/*
Common library script for Intellect Board 2
(c) 2004, XXXX Pro, United Open Project
Visit us online: http://intboard.ru
*/
if (!$IBOARD) die ("Hack attempt!");
$GLOBALS['common']=1;
return;
function check_post() {
if ($_SERVER['REQUEST_METHOD']!="POST") global_error('HACK ATTEMPT! Only POST method allowed here!');
}
function load_style($file) {
$link=$GLOBALS['link'];
if (file_exists($GLOBALS['opt_dir']."/styles/".$GLOBALS['inuser']['st_file']."/".$file)) {
require_once($GLOBALS['opt_dir']."/styles/".$GLOBALS['inuser']['st_file']."/".$file);
}
else {
$dir=$GLOBALS['inuser']['st_parent'];
$curdir=$GLOBALS['opt_dir']."/styles/".$dir."/";
while ($dir && !file_exists($curdir.$file)) {
$sql = "SELECT st_parent FROM ".$GLOBALS['DBprefix']."StyleSet WHERE st_file=\"$dir\"";
$res=db_query($sql,$link);
list($dir)=db_fetch_row($res);
$curdir=$GLOBALS['opt_dir']."/styles/".$dir."/";
}
if (file_exists($curdir.$file)) require_once($curdir.$file);
else global_error("File not found in styles: $file");
}
}
function load_lang($file) {
require_once ($GLOBALS['opt_dir']."/langs/".$GLOBALS['inuser']['ln_file']."/".$file);
}
function build_msg_select($sql,$value="") {
$res = db_query($sql,$GLOBALS['link']);
$tmp = "";
while ($tmpdata=db_fetch_row($res)) {
if ($tmpdata[0]==$value) $tmp.="";
return $flist;
}
function build_level_select() {
$sql = "SELECT * FROM ".$GLOBALS['DBprefix']."UserLevel ORDER BY l_level";
return build_select($sql,$udata['u__level']);
}
function build_userlevel_select($level=0) {
$sql = "SELECT * FROM ".$GLOBALS['DBprefix']."UserLevel WHERE l_level!=0 AND l_level<1024";
return build_select($sql,$level);
}
function error($errmsg) {
if (!$GLOBALS['admin']) load_style("message.php");
$tmp_link1 = "".MSG_go_back."";
$tmp_link2 = "".MSG_go_mainpage."";
output_message(MSG_e.$errmsg,$tmp_link1,$tmp_link2,"");
exit();
}
function message($textmsg,$golink=0) {
if ($_POST['refpage']) $tmp_link1 = $_POST['refpage'];
elseif ($GLOBALS['refpage']) $tmp_link1 = $GLOBALS['refpage'];
elseif ($_SERVER['HTTP_REFERER']) $tmp_link1 =$_SERVER['HTTP_REFERER'];
else $tmp_link1 = "javascript:history(-1)";
if (strpos($tmp_link1,"javascript:")===false && strpos($tmp_link1,"IB2XP")===false && !isset($_COOKIE['IB2XP'])) {
if (strpos($tmp_link1,"?")===false) $tmp_link1.="?";
else $tmp_link1.="&";
$tmp_link1.="IB2XP".$GLOBALS['DBprefix']."=".session_id();
}
$tmp_link2 = "".MSG_go_mainpage."";
if ($golink) $newlink=$tmp_link1;
if (substr($tmp_link1,0,7)=="http://") $tmp_link1=preg_replace("|http://[^/]+/|is","",$tmp_link1);
output_message($textmsg,"".MSG_go_back."",$tmp_link2,"",$newlink);
}
function topic_message($textmsg,$golink=0) {
$tmp_message = $textmsg;
$tmp_link1 = "".MSG_go_topic."";
$tmp_link2 = "".MSG_go_forum."";
$tmp_link3 = "".MSG_go_mainpage."";
if ($golink) $newlink="index.php?t=".$GLOBALS['topic']."#last";
output_message($tmp_message,$tmp_link1,$tmp_link2,$tmp_link3,$newlink);
}
function month_replace($date) {
$date=str_replace("January",MSG_January,$date);
$date=str_replace("February",MSG_February,$date);
$date=str_replace("March",MSG_March,$date);
$date=str_replace("April",MSG_April,$date);
$date=str_replace("May",MSG_May,$date);
$date=str_replace("June",MSG_June,$date);
