1:    2:    3:    4:    5:    6:    7:    8:    9:   10:   11:   12:   13:   14:   15:   16:   17:   18:   19:   20:   21:   22:   23:   24:   25:   26:   27:   28:   29:   30:   31:   32:   33:   34:   35:   36:   37:   38:   39:   40:   41:   42:   43:   44:   45:   46:   47:   48:   49:   50:   51:   52:   53:   54:   55:   56:   57:   58:   59:   60:   61:   62:   63:   64:   65:   66:   67:   68:   69:   70:   71:   72:   73:   74:   75:   76:   77:   78:   79:   80:   81:   82:   83:   84:   85:   86:   87:   88:   89:   90:   91:   92:   93:   94:   95:   96:   97:   98:   99:  100:  101:  102:  103:  104:  105:  106:  107:  108:  109:  110:  111:  112:  113:  114:  115:  116:  117:  118:  119:  120:  121:  122:  123:  124:  125:  126:  127:  128:  129:  130:  131:  132:  133:  134:  135:  136:  137:  138:  139:  140:  141:  142:  143:  144:  145:  146:  147:  148:  149:  150:  151:  152:  153:  154:  155:  156:  157:  158:  159:  160:  161:  162:  163:  164:  165:  166:  167:  168:  169:  170:  171:  172:  173:  174:  175:  176:  177:  178:  179:  180:  181:  182:  183:  184:  185:  186:  187:  188:  189:  190:  191:  192:  193:  194:  195:  196:  197:  198:  199:  200:  201:  202:  203:  204:  205:  206:  207:  208:  209:  210:  211:  212:  213:  214:  215:  216:  217:  218:  219:  220:  221:  222:  223:  224:  225:  226:  227:  228:  229:  230:  231:  232:  233:  234:  235:  236:  237:  238:  239:  240:  241:  242:  243:  244:  245:  246:  247:  248:  249:  250:  251:  252:  253:  254:  255:  256:  257:  258:  259:  260:  261:  262:  263:  264:  265:  266:  267:  268:  269:  270:  271:  272:  273:  274:  275:  276:  277:  278:  279:  280:  281:  282:  283:  284:  285:  286:  287:  288:  289:  290:  291:  292:  293:  294:  295:  296:  297:  298:  299:  300:  301:  302:  303:  304:  305:  306:  307:  308:  309:  310:  311:  312:  313:  314:  315:  316:  317:  318:  319:  320:  321:  322:  323:  324:  325:  326:  327:  328:  329:  330:  331:  332:  333:  334:  335:  336:  337:  338:  339:  340:  341:  342:  343:  344:  345:  346:  347:  348:  349:  350:  351:  352:  353:  354:  355:  356:  357:  358:  359:  360:  361:  362:  363:  364:  365:  366:  367:  368:  369:  370:  371:  372:  373:  374:  375:  376:  377:  378:  379:  380:  381:  382:  383:  384:  385:  386:  387:  388:  389:  390:  391:  392:  393:  394:  395:  396:  397:  398:  399:  400:  401:  402:  403:  404:  405:  406:  407:  408:  409:  410:  411:  412:  413:  414:  415:  416:  417:  418:  419:  420:  421:  422:  423:  424:  425:  426:  427:  428:  429:  430:  431:  432:  433:  434:  435:  436:  437:  438:  439:  440:  441:  442:  443:  444:  445:  446:  447:  448:  449:  450:  451:  452:  453:  454:  455:  456:  457:  458:  459:  460:  461:  462:  463:  464:  465:  466:  467:  468:  469:  470:  471:  472:  473:  474:  475:  476:  477:  478:  479:  480:  481:  482:  483:  484:  485:  486:  487:  488:  489:  490:  491:  492:  493:  494:  495:  496:  497:  498:  499:  500:  501:  502:  503:  504:  505:  506:  507:  508:  509:  510:  511:  512:  513:  514:  515:  516:  517:  518:  519:  520:  521:  522:  523:  524:  525:  526:  527:  528:  529:  530:  531:  532:  533:  534:  535:  536:  537:  538:  539:  540:  541:  542:  543:  544:  545:  546:  547:  548:  549:  550:  551:  552:  553:  554:  555:  556:  557:  558:  559:  560:  561:  562:  563:  564:  565:  566:  567:  568:  569:  570:  571:  572:  573:  574:  575:  576:  577:  578:  579:  580:  581:  582:  583:  584:  585:  586:  587:  588:  589:  590:  591:  592:  593:  594:  595:  596:  597:  598:  599:  600:  601:  602:  603:  604:  605:  606:  607:  608:  609:  610:  611:  612:  613:  614:  615:  616:  617:  618:  619:  620:  621:  622:  623:  624:  625:  626:  627:  628:  629:  630:  631:  632:  633:  634:  635:  636:  637:  638:  639:  640:  641:  642:  643:  644:  645:  646:  647:  648:  649:  650:  651:  652:  653:  654:  655:  656:  657:  658:  659:  660:  661:  662:  663:  664:  665:  666:  667:  668:  669:  670:  671:  672:  673:  674:  675:  676:  677:  678:  679:  680:  681:  682:  683:  684:  685:  686:  687:  688:  689:  690:  691:  692:  693:  694:  695:  696:  697:  698:  699:  700:  701:  702:  703:  704:  705:  706:  707:  708:  709:  710:  711:  712:  713:  714:  715:  716:  717:  718:  719:  720:  721:  722:  723:  724:  725:  726:  727:  728:  729:  730:  731:  732:  733:  734:  735:  736:  737:  738:  739:  740:  741:  742:  743:  744:  745:  746:  747:  748:  749:  750:  751:  752:  753:  754:  755:  756:  757:  758:  759:  760:  761:  762:  763:  764:  765:  766:  767:  768:  769:  770:  771:  772:  773:  774:  775:  776:  777:  778:  779:  780:  781:  782:  783:  784:  785:  786:  787:  788:  789:  790:  791:  792:  793:  794:  795:  796:  797:  798:  799:  800:  801:  802:  803:  804:  805:  806:  807:  808:  809:  810:  811:  812:  813:  814:  815:  816:  817:  818:  819:  820:  821:  822:  823:  824:  825:  826:  827:  828:  829:  830:  831:  832:  833:  834:  835:  836:  837:  838:  839:  840:  841:  842:  843:  844:  845:  846:  847:  848:  849:  850:  851:  852:  853:  854:  855:  856:  857:  858:  859:  860:  861:  862:  863:  864:  865:  866:  867:  868:  869:  870:  871:  872:  873:  874:  875:  876:  877:  878:  879:  880:  881:  882:  883:  884:  885:  886:  887:  888:  889:  890:  891:  892:  893:  894:  895:  896:  897:  898:  899:  900:  901:  902:  903:  904:  905:  906:  907:  908:  909:  910:  911:  912:  913:  914:  915:  916:  917:  918:  919:  920:  921:  922:  923:  924:  925:  926:  927:  928:  929:  930:  931:  932:  933:  934:  935:  936:  937:  938:  939:  940:  941:  942:  943:  944:  945:  946:  947:  948:  949:  950:  951:  952:  953:  954:  955:  956:  957:  958:  959:  960:  961:  962:  963:  964:  965:  966:  967:  968:  969:  970:  971:  972:  973:  974:  975:  976:  977:  978:  979:  980:  981:  982:  983:  984:  985:  986:  987:  988:  989:  990:  991:  992:  993:  994:  995:  996:  997:  998:  999: 1000: 1001: 1002: 1003: 1004: 1005: 1006: 1007: 1008: 1009: 1010: 1011: 1012: 1013: 1014: 1015: 1016: 1017: 1018: 1019: 1020: 1021: 1022: 1023: 1024: 1025: 1026: 1027: 1028: 1029: 1030: 1031: 1032: 1033: 1034: 1035: 1036: 1037: 1038: 1039: 1040: 1041: 1042: 1043: 1044: 1045: 1046: 1047: 1048: 1049: 1050: 1051: 1052: 1053: 1054: 1055: 1056: 1057: 1058: 1059: 1060: 1061: 1062: 1063: 1064: 1065: 1066: 1067: 1068: 1069: 1070: 1071: 1072: 1073: 1074: 1075: 1076: 1077: 1078: 1079: 1080: 1081: 1082: 1083: 1084: 1085: 1086: 1087: 1088: 1089: 1090: 1091: 1092: 1093: 1094: 1095: 1096: 1097: 1098: 1099: 1100: 1101: 1102: 1103: 1104: 1105: 1106: 1107: 1108: 1109: 1110: 1111: 1112: 1113: 1114: 1115: 1116: 1117: 1118: 1119: 1120: 1121: 1122: 1123: 1124: 1125: 1126: 1127: 1128: 1129: 1130: 1131: 1132: 1133: 1134: 1135: 1136: 1137: 1138: 1139: 1140: 1141: 1142: 1143: 1144: 1145: 1146: 1147: 1148: 1149: 1150: 1151: 1152: 1153: 1154: 1155: 1156: 1157: 1158: 1159: 1160: 1161: 1162: 1163: 1164: 1165: 1166: 1167: 1168: 1169: 1170: 1171: 1172: 1173: 1174: 1175: 1176: 1177: 1178: 1179: 1180: 1181: 1182: 1183: 1184: 1185: 1186: 1187: 1188: 1189: 1190: 1191: 1192: 1193: 1194: 1195: 1196: 1197: 1198: 1199: 1200: 1201: 1202: 1203: 1204: 1205: 1206: 1207: 1208: 1209: 1210: 1211: 1212: 1213: 1214: 1215: 1216: 1217: 1218: 1219: 1220: 1221: 1222: 1223: 1224: 1225: 1226: 1227: 1228: 1229: 1230: 1231: 1232: 1233: 1234: 1235: 1236: 1237: 1238: 1239: 1240: 1241: 1242: 1243: 1244: 1245: 1246: 1247: 1248: 1249: 1250: 1251: 1252: 1253: 1254: 1255: 1256: 1257: 1258: 1259: 1260: 1261: 1262: 1263: 1264: 1265: 1266: 1267: 1268: 1269: 1270: 1271: 1272: 1273: 1274: 1275: 1276: 1277: 1278: 1279: 1280: 1281: 1282: 1283: 1284: 1285: 1286: 1287: 1288: 1289: 1290: 1291: 1292: 1293: 1294: 1295: 1296: 1297: 1298: 1299: 1300: 1301: 1302: 1303: 1304: 1305: 1306: 1307: 1308: 1309: 1310: 1311: 1312: 1313: 1314: 1315: 1316: 1317: 1318: 1319: 1320: 1321: 1322: 1323: 1324: 1325: 1326: 1327: 1328: 1329: 1330: 1331: 1332: 1333: 1334: 1335: 1336: 1337: 1338: 1339: 1340: 1341: 1342: 1343: 1344: 1345: 1346: 1347: 1348: 1349: 1350: 1351: 1352: 1353: 1354: 1355: 1356: 1357: 1358: 1359: 1360: 1361: 1362: 1363: 1364: 1365: 1366: 1367: 1368: 1369: 1370: 1371: 1372: 1373: 1374: 1375: 1376: 1377: 1378: 1379: 1380: 1381: 1382: 1383: 1384: 1385: 1386: 1387: 1388: 1389: 1390: 1391: 1392: 1393: 1394: 1395: 1396: 1397: 1398: 1399: 1400: 1401: 1402: 1403: 1404: 1405: 1406: 1407: 1408: 1409: 1410: 1411: 1412: 1413: 1414: 1415: 1416: 1417: 1418: 1419: 1420: 1421: 1422: 1423: 1424: 1425: 1426: 1427: 1428: 1429: 1430: 1431: 1432: 1433: 1434: 1435: 1436: 1437: 1438: 1439: 1440: 1441: 1442: 1443: 1444: 1445: 1446: 1447: 1448: 1449: 1450: 1451: 1452: 1453: 1454: 1455: 1456: 1457: 1458: 1459: 1460: 1461: 1462: 1463: 1464: 1465: 1466: 1467: 1468: 1469: 1470: 1471: 1472: 1473: 1474: 1475: 1476: 1477: 1478: 1479: 1480: 1481: 1482: 1483: 1484: 1485: 1486: 1487: 1488: 1489: 1490: 1491: 1492: 1493: 1494: 1495: 1496: 1497: 1498: 1499: 1500: 1501: 1502: 1503: 1504: 1505: 1506: 1507: 1508: 1509: 1510: 1511: 1512: 1513: 1514: 1515: 1516: 1517: 1518: 1519: 1520: 1521: 1522: 1523: 1524: 1525: 1526: 1527: 1528: 1529: 1530: 1531: 1532: 1533: 1534: 1535: 1536: 1537: 1538: 1539: 1540: 1541: 1542: 1543: 1544: 1545: 1546: 1547: 1548: 1549: 1550: 1551: 1552: 1553: 1554: 1555: 1556: 1557: 1558: 1559: 1560: 1561: 1562: 1563: 1564: 1565: 1566: 1567: 1568: 1569: 1570: 1571: 1572: 1573: 1574: 1575: 1576: 1577: 1578: 1579: 1580: 1581: 1582: 1583: 1584: 1585: 1586: 1587: 1588: 1589: 1590: 1591: 1592: 1593: 1594: 1595: 1596: 1597: 1598: 1599: 1600: 1601: 1602: 1603: 1604: 1605: 1606: 

