SimpleMachines / SMF2.1

cron.php

Braces +36 added lines, -28 removed lines

@@ -41,37 +41,43 @@ 
 define('TIME_START', microtime(true));
 
 // Just being safe...
-foreach (array('db_character_set', 'cachedir') as $variable)
+foreach (array('db_character_set', 'cachedir') as $variable) {
 	if (isset($GLOBALS[$variable]))
 		unset($GLOBALS[$variable]);
+}
 
 // Get the forum's settings for database and file paths.
 require_once(dirname(__FILE__) . '/Settings.php');
 
 // Make absolutely sure the cache directory is defined.
-if ((empty($cachedir) || !file_exists($cachedir)) && file_exists($boarddir . '/cache'))
+if ((empty($cachedir) || !file_exists($cachedir)) && file_exists($boarddir . '/cache')) {
 	$cachedir = $boarddir . '/cache';
+}
 
 // Don't do john didley if the forum's been shut down competely.
-if ($maintenance == 2)
+if ($maintenance == 2) {
 	die($mmessage);
+}
 
 // Fix for using the current directory as a path.
-if (substr($sourcedir, 0, 1) == '.' && substr($sourcedir, 1, 1) != '.')
+if (substr($sourcedir, 0, 1) == '.' && substr($sourcedir, 1, 1) != '.') {
 	$sourcedir = dirname(__FILE__) . substr($sourcedir, 1);
+}
 
 // Have we already turned this off? If so, exist gracefully.
-if (file_exists($cachedir . '/cron.lock'))
+if (file_exists($cachedir . '/cron.lock')) {
 	obExit_cron();
+}
 
 // Before we go any further, if this is not a CLI request, we need to do some checking.
 if (!FROM_CLI)
 {
 	// We will clean up $_GET shortly. But we want to this ASAP.
 	$ts = isset($_GET['ts']) ? (int) $_GET['ts'] : 0;
-	if ($ts <= 0 || $ts % 15 != 0 || time() - $ts < 0 || time() - $ts > 20)
-		obExit_cron();
-}
+	if ($ts <= 0 || $ts % 15 != 0 || time() - $ts < 0 || time() - $ts > 20) {
+			obExit_cron();
+	}
+	}
 
 // Load the most important includes. In general, a background should be loading its own dependencies.
 require_once($sourcedir . '/Errors.php');
@@ -123,8 +129,9 @@ 
 	global $smcFunc;
 
 	// Check we haven't run over our time limit.
-	if (microtime(true) - TIME_START > MAX_CRON_TIME)
-		return false;
+	if (microtime(true) - TIME_START > MAX_CRON_TIME) {
+			return false;
+	}
 
 	// Try to find a task. Specifically, try to find one that hasn't been claimed previously, or failing that,
 	// a task that was claimed but failed for whatever reason and failed long enough ago. We should not care
@@ -159,14 +166,12 @@ 
 			// Update the time and go back.
 			$row['claimed_time'] = time();
 			return $row;
-		}
-		else
+		} else
 		{
 			// Uh oh, we just missed it. Try to claim another one, and let it fall through if there aren't any.
 			return fetch_task();
 		}
-	}
-	else
+	} else
 	{
 		// No dice. Clean up and go home.
 		$smcFunc['db_free_result']($request);
@@ -187,8 +192,9 @@ 
 	if (!empty($task_details['task_file']))
 	{
 		$include = strtr(trim($task_details['task_file']), array('$boarddir' => $boarddir, '$sourcedir' => $sourcedir));
-		if (file_exists($include))
-			require_once($include);
+		if (file_exists($include)) {
+					require_once($include);
+		}
 	}
 
 	if (empty($task_details['task_class']))
@@ -204,8 +210,7 @@ 
 		$details = empty($task_details['task_data']) ? array() : $smcFunc['json_decode']($task_details['task_data'], true);
 		$bgtask = new $task_details['task_class']($details);
 		return $bgtask->execute();
-	}
-	else
+	} else
 	{
 		log_error('Invalid background task specified: (class: ' . $task_details['task_class'] . ', ' . (empty($task_details['task_file']) ? ' no file' : ' to load ' . $task_details['task_file']) . ')');
 		return true; // So we clear it from the queue.
@@ -224,8 +229,9 @@ 
 	$scripturl = $boardurl . '/index.php';
 
 	// These keys shouldn't be set...ever.
-	if (isset($_REQUEST['GLOBALS']) || isset($_COOKIE['GLOBALS']))
-		die('Invalid request variable.');
+	if (isset($_REQUEST['GLOBALS']) || isset($_COOKIE['GLOBALS'])) {
+			die('Invalid request variable.');
+	}
 
 	// Save some memory.. (since we don't use these anyway.)
 	unset($GLOBALS['HTTP_POST_VARS'], $GLOBALS['HTTP_POST_VARS']);
@@ -246,26 +252,28 @@ 
 	global $modSettings;
 
 	// Ignore errors if we're ignoring them or they are strict notices from PHP 5
-	if (error_reporting() == 0)
-		return;
+	if (error_reporting() == 0) {
+			return;
+	}
 
 	$error_type = 'cron';
 
 	log_error($error_level . ': ' . $error_string, $error_type, $file, $line);
 
 	// If this is an E_ERROR or E_USER_ERROR.... die.  Violently so.
-	if ($error_level % 255 == E_ERROR)
-		die('No direct access...');
-}
+	if ($error_level % 255 == E_ERROR) {
+			die('No direct access...');
+	}
+	}
 
 /**
  * The exit function
  */
 function obExit_cron()
 {
-	if (FROM_CLI)
-		die(0);
-	else
+	if (FROM_CLI) {
+			die(0);
+	} else
 	{
 		header('content-type: image/gif');
 		die("\x47\x49\x46\x38\x39\x61\x01\x00\x01\x00\x80\x00\x00\x00\x00\x00\x00\x00\x00\x21\xF9\x04\x01\x00\x00\x00\x00\x2C\x00\x00\x00\x00\x01\x00\x01\x00\x00\x02\x02\x44\x01\x00\x3B");

Sources/ShowAttachments.php

Braces +59 added lines, -52 removed lines

@@ -13,8 +13,9 @@ 
  * @version 2.1 Beta 4
  */
 
-if (!defined('SMF'))
+if (!defined('SMF')) {
 	die('No direct access...');
+}
 
 /**
  * Downloads an avatar or attachment based on $_GET['attach'], and increments the download count.
@@ -40,11 +41,11 @@ 
 
 	if (!empty($modSettings['enableCompressedOutput']) && !headers_sent() && ob_get_length() == 0)
 	{
-		if (@ini_get('zlib.output_compression') == '1' || @ini_get('output_handler') == 'ob_gzhandler')
-			$modSettings['enableCompressedOutput'] = 0;
-
-		else
-			ob_start('ob_gzhandler');
+		if (@ini_get('zlib.output_compression') == '1' || @ini_get('output_handler') == 'ob_gzhandler') {
+					$modSettings['enableCompressedOutput'] = 0;
+		} else {
+					ob_start('ob_gzhandler');
+		}
 	}
 
 	if (empty($modSettings['enableCompressedOutput']))
@@ -76,8 +77,9 @@ 
 	}
 
 	// Use cache when possible.
-	if (($cache = cache_get_data('attachment_lookup_id-' . $attachId)) != null)
-		list($file, $thumbFile) = $cache;
+	if (($cache = cache_get_data('attachment_lookup_id-' . $attachId)) != null) {
+			list($file, $thumbFile) = $cache;
+	}
 
 	// Get the info from the DB.
 	if (empty($file) || empty($thumbFile) && !empty($file['id_thumb']))
@@ -85,10 +87,9 @@ 
 		// Do we have a hook wanting to use our attachment system? We use $attachRequest to prevent accidental usage of $request.
 		$attachRequest = null;
 		call_integration_hook('integrate_download_request', array(&$attachRequest));
-		if (!is_null($attachRequest) && $smcFunc['db_is_resource']($attachRequest))
-			$request = $attachRequest;
-
-		else
+		if (!is_null($attachRequest) && $smcFunc['db_is_resource']($attachRequest)) {
+					$request = $attachRequest;
+		} else
 		{
 			// Make sure this attachment is on this board and load its info while we are at it.
 			$request = $smcFunc['db_query']('', '
@@ -181,13 +182,15 @@ 
 		}
 
 		// Cache it.
-		if (!empty($file) || !empty($thumbFile))
-			cache_put_data('attachment_lookup_id-' . $file['id_attach'], array($file, $thumbFile), mt_rand(850, 900));
+		if (!empty($file) || !empty($thumbFile)) {
+					cache_put_data('attachment_lookup_id-' . $file['id_attach'], array($file, $thumbFile), mt_rand(850, 900));
+		}
 	}
 
 	// Replace the normal file with its thumbnail if it has one!
-	if (!empty($showThumb) && !empty($thumbFile))
-		$file = $thumbFile;
+	if (!empty($showThumb) && !empty($thumbFile)) {
+			$file = $thumbFile;
+	}
 
