PageRenderTime 59ms CodeModel.GetById 19ms RepoModel.GetById 0ms app.codeStats 1ms

/phpBB3/includes/functions.php

http://pbb-png1.googlecode.com/
PHP | 2461 lines | 1670 code | 358 blank | 433 comment | 403 complexity | cd048a42dd93f5f08411884ce552b9c8 MD5 | raw file
    

  1. <?php
    2. 

  2. /**
    3. 

  3. *
    4. 

  4. * @package phpBB3
    5. 

  5. * @version $Id: functions.php 9153 2008-12-02 17:02:56Z acydburn $
    6. 

  6. * @copyright (c) 2005 phpBB Group
    7. 

  7. * @license http://opensource.org/licenses/gpl-license.php GNU Public License
    8. 

  8. *
    9. 

  9. */
    10. 

  10. 

  11. /**
    12. 

  12. * @ignore
    13. 

  13. */
    14. 

  14. if (!defined('IN_PHPBB'))
    15. 

  15. {
    16. 

  16. 	exit;
    17. 

  17. }
    18. 

  18. 

  19. // Common global functions
    20. 

  20. 

  21. /**
    22. 

  22. * set_var
    23. 

  23. *
    24. 

  24. * Set variable, used by {@link request_var the request_var function}
    25. 

  25. *
    26. 

  26. * @access private
    27. 

  27. */
    28. 

  28. function set_var(&$result, $var, $type, $multibyte = false)
    29. 

  29. {
    30. 

  30. 	settype($var, $type);
    31. 

  31. 	$result = $var;
    32. 

  32. 

  33. 	if ($type == 'string')
    34. 

  34. 	{
    35. 

  35. 		$result = trim(htmlspecialchars(str_replace(array("\r\n", "\r", "\0"), array("\n", "\n", ''), $result), ENT_COMPAT, 'UTF-8'));
    36. 

  36. 

  37. 		if (!empty($result))
    38. 

  38. 		{
    39. 

  39. 			// Make sure multibyte characters are wellformed
    40. 

  40. 			if ($multibyte)
    41. 

  41. 			{
    42. 

  42. 				if (!preg_match('/^./u', $result))
    43. 

  43. 				{
    44. 

  44. 					$result = '';
    45. 

  45. 				}
    46. 

  46. 			}
    47. 

  47. 			else
    48. 

  48. 			{
    49. 

  49. 				// no multibyte, allow only ASCII (0-127)
    50. 

  50. 				$result = preg_replace('/[\x80-\xFF]/', '?', $result);
    51. 

  51. 			}
    52. 

  52. 		}
    53. 

  53. 

  54. 		$result = (STRIP) ? stripslashes($result) : $result;
    55. 

  55. 	}
    56. 

  56. }
    57. 

  57. 

  58. /**
    59. 

  59. * request_var
    60. 

  60. *
    61. 

  61. * Used to get passed variable
    62. 

  62. */
    63. 

  63. function request_var($var_name, $default, $multibyte = false, $cookie = false)
    64. 

  64. {
    65. 

  65. 	if (!$cookie && isset($_COOKIE[$var_name]))
    66. 

  66. 	{
    67. 

  67. 		if (!isset($_GET[$var_name]) && !isset($_POST[$var_name]))
    68. 

  68. 		{
    69. 

  69. 			return (is_array($default)) ? array() : $default;
    70. 

  70. 		}
    71. 

  71. 		$_REQUEST[$var_name] = isset($_POST[$var_name]) ? $_POST[$var_name] : $_GET[$var_name];
    72. 

  72. 	}
    73. 

  73. 

  74. 	if (!isset($_REQUEST[$var_name]) || (is_array($_REQUEST[$var_name]) && !is_array($default)) || (is_array($default) && !is_array($_REQUEST[$var_name])))
    75. 

  75. 	{
    76. 

  76. 		return (is_array($default)) ? array() : $default;
    77. 

  77. 	}
    78. 

  78. 

  79. 	$var = $_REQUEST[$var_name];
    80. 

  80. 	if (!is_array($default))
    81. 

  81. 	{
    82. 

  82. 		$type = gettype($default);
    83. 

  83. 	}
    84. 

  84. 	else
    85. 

  85. 	{
    86. 

  86. 		list($key_type, $type) = each($default);
    87. 

  87. 		$type = gettype($type);
    88. 

  88. 		$key_type = gettype($key_type);
    89. 

  89. 		if ($type == 'array')
    90. 

  90. 		{
    91. 

  91. 			reset($default);
    92. 

  92. 			$default = current($default);
    93. 

  93. 			list($sub_key_type, $sub_type) = each($default);
    94. 

  94. 			$sub_type = gettype($sub_type);
    95. 

  95. 			$sub_type = ($sub_type == 'array') ? 'NULL' : $sub_type;
    96. 

  96. 			$sub_key_type = gettype($sub_key_type);
    97. 

  97. 		}
    98. 

  98. 	}
    99. 

  99. 

  100. 	if (is_array($var))
    101. 

  101. 	{
    102. 

  102. 		$_var = $var;
    103. 

  103. 		$var = array();
    104. 

  104. 

  105. 		foreach ($_var as $k => $v)
    106. 

  106. 		{
    107. 

  107. 			set_var($k, $k, $key_type);
    108. 

  108. 			if ($type == 'array' && is_array($v))
    109. 

  109. 			{
    110. 

  110. 				foreach ($v as $_k => $_v)
    111. 

  111. 				{
    112. 

  112. 					if (is_array($_v))
    113. 

  113. 					{
    114. 

  114. 						$_v = null;
    115. 

  115. 					}
    116. 

  116. 					set_var($_k, $_k, $sub_key_type);
    117. 

  117. 					set_var($var[$k][$_k], $_v, $sub_type, $multibyte);
    118. 

  118. 				}
    119. 

  119. 			}
    120. 

  120. 			else
    121. 

  121. 			{
    122. 

  122. 				if ($type == 'array' || is_array($v))
    123. 

  123. 				{
    124. 

  124. 					$v = null;
    125. 

  125. 				}
    126. 

  126. 				set_var($var[$k], $v, $type, $multibyte);
    127. 

  127. 			}
    128. 

  128. 		}
    129. 

  129. 	}
    130. 

  130. 	else
    131. 

  131. 	{
    132. 

  132. 		set_var($var, $var, $type, $multibyte);
    133. 

  133. 	}
    134. 

  134. 

  135. 	return $var;
    136. 

  136. }
    137. 

  137. 

  138. /**
    139. 

  139. * Set config value. Creates missing config entry.
    140. 

  140. */
    141. 

  141. function set_config($config_name, $config_value, $is_dynamic = false)
    142. 

  142. {
    143. 

  143. 	global $db, $cache, $config;
    144. 

  144. 

  145. 	$sql = 'UPDATE ' . CONFIG_TABLE . "
    146. 

  146. 		SET config_value = '" . $db->sql_escape($config_value) . "'
    147. 

  147. 		WHERE config_name = '" . $db->sql_escape($config_name) . "'";
    148. 

  148. 	$db->sql_query($sql);
    149. 

  149. 

  150. 	if (!$db->sql_affectedrows() && !isset($config[$config_name]))
    151. 

  151. 	{
    152. 

  152. 		$sql = 'INSERT INTO ' . CONFIG_TABLE . ' ' . $db->sql_build_array('INSERT', array(
    153. 

  153. 			'config_name'	=> $config_name,
    154. 

  154. 			'config_value'	=> $config_value,
    155. 

  155. 			'is_dynamic'	=> ($is_dynamic) ? 1 : 0));
    156. 

  156. 		$db->sql_query($sql);
    157. 

  157. 	}
    158. 

  158. 

  159. 	$config[$config_name] = $config_value;
    160. 

  160. 

  161. 	if (!$is_dynamic)
    162. 

  162. 	{
    163. 

  163. 		$cache->destroy('config');
    164. 

  164. 	}
    165. 

  165. }
    166. 

  166. 

  167. /**
    168. 

  168. * Generates an alphanumeric random string of given length
    169. 

  169. */
    170. 

  170. function gen_rand_string($num_chars = 8)
    171. 

  171. {
    172. 

  172. 	$rand_str = unique_id();
    173. 

  173. 	$rand_str = str_replace('0', 'Z', strtoupper(base_convert($rand_str, 16, 35)));
    174. 

  174. 

  175. 	return substr($rand_str, 0, $num_chars);
    176. 

  176. }
    177. 

  177. 

  178. /**
    179. 

  179. * Return unique id
    180. 

  180. * @param string $extra additional entropy
    181. 

  181. */
    182. 

  182. function unique_id($extra = 'c')
    183. 

  183. {
    184. 

  184. 	static $dss_seeded = false;
    185. 

  185. 	global $config;
    186. 

  186. 

  187. 	$val = $config['rand_seed'] . microtime();
    188. 

  188. 	$val = md5($val);
    189. 

  189. 	$config['rand_seed'] = md5($config['rand_seed'] . $val . $extra);
    190. 

  190. 

  191. 	if ($dss_seeded !== true && ($config['rand_seed_last_update'] < time() - rand(1,10)))
    192. 

  192. 	{
    193. 

  193. 		set_config('rand_seed', $config['rand_seed'], true);
    194. 

  194. 		set_config('rand_seed_last_update', time(), true);
    195. 

  195. 		$dss_seeded = true;
    196. 

  196. 	}
    197. 

  197. 

  198. 	return substr($val, 4, 16);
    199. 

  199. }
    200. 

  200. 

  201. /**
    202. 

  202. * Return formatted string for filesizes
    203. 

  203. */
    204. 

  204. function get_formatted_filesize($bytes, $add_size_lang = true)
    205. 

  205. {
    206. 

  206. 	global $user;
    207. 

  207. 

  208. 	if ($bytes >= pow(2, 20))
    209. 

  209. 	{
    210. 

  210. 		return ($add_size_lang) ? round($bytes / 1024 / 1024, 2) . ' ' . $user->lang['MIB'] : round($bytes / 1024 / 1024, 2);
    211. 

  211. 	}
    212. 

  212. 

  213. 	if ($bytes >= pow(2, 10))
    214. 

  214. 	{
    215. 

  215. 		return ($add_size_lang) ? round($bytes / 1024, 2) . ' ' . $user->lang['KIB'] : round($bytes / 1024, 2);
    216. 

  216. 	}
    217. 

  217. 

  218. 	return ($add_size_lang) ? ($bytes) . ' ' . $user->lang['BYTES'] : ($bytes);
    219. 

  219. }
    220. 

  220. 

  221. /**
    222. 

  222. * Determine whether we are approaching the maximum execution time. Should be called once
    223. 

  223. * at the beginning of the script in which it's used.
    224. 

  224. * @return	bool	Either true if the maximum execution time is nearly reached, or false
    225. 

  225. *					if some time is still left.
    226. 

  226. */
    227. 

  227. function still_on_time($extra_time = 15)
    228. 

  228. {
    229. 

  229. 	static $max_execution_time, $start_time;
    230. 

  230. 

  231. 	$time = explode(' ', microtime());
    232. 

  232. 	$current_time = $time[0] + $time[1];
    233. 

  233. 

  234. 	if (empty($max_execution_time))
    235. 

  235. 	{
    236. 

  236. 		$max_execution_time = (function_exists('ini_get')) ? (int) @ini_get('max_execution_time') : (int) @get_cfg_var('max_execution_time');
    237. 

  237. 

  238. 		// If zero, then set to something higher to not let the user catch the ten seconds barrier.
    239. 

  239. 		if ($max_execution_time === 0)
    240. 

  240. 		{
    241. 

  241. 			$max_execution_time = 50 + $extra_time;
    242. 

  242. 		}
    243. 

  243. 

  244. 		$max_execution_time = min(max(10, ($max_execution_time - $extra_time)), 50);
    245. 

  245. 

  246. 		// For debugging purposes
    247. 

  247. 		// $max_execution_time = 10;
    248. 

  248. 

  249. 		global $starttime;
    250. 

  250. 		$start_time = (empty($starttime)) ? $current_time : $starttime;
    251. 

  251. 	}
    252. 

  252. 

  253. 	return (ceil($current_time - $start_time) < $max_execution_time) ? true : false;
    254. 

  254. }
    255. 

  255. 

  256. /**
    257. 

  257. *
    258. 

  258. * @version Version 0.1 / slightly modified for phpBB 3.0.x (using $H$ as hash type identifier)
    259. 

  259. *
    260. 

  260. * Portable PHP password hashing framework.
    261. 

  261. *
    262. 

  262. * Written by Solar Designer <solar at openwall.com> in 2004-2006 and placed in
    263. 

  263. * the public domain.
    264. 

  264. *
    265. 

  265. * There's absolutely no warranty.
    266. 

  266. *
    267. 

  267. * The homepage URL for this framework is:
    268. 

  268. *
    269. 

  269. *	http://www.openwall.com/phpass/
    270. 

  270. *
    271. 

  271. * Please be sure to update the Version line if you edit this file in any way.
    272. 

  272. * It is suggested that you leave the main version number intact, but indicate
    273. 

  273. * your project name (after the slash) and add your own revision information.
    274. 

  274. *
    275. 

  275. * Please do not change the "private" password hashing method implemented in
    276. 

  276. * here, thereby making your hashes incompatible.  However, if you must, please
    277. 

  277. * change the hash type identifier (the "$P$") to something different.
    278. 

  278. *
    279. 

  279. * Obviously, since this code is in the public domain, the above are not
    280. 

  280. * requirements (there can be none), but merely suggestions.
    281. 

  281. *
    282. 

  282. *
    283. 

  283. * Hash the password
    284. 

  284. */
    285. 

  285. function phpbb_hash($password)
    286. 

  286. {
    287. 

  287. 	$itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
    288. 

  288. 

  289. 	$random_state = unique_id();
    290. 

  290. 	$random = '';
    291. 

  291. 	$count = 6;
    292. 

  292. 

  293. 	if (($fh = @fopen('/dev/urandom', 'rb')))
    294. 

  294. 	{
    295. 

  295. 		$random = fread($fh, $count);
    296. 

  296. 		fclose($fh);
    297. 

  297. 	}
    298. 

  298. 

  299. 	if (strlen($random) < $count)
    300. 

  300. 	{
    301. 

  301. 		$random = '';
    302. 

  302. 

  303. 		for ($i = 0; $i < $count; $i += 16)
    304. 

  304. 		{
    305. 

  305. 			$random_state = md5(unique_id() . $random_state);
    306. 

  306. 			$random .= pack('H*', md5($random_state));
    307. 

  307. 		}
    308. 

  308. 		$random = substr($random, 0, $count);
    309. 

  309. 	}
    310. 

  310. 

  311. 	$hash = _hash_crypt_private($password, _hash_gensalt_private($random, $itoa64), $itoa64);
    312. 

  312. 

  313. 	if (strlen($hash) == 34)
    314. 

  314. 	{
    315. 

  315. 		return $hash;
    316. 

  316. 	}
    317. 

  317. 

  318. 	return md5($password);
    319. 

  319. }
    320. 

  320. 

  321. /**
    322. 

  322. * Check for correct password
    323. 

  323. *
    324. 

  324. * @param string $password The password in plain text
    325. 

  325. * @param string $hash The stored password hash
    326. 

  326. *
    327. 

  327. * @return bool Returns true if the password is correct, false if not.
    328. 

  328. */
    329. 

  329. function phpbb_check_hash($password, $hash)
    330. 

  330. {
    331. 

  331. 	$itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
    332. 

  332. 	if (strlen($hash) == 34)
    333. 

  333. 	{
    334. 

  334. 		return (_hash_crypt_private($password, $hash, $itoa64) === $hash) ? true : false;
    335. 

  335. 	}
    336. 

  336. 

  337. 	return (md5($password) === $hash) ? true : false;
    338. 

  338. }
    339. 

  339. 

  340. /**
    341. 

  341. * Generate salt for hash generation
    342. 

  342. */
    343. 

  343. function _hash_gensalt_private($input, &$itoa64, $iteration_count_log2 = 6)
    344. 

  344. {
    345. 

  345. 	if ($iteration_count_log2 < 4 || $iteration_count_log2 > 31)
    346. 

