mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-08-22 08:13:14 +02:00
Code Issues Releases Wiki Activity

This commit was manufactured by cvs2svn to create tag

Browse Source 
'release_2_0_13'.

git-svn-id: file:///svn/phpbb/tags/release_2_0_13@5098 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
(no author)
2005-02-27 23:26:08 +00:00
parent 212515e02c
commit 12b8694b03
951 changed files with 10547 additions and 57144 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
phpBB/admin/admin_board.php
View File

@@ -16,16 +16,16 @@ define('IN_PHPBB', 1);
if( !empty($setmodules) )
{
$file = basename(__FILE__);
$module['General']['Configuration'] = "$file?mode=config";
$module['General']['Configuration'] = "$file";
return;
}
//
// Let's set the root dir for phpBB
//
$phpbb_root_path = "../";
$phpbb_root_path = "./../";
require($phpbb_root_path . 'extension.inc');
require('pagestart.' . $phpEx);
require('./pagestart.' . $phpEx);
include($phpbb_root_path . 'includes/functions_selects.'.$phpEx);
//
@@ -43,10 +43,15 @@ else
{
$config_name = $row['config_name'];
$config_value = $row['config_value'];
$default_config[$config_name] = $config_value;
$default_config[$config_name] = isset($HTTP_POST_VARS['submit']) ? str_replace("'", "\'", $config_value) : $config_value;
$new[$config_name] = ( isset($HTTP_POST_VARS[$config_name]) ) ? $HTTP_POST_VARS[$config_name] : $default_config[$config_name];
if ($config_name == 'cookie_name')
{
$cookie_name = str_replace('.', '_', $new['cookie_name']);
}
if( isset($HTTP_POST_VARS['submit']) )
{
$sql = "UPDATE " . CONFIG_TABLE . " SET
@@ -68,7 +73,7 @@ else
}
$style_select = style_select($new['default_style'], 'default_style', "../templates");
$lang_select = language_select($new['default_lang'], 'default_lang', "../language");
$lang_select = language_select($new['default_lang'], 'default_lang', "language");
$timezone_select = tz_select($new['board_timezone'], 'board_timezone');
$disable_board_yes = ( $new['board_disable'] ) ? "checked=\"checked\"" : "";
@@ -92,6 +97,9 @@ $activation_none = ( $new['require_activation'] == USER_ACTIVATION_NONE ) ? "che
$activation_user = ( $new['require_activation'] == USER_ACTIVATION_SELF ) ? "checked=\"checked\"" : "";
$activation_admin = ( $new['require_activation'] == USER_ACTIVATION_ADMIN ) ? "checked=\"checked\"" : "";
$confirm_yes = ($new['enable_confirm']) ? 'checked="checked"' : '';
$confirm_no = (!$new['enable_confirm']) ? 'checked="checked"' : '';
$board_email_form_yes = ( $new['board_email_form'] ) ? "checked=\"checked\"" : "";
$board_email_form_no = ( !$new['board_email_form'] ) ? "checked=\"checked\"" : "";
@@ -155,6 +163,8 @@ $template->assign_vars(array(
"L_NONE" => $lang['Acc_None'],
"L_USER" => $lang['Acc_User'],
"L_ADMIN" => $lang['Acc_Admin'],
"L_VISUAL_CONFIRM" => $lang['Visual_confirm'],
"L_VISUAL_CONFIRM_EXPLAIN" => $lang['Visual_confirm_explain'],
"L_COOKIE_SETTINGS" => $lang['Cookie_settings'],
"L_COOKIE_SETTINGS_EXPLAIN" => $lang['Cookie_settings_explain'],
"L_COOKIE_DOMAIN" => $lang['Cookie_domain'],
@@ -242,6 +252,9 @@ $template->assign_vars(array(
"ACTIVATION_USER_CHECKED" => $activation_user,
"ACTIVATION_ADMIN" => USER_ACTIVATION_ADMIN,
"ACTIVATION_ADMIN_CHECKED" => $activation_admin,
"CONFIRM_ENABLE" => $confirm_yes,
"CONFIRM_DISABLE" => $confirm_no,
"ACTIVATION_NONE_CHECKED" => $activation_none,
"BOARD_EMAIL_FORM_ENABLE" => $board_email_form_yes,
"BOARD_EMAIL_FORM_DISABLE" => $board_email_form_no,
"MAX_POLL_OPTIONS" => $new['max_poll_options'],
@@ -311,6 +324,6 @@ $template->assign_vars(array(
$template->pparse("body");
include('page_footer_admin.'.$phpEx);
include('./page_footer_admin.'.$phpEx);
?>

238
phpBB/admin/admin_db_utilities.php
View File

@@ -34,15 +34,10 @@ if( !empty($setmodules) )
{
$filename = basename(__FILE__);
$module['General']['Backup_DB'] = $filename . "?perform=backup";
if(@phpversion() >= '4.0.0')
{
$file_uploads = @ini_get('file_uploads');
}
else
{
$file_uploads = @get_cfg_var('file_uploads');
}
if( ($file_uploads != 0 || empty($file_uploads)) && (strtolower($file_uploads) != 'off') && (@phpversion() != '4.0.4pl1') )
$file_uploads = (@phpversion() >= '4.0.0') ? @ini_get('file_uploads') : @get_cfg_var('file_uploads');
if( (empty($file_uploads) || $file_uploads != 0) && (strtolower($file_uploads) != 'off') && (@phpversion() != '4.0.4pl1') )
{
$module['General']['Restore_DB'] = $filename . "?perform=restore";
}
@@ -54,9 +49,9 @@ if( !empty($setmodules) )
// Load default header
//
$no_page_header = TRUE;
$phpbb_root_path = "../";
$phpbb_root_path = "./../";
require($phpbb_root_path . 'extension.inc');
require('pagestart.' . $phpEx);
require('./pagestart.' . $phpEx);
include($phpbb_root_path . 'includes/sql_parse.'.$phpEx);
//
@@ -375,7 +370,7 @@ function get_table_def_mysql($table, $crlf)
// Ok lets grab the fields...
//
$result = $db->sql_query($field_query);
if(!result)
if(!$result)
{
message_die(GENERAL_ERROR, "Failed in get_table_def (show fields)", "", __LINE__, __FILE__, $field_query);
}
@@ -571,86 +566,69 @@ function get_table_content_postgresql($table, $handler)
function get_table_content_mysql($table, $handler)
{
global $db;
//
// Grab the data from the table.
//
$result = $db->sql_query("SELECT * FROM $table");
if (!$result)
// Grab the data from the table.
if (!($result = $db->sql_query("SELECT * FROM $table")))
{
message_die(GENERAL_ERROR, "Failed in get_table_content (select *)", "", __LINE__, __FILE__, "SELECT * FROM $table");
}
if($db->sql_numrows($result) > 0)
{
$schema_insert = "\n#\n# Table Data for $table\n#\n";
}
else
{
$schema_insert = "";
}
$handler($schema_insert);
//
// Loop through the resulting rows and build the sql statement.
//
while ($row = $db->sql_fetchrow($result))
if ($row = $db->sql_fetchrow($result))
{
$table_list = '(';
$num_fields = $db->sql_numfields($result);
//
// Grab the list of field names.
//
for ($j = 0; $j < $num_fields; $j++)
{
$table_list .= $db->sql_fieldname($j, $result) . ', ';
}
//
// Get rid of the last comma
//
$table_list = ereg_replace(', $', '', $table_list);
$table_list .= ')';
//
// Start building the SQL statement.
//
$schema_insert = "INSERT INTO $table $table_list VALUES(";
//
// Loop through the rows and fill in data for each column
//
for ($j = 0; $j < $num_fields; $j++)
{
if(!isset($row[$j]))
{
//
// If there is no data for the column set it to null.
// There was a problem here with an extra space causing the
// sql file not to reimport if the last column was null in
// any table. Should be fixed now :) JLH
//
$schema_insert .= ' NULL,';
}
elseif ($row[$j] != '')
{
$schema_insert .= ' \'' . addslashes($row[$j]) . '\',';
}
else
{
$schema_insert .= '\'\',';
}
}
//
// Get rid of the the last comma.
//
$schema_insert = ereg_replace(',$', '', $schema_insert);
$schema_insert .= ');';
//
// Go ahead and send the insert statement to the handler function.
//
$handler(trim($schema_insert));
$handler("\n#\n# Table Data for $table\n#\n");
$field_names = array();
// Grab the list of field names.
$num_fields = $db->sql_numfields($result);
$table_list = '(';
for ($j = 0; $j < $num_fields; $j++)
{
$field_names[$j] = $db->sql_fieldname($j, $result);
$table_list .= (($j > 0) ? ', ' : '') . $field_names[$j];
}
$table_list .= ')';
do
{
// Start building the SQL statement.
$schema_insert = "INSERT INTO $table $table_list VALUES(";
// Loop through the rows and fill in data for each column
for ($j = 0; $j < $num_fields; $j++)
{
$schema_insert .= ($j > 0) ? ', ' : '';
if(!isset($row[$field_names[$j]]))
{
//
// If there is no data for the column set it to null.
// There was a problem here with an extra space causing the
// sql file not to reimport if the last column was null in
// any table. Should be fixed now :) JLH
//
$schema_insert .= 'NULL';
}
elseif ($row[$field_names[$j]] != '')
{
$schema_insert .= '\'' . addslashes($row[$field_names[$j]]) . '\'';
}
else
{
$schema_insert .= '\'\'';
}
}
$schema_insert .= ');';
// Go ahead and send the insert statement to the handler function.
$handler(trim($schema_insert));
}
while ($row = $db->sql_fetchrow($result));
}
return(true);
}
@@ -671,7 +649,6 @@ function output_table_content($content)
//
// Begin program proper
//
if( isset($HTTP_GET_VARS['perform']) || isset($HTTP_POST_VARS['perform']) )
{
$perform = (isset($HTTP_POST_VARS['perform'])) ? $HTTP_POST_VARS['perform'] : $HTTP_GET_VARS['perform'];
@@ -680,22 +657,27 @@ if( isset($HTTP_GET_VARS['perform']) || isset($HTTP_POST_VARS['perform']) )
{
case 'backup':
if( SQL_LAYER == 'oracle' || SQL_LAYER == 'odbc' || SQL_LAYER == 'mssql' )
$error = false;
switch(SQL_LAYER)
{
switch(SQL_LAYER)
{
case 'oracle':
$db_type = "Oracle";
break;
case 'odbc':
$db_type = "ODBC";
break;
case 'mssql':
$db_type = "MSSQL";
break;
}
case 'oracle':
$error = true;
break;
case 'db2':
$error = true;
break;
case 'msaccess':
$error = true;
break;
case 'mssql':
case 'mssql-odbc':
$error = true;
break;
}
include('page_header_admin.'.$phpEx);
if ($error)
{
include('./page_header_admin.'.$phpEx);
$template->set_filenames(array(
"body" => "admin/admin_message_body.tpl")
@@ -708,11 +690,10 @@ if( isset($HTTP_GET_VARS['perform']) || isset($HTTP_POST_VARS['perform']) )
$template->pparse("body");
break;
include('./page_footer_admin.'.$phpEx);
}
$tables = array('auth_access', 'banlist', 'categories', 'config', 'disallow', 'forums', 'forum_prune', 'groups', 'posts', 'posts_text', 'privmsgs', 'privmsgs_text', 'ranks', 'search_results', 'search_results', 'search_wordlist', 'search_wordmatch', 'sessions', 'smilies', 'themes', 'themes_name', 'topics', 'topics_watch', 'user_group', 'users', 'vote_desc', 'vote_results', 'vote_voters', 'words');
$tables = array('auth_access', 'banlist', 'categories', 'config', 'disallow', 'forums', 'forum_prune', 'groups', 'posts', 'posts_text', 'privmsgs', 'privmsgs_text', 'ranks', 'search_results', 'search_wordlist', 'search_wordmatch', 'sessions', 'smilies', 'themes', 'themes_name', 'topics', 'topics_watch', 'user_group', 'users', 'vote_desc', 'vote_results', 'vote_voters', 'words', 'confirm');
$additional_tables = (isset($HTTP_POST_VARS['additional_tables'])) ? $HTTP_POST_VARS['additional_tables'] : ( (isset($HTTP_GET_VARS['additional_tables'])) ? $HTTP_GET_VARS['additional_tables'] : "" );
@@ -720,6 +701,8 @@ if( isset($HTTP_GET_VARS['perform']) || isset($HTTP_POST_VARS['perform']) )
$gzipcompress = (!empty($HTTP_POST_VARS['gzipcompress'])) ? $HTTP_POST_VARS['gzipcompress'] : ( (!empty($HTTP_GET_VARS['gzipcompress'])) ? $HTTP_GET_VARS['gzipcompress'] : 0 );
$drop = (!empty($HTTP_POST_VARS['drop'])) ? intval($HTTP_POST_VARS['drop']) : ( (!empty($HTTP_GET_VARS['drop'])) ? intval($HTTP_GET_VARS['drop']) : 0 );
if(!empty($additional_tables))
{
if(ereg(",", $additional_tables))
@@ -740,12 +723,11 @@ if( isset($HTTP_GET_VARS['perform']) || isset($HTTP_POST_VARS['perform']) )
if( !isset($HTTP_POST_VARS['backupstart']) && !isset($HTTP_GET_VARS['backupstart']))
{
include('page_header_admin.'.$phpEx);
include('./page_header_admin.'.$phpEx);
$template->set_filenames(array(
"body" => "admin/db_utils_backup_body.tpl")
);
);
$s_hidden_fields = "<input type=\"hidden\" name=\"perform\" value=\"backup\" /><input type=\"hidden\" name=\"drop\" value=\"1\" /><input type=\"hidden\" name=\"perform\" value=\"$perform\" />";
$template->assign_vars(array(
@@ -771,22 +753,26 @@ if( isset($HTTP_GET_VARS['perform']) || isset($HTTP_POST_VARS['perform']) )
}
else if( !isset($HTTP_POST_VARS['startdownload']) && !isset($HTTP_GET_VARS['startdownload']) )
{
if(is_array($additional_tables))
{
$additional_tables = implode(',', $additional_tables);
}
$template->set_filenames(array(
"body" => "admin/admin_message_body.tpl")
);
$template->assign_vars(array(
"META" => "<meta http-equiv=\"refresh\" content=\"0;url=admin_db_utilities.$phpEx?perform=backup&amp;additional_tables=" . quotemeta($additional_tables) . "&amp;backup_type=$backup_type&amp;drop=1&amp;backupstart=1&amp;gzipcompress=$gzipcompress&amp;startdownload=1\">",
"META" => '<meta http-equiv="refresh" content="2;url=' . append_sid("admin_db_utilities.$phpEx?perform=backup&additional_tables=" . quotemeta($additional_tables) . "&backup_type=$backup_type&drop=1&amp;backupstart=1&gzipcompress=$gzipcompress&startdownload=1") . '">',
"MESSAGE_TITLE" => $lang['Database_Utilities'] . " : " . $lang['Backup'],
"MESSAGE_TEXT" => $lang['Backup_download'])
);
include('page_header_admin.php');
include('./page_header_admin.'.$phpEx);
$template->pparse("body");
include('page_footer_admin.'.$phpEx);
include('./page_footer_admin.'.$phpEx);
}
header("Pragma: no-cache");
@@ -807,7 +793,7 @@ if( isset($HTTP_GET_VARS['perform']) || isset($HTTP_POST_VARS['perform']) )
{
@ob_start();
@ob_implicit_flush(0);
header("Content-Type: text/x-delimtext; name=\"phpbb_db_backup.sql.gz\"");
header("Content-Type: application/x-gzip; name=\"phpbb_db_backup.sql.gz\"");
header("Content-disposition: attachment; filename=phpbb_db_backup.sql.gz");
}
else
@@ -832,15 +818,19 @@ if( isset($HTTP_GET_VARS['perform']) || isset($HTTP_POST_VARS['perform']) )
for($i = 0; $i < count($tables); $i++)
{
$table_name = $tables[$i];
if(SQL_LAYER != 'mysql4')
switch (SQL_LAYER)
{
$table_def_function = "get_table_def_" . SQL_LAYER;
$table_content_function = "get_table_content_" . SQL_LAYER;
}
else
{
$table_def_function = "get_table_def_mysql";
$table_content_function = "get_table_content_mysql";
case 'postgresql':
$table_def_function = "get_table_def_postgresql";
$table_content_function = "get_table_content_postgresql";
break;
case 'mysql':
case 'mysql4':
$table_def_function = "get_table_def_mysql";
$table_content_function = "get_table_content_mysql";
break;
}
if($backup_type != 'data')
@@ -868,12 +858,12 @@ if( isset($HTTP_GET_VARS['perform']) || isset($HTTP_POST_VARS['perform']) )
break;
case 'restore':
if(!isset($restore_start))
if(!isset($HTTP_POST_VARS['restore_start']))
{
//
// Define Template files...
//
include('page_header_admin.'.$phpEx);
include('./page_header_admin.'.$phpEx);
$template->set_filenames(array(
"body" => "admin/db_utils_restore_body.tpl")
@@ -907,7 +897,6 @@ if( isset($HTTP_GET_VARS['perform']) || isset($HTTP_POST_VARS['perform']) )
if($backup_file_tmpname == "" || $backup_file_name == "")
{
include('page_header_admin.'.$phpEx);
message_die(GENERAL_MESSAGE, $lang['Restore_Error_no_file']);
}
//
@@ -916,7 +905,7 @@ if( isset($HTTP_GET_VARS['perform']) || isset($HTTP_POST_VARS['perform']) )
// a hackers attempt at getting us to process a local system
// file.
//
if( file_exists($backup_file_tmpname) )
if( file_exists(phpbb_realpath($backup_file_tmpname)) )
{
if( preg_match("/^(text\/[a-zA-Z]+)|(application\/(x\-)?gzip(\-compressed)?)|(application\/octet-stream)$/is", $backup_file_type) )
{
@@ -943,7 +932,6 @@ if( isset($HTTP_GET_VARS['perform']) || isset($HTTP_POST_VARS['perform']) )
}
else
{
include('page_header_admin.'.$phpEx);
message_die(GENERAL_ERROR, $lang['Restore_Error_decompress']);
}
}
@@ -958,13 +946,11 @@ if( isset($HTTP_GET_VARS['perform']) || isset($HTTP_POST_VARS['perform']) )
}
else
{
include('page_header_admin.'.$phpEx);
message_die(GENERAL_ERROR, $lang['Restore_Error_filename'] ." $backup_file_type $backup_file_name");
}
}
else
{
include('page_header_admin.'.$phpEx);
message_die(GENERAL_ERROR, $lang['Restore_Error_uploading']);
}
@@ -991,15 +977,13 @@ if( isset($HTTP_GET_VARS['perform']) || isset($HTTP_POST_VARS['perform']) )
if(!$result && ( !(SQL_LAYER == 'postgresql' && eregi("drop table", $sql) ) ) )
{
//include('page_header_admin.'.$phpEx);
// echo "~~$sql~~";
message_die(GENERAL_ERROR, "Error importing backup file", "", __LINE__, __FILE__, $sql);
}
}
}
}
include('page_header_admin.'.$phpEx);
include('./page_header_admin.'.$phpEx);
$template->set_filenames(array(
"body" => "admin/admin_message_body.tpl")
@@ -1019,6 +1003,6 @@ if( isset($HTTP_GET_VARS['perform']) || isset($HTTP_POST_VARS['perform']) )
}
}
include('page_footer_admin.'.$phpEx);
include('./page_footer_admin.'.$phpEx);
?>

