albertlast / SMF2.1

Sources/Security.php

Braces +255 added lines, -197 removed lines

@@ -14,8 +14,9 @@ 
  * @version 2.1 Beta 4
  */
 
-if (!defined('SMF'))
+if (!defined('SMF')) {
 	die('No direct access...');
+}
 
 /**
  * Check if the user is who he/she says he is
@@ -42,12 +43,14 @@ 
 	$refreshTime = isset($_GET['xml']) ? 4200 : 3600;
 
 	// Is the security option off?
-	if (!empty($modSettings['securityDisable' . ($type != 'admin' ? '_' . $type : '')]))
-		return;
+	if (!empty($modSettings['securityDisable' . ($type != 'admin' ? '_' . $type : '')])) {
+			return;
+	}
 
 	// Or are they already logged in?, Moderator or admin session is need for this area
-	if ((!empty($_SESSION[$type . '_time']) && $_SESSION[$type . '_time'] + $refreshTime >= time()) || (!empty($_SESSION['admin_time']) && $_SESSION['admin_time'] + $refreshTime >= time()))
-		return;
+	if ((!empty($_SESSION[$type . '_time']) && $_SESSION[$type . '_time'] + $refreshTime >= time()) || (!empty($_SESSION['admin_time']) && $_SESSION['admin_time'] + $refreshTime >= time())) {
+			return;
+	}
 
 	require_once($sourcedir . '/Subs-Auth.php');
 
@@ -55,8 +58,9 @@ 
 	if (isset($_POST[$type . '_pass']))
 	{
 		// Check to ensure we're forcing SSL for authentication
-		if (!empty($modSettings['force_ssl']) && empty($maintenance) && (!isset($_SERVER['HTTPS']) || $_SERVER['HTTPS'] != 'on'))
-			fatal_lang_error('login_ssl_required');
+		if (!empty($modSettings['force_ssl']) && empty($maintenance) && (!isset($_SERVER['HTTPS']) || $_SERVER['HTTPS'] != 'on')) {
+					fatal_lang_error('login_ssl_required');
+		}
 
 		checkSession();
 
@@ -72,17 +76,19 @@ 
 	}
 
 	// Better be sure to remember the real referer
-	if (empty($_SESSION['request_referer']))
-		$_SESSION['request_referer'] = isset($_SERVER['HTTP_REFERER']) ? @parse_url($_SERVER['HTTP_REFERER']) : array();
-	elseif (empty($_POST))
-		unset($_SESSION['request_referer']);
+	if (empty($_SESSION['request_referer'])) {
+			$_SESSION['request_referer'] = isset($_SERVER['HTTP_REFERER']) ? @parse_url($_SERVER['HTTP_REFERER']) : array();
+	} elseif (empty($_POST)) {
+			unset($_SESSION['request_referer']);
+	}
 
 	// Need to type in a password for that, man.
-	if (!isset($_GET['xml']))
-		adminLogin($type);
-	else
-		return 'session_verify_fail';
-}
+	if (!isset($_GET['xml'])) {
+			adminLogin($type);
+	} else {
+			return 'session_verify_fail';
+	}
+	}
 
 /**
  * Require a user who is logged in. (not a guest.)
@@ -96,25 +102,30 @@ 
 	global $user_info, $txt, $context, $scripturl, $modSettings;
 
 	// Luckily, this person isn't a guest.
-	if (!$user_info['is_guest'])
-		return;
+	if (!$user_info['is_guest']) {
+			return;
+	}
 
 	// Log what they were trying to do didn't work)
-	if (!empty($modSettings['who_enabled']))
-		$_GET['error'] = 'guest_login';
+	if (!empty($modSettings['who_enabled'])) {
+			$_GET['error'] = 'guest_login';
+	}
 	writeLog(true);
 
 	// Just die.
-	if (isset($_REQUEST['xml']))
-		obExit(false);
+	if (isset($_REQUEST['xml'])) {
+			obExit(false);
+	}
 
 	// Attempt to detect if they came from dlattach.
-	if (SMF != 'SSI' && empty($context['theme_loaded']))
-		loadTheme();
+	if (SMF != 'SSI' && empty($context['theme_loaded'])) {
+			loadTheme();
+	}
 
 	// Never redirect to an attachment
-	if (strpos($_SERVER['REQUEST_URL'], 'dlattach') === false)
-		$_SESSION['login_url'] = $_SERVER['REQUEST_URL'];
+	if (strpos($_SERVER['REQUEST_URL'], 'dlattach') === false) {
+			$_SESSION['login_url'] = $_SERVER['REQUEST_URL'];
+	}
 
 	// Load the Login template and language file.
 	loadLanguage('Login');
@@ -124,8 +135,7 @@ 
 	{
 		$_SESSION['login_url'] = $scripturl . '?' . $_SERVER['QUERY_STRING'];
 		redirectexit('action=login');
-	}
-	else
+	} else
 	{
 		loadTemplate('Login');
 		$context['sub_template'] = 'kick_guest';
@@ -155,8 +165,9 @@ 
 	global $sourcedir, $cookiename, $user_settings, $smcFunc;
 
 	// You cannot be banned if you are an admin - doesn't help if you log out.
-	if ($user_info['is_admin'])
-		return;
+	if ($user_info['is_admin']) {
+			return;
+	}
 
 	// Only check the ban every so often. (to reduce load.)
 	if ($forceCheck || !isset($_SESSION['ban']) || empty($modSettings['banLastUpdated']) || ($_SESSION['ban']['last_checked'] < $modSettings['banLastUpdated']) || $_SESSION['ban']['id_member'] != $user_info['id'] || $_SESSION['ban']['ip'] != $user_info['ip'] || $_SESSION['ban']['ip2'] != $user_info['ip2'] || (isset($user_info['email'], $_SESSION['ban']['email']) && $_SESSION['ban']['email'] != $user_info['email']))
@@ -177,8 +188,9 @@ 
 		// Check both IP addresses.
 		foreach (array('ip', 'ip2') as $ip_number)
 		{
-			if ($ip_number == 'ip2' && $user_info['ip2'] == $user_info['ip'])
-				continue;
+			if ($ip_number == 'ip2' && $user_info['ip2'] == $user_info['ip']) {
+							continue;
+			}
 			$ban_query[] = ' {inet:' . $ip_number . '} BETWEEN bi.ip_low and bi.ip_high';
 			$ban_query_vars[$ip_number] = $user_info[$ip_number];
 			// IP was valid, maybe there's also a hostname...
@@ -228,24 +240,28 @@ 
 			// Store every type of ban that applies to you in your session.
 			while ($row = $smcFunc['db_fetch_assoc']($request))
 			{
-				foreach ($restrictions as $restriction)
-					if (!empty($row[$restriction]))
+				foreach ($restrictions as $restriction) {
+									if (!empty($row[$restriction]))
 					{
 						$_SESSION['ban'][$restriction]['reason'] = $row['reason'];
+				}
 						$_SESSION['ban'][$restriction]['ids'][] = $row['id_ban'];
-						if (!isset($_SESSION['ban']['expire_time']) || ($_SESSION['ban']['expire_time'] != 0 && ($row['expire_time'] == 0 || $row['expire_time'] > $_SESSION['ban']['expire_time'])))
-							$_SESSION['ban']['expire_time'] = $row['expire_time'];
+						if (!isset($_SESSION['ban']['expire_time']) || ($_SESSION['ban']['expire_time'] != 0 && ($row['expire_time'] == 0 || $row['expire_time'] > $_SESSION['ban']['expire_time']))) {
+													$_SESSION['ban']['expire_time'] = $row['expire_time'];
+						}
 
-						if (!$user_info['is_guest'] && $restriction == 'cannot_access' && ($row['id_member'] == $user_info['id'] || $row['email_address'] == $user_info['email']))
-							$flag_is_activated = true;
+						if (!$user_info['is_guest'] && $restriction == 'cannot_access' && ($row['id_member'] == $user_info['id'] || $row['email_address'] == $user_info['email'])) {
+													$flag_is_activated = true;
+						}
 					}
 			}
 			$smcFunc['db_free_result']($request);
 		}
 
 		// Mark the cannot_access and cannot_post bans as being 'hit'.
-		if (isset($_SESSION['ban']['cannot_access']) || isset($_SESSION['ban']['cannot_post']) || isset($_SESSION['ban']['cannot_login']))
-			log_ban(array_merge(isset($_SESSION['ban']['cannot_access']) ? $_SESSION['ban']['cannot_access']['ids'] : array(), isset($_SESSION['ban']['cannot_post']) ? $_SESSION['ban']['cannot_post']['ids'] : array(), isset($_SESSION['ban']['cannot_login']) ? $_SESSION['ban']['cannot_login']['ids'] : array()));
+		if (isset($_SESSION['ban']['cannot_access']) || isset($_SESSION['ban']['cannot_post']) || isset($_SESSION['ban']['cannot_login'])) {
+					log_ban(array_merge(isset($_SESSION['ban']['cannot_access']) ? $_SESSION['ban']['cannot_access']['ids'] : array(), isset($_SESSION['ban']['cannot_post']) ? $_SESSION['ban']['cannot_post']['ids'] : array(), isset($_SESSION['ban']['cannot_login']) ? $_SESSION['ban']['cannot_login']['ids'] : array()));
+		}
 
 		// If for whatever reason the is_activated flag seems wrong, do a little work to clear it up.
 		if ($user_info['id'] && (($user_settings['is_activated'] >= 10 && !$flag_is_activated)
@@ -260,8 +276,9 @@ 
 	if (!isset($_SESSION['ban']['cannot_access']) && !empty($_COOKIE[$cookiename . '_']))
 	{
 		$bans = explode(',', $_COOKIE[$cookiename . '_']);
-		foreach ($bans as $key => $value)
-			$bans[$key] = (int) $value;
+		foreach ($bans as $key => $value) {
+					$bans[$key] = (int) $value;
+		}
 		$request = $smcFunc['db_query']('', '
 			SELECT bi.id_ban, bg.reason
 			FROM {db_prefix}ban_items AS bi
@@ -297,14 +314,15 @@ 
 	if (isset($_SESSION['ban']['cannot_access']))
 	{
 		// We don't wanna see you!
-		if (!$user_info['is_guest'])
-			$smcFunc['db_query']('', '
+		if (!$user_info['is_guest']) {
+					$smcFunc['db_query']('', '
 				DELETE FROM {db_prefix}log_online
 				WHERE id_member = {int:current_member}',
 				array(
 					'current_member' => $user_info['id'],
 				)
 			);
+		}
 
 		// 'Log' the user out.  Can't have any funny business... (save the name!)
 		$old_name = isset($user_info['name']) && $user_info['name'] != '' ? $user_info['name'] : $txt['guest_title'];
@@ -390,9 +408,10 @@ 
 	}
 
 	// Fix up the banning permissions.
-	if (isset($user_info['permissions']))
-		banPermissions();
-}
+	if (isset($user_info['permissions'])) {
+			banPermissions();
+	}
+	}
 
 /**
  * Fix permissions according to ban status.
@@ -403,8 +422,9 @@ 
 	global $user_info, $sourcedir, $modSettings, $context;
 
 	// Somehow they got here, at least take away all permissions...
-	if (isset($_SESSION['ban']['cannot_access']))
-		$user_info['permissions'] = array();
+	if (isset($_SESSION['ban']['cannot_access'])) {
+			$user_info['permissions'] = array();
+	}
 	// Okay, well, you can watch, but don't touch a thing.
 	elseif (isset($_SESSION['ban']['cannot_post']) || (!empty($modSettings['warning_mute']) && $modSettings['warning_mute'] <= $user_info['warning']))
 	{
@@ -446,19 +466,20 @@ 
 		call_integration_hook('integrate_warn_permissions', array(&$permission_change));
 		foreach ($permission_change as $old => $new)
 		{
-			if (!in_array($old, $user_info['permissions']))
-				unset($permission_change[$old]);
-			else
-				$user_info['permissions'][] = $new;
+			if (!in_array($old, $user_info['permissions'])) {
+							unset($permission_change[$old]);
+			} else {
+							$user_info['permissions'][] = $new;
+			}
 		}
 		$user_info['permissions'] = array_diff($user_info['permissions'], array_keys($permission_change));
 	}
 
 	// @todo Find a better place to call this? Needs to be after permissions loaded!
 	// Finally, some bits we cache in the session because it saves queries.
-	if (isset($_SESSION['mc']) && $_SESSION['mc']['time'] > $modSettings['settings_updated'] && $_SESSION['mc']['id'] == $user_info['id'])
-		$user_info['mod_cache'] = $_SESSION['mc'];
-	else
+	if (isset($_SESSION['mc']) && $_SESSION['mc']['time'] > $modSettings['settings_updated'] && $_SESSION['mc']['id'] == $user_info['id']) {
+			$user_info['mod_cache'] = $_SESSION['mc'];
+	} else
 	{
 		require_once($sourcedir . '/Subs-Auth.php');
 		rebuildModCache();
@@ -469,14 +490,12 @@ 
 	{
 		$context['open_mod_reports'] = $_SESSION['rc']['reports'];
 		$context['open_member_reports'] = $_SESSION['rc']['member_reports'];
-	}
-	elseif ($_SESSION['mc']['bq'] != '0=1')
+	} elseif ($_SESSION['mc']['bq'] != '0=1')
 	{
 		require_once($sourcedir . '/Subs-ReportedContent.php');
 		$context['open_mod_reports'] = recountOpenReports('posts');
 		$context['open_member_reports'] = recountOpenReports('members');
-	}
-	else
+	} else
 	{
 		$context['open_mod_reports'] = 0;
 		$context['open_member_reports'] = 0;
@@ -497,8 +516,9 @@ 
 	global $user_info, $smcFunc;
 
 	// Don't log web accelerators, it's very confusing...
-	if (isset($_SERVER['HTTP_X_MOZ']) && $_SERVER['HTTP_X_MOZ'] == 'prefetch')
-		return;
+	if (isset($_SERVER['HTTP_X_MOZ']) && $_SERVER['HTTP_X_MOZ'] == 'prefetch') {
+			return;
+	}
 
 	$smcFunc['db_insert']('',
 		'{db_prefix}log_banned',
@@ -508,8 +528,8 @@ 
 	);
 
 	// One extra point for these bans.
-	if (!empty($ban_ids))
-		$smcFunc['db_query']('', '
+	if (!empty($ban_ids)) {
+			$smcFunc['db_query']('', '
 			UPDATE {db_prefix}ban_items
 			SET hits = hits + 1
 			WHERE id_ban IN ({array_int:ban_ids})',
@@ -517,7 +537,8 @@ 
 				'ban_ids' => $ban_ids,
 			)
 		);
-}
+	}
+	}
 
 /**
  * Checks if a given email address might be banned.
@@ -533,8 +554,9 @@ 
 	global $txt, $smcFunc;
 
 	// Can't ban an empty email
-	if (empty($email) || trim($email) == '')
-		return;
+	if (empty($email) || trim($email) == '') {
+			return;
+	}
 
 	// Let's start with the bans based on your IP/hostname/memberID...
 	$ban_ids = isset($_SESSION['ban'][$restriction]) ? $_SESSION['ban'][$restriction]['ids'] : array();
@@ -607,16 +629,18 @@ 
 	if ($type == 'post')
 	{
 		$check = isset($_POST[$_SESSION['session_var']]) ? $_POST[$_SESSION['session_var']] : (empty($modSettings['strictSessionCheck']) && isset($_POST['sc']) ? $_POST['sc'] : null);
-		if ($check !== $sc)
-			$error = 'session_timeout';
+		if ($check !== $sc) {
+					$error = 'session_timeout';
+		}
 	}
 
 	// How about $_GET['sesc']?
 	elseif ($type == 'get')
 	{
 		$check = isset($_GET[$_SESSION['session_var']]) ? $_GET[$_SESSION['session_var']] : (empty($modSettings['strictSessionCheck']) && isset($_GET['sesc']) ? $_GET['sesc'] : null);
-		if ($check !== $sc)
-			$error = 'session_verify_fail';
+		if ($check !== $sc) {
+					$error = 'session_verify_fail';
+		}
 	}
 
 	// Or can it be in either?
@@ -624,13 +648,15 @@ 
 	{
 		$check = isset($_GET[$_SESSION['session_var']]) ? $_GET[$_SESSION['session_var']] : (empty($modSettings['strictSessionCheck']) && isset($_GET['sesc']) ? $_GET['sesc'] : (isset($_POST[$_SESSION['session_var']]) ? $_POST[$_SESSION['session_var']] : (empty($modSettings['strictSessionCheck']) && isset($_POST['sc']) ? $_POST['sc'] : null)));
 
-		if ($check !== $sc)
-			$error = 'session_verify_fail';
+		if ($check !== $sc) {
+					$error = 'session_verify_fail';
+		}
 	}
 
 	// Verify that they aren't changing user agents on us - that could be bad.
-	if ((!isset($_SESSION['USER_AGENT']) || $_SESSION['USER_AGENT'] != $_SERVER['HTTP_USER_AGENT']) && empty($modSettings['disableCheckUA']))
-		$error = 'session_verify_fail';
+	if ((!isset($_SESSION['USER_AGENT']) || $_SESSION['USER_AGENT'] != $_SERVER['HTTP_USER_AGENT']) && empty($modSettings['disableCheckUA'])) {
+			$error = 'session_verify_fail';
+	}
 
 	// Make sure a page with session check requirement is not being prefetched.
 	if (isset($_SERVER['HTTP_X_MOZ']) && $_SERVER['HTTP_X_MOZ'] == 'prefetch')
@@ -641,30 +667,35 @@ 
 	}
 
 	// Check the referring site - it should be the same server at least!
-	if (isset($_SESSION['request_referer']))
-		$referrer = $_SESSION['request_referer'];
-	else
-		$referrer = isset($_SERVER['HTTP_REFERER']) ? @parse_url($_SERVER['HTTP_REFERER']) : array();
+	if (isset($_SESSION['request_referer'])) {
+			$referrer = $_SESSION['request_referer'];
+	} else {
+			$referrer = isset($_SERVER['HTTP_REFERER']) ? @parse_url($_SERVER['HTTP_REFERER']) : array();
+	}
 	if (!empty($referrer['host']))
 	{
-		if (strpos($_SERVER['HTTP_HOST'], ':') !== false)
-			$real_host = substr($_SERVER['HTTP_HOST'], 0, strpos($_SERVER['HTTP_HOST'], ':'));
-		else
-			$real_host = $_SERVER['HTTP_HOST'];
+		if (strpos($_SERVER['HTTP_HOST'], ':') !== false) {
+					$real_host = substr($_SERVER['HTTP_HOST'], 0, strpos($_SERVER['HTTP_HOST'], ':'));
+		} else {
+					$real_host = $_SERVER['HTTP_HOST'];
+		}
 
