SimpleMachines / SMF2.1

Themes/default/ManageAttachments.template.php

Braces +29 added lines, -20 removed lines

@@ -116,9 +116,10 @@ 
 		</div><!-- .windowbg -->
 	</div><!-- #manage_attachments -->';
 
-	if (!empty($context['results']))
-		echo '
+	if (!empty($context['results'])) {
+			echo '
 	<div class="noticebox">', $context['results'], '</div>';
+	}
 
 	echo '
 	<div id="transfer" class="cat_bar">
@@ -133,9 +134,10 @@ 
 					<select name="from">
 						<option value="0">', $txt['attachment_transfer_select'], '</option>';
 
-	foreach ($context['attach_dirs'] as $id => $dir)
-		echo '
+	foreach ($context['attach_dirs'] as $id => $dir) {
+			echo '
 						<option value="', $id, '">', $dir, '</option>';
+	}
 
 	echo '
 					</select>
@@ -146,13 +148,14 @@ 
 						<option value="0">', $txt['attachment_transfer_auto_select'], '</option>
 						<option value="-1">', $txt['attachment_transfer_forum_root'], '</option>';
 
-	if (!empty($context['base_dirs']))
-		foreach ($context['base_dirs'] as $id => $dir)
+	if (!empty($context['base_dirs'])) {
+			foreach ($context['base_dirs'] as $id => $dir)
 			echo '
 						<option value="', $id, '">', $dir, '</option>';
-	else
-			echo '
+	} else {
+				echo '
 						<option value="0" disabled>', $txt['attachment_transfer_no_base'], '</option>';
+	}
 
 	echo '
 					</select>
@@ -162,18 +165,20 @@ 
 					<select name="to">
 						<option value="0">', $txt['attachment_transfer_select'], '</option>';
 
-	foreach ($context['attach_dirs'] as $id => $dir)
-		echo '
+	foreach ($context['attach_dirs'] as $id => $dir) {
+			echo '
 						<option value="', $id, '">', $dir, '</option>';
+	}
 
 	echo '
 					</select>
 				</dd>';
 
-	if (!empty($modSettings['attachmentDirFileLimit']))
-		echo '
+	if (!empty($modSettings['attachmentDirFileLimit'])) {
+			echo '
 				<dt>', $txt['attachment_transfer_empty'], '</dt>
 				<dd><input type="checkbox" name="empty_it"', $context['checked'] ? ' checked' : '', '></dd>';
+	}
 
 	echo '
 			</dl>
@@ -209,8 +214,8 @@ 
 	global $context, $txt, $scripturl;
 
 	// If we've completed just let them know!
-	if ($context['completed'])
-		echo '
+	if ($context['completed']) {
+			echo '
 	<div id="manage_attachments">
 		<div class="cat_bar">
 			<h3 class="catbg">', $txt['repair_attachments_complete'], '</h3>
@@ -219,10 +224,11 @@ 
 			', $txt['repair_attachments_complete_desc'], '
 		</div>
 	</div>';
+	}
 
 	// What about if no errors were even found?
-	elseif (!$context['errors_found'])
-		echo '
+	elseif (!$context['errors_found']) {
+			echo '
 	<div id="manage_attachments">
 		<div class="cat_bar">
 			<h3 class="catbg">', $txt['repair_attachments_complete'], '</h3>
@@ -231,6 +237,7 @@ 
 			', $txt['repair_attachments_no_errors'], '
 		</div>
 	</div>';
+	}
 
 	// Otherwise, I'm sad to say, we have a problem!
 	else
@@ -245,11 +252,12 @@ 
 				<p>', $txt['repair_attachments_error_desc'], '</p>';
 
 		// Loop through each error reporting the status
-		foreach ($context['repair_errors'] as $error => $number)
-			if (!empty($number))
+		foreach ($context['repair_errors'] as $error => $number) {
+					if (!empty($number))
 				echo '
 				<input type="checkbox" name="to_fix[]" id="', $error, '" value="', $error, '">
 				<label for="', $error, '">', sprintf($txt['attach_repair_' . $error], $number), '</label><br>';
+		}
 
 		echo '
 				<br>
@@ -268,8 +276,9 @@ 
 {
 	global $modSettings;
 
-	if (!empty($modSettings['attachment_basedirectories']))
-		template_show_list('base_paths');
+	if (!empty($modSettings['attachment_basedirectories'])) {
+			template_show_list('base_paths');
+	}
 
 	template_show_list('attach_paths');
 }

Themes/default/Who.template.php

Braces +45 added lines, -31 removed lines

@@ -31,9 +31,10 @@ 
 						', $txt['who_show1'], '
 						<select name="show_top" onchange="document.forms.whoFilter.show.value = this.value; document.forms.whoFilter.submit();">';
 
-	foreach ($context['show_methods'] as $value => $label)
-		echo '
+	foreach ($context['show_methods'] as $value => $label) {
+			echo '
 							<option value="', $value, '" ', $value == $context['show_by'] ? ' selected' : '', '>', $label, '</option>';
+	}
 	echo '
 						</select>
 						<noscript>
@@ -58,20 +59,22 @@ 
 							<td>';
 
 		// Guests can't be messaged.
-		if (!$member['is_guest'])
-			echo '
+		if (!$member['is_guest']) {
+					echo '
 								<span class="contact_info floatright">
 									', $context['can_send_pm'] ? '<a href="' . $member['online']['href'] . '" title="' . $member['online']['text'] . '">' : '', $settings['use_image_buttons'] ? '<span class="' . ($member['online']['is_online'] == 1 ? 'on' : 'off') . '" title="' . $member['online']['text'] . '"></span>' : $member['online']['label'], $context['can_send_pm'] ? '</a>' : '', '
 								</span>';
+		}
 
 		echo '
 								<span class="member', $member['is_hidden'] ? ' hidden' : '', '">
 									', $member['is_guest'] ? $member['name'] : '<a href="' . $member['href'] . '" title="' . $txt['profile_of'] . ' ' . $member['name'] . '"' . (empty($member['color']) ? '' : ' style="color: ' . $member['color'] . '"') . '>' . $member['name'] . '</a>', '
 								</span>';
 
-		if (!empty($member['ip']))
-			echo '
+		if (!empty($member['ip'])) {
+					echo '
 								(<a href="' . $scripturl . '?action=', ($member['is_guest'] ? 'trackip' : 'profile;area=tracking;sa=ip;u=' . $member['id']), ';searchip=' . $member['ip'] . '">' . $member['ip'] . '</a>)';
+		}
 
 		echo '
 							</td>
@@ -81,13 +84,14 @@ 
 	}
 
 	// No members?
-	if (empty($context['members']))
-		echo '
+	if (empty($context['members'])) {
+			echo '
 						<tr class="windowbg">
 							<td colspan="3">
 							', $txt['who_no_online_' . ($context['show_by'] == 'guests' || $context['show_by'] == 'spiders' ? $context['show_by'] : 'members')], '
 							</td>
 						</tr>';
+	}
 
 	echo '
 					</tbody>
@@ -98,9 +102,10 @@ 
 						', $txt['who_show1'], '
 						<select name="show" onchange="document.forms.whoFilter.submit();">';
 
-	foreach ($context['show_methods'] as $value => $label)
-		echo '
+	foreach ($context['show_methods'] as $value => $label) {
+			echo '
 							<option value="', $value, '" ', $value == $context['show_by'] ? ' selected' : '', '>', $label, '</option>';
+	}
 	echo '
 						</select>
 						<noscript>
@@ -129,17 +134,19 @@ 
 
 	foreach ($context['credits'] as $section)
 	{
-		if (isset($section['pretext']))
-			echo '
+		if (isset($section['pretext'])) {
+					echo '
 		<div class="windowbg">
 			<p>', $section['pretext'], '</p>
 		</div>';
+		}
 
-		if (isset($section['title']))
-			echo '
+		if (isset($section['title'])) {
+					echo '
 		<div class="cat_bar">
 			<h3 class="catbg">', $section['title'], '</h3>
 		</div>';
+		}
 
 		echo '
 		<div class="windowbg">
@@ -147,17 +154,18 @@ 
 
 		foreach ($section['groups'] as $group)
 		{
-			if (isset($group['title']))
-				echo '
+			if (isset($group['title'])) {
+							echo '
 				<dt>
 					<strong>', $group['title'], '</strong>
 				</dt>
 				<dd>';
+			}
 
 			// Try to make this read nicely.
-			if (count($group['members']) <= 2)
-				echo implode(' ' . $txt['credits_and'] . ' ', $group['members']);
-			else
+			if (count($group['members']) <= 2) {
+							echo implode(' ' . $txt['credits_and'] . ' ', $group['members']);
+			} else
 			{
 				$last_peep = array_pop($group['members']);
 				echo implode(', ', $group['members']), ' ', $txt['credits_and'], ' ', $last_peep;
@@ -170,9 +178,10 @@ 
 		echo '
 			</dl>';
 
-		if (isset($section['posttext']))
-			echo '
+		if (isset($section['posttext'])) {
+					echo '
 				<p class="posttext">', $section['posttext'], '</p>';
+		}
 
 		echo '
 		</div>';
@@ -187,26 +196,29 @@ 
 		</div>
 		<div class="windowbg">';
 
-		if (!empty($context['credits_software_graphics']['graphics']))
-			echo '
+		if (!empty($context['credits_software_graphics']['graphics'])) {
+					echo '
 			<dl>
 				<dt><strong>', $txt['credits_graphics'], '</strong></dt>
 				<dd>', implode('</dd><dd>', $context['credits_software_graphics']['graphics']), '</dd>
 			</dl>';
+		}
 
-		if (!empty($context['credits_software_graphics']['software']))
-			echo '
+		if (!empty($context['credits_software_graphics']['software'])) {
+					echo '
 			<dl>
 				<dt><strong>', $txt['credits_software'], '</strong></dt>
 				<dd>', implode('</dd><dd>', $context['credits_software_graphics']['software']), '</dd>
 			</dl>';
+		}
 
-		if (!empty($context['credits_software_graphics']['fonts']))
-			echo '
+		if (!empty($context['credits_software_graphics']['fonts'])) {
+					echo '
 			<dl>
 				<dt><strong>', $txt['credits_fonts'], '</strong></dt>
 				<dd>', implode('</dd><dd>', $context['credits_software_graphics']['fonts']), '</dd>
 			</dl>';
+		}
 		echo '
 		</div>';
 	}
@@ -222,14 +234,16 @@ 
 			<ul>';
 
 		// Display the credits.
-		if (!empty($context['credits_modifications']))
-			echo '
+		if (!empty($context['credits_modifications'])) {
+					echo '
 				<li>', implode('</li><li>', $context['credits_modifications']), '</li>';
+		}
 
 		// Legacy.
-		if (!empty($context['copyrights']['mods']))
-			echo '
+		if (!empty($context['copyrights']['mods'])) {
+					echo '
 				<li>', implode('</li><li>', $context['copyrights']['mods']), '</li>';
+		}
 
 		echo '
 			</ul>

Themes/default/ModerationCenter.template.php

Braces +59 added lines, -41 removed lines

@@ -54,18 +54,20 @@ 
 		<div class="windowbg" id="group_requests_panel">
 			<ul>';
 
-	foreach ($context['group_requests'] as $request)
-		echo '
+	foreach ($context['group_requests'] as $request) {
+			echo '
 				<li class="smalltext">
 					<a href="', $request['request_href'], '">', $request['group']['name'], '</a> ', $txt['mc_groupr_by'], ' ', $request['member']['link'], '
 				</li>';
+	}
 
 	// Don't have any watched users right now?
-	if (empty($context['group_requests']))
-		echo '
+	if (empty($context['group_requests'])) {
+			echo '
 				<li>
 					<strong class="smalltext">', $txt['mc_group_requests_none'], '</strong>
 				</li>';
+	}
 
 	echo '
 			</ul>
@@ -121,18 +123,20 @@ 
 		<div class="windowbg" id="watched_users_panel">
 			<ul>';
 
-	foreach ($context['watched_users'] as $user)
-		echo '
+	foreach ($context['watched_users'] as $user) {
+			echo '
 				<li>
 					<span class="smalltext">', sprintf(!empty($user['last_login']) ? $txt['mc_seen'] : $txt['mc_seen_never'], $user['link'], $user['last_login']), '</span>
 				</li>';
+	}
 
 	// Don't have any watched users right now?
-	if (empty($context['watched_users']))
-		echo '
+	if (empty($context['watched_users'])) {
+			echo '
 				<li>
 					<strong class="smalltext">', $txt['mc_watched_users_none'], '</strong>
 				</li>';
+	}
 
 	echo '
 			</ul>
@@ -188,18 +192,20 @@ 
 		<div class="windowbg" id="reported_posts_panel">
 			<ul>';
 
-	foreach ($context['reported_posts'] as $post)
-		echo '
+	foreach ($context['reported_posts'] as $post) {
+			echo '
 				<li>
 					<span class="smalltext">', sprintf($txt['mc_post_report'], $post['report_link'], $post['author']['link']), '</span>
 				</li>';
+	}
 
 	// Don't have any watched users right now?
-	if (empty($context['reported_posts']))
-		echo '
+	if (empty($context['reported_posts'])) {
+			echo '
 				<li>
 					<strong class="smalltext">', $txt['mc_recent_reports_none'], '</strong>
 				</li>';
+	}
 
 	echo '
 			</ul>
@@ -255,18 +261,20 @@ 
 		<div class="windowbg" id="reported_users_panel">
 			<ul>';
 
-	foreach ($context['reported_users'] as $user)
-		echo '
+	foreach ($context['reported_users'] as $user) {
+			echo '
 				<li>
 					<span class="smalltext">', $user['user']['link'], '</span>
 				</li>';
+	}
 
 	// Don't have any watched users right now?
-	if (empty($context['reported_users']))
-		echo '
+	if (empty($context['reported_users'])) {
+			echo '
 				<li>
 					<strong class="smalltext">', $txt['mc_reported_users_none'], '</strong>
 				</li>';
+	}
 
 	echo '
 			</ul>
@@ -313,11 +321,12 @@ 
 	global $context, $txt, $scripturl;
 
 	// Let them know the action was a success.
-	if (!empty($context['report_post_action']))
-		echo '
+	if (!empty($context['report_post_action'])) {
+			echo '
 		<div class="infobox">
 			', $txt['report_action_' . $context['report_post_action']], '
 		</div>';
+	}
 
 	echo '
 		<div id="modnotes">
@@ -333,11 +342,12 @@ 
 					<ul class="moderation_notes">';
 
 		// Cycle through the notes.
-		foreach ($context['notes'] as $note)
-			echo '
+		foreach ($context['notes'] as $note) {
+					echo '
 						<li class="smalltext">
 							', ($note['can_delete'] ? '<a href="' . $note['delete_href'] . ';' . $context['mod-modnote-del_token_var'] . '=' . $context['mod-modnote-del_token'] . '" data-confirm="' . $txt['mc_reportedp_delete_confirm'] . '" class="you_sure"><span class="generic_icons delete"></span></a>' : ''), $note['time'], ' <strong>', $note['author']['link'], ':</strong> ', $note['text'], '
 						</li>';
+		}
 
 		echo '
 					</ul>
@@ -378,18 +388,19 @@ 
 	$remove_button = create_button('delete', 'remove_message', 'remove');
 
 	// No posts?
-	if (empty($context['unapproved_items']))
-		echo '
+	if (empty($context['unapproved_items'])) {
+			echo '
 			<div class="windowbg">
 				<p class="centertext">
 					', $txt['mc_unapproved_' . $context['current_view'] . '_none_found'], '
 				</p>
 			</div>';
-	else
-		echo '
+	} else {
+			echo '
 			<div class="pagesection floatleft">
 				', $context['page_index'], '
 			</div>';
+	}
 
 	foreach ($context['unapproved_items'] as $item)
 	{
@@ -408,14 +419,16 @@ 
 				<span class="floatright">
 					<a href="', $scripturl, '?action=moderate;area=postmod;sa=', $context['current_view'], ';start=', $context['start'], ';', $context['session_var'], '=', $context['session_id'], ';approve=', $item['id'], '">', $approve_button, '</a>';
 
-		if ($item['can_delete'])
-			echo '
+		if ($item['can_delete']) {
+					echo '
 					', $context['menu_separator'], '
 					<a href="', $scripturl, '?action=moderate;area=postmod;sa=', $context['current_view'], ';start=', $context['start'], ';', $context['session_var'], '=', $context['session_id'], ';delete=', $item['id'], '">', $remove_button, '</a>';
+		}
 
-		if (!empty($options['display_quick_mod']) && $options['display_quick_mod'] == 1)
-			echo '
+		if (!empty($options['display_quick_mod']) && $options['display_quick_mod'] == 1) {
+					echo '
 					<input type="checkbox" name="item[]" value="', $item['id'], '" checked> ';
+		}
 
 		echo '
 				</span>
@@ -425,8 +438,8 @@ 
 	echo '
 			<div class="pagesection">';
 
-	if (!empty($options['display_quick_mod']) && $options['display_quick_mod'] == 1)
-		echo '
+	if (!empty($options['display_quick_mod']) && $options['display_quick_mod'] == 1) {
+			echo '
 				<div class="floatright">
 					<select name="do" onchange="if (this.value != 0 &amp;&amp; confirm(\'', $txt['mc_unapproved_sure'], '\')) submit();">
 						<option value="0">', $txt['with_selected'], ':</option>
@@ -438,12 +451,14 @@ 
 						<input type="submit" name="mc_go" value="', $txt['go'], '" class="button">
 					</noscript>
 				</div>';
+	}
 
-	if (!empty($context['unapproved_items']))
-		echo '
+	if (!empty($context['unapproved_items'])) {
+			echo '
 				<div class="floatleft">
 					<div class="pagelinks">', $context['page_index'], '</div>
 				</div>';
+	}
 
 	echo '
 			</div><!-- .pagesection -->
@@ -464,8 +479,9 @@ 
 
 	// We'll have a delete please bob.
 	// @todo Discuss this with the team and rewrite if required.
-	if (empty($delete_button))
-		$delete_button = create_button('delete', 'remove_message', 'remove', 'class="centericon"');
+	if (empty($delete_button)) {
+			$delete_button = create_button('delete', 'remove_message', 'remove', 'class="centericon"');
+	}
 
