boardom

[JudithRosen]

Hi Folks,

I'm a newbie but I learn fast. I hope someone can help me with this; the iPowerWeb techies are no help at all. My website is at www.rosen-enterprises.com. It's hosted at iPowerWeb, and uses b2 blog software. I've been having a problem with automated blogspam over the last few months that's been getting worse and worse to the point that I was getting over a hundred new spam "comments" per day. I tried blocking domains, but that doesn't work. I tried editing the templates to remove the comment feature altogether, but that didn't work. I tried using the online chat help feature at iPowerWeb but they're too busy trying to expand to be helpful!!! So I started digging and found that the templates are not the actual code, which was why deleting the comments feature from the templates didn't work... so I found the actual code and... you get the picture... Now I get an error code when I try to log in to my blog: "Parse error: parse error; unexpected '}' in /home/rosen-en/.panel/web/b2/b2-include/b2functions.php on line 498" I have gone to that file in my site database and can't figure out which line is line 498 or whether that's all that's going on. I deleted everything that had "comment" as a headline, avoiding all the "don't delete this line" stuff... but obviously I've pronged the code somehow. Can anyone help me sort this out? My email is [email protected] if you think you can help. I have tried to research the b2 software, hoping to find a copy of the functions code in order to restore my version of it, but so far I haven't found that. The code in the file the error mentions is awefully long, but I notice on these message boards that when the code isn't included, that's the first thing asked for. I can copy the code in here if it will help (and I apologise if it causes any problems!):

<?php

/* new and improved ! now with more querystring stuff ! */

if (!isset($querystring_start)) {
$querystring_start = '?';
$querystring_equal = '=';
$querystring_separator = '&';
}

if (!function_exists('_')) {
function _($string) {
return $string;
}
}


/* functions... */

function get_currentuserinfo() { // a bit like get_userdata(), on steroids
global $HTTP_COOKIE_VARS,$user_login,$userdata,$user_level,$user_ID,$user_nickname,$user_email,$user_url,$user_pass_md5;
// *** retrieving user's data from cookies and db - no spoofing
$user_login = $HTTP_COOKIE_VARS["cafeloguser"];
$userdata = get_userdatabylogin($user_login);
$user_level = $userdata["user_level"];
$user_ID=$userdata['ID'];
$user_nickname=$userdata["user_nickname"];
$user_email=$userdata["user_email"];
$user_url=$userdata["user_url"];
$user_pass_md5=md5($userdata["user_pass"]);
}



function dbconnect() {
global $connexion, $server, $loginsql, $passsql, $base;
$connexion = mysql_connect($server,$loginsql,$passsql) or die("Can't connect to the database server. MySQL said:<br />".mysql_error());
$connexionbase = mysql_select_db("$base") or die("Can't connect to the database $base. MySQL said:<br />".mysql_error());
return(($connexion && $connexionbase));
}


function mysql_oops($query) {
$error = '<p>Oops, MySQL error!</p><p>Your query:<br />'.$query;
$error .= '</p><p>MySQL said:<br />'.mysql_error().'</p>';
die($error);
}


/***** Formatting functions *****/

function autobrize($content) {
$content = preg_replace("/<br>\n/", "\n", $content);
$content = preg_replace("/<br \/>\n/", "\n", $content);
$content = preg_replace("/(\015\012)|(\015)|(\012)/", "<br />\n", $content);
return($content);
}
function unautobrize($content) {
$content = preg_replace("/<br>\n/", "\n", $content); //for PHP versions before 4.0.5
$content = preg_replace("/<br \/>\n/", "\n", $content);
return($content);
}


function format_to_edit($content) {
global $autobr;
$content = stripslashes($content);
if ($autobr) { $content = unautobrize($content); }
$content = htmlspecialchars($content);
return($content);
}
function format_to_post($content) {
global $post_autobr,$comment_autobr;
$content = addslashes($content);
if ($post_autobr || $comment_autobr) { $content = autobrize($content); }
return($content);
}


function zeroise($number,$threshold) { // function to add leading zeros when necessary
$l=strlen($number);
if ($l<$threshold)
for ($i=0; $i<($threshold-$l); $i=$i+1) { $number='0'.$number; }
return($number);
}


function backslashit($string) {
$string = preg_replace('/([a-z])/i', '\\\\\1', $string);
return $string;
}