$date=str_replace("July",MSG_July,$date);
$date=str_replace("August",MSG_August,$date);
$date=str_replace("September",MSG_September,$date);
$date=str_replace("October",MSG_October,$date);
$date=str_replace("November",MSG_November,$date);
$date=str_replace("December",MSG_December,$date);
$date=str_replace("Jan",MSG_Jan,$date);
$date=str_replace("Feb",MSG_Feb,$date);
$date=str_replace("Mar",MSG_Mar,$date);
$date=str_replace("Apr",MSG_Apr,$date);
$date=str_replace("May",MSG_May,$date);
$date=str_replace("Jun",MSG_Jun,$date);
$date=str_replace("Jul",MSG_Jul,$date);
$date=str_replace("Aug",MSG_Aug,$date);
$date=str_replace("Sep",MSG_Sep,$date);
$date=str_replace("Oct",MSG_Oct,$date);
$date=str_replace("Nov",MSG_Nov,$date);
$date=str_replace("Dec",MSG_Dec,$date);
$date=str_replace("Monday",MSG_Monday,$date);
$date=str_replace("Tuesday",MSG_Tuesday,$date);
$date=str_replace("Wednesday",MSG_Wednesday,$date);
$date=str_replace("Thursday",MSG_Thursday,$date);
$date=str_replace("Friday",MSG_Friday,$date);
$date=str_replace("Saturday",MSG_Saturday,$date);
$date=str_replace("Sunday",MSG_Sunday,$date);
$date=str_replace("Mon",MSG_Mon,$date);
$date=str_replace("Tue",MSG_Tue,$date);
$date=str_replace("Wed",MSG_Wed,$date);
$date=str_replace("Thu",MSG_Thu,$date);
$date=str_replace("Fri",MSG_Fri,$date);
$date=str_replace("Sat",MSG_Sat,$date);
$date=str_replace("Sun",MSG_Sun,$date);
return $date;
}
function long_date_out($date) {
$date=$date+$GLOBALS['inuser']['u_timeregion']-$GLOBALS['opt_timeregion'];
if ($date<0) $date=0;
if ($date) $date=date($GLOBALS['inuser']['u_lformat'],$date);
else $date=MSG_none;
return month_replace($date);
}
function short_date_out($date) {
$date=$date+$GLOBALS['inuser']['u_timeregion']-$GLOBALS['opt_timeregion'];
if ($date<0) $date=0;
if ($date) $date=date($GLOBALS['inuser']['u_sformat'],$date);
else $date=MSG_none;
return month_replace($date);
}
function addlinks(&$text) {
$text = " ".$text." ";
$text = str_replace("<"," <",$text);
$text = str_replace(">","> ",$text);
$text = preg_replace("/\n/","",$text);
$text = preg_replace("/\r/","",$text);
$text = preg_replace("/ ([^:\t \n\[]+?\@[^\t \n\[]+?) /is"," $1 ",$text);
$text = preg_replace("/ (http:\/\/\S+?) /is"," $1 ",$text);
$text = preg_replace("/ (www\.\S+?) /is"," $1 ",$text);
$text = preg_replace("/ ([\w-\.]+?\.ru) /is"," $1 ",$text);
$text = preg_replace("/ ([\w-\.]+?\.com) /is"," $1 ",$text);
$text = preg_replace("/ ([\w-\.]+?\.net) /is"," $1 ",$text);
$text = preg_replace("/ ([\w-\.]+?\.org) /is"," $1 ",$text);
$text = str_replace(" <","<",$text);
$text = str_replace("> ",">",$text);
}
function check_hidden($posts,$text) {
if (!$GLOBALS['inuserposts'] && $GLOBALS['inuserid']>3) {
$link=$GLOBALS['link'];
$sql = "SELECT COUNT(*) FROM ".$GLOBALS['DBprefix']."Post WHERE p_uid=".$GLOBALS['inuserid']." AND p__premoderate=0";
$res = db_query($sql,$link);
list($count)=db_fetch_row($res);
db_free_result($res);
$GLOBALS['inuserposts']=$count;
}
if ($posts<=$GLOBALS['inuserposts']) return $text;
else return "
".MSG_p_posthide." ".format_word($posts,MSG_p1,MSG_p2,MSG_p3).".
";
}
function check_level($level,$text) {
if ($level<=$GLOBALS['inuserlevel']) return $text;
else return "
".MSG_p_levelhide.".