 	$output_html = '
 					<div>
@@ -474,10 +490,11 @@ 
 						</div>
 						<div class="floatright">';
 
-	if ($post['can_delete'])
-		$output_html .= '
+	if ($post['can_delete']) {
+			$output_html .= '
 							<a href="' . $scripturl . '?action=moderate;area=userwatch;sa=post;delete=' . $post['id'] . ';start=' . $context['start'] . ';' . $context['session_var'] . '=' . $context['session_id'] . '" data-confirm="' . $txt['mc_watched_users_delete_post'] . '" class="you_sure">' . $delete_button . '</a>
 							<input type="checkbox" name="delete[]" value="' . $post['id'] . '">';
+	}
 
 	$output_html .= '
 						</div>
@@ -521,12 +538,12 @@ 
 				<input type="submit" name="save" value="', $txt['save'], '" class="button">
 			</div>
 		</form>';
-	}
-	else
-		echo '
+	} else {
+			echo '
 		<div class="windowbg">
 			<div class="centertext">', $txt['mc_no_settings'], '</div>
 		</div>';
+	}
 
 	echo '
 	</div><!-- #modcenter -->';
@@ -622,13 +639,14 @@ 
 					</dd>
 				</dl>';
 
-	if ($context['template_data']['can_edit_personal'])
-		echo '
+	if ($context['template_data']['can_edit_personal']) {
+			echo '
 				<input type="checkbox" name="make_personal" id="make_personal"', $context['template_data']['personal'] ? ' checked' : '', '>
 					<label for="make_personal">
 						<strong>', $txt['mc_warning_template_personal'], '</strong>
 					</label>
 					<p class="smalltext">', $txt['mc_warning_template_personal_desc'], '</p>';
+	}
 
 	echo '
 				<input type="submit" name="preview" id="preview_button" value="', $txt['preview'], '" class="button">

Themes/default/Login.template.php

Braces +44 added lines, -30 removed lines

@@ -28,15 +28,17 @@ 
 				<form class="login" action="', $context['login_url'], '" name="frmLogin" id="frmLogin" method="post" accept-charset="', $context['character_set'], '">';
 
 	// Did they make a mistake last time?
-	if (!empty($context['login_errors']))
-		echo '
+	if (!empty($context['login_errors'])) {
+			echo '
 					<div class="errorbox">', implode('<br>', $context['login_errors']), '</div>
 					<br>';
+	}
 
 	// Or perhaps there's some special description for this time?
-	if (isset($context['description']))
-		echo '
+	if (isset($context['description'])) {
+			echo '
 					<div class="information">', $context['description'], '</div>';
+	}
 
 	// Now just get the basic information - username, password, etc.
 	echo '
@@ -55,19 +57,21 @@ 
 						<dd>
 							<select name="cookielength" id="cookielength">';
 
-	foreach ($context['login_cookie_times'] as $cookie_time => $cookie_txt)
-		echo '
+	foreach ($context['login_cookie_times'] as $cookie_time => $cookie_txt) {
+			echo '
 								<option value="', $cookie_time, '"', $modSettings['cookieTime'] == $cookie_time ? ' selected' : '', '>', $txt[$cookie_txt], '</option>';
+	}
 
 	echo '
 							</select>
 						</dd>';
 
 	// If they have deleted their account, give them a chance to change their mind.
-	if (isset($context['login_show_undelete']))
-		echo '
+	if (isset($context['login_show_undelete'])) {
+			echo '
 						<dt class="alert">', $txt['undelete_account'], ':</dt>
 						<dd><input type="checkbox" name="undelete"></dd>';
+	}
 
 	echo '
 					</dl>
@@ -85,8 +89,8 @@ 
 							document.getElementById("', !empty($context['from_ajax']) ? 'ajax_' : '', isset($context['default_username']) && $context['default_username'] != '' ? 'loginpass' : 'loginuser', '").focus();
 						}, 150);';
 
-	if (!empty($context['from_ajax']))
-		echo '
+	if (!empty($context['from_ajax'])) {
+			echo '
 						form = $("#frmLogin");
 						form.submit(function(e) {
 							e.preventDefault();
@@ -119,16 +123,18 @@ 
 
 							return false;
 						});';
+	}
 
 	echo '
 					</script>
 				</form>';
 
 	// It is a long story as to why we have this when we're clearly not going to use it.
-	if (!empty($context['from_ajax']))
-		echo '
+	if (!empty($context['from_ajax'])) {
+			echo '
 				<br>
 				<a href="javascript:self.close();"></a>';
+	}
 
 	echo '
 			</div><!-- .roundframe -->
@@ -151,11 +157,12 @@ 
 			</div>
 			<div class="roundframe">';
 
-	if (!empty($context['tfa_error']) || !empty($context['tfa_backup_error']))
-		echo '
+	if (!empty($context['tfa_error']) || !empty($context['tfa_backup_error'])) {
+			echo '
 				<div class="error">
 					', $txt['tfa_' . (!empty($context['tfa_error']) ? 'code_' : 'backup_') . 'invalid'], '
 				</div>';
+	}
 
 	echo '
 				<form action="', $context['tfa_url'], '" method="post" id="frmTfa">
@@ -183,8 +190,8 @@ 
 				<script>
 					form = $("#frmTfa");';
 
-	if (!empty($context['from_ajax']))
-		echo '
+	if (!empty($context['from_ajax'])) {
+			echo '
 					form.submit(function(e) {
 						// If we are submitting backup code, let normal workflow follow since it redirects a couple times into a different page
 						if (form.find("input[name=tfa_backup]:first").val().length > 0)
@@ -203,6 +210,7 @@ 
 
 						return false;
 					});';
+	}
 
 	echo '
 					form.find("input[name=backup]").click(function(e) {
@@ -234,10 +242,11 @@ 
 			<p class="information centertext">
 				', empty($context['kick_message']) ? $txt['only_members_can_access'] : $context['kick_message'], '<br>';
 
-	if ($context['can_register'])
-		echo sprintf($txt['login_below_or_register'], $scripturl . '?action=signup', $context['forum_name_html_safe']);
-	else
-		echo $txt['login_below'];
+	if ($context['can_register']) {
+			echo sprintf($txt['login_below_or_register'], $scripturl . '?action=signup', $context['forum_name_html_safe']);
+	} else {
+			echo $txt['login_below'];
+	}
 
 	// And now the login information.
 	echo '
@@ -256,9 +265,10 @@ 
 					<dd>
 							<select name="cookielength" id="cookielength">';
 
-	foreach ($context['login_cookie_times'] as $cookie_time => $cookie_txt)
-		echo '
+	foreach ($context['login_cookie_times'] as $cookie_time => $cookie_txt) {
+			echo '
 								<option value="', $cookie_time, '"', $modSettings['cookieTime'] == $cookie_time ? ' selected' : '', '>', $txt[$cookie_txt], '</option>';
+	}
 
 	echo '
 							</select>
@@ -315,9 +325,10 @@ 
 					<dd>
 							<select name="cookielength" id="cookielength">';
 
-	foreach ($context['login_cookie_times'] as $cookie_time => $cookie_txt)
-		echo '
+	foreach ($context['login_cookie_times'] as $cookie_time => $cookie_txt) {
+			echo '
 								<option value="', $cookie_time, '"', $modSettings['cookieTime'] == $cookie_time ? ' selected' : '', '>', $txt[$cookie_txt], '</option>';
+	}
 
 	echo '
 							</select>
@@ -351,9 +362,10 @@ 
 			</div>
 			<div class="roundframe centertext">';
 
-	if (!empty($context['incorrect_password']))
-		echo '
+	if (!empty($context['incorrect_password'])) {
+			echo '
 				<div class="error">', $txt['admin_incorrect_password'], '</div>';
+	}
 
 	echo '
 				<strong>', $txt['password'], ':</strong>
@@ -394,10 +406,11 @@ 
 				<dl>';
 
 	// You didn't even have an ID?
-	if (empty($context['member_id']))
-		echo '
+	if (empty($context['member_id'])) {
+			echo '
 					<dt>', $txt['invalid_activation_username'], ':</dt>
 					<dd><input type="text" name="user" size="30"></dd>';
+	}
 
 	echo '
 					<dt>', $txt['invalid_activation_retry'], ':</dt>
@@ -434,13 +447,14 @@ 
 					<dd><input type="password" name="passwd" size="30"></dd>
 				</dl>';
 
-	if ($context['can_activate'])
-		echo '
+	if ($context['can_activate']) {
+			echo '
 				<p>', $txt['invalid_activation_known'], '</p>
 				<dl>
 					<dt>', $txt['invalid_activation_retry'], ':</dt>
 					<dd><input type="text" name="code" size="30"></dd>
 				</dl>';
+	}
 
 	echo '
 				<p><input type="submit" value="', $txt['invalid_activation_resend'], '" class="button"></p>

Sources/LogInOut.php

Braces +154 added lines, -121 removed lines

@@ -14,8 +14,9 @@ 
  * @version 2.1 Beta 4
  */
 
-if (!defined('SMF'))
+if (!defined('SMF')) {
 	die('No direct access...');
+}
 
 /**
  * Ask them for their login information. (shows a page for the user to type
@@ -29,8 +30,9 @@ 
 	global $txt, $context, $scripturl, $user_info;
 
 	// You are already logged in, go take a tour of the boards
-	if (!empty($user_info['id']))
-		redirectexit();
+	if (!empty($user_info['id'])) {
+			redirectexit();
+	}
 
 	// We need to load the Login template/language file.
 	loadLanguage('Login');
@@ -57,10 +59,11 @@ 
 	);
 
 	// Set the login URL - will be used when the login process is done (but careful not to send us to an attachment).
-	if (isset($_SESSION['old_url']) && strpos($_SESSION['old_url'], 'dlattach') === false && preg_match('~(board|topic)[=,]~', $_SESSION['old_url']) != 0)
-		$_SESSION['login_url'] = $_SESSION['old_url'];
-	elseif (isset($_SESSION['login_url']) && strpos($_SESSION['login_url'], 'dlattach') !== false)
-		unset($_SESSION['login_url']);
+	if (isset($_SESSION['old_url']) && strpos($_SESSION['old_url'], 'dlattach') === false && preg_match('~(board|topic)[=,]~', $_SESSION['old_url']) != 0) {
+			$_SESSION['login_url'] = $_SESSION['old_url'];
+	} elseif (isset($_SESSION['login_url']) && strpos($_SESSION['login_url'], 'dlattach') !== false) {
+			unset($_SESSION['login_url']);
+	}
 
 	// Create a one time token.
 	createToken('login');
@@ -92,8 +95,9 @@ 
 	global $cookiename, $modSettings, $context, $sourcedir, $maintenance;
 
 	// Check to ensure we're forcing SSL for authentication
-	if (!empty($modSettings['force_ssl']) && empty($maintenance) && !httpsOn())
-		fatal_lang_error('login_ssl_required');
+	if (!empty($modSettings['force_ssl']) && empty($maintenance) && !httpsOn()) {
+			fatal_lang_error('login_ssl_required');
+	}
 
 	// Load cookie authentication stuff.
 	require_once($sourcedir . '/Subs-Auth.php');
@@ -107,23 +111,26 @@ 
 	if (isset($_GET['sa']) && $_GET['sa'] == 'salt' && !$user_info['is_guest'])
 	{
 		// First check for 2.1 json-format cookie in $_COOKIE
-		if (isset($_COOKIE[$cookiename]) && preg_match('~^{"0":\d+,"1":"[0-9a-f]*","2":\d+~', $_COOKIE[$cookiename]) === 1)
-			list (,, $timeout) = $smcFunc['json_decode']($_COOKIE[$cookiename], true);
+		if (isset($_COOKIE[$cookiename]) && preg_match('~^{"0":\d+,"1":"[0-9a-f]*","2":\d+~', $_COOKIE[$cookiename]) === 1) {
+					list (,, $timeout) = $smcFunc['json_decode']($_COOKIE[$cookiename], true);
+		}
 
 		// Try checking for 2.1 json-format cookie in $_SESSION
-		elseif (isset($_SESSION['login_' . $cookiename]) && preg_match('~^{"0":\d+,"1":"[0-9a-f]*","2":\d+~', $_SESSION['login_' . $cookiename]) === 1)
-			list (,, $timeout) = $smcFunc['json_decode']($_SESSION['login_' . $cookiename]);
+		elseif (isset($_SESSION['login_' . $cookiename]) && preg_match('~^{"0":\d+,"1":"[0-9a-f]*","2":\d+~', $_SESSION['login_' . $cookiename]) === 1) {
+					list (,, $timeout) = $smcFunc['json_decode']($_SESSION['login_' . $cookiename]);
+		}
 
 		// Next, try checking for 2.0 serialized string cookie in $_COOKIE
-		elseif (isset($_COOKIE[$cookiename]) && preg_match('~^a:[34]:\{i:0;i:\d+;i:1;s:(0|128):"([a-fA-F0-9]{128})?";i:2;[id]:\d+;~', $_COOKIE[$cookiename]) === 1)
-			list (,, $timeout) = safe_unserialize($_COOKIE[$cookiename]);
+		elseif (isset($_COOKIE[$cookiename]) && preg_match('~^a:[34]:\{i:0;i:\d+;i:1;s:(0|128):"([a-fA-F0-9]{128})?";i:2;[id]:\d+;~', $_COOKIE[$cookiename]) === 1) {
+					list (,, $timeout) = safe_unserialize($_COOKIE[$cookiename]);
+		}
 
 		// Last, see if you need to fall back on checking for 2.0 serialized string cookie in $_SESSION
-		elseif (isset($_SESSION['login_' . $cookiename]) && preg_match('~^a:[34]:\{i:0;i:\d+;i:1;s:(0|128):"([a-fA-F0-9]{128})?";i:2;[id]:\d+;~', $_SESSION['login_' . $cookiename]) === 1)
-			list (,, $timeout) = safe_unserialize($_SESSION['login_' . $cookiename]);
-
-		else
-			trigger_error('Login2(): Cannot be logged in without a session or cookie', E_USER_ERROR);
+		elseif (isset($_SESSION['login_' . $cookiename]) && preg_match('~^a:[34]:\{i:0;i:\d+;i:1;s:(0|128):"([a-fA-F0-9]{128})?";i:2;[id]:\d+;~', $_SESSION['login_' . $cookiename]) === 1) {
+					list (,, $timeout) = safe_unserialize($_SESSION['login_' . $cookiename]);
+		} else {
+					trigger_error('Login2(): Cannot be logged in without a session or cookie', E_USER_ERROR);
+		}
 
 		$user_settings['password_salt'] = substr(md5(mt_rand()), 0, 4);
 		updateMemberData($user_info['id'], array('password_salt' => $user_settings['password_salt']));
@@ -143,24 +150,23 @@ 
 	elseif (isset($_GET['sa']) && $_GET['sa'] == 'check')
 	{
 		// Strike!  You're outta there!
-		if ($_GET['member'] != $user_info['id'])
-			fatal_lang_error('login_cookie_error', false);
+		if ($_GET['member'] != $user_info['id']) {
+					fatal_lang_error('login_cookie_error', false);
+		}
 
 		$user_info['can_mod'] = allowedTo('access_mod_center') || (!$user_info['is_guest'] && ($user_info['mod_cache']['gq'] != '0=1' || $user_info['mod_cache']['bq'] != '0=1' || ($modSettings['postmod_active'] && !empty($user_info['mod_cache']['ap']))));
 
 		// Some whitelisting for login_url...
-		if (empty($_SESSION['login_url']))
-			redirectexit(empty($user_settings['tfa_secret']) ? '' : 'action=logintfa');
-		elseif (!empty($_SESSION['login_url']) && (strpos($_SESSION['login_url'], 'http://') === false && strpos($_SESSION['login_url'], 'https://') === false))
+		if (empty($_SESSION['login_url'])) {
+					redirectexit(empty($user_settings['tfa_secret']) ? '' : 'action=logintfa');
+		} elseif (!empty($_SESSION['login_url']) && (strpos($_SESSION['login_url'], 'http://') === false && strpos($_SESSION['login_url'], 'https://') === false))
 		{
 			unset ($_SESSION['login_url']);
 			redirectexit(empty($user_settings['tfa_secret']) ? '' : 'action=logintfa');
-		}
-		elseif (!empty($user_settings['tfa_secret']))
+		} elseif (!empty($user_settings['tfa_secret']))
 		{
 			redirectexit('action=logintfa');
-		}
-		else
+		} else
 		{
 			// Best not to clutter the session data too much...
 			$temp = $_SESSION['login_url'];
@@ -171,8 +177,9 @@ 
 	}
 
 	// Beyond this point you are assumed to be a guest trying to login.
-	if (!$user_info['is_guest'])
-		redirectexit();
+	if (!$user_info['is_guest']) {
+			redirectexit();
+	}
 
 	// Are you guessing with a script?
 	checkSession();
@@ -180,18 +187,21 @@ 
 	spamProtection('login');
 
 	// Set the login_url if it's not already set (but careful not to send us to an attachment).
-	if ((empty($_SESSION['login_url']) && isset($_SESSION['old_url']) && strpos($_SESSION['old_url'], 'dlattach') === false && preg_match('~(board|topic)[=,]~', $_SESSION['old_url']) != 0) || (isset($_GET['quicklogin']) && isset($_SESSION['old_url']) && strpos($_SESSION['old_url'], 'login') === false))
-		$_SESSION['login_url'] = $_SESSION['old_url'];
+	if ((empty($_SESSION['login_url']) && isset($_SESSION['old_url']) && strpos($_SESSION['old_url'], 'dlattach') === false && preg_match('~(board|topic)[=,]~', $_SESSION['old_url']) != 0) || (isset($_GET['quicklogin']) && isset($_SESSION['old_url']) && strpos($_SESSION['old_url'], 'login') === false)) {
+			$_SESSION['login_url'] = $_SESSION['old_url'];
+	}
 
 	// Been guessing a lot, haven't we?
-	if (isset($_SESSION['failed_login']) && $_SESSION['failed_login'] >= $modSettings['failed_login_threshold'] * 3)
-		fatal_lang_error('login_threshold_fail', 'login');
+	if (isset($_SESSION['failed_login']) && $_SESSION['failed_login'] >= $modSettings['failed_login_threshold'] * 3) {
+			fatal_lang_error('login_threshold_fail', 'login');
+	}
 
