SimpleMachines / SMF2.1

Sources/Security.php

Braces +258 added lines, -199 removed lines

@@ -14,8 +14,9 @@ 
  * @version 2.1 Beta 4
  */
 
-if (!defined('SMF'))
+if (!defined('SMF')) {
 	die('No direct access...');
+}
 
 /**
  * Check if the user is who he/she says he is
@@ -42,12 +43,14 @@ 
 	$refreshTime = isset($_GET['xml']) ? 4200 : 3600;
 
 	// Is the security option off?
-	if (!empty($modSettings['securityDisable' . ($type != 'admin' ? '_' . $type : '')]))
-		return;
+	if (!empty($modSettings['securityDisable' . ($type != 'admin' ? '_' . $type : '')])) {
+			return;
+	}
 
 	// Or are they already logged in?, Moderator or admin session is need for this area
-	if ((!empty($_SESSION[$type . '_time']) && $_SESSION[$type . '_time'] + $refreshTime >= time()) || (!empty($_SESSION['admin_time']) && $_SESSION['admin_time'] + $refreshTime >= time()))
-		return;
+	if ((!empty($_SESSION[$type . '_time']) && $_SESSION[$type . '_time'] + $refreshTime >= time()) || (!empty($_SESSION['admin_time']) && $_SESSION['admin_time'] + $refreshTime >= time())) {
+			return;
+	}
 
 	require_once($sourcedir . '/Subs-Auth.php');
 
@@ -55,8 +58,9 @@ 
 	if (isset($_POST[$type . '_pass']))
 	{
 		// Check to ensure we're forcing SSL for authentication
-		if (!empty($modSettings['force_ssl']) && empty($maintenance) && !httpsOn())
-			fatal_lang_error('login_ssl_required');
+		if (!empty($modSettings['force_ssl']) && empty($maintenance) && !httpsOn()) {
+					fatal_lang_error('login_ssl_required');
+		}
 
 		checkSession();
 
@@ -72,17 +76,19 @@ 
 	}
 
 	// Better be sure to remember the real referer
-	if (empty($_SESSION['request_referer']))
-		$_SESSION['request_referer'] = isset($_SERVER['HTTP_REFERER']) ? @parse_url($_SERVER['HTTP_REFERER']) : array();
-	elseif (empty($_POST))
-		unset($_SESSION['request_referer']);
+	if (empty($_SESSION['request_referer'])) {
+			$_SESSION['request_referer'] = isset($_SERVER['HTTP_REFERER']) ? @parse_url($_SERVER['HTTP_REFERER']) : array();
+	} elseif (empty($_POST)) {
+			unset($_SESSION['request_referer']);
+	}
 
 	// Need to type in a password for that, man.
-	if (!isset($_GET['xml']))
-		adminLogin($type);
-	else
-		return 'session_verify_fail';
-}
+	if (!isset($_GET['xml'])) {
+			adminLogin($type);
+	} else {
+			return 'session_verify_fail';
+	}
+	}
 
 /**
  * Require a user who is logged in. (not a guest.)
@@ -96,25 +102,30 @@ 
 	global $user_info, $txt, $context, $scripturl, $modSettings;
 
 	// Luckily, this person isn't a guest.
-	if (!$user_info['is_guest'])
-		return;
+	if (!$user_info['is_guest']) {
+			return;
+	}
 
 	// Log what they were trying to do didn't work)
-	if (!empty($modSettings['who_enabled']))
-		$_GET['error'] = 'guest_login';
+	if (!empty($modSettings['who_enabled'])) {
+			$_GET['error'] = 'guest_login';
+	}
 	writeLog(true);
 
 	// Just die.
-	if (isset($_REQUEST['xml']))
-		obExit(false);
+	if (isset($_REQUEST['xml'])) {
+			obExit(false);
+	}
 
 	// Attempt to detect if they came from dlattach.
-	if (SMF != 'SSI' && empty($context['theme_loaded']))
-		loadTheme();
+	if (SMF != 'SSI' && empty($context['theme_loaded'])) {
+			loadTheme();
+	}
 
 	// Never redirect to an attachment
-	if (strpos($_SERVER['REQUEST_URL'], 'dlattach') === false)
-		$_SESSION['login_url'] = $_SERVER['REQUEST_URL'];
+	if (strpos($_SERVER['REQUEST_URL'], 'dlattach') === false) {
+			$_SESSION['login_url'] = $_SERVER['REQUEST_URL'];
+	}
 
 	// Load the Login template and language file.
 	loadLanguage('Login');
@@ -124,8 +135,7 @@ 
 	{
 		$_SESSION['login_url'] = $scripturl . '?' . $_SERVER['QUERY_STRING'];
 		redirectexit('action=login');
-	}
-	else
+	} else
 	{
 		loadTemplate('Login');
 		$context['sub_template'] = 'kick_guest';
@@ -155,8 +165,9 @@ 
 	global $sourcedir, $cookiename, $user_settings, $smcFunc;
 
 	// You cannot be banned if you are an admin - doesn't help if you log out.
-	if ($user_info['is_admin'])
-		return;
+	if ($user_info['is_admin']) {
+			return;
+	}
 
 	// Only check the ban every so often. (to reduce load.)
 	if ($forceCheck || !isset($_SESSION['ban']) || empty($modSettings['banLastUpdated']) || ($_SESSION['ban']['last_checked'] < $modSettings['banLastUpdated']) || $_SESSION['ban']['id_member'] != $user_info['id'] || $_SESSION['ban']['ip'] != $user_info['ip'] || $_SESSION['ban']['ip2'] != $user_info['ip2'] || (isset($user_info['email'], $_SESSION['ban']['email']) && $_SESSION['ban']['email'] != $user_info['email']))
@@ -177,8 +188,9 @@ 
 		// Check both IP addresses.
 		foreach (array('ip', 'ip2') as $ip_number)
 		{
-			if ($ip_number == 'ip2' && $user_info['ip2'] == $user_info['ip'])
-				continue;
+			if ($ip_number == 'ip2' && $user_info['ip2'] == $user_info['ip']) {
+							continue;
+			}
 			$ban_query[] = ' {inet:' . $ip_number . '} BETWEEN bi.ip_low and bi.ip_high';
 			$ban_query_vars[$ip_number] = $user_info[$ip_number];
 			// IP was valid, maybe there's also a hostname...
@@ -228,24 +240,28 @@ 
 			// Store every type of ban that applies to you in your session.
 			while ($row = $smcFunc['db_fetch_assoc']($request))
 			{
-				foreach ($restrictions as $restriction)
-					if (!empty($row[$restriction]))
+				foreach ($restrictions as $restriction) {
+									if (!empty($row[$restriction]))
 					{
 						$_SESSION['ban'][$restriction]['reason'] = $row['reason'];
+				}
 						$_SESSION['ban'][$restriction]['ids'][] = $row['id_ban'];
-						if (!isset($_SESSION['ban']['expire_time']) || ($_SESSION['ban']['expire_time'] != 0 && ($row['expire_time'] == 0 || $row['expire_time'] > $_SESSION['ban']['expire_time'])))
-							$_SESSION['ban']['expire_time'] = $row['expire_time'];
+						if (!isset($_SESSION['ban']['expire_time']) || ($_SESSION['ban']['expire_time'] != 0 && ($row['expire_time'] == 0 || $row['expire_time'] > $_SESSION['ban']['expire_time']))) {
+													$_SESSION['ban']['expire_time'] = $row['expire_time'];
+						}
 
-						if (!$user_info['is_guest'] && $restriction == 'cannot_access' && ($row['id_member'] == $user_info['id'] || $row['email_address'] == $user_info['email']))
-							$flag_is_activated = true;
+						if (!$user_info['is_guest'] && $restriction == 'cannot_access' && ($row['id_member'] == $user_info['id'] || $row['email_address'] == $user_info['email'])) {
+													$flag_is_activated = true;
+						}
 					}
 			}
 			$smcFunc['db_free_result']($request);
 		}
 
 		// Mark the cannot_access and cannot_post bans as being 'hit'.
-		if (isset($_SESSION['ban']['cannot_access']) || isset($_SESSION['ban']['cannot_post']) || isset($_SESSION['ban']['cannot_login']))
-			log_ban(array_merge(isset($_SESSION['ban']['cannot_access']) ? $_SESSION['ban']['cannot_access']['ids'] : array(), isset($_SESSION['ban']['cannot_post']) ? $_SESSION['ban']['cannot_post']['ids'] : array(), isset($_SESSION['ban']['cannot_login']) ? $_SESSION['ban']['cannot_login']['ids'] : array()));
+		if (isset($_SESSION['ban']['cannot_access']) || isset($_SESSION['ban']['cannot_post']) || isset($_SESSION['ban']['cannot_login'])) {
+					log_ban(array_merge(isset($_SESSION['ban']['cannot_access']) ? $_SESSION['ban']['cannot_access']['ids'] : array(), isset($_SESSION['ban']['cannot_post']) ? $_SESSION['ban']['cannot_post']['ids'] : array(), isset($_SESSION['ban']['cannot_login']) ? $_SESSION['ban']['cannot_login']['ids'] : array()));
+		}
 
 		// If for whatever reason the is_activated flag seems wrong, do a little work to clear it up.
 		if ($user_info['id'] && (($user_settings['is_activated'] >= 10 && !$flag_is_activated)
@@ -260,8 +276,9 @@ 
 	if (!isset($_SESSION['ban']['cannot_access']) && !empty($_COOKIE[$cookiename . '_']))
 	{
 		$bans = explode(',', $_COOKIE[$cookiename . '_']);
-		foreach ($bans as $key => $value)
-			$bans[$key] = (int) $value;
+		foreach ($bans as $key => $value) {
+					$bans[$key] = (int) $value;
+		}
 		$request = $smcFunc['db_query']('', '
 			SELECT bi.id_ban, bg.reason
 			FROM {db_prefix}ban_items AS bi
@@ -297,14 +314,15 @@ 
 	if (isset($_SESSION['ban']['cannot_access']))
 	{
 		// We don't wanna see you!
-		if (!$user_info['is_guest'])
-			$smcFunc['db_query']('', '
+		if (!$user_info['is_guest']) {
+					$smcFunc['db_query']('', '
 				DELETE FROM {db_prefix}log_online
 				WHERE id_member = {int:current_member}',
 				array(
 					'current_member' => $user_info['id'],
 				)
 			);
+		}
 
 		// 'Log' the user out.  Can't have any funny business... (save the name!)
 		$old_name = isset($user_info['name']) && $user_info['name'] != '' ? $user_info['name'] : $txt['guest_title'];
@@ -390,9 +408,10 @@ 
 	}
 
 	// Fix up the banning permissions.
-	if (isset($user_info['permissions']))
-		banPermissions();
-}
+	if (isset($user_info['permissions'])) {
+			banPermissions();
+	}
+	}
 
 /**
  * Fix permissions according to ban status.
@@ -403,8 +422,9 @@ 
 	global $user_info, $sourcedir, $modSettings, $context;
 
