mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-08-24 09:12:56 +02:00
Code Issues Releases Wiki Activity

This commit was manufactured by cvs2svn to create tag

Browse Source 
'release_2_0_2'.

git-svn-id: file:///svn/phpbb/tags/release_2_0_2@2845 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
(no author)
2002-08-08 18:06:53 +00:00
parent 212515e02c
commit 435058a7be
561 changed files with 24331 additions and 19533 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
phpBB/includes/auth.php
View File

@@ -158,18 +158,18 @@ function auth($type, $forum_id, $userdata, $f_access = '')
if ( $row = $db->sql_fetchrow($result) )
{
if ( $forum_id != AUTH_LIST_ALL)
do
{
$u_access[] = $row;
}
else
{
do
if ( $forum_id != AUTH_LIST_ALL)
{
$u_access[] = $row;
}
else
{
$u_access[$row['forum_id']][] = $row;
}
while( $row = $db->sql_fetchrow($result) );
}
while( $row = $db->sql_fetchrow($result) );
}
}

106
phpBB/includes/bbcode.php
View File

@@ -198,19 +198,19 @@ function bbencode_second_pass($text, $uid)
$replacements[0] = $bbcode_tpl['img'];
// [url]xxxx://www.phpbb.com[/url] code..
$patterns[1] = "#\[url\]([a-z]+?://){1}([a-z0-9\-\.,\?!%\*_\#:;~\\&$@\/=\+]+)\[/url\]#si";
$patterns[1] = "#\[url\]([a-z]+?://){1}([a-z0-9\-\.,\?!%\*_\#:;~\\&$@\/=\+\(\)]+)\[/url\]#si";
$replacements[1] = $bbcode_tpl['url1'];
// [url]www.phpbb.com[/url] code.. (no xxxx:// prefix).
$patterns[2] = "#\[url\]([a-z0-9\-\.,\?!%\*_\#:;~\\&$@\/=\+]+)\[/url\]#si";
$patterns[2] = "#\[url\]([a-z0-9\-\.,\?!%\*_\#:;~\\&$@\/=\+\(\)]+)\[/url\]#si";
$replacements[2] = $bbcode_tpl['url2'];
// [url=xxxx://www.phpbb.com]phpBB[/url] code..
$patterns[3] = "#\[url=([a-z]+?://){1}([a-z0-9\-\.,\?!%\*_\#:;~\\&$@\/=\+]+)\](.*?)\[/url\]#si";
$patterns[3] = "#\[url=([a-z]+?://){1}([a-z0-9\-\.,\?!%\*_\#:;~\\&$@\/=\+\(\)]+)\](.*?)\[/url\]#si";
$replacements[3] = $bbcode_tpl['url3'];
// [url=www.phpbb.com]phpBB[/url] code.. (no xxxx:// prefix).
$patterns[4] = "#\[url=([a-z0-9\-\.,\?!%\*_\#:;~\\&$@\/=\+]+)\](.*?)\[/url\]#si";
$patterns[4] = "#\[url=([a-z0-9\-\.,\?!%\*_\#:;~\\&$@\/=\+\(\)]+)\](.*?)\[/url\]#si";
$replacements[4] = $bbcode_tpl['url4'];
// [email]user@domain.tld[/email] code..
@@ -251,7 +251,7 @@ function bbencode_first_pass($text, $uid)
// [QUOTE] and [/QUOTE] for posting replies with quote, or just for quoting stuff.
$text = bbencode_first_pass_pda($text, $uid, '[quote]', '[/quote]', '', false, '');
$text = bbencode_first_pass_pda($text, $uid, '/\[quote=(\\\\".*?\\\\")\]/is', '[/quote]', '', false, '', "[quote:$uid=\\1]");
$text = bbencode_first_pass_pda($text, $uid, '/\[quote=(\\\\"[^"]*?\\\\")\]/is', '[/quote]', '', false, '', "[quote:$uid=\\1]");
// [list] and [list=x] for (un)ordered lists.
$open_tag = array();
@@ -282,7 +282,7 @@ function bbencode_first_pass($text, $uid)
$text = preg_replace("#\[i\](.*?)\[/i\]#si", "[i:$uid]\\1[/i:$uid]", $text);
// [img]image_url_here[/img] code..
$text = preg_replace("#\[img\](([a-z]+?)://([^ \n\r]+?))\[/img\]#si", "[img:$uid]\\1[/img:$uid]", $text);
$text = preg_replace("#\[img\](http(s)?://)([a-z0-9\-\.,\?!%\*_\#:;~\\&$@\/=\+]+)\[/img\]#si", "[img:$uid]\\1\\3[/img:$uid]", $text);
// Remove our padding from the string..
$text = substr($text, 1);
@@ -433,7 +433,13 @@ function bbencode_first_pass_pda($text, $uid, $open_tag, $close_tag, $close_tag_
// Push its position, the text we matched, and its index in the open_tag array on to the stack, and then keep going to the right.
$match = array("pos" => $curr_pos, "tag" => $which_start_tag, "index" => $start_tag_index);
bbcode_array_push($stack, $match);
++$curr_pos;
//
// Rather than just increment $curr_pos
// Set it to the ending of the tag we just found
// Keeps error in nested tag from breaking out
// of table structure..
//
$curr_pos = $curr_pos + strlen($possible_start);
}
else
{
@@ -477,20 +483,34 @@ function bbencode_first_pass_pda($text, $uid, $open_tag, $close_tag, $close_tag_
// Mark the lowest nesting level if needed.
if ($mark_lowest_level && ($curr_nesting_depth == 1))
{
if ($open_tag[0] == '[code]')
{
$code_entities_match = array('#<#', '#>#', '#"#', '#:#', '#\[#', '#\]#', '#\(#', '#\)#', '#\{#', '#\}#');
$code_entities_replace = array('&lt;', '&gt;', '&quot;', '&#58;', '&#91;', '&#93;', '&#40;', '&#41;', '&#123;', '&#125;');
$between_tags = preg_replace($code_entities_match, $code_entities_replace, $between_tags);
}
$text = $before_start_tag . substr($start_tag, 0, $start_length - 1) . ":$curr_nesting_depth:$uid]";
$text .= $between_tags . substr($close_tag_new, 0, $close_tag_new_length - 1) . ":$curr_nesting_depth:$uid]";
}
else
{
if ($open_is_regexp)
if ($open_tag[0] == '[code]')
{
$text = $before_start_tag . $start_tag;
$text = $before_start_tag . '&#91;code&#93;';
$text .= $between_tags . '&#91;/code&#93;';
}
else
{
$text = $before_start_tag . substr($start_tag, 0, $start_length - 1) . ":$uid]";
if ($open_is_regexp)
{
$text = $before_start_tag . $start_tag;
}
else
{
$text = $before_start_tag . substr($start_tag, 0, $start_length - 1) . ":$uid]";
}
$text .= $between_tags . substr($close_tag_new, 0, $close_tag_new_length - 1) . ":$uid]";
}
$text .= $between_tags . substr($close_tag_new, 0, $close_tag_new_length - 1) . ":$uid]";
}
$text .= $after_end_tag;
@@ -600,7 +620,7 @@ function make_clickable($text)
// matches an "xxxx://yyyy" URL at the start of a line, or after a space.
// xxxx can only be alpha characters.
// yyyy is anything up to the first space, newline, or comma.
$ret = preg_replace("#([\n ])([a-z]+?)://([^,\t \n\r]+)#i", "\\1<a href=\"\\2://\\3\" target=\"_blank\">\\2://\\3</a>", $ret);
$ret = preg_replace("#([\n ])([a-z]+?)://([a-z0-9\-\.,\?!%\*_\#:;~\\&$@\/=\+]+)#i", "\\1<a href=\"\\2://\\3\" target=\"_blank\">\\2://\\3</a>", $ret);
// matches a "www.xxxx.yyyy[/zzzz]" kinda lazy URL thing
// Must contain at least 2 dots. xxxx contains either alphanum, or "-"
@@ -608,7 +628,7 @@ function make_clickable($text)
// zzzz is optional.. will contain everything up to the first space, newline, or comma.
// This is slightly restrictive - it's not going to match stuff like "forums.foo.com"
// This is to keep it from getting annoying and matching stuff that's not meant to be a link.
$ret = preg_replace("#([\n ])www\.([a-z0-9\-]+)\.([a-z0-9\-.\~]+)((?:/[^,\t \n\r]*)?)#i", "\\1<a href=\"http://www.\\2.\\3\\4\" target=\"_blank\">www.\\2.\\3\\4</a>", $ret);
$ret = preg_replace("#([\n ])www\.([a-z0-9\-]+)\.([a-z0-9\-.\~]+)((?:/[a-z0-9\-\.,\?!%\*_\#:;~\\&$@\/=\+]*)?)#i", "\\1<a href=\"http://www.\\2.\\3\\4\" target=\"_blank\">www.\\2.\\3\\4</a>", $ret);
// matches an email@domain type address at the start of a line, or after a space.
// Note: Only the followed chars are valid; alphanums, "-", "_" and or ".".
@@ -716,42 +736,36 @@ function bbcode_array_pop(&$stack)
// Smilies code ... would this be better tagged on to the end of bbcode.php?
// Probably so and I'll move it before B2
//
function smilies_pass($message)
{
global $db, $board_config;
static $smilies;
function smilies_pass($message)
{
static $orig, $repl;
if( empty($smilies) )
{
$sql = "SELECT code, smile_url
FROM " . SMILIES_TABLE;
if( !$result = $db->sql_query($sql) )
{
message_die(GENERAL_ERROR, "Couldn't obtain smilies data", "", __LINE__, __FILE__, $sql);
}
if (!isset($orig))
{
global $db, $board_config;
$orig = $repl = array();
if( !$db->sql_numrows($result) )
{
return $message;
}
$sql = 'SELECT code, smile_url FROM ' . SMILIES_TABLE;
if( !$result = $db->sql_query($sql) )
{
message_die(GENERAL_ERROR, "Couldn't obtain smilies data", "", __LINE__, __FILE__, $sql);
}
$smilies = $db->sql_fetchrowset($result);
$smilies = $db->sql_fetchrowset($result);
}
usort($smilies, 'smiley_sort');
for($i = 0; $i < count($smilies); $i++)
{
$orig[] = "/(?<=.\W|\W.|^\W)" . phpbb_preg_quote($smilies[$i]['code'], "/") . "(?=.\W|\W.|\W$)/";
$repl[] = '<img src="'. $board_config['smilies_path'] . '/' . $smilies[$i]['smile_url'] . '" alt="' . $smilies[$i]['smile_url'] . '" border="0" />';
}
}
usort($smilies, 'smiley_sort');
for($i = 0; $i < count($smilies); $i++)
{
$orig[] = "/(?<=.\\W|\\W.|^\\W)" . phpbb_preg_quote($smilies[$i]['code'], "/") . "(?=.\\W|\\W.|\\W$)/";
$repl[] = '<img src="'. $board_config['smilies_path'] . '/' . $smilies[$i]['smile_url'] . '" alt="' . $smilies[$i]['smile_url'] . '" border="0" />';
}
if( $i > 0 )
{
$message = preg_replace($orig, $repl, ' ' . $message . ' ');
$message = substr($message, 1, -1);
}
return $message;
if (count($orig))
{
$message = preg_replace($orig, $repl, ' ' . $message . ' ');
$message = substr($message, 1, -1);
}
return $message;
}
function smiley_sort($a, $b)
@@ -765,4 +779,4 @@ function smiley_sort($a, $b)
}
?>
?>

4
phpBB/includes/constants.php
View File

@@ -26,8 +26,8 @@ if ( !defined('IN_PHPBB') )
}
// Debug Level
define('DEBUG', 1); // Debugging on
//define('DEBUG', 0); // Debugging off
//define('DEBUG', 1); // Debugging on
define('DEBUG', 0); // Debugging off
// User Levels <- Do not change the values of USER or ADMIN