 		$parsed_url = parse_url($boardurl);
 
 		// Are global cookies on?  If so, let's check them ;).
 		if (!empty($modSettings['globalCookies']))
 		{
-			if (preg_match('~(?:[^\.]+\.)?([^\.]{3,}\..+)\z~i', $parsed_url['host'], $parts) == 1)
-				$parsed_url['host'] = $parts[1];
+			if (preg_match('~(?:[^\.]+\.)?([^\.]{3,}\..+)\z~i', $parsed_url['host'], $parts) == 1) {
+							$parsed_url['host'] = $parts[1];
+			}
 
-			if (preg_match('~(?:[^\.]+\.)?([^\.]{3,}\..+)\z~i', $referrer['host'], $parts) == 1)
-				$referrer['host'] = $parts[1];
+			if (preg_match('~(?:[^\.]+\.)?([^\.]{3,}\..+)\z~i', $referrer['host'], $parts) == 1) {
+							$referrer['host'] = $parts[1];
+			}
 
-			if (preg_match('~(?:[^\.]+\.)?([^\.]{3,}\..+)\z~i', $real_host, $parts) == 1)
-				$real_host = $parts[1];
+			if (preg_match('~(?:[^\.]+\.)?([^\.]{3,}\..+)\z~i', $real_host, $parts) == 1) {
+							$real_host = $parts[1];
+			}
 		}
 
 		// Okay: referrer must either match parsed_url or real_host.
@@ -682,12 +713,14 @@ 
 		$log_error = true;
 	}
 
-	if (strtolower($_SERVER['HTTP_USER_AGENT']) == 'hacker')
-		fatal_error('Sound the alarm!  It\'s a hacker!  Close the castle gates!!', false);
+	if (strtolower($_SERVER['HTTP_USER_AGENT']) == 'hacker') {
+			fatal_error('Sound the alarm!  It\'s a hacker!  Close the castle gates!!', false);
+	}
 
 	// Everything is ok, return an empty string.
-	if (!isset($error))
-		return '';
+	if (!isset($error)) {
+			return '';
+	}
 	// A session error occurred, show the error.
 	elseif ($is_fatal)
 	{
@@ -696,13 +729,14 @@ 
 			ob_end_clean();
 			header('HTTP/1.1 403 Forbidden - Session timeout');
 			die;
+		} else {
+					fatal_lang_error($error, isset($log_error) ? 'user' : false);
 		}
-		else
-			fatal_lang_error($error, isset($log_error) ? 'user' : false);
 	}
 	// A session error occurred, return the error to the calling function.
-	else
-		return $error;
+	else {
+			return $error;
+	}
 
 	// We really should never fall through here, for very important reasons.  Let's make sure.
 	trigger_error('Hacking attempt...', E_USER_ERROR);
@@ -718,10 +752,9 @@ 
 {
 	global $modSettings;
 
-	if (isset($_GET['confirm']) && isset($_SESSION['confirm_' . $action]) && md5($_GET['confirm'] . $_SERVER['HTTP_USER_AGENT']) == $_SESSION['confirm_' . $action])
-		return true;
-
-	else
+	if (isset($_GET['confirm']) && isset($_SESSION['confirm_' . $action]) && md5($_GET['confirm'] . $_SERVER['HTTP_USER_AGENT']) == $_SESSION['confirm_' . $action]) {
+			return true;
+	} else
 	{
 		$token = md5(mt_rand() . session_id() . (string) microtime() . $modSettings['rand_seed']);
 		$_SESSION['confirm_' . $action] = md5($token . $_SERVER['HTTP_USER_AGENT']);
@@ -772,9 +805,9 @@ 
 			$return = $_SESSION['token'][$type . '-' . $action][3];
 			unset($_SESSION['token'][$type . '-' . $action]);
 			return $return;
+		} else {
+					return '';
 		}
-		else
-			return '';
 	}
 
 	// This nasty piece of code validates a token.
@@ -805,12 +838,14 @@ 
 		fatal_lang_error('token_verify_fail', false);
 	}
 	// Remove this token as its useless
-	else
-		unset($_SESSION['token'][$type . '-' . $action]);
+	else {
+			unset($_SESSION['token'][$type . '-' . $action]);
+	}
 
 	// Randomly check if we should remove some older tokens.
-	if (mt_rand(0, 138) == 23)
-		cleanTokens();
+	if (mt_rand(0, 138) == 23) {
+			cleanTokens();
+	}
 
 	return false;
 }
@@ -825,14 +860,16 @@ 
 function cleanTokens($complete = false)
 {
 	// We appreciate cleaning up after yourselves.
-	if (!isset($_SESSION['token']))
-		return;
+	if (!isset($_SESSION['token'])) {
+			return;
+	}
 
 	// Clean up tokens, trying to give enough time still.
-	foreach ($_SESSION['token'] as $key => $data)
-		if ($data[2] + 10800 < time() || $complete)
+	foreach ($_SESSION['token'] as $key => $data) {
+			if ($data[2] + 10800 < time() || $complete)
 			unset($_SESSION['token'][$key]);
-}
+	}
+	}
 
 /**
  * Check whether a form has been submitted twice.
@@ -850,37 +887,40 @@ 
 {
 	global $context;
 
-	if (!isset($_SESSION['forms']))
-		$_SESSION['forms'] = array();
+	if (!isset($_SESSION['forms'])) {
+			$_SESSION['forms'] = array();
+	}
 
 	// Register a form number and store it in the session stack. (use this on the page that has the form.)
 	if ($action == 'register')
 	{
 		$context['form_sequence_number'] = 0;
-		while (empty($context['form_sequence_number']) || in_array($context['form_sequence_number'], $_SESSION['forms']))
-			$context['form_sequence_number'] = mt_rand(1, 16000000);
+		while (empty($context['form_sequence_number']) || in_array($context['form_sequence_number'], $_SESSION['forms'])) {
+					$context['form_sequence_number'] = mt_rand(1, 16000000);
+		}
 	}
 	// Check whether the submitted number can be found in the session.
 	elseif ($action == 'check')
 	{
-		if (!isset($_REQUEST['seqnum']))
-			return true;
-		elseif (!in_array($_REQUEST['seqnum'], $_SESSION['forms']))
+		if (!isset($_REQUEST['seqnum'])) {
+					return true;
+		} elseif (!in_array($_REQUEST['seqnum'], $_SESSION['forms']))
 		{
 			$_SESSION['forms'][] = (int) $_REQUEST['seqnum'];
 			return true;
+		} elseif ($is_fatal) {
+					fatal_lang_error('error_form_already_submitted', false);
+		} else {
+					return false;
 		}
-		elseif ($is_fatal)
-			fatal_lang_error('error_form_already_submitted', false);
-		else
-			return false;
 	}
 	// Don't check, just free the stack number.
-	elseif ($action == 'free' && isset($_REQUEST['seqnum']) && in_array($_REQUEST['seqnum'], $_SESSION['forms']))
-		$_SESSION['forms'] = array_diff($_SESSION['forms'], array($_REQUEST['seqnum']));
-	elseif ($action != 'free')
-		trigger_error('checkSubmitOnce(): Invalid action \'' . $action . '\'', E_USER_WARNING);
-}
+	elseif ($action == 'free' && isset($_REQUEST['seqnum']) && in_array($_REQUEST['seqnum'], $_SESSION['forms'])) {
+			$_SESSION['forms'] = array_diff($_SESSION['forms'], array($_REQUEST['seqnum']));
+	} elseif ($action != 'free') {
+			trigger_error('checkSubmitOnce(): Invalid action \'' . $action . '\'', E_USER_WARNING);
+	}
+	}
 
 /**
  * Check the user's permissions.
@@ -897,16 +937,19 @@ 
 	global $user_info, $smcFunc;
 
 	// You're always allowed to do nothing. (unless you're a working man, MR. LAZY :P!)
-	if (empty($permission))
-		return true;
+	if (empty($permission)) {
+			return true;
+	}
 
 	// You're never allowed to do something if your data hasn't been loaded yet!
-	if (empty($user_info))
-		return false;
+	if (empty($user_info)) {
+			return false;
+	}
 
 	// Administrators are supermen :P.
-	if ($user_info['is_admin'])
-		return true;
+	if ($user_info['is_admin']) {
+			return true;
+	}
 
 	// Let's ensure this is an array.
 	$permission = (array) $permission;
@@ -914,14 +957,16 @@ 
 	// Are we checking the _current_ board, or some other boards?
 	if ($boards === null)
 	{
-		if (count(array_intersect($permission, $user_info['permissions'])) != 0)
-			return true;
+		if (count(array_intersect($permission, $user_info['permissions'])) != 0) {
+					return true;
+		}
 		// You aren't allowed, by default.
-		else
-			return false;
+		else {
+					return false;
+		}
+	} elseif (!is_array($boards)) {
+			$boards = array($boards);
 	}
-	elseif (!is_array($boards))
-		$boards = array($boards);
 
 	$request = $smcFunc['db_query']('', '
 		SELECT MIN(bp.add_deny) AS add_deny
@@ -944,12 +989,14 @@ 
 	);
 
 	// Make sure they can do it on all of the boards.
-	if ($smcFunc['db_num_rows']($request) != count($boards))
-		return false;
+	if ($smcFunc['db_num_rows']($request) != count($boards)) {
+			return false;
+	}
 
 	$result = true;
-	while ($row = $smcFunc['db_fetch_assoc']($request))
-		$result &= !empty($row['add_deny']);
+	while ($row = $smcFunc['db_fetch_assoc']($request)) {
+			$result &= !empty($row['add_deny']);
+	}
 	$smcFunc['db_free_result']($request);
 
 	// If the query returned 1, they can do it... otherwise, they can't.
@@ -1014,9 +1061,10 @@ 
 
 	// If you're doing something on behalf of some "heavy" permissions, validate your session.
 	// (take out the heavy permissions, and if you can't do anything but those, you need a validated session.)
-	if (!allowedTo(array_diff($permission, $heavy_permissions), $boards))
-		validateSession();
-}
+	if (!allowedTo(array_diff($permission, $heavy_permissions), $boards)) {
+			validateSession();
+	}
+	}
 
 /**
  * Return the boards a user has a certain (board) permission on. (array(0) if all.)
@@ -1035,8 +1083,9 @@ 
 	global $user_info, $smcFunc;
 
 	// Arrays are nice, most of the time.
-	if (!is_array($permissions))
-		$permissions = array($permissions);
+	if (!is_array($permissions)) {
+			$permissions = array($permissions);
+	}
 
 	/*
 	 * Set $simple to true to use this function as it were in SMF 2.0.x.
@@ -1048,13 +1097,14 @@ 
 	// Administrators are all powerful, sorry.
 	if ($user_info['is_admin'])
 	{
-		if ($simple)
-			return array(0);
-		else
+		if ($simple) {
+					return array(0);
+		} else
 		{
 			$boards = array();
-			foreach ($permissions as $permission)
-				$boards[$permission] = array(0);
+			foreach ($permissions as $permission) {
+							$boards[$permission] = array(0);
+			}
 
 			return $boards;
 		}
@@ -1086,31 +1136,32 @@ 
 	{
 		if ($simple)
 		{
-			if (empty($row['add_deny']))
-				$deny_boards[] = $row['id_board'];
-			else
-				$boards[] = $row['id_board'];
-		}
-		else
+			if (empty($row['add_deny'])) {
+							$deny_boards[] = $row['id_board'];
+			} else {
+							$boards[] = $row['id_board'];
+			}
+		} else
 		{
-			if (empty($row['add_deny']))
-				$deny_boards[$row['permission']][] = $row['id_board'];
-			else
-				$boards[$row['permission']][] = $row['id_board'];
+			if (empty($row['add_deny'])) {
+							$deny_boards[$row['permission']][] = $row['id_board'];
+			} else {
+							$boards[$row['permission']][] = $row['id_board'];
+			}
 		}
 	}
 	$smcFunc['db_free_result']($request);
 
-	if ($simple)
-		$boards = array_unique(array_values(array_diff($boards, $deny_boards)));
-	else
+	if ($simple) {
+			$boards = array_unique(array_values(array_diff($boards, $deny_boards)));
+	} else
 	{
 		foreach ($permissions as $permission)
 		{
 			// never had it to start with
-			if (empty($boards[$permission]))
-				$boards[$permission] = array();
-			else
+			if (empty($boards[$permission])) {
+							$boards[$permission] = array();
+			} else
 			{
 				// Or it may have been removed
 				$deny_boards[$permission] = isset($deny_boards[$permission]) ? $deny_boards[$permission] : array();
@@ -1146,10 +1197,11 @@ 
 
 
 	// Moderators are free...
-	if (!allowedTo('moderate_board'))
-		$timeLimit = isset($timeOverrides[$error_type]) ? $timeOverrides[$error_type] : $modSettings['spamWaitTime'];
-	else
-		$timeLimit = 2;
+	if (!allowedTo('moderate_board')) {
+			$timeLimit = isset($timeOverrides[$error_type]) ? $timeOverrides[$error_type] : $modSettings['spamWaitTime'];
+	} else {
+			$timeLimit = 2;
+	}
 
 	call_integration_hook('integrate_spam_protection', array(&$timeOverrides, &$timeLimit));
 
@@ -1176,8 +1228,9 @@ 
 	if ($smcFunc['db_affected_rows']() != 1)
 	{
 		// Spammer!  You only have to wait a *few* seconds!
-		if (!$only_return_result)
-			fatal_lang_error($error_type . '_WaitTime_broken', false, array($timeLimit));
+		if (!$only_return_result) {
+					fatal_lang_error($error_type . '_WaitTime_broken', false, array($timeLimit));
+		}
 
 		return true;
 	}
@@ -1195,11 +1248,13 @@ 
  */
 function secureDirectory($path, $attachments = false)
 {
-	if (empty($path))
-		return 'empty_path';
+	if (empty($path)) {
+			return 'empty_path';
+	}
 
-	if (!is_writable($path))
-		return 'path_not_writable';
+	if (!is_writable($path)) {
+			return 'path_not_writable';
+	}
 
 	$directoryname = basename($path);
 
@@ -1211,9 +1266,9 @@ 
 
 RemoveHandler .php .php3 .phtml .cgi .fcgi .pl .fpl .shtml';
 
-	if (file_exists($path . '/.htaccess'))
-		$errors[] = 'htaccess_exists';
-	else
+	if (file_exists($path . '/.htaccess')) {
+			$errors[] = 'htaccess_exists';
+	} else
 	{
 		$fh = @fopen($path . '/.htaccess', 'w');
 		if ($fh) {
@@ -1225,9 +1280,9 @@ 
 		$errors[] = 'htaccess_cannot_create_file';
 	}
 
-	if (file_exists($path . '/index.php'))
-		$errors[] = 'index-php_exists';
-	else
+	if (file_exists($path . '/index.php')) {
+			$errors[] = 'index-php_exists';
+	} else
 	{
 		$fh = @fopen($path . '/index.php', 'w');
 		if ($fh) {
@@ -1254,11 +1309,12 @@ 
 		$errors[] = 'index-php_cannot_create_file';
 	}
 
-	if (!empty($errors))
-		return $errors;
-	else
-		return true;
-}
+	if (!empty($errors)) {
+			return $errors;
+	} else {
+			return true;
+	}
+	}
 
 /**
 * This sets the X-Frame-Options header.
@@ -1271,14 +1327,16 @@ 
 	global $modSettings;
 
 	$option = 'SAMEORIGIN';
-	if (is_null($override) && !empty($modSettings['frame_security']))
-		$option = $modSettings['frame_security'];
-	elseif (in_array($override, array('SAMEORIGIN', 'DENY')))
-		$option = $override;
+	if (is_null($override) && !empty($modSettings['frame_security'])) {
+			$option = $modSettings['frame_security'];
+	} elseif (in_array($override, array('SAMEORIGIN', 'DENY'))) {
+			$option = $override;
+	}
 
 	// Don't bother setting the header if we have disabled it.
-	if ($option == 'DISABLE')
-		return;
+	if ($option == 'DISABLE') {
+			return;
+	}
 
 	// Finally set it.
 	header('X-Frame-Options: ' . $option);

Sources/ManageCalendar.php

Spacing +2 added lines, -2 removed lines

@@ -136,7 +136,7 @@ 
 					'value' => $txt['date'],
 				),
 				'data' => array(
-					'function' => function ($rowData) use ($txt)
+					'function' => function($rowData) use ($txt)
 					{
 						// Recurring every year or just a single year?
 						$year = $rowData['year'] == '1004' ? sprintf('(%1$s)', $txt['every_year']) : $rowData['year'];
@@ -218,7 +218,7 @@ 
 		checkSession();
 
 		// Not too long good sir?
-		$_REQUEST['title'] =  $smcFunc['substr']($_REQUEST['title'], 0, 60);
+		$_REQUEST['title'] = $smcFunc['substr']($_REQUEST['title'], 0, 60);
 		$_REQUEST['holiday'] = isset($_REQUEST['holiday']) ? (int) $_REQUEST['holiday'] : 0;
 
 		if (isset($_REQUEST['delete']))

Braces +37 added lines, -28 removed lines

@@ -13,8 +13,9 @@ 
  * @version 2.1 Beta 4
  */
 
-if (!defined('SMF'))
+if (!defined('SMF')) {
 	die('No direct access...');
+}
 
 /**
  * The main controlling function doesn't have much to do... yet.
@@ -43,8 +44,7 @@ 
 			'settings' => 'ModifyCalendarSettings'
 		);
 		$default = 'holidays';
-	}
-	else
+	} else
 	{
 		$subActions = array(
 			'settings' => 'ModifyCalendarSettings'
@@ -60,8 +60,8 @@ 
 		'help' => 'calendar',
 		'description' => $txt['calendar_settings_desc'],
 	);
-	if (!empty($modSettings['cal_enabled']))
-		$context[$context['admin_menu_name']]['tab_data']['tabs'] = array(
+	if (!empty($modSettings['cal_enabled'])) {
+			$context[$context['admin_menu_name']]['tab_data']['tabs'] = array(
 			'holidays' => array(
 				'description' => $txt['manage_holidays_desc'],
 			),
@@ -69,6 +69,7 @@ 
 				'description' => $txt['calendar_settings_desc'],
 			),
 		);
+	}
 
 	call_integration_hook('integrate_manage_calendar', array(&$subActions));
 
@@ -88,8 +89,9 @@ 
 		checkSession();
 		validateToken('admin-mc');
 
-		foreach ($_REQUEST['holiday'] as $id => $value)
-			$_REQUEST['holiday'][$id] = (int) $id;
+		foreach ($_REQUEST['holiday'] as $id => $value) {
+					$_REQUEST['holiday'][$id] = (int) $id;
+		}
 