function mysql2date($dateformatstring, $mysqlstring, $use_b2configmonthsdays = 1) {
global $month, $weekday;
$m = $mysqlstring;
if (empty($m)) {
return false;
}
$i = mktime(substr($m,11,2),substr($m,14,2),substr($m,17,2),substr($m,5,2),substr($m,8,2),substr($m,0,4));
if (!empty($month) && !empty($weekday) && $use_b2configmonthsdays) {
$datemonth = $month[date('m', $i)];
$dateweekday = $weekday[date('w', $i)];
$dateformatstring = ' '.$dateformatstring;
$dateformatstring = preg_replace("/([^\\\])D/", "\\1".backslashit(substr($dateweekday, 0, 3)), $dateformatstring);
$dateformatstring = preg_replace("/([^\\\])F/", "\\1".backslashit($datemonth), $dateformatstring);
$dateformatstring = preg_replace("/([^\\\])l/", "\\1".backslashit($dateweekday), $dateformatstring);
$dateformatstring = preg_replace("/([^\\\])M/", "\\1".backslashit(substr($datemonth, 0, 3)), $dateformatstring);
$dateformatstring = substr($dateformatstring, 1, strlen($dateformatstring)-1);
}
$j = @date($dateformatstring, $i);
if (!$j) {
# // for debug purposes
# echo $i." ".$mysqlstring;
}
return $j;
}

function addslashes_gpc($gpc) {
if (!get_magic_quotes_gpc()) {
$gpc = addslashes($gpc);
}
return($gpc);
}

function date_i18n($dateformatstring, $unixtimestamp) {
global $month, $weekday;
$i = $unixtimestamp;
if ((!empty($month)) && (!empty($weekday))) {
$datemonth = $month[date('m', $i)];
$dateweekday = $weekday[date('w', $i)];
$dateformatstring = ' '.$dateformatstring;
$dateformatstring = preg_replace("/([^\\\])D/", "\\1".backslashit(substr($dateweekday, 0, 3)), $dateformatstring);
$dateformatstring = preg_replace("/([^\\\])F/", "\\1".backslashit($datemonth), $dateformatstring);
$dateformatstring = preg_replace("/([^\\\])l/", "\\1".backslashit($dateweekday), $dateformatstring);
$dateformatstring = preg_replace("/([^\\\])M/", "\\1".backslashit(substr($datemonth, 0, 3)), $dateformatstring);
$dateformatstring = substr($dateformatstring, 1, strlen($dateformatstring)-1);
}
$j = @date($dateformatstring, $i);
return $j;
}



function get_weekstartend($mysqlstring, $start_of_week) {
$my = substr($mysqlstring,0,4);
$mm = substr($mysqlstring,8,2);
$md = substr($mysqlstring,5,2);
$day = mktime(0,0,0, $md, $mm, $my);
$weekday = date('w',$day);
$i = 86400;
while ($weekday > $start_of_week) {
$weekday = date('w',$day);
$day = $day - 86400;
$i = 0;
}
$week['start'] = $day + 86400 - $i;
$week['end'] = $day + 691199;
return ($week);
}

function convert_chars($content,$flag="html") { // html/unicode entities output, defaults to html
$newcontent = "";

global $convert_chars2unicode, $convert_entities2unicode, $leavecodealone, $use_htmltrans;
global $b2_htmltrans, $b2_htmltranswinuni;

### this is temporary - will be replaced by proper config stuff
$convert_chars2unicode = 1;
if (($leavecodealone) || (!$use_htmltrans)) {
$convert_chars2unicode = 0;
}
###


// converts HTML-entities to their display values in order to convert them again later

$content = preg_replace("/<title>(.+?)<\/title>/","",$content);
$content = preg_replace("/<category>(.+?)<\/category>/","",$content);

# $content = str_replace("&","&",$content);
$content = strtr($content, $b2_htmltrans);

for ($i=0; $i<strlen($content); $i=$i+1) {
$j = substr($content,$i,1);
$jnext = substr($content,$i+1,1);
$jord = ord($j);
if ($convert_chars2unicode) {
switch($flag) {
case "unicode":
// $j = str_replace("&","&",$j);
if (($jord>=128) || ($j == "&") || (($jord>=128) && ($jord<=159))) {
$j = "&#".$jord.";";
}
break;
case "html":
if (($jord>=128) || (($jord>=128) && ($jord<=159))) {
$j = "&#".$jord.";"; // $j = htmlentities($j);
} elseif (($j == "&") && ($jnext != "#")) {
$j = "&";
}
break;
case "xml":
if ($jord>=128) {
$j = "&#".$jord.";"; // $j = htmlentities($j);
// $j = htmlentities($j);
} elseif (($j == "&") && ($jnext != "#")) {
$j = "&";
}
break;
}
}

$newcontent .= $j;
}

// now converting: Windows CP1252 => Unicode (valid HTML)
// (if you've ever pasted text from MSWord, you'll understand)

$newcontent = strtr($newcontent, $b2_htmltranswinuni);

