SimpleMachines / SMF2.1

Sources/Register.php

Braces +177 added lines, -128 removed lines

@@ -15,8 +15,9 @@ 
  * @version 2.1 Beta 4
  */
 
-if (!defined('SMF'))
+if (!defined('SMF')) {
 	die('No direct access...');
+}
 
 /**
  * Begin the registration process.
@@ -29,19 +30,23 @@ 
 	global $language, $scripturl, $smcFunc, $sourcedir, $cur_profile;
 
 	// Is this an incoming AJAX check?
-	if (isset($_GET['sa']) && $_GET['sa'] == 'usernamecheck')
-		return RegisterCheckUsername();
+	if (isset($_GET['sa']) && $_GET['sa'] == 'usernamecheck') {
+			return RegisterCheckUsername();
+	}
 
 	// Check if the administrator has it disabled.
-	if (!empty($modSettings['registration_method']) && $modSettings['registration_method'] == '3')
-		fatal_lang_error('registration_disabled', false);
+	if (!empty($modSettings['registration_method']) && $modSettings['registration_method'] == '3') {
+			fatal_lang_error('registration_disabled', false);
+	}
 
 	// If this user is an admin - redirect them to the admin registration page.
-	if (allowedTo('moderate_forum') && !$user_info['is_guest'])
-		redirectexit('action=admin;area=regcenter;sa=register');
+	if (allowedTo('moderate_forum') && !$user_info['is_guest']) {
+			redirectexit('action=admin;area=regcenter;sa=register');
+	}
 	// You are not a guest, so you are a member - and members don't get to register twice!
-	elseif (empty($user_info['is_guest']))
-		redirectexit();
+	elseif (empty($user_info['is_guest'])) {
+			redirectexit();
+	}
 
 	loadLanguage('Login');
 	loadTemplate('Register');
@@ -82,16 +87,18 @@ 
 		}
 	}
 	// Make sure they don't squeeze through without agreeing.
-	elseif ($current_step > 1 && $context['require_agreement'] && !$context['registration_passed_agreement'])
-		$current_step = 1;
+	elseif ($current_step > 1 && $context['require_agreement'] && !$context['registration_passed_agreement']) {
+			$current_step = 1;
+	}
 
 	// Show the user the right form.
 	$context['sub_template'] = $current_step == 1 ? 'registration_agreement' : 'registration_form';
 	$context['page_title'] = $current_step == 1 ? $txt['registration_agreement'] : $txt['registration_form'];
 
 	// Kinda need this.
-	if ($context['sub_template'] == 'registration_form')
-		loadJavaScriptFile('register.js', array('defer' => false), 'smf_register');
+	if ($context['sub_template'] == 'registration_form') {
+			loadJavaScriptFile('register.js', array('defer' => false), 'smf_register');
+	}
 
 	// Add the register chain to the link tree.
 	$context['linktree'][] = array(
@@ -100,24 +107,26 @@ 
 	);
 
 	// Prepare the time gate! Do it like so, in case later steps want to reset the limit for any reason, but make sure the time is the current one.
-	if (!isset($_SESSION['register']))
-		$_SESSION['register'] = array(
+	if (!isset($_SESSION['register'])) {
+			$_SESSION['register'] = array(
 			'timenow' => time(),
 			'limit' => 10, // minimum number of seconds required on this page for registration
 		);
-	else
-		$_SESSION['register']['timenow'] = time();
+	} else {
+			$_SESSION['register']['timenow'] = time();
+	}
 
 	// If you have to agree to the agreement, it needs to be fetched from the file.
 	if ($context['require_agreement'])
 	{
 		// Have we got a localized one?
-		if (file_exists($boarddir . '/agreement.' . $user_info['language'] . '.txt'))
-			$context['agreement'] = parse_bbc(file_get_contents($boarddir . '/agreement.' . $user_info['language'] . '.txt'), true, 'agreement_' . $user_info['language']);
-		elseif (file_exists($boarddir . '/agreement.txt'))
-			$context['agreement'] = parse_bbc(file_get_contents($boarddir . '/agreement.txt'), true, 'agreement');
-		else
-			$context['agreement'] = '';
+		if (file_exists($boarddir . '/agreement.' . $user_info['language'] . '.txt')) {
+					$context['agreement'] = parse_bbc(file_get_contents($boarddir . '/agreement.' . $user_info['language'] . '.txt'), true, 'agreement_' . $user_info['language']);
+		} elseif (file_exists($boarddir . '/agreement.txt')) {
+					$context['agreement'] = parse_bbc(file_get_contents($boarddir . '/agreement.txt'), true, 'agreement');
+		} else {
+					$context['agreement'] = '';
+		}
 
 		// Nothing to show, lets disable registration and inform the admin of this error
 		if (empty($context['agreement']))
@@ -133,8 +142,9 @@ 
 		$selectedLanguage = empty($_SESSION['language']) ? $language : $_SESSION['language'];
 
 		// Do we have any languages?
-		if (empty($context['languages']))
-			getLanguages();
+		if (empty($context['languages'])) {
+					getLanguages();
+		}
 
 		// Try to find our selected language.
 		foreach ($context['languages'] as $key => $lang)
@@ -142,8 +152,9 @@ 
 			$context['languages'][$key]['name'] = strtr($lang['name'], array('-utf8' => ''));
 
 			// Found it!
-			if ($selectedLanguage == $lang['filename'])
-				$context['languages'][$key]['selected'] = true;
+			if ($selectedLanguage == $lang['filename']) {
+							$context['languages'][$key]['selected'] = true;
+			}
 		}
 	}
 
@@ -170,16 +181,19 @@ 
 		if (in_array('website', $reg_fields))
 		{
 			unset($reg_fields['website']);
-			if (isset($_POST['website_title']))
-				$cur_profile['website_title'] = $smcFunc['htmlspecialchars']($_POST['website_title']);
-			if (isset($_POST['website_url']))
-				$cur_profile['website_url'] = $smcFunc['htmlspecialchars']($_POST['website_url']);
+			if (isset($_POST['website_title'])) {
+							$cur_profile['website_title'] = $smcFunc['htmlspecialchars']($_POST['website_title']);
+			}
+			if (isset($_POST['website_url'])) {
+							$cur_profile['website_url'] = $smcFunc['htmlspecialchars']($_POST['website_url']);
+			}
 		}
 				
 		// We might have had some submissions on this front - go check.
-		foreach ($reg_fields as $field)
-			if (isset($_POST[$field]))
+		foreach ($reg_fields as $field) {
+					if (isset($_POST[$field]))
 				$cur_profile[$field] = $smcFunc['htmlspecialchars']($_POST[$field]);
+		}
 
 		// Load all the fields in question.
 		setupProfileContext($reg_fields);
@@ -196,8 +210,9 @@ 
 		$context['visual_verification_id'] = $verificationOptions['id'];
 	}
 	// Otherwise we have nothing to show.
-	else
-		$context['visual_verification'] = false;
+	else {
+			$context['visual_verification'] = false;
+	}
 
 
 	$context += array(
@@ -208,8 +223,9 @@ 
 
 	// Were there any errors?
 	$context['registration_errors'] = array();
-	if (!empty($reg_errors))
-		$context['registration_errors'] = $reg_errors;
+	if (!empty($reg_errors)) {
+			$context['registration_errors'] = $reg_errors;
+	}
 
 	createToken('register');
 }
@@ -226,27 +242,32 @@ 
 	validateToken('register');
 
 	// Check to ensure we're forcing SSL for authentication
-	if (!empty($modSettings['force_ssl']) && empty($maintenance) && !httpsOn())
-		fatal_lang_error('register_ssl_required');
+	if (!empty($modSettings['force_ssl']) && empty($maintenance) && !httpsOn()) {
+			fatal_lang_error('register_ssl_required');
+	}
 
 	// Start collecting together any errors.
 	$reg_errors = array();
 
 	// You can't register if it's disabled.
-	if (!empty($modSettings['registration_method']) && $modSettings['registration_method'] == 3)
-		fatal_lang_error('registration_disabled', false);
+	if (!empty($modSettings['registration_method']) && $modSettings['registration_method'] == 3) {
+			fatal_lang_error('registration_disabled', false);
+	}
 
 	// Well, if you don't agree, you can't register.
-	if (!empty($modSettings['requireAgreement']) && empty($_SESSION['registration_agreed']))
-		redirectexit();
+	if (!empty($modSettings['requireAgreement']) && empty($_SESSION['registration_agreed'])) {
+			redirectexit();
+	}
 
 	// Make sure they came from *somewhere*, have a session.
-	if (!isset($_SESSION['old_url']))
-		redirectexit('action=signup');
+	if (!isset($_SESSION['old_url'])) {
+			redirectexit('action=signup');
+	}
 
 	// If we don't require an agreement, we need a extra check for coppa.
-	if (empty($modSettings['requireAgreement']) && !empty($modSettings['coppaAge']))
-		$_SESSION['skip_coppa'] = !empty($_POST['accept_agreement']);
+	if (empty($modSettings['requireAgreement']) && !empty($modSettings['coppaAge'])) {
+			$_SESSION['skip_coppa'] = !empty($_POST['accept_agreement']);
+	}
 	// Are they under age, and under age users are banned?
 	if (!empty($modSettings['coppaAge']) && empty($modSettings['coppaType']) && empty($_SESSION['skip_coppa']))
 	{
@@ -255,8 +276,9 @@ 
 	}
 
