mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-08-07 01:06:48 +02:00
Code Issues Releases Wiki Activity

- streamlined reports to consist of the feature set we decided upon (Nils, your turn now)

Browse Source 
- use getenv instead of $_ENV (with $_ENV the case could be wrong)
- permission fixes (there was a bug arising with getting permission flags - re-added them and handled roles deletion differently)
- implemented max login attempts
- changed the expected return parameters for logins/sessions
- added acp page for editing report/denial reasons
- other fixes here and there


git-svn-id: file:///svn/phpbb/trunk@5622 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Meik Sievertsen
2006-03-12 23:19:55 +00:00
parent f4cfd3665f
commit 9988679d56
58 changed files with 1117 additions and 1119 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
phpBB/includes/acp/acp_attachments.php
View File

@@ -266,7 +266,7 @@ class acp_attachments
}
$db->sql_freeresult($result);
// Delete Extension ?
// Delete Extension?
$extension_id_list = (isset($_POST['extension_id_list'])) ? array_map('intval', $_POST['extension_id_list']) : array();
if (sizeof($extension_id_list))
@@ -292,7 +292,7 @@ class acp_attachments
}
}
// Add Extension ?
// Add Extension?
$add_extension = strtolower(request_var('add_extension', ''));
$add_extension_group = request_var('add_group_select', 0);
$add = (isset($_POST['add_extension_check'])) ? true : false;
@@ -1120,10 +1120,10 @@ class acp_attachments
$exe = ((defined('PHP_OS')) && (preg_match('#win#i', PHP_OS))) ? '.exe' : '';
if (empty($_ENV['MAGICK_HOME']))
if (empty(getenv('MAGICK_HOME')))
{
$locations = array('C:/WINDOWS/', 'C:/WINNT/', 'C:/WINDOWS/SYSTEM/', 'C:/WINNT/SYSTEM/', 'C:/WINDOWS/SYSTEM32/', 'C:/WINNT/SYSTEM32/', '/usr/bin/', '/usr/sbin/', '/usr/local/bin/', '/usr/local/sbin/', '/opt/', '/usr/imagemagick/', '/usr/bin/imagemagick/');
$path_locations = str_replace('\\', '/', (explode(($exe) ? ';' : ':', $_ENV['PATH'])));
$path_locations = str_replace('\\', '/', (explode(($exe) ? ';' : ':', getenv('PATH'))));
$locations = array_merge($path_locations, $locations);
@@ -1144,7 +1144,7 @@ class acp_attachments
}
else
{
$imagick = str_replace('\\', '/', $_ENV['MAGICK_HOME']);
$imagick = str_replace('\\', '/', getenv('MAGICK_HOME'));
}
return $imagick;

1
phpBB/includes/acp/acp_board.php
View File

@@ -258,7 +258,6 @@ class acp_board
'allow_pm_attach' => array('lang' => 'ALLOW_PM_ATTACHMENTS', 'type' => 'radio:yes_no', 'explain' => false),
'auth_download_pm' => array('lang' => 'ALLOW_DOWNLOAD_PM', 'type' => 'radio:yes_no', 'explain' => false),
'allow_sig_pm' => array('lang' => 'ALLOW_SIG_PM', 'type' => 'radio:yes_no', 'explain' => false),
'auth_report_pm' => array('lang' => 'ALLOW_REPORT_PM', 'type' => 'radio:yes_no', 'explain' => false),
'auth_quote_pm' => array('lang' => 'ALLOW_QUOTE_PM', 'type' => 'radio:yes_no', 'explain' => false),
'print_pm' => array('lang' => 'ALLOW_PRINT_PM', 'type' => 'radio:yes_no', 'explain' => false),
'email_pm' => array('lang' => 'ALLOW_EMAIL_PM', 'type' => 'radio:yes_no', 'explain' => false),

7
phpBB/includes/acp/acp_permission_roles.php
View File

@@ -559,9 +559,10 @@ class acp_permission_roles
{
$template->assign_block_vars('auth', array(
'CAT_NAME' => $user->lang['permission_cat'][$cat],
'S_YES' => $cat_array['S_YES'],
'S_NO' => $cat_array['S_NO'],
'S_UNSET' => $cat_array['S_UNSET'])
'S_YES' => ($cat_array['S_YES'] && !$cat_array['S_NO'] && !$cat_array['S_UNSET']) ? true : false,
'S_NO' => ($cat_array['S_NO'] && !$cat_array['S_YES'] && !$cat_array['S_UNSET']) ? true : false,
'S_UNSET' => ($cat_array['S_UNSET'] && !$cat_array['S_NO'] && !$cat_array['S_YES']) ? true : false)
);
foreach ($cat_array['permissions'] as $permission => $allowed)

