')); - $topspan->parse ('output', 'topspan'); - $display .= $topspan->finish ($topspan->get_var('output')); + $topspan->set_file(array('topspan'=>'topcenterblock-span.thtml')); + $topspan->parse('output', 'topspan'); + $display .= $topspan->finish($topspan->get_var('output')); $GLOBALS['centerspan'] = true; } } @@ -193,8 +192,8 @@ function fixTopic(&$A, $tid_list) if ($U['maxstories'] >= $_CONF['minnews']) { $maxstories = $U['maxstories']; } -if ((!empty ($topic)) && ($maxstories == 0)) { - $topiclimit = DB_getItem ($_TABLES['topics'], 'limitnews', +if ((!empty($topic)) && ($maxstories == 0)) { + $topiclimit = DB_getItem($_TABLES['topics'], 'limitnews', "tid = '{$topic}'"); if ($topiclimit >= $_CONF['minnews']) { $maxstories = $topiclimit; @@ -212,29 +211,29 @@ function fixTopic(&$A, $tid_list) // Scan for any stories that have expired and should be archived or deleted $asql = "SELECT sid,ta.tid,title,expire,statuscode FROM {$_TABLES['stories']}, {$_TABLES['topic_assignments']} ta "; $asql .= "WHERE (expire <= NOW()) AND ta.type = 'article' AND ta.id = sid AND ta.tdefault = 1 AND (statuscode = " . STORY_DELETE_ON_EXPIRE; -if (empty ($archivetid)) { +if (empty($archivetid)) { $asql .= ')'; } else { $asql .= ' OR statuscode = ' . STORY_ARCHIVE_ON_EXPIRE . ") AND ta.tid != '$archivetid'"; } $expiresql = DB_query($asql); -while (list ($sid, $expiretopic, $title, $expire, $statuscode) = DB_fetchArray ($expiresql)) { +while (list($sid, $expiretopic, $title, $expire, $statuscode) = DB_fetcharray($expiresql)) { if ($statuscode == STORY_ARCHIVE_ON_EXPIRE) { - if (!empty ($archivetid) ) { + if (!empty($archivetid) ) { COM_errorLog("Archive Story: $sid, Topic: $archivetid, Title: $title, Expired: $expire"); // Delete all topic references to story except topic default $asql = "DELETE FROM {$_TABLES['topic_assignments']} WHERE type = 'article' AND id = '{$sid}' AND tdefault = 0"; - DB_query ($asql); + DB_query($asql); // Now move over story to archive topic $asql = "UPDATE {$_TABLES['stories']} s, {$_TABLES['topic_assignments']} ta SET ta.tid = '$archivetid', s.frontpage = '0', s.featured = '0' WHERE s.sid='{$sid}' AND ta.type = 'article' AND ta.id = s.sid AND ta.tdefault = 1"; - DB_query ($asql); + DB_query($asql); } - } else if ($statuscode == STORY_DELETE_ON_EXPIRE) { + } elseif ($statuscode == STORY_DELETE_ON_EXPIRE) { COM_errorLog("Delete Story and comments: $sid, Topic: $expiretopic, Title: $title, Expired: $expire"); STORY_doDeleteThisStoryNow($sid); } @@ -243,8 +242,8 @@ function fixTopic(&$A, $tid_list) // Figure out different settings to display stories in a topic $sql = " (date <= NOW()) AND (draft_flag = 0)"; -if (empty ($topic)) { - $sql .= COM_getLangSQL ('tid', 'AND', 'ta'); +if (empty($topic)) { + $sql .= COM_getLangSQL('tid', 'AND', 'ta'); } // if a topic was provided only select those stories. @@ -266,7 +265,7 @@ function fixTopic(&$A, $tid_list) $sql .= " AND ta.tid != '{$archivetid}' "; } -$sql .= COM_getPermSQL ('AND', 0, 2, 's'); +$sql .= COM_getPermSQL('AND', 0, 2, 's'); if (!empty($U['aids'])) { $sql .= " AND s.uid NOT IN (" . str_replace( ' ', ",", $U['aids'] ) . ") "; @@ -276,7 +275,7 @@ function fixTopic(&$A, $tid_list) $sql .= " AND ta.tid NOT IN ('" . str_replace( ' ', "','", $U['tids'] ) . "') "; } -$sql .= COM_getTopicSQL ('AND', 0, 'ta') . ' '; +$sql .= COM_getTopicSQL('AND', 0, 'ta') . ' '; $offset = ($page - 1) * $limit; $userfields = 'u.uid, u.username, u.fullname'; @@ -316,71 +315,70 @@ function fixTopic(&$A, $tid_list) ta.type = 'article' AND ta.id = s.sid " . COM_getLangSQL('sid', 'AND', 's') . " AND {$sql} GROUP BY s.sid, ta.tid, expireunix, {$userfields}, t.topic, t.imageurl ORDER BY featured DESC, date DESC LIMIT {$offset}, {$limit}"; -$result = DB_query ($msql); +$result = DB_query($msql); //Figure out number of total pages -$data = DB_query ("SELECT s.sid FROM {$_TABLES['stories']} AS s, {$_TABLES['topic_assignments']} AS ta WHERE ta.type = 'article' AND ta.id = s.sid AND $sql GROUP BY s.sid"); -$nrows = DB_numRows ($data); -$num_pages = ceil ($nrows / $limit); +$data = DB_query("SELECT s.sid FROM {$_TABLES['stories']} AS s, {$_TABLES['topic_assignments']} AS ta WHERE ta.type = 'article' AND ta.id = s.sid AND $sql GROUP BY s.sid"); +$nrows = DB_numRows($data); +$num_pages = ceil($nrows / $limit); $breadcrumbs = ''; -if ( $A = DB_fetchArray( $result ) ) { +if ($A = DB_fetchArray($result)) { fixTopic($A, $tid_list); $story = new Story(); $story->loadFromArray($A); - if ( $_CONF['showfirstasfeatured'] == 1 ) { + if ($_CONF['showfirstasfeatured'] == 1) { $story->_featured = 1; } - // Display breadcrumb trail if (!empty($topic)) { $breadcrumbs = TOPIC_breadcrumbs('topic', $topic); - if ($_CONF['supported_version_theme'] == '1.8.1') { + if ($_CONF['supported_version_theme'] === '1.8.1') { $display .= $breadcrumbs; } } // display first article - $display .= STORY_renderArticle ($story, 'y'); + $display .= STORY_renderArticle($story, 'y'); // get plugin center blocks after featured article if ($story->DisplayElements('featured') == 1) { - $display .= PLG_showCenterblock (2, $page, $topic); + $display .= PLG_showCenterblock(2, $page, $topic); } // get remaining stories - while ($A = DB_fetchArray ($result)) { + while ($A = DB_fetcharray($result)) { fixTopic($A, $tid_list); $story = new Story(); $story->loadFromArray($A); - $display .= STORY_renderArticle ($story, 'y'); + $display .= STORY_renderArticle($story, 'y'); } // get plugin center blocks that follow articles - $display .= PLG_showCenterblock (3, $page, $topic); // bottom blocks + $display .= PLG_showCenterblock(3, $page, $topic); // bottom blocks // Print Google-like paging navigation - if (!isset ($_CONF['hide_main_page_navigation']) || + if (!isset($_CONF['hide_main_page_navigation']) || ($_CONF['hide_main_page_navigation'] == 0)) { - if (empty ($topic)) { + if (empty($topic)) { $base_url = $_CONF['site_url'] . '/index.php'; } else { $base_url = $_CONF['site_url'] . '/index.php?topic=' . $topic; } - $display .= COM_printPageNavigation ($base_url, $page, $num_pages); + $display .= COM_printPageNavigation($base_url, $page, $num_pages); } } else { // no stories to display if ($page == 1) { - if (!isset ($_CONF['hide_no_news_msg']) || + if (!isset($_CONF['hide_no_news_msg']) || ($_CONF['hide_no_news_msg'] == 0)) { - $display .= COM_startBlock ($LANG05[1], '', - COM_getBlockTemplate ('_msg_block', 'header')) . $LANG05[2]; - $display .= COM_endBlock (COM_getBlockTemplate ('_msg_block', 'footer')); + $display .= COM_startBlock($LANG05[1], '', + COM_getBlockTemplate('_msg_block', 'header')) . $LANG05[2]; + $display .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer')); } - $display .= PLG_showCenterblock (3, $page, $topic); // bottom blocks + $display .= PLG_showCenterblock(3, $page, $topic); // bottom blocks } else { $topic_url = ''; if (!empty($topic)) { @@ -392,12 +390,11 @@ function fixTopic(&$A, $tid_list) $header = ''; -if ($topic) -{ +if ($topic) { // Meta Tags if ($_CONF['meta_tags'] > 0) { - $result = DB_query ("SELECT meta_description, meta_keywords FROM {$_TABLES['topics']} WHERE tid = '{$topic}'"); - $A = DB_fetchArray ($result); + $result = DB_query("SELECT meta_description, meta_keywords FROM {$_TABLES['topics']} WHERE tid = '{$topic}'"); + $A = DB_fetcharray($result); $header .= LB . PLG_getMetaTags( 'homepage', '', array( @@ -414,9 +411,14 @@ function fixTopic(&$A, $tid_list) } } -$display = COM_createHTMLDocument($display, array('breadcrumbs' => $breadcrumbs, 'headercode' => $header, 'rightblock' => true)); +$display = COM_createHTMLDocument( + $display, + array( + 'breadcrumbs' => $breadcrumbs, + 'headercode' => $header, + 'rightblock' => true + ) +); // Output page COM_output($display); - -?> diff --git a/public_html/pingback.php b/public_html/pingback.php index 1253ab4e7..934a29cce 100644 --- a/public_html/pingback.php +++ b/public_html/pingback.php @@ -2,7 +2,7 @@ /* Reminder: always indent with 4 spaces (no tabs). */ // +---------------------------------------------------------------------------+ -// | Geeklog 1.6 | +// | Geeklog 2.1 | // +---------------------------------------------------------------------------+ // | pingback.php | // | | @@ -41,7 +41,7 @@ // Note: Error messages are hard-coded in English since there is no way of // knowing which language the sender of the pingback may prefer. -$PNB_ERROR = array ( +$PNB_ERROR = array( 'success' => 'Thank you.', // success message; not an error ... 'skipped' => '(skipped)', // not an error 'spam' => 'Spam detected.', @@ -52,7 +52,6 @@ 'multiple' => 'Multiple posts not allowed.' ); - /** * Handle a pingback for an entry. * @@ -66,26 +65,26 @@ * @return object XML-RPC response * */ -function PNB_handlePingback ($id, $type, $url, $oururl) +function PNB_handlePingback($id, $type, $url, $oururl) { global $_CONF, $_TABLES, $PNB_ERROR; require_once 'HTTP/Request.php'; - if (!isset ($_CONF['check_trackback_link'])) { + if (!isset($_CONF['check_trackback_link'])) { $_CONF['check_trackback_link'] = 2; } // handle pingbacks to articles on our own site $skip_speedlimit = false; if ($_SERVER['REMOTE_ADDR'] == $_SERVER['SERVER_ADDR']) { - if (!isset ($_CONF['pingback_self'])) { + if (!isset($_CONF['pingback_self'])) { $_CONF['pingback_self'] = 0; // default: skip self-pingbacks } if ($_CONF['pingback_self'] == 0) { - return new XML_RPC_Response (new XML_RPC_Value ($PNB_ERROR['skipped'])); - } else if ($_CONF['pingback_self'] == 2) { + return new XML_RPC_Response(new XML_RPC_Value($PNB_ERROR['skipped'])); + } elseif ($_CONF['pingback_self'] == 2) { $skip_speedlimit = true; } } @@ -94,26 +93,26 @@ function PNB_handlePingback ($id, $type, $url, $oururl) if (!$skip_speedlimit) { $last = COM_checkSpeedlimit ('pingback'); if ($last > 0) { - return new XML_RPC_Response (0, 49, - sprintf ($PNB_ERROR['speedlimit'], $last, + return new XML_RPC_Response(0, 49, + sprintf($PNB_ERROR['speedlimit'], $last, $_CONF['commentspeedlimit'])); } } // update speed limit in any case - COM_updateSpeedlimit ('pingback'); + COM_updateSpeedlimit('pingback'); if ($_SERVER['REMOTE_ADDR'] != $_SERVER['SERVER_ADDR']) { if ($_CONF['check_trackback_link'] & 4) { $parts = parse_url ($url); - if (empty ($parts['host'])) { - TRB_logRejected ('Pingback: No valid URL', $url); - return new XML_RPC_Response (0, 33, $PNB_ERROR['uri_invalid']); + if (empty($parts['host'])) { + TRB_logRejected('Pingback: No valid URL', $url); + return new XML_RPC_Response(0, 33, $PNB_ERROR['uri_invalid']); } else { - $ip = gethostbyname ($parts['host']); + $ip = gethostbyname($parts['host']); if ($ip != $_SERVER['REMOTE_ADDR']) { - TRB_logRejected ('Pingback: IP address mismatch', $url); - return new XML_RPC_Response (0, 49, $PNB_ERROR['spam']); + TRB_logRejected('Pingback: IP address mismatch', $url); + return new XML_RPC_Response(0, 49, $PNB_ERROR['spam']); } } } @@ -124,14 +123,14 @@ function PNB_handlePingback ($id, $type, $url, $oururl) $title = ''; $excerpt = ''; $req = new HTTP_Request ($url); - $req->addHeader ('User-Agent', 'Geeklog/' . VERSION); - $response = $req->sendRequest (); - if (PEAR::isError ($response)) { + $req->addHeader('User-Agent', 'Geeklog/' . VERSION); + $response = $req->sendRequest(); + if (PEAR::isError($response)) { if ($_CONF['check_trackback_link'] & 3) { // we were supposed to check for backlinks but didn't get the page - COM_errorLog ("Pingback verification: " . $response->getMessage() + COM_errorLog("Pingback verification: " . $response->getMessage() . " when requesting $url"); - return new XML_RPC_Response (0, 33, $PNB_ERROR['uri_invalid']); + return new XML_RPC_Response(0, 33, $PNB_ERROR['uri_invalid']); } // else: silently ignore errors - we'll simply do without the title } else { @@ -139,24 +138,23 @@ function PNB_handlePingback ($id, $type, $url, $oururl) $body = $req->getResponseBody (); if ($_CONF['check_trackback_link'] & 3) { - if (!TRB_containsBacklink ($body, $oururl)) { - TRB_logRejected ('Pingback: No link to us', $url); - $comment = TRB_formatComment ($url); - PLG_spamAction ($comment, $_CONF['spamx']); + if (!TRB_containsBacklink($body, $oururl)) { + TRB_logRejected('Pingback: No link to us', $url); + $comment = TRB_formatComment($url); + PLG_spamAction($comment, $_CONF['spamx']); - return new XML_RPC_Response (0, 49, $PNB_ERROR['spam']); + return new XML_RPC_Response(0, 49, $PNB_ERROR['spam']); } } preg_match (':(.*):i', $body, $content); - if (empty ($content[1])) { + if (empty($content[1])) { $title = ''; // no title found } else { $title = trim (COM_undoSpecialChars ($content[1])); } if ($_CONF['pingback_excerpt']) { - // Check which character set the site that sent the Pingback // is using $charset = 'ISO-8859-1'; // default, see RFC 2616, 3.7.1 @@ -166,8 +164,8 @@ function PNB_handlePingback ($id, $type, $url, $oururl) $c = explode(';', $ctype); foreach ($c as $ct) { $ch = explode('=', trim($ct)); - if (count($ch) == 2) { - if(trim($ch[0]) == 'charset') { + if (count($ch) === 2) { + if(trim($ch[0]) === 'charset') { $charset = trim($ch[1]); break; } @@ -176,8 +174,7 @@ function PNB_handlePingback ($id, $type, $url, $oururl) } if (!empty($charset) && - (strcasecmp($charset, COM_getCharset()) != 0)) { - + (strcasecmp($charset, COM_getCharset()) !== 0)) { if (function_exists('mb_convert_encoding')) { $body = @mb_convert_encoding($body, COM_getCharset(), $charset); @@ -192,35 +189,35 @@ function PNB_handlePingback ($id, $type, $url, $oururl) // we could also run the rest of the other site's page // through the spam filter here ... - } else if ($_CONF['check_trackback_link'] & 3) { - COM_errorLog ("Pingback verification: Got HTTP response code " + } elseif ($_CONF['check_trackback_link'] & 3) { + COM_errorLog("Pingback verification: Got HTTP response code " . $req->getResponseCode () . " when requesting $url"); - return new XML_RPC_Response (0, 33, $PNB_ERROR['uri_invalid']); + return new XML_RPC_Response(0, 33, $PNB_ERROR['uri_invalid']); } // else: silently ignore errors - we'll simply do without the title } // check for spam first - $saved = TRB_checkForSpam ($url, $title, '', $excerpt); + $saved = TRB_checkForSpam($url, $title, '', $excerpt); if ($saved == TRB_SAVE_SPAM) { - return new XML_RPC_Response (0, 49, $PNB_ERROR['spam']); + return new XML_RPC_Response(0, 49, $PNB_ERROR['spam']); } // save as a trackback comment - $saved = TRB_saveTrackbackComment ($id, $type, $url, $title, '', $excerpt); + $saved = TRB_saveTrackbackComment($id, $type, $url, $title, '', $excerpt); if ($saved == TRB_SAVE_REJECT) { - return new XML_RPC_Response (0, 49, $PNB_ERROR['multiple']); + return new XML_RPC_Response(0, 49, $PNB_ERROR['multiple']); } - if (isset ($_CONF['notification']) && - in_array ('pingback', $_CONF['notification'])) { - TRB_sendNotificationEmail ($saved, 'pingback'); + if (isset($_CONF['notification']) && + in_array('pingback', $_CONF['notification'])) { + TRB_sendNotificationEmail($saved, 'pingback'); } - return new XML_RPC_Response (new XML_RPC_Value ($PNB_ERROR['success'])); + return new XML_RPC_Response(new XML_RPC_Value($PNB_ERROR['success'])); } /** @@ -230,13 +227,13 @@ function PNB_handlePingback ($id, $type, $url, $oururl) * @return boolean true = is a URL on our site * */ -function PNB_validURL ($url) +function PNB_validURL($url) { global $_CONF; $retval = false; - if (substr ($url, 0, strlen ($_CONF['site_url'])) == $_CONF['site_url']) { + if (substr($url, 0, strlen($_CONF['site_url'])) == $_CONF['site_url']) { $retval = true; } @@ -253,20 +250,20 @@ function PNB_validURL ($url) * @return string 'article' or plugin name or empty string for error * */ -function PNB_getType ($url) +function PNB_getType($url) { global $_CONF, $_TABLES; $retval = ''; - $part = substr ($url, strlen ($_CONF['site_url']) + 1); - if (substr ($part, 0, strlen ('article.php')) == 'article.php') { + $part = substr($url, strlen($_CONF['site_url']) + 1); + if (substr($part, 0, strlen('article.php')) === 'article.php') { $retval = 'article'; } else { - $parts = explode ('/', $part); - if (strpos ($parts[0], '?') === false) { + $parts = explode('/', $part); + if (strpos($parts[0], '?') === false) { $plugin = DB_escapeString($parts[0]); - if (DB_getItem ($_TABLES['plugins'], 'pi_enabled', + if (DB_getItem($_TABLES['plugins'], 'pi_enabled', "pi_name = '$plugin'") == 1) { $retval = $parts[0]; } @@ -285,36 +282,36 @@ function PNB_getType ($url) * @return string story ID or empty string for error * */ -function PNB_getSid ($url) +function PNB_getSid($url) { global $_CONF, $_TABLES; $retval = ''; $sid = ''; - $params = substr ($url, strlen ($_CONF['site_url'] . '/article.php')); - if (substr ($params, 0, 1) == '?') { // old-style URL - $pos = strpos ($params, 'story='); + $params = substr($url, strlen($_CONF['site_url'] . '/article.php')); + if (substr($params, 0, 1) === '?') { // old-style URL + $pos = strpos($params, 'story='); if ($pos !== false) { - $part = substr ($params, $pos + strlen ('story=')); - $parts = explode ('&', $part); + $part = substr($params, $pos + strlen('story=')); + $parts = explode('&', $part); $sid = $parts[0]; } - } else if (substr ($params, 0, 1) == '/') { // rewritten URL - $parts = explode ('/', substr ($params, 1)); + } elseif (substr($params, 0, 1) == '/') { // rewritten URL + $parts = explode('/', substr($params, 1)); $sid = $parts[0]; } - if (!empty ($sid)) { - $parts = explode ('#', $sid); + if (!empty($sid)) { + $parts = explode('#', $sid); $sid = $parts[0]; } // okay, so we have a SID - but are they allowed to access the story? - if (!empty ($sid)) { + if (!empty($sid)) { $testsid = DB_escapeString($sid); - $result = DB_query ("SELECT trackbackcode FROM {$_TABLES['stories']}, {$_TABLES['topic_assignments']} ta WHERE ta.type = 'article' AND ta.id = sid AND sid = '$testsid'" . COM_getPermSql ('AND') . COM_getTopicSql ('AND', 0, ta)); - if (DB_numRows ($result) == 1) { - $A = DB_fetchArray ($result); + $result = DB_query("SELECT trackbackcode FROM {$_TABLES['stories']}, {$_TABLES['topic_assignments']} ta WHERE ta.type = 'article' AND ta.id = sid AND sid = '$testsid'" . COM_getPermSql ('AND') . COM_getTopicSql ('AND', 0, ta)); + if (DB_numRows($result) == 1) { + $A = DB_fetchArray($result); if ($A['trackbackcode'] == 0) { $retval = $sid; } @@ -331,55 +328,56 @@ function PNB_getSid ($url) * @return object XML-RPC response * */ -function PNB_receivePing ($params) +function PNB_receivePing($params) { global $_CONF, $_TABLES, $PNB_ERROR; if (!