 	// Set up the cookie length.  (if it's invalid, just fall through and use the default.)
-	if (isset($_POST['cookieneverexp']) || (!empty($_POST['cookielength']) && $_POST['cookielength'] == -1))
-		$modSettings['cookieTime'] = 3153600;
-	elseif (!empty($_POST['cookielength']) && ($_POST['cookielength'] >= 1 && $_POST['cookielength'] <= 3153600))
-		$modSettings['cookieTime'] = (int) $_POST['cookielength'];
+	if (isset($_POST['cookieneverexp']) || (!empty($_POST['cookielength']) && $_POST['cookielength'] == -1)) {
+			$modSettings['cookieTime'] = 3153600;
+	} elseif (!empty($_POST['cookielength']) && ($_POST['cookielength'] >= 1 && $_POST['cookielength'] <= 3153600)) {
+			$modSettings['cookieTime'] = (int) $_POST['cookielength'];
+	}
 
 	// Login Cookie times. Format: time => txt
 	$context['login_cookie_times'] = array(
@@ -320,8 +330,9 @@ 
 			$other_passwords[] = crypt(md5($_POST['passwrd']), md5($_POST['passwrd']));
 
 			// Snitz style - SHA-256.  Technically, this is a downgrade, but most PHP configurations don't support sha256 anyway.
-			if (strlen($user_settings['passwd']) == 64 && function_exists('mhash') && defined('MHASH_SHA256'))
-				$other_passwords[] = bin2hex(mhash(MHASH_SHA256, $_POST['passwrd']));
+			if (strlen($user_settings['passwd']) == 64 && function_exists('mhash') && defined('MHASH_SHA256')) {
+							$other_passwords[] = bin2hex(mhash(MHASH_SHA256, $_POST['passwrd']));
+			}
 
 			// phpBB3 users new hashing.  We now support it as well ;).
 			$other_passwords[] = phpBB3_password_check($_POST['passwrd'], $user_settings['passwd']);
@@ -341,27 +352,29 @@ 
 			// Some common md5 ones.
 			$other_passwords[] = md5($user_settings['password_salt'] . $_POST['passwrd']);
 			$other_passwords[] = md5($_POST['passwrd'] . $user_settings['password_salt']);
-		}
-		elseif (strlen($user_settings['passwd']) == 40)
+		} elseif (strlen($user_settings['passwd']) == 40)
 		{
 			// Maybe they are using a hash from before the password fix.
 			// This is also valid for SMF 1.1 to 2.0 style of hashing, changed to bcrypt in SMF 2.1
 			$other_passwords[] = sha1(strtolower($user_settings['member_name']) . un_htmlspecialchars($_POST['passwrd']));
 
 			// BurningBoard3 style of hashing.
-			if (!empty($modSettings['enable_password_conversion']))
-				$other_passwords[] = sha1($user_settings['password_salt'] . sha1($user_settings['password_salt'] . sha1($_POST['passwrd'])));
+			if (!empty($modSettings['enable_password_conversion'])) {
+							$other_passwords[] = sha1($user_settings['password_salt'] . sha1($user_settings['password_salt'] . sha1($_POST['passwrd'])));
+			}
 
 			// Perhaps we converted to UTF-8 and have a valid password being hashed differently.
 			if ($context['character_set'] == 'UTF-8' && !empty($modSettings['previousCharacterSet']) && $modSettings['previousCharacterSet'] != 'utf8')
 			{
 				// Try iconv first, for no particular reason.
-				if (function_exists('iconv'))
-					$other_passwords['iconv'] = sha1(strtolower(iconv('UTF-8', $modSettings['previousCharacterSet'], $user_settings['member_name'])) . un_htmlspecialchars(iconv('UTF-8', $modSettings['previousCharacterSet'], $_POST['passwrd'])));
+				if (function_exists('iconv')) {
+									$other_passwords['iconv'] = sha1(strtolower(iconv('UTF-8', $modSettings['previousCharacterSet'], $user_settings['member_name'])) . un_htmlspecialchars(iconv('UTF-8', $modSettings['previousCharacterSet'], $_POST['passwrd'])));
+				}
 
 				// Say it aint so, iconv failed!
-				if (empty($other_passwords['iconv']) && function_exists('mb_convert_encoding'))
-					$other_passwords[] = sha1(strtolower(mb_convert_encoding($user_settings['member_name'], 'UTF-8', $modSettings['previousCharacterSet'])) . un_htmlspecialchars(mb_convert_encoding($_POST['passwrd'], 'UTF-8', $modSettings['previousCharacterSet'])));
+				if (empty($other_passwords['iconv']) && function_exists('mb_convert_encoding')) {
+									$other_passwords[] = sha1(strtolower(mb_convert_encoding($user_settings['member_name'], 'UTF-8', $modSettings['previousCharacterSet'])) . un_htmlspecialchars(mb_convert_encoding($_POST['passwrd'], 'UTF-8', $modSettings['previousCharacterSet'])));
+				}
 			}
 		}
 
@@ -391,8 +404,9 @@ 
 			$_SESSION['failed_login'] = isset($_SESSION['failed_login']) ? ($_SESSION['failed_login'] + 1) : 1;
 
 			// Hmm... don't remember it, do you?  Here, try the password reminder ;).
-			if ($_SESSION['failed_login'] >= $modSettings['failed_login_threshold'])
-				redirectexit('action=reminder');
+			if ($_SESSION['failed_login'] >= $modSettings['failed_login_threshold']) {
+							redirectexit('action=reminder');
+			}
 			// We'll give you another chance...
 			else
 			{
@@ -403,8 +417,7 @@ 
 				return;
 			}
 		}
-	}
-	elseif (!empty($user_settings['passwd_flood']))
+	} elseif (!empty($user_settings['passwd_flood']))
 	{
 		// Let's be sure they weren't a little hacker.
 		validatePasswordFlood($user_settings['id_member'], $user_settings['member_name'], $user_settings['passwd_flood'], true);
@@ -421,8 +434,9 @@ 
 	}
 
 	// Check their activation status.
-	if (!checkActivation())
-		return;
+	if (!checkActivation()) {
+			return;
+	}
 
 	DoLogin();
 }
@@ -434,8 +448,9 @@ 
 {
 	global $sourcedir, $txt, $context, $user_info, $modSettings, $scripturl;
 
-	if (!$user_info['is_guest'] || empty($context['tfa_member']) || empty($modSettings['tfa_mode']))
-		fatal_lang_error('no_access', false);
+	if (!$user_info['is_guest'] || empty($context['tfa_member']) || empty($modSettings['tfa_mode'])) {
+			fatal_lang_error('no_access', false);
+	}
 
 	loadLanguage('Profile');
 	require_once($sourcedir . '/Class-TOTP.php');
@@ -443,8 +458,9 @@ 
 	$member = $context['tfa_member'];
 
 	// Prevent replay attacks by limiting at least 2 minutes before they can log in again via 2FA
-	if (time() - $member['last_login'] < 120)
-		fatal_lang_error('tfa_wait', false);
+	if (time() - $member['last_login'] < 120) {
+			fatal_lang_error('tfa_wait', false);
+	}
 
 	$totp = new \TOTP\Auth($member['tfa_secret']);
 	$totp->setRange(1);
@@ -458,8 +474,9 @@ 
 	if (!empty($_POST['tfa_code']) && empty($_POST['tfa_backup']))
 	{
 		// Check to ensure we're forcing SSL for authentication
-		if (!empty($modSettings['force_ssl']) && empty($maintenance) && !httpsOn())
-			fatal_lang_error('login_ssl_required');
+		if (!empty($modSettings['force_ssl']) && empty($maintenance) && !httpsOn()) {
+					fatal_lang_error('login_ssl_required');
+		}
 
 		$code = $_POST['tfa_code'];
 
@@ -469,20 +486,19 @@ 
 
 			setTFACookie(3153600, $member['id_member'], hash_salt($member['tfa_backup'], $member['password_salt']));
 			redirectexit();
-		}
-		else
+		} else
 		{
 			validatePasswordFlood($member['id_member'], $member['member_name'], $member['passwd_flood'], false, true);
 
 			$context['tfa_error'] = true;
 			$context['tfa_value'] = $_POST['tfa_code'];
 		}
-	}
-	elseif (!empty($_POST['tfa_backup']))
+	} elseif (!empty($_POST['tfa_backup']))
 	{
 		// Check to ensure we're forcing SSL for authentication
-		if (!empty($modSettings['force_ssl']) && empty($maintenance) && !httpsOn())
-			fatal_lang_error('login_ssl_required');
+		if (!empty($modSettings['force_ssl']) && empty($maintenance) && !httpsOn()) {
+					fatal_lang_error('login_ssl_required');
+		}
 
 		$backup = $_POST['tfa_backup'];
 
@@ -496,8 +512,7 @@ 
 			));
 			setTFACookie(3153600, $member['id_member'], hash_salt($member['tfa_backup'], $member['password_salt']));
 			redirectexit('action=profile;area=tfasetup;backup');
-		}
-		else
+		} else
 		{
 			validatePasswordFlood($member['id_member'], $member['member_name'], $member['passwd_flood'], false, true);
 
@@ -520,8 +535,9 @@ 
 {
 	global $context, $txt, $scripturl, $user_settings, $modSettings;
 
-	if (!isset($context['login_errors']))
-		$context['login_errors'] = array();
+	if (!isset($context['login_errors'])) {
+			$context['login_errors'] = array();
+	}
 
 	// What is the true activation status of this account?
 	$activation_status = $user_settings['is_activated'] > 10 ? $user_settings['is_activated'] - 10 : $user_settings['is_activated'];
@@ -533,8 +549,9 @@ 
 		return false;
 	}
 	// Awaiting approval still?
-	elseif ($activation_status == 3)
-		fatal_lang_error('still_awaiting_approval', 'user');
+	elseif ($activation_status == 3) {
+			fatal_lang_error('still_awaiting_approval', 'user');
+	}
 	// Awaiting deletion, changed their mind?
 	elseif ($activation_status == 4)
 	{
@@ -542,8 +559,7 @@ 
 		{
 			updateMemberData($user_settings['id_member'], array('is_activated' => 1));
 			updateSettings(array('unapprovedMembers' => ($modSettings['unapprovedMembers'] > 0 ? $modSettings['unapprovedMembers'] - 1 : 0)));
-		}
-		else
+		} else
 		{
 			$context['disable_login_hashing'] = true;
 			$context['login_errors'][] = $txt['awaiting_delete_account'];
@@ -583,8 +599,9 @@ 
 	setLoginCookie(60 * $modSettings['cookieTime'], $user_settings['id_member'], hash_salt($user_settings['passwd'], $user_settings['password_salt']));
 
 	// Reset the login threshold.
-	if (isset($_SESSION['failed_login']))
-		unset($_SESSION['failed_login']);
+	if (isset($_SESSION['failed_login'])) {
+			unset($_SESSION['failed_login']);
+	}
 
 	$user_info['is_guest'] = false;
 	$user_settings['additional_groups'] = explode(',', $user_settings['additional_groups']);
@@ -606,16 +623,18 @@ 
 			'id_member' => $user_info['id'],
 		)
 	);
-	if ($smcFunc['db_num_rows']($request) == 1)
-		$_SESSION['first_login'] = true;
-	else
-		unset($_SESSION['first_login']);
+	if ($smcFunc['db_num_rows']($request) == 1) {
+			$_SESSION['first_login'] = true;
+	} else {
+			unset($_SESSION['first_login']);
+	}
 	$smcFunc['db_free_result']($request);
 
 	// You've logged in, haven't you?
 	$update = array('member_ip' => $user_info['ip'], 'member_ip2' => $_SERVER['BAN_CHECK_IP']);
-	if (empty($user_settings['tfa_secret']))
-		$update['last_login'] = time();
+	if (empty($user_settings['tfa_secret'])) {
+			$update['last_login'] = time();
+	}
 	updateMemberData($user_info['id'], $update);
 
 	// Get rid of the online entry for that old guest....
@@ -629,8 +648,8 @@ 
 	$_SESSION['log_time'] = 0;
 
 	// Log this entry, only if we have it enabled.
-	if (!empty($modSettings['loginHistoryDays']))
-		$smcFunc['db_insert']('insert',
+	if (!empty($modSettings['loginHistoryDays'])) {
+			$smcFunc['db_insert']('insert',
 			'{db_prefix}member_logins',
 			array(
 				'id_member' => 'int', 'time' => 'int', 'ip' => 'inet', 'ip2' => 'inet',
@@ -642,13 +661,15 @@ 
 				'id_member', 'time'
 			)
 		);
+	}
 
 	// Just log you back out if it's in maintenance mode and you AREN'T an admin.
-	if (empty($maintenance) || allowedTo('admin_forum'))
-		redirectexit('action=login2;sa=check;member=' . $user_info['id'], $context['server']['needs_login_fix']);
-	else
-		redirectexit('action=logout;' . $context['session_var'] . '=' . $context['session_id'], $context['server']['needs_login_fix']);
-}
+	if (empty($maintenance) || allowedTo('admin_forum')) {
+			redirectexit('action=login2;sa=check;member=' . $user_info['id'], $context['server']['needs_login_fix']);
+	} else {
+			redirectexit('action=logout;' . $context['session_var'] . '=' . $context['session_id'], $context['server']['needs_login_fix']);
+	}
+	}
 
 /**
  * Logs the current user out of their account.
@@ -664,13 +685,15 @@ 
 	global $sourcedir, $user_info, $user_settings, $context, $smcFunc, $cookiename, $modSettings;
 
 	// Make sure they aren't being auto-logged out.
-	if (!$internal)
-		checkSession('get');
+	if (!$internal) {
+			checkSession('get');
+	}
 
 	require_once($sourcedir . '/Subs-Auth.php');
 
-	if (isset($_SESSION['pack_ftp']))
-		$_SESSION['pack_ftp'] = null;
+	if (isset($_SESSION['pack_ftp'])) {
+			$_SESSION['pack_ftp'] = null;
+	}
 
 	// It won't be first login anymore.
 	unset($_SESSION['first_login']);
@@ -698,8 +721,9 @@ 
 
 	// And some other housekeeping while we're at it.
 	$salt = substr(md5(mt_rand()), 0, 4);
-	if (!empty($user_info['id']))
-		updateMemberData($user_info['id'], array('password_salt' => $salt));
+	if (!empty($user_info['id'])) {
+			updateMemberData($user_info['id'], array('password_salt' => $salt));
+	}
 
 	if (!empty($modSettings['tfa_mode']) && !empty($user_info['id']) && !empty($_COOKIE[$cookiename . '_tfa']))
 	{
@@ -712,14 +736,13 @@ 
 	// Off to the merry board index we go!
 	if ($redirect)
 	{
-		if (empty($_SESSION['logout_url']))
-			redirectexit('', $context['server']['needs_login_fix']);
-		elseif (!empty($_SESSION['logout_url']) && (strpos($_SESSION['logout_url'], 'http://') === false && strpos($_SESSION['logout_url'], 'https://') === false))
+		if (empty($_SESSION['logout_url'])) {
+					redirectexit('', $context['server']['needs_login_fix']);
+		} elseif (!empty($_SESSION['logout_url']) && (strpos($_SESSION['logout_url'], 'http://') === false && strpos($_SESSION['logout_url'], 'https://') === false))
 		{
 			unset ($_SESSION['logout_url']);
 			redirectexit();
-		}
-		else
+		} else
 		{
 			$temp = $_SESSION['logout_url'];
 			unset($_SESSION['logout_url']);
@@ -752,8 +775,9 @@ 
 function phpBB3_password_check($passwd, $passwd_hash)
 {
 	// Too long or too short?
-	if (strlen($passwd_hash) != 34)
-		return;
+	if (strlen($passwd_hash) != 34) {
+			return;
+	}
 
 	// Range of characters allowed.
 	$range = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
@@ -764,8 +788,9 @@ 
 	$salt = substr($passwd_hash, 4, 8);
 
 	$hash = md5($salt . $passwd, true);
-	for (; $count != 0; --$count)
-		$hash = md5($hash . $passwd, true);
+	for (; $count != 0; --$count) {
+			$hash = md5($hash . $passwd, true);
+	}
 
 	$output = substr($passwd_hash, 0, 12);
 	$i = 0;
@@ -774,21 +799,25 @@ 
 		$value = ord($hash[$i++]);
 		$output .= $range[$value & 0x3f];
 
-		if ($i < 16)
-			$value |= ord($hash[$i]) << 8;
+		if ($i < 16) {
+					$value |= ord($hash[$i]) << 8;
+		}
 
 		$output .= $range[($value >> 6) & 0x3f];
 
-		if ($i++ >= 16)
-			break;
+		if ($i++ >= 16) {
+					break;
+		}
 
-		if ($i < 16)
-			$value |= ord($hash[$i]) << 16;
+		if ($i < 16) {
+					$value |= ord($hash[$i]) << 16;
+		}
 
 		$output .= $range[($value >> 12) & 0x3f];
 
-		if ($i++ >= 16)
-			break;
+		if ($i++ >= 16) {
+					break;
+		}
 
 		$output .= $range[($value >> 18) & 0x3f];
 	}
@@ -820,8 +849,9 @@ 
 		require_once($sourcedir . '/Subs-Auth.php');
 		setLoginCookie(-3600, 0);
 
-		if (isset($_SESSION['login_' . $cookiename]))
-			unset($_SESSION['login_' . $cookiename]);
+		if (isset($_SESSION['login_' . $cookiename])) {
+					unset($_SESSION['login_' . $cookiename]);
+		}
 	}
 
 	// We need a member!
@@ -835,8 +865,9 @@ 
 	}
 
 	// Right, have we got a flood value?
-	if ($password_flood_value !== false)
-		@list ($time_stamp, $number_tries) = explode('|', $password_flood_value);
+	if ($password_flood_value !== false) {
+			@list ($time_stamp, $number_tries) = explode('|', $password_flood_value);
+	}
 
 	// Timestamp or number of tries invalid?
 	if (empty($number_tries) || empty($time_stamp))
@@ -852,15 +883,17 @@ 
 		$number_tries = $time_stamp < time() - 20 ? 2 : $number_tries;
 
 		// They are trying too fast, make them wait longer
-		if ($time_stamp < time() - 10)
-			$time_stamp = time();
+		if ($time_stamp < time() - 10) {
+					$time_stamp = time();
+		}
 	}
 
