SimpleMachines / SMF2.1

Sources/Profile.php

Braces +155 added lines, -118 removed lines

@@ -15,8 +15,9 @@ 
  * @version 2.1 Beta 4
  */
 
-if (!defined('SMF'))
+if (!defined('SMF')) {
 	die('No direct access...');
+}
 
 /**
  * The main designating function for modifying profiles. Loads up info, determins what to do, etc.
@@ -29,18 +30,21 @@ 
 	global $modSettings, $memberContext, $profile_vars, $post_errors, $smcFunc;
 
 	// Don't reload this as we may have processed error strings.
-	if (empty($post_errors))
-		loadLanguage('Profile+Drafts');
+	if (empty($post_errors)) {
+			loadLanguage('Profile+Drafts');
+	}
 	loadTemplate('Profile');
 
 	require_once($sourcedir . '/Subs-Menu.php');
 
 	// Did we get the user by name...
-	if (isset($_REQUEST['user']))
-		$memberResult = loadMemberData($_REQUEST['user'], true, 'profile');
+	if (isset($_REQUEST['user'])) {
+			$memberResult = loadMemberData($_REQUEST['user'], true, 'profile');
+	}
 	// ... or by id_member?
-	elseif (!empty($_REQUEST['u']))
-		$memberResult = loadMemberData((int) $_REQUEST['u'], false, 'profile');
+	elseif (!empty($_REQUEST['u'])) {
+			$memberResult = loadMemberData((int) $_REQUEST['u'], false, 'profile');
+	}
 	// If it was just ?action=profile, edit your own profile, but only if you're not a guest.
 	else
 	{
@@ -50,8 +54,9 @@ 
 	}
 
 	// Check if loadMemberData() has returned a valid result.
-	if (!$memberResult)
-		fatal_lang_error('not_a_user', false, 404);
+	if (!$memberResult) {
+			fatal_lang_error('not_a_user', false, 404);
+	}
 
 	// If all went well, we have a valid member ID!
 	list ($memID) = $memberResult;
@@ -67,8 +72,9 @@ 
 
 	// Group management isn't actually a permission. But we need it to be for this, so we need a phantom permission.
 	// And we care about what the current user can do, not what the user whose profile it is.
-	if ($user_info['mod_cache']['gq'] != '0=1')
-		$user_info['permissions'][] = 'approve_group_requests';
+	if ($user_info['mod_cache']['gq'] != '0=1') {
+			$user_info['permissions'][] = 'approve_group_requests';
+	}
 
 	// If paid subscriptions are enabled, make sure we actually have at least one subscription available...
 	$context['subs_available'] = false;
@@ -436,21 +442,25 @@ 
 		foreach ($section['areas'] as $area_id => $area)
 		{
 			// If it said no permissions that meant it wasn't valid!
-			if (empty($area['permission'][$context['user']['is_owner'] ? 'own' : 'any']))
-				$profile_areas[$section_id]['areas'][$area_id]['enabled'] = false;
+			if (empty($area['permission'][$context['user']['is_owner'] ? 'own' : 'any'])) {
+							$profile_areas[$section_id]['areas'][$area_id]['enabled'] = false;
+			}
 			// Otherwise pick the right set.
-			else
-				$profile_areas[$section_id]['areas'][$area_id]['permission'] = $area['permission'][$context['user']['is_owner'] ? 'own' : 'any'];
+			else {
+							$profile_areas[$section_id]['areas'][$area_id]['permission'] = $area['permission'][$context['user']['is_owner'] ? 'own' : 'any'];
+			}
 
 			// Password required in most cases
-			if (!empty($area['password']))
-				$context['password_areas'][] = $area_id;
+			if (!empty($area['password'])) {
+							$context['password_areas'][] = $area_id;
+			}
 		}
 	}
 
 	// Is there an updated message to show?
-	if (isset($_GET['updated']))
-		$context['profile_updated'] = $txt['profile_updated_own'];
+	if (isset($_GET['updated'])) {
+			$context['profile_updated'] = $txt['profile_updated_own'];
+	}
 
 	// Set a few options for the menu.
 	$menuOptions = array(
@@ -465,8 +475,9 @@ 
 	$profile_include_data = createMenu($profile_areas, $menuOptions);
 
 	// No menu means no access.
-	if (!$profile_include_data && (!$user_info['is_guest'] || validateSession()))
-		fatal_lang_error('no_access', false);
+	if (!$profile_include_data && (!$user_info['is_guest'] || validateSession())) {
+			fatal_lang_error('no_access', false);
+	}
 
 	// Make a note of the Unique ID for this menu.
 	$context['profile_menu_id'] = $context['max_menu_id'];
@@ -492,8 +503,9 @@ 
 			if ($current_area == $area_id)
 			{
 				// This can't happen - but is a security check.
-				if ((isset($section['enabled']) && $section['enabled'] == false) || (isset($area['enabled']) && $area['enabled'] == false))
-					fatal_lang_error('no_access', false);
+				if ((isset($section['enabled']) && $section['enabled'] == false) || (isset($area['enabled']) && $area['enabled'] == false)) {
+									fatal_lang_error('no_access', false);
+				}
 
 				// Are we saving data in a valid area?
 				if (isset($area['sc']) && (isset($_REQUEST['save']) || $context['do_preview']))
@@ -512,12 +524,14 @@ 
 				}
 
 				// Does this require session validating?
-				if (!empty($area['validate']) || (isset($_REQUEST['save']) && !$context['user']['is_owner']))
-					$security_checks['validate'] = true;
+				if (!empty($area['validate']) || (isset($_REQUEST['save']) && !$context['user']['is_owner'])) {
+									$security_checks['validate'] = true;
+				}
 
 				// Permissions for good measure.
-				if (!empty($profile_include_data['permission']))
-					$security_checks['permission'] = $profile_include_data['permission'];
+				if (!empty($profile_include_data['permission'])) {
+									$security_checks['permission'] = $profile_include_data['permission'];
+				}
 
 				// Either way got something.
 				$found_area = true;
@@ -526,21 +540,26 @@ 
 	}
 
 	// Oh dear, some serious security lapse is going on here... we'll put a stop to that!
-	if (!$found_area)
-		fatal_lang_error('no_access', false);
+	if (!$found_area) {
+			fatal_lang_error('no_access', false);
+	}
 
 	// Release this now.
 	unset($profile_areas);
 
 	// Now the context is setup have we got any security checks to carry out additional to that above?
-	if (isset($security_checks['session']))
-		checkSession($security_checks['session']);
-	if (isset($security_checks['validate']))
-		validateSession();
-	if (isset($security_checks['validateToken']))
-		validateToken($token_name, $token_type);
-	if (isset($security_checks['permission']))
-		isAllowedTo($security_checks['permission']);
+	if (isset($security_checks['session'])) {
+			checkSession($security_checks['session']);
+	}
+	if (isset($security_checks['validate'])) {
+			validateSession();
+	}
+	if (isset($security_checks['validateToken'])) {
+			validateToken($token_name, $token_type);
+	}
+	if (isset($security_checks['permission'])) {
+			isAllowedTo($security_checks['permission']);
+	}
 
 	// Create a token if needed.
 	if (isset($security_checks['needsToken']) || isset($security_checks['validateToken']))
@@ -550,8 +569,9 @@ 
 	}
 
 	// File to include?
-	if (isset($profile_include_data['file']))
-		require_once($sourcedir . '/' . $profile_include_data['file']);
+	if (isset($profile_include_data['file'])) {
+			require_once($sourcedir . '/' . $profile_include_data['file']);
+	}
 
 	// Build the link tree.
 	$context['linktree'][] = array(
@@ -559,17 +579,19 @@ 
 		'name' => sprintf($txt['profile_of_username'], $context['member']['name']),
 	);
 
-	if (!empty($profile_include_data['label']))
-		$context['linktree'][] = array(
+	if (!empty($profile_include_data['label'])) {
+			$context['linktree'][] = array(
 			'url' => $scripturl . '?action=profile' . ($memID != $user_info['id'] ? ';u=' . $memID : '') . ';area=' . $profile_include_data['current_area'],
 			'name' => $profile_include_data['label'],
 		);
+	}
 
-	if (!empty($profile_include_data['current_subsection']) && $profile_include_data['subsections'][$profile_include_data['current_subsection']][0] != $profile_include_data['label'])
-		$context['linktree'][] = array(
+	if (!empty($profile_include_data['current_subsection']) && $profile_include_data['subsections'][$profile_include_data['current_subsection']][0] != $profile_include_data['label']) {
+			$context['linktree'][] = array(
 			'url' => $scripturl . '?action=profile' . ($memID != $user_info['id'] ? ';u=' . $memID : '') . ';area=' . $profile_include_data['current_area'] . ';sa=' . $profile_include_data['current_subsection'],
 			'name' => $profile_include_data['subsections'][$profile_include_data['current_subsection']][0],
 		);
+	}
 
 	// Set the template for this area and add the profile layer.
 	$context['sub_template'] = $profile_include_data['function'];
@@ -595,12 +617,14 @@ 
 		if ($check_password)
 		{
 			// Check to ensure we're forcing SSL for authentication
-			if (!empty($modSettings['force_ssl']) && empty($maintenance) && !httpsOn())
-				fatal_lang_error('login_ssl_required');
+			if (!empty($modSettings['force_ssl']) && empty($maintenance) && !httpsOn()) {
+							fatal_lang_error('login_ssl_required');
+			}
 
 			// You didn't even enter a password!
-			if (trim($_POST['oldpasswrd']) == '')
-				$post_errors[] = 'no_password';
+			if (trim($_POST['oldpasswrd']) == '') {
+							$post_errors[] = 'no_password';
+			}
 
 			// Since the password got modified due to all the $_POST cleaning, lets undo it so we can get the correct password
 			$_POST['oldpasswrd'] = un_htmlspecialchars($_POST['oldpasswrd']);
@@ -609,42 +633,43 @@ 
 			$good_password = in_array(true, call_integration_hook('integrate_verify_password', array($cur_profile['member_name'], $_POST['oldpasswrd'], false)), true);
 
 			// Bad password!!!
-			if (!$good_password && !hash_verify_password($user_profile[$memID]['member_name'], un_htmlspecialchars(stripslashes($_POST['oldpasswrd'])), $user_info['passwd']))
-				$post_errors[] = 'bad_password';
+			if (!$good_password && !hash_verify_password($user_profile[$memID]['member_name'], un_htmlspecialchars(stripslashes($_POST['oldpasswrd'])), $user_info['passwd'])) {
+							$post_errors[] = 'bad_password';
+			}
 
 			// Warn other elements not to jump the gun and do custom changes!
-			if (in_array('bad_password', $post_errors))
-				$context['password_auth_failed'] = true;
+			if (in_array('bad_password', $post_errors)) {
+							$context['password_auth_failed'] = true;
+			}
 		}
 
 		// Change the IP address in the database.
-		if ($context['user']['is_owner'])
-			$profile_vars['member_ip'] = $user_info['ip'];
+		if ($context['user']['is_owner']) {
+					$profile_vars['member_ip'] = $user_info['ip'];
+		}
 
 		// Now call the sub-action function...
 		if ($current_area == 'activateaccount')
 		{
-			if (empty($post_errors))
-				activateAccount($memID);
-		}
-		elseif ($current_area == 'deleteaccount')
+			if (empty($post_errors)) {
+							activateAccount($memID);
+			}
+		} elseif ($current_area == 'deleteaccount')
 		{
 			if (empty($post_errors))
 			{
 				deleteAccount2($memID);
 				redirectexit();
 			}
-		}
-		elseif ($current_area == 'groupmembership' && empty($post_errors))
+		} elseif ($current_area == 'groupmembership' && empty($post_errors))
 		{
 			$msg = groupMembership2($profile_vars, $post_errors, $memID);
 