  346. 	{
    347. 

  347. 		$iteration_count_log2 = 8;
    348. 

  348. 	}
    349. 

  349. 

  350. 	$output = '$H$';
    351. 

  351. 	$output .= $itoa64[min($iteration_count_log2 + ((PHP_VERSION >= 5) ? 5 : 3), 30)];
    352. 

  352. 	$output .= _hash_encode64($input, 6, $itoa64);
    353. 

  353. 

  354. 	return $output;
    355. 

  355. }
    356. 

  356. 

  357. /**
    358. 

  358. * Encode hash
    359. 

  359. */
    360. 

  360. function _hash_encode64($input, $count, &$itoa64)
    361. 

  361. {
    362. 

  362. 	$output = '';
    363. 

  363. 	$i = 0;
    364. 

  364. 

  365. 	do
    366. 

  366. 	{
    367. 

  367. 		$value = ord($input[$i++]);
    368. 

  368. 		$output .= $itoa64[$value & 0x3f];
    369. 

  369. 

  370. 		if ($i < $count)
    371. 

  371. 		{
    372. 

  372. 			$value |= ord($input[$i]) << 8;
    373. 

  373. 		}
    374. 

  374. 

  375. 		$output .= $itoa64[($value >> 6) & 0x3f];
    376. 

  376. 

  377. 		if ($i++ >= $count)
    378. 

  378. 		{
    379. 

  379. 			break;
    380. 

  380. 		}
    381. 

  381. 

  382. 		if ($i < $count)
    383. 

  383. 		{
    384. 

  384. 			$value |= ord($input[$i]) << 16;
    385. 

  385. 		}
    386. 

  386. 

  387. 		$output .= $itoa64[($value >> 12) & 0x3f];
    388. 

  388. 

  389. 		if ($i++ >= $count)
    390. 

  390. 		{
    391. 

  391. 			break;
    392. 

  392. 		}
    393. 

  393. 

  394. 		$output .= $itoa64[($value >> 18) & 0x3f];
    395. 

  395. 	}
    396. 

  396. 	while ($i < $count);
    397. 

  397. 

  398. 	return $output;
    399. 

  399. }
    400. 

  400. 

  401. /**
    402. 

  402. * The crypt function/replacement
    403. 

  403. */
    404. 

  404. function _hash_crypt_private($password, $setting, &$itoa64)
    405. 

  405. {
    406. 

  406. 	$output = '*';
    407. 

  407. 

  408. 	// Check for correct hash
    409. 

  409. 	if (substr($setting, 0, 3) != '$H$')
    410. 

  410. 	{
    411. 

  411. 		return $output;
    412. 

  412. 	}
    413. 

  413. 

  414. 	$count_log2 = strpos($itoa64, $setting[3]);
    415. 

  415. 

  416. 	if ($count_log2 < 7 || $count_log2 > 30)
    417. 

  417. 	{
    418. 

  418. 		return $output;
    419. 

  419. 	}
    420. 

  420. 

  421. 	$count = 1 << $count_log2;
    422. 

  422. 	$salt = substr($setting, 4, 8);
    423. 

  423. 

  424. 	if (strlen($salt) != 8)
    425. 

  425. 	{
    426. 

  426. 		return $output;
    427. 

  427. 	}
    428. 

  428. 

  429. 	/**
    430. 

  430. 	* We're kind of forced to use MD5 here since it's the only
    431. 

  431. 	* cryptographic primitive available in all versions of PHP
    432. 

  432. 	* currently in use.  To implement our own low-level crypto
    433. 

  433. 	* in PHP would result in much worse performance and
    434. 

  434. 	* consequently in lower iteration counts and hashes that are
    435. 

  435. 	* quicker to crack (by non-PHP code).
    436. 

  436. 	*/
    437. 

  437. 	if (PHP_VERSION >= 5)
    438. 

  438. 	{
    439. 

  439. 		$hash = md5($salt . $password, true);
    440. 

  440. 		do
    441. 

  441. 		{
    442. 

  442. 			$hash = md5($hash . $password, true);
    443. 

  443. 		}
    444. 

  444. 		while (--$count);
    445. 

  445. 	}
    446. 

  446. 	else
    447. 

  447. 	{
    448. 

  448. 		$hash = pack('H*', md5($salt . $password));
    449. 

  449. 		do
    450. 

  450. 		{
    451. 

  451. 			$hash = pack('H*', md5($hash . $password));
    452. 

  452. 		}
    453. 

  453. 		while (--$count);
    454. 

  454. 	}
    455. 

  455. 

  456. 	$output = substr($setting, 0, 12);
    457. 

  457. 	$output .= _hash_encode64($hash, 16, $itoa64);
    458. 

  458. 

  459. 	return $output;
    460. 

  460. }
    461. 

  461. 

  462. /**
    463. 

  463. * Global function for chmodding directories and files for internal use
    464. 

  464. * This function determines owner and group whom the file belongs to and user and group of PHP and then set safest possible file permissions.
    465. 

  465. * The function determines owner and group from common.php file and sets the same to the provided file. Permissions are mapped to the group, user always has rw(x) permission.
    466. 

  466. * The function uses bit fields to build the permissions.
    467. 

  467. * The function sets the appropiate execute bit on directories.
    468. 

  468. *
    469. 

  469. * Supported constants representing bit fields are:
    470. 

  470. *
    471. 

  471. * CHMOD_ALL - all permissions (7)
    472. 

  472. * CHMOD_READ - read permission (4)
    473. 

  473. * CHMOD_WRITE - write permission (2)
    474. 

  474. * CHMOD_EXECUTE - execute permission (1)
    475. 

  475. *
    476. 

  476. * NOTE: The function uses POSIX extension and fileowner()/filegroup() functions. If any of them is disabled, this function tries to build proper permissions, by calling is_readable() and is_writable() functions.
    477. 

  477. *
    478. 

  478. * @param $filename The file/directory to be chmodded
    479. 

  479. * @param $perms Permissions to set
    480. 

  480. * @return true on success, otherwise false
    481. 

  481. *
    482. 

  482. * @author faw, phpBB Group
    483. 

  483. */
    484. 

  484. function phpbb_chmod($filename, $perms = CHMOD_READ)
    485. 

  485. {
    486. 

  486. 	// Return if the file no longer exists.
    487. 

  487. 	if (!file_exists($filename))
    488. 

  488. 	{
    489. 

  489. 		return false;
    490. 

  490. 	}
    491. 

  491. 

  492. 	if (!function_exists('fileowner') || !function_exists('filegroup'))
    493. 

  493. 	{
    494. 

  494. 		$file_uid = $file_gid = false;
    495. 

  495. 		$common_php_owner = $common_php_group = false;
    496. 

  496. 	}
    497. 

  497. 	else
    498. 

  498. 	{
    499. 

  499. 		global $phpbb_root_path, $phpEx;
    500. 

  500. 

  501. 		// Determine owner/group of common.php file and the filename we want to change here
    502. 

  502. 		$common_php_owner = fileowner($phpbb_root_path . 'common.' . $phpEx);
    503. 

  503. 		$common_php_group = filegroup($phpbb_root_path . 'common.' . $phpEx);
    504. 

  504. 

  505. 		$file_uid = fileowner($filename);
    506. 

  506. 		$file_gid = filegroup($filename);
    507. 

  507. 

  508. 		// Try to set the owner to the same common.php has
    509. 

  509. 		if ($common_php_owner !== $file_uid && $common_php_owner !== false && $file_uid !== false)
    510. 

  510. 		{
    511. 

  511. 			// Will most likely not work
    512. 

  512. 			if (@chown($filename, $common_php_owner));
    513. 

  513. 			{
    514. 

  514. 				clearstatcache();
    515. 

  515. 				$file_uid = fileowner($filename);
    516. 

  516. 			}
    517. 

  517. 		}
    518. 

  518. 

  519. 		// Try to set the group to the same common.php has
    520. 

  520. 		if ($common_php_group !== $file_gid && $common_php_group !== false && $file_gid !== false)
    521. 

  521. 		{
    522. 

  522. 			if (@chgrp($filename, $common_php_group));
    523. 

  523. 			{
    524. 

  524. 				clearstatcache();
    525. 

  525. 				$file_gid = filegroup($filename);
    526. 

  526. 			}
    527. 

  527. 		}
    528. 

  528. 	}
    529. 

  529. 

  530. 	// And the owner and the groups PHP is running under.
    531. 

  531. 	$php_uid = (function_exists('posix_getuid')) ? @posix_getuid() : false;
    532. 

  532. 	$php_gids = (function_exists('posix_getgroups')) ? @posix_getgroups() : false;
    533. 

  533. 

  534. 	// Who is PHP?
    535. 

  535. 	if ($file_uid === false || $file_gid === false || $php_uid === false || $php_gids === false)
    536. 

  536. 	{
    537. 

  537. 		$php = NULL;
    538. 

  538. 	}
    539. 

  539. 	else if ($file_uid == $php_uid /* && $common_php_owner !== false && $common_php_owner === $file_uid*/)
    540. 

  540. 	{
    541. 

  541. 		$php = 'owner';
    542. 

  542. 	}
    543. 

  543. 	else if (in_array($file_gid, $php_gids))
    544. 

  544. 	{
    545. 

  545. 		$php = 'group';
    546. 

  546. 	}
    547. 

  547. 	else
    548. 

  548. 	{
    549. 

  549. 		$php = 'other';
    550. 

  550. 	}
    551. 

  551. 

  552. 	// Owner always has read/write permission
    553. 

  553. 	$owner = CHMOD_READ | CHMOD_WRITE;
    554. 

  554. 	if (is_dir($filename))
    555. 

  555. 	{
    556. 

  556. 		$owner |= CHMOD_EXECUTE;
    557. 

  557. 

  558. 		// Only add execute bit to the permission if the dir needs to be readable
    559. 

  559. 		if ($perms & CHMOD_READ)
    560. 

  560. 		{
    561. 

  561. 			$perms |= CHMOD_EXECUTE;
    562. 

  562. 		}
    563. 

  563. 	}
    564. 

  564. 

  565. 	switch ($php)
    566. 

  566. 	{
    567. 

  567. 		case null:
    568. 

  568. 		case 'owner':
    569. 

  569. 			/* ATTENTION: if php is owner or NULL we set it to group here. This is the most failsafe combination for the vast majority of server setups.
    570. 

    571. 

  571. 			$result = @chmod($filename, ($owner << 6) + (0 << 3) + (0 << 0));
    572. 

    573. 

  573. 			clearstatcache();
    574. 

    575. 

  575. 			if (!is_null($php) || (is_readable($filename) && is_writable($filename)))
    576. 

  576. 			{
    577. 

  577. 				break;
    578. 

  578. 			}
    579. 

  579. 		*/
    580. 

  580. 

  581. 		case 'group':
    582. 

  582. 			$result = @chmod($filename, ($owner << 6) + ($perms << 3) + (0 << 0));
    583. 

  583. 

  584. 			clearstatcache();
    585. 

  585. 

  586. 			if (!is_null($php) || ((!($perms & CHMOD_READ) || is_readable($filename)) && (!($perms & CHMOD_WRITE) || is_writable($filename))))
    587. 

  587. 			{
    588. 

  588. 				break;
    589. 

  589. 			}
    590. 

  590. 

  591. 		case 'other':
    592. 

  592. 			$result = @chmod($filename, ($owner << 6) + ($perms << 3) + ($perms << 0));
    593. 

  593. 

  594. 			clearstatcache();
    595. 

  595. 

  596. 			if (!is_null($php) || ((!($perms & CHMOD_READ) || is_readable($filename)) && (!($perms & CHMOD_WRITE) || is_writable($filename))))
    597. 

  597. 			{
    598. 

  598. 				break;
    599. 

  599. 			}
    600. 

  600. 

  601. 		default:
    602. 

  602. 			return false;
    603. 

  603. 		break;
    604. 

  604. 	}
    605. 

  605. 

  606. 	return $result;
    607. 

  607. }
    608. 

  608. 

  609. // Compatibility functions
    610. 

  610. 

  611. if (!function_exists('array_combine'))
    612. 

  612. {
    613. 

  613. 	/**
    614. 

  614. 	* A wrapper for the PHP5 function array_combine()
    615. 

  615. 	* @param array $keys contains keys for the resulting array
    616. 

  616. 	* @param array $values contains values for the resulting array
    617. 

  617. 	*
    618. 

  618. 	* @return Returns an array by using the values from the keys array as keys and the
    619. 

  619. 	* 	values from the values array as the corresponding values. Returns false if the
    620. 

  620. 	* 	number of elements for each array isn't equal or if the arrays are empty.
    621. 

  621. 	*/
    622. 

  622. 	function array_combine($keys, $values)
    623. 

  623. 	{
    624. 

  624. 		$keys = array_values($keys);
    625. 

  625. 		$values = array_values($values);
    626. 

  626. 

  627. 		$n = sizeof($keys);
    628. 

  628. 		$m = sizeof($values);
    629. 

  629. 		if (!$n || !$m || ($n != $m))
    630. 

  630. 		{
    631. 

  631. 			return false;
    632. 

  632. 		}
    633. 

  633. 

  634. 		$combined = array();
    635. 

  635. 		for ($i = 0; $i < $n; $i++)
    636. 

  636. 		{
    637. 

  637. 			$combined[$keys[$i]] = $values[$i];
    638. 

  638. 		}
    639. 

  639. 		return $combined;
    640. 

  640. 	}
    641. 

  641. }
    642. 

  642. 

  643. if (!function_exists('str_split'))
    644. 

  644. {
    645. 

  645. 	/**
    646. 

  646. 	* A wrapper for the PHP5 function str_split()
    647. 

  647. 	* @param array $string contains the string to be converted
    648. 

  648. 	* @param array $split_length contains the length of each chunk
    649. 

  649. 	*
    650. 

  650. 	* @return  Converts a string to an array. If the optional split_length parameter is specified,
    651. 

  651. 	*  	the returned array will be broken down into chunks with each being split_length in length,
    652. 

  652. 	*  	otherwise each chunk will be one character in length. FALSE is returned if split_length is
    653. 

  653. 	*  	less than 1. If the split_length length exceeds the length of string, the entire string is
    654. 

  654. 	*  	returned as the first (and only) array element.
    655. 

  655. 	*/
    656. 

  656. 	function str_split($string, $split_length = 1)
    657. 

  657. 	{
    658. 

  658. 		if ($split_length < 1)
    659. 

  659. 		{
    660. 

  660. 			return false;
    661. 

  661. 		}
    662. 

  662. 		else if ($split_length >= strlen($string))
    663. 

  663. 		{
    664. 

  664. 			return array($string);
    665. 

  665. 		}
    666. 

  666. 		else
    667. 

  667. 		{
    668. 

  668. 			preg_match_all('#.{1,' . $split_length . '}#s', $string, $matches);
    669. 

  669. 			return $matches[0];
    670. 

  670. 		}
    671. 

  671. 	}
    672. 

  672. }
    673. 

  673. 

  674. if (!function_exists('stripos'))
    675. 

  675. {
    676. 

  676. 	/**
    677. 

  677. 	* A wrapper for the PHP5 function stripos
    678. 

  678. 	* Find position of first occurrence of a case-insensitive string
    679. 

  679. 	*
    680. 

  680. 	* @param string $haystack is the string to search in
    681. 

  681. 	* @param string $needle is the string to search for
    682. 

  682. 	*
    683. 

  683. 	* @return mixed Returns the numeric position of the first occurrence of needle in the haystack string. Unlike strpos(), stripos() is case-insensitive.
    684. 

  684. 	* Note that the needle may be a string of one or more characters.
    685. 

  685. 	* If needle is not found, stripos() will return boolean FALSE.
    686. 

  686. 	*/
    687. 

  687. 	function stripos($haystack, $needle)
    688. 

  688. 	{
    689. 

  689. 		if (preg_match('#' . preg_quote($needle, '#') . '#i', $haystack, $m))
    690. 

  690. 		{
    691. 

  691. 			return strpos($haystack, $m[0]);
    692. 

  692. 		}
    693. 

  693. 

  694. 		return false;
    695. 

  695. 	}
    696. 

  696. }
    697. 

  697. 