<?php

/**
 * Contains all the functionality required to be able to edit the core server
 * settings. This includes anything from which an error may result in the forum
 * destroying itself in a firey fury.
 *
 * Adding options to one of the setting screens isn't hard. Call prepareDBSettingsContext;
 * The basic format for a checkbox is:
 *      array('check', 'nameInModSettingsAndSQL'),
 * And for a text box:
 *      array('text', 'nameInModSettingsAndSQL')
 * (NOTE: You have to add an entry for this at the bottom!)
 *
 * In these cases, it will look for $txt['nameInModSettingsAndSQL'] as the description,
 * and $helptxt['nameInModSettingsAndSQL'] as the help popup description.
 *
 * Here's a quick explanation of how to add a new item:
 *
 * - A text input box.  For textual values.
 *      array('text', 'nameInModSettingsAndSQL', 'OptionalInputBoxWidth'),
 * - A text input box.  For numerical values.
 *      array('int', 'nameInModSettingsAndSQL', 'OptionalInputBoxWidth'),
 * - A text input box.  For floating point values.
 *      array('float', 'nameInModSettingsAndSQL', 'OptionalInputBoxWidth'),
 * - A large text input box. Used for textual values spanning multiple lines.
 *      array('large_text', 'nameInModSettingsAndSQL', 'OptionalNumberOfRows'),
 * - A check box.  Either one or zero. (boolean)
 *      array('check', 'nameInModSettingsAndSQL'),
 * - A selection box.  Used for the selection of something from a list.
 *      array('select', 'nameInModSettingsAndSQL', array('valueForSQL' => $txt['displayedValue'])),
 *      Note that just saying array('first', 'second') will put 0 in the SQL for 'first'.
 * - A password input box. Used for passwords, no less!
 *      array('password', 'nameInModSettingsAndSQL', 'OptionalInputBoxWidth'),
 * - A permission - for picking groups who have a permission.
 *      array('permissions', 'manage_groups'),
 * - A BBC selection box.
 *      array('bbc', 'sig_bbc'),
 * - A list of boards to choose from
 *      array('boards', 'likes_boards'),
 *      Note that the storage in the database is as 1,2,3,4
 *
 * For each option:
 *  - type (see above), variable name, size/possible values.
 *    OR make type '' for an empty string for a horizontal rule.
 *  - SET preinput - to put some HTML prior to the input box.
 *  - SET postinput - to put some HTML following the input box.
 *  - SET invalid - to mark the data as invalid.
 *  - PLUS you can override label and help parameters by forcing their keys in the array, for example:
 *      array('text', 'invalidlabel', 3, 'label' => 'Actual Label')
 *
 * Simple Machines Forum (SMF)
 *
 * @package SMF
 * @author Simple Machines http://www.simplemachines.org
 * @copyright 2019 Simple Machines and individual contributors
 * @license http://www.simplemachines.org/about/smf/license.php BSD
 *
 * @version 2.1 RC1
 */

if (!defined('SMF'))
    die('No direct access...');

/**
 * This is the main dispatcher. Sets up all the available sub-actions, all the tabs and selects
 * the appropriate one based on the sub-action.
 *
 * Requires the admin_forum permission.
 * Redirects to the appropriate function based on the sub-action.
 *
 * uses edit_settings adminIndex.
 */
function ModifySettings()
{
    global $context, $txt, $boarddir;

    // This is just to keep the database password more secure.
    isAllowedTo('admin_forum');

    // Load up all the tabs...
    $context[$context['admin_menu_name']]['tab_data'] = array(
        'title' => $txt['admin_server_settings'],
        'help' => 'serversettings',
        'description' => $txt['admin_basic_settings'],
    );

    checkSession('request');

    // The settings are in here, I swear!
    loadLanguage('ManageSettings');

    $context['page_title'] = $txt['admin_server_settings'];
    $context['sub_template'] = 'show_settings';

    $subActions = array(
        'general' => 'ModifyGeneralSettings',
        'database' => 'ModifyDatabaseSettings',
        'cookie' => 'ModifyCookieSettings',
        'security' => 'ModifyGeneralSecuritySettings',
        'cache' => 'ModifyCacheSettings',
        'loads' => 'ModifyLoadBalancingSettings',
        'phpinfo' => 'ShowPHPinfoSettings',
    );

    // By default we're editing the core settings
    $_REQUEST['sa'] = isset($_REQUEST['sa']) && isset($subActions[$_REQUEST['sa']]) ? $_REQUEST['sa'] : 'general';
    $context['sub_action'] = $_REQUEST['sa'];

    // Warn the user if there's any relevant information regarding Settings.php.
    $settings_not_writable = !is_writable($boarddir . '/Settings.php');
    $settings_backup_fail = !@is_writable($boarddir . '/Settings_bak.php') || !@copy($boarddir . '/Settings.php', $boarddir . '/Settings_bak.php');

    if ($settings_not_writable)
        $context['settings_message'] = '<div class="centertext"><strong>' . $txt['settings_not_writable'] . '</strong></div><br>';
    elseif ($settings_backup_fail)
        $context['settings_message'] = '<div class="centertext"><strong>' . $txt['admin_backup_fail'] . '</strong></div><br>';