 			// Whatever we've done, we have nothing else to do here...
 			redirectexit('action=profile' . ($context['user']['is_owner'] ? '' : ';u=' . $memID) . ';area=groupmembership' . (!empty($msg) ? ';msg=' . $msg : ''));
-		}
-		elseif (in_array($current_area, array('account', 'forumprofile', 'theme')))
-			saveProfileFields();
-		else
+		} elseif (in_array($current_area, array('account', 'forumprofile', 'theme'))) {
+					saveProfileFields();
+		} else
 		{
 			$force_redirect = true;
 			// Ensure we include this.
@@ -660,34 +685,36 @@ 
 			// Load the language file so we can give a nice explanation of the errors.
 			loadLanguage('Errors');
 			$context['post_errors'] = $post_errors;
-		}
-		elseif (!empty($profile_vars))
+		} elseif (!empty($profile_vars))
 		{
 			// If we've changed the password, notify any integration that may be listening in.
-			if (isset($profile_vars['passwd']))
-				call_integration_hook('integrate_reset_pass', array($cur_profile['member_name'], $cur_profile['member_name'], $_POST['passwrd2']));
+			if (isset($profile_vars['passwd'])) {
+							call_integration_hook('integrate_reset_pass', array($cur_profile['member_name'], $cur_profile['member_name'], $_POST['passwrd2']));
+			}
 
 			updateMemberData($memID, $profile_vars);
 
 			// What if this is the newest member?
-			if ($modSettings['latestMember'] == $memID)
-				updateStats('member');
-			elseif (isset($profile_vars['real_name']))
-				updateSettings(array('memberlist_updated' => time()));
+			if ($modSettings['latestMember'] == $memID) {
+							updateStats('member');
+			} elseif (isset($profile_vars['real_name'])) {
+							updateSettings(array('memberlist_updated' => time()));
+			}
 
 			// If the member changed his/her birthdate, update calendar statistics.
-			if (isset($profile_vars['birthdate']) || isset($profile_vars['real_name']))
-				updateSettings(array(
+			if (isset($profile_vars['birthdate']) || isset($profile_vars['real_name'])) {
+							updateSettings(array(
 					'calendar_updated' => time(),
 				));
+			}
 
 			// Anything worth logging?
 			if (!empty($context['log_changes']) && !empty($modSettings['modlog_enabled']))
 			{
 				$log_changes = array();
 				require_once($sourcedir . '/Logging.php');
-				foreach ($context['log_changes'] as $k => $v)
-					$log_changes[] = array(
+				foreach ($context['log_changes'] as $k => $v) {
+									$log_changes[] = array(
 						'action' => $k,
 						'log_type' => 'user',
 						'extra' => array_merge($v, array(
@@ -695,14 +722,16 @@ 
 							'member_affected' => $memID,
 						)),
 					);
+				}
 
 				logActions($log_changes);
 			}
 
 			// Have we got any post save functions to execute?
-			if (!empty($context['profile_execute_on_save']))
-				foreach ($context['profile_execute_on_save'] as $saveFunc)
+			if (!empty($context['profile_execute_on_save'])) {
+							foreach ($context['profile_execute_on_save'] as $saveFunc)
 					$saveFunc();
+			}
 
 			// Let them know it worked!
 			$context['profile_updated'] = $context['user']['is_owner'] ? $txt['profile_updated_own'] : sprintf($txt['profile_updated_else'], $cur_profile['member_name']);
@@ -716,27 +745,31 @@ 
 	if (!empty($post_errors))
 	{
 		// Set all the errors so the template knows what went wrong.
-		foreach ($post_errors as $error_type)
-			$context['modify_error'][$error_type] = true;
+		foreach ($post_errors as $error_type) {
+					$context['modify_error'][$error_type] = true;
+		}
 	}
 	// If it's you then we should redirect upon save.
-	elseif (!empty($profile_vars) && $context['user']['is_owner'] && !$context['do_preview'])
-		redirectexit('action=profile;area=' . $current_area . (!empty($current_sa) ? ';sa=' . $current_sa : '') . ';updated');
-	elseif (!empty($force_redirect))
-		redirectexit('action=profile' . ($context['user']['is_owner'] ? '' : ';u=' . $memID) . ';area=' . $current_area);
+	elseif (!empty($profile_vars) && $context['user']['is_owner'] && !$context['do_preview']) {
+			redirectexit('action=profile;area=' . $current_area . (!empty($current_sa) ? ';sa=' . $current_sa : '') . ';updated');
+	} elseif (!empty($force_redirect)) {
+			redirectexit('action=profile' . ($context['user']['is_owner'] ? '' : ';u=' . $memID) . ';area=' . $current_area);
+	}
 
 
 	// Get the right callable.
 	$call = call_helper($profile_include_data['function'], true);
 
 	// Is it valid?
-	if (!empty($call))
-		call_user_func($call, $memID);
+	if (!empty($call)) {
+			call_user_func($call, $memID);
+	}
 
 	// Set the page title if it's not already set...
-	if (!isset($context['page_title']))
-		$context['page_title'] = $txt['profile'] . (isset($txt[$current_area]) ? ' - ' . $txt[$current_area] : '');
-}
+	if (!isset($context['page_title'])) {
+			$context['page_title'] = $txt['profile'] . (isset($txt[$current_area]) ? ' - ' . $txt[$current_area] : '');
+	}
+	}
 
 /**
  * Set up the requirements for the profile popup - the area that is shown as the popup menu for the current user.
@@ -859,16 +892,18 @@ 
 	if (!allowedTo('admin_forum') && $area != 'register')
 	{
 		// If it's the owner they can see two types of private fields, regardless.
-		if ($memID == $user_info['id'])
-			$where .= $area == 'summary' ? ' AND private < 3' : ' AND (private = 0 OR private = 2)';
-		else
-			$where .= $area == 'summary' ? ' AND private < 2' : ' AND private = 0';
+		if ($memID == $user_info['id']) {
+					$where .= $area == 'summary' ? ' AND private < 3' : ' AND (private = 0 OR private = 2)';
+		} else {
+					$where .= $area == 'summary' ? ' AND private < 2' : ' AND private = 0';
+		}
 	}
 
-	if ($area == 'register')
-		$where .= ' AND show_reg != 0';
-	elseif ($area != 'summary')
-		$where .= ' AND show_profile = {string:area}';
+	if ($area == 'register') {
+			$where .= ' AND show_reg != 0';
+	} elseif ($area != 'summary') {
+			$where .= ' AND show_profile = {string:area}';
+	}
 
 	// Load all the relevant fields - and data.
 	$request = $smcFunc['db_query']('', '
@@ -894,13 +929,15 @@ 
 		if (isset($_POST['customfield']) && isset($_POST['customfield'][$row['col_name']]))
 		{
 			$value = $smcFunc['htmlspecialchars']($_POST['customfield'][$row['col_name']]);
-			if (in_array($row['field_type'], array('select', 'radio')))
-					$value = ($options = explode(',', $row['field_options'])) && isset($options[$value]) ? $options[$value] : '';
+			if (in_array($row['field_type'], array('select', 'radio'))) {
+								$value = ($options = explode(',', $row['field_options'])) && isset($options[$value]) ? $options[$value] : '';
+			}
 		}
 
 		// Don't show the "disabled" option for the "gender" field if we are on the "summary" area.
-		if ($area == 'summary' && $row['col_name'] == 'cust_gender' && $value == 'None')
-			continue;
+		if ($area == 'summary' && $row['col_name'] == 'cust_gender' && $value == 'None') {
+					continue;
+		}
 
 		// HTML for the input form.
 		$output_html = $value;
@@ -909,8 +946,7 @@ 
 			$true = (!$exists && $row['default_value']) || $value;
 			$input_html = '<input type="checkbox" name="customfield[' . $row['col_name'] . ']" id="customfield[' . $row['col_name'] . ']"' . ($true ? ' checked' : '') . '>';
 			$output_html = $true ? $txt['yes'] : $txt['no'];
-		}
-		elseif ($row['field_type'] == 'select')
+		} elseif ($row['field_type'] == 'select')
 		{
 			$input_html = '<select name="customfield[' . $row['col_name'] . ']" id="customfield[' . $row['col_name'] . ']"><option value="-1"></option>';
 			$options = explode(',', $row['field_options']);
@@ -918,13 +954,13 @@ 
 			{
 				$true = (!$exists && $row['default_value'] == $v) || $value == $v;
 				$input_html .= '<option value="' . $k . '"' . ($true ? ' selected' : '') . '>' . $v . '</option>';
-				if ($true)
-					$output_html = $v;
+				if ($true) {
+									$output_html = $v;
+				}
 			}
 
 			$input_html .= '</select>';
-		}
-		elseif ($row['field_type'] == 'radio')
+		} elseif ($row['field_type'] == 'radio')
 		{
 			$input_html = '<fieldset>';
 			$options = explode(',', $row['field_options']);
@@ -932,36 +968,37 @@ 
 			{
 				$true = (!$exists && $row['default_value'] == $v) || $value == $v;
 				$input_html .= '<label for="customfield_' . $row['col_name'] . '_' . $k . '"><input type="radio" name="customfield[' . $row['col_name'] . ']" id="customfield_' . $row['col_name'] . '_' . $k . '" value="' . $k . '"' . ($true ? ' checked' : '') . '>' . $v . '</label><br>';
-				if ($true)
-					$output_html = $v;
+				if ($true) {
+									$output_html = $v;
+				}
 			}
 			$input_html .= '</fieldset>';
-		}
-		elseif ($row['field_type'] == 'text')
+		} elseif ($row['field_type'] == 'text')
 		{
 			$input_html = '<input type="text" name="customfield[' . $row['col_name'] . ']" id="customfield[' . $row['col_name'] . ']"' . ($row['field_length'] != 0 ? ' maxlength="' . $row['field_length'] . '"' : '') . ' size="' . ($row['field_length'] == 0 || $row['field_length'] >= 50 ? 50 : ($row['field_length'] > 30 ? 30 : ($row['field_length'] > 10 ? 20 : 10))) . '" value="' . un_htmlspecialchars($value) . '"' . ($row['show_reg'] == 2 ? ' required' : '') . '>';
-		}
-		else
+		} else
 		{
 			@list ($rows, $cols) = @explode(',', $row['default_value']);
 			$input_html = '<textarea name="customfield[' . $row['col_name'] . ']" id="customfield[' . $row['col_name'] . ']"' . (!empty($rows) ? ' rows="' . $rows . '"' : '') . (!empty($cols) ? ' cols="' . $cols . '"' : '') . ($row['show_reg'] == 2 ? ' required' : '') . '>' . un_htmlspecialchars($value) . '</textarea>';
 		}
 
 		// Parse BBCode
-		if ($row['bbc'])
-			$output_html = parse_bbc($output_html);
-		elseif ($row['field_type'] == 'textarea')
-			// Allow for newlines at least
+		if ($row['bbc']) {
+					$output_html = parse_bbc($output_html);
+		} elseif ($row['field_type'] == 'textarea') {
+					// Allow for newlines at least
 			$output_html = strtr($output_html, array("\n" => '<br>'));
+		}
 
 		// Enclosing the user input within some other text?
-		if (!empty($row['enclose']) && !empty($output_html))
-			$output_html = strtr($row['enclose'], array(
+		if (!empty($row['enclose']) && !empty($output_html)) {
+					$output_html = strtr($row['enclose'], array(
 				'{SCRIPTURL}' => $scripturl,
 				'{IMAGES_URL}' => $settings['images_url'],
 				'{DEFAULT_IMAGES_URL}' => $settings['default_images_url'],
 				'{INPUT}' => un_htmlspecialchars($output_html),
 			));
+		}
 