 	// No point in a nicer message, because this is supposed to be an attachment anyway...
 	if (!file_exists($file['filePath']))
@@ -237,8 +240,8 @@ 
 	}
 
 	// Update the download counter (unless it's a thumbnail or resuming an incomplete download).
-	if ($file['attachment_type'] != 3 && empty($showThumb) && $range === 0)
-		$smcFunc['db_query']('', '
+	if ($file['attachment_type'] != 3 && empty($showThumb) && $range === 0) {
+			$smcFunc['db_query']('', '
 			UPDATE {db_prefix}attachments
 			SET downloads = downloads + 1
 			WHERE id_attach = {int:id_attach}',
@@ -246,12 +249,14 @@ 
 				'id_attach' => $attachId,
 			)
 		);
+	}
 
 	// Send the attachment headers.
 	header('pragma: ');
 
-	if (!isBrowser('gecko'))
-		header('content-transfer-encoding: binary');
+	if (!isBrowser('gecko')) {
+			header('content-transfer-encoding: binary');
+	}
 
 	header('expires: ' . gmdate('D, d M Y H:i:s', time() + 525600 * 60) . ' GMT');
 	header('last-modified: ' . gmdate('D, d M Y H:i:s', filemtime($file['filePath'])) . ' GMT');
@@ -260,18 +265,19 @@ 
 	header('etag: ' . $eTag);
 
 	// Make sure the mime type warrants an inline display.
-	if (isset($_REQUEST['image']) && !empty($file['mime_type']) && strpos($file['mime_type'], 'image/') !== 0)
-		unset($_REQUEST['image']);
+	if (isset($_REQUEST['image']) && !empty($file['mime_type']) && strpos($file['mime_type'], 'image/') !== 0) {
+			unset($_REQUEST['image']);
+	}
 
 	// Does this have a mime type?
-	elseif (!empty($file['mime_type']) && (isset($_REQUEST['image']) || !in_array($file['fileext'], array('jpg', 'gif', 'jpeg', 'x-ms-bmp', 'png', 'psd', 'tiff', 'iff'))))
-		header('content-type: ' . strtr($file['mime_type'], array('image/bmp' => 'image/x-ms-bmp')));
-
-	else
+	elseif (!empty($file['mime_type']) && (isset($_REQUEST['image']) || !in_array($file['fileext'], array('jpg', 'gif', 'jpeg', 'x-ms-bmp', 'png', 'psd', 'tiff', 'iff')))) {
+			header('content-type: ' . strtr($file['mime_type'], array('image/bmp' => 'image/x-ms-bmp')));
+	} else
 	{
 		header('content-type: ' . (isBrowser('ie') || isBrowser('opera') ? 'application/octetstream' : 'application/octet-stream'));
-		if (isset($_REQUEST['image']))
-			unset($_REQUEST['image']);
+		if (isset($_REQUEST['image'])) {
+					unset($_REQUEST['image']);
+		}
 	}
 
 	// Convert the file to UTF-8, cuz most browsers dig that.
@@ -279,24 +285,22 @@ 
 	$disposition = !isset($_REQUEST['image']) ? 'attachment' : 'inline';
 
 	// Different browsers like different standards...
-	if (isBrowser('firefox'))
-		header('content-disposition: ' . $disposition . '; filename*=UTF-8\'\'' . rawurlencode(preg_replace_callback('~&#(\d{3,8});~', 'fixchar__callback', $utf8name)));
-
-	elseif (isBrowser('opera'))
-		header('content-disposition: ' . $disposition . '; filename="' . preg_replace_callback('~&#(\d{3,8});~', 'fixchar__callback', $utf8name) . '"');
-
-	elseif (isBrowser('ie'))
-		header('content-disposition: ' . $disposition . '; filename="' . urlencode(preg_replace_callback('~&#(\d{3,8});~', 'fixchar__callback', $utf8name)) . '"');
-
-	else
-		header('content-disposition: ' . $disposition . '; filename="' . $utf8name . '"');
+	if (isBrowser('firefox')) {
+			header('content-disposition: ' . $disposition . '; filename*=UTF-8\'\'' . rawurlencode(preg_replace_callback('~&#(\d{3,8});~', 'fixchar__callback', $utf8name)));
+	} elseif (isBrowser('opera')) {
+			header('content-disposition: ' . $disposition . '; filename="' . preg_replace_callback('~&#(\d{3,8});~', 'fixchar__callback', $utf8name) . '"');
+	} elseif (isBrowser('ie')) {
+			header('content-disposition: ' . $disposition . '; filename="' . urlencode(preg_replace_callback('~&#(\d{3,8});~', 'fixchar__callback', $utf8name)) . '"');
+	} else {
+			header('content-disposition: ' . $disposition . '; filename="' . $utf8name . '"');
+	}
 
 	// If this has an "image extension" - but isn't actually an image - then ensure it isn't cached cause of silly IE.
-	if (!isset($_REQUEST['image']) && in_array($file['fileext'], array('gif', 'jpg', 'bmp', 'png', 'jpeg', 'tiff')))
-		header('cache-control: no-cache');
-
-	else
-		header('cache-control: max-age=' . (525600 * 60) . ', private');
+	if (!isset($_REQUEST['image']) && in_array($file['fileext'], array('gif', 'jpg', 'bmp', 'png', 'jpeg', 'tiff'))) {
+			header('cache-control: no-cache');
+	} else {
+			header('cache-control: max-age=' . (525600 * 60) . ', private');
+	}
 
 	// Multipart and resuming support
 	if (isset($_SERVER['HTTP_RANGE']))
@@ -304,9 +308,9 @@ 
 		header("HTTP/1.1 206 Partial Content");
 		header("content-length: $new_length");
 		header("content-range: bytes $range-$range_end/$size");
+	} else {
+			header("content-length: " . $size);
 	}
-	else
-		header("content-length: " . $size);
 
 
 	// Try to buy some time...
@@ -315,8 +319,9 @@ 
 	// For multipart/resumable downloads, send the requested chunk(s) of the file
 	if (isset($_SERVER['HTTP_RANGE']))
 	{
-		while (@ob_get_level() > 0)
-			@ob_end_clean();
+		while (@ob_get_level() > 0) {
+					@ob_end_clean();
+		}
 
 		// 40 kilobytes is a good-ish amount
 		$chunksize = 40 * 1024;
@@ -340,8 +345,9 @@ 
 	elseif ($size > 4194304)
 	{
 		// Forcibly end any output buffering going on.
-		while (@ob_get_level() > 0)
-			@ob_end_clean();
+		while (@ob_get_level() > 0) {
+					@ob_end_clean();
+		}
 
 		$fp = fopen($file['filePath'], 'rb');
 		while (!feof($fp))
@@ -353,8 +359,9 @@ 
 	}
 
 	// On some of the less-bright hosts, readfile() is disabled.  It's just a faster, more byte safe, version of what's in the if.
-	elseif (@readfile($file['filePath']) === null)
-		echo file_get_contents($file['filePath']);
+	elseif (@readfile($file['filePath']) === null) {
+			echo file_get_contents($file['filePath']);
+	}
 
 	die();
 }

Sources/Attachments.php

Spacing +3 added lines, -3 removed lines

@@ -76,7 +76,7 @@ 
 		// Just send a generic message.
 		else
 			$this->setResponse(array(
-				'text' => $this->_sa == 'add' ? 'attach_error_title' :   'attached_file_deleted_error',
+				'text' => $this->_sa == 'add' ? 'attach_error_title' : 'attached_file_deleted_error',
 				'type' => 'error',
 				'data' => false,
 			));
@@ -410,7 +410,7 @@ 
 			// Gotta urlencode the filename.
 			if ($this->_attachResults)
 				foreach ($this->_attachResults as $k => $v)
-					$this->_attachResults[$k]['name'] =  urlencode($this->_attachResults[$k]['name']);
+					$this->_attachResults[$k]['name'] = urlencode($this->_attachResults[$k]['name']);
 
 			$this->_response = array(
 				'files' => $this->_attachResults ? $this->_attachResults : false,
@@ -437,7 +437,7 @@ 
 			ob_start();
 
 		// Set the header.
-		header('content-type: application/json; charset='. $context['character_set'] .'');
+		header('content-type: application/json; charset=' . $context['character_set'] . '');
 
 		echo $smcFunc['json_encode']($this->_response ? $this->_response : array());
 

Braces +102 added lines, -75 removed lines

@@ -13,8 +13,9 @@ 
  * @version 2.1 Beta 4
  */
 
-if (!defined('SMF'))
+if (!defined('SMF')) {
 	die('No direct access...');
+}
 
 class Attachments
 {
@@ -70,16 +71,18 @@ 
 
 		$this->_sa = !empty($_REQUEST['sa']) ? $smcFunc['htmlspecialchars']($smcFunc['htmltrim']($_REQUEST['sa'])) : false;
 