 	$number_tries++;
 
 	// Broken the law?
-	if ($number_tries > 5)
-		fatal_lang_error('login_threshold_brute_fail', 'login', [$member_name]);
+	if ($number_tries > 5) {
+			fatal_lang_error('login_threshold_brute_fail', 'login', [$member_name]);
+	}
 
 	// Otherwise set the members data. If they correct on their first attempt then we actually clear it, otherwise we set it!
 	updateMemberData($id_member, array('passwd_flood' => $was_correct && $number_tries == 1 ? '' : $time_stamp . '|' . $number_tries));

Sources/BoardIndex.php

Braces +20 added lines, -13 removed lines

@@ -14,8 +14,9 @@ 
  * @version 2.1 Beta 4
  */
 
-if (!defined('SMF'))
+if (!defined('SMF')) {
 	die('No direct access...');
+}
 
 /**
  * This function shows the board index.
@@ -34,8 +35,9 @@ 
 	$context['canonical_url'] = $scripturl;
 
 	// Do not let search engines index anything if there is a random thing in $_GET.
-	if (!empty($_GET))
-		$context['robot_no_index'] = true;
+	if (!empty($_GET)) {
+			$context['robot_no_index'] = true;
+	}
 
 	// Retrieve the categories and boards.
 	require_once($sourcedir . '/Subs-BoardIndex.php');
@@ -62,11 +64,12 @@ 
 			$context['latest_posts'] = cache_quick_get('boardindex-latest_posts:' . md5($user_info['query_wanna_see_board'] . $user_info['language']), 'Subs-Recent.php', 'cache_getLastPosts', array($latestPostOptions));
 		}
 
-		if (!empty($context['latest_posts']) || !empty($context['latest_post']))
-			$context['info_center'][] = array(
+		if (!empty($context['latest_posts']) || !empty($context['latest_post'])) {
+					$context['info_center'][] = array(
 				'tpl' => 'recent',
 				'txt' => 'recent_posts',
 			);
+		}
 	}
 
 	// Load the calendar?
@@ -87,20 +90,22 @@ 
 		// This is used to show the "how-do-I-edit" help.
 		$context['calendar_can_edit'] = allowedTo('calendar_edit_any');
 
-		if (!empty($context['show_calendar']))
-			$context['info_center'][] = array(
+		if (!empty($context['show_calendar'])) {
+					$context['info_center'][] = array(
 				'tpl' => 'calendar',
 				'txt' => $context['calendar_only_today'] ? 'calendar_today' : 'calendar_upcoming',
 			);
+		}
 	}
 
 	// And stats.
 	$context['show_stats'] = allowedTo('view_stats') && !empty($modSettings['trackStats']);
-	if ($settings['show_stats_index'])
-		$context['info_center'][] = array(
+	if ($settings['show_stats_index']) {
+			$context['info_center'][] = array(
 				'tpl' => 'stats',
 				'txt' => 'forum_stats',
 			);
+	}
 
 	// Now the online stuff
 	require_once($sourcedir . '/Subs-MembersOnline.php');
@@ -118,12 +123,14 @@ 
 			);
 
 	// Track most online statistics? (Subs-MembersOnline.php)
-	if (!empty($modSettings['trackStats']))
-		trackStatsUsersOnline($context['num_guests'] + $context['num_spiders'] + $context['num_users_online']);
+	if (!empty($modSettings['trackStats'])) {
+			trackStatsUsersOnline($context['num_guests'] + $context['num_spiders'] + $context['num_users_online']);
+	}
 
 	// Are we showing all membergroups on the board index?
-	if (!empty($settings['show_group_key']))
-		$context['membergroups'] = cache_quick_get('membergroup_list', 'Subs-Membergroups.php', 'cache_getMembergroupList', array());
+	if (!empty($settings['show_group_key'])) {
+			$context['membergroups'] = cache_quick_get('membergroup_list', 'Subs-Membergroups.php', 'cache_getMembergroupList', array());
+	}
 
 	// And back to normality.
 	$context['page_title'] = sprintf($txt['forum_index'], $context['forum_name']);

Sources/Security.php

Braces +255 added lines, -197 removed lines

@@ -14,8 +14,9 @@ 
  * @version 2.1 Beta 4
  */
 
-if (!defined('SMF'))
+if (!defined('SMF')) {
 	die('No direct access...');
+}
 
 /**
  * Check if the user is who he/she says he is
@@ -42,12 +43,14 @@ 
 	$refreshTime = isset($_GET['xml']) ? 4200 : 3600;
 
 	// Is the security option off?
-	if (!empty($modSettings['securityDisable' . ($type != 'admin' ? '_' . $type : '')]))
-		return;
+	if (!empty($modSettings['securityDisable' . ($type != 'admin' ? '_' . $type : '')])) {
+			return;
+	}
 
 	// Or are they already logged in?, Moderator or admin session is need for this area
-	if ((!empty($_SESSION[$type . '_time']) && $_SESSION[$type . '_time'] + $refreshTime >= time()) || (!empty($_SESSION['admin_time']) && $_SESSION['admin_time'] + $refreshTime >= time()))
-		return;
+	if ((!empty($_SESSION[$type . '_time']) && $_SESSION[$type . '_time'] + $refreshTime >= time()) || (!empty($_SESSION['admin_time']) && $_SESSION['admin_time'] + $refreshTime >= time())) {
+			return;
+	}
 
 	require_once($sourcedir . '/Subs-Auth.php');
 
@@ -55,8 +58,9 @@ 
 	if (isset($_POST[$type . '_pass']))
 	{
 		// Check to ensure we're forcing SSL for authentication
-		if (!empty($modSettings['force_ssl']) && empty($maintenance) && !httpsOn())
-			fatal_lang_error('login_ssl_required');
+		if (!empty($modSettings['force_ssl']) && empty($maintenance) && !httpsOn()) {
+					fatal_lang_error('login_ssl_required');
+		}
 
 		checkSession();
 
@@ -72,17 +76,19 @@ 
 	}
 
 	// Better be sure to remember the real referer
-	if (empty($_SESSION['request_referer']))
-		$_SESSION['request_referer'] = isset($_SERVER['HTTP_REFERER']) ? @parse_url($_SERVER['HTTP_REFERER']) : array();
-	elseif (empty($_POST))
-		unset($_SESSION['request_referer']);
+	if (empty($_SESSION['request_referer'])) {
+			$_SESSION['request_referer'] = isset($_SERVER['HTTP_REFERER']) ? @parse_url($_SERVER['HTTP_REFERER']) : array();
+	} elseif (empty($_POST)) {
+			unset($_SESSION['request_referer']);
+	}
 
 	// Need to type in a password for that, man.
-	if (!isset($_GET['xml']))
-		adminLogin($type);
-	else
-		return 'session_verify_fail';
-}
+	if (!isset($_GET['xml'])) {
+			adminLogin($type);
+	} else {
+			return 'session_verify_fail';
+	}
+	}
 
 /**
  * Require a user who is logged in. (not a guest.)
@@ -96,25 +102,30 @@ 
 	global $user_info, $txt, $context, $scripturl, $modSettings;
 
 	// Luckily, this person isn't a guest.
-	if (!$user_info['is_guest'])
-		return;
+	if (!$user_info['is_guest']) {
+			return;
+	}
 
 	// Log what they were trying to do didn't work)
-	if (!empty($modSettings['who_enabled']))
-		$_GET['error'] = 'guest_login';
+	if (!empty($modSettings['who_enabled'])) {
+			$_GET['error'] = 'guest_login';
+	}
 	writeLog(true);
 
 	// Just die.
-	if (isset($_REQUEST['xml']))
-		obExit(false);
+	if (isset($_REQUEST['xml'])) {
+			obExit(false);
+	}
 
 	// Attempt to detect if they came from dlattach.
-	if (SMF != 'SSI' && empty($context['theme_loaded']))
-		loadTheme();
+	if (SMF != 'SSI' && empty($context['theme_loaded'])) {
+			loadTheme();
+	}
 
 	// Never redirect to an attachment
-	if (strpos($_SERVER['REQUEST_URL'], 'dlattach') === false)
-		$_SESSION['login_url'] = $_SERVER['REQUEST_URL'];
+	if (strpos($_SERVER['REQUEST_URL'], 'dlattach') === false) {
+			$_SESSION['login_url'] = $_SERVER['REQUEST_URL'];
+	}
 
 	// Load the Login template and language file.
 	loadLanguage('Login');
@@ -124,8 +135,7 @@ 
 	{
 		$_SESSION['login_url'] = $scripturl . '?' . $_SERVER['QUERY_STRING'];
 		redirectexit('action=login');
-	}
-	else
+	} else
 	{
 		loadTemplate('Login');
 		$context['sub_template'] = 'kick_guest';
@@ -155,8 +165,9 @@ 
 	global $sourcedir, $cookiename, $user_settings, $smcFunc;
 
 	// You cannot be banned if you are an admin - doesn't help if you log out.
-	if ($user_info['is_admin'])
-		return;
+	if ($user_info['is_admin']) {
+			return;
+	}
 
 	// Only check the ban every so often. (to reduce load.)
 	if ($forceCheck || !isset($_SESSION['ban']) || empty($modSettings['banLastUpdated']) || ($_SESSION['ban']['last_checked'] < $modSettings['banLastUpdated']) || $_SESSION['ban']['id_member'] != $user_info['id'] || $_SESSION['ban']['ip'] != $user_info['ip'] || $_SESSION['ban']['ip2'] != $user_info['ip2'] || (isset($user_info['email'], $_SESSION['ban']['email']) && $_SESSION['ban']['email'] != $user_info['email']))
@@ -177,8 +188,9 @@ 
 		// Check both IP addresses.
 		foreach (array('ip', 'ip2') as $ip_number)
 		{
-			if ($ip_number == 'ip2' && $user_info['ip2'] == $user_info['ip'])
-				continue;
+			if ($ip_number == 'ip2' && $user_info['ip2'] == $user_info['ip']) {
+							continue;
+			}
 			$ban_query[] = ' {inet:' . $ip_number . '} BETWEEN bi.ip_low and bi.ip_high';
 			$ban_query_vars[$ip_number] = $user_info[$ip_number];
 			// IP was valid, maybe there's also a hostname...
@@ -228,24 +240,28 @@ 
 			// Store every type of ban that applies to you in your session.
 			while ($row = $smcFunc['db_fetch_assoc']($request))
 			{
-				foreach ($restrictions as $restriction)
-					if (!empty($row[$restriction]))
+				foreach ($restrictions as $restriction) {
+									if (!empty($row[$restriction]))
 					{
 						$_SESSION['ban'][$restriction]['reason'] = $row['reason'];
+				}
 						$_SESSION['ban'][$restriction]['ids'][] = $row['id_ban'];
-						if (!isset($_SESSION['ban']['expire_time']) || ($_SESSION['ban']['expire_time'] != 0 && ($row['expire_time'] == 0 || $row['expire_time'] > $_SESSION['ban']['expire_time'])))
-							$_SESSION['ban']['expire_time'] = $row['expire_time'];
+						if (!isset($_SESSION['ban']['expire_time']) || ($_SESSION['ban']['expire_time'] != 0 && ($row['expire_time'] == 0 || $row['expire_time'] > $_SESSION['ban']['expire_time']))) {
+													$_SESSION['ban']['expire_time'] = $row['expire_time'];
+						}
 
-						if (!$user_info['is_guest'] && $restriction == 'cannot_access' && ($row['id_member'] == $user_info['id'] || $row['email_address'] == $user_info['email']))
-							$flag_is_activated = true;
+						if (!$user_info['is_guest'] && $restriction == 'cannot_access' && ($row['id_member'] == $user_info['id'] || $row['email_address'] == $user_info['email'])) {
+													$flag_is_activated = true;
+						}
 					}
 			}
 			$smcFunc['db_free_result']($request);
 		}
 
 		// Mark the cannot_access and cannot_post bans as being 'hit'.
-		if (isset($_SESSION['ban']['cannot_access']) || isset($_SESSION['ban']['cannot_post']) || isset($_SESSION['ban']['cannot_login']))
-			log_ban(array_merge(isset($_SESSION['ban']['cannot_access']) ? $_SESSION['ban']['cannot_access']['ids'] : array(), isset($_SESSION['ban']['cannot_post']) ? $_SESSION['ban']['cannot_post']['ids'] : array(), isset($_SESSION['ban']['cannot_login']) ? $_SESSION['ban']['cannot_login']['ids'] : array()));
+		if (isset($_SESSION['ban']['cannot_access']) || isset($_SESSION['ban']['cannot_post']) || isset($_SESSION['ban']['cannot_login'])) {
+					log_ban(array_merge(isset($_SESSION['ban']['cannot_access']) ? $_SESSION['ban']['cannot_access']['ids'] : array(), isset($_SESSION['ban']['cannot_post']) ? $_SESSION['ban']['cannot_post']['ids'] : array(), isset($_SESSION['ban']['cannot_login']) ? $_SESSION['ban']['cannot_login']['ids'] : array()));
+		}
 
 		// If for whatever reason the is_activated flag seems wrong, do a little work to clear it up.
 		if ($user_info['id'] && (($user_settings['is_activated'] >= 10 && !$flag_is_activated)
@@ -260,8 +276,9 @@ 
 	if (!isset($_SESSION['ban']['cannot_access']) && !empty($_COOKIE[$cookiename . '_']))
 	{
 		$bans = explode(',', $_COOKIE[$cookiename . '_']);
-		foreach ($bans as $key => $value)
-			$bans[$key] = (int) $value;
+		foreach ($bans as $key => $value) {
+					$bans[$key] = (int) $value;
+		}
 		$request = $smcFunc['db_query']('', '
 			SELECT bi.id_ban, bg.reason, COALESCE(bg.expire_time, 0) AS expire_time
 			FROM {db_prefix}ban_items AS bi
@@ -298,14 +315,15 @@ 
 	if (isset($_SESSION['ban']['cannot_access']))
 	{
 		// We don't wanna see you!
-		if (!$user_info['is_guest'])
-			$smcFunc['db_query']('', '
+		if (!$user_info['is_guest']) {
+					$smcFunc['db_query']('', '
 				DELETE FROM {db_prefix}log_online
 				WHERE id_member = {int:current_member}',
 				array(
 					'current_member' => $user_info['id'],
 				)
 			);
+		}
 
 		// 'Log' the user out.  Can't have any funny business... (save the name!)
 		$old_name = isset($user_info['name']) && $user_info['name'] != '' ? $user_info['name'] : $txt['guest_title'];
@@ -391,9 +409,10 @@ 
 	}
 
 	// Fix up the banning permissions.
-	if (isset($user_info['permissions']))
-		banPermissions();
-}
+	if (isset($user_info['permissions'])) {
+			banPermissions();
+	}
+	}
 
 /**
  * Fix permissions according to ban status.
@@ -404,8 +423,9 @@ 
 	global $user_info, $sourcedir, $modSettings, $context;
 
 	// Somehow they got here, at least take away all permissions...
-	if (isset($_SESSION['ban']['cannot_access']))
-		$user_info['permissions'] = array();
+	if (isset($_SESSION['ban']['cannot_access'])) {
+			$user_info['permissions'] = array();
+	}
 	// Okay, well, you can watch, but don't touch a thing.
 	elseif (isset($_SESSION['ban']['cannot_post']) || (!empty($modSettings['warning_mute']) && $modSettings['warning_mute'] <= $user_info['warning']))
 	{
@@ -447,19 +467,20 @@ 
 		call_integration_hook('integrate_warn_permissions', array(&$permission_change));
 		foreach ($permission_change as $old => $new)
 		{
-			if (!in_array($old, $user_info['permissions']))
-				unset($permission_change[$old]);
-			else
-				$user_info['permissions'][] = $new;
+			if (!in_array($old, $user_info['permissions'])) {
+							unset($permission_change[$old]);
+			} else {
+							$user_info['permissions'][] = $new;
+			}
 		}
 		$user_info['permissions'] = array_diff($user_info['permissions'], array_keys($permission_change));
 	}
 
 	// @todo Find a better place to call this? Needs to be after permissions loaded!
 	// Finally, some bits we cache in the session because it saves queries.
-	if (isset($_SESSION['mc']) && $_SESSION['mc']['time'] > $modSettings['settings_updated'] && $_SESSION['mc']['id'] == $user_info['id'])
-		$user_info['mod_cache'] = $_SESSION['mc'];
-	else
+	if (isset($_SESSION['mc']) && $_SESSION['mc']['time'] > $modSettings['settings_updated'] && $_SESSION['mc']['id'] == $user_info['id']) {
+			$user_info['mod_cache'] = $_SESSION['mc'];
+	} else
 	{
 		require_once($sourcedir . '/Subs-Auth.php');
 		rebuildModCache();
@@ -470,14 +491,12 @@ 
 	{
 		$context['open_mod_reports'] = $_SESSION['rc']['reports'];
 		$context['open_member_reports'] = $_SESSION['rc']['member_reports'];
-	}
-	elseif ($_SESSION['mc']['bq'] != '0=1')
+	} elseif ($_SESSION['mc']['bq'] != '0=1')
 	{
 		require_once($sourcedir . '/Subs-ReportedContent.php');
 		$context['open_mod_reports'] = recountOpenReports('posts');
 		$context['open_member_reports'] = recountOpenReports('members');
-	}
-	else
+	} else
 	{
 		$context['open_mod_reports'] = 0;
 		$context['open_member_reports'] = 0;
@@ -497,8 +516,9 @@ 
 	global $user_info, $smcFunc;
 
 	// Don't log web accelerators, it's very confusing...
-	if (isset($_SERVER['HTTP_X_MOZ']) && $_SERVER['HTTP_X_MOZ'] == 'prefetch')
-		return;
+	if (isset($_SERVER['HTTP_X_MOZ']) && $_SERVER['HTTP_X_MOZ'] == 'prefetch') {
+			return;
+	}
 
 	$smcFunc['db_insert']('',
 		'{db_prefix}log_banned',
@@ -508,8 +528,8 @@ 
 	);
 
 	// One extra point for these bans.
-	if (!empty($ban_ids))
-		$smcFunc['db_query']('', '
+	if (!empty($ban_ids)) {
+			$smcFunc['db_query']('', '
 			UPDATE {db_prefix}ban_items
 			SET hits = hits + 1
 			WHERE id_ban IN ({array_int:ban_ids})',
@@ -517,7 +537,8 @@ 
 				'ban_ids' => $ban_ids,
 			)
 		);
-}
+	}
+	}
 