15
phpBB/admin/admin_disallow.php
View File

@@ -33,17 +33,20 @@ if( !empty($setmodules) )
//
// Include required files, get $phpEx and check permissions
//
$phpbb_root_path = "../";
$phpbb_root_path = "./../";
require($phpbb_root_path . 'extension.inc');
require('pagestart.' . $phpEx);
require('./pagestart.' . $phpEx);
if( isset($HTTP_POST_VARS['add_name']) )
{
include($phpbb_root_path . 'includes/functions_validate.'.$phpEx);
$disallowed_user = ( isset($HTTP_POST_VARS['disallowed_user']) ) ? $HTTP_POST_VARS['disallowed_user'] : $HTTP_GET_VARS['disallowed_user'];
$disallowed_user = preg_replace( '/\*/', '%', $disallowed_user );
$disallowed_user = ( isset($HTTP_POST_VARS['disallowed_user']) ) ? trim($HTTP_POST_VARS['disallowed_user']) : trim($HTTP_GET_VARS['disallowed_user']);
if ($disallowed_user == '')
{
message_die(MESSAGE, $lang['Fields_empty']);
}
if( !validate_username($disallowed_user) )
{
$message = $lang['Disallowed_already'];
@@ -110,8 +113,6 @@ else
$user = array();
for( $i = 0; $i < count($disallowed); $i++ )
{
$disallowed[$i]['disallow_username'] = preg_replace('/%/', '*', $disallowed[$i]['disallow_username']);
$disallow_select .= '<option value="' . $disallowed[$i]['disallow_id'] . '">' . $disallowed[$i]['disallow_username'] . '</option>';
}
}
@@ -140,4 +141,6 @@ $template->assign_vars(array(
$template->pparse("body");
include('./page_footer_admin.'.$phpEx);
?>

11
phpBB/admin/admin_forum_prune.php
View File

@@ -32,9 +32,9 @@ if ( !empty($setmodules) )
//
// Load default header
//
$phpbb_root_path = '../';
$phpbb_root_path = "./../";
require($phpbb_root_path . 'extension.inc');
require('pagestart.' . $phpEx);
require('./pagestart.' . $phpEx);
require($phpbb_root_path . 'includes/prune.'.$phpEx);
require($phpbb_root_path . 'includes/functions_admin.'.$phpEx);
@@ -168,9 +168,9 @@ else
$forum_name = ( $forum_id == -1 ) ? $lang['All_Forums'] : $forum_rows[0]['forum_name'];
$prune_data = $lang['Prune_topics_not_posted'] . " ";
$prune_data .= '<input type="text" name="prunedays" size="4"> ' . $lang['Days'];
$prune_data .= '<input class="post" type="text" name="prunedays" size="4"> ' . $lang['Days'];
$hidden_input = '<input type="hidden" name="' . POST_FORUM_URL . '" value="' . $forum_id . '">';
$hidden_input = '<input type="hidden" name="' . POST_FORUM_URL . '" value="' . $forum_id . '" />';
//
// Assign the template variables.
@@ -178,6 +178,7 @@ else
$template->assign_vars(array(
'FORUM_NAME' => $forum_name,
'L_FORUM' => $lang['Forum'],
'L_FORUM_PRUNE' => $lang['Forum_Prune'],
'L_FORUM_PRUNE_EXPLAIN' => $lang['Forum_Prune_explain'],
'L_DO_PRUNE' => $lang['Do_Prune'],
@@ -193,6 +194,6 @@ else
//
$template->pparse('body');
include('page_footer_admin.'.$phpEx);
include('./page_footer_admin.'.$phpEx);
?>

169
phpBB/admin/admin_forumauth.php
View File

@@ -34,9 +34,9 @@ if( !empty($setmodules) )
// Load default header
//
$no_page_header = TRUE;
$phpbb_root_path = "../";
$phpbb_root_path = './../';
require($phpbb_root_path . 'extension.inc');
require('pagestart.' . $phpEx);
require('./pagestart.' . $phpEx);
//
// Start program - define vars
@@ -52,23 +52,23 @@ $simple_auth_ary = array(
6 => array(AUTH_MOD, AUTH_MOD, AUTH_MOD, AUTH_MOD, AUTH_MOD, AUTH_MOD, AUTH_MOD, AUTH_MOD, AUTH_MOD, AUTH_MOD),
);
$simple_auth_types = array($lang['Public'], $lang['Registered'], $lang['Registered'] . " [" . $lang['Hidden'] . "]", $lang['Private'], $lang['Private'] . " [" . $lang['Hidden'] . "]", $lang['Moderators'], $lang['Moderators'] . " [" . $lang['Hidden'] . "]");
$simple_auth_types = array($lang['Public'], $lang['Registered'], $lang['Registered'] . ' [' . $lang['Hidden'] . ']', $lang['Private'], $lang['Private'] . ' [' . $lang['Hidden'] . ']', $lang['Moderators'], $lang['Moderators'] . ' [' . $lang['Hidden'] . ']');
$forum_auth_fields = array("auth_view", "auth_read", "auth_post", "auth_reply", "auth_edit", "auth_delete", "auth_sticky", "auth_announce", "auth_vote", "auth_pollcreate");
$forum_auth_fields = array('auth_view', 'auth_read', 'auth_post', 'auth_reply', 'auth_edit', 'auth_delete', 'auth_sticky', 'auth_announce', 'auth_vote', 'auth_pollcreate');
$field_names = array(
"auth_view" => $lang['View'],
"auth_read" => $lang['Read'],
"auth_post" => $lang['Post'],
"auth_reply" => $lang['Reply'],
"auth_edit" => $lang['Edit'],
"auth_delete" => $lang['Delete'],
"auth_sticky" => $lang['Sticky'],
"auth_announce" => $lang['Announce'],
"auth_vote" => $lang['Vote'],
"auth_pollcreate" => $lang['Pollcreate']);
'auth_view' => $lang['View'],
'auth_read' => $lang['Read'],
'auth_post' => $lang['Post'],
'auth_reply' => $lang['Reply'],
'auth_edit' => $lang['Edit'],
'auth_delete' => $lang['Delete'],
'auth_sticky' => $lang['Sticky'],
'auth_announce' => $lang['Announce'],
'auth_vote' => $lang['Vote'],
'auth_pollcreate' => $lang['Pollcreate']);
$forum_auth_levels = array("ALL", "REG", "PRIVATE", "MOD", "ADMIN");
$forum_auth_levels = array('ALL', 'REG', 'PRIVATE', 'MOD', 'ADMIN');
$forum_auth_const = array(AUTH_ALL, AUTH_REG, AUTH_ACL, AUTH_MOD, AUTH_ADMIN);
if(isset($HTTP_GET_VARS[POST_FORUM_URL]) || isset($HTTP_POST_VARS[POST_FORUM_URL]))
@@ -79,7 +79,7 @@ if(isset($HTTP_GET_VARS[POST_FORUM_URL]) || isset($HTTP_POST_VARS[POST_FORUM_URL
else
{
unset($forum_id);
$forum_sql = "";
$forum_sql = '';
}
if( isset($HTTP_GET_VARS['adv']) )
@@ -96,66 +96,58 @@ else
//
if( isset($HTTP_POST_VARS['submit']) )
{
$sql = "";
$sql = '';
if(!empty($forum_id))
{
$sql = "UPDATE " . FORUMS_TABLE . " SET ";
if(isset($HTTP_POST_VARS['simpleauth']))
{
$simple_ary = $simple_auth_ary[$HTTP_POST_VARS['simpleauth']];
$simple_ary = $simple_auth_ary[intval($HTTP_POST_VARS['simpleauth'])];
for($i = 0; $i < count($simple_ary); $i++)
{
$sql .= $forum_auth_fields[$i] . " = " . $simple_ary[$i];
if($i < count($simple_ary) - 1)
{
$sql .= ", ";
}
$sql .= ( ( $sql != '' ) ? ', ' : '' ) . $forum_auth_fields[$i] . ' = ' . $simple_ary[$i];
}
$sql .= " WHERE forum_id = $forum_id";
if (is_array($simple_ary))
{
$sql = "UPDATE " . FORUMS_TABLE . " SET $sql WHERE forum_id = $forum_id";
}
}
else
{
for($i = 0; $i < count($forum_auth_fields); $i++)
{
$value = $HTTP_POST_VARS[$forum_auth_fields[$i]];
$value = intval($HTTP_POST_VARS[$forum_auth_fields[$i]]);
if($forum_auth_fields[$i] == 'auth_vote')
if ( $forum_auth_fields[$i] == 'auth_vote' )
{
if( $HTTP_POST_VARS['auth_vote'] == AUTH_ALL )
if ( $HTTP_POST_VARS['auth_vote'] == AUTH_ALL )
{
$value = AUTH_REG;
}
}
$sql .= $forum_auth_fields[$i] . " = " . $value;
if($i < count($forum_auth_fields) - 1)
{
$sql .= ", ";
}
$sql .= ( ( $sql != '' ) ? ', ' : '' ) .$forum_auth_fields[$i] . ' = ' . $value;
}
$sql .= " WHERE forum_id = $forum_id";
$sql = "UPDATE " . FORUMS_TABLE . " SET $sql WHERE forum_id = $forum_id";
}
if($sql != "")
if ( $sql != '' )
{
if(!$db->sql_query($sql))
if ( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, "Couldn't update auth table!", "", __LINE__, __FILE__, $sql);
message_die(GENERAL_ERROR, 'Could not update auth table', '', __LINE__, __FILE__, $sql);
}
}
$forum_sql = "";
$forum_sql = '';
$adv = 0;
}
$template->assign_vars(array(
"META" => '<meta http-equiv="refresh" content="3;url=' . append_sid("admin_forumauth.$phpEx?" . POST_FORUM_URL . "=$forum_id") . '">')
'META' => '<meta http-equiv="refresh" content="3;url=' . append_sid("admin_forumauth.$phpEx?" . POST_FORUM_URL . "=$forum_id") . '">')
);
$message = $lang['Forum_auth_updated'] . '<br /><br />' . sprintf($lang['Click_return_forumauth'], '<a href="' . append_sid("admin_forumauth.$phpEx") . '">', "</a>");
message_die(GENERAL_MESSAGE, $message);
@@ -187,7 +179,7 @@ if( empty($forum_id) )
// specified
//
$template->set_filenames(array(
"body" => "admin/auth_select_body.tpl")
'body' => 'admin/auth_select_body.tpl')
);
$select_list = '<select name="' . POST_FORUM_URL . '">';
@@ -198,13 +190,13 @@ if( empty($forum_id) )
$select_list .= '</select>';
$template->assign_vars(array(
"L_AUTH_TITLE" => $lang['Auth_Control_Forum'],
"L_AUTH_EXPLAIN" => $lang['Forum_auth_explain'],
"L_AUTH_SELECT" => $lang['Select_a_Forum'],
"L_LOOK_UP" => $lang['Look_up_Forum'],
'L_AUTH_TITLE' => $lang['Auth_Control_Forum'],
'L_AUTH_EXPLAIN' => $lang['Forum_auth_explain'],
'L_AUTH_SELECT' => $lang['Select_a_Forum'],
'L_LOOK_UP' => $lang['Look_up_Forum'],
"S_AUTH_ACTION" => append_sid("admin_forumauth.$phpEx"),
"S_AUTH_SELECT" => $select_list)
'S_AUTH_ACTION' => append_sid("admin_forumauth.$phpEx"),
'S_AUTH_SELECT' => $select_list)
);
}
@@ -215,7 +207,7 @@ else
// specified
//
$template->set_filenames(array(
"body" => "admin/auth_forum_body.tpl")
'body' => 'admin/auth_forum_body.tpl')
);
$forum_name = $forum_rows[0]['forum_name'];
@@ -244,38 +236,30 @@ else
// If we didn't get a match above then we
// automatically switch into 'advanced' mode
//
if(!isset($adv) && !$matched)
if ( !isset($adv) && !$matched )
{
$adv = 1;
}
$s_column_span == 0;
if( empty($adv) )
if ( empty($adv) )
{
$simple_auth = "<select name=\"simpleauth\">";
$simple_auth = '<select name="simpleauth">';
for($j = 0; $j < count($simple_auth_types); $j++)
{
if($matched_type == $j)
{
$simple_auth .= "<option value=\"$j\" selected>";
$simple_auth .= $simple_auth_types[$j];
$simple_auth .= "</option>";
}
else
{
$simple_auth .= "<option value=\"$j\">" . $simple_auth_types[$j] . "</option>";
}
$selected = ( $matched_type == $j ) ? ' selected="selected"' : '';
$simple_auth .= '<option value="' . $j . '"' . $selected . '>' . $simple_auth_types[$j] . '</option>';
}
$simple_auth .= "</select>";
$simple_auth .= '</select>';
$template->assign_block_vars("forum_auth_titles", array(
"CELL_TITLE" => $lang['Simple_mode'])
$template->assign_block_vars('forum_auth_titles', array(
'CELL_TITLE' => $lang['Simple_mode'])
);
$template->assign_block_vars("forum_auth_data", array(
"S_AUTH_LEVELS_SELECT" => $simple_auth)
$template->assign_block_vars('forum_auth_data', array(
'S_AUTH_LEVELS_SELECT' => $simple_auth)
);
$s_column_span++;
@@ -288,37 +272,29 @@ else
//
for($j = 0; $j < count($forum_auth_fields); $j++)
{
$custom_auth[$j] = "&nbsp;<select name=\"" . $forum_auth_fields[$j] . "\">";
$custom_auth[$j] = '&nbsp;<select name="' . $forum_auth_fields[$j] . '">';
for($k = 0; $k < count($forum_auth_levels); $k++)
{
if ( $forum_rows[0][$forum_auth_fields[$j]] == $forum_auth_const[$k] )
{
$custom_auth[$j] .= "<option value=\"" . $forum_auth_const[$k] . "\" selected>";
$custom_auth[$j] .= $lang['Forum_' . $forum_auth_levels[$k]];
$custom_auth[$j] .= "</option>";
}
else
{
$custom_auth[$j] .= "<option value=\"" . $forum_auth_const[$k] . "\">". $lang['Forum_' . $forum_auth_levels[$k]] . "</option>";
}
$selected = ( $forum_rows[0][$forum_auth_fields[$j]] == $forum_auth_const[$k] ) ? ' selected="selected"' : '';
$custom_auth[$j] .= '<option value="' . $forum_auth_const[$k] . '"' . $selected . '>' . $lang['Forum_' . $forum_auth_levels[$k]] . '</option>';
}
$custom_auth[$j] .= "</select>&nbsp;";
$custom_auth[$j] .= '</select>&nbsp;';
$cell_title = $field_names[$forum_auth_fields[$j]];
$template->assign_block_vars("forum_auth_titles", array(
"CELL_TITLE" => $cell_title)
$template->assign_block_vars('forum_auth_titles', array(
'CELL_TITLE' => $cell_title)
);
$template->assign_block_vars("forum_auth_data", array(
"S_AUTH_LEVELS_SELECT" => $custom_auth[$j])
$template->assign_block_vars('forum_auth_data', array(
'S_AUTH_LEVELS_SELECT' => $custom_auth[$j])
);
$s_column_span++;
}
}
$adv_mode = (empty($adv)) ? "1" : "0";
$adv_mode = ( empty($adv) ) ? '1' : '0';
$switch_mode = append_sid("admin_forumauth.$phpEx?" . POST_FORUM_URL . "=" . $forum_id . "&adv=". $adv_mode);
$switch_mode_text = ( empty($adv) ) ? $lang['Advanced_mode'] : $lang['Simple_mode'];
$u_switch_mode = '<a href="' . $switch_mode . '">' . $switch_mode_text . '</a>';
@@ -326,26 +302,27 @@ else
$s_hidden_fields = '<input type="hidden" name="' . POST_FORUM_URL . '" value="' . $forum_id . '">';
$template->assign_vars(array(
"FORUM_NAME" => $forum_name,
'FORUM_NAME' => $forum_name,
"L_AUTH_TITLE" => $lang['Auth_Control_Forum'],
"L_AUTH_EXPLAIN" => $lang['Forum_auth_explain'],
"L_SUBMIT" => $lang['Submit'],
"L_RESET" => $lang['Reset'],
'L_FORUM' => $lang['Forum'],
'L_AUTH_TITLE' => $lang['Auth_Control_Forum'],
'L_AUTH_EXPLAIN' => $lang['Forum_auth_explain'],
'L_SUBMIT' => $lang['Submit'],
'L_RESET' => $lang['Reset'],
"U_SWITCH_MODE" => $u_switch_mode,
'U_SWITCH_MODE' => $u_switch_mode,
"S_FORUMAUTH_ACTION" => append_sid("admin_forumauth.$phpEx"),
"S_COLUMN_SPAN" => $s_column_span,
"S_HIDDEN_FIELDS" => $s_hidden_fields)
'S_FORUMAUTH_ACTION' => append_sid("admin_forumauth.$phpEx"),
'S_COLUMN_SPAN' => $s_column_span,
'S_HIDDEN_FIELDS' => $s_hidden_fields)
);
}
include('page_header_admin.'.$phpEx);
include('./page_header_admin.'.$phpEx);
$template->pparse("body");
$template->pparse('body');
include('page_footer_admin.'.$phpEx);
include('./page_footer_admin.'.$phpEx);
?>