 		$context['custom_fields'][] = array(
 			'name' => $row['field_name'],

Sources/DbExtra-mysql.php

Braces +66 added lines, -46 removed lines

@@ -13,8 +13,9 @@ 
  * @version 2.1 Beta 4
  */
 
-if (!defined('SMF'))
+if (!defined('SMF')) {
 	die('No direct access...');
+}
 
 /**
  * Add the functions implemented in this file to the $smcFunc array.
@@ -23,8 +24,8 @@ 
 {
 	global $smcFunc;
 
-	if (!isset($smcFunc['db_backup_table']) || $smcFunc['db_backup_table'] != 'smf_db_backup_table')
-		$smcFunc += array(
+	if (!isset($smcFunc['db_backup_table']) || $smcFunc['db_backup_table'] != 'smf_db_backup_table') {
+			$smcFunc += array(
 			'db_backup_table' => 'smf_db_backup_table',
 			'db_optimize_table' => 'smf_db_optimize_table',
 			'db_table_sql' => 'smf_db_table_sql',
@@ -32,7 +33,8 @@ 
 			'db_get_version' => 'smf_db_get_version',
 			'db_get_vendor' => 'smf_db_get_vendor',
 		);
-}
+	}
+	}
 
 /**
  * Backup $table to $backup_table.
@@ -74,8 +76,9 @@ 
 			));
 
 		// Old school or no school?
-		if ($request)
-			return $request;
+		if ($request) {
+					return $request;
+		}
 	}
 
 	// At this point, the quick method failed.
@@ -99,8 +102,9 @@ 
 	foreach ($create as $k => $l)
 	{
 		// Get the name of the auto_increment column.
-		if (strpos($l, 'auto_increment'))
-			$auto_inc = trim($l);
+		if (strpos($l, 'auto_increment')) {
+					$auto_inc = trim($l);
+		}
 
 		// For the engine type, see if we can work out what it is.
 		if (strpos($l, 'ENGINE') !== false || strpos($l, 'TYPE') !== false)
@@ -108,30 +112,36 @@ 
 			// Extract the engine type.
 			preg_match('~(ENGINE|TYPE)=(\w+)(\sDEFAULT)?(\sCHARSET=(\w+))?(\sCOLLATE=(\w+))?~', $l, $match);
 
-			if (!empty($match[1]))
-				$engine = $match[1];
+			if (!empty($match[1])) {
+							$engine = $match[1];
+			}
 
-			if (!empty($match[2]))
-				$engine = $match[2];
+			if (!empty($match[2])) {
+							$engine = $match[2];
+			}
 
-			if (!empty($match[5]))
-				$charset = $match[5];
+			if (!empty($match[5])) {
+							$charset = $match[5];
+			}
 
-			if (!empty($match[7]))
-				$collate = $match[7];
+			if (!empty($match[7])) {
+							$collate = $match[7];
+			}
 		}
 
 		// Skip everything but keys...
-		if (strpos($l, 'KEY') === false)
-			unset($create[$k]);
+		if (strpos($l, 'KEY') === false) {
+					unset($create[$k]);
+		}
 	}
 
-	if (!empty($create))
-		$create = '(
+	if (!empty($create)) {
+			$create = '(
 			' . implode('
 			', $create) . ')';
-	else
-		$create = '';
+	} else {
+			$create = '';
+	}
 
 	$request = $smcFunc['db_query']('', '
 		CREATE TABLE {raw:backup_table} {raw:create}
@@ -150,8 +160,9 @@ 
 
 	if ($auto_inc != '')
 	{
-		if (preg_match('~\`(.+?)\`\s~', $auto_inc, $match) != 0 && substr($auto_inc, -1, 1) == ',')
-			$auto_inc = substr($auto_inc, 0, -1);
+		if (preg_match('~\`(.+?)\`\s~', $auto_inc, $match) != 0 && substr($auto_inc, -1, 1) == ',') {
+					$auto_inc = substr($auto_inc, 0, -1);
+		}
 
 		$smcFunc['db_query']('', '
 			ALTER TABLE {raw:backup_table}
@@ -195,8 +206,9 @@ 
 				'table' => $table,
 			)
 		);
-	if (!$request)
-		return -1;
+	if (!$request) {
+			return -1;
+	}
 
 	// How much left?
 	$request = $smcFunc['db_query']('', '
@@ -239,8 +251,9 @@ 
 		)
 	);
 	$tables = array();
-	while ($row = $smcFunc['db_fetch_row']($request))
-		$tables[] = $row[0];
+	while ($row = $smcFunc['db_fetch_row']($request)) {
+			$tables[] = $row[0];
+	}
 	$smcFunc['db_free_result']($request);
 
 	return $tables;
@@ -284,8 +297,9 @@ 
 		if (!empty($row['Default']) || $row['Null'] !== 'YES')
 		{
 			// Make a special case of auto-timestamp.
-			if ($row['Default'] == 'CURRENT_TIMESTAMP')
-				$schema_create .= ' /*!40102 NOT NULL default CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP */';
+			if ($row['Default'] == 'CURRENT_TIMESTAMP') {
+							$schema_create .= ' /*!40102 NOT NULL default CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP */';
+			}
 			// Text shouldn't have a default.
 			elseif ($row['Default'] !== null)
 			{
@@ -320,14 +334,16 @@ 
 		$row['Key_name'] = $row['Key_name'] == 'PRIMARY' ? 'PRIMARY KEY' : (empty($row['Non_unique']) ? 'UNIQUE ' : ($row['Comment'] == 'FULLTEXT' || (isset($row['Index_type']) && $row['Index_type'] == 'FULLTEXT') ? 'FULLTEXT ' : 'KEY ')) . '`' . $row['Key_name'] . '`';
 
 		// Is this the first column in the index?
-		if (empty($indexes[$row['Key_name']]))
-			$indexes[$row['Key_name']] = array();
+		if (empty($indexes[$row['Key_name']])) {
+					$indexes[$row['Key_name']] = array();
+		}
 
 		// A sub part, like only indexing 15 characters of a varchar.
-		if (!empty($row['Sub_part']))
-			$indexes[$row['Key_name']][$row['Seq_in_index']] = '`' . $row['Column_name'] . '`(' . $row['Sub_part'] . ')';
-		else
-			$indexes[$row['Key_name']][$row['Seq_in_index']] = '`' . $row['Column_name'] . '`';
+		if (!empty($row['Sub_part'])) {
+					$indexes[$row['Key_name']][$row['Seq_in_index']] = '`' . $row['Column_name'] . '`(' . $row['Sub_part'] . ')';
+		} else {
+					$indexes[$row['Key_name']][$row['Seq_in_index']] = '`' . $row['Column_name'] . '`';
+		}
 	}
 	$smcFunc['db_free_result']($result);
 
@@ -365,8 +381,9 @@ 
 {
 	static $ver;
 
-	if (!empty($ver))
-		return $ver;
+	if (!empty($ver)) {
+			return $ver;
+	}
 
 	global $smcFunc;
 
@@ -391,8 +408,9 @@ 
 	global $smcFunc;
 	static $db_type;
 
-	if (!empty($db_type))
-		return $db_type;
+	if (!empty($db_type)) {
+			return $db_type;
+	}
 
 	$request = $smcFunc['db_query']('', 'SELECT @@version_comment');
 	list ($comment) = $smcFunc['db_fetch_row']($request);
@@ -401,13 +419,15 @@ 
 	// Skip these if we don't have a comment.
 	if (!empty($comment))
 	{
-		if (stripos($comment, 'percona') !== false)
-			return 'Percona';
-		if (stripos($comment, 'mariadb') !== false)
-			return 'MariaDB';
+		if (stripos($comment, 'percona') !== false) {
+					return 'Percona';
+		}
+		if (stripos($comment, 'mariadb') !== false) {
+					return 'MariaDB';
+		}
+	} else {
+			return 'fail';
 	}
-	else
-		return 'fail';
 
 	return 'MySQL';
 }

other/Settings.php

Braces +13 added lines, -8 removed lines

@@ -186,8 +186,9 @@ 
 
 ########## Error-Catching ##########
 # Note: You shouldn't touch these settings.
-if (file_exists(dirname(__FILE__) . '/db_last_error.php'))
+if (file_exists(dirname(__FILE__) . '/db_last_error.php')) {
 	include(dirname(__FILE__) . '/db_last_error.php');
+}
 
 if (!isset($db_last_error))
 {
@@ -199,20 +200,24 @@ 
 if (file_exists(dirname(__FILE__) . '/install.php'))
 {
 	$secure = false;
-	if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') 
-		$secure = true;
-	elseif (!empty($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https' || !empty($_SERVER['HTTP_X_FORWARDED_SSL']) && $_SERVER['HTTP_X_FORWARDED_SSL'] == 'on') 
-		$secure = true;
+	if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') {
+			$secure = true;
+	} elseif (!empty($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https' || !empty($_SERVER['HTTP_X_FORWARDED_SSL']) && $_SERVER['HTTP_X_FORWARDED_SSL'] == 'on') {
+			$secure = true;
+	}
 
 	header('Location: http' . ($secure ? 's' : '') . '://' . (empty($_SERVER['HTTP_HOST']) ? $_SERVER['SERVER_NAME'] . (empty($_SERVER['SERVER_PORT']) || $_SERVER['SERVER_PORT'] == '80' ? '' : ':' . $_SERVER['SERVER_PORT']) : $_SERVER['HTTP_HOST']) . (strtr(dirname($_SERVER['PHP_SELF']), '\\', '/') == '/' ? '' : strtr(dirname($_SERVER['PHP_SELF']), '\\', '/')) . '/install.php'); exit;
 }
 
 # Make sure the paths are correct... at least try to fix them.
-if (!file_exists($boarddir) && file_exists(dirname(__FILE__) . '/agreement.txt'))
+if (!file_exists($boarddir) && file_exists(dirname(__FILE__) . '/agreement.txt')) {
 	$boarddir = dirname(__FILE__);
-if (!file_exists($sourcedir) && file_exists($boarddir . '/Sources'))
+}
+if (!file_exists($sourcedir) && file_exists($boarddir . '/Sources')) {
 	$sourcedir = $boarddir . '/Sources';
-if (!file_exists($cachedir) && file_exists($boarddir . '/cache'))
+}
+if (!file_exists($cachedir) && file_exists($boarddir . '/cache')) {
 	$cachedir = $boarddir . '/cache';
+}
 
 ?>
\ No newline at end of file

Themes/default/Memberlist.template.php

Braces +30 added lines, -20 removed lines

@@ -27,9 +27,10 @@ 
 			<h3 class="catbg">
 				<span class="floatleft">', $txt['members_list'], '</span>';
 
-	if (!isset($context['old_search']))
-		echo '
+	if (!isset($context['old_search'])) {
+			echo '
 				<span class="floatright">', $context['letter_links'], '</span>';
+	}
 	echo '
 			</h3>
 		</div>';
@@ -44,20 +45,23 @@ 
 	foreach ($context['columns'] as $key => $column)
 	{
 		// @TODO maybe find something nicer?
-		if ($key == 'email_address' && !$context['can_send_email'])
-			continue;
+		if ($key == 'email_address' && !$context['can_send_email']) {
+					continue;
+		}
 
 		// This is a selected column, so underline it or some such.
-		if ($column['selected'])
-			echo '
+		if ($column['selected']) {
+					echo '
 						<th scope="col" class="', $key, isset($column['class']) ? ' ' . $column['class'] : '', ' selected" style="width: auto;"' . (isset($column['colspan']) ? ' colspan="' . $column['colspan'] . '"' : '') . '>
 							<a href="' . $column['href'] . '" rel="nofollow">' . $column['label'] . '</a><span class="generic_icons sort_' . $context['sort_direction'] . '"></span></th>';
+		}
 