155
phpBB/includes/emailer.php
View File

@@ -38,8 +38,8 @@ class emailer
$this->use_smtp = $use_smtp;
$this->tpl_file = NULL;
$this->address = NULL;
$this->msg = "";
$this->mimeOut = "";
$this->msg = '';
$this->mimeOut = '';
}
//
@@ -47,11 +47,11 @@ class emailer
//
function reset()
{
$this->tpl_file = "";
$this->address = "";
$this->msg = "";
$this->memOut = "";
$this->vars = "";
$this->tpl_file = '';
$this->address = '';
$this->msg = '';
$this->memOut = '';
$this->vars = '';
}
//
@@ -59,13 +59,8 @@ class emailer
//
function email_address($address)
{
$success = true;
$this->address = '';
$this->address .= $address;
return $success;
}
//
@@ -84,30 +79,27 @@ class emailer
$this->extra_headers = $headers;
}
function use_template($template_file, $template_lang = "")
function use_template($template_file, $template_lang = '')
{
global $board_config, $phpbb_root_path;
if( $template_lang == "" )
if ( $template_lang == '' )
{
$template_lang = $board_config['default_lang'];
}
$template_file = $phpbb_root_path . "language/lang_" . $template_lang . "/email/" . $template_file . ".tpl";
if( !file_exists($template_file) )
$this->tpl_file = $phpbb_root_path . 'language/lang_' . $template_lang . '/email/' . $template_file . '.tpl';
if ( !file_exists($this->tpl_file) )
{
message_die(GENERAL_ERROR, "Couldn't find template file: $template_file", "", __LINE__, __FILE__);
}
else
{
$this->tpl_file = $template_file;
if( !$this->load_msg() )
{
message_die(GENERAL_ERROR, "Couldn't load template file: $template_file", "", __LINE__, __FILE__);
}
message_die(GENERAL_ERROR, 'Could not find email template file ' . $template_file, '', __LINE__, __FILE__);
}
return TRUE;
if ( !$this->load_msg() )
{
message_die(GENERAL_ERROR, 'Could not load email template file ' . $template_file, '', __LINE__, __FILE__);
}
return true;
}
//
@@ -115,39 +107,30 @@ class emailer
//
function load_msg()
{
if ($this->tpl_file == NULL)
if ( $this->tpl_file == NULL )
{
message_die(GENERAL_ERROR, "No template file set", "", __LINE__, __FILE__);
message_die(GENERAL_ERROR, 'No template file set', '', __LINE__, __FILE__);
}
else
if ( !($fd = fopen($this->tpl_file, 'r')) )
{
if(!($fd = fopen($this->tpl_file, 'r')))
{
message_die(GENERAL_ERROR, "fopen failed opening template file", "", __LINE__, __FILE__);
}
else
{
$this->msg .= fread($fd, filesize($this->tpl_file));
fclose($fd);
}
message_die(GENERAL_ERROR, 'Failed opening template file', '', __LINE__, __FILE__);
}
return TRUE;
$this->msg .= fread($fd, filesize($this->tpl_file));
fclose($fd);
return true;
}
function assign_vars($vars)
{
if(empty($this->vars))
{
$this->vars = $vars;
}
else
{
$this->vars .= $vars;
}
$this->vars = ( empty($this->vars) ) ? $vars : $this->vars . $vars;
}
function parse_email()
{
global $lang;
@reset($this->vars);
while (list($key, $val) = @each($this->vars))
{
@@ -165,12 +148,13 @@ class emailer
// do this here because the subject may contain a variable
//
$match = array();
preg_match("/^(Subject:(.*?)[\r\n]+?)?(.*?)$/is", $this->msg, $match);
preg_match("/^(Subject:(.*?)[\r\n]+?)?(Charset:(.*?)[\r\n]+?)?(.*?)$/is", $this->msg, $match);
$this->msg = ( isset($match[3]) ) ? trim($match[3]) : '';
$this->msg = ( isset($match[5]) ) ? trim($match[5]) : '';
$this->subject = ( $this->subject != '' ) ? $this->subject : trim($match[2]);
$this->encoding = ( trim($match[4]) != '' ) ? trim($match[4]) : $lang['ENCODING'];
return TRUE;
return true;
}
//
@@ -178,57 +162,56 @@ class emailer
//
function send()
{
global $phpEx, $phpbb_root_dir;
global $phpEx, $phpbb_root_path;
if (isset($phpbb_root_dir))
if ( $this->address == NULL )
{
// we must be in the admin section.
$phpbb_root_path = $phpbb_root_dir;
message_die(GENERAL_ERROR, 'No email address set', '', __LINE__, __FILE__);
}
if ( !$this->parse_email() )
{
return false;
}
//
// Add date and encoding type
//
$universal_extra = "MIME-Version: 1.0\nContent-type: text/plain; charset=" . $this->encoding . "\nContent-transfer-encoding: 8bit\nDate: " . gmdate('D, d M Y H:i:s', time()) . " UT\n";
$this->extra_headers = $universal_extra . $this->extra_headers;
if ( $this->use_smtp )
{
if ( !defined('SMTP_INCLUDED') )
{
include($phpbb_root_path . 'includes/smtp.' . $phpEx);
}
$result = smtpmail($this->address, $this->subject, $this->msg, $this->extra_headers);
}
else
{
$phpbb_root_path = "./";
$result = @mail($this->address, $this->subject, $this->msg, $this->extra_headers);
}
if ($this->address == NULL)
if ( !$result )
{
message_die(GENERAL_ERROR, "No email address set", "", __LINE__, __FILE__);
}
else
{
if(!$this->parse_email())
{
return FALSE;
}
if($this->use_smtp)
{
if(!defined('SMTP_INCLUDED'))
{
include($phpbb_root_path . "includes/smtp.".$phpEx);
}
if(!smtpmail($this->address, $this->subject, $this->msg, $this->extra_headers))
{
message_die(GENERAL_ERROR, "Sending via SMTP failed", "", __LINE__, __FILE__);
}
}
else
{
@mail($this->address, $this->subject, $this->msg, $this->extra_headers);
}
message_die(GENERAL_ERROR, 'Failed sending email', '', __LINE__, __FILE__);
}
return TRUE;
return true;
}
//
// Attach files via MIME.
// Attach files via MIME.
//
function attachFile($filename, $mimetype="application/octet-stream", $szFromAddress, $szFilenameToDisplay)
function attachFile($filename, $mimetype = "application/octet-stream", $szFromAddress, $szFilenameToDisplay)
{
global $lang;
$mime_boundary = "--==================_846811060==_";
$this->mailMsg = "--".$mime_boundary."\nContent-Type: text/plain;\n\tcharset=\"iso-8859-1\"\n\n".$this->mailMsg;
$this->mailMsg = '--' . $mime_boundary . "\nContent-Type: text/plain;\n\tcharset=\"" . $lang['ENCODING'] . "\"\n\n" . $this->mailMsg;
if ($mime_filename)
{
@@ -244,11 +227,11 @@ class emailer
$this->mimeOut .= "Content-Transfer-Encoding: quoted-printable\n";
$this->mimeOut .= "Content-Disposition: attachment;\n\tfilename=\"$szFilenameToDisplay\"\n\n";
if ($mimetype == "message/rfc822")
if ( $mimetype == "message/rfc822" )
{
$this->mimeOut .= "From: ".$szFromAddress."\n";
$this->mimeOut .= "To: ".$this->emailAddress."\n";
$this->mimeOut .= "Date: ".date("D, d M Y G:i:s ").$this->getTimeZoneInEmailFormat()."\n";
$this->mimeOut .= "Date: ".date("D, d M Y H:i:s") . " UT\n";
$this->mimeOut .= "Reply-To:".$szFromAddress."\n";
$this->mimeOut .= "Subject: ".$this->mailSubject."\n";
$this->mimeOut .= "X-Mailer: PHP/".phpversion()."\n";
@@ -324,4 +307,4 @@ class emailer
} // class emailer
?>
?>

9
phpBB/includes/functions.php
View File

@@ -94,6 +94,8 @@ function make_jumpbox($action, $match_forum_id = 0)
{
global $template, $lang, $db, $SID, $nav_links, $phpEx;
// $is_auth = auth(AUTH_VIEW, AUTH_LIST_ALL, $userdata);
$sql = "SELECT c.cat_id, c.cat_title, c.cat_order
FROM " . CATEGORIES_TABLE . " c, " . FORUMS_TABLE . " f
WHERE f.cat_id = c.cat_id
@@ -137,6 +139,9 @@ function make_jumpbox($action, $match_forum_id = 0)
{
if ( $forum_rows[$j]['cat_id'] == $category_rows[$i]['cat_id'] && $forum_rows[$j]['auth_view'] <= AUTH_REG )
{
// if ( $forum_rows[$j]['cat_id'] == $category_rows[$i]['cat_id'] && $is_auth[$forum_rows[$j]['forum_id']]['auth_view'] )
// {
$selected = ( $forum_rows[$j]['forum_id'] == $match_forum_id ) ? 'selected="selected"' : '';
$boxstring_forums .= '<option value="' . $forum_rows[$j]['forum_id'] . '"' . $selected . '>' . $forum_rows[$j]['forum_name'] . '</option>';
@@ -491,7 +496,7 @@ function obtain_word_list(&$orig_word, &$replacement_word)
//
function message_die($msg_code, $msg_text = '', $msg_title = '', $err_line = '', $err_file = '', $sql = '')
{
global $db, $template, $board_config, $theme, $lang, $phpEx, $phpbb_root_path, $nav_links;
global $db, $template, $board_config, $theme, $lang, $phpEx, $phpbb_root_path, $nav_links, $gen_simple_header;
global $userdata, $user_ip, $session_length;
global $starttime;
@@ -594,6 +599,7 @@ function message_die($msg_code, $msg_text = '', $msg_title = '', $err_line = '',
{
$msg_title = $lang['General_Error'];
}
break;
case CRITICAL_ERROR:
//
@@ -669,5 +675,4 @@ function message_die($msg_code, $msg_text = '', $msg_title = '', $err_line = '',
exit;
}
?>

33
phpBB/includes/functions_admin.php
View File

@@ -24,7 +24,7 @@
//
// Simple version of jumpbox, just lists authed forums
//
function make_forum_select($box_name, $ignore_forum = false)
function make_forum_select($box_name, $ignore_forum = false, $select_forum = '')
{
global $db, $userdata;
@@ -43,7 +43,8 @@ function make_forum_select($box_name, $ignore_forum = false)
{
if ( $is_auth_ary[$row['forum_id']]['auth_read'] && $ignore_forum != $row['forum_id'] )
{
$forum_list .= '<option value="' . $row['forum_id'] . '">' . $row['forum_name'] . '</option>';
$selected = ( $select_forum == $row['forum_id'] ) ? ' selected="selected"' : '';
$forum_list .= '<option value="' . $row['forum_id'] . '"' . $selected .'>' . $row['forum_name'] . '</option>';
}
}
@@ -55,7 +56,7 @@ function make_forum_select($box_name, $ignore_forum = false)
//
// Synchronise functions for forums/topics
//
function sync($type, $id)
function sync($type, $id = false)
{
global $db;
@@ -64,7 +65,7 @@ function sync($type, $id)
case 'all forums':
$sql = "SELECT forum_id
FROM " . FORUMS_TABLE;
if ( !$result = $db->sql_query($sql) )
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not get forum IDs', '', __LINE__, __FILE__, $sql);
}
@@ -78,7 +79,7 @@ function sync($type, $id)
case 'all topics':
$sql = "SELECT topic_id
FROM " . TOPICS_TABLE;
if ( !$result = $db->sql_query($sql) )
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not get topic ID', '', __LINE__, __FILE__, $sql);
}
@@ -90,12 +91,10 @@ function sync($type, $id)
break;
case 'forum':
$sql = "SELECT MAX(p.post_id) AS last_post, COUNT(p.post_id) AS total
FROM " . POSTS_TABLE . " p, " . TOPICS_TABLE . " t
WHERE p.forum_id = $id
AND t.topic_id = p.topic_id
AND t.topic_status <> " . TOPIC_MOVED;
if ( !$result = $db->sql_query($sql) )
$sql = "SELECT MAX(post_id) AS last_post, COUNT(post_id) AS total
FROM " . POSTS_TABLE . "
WHERE forum_id = $id";
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not get post ID', '', __LINE__, __FILE__, $sql);
}
@@ -113,9 +112,8 @@ function sync($type, $id)
$sql = "SELECT COUNT(topic_id) AS total
FROM " . TOPICS_TABLE . "
WHERE forum_id = $id
AND topic_status <> " . TOPIC_MOVED;
if ( !$result = $db->sql_query($sql) )
WHERE forum_id = $id";
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not get topic count', '', __LINE__, __FILE__, $sql);
}
@@ -135,22 +133,19 @@ function sync($type, $id)
$sql = "SELECT MAX(post_id) AS last_post, MIN(post_id) AS first_post, COUNT(post_id) AS total_posts
FROM " . POSTS_TABLE . "
WHERE topic_id = $id";
if ( !$result = $db->sql_query($sql) )
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not get post ID', '', __LINE__, __FILE__, $sql);
}
if ( $row = $db->sql_fetchrow($result) )
{
$sql = "UPDATE " . TOPICS_TABLE . "
SET topic_replies = " . ( $row['total_posts'] - 1 ) . ", topic_first_post_id = " . $row['first_post'] . ", topic_last_post_id = " . $row['last_post'] . "
WHERE topic_id = $id";
$sql = ( $row['total_posts'] ) ? "UPDATE " . TOPICS_TABLE . " SET topic_replies = " . ( $row['total_posts'] - 1 ) . ", topic_first_post_id = " . $row['first_post'] . ", topic_last_post_id = " . $row['last_post'] . " WHERE topic_id = $id" : "DELETE FROM " . TOPICS_TABLE . " WHERE topic_id = $id";
if ( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not update topic', '', __LINE__, __FILE__, $sql);
}
}
break;
}