113
phpBB/admin/admin_forums.php
View File

@@ -1,6 +1,6 @@
<?php
/***************************************************************************
* admin_forums.php
* admin_forums.php
* -------------------
* begin : Thursday, Jul 12, 2001
* copyright : (C) 2001 The phpBB Group
@@ -8,7 +8,6 @@
*
* $Id$
*
*
***************************************************************************/
/***************************************************************************
@@ -32,9 +31,9 @@ if( !empty($setmodules) )
//
// Load default header
//
$phpbb_root_path = "../";
$phpbb_root_path = "./../";
require($phpbb_root_path . 'extension.inc');
require('pagestart.' . $phpEx);
require('./pagestart.' . $phpEx);
include($phpbb_root_path . 'includes/functions_admin.'.$phpEx);
$forum_auth_ary = array(
@@ -44,7 +43,7 @@ $forum_auth_ary = array(
"auth_reply" => AUTH_ALL,
"auth_edit" => AUTH_REG,
"auth_delete" => AUTH_REG,
"auth_sticky" => AUTH_REG,
"auth_sticky" => AUTH_MOD,
"auth_announce" => AUTH_MOD,
"auth_vote" => AUTH_REG,
"auth_pollcreate" => AUTH_REG
@@ -56,6 +55,7 @@ $forum_auth_ary = array(
if( isset($HTTP_POST_VARS['mode']) || isset($HTTP_GET_VARS['mode']) )
{
$mode = ( isset($HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode'];
$mode = htmlspecialchars($mode);
}
else
{
@@ -302,8 +302,14 @@ if( !empty($mode) )
$catlist = get_list('category', $cat_id, TRUE);
$forumstatus == ( FORUM_LOCKED ) ? $forumlocked = "selected=\"selected\"" : $forumunlocked = "selected=\"selected\"";
$statuslist = "<option value=\"" . FORUM_UNLOCKED . "\" $forumunlocked>Unlocked</option>\n";
$statuslist .= "<option value=\"" . FORUM_LOCKED . "\" $forumlocked>Locked</option>\n";
// These two options ($lang['Status_unlocked'] and $lang['Status_locked']) seem to be missing from
// the language files.
$lang['Status_unlocked'] = isset($lang['Status_unlocked']) ? $lang['Status_unlocked'] : 'Unlocked';
$lang['Status_locked'] = isset($lang['Status_locked']) ? $lang['Status_locked'] : 'Locked';
$statuslist = "<option value=\"" . FORUM_UNLOCKED . "\" $forumunlocked>" . $lang['Status_unlocked'] . "</option>\n";
$statuslist .= "<option value=\"" . FORUM_LOCKED . "\" $forumlocked>" . $lang['Status_locked'] . "</option>\n";
$template->set_filenames(array(
"body" => "admin/forum_edit_body.tpl")
@@ -493,7 +499,7 @@ if( !empty($mode) )
// There is no problem having duplicate forum names so we won't check for it.
//
$sql = "INSERT INTO " . CATEGORIES_TABLE . " (cat_title, cat_order)
VALUES ('" . $HTTP_POST_VARS['categoryname'] . "', $next_order)";
VALUES ('" . str_replace("\'", "''", $HTTP_POST_VARS['categoryname']) . "', $next_order)";
if( !$result = $db->sql_query($sql) )
{
message_die(GENERAL_ERROR, "Couldn't insert row in categories table", "", __LINE__, __FILE__, $sql);
@@ -604,8 +610,41 @@ if( !empty($mode) )
// Either delete or move all posts in a forum
if($to_id == -1)
{
// Delete polls in this forum
$sql = "SELECT v.vote_id
FROM " . VOTE_DESC_TABLE . " v, " . TOPICS_TABLE . " t
WHERE t.forum_id = $from_id
AND v.topic_id = t.topic_id";
if (!($result = $db->sql_query($sql)))
{
message_die(GENERAL_ERROR, "Couldn't obtain list of vote ids", "", __LINE__, __FILE__, $sql);
}
if ($row = $db->sql_fetchrow($result))
{
$vote_ids = '';
do
{
$vote_ids = (($vote_ids != '') ? ', ' : '') . $row['vote_id'];
}
while ($row = $db->sql_fetchrow($result));
$sql = "DELETE FROM " . VOTE_DESC_TABLE . "
WHERE vote_id IN ($vote_ids)";
$db->sql_query($sql);
$sql = "DELETE FROM " . VOTE_RESULTS_TABLE . "
WHERE vote_id IN ($vote_ids)";
$db->sql_query($sql);
$sql = "DELETE FROM " . VOTE_USERS_TABLE . "
WHERE vote_id IN ($vote_ids)";
$db->sql_query($sql);
}
$db->sql_freeresult($result);
include($phpbb_root_path . "includes/prune.$phpEx");
prune($from_id, 0); // Delete everything from forum
prune($from_id, 0, true); // Delete everything from forum
}
else
{
@@ -616,6 +655,7 @@ if( !empty($mode) )
{
message_die(GENERAL_ERROR, "Couldn't verify existence of forums", "", __LINE__, __FILE__, $sql);
}
if($db->sql_numrows($result) != 2)
{
message_die(GENERAL_ERROR, "Ambiguous forum ID's", "", __LINE__, __FILE__);
@@ -637,6 +677,57 @@ if( !empty($mode) )
sync('forum', $to_id);
}
// Alter Mod level if appropriate - 2.0.4
$sql = "SELECT ug.user_id
FROM " . AUTH_ACCESS_TABLE . " a, " . USER_GROUP_TABLE . " ug
WHERE a.forum_id <> $from_id
AND a.auth_mod = 1
AND ug.group_id = a.group_id";
if( !$result = $db->sql_query($sql) )
{
message_die(GENERAL_ERROR, "Couldn't obtain moderator list", "", __LINE__, __FILE__, $sql);
}
if ($row = $db->sql_fetchrow($result))
{
$user_ids = '';
do
{
$user_ids .= (($user_ids != '') ? ', ' : '' ) . $row['user_id'];
}
while ($row = $db->sql_fetchrow($result));
$sql = "SELECT ug.user_id
FROM " . AUTH_ACCESS_TABLE . " a, " . USER_GROUP_TABLE . " ug
WHERE a.forum_id = $from_id
AND a.auth_mod = 1
AND ug.group_id = a.group_id
AND ug.user_id NOT IN ($user_ids)";
if( !$result2 = $db->sql_query($sql) )
{
message_die(GENERAL_ERROR, "Couldn't obtain moderator list", "", __LINE__, __FILE__, $sql);
}
if ($row = $db->sql_fetchrow($result2))
{
$user_ids = '';
do
{
$user_ids .= (($user_ids != '') ? ', ' : '' ) . $row['user_id'];
}
while ($row = $db->sql_fetchrow($result2));
$sql = "UPDATE " . USERS_TABLE . "
SET user_level = " . USER . "
WHERE user_id IN ($user_ids)
AND user_level <> " . ADMIN;
$db->sql_query($sql);
}
$db->sql_freeresult($result);
}
$db->sql_freeresult($result2);
$sql = "DELETE FROM " . FORUMS_TABLE . "
WHERE forum_id = $from_id";
if( !$result = $db->sql_query($sql) )
@@ -826,7 +917,7 @@ if( !empty($mode) )
if ($show_index != TRUE)
{
include('page_footer_admin.'.$phpEx);
include('./page_footer_admin.'.$phpEx);
exit;
}
}
@@ -931,6 +1022,6 @@ if( $total_categories = $db->sql_numrows($q_categories) )
$template->pparse("body");
include('page_footer_admin.'.$phpEx);
include('./page_footer_admin.'.$phpEx);
?>

327
phpBB/admin/admin_groups.php
View File

@@ -22,7 +22,7 @@
define('IN_PHPBB', 1);
if( !empty($setmodules) )
if ( !empty($setmodules) )
{
$filename = basename(__FILE__);
$module['Groups']['Manage'] = $filename;
@@ -33,38 +33,36 @@ if( !empty($setmodules) )
//
// Load default header
//
$phpbb_root_path = "../";
$phpbb_root_path = './../';
require($phpbb_root_path . 'extension.inc');
require('pagestart.' . $phpEx);
require('./pagestart.' . $phpEx);
if( isset($HTTP_POST_VARS[POST_GROUPS_URL]) || isset($HTTP_GET_VARS[POST_GROUPS_URL]) )
if ( isset($HTTP_POST_VARS[POST_GROUPS_URL]) || isset($HTTP_GET_VARS[POST_GROUPS_URL]) )
{
$group_id = ( isset($HTTP_POST_VARS[POST_GROUPS_URL]) ) ? intval($HTTP_POST_VARS[POST_GROUPS_URL]) : intval($HTTP_GET_VARS[POST_GROUPS_URL]);
}
else
{
$group_id = "";
$group_id = 0;
}
//
// Mode setting
//
if( isset($HTTP_POST_VARS['mode']) || isset($HTTP_GET_VARS['mode']) )
if ( isset($HTTP_POST_VARS['mode']) || isset($HTTP_GET_VARS['mode']) )
{
$mode = ( isset($HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode'];
$mode = htmlspecialchars($mode);
}
else
{
$mode = "";
$mode = '';
}
if( isset($HTTP_POST_VARS['edit']) || isset($HTTP_POST_VARS['new']) )
if ( isset($HTTP_POST_VARS['edit']) || isset($HTTP_POST_VARS['new']) )
{
//
// Ok they are editing a group or creating a new group
//
$template->set_filenames(array(
"body" => "admin/group_edit_body.tpl")
'body' => 'admin/group_edit_body.tpl')
);
if ( isset($HTTP_POST_VARS['edit']) )
@@ -76,34 +74,33 @@ if( isset($HTTP_POST_VARS['edit']) || isset($HTTP_POST_VARS['new']) )
FROM " . GROUPS_TABLE . "
WHERE group_single_user <> " . TRUE . "
AND group_id = $group_id";
if(!$result = $db->sql_query($sql))
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, "Error getting group information", "", __LINE__, __FILE__, $sql);
message_die(GENERAL_ERROR, 'Error getting group information', '', __LINE__, __FILE__, $sql);
}
if( !$db->sql_numrows($result) )
if ( !($group_info = $db->sql_fetchrow($result)) )
{
message_die(GENERAL_MESSAGE, $lang['Group_not_exist']);
}
$group_info = $db->sql_fetchrow($result);
$mode = "editgroup";
$template->assign_block_vars("group_edit", array());
$mode = 'editgroup';
$template->assign_block_vars('group_edit', array());
}
else if( isset($HTTP_POST_VARS['new']) )
else if ( isset($HTTP_POST_VARS['new']) )
{
$group_info = array (
"group_name" => "",
"group_description" => "",
"group_moderator" => "",
"group_type" => GROUP_OPEN);
$group_open = "checked=\"checked\"";
'group_name' => '',
'group_description' => '',
'group_moderator' => '',
'group_type' => GROUP_OPEN);
$group_open = ' checked="checked"';
$mode = "newgroup";
$mode = 'newgroup';
}
//
// Ok, now we know everything about them, let's show the page.
//
@@ -111,119 +108,166 @@ if( isset($HTTP_POST_VARS['edit']) || isset($HTTP_POST_VARS['new']) )
FROM " . USERS_TABLE . "
WHERE user_id <> " . ANONYMOUS . "
ORDER BY username";
$u_result = $db->sql_query($sql);
if( !$u_result )
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, "Couldn't obtain user info for moderator list", "", __LINE__, __FILE__, $sql);
message_die(GENERAL_ERROR, 'Could not obtain user info for moderator list', '', __LINE__, __FILE__, $sql);
}
$user_list = $db->sql_fetchrowset($u_result);
for($i = 0; $i < count($user_list); $i++)
while ( $row = $db->sql_fetchrow($result) )
{
if( $user_list[$i]['user_id'] == $group_info['group_moderator'] )
if ( $row['user_id'] == $group_info['group_moderator'] )
{
$group_moderator = $user_list[$i]['username'];
$group_moderator = $row['username'];
}
}
$group_open = ( $group_info['group_type'] == GROUP_OPEN ) ? "checked=\"checked\"" : "";
$group_closed = ( $group_info['group_type'] == GROUP_CLOSED ) ? "checked=\"checked\"" : "";
$group_hidden = ( $group_info['group_type'] == GROUP_HIDDEN ) ? "checked=\"checked\"" : "";
$group_open = ( $group_info['group_type'] == GROUP_OPEN ) ? ' checked="checked"' : '';
$group_closed = ( $group_info['group_type'] == GROUP_CLOSED ) ? ' checked="checked"' : '';
$group_hidden = ( $group_info['group_type'] == GROUP_HIDDEN ) ? ' checked="checked"' : '';
$s_hidden_fields = '<input type="hidden" name="mode" value="' . $mode . '" /><input type="hidden" name="' . POST_GROUPS_URL . '" value="' . $group_id . '" />';
$template->assign_vars(array(
"GROUP_NAME" => $group_info['group_name'],
"GROUP_DESCRIPTION" => $group_info['group_description'],
"GROUP_MODERATOR" => $group_moderator,
'GROUP_NAME' => $group_info['group_name'],
'GROUP_DESCRIPTION' => $group_info['group_description'],
'GROUP_MODERATOR' => $group_moderator,
"L_GROUP_TITLE" => $lang['Group_administration'],
"L_GROUP_EDIT_DELETE" => ( isset($HTTP_POST_VARS['new']) ) ? $lang['New_group'] : $lang['Edit_group'],
"L_GROUP_NAME" => $lang['group_name'],
"L_GROUP_DESCRIPTION" => $lang['group_description'],
"L_GROUP_MODERATOR" => $lang['group_moderator'],
"L_FIND_USERNAME" => $lang['Find_username'],
"L_GROUP_STATUS" => $lang['group_status'],
"L_GROUP_OPEN" => $lang['group_open'],
"L_GROUP_CLOSED" => $lang['group_closed'],
"L_GROUP_HIDDEN" => $lang['group_hidden'],
"L_GROUP_DELETE" => $lang['group_delete'],
"L_GROUP_DELETE_CHECK" => $lang['group_delete_check'],
"L_SUBMIT" => $lang['Submit'],
"L_RESET" => $lang['Reset'],
"L_DELETE_MODERATOR" => $lang['delete_group_moderator'],
"L_DELETE_MODERATOR_EXPLAIN" => $lang['delete_moderator_explain'],
"L_YES" => $lang['Yes'],
'L_GROUP_TITLE' => $lang['Group_administration'],
'L_GROUP_EDIT_DELETE' => ( isset($HTTP_POST_VARS['new']) ) ? $lang['New_group'] : $lang['Edit_group'],
'L_GROUP_NAME' => $lang['group_name'],
'L_GROUP_DESCRIPTION' => $lang['group_description'],
'L_GROUP_MODERATOR' => $lang['group_moderator'],
'L_FIND_USERNAME' => $lang['Find_username'],
'L_GROUP_STATUS' => $lang['group_status'],
'L_GROUP_OPEN' => $lang['group_open'],
'L_GROUP_CLOSED' => $lang['group_closed'],
'L_GROUP_HIDDEN' => $lang['group_hidden'],
'L_GROUP_DELETE' => $lang['group_delete'],
'L_GROUP_DELETE_CHECK' => $lang['group_delete_check'],
'L_SUBMIT' => $lang['Submit'],
'L_RESET' => $lang['Reset'],
'L_DELETE_MODERATOR' => $lang['delete_group_moderator'],
'L_DELETE_MODERATOR_EXPLAIN' => $lang['delete_moderator_explain'],
'L_YES' => $lang['Yes'],
"U_SEARCH_USER" => append_sid("../search.$phpEx?mode=searchuser"),
'U_SEARCH_USER' => append_sid("../search.$phpEx?mode=searchuser"),
"S_GROUP_OPEN_TYPE" => GROUP_OPEN,
"S_GROUP_CLOSED_TYPE" => GROUP_CLOSED,
"S_GROUP_HIDDEN_TYPE" => GROUP_HIDDEN,
"S_GROUP_OPEN_CHECKED" => $group_open,
"S_GROUP_CLOSED_CHECKED" => $group_closed,
"S_GROUP_HIDDEN_CHECKED" => $group_hidden,
"S_GROUP_ACTION" => append_sid("admin_groups.$phpEx"),
"S_HIDDEN_FIELDS" => $s_hidden_fields)
'S_GROUP_OPEN_TYPE' => GROUP_OPEN,
'S_GROUP_CLOSED_TYPE' => GROUP_CLOSED,
'S_GROUP_HIDDEN_TYPE' => GROUP_HIDDEN,
'S_GROUP_OPEN_CHECKED' => $group_open,
'S_GROUP_CLOSED_CHECKED' => $group_closed,
'S_GROUP_HIDDEN_CHECKED' => $group_hidden,
'S_GROUP_ACTION' => append_sid("admin_groups.$phpEx"),
'S_HIDDEN_FIELDS' => $s_hidden_fields)
);
$template->pparse('body');
}
else if( isset($HTTP_POST_VARS['group_update']) )
else if ( isset($HTTP_POST_VARS['group_update']) )
{
//
// Ok, they are submitting a group, let's save the data based on if it's new or editing
//
if( isset($HTTP_POST_VARS['group_delete']) )
if ( isset($HTTP_POST_VARS['group_delete']) )
{
//
// Reset User Moderator Level
//
// Is Group moderating a forum ?
$sql = "SELECT auth_mod FROM " . AUTH_ACCESS_TABLE . "
WHERE group_id = " . $group_id;
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not select auth_access', '', __LINE__, __FILE__, $sql);
}
$row = $db->sql_fetchrow($result);
if (intval($row['auth_mod']) == 1)
{
// Yes, get the assigned users and update their Permission if they are no longer moderator of one of the forums
$sql = "SELECT user_id FROM " . USER_GROUP_TABLE . "
WHERE group_id = " . $group_id;
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not select user_group', '', __LINE__, __FILE__, $sql);
}
$rows = $db->sql_fetchrowset($result);
for ($i = 0; $i < count($rows); $i++)
{
$sql = "SELECT g.group_id FROM " . AUTH_ACCESS_TABLE . " a, " . GROUPS_TABLE . " g, " . USER_GROUP_TABLE . " ug
WHERE (a.auth_mod = 1) AND (g.group_id = a.group_id) AND (a.group_id = ug.group_id) AND (g.group_id = ug.group_id)
AND (ug.user_id = " . intval($rows[$i]['user_id']) . ") AND (ug.group_id <> " . $group_id . ")";
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not obtain moderator permissions', '', __LINE__, __FILE__, $sql);
}
if ($db->sql_numrows($result) == 0)
{
$sql = "UPDATE " . USERS_TABLE . " SET user_level = " . USER . "
WHERE user_level = " . MOD . " AND user_id = " . intval($rows[$i]['user_id']);
if ( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not update moderator permissions', '', __LINE__, __FILE__, $sql);
}
}
}
}
//
// Delete Group
//
$sql = "DELETE FROM " . GROUPS_TABLE . "
WHERE group_id = " . $group_id;
if ( !$result = $db->sql_query($sql) )
if ( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, "Couldn't update group", "", __LINE__, __FILE__, $sql);
message_die(GENERAL_ERROR, 'Could not update group', '', __LINE__, __FILE__, $sql);
}
$sql = "DELETE FROM " . USER_GROUP_TABLE . "
WHERE group_id = " . $group_id;
if ( !$result = $db->sql_query($sql) )
if ( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, "Couldn't update user_group", "", __LINE__, __FILE__, $sql);
message_die(GENERAL_ERROR, 'Could not update user_group', '', __LINE__, __FILE__, $sql);
}
$sql = "DELETE FROM " . AUTH_ACCESS_TABLE . "
WHERE group_id = " . $group_id;
if ( !$result = $db->sql_query($sql) )
if ( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, "Couldn't update auth_access", "", __LINE__, __FILE__, $sql);
message_die(GENERAL_ERROR, 'Could not update auth_access', '', __LINE__, __FILE__, $sql);
}
$message = $lang['Deleted_group'] . "<br /><br />" . sprintf($lang['Click_return_groupsadmin'], "<a href=\"" . append_sid("admin_groups.$phpEx") . "\">", "</a>") . "<br /><br />" . sprintf($lang['Click_return_admin_index'], "<a href=\"" . append_sid("index.$phpEx?pane=right") . "\">", "</a>");;
$message = $lang['Deleted_group'] . '<br /><br />' . sprintf($lang['Click_return_groupsadmin'], '<a href="' . append_sid("admin_groups.$phpEx") . '">', '</a>') . '<br /><br />' . sprintf($lang['Click_return_admin_index'], '<a href="' . append_sid("index.$phpEx?pane=right") . '">', '</a>');
message_die(GENERAL_MESSAGE, $message);
}
else
{
$group_type = isset($HTTP_POST_VARS['group_type']) ? intval($HTTP_POST_VARS['group_type']) : GROUP_OPEN;
$group_name = isset($HTTP_POST_VARS['group_name']) ? trim($HTTP_POST_VARS['group_name']) : "";
$group_description = isset($HTTP_POST_VARS['group_description']) ? trim($HTTP_POST_VARS['group_description']) : "";
$group_moderator = isset($HTTP_POST_VARS['username']) ? $HTTP_POST_VARS['username'] : "";
$delete_old_moderator = isset($HTTP_POST_VARS['delete_old_moderator']) ? intval($HTTP_POST_VARS['delete_old_moderator']) : "";
$group_name = isset($HTTP_POST_VARS['group_name']) ? trim($HTTP_POST_VARS['group_name']) : '';
$group_description = isset($HTTP_POST_VARS['group_description']) ? trim($HTTP_POST_VARS['group_description']) : '';
$group_moderator = isset($HTTP_POST_VARS['username']) ? $HTTP_POST_VARS['username'] : '';
$delete_old_moderator = isset($HTTP_POST_VARS['delete_old_moderator']) ? true : false;
if( $group_name == "" )
if ( $group_name == '' )
{
message_die(GENERAL_MESSAGE, $lang['No_group_name']);
}
else if( $group_moderator == "" )
else if ( $group_moderator == '' )
{
message_die(GENERAL_MESSAGE, $lang['No_group_moderator']);
}
$this_userdata = get_userdata($group_moderator);
$this_userdata = get_userdata($group_moderator, true);
$group_moderator = $this_userdata['user_id'];
if( !$group_moderator )
if ( !$group_moderator )
{
message_die(GENERAL_MESSAGE, $lang['No_group_moderator']);
}
@@ -234,81 +278,86 @@ else if( isset($HTTP_POST_VARS['group_update']) )
FROM " . GROUPS_TABLE . "
WHERE group_single_user <> " . TRUE . "
AND group_id = " . $group_id;
if(!$result = $db->sql_query($sql))
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, "Error getting group information", "", __LINE__, __FILE__, $sql);
message_die(GENERAL_ERROR, 'Error getting group information', '', __LINE__, __FILE__, $sql);
}
if( !$db->sql_numrows($result) )
if( !($group_info = $db->sql_fetchrow($result)) )
{
message_die(GENERAL_MESSAGE, $lang['Group_not_exist']);
}
$group_info = $db->sql_fetchrow($result);
if ( $group_info['group_moderator'] != $group_moderator )
{
if ( $delete_old_moderator != "" )
if ( $delete_old_moderator )
{
$sql = "DELETE FROM " . USER_GROUP_TABLE . "
WHERE user_id = " . $group_info['group_moderator'] . "
AND group_id = " . $group_id;
if ( !$result = $db->sql_query($sql) )
if ( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, "Couldn't update group moderator", "", __LINE__, __FILE__, $sql);
message_die(GENERAL_ERROR, 'Could not update group moderator', '', __LINE__, __FILE__, $sql);
}
}
$sql = "INSERT INTO " . USER_GROUP_TABLE . " (group_id, user_id, user_pending)
VALUES (" . $group_id . ", " . $group_moderator . ", 0)";
if ( !$result = $db->sql_query($sql) )
$sql = "SELECT user_id
FROM " . USER_GROUP_TABLE . "
WHERE user_id = $group_moderator
AND group_id = $group_id";
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, "Couldn't update group moderator", "", __LINE__, __FILE__, $sql);
message_die(GENERAL_ERROR, 'Failed to obtain current group moderator info', '', __LINE__, __FILE__, $sql);
}
if ( !($row = $db->sql_fetchrow($result)) )
{
$sql = "INSERT INTO " . USER_GROUP_TABLE . " (group_id, user_id, user_pending)
VALUES (" . $group_id . ", " . $group_moderator . ", 0)";
if ( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not update group moderator', '', __LINE__, __FILE__, $sql);
}
}
}
$sql = "UPDATE " . GROUPS_TABLE . "
SET group_type = $group_type, group_name = '" . str_replace("\'", "''", $group_name) . "', group_description = '" . str_replace("\'", "''", $group_description) . "', group_moderator = $group_moderator
WHERE group_id = $group_id";
if ( !$result = $db->sql_query($sql) )
if ( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, "Couldn't update group", "", __LINE__, __FILE__, $sql);
message_die(GENERAL_ERROR, 'Could not update group', '', __LINE__, __FILE__, $sql);
}
$message = $lang['Updated_group'] . "<br /><br />" . sprintf($lang['Click_return_groupsadmin'], "<a href=\"" . append_sid("admin_groups.$phpEx") . "\">", "</a>") . "<br /><br />" . sprintf($lang['Click_return_admin_index'], "<a href=\"" . append_sid("index.$phpEx?pane=right") . "\">", "</a>");;
$message = $lang['Updated_group'] . '<br /><br />' . sprintf($lang['Click_return_groupsadmin'], '<a href="' . append_sid("admin_groups.$phpEx") . '">', '</a>') . '<br /><br />' . sprintf($lang['Click_return_admin_index'], '<a href="' . append_sid("index.$phpEx?pane=right") . '">', '</a>');;
message_die(GENERAL_MESSAGE, $message);
}
else if( $mode == "newgroup" )
else if( $mode == 'newgroup' )
{
$sql = "SELECT MAX(group_id) AS new_group_id
FROM " . GROUPS_TABLE;
if ( !$result = $db->sql_query($sql) )
$sql = "INSERT INTO " . GROUPS_TABLE . " (group_type, group_name, group_description, group_moderator, group_single_user)
VALUES ($group_type, '" . str_replace("\'", "''", $group_name) . "', '" . str_replace("\'", "''", $group_description) . "', $group_moderator, '0')";
if ( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, "Couldn't insert new group", "", __LINE__, __FILE__, $sql);
}
$row = $db->sql_fetchrow($result);
$new_group_id = $row['new_group_id'] + 1;
$sql = "INSERT INTO " . GROUPS_TABLE . " (group_id, group_type, group_name, group_description, group_moderator, group_single_user)
VALUES ($new_group_id, $group_type, '" . str_replace("\'", "''", $group_name) . "', '" . str_replace("\'", "''", $group_description) . "', $group_moderator, '0')";
if ( !$result = $db->sql_query($sql) )
{
message_die(GENERAL_ERROR, "Couldn't insert new group", "", __LINE__, __FILE__, $sql);
message_die(GENERAL_ERROR, 'Could not insert new group', '', __LINE__, __FILE__, $sql);
}
$new_group_id = $db->sql_nextid();
$sql = "INSERT INTO " . USER_GROUP_TABLE . " (group_id, user_id, user_pending)
VALUES ($new_group_id, $group_moderator, 0)";
if ( !$result = $db->sql_query($sql) )
if ( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, "Couldn't insert new user-group info", "", __LINE__, __FILE__, $sql);
message_die(GENERAL_ERROR, 'Could not insert new user-group info', '', __LINE__, __FILE__, $sql);
}
$message = $lang['Added_new_group'] . "<br /><br />" . sprintf($lang['Click_return_groupsadmin'], "<a href=\"" . append_sid("admin_groups.$phpEx") . "\">", "</a>") . "<br /><br />" . sprintf($lang['Click_return_admin_index'], "<a href=\"" . append_sid("index.$phpEx?pane=right") . "\">", "</a>");;
$message = $lang['Added_new_group'] . '<br /><br />' . sprintf($lang['Click_return_groupsadmin'], '<a href="' . append_sid("admin_groups.$phpEx") . '">', '</a>') . '<br /><br />' . sprintf($lang['Click_return_admin_index'], '<a href="' . append_sid("index.$phpEx?pane=right") . '">', '</a>');;
message_die(GENERAL_MESSAGE, $message);
}
else
{
message_die(GENERAL_MESSAGE, $lang['Group_mode_not_selected']);
message_die(GENERAL_MESSAGE, $lang['No_group_action']);
}
}
}
@@ -318,42 +367,46 @@ else
FROM " . GROUPS_TABLE . "
WHERE group_single_user <> " . TRUE . "
ORDER BY group_name";
$g_result = $db->sql_query($sql);
$group_list = $db->sql_fetchrowset($g_result);
$select_list = "<select name=\"" . POST_GROUPS_URL . "\">";
for($i = 0; $i < count($group_list); $i++)
if ( !($result = $db->sql_query($sql)) )
{
$select_list .= "<option value=\"" . $group_list[$i]['group_id'] . "\">" . $group_list[$i]['group_name'] . "</option>";
message_die(GENERAL_ERROR, 'Could not obtain group list', '', __LINE__, __FILE__, $sql);
}
$select_list = '';
if ( $row = $db->sql_fetchrow($result) )
{
$select_list .= '<select name="' . POST_GROUPS_URL . '">';
do
{
$select_list .= '<option value="' . $row['group_id'] . '">' . $row['group_name'] . '</option>';
}
while ( $row = $db->sql_fetchrow($result) );
$select_list .= '</select>';
}
$select_list .= "</select>";
$template->set_filenames(array(
"body" => "admin/group_select_body.tpl")
'body' => 'admin/group_select_body.tpl')
);
$template->assign_vars(array(
"L_GROUP_TITLE" => $lang['Group_administration'],
"L_GROUP_EXPLAIN" => $lang['Group_admin_explain'],
"L_GROUP_SELECT" => $lang['Select_group'],
"L_LOOK_UP" => $lang['Look_up_group'],
"L_CREATE_NEW_GROUP" => $lang['New_group'],
'L_GROUP_TITLE' => $lang['Group_administration'],
'L_GROUP_EXPLAIN' => $lang['Group_admin_explain'],
'L_GROUP_SELECT' => $lang['Select_group'],
'L_LOOK_UP' => $lang['Look_up_group'],
'L_CREATE_NEW_GROUP' => $lang['New_group'],
"S_GROUP_ACTION" => append_sid("admin_groups.$phpEx"),
"S_GROUP_SELECT" => $select_list)
'S_GROUP_ACTION' => append_sid("admin_groups.$phpEx"),
'S_GROUP_SELECT' => $select_list)
);
//
// Faking the IF... ELSE statements again...
//
if( count($group_list) > 0 )
if ( $select_list != '' )
{
$template->assign_block_vars("select_box", array());
$template->assign_block_vars('select_box', array());
}
$template->pparse('body');
}
include('page_footer_admin.'.$phpEx);
include('./page_footer_admin.'.$phpEx);
?>