 /**
  * Checks if a given email address might be banned.
@@ -533,8 +554,9 @@ 
 	global $txt, $smcFunc;
 
 	// Can't ban an empty email
-	if (empty($email) || trim($email) == '')
-		return;
+	if (empty($email) || trim($email) == '') {
+			return;
+	}
 
 	// Let's start with the bans based on your IP/hostname/memberID...
 	$ban_ids = isset($_SESSION['ban'][$restriction]) ? $_SESSION['ban'][$restriction]['ids'] : array();
@@ -607,16 +629,18 @@ 
 	if ($type == 'post')
 	{
 		$check = isset($_POST[$_SESSION['session_var']]) ? $_POST[$_SESSION['session_var']] : (empty($modSettings['strictSessionCheck']) && isset($_POST['sc']) ? $_POST['sc'] : null);
-		if ($check !== $sc)
-			$error = 'session_timeout';
+		if ($check !== $sc) {
+					$error = 'session_timeout';
+		}
 	}
 
 	// How about $_GET['sesc']?
 	elseif ($type == 'get')
 	{
 		$check = isset($_GET[$_SESSION['session_var']]) ? $_GET[$_SESSION['session_var']] : (empty($modSettings['strictSessionCheck']) && isset($_GET['sesc']) ? $_GET['sesc'] : null);
-		if ($check !== $sc)
-			$error = 'session_verify_fail';
+		if ($check !== $sc) {
+					$error = 'session_verify_fail';
+		}
 	}
 
 	// Or can it be in either?
@@ -624,13 +648,15 @@ 
 	{
 		$check = isset($_GET[$_SESSION['session_var']]) ? $_GET[$_SESSION['session_var']] : (empty($modSettings['strictSessionCheck']) && isset($_GET['sesc']) ? $_GET['sesc'] : (isset($_POST[$_SESSION['session_var']]) ? $_POST[$_SESSION['session_var']] : (empty($modSettings['strictSessionCheck']) && isset($_POST['sc']) ? $_POST['sc'] : null)));
 
-		if ($check !== $sc)
-			$error = 'session_verify_fail';
+		if ($check !== $sc) {
+					$error = 'session_verify_fail';
+		}
 	}
 
 	// Verify that they aren't changing user agents on us - that could be bad.
-	if ((!isset($_SESSION['USER_AGENT']) || $_SESSION['USER_AGENT'] != $_SERVER['HTTP_USER_AGENT']) && empty($modSettings['disableCheckUA']))
-		$error = 'session_verify_fail';
+	if ((!isset($_SESSION['USER_AGENT']) || $_SESSION['USER_AGENT'] != $_SERVER['HTTP_USER_AGENT']) && empty($modSettings['disableCheckUA'])) {
+			$error = 'session_verify_fail';
+	}
 
 	// Make sure a page with session check requirement is not being prefetched.
 	if (isset($_SERVER['HTTP_X_MOZ']) && $_SERVER['HTTP_X_MOZ'] == 'prefetch')
@@ -641,30 +667,35 @@ 
 	}
 
 	// Check the referring site - it should be the same server at least!
-	if (isset($_SESSION['request_referer']))
-		$referrer = $_SESSION['request_referer'];
-	else
-		$referrer = isset($_SERVER['HTTP_REFERER']) ? @parse_url($_SERVER['HTTP_REFERER']) : array();
+	if (isset($_SESSION['request_referer'])) {
+			$referrer = $_SESSION['request_referer'];
+	} else {
+			$referrer = isset($_SERVER['HTTP_REFERER']) ? @parse_url($_SERVER['HTTP_REFERER']) : array();
+	}
 	if (!empty($referrer['host']))
 	{
-		if (strpos($_SERVER['HTTP_HOST'], ':') !== false)
-			$real_host = substr($_SERVER['HTTP_HOST'], 0, strpos($_SERVER['HTTP_HOST'], ':'));
-		else
-			$real_host = $_SERVER['HTTP_HOST'];
+		if (strpos($_SERVER['HTTP_HOST'], ':') !== false) {
+					$real_host = substr($_SERVER['HTTP_HOST'], 0, strpos($_SERVER['HTTP_HOST'], ':'));
+		} else {
+					$real_host = $_SERVER['HTTP_HOST'];
+		}
 
 		$parsed_url = parse_url($boardurl);
 
 		// Are global cookies on?  If so, let's check them ;).
 		if (!empty($modSettings['globalCookies']))
 		{
-			if (preg_match('~(?:[^\.]+\.)?([^\.]{3,}\..+)\z~i', $parsed_url['host'], $parts) == 1)
-				$parsed_url['host'] = $parts[1];
+			if (preg_match('~(?:[^\.]+\.)?([^\.]{3,}\..+)\z~i', $parsed_url['host'], $parts) == 1) {
+							$parsed_url['host'] = $parts[1];
+			}
 
-			if (preg_match('~(?:[^\.]+\.)?([^\.]{3,}\..+)\z~i', $referrer['host'], $parts) == 1)
-				$referrer['host'] = $parts[1];
+			if (preg_match('~(?:[^\.]+\.)?([^\.]{3,}\..+)\z~i', $referrer['host'], $parts) == 1) {
+							$referrer['host'] = $parts[1];
+			}
 
-			if (preg_match('~(?:[^\.]+\.)?([^\.]{3,}\..+)\z~i', $real_host, $parts) == 1)
-				$real_host = $parts[1];
+			if (preg_match('~(?:[^\.]+\.)?([^\.]{3,}\..+)\z~i', $real_host, $parts) == 1) {
+							$real_host = $parts[1];
+			}
 		}
 
 		// Okay: referrer must either match parsed_url or real_host.
@@ -682,12 +713,14 @@ 
 		$log_error = true;
 	}
 
-	if (strtolower($_SERVER['HTTP_USER_AGENT']) == 'hacker')
-		fatal_error('Sound the alarm!  It\'s a hacker!  Close the castle gates!!', false);
+	if (strtolower($_SERVER['HTTP_USER_AGENT']) == 'hacker') {
+			fatal_error('Sound the alarm!  It\'s a hacker!  Close the castle gates!!', false);
+	}
 
 	// Everything is ok, return an empty string.
-	if (!isset($error))
-		return '';
+	if (!isset($error)) {
+			return '';
+	}
 	// A session error occurred, show the error.
 	elseif ($is_fatal)
 	{
@@ -696,13 +729,14 @@ 
 			ob_end_clean();
 			header('HTTP/1.1 403 Forbidden - Session timeout');
 			die;
+		} else {
+					fatal_lang_error($error, isset($log_error) ? 'user' : false);
 		}
-		else
-			fatal_lang_error($error, isset($log_error) ? 'user' : false);
 	}
 	// A session error occurred, return the error to the calling function.
-	else
-		return $error;
+	else {
+			return $error;
+	}
 
 	// We really should never fall through here, for very important reasons.  Let's make sure.
 	trigger_error('Hacking attempt...', E_USER_ERROR);
@@ -718,10 +752,9 @@ 
 {
 	global $modSettings;
 
-	if (isset($_GET['confirm']) && isset($_SESSION['confirm_' . $action]) && md5($_GET['confirm'] . $_SERVER['HTTP_USER_AGENT']) == $_SESSION['confirm_' . $action])
-		return true;
-
-	else
+	if (isset($_GET['confirm']) && isset($_SESSION['confirm_' . $action]) && md5($_GET['confirm'] . $_SERVER['HTTP_USER_AGENT']) == $_SESSION['confirm_' . $action]) {
+			return true;
+	} else
 	{
 		$token = md5(mt_rand() . session_id() . (string) microtime() . $modSettings['rand_seed']);
 		$_SESSION['confirm_' . $action] = md5($token . $_SERVER['HTTP_USER_AGENT']);
@@ -772,9 +805,9 @@ 
 			$return = $_SESSION['token'][$type . '-' . $action][3];
 			unset($_SESSION['token'][$type . '-' . $action]);
 			return $return;
+		} else {
+					return '';
 		}
-		else
-			return '';
 	}
 
 	// This nasty piece of code validates a token.
@@ -805,12 +838,14 @@ 
 		fatal_lang_error('token_verify_fail', false);
 	}
 	// Remove this token as its useless
-	else
-		unset($_SESSION['token'][$type . '-' . $action]);
+	else {
+			unset($_SESSION['token'][$type . '-' . $action]);
+	}
 
 	// Randomly check if we should remove some older tokens.
-	if (mt_rand(0, 138) == 23)
-		cleanTokens();
+	if (mt_rand(0, 138) == 23) {
+			cleanTokens();
+	}
 
 	return false;
 }
@@ -825,14 +860,16 @@ 
 function cleanTokens($complete = false)
 {
 	// We appreciate cleaning up after yourselves.
-	if (!isset($_SESSION['token']))
-		return;
+	if (!isset($_SESSION['token'])) {
+			return;
+	}
 
 	// Clean up tokens, trying to give enough time still.
-	foreach ($_SESSION['token'] as $key => $data)
-		if ($data[2] + 10800 < time() || $complete)
+	foreach ($_SESSION['token'] as $key => $data) {
+			if ($data[2] + 10800 < time() || $complete)
 			unset($_SESSION['token'][$key]);
-}
+	}
+	}
 
 /**
  * Check whether a form has been submitted twice.
@@ -850,37 +887,40 @@ 
 {
 	global $context;
 
-	if (!isset($_SESSION['forms']))
-		$_SESSION['forms'] = array();
+	if (!isset($_SESSION['forms'])) {
+			$_SESSION['forms'] = array();
+	}
 
 	// Register a form number and store it in the session stack. (use this on the page that has the form.)
 	if ($action == 'register')
 	{
 		$context['form_sequence_number'] = 0;
-		while (empty($context['form_sequence_number']) || in_array($context['form_sequence_number'], $_SESSION['forms']))
-			$context['form_sequence_number'] = mt_rand(1, 16000000);
+		while (empty($context['form_sequence_number']) || in_array($context['form_sequence_number'], $_SESSION['forms'])) {
+					$context['form_sequence_number'] = mt_rand(1, 16000000);
+		}
 	}
 	// Check whether the submitted number can be found in the session.
 	elseif ($action == 'check')
 	{
-		if (!isset($_REQUEST['seqnum']))
-			return true;
-		elseif (!in_array($_REQUEST['seqnum'], $_SESSION['forms']))
+		if (!isset($_REQUEST['seqnum'])) {
+					return true;
+		} elseif (!in_array($_REQUEST['seqnum'], $_SESSION['forms']))
 		{
 			$_SESSION['forms'][] = (int) $_REQUEST['seqnum'];
 			return true;
+		} elseif ($is_fatal) {
+					fatal_lang_error('error_form_already_submitted', false);
+		} else {
+					return false;
 		}
-		elseif ($is_fatal)
-			fatal_lang_error('error_form_already_submitted', false);
-		else
-			return false;
 	}
 	// Don't check, just free the stack number.
-	elseif ($action == 'free' && isset($_REQUEST['seqnum']) && in_array($_REQUEST['seqnum'], $_SESSION['forms']))
-		$_SESSION['forms'] = array_diff($_SESSION['forms'], array($_REQUEST['seqnum']));
-	elseif ($action != 'free')
-		trigger_error('checkSubmitOnce(): Invalid action \'' . $action . '\'', E_USER_WARNING);
-}
+	elseif ($action == 'free' && isset($_REQUEST['seqnum']) && in_array($_REQUEST['seqnum'], $_SESSION['forms'])) {
+			$_SESSION['forms'] = array_diff($_SESSION['forms'], array($_REQUEST['seqnum']));
+	} elseif ($action != 'free') {
+			trigger_error('checkSubmitOnce(): Invalid action \'' . $action . '\'', E_USER_WARNING);
+	}
+	}
 
 /**
  * Check the user's permissions.
@@ -899,16 +939,19 @@ 
 	global $user_info, $smcFunc;
 
 	// You're always allowed to do nothing. (unless you're a working man, MR. LAZY :P!)
-	if (empty($permission))
-		return true;
+	if (empty($permission)) {
+			return true;
+	}
 
 	// You're never allowed to do something if your data hasn't been loaded yet!
-	if (empty($user_info))
-		return false;
+	if (empty($user_info)) {
+			return false;
+	}
 
 	// Administrators are supermen :P.
-	if ($user_info['is_admin'])
-		return true;
+	if ($user_info['is_admin']) {
+			return true;
+	}
 
 	// Let's ensure this is an array.
 	$permission = (array) $permission;
@@ -916,14 +959,16 @@ 
 	// Are we checking the _current_ board, or some other boards?
 	if ($boards === null)
 	{
-		if (count(array_intersect($permission, $user_info['permissions'])) != 0)
-			return true;
+		if (count(array_intersect($permission, $user_info['permissions'])) != 0) {
+					return true;
+		}
 		// You aren't allowed, by default.
-		else
-			return false;
+		else {
+					return false;
+		}
+	} elseif (!is_array($boards)) {
+			$boards = array($boards);
 	}
-	elseif (!is_array($boards))
-		$boards = array($boards);
 
 	$request = $smcFunc['db_query']('', '
 		SELECT MIN(bp.add_deny) AS add_deny
@@ -951,20 +996,23 @@ 
 		while ($row = $smcFunc['db_fetch_assoc']($request))
 		{
 			$result = !empty($row['add_deny']);
-			if ($result == true)
-				break;
+			if ($result == true) {
+							break;
+			}
 		}
 		$smcFunc['db_free_result']($request);
 		return $result;
 	}
 
 	// Make sure they can do it on all of the boards.
-	if ($smcFunc['db_num_rows']($request) != count($boards))
-		return false;
+	if ($smcFunc['db_num_rows']($request) != count($boards)) {
+			return false;
+	}
 
 	$result = true;
-	while ($row = $smcFunc['db_fetch_assoc']($request))
-		$result &= !empty($row['add_deny']);
+	while ($row = $smcFunc['db_fetch_assoc']($request)) {
+			$result &= !empty($row['add_deny']);
+	}
 	$smcFunc['db_free_result']($request);
 
 	// If the query returned 1, they can do it... otherwise, they can't.
@@ -1031,9 +1079,10 @@ 
 
 	// If you're doing something on behalf of some "heavy" permissions, validate your session.
 	// (take out the heavy permissions, and if you can't do anything but those, you need a validated session.)
-	if (!allowedTo(array_diff($permission, $heavy_permissions), $boards))
-		validateSession();
-}
+	if (!allowedTo(array_diff($permission, $heavy_permissions), $boards)) {
+			validateSession();
+	}
+	}
 
 /**
  * Return the boards a user has a certain (board) permission on. (array(0) if all.)
@@ -1064,13 +1113,14 @@ 
 	// Administrators are all powerful, sorry.
 	if ($user_info['is_admin'])
 	{
-		if ($simple)
-			return array(0);
-		else
+		if ($simple) {
+					return array(0);
+		} else
 		{
 			$boards = array();
-			foreach ($permissions as $permission)
-				$boards[$permission] = array(0);
+			foreach ($permissions as $permission) {
+							$boards[$permission] = array(0);
+			}
 
 			return $boards;
 		}
@@ -1102,31 +1152,32 @@ 
 	{
 		if ($simple)
 		{
-			if (empty($row['add_deny']))
-				$deny_boards[] = $row['id_board'];
-			else
-				$boards[] = $row['id_board'];
-		}
-		else
+			if (empty($row['add_deny'])) {
+							$deny_boards[] = $row['id_board'];
+			} else {
+							$boards[] = $row['id_board'];
+			}
+		} else
 		{
-			if (empty($row['add_deny']))
-				$deny_boards[$row['permission']][] = $row['id_board'];
-			else
-				$boards[$row['permission']][] = $row['id_board'];
+			if (empty($row['add_deny'])) {
+							$deny_boards[$row['permission']][] = $row['id_board'];
+			} else {
+							$boards[$row['permission']][] = $row['id_board'];
+			}
 		}
 	}
 	$smcFunc['db_free_result']($request);
 
-	if ($simple)
-		$boards = array_unique(array_values(array_diff($boards, $deny_boards)));
-	else
+	if ($simple) {
+			$boards = array_unique(array_values(array_diff($boards, $deny_boards)));
+	} else
 	{
 		foreach ($permissions as $permission)
 		{
 			// never had it to start with
-			if (empty($boards[$permission]))
-				$boards[$permission] = array();
-			else
+			if (empty($boards[$permission])) {
+							$boards[$permission] = array();
+			} else
 			{
 				// Or it may have been removed
 				$deny_boards[$permission] = isset($deny_boards[$permission]) ? $deny_boards[$permission] : array();
@@ -1162,10 +1213,11 @@ 
 
 
 	// Moderators are free...
-	if (!allowedTo('moderate_board'))
-		$timeLimit = isset($timeOverrides[$error_type]) ? $timeOverrides[$error_type] : $modSettings['spamWaitTime'];
-	else
-		$timeLimit = 2;
+	if (!allowedTo('moderate_board')) {
+			$timeLimit = isset($timeOverrides[$error_type]) ? $timeOverrides[$error_type] : $modSettings['spamWaitTime'];
+	} else {
+			$timeLimit = 2;
+	}
 
 	call_integration_hook('integrate_spam_protection', array(&$timeOverrides, &$timeLimit));
 
@@ -1192,8 +1244,9 @@ 
 	if ($smcFunc['db_affected_rows']() != 1)
 	{
 		// Spammer!  You only have to wait a *few* seconds!
-		if (!$only_return_result)
-			fatal_lang_error($error_type . '_WaitTime_broken', false, array($timeLimit));
+		if (!$only_return_result) {
+					fatal_lang_error($error_type . '_WaitTime_broken', false, array($timeLimit));
+		}
 
 		return true;
 	}
@@ -1211,11 +1264,13 @@ 
  */
 function secureDirectory($path, $attachments = false)
 {
-	if (empty($path))
-		return 'empty_path';
+	if (empty($path)) {
+			return 'empty_path';
+	}
 
-	if (!is_writable($path))
-		return 'path_not_writable';
+	if (!is_writable($path)) {
+			return 'path_not_writable';
+	}
 
 	$directoryname = basename($path);
 