 		// Now the IDs are "safe" do the delete...
 		require_once($sourcedir . '/Subs-Calendar.php');
@@ -209,8 +211,9 @@ 
 	$context['sub_template'] = 'edit_holiday';
 
 	// Cast this for safety...
-	if (isset($_REQUEST['holiday']))
-		$_REQUEST['holiday'] = (int) $_REQUEST['holiday'];
+	if (isset($_REQUEST['holiday'])) {
+			$_REQUEST['holiday'] = (int) $_REQUEST['holiday'];
+	}
 
 	// Submitting?
 	if (isset($_POST[$context['session_var']]) && (isset($_REQUEST['delete']) || $_REQUEST['title'] != ''))
@@ -221,19 +224,19 @@ 
 		$_REQUEST['title'] =  $smcFunc['substr']($_REQUEST['title'], 0, 60);
 		$_REQUEST['holiday'] = isset($_REQUEST['holiday']) ? (int) $_REQUEST['holiday'] : 0;
 
-		if (isset($_REQUEST['delete']))
-			$smcFunc['db_query']('', '
+		if (isset($_REQUEST['delete'])) {
+					$smcFunc['db_query']('', '
 				DELETE FROM {db_prefix}calendar_holidays
 				WHERE id_holiday = {int:selected_holiday}',
 				array(
 					'selected_holiday' => $_REQUEST['holiday'],
 				)
 			);
-		else
+		} else
 		{
 			$date = strftime($_REQUEST['year'] <= 1004 ? '1004-%m-%d' : '%Y-%m-%d', mktime(0, 0, 0, $_REQUEST['month'], $_REQUEST['day'], $_REQUEST['year']));
-			if (isset($_REQUEST['edit']))
-				$smcFunc['db_query']('', '
+			if (isset($_REQUEST['edit'])) {
+							$smcFunc['db_query']('', '
 					UPDATE {db_prefix}calendar_holidays
 					SET event_date = {date:holiday_date}, title = {string:holiday_title}
 					WHERE id_holiday = {int:selected_holiday}',
@@ -243,8 +246,8 @@ 
 						'holiday_title' => $_REQUEST['title'],
 					)
 				);
-			else
-				$smcFunc['db_insert']('',
+			} else {
+							$smcFunc['db_insert']('',
 					'{db_prefix}calendar_holidays',
 					array(
 						'event_date' => 'date', 'title' => 'string-60',
@@ -254,6 +257,7 @@ 
 					),
 					array('id_holiday')
 				);
+			}
 		}
 
 		updateSettings(array(
@@ -265,14 +269,15 @@ 
 	}
 
 	// Default states...
-	if ($context['is_new'])
-		$context['holiday'] = array(
+	if ($context['is_new']) {
+			$context['holiday'] = array(
 			'id' => 0,
 			'day' => date('d'),
 			'month' => date('m'),
 			'year' => '0000',
 			'title' => ''
 		);
+	}
 	// If it's not new load the data.
 	else
 	{
@@ -285,14 +290,15 @@ 
 				'selected_holiday' => $_REQUEST['holiday'],
 			)
 		);
-		while ($row = $smcFunc['db_fetch_assoc']($request))
-			$context['holiday'] = array(
+		while ($row = $smcFunc['db_fetch_assoc']($request)) {
+					$context['holiday'] = array(
 				'id' => $row['id_holiday'],
 				'day' => $row['day'],
 				'month' => $row['month'],
 				'year' => $row['year'] <= 4 ? 0 : $row['year'],
 				'title' => $row['title']
 			);
+		}
 		$smcFunc['db_free_result']($request);
 	}
 
@@ -319,16 +325,17 @@ 
 		array(
 		)
 	);
-	while ($row = $smcFunc['db_fetch_assoc']($request))
-		$boards[$row['id_board']] = $row['cat_name'] . ' - ' . $row['board_name'];
+	while ($row = $smcFunc['db_fetch_assoc']($request)) {
+			$boards[$row['id_board']] = $row['cat_name'] . ' - ' . $row['board_name'];
+	}
 	$smcFunc['db_free_result']($request);
 
 	require_once($sourcedir . '/Subs-Boards.php');
 	sortBoards($boards);
 
 	// Look, all the calendar settings - of which there are many!
-	if (!empty($modSettings['cal_enabled']))
-		$config_vars = array(
+	if (!empty($modSettings['cal_enabled'])) {
+			$config_vars = array(
 				array('check', 'cal_enabled'),
 			'',
 				// All the permissions:
@@ -371,14 +378,16 @@ 
 				array('check', 'cal_short_days'),
 				array('check', 'cal_short_months'),
 		);
-	else
-		$config_vars = array(
+	} else {
+			$config_vars = array(
 			array('check', 'cal_enabled'),
 		);
+	}
 
 	call_integration_hook('integrate_modify_calendar_settings', array(&$config_vars));
-	if ($return_config)
-		return $config_vars;
+	if ($return_config) {
+			return $config_vars;
+	}
 
 	// Get the settings template fired up.
 	require_once($sourcedir . '/ManageServer.php');

Sources/Subs-Calendar.php

Braces +215 added lines, -157 removed lines

@@ -13,8 +13,9 @@ 
  * @version 2.1 Beta 4
  */
 
-if (!defined('SMF'))
+if (!defined('SMF')) {
 	die('No direct access...');
+}
 
 /**
  * Get all birthdays within the given time range.
@@ -60,8 +61,7 @@ 
 				'max_year' => $year_high,
 			)
 		);
-	}
-	else
+	} else
 	{
 		$result = $smcFunc['db_query']('birthday_array', '
 			SELECT id_member, real_name, YEAR(birthdate) AS birth_year, birthdate
@@ -91,10 +91,11 @@ 
 	$bday = array();
 	while ($row = $smcFunc['db_fetch_assoc']($result))
 	{
-		if ($year_low != $year_high)
-			$age_year = substr($row['birthdate'], 5) < substr($high_date, 5) ? $year_high : $year_low;
-		else
-			$age_year = $year_low;
+		if ($year_low != $year_high) {
+					$age_year = substr($row['birthdate'], 5) < substr($high_date, 5) ? $year_high : $year_low;
+		} else {
+					$age_year = $year_low;
+		}
 
 		$bday[$age_year . substr($row['birthdate'], 4)][] = array(
 			'id' => $row['id_member'],
@@ -108,8 +109,9 @@ 
 	ksort($bday);
 
 	// Set is_last, so the themes know when to stop placing separators.
-	foreach ($bday as $mday => $array)
-		$bday[$mday][count($array) - 1]['is_last'] = true;
+	foreach ($bday as $mday => $array) {
+			$bday[$mday][count($array) - 1]['is_last'] = true;
+	}
 
 	return $bday;
 }
@@ -157,8 +159,9 @@ 
 	while ($row = $smcFunc['db_fetch_assoc']($result))
 	{
 		// If the attached topic is not approved then for the moment pretend it doesn't exist
-		if (!empty($row['id_first_msg']) && $modSettings['postmod_active'] && !$row['approved'])
-			continue;
+		if (!empty($row['id_first_msg']) && $modSettings['postmod_active'] && !$row['approved']) {
+					continue;
+		}
 
 		// Force a censor of the title - as often these are used by others.
 		censorText($row['title'], $use_permissions ? false : true);
@@ -167,8 +170,9 @@ 
 		list($start, $end, $allday, $span, $tz, $tz_abbrev) = buildEventDatetimes($row);
 
 		// Sanity check
-		if (!empty($start['error_count']) || !empty($start['warning_count']) || !empty($end['error_count']) || !empty($end['warning_count']))
-			continue;
+		if (!empty($start['error_count']) || !empty($start['warning_count']) || !empty($end['error_count']) || !empty($end['warning_count'])) {
+					continue;
+		}
 
 		// Get set up for the loop
 		$start_object = date_create($row['start_date'] . (!$allday ? ' ' . $row['start_time'] : ''), timezone_open($tz));
@@ -232,8 +236,8 @@ 
 			);
 
 			// If we're using permissions (calendar pages?) then just ouput normal contextual style information.
-			if ($use_permissions)
-				$events[date_format($cal_date, 'Y-m-d')][] = array_merge($eventProperties, array(
+			if ($use_permissions) {
+							$events[date_format($cal_date, 'Y-m-d')][] = array_merge($eventProperties, array(
 					'href' => $row['id_board'] == 0 ? '' : $scripturl . '?topic=' . $row['id_topic'] . '.0',
 					'link' => $row['id_board'] == 0 ? $row['title'] : '<a href="' . $scripturl . '?topic=' . $row['id_topic'] . '.0">' . $row['title'] . '</a>',
 					'can_edit' => allowedTo('calendar_edit_any') || ($row['id_member'] == $user_info['id'] && allowedTo('calendar_edit_own')),
@@ -241,9 +245,10 @@ 
 					'can_export' => !empty($modSettings['cal_export']) ? true : false,
 					'export_href' => $scripturl . '?action=calendar;sa=ical;eventid=' . $row['id_event'] . ';' . $context['session_var'] . '=' . $context['session_id'],
 				));
+			}
 			// Otherwise, this is going to be cached and the VIEWER'S permissions should apply... just put together some info.
-			else
-				$events[date_format($cal_date, 'Y-m-d')][] = array_merge($eventProperties, array(
+			else {
+							$events[date_format($cal_date, 'Y-m-d')][] = array_merge($eventProperties, array(
 					'href' => $row['id_topic'] == 0 ? '' : $scripturl . '?topic=' . $row['id_topic'] . '.0',
 					'link' => $row['id_topic'] == 0 ? $row['title'] : '<a href="' . $scripturl . '?topic=' . $row['id_topic'] . '.0">' . $row['title'] . '</a>',
 					'can_edit' => false,
@@ -253,6 +258,7 @@ 
 					'poster' => $row['id_member'],
 					'allowed_groups' => explode(',', $row['member_groups']),
 				));
+			}
 
 			date_add($cal_date, date_interval_create_from_date_string('1 day'));
 		}
@@ -262,8 +268,9 @@ 
 	// If we're doing normal contextual data, go through and make things clear to the templates ;).
 	if ($use_permissions)
 	{
-		foreach ($events as $mday => $array)
-			$events[$mday][count($array) - 1]['is_last'] = true;
+		foreach ($events as $mday => $array) {
+					$events[$mday][count($array) - 1]['is_last'] = true;
+		}
 	}
 
 	ksort($events);
@@ -283,11 +290,12 @@ 
 	global $smcFunc;
 
 	// Get the lowest and highest dates for "all years".
-	if (substr($low_date, 0, 4) != substr($high_date, 0, 4))
-		$allyear_part = 'event_date BETWEEN {date:all_year_low} AND {date:all_year_dec}
+	if (substr($low_date, 0, 4) != substr($high_date, 0, 4)) {
+			$allyear_part = 'event_date BETWEEN {date:all_year_low} AND {date:all_year_dec}
 			OR event_date BETWEEN {date:all_year_jan} AND {date:all_year_high}';
-	else
-		$allyear_part = 'event_date BETWEEN {date:all_year_low} AND {date:all_year_high}';
+	} else {
+			$allyear_part = 'event_date BETWEEN {date:all_year_low} AND {date:all_year_high}';
+	}
 
 	// Find some holidays... ;).
 	$result = $smcFunc['db_query']('', '
@@ -307,10 +315,11 @@ 
 	$holidays = array();
 	while ($row = $smcFunc['db_fetch_assoc']($result))
 	{
-		if (substr($low_date, 0, 4) != substr($high_date, 0, 4))
-			$event_year = substr($row['event_date'], 5) < substr($high_date, 5) ? substr($high_date, 0, 4) : substr($low_date, 0, 4);
-		else
-			$event_year = substr($low_date, 0, 4);
+		if (substr($low_date, 0, 4) != substr($high_date, 0, 4)) {
+					$event_year = substr($row['event_date'], 5) < substr($high_date, 5) ? substr($high_date, 0, 4) : substr($low_date, 0, 4);
+		} else {
+					$event_year = substr($low_date, 0, 4);
+		}
 
 		$holidays[$event_year . substr($row['event_date'], 4)][] = $row['title'];
 	}
@@ -336,10 +345,12 @@ 
 	isAllowedTo('calendar_post');
 
 	// No board?  No topic?!?
-	if (empty($board))
-		fatal_lang_error('missing_board_id', false);
-	if (empty($topic))
-		fatal_lang_error('missing_topic_id', false);
+	if (empty($board)) {
+			fatal_lang_error('missing_board_id', false);
+	}
+	if (empty($topic)) {
+			fatal_lang_error('missing_topic_id', false);
+	}
 
 	// Administrator, Moderator, or owner.  Period.
 	if (!allowedTo('admin_forum') && !allowedTo('moderate_board'))
@@ -357,12 +368,14 @@ 
 		if ($row = $smcFunc['db_fetch_assoc']($result))
 		{
 			// Not the owner of the topic.
-			if ($row['id_member_started'] != $user_info['id'])
-				fatal_lang_error('not_your_topic', 'user');
+			if ($row['id_member_started'] != $user_info['id']) {
+							fatal_lang_error('not_your_topic', 'user');
+			}
 		}
 		// Topic/Board doesn't exist.....
-		else
-			fatal_lang_error('calendar_no_topic', 'general');
+		else {
+					fatal_lang_error('calendar_no_topic', 'general');
+		}
 		$smcFunc['db_free_result']($result);
 	}
 }
@@ -450,14 +463,16 @@ 
 	if (!empty($calendarOptions['start_day']))
 	{
 		$nShift -= $calendarOptions['start_day'];
-		if ($nShift < 0)
-			$nShift = 7 + $nShift;
+		if ($nShift < 0) {
+					$nShift = 7 + $nShift;
+		}
 	}
 
 	// Number of rows required to fit the month.
 	$nRows = floor(($month_info['last_day']['day_of_month'] + $nShift) / 7);
-	if (($month_info['last_day']['day_of_month'] + $nShift) % 7)
-		$nRows++;
+	if (($month_info['last_day']['day_of_month'] + $nShift) % 7) {
+			$nRows++;
+	}
 
 	// Fetch the arrays for birthdays, posted events, and holidays.
 	$bday = $calendarOptions['show_birthdays'] ? getBirthdayRange($month_info['first_day']['date'], $month_info['last_day']['date']) : array();
@@ -470,8 +485,9 @@ 
 	{
 		$calendarGrid['week_days'][] = $count;
 		$count++;
-		if ($count == 7)
-			$count = 0;
+		if ($count == 7) {
+					$count = 0;
+		}
 	}
 
 	// Iterate through each week.
@@ -488,8 +504,9 @@ 
 		{
 			$nDay = ($nRow * 7) + $nCol - $nShift + 1;
 
-			if ($nDay < 1 || $nDay > $month_info['last_day']['day_of_month'])
-				$nDay = 0;
+			if ($nDay < 1 || $nDay > $month_info['last_day']['day_of_month']) {
+							$nDay = 0;
+			}
 
 			$date = sprintf('%04d-%02d-%02d', $year, $month, $nDay);
 
@@ -507,8 +524,9 @@ 
 	}
 
 	// What is the last day of the month?
-	if ($is_previous === true)
-		$calendarGrid['last_of_month'] = $month_info['last_day']['day_of_month'];
+	if ($is_previous === true) {
+			$calendarGrid['last_of_month'] = $month_info['last_day']['day_of_month'];
+	}
 
 	// We'll use the shift in the template.
 	$calendarGrid['shift'] = $nShift;
@@ -542,8 +560,9 @@ 
 	{
 		// Here we offset accordingly to get things to the real start of a week.
 		$date_diff = $day_of_week - $calendarOptions['start_day'];
-		if ($date_diff < 0)
-			$date_diff += 7;
+		if ($date_diff < 0) {
+					$date_diff += 7;
+		}
 		$new_timestamp = mktime(0, 0, 0, $month, $day, $year) - $date_diff * 86400;
 		$day = (int) strftime('%d', $new_timestamp);
 		$month = (int) strftime('%m', $new_timestamp);
@@ -673,18 +692,20 @@ 
 	{
 		foreach ($date_events as $event_key => $event_val)
 		{
-			if (in_array($event_val['id'], $temp))
-				unset($calendarGrid['events'][$date][$event_key]);
-			else
-				$temp[] = $event_val['id'];
+			if (in_array($event_val['id'], $temp)) {
+							unset($calendarGrid['events'][$date][$event_key]);
+			} else {
+							$temp[] = $event_val['id'];
+			}
 		}
 	}
 
 	// Give birthdays and holidays a friendly format, without the year
-	if (preg_match('~%[AaBbCcDdeGghjmuYy](?:[^%]*%[AaBbCcDdeGghjmuYy])*~', $user_info['time_format'], $matches) == 0 || empty($matches[0]))
-		$date_format = '%b %d';
-	else
-		$date_format = str_replace(array('%Y', '%y', '%G', '%g', '%C', '%c', '%D'), array('', '', '', '', '', '%b %d', '%m/%d'), $matches[0]);
+	if (preg_match('~%[AaBbCcDdeGghjmuYy](?:[^%]*%[AaBbCcDdeGghjmuYy])*~', $user_info['time_format'], $matches) == 0 || empty($matches[0])) {
+			$date_format = '%b %d';
+	} else {
+			$date_format = str_replace(array('%Y', '%y', '%G', '%g', '%C', '%c', '%D'), array('', '', '', '', '', '%b %d', '%m/%d'), $matches[0]);
+	}
 
 	foreach (array('birthdays', 'holidays') as $type)
 	{
@@ -779,8 +800,9 @@ 
 	// Holidays between now and now + days.
 	for ($i = $now; $i < $now + $days_for_index; $i += 86400)
 	{
-		if (isset($cached_data['holidays'][strftime('%Y-%m-%d', $i)]))
-			$return_data['calendar_holidays'] = array_merge($return_data['calendar_holidays'], $cached_data['holidays'][strftime('%Y-%m-%d', $i)]);
+		if (isset($cached_data['holidays'][strftime('%Y-%m-%d', $i)])) {
+					$return_data['calendar_holidays'] = array_merge($return_data['calendar_holidays'], $cached_data['holidays'][strftime('%Y-%m-%d', $i)]);
+		}
 	}
 