195
phpBB/admin/admin_mass_email.php
View File

@@ -33,9 +33,9 @@ if( !empty($setmodules) )
// Load default header
//
$no_page_header = TRUE;
$phpbb_root_path = "../";
$phpbb_root_path = './../';
require($phpbb_root_path . 'extension.inc');
require('pagestart.' . $phpEx);
require('./pagestart.' . $phpEx);
//
// Increase maximum execution time in case of a lot of users, but don't complain about it if it isn't
@@ -43,108 +43,120 @@ require('pagestart.' . $phpEx);
//
@set_time_limit(1200);
$message = "";
$subject = "";
$message = '';
$subject = '';
//
// Do the job ...
//
if( isset($HTTP_POST_VARS['submit']) )
if ( isset($HTTP_POST_VARS['submit']) )
{
$subject = stripslashes(trim($HTTP_POST_VARS['subject']));
$message = stripslashes(trim($HTTP_POST_VARS['message']));
$error = FALSE;
$error_msg = '';
if ( empty($subject) )
{
$error = true;
$error_msg .= ( !empty($error_msg) ) ? '<br />' . $lang['Empty_subject'] : $lang['Empty_subject'];
}
if ( empty($message) )
{
$error = true;
$error_msg .= ( !empty($error_msg) ) ? '<br />' . $lang['Empty_message'] : $lang['Empty_message'];
}
$group_id = intval($HTTP_POST_VARS[POST_GROUPS_URL]);
if( $group_id != -1 )
$sql = ( $group_id != -1 ) ? "SELECT u.user_email FROM " . USERS_TABLE . " u, " . USER_GROUP_TABLE . " ug WHERE ug.group_id = $group_id AND ug.user_pending <> " . TRUE . " AND u.user_id = ug.user_id" : "SELECT user_email FROM " . USERS_TABLE;
if ( !($result = $db->sql_query($sql)) )
{
$sql = "SELECT u.user_email
FROM " . USERS_TABLE . " u, " . USER_GROUP_TABLE . " ug
WHERE ug.group_id = $group_id
AND ug.user_pending <> " . TRUE . "
AND u.user_id = ug.user_id";
message_die(GENERAL_ERROR, 'Could not select group members', '', __LINE__, __FILE__, $sql);
}
if ( $row = $db->sql_fetchrow($result) )
{
$bcc_list = array();
do
{
$bcc_list[] = $row['user_email'];
}
while ( $row = $db->sql_fetchrow($result) );
$db->sql_freeresult($result);
}
else
{
$sql = "SELECT user_email
FROM " . USERS_TABLE;
$message = ( $group_id != -1 ) ? $lang['Group_not_exist'] : $lang['No_such_user'];
$error = true;
$error_msg .= ( !empty($error_msg) ) ? '<br />' . $message : $message;
}
if( !$result = $db->sql_query($sql) )
{
message_die(GENERAL_ERROR, "Coult not select group members!", __LINE__, __FILE__, $sql);
}
if( !$db->sql_numrows($result) )
{
//
// Output a relevant GENERAL_MESSAGE about users/group
// not existing
//
}
$email_list = $db->sql_fetchrowset($g_result);
$subject = stripslashes($HTTP_POST_VARS["subject"]);
$message = stripslashes($HTTP_POST_VARS["message"]);
//
// Error checking needs to go here ... if no subject and/or
// no message then skip over the send and return to the form
//
$error = FALSE;
if( !$error )
if ( !$error )
{
include($phpbb_root_path . 'includes/emailer.'.$phpEx);
//
// Let's do some checking to make sure that mass mail functions
// are working in win32 versions of php.
//
if( preg_match('/[c-z]:\\\.*/i', getenv('PATH')) && !$board_config['smtp_delivery'])
if ( preg_match('/[c-z]:\\\.*/i', getenv('PATH')) && !$board_config['smtp_delivery'])
{
// We are running on windows, force delivery to use
// our smtp functions since php's are broken by default
$ini_val = ( @phpversion() >= '4.0.0' ) ? 'ini_get' : 'get_cfg_var';
// We are running on windows, force delivery to use our smtp functions
// since php's are broken by default
$board_config['smtp_delivery'] = 1;
$board_config['smtp_host'] = get_cfg_var('SMTP');
$board_config['smtp_host'] = @$ini_val('SMTP');
}
$emailer = new emailer($board_config['smtp_delivery']);
$email_headers = "From: " . $board_config['board_email'] . "\n";
$emailer->from($board_config['board_email']);
$emailer->replyto($board_config['board_email']);
$bcc_list = "";
for($i = 0; $i < count($email_list); $i++)
for ($i = 0; $i < count($bcc_list); $i++)
{
if( $bcc_list != "" )
{
$bcc_list .= ", ";
}
$bcc_list .= $email_list[$i]['user_email'];
$emailer->bcc($bcc_list[$i]);
}
$email_headers .= "Bcc: $bcc_list\n";
$email_headers .= "Return-Path: " . $userdata['board_email'] . "\n";
$email_headers .= "X-AntiAbuse: Board servername - " . $server_name . "\n";
$email_headers .= "X-AntiAbuse: User_id - " . $userdata['user_id'] . "\n";
$email_headers .= "X-AntiAbuse: Username - " . $userdata['username'] . "\n";
$email_headers .= "X-AntiAbuse: User IP - " . decode_ip($user_ip) . "\r\n";
$emailer->use_template("admin_send_email");
$email_headers = 'X-AntiAbuse: Board servername - ' . $board_config['server_name'] . "\n";
$email_headers .= 'X-AntiAbuse: User_id - ' . $userdata['user_id'] . "\n";
$email_headers .= 'X-AntiAbuse: Username - ' . $userdata['username'] . "\n";
$email_headers .= 'X-AntiAbuse: User IP - ' . decode_ip($user_ip) . "\n";
$emailer->use_template('admin_send_email');
$emailer->email_address($board_config['board_email']);
$emailer->set_subject($subject);
$emailer->extra_headers($email_headers);
$emailer->assign_vars(array(
"SITENAME" => $board_config['sitename'],
"BOARD_EMAIL" => $board_config['board_email'],
"MESSAGE" => $message)
'SITENAME' => $board_config['sitename'],
'BOARD_EMAIL' => $board_config['board_email'],
'MESSAGE' => $message)
);
$emailer->send();
$emailer->reset();
$message = $lang['Email_sent'] . "<br /><br />" . sprintf($lang['Click_return_admin_index'], "<a href=\"" . append_sid("index.$phpEx?pane=right") . "\">", "</a>");
message_die(GENERAL_MESSAGE, $message);
message_die(GENERAL_MESSAGE, $lang['Email_sent'] . '<br /><br />' . sprintf($lang['Click_return_admin_index'], '<a href="' . append_sid("index.$phpEx?pane=right") . '">', '</a>'));
}
}
if ( $error )
{
$template->set_filenames(array(
'reg_header' => 'error_body.tpl')
);
$template->assign_vars(array(
'ERROR_MESSAGE' => $error_msg)
);
$template->assign_var_from_handle('ERROR_BOX', 'reg_header');
}
//
// Initial selection
//
@@ -152,47 +164,50 @@ if( isset($HTTP_POST_VARS['submit']) )
$sql = "SELECT group_id, group_name
FROM ".GROUPS_TABLE . "
WHERE group_single_user <> 1";
$g_result = $db->sql_query($sql);
$group_list = $db->sql_fetchrowset($g_result);
$select_list = '<select name = "' . POST_GROUPS_URL . '">';
$select_list .= '<option value = "-1">' . $lang['All_users'] . '</option>';
for($i = 0;$i < count($group_list); $i++)
if ( !($result = $db->sql_query($sql)) )
{
$select_list .= "<option value = \"" . $group_list[$i]['group_id'];
$select_list .= "\">" . $group_list[$i]['group_name'] . "</option>";
message_die(GENERAL_ERROR, 'Could not obtain list of groups', '', __LINE__, __FILE__, $sql);
}
$select_list .= "</select>";
$select_list = '<select name = "' . POST_GROUPS_URL . '"><option value = "-1">' . $lang['All_users'] . '</option>';
if ( $row = $db->sql_fetchrow($result) )
{
do
{
$select_list .= '<option value = "' . $row['group_id'] . '">' . $row['group_name'] . '</option>';
}
while ( $row = $db->sql_fetchrow($result) );
}
$select_list .= '</select>';
//
// Generate page
//
include('page_header_admin.'.$phpEx);
include('./page_header_admin.'.$phpEx);
$template->set_filenames(array(
"body" => "admin/user_email_body.tpl")
'body' => 'admin/user_email_body.tpl')
);
$template->assign_vars(array(
"MESSAGE" => $message,
"SUBJECT" => $subject,
'MESSAGE' => $message,
'SUBJECT' => $subject,
"L_EMAIL_TITLE" => $lang['Email'],
"L_EMAIL_EXPLAIN" => $lang['Mass_email_explain'],
"L_COMPOSE" => $lang['Compose'],
"L_RECIPIENTS" => $lang['Recipients'],
"L_EMAIL_SUBJECT" => $lang['Subject'],
"L_EMAIL_MSG" => $lang['Message'],
"L_EMAIL" => $lang['Email'],
"L_NOTICE" => $notice,
'L_EMAIL_TITLE' => $lang['Email'],
'L_EMAIL_EXPLAIN' => $lang['Mass_email_explain'],
'L_COMPOSE' => $lang['Compose'],
'L_RECIPIENTS' => $lang['Recipients'],
'L_EMAIL_SUBJECT' => $lang['Subject'],
'L_EMAIL_MSG' => $lang['Message'],
'L_EMAIL' => $lang['Email'],
'L_NOTICE' => $notice,
"S_USER_ACTION" => append_sid('admin_mass_email.'.$phpEx),
"S_GROUP_SELECT" => $select_list)
'S_USER_ACTION' => append_sid('admin_mass_email.'.$phpEx),
'S_GROUP_SELECT' => $select_list)
);
$template->pparse('body');
include('page_footer_admin.'.$phpEx);
include('./page_footer_admin.'.$phpEx);
?>
?>

23
phpBB/admin/admin_ranks.php
View File

@@ -8,7 +8,6 @@
*
* $Id$
*
*
***************************************************************************/
/***************************************************************************
@@ -32,13 +31,14 @@ if( !empty($setmodules) )
//
// Let's set the root dir for phpBB
//
$phpbb_root_path = "../";
$phpbb_root_path = "./../";
require($phpbb_root_path . 'extension.inc');
require('pagestart.' . $phpEx);
require('./pagestart.' . $phpEx);
if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) )
{
$mode = ($HTTP_GET_VARS['mode']) ? $HTTP_GET_VARS['mode'] : $HTTP_POST_VARS['mode'];
$mode = htmlspecialchars($mode);
}
else
{
@@ -162,8 +162,19 @@ if( $mode != "" )
}
}
if( $rank_id )
if ($rank_id)
{
if (!$special_rank)
{
$sql = "UPDATE " . USERS_TABLE . "
SET user_rank = 0
WHERE user_rank = $rank_id";
if( !$result = $db->sql_query($sql) )
{
message_die(GENERAL_ERROR, $lang['No_update_ranks'], "", __LINE__, __FILE__, $sql);
}
}
$sql = "UPDATE " . RANKS_TABLE . "
SET rank_title = '" . str_replace("\'", "''", $rank_title) . "', rank_special = $special_rank, rank_min = $min_posts, rank_image = '" . str_replace("\'", "''", $rank_image) . "'
WHERE rank_id = $rank_id";
@@ -255,7 +266,7 @@ if( $mode != "" )
$template->assign_vars(array(
"L_RANKS_TITLE" => $lang['Ranks_title'],
"L_RANKS_TEXT" => $lang['Ranks_explain'],
"L_RANK" => $lang['Rank'],
"L_RANK" => $lang['Rank_title'],
"L_RANK_MINIMUM" => $lang['Rank_minimum'],
"L_SPECIAL_RANK" => $lang['Special_rank'],
"L_EDIT" => $lang['Edit'],
@@ -360,6 +371,6 @@ else
$template->pparse("body");
include('page_footer_admin.'.$phpEx);
include('./page_footer_admin.'.$phpEx);
?>