-		if ($this->_canPostAttachment && $this->_sa && in_array($this->_sa, $this->_subActions))
-			$this->{$this->_sa}();
+		if ($this->_canPostAttachment && $this->_sa && in_array($this->_sa, $this->_subActions)) {
+					$this->{$this->_sa}();
+		}
 
 		// Just send a generic message.
-		else
-			$this->setResponse(array(
+		else {
+					$this->setResponse(array(
 				'text' => $this->_sa == 'add' ? 'attach_error_title' :   'attached_file_deleted_error',
 				'type' => 'error',
 				'data' => false,
 			));
+		}
 
 		// Back to the future, oh, to the browser!
 		$this->sendResponse();
@@ -95,12 +98,13 @@ 
 		$attachID = !empty($_REQUEST['attach']) && is_numeric($_REQUEST['attach']) ? (int) $_REQUEST['attach'] : 0;
 
 		// Need something to work with.
-		if (!$attachID || (!empty($_SESSION['already_attached']) && !isset($_SESSION['already_attached'][$attachID])))
-			return $this->setResponse(array(
+		if (!$attachID || (!empty($_SESSION['already_attached']) && !isset($_SESSION['already_attached'][$attachID]))) {
+					return $this->setResponse(array(
 				'text' => 'attached_file_deleted_error',
 				'type' => 'error',
 				'data' => false,
 			));
+		}
 
 		// Lets pass some params and see what happens :P
 		$affectedMessage = removeAttachments(array('id_attach' => $attachID), '', true, true);
@@ -119,19 +123,21 @@ 
 	public function add()
 	{
 		// You gotta be able to post attachments.
-		if (!$this->_canPostAttachment)
-			return $this->setResponse(array(
+		if (!$this->_canPostAttachment) {
+					return $this->setResponse(array(
 				'text' => 'attached_file_cannot',
 				'type' => 'error',
 				'data' => false,
 			));
+		}
 
 		// Process them at once!
 		$this->processAttachments();
 
 		// The attachments was created and moved the the right folder, time to update the DB.
-		if (!empty($_SESSION['temp_attachments']))
-			$this->createAtttach();
+		if (!empty($_SESSION['temp_attachments'])) {
+					$this->createAtttach();
+		}
 
 		// Set the response.
 		$this->setResponse();
@@ -144,8 +150,9 @@ 
 	{
 		global $context, $modSettings, $smcFunc, $user_info, $txt;
 
-		if (!isset($_FILES['attachment']['name']))
-			$_FILES['attachment']['tmp_name'] = array();
+		if (!isset($_FILES['attachment']['name'])) {
+					$_FILES['attachment']['tmp_name'] = array();
+		}
 
 		// If there are attachments, calculate the total size and how many.
 		$context['attachments']['total_size'] = 0;
@@ -155,25 +162,30 @@ 
 		if (isset($_REQUEST['msg']))
 		{
 			$context['attachments']['quantity'] = count($context['current_attachments']);
-			foreach ($context['current_attachments'] as $attachment)
-				$context['attachments']['total_size'] += $attachment['size'];
+			foreach ($context['current_attachments'] as $attachment) {
+							$context['attachments']['total_size'] += $attachment['size'];
+			}
 		}
 
 		// A bit of house keeping first.
-		if (!empty($_SESSION['temp_attachments']) && count($_SESSION['temp_attachments']) == 1)
-			unset($_SESSION['temp_attachments']);
+		if (!empty($_SESSION['temp_attachments']) && count($_SESSION['temp_attachments']) == 1) {
+					unset($_SESSION['temp_attachments']);
+		}
 
 		// Our infamous SESSION var, we are gonna have soo much fun with it!
-		if (!isset($_SESSION['temp_attachments']))
-			$_SESSION['temp_attachments'] = array();
+		if (!isset($_SESSION['temp_attachments'])) {
+					$_SESSION['temp_attachments'] = array();
+		}
 
 		// Make sure we're uploading to the right place.
-		if (!empty($modSettings['automanage_attachments']))
-			automanage_attachments_check_directory();
+		if (!empty($modSettings['automanage_attachments'])) {
+					automanage_attachments_check_directory();
+		}
 
 		// Is the attachments folder actually there?
-		if (!empty($context['dir_creation_error']))
-			$this->_generalErrors[] = $context['dir_creation_error'];
+		if (!empty($context['dir_creation_error'])) {
+					$this->_generalErrors[] = $context['dir_creation_error'];
+		}
 
 		// The current attach folder ha some issues...
 		elseif (!is_dir($this->_attchDir))
@@ -198,13 +210,12 @@ 
 			);
 			list ($context['attachments']['quantity'], $context['attachments']['total_size']) = $smcFunc['db_fetch_row']($request);
 			$smcFunc['db_free_result']($request);
-		}
-
-		else
-			$context['attachments'] = array(
+		} else {
+					$context['attachments'] = array(
 				'quantity' => 0,
 				'total_size' => 0,
 			);
+		}
 
 		// Check for other general errors here.
 
@@ -212,9 +223,10 @@ 
 		if (!empty($this->_generalErrors))
 		{
 			// And delete the files 'cos they ain't going nowhere.
-			foreach ($_FILES['attachment']['tmp_name'] as $n => $dummy)
-				if (file_exists($_FILES['attachment']['tmp_name'][$n]))
+			foreach ($_FILES['attachment']['tmp_name'] as $n => $dummy) {
+							if (file_exists($_FILES['attachment']['tmp_name'][$n]))
 					unlink($_FILES['attachment']['tmp_name'][$n]);
+			}
 
 			$_FILES['attachment']['tmp_name'] = array();
 
@@ -225,26 +237,29 @@ 
 		// Loop through $_FILES['attachment'] array and move each file to the current attachments folder.
 		foreach ($_FILES['attachment']['tmp_name'] as $n => $dummy)
 		{
-			if ($_FILES['attachment']['name'][$n] == '')
-				continue;
+			if ($_FILES['attachment']['name'][$n] == '') {
+							continue;
+			}
 
 			// First, let's first check for PHP upload errors.
 			$errors = array();
 			if (!empty($_FILES['attachment']['error'][$n]))
 			{
-				if ($_FILES['attachment']['error'][$n] == 2)
-					$errors[] = array('file_too_big', array($modSettings['attachmentSizeLimit']));
-
-				else
-					log_error($_FILES['attachment']['name'][$n] . ': ' . $txt['php_upload_error_' . $_FILES['attachment']['error'][$n]]);
+				if ($_FILES['attachment']['error'][$n] == 2) {
+									$errors[] = array('file_too_big', array($modSettings['attachmentSizeLimit']));
+				} else {
+									log_error($_FILES['attachment']['name'][$n] . ': ' . $txt['php_upload_error_' . $_FILES['attachment']['error'][$n]]);
+				}
 
 				// Log this one, because...
-				if ($_FILES['attachment']['error'][$n] == 6)
-					log_error($_FILES['attachment']['name'][$n] . ': ' . $txt['php_upload_error_6'], 'critical');
+				if ($_FILES['attachment']['error'][$n] == 6) {
+									log_error($_FILES['attachment']['name'][$n] . ': ' . $txt['php_upload_error_6'], 'critical');
+				}
 
 				// Weird, no errors were cached, still fill out a generic one.
-				if (empty($errors))
-					$errors[] = 'attach_php_error';
+				if (empty($errors)) {
+									$errors[] = 'attach_php_error';
+				}
 			}
 
 			// Try to move and rename the file before doing any more checks on it.
@@ -256,8 +271,9 @@ 
 			{
 				// The reported MIME type of the attachment might not be reliable.
 				// Fortunately, PHP 5.3+ lets us easily verify the real MIME type.
-				if (function_exists('mime_content_type'))
-					$_FILES['attachment']['type'][$n] = mime_content_type($_FILES['attachment']['tmp_name'][$n]);
+				if (function_exists('mime_content_type')) {
+									$_FILES['attachment']['type'][$n] = mime_content_type($_FILES['attachment']['tmp_name'][$n]);
+				}
 
 				$_SESSION['temp_attachments'][$attachID] = array(
 					'name' => $smcFunc['htmlspecialchars'](basename($_FILES['attachment']['name'][$n])),
@@ -269,16 +285,18 @@ 
 				);
 
 				// Move the file to the attachments folder with a temp name for now.
-				if (@move_uploaded_file($_FILES['attachment']['tmp_name'][$n], $destName))
-					smf_chmod($destName, 0644);
+				if (@move_uploaded_file($_FILES['attachment']['tmp_name'][$n], $destName)) {
+									smf_chmod($destName, 0644);
+				}
 