 	// Check the time gate for miscreants. First make sure they came from somewhere that actually set it up.
-	if (empty($_SESSION['register']['timenow']) || empty($_SESSION['register']['limit']))
-		redirectexit('action=signup');
+	if (empty($_SESSION['register']['timenow']) || empty($_SESSION['register']['limit'])) {
+			redirectexit('action=signup');
+	}
 	// Failing that, check the time on it.
 	if (time() - $_SESSION['register']['timenow'] < $_SESSION['register']['limit'])
 	{
@@ -276,15 +298,17 @@ 
 		if (is_array($context['visual_verification']))
 		{
 			loadLanguage('Errors');
-			foreach ($context['visual_verification'] as $error)
-				$reg_errors[] = $txt['error_' . $error];
+			foreach ($context['visual_verification'] as $error) {
+							$reg_errors[] = $txt['error_' . $error];
+			}
 		}
 	}
 
 	foreach ($_POST as $key => $value)
 	{
-		if (!is_array($_POST[$key]))
-			$_POST[$key] = htmltrim__recursive(str_replace(array("\n", "\r"), '', $_POST[$key]));
+		if (!is_array($_POST[$key])) {
+					$_POST[$key] = htmltrim__recursive(str_replace(array("\n", "\r"), '', $_POST[$key]));
+		}
 	}
 
 	// Collect all extra registration fields someone might have filled in.
@@ -314,12 +338,14 @@ 
 		$reg_fields = explode(',', $modSettings['registration_fields']);
 
 		// Website is a little different
-		if (in_array('website', $reg_fields))
-			$possible_strings = array_merge(array('website_url', 'website_title'), $possible_strings);
+		if (in_array('website', $reg_fields)) {
+					$possible_strings = array_merge(array('website_url', 'website_title'), $possible_strings);
+		}
 	}
 
-	if (isset($_POST['secret_answer']) && $_POST['secret_answer'] != '')
-		$_POST['secret_answer'] = md5($_POST['secret_answer']);
+	if (isset($_POST['secret_answer']) && $_POST['secret_answer'] != '') {
+			$_POST['secret_answer'] = md5($_POST['secret_answer']);
+	}
 
 	// Needed for isReservedName() and registerMember().
 	require_once($sourcedir . '/Subs-Members.php');
@@ -328,8 +354,9 @@ 
 	if (isset($_POST['real_name']))
 	{
 		// Are you already allowed to edit the displayed name?
-		if (allowedTo('profile_displayed_name') || allowedTo('moderate_forum'))
-			$canEditDisplayName = true;
+		if (allowedTo('profile_displayed_name') || allowedTo('moderate_forum')) {
+					$canEditDisplayName = true;
+		}
 
 		// If you are a guest, will you be allowed to once you register?
 		else
@@ -353,33 +380,38 @@ 
 			$_POST['real_name'] = trim(preg_replace('~[\t\n\r \x0B\0' . ($context['utf8'] ? '\x{A0}\x{AD}\x{2000}-\x{200F}\x{201F}\x{202F}\x{3000}\x{FEFF}' : '\x00-\x08\x0B\x0C\x0E-\x19\xA0') . ']+~' . ($context['utf8'] ? 'u' : ''), ' ', $_POST['real_name']));
 
 			// Only set it if we are sure it is good
-			if (trim($_POST['real_name']) != '' && !isReservedName($_POST['real_name']) && $smcFunc['strlen']($_POST['real_name']) < 60)
-				$possible_strings[] = 'real_name';
+			if (trim($_POST['real_name']) != '' && !isReservedName($_POST['real_name']) && $smcFunc['strlen']($_POST['real_name']) < 60) {
+							$possible_strings[] = 'real_name';
+			}
 		}
 	}
 
 	// Handle a string as a birthdate...
-	if (isset($_POST['birthdate']) && $_POST['birthdate'] != '')
-		$_POST['birthdate'] = strftime('%Y-%m-%d', strtotime($_POST['birthdate']));
+	if (isset($_POST['birthdate']) && $_POST['birthdate'] != '') {
+			$_POST['birthdate'] = strftime('%Y-%m-%d', strtotime($_POST['birthdate']));
+	}
 	// Or birthdate parts...
-	elseif (!empty($_POST['bday1']) && !empty($_POST['bday2']))
-		$_POST['birthdate'] = sprintf('%04d-%02d-%02d', empty($_POST['bday3']) ? 0 : (int) $_POST['bday3'], (int) $_POST['bday1'], (int) $_POST['bday2']);
+	elseif (!empty($_POST['bday1']) && !empty($_POST['bday2'])) {
+			$_POST['birthdate'] = sprintf('%04d-%02d-%02d', empty($_POST['bday3']) ? 0 : (int) $_POST['bday3'], (int) $_POST['bday1'], (int) $_POST['bday2']);
+	}
 
 	// Validate the passed language file.
 	if (isset($_POST['lngfile']) && !empty($modSettings['userLanguage']))
 	{
 		// Do we have any languages?
-		if (empty($context['languages']))
-			getLanguages();
+		if (empty($context['languages'])) {
+					getLanguages();
+		}
 
 		// Did we find it?
-		if (isset($context['languages'][$_POST['lngfile']]))
-			$_SESSION['language'] = $_POST['lngfile'];
-		else
+		if (isset($context['languages'][$_POST['lngfile']])) {
+					$_SESSION['language'] = $_POST['lngfile'];
+		} else {
+					unset($_POST['lngfile']);
+		}
+	} else {
 			unset($_POST['lngfile']);
 	}
-	else
-		unset($_POST['lngfile']);
 
 	// Set the options needed for registration.
 	$regOptions = array(
@@ -399,22 +431,27 @@ 
 	);
 
 	// Include the additional options that might have been filled in.
-	foreach ($possible_strings as $var)
-		if (isset($_POST[$var]))
+	foreach ($possible_strings as $var) {
+			if (isset($_POST[$var]))
 			$regOptions['extra_register_vars'][$var] = $smcFunc['htmlspecialchars']($_POST[$var], ENT_QUOTES);
-	foreach ($possible_ints as $var)
-		if (isset($_POST[$var]))
+	}
+	foreach ($possible_ints as $var) {
+			if (isset($_POST[$var]))
 			$regOptions['extra_register_vars'][$var] = (int) $_POST[$var];
-	foreach ($possible_floats as $var)
-		if (isset($_POST[$var]))
+	}
+	foreach ($possible_floats as $var) {
+			if (isset($_POST[$var]))
 			$regOptions['extra_register_vars'][$var] = (float) $_POST[$var];
-	foreach ($possible_bools as $var)
-		if (isset($_POST[$var]))
+	}
+	foreach ($possible_bools as $var) {
+			if (isset($_POST[$var]))
 			$regOptions['extra_register_vars'][$var] = empty($_POST[$var]) ? 0 : 1;
+	}
 
 	// Registration options are always default options...
-	if (isset($_POST['default_options']))
-		$_POST['options'] = isset($_POST['options']) ? $_POST['options'] + $_POST['default_options'] : $_POST['default_options'];
+	if (isset($_POST['default_options'])) {
+			$_POST['options'] = isset($_POST['options']) ? $_POST['options'] + $_POST['default_options'] : $_POST['default_options'];
+	}
 	$regOptions['theme_vars'] = isset($_POST['options']) && is_array($_POST['options']) ? $_POST['options'] : array();
 
 	// Make sure they are clean, dammit!
@@ -434,12 +471,14 @@ 
 	while ($row = $smcFunc['db_fetch_assoc']($request))
 	{
 		// Don't allow overriding of the theme variables.
-		if (isset($regOptions['theme_vars'][$row['col_name']]))
-			unset($regOptions['theme_vars'][$row['col_name']]);
+		if (isset($regOptions['theme_vars'][$row['col_name']])) {
+					unset($regOptions['theme_vars'][$row['col_name']]);
+		}
 
 		// Not actually showing it then?
-		if (!$row['show_reg'])
-			continue;
+		if (!$row['show_reg']) {
+					continue;
+		}
 
 		// Prepare the value!
 		$value = isset($_POST['customfield'][$row['col_name']]) ? trim($_POST['customfield'][$row['col_name']]) : '';
@@ -448,24 +487,27 @@ 
 		if (!in_array($row['field_type'], array('check', 'select', 'radio')))
 		{
 			// Is it too long?
-			if ($row['field_length'] && $row['field_length'] < $smcFunc['strlen']($value))
-				$custom_field_errors[] = array('custom_field_too_long', array($row['field_name'], $row['field_length']));
+			if ($row['field_length'] && $row['field_length'] < $smcFunc['strlen']($value)) {
+							$custom_field_errors[] = array('custom_field_too_long', array($row['field_name'], $row['field_length']));
+			}
 
 			// Any masks to apply?
 			if ($row['field_type'] == 'text' && !empty($row['mask']) && $row['mask'] != 'none')
 			{
-				if ($row['mask'] == 'email' && (!filter_var($value, FILTER_VALIDATE_EMAIL) || strlen($value) > 255))
-					$custom_field_errors[] = array('custom_field_invalid_email', array($row['field_name']));
-				elseif ($row['mask'] == 'number' && preg_match('~[^\d]~', $value))
-					$custom_field_errors[] = array('custom_field_not_number', array($row['field_name']));
-				elseif (substr($row['mask'], 0, 5) == 'regex' && trim($value) != '' && preg_match(substr($row['mask'], 5), $value) === 0)
-					$custom_field_errors[] = array('custom_field_inproper_format', array($row['field_name']));
+				if ($row['mask'] == 'email' && (!filter_var($value, FILTER_VALIDATE_EMAIL) || strlen($value) > 255)) {
+									$custom_field_errors[] = array('custom_field_invalid_email', array($row['field_name']));
+				} elseif ($row['mask'] == 'number' && preg_match('~[^\d]~', $value)) {
+									$custom_field_errors[] = array('custom_field_not_number', array($row['field_name']));
+				} elseif (substr($row['mask'], 0, 5) == 'regex' && trim($value) != '' && preg_match(substr($row['mask'], 5), $value) === 0) {
+									$custom_field_errors[] = array('custom_field_inproper_format', array($row['field_name']));
+				}
 			}
 		}
 