41
phpBB/admin/admin_smilies.php
View File

@@ -47,9 +47,9 @@ if( isset($HTTP_GET_VARS['export_pack']) )
}
}
$phpbb_root_path = "../";
$phpbb_root_path = "./../";
require($phpbb_root_path . 'extension.inc');
require('pagestart.' . $phpEx);
require('./pagestart.' . $phpEx);
//
// Check to see what mode we should operate in.
@@ -57,6 +57,7 @@ require('pagestart.' . $phpEx);
if( isset($HTTP_POST_VARS['mode']) || isset($HTTP_GET_VARS['mode']) )
{
$mode = ( isset($HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode'];
$mode = htmlspecialchars($mode);
}
else
{
@@ -72,7 +73,7 @@ $dir = @opendir($phpbb_root_path . $board_config['smilies_path']);
while($file = @readdir($dir))
{
if( !@is_dir($phpbb_root_path . $board_config['smilies_path'] . '/' . $file) )
if( !@is_dir(phpbb_realpath($phpbb_root_path . $board_config['smilies_path'] . '/' . $file)) )
{
$img_size = @getimagesize($phpbb_root_path . $board_config['smilies_path'] . '/' . $file);
@@ -239,7 +240,7 @@ else if( isset($HTTP_POST_VARS['export_pack']) || isset($HTTP_GET_VARS['export_p
FROM " . SMILIES_TABLE;
if( !$result = $db->sql_query($sql) )
{
message_die(GENERAL_ERROR, "Couldn't delete smiley", "", __LINE__, __FILE__, $sql);
message_die(GENERAL_ERROR, "Could not get smiley list", "", __LINE__, __FILE__, $sql);
}
$resultset = $db->sql_fetchrowset($result);
@@ -265,7 +266,7 @@ else if( isset($HTTP_POST_VARS['export_pack']) || isset($HTTP_GET_VARS['export_p
message_die(GENERAL_MESSAGE, $message);
}
else if( isset($HTTP_POST_VARS['add']) )
else if( isset($HTTP_POST_VARS['add']) || isset($HTTP_GET_VARS['add']) )
{
//
// Admin has selected to add a smiley.
@@ -286,7 +287,7 @@ else if( isset($HTTP_POST_VARS['add']) )
$template->assign_vars(array(
"L_SMILEY_TITLE" => $lang['smiley_title'],
"L_SMILEY_CONFIG" => $lang['smiley_config'],
"L_SMILEY_EXPLAIN" => $lang['smiley_instr'],
"L_SMILEY_EXPLAIN" => $lang['smile_desc'],
"L_SMILEY_CODE" => $lang['smiley_code'],
"L_SMILEY_URL" => $lang['smiley_url'],
"L_SMILEY_EMOTION" => $lang['smiley_emot'],
@@ -313,6 +314,7 @@ else if ( $mode != "" )
//
$smiley_id = ( !empty($HTTP_POST_VARS['id']) ) ? $HTTP_POST_VARS['id'] : $HTTP_GET_VARS['id'];
$smiley_id = intval($smiley_id);
$sql = "DELETE FROM " . SMILIES_TABLE . "
WHERE smilies_id = " . $smiley_id;
@@ -333,6 +335,7 @@ else if ( $mode != "" )
//
$smiley_id = ( !empty($HTTP_POST_VARS['id']) ) ? $HTTP_POST_VARS['id'] : $HTTP_GET_VARS['id'];
$smiley_id = intval($smiley_id);
$sql = "SELECT *
FROM " . SMILIES_TABLE . "
@@ -340,7 +343,7 @@ else if ( $mode != "" )
$result = $db->sql_query($sql);
if( !$result )
{
message_die(GENERAL_ERROR, $lang['smile_edit_err'], "", __LINE__, __FILE__, $sql);
message_die(GENERAL_ERROR, 'Could not obtain emoticon information', "", __LINE__, __FILE__, $sql);
}
$smile_data = $db->sql_fetchrow($result);
@@ -399,10 +402,17 @@ else if ( $mode != "" )
// Get the submitted data, being careful to ensure that we only
// accept the data we are looking for.
//
$smile_code = ( isset($HTTP_POST_VARS['smile_code']) ) ? $HTTP_POST_VARS['smile_code'] : $HTTP_GET_VARS['smile_code'];
$smile_url = ( isset($HTTP_POST_VARS['smile_url']) ) ? $HTTP_POST_VARS['smile_url'] : $HTTP_GET_VARS['smile_url'];
$smile_emotion = ( isset($HTTP_POST_VARS['smile_emotion']) ) ? $HTTP_POST_VARS['smile_emotion'] : $HTTP_GET_VARS['smile_emotion'];
$smile_code = ( isset($HTTP_POST_VARS['smile_code']) ) ? trim($HTTP_POST_VARS['smile_code']) : trim($HTTP_GET_VARS['smile_code']);
$smile_url = ( isset($HTTP_POST_VARS['smile_url']) ) ? trim($HTTP_POST_VARS['smile_url']) : trim($HTTP_GET_VARS['smile_url']);
$smile_emotion = ( isset($HTTP_POST_VARS['smile_emotion']) ) ? trim($HTTP_POST_VARS['smile_emotion']) : trim($HTTP_GET_VARS['smile_emotion']);
$smile_id = ( isset($HTTP_POST_VARS['smile_id']) ) ? intval($HTTP_POST_VARS['smile_id']) : intval($HTTP_GET_VARS['smile_id']);
// If no code was entered complain ...
if ($smile_code == '' || $smile_url == '')
{
message_die(MESSAGE, $lang['Fields_empty']);
}
//
// Convert < and > to proper htmlentities for parsing.
//
@@ -415,8 +425,7 @@ else if ( $mode != "" )
$sql = "UPDATE " . SMILIES_TABLE . "
SET code = '" . str_replace("\'", "''", $smile_code) . "', smile_url = '" . str_replace("\'", "''", $smile_url) . "', emoticon = '" . str_replace("\'", "''", $smile_emotion) . "'
WHERE smilies_id = $smile_id";
$result = $db->sql_query($sql);
if( !$result )
if( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, "Couldn't update smilies info", "", __LINE__, __FILE__, $sql);
}
@@ -439,6 +448,12 @@ else if ( $mode != "" )
$smile_url = ( isset($HTTP_POST_VARS['smile_url']) ) ? $HTTP_POST_VARS['smile_url'] : $HTTP_GET_VARS['smile_url'];
$smile_emotion = ( isset($HTTP_POST_VARS['smile_emotion']) ) ? $HTTP_POST_VARS['smile_emotion'] : $HTTP_GET_VARS['smile_emotion'];
// If no code was entered complain ...
if ($smile_code == '' || $smile_url == '')
{
message_die(MESSAGE, $lang['Fields_empty']);
}
//
// Convert < and > to proper htmlentities for parsing.
//
@@ -536,6 +551,6 @@ else
//
// Page Footer
//
include('page_footer_admin.'.$phpEx);
include('./page_footer_admin.'.$phpEx);
?>

41
phpBB/admin/admin_styles.php
View File

@@ -38,26 +38,28 @@ if( !empty($setmodules) )
//
// Check if the user has cancled a confirmation message.
//
$phpbb_root_path = "../";
$phpbb_root_path = "./../";
require($phpbb_root_path . 'extension.inc');
$confirm = ( isset($HTTP_POST_VARS['confirm']) ) ? TRUE : FALSE;
$cancel = ( isset($HTTP_POST_VARS['cancel']) ) ? TRUE : FALSE;
if( empty($HTTP_POST_VARS['send_file']) )
{
$no_page_header = ( $cancel ) ? TRUE : FALSE;
require($phpbb_root_path . 'extension.inc');
require('pagestart.' . $phpEx);
}
$no_page_header = (!empty($HTTP_POST_VARS['send_file']) || $cancel) ? TRUE : FALSE;
if( $cancel )
require('./pagestart.' . $phpEx);
$confirm = ( isset($HTTP_POST_VARS['confirm']) ) ? TRUE : FALSE;
$cancel = ( isset($HTTP_POST_VARS['cancel']) ) ? TRUE : FALSE;
if ($cancel)
{
header("Location: " . append_sid("admin_styles.$phpEx"));
redirect('admin/' . append_sid("admin_styles.$phpEx", true));
}
if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) )
{
$mode = ( isset($HTTP_GET_VARS['mode']) ) ? $HTTP_GET_VARS['mode'] : $HTTP_POST_VARS['mode'];
$mode = htmlspecialchars($mode);
}
else
{
@@ -132,9 +134,9 @@ switch( $mode )
{
while( $sub_dir = @readdir($dir) )
{
if( !is_file($phpbb_root_path . 'templates/' .$sub_dir) && !is_link($phpbb_root_path . 'templates/' .$sub_dir) && $sub_dir != "." && $sub_dir != ".." && $sub_dir != "CVS" )
if( !is_file(phpbb_realpath($phpbb_root_path . 'templates/' .$sub_dir)) && !is_link(phpbb_realpath($phpbb_root_path . 'templates/' .$sub_dir)) && $sub_dir != "." && $sub_dir != ".." && $sub_dir != "CVS" )
{
if( @file_exists($phpbb_root_path. "templates/" . $sub_dir . "/theme_info.cfg") )
if( @file_exists(@phpbb_realpath($phpbb_root_path. "templates/" . $sub_dir . "/theme_info.cfg")) )
{
include($phpbb_root_path. "templates/" . $sub_dir . "/theme_info.cfg");
@@ -490,7 +492,7 @@ switch( $mode )
$themes_title = $lang['Edit_theme'];
$themes_explain = $lang['Edit_theme_explain'];
$style_id = $HTTP_GET_VARS['style_id'];
$style_id = intval($HTTP_GET_VARS['style_id']);
$selected_names = array();
$selected_values = array();
@@ -549,7 +551,7 @@ switch( $mode )
$s_template_select = '<select name="template_name">';
while( $file = @readdir($dir) )
{
if( !is_file($phpbb_root_path . 'templates/' . $file) && !is_link($phpbb_root_path . 'templates/' . $file) && $file != "." && $file != ".." && $file != "CVS" )
if( !is_file(phpbb_realpath($phpbb_root_path . 'templates/' . $file)) && !is_link(phpbb_realpath($phpbb_root_path . 'templates/' . $file)) && $file != "." && $file != ".." && $file != "CVS" )
{
if($file == $selected['template_name'])
{
@@ -561,6 +563,7 @@ switch( $mode )
}
}
}
$s_template_select .= '</select>';
}
else
{
@@ -704,7 +707,7 @@ switch( $mode )
$sql = "SELECT *
FROM " . THEMES_TABLE . "
WHERE template_name = '$template_name'";
WHERE template_name = '" . str_replace("\'", "''", $template_name) . "'";
if(!$result = $db->sql_query($sql))
{
message_die(GENERAL_ERROR, "Could not get theme data for selected template", "", __LINE__, __FILE__, $sql);
@@ -747,7 +750,7 @@ switch( $mode )
$s_hidden_fields = '<input type="hidden" name="theme_info" value="' . htmlspecialchars($theme_data) . '" />';
$s_hidden_fields .= '<input type="hidden" name="send_file" value="1" /><input type="hidden" name="mode" value="export" />';
$download_form = '<form action="' . append_sid("admin_styles.$phpEx") . '" method="post"><input type="submit" name="submit" value="' . $lang['Download'] . '" />' . $s_hidden_fields;
$download_form = '<form action="' . append_sid("admin_styles.$phpEx") . '" method="post"><input class="mainoption" type="submit" name="submit" value="' . $lang['Download'] . '" />' . $s_hidden_fields;
$template->set_filenames(array(
"body" => "message_body.tpl")
@@ -789,7 +792,7 @@ switch( $mode )
$s_template_select = '<select name="export_template">';
while( $file = @readdir($dir) )
{
if( !is_file($phpbb_root_path . 'templates/' . $file) && !is_link($phpbb_root_path . 'templates/' .$file) && $file != "." && $file != ".." && $file != "CVS" )
if( !is_file(phpbb_realpath($phpbb_root_path . 'templates/' . $file)) && !is_link(phpbb_realpath($phpbb_root_path . 'templates/' .$file)) && $file != "." && $file != ".." && $file != "CVS" )
{
$s_template_select .= '<option value="' . $file . '">' . $file . "</option>\n";
}
@@ -929,9 +932,9 @@ switch( $mode )
break;
}
if( !$HTTP_POST_VARS['send_file'] )
if (empty($HTTP_POST_VARS['send_file']))
{
include('page_footer_admin.'.$phpEx);
include('./page_footer_admin.'.$phpEx);
}
?>
?>

29
phpBB/admin/admin_ug_auth.php
View File

@@ -36,9 +36,9 @@ if( !empty($setmodules) )
//
$no_page_header = TRUE;
$phpbb_root_path = "../";
$phpbb_root_path = "./../";
require($phpbb_root_path . 'extension.inc');
require('pagestart.' . $phpEx);
require('./pagestart.' . $phpEx);
$params = array('mode' => 'mode', 'user_id' => POST_USERS_URL, 'group_id' => POST_GROUPS_URL, 'adv' => 'adv');
@@ -54,6 +54,11 @@ while( list($var, $param) = @each($params) )
}
}
$user_id = intval($user_id);
$group_id = intval($group_id);
$adv = intval($adv);
$mode = htmlspecialchars($mode);
//
// Start program - define vars
//
@@ -510,7 +515,7 @@ else if ( ( $mode == 'user' && ( isset($HTTP_POST_VARS['username']) || $user_id
{
if ( isset($HTTP_POST_VARS['username']) )
{
$this_userdata = get_userdata($HTTP_POST_VARS['username']);
$this_userdata = get_userdata($HTTP_POST_VARS['username'], true);
if ( !is_array($this_userdata) )
{
message_die(GENERAL_MESSAGE, $lang['No_such_user']);
@@ -787,7 +792,9 @@ else if ( ( $mode == 'user' && ( isset($HTTP_POST_VARS['username']) || $user_id
$t_usergroup_list = '';
for($i = 0; $i < count($ug_info); $i++)
{
$t_usergroup_list .= ( ( $t_usergroup_list != '' ) ? ', ' : '' ) . '<a href="' . append_sid("admin_ug_auth.$phpEx?mode=$mode&amp;" . POST_GROUPS_URL . "=" . $id[$i]) . '">' . $name[$i] . '</a>';
$ug = ( $mode == 'user' ) ? 'group&amp;' . POST_GROUPS_URL : 'user&amp;' . POST_USERS_URL;
$t_usergroup_list .= ( ( $t_usergroup_list != '' ) ? ', ' : '' ) . '<a href="' . append_sid("admin_ug_auth.$phpEx?mode=$ug=" . $id[$i]) . '">' . $name[$i] . '</a>';
}
}
else
@@ -819,7 +826,7 @@ else if ( ( $mode == 'user' && ( isset($HTTP_POST_VARS['username']) || $user_id
//
// Dump in the page header ...
//
include('page_header_admin.'.$phpEx);
include('./page_header_admin.'.$phpEx);
$template->set_filenames(array(
"body" => 'admin/auth_ug_body.tpl')
@@ -856,14 +863,14 @@ else if ( ( $mode == 'user' && ( isset($HTTP_POST_VARS['username']) || $user_id
$template->assign_vars(array(
'L_USER_OR_GROUPNAME' => ( $mode == 'user' ) ? $lang['Username'] : $lang['Group_name'],
'L_USER_OR_GROUP' => ( $mode == 'user' ) ? $lang['User'] : $lang['Group'],
'L_AUTH_TITLE' => ( $mode == 'user' ) ? $lang['Auth_Control_User'] : $lang['Auth_Control_Group'],
'L_AUTH_EXPLAIN' => ( $mode == 'user' ) ? $lang['User_auth_explain'] : $lang['Group_auth_explain'],
'L_MODERATOR_STATUS' => $lang['Moderator_status'],
'L_PERMISSIONS' => $lang['Permissions'],
'L_SUBMIT' => $lang['Submit'],
'L_RESET' => $lang['Reset'],
'L_RESET' => $lang['Reset'],
'L_FORUM' => $lang['Forum'],
'U_USER_OR_GROUP' => append_sid("admin_ug_auth.$phpEx"),
'U_SWITCH_MODE' => $u_switch_mode,
@@ -878,7 +885,7 @@ else
//
// Select a user/group
//
include('page_header_admin.'.$phpEx);
include('./page_header_admin.'.$phpEx);
$template->set_filenames(array(
'body' => ( $mode == 'user' ) ? 'admin/user_select_body.tpl' : 'admin/auth_select_body.tpl')
@@ -920,7 +927,7 @@ else
$s_hidden_fields = '<input type="hidden" name="mode" value="' . $mode . '" />';
$l_type = ( $mode == 'user' ) ? "USER" : "AUTH";
$l_type = ( $mode == 'user' ) ? 'USER' : 'AUTH';
$template->assign_vars(array(
'L_' . $l_type . '_TITLE' => ( $mode == 'user' ) ? $lang['Auth_Control_User'] : $lang['Auth_Control_Group'],
@@ -936,6 +943,6 @@ else
$template->pparse('body');
include('page_footer_admin.'.$phpEx);
include('./page_footer_admin.'.$phpEx);
?>
?>