// you can delete these 2 lines if you don't like <br /> and <hr />
$newcontent = str_replace("<br>","<br />",$newcontent);
$newcontent = str_replace("<hr>","<hr />",$newcontent);

return($newcontent);
}

function convert_bbcode($content) {
global $b2_bbcode, $use_bbcode;
if ($use_bbcode) {
$content = preg_replace($b2_bbcode["in"], $b2_bbcode["out"], $content);
}
$content = convert_bbcode_email($content);
return ($content);
}

function convert_bbcode_email($content) {
global $use_bbcode;
$bbcode_email["in"] = array(
'#\[email](.+?)\[/email]#eis',
'#\[email=(.+?)](.+?)\[/email]#eis'
);
$bbcode_email["out"] = array(
"'<a href=\"mailto:'.antispambot('\\1').'\">'.antispambot('\\1').'</a>'", // E-mail
"'<a href=\"mailto:'.antispambot('\\1').'\">\\2</a>'"
);

$content = preg_replace($bbcode_email["in"], $bbcode_email["out"], $content);
return ($content);
}

function convert_gmcode($content) {
global $b2_gmcode, $use_gmcode;
if ($use_gmcode) {
$content = preg_replace($b2_gmcode["in"], $b2_gmcode["out"], $content);
}
return ($content);
}

function convert_smilies($content) {
global $smilies_directory, $use_smilies;
global $b2_smiliessearch, $b2_smiliesreplace;
if ($use_smilies) {
$content = str_replace($b2_smiliessearch, $b2_smiliesreplace, $content);
}
return ($content);
}

function antispambot($emailaddy, $mailto=0) {
$emailNOSPAMaddy = '';
srand ((float) microtime() * 1000000);
for ($i = 0; $i < strlen($emailaddy); $i = $i + 1) {
$j = floor(rand(0, 1+$mailto));
if ($j==0) {
$emailNOSPAMaddy .= '&#'.ord(substr($emailaddy,$i,1)).';';
} elseif ($j==1) {
$emailNOSPAMaddy .= substr($emailaddy,$i,1);
} elseif ($j==2) {
$emailNOSPAMaddy .= '%'.zeroise(dechex(ord(substr($emailaddy, $i, 1))), 2);
}
}
$emailNOSPAMaddy = str_replace('@','@',$emailNOSPAMaddy);
return $emailNOSPAMaddy;
}

function make_clickable($text) { // original function: phpBB, extended here for AIM & ICQ
$ret = " " . $text;
$ret = preg_replace("#([\n ])([a-z]+?)://([^, <>{}\n\r]+)#i", "\\1<a href=\"\\2://\\3\" target=\"_blank\">\\2://\\3</a>", $ret);
$ret = preg_replace("#([\n ])aim:([^,< \n\r]+)#i", "\\1<a href=\"aim:goim?screenname=\\2\\3&message=Hello\">\\2\\3</a>", $ret);
$ret = preg_replace("#([\n ])icq:([^,< \n\r]+)#i", "\\1<a href=\"http://wwp.icq.com/scripts/search.dll?to=\\2\\3\">\\2\\3</a>", $ret);
$ret = preg_replace("#([\n ])www\.([a-z0-9\-]+)\.([a-z0-9\-.\~]+)((?:/[^,< \n\r]*)?)#i", "\\1<a href=\"http://www.\\2.\\3\\4\" target=\"_blank\">www.\\2.\\3\\4</a>", $ret);
$ret = preg_replace("#([\n ])([a-z0-9\-_.]+?)@([^,< \n\r]+)#i", "\\1<a href=\"mailto:\\2@\\3\">\\2@\\3</a>", $ret);
$ret = substr($ret, 1);
return($ret);
}


function is_email($user_email) {
$chars = "/^([a-z0-9_]|\\-|\\.)+@(([a-z0-9_]|\\-)+\\.)+[a-z]{2,4}\$/i";
if(strstr($user_email, '@') && strstr($user_email, '.')) {
if (preg_match($chars, $user_email)) {
return true;
} else {
return false;
}
} else {
return false;
}
}


function phpcurlme($string, $language = 'en') {
// by Matt - http://www.photomatt.net/scripts/phpcurlme

// This should take care of the single quotes
$string = preg_replace("/'([dmst])([ .,?!\)\/<])/i","’$1$2",$string);
$string = preg_replace("/'([lrv])([el])([ .,?!\)\/<])/i","’$1$2$3",$string);
$string = preg_replace("/([^=])(\s+)'([^ >])?(.*?)([^=])'(\s*)([^>&])/S","$1$2‘$3$4$5’$6$7",$string);

// time for the doubles
$string = preg_replace('/([^=])(\s+)"([^ >])?(.*?)([^=])"(\s*)([^>&])/S',"$1$2“$3$4$5”$6$7",$string);
// multi-paragraph
$string = preg_replace('/<p>"(.*)<\/p>/U',"<p>“$1</p>",$string);