    $context['settings_not_writable'] = $settings_not_writable;

    call_integration_hook('integrate_server_settings', array(&$subActions));

    // Call the right function for this sub-action.
    call_helper($subActions[$_REQUEST['sa']]);
}

/**
 * General forum settings - forum name, maintenance mode, etc.
 * Practically, this shows an interface for the settings in Settings.php to be changed.
 *
 * - Requires the admin_forum permission.
 * - Uses the edit_settings administration area.
 * - Contains the actual array of settings to show from Settings.php.
 * - Accessed from ?action=admin;area=serversettings;sa=general.
 *
 * @param bool $return_config Whether to return the $config_vars array (for pagination purposes)
 * @return void|array Returns nothing or returns the $config_vars array if $return_config is true
 */
function ModifyGeneralSettings($return_config = false)
{
    global $scripturl, $context, $txt, $modSettings, $boardurl, $sourcedir;

    // If no cert, force_ssl must remain 0
    require_once($sourcedir . '/Subs.php');
    if (!ssl_cert_found($boardurl) && empty($modSettings['force_ssl']))
        $disable_force_ssl = true;
    else
        $disable_force_ssl = false;

    /* If you're writing a mod, it's a bad idea to add things here....
    For each option:
        variable name, description, type (constant), size/possible values, helptext, optional 'min' (minimum value for float/int, defaults to 0), optional 'max' (maximum value for float/int), optional 'step' (amount to increment/decrement value for float/int)
    OR  an empty string for a horizontal rule.
    OR  a string for a titled section. */
    $config_vars = array(
        array('mbname', $txt['admin_title'], 'file', 'text', 30),
        '',
        array('maintenance', $txt['admin_maintain'], 'file', 'check'),
        array('mtitle', $txt['maintenance_subject'], 'file', 'text', 36),
        array('mmessage', $txt['maintenance_message'], 'file', 'text', 36),
        '',
        array('webmaster_email', $txt['admin_webmaster_email'], 'file', 'text', 30),
        '',
        array('enableCompressedOutput', $txt['enableCompressedOutput'], 'db', 'check', null, 'enableCompressedOutput'),
        array('disableHostnameLookup', $txt['disableHostnameLookup'], 'db', 'check', null, 'disableHostnameLookup'),
        '',
        array('force_ssl', $txt['force_ssl'], 'db', 'select', array($txt['force_ssl_off'], $txt['force_ssl_complete']), 'force_ssl', 'disabled' => $disable_force_ssl),
        array('image_proxy_enabled', $txt['image_proxy_enabled'], 'file', 'check', null, 'image_proxy_enabled'),
        array('image_proxy_secret', $txt['image_proxy_secret'], 'file', 'text', 30, 'image_proxy_secret'),
        array('image_proxy_maxsize', $txt['image_proxy_maxsize'], 'file', 'int', null, 'image_proxy_maxsize'),
        '',
        array('enable_sm_stats', $txt['enable_sm_stats'], 'db', 'check', null, 'enable_sm_stats'),
    );

    call_integration_hook('integrate_general_settings', array(&$config_vars));

    if ($return_config)
        return $config_vars;

    // Setup the template stuff.
    $context['post_url'] = $scripturl . '?action=admin;area=serversettings;sa=general;save';
    $context['settings_title'] = $txt['general_settings'];

    // Saving settings?
    if (isset($_REQUEST['save']))
    {
        call_integration_hook('integrate_save_general_settings');

        // Are we saving the stat collection?
        if (!empty($_POST['enable_sm_stats']) && empty($modSettings['sm_stats_key']))
        {
            $registerSMStats = registerSMStats();

            // Failed to register, disable it again.
            if (empty($registerSMStats))
                $_POST['enable_sm_stats'] = 0;
        }

        // Ensure all URLs are aligned with the new force_ssl setting
        // Treat unset like 0
        if (isset($_POST['force_ssl']))
            AlignURLsWithSSLSetting($_POST['force_ssl']);
        else
            AlignURLsWithSSLSetting(0);

        saveSettings($config_vars);
        $_SESSION['adm-save'] = true;
        redirectexit('action=admin;area=serversettings;sa=general;' . $context['session_var'] . '=' . $context['session_id']);
    }

    // Fill the config array.
    prepareServerSettingsContext($config_vars);

    // Some javascript for SSL
    addInlineJavaScript('
$(function()
{
    $("#force_ssl").change(function()
    {
        var mode = $(this).val() == 1 ? false : true;
        $("#image_proxy_enabled").prop("disabled", mode);
        $("#image_proxy_secret").prop("disabled", mode);
        $("#image_proxy_maxsize").prop("disabled", mode);
    }).change();
});', true);
}

/**
 * Align URLs with SSL Setting.
 *
 * If force_ssl has changed, ensure all URLs are aligned with the new setting.
 * This includes:
 *     - $boardurl
 *     - $modSettings['smileys_url']
 *     - $modSettings['avatar_url']
 *     - $modSettings['custom_avatar_url'] - if found
 *     - theme_url - all entries in the themes table
 *     - images_url - all entries in the themes table
 *
 * This function will NOT overwrite URLs that are not subfolders of $boardurl.
 * The admin must have pointed those somewhere else on purpose, so they must be updated manually.
 *
 * A word of caution: You can't trust the http/https scheme reflected for these URLs in $globals
 * (e.g., $boardurl) or in $modSettings.  This is because SMF may change them in memory to comply
 * with the force_ssl setting - a soft redirect may be in effect...  Thus, conditional updates
 * to these values do not work.  You gotta just brute force overwrite them based on force_ssl.
 *
 * @param int $new_force_ssl is the current force_ssl setting.
 * @return void Returns nothing, just does its job
 */
function AlignURLsWithSSLSetting($new_force_ssl = 0)
{
    global $boardurl, $modSettings, $sourcedir, $smcFunc;
    require_once($sourcedir . '/Subs-Admin.php');

    // Check $boardurl
    if (!empty($new_force_ssl))
        $newval = strtr($boardurl, array('http://' => 'https://'));
    else
        $newval = strtr($boardurl, array('https://' => 'http://'));
    updateSettingsFile(array('boardurl' => '\'' . addslashes($newval) . '\''));

    $new_settings = array();

    // Check $smileys_url, but only if it points to a subfolder of $boardurl
    if (BoardurlMatch($modSettings['smileys_url']))
    {
        if (!empty($new_force_ssl))
            $newval = strtr($modSettings['smileys_url'], array('http://' => 'https://'));
        else
            $newval = strtr($modSettings['smileys_url'], array('https://' => 'http://'));
        $new_settings['smileys_url'] = $newval;
    }

    // Check $avatar_url, but only if it points to a subfolder of $boardurl
    if (BoardurlMatch($modSettings['avatar_url']))
    {
        if (!empty($new_force_ssl))
            $newval = strtr($modSettings['avatar_url'], array('http://' => 'https://'));
        else
            $newval = strtr($modSettings['avatar_url'], array('https://' => 'http://'));
        $new_settings['avatar_url'] = $newval;
    }

    // Check $custom_avatar_url, but only if it points to a subfolder of $boardurl
    // This one had been optional in the past, make sure it is set first
    if (isset($modSettings['custom_avatar_url']) && BoardurlMatch($modSettings['custom_avatar_url']))
    {
        if (!empty($new_force_ssl))
            $newval = strtr($modSettings['custom_avatar_url'], array('http://' => 'https://'));
        else
            $newval = strtr($modSettings['custom_avatar_url'], array('https://' => 'http://'));
        $new_settings['custom_avatar_url'] = $newval;
    }

    // Save updates to the settings table
    if (!empty($new_settings))
        updateSettings($new_settings, true);

    // Now we move onto the themes.
    // First, get a list of theme URLs...
    $request = $smcFunc['db_query']('', '
        SELECT id_theme, variable, value
        FROM {db_prefix}themes
        WHERE variable in ({string:themeurl}, {string:imagesurl})
            AND id_member = {int:zero}',
        array(
            'themeurl' => 'theme_url',
            'imagesurl' => 'images_url',
            'zero' => 0,
        )
    );

    while ($row = $smcFunc['db_fetch_assoc']($request))
    {
        // First check to see if it points to a subfolder of $boardurl
        if (BoardurlMatch($row['value']))
        {
            if (!empty($new_force_ssl))
                $newval = strtr($row['value'], array('http://' => 'https://'));
            else
                $newval = strtr($row['value'], array('https://' => 'http://'));

            $smcFunc['db_query']('', '
                UPDATE {db_prefix}themes
                SET value = {string:theme_val}
                WHERE variable = {string:theme_var}
                    AND id_theme = {string:theme_id}
                    AND id_member = {int:zero}',
                array(
                    'theme_val' => $newval,
                    'theme_var' => $row['variable'],
                    'theme_id' => $row['id_theme'],
                    'zero' => 0,
                )
            );
        }
    }
    $smcFunc['db_free_result']($request);
}

/**
 * $boardurl Match.
 *
 * Helper function to see if the url being checked is based off of $boardurl.
 * If not, it was overridden by the admin to some other value on purpose, and should not
 * be stepped on by SMF when aligning URLs with the force_ssl setting.
 * The site admin must change URLs that are not aligned with $boardurl manually.
 *
 * @param string $url is the url to check.
 * @return bool Returns true if the url is based off of $boardurl (without the scheme), false if not
 */
function BoardurlMatch($url = '')
{
    global $boardurl;