  698. /**
    699. 

  699. * Checks if a path ($path) is absolute or relative
    700. 

  700. *
    701. 

  701. * @param string $path Path to check absoluteness of
    702. 

  702. * @return boolean
    703. 

  703. */
    704. 

  704. function is_absolute($path)
    705. 

  705. {
    706. 

  706. 	return ($path[0] == '/' || (DIRECTORY_SEPARATOR == '\\' && preg_match('#^[a-z]:/#i', $path))) ? true : false;
    707. 

  707. }
    708. 

  708. 

  709. /**
    710. 

  710. * @author Chris Smith <chris@project-minerva.org>
    711. 

  711. * @copyright 2006 Project Minerva Team
    712. 

  712. * @param string $path The path which we should attempt to resolve.
    713. 

  713. * @return mixed
    714. 

  714. */
    715. 

  715. function phpbb_own_realpath($path)
    716. 

  716. {
    717. 

  717. 	// Now to perform funky shizzle
    718. 

  718. 

  719. 	// Switch to use UNIX slashes
    720. 

  720. 	$path = str_replace(DIRECTORY_SEPARATOR, '/', $path);
    721. 

  721. 	$path_prefix = '';
    722. 

  722. 

  723. 	// Determine what sort of path we have
    724. 

  724. 	if (is_absolute($path))
    725. 

  725. 	{
    726. 

  726. 		$absolute = true;
    727. 

  727. 

  728. 		if ($path[0] == '/')
    729. 

  729. 		{
    730. 

  730. 			// Absolute path, *NIX style
    731. 

  731. 			$path_prefix = '';
    732. 

  732. 		}
    733. 

  733. 		else
    734. 

  734. 		{
    735. 

  735. 			// Absolute path, Windows style
    736. 

  736. 			// Remove the drive letter and colon
    737. 

  737. 			$path_prefix = $path[0] . ':';
    738. 

  738. 			$path = substr($path, 2);
    739. 

  739. 		}
    740. 

  740. 	}
    741. 

  741. 	else
    742. 

  742. 	{
    743. 

  743. 		// Relative Path
    744. 

  744. 		// Prepend the current working directory
    745. 

  745. 		if (function_exists('getcwd'))
    746. 

  746. 		{
    747. 

  747. 			// This is the best method, hopefully it is enabled!
    748. 

  748. 			$path = str_replace(DIRECTORY_SEPARATOR, '/', getcwd()) . '/' . $path;
    749. 

  749. 			$absolute = true;
    750. 

  750. 			if (preg_match('#^[a-z]:#i', $path))
    751. 

  751. 			{
    752. 

  752. 				$path_prefix = $path[0] . ':';
    753. 

  753. 				$path = substr($path, 2);
    754. 

  754. 			}
    755. 

  755. 			else
    756. 

  756. 			{
    757. 

  757. 				$path_prefix = '';
    758. 

  758. 			}
    759. 

  759. 		}
    760. 

  760. 		else if (isset($_SERVER['SCRIPT_FILENAME']) && !empty($_SERVER['SCRIPT_FILENAME']))
    761. 

  761. 		{
    762. 

  762. 			// Warning: If chdir() has been used this will lie!
    763. 

  763. 			// Warning: This has some problems sometime (CLI can create them easily)
    764. 

  764. 			$path = str_replace(DIRECTORY_SEPARATOR, '/', dirname($_SERVER['SCRIPT_FILENAME'])) . '/' . $path;
    765. 

  765. 			$absolute = true;
    766. 

  766. 			$path_prefix = '';
    767. 

  767. 		}
    768. 

  768. 		else
    769. 

  769. 		{
    770. 

  770. 			// We have no way of getting the absolute path, just run on using relative ones.
    771. 

  771. 			$absolute = false;
    772. 

  772. 			$path_prefix = '.';
    773. 

  773. 		}
    774. 

  774. 	}
    775. 

  775. 

  776. 	// Remove any repeated slashes
    777. 

  777. 	$path = preg_replace('#/{2,}#', '/', $path);
    778. 

  778. 

  779. 	// Remove the slashes from the start and end of the path
    780. 

  780. 	$path = trim($path, '/');
    781. 

  781. 

  782. 	// Break the string into little bits for us to nibble on
    783. 

  783. 	$bits = explode('/', $path);
    784. 

  784. 

  785. 	// Remove any . in the path, renumber array for the loop below
    786. 

  786. 	$bits = array_values(array_diff($bits, array('.')));
    787. 

  787. 

  788. 	// Lets get looping, run over and resolve any .. (up directory)
    789. 

  789. 	for ($i = 0, $max = sizeof($bits); $i < $max; $i++)
    790. 

  790. 	{
    791. 

  791. 		// @todo Optimise
    792. 

  792. 		if ($bits[$i] == '..' )
    793. 

  793. 		{
    794. 

  794. 			if (isset($bits[$i - 1]))
    795. 

  795. 			{
    796. 

  796. 				if ($bits[$i - 1] != '..')
    797. 

  797. 				{
    798. 

  798. 					// We found a .. and we are able to traverse upwards, lets do it!
    799. 

  799. 					unset($bits[$i]);
    800. 

  800. 					unset($bits[$i - 1]);
    801. 

  801. 					$i -= 2;
    802. 

  802. 					$max -= 2;
    803. 

  803. 					$bits = array_values($bits);
    804. 

  804. 				}
    805. 

  805. 			}
    806. 

  806. 			else if ($absolute) // ie. !isset($bits[$i - 1]) && $absolute
    807. 

  807. 			{
    808. 

  808. 				// We have an absolute path trying to descend above the root of the filesystem
    809. 

  809. 				// ... Error!
    810. 

  810. 				return false;
    811. 

  811. 			}
    812. 

  812. 		}
    813. 

  813. 	}
    814. 

  814. 

  815. 	// Prepend the path prefix
    816. 

  816. 	array_unshift($bits, $path_prefix);
    817. 

  817. 

  818. 	$resolved = '';
    819. 

  819. 

  820. 	$max = sizeof($bits) - 1;
    821. 

  821. 

  822. 	// Check if we are able to resolve symlinks, Windows cannot.
    823. 

  823. 	$symlink_resolve = (function_exists('readlink')) ? true : false;
    824. 

  824. 

  825. 	foreach ($bits as $i => $bit)
    826. 

  826. 	{
    827. 

  827. 		if (@is_dir("$resolved/$bit") || ($i == $max && @is_file("$resolved/$bit")))
    828. 

  828. 		{
    829. 

  829. 			// Path Exists
    830. 

  830. 			if ($symlink_resolve && is_link("$resolved/$bit") && ($link = readlink("$resolved/$bit")))
    831. 

  831. 			{
    832. 

  832. 				// Resolved a symlink.
    833. 

  833. 				$resolved = $link . (($i == $max) ? '' : '/');
    834. 

  834. 				continue;
    835. 

  835. 			}
    836. 

  836. 		}
    837. 

  837. 		else
    838. 

  838. 		{
    839. 

  839. 			// Something doesn't exist here!
    840. 

  840. 			// This is correct realpath() behaviour but sadly open_basedir and safe_mode make this problematic
    841. 

  841. 			// return false;
    842. 

  842. 		}
    843. 

  843. 		$resolved .= $bit . (($i == $max) ? '' : '/');
    844. 

  844. 	}
    845. 

  845. 

  846. 	// @todo If the file exists fine and open_basedir only has one path we should be able to prepend it
    847. 

  847. 	// because we must be inside that basedir, the question is where...
    848. 

  848. 	// @internal The slash in is_dir() gets around an open_basedir restriction
    849. 

  849. 	if (!@file_exists($resolved) || (!is_dir($resolved . '/') && !is_file($resolved)))
    850. 

  850. 	{
    851. 

  851. 		return false;
    852. 

  852. 	}
    853. 

  853. 

  854. 	// Put the slashes back to the native operating systems slashes
    855. 

  855. 	$resolved = str_replace('/', DIRECTORY_SEPARATOR, $resolved);
    856. 

  856. 

  857. 	// Check for DIRECTORY_SEPARATOR at the end (and remove it!)
    858. 

  858. 	if (substr($resolved, -1) == DIRECTORY_SEPARATOR)
    859. 

  859. 	{
    860. 

  860. 		return substr($resolved, 0, -1);
    861. 

  861. 	}
    862. 

  862. 

  863. 	return $resolved; // We got here, in the end!
    864. 

  864. }
    865. 

  865. 

  866. if (!function_exists('realpath'))
    867. 

  867. {
    868. 

  868. 	/**
    869. 

  869. 	* A wrapper for realpath
    870. 

  870. 	* @ignore
    871. 

  871. 	*/
    872. 

  872. 	function phpbb_realpath($path)
    873. 

  873. 	{
    874. 

  874. 		return phpbb_own_realpath($path);
    875. 

  875. 	}
    876. 

  876. }
    877. 

  877. else
    878. 

  878. {
    879. 

  879. 	/**
    880. 

  880. 	* A wrapper for realpath
    881. 

  881. 	*/
    882. 

  882. 	function phpbb_realpath($path)
    883. 

  883. 	{
    884. 

  884. 		$realpath = realpath($path);
    885. 

  885. 

  886. 		// Strangely there are provider not disabling realpath but returning strange values. :o
    887. 

  887. 		// We at least try to cope with them.
    888. 

  888. 		if ($realpath === $path || $realpath === false)
    889. 

  889. 		{
    890. 

  890. 			return phpbb_own_realpath($path);
    891. 

  891. 		}
    892. 

  892. 

  893. 		// Check for DIRECTORY_SEPARATOR at the end (and remove it!)
    894. 

  894. 		if (substr($realpath, -1) == DIRECTORY_SEPARATOR)
    895. 

  895. 		{
    896. 

  896. 			$realpath = substr($realpath, 0, -1);
    897. 

  897. 		}
    898. 

  898. 

  899. 		return $realpath;
    900. 

  900. 	}
    901. 

  901. }
    902. 

  902. 

  903. if (!function_exists('htmlspecialchars_decode'))
    904. 

  904. {
    905. 

  905. 	/**
    906. 

  906. 	* A wrapper for htmlspecialchars_decode
    907. 

  907. 	* @ignore
    908. 

  908. 	*/
    909. 

  909. 	function htmlspecialchars_decode($string, $quote_style = ENT_COMPAT)
    910. 

  910. 	{
    911. 

  911. 		return strtr($string, array_flip(get_html_translation_table(HTML_SPECIALCHARS, $quote_style)));
    912. 

  912. 	}
    913. 

  913. }
    914. 

  914. 

  915. // functions used for building option fields
    916. 

  916. 

  917. /**
    918. 

  918. * Pick a language, any language ...
    919. 

  919. */
    920. 

  920. function language_select($default = '')
    921. 

  921. {
    922. 

  922. 	global $db;
    923. 

  923. 

  924. 	$sql = 'SELECT lang_iso, lang_local_name
    925. 

  925. 		FROM ' . LANG_TABLE . '
    926. 

  926. 		ORDER BY lang_english_name';
    927. 

  927. 	$result = $db->sql_query($sql);
    928. 

  928. 

  929. 	$lang_options = '';
    930. 

  930. 	while ($row = $db->sql_fetchrow($result))
    931. 

  931. 	{
    932. 

  932. 		$selected = ($row['lang_iso'] == $default) ? ' selected="selected"' : '';
    933. 

  933. 		$lang_options .= '<option value="' . $row['lang_iso'] . '"' . $selected . '>' . $row['lang_local_name'] . '</option>';
    934. 

  934. 	}
    935. 

  935. 	$db->sql_freeresult($result);
    936. 

  936. 

  937. 	return $lang_options;
    938. 

  938. }
    939. 

  939. 

  940. /**
    941. 

  941. * Pick a template/theme combo,
    942. 

  942. */
    943. 

  943. function style_select($default = '', $all = false)
    944. 

  944. {
    945. 

  945. 	global $db;
    946. 

  946. 

  947. 	$sql_where = (!$all) ? 'WHERE style_active = 1 ' : '';
    948. 

  948. 	$sql = 'SELECT style_id, style_name
    949. 

  949. 		FROM ' . STYLES_TABLE . "
    950. 

  950. 		$sql_where
    951. 

  951. 		ORDER BY style_name";
    952. 

  952. 	$result = $db->sql_query($sql);
    953. 

  953. 

  954. 	$style_options = '';
    955. 

  955. 	while ($row = $db->sql_fetchrow($result))
    956. 

  956. 	{
    957. 

  957. 		$selected = ($row['style_id'] == $default) ? ' selected="selected"' : '';
    958. 

  958. 		$style_options .= '<option value="' . $row['style_id'] . '"' . $selected . '>' . $row['style_name'] . '</option>';
    959. 

  959. 	}
    960. 

  960. 	$db->sql_freeresult($result);
    961. 

  961. 

  962. 	return $style_options;
    963. 

  963. }
    964. 

  964. 

  965. /**
    966. 

  966. * Pick a timezone
    967. 

  967. */
    968. 

  968. function tz_select($default = '', $truncate = false)
    969. 

  969. {
    970. 

  970. 	global $user;
    971. 

  971. 

  972. 	$tz_select = '';
    973. 

  973. 	foreach ($user->lang['tz_zones'] as $offset => $zone)
    974. 

  974. 	{
    975. 

  975. 		if ($truncate)
    976. 

  976. 		{
    977. 

  977. 			$zone_trunc = truncate_string($zone, 50, 255, false, '...');
    978. 

  978. 		}
    979. 

  979. 		else
    980. 

  980. 		{
    981. 

  981. 			$zone_trunc = $zone;
    982. 

  982. 		}
    983. 

  983. 

  984. 		if (is_numeric($offset))
    985. 

  985. 		{
    986. 

  986. 			$selected = ($offset == $default) ? ' selected="selected"' : '';
    987. 

  987. 			$tz_select .= '<option title="'.$zone.'" value="' . $offset . '"' . $selected . '>' . $zone_trunc . '</option>';
    988. 

  988. 		}
    989. 

  989. 	}
    990. 

  990. 

  991. 	return $tz_select;
    992. 

  992. }
    993. 

  993. 

  994. // Functions handling topic/post tracking/marking
    995. 

  995. 

  996. /**
    997. 

  997. * Marks a topic/forum as read
    998. 

  998. * Marks a topic as posted to
    999. 

  999. *
    1000. 

  1000. * @param int $user_id can only be used with $mode == 'post'
    1001. 

  1001. */
    1002. 

  1002. function markread($mode, $forum_id = false, $topic_id = false, $post_time = 0, $user_id = 0)
    1003. 

  1003. {
    1004. 

  1004. 	global $db, $user, $config;
    1005. 

  1005. 

  1006. 	if ($mode == 'all')
    1007. 

  1007. 	{
    1008. 

  1008. 		if ($forum_id === false || !sizeof($forum_id))
    1009. 

  1009. 		{
    1010. 

  1010. 			if ($config['load_db_lastread'] && $user->data['is_registered'])
    1011. 

  1011. 			{
    1012. 

  1012. 				// Mark all forums read (index page)
    1013. 

  1013. 				$db->sql_query('DELETE FROM ' . TOPICS_TRACK_TABLE . " WHERE user_id = {$user->data['user_id']}");
    1014. 

  1014. 				$db->sql_query('DELETE FROM ' . FORUMS_TRACK_TABLE . " WHERE user_id = {$user->data['user_id']}");
    1015. 

  1015. 				$db->sql_query('UPDATE ' . USERS_TABLE . ' SET user_lastmark = ' . time() . " WHERE user_id = {$user->data['user_id']}");
    1016. 

  1016. 			}
    1017. 

  1017. 			else if ($config['load_anon_lastread'] || $user->data['is_registered'])
    1018. 

  1018. 			{
    1019. 

  1019. 				$tracking_topics = (isset($_COOKIE[$config['cookie_name'] . '_track'])) ? ((STRIP) ? stripslashes($_COOKIE[$config['cookie_name'] . '_track']) : $_COOKIE[$config['cookie_name'] . '_track']) : '';
    1020. 

  1020. 				$tracking_topics = ($tracking_topics) ? tracking_unserialize($tracking_topics) : array();
    1021. 

  1021. 