// not a quote, but whatever
$string = str_replace('---','—',$string);
$string = str_replace('--','-',$string);
return $string;
}


function strip_all_but_one_link($text, $mylink) {
$match_link = '#(<a.+?href.+?'.'>)(.+?)(</a>)#';
preg_match_all($match_link, $text, $matches);
$count = count($matches[0]);
for ($i=0; $i<$count; $i++) {
if (!strstr($matches[0][$i], $mylink)) {
$text = str_replace($matches[0][$i], $matches[2][$i], $text);
}
}
return $text;
}


/***** // Formatting functions *****/



function get_lastpostdate() {
global $tableposts, $cache_lastpostdate, $use_cache, $time_difference, $pagenow;
if ((!isset($cache_lastpostdate)) OR (!$use_cache)) {
$now = date("Y-m-d H:i:s",(time() + ($time_difference * 3600)));
if ($pagenow != 'b2edit.php') {
$showcatzero = 'post_category > 0 AND';
} else {
$showcatzero = '';
}
$sql = "SELECT * FROM $tableposts WHERE $showcatzero post_date <= '$now' ORDER BY post_date DESC LIMIT 1";
$result = mysql_query($sql) or die("Your SQL query: <br />$sql<br /><br />MySQL said:<br />".mysql_error());
$querycount++;
$myrow = mysql_fetch_object($result);
$lastpostdate = $myrow->post_date;
$cache_lastpostdate = $lastpostdate;
// echo $lastpostdate;
} else {
$lastpostdate = $cache_lastpostdate;
}
return($lastpostdate);
}

function user_pass_ok($user_login,$user_pass) {
global $cache_userdata,$use_cache;
if ((empty($cache_userdata[$user_login])) OR (!$use_cache)) {
$userdata = get_userdatabylogin($user_login);
} else {
$userdata = $cache_userdata[$user_login];
}
return ($user_pass == $userdata['user_pass']);
}

function get_userdata($userid) {
global $tableusers,$querycount,$cache_userdata,$use_cache;
if ((empty($cache_userdata[$userid])) OR (!$use_cache)) {
$sql = "SELECT * FROM $tableusers WHERE ID = '$userid'";
$result = mysql_query($sql) or die("Your SQL query: <br />$sql<br /><br />MySQL said:<br />".mysql_error());
$myrow = mysql_fetch_array($result);
$querycount++;
$cache_userdata[$userid] = $myrow;
} else {
$myrow = $cache_userdata[$userid];
}
return($myrow);
}

function get_userdata2($userid) { // for team-listing
global $tableusers,$row;
$user_data['ID'] = $userid;
$user_data['user_login'] = $row->user_login;
$user_data['user_firstname'] = $row->user_firstname;
$user_data['user_lastname'] = $row->user_lastname;
$user_data['user_nickname'] = $row->user_nickname;
$user_data['user_level'] = $row->user_level;
$user_data['user_email'] = $row->user_email;
$user_data['user_url'] = $row->user_url;
return($user_data);
}

function get_userdatabylogin($user_login) {
global $tableusers,$querycount,$cache_userdata,$use_cache;
if ((empty($cache_userdata["$user_login"])) OR (!$use_cache)) {
$sql = "SELECT * FROM $tableusers WHERE user_login = '$user_login'";
$result = mysql_query($sql) or die("Your SQL query: <br />$sql<br /><br />MySQL said:<br />".mysql_error());
if (!$result) die($sql."<br /><br />".mysql_error());
$myrow = mysql_fetch_array($result);
$querycount++;
$cache_userdata["$user_login"] = $myrow;
} else {
$myrow = $cache_userdata["$user_login"];
}
return($myrow);
}

function get_userid($user_login) {
global $tableusers,$querycount,$cache_userdata,$use_cache;
if ((empty($cache_userdata["$user_login"])) OR (!$use_cache)) {
$sql = "SELECT ID FROM $tableusers WHERE user_login = '$user_login'";
$result = mysql_query($sql) or die("No user with the login <i>$user_login</i>");
$myrow = mysql_fetch_array($result);
$querycount++;
$cache_userdata["$user_login"] = $myrow;
} else {
$myrow = $cache_userdata["$user_login"];
}
return($myrow[0]);
}

function get_usernumposts($userid) {
global $tableusers,$tablesettings,$tablecategories,$tableposts,$tablecomments,$querycount;
$sql = "SELECT * FROM $tableposts WHERE post_author = $userid";
$result = mysql_query($sql) or die("Your SQL query: <br />$sql<br /><br />MySQL said:<br />".mysql_error());
$querycount++;
return mysql_num_rows($result);
}