    // Strip the schemes
    $urlpath = strtr($url, array('http://' => '', 'https://' => ''));
    $boardurlpath = strtr($boardurl, array('http://' => '', 'https://' => ''));

    // If leftmost portion of path matches boardurl, return true
    $result = strpos($urlpath, $boardurlpath);
    if ($result === false || $result != 0)
        return false;
    else
        return true;
}

/**
 * Basic database and paths settings - database name, host, etc.
 *
 * - It shows an interface for the settings in Settings.php to be changed.
 * - It contains the actual array of settings to show from Settings.php.
 * - Requires the admin_forum permission.
 * - Uses the edit_settings administration area.
 * - Accessed from ?action=admin;area=serversettings;sa=database.
 *
 * @param bool $return_config Whether or not to return the config_vars array (used for admin search)
 * @return void|array Returns nothing or returns the $config_vars array if $return_config is true
 */
function ModifyDatabaseSettings($return_config = false)
{
    global $scripturl, $context, $txt, $smcFunc;
    db_extend('extra');

    /* If you're writing a mod, it's a bad idea to add things here....
        For each option:
        variable name, description, type (constant), size/possible values, helptext, optional 'min' (minimum value for float/int, defaults to 0), optional 'max' (maximum value for float/int), optional 'step' (amount to increment/decrement value for float/int)
        OR an empty string for a horizontal rule.
        OR a string for a titled section. */
    $config_vars = array(
        array('db_persist', $txt['db_persist'], 'file', 'check', null, 'db_persist'),
        array('db_error_send', $txt['db_error_send'], 'file', 'check'),
        array('ssi_db_user', $txt['ssi_db_user'], 'file', 'text', null, 'ssi_db_user'),
        array('ssi_db_passwd', $txt['ssi_db_passwd'], 'file', 'password'),
        '',
        array('autoFixDatabase', $txt['autoFixDatabase'], 'db', 'check', false, 'autoFixDatabase')
    );

    // Add PG Stuff
    if ($smcFunc['db_title'] == "PostgreSQL")
    {
        $request = $smcFunc['db_query']('', 'SELECT cfgname FROM pg_ts_config', array());
        $fts_language = array();

        while ($row = $smcFunc['db_fetch_assoc']($request))
            $fts_language[$row['cfgname']] = $row['cfgname'];

        $config_vars = array_merge($config_vars, array(
                '',
                array('search_language', $txt['search_language'], 'db', 'select', $fts_language, 'pgFulltextSearch')
            )
        );
    }

    call_integration_hook('integrate_database_settings', array(&$config_vars));

    if ($return_config)
        return $config_vars;

    // Setup the template stuff.
    $context['post_url'] = $scripturl . '?action=admin;area=serversettings;sa=database;save';
    $context['settings_title'] = $txt['database_settings'];
    $context['save_disabled'] = $context['settings_not_writable'];

    if (!$smcFunc['db_allow_persistent']())
        addInlineJavaScript('
            $(function()
            {
                $("#db_persist").prop("disabled", true);
            });', true);

    // Saving settings?
    if (isset($_REQUEST['save']))
    {
        call_integration_hook('integrate_save_database_settings');

        saveSettings($config_vars);
        $_SESSION['adm-save'] = true;
        redirectexit('action=admin;area=serversettings;sa=database;' . $context['session_var'] . '=' . $context['session_id']);
    }

    // Fill the config array.
    prepareServerSettingsContext($config_vars);
}

/**
 * This function handles cookies settings modifications.
 *
 * @param bool $return_config Whether or not to return the config_vars array (used for admin search)
 * @return void|array Returns nothing or returns the $config_vars array if $return_config is true
 */
function ModifyCookieSettings($return_config = false)
{
    global $context, $scripturl, $txt, $sourcedir, $modSettings, $cookiename, $user_settings, $boardurl, $smcFunc;

    // Define the variables we want to edit.
    $config_vars = array(
        // Cookies...
        array('cookiename', $txt['cookie_name'], 'file', 'text', 20),
        array('cookieTime', $txt['cookieTime'], 'db', 'int', 'postinput' => $txt['minutes']),
        array('localCookies', $txt['localCookies'], 'db', 'check', false, 'localCookies'),
        array('globalCookies', $txt['globalCookies'], 'db', 'check', false, 'globalCookies'),
        array('globalCookiesDomain', $txt['globalCookiesDomain'], 'db', 'text', false, 'globalCookiesDomain'),
        array('secureCookies', $txt['secureCookies'], 'db', 'check', false, 'secureCookies', 'disabled' => !httpsOn()),
        array('httponlyCookies', $txt['httponlyCookies'], 'db', 'check', false, 'httponlyCookies'),
        '',
        // Sessions
        array('databaseSession_enable', $txt['databaseSession_enable'], 'db', 'check', false, 'databaseSession_enable'),
        array('databaseSession_loose', $txt['databaseSession_loose'], 'db', 'check', false, 'databaseSession_loose'),
        array('databaseSession_lifetime', $txt['databaseSession_lifetime'], 'db', 'int', false, 'databaseSession_lifetime', 'postinput' => $txt['seconds']),
        '',
        // 2FA
        array('tfa_mode', $txt['tfa_mode'], 'db', 'select', array(
            0 => $txt['tfa_mode_disabled'],
            1 => $txt['tfa_mode_enabled'],
        ) + (empty($user_settings['tfa_secret']) ? array() : array(
            2 => $txt['tfa_mode_forced'],
        )) + (empty($user_settings['tfa_secret']) ? array() : array(
            3 => $txt['tfa_mode_forcedall'],
        )), 'subtext' => $txt['tfa_mode_subtext'] . (empty($user_settings['tfa_secret']) ? '<br><strong>' . $txt['tfa_mode_forced_help'] . '</strong>' : ''), 'tfa_mode'),
    );

    addInlineJavaScript('
    function hideGlobalCookies()
    {
        var usingLocal = $("#localCookies").prop("checked");
        $("#setting_globalCookies").closest("dt").toggle(!usingLocal);
        $("#globalCookies").closest("dd").toggle(!usingLocal);

        var usingGlobal = !usingLocal && $("#globalCookies").prop("checked");
        $("#setting_globalCookiesDomain").closest("dt").toggle(usingGlobal);
        $("#globalCookiesDomain").closest("dd").toggle(usingGlobal);
    };
    hideGlobalCookies();

    $("#localCookies, #globalCookies").click(function() {
        hideGlobalCookies();
    });', true);

    if (empty($user_settings['tfa_secret']))
        addInlineJavaScript('');

    call_integration_hook('integrate_cookie_settings', array(&$config_vars));

    if ($return_config)
        return $config_vars;

    $context['post_url'] = $scripturl . '?action=admin;area=serversettings;sa=cookie;save';
    $context['settings_title'] = $txt['cookies_sessions_settings'];

    // Saving settings?
    if (isset($_REQUEST['save']))
    {
        call_integration_hook('integrate_save_cookie_settings');

        // Local and global do not play nicely together.
        if (!empty($_POST['localCookies']) && empty($_POST['globalCookies']))
            unset ($_POST['globalCookies']);

        if (empty($modSettings['localCookies']) != empty($_POST['localCookies']) || empty($modSettings['globalCookies']) != empty($_POST['globalCookies']))
            $scope_changed = true;

        if (!empty($_POST['globalCookiesDomain']) && strpos($boardurl, $_POST['globalCookiesDomain']) === false)
            fatal_lang_error('invalid_cookie_domain', false);

        saveSettings($config_vars);

        // If the cookie name or scope were changed, reset the cookie.
        if ($cookiename != $_POST['cookiename'] || !empty($scope_changed))
        {
            $original_session_id = $context['session_id'];
            include_once($sourcedir . '/Subs-Auth.php');

            // Remove the old cookie.
            setLoginCookie(-3600, 0);

            // Set the new one.
            $cookiename = !empty($_POST['cookiename']) ? $_POST['cookiename'] : $cookiename;
            setLoginCookie(60 * $modSettings['cookieTime'], $user_settings['id_member'], hash_salt($user_settings['passwd'], $user_settings['password_salt']));

            redirectexit('action=admin;area=serversettings;sa=cookie;' . $context['session_var'] . '=' . $original_session_id, $context['server']['needs_login_fix']);
        }

        //If we disabled 2FA, reset all members and membergroups settings.
        if (isset($_POST['tfa_mode']) && empty($_POST['tfa_mode']))
        {
            $smcFunc['db_query']('', '
                UPDATE {db_prefix}membergroups
                SET tfa_required = {int:zero}',
                array(
                    'zero' => 0,
                )
            );
            $smcFunc['db_query']('', '
                UPDATE {db_prefix}members
                SET tfa_secret = {string:empty}, tfa_backup = {string:empty}',
                array(
                    'empty' => '',
                )
            );
        }

        $_SESSION['adm-save'] = true;
        redirectexit('action=admin;area=serversettings;sa=cookie;' . $context['session_var'] . '=' . $context['session_id']);
    }