 		// Is this required but not there?
-		if (trim($value) == '' && $row['show_reg'] > 1)
-			$custom_field_errors[] = array('custom_field_empty', array($row['field_name']));
+		if (trim($value) == '' && $row['show_reg'] > 1) {
+					$custom_field_errors[] = array('custom_field_empty', array($row['field_name']));
+		}
 	}
 	$smcFunc['db_free_result']($request);
 
@@ -473,8 +515,9 @@ 
 	if (!empty($custom_field_errors))
 	{
 		loadLanguage('Errors');
-		foreach ($custom_field_errors as $error)
-			$reg_errors[] = vsprintf($txt['error_' . $error[0]], $error[1]);
+		foreach ($custom_field_errors as $error) {
+					$reg_errors[] = vsprintf($txt['error_' . $error[0]], $error[1]);
+		}
 	}
 
 	// Lets check for other errors before trying to register the member.
@@ -519,8 +562,9 @@ 
 	}
 
 	// If COPPA has been selected then things get complicated, setup the template.
-	if (!empty($modSettings['coppaAge']) && empty($_SESSION['skip_coppa']))
-		redirectexit('action=coppa;member=' . $memberID);
+	if (!empty($modSettings['coppaAge']) && empty($_SESSION['skip_coppa'])) {
+			redirectexit('action=coppa;member=' . $memberID);
+	}
 	// Basic template variable setup.
 	elseif (!empty($modSettings['registration_method']))
 	{
@@ -532,8 +576,7 @@ 
 			'sub_template' => 'after',
 			'description' => $modSettings['registration_method'] == 2 ? $txt['approval_after_registration'] : $txt['activate_after_registration']
 		);
-	}
-	else
+	} else
 	{
 		call_integration_hook('integrate_activate', array($regOptions['username']));
 
@@ -553,16 +596,18 @@ 
 	global $context, $txt, $modSettings, $scripturl, $sourcedir, $smcFunc, $language, $user_info;
 
 	// Logged in users should not bother to activate their accounts
-	if (!empty($user_info['id']))
-		redirectexit();
+	if (!empty($user_info['id'])) {
+			redirectexit();
+	}
 
 	loadLanguage('Login');
 	loadTemplate('Login');
 
 	if (empty($_REQUEST['u']) && empty($_POST['user']))
 	{
-		if (empty($modSettings['registration_method']) || $modSettings['registration_method'] == '3')
-			fatal_lang_error('no_access', false);
+		if (empty($modSettings['registration_method']) || $modSettings['registration_method'] == '3') {
+					fatal_lang_error('no_access', false);
+		}
 
 		$context['member_id'] = 0;
 		$context['sub_template'] = 'resend';
@@ -602,11 +647,13 @@ 
 	// Change their email address? (they probably tried a fake one first :P.)
 	if (isset($_POST['new_email'], $_REQUEST['passwd']) && hash_password($row['member_name'], $_REQUEST['passwd']) == $row['passwd'] && ($row['is_activated'] == 0 || $row['is_activated'] == 2))
 	{
-		if (empty($modSettings['registration_method']) || $modSettings['registration_method'] == 3)
-			fatal_lang_error('no_access', false);
+		if (empty($modSettings['registration_method']) || $modSettings['registration_method'] == 3) {
+					fatal_lang_error('no_access', false);
+		}
 
-		if (!filter_var($_POST['new_email'], FILTER_VALIDATE_EMAIL))
-			fatal_error(sprintf($txt['valid_email_needed'], $smcFunc['htmlspecialchars']($_POST['new_email'])), false);
+		if (!filter_var($_POST['new_email'], FILTER_VALIDATE_EMAIL)) {
+					fatal_error(sprintf($txt['valid_email_needed'], $smcFunc['htmlspecialchars']($_POST['new_email'])), false);
+		}
 
 		// Make sure their email isn't banned.
 		isBannedEmail($_POST['new_email'], 'cannot_register', $txt['ban_register_prohibited']);
@@ -622,8 +669,9 @@ 
 			)
 		);
 
-		if ($smcFunc['db_num_rows']($request) != 0)
-			fatal_lang_error('email_in_use', false, array($smcFunc['htmlspecialchars']($_POST['new_email'])));
+		if ($smcFunc['db_num_rows']($request) != 0) {
+					fatal_lang_error('email_in_use', false, array($smcFunc['htmlspecialchars']($_POST['new_email'])));
+		}
 		$smcFunc['db_free_result']($request);
 
 		updateMemberData($row['id_member'], array('email_address' => $_POST['new_email']));
@@ -661,9 +709,9 @@ 
 	// Quit if this code is not right.
 	if (empty($_REQUEST['code']) || $row['validation_code'] != $_REQUEST['code'])
 	{
-		if (!empty($row['is_activated']))
-			fatal_lang_error('already_activated', false);
-		elseif ($row['validation_code'] == '')
+		if (!empty($row['is_activated'])) {
+					fatal_lang_error('already_activated', false);
+		} elseif ($row['validation_code'] == '')
 		{
 			loadLanguage('Profile');
 			fatal_error(sprintf($txt['registration_not_approved'], $scripturl . '?action=activate;user=' . $row['member_name']), false);
@@ -713,8 +761,9 @@ 
 	loadTemplate('Register');
 
 	// No User ID??
-	if (!isset($_GET['member']))
-		fatal_lang_error('no_access', false);
+	if (!isset($_GET['member'])) {
+			fatal_lang_error('no_access', false);
+	}
 
 	// Get the user details...
 	$request = $smcFunc['db_query']('', '
@@ -727,8 +776,9 @@ 
 			'is_coppa' => 5,
 		)
 	);
-	if ($smcFunc['db_num_rows']($request) == 0)
-		fatal_lang_error('no_access', false);
+	if ($smcFunc['db_num_rows']($request) == 0) {
+			fatal_lang_error('no_access', false);
+	}
 	list ($username) = $smcFunc['db_fetch_row']($request);
 	$smcFunc['db_free_result']($request);
 
@@ -766,8 +816,7 @@ 
 			echo $data;
 			obExit(false);
 		}
-	}
-	else
+	} else
 	{
 		$context += array(
 			'page_title' => $txt['coppa_title'],
@@ -820,8 +869,9 @@ 
 	{
 		require_once($sourcedir . '/Subs-Graphics.php');
 
-		if (in_array('gd', get_loaded_extensions()) && !showCodeImage($code))
-			header('HTTP/1.1 400 Bad Request');
+		if (in_array('gd', get_loaded_extensions()) && !showCodeImage($code)) {
+					header('HTTP/1.1 400 Bad Request');
+		}
 
 		// Otherwise just show a pre-defined letter.
 		elseif (isset($_REQUEST['letter']))
@@ -839,14 +889,13 @@ 
 			header('content-type: image/gif');
 			die("\x47\x49\x46\x38\x39\x61\x01\x00\x01\x00\x80\x00\x00\x00\x00\x00\x00\x00\x00\x21\xF9\x04\x01\x00\x00\x00\x00\x2C\x00\x00\x00\x00\x01\x00\x01\x00\x00\x02\x02\x44\x01\x00\x3B");
 		}
-	}
-
-	elseif ($_REQUEST['format'] === '.wav')
+	} elseif ($_REQUEST['format'] === '.wav')
 	{
 		require_once($sourcedir . '/Subs-Sound.php');
 
-		if (!createWaveFile($code))
-			header('HTTP/1.1 400 Bad Request');
+		if (!createWaveFile($code)) {
+					header('HTTP/1.1 400 Bad Request');
+		}
 	}
 
 	// We all die one day...

Sources/Security.php

Braces +258 added lines, -199 removed lines

@@ -14,8 +14,9 @@ 
  * @version 2.1 Beta 4
  */
 
-if (!defined('SMF'))
+if (!defined('SMF')) {
 	die('No direct access...');
+}
 
 /**
  * Check if the user is who he/she says he is
@@ -42,12 +43,14 @@ 
 	$refreshTime = isset($_GET['xml']) ? 4200 : 3600;
 
 	// Is the security option off?
-	if (!empty($modSettings['securityDisable' . ($type != 'admin' ? '_' . $type : '')]))
-		return;
+	if (!empty($modSettings['securityDisable' . ($type != 'admin' ? '_' . $type : '')])) {
+			return;
+	}
 
 	// Or are they already logged in?, Moderator or admin session is need for this area
-	if ((!empty($_SESSION[$type . '_time']) && $_SESSION[$type . '_time'] + $refreshTime >= time()) || (!empty($_SESSION['admin_time']) && $_SESSION['admin_time'] + $refreshTime >= time()))
-		return;
+	if ((!empty($_SESSION[$type . '_time']) && $_SESSION[$type . '_time'] + $refreshTime >= time()) || (!empty($_SESSION['admin_time']) && $_SESSION['admin_time'] + $refreshTime >= time())) {
+			return;
+	}
 
 	require_once($sourcedir . '/Subs-Auth.php');
 
@@ -55,8 +58,9 @@ 
 	if (isset($_POST[$type . '_pass']))
 	{
 		// Check to ensure we're forcing SSL for authentication
-		if (!empty($modSettings['force_ssl']) && empty($maintenance) && !httpsOn())
-			fatal_lang_error('login_ssl_required');
+		if (!empty($modSettings['force_ssl']) && empty($maintenance) && !httpsOn()) {
+					fatal_lang_error('login_ssl_required');
+		}
 
 		checkSession();
 
@@ -72,17 +76,19 @@ 
 	}
 
 	// Better be sure to remember the real referer
-	if (empty($_SESSION['request_referer']))
-		$_SESSION['request_referer'] = isset($_SERVER['HTTP_REFERER']) ? @parse_url($_SERVER['HTTP_REFERER']) : array();
-	elseif (empty($_POST))
-		unset($_SESSION['request_referer']);
+	if (empty($_SESSION['request_referer'])) {
+			$_SESSION['request_referer'] = isset($_SERVER['HTTP_REFERER']) ? @parse_url($_SERVER['HTTP_REFERER']) : array();
+	} elseif (empty($_POST)) {
+			unset($_SESSION['request_referer']);
+	}
 