137
phpBB/includes/functions_post.php
View File

@@ -22,7 +22,7 @@
if ( !defined('IN_PHPBB') )
{
die("Hacking attempt");
die('Hacking attempt');
}
$html_entities_match = array('#&#', '#<#', '#>#');
@@ -74,8 +74,7 @@ function prepare_message($message, $html_on, $bbcode_on, $smile_on, $bbcode_uid
for($i = 0; $i < sizeof($allowed_html_tags); $i++)
{
$match_tag = trim($allowed_html_tags[$i]);
if ( preg_match('/^<\/?' . $match_tag . '\b/i', $hold_string) )
if ( preg_match('/^<\/?' . $match_tag . '(?!(\s*)style(\s*)\\=)/i', $hold_string) )
{
$tagallowed = true;
}
@@ -108,23 +107,6 @@ function prepare_message($message, $html_on, $bbcode_on, $smile_on, $bbcode_uid
if( $bbcode_on && $bbcode_uid != '' )
{
$tmp_message = $message;
if ( ($match_count = preg_match_all('#^(.*?)\[code\](.*?)\[\/code\](.*?)$#is', $tmp_message, $match)) )
{
$code_entities_match = array('#<#', '#>#', '#"#', '#:#', '#\[#', '#\]#', '#\(#', '#\)#', '#\{#', '#\}#');
$code_entities_replace = array('&lt;', '&gt;', '&quot;', '&#58;', '&#91;', '&#93;', '&#40;', '&#41;', '&#123;', '&#125;');
$message = '';
for($i = 0; $i < $match_count; $i++)
{
$message .= $match[1][$i] . '[code]' . preg_replace($code_entities_match, $code_entities_replace, $match[2][$i]) . '[/code]';
$tmp_message = $match[3][$i];
}
$message .= $tmp_message;
}
$message = bbencode_first_pass($message, $bbcode_uid);
}
@@ -249,7 +231,7 @@ function submit_post($mode, &$post_data, &$message, &$meta, &$forum_id, &$topic_
WHERE $where_sql";
if ( $result = $db->sql_query($sql) )
{
if( $row = $db->sql_fetchrow($result) )
if ( $row = $db->sql_fetchrow($result) )
{
if ( $row['last_post_time'] > 0 && ( $current_time - $row['last_post_time'] ) < $board_config['flood_interval'] )
{
@@ -267,12 +249,12 @@ function submit_post($mode, &$post_data, &$message, &$meta, &$forum_id, &$topic_
{
$topic_vote = ( !empty($poll_title) && count($poll_options) >= 2 ) ? 1 : 0;
$sql = ( $mode != "editpost" ) ? "INSERT INTO " . TOPICS_TABLE . " (topic_title, topic_poster, topic_time, forum_id, topic_status, topic_type, topic_vote) VALUES ('$post_subject', " . $userdata['user_id'] . ", $current_time, $forum_id, " . TOPIC_UNLOCKED . ", $topic_type, $topic_vote)" : "UPDATE " . TOPICS_TABLE . " SET topic_title = '$post_subject', topic_type = $topic_type, topic_vote = $topic_vote WHERE topic_id = $topic_id";
if ( !($result = $db->sql_query($sql)) )
if ( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql);
}
if( $mode == 'newtopic' )
if ( $mode == 'newtopic' )
{
$topic_id = $db->sql_nextid();
}
@@ -280,18 +262,18 @@ function submit_post($mode, &$post_data, &$message, &$meta, &$forum_id, &$topic_
$edited_sql = ( $mode == 'editpost' && !$post_data['last_post'] && $post_data['poster_post'] ) ? ", post_edit_time = $current_time, post_edit_count = post_edit_count + 1 " : "";
$sql = ( $mode != "editpost" ) ? "INSERT INTO " . POSTS_TABLE . " (topic_id, forum_id, poster_id, post_username, post_time, poster_ip, enable_bbcode, enable_html, enable_smilies, enable_sig) VALUES ($topic_id, $forum_id, " . $userdata['user_id'] . ", '$post_username', $current_time, '$user_ip', $bbcode_on, $html_on, $smilies_on, $attach_sig)" : "UPDATE " . POSTS_TABLE . " SET enable_bbcode = $bbcode_on, enable_html = $html_on, enable_smilies = $smilies_on, enable_sig = $attach_sig" . $edited_sql . " WHERE post_id = $post_id";
if ( !($result = $db->sql_query($sql, BEGIN_TRANSACTION)) )
if ( !$db->sql_query($sql, BEGIN_TRANSACTION) )
{
message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql);
}
if( $mode != 'editpost' )
if ( $mode != 'editpost' )
{
$post_id = $db->sql_nextid();
}
$sql = ( $mode != 'editpost' ) ? "INSERT INTO " . POSTS_TEXT_TABLE . " (post_id, post_subject, bbcode_uid, post_text) VALUES ($post_id, '$post_subject', '$bbcode_uid', '$post_message')" : "UPDATE " . POSTS_TEXT_TABLE . " SET post_text = '$post_message', bbcode_uid = '$bbcode_uid', post_subject = '$post_subject' WHERE post_id = $post_id";
if ( !($result = $db->sql_query($sql)) )
if ( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql);
}
@@ -304,7 +286,7 @@ function submit_post($mode, &$post_data, &$message, &$meta, &$forum_id, &$topic_
if ( ( $mode == 'newtopic' || $mode == 'editpost' ) && !empty($poll_title) && count($poll_options) >= 2 )
{
$sql = ( !$post_data['has_poll'] ) ? "INSERT INTO " . VOTE_DESC_TABLE . " (topic_id, vote_text, vote_start, vote_length) VALUES ($topic_id, '$poll_title', $current_time, " . ( $poll_length * 86400 ) . ")" : "UPDATE " . VOTE_DESC_TABLE . " SET vote_text = '$poll_title', vote_length = " . ( $poll_length * 86400 ) . " WHERE topic_id = $topic_id";
if ( !($result = $db->sql_query($sql)) )
if ( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql);
}
@@ -326,7 +308,7 @@ function submit_post($mode, &$post_data, &$message, &$meta, &$forum_id, &$topic_
{
$old_poll_result[$row['vote_option_id']] = $row['vote_result'];
if( !isset($poll_options[$row['vote_option_id']]) )
if ( !isset($poll_options[$row['vote_option_id']]) )
{
$delete_option_sql .= ( $delete_option_sql != '' ) ? ', ' . $row['vote_option_id'] : $row['vote_option_id'];
}
@@ -342,13 +324,13 @@ function submit_post($mode, &$post_data, &$message, &$meta, &$forum_id, &$topic_
$poll_option_id = 1;
while ( list($option_id, $option_text) = each($poll_options) )
{
if( !empty($option_text) )
if ( !empty($option_text) )
{
$option_text = str_replace("\'", "''", $option_text);
$poll_result = ( $mode == "editpost" && isset($old_poll_result[$option_id]) ) ? $old_poll_result[$option_id] : 0;
$sql = ( $mode != "editpost" || !isset($old_poll_result[$option_id]) ) ? "INSERT INTO " . VOTE_RESULTS_TABLE . " (vote_id, vote_option_id, vote_option_text, vote_result) VALUES ($poll_id, $poll_option_id, '$option_text', $poll_result)" : "UPDATE " . VOTE_RESULTS_TABLE . " SET vote_option_text = '$option_text', vote_result = $poll_result WHERE vote_option_id = $option_id AND vote_id = $poll_id";
if ( !($result = $db->sql_query($sql)) )
if ( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql);
}
@@ -356,11 +338,12 @@ function submit_post($mode, &$post_data, &$message, &$meta, &$forum_id, &$topic_
}
}
if( $delete_option_sql != '' )
if ( $delete_option_sql != '' )
{
$sql = "DELETE FROM " . VOTE_RESULTS_TABLE . "
WHERE vote_option_id IN ($delete_option_sql)";
if ( !($result = $db->sql_query($sql)) )
WHERE vote_option_id IN ($delete_option_sql)
AND vote_id = $poll_id";
if ( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Error deleting pruned poll options', '', __LINE__, __FILE__, $sql);
}
@@ -380,7 +363,7 @@ function update_post_stats(&$mode, &$post_data, &$forum_id, &$topic_id, &$post_i
{
global $db;
$sign = ( $mode == 'delete' ) ? "- 1" : "+ 1";
$sign = ( $mode == 'delete' ) ? '- 1' : '+ 1';
$forum_update_sql = "forum_posts = forum_posts $sign";
$topic_update_sql = '';
@@ -395,53 +378,57 @@ function update_post_stats(&$mode, &$post_data, &$forum_id, &$topic_id, &$post_i
else
{
$topic_update_sql = "topic_replies = topic_replies - 1";
$topic_update_sql .= 'topic_replies = topic_replies - 1';
$sql = "SELECT MAX(post_id) AS post_id
$sql = "SELECT MAX(post_id) AS last_post_id
FROM " . POSTS_TABLE . "
WHERE topic_id = $topic_id";
if ( !($db->sql_query($sql)) )
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Error in deleting post', '', __LINE__, __FILE__, $sql);
}
if ( $row = $db->sql_fetchrow($result) )
{
$topic_update_sql .= ', topic_last_post_id = ' . $row['post_id'];
$topic_update_sql .= ', topic_last_post_id = ' . $row['last_post_id'];
}
}
if ( $post_data['last_topic'] )
{
$sql = "SELECT MAX(post_id) AS post_id
$sql = "SELECT MAX(post_id) AS last_post_id
FROM " . POSTS_TABLE . "
WHERE forum_id = $forum_id";
if ( !($db->sql_query($sql)) )
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Error in deleting post', '', __LINE__, __FILE__, $sql);
}
if ( $row = $db->sql_fetchrow($result) )
{
$forum_update_sql .= ( $row['post_id'] ) ? ', forum_last_post_id = ' . $row['post_id'] : ', forum_last_post_id = 0';
$forum_update_sql .= ( $row['last_post_id'] ) ? ', forum_last_post_id = ' . $row['last_post_id'] : ', forum_last_post_id = 0';
}
}
}
else if ( $post_data['first_post'] )
{
$sql = "SELECT MIN(post_id) AS post_id
$sql = "SELECT MIN(post_id) AS first_post_id
FROM " . POSTS_TABLE . "
WHERE topic_id = $topic_id";
if ( !($db->sql_query($sql)) )
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Error in deleting post', '', __LINE__, __FILE__, $sql);
}
if ( $row = $db->sql_fetchrow($result) )
{
$topic_update_sql = 'topic_replies = topic_replies - 1, topic_first_post_id = ' . $row['post_id'];
$topic_update_sql .= 'topic_replies = topic_replies - 1, topic_first_post_id = ' . $row['first_post_id'];
}
}
else
{
$topic_update_sql .= 'topic_replies = topic_replies - 1';
}
}
else if ( $mode != 'poll_delete' )
{
@@ -456,7 +443,7 @@ function update_post_stats(&$mode, &$post_data, &$forum_id, &$topic_id, &$post_i
$sql = "UPDATE " . FORUMS_TABLE . " SET
$forum_update_sql
WHERE forum_id = $forum_id";
if ( !($result = $db->sql_query($sql)) )
if ( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql);
}
@@ -465,8 +452,9 @@ function update_post_stats(&$mode, &$post_data, &$forum_id, &$topic_id, &$post_i
{
$sql = "UPDATE " . TOPICS_TABLE . " SET
$topic_update_sql
WHERE topic_id = $topic_id";
if ( !($result = $db->sql_query($sql)) )
WHERE topic_id = $topic_id
OR topic_moved_id = $topic_id";
if ( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql);
}
@@ -477,7 +465,7 @@ function update_post_stats(&$mode, &$post_data, &$forum_id, &$topic_id, &$post_i
$sql = "UPDATE " . USERS_TABLE . "
SET user_posts = user_posts $sign
WHERE user_id = $user_id";
if ( !($result = $db->sql_query($sql, END_TRANSACTION)) )
if ( !$db->sql_query($sql, END_TRANSACTION) )
{
message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql);
}
@@ -496,89 +484,80 @@ function delete_post($mode, &$post_data, &$message, &$meta, &$forum_id, &$topic_
include($phpbb_root_path . 'includes/functions_search.'.$phpEx);
$topic_update_sql = '';
if ( $mode != 'poll_delete' )
{
$sql = "DELETE FROM " . POSTS_TABLE . "
WHERE post_id = $post_id";
if ( !($db->sql_query($sql)) )
if ( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Error in deleting post', '', __LINE__, __FILE__, $sql);
}
$sql = "DELETE FROM " . POSTS_TEXT_TABLE . "
WHERE post_id = $post_id";
if ( !($db->sql_query($sql)) )
if ( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Error in deleting post', '', __LINE__, __FILE__, $sql);
}
$sql = "DELETE FROM " . SEARCH_MATCH_TABLE . "
WHERE post_id = $post_id";
if ( !($db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Error in deleting post', '', __LINE__, __FILE__, $sql);
}
$forum_update_sql = 'forum_posts = forum_posts - 1';
$topic_update_sql .= 'topic_replies = topic_replies - 1';
if ( $post_data['last_post'] )
{
if ( $post_data['first_post'] )
{
$forum_update_sql .= ', forum_topics = forum_topics - 1';
$sql = "DELETE FROM " . TOPICS_TABLE . "
WHERE topic_id = $topic_id
OR topic_moved_id = $topic_id";
if ( !($db->sql_query($sql)) )
if ( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Error in deleting post', '', __LINE__, __FILE__, $sql);
}
$sql = "DELETE FROM " . TOPICS_WATCH_TABLE . "
WHERE topic_id = $topic_id";
if ( !($db->sql_query($sql)) )
if ( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Error in deleting post', '', __LINE__, __FILE__, $sql);
}
}
}
remove_search_post($post_id);
}
if( $mode == 'poll_delete' || ( $mode == 'delete' && $post_data['first_post'] && $post_data['last_post'] ) && $post_data['has_poll'] && $post_data['edit_poll'] )
if ( $mode == 'poll_delete' || ( $mode == 'delete' && $post_data['first_post'] && $post_data['last_post'] ) && $post_data['has_poll'] && $post_data['edit_poll'] )
{
$sql = "DELETE FROM " . VOTE_DESC_TABLE . "
WHERE vote_id = $poll_id";
if ( !($db->sql_query($sql)) )
WHERE topic_id = $topic_id";
if ( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Error in deleting poll', '', __LINE__, __FILE__, $sql);
}
$sql = "DELETE FROM " . VOTE_RESULTS_TABLE . "
WHERE vote_id = $poll_id";
if ( !($db->sql_query($sql)) )
if ( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Error in deleting poll', '', __LINE__, __FILE__, $sql);
}
$sql = "DELETE FROM " . VOTE_USERS_TABLE . "
WHERE vote_id = $poll_id";
if ( !($db->sql_query($sql)) )
if ( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Error in deleting poll', '', __LINE__, __FILE__, $sql);
}
}
remove_search_post($post_id);
if ( $mode == 'delete' && $post_data['first_post'] && $post_data['last_post'] )
{
$meta = '<meta http-equiv="refresh" content="3;url=' . append_sid("viewforum.$phpEx?" . POST_FORUM_URL . "=" . $forum_id) . '">';
$meta = '<meta http-equiv="refresh" content="3;url=' . append_sid("viewforum.$phpEx?" . POST_FORUM_URL . '=' . $forum_id) . '">';
$message = $lang['Deleted'];
}
else
{
$meta = '<meta http-equiv="refresh" content="3;url=' . append_sid("viewtopic.$phpEx?" . POST_TOPIC_URL . "=" . $topic_id) . '">';
$message = ( ( $mode == "poll_delete" ) ? $lang['Poll_delete'] : $lang['Deleted'] ) . '<br /><br />' . sprintf($lang['Click_return_topic'], '<a href="' . append_sid("viewtopic.$phpEx?" . POST_TOPIC_URL . "=$topic_id") . '">', '</a>');
$meta = '<meta http-equiv="refresh" content="3;url=' . append_sid("viewtopic.$phpEx?" . POST_TOPIC_URL . '=' . $topic_id) . '">';
$message = ( ( $mode == 'poll_delete' ) ? $lang['Poll_delete'] : $lang['Deleted'] ) . '<br /><br />' . sprintf($lang['Click_return_topic'], '<a href="' . append_sid("viewtopic.$phpEx?" . POST_TOPIC_URL . "=$topic_id") . '">', '</a>');
}
$message .= '<br /><br />' . sprintf($lang['Click_return_forum'], '<a href="' . append_sid("viewforum.$phpEx?" . POST_FORUM_URL . "=$forum_id") . '">', '</a>');
@@ -598,9 +577,9 @@ function user_notification($mode, &$post_data, &$forum_id, &$topic_id, &$post_id
if ( $mode == 'delete' )
{
$delete_sql = ( !$post_data['first_post'] && !$post_data['last_post'] ) ? " AND user_id = " . $userdata['user_id'] : "";
$delete_sql = ( !$post_data['first_post'] && !$post_data['last_post'] ) ? " AND user_id = " . $userdata['user_id'] : '';
$sql = "DELETE FROM " . TOPICS_WATCH_TABLE . " WHERE topic_id = $topic_id" . $delete_sql;
if ( !($result = $db->sql_query($sql)) )
if ( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not change topic notify data', '', __LINE__, __FILE__, $sql);
}
@@ -650,11 +629,13 @@ function user_notification($mode, &$post_data, &$forum_id, &$topic_id, &$post_id
$server_protocol = ( $board_config['cookie_secure'] ) ? 'https://' : 'http://';
$server_port = ( $board_config['server_port'] <> 80 ) ? ':' . trim($board_config['server_port']) . '/' : '/';
$email_headers = "From: " . $board_config['board_email'] . "\nReturn-Path: " . $board_config['board_email'] . "\r\n";
$email_headers = 'From: ' . $board_config['board_email'] . "\nReturn-Path: " . $board_config['board_email'] . "\n";
$update_watched_sql = '';
if ( $row = $db->sql_fetchrow($result) )
{
@set_time_limit(120);
$topic_title = preg_replace($orig_word, $replacement_word, unprepare_message($row['topic_title']));
do
@@ -663,7 +644,7 @@ function user_notification($mode, &$post_data, &$forum_id, &$topic_id, &$post_id
{
$emailer->use_template('topic_notify', $row['user_lang']);
$emailer->email_address($row['user_email']);
$emailer->set_subject();//$lang['Topic_reply_notification']
$emailer->set_subject();
$emailer->extra_headers($email_headers);
$emailer->assign_vars(array(
@@ -711,7 +692,7 @@ function user_notification($mode, &$post_data, &$forum_id, &$topic_id, &$post_id
$sql = "DELETE FROM " . TOPICS_WATCH_TABLE . "
WHERE topic_id = $topic_id
AND user_id = " . $userdata['user_id'];
if ( !$result = $db->sql_query($sql) )
if ( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not delete topic watch information', '', __LINE__, __FILE__, $sql);
}
@@ -720,7 +701,7 @@ function user_notification($mode, &$post_data, &$forum_id, &$topic_id, &$post_id
{
$sql = "INSERT INTO " . TOPICS_WATCH_TABLE . " (user_id, topic_id, notify_status)
VALUES (" . $userdata['user_id'] . ", $topic_id, 0)";
if ( !($result = $db->sql_query($sql)) )
if ( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not insert topic watch information', '', __LINE__, __FILE__, $sql);
}