    // Fill the config array.
    prepareServerSettingsContext($config_vars);
}

/**
 * Settings really associated with general security aspects.
 *
 * @param bool $return_config Whether or not to return the config_vars array (used for admin search)
 * @return void|array Returns nothing or returns the $config_vars array if $return_config is true
 */
function ModifyGeneralSecuritySettings($return_config = false)
{
    global $txt, $scripturl, $context;

    $config_vars = array(
        array('int', 'failed_login_threshold'),
        array('int', 'loginHistoryDays', 'subtext' => $txt['zero_to_disable']),
        '',

        array('check', 'securityDisable'),
        array('check', 'securityDisable_moderate'),
        '',

        // Reactive on email, and approve on delete
        array('check', 'send_validation_onChange'),
        array('check', 'approveAccountDeletion'),
        '',

        // Password strength.
        array(
            'select',
            'password_strength',
            array(
                $txt['setting_password_strength_low'],
                $txt['setting_password_strength_medium'],
                $txt['setting_password_strength_high']
            )
        ),
        array('check', 'enable_password_conversion'),
        '',

        // Reporting of personal messages?
        array('check', 'enableReportPM'),
        '',

        array(
            'select',
            'frame_security',
            array(
                'SAMEORIGIN' => $txt['setting_frame_security_SAMEORIGIN'],
                'DENY' => $txt['setting_frame_security_DENY'],
                'DISABLE' => $txt['setting_frame_security_DISABLE']
            )
        ),
        '',

        array(
            'select',
            'proxy_ip_header',
            array(
                'disabled' => $txt['setting_proxy_ip_header_disabled'],
                'autodetect' => $txt['setting_proxy_ip_header_autodetect'],
                'HTTP_X_FORWARDED_FOR' => 'HTTP_X_FORWARDED_FOR',
                'HTTP_CLIENT_IP' => 'HTTP_CLIENT_IP',
                'HTTP_X_REAL_IP' => 'HTTP_X_REAL_IP',
                'CF-Connecting-IP' => 'CF-Connecting-IP'
            )
        ),
        array('text', 'proxy_ip_servers'),
    );

    call_integration_hook('integrate_general_security_settings', array(&$config_vars));

    if ($return_config)
        return $config_vars;

    // Saving?
    if (isset($_GET['save']))
    {
        saveDBSettings($config_vars);
        $_SESSION['adm-save'] = true;

        call_integration_hook('integrate_save_general_security_settings');

        writeLog();
        redirectexit('action=admin;area=serversettings;sa=security;' . $context['session_var'] . '=' . $context['session_id']);
    }

    $context['post_url'] = $scripturl . '?action=admin;area=serversettings;save;sa=security';
    $context['settings_title'] = $txt['security_settings'];

    prepareDBSettingContext($config_vars);
}

/**
 * Simply modifying cache functions
 *
 * @param bool $return_config Whether or not to return the config_vars array (used for admin search)
 * @return void|array Returns nothing or returns the $config_vars array if $return_config is true
 */
function ModifyCacheSettings($return_config = false)
{
    global $context, $scripturl, $txt;

    // Detect all available optimizers
    $detected = loadCacheAPIs();

    // set our values to show what, if anything, we found
    if (empty($detected))
    {
        $txt['cache_settings_message'] = $txt['detected_no_caching'];
        $cache_level = array($txt['cache_off']);
        $detected['none'] = $txt['cache_off'];
    }
    else
    {
        $txt['cache_settings_message'] = sprintf($txt['detected_accelerators'], implode(', ', $detected));
        $cache_level = array($txt['cache_off'], $txt['cache_level1'], $txt['cache_level2'], $txt['cache_level3']);
    }

    // Define the variables we want to edit.
    $config_vars = array(
        // Only a few settings, but they are important
        array('', $txt['cache_settings_message'], '', 'desc'),
        array('cache_enable', $txt['cache_enable'], 'file', 'select', $cache_level, 'cache_enable'),
        array('cache_accelerator', $txt['cache_accelerator'], 'file', 'select', $detected),
    );

    // some javascript to enable / disable certain settings if the option is not selected
    $context['settings_post_javascript'] = '
        $(document).ready(function() {
            $("#cache_accelerator").change();
        });';

    call_integration_hook('integrate_modify_cache_settings', array(&$config_vars));

    // Maybe we have some additional settings from the selected accelerator.
    if (!empty($detected))
    {
        foreach ($detected as $tryCache => $dummy)
        {
            $cache_class_name = $tryCache . '_cache';

            // loadCacheAPIs has already included the file, just see if we can't add the settings in.
            if (is_callable(array($cache_class_name, 'cacheSettings')))
            {
                $testAPI = new $cache_class_name();
                call_user_func_array(array($testAPI, 'cacheSettings'), array(&$config_vars));
            }
        }
    }
    if ($return_config)
        return $config_vars;

    // Saving again?
    if (isset($_GET['save']))
    {
        call_integration_hook('integrate_save_cache_settings');

        saveSettings($config_vars);
        $_SESSION['adm-save'] = true;

        // We need to save the $cache_enable to $modSettings as well
        updatesettings(array('cache_enable' => (int) $_POST['cache_enable']));

        // exit so we reload our new settings on the page
        redirectexit('action=admin;area=serversettings;sa=cache;' . $context['session_var'] . '=' . $context['session_id']);
    }

    loadLanguage('ManageMaintenance');
    createToken('admin-maint');
    $context['template_layers'][] = 'clean_cache_button';

    $context['post_url'] = $scripturl . '?action=admin;area=serversettings;sa=cache;save';
    $context['settings_title'] = $txt['caching_settings'];

    // Changing cache settings won't have any effect if Settings.php is not writeable.
    $context['save_disabled'] = $context['settings_not_writable'];

    // Decide what message to show.
    if (!$context['save_disabled'])
        $context['settings_message'] = $txt['caching_information'];

    // Prepare the template.
    prepareServerSettingsContext($config_vars);
}

/**
 * Allows to edit load balancing settings.
 *
 * @param bool $return_config Whether or not to return the config_vars array
 * @return void|array Returns nothing or returns the $config_vars array if $return_config is true
 */
function ModifyLoadBalancingSettings($return_config = false)
{
    global $txt, $scripturl, $context, $modSettings;

    // Setup a warning message, but disabled by default.
    $disabled = true;
    $context['settings_message'] = $txt['loadavg_disabled_conf'];

    if (DIRECTORY_SEPARATOR === '\\')
    {
        $context['settings_message'] = $txt['loadavg_disabled_windows'];
        if (isset($_GET['save']))
            $_SESSION['adm-save'] = $txt['loadavg_disabled_windows'];
    }
    elseif (stripos(PHP_OS, 'darwin') === 0)
    {
        $context['settings_message'] = $txt['loadavg_disabled_osx'];
        if (isset($_GET['save']))
            $_SESSION['adm-save'] = $txt['loadavg_disabled_osx'];
    }
    else
    {
        $modSettings['load_average'] = @file_get_contents('/proc/loadavg');
        if (!empty($modSettings['load_average']) && preg_match('~^([^ ]+?) ([^ ]+?) ([^ ]+)~', $modSettings['load_average'], $matches) !== 0)
            $modSettings['load_average'] = (float) $matches[1];
        elseif (($modSettings['load_average'] = @`uptime`) !== null && preg_match('~load averages?: (\d+\.\d+), (\d+\.\d+), (\d+\.\d+)~i', $modSettings['load_average'], $matches) !== 0)
            $modSettings['load_average'] = (float) $matches[1];
        else
            unset($modSettings['load_average']);

        if (!empty($modSettings['load_average']) || (isset($modSettings['load_average']) && $modSettings['load_average'] === 0.0))
        {
            $context['settings_message'] = sprintf($txt['loadavg_warning'], $modSettings['load_average']);
            $disabled = false;
        }
    }

    // Start with a simple checkbox.
    $config_vars = array(
        array('check', 'loadavg_enable', 'disabled' => $disabled),
    );

    // Set the default values for each option.
    $default_values = array(
        'loadavg_auto_opt' => 1.0,
        'loadavg_search' => 2.5,
        'loadavg_allunread' => 2.0,
        'loadavg_unreadreplies' => 3.5,
        'loadavg_show_posts' => 2.0,
        'loadavg_userstats' => 10.0,
        'loadavg_bbc' => 30.0,
        'loadavg_forum' => 40.0,
    );

    // Loop through the settings.
    foreach ($default_values as $name => $value)
    {
        // Use the default value if the setting isn't set yet.
        $value = !isset($modSettings[$name]) ? $value : $modSettings[$name];
        $config_vars[] = array('float', $name, 'value' => $value, 'disabled' => $disabled);
    }

    call_integration_hook('integrate_loadavg_settings', array(&$config_vars));

    if ($return_config)
        return $config_vars;

    $context['post_url'] = $scripturl . '?action=admin;area=serversettings;sa=loads;save';
    $context['settings_title'] = $txt['load_balancing_settings'];