 	// Somehow they got here, at least take away all permissions...
-	if (isset($_SESSION['ban']['cannot_access']))
-		$user_info['permissions'] = array();
+	if (isset($_SESSION['ban']['cannot_access'])) {
+			$user_info['permissions'] = array();
+	}
 	// Okay, well, you can watch, but don't touch a thing.
 	elseif (isset($_SESSION['ban']['cannot_post']) || (!empty($modSettings['warning_mute']) && $modSettings['warning_mute'] <= $user_info['warning']))
 	{
@@ -446,19 +466,20 @@ 
 		call_integration_hook('integrate_warn_permissions', array(&$permission_change));
 		foreach ($permission_change as $old => $new)
 		{
-			if (!in_array($old, $user_info['permissions']))
-				unset($permission_change[$old]);
-			else
-				$user_info['permissions'][] = $new;
+			if (!in_array($old, $user_info['permissions'])) {
+							unset($permission_change[$old]);
+			} else {
+							$user_info['permissions'][] = $new;
+			}
 		}
 		$user_info['permissions'] = array_diff($user_info['permissions'], array_keys($permission_change));
 	}
 
 	// @todo Find a better place to call this? Needs to be after permissions loaded!
 	// Finally, some bits we cache in the session because it saves queries.
-	if (isset($_SESSION['mc']) && $_SESSION['mc']['time'] > $modSettings['settings_updated'] && $_SESSION['mc']['id'] == $user_info['id'])
-		$user_info['mod_cache'] = $_SESSION['mc'];
-	else
+	if (isset($_SESSION['mc']) && $_SESSION['mc']['time'] > $modSettings['settings_updated'] && $_SESSION['mc']['id'] == $user_info['id']) {
+			$user_info['mod_cache'] = $_SESSION['mc'];
+	} else
 	{
 		require_once($sourcedir . '/Subs-Auth.php');
 		rebuildModCache();
@@ -469,14 +490,12 @@ 
 	{
 		$context['open_mod_reports'] = $_SESSION['rc']['reports'];
 		$context['open_member_reports'] = $_SESSION['rc']['member_reports'];
-	}
-	elseif ($_SESSION['mc']['bq'] != '0=1')
+	} elseif ($_SESSION['mc']['bq'] != '0=1')
 	{
 		require_once($sourcedir . '/Subs-ReportedContent.php');
 		$context['open_mod_reports'] = recountOpenReports('posts');
 		$context['open_member_reports'] = recountOpenReports('members');
-	}
-	else
+	} else
 	{
 		$context['open_mod_reports'] = 0;
 		$context['open_member_reports'] = 0;
@@ -496,8 +515,9 @@ 
 	global $user_info, $smcFunc;
 
 	// Don't log web accelerators, it's very confusing...
-	if (isset($_SERVER['HTTP_X_MOZ']) && $_SERVER['HTTP_X_MOZ'] == 'prefetch')
-		return;
+	if (isset($_SERVER['HTTP_X_MOZ']) && $_SERVER['HTTP_X_MOZ'] == 'prefetch') {
+			return;
+	}
 
 	$smcFunc['db_insert']('',
 		'{db_prefix}log_banned',
@@ -507,8 +527,8 @@ 
 	);
 
 	// One extra point for these bans.
-	if (!empty($ban_ids))
-		$smcFunc['db_query']('', '
+	if (!empty($ban_ids)) {
+			$smcFunc['db_query']('', '
 			UPDATE {db_prefix}ban_items
 			SET hits = hits + 1
 			WHERE id_ban IN ({array_int:ban_ids})',
@@ -516,7 +536,8 @@ 
 				'ban_ids' => $ban_ids,
 			)
 		);
-}
+	}
+	}
 
 /**
  * Checks if a given email address might be banned.
@@ -532,8 +553,9 @@ 
 	global $txt, $smcFunc;
 
 	// Can't ban an empty email
-	if (empty($email) || trim($email) == '')
-		return;
+	if (empty($email) || trim($email) == '') {
+			return;
+	}
 
 	// Let's start with the bans based on your IP/hostname/memberID...
 	$ban_ids = isset($_SESSION['ban'][$restriction]) ? $_SESSION['ban'][$restriction]['ids'] : array();
@@ -606,16 +628,18 @@ 
 	if ($type == 'post')
 	{
 		$check = isset($_POST[$_SESSION['session_var']]) ? $_POST[$_SESSION['session_var']] : (empty($modSettings['strictSessionCheck']) && isset($_POST['sc']) ? $_POST['sc'] : null);
-		if ($check !== $sc)
-			$error = 'session_timeout';
+		if ($check !== $sc) {
+					$error = 'session_timeout';
+		}
 	}
 
 	// How about $_GET['sesc']?
 	elseif ($type == 'get')
 	{
 		$check = isset($_GET[$_SESSION['session_var']]) ? $_GET[$_SESSION['session_var']] : (empty($modSettings['strictSessionCheck']) && isset($_GET['sesc']) ? $_GET['sesc'] : null);
-		if ($check !== $sc)
-			$error = 'session_verify_fail';
+		if ($check !== $sc) {
+					$error = 'session_verify_fail';
+		}
 	}
 
 	// Or can it be in either?
@@ -623,13 +647,15 @@ 
 	{
 		$check = isset($_GET[$_SESSION['session_var']]) ? $_GET[$_SESSION['session_var']] : (empty($modSettings['strictSessionCheck']) && isset($_GET['sesc']) ? $_GET['sesc'] : (isset($_POST[$_SESSION['session_var']]) ? $_POST[$_SESSION['session_var']] : (empty($modSettings['strictSessionCheck']) && isset($_POST['sc']) ? $_POST['sc'] : null)));
 
-		if ($check !== $sc)
-			$error = 'session_verify_fail';
+		if ($check !== $sc) {
+					$error = 'session_verify_fail';
+		}
 	}
 
 	// Verify that they aren't changing user agents on us - that could be bad.
-	if ((!isset($_SESSION['USER_AGENT']) || $_SESSION['USER_AGENT'] != $_SERVER['HTTP_USER_AGENT']) && empty($modSettings['disableCheckUA']))
-		$error = 'session_verify_fail';
+	if ((!isset($_SESSION['USER_AGENT']) || $_SESSION['USER_AGENT'] != $_SERVER['HTTP_USER_AGENT']) && empty($modSettings['disableCheckUA'])) {
+			$error = 'session_verify_fail';
+	}
 
 	// Make sure a page with session check requirement is not being prefetched.
 	if (isset($_SERVER['HTTP_X_MOZ']) && $_SERVER['HTTP_X_MOZ'] == 'prefetch')
@@ -640,30 +666,35 @@ 
 	}
 
 	// Check the referring site - it should be the same server at least!
-	if (isset($_SESSION['request_referer']))
-		$referrer = $_SESSION['request_referer'];
-	else
-		$referrer = isset($_SERVER['HTTP_REFERER']) ? @parse_url($_SERVER['HTTP_REFERER']) : array();
+	if (isset($_SESSION['request_referer'])) {
+			$referrer = $_SESSION['request_referer'];
+	} else {
+			$referrer = isset($_SERVER['HTTP_REFERER']) ? @parse_url($_SERVER['HTTP_REFERER']) : array();
+	}
 	if (!empty($referrer['host']))
 	{
-		if (strpos($_SERVER['HTTP_HOST'], ':') !== false)
-			$real_host = substr($_SERVER['HTTP_HOST'], 0, strpos($_SERVER['HTTP_HOST'], ':'));
-		else
-			$real_host = $_SERVER['HTTP_HOST'];
+		if (strpos($_SERVER['HTTP_HOST'], ':') !== false) {
+					$real_host = substr($_SERVER['HTTP_HOST'], 0, strpos($_SERVER['HTTP_HOST'], ':'));
+		} else {
+					$real_host = $_SERVER['HTTP_HOST'];
+		}
 
 		$parsed_url = parse_url($boardurl);
 
 		// Are global cookies on?  If so, let's check them ;).
 		if (!empty($modSettings['globalCookies']))
 		{
-			if (preg_match('~(?:[^\.]+\.)?([^\.]{3,}\..+)\z~i', $parsed_url['host'], $parts) == 1)
-				$parsed_url['host'] = $parts[1];
+			if (preg_match('~(?:[^\.]+\.)?([^\.]{3,}\..+)\z~i', $parsed_url['host'], $parts) == 1) {
+							$parsed_url['host'] = $parts[1];
+			}
 
-			if (preg_match('~(?:[^\.]+\.)?([^\.]{3,}\..+)\z~i', $referrer['host'], $parts) == 1)
-				$referrer['host'] = $parts[1];
+			if (preg_match('~(?:[^\.]+\.)?([^\.]{3,}\..+)\z~i', $referrer['host'], $parts) == 1) {
+							$referrer['host'] = $parts[1];
+			}
 
-			if (preg_match('~(?:[^\.]+\.)?([^\.]{3,}\..+)\z~i', $real_host, $parts) == 1)
-				$real_host = $parts[1];
+			if (preg_match('~(?:[^\.]+\.)?([^\.]{3,}\..+)\z~i', $real_host, $parts) == 1) {
+							$real_host = $parts[1];
+			}
 		}
 
 		// Okay: referrer must either match parsed_url or real_host.
@@ -681,12 +712,14 @@ 
 		$log_error = true;
 	}
 
-	if (strtolower($_SERVER['HTTP_USER_AGENT']) == 'hacker')
-		fatal_error('Sound the alarm!  It\'s a hacker!  Close the castle gates!!', false);
+	if (strtolower($_SERVER['HTTP_USER_AGENT']) == 'hacker') {
+			fatal_error('Sound the alarm!  It\'s a hacker!  Close the castle gates!!', false);
+	}
 
 	// Everything is ok, return an empty string.
-	if (!isset($error))
-		return '';
+	if (!isset($error)) {
+			return '';
+	}
 	// A session error occurred, show the error.
 	elseif ($is_fatal)
 	{
@@ -695,13 +728,14 @@ 
 			ob_end_clean();
 			header('HTTP/1.1 403 Forbidden - Session timeout');
 			die;
+		} else {
+					fatal_lang_error($error, isset($log_error) ? 'user' : false);
 		}
-		else
-			fatal_lang_error($error, isset($log_error) ? 'user' : false);
 	}
 	// A session error occurred, return the error to the calling function.
-	else
-		return $error;
+	else {
+			return $error;
+	}
 
 	// We really should never fall through here, for very important reasons.  Let's make sure.
 	trigger_error('Hacking attempt...', E_USER_ERROR);
@@ -717,10 +751,9 @@ 
 {
 	global $modSettings;
 
-	if (isset($_GET['confirm']) && isset($_SESSION['confirm_' . $action]) && md5($_GET['confirm'] . $_SERVER['HTTP_USER_AGENT']) == $_SESSION['confirm_' . $action])
-		return true;
-
-	else
+	if (isset($_GET['confirm']) && isset($_SESSION['confirm_' . $action]) && md5($_GET['confirm'] . $_SERVER['HTTP_USER_AGENT']) == $_SESSION['confirm_' . $action]) {
+			return true;
+	} else
 	{
 		$token = md5(mt_rand() . session_id() . (string) microtime() . $modSettings['rand_seed']);
 		$_SESSION['confirm_' . $action] = md5($token . $_SERVER['HTTP_USER_AGENT']);
@@ -771,9 +804,9 @@ 
 			$return = $_SESSION['token'][$type . '-' . $action][3];
 			unset($_SESSION['token'][$type . '-' . $action]);
 			return $return;
+		} else {
+					return '';
 		}
-		else
-			return '';
 	}
 