340
phpBB/includes/acp/acp_reasons.php Normal file
View File

@@ -0,0 +1,340 @@
<?php
/**
*
* @package acp
* @version $Id$
* @copyright (c) 2005 phpBB Group
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
*
*/
/**
* @package acp
*/
class acp_reasons
{
var $u_action;
function main($id, $mode)
{
global $db, $user, $auth, $template, $cache;
global $config, $SID, $phpbb_root_path, $phpbb_admin_path, $phpEx;
$user->add_lang(array('mcp', 'acp/posting'));
// Set up general vars
$action = request_var('action', '');
$submit = (isset($_POST['submit'])) ? true : false;
$reason_id = request_var('id', 0);
$this->tpl_name = 'acp_reasons';
$this->page_title = 'ACP_REASONS';
// dumdidum... do i really need to do something mom?
$error = array();
switch ($action)
{
case 'add':
case 'edit':
$reason_row = array(
'reason_title' => request_var('reason_title', ''),
'reason_description' => request_var('reason_description', '')
);
if ($submit)
{
// Reason specified?
if (!$reason_row['reason_title'] || !$reason_row['reason_description'])
{
$error[] = $user->lang['NO_REASON_INFO'];
}
$check_double = ($action == 'add') ? true : false;
if ($action == 'edit')
{
$sql = 'SELECT reason_title
FROM ' . REASONS_TABLE . "
WHERE reason_id = $reason_id";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
if ($row['reason_title'] == 'other')
{
$reason_row['reason_title'] = 'other';
}
else if (strtolower($row['reason_title']) != strtolower($reason_row['reason_title']))
{
$check_double = true;
}
}
// Check for same reason if adding it...
if ($check_double)
{
$sql = 'SELECT reason_id
FROM ' . REASONS_TABLE . "
WHERE LOWER(reason_title) = '" . strtolower($reason_row['reason_title']) . "'";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
if ($row)
{
$error[] = $user->lang['REASON_ALREADY_EXIST'];
}
}
if (!sizeof($error))
{
// New reason?
if ($action == 'add')
{
// Get new order...
$sql = 'SELECT MAX(reason_order) as max_reason_order
FROM ' . REASONS_TABLE;
$result = $db->sql_query($sql);
$max_order = (int) $db->sql_fetchfield('max_reason_order', 0, $result);
$db->sql_freeresult($result);
$sql_ary = array(
'reason_title' => (string) $reason_row['reason_title'],
'reason_description' => (string) $reason_row['reason_description'],
'reason_order' => $max_order + 1
);
$db->sql_query('INSERT INTO ' . REASONS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary));
$log = 'ADDED';
}
else if ($reason_id)
{
$sql_ary = array(
'reason_title' => (string) $reason_row['reason_title'],
'reason_description' => (string) $reason_row['reason_description'],
);
$db->sql_query('UPDATE ' . REASONS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
WHERE reason_id = ' . $reason_id);
$log = 'UPDATED';
}
add_log('admin', 'LOG_REASON_' . $log, $reason_row['reason_title']);
trigger_error($user->lang['REASON_' . $log] . adm_back_link($this->u_action));
}
}
else if ($reason_id)
{
$sql = 'SELECT *
FROM ' . REASONS_TABLE . '
WHERE reason_id = ' . $reason_id;
$result = $db->sql_query($sql);
$reason_row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
if (!$reason_row)
{
trigger_error($user->lang['NO_REASON'] . adm_back_link($this->u_action));
}
}
$l_title = ($action == 'edit') ? 'EDIT' : 'ADD';
$translated = false;
// If the reason is defined within the language file, we will use the localized version, else just use the database entry...
if (isset($user->lang['report_reasons']['TITLE'][strtoupper($reason_row['reason_title'])]) && isset($user->lang['report_reasons']['DESCRIPTION'][strtoupper($reason_row['reason_title'])]))
{
$translated = true;
}
$template->assign_vars(array(
'L_TITLE' => $user->lang['REASON_' . $l_title],
'U_ACTION' => $this->u_action . "&amp;id=$reason_id&amp;action=$action",
'U_BACK' => $this->u_action,
'ERROR_MSG' => (sizeof($error)) ? implode('<br />', $error) : '',
'REASON_TITLE' => $reason_row['reason_title'],
'REASON_DESCRIPTION' => $reason_row['reason_description'],
'S_EDIT_REASON' => true,
'S_TRANSLATED' => $translated,
'S_ERROR' => (sizeof($error)) ? true : false,
)
);
return;
break;
case 'delete':
$sql = 'SELECT *
FROM ' . REASONS_TABLE . '
WHERE reason_id = ' . $reason_id;
$result = $db->sql_query($sql);