 				// This is madness!!
 				else
 				{
 					// File couldn't be moved.
 					$_SESSION['temp_attachments'][$attachID]['errors'][] = 'attach_timeout';
-					if (file_exists($_FILES['attachment']['tmp_name'][$n]))
-						unlink($_FILES['attachment']['tmp_name'][$n]);
+					if (file_exists($_FILES['attachment']['tmp_name'][$n])) {
+											unlink($_FILES['attachment']['tmp_name'][$n]);
+					}
 				}
 			}
 
@@ -291,13 +309,15 @@ 
 					'errors' => $errors,
 				);
 
-				if (file_exists($_FILES['attachment']['tmp_name'][$n]))
-					unlink($_FILES['attachment']['tmp_name'][$n]);
+				if (file_exists($_FILES['attachment']['tmp_name'][$n])) {
+									unlink($_FILES['attachment']['tmp_name'][$n]);
+				}
 			}
 
 			// If there's no errors to this point. We still do need to apply some additional checks before we are finished.
-			if (empty($_SESSION['temp_attachments'][$attachID]['errors']))
-				attachmentChecks($attachID);
+			if (empty($_SESSION['temp_attachments'][$attachID]['errors'])) {
+							attachmentChecks($attachID);
+			}
 		}
 
 		// Mod authors, finally a hook to hang an alternate attachment upload system upon
@@ -344,14 +364,15 @@ 
 
 					$_SESSION['already_attached'][$attachmentOptions['attachID']] = $attachmentOptions['attachID'];
 
-					if (!empty($attachmentOptions['thumb']))
-						$_SESSION['already_attached'][$attachmentOptions['thumb']] = $attachmentOptions['thumb'];
+					if (!empty($attachmentOptions['thumb'])) {
+											$_SESSION['already_attached'][$attachmentOptions['thumb']] = $attachmentOptions['thumb'];
+					}
 
-					if ($this->_msg)
-						assignAttachments($_SESSION['already_attached'], $this->_msg);
+					if ($this->_msg) {
+											assignAttachments($_SESSION['already_attached'], $this->_msg);
+					}
 				}
-			}
-			else
+			} else
 			{
 				// Sort out the errors for display and delete any associated files.
 				$log_these = array('attachments_no_create', 'attachments_no_write', 'attach_timeout', 'ran_out_of_space', 'cant_access_upload_path', 'attach_0_byte_file');
@@ -363,14 +384,16 @@ 
 					if (!is_array($error))
 					{
 						$attachmentOptions['errors'][] = $txt[$error];
-						if (in_array($error, $log_these))
-							log_error($attachment['name'] . ': ' . $txt[$error], 'critical');
+						if (in_array($error, $log_these)) {
+													log_error($attachment['name'] . ': ' . $txt[$error], 'critical');
+						}
+					} else {
+											$attachmentOptions['errors'][] = vsprintf($txt[$error[0]], $error[1]);
 					}
-					else
-						$attachmentOptions['errors'][] = vsprintf($txt[$error[0]], $error[1]);
 				}
-				if (file_exists($attachment['tmp_name']))
-					unlink($attachment['tmp_name']);
+				if (file_exists($attachment['tmp_name'])) {
+									unlink($attachment['tmp_name']);
+				}
 			}
 
 			// You don't need to know.
@@ -382,8 +405,9 @@ 
 		}
 
 		// Temp save this on the db.
-		if (!empty($_SESSION['already_attached']))
-			$this->_attachSuccess = $_SESSION['already_attached'];
+		if (!empty($_SESSION['already_attached'])) {
+					$this->_attachSuccess = $_SESSION['already_attached'];
+		}
 
 		unset($_SESSION['temp_attachments']);
 	}
@@ -403,14 +427,16 @@ 
 		if ($this->_sa == 'add')
 		{
 			// Is there any generic errors? made some sense out of them!
-			if ($this->_generalErrors)
-				foreach ($this->_generalErrors as $k => $v)
+			if ($this->_generalErrors) {
+							foreach ($this->_generalErrors as $k => $v)
 					$this->_generalErrors[$k] = (is_array($v) ? vsprintf($txt[$v[0]], $v[1]) : $txt[$v]);
+			}
 
 			// Gotta urlencode the filename.
-			if ($this->_attachResults)
-				foreach ($this->_attachResults as $k => $v)
+			if ($this->_attachResults) {
+							foreach ($this->_attachResults as $k => $v)
 					$this->_attachResults[$k]['name'] =  urlencode($this->_attachResults[$k]['name']);
+			}
 
 			$this->_response = array(
 				'files' => $this->_attachResults ? $this->_attachResults : false,
@@ -419,9 +445,10 @@ 
 		}
 
 		// Rest of us mere mortals gets no special treatment...
-		elseif (!empty($data))
-			if (!empty($data['text']) && !empty($txt[$data['text']]))
+		elseif (!empty($data)) {
+					if (!empty($data['text']) && !empty($txt[$data['text']]))
 				$this->_response['text'] = $txt[$data['text']];
+		}
 	}
 
 	protected function sendResponse()
@@ -430,11 +457,11 @@ 
 
 		ob_end_clean();
 
-		if (!empty($modSettings['CompressedOutput']))
-			@ob_start('ob_gzhandler');
-
-		else
-			ob_start();
+		if (!empty($modSettings['CompressedOutput'])) {
+					@ob_start('ob_gzhandler');
+		} else {
+					ob_start();
+		}
 
 		// Set the header.
 		header('content-type: application/json; charset='. $context['character_set'] .'');

Sources/Security.php

Braces +258 added lines, -199 removed lines

@@ -14,8 +14,9 @@ 
  * @version 2.1 Beta 4
  */
 
-if (!defined('SMF'))
+if (!defined('SMF')) {
 	die('No direct access...');
+}
 
 /**
  * Check if the user is who he/she says he is
@@ -42,12 +43,14 @@ 
 	$refreshTime = isset($_GET['xml']) ? 4200 : 3600;
 
 	// Is the security option off?
-	if (!empty($modSettings['securityDisable' . ($type != 'admin' ? '_' . $type : '')]))
-		return;
+	if (!empty($modSettings['securityDisable' . ($type != 'admin' ? '_' . $type : '')])) {
+			return;
+	}
 
 	// Or are they already logged in?, Moderator or admin session is need for this area
-	if ((!empty($_SESSION[$type . '_time']) && $_SESSION[$type . '_time'] + $refreshTime >= time()) || (!empty($_SESSION['admin_time']) && $_SESSION['admin_time'] + $refreshTime >= time()))
-		return;
+	if ((!empty($_SESSION[$type . '_time']) && $_SESSION[$type . '_time'] + $refreshTime >= time()) || (!empty($_SESSION['admin_time']) && $_SESSION['admin_time'] + $refreshTime >= time())) {
+			return;
+	}
 
 	require_once($sourcedir . '/Subs-Auth.php');
 
@@ -55,8 +58,9 @@ 
 	if (isset($_POST[$type . '_pass']))
 	{
 		// Check to ensure we're forcing SSL for authentication
-		if (!empty($modSettings['force_ssl']) && empty($maintenance) && !httpsOn())
-			fatal_lang_error('login_ssl_required');
+		if (!empty($modSettings['force_ssl']) && empty($maintenance) && !httpsOn()) {
+					fatal_lang_error('login_ssl_required');
+		}
 
 		checkSession();
 
@@ -72,17 +76,19 @@ 
 	}
 
 	// Better be sure to remember the real referer
-	if (empty($_SESSION['request_referer']))
-		$_SESSION['request_referer'] = isset($_SERVER['HTTP_REFERER']) ? @parse_url($_SERVER['HTTP_REFERER']) : array();
-	elseif (empty($_POST))
-		unset($_SESSION['request_referer']);
+	if (empty($_SESSION['request_referer'])) {
+			$_SESSION['request_referer'] = isset($_SERVER['HTTP_REFERER']) ? @parse_url($_SERVER['HTTP_REFERER']) : array();
+	} elseif (empty($_POST)) {
+			unset($_SESSION['request_referer']);
+	}
 
 	// Need to type in a password for that, man.
-	if (!isset($_GET['xml']))
-		adminLogin($type);
-	else
-		return 'session_verify_fail';
-}
+	if (!isset($_GET['xml'])) {
+			adminLogin($type);
+	} else {
+			return 'session_verify_fail';
+	}
+	}
 
 /**
  * Require a user who is logged in. (not a guest.)
@@ -96,25 +102,30 @@ 
 	global $user_info, $txt, $context, $scripturl, $modSettings;
 
 	// Luckily, this person isn't a guest.
-	if (!$user_info['is_guest'])
-		return;
+	if (!$user_info['is_guest']) {
+			return;
+	}
 
 	// Log what they were trying to do didn't work)
-	if (!empty($modSettings['who_enabled']))
-		$_GET['error'] = 'guest_login';
+	if (!empty($modSettings['who_enabled'])) {
+			$_GET['error'] = 'guest_login';
+	}
 	writeLog(true);
 
 	// Just die.
-	if (isset($_REQUEST['xml']))
-		obExit(false);
+	if (isset($_REQUEST['xml'])) {
+			obExit(false);
+	}
 