  1022. 				unset($tracking_topics['tf']);
    1023. 

  1023. 				unset($tracking_topics['t']);
    1024. 

  1024. 				unset($tracking_topics['f']);
    1025. 

  1025. 				$tracking_topics['l'] = base_convert(time() - $config['board_startdate'], 10, 36);
    1026. 

  1026. 

  1027. 				$user->set_cookie('track', tracking_serialize($tracking_topics), time() + 31536000);
    1028. 

  1028. 				$_COOKIE[$config['cookie_name'] . '_track'] = (STRIP) ? addslashes(tracking_serialize($tracking_topics)) : tracking_serialize($tracking_topics);
    1029. 

  1029. 

  1030. 				unset($tracking_topics);
    1031. 

  1031. 

  1032. 				if ($user->data['is_registered'])
    1033. 

  1033. 				{
    1034. 

  1034. 					$db->sql_query('UPDATE ' . USERS_TABLE . ' SET user_lastmark = ' . time() . " WHERE user_id = {$user->data['user_id']}");
    1035. 

  1035. 				}
    1036. 

  1036. 			}
    1037. 

  1037. 		}
    1038. 

  1038. 

  1039. 		return;
    1040. 

  1040. 	}
    1041. 

  1041. 	else if ($mode == 'topics')
    1042. 

  1042. 	{
    1043. 

  1043. 		// Mark all topics in forums read
    1044. 

  1044. 		if (!is_array($forum_id))
    1045. 

  1045. 		{
    1046. 

  1046. 			$forum_id = array($forum_id);
    1047. 

  1047. 		}
    1048. 

  1048. 

  1049. 		// Add 0 to forums array to mark global announcements correctly
    1050. 

  1050. 		$forum_id[] = 0;
    1051. 

  1051. 

  1052. 		if ($config['load_db_lastread'] && $user->data['is_registered'])
    1053. 

  1053. 		{
    1054. 

  1054. 			$sql = 'DELETE FROM ' . TOPICS_TRACK_TABLE . "
    1055. 

  1055. 				WHERE user_id = {$user->data['user_id']}
    1056. 

  1056. 					AND " . $db->sql_in_set('forum_id', $forum_id);
    1057. 

  1057. 			$db->sql_query($sql);
    1058. 

  1058. 

  1059. 			$sql = 'SELECT forum_id
    1060. 

  1060. 				FROM ' . FORUMS_TRACK_TABLE . "
    1061. 

  1061. 				WHERE user_id = {$user->data['user_id']}
    1062. 

  1062. 					AND " . $db->sql_in_set('forum_id', $forum_id);
    1063. 

  1063. 			$result = $db->sql_query($sql);
    1064. 

  1064. 

  1065. 			$sql_update = array();
    1066. 

  1066. 			while ($row = $db->sql_fetchrow($result))
    1067. 

  1067. 			{
    1068. 

  1068. 				$sql_update[] = $row['forum_id'];
    1069. 

  1069. 			}
    1070. 

  1070. 			$db->sql_freeresult($result);
    1071. 

  1071. 

  1072. 			if (sizeof($sql_update))
    1073. 

  1073. 			{
    1074. 

  1074. 				$sql = 'UPDATE ' . FORUMS_TRACK_TABLE . '
    1075. 

  1075. 					SET mark_time = ' . time() . "
    1076. 

  1076. 					WHERE user_id = {$user->data['user_id']}
    1077. 

  1077. 						AND " . $db->sql_in_set('forum_id', $sql_update);
    1078. 

  1078. 				$db->sql_query($sql);
    1079. 

  1079. 			}
    1080. 

  1080. 

  1081. 			if ($sql_insert = array_diff($forum_id, $sql_update))
    1082. 

  1082. 			{
    1083. 

  1083. 				$sql_ary = array();
    1084. 

  1084. 				foreach ($sql_insert as $f_id)
    1085. 

  1085. 				{
    1086. 

  1086. 					$sql_ary[] = array(
    1087. 

  1087. 						'user_id'	=> (int) $user->data['user_id'],
    1088. 

  1088. 						'forum_id'	=> (int) $f_id,
    1089. 

  1089. 						'mark_time'	=> time()
    1090. 

  1090. 					);
    1091. 

  1091. 				}
    1092. 

  1092. 

  1093. 				$db->sql_multi_insert(FORUMS_TRACK_TABLE, $sql_ary);
    1094. 

  1094. 			}
    1095. 

  1095. 		}
    1096. 

  1096. 		else if ($config['load_anon_lastread'] || $user->data['is_registered'])
    1097. 

  1097. 		{
    1098. 

  1098. 			$tracking = (isset($_COOKIE[$config['cookie_name'] . '_track'])) ? ((STRIP) ? stripslashes($_COOKIE[$config['cookie_name'] . '_track']) : $_COOKIE[$config['cookie_name'] . '_track']) : '';
    1099. 

  1099. 			$tracking = ($tracking) ? tracking_unserialize($tracking) : array();
    1100. 

  1100. 

  1101. 			foreach ($forum_id as $f_id)
    1102. 

  1102. 			{
    1103. 

  1103. 				$topic_ids36 = (isset($tracking['tf'][$f_id])) ? $tracking['tf'][$f_id] : array();
    1104. 

  1104. 

  1105. 				if (isset($tracking['tf'][$f_id]))
    1106. 

  1106. 				{
    1107. 

  1107. 					unset($tracking['tf'][$f_id]);
    1108. 

  1108. 				}
    1109. 

  1109. 

  1110. 				foreach ($topic_ids36 as $topic_id36)
    1111. 

  1111. 				{
    1112. 

  1112. 					unset($tracking['t'][$topic_id36]);
    1113. 

  1113. 				}
    1114. 

  1114. 

  1115. 				if (isset($tracking['f'][$f_id]))
    1116. 

  1116. 				{
    1117. 

  1117. 					unset($tracking['f'][$f_id]);
    1118. 

  1118. 				}
    1119. 

  1119. 

  1120. 				$tracking['f'][$f_id] = base_convert(time() - $config['board_startdate'], 10, 36);
    1121. 

  1121. 			}
    1122. 

  1122. 

  1123. 			if (isset($tracking['tf']) && empty($tracking['tf']))
    1124. 

  1124. 			{
    1125. 

  1125. 				unset($tracking['tf']);
    1126. 

  1126. 			}
    1127. 

  1127. 

  1128. 			$user->set_cookie('track', tracking_serialize($tracking), time() + 31536000);
    1129. 

  1129. 			$_COOKIE[$config['cookie_name'] . '_track'] = (STRIP) ? addslashes(tracking_serialize($tracking)) : tracking_serialize($tracking);
    1130. 

  1130. 

  1131. 			unset($tracking);
    1132. 

  1132. 		}
    1133. 

  1133. 

  1134. 		return;
    1135. 

  1135. 	}
    1136. 

  1136. 	else if ($mode == 'topic')
    1137. 

  1137. 	{
    1138. 

  1138. 		if ($topic_id === false || $forum_id === false)
    1139. 

  1139. 		{
    1140. 

  1140. 			return;
    1141. 

  1141. 		}
    1142. 

  1142. 

  1143. 		if ($config['load_db_lastread'] && $user->data['is_registered'])
    1144. 

  1144. 		{
    1145. 

  1145. 			$sql = 'UPDATE ' . TOPICS_TRACK_TABLE . '
    1146. 

  1146. 				SET mark_time = ' . (($post_time) ? $post_time : time()) . "
    1147. 

  1147. 				WHERE user_id = {$user->data['user_id']}
    1148. 

  1148. 					AND topic_id = $topic_id";
    1149. 

  1149. 			$db->sql_query($sql);
    1150. 

  1150. 

  1151. 			// insert row
    1152. 

  1152. 			if (!$db->sql_affectedrows())
    1153. 

  1153. 			{
    1154. 

  1154. 				$db->sql_return_on_error(true);
    1155. 

  1155. 

  1156. 				$sql_ary = array(
    1157. 

  1157. 					'user_id'		=> (int) $user->data['user_id'],
    1158. 

  1158. 					'topic_id'		=> (int) $topic_id,
    1159. 

  1159. 					'forum_id'		=> (int) $forum_id,
    1160. 

  1160. 					'mark_time'		=> ($post_time) ? (int) $post_time : time(),
    1161. 

  1161. 				);
    1162. 

  1162. 

  1163. 				$db->sql_query('INSERT INTO ' . TOPICS_TRACK_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary));
    1164. 

  1164. 

  1165. 				$db->sql_return_on_error(false);
    1166. 

  1166. 			}
    1167. 

  1167. 		}
    1168. 

  1168. 		else if ($config['load_anon_lastread'] || $user->data['is_registered'])
    1169. 

  1169. 		{
    1170. 

  1170. 			$tracking = (isset($_COOKIE[$config['cookie_name'] . '_track'])) ? ((STRIP) ? stripslashes($_COOKIE[$config['cookie_name'] . '_track']) : $_COOKIE[$config['cookie_name'] . '_track']) : '';
    1171. 

  1171. 			$tracking = ($tracking) ? tracking_unserialize($tracking) : array();
    1172. 

  1172. 

  1173. 			$topic_id36 = base_convert($topic_id, 10, 36);
    1174. 

  1174. 

  1175. 			if (!isset($tracking['t'][$topic_id36]))
    1176. 

  1176. 			{
    1177. 

  1177. 				$tracking['tf'][$forum_id][$topic_id36] = true;
    1178. 

  1178. 			}
    1179. 

  1179. 

  1180. 			$post_time = ($post_time) ? $post_time : time();
    1181. 

  1181. 			$tracking['t'][$topic_id36] = base_convert($post_time - $config['board_startdate'], 10, 36);
    1182. 

  1182. 

  1183. 			// If the cookie grows larger than 10000 characters we will remove the smallest value
    1184. 

  1184. 			// This can result in old topics being unread - but most of the time it should be accurate...
    1185. 

  1185. 			if (isset($_COOKIE[$config['cookie_name'] . '_track']) && strlen($_COOKIE[$config['cookie_name'] . '_track']) > 10000)
    1186. 

  1186. 			{
    1187. 

  1187. 				//echo 'Cookie grown too large' . print_r($tracking, true);
    1188. 

  1188. 

  1189. 				// We get the ten most minimum stored time offsets and its associated topic ids
    1190. 

  1190. 				$time_keys = array();
    1191. 

  1191. 				for ($i = 0; $i < 10 && sizeof($tracking['t']); $i++)
    1192. 

  1192. 				{
    1193. 

  1193. 					$min_value = min($tracking['t']);
    1194. 

  1194. 					$m_tkey = array_search($min_value, $tracking['t']);
    1195. 

  1195. 					unset($tracking['t'][$m_tkey]);
    1196. 

  1196. 

  1197. 					$time_keys[$m_tkey] = $min_value;
    1198. 

  1198. 				}
    1199. 

  1199. 

  1200. 				// Now remove the topic ids from the array...
    1201. 

  1201. 				foreach ($tracking['tf'] as $f_id => $topic_id_ary)
    1202. 

  1202. 				{
    1203. 

  1203. 					foreach ($time_keys as $m_tkey => $min_value)
    1204. 

  1204. 					{
    1205. 

  1205. 						if (isset($topic_id_ary[$m_tkey]))
    1206. 

  1206. 						{
    1207. 

  1207. 							$tracking['f'][$f_id] = $min_value;
    1208. 

  1208. 							unset($tracking['tf'][$f_id][$m_tkey]);
    1209. 

  1209. 						}
    1210. 

  1210. 					}
    1211. 

  1211. 				}
    1212. 

  1212. 

  1213. 				if ($user->data['is_registered'])
    1214. 

  1214. 				{
    1215. 

  1215. 					$user->data['user_lastmark'] = intval(base_convert(max($time_keys) + $config['board_startdate'], 36, 10));
    1216. 

  1216. 					$db->sql_query('UPDATE ' . USERS_TABLE . ' SET user_lastmark = ' . $user->data['user_lastmark'] . " WHERE user_id = {$user->data['user_id']}");
    1217. 

  1217. 				}
    1218. 

  1218. 				else
    1219. 

  1219. 				{
    1220. 

  1220. 					$tracking['l'] = max($time_keys);
    1221. 

  1221. 				}
    1222. 

  1222. 			}
    1223. 

  1223. 

  1224. 			$user->set_cookie('track', tracking_serialize($tracking), time() + 31536000);
    1225. 

  1225. 			$_COOKIE[$config['cookie_name'] . '_track'] = (STRIP) ? addslashes(tracking_serialize($tracking)) : tracking_serialize($tracking);
    1226. 

  1226. 		}
    1227. 

  1227. 

  1228. 		return;
    1229. 

  1229. 	}
    1230. 

  1230. 	else if ($mode == 'post')
    1231. 

  1231. 	{
    1232. 

  1232. 		if ($topic_id === false)
    1233. 

  1233. 		{
    1234. 

  1234. 			return;
    1235. 

  1235. 		}
    1236. 

  1236. 

  1237. 		$use_user_id = (!$user_id) ? $user->data['user_id'] : $user_id;
    1238. 

  1238. 

  1239. 		if ($config['load_db_track'] && $use_user_id != ANONYMOUS)
    1240. 

  1240. 		{
    1241. 

  1241. 			$db->sql_return_on_error(true);
    1242. 

  1242. 

  1243. 			$sql_ary = array(
    1244. 

  1244. 				'user_id'		=> (int) $use_user_id,
    1245. 

  1245. 				'topic_id'		=> (int) $topic_id,
    1246. 

  1246. 				'topic_posted'	=> 1
    1247. 

  1247. 			);
    1248. 

  1248. 

  1249. 			$db->sql_query('INSERT INTO ' . TOPICS_POSTED_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary));
    1250. 

  1250. 

  1251. 			$db->sql_return_on_error(false);
    1252. 

  1252. 		}
    1253. 

  1253. 

  1254. 		return;
    1255. 

  1255. 	}
    1256. 

  1256. }
    1257. 

  1257. 

  1258. /**
    1259. 

  1259. * Get topic tracking info by using already fetched info
    1260. 

  1260. */
    1261. 

  1261. function get_topic_tracking($forum_id, $topic_ids, &$rowset, $forum_mark_time, $global_announce_list = false)
    1262. 

  1262. {
    1263. 

  1263. 	global $config, $user;
    1264. 

  1264. 

  1265. 	$last_read = array();
    1266. 

  1266. 

  1267. 	if (!is_array($topic_ids))
    1268. 

  1268. 	{
    1269. 

  1269. 		$topic_ids = array($topic_ids);
    1270. 

  1270. 	}
    1271. 

  1271. 

  1272. 	foreach ($topic_ids as $topic_id)
    1273. 

  1273. 	{
    1274. 

  1274. 		if (!empty($rowset[$topic_id]['mark_time']))
    1275. 

  1275. 		{
    1276. 

  1276. 			$last_read[$topic_id] = $rowset[$topic_id]['mark_time'];
    1277. 

  1277. 		}
    1278. 

  1278. 	}
    1279. 

  1279. 

  1280. 	$topic_ids = array_diff($topic_ids, array_keys($last_read));
    1281. 

  1281. 

  1282. 	if (sizeof($topic_ids))
    1283. 

  1283. 	{
    1284. 

  1284. 		$mark_time = array();
    1285. 

  1285. 

  1286. 		// Get global announcement info
    1287. 

  1287. 		if ($global_announce_list && sizeof($global_announce_list))
    1288. 

  1288. 		{
    1289. 

  1289. 			if (!isset($forum_mark_time[0]))
    1290. 

  1290. 			{
    1291. 

  1291. 				global $db;
    1292. 

  1292. 

  1293. 				$sql = 'SELECT mark_time
    1294. 

  1294. 					FROM ' . FORUMS_TRACK_TABLE . "
    1295. 

  1295. 					WHERE user_id = {$user->data['user_id']}
    1296. 

  1296. 						AND forum_id = 0";
    1297. 

  1297. 				$result = $db->sql_query($sql);
    1298. 

  1298. 				$row = $db->sql_fetchrow($result);
    1299. 

  1299. 				$db->sql_freeresult($result);
    1300. 

  1300. 

  1301. 				if ($row)
    1302. 

  1302. 				{
    1303. 