 	// This nasty piece of code validates a token.
@@ -804,12 +837,14 @@ 
 		fatal_lang_error('token_verify_fail', false);
 	}
 	// Remove this token as its useless
-	else
-		unset($_SESSION['token'][$type . '-' . $action]);
+	else {
+			unset($_SESSION['token'][$type . '-' . $action]);
+	}
 
 	// Randomly check if we should remove some older tokens.
-	if (mt_rand(0, 138) == 23)
-		cleanTokens();
+	if (mt_rand(0, 138) == 23) {
+			cleanTokens();
+	}
 
 	return false;
 }
@@ -824,14 +859,16 @@ 
 function cleanTokens($complete = false)
 {
 	// We appreciate cleaning up after yourselves.
-	if (!isset($_SESSION['token']))
-		return;
+	if (!isset($_SESSION['token'])) {
+			return;
+	}
 
 	// Clean up tokens, trying to give enough time still.
-	foreach ($_SESSION['token'] as $key => $data)
-		if ($data[2] + 10800 < time() || $complete)
+	foreach ($_SESSION['token'] as $key => $data) {
+			if ($data[2] + 10800 < time() || $complete)
 			unset($_SESSION['token'][$key]);
-}
+	}
+	}
 
 /**
  * Check whether a form has been submitted twice.
@@ -849,37 +886,40 @@ 
 {
 	global $context;
 
-	if (!isset($_SESSION['forms']))
-		$_SESSION['forms'] = array();
+	if (!isset($_SESSION['forms'])) {
+			$_SESSION['forms'] = array();
+	}
 
 	// Register a form number and store it in the session stack. (use this on the page that has the form.)
 	if ($action == 'register')
 	{
 		$context['form_sequence_number'] = 0;
-		while (empty($context['form_sequence_number']) || in_array($context['form_sequence_number'], $_SESSION['forms']))
-			$context['form_sequence_number'] = mt_rand(1, 16000000);
+		while (empty($context['form_sequence_number']) || in_array($context['form_sequence_number'], $_SESSION['forms'])) {
+					$context['form_sequence_number'] = mt_rand(1, 16000000);
+		}
 	}
 	// Check whether the submitted number can be found in the session.
 	elseif ($action == 'check')
 	{
-		if (!isset($_REQUEST['seqnum']))
-			return true;
-		elseif (!in_array($_REQUEST['seqnum'], $_SESSION['forms']))
+		if (!isset($_REQUEST['seqnum'])) {
+					return true;
+		} elseif (!in_array($_REQUEST['seqnum'], $_SESSION['forms']))
 		{
 			$_SESSION['forms'][] = (int) $_REQUEST['seqnum'];
 			return true;
+		} elseif ($is_fatal) {
+					fatal_lang_error('error_form_already_submitted', false);
+		} else {
+					return false;
 		}
-		elseif ($is_fatal)
-			fatal_lang_error('error_form_already_submitted', false);
-		else
-			return false;
 	}
 	// Don't check, just free the stack number.
-	elseif ($action == 'free' && isset($_REQUEST['seqnum']) && in_array($_REQUEST['seqnum'], $_SESSION['forms']))
-		$_SESSION['forms'] = array_diff($_SESSION['forms'], array($_REQUEST['seqnum']));
-	elseif ($action != 'free')
-		trigger_error('checkSubmitOnce(): Invalid action \'' . $action . '\'', E_USER_WARNING);
-}
+	elseif ($action == 'free' && isset($_REQUEST['seqnum']) && in_array($_REQUEST['seqnum'], $_SESSION['forms'])) {
+			$_SESSION['forms'] = array_diff($_SESSION['forms'], array($_REQUEST['seqnum']));
+	} elseif ($action != 'free') {
+			trigger_error('checkSubmitOnce(): Invalid action \'' . $action . '\'', E_USER_WARNING);
+	}
+	}
 
 /**
  * Check the user's permissions.
@@ -898,16 +938,19 @@ 
 	global $user_info, $smcFunc;
 
 	// You're always allowed to do nothing. (unless you're a working man, MR. LAZY :P!)
-	if (empty($permission))
-		return true;
+	if (empty($permission)) {
+			return true;
+	}
 
 	// You're never allowed to do something if your data hasn't been loaded yet!
-	if (empty($user_info))
-		return false;
+	if (empty($user_info)) {
+			return false;
+	}
 
 	// Administrators are supermen :P.
-	if ($user_info['is_admin'])
-		return true;
+	if ($user_info['is_admin']) {
+			return true;
+	}
 
 	// Let's ensure this is an array.
 	$permission = (array) $permission;
@@ -915,14 +958,16 @@ 
 	// Are we checking the _current_ board, or some other boards?
 	if ($boards === null)
 	{
-		if (count(array_intersect($permission, $user_info['permissions'])) != 0)
-			return true;
+		if (count(array_intersect($permission, $user_info['permissions'])) != 0) {
+					return true;
+		}
 		// You aren't allowed, by default.
-		else
-			return false;
+		else {
+					return false;
+		}
+	} elseif (!is_array($boards)) {
+			$boards = array($boards);
 	}
-	elseif (!is_array($boards))
-		$boards = array($boards);
 
 	$request = $smcFunc['db_query']('', '
 		SELECT MIN(bp.add_deny) AS add_deny
@@ -950,20 +995,23 @@ 
 		while ($row = $smcFunc['db_fetch_assoc']($request))
 		{
 			$result = !empty($row['add_deny']);
-			if ($result == true)
-				break;
+			if ($result == true) {
+							break;
+			}
 		}
 		$smcFunc['db_free_result']($request);
 		return $result;
 	}
 
 	// Make sure they can do it on all of the boards.
-	if ($smcFunc['db_num_rows']($request) != count($boards))
-		return false;
+	if ($smcFunc['db_num_rows']($request) != count($boards)) {
+			return false;
+	}
 
 	$result = true;
-	while ($row = $smcFunc['db_fetch_assoc']($request))
-		$result &= !empty($row['add_deny']);
+	while ($row = $smcFunc['db_fetch_assoc']($request)) {
+			$result &= !empty($row['add_deny']);
+	}
 	$smcFunc['db_free_result']($request);
 
 	// If the query returned 1, they can do it... otherwise, they can't.
@@ -1030,9 +1078,10 @@ 
 
 	// If you're doing something on behalf of some "heavy" permissions, validate your session.
 	// (take out the heavy permissions, and if you can't do anything but those, you need a validated session.)
-	if (!allowedTo(array_diff($permission, $heavy_permissions), $boards))
-		validateSession();
-}
+	if (!allowedTo(array_diff($permission, $heavy_permissions), $boards)) {
+			validateSession();
+	}
+	}
 
 /**
  * Return the boards a user has a certain (board) permission on. (array(0) if all.)
@@ -1051,8 +1100,9 @@ 
 	global $user_info, $smcFunc;
 
 	// Arrays are nice, most of the time.
-	if (!is_array($permissions))
-		$permissions = array($permissions);
+	if (!is_array($permissions)) {
+			$permissions = array($permissions);
+	}
 
 	/*
 	 * Set $simple to true to use this function as it were in SMF 2.0.x.
@@ -1064,13 +1114,14 @@ 
 	// Administrators are all powerful, sorry.
 	if ($user_info['is_admin'])
 	{
-		if ($simple)
-			return array(0);
-		else
+		if ($simple) {
+					return array(0);
+		} else
 		{
 			$boards = array();
-			foreach ($permissions as $permission)
-				$boards[$permission] = array(0);
+			foreach ($permissions as $permission) {
+							$boards[$permission] = array(0);
+			}
 
 			return $boards;
 		}
@@ -1102,31 +1153,32 @@ 
 	{
 		if ($simple)
 		{
-			if (empty($row['add_deny']))
-				$deny_boards[] = $row['id_board'];
-			else
-				$boards[] = $row['id_board'];
-		}
-		else
+			if (empty($row['add_deny'])) {
+							$deny_boards[] = $row['id_board'];
+			} else {
+							$boards[] = $row['id_board'];
+			}
+		} else
 		{
-			if (empty($row['add_deny']))
-				$deny_boards[$row['permission']][] = $row['id_board'];
-			else
-				$boards[$row['permission']][] = $row['id_board'];
+			if (empty($row['add_deny'])) {
+							$deny_boards[$row['permission']][] = $row['id_board'];
+			} else {
+							$boards[$row['permission']][] = $row['id_board'];
+			}
 		}
 	}
 	$smcFunc['db_free_result']($request);
 
-	if ($simple)
-		$boards = array_unique(array_values(array_diff($boards, $deny_boards)));
-	else
+	if ($simple) {
+			$boards = array_unique(array_values(array_diff($boards, $deny_boards)));
+	} else
 	{
 		foreach ($permissions as $permission)
 		{
 			// never had it to start with
-			if (empty($boards[$permission]))
-				$boards[$permission] = array();
-			else
+			if (empty($boards[$permission])) {
+							$boards[$permission] = array();
+			} else
 			{
 				// Or it may have been removed
 				$deny_boards[$permission] = isset($deny_boards[$permission]) ? $deny_boards[$permission] : array();
@@ -1162,10 +1214,11 @@ 
 
 
 	// Moderators are free...
-	if (!allowedTo('moderate_board'))
-		$timeLimit = isset($timeOverrides[$error_type]) ? $timeOverrides[$error_type] : $modSettings['spamWaitTime'];
-	else
-		$timeLimit = 2;
+	if (!allowedTo('moderate_board')) {
+			$timeLimit = isset($timeOverrides[$error_type]) ? $timeOverrides[$error_type] : $modSettings['spamWaitTime'];
+	} else {
+			$timeLimit = 2;
+	}
 
 	call_integration_hook('integrate_spam_protection', array(&$timeOverrides, &$timeLimit));
 
@@ -1192,8 +1245,9 @@ 
 	if ($smcFunc['db_affected_rows']() != 1)
 	{
 		// Spammer!  You only have to wait a *few* seconds!
-		if (!$only_return_result)
-			fatal_lang_error($error_type . '_WaitTime_broken', false, array($timeLimit));
+		if (!$only_return_result) {
+					fatal_lang_error($error_type . '_WaitTime_broken', false, array($timeLimit));
+		}
 
 		return true;
 	}
@@ -1211,11 +1265,13 @@ 
  */
 function secureDirectory($path, $attachments = false)
 {
-	if (empty($path))
-		return 'empty_path';
+	if (empty($path)) {
+			return 'empty_path';
+	}
 
-	if (!is_writable($path))
-		return 'path_not_writable';
+	if (!is_writable($path)) {
+			return 'path_not_writable';
+	}
 
 	$directoryname = basename($path);
 
@@ -1227,9 +1283,9 @@ 
 
 RemoveHandler .php .php3 .phtml .cgi .fcgi .pl .fpl .shtml';
 