 	// Happy Birthday, guys and gals!
@@ -789,8 +811,9 @@ 
 		$loop_date = strftime('%Y-%m-%d', $i);
 		if (isset($cached_data['birthdays'][$loop_date]))
 		{
-			foreach ($cached_data['birthdays'][$loop_date] as $index => $dummy)
-				$cached_data['birthdays'][strftime('%Y-%m-%d', $i)][$index]['is_today'] = $loop_date === $today['date'];
+			foreach ($cached_data['birthdays'][$loop_date] as $index => $dummy) {
+							$cached_data['birthdays'][strftime('%Y-%m-%d', $i)][$index]['is_today'] = $loop_date === $today['date'];
+			}
 			$return_data['calendar_birthdays'] = array_merge($return_data['calendar_birthdays'], $cached_data['birthdays'][$loop_date]);
 		}
 	}
@@ -802,8 +825,9 @@ 
 		$loop_date = strftime('%Y-%m-%d', $i);
 
 		// No events today? Check the next day.
-		if (empty($cached_data['events'][$loop_date]))
-			continue;
+		if (empty($cached_data['events'][$loop_date])) {
+					continue;
+		}
 
 		// Loop through all events to add a few last-minute values.
 		foreach ($cached_data['events'][$loop_date] as $ev => $event)
@@ -816,9 +840,9 @@ 
 			{
 				unset($cached_data['events'][$loop_date][$ev]);
 				continue;
+			} else {
+							$duplicates[$this_event['topic'] . $this_event['title']] = true;
 			}
-			else
-				$duplicates[$this_event['topic'] . $this_event['title']] = true;
 
 			// Might be set to true afterwards, depending on the permissions.
 			$this_event['can_edit'] = false;
@@ -826,15 +850,18 @@ 
 			$this_event['date'] = $loop_date;
 		}
 
-		if (!empty($cached_data['events'][$loop_date]))
-			$return_data['calendar_events'] = array_merge($return_data['calendar_events'], $cached_data['events'][$loop_date]);
+		if (!empty($cached_data['events'][$loop_date])) {
+					$return_data['calendar_events'] = array_merge($return_data['calendar_events'], $cached_data['events'][$loop_date]);
+		}
 	}
 
 	// Mark the last item so that a list separator can be used in the template.
-	for ($i = 0, $n = count($return_data['calendar_birthdays']); $i < $n; $i++)
-		$return_data['calendar_birthdays'][$i]['is_last'] = !isset($return_data['calendar_birthdays'][$i + 1]);
-	for ($i = 0, $n = count($return_data['calendar_events']); $i < $n; $i++)
-		$return_data['calendar_events'][$i]['is_last'] = !isset($return_data['calendar_events'][$i + 1]);
+	for ($i = 0, $n = count($return_data['calendar_birthdays']); $i < $n; $i++) {
+			$return_data['calendar_birthdays'][$i]['is_last'] = !isset($return_data['calendar_birthdays'][$i + 1]);
+	}
+	for ($i = 0, $n = count($return_data['calendar_events']); $i < $n; $i++) {
+			$return_data['calendar_events'][$i]['is_last'] = !isset($return_data['calendar_events'][$i + 1]);
+	}
 
 	return array(
 		'data' => $return_data,
@@ -882,37 +909,46 @@ 
 		if (isset($_POST['start_date']))
 		{
 			$d = date_parse($_POST['start_date']);
-			if (!empty($d['error_count']) || !empty($d['warning_count']))
-				fatal_lang_error('invalid_date', false);
-			if (empty($d['year']))
-				fatal_lang_error('event_year_missing', false);
-			if (empty($d['month']))
-				fatal_lang_error('event_month_missing', false);
-		}
-		elseif (isset($_POST['start_datetime']))
+			if (!empty($d['error_count']) || !empty($d['warning_count'])) {
+							fatal_lang_error('invalid_date', false);
+			}
+			if (empty($d['year'])) {
+							fatal_lang_error('event_year_missing', false);
+			}
+			if (empty($d['month'])) {
+							fatal_lang_error('event_month_missing', false);
+			}
+		} elseif (isset($_POST['start_datetime']))
 		{
 			$d = date_parse($_POST['start_datetime']);
-			if (!empty($d['error_count']) || !empty($d['warning_count']))
-				fatal_lang_error('invalid_date', false);
-			if (empty($d['year']))
-				fatal_lang_error('event_year_missing', false);
-			if (empty($d['month']))
-				fatal_lang_error('event_month_missing', false);
+			if (!empty($d['error_count']) || !empty($d['warning_count'])) {
+							fatal_lang_error('invalid_date', false);
+			}
+			if (empty($d['year'])) {
+							fatal_lang_error('event_year_missing', false);
+			}
+			if (empty($d['month'])) {
+							fatal_lang_error('event_month_missing', false);
+			}
 		}
 		// The 2.0 way
 		else
 		{
 			// No month?  No year?
-			if (!isset($_POST['month']))
-				fatal_lang_error('event_month_missing', false);
-			if (!isset($_POST['year']))
-				fatal_lang_error('event_year_missing', false);
+			if (!isset($_POST['month'])) {
+							fatal_lang_error('event_month_missing', false);
+			}
+			if (!isset($_POST['year'])) {
+							fatal_lang_error('event_year_missing', false);
+			}
 
 			// Check the month and year...
-			if ($_POST['month'] < 1 || $_POST['month'] > 12)
-				fatal_lang_error('invalid_month', false);
-			if ($_POST['year'] < $modSettings['cal_minyear'] || $_POST['year'] > $modSettings['cal_maxyear'])
-				fatal_lang_error('invalid_year', false);
+			if ($_POST['month'] < 1 || $_POST['month'] > 12) {
+							fatal_lang_error('invalid_month', false);
+			}
+			if ($_POST['year'] < $modSettings['cal_minyear'] || $_POST['year'] > $modSettings['cal_maxyear']) {
+							fatal_lang_error('invalid_year', false);
+			}
 		}
 	}
 
@@ -922,8 +958,9 @@ 
 	// If they want to us to calculate an end date, make sure it will fit in an acceptable range.
 	if (isset($_POST['span']))
 	{
-		if (($_POST['span'] < 1) || (!empty($modSettings['cal_maxspan']) && $_POST['span'] > $modSettings['cal_maxspan']))
-			fatal_lang_error('invalid_days_numb', false);
+		if (($_POST['span'] < 1) || (!empty($modSettings['cal_maxspan']) && $_POST['span'] > $modSettings['cal_maxspan'])) {
+					fatal_lang_error('invalid_days_numb', false);
+		}
 	}
 
 	// There is no need to validate the following values if we are just deleting the event.
@@ -933,24 +970,29 @@ 
 		if (empty($_POST['start_date']) && empty($_POST['start_datetime']))
 		{
 			// No day?
-			if (!isset($_POST['day']))
-				fatal_lang_error('event_day_missing', false);
+			if (!isset($_POST['day'])) {
+							fatal_lang_error('event_day_missing', false);
+			}
 
 			// Bad day?
-			if (!checkdate($_POST['month'], $_POST['day'], $_POST['year']))
-				fatal_lang_error('invalid_date', false);
+			if (!checkdate($_POST['month'], $_POST['day'], $_POST['year'])) {
+							fatal_lang_error('invalid_date', false);
+			}
 		}
 
-		if (!isset($_POST['evtitle']) && !isset($_POST['subject']))
-			fatal_lang_error('event_title_missing', false);
-		elseif (!isset($_POST['evtitle']))
-			$_POST['evtitle'] = $_POST['subject'];
+		if (!isset($_POST['evtitle']) && !isset($_POST['subject'])) {
+					fatal_lang_error('event_title_missing', false);
+		} elseif (!isset($_POST['evtitle'])) {
+					$_POST['evtitle'] = $_POST['subject'];
+		}
 
 		// No title?
-		if ($smcFunc['htmltrim']($_POST['evtitle']) === '')
-			fatal_lang_error('no_event_title', false);
-		if ($smcFunc['strlen']($_POST['evtitle']) > 100)
-			$_POST['evtitle'] = $smcFunc['substr']($_POST['evtitle'], 0, 100);
+		if ($smcFunc['htmltrim']($_POST['evtitle']) === '') {
+					fatal_lang_error('no_event_title', false);
+		}
+		if ($smcFunc['strlen']($_POST['evtitle']) > 100) {
+					$_POST['evtitle'] = $smcFunc['substr']($_POST['evtitle'], 0, 100);
+		}
 		$_POST['evtitle'] = str_replace(';', '', $_POST['evtitle']);
 	}
 }
@@ -977,8 +1019,9 @@ 
 	);
 
 	// No results, return false.
-	if ($smcFunc['db_num_rows'] === 0)
-		return false;
+	if ($smcFunc['db_num_rows'] === 0) {
+			return false;
+	}
 
 	// Grab the results and return.
 	list ($poster) = $smcFunc['db_fetch_row']($request);
@@ -1112,8 +1155,9 @@ 
 	call_integration_hook('integrate_modify_event', array($event_id, &$eventOptions, &$event_columns, &$event_parameters));
 
 	$column_clauses = array();
-	foreach ($event_columns as $col => $crit)
-		$column_clauses[] = $col . ' = ' . $crit;
+	foreach ($event_columns as $col => $crit) {
+			$column_clauses[] = $col . ' = ' . $crit;
+	}
 
 	$smcFunc['db_query']('', '
 		UPDATE {db_prefix}calendar
@@ -1198,8 +1242,9 @@ 
 	);
 
 	// If nothing returned, we are in poo, poo.
-	if ($smcFunc['db_num_rows']($request) === 0)
-		return false;
+	if ($smcFunc['db_num_rows']($request) === 0) {
+			return false;
+	}
 
 	$row = $smcFunc['db_fetch_assoc']($request);
 	$smcFunc['db_free_result']($request);
@@ -1207,8 +1252,9 @@ 
 	list($start, $end, $allday, $span, $tz, $tz_abbrev) = buildEventDatetimes($row);
 
 	// Sanity check
-	if (!empty($start['error_count']) || !empty($start['warning_count']) || !empty($end['error_count']) || !empty($end['warning_count']))
-		return false;
+	if (!empty($start['error_count']) || !empty($start['warning_count']) || !empty($end['error_count']) || !empty($end['warning_count'])) {
+			return false;
+	}
 
 	$return_value = array(
 		'boards' => array(),
@@ -1345,24 +1391,27 @@ 
 
 	// Set $span, in case we need it
 	$span = isset($eventOptions['span']) ? $eventOptions['span'] : (isset($_POST['span']) ? $_POST['span'] : 0);
-	if ($span > 0)
-		$span = !empty($modSettings['cal_maxspan']) ? min($modSettings['cal_maxspan'], $span - 1) : $span - 1;
+	if ($span > 0) {
+			$span = !empty($modSettings['cal_maxspan']) ? min($modSettings['cal_maxspan'], $span - 1) : $span - 1;
+	}
 
 	// Define the timezone for this event, falling back to the default if not provided
-	if (!empty($eventOptions['tz']) && in_array($eventOptions['tz'], timezone_identifiers_list(DateTimeZone::ALL_WITH_BC)))
-		$tz = $eventOptions['tz'];
-	elseif (!empty($_POST['tz']) && in_array($_POST['tz'], timezone_identifiers_list(DateTimeZone::ALL_WITH_BC)))
-		$tz = $_POST['tz'];
-	else
-		$tz = getUserTimezone();
+	if (!empty($eventOptions['tz']) && in_array($eventOptions['tz'], timezone_identifiers_list(DateTimeZone::ALL_WITH_BC))) {
+			$tz = $eventOptions['tz'];
+	} elseif (!empty($_POST['tz']) && in_array($_POST['tz'], timezone_identifiers_list(DateTimeZone::ALL_WITH_BC))) {
+			$tz = $_POST['tz'];
+	} else {
+			$tz = getUserTimezone();
+	}
 
 	// Is this supposed to be an all day event, or should it have specific start and end times?
-	if (isset($eventOptions['allday']))
-		$allday = $eventOptions['allday'];
-	elseif (empty($_POST['allday']))
-		$allday = false;
-	else
-		$allday = true;
+	if (isset($eventOptions['allday'])) {
+			$allday = $eventOptions['allday'];
+	} elseif (empty($_POST['allday'])) {
+			$allday = false;
+	} else {
+			$allday = true;
+	}
 
 	// Input might come as individual parameters...
 	$start_year = isset($eventOptions['year']) ? $eventOptions['year'] : (isset($_POST['year']) ? $_POST['year'] : null);
@@ -1389,10 +1438,12 @@ 
 	$end_time_string = isset($eventOptions['end_time']) ? $eventOptions['end_time'] : (isset($_POST['end_time']) ? $_POST['end_time'] : null);
 
 	// If the date and time were given in separate strings, combine them
-	if (empty($start_string) && isset($start_date_string))
-		$start_string = $start_date_string . (isset($start_time_string) ? ' ' . $start_time_string : '');
-	if (empty($end_string) && isset($end_date_string))
-		$end_string = $end_date_string . (isset($end_time_string) ? ' ' . $end_time_string : '');
+	if (empty($start_string) && isset($start_date_string)) {
+			$start_string = $start_date_string . (isset($start_time_string) ? ' ' . $start_time_string : '');
+	}
+	if (empty($end_string) && isset($end_date_string)) {
+			$end_string = $end_date_string . (isset($end_time_string) ? ' ' . $end_time_string : '');
+	}
 
 	// If some form of string input was given, override individually defined options with it
 	if (isset($start_string))
@@ -1483,10 +1534,11 @@ 
 	if ($start_object >= $end_object)
 	{
 		$end_object = date_create(sprintf('%04d-%02d-%02d %02d:%02d:%02d', $start_year, $start_month, $start_day, $start_hour, $start_minute, $start_second) . ' ' . $tz);
-		if ($span > 0)
-			date_add($end_object, date_interval_create_from_date_string($span . ' days'));
-		else
-			date_add($end_object, date_interval_create_from_date_string('1 hour'));
+		if ($span > 0) {
+					date_add($end_object, date_interval_create_from_date_string($span . ' days'));
+		} else {
+					date_add($end_object, date_interval_create_from_date_string('1 hour'));
+		}
 	}
 
 	// Is $end_object too late?
@@ -1499,9 +1551,9 @@ 
 			{
 				$end_object = date_create(sprintf('%04d-%02d-%02d %02d:%02d:%02d', $start_year, $start_month, $start_day, $start_hour, $start_minute, $start_second) . ' ' . $tz);
 				date_add($end_object, date_interval_create_from_date_string($modSettings['cal_maxspan'] . ' days'));
+			} else {
+							$end_object = date_create(sprintf('%04d-%02d-%02d %02d:%02d:%02d', $start_year, $start_month, $start_day, '11', '59', '59') . ' ' . $tz);
 			}
-			else
-				$end_object = date_create(sprintf('%04d-%02d-%02d %02d:%02d:%02d', $start_year, $start_month, $start_day, '11', '59', '59') . ' ' . $tz);
 		}
 	}
 
@@ -1514,8 +1566,7 @@ 
 		$start_time = null;
 		$end_time = null;
 		$tz = null;
-	}
-	else
+	} else
 	{
 		$start_time = date_format($start_object, 'H:i:s');
 		$end_time = date_format($end_object, 'H:i:s');
@@ -1536,16 +1587,18 @@ 
 	require_once($sourcedir . '/Subs.php');
 
 	// First, try to create a better date format, ignoring the "time" elements.
-	if (preg_match('~%[AaBbCcDdeGghjmuYy](?:[^%]*%[AaBbCcDdeGghjmuYy])*~', $user_info['time_format'], $matches) == 0 || empty($matches[0]))
-		$date_format = '%F';
-	else
-		$date_format = $matches[0];
+	if (preg_match('~%[AaBbCcDdeGghjmuYy](?:[^%]*%[AaBbCcDdeGghjmuYy])*~', $user_info['time_format'], $matches) == 0 || empty($matches[0])) {
+			$date_format = '%F';
+	} else {
+			$date_format = $matches[0];
+	}
 
 	// We want a fairly compact version of the time, but as close as possible to the user's settings.
-	if (preg_match('~%[HkIlMpPrRSTX](?:[^%]*%[HkIlMpPrRSTX])*~', $user_info['time_format'], $matches) == 0 || empty($matches[0]))
-		$time_format = '%k:%M';
-	else
-		$time_format = str_replace(array('%I', '%H', '%S', '%r', '%R', '%T'), array('%l', '%k', '', '%l:%M %p', '%k:%M', '%l:%M'), $matches[0]);
+	if (preg_match('~%[HkIlMpPrRSTX](?:[^%]*%[HkIlMpPrRSTX])*~', $user_info['time_format'], $matches) == 0 || empty($matches[0])) {
+			$time_format = '%k:%M';
+	} else {
+			$time_format = str_replace(array('%I', '%H', '%S', '%r', '%R', '%T'), array('%l', '%k', '', '%l:%M %p', '%k:%M', '%l:%M'), $matches[0]);
+	}
 
 	// Should this be an all day event?
 	$allday = (empty($row['start_time']) || empty($row['end_time']) || empty($row['timezone']) || !in_array($row['timezone'], timezone_identifiers_list(DateTimeZone::ALL_WITH_BC))) ? true : false;
@@ -1554,8 +1607,9 @@ 
 	$span = 1 + date_interval_format(date_diff(date_create($row['start_date']), date_create($row['end_date'])), '%d');
 
 	// We need to have a defined timezone in the steps below
-	if (empty($row['timezone']))
-		$row['timezone'] = getUserTimezone();
+	if (empty($row['timezone'])) {
+			$row['timezone'] = getUserTimezone();
+	}
 
 	// Get most of the standard date information for the start and end datetimes
 	$start = date_parse($row['start_date'] . (!$allday ? ' ' . $row['start_time'] : ''));
@@ -1607,8 +1661,9 @@ 
 	global $smcFunc, $context, $user_info, $modSettings, $user_settings;
 	static $member_cache = array();
 
-	if (is_null($id_member) && $user_info['is_guest'] == false)
-		$id_member = $context['user']['id'];
+	if (is_null($id_member) && $user_info['is_guest'] == false) {
+			$id_member = $context['user']['id'];
+	}
 
 	//check if the cache got the data
 	if (isset($id_member) && isset($member_cache[$id_member]))
@@ -1637,11 +1692,13 @@ 
 		$smcFunc['db_free_result']($request);
 	}
 
-	if (empty($timezone) || !in_array($timezone, timezone_identifiers_list(DateTimeZone::ALL_WITH_BC)))
-		$timezone = isset($modSettings['default_timezone']) ? $modSettings['default_timezone'] : date_default_timezone_get();
+	if (empty($timezone) || !in_array($timezone, timezone_identifiers_list(DateTimeZone::ALL_WITH_BC))) {
+			$timezone = isset($modSettings['default_timezone']) ? $modSettings['default_timezone'] : date_default_timezone_get();
+	}
 