 		// This is just some column... show the link and be done with it.
-		else
-			echo '
+		else {
+					echo '
 						<th scope="col" class="', $key, isset($column['class']) ? ' ' . $column['class'] : '', '"', isset($column['width']) ? ' style="width: ' . $column['width'] . '"' : '', isset($column['colspan']) ? ' colspan="' . $column['colspan'] . '"' : '', '>
 						', $column['link'], '</th>';
+		}
 	}
 
 	echo '
@@ -77,9 +81,10 @@ 
 						</td>
 						<td class="lefttext">', $member['link'], '</td>';
 
-			if (!isset($context['disabled_fields']['website']))
-				echo '
+			if (!isset($context['disabled_fields']['website'])) {
+							echo '
 						<td class="centertext website_url">', $member['website']['url'] != '' ? '<a href="' . $member['website']['url'] . '" target="_blank" rel="noopener"><span class="generic_icons www" title="' . $member['website']['title'] . '"></span></a>' : '', '</td>';
+			}
 
 			// Group and date.
 			echo '
@@ -92,32 +97,35 @@ 
 						<td class="centertext" style="white-space: nowrap; width: 15px">', $member['posts'], '</td>
 						<td class="centertext statsbar" style="width: 120px">';
 
-				if (!empty($member['post_percent']))
-					echo '
+				if (!empty($member['post_percent'])) {
+									echo '
 							<div class="bar" style="width: ', $member['post_percent'] + 4, 'px;">
 								<div style="width: ', $member['post_percent'], 'px;"></div>
 							</div>';
+				}
 
 				echo '
 						</td>';
 			}
 
 			// Show custom fields marked to be shown here
-			if (!empty($context['custom_profile_fields']['columns']))
-				foreach ($context['custom_profile_fields']['columns'] as $key => $column)
+			if (!empty($context['custom_profile_fields']['columns'])) {
+							foreach ($context['custom_profile_fields']['columns'] as $key => $column)
 					echo '
 						<td class="righttext">', $member['options'][$key], '</td>';
+			}
 
 			echo '
 					</tr>';
 		}
 	}
 	// No members?
-	else
-		echo '
+	else {
+			echo '
 					<tr>
 						<td colspan="', $context['colspan'], '" class="windowbg">', $txt['search_no_results'], '</td>
 					</tr>';
+	}
 
 	echo '
 				</tbody>
@@ -130,11 +138,12 @@ 
 			<div class="pagelinks floatleft">', $context['page_index'], '</div>';
 
 	// If it is displaying the result of a search show a "search again" link to edit their criteria.
-	if (isset($context['old_search']))
-		echo '
+	if (isset($context['old_search'])) {
+			echo '
 			<div class="buttonlist floatright">
 				<a class="button" href="', $scripturl, '?action=mlist;sa=search;search=', $context['old_search_value'], '">', $txt['mlist_search_again'], '</a>
 			</div>';
+	}
 	echo '
 		</div>
 	</div><!-- #memberlist -->';
@@ -174,12 +183,13 @@ 
 					<dd>
 						<ul>';
 
-	foreach ($context['search_fields'] as $id => $title)
-		echo '
+	foreach ($context['search_fields'] as $id => $title) {
+			echo '
 							<li>
 								<input type="checkbox" name="fields[]" id="fields-', $id, '" value="', $id, '"', in_array($id, $context['search_defaults']) ? ' checked' : '', '>
 								<label for="fields-', $id, '">', $title, '</label>
 							</li>';
+	}
 
 	echo '
 						</ul>

Sources/LogInOut.php

Braces +163 added lines, -127 removed lines

@@ -14,8 +14,9 @@ 
  * @version 2.1 Beta 4
  */
 
-if (!defined('SMF'))
+if (!defined('SMF')) {
 	die('No direct access...');
+}
 
 /**
  * Ask them for their login information. (shows a page for the user to type
@@ -29,8 +30,9 @@ 
 	global $txt, $context, $scripturl, $user_info;
 
 	// You are already logged in, go take a tour of the boards
-	if (!empty($user_info['id']))
-		redirectexit();
+	if (!empty($user_info['id'])) {
+			redirectexit();
+	}
 
 	// We need to load the Login template/language file.
 	loadLanguage('Login');
@@ -57,10 +59,11 @@ 
 	);
 
 	// Set the login URL - will be used when the login process is done (but careful not to send us to an attachment).
-	if (isset($_SESSION['old_url']) && strpos($_SESSION['old_url'], 'dlattach') === false && preg_match('~(board|topic)[=,]~', $_SESSION['old_url']) != 0)
-		$_SESSION['login_url'] = $_SESSION['old_url'];
-	elseif (isset($_SESSION['login_url']) && strpos($_SESSION['login_url'], 'dlattach') !== false)
-		unset($_SESSION['login_url']);
+	if (isset($_SESSION['old_url']) && strpos($_SESSION['old_url'], 'dlattach') === false && preg_match('~(board|topic)[=,]~', $_SESSION['old_url']) != 0) {
+			$_SESSION['login_url'] = $_SESSION['old_url'];
+	} elseif (isset($_SESSION['login_url']) && strpos($_SESSION['login_url'], 'dlattach') !== false) {
+			unset($_SESSION['login_url']);
+	}
 
 	// Create a one time token.
 	createToken('login');
@@ -83,8 +86,9 @@ 
 	global $cookiename, $modSettings, $context, $sourcedir, $maintenance;
 
 	// Check to ensure we're forcing SSL for authentication
-	if (!empty($modSettings['force_ssl']) && empty($maintenance) && !httpsOn())
-		fatal_lang_error('login_ssl_required');
+	if (!empty($modSettings['force_ssl']) && empty($maintenance) && !httpsOn()) {
+			fatal_lang_error('login_ssl_required');
+	}
 
 	// Load cookie authentication stuff.
 	require_once($sourcedir . '/Subs-Auth.php');
@@ -98,23 +102,26 @@ 
 	if (isset($_GET['sa']) && $_GET['sa'] == 'salt' && !$user_info['is_guest'])
 	{
 		// First check for 2.1 json-format cookie in $_COOKIE
-		if (isset($_COOKIE[$cookiename]) && preg_match('~^{"0":\d+,"1":"[0-9a-f]*","2":\d+~', $_COOKIE[$cookiename]) === 1)
-			list (,, $timeout) = $smcFunc['json_decode']($_COOKIE[$cookiename], true);
+		if (isset($_COOKIE[$cookiename]) && preg_match('~^{"0":\d+,"1":"[0-9a-f]*","2":\d+~', $_COOKIE[$cookiename]) === 1) {
+					list (,, $timeout) = $smcFunc['json_decode']($_COOKIE[$cookiename], true);
+		}
 
 		// Try checking for 2.1 json-format cookie in $_SESSION
-		elseif (isset($_SESSION['login_' . $cookiename]) && preg_match('~^{"0":\d+,"1":"[0-9a-f]*","2":\d+~', $_SESSION['login_' . $cookiename]) === 1)
-			list (,, $timeout) = $smcFunc['json_decode']($_SESSION['login_' . $cookiename]);
+		elseif (isset($_SESSION['login_' . $cookiename]) && preg_match('~^{"0":\d+,"1":"[0-9a-f]*","2":\d+~', $_SESSION['login_' . $cookiename]) === 1) {
+					list (,, $timeout) = $smcFunc['json_decode']($_SESSION['login_' . $cookiename]);
+		}
 
 		// Next, try checking for 2.0 serialized string cookie in $_COOKIE
-		elseif (isset($_COOKIE[$cookiename]) && preg_match('~^a:[34]:\{i:0;i:\d+;i:1;s:(0|128):"([a-fA-F0-9]{128})?";i:2;[id]:\d+;~', $_COOKIE[$cookiename]) === 1)
-			list (,, $timeout) = safe_unserialize($_COOKIE[$cookiename]);
+		elseif (isset($_COOKIE[$cookiename]) && preg_match('~^a:[34]:\{i:0;i:\d+;i:1;s:(0|128):"([a-fA-F0-9]{128})?";i:2;[id]:\d+;~', $_COOKIE[$cookiename]) === 1) {
+					list (,, $timeout) = safe_unserialize($_COOKIE[$cookiename]);
+		}
 
 		// Last, see if you need to fall back on checking for 2.0 serialized string cookie in $_SESSION
-		elseif (isset($_SESSION['login_' . $cookiename]) && preg_match('~^a:[34]:\{i:0;i:\d+;i:1;s:(0|128):"([a-fA-F0-9]{128})?";i:2;[id]:\d+;~', $_SESSION['login_' . $cookiename]) === 1)
-			list (,, $timeout) = safe_unserialize($_SESSION['login_' . $cookiename]);
-
-		else
-			trigger_error('Login2(): Cannot be logged in without a session or cookie', E_USER_ERROR);
+		elseif (isset($_SESSION['login_' . $cookiename]) && preg_match('~^a:[34]:\{i:0;i:\d+;i:1;s:(0|128):"([a-fA-F0-9]{128})?";i:2;[id]:\d+;~', $_SESSION['login_' . $cookiename]) === 1) {
+					list (,, $timeout) = safe_unserialize($_SESSION['login_' . $cookiename]);
+		} else {
+					trigger_error('Login2(): Cannot be logged in without a session or cookie', E_USER_ERROR);
+		}
 
 		$user_settings['password_salt'] = substr(md5(mt_rand()), 0, 4);
 		updateMemberData($user_info['id'], array('password_salt' => $user_settings['password_salt']));
@@ -127,10 +134,11 @@ 
 			list ($tfamember, $tfasecret, $exp, $domain, $path, $preserve) = $tfadata;
 
 			// If we're preserving the cookie, reset it with updated salt
-			if (isset($tfamember, $tfasecret, $exp, $domain, $path, $preserve) && $preserve && time() < $exp)
-				setTFACookie(3153600, $user_info['password_salt'], hash_salt($user_settings['tfa_backup'], $user_settings['password_salt']), true);
-			else
-				setTFACookie(-3600, 0, '');
+			if (isset($tfamember, $tfasecret, $exp, $domain, $path, $preserve) && $preserve && time() < $exp) {
+							setTFACookie(3153600, $user_info['password_salt'], hash_salt($user_settings['tfa_backup'], $user_settings['password_salt']), true);
+			} else {
+							setTFACookie(-3600, 0, '');
+			}
 		}
 
 		setLoginCookie($timeout - time(), $user_info['id'], hash_salt($user_settings['passwd'], $user_settings['password_salt']));
@@ -141,20 +149,20 @@ 
 	elseif (isset($_GET['sa']) && $_GET['sa'] == 'check')
 	{
 		// Strike!  You're outta there!
-		if ($_GET['member'] != $user_info['id'])
-			fatal_lang_error('login_cookie_error', false);
+		if ($_GET['member'] != $user_info['id']) {
+					fatal_lang_error('login_cookie_error', false);
+		}
 
 		$user_info['can_mod'] = allowedTo('access_mod_center') || (!$user_info['is_guest'] && ($user_info['mod_cache']['gq'] != '0=1' || $user_info['mod_cache']['bq'] != '0=1' || ($modSettings['postmod_active'] && !empty($user_info['mod_cache']['ap']))));
 
 		// Some whitelisting for login_url...
-		if (empty($_SESSION['login_url']))
-			redirectexit(empty($user_settings['tfa_secret']) ? '' : 'action=logintfa');
-		elseif (!empty($_SESSION['login_url']) && (strpos($_SESSION['login_url'], 'http://') === false && strpos($_SESSION['login_url'], 'https://') === false))
+		if (empty($_SESSION['login_url'])) {
+					redirectexit(empty($user_settings['tfa_secret']) ? '' : 'action=logintfa');
+		} elseif (!empty($_SESSION['login_url']) && (strpos($_SESSION['login_url'], 'http://') === false && strpos($_SESSION['login_url'], 'https://') === false))
 		{
 			unset ($_SESSION['login_url']);
 			redirectexit(empty($user_settings['tfa_secret']) ? '' : 'action=logintfa');
-		}
-		else
+		} else
 		{
 			// Best not to clutter the session data too much...
 			$temp = $_SESSION['login_url'];
@@ -165,8 +173,9 @@ 
 	}
 