$_CONF['pingback_enabled']) { - return new XML_RPC_Response (0, 33, $PNB_ERROR['disabled']); + return new XML_RPC_Response(0, 33, $PNB_ERROR['disabled']); } - $s = $params->getParam (0); - $p1 = $s->scalarval (); // the page linking to us + $s = $params->getParam(0); + $p1 = $s->scalarval(); // the page linking to us if (is_array ($p1)) { // WordPress sends the 2 URIs as an array ... - $sourceURI = $p1[0]->scalarval (); - $targetURI = $p1[1]->scalarval (); + $sourceURI = $p1[0]->scalarval(); + $targetURI = $p1[1]->scalarval(); } else { $sourceURI = $p1; - $s = $params->getParam (1); - $targetURI = $s->scalarval (); // the page being linked to (on our site) + $s = $params->getParam(1); + $targetURI = $s->scalarval(); // the page being linked to (on our site) } - if (!PNB_validURL ($targetURI)) { - return new XML_RPC_Response (0, 33, $PNB_ERROR['uri_invalid']); + if (!PNB_validURL($targetURI)) { + return new XML_RPC_Response(0, 33, $PNB_ERROR['uri_invalid']); } - $type = PNB_getType ($targetURI); - if (empty ($type)) { - return new XML_RPC_Response (0, 33, $PNB_ERROR['uri_invalid']); + $type = PNB_getType($targetURI); + if (empty($type)) { + return new XML_RPC_Response(0, 33, $PNB_ERROR['uri_invalid']); } - if ($type == 'article') { - $id = PNB_getSid ($targetURI); + if ($type === 'article') { + $id = PNB_getSid($targetURI); } else { - $id = PLG_handlePingComment ($type, $targetURI, 'acceptByURI'); + $id = PLG_handlePingComment($type, $targetURI, 'acceptByURI'); } - if (empty ($id)) { - return new XML_RPC_Response (0, 49, $PNB_ERROR['no_access']); + if (empty($id)) { + return new XML_RPC_Response(0, 49, $PNB_ERROR['no_access']); } - return PNB_handlePingback ($id, $type, $sourceURI, $targetURI); + return PNB_handlePingback($id, $type, $sourceURI, $targetURI); } - // MAIN // fire up the XML-RPC server - it does all the work for us -$s = new XML_RPC_Server ( array ( - 'pingback.ping' => array ('function' => 'PNB_receivePing') - )); - -?> +$s = new XML_RPC_Server( + array( + 'pingback.ping' => array ( + 'function' => 'PNB_receivePing' + ) + ) +); diff --git a/public_html/profiles.php b/public_html/profiles.php index b324dd2a3..f6d548953 100644 --- a/public_html/profiles.php +++ b/public_html/profiles.php @@ -2,7 +2,7 @@ /* Reminder: always indent with 4 spaces (no tabs). */ // +---------------------------------------------------------------------------+ -// | Geeklog 1.8 | +// | Geeklog 2.1 | // +---------------------------------------------------------------------------+ // | profiles.php | // | | @@ -49,7 +49,7 @@ * @param string $message Text of message to send * @return string Meta redirect or HTML for the contact form */ -function contactemail($uid,$cc,$author,$authoremail,$subject,$message) +function contactemail($uid, $cc, $author, $authoremail, $subject, $message) { global $_CONF, $_TABLES, $_USER, $LANG04, $LANG08, $LANG12; @@ -63,21 +63,17 @@ function contactemail($uid,$cc,$author,$authoremail,$subject,$message) } // check for correct 'to' user preferences - $result = DB_query ("SELECT emailfromadmin,emailfromuser FROM {$_TABLES['userprefs']} WHERE uid = '$uid'"); - $P = DB_fetchArray ($result); - if (SEC_inGroup ('Root') || SEC_hasRights ('user.mail')) { - $isAdmin = true; - } else { - $isAdmin = false; - } + $result = DB_query("SELECT emailfromadmin,emailfromuser FROM {$_TABLES['userprefs']} WHERE uid = '$uid'"); + $P = DB_fetchArray($result); + $isAdmin = SEC_inGroup('Root') || SEC_hasRights('user.mail'); if ((($P['emailfromadmin'] != 1) && $isAdmin) || (($P['emailfromuser'] != 1) && !$isAdmin)) { - return COM_refresh ($_CONF['site_url'] . '/index.php?msg=85'); + return COM_refresh($_CONF['site_url'] . '/index.php?msg=85'); } // check mail speedlimit - COM_clearSpeedlimit ($_CONF['speedlimit'], 'mail'); - $last = COM_checkSpeedlimit ('mail'); + COM_clearSpeedlimit($_CONF['speedlimit'], 'mail'); + $last = COM_checkSpeedlimit('mail'); if ($last > 0) { $retval = COM_showMessageText($LANG08[39] . $last . $LANG08[40], $LANG12[26]); $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG04[81])); @@ -95,45 +91,45 @@ function contactemail($uid,$cc,$author,$authoremail,$subject,$message) if (!COM_isAnonUser()) { $sig = DB_getItem($_TABLES['users'], 'sig', "uid={$_USER['uid']}"); - if (!empty ($sig)) { - $sig = strip_tags (COM_stripslashes ($sig)); + if (!empty($sig)) { + $sig = strip_tags(COM_stripslashes($sig)); $sig = "\n\n-- \n" . $sig; } } - $subject = COM_stripslashes ($subject); - $message = COM_stripslashes ($message); + $subject = COM_stripslashes($subject); + $message = COM_stripslashes($message); // do a spam check with the unfiltered message text and subject $mailtext = $subject . "\n" . $message . $sig; - $result = PLG_checkforSpam ($mailtext, $_CONF['spamx']); + $result = PLG_checkforSpam($mailtext, $_CONF['spamx']); if ($result > 0) { - COM_updateSpeedlimit ('mail'); - COM_displayMessageAndAbort ($result, 'spamx', 403, 'Forbidden'); + COM_updateSpeedlimit('mail'); + COM_displayMessageAndAbort($result, 'spamx', 403, 'Forbidden'); } - $msg = PLG_itemPreSave ('contact', $message); - if (!empty ($msg)) { - $retval = COM_errorLog ($msg, 2) - . contactform ($uid, $cc, $subject, $message); + $msg = PLG_itemPreSave('contact', $message); + if (!empty($msg)) { + $retval = COM_errorLog($msg, 2) + . contactform($uid, $cc, $subject, $message); $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG04[81])); return $retval; } - $subject = strip_tags ($subject); - $subject = substr ($subject, 0, strcspn ($subject, "\r\n")); - $message = strip_tags ($message) . $sig; - if (!empty ($A['fullname'])) { - $to = COM_formatEmailAddress ($A['fullname'], $A['email']); + $subject = strip_tags($subject); + $subject = substr($subject, 0, strcspn($subject, "\r\n")); + $message = strip_tags($message) . $sig; + if (!empty($A['fullname'])) { + $to = COM_formatEmailAddress($A['fullname'], $A['email']); } else { - $to = COM_formatEmailAddress ($A['username'], $A['email']); + $to = COM_formatEmailAddress($A['username'], $A['email']); } - $from = COM_formatEmailAddress ($author, $authoremail); + $from = COM_formatEmailAddress($author, $authoremail); $sent = COM_mail($to, $subject, $message, $from); - if ($sent && $_CONF['mail_cc_enabled'] && isset($_POST['cc']) && ($_POST['cc'] == 'on')) { + if ($sent && $_CONF['mail_cc_enabled'] && isset($_POST['cc']) && ($_POST['cc'] === 'on')) { $ccmessage = sprintf($LANG08[38], COM_getDisplayName($uid, $A['username'], $A['fullname'])); $ccmessage .= "\n------------------------------------------------------------\n\n" . $message; @@ -147,19 +143,19 @@ function contactemail($uid,$cc,$author,$authoremail,$subject,$message) . '/users.php?mode=profile&uid=' . $uid . '&msg=' . ($sent ? '27' : '85')); } else { - $subject = strip_tags ($subject); - $subject = substr ($subject, 0, strcspn ($subject, "\r\n")); - $subject = htmlspecialchars (trim ($subject), ENT_QUOTES); - $retval = COM_errorLog ($LANG08[3], 2) - . contactform ($uid, $cc, $subject, $message); + $subject = strip_tags($subject); + $subject = substr($subject, 0, strcspn($subject, "\r\n")); + $subject = htmlspecialchars(trim($subject), ENT_QUOTES); + $retval = COM_errorLog($LANG08[3], 2) + . contactform($uid, $cc, $subject, $message); $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG04[81])); } } else { - $subject = strip_tags ($subject); - $subject = substr ($subject, 0, strcspn ($subject, "\r\n")); - $subject = htmlspecialchars (trim ($subject), ENT_QUOTES); - $retval = COM_errorLog ($LANG08[4], 2) - . contactform ($uid, $cc, $subject, $message); + $subject = strip_tags($subject); + $subject = substr($subject, 0, strcspn($subject, "\r\n")); + $subject = htmlspecialchars(trim($subject), ENT_QUOTES); + $retval = COM_errorLog($LANG08[4], 2) + . contactform($uid, $cc, $subject, $message); $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG04[81])); } @@ -176,7 +172,7 @@ function contactemail($uid,$cc,$author,$authoremail,$subject,$message) * @return string HTML for the contact form * */ -function contactform ($uid, $cc = false, $subject = '', $message = '') +function contactform($uid, $cc = false, $subject = '', $message = '') { global $_CONF, $_TABLES, $_USER, $LANG08; @@ -186,38 +182,34 @@ function contactform ($uid, $cc = false, $subject = '', $message = '') ($_CONF['emailuserloginrequired'] == 1))) { $retval .= SEC_loginRequiredForm(); } else { - if (SEC_inGroup ('Root') || SEC_hasRights ('user.mail')) { - $isAdmin = true; - } else { - $isAdmin = false; - } + $isAdmin = SEC_inGroup('Root') || SEC_hasRights('user.mail'); // Check email address okay and user preference regarding email $continue = false; $msg_no_mail = $LANG08[35]; - $result = DB_query ("SELECT email FROM {$_TABLES['users']} WHERE uid = '$uid'"); + $result = DB_query("SELECT email FROM {$_TABLES['users']} WHERE uid = '$uid'"); $nrows = DB_numRows($result); if ($nrows == 1) { - $P = DB_fetchArray ($result); + $P = DB_fetchArray($result); if (!empty($P['email'])) { if (COM_isEMail($P['email'])) { $continue = true; - } elseif ($isAdmin ) { + } elseif ($isAdmin) { $msg_no_mail = $LANG08[43]; // Email invalid } - } elseif ($isAdmin ) { + } elseif ($isAdmin) { $msg_no_mail = $LANG08[42]; // Email doesn't exist } - } elseif ($isAdmin ) { + } elseif ($isAdmin) { $msg_no_mail = $LANG08[41]; // User doesn't exist } // Check if User wants mail from someone if ($continue) { - $result = DB_query ("SELECT emailfromadmin,emailfromuser FROM {$_TABLES['userprefs']} WHERE uid = '$uid'"); - $P = DB_fetchArray ($result); + $result = DB_query("SELECT emailfromadmin,emailfromuser FROM {$_TABLES['userprefs']} WHERE uid = '$uid'"); + $P = DB_fetchArray($result); if ($continue && ((($P['emailfromadmin'] == 1) && $isAdmin) || (($P['emailfromuser'] == 1) && !$isAdmin))) { $continue = true; @@ -226,9 +218,8 @@ function contactform ($uid, $cc = false, $subject = '', $message = '') } } - $displayname = COM_getDisplayName ($uid); + $displayname = COM_getDisplayName($uid); if ($continue) { - if ($cc) { $cc = ' checked="checked"'; } else { @@ -241,28 +232,28 @@ function contactform ($uid, $cc = false, $subject = '', $message = '') $mail_template->set_var('lang_username', $LANG08[11]); if (COM_isAnonUser()) { $sender = ''; - if (isset ($_POST['author'])) { - $sender = strip_tags ($_POST['author']); - $sender = substr ($sender, 0, strcspn ($sender, "\r\n")); - $sender = htmlspecialchars (trim ($sender), ENT_QUOTES); + if (isset($_POST['author'])) { + $sender = strip_tags($_POST['author']); + $sender = substr($sender, 0, strcspn($sender, "\r\n")); + $sender = htmlspecialchars(trim($sender), ENT_QUOTES); } - $mail_template->set_var ('username', $sender); + $mail_template->set_var('username', $sender); } else { - $mail_template->set_var ('username', - COM_getDisplayName ($_USER['uid'], $_USER['username'], + $mail_template->set_var('username', + COM_getDisplayName($_USER['uid'], $_USER['username'], $_USER['fullname'])); } - $mail_template->set_var ('lang_useremail', $LANG08[12]); + $mail_template->set_var('lang_useremail', $LANG08[12]); if (COM_isAnonUser()) { $email = ''; - if (isset ($_POST['authoremail'])) { - $email = strip_tags ($_POST['authoremail']); - $email = substr ($email, 0, strcspn ($email, "\r\n")); - $email = htmlspecialchars (trim ($email), ENT_QUOTES); + if (isset($_POST['authoremail'])) { + $email = strip_tags($_POST['authoremail']); + $email = substr($email, 0, strcspn($email, "\r\n")); + $email = htmlspecialchars(trim($email), ENT_QUOTES); } - $mail_template->set_var ('useremail', $email); + $mail_template->set_var('useremail', $email); } else { - $mail_template->set_var ('useremail', $_USER['email']); + $mail_template->set_var('useremail', $_USER['email']); } if (!$_CONF['mail_cc_enabled']) { $mail_template->set_var('cc_enabled', ' style="display: none"'); @@ -348,23 +339,23 @@ function mailstory($sid, $to, $toemail, $from, $fromemail, $shortmsg) return COM_refresh($_CONF['site_url'] . '/index.php'); } - $shortmsg = COM_stripslashes ($shortmsg); - $mailtext = sprintf ($LANG08[23], $from, $fromemail) . LB; + $shortmsg = COM_stripslashes($shortmsg); + $mailtext = sprintf($LANG08[23], $from, $fromemail) . LB; if (strlen ($shortmsg) > 0) { - $mailtext .= LB . sprintf ($LANG08[28], $from) . $shortmsg . LB; + $mailtext .= LB . sprintf($LANG08[28], $from) . $shortmsg . LB; } // just to make sure this isn't an attempt at spamming users ... - $result = PLG_checkforSpam ($mailtext, $_CONF['spamx']); + $result = PLG_checkforSpam($mailtext, $_CONF['spamx']); if ($result > 0) { - COM_updateSpeedlimit ('mail'); - COM_displayMessageAndAbort ($result, 'spamx', 403, 'Forbidden'); + COM_updateSpeedlimit('mail'); + COM_displayMessageAndAbort($result, 'spamx', 403, 'Forbidden'); } $mailtext .= '------------------------------------------------------------' . LB . LB . COM_undoSpecialChars($story->displayElements('title')) . LB - . strftime ($_CONF['date'], $story->DisplayElements('unixdate')) . LB; + . strftime($_CONF['date'], $story->DisplayElements('unixdate')) . LB; if ($_CONF['contributedbyline'] == 1) { $author = COM_getDisplayName($story->displayElements('uid')); @@ -388,11 +379,11 @@ function mailstory($sid, $to, $toemail, $from, $fromemail, $shortmsg) if ($story->DisplayElements('commentcode') == 0) { // comments allowed $mailtext .= $LANG08[24] . LB - . COM_buildUrl ($_CONF['site_url'] . '/article.php?story=' + . COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $sid . '#comments'); } else { // comments not allowed - just add the story's URL $mailtext .= $LANG08[33] . LB - . COM_buildUrl ($_CONF['site_url'] . '/article.php?story=' + . COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $sid); } @@ -402,17 +393,17 @@ function mailstory($sid, $to, $toemail, $from, $fromemail, $shortmsg) $sent = COM_mail($mailto, $subject, $mailtext, $mailfrom); - if ($sent && $_CONF['mail_cc_enabled'] && isset($_POST['cc']) && ($_POST['cc'] == 'on')) { + if ($sent && $_CONF['mail_cc_enabled'] && isset($_POST['cc']) && ($_POST['cc'] === 'on')) { $ccmessage = sprintf($LANG08[38], $to); $ccmessage .= "\n------------------------------------------------------------\n\n" . $mailtext; $sent = COM_mail($mailfrom, $subject, $ccmessage, $mailfrom); } - COM_updateSpeedlimit ('mail'); + COM_updateSpeedlimit('mail'); // Increment numemails counter for story - DB_query ("UPDATE {$_TABLES['stories']} SET numemails = numemails + 1 WHERE sid = '$sid'"); + DB_query("UPDATE {$_TABLES['stories']} SET numemails = numemails + 1 WHERE sid = '$sid'"); if ($_CONF['url_rewrite']) { $retval = COM_refresh($storyurl . '?msg=' . ($sent ? '27' : '85')); @@ -437,7 +428,7 @@ function mailstory($sid, $to, $toemail, $from, $fromemail, $shortmsg) * @return string HTML for email story form * */ -function mailstoryform ($sid, $cc=false, $to = '', $toemail = '', $from = '', +function mailstoryform($sid, $cc = false, $to = '', $toemail = '', $from = '', $fromemail = '', $shortmsg = '', $msg = 0) { global $_CONF, $_TABLES, $_USER, $LANG08; @@ -464,20 +455,16 @@ function mailstoryform ($sid, $cc=false, $to = '', $toemail = '', $from = '', $retval .= COM_showMessage ($msg); } - if (empty ($from) && empty ($fromemail)) { + if (empty($from) && empty($fromemail)) { if (!COM_isAnonUser()) { - $from = COM_getDisplayName ($_USER['uid'], $_USER['username'], + $from = COM_getDisplayName($_USER['uid'], $_USER['username'], $_USER['fullname']); $fromemail = DB_getItem ($_TABLES['users'], 'email', "uid = {$_USER['uid']}"); } } - if ($cc) { - $cc = ' checked="checked"'; - } else { - $cc = ''; - } + $cc = $cc ? ' checked="checked"' : ''; $mail_template = COM_newTemplate($_CONF['path_layout'] . 'profiles'); $mail_template->set_file('form', 'contactauthorform.thtml'); @@ -517,14 +504,13 @@ function mailstoryform ($sid, $cc=false, $to = '', $toemail = '', $from = '', return $retval; } - // MAIN $display = ''; -if (isset ($_POST['what'])) { - $what = COM_applyFilter ($_POST['what']); -} else if (isset ($_GET['what'])) { - $what = COM_applyFilter ($_GET['what']); +if (isset($_POST['what'])) { + $what = COM_applyFilter($_POST['what']); +} else if (isset($_GET['what'])) { + $what = COM_applyFilter($_GET['what']); } else { $what = ''; } @@ -537,25 +523,25 @@ function mailstoryform ($sid, $cc=false, $to = '', $toemail = '', $from = '', switch ($what) { case 'contact': - $uid = COM_applyFilter ($_POST['uid'], true); + $uid = COM_applyFilter($_POST['uid'], true); if ($uid > 1) { - $display .= contactemail ($uid, $cc, $_POST['author'], + $display .= contactemail($uid, $cc, $_POST['author'], $_POST['authoremail'], $_POST['subject'], $_POST['message']); } else { - $display .= COM_refresh ($_CONF['site_url'] . '/index.php'); + $display .= COM_refresh($_CONF['site_url'] . '/index.php'); } break; case 'emailstory': - $sid = COM_applyFilter ($_GET['sid']); - if (empty ($sid)) { - $display = COM_refresh ($_CONF['site_url'] . '/index.php'); - } else if ($_CONF['hideemailicon'] == 1) { - $display = COM_refresh (COM_buildUrl ($_CONF['site_url'] + $sid = COM_applyFilter($_GET['sid']); + if (empty($sid)) { + $display = COM_refresh($_CONF['site_url'] . '/index.php'); + } elseif ($_CONF['hideemailicon'] == 1) { + $display = COM_refresh(COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $sid)); } else { - $display = mailstoryform ($sid, $_CONF['mail_cc_default']); + $display = mailstoryform($sid, $_CONF['mail_cc_default']); $display = COM_createHTMLDocument($display, array('pagetitle' => $LANG08[17])); } break; @@ -570,14 +556,13 @@ function mailstoryform ($sid, $cc=false, $to = '', $toemail = '', $from = '', !COM_isEmail($_POST['fromemail']) || (strpos($_POST['to'], '@') !