";
}
function check_url($url) {
$url=strtolower($url);
$res=1;
if (strpos($url,"script:")!==false) $res=0;
if (strpos($url,"/admin")===0) $res=0;
$forumurl=strtolower($GLOBALS['opt_url']);
$forumurl=str_replace("www.","",$forumurl);
$forumurl=preg_replace("|/$|s","",$forumurl);
$url=str_replace("www.","",$url);
if (strpos($url,$forumurl."/admin")!==false) $res=0;
if (strpos($url,"a=do_logout")!==false) $res=0;
if (strpos($url,"\"")!==false) $res=0;
return $res;
}
function check_img($imgtext) {
preg_match("/src=\"([^\"]+?)\"[\s>]/is",$imgtext,$matches);
if (!$matches[1]) preg_match("/src='([^']+?)'[\s>]/is",$imgtext,$matches);
if (!$matches[1]) preg_match("/src=(\S+?)/is",$imgtext,$matches);
$tmptext=str_replace($matches[1],"",$imgtext);
if (preg_match("/\Won\w+?=/is",$tmptext) || preg_match("/\Wurl\(/is",$tmptext)) {
$GLOBALS['hackattempt']++;
return "
HACK ATTEMPT: ".htmlspecialchars($imgtext)."
";
}
if (strpos($matches[1],$GLOBALS['opt_url']."/smiles")===false) $imgtext=preg_replace("|<(img .*?)>|is","<$1 onLoad=\"ch_img(this)\">",$imgtext);
if (check_url($matches[1])) return $imgtext;
else {
$GLOBALS['hackattempt']++;
return "
HACK ATTEMPT: ".$matches[1]."
";
}
}
function check_link($linktext) {
preg_match("/href=\"([^\"]+?)\"[\s>]/is",$linktext,$matches);
if (!$matches[1]) preg_match("/href='([^']+?)'[\s>]/is",$linktext,$matches);
if (!$matches[1]) preg_match("/href=(\S+?)[\s>]/is",$linktext,$matches);
$tmptext=str_replace($matches[1],"",$linktext);
if (preg_match("/\Won\w+?=/is",$tmptext) || preg_match("/\Wurl\(/is",$tmptext)) {
$GLOBALS['hackattempt']++;
return "
HACK ATTEMPT: ".htmlspecialchars($linktext)."
";
}
if (check_url($matches[1])) return $linktext;
else {
$GLOBALS['hackattempt']++;
return "
HACK ATTEMPT: ".substr($matches[1],0,50)."
";
}
}
function process_code($text,$html) {
if ($html) $text=nl2br(htmlspecialchars(str_replace("
","\n",$text)));
$text=str_replace(" "," ",$text);
$text=str_replace("\t"," ",$text);
$text="
$text
";
$text=str_replace("[","[*___",$text);
$text=str_replace("]","___*]",$text);
if (is_array($GLOBALS['smiles'])) foreach ($GLOBALS['smiles'] as $sm_code=>$sm_file) if ($GLOBALS['smileshow'][$sm_code]) {
$text=str_replace("",$sm_code,$text);
}
return $text;
}
function code_back($text) {
$text=str_replace("[*___","[",$text);
$text=str_replace("___*]","]",$text);
return $text;
}
function table_parse($text) {
$text ="".$text;
$text = preg_replace("/\[tr\](.*?)\[\/tr\]/is","$1
",$text);
$text = preg_replace("/\[td\](.*?)\[\/td\]/is","$1 | ",$text);
$text = preg_replace("/\[td colspan=(\d+)\](.*?)\[\/td\]/is","$2 | ",$text);
$text.="
";
return $text;
}
function boardcode(&$text,$html=0,$tid,$pid) {
if (strpos($text,"[")!==false) {
$text=preg_replace("/\[nocode\](.*?)\[\/nocode\]/ise","str_replace(\"[\",\"[\",str_replace(\"]\",\"]\",\"$1\"))",$text);
$text=preg_replace("/\[nohtml\](.*?)\[\/nohtml\]/ise","nl2br(str_replace(\"<\",\"<\",str_replace(\">\",\">\",str_replace(\"
\",\"\n\",\"$1\"))))",$text);
$cutid=getvar('cutid');
if ($pid==$cutid || $tid==0 || $GLOBALS['action']=="do_print") {
$text=preg_replace("/\[cut\](.*?)\[\/cut\]/is","$1",$text);
$text=preg_replace("/\[cut=\".*?\"\](.*?)\[\/cut\]/is","$1",$text);
}
else {
$text=preg_replace("/\[cut\](.*?)\[\/cut\]/is","".MSG_p_uncut."",$text);
$text=preg_replace("/\[cut=\"(.*?)\"\](.*?)\[\/cut\]/is","$1",$text);
}
preg_match_all("/\[code\](.*?)\[\/code\]/is",$text,$matches);
foreach ($matches[1] as $curmatch) {
$newcode=process_code($curmatch,$html);
$text=str_replace("[code]".$curmatch."[/code]","[code]".$newcode."[/code]",$text);
}
$text = str_replace("[hr]","
",$text);
$text = str_replace("[br]","
",$text);
$text = preg_replace("/\[quote\](.*?)\[\/quote\]/is","",$text);
$text = preg_replace("/\[q\](.*?)\[\/q\]/is","",$text);
$text = preg_replace("/\[quote=(.+?)\](.*?)\[\/quote\]/is","$1 ".MSG_written.":",$text);//.short_date_out($2)."