    // Saving?
    if (isset($_GET['save']))
    {
        // Stupidity is not allowed.
        foreach ($_POST as $key => $value)
        {
            if (strpos($key, 'loadavg') === 0 || $key === 'loadavg_enable' || !in_array($key, array_keys($default_values)))
                continue;
            else
                $_POST[$key] = (float) $value;

            if ($key == 'loadavg_auto_opt' && $value <= 1)
                $_POST['loadavg_auto_opt'] = 1.0;
            elseif ($key == 'loadavg_forum' && $value < 10)
                $_POST['loadavg_forum'] = 10.0;
            elseif ($value < 2)
                $_POST[$key] = 2.0;
        }

        call_integration_hook('integrate_save_loadavg_settings');

        saveDBSettings($config_vars);
        if (!isset($_SESSION['adm-save']))
            $_SESSION['adm-save'] = true;
        redirectexit('action=admin;area=serversettings;sa=loads;' . $context['session_var'] . '=' . $context['session_id']);
    }

    prepareDBSettingContext($config_vars);
}

/**
 * Helper function, it sets up the context for the manage server settings.
 * - The basic usage of the six numbered key fields are
 * - array (0 ,1, 2, 3, 4, 5
 *      0 variable name - the name of the saved variable
 *      1 label - the text to show on the settings page
 *      2 saveto - file or db, where to save the variable name - value pair
 *      3 type - type of data to save, int, float, text, check
 *      4 size - false or field size
 *      5 help - '' or helptxt variable name
 *  )
 *
 * the following named keys are also permitted
 * 'disabled' => A string of code that will determine whether or not the setting should be disabled
 * 'postinput' => Text to display after the input field
 * 'preinput' => Text to display before the input field
 * 'subtext' => Additional descriptive text to display under the field's label
 * 'min' => minimum allowed value (for int/float). Defaults to 0 if not set.
 * 'max' => maximum allowed value (for int/float)
 * 'step' => how much to increment/decrement the value by (only for int/float - mostly used for float values).
 *
 * @param array $config_vars An array of configuration variables
 */
function prepareServerSettingsContext(&$config_vars)
{
    global $context, $modSettings, $smcFunc;

    if (isset($_SESSION['adm-save']))
    {
        if ($_SESSION['adm-save'] === true)
            $context['saved_successful'] = true;
        else
            $context['saved_failed'] = $_SESSION['adm-save'];

        unset($_SESSION['adm-save']);
    }

    $context['config_vars'] = array();
    foreach ($config_vars as $identifier => $config_var)
    {
        if (!is_array($config_var) || !isset($config_var[1]))
            $context['config_vars'][] = $config_var;
        else
        {
            $varname = $config_var[0];
            global $$varname;

            // Set the subtext in case it's part of the label.
            // @todo Temporary. Preventing divs inside label tags.
            $divPos = strpos($config_var[1], '<div');
            $subtext = '';
            if ($divPos !== false)
            {
                $subtext = preg_replace('~</?div[^>]*>~', '', substr($config_var[1], $divPos));
                $config_var[1] = substr($config_var[1], 0, $divPos);
            }

            $context['config_vars'][$config_var[0]] = array(
                'label' => $config_var[1],
                'help' => isset($config_var[5]) ? $config_var[5] : '',
                'type' => $config_var[3],
                'size' => empty($config_var[4]) ? 0 : $config_var[4],
                'data' => isset($config_var[4]) && is_array($config_var[4]) && $config_var[3] != 'select' ? $config_var[4] : array(),
                'name' => $config_var[0],
                'value' => $config_var[2] == 'file' ? $smcFunc['htmlspecialchars']($$varname) : (isset($modSettings[$config_var[0]]) ? $smcFunc['htmlspecialchars']($modSettings[$config_var[0]]) : (in_array($config_var[3], array('int', 'float')) ? 0 : '')),
                'disabled' => !empty($context['settings_not_writable']) || !empty($config_var['disabled']),
                'invalid' => false,
                'subtext' => !empty($config_var['subtext']) ? $config_var['subtext'] : $subtext,
                'javascript' => '',
                'preinput' => !empty($config_var['preinput']) ? $config_var['preinput'] : '',
                'postinput' => !empty($config_var['postinput']) ? $config_var['postinput'] : '',
            );

            // Handle min/max/step if necessary
            if ($config_var[3] == 'int' || $config_var[3] == 'float')
            {
                // Default to a min of 0 if one isn't set
                if (isset($config_var['min']))
                    $context['config_vars'][$config_var[0]]['min'] = $config_var['min'];
                else
                    $context['config_vars'][$config_var[0]]['min'] = 0;

                if (isset($config_var['max']))
                    $context['config_vars'][$config_var[0]]['max'] = $config_var['max'];

                if (isset($config_var['step']))
                    $context['config_vars'][$config_var[0]]['step'] = $config_var['step'];
            }

            // If this is a select box handle any data.
            if (!empty($config_var[4]) && is_array($config_var[4]))
            {
                // If it's associative
                $config_values = array_values($config_var[4]);
                if (isset($config_values[0]) && is_array($config_values[0]))
                    $context['config_vars'][$config_var[0]]['data'] = $config_var[4];
                else
                {
                    foreach ($config_var[4] as $key => $item)
                        $context['config_vars'][$config_var[0]]['data'][] = array($key, $item);
                }
            }
        }
    }

    // Two tokens because saving these settings requires both saveSettings and saveDBSettings
    createToken('admin-ssc');
    createToken('admin-dbsc');
}

/**
 * Helper function, it sets up the context for database settings.
 *
 * @todo see rev. 10406 from 2.1-requests
 *
 * @param array $config_vars An array of configuration variables
 */
function prepareDBSettingContext(&$config_vars)
{
    global $txt, $helptxt, $context, $modSettings, $sourcedir, $smcFunc;

    loadLanguage('Help');

    if (isset($_SESSION['adm-save']))
    {
        if ($_SESSION['adm-save'] === true)
            $context['saved_successful'] = true;
        else
            $context['saved_failed'] = $_SESSION['adm-save'];

        unset($_SESSION['adm-save']);
    }

    $context['config_vars'] = array();
    $inlinePermissions = array();
    $bbcChoice = array();
    $board_list = false;
    foreach ($config_vars as $config_var)
    {
        // HR?
        if (!is_array($config_var))
            $context['config_vars'][] = $config_var;
        else
        {
            // If it has no name it doesn't have any purpose!
            if (empty($config_var[1]))
                continue;

            // Special case for inline permissions
            if ($config_var[0] == 'permissions' && allowedTo('manage_permissions'))
                $inlinePermissions[] = $config_var[1];
            elseif ($config_var[0] == 'permissions')
                continue;

            if ($config_var[0] == 'boards')
                $board_list = true;

            // Are we showing the BBC selection box?
            if ($config_var[0] == 'bbc')
                $bbcChoice[] = $config_var[1];

            // We need to do some parsing of the value before we pass it in.
            if (isset($modSettings[$config_var[1]]))
            {
                switch ($config_var[0])
                {
                    case 'select':
                        $value = $modSettings[$config_var[1]];
                        break;
                    case 'json':
                        $value = $smcFunc['htmlspecialchars']($smcFunc['json_encode']($modSettings[$config_var[1]]));
                        break;
                    case 'boards':
                        $value = explode(',', $modSettings[$config_var[1]]);
                        break;
                    default:
                        $value = $smcFunc['htmlspecialchars']($modSettings[$config_var[1]]);
                }
            }
            else
            {
                // Darn, it's empty. What type is expected?
                switch ($config_var[0])
                {
                    case 'int':
                    case 'float':
                        $value = 0;
                        break;
                    case 'select':
                        $value = !empty($config_var['multiple']) ? $smcFunc['json_encode'](array()) : '';
                        break;
                    case 'boards':
                        $value = array();
                        break;
                    default:
                        $value = '';
                }
            }

            $context['config_vars'][$config_var[1]] = array(
                'label' => isset($config_var['text_label']) ? $config_var['text_label'] : (isset($txt[$config_var[1]]) ? $txt[$config_var[1]] : (isset($config_var[3]) && !is_array($config_var[3]) ? $config_var[3] : '')),
                'help' => isset($helptxt[$config_var[1]]) ? $config_var[1] : '',
                'type' => $config_var[0],
                'size' => !empty($config_var['size']) ? $config_var['size'] : (!empty($config_var[2]) && !is_array($config_var[2]) ? $config_var[2] : (in_array($config_var[0], array('int', 'float')) ? 6 : 0)),
                'data' => array(),
                'name' => $config_var[1],
                'value' => $value,
                'disabled' => false,
                'invalid' => !empty($config_var['invalid']),
                'javascript' => '',
                'var_message' => !empty($config_var['message']) && isset($txt[$config_var['message']]) ? $txt[$config_var['message']] : '',
                'preinput' => isset($config_var['preinput']) ? $config_var['preinput'] : '',
                'postinput' => isset($config_var['postinput']) ? $config_var['postinput'] : '',
            );

            // Handle min/max/step if necessary
            if ($config_var[0] == 'int' || $config_var[0] == 'float')
            {
                // Default to a min of 0 if one isn't set
                if (isset($config_var['min']))
                    $context['config_vars'][$config_var[1]]['min'] = $config_var['min'];
                else
                    $context['config_vars'][$config_var[1]]['min'] = 0;

                if (isset($config_var['max']))
                    $context['config_vars'][$config_var[1]]['max'] = $config_var['max'];

                if (isset($config_var['step']))
                    $context['config_vars'][$config_var[1]]['step'] = $config_var['step'];
            }