-	if (isset($id_member))
-		$member_cache[$id_member] = $timezone;
+	if (isset($id_member)) {
+			$member_cache[$id_member] = $timezone;
+	}
 
 	return $timezone;
 }
@@ -1670,8 +1727,9 @@ 
 		)
 	);
 	$holidays = array();
-	while ($row = $smcFunc['db_fetch_assoc']($request))
-		$holidays[] = $row;
+	while ($row = $smcFunc['db_fetch_assoc']($request)) {
+			$holidays[] = $row;
+	}
 	$smcFunc['db_free_result']($request);
 
 	return $holidays;

Sources/Register.php

Braces +171 added lines, -124 removed lines

@@ -15,8 +15,9 @@ 
  * @version 2.1 Beta 4
  */
 
-if (!defined('SMF'))
+if (!defined('SMF')) {
 	die('No direct access...');
+}
 
 /**
  * Begin the registration process.
@@ -29,19 +30,23 @@ 
 	global $language, $scripturl, $smcFunc, $sourcedir, $cur_profile;
 
 	// Is this an incoming AJAX check?
-	if (isset($_GET['sa']) && $_GET['sa'] == 'usernamecheck')
-		return RegisterCheckUsername();
+	if (isset($_GET['sa']) && $_GET['sa'] == 'usernamecheck') {
+			return RegisterCheckUsername();
+	}
 
 	// Check if the administrator has it disabled.
-	if (!empty($modSettings['registration_method']) && $modSettings['registration_method'] == '3')
-		fatal_lang_error('registration_disabled', false);
+	if (!empty($modSettings['registration_method']) && $modSettings['registration_method'] == '3') {
+			fatal_lang_error('registration_disabled', false);
+	}
 
 	// If this user is an admin - redirect them to the admin registration page.
-	if (allowedTo('moderate_forum') && !$user_info['is_guest'])
-		redirectexit('action=admin;area=regcenter;sa=register');
+	if (allowedTo('moderate_forum') && !$user_info['is_guest']) {
+			redirectexit('action=admin;area=regcenter;sa=register');
+	}
 	// You are not a guest, so you are a member - and members don't get to register twice!
-	elseif (empty($user_info['is_guest']))
-		redirectexit();
+	elseif (empty($user_info['is_guest'])) {
+			redirectexit();
+	}
 
 	loadLanguage('Login');
 	loadTemplate('Register');
@@ -82,16 +87,18 @@ 
 		}
 	}
 	// Make sure they don't squeeze through without agreeing.
-	elseif ($current_step > 1 && $context['require_agreement'] && !$context['registration_passed_agreement'])
-		$current_step = 1;
+	elseif ($current_step > 1 && $context['require_agreement'] && !$context['registration_passed_agreement']) {
+			$current_step = 1;
+	}
 
 	// Show the user the right form.
 	$context['sub_template'] = $current_step == 1 ? 'registration_agreement' : 'registration_form';
 	$context['page_title'] = $current_step == 1 ? $txt['registration_agreement'] : $txt['registration_form'];
 
 	// Kinda need this.
-	if ($context['sub_template'] == 'registration_form')
-		loadJavaScriptFile('register.js', array('defer' => false), 'smf_register');
+	if ($context['sub_template'] == 'registration_form') {
+			loadJavaScriptFile('register.js', array('defer' => false), 'smf_register');
+	}
 
 	// Add the register chain to the link tree.
 	$context['linktree'][] = array(
@@ -100,24 +107,26 @@ 
 	);
 
 	// Prepare the time gate! Do it like so, in case later steps want to reset the limit for any reason, but make sure the time is the current one.
-	if (!isset($_SESSION['register']))
-		$_SESSION['register'] = array(
+	if (!isset($_SESSION['register'])) {
+			$_SESSION['register'] = array(
 			'timenow' => time(),
 			'limit' => 10, // minimum number of seconds required on this page for registration
 		);
-	else
-		$_SESSION['register']['timenow'] = time();
+	} else {
+			$_SESSION['register']['timenow'] = time();
+	}
 
 	// If you have to agree to the agreement, it needs to be fetched from the file.
 	if ($context['require_agreement'])
 	{
 		// Have we got a localized one?
-		if (file_exists($boarddir . '/agreement.' . $user_info['language'] . '.txt'))
-			$context['agreement'] = parse_bbc(file_get_contents($boarddir . '/agreement.' . $user_info['language'] . '.txt'), true, 'agreement_' . $user_info['language']);
-		elseif (file_exists($boarddir . '/agreement.txt'))
-			$context['agreement'] = parse_bbc(file_get_contents($boarddir . '/agreement.txt'), true, 'agreement');
-		else
-			$context['agreement'] = '';
+		if (file_exists($boarddir . '/agreement.' . $user_info['language'] . '.txt')) {
+					$context['agreement'] = parse_bbc(file_get_contents($boarddir . '/agreement.' . $user_info['language'] . '.txt'), true, 'agreement_' . $user_info['language']);
+		} elseif (file_exists($boarddir . '/agreement.txt')) {
+					$context['agreement'] = parse_bbc(file_get_contents($boarddir . '/agreement.txt'), true, 'agreement');
+		} else {
+					$context['agreement'] = '';
+		}
 
 		// Nothing to show, lets disable registration and inform the admin of this error
 		if (empty($context['agreement']))
@@ -133,8 +142,9 @@ 
 		$selectedLanguage = empty($_SESSION['language']) ? $language : $_SESSION['language'];
 
 		// Do we have any languages?
-		if (empty($context['languages']))
-			getLanguages();
+		if (empty($context['languages'])) {
+					getLanguages();
+		}
 
 		// Try to find our selected language.
 		foreach ($context['languages'] as $key => $lang)
@@ -142,8 +152,9 @@ 
 			$context['languages'][$key]['name'] = strtr($lang['name'], array('-utf8' => ''));
 
 			// Found it!
-			if ($selectedLanguage == $lang['filename'])
-				$context['languages'][$key]['selected'] = true;
+			if ($selectedLanguage == $lang['filename']) {
+							$context['languages'][$key]['selected'] = true;
+			}
 		}
 	}
 
@@ -167,9 +178,10 @@ 
 		$reg_fields = explode(',', $modSettings['registration_fields']);
 
 		// We might have had some submissions on this front - go check.
-		foreach ($reg_fields as $field)
-			if (isset($_POST[$field]))
+		foreach ($reg_fields as $field) {
+					if (isset($_POST[$field]))
 				$cur_profile[$field] = $smcFunc['htmlspecialchars']($_POST[$field]);
+		}
 
 		// Load all the fields in question.
 		setupProfileContext($reg_fields);
@@ -186,8 +198,9 @@ 
 		$context['visual_verification_id'] = $verificationOptions['id'];
 	}
 	// Otherwise we have nothing to show.
-	else
-		$context['visual_verification'] = false;
+	else {
+			$context['visual_verification'] = false;
+	}
 
 
 	$context += array(
@@ -198,8 +211,9 @@ 
 
 	// Were there any errors?
 	$context['registration_errors'] = array();
-	if (!empty($reg_errors))
-		$context['registration_errors'] = $reg_errors;
+	if (!empty($reg_errors)) {
+			$context['registration_errors'] = $reg_errors;
+	}
 
 	createToken('register');
 }
@@ -216,27 +230,32 @@ 
 	validateToken('register');
 
 	// Check to ensure we're forcing SSL for authentication
-	if (!empty($modSettings['force_ssl']) && empty($maintenance) && (!isset($_SERVER['HTTPS']) || $_SERVER['HTTPS'] != 'on'))
-		fatal_lang_error('register_ssl_required');
+	if (!empty($modSettings['force_ssl']) && empty($maintenance) && (!isset($_SERVER['HTTPS']) || $_SERVER['HTTPS'] != 'on')) {
+			fatal_lang_error('register_ssl_required');
+	}
 
 	// Start collecting together any errors.
 	$reg_errors = array();
 
 	// You can't register if it's disabled.
-	if (!empty($modSettings['registration_method']) && $modSettings['registration_method'] == 3)
-		fatal_lang_error('registration_disabled', false);
+	if (!empty($modSettings['registration_method']) && $modSettings['registration_method'] == 3) {
+			fatal_lang_error('registration_disabled', false);
+	}
 
 	// Well, if you don't agree, you can't register.
-	if (!empty($modSettings['requireAgreement']) && empty($_SESSION['registration_agreed']))
-		redirectexit();
+	if (!empty($modSettings['requireAgreement']) && empty($_SESSION['registration_agreed'])) {
+			redirectexit();
+	}
 
 	// Make sure they came from *somewhere*, have a session.
-	if (!isset($_SESSION['old_url']))
-		redirectexit('action=signup');
+	if (!isset($_SESSION['old_url'])) {
+			redirectexit('action=signup');
+	}
 
 	// If we don't require an agreement, we need a extra check for coppa.
-	if (empty($modSettings['requireAgreement']) && !empty($modSettings['coppaAge']))
-		$_SESSION['skip_coppa'] = !empty($_POST['accept_agreement']);
+	if (empty($modSettings['requireAgreement']) && !empty($modSettings['coppaAge'])) {
+			$_SESSION['skip_coppa'] = !empty($_POST['accept_agreement']);
+	}
 	// Are they under age, and under age users are banned?
 	if (!empty($modSettings['coppaAge']) && empty($modSettings['coppaType']) && empty($_SESSION['skip_coppa']))
 	{
@@ -245,8 +264,9 @@ 
 	}
 
 	// Check the time gate for miscreants. First make sure they came from somewhere that actually set it up.
-	if (empty($_SESSION['register']['timenow']) || empty($_SESSION['register']['limit']))
-		redirectexit('action=signup');
+	if (empty($_SESSION['register']['timenow']) || empty($_SESSION['register']['limit'])) {
+			redirectexit('action=signup');
+	}
 	// Failing that, check the time on it.
 	if (time() - $_SESSION['register']['timenow'] < $_SESSION['register']['limit'])
 	{
@@ -266,15 +286,17 @@ 
 		if (is_array($context['visual_verification']))
 		{
 			loadLanguage('Errors');
-			foreach ($context['visual_verification'] as $error)
-				$reg_errors[] = $txt['error_' . $error];
+			foreach ($context['visual_verification'] as $error) {
+							$reg_errors[] = $txt['error_' . $error];
+			}
 		}
 	}
 
 	foreach ($_POST as $key => $value)
 	{
-		if (!is_array($_POST[$key]))
-			$_POST[$key] = htmltrim__recursive(str_replace(array("\n", "\r"), '', $_POST[$key]));
+		if (!is_array($_POST[$key])) {
+					$_POST[$key] = htmltrim__recursive(str_replace(array("\n", "\r"), '', $_POST[$key]));
+		}
 	}
 
 	// Collect all extra registration fields someone might have filled in.
@@ -304,12 +326,14 @@ 
 		$reg_fields = explode(',', $modSettings['registration_fields']);
 
 		// Website is a little different
-		if (in_array('website', $reg_fields))
-			$possible_strings += array('website_url', 'website_title');
+		if (in_array('website', $reg_fields)) {
+					$possible_strings += array('website_url', 'website_title');
+		}
 	}
 
-	if (isset($_POST['secret_answer']) && $_POST['secret_answer'] != '')
-		$_POST['secret_answer'] = md5($_POST['secret_answer']);
+	if (isset($_POST['secret_answer']) && $_POST['secret_answer'] != '') {
+			$_POST['secret_answer'] = md5($_POST['secret_answer']);
+	}
 
 	// Needed for isReservedName() and registerMember().
 	require_once($sourcedir . '/Subs-Members.php');
@@ -318,8 +342,9 @@ 
 	if (isset($_POST['real_name']))
 	{
 		// Are you already allowed to edit the displayed name?
-		if (allowedTo('profile_displayed_name') || allowedTo('moderate_forum'))
-			$canEditDisplayName = true;
+		if (allowedTo('profile_displayed_name') || allowedTo('moderate_forum')) {
+					$canEditDisplayName = true;
+		}
 
 		// If you are a guest, will you be allowed to once you register?
 		else
@@ -343,33 +368,38 @@ 
 			$_POST['real_name'] = trim(preg_replace('~[\t\n\r \x0B\0' . ($context['utf8'] ? '\x{A0}\x{AD}\x{2000}-\x{200F}\x{201F}\x{202F}\x{3000}\x{FEFF}' : '\x00-\x08\x0B\x0C\x0E-\x19\xA0') . ']+~' . ($context['utf8'] ? 'u' : ''), ' ', $_POST['real_name']));
 
 			// Only set it if we are sure it is good
-			if (trim($_POST['real_name']) != '' && !isReservedName($_POST['real_name']) && $smcFunc['strlen']($_POST['real_name']) < 60)
-				$possible_strings[] = 'real_name';
+			if (trim($_POST['real_name']) != '' && !isReservedName($_POST['real_name']) && $smcFunc['strlen']($_POST['real_name']) < 60) {
+							$possible_strings[] = 'real_name';
+			}
 		}
 	}
 
 	// Handle a string as a birthdate...
-	if (isset($_POST['birthdate']) && $_POST['birthdate'] != '')
-		$_POST['birthdate'] = strftime('%Y-%m-%d', strtotime($_POST['birthdate']));
+	if (isset($_POST['birthdate']) && $_POST['birthdate'] != '') {
+			$_POST['birthdate'] = strftime('%Y-%m-%d', strtotime($_POST['birthdate']));
+	}
 	// Or birthdate parts...
-	elseif (!empty($_POST['bday1']) && !empty($_POST['bday2']))
-		$_POST['birthdate'] = sprintf('%04d-%02d-%02d', empty($_POST['bday3']) ? 0 : (int) $_POST['bday3'], (int) $_POST['bday1'], (int) $_POST['bday2']);
+	elseif (!empty($_POST['bday1']) && !empty($_POST['bday2'])) {
+			$_POST['birthdate'] = sprintf('%04d-%02d-%02d', empty($_POST['bday3']) ? 0 : (int) $_POST['bday3'], (int) $_POST['bday1'], (int) $_POST['bday2']);
+	}
 
 	// Validate the passed language file.
 	if (isset($_POST['lngfile']) && !empty($modSettings['userLanguage']))
 	{
 		// Do we have any languages?
-		if (empty($context['languages']))
-			getLanguages();
+		if (empty($context['languages'])) {
+					getLanguages();
+		}
 
 		// Did we find it?
-		if (isset($context['languages'][$_POST['lngfile']]))
-			$_SESSION['language'] = $_POST['lngfile'];
-		else
+		if (isset($context['languages'][$_POST['lngfile']])) {
+					$_SESSION['language'] = $_POST['lngfile'];
+		} else {
+					unset($_POST['lngfile']);
+		}
+	} else {
 			unset($_POST['lngfile']);
 	}
-	else
-		unset($_POST['lngfile']);
 
 	// Set the options needed for registration.
 	$regOptions = array(
@@ -389,22 +419,27 @@ 
 	);
 
 	// Include the additional options that might have been filled in.
-	foreach ($possible_strings as $var)
-		if (isset($_POST[$var]))
+	foreach ($possible_strings as $var) {
+			if (isset($_POST[$var]))
 			$regOptions['extra_register_vars'][$var] = $smcFunc['htmlspecialchars']($_POST[$var], ENT_QUOTES);
-	foreach ($possible_ints as $var)
-		if (isset($_POST[$var]))
+	}
+	foreach ($possible_ints as $var) {
+			if (isset($_POST[$var]))
 			$regOptions['extra_register_vars'][$var] = (int) $_POST[$var];
-	foreach ($possible_floats as $var)
-		if (isset($_POST[$var]))
+	}
+	foreach ($possible_floats as $var) {
+			if (isset($_POST[$var]))
 			$regOptions['extra_register_vars'][$var] = (float) $_POST[$var];
-	foreach ($possible_bools as $var)
-		if (isset($_POST[$var]))
+	}
+	foreach ($possible_bools as $var) {
+			if (isset($_POST[$var]))
 			$regOptions['extra_register_vars'][$var] = empty($_POST[$var]) ? 0 : 1;
+	}
 
 	// Registration options are always default options...
-	if (isset($_POST['default_options']))
-		$_POST['options'] = isset($_POST['options']) ? $_POST['options'] + $_POST['default_options'] : $_POST['default_options'];
+	if (isset($_POST['default_options'])) {
+			$_POST['options'] = isset($_POST['options']) ? $_POST['options'] + $_POST['default_options'] : $_POST['default_options'];
+	}
 	$regOptions['theme_vars'] = isset($_POST['options']) && is_array($_POST['options']) ? $_POST['options'] : array();
 
 	// Make sure they are clean, dammit!
@@ -424,12 +459,14 @@ 
 	while ($row = $smcFunc['db_fetch_assoc']($request))
 	{
 		// Don't allow overriding of the theme variables.
-		if (isset($regOptions['theme_vars'][$row['col_name']]))
-			unset($regOptions['theme_vars'][$row['col_name']]);
+		if (isset($regOptions['theme_vars'][$row['col_name']])) {
+					unset($regOptions['theme_vars'][$row['col_name']]);
+		}
 
 		// Not actually showing it then?
-		if (!$row['show_reg'])
-			continue;
+		if (!$row['show_reg']) {
+					continue;
+		}
 
 		// Prepare the value!
 		$value = isset($_POST['customfield'][$row['col_name']]) ? trim($_POST['customfield'][$row['col_name']]) : '';
@@ -438,24 +475,27 @@ 
 		if (!in_array($row['field_type'], array('check', 'select', 'radio')))
 		{
 			// Is it too long?
-			if ($row['field_length'] && $row['field_length'] < $smcFunc['strlen']($value))
-				$custom_field_errors[] = array('custom_field_too_long', array($row['field_name'], $row['field_length']));
+			if ($row['field_length'] && $row['field_length'] < $smcFunc['strlen']($value)) {
+							$custom_field_errors[] = array('custom_field_too_long', array($row['field_name'], $row['field_length']));
+			}
 
 			// Any masks to apply?
 			if ($row['field_type'] == 'text' && !empty($row['mask']) && $row['mask'] != 'none')
 			{
-				if ($row['mask'] == 'email' && (!filter_var($value, FILTER_VALIDATE_EMAIL) || strlen($value) > 255))
-					$custom_field_errors[] = array('custom_field_invalid_email', array($row['field_name']));
-				elseif ($row['mask'] == 'number' && preg_match('~[^\d]~', $value))
-					$custom_field_errors[] = array('custom_field_not_number', array($row['field_name']));
-				elseif (substr($row['mask'], 0, 5) == 'regex' && trim($value) != '' && preg_match(substr($row['mask'], 5), $value) === 0)
-					$custom_field_errors[] = array('custom_field_inproper_format', array($row['field_name']));
+				if ($row['mask'] == 'email' && (!filter_var($value, FILTER_VALIDATE_EMAIL) || strlen($value) > 255)) {
+									$custom_field_errors[] = array('custom_field_invalid_email', array($row['field_name']));
+				} elseif ($row['mask'] == 'number' && preg_match('~[^\d]~', $value)) {
+									$custom_field_errors[] = array('custom_field_not_number', array($row['field_name']));
+				} elseif (substr($row['mask'], 0, 5) == 'regex' && trim($value) != '' && preg_match(substr($row['mask'], 5), $value) === 0) {
+									$custom_field_errors[] = array('custom_field_inproper_format', array($row['field_name']));
+				}
 			}
 		}
 