 	// Beyond this point you are assumed to be a guest trying to login.
-	if (!$user_info['is_guest'])
-		redirectexit();
+	if (!$user_info['is_guest']) {
+			redirectexit();
+	}
 
 	// Are you guessing with a script?
 	checkSession();
@@ -174,18 +183,21 @@ 
 	spamProtection('login');
 
 	// Set the login_url if it's not already set (but careful not to send us to an attachment).
-	if ((empty($_SESSION['login_url']) && isset($_SESSION['old_url']) && strpos($_SESSION['old_url'], 'dlattach') === false && preg_match('~(board|topic)[=,]~', $_SESSION['old_url']) != 0) || (isset($_GET['quicklogin']) && isset($_SESSION['old_url']) && strpos($_SESSION['old_url'], 'login') === false))
-		$_SESSION['login_url'] = $_SESSION['old_url'];
+	if ((empty($_SESSION['login_url']) && isset($_SESSION['old_url']) && strpos($_SESSION['old_url'], 'dlattach') === false && preg_match('~(board|topic)[=,]~', $_SESSION['old_url']) != 0) || (isset($_GET['quicklogin']) && isset($_SESSION['old_url']) && strpos($_SESSION['old_url'], 'login') === false)) {
+			$_SESSION['login_url'] = $_SESSION['old_url'];
+	}
 
 	// Been guessing a lot, haven't we?
-	if (isset($_SESSION['failed_login']) && $_SESSION['failed_login'] >= $modSettings['failed_login_threshold'] * 3)
-		fatal_lang_error('login_threshold_fail', 'login');
+	if (isset($_SESSION['failed_login']) && $_SESSION['failed_login'] >= $modSettings['failed_login_threshold'] * 3) {
+			fatal_lang_error('login_threshold_fail', 'login');
+	}
 
 	// Set up the cookie length.  (if it's invalid, just fall through and use the default.)
-	if (isset($_POST['cookieneverexp']) || (!empty($_POST['cookielength']) && $_POST['cookielength'] == -1))
-		$modSettings['cookieTime'] = 3153600;
-	elseif (!empty($_POST['cookielength']) && ($_POST['cookielength'] >= 1 && $_POST['cookielength'] <= 525600))
-		$modSettings['cookieTime'] = (int) $_POST['cookielength'];
+	if (isset($_POST['cookieneverexp']) || (!empty($_POST['cookielength']) && $_POST['cookielength'] == -1)) {
+			$modSettings['cookieTime'] = 3153600;
+	} elseif (!empty($_POST['cookielength']) && ($_POST['cookielength'] >= 1 && $_POST['cookielength'] <= 525600)) {
+			$modSettings['cookieTime'] = (int) $_POST['cookielength'];
+	}
 
 	loadLanguage('Login');
 	// Load the template stuff.
@@ -305,8 +317,9 @@ 
 			$other_passwords[] = crypt(md5($_POST['passwrd']), md5($_POST['passwrd']));
 
 			// Snitz style - SHA-256.  Technically, this is a downgrade, but most PHP configurations don't support sha256 anyway.
-			if (strlen($user_settings['passwd']) == 64 && function_exists('mhash') && defined('MHASH_SHA256'))
-				$other_passwords[] = bin2hex(mhash(MHASH_SHA256, $_POST['passwrd']));
+			if (strlen($user_settings['passwd']) == 64 && function_exists('mhash') && defined('MHASH_SHA256')) {
+							$other_passwords[] = bin2hex(mhash(MHASH_SHA256, $_POST['passwrd']));
+			}
 
 			// phpBB3 users new hashing.  We now support it as well ;).
 			$other_passwords[] = phpBB3_password_check($_POST['passwrd'], $user_settings['passwd']);
@@ -326,27 +339,29 @@ 
 			// Some common md5 ones.
 			$other_passwords[] = md5($user_settings['password_salt'] . $_POST['passwrd']);
 			$other_passwords[] = md5($_POST['passwrd'] . $user_settings['password_salt']);
-		}
-		elseif (strlen($user_settings['passwd']) == 40)
+		} elseif (strlen($user_settings['passwd']) == 40)
 		{
 			// Maybe they are using a hash from before the password fix.
 			// This is also valid for SMF 1.1 to 2.0 style of hashing, changed to bcrypt in SMF 2.1
 			$other_passwords[] = sha1(strtolower($user_settings['member_name']) . un_htmlspecialchars($_POST['passwrd']));
 
 			// BurningBoard3 style of hashing.
-			if (!empty($modSettings['enable_password_conversion']))
-				$other_passwords[] = sha1($user_settings['password_salt'] . sha1($user_settings['password_salt'] . sha1($_POST['passwrd'])));
+			if (!empty($modSettings['enable_password_conversion'])) {
+							$other_passwords[] = sha1($user_settings['password_salt'] . sha1($user_settings['password_salt'] . sha1($_POST['passwrd'])));
+			}
 
 			// Perhaps we converted to UTF-8 and have a valid password being hashed differently.
 			if ($context['character_set'] == 'UTF-8' && !empty($modSettings['previousCharacterSet']) && $modSettings['previousCharacterSet'] != 'utf8')
 			{
 				// Try iconv first, for no particular reason.
-				if (function_exists('iconv'))
-					$other_passwords['iconv'] = sha1(strtolower(iconv('UTF-8', $modSettings['previousCharacterSet'], $user_settings['member_name'])) . un_htmlspecialchars(iconv('UTF-8', $modSettings['previousCharacterSet'], $_POST['passwrd'])));
+				if (function_exists('iconv')) {
+									$other_passwords['iconv'] = sha1(strtolower(iconv('UTF-8', $modSettings['previousCharacterSet'], $user_settings['member_name'])) . un_htmlspecialchars(iconv('UTF-8', $modSettings['previousCharacterSet'], $_POST['passwrd'])));
+				}
 
 				// Say it aint so, iconv failed!
-				if (empty($other_passwords['iconv']) && function_exists('mb_convert_encoding'))
-					$other_passwords[] = sha1(strtolower(mb_convert_encoding($user_settings['member_name'], 'UTF-8', $modSettings['previousCharacterSet'])) . un_htmlspecialchars(mb_convert_encoding($_POST['passwrd'], 'UTF-8', $modSettings['previousCharacterSet'])));
+				if (empty($other_passwords['iconv']) && function_exists('mb_convert_encoding')) {
+									$other_passwords[] = sha1(strtolower(mb_convert_encoding($user_settings['member_name'], 'UTF-8', $modSettings['previousCharacterSet'])) . un_htmlspecialchars(mb_convert_encoding($_POST['passwrd'], 'UTF-8', $modSettings['previousCharacterSet'])));
+				}
 			}
 		}
 
@@ -376,8 +391,9 @@ 
 			$_SESSION['failed_login'] = isset($_SESSION['failed_login']) ? ($_SESSION['failed_login'] + 1) : 1;
 
 			// Hmm... don't remember it, do you?  Here, try the password reminder ;).
-			if ($_SESSION['failed_login'] >= $modSettings['failed_login_threshold'])
-				redirectexit('action=reminder');
+			if ($_SESSION['failed_login'] >= $modSettings['failed_login_threshold']) {
+							redirectexit('action=reminder');
+			}
 			// We'll give you another chance...
 			else
 			{
@@ -388,8 +404,7 @@ 
 				return;
 			}
 		}
-	}
-	elseif (!empty($user_settings['passwd_flood']))
+	} elseif (!empty($user_settings['passwd_flood']))
 	{
 		// Let's be sure they weren't a little hacker.
 		validatePasswordFlood($user_settings['id_member'], $user_settings['member_name'], $user_settings['passwd_flood'], true);
@@ -406,8 +421,9 @@ 
 	}
 
 	// Check their activation status.
-	if (!checkActivation())
-		return;
+	if (!checkActivation()) {
+			return;
+	}
 
 	DoLogin();
 }
@@ -419,8 +435,9 @@ 
 {
 	global $sourcedir, $txt, $context, $user_info, $modSettings, $scripturl;
 
-	if (!$user_info['is_guest'] || empty($context['tfa_member']) || empty($modSettings['tfa_mode']))
-		fatal_lang_error('no_access', false);
+	if (!$user_info['is_guest'] || empty($context['tfa_member']) || empty($modSettings['tfa_mode'])) {
+			fatal_lang_error('no_access', false);
+	}
 
 	loadLanguage('Profile');
 	require_once($sourcedir . '/Class-TOTP.php');
@@ -428,8 +445,9 @@ 
 	$member = $context['tfa_member'];
 
 	// Prevent replay attacks by limiting at least 2 minutes before they can log in again via 2FA
-	if (time() - $member['last_login'] < 120)
-		fatal_lang_error('tfa_wait', false);
+	if (time() - $member['last_login'] < 120) {
+			fatal_lang_error('tfa_wait', false);
+	}
 
 	$totp = new \TOTP\Auth($member['tfa_secret']);
 	$totp->setRange(1);
@@ -443,8 +461,9 @@ 
 	if (!empty($_POST['tfa_code']) && empty($_POST['tfa_backup']))
 	{
 		// Check to ensure we're forcing SSL for authentication
-		if (!empty($modSettings['force_ssl']) && empty($maintenance) && !httpsOn())
-			fatal_lang_error('login_ssl_required');
+		if (!empty($modSettings['force_ssl']) && empty($maintenance) && !httpsOn()) {
+					fatal_lang_error('login_ssl_required');
+		}
 
 		$code = $_POST['tfa_code'];
 
@@ -454,20 +473,19 @@ 
 
 			setTFACookie(3153600, $member['id_member'], hash_salt($member['tfa_backup'], $member['password_salt']), !empty($_POST['tfa_preserve']));
 			redirectexit();
-		}
-		else
+		} else
 		{
 			validatePasswordFlood($member['id_member'], $member['member_name'], $member['passwd_flood'], false, true);
 
 			$context['tfa_error'] = true;
 			$context['tfa_value'] = $_POST['tfa_code'];
 		}
-	}
-	elseif (!empty($_POST['tfa_backup']))
+	} elseif (!empty($_POST['tfa_backup']))
 	{
 		// Check to ensure we're forcing SSL for authentication
-		if (!empty($modSettings['force_ssl']) && empty($maintenance) && !httpsOn())
-			fatal_lang_error('login_ssl_required');
+		if (!empty($modSettings['force_ssl']) && empty($maintenance) && !httpsOn()) {
+					fatal_lang_error('login_ssl_required');
+		}
 
 		$backup = $_POST['tfa_backup'];
 
@@ -481,8 +499,7 @@ 
 			));
 			setTFACookie(3153600, $member['id_member'], hash_salt($member['tfa_backup'], $member['password_salt']));
 			redirectexit('action=profile;area=tfasetup;backup');
-		}
-		else
+		} else
 		{
 			validatePasswordFlood($member['id_member'], $member['member_name'], $member['passwd_flood'], false, true);
 
@@ -505,8 +522,9 @@ 
 {
 	global $context, $txt, $scripturl, $user_settings, $modSettings;
 
-	if (!isset($context['login_errors']))
-		$context['login_errors'] = array();
+	if (!isset($context['login_errors'])) {
+			$context['login_errors'] = array();
+	}
 