$text = preg_replace("/\[q=(.+?)\](.*?)\[\/q\]/is","$1 ".MSG_written.":",$text);
$text = preg_replace("/\[q(\d+)\](.*?)\[\/q$1\]/is","",$text);
$text = preg_replace("/\[url\](\w+?:\/\/[^\"]+?)\[\/url\]/is","$1",$text);
$text = preg_replace("/\[url\]([^\"]+?)\[\/url\]/is","$1",$text);
$text = preg_replace("/\[url=(\w+?:\/\/[^\"]+?)\](.+?)\[\/url\]/is","$2",$text);
$text = preg_replace("/\[url=([^\"]+?)\]([^\"]+?)\[\/url\]/is","$2",$text);
$text = preg_replace("/\[url2=([^\"]+?)\](.+?)\[\/url2\]/is","$2",$text);
$text = preg_replace("/\[email\](\S+?\@\S+?)\[\/email\]/is","$1",$text);
$text = preg_replace("/\[email=(\S+?\@\S+?)\](.+?)\[\/email\]/is","$2",$text);
$text = str_replace("[b]","",$text);
$text = str_replace("[/b]","",$text);
$text = str_replace("[i]","",$text);
$text = str_replace("[/i]","",$text);
$text = str_replace("[u]","",$text);
$text = str_replace("[/u]","",$text);
$text = str_replace("[s]","",$text);
$text = str_replace("[/s]","",$text);
$text = preg_replace("/\[font=([\w ]+?)\]/is","",$text);
$text = preg_replace("/\[color=([#\w\d]+?)\]/is","",$text);
$text = preg_replace("/\[size=(\d+?)\]/is","",$text);
$text = str_replace("[/font]","",$text);
$text = str_replace("[/color]","",$text);
$text = str_replace("[/size]","",$text);
$text = str_replace("[list]","",$text);
$text = str_replace("[*]","- ",$text);
$text = str_replace("[/list]","
",$text);
if (!$GLOBALS['opt_imgtag']) {
$text = preg_replace("/\[img\](.+?)\[\/img\]/is","",$text);
$text = preg_replace("/\[img=(.+?)\]/is","",$text);
} else {
$text = preg_replace("/\[img\](\S+?)\[\/img\]/is","",$text);
$text = preg_replace("/\[img=(\S+?)\]/is","",$text);
}
$text = preg_replace("/(
)?\[table(.*?)\](.*?)\[\/table\](
)?/ise","table_parse(\"$3\");",$text);
$text = preg_replace("/<\/td>(\s*
\s*)+<",$text);
$text = preg_replace("/<\/tr>(\s*
\s*)+<",$text);
$text = preg_replace("/(\s*
\s*)+<",$text);
$text = preg_replace("/(\s*
\s*)+<",$text);
$text = preg_replace("/\[off\](.*?)\[\/off\]/is","".MSG_offtopic.": $1
",$text);
$text = preg_replace("/\[center\](.*?)\[\/center\]/is","$1
",$text);
$text = preg_replace("/\[right\](.*)\[\/right\]/is","$1
",$text);
$text = preg_replace("/\[translit\](.*)\[\/translit\]/esi","untransliterate(\"$1\")",$text);
$text = preg_replace("/()/ise","check_img(\"$1\")",$text);
if (!$html) $text = preg_replace("/()/ise","check_link(\"$1\")",$text);
$text = preg_replace("/()/ise","\"
HACK ATTEMPT: \".htmlspecialchars(\"$1\").\"
\"",$text);
$text = preg_replace("/\[hide=(\d+?)\](.*?)\[\/hide\]/esi","check_hidden($1,\"$2\")",$text);
$text = preg_replace("/\[level=(\d+?)\](.*?)\[\/level\]/esi","check_level($1,\"$2\")",$text);
preg_match_all("/\[code\](.*?)\[\/code\]/is",$text,$matches);
foreach ($matches[1] as $curmatch) {
$newcode=code_back($curmatch);
$text=str_replace("[code]".$curmatch."[/code]",$newcode,$text);
}
}
$text = str_replace("(c)","©",$text);
$text = str_replace("(C)","©",$text);
$text = str_replace("(r)","®",$text);
$text = str_replace("(R)","®",$text);