 		// Is this required but not there?
-		if (trim($value) == '' && $row['show_reg'] > 1)
-			$custom_field_errors[] = array('custom_field_empty', array($row['field_name']));
+		if (trim($value) == '' && $row['show_reg'] > 1) {
+					$custom_field_errors[] = array('custom_field_empty', array($row['field_name']));
+		}
 	}
 	$smcFunc['db_free_result']($request);
 
@@ -463,8 +503,9 @@ 
 	if (!empty($custom_field_errors))
 	{
 		loadLanguage('Errors');
-		foreach ($custom_field_errors as $error)
-			$reg_errors[] = vsprintf($txt['error_' . $error[0]], $error[1]);
+		foreach ($custom_field_errors as $error) {
+					$reg_errors[] = vsprintf($txt['error_' . $error[0]], $error[1]);
+		}
 	}
 
 	// Lets check for other errors before trying to register the member.
@@ -509,8 +550,9 @@ 
 	}
 
 	// If COPPA has been selected then things get complicated, setup the template.
-	if (!empty($modSettings['coppaAge']) && empty($_SESSION['skip_coppa']))
-		redirectexit('action=coppa;member=' . $memberID);
+	if (!empty($modSettings['coppaAge']) && empty($_SESSION['skip_coppa'])) {
+			redirectexit('action=coppa;member=' . $memberID);
+	}
 	// Basic template variable setup.
 	elseif (!empty($modSettings['registration_method']))
 	{
@@ -522,8 +564,7 @@ 
 			'sub_template' => 'after',
 			'description' => $modSettings['registration_method'] == 2 ? $txt['approval_after_registration'] : $txt['activate_after_registration']
 		);
-	}
-	else
+	} else
 	{
 		call_integration_hook('integrate_activate', array($regOptions['username']));
 
@@ -543,16 +584,18 @@ 
 	global $context, $txt, $modSettings, $scripturl, $sourcedir, $smcFunc, $language, $user_info;
 
 	// Logged in users should not bother to activate their accounts
-	if (!empty($user_info['id']))
-		redirectexit();
+	if (!empty($user_info['id'])) {
+			redirectexit();
+	}
 
 	loadLanguage('Login');
 	loadTemplate('Login');
 
 	if (empty($_REQUEST['u']) && empty($_POST['user']))
 	{
-		if (empty($modSettings['registration_method']) || $modSettings['registration_method'] == '3')
-			fatal_lang_error('no_access', false);
+		if (empty($modSettings['registration_method']) || $modSettings['registration_method'] == '3') {
+					fatal_lang_error('no_access', false);
+		}
 
 		$context['member_id'] = 0;
 		$context['sub_template'] = 'resend';
@@ -592,11 +635,13 @@ 
 	// Change their email address? (they probably tried a fake one first :P.)
 	if (isset($_POST['new_email'], $_REQUEST['passwd']) && hash_password($row['member_name'], $_REQUEST['passwd']) == $row['passwd'] && ($row['is_activated'] == 0 || $row['is_activated'] == 2))
 	{
-		if (empty($modSettings['registration_method']) || $modSettings['registration_method'] == 3)
-			fatal_lang_error('no_access', false);
+		if (empty($modSettings['registration_method']) || $modSettings['registration_method'] == 3) {
+					fatal_lang_error('no_access', false);
+		}
 
-		if (!filter_var($_POST['new_email'], FILTER_VALIDATE_EMAIL))
-			fatal_error(sprintf($txt['valid_email_needed'], $smcFunc['htmlspecialchars']($_POST['new_email'])), false);
+		if (!filter_var($_POST['new_email'], FILTER_VALIDATE_EMAIL)) {
+					fatal_error(sprintf($txt['valid_email_needed'], $smcFunc['htmlspecialchars']($_POST['new_email'])), false);
+		}
 
 		// Make sure their email isn't banned.
 		isBannedEmail($_POST['new_email'], 'cannot_register', $txt['ban_register_prohibited']);
@@ -612,8 +657,9 @@ 
 			)
 		);
 
-		if ($smcFunc['db_num_rows']($request) != 0)
-			fatal_lang_error('email_in_use', false, array($smcFunc['htmlspecialchars']($_POST['new_email'])));
+		if ($smcFunc['db_num_rows']($request) != 0) {
+					fatal_lang_error('email_in_use', false, array($smcFunc['htmlspecialchars']($_POST['new_email'])));
+		}
 		$smcFunc['db_free_result']($request);
 
 		updateMemberData($row['id_member'], array('email_address' => $_POST['new_email']));
@@ -651,9 +697,9 @@ 
 	// Quit if this code is not right.
 	if (empty($_REQUEST['code']) || $row['validation_code'] != $_REQUEST['code'])
 	{
-		if (!empty($row['is_activated']))
-			fatal_lang_error('already_activated', false);
-		elseif ($row['validation_code'] == '')
+		if (!empty($row['is_activated'])) {
+					fatal_lang_error('already_activated', false);
+		} elseif ($row['validation_code'] == '')
 		{
 			loadLanguage('Profile');
 			fatal_error(sprintf($txt['registration_not_approved'], $scripturl . '?action=activate;user=' . $row['member_name']), false);
@@ -703,8 +749,9 @@ 
 	loadTemplate('Register');
 
 	// No User ID??
-	if (!isset($_GET['member']))
-		fatal_lang_error('no_access', false);
+	if (!isset($_GET['member'])) {
+			fatal_lang_error('no_access', false);
+	}
 
 	// Get the user details...
 	$request = $smcFunc['db_query']('', '
@@ -717,8 +764,9 @@ 
 			'is_coppa' => 5,
 		)
 	);
-	if ($smcFunc['db_num_rows']($request) == 0)
-		fatal_lang_error('no_access', false);
+	if ($smcFunc['db_num_rows']($request) == 0) {
+			fatal_lang_error('no_access', false);
+	}
 	list ($username) = $smcFunc['db_fetch_row']($request);
 	$smcFunc['db_free_result']($request);
 
@@ -756,8 +804,7 @@ 
 			echo $data;
 			obExit(false);
 		}
-	}
-	else
+	} else
 	{
 		$context += array(
 			'page_title' => $txt['coppa_title'],
@@ -810,8 +857,9 @@ 
 	{
 		require_once($sourcedir . '/Subs-Graphics.php');
 
-		if (in_array('gd', get_loaded_extensions()) && !showCodeImage($code))
-			header('HTTP/1.1 400 Bad Request');
+		if (in_array('gd', get_loaded_extensions()) && !showCodeImage($code)) {
+					header('HTTP/1.1 400 Bad Request');
+		}
 
 		// Otherwise just show a pre-defined letter.
 		elseif (isset($_REQUEST['letter']))
@@ -829,14 +877,13 @@ 
 			header('Content-Type: image/gif');
 			die("\x47\x49\x46\x38\x39\x61\x01\x00\x01\x00\x80\x00\x00\x00\x00\x00\x00\x00\x00\x21\xF9\x04\x01\x00\x00\x00\x00\x2C\x00\x00\x00\x00\x01\x00\x01\x00\x00\x02\x02\x44\x01\x00\x3B");
 		}
-	}
-
-	elseif ($_REQUEST['format'] === '.wav')
+	} elseif ($_REQUEST['format'] === '.wav')
 	{
 		require_once($sourcedir . '/Subs-Sound.php');
 
-		if (!createWaveFile($code))
-			header('HTTP/1.1 400 Bad Request');
+		if (!createWaveFile($code)) {
+					header('HTTP/1.1 400 Bad Request');
+		}
 	}
 
 	// We all die one day...

Sources/ManageSearch.php

Braces +109 added lines, -90 removed lines

@@ -13,8 +13,9 @@ 
  * @version 2.1 Beta 4
  */
 
-if (!defined('SMF'))
+if (!defined('SMF')) {
 	die('No direct access...');
+}
 
 /**
  * Main entry point for the admin search settings screen.
@@ -107,11 +108,13 @@ 
 	// Perhaps the search method wants to add some settings?
 	require_once($sourcedir . '/Search.php');
 	$searchAPI = findSearchAPI();
-	if (is_callable(array($searchAPI, 'searchSettings')))
-		call_user_func_array(array($searchAPI, 'searchSettings'), array(&$config_vars));
+	if (is_callable(array($searchAPI, 'searchSettings'))) {
+			call_user_func_array(array($searchAPI, 'searchSettings'), array(&$config_vars));
+	}
 
-	if ($return_config)
-		return $config_vars;
+	if ($return_config) {
+			return $config_vars;
+	}
 
 	$context['page_title'] = $txt['search_settings_title'];
 	$context['sub_template'] = 'show_settings';
@@ -126,8 +129,9 @@ 
 
 		call_integration_hook('integrate_save_search_settings');
 
-		if (empty($_POST['search_results_per_page']))
-			$_POST['search_results_per_page'] = !empty($modSettings['search_results_per_page']) ? $modSettings['search_results_per_page'] : $modSettings['defaultMaxMessages'];
+		if (empty($_POST['search_results_per_page'])) {
+					$_POST['search_results_per_page'] = !empty($modSettings['search_results_per_page']) ? $modSettings['search_results_per_page'] : $modSettings['defaultMaxMessages'];
+		}
 		saveDBSettings($config_vars);
 		$_SESSION['adm-save'] = true;
 		redirectexit('action=admin;area=managesearch;sa=settings;' . $context['session_var'] . '=' . $context['session_id']);
@@ -177,17 +181,20 @@ 
 		call_integration_hook('integrate_save_search_weights');
 
 		$changes = array();
-		foreach ($factors as $factor)
-			$changes[$factor] = (int) $_POST[$factor];
+		foreach ($factors as $factor) {
+					$changes[$factor] = (int) $_POST[$factor];
+		}
 		updateSettings($changes);
 	}
 
 	$context['relative_weights'] = array('total' => 0);
-	foreach ($factors as $factor)
-		$context['relative_weights']['total'] += isset($modSettings[$factor]) ? $modSettings[$factor] : 0;
+	foreach ($factors as $factor) {
+			$context['relative_weights']['total'] += isset($modSettings[$factor]) ? $modSettings[$factor] : 0;
+	}
 
-	foreach ($factors as $factor)
-		$context['relative_weights'][$factor] = round(100 * (isset($modSettings[$factor]) ? $modSettings[$factor] : 0) / $context['relative_weights']['total'], 1);
+	foreach ($factors as $factor) {
+			$context['relative_weights'][$factor] = round(100 * (isset($modSettings[$factor]) ? $modSettings[$factor] : 0) / $context['relative_weights']['total'], 1);
+	}
 
 	createToken('admin-msw');
 }
@@ -215,8 +222,9 @@ 
 	$context['search_apis'] = loadSearchAPIs();
 
 	// Detect whether a fulltext index is set.
-	if ($context['supports_fulltext'])
-		detectFulltextIndex();
+	if ($context['supports_fulltext']) {
+			detectFulltextIndex();
+	}
 
 	if (!empty($_REQUEST['sa']) && $_REQUEST['sa'] == 'createfulltext')
 	{
@@ -240,8 +248,7 @@ 
 					'language' => $language_ftx
 				)
 			);
-		}
-		else
+		} else
 		{
 			// Make sure it's gone before creating it.
 			$smcFunc['db_query']('', '
@@ -259,8 +266,7 @@ 
 				)
 			);
 		}
-	}
-	elseif (!empty($_REQUEST['sa']) && $_REQUEST['sa'] == 'removefulltext' && !empty($context['fulltext_index']))
+	} elseif (!empty($_REQUEST['sa']) && $_REQUEST['sa'] == 'removefulltext' && !empty($context['fulltext_index']))
 	{
 		checkSession('get');
 		validateToken('admin-msm', 'get');
@@ -277,12 +283,12 @@ 
 		$context['fulltext_index'] = array();
 
 		// Go back to the default search method.
-		if (!empty($modSettings['search_index']) && $modSettings['search_index'] == 'fulltext')
-			updateSettings(array(
+		if (!empty($modSettings['search_index']) && $modSettings['search_index'] == 'fulltext') {
+					updateSettings(array(
 				'search_index' => '',
 			));
-	}
-	elseif (!empty($_REQUEST['sa']) && $_REQUEST['sa'] == 'removecustom')
+		}
+	} elseif (!empty($_REQUEST['sa']) && $_REQUEST['sa'] == 'removecustom')
 	{
 		checkSession('get');
 		validateToken('admin-msm', 'get');
@@ -304,12 +310,12 @@ 
 		));
 
 		// Go back to the default search method.
-		if (!empty($modSettings['search_index']) && $modSettings['search_index'] == 'custom')
-			updateSettings(array(
+		if (!empty($modSettings['search_index']) && $modSettings['search_index'] == 'custom') {
+					updateSettings(array(
 				'search_index' => '',
 			));
-	}
-	elseif (isset($_POST['save']))
+		}
+	} elseif (isset($_POST['save']))
 	{
 		checkSession();
 		validateToken('admin-msmpost');
@@ -331,8 +337,8 @@ 
 	// Get some info about the messages table, to show its size and index size.
 	if ($db_type == 'mysql')
 	{
-		if (preg_match('~^`(.+?)`\.(.+?)$~', $db_prefix, $match) !== 0)
-			$request = $smcFunc['db_query']('', '
+		if (preg_match('~^`(.+?)`\.(.+?)$~', $db_prefix, $match) !== 0) {
+					$request = $smcFunc['db_query']('', '
 				SHOW TABLE STATUS
 				FROM {string:database_name}
 				LIKE {string:table_name}',
@@ -341,14 +347,15 @@ 
 					'table_name' => str_replace('_', '\_', $match[2]) . 'messages',
 				)
 			);
-		else
-			$request = $smcFunc['db_query']('', '
+		} else {
+					$request = $smcFunc['db_query']('', '
 				SHOW TABLE STATUS
 				LIKE {string:table_name}',
 				array(
 					'table_name' => str_replace('_', '\_', $db_prefix) . 'messages',
 				)
 			);
+		}
 		if ($request !== false && $smcFunc['db_num_rows']($request) == 1)
 		{
 			// Only do this if the user has permission to execute this query.
@@ -360,8 +367,8 @@ 
 		}
 
 		// Now check the custom index table, if it exists at all.
-		if (preg_match('~^`(.+?)`\.(.+?)$~', $db_prefix, $match) !== 0)
-			$request = $smcFunc['db_query']('', '
+		if (preg_match('~^`(.+?)`\.(.+?)$~', $db_prefix, $match) !== 0) {
+					$request = $smcFunc['db_query']('', '
 				SHOW TABLE STATUS
 				FROM {string:database_name}
 				LIKE {string:table_name}',
@@ -370,14 +377,15 @@ 
 					'table_name' => str_replace('_', '\_', $match[2]) . 'log_search_words',
 				)
 			);
-		else
-			$request = $smcFunc['db_query']('', '
+		} else {
+					$request = $smcFunc['db_query']('', '
 				SHOW TABLE STATUS
 				LIKE {string:table_name}',
 				array(
 					'table_name' => str_replace('_', '\_', $db_prefix) . 'log_search_words',
 				)
 			);
+		}
 		if ($request !== false && $smcFunc['db_num_rows']($request) == 1)
 		{
 			// Only do this if the user has permission to execute this query.
@@ -386,8 +394,7 @@ 
 			$context['table_info']['custom_index_length'] = $row['Data_length'] + $row['Index_length'];
 			$smcFunc['db_free_result']($request);
 		}
-	}
-	elseif ($db_type == 'postgresql')
+	} elseif ($db_type == 'postgresql')
 	{
 		// In order to report the sizes correctly we need to perform vacuum (optimize) on the tables we will be using.
 		//db_extend();
@@ -429,38 +436,38 @@ 
 					$context['table_info']['data_length'] = (int) $row['table_size'];
 					$context['table_info']['index_length'] = (int) $row['index_size'];
 					$context['table_info']['fulltext_length'] = (int) $row['index_size'];
-				}
-				elseif ($row['indexname'] == $db_prefix . 'log_search_words')
+				} elseif ($row['indexname'] == $db_prefix . 'log_search_words')
 				{
 					$context['table_info']['index_length'] = (int) $row['index_size'];
 					$context['table_info']['custom_index_length'] = (int) $row['index_size'];
 				}
 			}
 			$smcFunc['db_free_result']($request);
-		}
-		else
-			// Didn't work for some reason...
+		} else {
+					// Didn't work for some reason...
 			$context['table_info'] = array(
 				'data_length' => $txt['not_applicable'],
 				'index_length' => $txt['not_applicable'],
 				'fulltext_length' => $txt['not_applicable'],
 				'custom_index_length' => $txt['not_applicable'],
 			);
-	}
-	else
-		$context['table_info'] = array(
+		}
+	} else {
+			$context['table_info'] = array(
 			'data_length' => $txt['not_applicable'],
 			'index_length' => $txt['not_applicable'],
 			'fulltext_length' => $txt['not_applicable'],
 			'custom_index_length' => $txt['not_applicable'],
 		);
+	}
 
 	// Format the data and index length in kilobytes.
 	foreach ($context['table_info'] as $type => $size)
 	{
 		// If it's not numeric then just break.  This database engine doesn't support size.
-		if (!is_numeric($size))
-			break;
+		if (!is_numeric($size)) {
+					break;
+		}
 
 		$context['table_info'][$type] = comma_format($context['table_info'][$type] / 1024) . ' ' . $txt['search_method_kilobytes'];
 	}
@@ -489,8 +496,9 @@ 
 
 	// Scotty, we need more time...
 	@set_time_limit(600);
-	if (function_exists('apache_reset_timeout'))
-		@apache_reset_timeout();
+	if (function_exists('apache_reset_timeout')) {
+			@apache_reset_timeout();
+	}
 
 	$context[$context['admin_menu_name']]['current_subsection'] = 'method';
 	$context['page_title'] = $txt['search_index_custom'];
@@ -520,8 +528,7 @@ 
 		$context['start'] = (int) $context['index_settings']['resume_at'];
 		unset($context['index_settings']['resume_at']);
 		$context['step'] = 1;
-	}
-	else
+	} else
 	{
 		$context['index_settings'] = array(
 			'bytes_per_word' => isset($_REQUEST['bytes_per_word']) && isset($index_properties[$_REQUEST['bytes_per_word']]) ? (int) $_REQUEST['bytes_per_word'] : 2,
@@ -530,12 +537,14 @@ 
 		$context['step'] = isset($_REQUEST['step']) ? (int) $_REQUEST['step'] : 0;
 