-	if (file_exists($path . '/.htaccess'))
-		$errors[] = 'htaccess_exists';
-	else
+	if (file_exists($path . '/.htaccess')) {
+			$errors[] = 'htaccess_exists';
+	} else
 	{
 		$fh = @fopen($path . '/.htaccess', 'w');
 		if ($fh)
@@ -1242,9 +1298,9 @@ 
 		$errors[] = 'htaccess_cannot_create_file';
 	}
 
-	if (file_exists($path . '/index.php'))
-		$errors[] = 'index-php_exists';
-	else
+	if (file_exists($path . '/index.php')) {
+			$errors[] = 'index-php_exists';
+	} else
 	{
 		$fh = @fopen($path . '/index.php', 'w');
 		if ($fh)
@@ -1272,11 +1328,12 @@ 
 		$errors[] = 'index-php_cannot_create_file';
 	}
 
-	if (!empty($errors))
-		return $errors;
-	else
-		return true;
-}
+	if (!empty($errors)) {
+			return $errors;
+	} else {
+			return true;
+	}
+	}
 
 /**
 * This sets the X-Frame-Options header.
@@ -1289,14 +1346,16 @@ 
 	global $modSettings;
 
 	$option = 'SAMEORIGIN';
-	if (is_null($override) && !empty($modSettings['frame_security']))
-		$option = $modSettings['frame_security'];
-	elseif (in_array($override, array('SAMEORIGIN', 'DENY')))
-		$option = $override;
+	if (is_null($override) && !empty($modSettings['frame_security'])) {
+			$option = $modSettings['frame_security'];
+	} elseif (in_array($override, array('SAMEORIGIN', 'DENY'))) {
+			$option = $override;
+	}
 
 	// Don't bother setting the header if we have disabled it.
-	if ($option == 'DISABLE')
-		return;
+	if ($option == 'DISABLE') {
+			return;
+	}
 
 	// Finally set it.
 	header('x-frame-options: ' . $option);

Sources/tasks/Likes-Notify.php

Braces +22 added lines, -16 removed lines

@@ -51,34 +51,38 @@ 
 				$ignored_members = explode(',', $row['pm_ignore_list']);
 
 				// If the user is in group 1 anywhere, they can see everything anyway.
-				if (in_array(1, $groups) || count(array_intersect($allowed, $groups)) != 0)
-					$author = $row['id_member'];
+				if (in_array(1, $groups) || count(array_intersect($allowed, $groups)) != 0) {
+									$author = $row['id_member'];
+				}
 			}
 			$smcFunc['db_free_result']($request);
-		}
-		else
+		} else
 		{
 			// This isn't something we know natively how to support. Call the hooks, if they're dealing with it, return false, otherwise return the user id.
 			$hook_results = call_integration_hook('integrate_find_like_author', array($this->_details['content_type'], $this->_details['content_id']));
-			foreach ($hook_results as $result)
-				if (!empty($result))
+			foreach ($hook_results as $result) {
+							if (!empty($result))
 				{
 					$author = $result;
+			}
 					break;
 				}
 		}
 
 		// If we didn't have a member... leave.
-		if (empty($author))
-			return true;
+		if (empty($author)) {
+					return true;
+		}
 
 		// If the person who sent the notification is the person whose content it is, do nothing.
-		if ($author == $this->_details['sender_id'])
-			return true;
+		if ($author == $this->_details['sender_id']) {
+					return true;
+		}
 
 		// If the person who sent the notification is on this person's ignore list, do nothing.
-		if (!empty($ignored_members) && in_array($this->_details['sender_id'], $ignored_members))
-			return true;
+		if (!empty($ignored_members) && in_array($this->_details['sender_id'], $ignored_members)) {
+					return true;
+		}
 
 		require_once($sourcedir . '/Subs-Notify.php');
 		$prefs = getNotifyPrefs($author, $this->_details['content_type'] . '_like', true);
@@ -87,8 +91,9 @@ 
 		// As a result, the value should really just be non empty.
 
 		// Check the value. If no value or it's empty, they didn't want alerts, oh well.
-		if (empty($prefs[$author][$this->_details['content_type'] . '_like']))
-			return true;
+		if (empty($prefs[$author][$this->_details['content_type'] . '_like'])) {
+					return true;
+		}
 
 		// Don't spam the alerts: if there is an existing unread alert of the
 		// requested type for the target user from the sender, don't make a new one.
@@ -108,8 +113,9 @@ 
 			)
 		);
 
-		if ($smcFunc['db_num_rows']($request) > 0)
-			return true;
+		if ($smcFunc['db_num_rows']($request) > 0) {
+					return true;
+		}
 		$smcFunc['db_free_result']($request);
 
 		// Issue, update, move on.

Sources/Memberlist.php

Braces +84 added lines, -65 removed lines

@@ -14,8 +14,9 @@ 
  * @version 2.1 Beta 4
  */
 
-if (!defined('SMF'))
+if (!defined('SMF')) {
 	die('No direct access...');
+}
 
 /**
  * Shows a listing of registered members.
@@ -110,8 +111,9 @@ 
 
 	$context['custom_profile_fields'] = getCustFieldsMList();
 
-	if (!empty($context['custom_profile_fields']['columns']))
-		$context['columns'] += $context['custom_profile_fields']['columns'];
+	if (!empty($context['custom_profile_fields']['columns'])) {
+			$context['columns'] += $context['custom_profile_fields']['columns'];
+	}
 
 	$context['colspan'] = 0;
 	$context['disabled_fields'] = isset($modSettings['disabled_profile_fields']) ? array_flip(explode(',', $modSettings['disabled_profile_fields'])) : array();
@@ -147,12 +149,12 @@ 
 	call_integration_hook('integrate_memberlist_buttons');
 
 	// Jump to the sub action.
-	if (isset($subActions[$context['listing_by']]))
-		call_helper($subActions[$context['listing_by']][1]);
-
-	else
-		call_helper($subActions['all'][1]);
-}
+	if (isset($subActions[$context['listing_by']])) {
+			call_helper($subActions[$context['listing_by']][1]);
+	} else {
+			call_helper($subActions['all'][1]);
+	}
+	}
 
 /**
  * List all members, page by page, with sorting.
@@ -177,8 +179,9 @@ 
 	if ($use_cache)
 	{
 		// Maybe there's something cached already.
-		if (!empty($modSettings['memberlist_cache']))
-			$memberlist_cache = $smcFunc['json_decode']($modSettings['memberlist_cache'], true);
+		if (!empty($modSettings['memberlist_cache'])) {
+					$memberlist_cache = $smcFunc['json_decode']($modSettings['memberlist_cache'], true);
+		}
 
 		// The chunk size for the cached index.
 		$cache_step_size = 500;
@@ -234,13 +237,15 @@ 
 	}
 
 	// Set defaults for sort (real_name) and start. (0)
-	if (!isset($_REQUEST['sort']) || !isset($context['columns'][$_REQUEST['sort']]))
-		$_REQUEST['sort'] = 'real_name';
+	if (!isset($_REQUEST['sort']) || !isset($context['columns'][$_REQUEST['sort']])) {
+			$_REQUEST['sort'] = 'real_name';
+	}
 
 	if (!is_numeric($_REQUEST['start']))
 	{
-		if (preg_match('~^[^\'\\\\/]~' . ($context['utf8'] ? 'u' : ''), $smcFunc['strtolower']($_REQUEST['start']), $match) === 0)
-			fatal_error('Hacker?', false);
+		if (preg_match('~^[^\'\\\\/]~' . ($context['utf8'] ? 'u' : ''), $smcFunc['strtolower']($_REQUEST['start']), $match) === 0) {
+					fatal_error('Hacker?', false);
+		}
 
 		$_REQUEST['start'] = $match[0];
 
@@ -259,16 +264,18 @@ 
 	}
 
 	$context['letter_links'] = '';
-	for ($i = 97; $i < 123; $i++)
-		$context['letter_links'] .= '<a href="' . $scripturl . '?action=mlist;sa=all;start=' . chr($i) . '#letter' . chr($i) . '">' . strtoupper(chr($i)) . '</a> ';
+	for ($i = 97; $i < 123; $i++) {
+			$context['letter_links'] .= '<a href="' . $scripturl . '?action=mlist;sa=all;start=' . chr($i) . '#letter' . chr($i) . '">' . strtoupper(chr($i)) . '</a> ';
+	}
 
 	// Sort out the column information.
 	foreach ($context['columns'] as $col => $column_details)
 	{
 		$context['columns'][$col]['href'] = $scripturl . '?action=mlist;sort=' . $col . ';start=0';
 
-		if ((!isset($_REQUEST['desc']) && $col == $_REQUEST['sort']) || ($col != $_REQUEST['sort'] && !empty($column_details['default_sort_rev'])))
-			$context['columns'][$col]['href'] .= ';desc';
+		if ((!isset($_REQUEST['desc']) && $col == $_REQUEST['sort']) || ($col != $_REQUEST['sort'] && !empty($column_details['default_sort_rev']))) {
+					$context['columns'][$col]['href'] .= ';desc';
+		}
 
 		$context['columns'][$col]['link'] = '<a href="' . $context['columns'][$col]['href'] . '" rel="nofollow">' . $context['columns'][$col]['label'] . '</a>';
 		$context['columns'][$col]['selected'] = $_REQUEST['sort'] == $col;
@@ -317,8 +324,9 @@ 
 	elseif ($use_cache && $_REQUEST['sort'] === 'real_name')
 	{
 		$first_offset = floor(($memberlist_cache['num_members'] - $modSettings['defaultMaxMembers'] - $_REQUEST['start']) / $cache_step_size) * $cache_step_size;
-		if ($first_offset < 0)
-			$first_offset = 0;
+		if ($first_offset < 0) {
+					$first_offset = 0;
+		}
 		$second_offset = ceil(($memberlist_cache['num_members'] - $_REQUEST['start']) / $cache_step_size) * $cache_step_size;
 
 		$where = 'mem.real_name BETWEEN {string:real_name_low} AND {string:real_name_high}';
@@ -328,8 +336,9 @@ 
 	}
 
 	$custom_fields_qry = '';
-	if (!empty($context['custom_profile_fields']['join'][$_REQUEST['sort']]))
-		$custom_fields_qry = $context['custom_profile_fields']['join'][$_REQUEST['sort']];
+	if (!empty($context['custom_profile_fields']['join'][$_REQUEST['sort']])) {
+			$custom_fields_qry = $context['custom_profile_fields']['join'][$_REQUEST['sort']];
+	}
 
 	// Select the members from the database.
 	$request = $smcFunc['db_query']('', '
@@ -399,12 +408,13 @@ 
 		)
 	);
 	$context['custom_search_fields'] = array();
-	while ($row = $smcFunc['db_fetch_assoc']($request))
-		$context['custom_search_fields'][$row['col_name']] = array(
+	while ($row = $smcFunc['db_fetch_assoc']($request)) {
+			$context['custom_search_fields'][$row['col_name']] = array(
 			'colname' => $row['col_name'],
 			'name' => $row['field_name'],
 			'desc' => $row['field_desc'],
 		);
+	}
 	$smcFunc['db_free_result']($request);
 
 	// They're searching..
@@ -417,23 +427,27 @@ 
 		$context['old_search_value'] = urlencode($_REQUEST['search']);
 
 		// No fields?  Use default...
-		if (empty($_POST['fields']))
-			$_POST['fields'] = array('name');
+		if (empty($_POST['fields'])) {
+					$_POST['fields'] = array('name');
+		}
 