== false) || (strpos($_POST['from'], '@') !== false)) { - $display = mailstoryform ($sid, $cc, COM_applyFilter($_POST['to']), + $display = mailstoryform($sid, $cc, COM_applyFilter($_POST['to']), COM_applyFilter($_POST['toemail']), COM_applyFilter($_POST['from']), COM_applyFilter($_POST['fromemail']), $_POST['shortmsg'], 52); $display = COM_createHTMLDocument($display, array('pagetitle' => $LANG08[17])); - - } else if (empty($_POST['to']) || empty($_POST['from']) || + } elseif (empty($_POST['to']) || empty($_POST['from']) || empty($_POST['shortmsg'])) { $display = COM_showMessageText($LANG08[22]) . mailstoryform($sid, $cc, COM_applyFilter($_POST['to']), @@ -605,26 +590,24 @@ function mailstoryform ($sid, $cc=false, $to = '', $toemail = '', $from = '', break; default: - if (isset ($_GET['uid'])) { - $uid = COM_applyFilter ($_GET['uid'], true); + if (isset($_GET['uid'])) { + $uid = COM_applyFilter($_GET['uid'], true); } else { $uid = 0; } if ($uid > 1) { $subject = ''; - if (isset ($_GET['subject'])) { - $subject = strip_tags ($_GET['subject']); - $subject = substr ($subject, 0, strcspn ($subject, "\r\n")); - $subject = htmlspecialchars (trim ($subject), ENT_QUOTES); + if (isset($_GET['subject'])) { + $subject = strip_tags($_GET['subject']); + $subject = substr($subject, 0, strcspn($subject, "\r\n")); + $subject = htmlspecialchars(trim($subject), ENT_QUOTES); } - $display = contactform ($uid, $_CONF['mail_cc_default'], $subject); + $display = contactform($uid, $_CONF['mail_cc_default'], $subject); $display = COM_createHTMLDocument($display, array('pagetitle' => $LANG04[81])); } else { - $display .= COM_refresh ($_CONF['site_url'] . '/index.php'); + $display .= COM_refresh($_CONF['site_url'] . '/index.php'); } break; } COM_output($display); - -?> diff --git a/public_html/search.php b/public_html/search.php index 3e6aac38b..fc6fd90d3 100644 --- a/public_html/search.php +++ b/public_html/search.php @@ -2,7 +2,7 @@ /* Reminder: always indent with 4 spaces (no tabs). */ // +---------------------------------------------------------------------------+ -// | Geeklog 2.0 | +// | Geeklog 2.1 | // +---------------------------------------------------------------------------+ // | search.php | // | | @@ -39,7 +39,7 @@ // Figure out topic to display TOPIC_getTopic(); -if (isset($_GET['mode']) && ($_GET['mode'] == 'search')) { +if (isset($_GET['mode']) && ($_GET['mode'] === 'search')) { $content = $searchObj->doSearch(); $display = COM_createHTMLDocument($content, array('pagetitle' => $LANG09[11])); } else { @@ -48,5 +48,3 @@ } COM_output($display); - -?> diff --git a/public_html/stats.php b/public_html/stats.php index 0c06f1f2f..e4ad1bd0b 100644 --- a/public_html/stats.php +++ b/public_html/stats.php @@ -2,7 +2,7 @@ /* Reminder: always indent with 4 spaces (no tabs). */ // +---------------------------------------------------------------------------+ -// | Geeklog 2.0 | +// | Geeklog 2.1 | // +---------------------------------------------------------------------------+ // | stats.php | // | | @@ -49,17 +49,27 @@ // Overall Site Statistics $header_arr = array( - array('text' => $LANG10[1], 'field' => 'title', 'header_class' => 'stats-header-title'), - array('text' => "", 'field' => 'stats', 'header_class' => 'stats-header-count', 'field_class' => 'stats-list-count'), + array( + 'text' => $LANG10[1], + 'field' => 'title', + 'header_class' => 'stats-header-title' + ), + array( + 'text' => '', + 'field' => 'stats', + 'header_class' => 'stats-header-count', + 'field_class' => 'stats-list-count' + ), ); $data_arr = array(); -$text_arr = array('has_menu' => false, - 'title' => $LANG10[1], - 'form_url' => $_CONF['site_url'] . '/stats.php' +$text_arr = array( + 'has_menu' => false, + 'title' => $LANG10[1], + 'form_url' => $_CONF['site_url'] . '/stats.php' ); -$totalhits = DB_getItem ($_TABLES['vars'], 'value', "name = 'totalhits'"); -$data_arr[] = array('title' => $LANG10[2], 'stats' => COM_NumberFormat ($totalhits)); +$totalhits = DB_getItem($_TABLES['vars'], 'value', "name = 'totalhits'"); +$data_arr[] = array('title' => $LANG10[2], 'stats' => COM_NumberFormat($totalhits)); if ($_CONF['lastlogin']) { // if we keep track of the last login date, count the number of users @@ -68,40 +78,41 @@ $sql['pgsql'] = "SELECT COUNT(*) AS count FROM {$_TABLES['users']} AS u,{$_TABLES['userinfo']} AS i WHERE (u.uid > 1) AND (u.uid = i.uid) AND (lastlogin <> '') AND (lastlogin::int4 >= date_part('epoch', INTERVAL '28 DAY'))"; $sql['mysql'] = "SELECT COUNT(*) AS count FROM {$_TABLES['users']} AS u,{$_TABLES['userinfo']} AS i WHERE (u.uid > 1) AND (u.uid = i.uid) AND (lastlogin <> '') AND (lastlogin >= UNIX_TIMESTAMP(DATE_SUB(NOW(), INTERVAL 28 DAY)))"; $sql['mssql'] = "SELECT COUNT(*) AS count FROM {$_TABLES['users']} AS u,{$_TABLES['userinfo']} AS i WHERE (u.uid > 1) AND (u.uid = i.uid) AND (lastlogin <> '') AND (lastlogin >= UNIX_TIMESTAMP(DATE_SUB(NOW(), INTERVAL 28 DAY)))"; - $result = DB_query ($sql); - list($active_users) = DB_fetchArray ($result); + $result = DB_query($sql); + list($active_users) = DB_fetchArray($result); } else { // otherwise, just count all users with status 'active' // (i.e. those that logged in at least once and have not been banned since) - $active_users = DB_count ($_TABLES['users'], 'status', 3); + $active_users = DB_count($_TABLES['users'], 'status', 3); $active_users--; // don't count the anonymous user account } -$data_arr[] = array('title' => $LANG10[27], 'stats' => COM_NumberFormat ($active_users)); +$data_arr[] = array('title' => $LANG10[27], 'stats' => COM_NumberFormat($active_users)); -$topicsql = COM_getTopicSql ('AND', 0, 'ta'); +$topicsql = COM_getTopicSql('AND', 0, 'ta'); -$id = array ('draft_flag', 'date'); -$values = array ('0', 'NOW()'); +$id = array('draft_flag', 'date'); +$values = array('0', 'NOW()'); $sql = "SELECT COUNT(DISTINCT sid) AS count, SUM(comments) AS ccount FROM {$_TABLES['stories']}, {$_TABLES['topic_assignments']} ta WHERE ta.type = 'article' AND ta.id = sid - AND (draft_flag = 0) AND (date <= NOW())" . COM_getPermSQL ('AND') . $topicsql; + AND (draft_flag = 0) AND (date <= NOW())" . COM_getPermSQL('AND') . $topicsql; -$result = DB_query ($sql); -$A = DB_fetchArray ($result); +$result = DB_query($sql); +$A = DB_fetchArray($result); if (empty ($A['ccount'])) { $A['ccount'] = 0; } -$data_arr[] = array('title' => $LANG10[3], - 'stats' => COM_NumberFormat ($A['count']) - . " (". COM_NumberFormat ($A['ccount']) . ")"); +$data_arr[] = array( + 'title' => $LANG10[3], + 'stats' => COM_NumberFormat($A['count']) . " (". COM_NumberFormat($A['ccount']) . ")" +); // new stats plugin API call $plg_stats = PLG_getPluginStats (3); -if (count ($plg_stats) > 0) { +if (count($plg_stats) > 0) { foreach ($plg_stats as $pstats) { - if (is_array ($pstats[0])) { + if (is_array($pstats[0])) { foreach ($pstats as $pmstats) { $data_arr[] = array('title' => $pmstats[0], 'stats' => $pmstats[1]); } @@ -111,7 +122,7 @@ } } -$display .= ADMIN_simpleList("", $header_arr, $text_arr, $data_arr); +$display .= ADMIN_simpleList('', $header_arr, $text_arr, $data_arr); // old stats plugin API call, for backward compatibilty $display .= PLG_getPluginStats (1); @@ -121,20 +132,30 @@ $sql = "SELECT sid,title,hits FROM {$_TABLES['stories']}, {$_TABLES['topic_assignments']} ta WHERE ta.type = 'article' AND ta.id = sid - AND (draft_flag = 0) AND (date <= NOW()) AND (Hits > 0)" . COM_getPermSQL ('AND') . $topicsql . " GROUP BY sid ORDER BY hits DESC LIMIT 10"; + AND (draft_flag = 0) AND (date <= NOW()) AND (Hits > 0)" . COM_getPermSQL('AND') . $topicsql . " GROUP BY sid ORDER BY hits DESC LIMIT 10"; $result = DB_query($sql); $nrows = DB_numRows($result); if ($nrows > 0) { $header_arr = array( - array('text' => $LANG10[8], 'field' => 'sid', 'header_class' => 'stats-header-title'), - array('text' => $LANG10[9], 'field' => 'hits', 'header_class' => 'stats-header-count', 'field_class' => 'stats-list-count'), + array( + 'text' => $LANG10[8], + 'field' => 'sid', + 'header_class' => 'stats-header-title' + ), + array( + 'text' => $LANG10[9], + 'field' => 'hits', + 'header_class' => 'stats-header-count', + 'field_class' => 'stats-list-count' + ), ); $data_arr = array(); - $text_arr = array('has_menu' => false, - 'title' => $LANG10[7], - 'form_url' => $_CONF['site_url'] . '/stats.php' + $text_arr = array( + 'has_menu' => false, + 'title' => $LANG10[7], + 'form_url' => $_CONF['site_url'] . '/stats.php' ); for ($i = 0; $i < $nrows; $i++) { @@ -142,11 +163,11 @@ $A['title'] = stripslashes(str_replace('$','$',$A['title'])); $A['sid'] = COM_createLink($A['title'], COM_buildUrl($_CONF['site_url'] . "/article.php?story={$A['sid']}")); - $A['hits'] = COM_NumberFormat ($A['hits']); + $A['hits'] = COM_NumberFormat($A['hits']); $data_arr[$i] = $A; } - $display .= ADMIN_simpleList("", $header_arr, $text_arr, $data_arr); + $display .= ADMIN_simpleList('', $header_arr, $text_arr, $data_arr); } else { $display .= COM_startBlock($LANG10[7]); $display .= $LANG10[10]; @@ -157,29 +178,39 @@ $sql = "SELECT sid,title,comments FROM {$_TABLES['stories']}, {$_TABLES['topic_assignments']} ta WHERE ta.type = 'article' AND ta.id = sid - AND (draft_flag = 0) AND (date <= NOW()) AND (comments > 0)" . COM_getPermSQL ('AND') . $topicsql . " ORDER BY comments DESC LIMIT 10"; + AND (draft_flag = 0) AND (date <= NOW()) AND (comments > 0)" . COM_getPermSQL('AND') . $topicsql . " ORDER BY comments DESC LIMIT 10"; $result = DB_query($sql); $nrows = DB_numRows($result); if ($nrows > 0) { $header_arr = array( - array('text' => $LANG10[8], 'field' => 'sid', 'header_class' => 'stats-header-title'), - array('text' => $LANG10[12], 'field' => 'comments', 'header_class' => 'stats-header-count', 'field_class' => 'stats-list-count'), + array( + 'text' => $LANG10[8], + 'field' => 'sid', + 'header_class' => 'stats-header-title' + ), + array( + 'text' => $LANG10[12], + 'field' => 'comments', + 'header_class' => 'stats-header-count', + 'field_class' => 'stats-list-count' + ), ); $data_arr = array(); - $text_arr = array('has_menu' => false, - 'title' => $LANG10[11], - 'form_url' => $_CONF['site_url'] . '/stats.php' + $text_arr = array( + 'has_menu' => false, + 'title' => $LANG10[11], + 'form_url' => $_CONF['site_url'] . '/stats.php' ); for ($i = 0; $i < $nrows; $i++) { $A = DB_fetchArray($result); $A['title'] = stripslashes(str_replace('$','$',$A['title'])); $A['sid'] = COM_createLink($A['title'], COM_buildUrl ($_CONF['site_url'] . "/article.php?story={$A['sid']}")); - $A['comments'] = COM_NumberFormat ($A['comments']); + $A['comments'] = COM_NumberFormat($A['comments']); $data_arr[$i] = $A; } - $display .= ADMIN_simpleList("", $header_arr, $text_arr, $data_arr); + $display .= ADMIN_simpleList('', $header_arr, $text_arr, $data_arr); } else { $display .= COM_startBlock($LANG10[11]); @@ -188,34 +219,43 @@ } // Top Ten Trackback Comments - if ($_CONF['trackback_enabled'] || $_CONF['pingback_enabled']) { $sql = "SELECT s.sid, s.title, COUNT(*) AS count FROM {$_TABLES['stories']} s,{$_TABLES['trackback']} AS t, {$_TABLES['topic_assignments']} ta WHERE ta.type = 'article' AND ta.id = s.sid - AND (s.draft_flag = 0) AND (s.date <= NOW()) AND (s.sid = t.sid) AND (t.type = 'article')" . COM_getPermSql ('AND') . $topicsql . " GROUP BY t.sid, s.sid, s.title ORDER BY count DESC LIMIT 10"; + AND (s.draft_flag = 0) AND (s.date <= NOW()) AND (s.sid = t.sid) AND (t.type = 'article')" . COM_getPermSQL('AND') . $topicsql . " GROUP BY t.sid, s.sid, s.title ORDER BY count DESC LIMIT 10"; - $result = DB_query ($sql); - $nrows = DB_numRows ($result); + $result = DB_query($sql); + $nrows = DB_numRows($result); if ($nrows > 0) { $header_arr = array( - array('text' => $LANG10[8], 'field' => 'sid', 'header_class' => 'stats-header-title'), - array('text' => $LANG10[12], 'field' => 'count', 'header_class' => 'stats-header-count', 'field_class' => 'stats-list-count'), + array( + 'text' => $LANG10[8], + 'field' => 'sid', + 'header_class' => 'stats-header-title' + ), + array( + 'text' => $LANG10[12], + 'field' => 'count', + 'header_class' => 'stats-header-count', + 'field_class' => 'stats-list-count' + ), ); $data_arr = array(); - $text_arr = array('has_menu' => false, - 'title' => $LANG10[25], - 'form_url' => $_CONF['site_url'] . '/stats.php' + $text_arr = array( + 'has_menu' => false, + 'title' => $LANG10[25], + 'form_url' => $_CONF['site_url'] . '/stats.php' ); for ($i = 0; $i < $nrows; $i++) { - $A = DB_fetchArray ($result); + $A = DB_fetchArray($result); $A['title'] = stripslashes(str_replace('$','$',$A['title'])); $A['sid'] = COM_createLink($A['title'], COM_buildUrl ($_CONF['site_url'] . "/article.php?story={$A['sid']}")); - $A['count'] = COM_NumberFormat ($A['count']); + $A['count'] = COM_NumberFormat($A['count']); $data_arr[$i] = $A; } - $display .= ADMIN_simpleList("", $header_arr, $text_arr, $data_arr); + $display .= ADMIN_simpleList('', $header_arr, $text_arr, $data_arr); } else { $display .= COM_startBlock($LANG10[25]); @@ -228,31 +268,41 @@ $sql = "SELECT sid,title,numemails FROM {$_TABLES['stories']}, {$_TABLES['topic_assignments']} ta WHERE ta.type = 'article' AND ta.id = sid - AND (numemails > 0) AND (draft_flag = 0) AND (date <= NOW())" . COM_getPermSQL ('AND') . $topicsql . " ORDER BY numemails DESC LIMIT 10"; + AND (numemails > 0) AND (draft_flag = 0) AND (date <= NOW())" . COM_getPermSQL('AND') . $topicsql . " ORDER BY numemails DESC LIMIT 10"; $result = DB_query($sql); $nrows = DB_numRows($result); if ($nrows > 0) { $header_arr = array( - array('text' => $LANG10[8], 'field' => 'sid', 'header_class' => 'stats-header-title'), - array('text' => $LANG10[23], 'field' => 'numemails', 'header_class' => 'stats-header-count', 'field_class' => 'stats-list-count'), + array( + 'text' => $LANG10[8], + 'field' => 'sid', + 'header_class' => 'stats-header-title' + ), + array( + 'text' => $LANG10[23], + 'field' => 'numemails', + 'header_class' => 'stats-header-count', + 'field_class' => 'stats-list-count' + ), ); $data_arr = array(); - $text_arr = array('has_menu' => false, - 'title' => $LANG10[22], - 'form_url' => $_CONF['site_url'] . '/stats.php' + $text_arr = array( + 'has_menu' => false, + 'title' => $LANG10[22], + 'form_url' => $_CONF['site_url'] . '/stats.php' ); for ($i = 0; $i < $nrows; $i++) { $A = DB_fetchArray($result); $A['title'] = stripslashes(str_replace('$','$',$A['title'])); $A['sid'] = COM_createLink($A['title'], COM_buildUrl ($_CONF['site_url'] . "/article.php?story={$A['sid']}")); - $A['numemails'] = COM_NumberFormat ($A['numemails']); + $A['numemails'] = COM_NumberFormat($A['numemails']); $data_arr[$i] = $A; } - $display .= ADMIN_simpleList("", $header_arr, $text_arr, $data_arr); + $display .= ADMIN_simpleList('', $header_arr, $text_arr, $data_arr); } else { $display .= COM_startBlock($LANG10[22]); $display .= $LANG10[24]; @@ -264,5 +314,3 @@ $display = COM_createHTMLDocument($display, array('pagetitle' => $LANG10[1])); COM_output($display); - -?> diff --git a/public_html/submit.php b/public_html/submit.php index 15a982b87..b2e76cd9e 100644 --- a/public_html/submit.php +++ b/public_html/submit.php @@ -2,7 +2,7 @@ /* Reminder: always indent with 4 spaces (no tabs). */ // +---------------------------------------------------------------------------+ -// | Geeklog 1.6 | +// | Geeklog 2.1 | // +---------------------------------------------------------------------------+ // | submit.php | // | | @@ -58,9 +58,8 @@ function submissionform($type = 'story', $mode = '') $retval = ''; - COM_clearSpeedlimit ($_CONF['speedlimit'], 'submit'); - - $last = COM_checkSpeedlimit ('submit'); + COM_clearSpeedlimit($_CONF['speedlimit'], 'submit'); + $last = COM_checkSpeedlimit('submit'); if ($last > 0) { $retval .= COM_showMessageText($LANG12[30] . $last . $LANG12[31], $LANG12[26]); @@ -74,11 +73,11 @@ function submissionform($type = 'story', $mode = '') . $LANG12[9] . COM_endBlock(); - if ((strlen($type) > 0) && ($type <> 'story')) { + if ((strlen($type) > 0) && ($type !== 'story')) { $formresult = PLG_showSubmitForm($type); if ($formresult == false) { - COM_errorLog("Someone tried to submit an item to the $type-plugin, which cannot be found.", 1); - COM_displayMessageAndAbort (79, '', 410, 'Gone'); + COM_errorLog("Someone tried to submit an item to the {$type}-plugin, which cannot be found.", 1); + COM_displayMessageAndAbort(79, '', 410, 'Gone'); } else { $retval .= $formresult; } @@ -106,12 +105,11 @@ function submitstory() $story = new Story(); - if( isset( $_POST['mode'] ) && ( $_POST['mode'] == $LANG12[32] ) ) - { + if (isset($_POST['mode']) && ($_POST['mode'] == $LANG12[32])) { // preview $story->loadSubmission(); $retval .= COM_startBlock($LANG12[32]) - . STORY_renderArticle ($story, 'p') + . STORY_renderArticle($story, 'p') . COM_endBlock(); } else { $story->initSubmission(); @@ -120,42 +118,37 @@ function submitstory() $storyform = COM_newTemplate($_CONF['path_layout'] . 