 		// admin timeouts are painful when building these long indexes - but only if we actually have such things enabled
-		if (empty($modSettings['securityDisable']) && $_SESSION['admin_time'] + 3300 < time() && $context['step'] >= 1)
-			$_SESSION['admin_time'] = time();
+		if (empty($modSettings['securityDisable']) && $_SESSION['admin_time'] + 3300 < time() && $context['step'] >= 1) {
+					$_SESSION['admin_time'] = time();
+		}
 	}
 
-	if ($context['step'] !== 0)
-		checkSession('request');
+	if ($context['step'] !== 0) {
+			checkSession('request');
+	}
 
 	// Step 0: let the user determine how they like their index.
 	if ($context['step'] === 0)
@@ -564,12 +573,14 @@ 
 			$smcFunc['db_create_word_search']($index_properties[$context['index_settings']['bytes_per_word']]['column_definition']);
 
 			// Temporarily switch back to not using a search index.
-			if (!empty($modSettings['search_index']) && $modSettings['search_index'] == 'custom')
-				updateSettings(array('search_index' => ''));
+			if (!empty($modSettings['search_index']) && $modSettings['search_index'] == 'custom') {
+							updateSettings(array('search_index' => ''));
+			}
 
 			// Don't let simultanious processes be updating the search index.
-			if (!empty($modSettings['search_custom_index_config']))
-				updateSettings(array('search_custom_index_config' => ''));
+			if (!empty($modSettings['search_custom_index_config'])) {
+							updateSettings(array('search_custom_index_config' => ''));
+			}
 		}
 
 		$num_messages = array(
@@ -585,16 +596,16 @@ 
 				'starting_id' => $context['start'],
 			)
 		);
-		while ($row = $smcFunc['db_fetch_assoc']($request))
-			$num_messages[empty($row['todo']) ? 'done' : 'todo'] = $row['num_messages'];
+		while ($row = $smcFunc['db_fetch_assoc']($request)) {
+					$num_messages[empty($row['todo']) ? 'done' : 'todo'] = $row['num_messages'];
+		}
 
 		if (empty($num_messages['todo']))
 		{
 			$context['step'] = 2;
 			$context['percentage'] = 80;
 			$context['start'] = 0;
-		}
-		else
+		} else
 		{
 			// Number of seconds before the next step.
 			$stop = time() + 3;
@@ -635,21 +646,22 @@ 
 
 				$context['start'] += $forced_break ? $number_processed : $messages_per_batch;
 
-				if (!empty($inserts))
-					$smcFunc['db_insert']('ignore',
+				if (!empty($inserts)) {
+									$smcFunc['db_insert']('ignore',
 						'{db_prefix}log_search_words',
 						array('id_word' => 'int', 'id_msg' => 'int'),
 						$inserts,
 						array('id_word', 'id_msg')
 					);
+				}
 				if ($num_messages['todo'] === 0)
 				{
 					$context['step'] = 2;
 					$context['start'] = 0;
 					break;
+				} else {
+									updateSettings(array('search_custom_index_resume' => json_encode(array_merge($context['index_settings'], array('resume_at' => $context['start'])))));
 				}
-				else
-					updateSettings(array('search_custom_index_resume' => json_encode(array_merge($context['index_settings'], array('resume_at' => $context['start'])))));
 			}
 
 			// Since there are still two steps to go, 80% is the maximum here.
@@ -660,9 +672,9 @@ 
 	// Step 2: removing the words that occur too often and are of no use.
 	elseif ($context['step'] === 2)
 	{
-		if ($context['index_settings']['bytes_per_word'] < 4)
-			$context['step'] = 3;
-		else
+		if ($context['index_settings']['bytes_per_word'] < 4) {
+					$context['step'] = 3;
+		} else
 		{
 			$stop_words = $context['start'] === 0 || empty($modSettings['search_stopwords']) ? array() : explode(',', $modSettings['search_stopwords']);
 			$stop = time() + 3;
@@ -683,20 +695,22 @@ 
 						'minimum_messages' => $max_messages,
 					)
 				);
-				while ($row = $smcFunc['db_fetch_assoc']($request))
-					$stop_words[] = $row['id_word'];
+				while ($row = $smcFunc['db_fetch_assoc']($request)) {
+									$stop_words[] = $row['id_word'];
+				}
 				$smcFunc['db_free_result']($request);
 
 				updateSettings(array('search_stopwords' => implode(',', $stop_words)));
 
-				if (!empty($stop_words))
-					$smcFunc['db_query']('', '
+				if (!empty($stop_words)) {
+									$smcFunc['db_query']('', '
 						DELETE FROM {db_prefix}log_search_words
 						WHERE id_word in ({array_int:stop_words})',
 						array(
 							'stop_words' => $stop_words,
 						)
 					);
+				}
 
 				$context['start'] += $index_properties[$context['index_settings']['bytes_per_word']]['step_size'];
 				if ($context['start'] > $index_properties[$context['index_settings']['bytes_per_word']]['max_size'])
@@ -757,8 +771,9 @@ 
 					$searchAPI = new $search_class_name();
 
 					// No Support?  NEXT!
-					if (!$searchAPI->is_supported)
-						continue;
+					if (!$searchAPI->is_supported) {
+											continue;
+					}
 
 					$apis[$index_name] = array(
 						'filename' => $file,
@@ -805,10 +820,10 @@ 
 				'messages_ftx' => $db_prefix . 'messages_ftx',
 			)
 		);
-		while ($row = $smcFunc['db_fetch_assoc']($request))
-			$context['fulltext_index'][] = $row['indexname'];
-	}
-	else
+		while ($row = $smcFunc['db_fetch_assoc']($request)) {
+					$context['fulltext_index'][] = $row['indexname'];
+		}
+	} else
 	{
 		$request = $smcFunc['db_query']('', '
 			SHOW INDEX
@@ -819,17 +834,19 @@ 
 		$context['fulltext_index'] = array();
 		if ($request !== false || $smcFunc['db_num_rows']($request) != 0)
 		{
-			while ($row = $smcFunc['db_fetch_assoc']($request))
-			if ($row['Column_name'] == 'body' && (isset($row['Index_type']) && $row['Index_type'] == 'FULLTEXT' || isset($row['Comment']) && $row['Comment'] == 'FULLTEXT'))
+			while ($row = $smcFunc['db_fetch_assoc']($request)) {
+						if ($row['Column_name'] == 'body' && (isset($row['Index_type']) && $row['Index_type'] == 'FULLTEXT' || isset($row['Comment']) && $row['Comment'] == 'FULLTEXT'))
 				$context['fulltext_index'][] = $row['Key_name'];
+			}
 			$smcFunc['db_free_result']($request);
 
-			if (is_array($context['fulltext_index']))
-				$context['fulltext_index'] = array_unique($context['fulltext_index']);
+			if (is_array($context['fulltext_index'])) {
+							$context['fulltext_index'] = array_unique($context['fulltext_index']);
+			}
 		}
 
-		if (preg_match('~^`(.+?)`\.(.+?)$~', $db_prefix, $match) !== 0)
-			$request = $smcFunc['db_query']('', '
+		if (preg_match('~^`(.+?)`\.(.+?)$~', $db_prefix, $match) !== 0) {
+					$request = $smcFunc['db_query']('', '
 			SHOW TABLE STATUS
 			FROM {string:database_name}
 			LIKE {string:table_name}',
@@ -838,20 +855,22 @@ 
 				'table_name' => str_replace('_', '\_', $match[2]) . 'messages',
 			)
 			);
-		else
-			$request = $smcFunc['db_query']('', '
+		} else {
+					$request = $smcFunc['db_query']('', '
 			SHOW TABLE STATUS
 			LIKE {string:table_name}',
 			array(
 				'table_name' => str_replace('_', '\_', $db_prefix) . 'messages',
 			)
 			);
+		}
 
 		if ($request !== false)
 		{
-			while ($row = $smcFunc['db_fetch_assoc']($request))
-			if (isset($row['Engine']) && strtolower($row['Engine']) != 'myisam' && !(strtolower($row['Engine']) == 'innodb' && version_compare($smcFunc['db_get_version'], '5.6.4', '>=')))
+			while ($row = $smcFunc['db_fetch_assoc']($request)) {
+						if (isset($row['Engine']) && strtolower($row['Engine']) != 'myisam' && !(strtolower($row['Engine']) == 'innodb' && version_compare($smcFunc['db_get_version'], '5.6.4', '>=')))
 				$context['cannot_create_fulltext'] = true;
+			}
 			$smcFunc['db_free_result']($request);
 		}
 	}

Sources/LogInOut.php

Braces +161 added lines, -126 removed lines

@@ -14,8 +14,9 @@ 
  * @version 2.1 Beta 4
  */
 
-if (!defined('SMF'))
+if (!defined('SMF')) {
 	die('No direct access...');
+}
 
 /**
  * Ask them for their login information. (shows a page for the user to type
@@ -29,8 +30,9 @@ 
 	global $txt, $context, $scripturl, $user_info;
 
 	// You are already logged in, go take a tour of the boards
-	if (!empty($user_info['id']))
-		redirectexit();
+	if (!empty($user_info['id'])) {
+			redirectexit();
+	}
 
 	// We need to load the Login template/language file.
 	loadLanguage('Login');
@@ -57,10 +59,11 @@ 
 	);
 
 	// Set the login URL - will be used when the login process is done (but careful not to send us to an attachment).
-	if (isset($_SESSION['old_url']) && strpos($_SESSION['old_url'], 'dlattach') === false && preg_match('~(board|topic)[=,]~', $_SESSION['old_url']) != 0)
-		$_SESSION['login_url'] = $_SESSION['old_url'];
-	elseif (isset($_SESSION['login_url']) && strpos($_SESSION['login_url'], 'dlattach') !== false)
-		unset($_SESSION['login_url']);
+	if (isset($_SESSION['old_url']) && strpos($_SESSION['old_url'], 'dlattach') === false && preg_match('~(board|topic)[=,]~', $_SESSION['old_url']) != 0) {
+			$_SESSION['login_url'] = $_SESSION['old_url'];
+	} elseif (isset($_SESSION['login_url']) && strpos($_SESSION['login_url'], 'dlattach') !== false) {
+			unset($_SESSION['login_url']);
+	}
 
 	// Create a one time token.
 	createToken('login');
@@ -83,8 +86,9 @@ 
 	global $cookiename, $modSettings, $context, $sourcedir, $maintenance;
 
 	// Check to ensure we're forcing SSL for authentication
-	if (!empty($modSettings['force_ssl']) && empty($maintenance) && (!isset($_SERVER['HTTPS']) || $_SERVER['HTTPS'] != 'on'))
-		fatal_lang_error('login_ssl_required');
+	if (!empty($modSettings['force_ssl']) && empty($maintenance) && (!isset($_SERVER['HTTPS']) || $_SERVER['HTTPS'] != 'on')) {
+			fatal_lang_error('login_ssl_required');
+	}
 
 	// Load cookie authentication stuff.
 	require_once($sourcedir . '/Subs-Auth.php');
@@ -102,19 +106,20 @@ 
 			list (,, $timeout) = smf_json_decode($_COOKIE[$cookiename], true);
 
 			// That didn't work... Maybe it's using serialize?
-			if (is_null($timeout))
-				list (,, $timeout) = safe_unserialize($_COOKIE[$cookiename]);
-		}
-		elseif (isset($_SESSION['login_' . $cookiename]))
+			if (is_null($timeout)) {
+							list (,, $timeout) = safe_unserialize($_COOKIE[$cookiename]);
+			}
+		} elseif (isset($_SESSION['login_' . $cookiename]))
 		{
 			list (,, $timeout) = smf_json_decode($_SESSION['login_' . $cookiename]);
 
 			// Try for old format
-			if (is_null($timeout))
-				list (,, $timeout) = safe_unserialize($_SESSION['login_' . $cookiename]);
+			if (is_null($timeout)) {
+							list (,, $timeout) = safe_unserialize($_SESSION['login_' . $cookiename]);
+			}
+		} else {
+					trigger_error('Login2(): Cannot be logged in without a session or cookie', E_USER_ERROR);
 		}
-		else
-			trigger_error('Login2(): Cannot be logged in without a session or cookie', E_USER_ERROR);
 
 		$user_settings['password_salt'] = substr(md5(mt_rand()), 0, 4);
 		updateMemberData($user_info['id'], array('password_salt' => $user_settings['password_salt']));
@@ -125,16 +130,18 @@ 
 			$tfadata = smf_json_decode($_COOKIE[$cookiename . '_tfa'], true);
 
 			// If that didn't work, try unserialize instead...
-			if (is_null($tfadata))
-				$tfadata = safe_unserialize($_COOKIE[$cookiename . '_tfa']);
+			if (is_null($tfadata)) {
+							$tfadata = safe_unserialize($_COOKIE[$cookiename . '_tfa']);
+			}
 
 			list ($tfamember, $tfasecret, $exp, $state, $preserve) = $tfadata;
 
 			// If we're preserving the cookie, reset it with updated salt
-			if ($preserve && time() < $exp)
-				setTFACookie(3153600, $user_info['password_salt'], hash_salt($user_settings['tfa_backup'], $user_settings['password_salt']), true);
-			else
-				setTFACookie(-3600, 0, '');
+			if ($preserve && time() < $exp) {
+							setTFACookie(3153600, $user_info['password_salt'], hash_salt($user_settings['tfa_backup'], $user_settings['password_salt']), true);
+			} else {
+							setTFACookie(-3600, 0, '');
+			}
 		}
 
 		setLoginCookie($timeout - time(), $user_info['id'], hash_salt($user_settings['passwd'], $user_settings['password_salt']));
@@ -145,20 +152,20 @@ 
 	elseif (isset($_GET['sa']) && $_GET['sa'] == 'check')
 	{
 		// Strike!  You're outta there!
-		if ($_GET['member'] != $user_info['id'])
-			fatal_lang_error('login_cookie_error', false);
+		if ($_GET['member'] != $user_info['id']) {
+					fatal_lang_error('login_cookie_error', false);
+		}
 
 		$user_info['can_mod'] = allowedTo('access_mod_center') || (!$user_info['is_guest'] && ($user_info['mod_cache']['gq'] != '0=1' || $user_info['mod_cache']['bq'] != '0=1' || ($modSettings['postmod_active'] && !empty($user_info['mod_cache']['ap']))));
 
 		// Some whitelisting for login_url...
-		if (empty($_SESSION['login_url']))
-			redirectexit(empty($user_settings['tfa_secret']) ? '' : 'action=logintfa');
-		elseif (!empty($_SESSION['login_url']) && (strpos($_SESSION['login_url'], 'http://') === false && strpos($_SESSION['login_url'], 'https://') === false))
+		if (empty($_SESSION['login_url'])) {
+					redirectexit(empty($user_settings['tfa_secret']) ? '' : 'action=logintfa');
+		} elseif (!empty($_SESSION['login_url']) && (strpos($_SESSION['login_url'], 'http://') === false && strpos($_SESSION['login_url'], 'https://') === false))
 		{
 			unset ($_SESSION['login_url']);
 			redirectexit(empty($user_settings['tfa_secret']) ? '' : 'action=logintfa');
-		}
-		else
+		} else
 		{
 			// Best not to clutter the session data too much...
 			$temp = $_SESSION['login_url'];
@@ -169,8 +176,9 @@ 
 	}
 
 	// Beyond this point you are assumed to be a guest trying to login.
-	if (!$user_info['is_guest'])
-		redirectexit();
+	if (!$user_info['is_guest']) {
+			redirectexit();
+	}
 
 	// Are you guessing with a script?
 	checkSession();
@@ -178,18 +186,21 @@ 
 	spamProtection('login');
 
 	// Set the login_url if it's not already set (but careful not to send us to an attachment).
-	if ((empty($_SESSION['login_url']) && isset($_SESSION['old_url']) && strpos($_SESSION['old_url'], 'dlattach') === false && preg_match('~(board|topic)[=,]~', $_SESSION['old_url']) != 0) || (isset($_GET['quicklogin']) && isset($_SESSION['old_url']) && strpos($_SESSION['old_url'], 'login') === false))
-		$_SESSION['login_url'] = $_SESSION['old_url'];
+	if ((empty($_SESSION['login_url']) && isset($_SESSION['old_url']) && strpos($_SESSION['old_url'], 'dlattach') === false && preg_match('~(board|topic)[=,]~', $_SESSION['old_url']) != 0) || (isset($_GET['quicklogin']) && isset($_SESSION['old_url']) && strpos($_SESSION['old_url'], 'login') === false)) {
+			$_SESSION['login_url'] = $_SESSION['old_url'];
+	}
 
 	// Been guessing a lot, haven't we?
-	if (isset($_SESSION['failed_login']) && $_SESSION['failed_login'] >= $modSettings['failed_login_threshold'] * 3)
-		fatal_lang_error('login_threshold_fail', 'critical');
+	if (isset($_SESSION['failed_login']) && $_SESSION['failed_login'] >= $modSettings['failed_login_threshold'] * 3) {
+			fatal_lang_error('login_threshold_fail', 'critical');
+	}
 
 	// Set up the cookie length.  (if it's invalid, just fall through and use the default.)
-	if (isset($_POST['cookieneverexp']) || (!empty($_POST['cookielength']) && $_POST['cookielength'] == -1))
-		$modSettings['cookieTime'] = 3153600;
-	elseif (!empty($_POST['cookielength']) && ($_POST['cookielength'] >= 1 && $_POST['cookielength'] <= 525600))
-		$modSettings['cookieTime'] = (int) $_POST['cookielength'];
+	if (isset($_POST['cookieneverexp']) || (!empty($_POST['cookielength']) && $_POST['cookielength'] == -1)) {
+			$modSettings['cookieTime'] = 3153600;
+	} elseif (!empty($_POST['cookielength']) && ($_POST['cookielength'] >= 1 && $_POST['cookielength'] <= 525600)) {
+			$modSettings['cookieTime'] = (int) $_POST['cookielength'];
+	}
 
 	loadLanguage('Login');
 	// Load the template stuff.
@@ -309,8 +320,9 @@ 
 			$other_passwords[] = crypt(md5($_POST['passwrd']), md5($_POST['passwrd']));
 