@@ -1227,9 +1282,9 @@ 
 
 RemoveHandler .php .php3 .phtml .cgi .fcgi .pl .fpl .shtml';
 
-	if (file_exists($path . '/.htaccess'))
-		$errors[] = 'htaccess_exists';
-	else
+	if (file_exists($path . '/.htaccess')) {
+			$errors[] = 'htaccess_exists';
+	} else
 	{
 		$fh = @fopen($path . '/.htaccess', 'w');
 		if ($fh)
@@ -1242,9 +1297,9 @@ 
 		$errors[] = 'htaccess_cannot_create_file';
 	}
 
-	if (file_exists($path . '/index.php'))
-		$errors[] = 'index-php_exists';
-	else
+	if (file_exists($path . '/index.php')) {
+			$errors[] = 'index-php_exists';
+	} else
 	{
 		$fh = @fopen($path . '/index.php', 'w');
 		if ($fh)
@@ -1272,11 +1327,12 @@ 
 		$errors[] = 'index-php_cannot_create_file';
 	}
 
-	if (!empty($errors))
-		return $errors;
-	else
-		return true;
-}
+	if (!empty($errors)) {
+			return $errors;
+	} else {
+			return true;
+	}
+	}
 
 /**
 * This sets the X-Frame-Options header.
@@ -1289,14 +1345,16 @@ 
 	global $modSettings;
 
 	$option = 'SAMEORIGIN';
-	if (is_null($override) && !empty($modSettings['frame_security']))
-		$option = $modSettings['frame_security'];
-	elseif (in_array($override, array('SAMEORIGIN', 'DENY')))
-		$option = $override;
+	if (is_null($override) && !empty($modSettings['frame_security'])) {
+			$option = $modSettings['frame_security'];
+	} elseif (in_array($override, array('SAMEORIGIN', 'DENY'))) {
+			$option = $override;
+	}
 
 	// Don't bother setting the header if we have disabled it.
-	if ($option == 'DISABLE')
-		return;
+	if ($option == 'DISABLE') {
+			return;
+	}
 
 	// Finally set it.
 	header('x-frame-options: ' . $option);

Themes/default/Errors.template.php

Spacing +1 added lines, -1 removed lines

@@ -328,7 +328,7 @@
 		foreach ($context['error_info']['backtrace'] as $key => $value)
 		{
 			//Check for existing
-			if (!property_exists($value,'file') || empty($value->file))
+			if (!property_exists($value, 'file') || empty($value->file))
 				$value->file = $txt['unknown'];
 			if (!property_exists($value, 'line') || empty($value->line))
 				$value->line = -1;

Braces +48 added lines, -33 removed lines

@@ -23,15 +23,15 @@ 
 {
 	global $context, $txt;
 
-	if (!empty($context['simple_action']))
-		echo '
+	if (!empty($context['simple_action'])) {
+			echo '
 	<strong>
 		', $context['error_title'], '
 	</strong><br>
 	<div ', $context['error_code'], 'class="padding">
 		', $context['error_message'], '
 	</div>';
-	else
+	} else
 	{
 		echo '
 	<div id="fatal_error">
@@ -85,21 +85,23 @@ 
 
 	$error_types = array();
 
-	foreach ($context['error_types'] as $type => $details)
-		$error_types[] = ($details['is_selected'] ? '<img src="' . $settings['images_url'] . '/selected.png" alt=""> ' : '') . '<a href="' . $details['url'] . '" ' . ($details['is_selected'] ? 'style="font-weight: bold;"' : '') . ' title="' . $details['description'] . '">' . $details['label'] . '</a>';
+	foreach ($context['error_types'] as $type => $details) {
+			$error_types[] = ($details['is_selected'] ? '<img src="' . $settings['images_url'] . '/selected.png" alt=""> ' : '') . '<a href="' . $details['url'] . '" ' . ($details['is_selected'] ? 'style="font-weight: bold;"' : '') . ' title="' . $details['description'] . '">' . $details['label'] . '</a>';
+	}
 
 	echo '
 						', implode(' | ', $error_types), '
 					</td>
 				</tr>';
 
-	if ($context['has_filter'])
-		echo '
+	if ($context['has_filter']) {
+			echo '
 				<tr>
 					<td colspan="3" class="windowbg">
 						<strong>', $txt['applying_filter'], ':</strong> ', $context['filter']['entity'], ' ', $context['filter']['value']['html'], ' [<a href="', $scripturl, '?action=admin;area=logs;sa=errorlog', $context['sort_direction'] == 'down' ? ';desc' : '', '">', $txt['clear_filter'], '</a>]
 					</td>
 				</tr>';
+	}
 
 	echo '
 				<tr>
@@ -110,11 +112,12 @@ 
 				</tr>';
 
 	// No errors, then show a message
-	if (count($context['errors']) == 0)
-		echo '
+	if (count($context['errors']) == 0) {
+			echo '
 				<tr class="windowbg">
 					<td class="centertext" colspan="2">', $txt['errlog_no_entries'], '</td>
 				</tr>';
+	}
 
 	// We have some errors, must be some mods installed :P
 	foreach ($context['errors'] as $error)
@@ -128,16 +131,18 @@ 
 							<a href="', $scripturl, '?action=admin;area=logs;sa=errorlog', $context['sort_direction'] == 'down' ? '' : ';desc', $context['has_filter'] ? $context['filter']['href'] : '', '" title="', $txt['reverse_direction'], '"><span class="generic_icons sort_' . $context['sort_direction'] . '"></span></a>
 							', $error['time'], '<br>';
 
-		if (!empty($error['member']['ip']))
-			echo '
+		if (!empty($error['member']['ip'])) {
+					echo '
 							<a href="', $scripturl, '?action=admin;area=logs;sa=errorlog', $context['sort_direction'] == 'down' ? ';desc' : '', ';filter=ip;value=', $error['member']['ip'], '" title="', $txt['apply_filter'], ': ', $txt['filter_only_ip'], '"><span class="generic_icons filter centericon"></span></a>
 							<strong><a href="', $scripturl, '?action=trackip;searchip=', $error['member']['ip'], '">', $error['member']['ip'], '</a></strong>';
+		}
 
-		if ($error['member']['session'] != '')
-			echo '
+		if ($error['member']['session'] != '') {
+					echo '
 							<br>
 							<a href="', $scripturl, '?action=admin;area=logs;sa=errorlog', $context['sort_direction'] == 'down' ? ';desc' : '', ';filter=session;value=', $error['member']['session'], '" title="', $txt['apply_filter'], ': ', $txt['filter_only_session'], '"><span class="generic_icons filter centericon"></span></a>
 							', $error['member']['session'], '<br>';
+		}
 
 		echo '
 						</div>
@@ -152,12 +157,13 @@ 
 							<a href="', $error['url']['html'], '">', $error['url']['html'], '</a>
 ';
 
-		if (!empty($error['file']))
-			echo '
+		if (!empty($error['file'])) {
+					echo '
 							<div>
 								<a href="', $scripturl, '?action=admin;area=logs;sa=errorlog', $context['sort_direction'] == 'down' ? ';desc' : '', ';filter=file;value=', $error['file']['search'], '" title="', $txt['apply_filter'], ': ', $txt['filter_only_file'], '">'
 				. '					<span class="generic_icons filter"></span></a> ', $error['file']['link'], ' (', $txt['line'], ' ', $error['file']['line'], ')
 							</div>';
+		}
 
 		echo '
 						</div>
@@ -186,9 +192,10 @@ 
 				</div>
 			</div>';
 
-	if ($context['sort_direction'] == 'down')
-		echo '
+	if ($context['sort_direction'] == 'down') {
+			echo '
 			<input type="hidden" name="desc" value="1">';
+	}
 
 	echo '
 			<input type="hidden" name="', $context['session_var'], '" value="', $context['session_id'], '">
@@ -249,9 +256,10 @@ 
 					$context['error_message'], '
 				</div>';
 	
-	if (!empty($context['back_link'])) 
-		echo '
+	if (!empty($context['back_link'])) {
+			echo '
 				<a class="button" href="', $scripturl, $context['back_link'], '">', $txt['back'], '</a>';
+	}
 
 	echo '
 				<span style="float: right; margin:.5em;"></span>
@@ -288,25 +296,30 @@ 
 			<div class="windowbg">
 				<ul class="padding">';
 
-		if (!empty($context['error_info']['error_type']))
-			echo '
+		if (!empty($context['error_info']['error_type'])) {
+					echo '
 					<li>', $txt['error_type'], ': ', ucfirst($context['error_info']['error_type']), '</li>';
+		}
 
-		if (!empty($context['error_info']['message']))
-			echo '
+		if (!empty($context['error_info']['message'])) {
+					echo '
 					<li>', $txt['error_message'], ': ', $context['error_info']['message'], '</li>';
+		}
 
-		if (!empty($context['error_info']['file']))
-			echo '
+		if (!empty($context['error_info']['file'])) {
+					echo '
 					<li>', $txt['error_file'], ': ', $context['error_info']['file'], '</li>';
+		}
 
-		if (!empty($context['error_info']['line']))
-			echo '
+		if (!empty($context['error_info']['line'])) {
+					echo '
 					<li>', $txt['error_line'], ': ', $context['error_info']['line'], '</li>';
+		}
 
-		if (!empty($context['error_info']['url']))
-			echo '
+		if (!empty($context['error_info']['url'])) {
+					echo '
 					<li>', $txt['error_url'], ': ', $context['error_info']['url'], '</li>';
+		}
 
 
 		echo '
@@ -328,10 +341,12 @@ 
 		foreach ($context['error_info']['backtrace'] as $key => $value)
 		{
 			//Check for existing
-			if (!property_exists($value,'file') || empty($value->file))
-				$value->file = $txt['unknown'];
-			if (!property_exists($value, 'line') || empty($value->line))
-				$value->line = -1;
+			if (!property_exists($value,'file') || empty($value->file)) {
+							$value->file = $txt['unknown'];
+			}
+			if (!property_exists($value, 'line') || empty($value->line)) {
+							$value->line = -1;
+			}
 
 				echo '
 					<li class="backtrace">', sprintf($txt['backtrace_info'], $key, $value->function, $value->file, $value->line, base64_encode($value->file)), '</li>';

Sources/Subs-Attachments.php

Braces +297 added lines, -224 removed lines

@@ -14,8 +14,9 @@ 
  * @version 2.1 Beta 4
  */
 
-if (!defined('SMF'))
+if (!defined('SMF')) {
 	die('No direct access...');
+}
 
 /**
  * Check if the current directory is still valid or not.
@@ -28,22 +29,24 @@ 
 	global $smcFunc, $boarddir, $modSettings, $context;
 
 	// Not pretty, but since we don't want folders created for every post. It'll do unless a better solution can be found.
-	if (isset($_REQUEST['action']) && $_REQUEST['action'] == 'admin')
-		$doit = true;
-	elseif (empty($modSettings['automanage_attachments']))
-		return;
-	elseif (!isset($_FILES))
-		return;
-	elseif (isset($_FILES['attachment']))
-		foreach ($_FILES['attachment']['tmp_name'] as $dummy)
+	if (isset($_REQUEST['action']) && $_REQUEST['action'] == 'admin') {
+			$doit = true;
+	} elseif (empty($modSettings['automanage_attachments'])) {
+			return;
+	} elseif (!isset($_FILES)) {
+			return;
+	} elseif (isset($_FILES['attachment'])) {
+			foreach ($_FILES['attachment']['tmp_name'] as $dummy)
 			if (!empty($dummy))
 			{
 				$doit = true;
+	}
 				break;
 			}
 
-	if (!isset($doit))
-		return;
+	if (!isset($doit)) {
+			return;
+	}
 
 	$year = date('Y');
 	$month = date('m');
@@ -54,21 +57,25 @@ 
 
 	if (!empty($modSettings['attachment_basedirectories']) && !empty($modSettings['use_subdirectories_for_attachments']))
 	{
-			if (!is_array($modSettings['attachment_basedirectories']))
-				$modSettings['attachment_basedirectories'] = $smcFunc['json_decode']($modSettings['attachment_basedirectories'], true);
+			if (!is_array($modSettings['attachment_basedirectories'])) {
+							$modSettings['attachment_basedirectories'] = $smcFunc['json_decode']($modSettings['attachment_basedirectories'], true);
+			}
 			$base_dir = array_search($modSettings['basedirectory_for_attachments'], $modSettings['attachment_basedirectories']);
+	} else {
+			$base_dir = 0;
 	}
-	else
-		$base_dir = 0;
 
 	if ($modSettings['automanage_attachments'] == 1)
 	{
-		if (!isset($modSettings['last_attachments_directory']))
-			$modSettings['last_attachments_directory'] = array();
-		if (!is_array($modSettings['last_attachments_directory']))
-			$modSettings['last_attachments_directory'] = $smcFunc['json_decode']($modSettings['last_attachments_directory'], true);
-		if (!isset($modSettings['last_attachments_directory'][$base_dir]))
-			$modSettings['last_attachments_directory'][$base_dir] = 0;
+		if (!isset($modSettings['last_attachments_directory'])) {
+					$modSettings['last_attachments_directory'] = array();
+		}
+		if (!is_array($modSettings['last_attachments_directory'])) {
+					$modSettings['last_attachments_directory'] = $smcFunc['json_decode']($modSettings['last_attachments_directory'], true);
+		}
+		if (!isset($modSettings['last_attachments_directory'][$base_dir])) {
+					$modSettings['last_attachments_directory'][$base_dir] = 0;
+		}
 	}
 
 	$basedirectory = (!empty($modSettings['use_subdirectories_for_attachments']) ? ($modSettings['basedirectory_for_attachments']) : $boarddir);
@@ -97,12 +104,14 @@ 
 			$updir = '';
 	}
 
-	if (!is_array($modSettings['attachmentUploadDir']))
-		$modSettings['attachmentUploadDir'] = $smcFunc['json_decode']($modSettings['attachmentUploadDir'], true);
-	if (!in_array($updir, $modSettings['attachmentUploadDir']) && !empty($updir))
-		$outputCreation = automanage_attachments_create_directory($updir);
-	elseif (in_array($updir, $modSettings['attachmentUploadDir']))
-		$outputCreation = true;
+	if (!is_array($modSettings['attachmentUploadDir'])) {
+			$modSettings['attachmentUploadDir'] = $smcFunc['json_decode']($modSettings['attachmentUploadDir'], true);
+	}
+	if (!in_array($updir, $modSettings['attachmentUploadDir']) && !empty($updir)) {
+			$outputCreation = automanage_attachments_create_directory($updir);
+	} elseif (in_array($updir, $modSettings['attachmentUploadDir'])) {
+			$outputCreation = true;
+	}
 
 	if ($outputCreation)
 	{
@@ -139,8 +148,9 @@ 
 		$count = count($tree);
 
 		$directory = attachments_init_dir($tree, $count);
-		if ($directory === false)
-			return false;
+		if ($directory === false) {
+					return false;
+		}
 	}
 
 	$directory .= DIRECTORY_SEPARATOR . array_shift($tree);
@@ -168,8 +178,9 @@ 
 	}
 
 	// Everything seems fine...let's create the .htaccess
-	if (!file_exists($directory . DIRECTORY_SEPARATOR . '.htaccess'))
-		secureDirectory($updir, true);
+	if (!file_exists($directory . DIRECTORY_SEPARATOR . '.htaccess')) {
+			secureDirectory($updir, true);
+	}
 
 	$sep = (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') ? '\/' : DIRECTORY_SEPARATOR;
 	$updir = rtrim($updir, $sep);
@@ -201,8 +212,9 @@ 
 {
 	global $smcFunc, $modSettings, $boarddir;
 
-	if (!isset($modSettings['automanage_attachments']) || (!empty($modSettings['automanage_attachments']) && $modSettings['automanage_attachments'] != 1))
-		return;
+	if (!isset($modSettings['automanage_attachments']) || (!empty($modSettings['automanage_attachments']) && $modSettings['automanage_attachments'] != 1)) {
+			return;
+	}
 
 	$basedirectory = !empty($modSettings['use_subdirectories_for_attachments']) ? $modSettings['basedirectory_for_attachments'] : $boarddir;
 	// Just to be sure: I don't want directory separators at the end
@@ -214,13 +226,14 @@ 
 	{
 		$base_dir = array_search($modSettings['basedirectory_for_attachments'], $modSettings['attachment_basedirectories']);
 		$base_dir = !empty($modSettings['automanage_attachments']) ? $base_dir : 0;
+	} else {
+			$base_dir = 0;
 	}
-	else
-		$base_dir = 0;
 
 	// Get the last attachment directory for that base directory
-	if (empty($modSettings['last_attachments_directory'][$base_dir]))
-		$modSettings['last_attachments_directory'][$base_dir] = 0;
+	if (empty($modSettings['last_attachments_directory'][$base_dir])) {
+			$modSettings['last_attachments_directory'][$base_dir] = 0;
+	}
 	// And increment it.
 	$modSettings['last_attachments_directory'][$base_dir]++;
 
@@ -235,10 +248,10 @@ 
 		$modSettings['last_attachments_directory'] = $smcFunc['json_decode']($modSettings['last_attachments_directory'], true);
 
 		return true;
+	} else {
+			return false;
+	}
 	}
-	else
-		return false;
-}
 
 /**
  * Split a path into a list of all directories and subdirectories
@@ -256,12 +269,13 @@ 
 			* in Windows we need to explode for both \ and /
 			* while in linux should be safe to explode only for / (aka DIRECTORY_SEPARATOR)
 	*/
-	if (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN')
-		$tree = preg_split('#[\\\/]#', $directory);
-	else
+	if (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') {
+			$tree = preg_split('#[\\\/]#', $directory);
+	} else
 	{
-		if (substr($directory, 0, 1) != DIRECTORY_SEPARATOR)
-			return false;
+		if (substr($directory, 0, 1) != DIRECTORY_SEPARATOR) {
+					return false;
+		}
 
 		$tree = explode(DIRECTORY_SEPARATOR, trim($directory, DIRECTORY_SEPARATOR));
 	}
@@ -285,10 +299,11 @@ 
 		 //Better be sure that the first part of the path is actually a drive letter...
 		 //...even if, I should check this in the admin page...isn't it?
 		 //...NHAAA Let's leave space for users' complains! :P
-		if (preg_match('/^[a-z]:$/i', $tree[0]))
-			$directory = array_shift($tree);
-		else
-			return false;
+		if (preg_match('/^[a-z]:$/i', $tree[0])) {
+					$directory = array_shift($tree);
+		} else {
+					return false;
+		}
 