'submit'); if ($_CONF['advanced_editor'] && $_USER['advanced_editor']) { $storyform->set_file('storyform','submitstory_advanced.thtml'); - $storyform->set_var ('change_editormode', 'onchange="change_editmode(this);"'); - $storyform->set_var ('lang_expandhelp', $LANG24[67]); - $storyform->set_var ('lang_reducehelp', $LANG24[68]); - - if (COM_isAnonUser()) { - $link_message = ""; - } else { - $link_message = $LANG01[138]; - } + $storyform->set_var('change_editormode', 'onchange="change_editmode(this);"'); + $storyform->set_var('lang_expandhelp', $LANG24[67]); + $storyform->set_var('lang_reducehelp', $LANG24[68]); + $link_message = COM_isAnonUser() ? '' : $LANG01[138]; $storyform->set_var('noscript', COM_getNoScript(false, '', $link_message)); // Setup Advanced Editor COM_setupAdvancedEditor('/javascript/submitstory_adveditor.js'); - if ($story->EditElements('postmode') == 'html') { - $storyform->set_var ('show_texteditor', 'none'); - $storyform->set_var ('show_htmleditor', ''); + if ($story->EditElements('postmode') === 'html') { + $storyform->set_var('show_texteditor', 'none'); + $storyform->set_var('show_htmleditor', ''); } else { - $storyform->set_var ('show_texteditor', ''); - $storyform->set_var ('show_htmleditor', 'none'); + $storyform->set_var('show_texteditor', ''); + $storyform->set_var('show_htmleditor', 'none'); } } else { $storyform->set_file('storyform','submitstory.thtml'); - if ($story->EditElements('postmode') == 'html') { - $storyform->set_var ('show_texteditor', 'none'); - $storyform->set_var ('show_htmleditor', ''); + if ($story->EditElements('postmode') === 'html') { + $storyform->set_var('show_texteditor', 'none'); + $storyform->set_var('show_htmleditor', ''); } else { - $storyform->set_var ('show_texteditor', ''); - $storyform->set_var ('show_htmleditor', 'none'); + $storyform->set_var('show_texteditor', ''); + $storyform->set_var('show_htmleditor', 'none'); } } - $storyform->set_var ('lang_username', $LANG12[27]); + $storyform->set_var('lang_username', $LANG12[27]); if (! COM_isAnonUser()) { $storyform->set_var('story_username', $_USER['username']); - $storyform->set_var('author', COM_getDisplayName ()); + $storyform->set_var('author', COM_getDisplayName()); $storyform->set_var('status_url', $_CONF['site_url'] . '/users.php?mode=logout'); $storyform->set_var('lang_loginout', $LANG12[34]); @@ -170,7 +163,7 @@ function submitstory() COM_createLink( $LANG12[53], $_CONF['site_url'] . '/users.php?mode=new', - array('rel'=>"nofollow") + array('rel' => 'nofollow') ) ); } @@ -195,8 +188,10 @@ function submitstory() $storyform->set_var('story_bodytext', $story->EditElements('bodytext')); $storyform->set_var('lang_postmode', $LANG12[36]); $postmode = $story->EditElements('postmode'); - $storyform->set_var('story_postmode_options', - COM_optionList($_TABLES['postmodes'], 'code,name', $postmode)); + $storyform->set_var( + 'story_postmode_options', + COM_optionList($_TABLES['postmodes'], 'code,name', $postmode) + ); $allowed_html = ''; foreach (array('plaintext', 'html') as $pm) { $allowed_html .= COM_allowedHTML('story.edit', false, 1, $pm); @@ -211,9 +206,10 @@ function submitstory() PLG_templateSetVars('story', $storyform); if (($_CONF['skip_preview'] == 1) || (isset($_POST['mode']) && ($_POST['mode'] == $LANG12[32]))) { - $storyform->set_var('save_button', - ''); + $storyform->set_var( + 'save_button', + '' + ); } $retval .= COM_startBlock($LANG12[6],'submitstory.html'); @@ -235,14 +231,14 @@ function sendNotification ($table, $story) { global $_CONF, $_TABLES, $LANG01, $LANG08, $LANG24, $LANG29, $LANG_ADMIN; - $title = COM_undoSpecialChars( $story->displayElements('title') ); - $introtext = COM_undoSpecialChars( $story->displayElements('introtext') . "\n" . $story->displayElements('bodytext') ); - if ($story->_postmode == 'html') { + $title = COM_undoSpecialChars($story->displayElements('title')); + $introtext = COM_undoSpecialChars($story->displayElements('introtext') . "\n" . $story->displayElements('bodytext')); + if ($story->_postmode === 'html') { $introtext = strip_tags($introtext); } else { $introtext = str_replace('', "\n", $introtext); } - $storyauthor = COM_getDisplayName( $story->displayelements('uid') ); + $storyauthor = COM_getDisplayName($story->displayelements('uid') ); $topic = TOPIC_getTopicAdminColumn('article', $story->getSid()); $mailbody = "$LANG08[31]: {$title}\n" . "$LANG24[7]: {$storyauthor}\n" @@ -251,7 +247,7 @@ function sendNotification ($table, $story) if ($_CONF['emailstorieslength'] > 0) { if ($_CONF['emailstorieslength'] > 1) { - $introtext = MBYTE_substr ($introtext, 0, + $introtext = MBYTE_substr($introtext, 0, $_CONF['emailstorieslength']) . '...'; } $mailbody .= $introtext . "\n\n"; @@ -259,8 +255,9 @@ function sendNotification ($table, $story) if ($table == $_TABLES['storysubmission']) { $mailbody .= "$LANG01[10] <{$_CONF['site_admin_url']}/moderation.php>\n\n"; } else { - $articleUrl = COM_buildUrl ($_CONF['site_url'] - . '/article.php?story=' . $story->getSid() ); + $articleUrl = COM_buildUrl($_CONF['site_url'] + . '/article.php?story=' . $story->getSid() + ); $mailbody .= $LANG08[33] . ' <' . $articleUrl . ">\n\n"; } $mailsubject = $_CONF['site_name'] . ' ' . $LANG29[35]; @@ -268,7 +265,7 @@ function sendNotification ($table, $story) $mailbody .= "\n$LANG08[34]\n"; $mailbody .= "\n------------------------------\n"; - COM_mail ($_CONF['site_mail'], $mailsubject, $mailbody); + COM_mail($_CONF['site_mail'], $mailsubject, $mailbody); } /** @@ -288,33 +285,28 @@ function savestory ($A) $story->loadSubmission(); // pseudo-formatted story text for the spam check - $result = PLG_checkforSpam ($story->GetSpamCheckFormat(), $_CONF['spamx']); - if ($result > 0) - { - COM_updateSpeedlimit ('submit'); - COM_displayMessageAndAbort ($result, 'spamx', 403, 'Forbidden'); + $result = PLG_checkforSpam($story->GetSpamCheckFormat(), $_CONF['spamx']); + if ($result > 0) { + COM_updateSpeedlimit('submit'); + COM_displayMessageAndAbort($result, 'spamx', 403, 'Forbidden'); } - COM_updateSpeedlimit ('submit'); + COM_updateSpeedlimit('submit'); $result = $story->saveSubmission(); - if( $result == STORY_NO_ACCESS_TOPIC ) - { + if ($result == STORY_NO_ACCESS_TOPIC) { // user doesn't have access to this topic - bail - $retval = COM_refresh ($_CONF['site_url'] . '/index.php'); - } elseif( ( $result == STORY_SAVED ) || ( $result == STORY_SAVED_SUBMISSION ) ) { - if (isset ($_CONF['notification']) && - in_array ('story', $_CONF['notification'])) - { + $retval = COM_refresh($_CONF['site_url'] . '/index.php'); + } elseif (($result == STORY_SAVED ) || ( $result == STORY_SAVED_SUBMISSION )) { + if (isset($_CONF['notification']) && in_array('story', $_CONF['notification'])) { sendNotification ($_TABLES['storysubmission'], $story); } - if( $result == STORY_SAVED ) - { - $retval = COM_refresh( COM_buildUrl( $_CONF['site_url'] + if ($result == STORY_SAVED) { + $retval = COM_refresh(COM_buildUrl( $_CONF['site_url'] . '/article.php?story=' . $story->getSid() ) ); } else { - $retval = COM_refresh( $_CONF['site_url'] . '/index.php?msg=2' ); + $retval = COM_refresh($_CONF['site_url'] . '/index.php?msg=2' ); } } @@ -332,9 +324,8 @@ function savesubmission($type, $A) { global $_CONF, $_TABLES, $LANG12; - COM_clearSpeedlimit ($_CONF['speedlimit'], 'submit'); - - $last = COM_checkSpeedlimit ('submit'); + COM_clearSpeedlimit($_CONF['speedlimit'], 'submit'); + $last = COM_checkSpeedlimit('submit'); if ($last > 0) { $retval = COM_showMessageText($LANG12[30] . $last . $LANG12[31], $LANG12[26]); @@ -343,23 +334,23 @@ function savesubmission($type, $A) return $retval; } - if (!empty ($type) && ($type != 'story')) { + if (!empty($type) && ($type !== 'story')) { // Update the submitspeedlimit for user - assuming Plugin approves // submission record - COM_updateSpeedlimit ('submit'); + COM_updateSpeedlimit('submit'); // see if this is a submission that needs to be handled by a plugin // and should include its own redirect - $retval = PLG_saveSubmission ($type, $A); + $retval = PLG_saveSubmission($type, $A); if ($retval === false) { - COM_errorLog ("Could not save your submission. Bad type: $type"); - } elseif (empty ($retval)) { + COM_errorLog("Could not save your submission. Bad type: $type"); + } elseif (empty($retval)) { // plugin should include its own redirect - but in case handle // it here and redirect to the main page PLG_submissionSaved($type); - return COM_refresh ($_CONF['site_url'] . '/index.php'); + return COM_refresh($_CONF['site_url'] . '/index.php'); } else { PLG_submissionSaved($type); @@ -370,7 +361,6 @@ function savesubmission($type, $A) if (!empty($A['title']) && !empty($A['introtext']) && TOPIC_checkTopicSelectionControl()) { $retval = savestory ($A); - PLG_submissionSaved($type); } else { $retval = COM_showMessageText($LANG12[23], $LANG12[22]) // return missing fields error @@ -395,40 +385,40 @@ function savesubmission($type, $A) } $mode = ''; -if (isset ($_REQUEST['mode'])) { - $mode = COM_applyFilter ($_REQUEST['mode']); +if (isset($_REQUEST['mode'])) { + $mode = COM_applyFilter($_REQUEST['mode']); } // Get last topic TOPIC_getTopic(); -if (($mode == $LANG12[8]) && !empty ($LANG12[8])) { // submit +if (($mode == $LANG12[8]) && !empty($LANG12[8])) { // submit if (COM_isAnonUser() && (($_CONF['loginrequired'] == 1) || ($_CONF['submitloginrequired'] == 1))) { - $display = COM_refresh ($_CONF['site_url'] . '/index.php'); + $display = COM_refresh($_CONF['site_url'] . '/index.php'); } else { - if ($type == 'story') { - $msg = PLG_itemPreSave ($type, $_POST); - if (!empty ($msg)) { + if ($type === 'story') { + $msg = PLG_itemPreSave($type, $_POST); + if (!empty($msg)) { $_POST['mode'] = $LANG12[32]; - $display = COM_errorLog ($msg, 2) . submitstory(); + $display = COM_errorLog($msg, 2) . submitstory(); $display = COM_createHTMLDocument($display, array('pagetitle' => $pagetitle)); COM_output($display); exit; } } - $display .= savesubmission ($type, $_POST); + $display .= savesubmission($type, $_POST); } } else { - if ((strlen ($type) > 0) && ($type <> 'story')) { - if (SEC_hasRights ("$type.edit") || - SEC_hasRights ("$type.admin")) { - echo COM_refresh ($_CONF['site_admin_url'] + if ((strlen($type) > 0) && ($type !== 'story')) { + if (SEC_hasRights("$type.edit") || + SEC_hasRights("$type.admin")) { + echo COM_refresh($_CONF['site_admin_url'] . "/plugins/$type/index.php?mode=edit"); exit; } - } elseif (SEC_hasRights ('story.edit')) { - echo COM_refresh ($_CONF['site_admin_url'] + } elseif (SEC_hasRights('story.edit')) { + echo COM_refresh($_CONF['site_admin_url'] . '/story.php?mode=edit'); exit; } @@ -437,15 +427,22 @@ function savesubmission($type, $A) case 'story': $pagetitle = $LANG12[6]; break; + default: $pagetitle = ''; break; } + $noindex = '' . LB; $display .= submissionform($type, $mode); - $display = COM_createHTMLDocument($display, array('pagetitle' => $pagetitle, 'headercode' => $noindex)); + $display = COM_createHTMLDocument( + $display, + array( + 'pagetitle' => $pagetitle, + 'headercode' => $noindex + ) + ); } COM_output($display); -?> diff --git a/public_html/switchlang.php b/public_html/switchlang.php index 4112a883b..6f57cb81a 100644 --- a/public_html/switchlang.php +++ b/public_html/switchlang.php @@ -2,7 +2,7 @@ /* Reminder: always indent with 4 spaces (no tabs). */ // +---------------------------------------------------------------------------+ -// | Geeklog 1.5 | +// | Geeklog 2.1 | // +---------------------------------------------------------------------------+ // | switchlang.php | // | | @@ -50,7 +50,7 @@ function switch_language($url, $newlang, $oldlang) $retval = ''; if (empty($newlang) || empty($oldlang) || - (strlen($newlang) != strlen($oldlang))) { + (strlen($newlang) !== strlen($oldlang))) { return $url; } @@ -63,17 +63,13 @@ function switch_language($url, $newlang, $oldlang) $q = strpos($url, '?'); if ($q === false) { $url_rewrite = true; - } elseif (substr($url, $q - 4, 4) != '.php') { + } elseif (substr($url, $q - 4, 4) !== '.php') { $url_rewrite = true; } } if ($url_rewrite) { - if ($q === false) { - $the_url = $url; - } else { - $the_url = substr($url, 0, $q); - } + $the_url = ($q === false) ? $url : substr($url, 0, $q); // for "rewritten" URLs we assume that the first parameter after // the script name is the ID, e.g. /article.php/story-id-here_en @@ -81,10 +77,10 @@ function switch_language($url, $newlang, $oldlang) $p = explode('/', $the_url); $parts = count($p); for ($i = 0; $i < $parts; $i++) { - if (substr($p[$i], -4) == '.php') { + if (substr($p[$i], -4) === '.php') { // found the script name - assume next parameter is the ID if (isset($p[$i + 1])) { - if (substr($p[$i + 1], -($lang_len + 1)) == '_' . $oldlang) { + if (substr($p[$i + 1], -($lang_len + 1)) === '_' . $oldlang) { $p[$i + 1] = substr_replace($p[$i + 1], $newlang, -$lang_len); $changed = true; @@ -114,7 +110,7 @@ function switch_language($url, $newlang, $oldlang) $extra_vars = ''; } - if (substr($urlpart, -($lang_len + 1)) == '_' . $oldlang) { + if (substr($urlpart, -($lang_len + 1)) === '_' . $oldlang) { $urlpart = substr_replace($urlpart, $newlang, -$lang_len); } @@ -124,7 +120,6 @@ function switch_language($url, $newlang, $oldlang) return $retval; } - // MAIN $ret_url = ''; if (isset($_SERVER['HTTP_REFERER'])) { @@ -135,7 +130,6 @@ function switch_language($url, $newlang, $oldlang) // if not allowed, just ignore and return if ($_CONF['allow_user_language'] == 1) { - COM_setArgNames(array('lang')); $lang = strtolower(COM_applyFilter(COM_getArgument('lang'))); @@ -144,11 +138,9 @@ function switch_language($url, $newlang, $oldlang) // do we really have a new language to switch to? if (!empty($lang) && array_key_exists($lang, $_CONF['language_files'])) { - // does such a language file exist? $langfile = $_CONF['language_files'][$lang]; if (is_file($_CONF['path_language'] . $langfile . '.php')) { - // Set the language cookie. // Mainly used for anonymous users so the rest of their session // will remain in the selected language @@ -175,5 +167,3 @@ function switch_language($url, $newlang, $oldlang) } header("Location: $ret_url"); - -?> diff --git a/public_html/trackback.php b/public_html/trackback.php index 65dba2b6c..5b92ade91 100644 --- a/public_html/trackback.php +++ b/public_html/trackback.php @@ -2,7 +2,7 @@ /* Reminder: always indent with 4 spaces (no tabs). */ // +---------------------------------------------------------------------------+ -// | Geeklog 1.3 | +// | Geeklog 2.1 | // +---------------------------------------------------------------------------+ // | trackback.php | // | | @@ -31,44 +31,44 @@ // // $Id: trackback.php,v 1.9 2005/12/17 16:34:28 dhaun Exp $ -require_once ('lib-common.php'); -require_once ($_CONF['path_system'] . 'lib-trackback.php'); +require_once 'lib-common.php'; +require_once $_CONF['path_system'] . 'lib-trackback.php'; // Note: Error messages are hard-coded in English since there is no way of // knowing which language the sender of the trackback ping may prefer. -$TRB_ERROR = array ( - 'not_enabled' => 'Trackback not enabled.', - 'illegal_request' => 'Illegal request.', - 'no_access' => 'You do not have access to this entry.' +$TRB_ERROR = array( + 'not_enabled' => 'Trackback not enabled.', + 'illegal_request' => 'Illegal request.', + 'no_access' => 'You do not have access to this entry.' ); if (!$_CONF['trackback_enabled']) { - TRB_sendTrackbackResponse (1, $TRB_ERROR['not_enabled']); + TRB_sendTrackbackResponse(1, $TRB_ERROR['not_enabled']); exit; } -if (isset ($_SERVER['REQUEST_METHOD'])) { +if (isset($_SERVER['REQUEST_METHOD'])) { // Trackbacks are only allowed as POST requests - if ($_SERVER['REQUEST_METHOD'] != 'POST') { - header ('Allow: POST'); - COM_displayMessageAndAbort (75, '', 405, 'Method Not Allowed'); + if ($_SERVER['REQUEST_METHOD'] !== 'POST') { + header('Allow: POST'); + COM_displayMessageAndAbort(75, '', 405, 'Method Not Allowed'); } } -COM_setArgNames (array ('id', 'type')); -$id = COM_applyFilter (COM_getArgument ('id')); -$type = COM_applyFilter (COM_getArgument ('type')); +COM_setArgNames(array('id', 'type')); +$id = COM_applyFilter(COM_getArgument('id')); +$type = COM_applyFilter(COM_getArgument('type')); -if (empty ($id)) { - TRB_sendTrackbackResponse (1, $TRB_ERROR['illegal_request']); +if (empty($id)) { + TRB_sendTrackbackResponse(1, $TRB_ERROR['illegal_request']); exit; } -if (empty ($type)) { +if (empty($type)) { $type = 'article'; } -if ($type == 'article') { +if ($type === 'article') { // check if they have access to this story $sid = DB_escapeString($id); @@ -77,22 +77,20 @@ . COM_getPermSql('AND') . " AND ta.type = 'article' AND ta.id = sid AND ta.tdefault = 1 " . COM_getTopicSql('AND', 0 , 'ta'); $result = DB_query($sql); - if (DB_numRows ($result) == 1) { - $A = DB_fetchArray ($result); + if (DB_numRows($result) == 1) { + $A = DB_fetcharray($result); if ($A['trackbackcode'] == 0) { - TRB_handleTrackbackPing ($id, $type); + TRB_handleTrackbackPing($id, $type); } else { - TRB_sendTrackbackResponse (1, $TRB_ERROR['no_access']); + TRB_sendTrackbackResponse(1, $TRB_ERROR['no_access']); } } else { - TRB_sendTrackbackResponse (1, $TRB_ERROR['no_access']); + TRB_sendTrackbackResponse(1, $TRB_ERROR['no_access']); } -} else if (PLG_handlePingComment ($type, $id, 'acceptByID') === true) { - TRB_handleTrackbackPing ($id, $type); +} elseif (PLG_handlePingComment ($type, $id, 'acceptByID') === true) { + TRB_handleTrackbackPing($id, $type); } else { - TRB_sendTrackbackResponse (1, $TRB_ERROR['no_access']); + TRB_sendTrackbackResponse(1, $TRB_ERROR['no_access']); } // no output here - -?