function get_settings($setting) {
global $tablesettings,$querycount,$cache_settings,$use_cache;
if ((empty($cache_settings)) OR (!$use_cache)) {
$sql = "SELECT * FROM $tablesettings";
$result = mysql_query($sql) or die("Your SQL query: <br />$sql<br /><br />MySQL said:<br />".mysql_error());
$querycount++;
$myrow = mysql_fetch_object($result);
$cache_settings = $myrow;
} else {
$myrow = $cache_settings;
}
return($myrow->$setting);
}

function get_postdata($postid) {
global $tableusers,$tablesettings,$tablecategories,$tableposts,$tablecomments,$querycount;
$sql = "SELECT * FROM $tableposts WHERE ID = $postid";
$result = mysql_query($sql) or die("Your SQL query: <br />$sql<br /><br />MySQL said:<br />".mysql_error());
$querycount++;
if (mysql_num_rows($result)) {
$myrow = mysql_fetch_object($result);
$postdata = array (
'ID' => $myrow->ID,
'Author_ID' => $myrow->post_author,
'Date' => $myrow->post_date,
'Content' => $myrow->post_content,
'Title' => $myrow->post_title,
'Category' => $myrow->post_category,
);
return($postdata);
} else {
return false;
}
}

function get_postdata2($postid=0) { // less flexible, but saves mysql queries
global $row;
$postdata = array (
'ID' => $row->ID,
'Author_ID' => $row->post_author,
'Date' => $row->post_date,
'Content' => $row->post_content,
'Title' => $row->post_title,
'Category' => $row->post_category,
# 'Notify' => $row->post_notifycomments,
# 'Clickable' => $row->post_make_clickable,
'Karma' => $row->post_karma // this isn't used yet
);
return($postdata);
}


}
return($myrow);
}

function get_catname($cat_ID) {
global $tablecategories,$cache_catnames,$use_cache,$querycount;
if ((!$cache_catnames) || (!$use_cache)) {
$sql = "SELECT * FROM $tablecategories";
$result = mysql_query($sql) or die('Oops, couldn\'t query the db for categories.');
$querycount;
while ($row = mysql_fetch_object($result)) {
$cache_catnames[$row->cat_ID] = $row->cat_name;
}
}
$cat_name = $cache_catnames[$cat_ID];
return($cat_name);
}

function profile($user_login) {
global $user_data;
echo "<a href=\"#\" OnClick=\"javascript:window.open('b2profile.php?user=".$user_data["user_login"]."','Profile','toolbar=0,status=1,location=0,directories=0,menuBar=1,scrollbars=1,resizable=0,width=480,height=320,left=100,top=100');\">$user_login</a>";
}

function dropdown_categories($blog_ID=1) {
global $postdata,$tablecategories,$mode,$querycount;
$query="SELECT * FROM $tablecategories";
$result=mysql_query($query);
$querycount++;
$width = ($mode=="sidebar") ? "100%" : "170px";
echo '<select name="post_category" style="width:'.$width.';" tabindex="2" id="category">';
while($row = mysql_fetch_object($result)) {
echo "<option value=\"".$row->cat_ID."\"";
if ($row->cat_ID == $postdata["Category"])
echo " selected";
echo ">".$row->cat_name."</option>";
}
echo "</select>";
}

function touch_time($edit=1) {
global $month, $postdata, $time_difference;
echo $postdata['Date'];
echo '<br /><br /><input type="checkbox" class="checkbox" name="edit_date" value="1" id="timestamp" /><label for="timestamp"> Edit timestamp</label><br />';

$time_adj = time() + ($time_difference * 3600);
$jj = ($edit) ? mysql2date('d', $postdata['Date']) : date('d', $time_adj);
$mm = ($edit) ? mysql2date('m', $postdata['Date']) : date('m', $time_adj);
$aa = ($edit) ? mysql2date('Y', $postdata['Date']) : date('Y', $time_adj);
$hh = ($edit) ? mysql2date('H', $postdata['Date']) : date('H', $time_adj);
$mn = ($edit) ? mysql2date('i', $postdata['Date']) : date('i', $time_adj);
$ss = ($edit) ? mysql2date('s', $postdata['Date']) : date('s', $time_adj);