$reason_row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
if (!$reason_row)
{
trigger_error($user->lang['NO_REASON'] . adm_back_link($this->u_action));
}
// Let the deletion be confirmed...
if (confirm_box(true))
{
$sql = 'SELECT reason_id
FROM ' . REASONS_TABLE . "
WHERE reason_title = 'other'";
$result = $db->sql_query($sql);
$other_reason_id = (int) $db->sql_fetchfield('reason_id', 0, $result);
$db->sql_freeresult($result);
// Change the reports using this reason to 'other'
$sql = 'UPDATE ' . REPORTS_TABLE . '
SET reason_id = ' . $other_reason_id . ", report_text = CONCAT('" . $db->sql_escape($reason_row['reason_description']) . "\n\n', report_text)
WHERE reason_id = $reason_id";
$db->sql_query($sql);
$db->sql_query('DELETE FROM ' . REASONS_TABLE . ' WHERE reason_id = ' . $reason_id);
add_log('admin', 'LOG_REASON_REMOVED', $reason_row['reason_title']);
trigger_error($user->lang['REASON_REMOVED'] . adm_back_link($this->u_action));
}
else
{
confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array(
'i' => $id,
'mode' => $mode,
'action' => $action,
'id' => $reason_id))
);
}
break;
case 'move_up':
case 'move_down':
$order = request_var('order', 0);
$order_total = $order * 2 + (($action == 'move_up') ? -1 : 1);
$sql = 'UPDATE ' . REASONS_TABLE . '
SET reason_order = ' . $order_total . ' - reason_order
WHERE reason_order IN (' . $order . ', ' . (($action == 'move_up') ? $order - 1 : $order + 1) . ')';
$db->sql_query($sql);
break;
}
// By default, check that order is valid and fix it if necessary
$sql = 'SELECT reason_id, reason_order
FROM ' . REASONS_TABLE . '
ORDER BY reason_order';
$result = $db->sql_query($sql);
if ($row = $db->sql_fetchrow($result))
{
$order = 0;
do
{
++$order;
if ($row['reason_order'] != $order)
{
$sql = 'UPDATE ' . REASONS_TABLE . "
SET reason_order = $order
WHERE reason_id = {$row['reason_id']}";
$db->sql_query($sql);
}
}
while ($row = $db->sql_fetchrow($result));
}
$db->sql_freeresult($result);
$template->assign_vars(array(
'U_ACTION' => $this->u_action,
)
);
// Reason count
$sql = 'SELECT reason_id, COUNT(reason_id) AS reason_count
FROM ' . REPORTS_TABLE . '
GROUP BY reason_id';
$result = $db->sql_query($sql);
$reason_count = array();
while ($row = $db->sql_fetchrow($result))
{
$reason_count[$row['reason_id']] = $row['reason_count'];
}
$db->sql_freeresult($result);
$sql = 'SELECT *
FROM ' . REASONS_TABLE . '
ORDER BY reason_order ASC';
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result))
{
$translated = false;
$other_reason = ($row['reason_title'] == 'other') ? true : false;
// If the reason is defined within the language file, we will use the localized version, else just use the database entry...
if (isset($user->lang['report_reasons']['TITLE'][strtoupper($row['reason_title'])]) && isset($user->lang['report_reasons']['DESCRIPTION'][strtoupper($row['reason_title'])]))
{
$row['reson_description'] = $user->lang['report_reasons']['DESCRIPTION'][strtoupper($row['reason_title'])];
$row['reason_title'] = $user->lang['report_reasons']['TITLE'][strtoupper($row['reason_title'])];
$translated = true;
}
$template->assign_block_vars('reasons', array(
'REASON_TITLE' => $row['reason_title'],
'REASON_DESCRIPTION' => $row['reason_description'],
'REASON_COUNT' => (isset($reason_count[$row['reason_id']])) ? $reason_count[$row['reason_id']] : 0,
'S_TRANSLATED' => $translated,
'S_OTHER_REASON' => $other_reason,
'U_EDIT' => $this->u_action . '&amp;action=edit&amp;id=' . $row['reason_id'],
'U_DELETE' => (!$other_reason) ? $this->u_action . '&amp;action=delete&amp;id=' . $row['reason_id'] : '',
'U_MOVE_UP' => $this->u_action . '&amp;action=move_up&amp;order=' . $row['reason_order'],
'U_MOVE_DOWN' => $this->u_action . '&amp;action=move_down&amp;order=' . $row['reason_order'])
);
}
$db->sql_freeresult($result);
}
}
/**
* @package module_install
*/
class acp_reasons_info
{
function module()
{
return array(
'filename' => 'acp_reasons',
'title' => 'ACP_REASONS',
'version' => '1.0.0',
'modes' => array(
'main' => array('title' => 'ACP_MANAGE_REASONS', 'auth' => 'acl_a_reasons'),
),
);
}
function install()
{
}
function uninstall()
{
}
}
?>