41
phpBB/includes/functions_search.php
View File

@@ -21,9 +21,8 @@
function clean_words($mode, &$entry, &$stopword_list, &$synonym_list)
{
// Weird, $init_match doesn't work with static when double quotes (") are used...
static $drop_char_match = array('^', '$', '&', '(', ')', '<', '>', '`', '\'', '"', '|', ',', '@', '_', '?', '%', '-', '~', '+', '.', '[', ']', '{', '}', ':', '\\', '/', '=', '#', '\'', ';', '!');
static $drop_char_replace = array(' ', ' ', ' ', ' ', ' ', ' ', ' ', '', '', ' ', ' ', ' ', ' ', '', ' ', ' ', '', ' ', ' ', ' ', ' ', ' ', ' ', ' ', ' ', ' ' , ' ', ' ', ' ', ' ', ' ', ' ');
static $drop_char_replace = array(' ', ' ', ' ', ' ', ' ', ' ', ' ', '', '', ' ', ' ', ' ', ' ', '', ' ', ' ', '', ' ', ' ', ' ', ' ', ' ', ' ', ' ', ' ', ' ' , ' ', ' ', ' ', ' ', ' ', ' ');
$entry = ' ' . strip_tags(strtolower($entry)) . ' ';
@@ -42,13 +41,10 @@ function clean_words($mode, &$entry, &$stopword_list, &$synonym_list)
}
else if ( $mode == 'search' )
{
$entry = str_replace('+', ' and ', $entry);
$entry = str_replace('-', ' not ', $entry);
$entry = str_replace(' +', ' and ', $entry);
$entry = str_replace(' -', ' not ', $entry);
}
// Replace numbers on their own
$entry = preg_replace('/\b[0-9]+\b/', ' ', $entry);
//
// Filter out strange characters like ^, $, &, change "it's" to "its"
//
@@ -61,8 +57,8 @@ function clean_words($mode, &$entry, &$stopword_list, &$synonym_list)
{
$entry = str_replace('*', ' ', $entry);
// 'words' that consist of <=3 or >=25 characters are removed.
$entry = preg_replace('/\b([a-z0-9]{1,3}|[a-z0-9]{20,})\b/',' ', $entry);
// 'words' that consist of <3 or >20 characters are removed.
$entry = preg_replace('/\b([a-z0-9]{1,2}|[a-z0-9]{21,})\b/',' ', $entry);
}
if ( !empty($stopword_list) )
@@ -95,14 +91,8 @@ function clean_words($mode, &$entry, &$stopword_list, &$synonym_list)
function split_words(&$entry, $mode = 'post')
{
if ( $mode == 'post' )
{
preg_match_all("/\b(\w[\w']*\w+|\w+?)\b/", $entry, $split_entries);
}
else
{
preg_match_all('/(\*?[a-z0-9]+\*?)|\b([a-z0-9]+)\b/', $entry, $split_entries);
}
$rex = ( $mode == 'post' ) ? "/\b(\w[\w']*\w+|\w+?)\b/" : '/(\*?[<5B>-<2D>a-z0-9]+\*?)|\b([<5B>-<2D>a-z0-9]+)\b/';
preg_match_all($rex, $entry, $split_entries);
return $split_entries[1];
}
@@ -198,14 +188,14 @@ function add_search_words($post_id, $post_text, $post_title = '')
{
case 'mysql':
case 'mysql4':
$value_sql .= ( ( $value_sql != '' ) ? ', ' : '' ) . '(\'' . $word[$i] . '\')';
$value_sql .= ( ( $value_sql != '' ) ? ', ' : '' ) . '(\'' . $word[$i] . '\', 0)';
break;
case 'mssql':
$value_sql .= ( ( $value_sql != '' ) ? ' UNION ALL ' : '' ) . "SELECT '" . $word[$i] . "'";
$value_sql .= ( ( $value_sql != '' ) ? ' UNION ALL ' : '' ) . "SELECT '" . $word[$i] . "', 0";
break;
default:
$sql = "INSERT INTO " . SEARCH_WORD_TABLE . " (word_text)
VALUES ('" . $word[$i] . "')";
$sql = "INSERT INTO " . SEARCH_WORD_TABLE . " (word_text, word_common)
VALUES ('" . $word[$i] . "', 0)";
if( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not insert new word', '', __LINE__, __FILE__, $sql);
@@ -221,11 +211,11 @@ function add_search_words($post_id, $post_text, $post_title = '')
{
case 'mysql':
case 'mysql4':
$sql = "INSERT IGNORE INTO " . SEARCH_WORD_TABLE . " (word_text)
$sql = "INSERT IGNORE INTO " . SEARCH_WORD_TABLE . " (word_text, word_common)
VALUES $value_sql";
break;
case 'mssql':
$sql = "INSERT INTO " . SEARCH_WORD_TABLE . " (word_text)
$sql = "INSERT INTO " . SEARCH_WORD_TABLE . " (word_text, word_common)
$value_sql";
break;
}
@@ -428,7 +418,9 @@ function remove_search_post($post_id_sql)
function username_search($search_match)
{
global $db, $board_config, $template, $lang, $images, $theme, $phpEx, $phpbb_root_path;
global $starttime;
global $starttime, $gen_simple_header;
$gen_simple_header = TRUE;
$username_list = '';
if ( !empty($search_match) )
@@ -459,7 +451,6 @@ function username_search($search_match)
$db->sql_freeresult($result);
}
$gen_simple_header = TRUE;
$page_title = $lang['Search'];
include($phpbb_root_path . 'includes/page_header.'.$phpEx);

8
phpBB/includes/functions_validate.php
View File

@@ -63,7 +63,7 @@ function validate_username($username)
{
while( $row = $db->sql_fetchrow($result) )
{
if ( preg_match("#\b(" . str_replace("\*", "\w*?", preg_quote($row['disallow_username'])) . ")\b#i", $username) )
if ( preg_match("#\b(" . str_replace("\*", ".*?", phpbb_preg_quote($row['disallow_username'], '#')) . ")\b#i", $username) )
{
return array('error' => true, 'error_msg' => $lang['Username_disallowed']);
}
@@ -76,7 +76,7 @@ function validate_username($username)
{
while( $row = $db->sql_fetchrow($result) )
{
if ( preg_match("#\b(" . str_replace("\*", "\w*?", preg_quote($row['word'])) . ")\b#i", $username) )
if ( preg_match("#\b(" . str_replace("\*", ".*?", phpbb_preg_quote($row['word'], '#')) . ")\b#i", $username) )
{
return array('error' => true, 'error_msg' => $lang['Username_disallowed']);
}
@@ -102,7 +102,7 @@ function validate_email($email)
if ( $email != '' )
{
if ( preg_match('/^[a-z0-9\.\-_]+@[a-z0-9\-_]+\.([a-z0-9\-_]+\.)*?[a-z]+$/is', $email) )
if ( preg_match('/^[a-z0-9\.\-_\+]+@[a-z0-9\-_]+\.([a-z0-9\-_]+\.)*?[a-z]+$/is', $email) )
{
$sql = "SELECT ban_email
FROM " . BANLIST_TABLE;
@@ -110,7 +110,7 @@ function validate_email($email)
{
while( $row = $db->sql_fetchrow($result) )
{
$match_email = str_replace('*', '.*', $row['ban_email']);
$match_email = str_replace('*', '.*?', $row['ban_email']);
if ( preg_match('/^' . $match_email . '$/is', $email) )
{
return array('error' => true, 'error_msg' => $lang['Email_banned']);

10
phpBB/includes/page_header.php
View File

@@ -35,7 +35,7 @@ if ( $board_config['gzip_compress'] )
{
$phpver = phpversion();
if ( $phpver >= '4.0.4pl1' )
if ( $phpver >= '4.0.4pl1' && strstr($HTTP_USER_AGENT,'compatible') )
{
if ( extension_loaded('zlib') )
{
@@ -85,13 +85,11 @@ $s_last_visit = ( $userdata['session_logged_in'] ) ? create_date($board_config['
// Get basic (usernames + totals) online
// situation
//
$user_forum_sql = ( !empty($forum_id) ) ? "AND ( u.user_session_page = $forum_id
OR s.session_page = $forum_id)" : '';
$user_forum_sql = ( !empty($forum_id) ) ? "AND s.session_page = $forum_id" : '';
$sql = "SELECT u.username, u.user_id, u.user_allow_viewonline, u.user_level, s.session_logged_in, s.session_ip
FROM ".USERS_TABLE." u, ".SESSIONS_TABLE." s
WHERE u.user_id = s.session_user_id
AND ( s.session_time >= ".( time() - 300 ) . "
OR u.user_session_time >= " . ( time() - 300 ) . " )
AND s.session_time >= ".( time() - 300 ) . "
$user_forum_sql
ORDER BY u.username ASC, s.session_ip ASC";
if( !($result = $db->sql_query($sql)) )
@@ -386,7 +384,7 @@ $template->assign_vars(array(
'S_CONTENT_ENCODING' => $lang['ENCODING'],
'S_CONTENT_DIR_LEFT' => $lang['LEFT'],
'S_CONTENT_DIR_RIGHT' => $lang['RIGHT'],
'S_TIMEZONE' => sprintf($lang['All_times'], $lang[$board_config['board_timezone']]),
'S_TIMEZONE' => sprintf($lang['All_times'], $lang[number_format($board_config['board_timezone'])]),
'S_LOGIN_ACTION' => append_sid('login.'.$phpEx),
'T_HEAD_STYLESHEET' => $theme['head_stylesheet'],