 		$count--;
 	}
@@ -303,18 +318,20 @@ 
 	global $context, $modSettings, $smcFunc, $txt, $user_info;
 
 	// Make sure we're uploading to the right place.
-	if (!empty($modSettings['automanage_attachments']))
-		automanage_attachments_check_directory();
+	if (!empty($modSettings['automanage_attachments'])) {
+			automanage_attachments_check_directory();
+	}
 
-	if (!is_array($modSettings['attachmentUploadDir']))
-		$modSettings['attachmentUploadDir'] = $smcFunc['json_decode']($modSettings['attachmentUploadDir'], true);
+	if (!is_array($modSettings['attachmentUploadDir'])) {
+			$modSettings['attachmentUploadDir'] = $smcFunc['json_decode']($modSettings['attachmentUploadDir'], true);
+	}
 
 	$context['attach_dir'] = $modSettings['attachmentUploadDir'][$modSettings['currentAttachmentUploadDir']];
 
 	// Is the attachments folder actualy there?
-	if (!empty($context['dir_creation_error']))
-		$initial_error = $context['dir_creation_error'];
-	elseif (!is_dir($context['attach_dir']))
+	if (!empty($context['dir_creation_error'])) {
+			$initial_error = $context['dir_creation_error'];
+	} elseif (!is_dir($context['attach_dir']))
 	{
 		$initial_error = 'attach_folder_warning';
 		log_error(sprintf($txt['attach_folder_admin_warning'], $context['attach_dir']), 'critical');
@@ -337,12 +354,12 @@ 
 			);
 			list ($context['attachments']['quantity'], $context['attachments']['total_size']) = $smcFunc['db_fetch_row']($request);
 			$smcFunc['db_free_result']($request);
-		}
-		else
-			$context['attachments'] = array(
+		} else {
+					$context['attachments'] = array(
 				'quantity' => 0,
 				'total_size' => 0,
 			);
+		}
 	}
 
 	// Hmm. There are still files in session.
@@ -352,39 +369,44 @@ 
 		// Let's try to keep them. But...
 		$ignore_temp = true;
 		// If new files are being added. We can't ignore those
-		foreach ($_FILES['attachment']['tmp_name'] as $dummy)
-			if (!empty($dummy))
+		foreach ($_FILES['attachment']['tmp_name'] as $dummy) {
+					if (!empty($dummy))
 			{
 				$ignore_temp = false;
+		}
 				break;
 			}
 
 		// Need to make space for the new files. So, bye bye.
 		if (!$ignore_temp)
 		{
-			foreach ($_SESSION['temp_attachments'] as $attachID => $attachment)
-				if (strpos($attachID, 'post_tmp_' . $user_info['id']) !== false)
+			foreach ($_SESSION['temp_attachments'] as $attachID => $attachment) {
+							if (strpos($attachID, 'post_tmp_' . $user_info['id']) !== false)
 					unlink($attachment['tmp_name']);
+			}
 
 			$context['we_are_history'] = $txt['error_temp_attachments_flushed'];
 			$_SESSION['temp_attachments'] = array();
 		}
 	}
 
-	if (!isset($_FILES['attachment']['name']))
-		$_FILES['attachment']['tmp_name'] = array();
+	if (!isset($_FILES['attachment']['name'])) {
+			$_FILES['attachment']['tmp_name'] = array();
+	}
 
-	if (!isset($_SESSION['temp_attachments']))
-		$_SESSION['temp_attachments'] = array();
+	if (!isset($_SESSION['temp_attachments'])) {
+			$_SESSION['temp_attachments'] = array();
+	}
 
 	// Remember where we are at. If it's anywhere at all.
-	if (!$ignore_temp)
-		$_SESSION['temp_attachments']['post'] = array(
+	if (!$ignore_temp) {
+			$_SESSION['temp_attachments']['post'] = array(
 			'msg' => !empty($_REQUEST['msg']) ? $_REQUEST['msg'] : 0,
 			'last_msg' => !empty($_REQUEST['last_msg']) ? $_REQUEST['last_msg'] : 0,
 			'topic' => !empty($topic) ? $topic : 0,
 			'board' => !empty($board) ? $board : 0,
 		);
+	}
 
 	// If we have an initial error, lets just display it.
 	if (!empty($initial_error))
@@ -392,9 +414,10 @@ 
 		$_SESSION['temp_attachments']['initial_error'] = $initial_error;
 
 		// And delete the files 'cos they ain't going nowhere.
-		foreach ($_FILES['attachment']['tmp_name'] as $n => $dummy)
-			if (file_exists($_FILES['attachment']['tmp_name'][$n]))
+		foreach ($_FILES['attachment']['tmp_name'] as $n => $dummy) {
+					if (file_exists($_FILES['attachment']['tmp_name'][$n]))
 				unlink($_FILES['attachment']['tmp_name'][$n]);
+		}
 
 		$_FILES['attachment']['tmp_name'] = array();
 	}
@@ -402,21 +425,24 @@ 
 	// Loop through $_FILES['attachment'] array and move each file to the current attachments folder.
 	foreach ($_FILES['attachment']['tmp_name'] as $n => $dummy)
 	{
-		if ($_FILES['attachment']['name'][$n] == '')
-			continue;
+		if ($_FILES['attachment']['name'][$n] == '') {
+					continue;
+		}
 
 		// First, let's first check for PHP upload errors.
 		$errors = array();
 		if (!empty($_FILES['attachment']['error'][$n]))
 		{
-			if ($_FILES['attachment']['error'][$n] == 2)
-				$errors[] = array('file_too_big', array($modSettings['attachmentSizeLimit']));
-			elseif ($_FILES['attachment']['error'][$n] == 6)
-				log_error($_FILES['attachment']['name'][$n] . ': ' . $txt['php_upload_error_6'], 'critical');
-			else
-				log_error($_FILES['attachment']['name'][$n] . ': ' . $txt['php_upload_error_' . $_FILES['attachment']['error'][$n]]);
-			if (empty($errors))
-				$errors[] = 'attach_php_error';
+			if ($_FILES['attachment']['error'][$n] == 2) {
+							$errors[] = array('file_too_big', array($modSettings['attachmentSizeLimit']));
+			} elseif ($_FILES['attachment']['error'][$n] == 6) {
+							log_error($_FILES['attachment']['name'][$n] . ': ' . $txt['php_upload_error_6'], 'critical');
+			} else {
+							log_error($_FILES['attachment']['name'][$n] . ': ' . $txt['php_upload_error_' . $_FILES['attachment']['error'][$n]]);
+			}
+			if (empty($errors)) {
+							$errors[] = 'attach_php_error';
+			}
 		}
 
 		// Try to move and rename the file before doing any more checks on it.
@@ -426,8 +452,9 @@ 
 		{
 			// The reported MIME type of the attachment might not be reliable.
 			// Fortunately, PHP 5.3+ lets us easily verify the real MIME type.
-			if (function_exists('mime_content_type'))
-				$_FILES['attachment']['type'][$n] = mime_content_type($_FILES['attachment']['tmp_name'][$n]);
+			if (function_exists('mime_content_type')) {
+							$_FILES['attachment']['type'][$n] = mime_content_type($_FILES['attachment']['tmp_name'][$n]);
+			}
 
 			$_SESSION['temp_attachments'][$attachID] = array(
 				'name' => $smcFunc['htmlspecialchars'](basename($_FILES['attachment']['name'][$n])),
@@ -439,16 +466,16 @@ 
 			);
 
 			// Move the file to the attachments folder with a temp name for now.
-			if (@move_uploaded_file($_FILES['attachment']['tmp_name'][$n], $destName))
-				smf_chmod($destName, 0644);
-			else
+			if (@move_uploaded_file($_FILES['attachment']['tmp_name'][$n], $destName)) {
+							smf_chmod($destName, 0644);
+			} else
 			{
 				$_SESSION['temp_attachments'][$attachID]['errors'][] = 'attach_timeout';
-				if (file_exists($_FILES['attachment']['tmp_name'][$n]))
-					unlink($_FILES['attachment']['tmp_name'][$n]);
+				if (file_exists($_FILES['attachment']['tmp_name'][$n])) {
+									unlink($_FILES['attachment']['tmp_name'][$n]);
+				}
 			}
-		}
-		else
+		} else
 		{
 			$_SESSION['temp_attachments'][$attachID] = array(
 				'name' => $smcFunc['htmlspecialchars'](basename($_FILES['attachment']['name'][$n])),
@@ -456,12 +483,14 @@ 
 				'errors' => $errors,
 			);
 
-			if (file_exists($_FILES['attachment']['tmp_name'][$n]))
-				unlink($_FILES['attachment']['tmp_name'][$n]);
+			if (file_exists($_FILES['attachment']['tmp_name'][$n])) {
+							unlink($_FILES['attachment']['tmp_name'][$n]);
+			}
 		}
 		// If there's no errors to this point. We still do need to apply some additional checks before we are finished.
-		if (empty($_SESSION['temp_attachments'][$attachID]['errors']))
-			attachmentChecks($attachID);
+		if (empty($_SESSION['temp_attachments'][$attachID]['errors'])) {
+					attachmentChecks($attachID);
+		}
 	}
 	// Mod authors, finally a hook to hang an alternate attachment upload system upon
 	// Upload to the current attachment folder with the file name $attachID or 'post_tmp_' . $user_info['id'] . '_' . md5(mt_rand())
@@ -488,21 +517,20 @@ 
 	global $modSettings, $context, $sourcedir, $smcFunc;
 
 	// No data or missing data .... Not necessarily needed, but in case a mod author missed something.
-	if (empty($_SESSION['temp_attachments'][$attachID]))
-		$error = '$_SESSION[\'temp_attachments\'][$attachID]';
-
-	elseif (empty($attachID))
-		$error = '$attachID';
-
-	elseif (empty($context['attachments']))
-		$error = '$context[\'attachments\']';
-
-	elseif (empty($context['attach_dir']))
-		$error = '$context[\'attach_dir\']';
+	if (empty($_SESSION['temp_attachments'][$attachID])) {
+			$error = '$_SESSION[\'temp_attachments\'][$attachID]';
+	} elseif (empty($attachID)) {
+			$error = '$attachID';
+	} elseif (empty($context['attachments'])) {
+			$error = '$context[\'attachments\']';
+	} elseif (empty($context['attach_dir'])) {
+			$error = '$context[\'attach_dir\']';
+	}
 
 	// Let's get their attention.
-	if (!empty($error))
-		fatal_lang_error('attach_check_nag', 'debug', array($error));
+	if (!empty($error)) {
+			fatal_lang_error('attach_check_nag', 'debug', array($error));
+	}
 
 	// Just in case this slipped by the first checks, we stop it here and now
 	if ($_SESSION['temp_attachments'][$attachID]['size'] == 0)
@@ -531,8 +559,9 @@ 
 			$size = @getimagesize($_SESSION['temp_attachments'][$attachID]['tmp_name']);
 			if (!(empty($size)) && ($size[2] != $old_format))
 			{
-				if (isset($context['valid_image_types'][$size[2]]))
-					$_SESSION['temp_attachments'][$attachID]['type'] = 'image/' . $context['valid_image_types'][$size[2]];
+				if (isset($context['valid_image_types'][$size[2]])) {
+									$_SESSION['temp_attachments'][$attachID]['type'] = 'image/' . $context['valid_image_types'][$size[2]];
+				}
 			}
 		}
 	}
@@ -586,42 +615,48 @@ 
 				// Or, let the user know that it ain't gonna happen.
 				else
 				{
-					if (isset($context['dir_creation_error']))
-						$_SESSION['temp_attachments'][$attachID]['errors'][] = $context['dir_creation_error'];
-					else
-						$_SESSION['temp_attachments'][$attachID]['errors'][] = 'ran_out_of_space';
+					if (isset($context['dir_creation_error'])) {
+											$_SESSION['temp_attachments'][$attachID]['errors'][] = $context['dir_creation_error'];
+					} else {
+											$_SESSION['temp_attachments'][$attachID]['errors'][] = 'ran_out_of_space';
+					}
 				}
+			} else {
+							$_SESSION['temp_attachments'][$attachID]['errors'][] = 'ran_out_of_space';
 			}
-			else
-				$_SESSION['temp_attachments'][$attachID]['errors'][] = 'ran_out_of_space';
 		}
 	}
 
 	// Is the file too big?
 	$context['attachments']['total_size'] += $_SESSION['temp_attachments'][$attachID]['size'];
-	if (!empty($modSettings['attachmentSizeLimit']) && $_SESSION['temp_attachments'][$attachID]['size'] > $modSettings['attachmentSizeLimit'] * 1024)
-		$_SESSION['temp_attachments'][$attachID]['errors'][] = array('file_too_big', array(comma_format($modSettings['attachmentSizeLimit'], 0)));
+	if (!empty($modSettings['attachmentSizeLimit']) && $_SESSION['temp_attachments'][$attachID]['size'] > $modSettings['attachmentSizeLimit'] * 1024) {
+			$_SESSION['temp_attachments'][$attachID]['errors'][] = array('file_too_big', array(comma_format($modSettings['attachmentSizeLimit'], 0)));
+	}
 
 	// Check the total upload size for this post...
-	if (!empty($modSettings['attachmentPostLimit']) && $context['attachments']['total_size'] > $modSettings['attachmentPostLimit'] * 1024)
-		$_SESSION['temp_attachments'][$attachID]['errors'][] = array('attach_max_total_file_size', array(comma_format($modSettings['attachmentPostLimit'], 0), comma_format($modSettings['attachmentPostLimit'] - (($context['attachments']['total_size'] - $_SESSION['temp_attachments'][$attachID]['size']) / 1024), 0)));
+	if (!empty($modSettings['attachmentPostLimit']) && $context['attachments']['total_size'] > $modSettings['attachmentPostLimit'] * 1024) {
+			$_SESSION['temp_attachments'][$attachID]['errors'][] = array('attach_max_total_file_size', array(comma_format($modSettings['attachmentPostLimit'], 0), comma_format($modSettings['attachmentPostLimit'] - (($context['attachments']['total_size'] - $_SESSION['temp_attachments'][$attachID]['size']) / 1024), 0)));
+	}
 
 	// Have we reached the maximum number of files we are allowed?
 	$context['attachments']['quantity']++;
 
 	// Set a max limit if none exists
-	if (empty($modSettings['attachmentNumPerPostLimit']) && $context['attachments']['quantity'] >= 50)
-		$modSettings['attachmentNumPerPostLimit'] = 50;
+	if (empty($modSettings['attachmentNumPerPostLimit']) && $context['attachments']['quantity'] >= 50) {
+			$modSettings['attachmentNumPerPostLimit'] = 50;
+	}
 
-	if (!empty($modSettings['attachmentNumPerPostLimit']) && $context['attachments']['quantity'] > $modSettings['attachmentNumPerPostLimit'])
-		$_SESSION['temp_attachments'][$attachID]['errors'][] = array('attachments_limit_per_post', array($modSettings['attachmentNumPerPostLimit']));
+	if (!empty($modSettings['attachmentNumPerPostLimit']) && $context['attachments']['quantity'] > $modSettings['attachmentNumPerPostLimit']) {
+			$_SESSION['temp_attachments'][$attachID]['errors'][] = array('attachments_limit_per_post', array($modSettings['attachmentNumPerPostLimit']));
+	}
 
 	// File extension check
 	if (!empty($modSettings['attachmentCheckExtensions']))
 	{
 		$allowed = explode(',', strtolower($modSettings['attachmentExtensions']));
-		foreach ($allowed as $k => $dummy)
-			$allowed[$k] = trim($dummy);
+		foreach ($allowed as $k => $dummy) {
+					$allowed[$k] = trim($dummy);
+		}
 
 		if (!in_array(strtolower(substr(strrchr($_SESSION['temp_attachments'][$attachID]['name'], '.'), 1)), $allowed))
 		{
@@ -633,10 +668,12 @@ 
 	// Undo the math if there's an error
 	if (!empty($_SESSION['temp_attachments'][$attachID]['errors']))
 	{
-		if (isset($context['dir_size']))
-			$context['dir_size'] -= $_SESSION['temp_attachments'][$attachID]['size'];
-		if (isset($context['dir_files']))
-			$context['dir_files']--;
+		if (isset($context['dir_size'])) {
+					$context['dir_size'] -= $_SESSION['temp_attachments'][$attachID]['size'];
+		}
+		if (isset($context['dir_files'])) {
+					$context['dir_files']--;
+		}
 		$context['attachments']['total_size'] -= $_SESSION['temp_attachments'][$attachID]['size'];
 		$context['attachments']['quantity']--;
 		return false;
@@ -668,12 +705,14 @@ 
 	if (empty($attachmentOptions['mime_type']) && $attachmentOptions['width'])
 	{
 		// Got a proper mime type?
-		if (!empty($size['mime']))
-			$attachmentOptions['mime_type'] = $size['mime'];
+		if (!empty($size['mime'])) {
+					$attachmentOptions['mime_type'] = $size['mime'];
+		}
 
 		// Otherwise a valid one?
-		elseif (isset($context['valid_image_types'][$size[2]]))
-			$attachmentOptions['mime_type'] = 'image/' . $context['valid_image_types'][$size[2]];
+		elseif (isset($context['valid_image_types'][$size[2]])) {
+					$attachmentOptions['mime_type'] = 'image/' . $context['valid_image_types'][$size[2]];
+		}
 	}
 
 	// It is possible we might have a MIME type that isn't actually an image but still have a size.
@@ -685,15 +724,17 @@ 
 	}
 
 	// Get the hash if no hash has been given yet.
-	if (empty($attachmentOptions['file_hash']))
-		$attachmentOptions['file_hash'] = getAttachmentFilename($attachmentOptions['name'], false, null, true);
+	if (empty($attachmentOptions['file_hash'])) {
+			$attachmentOptions['file_hash'] = getAttachmentFilename($attachmentOptions['name'], false, null, true);
+	}
 