3
phpBB/includes/acp/acp_users.php
View File

@@ -997,7 +997,6 @@ class acp_users
'notifypm' => true,
'popuppm' => false,
'allowpm' => true,
'report_pm_notify' => false,
'topic_sk' => (string) 't',
'topic_sd' => (string) 'd',
@@ -1041,7 +1040,6 @@ class acp_users
if (!sizeof($error))
{
$this->optionset($user_row, 'popuppm', $data['popuppm']);
$this->optionset($user_row, 'report_pm_notify', $data['report_pm_notify']);
$this->optionset($user_row, 'viewimg', $data['view_images']);
$this->optionset($user_row, 'viewflash', $data['view_flash']);
$this->optionset($user_row, 'viewsmilies', $data['view_smilies']);
@@ -1176,7 +1174,6 @@ class acp_users
'NOTIFY_BOTH' => ($notify_method == NOTIFY_BOTH) ? true : false,
'NOTIFY_PM' => (isset($data['notifypm'])) ? $data['notifypm'] : $user_row['user_notify_pm'],
'POPUP_PM' => (isset($data['popuppm'])) ? $data['popuppm'] : $this->optionget($user_row, 'popuppm'),
'REPORT_PM_NOTIFY' => (isset($data['report_pm_notify'])) ? $data['report_pm_notify'] : $this->optionget($user_row, 'report_pm_notify'),
'DST' => (isset($data['dst'])) ? $data['dst'] : $user_row['user_dst'],
'BBCODE' => (isset($data['bbcode'])) ? $data['bbcode'] : $this->optionget($user_row, 'bbcode'),
'SMILIES' => (isset($data['smilies'])) ? $data['smilies'] : $this->optionget($user_row, 'smilies'),

66
phpBB/includes/acp/auth.php
View File

@@ -305,6 +305,12 @@ class auth_admin extends auth
$s_role_js_array = array();
while ($row = $db->sql_fetchrow($result))
{
$flag = substr($row['auth_option'], 0, strpos($row['auth_option'], '_') + 1);
if ($flag == $row['auth_option'])
{
continue;
}
if (!isset($s_role_js_array[$row['role_id']]))
{
$s_role_js_array[$row['role_id']] = "\n" . 'role_options[' . $row['role_id'] . '] = new Array();' . "\n";
@@ -687,7 +693,7 @@ class auth_admin extends auth
list(, $flag) = each(array_keys($auth));
$flag = substr($flag, 0, strpos($flag, '_') + 1);
// This ID (the any-flag) is only set if roles are assigned - this makes it very easy to determine the correct roles
// This ID (the any-flag) is set if one or more permissions are true...
$any_option_id = (int) $this->option_ids[$flag];
// Remove any-flag from auth ary
@@ -709,6 +715,38 @@ class auth_admin extends auth
AND auth_option_id IN ($any_option_id, " . implode(', ', $auth_option_ids) . ')';
$db->sql_query($sql);
// Remove those having a role assigned... the correct type of course...
$sql = 'SELECT role_id
FROM ' . ACL_ROLES_TABLE . "
WHERE role_type = '" . $db->sql_escape($flag) . "'";
$result = $db->sql_query($sql);
$role_ids = array();
while ($row = $db->sql_fetchrow($result))
{
$role_ids[] = $row['role_id'];
}
$db->sql_freeresult($result);
if (sizeof($role_ids))
{
$sql = "DELETE FROM $table
WHERE forum_id $forum_sql
AND $id_field $ug_id_sql
AND auth_option_id = 0
AND auth_role_id IN (" . implode(', ', $role_ids) . ')';
$db->sql_query($sql);
}
// Ok, include the any-flag if one or more auth options are set to yes...
foreach ($auth as $auth_option => $setting)
{
if ($setting == ACL_YES && (!isset($auth[$flag]) || $auth[$flag] == ACL_NO))
{
$auth[$flag] = ACL_YES;
}
}
$sql_ary = array();
foreach ($forum_id as $forum)
{
@@ -721,7 +759,7 @@ class auth_admin extends auth
$sql_ary[] = array(
$id_field => (int) $id,
'forum_id' => (int) $forum,
'auth_option_id' => $any_option_id,
'auth_option_id' => 0,
'auth_setting' => 0,
'auth_role_id' => $role_id
);
@@ -781,6 +819,25 @@ class auth_admin extends auth
{
global $db;
// Get any-flag as required
list(, $flag) = each(array_keys($auth));
$flag = substr($flag, 0, strpos($flag, '_') + 1);
// Remove any-flag from auth ary
if (isset($auth[$flag]))
{
unset($auth[$flag]);
}
// Re-set any flag...
foreach ($auth as $auth_option => $setting)
{
if ($setting == ACL_YES && (!isset($auth[$flag]) || $auth[$flag] == ACL_NO))
{
$auth[$flag] = ACL_YES;
}
}
// Remove current auth options...
$sql = 'DELETE FROM ' . ACL_ROLES_DATA_TABLE . '
WHERE role_id = ' . $role_id;
@@ -867,9 +924,10 @@ class auth_admin extends auth
// First of all, lets grab the items having roles with the specified auth options assigned
$sql = "SELECT auth_role_id, $id_field, forum_id
FROM $table
FROM $table, " . ACL_ROLES_TABLE . " r
WHERE auth_role_id <> 0
AND auth_option_id = {$auth_id_ary[$permission_type]}
AND auth_role_id = r.role_id
AND r.role_type = '{$permission_type}'
AND " . implode(' AND ', $where_sql) . '
ORDER BY auth_role_id';
$result = $db->sql_query($sql);