65
phpBB/includes/page_tail.php
View File

@@ -22,70 +22,35 @@
if ( !defined('IN_PHPBB') )
{
die("Hacking attempt");
die('Hacking attempt');
}
//
// Show the overall footer.
//
if($userdata['user_level'] == ADMIN)
{
$admin_link = "<a href=\"" . append_sid("admin/index.$phpEx") . "\">" . $lang['Admin_panel'] . "</a><br /><br />";
}
else
{
$admin_link = "";
}
$current_time = time();
$admin_link = ( $userdata['user_level'] == ADMIN ) ? '<a href="' . append_sid("admin/index.$phpEx") . '">' . $lang['Admin_panel'] . '</a><br /><br />' : '';
if( empty($gen_simple_header) )
{
$template->set_filenames(array(
"overall_footer" => "overall_footer.tpl")
);
}
else
{
$template->set_filenames(array(
"overall_footer" => "simple_footer.tpl")
);
}
$template->assign_vars(array(
"PHPBB_VERSION" => "2.0 " . $board_config['version'],
"TRANSLATION_INFO" => ( isset($lang['TRANSLATION_INFO']) ) ? $lang['TRANSLATION_INFO'] : "",
"ADMIN_LINK" => $admin_link)
$template->set_filenames(array(
'overall_footer' => ( empty($gen_simple_header) ) ? 'overall_footer.tpl' : 'simple_footer.tpl')
);
$template->pparse("overall_footer");
$template->assign_vars(array(
'PHPBB_VERSION' => '2' . $board_config['version'],
'TRANSLATION_INFO' => ( isset($lang['TRANSLATION_INFO']) ) ? $lang['TRANSLATION_INFO'] : '',
'ADMIN_LINK' => $admin_link)
);
//
// Output page creation time
//
$mtime = microtime();
$mtime = explode(" ",$mtime);
$mtime = $mtime[1] + $mtime[0];
$endtime = $mtime;
$totaltime = ($endtime - $starttime);
$gzip_text = ($board_config['gzip_compress']) ? "GZIP compression enabled" : "GZIP compression disabled";
$debug_mode = (DEBUG) ? " : Debug Mode" : "";
printf("<br /><center><font size=\"-2\">phpBB Created this page in %f seconds : " . $db->num_queries . " queries executed : $gzip_text".$debug_mode."</font></center>", $totaltime);
$template->pparse('overall_footer');
//
// Close our DB connection.
//
$db->sql_close();
//for($i=0;$i<count($db->query_array);$i++)
// echo $db->query_array[$i] . "<BR>";
//
// Compress buffered output if required
// and send to browser
// Compress buffered output if required and send to browser
//
if($do_gzip_compress)
if ( $do_gzip_compress )
{
//
// Borrowed from php.net!
@@ -101,10 +66,10 @@ if($do_gzip_compress)
echo "\x1f\x8b\x08\x00\x00\x00\x00\x00";
echo $gzip_contents;
echo pack("V", $gzip_crc);
echo pack("V", $gzip_size);
echo pack('V', $gzip_crc);
echo pack('V', $gzip_size);
}
exit;
?>
?>

124
phpBB/includes/sessions.php
View File

@@ -20,8 +20,6 @@
*
***************************************************************************/
//
// session_begin()
//
// Adds/updates a new session to the database for the given userid.
// Returns the new session ID on success.
@@ -54,8 +52,7 @@ function session_begin($user_id, $user_ip, $page_id, $auto_create = 0, $enable_a
$expiry_time = $current_time - $board_config['session_length'];
//
// Try and pull the last time stored
// in a cookie, if it exists
// Try and pull the last time stored in a cookie, if it exists
//
$sql = "SELECT *
FROM " . USERS_TABLE . "
@@ -81,8 +78,6 @@ function session_begin($user_id, $user_ip, $page_id, $auto_create = 0, $enable_a
// autologinid matches password
$login = 1;
$enable_autologin = 1;
$last_visit = ( $userdata['user_session_time'] > 0 ) ? $userdata['user_session_time'] : $current_time;
}
else
{
@@ -102,7 +97,6 @@ function session_begin($user_id, $user_ip, $page_id, $auto_create = 0, $enable_a
}
else
{
$last_visit = ( $userdata['user_session_time'] > 0 ) ? $userdata['user_session_time'] : $current_time;
$login = 1;
}
}
@@ -123,8 +117,8 @@ function session_begin($user_id, $user_ip, $page_id, $auto_create = 0, $enable_a
OR ban_userid = $user_id";
if ( $user_id != ANONYMOUS )
{
$sql .= " OR ban_email LIKE '" . str_replace("\'", "''", $row['user_email']) . "'
OR ban_email LIKE '" . substr(str_replace("\'", "''", $row['user_email']), strpos(str_replace("\'", "''", $row['user_email']), "@")) . "'";
$sql .= " OR ban_email LIKE '" . str_replace("\'", "''", $userdata['user_email']) . "'
OR ban_email LIKE '" . substr(str_replace("\'", "''", $userdata['user_email']), strpos(str_replace("\'", "''", $userdata['user_email']), "@")) . "'";
}
if ( !($result = $db->sql_query($sql)) )
{
@@ -146,27 +140,29 @@ function session_begin($user_id, $user_ip, $page_id, $auto_create = 0, $enable_a
SET session_user_id = $user_id, session_start = $current_time, session_time = $current_time, session_page = $page_id, session_logged_in = $login
WHERE session_id = '" . $session_id . "'
AND session_ip = '$user_ip'";
if ( !($result = $db->sql_query($sql)) || !$db->sql_affectedrows() )
if ( !$db->sql_query($sql) || !$db->sql_affectedrows() )
{
$session_id = md5(uniqid($user_ip));
$sql = "INSERT INTO " . SESSIONS_TABLE . "
(session_id, session_user_id, session_start, session_time, session_ip, session_page, session_logged_in)
VALUES ('$session_id', $user_id, $current_time, $current_time, '$user_ip', $page_id, $login)";
if ( !($result = $db->sql_query($sql)) )
if ( !$db->sql_query($sql) )
{
message_die(CRITICAL_ERROR, 'Error creating new session : session_begin', '', __LINE__, __FILE__, $sql);
message_die(CRITICAL_ERROR, 'Error creating new session', '', __LINE__, __FILE__, $sql);
}
}
if ( $user_id != ANONYMOUS )
{
{// ( $userdata['user_session_time'] > $expiry_time && $auto_create ) ? $userdata['user_lastvisit'] : (
$last_visit = ( $userdata['user_session_time'] > 0 ) ? $userdata['user_session_time'] : $current_time;
$sql = "UPDATE " . USERS_TABLE . "
SET user_session_time = $current_time, user_session_page = $page_id, user_lastvisit = $last_visit
WHERE user_id = $user_id";
if ( !$db->sql_query($sql) )
{
message_die(CRITICAL_ERROR, 'Error updating last visit time : session_begin', '', __LINE__, __FILE__, $sql);
message_die(CRITICAL_ERROR, 'Error updating last visit time', '', __LINE__, __FILE__, $sql);
}
$userdata['user_lastvisit'] = $last_visit;
@@ -185,8 +181,6 @@ function session_begin($user_id, $user_ip, $page_id, $auto_create = 0, $enable_a
setcookie($cookiename . '_data', serialize($sessiondata), $current_time + 31536000, $cookiepath, $cookiedomain, $cookiesecure);
setcookie($cookiename . '_sid', $session_id, 0, $cookiepath, $cookiedomain, $cookiesecure);
// header('Set-cookie: ' . $cookiename . '_data=' . urlencode(serialize($sessiondata)) . '; expires=' . gmdate("l, d-M-Y H:i:s", $current_time + 31536000) . ' GMT; domain=' . $cookiedomain . '; path=' . $cookiepath . $cookiesecure);
// header('Set-cookie: ' . $cookiename . '_sid=' . $session_id . '; domain=' . $cookiedomain . '; path=' . $cookiepath . $cookiesecure);
$SID = ( $sessionmethod == SESSION_METHOD_GET ) ? 'sid=' . $session_id : '';
@@ -194,8 +188,8 @@ function session_begin($user_id, $user_ip, $page_id, $auto_create = 0, $enable_a
}
//
// Checks for a given user session, tidies session
// table and updates user sessions at each page refresh
// Checks for a given user session, tidies session table and updates user
// sessions at each page refresh
//
function session_pagestart($user_ip, $thispage_id)
{
@@ -206,7 +200,6 @@ function session_pagestart($user_ip, $thispage_id)
$cookiepath = $board_config['cookie_path'];
$cookiedomain = $board_config['cookie_domain'];
$cookiesecure = $board_config['cookie_secure'];
$cookiesecure = ( $board_config['cookie_secure'] ) ? '; secure' : '';
$current_time = time();
unset($userdata);
@@ -219,7 +212,7 @@ function session_pagestart($user_ip, $thispage_id)
}
else
{
$session_data = '';
$sessiondata = '';
$session_id = ( isset($HTTP_GET_VARS['sid']) ) ? $HTTP_GET_VARS['sid'] : '';
$sessionmethod = SESSION_METHOD_GET;
}
@@ -236,11 +229,10 @@ function session_pagestart($user_ip, $thispage_id)
$sql = "SELECT u.*, s.*
FROM " . SESSIONS_TABLE . " s, " . USERS_TABLE . " u
WHERE s.session_id = '$session_id'
AND u.user_id = s.session_user_id
AND s.session_ip = '$user_ip'";
AND u.user_id = s.session_user_id";
if ( !($result = $db->sql_query($sql)) )
{
message_die(CRITICAL_ERROR, 'Error doing DB query userdata row fetch : session_pagestart', '', __LINE__, __FILE__, $sql);
message_die(CRITICAL_ERROR, 'Error doing DB query userdata row fetch', '', __LINE__, __FILE__, $sql);
}
$userdata = $db->sql_fetchrow($result);
@@ -250,40 +242,60 @@ function session_pagestart($user_ip, $thispage_id)
//
if ( isset($userdata['user_id']) )
{
$SID = ( $sessionmethod == SESSION_METHOD_GET ) ? 'sid=' . $session_id : '';
//
// Only update session DB a minute or so after last update
// Do not check IP assuming equivalence, if IPv4 we'll check only first 24
// bits ... I've been told (by vHiker) this should alleviate problems with
// load balanced et al proxies while retaining some reliance on IP security.
//
$last_update = ( $userdata['user_id'] == ANONYMOUS ) ? $userdata['session_time'] : $userdata['user_session_time'];
$ip_check_s = substr($userdata['session_ip'], 0, 6);
$ip_check_u = substr($user_ip, 0, 6);
if ( $current_time - $last_update > 60 )
{ // || $userdata['user_session_page'] != $thispage_id
$sql = ( $userdata['user_id'] == ANONYMOUS ) ? "UPDATE " . SESSIONS_TABLE . " SET session_time = $current_time, session_page = $thispage_id WHERE session_id = '" . $userdata['session_id'] . "' AND session_ip = '$user_ip'" : "UPDATE " . USERS_TABLE . " SET user_session_time = $current_time, user_session_page = $thispage_id WHERE user_id = " . $userdata['user_id'];
if ( !$db->sql_query($sql) )
{
message_die(CRITICAL_ERROR, 'Error updating sessions table : session_pagestart', '', __LINE__, __FILE__, $sql);
}
if ( $ip_check_s == $ip_check_u )
{
$SID = ( $sessionmethod == SESSION_METHOD_GET ) ? 'sid=' . $session_id : '';
//
// Delete expired sessions
// Only update session DB a minute or so after last update
//
$expiry_time = $current_time - $board_config['session_length'];
$sql = "DELETE FROM " . SESSIONS_TABLE . "
WHERE session_time < $expiry_time
AND session_id <> '$session_id'";
if ( !($result = $db->sql_query($sql)) )
if ( $current_time - $userdata['session_time'] > 60 )
{
message_die(CRITICAL_ERROR, 'Error clearing sessions table : session_pagestart', '', __LINE__, __FILE__, $sql);
$sql = "UPDATE " . SESSIONS_TABLE . "
SET session_time = $current_time, session_page = $thispage_id
WHERE session_id = '" . $userdata['session_id'] . "'";
if ( !$db->sql_query($sql) )
{
message_die(CRITICAL_ERROR, 'Error updating sessions table', '', __LINE__, __FILE__, $sql);
}
if ( $userdata['user_id'] != ANONYMOUS )
{
$sql = "UPDATE " . USERS_TABLE . "
SET user_session_time = $current_time, user_session_page = $thispage_id
WHERE user_id = " . $userdata['user_id'];
if ( !$db->sql_query($sql) )
{
message_die(CRITICAL_ERROR, 'Error updating sessions table', '', __LINE__, __FILE__, $sql);
}
}
//
// Delete expired sessions
//
$expiry_time = $current_time - $board_config['session_length'];
$sql = "DELETE FROM " . SESSIONS_TABLE . "
WHERE session_time < $expiry_time
AND session_id <> '$session_id'";
if ( !$db->sql_query($sql) )
{
message_die(CRITICAL_ERROR, 'Error clearing sessions table', '', __LINE__, __FILE__, $sql);
}
setcookie($cookiename . '_data', serialize($sessiondata), $current_time + 31536000, $cookiepath, $cookiedomain, $cookiesecure);
setcookie($cookiename . '_sid', $session_id, 0, $cookiepath, $cookiedomain, $cookiesecure);
}
setcookie($cookiename . '_data', serialize($sessiondata), $current_time + 31536000, $cookiepath, $cookiedomain, $cookiesecure);
setcookie($cookiename . '_sid', $session_id, 0, $cookiepath, $cookiedomain, $cookiesecure);
// header('Set-cookie: ' . $cookiename . '_data=' . urlencode(serialize($sessiondata)) . '; expires=' . gmdate("l, d-M-Y H:i:s", $current_time + 31536000) . ' GMT; domain=' . $cookiedomain . '; path=' . $cookiepath . $cookiesecure);
// header('Set-cookie: ' . $cookiename . '_sid=' . $session_id . '; domain=' . $cookiedomain . '; path=' . $cookiepath . $cookiesecure);
return $userdata;
}
return $userdata;
}
}
@@ -291,11 +303,11 @@ function session_pagestart($user_ip, $thispage_id)
// If we reach here then no (valid) session exists. So we'll create a new one,
// using the cookie user_id if available to pull basic user prefs.
//
$user_id = ( isset($sessiondata['userid']) ) ? $sessiondata['userid'] : ANONYMOUS;
$user_id = ( isset($sessiondata['userid']) ) ? intval($sessiondata['userid']) : ANONYMOUS;
if ( !($userdata = session_begin($user_id, $user_ip, $thispage_id, TRUE)) )
{
message_die(CRITICAL_ERROR, 'Error creating user session : session_pagestart', '', __LINE__, __FILE__, $sql);
message_die(CRITICAL_ERROR, 'Error creating user session', '', __LINE__, __FILE__, $sql);
}
return $userdata;
@@ -316,7 +328,6 @@ function session_end($session_id, $user_id)
$cookiepath = $board_config['cookie_path'];
$cookiedomain = $board_config['cookie_domain'];
$cookiesecure = $board_config['cookie_secure'];
// $cookiesecure = ( $board_config['cookie_secure'] ) ? '; secure' : '';
//
// Pull cookiedata or grab the URI propagated sid
@@ -338,20 +349,15 @@ function session_end($session_id, $user_id)
$sql = "DELETE FROM " . SESSIONS_TABLE . "
WHERE session_id = '$session_id'
AND session_user_id = $user_id";
if ( !($result = $db->sql_query($sql)) )
if ( !$db->sql_query($sql) )
{
message_die(CRITICAL_ERROR, 'Error removing user session : session_end', '', __LINE__, __FILE__, $sql);
message_die(CRITICAL_ERROR, 'Error removing user session', '', __LINE__, __FILE__, $sql);
}
setcookie($cookiename . '_data', '', $current_time - 31536000, $cookiepath, $cookiedomain, $cookiesecure);
setcookie($cookiename . '_sid', '', $current_time - 31536000, $cookiepath, $cookiedomain, $cookiesecure);
// header('Set-cookie: ' . $cookiename . '_data=0; expires=' . gmdate("l, d-M-Y H:i:s", 0) . ' GMT; domain=' . $cookiedomain . '; path=' . $cookiepath. $cookiesecure);
// header('Set-cookie: ' . $cookiename . '_sid=0; expires=' . gmdate("l, d-M-Y H:i:s", 0) . ' GMT; domain=' . $cookiedomain . '; path=' . $cookiepath . $cookiesecure);
$SID = ( $sessionmethod == SESSION_METHOD_GET ) ? 'sid=' . $session_id : '';
return TRUE;
return true;
}
//
@@ -372,4 +378,4 @@ function append_sid($url, $non_html_amp = false)
return($url);
}
?>
?>