 	// Need to type in a password for that, man.
-	if (!isset($_GET['xml']))
-		adminLogin($type);
-	else
-		return 'session_verify_fail';
-}
+	if (!isset($_GET['xml'])) {
+			adminLogin($type);
+	} else {
+			return 'session_verify_fail';
+	}
+	}
 
 /**
  * Require a user who is logged in. (not a guest.)
@@ -96,25 +102,30 @@ 
 	global $user_info, $txt, $context, $scripturl, $modSettings;
 
 	// Luckily, this person isn't a guest.
-	if (!$user_info['is_guest'])
-		return;
+	if (!$user_info['is_guest']) {
+			return;
+	}
 
 	// Log what they were trying to do didn't work)
-	if (!empty($modSettings['who_enabled']))
-		$_GET['error'] = 'guest_login';
+	if (!empty($modSettings['who_enabled'])) {
+			$_GET['error'] = 'guest_login';
+	}
 	writeLog(true);
 
 	// Just die.
-	if (isset($_REQUEST['xml']))
-		obExit(false);
+	if (isset($_REQUEST['xml'])) {
+			obExit(false);
+	}
 
 	// Attempt to detect if they came from dlattach.
-	if (SMF != 'SSI' && empty($context['theme_loaded']))
-		loadTheme();
+	if (SMF != 'SSI' && empty($context['theme_loaded'])) {
+			loadTheme();
+	}
 
 	// Never redirect to an attachment
-	if (strpos($_SERVER['REQUEST_URL'], 'dlattach') === false)
-		$_SESSION['login_url'] = $_SERVER['REQUEST_URL'];
+	if (strpos($_SERVER['REQUEST_URL'], 'dlattach') === false) {
+			$_SESSION['login_url'] = $_SERVER['REQUEST_URL'];
+	}
 
 	// Load the Login template and language file.
 	loadLanguage('Login');
@@ -124,8 +135,7 @@ 
 	{
 		$_SESSION['login_url'] = $scripturl . '?' . $_SERVER['QUERY_STRING'];
 		redirectexit('action=login');
-	}
-	else
+	} else
 	{
 		loadTemplate('Login');
 		$context['sub_template'] = 'kick_guest';
@@ -155,8 +165,9 @@ 
 	global $sourcedir, $cookiename, $user_settings, $smcFunc;
 
 	// You cannot be banned if you are an admin - doesn't help if you log out.
-	if ($user_info['is_admin'])
-		return;
+	if ($user_info['is_admin']) {
+			return;
+	}
 
 	// Only check the ban every so often. (to reduce load.)
 	if ($forceCheck || !isset($_SESSION['ban']) || empty($modSettings['banLastUpdated']) || ($_SESSION['ban']['last_checked'] < $modSettings['banLastUpdated']) || $_SESSION['ban']['id_member'] != $user_info['id'] || $_SESSION['ban']['ip'] != $user_info['ip'] || $_SESSION['ban']['ip2'] != $user_info['ip2'] || (isset($user_info['email'], $_SESSION['ban']['email']) && $_SESSION['ban']['email'] != $user_info['email']))
@@ -177,8 +188,9 @@ 
 		// Check both IP addresses.
 		foreach (array('ip', 'ip2') as $ip_number)
 		{
-			if ($ip_number == 'ip2' && $user_info['ip2'] == $user_info['ip'])
-				continue;
+			if ($ip_number == 'ip2' && $user_info['ip2'] == $user_info['ip']) {
+							continue;
+			}
 			$ban_query[] = ' {inet:' . $ip_number . '} BETWEEN bi.ip_low and bi.ip_high';
 			$ban_query_vars[$ip_number] = $user_info[$ip_number];
 			// IP was valid, maybe there's also a hostname...
@@ -228,24 +240,28 @@ 
 			// Store every type of ban that applies to you in your session.
 			while ($row = $smcFunc['db_fetch_assoc']($request))
 			{
-				foreach ($restrictions as $restriction)
-					if (!empty($row[$restriction]))
+				foreach ($restrictions as $restriction) {
+									if (!empty($row[$restriction]))
 					{
 						$_SESSION['ban'][$restriction]['reason'] = $row['reason'];
+				}
 						$_SESSION['ban'][$restriction]['ids'][] = $row['id_ban'];
-						if (!isset($_SESSION['ban']['expire_time']) || ($_SESSION['ban']['expire_time'] != 0 && ($row['expire_time'] == 0 || $row['expire_time'] > $_SESSION['ban']['expire_time'])))
-							$_SESSION['ban']['expire_time'] = $row['expire_time'];
+						if (!isset($_SESSION['ban']['expire_time']) || ($_SESSION['ban']['expire_time'] != 0 && ($row['expire_time'] == 0 || $row['expire_time'] > $_SESSION['ban']['expire_time']))) {
+													$_SESSION['ban']['expire_time'] = $row['expire_time'];
+						}
 
-						if (!$user_info['is_guest'] && $restriction == 'cannot_access' && ($row['id_member'] == $user_info['id'] || $row['email_address'] == $user_info['email']))
-							$flag_is_activated = true;
+						if (!$user_info['is_guest'] && $restriction == 'cannot_access' && ($row['id_member'] == $user_info['id'] || $row['email_address'] == $user_info['email'])) {
+													$flag_is_activated = true;
+						}
 					}
 			}
 			$smcFunc['db_free_result']($request);
 		}
 
 		// Mark the cannot_access and cannot_post bans as being 'hit'.
-		if (isset($_SESSION['ban']['cannot_access']) || isset($_SESSION['ban']['cannot_post']) || isset($_SESSION['ban']['cannot_login']))
-			log_ban(array_merge(isset($_SESSION['ban']['cannot_access']) ? $_SESSION['ban']['cannot_access']['ids'] : array(), isset($_SESSION['ban']['cannot_post']) ? $_SESSION['ban']['cannot_post']['ids'] : array(), isset($_SESSION['ban']['cannot_login']) ? $_SESSION['ban']['cannot_login']['ids'] : array()));
+		if (isset($_SESSION['ban']['cannot_access']) || isset($_SESSION['ban']['cannot_post']) || isset($_SESSION['ban']['cannot_login'])) {
+					log_ban(array_merge(isset($_SESSION['ban']['cannot_access']) ? $_SESSION['ban']['cannot_access']['ids'] : array(), isset($_SESSION['ban']['cannot_post']) ? $_SESSION['ban']['cannot_post']['ids'] : array(), isset($_SESSION['ban']['cannot_login']) ? $_SESSION['ban']['cannot_login']['ids'] : array()));
+		}
 
 		// If for whatever reason the is_activated flag seems wrong, do a little work to clear it up.
 		if ($user_info['id'] && (($user_settings['is_activated'] >= 10 && !$flag_is_activated)
@@ -260,8 +276,9 @@ 
 	if (!isset($_SESSION['ban']['cannot_access']) && !empty($_COOKIE[$cookiename . '_']))
 	{
 		$bans = explode(',', $_COOKIE[$cookiename . '_']);
-		foreach ($bans as $key => $value)
-			$bans[$key] = (int) $value;
+		foreach ($bans as $key => $value) {
+					$bans[$key] = (int) $value;
+		}
 		$request = $smcFunc['db_query']('', '
 			SELECT bi.id_ban, bg.reason
 			FROM {db_prefix}ban_items AS bi
@@ -297,14 +314,15 @@ 
 	if (isset($_SESSION['ban']['cannot_access']))
 	{
 		// We don't wanna see you!
-		if (!$user_info['is_guest'])
-			$smcFunc['db_query']('', '
+		if (!$user_info['is_guest']) {
+					$smcFunc['db_query']('', '
 				DELETE FROM {db_prefix}log_online
 				WHERE id_member = {int:current_member}',
 				array(
 					'current_member' => $user_info['id'],
 				)
 			);
+		}
 
 		// 'Log' the user out.  Can't have any funny business... (save the name!)
 		$old_name = isset($user_info['name']) && $user_info['name'] != '' ? $user_info['name'] : $txt['guest_title'];
@@ -390,9 +408,10 @@ 
 	}
 
 	// Fix up the banning permissions.
-	if (isset($user_info['permissions']))
-		banPermissions();
-}
+	if (isset($user_info['permissions'])) {
+			banPermissions();
+	}
+	}
 
 /**
  * Fix permissions according to ban status.
@@ -403,8 +422,9 @@ 
 	global $user_info, $sourcedir, $modSettings, $context;
 
 	// Somehow they got here, at least take away all permissions...
-	if (isset($_SESSION['ban']['cannot_access']))
-		$user_info['permissions'] = array();
+	if (isset($_SESSION['ban']['cannot_access'])) {
+			$user_info['permissions'] = array();
+	}
 	// Okay, well, you can watch, but don't touch a thing.
 	elseif (isset($_SESSION['ban']['cannot_post']) || (!empty($modSettings['warning_mute']) && $modSettings['warning_mute'] <= $user_info['warning']))
 	{
@@ -446,19 +466,20 @@ 
 		call_integration_hook('integrate_warn_permissions', array(&$permission_change));
 		foreach ($permission_change as $old => $new)
 		{
-			if (!in_array($old, $user_info['permissions']))
-				unset($permission_change[$old]);
-			else
-				$user_info['permissions'][] = $new;
+			if (!in_array($old, $user_info['permissions'])) {
+							unset($permission_change[$old]);
+			} else {
+							$user_info['permissions'][] = $new;
+			}
 		}
 		$user_info['permissions'] = array_diff($user_info['permissions'], array_keys($permission_change));
 	}
 