  1303. 					$mark_time[0] = $row['mark_time'];
    1304. 

  1304. 				}
    1305. 

  1305. 			}
    1306. 

  1306. 			else
    1307. 

  1307. 			{
    1308. 

  1308. 				if ($forum_mark_time[0] !== false)
    1309. 

  1309. 				{
    1310. 

  1310. 					$mark_time[0] = $forum_mark_time[0];
    1311. 

  1311. 				}
    1312. 

  1312. 			}
    1313. 

  1313. 		}
    1314. 

  1314. 

  1315. 		if (!empty($forum_mark_time[$forum_id]) && $forum_mark_time[$forum_id] !== false)
    1316. 

  1316. 		{
    1317. 

  1317. 			$mark_time[$forum_id] = $forum_mark_time[$forum_id];
    1318. 

  1318. 		}
    1319. 

  1319. 

  1320. 		$user_lastmark = (isset($mark_time[$forum_id])) ? $mark_time[$forum_id] : $user->data['user_lastmark'];
    1321. 

  1321. 

  1322. 		foreach ($topic_ids as $topic_id)
    1323. 

  1323. 		{
    1324. 

  1324. 			if ($global_announce_list && isset($global_announce_list[$topic_id]))
    1325. 

  1325. 			{
    1326. 

  1326. 				$last_read[$topic_id] = (isset($mark_time[0])) ? $mark_time[0] : $user_lastmark;
    1327. 

  1327. 			}
    1328. 

  1328. 			else
    1329. 

  1329. 			{
    1330. 

  1330. 				$last_read[$topic_id] = $user_lastmark;
    1331. 

  1331. 			}
    1332. 

  1332. 		}
    1333. 

  1333. 	}
    1334. 

  1334. 

  1335. 	return $last_read;
    1336. 

  1336. }
    1337. 

  1337. 

  1338. /**
    1339. 

  1339. * Get topic tracking info from db (for cookie based tracking only this function is used)
    1340. 

  1340. */
    1341. 

  1341. function get_complete_topic_tracking($forum_id, $topic_ids, $global_announce_list = false)
    1342. 

  1342. {
    1343. 

  1343. 	global $config, $user;
    1344. 

  1344. 

  1345. 	$last_read = array();
    1346. 

  1346. 

  1347. 	if (!is_array($topic_ids))
    1348. 

  1348. 	{
    1349. 

  1349. 		$topic_ids = array($topic_ids);
    1350. 

  1350. 	}
    1351. 

  1351. 

  1352. 	if ($config['load_db_lastread'] && $user->data['is_registered'])
    1353. 

  1353. 	{
    1354. 

  1354. 		global $db;
    1355. 

  1355. 

  1356. 		$sql = 'SELECT topic_id, mark_time
    1357. 

  1357. 			FROM ' . TOPICS_TRACK_TABLE . "
    1358. 

  1358. 			WHERE user_id = {$user->data['user_id']}
    1359. 

  1359. 				AND " . $db->sql_in_set('topic_id', $topic_ids);
    1360. 

  1360. 		$result = $db->sql_query($sql);
    1361. 

  1361. 

  1362. 		while ($row = $db->sql_fetchrow($result))
    1363. 

  1363. 		{
    1364. 

  1364. 			$last_read[$row['topic_id']] = $row['mark_time'];
    1365. 

  1365. 		}
    1366. 

  1366. 		$db->sql_freeresult($result);
    1367. 

  1367. 

  1368. 		$topic_ids = array_diff($topic_ids, array_keys($last_read));
    1369. 

  1369. 

  1370. 		if (sizeof($topic_ids))
    1371. 

  1371. 		{
    1372. 

  1372. 			$sql = 'SELECT forum_id, mark_time
    1373. 

  1373. 				FROM ' . FORUMS_TRACK_TABLE . "
    1374. 

  1374. 				WHERE user_id = {$user->data['user_id']}
    1375. 

  1375. 					AND forum_id " .
    1376. 

  1376. 					(($global_announce_list && sizeof($global_announce_list)) ? "IN (0, $forum_id)" : "= $forum_id");
    1377. 

  1377. 			$result = $db->sql_query($sql);
    1378. 

  1378. 

  1379. 			$mark_time = array();
    1380. 

  1380. 			while ($row = $db->sql_fetchrow($result))
    1381. 

  1381. 			{
    1382. 

  1382. 				$mark_time[$row['forum_id']] = $row['mark_time'];
    1383. 

  1383. 			}
    1384. 

  1384. 			$db->sql_freeresult($result);
    1385. 

  1385. 

  1386. 			$user_lastmark = (isset($mark_time[$forum_id])) ? $mark_time[$forum_id] : $user->data['user_lastmark'];
    1387. 

  1387. 

  1388. 			foreach ($topic_ids as $topic_id)
    1389. 

  1389. 			{
    1390. 

  1390. 				if ($global_announce_list && isset($global_announce_list[$topic_id]))
    1391. 

  1391. 				{
    1392. 

  1392. 					$last_read[$topic_id] = (isset($mark_time[0])) ? $mark_time[0] : $user_lastmark;
    1393. 

  1393. 				}
    1394. 

  1394. 				else
    1395. 

  1395. 				{
    1396. 

  1396. 					$last_read[$topic_id] = $user_lastmark;
    1397. 

  1397. 				}
    1398. 

  1398. 			}
    1399. 

  1399. 		}
    1400. 

  1400. 	}
    1401. 

  1401. 	else if ($config['load_anon_lastread'] || $user->data['is_registered'])
    1402. 

  1402. 	{
    1403. 

  1403. 		global $tracking_topics;
    1404. 

  1404. 

  1405. 		if (!isset($tracking_topics) || !sizeof($tracking_topics))
    1406. 

  1406. 		{
    1407. 

  1407. 			$tracking_topics = (isset($_COOKIE[$config['cookie_name'] . '_track'])) ? ((STRIP) ? stripslashes($_COOKIE[$config['cookie_name'] . '_track']) : $_COOKIE[$config['cookie_name'] . '_track']) : '';
    1408. 

  1408. 			$tracking_topics = ($tracking_topics) ? tracking_unserialize($tracking_topics) : array();
    1409. 

  1409. 		}
    1410. 

  1410. 

  1411. 		if (!$user->data['is_registered'])
    1412. 

  1412. 		{
    1413. 

  1413. 			$user_lastmark = (isset($tracking_topics['l'])) ? base_convert($tracking_topics['l'], 36, 10) + $config['board_startdate'] : 0;
    1414. 

  1414. 		}
    1415. 

  1415. 		else
    1416. 

  1416. 		{
    1417. 

  1417. 			$user_lastmark = $user->data['user_lastmark'];
    1418. 

  1418. 		}
    1419. 

  1419. 

  1420. 		foreach ($topic_ids as $topic_id)
    1421. 

  1421. 		{
    1422. 

  1422. 			$topic_id36 = base_convert($topic_id, 10, 36);
    1423. 

  1423. 

  1424. 			if (isset($tracking_topics['t'][$topic_id36]))
    1425. 

  1425. 			{
    1426. 

  1426. 				$last_read[$topic_id] = base_convert($tracking_topics['t'][$topic_id36], 36, 10) + $config['board_startdate'];
    1427. 

  1427. 			}
    1428. 

  1428. 		}
    1429. 

  1429. 

  1430. 		$topic_ids = array_diff($topic_ids, array_keys($last_read));
    1431. 

  1431. 

  1432. 		if (sizeof($topic_ids))
    1433. 

  1433. 		{
    1434. 

  1434. 			$mark_time = array();
    1435. 

  1435. 			if ($global_announce_list && sizeof($global_announce_list))
    1436. 

  1436. 			{
    1437. 

  1437. 				if (isset($tracking_topics['f'][0]))
    1438. 

  1438. 				{
    1439. 

  1439. 					$mark_time[0] = base_convert($tracking_topics['f'][0], 36, 10) + $config['board_startdate'];
    1440. 

  1440. 				}
    1441. 

  1441. 			}
    1442. 

  1442. 

  1443. 			if (isset($tracking_topics['f'][$forum_id]))
    1444. 

  1444. 			{
    1445. 

  1445. 				$mark_time[$forum_id] = base_convert($tracking_topics['f'][$forum_id], 36, 10) + $config['board_startdate'];
    1446. 

  1446. 			}
    1447. 

  1447. 

  1448. 			$user_lastmark = (isset($mark_time[$forum_id])) ? $mark_time[$forum_id] : $user_lastmark;
    1449. 

  1449. 

  1450. 			foreach ($topic_ids as $topic_id)
    1451. 

  1451. 			{
    1452. 

  1452. 				if ($global_announce_list && isset($global_announce_list[$topic_id]))
    1453. 

  1453. 				{
    1454. 

  1454. 					$last_read[$topic_id] = (isset($mark_time[0])) ? $mark_time[0] : $user_lastmark;
    1455. 

  1455. 				}
    1456. 

  1456. 				else
    1457. 

  1457. 				{
    1458. 

  1458. 					$last_read[$topic_id] = $user_lastmark;
    1459. 

  1459. 				}
    1460. 

  1460. 			}
    1461. 

  1461. 		}
    1462. 

  1462. 	}
    1463. 

  1463. 

  1464. 	return $last_read;
    1465. 

  1465. }
    1466. 

  1466. 

  1467. /**
    1468. 

  1468. * Check for read forums and update topic tracking info accordingly
    1469. 

  1469. *
    1470. 

  1470. * @param int $forum_id the forum id to check
    1471. 

  1471. * @param int $forum_last_post_time the forums last post time
    1472. 

  1472. * @param int $f_mark_time the forums last mark time if user is registered and load_db_lastread enabled
    1473. 

  1473. * @param int $mark_time_forum false if the mark time needs to be obtained, else the last users forum mark time
    1474. 

  1474. *
    1475. 

  1475. * @return true if complete forum got marked read, else false.
    1476. 

  1476. */
    1477. 

  1477. function update_forum_tracking_info($forum_id, $forum_last_post_time, $f_mark_time = false, $mark_time_forum = false)
    1478. 

  1478. {
    1479. 

  1479. 	global $db, $tracking_topics, $user, $config;
    1480. 

  1480. 

  1481. 	// Determine the users last forum mark time if not given.
    1482. 

  1482. 	if ($mark_time_forum === false)
    1483. 

  1483. 	{
    1484. 

  1484. 		if ($config['load_db_lastread'] && $user->data['is_registered'])
    1485. 

  1485. 		{
    1486. 

  1486. 			$mark_time_forum = (!empty($f_mark_time)) ? $f_mark_time : $user->data['user_lastmark'];
    1487. 

  1487. 		}
    1488. 

  1488. 		else if ($config['load_anon_lastread'] || $user->data['is_registered'])
    1489. 

  1489. 		{
    1490. 

  1490. 			$tracking_topics = (isset($_COOKIE[$config['cookie_name'] . '_track'])) ? ((STRIP) ? stripslashes($_COOKIE[$config['cookie_name'] . '_track']) : $_COOKIE[$config['cookie_name'] . '_track']) : '';
    1491. 

  1491. 			$tracking_topics = ($tracking_topics) ? tracking_unserialize($tracking_topics) : array();
    1492. 

  1492. 

  1493. 			if (!$user->data['is_registered'])
    1494. 

  1494. 			{
    1495. 

  1495. 				$user->data['user_lastmark'] = (isset($tracking_topics['l'])) ? (int) (base_convert($tracking_topics['l'], 36, 10) + $config['board_startdate']) : 0;
    1496. 

  1496. 			}
    1497. 

  1497. 

  1498. 			$mark_time_forum = (isset($tracking_topics['f'][$forum_id])) ? (int) (base_convert($tracking_topics['f'][$forum_id], 36, 10) + $config['board_startdate']) : $user->data['user_lastmark'];
    1499. 

  1499. 		}
    1500. 

  1500. 	}
    1501. 

  1501. 

  1502. 	// Check the forum for any left unread topics.
    1503. 

  1503. 	// If there are none, we mark the forum as read.
    1504. 

  1504. 	if ($config['load_db_lastread'] && $user->data['is_registered'])
    1505. 

  1505. 	{
    1506. 

  1506. 		if ($mark_time_forum >= $forum_last_post_time)
    1507. 

  1507. 		{
    1508. 

  1508. 			// We do not need to mark read, this happened before. Therefore setting this to true
    1509. 

  1509. 			$row = true;
    1510. 

  1510. 		}
    1511. 

  1511. 		else
    1512. 

  1512. 		{
    1513. 

  1513. 			$sql = 'SELECT t.forum_id FROM ' . TOPICS_TABLE . ' t
    1514. 

  1514. 				LEFT JOIN ' . TOPICS_TRACK_TABLE . ' tt ON (tt.topic_id = t.topic_id AND tt.user_id = ' . $user->data['user_id'] . ')
    1515. 

  1515. 				WHERE t.forum_id = ' . $forum_id . '
    1516. 

  1516. 					AND t.topic_last_post_time > ' . $mark_time_forum . '
    1517. 

  1517. 					AND t.topic_moved_id = 0
    1518. 

  1518. 					AND (tt.topic_id IS NULL OR tt.mark_time < t.topic_last_post_time)
    1519. 

  1519. 				GROUP BY t.forum_id';
    1520. 

  1520. 			$result = $db->sql_query_limit($sql, 1);
    1521. 

  1521. 			$row = $db->sql_fetchrow($result);
    1522. 

  1522. 			$db->sql_freeresult($result);
    1523. 

  1523. 		}
    1524. 

  1524. 	}
    1525. 

  1525. 	else if ($config['load_anon_lastread'] || $user->data['is_registered'])
    1526. 

  1526. 	{
    1527. 

  1527. 		// Get information from cookie
    1528. 

  1528. 		$row = false;
    1529. 

  1529. 

  1530. 		if (!isset($tracking_topics['tf'][$forum_id]))
    1531. 

  1531. 		{
    1532. 

  1532. 			// We do not need to mark read, this happened before. Therefore setting this to true
    1533. 

  1533. 			$row = true;
    1534. 

  1534. 		}
    1535. 

  1535. 		else
    1536. 

  1536. 		{
    1537. 

  1537. 			$sql = 'SELECT topic_id
    1538. 

  1538. 				FROM ' . TOPICS_TABLE . '
    1539. 

  1539. 				WHERE forum_id = ' . $forum_id . '
    1540. 

  1540. 					AND topic_last_post_time > ' . $mark_time_forum . '
    1541. 

  1541. 					AND topic_moved_id = 0';
    1542. 

  1542. 			$result = $db->sql_query($sql);
    1543. 

  1543. 

  1544. 			$check_forum = $tracking_topics['tf'][$forum_id];
    1545. 

  1545. 			$unread = false;
    1546. 

  1546. 

  1547. 			while ($row = $db->sql_fetchrow($result))
    1548. 

  1548. 			{
    1549. 

  1549. 				if (!isset($check_forum[base_convert($row['topic_id'], 10, 36)]))
    1550. 

  1550. 				{
    1551. 

  1551. 					$unread = true;
    1552. 

  1552. 					break;
    1553. 

  1553. 				}
    1554. 

  1554. 			}
    1555. 

  1555. 			$db->sql_freeresult($result);
    1556. 

  1556. 

  1557. 			$row = $unread;
    1558. 

  1558. 		}
    1559. 

  1559. 	}
    1560. 

  1560. 	else
    1561. 

  1561. 	{
    1562. 

  1562. 		$row = true;
    1563. 

  1563. 	}
    1564. 

  1564. 

  1565. 	if (!$row)
    1566. 

  1566. 	{
    1567. 

  1567. 		markread('topics', $forum_id);
    1568. 

  1568. 		return true;
    1569. 

  1569. 	}
    1570. 

  1570. 

  1571. 	return false;
    1572. 

  1572. }
    1573. 

  1573. 

  1574. /**
    1575. 

  1575. * Transform an array into a serialized format
    1576. 

  1576. */
    1577. 

  1577. function tracking_serialize($input)
    1578. 

  1578. {
    1579. 

  1579. 	$out = '';
    1580. 

  1580. 	foreach ($input as $key => $value)
    1581. 

  1581. 	{
    1582. 

  1582. 		if (is_array($value))
    1583. 

