Последнии сообщения форума
Extended monitor.php with exec() fallbacks for /proc/meminfo, /proc/cpuinfo, /proc/net/dev when open_basedir blocks direct file reads; lscpu/nproc/free used as secondary sources. Improved getMetricStorePath() to resolve writable directory dynamically. Added unloaded PHP extensions detection.
Core changes: - monitor.php: exec-fallbacks for Linux /proc reads, dynamic metrics path, lscpu/nproc support, unloaded extensions list - core/system.php: no-image.png fallback for missing upload files; onerror handler on BB/Markdown img tags; better alt text from filename - security.php + config/security.php: new dump_skip config field with textarea UI and sanitized save logic - modules/forum/index.php: rename $massiv→$rows, $params→$pars; cleaner named placeholders - modules/account/admin/index.php: fix SQL WHERE clauses with table alias u. - admin/info/admins/ru.html → ru.md migration; add admin/info/monitor/ help pages - templates: add no-image.png to all three themes; add find/view admin icons
Benefits: - Monitor works on hosts with restricted open_basedir - Broken images show placeholder instead of broken icon - dump_skip allows excluding paths from file change scanner - Forum and account SQL queries more robust against ambiguous column names
Comprehensive fix and cleanup across the codebase following DB schema
update that renamed the lastip column to ip in _users table,
plus runtime bug fixes found during load testing.
Core changes:
Column rename lastip → ip (core/system.php, modules/account/index.php, modules/account/admin/index.php, admin/index.php, modules/users/index.php, modules/money/index.php, modules/search/index.php, modules/links/index.php): - All SQL queries updated: SELECT ip, UPDATE SET ip, WHERE ip LIKE - Template references updated: $userinfo['ip'], edithome display
Bug fix: savehome() cookie rebuild (modules/account/index.php): - Replace getUserInfo() (could return null → TypeError on array access)
with direct variables from earlier SELECT already in scope- Eliminates "Trying to access array offset on null" at setCookies call
Bug fix: PM TypeError (core/user.php addPmMsg, setPmSaved, deletePmMsg): - $stop[] array passed as string $stop to getPmView() → TypeError - Fix: implode('<br>', (array)$stop) before call - Initialize $stop/$info as '' in setPmSaved to avoid undefined vars - Replace literal 0 with '' for typed string params
Bug fix: SQL HY093 in help module (modules/help/index.php): - Duplicate named param :postid used twice in INSERT (uid and aid cols) - PDO with ATTR_EMULATE_PREPARES=false rejects duplicate named params - Fix: rename to :uid/:aid with separate keys in params array
Monitor: direct APCu calls (admin/modules/monitor.php): - Replace call_user_func('apcu_fetch/store', ...) with direct calls - Cleaner, faster, phpstan-friendly
Newsletter: column rename mail → email (admin/modules/newsletter.php): - SELECT email FROM _money (was: mail)
system.php show_files() guards: - Initialize $files, $contents, $a before conditional block - Division by zero protection: ($a > 0) ? ceil($a/$connum) : 0 - isset() → !empty() for $contents[$i] check
SQL schema cleanup (setup/sql/): - table.sql: lastip → ip column definition - table_update6_3.sql: migration updated - Remove batch_migrate.sql and table_update6_3_finalize_local.sql
Benefits: - Eliminates all load-test-discovered TypeErrors and SQL errors - Schema consistency: ip column name uniform across code and DB - No more null-guard needed on getUserInfo() return path
Deletes the eight files from the top-level language/ directory that were overlooked when the language/ → lang/ cleanup commit was assembled. Completes the full removal of the old language/ layout from the repository.
Core changes:
Root language/ (language/.htaccess, language/index.html, language/{de,en,fr,pl,ru,uk}.php):
- All eight files deleted
Benefits: - Repository no longer contains any language/ directory at any level - Consistent with the lang/ rename completed in the previous cleanup commit
New language constants in all six admin language files support the features introduced in the search admin redesign, the admins-panel CRUD rewrite and the database module hardening committed in this session.