> diff --git a/public_html/users.php b/public_html/users.php index 6b631f16b..221485856 100644 --- a/public_html/users.php +++ b/public_html/users.php @@ -2,7 +2,7 @@ /* Reminder: always indent with 4 spaces (no tabs). */ // +---------------------------------------------------------------------------+ -// | Geeklog 1.8 | +// | Geeklog 2.1 | // +---------------------------------------------------------------------------+ // | users.php | // | | @@ -64,7 +64,7 @@ * @return string Optionally returns the HTML for the default form if the user info can't be found * */ -function emailpassword ($username, $msg = 0) +function emailpassword($username, $msg = 0) { global $_CONF, $_TABLES, $LANG04; @@ -72,23 +72,22 @@ function emailpassword ($username, $msg = 0) $username = DB_escapeString($username); // don't retrieve any remote users! - $result = DB_query ("SELECT uid,email,status FROM {$_TABLES['users']} WHERE username = '$username' AND ((remoteservice is null) OR (remoteservice = ''))"); - $nrows = DB_numRows ($result); + $result = DB_query("SELECT uid,email,status FROM {$_TABLES['users']} WHERE username = '$username' AND ((remoteservice is null) OR (remoteservice = ''))"); + $nrows = DB_numRows($result); if ($nrows == 1) { - $A = DB_fetchArray ($result); - if (($_CONF['usersubmission'] == 1) && ($A['status'] == USER_ACCOUNT_AWAITING_APPROVAL)) - { - return COM_refresh ($_CONF['site_url'] . '/index.php?msg=48'); + $A = DB_fetchArray($result); + if (($_CONF['usersubmission'] == 1) && ($A['status'] == USER_ACCOUNT_AWAITING_APPROVAL)) { + return COM_refresh($_CONF['site_url'] . '/index.php?msg=48'); } - $mailresult = USER_createAndSendPassword ($username, $A['email'], $A['uid']); + $mailresult = USER_createAndSendPassword($username, $A['email'], $A['uid']); if ($mailresult == false) { - $retval = COM_refresh ("{$_CONF['site_url']}/index.php?msg=85"); - } else if ($msg) { - $retval = COM_refresh ("{$_CONF['site_url']}/index.php?msg=$msg"); + $retval = COM_refresh("{$_CONF['site_url']}/index.php?msg=85"); + } elseif ($msg) { + $retval = COM_refresh("{$_CONF['site_url']}/index.php?msg=$msg"); } else { - $retval = COM_refresh ("{$_CONF['site_url']}/index.php?msg=1"); + $retval = COM_refresh("{$_CONF['site_url']}/index.php?msg=1"); } } else { $retval = COM_createHTMLDocument(defaultform($LANG04[17]), array('pagetitle' => $LANG04[17])); @@ -111,18 +110,18 @@ function requestpassword($username) $retval = ''; // no remote users! - $result = DB_query ("SELECT uid,email,passwd,status FROM {$_TABLES['users']} WHERE username = '$username' AND ((remoteservice IS NULL) OR (remoteservice=''))"); - $nrows = DB_numRows ($result); + $result = DB_query("SELECT uid,email,passwd,status FROM {$_TABLES['users']} WHERE username = '$username' AND ((remoteservice IS NULL) OR (remoteservice=''))"); + $nrows = DB_numRows($result); if ($nrows == 1) { - $A = DB_fetchArray ($result); + $A = DB_fetchArray($result); if (($_CONF['usersubmission'] == 1) && ($A['status'] == USER_ACCOUNT_AWAITING_APPROVAL)) { - return COM_refresh ($_CONF['site_url'] . '/index.php?msg=48'); + return COM_refresh($_CONF['site_url'] . '/index.php?msg=48'); } - $reqid = substr (md5 (uniqid (rand (), 1)), 1, 16); - DB_change ($_TABLES['users'], 'pwrequestid', "$reqid", + $reqid = substr(md5(uniqid(rand (), 1)), 1, 16); + DB_change($_TABLES['users'], 'pwrequestid', "$reqid", 'uid', $A['uid']); - $mailtext = sprintf ($LANG04[88], $username); + $mailtext = sprintf($LANG04[88], $username); $mailtext .= $_CONF['site_url'] . '/users.php?mode=newpwd&uid=' . $A['uid'] . '&rid=' . $reqid . "\n\n"; $mailtext .= $LANG04[89]; $mailtext .= "{$_CONF['site_name']}\n"; @@ -135,14 +134,14 @@ function requestpassword($username) } else { $mailfrom = $_CONF['site_mail']; } - if (COM_mail ($A['email'], $subject, $mailtext, $mailfrom)) { + if (COM_mail($A['email'], $subject, $mailtext, $mailfrom)) { $msg = 55; // message sent } else { $msg = 85; // problem sending the email } - $retval .= COM_refresh ($_CONF['site_url'] . "/index.php?msg=$msg"); - COM_updateSpeedlimit ('password'); + $retval .= COM_refresh($_CONF['site_url'] . "/index.php?msg=$msg"); + COM_updateSpeedlimit('password'); } else { $retval = COM_createHTMLDocument(defaultform($LANG04[17]), array('pagetitle' => $LANG04[17])); } @@ -163,22 +162,22 @@ function newpasswordform ($uid, $requestid) global $_CONF, $_TABLES, $LANG04; $pwform = COM_newTemplate($_CONF['path_layout'] . 'users'); - $pwform->set_file (array ('newpw' => 'newpassword.thtml')); + $pwform->set_file(array('newpw' => 'newpassword.thtml')); - $pwform->set_var ('user_id', $uid); - $pwform->set_var ('user_name', DB_getItem ($_TABLES['users'], 'username', + $pwform->set_var('user_id', $uid); + $pwform->set_var('user_name', DB_getItem($_TABLES['users'], 'username', "uid = '{$uid}'")); - $pwform->set_var ('request_id', $requestid); + $pwform->set_var('request_id', $requestid); - $pwform->set_var ('lang_explain', $LANG04[90]); - $pwform->set_var ('lang_username', $LANG04[2]); - $pwform->set_var ('lang_newpassword', $LANG04[4]); - $pwform->set_var ('lang_newpassword_conf', $LANG04[108]); - $pwform->set_var ('lang_setnewpwd', $LANG04[91]); + $pwform->set_var('lang_explain', $LANG04[90]); + $pwform->set_var('lang_username', $LANG04[2]); + $pwform->set_var('lang_newpassword', $LANG04[4]); + $pwform->set_var('lang_newpassword_conf', $LANG04[108]); + $pwform->set_var('lang_setnewpwd', $LANG04[91]); - $retval = COM_startBlock ($LANG04[92]); - $retval .= $pwform->finish ($pwform->parse ('output', 'newpw')); - $retval .= COM_endBlock (); + $retval = COM_startBlock($LANG04[92]); + $retval .= $pwform->finish($pwform->parse('output', 'newpw')); + $retval .= COM_endBlock(); return $retval; } @@ -194,36 +193,34 @@ function newpasswordform ($uid, $requestid) * @return string HTML for the form again if error occurs, otherwise nothing. * */ -function createuser ($username, $email, $email_conf) +function createuser($username, $email, $email_conf) { global $_CONF, $_TABLES, $LANG01, $LANG04; $retval = ''; - $username = trim ($username); - $email = trim ($email); - $email_conf = trim ($email_conf); + $username = trim($username); + $email = trim($email); + $email_conf = trim($email_conf); - if (!isset ($_CONF['disallow_domains'])) { + if (!isset($_CONF['disallow_domains'])) { $_CONF['disallow_domains'] = ''; } - if (COM_isEmail ($email) && !empty ($username) && ($email === $email_conf) + if (COM_isEmail ($email) && !empty($username) && ($email === $email_conf) && !USER_emailMatches ($email, $_CONF['disallow_domains']) - && (strlen ($username) <= 16)) { - - $ucount = DB_count ($_TABLES['users'], 'username', + && (strlen($username) <= 16)) { + $ucount = DB_count($_TABLES['users'], 'username', DB_escapeString($username)); - $ecount = DB_count ($_TABLES['users'], 'email', DB_escapeString($email)); - - if ($ucount == 0 AND $ecount == 0) { + $ecount = DB_count($_TABLES['users'], 'email', DB_escapeString($email)); + if (($ucount == 0) && ($ecount == 0)) { // For Geeklog, it would be okay to create this user now. But check // with a custom userform first, if one exists. if ($_CONF['custom_registration'] && - function_exists ('CUSTOM_userCheck')) { - $ret = CUSTOM_userCheck ($username, $email); - if (!empty ($ret)) { + function_exists('CUSTOM_userCheck')) { + $ret = CUSTOM_userCheck($username, $email); + if (!empty($ret)) { // no, it's not okay with the custom userform $retval = COM_createHTMLDocument(CUSTOM_userForm($ret['string'])); @@ -232,61 +229,60 @@ function_exists ('CUSTOM_userCheck')) { } // Let plugins have a chance to decide what to do before creating the user, return errors. - $msg = PLG_itemPreSave ('registration', $username); - if (!empty ($msg)) { - if ($_CONF['custom_registration'] && function_exists ('CUSTOM_userForm')) { - $retval .= CUSTOM_userForm ($msg); + $msg = PLG_itemPreSave('registration', $username); + if (!empty($msg)) { + if ($_CONF['custom_registration'] && function_exists('CUSTOM_userForm')) { + $retval .= CUSTOM_userForm($msg); } else { - $retval .= newuserform ($msg); + $retval .= newuserform($msg); } $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG04[22])); return $retval; } - $uid = USER_createAccount ($username, $email); + $uid = USER_createAccount($username, $email); if ($_CONF['usersubmission'] == 1) { - if (DB_getItem ($_TABLES['users'], 'status', "uid = $uid") + if (DB_getItem($_TABLES['users'], 'status', "uid = $uid") == USER_ACCOUNT_AWAITING_APPROVAL) { - $retval = COM_refresh ($_CONF['site_url'] + $retval = COM_refresh($_CONF['site_url'] . '/index.php?msg=48'); } else { - $retval = emailpassword ($username, 1); + $retval = emailpassword($username, 1); } } else { - $retval = emailpassword ($username, 1); + $retval = emailpassword($username, 1); } return $retval; } else { if ($_CONF['custom_registration'] && - function_exists ('CUSTOM_userForm')) { - $retval .= CUSTOM_userForm ($LANG04[19]); + function_exists('CUSTOM_userForm')) { + $retval .= CUSTOM_userForm($LANG04[19]); } else { - $retval .= newuserform ($LANG04[19]); + $retval .= newuserform($LANG04[19]); } $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG04[22])); } - } else if ($email !== $email_conf) { + } elseif ($email !== $email_conf) { $msg = $LANG04[125]; if ($_CONF['custom_registration'] && function_exists('CUSTOM_userForm')) { - $retval .= CUSTOM_userForm ($msg); + $retval .= CUSTOM_userForm($msg); } else { - $retval .= newuserform ($msg); + $retval .= newuserform($msg); } $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG04[22])); } else { // invalid username or email address - - if ((empty ($username)) || (strlen($username) > 16)) { + if ((empty($username)) || (strlen($username) > 16)) { $msg = $LANG01[32]; // invalid username } else { $msg = $LANG04[18]; // invalid email address } if ($_CONF['custom_registration'] && function_exists('CUSTOM_userForm')) { - $retval .= CUSTOM_userForm ($msg); + $retval .= CUSTOM_userForm($msg); } else { - $retval .= newuserform ($msg); + $retval .= newuserform($msg); } $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG04[22])); } @@ -339,13 +335,13 @@ function loginform($hide_forgotpw_link = false, $userstatus = -1) * @param string $referrer page to send user to after registration * @return string HTML for user registration page */ -function newuserform ($msg = '') +function newuserform($msg = '') { global $_CONF, $LANG04; $retval = ''; - if (!empty ($msg)) { + if (!empty($msg)) { $retval .= COM_showMessageText($msg, $LANG04[21]); } $user_templates = COM_newTemplate($_CONF['path_layout'] . 'users'); @@ -357,27 +353,26 @@ function newuserform ($msg = '') $user_templates->set_var('lang_email_conf', $LANG04[124]); $user_templates->set_var('lang_warning', $LANG04[24]); $user_templates->set_var('lang_register', $LANG04[27]); - PLG_templateSetVars ('registration', $user_templates); + PLG_templateSetVars('registration', $user_templates); $user_templates->set_var('end_block', COM_endBlock()); $username = ''; - if (!empty ($_POST['username'])) { - $username = COM_applyFilter ($_POST['username']); + if (!empty($_POST['username'])) { + $username = COM_applyFilter($_POST['username']); } - $user_templates->set_var ('username', $username); + $user_templates->set_var('username', $username); $email = ''; - if (!empty ($_POST['email'])) { - $email = COM_applyFilter ($_POST['email']); + if (!empty($_POST['email'])) { + $email = COM_applyFilter($_POST['email']); } - $user_templates->set_var ('email', $email); + $user_templates->set_var('email', $email); $email_conf = ''; - if (!empty ($_POST['email_conf'])) { - $email_conf = COM_applyFilter ($_POST['email_conf']); + if (!empty($_POST['email_conf'])) { + $email_conf = COM_applyFilter($_POST['email_conf']); } - $user_templates->set_var ('email_conf', $email_conf); - + $user_templates->set_var('email_conf', $email_conf); $user_templates->parse('output', 'regform'); $retval .= $user_templates->finish($user_templates->get_var('output')); @@ -535,12 +530,11 @@ function resend_request() } if (SECINT_checkToken() && !empty($method) && !empty($returnurl) && - ((($method == 'POST') && !empty($postdata)) || - (($method == 'GET') && !empty($getdata)))) { - + ((($method === 'POST') && !empty($postdata)) || + (($method === 'GET') && !empty($getdata)))) { $magic = get_magic_quotes_gpc(); $req = new HTTP_Request($returnurl); - if ($method == 'POST') { + if ($method === 'POST') { $req->setMethod(HTTP_REQUEST_METHOD_POST); $data = unserialize($postdata); foreach ($data as $key => $value) { @@ -603,7 +597,7 @@ function resend_request() } // MAIN -if (isset ($_REQUEST['mode'])) { +if (isset($_REQUEST['mode'])) { $mode = $_REQUEST['mode']; } else { $mode = ''; @@ -612,505 +606,500 @@ function resend_request() $display = ''; switch ($mode) { -case 'logout': - if (!empty ($_USER['uid']) AND $_USER['uid'] > 1) { - SESS_endUserSession ($_USER['uid']); - PLG_logoutUser ($_USER['uid']); - } - SEC_setCookie($_CONF['cookie_session'], '', time() - 10000); - SEC_setCookie($_CONF['cookie_password'], '', time() - 10000); - SEC_setCookie($_CONF['cookie_name'], '', time() - 10000); - $display = COM_refresh($_CONF['site_url'] . '/index.php?msg=8'); - break; - -case 'profile': - $uid = COM_applyFilter ($_GET['uid'], true); - if (is_numeric ($uid) && ($uid > 1)) { - $msg = 0; - if (isset($_GET['msg'])) { - $msg = COM_applyFilter($_GET['msg'], true); + case 'logout': + if (!empty($_USER['uid']) && ($_USER['uid'] > 1)) { + SESS_endUserSession($_USER['uid']); + PLG_logoutUser($_USER['uid']); } - $plugin = ''; - if (($msg > 0) && isset($_GET['plugin'])) { - $plugin = COM_applyFilter($_GET['plugin']); + SEC_setCookie($_CONF['cookie_session'], '', time() - 10000); + SEC_setCookie($_CONF['cookie_password'], '', time() - 10000); + SEC_setCookie($_CONF['cookie_name'], '', time() - 10000); + $display = COM_refresh($_CONF['site_url'] . '/index.php?msg=8'); + break; + + case 'profile': + $uid = COM_applyFilter($_GET['uid'], true); + if (is_numeric($uid) && ($uid > 1)) { + $msg = 0; + if (isset($_GET['msg'])) { + $msg = COM_applyFilter($_GET['msg'], true); + } + $plugin = ''; + if (($msg > 0) && isset($_GET['plugin'])) { + $plugin = COM_applyFilter($_GET['plugin']); + } + $display .= USER_showProfile($uid, false, $msg, $plugin); + } else { + COM_handle404(); } - $display .= USER_showProfile($uid, false, $msg, $plugin); - } else { - COM_handle404(); - } - break; - -case 'user': - $username = COM_applyFilter ($_GET['username']); - if (!empty ($username)) { - $username = DB_escapeString($username); - $uid = DB_getItem ($_TABLES['users'], 'uid', "username = '$username'"); - if ($uid > 1) { - $display .= USER_showProfile($uid); + break; + + case 'user': + $username = COM_applyFilter($_GET['username']); + if (!empty($username)) { + $username = DB_escapeString($username); + $uid = DB_getItem($_TABLES['users'], 'uid', "username = '$username'"); + if ($uid > 1) { + $display .= USER_showProfile($uid); + } else { + $display .= COM_refresh($_CONF['site_url'] . '/index.php'); + } } else { - $display .= COM_refresh ($_CONF['site_url'] . '/index.php'); + $display .= COM_refresh($_CONF['site_url'] . '/index.php'); } - } else { - $display .= COM_refresh ($_CONF['site_url'] . '/index.php'); - } - break; + break; -case 'create': - if ($_CONF['disable_new_user_registration']) { - $display .= COM_showMessageText($LANG04[122], $LANG04[22]); - $display = COM_createHTMLDocument($display, array('pagetitle' => $LANG04[22])); - } else { - $email = COM_applyFilter ($_POST['email']); - $email_conf = COM_applyFilter ($_POST['email_conf']); - $display .= createuser(COM_applyFilter ($_POST['username']), $email, $email_conf); - } - break; + case 'create': + if ($_CONF['disable_new_user_registration']) { + $display .= COM_showMessageText($LANG04[122], $LANG04[22]); + $display = COM_createHTMLDocument($display, array('pagetitle' => $LANG04[22])); + } else { + $email = COM_applyFilter($_POST['email']); + $email_conf = COM_applyFilter($_POST['email_conf']); + $display .= createuser(COM_applyFilter($_POST['username']), $email, $email_conf); + } + break; -case 'getpassword': - if ($_CONF['passwordspeedlimit'] == 0) { - $_CONF['passwordspeedlimit'] = 300; // 5 minutes - } - COM_clearSpeedlimit ($_CONF['passwordspeedlimit'], 'password'); - $last = COM_checkSpeedlimit ('password'); - if ($last > 0) { - $display .= COM_showMessageText( - sprintf($LANG04[93], $last, $_CONF['passwordspeedlimit']), - $LANG12[26] - ); - } else { - $display .= getpasswordform (); - } - $display = COM_createHTMLDocument($display, array('pagetitle' => $LANG04[25])); - break; - -case 'newpwd': - $uid = COM_applyFilter ($_GET['uid'], true); - $reqid = COM_applyFilter ($_GET['rid']); - if (!empty ($uid) && is_numeric ($uid) && ($uid > 0) && - !empty ($reqid) && (strlen ($reqid) == 16)) { - $valid = DB_count ($_TABLES['users'], array ('uid', 'pwrequestid'), - array ($uid, $reqid)); - if ($valid == 1) { - $display .= newpasswordform ($uid, $reqid); - $display = COM_createHTMLDocument($display, array('pagetitle' => $LANG04[92])); - } else { // request invalid or expired - $display .= COM_showMessage (54); - $display .= getpasswordform (); - $display = COM_createHTMLDocument($display, array('pagetitle' => $LANG04[25])); + case 'getpassword': + if ($_CONF['passwordspeedlimit'] == 0) { + $_CONF['passwordspeedlimit'] = 300; // 5 minutes } - } else { - // this request doesn't make sense - ignore it - $display = COM_refresh ($_CONF['site_url']); - } - break; - -case 'setnewpwd': - if ( (empty ($_POST['passwd'])) - or ($_POST['passwd'] != $_POST['passwd_conf']) ) { - $display = COM_refresh ($_CONF['site_url'] - . '/users.php?mode=newpwd&uid=' . $_POST['uid'] - . '&rid=' . $_POST['rid']); - } else { - $uid = COM_applyFilter ($_POST['uid'], true); - $reqid = COM_applyFilter ($_POST['rid']); - if (!empty ($uid) && is_numeric ($uid) && ($uid > 0) && - !empty ($reqid) && (strlen ($reqid) == 16)) { - $valid = DB_count ($_TABLES['users'], array ('uid', 'pwrequestid'), - array ($uid, $reqid)); + COM_clearSpeedlimit($_CONF['passwordspeedlimit'], 'password'); + $last = COM_checkSpeedlimit('password'); + if ($last > 0) { + $display .= COM_showMessageText( + sprintf($LANG04[93], $last, $_CONF['passwordspeedlimit']), + $LANG12[26] + ); + } else { + $display .= getpasswordform(); + } + $display = COM_createHTMLDocument($display, array('pagetitle' => $LANG04[25])); + break; + + case 'newpwd': + $uid = COM_applyFilter($_GET['uid'], true); + $reqid = COM_applyFilter($_GET['rid']); + if (!empty($uid) && is_numeric($uid) && ($uid > 0) && + !empty($reqid) && (strlen($reqid) == 16)) { + $valid = DB_count($_TABLES['users'], array('uid', 'pwrequestid'), + array($uid, $reqid)); if ($valid == 1) { - SEC_updateUserPassword($_POST['passwd'], $uid); - - DB_delete ($_TABLES['sessions'], 'uid', $uid); - DB_change ($_TABLES['users'], 'pwrequestid', "NULL", - 'uid', $uid); - $display = COM_refresh ($_CONF['site_url'] . '/users.php?msg=53'); + $display .= newpasswordform ($uid, $reqid); + $display = COM_createHTMLDocument($display, array('pagetitle' => $LANG04[92])); } else { // request invalid or expired - $display .