49
phpBB/includes/auth.php
View File

@@ -371,9 +371,9 @@ class auth
// If one option is allowed, the global permission for this option has to be allowed too
// example: if the user has the a_ permission this means he has one or more a_* permissions
if ($auth_ary[$opt] == ACL_YES && !isset($bitstring[$this->acl_options[$ary_key][$option_key]]) || !$bitstring[$this->acl_options[$ary_key][$option_key]])
if ($auth_ary[$opt] == ACL_YES && (!isset($bitstring[$this->acl_options[$ary_key][$option_key]]) || $bitstring[$this->acl_options[$ary_key][$option_key]] == ACL_NO))
{
$bitstring[$this->acl_options[$ary_key][$option_key]] = 1;
$bitstring[$this->acl_options[$ary_key][$option_key]] = ACL_YES;
}
}
else
@@ -523,6 +523,22 @@ class auth
{
$setting = ($row['auth_role_id']) ? $row['role_auth_setting'] : $row['auth_setting'];
$hold_ary[$row['user_id']][$row['forum_id']][$row['auth_option']] = $setting;
// Check for existence of ACL_YES if an option got set to NO
if ($setting == ACL_NO)
{
$flag = substr($row['auth_option'], 0, strpos($row['auth_option'], '_') + 1);
if (isset($hold_ary[$row['user_id']][$row['forum_id']][$flag]) && $hold_ary[$row['user_id']][$row['forum_id']][$flag] == ACL_YES)
{
unset($hold_ary[$row['user_id']][$row['forum_id']][$flag]);
if (in_array(ACL_YES, $hold_ary[$row['user_id']][$row['forum_id']]))
{
$hold_ary[$row['user_id']][$row['forum_id']][$flag] = ACL_YES;
}
}
}
}
}
$db->sql_freeresult($result);
@@ -641,16 +657,29 @@ class auth
{
$login = $method($username, $password);
// If login returned anything other than an array there was an error
if (!is_array($login))
// If login succeeded, we will log the user in... else we pass the login array through...
if ($login['status'] == LOGIN_SUCCESS)
{
/**
* @todo Login Attempt++
*/
return $login;
$result = $user->session_create($login['user_row']['user_id'], $admin, $autologin, $viewonline);
// Successful session creation
if ($result === true)
{
return array(
'status' => LOGIN_SUCCESS,
'error_msg' => false,
'user_row' => $login['user_row'],
);
}
return array(
'status' => LOGIN_BREAK,
'error_msg' => $result,
'user_row' => $login['user_row'],
);
}
return $user->session_create($login['user_id'], $admin, $autologin, $viewonline);
return $login;
}
}