            // If this is a select box handle any data.
            if (!empty($config_var[2]) && is_array($config_var[2]))
            {
                // If we allow multiple selections, we need to adjust a few things.
                if ($config_var[0] == 'select' && !empty($config_var['multiple']))
                {
                    $context['config_vars'][$config_var[1]]['name'] .= '[]';
                    $context['config_vars'][$config_var[1]]['value'] = !empty($context['config_vars'][$config_var[1]]['value']) ? $smcFunc['json_decode']($context['config_vars'][$config_var[1]]['value'], true) : array();
                }

                // If it's associative
                if (isset($config_var[2][0]) && is_array($config_var[2][0]))
                    $context['config_vars'][$config_var[1]]['data'] = $config_var[2];
                else
                {
                    foreach ($config_var[2] as $key => $item)
                        $context['config_vars'][$config_var[1]]['data'][] = array($key, $item);
                }
            }

            // Finally allow overrides - and some final cleanups.
            foreach ($config_var as $k => $v)
            {
                if (!is_numeric($k))
                {
                    if (substr($k, 0, 2) == 'on')
                        $context['config_vars'][$config_var[1]]['javascript'] .= ' ' . $k . '="' . $v . '"';
                    else
                        $context['config_vars'][$config_var[1]][$k] = $v;
                }

                // See if there are any other labels that might fit?
                if (isset($txt['setting_' . $config_var[1]]))
                    $context['config_vars'][$config_var[1]]['label'] = $txt['setting_' . $config_var[1]];
                elseif (isset($txt['groups_' . $config_var[1]]))
                    $context['config_vars'][$config_var[1]]['label'] = $txt['groups_' . $config_var[1]];
            }

            // Set the subtext in case it's part of the label.
            // @todo Temporary. Preventing divs inside label tags.
            $divPos = strpos($context['config_vars'][$config_var[1]]['label'], '<div');
            if ($divPos !== false)
            {
                $context['config_vars'][$config_var[1]]['subtext'] = preg_replace('~</?div[^>]*>~', '', substr($context['config_vars'][$config_var[1]]['label'], $divPos));
                $context['config_vars'][$config_var[1]]['label'] = substr($context['config_vars'][$config_var[1]]['label'], 0, $divPos);
            }
        }
    }

    // If we have inline permissions we need to prep them.
    if (!empty($inlinePermissions) && allowedTo('manage_permissions'))
    {
        require_once($sourcedir . '/ManagePermissions.php');
        init_inline_permissions($inlinePermissions);
    }

    if ($board_list)
    {
        require_once($sourcedir . '/Subs-MessageIndex.php');
        $context['board_list'] = getBoardList();
    }

    // What about any BBC selection boxes?
    if (!empty($bbcChoice))
    {
        // What are the options, eh?
        $temp = parse_bbc(false);
        $bbcTags = array();
        foreach ($temp as $tag)
            $bbcTags[] = $tag['tag'];

        $bbcTags = array_unique($bbcTags);

        // The number of columns we want to show the BBC tags in.
        $numColumns = isset($context['num_bbc_columns']) ? $context['num_bbc_columns'] : 3;

        // Now put whatever BBC options we may have into context too!
        $context['bbc_sections'] = array();
        foreach ($bbcChoice as $bbcSection)
        {
            $context['bbc_sections'][$bbcSection] = array(
                'title' => isset($txt['bbc_title_' . $bbcSection]) ? $txt['bbc_title_' . $bbcSection] : $txt['enabled_bbc_select'],
                'disabled' => empty($modSettings['bbc_disabled_' . $bbcSection]) ? array() : $modSettings['bbc_disabled_' . $bbcSection],
                'all_selected' => empty($modSettings['bbc_disabled_' . $bbcSection]),
                'columns' => array(),
            );

            if ($bbcSection == 'legacyBBC')
                $sectionTags = array_intersect($context['legacy_bbc'], $bbcTags);
            else
                $sectionTags = array_diff($bbcTags, $context['legacy_bbc']);

            $totalTags = count($sectionTags);
            $tagsPerColumn = ceil($totalTags / $numColumns);

            $col = 0;
            $i = 0;
            foreach ($sectionTags as $tag)
            {
                if ($i % $tagsPerColumn == 0 && $i != 0)
                    $col++;

                $context['bbc_sections'][$bbcSection]['columns'][$col][] = array(
                    'tag' => $tag,
                    // @todo  'tag_' . ?
                    'show_help' => isset($helptxt[$tag]),
                );

                $i++;
            }
        }
    }

    call_integration_hook('integrate_prepare_db_settings', array(&$config_vars));
    createToken('admin-dbsc');
}

/**
 * Helper function. Saves settings by putting them in Settings.php or saving them in the settings table.
 *
 * - Saves those settings set from ?action=admin;area=serversettings.
 * - Requires the admin_forum permission.
 * - Contains arrays of the types of data to save into Settings.php.
 *
 * @param array $config_vars An array of configuration variables
 */
function saveSettings(&$config_vars)
{
    global $sourcedir, $context;

    validateToken('admin-ssc');

    // Fix the darn stupid cookiename! (more may not be allowed, but these for sure!)
    if (isset($_POST['cookiename']))
        $_POST['cookiename'] = preg_replace('~[,;\s\.$]+~' . ($context['utf8'] ? 'u' : ''), '', $_POST['cookiename']);

    // Fix the forum's URL if necessary.
    if (isset($_POST['boardurl']))
    {
        if (substr($_POST['boardurl'], -10) == '/index.php')
            $_POST['boardurl'] = substr($_POST['boardurl'], 0, -10);
        elseif (substr($_POST['boardurl'], -1) == '/')
            $_POST['boardurl'] = substr($_POST['boardurl'], 0, -1);
        if (substr($_POST['boardurl'], 0, 7) != 'http://' && substr($_POST['boardurl'], 0, 7) != 'file://' && substr($_POST['boardurl'], 0, 8) != 'https://')
            $_POST['boardurl'] = 'http://' . $_POST['boardurl'];
    }

    // Any passwords?
    $config_passwords = array(
        'db_passwd',
        'ssi_db_passwd',
    );

    // All the strings to write.
    $config_strs = array(
        'mtitle', 'mmessage',
        'language', 'mbname', 'boardurl',
        'cookiename',
        'webmaster_email',
        'db_name', 'db_user', 'db_server', 'db_prefix', 'ssi_db_user',
        'boarddir', 'sourcedir',
        'cachedir', 'cachedir_sqlite', 'cache_accelerator', 'cache_memcached',
        'image_proxy_secret',
    );

    // All the numeric variables.
    $config_ints = array(
        'cache_enable',
        'image_proxy_maxsize',
    );

    // All the checkboxes
    $config_bools = array('db_persist', 'db_error_send', 'maintenance', 'image_proxy_enabled');

    // Now sort everything into a big array, and figure out arrays and etc.
    $new_settings = array();
    // Figure out which config vars we're saving here...
    foreach ($config_vars as $var)
    {
        if (!is_array($var) || $var[2] != 'file' || (!in_array($var[0], $config_bools) && !isset($_POST[$var[0]])))
            continue;

        $config_var = $var[0];

        if (in_array($config_var, $config_passwords))
        {
            if (isset($_POST[$config_var][1]) && $_POST[$config_var][0] == $_POST[$config_var][1])
                $new_settings[$config_var] = '\'' . addcslashes($_POST[$config_var][0], '\'\\') . '\'';
        }
        elseif (in_array($config_var, $config_strs))
        {
            $new_settings[$config_var] = '\'' . addcslashes($_POST[$config_var], '\'\\') . '\'';
        }
        elseif (in_array($config_var, $config_ints))
        {
            $new_settings[$config_var] = (int) $_POST[$config_var];

            // If no min is specified, assume 0. This is done to avoid having to specify 'min => 0' for all settings where 0 is the min...
            $min = isset($var['min']) ? $var['min'] : 0;
            $new_settings[$config_var] = max($min, $new_settings[$config_var]);

            // Is there a max value for this as well?
            if (isset($var['max']))
                $new_settings[$config_var] = min($var['max'], $new_settings[$config_var]);
        }
        elseif (in_array($config_var, $config_bools))
        {
            if (!empty($_POST[$config_var]))
                $new_settings[$config_var] = '1';
            else
                $new_settings[$config_var] = '0';
        }
        else
        {
            // This shouldn't happen, but it might...
            fatal_error('Unknown config_var \'' . $config_var . '\'');
        }
    }

    // Save the relevant settings in the Settings.php file.
    require_once($sourcedir . '/Subs-Admin.php');
    updateSettingsFile($new_settings);

    // Now loop through the remaining (database-based) settings.
    $new_settings = array();
    foreach ($config_vars as $config_var)
    {
        // We just saved the file-based settings, so skip their definitions.
        if (!is_array($config_var) || $config_var[2] == 'file')
            continue;

        $new_setting = array($config_var[3], $config_var[0]);

        // Select options need carried over, too.
        if (isset($config_var[4]))
            $new_setting[] = $config_var[4];

        // Include min and max if necessary
        if (isset($config_var['min']))
            $new_setting['min'] = $config_var['min'];

        if (isset($config_var['max']))
            $new_setting['max'] = $config_var['max'];