} ?>
</select>
<input type="text" name="aa" value="<?php echo $aa ?>" size="4" maxlength="5" /> @
<input type="text" name="hh" value="<?php echo $hh ?>" size="2" maxlength="2" /> :
<input type="text" name="mn" value="<?php echo $mn ?>" size="2" maxlength="2" /> :
<input type="text" name="ss" value="<?php echo $ss ?>" size="2" maxlength="2" />
<?php
}

function gzip_compression() {
global $gzip_compressed;
if (!$gzip_compressed) {
$phpver = phpversion(); //start gzip compression
if($phpver >= "4.0.4pl1") {
if(extension_loaded("zlib")) { ob_start("ob_gzhandler"); }
} else if($phpver > "4.0") {
if(strstr($HTTP_SERVER_VARS['HTTP_ACCEPT_ENCODING'], 'gzip')) {
if(extension_loaded("zlib")) { $do_gzip_compress = TRUE; ob_start(); ob_implicit_flush(0); header("Content-Encoding: gzip"); }
}
} //end gzip compression - that piece of script courtesy of the phpBB dev team
$gzip_compressed=1;
}
}

function alert_error($msg) { // displays a warning box with an error message (original by KYank)
global $$HTTP_SERVER_VARS;
?>
<html>
<head>
<script language="JavaScript">
<!--
alert("<?php echo $msg ?>");
history.back();
//-->
</script>
</head>
<body>
<!-- this is for non-JS browsers (actually we should never reach that code, but hey, just in case...) -->
<?php echo $msg; ?><br />
<a href="<?php echo $HTTP_SERVER_VARS["HTTP_REFERER"]; ?>">go back</a>
</body>
</html>
<?php
exit;
}

function alert_confirm($msg) { // asks a question - if the user clicks Cancel then it brings them back one page
?>
<script language="JavaScript">
<!--
if (!confirm("<?php echo $msg ?>")) {
history.back();
}
//-->
</script>
<?php
}

function redirect_js($url,$title="...") {
?>
<script language="JavaScript">
<!--
function redirect() {
window.location = "<?php echo $url; ?>";
}
setTimeout("redirect();", 100);
//-->
</script>
<p>Redirecting you : <b><?php echo $title; ?></b><br />
<br />
If nothing happens, click <a href="<?php echo $url; ?>">here</a>.</p>
<?php
exit();
}

// functions to count the page generation time (from phpBB2)
// ( or just any time between timer_start() and timer_stop() )

function timer_start() {
global $timestart;
$mtime = microtime();
$mtime = explode(" ",$mtime);
$mtime = $mtime[1] + $mtime[0];
$timestart = $mtime;
return true;
}

function timer_stop($display=0,$precision=3) { //if called like timer_stop(1), will echo $timetotal
global $timestart,$timeend;
$mtime = microtime();
$mtime = explode(" ",$mtime);
$mtime = $mtime[1] + $mtime[0];
$timeend = $mtime;
$timetotal = $timeend-$timestart;
if ($display)
echo number_format($timetotal,$precision);
return($timetotal);
}

}

// updates the RSS feed !
function rss_update($blog_ID, $num_posts="", $file="./b2rss.xml") {

global $use_rss, $b2_version, $querystring_start, $querystring_equal, $querystring_separator;
global $admin_email,$blogname,$siteurl,$blogfilename,$blogdescription,$posts_per_rss,$rss_language;
global $tableposts,$postdata,$row;

if ($rss_language == '') {
$rss_language = 'en';
}

if ($use_rss) {

$num_posts = ($num_posts=="") ? $posts_per_rss : 5;

$date_now = gmdate("D, d M Y H:i:s")." GMT";

# let's build the rss file
$rss = '';

$rss .= '<?xml version="1.0"?'.">\n";
$rss .= "<!-- generator=\"b2/$b2_version\" -->\n";
$rss .= "<rss version=\"0.92\">\n";
$rss .= "\t<channel>\n";
$rss .= "\t\t<title>".convert_chars(strip_tags(get_bloginfo("name")),"unicode")."</title>\n";
$rss .= "\t\t<link>".convert_chars(strip_tags(get_bloginfo("url")),"unicode")."</link>\n";
$rss .= "\t\t<description>".convert_chars(strip_tags(get_bloginfo("description")),"unicode")."</description>\n";
$rss .= "\t\t<lastBuildDate>$date_now</lastBuildDate>\n";
$rss .= "\t\t<docs>http://backend.userland.com/rss092</docs>\n";
$rss .= "\t\t<managingEditor>$admin_email</managingEditor>\n";
$rss .= "\t\t<webMaster>$admin_email</webMaster>\n";
$rss .= "\t\t<language>$rss_language</language>\n";

$now = date('Y-m-d H:i:s',(time() + ($time_difference * 3600)));
$sql = "SELECT * FROM $tableposts WHERE post_date <= '$now' AND post_category > 0 ORDER BY post_date DESC LIMIT $num_posts";
$result = mysql_query($sql) or die("Your SQL query: <br />$sql<br /><br />MySQL said:<br />".mysql_error());

while($row = mysql_fetch_object($result)) {

$id = $row->ID;
$postdata=get_postdata2($id);

$rss .= "\t\t<item>\n";
$rss .= "\t\t\t<title>".convert_chars(strip_tags(get_the_title()),"unicode")."</title>\n";