 	// @todo Find a better place to call this? Needs to be after permissions loaded!
 	// Finally, some bits we cache in the session because it saves queries.
-	if (isset($_SESSION['mc']) && $_SESSION['mc']['time'] > $modSettings['settings_updated'] && $_SESSION['mc']['id'] == $user_info['id'])
-		$user_info['mod_cache'] = $_SESSION['mc'];
-	else
+	if (isset($_SESSION['mc']) && $_SESSION['mc']['time'] > $modSettings['settings_updated'] && $_SESSION['mc']['id'] == $user_info['id']) {
+			$user_info['mod_cache'] = $_SESSION['mc'];
+	} else
 	{
 		require_once($sourcedir . '/Subs-Auth.php');
 		rebuildModCache();
@@ -469,14 +490,12 @@ 
 	{
 		$context['open_mod_reports'] = $_SESSION['rc']['reports'];
 		$context['open_member_reports'] = $_SESSION['rc']['member_reports'];
-	}
-	elseif ($_SESSION['mc']['bq'] != '0=1')
+	} elseif ($_SESSION['mc']['bq'] != '0=1')
 	{
 		require_once($sourcedir . '/Subs-ReportedContent.php');
 		$context['open_mod_reports'] = recountOpenReports('posts');
 		$context['open_member_reports'] = recountOpenReports('members');
-	}
-	else
+	} else
 	{
 		$context['open_mod_reports'] = 0;
 		$context['open_member_reports'] = 0;
@@ -496,8 +515,9 @@ 
 	global $user_info, $smcFunc;
 
 	// Don't log web accelerators, it's very confusing...
-	if (isset($_SERVER['HTTP_X_MOZ']) && $_SERVER['HTTP_X_MOZ'] == 'prefetch')
-		return;
+	if (isset($_SERVER['HTTP_X_MOZ']) && $_SERVER['HTTP_X_MOZ'] == 'prefetch') {
+			return;
+	}
 
 	$smcFunc['db_insert']('',
 		'{db_prefix}log_banned',
@@ -507,8 +527,8 @@ 
 	);
 
 	// One extra point for these bans.
-	if (!empty($ban_ids))
-		$smcFunc['db_query']('', '
+	if (!empty($ban_ids)) {
+			$smcFunc['db_query']('', '
 			UPDATE {db_prefix}ban_items
 			SET hits = hits + 1
 			WHERE id_ban IN ({array_int:ban_ids})',
@@ -516,7 +536,8 @@ 
 				'ban_ids' => $ban_ids,
 			)
 		);
-}
+	}
+	}
 
 /**
  * Checks if a given email address might be banned.
@@ -532,8 +553,9 @@ 
 	global $txt, $smcFunc;
 
 	// Can't ban an empty email
-	if (empty($email) || trim($email) == '')
-		return;
+	if (empty($email) || trim($email) == '') {
+			return;
+	}
 
 	// Let's start with the bans based on your IP/hostname/memberID...
 	$ban_ids = isset($_SESSION['ban'][$restriction]) ? $_SESSION['ban'][$restriction]['ids'] : array();
@@ -606,16 +628,18 @@ 
 	if ($type == 'post')
 	{
 		$check = isset($_POST[$_SESSION['session_var']]) ? $_POST[$_SESSION['session_var']] : (empty($modSettings['strictSessionCheck']) && isset($_POST['sc']) ? $_POST['sc'] : null);
-		if ($check !== $sc)
-			$error = 'session_timeout';
+		if ($check !== $sc) {
+					$error = 'session_timeout';
+		}
 	}
 
 	// How about $_GET['sesc']?
 	elseif ($type == 'get')
 	{
 		$check = isset($_GET[$_SESSION['session_var']]) ? $_GET[$_SESSION['session_var']] : (empty($modSettings['strictSessionCheck']) && isset($_GET['sesc']) ? $_GET['sesc'] : null);
-		if ($check !== $sc)
-			$error = 'session_verify_fail';
+		if ($check !== $sc) {
+					$error = 'session_verify_fail';
+		}
 	}
 
 	// Or can it be in either?
@@ -623,13 +647,15 @@ 
 	{
 		$check = isset($_GET[$_SESSION['session_var']]) ? $_GET[$_SESSION['session_var']] : (empty($modSettings['strictSessionCheck']) && isset($_GET['sesc']) ? $_GET['sesc'] : (isset($_POST[$_SESSION['session_var']]) ? $_POST[$_SESSION['session_var']] : (empty($modSettings['strictSessionCheck']) && isset($_POST['sc']) ? $_POST['sc'] : null)));
 
-		if ($check !== $sc)
-			$error = 'session_verify_fail';
+		if ($check !== $sc) {
+					$error = 'session_verify_fail';
+		}
 	}
 
 	// Verify that they aren't changing user agents on us - that could be bad.
-	if ((!isset($_SESSION['USER_AGENT']) || $_SESSION['USER_AGENT'] != $_SERVER['HTTP_USER_AGENT']) && empty($modSettings['disableCheckUA']))
-		$error = 'session_verify_fail';
+	if ((!isset($_SESSION['USER_AGENT']) || $_SESSION['USER_AGENT'] != $_SERVER['HTTP_USER_AGENT']) && empty($modSettings['disableCheckUA'])) {
+			$error = 'session_verify_fail';
+	}
 
 	// Make sure a page with session check requirement is not being prefetched.
 	if (isset($_SERVER['HTTP_X_MOZ']) && $_SERVER['HTTP_X_MOZ'] == 'prefetch')
@@ -640,30 +666,35 @@ 
 	}
 
 	// Check the referring site - it should be the same server at least!
-	if (isset($_SESSION['request_referer']))
-		$referrer = $_SESSION['request_referer'];
-	else
-		$referrer = isset($_SERVER['HTTP_REFERER']) ? @parse_url($_SERVER['HTTP_REFERER']) : array();
+	if (isset($_SESSION['request_referer'])) {
+			$referrer = $_SESSION['request_referer'];
+	} else {
+			$referrer = isset($_SERVER['HTTP_REFERER']) ? @parse_url($_SERVER['HTTP_REFERER']) : array();
+	}
 	if (!empty($referrer['host']))
 	{
-		if (strpos($_SERVER['HTTP_HOST'], ':') !== false)
-			$real_host = substr($_SERVER['HTTP_HOST'], 0, strpos($_SERVER['HTTP_HOST'], ':'));
-		else
-			$real_host = $_SERVER['HTTP_HOST'];
+		if (strpos($_SERVER['HTTP_HOST'], ':') !== false) {
+					$real_host = substr($_SERVER['HTTP_HOST'], 0, strpos($_SERVER['HTTP_HOST'], ':'));
+		} else {
+					$real_host = $_SERVER['HTTP_HOST'];
+		}
 
 		$parsed_url = parse_url($boardurl);
 
 		// Are global cookies on?  If so, let's check them ;).
 		if (!empty($modSettings['globalCookies']))
 		{
-			if (preg_match('~(?:[^\.]+\.)?([^\.]{3,}\..+)\z~i', $parsed_url['host'], $parts) == 1)
-				$parsed_url['host'] = $parts[1];
+			if (preg_match('~(?:[^\.]+\.)?([^\.]{3,}\..+)\z~i', $parsed_url['host'], $parts) == 1) {
+							$parsed_url['host'] = $parts[1];
+			}
 
-			if (preg_match('~(?:[^\.]+\.)?([^\.]{3,}\..+)\z~i', $referrer['host'], $parts) == 1)
-				$referrer['host'] = $parts[1];
+			if (preg_match('~(?:[^\.]+\.)?([^\.]{3,}\..+)\z~i', $referrer['host'], $parts) == 1) {
+							$referrer['host'] = $parts[1];
+			}
 
-			if (preg_match('~(?:[^\.]+\.)?([^\.]{3,}\..+)\z~i', $real_host, $parts) == 1)
-				$real_host = $parts[1];
+			if (preg_match('~(?:[^\.]+\.)?([^\.]{3,}\..+)\z~i', $real_host, $parts) == 1) {
+							$real_host = $parts[1];
+			}
 		}
 
 		// Okay: referrer must either match parsed_url or real_host.
@@ -681,12 +712,14 @@ 
 		$log_error = true;
 	}
 
-	if (strtolower($_SERVER['HTTP_USER_AGENT']) == 'hacker')
-		fatal_error('Sound the alarm!  It\'s a hacker!  Close the castle gates!!', false);
+	if (strtolower($_SERVER['HTTP_USER_AGENT']) == 'hacker') {
+			fatal_error('Sound the alarm!  It\'s a hacker!  Close the castle gates!!', false);
+	}
 
 	// Everything is ok, return an empty string.
-	if (!isset($error))
-		return '';
+	if (!isset($error)) {
+			return '';
+	}
 	// A session error occurred, show the error.
 	elseif ($is_fatal)
 	{
@@ -695,13 +728,14 @@ 
 			ob_end_clean();
 			header('HTTP/1.1 403 Forbidden - Session timeout');
 			die;
+		} else {
+					fatal_lang_error($error, isset($log_error) ? 'user' : false);
 		}
-		else
-			fatal_lang_error($error, isset($log_error) ? 'user' : false);
 	}
 	// A session error occurred, return the error to the calling function.
-	else
-		return $error;
+	else {
+			return $error;
+	}
 
 	// We really should never fall through here, for very important reasons.  Let's make sure.
 	trigger_error('Hacking attempt...', E_USER_ERROR);
@@ -717,10 +751,9 @@ 
 {
 	global $modSettings;
 
-	if (isset($_GET['confirm']) && isset($_SESSION['confirm_' . $action]) && md5($_GET['confirm'] . $_SERVER['HTTP_USER_AGENT']) == $_SESSION['confirm_' . $action])
-		return true;
-
-	else
+	if (isset($_GET['confirm']) && isset($_SESSION['confirm_' . $action]) && md5($_GET['confirm'] . $_SERVER['HTTP_USER_AGENT']) == $_SESSION['confirm_' . $action]) {
+			return true;
+	} else
 	{
 		$token = md5(mt_rand() . session_id() . (string) microtime() . $modSettings['rand_seed']);
 		$_SESSION['confirm_' . $action] = md5($token . $_SERVER['HTTP_USER_AGENT']);
@@ -771,9 +804,9 @@ 
 			$return = $_SESSION['token'][$type . '-' . $action][3];
 			unset($_SESSION['token'][$type . '-' . $action]);
 			return $return;
+		} else {
+					return '';
 		}
-		else
-			return '';
 	}
 