 	// Attempt to detect if they came from dlattach.
-	if (SMF != 'SSI' && empty($context['theme_loaded']))
-		loadTheme();
+	if (SMF != 'SSI' && empty($context['theme_loaded'])) {
+			loadTheme();
+	}
 
 	// Never redirect to an attachment
-	if (strpos($_SERVER['REQUEST_URL'], 'dlattach') === false)
-		$_SESSION['login_url'] = $_SERVER['REQUEST_URL'];
+	if (strpos($_SERVER['REQUEST_URL'], 'dlattach') === false) {
+			$_SESSION['login_url'] = $_SERVER['REQUEST_URL'];
+	}
 
 	// Load the Login template and language file.
 	loadLanguage('Login');
@@ -124,8 +135,7 @@ 
 	{
 		$_SESSION['login_url'] = $scripturl . '?' . $_SERVER['QUERY_STRING'];
 		redirectexit('action=login');
-	}
-	else
+	} else
 	{
 		loadTemplate('Login');
 		$context['sub_template'] = 'kick_guest';
@@ -155,8 +165,9 @@ 
 	global $sourcedir, $cookiename, $user_settings, $smcFunc;
 
 	// You cannot be banned if you are an admin - doesn't help if you log out.
-	if ($user_info['is_admin'])
-		return;
+	if ($user_info['is_admin']) {
+			return;
+	}
 
 	// Only check the ban every so often. (to reduce load.)
 	if ($forceCheck || !isset($_SESSION['ban']) || empty($modSettings['banLastUpdated']) || ($_SESSION['ban']['last_checked'] < $modSettings['banLastUpdated']) || $_SESSION['ban']['id_member'] != $user_info['id'] || $_SESSION['ban']['ip'] != $user_info['ip'] || $_SESSION['ban']['ip2'] != $user_info['ip2'] || (isset($user_info['email'], $_SESSION['ban']['email']) && $_SESSION['ban']['email'] != $user_info['email']))
@@ -177,8 +188,9 @@ 
 		// Check both IP addresses.
 		foreach (array('ip', 'ip2') as $ip_number)
 		{
-			if ($ip_number == 'ip2' && $user_info['ip2'] == $user_info['ip'])
-				continue;
+			if ($ip_number == 'ip2' && $user_info['ip2'] == $user_info['ip']) {
+							continue;
+			}
 			$ban_query[] = ' {inet:' . $ip_number . '} BETWEEN bi.ip_low and bi.ip_high';
 			$ban_query_vars[$ip_number] = $user_info[$ip_number];
 			// IP was valid, maybe there's also a hostname...
@@ -228,24 +240,28 @@ 
 			// Store every type of ban that applies to you in your session.
 			while ($row = $smcFunc['db_fetch_assoc']($request))
 			{
-				foreach ($restrictions as $restriction)
-					if (!empty($row[$restriction]))
+				foreach ($restrictions as $restriction) {
+									if (!empty($row[$restriction]))
 					{
 						$_SESSION['ban'][$restriction]['reason'] = $row['reason'];
+				}
 						$_SESSION['ban'][$restriction]['ids'][] = $row['id_ban'];
-						if (!isset($_SESSION['ban']['expire_time']) || ($_SESSION['ban']['expire_time'] != 0 && ($row['expire_time'] == 0 || $row['expire_time'] > $_SESSION['ban']['expire_time'])))
-							$_SESSION['ban']['expire_time'] = $row['expire_time'];
+						if (!isset($_SESSION['ban']['expire_time']) || ($_SESSION['ban']['expire_time'] != 0 && ($row['expire_time'] == 0 || $row['expire_time'] > $_SESSION['ban']['expire_time']))) {
+													$_SESSION['ban']['expire_time'] = $row['expire_time'];
+						}
 
-						if (!$user_info['is_guest'] && $restriction == 'cannot_access' && ($row['id_member'] == $user_info['id'] || $row['email_address'] == $user_info['email']))
-							$flag_is_activated = true;
+						if (!$user_info['is_guest'] && $restriction == 'cannot_access' && ($row['id_member'] == $user_info['id'] || $row['email_address'] == $user_info['email'])) {
+													$flag_is_activated = true;
+						}
 					}
 			}
 			$smcFunc['db_free_result']($request);
 		}
 
 		// Mark the cannot_access and cannot_post bans as being 'hit'.
-		if (isset($_SESSION['ban']['cannot_access']) || isset($_SESSION['ban']['cannot_post']) || isset($_SESSION['ban']['cannot_login']))
-			log_ban(array_merge(isset($_SESSION['ban']['cannot_access']) ? $_SESSION['ban']['cannot_access']['ids'] : array(), isset($_SESSION['ban']['cannot_post']) ? $_SESSION['ban']['cannot_post']['ids'] : array(), isset($_SESSION['ban']['cannot_login']) ? $_SESSION['ban']['cannot_login']['ids'] : array()));
+		if (isset($_SESSION['ban']['cannot_access']) || isset($_SESSION['ban']['cannot_post']) || isset($_SESSION['ban']['cannot_login'])) {
+					log_ban(array_merge(isset($_SESSION['ban']['cannot_access']) ? $_SESSION['ban']['cannot_access']['ids'] : array(), isset($_SESSION['ban']['cannot_post']) ? $_SESSION['ban']['cannot_post']['ids'] : array(), isset($_SESSION['ban']['cannot_login']) ? $_SESSION['ban']['cannot_login']['ids'] : array()));
+		}
 
 		// If for whatever reason the is_activated flag seems wrong, do a little work to clear it up.
 		if ($user_info['id'] && (($user_settings['is_activated'] >= 10 && !$flag_is_activated)
@@ -260,8 +276,9 @@ 
 	if (!isset($_SESSION['ban']['cannot_access']) && !empty($_COOKIE[$cookiename . '_']))
 	{
 		$bans = explode(',', $_COOKIE[$cookiename . '_']);
-		foreach ($bans as $key => $value)
-			$bans[$key] = (int) $value;
+		foreach ($bans as $key => $value) {
+					$bans[$key] = (int) $value;
+		}
 		$request = $smcFunc['db_query']('', '
 			SELECT bi.id_ban, bg.reason
 			FROM {db_prefix}ban_items AS bi
@@ -297,14 +314,15 @@ 
 	if (isset($_SESSION['ban']['cannot_access']))
 	{
 		// We don't wanna see you!
-		if (!$user_info['is_guest'])
-			$smcFunc['db_query']('', '
+		if (!$user_info['is_guest']) {
+					$smcFunc['db_query']('', '
 				DELETE FROM {db_prefix}log_online
 				WHERE id_member = {int:current_member}',
 				array(
 					'current_member' => $user_info['id'],
 				)
 			);
+		}
 
 		// 'Log' the user out.  Can't have any funny business... (save the name!)
 		$old_name = isset($user_info['name']) && $user_info['name'] != '' ? $user_info['name'] : $txt['guest_title'];
@@ -390,9 +408,10 @@ 
 	}
 
 	// Fix up the banning permissions.
-	if (isset($user_info['permissions']))
-		banPermissions();
-}
+	if (isset($user_info['permissions'])) {
+			banPermissions();
+	}
+	}
 
 /**
  * Fix permissions according to ban status.
@@ -403,8 +422,9 @@ 
 	global $user_info, $sourcedir, $modSettings, $context;
 
 	// Somehow they got here, at least take away all permissions...
-	if (isset($_SESSION['ban']['cannot_access']))
-		$user_info['permissions'] = array();
+	if (isset($_SESSION['ban']['cannot_access'])) {
+			$user_info['permissions'] = array();
+	}
 	// Okay, well, you can watch, but don't touch a thing.
 	elseif (isset($_SESSION['ban']['cannot_post']) || (!empty($modSettings['warning_mute']) && $modSettings['warning_mute'] <= $user_info['warning']))
 	{
@@ -446,19 +466,20 @@ 
 		call_integration_hook('integrate_warn_permissions', array(&$permission_change));
 		foreach ($permission_change as $old => $new)
 		{
-			if (!in_array($old, $user_info['permissions']))
-				unset($permission_change[$old]);
-			else
-				$user_info['permissions'][] = $new;
+			if (!in_array($old, $user_info['permissions'])) {
+							unset($permission_change[$old]);
+			} else {
+							$user_info['permissions'][] = $new;
+			}
 		}
 		$user_info['permissions'] = array_diff($user_info['permissions'], array_keys($permission_change));
 	}
 