// we could add some specific RSS here, but not yet. uncomment if you wish, it's functionnal
// $rss .= "\t\t\t<category>".convert_chars(strip_tags(get_the_category()),"unicode")."</category>\n";

$content = stripslashes($row->post_content);
$content = explode("<!--more-->",$content);
$content = $content[0];
$rss .= "\t\t\t<description>".convert_chars(make_url_footnote($content),"unicode")."</description>\n";

$rss .= "\t\t\t<link>".htmlentities("$siteurl/$blogfilename".$querystring_start.'p'.$querystring_equal.$row->ID.$querystring_separator.'c'.$querystring_equal.'1')."</link>\n";
$rss .= "\t\t</item>\n";

}

$rss .= "\t</channel>\n";
$rss .= "</rss>";

$f=@fopen("$file","w+");
if ($f) {
@fwrite($f,$rss);
@fclose($f);

return(true);
} else {
return(false);
}
} else {
return(false);
}
}

function make_url_footnote($content) {
global $siteurl;
preg_match_all('/<a(.+?)href=\"(.+?)\"(.*?)>(.+?)<\/a>/', $content, $matches);
$j = 0;
for ($i=0; $i<count($matches[0]); $i++) {
$links_summary = (!$j) ? "\n" : $links_summary;
$j++;
$link_match = $matches[0][$i];
$link_number = '['.($i+1).']';
$link_url = $matches[2][$i];
$link_text = $matches[4][$i];
$content = str_replace($link_match, $link_text.' '.$link_number, $content);
$link_url = (strtolower(substr($link_url,0,7)) != 'http://') ? $siteurl.$link_url : $link_url;
$links_summary .= "\n".$link_number.' '.$link_url;
}
$content = strip_tags($content);
$content .= $links_summary;
return($content);
}


function xmlrpc_getposttitle($content) {
global $post_default_title;
if (preg_match('/<title>(.+?)<\/title>/is', $content, $matchtitle)) {
$post_title = $matchtitle[0];
$post_title = preg_replace('/<title>/si', '', $post_title);
$post_title = preg_replace('/<\/title>/si', '', $post_title);
} else {
$post_title = $post_default_title;
}
return($post_title);
}

function xmlrpc_getpostcategory($content) {
global $post_default_category;
if (preg_match('/<category>(.+?)<\/category>/is', $content, $matchcat)) {
$post_category = $matchcat[0];
$post_category = preg_replace('/<category>/si', '', $post_category);
$post_category = preg_replace('/<\/category>/si', '', $post_category);

} else {
$post_category = $post_default_category;
}
return($post_category);
}

function xmlrpc_removepostdata($content) {
$content = preg_replace('/<title>(.+?)<\/title>/si', '', $content);
$content = preg_replace('/<category>(.+?)<\/category>/si', '', $content);
$content = trim($content);
return($content);
}

function debug_fopen($filename, $mode) {
global $debug;
if ($debug == 1) {
$fp = fopen($filename, $mode);
return $fp;
} else {
return false;
}
}

function debug_fwrite($fp, $string) {
global $debug;
if ($debug == 1) {
fwrite($fp, $string);
}
}

function debug_fclose($fp) {
global $debug;
if ($debug == 1) {
fclose($fp);
}
}





// Step 1
// Parsing the post, external links (if any) are stored in the $post_links array
// This regexp comes straigth from phpfreaks.com
// http://www.phpfreaks.com/quickcode/Extract_All_URLs_on_a_Page/15.php
preg_match_all("{\b http : [$any] +? (?= [$punc] * [^$any] | $)}x", $content, $post_links_temp);

// Debug
debug_fwrite($log, 'Post contents:');
debug_fwrite($log, $content."\n");

// Step 2.
// Walking thru the links array
// first we get rid of links pointing to sites, not to specific files
// Example:
// http://dummy-weblog.org
// http://dummy-weblog.org/
// http://dummy-weblog.org/post.php
// We don't wanna ping first and second types, even if they have a valid <link/>

foreach($post_links_temp[0] as $link_test){
$test = parse_url($link_test);
if (isset($test['query'])) {
$post_links[] = $link_test;
} elseif(($test['path'] != '/') && ($test['path'] != '')) {
$post_links[] = $link_test;
}
}

foreach ($post_links as $pagelinkedto){
debug_fwrite($log, 'Processing -- '.$pagelinkedto."\n\n");

$bits = parse_url($pagelinkedto);
if (!isset($bits['host'])) {
debug_fwrite($log, 'Couldn\'t find a hostname for '.$pagelinkedto."\n\n");
continue;
}
$host = $bits['host'];
$path = isset($bits['path']) ? $bits['path'] : '';
if (isset($bits['query'])) {
$path .= '?'.$bits['query'];
}
if (!$path) {
$path = '/';
}
$port = isset($bits['port']) ? $bits['port'] : 80;

// Try to connect to the server at $host
$fp = fsockopen($host, $port, $errno, $errstr, 30);
if (!$fp) {
debug_fwrite($log, 'Couldn\'t open a connection to '.$host."\n\n");
continue;
}

// Send the GET request
$request = "GET $path HTTP/1.1\r\nHost: $host\r\nUser-Agent: b2/$b2_version PHP/" . phpversion() . "\r\n\r\n";
ob_end_flush();
fputs($fp, $request);



debug_fwrite($log, "\nEND: ".time()."\n****************************\n\r");
debug_fclose($log);
}


/*
balanceTags

Balances Tags of string using a modified stack.