$text = str_replace("(tm)","™",$text);
$text = str_replace("(TM)","™",$text);
$text = str_replace(" -- "," — ",$text);
}
function sign_code(&$text) {
if (strpos($text,"[")!==false) {
$text = preg_replace("/\[br\]/","
",$text);
$text = str_replace("[b]","",$text);
$text = str_replace("[/b]","",$text);
$text = str_replace("[i]","",$text);
$text = str_replace("[/i]","",$text);
$text = str_replace("[u]","",$text);
$text = str_replace("[/u]","",$text);
$text = str_replace("[s]","",$text);
$text = str_replace("[/s]","",$text);
$text = preg_replace("/\[font=([^<>]+?)\]/is","",$text);
$text = preg_replace("/\[color=([^<>]+?)\]/is","",$text);
$text = preg_replace("/\[size=([^<>]+?)\]/is","",$text);
$text = str_replace("[/font]","",$text);
$text = str_replace("[/color]","",$text);
$text = str_replace("[/size]","",$text);
$text = preg_replace("/\[url\](\w+?:\/\/[^\"]+?)\[\/url\]/is","$1",$text);
$text = preg_replace("/\[url\]([^\"]+?)\[\/url\]/is","$1",$text);
$text = preg_replace("/\[url=(\w+?:\/\/[^\"]+?)\](.+?)\[\/url\]/is","$2",$text);
$text = preg_replace("/\[url=([^\"]+?)\]([^\"]+?)\[\/url\]/is","$2",$text);
$text = preg_replace("/\[url=(\S+?)\](.+?)\[\/url\]/is","$2",$text);
$text = preg_replace("/\[email\]([\w\d.-]+?\@[\w\d.-]+?)\[\/email\]/is","$1",$text);
$text = preg_replace("/\[email=([\w\d.-]+?\@[\w\d.-]+?)\](.+?)\[\/email\]/is","$2",$text);
}
$text = str_replace("(c)","©",$text);
$text = str_replace("(C)","©",$text);
$text = str_replace("(r)","®",$text);
$text = str_replace("(R)","®",$text);
$text = str_replace("(tm)","™",$text);
$text = str_replace("(TM)","™",$text);
if ($GLOBALS['opt_sigpics']) {
$text = preg_replace("/\[img\](\S+?)\[\/img\]/is","",$text);
$text = preg_replace("/\[img=(\S+?)\]/is","",$text);
$text = preg_replace("/()/ise","check_img(\"$1\")",$text);
$text = preg_replace("/(.*?<\/a>)/ise","check_link(\"$1\")",$text);
}
return $text;
}
function textout($text,$html,$bcode,$smiles,$tid=0,$pid=0) {
if ($html) $text=nl2br($text);
else $text=nl2br(htmlspecialchars($text));
$text=str_replace(""","\"",$text);
addlinks($text);
if ($smiles) smiles($text);
if ($bcode) boardcode($text,$html,$tid,$pid);
if ($hlight=getvar('hl')) {
$hlight=preg_replace("/[.,:;\-\?()\\!+\-*]+/"," ",$hlight);
$hls=explode(" ",$hlight);
foreach ($hls as $curhl) {
if ($curhl && strlen($curlh)>3) $text=preg_replace("|([ >.,:;\-?()\\!\"\]]+)($curhl\S*?)([ <.,:;\-?()\\!\"\[]+)|is","$1$2$3",$text);
}
}
if ($text) {
$count=preg_match_all("/]+?>(\S*?)<\/a>/is",$text,$matches);
if ($count) foreach ($matches[1] as $curmatch) {
if (strlen($curmatch)>60) $text=str_replace(">".$curmatch."<",">".substr($curmatch,0,30)."...".substr($curmatch,-10,10)."<",$text);
}
}
if ($GLOBALS['action']=="do_print") {
$text = preg_replace("/(.*?)<\/a>/is","$4 ($2)",$text);
}
$text=preg_replace("/&#(\d{3,4};)/is","$1",$text);
return $text;
}
function build_avatar_select() {
$dir=opendir($GLOBALS['opt_dir']."/avatars");
while ($curfile=readdir($dir)) if (!is_dir($GLOBALS['opt_dir']."/avatars/".$curfile)) $avatarselect.="