 	// @todo Find a better place to call this? Needs to be after permissions loaded!
 	// Finally, some bits we cache in the session because it saves queries.
-	if (isset($_SESSION['mc']) && $_SESSION['mc']['time'] > $modSettings['settings_updated'] && $_SESSION['mc']['id'] == $user_info['id'])
-		$user_info['mod_cache'] = $_SESSION['mc'];
-	else
+	if (isset($_SESSION['mc']) && $_SESSION['mc']['time'] > $modSettings['settings_updated'] && $_SESSION['mc']['id'] == $user_info['id']) {
+			$user_info['mod_cache'] = $_SESSION['mc'];
+	} else
 	{
 		require_once($sourcedir . '/Subs-Auth.php');
 		rebuildModCache();
@@ -469,14 +490,12 @@ 
 	{
 		$context['open_mod_reports'] = $_SESSION['rc']['reports'];
 		$context['open_member_reports'] = $_SESSION['rc']['member_reports'];
-	}
-	elseif ($_SESSION['mc']['bq'] != '0=1')
+	} elseif ($_SESSION['mc']['bq'] != '0=1')
 	{
 		require_once($sourcedir . '/Subs-ReportedContent.php');
 		$context['open_mod_reports'] = recountOpenReports('posts');
 		$context['open_member_reports'] = recountOpenReports('members');
-	}
-	else
+	} else
 	{
 		$context['open_mod_reports'] = 0;
 		$context['open_member_reports'] = 0;
@@ -496,8 +515,9 @@ 
 	global $user_info, $smcFunc;
 
 	// Don't log web accelerators, it's very confusing...
-	if (isset($_SERVER['HTTP_X_MOZ']) && $_SERVER['HTTP_X_MOZ'] == 'prefetch')
-		return;
+	if (isset($_SERVER['HTTP_X_MOZ']) && $_SERVER['HTTP_X_MOZ'] == 'prefetch') {
+			return;
+	}
 
 	$smcFunc['db_insert']('',
 		'{db_prefix}log_banned',
@@ -507,8 +527,8 @@ 
 	);
 
 	// One extra point for these bans.
-	if (!empty($ban_ids))
-		$smcFunc['db_query']('', '
+	if (!empty($ban_ids)) {
+			$smcFunc['db_query']('', '
 			UPDATE {db_prefix}ban_items
 			SET hits = hits + 1
 			WHERE id_ban IN ({array_int:ban_ids})',
@@ -516,7 +536,8 @@ 
 				'ban_ids' => $ban_ids,
 			)
 		);
-}
+	}
+	}
 
 /**
  * Checks if a given email address might be banned.
@@ -532,8 +553,9 @@ 
 	global $txt, $smcFunc;
 
 	// Can't ban an empty email
-	if (empty($email) || trim($email) == '')
-		return;
+	if (empty($email) || trim($email) == '') {
+			return;
+	}
 
 	// Let's start with the bans based on your IP/hostname/memberID...
 	$ban_ids = isset($_SESSION['ban'][$restriction]) ? $_SESSION['ban'][$restriction]['ids'] : array();
@@ -606,16 +628,18 @@ 
 	if ($type == 'post')
 	{
 		$check = isset($_POST[$_SESSION['session_var']]) ? $_POST[$_SESSION['session_var']] : (empty($modSettings['strictSessionCheck']) && isset($_POST['sc']) ? $_POST['sc'] : null);
-		if ($check !== $sc)
-			$error = 'session_timeout';
+		if ($check !== $sc) {
+					$error = 'session_timeout';
+		}
 	}
 
 	// How about $_GET['sesc']?
 	elseif ($type == 'get')
 	{
 		$check = isset($_GET[$_SESSION['session_var']]) ? $_GET[$_SESSION['session_var']] : (empty($modSettings['strictSessionCheck']) && isset($_GET['sesc']) ? $_GET['sesc'] : null);
-		if ($check !== $sc)
-			$error = 'session_verify_fail';
+		if ($check !== $sc) {
+					$error = 'session_verify_fail';
+		}
 	}
 
 	// Or can it be in either?
@@ -623,13 +647,15 @@ 
 	{
 		$check = isset($_GET[$_SESSION['session_var']]) ? $_GET[$_SESSION['session_var']] : (empty($modSettings['strictSessionCheck']) && isset($_GET['sesc']) ? $_GET['sesc'] : (isset($_POST[$_SESSION['session_var']]) ? $_POST[$_SESSION['session_var']] : (empty($modSettings['strictSessionCheck']) && isset($_POST['sc']) ? $_POST['sc'] : null)));
 
-		if ($check !== $sc)
-			$error = 'session_verify_fail';
+		if ($check !== $sc) {
+					$error = 'session_verify_fail';
+		}
 	}
 
 	// Verify that they aren't changing user agents on us - that could be bad.
-	if ((!isset($_SESSION['USER_AGENT']) || $_SESSION['USER_AGENT'] != $_SERVER['HTTP_USER_AGENT']) && empty($modSettings['disableCheckUA']))
-		$error = 'session_verify_fail';
+	if ((!isset($_SESSION['USER_AGENT']) || $_SESSION['USER_AGENT'] != $_SERVER['HTTP_USER_AGENT']) && empty($modSettings['disableCheckUA'])) {
+			$error = 'session_verify_fail';
+	}
 
 	// Make sure a page with session check requirement is not being prefetched.
 	if (isset($_SERVER['HTTP_X_MOZ']) && $_SERVER['HTTP_X_MOZ'] == 'prefetch')
@@ -640,30 +666,35 @@ 
 	}
 
 	// Check the referring site - it should be the same server at least!
-	if (isset($_SESSION['request_referer']))
-		$referrer = $_SESSION['request_referer'];
-	else
-		$referrer = isset($_SERVER['HTTP_REFERER']) ? @parse_url($_SERVER['HTTP_REFERER']) : array();
+	if (isset($_SESSION['request_referer'])) {
+			$referrer = $_SESSION['request_referer'];
+	} else {
+			$referrer = isset($_SERVER['HTTP_REFERER']) ? @parse_url($_SERVER['HTTP_REFERER']) : array();
+	}
 	if (!empty($referrer['host']))
 	{
-		if (strpos($_SERVER['HTTP_HOST'], ':') !== false)
-			$real_host = substr($_SERVER['HTTP_HOST'], 0, strpos($_SERVER['HTTP_HOST'], ':'));
-		else
-			$real_host = $_SERVER['HTTP_HOST'];
+		if (strpos($_SERVER['HTTP_HOST'], ':') !== false) {
+					$real_host = substr($_SERVER['HTTP_HOST'], 0, strpos($_SERVER['HTTP_HOST'], ':'));
+		} else {
+					$real_host = $_SERVER['HTTP_HOST'];
+		}
 
 		$parsed_url = parse_url($boardurl);
 
 		// Are global cookies on?  If so, let's check them ;).
 		if (!empty($modSettings['globalCookies']))
 		{
-			if (preg_match('~(?:[^\.]+\.)?([^\.]{3,}\..+)\z~i', $parsed_url['host'], $parts) == 1)
-				$parsed_url['host'] = $parts[1];
+			if (preg_match('~(?:[^\.]+\.)?([^\.]{3,}\..+)\z~i', $parsed_url['host'], $parts) == 1) {
+							$parsed_url['host'] = $parts[1];
+			}
 
-			if (preg_match('~(?:[^\.]+\.)?([^\.]{3,}\..+)\z~i', $referrer['host'], $parts) == 1)
-				$referrer['host'] = $parts[1];
+			if (preg_match('~(?:[^\.]+\.)?([^\.]{3,}\..+)\z~i', $referrer['host'], $parts) == 1) {
+							$referrer['host'] = $parts[1];
+			}
 
-			if (preg_match('~(?:[^\.]+\.)?([^\.]{3,}\..+)\z~i', $real_host, $parts) == 1)
-				$real_host = $parts[1];
+			if (preg_match('~(?:[^\.]+\.)?([^\.]{3,}\..+)\z~i', $real_host, $parts) == 1) {
+							$real_host = $parts[1];
+			}
 		}
 
 		// Okay: referrer must either match parsed_url or real_host.
@@ -681,12 +712,14 @@ 
 		$log_error = true;
 	}
 
-	if (strtolower($_SERVER['HTTP_USER_AGENT']) == 'hacker')
-		fatal_error('Sound the alarm!  It\'s a hacker!  Close the castle gates!!', false);
+	if (strtolower($_SERVER['HTTP_USER_AGENT']) == 'hacker') {
+			fatal_error('Sound the alarm!  It\'s a hacker!  Close the castle gates!!', false);
+	}
 
 	// Everything is ok, return an empty string.
-	if (!isset($error))
-		return '';
+	if (!isset($error)) {
+			return '';
+	}
 	// A session error occurred, show the error.
 	elseif ($is_fatal)
 	{
@@ -695,13 +728,14 @@ 
 			ob_end_clean();
 			header('HTTP/1.1 403 Forbidden - Session timeout');
 			die;
+		} else {
+					fatal_lang_error($error, isset($log_error) ? 'user' : false);
 		}
-		else
-			fatal_lang_error($error, isset($log_error) ? 'user' : false);
 	}
 	// A session error occurred, return the error to the calling function.
-	else
-		return $error;
+	else {
+			return $error;
+	}
 