102
phpBB/includes/auth/auth_db.php
View File

@@ -24,22 +24,114 @@ function login_db(&$username, &$password)
{
global $db, $config;
$sql = 'SELECT user_id, username, user_password, user_passchg, user_email, user_type
$sql = 'SELECT user_id, username, user_password, user_passchg, user_email, user_type, user_login_attempts
FROM ' . USERS_TABLE . "
WHERE username = '" . $db->sql_escape($username) . "'";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
if ($row)
if (!$row)
{
if (md5($password) == $row['user_password'])
return array(
'status' => LOGIN_ERROR_USERNAME,
'error_msg' => 'LOGIN_ERROR_USERNAME',
'user_row' => array('user_id' => ANONYMOUS),
);
}
// If there are too much login attempts, we need to check for an confirm image
// Every auth module is able to define what to do by itself...
if ($config['max_login_attempts'] && $row['user_login_attempts'] > $config['max_login_attempts'])
{
$confirm_id = request_var('confirm_id', '');
$confirm_code = request_var('confirm_code', '');
// Visual Confirmation handling
if (!$confirm_id)
{
return ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE) ? 0 : $row;
return array(
'status' => LOGIN_ERROR_ATTEMPTS,
'error_msg' => 'LOGIN_ERROR_ATTEMPTS',
'user_row' => $row,
);
}
else
{
global $user;
$sql = 'SELECT code
FROM ' . CONFIRM_TABLE . "
WHERE confirm_id = '" . $db->sql_escape($confirm_id) . "'
AND session_id = '" . $db->sql_escape($user->session_id) . "'
AND confirm_type = " . CONFIRM_LOGIN;
$result = $db->sql_query($sql);
$confirm_row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
if ($confirm_row)
{
if ($confirm_row['code'] != $confirm_code)
{
return array(
'status' => LOGIN_ERROR_ATTEMPTS,
'error_msg' => 'CONFIRM_CODE_WRONG',
'user_row' => $row,
);
}
else
{
$sql = 'DELETE FROM ' . CONFIRM_TABLE . "
WHERE confirm_id = '" . $db->sql_escape($confirm_id) . "'
AND session_id = '" . $db->sql_escape($user->session_id) . "'
AND confirm_type = " . CONFIRM_LOGIN;
$db->sql_query($sql);
}
}
else
{
return array(
'status' => LOGIN_ERROR_ATTEMPTS,
'error_msg' => 'CONFIRM_CODE_WRONG',
'user_row' => $row,
);
}
}
}
return false;
// Password correct...
if (md5($password) == $row['user_password'])
{
// Successful, reset login attempts (the user passed all stages)
$db->sql_query('UPDATE ' . USERS_TABLE . ' SET user_login_attempts = 0 WHERE user_id = ' . $row['user_id']);
// User inactive...
if ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE)
{
return array(
'status' => LOGIN_ERROR_ACTIVE,
'error_msg' => 'ACTIVE_ERROR',
'user_row' => $row,
);
}
// Successful login... set user_login_attempts to zero...
return array(
'status' => LOGIN_SUCCESS,
'error_msg' => false,
'user_row' => $row,
);
}
// Password incorrect - increase login attempts
$db->sql_query('UPDATE ' . USERS_TABLE . ' SET user_login_attempts = user_login_attempts + 1 WHERE user_id = ' . $row['user_id']);
// Give status about wrong password...
return array(
'status' => LOGIN_ERROR_PASSWORD,
'error_msg' => 'LOGIN_ERROR_PASSWORD',
'user_row' => $row,
);
}
?>

21
phpBB/includes/constants.php
View File

@@ -35,6 +35,15 @@ define('ACL_NO', 0);
define('ACL_YES', 1);
define('ACL_UNSET', -1);
// Login error codes
define('LOGIN_CONTINUE', 1);
define('LOGIN_BREAK', 2);
define('LOGIN_SUCCESS', 3);
define('LOGIN_ERROR_USERNAME', 10);
define('LOGIN_ERROR_PASSWORD', 11);
define('LOGIN_ERROR_ACTIVE', 12);
define('LOGIN_ERROR_ATTEMPTS', 13);
// Group settings
define('GROUP_OPEN', 0);
define('GROUP_CLOSED', 1);
@@ -83,19 +92,23 @@ define('PRIVMSGS_OUTBOX', -2);
define('PRIVMSGS_SENTBOX', -1);
define('PRIVMSGS_INBOX', 0);
// Report Types
define('REPORT_POST', 1);
define('REPORT_GENERAL', 2);
// Full Folder Actions
define('FULL_FOLDER_NONE', -3);
define('FULL_FOLDER_DELETE', -2);
define('FULL_FOLDER_HOLD', -1);
// Reason types
define('REPORT_REASON_SPECIAL', 1);
define('REPORT_REASON_NORMAL', 2);
// Download Modes - Attachments
define('INLINE_LINK', 1);
define('PHYSICAL_LINK', 2);
// Confirm types
define('CONFIRM_REG', 1);
define('CONFIRM_LOGIN', 2);
// Categories - Attachments
define('ATTACHMENT_CATEGORY_NONE', 0);
define('ATTACHMENT_CATEGORY_IMAGE', 1); // Inline Images