 	// What is the true activation status of this account?
 	$activation_status = $user_settings['is_activated'] > 10 ? $user_settings['is_activated'] - 10 : $user_settings['is_activated'];
@@ -518,8 +536,9 @@ 
 		return false;
 	}
 	// Awaiting approval still?
-	elseif ($activation_status == 3)
-		fatal_lang_error('still_awaiting_approval', 'user');
+	elseif ($activation_status == 3) {
+			fatal_lang_error('still_awaiting_approval', 'user');
+	}
 	// Awaiting deletion, changed their mind?
 	elseif ($activation_status == 4)
 	{
@@ -527,8 +546,7 @@ 
 		{
 			updateMemberData($user_settings['id_member'], array('is_activated' => 1));
 			updateSettings(array('unapprovedMembers' => ($modSettings['unapprovedMembers'] > 0 ? $modSettings['unapprovedMembers'] - 1 : 0)));
-		}
-		else
+		} else
 		{
 			$context['disable_login_hashing'] = true;
 			$context['login_errors'][] = $txt['awaiting_delete_account'];
@@ -568,8 +586,9 @@ 
 	setLoginCookie(60 * $modSettings['cookieTime'], $user_settings['id_member'], hash_salt($user_settings['passwd'], $user_settings['password_salt']));
 
 	// Reset the login threshold.
-	if (isset($_SESSION['failed_login']))
-		unset($_SESSION['failed_login']);
+	if (isset($_SESSION['failed_login'])) {
+			unset($_SESSION['failed_login']);
+	}
 
 	$user_info['is_guest'] = false;
 	$user_settings['additional_groups'] = explode(',', $user_settings['additional_groups']);
@@ -591,16 +610,18 @@ 
 			'id_member' => $user_info['id'],
 		)
 	);
-	if ($smcFunc['db_num_rows']($request) == 1)
-		$_SESSION['first_login'] = true;
-	else
-		unset($_SESSION['first_login']);
+	if ($smcFunc['db_num_rows']($request) == 1) {
+			$_SESSION['first_login'] = true;
+	} else {
+			unset($_SESSION['first_login']);
+	}
 	$smcFunc['db_free_result']($request);
 
 	// You've logged in, haven't you?
 	$update = array('member_ip' => $user_info['ip'], 'member_ip2' => $_SERVER['BAN_CHECK_IP']);
-	if (empty($user_settings['tfa_secret']))
-		$update['last_login'] = time();
+	if (empty($user_settings['tfa_secret'])) {
+			$update['last_login'] = time();
+	}
 	updateMemberData($user_info['id'], $update);
 
 	// Get rid of the online entry for that old guest....
@@ -614,8 +635,8 @@ 
 	$_SESSION['log_time'] = 0;
 
 	// Log this entry, only if we have it enabled.
-	if (!empty($modSettings['loginHistoryDays']))
-		$smcFunc['db_insert']('insert',
+	if (!empty($modSettings['loginHistoryDays'])) {
+			$smcFunc['db_insert']('insert',
 			'{db_prefix}member_logins',
 			array(
 				'id_member' => 'int', 'time' => 'int', 'ip' => 'inet', 'ip2' => 'inet',
@@ -627,13 +648,15 @@ 
 				'id_member', 'time'
 			)
 		);
+	}
 
 	// Just log you back out if it's in maintenance mode and you AREN'T an admin.
-	if (empty($maintenance) || allowedTo('admin_forum'))
-		redirectexit('action=login2;sa=check;member=' . $user_info['id'], $context['server']['needs_login_fix']);
-	else
-		redirectexit('action=logout;' . $context['session_var'] . '=' . $context['session_id'], $context['server']['needs_login_fix']);
-}
+	if (empty($maintenance) || allowedTo('admin_forum')) {
+			redirectexit('action=login2;sa=check;member=' . $user_info['id'], $context['server']['needs_login_fix']);
+	} else {
+			redirectexit('action=logout;' . $context['session_var'] . '=' . $context['session_id'], $context['server']['needs_login_fix']);
+	}
+	}
 
 /**
  * Logs the current user out of their account.
@@ -649,13 +672,15 @@ 
 	global $sourcedir, $user_info, $user_settings, $context, $smcFunc, $cookiename, $modSettings;
 
 	// Make sure they aren't being auto-logged out.
-	if (!$internal)
-		checkSession('get');
+	if (!$internal) {
+			checkSession('get');
+	}
 
 	require_once($sourcedir . '/Subs-Auth.php');
 
-	if (isset($_SESSION['pack_ftp']))
-		$_SESSION['pack_ftp'] = null;
+	if (isset($_SESSION['pack_ftp'])) {
+			$_SESSION['pack_ftp'] = null;
+	}
 
 	// It won't be first login anymore.
 	unset($_SESSION['first_login']);
@@ -683,8 +708,9 @@ 
 
 	// And some other housekeeping while we're at it.
 	$salt = substr(md5(mt_rand()), 0, 4);
-	if (!empty($user_info['id']))
-		updateMemberData($user_info['id'], array('password_salt' => $salt));
+	if (!empty($user_info['id'])) {
+			updateMemberData($user_info['id'], array('password_salt' => $salt));
+	}
 
 	if (!empty($modSettings['tfa_mode']) && !empty($user_info['id']) && !empty($_COOKIE[$cookiename . '_tfa']))
 	{
@@ -693,10 +719,11 @@ 
 		list ($tfamember, $tfasecret, $exp, $domain, $path, $preserve) = $tfadata;
 
 		// If we're preserving the cookie, reset it with updated salt
-		if (isset($tfamember, $tfasecret, $exp, $domain, $path, $preserve) && $preserve && time() < $exp)
-			setTFACookie(3153600, $user_info['id'], hash_salt($user_settings['tfa_backup'], $salt), true);
-		else
-			setTFACookie(-3600, 0, '');
+		if (isset($tfamember, $tfasecret, $exp, $domain, $path, $preserve) && $preserve && time() < $exp) {
+					setTFACookie(3153600, $user_info['id'], hash_salt($user_settings['tfa_backup'], $salt), true);
+		} else {
+					setTFACookie(-3600, 0, '');
+		}
 	}
 
 	session_destroy();
@@ -704,14 +731,13 @@ 
 	// Off to the merry board index we go!
 	if ($redirect)
 	{
-		if (empty($_SESSION['logout_url']))
-			redirectexit('', $context['server']['needs_login_fix']);
-		elseif (!empty($_SESSION['logout_url']) && (strpos($_SESSION['logout_url'], 'http://') === false && strpos($_SESSION['logout_url'], 'https://') === false))
+		if (empty($_SESSION['logout_url'])) {
+					redirectexit('', $context['server']['needs_login_fix']);
+		} elseif (!empty($_SESSION['logout_url']) && (strpos($_SESSION['logout_url'], 'http://') === false && strpos($_SESSION['logout_url'], 'https://') === false))
 		{
 			unset ($_SESSION['logout_url']);
 			redirectexit();
-		}
-		else
+		} else
 		{
 			$temp = $_SESSION['logout_url'];
 			unset($_SESSION['logout_url']);
@@ -744,8 +770,9 @@ 
 function phpBB3_password_check($passwd, $passwd_hash)
 {
 	// Too long or too short?
-	if (strlen($passwd_hash) != 34)
-		return;
+	if (strlen($passwd_hash) != 34) {
+			return;
+	}
 
 	// Range of characters allowed.
 	$range = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
@@ -756,8 +783,9 @@ 
 	$salt = substr($passwd_hash, 4, 8);
 
 	$hash = md5($salt . $passwd, true);
-	for (; $count != 0; --$count)
-		$hash = md5($hash . $passwd, true);
+	for (; $count != 0; --$count) {
+			$hash = md5($hash . $passwd, true);
+	}
 
 	$output = substr($passwd_hash, 0, 12);
 	$i = 0;
@@ -766,21 +794,25 @@ 
 		$value = ord($hash[$i++]);
 		$output .= $range[$value & 0x3f];
 
-		if ($i < 16)
-			$value |= ord($hash[$i]) << 8;
+		if ($i < 16) {
+					$value |= ord($hash[$i]) << 8;
+		}
 
 		$output .= $range[($value >> 6) & 0x3f];
 
-		if ($i++ >= 16)
-			break;
+		if ($i++ >= 16) {
+					break;
+		}
 
-		if ($i < 16)
-			$value |= ord($hash[$i]) << 16;
+		if ($i < 16) {
+					$value |= ord($hash[$i]) << 16;
+		}
 
 		$output .= $range[($value >> 12) & 0x3f];
 
-		if ($i++ >= 16)
-			break;
+		if ($i++ >= 16) {
+					break;
+		}
 
 		$output .= $range[($value >> 18) & 0x3f];
 	}
@@ -812,8 +844,9 @@ 
 		require_once($sourcedir . '/Subs-Auth.php');
 		setLoginCookie(-3600, 0);
 
-		if (isset($_SESSION['login_' . $cookiename]))
-			unset($_SESSION['login_' . $cookiename]);
+		if (isset($_SESSION['login_' . $cookiename])) {
+					unset($_SESSION['login_' . $cookiename]);
+		}
 	}
 
 	// We need a member!
@@ -827,8 +860,9 @@ 
 	}
 
 	// Right, have we got a flood value?
-	if ($password_flood_value !== false)
-		@list ($time_stamp, $number_tries) = explode('|', $password_flood_value);
+	if ($password_flood_value !== false) {
+			@list ($time_stamp, $number_tries) = explode('|', $password_flood_value);
+	}
 
 	// Timestamp or number of tries invalid?
 	if (empty($number_tries) || empty($time_stamp))
@@ -844,15 +878,17 @@ 
 		$number_tries = $time_stamp < time() - 20 ? 2 : $number_tries;
 
 		// They are trying too fast, make them wait longer
-		if ($time_stamp < time() - 10)
-			$time_stamp = time();
+		if ($time_stamp < time() - 10) {
+					$time_stamp = time();
+		}
 	}
 
 	$number_tries++;
 
 	// Broken the law?
-	if ($number_tries > 5)
-		fatal_lang_error('login_threshold_brute_fail', 'login', [$member_name]);
+	if ($number_tries > 5) {
+			fatal_lang_error('login_threshold_brute_fail', 'login', [$member_name]);
+	}
 
 	// Otherwise set the members data. If they correct on their first attempt then we actually clear it, otherwise we set it!
 	updateMemberData($id_member, array('passwd_flood' => $was_correct && $number_tries == 1 ? '' : $time_stamp . '|' . $number_tries));

Sources/Subs-Auth.php

Braces +168 added lines, -121 removed lines

@@ -13,8 +13,9 @@ 
  * @version 2.1 Beta 4
  */
 
-if (!defined('SMF'))
+if (!defined('SMF')) {
 	die('No direct access...');
+}
 
 /**
  * Sets the SMF-style login cookie and session based on the id_member and password passed.
@@ -45,8 +46,9 @@ 
 	if (isset($_COOKIE[$cookiename]))
 	{
 		// First check for 2.1 json-format cookie
-		if (preg_match('~^{"0":\d+,"1":"[0-9a-f]*","2":\d+,"3":"[^"]+","4":"[^"]+"~', $_COOKIE[$cookiename]) === 1)
-			list(,,, $old_domain, $old_path) = $smcFunc['json_decode']($_COOKIE[$cookiename], true);
+		if (preg_match('~^{"0":\d+,"1":"[0-9a-f]*","2":\d+,"3":"[^"]+","4":"[^"]+"~', $_COOKIE[$cookiename]) === 1) {
+					list(,,, $old_domain, $old_path) = $smcFunc['json_decode']($_COOKIE[$cookiename], true);
+		}
 