 	// We really should never fall through here, for very important reasons.  Let's make sure.
 	trigger_error('Hacking attempt...', E_USER_ERROR);
@@ -717,10 +751,9 @@ 
 {
 	global $modSettings;
 
-	if (isset($_GET['confirm']) && isset($_SESSION['confirm_' . $action]) && md5($_GET['confirm'] . $_SERVER['HTTP_USER_AGENT']) == $_SESSION['confirm_' . $action])
-		return true;
-
-	else
+	if (isset($_GET['confirm']) && isset($_SESSION['confirm_' . $action]) && md5($_GET['confirm'] . $_SERVER['HTTP_USER_AGENT']) == $_SESSION['confirm_' . $action]) {
+			return true;
+	} else
 	{
 		$token = md5(mt_rand() . session_id() . (string) microtime() . $modSettings['rand_seed']);
 		$_SESSION['confirm_' . $action] = md5($token . $_SERVER['HTTP_USER_AGENT']);
@@ -771,9 +804,9 @@ 
 			$return = $_SESSION['token'][$type . '-' . $action][3];
 			unset($_SESSION['token'][$type . '-' . $action]);
 			return $return;
+		} else {
+					return '';
 		}
-		else
-			return '';
 	}
 
 	// This nasty piece of code validates a token.
@@ -804,12 +837,14 @@ 
 		fatal_lang_error('token_verify_fail', false);
 	}
 	// Remove this token as its useless
-	else
-		unset($_SESSION['token'][$type . '-' . $action]);
+	else {
+			unset($_SESSION['token'][$type . '-' . $action]);
+	}
 
 	// Randomly check if we should remove some older tokens.
-	if (mt_rand(0, 138) == 23)
-		cleanTokens();
+	if (mt_rand(0, 138) == 23) {
+			cleanTokens();
+	}
 
 	return false;
 }
@@ -824,14 +859,16 @@ 
 function cleanTokens($complete = false)
 {
 	// We appreciate cleaning up after yourselves.
-	if (!isset($_SESSION['token']))
-		return;
+	if (!isset($_SESSION['token'])) {
+			return;
+	}
 
 	// Clean up tokens, trying to give enough time still.
-	foreach ($_SESSION['token'] as $key => $data)
-		if ($data[2] + 10800 < time() || $complete)
+	foreach ($_SESSION['token'] as $key => $data) {
+			if ($data[2] + 10800 < time() || $complete)
 			unset($_SESSION['token'][$key]);
-}
+	}
+	}
 
 /**
  * Check whether a form has been submitted twice.
@@ -849,37 +886,40 @@ 
 {
 	global $context;
 
-	if (!isset($_SESSION['forms']))
-		$_SESSION['forms'] = array();
+	if (!isset($_SESSION['forms'])) {
+			$_SESSION['forms'] = array();
+	}
 
 	// Register a form number and store it in the session stack. (use this on the page that has the form.)
 	if ($action == 'register')
 	{
 		$context['form_sequence_number'] = 0;
-		while (empty($context['form_sequence_number']) || in_array($context['form_sequence_number'], $_SESSION['forms']))
-			$context['form_sequence_number'] = mt_rand(1, 16000000);
+		while (empty($context['form_sequence_number']) || in_array($context['form_sequence_number'], $_SESSION['forms'])) {
+					$context['form_sequence_number'] = mt_rand(1, 16000000);
+		}
 	}
 	// Check whether the submitted number can be found in the session.
 	elseif ($action == 'check')
 	{
-		if (!isset($_REQUEST['seqnum']))
-			return true;
-		elseif (!in_array($_REQUEST['seqnum'], $_SESSION['forms']))
+		if (!isset($_REQUEST['seqnum'])) {
+					return true;
+		} elseif (!in_array($_REQUEST['seqnum'], $_SESSION['forms']))
 		{
 			$_SESSION['forms'][] = (int) $_REQUEST['seqnum'];
 			return true;
+		} elseif ($is_fatal) {
+					fatal_lang_error('error_form_already_submitted', false);
+		} else {
+					return false;
 		}
-		elseif ($is_fatal)
-			fatal_lang_error('error_form_already_submitted', false);
-		else
-			return false;
 	}
 	// Don't check, just free the stack number.
-	elseif ($action == 'free' && isset($_REQUEST['seqnum']) && in_array($_REQUEST['seqnum'], $_SESSION['forms']))
-		$_SESSION['forms'] = array_diff($_SESSION['forms'], array($_REQUEST['seqnum']));
-	elseif ($action != 'free')
-		trigger_error('checkSubmitOnce(): Invalid action \'' . $action . '\'', E_USER_WARNING);
-}
+	elseif ($action == 'free' && isset($_REQUEST['seqnum']) && in_array($_REQUEST['seqnum'], $_SESSION['forms'])) {
+			$_SESSION['forms'] = array_diff($_SESSION['forms'], array($_REQUEST['seqnum']));
+	} elseif ($action != 'free') {
+			trigger_error('checkSubmitOnce(): Invalid action \'' . $action . '\'', E_USER_WARNING);
+	}
+	}
 
 /**
  * Check the user's permissions.
@@ -898,16 +938,19 @@ 
 	global $user_info, $smcFunc;
 
 	// You're always allowed to do nothing. (unless you're a working man, MR. LAZY :P!)
-	if (empty($permission))
-		return true;
+	if (empty($permission)) {
+			return true;
+	}
 
 	// You're never allowed to do something if your data hasn't been loaded yet!
-	if (empty($user_info))
-		return false;
+	if (empty($user_info)) {
+			return false;
+	}
 
 	// Administrators are supermen :P.
-	if ($user_info['is_admin'])
-		return true;
+	if ($user_info['is_admin']) {
+			return true;
+	}
 
 	// Let's ensure this is an array.
 	$permission = (array) $permission;
@@ -915,14 +958,16 @@ 
 	// Are we checking the _current_ board, or some other boards?
 	if ($boards === null)
 	{
-		if (count(array_intersect($permission, $user_info['permissions'])) != 0)
-			return true;
+		if (count(array_intersect($permission, $user_info['permissions'])) != 0) {
+					return true;
+		}
 		// You aren't allowed, by default.
-		else
-			return false;
+		else {
+					return false;
+		}
+	} elseif (!is_array($boards)) {
+			$boards = array($boards);
 	}
-	elseif (!is_array($boards))
-		$boards = array($boards);
 
 	$request = $smcFunc['db_query']('', '
 		SELECT MIN(bp.add_deny) AS add_deny
@@ -950,20 +995,23 @@ 
 		while ($row = $smcFunc['db_fetch_assoc']($request))
 		{
 			$result = !empty($row['add_deny']);
-			if ($result == true)
-				break;
+			if ($result == true) {
+							break;
+			}
 		}
 		$smcFunc['db_free_result']($request);
 		return $result;
 	}
 
 	// Make sure they can do it on all of the boards.
-	if ($smcFunc['db_num_rows']($request) != count($boards))
-		return false;
+	if ($smcFunc['db_num_rows']($request) != count($boards)) {
+			return false;
+	}
 
 	$result = true;
-	while ($row = $smcFunc['db_fetch_assoc']($request))
-		$result &= !empty($row['add_deny']);
+	while ($row = $smcFunc['db_fetch_assoc']($request)) {
+			$result &= !empty($row['add_deny']);
+	}
 	$smcFunc['db_free_result']($request);
 
 	// If the query returned 1, they can do it... otherwise, they can't.
@@ -1030,9 +1078,10 @@ 
 
 	// If you're doing something on behalf of some "heavy" permissions, validate your session.
 	// (take out the heavy permissions, and if you can't do anything but those, you need a validated session.)
-	if (!allowedTo(array_diff($permission, $heavy_permissions), $boards))
-		validateSession();
-}
+	if (!allowedTo(array_diff($permission, $heavy_permissions), $boards)) {
+			validateSession();
+	}
+	}
 
 /**
  * Return the boards a user has a certain (board) permission on. (array(0) if all.)
@@ -1051,8 +1100,9 @@ 
 	global $user_info, $smcFunc;
 
 	// Arrays are nice, most of the time.
-	if (!is_array($permissions))
-		$permissions = array($permissions);
+	if (!is_array($permissions)) {
+			$permissions = array($permissions);
+	}
 