 		// Set defaults for how the results are sorted
-		if (!isset($_REQUEST['sort']) || !isset($context['columns'][$_REQUEST['sort']]))
-			$_REQUEST['sort'] = 'real_name';
+		if (!isset($_REQUEST['sort']) || !isset($context['columns'][$_REQUEST['sort']])) {
+					$_REQUEST['sort'] = 'real_name';
+		}
 
 		// Build the column link / sort information.
 		foreach ($context['columns'] as $col => $column_details)
 		{
 			$context['columns'][$col]['href'] = $scripturl . '?action=mlist;sa=search;start=0;sort=' . $col;
 
-			if ((!isset($_REQUEST['desc']) && $col == $_REQUEST['sort']) || ($col != $_REQUEST['sort'] && !empty($column_details['default_sort_rev'])))
-				$context['columns'][$col]['href'] .= ';desc';
+			if ((!isset($_REQUEST['desc']) && $col == $_REQUEST['sort']) || ($col != $_REQUEST['sort'] && !empty($column_details['default_sort_rev']))) {
+							$context['columns'][$col]['href'] .= ';desc';
+			}
 
-			if (isset($_POST['search']) && isset($_POST['fields']))
-				$context['columns'][$col]['href'] .= ';search=' . $_POST['search'] . ';fields=' . implode(',', $_POST['fields']);
+			if (isset($_POST['search']) && isset($_POST['fields'])) {
+							$context['columns'][$col]['href'] .= ';search=' . $_POST['search'] . ';fields=' . implode(',', $_POST['fields']);
+			}
 
 			$context['columns'][$col]['link'] = '<a href="' . $context['columns'][$col]['href'] . '" rel="nofollow">' . $context['columns'][$col]['label'] . '</a>';
 			$context['columns'][$col]['selected'] = $_REQUEST['sort'] == $col;
@@ -456,8 +470,7 @@ 
 		{
 			$fields = allowedTo('moderate_forum') ? array('member_name', 'real_name') : array('real_name');
 			$search_fields[] = 'name';
-		}
-		else
+		} else
 		{
 			$fields = array();
 			$search_fields = array();
@@ -482,9 +495,10 @@ 
 			$search_fields[] = 'email';
 		}
 
-		if ($smcFunc['db_case_sensitive'])
-			foreach ($fields as $key => $field)
+		if ($smcFunc['db_case_sensitive']) {
+					foreach ($fields as $key => $field)
 				$fields[$key] = 'LOWER(' . $field . ')';
+		}
 
 		$customJoin = array();
 		$customCount = 10;
@@ -503,8 +517,9 @@ 
 		}
 
 		// No search fields? That means you're trying to hack things
-		if (empty($search_fields))
-			fatal_lang_error('invalid_search_string', false);
+		if (empty($search_fields)) {
+					fatal_lang_error('invalid_search_string', false);
+		}
 
 		$query = $_POST['search'] == '' ? '= {string:blank_string}' : ($smcFunc['db_case_sensitive'] ? 'LIKE LOWER({string:search})' : 'LIKE {string:search}');
 
@@ -542,8 +557,7 @@ 
 		);
 		printMemberListRows($request);
 		$smcFunc['db_free_result']($request);
-	}
-	else
+	} else
 	{
 		// These are all the possible fields.
 		$context['search_fields'] = array(
@@ -558,14 +572,14 @@ 
 		{
 			unset($context['search_fields']['email']);
 			$context['search_defaults'] = array('name');
-		}
-		else
+		} else
 		{
 			$context['search_defaults'] = array('name', 'email');
 		}
 
-		foreach ($context['custom_search_fields'] as $field)
-			$context['search_fields']['cust_' . $field['colname']] = sprintf($txt['mlist_search_by'], $field['name']);
+		foreach ($context['custom_search_fields'] as $field) {
+					$context['search_fields']['cust_' . $field['colname']] = sprintf($txt['mlist_search_by'], $field['name']);
+		}
 
 		$context['sub_template'] = 'search';
 		$context['old_search'] = isset($_GET['search']) ? $_GET['search'] : (isset($_POST['search']) ? $smcFunc['htmlspecialchars']($_POST['search']) : '');
@@ -607,12 +621,14 @@ 
 	$smcFunc['db_free_result']($result);
 
 	// Avoid division by zero...
-	if ($most_posts == 0)
-		$most_posts = 1;
+	if ($most_posts == 0) {
+			$most_posts = 1;
+	}
 
 	$members = array();
-	while ($row = $smcFunc['db_fetch_assoc']($request))
-		$members[] = $row['id_member'];
+	while ($row = $smcFunc['db_fetch_assoc']($request)) {
+			$members[] = $row['id_member'];
+	}
 
 	// Load all the members for display.
 	loadMemberData($members);
@@ -620,8 +636,9 @@ 
 	$context['members'] = array();
 	foreach ($members as $member)
 	{
-		if (!loadMemberContext($member))
-			continue;
+		if (!loadMemberContext($member)) {
+					continue;
+		}
 
 		$context['members'][$member] = $memberContext[$member];
 		$context['members'][$member]['post_percent'] = round(($context['members'][$member]['real_posts'] * 100) / $most_posts);
@@ -644,26 +661,28 @@ 
 					$fieldOptions = explode(',', $column['options']);
 					foreach ($fieldOptions as $k => $v)
 					{
-						if (empty($currentKey))
-							$currentKey = $v === $context['members'][$member]['options'][$key] ? $k : 0;
+						if (empty($currentKey)) {
+													$currentKey = $v === $context['members'][$member]['options'][$key] ? $k : 0;
+						}
 					}
 				}
 
-				if ($column['bbc'] && !empty($context['members'][$member]['options'][$key]))
-					$context['members'][$member]['options'][$key] = strip_tags(parse_bbc($context['members'][$member]['options'][$key]));
-
-				elseif ($column['type'] == 'check')
-					$context['members'][$member]['options'][$key] = $context['members'][$member]['options'][$key] == 0 ? $txt['no'] : $txt['yes'];
+				if ($column['bbc'] && !empty($context['members'][$member]['options'][$key])) {
+									$context['members'][$member]['options'][$key] = strip_tags(parse_bbc($context['members'][$member]['options'][$key]));
+				} elseif ($column['type'] == 'check') {
+									$context['members'][$member]['options'][$key] = $context['members'][$member]['options'][$key] == 0 ? $txt['no'] : $txt['yes'];
+				}
 
 				// Enclosing the user input within some other text?
-				if (!empty($column['enclose']))
-					$context['members'][$member]['options'][$key] = strtr($column['enclose'], array(
+				if (!empty($column['enclose'])) {
+									$context['members'][$member]['options'][$key] = strtr($column['enclose'], array(
 						'{SCRIPTURL}' => $scripturl,
 						'{IMAGES_URL}' => $settings['images_url'],
 						'{DEFAULT_IMAGES_URL}' => $settings['default_images_url'],
 						'{INPUT}' => $context['members'][$member]['options'][$key],
 						'{KEY}' => $currentKey
 					));
+				}
 			}
 		}
 	}
@@ -705,17 +724,17 @@ 
 		);
 
 		// Get the right sort method depending on the cust field type.
-		if ($row['field_type'] != 'check')
-			$cpf['columns'][$row['col_name']]['sort'] = array(
+		if ($row['field_type'] != 'check') {
+					$cpf['columns'][$row['col_name']]['sort'] = array(
 				'down' => 'LENGTH(t' . $row['col_name'] . '.value) > 0 ASC, COALESCE(t' . $row['col_name'] . '.value, \'\') DESC',
 				'up' => 'LENGTH(t' . $row['col_name'] . '.value) > 0 DESC, COALESCE(t' . $row['col_name'] . '.value, \'\') ASC'
 			);
-
-		else
-			$cpf['columns'][$row['col_name']]['sort'] = array(
+		} else {
+					$cpf['columns'][$row['col_name']]['sort'] = array(
 				'down' => 't' . $row['col_name'] . '.value DESC',
 				'up' => 't' . $row['col_name'] . '.value ASC'
 			);
+		}
 
 		$cpf['join'][$row['col_name']] = 'LEFT JOIN {db_prefix}themes AS t' . $row['col_name'] . ' ON (t' . $row['col_name'] . '.variable = {literal:' . $row['col_name'] . '} AND t' . $row['col_name'] . '.id_theme = 1 AND t' . $row['col_name'] . '.id_member = mem.id_member)';
 	}

Themes/default/Memberlist.template.php

Braces +30 added lines, -20 removed lines

@@ -27,9 +27,10 @@ 
 			<h3 class="catbg">
 				<span class="floatleft">', $txt['members_list'], '</span>';
 
-	if (!isset($context['old_search']))
-		echo '
+	if (!isset($context['old_search'])) {
+			echo '
 				<span class="floatright">', $context['letter_links'], '</span>';
+	}
 	echo '
 			</h3>
 		</div>';
@@ -44,20 +45,23 @@ 
 	foreach ($context['columns'] as $key => $column)
 	{
 		// @TODO maybe find something nicer?
-		if ($key == 'email_address' && !$context['can_send_email'])
-			continue;
+		if ($key == 'email_address' && !$context['can_send_email']) {
+					continue;
+		}
 
 		// This is a selected column, so underline it or some such.
-		if ($column['selected'])
-			echo '
+		if ($column['selected']) {
+					echo '
 						<th scope="col" class="', $key, isset($column['class']) ? ' ' . $column['class'] : '', ' selected" style="width: auto;"' . (isset($column['colspan']) ? ' colspan="' . $column['colspan'] . '"' : '') . '>
 							<a href="' . $column['href'] . '" rel="nofollow">' . $column['label'] . '</a><span class="generic_icons sort_' . $context['sort_direction'] . '"></span></th>';
+		}
 
 		// This is just some column... show the link and be done with it.
-		else
-			echo '
+		else {
+					echo '
 						<th scope="col" class="', $key, isset($column['class']) ? ' ' . $column['class'] : '', '"', isset($column['width']) ? ' style="width: ' . $column['width'] . '"' : '', isset($column['colspan']) ? ' colspan="' . $column['colspan'] . '"' : '', '>
 						', $column['link'], '</th>';
+		}
 	}
 
 	echo '
@@ -77,9 +81,10 @@ 
 						</td>
 						<td class="lefttext">', $member['link'], '</td>';
 
-			if (!isset($context['disabled_fields']['website']))
-				echo '
+			if (!isset($context['disabled_fields']['website'])) {
+							echo '
 						<td class="centertext website_url">', $member['website']['url'] != '' ? '<a href="' . $member['website']['url'] . '" target="_blank" rel="noopener"><span class="generic_icons www" title="' . $member['website']['title'] . '"></span></a>' : '', '</td>';
+			}
 
 			// Group and date.
 			echo '
@@ -92,32 +97,35 @@ 
 						<td class="centertext" style="white-space: nowrap; width: 15px">', $member['posts'], '</td>
 						<td class="centertext statsbar" style="width: 120px">';
 