  1583. 		{
    1584. 

  1584. 			$out .= $key . ':(' . tracking_serialize($value) . ');';
    1585. 

  1585. 		}
    1586. 

  1586. 		else
    1587. 

  1587. 		{
    1588. 

  1588. 			$out .= $key . ':' . $value . ';';
    1589. 

  1589. 		}
    1590. 

  1590. 	}
    1591. 

  1591. 	return $out;
    1592. 

  1592. }
    1593. 

  1593. 

  1594. /**
    1595. 

  1595. * Transform a serialized array into an actual array
    1596. 

  1596. */
    1597. 

  1597. function tracking_unserialize($string, $max_depth = 3)
    1598. 

  1598. {
    1599. 

  1599. 	$n = strlen($string);
    1600. 

  1600. 	if ($n > 10010)
    1601. 

  1601. 	{
    1602. 

  1602. 		die('Invalid data supplied');
    1603. 

  1603. 	}
    1604. 

  1604. 	$data = $stack = array();
    1605. 

  1605. 	$key = '';
    1606. 

  1606. 	$mode = 0;
    1607. 

  1607. 	$level = &$data;
    1608. 

  1608. 	for ($i = 0; $i < $n; ++$i)
    1609. 

  1609. 	{
    1610. 

  1610. 		switch ($mode)
    1611. 

  1611. 		{
    1612. 

  1612. 			case 0:
    1613. 

  1613. 				switch ($string[$i])
    1614. 

  1614. 				{
    1615. 

  1615. 					case ':':
    1616. 

  1616. 						$level[$key] = 0;
    1617. 

  1617. 						$mode = 1;
    1618. 

  1618. 					break;
    1619. 

  1619. 					case ')':
    1620. 

  1620. 						unset($level);
    1621. 

  1621. 						$level = array_pop($stack);
    1622. 

  1622. 						$mode = 3;
    1623. 

  1623. 					break;
    1624. 

  1624. 					default:
    1625. 

  1625. 						$key .= $string[$i];
    1626. 

  1626. 				}
    1627. 

  1627. 			break;
    1628. 

  1628. 

  1629. 			case 1:
    1630. 

  1630. 				switch ($string[$i])
    1631. 

  1631. 				{
    1632. 

  1632. 					case '(':
    1633. 

  1633. 						if (sizeof($stack) >= $max_depth)
    1634. 

  1634. 						{
    1635. 

  1635. 							die('Invalid data supplied');
    1636. 

  1636. 						}
    1637. 

  1637. 						$stack[] = &$level;
    1638. 

  1638. 						$level[$key] = array();
    1639. 

  1639. 						$level = &$level[$key];
    1640. 

  1640. 						$key = '';
    1641. 

  1641. 						$mode = 0;
    1642. 

  1642. 					break;
    1643. 

  1643. 					default:
    1644. 

  1644. 						$level[$key] = $string[$i];
    1645. 

  1645. 						$mode = 2;
    1646. 

  1646. 					break;
    1647. 

  1647. 				}
    1648. 

  1648. 			break;
    1649. 

  1649. 

  1650. 			case 2:
    1651. 

  1651. 				switch ($string[$i])
    1652. 

  1652. 				{
    1653. 

  1653. 					case ')':
    1654. 

  1654. 						unset($level);
    1655. 

  1655. 						$level = array_pop($stack);
    1656. 

  1656. 						$mode = 3;
    1657. 

  1657. 					break;
    1658. 

  1658. 					case ';':
    1659. 

  1659. 						$key = '';
    1660. 

  1660. 						$mode = 0;
    1661. 

  1661. 					break;
    1662. 

  1662. 					default:
    1663. 

  1663. 						$level[$key] .= $string[$i];
    1664. 

  1664. 					break;
    1665. 

  1665. 				}
    1666. 

  1666. 			break;
    1667. 

  1667. 

  1668. 			case 3:
    1669. 

  1669. 				switch ($string[$i])
    1670. 

  1670. 				{
    1671. 

  1671. 					case ')':
    1672. 

  1672. 						unset($level);
    1673. 

  1673. 						$level = array_pop($stack);
    1674. 

  1674. 					break;
    1675. 

  1675. 					case ';':
    1676. 

  1676. 						$key = '';
    1677. 

  1677. 						$mode = 0;
    1678. 

  1678. 					break;
    1679. 

  1679. 					default:
    1680. 

  1680. 						die('Invalid data supplied');
    1681. 

  1681. 					break;
    1682. 

  1682. 				}
    1683. 

  1683. 			break;
    1684. 

  1684. 		}
    1685. 

  1685. 	}
    1686. 

  1686. 

  1687. 	if (sizeof($stack) != 0 || ($mode != 0 && $mode != 3))
    1688. 

  1688. 	{
    1689. 

  1689. 		die('Invalid data supplied');
    1690. 

  1690. 	}
    1691. 

  1691. 

  1692. 	return $level;
    1693. 

  1693. }
    1694. 

  1694. 

  1695. // Pagination functions
    1696. 

  1696. 

  1697. /**
    1698. 

  1698. * Pagination routine, generates page number sequence
    1699. 

  1699. * tpl_prefix is for using different pagination blocks at one page
    1700. 

  1700. */
    1701. 

  1701. function generate_pagination($base_url, $num_items, $per_page, $start_item, $add_prevnext_text = false, $tpl_prefix = '')
    1702. 

  1702. {
    1703. 

  1703. 	global $template, $user;
    1704. 

  1704. 

  1705. 	// Make sure $per_page is a valid value
    1706. 

  1706. 	$per_page = ($per_page <= 0) ? 1 : $per_page;
    1707. 

  1707. 

  1708. 	$seperator = '<span class="page-sep">' . $user->lang['COMMA_SEPARATOR'] . '</span>';
    1709. 

  1709. 	$total_pages = ceil($num_items / $per_page);
    1710. 

  1710. 

  1711. 	if ($total_pages == 1 || !$num_items)
    1712. 

  1712. 	{
    1713. 

  1713. 		return false;
    1714. 

  1714. 	}
    1715. 

  1715. 

  1716. 	$on_page = floor($start_item / $per_page) + 1;
    1717. 

  1717. 	$url_delim = (strpos($base_url, '?') === false) ? '?' : '&amp;';
    1718. 

  1718. 

  1719. 	$page_string = ($on_page == 1) ? '<strong>1</strong>' : '<a href="' . $base_url . '">1</a>';
    1720. 

  1720. 

  1721. 	if ($total_pages > 5)
    1722. 

  1722. 	{
    1723. 

  1723. 		$start_cnt = min(max(1, $on_page - 4), $total_pages - 5);
    1724. 

  1724. 		$end_cnt = max(min($total_pages, $on_page + 4), 6);
    1725. 

  1725. 

  1726. 		$page_string .= ($start_cnt > 1) ? ' ... ' : $seperator;
    1727. 

  1727. 

  1728. 		for ($i = $start_cnt + 1; $i < $end_cnt; $i++)
    1729. 

  1729. 		{
    1730. 

  1730. 			$page_string .= ($i == $on_page) ? '<strong>' . $i . '</strong>' : '<a href="' . $base_url . "{$url_delim}start=" . (($i - 1) * $per_page) . '">' . $i . '</a>';
    1731. 

  1731. 			if ($i < $end_cnt - 1)
    1732. 

  1732. 			{
    1733. 

  1733. 				$page_string .= $seperator;
    1734. 

  1734. 			}
    1735. 

  1735. 		}
    1736. 

  1736. 

  1737. 		$page_string .= ($end_cnt < $total_pages) ? ' ... ' : $seperator;
    1738. 

  1738. 	}
    1739. 

  1739. 	else
    1740. 

  1740. 	{
    1741. 

  1741. 		$page_string .= $seperator;
    1742. 

  1742. 

  1743. 		for ($i = 2; $i < $total_pages; $i++)
    1744. 

  1744. 		{
    1745. 

  1745. 			$page_string .= ($i == $on_page) ? '<strong>' . $i . '</strong>' : '<a href="' . $base_url . "{$url_delim}start=" . (($i - 1) * $per_page) . '">' . $i . '</a>';
    1746. 

  1746. 			if ($i < $total_pages)
    1747. 

  1747. 			{
    1748. 

  1748. 				$page_string .= $seperator;
    1749. 

  1749. 			}
    1750. 

  1750. 		}
    1751. 

  1751. 	}
    1752. 

  1752. 

  1753. 	$page_string .= ($on_page == $total_pages) ? '<strong>' . $total_pages . '</strong>' : '<a href="' . $base_url . "{$url_delim}start=" . (($total_pages - 1) * $per_page) . '">' . $total_pages . '</a>';
    1754. 

  1754. 

  1755. 	if ($add_prevnext_text)
    1756. 

  1756. 	{
    1757. 

  1757. 		if ($on_page != 1)
    1758. 

  1758. 		{
    1759. 

  1759. 			$page_string = '<a href="' . $base_url . "{$url_delim}start=" . (($on_page - 2) * $per_page) . '">' . $user->lang['PREVIOUS'] . '</a>&nbsp;&nbsp;' . $page_string;
    1760. 

  1760. 		}
    1761. 

  1761. 

  1762. 		if ($on_page != $total_pages)
    1763. 

  1763. 		{
    1764. 

  1764. 			$page_string .= '&nbsp;&nbsp;<a href="' . $base_url . "{$url_delim}start=" . ($on_page * $per_page) . '">' . $user->lang['NEXT'] . '</a>';
    1765. 

  1765. 		}
    1766. 

  1766. 	}
    1767. 

  1767. 

  1768. 	$template->assign_vars(array(
    1769. 

  1769. 		$tpl_prefix . 'BASE_URL'		=> $base_url,
    1770. 

  1770. 		'A_' . $tpl_prefix . 'BASE_URL'	=> addslashes($base_url),
    1771. 

  1771. 		$tpl_prefix . 'PER_PAGE'		=> $per_page,
    1772. 

  1772. 

  1773. 		$tpl_prefix . 'PREVIOUS_PAGE'	=> ($on_page == 1) ? '' : $base_url . "{$url_delim}start=" . (($on_page - 2) * $per_page),
    1774. 

  1774. 		$tpl_prefix . 'NEXT_PAGE'		=> ($on_page == $total_pages) ? '' : $base_url . "{$url_delim}start=" . ($on_page * $per_page),
    1775. 

  1775. 		$tpl_prefix . 'TOTAL_PAGES'		=> $total_pages,
    1776. 

  1776. 	));
    1777. 

  1777. 

  1778. 	return $page_string;
    1779. 

  1779. }
    1780. 

  1780. 

  1781. /**
    1782. 

  1782. * Return current page (pagination)
    1783. 

  1783. */
    1784. 

  1784. function on_page($num_items, $per_page, $start)
    1785. 

  1785. {
    1786. 

  1786. 	global $template, $user;
    1787. 

  1787. 

  1788. 	// Make sure $per_page is a valid value
    1789. 

  1789. 	$per_page = ($per_page <= 0) ? 1 : $per_page;
    1790. 

  1790. 

  1791. 	$on_page = floor($start / $per_page) + 1;
    1792. 

  1792. 

  1793. 	$template->assign_vars(array(
    1794. 

  1794. 		'ON_PAGE'		=> $on_page)
    1795. 

  1795. 	);
    1796. 

  1796. 

  1797. 	return sprintf($user->lang['PAGE_OF'], $on_page, max(ceil($num_items / $per_page), 1));
    1798. 

  1798. }
    1799. 

  1799. 

  1800. // Server functions (building urls, redirecting...)
    1801. 

  1801. 

  1802. /**
    1803. 

  1803. * Append session id to url.
    1804. 

  1804. * This function supports hooks.
    1805. 

  1805. *
    1806. 

  1806. * @param string $url The url the session id needs to be appended to (can have params)
    1807. 

  1807. * @param mixed $params String or array of additional url parameters
    1808. 

  1808. * @param bool $is_amp Is url using &amp; (true) or & (false)
    1809. 

  1809. * @param string $session_id Possibility to use a custom session id instead of the global one
    1810. 

  1810. *
    1811. 

  1811. * Examples:
    1812. 

  1812. * <code>
    1813. 

  1813. * append_sid("{$phpbb_root_path}viewtopic.$phpEx?t=1&amp;f=2");
    1814. 

  1814. * append_sid("{$phpbb_root_path}viewtopic.$phpEx", 't=1&amp;f=2');
    1815. 

  1815. * append_sid("{$phpbb_root_path}viewtopic.$phpEx", 't=1&f=2', false);
    1816. 

  1816. * append_sid("{$phpbb_root_path}viewtopic.$phpEx", array('t' => 1, 'f' => 2));
    1817. 

  1817. * </code>
    1818. 

  1818. *
    1819. 

  1819. */
    1820. 

  1820. function append_sid($url, $params = false, $is_amp = true, $session_id = false)
    1821. 

  1821. {
    1822. 

  1822. 	global $_SID, $_EXTRA_URL, $phpbb_hook;
    1823. 

  1823. 

  1824. 	// Developers using the hook function need to globalise the $_SID and $_EXTRA_URL on their own and also handle it appropiatly.
    1825. 

  1825. 	// They could mimick most of what is within this function
    1826. 

  1826. 	if (!empty($phpbb_hook) && $phpbb_hook->call_hook(__FUNCTION__, $url, $params, $is_amp, $session_id))
    1827. 

  1827. 	{
    1828. 

  1828. 		if ($phpbb_hook->hook_return(__FUNCTION__))
    1829. 

  1829. 		{
    1830. 

  1830. 			return $phpbb_hook->hook_return_result(__FUNCTION__);
    1831. 

  1831. 		}
    1832. 

  1832. 	}
    1833. 

  1833. 

  1834. 	$params_is_array = is_array($params);
    1835. 

  1835. 

  1836. 	// Get anchor
    1837. 

  1837. 	$anchor = '';
    1838. 

  1838. 	if (strpos($url, '#') !== false)
    1839. 

  1839. 	{
    1840. 

  1840. 		list($url, $anchor) = explode('#', $url, 2);
    1841. 

  1841. 		$anchor = '#' . $anchor;
    1842. 

  1842. 	}
    1843. 

  1843. 	else if (!$params_is_array && strpos($params, '#') !== false)
    1844. 

  1844. 	{
    1845. 

  1845. 		list($params, $anchor) = explode('#', $params, 2);
    1846. 

  1846. 		$anchor = '#' . $anchor;
    1847. 

  1847. 	}
    1848. 

  1848. 

  1849. 	// Handle really simple cases quickly
    1850. 

  1850. 	if ($_SID == '' && $session_id === false && empty($_EXTRA_URL) && !$params_is_array && !$anchor)
    1851. 

  1851. 	{
    1852. 

  1852. 		if ($params === false)
    1853. 

  1853. 		{
    1854. 

  1854. 			return $url;
    1855. 

  1855. 		}
    1856. 

  1856. 

  1857. 		$url_delim = (strpos($url, '?') === false) ? '?' : (($is_amp) ? '&amp;' : '&');
    1858. 

  1858. 		return $url . ($params !== false ? $url_delim. $params : '');
    1859. 

  1859. 	}
    1860. 

  1860. 

  1861. 	// Assign sid if session id is not specified
    1862. 

  1862. 	if ($session_id === false)
    1863. 

  1863. 	{
    1864. 

  1864. 		$session_id = $_SID;
    1865. 

  1865. 	}
    1866. 

  1866. 

  1867. 	$amp_delim = ($is_amp) ? '&amp;' : '&';
    1868. 

  1868. 	$url_delim = (strpos($url, '?') === false) ? '?' : $amp_delim;
    1869. 

  1869. 

  1870. 	// Appending custom url parameter?
    1871. 

  1871. 	$append_url = (!empty($_EXTRA_URL)) ? implode($amp_delim, $_EXTRA_URL) : '';
    1872. 

  1872. 

  1873. 	// Use the short variant if possible ;)
    1874. 

  1874. 	if ($params === false)
    1875. 

  1875. 	{
    1876. 

  1876. 		// Append session id
    1877. 

  1877. 		if (!$session_id)
    1878. 

  1878. 		{
    1879. 