Core changes:
- All admin lang files (admin/lang/{de,en,fr,pl,ru,uk}.php):
_DB_MODE, _DB_BLOCKS, _DB_ERRORS, _DB_STOP, _DB_SQL, _DB_PARSE, _DB_PARSEMODE, _DB_RUNMODE — database module UI labels
_SEARCHCLEAR, _SEARCHCLEARINFO, _SEARCHEMPTY, _SEARCHBYMOD, _SEARCHBYDAY, _SEARCHLAST, _SEARCHTOP, _SEARCHTOPMOD, _SEARCHTOTAL, _SEARCHUNIQUE — search statistics management
- _TOKENMISS — CSRF mismatch error message
_ADMINPASSKEEP, _ADMINSELFDEL, _ADMINSELFSUPER, _ADMINLASTSUPER — admin self-protection guard messages
_SEARCHAUTO, _SEARCHAUTOINFO, _SEARCHAUTODONE, _SEARCHENABLED, _SEARCHREADY, _SEARCHINVALID, _SEARCHTYPE, _SEARCHFIELDS, _SEARCHEDIT, _SEARCHREASON, _SEARCHSPECIAL, _SEARCHSIMPLE, _SEARCHNOTABLE, _SEARCHMISSCOLS, _SEARCHNOFIELDS, _SEARCHADDSEL, _SEARCHADDALL — search audit tab labels
- Frontend lang (lang/ru.php):
- _SEARCHLETMIN — minimum search length notice for users
- Changelog admin lang (modules/changelog/admin/lang/fr.php):
_CHLOG_ERR_GH_API: replaced double-quoted string with single-quoted to use consistent quote style
Benefits: - All new admin UI strings are fully translated in all supported languages - Consistent quote style in changelog FR lang file
Technical notes: - Constants follow existing _SEARCH / _ADMIN / DB* naming conventions
A set of targeted fixes eliminating PHP 8.x warnings and potential null-dereference errors caused by missing isset/is_user/type-cast guards.
Core changes:
- core/user.php — getFavorBtn():
- Parameter type changed to ?int, explicit (int) cast applied
- Guard $fid > 0 prevents DB query with id = 0
- $content initialized to '' before conditional blocks — no "undefined" return
- modules/forum/index.php — quickreply():
- Parameters typed ?int|?string; explicit (int) cast applied
- Guard $id > 0 && $catid > 0 prevents rendering form for invalid thread
- modules/help/index.php — help():
$uid now resolved via is_user() ? intval($user[0]) : 0 instead of blind intval($user[0]) when user may not be logged in
- modules/main/index.php — main():
Table aliases added to WHERE/ORDER: s.time, s.status instead of bare names to resolve ambiguity in JOIN queries against news and files tables
- modules/shop/admin/index.php — partnersdetails():
- $a and $partsumges initialized to 0 before use
- Indentation corrected (stray extra indent on $paid assignment)
Benefits: - Eliminates PHP 8 undefined variable and null-coercion warnings in production - Prevents database queries with id = 0 that return unexpected rows
Technical notes: - No behaviour change for valid input; only edge-case guards added
Replaces bare file() calls with is_file()/is_readable() guards throughout the statistics and visit-counter code paths, eliminating PHP warnings on missing or unreadable log files and ensuring correct empty-array fallbacks.
Core changes:
- Core admin statistics (core/admin.php — getStatistic()):
- All file(COUNTER_DIR/...) calls now guarded with is_file() && is_readable()
- Returns [] instead of false on missing log, preventing array_merge errors
- categories.description → intro in ajax_cat() query (column rename follow-up)
- voting query updated: language → lang column (column rename follow-up)
- ajax_cat() edit link corrected to name=categories&op=edit&cid=
- System counter (core/system.php — visit counter closure):
- Extracted $safeReadLines closure with set_error_handler() + try/finally
- Replaces direct file() on statistic.log and ips.log
- Follows the no-@ rule: uses set_error_handler() instead of @ suppression
- Admin statistic module (admin/modules/statistic.php):
- is_file() && is_readable() guards before every file() call on log files
- $daysLog / $statLog variables extracted to avoid repeated string literals
Benefits: - No PHP warnings/notices when counter log files are absent or locked - Complies with project rule: set_error_handler() instead of @ suppression - Consistent behaviour: missing file → empty array, not false
Technical notes: - No changes to log file format or counter logic - set_error_handler() scope is limited by the closure + restore_error_handler()
Both admin/modules/admins.php and admin/modules/database.php receive proper CSRF protection and hardened input handling; the admins module is fully rewritten to enforce self-delete and last-superuser guards.
Core changes:
- Admins module (admin/modules/admins.php):
- getAdmintoken() / checkAdmintoken() — session-bound CSRF token
- getAdminself() — resolves the currently logged-in admin ID
- getAdminmods() / filterAdminmods() — validated module permission list
- getAdminrow() / checkAdminlast() — DB helpers with prepared statements
- adlist(): replaces admins() — POST-form delete with hidden token field
- adform(): replaces add() — splits GET (load) / POST (defaults) clearly
adsave(): full validation including self-delete and last-superuser guards returning human-readable stop messages via _ADMINSELFDEL etc.