 	// This nasty piece of code validates a token.
@@ -804,12 +837,14 @@ 
 		fatal_lang_error('token_verify_fail', false);
 	}
 	// Remove this token as its useless
-	else
-		unset($_SESSION['token'][$type . '-' . $action]);
+	else {
+			unset($_SESSION['token'][$type . '-' . $action]);
+	}
 
 	// Randomly check if we should remove some older tokens.
-	if (mt_rand(0, 138) == 23)
-		cleanTokens();
+	if (mt_rand(0, 138) == 23) {
+			cleanTokens();
+	}
 
 	return false;
 }
@@ -824,14 +859,16 @@ 
 function cleanTokens($complete = false)
 {
 	// We appreciate cleaning up after yourselves.
-	if (!isset($_SESSION['token']))
-		return;
+	if (!isset($_SESSION['token'])) {
+			return;
+	}
 
 	// Clean up tokens, trying to give enough time still.
-	foreach ($_SESSION['token'] as $key => $data)
-		if ($data[2] + 10800 < time() || $complete)
+	foreach ($_SESSION['token'] as $key => $data) {
+			if ($data[2] + 10800 < time() || $complete)
 			unset($_SESSION['token'][$key]);
-}
+	}
+	}
 
 /**
  * Check whether a form has been submitted twice.
@@ -849,37 +886,40 @@ 
 {
 	global $context;
 
-	if (!isset($_SESSION['forms']))
-		$_SESSION['forms'] = array();
+	if (!isset($_SESSION['forms'])) {
+			$_SESSION['forms'] = array();
+	}
 
 	// Register a form number and store it in the session stack. (use this on the page that has the form.)
 	if ($action == 'register')
 	{
 		$context['form_sequence_number'] = 0;
-		while (empty($context['form_sequence_number']) || in_array($context['form_sequence_number'], $_SESSION['forms']))
-			$context['form_sequence_number'] = mt_rand(1, 16000000);
+		while (empty($context['form_sequence_number']) || in_array($context['form_sequence_number'], $_SESSION['forms'])) {
+					$context['form_sequence_number'] = mt_rand(1, 16000000);
+		}
 	}
 	// Check whether the submitted number can be found in the session.
 	elseif ($action == 'check')
 	{
-		if (!isset($_REQUEST['seqnum']))
-			return true;
-		elseif (!in_array($_REQUEST['seqnum'], $_SESSION['forms']))
+		if (!isset($_REQUEST['seqnum'])) {
+					return true;
+		} elseif (!in_array($_REQUEST['seqnum'], $_SESSION['forms']))
 		{
 			$_SESSION['forms'][] = (int) $_REQUEST['seqnum'];
 			return true;
+		} elseif ($is_fatal) {
+					fatal_lang_error('error_form_already_submitted', false);
+		} else {
+					return false;
 		}
-		elseif ($is_fatal)
-			fatal_lang_error('error_form_already_submitted', false);
-		else
-			return false;
 	}
 	// Don't check, just free the stack number.
-	elseif ($action == 'free' && isset($_REQUEST['seqnum']) && in_array($_REQUEST['seqnum'], $_SESSION['forms']))
-		$_SESSION['forms'] = array_diff($_SESSION['forms'], array($_REQUEST['seqnum']));
-	elseif ($action != 'free')
-		trigger_error('checkSubmitOnce(): Invalid action \'' . $action . '\'', E_USER_WARNING);
-}
+	elseif ($action == 'free' && isset($_REQUEST['seqnum']) && in_array($_REQUEST['seqnum'], $_SESSION['forms'])) {
+			$_SESSION['forms'] = array_diff($_SESSION['forms'], array($_REQUEST['seqnum']));
+	} elseif ($action != 'free') {
+			trigger_error('checkSubmitOnce(): Invalid action \'' . $action . '\'', E_USER_WARNING);
+	}
+	}
 
 /**
  * Check the user's permissions.
@@ -898,16 +938,19 @@ 
 	global $user_info, $smcFunc;
 
 	// You're always allowed to do nothing. (unless you're a working man, MR. LAZY :P!)
-	if (empty($permission))
-		return true;
+	if (empty($permission)) {
+			return true;
+	}
 
 	// You're never allowed to do something if your data hasn't been loaded yet!
-	if (empty($user_info))
-		return false;
+	if (empty($user_info)) {
+			return false;
+	}
 
 	// Administrators are supermen :P.
-	if ($user_info['is_admin'])
-		return true;
+	if ($user_info['is_admin']) {
+			return true;
+	}
 
 	// Let's ensure this is an array.
 	$permission = (array) $permission;
@@ -915,14 +958,16 @@ 
 	// Are we checking the _current_ board, or some other boards?
 	if ($boards === null)
 	{
-		if (count(array_intersect($permission, $user_info['permissions'])) != 0)
-			return true;
+		if (count(array_intersect($permission, $user_info['permissions'])) != 0) {
+					return true;
+		}
 		// You aren't allowed, by default.
-		else
-			return false;
+		else {
+					return false;
+		}
+	} elseif (!is_array($boards)) {
+			$boards = array($boards);
 	}
-	elseif (!is_array($boards))
-		$boards = array($boards);
 
 	$request = $smcFunc['db_query']('', '
 		SELECT MIN(bp.add_deny) AS add_deny
@@ -950,20 +995,23 @@ 
 		while ($row = $smcFunc['db_fetch_assoc']($request))
 		{
 			$result = !empty($row['add_deny']);
-			if ($result == true)
-				break;
+			if ($result == true) {
+							break;
+			}
 		}
 		$smcFunc['db_free_result']($request);
 		return $result;
 	}
 
 	// Make sure they can do it on all of the boards.
-	if ($smcFunc['db_num_rows']($request) != count($boards))
-		return false;
+	if ($smcFunc['db_num_rows']($request) != count($boards)) {
+			return false;
+	}
 
 	$result = true;
-	while ($row = $smcFunc['db_fetch_assoc']($request))
-		$result &= !empty($row['add_deny']);
+	while ($row = $smcFunc['db_fetch_assoc']($request)) {
+			$result &= !empty($row['add_deny']);
+	}
 	$smcFunc['db_free_result']($request);
 
 	// If the query returned 1, they can do it... otherwise, they can't.
@@ -1030,9 +1078,10 @@ 
 
 	// If you're doing something on behalf of some "heavy" permissions, validate your session.
 	// (take out the heavy permissions, and if you can't do anything but those, you need a validated session.)
-	if (!allowedTo(array_diff($permission, $heavy_permissions), $boards))
-		validateSession();
-}
+	if (!allowedTo(array_diff($permission, $heavy_permissions), $boards)) {
+			validateSession();
+	}
+	}
 
 /**
  * Return the boards a user has a certain (board) permission on. (array(0) if all.)
@@ -1051,8 +1100,9 @@ 
 	global $user_info, $smcFunc;
 
 	// Arrays are nice, most of the time.
-	if (!is_array($permissions))
-		$permissions = array($permissions);
+	if (!is_array($permissions)) {
+			$permissions = array($permissions);
+	}
 
 	/*
 	 * Set $simple to true to use this function as it were in SMF 2.0.x.
@@ -1064,13 +1114,14 @@ 
 	// Administrators are all powerful, sorry.
 	if ($user_info['is_admin'])
 	{
-		if ($simple)
-			return array(0);
-		else
+		if ($simple) {
+					return array(0);
+		} else
 		{
 			$boards = array();
-			foreach ($permissions as $permission)
-				$boards[$permission] = array(0);
+			foreach ($permissions as $permission) {
+							$boards[$permission] = array(0);
+			}
 
 			return $boards;
 		}
@@ -1102,31 +1153,32 @@ 
 	{
 		if ($simple)
 		{
-			if (empty($row['add_deny']))
-				$deny_boards[] = $row['id_board'];
-			else
-				$boards[] = $row['id_board'];
-		}
-		else
+			if (empty($row['add_deny'])) {
+							$deny_boards[] = $row['id_board'];
+			} else {
+							$boards[] = $row['id_board'];
+			}
+		} else
 		{
-			if (empty($row['add_deny']))
-				$deny_boards[$row['permission']][] = $row['id_board'];
-			else
-				$boards[$row['permission']][] = $row['id_board'];
+			if (empty($row['add_deny'])) {
+							$deny_boards[$row['permission']][] = $row['id_board'];
+			} else {
+							$boards[$row['permission']][] = $row['id_board'];
+			}
 		}
 	}
 	$smcFunc['db_free_result']($request);
 
-	if ($simple)
-		$boards = array_unique(array_values(array_diff($boards, $deny_boards)));
-	else
+	if ($simple) {
+			$boards = array_unique(array_values(array_diff($boards, $deny_boards)));
+	} else
 	{
 		foreach ($permissions as $permission)
 		{
 			// never had it to start with
-			if (empty($boards[$permission]))
-				$boards[$permission] = array();
-			else
+			if (empty($boards[$permission])) {
+							$boards[$permission] = array();
+			} else
 			{
 				// Or it may have been removed
 				$deny_boards[$permission] = isset($deny_boards[$permission]) ? $deny_boards[$permission] : array();
@@ -1162,10 +1214,11 @@ 
 