 	// Assuming no-one set the extension let's take a look at it.
 	if (empty($attachmentOptions['fileext']))
 	{
 		$attachmentOptions['fileext'] = strtolower(strrpos($attachmentOptions['name'], '.') !== false ? substr($attachmentOptions['name'], strrpos($attachmentOptions['name'], '.') + 1) : '');
-		if (strlen($attachmentOptions['fileext']) > 8 || '.' . $attachmentOptions['fileext'] == $attachmentOptions['name'])
-			$attachmentOptions['fileext'] = '';
+		if (strlen($attachmentOptions['fileext']) > 8 || '.' . $attachmentOptions['fileext'] == $attachmentOptions['name']) {
+					$attachmentOptions['fileext'] = '';
+		}
 	}
 
 	// Last chance to change stuff!
@@ -702,8 +743,9 @@ 
 	// Make sure the folder is valid...
 	$tmp = is_array($modSettings['attachmentUploadDir']) ? $modSettings['attachmentUploadDir'] : $smcFunc['json_decode']($modSettings['attachmentUploadDir'], true);
 	$folders = array_keys($tmp);
-	if (empty($attachmentOptions['id_folder']) || !in_array($attachmentOptions['id_folder'], $folders))
-		$attachmentOptions['id_folder'] = $modSettings['currentAttachmentUploadDir'];
+	if (empty($attachmentOptions['id_folder']) || !in_array($attachmentOptions['id_folder'], $folders)) {
+			$attachmentOptions['id_folder'] = $modSettings['currentAttachmentUploadDir'];
+	}
 
 	$attachmentOptions['id'] = $smcFunc['db_insert']('',
 		'{db_prefix}attachments',
@@ -734,8 +776,8 @@ 
 	rename($attachmentOptions['tmp_name'], $attachmentOptions['destination']);
 
 	// If it's not approved then add to the approval queue.
-	if (!$attachmentOptions['approved'])
-		$smcFunc['db_insert']('',
+	if (!$attachmentOptions['approved']) {
+			$smcFunc['db_insert']('',
 			'{db_prefix}approval_queue',
 			array(
 				'id_attach' => 'int', 'id_msg' => 'int',
@@ -745,9 +787,11 @@ 
 			),
 			array()
 		);
+	}
 
-	if (empty($modSettings['attachmentThumbnails']) || (empty($attachmentOptions['width']) && empty($attachmentOptions['height'])))
-		return true;
+	if (empty($modSettings['attachmentThumbnails']) || (empty($attachmentOptions['width']) && empty($attachmentOptions['height']))) {
+			return true;
+	}
 
 	// Like thumbnails, do we?
 	if (!empty($modSettings['attachmentThumbWidth']) && !empty($modSettings['attachmentThumbHeight']) && ($attachmentOptions['width'] > $modSettings['attachmentThumbWidth'] || $attachmentOptions['height'] > $modSettings['attachmentThumbHeight']))
@@ -758,13 +802,15 @@ 
 			$size = @getimagesize($attachmentOptions['destination'] . '_thumb');
 			list ($thumb_width, $thumb_height) = $size;
 
-			if (!empty($size['mime']))
-				$thumb_mime = $size['mime'];
-			elseif (isset($context['valid_image_types'][$size[2]]))
-				$thumb_mime = 'image/' . $context['valid_image_types'][$size[2]];
+			if (!empty($size['mime'])) {
+							$thumb_mime = $size['mime'];
+			} elseif (isset($context['valid_image_types'][$size[2]])) {
+							$thumb_mime = 'image/' . $context['valid_image_types'][$size[2]];
+			}
 			// Lord only knows how this happened...
-			else
-				$thumb_mime = '';
+			else {
+							$thumb_mime = '';
+			}
 
 			$thumb_filename = $attachmentOptions['name'] . '_thumb';
 			$thumb_size = filesize($attachmentOptions['destination'] . '_thumb');
@@ -844,15 +890,17 @@ 
 	global $smcFunc;
 
 	// Oh, come on!
-	if (empty($attachIDs) || empty($msgID))
-		return false;
+	if (empty($attachIDs) || empty($msgID)) {
+			return false;
+	}
 
 	// "I see what is right and approve, but I do what is wrong."
 	call_integration_hook('integrate_assign_attachments', array(&$attachIDs, &$msgID));
 
 	// One last check
-	if (empty($attachIDs))
-		return false;
+	if (empty($attachIDs)) {
+			return false;
+	}
 
 	// Perform.
 	$smcFunc['db_query']('', '
@@ -880,8 +928,9 @@ 
 	global $board, $modSettings, $context, $scripturl, $smcFunc;
 
 	// Meh...
-	if (empty($attachID))
-		return 'attachments_no_data_loaded';
+	if (empty($attachID)) {
+			return 'attachments_no_data_loaded';
+	}
 
 	// Make it easy.
 	$msgID = !empty($_REQUEST['msg']) ? (int) $_REQUEST['msg'] : 0;
@@ -890,20 +939,23 @@ 
 	$externalParse = call_integration_hook('integrate_pre_parseAttachBBC', array($attachID, $msgID));
 
 	// "I am innocent of the blood of this just person: see ye to it."
-	if (!empty($externalParse) && (is_string($externalParse) || is_array($externalParse)))
-		return $externalParse;
+	if (!empty($externalParse) && (is_string($externalParse) || is_array($externalParse))) {
+			return $externalParse;
+	}
 
 	//Are attachments enable?
-	if (empty($modSettings['attachmentEnable']))
-		return 'attachments_not_enable';
+	if (empty($modSettings['attachmentEnable'])) {
+			return 'attachments_not_enable';
+	}
 
 	// Previewing much? no msg ID has been set yet.
 	if (!empty($context['preview_message']))
 	{
 		$allAttachments = getAttachsByMsg(0);
 
-		if (empty($allAttachments[0][$attachID]))
-			return 'attachments_no_data_loaded';
+		if (empty($allAttachments[0][$attachID])) {
+					return 'attachments_no_data_loaded';
+		}
 
 		$attachLoaded = loadAttachmentContext(0, $allAttachments);
 
@@ -915,57 +967,66 @@ 
 		$attachContext['link'] = '<a href="' . $scripturl . '?action=dlattach;attach=' . $attachID . ';type=preview' . (empty($attachContext['is_image']) ? ';file' : '') . '">' . $smcFunc['htmlspecialchars']($attachContext['name']) . '</a>';
 
 		// Fix the thumbnail too, if the image has one.
-		if (!empty($attachContext['thumbnail']) && !empty($attachContext['thumbnail']['has_thumb']))
-			$attachContext['thumbnail']['href'] = $scripturl . '?action=dlattach;attach=' . $attachContext['thumbnail']['id'] . ';image;type=preview';
+		if (!empty($attachContext['thumbnail']) && !empty($attachContext['thumbnail']['has_thumb'])) {
+					$attachContext['thumbnail']['href'] = $scripturl . '?action=dlattach;attach=' . $attachContext['thumbnail']['id'] . ';image;type=preview';
+		}
 
 		return $attachContext;
 	}
 
 	// There is always the chance someone else has already done our dirty work...
 	// If so, all pertinent checks were already done. Hopefully...
-	if (!empty($context['current_attachments']) && !empty($context['current_attachments'][$attachID]))
-		return $context['current_attachments'][$attachID];
+	if (!empty($context['current_attachments']) && !empty($context['current_attachments'][$attachID])) {
+			return $context['current_attachments'][$attachID];
+	}
 
 	// If we are lucky enough to be in $board's scope then check it!
-	if (!empty($board) && !allowedTo('view_attachments', $board))
-		return 'attachments_not_allowed_to_see';
+	if (!empty($board) && !allowedTo('view_attachments', $board)) {
+			return 'attachments_not_allowed_to_see';
+	}
 
 	// Get the message info associated with this particular attach ID.
 	$attachInfo = getAttachMsgInfo($attachID);
 
 	// There is always the chance this attachment no longer exists or isn't associated to a message anymore...
-	if (empty($attachInfo) || empty($attachInfo['msg']))
-		return 'attachments_no_msg_associated';
+	if (empty($attachInfo) || empty($attachInfo['msg'])) {
+			return 'attachments_no_msg_associated';
+	}
 
 	// Hold it! got the info now check if you can see this attachment.
-	if (!allowedTo('view_attachments', $attachInfo['board']))
-		return 'attachments_not_allowed_to_see';
+	if (!allowedTo('view_attachments', $attachInfo['board'])) {
+			return 'attachments_not_allowed_to_see';
+	}
 
 	$allAttachments = getAttachsByMsg($attachInfo['msg']);
 	$attachContext = $allAttachments[$attachInfo['msg']][$attachID];
 
 	// No point in keep going further.
-	if (!allowedTo('view_attachments', $attachContext['board']))
-		return 'attachments_not_allowed_to_see';
+	if (!allowedTo('view_attachments', $attachContext['board'])) {
+			return 'attachments_not_allowed_to_see';
+	}
 
 	// Load this particular attach's context.
-	if (!empty($attachContext))
-		$attachLoaded = loadAttachmentContext($attachContext['id_msg'], $allAttachments);
+	if (!empty($attachContext)) {
+			$attachLoaded = loadAttachmentContext($attachContext['id_msg'], $allAttachments);
+	}
 
 	// One last check, you know, gotta be paranoid...
-	else
-		return 'attachments_no_data_loaded';
+	else {
+			return 'attachments_no_data_loaded';
+	}
 
 	// This is the last "if" I promise!
-	if (empty($attachLoaded))
-		return 'attachments_no_data_loaded';
-
-	else
-		$attachContext = $attachLoaded[$attachID];
+	if (empty($attachLoaded)) {
+			return 'attachments_no_data_loaded';
+	} else {
+			$attachContext = $attachLoaded[$attachID];
+	}
 
 	// You may or may not want to show this under the post.
-	if (!empty($modSettings['dont_show_attach_under_post']) && !isset($context['show_attach_under_post'][$attachID]))
-		$context['show_attach_under_post'][$attachID] = $attachID;
+	if (!empty($modSettings['dont_show_attach_under_post']) && !isset($context['show_attach_under_post'][$attachID])) {
+			$context['show_attach_under_post'][$attachID] = $attachID;
+	}
 
 	// Last minute changes?
 	call_integration_hook('integrate_post_parseAttachBBC', array(&$attachContext));
@@ -985,8 +1046,9 @@ 
 {
 	global $smcFunc, $modSettings;
 
-	if (empty($attachIDs))
-		return array();
+	if (empty($attachIDs)) {
+			return array();
+	}
 
 	$return = array();
 
@@ -1002,11 +1064,12 @@ 
 		)
 	);
 
-	if ($smcFunc['db_num_rows']($request) != 1)
-		return array();
+	if ($smcFunc['db_num_rows']($request) != 1) {
+			return array();
+	}
 
-	while ($row = $smcFunc['db_fetch_assoc']($request))
-		$return[$row['id_attach']] = array(
+	while ($row = $smcFunc['db_fetch_assoc']($request)) {
+			$return[$row['id_attach']] = array(
 			'name' => $smcFunc['htmlspecialchars']($row['filename']),
 			'size' => $row['size'],
 			'attachID' => $row['id_attach'],
@@ -1015,6 +1078,7 @@ 
 			'mime_type' => $row['mime_type'],
 			'thumb' => $row['id_thumb'],
 		);
+	}
 	$smcFunc['db_free_result']($request);
 
 	return $return;
@@ -1031,8 +1095,9 @@ 
 {
 	global $smcFunc;
 
-	if (empty($attachID))
-		return array();
+	if (empty($attachID)) {
+			return array();
+	}
 
 	$request = $smcFunc['db_query']('', '
 		SELECT a.id_msg AS msg, m.id_topic AS topic, m.id_board AS board
@@ -1045,8 +1110,9 @@ 
 		)
 	);
 
-	if ($smcFunc['db_num_rows']($request) != 1)
-		return array();
+	if ($smcFunc['db_num_rows']($request) != 1) {
+			return array();
+	}
 
 	$row = $smcFunc['db_fetch_assoc']($request);
 	$smcFunc['db_free_result']($request);
@@ -1087,8 +1153,9 @@ 
 		$temp = array();
 		while ($row = $smcFunc['db_fetch_assoc']($request))
 		{
-			if (!$row['approved'] && $modSettings['postmod_active'] && !allowedTo('approve_posts') && (!isset($all_posters[$row['id_msg']]) || $all_posters[$row['id_msg']] != $user_info['id']))
-				continue;
+			if (!$row['approved'] && $modSettings['postmod_active'] && !allowedTo('approve_posts') && (!isset($all_posters[$row['id_msg']]) || $all_posters[$row['id_msg']] != $user_info['id'])) {
+							continue;
+			}
 
 			$temp[$row['id_attach']] = $row;
 		}
@@ -1117,8 +1184,9 @@ 
 {
 	global $modSettings, $txt, $scripturl, $sourcedir, $smcFunc;
 
-	if (empty($attachments) || empty($attachments[$id_msg]))
-		return array();
+	if (empty($attachments) || empty($attachments[$id_msg])) {
+			return array();
+	}
 
 	// Set up the attachment info - based on code by Meriadoc.
 	$attachmentData = array();
@@ -1142,11 +1210,13 @@ 
 			);
 
 			// If something is unapproved we'll note it so we can sort them.
-			if (!$attachment['approved'])
-				$have_unapproved = true;
+			if (!$attachment['approved']) {
+							$have_unapproved = true;
+			}
 
-			if (!$attachmentData[$i]['is_image'])
-				continue;
+			if (!$attachmentData[$i]['is_image']) {
+							continue;
+			}
 
 			$attachmentData[$i]['real_width'] = $attachment['width'];
 			$attachmentData[$i]['width'] = $attachment['width'];
@@ -1167,11 +1237,11 @@ 
 						// So what folder are we putting this image in?
 						if (!empty($modSettings['currentAttachmentUploadDir']))
 						{
-							if (!is_array($modSettings['attachmentUploadDir']))
-								$modSettings['attachmentUploadDir'] = $smcFunc['json_decode']($modSettings['attachmentUploadDir'], true);
+							if (!is_array($modSettings['attachmentUploadDir'])) {
+															$modSettings['attachmentUploadDir'] = $smcFunc['json_decode']($modSettings['attachmentUploadDir'], true);
+							}
 							$id_folder_thumb = $modSettings['currentAttachmentUploadDir'];
-						}
-						else
+						} else
 						{
 							$id_folder_thumb = 1;
 						}
@@ -1185,10 +1255,11 @@ 
 						$thumb_ext = isset($context['valid_image_types'][$size[2]]) ? $context['valid_image_types'][$size[2]] : '';
 
 						// Figure out the mime type.
-						if (!empty($size['mime']))
-							$thumb_mime = $size['mime'];
-						else
-							$thumb_mime = 'image/' . $thumb_ext;
+						if (!empty($size['mime'])) {
+													$thumb_mime = $size['mime'];
+						} else {
+													$thumb_mime = 'image/' . $thumb_ext;
+						}
 
 						$thumb_filename = $attachment['filename'] . '_thumb';
 						$thumb_hash = getAttachmentFilename($thumb_filename, false, null, true);
@@ -1236,11 +1307,12 @@ 
 				}
 			}
 
-			if (!empty($attachment['id_thumb']))
-				$attachmentData[$i]['thumbnail'] = array(
+			if (!empty($attachment['id_thumb'])) {
+							$attachmentData[$i]['thumbnail'] = array(
 					'id' => $attachment['id_thumb'],
 					'href' => $scripturl . '?action=dlattach;topic=' . $attachment['topic'] . '.0;attach=' . $attachment['id_thumb'] . ';image',
 				);
+			}
 			$attachmentData[$i]['thumbnail']['has_thumb'] = !empty($attachment['id_thumb']);
 
 			// If thumbnails are disabled, check the maximum size of the image.
@@ -1250,30 +1322,31 @@ 
 				{
 					$attachmentData[$i]['width'] = $modSettings['max_image_width'];
 					$attachmentData[$i]['height'] = floor($attachment['height'] * $modSettings['max_image_width'] / $attachment['width']);
-				}
-				elseif (!empty($modSettings['max_image_width']))
+				} elseif (!empty($modSettings['max_image_width']))
 				{
 					$attachmentData[$i]['width'] = floor($attachment['width'] * $modSettings['max_image_height'] / $attachment['height']);
 					$attachmentData[$i]['height'] = $modSettings['max_image_height'];
 				}
-			}
-			elseif ($attachmentData[$i]['thumbnail']['has_thumb'])
+			} elseif ($attachmentData[$i]['thumbnail']['has_thumb'])
 			{
 				// If the image is too large to show inline, make it a popup.
-				if (((!empty($modSettings['max_image_width']) && $attachmentData[$i]['real_width'] > $modSettings['max_image_width']) || (!empty($modSettings['max_image_height']) && $attachmentData[$i]['real_height'] > $modSettings['max_image_height'])))
-					$attachmentData[$i]['thumbnail']['javascript'] = 'return reqWin(\'' . $attachmentData[$i]['href'] . ';image\', ' . ($attachment['width'] + 20) . ', ' . ($attachment['height'] + 20) . ', true);';
-				else
-					$attachmentData[$i]['thumbnail']['javascript'] = 'return expandThumb(' . $attachment['id_attach'] . ');';
+				if (((!empty($modSettings['max_image_width']) && $attachmentData[$i]['real_width'] > $modSettings['max_image_width']) || (!empty($modSettings['max_image_height']) && $attachmentData[$i]['real_height'] > $modSettings['max_image_height']))) {
+									$attachmentData[$i]['thumbnail']['javascript'] = 'return reqWin(\'' . $attachmentData[$i]['href'] . ';image\', ' . ($attachment['width'] + 20) . ', ' . ($attachment['height'] + 20) . ', true);';
+				} else {
+									$attachmentData[$i]['thumbnail']['javascript'] = 'return expandThumb(' . $attachment['id_attach'] . ');';
+				}
 			}
 
-			if (!$attachmentData[$i]['thumbnail']['has_thumb'])
-				$attachmentData[$i]['downloads']++;
+			if (!$attachmentData[$i]['thumbnail']['has_thumb']) {
+							$attachmentData[$i]['downloads']++;
+			}
 		}
 	}
 
 	// Do we need to instigate a sort?
-	if ($have_unapproved)
-		usort($attachmentData, 'approved_attach_sort');
+	if ($have_unapproved) {
+			usort($attachmentData, 'approved_attach_sort');
+	}
 
 	return $attachmentData;
 }