 		// Legacy format (for recent 2.0 --> 2.1 upgrades)
 		elseif (preg_match('~^a:[34]:\{i:0;i:\d+;i:1;s:(0|128):"([a-fA-F0-9]{128})?";i:2;[id]:\d+;(i:3;i:\d;)?~', $_COOKIE[$cookiename]) === 1)
@@ -56,15 +58,17 @@ 
 			$cookie_state = (empty($modSettings['localCookies']) ? 0 : 1) | (empty($modSettings['globalCookies']) ? 0 : 2);
 
 			// Maybe we need to temporarily pretend to be using local cookies
-			if ($cookie_state == 0 && $old_state == 1)
-				list($old_domain, $old_path) = url_parts(true, false);
-			else
-				list($old_domain, $old_path) = url_parts($old_state & 1 > 0, $old_state & 2 > 0);
+			if ($cookie_state == 0 && $old_state == 1) {
+							list($old_domain, $old_path) = url_parts(true, false);
+			} else {
+							list($old_domain, $old_path) = url_parts($old_state & 1 > 0, $old_state & 2 > 0);
+			}
 		}
 
 		// Out with the old, in with the new!
-		if (isset($old_domain) && $old_domain != $cookie_url[0] || isset($old_path) && $old_path != $cookie_url[1])
-			smf_setcookie($cookiename, $smcFunc['json_encode'](array(0, '', 0, $old_domain, $old_path), JSON_FORCE_OBJECT), 1, $old_path, $old_domain);
+		if (isset($old_domain) && $old_domain != $cookie_url[0] || isset($old_path) && $old_path != $cookie_url[1]) {
+					smf_setcookie($cookiename, $smcFunc['json_encode'](array(0, '', 0, $old_domain, $old_path), JSON_FORCE_OBJECT), 1, $old_path, $old_domain);
+		}
 	}
 
 	// Get the data and path to set it on.
@@ -80,8 +84,9 @@ 
 	smf_setcookie($cookiename, $data, $expiry_time, $cookie_url[1], $cookie_url[0]);
 
 	// If subdomain-independent cookies are on, unset the subdomain-dependent cookie too.
-	if (empty($id) && !empty($modSettings['globalCookies']))
-		smf_setcookie($cookiename, $data, $expiry_time, $cookie_url[1], '');
+	if (empty($id) && !empty($modSettings['globalCookies'])) {
+			smf_setcookie($cookiename, $data, $expiry_time, $cookie_url[1], '');
+	}
 
 	// Any alias URLs?  This is mainly for use with frames, etc.
 	if (!empty($modSettings['forum_alias_urls']))
@@ -97,8 +102,9 @@ 
 
 			$cookie_url = url_parts(!empty($modSettings['localCookies']), !empty($modSettings['globalCookies']));
 
-			if ($cookie_url[0] == '')
-				$cookie_url[0] = strtok($alias, '/');
+			if ($cookie_url[0] == '') {
+							$cookie_url[0] = strtok($alias, '/');
+			}
 
 			$alias_data = $smcFunc['json_decode']($data);
 			$alias_data[3] = $cookie_url[0];
@@ -149,8 +155,9 @@ 
 	$identifier = $cookiename . '_tfa';
 	$cookie_url = url_parts(!empty($modSettings['localCookies']), !empty($modSettings['globalCookies']));
 
-	if ($preserve)
-		$cookie_length = 81600 * 30;
+	if ($preserve) {
+			$cookie_length = 81600 * 30;
+	}
 
 	// Get the data and path to set it on.
 	$data = $smcFunc['json_encode'](empty($id) ? array(0, '', 0, $cookie_url[0], $cookie_url[1], false) : array($id, $secret, time() + $cookie_length, $cookie_url[0], $cookie_url[1], $preserve), JSON_FORCE_OBJECT);
@@ -159,8 +166,9 @@ 
 	smf_setcookie($identifier, $data, time() + $cookie_length, $cookie_url[1], $cookie_url[0]);
 
 	// If subdomain-independent cookies are on, unset the subdomain-dependent cookie too.
-	if (empty($id) && !empty($modSettings['globalCookies']))
-		smf_setcookie($identifier, $data, time() + $cookie_length, $cookie_url[1], '');
+	if (empty($id) && !empty($modSettings['globalCookies'])) {
+			smf_setcookie($identifier, $data, time() + $cookie_length, $cookie_url[1], '');
+	}
 
 	$_COOKIE[$identifier] = $data;
 }
@@ -182,23 +190,28 @@ 
 	$parsed_url = parse_url($boardurl);
 
 	// Is local cookies off?
-	if (empty($parsed_url['path']) || !$local)
-		$parsed_url['path'] = '';
+	if (empty($parsed_url['path']) || !$local) {
+			$parsed_url['path'] = '';
+	}
 
-	if (!empty($modSettings['globalCookiesDomain']) && strpos($boardurl, $modSettings['globalCookiesDomain']) !== false)
-		$parsed_url['host'] = $modSettings['globalCookiesDomain'];
+	if (!empty($modSettings['globalCookiesDomain']) && strpos($boardurl, $modSettings['globalCookiesDomain']) !== false) {
+			$parsed_url['host'] = $modSettings['globalCookiesDomain'];
+	}
 
 	// Globalize cookies across domains (filter out IP-addresses)?
-	elseif ($global && preg_match('~^\d{1,3}(\.\d{1,3}){3}$~', $parsed_url['host']) == 0 && preg_match('~(?:[^\.]+\.)?([^\.]{2,}\..+)\z~i', $parsed_url['host'], $parts) == 1)
-		$parsed_url['host'] = '.' . $parts[1];
+	elseif ($global && preg_match('~^\d{1,3}(\.\d{1,3}){3}$~', $parsed_url['host']) == 0 && preg_match('~(?:[^\.]+\.)?([^\.]{2,}\..+)\z~i', $parsed_url['host'], $parts) == 1) {
+			$parsed_url['host'] = '.' . $parts[1];
+	}
 
 	// We shouldn't use a host at all if both options are off.
-	elseif (!$local && !$global)
-		$parsed_url['host'] = '';
+	elseif (!$local && !$global) {
+			$parsed_url['host'] = '';
+	}
 
 	// The host also shouldn't be set if there aren't any dots in it.
-	elseif (!isset($parsed_url['host']) || strpos($parsed_url['host'], '.') === false)
-		$parsed_url['host'] = '';
+	elseif (!isset($parsed_url['host']) || strpos($parsed_url['host'], '.') === false) {
+			$parsed_url['host'] = '';
+	}
 
 	return array($parsed_url['host'], $parsed_url['path'] . '/');
 }
@@ -217,8 +230,9 @@ 
 	createToken('login');
 
 	// Never redirect to an attachment
-	if (strpos($_SERVER['REQUEST_URL'], 'dlattach') === false)
-		$_SESSION['login_url'] = $_SERVER['REQUEST_URL'];
+	if (strpos($_SERVER['REQUEST_URL'], 'dlattach') === false) {
+			$_SESSION['login_url'] = $_SERVER['REQUEST_URL'];
+	}
 
 	$context['sub_template'] = 'kick_guest';
 	$context['page_title'] = $txt['login'];
@@ -273,10 +287,12 @@ 
 		$txt['security_wrong'] = sprintf($txt['security_wrong'], isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : $txt['unknown'], $_SERVER['HTTP_USER_AGENT'], $user_info['ip']);
 		log_error($txt['security_wrong'], 'critical');
 
-		if (isset($_POST[$type . '_hash_pass']))
-			unset($_POST[$type . '_hash_pass']);
-		if (isset($_POST[$type . '_pass']))
-			unset($_POST[$type . '_pass']);
+		if (isset($_POST[$type . '_hash_pass'])) {
+					unset($_POST[$type . '_hash_pass']);
+		}
+		if (isset($_POST[$type . '_pass'])) {
+					unset($_POST[$type . '_pass']);
+		}
 
 		$context['incorrect_password'] = true;
 	}
@@ -289,15 +305,17 @@ 
 
 	// Now go through $_POST.  Make sure the session hash is sent.
 	$_POST[$context['session_var']] = $context['session_id'];
-	foreach ($_POST as $k => $v)
-		$context['post_data'] .= adminLogin_outputPostVars($k, $v);
+	foreach ($_POST as $k => $v) {
+			$context['post_data'] .= adminLogin_outputPostVars($k, $v);
+	}
 
 	// Now we'll use the admin_login sub template of the Login template.
 	$context['sub_template'] = 'admin_login';
 
 	// And title the page something like "Login".
-	if (!isset($context['page_title']))
-		$context['page_title'] = $txt['login'];
+	if (!isset($context['page_title'])) {
+			$context['page_title'] = $txt['login'];
+	}
 
 	// The type of action.
 	$context['sessionCheckType'] = $type;
@@ -320,14 +338,15 @@ 
 {
 	global $smcFunc;
 
-	if (!is_array($v))
-		return '
+	if (!is_array($v)) {
+			return '
 <input type="hidden" name="' . $smcFunc['htmlspecialchars']($k) . '" value="' . strtr($v, array('"' => '&quot;', '<' => '&lt;', '>' => '&gt;')) . '">';
-	else
+	} else
 	{
 		$ret = '';
-		foreach ($v as $k2 => $v2)
-			$ret .= adminLogin_outputPostVars($k . '[' . $k2 . ']', $v2);
+		foreach ($v as $k2 => $v2) {
+					$ret .= adminLogin_outputPostVars($k . '[' . $k2 . ']', $v2);
+		}
 
 		return $ret;
 	}
@@ -354,18 +373,20 @@ 
 		foreach ($get as $k => $v)
 		{
 			// Only if it's not already in the $scripturl!
-			if (!isset($temp[$k]))
-				$query_string .= urlencode($k) . '=' . urlencode($v) . ';';
+			if (!isset($temp[$k])) {
+							$query_string .= urlencode($k) . '=' . urlencode($v) . ';';
+			}
 			// If it changed, put it out there, but with an ampersand.
-			elseif ($temp[$k] != $get[$k])
-				$query_string .= urlencode($k) . '=' . urlencode($v) . '&amp;';
+			elseif ($temp[$k] != $get[$k]) {
+							$query_string .= urlencode($k) . '=' . urlencode($v) . '&amp;';
+			}
 		}
-	}
-	else
+	} else
 	{
 		// Add up all the data from $_GET into get_data.
-		foreach ($get as $k => $v)
-			$query_string .= urlencode($k) . '=' . urlencode($v) . ';';
+		foreach ($get as $k => $v) {
+					$query_string .= urlencode($k) . '=' . urlencode($v) . ';';
+		}
 	}
 
 	$query_string = substr($query_string, 0, -1);
@@ -388,8 +409,9 @@ 
 	global $scripturl, $user_info, $smcFunc;
 
 	// If it's not already an array, make it one.
-	if (!is_array($names))
-		$names = explode(',', $names);
+	if (!is_array($names)) {
+			$names = explode(',', $names);
+	}
 
 	$maybe_email = false;
 	foreach ($names as $i => $name)
@@ -400,10 +422,11 @@ 
 		$maybe_email |= strpos($name, '@') !== false;
 
 		// Make it so standard wildcards will work. (* and ?)
-		if ($use_wildcards)
-			$names[$i] = strtr($names[$i], array('%' => '\%', '_' => '\_', '*' => '%', '?' => '_', '\'' => '&#039;'));
-		else
-			$names[$i] = strtr($names[$i], array('\'' => '&#039;'));
+		if ($use_wildcards) {
+					$names[$i] = strtr($names[$i], array('%' => '\%', '_' => '\_', '*' => '%', '?' => '_', '\'' => '&#039;'));
+		} else {
+					$names[$i] = strtr($names[$i], array('\'' => '&#039;'));
+		}
 	}
 
 	// What are we using to compare?
@@ -413,11 +436,12 @@ 
 	$results = array();
 