@param text Text to be balanced
@return Returns balanced text
@author Leonard Lin ([email protected])
@version v1.1
@date November 4, 2001
@license GPL v2.0
@notes
@changelog
1.2 ***TODO*** Make better - change loop condition to $text
1.1 Fixed handling of append/stack pop order of end text
Added Cleaning Hooks
1.0 First Version
*/

function balanceTags($text, $is_comment = 0) {
global $use_balanceTags;
if ($use_balanceTags == 0) {
return($text);
}
if ($is_comment) {
// sanitise HTML attributes, remove frame/applet tags
$text = preg_replace('#( on[a-z]{1,}|style|class|id)="(.*?)"#i', '', $text);
$text = preg_replace('#( on[a-z]{1,}|style|class|id)=\'(.*?)\'#i', '', $text);
$text = preg_replace('#([a-z]{1,})="(( |\t)*?)(javascript|vbscript|about).*?)"#i', '$1=""', $text);
$text = preg_replace('#([a-z]{1,})=\'(( |\t)*?)(javascript|vbscript|about).*?)\'#i', '$1=""', $text);
$text = preg_replace('#\<(\/{0,1})([a-z]{0,2})(frame|applet)(.*?)\>#i', '', $text);
}

$tagstack = array();
$stacksize = 0;
$tagqueue = '';
$newtext = '';

# b2 bug fix for comments - in case you REALLY meant to type '< !--'
$text = str_replace('< !--', '< !--', $text);

# b2 bug fix for LOVE <3 (and other situations with '<' before a number)
$text = preg_replace('#<([0-9]{1})#', '<$1', $text);


while (preg_match("/<(\/?\w*)\s*([^>]*)>/",$text,$regex)) {
$newtext = $newtext . $tagqueue;

$i = strpos($text,$regex[0]);
$l = strlen($tagqueue) + strlen($regex[0]);

// clear the shifter
$tagqueue = '';

// Pop or Push
if ($regex[1][0] == "/") { // End Tag
$tag = strtolower(substr($regex[1],1));

// if too many closing tags
if($stacksize <= 0) {
$tag = '';
//or close to be safe $tag = '/' . $tag;
}
// if stacktop value = tag close value then pop
else if ($tagstack[$stacksize - 1] == $tag) { // found closing tag
$tag = '</' . $tag . '>'; // Close Tag
// Pop
array_pop ($tagstack);
$stacksize--;
} else { // closing tag not at top, search for it
for ($j=$stacksize-1;$j>=0;$j--) {
if ($tagstack[$j] == $tag) {
// add tag to tagqueue
for ($k=$stacksize-1;$k>=$j;$k--){
$tagqueue .= '</' . array_pop ($tagstack) . '>';
$stacksize--;
}
break;
}
}
$tag = '';
}
} else { // Begin Tag
$tag = strtolower($regex[1]);

// Tag Cleaning

// Push if not img or br or hr
if($tag != 'br' && $tag != 'img' && $tag != 'hr') {
$stacksize = array_push ($tagstack, $tag);
}

// Attributes
// $attributes = $regex[2];
$attributes = $regex[2];
if($attributes) {
// fix to avoid CSS defacements
if ($is_comment) {
$attributes = str_replace('style=', 'title=', $attributes);
$attributes = str_replace('class=', 'title=', $attributes);
$attributes = str_replace('id=', 'title=', $attributes);
}
$attributes = ' '.$attributes;
}

$tag = '<'.$tag.$attributes.'>';
}

$newtext .= substr($text,0,$i) . $tag;
$text = substr($text,$i+$l);
}

// Clear Tag Queue
$newtext = $newtext . $tagqueue;

// Add Remaining text
$newtext .= $text;

// Empty Stack
while($x = array_pop($tagstack)) {
$newtext = $newtext . '</' . $x . '>'; // Add remaining tags to close
}

# b2 fix for the bug with HTML comments
$newtext = str_replace("< !--","<!--",$newtext);
$newtext = str_replace("< !--","< !--",$newtext);

return $newtext;
}

?>

[stevem]

The problem is that the function get_commentdata has been almost deleted leaving only