  1879. 			return $url . (($append_url) ? $url_delim . $append_url : '') . $anchor;
    1880. 

  1880. 		}
    1881. 

  1881. 		else
    1882. 

  1882. 		{
    1883. 

  1883. 			return $url . (($append_url) ? $url_delim . $append_url . $amp_delim : $url_delim) . 'sid=' . $session_id . $anchor;
    1884. 

  1884. 		}
    1885. 

  1885. 	}
    1886. 

  1886. 

  1887. 	// Build string if parameters are specified as array
    1888. 

  1888. 	if (is_array($params))
    1889. 

  1889. 	{
    1890. 

  1890. 		$output = array();
    1891. 

  1891. 

  1892. 		foreach ($params as $key => $item)
    1893. 

  1893. 		{
    1894. 

  1894. 			if ($item === NULL)
    1895. 

  1895. 			{
    1896. 

  1896. 				continue;
    1897. 

  1897. 			}
    1898. 

  1898. 

  1899. 			if ($key == '#')
    1900. 

  1900. 			{
    1901. 

  1901. 				$anchor = '#' . $item;
    1902. 

  1902. 				continue;
    1903. 

  1903. 			}
    1904. 

  1904. 

  1905. 			$output[] = $key . '=' . $item;
    1906. 

  1906. 		}
    1907. 

  1907. 

  1908. 		$params = implode($amp_delim, $output);
    1909. 

  1909. 	}
    1910. 

  1910. 

  1911. 	// Append session id and parameters (even if they are empty)
    1912. 

  1912. 	// If parameters are empty, the developer can still append his/her parameters without caring about the delimiter
    1913. 

  1913. 	return $url . (($append_url) ? $url_delim . $append_url . $amp_delim : $url_delim) . $params . ((!$session_id) ? '' : $amp_delim . 'sid=' . $session_id) . $anchor;
    1914. 

  1914. }
    1915. 

  1915. 

  1916. /**
    1917. 

  1917. * Generate board url (example: http://www.example.com/phpBB)
    1918. 

  1918. * @param bool $without_script_path if set to true the script path gets not appended (example: http://www.example.com)
    1919. 

  1919. */
    1920. 

  1920. function generate_board_url($without_script_path = false)
    1921. 

  1921. {
    1922. 

  1922. 	global $config, $user;
    1923. 

  1923. 

  1924. 	$server_name = $user->host;
    1925. 

  1925. 	$server_port = (!empty($_SERVER['SERVER_PORT'])) ? (int) $_SERVER['SERVER_PORT'] : (int) getenv('SERVER_PORT');
    1926. 

  1926. 

  1927. 	// Forcing server vars is the only way to specify/override the protocol
    1928. 

  1928. 	if ($config['force_server_vars'] || !$server_name)
    1929. 

  1929. 	{
    1930. 

  1930. 		$server_protocol = ($config['server_protocol']) ? $config['server_protocol'] : (($config['cookie_secure']) ? 'https://' : 'http://');
    1931. 

  1931. 		$server_name = $config['server_name'];
    1932. 

  1932. 		$server_port = (int) $config['server_port'];
    1933. 

  1933. 		$script_path = $config['script_path'];
    1934. 

  1934. 

  1935. 		$url = $server_protocol . $server_name;
    1936. 

  1936. 		$cookie_secure = $config['cookie_secure'];
    1937. 

  1937. 	}
    1938. 

  1938. 	else
    1939. 

  1939. 	{
    1940. 

  1940. 		// Do not rely on cookie_secure, users seem to think that it means a secured cookie instead of an encrypted connection
    1941. 

  1941. 		$cookie_secure = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') ? 1 : 0;
    1942. 

  1942. 		$url = (($cookie_secure) ? 'https://' : 'http://') . $server_name;
    1943. 

  1943. 

  1944. 		$script_path = $user->page['root_script_path'];
    1945. 

  1945. 	}
    1946. 

  1946. 

  1947. 	if ($server_port && (($cookie_secure && $server_port <> 443) || (!$cookie_secure && $server_port <> 80)))
    1948. 

  1948. 	{
    1949. 

  1949. 		// HTTP HOST can carry a port number (we fetch $user->host, but for old versions this may be true)
    1950. 

  1950. 		if (strpos($server_name, ':') === false)
    1951. 

  1951. 		{
    1952. 

  1952. 			$url .= ':' . $server_port;
    1953. 

  1953. 		}
    1954. 

  1954. 	}
    1955. 

  1955. 

  1956. 	if (!$without_script_path)
    1957. 

  1957. 	{
    1958. 

  1958. 		$url .= $script_path;
    1959. 

  1959. 	}
    1960. 

  1960. 

  1961. 	// Strip / from the end
    1962. 

  1962. 	if (substr($url, -1, 1) == '/')
    1963. 

  1963. 	{
    1964. 

  1964. 		$url = substr($url, 0, -1);
    1965. 

  1965. 	}
    1966. 

  1966. 

  1967. 	return $url;
    1968. 

  1968. }
    1969. 

  1969. 

  1970. /**
    1971. 

  1971. * Redirects the user to another page then exits the script nicely
    1972. 

  1972. * This function is intended for urls within the board. It's not meant to redirect to cross-domains.
    1973. 

  1973. *
    1974. 

  1974. * @param string $url The url to redirect to
    1975. 

  1975. * @param bool $return If true, do not redirect but return the sanitized URL. Default is no return.
    1976. 

  1976. * @param bool $disable_cd_check If true, redirect() will redirect to an external domain. If false, the redirect point to the boards url if it does not match the current domain. Default is false.
    1977. 

  1977. */
    1978. 

  1978. function redirect($url, $return = false, $disable_cd_check = false)
    1979. 

  1979. {
    1980. 

  1980. 	global $db, $cache, $config, $user, $phpbb_root_path;
    1981. 

  1981. 

  1982. 	if (empty($user->lang))
    1983. 

  1983. 	{
    1984. 

  1984. 		$user->add_lang('common');
    1985. 

  1985. 	}
    1986. 

  1986. 

  1987. 	if (!$return)
    1988. 

  1988. 	{
    1989. 

  1989. 		garbage_collection();
    1990. 

  1990. 	}
    1991. 

  1991. 

  1992. 	// Make sure no &amp;'s are in, this will break the redirect
    1993. 

  1993. 	$url = str_replace('&amp;', '&', $url);
    1994. 

  1994. 

  1995. 	// Determine which type of redirect we need to handle...
    1996. 

  1996. 	$url_parts = parse_url($url);
    1997. 

  1997. 

  1998. 	if ($url_parts === false)
    1999. 

  1999. 	{
    2000. 

  2000. 		// Malformed url, redirect to current page...
    2001. 

  2001. 		$url = generate_board_url() . '/' . $user->page['page'];
    2002. 

  2002. 	}
    2003. 

  2003. 	else if (!empty($url_parts['scheme']) && !empty($url_parts['host']))
    2004. 

  2004. 	{
    2005. 

  2005. 		// Attention: only able to redirect within the same domain if $disable_cd_check is false (yourdomain.com -> www.yourdomain.com will not work)
    2006. 

  2006. 		if (!$disable_cd_check && $url_parts['host'] !== $user->host)
    2007. 

  2007. 		{
    2008. 

  2008. 			$url = generate_board_url();
    2009. 

  2009. 		}
    2010. 

  2010. 	}
    2011. 

  2011. 	else if ($url[0] == '/')
    2012. 

  2012. 	{
    2013. 

  2013. 		// Absolute uri, prepend direct url...
    2014. 

  2014. 		$url = generate_board_url(true) . $url;
    2015. 

  2015. 	}
    2016. 

  2016. 	else
    2017. 

  2017. 	{
    2018. 

  2018. 		// Relative uri
    2019. 

  2019. 		$pathinfo = pathinfo($url);
    2020. 

  2020. 

  2021. 		// Is the uri pointing to the current directory?
    2022. 

  2022. 		if ($pathinfo['dirname'] == '.')
    2023. 

  2023. 		{
    2024. 

  2024. 			$url = str_replace('./', '', $url);
    2025. 

  2025. 

  2026. 			// Strip / from the beginning
    2027. 

  2027. 			if ($url && substr($url, 0, 1) == '/')
    2028. 

  2028. 			{
    2029. 

  2029. 				$url = substr($url, 1);
    2030. 

  2030. 			}
    2031. 

  2031. 

  2032. 			if ($user->page['page_dir'])
    2033. 

  2033. 			{
    2034. 

  2034. 				$url = generate_board_url() . '/' . $user->page['page_dir'] . '/' . $url;
    2035. 

  2035. 			}
    2036. 

  2036. 			else
    2037. 

  2037. 			{
    2038. 

  2038. 				$url = generate_board_url() . '/' . $url;
    2039. 

  2039. 			}
    2040. 

  2040. 		}
    2041. 

  2041. 		else
    2042. 

  2042. 		{
    2043. 

  2043. 			// Used ./ before, but $phpbb_root_path is working better with urls within another root path
    2044. 

  2044. 			$root_dirs = explode('/', str_replace('\\', '/', phpbb_realpath($phpbb_root_path)));
    2045. 

  2045. 			$page_dirs = explode('/', str_replace('\\', '/', phpbb_realpath($pathinfo['dirname'])));
    2046. 

  2046. 			$intersection = array_intersect_assoc($root_dirs, $page_dirs);
    2047. 

  2047. 

  2048. 			$root_dirs = array_diff_assoc($root_dirs, $intersection);
    2049. 

  2049. 			$page_dirs = array_diff_assoc($page_dirs, $intersection);
    2050. 

  2050. 

  2051. 			$dir = str_repeat('../', sizeof($root_dirs)) . implode('/', $page_dirs);
    2052. 

  2052. 

  2053. 			// Strip / from the end
    2054. 

  2054. 			if ($dir && substr($dir, -1, 1) == '/')
    2055. 

  2055. 			{
    2056. 

  2056. 				$dir = substr($dir, 0, -1);
    2057. 

  2057. 			}
    2058. 

  2058. 

  2059. 			// Strip / from the beginning
    2060. 

  2060. 			if ($dir && substr($dir, 0, 1) == '/')
    2061. 

  2061. 			{
    2062. 

  2062. 				$dir = substr($dir, 1);
    2063. 

  2063. 			}
    2064. 

  2064. 

  2065. 			$url = str_replace($pathinfo['dirname'] . '/', '', $url);
    2066. 

  2066. 

  2067. 			// Strip / from the beginning
    2068. 

  2068. 			if (substr($url, 0, 1) == '/')
    2069. 

  2069. 			{
    2070. 

  2070. 				$url = substr($url, 1);
    2071. 

  2071. 			}
    2072. 

  2072. 

  2073. 			$url = (!empty($dir) ? $dir . '/' : '') . $url;
    2074. 

  2074. 			$url = generate_board_url() . '/' . $url;
    2075. 

  2075. 		}
    2076. 

  2076. 	}
    2077. 

  2077. 

  2078. 	// Make sure no linebreaks are there... to prevent http response splitting for PHP < 4.4.2
    2079. 

  2079. 	if (strpos(urldecode($url), "\n") !== false || strpos(urldecode($url), "\r") !== false || strpos($url, ';') !== false)
    2080. 

  2080. 	{
    2081. 

  2081. 		trigger_error('Tried to redirect to potentially insecure url.', E_USER_ERROR);
    2082. 

  2082. 	}
    2083. 

  2083. 

  2084. 	// Now, also check the protocol and for a valid url the last time...
    2085. 

  2085. 	$allowed_protocols = array('http', 'https', 'ftp', 'ftps');
    2086. 

  2086. 	$url_parts = parse_url($url);
    2087. 

  2087. 

  2088. 	if ($url_parts === false || empty($url_parts['scheme']) || !in_array($url_parts['scheme'], $allowed_protocols))
    2089. 

  2089. 	{
    2090. 

  2090. 		trigger_error('Tried to redirect to potentially insecure url.', E_USER_ERROR);
    2091. 

  2091. 	}
    2092. 

  2092. 

  2093. 	if ($return)
    2094. 

  2094. 	{
    2095. 

  2095. 		return $url;
    2096. 

  2096. 	}
    2097. 

  2097. 

  2098. 	// Redirect via an HTML form for PITA webservers
    2099. 

  2099. 	if (@preg_match('#Microsoft|WebSTAR|Xitami#', getenv('SERVER_SOFTWARE')))
    2100. 

  2100. 	{
    2101. 

  2101. 		header('Refresh: 0; URL=' . $url);
    2102. 

  2102. 

  2103. 		echo '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">';
    2104. 

  2104. 		echo '<html xmlns="http://www.w3.org/1999/xhtml" dir="' . $user->lang['DIRECTION'] . '" lang="' . $user->lang['USER_LANG'] . '" xml:lang="' . $user->lang['USER_LANG'] . '">';
    2105. 

  2105. 		echo '<head>';
    2106. 

  2106. 		echo '<meta http-equiv="content-type" content="text/html; charset=utf-8" />';
    2107. 

  2107. 		echo '<meta http-equiv="refresh" content="0; url=' . str_replace('&', '&amp;', $url) . '" />';
    2108. 

  2108. 		echo '<title>' . $user->lang['REDIRECT'] . '</title>';
    2109. 

  2109. 		echo '</head>';
    2110. 

  2110. 		echo '<body>';
    2111. 

  2111. 		echo '<div style="text-align: center;">' . sprintf($user->lang['URL_REDIRECT'], '<a href="' . str_replace('&', '&amp;', $url) . '">', '</a>') . '</div>';
    2112. 

  2112. 		echo '</body>';
    2113. 

  2113. 		echo '</html>';
    2114. 

  2114. 

  2115. 		exit;
    2116. 

  2116. 	}
    2117. 

  2117. 

  2118. 	// Behave as per HTTP/1.1 spec for others
    2119. 

  2119. 	header('Location: ' . $url);
    2120. 

  2120. 	exit;
    2121. 

  2121. }
    2122. 

  2122. 

  2123. /**
    2124. 

  2124. * Re-Apply session id after page reloads
    2125. 

  2125. */
    2126. 

  2126. function reapply_sid($url)
    2127. 

  2127. {
    2128. 

  2128. 	global $phpEx, $phpbb_root_path;
    2129. 

  2129. 

  2130. 	if ($url === "index.$phpEx")
    2131. 

  2131. 	{
    2132. 

  2132. 		return append_sid("index.$phpEx");
    2133. 

  2133. 	}
    2134. 

  2134. 	else if ($url === "{$phpbb_root_path}index.$phpEx")
    2135. 

  2135. 	{
    2136. 

  2136. 		return append_sid("{$phpbb_root_path}index.$phpEx");
    2137. 

  2137. 	}
    2138. 

  2138. 

  2139. 	// Remove previously added sid
    2140. 

  2140. 	if (strpos($url, '?sid=') !== false)
    2141. 

  2141. 	{
    2142. 

  2142. 		$url = preg_replace('/(\?)sid=[a-z0-9]+(&amp;|&)?/', '\1', $url);
    2143. 

  2143. 	}
    2144. 

  2144. 	else if (strpos($url, '&sid=') !== false)
    2145. 

  2145. 	{
    2146. 

  2146. 		$url = preg_replace('/&sid=[a-z0-9]+(&)?/', '\1', $url);
    2147. 

  2147. 	}
    2148. 

  2148. 	else if (strpos($url, '&amp;sid=') !== false)
    2149. 

  2149. 	{
    2150. 

  2150. 		$url = preg_replace('/&amp;sid=[a-z0-9]+(&amp;)?/', '\1', $url);
    2151. 

  2151. 	}
    2152. 

  2152. 

  2153. 	return append_sid($url);
    2154. 

  2154. }
    2155. 

  2155. 

  2156. /**
    2157. 

  2157. * Returns url from the session/current page with an re-appended SID with optionally stripping vars from the url
    2158. 

  2158. */
    2159. 

  2159. function build_url($strip_vars = false)
    2160. 

  2160. {
    2161. 

  2161. 	global $user, $phpbb_root_path;
    2162. 

  2162. 

  2163. 	// Append SID
    2164. 

  2164. 	$redirect = append_sid($user->page['page'], false, false);
    2165. 

  2165. 

  2166. 	// Add delimiter if not there...
    2167. 