- addelete(): CSRF-checked, blocks self and last superuser
- Database module (admin/modules/database.php):
- getDbtoken() / checkDbtoken() — sitekey-based CSRF token
- addDblog() — timestamped append to storage/logs/database_migration.log
getSqlbatch() — robust SQL batch splitter: handles DELIMITER, line/block comments, string literals (single, double, backtick), and escape sequences
- Existing install/sync/delete actions now validate token before execution
Benefits: - Eliminates CSRF attack surface on all destructive admin operations - Self-protection guards prevent accidental lockout of the last superuser - SQL batch parser handles edge cases that explode(';') would miss
Technical notes: - Token uses hash_equals() for timing-safe comparison - getAdmintoken() is session-scoped (invalidated on logout) - getDbtoken() is sitekey-scoped (stable across requests, simpler UX)
Replaces the minimal search admin with a full-featured interface: module compatibility audit, statistics management, and CSRF-protected config saves. The frontend search engine is also refactored for clarity and correct handling of the new per-module config fields.
Core changes:
- Search admin (modules/search/admin/index.php):
- CSRF token pair getSearchtoken() / checkSearchtoken() for all writes
getSearchaudit(): scans active modules, classifies each as special, auto-compatible (has id+title+searchable field) or invalid with reason
- getSearchready() / getSearchenabled() / getSearchinvalid() filters
- Auto-add action: enables all compatible modules in one click
- Statistics tab: top queries, unique count, clear-by-module and by-age
- getSearchcols(): queries information_schema for live column lists
- Search frontend (modules/search/index.php):
- Extracted getSearchMods(), getSearchState(), getSearchModList()
- getSearchStat(): saves query to search_stat table with dedup
- Unified search dispatcher reads anum/anump from config
- Search config (config/search.php):
- New keys: anum (results per page), anump (pagination links)
- Updated default mods list to match renamed/removed modules
- Docs (modules/search/admin/info/ru.md):
- Describes new audit tab, auto-add, statistics management
Benefits: - Admins can see at a glance which modules are searchable and why not - CSRF protection prevents unauthorized config changes - Statistics cleanup prevents unbounded growth of search_stat table
Technical notes: - getSearchspec() encodes hand-crafted mappings for modules with non-standard table/field layout (auto_links, forum, media, shop) - Compatible with existing search_stat table schema
Continues the column-unification effort (Batch W) by renaming legacy column references in the modules and installation schema that were missed in the previous batches.
Core changes:
- SQL schema (setup/sql/table.sql):
- content._text → body, message.content → body, newsletter.content → body
- privat.content → body, voting.questions → body
- Comments admin (admin/modules/comments.php):
- SELECT comment → body, UPDATE SET comment → body
- Account module (modules/account/index.php):
- SELECT comment → body in user activity listing
- Clients admin (modules/clients/admin/index.php):
- infotext → body, prod_id → pid in SELECT / INSERT / UPDATE
- Forum admin (modules/forum/admin/index.php):
- categories.description → intro in category listing query
Benefits: - SQL schema is now consistent with the renamed columns in production tables - All module queries reference the unified column names - Eliminates divergence between install schema and live database structure
Technical notes: - Pure column-name substitution — no logic or behaviour changes - Matches renames applied to core and other modules in Batches M–W
Completes the directory rename started in the previous commit by deleting all obsolete language/ subdirectories across core, admin, modules, setup and templates, and updating every consumer that still referenced the old path.
Core changes:
Directory cleanup (admin/language/, language/, modules/*/language/, modules//admin/language/, setup/language/, templates//images/language/):
- Remove 1064 obsolete files (.htaccess, index.html, .php, .png)
Path references (robots.txt, templates/admin/index.php, templates/lite/index.php):
- Disallow /lang/ instead of /language/ in robots.txt
- scandir() and img_find() calls updated to lang/ and lang/*_mini.png
Test suite (tests/LanguageConstantsUsageTest.php, tests/LanguageValidationTest.php, tests/ModuleStructureTest.php):
- Regex patterns and directory scan paths updated to lang/
Benefits: - Eliminates dead files left behind by the rename commit - Robots.txt and templates correctly reflect new directory layout - Test suite validates lang/ structure instead of the removed language/ dirs
Technical notes: - Pure cleanup — no logic changes, no backward-compat shims needed - All lang/ files were created in the preceding rename commit