2
phpBB/includes/smtp.php
View File

@@ -170,7 +170,7 @@ function smtpmail($mail_to, $subject, $message, $headers = "")
fputs( $socket, "RCPT TO: <$mail_to_address>\r\n" );
server_parse( $socket, "250" );
}
$to_header .= "<$mail_to_address>, ";
$to_header .= ( ( $mail_to_address != '' ) ? ', ' : '' ) . "<$mail_to_address>";
}
// Ok now do the CC and BCC fields...
@reset( $bcc );

7
phpBB/includes/topic_review.php
View File

@@ -139,6 +139,11 @@ function topic_review($topic_id, $is_inline_review)
$poster = $row['post_username'];
$poster_rank = $lang['Guest'];
}
elseif ( $poster_id == ANONYMOUS )
{
$poster = $lang['Guest'];
$poster_rank = '';
}
$post_subject = ( $row['post_subject'] != '' ) ? $row['post_subject'] : '';
@@ -218,4 +223,4 @@ function topic_review($topic_id, $is_inline_review)
}
}
?>
?>

135
phpBB/includes/usercp_activate.php
View File

@@ -27,70 +27,81 @@ if ( !defined('IN_PHPBB') )
exit;
}
$sql = "SELECT user_id, user_email, user_newpasswd, user_lang
$sql = "SELECT user_active, user_id, user_email, user_newpasswd, user_lang, user_actkey
FROM " . USERS_TABLE . "
WHERE user_actkey = '" . str_replace("\'", "''", $HTTP_GET_VARS['act_key']) . "'";
if ( $result = $db->sql_query($sql) )
{
if ( $row = $db->sql_fetchrow($result) )
{
$sql_update_pass = ( $row['user_newpasswd'] != '' ) ? ", user_password = '" . str_replace("\'", "''", $row['user_newpasswd']) . "', user_newpasswd = ''" : "";
$sql = "UPDATE " . USERS_TABLE . "
SET user_active = 1, user_actkey = ''" . $sql_update_pass . "
WHERE user_id = " . $row['user_id'];
if ( $result = $db->sql_query($sql) )
{
if ( $board_config['require_activation'] == USER_ACTIVATION_ADMIN && $sql_update_pass == '' )
{
include($phpbb_root_path . 'includes/emailer.'.$phpEx);
$emailer = new emailer($board_config['smtp_delivery']);
$email_headers = 'From: ' . $board_config['board_email'] . "\r\nReturn-Path: " . $board_config['board_email'] . "\r\n";
$emailer->use_template('admin_welcome_activated', $row['user_lang']);
$emailer->email_address($row['user_email']);
$emailer->set_subject();//$lang['Account_activated_subject']
$emailer->extra_headers($email_headers);
$emailer->assign_vars(array(
'SITENAME' => $board_config['sitename'],
'USERNAME' => $username,
'PASSWORD' => $password_confirm,
'EMAIL_SIG' => str_replace('<br />', "\n", "-- \n" . $board_config['board_email_sig']))
);
$emailer->send();
$emailer->reset();
$template->assign_vars(array(
'META' => '<meta http-equiv="refresh" content="10;url=' . append_sid("index.$phpEx") . '">')
);
message_die(GENERAL_MESSAGE, $lang['Account_active_admin']);
}
else
{
$template->assign_vars(array(
'META' => '<meta http-equiv="refresh" content="10;url=' . append_sid("index.$phpEx") . '">')
);
$message = ( $sql_update_pass == '' ) ? $lang['Account_active'] : $lang['Password_activated'];
message_die(GENERAL_MESSAGE, $message);
}
}
else
{
message_die(GENERAL_ERROR, 'Could not update users table', '', __LINE__, __FILE__, $sql_update);
}
}
else
{
message_die(GENERAL_ERROR, $lang['Wrong_activation']); //wrongactiv
}
}
else
WHERE user_id = " . intval($HTTP_GET_VARS[POST_USERS_URL]);
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not obtain user information', '', __LINE__, __FILE__, $sql);
}
?>
if ( $row = $db->sql_fetchrow($result) )
{
if ( $row['user_active'] && $row['user_actkey'] == '' )
{
$template->assign_vars(array(
'META' => '<meta http-equiv="refresh" content="10;url=' . append_sid("index.$phpEx") . '">')
);
message_die(GENERAL_MESSAGE, $lang['Already_activated']);
}
else if ( $row['user_actkey'] == $HTTP_GET_VARS['act_key'] )
{
$sql_update_pass = ( $row['user_newpasswd'] != '' ) ? ", user_password = '" . str_replace("\'", "''", $row['user_newpasswd']) . "', user_newpasswd = ''" : '';
$sql = "UPDATE " . USERS_TABLE . "
SET user_active = 1, user_actkey = ''" . $sql_update_pass . "
WHERE user_id = " . $row['user_id'];
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not update users table', '', __LINE__, __FILE__, $sql_update);
}
if ( $board_config['require_activation'] == USER_ACTIVATION_ADMIN && $sql_update_pass == '' )
{
include($phpbb_root_path . 'includes/emailer.'.$phpEx);
$emailer = new emailer($board_config['smtp_delivery']);
$email_headers = 'From: ' . $board_config['board_email'] . "\nReturn-Path: " . $board_config['board_email'] . "\n";
$emailer->use_template('admin_welcome_activated', $row['user_lang']);
$emailer->email_address($row['user_email']);
$emailer->set_subject();//$lang['Account_activated_subject']
$emailer->extra_headers($email_headers);
$emailer->assign_vars(array(
'SITENAME' => $board_config['sitename'],
'USERNAME' => $username,
'PASSWORD' => $password_confirm,
'EMAIL_SIG' => str_replace('<br />', "\n", "-- \n" . $board_config['board_email_sig']))
);
$emailer->send();
$emailer->reset();
$template->assign_vars(array(
'META' => '<meta http-equiv="refresh" content="10;url=' . append_sid("index.$phpEx") . '">')
);
message_die(GENERAL_MESSAGE, $lang['Account_active_admin']);
}
else
{
$template->assign_vars(array(
'META' => '<meta http-equiv="refresh" content="10;url=' . append_sid("index.$phpEx") . '">')
);
$message = ( $sql_update_pass == '' ) ? $lang['Account_active'] : $lang['Password_activated'];
message_die(GENERAL_MESSAGE, $message);
}
}
else
{
message_die(GENERAL_MESSAGE, $lang['Wrong_activation']);
}
}
else
{
message_die(GENERAL_MESSAGE, $lang['No_such_user']);
}
?>

23
phpBB/includes/usercp_avatar.php
View File

@@ -64,17 +64,26 @@ function user_avatar_delete($avatar_type, $avatar_file)
function user_avatar_gallery($mode, &$error, &$error_msg, $avatar_filename)
{
return ( $mode == 'editprofile' ) ? ", user_avatar = '" . str_replace("\'", "''", $avatar_filename) . "', user_avatar_type = " . USER_AVATAR_GALLERY : '';
global $board_config;
if ( file_exists($board_config['avatar_gallery_path'] . '/' . $avatar_filename) && ($mode == 'editprofile') )
{
$return = ", user_avatar = '" . str_replace("\'", "''", $avatar_filename) . "', user_avatar_type = " . USER_AVATAR_GALLERY;
}
else
{
$return = '';
}
return $return;
}
function user_avatar_url($mode, &$error, &$error_msg, $avatar_filename)
{
if ( !preg_match('#^http:\/\/#i', $avatar_filename) )
if ( !preg_match('#^(http)|(ftp):\/\/#i', $avatar_filename) )
{
$avatar_filename = 'http://' . $avatar_filename;
}
if ( !preg_match('#^(http:\/\/[a-z0-9\-]+?\.([a-z0-9\-]+\.)*[a-z]+(:[0-9]+)*\/.*?\.(gif|jpg|jpeg|png)$)#is', $avatar_filename) )
if ( !preg_match('#^((http)|(ftp):\/\/[a-z0-9\-]+?\.([a-z0-9\-]+\.)+[a-z]+(:[0-9]+)*\/.*?\.(gif|jpg|jpeg|png)$)#is', $avatar_filename) )
{
$error = true;
$error_msg = ( !empty($error_msg) ) ? $error_msg . '<br />' . $lang['Wrong_remote_avatar_format'] : $lang['Wrong_remote_avatar_format'];
@@ -162,7 +171,7 @@ function user_avatar_upload($mode, $avatar_mode, &$current_avatar, &$current_typ
{
if ( $avatar_filesize <= $board_config['avatar_filesize'] && $avatar_filesize > 0 )
{
preg_match("'image\/[x\-]*([a-z]+)'", $avatar_filetype, $avatar_filetype);
preg_match('#image\/[x\-]*([a-z]+)#', $avatar_filetype, $avatar_filetype);
$avatar_filetype = $avatar_filetype[1];
}
else
@@ -184,7 +193,7 @@ function user_avatar_upload($mode, $avatar_mode, &$current_avatar, &$current_typ
if ( $width <= $board_config['avatar_max_width'] && $height <= $board_config['avatar_max_height'] )
{
$new_filename = ( $current_avatar != '' && $mode != 'register' ) ? $current_avatar : uniqid($user_ip) . $imgtype;
$new_filename = uniqid($user_ip) . $imgtype;
if ( $mode == 'editprofile' && $current_type == USER_AVATAR_UPLOAD && $current_avatar != '' )
{
@@ -233,7 +242,7 @@ function user_avatar_upload($mode, $avatar_mode, &$current_avatar, &$current_typ
return $avatar_sql;
}
function display_avatar_gallery($mode, &$category, &$user_id, &$email, &$current_email, &$coppa, &$username, &$email, &$icq, &$aim, &$msn, &$yim, &$website, &$location, &$occupation, &$interests, &$signature, &$viewemail, &$notifypm, &$popuppm, &$notifyreply, &$attachsig, &$allowhtml, &$allowbbcode, &$allowsmilies, &$allowviewonline, &$style, &$language, &$timezone, &$dateformat)
function display_avatar_gallery($mode, &$category, &$user_id, &$email, &$current_email, &$coppa, &$username, &$email, &$new_password, &$cur_password, &$password_confirm, &$icq, &$aim, &$msn, &$yim, &$website, &$location, &$occupation, &$interests, &$signature, &$viewemail, &$notifypm, &$popuppm, &$notifyreply, &$attachsig, &$allowhtml, &$allowbbcode, &$allowsmilies, &$hideonline, &$style, &$language, &$timezone, &$dateformat)
{
global $board_config, $db, $template, $lang, $images, $theme;
global $phpbb_root_path, $phpEx;
@@ -309,7 +318,7 @@ function display_avatar_gallery($mode, &$category, &$user_id, &$email, &$current
}
}
$params = array('coppa', 'user_id', 'username', 'email', 'current_email', 'icq', 'aim', 'msn', 'yim', 'website', 'location', 'occupation', 'interests', 'signature', 'viewemail', 'notifypm', 'popuppm', 'notifyreply', 'attachsig', 'allowhtml', 'allowbbcode', 'allowsmilies', 'allowviewonline', 'style', 'language', 'timezone', 'dateformat');
$params = array('coppa', 'user_id', 'username', 'email', 'current_email', 'cur_password', 'new_password', 'password_confirm', 'icq', 'aim', 'msn', 'yim', 'website', 'location', 'occupation', 'interests', 'signature', 'viewemail', 'notifypm', 'popuppm', 'notifyreply', 'attachsig', 'allowhtml', 'allowbbcode', 'allowsmilies', 'hideonline', 'style', 'language', 'timezone', 'dateformat');
$s_hidden_vars = '<input type="hidden" name="agreed" value="true" />';