187
phpBB/admin/admin_user_ban.php
View File

@@ -22,7 +22,7 @@
define('IN_PHPBB', 1);
if( !empty($setmodules) )
if ( !empty($setmodules) )
{
$filename = basename(__FILE__);
$module['Users']['Ban_Management'] = $filename;
@@ -33,38 +33,39 @@ if( !empty($setmodules) )
//
// Load default header
//
$phpbb_root_path = "../";
$phpbb_root_path = './../';
require($phpbb_root_path . 'extension.inc');
require('pagestart.' . $phpEx);
require('./pagestart.' . $phpEx);
//
// Start program
//
if( isset($HTTP_POST_VARS['submit']) )
if ( isset($HTTP_POST_VARS['submit']) )
{
$user_bansql = "";
$email_bansql = "";
$ip_bansql = "";
$user_bansql = '';
$email_bansql = '';
$ip_bansql = '';
$user_list = array();
if( isset($HTTP_POST_VARS['ban_user']) )
if ( !empty($HTTP_POST_VARS['username']) )
{
$user_list_temp = $HTTP_POST_VARS['ban_user'];
for($i = 0; $i < count($user_list_temp); $i++)
$this_userdata = get_userdata($HTTP_POST_VARS['username'], true);
if( !$this_userdata )
{
$user_list[] = trim($user_list_temp[$i]);
message_die(GENERAL_MESSAGE, $lang['No_user_id_specified'] );
}
$user_list[] = $this_userdata['user_id'];
}
$ip_list = array();
if( isset($HTTP_POST_VARS['ban_ip']) )
if ( isset($HTTP_POST_VARS['ban_ip']) )
{
$ip_list_temp = explode(",", $HTTP_POST_VARS['ban_ip']);
$ip_list_temp = explode(',', $HTTP_POST_VARS['ban_ip']);
for($i = 0; $i < count($ip_list_temp); $i++)
{
if( preg_match("/^([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})[ ]*\-[ ]*([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})$/", trim($ip_list_temp[$i]), $ip_range_explode) )
if ( preg_match('/^([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})[ ]*\-[ ]*([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})$/', trim($ip_list_temp[$i]), $ip_range_explode) )
{
//
// Don't ask about all this, just don't ask ... !
@@ -72,12 +73,12 @@ if( isset($HTTP_POST_VARS['submit']) )
$ip_1_counter = $ip_range_explode[1];
$ip_1_end = $ip_range_explode[5];
while($ip_1_counter <= $ip_1_end)
while ( $ip_1_counter <= $ip_1_end )
{
$ip_2_counter = ($ip_1_counter == $ip_range_explode[1]) ? $ip_range_explode[2] : 0;
$ip_2_end = ($ip_1_counter < $ip_1_end) ? 254 : $ip_range_explode[6];
$ip_2_counter = ( $ip_1_counter == $ip_range_explode[1] ) ? $ip_range_explode[2] : 0;
$ip_2_end = ( $ip_1_counter < $ip_1_end ) ? 254 : $ip_range_explode[6];
if($ip_2_counter == 0 && $ip_2_end == 254)
if ( $ip_2_counter == 0 && $ip_2_end == 254 )
{
$ip_2_counter = 255;
$ip_2_fragment = 255;
@@ -85,12 +86,12 @@ if( isset($HTTP_POST_VARS['submit']) )
$ip_list[] = encode_ip("$ip_1_counter.255.255.255");
}
while($ip_2_counter <= $ip_2_end)
while ( $ip_2_counter <= $ip_2_end )
{
$ip_3_counter = ($ip_2_counter == $ip_range_explode[2] && $ip_1_counter == $ip_range_explode[1]) ? $ip_range_explode[3] : 0;
$ip_3_end = ($ip_2_counter < $ip_2_end || $ip_1_counter < $ip_1_end) ? 254 : $ip_range_explode[7];
$ip_3_counter = ( $ip_2_counter == $ip_range_explode[2] && $ip_1_counter == $ip_range_explode[1] ) ? $ip_range_explode[3] : 0;
$ip_3_end = ( $ip_2_counter < $ip_2_end || $ip_1_counter < $ip_1_end ) ? 254 : $ip_range_explode[7];
if($ip_3_counter == 0 && $ip_3_end == 254 )
if ( $ip_3_counter == 0 && $ip_3_end == 254 )
{
$ip_3_counter = 255;
$ip_3_fragment = 255;
@@ -98,12 +99,12 @@ if( isset($HTTP_POST_VARS['submit']) )
$ip_list[] = encode_ip("$ip_1_counter.$ip_2_counter.255.255");
}
while($ip_3_counter <= $ip_3_end)
while ( $ip_3_counter <= $ip_3_end )
{
$ip_4_counter = ($ip_3_counter == $ip_range_explode[3] && $ip_2_counter == $ip_range_explode[2] && $ip_1_counter == $ip_range_explode[1]) ? $ip_range_explode[4] : 0;
$ip_4_end = ($ip_3_counter < $ip_3_end || $ip_2_counter < $ip_2_end) ? 254 : $ip_range_explode[8];
$ip_4_counter = ( $ip_3_counter == $ip_range_explode[3] && $ip_2_counter == $ip_range_explode[2] && $ip_1_counter == $ip_range_explode[1] ) ? $ip_range_explode[4] : 0;
$ip_4_end = ( $ip_3_counter < $ip_3_end || $ip_2_counter < $ip_2_end ) ? 254 : $ip_range_explode[8];
if($ip_4_counter == 0 && $ip_4_end == 254)
if ( $ip_4_counter == 0 && $ip_4_end == 254 )
{
$ip_4_counter = 255;
$ip_4_fragment = 255;
@@ -111,7 +112,7 @@ if( isset($HTTP_POST_VARS['submit']) )
$ip_list[] = encode_ip("$ip_1_counter.$ip_2_counter.$ip_3_counter.255");
}
while($ip_4_counter <= $ip_4_end)
while ( $ip_4_counter <= $ip_4_end )
{
$ip_list[] = encode_ip("$ip_1_counter.$ip_2_counter.$ip_3_counter.$ip_4_counter");
$ip_4_counter++;
@@ -123,29 +124,29 @@ if( isset($HTTP_POST_VARS['submit']) )
$ip_1_counter++;
}
}
else if( preg_match("/^([\w\-_]\.?){2,}$/is", trim($ip_list_temp[$i])) )
else if ( preg_match('/^([\w\-_]\.?){2,}$/is', trim($ip_list_temp[$i])) )
{
$ip = gethostbynamel(trim($ip_list_temp[$i]));
for($j = 0; $j < count($ip); $j++)
{
if( !empty($ip[$j]) )
if ( !empty($ip[$j]) )
{
$ip_list[] = encode_ip($ip[$j]);
}
}
}
else if( preg_match("/^([0-9]{1,3})\.([0-9\*]{1,3})\.([0-9\*]{1,3})\.([0-9\*]{1,3})$/", trim($ip_list_temp[$i])) )
else if ( preg_match('/^([0-9]{1,3})\.([0-9\*]{1,3})\.([0-9\*]{1,3})\.([0-9\*]{1,3})$/', trim($ip_list_temp[$i])) )
{
$ip_list[] = encode_ip(str_replace("*", "255", trim($ip_list_temp[$i])));
$ip_list[] = encode_ip(str_replace('*', '255', trim($ip_list_temp[$i])));
}
}
}
$email_list = array();
if(isset($HTTP_POST_VARS['ban_email']))
if ( isset($HTTP_POST_VARS['ban_email']) )
{
$email_list_temp = explode(",", $HTTP_POST_VARS['ban_email']);
$email_list_temp = explode(',', $HTTP_POST_VARS['ban_email']);
for($i = 0; $i < count($email_list_temp); $i++)
{
@@ -154,7 +155,7 @@ if( isset($HTTP_POST_VARS['submit']) )
// contained in the annotated php manual at php.com (ereg
// section)
//
if( eregi("^(([[:alnum:]\*]+([-_.][[:alnum:]\*]+)*\.?)|(\*))@([[:alnum:]]+([-_]?[[:alnum:]]+)*\.){1,3}([[:alnum:]]{2,6})$", trim($email_list_temp[$i])) )
if (preg_match('#^(([a-z0-9&.-_+])|(\*))+@[a-z0-9\-]+\.([a-z0-9\-]+\.)*?[a-z]+$#is', trim($email_list_temp[$i])))
{
$email_list[] = trim($email_list_temp[$i]);
}
@@ -163,32 +164,33 @@ if( isset($HTTP_POST_VARS['submit']) )
$sql = "SELECT *
FROM " . BANLIST_TABLE;
if( !$result = $db->sql_query($sql) )
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, "Couldn't obtain banlist information", "", __LINE__, __FILE__, $sql);
}
$current_banlist = $db->sql_fetchrowset($result);
$db->sql_freeresult($result);
$kill_session_sql = "";
$kill_session_sql = '';
for($i = 0; $i < count($user_list); $i++)
{
$in_banlist = false;
for($j = 0; $j < count($current_banlist); $j++)
{
if($user_list[$i] == $current_banlist[$j]['ban_userid'])
if ( $user_list[$i] == $current_banlist[$j]['ban_userid'] )
{
$in_banlist = true;
}
}
if(!$in_banlist)
if ( !$in_banlist )
{
$kill_session_sql .= ( ($kill_session_sql != "") ? " OR " : "" ) . "session_user_id = $user_list[$i]";
$kill_session_sql .= ( ( $kill_session_sql != '' ) ? ' OR ' : '' ) . "session_user_id = " . $user_list[$i];
$sql = "INSERT INTO " . BANLIST_TABLE . " (ban_userid)
VALUES (" . $user_list[$i] . ")";
if( !$result = $db->sql_query($sql) )
if ( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, "Couldn't insert ban_userid info into database", "", __LINE__, __FILE__, $sql);
}
@@ -200,28 +202,28 @@ if( isset($HTTP_POST_VARS['submit']) )
$in_banlist = false;
for($j = 0; $j < count($current_banlist); $j++)
{
if($ip_list[$i] == $current_banlist[$j]['ban_ip'])
if ( $ip_list[$i] == $current_banlist[$j]['ban_ip'] )
{
$in_banlist = true;
}
}
if(!$in_banlist)
if ( !$in_banlist )
{
if( preg_match("/(ff\.)|(\.ff)/is", chunk_split($ip_list[$i], 2, ".")) )
if ( preg_match('/(ff\.)|(\.ff)/is', chunk_split($ip_list[$i], 2, '.')) )
{
$kill_ip_sql = "session_ip LIKE '" . str_replace(".", "", preg_replace("/(ff\.)|(\.ff)/is", "%", chunk_split($ip_list[$i], 2, "."))) . "'";
$kill_ip_sql = "session_ip LIKE '" . str_replace('.', '', preg_replace('/(ff\.)|(\.ff)/is', '%', chunk_split($ip_list[$i], 2, "."))) . "'";
}
else
{
$kill_ip_sql = "session_ip = '" . $ip_list[$i] . "'";
}
$kill_session_sql .= ( ($kill_session_sql != "") ? " OR " : "" ) . $kill_ip_sql;
$kill_session_sql .= ( ( $kill_session_sql != '' ) ? ' OR ' : '' ) . $kill_ip_sql;
$sql = "INSERT INTO " . BANLIST_TABLE . " (ban_ip)
VALUES ('" . $ip_list[$i] . "')";
if( !$result = $db->sql_query($sql) )
if ( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, "Couldn't insert ban_ip info into database", "", __LINE__, __FILE__, $sql);
}
@@ -229,18 +231,15 @@ if( isset($HTTP_POST_VARS['submit']) )
}
//
// Now we'll delete all entries from the
// session table with any of the banned
// user or IP info just entered into the
// ban table ... this will force a session
// initialisation resulting in an instant
// ban
// Now we'll delete all entries from the session table with any of the banned
// user or IP info just entered into the ban table ... this will force a session
// initialisation resulting in an instant ban
//
if( $kill_session_sql != "" )
if ( $kill_session_sql != '' )
{
$sql = "DELETE FROM " . SESSIONS_TABLE . "
WHERE $kill_session_sql";
if( !$result = $db->sql_query($sql) )
if ( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, "Couldn't delete banned sessions from database", "", __LINE__, __FILE__, $sql);
}
@@ -251,87 +250,75 @@ if( isset($HTTP_POST_VARS['submit']) )
$in_banlist = false;
for($j = 0; $j < count($current_banlist); $j++)
{
if( $email_list[$i] == $current_banlist[$j]['ban_email'] )
if ( $email_list[$i] == $current_banlist[$j]['ban_email'] )
{
$in_banlist = true;
}
}
if( !$in_banlist )
if ( !$in_banlist )
{
$sql = "INSERT INTO " . BANLIST_TABLE . " (ban_email)
VALUES ('" . str_replace("\'", "''", $email_list[$i]) . "')";
if( !$result = $db->sql_query($sql) )
if ( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, "Couldn't insert ban_email info into database", "", __LINE__, __FILE__, $sql);
}
}
}
$where_sql = "";
$where_sql = '';
if(isset($HTTP_POST_VARS['unban_user']))
if ( isset($HTTP_POST_VARS['unban_user']) )
{
$user_list = $HTTP_POST_VARS['unban_user'];
for($i = 0; $i < count($user_list); $i++)
{
if($user_list[$i] != -1)
if ( $user_list[$i] != -1 )
{
if($where_sql != "")
{
$where_sql .= ", ";
}
$where_sql .= $user_list[$i];
$where_sql .= ( ( $where_sql != '' ) ? ', ' : '' ) . intval($user_list[$i]);
}
}
}
if( isset($HTTP_POST_VARS['unban_ip']) )
if ( isset($HTTP_POST_VARS['unban_ip']) )
{
$ip_list = $HTTP_POST_VARS['unban_ip'];
for($i = 0; $i < count($ip_list); $i++)
{
if($ip_list[$i] != -1)
if ( $ip_list[$i] != -1 )
{
if($where_sql != "")
{
$where_sql .= ", ";
}
$where_sql .= $ip_list[$i];
$where_sql .= ( ( $where_sql != '' ) ? ', ' : '' ) . str_replace("\'", "''", $ip_list[$i]);
}
}
}
if( isset($HTTP_POST_VARS['unban_email']) )
if ( isset($HTTP_POST_VARS['unban_email']) )
{
$email_list = $HTTP_POST_VARS['unban_email'];
for($i = 0; $i < count($email_list); $i++)
{
if($email_list[$i] != -1)
if ( $email_list[$i] != -1 )
{
if($where_sql != "")
{
$where_sql .= ", ";
}
$where_sql .= $email_list[$i];
$where_sql .= ( ( $where_sql != '' ) ? ', ' : '' ) . str_replace("\'", "''", $email_list[$i]);
}
}
}
if( $where_sql != "" )
if ( $where_sql != '' )
{
$sql = "DELETE FROM " . BANLIST_TABLE . "
WHERE ban_id IN ($where_sql)";
if( !$result = $db->sql_query($sql) )
if ( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, "Couldn't delete ban info from database", "", __LINE__, __FILE__, $sql);
}
}
$message = $lang['Ban_update_sucessful'] . "<br /><br />" . sprintf($lang['Click_return_banadmin'], "<a href=\"" . append_sid("admin_user_ban.$phpEx") . "\">", "</a>") . "<br /><br />" . sprintf($lang['Click_return_admin_index'], "<a href=\"" . append_sid("index.$phpEx?pane=right") . "\">", "</a>");
$message = $lang['Ban_update_sucessful'] . '<br /><br />' . sprintf($lang['Click_return_banadmin'], '<a href="' . append_sid("admin_user_ban.$phpEx") . '">', '</a>') . '<br /><br />' . sprintf($lang['Click_return_admin_index'], '<a href="' . append_sid("index.$phpEx?pane=right") . '">', '</a>');
message_die(GENERAL_MESSAGE, $message);
@@ -354,37 +341,13 @@ else
'S_BANLIST_ACTION' => append_sid("admin_user_ban.$phpEx"))
);
$userban_count = 0;
$sql = "SELECT user_id, username
FROM " . USERS_TABLE . "
WHERE user_id <> " . ANONYMOUS . "
ORDER BY username ASC";
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not select current user_id ban list', '', __LINE__, __FILE__, $sql);
}
$user_list = $db->sql_fetchrowset($result);
$db->sql_freeresult($result);
$select_userlist = '';
for($i = 0; $i < count($user_list); $i++)
{
$select_userlist .= '<option value="' . $user_list[$i]['user_id'] . '">' . $user_list[$i]['username'] . '</option>';
$userban_count++;
}
$select_userlist = '<select name="ban_user[]" multiple="multiple" size="5">' . $select_userlist . '</select>';
$template->assign_vars(array(
'L_BAN_USER' => $lang['Ban_username'],
'L_BAN_USER_EXPLAIN' => $lang['Ban_username_explain'],
'L_BAN_IP' => $lang['Ban_IP'],
'L_BAN_IP_EXPLAIN' => $lang['Ban_IP_explain'],
'L_BAN_EMAIL' => $lang['Ban_email'],
'L_BAN_EMAIL_EXPLAIN' => $lang['Ban_email_explain'],
'S_BAN_USERLIST_SELECT' => $select_userlist)
'L_BAN_EMAIL_EXPLAIN' => $lang['Ban_email_explain'])
);
$userban_count = 0;
@@ -469,8 +432,12 @@ else
'L_UNBAN_IP' => $lang['Unban_IP'],
'L_UNBAN_IP_EXPLAIN' => $lang['Unban_IP_explain'],
'L_UNBAN_EMAIL' => $lang['Unban_email'],
'L_UNBAN_EMAIL_EXPLAIN' => $lang['Unban_email_explain'],
'L_UNBAN_EMAIL_EXPLAIN' => $lang['Unban_email_explain'],
'L_USERNAME' => $lang['Username'],
'L_LOOK_UP' => $lang['Look_up_User'],
'L_FIND_USERNAME' => $lang['Find_username'],
'U_SEARCH_USER' => append_sid("./../search.$phpEx?mode=searchuser"),
'S_UNBAN_USERLIST_SELECT' => $select_userlist,
'S_UNBAN_IPLIST_SELECT' => $select_iplist,
'S_UNBAN_EMAILLIST_SELECT' => $select_emaillist,
@@ -480,6 +447,6 @@ else
$template->pparse('body');
include('page_footer_admin.'.$phpEx);
include('./page_footer_admin.'.$phpEx);
?>