= COM_showMessage (54); - $display .= getpasswordform (); + $display .= COM_showMessage(54); + $display .= getpasswordform(); $display = COM_createHTMLDocument($display, array('pagetitle' => $LANG04[25])); } } else { // this request doesn't make sense - ignore it - $display = COM_refresh ($_CONF['site_url']); + $display = COM_refresh($_CONF['site_url']); } - } - break; + break; + + case 'setnewpwd': + if ((empty($_POST['passwd'])) + || ($_POST['passwd'] != $_POST['passwd_conf'])) { + $display = COM_refresh($_CONF['site_url'] + . '/users.php?mode=newpwd&uid=' . $_POST['uid'] + . '&rid=' . $_POST['rid']); + } else { + $uid = COM_applyFilter($_POST['uid'], true); + $reqid = COM_applyFilter($_POST['rid']); + if (!empty($uid) && is_numeric($uid) && ($uid > 0) && + !empty($reqid) && (strlen($reqid) == 16)) { + $valid = DB_count($_TABLES['users'], array('uid', 'pwrequestid'), + array($uid, $reqid)); + if ($valid == 1) { + SEC_updateUserPassword($_POST['passwd'], $uid); + + DB_delete($_TABLES['sessions'], 'uid', $uid); + DB_change($_TABLES['users'], 'pwrequestid', "NULL", + 'uid', $uid); + $display = COM_refresh($_CONF['site_url'] . '/users.php?msg=53'); + } else { // request invalid or expired + $display .= COM_showMessage(54); + $display .= getpasswordform(); + $display = COM_createHTMLDocument($display, array('pagetitle' => $LANG04[25])); + } + } else { + // this request doesn't make sense - ignore it + $display = COM_refresh($_CONF['site_url']); + } + } + break; -case 'emailpasswd': - if ($_CONF['passwordspeedlimit'] == 0) { - $_CONF['passwordspeedlimit'] = 300; // 5 minutes - } - COM_clearSpeedlimit ($_CONF['passwordspeedlimit'], 'password'); - $last = COM_checkSpeedlimit ('password'); - if ($last > 0) { - $display .= COM_showMessageText( - sprintf($LANG04[93], $last, $_CONF['passwordspeedlimit']), - $LANG12[26] - ); - $display = COM_createHTMLDocument($display, array('pagetitle' => $LANG12[26])); - } else { - $username = COM_applyFilter ($_POST['username']); - $email = COM_applyFilter ($_POST['email']); - if (empty ($username) && !empty ($email)) { - $username = DB_getItem ($_TABLES['users'], 'username', - "email = '$email' AND ((remoteservice IS NULL) OR (remoteservice = ''))"); + case 'emailpasswd': + if ($_CONF['passwordspeedlimit'] == 0) { + $_CONF['passwordspeedlimit'] = 300; // 5 minutes } - if (!empty ($username)) { - $display .= requestpassword($username); + COM_clearSpeedlimit($_CONF['passwordspeedlimit'], 'password'); + $last = COM_checkSpeedlimit('password'); + if ($last > 0) { + $display .= COM_showMessageText( + sprintf($LANG04[93], $last, $_CONF['passwordspeedlimit']), + $LANG12[26] + ); + $display = COM_createHTMLDocument($display, array('pagetitle' => $LANG12[26])); } else { - $display = COM_refresh ($_CONF['site_url'] - . '/users.php?mode=getpassword'); + $username = COM_applyFilter($_POST['username']); + $email = COM_applyFilter($_POST['email']); + if (empty($username) && !empty($email)) { + $username = DB_getItem($_TABLES['users'], 'username', + "email = '$email' AND ((remoteservice IS NULL) OR (remoteservice = ''))"); + } + if (!empty($username)) { + $display .= requestpassword($username); + } else { + $display = COM_refresh($_CONF['site_url'] + . '/users.php?mode=getpassword'); + } } - } - break; + break; -case 'new': - if ($_CONF['disable_new_user_registration']) { - $display .= COM_showMessageText($LANG04[122], $LANG04[22]); - } else { - // Call custom registration and account record create function - // if enabled and exists - if ($_CONF['custom_registration'] AND (function_exists('CUSTOM_userForm'))) { - $display .= CUSTOM_userForm(); + case 'new': + if ($_CONF['disable_new_user_registration']) { + $display .= COM_showMessageText($LANG04[122], $LANG04[22]); } else { - $display .= newuserform(); + // Call custom registration and account record create function + // if enabled and exists + if ($_CONF['custom_registration'] && (function_exists('CUSTOM_userForm'))) { + $display .= CUSTOM_userForm(); + } else { + $display .= newuserform(); + } } - } - $display = COM_createHTMLDocument($display, array('pagetitle' => $LANG04[22])); + $display = COM_createHTMLDocument($display, array('pagetitle' => $LANG04[22])); + break; + + case 'tokenexpired': + // deliberate fallthrough (see below) + default: + // prevent dictionary attacks on passwords + COM_clearSpeedlimit($_CONF['login_speedlimit'], 'login'); + if (COM_checkSpeedlimit('login', $_CONF['login_attempts']) > 0) { + displayLoginErrorAndAbort(82, $LANG12[26], $LANG04[112]); + } - break; + $loginname = ''; + if (isset($_POST['loginname'])) { + $loginname = COM_applyFilter($_POST['loginname']); + } + $passwd = ''; + if (isset($_POST['passwd'])) { + $passwd = $_POST['passwd']; + } + $service = ''; + if (isset($_POST['service'])) { + $service = COM_applyFilter($_POST['service']); + } + $uid = ''; + if (!empty($loginname) && !empty($passwd) && empty($service)) { + if (empty($service) && $_CONF['user_login_method']['standard']) { + $status = SEC_authenticate($loginname, $passwd, $uid); + } else { + $status = -1; + } -case 'tokenexpired': -// deliberate fallthrough (see below) -default: + } elseif (($_CONF['usersubmission'] == 0) && $_CONF['user_login_method']['3rdparty'] && ($service != '')) { + /* Distributed Authentication */ + //pass $loginname by ref so we can change it ;-) + $status = SEC_remoteAuthentication($loginname, $passwd, $service, $uid); - // prevent dictionary attacks on passwords - COM_clearSpeedlimit($_CONF['login_speedlimit'], 'login'); - if (COM_checkSpeedlimit('login', $_CONF['login_attempts']) > 0) { - displayLoginErrorAndAbort(82, $LANG12[26], $LANG04[112]); - } + } elseif ($_CONF['user_login_method']['openid'] && + ($_CONF['usersubmission'] == 0) && + !$_CONF['disable_new_user_registration'] && + (isset($_GET['openid_login']) && ($_GET['openid_login'] == '1'))) { + // Here we go with the handling of OpenID authentification. - $loginname = ''; - if (isset ($_POST['loginname'])) { - $loginname = COM_applyFilter ($_POST['loginname']); - } - $passwd = ''; - if (isset ($_POST['passwd'])) { - $passwd = $_POST['passwd']; - } - $service = ''; - if (isset ($_POST['service'])) { - $service = COM_applyFilter($_POST['service']); - } - $uid = ''; - if (!empty($loginname) && !empty($passwd) && empty($service)) { - if (empty($service) && $_CONF['user_login_method']['standard']) { - $status = SEC_authenticate($loginname, $passwd, $uid); - } else { - $status = -1; - } + $query = array_merge($_GET, $_POST); - } elseif (( $_CONF['usersubmission'] == 0) && $_CONF['user_login_method']['3rdparty'] && ($service != '')) { - /* Distributed Authentication */ - //pass $loginname by ref so we can change it ;-) - $status = SEC_remoteAuthentication($loginname, $passwd, $service, $uid); - - } elseif ($_CONF['user_login_method']['openid'] && - ($_CONF['usersubmission'] == 0) && - !$_CONF['disable_new_user_registration'] && - (isset($_GET['openid_login']) && ($_GET['openid_login'] == '1'))) { - // Here we go with the handling of OpenID authentification. - - $query = array_merge($_GET, $_POST); - - if (isset($query['identity_url']) && - ($query['identity_url'] != 'http://')) { - $property = sprintf('%x', crc32($query['identity_url'])); - COM_clearSpeedlimit($_CONF['login_speedlimit'], 'openid'); - if (COM_checkSpeedlimit('openid', $_CONF['login_attempts'], - $property) > 0) { - displayLoginErrorAndAbort(82, $LANG12[26], $LANG04[112]); + if (isset($query['identity_url']) && + ($query['identity_url'] != 'http://')) { + $property = sprintf('%x', crc32($query['identity_url'])); + COM_clearSpeedlimit($_CONF['login_speedlimit'], 'openid'); + if (COM_checkSpeedlimit('openid', $_CONF['login_attempts'], + $property) > 0) { + displayLoginErrorAndAbort(82, $LANG12[26], $LANG04[112]); + } } - } - require_once $_CONF['path_system'] . 'classes/openidhelper.class.php'; + require_once $_CONF['path_system'] . 'classes/openidhelper.class.php'; - $consumer = new SimpleConsumer(); - $handler = new SimpleActionHandler($query, $consumer); + $consumer = new SimpleConsumer(); + $handler = new SimpleActionHandler($query, $consumer); - if (isset($query['identity_url']) && $query['identity_url'] != 'http://') { - $identity_url = $query['identity_url']; - $ret = $consumer->find_identity_info($identity_url); - if (!$ret) { - COM_updateSpeedlimit('login'); - $property = sprintf('%x', crc32($query['identity_url'])); - COM_updateSpeedlimit('openid', $property); - COM_errorLog('Unable to find an OpenID server for the identity URL ' . $identity_url); - echo COM_refresh($_CONF['site_url'] . '/users.php?msg=89'); - exit; + if (isset($query['identity_url']) && $query['identity_url'] != 'http://') { + $identity_url = $query['identity_url']; + $ret = $consumer->find_identity_info($identity_url); + if (!$ret) { + COM_updateSpeedlimit('login'); + $property = sprintf('%x', crc32($query['identity_url'])); + COM_updateSpeedlimit('openid', $property); + COM_errorLog('Unable to find an OpenID server for the identity URL ' . $identity_url); + echo COM_refresh($_CONF['site_url'] . '/users.php?msg=89'); + exit; + } else { + // Found identity server info. + list($identity_url, $server_id, $server_url) = $ret; + + // Redirect the user-agent to the OpenID server + // which we are requesting information from. + header('Location: ' . $consumer->handle_request( + $server_id, $server_url, + oidUtil::append_args($_CONF['site_url'] . '/users.php', + array('openid_login' => '1', + 'open_id' => $identity_url)), // Return to. + $_CONF['site_url'], // Trust root. + null, + "email,nickname,fullname")); // Required fields. + exit; + } + } elseif (isset($query['openid.mode']) || isset($query['openid_mode'])) { + $openid_mode = ''; + if (isset($query['openid.mode'])) { + $openid_mode = $query['openid.mode']; + } elseif (isset($query['openid_mode'])) { + $openid_mode = $query['openid_mode']; + } + if ($openid_mode === 'cancel') { + COM_updateSpeedlimit('login'); + echo COM_refresh($_CONF['site_url'] . '/users.php?msg=90'); + exit; + } else { + $openid = $handler->getOpenID(); + $req = new ConsumerRequest($openid, $query, 'GET'); + $response = $consumer->handle_response($req); + $response->doAction($handler); + } } else { - // Found identity server info. - list($identity_url, $server_id, $server_url) = $ret; - - // Redirect the user-agent to the OpenID server - // which we are requesting information from. - header('Location: ' . $consumer->handle_request( - $server_id, $server_url, - oidUtil::append_args($_CONF['site_url'] . '/users.php', - array('openid_login' => '1', - 'open_id' => $identity_url)), // Return to. - $_CONF['site_url'], // Trust root. - null, - "email,nickname,fullname")); // Required fields. - exit; - } - } elseif (isset($query['openid.mode']) || isset($query['openid_mode'])) { - $openid_mode = ''; - if (isset($query['openid.mode'])) { - $openid_mode = $query['openid.mode']; - } else if(isset($query['openid_mode'])) { - $openid_mode = $query['openid_mode']; - } - if ($openid_mode == 'cancel') { COM_updateSpeedlimit('login'); - echo COM_refresh($_CONF['site_url'] . '/users.php?msg=90'); + echo COM_refresh($_CONF['site_url'] . '/users.php?msg=91'); exit; - } else { - $openid = $handler->getOpenID(); - $req = new ConsumerRequest($openid, $query, 'GET'); - $response = $consumer->handle_response($req); - $response->doAction($handler); } - } else { - COM_updateSpeedlimit('login'); - echo COM_refresh($_CONF['site_url'] . '/users.php?msg=91'); - exit; - } - - } elseif ($_CONF['user_login_method']['oauth'] && - ($_CONF['usersubmission'] == 0) && - !$_CONF['disable_new_user_registration'] && - isset($_GET['oauth_login'])) { - // Here we go with the handling of OAuth authentification. - $modules = SEC_collectRemoteOAuthModules(); - $active_service = (count($modules) == 0) ? false : in_array($_GET['oauth_login'], $modules); - if (!$active_service) { - $status = -1; - COM_errorLog("OAuth login failed - there was no consumer available for the service:" . $_GET['oauth_login']); - } else { - $query = array_merge($_GET, $_POST); - $service = $query['oauth_login']; - COM_clearSpeedlimit($_CONF['login_speedlimit'], $service); - if (COM_checkSpeedlimit($service, $_CONF['login_attempts']) > 0) { - displayLoginErrorAndAbort(82, $LANG12[26], $LANG04[112]); - } + } elseif ($_CONF['user_login_method']['oauth'] && + ($_CONF['usersubmission'] == 0) && + !$_CONF['disable_new_user_registration'] && + isset($_GET['oauth_login'])) { + // Here we go with the handling of OAuth authentification. + $modules = SEC_collectRemoteOAuthModules(); + $active_service = (count($modules) == 0) ? false : in_array($_GET['oauth_login'], $modules); + if (!$active_service) { + $status = -1; + COM_errorLog("OAuth login failed - there was no consumer available for the service:" . $_GET['oauth_login']); + } else { + $query = array_merge($_GET, $_POST); + $service = $query['oauth_login']; - require_once $_CONF['path_system'] . 'classes/oauthhelper.class.php'; + COM_clearSpeedlimit($_CONF['login_speedlimit'], $service); + if (COM_checkSpeedlimit($service, $_CONF['login_attempts']) > 0) { + displayLoginErrorAndAbort(82, $LANG12[26], $LANG04[112]); + } - $consumer = new OAuthConsumer($service); + require_once $_CONF['path_system'] . 'classes/oauthhelper.class.php'; - $callback_url = $_CONF['site_url'] . '/users.php?oauth_login=' . $service; + $consumer = new OAuthConsumer($service); - $consumer->setRedirectURL($callback_url); - $oauth_userinfo = $consumer->authenticate_user(); - if ( $oauth_userinfo === false ) { - COM_updateSpeedlimit('login'); - COM_errorLog("OAuth Error: " . $consumer->error); - echo COM_refresh($_CONF['site_url'] . '/users.php?msg=110'); // OAuth authentication error - exit; - } + $callback_url = $_CONF['site_url'] . '/users.php?oauth_login=' . $service; - $consumer->doAction($oauth_userinfo); + $consumer->setRedirectURL($callback_url); + $oauth_userinfo = $consumer->authenticate_user(); + if ($oauth_userinfo === false) { + COM_updateSpeedlimit('login'); + COM_errorLog("OAuth Error: " . $consumer->error); + echo COM_refresh($_CONF['site_url'] . '/users.php?msg=110'); // OAuth authentication error + exit; + } + $consumer->doAction($oauth_userinfo); + } + } else { + $status = -2; // User just visited login page no error. -1 = error } - } else { - $status = -2; // User just visited login page no error. -1 = error - } - if ($status == USER_ACCOUNT_ACTIVE) { // logged in AOK. - if ($mode == 'tokenexpired') { - resend_request(); // won't come back - } - DB_change($_TABLES['users'],'pwrequestid',"NULL",'uid',$uid); - $userdata = SESS_getUserDataFromId($uid); - $_USER = $userdata; - $sessid = SESS_newSession($_USER['uid'], $_SERVER['REMOTE_ADDR'], $_CONF['session_cookie_timeout'], $_CONF['cookie_ip']); - SESS_setSessionCookie($sessid, $_CONF['session_cookie_timeout'], $_CONF['cookie_session'], $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure']); - PLG_loginUser ($_USER['uid']); - - // Now that we handled session cookies, handle longterm cookie - if (!isset($_COOKIE[$_CONF['cookie_name']]) || !isset($_COOKIE['cookie_password'])) { - // Either their cookie expired or they are new - $cooktime = COM_getUserCookieTimeout(); - if ($VERBOSE) { - COM_errorLog("Trying to set permanent cookie with time of $cooktime",1); + if ($status == USER_ACCOUNT_ACTIVE) { // logged in AOK. + if ($mode === 'tokenexpired') { + resend_request(); // won't come back } - if ($cooktime > 0) { - // They want their cookie to persist for some amount of time so set it now + DB_change($_TABLES['users'], 'pwrequestid', "NULL", 'uid', $uid); + $userdata = SESS_getUserDataFromId($uid); + $_USER = $userdata; + $sessid = SESS_newSession($_USER['uid'], $_SERVER['REMOTE_ADDR'], $_CONF['session_cookie_timeout'], $_CONF['cookie_ip']); + SESS_setSessionCookie($sessid, $_CONF['session_cookie_timeout'], $_CONF['cookie_session'], $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure']); + PLG_loginUser($_USER['uid']); + + // Now that we handled session cookies, handle longterm cookie + if (!isset($_COOKIE[$_CONF['cookie_name']]) || !isset($_COOKIE['cookie_password'])) { + // Either their cookie expired or they are new + $cooktime = COM_getUserCookieTimeout(); if ($VERBOSE) { - COM_errorLog('Trying to set permanent cookie',1); + COM_errorLog("Trying to set permanent cookie with time of $cooktime",1); } - SEC_setCookie($_CONF['cookie_name'], $_USER['uid'], - time() + $cooktime); - SEC_setCookie($_CONF['cookie_password'], - $_USER['passwd'], time() + $cooktime); - } - } else { - $userid = $_COOKIE[$_CONF['cookie_name']]; - if (empty ($userid) || ($userid == 'deleted')) { - unset ($userid); - } else { - $userid = COM_applyFilter ($userid, true); - if ($userid > 1) { + if ($cooktime > 0) { + // They want their cookie to persist for some amount of time so set it now if ($VERBOSE) { - COM_errorLog ('NOW trying to set permanent cookie',1); - COM_errorLog ('Got '.$userid.' from perm cookie in users.php',1); + COM_errorLog('Trying to set permanent cookie',1); } - // Create new session - $userdata = SESS_getUserDataFromId ($userid); - $_USER = $userdata; - if ($VERBOSE) { - COM_errorLog ('Got '.$_USER['username'].' for the username in user.php',1); + SEC_setCookie($_CONF['cookie_name'], $_USER['uid'], + time() + $cooktime); + SEC_setCookie($_CONF['cookie_password'], + $_USER['passwd'], time() + $cooktime); + } + } else { + $userid = $_COOKIE[$_CONF['cookie_name']]; + if (empty($userid) || ($userid === 'deleted')) { + unset($userid); + } else { + $userid = COM_applyFilter($userid, true); + if ($userid > 1) { + if ($VERBOSE) { + COM_errorLog('NOW trying to set permanent cookie',1); + COM_errorLog('Got '.$userid.' from perm cookie in users.php',1); + } + // Create new session + $userdata = SESS_getUserDataFromId($userid); + $_USER = $userdata; + if ($VERBOSE) { + COM_errorLog('Got '.