42
phpBB/includes/usercp_email.php
View File

@@ -27,21 +27,21 @@ if ( !defined('IN_PHPBB') )
exit;
}
if ( !$userdata['session_logged_in'] )
{
header('Location: ' . append_sid("login.$phpEx?redirect=profile.$phpEx&mode=email&" . POST_USERS_URL . "=$user_id", true));
exit;
}
if ( !empty($HTTP_GET_VARS[POST_USERS_URL]) || !empty($HTTP_POST_VARS[POST_USERS_URL]) )
{
$user_id = ( !empty($HTTP_GET_VARS[POST_USERS_URL]) ) ? $HTTP_GET_VARS[POST_USERS_URL] : $HTTP_POST_VARS[POST_USERS_URL];
$user_id = ( !empty($HTTP_GET_VARS[POST_USERS_URL]) ) ? intval($HTTP_GET_VARS[POST_USERS_URL]) : intval($HTTP_POST_VARS[POST_USERS_URL]);
}
else
{
message_die(GENERAL_MESSAGE, $lang['No_user_specified']);
}
if ( !$userdata['session_logged_in'] )
{
header('Location: ' . append_sid("login.$phpEx?redirect=profile.$phpEx&mode=email&" . POST_USERS_URL . "=$user_id", true));
exit;
}
$sql = "SELECT username, user_email, user_viewemail, user_lang
FROM " . USERS_TABLE . "
WHERE user_id = $user_id";
@@ -94,16 +94,11 @@ if ( $result = $db->sql_query($sql) )
include($phpbb_root_path . 'includes/emailer.'.$phpEx);
$emailer = new emailer($board_config['smtp_delivery']);
$email_headers = 'From: ' . $userdata['user_email'] . "\n";
if ( !empty($HTTP_POST_VARS['cc_email']) )
{
$email_headers .= "Cc: " . $userdata['user_email'] . "\n";
}
$email_headers .= 'Return-Path: ' . $userdata['user_email'] . "\n";
$email_headers = 'Return-Path: ' . $userdata['user_email'] . "\nFrom: " . $userdata['user_email'] . "\n";
$email_headers .= 'X-AntiAbuse: Board servername - ' . $server_name . "\n";
$email_headers .= 'X-AntiAbuse: User_id - ' . $userdata['user_id'] . "\n";
$email_headers .= 'X-AntiAbuse: Username - ' . $userdata['username'] . "\n";
$email_headers .= 'X-AntiAbuse: User IP - ' . decode_ip($user_ip) . "\r\n";
$email_headers .= 'X-AntiAbuse: User IP - ' . decode_ip($user_ip) . "\n";
$emailer->use_template('profile_send_email', $user_lang);
$emailer->email_address($user_email);
@@ -120,6 +115,25 @@ if ( $result = $db->sql_query($sql) )
$emailer->send();
$emailer->reset();
if ( !empty($HTTP_POST_VARS['cc_email']) )
{
$email_headers = 'Return-Path: ' . $userdata['user_email'] . "\nFrom: " . $userdata['user_email'] . "\n";
$emailer->use_template('profile_send_email');
$emailer->email_address($userdata['user_email']);
$emailer->set_subject($subject);
$emailer->extra_headers($email_headers);
$emailer->assign_vars(array(
'SITENAME' => $board_config['sitename'],
'BOARD_EMAIL' => $board_config['board_email'],
'FROM_USERNAME' => $userdata['username'],
'TO_USERNAME' => $username,
'MESSAGE' => $message)
);
$emailer->send();
$emailer->reset();
}
$template->assign_vars(array(
'META' => '<meta http-equiv="refresh" content="5;url=' . append_sid("index.$phpEx") . '">')
);