  2167. 	if (strpos($redirect, '?') === false)
    2168. 

  2168. 	{
    2169. 

  2169. 		$redirect .= '?';
    2170. 

  2170. 	}
    2171. 

  2171. 

  2172. 	// Strip vars...
    2173. 

  2173. 	if ($strip_vars !== false && strpos($redirect, '?') !== false)
    2174. 

  2174. 	{
    2175. 

  2175. 		if (!is_array($strip_vars))
    2176. 

  2176. 		{
    2177. 

  2177. 			$strip_vars = array($strip_vars);
    2178. 

  2178. 		}
    2179. 

  2179. 

  2180. 		$query = $_query = array();
    2181. 

  2181. 

  2182. 		$args = substr($redirect, strpos($redirect, '?') + 1);
    2183. 

  2183. 		$args = ($args) ? explode('&', $args) : array();
    2184. 

  2184. 		$redirect = substr($redirect, 0, strpos($redirect, '?'));
    2185. 

  2185. 

  2186. 		foreach ($args as $argument)
    2187. 

  2187. 		{
    2188. 

  2188. 			$arguments = explode('=', $argument);
    2189. 

  2189. 			$key = $arguments[0];
    2190. 

  2190. 			unset($arguments[0]);
    2191. 

  2191. 

  2192. 			$query[$key] = implode('=', $arguments);
    2193. 

  2193. 		}
    2194. 

  2194. 

  2195. 		// Strip the vars off
    2196. 

  2196. 		foreach ($strip_vars as $strip)
    2197. 

  2197. 		{
    2198. 

  2198. 			if (isset($query[$strip]))
    2199. 

  2199. 			{
    2200. 

  2200. 				unset($query[$strip]);
    2201. 

  2201. 			}
    2202. 

  2202. 		}
    2203. 

  2203. 

  2204. 		// Glue the remaining parts together... already urlencoded
    2205. 

  2205. 		foreach ($query as $key => $value)
    2206. 

  2206. 		{
    2207. 

  2207. 			$_query[] = $key . '=' . $value;
    2208. 

  2208. 		}
    2209. 

  2209. 		$query = implode('&', $_query);
    2210. 

  2210. 

  2211. 		$redirect .= ($query) ? '?' . $query : '';
    2212. 

  2212. 	}
    2213. 

  2213. 

  2214. 	return $phpbb_root_path . str_replace('&', '&amp;', $redirect);
    2215. 

  2215. }
    2216. 

  2216. 

  2217. /**
    2218. 

  2218. * Meta refresh assignment
    2219. 

  2219. * Adds META template variable with meta http tag.
    2220. 

  2220. *
    2221. 

  2221. * @param int $time Time in seconds for meta refresh tag
    2222. 

  2222. * @param string $url URL to redirect to. The url will go through redirect() first before the template variable is assigned
    2223. 

  2223. * @param bool $disable_cd_check If true, meta_refresh() will redirect to an external domain. If false, the redirect point to the boards url if it does not match the current domain. Default is false.
    2224. 

  2224. */
    2225. 

  2225. function meta_refresh($time, $url, $disable_cd_check = false)
    2226. 

  2226. {
    2227. 

  2227. 	global $template;
    2228. 

  2228. 

  2229. 	$url = redirect($url, true, $disable_cd_check);
    2230. 

  2230. //-- mod: Prime Quick Login -------------------------------------------------//
    2231. 

  2231. 	$template->assign_var('AUTO_REFRESH', $time);
    2232. 

  2232. //-- end: Prime Quick Login -------------------------------------------------//
    2233. 

  2233. 	$url = str_replace('&', '&amp;', $url);
    2234. 

  2234. 

  2235. 	// For XHTML compatibility we change back & to &amp;
    2236. 

  2236. 	$template->assign_vars(array(
    2237. 

  2237. 		'META' => '<meta http-equiv="refresh" content="' . $time . ';url=' . $url . '" />')
    2238. 

  2238. 	);
    2239. 

  2239. 

  2240. 	return $url;
    2241. 

  2241. }
    2242. 

  2242. 

  2243. //Form validation
    2244. 

  2244. 

  2245. 

  2246. /**
    2247. 

  2247. * Add a secret hash   for use in links/GET requests
    2248. 

  2248. * @param string  $link_name The name of the link; has to match the name used in check_link_hash, otherwise no restrictions apply
    2249. 

  2249. * @return string the hash
    2250. 

    2251. 

  2251. */
    2252. 

  2252. function generate_link_hash($link_name)
    2253. 

  2253. {
    2254. 

  2254. 	global $user;
    2255. 

  2255. 

  2256. 	if (!isset($user->data["hash_$link_name"]))
    2257. 

  2257. 	{
    2258. 

  2258. 		$user->data["hash_$link_name"] = substr(sha1($user->data['user_form_salt'] . $link_name), 0, 8);
    2259. 

  2259. 	}
    2260. 

  2260. 

  2261. 	return $user->data["hash_$link_name"];
    2262. 

  2262. }
    2263. 

  2263. 

  2264. 

  2265. /**
    2266. 

  2266. * checks a link hash - for GET requests
    2267. 

  2267. * @param string $token the submitted token
    2268. 

  2268. * @param string $link_name The name of the link
    2269. 

  2269. * @return boolean true if all is fine
    2270. 

  2270. */
    2271. 

  2271. function check_link_hash($token, $link_name)
    2272. 

  2272. {
    2273. 

  2273. 	return $token === generate_link_hash($link_name);
    2274. 

  2274. }
    2275. 

  2275. 

  2276. /**
    2277. 

  2277. * Add a secret token to the form (requires the S_FORM_TOKEN template variable)
    2278. 

  2278. * @param string  $form_name The name of the form; has to match the name used in check_form_key, otherwise no restrictions apply
    2279. 

  2279. */
    2280. 

  2280. function add_form_key($form_name)
    2281. 

  2281. {
    2282. 

  2282. 	global $config, $template, $user;
    2283. 

  2283. 

  2284. 	$now = time();
    2285. 

  2285. 	$token_sid = ($user->data['user_id'] == ANONYMOUS && !empty($config['form_token_sid_guests'])) ? $user->session_id : '';
    2286. 

  2286. 	$token = sha1($now . $user->data['user_form_salt'] . $form_name . $token_sid);
    2287. 

  2287. 

  2288. 	$s_fields = build_hidden_fields(array(
    2289. 

  2289. 		'creation_time' => $now,
    2290. 

  2290. 		'form_token'	=> $token,
    2291. 

  2291. 	));
    2292. 

  2292. 

  2293. 	$template->assign_vars(array(
    2294. 

  2294. 		'S_FORM_TOKEN'	=> $s_fields,
    2295. 

  2295. 	));
    2296. 

  2296. }
    2297. 

  2297. 

  2298. /**
    2299. 

  2299. * Check the form key. Required for all altering actions not secured by confirm_box
    2300. 

  2300. * @param string  $form_name The name of the form; has to match the name used in add_form_key, otherwise no restrictions apply
    2301. 

  2301. * @param int $timespan The maximum acceptable age for a submitted form in seconds. Defaults to the config setting.
    2302. 

  2302. * @param string $return_page The address for the return link
    2303. 

  2303. * @param bool $trigger If true, the function will triger an error when encountering an invalid form
    2304. 

  2304. */
    2305. 

  2305. function check_form_key($form_name, $timespan = false, $return_page = '', $trigger = false)
    2306. 

  2306. {
    2307. 

  2307. 	global $config, $user;
    2308. 

  2308. 

  2309. 	if ($timespan === false)
    2310. 

  2310. 	{
    2311. 

  2311. 		// we enforce a minimum value of half a minute here.
    2312. 

  2312. 		$timespan = ($config['form_token_lifetime'] == -1) ? -1 : max(30, $config['form_token_lifetime']);
    2313. 

  2313. 	}
    2314. 

  2314. 

  2315. 	if (isset($_POST['creation_time']) && isset($_POST['form_token']))
    2316. 

  2316. 	{
    2317. 

  2317. 		$creation_time	= abs(request_var('creation_time', 0));
    2318. 

  2318. 		$token = request_var('form_token', '');
    2319. 

  2319. 

  2320. 		$diff = time() - $creation_time;
    2321. 

  2321. 

  2322. 		// If creation_time and the time() now is zero we can assume it was not a human doing this (the check for if ($diff)...
    2323. 

  2323. 		if ($diff && ($diff <= $timespan || $timespan === -1))
    2324. 

  2324. 		{
    2325. 

  2325. 			$token_sid = ($user->data['user_id'] == ANONYMOUS && !empty($config['form_token_sid_guests'])) ? $user->session_id : '';
    2326. 

  2326. 			$key = sha1($creation_time . $user->data['user_form_salt'] . $form_name . $token_sid);
    2327. 

  2327. 

  2328. 			if ($key === $token)
    2329. 

  2329. 			{
    2330. 

  2330. 				return true;
    2331. 

  2331. 			}
    2332. 

  2332. 		}
    2333. 

  2333. 	}
    2334. 

  2334. 

  2335. 	if ($trigger)
    2336. 

  2336. 	{
    2337. 

  2337. 		trigger_error($user->lang['FORM_INVALID'] . $return_page);
    2338. 

  2338. 	}
    2339. 

  2339. 

  2340. 	return false;
    2341. 

  2341. }
    2342. 

  2342. 

  2343. // Message/Login boxes
    2344. 

  2344. 

  2345. /**
    2346. 

  2346. * Build Confirm box
    2347. 

  2347. * @param boolean $check True for checking if confirmed (without any additional parameters) and false for displaying the confirm box
    2348. 

  2348. * @param string $title Title/Message used for confirm box.
    2349. 

  2349. *		message text is _CONFIRM appended to title.
    2350. 

  2350. *		If title cannot be found in user->lang a default one is displayed
    2351. 

  2351. *		If title_CONFIRM cannot be found in user->lang the text given is used.
    2352. 

  2352. * @param string $hidden Hidden variables
    2353. 

  2353. * @param string $html_body Template used for confirm box
    2354. 

  2354. * @param string $u_action Custom form action
    2355. 

  2355. */
    2356. 

  2356. function confirm_box($check, $title = '', $hidden = '', $html_body = 'confirm_body.html', $u_action = '')
    2357. 

  2357. {
    2358. 

  2358. 	global $user, $template, $db;
    2359. 

  2359. 	global $phpEx, $phpbb_root_path;
    2360. 

  2360. 

  2361. 	if (isset($_POST['cancel']))
    2362. 

  2362. 	{
    2363. 

  2363. 		return false;
    2364. 

  2364. 	}
    2365. 

  2365. 

  2366. 	$confirm = false;
    2367. 

  2367. 	if (isset($_POST['confirm']))
    2368. 

  2368. 	{
    2369. 

  2369. 		// language frontier
    2370. 

  2370. 		if ($_POST['confirm'] === $user->lang['YES'])
    2371. 

  2371. 		{
    2372. 

  2372. 			$confirm = true;
    2373. 

  2373. 		}
    2374. 

  2374. 	}
    2375. 

  2375. 

  2376. 	if ($check && $confirm)
    2377. 

  2377. 	{
    2378. 

  2378. 		$user_id = request_var('user_id', 0);
    2379. 

  2379. 		$session_id = request_var('sess', '');
    2380. 

  2380. 		$confirm_key = request_var('confirm_key', '');
    2381. 

  2381. 

  2382. 		if ($user_id != $user->data['user_id'] || $session_id != $user->session_id || !$confirm_key || !$user->data['user_last_confirm_key'] || $confirm_key != $user->data['user_last_confirm_key'])
    2383. 

  2383. 		{
    2384. 

  2384. 			return false;
    2385. 

  2385. 		}
    2386. 

  2386. 

  2387. 		// Reset user_last_confirm_key
    2388. 

  2388. 		$sql = 'UPDATE ' . USERS_TABLE . " SET user_last_confirm_key = ''
    2389. 

  2389. 			WHERE user_id = " . $user->data['user_id'];
    2390. 

  2390. 		$db->sql_query($sql);
    2391. 

  2391. 

  2392. 		return true;
    2393. 

  2393. 	}
    2394. 

  2394. 	else if ($check)
    2395. 

  2395. 	{
    2396. 

  2396. 		return false;
    2397. 

  2397. 	}
    2398. 

  2398. 

  2399. 	$s_hidden_fields = build_hidden_fields(array(
    2400. 

  2400. 		'user_id'	=> $user->data['user_id'],
    2401. 

  2401. 		'sess'		=> $user->session_id,
    2402. 

  2402. 		'sid'		=> $user->session_id)
    2403. 

  2403. 	);
    2404. 

  2404. 

  2405. 	// generate activation key
    2406. 

  2406. 	$confirm_key = gen_rand_string(10);
    2407. 

  2407. 

  2408. 	if (defined('IN_ADMIN') && isset($user->data['session_admin']) && $user->data['session_admin'])
    2409. 

  2409. 	{
    2410. 

  2410. 		adm_page_header((!isset($user->lang[$title])) ? $user->lang['CONFIRM'] : $user->lang[$title]);
    2411. 

  2411. 	}
    2412. 

  2412. 	else
    2413. 

  2413. 	{
    2414. 

  2414. 		page_header((!isset($user->lang[$title])) ? $user->lang['CONFIRM'] : $user->lang[$title]);
    2415. 

  2415. 	}
    2416. 

  2416. 

  2417. 	$template->set_filenames(array(
    2418. 

  2418. 		'body' => $html_body)
    2419. 

  2419. 	);
    2420. 

  2420. 

  2421. 	// If activation key already exist, we better do not re-use the key (something very strange is going on...)
    2422. 

  2422. 	if (request_var('confirm_key', ''))
    2423. 

  2423. 	{
    2424. 

  2424. 		// This should not occur, therefore we cancel the operation to safe the user
    2425. 

  2425. 		return false;
    2426. 

  2426. 	}
    2427. 

  2427. 

  2428. 	// re-add sid / transform & to &amp; for user->page (user->page is always using &)
    2429. 

  2429. 	$use_page = ($u_action) ? $phpbb_root_path . $u_action : $phpbb_root_path . str_replace('&', '&amp;', $user->page['page']);
    2430. 

  2430. 	$u_action = reapply_sid($use_page);
    2431. 

  2431. 	$u_action .= ((strpos($u_action, '?') === false) ? '?' : '&amp;') . 'confirm_key=' . $confirm_key;
    2432. 

  2432. 

  2433. 	$template->assign_vars(array(
    2434. 

  2434. 		'MESSAGE_TITLE'		=> (!isset($user->lang[$title])) ? $user->lang['CONFIRM'] : $user->lang[$title],
    2435. 

  2435. 		'MESSAGE_TEXT'		=> (!isset($user->lang[$title . '_CONFIRM'])) ? $title : $user->lang[$title . '_CONFIRM'],
    2436. 

  2436. 

  2437. 		'YES_VALUE'			=> $user->lang['YES'],
    2438. 

  2438. 		'S_CONFIRM_ACTION'	=> $u_action,
    2439. 

  2439. 		'S_HIDDEN_FIELDS'	=> $hidden . $s_hidden_fields)
    2440. 

  2440. 	);
    2441. 

  2441. 

  2442. 	$sql = 'UPDATE ' . USERS_TABLE . " SET user_last_confirm_key = '" . $db->sql_escape($confirm_key) . "'
    2443. 

  2443. 		WHERE user_id = " . $user->data['user_id'];
    2444. 

  2444. 	$db->sql_query($sql);
    2445. 

  2445. 

  2446. 	if (defined('IN_ADMIN') && isset($user->data['session_admin']) && $user->data['session_admin'])
    2447. 

  2447. 	{
    2448. 

  2448. 		adm_page_footer();
    2449. 

  2449. 	}
    2450. 

  2450. 	else
    2451. 

  2451. 	{
    2452. 

  2452. 		page_footer();
    2453. 

  2453. 	}
    2454. 

  2454. }
    2455. 

  2455. 

  2456. /**
    2457. 

  2457. * Generate login box or verify password
    2458. 

  2458. */
    2459. 

  2459. function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = false, $s_display = true)
    2460. 

  2460. {
    2461. 

  2461. 	global $db, $user, $template, $a
    2462.