$_USER['username'].' for the username in user.php',1); + } } } } - } - // Now that we have users data see if their theme cookie is set. - // If not set it - if (! empty($_USER['theme'])) { - setcookie($_CONF['cookie_theme'], $_USER['theme'], - time() + 31536000, $_CONF['cookie_path'], - $_CONF['cookiedomain'], $_CONF['cookiesecure']); - } + // Now that we have users data see if their theme cookie is set. + // If not set it + if (! empty($_USER['theme'])) { + setcookie($_CONF['cookie_theme'], $_USER['theme'], + time() + 31536000, $_CONF['cookie_path'], + $_CONF['cookiedomain'], $_CONF['cookiesecure']); + } - if (!empty($_SERVER['HTTP_REFERER']) - && (strstr($_SERVER['HTTP_REFERER'], '/users.php') === false) - && (substr($_SERVER['HTTP_REFERER'], 0, - strlen($_CONF['site_url'])) == $_CONF['site_url'])) { - $indexMsg = $_CONF['site_url'] . '/index.php?msg='; - if (substr ($_SERVER['HTTP_REFERER'], 0, strlen ($indexMsg)) == $indexMsg) { - $display .= COM_refresh ($_CONF['site_url'] . '/index.php'); - } else { - // If user is trying to login - force redirect to index.php - if (strstr ($_SERVER['HTTP_REFERER'], 'mode=login') === false) { - $display .= COM_refresh ($_SERVER['HTTP_REFERER']); + if (!empty($_SERVER['HTTP_REFERER']) + && (strstr($_SERVER['HTTP_REFERER'], '/users.php') === false) + && (substr($_SERVER['HTTP_REFERER'], 0, + strlen($_CONF['site_url'])) == $_CONF['site_url'])) { + $indexMsg = $_CONF['site_url'] . '/index.php?msg='; + if (substr($_SERVER['HTTP_REFERER'], 0, strlen($indexMsg)) == $indexMsg) { + $display .= COM_refresh($_CONF['site_url'] . '/index.php'); } else { - $display .= COM_refresh ($_CONF['site_url'] . '/index.php'); + // If user is trying to login - force redirect to index.php + if (strstr($_SERVER['HTTP_REFERER'], 'mode=login') === false) { + $display .= COM_refresh($_SERVER['HTTP_REFERER']); + } else { + $display .= COM_refresh($_CONF['site_url'] . '/index.php'); + } } + } else { + $display .= COM_refresh($_CONF['site_url'] . '/index.php'); } } else { - $display .= COM_refresh ($_CONF['site_url'] . '/index.php'); - } - } else { - // On failed login attempt, update speed limit - if (!empty($loginname) || !empty($passwd) || !empty($service) || - ($mode == 'tokenexpired')) { - COM_updateSpeedlimit('login'); - } - - $msg = 0; - if (isset($_REQUEST['msg'])) { - $msg = COM_applyFilter($_REQUEST['msg'], true); - } - if ($msg > 0) { - $display .= COM_showMessage($msg); - } + // On failed login attempt, update speed limit + if (!empty($loginname) || !empty($passwd) || !empty($service) || + ($mode === 'tokenexpired')) { + COM_updateSpeedlimit('login'); + } - switch ($mode) { - case 'create': - // Got bad account info from registration process, show error - // message and display form again - if ($_CONF['custom_registration'] AND - function_exists('CUSTOM_userForm')) { - $display .= CUSTOM_userForm(); - } else { - $display .= newuserform(); + $msg = 0; + if (isset($_REQUEST['msg'])) { + $msg = COM_applyFilter($_REQUEST['msg'], true); } - break; - - case 'tokenexpired': - // check to see if this was the last allowed attempt - if (COM_checkSpeedlimit('login', $_CONF['login_attempts']) > 0) { - $files = ''; - if (isset($_POST['token_files'])) { - $files = urldecode($_POST['token_files']); - } - if (! empty($files)) { - SECINT_cleanupFiles($files); - } - displayLoginErrorAndAbort(82, $LANG04[163], $LANG04[164]); - } else { - $returnurl = ''; - if (isset($_POST['token_returnurl'])) { - $returnurl = urldecode($_POST['token_returnurl']); - } - $method = ''; - if (isset($_POST['token_requestmethod'])) { - $method = COM_applyFilter($_POST['token_requestmethod']); - } - $postdata = ''; - if (isset($_POST['token_postdata'])) { - $postdata = urldecode($_POST['token_postdata']); - } - $getdata = ''; - if (isset($_POST['token_getdata'])) { - $getdata = urldecode($_POST['token_getdata']); - } - $files = ''; - if (isset($_POST['token_files'])) { - $files = urldecode($_POST['token_files']); - } - if (SECINT_checkToken() && !empty($method) && - !empty($returnurl) && - ((($method == 'POST') && !empty($postdata)) || - (($method == 'GET') && !empty($getdata)))) { - $display .= COM_showMessage(81); - $display .= SECINT_authform($returnurl, $method, - $postdata, $getdata, $files); - } else { - if (! empty($files)) { - SECINT_cleanupFiles($files); - } - echo COM_refresh($_CONF['site_url'] . '/index.php'); - exit; - } + if ($msg > 0) { + $display .= COM_showMessage($msg); } - break; - - default: - // check to see if this was the last allowed attempt - if (COM_checkSpeedlimit('login', $_CONF['login_attempts']) > 0) { - displayLoginErrorAndAbort(82, $LANG04[113], $LANG04[112]); - } else { // Show login form - if(($msg != 69) && ($msg != 70)) { - if (COM_isAnonUser()) { - if ($_CONF['custom_registration'] AND - function_exists('CUSTOM_loginErrorHandler')) { - // Typically this will be used if you have a custom - // main site page and need to control the login process - $display .= CUSTOM_loginErrorHandler($msg); - } else { - $display .= loginform(false, $status); + + switch ($mode) { + case 'create': + // Got bad account info from registration process, show error + // message and display form again + if ($_CONF['custom_registration'] && + function_exists('CUSTOM_userForm')) { + $display .= CUSTOM_userForm(); + } else { + $display .= newuserform(); + } + break; + + case 'tokenexpired': + // check to see if this was the last allowed attempt + if (COM_checkSpeedlimit('login', $_CONF['login_attempts']) > 0) { + $files = ''; + if (isset($_POST['token_files'])) { + $files = urldecode($_POST['token_files']); + } + if (! empty($files)) { + SECINT_cleanupFiles($files); } + displayLoginErrorAndAbort(82, $LANG04[163], $LANG04[164]); } else { - // user is already logged in - $display .= COM_startBlock ($LANG04['user_login']); - $display .= '

' . $LANG04['user_logged_in_message'] . '

'; - $display .= COM_endBlock (); + $returnurl = ''; + if (isset($_POST['token_returnurl'])) { + $returnurl = urldecode($_POST['token_returnurl']); + } + $method = ''; + if (isset($_POST['token_requestmethod'])) { + $method = COM_applyFilter($_POST['token_requestmethod']); + } + $postdata = ''; + if (isset($_POST['token_postdata'])) { + $postdata = urldecode($_POST['token_postdata']); + } + $getdata = ''; + if (isset($_POST['token_getdata'])) { + $getdata = urldecode($_POST['token_getdata']); + } + $files = ''; + if (isset($_POST['token_files'])) { + $files = urldecode($_POST['token_files']); + } + if (SECINT_checkToken() && !empty($method) && + !empty($returnurl) && + ((($method === 'POST') && !empty($postdata)) || + (($method === 'GET') && !empty($getdata)))) { + $display .= COM_showMessage(81); + $display .= SECINT_authform($returnurl, $method, + $postdata, $getdata, $files); + } else { + if (! empty($files)) { + SECINT_cleanupFiles($files); + } + echo COM_refresh($_CONF['site_url'] . '/index.php'); + exit; + } } - } + break; + + default: + // check to see if this was the last allowed attempt + if (COM_checkSpeedlimit('login', $_CONF['login_attempts']) > 0) { + displayLoginErrorAndAbort(82, $LANG04[113], $LANG04[112]); + } else { // Show login form + if(($msg != 69) && ($msg != 70)) { + if (COM_isAnonUser()) { + if ($_CONF['custom_registration'] && + function_exists('CUSTOM_loginErrorHandler')) { + // Typically this will be used if you have a custom + // main site page and need to control the login process + $display .= CUSTOM_loginErrorHandler($msg); + } else { + $display .= loginform(false, $status); + } + } else { + // user is already logged in + $display .= COM_startBlock($LANG04['user_login']); + $display .= '

' . $LANG04['user_logged_in_message'] . '

'; + $display .= COM_endBlock(); + } + } + } + break; } - break; - } - $display = COM_createHTMLDocument($display); - } - break; + $display = COM_createHTMLDocument($display); + } + break; } COM_output($display); - -?> diff --git a/public_html/usersettings.php b/public_html/usersettings.php index ed96f6a8e..fb94a296b 100644 --- a/public_html/usersettings.php +++ b/public_html/usersettings.php @@ -2,7 +2,7 @@ /* Reminder: always indent with 4 spaces (no tabs). */ // +---------------------------------------------------------------------------+ -// | Geeklog 1.7 | +// | Geeklog 2.1 | // +---------------------------------------------------------------------------+ // | usersettings.php | // | | @@ -53,18 +53,20 @@ function edituser() global $_CONF, $_TABLES, $_USER, $LANG_MYACCOUNT, $LANG04, $LANG_ADMIN, $_SCRIPTS; $result = DB_query("SELECT fullname,cookietimeout,email,homepage,sig,emailstories,about,location,pgpkey,photo,remoteservice FROM {$_TABLES['users']},{$_TABLES['userprefs']},{$_TABLES['userinfo']} WHERE {$_TABLES['users']}.uid = {$_USER['uid']} AND {$_TABLES['userprefs']}.uid = {$_USER['uid']} AND {$_TABLES['userinfo']}.uid = {$_USER['uid']}"); - $A = DB_fetchArray ($result); + $A = DB_fetchArray($result); $preferences = COM_newTemplate($_CONF['path_layout'] . 'preferences'); - $preferences->set_file (array ('profile' => 'profile.thtml', - 'photo' => 'userphoto.thtml', - 'username' => 'username.thtml', - 'password' => 'password.thtml', - 'current_password' => 'current_password.thtml', - 'resynch' => 'resynch.thtml', - 'deleteaccount' => 'deleteaccount.thtml')); - - include ($_CONF['path_system'] . 'classes/navbar.class.php'); + $preferences->set_file(array( + 'profile' => 'profile.thtml', + 'photo' => 'userphoto.thtml', + 'username' => 'username.thtml', + 'password' => 'password.thtml', + 'current_password' => 'current_password.thtml', + 'resynch' => 'resynch.thtml', + 'deleteaccount' => 'deleteaccount.thtml' + )); + + include $_CONF['path_system'] . 'classes/navbar.class.php'; $navbar = new navbar; $cnt = 0; foreach ($LANG_MYACCOUNT as $id => $label) { @@ -72,16 +74,16 @@ function edituser() $cnt++; } $navbar->set_selected($LANG_MYACCOUNT['pe_namepass']); - $preferences->set_var ('navbar', $navbar->generate()); + $preferences->set_var('navbar', $navbar->generate()); - //$preferences->set_var ('no_javascript_warning', $LANG04[150]); + //$preferences->set_var('no_javascript_warning', $LANG04[150]); $preferences->set_var('noscript', COM_getNoScript()); - $preferences->set_var ('cssid1', 1); - $preferences->set_var ('cssid2', 2); + $preferences->set_var('cssid1', 1); + $preferences->set_var('cssid2', 2); - $preferences->set_var ('preview', USER_showProfile($_USER['uid'], true)); - $preferences->set_var ('prefs', editpreferences()); + $preferences->set_var('preview', USER_showProfile($_USER['uid'], true)); + $preferences->set_var('prefs', editpreferences()); // Add JavaScript $_SCRIPTS->setJavaScriptFile('profile_editor', '/javascript/profile_editor.js'); @@ -122,124 +124,123 @@ function edituser() $first = 2; $second = 1; } - $preferences->set_var ('cssid1u', $first); - $preferences->set_var ('cssid2u', $second); + $preferences->set_var('cssid1u', $first); + $preferences->set_var('cssid2u', $second); if ($_CONF['allow_user_photo'] == 1) { $tmp = $first; $first = $second; $second = $tmp; } - $preferences->set_var ('cssid1p', $first); - $preferences->set_var ('cssid2p', $second); - - $preferences->set_var ('lang_fullname', $LANG04[3]); - $preferences->set_var ('lang_fullname_text', $LANG04[34]); - $preferences->set_var ('lang_username', $LANG04[2]); - $preferences->set_var ('lang_username_text', $LANG04[87]); - $preferences->set_var ('lang_password_help_title', $LANG04[146]); - $preferences->set_var ('lang_password_help', $LANG04[147]); - $preferences->set_var ('lang_password', $LANG04[4]); - $preferences->set_var ('lang_password_text', $LANG04[35]); - $preferences->set_var ('lang_password_conf', $LANG04[108]); - $preferences->set_var ('lang_password_text_conf', $LANG04[109]); - $preferences->set_var ('lang_old_password', $LANG04[110]); - $preferences->set_var ('lang_old_password_text', $LANG04[111]); - $preferences->set_var ('lang_cooktime', $LANG04[68]); - $preferences->set_var ('lang_cooktime_text', $LANG04[69]); - $preferences->set_var ('lang_email', $LANG04[5]); - $preferences->set_var ('lang_email_text', $LANG04[33]); - $preferences->set_var ('lang_email_conf', $LANG04[124]); - $preferences->set_var ('lang_email_conf_text', $LANG04[126]); - $preferences->set_var ('lang_userinfo_help_title', $LANG04[148]); - $preferences->set_var ('lang_userinfo_help', $LANG04[149]); - $preferences->set_var ('lang_homepage', $LANG04[6]); - $preferences->set_var ('lang_homepage_text', $LANG04[36]); - $preferences->set_var ('lang_location', $LANG04[106]); - $preferences->set_var ('lang_location_text', $LANG04[107]); - $preferences->set_var ('lang_signature', $LANG04[32]); - $preferences->set_var ('lang_signature_text', $LANG04[37]); - $preferences->set_var ('lang_userphoto', $LANG04[77]); - $preferences->set_var ('lang_userphoto_text', $LANG04[78]); - $preferences->set_var ('lang_about', $LANG04[7]); - $preferences->set_var ('lang_about_text', $LANG04[38]); - $preferences->set_var ('lang_pgpkey', $LANG04[8]); - $preferences->set_var ('lang_pgpkey_text', $LANG04[39]); - $preferences->set_var ('lang_submit', $LANG04[9]); - $preferences->set_var ('lang_cancel',$LANG_ADMIN['cancel']); - $preferences->set_var ('lang_preview_title', $LANG04[145]); - $preferences->set_var ('lang_enter_current_password', $LANG04[127]); - $preferences->set_var ('lang_name_legend', $LANG04[128]); - $preferences->set_var ('lang_password_email_legend', $LANG04[129]); - $preferences->set_var ('lang_personal_info_legend', $LANG04[130]); - $preferences->set_var ('lang_resynch', $LANG04[166]); - - $display_name = COM_getDisplayName ($_USER['uid']); - - //$preferences->set_var ('start_block_profile', - // COM_startBlock ($LANG04[1] . ' ' . $display_name)); - //$preferences->set_var ('end_block', COM_endBlock ()); - - $preferences->set_var ('profile_headline', + $preferences->set_var('cssid1p', $first); + $preferences->set_var('cssid2p', $second); + + $preferences->set_var('lang_fullname', $LANG04[3]); + $preferences->set_var('lang_fullname_text', $LANG04[34]); + $preferences->set_var('lang_username', $LANG04[2]); + $preferences->set_var('lang_username_text', $LANG04[87]); + $preferences->set_var('lang_password_help_title', $LANG04[146]); + $preferences->set_var('lang_password_help', $LANG04[147]); + $preferences->set_var('lang_password', $LANG04[4]); + $preferences->set_var('lang_password_text', $LANG04[35]); + $preferences->set_var('lang_password_conf', $LANG04[108]); + $preferences->set_var('lang_password_text_conf', $LANG04[109]); + $preferences->set_var('lang_old_password', $LANG04[110]); + $preferences->set_var('lang_old_password_text', $LANG04[111]); + $preferences->set_var('lang_cooktime', $LANG04[68]); + $preferences->set_var('lang_cooktime_text', $LANG04[69]); + $preferences->set_var('lang_email', $LANG04[5]); + $preferences->set_var('lang_email_text', $LANG04[33]); + $preferences->set_var('lang_email_conf', $LANG04[124]); + $preferences->set_var('lang_email_conf_text', $LANG04[126]); + $preferences->set_var('lang_userinfo_help_title', $LANG04[148]); + $preferences->set_var('lang_userinfo_help', $LANG04[149]); + $preferences->set_var('lang_homepage', $LANG04[6]); + $preferences->set_var('lang_homepage_text', $LANG04[36]); + $preferences->set_var('lang_location', $LANG04[106]); + $preferences->set_var('lang_location_text', $LANG04[107]); + $preferences->set_var('lang_signature', $LANG04[32]); + $preferences->set_var('lang_signature_text', $LANG04[37]); + $preferences->set_var('lang_userphoto', $LANG04[77]); + $preferences->set_var('lang_userphoto_text', $LANG04[78]); + $preferences->set_var('lang_about', $LANG04[7]); + $preferences->set_var('lang_about_text', $LANG04[38]); + $preferences->set_var('lang_pgpkey', $LANG04[8]); + $preferences->set_var('lang_pgpkey_text', $LANG04[39]); + $preferences->set_var('lang_submit', $LANG04[9]); + $preferences->set_var('lang_cancel',$LANG_ADMIN['cancel']); + $preferences->set_var('lang_preview_title', $LANG04[145]); + $preferences->set_var('lang_enter_current_password', $LANG04[127]); + $preferences->set_var('lang_name_legend', $LANG04[128]); + $preferences->set_var('lang_password_email_legend', $LANG04[129]); + $preferences->set_var('lang_personal_info_legend', $LANG04[130]); + $preferences->set_var('lang_resynch', $LANG04[166]); + + $display_name = COM_getDisplayName($_USER['uid']); + + //$preferences->set_var('start_block_profile', + // COM_startBlock($LANG04[1] . ' ' . $display_name)); + //$preferences->set_var('end_block', COM_endBlock()); + + $preferences->set_var('profile_headline', $LANG04[1] . ' ' . $display_name); if ($_CONF['allow_user_photo'] == 1) { - $preferences->set_var ('enctype', 'enctype="multipart/form-data"'); + $preferences->set_var('enctype', 'enctype="multipart/form-data"'); } else { - $preferences->set_var ('enctype', ''); + $preferences->set_var('enctype', ''); } - $preferences->set_var ('fullname_value', htmlspecialchars ($A['fullname'])); - $preferences->set_var ('new_username_value', - htmlspecialchars ($_USER['username'])); + $preferences->set_var('fullname_value', htmlspecialchars($A['fullname'])); + $preferences->set_var('new_username_value', htmlspecialchars($_USER['username'])); if ($A['remoteservice'] == '') { - $preferences->set_var ('password_value', ''); - $preferences->parse ('password_option', 'password', true); - $preferences->parse ('current_password_option', 'current_password', true); - $preferences->set_var ('resynch_option', ''); + $preferences->set_var('password_value', ''); + $preferences->parse('password_option', 'password', true); + $preferences->parse('current_password_option', 'current_password', true); + $preferences->set_var('resynch_option', ''); } else { - $preferences->set_var ('password_option', ''); - $preferences->set_var ('current_password_option', ''); + $preferences->set_var('password_option', ''); + $preferences->set_var('current_password_option', ''); if ($_CONF['user_login_method']['oauth'] && (strpos($_USER['remoteservice'], 'oauth.') === 0)) { // OAuth only supports re-synch