166
phpBB/includes/usercp_register.php
View File

@@ -27,11 +27,11 @@ if ( !defined('IN_PHPBB') )
exit;
}
//
// ---------------------------------------
// Load agreement template since user has not yet
// agreed to registration conditions/coppa
//
function show_coppa(&$coppa)
function show_coppa()
{
global $template, $lang, $phpbb_root_path, $phpEx;
@@ -40,7 +40,6 @@ function show_coppa(&$coppa)
);
$template->assign_vars(array(
'COPPA' => $coppa,
'REGISTRATION' => $lang['Registration'],
'AGREEMENT' => $lang['Reg_agreement'],
"AGREE_OVER_13" => $lang['Agree_over_13'],
@@ -55,8 +54,7 @@ function show_coppa(&$coppa)
}
//
//
//
// ---------------------------------------
$error = FALSE;
$page_title = ( $mode == 'editprofile' ) ? $lang['Edit_profile'] : $lang['Register'];
@@ -65,12 +63,12 @@ if ( $mode == 'register' && !isset($HTTP_POST_VARS['agreed']) && !isset($HTTP_GE
{
include($phpbb_root_path . 'includes/page_header.'.$phpEx);
show_coppa($coppa);
show_coppa();
include($phpbb_root_path . 'includes/page_tail.'.$phpEx);
}
$coppa = ( ( !$HTTP_POST_VARS['coppa'] && !$HTTP_GET_VARS['coppa'] ) || $mode == 'register' ) ? 0 : TRUE;
$coppa = ( empty($HTTP_POST_VARS['coppa']) && empty($HTTP_GET_VARS['coppa']) ) ? 0 : TRUE;
//
// Check and initialize some variables if needed
@@ -102,7 +100,7 @@ if (
}
}
$trim_var_list = array('password_current' => 'cur_password', 'password' => 'new_password', 'password_confirm' => 'password_confirm', 'signature' => 'signature');
$trim_var_list = array('cur_password' => 'cur_password', 'new_password' => 'new_password', 'password_confirm' => 'password_confirm', 'signature' => 'signature');
while( list($var, $param) = @each($trim_var_list) )
{
@@ -176,12 +174,13 @@ if (
$user_avatar = ( empty($user_avatar_loc) && $mode == 'editprofile' ) ? $userdata['user_avatar'] : '';
$user_avatar_type = ( empty($user_avatar_loc) && $mode == 'editprofile' ) ? $userdata['user_avatar_type'] : '';
if ( isset($HTTP_POST_VARS['avatargallery']) || isset($HTTP_POST_VARS['submitavatar']) || isset($HTTP_POST_VARS['cancelavatar']) )
if ( (isset($HTTP_POST_VARS['avatargallery']) || isset($HTTP_POST_VARS['submitavatar']) || isset($HTTP_POST_VARS['cancelavatar'])) && (!isset($HTTP_POST_VARS['submit'])) )
{
$username = stripslashes($username);
$email = stripslashes($email);
$password = '';
$password_confirm = '';
$cur_password = stripslashes($cur_password);
$new_password = stripslashes($new_password);
$password_confirm = stripslashes($password_confirm);
$icq = stripslashes($icq);
$aim = stripslashes($aim);
@@ -201,9 +200,25 @@ if (
{
$user_avatar = $user_avatar_local;
$user_avatar_type = USER_AVATAR_GALLERY;
if ( $userdata['user_avatar_type'] == USER_AVATAR_UPLOAD && @file_exists('./' . $board_config['avatar_path'] . '/' . $userdata['user_avatar']) )
{
@unlink('./' . $board_config['avatar_path'] . '/' . $userdata['user_avatar']);
}
}
}
}
//
// Let's make sure the user isn't logged in while registering,
// and ensure that they were trying to register a second time
// (Prevents double registrations)
//
if ( $userdata['session_logged_in'] && $mode =="register" && $username == $userdata['username'])
{
message_die(GENERAL_MESSAGE, $lang['Username_taken'], '', __LINE__, __FILE__);
}
//
// Did the user submit? In this case build a query to update the users profile in the DB
@@ -223,25 +238,23 @@ if ( isset($HTTP_POST_VARS['submit']) )
}
else if ( $mode == 'register' )
{
$coppa = (!$HTTP_POST_VARS['coppa'] && !$HTTP_GET_VARS['coppa']) ? 0 : TRUE;
if ( empty($username) || empty($password) || empty($password_confirm) || empty($email) )
if ( empty($username) || empty($new_password) || empty($password_confirm) || empty($email) )
{
$error = TRUE;
$error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Fields_empty'];
}
}
$passwd_sql = '';
if ( !empty($password) && !empty($password_confirm) )
if ( !empty($new_password) && !empty($password_confirm) )
{
if ( $password != $password_confirm )
if ( $new_password != $password_confirm )
{
$error = TRUE;
$error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Password_mismatch'];
}
else if ( strlen($password) > 32 )
else if ( strlen($new_password) > 32 )
{
$error = TRUE;
$error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Password_long'];
@@ -260,7 +273,7 @@ if ( isset($HTTP_POST_VARS['submit']) )
$row = $db->sql_fetchrow($result);
if ( $row['user_password'] != md5($password_current) )
if ( $row['user_password'] != md5($cur_password) )
{
$error = TRUE;
$error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Current_password_mismatch'];
@@ -269,12 +282,12 @@ if ( isset($HTTP_POST_VARS['submit']) )
if ( !$error )
{
$password = md5($password);
$passwd_sql = "user_password = '$password', ";
$new_password = md5($new_password);
$passwd_sql = "user_password = '$new_password', ";
}
}
}
else if ( ( empty($password) && !empty($password_confirm) ) || ( !empty($password) && empty($password_confirm) ) )
else if ( ( empty($new_password) && !empty($password_confirm) ) || ( !empty($new_password) && empty($password_confirm) ) )
{
$error = TRUE;
$error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Password_mismatch'];
@@ -306,7 +319,7 @@ if ( isset($HTTP_POST_VARS['submit']) )
$row = $db->sql_fetchrow($result);
if ( $row['user_password'] != md5($password_current) )
if ( $row['user_password'] != md5($cur_password) )
{
$email = $userdata['user_email'];
@@ -354,9 +367,14 @@ if ( isset($HTTP_POST_VARS['submit']) )
$signature = prepare_message($signature, $allowhtml, $allowbbcode, $allowsmilies, $signature_bbcode_uid);
}
if ( $website != '' )
{
rawurlencode($website);
}
if ( isset($HTTP_POST_VARS['avatardel']) && $mode == 'editprofile' )
{
$avatar_sql = user_avatar_delete($userdata['avatar_type'], $userdata['avatar_file']);
$avatar_sql = user_avatar_delete($userdata['user_avatar_type'], $userdata['user_avatar']);
}
else if ( ( !empty($user_avatar_upload) || !empty($user_avatar_name) ) && $board_config['allow_avatar_upload'] )
{
@@ -381,6 +399,10 @@ if ( isset($HTTP_POST_VARS['submit']) )
{
$avatar_sql = user_avatar_gallery($mode, $error, $error_msg, $user_avatar_local);
}
else
{
$avatar_sql = '';
}
if ( !$error )
{
@@ -391,12 +413,13 @@ if ( isset($HTTP_POST_VARS['submit']) )
if ( $mode == 'editprofile' )
{
if ( $email != $current_email && ( $board_config['require_activation'] == USER_ACTIVATION_SELF || $board_config['require_activation'] == USER_ACTIVATION_ADMIN ) && $userdata['user_level'] != ADMIN )
if ( $email != $userdata['user_email'] && $board_config['require_activation'] != USER_ACTIVATION_NONE && $userdata['user_level'] != ADMIN )
{
$user_active = 0;
$user_actkey = gen_rand_string(true);
$key_len = 54 - (strlen($server_url));
$key_len = ($key_len > 6) ? $key_len : 6;
$key_len = 54 - ( strlen($server_url) );
$key_len = ( $key_len > 6 ) ? $key_len : 6;
$user_actkey = substr($user_actkey, 0, $key_len);
if ( $userdata['session_logged_in'] )
@@ -426,7 +449,7 @@ if ( isset($HTTP_POST_VARS['submit']) )
include($phpbb_root_path . 'includes/emailer.'.$phpEx);
$emailer = new emailer($board_config['smtp_delivery']);
$email_headers = "From: " . $board_config['board_email'] . "\nReturn-Path: " . $board_config['board_email'] . "\r\n";
$email_headers = "From: " . $board_config['board_email'] . "\nReturn-Path: " . $board_config['board_email'] . "\n";
$emailer->use_template('user_activate', stripslashes($user_lang));
$emailer->email_address($email);
@@ -438,7 +461,7 @@ if ( isset($HTTP_POST_VARS['submit']) )
'USERNAME' => $username,
'EMAIL_SIG' => str_replace('<br />', "\n", "-- \n" . $board_config['board_email_sig']),
'U_ACTIVATE' => $server_url . '?mode=activate&act_key=' . $user_actkey)
'U_ACTIVATE' => $server_url . '?mode=activate&' . POST_USERS_URL . '=' . $user_id . '&act_key=' . $user_actkey)
);
$emailer->send();
$emailer->reset();
@@ -471,24 +494,11 @@ if ( isset($HTTP_POST_VARS['submit']) )
}
$user_id = $row['total'] + 1;
$sql = "SELECT MAX(group_id) AS total
FROM " . GROUPS_TABLE;
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not obtain next user_id information', '', __LINE__, __FILE__, $sql);
}
if ( !($row = $db->sql_fetchrow($result)) )
{
message_die(GENERAL_ERROR, 'Could not obtain next user_id information', '', __LINE__, __FILE__, $sql);
}
$group_id = $row['total'] + 1;
//
// Get current date
//
$sql = "INSERT INTO " . USERS_TABLE . " (user_id, username, user_regdate, user_password, user_email, user_icq, user_website, user_occ, user_from, user_interests, user_sig, user_sig_bbcode_uid, user_avatar, user_avatar_type, user_viewemail, user_aim, user_yim, user_msnm, user_attachsig, user_allowsmile, user_allowhtml, user_allowbbcode, user_allow_viewonline, user_notify, user_notify_pm, user_popup_pm, user_timezone, user_dateformat, user_lang, user_style, user_level, user_allow_pm, user_active, user_actkey)
VALUES ($user_id, '" . str_replace("\'", "''", $username) . "', " . time() . ", '" . str_replace("\'", "''", $password) . "', '" . str_replace("\'", "''", $email) . "', '" . str_replace("\'", "''", $icq) . "', '" . str_replace("\'", "''", $website) . "', '" . str_replace("\'", "''", $occupation) . "', '" . str_replace("\'", "''", $location) . "', '" . str_replace("\'", "''", $interests) . "', '" . str_replace("\'", "''", $signature) . "', '$signature_bbcode_uid', $avatar_sql, $viewemail, '" . str_replace("\'", "''", str_replace(' ', '+', $aim)) . "', '" . str_replace("\'", "''", $yim) . "', '" . str_replace("\'", "''", $msn) . "', $attachsig, $allowsmilies, $allowhtml, $allowbbcode, $allowviewonline, $notifyreply, $notifypm, $popuppm, $user_timezone, '" . str_replace("\'", "''", $user_dateformat) . "', '" . str_replace("\'", "''", $user_lang) . "', $user_style, 0, 1, ";
VALUES ($user_id, '" . str_replace("\'", "''", $username) . "', " . time() . ", '" . str_replace("\'", "''", $new_password) . "', '" . str_replace("\'", "''", $email) . "', '" . str_replace("\'", "''", $icq) . "', '" . str_replace("\'", "''", $website) . "', '" . str_replace("\'", "''", $occupation) . "', '" . str_replace("\'", "''", $location) . "', '" . str_replace("\'", "''", $interests) . "', '" . str_replace("\'", "''", $signature) . "', '$signature_bbcode_uid', $avatar_sql, $viewemail, '" . str_replace("\'", "''", str_replace(' ', '+', $aim)) . "', '" . str_replace("\'", "''", $yim) . "', '" . str_replace("\'", "''", $msn) . "', $attachsig, $allowsmilies, $allowhtml, $allowbbcode, $allowviewonline, $notifyreply, $notifypm, $popuppm, $user_timezone, '" . str_replace("\'", "''", $user_dateformat) . "', '" . str_replace("\'", "''", $user_lang) . "', $user_style, 0, 1, ";
if ( $board_config['require_activation'] == USER_ACTIVATION_SELF || $board_config['require_activation'] == USER_ACTIVATION_ADMIN || $coppa )
{
$user_actkey = gen_rand_string(true);
@@ -507,12 +517,14 @@ if ( isset($HTTP_POST_VARS['submit']) )
message_die(GENERAL_ERROR, 'Could not insert data into users table', '', __LINE__, __FILE__, $sql);
}
$sql = "INSERT INTO " . GROUPS_TABLE . " (group_id, group_name, group_description, group_single_user, group_moderator)
VALUES ($group_id, '', 'Personal User', 1, 0)";
$sql = "INSERT INTO " . GROUPS_TABLE . " (group_name, group_description, group_single_user, group_moderator)
VALUES ('', 'Personal User', 1, 0)";
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not insert data into groups table', '', __LINE__, __FILE__, $sql);
}
$group_id = $db->sql_nextid();
$sql = "INSERT INTO " . USER_GROUP_TABLE . " (user_id, group_id, user_pending)
VALUES ($user_id, $group_id, 0)";
@@ -545,7 +557,7 @@ if ( isset($HTTP_POST_VARS['submit']) )
include($phpbb_root_path . 'includes/emailer.'.$phpEx);
$emailer = new emailer($board_config['smtp_delivery']);
$email_headers = "From: " . $board_config['board_email'] . "\nReturn-Path: " . $board_config['board_email'] . "\r\n";
$email_headers = "From: " . $board_config['board_email'] . "\nReturn-Path: " . $board_config['board_email'] . "\n";
$emailer->use_template($email_template, stripslashes($user_lang));
$emailer->email_address($email);
@@ -561,8 +573,6 @@ if ( isset($HTTP_POST_VARS['submit']) )
'PASSWORD' => $password_confirm,
'EMAIL_SIG' => str_replace('<br />', "\n", "-- \n" . $board_config['board_email_sig']),
'U_ACTIVATE' => $server_url . '?mode=activate&act_key=' . $user_actkey,
'FAX_INFO' => $board_config['coppa_fax'],
'MAIL_INFO' => $board_config['coppa_mail'],
'EMAIL_ADDRESS' => $email,
@@ -585,7 +595,7 @@ if ( isset($HTTP_POST_VARS['submit']) )
'PASSWORD' => $password_confirm,
'EMAIL_SIG' => str_replace('<br />', "\n", "-- \n" . $board_config['board_email_sig']),
'U_ACTIVATE' => $server_url . '?mode=activate&act_key=' . $user_actkey)
'U_ACTIVATE' => $server_url . '?mode=activate&' . POST_USERS_URL . '=' . $user_id . '&act_key=' . $user_actkey)
);
}
@@ -594,7 +604,8 @@ if ( isset($HTTP_POST_VARS['submit']) )
if ( $board_config['require_activation'] == USER_ACTIVATION_ADMIN )
{
$emailer->use_template("admin_activate", stripslashes($user_lang));
//$emailer->use_template("admin_activate", stripslashes($user_lang));
$emailer->use_template("admin_activate", $board_config['default_lang']);
$emailer->email_address($board_config['board_email']);
$emailer->set_subject(); //$lang['New_account_subject']
$emailer->extra_headers($email_headers);
@@ -603,7 +614,7 @@ if ( isset($HTTP_POST_VARS['submit']) )
'USERNAME' => $username,
'EMAIL_SIG' => str_replace('<br />', "\n", "-- \n" . $board_config['board_email_sig']),
'U_ACTIVATE' => $server_url . '?mode=activate&act_key=' . $user_actkey)
'U_ACTIVATE' => $server_url . '?mode=activate&' . POST_USERS_URL . '=' . $user_id . '&act_key=' . $user_actkey)
);
$emailer->send();
$emailer->reset();
@@ -624,7 +635,7 @@ if ( $error )
//
$username = stripslashes($username);
$email = stripslashes($email);
$password = '';
$new_password = '';
$password_confirm = '';
$icq = stripslashes($icq);
@@ -637,6 +648,7 @@ if ( $error )
$occupation = htmlspecialchars(stripslashes($occupation));
$interests = htmlspecialchars(stripslashes($interests));
$signature = stripslashes($signature);
$signature = ( $signature_bbcode_uid != '' ) ? preg_replace("/:(([a-z0-9]+:)?)$signature_bbcode_uid\]/si", ']', $signature) : $signature;
$user_lang = stripslashes($user_lang);
$user_dateformat = stripslashes($user_dateformat);
@@ -647,7 +659,7 @@ else if ( $mode == 'editprofile' && !isset($HTTP_POST_VARS['avatargallery']) &&
$user_id = $userdata['user_id'];
$username = htmlspecialchars($userdata['username']);
$email = $userdata['user_email'];
$password = '';
$new_password = '';
$password_confirm = '';
$icq = $userdata['user_icq'];
@@ -660,7 +672,7 @@ else if ( $mode == 'editprofile' && !isset($HTTP_POST_VARS['avatargallery']) &&
$occupation = htmlspecialchars($userdata['user_occ']);
$interests = htmlspecialchars($userdata['user_interests']);
$signature_bbcode_uid = $userdata['user_sig_bbcode_uid'];
$signature = ( $signature_bbcode_uid != '' ) ? preg_replace("/\:(([a-z0-9]:)?)$signature_bbcode_uid/si", '', $userdata['user_sig']) : $userdata['user_sig'];
$signature = ( $signature_bbcode_uid != '' ) ? preg_replace("/:(([a-z0-9]+:)?)$signature_bbcode_uid\]/si", ']', $userdata['user_sig']) : $userdata['user_sig'];
$viewemail = $userdata['user_viewemail'];
$notifypm = $userdata['user_notify_pm'];
@@ -707,7 +719,9 @@ if( isset($HTTP_POST_VARS['avatargallery']) && !$error )
'body' => 'profile_avatar_gallery.tpl')
);
display_avatar_gallery($mode, $avatar_category, $user_id, $email, $current_email, $coppa, $username, $email, $icq, $aim, $msn, $yim, $website, $location, $occupation, $interests, $signature, $viewemail, $notifypm, $popuppm, $notifyreply, $attachsig, $allowhtml, $allowbbcode, $allowsmilies, $allowviewonline, $user_style, $user_lang, $user_timezone, $user_dateformat);
$allowviewonline = !$allowviewonline;
display_avatar_gallery($mode, $avatar_category, $user_id, $email, $current_email, $coppa, $username, $email, &$new_password, &$cur_password, $password_confirm, $icq, $aim, $msn, $yim, $website, $location, $occupation, $interests, $signature, $viewemail, $notifypm, $popuppm, $notifyreply, $attachsig, $allowhtml, $allowbbcode, $allowsmilies, $allowviewonline, $user_style, $user_lang, $user_timezone, $user_dateformat);
}
else
{
@@ -723,8 +737,6 @@ else
$selected_template = $board_config['system_template'];
}
$signature = preg_replace('/\:[0-9a-z\:]*?\]/si', ']', $signature);
$avatar_img = '';
if ( $user_avatar_type )
{
@@ -787,10 +799,13 @@ else
// us from doing file uploads....
//
$ini_val = ( phpversion() >= '4.0.0' ) ? 'ini_get' : 'get_cfg_var';
$form_enctype = ( !@$ini_val('file_uploads') || phpversion() == '4.0.4pl1' || !$board_config['allow_avatar_upload'] || ( phpversion() < '4.0.3' && @$ini_val('open_basedir') != '' ) ) ? '' : 'enctype="multipart/form-data"';
$form_enctype = ( @$ini_val('file_uploads') == '0' || strtolower(@$ini_val('file_uploads') == 'off') || phpversion() == '4.0.4pl1' || !$board_config['allow_avatar_upload'] || ( phpversion() < '4.0.3' && @$ini_val('open_basedir') != '' ) ) ? '' : 'enctype="multipart/form-data"';
$template->assign_vars(array(
'USERNAME' => $username,
'USERNAME' => $username,
'CUR_PASSWORD' => $cur_password,
'NEW_PASSWORD' => $new_password,
'PASSWORD_CONFIRM' => $password_confirm,
'EMAIL' => $email,
'YIM' => $yim,
'ICQ' => $icq,
@@ -899,27 +914,30 @@ else
// of the templates to 'fake' an IF...ELSE...ENDIF solution
// it works well :)
//
if ( $userdata['user_allowavatar'] && ( $board_config['allow_avatar_upload'] || $board_config['allow_avatar_local'] || $board_config['allow_avatar_remote'] ) )
if ( $mode != 'register' )
{
$template->assign_block_vars('switch_avatar_block', array() );
if ( $board_config['allow_avatar_upload'] && file_exists('./' . $board_config['avatar_path']) )
if ( $userdata['user_allowavatar'] && ( $board_config['allow_avatar_upload'] || $board_config['allow_avatar_local'] || $board_config['allow_avatar_remote'] ) )
{
if ( $form_enctype != '' )
$template->assign_block_vars('switch_avatar_block', array() );
if ( $board_config['allow_avatar_upload'] && file_exists('./' . $board_config['avatar_path']) )
{
$template->assign_block_vars('switch_avatar_block.switch_avatar_local_upload', array() );
if ( $form_enctype != '' )
{
$template->assign_block_vars('switch_avatar_block.switch_avatar_local_upload', array() );
}
$template->assign_block_vars('switch_avatar_block.switch_avatar_remote_upload', array() );
}
$template->assign_block_vars('switch_avatar_block.switch_avatar_remote_upload', array() );
}
if ( $board_config['allow_avatar_remote'] )
{
$template->assign_block_vars('switch_avatar_block.switch_avatar_remote_link', array() );
}
if ( $board_config['allow_avatar_remote'] )
{
$template->assign_block_vars('switch_avatar_block.switch_avatar_remote_link', array() );
}
if ( $board_config['allow_avatar_local'] && file_exists('./' . $board_config['avatar_gallery_path']) )
{
$template->assign_block_vars('switch_avatar_block.switch_avatar_local_gallery', array() );
if ( $board_config['allow_avatar_local'] && file_exists('./' . $board_config['avatar_gallery_path']) )
{
$template->assign_block_vars('switch_avatar_block.switch_avatar_local_gallery', array() );
}
}
}
}

13
phpBB/includes/usercp_sendpasswd.php
View File

@@ -46,6 +46,7 @@ if ( isset($HTTP_POST_VARS['submit']) )
}
$username = $row['username'];
$user_id = $row['user_id'];
$user_actkey = gen_rand_string(true);
$key_len = 54 - strlen($server_url);
@@ -54,7 +55,7 @@ if ( isset($HTTP_POST_VARS['submit']) )
$user_password = gen_rand_string(false);
$sql = "UPDATE " . USERS_TABLE . "
SET user_newpasswd = '" .md5($user_password) . "', user_actkey = '$user_actkey'
SET user_newpasswd = '" . md5($user_password) . "', user_actkey = '$user_actkey'
WHERE user_id = " . $row['user_id'];
if ( !$db->sql_query($sql) )
{
@@ -64,7 +65,7 @@ if ( isset($HTTP_POST_VARS['submit']) )
include($phpbb_root_path . 'includes/emailer.'.$phpEx);
$emailer = new emailer($board_config['smtp_delivery']);
$email_headers = 'From: ' . $board_config['board_email'] . "\nReturn-Path: " . $board_config['board_email'] . "\r\n";
$email_headers = 'From: ' . $board_config['board_email'] . "\nReturn-Path: " . $board_config['board_email'] . "\n";
$emailer->use_template('user_activate_passwd', $row['user_lang']);
$emailer->email_address($row['user_email']);
@@ -77,7 +78,7 @@ if ( isset($HTTP_POST_VARS['submit']) )
'PASSWORD' => $user_password,
'EMAIL_SIG' => str_replace('<br />', "\n", "-- \n" . $board_config['board_email_sig']),
'U_ACTIVATE' => $server_url . "?mode=activate&act_key=$user_actkey")
'U_ACTIVATE' => $server_url . '?mode=activate&' . POST_USERS_URL . '=' . $user_id . '&act_key=' . $user_actkey)
);
$emailer->send();
$emailer->reset();
@@ -124,11 +125,13 @@ $template->assign_vars(array(
'L_ITEMS_REQUIRED' => $lang['Items_required'],
'L_EMAIL_ADDRESS' => $lang['Email_address'],
'L_SUBMIT' => $lang['Submit'],
'L_RESET' => $lang['Reset'])
'L_RESET' => $lang['Reset'],
'S_PROFILE_ACTION' => append_sid("profile.$phpEx?mode=sendpassword"))
);
$template->pparse('body');
include($phpbb_root_path . 'includes/page_tail.'.$phpEx);
?>
?>