-				if (!empty($member['post_percent']))
-					echo '
+				if (!empty($member['post_percent'])) {
+									echo '
 							<div class="bar" style="width: ', $member['post_percent'] + 4, 'px;">
 								<div style="width: ', $member['post_percent'], 'px;"></div>
 							</div>';
+				}
 
 				echo '
 						</td>';
 			}
 
 			// Show custom fields marked to be shown here
-			if (!empty($context['custom_profile_fields']['columns']))
-				foreach ($context['custom_profile_fields']['columns'] as $key => $column)
+			if (!empty($context['custom_profile_fields']['columns'])) {
+							foreach ($context['custom_profile_fields']['columns'] as $key => $column)
 					echo '
 						<td class="centertext">', $member['options'][$key], '</td>';
+			}
 
 			echo '
 					</tr>';
 		}
 	}
 	// No members?
-	else
-		echo '
+	else {
+			echo '
 					<tr>
 						<td colspan="', $context['colspan'], '" class="windowbg">', $txt['search_no_results'], '</td>
 					</tr>';
+	}
 
 	echo '
 				</tbody>
@@ -130,11 +138,12 @@ 
 			<div class="pagelinks floatleft">', $context['page_index'], '</div>';
 
 	// If it is displaying the result of a search show a "search again" link to edit their criteria.
-	if (isset($context['old_search']))
-		echo '
+	if (isset($context['old_search'])) {
+			echo '
 			<div class="buttonlist floatright">
 				<a class="button" href="', $scripturl, '?action=mlist;sa=search;search=', $context['old_search_value'], '">', $txt['mlist_search_again'], '</a>
 			</div>';
+	}
 	echo '
 		</div>
 	</div><!-- #memberlist -->';
@@ -174,12 +183,13 @@ 
 					<dd>
 						<ul>';
 
-	foreach ($context['search_fields'] as $id => $title)
-		echo '
+	foreach ($context['search_fields'] as $id => $title) {
+			echo '
 							<li>
 								<input type="checkbox" name="fields[]" id="fields-', $id, '" value="', $id, '"', in_array($id, $context['search_defaults']) ? ' checked' : '', '>
 								<label for="fields-', $id, '">', $title, '</label>
 							</li>';
+	}
 
 	echo '
 						</ul>

Sources/QueryString.php

Indentation +1 added lines, -1 removed lines

@@ -429,7 +429,7 @@
 */
 function matchIPtoCIDR($ip_address, $cidr_address)
 {
-    list ($cidr_network, $cidr_subnetmask) = preg_split('/', $cidr_address);
+	list ($cidr_network, $cidr_subnetmask) = preg_split('/', $cidr_address);
 	
 	//v6?
 	if ((strpos($cidr_network, ':') !== false))

Spacing +1 added lines, -1 removed lines

@@ -454,7 +454,7 @@
 			break;
 		}
 		$binMask = str_pad($binMask, 32, '0');
-		$binMask = pack("H*" , $binMask);
+		$binMask = pack("H*", $binMask);
 
 		return ($ip_address & $binMask) == $cidr_network;
 	}

Braces +187 added lines, -133 removed lines

@@ -14,8 +14,9 @@ 
  * @version 2.1 Beta 4
  */
 
-if (!defined('SMF'))
+if (!defined('SMF')) {
 	die('No direct access...');
+}
 
 /**
  * Clean the request variables - add html entities to GET and slashes if magic_quotes_gpc is Off.
@@ -44,22 +45,26 @@ 
 	unset($GLOBALS['HTTP_POST_FILES'], $GLOBALS['HTTP_POST_FILES']);
 
 	// These keys shouldn't be set...ever.
-	if (isset($_REQUEST['GLOBALS']) || isset($_COOKIE['GLOBALS']))
-		die('Invalid request variable.');
+	if (isset($_REQUEST['GLOBALS']) || isset($_COOKIE['GLOBALS'])) {
+			die('Invalid request variable.');
+	}
 
 	// Same goes for numeric keys.
-	foreach (array_merge(array_keys($_POST), array_keys($_GET), array_keys($_FILES)) as $key)
-		if (is_numeric($key))
+	foreach (array_merge(array_keys($_POST), array_keys($_GET), array_keys($_FILES)) as $key) {
+			if (is_numeric($key))
 			die('Numeric request keys are invalid.');
+	}
 
 	// Numeric keys in cookies are less of a problem. Just unset those.
-	foreach ($_COOKIE as $key => $value)
-		if (is_numeric($key))
+	foreach ($_COOKIE as $key => $value) {
+			if (is_numeric($key))
 			unset($_COOKIE[$key]);
+	}
 
 	// Get the correct query string.  It may be in an environment variable...
-	if (!isset($_SERVER['QUERY_STRING']))
-		$_SERVER['QUERY_STRING'] = getenv('QUERY_STRING');
+	if (!isset($_SERVER['QUERY_STRING'])) {
+			$_SERVER['QUERY_STRING'] = getenv('QUERY_STRING');
+	}
 
 	// It seems that sticking a URL after the query string is mighty common, well, it's evil - don't.
 	if (strpos($_SERVER['QUERY_STRING'], 'http') === 0)
@@ -83,13 +88,14 @@ 
 		parse_str(preg_replace('/&(\w+)(?=&|$)/', '&$1=', strtr($_SERVER['QUERY_STRING'], array(';?' => '&', ';' => '&', '%00' => '', "\0" => ''))), $_GET);
 
 		// Magic quotes still applies with parse_str - so clean it up.
-		if (function_exists('get_magic_quotes_gpc') && @get_magic_quotes_gpc() != 0 && empty($modSettings['integrate_magic_quotes']))
-			$_GET = $removeMagicQuoteFunction($_GET);
-	}
-	elseif (strpos(ini_get('arg_separator.input'), ';') !== false)
+		if (function_exists('get_magic_quotes_gpc') && @get_magic_quotes_gpc() != 0 && empty($modSettings['integrate_magic_quotes'])) {
+					$_GET = $removeMagicQuoteFunction($_GET);
+		}
+	} elseif (strpos(ini_get('arg_separator.input'), ';') !== false)
 	{
-		if (function_exists('get_magic_quotes_gpc') && @get_magic_quotes_gpc() != 0 && empty($modSettings['integrate_magic_quotes']))
-			$_GET = $removeMagicQuoteFunction($_GET);
+		if (function_exists('get_magic_quotes_gpc') && @get_magic_quotes_gpc() != 0 && empty($modSettings['integrate_magic_quotes'])) {
+					$_GET = $removeMagicQuoteFunction($_GET);
+		}
 
 		// Search engines will send action=profile%3Bu=1, which confuses PHP.
 		foreach ($_GET as $k => $v)
@@ -102,8 +108,9 @@ 
 				for ($i = 1, $n = count($temp); $i < $n; $i++)
 				{
 					@list ($key, $val) = @explode('=', $temp[$i], 2);
-					if (!isset($_GET[$key]))
-						$_GET[$key] = $val;
+					if (!isset($_GET[$key])) {
+											$_GET[$key] = $val;
+					}
 				}
 			}
 
@@ -120,18 +127,20 @@ 
 	if (!empty($_SERVER['REQUEST_URI']))
 	{
 		// Remove the .html, assuming there is one.
-		if (substr($_SERVER['REQUEST_URI'], strrpos($_SERVER['REQUEST_URI'], '.'), 4) == '.htm')
-			$request = substr($_SERVER['REQUEST_URI'], 0, strrpos($_SERVER['REQUEST_URI'], '.'));
-		else
-			$request = $_SERVER['REQUEST_URI'];
+		if (substr($_SERVER['REQUEST_URI'], strrpos($_SERVER['REQUEST_URI'], '.'), 4) == '.htm') {
+					$request = substr($_SERVER['REQUEST_URI'], 0, strrpos($_SERVER['REQUEST_URI'], '.'));
+		} else {
+					$request = $_SERVER['REQUEST_URI'];
+		}
 
 		// @todo smflib.
 		// Replace 'index.php/a,b,c/d/e,f' with 'a=b,c&d=&e=f' and parse it into $_GET.
 		if (strpos($request, basename($scripturl) . '/') !== false)
 		{
 			parse_str(substr(preg_replace('/&(\w+)(?=&|$)/', '&$1=', strtr(preg_replace('~/([^,/]+),~', '/$1=', substr($request, strpos($request, basename($scripturl)) + strlen(basename($scripturl)))), '/', '&')), 1), $temp);
-			if (function_exists('get_magic_quotes_gpc') && @get_magic_quotes_gpc() != 0 && empty($modSettings['integrate_magic_quotes']))
-				$temp = $removeMagicQuoteFunction($temp);
+			if (function_exists('get_magic_quotes_gpc') && @get_magic_quotes_gpc() != 0 && empty($modSettings['integrate_magic_quotes'])) {
+							$temp = $removeMagicQuoteFunction($temp);
+			}
 			$_GET += $temp;
 		}
 	}
@@ -142,9 +151,10 @@ 
 		$_ENV = $removeMagicQuoteFunction($_ENV);
 		$_POST = $removeMagicQuoteFunction($_POST);
 		$_COOKIE = $removeMagicQuoteFunction($_COOKIE);
-		foreach ($_FILES as $k => $dummy)
-			if (isset($_FILES[$k]['name']))
+		foreach ($_FILES as $k => $dummy) {
+					if (isset($_FILES[$k]['name']))
 				$_FILES[$k]['name'] = $removeMagicQuoteFunction($_FILES[$k]['name']);
+		}
 	}
 
 	// Add entities to GET.  This is kinda like the slashes on everything else.
@@ -160,11 +170,13 @@ 
 		$_REQUEST['board'] = (string) $_REQUEST['board'];
 
 		// If there's a slash in it, we've got a start value! (old, compatible links.)
-		if (strpos($_REQUEST['board'], '/') !== false)
-			list ($_REQUEST['board'], $_REQUEST['start']) = explode('/', $_REQUEST['board']);
+		if (strpos($_REQUEST['board'], '/') !== false) {
+					list ($_REQUEST['board'], $_REQUEST['start']) = explode('/', $_REQUEST['board']);
+		}
 		// Same idea, but dots.  This is the currently used format - ?board=1.0...
-		elseif (strpos($_REQUEST['board'], '.') !== false)
-			list ($_REQUEST['board'], $_REQUEST['start']) = explode('.', $_REQUEST['board']);
+		elseif (strpos($_REQUEST['board'], '.') !== false) {
+					list ($_REQUEST['board'], $_REQUEST['start']) = explode('.', $_REQUEST['board']);
+		}
 		// Now make absolutely sure it's a number.
 		$board = (int) $_REQUEST['board'];
 		$_REQUEST['start'] = isset($_REQUEST['start']) ? (int) $_REQUEST['start'] : 0;
@@ -173,12 +185,14 @@ 
 		$_GET['board'] = $board;
 	}
 	// Well, $board is going to be a number no matter what.
-	else
-		$board = 0;
+	else {
+			$board = 0;
+	}
 
 	// If there's a threadid, it's probably an old YaBB SE link.  Flow with it.
-	if (isset($_REQUEST['threadid']) && !isset($_REQUEST['topic']))
-		$_REQUEST['topic'] = $_REQUEST['threadid'];
+	if (isset($_REQUEST['threadid']) && !isset($_REQUEST['topic'])) {
+			$_REQUEST['topic'] = $_REQUEST['threadid'];
+	}
 