at the moment - $preferences->set_var ('resynch_checked', ''); - $preferences->parse ('resynch_option', 'resynch', true); + $preferences->set_var('resynch_checked', ''); + $preferences->parse('resynch_option', 'resynch', true); } else { - $preferences->set_var ('resynch_option', ''); + $preferences->set_var('resynch_option', ''); } } if ($_CONF['allow_username_change'] == 1) { - $preferences->parse ('username_option', 'username', true); + $preferences->parse('username_option', 'username', true); } else { - $preferences->set_var ('username_option', ''); + $preferences->set_var('username_option', ''); } $selection = ''; - $preferences->set_var ('cooktime_selector', $selection); + $preferences->set_var('cooktime_selector', $selection); - $preferences->set_var ('email_value', htmlspecialchars ($A['email'])); - $preferences->set_var ('homepage_value', - htmlspecialchars (COM_killJS ($A['homepage']))); - $preferences->set_var ('location_value', - htmlspecialchars (strip_tags ($A['location']))); - $preferences->set_var ('signature_value', htmlspecialchars ($A['sig'])); + $preferences->set_var('email_value', htmlspecialchars($A['email'])); + $preferences->set_var('homepage_value', + htmlspecialchars(COM_killJS ($A['homepage']))); + $preferences->set_var('location_value', + htmlspecialchars(strip_tags($A['location']))); + $preferences->set_var('signature_value', htmlspecialchars($A['sig'])); if ($_CONF['allow_user_photo'] == 1) { - $photo = USER_getPhoto ($_USER['uid'], $A['photo'], $A['email'], -1); - if (empty ($photo)) { - $preferences->set_var ('display_photo', ''); + $photo = USER_getPhoto($_USER['uid'], $A['photo'], $A['email'], -1); + if (empty($photo)) { + $preferences->set_var('display_photo', ''); } else { - if (empty ($A['photo'])) { // external avatar + if (empty($A['photo'])) { // external avatar $photo = '' . $photo; } else { // uploaded photo - add delete option $photo = '' . $photo . '' . $LANG04[79] . ' ' . LB; } - $preferences->set_var ('display_photo', $photo); + $preferences->set_var('display_photo', $photo); } if (empty($_CONF['image_lib'])) { $scaling = $LANG04[162]; @@ -250,48 +251,47 @@ function edituser() sprintf($LANG04[160], $_CONF['max_photo_width'], $_CONF['max_photo_height'], $_CONF['max_photo_size'], $scaling)); - $preferences->parse ('userphoto_option', 'photo', true); + $preferences->parse('userphoto_option', 'photo', true); } else { - $preferences->set_var ('userphoto_option', ''); + $preferences->set_var('userphoto_option', ''); } $result = DB_query("SELECT about,pgpkey FROM {$_TABLES['userinfo']} WHERE uid = {$_USER['uid']}"); $A = DB_fetchArray($result); - $reqid = substr (md5 (uniqid (rand (), 1)), 1, 16); - DB_change ($_TABLES['users'], 'pwrequestid', $reqid, 'uid', $_USER['uid']); + $reqid = substr(md5(uniqid(rand (), 1)), 1, 16); + DB_change($_TABLES['users'], 'pwrequestid', $reqid, 'uid', $_USER['uid']); - $preferences->set_var ('about_value', htmlspecialchars ($A['about'])); - $preferences->set_var ('pgpkey_value', htmlspecialchars ($A['pgpkey'])); - $preferences->set_var ('uid_value', $reqid); - $preferences->set_var ('username_value', - htmlspecialchars ($_USER['username'])); + $preferences->set_var('about_value', htmlspecialchars($A['about'])); + $preferences->set_var('pgpkey_value', htmlspecialchars($A['pgpkey'])); + $preferences->set_var('uid_value', $reqid); + $preferences->set_var('username_value', htmlspecialchars($_USER['username'])); if ($_CONF['allow_account_delete'] == 1) { - $preferences->set_var ('lang_deleteaccount', $LANG04[156]); - $preferences->set_var ('delete_text', $LANG04[95]); - $preferences->set_var ('lang_button_delete', $LANG04[96]); - $preferences->set_var ('delete_mode', 'confirmdelete'); - $preferences->set_var ('account_id', $reqid); - if (isset ($LANG04[157])) { - $preferences->set_var ('lang_deleteoption', $LANG04[157]); + $preferences->set_var('lang_deleteaccount', $LANG04[156]); + $preferences->set_var('delete_text', $LANG04[95]); + $preferences->set_var('lang_button_delete', $LANG04[96]); + $preferences->set_var('delete_mode', 'confirmdelete'); + $preferences->set_var('account_id', $reqid); + if (isset($LANG04[157])) { + $preferences->set_var('lang_deleteoption', $LANG04[157]); } else { - $preferences->set_var ('lang_deleteoption', $LANG04[156]); + $preferences->set_var('lang_deleteoption', $LANG04[156]); } - $preferences->parse ('delete_account_option', 'deleteaccount', false); + $preferences->parse('delete_account_option', 'deleteaccount', false); } else { - $preferences->set_var ('delete_account_option', ''); + $preferences->set_var('delete_account_option', ''); } // Call custom account form and edit function if enabled and exists - if ($_CONF['custom_registration'] AND (function_exists('CUSTOM_userEdit'))) { - $preferences->set_var ('customfields', CUSTOM_userEdit($_USER['uid']) ); + if ($_CONF['custom_registration'] && (function_exists('CUSTOM_userEdit'))) { + $preferences->set_var('customfields', CUSTOM_userEdit($_USER['uid']) ); } - PLG_profileVariablesEdit ($_USER['uid'], $preferences); + PLG_profileVariablesEdit($_USER['uid'], $preferences); - $retval = $preferences->finish ($preferences->parse ('output', 'profile')); - $retval .= PLG_profileBlocksEdit ($_USER['uid']); + $retval = $preferences->finish($preferences->parse('output', 'profile')); + $retval .= PLG_profileBlocksEdit($_USER['uid']); return $retval; } @@ -299,17 +299,17 @@ function edituser() /** * Ask user for confirmation to delete his/her account. * -* @param string form_reqid request id +* @param string $form_reqid request id * @return string confirmation form * */ -function confirmAccountDelete ($form_reqid) +function confirmAccountDelete($form_reqid) { global $_CONF, $_TABLES, $_USER, $LANG04; - if (DB_count ($_TABLES['users'], array ('pwrequestid', 'uid'), array ($form_reqid, $_USER['uid'])) != 1) { + if (DB_count($_TABLES['users'], array('pwrequestid', 'uid'), array($form_reqid, $_USER['uid'])) != 1) { // not found - abort - return COM_refresh ($_CONF['site_url'] . '/index.php'); + return COM_refresh($_CONF['site_url'] . '/index.php'); } // Do not check current password for remote users. At some point we should reauthenticate with the service when deleting the account @@ -322,8 +322,8 @@ function confirmAccountDelete ($form_reqid) } } - $reqid = substr (md5 (uniqid (rand (), 1)), 1, 16); - DB_change ($_TABLES['users'], 'pwrequestid', "$reqid", + $reqid = substr(md5(uniqid(rand (), 1)), 1, 16); + DB_change($_TABLES['users'], 'pwrequestid', "$reqid", 'uid', $_USER['uid']); $msg = '

' . $LANG04[98] . '

' . LB . '
' . LB @@ -341,25 +341,25 @@ function confirmAccountDelete ($form_reqid) /** * Delete an account * -* @param string form_reqid request id +* @param string $form_reqid request id * @return string redirection to main page (+ success msg) * */ -function deleteUserAccount ($form_reqid) +function deleteUserAccount($form_reqid) { global $_CONF, $_TABLES, $_USER; - if (DB_count ($_TABLES['users'], array ('pwrequestid', 'uid'), - array ($form_reqid, $_USER['uid'])) != 1) { + if (DB_count($_TABLES['users'], array('pwrequestid', 'uid'), + array($form_reqid, $_USER['uid'])) != 1) { // not found - abort - return COM_refresh ($_CONF['site_url'] . '/index.php'); + return COM_refresh($_CONF['site_url'] . '/index.php'); } - if (!USER_deleteAccount ($_USER['uid'])) { - return COM_refresh ($_CONF['site_url'] . '/index.php'); + if (!USER_deleteAccount($_USER['uid'])) { + return COM_refresh($_CONF['site_url'] . '/index.php'); } - return COM_refresh ($_CONF['site_url'] . '/index.php?msg=57'); + return COM_refresh($_CONF['site_url'] . '/index.php?msg=57'); } /** @@ -376,108 +376,108 @@ function editpreferences() // 'maxstories' may be 0, in which case it will pick up the default // setting for the current topic or $_CONF['limitnews'] (see index.php) - if (empty ($A['maxstories'])) { + if (empty($A['maxstories'])) { $A['maxstories'] = 0; - } else if ($A['maxstories'] > 0) { + } elseif ($A['maxstories'] > 0) { if ($A['maxstories'] < $_CONF['minnews']) { $A['maxstories'] = $_CONF['minnews']; } } $preferences = COM_newTemplate($_CONF['path_layout'] . 'preferences'); - $preferences->set_file (array ('prefs' => 'displayprefs.thtml', - 'display' => 'displayblock.thtml', - 'exclude' => 'excludeblock.thtml', - 'digest' => 'digestblock.thtml', - 'boxes' => 'boxesblock.thtml', - 'comment' => 'commentblock.thtml', - 'language' => 'language.thtml', - 'theme' => 'theme.thtml', - 'privacy' => 'privacyblock.thtml', - 'editor' => 'editor.thtml' - )); - $preferences->set_var ('user_name', $_USER['username']); - - $preferences->set_var ('lang_language', $LANG04[73]); - $preferences->set_var ('lang_theme', $LANG04[72]); - $preferences->set_var ('lang_theme_text', $LANG04[74]); - $preferences->set_var ('lang_misc_title', $LANG04[138]); - $preferences->set_var ('lang_misc_help_title', $LANG04[139]); - $preferences->set_var ('lang_misc_help', $LANG04[140]); - $preferences->set_var ('lang_noicons', $LANG04[40]); - $preferences->set_var ('lang_noicons_text', $LANG04[49]); - $preferences->set_var ('lang_noboxes', $LANG04[44]); - $preferences->set_var ('lang_noboxes_text', $LANG04[51]); - $preferences->set_var ('lang_maxstories', $LANG04[43]); - if (strpos ($LANG04[52], '%d') === false) { + $preferences->set_file(array( + 'prefs' => 'displayprefs.thtml', + 'display' => 'displayblock.thtml', + 'exclude' => 'excludeblock.thtml', + 'digest' => 'digestblock.thtml', + 'boxes' => 'boxesblock.thtml', + 'comment' => 'commentblock.thtml', + 'language' => 'language.thtml', + 'theme' => 'theme.thtml', + 'privacy' => 'privacyblock.thtml', + 'editor' => 'editor.thtml' + )); + $preferences->set_var('user_name', $_USER['username']); + + $preferences->set_var('lang_language', $LANG04[73]); + $preferences->set_var('lang_theme', $LANG04[72]); + $preferences->set_var('lang_theme_text', $LANG04[74]); + $preferences->set_var('lang_misc_title', $LANG04[138]); + $preferences->set_var('lang_misc_help_title', $LANG04[139]); + $preferences->set_var('lang_misc_help', $LANG04[140]); + $preferences->set_var('lang_noicons', $LANG04[40]); + $preferences->set_var('lang_noicons_text', $LANG04[49]); + $preferences->set_var('lang_noboxes', $LANG04[44]); + $preferences->set_var('lang_noboxes_text', $LANG04[51]); + $preferences->set_var('lang_maxstories', $LANG04[43]); + if (strpos($LANG04[52], '%d') === false) { $maxtext = $LANG04[52] . ' ' . $_CONF['limitnews']; } else { - $maxtext = sprintf ($LANG04[52], $_CONF['limitnews']); - } - $preferences->set_var ('lang_maxstories_text', $maxtext); - $preferences->set_var ('lang_dateformat', $LANG04[42]); - $preferences->set_var ('lang_excluded_items_title', $LANG04[137]); - $preferences->set_var ('lang_excluded_items', $LANG04[54]); - $preferences->set_var ('lang_exclude_title', $LANG04[136]); - $preferences->set_var ('lang_topics', $LANG04[48]); - $preferences->set_var ('lang_emailedtopics', $LANG04[76]); - $preferences->set_var ('lang_digest_top_header', $LANG04[131]); - $preferences->set_var ('lang_digest_help_header', $LANG04[132]); - $preferences->set_var ('lang_boxes_title', $LANG04[144]); - $preferences->set_var ('lang_boxes_help_title', $LANG04[143]); - $preferences->set_var ('lang_boxes', $LANG04[55]); - $preferences->set_var ('lang_displaymode', $LANG04[57]); - $preferences->set_var ('lang_displaymode_text', $LANG04[60]); - $preferences->set_var ('lang_sortorder', $LANG04[58]); - $preferences->set_var ('lang_sortorder_text', $LANG04[61]); - $preferences->set_var ('lang_comment_title', $LANG04[133]); - $preferences->set_var ('lang_comment_help_title', $LANG04[134]); - $preferences->set_var ('lang_comment_help', $LANG04[135]); - $preferences->set_var ('lang_commentlimit', $LANG04[59]); - $preferences->set_var ('lang_commentlimit_text', $LANG04[62]); - $preferences->set_var ('lang_privacy_title', $LANG04[141]); - $preferences->set_var ('lang_privacy_help_title', $LANG04[141]); - $preferences->set_var ('lang_privacy_help', $LANG04[142]); - $preferences->set_var ('lang_emailfromadmin', $LANG04[100]); - $preferences->set_var ('lang_emailfromadmin_text', $LANG04[101]); - $preferences->set_var ('lang_emailfromuser', $LANG04[102]); - $preferences->set_var ('lang_emailfromuser_text', $LANG04[103]); - $preferences->set_var ('lang_showonline', $LANG04[104]); - $preferences->set_var ('lang_showonline_text', $LANG04[105]); - $preferences->set_var ('lang_submit', $LANG04[9]); - - $display_name = COM_getDisplayName ($_USER['uid']); - - $preferences->set_var ('lang_authors_exclude', $LANG04[46]); - $preferences->set_var ('lang_boxes_exclude', $LANG04[47]); - - $preferences->set_var ('start_block_display', - COM_startBlock ($LANG04[45] . ' ' . $display_name)); - $preferences->set_var ('start_block_digest', - COM_startBlock ($LANG04[75] . ' ' . $display_name)); - $preferences->set_var ('start_block_comment', - COM_startBlock ($LANG04[64] . ' ' . $display_name)); - $preferences->set_var ('start_block_privacy', - COM_startBlock ($LANG04[99] . ' ' . $display_name)); - $preferences->set_var ('end_block', COM_endBlock ()); - - $preferences->set_var ('display_headline', + $maxtext = sprintf($LANG04[52], $_CONF['limitnews']); + } + $preferences->set_var('lang_maxstories_text', $maxtext); + $preferences->set_var('lang_dateformat', $LANG04[42]); + $preferences->set_var('lang_excluded_items_title', $LANG04[137]); + $preferences->set_var('lang_excluded_items', $LANG04[54]); + $preferences->set_var('lang_exclude_title', $LANG04[136]); + $preferences->set_var('lang_topics', $LANG04[48]); + $preferences->set_var('lang_emailedtopics', $LANG04[76]); + $preferences->set_var('lang_digest_top_header', $LANG04[131]); + $preferences->set_var('lang_digest_help_header', $LANG04[132]); + $preferences->set_var('lang_boxes_title', $LANG04[144]); + $preferences->set_var('lang_boxes_help_title', $LANG04[143]); + $preferences->set_var('lang_boxes', $LANG04[55]); + $preferences->set_var('lang_displaymode', $LANG04[57]); + $preferences->set_var('lang_displaymode_text', $LANG04[60]); + $preferences->set_var('lang_sortorder', $LANG04[58]); + $preferences->set_var('lang_sortorder_text', $LANG04[61]); + $preferences->set_var('lang_comment_title', $LANG04[133]); + $preferences->set_var('lang_comment_help_title', $LANG04[134]); + $preferences->set_var('lang_comment_help', $LANG04[135]); + $preferences->set_var('lang_commentlimit', $LANG04[59]); + $preferences->set_var('lang_commentlimit_text', $LANG04[62]); + $preferences->set_var('lang_privacy_title', $LANG04[141]); + $preferences->set_var('lang_privacy_help_title', $LANG04[141]); + $preferences->set_var('lang_privacy_help', $LANG04[142]); + $preferences->set_var('lang_emailfromadmin', $LANG04[100]); + $preferences->set_var('lang_emailfromadmin_text', $LANG04[101]); + $preferences->set_var('lang_emailfromuser', $LANG04[102]); + $preferences->set_var('lang_emailfromuser_text', $LANG04[103]); + $preferences->set_var('lang_showonline', $LANG04[104]); + $preferences->set_var('lang_showonline_text', $LANG04[105]); + $preferences->set_var('lang_submit', $LANG04[9]); + + $display_name = COM_getDisplayName($_USER['uid']); + + $preferences->set_var('lang_authors_exclude', $LANG04[46]); + $preferences->set_var('lang_boxes_exclude', $LANG04[47]); + + $preferences->set_var('start_block_display', + COM_startBlock($LANG04[45] . ' ' . $display_name)); + $preferences->set_var('start_block_digest', + COM_startBlock($LANG04[75] . ' ' . $display_name)); + $preferences->set_var('start_block_comment', + COM_startBlock($LANG04[64] . ' ' . $display_name)); + $preferences->set_var('start_block_privacy', + COM_startBlock($LANG04[99] . ' ' . $display_name)); + $preferences->set_var('end_block', COM_endBlock()); + + $preferences->set_var('display_headline', $LANG04[45] . ' ' . $display_name); - $preferences->set_var ('exclude_headline', + $preferences->set_var('exclude_headline', $LANG04[46] . ' ' . $display_name); - $preferences->set_var ('digest_headline', + $preferences->set_var('digest_headline', $LANG04[75] . ' ' . $display_name); - $preferences->set_var ('boxes_headline', + $preferences->set_var('boxes_headline', $LANG04[47] . ' ' . $display_name); - $preferences->set_var ('comment_headline', + $preferences->set_var('comment_headline', $LANG04[64] . ' ' . $display_name); - $preferences->set_var ('privacy_headline', + $preferences->set_var('privacy_headline', $LANG04[99] . ' ' . $display_name); // display preferences block if ($_CONF['allow_user_language'] == 1) { - - if (empty ($_USER['language'])) { + if (empty($_USER['language'])) { $userlang = $_CONF['language']; } else { $userlang = $_USER['language']; @@ -485,13 +485,13 @@ function editpreferences() // if multi-language content return just languages supported (assume config options are setup correctly and both contain the same language mappings) if (!empty($_CONF['languages']) && !empty($_CONF['language_files'])) { - $language = MBYTE_languageList ($_CONF['default_charset'], true); + $language = MBYTE_languageList($_CONF['default_charset'], true); } else { // Get available languages - $language = MBYTE_languageList ($_CONF['default_charset']); + $language = MBYTE_languageList($_CONF['default_charset']); } - $has_valid_language = count (array_keys ($language, $userlang)); + $has_valid_language = count(array_keys($language, $userlang)); if ($has_valid_language == 0) { // The user's preferred language is no longer available. // We have a problem now, since we've overwritten $_CONF['language'] @@ -499,7 +499,7 @@ function editpreferences() // therefore don't know what the system's default language is. // So we'll try to find a similar language. If that doesn't help, // the dropdown will default to the first language in the list ... - $tmp = explode ('_', $userlang); + $tmp = explode('_', $userlang); $similarLang = $tmp[0]; } @@ -508,20 +508,20 @@ function editpreferences() foreach ($language as $langFile => $langName) { $selection .= '