        // Rewrite the definition a bit.
        $new_settings[] = $new_setting;
    }

    // Save the new database-based settings, if any.
    if (!empty($new_settings))
        saveDBSettings($new_settings);
}

/**
 * Helper function for saving database settings.
 *
 * @todo see rev. 10406 from 2.1-requests
 *
 * @param array $config_vars An array of configuration variables
 */
function saveDBSettings(&$config_vars)
{
    global $sourcedir, $smcFunc;
    static $board_list = null;

    validateToken('admin-dbsc');

    $inlinePermissions = array();
    foreach ($config_vars as $var)
    {
        if (!isset($var[1]) || (!isset($_POST[$var[1]]) && $var[0] != 'check' && $var[0] != 'permissions' && $var[0] != 'boards' && ($var[0] != 'bbc' || !isset($_POST[$var[1] . '_enabledTags']))))
            continue;

        // Checkboxes!
        elseif ($var[0] == 'check')
            $setArray[$var[1]] = !empty($_POST[$var[1]]) ? '1' : '0';
        // Select boxes!
        elseif ($var[0] == 'select' && in_array($_POST[$var[1]], array_keys($var[2])))
            $setArray[$var[1]] = $_POST[$var[1]];
        elseif ($var[0] == 'select' && !empty($var['multiple']) && array_intersect($_POST[$var[1]], array_keys($var[2])) != array())
        {
            // For security purposes we validate this line by line.
            $lOptions = array();
            foreach ($_POST[$var[1]] as $invar)
                if (in_array($invar, array_keys($var[2])))
                    $lOptions[] = $invar;

            $setArray[$var[1]] = $smcFunc['json_encode']($lOptions);
        }
        // List of boards!
        elseif ($var[0] == 'boards')
        {
            // We just need a simple list of valid boards, nothing more.
            if ($board_list === null)
            {
                $board_list = array();
                $request = $smcFunc['db_query']('', '
                    SELECT id_board
                    FROM {db_prefix}boards');

                while ($row = $smcFunc['db_fetch_row']($request))
                    $board_list[$row[0]] = true;

                $smcFunc['db_free_result']($request);
            }

            $lOptions = array();

            if (!empty($_POST[$var[1]]))
                foreach ($_POST[$var[1]] as $invar => $dummy)
                    if (isset($board_list[$invar]))
                        $lOptions[] = $invar;

            $setArray[$var[1]] = !empty($lOptions) ? implode(',', $lOptions) : '';
        }
        // Integers!
        elseif ($var[0] == 'int')
        {
            $setArray[$var[1]] = (int) $_POST[$var[1]];

            // If no min is specified, assume 0. This is done to avoid having to specify 'min => 0' for all settings where 0 is the min...
            $min = isset($var['min']) ? $var['min'] : 0;
            $setArray[$var[1]] = max($min, $setArray[$var[1]]);

            // Do we have a max value for this as well?
            if (isset($var['max']))
                $setArray[$var[1]] = min($var['max'], $setArray[$var[1]]);
        }
        // Floating point!
        elseif ($var[0] == 'float')
        {
            $setArray[$var[1]] = (float) $_POST[$var[1]];

            // If no min is specified, assume 0. This is done to avoid having to specify 'min => 0' for all settings where 0 is the min...
            $min = isset($var['min']) ? $var['min'] : 0;
            $setArray[$var[1]] = max($min, $setArray[$var[1]]);

            // Do we have a max value for this as well?
            if (isset($var['max']))
                $setArray[$var[1]] = min($var['max'], $setArray[$var[1]]);
        }
        // Text!
        elseif (in_array($var[0], array('text', 'large_text', 'color', 'date', 'datetime', 'datetime-local', 'email', 'month', 'time')))
            $setArray[$var[1]] = $_POST[$var[1]];
        // Passwords!
        elseif ($var[0] == 'password')
        {
            if (isset($_POST[$var[1]][1]) && $_POST[$var[1]][0] == $_POST[$var[1]][1])
                $setArray[$var[1]] = $_POST[$var[1]][0];
        }
        // BBC.
        elseif ($var[0] == 'bbc')
        {
            $bbcTags = array();
            foreach (parse_bbc(false) as $tag)
                $bbcTags[] = $tag['tag'];

            if (!isset($_POST[$var[1] . '_enabledTags']))
                $_POST[$var[1] . '_enabledTags'] = array();
            elseif (!is_array($_POST[$var[1] . '_enabledTags']))
                $_POST[$var[1] . '_enabledTags'] = array($_POST[$var[1] . '_enabledTags']);

            $setArray[$var[1]] = implode(',', array_diff($bbcTags, $_POST[$var[1] . '_enabledTags']));
        }
        // Permissions?
        elseif ($var[0] == 'permissions')
            $inlinePermissions[] = $var[1];
    }

    if (!empty($setArray))
        updateSettings($setArray);

    // If we have inline permissions we need to save them.
    if (!empty($inlinePermissions) && allowedTo('manage_permissions'))
    {
        require_once($sourcedir . '/ManagePermissions.php');
        save_inline_permissions($inlinePermissions);
    }
}

/**
 * Allows us to see the servers php settings
 *
 * - loads the settings into an array for display in a template
 * - drops cookie values just in case
 */
function ShowPHPinfoSettings()
{
    global $context, $txt;

    $category = $txt['phpinfo_settings'];

    // get the data
    ob_start();
    phpinfo();

    // We only want it for its body, pigs that we are
    $info_lines = preg_replace('~^.*<body>(.*)</body>.*$~', '$1', ob_get_contents());
    $info_lines = explode("\n", strip_tags($info_lines, "<tr><td><h2>"));
    ob_end_clean();

    // remove things that could be considered sensitive
    $remove = '_COOKIE|Cookie|_GET|_REQUEST|REQUEST_URI|QUERY_STRING|REQUEST_URL|HTTP_REFERER';

    // put all of it into an array
    foreach ($info_lines as $line)
    {
        if (preg_match('~(' . $remove . ')~', $line))
            continue;

        // new category?
        if (strpos($line, '<h2>') !== false)
            $category = preg_match('~<h2>(.*)</h2>~', $line, $title) ? $category = $title[1] : $category;

        // load it as setting => value or the old setting local master
        if (preg_match('~<tr><td[^>]+>([^<]*)</td><td[^>]+>([^<]*)</td></tr>~', $line, $val))
            $pinfo[$category][$val[1]] = $val[2];
        elseif (preg_match('~<tr><td[^>]+>([^<]*)</td><td[^>]+>([^<]*)</td><td[^>]+>([^<]*)</td></tr>~', $line, $val))
            $pinfo[$category][$val[1]] = array($txt['phpinfo_localsettings'] => $val[2], $txt['phpinfo_defaultsettings'] => $val[3]);
    }

    // load it in to context and display it
    $context['pinfo'] = $pinfo;
    $context['page_title'] = $txt['admin_server_settings'];
    $context['sub_template'] = 'php_info';
    return;
}

/**
 * Get the installed Cache API implementations.
 *
 */
function loadCacheAPIs()
{
    global $sourcedir, $txt;

    // Make sure our class is in session.
    require_once($sourcedir . '/Class-CacheAPI.php');

    $apis = array();
    if ($dh = opendir($sourcedir))
    {
        while (($file = readdir($dh)) !== false)
        {
            if (is_file($sourcedir . '/' . $file) && preg_match('~^CacheAPI-([A-Za-z\d_]+)\.php$~', $file, $matches))
            {
                $tryCache = strtolower($matches[1]);

                require_once($sourcedir . '/' . $file);
                $cache_class_name = $tryCache . '_cache';
                $testAPI = new $cache_class_name();

                // No Support?  NEXT!
                if (!$testAPI->isSupported(true))
                    continue;

                $apis[$tryCache] = isset($txt[$tryCache . '_cache']) ? $txt[$tryCache . '_cache'] : $tryCache;
            }
        }
    }
    closedir($dh);

    return $apis;
}

/**
 * Registers the site with the Simple Machines Stat collection. This function
 * purposely does not use updateSettings.php as it will be called shortly after
 * this process completes by the saveSettings() function.
 *
 * See Stats.php SMStats() for more information.
 * @link https://www.simplemachines.org/about/stats.php for more info.
 *
 */
function registerSMStats()
{
    global $modSettings, $boardurl, $smcFunc;

    // Already have a key?  Can't register again.
    if (!empty($modSettings['sm_stats_key']))
        return true;

    $fp = @fsockopen('www.simplemachines.org', 80, $errno, $errstr);
    if ($fp)
    {
        $out = 'GET /smf/stats/register_stats.php?site=' . base64_encode($boardurl) . ' HTTP/1.1' . "\r\n";
        $out .= 'Host: www.simplemachines.org' . "\r\n";
        $out .= 'Connection: Close' . "\r\n\r\n";
        fwrite($fp, $out);

        $return_data = '';
        while (!feof($fp))
            $return_data .= fgets($fp, 128);

        fclose($fp);

        // Get the unique site ID.
        preg_match('~SITE-ID:\s(\w{10})~', $return_data, $ID);

        if (!empty($ID[1]))
        {
            $smcFunc['db_insert']('replace',
                '{db_prefix}settings',
                array('variable' => 'string', 'value' => 'string'),
                array('sm_stats_key', $ID[1]),
                array('variable')
            );
            return true;
        }
    }

    return false;
}

?>