59
phpBB/includes/functions.php
View File

@@ -136,11 +136,11 @@ function gen_rand_string($num_chars)
* Return unique id
* @param $extra additional entropy for call to mt_srand
*/
function unique_id($extra = 0)
function unique_id($extra = 0, $prefix = false)
{
list($usec, $sec) = explode(' ', microtime());
mt_srand((float) $extra + (float) $sec + ((float) $usec * 100000));
return uniqid(mt_rand(), true);
return uniqid(($prefix === false) ? mt_rand() : $prefix, true);
}
if (!function_exists('array_combine'))
@@ -1318,7 +1318,10 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa
$admin = ($admin) ? 1 : 0;
// If authentication is successful we redirect user to previous page
if (($result = $auth->login($username, $password, $autologin, $viewonline, $admin)) === true)
$result = $auth->login($username, $password, $autologin, $viewonline, $admin);
// The result parameter is always an array, holding the relevant informations...
if ($result['status'] == LOGIN_SUCCESS)
{
// If admin authentication
if ($admin)
@@ -1329,7 +1332,9 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa
}
else
{
// Authenticated, but not having admin permissions
add_log('admin', 'LOG_ADMIN_AUTH_FAIL');
trigger_error('NO_AUTH_ADMIN');
}
}
@@ -1340,19 +1345,57 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa
trigger_error($message);
}
// The user wanted to re-authenticate, but something failed - log this
if ($admin)
{
add_log('admin', 'LOG_ADMIN_AUTH_FAIL');
}
// If we get a non-numeric (e.g. string) value we output an error
if (is_string($result))
// Something failed, determine what...
if ($result['status'] == LOGIN_BREAK)
{
trigger_error($result, E_USER_ERROR);
trigger_error($result['error_msg'], E_USER_ERROR);
}
// If we get an integer zero then we are inactive, else the username/password is wrong
$err = ($result === 0) ? $user->lang['ACTIVE_ERROR'] : $user->lang['LOGIN_ERROR'];
// Special cases... determine
switch ($result['status'])
{
case LOGIN_ERROR_ATTEMPTS:
// Show confirm image
$sql = 'DELETE FROM ' . CONFIRM_TABLE . "
WHERE session_id = '" . $db->sql_escape($user->session_id) . "'
AND confirm_type = " . CONFIRM_LOGIN;
$db->sql_query($sql);
// Generate code
$code = gen_rand_string(mt_rand(5, 8));
$confirm_id = md5(unique_id(0, $user->ip));
$sql = 'INSERT INTO ' . CONFIRM_TABLE . ' ' . $db->sql_build_array('INSERT', array(
'confirm_id' => (string) $confirm_id,
'session_id' => (string) $user->session_id,
'confirm_type' => (int) CONFIRM_LOGIN,
'code' => (string) $code)
);
$db->sql_query($sql);
$template->assign_vars(array(
'S_CONFIRM_CODE' => true,
'CONFIRM_ID' => $confirm_id,
'CONFIRM_IMAGE' => '<img src="' . $phpbb_root_path . 'ucp.' . $phpEx . $SID . '&amp;mode=confirm&amp;id=' . $confirm_id . '&amp;type=' . CONFIRM_LOGIN . '" alt="" title="" />',
'L_LOGIN_CONFIRM_EXPLAIN' => sprintf($user->lang['LOGIN_CONFIRM_EXPLAIN'], '<a href="mailto:' . htmlentities($config['board_contact']) . '">', '</a>'),
));
$err = $user->lang[$result['error_msg']];
break;
// Username, password, etc...
default:
$err = $user->lang[$result['error_msg']];
break;
}
}
if (!$redirect)

4
phpBB/includes/functions_admin.php
View File

@@ -457,7 +457,7 @@ function move_posts($post_ids, $topic_id, $auto_sync = true)
{
$forum_ids[] = $row['forum_id'];
sync('reported', 'topic_id', $topic_ids);
sync('topic_reported', 'topic_id', $topic_ids);
sync('topic', 'topic_id', $topic_ids, true);
sync('forum', 'forum_id', $forum_ids, true);
}
@@ -609,7 +609,7 @@ function delete_posts($where_type, $where_ids, $auto_sync = true)
if ($auto_sync)
{
sync('reported', 'topic_id', $topic_ids);
sync('topic_reported', 'topic_id', $topic_ids);
sync('topic', 'topic_id', $topic_ids, true);
sync('forum', 'forum_id', $forum_ids, true);
}

31
phpBB/includes/functions_display.php
View File

@@ -893,4 +893,35 @@ function display_attachments($forum_id, $blockname, &$attachment_data, &$update_
// $totaltime = $mtime[0] + $mtime[1] - $starttime;
}
/**
* Display reasons
*/
function display_reasons($reason_id = 0)
{
global $db, $user, $template;
$sql = 'SELECT *
FROM ' . REASONS_TABLE . '
ORDER BY reason_order ASC';
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result))
{
// If the reason is defined within the language file, we will use the localized version, else just use the database entry...
if (isset($user->lang['report_reasons']['TITLE'][strtoupper($row['reason_title'])]) && isset($user->lang['report_reasons']['DESCRIPTION'][strtoupper($row['reason_title'])]))
{
$row['reson_description'] = $user->lang['report_reasons']['DESCRIPTION'][strtoupper($row['reason_title'])];
$row['reason_title'] = $user->lang['report_reasons']['TITLE'][strtoupper($row['reason_title'])];
}
$template->assign_block_vars('reason', array(
'ID' => $row['reason_id'],
'TITLE' => $row['reason_title'],
'DESCRIPTION' => $row['reason_description'],
'S_SELECTED' => ($row['reason_id'] == $reason_id) ? true : false)
);
}
$db->sql_freeresult($result);
}
?>