 	// We've got topic!
 	if (isset($_REQUEST['topic']))
@@ -187,11 +201,13 @@ 
 		$_REQUEST['topic'] = (string) $_REQUEST['topic'];
 
 		// Slash means old, beta style, formatting.  That's okay though, the link should still work.
-		if (strpos($_REQUEST['topic'], '/') !== false)
-			list ($_REQUEST['topic'], $_REQUEST['start']) = explode('/', $_REQUEST['topic']);
+		if (strpos($_REQUEST['topic'], '/') !== false) {
+					list ($_REQUEST['topic'], $_REQUEST['start']) = explode('/', $_REQUEST['topic']);
+		}
 		// Dots are useful and fun ;).  This is ?topic=1.15.
-		elseif (strpos($_REQUEST['topic'], '.') !== false)
-			list ($_REQUEST['topic'], $_REQUEST['start']) = explode('.', $_REQUEST['topic']);
+		elseif (strpos($_REQUEST['topic'], '.') !== false) {
+					list ($_REQUEST['topic'], $_REQUEST['start']) = explode('.', $_REQUEST['topic']);
+		}
 
 		// Topic should always be an integer
 		$topic = $_GET['topic'] = $_REQUEST['topic'] = (int) $_REQUEST['topic'];
@@ -225,21 +241,25 @@ 
 			$_REQUEST['start'] = $timestamp === 0 ? 0 : 'from' . $timestamp;
 		}
 		// ... or something invalid, in which case we reset it to 0.
-		else
-			$_REQUEST['start'] = 0;
+		else {
+					$_REQUEST['start'] = 0;
+		}
+	} else {
+			$topic = 0;
 	}
-	else
-		$topic = 0;
 
 	// There should be a $_REQUEST['start'], some at least.  If you need to default to other than 0, use $_GET['start'].
-	if (empty($_REQUEST['start']) || $_REQUEST['start'] < 0 || (int) $_REQUEST['start'] > 2147473647)
-		$_REQUEST['start'] = 0;
+	if (empty($_REQUEST['start']) || $_REQUEST['start'] < 0 || (int) $_REQUEST['start'] > 2147473647) {
+			$_REQUEST['start'] = 0;
+	}
 
 	// The action needs to be a string and not an array or anything else
-	if (isset($_REQUEST['action']))
-		$_REQUEST['action'] = (string) $_REQUEST['action'];
-	if (isset($_GET['action']))
-		$_GET['action'] = (string) $_GET['action'];
+	if (isset($_REQUEST['action'])) {
+			$_REQUEST['action'] = (string) $_REQUEST['action'];
+	}
+	if (isset($_GET['action'])) {
+			$_GET['action'] = (string) $_GET['action'];
+	}
 
 	// Some mail providers like to encode semicolons in activation URLs...
 	if (!empty($_REQUEST['action']) && substr($_SERVER['QUERY_STRING'], 0, 18) == 'action=activate%3b')
@@ -265,29 +285,33 @@ 
 	$_SERVER['BAN_CHECK_IP'] = $_SERVER['REMOTE_ADDR'];
 
 	// If we haven't specified how to handle Reverse Proxy IP headers, lets do what we always used to do.
-	if (!isset($modSettings['proxy_ip_header']))
-		$modSettings['proxy_ip_header'] = 'autodetect';
+	if (!isset($modSettings['proxy_ip_header'])) {
+			$modSettings['proxy_ip_header'] = 'autodetect';
+	}
 
 	// Which headers are we going to check for Reverse Proxy IP headers?
-	if ($modSettings['proxy_ip_header'] == 'disabled')
-		$reverseIPheaders = array();
-	elseif ($modSettings['proxy_ip_header'] == 'autodetect')
-		$reverseIPheaders = array('HTTP_X_FORWARDED_FOR', 'HTTP_CLIENT_IP');
-	else
-		$reverseIPheaders = array($modSettings['proxy_ip_header']);
+	if ($modSettings['proxy_ip_header'] == 'disabled') {
+			$reverseIPheaders = array();
+	} elseif ($modSettings['proxy_ip_header'] == 'autodetect') {
+			$reverseIPheaders = array('HTTP_X_FORWARDED_FOR', 'HTTP_CLIENT_IP');
+	} else {
+			$reverseIPheaders = array($modSettings['proxy_ip_header']);
+	}
 
 	// Find the user's IP address. (but don't let it give you 'unknown'!)
 	foreach ($reverseIPheaders as $proxyIPheader)
 	{
 		// Ignore if this is not set.
-		if (!isset($_SERVER[$proxyIPheader]))
-			continue;
+		if (!isset($_SERVER[$proxyIPheader])) {
+					continue;
+		}
 
 		if (!empty($modSettings['proxy_ip_servers']))
 		{
-			foreach (explode(',', $modSettings['proxy_ip_servers']) as $proxy)
-				if ($proxy == $_SERVER['REMOTE_ADDR'] || matchIPtoCIDR($_SERVER['REMOTE_ADDR'], $proxy))
+			foreach (explode(',', $modSettings['proxy_ip_servers']) as $proxy) {
+							if ($proxy == $_SERVER['REMOTE_ADDR'] || matchIPtoCIDR($_SERVER['REMOTE_ADDR'], $proxy))
 					continue;
+			}
 		}
 
 		// If there are commas, get the last one.. probably.
@@ -307,8 +331,9 @@ 
 
 						// Just incase we have a legacy IPv4 address.
 						// @ TODO: Convert to IPv6.
-						if (preg_match('~^((([1]?\d)?\d|2[0-4]\d|25[0-5])\.){3}(([1]?\d)?\d|2[0-4]\d|25[0-5])$~', $_SERVER[$proxyIPheader]) === 0)
-							continue;
+						if (preg_match('~^((([1]?\d)?\d|2[0-4]\d|25[0-5])\.){3}(([1]?\d)?\d|2[0-4]\d|25[0-5])$~', $_SERVER[$proxyIPheader]) === 0) {
+													continue;
+						}
 					}
 
 					continue;
@@ -320,36 +345,40 @@ 
 			}
 		}
 		// Otherwise just use the only one.
-		elseif (preg_match('~^((0|10|172\.(1[6-9]|2[0-9]|3[01])|192\.168|255|127)\.|unknown|::1|fe80::|fc00::)~', $_SERVER[$proxyIPheader]) == 0 || preg_match('~^((0|10|172\.(1[6-9]|2[0-9]|3[01])|192\.168|255|127)\.|unknown|::1|fe80::|fc00::)~', $_SERVER['REMOTE_ADDR']) != 0)
-			$_SERVER['BAN_CHECK_IP'] = $_SERVER[$proxyIPheader];
-		elseif (!isValidIPv6($_SERVER[$proxyIPheader]) || preg_match('~::ffff:\d+\.\d+\.\d+\.\d+~', $_SERVER[$proxyIPheader]) !== 0)
+		elseif (preg_match('~^((0|10|172\.(1[6-9]|2[0-9]|3[01])|192\.168|255|127)\.|unknown|::1|fe80::|fc00::)~', $_SERVER[$proxyIPheader]) == 0 || preg_match('~^((0|10|172\.(1[6-9]|2[0-9]|3[01])|192\.168|255|127)\.|unknown|::1|fe80::|fc00::)~', $_SERVER['REMOTE_ADDR']) != 0) {
+					$_SERVER['BAN_CHECK_IP'] = $_SERVER[$proxyIPheader];
+		} elseif (!isValidIPv6($_SERVER[$proxyIPheader]) || preg_match('~::ffff:\d+\.\d+\.\d+\.\d+~', $_SERVER[$proxyIPheader]) !== 0)
 		{
 			$_SERVER[$proxyIPheader] = preg_replace('~^::ffff:(\d+\.\d+\.\d+\.\d+)~', '\1', $_SERVER[$proxyIPheader]);
 
 			// Just incase we have a legacy IPv4 address.
 			// @ TODO: Convert to IPv6.
-			if (preg_match('~^((([1]?\d)?\d|2[0-4]\d|25[0-5])\.){3}(([1]?\d)?\d|2[0-4]\d|25[0-5])$~', $_SERVER[$proxyIPheader]) === 0)
-				continue;
+			if (preg_match('~^((([1]?\d)?\d|2[0-4]\d|25[0-5])\.){3}(([1]?\d)?\d|2[0-4]\d|25[0-5])$~', $_SERVER[$proxyIPheader]) === 0) {
+							continue;
+			}
 		}
 	}
 
 	// Make sure we know the URL of the current request.
-	if (empty($_SERVER['REQUEST_URI']))
-		$_SERVER['REQUEST_URL'] = $scripturl . (!empty($_SERVER['QUERY_STRING']) ? '?' . $_SERVER['QUERY_STRING'] : '');
-	elseif (preg_match('~^([^/]+//[^/]+)~', $scripturl, $match) == 1)
-		$_SERVER['REQUEST_URL'] = $match[1] . $_SERVER['REQUEST_URI'];
-	else
-		$_SERVER['REQUEST_URL'] = $_SERVER['REQUEST_URI'];
+	if (empty($_SERVER['REQUEST_URI'])) {
+			$_SERVER['REQUEST_URL'] = $scripturl . (!empty($_SERVER['QUERY_STRING']) ? '?' . $_SERVER['QUERY_STRING'] : '');
+	} elseif (preg_match('~^([^/]+//[^/]+)~', $scripturl, $match) == 1) {
+			$_SERVER['REQUEST_URL'] = $match[1] . $_SERVER['REQUEST_URI'];
+	} else {
+			$_SERVER['REQUEST_URL'] = $_SERVER['REQUEST_URI'];
+	}
 
 	// And make sure HTTP_USER_AGENT is set.
 	$_SERVER['HTTP_USER_AGENT'] = isset($_SERVER['HTTP_USER_AGENT']) ? (isset($smcFunc['htmlspecialchars']) ? $smcFunc['htmlspecialchars']($smcFunc['db_unescape_string']($_SERVER['HTTP_USER_AGENT']), ENT_QUOTES) : htmlspecialchars($smcFunc['db_unescape_string']($_SERVER['HTTP_USER_AGENT']), ENT_QUOTES)) : '';
 
 	// Some final checking.
-	if (!isValidIP($_SERVER['BAN_CHECK_IP']))
-		$_SERVER['BAN_CHECK_IP'] = '';
-	if ($_SERVER['REMOTE_ADDR'] == 'unknown')
-		$_SERVER['REMOTE_ADDR'] = '';
-}
+	if (!isValidIP($_SERVER['BAN_CHECK_IP'])) {
+			$_SERVER['BAN_CHECK_IP'] = '';
+	}
+	if ($_SERVER['REMOTE_ADDR'] == 'unknown') {
+			$_SERVER['REMOTE_ADDR'] = '';
+	}
+	}
 
 /**
  * Validates a IPv6 address. returns true if it is ipv6.
@@ -360,8 +389,9 @@ 
 function isValidIPv6($ip)
 {
 	//looking for :
-	if (strpos($ip, ':') === false)
-		return false;
+	if (strpos($ip, ':') === false) {
+			return false;
+	}
 
 	//check valid address
 	return filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6);
@@ -379,8 +409,9 @@ 
 	static $converted = array();
 