 	// This ensures you can't search someones email address if you can't see it.
-	if (($use_wildcards || $maybe_email) && allowedTo('moderate_forum'))
-		$email_condition = '
+	if (($use_wildcards || $maybe_email) && allowedTo('moderate_forum')) {
+			$email_condition = '
 			OR (email_address ' . $comparison . ' \'' . implode('\') OR (email_address ' . $comparison . ' \'', $names) . '\')';
-	else
-		$email_condition = '';
+	} else {
+			$email_condition = '';
+	}
 
 	// Get the case of the columns right - but only if we need to as things like MySQL will go slow needlessly otherwise.
 	$member_name = $smcFunc['db_case_sensitive'] ? 'LOWER(member_name)' : 'member_name';
@@ -475,10 +499,11 @@ 
 	$context['template_layers'] = array();
 	$context['sub_template'] = 'find_members';
 
-	if (isset($_REQUEST['search']))
-		$context['last_search'] = $smcFunc['htmlspecialchars']($_REQUEST['search'], ENT_QUOTES);
-	else
-		$_REQUEST['start'] = 0;
+	if (isset($_REQUEST['search'])) {
+			$context['last_search'] = $smcFunc['htmlspecialchars']($_REQUEST['search'], ENT_QUOTES);
+	} else {
+			$_REQUEST['start'] = 0;
+	}
 
 	// Allow the user to pass the input to be added to to the box.
 	$context['input_box_name'] = isset($_REQUEST['input']) && preg_match('~^[\w-]+$~', $_REQUEST['input']) === 1 ? $_REQUEST['input'] : 'to';
@@ -519,10 +544,10 @@ 
 		);
 
 		$context['results'] = array_slice($context['results'], $_REQUEST['start'], 7);
+	} else {
+			$context['links']['up'] = $scripturl . '?action=pm;sa=send' . (empty($_REQUEST['u']) ? '' : ';u=' . $_REQUEST['u']);
+	}
 	}
-	else
-		$context['links']['up'] = $scripturl . '?action=pm;sa=send' . (empty($_REQUEST['u']) ? '' : ';u=' . $_REQUEST['u']);
-}
 
 /**
  * Outputs each member name on its own line.
@@ -538,8 +563,9 @@ 
 	$_REQUEST['search'] = trim($smcFunc['strtolower']($_REQUEST['search']));
 	$_REQUEST['search'] = strtr($_REQUEST['search'], array('%' => '\%', '_' => '\_', '*' => '%', '?' => '_', '&#038;' => '&amp;'));
 
-	if (function_exists('iconv'))
-		header('Content-Type: text/plain; charset=UTF-8');
+	if (function_exists('iconv')) {
+			header('Content-Type: text/plain; charset=UTF-8');
+	}
 
 	$request = $smcFunc['db_query']('', '
 		SELECT real_name
@@ -559,14 +585,16 @@ 
 		if (function_exists('iconv'))
 		{
 			$utf8 = iconv($txt['lang_character_set'], 'UTF-8', $row['real_name']);
-			if ($utf8)
-				$row['real_name'] = $utf8;
+			if ($utf8) {
+							$row['real_name'] = $utf8;
+			}
 		}
 
 		$row['real_name'] = strtr($row['real_name'], array('&amp;' => '&#038;', '&lt;' => '&#060;', '&gt;' => '&#062;', '&quot;' => '&#034;'));
 
-		if (preg_match('~&#\d+;~', $row['real_name']) != 0)
-			$row['real_name'] = preg_replace_callback('~&#(\d+);~', 'fixchar__callback', $row['real_name']);
+		if (preg_match('~&#\d+;~', $row['real_name']) != 0) {
+					$row['real_name'] = preg_replace_callback('~&#(\d+);~', 'fixchar__callback', $row['real_name']);
+		}
 
 		echo $row['real_name'], "\n";
 	}
@@ -623,9 +651,9 @@ 
 
 		// Update the database...
 		updateMemberData($memID, array('member_name' => $user, 'passwd' => $newPassword_sha1));
+	} else {
+			updateMemberData($memID, array('passwd' => $newPassword_sha1));
 	}
-	else
-		updateMemberData($memID, array('passwd' => $newPassword_sha1));
 
 	call_integration_hook('integrate_reset_pass', array($old_user, $user, $newPassword));
 
@@ -656,31 +684,37 @@ 
 	$errors = array();
 
 	// Don't use too long a name.
-	if ($smcFunc['strlen']($username) > 25)
-		$errors[] = array('lang', 'error_long_name');
+	if ($smcFunc['strlen']($username) > 25) {
+			$errors[] = array('lang', 'error_long_name');
+	}
 
 	// No name?!  How can you register with no name?
-	if ($username == '')
-		$errors[] = array('lang', 'need_username');
+	if ($username == '') {
+			$errors[] = array('lang', 'need_username');
+	}
 
 	// Only these characters are permitted.
-	if (in_array($username, array('_', '|')) || preg_match('~[<>&"\'=\\\\]~', preg_replace('~&#(?:\\d{1,7}|x[0-9a-fA-F]{1,6});~', '', $username)) != 0 || strpos($username, '[code') !== false || strpos($username, '[/code') !== false)
-		$errors[] = array('lang', 'error_invalid_characters_username');
+	if (in_array($username, array('_', '|')) || preg_match('~[<>&"\'=\\\\]~', preg_replace('~&#(?:\\d{1,7}|x[0-9a-fA-F]{1,6});~', '', $username)) != 0 || strpos($username, '[code') !== false || strpos($username, '[/code') !== false) {
+			$errors[] = array('lang', 'error_invalid_characters_username');
+	}
 
-	if (stristr($username, $txt['guest_title']) !== false)
-		$errors[] = array('lang', 'username_reserved', 'general', array($txt['guest_title']));
+	if (stristr($username, $txt['guest_title']) !== false) {
+			$errors[] = array('lang', 'username_reserved', 'general', array($txt['guest_title']));
+	}
 
 	if ($check_reserved_name)
 	{
 		require_once($sourcedir . '/Subs-Members.php');
-		if (isReservedName($username, $memID, false))
-			$errors[] = array('done', '(' . $smcFunc['htmlspecialchars']($username) . ') ' . $txt['name_in_use']);
+		if (isReservedName($username, $memID, false)) {
+					$errors[] = array('done', '(' . $smcFunc['htmlspecialchars']($username) . ') ' . $txt['name_in_use']);
+		}
 	}
 
-	if ($return_error)
-		return $errors;
-	elseif (empty($errors))
-		return null;
+	if ($return_error) {
+			return $errors;
+	} elseif (empty($errors)) {
+			return null;
+	}
 
 	loadLanguage('Errors');
 	$error = $errors[0];
@@ -706,22 +740,26 @@ 
 	global $modSettings, $smcFunc;
 
 	// Perform basic requirements first.
-	if ($smcFunc['strlen']($password) < (empty($modSettings['password_strength']) ? 4 : 8))
-		return 'short';
+	if ($smcFunc['strlen']($password) < (empty($modSettings['password_strength']) ? 4 : 8)) {
+			return 'short';
+	}
 
 	// Is this enough?
-	if (empty($modSettings['password_strength']))
-		return null;
+	if (empty($modSettings['password_strength'])) {
+			return null;
+	}
 
 	// Otherwise, perform the medium strength test - checking if password appears in the restricted string.
-	if (preg_match('~\b' . preg_quote($password, '~') . '\b~', implode(' ', $restrict_in)) != 0)
-		return 'restricted_words';
-	elseif ($smcFunc['strpos']($password, $username) !== false)
-		return 'restricted_words';
+	if (preg_match('~\b' . preg_quote($password, '~') . '\b~', implode(' ', $restrict_in)) != 0) {
+			return 'restricted_words';
+	} elseif ($smcFunc['strpos']($password, $username) !== false) {
+			return 'restricted_words';
+	}
 
 	// If just medium, we're done.
-	if ($modSettings['password_strength'] == 1)
-		return null;
+	if ($modSettings['password_strength'] == 1) {
+			return null;
+	}
 
 	// Otherwise, hard test next, check for numbers and letters, uppercase too.
 	$good = preg_match('~(\D\d|\d\D)~', $password) != 0;
@@ -753,14 +791,16 @@ 
 			)
 		);
 		$groups = array();
-		while ($row = $smcFunc['db_fetch_assoc']($request))
-			$groups[] = $row['id_group'];
+		while ($row = $smcFunc['db_fetch_assoc']($request)) {
+					$groups[] = $row['id_group'];
+		}
 		$smcFunc['db_free_result']($request);
 
-		if (empty($groups))
-			$group_query = '0=1';
-		else
-			$group_query = 'id_group IN (' . implode(',', $groups) . ')';
+		if (empty($groups)) {
+					$group_query = '0=1';
+		} else {
+					$group_query = 'id_group IN (' . implode(',', $groups) . ')';
+		}
 	}
 
 	// Then, same again, just the boards this time!
@@ -770,10 +810,11 @@ 
 	{
 		$boards = boardsAllowedTo('moderate_board', true);
 
-		if (empty($boards))
-			$board_query = '0=1';
-		else
-			$board_query = 'id_board IN (' . implode(',', $boards) . ')';
+		if (empty($boards)) {
+					$board_query = '0=1';
+		} else {
+					$board_query = 'id_board IN (' . implode(',', $boards) . ')';
+		}
 	}
 
 	// What boards are they the moderator of?
@@ -788,8 +829,9 @@ 
 				'current_member' => $user_info['id'],
 			)
 		);
-		while ($row = $smcFunc['db_fetch_assoc']($request))
-			$boards_mod[] = $row['id_board'];
+		while ($row = $smcFunc['db_fetch_assoc']($request)) {
+					$boards_mod[] = $row['id_board'];
+		}
 		$smcFunc['db_free_result']($request);
 
 		// Can any of the groups they're in moderate any of the boards?
@@ -801,8 +843,9 @@ 
 				'groups' => $user_info['groups'],
 			)
 		);
-		while ($row = $smcFunc['db_fetch_assoc']($request))
-			$boards_mod[] = $row['id_board'];
+		while ($row = $smcFunc['db_fetch_assoc']($request)) {
+					$boards_mod[] = $row['id_board'];
+		}
 		$smcFunc['db_free_result']($request);
 
 		// Just in case we've got duplicates here...
@@ -847,10 +890,12 @@ 
 	global $modSettings;
 
 	// In case a customization wants to override the default settings
-	if ($httponly === null)
-		$httponly = !empty($modSettings['httponlyCookies']);
-	if ($secure === null)
-		$secure = !empty($modSettings['secureCookies']);
+	if ($httponly === null) {
+			$httponly = !empty($modSettings['httponlyCookies']);
+	}
+	if ($secure === null) {
+			$secure = !empty($modSettings['secureCookies']);
+	}
 
 	// Intercept cookie?
 	call_integration_hook('integrate_cookie', array($name, $value, $expire, $path, $domain, $secure, $httponly));
@@ -870,8 +915,9 @@ 
 function hash_password($username, $password, $cost = null)
 {
 	global $sourcedir, $smcFunc, $modSettings;
-	if (!function_exists('password_hash'))
-		require_once($sourcedir . '/Subs-Password.php');
+	if (!function_exists('password_hash')) {
+			require_once($sourcedir . '/Subs-Password.php');
+	}
 
 	$cost = empty($cost) ? (empty($modSettings['bcrypt_hash_cost']) ? 10 : $modSettings['bcrypt_hash_cost']) : $cost;
 
@@ -903,8 +949,9 @@ 
 function hash_verify_password($username, $password, $hash)
 {
 	global $sourcedir, $smcFunc;
-	if (!function_exists('password_verify'))
-		require_once($sourcedir . '/Subs-Password.php');
+	if (!function_exists('password_verify')) {
+			require_once($sourcedir . '/Subs-Password.php');
+	}
 
 	return password_verify($smcFunc['strtolower']($username) . $password, $hash);
 }