428
phpBB/admin/admin_users.php
View File

@@ -30,20 +30,24 @@ if( !empty($setmodules) )
return;
}
$phpbb_root_path = "../";
$phpbb_root_path = './../';
require($phpbb_root_path . 'extension.inc');
require('pagestart.' . $phpEx);
require('./pagestart.' . $phpEx);
require($phpbb_root_path . 'includes/bbcode.'.$phpEx);
require($phpbb_root_path . 'includes/functions_post.'.$phpEx);
require($phpbb_root_path . 'includes/functions_selects.'.$phpEx);
require($phpbb_root_path . 'includes/functions_validate.'.$phpEx);
$html_entities_match = array('#<#', '#>#');
$html_entities_replace = array('&lt;', '&gt;');
//
// Set mode
//
if( isset( $HTTP_POST_VARS['mode'] ) || isset( $HTTP_GET_VARS['mode'] ) )
{
$mode = ( isset( $HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode'];
$mode = htmlspecialchars($mode);
}
else
{
@@ -53,22 +57,167 @@ else
//
// Begin program
//
if( $mode == 'edit' || $mode == 'save' && ( isset($HTTP_POST_VARS['username']) || isset($HTTP_GET_VARS[POST_USERS_URL]) || isset( $HTTP_POST_VARS[POST_USERS_URL]) ) )
if ( $mode == 'edit' || $mode == 'save' && ( isset($HTTP_POST_VARS['username']) || isset($HTTP_GET_VARS[POST_USERS_URL]) || isset( $HTTP_POST_VARS[POST_USERS_URL]) ) )
{
//
// Ok, the profile has been modified and submitted, let's update
//
if( ( $mode == 'save' && isset( $HTTP_POST_VARS['submit'] ) ) || isset( $HTTP_POST_VARS['avatargallery'] ) || isset( $HTTP_POST_VARS['submitavatar'] ) || isset( $HTTP_POST_VARS['cancelavatar'] ) )
if ( ( $mode == 'save' && isset( $HTTP_POST_VARS['submit'] ) ) || isset( $HTTP_POST_VARS['avatargallery'] ) || isset( $HTTP_POST_VARS['submitavatar'] ) || isset( $HTTP_POST_VARS['cancelavatar'] ) )
{
$user_id = intval( $HTTP_POST_VARS['id'] );
$user_id = intval($HTTP_POST_VARS['id']);
$this_userdata = get_userdata($user_id);
if( !$this_userdata )
if (!($this_userdata = get_userdata($user_id)))
{
message_die(GENERAL_MESSAGE, $lang['No_user_id_specified'] );
}
$username = ( !empty($HTTP_POST_VARS['username']) ) ? trim(strip_tags( $HTTP_POST_VARS['username'] ) ) : '';
if( $HTTP_POST_VARS['deleteuser'] )
{
$sql = "SELECT g.group_id
FROM " . USER_GROUP_TABLE . " ug, " . GROUPS_TABLE . " g
WHERE ug.user_id = $user_id
AND g.group_id = ug.group_id
AND g.group_single_user = 1";
if( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not obtain group information for this user', '', __LINE__, __FILE__, $sql);
}
$row = $db->sql_fetchrow($result);
$sql = "UPDATE " . POSTS_TABLE . "
SET poster_id = " . DELETED . ", post_username = '$username'
WHERE poster_id = $user_id";
if( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not update posts for this user', '', __LINE__, __FILE__, $sql);
}
$sql = "UPDATE " . TOPICS_TABLE . "
SET topic_poster = " . DELETED . "
WHERE topic_poster = $user_id";
if( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not update topics for this user', '', __LINE__, __FILE__, $sql);
}
$sql = "UPDATE " . VOTE_USERS_TABLE . "
SET vote_user_id = " . DELETED . "
WHERE vote_user_id = $user_id";
if( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not update votes for this user', '', __LINE__, __FILE__, $sql);
}
$sql = "SELECT group_id
FROM " . GROUPS_TABLE . "
WHERE group_moderator = $user_id";
if( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not select groups where user was moderator', '', __LINE__, __FILE__, $sql);
}
while ( $row_group = $db->sql_fetchrow($result) )
{
$group_moderator[] = $row_group['group_id'];
}
if ( count($group_moderator) )
{
$update_moderator_id = implode(', ', $group_moderator);
$sql = "UPDATE " . GROUPS_TABLE . "
SET group_moderator = " . $userdata['user_id'] . "
WHERE group_moderator IN ($update_moderator_id)";
if( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not update group moderators', '', __LINE__, __FILE__, $sql);
}
}
$sql = "DELETE FROM " . USERS_TABLE . "
WHERE user_id = $user_id";
if( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not delete user', '', __LINE__, __FILE__, $sql);
}
$sql = "DELETE FROM " . USER_GROUP_TABLE . "
WHERE user_id = $user_id";
if( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not delete user from user_group table', '', __LINE__, __FILE__, $sql);
}
$sql = "DELETE FROM " . GROUPS_TABLE . "
WHERE group_id = " . $row['group_id'];
if( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not delete group for this user', '', __LINE__, __FILE__, $sql);
}
$sql = "DELETE FROM " . AUTH_ACCESS_TABLE . "
WHERE group_id = " . $row['group_id'];
if( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not delete group for this user', '', __LINE__, __FILE__, $sql);
}
$sql = "DELETE FROM " . TOPICS_WATCH_TABLE . "
WHERE user_id = $user_id";
if ( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not delete user from topic watch table', '', __LINE__, __FILE__, $sql);
}
$sql = "DELETE FROM " . BANLIST_TABLE . "
WHERE ban_userid = $user_id";
if ( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not delete user from banlist table', '', __LINE__, __FILE__, $sql);
}
$sql = "SELECT privmsgs_id
FROM " . PRIVMSGS_TABLE . "
WHERE privmsgs_from_userid = $user_id
OR privmsgs_to_userid = $user_id";
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not select all users private messages', '', __LINE__, __FILE__, $sql);
}
// This little bit of code directly from the private messaging section.
while ( $row_privmsgs = $db->sql_fetchrow($result) )
{
$mark_list[] = $row_privmsgs['privmsgs_id'];
}
if ( count($mark_list) )
{
$delete_sql_id = implode(', ', $mark_list);
$delete_text_sql = "DELETE FROM " . PRIVMSGS_TEXT_TABLE . "
WHERE privmsgs_text_id IN ($delete_sql_id)";
$delete_sql = "DELETE FROM " . PRIVMSGS_TABLE . "
WHERE privmsgs_id IN ($delete_sql_id)";
if ( !$db->sql_query($delete_sql) )
{
message_die(GENERAL_ERROR, 'Could not delete private message info', '', __LINE__, __FILE__, $delete_sql);
}
if ( !$db->sql_query($delete_text_sql) )
{
message_die(GENERAL_ERROR, 'Could not delete private message text', '', __LINE__, __FILE__, $delete_text_sql);
}
}
$message = $lang['User_deleted'] . '<br /><br />' . sprintf($lang['Click_return_useradmin'], '<a href="' . append_sid("admin_users.$phpEx") . '">', '</a>') . '<br /><br />' . sprintf($lang['Click_return_admin_index'], '<a href="' . append_sid("index.$phpEx?pane=right") . '">', '</a>');
message_die(GENERAL_MESSAGE, $message);
}
$username = ( !empty($HTTP_POST_VARS['username']) ) ? trim(strip_tags(htmlspecialchars($HTTP_POST_VARS['username']))) : '';
$email = ( !empty($HTTP_POST_VARS['email']) ) ? trim(strip_tags(htmlspecialchars( $HTTP_POST_VARS['email'] ) )) : '';
$password = ( !empty($HTTP_POST_VARS['password']) ) ? trim(strip_tags(htmlspecialchars( $HTTP_POST_VARS['password'] ) )) : '';
@@ -129,18 +278,18 @@ if( $mode == 'edit' || $mode == 'save' && ( isset($HTTP_POST_VARS['username']) |
$password_confirm = '';
$icq = stripslashes($icq);
$aim = stripslashes($aim);
$msn = stripslashes($msn);
$yim = stripslashes($yim);
$aim = htmlspecialchars(stripslashes($aim));
$msn = htmlspecialchars(stripslashes($msn));
$yim = htmlspecialchars(stripslashes($yim));
$website = stripslashes($website);
$location = stripslashes($location);
$occupation = stripslashes($occupation);
$interests = stripslashes($interests);
$signature = stripslashes($signature);
$website = htmlspecialchars(stripslashes($website));
$location = htmlspecialchars(stripslashes($location));
$occupation = htmlspecialchars(stripslashes($occupation));
$interests = htmlspecialchars(stripslashes($interests));
$signature = htmlspecialchars(stripslashes($signature));
$user_lang = stripslashes($user_lang);
$user_dateformat = stripslashes($user_dateformat);
$user_dateformat = htmlspecialchars(stripslashes($user_dateformat));
if ( !isset($HTTP_POST_VARS['cancelavatar']))
{
@@ -156,22 +305,33 @@ if( $mode == 'edit' || $mode == 'save' && ( isset($HTTP_POST_VARS['username']) |
$error = FALSE;
if( stripslashes($username) != $this_userdata['username'] )
if (stripslashes($username) != $this_userdata['username'])
{
unset($rename_user);
if( !validate_username($username) )
if ( stripslashes(strtolower($username)) != strtolower($this_userdata['username']) )
{
$error = TRUE;
$error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Invalid_username'];
$result = validate_username($username);
if ( $result['error'] )
{
$error = TRUE;
$error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $result['error_msg'];
}
else if ( strtolower(str_replace("\\'", "''", $username)) == strtolower($userdata['username']) )
{
$error = TRUE;
$error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Username_taken'];
}
}
else
if (!$error)
{
$username_sql = "username = '" . str_replace("\'", "''", $username) . "', ";
$username_sql = "username = '" . str_replace("\\'", "''", $username) . "', ";
$rename_user = $username; // Used for renaming usergroup
}
}
$passwd_sql = "";
$passwd_sql = '';
if( !empty($password) && !empty($password_confirm) )
{
//
@@ -199,25 +359,13 @@ if( $mode == 'edit' || $mode == 'save' && ( isset($HTTP_POST_VARS['username']) |
$error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Password_mismatch'];
}
if( $user_status == 0 )
{
// User is (made) inactive. Delete all their sessions.
$sql = "DELETE FROM " . SESSIONS_TABLE . "
WHERE session_user_id = $user_id";
if( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not delete this users sessions', '', __LINE__, __FILE__, $sql);
}
}
if( $signature != "" )
if ($signature != '')
{
$sig_length_check = preg_replace('/(\[.*?)(=.*?)\]/is', '\\1]', stripslashes($signature));
if ( $allowhtml )
{
$sig_length_check = preg_replace('/(\<.*?)(=.*?)( .*?=.*?)?([ \/]?\>)/is', '\\1\\3\\4', $sig_length_check);
}
$sig_length_check = preg_replace('/(\[.*?)(=.*?)\]/is', '\\1]', stripslashes($signature));
// Only create a new bbcode_uid when there was no uid yet.
if ( $signature_bbcode_uid == '' )
@@ -233,9 +381,6 @@ if( $mode == 'edit' || $mode == 'save' && ( isset($HTTP_POST_VARS['username']) |
}
}
//
// Avatar stuff
//
//
// Avatar stuff
//
@@ -244,7 +389,7 @@ if( $mode == 'edit' || $mode == 'save' && ( isset($HTTP_POST_VARS['username']) |
{
if( $this_userdata['user_avatar_type'] == USER_AVATAR_UPLOAD && $this_userdata['user_avatar'] != "" )
{
if( @file_exists("./" . $board_config['avatar_path'] . "/" . $this_userdata['user_avatar']) )
if( @file_exists(@phpbb_realpath("./" . $board_config['avatar_path'] . "/" . $this_userdata['user_avatar'])) )
{
@unlink("./" . $board_config['avatar_path'] . "/" . $this_userdata['user_avatar']);
}
@@ -269,9 +414,9 @@ if( $mode == 'edit' || $mode == 'save' && ( isset($HTTP_POST_VARS['username']) |
if( $user_avatar_loc != "" )
{
if( file_exists($user_avatar_loc) && ereg(".jpg$|.gif$|.png$", $user_avatar_name) )
if( file_exists(@phpbb_realpath($user_avatar_loc)) && ereg(".jpg$|.gif$|.png$", $user_avatar_name) )
{
if( $user_avatar_size <= $board_config['avatar_filesize'] && $avatar_size > 0)
if( $user_avatar_size <= $board_config['avatar_filesize'] && $user_avatar_size > 0)
{
$error_type = false;
@@ -312,7 +457,7 @@ if( $mode == 'edit' || $mode == 'save' && ( isset($HTTP_POST_VARS['username']) |
if( $this_userdata['user_avatar_type'] == USER_AVATAR_UPLOAD && $this_userdata['user_avatar'] != "" )
{
if( @file_exists("./../" . $board_config['avatar_path'] . "/" . $this_userdata['user_avatar']) )
if( @file_exists(@phpbb_realpath("./../" . $board_config['avatar_path'] . "/" . $this_userdata['user_avatar'])) )
{
@unlink("./../" . $board_config['avatar_path'] . "/". $this_userdata['user_avatar']);
}
@@ -421,7 +566,7 @@ if( $mode == 'edit' || $mode == 'save' && ( isset($HTTP_POST_VARS['username']) |
if( $this_userdata['user_avatar_type'] == USER_AVATAR_UPLOAD && $this_userdata['user_avatar'] != "")
{
if( file_exists("./../" . $board_config['avatar_path'] . "/" . $this_userdata['user_avatar']) )
if( file_exists(@phpbb_realpath("./../" . $board_config['avatar_path'] . "/" . $this_userdata['user_avatar'])) )
{
@unlink("./../" . $board_config['avatar_path'] . "/" . $this_userdata['user_avatar']);
}
@@ -508,98 +653,41 @@ if( $mode == 'edit' || $mode == 'save' && ( isset($HTTP_POST_VARS['username']) |
//
if( !$error )
{
if( $HTTP_POST_VARS['deleteuser'] )
$sql = "UPDATE " . USERS_TABLE . "
SET " . $username_sql . $passwd_sql . "user_email = '" . str_replace("\'", "''", $email) . "', user_icq = '" . str_replace("\'", "''", $icq) . "', user_website = '" . str_replace("\'", "''", $website) . "', user_occ = '" . str_replace("\'", "''", $occupation) . "', user_from = '" . str_replace("\'", "''", $location) . "', user_interests = '" . str_replace("\'", "''", $interests) . "', user_sig = '" . str_replace("\'", "''", $signature) . "', user_viewemail = $viewemail, user_aim = '" . str_replace("\'", "''", $aim) . "', user_yim = '" . str_replace("\'", "''", $yim) . "', user_msnm = '" . str_replace("\'", "''", $msn) . "', user_attachsig = $attachsig, user_sig_bbcode_uid = '$signature_bbcode_uid', user_allowsmile = $allowsmilies, user_allowhtml = $allowhtml, user_allowavatar = $user_allowavatar, user_allowbbcode = $allowbbcode, user_allow_viewonline = $allowviewonline, user_notify = $notifyreply, user_allow_pm = $user_allowpm, user_notify_pm = $notifypm, user_popup_pm = $popuppm, user_lang = '" . str_replace("\'", "''", $user_lang) . "', user_style = $user_style, user_timezone = $user_timezone, user_dateformat = '" . str_replace("\'", "''", $user_dateformat) . "', user_active = $user_status, user_rank = $user_rank" . $avatar_sql . "
WHERE user_id = $user_id";
if( $result = $db->sql_query($sql) )
{
$sql = "SELECT g.group_id
FROM " . USER_GROUP_TABLE . " ug, " . GROUPS_TABLE . " g
WHERE ug.user_id = $user_id
AND g.group_id = ug.group_id
AND g.group_single_user = 1";
if( !($result = $db->sql_query($sql)) )
if( isset($rename_user) )
{
message_die(GENERAL_ERROR, 'Could not obtain group information for this user', '', __LINE__, __FILE__, $sql);
$sql = "UPDATE " . GROUPS_TABLE . "
SET group_name = '".str_replace("\'", "''", $rename_user)."'
WHERE group_name = '".str_replace("'", "''", $this_userdata['username'] )."'";
if( !$result = $db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not rename users group', '', __LINE__, __FILE__, $sql);
}
}
$row = $db->sql_fetchrow($result);
$sql = "UPDATE " . POSTS_TABLE . "
SET poster_id = " . ANONYMOUS . ", post_username = '$username'
WHERE poster_id = $user_id";
if( !$db->sql_query($sql) )
// Delete user session, to prevent the user navigating the forum (if logged in) when disabled
if (!$user_status)
{
message_die(GENERAL_ERROR, 'Could not update posts for this user', '', __LINE__, __FILE__, $sql);
$sql = "DELETE FROM " . SESSIONS_TABLE . "
WHERE session_user_id = " . $user_id;
if ( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Error removing user session', '', __LINE__, __FILE__, $sql);
}
}
$sql = "UPDATE " . TOPICS_TABLE . "
SET topic_poster = " . ANONYMOUS . "
WHERE topic_poster = $user_id";
if( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not update topics for this user', '', __LINE__, __FILE__, $sql);
}
$sql = "DELETE FROM " . USERS_TABLE . "
WHERE user_id = $user_id";
if( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not delete user', '', __LINE__, __FILE__, $sql);
}
$sql = "DELETE FROM " . USER_GROUP_TABLE . "
WHERE user_id = $user_id";
if( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not delete user from user_group table', '', __LINE__, __FILE__, $sql);
}
$sql = "DELETE FROM " . GROUPS_TABLE . "
WHERE group_id = " . $row['group_id'];
if( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not delete group for this user', '', __LINE__, __FILE__, $sql);
}
$sql = "DELETE FROM " . AUTH_ACCESS_TABLE . "
WHERE group_id = " . $row['group_id'];
if( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not delete group for this user', '', __LINE__, __FILE__, $sql);
}
$sql = "DELETE FROM " . TOPICS_WATCH_TABLE . "
WHERE user_id = $user_id";
if ( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not delete user from topic watch table', '', __LINE__, __FILE__, $sql);
}
$message = $lang['User_deleted'];
$message .= $lang['Admin_user_updated'];
}
else
{
$sql = "UPDATE " . USERS_TABLE . "
SET " . $username_sql . $passwd_sql . "user_email = '" . str_replace("\'", "''", $email) . "', user_icq = '" . str_replace("\'", "''", $icq) . "', user_website = '" . str_replace("\'", "''", $website) . "', user_occ = '" . str_replace("\'", "''", $occupation) . "', user_from = '" . str_replace("\'", "''", $location) . "', user_interests = '" . str_replace("\'", "''", $interests) . "', user_sig = '" . str_replace("\'", "''", $signature) . "', user_viewemail = $viewemail, user_aim = '" . str_replace("\'", "''", $aim) . "', user_yim = '" . str_replace("\'", "''", $yim) . "', user_msnm = '" . str_replace("\'", "''", $msn) . "', user_attachsig = $attachsig, user_sig_bbcode_uid = '$signature_bbcode_uid', user_allowsmile = $allowsmilies, user_allowhtml = $allowhtml, user_allowavatar = $user_allowavatar, user_allowbbcode = $allowbbcode, user_allow_viewonline = $allowviewonline, user_notify = $notifyreply, user_allow_pm = $user_allowpm, user_notify_pm = $notifypm, user_popup_pm = $popuppm, user_lang = '" . str_replace("\'", "''", $user_lang) . "', user_style = $user_style, user_timezone = $user_timezone, user_dateformat = '" . str_replace("\'", "''", $user_dateformat) . "', user_active = $user_status, user_rank = $user_rank" . $avatar_sql . "
WHERE user_id = $user_id";
if( $result = $db->sql_query($sql) )
{
if( isset($rename_user) )
{
$sql = "UPDATE " . GROUPS_TABLE . "
SET group_name = '".str_replace("\'", "''", $rename_user)."'
WHERE group_name = '".str_replace("\'", "''", $this_userdata['username'] )."'";
if( !$result = $db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not rename users group', '', __LINE__, __FILE__, $sql);
}
}
$message .= $lang['Admin_user_updated'];
}
else
{
$error = TRUE;
$error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Admin_user_fail'];
}
$error = TRUE;
$error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Admin_user_fail'];
}
$message .= '<br /><br />' . sprintf($lang['Click_return_useradmin'], '<a href="' . append_sid("admin_users.$phpEx") . '">', '</a>') . '<br /><br />' . sprintf($lang['Click_return_admin_index'], '<a href="' . append_sid("index.$phpEx?pane=right") . '">', '</a>');
@@ -618,24 +706,24 @@ if( $mode == 'edit' || $mode == 'save' && ( isset($HTTP_POST_VARS['username']) |
$template->assign_var_from_handle('ERROR_BOX', 'reg_header');
$username = stripslashes($username);
$username = htmlspecialchars(stripslashes($username));
$email = stripslashes($email);
$password = '';
$password_confirm = '';
$icq = stripslashes($icq);
$aim = str_replace('+', ' ', stripslashes($aim));
$msn = stripslashes($msn);
$yim = stripslashes($yim);
$aim = htmlspecialchars(str_replace('+', ' ', stripslashes($aim)));
$msn = htmlspecialchars(stripslashes($msn));
$yim = htmlspecialchars(stripslashes($yim));
$website = stripslashes($website);
$location = stripslashes($location);
$occupation = stripslashes($occupation);
$interests = stripslashes($interests);
$signature = stripslashes($signature);
$website = htmlspecialchars(stripslashes($website));
$location = htmlspecialchars(stripslashes($location));
$occupation = htmlspecialchars(stripslashes($occupation));
$interests = htmlspecialchars(stripslashes($interests));
$signature = htmlspecialchars(stripslashes($signature));
$user_lang = stripslashes($user_lang);
$user_dateformat = stripslashes($user_dateformat);
$user_dateformat = htmlspecialchars(stripslashes($user_dateformat));
}
}
else if( !isset( $HTTP_POST_VARS['submit'] ) && $mode != 'save' && !isset( $HTTP_POST_VARS['avatargallery'] ) && !isset( $HTTP_POST_VARS['submitavatar'] ) && !isset( $HTTP_POST_VARS['cancelavatar'] ) )
@@ -651,7 +739,7 @@ if( $mode == 'edit' || $mode == 'save' && ( isset($HTTP_POST_VARS['username']) |
}
else
{
$this_userdata = get_userdata( $HTTP_POST_VARS['username'] );
$this_userdata = get_userdata($HTTP_POST_VARS['username'], true);
if( !$this_userdata )
{
message_die(GENERAL_MESSAGE, $lang['No_user_id_specified'] );
@@ -668,15 +756,17 @@ if( $mode == 'edit' || $mode == 'save' && ( isset($HTTP_POST_VARS['username']) |
$password_confirm = '';
$icq = $this_userdata['user_icq'];
$aim = str_replace('+', ' ', $this_userdata['user_aim'] );
$msn = $this_userdata['user_msnm'];
$yim = $this_userdata['user_yim'];
$aim = htmlspecialchars(str_replace('+', ' ', $this_userdata['user_aim'] ));
$msn = htmlspecialchars($this_userdata['user_msnm']);
$yim = htmlspecialchars($this_userdata['user_yim']);
$website = $this_userdata['user_website'];
$location = $this_userdata['user_from'];
$occupation = $this_userdata['user_occ'];
$interests = $this_userdata['user_interests'];
$signature = $this_userdata['user_sig'];
$website = htmlspecialchars($this_userdata['user_website']);
$location = htmlspecialchars($this_userdata['user_from']);
$occupation = htmlspecialchars($this_userdata['user_occ']);
$interests = htmlspecialchars($this_userdata['user_interests']);
$signature = ($this_userdata['user_sig_bbcode_uid'] != '') ? preg_replace('#:' . $this_userdata['user_sig_bbcode_uid'] . '#si', '', $this_userdata['user_sig']) : $this_userdata['user_sig'];
$signature = preg_replace($html_entities_match, $html_entities_replace, $signature);
$viewemail = $this_userdata['user_viewemail'];
$notifypm = $this_userdata['user_notify_pm'];
@@ -693,7 +783,7 @@ if( $mode == 'edit' || $mode == 'save' && ( isset($HTTP_POST_VARS['username']) |
$user_style = $this_userdata['user_style'];
$user_lang = $this_userdata['user_lang'];
$user_timezone = $this_userdata['user_timezone'];
$user_dateformat = $this_userdata['user_dateformat'];
$user_dateformat = htmlspecialchars($this_userdata['user_dateformat']);
$user_status = $this_userdata['user_active'];
$user_allowavatar = $this_userdata['user_allowavatar'];
@@ -721,7 +811,7 @@ if( $mode == 'edit' || $mode == 'save' && ( isset($HTTP_POST_VARS['username']) |
$avatar_images = array();
while( $file = @readdir($dir) )
{
if( $file != "." && $file != ".." && !is_file("./../" . $board_config['avatar_gallery_path'] . "/" . $file) && !is_link("./../" . $board_config['avatar_gallery_path'] . "/" . $file) )
if( $file != "." && $file != ".." && !is_file(phpbb_realpath("./../" . $board_config['avatar_gallery_path'] . "/" . $file)) && !is_link(phpbb_realpath("./../" . $board_config['avatar_gallery_path'] . "/" . $file)) )
{
$sub_dir = @opendir("../" . $board_config['avatar_gallery_path'] . "/" . $file);
@@ -749,7 +839,7 @@ if( $mode == 'edit' || $mode == 'save' && ( isset($HTTP_POST_VARS['username']) |
if( isset($HTTP_POST_VARS['avatarcategory']) )
{
$category = $HTTP_POST_VARS['avatarcategory'];
$category = htmlspecialchars($HTTP_POST_VARS['avatarcategory']);
}
else
{
@@ -885,8 +975,6 @@ if( $mode == 'edit' || $mode == 'save' && ( isset($HTTP_POST_VARS['username']) |
$rank_select_box .= '<option value="' . $rank_id . '"' . $selected . '>' . $rank . '</option>';
}
$signature = preg_replace('/\:[0-9a-z\:]*?\]/si', ']', $signature);
$template->set_filenames(array(
"body" => "admin/user_edit_body.tpl")
);
@@ -929,7 +1017,7 @@ if( $mode == 'edit' || $mode == 'save' && ( isset($HTTP_POST_VARS['username']) |
'ALWAYS_ALLOW_SMILIES_YES' => ($allowsmilies) ? 'checked="checked"' : '',
'ALWAYS_ALLOW_SMILIES_NO' => (!$allowsmilies) ? 'checked="checked"' : '',
'AVATAR' => $avatar,
'LANGUAGE_SELECT' => language_select($user_lang, 'language', '../language'),
'LANGUAGE_SELECT' => language_select($user_lang),
'TIMEZONE_SELECT' => tz_select($user_timezone),
'STYLE_SELECT' => style_select($user_style, 'style'),
'DATE_FORMAT' => $user_dateformat,
@@ -941,6 +1029,7 @@ if( $mode == 'edit' || $mode == 'save' && ( isset($HTTP_POST_VARS['username']) |
'USER_ACTIVE_NO' => (!$user_status) ? 'checked="checked"' : '',
'RANK_SELECT_BOX' => $rank_select_box,
'L_USERNAME' => $lang['Username'],
'L_USER_TITLE' => $lang['User_admin'],
'L_USER_EXPLAIN' => $lang['User_admin_explain'],
'L_NEW_PASSWORD' => $lang['New_password'],
@@ -954,7 +1043,7 @@ if( $mode == 'edit' || $mode == 'save' && ( isset($HTTP_POST_VARS['username']) |
'L_YAHOO' => $lang['YIM'],
'L_WEBSITE' => $lang['Website'],
'L_AIM' => $lang['AIM'],
'L_LOCATION' => $lang['From'],
'L_LOCATION' => $lang['Location'],
'L_OCCUPATION' => $lang['Occupation'],
'L_BOARD_LANGUAGE' => $lang['Board_lang'],
'L_BOARD_STYLE' => $lang['Board_style'],
@@ -971,7 +1060,7 @@ if( $mode == 'edit' || $mode == 'save' && ( isset($HTTP_POST_VARS['username']) |
'L_ALWAYS_ADD_SIGNATURE' => $lang['Always_add_sig'],
'L_SPECIAL' => $lang['User_special'],
'L_SPECIAL_EXPLAIN' => $lang['User_specail_explain'],
'L_SPECIAL_EXPLAIN' => $lang['User_special_explain'],
'L_USER_ACTIVE' => $lang['User_status'],
'L_ALLOW_PM' => $lang['User_allowpm'],
'L_ALLOW_AVATAR' => $lang['User_allowavatar'],
@@ -1012,7 +1101,7 @@ if( $mode == 'edit' || $mode == 'save' && ( isset($HTTP_POST_VARS['username']) |
'S_PROFILE_ACTION' => append_sid("admin_users.$phpEx"))
);
if( file_exists('./../' . $board_config['avatar_path'] ) )
if( file_exists(@phpbb_realpath('./../' . $board_config['avatar_path'])) && ($board_config['allow_avatar_upload'] == TRUE) )
{
if ( $form_enctype != '' )
{
@@ -1021,33 +1110,24 @@ if( $mode == 'edit' || $mode == 'save' && ( isset($HTTP_POST_VARS['username']) |
$template->assign_block_vars('avatar_remote_upload', array() );
}
if( file_exists('./../' . $board_config['avatar_gallery_path'] ) )
if( file_exists(@phpbb_realpath('./../' . $board_config['avatar_gallery_path'])) && ($board_config['allow_avatar_local'] == TRUE) )
{
$template->assign_block_vars('avatar_local_gallery', array() );
}
if( $board_config['allow_avatar_remote'] == TRUE )
{
$template->assign_block_vars('avatar_remote_link', array() );
}
}
$template->pparse('body');
}
else
{
//
// Default user selection box
//
$sql = "SELECT user_id, username
FROM " . USERS_TABLE . "
WHERE user_id <> " . ANONYMOUS ."
ORDER BY username";
$result = $db->sql_query($sql);
$select_list = '<select name="' . POST_USERS_URL . '">';
while( $row = $db->sql_fetchrow($result) )
{
$select_list .= '<option value="' . $row['user_id'] . '">' . $row['username'] . '</option>';
}
$select_list .= '</select>';
$template->set_filenames(array(
'body' => 'admin/user_select_body.tpl')
);
@@ -1059,7 +1139,7 @@ else
'L_LOOK_UP' => $lang['Look_up_user'],
'L_FIND_USERNAME' => $lang['Find_username'],
'U_SEARCH_USER' => append_sid("../search.$phpEx?mode=searchuser"),
'U_SEARCH_USER' => append_sid("./../search.$phpEx?mode=searchuser"),
'S_USER_ACTION' => append_sid("admin_users.$phpEx"),
'S_USER_SELECT' => $select_list)
@@ -1068,6 +1148,6 @@ else
}
include('page_footer_admin.'.$phpEx);
include('./page_footer_admin.'.$phpEx);
?>
?>