 	/*
 	 * Set $simple to true to use this function as it were in SMF 2.0.x.
@@ -1064,13 +1114,14 @@ 
 	// Administrators are all powerful, sorry.
 	if ($user_info['is_admin'])
 	{
-		if ($simple)
-			return array(0);
-		else
+		if ($simple) {
+					return array(0);
+		} else
 		{
 			$boards = array();
-			foreach ($permissions as $permission)
-				$boards[$permission] = array(0);
+			foreach ($permissions as $permission) {
+							$boards[$permission] = array(0);
+			}
 
 			return $boards;
 		}
@@ -1102,31 +1153,32 @@ 
 	{
 		if ($simple)
 		{
-			if (empty($row['add_deny']))
-				$deny_boards[] = $row['id_board'];
-			else
-				$boards[] = $row['id_board'];
-		}
-		else
+			if (empty($row['add_deny'])) {
+							$deny_boards[] = $row['id_board'];
+			} else {
+							$boards[] = $row['id_board'];
+			}
+		} else
 		{
-			if (empty($row['add_deny']))
-				$deny_boards[$row['permission']][] = $row['id_board'];
-			else
-				$boards[$row['permission']][] = $row['id_board'];
+			if (empty($row['add_deny'])) {
+							$deny_boards[$row['permission']][] = $row['id_board'];
+			} else {
+							$boards[$row['permission']][] = $row['id_board'];
+			}
 		}
 	}
 	$smcFunc['db_free_result']($request);
 
-	if ($simple)
-		$boards = array_unique(array_values(array_diff($boards, $deny_boards)));
-	else
+	if ($simple) {
+			$boards = array_unique(array_values(array_diff($boards, $deny_boards)));
+	} else
 	{
 		foreach ($permissions as $permission)
 		{
 			// never had it to start with
-			if (empty($boards[$permission]))
-				$boards[$permission] = array();
-			else
+			if (empty($boards[$permission])) {
+							$boards[$permission] = array();
+			} else
 			{
 				// Or it may have been removed
 				$deny_boards[$permission] = isset($deny_boards[$permission]) ? $deny_boards[$permission] : array();
@@ -1162,10 +1214,11 @@ 
 
 
 	// Moderators are free...
-	if (!allowedTo('moderate_board'))
-		$timeLimit = isset($timeOverrides[$error_type]) ? $timeOverrides[$error_type] : $modSettings['spamWaitTime'];
-	else
-		$timeLimit = 2;
+	if (!allowedTo('moderate_board')) {
+			$timeLimit = isset($timeOverrides[$error_type]) ? $timeOverrides[$error_type] : $modSettings['spamWaitTime'];
+	} else {
+			$timeLimit = 2;
+	}
 
 	call_integration_hook('integrate_spam_protection', array(&$timeOverrides, &$timeLimit));
 
@@ -1192,8 +1245,9 @@ 
 	if ($smcFunc['db_affected_rows']() != 1)
 	{
 		// Spammer!  You only have to wait a *few* seconds!
-		if (!$only_return_result)
-			fatal_lang_error($error_type . '_WaitTime_broken', false, array($timeLimit));
+		if (!$only_return_result) {
+					fatal_lang_error($error_type . '_WaitTime_broken', false, array($timeLimit));
+		}
 
 		return true;
 	}
@@ -1211,11 +1265,13 @@ 
  */
 function secureDirectory($path, $attachments = false)
 {
-	if (empty($path))
-		return 'empty_path';
+	if (empty($path)) {
+			return 'empty_path';
+	}
 
-	if (!is_writable($path))
-		return 'path_not_writable';
+	if (!is_writable($path)) {
+			return 'path_not_writable';
+	}
 
 	$directoryname = basename($path);
 
@@ -1227,9 +1283,9 @@ 
 
 RemoveHandler .php .php3 .phtml .cgi .fcgi .pl .fpl .shtml';
 
-	if (file_exists($path . '/.htaccess'))
-		$errors[] = 'htaccess_exists';
-	else
+	if (file_exists($path . '/.htaccess')) {
+			$errors[] = 'htaccess_exists';
+	} else
 	{
 		$fh = @fopen($path . '/.htaccess', 'w');
 		if ($fh) {
@@ -1241,9 +1297,9 @@ 
 		$errors[] = 'htaccess_cannot_create_file';
 	}
 
-	if (file_exists($path . '/index.php'))
-		$errors[] = 'index-php_exists';
-	else
+	if (file_exists($path . '/index.php')) {
+			$errors[] = 'index-php_exists';
+	} else
 	{
 		$fh = @fopen($path . '/index.php', 'w');
 		if ($fh) {
@@ -1270,11 +1326,12 @@ 
 		$errors[] = 'index-php_cannot_create_file';
 	}
 
-	if (!empty($errors))
-		return $errors;
-	else
-		return true;
-}
+	if (!empty($errors)) {
+			return $errors;
+	} else {
+			return true;
+	}
+	}
 
 /**
 * This sets the X-Frame-Options header.
@@ -1287,14 +1344,16 @@ 
 	global $modSettings;
 
 	$option = 'SAMEORIGIN';
-	if (is_null($override) && !empty($modSettings['frame_security']))
-		$option = $modSettings['frame_security'];
-	elseif (in_array($override, array('SAMEORIGIN', 'DENY')))
-		$option = $override;
+	if (is_null($override) && !empty($modSettings['frame_security'])) {
+			$option = $modSettings['frame_security'];
+	} elseif (in_array($override, array('SAMEORIGIN', 'DENY'))) {
+			$option = $override;
+	}
 
 	// Don't bother setting the header if we have disabled it.
-	if ($option == 'DISABLE')
-		return;
+	if ($option == 'DISABLE') {
+			return;
+	}
 
 	// Finally set it.
 	header('x-frame-options: ' . $option);

other/Settings.php

Braces +13 added lines, -8 removed lines

@@ -185,17 +185,21 @@ 
 $tasksdir = $sourcedir . '/tasks';
 
 # Make sure the paths are correct... at least try to fix them.
-if (!file_exists($boarddir) && file_exists(dirname(__FILE__) . '/agreement.txt'))
+if (!file_exists($boarddir) && file_exists(dirname(__FILE__) . '/agreement.txt')) {
 	$boarddir = dirname(__FILE__);
-if (!file_exists($sourcedir) && file_exists($boarddir . '/Sources'))
+}
+if (!file_exists($sourcedir) && file_exists($boarddir . '/Sources')) {
 	$sourcedir = $boarddir . '/Sources';
-if (!file_exists($cachedir) && file_exists($boarddir . '/cache'))
+}
+if (!file_exists($cachedir) && file_exists($boarddir . '/cache')) {
 	$cachedir = $boarddir . '/cache';
+}
 
 ########## Error-Catching ##########
 # Note: You shouldn't touch these settings.
-if (file_exists((isset($cachedir) ? $cachedir : dirname(__FILE__)) . '/db_last_error.php'))
+if (file_exists((isset($cachedir) ? $cachedir : dirname(__FILE__)) . '/db_last_error.php')) {
 	include((isset($cachedir) ? $cachedir : dirname(__FILE__)) . '/db_last_error.php');
+}
 
 if (!isset($db_last_error))
 {
@@ -207,10 +211,11 @@ 
 if (file_exists(dirname(__FILE__) . '/install.php'))
 {
 	$secure = false;
-	if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on')
-		$secure = true;
-	elseif (!empty($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https' || !empty($_SERVER['HTTP_X_FORWARDED_SSL']) && $_SERVER['HTTP_X_FORWARDED_SSL'] == 'on')
-		$secure = true;
+	if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') {
+			$secure = true;
+	} elseif (!empty($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https' || !empty($_SERVER['HTTP_X_FORWARDED_SSL']) && $_SERVER['HTTP_X_FORWARDED_SSL'] == 'on') {
+			$secure = true;
+	}
 
 	header('location: http' . ($secure ? 's' : '') . '://' . (empty($_SERVER['HTTP_HOST']) ? $_SERVER['SERVER_NAME'] . (empty($_SERVER['SERVER_PORT']) || $_SERVER['SERVER_PORT'] == '80' ? '' : ':' . $_SERVER['SERVER_PORT']) : $_SERVER['HTTP_HOST']) . (strtr(dirname($_SERVER['PHP_SELF']), '\\', '/') == '/' ? '' : strtr(dirname($_SERVER['PHP_SELF']), '\\', '/')) . '/install.php'); exit;
 }

Sources/index.php

Braces +2 added lines, -1 removed lines

@@ -12,7 +12,8 @@
 	header('location: ' . $boardurl);
 }
 // Can't find it... just forget it.
-else
+else {
 	exit;
+}
 
 ?>
\ No newline at end of file

avatars/index.php

Braces +2 added lines, -1 removed lines

@@ -12,7 +12,8 @@
 	header('location: ' . $boardurl);
 }
 // Can't find it... just forget it.
-else
+else {
 	exit;
+}
 
 ?>
\ No newline at end of file

attachments/index.php

Braces +2 added lines, -1 removed lines

@@ -12,7 +12,8 @@
 	header('location: ' . $boardurl);
 }
 // Can't find it... just forget it.
-else
+else {
 	exit;
+}
 
 ?>
\ No newline at end of file

custom_avatar/index.php

Braces +2 added lines, -1 removed lines

@@ -12,7 +12,8 @@
 	header('location: ' . $boardurl);
 }
 // Can't find it... just forget it.
-else
+else {
 	exit;
+}
 
 ?>
\ No newline at end of file