 
 	// Moderators are free...
-	if (!allowedTo('moderate_board'))
-		$timeLimit = isset($timeOverrides[$error_type]) ? $timeOverrides[$error_type] : $modSettings['spamWaitTime'];
-	else
-		$timeLimit = 2;
+	if (!allowedTo('moderate_board')) {
+			$timeLimit = isset($timeOverrides[$error_type]) ? $timeOverrides[$error_type] : $modSettings['spamWaitTime'];
+	} else {
+			$timeLimit = 2;
+	}
 
 	call_integration_hook('integrate_spam_protection', array(&$timeOverrides, &$timeLimit));
 
@@ -1192,8 +1245,9 @@ 
 	if ($smcFunc['db_affected_rows']() != 1)
 	{
 		// Spammer!  You only have to wait a *few* seconds!
-		if (!$only_return_result)
-			fatal_lang_error($error_type . '_WaitTime_broken', false, array($timeLimit));
+		if (!$only_return_result) {
+					fatal_lang_error($error_type . '_WaitTime_broken', false, array($timeLimit));
+		}
 
 		return true;
 	}
@@ -1211,11 +1265,13 @@ 
  */
 function secureDirectory($path, $attachments = false)
 {
-	if (empty($path))
-		return 'empty_path';
+	if (empty($path)) {
+			return 'empty_path';
+	}
 
-	if (!is_writable($path))
-		return 'path_not_writable';
+	if (!is_writable($path)) {
+			return 'path_not_writable';
+	}
 
 	$directoryname = basename($path);
 
@@ -1227,9 +1283,9 @@ 
 
 RemoveHandler .php .php3 .phtml .cgi .fcgi .pl .fpl .shtml';
 
-	if (file_exists($path . '/.htaccess'))
-		$errors[] = 'htaccess_exists';
-	else
+	if (file_exists($path . '/.htaccess')) {
+			$errors[] = 'htaccess_exists';
+	} else
 	{
 		$fh = @fopen($path . '/.htaccess', 'w');
 		if ($fh) {
@@ -1241,9 +1297,9 @@ 
 		$errors[] = 'htaccess_cannot_create_file';
 	}
 
-	if (file_exists($path . '/index.php'))
-		$errors[] = 'index-php_exists';
-	else
+	if (file_exists($path . '/index.php')) {
+			$errors[] = 'index-php_exists';
+	} else
 	{
 		$fh = @fopen($path . '/index.php', 'w');
 		if ($fh) {
@@ -1270,11 +1326,12 @@ 
 		$errors[] = 'index-php_cannot_create_file';
 	}
 
-	if (!empty($errors))
-		return $errors;
-	else
-		return true;
-}
+	if (!empty($errors)) {
+			return $errors;
+	} else {
+			return true;
+	}
+	}
 
 /**
 * This sets the X-Frame-Options header.
@@ -1287,14 +1344,16 @@ 
 	global $modSettings;
 
 	$option = 'SAMEORIGIN';
-	if (is_null($override) && !empty($modSettings['frame_security']))
-		$option = $modSettings['frame_security'];
-	elseif (in_array($override, array('SAMEORIGIN', 'DENY')))
-		$option = $override;
+	if (is_null($override) && !empty($modSettings['frame_security'])) {
+			$option = $modSettings['frame_security'];
+	} elseif (in_array($override, array('SAMEORIGIN', 'DENY'))) {
+			$option = $override;
+	}
 
 	// Don't bother setting the header if we have disabled it.
-	if ($option == 'DISABLE')
-		return;
+	if ($option == 'DISABLE') {
+			return;
+	}
 
 	// Finally set it.
 	header('x-frame-options: ' . $option);

Sources/Admin.php

Braces +75 added lines, -52 removed lines

@@ -13,8 +13,9 @@ 
  * @version 2.1 Beta 4
  */
 
-if (!defined('SMF'))
+if (!defined('SMF')) {
 	die('No direct access...');
+}
 
 /**
  * The main admin handling function.<br>
@@ -444,8 +445,9 @@ 
 		foreach ($admin_includes as $include)
 		{
 			$include = strtr(trim($include), array('$boarddir' => $boarddir, '$sourcedir' => $sourcedir, '$themedir' => $settings['theme_dir']));
-			if (file_exists($include))
-				require_once($include);
+			if (file_exists($include)) {
+							require_once($include);
+			}
 		}
 	}
 
@@ -457,24 +459,27 @@ 
 	unset($admin_areas);
 
 	// Nothing valid?
-	if ($admin_include_data == false)
-		fatal_lang_error('no_access', false);
+	if ($admin_include_data == false) {
+			fatal_lang_error('no_access', false);
+	}
 
 	// Build the link tree.
 	$context['linktree'][] = array(
 		'url' => $scripturl . '?action=admin',
 		'name' => $txt['admin_center'],
 	);
-	if (isset($admin_include_data['current_area']) && $admin_include_data['current_area'] != 'index')
-		$context['linktree'][] = array(
+	if (isset($admin_include_data['current_area']) && $admin_include_data['current_area'] != 'index') {
+			$context['linktree'][] = array(
 			'url' => $scripturl . '?action=admin;area=' . $admin_include_data['current_area'] . ';' . $context['session_var'] . '=' . $context['session_id'],
 			'name' => $admin_include_data['label'],
 		);
-	if (!empty($admin_include_data['current_subsection']) && $admin_include_data['subsections'][$admin_include_data['current_subsection']][0] != $admin_include_data['label'])
-		$context['linktree'][] = array(
+	}
+	if (!empty($admin_include_data['current_subsection']) && $admin_include_data['subsections'][$admin_include_data['current_subsection']][0] != $admin_include_data['label']) {
+			$context['linktree'][] = array(
 			'url' => $scripturl . '?action=admin;area=' . $admin_include_data['current_area'] . ';sa=' . $admin_include_data['current_subsection'] . ';' . $context['session_var'] . '=' . $context['session_id'],
 			'name' => $admin_include_data['subsections'][$admin_include_data['current_subsection']][0],
 		);
+	}
 
 	// Make a note of the Unique ID for this menu.
 	$context['admin_menu_id'] = $context['max_menu_id'];
@@ -484,16 +489,18 @@ 
 	$context['admin_area'] = $admin_include_data['current_area'];
 
 	// Now - finally - call the right place!
-	if (isset($admin_include_data['file']))
-		require_once($sourcedir . '/' . $admin_include_data['file']);
+	if (isset($admin_include_data['file'])) {
+			require_once($sourcedir . '/' . $admin_include_data['file']);
+	}
 
 	// Get the right callable.
 	$call = call_helper($admin_include_data['function'], true);
 
 	// Is it valid?
-	if (!empty($call))
-		call_user_func($call);
-}
+	if (!empty($call)) {
+			call_user_func($call);
+	}
+	}
 
 /**
  * The main administration section.
@@ -547,13 +554,14 @@ 
 
 	$context['sub_template'] = $context['admin_area'] == 'credits' ? 'credits' : 'admin';
 	$context['page_title'] = $context['admin_area'] == 'credits' ? $txt['support_credits_title'] : $txt['admin_center'];
-	if ($context['admin_area'] != 'credits')
-		$context[$context['admin_menu_name']]['tab_data'] = array(
+	if ($context['admin_area'] != 'credits') {
+			$context[$context['admin_menu_name']]['tab_data'] = array(
 			'title' => $txt['admin_center'],
 			'help' => '',
 			'description' => '<strong>' . $txt['hello_guest'] . ' ' . $context['user']['name'] . '!</strong>
 						' . sprintf($txt['admin_main_welcome'], $txt['admin_center'], $txt['help'], $txt['help']),
 		);
+	}
 
 	// Lastly, fill in the blanks in the support resources paragraphs.
 	$txt['support_resources_p1'] = sprintf($txt['support_resources_p1'],
@@ -571,9 +579,10 @@ 
 		'https://www.simplemachines.org/redirect/customize_support'
 	);
 
-	if ($context['admin_area'] == 'admin')
-		loadJavaScriptFile('admin.js', array('defer' => false), 'smf_admin');
-}
+	if ($context['admin_area'] == 'admin') {
+			loadJavaScriptFile('admin.js', array('defer' => false), 'smf_admin');
+	}
+	}
 
 /**
  * Get one of the admin information files from Simple Machines.
@@ -584,8 +593,9 @@ 
 
 	setMemoryLimit('32M');
 
-	if (empty($_REQUEST['filename']) || !is_string($_REQUEST['filename']))
-		fatal_lang_error('no_access', false);
+	if (empty($_REQUEST['filename']) || !is_string($_REQUEST['filename'])) {
+			fatal_lang_error('no_access', false);
+	}
 
 	// Strip off the forum cache part or we won't find it...
 	$_REQUEST['filename'] = str_replace($modSettings['browser_cache'], '', $_REQUEST['filename']);
@@ -600,27 +610,30 @@ 
 		)
 	);
 
-	if ($smcFunc['db_num_rows']($request) == 0)
-		fatal_lang_error('admin_file_not_found', true, array($_REQUEST['filename']), 404);
+	if ($smcFunc['db_num_rows']($request) == 0) {
+			fatal_lang_error('admin_file_not_found', true, array($_REQUEST['filename']), 404);
+	}
 
 	list ($file_data, $filetype) = $smcFunc['db_fetch_row']($request);
 	$smcFunc['db_free_result']($request);
 
 	// @todo Temp
 	// Figure out if sesc is still being used.
-	if (strpos($file_data, ';sesc=') !== false && $filetype == 'text/javascript')
-		$file_data = '
+	if (strpos($file_data, ';sesc=') !== false && $filetype == 'text/javascript') {
+			$file_data = '
 if (!(\'smfForum_sessionvar\' in window))
 	window.smfForum_sessionvar = \'sesc\';
 ' . strtr($file_data, array(';sesc=' => ';\' + window.smfForum_sessionvar + \'='));
+	}
 
 	$context['template_layers'] = array();
 	// Lets make sure we aren't going to output anything nasty.
 	@ob_end_clean();
-	if (!empty($modSettings['enableCompressedOutput']))
-		@ob_start('ob_gzhandler');
-	else
-		@ob_start();
+	if (!empty($modSettings['enableCompressedOutput'])) {
+			@ob_start('ob_gzhandler');
+	} else {
+			@ob_start();
+	}
 