 			// Snitz style - SHA-256.  Technically, this is a downgrade, but most PHP configurations don't support sha256 anyway.
-			if (strlen($user_settings['passwd']) == 64 && function_exists('mhash') && defined('MHASH_SHA256'))
-				$other_passwords[] = bin2hex(mhash(MHASH_SHA256, $_POST['passwrd']));
+			if (strlen($user_settings['passwd']) == 64 && function_exists('mhash') && defined('MHASH_SHA256')) {
+							$other_passwords[] = bin2hex(mhash(MHASH_SHA256, $_POST['passwrd']));
+			}
 
 			// phpBB3 users new hashing.  We now support it as well ;).
 			$other_passwords[] = phpBB3_password_check($_POST['passwrd'], $user_settings['passwd']);
@@ -330,27 +342,29 @@ 
 			// Some common md5 ones.
 			$other_passwords[] = md5($user_settings['password_salt'] . $_POST['passwrd']);
 			$other_passwords[] = md5($_POST['passwrd'] . $user_settings['password_salt']);
-		}
-		elseif (strlen($user_settings['passwd']) == 40)
+		} elseif (strlen($user_settings['passwd']) == 40)
 		{
 			// Maybe they are using a hash from before the password fix.
 			// This is also valid for SMF 1.1 to 2.0 style of hashing, changed to bcrypt in SMF 2.1
 			$other_passwords[] = sha1(strtolower($user_settings['member_name']) . un_htmlspecialchars($_POST['passwrd']));
 
 			// BurningBoard3 style of hashing.
-			if (!empty($modSettings['enable_password_conversion']))
-				$other_passwords[] = sha1($user_settings['password_salt'] . sha1($user_settings['password_salt'] . sha1($_POST['passwrd'])));
+			if (!empty($modSettings['enable_password_conversion'])) {
+							$other_passwords[] = sha1($user_settings['password_salt'] . sha1($user_settings['password_salt'] . sha1($_POST['passwrd'])));
+			}
 
 			// Perhaps we converted to UTF-8 and have a valid password being hashed differently.
 			if ($context['character_set'] == 'UTF-8' && !empty($modSettings['previousCharacterSet']) && $modSettings['previousCharacterSet'] != 'utf8')
 			{
 				// Try iconv first, for no particular reason.
-				if (function_exists('iconv'))
-					$other_passwords['iconv'] = sha1(strtolower(iconv('UTF-8', $modSettings['previousCharacterSet'], $user_settings['member_name'])) . un_htmlspecialchars(iconv('UTF-8', $modSettings['previousCharacterSet'], $_POST['passwrd'])));
+				if (function_exists('iconv')) {
+									$other_passwords['iconv'] = sha1(strtolower(iconv('UTF-8', $modSettings['previousCharacterSet'], $user_settings['member_name'])) . un_htmlspecialchars(iconv('UTF-8', $modSettings['previousCharacterSet'], $_POST['passwrd'])));
+				}
 
 				// Say it aint so, iconv failed!
-				if (empty($other_passwords['iconv']) && function_exists('mb_convert_encoding'))
-					$other_passwords[] = sha1(strtolower(mb_convert_encoding($user_settings['member_name'], 'UTF-8', $modSettings['previousCharacterSet'])) . un_htmlspecialchars(mb_convert_encoding($_POST['passwrd'], 'UTF-8', $modSettings['previousCharacterSet'])));
+				if (empty($other_passwords['iconv']) && function_exists('mb_convert_encoding')) {
+									$other_passwords[] = sha1(strtolower(mb_convert_encoding($user_settings['member_name'], 'UTF-8', $modSettings['previousCharacterSet'])) . un_htmlspecialchars(mb_convert_encoding($_POST['passwrd'], 'UTF-8', $modSettings['previousCharacterSet'])));
+				}
 			}
 		}
 
@@ -380,8 +394,9 @@ 
 			$_SESSION['failed_login'] = isset($_SESSION['failed_login']) ? ($_SESSION['failed_login'] + 1) : 1;
 
 			// Hmm... don't remember it, do you?  Here, try the password reminder ;).
-			if ($_SESSION['failed_login'] >= $modSettings['failed_login_threshold'])
-				redirectexit('action=reminder');
+			if ($_SESSION['failed_login'] >= $modSettings['failed_login_threshold']) {
+							redirectexit('action=reminder');
+			}
 			// We'll give you another chance...
 			else
 			{
@@ -392,8 +407,7 @@ 
 				return;
 			}
 		}
-	}
-	elseif (!empty($user_settings['passwd_flood']))
+	} elseif (!empty($user_settings['passwd_flood']))
 	{
 		// Let's be sure they weren't a little hacker.
 		validatePasswordFlood($user_settings['id_member'], $user_settings['passwd_flood'], true);
@@ -410,8 +424,9 @@ 
 	}
 
 	// Check their activation status.
-	if (!checkActivation())
-		return;
+	if (!checkActivation()) {
+			return;
+	}
 
 	DoLogin();
 }
@@ -423,8 +438,9 @@ 
 {
 	global $sourcedir, $txt, $context, $user_info, $modSettings, $scripturl;
 
-	if (!$user_info['is_guest'] || empty($context['tfa_member']) || empty($modSettings['tfa_mode']))
-		fatal_lang_error('no_access', false);
+	if (!$user_info['is_guest'] || empty($context['tfa_member']) || empty($modSettings['tfa_mode'])) {
+			fatal_lang_error('no_access', false);
+	}
 
 	loadLanguage('Profile');
 	require_once($sourcedir . '/Class-TOTP.php');
@@ -432,8 +448,9 @@ 
 	$member = $context['tfa_member'];
 
 	// Prevent replay attacks by limiting at least 2 minutes before they can log in again via 2FA
-	if (time() - $member['last_login'] < 120)
-		fatal_lang_error('tfa_wait', false);
+	if (time() - $member['last_login'] < 120) {
+			fatal_lang_error('tfa_wait', false);
+	}
 
 	$totp = new \TOTP\Auth($member['tfa_secret']);
 	$totp->setRange(1);
@@ -447,8 +464,9 @@ 
 	if (!empty($_POST['tfa_code']) && empty($_POST['tfa_backup']))
 	{
 		// Check to ensure we're forcing SSL for authentication
-		if (!empty($modSettings['force_ssl']) && empty($maintenance) && (!isset($_SERVER['HTTPS']) || $_SERVER['HTTPS'] != 'on'))
-			fatal_lang_error('login_ssl_required');
+		if (!empty($modSettings['force_ssl']) && empty($maintenance) && (!isset($_SERVER['HTTPS']) || $_SERVER['HTTPS'] != 'on')) {
+					fatal_lang_error('login_ssl_required');
+		}
 
 		$code = $_POST['tfa_code'];
 
@@ -458,20 +476,19 @@ 
 
 			setTFACookie(3153600, $member['id_member'], hash_salt($member['tfa_backup'], $member['password_salt']), !empty($_POST['tfa_preserve']));
 			redirectexit();
-		}
-		else
+		} else
 		{
 			validatePasswordFlood($member['id_member'], $member['passwd_flood'], false, true);
 
 			$context['tfa_error'] = true;
 			$context['tfa_value'] = $_POST['tfa_code'];
 		}
-	}
-	elseif (!empty($_POST['tfa_backup']))
+	} elseif (!empty($_POST['tfa_backup']))
 	{
 		// Check to ensure we're forcing SSL for authentication
-		if (!empty($modSettings['force_ssl']) && empty($maintenance) && (!isset($_SERVER['HTTPS']) || $_SERVER['HTTPS'] != 'on'))
-			fatal_lang_error('login_ssl_required');
+		if (!empty($modSettings['force_ssl']) && empty($maintenance) && (!isset($_SERVER['HTTPS']) || $_SERVER['HTTPS'] != 'on')) {
+					fatal_lang_error('login_ssl_required');
+		}
 
 		$backup = $_POST['tfa_backup'];
 
@@ -485,8 +502,7 @@ 
 			));
 			setTFACookie(3153600, $member['id_member'], hash_salt($member['tfa_backup'], $member['password_salt']));
 			redirectexit('action=profile;area=tfasetup;backup');
-		}
-		else
+		} else
 		{
 			validatePasswordFlood($member['id_member'], $member['passwd_flood'], false, true);
 
@@ -509,8 +525,9 @@ 
 {
 	global $context, $txt, $scripturl, $user_settings, $modSettings;
 
-	if (!isset($context['login_errors']))
-		$context['login_errors'] = array();
+	if (!isset($context['login_errors'])) {
+			$context['login_errors'] = array();
+	}
 
 	// What is the true activation status of this account?
 	$activation_status = $user_settings['is_activated'] > 10 ? $user_settings['is_activated'] - 10 : $user_settings['is_activated'];
@@ -522,8 +539,9 @@ 
 		return false;
 	}
 	// Awaiting approval still?
-	elseif ($activation_status == 3)
-		fatal_lang_error('still_awaiting_approval', 'user');
+	elseif ($activation_status == 3) {
+			fatal_lang_error('still_awaiting_approval', 'user');
+	}
 	// Awaiting deletion, changed their mind?
 	elseif ($activation_status == 4)
 	{
@@ -531,8 +549,7 @@ 
 		{
 			updateMemberData($user_settings['id_member'], array('is_activated' => 1));
 			updateSettings(array('unapprovedMembers' => ($modSettings['unapprovedMembers'] > 0 ? $modSettings['unapprovedMembers'] - 1 : 0)));
-		}
-		else
+		} else
 		{
 			$context['disable_login_hashing'] = true;
 			$context['login_errors'][] = $txt['awaiting_delete_account'];
@@ -572,8 +589,9 @@ 
 	setLoginCookie(60 * $modSettings['cookieTime'], $user_settings['id_member'], hash_salt($user_settings['passwd'], $user_settings['password_salt']));
 
 	// Reset the login threshold.
-	if (isset($_SESSION['failed_login']))
-		unset($_SESSION['failed_login']);
+	if (isset($_SESSION['failed_login'])) {
+			unset($_SESSION['failed_login']);
+	}
 
 	$user_info['is_guest'] = false;
 	$user_settings['additional_groups'] = explode(',', $user_settings['additional_groups']);
@@ -595,16 +613,18 @@ 
 			'id_member' => $user_info['id'],
 		)
 	);
-	if ($smcFunc['db_num_rows']($request) == 1)
-		$_SESSION['first_login'] = true;
-	else
-		unset($_SESSION['first_login']);
+	if ($smcFunc['db_num_rows']($request) == 1) {
+			$_SESSION['first_login'] = true;
+	} else {
+			unset($_SESSION['first_login']);
+	}
 	$smcFunc['db_free_result']($request);
 
 	// You've logged in, haven't you?
 	$update = array('member_ip' => $user_info['ip'], 'member_ip2' => $_SERVER['BAN_CHECK_IP']);
-	if (empty($user_settings['tfa_secret']))
-		$update['last_login'] = time();
+	if (empty($user_settings['tfa_secret'])) {
+			$update['last_login'] = time();
+	}
 	updateMemberData($user_info['id'], $update);
 
 	// Get rid of the online entry for that old guest....
@@ -618,8 +638,8 @@ 
 	$_SESSION['log_time'] = 0;
 
 	// Log this entry, only if we have it enabled.
-	if (!empty($modSettings['loginHistoryDays']))
-		$smcFunc['db_insert']('insert',
+	if (!empty($modSettings['loginHistoryDays'])) {
+			$smcFunc['db_insert']('insert',
 			'{db_prefix}member_logins',
 			array(
 				'id_member' => 'int', 'time' => 'int', 'ip' => 'inet', 'ip2' => 'inet',
@@ -631,13 +651,15 @@ 
 				'id_member', 'time'
 			)
 		);
+	}
 
 	// Just log you back out if it's in maintenance mode and you AREN'T an admin.
-	if (empty($maintenance) || allowedTo('admin_forum'))
-		redirectexit('action=login2;sa=check;member=' . $user_info['id'], $context['server']['needs_login_fix']);
-	else
-		redirectexit('action=logout;' . $context['session_var'] . '=' . $context['session_id'], $context['server']['needs_login_fix']);
-}
+	if (empty($maintenance) || allowedTo('admin_forum')) {
+			redirectexit('action=login2;sa=check;member=' . $user_info['id'], $context['server']['needs_login_fix']);
+	} else {
+			redirectexit('action=logout;' . $context['session_var'] . '=' . $context['session_id'], $context['server']['needs_login_fix']);
+	}
+	}
 
 /**
  * Logs the current user out of their account.
@@ -653,13 +675,15 @@ 
 	global $sourcedir, $user_info, $user_settings, $context, $smcFunc, $cookiename, $modSettings;
 
 	// Make sure they aren't being auto-logged out.
-	if (!$internal)
-		checkSession('get');
+	if (!$internal) {
+			checkSession('get');
+	}
 
 	require_once($sourcedir . '/Subs-Auth.php');
 
-	if (isset($_SESSION['pack_ftp']))
-		$_SESSION['pack_ftp'] = null;
+	if (isset($_SESSION['pack_ftp'])) {
+			$_SESSION['pack_ftp'] = null;
+	}
 
 	// It won't be first login anymore.
 	unset($_SESSION['first_login']);
@@ -687,8 +711,9 @@ 
 
 	// And some other housekeeping while we're at it.
 	$salt = substr(md5(mt_rand()), 0, 4);
-	if (!empty($user_info['id']))
-		updateMemberData($user_info['id'], array('password_salt' => $salt));
+	if (!empty($user_info['id'])) {
+			updateMemberData($user_info['id'], array('password_salt' => $salt));
+	}
 
 	if (!empty($modSettings['tfa_mode']) && !empty($user_info['id']) && !empty($_COOKIE[$cookiename . '_tfa']))
 	{
@@ -697,10 +722,11 @@ 
 		list ($tfamember, $tfasecret, $exp, $state, $preserve) = $tfadata;
 
 		// If we're preserving the cookie, reset it with updated salt
-		if (isset($tfamember, $tfasecret, $exp, $state, $preserve) && $preserve && time() < $exp)
-			setTFACookie(3153600, $user_info['id'], hash_salt($user_settings['tfa_backup'], $salt), true);
-		else
-			setTFACookie(-3600, 0, '');
+		if (isset($tfamember, $tfasecret, $exp, $state, $preserve) && $preserve && time() < $exp) {
+					setTFACookie(3153600, $user_info['id'], hash_salt($user_settings['tfa_backup'], $salt), true);
+		} else {
+					setTFACookie(-3600, 0, '');
+		}
 	}
 
 	session_destroy();
@@ -708,14 +734,13 @@ 
 	// Off to the merry board index we go!
 	if ($redirect)
 	{
-		if (empty($_SESSION['logout_url']))
-			redirectexit('', $context['server']['needs_login_fix']);
-		elseif (!empty($_SESSION['logout_url']) && (strpos($_SESSION['logout_url'], 'http://') === false && strpos($_SESSION['logout_url'], 'https://') === false))
+		if (empty($_SESSION['logout_url'])) {
+					redirectexit('', $context['server']['needs_login_fix']);
+		} elseif (!empty($_SESSION['logout_url']) && (strpos($_SESSION['logout_url'], 'http://') === false && strpos($_SESSION['logout_url'], 'https://') === false))
 		{
 			unset ($_SESSION['logout_url']);
 			redirectexit();
-		}
-		else
+		} else
 		{
 			$temp = $_SESSION['logout_url'];
 			unset($_SESSION['logout_url']);
@@ -748,8 +773,9 @@ 
 function phpBB3_password_check($passwd, $passwd_hash)
 {
 	// Too long or too short?
-	if (strlen($passwd_hash) != 34)
-		return;
+	if (strlen($passwd_hash) != 34) {
+			return;
+	}
 
 	// Range of characters allowed.
 	$range = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
@@ -760,8 +786,9 @@ 
 	$salt = substr($passwd_hash, 4, 8);
 
 	$hash = md5($salt . $passwd, true);
-	for (; $count != 0; --$count)
-		$hash = md5($hash . $passwd, true);
+	for (; $count != 0; --$count) {
+			$hash = md5($hash . $passwd, true);
+	}
 
 	$output = substr($passwd_hash, 0, 12);
 	$i = 0;
@@ -770,21 +797,25 @@ 
 		$value = ord($hash[$i++]);
 		$output .= $range[$value & 0x3f];
 
-		if ($i < 16)
-			$value |= ord($hash[$i]) << 8;
+		if ($i < 16) {
+					$value |= ord($hash[$i]) << 8;
+		}
 
 		$output .= $range[($value >> 6) & 0x3f];
 
-		if ($i++ >= 16)
-			break;
+		if ($i++ >= 16) {
+					break;
+		}
 
-		if ($i < 16)
-			$value |= ord($hash[$i]) << 16;
+		if ($i < 16) {
+					$value |= ord($hash[$i]) << 16;
+		}
 
 		$output .= $range[($value >> 12) & 0x3f];
 
-		if ($i++ >= 16)
-			break;
+		if ($i++ >= 16) {
+					break;
+		}
 
 		$output .= $range[($value >> 18) & 0x3f];
 	}
@@ -815,8 +846,9 @@ 
 		require_once($sourcedir . '/Subs-Auth.php');
 		setLoginCookie(-3600, 0);
 
-		if (isset($_SESSION['login_' . $cookiename]))
-			unset($_SESSION['login_' . $cookiename]);
+		if (isset($_SESSION['login_' . $cookiename])) {
+					unset($_SESSION['login_' . $cookiename]);
+		}
 	}
 
 	// We need a member!
@@ -830,8 +862,9 @@ 
 	}
 
 	// Right, have we got a flood value?
-	if ($password_flood_value !== false)
-		@list ($time_stamp, $number_tries) = explode('|', $password_flood_value);
+	if ($password_flood_value !== false) {
+			@list ($time_stamp, $number_tries) = explode('|', $password_flood_value);
+	}
 
 	// Timestamp or number of tries invalid?
 	if (empty($number_tries) || empty($time_stamp))
@@ -847,15 +880,17 @@ 
 		$number_tries = $time_stamp < time() - 20 ? 2 : $number_tries;
 
 		// They are trying too fast, make them wait longer
-		if ($time_stamp < time() - 10)
-			$time_stamp = time();
+		if ($time_stamp < time() - 10) {
+					$time_stamp = time();
+		}
 	}
 
 	$number_tries++;
 
 	// Broken the law?
-	if ($number_tries > 5)
-		fatal_lang_error('login_threshold_brute_fail', 'critical');
+	if ($number_tries > 5) {
+			fatal_lang_error('login_threshold_brute_fail', 'critical');
+	}
 
 	// Otherwise set the members data. If they correct on their first attempt then we actually clear it, otherwise we set it!
 	updateMemberData($id_member, array('passwd_flood' => $was_correct && $number_tries == 1 ? '' : $time_stamp . '|' . $number_tries));