 	// Check if we have done this already.
-	if (isset($converted[$addr]))
-		return $converted[$addr];
+	if (isset($converted[$addr])) {
+			return $converted[$addr];
+	}
 
 	// Check if there are segments missing, insert if necessary.
 	if (strpos($addr, '::') !== false)
@@ -390,18 +421,20 @@ 
 		$part[1] = explode(':', $part[1]);
 		$missing = array();
 
-		for ($i = 0; $i < (8 - (count($part[0]) + count($part[1]))); $i++)
-			array_push($missing, '0000');
+		for ($i = 0; $i < (8 - (count($part[0]) + count($part[1]))); $i++) {
+					array_push($missing, '0000');
+		}
 
 		$part = array_merge($part[0], $missing, $part[1]);
+	} else {
+			$part = explode(':', $addr);
 	}
-	else
-		$part = explode(':', $addr);
 
 	// Pad each segment until it has 4 digits.
-	foreach ($part as &$p)
-		while (strlen($p) < 4)
+	foreach ($part as &$p) {
+			while (strlen($p) < 4)
 			$p = '0' . $p;
+	}
 
 	unset($p);
 
@@ -412,11 +445,12 @@ 
 	$converted[$addr] = $result;
 
 	// Quick check to make sure the length is as expected.
-	if (!$strict_check || strlen($result) == 39)
-		return $result;
-	else
-		return false;
-}
+	if (!$strict_check || strlen($result) == 39) {
+			return $result;
+	} else {
+			return false;
+	}
+	}
 
 
 /**
@@ -434,8 +468,9 @@ 
 	//v6?
 	if ((strpos($cidr_network, ':') !== false))
 	{
-		if (!filter_var($ip_address, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6) || !filter_var($cidr_network, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6))
-				return false;
+		if (!filter_var($ip_address, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6) || !filter_var($cidr_network, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) {
+						return false;
+		}
 
 		$ip_address = inet_pton($ip_address);
 		$cidr_network = inet_pton($cidr_network);
@@ -457,10 +492,10 @@ 
 		$binMask = pack("H*" , $binMask);
 
 		return ($ip_address & $binMask) == $cidr_network;
+	} else {
+			return (ip2long($ip_address) & (~((1 << (32 - $cidr_subnetmask)) - 1))) == ip2long($cidr_network);
+	}
 	}
-	else
-		return (ip2long($ip_address) & (~((1 << (32 - $cidr_subnetmask)) - 1))) == ip2long($cidr_network);
-}
 
 /**
  * Adds slashes to the array/variable.
@@ -476,15 +511,17 @@ 
 {
 	global $smcFunc;
 
-	if (!is_array($var))
-		return $smcFunc['db_escape_string']($var);
+	if (!is_array($var)) {
+			return $smcFunc['db_escape_string']($var);
+	}
 
 	// Reindex the array with slashes.
 	$new_var = array();
 
 	// Add slashes to every element, even the indexes!
-	foreach ($var as $k => $v)
-		$new_var[$smcFunc['db_escape_string']($k)] = escapestring__recursive($v);
+	foreach ($var as $k => $v) {
+			$new_var[$smcFunc['db_escape_string']($k)] = escapestring__recursive($v);
+	}
 
 	return $new_var;
 }
@@ -504,12 +541,14 @@ 
 {
 	global $smcFunc;
 
-	if (!is_array($var))
-		return isset($smcFunc['htmlspecialchars']) ? $smcFunc['htmlspecialchars']($var, ENT_QUOTES) : htmlspecialchars($var, ENT_QUOTES);
+	if (!is_array($var)) {
+			return isset($smcFunc['htmlspecialchars']) ? $smcFunc['htmlspecialchars']($var, ENT_QUOTES) : htmlspecialchars($var, ENT_QUOTES);
+	}
 
 	// Add the htmlspecialchars to every element.
-	foreach ($var as $k => $v)
-		$var[$k] = $level > 25 ? null : htmlspecialchars__recursive($v, $level + 1);
+	foreach ($var as $k => $v) {
+			$var[$k] = $level > 25 ? null : htmlspecialchars__recursive($v, $level + 1);
+	}
 
 	return $var;
 }
@@ -527,15 +566,17 @@ 
  */
 function urldecode__recursive($var, $level = 0)
 {
-	if (!is_array($var))
-		return urldecode($var);
+	if (!is_array($var)) {
+			return urldecode($var);
+	}
 
 	// Reindex the array...
 	$new_var = array();
 
 	// Add the htmlspecialchars to every element.
-	foreach ($var as $k => $v)
-		$new_var[urldecode($k)] = $level > 25 ? null : urldecode__recursive($v, $level + 1);
+	foreach ($var as $k => $v) {
+			$new_var[urldecode($k)] = $level > 25 ? null : urldecode__recursive($v, $level + 1);
+	}
 
 	return $new_var;
 }
@@ -553,15 +594,17 @@ 
 {
 	global $smcFunc;
 
-	if (!is_array($var))
-		return $smcFunc['db_unescape_string']($var);
+	if (!is_array($var)) {
+			return $smcFunc['db_unescape_string']($var);
+	}
 
 	// Reindex the array without slashes, this time.
 	$new_var = array();
 
 	// Strip the slashes from every element.
-	foreach ($var as $k => $v)
-		$new_var[$smcFunc['db_unescape_string']($k)] = unescapestring__recursive($v);
+	foreach ($var as $k => $v) {
+			$new_var[$smcFunc['db_unescape_string']($k)] = unescapestring__recursive($v);
+	}
 
 	return $new_var;
 }
@@ -579,15 +622,17 @@ 
  */
 function stripslashes__recursive($var, $level = 0)
 {
-	if (!is_array($var))
-		return stripslashes($var);
+	if (!is_array($var)) {
+			return stripslashes($var);
+	}
 
 	// Reindex the array without slashes, this time.
 	$new_var = array();
 
 	// Strip the slashes from every element.
-	foreach ($var as $k => $v)
-		$new_var[stripslashes($k)] = $level > 25 ? null : stripslashes__recursive($v, $level + 1);
+	foreach ($var as $k => $v) {
+			$new_var[stripslashes($k)] = $level > 25 ? null : stripslashes__recursive($v, $level + 1);
+	}
 
 	return $new_var;
 }
@@ -608,12 +653,14 @@ 
 	global $smcFunc;
 
 	// Remove spaces (32), tabs (9), returns (13, 10, and 11), nulls (0), and hard spaces. (160)
-	if (!is_array($var))
-		return isset($smcFunc) ? $smcFunc['htmltrim']($var) : trim($var, ' ' . "\t\n\r\x0B" . '\0' . "\xA0");
+	if (!is_array($var)) {
+			return isset($smcFunc) ? $smcFunc['htmltrim']($var) : trim($var, ' ' . "\t\n\r\x0B" . '\0' . "\xA0");
+	}
 
 	// Go through all the elements and remove the whitespace.
-	foreach ($var as $k => $v)
-		$var[$k] = $level > 25 ? null : htmltrim__recursive($v, $level + 1);
+	foreach ($var as $k => $v) {
+			$var[$k] = $level > 25 ? null : htmltrim__recursive($v, $level + 1);
+	}
 
 	return $var;
 }
@@ -678,30 +725,37 @@ 
 	global $scripturl, $modSettings, $context;
 
 	// If $scripturl is set to nothing, or the SID is not defined (SSI?) just quit.
-	if ($scripturl == '' || !defined('SID'))
-		return $buffer;
+	if ($scripturl == '' || !defined('SID')) {
+			return $buffer;
+	}
 
 	// Do nothing if the session is cookied, or they are a crawler - guests are caught by redirectexit().  This doesn't work below PHP 4.3.0, because it makes the output buffer bigger.
 	// @todo smflib
-	if (empty($_COOKIE) && SID != '' && !isBrowser('possibly_robot'))
-		$buffer = preg_replace('/(?<!<link rel="canonical" href=)"' . preg_quote($scripturl, '/') . '(?!\?' . preg_quote(SID, '/') . ')\\??/', '"' . $scripturl . '?' . SID . '&amp;', $buffer);
+	if (empty($_COOKIE) && SID != '' && !isBrowser('possibly_robot')) {
+			$buffer = preg_replace('/(?<!<link rel="canonical" href=)"' . preg_quote($scripturl, '/') . '(?!\?' . preg_quote(SID, '/') . ')\\??/', '"' . $scripturl . '?' . SID . '&amp;', $buffer);
+	}
 	// Debugging templates, are we?
-	elseif (isset($_GET['debug']))
-		$buffer = preg_replace('/(?<!<link rel="canonical" href=)"' . preg_quote($scripturl, '/') . '\\??/', '"' . $scripturl . '?debug;', $buffer);
+	elseif (isset($_GET['debug'])) {
+			$buffer = preg_replace('/(?<!<link rel="canonical" href=)"' . preg_quote($scripturl, '/') . '\\??/', '"' . $scripturl . '?debug;', $buffer);
+	}
 
 	// This should work even in 4.2.x, just not CGI without cgi.fix_pathinfo.
 	if (!empty($modSettings['queryless_urls']) && (!$context['server']['is_cgi'] || ini_get('cgi.fix_pathinfo') == 1 || @get_cfg_var('cgi.fix_pathinfo') == 1) && ($context['server']['is_apache'] || $context['server']['is_lighttpd'] || $context['server']['is_litespeed']))
 	{
 		// Let's do something special for session ids!
-		if (defined('SID') && SID != '')
-			$buffer = preg_replace_callback('~"' . preg_quote($scripturl, '~') . '\?(?:' . SID . '(?:;|&|&amp;))((?:board|topic)=[^#"]+?)(#[^"]*?)?"~', function($m)
+		if (defined('SID') && SID != '') {
+					$buffer = preg_replace_callback('~"' . preg_quote($scripturl, '~') . '\?(?:' . SID . '(?:;|&|&amp;))((?:board|topic)=[^#"]+?)(#[^"]*?)?"~', function($m)
 			{
-				global $scripturl; return '"' . $scripturl . "/" . strtr("$m[1]", '&;=', '//,') . ".html?" . SID . (isset($m[2]) ? $m[2] : "") . '"';
+				global $scripturl;
+		}
+		return '"' . $scripturl . "/" . strtr("$m[1]", '&;=', '//,') . ".html?" . SID . (isset($m[2]) ? $m[2] : "") . '"';
 			}, $buffer);
-		else
-			$buffer = preg_replace_callback('~"' . preg_quote($scripturl, '~') . '\?((?:board|topic)=[^#"]+?)(#[^"]*?)?"~', function($m)
+		else {
+					$buffer = preg_replace_callback('~"' . preg_quote($scripturl, '~') . '\?((?:board|topic)=[^#"]+?)(#[^"]*?)?"~', function($m)
 			{
-				global $scripturl; return '"' . $scripturl . '/' . strtr("$m[1]", '&;=', '//,') . '.html' . (isset($m[2]) ? $m[2] : "") . '"';
+				global $scripturl;
+		}
+		return '"' . $scripturl . '/' . strtr("$m[1]", '&;=', '//,') . '.html' . (isset($m[2]) ? $m[2] : "") . '"';
 			}, $buffer);
 	}