 	// Make sure they know what type of file we are.
 	header('content-type: ' . $filetype);
@@ -660,11 +673,12 @@ 
 		updateAdminPreferences();
 	}
 
-	if (trim($context['search_term']) == '')
-		$context['search_results'] = array();
-	else
-		call_helper($subActions[$context['search_type']]);
-}
+	if (trim($context['search_term']) == '') {
+			$context['search_results'] = array();
+	} else {
+			call_helper($subActions[$context['search_type']]);
+	}
+	}
 
 /**
  * A complicated but relatively quick internal search.
@@ -728,8 +742,9 @@ 
 
 	loadLanguage(implode('+', $language_files));
 
-	foreach ($include_files as $file)
-		require_once($sourcedir . '/' . $file . '.php');
+	foreach ($include_files as $file) {
+			require_once($sourcedir . '/' . $file . '.php');
+	}
 
 	/* This is the huge array that defines everything... it's a huge array of items formatted as follows:
 		0 = Language index (Can be array of indexes) to search through for this setting.
@@ -753,11 +768,12 @@ 
 		foreach ($section['areas'] as $menu_key => $menu_item)
 		{
 			$search_data['sections'][] = array($menu_item['label'], 'area=' . $menu_key);
-			if (!empty($menu_item['subsections']))
-				foreach ($menu_item['subsections'] as $key => $sublabel)
+			if (!empty($menu_item['subsections'])) {
+							foreach ($menu_item['subsections'] as $key => $sublabel)
 				{
 					if (isset($sublabel['label']))
 						$search_data['sections'][] = array($sublabel['label'], 'area=' . $menu_key . ';sa=' . $key);
+			}
 				}
 		}
 	}
@@ -767,9 +783,10 @@ 
 		// Get a list of their variables.
 		$config_vars = $setting_area[0](true);
 
-		foreach ($config_vars as $var)
-			if (!empty($var[1]) && !in_array($var[0], array('permissions', 'switch', 'desc')))
+		foreach ($config_vars as $var) {
+					if (!empty($var[1]) && !in_array($var[0], array('permissions', 'switch', 'desc')))
 				$search_data['settings'][] = array($var[(isset($var[2]) && in_array($var[2], array('file', 'db'))) ? 0 : 1], $setting_area[1], 'alttxt' => (isset($var[2]) && in_array($var[2], array('file', 'db'))) || isset($var[3]) ? (in_array($var[2], array('file', 'db')) ? $var[1] : $var[3]) : '');
+		}
 	}
 
 	$context['page_title'] = $txt['admin_search_results'];
@@ -782,8 +799,9 @@ 
 		foreach ($data as $item)
 		{
 			$found = false;
-			if (!is_array($item[0]))
-				$item[0] = array($item[0]);
+			if (!is_array($item[0])) {
+							$item[0] = array($item[0]);
+			}
 			foreach ($item[0] as $term)
 			{
 				if (stripos($term, $search_term) !== false || (isset($txt[$term]) && stripos($txt[$term], $search_term) !== false) || (isset($txt['setting_' . $term]) && stripos($txt['setting_' . $term], $search_term) !== false))
@@ -841,8 +859,9 @@ 
 	$postVars = explode(' ', $context['search_term']);
 
 	// Encode the search data.
-	foreach ($postVars as $k => $v)
-		$postVars[$k] = urlencode($v);
+	foreach ($postVars as $k => $v) {
+			$postVars[$k] = urlencode($v);
+	}
 
 	// This is what we will send.
 	$postVars = implode('+', $postVars);
@@ -854,8 +873,9 @@ 
 	$search_results = fetch_web_data($context['doc_apiurl'] . '?action=query&list=search&srprop=timestamp|snippet&format=xml&srwhat=text&srsearch=' . $postVars);
 
 	// If we didn't get any xml back we are in trouble - perhaps the doc site is overloaded?
-	if (!$search_results || preg_match('~<' . '\?xml\sversion="\d+\.\d+"\?' . '>\s*(<api>.+?</api>)~is', $search_results, $matches) != true)
-		fatal_lang_error('cannot_connect_doc_site');
+	if (!$search_results || preg_match('~<' . '\?xml\sversion="\d+\.\d+"\?' . '>\s*(<api>.+?</api>)~is', $search_results, $matches) != true) {
+			fatal_lang_error('cannot_connect_doc_site');
+	}
 
 	$search_results = $matches[1];
 
@@ -867,8 +887,9 @@ 
 	$results = new xmlArray($search_results, false);
 
 	// Move through the api layer.
-	if (!$results->exists('api'))
-		fatal_lang_error('cannot_connect_doc_site');
+	if (!$results->exists('api')) {
+			fatal_lang_error('cannot_connect_doc_site');
+	}
 
 	// Are there actually some results?
 	if ($results->exists('api/query/search/p'))
@@ -904,8 +925,9 @@ 
 	);
 
 	// If it's not got a sa set it must have come here for first time, pretend error log should be reversed.
-	if (!isset($_REQUEST['sa']))
-		$_REQUEST['desc'] = true;
+	if (!isset($_REQUEST['sa'])) {
+			$_REQUEST['desc'] = true;
+	}
 
 	// Setup some tab stuff.
 	$context[$context['admin_menu_name']]['tab_data'] = array(
@@ -955,9 +977,10 @@ 
 	unset($_SESSION['admin_time']);
 
 	// Clean any admin tokens as well.
-	foreach ($_SESSION['token'] as $key => $token)
-		if (strpos($key, '-admin') !== false)
+	foreach ($_SESSION['token'] as $key => $token) {
+			if (strpos($key, '-admin') !== false)
 			unset($_SESSION['token'][$key]);
+	}
 
 	redirectexit();
 }

other/Settings.php

Braces +13 added lines, -8 removed lines

@@ -185,17 +185,21 @@ 
 $tasksdir = $sourcedir . '/tasks';
 
 # Make sure the paths are correct... at least try to fix them.
-if (!file_exists($boarddir) && file_exists(dirname(__FILE__) . '/agreement.txt'))
+if (!file_exists($boarddir) && file_exists(dirname(__FILE__) . '/agreement.txt')) {
 	$boarddir = dirname(__FILE__);
-if (!file_exists($sourcedir) && file_exists($boarddir . '/Sources'))
+}
+if (!file_exists($sourcedir) && file_exists($boarddir . '/Sources')) {
 	$sourcedir = $boarddir . '/Sources';
-if (!file_exists($cachedir) && file_exists($boarddir . '/cache'))
+}
+if (!file_exists($cachedir) && file_exists($boarddir . '/cache')) {
 	$cachedir = $boarddir . '/cache';
+}
 
 ########## Error-Catching ##########
 # Note: You shouldn't touch these settings.
-if (file_exists((isset($cachedir) ? $cachedir : dirname(__FILE__)) . '/db_last_error.php'))
+if (file_exists((isset($cachedir) ? $cachedir : dirname(__FILE__)) . '/db_last_error.php')) {
 	include((isset($cachedir) ? $cachedir : dirname(__FILE__)) . '/db_last_error.php');
+}
 
 if (!isset($db_last_error))
 {
@@ -207,10 +211,11 @@ 
 if (file_exists(dirname(__FILE__) . '/install.php'))
 {
 	$secure = false;
-	if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on')
-		$secure = true;
-	elseif (!empty($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https' || !empty($_SERVER['HTTP_X_FORWARDED_SSL']) && $_SERVER['HTTP_X_FORWARDED_SSL'] == 'on')
-		$secure = true;
+	if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') {
+			$secure = true;
+	} elseif (!empty($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https' || !empty($_SERVER['HTTP_X_FORWARDED_SSL']) && $_SERVER['HTTP_X_FORWARDED_SSL'] == 'on') {
+			$secure = true;
+	}
 
 	header('location: http' . ($secure ? 's' : '') . '://' . (empty($_SERVER['HTTP_HOST']) ? $_SERVER['SERVER_NAME'] . (empty($_SERVER['SERVER_PORT']) || $_SERVER['SERVER_PORT'] == '80' ? '' : ':' . $_SERVER['SERVER_PORT']) : $_SERVER['HTTP_HOST']) . (strtr(dirname($_SERVER['PHP_SELF']), '\\', '/') == '/' ? '' : strtr(dirname($_SERVER['PHP_SELF']), '\\', '/')) . '/install.php'); exit;
 }

Sources/index.php

Braces +2 added lines, -1 removed lines

@@ -12,7 +12,8 @@
 	header('location: ' . $boardurl);
 }
 // Can't find it... just forget it.
-else
+else {
 	exit;
+}
 
 ?>
\ No newline at end of file

avatars/index.php

Braces +2 added lines, -1 removed lines

@@ -12,7 +12,8 @@
 	header('location: ' . $boardurl);
 }
 // Can't find it... just forget it.
-else
+else {
 	exit;
+}
 
 ?>
\ No newline at end of file

attachments/index.php

Braces +2 added lines, -1 removed lines

@@ -12,7 +12,8 @@
 	header('location: ' . $boardurl);
 }
 // Can't find it... just forget it.
-else
+else {
 	exit;
+}
 
 ?>
\ No newline at end of file

custom_avatar/index.php

Braces +2 added lines, -1 removed lines

@@ -12,7 +12,8 @@
 	header('location: ' . $boardurl);
 }
 // Can't find it... just forget it.
-else
+else {
 	exit;
+}
 
 ?>
\ No newline at end of file

Smileys/index.php

Braces +2 added lines, -1 removed lines

@@ -12,7 +12,8 @@
 	header('location: ' . $boardurl);
 }
 // Can't find it... just forget it.
-else
+else {
 	exit;
+}
 
 ?>
\ No newline at end of file