16
phpBB/admin/admin_words.php
View File

@@ -32,13 +32,14 @@ if( !empty($setmodules) )
//
// Load default header
//
$phpbb_root_path = "../";
$phpbb_root_path = "./../";
require($phpbb_root_path . 'extension.inc');
require('pagestart.' . $phpEx);
require('./pagestart.' . $phpEx);
if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) )
{
$mode = ($HTTP_GET_VARS['mode']) ? $HTTP_GET_VARS['mode'] : $HTTP_POST_VARS['mode'];
$mode = htmlspecialchars($mode);
}
else
{
@@ -63,7 +64,7 @@ if( $mode != "" )
{
if( $mode == "edit" || $mode == "add" )
{
$word_id = ( isset($HTTP_GET_VARS['id']) ) ? $HTTP_GET_VARS['id'] : 0;
$word_id = ( isset($HTTP_GET_VARS['id']) ) ? intval($HTTP_GET_VARS['id']) : 0;
$template->set_filenames(array(
"body" => "admin/words_edit_body.tpl")
@@ -109,11 +110,11 @@ if( $mode != "" )
$template->pparse("body");
include('page_footer_admin.'.$phpEx);
include('./page_footer_admin.'.$phpEx);
}
else if( $mode == "save" )
{
$word_id = ( isset($HTTP_POST_VARS['id']) ) ? $HTTP_POST_VARS['id'] : 0;
$word_id = ( isset($HTTP_POST_VARS['id']) ) ? intval($HTTP_POST_VARS['id']) : 0;
$word = ( isset($HTTP_POST_VARS['word']) ) ? trim($HTTP_POST_VARS['word']) : "";
$replacement = ( isset($HTTP_POST_VARS['replacement']) ) ? trim($HTTP_POST_VARS['replacement']) : "";
@@ -150,6 +151,7 @@ if( $mode != "" )
if( isset($HTTP_POST_VARS['id']) || isset($HTTP_GET_VARS['id']) )
{
$word_id = ( isset($HTTP_POST_VARS['id']) ) ? $HTTP_POST_VARS['id'] : $HTTP_GET_VARS['id'];
$word_id = intval($word_id);
}
else
{
@@ -172,7 +174,7 @@ if( $mode != "" )
}
else
{
message_die(GENERAL_MESSAGE, $lang['Must_specify_word']);
message_die(GENERAL_MESSAGE, $lang['No_word_selected']);
}
}
}
@@ -230,6 +232,6 @@ else
$template->pparse("body");
include('page_footer_admin.'.$phpEx);
include('./page_footer_admin.'.$phpEx);
?>

87
phpBB/admin/index.php
View File

@@ -26,9 +26,9 @@ define('IN_PHPBB', 1);
// Load default header
//
$no_page_header = TRUE;
$phpbb_root_path = "../";
$phpbb_root_path = "./../";
require($phpbb_root_path . 'extension.inc');
require('pagestart.' . $phpEx);
require('./pagestart.' . $phpEx);
// ---------------
// Begin functions
@@ -68,7 +68,7 @@ if( isset($HTTP_GET_VARS['pane']) && $HTTP_GET_VARS['pane'] == 'left' )
unset($setmodules);
include('page_header_admin.'.$phpEx);
include('./page_header_admin.'.$phpEx);
$template->set_filenames(array(
"body" => "admin/index_navigate.tpl")
@@ -116,12 +116,12 @@ if( isset($HTTP_GET_VARS['pane']) && $HTTP_GET_VARS['pane'] == 'left' )
$template->pparse("body");
include('page_footer_admin.'.$phpEx);
include('./page_footer_admin.'.$phpEx);
}
elseif( isset($HTTP_GET_VARS['pane']) && $HTTP_GET_VARS['pane'] == 'right' )
{
include('page_header_admin.'.$phpEx);
include('./page_header_admin.'.$phpEx);
$template->set_filenames(array(
"body" => "admin/index_body.tpl")
@@ -132,6 +132,7 @@ elseif( isset($HTTP_GET_VARS['pane']) && $HTTP_GET_VARS['pane'] == 'right' )
"L_ADMIN_INTRO" => $lang['Admin_intro'],
"L_FORUM_STATS" => $lang['Forum_stats'],
"L_WHO_IS_ONLINE" => $lang['Who_is_Online'],
"L_USERNAME" => $lang['Username'],
"L_LOCATION" => $lang['Location'],
"L_LAST_UPDATE" => $lang['Last_updated'],
"L_IP_ADDRESS" => $lang['IP_Address'],
@@ -331,7 +332,7 @@ elseif( isset($HTTP_GET_VARS['pane']) && $HTTP_GET_VARS['pane'] == 'right' )
WHERE s.session_logged_in = " . TRUE . "
AND u.user_id = s.session_user_id
AND u.user_id <> " . ANONYMOUS . "
AND u.user_session_time >= " . ( time() - 300 ) . "
AND s.session_time >= " . ( time() - 300 ) . "
ORDER BY u.user_session_time DESC";
if(!$result = $db->sql_query($sql))
{
@@ -454,7 +455,7 @@ elseif( isset($HTTP_GET_VARS['pane']) && $HTTP_GET_VARS['pane'] == 'right' )
"FORUM_LOCATION" => $location,
"IP_ADDRESS" => $reg_ip,
"U_WHOIS_IP" => "http://www.samspade.org/t/ipwhois?a=$reg_ip",
"U_WHOIS_IP" => "http://network-tools.com/default.asp?host=$reg_ip",
"U_USER_PROFILE" => append_sid("admin_users.$phpEx?mode=edit&amp;" . POST_USERS_URL . "=" . $onlinerow_reg[$i]['user_id']),
"U_FORUM_LOCATION" => append_sid($location_url))
);
@@ -546,7 +547,7 @@ elseif( isset($HTTP_GET_VARS['pane']) && $HTTP_GET_VARS['pane'] == 'right' )
"FORUM_LOCATION" => $location,
"IP_ADDRESS" => $guest_ip,
"U_WHOIS_IP" => "http://www.samspade.org/t/ipwhois?a=$guest_ip",
"U_WHOIS_IP" => "http://network-tools.com/default.asp?host=$guest_ip",
"U_FORUM_LOCATION" => append_sid($location_url))
);
}
@@ -559,9 +560,74 @@ elseif( isset($HTTP_GET_VARS['pane']) && $HTTP_GET_VARS['pane'] == 'right' )
);
}
// Check for new version
$current_version = explode('.', '2' . $board_config['version']);
$minor_revision = (int) $current_version[2];
$errno = 0;
$errstr = $version_info = '';
if ($fsock = @fsockopen('www.phpbb.com', 80, $errno, $errstr))
{
@fputs($fsock, "GET /updatecheck/20x.txt HTTP/1.1\r\n");
@fputs($fsock, "HOST: www.phpbb.com\r\n");
@fputs($fsock, "Connection: close\r\n\r\n");
$get_info = false;
while (!@feof($fsock))
{
if ($get_info)
{
$version_info .= @fread($fsock, 1024);
}
else
{
if (@fgets($fsock, 1024) == "\r\n")
{
$get_info = true;
}
}
}
@fclose($fsock);
$version_info = explode("\n", $version_info);
$latest_head_revision = (int) $version_info[0];
$latest_minor_revision = (int) $version_info[2];
$latest_version = (int) $version_info[0] . '.' . (int) $version_info[1] . '.' . (int) $version_info[2];
if ($latest_head_revision == 2 && $minor_revision == $latest_minor_revision)
{
$version_info = '<p style="color:green">' . $lang['Version_up_to_date'] . '</p>';
}
else
{
$version_info = '<p style="color:red">' . $lang['Version_not_up_to_date'];
$version_info .= '<br />' . sprintf($lang['Latest_version_info'], $latest_version) . sprintf($lang['Current_version_info'], '2' . $board_config['version']) . '</p>';
}
}
else
{
if ($errstr)
{
$version_info = '<p style="color:red">' . sprintf($lang['Connect_socket_error'], $errstr) . '</p>';
}
else
{
$version_info = '<p>' . $lang['Socket_functions_disabled'] . '</p>';
}
}
$version_info .= '<p>' . $lang['Mailing_list_subscribe_reminder'] . '</p>';
$template->assign_vars(array(
'VERSION_INFO' => $version_info,
'L_VERSION_INFORMATION' => $lang['Version_information'])
);
$template->pparse("body");
include('page_footer_admin.'.$phpEx);
include('./page_footer_admin.'.$phpEx);
}
else
@@ -583,8 +649,9 @@ else
$template->pparse("body");
$db->sql_close();
exit;
}
?>
?>

23
phpBB/admin/page_footer_admin.php
View File

@@ -28,27 +28,16 @@ if ( !defined('IN_PHPBB') )
//
// Show the overall footer.
//
$current_time = time();
$template->set_filenames(array(
"page_footer" => "admin/page_footer.tpl")
'page_footer' => 'admin/page_footer.tpl')
);
$template->assign_vars(array(
"PHPBB_VERSION" => "2.0 " . $board_config['version'],
"TRANSLATION_INFO" => $lang['TRANSLATION_INFO'])
'PHPBB_VERSION' => '2' . $board_config['version'],
'TRANSLATION_INFO' => $lang['TRANSLATION_INFO'])
);
$template->pparse("page_footer");
//
// Output page creation time
//
$mtime = microtime();
$mtime = explode(" ",$mtime);
$mtime = $mtime[1] + $mtime[0];
$endtime = $mtime;
$totaltime = ($endtime - $starttime);
$template->pparse('page_footer');
//
// Close our DB connection.
@@ -75,8 +64,8 @@ if( $do_gzip_compress )
echo "\x1f\x8b\x08\x00\x00\x00\x00\x00";
echo $gzip_contents;
echo pack("V", $gzip_crc);
echo pack("V", $gzip_size);
echo pack('V', $gzip_crc);
echo pack('V', $gzip_size);
}
exit;

46
phpBB/admin/page_header_admin.php
View File

@@ -31,22 +31,24 @@ define('HEADER_INC', true);
// gzip_compression
//
$do_gzip_compress = FALSE;
if($board_config['gzip_compress'])
if ( $board_config['gzip_compress'] )
{
$phpver = phpversion();
if($phpver >= '4.0.4pl1')
$useragent = (isset($_SERVER["HTTP_USER_AGENT"]) ) ? $_SERVER["HTTP_USER_AGENT"] : $HTTP_USER_AGENT;
if ( $phpver >= '4.0.4pl1' && ( strstr($useragent,'compatible') || strstr($useragent,'Gecko') ) )
{
if(extension_loaded('zlib'))
if ( extension_loaded('zlib') )
{
ob_start('ob_gzhandler');
}
}
else if($phpver > '4.0')
else if ( $phpver > '4.0' )
{
if(strstr($HTTP_SERVER_VARS['HTTP_ACCEPT_ENCODING'], 'gzip'))
if ( strstr($HTTP_SERVER_VARS['HTTP_ACCEPT_ENCODING'], 'gzip') )
{
if(extension_loaded('zlib'))
if ( extension_loaded('zlib') )
{
$do_gzip_compress = TRUE;
ob_start();
@@ -62,6 +64,10 @@ $template->set_filenames(array(
'header' => 'admin/page_header.tpl')
);
// Format Timezone. We are unable to use array_pop here, because of PHP3 compatibility
$l_timezone = explode('.', $board_config['board_timezone']);
$l_timezone = (count($l_timezone) > 1 && $l_timezone[count($l_timezone)-1] != 0) ? $lang[sprintf('%.1f', $board_config['board_timezone'])] : $lang[number_format($board_config['board_timezone'])];
//
// The following assigns all _common_ variables that may be used at any point
// in a template. Note that all URL's should be wrapped in append_sid, as
@@ -72,34 +78,12 @@ $template->assign_vars(array(
'PAGE_TITLE' => $page_title,
'L_ADMIN' => $lang['Admin'],
'L_USERNAME' => $lang['Username'],
'L_PASSWORD' => $lang['Password'],
'L_INDEX' => $lang['Forum_Index'],
'L_REGISTER' => $lang['Register'],
'L_PROFILE' => $lang['Profile'],
'L_SEARCH' => $lang['Search'],
'L_PRIVATEMSGS' => $lang['Private_msgs'],
'L_MEMBERLIST' => $lang['Memberlist'],
'L_INDEX' => sprintf($lang['Forum_Index'], $board_config['sitename']),
'L_FAQ' => $lang['FAQ'],
'L_USERGROUPS' => $lang['Usergroups'],
'L_FORUM' => $lang['Forum'],
'L_TOPICS' => $lang['Topics'],
'L_REPLIES' => $lang['Replies'],
'L_VIEWS' => $lang['Views'],
'L_POSTS' => $lang['Posts'],
'L_LASTPOST' => $lang['Last_Post'],
'L_MODERATOR' => $lang['Moderator'],
'L_NONEWPOSTS' => $lang['No_new_posts'],
'L_NEWPOSTS' => $lang['New_posts'],
'L_POSTED' => $lang['Posted'],
'L_JOINED' => $lang['Joined'],
'L_AUTHOR' => $lang['Author'],
'L_MESSAGE' => $lang['Message'],
'L_BY' => $lang['by'],
'U_INDEX' => append_sid('../index.'.$phpEx),
'S_TIMEZONE' => sprintf($lang['All_times'], $lang[$board_config['board_timezone']]),
'S_TIMEZONE' => sprintf($lang['All_times'], $l_timezone),
'S_LOGIN_ACTION' => append_sid('../login.'.$phpEx),
'S_JUMPBOX_ACTION' => append_sid('../viewforum.'.$phpEx),
'S_CURRENT_TIME' => sprintf($lang['Current_time'], create_date($board_config['default_dateformat'], time(), $board_config['board_timezone'])),
@@ -151,4 +135,4 @@ $template->assign_vars(array(
$template->pparse('header');
?>
?>

27
phpBB/admin/pagestart.php
View File

@@ -20,13 +20,13 @@
*
***************************************************************************/
if ( !defined('IN_PHPBB') )
if (!defined('IN_PHPBB'))
{
die("Hacking attempt");
}
define('IN_ADMIN', true);
// Include files
include($phpbb_root_path . 'common.'.$phpEx);
//
@@ -37,20 +37,33 @@ init_userprefs($userdata);
//
// End session management
//
if( !$userdata['session_logged_in'] )
if (!$userdata['session_logged_in'])
{
header("Location: ../" . append_sid("login.$phpEx?redirect=admin/"));
redirect(append_sid("login.$phpEx?redirect=admin/", true));
}
else if( $userdata['user_level'] != ADMIN )
else if ($userdata['user_level'] != ADMIN)
{
message_die(GENERAL_MESSAGE, $lang['Not_admin']);
}
if ( empty($no_page_header) )
if ($HTTP_GET_VARS['sid'] != $userdata['session_id'])
{
$url = str_replace(preg_replace('#^\/?(.*?)\/?$#', '\1', trim($board_config['server_name'])), '', $HTTP_SERVER_VARS['REQUEST_URI']);
$url = str_replace(preg_replace('#^\/?(.*?)\/?$#', '\1', trim($board_config['script_path'])), '', $url);
$url = str_replace('//', '/', $url);
$url = preg_replace('/sid=([^&]*)(&?)/i', '', $url);
$url = preg_replace('/\?$/', '', $url);
$url .= ((strpos($url, '?')) ? '&' : '?') . 'sid=' . $userdata['session_id'];
redirect("index.$phpEx?sid=" . $userdata['session_id']);
}
if (empty($no_page_header))
{
// Not including the pageheader can be neccesarry if META tags are
// needed in the calling script.
include('page_header_admin.'.$phpEx);
include('./page_header_admin.'.$phpEx);
}
?>