2
phpBB/includes/functions_messenger.php
View File

@@ -299,7 +299,7 @@ class messenger
$headers .= 'Return-Path: <' . $config['board_email'] . ">\n";
$headers .= 'Sender: <' . $config['board_email'] . ">\n";
$headers .= "MIME-Version: 1.0\n";
$headers .= 'Message-ID: <' . md5(uniqid(time())) . "@" . $config['server_name'] . ">\n";
$headers .= 'Message-ID: <' . md5(uniqe_id(0, time())) . "@" . $config['server_name'] . ">\n";
$headers .= 'Date: ' . gmdate('D, d M Y H:i:s T', time()) . "\n";
$headers .= "Content-type: text/plain; charset={$this->encoding}\n";
$headers .= "Content-transfer-encoding: 8bit\n";

2
phpBB/includes/functions_privmsgs.php
View File

@@ -33,7 +33,6 @@ define('RULE_IS_USER', 9); // Is User
define('RULE_IS_GROUP', 10); // Is In Usergroup
define('RULE_ANSWERED', 11); // Answered
define('RULE_FORWARDED', 12); // Forwarded
define('RULE_REPORTED', 13); // Reported
define('RULE_TO_GROUP', 14); // Usergroup
define('RULE_TO_ME', 15); // Me
@@ -78,7 +77,6 @@ $global_privmsgs_rules = array(
CHECK_STATUS => array(
RULE_ANSWERED => array('check0' => 'replied', 'function' => '{CHECK0} == 1'),
RULE_FORWARDED => array('check0' => 'forwarded', 'function' => '{CHECK0} == 1'),
RULE_REPORTED => array('check0' => 'message_reported', 'function' => '{CHECK0} == 1')),
CHECK_TO => array(
RULE_TO_GROUP => array('check0' => 'to', 'check1' => 'bcc', 'check2' => 'user_in_group', 'function' => 'in_array("g_" . {CHECK2}, {CHECK0}) || in_array("g_" . {CHECK2}, {CHECK1})'),

8
phpBB/includes/functions_upload.php
View File

@@ -91,6 +91,12 @@ class filespec
switch ($mode)
{
case 'real':
// Remove every extension from filename (to not let the mime bug being exposed)
if (strpos($this->realname, '.') !== false)
{
$this->realname = substr($this->realname, 0, strpos($this->realname, '.'));
}
// Replace any chars which may cause us problems with _
$bad_chars = array("'", "\\", ' ', '/', ':', '*', '?', '"', '<', '>', '|');
@@ -575,7 +581,7 @@ class fileupload
unset($url_ary);
$tmp_path = (!@ini_get('safe_mode')) ? false : $phpbb_root_path . 'cache';
$filename = tempnam($tmp_path, uniqid(rand()) . '-');
$filename = tempnam($tmp_path, unique_id() . '-');
if (!($fp = @fopen($filename, 'wb')))
{

2
phpBB/includes/mcp/mcp_main.php
View File

@@ -964,7 +964,7 @@ class mcp_main_info
'version' => '1.0.0',
'modes' => array(
'forum_view' => array('title' => 'MCP_MAIN_FORUM_VIEW', 'auth' => 'acl_m_,$id'),
'front' => array('title' => 'MCP_MAIN_FRONT', 'auth' => ''),
'front' => array('title' => 'MCP_MAIN_FRONT', 'auth' => 'acl_m_'),
'post_details' => array('title' => 'MCP_MAIN_POST_DETAILS', 'auth' => 'acl_m_,$id'),
'topic_view' => array('title' => 'MCP_MAIN_TOPIC_VIEW', 'auth' => 'acl_m_,$id'),
),

11
phpBB/includes/mcp/mcp_post.php
View File

@@ -165,10 +165,17 @@ function mcp_post_details($id, $mode, $action)
do
{
// If the reason is defined within the language file, we will use the localized version, else just use the database entry...
if (isset($user->lang['report_reasons']['TITLE'][strtoupper($row['reason_title'])]) && isset($user->lang['report_reasons']['DESCRIPTION'][strtoupper($row['reason_title'])]))
{
$row['reson_description'] = $user->lang['report_reasons']['DESCRIPTION'][strtoupper($row['reason_title'])];
$row['reason_title'] = $user->lang['report_reasons']['TITLE'][strtoupper($row['reason_title'])];
}
$template->assign_block_vars('reports', array(
'REPORT_ID' => $row['report_id'],
'REASON_TITLE' => $user->lang['report_reasons']['TITLE'][strtoupper($row['reason_name'])],
'REASON_DESC' => $user->lang['report_reasons']['DESCRIPTION'][strtoupper($row['reason_name'])],
'REASON_TITLE' => $row['reason_title'],
'REASON_DESC' => $row['reason_description'],
'REPORTER' => ($row['user_id'] != ANONYMOUS) ? $row['username'] : $user->lang['GUEST'],
'U_REPORTER' => ($row['user_id'] != ANONYMOUS) ? "{$phpbb_root_path}memberlist.$phpEx$SID&amp;mode=viewprofile&amp;u={$row['user_id']}" : '',
'USER_NOTIFY' => ($row['user_notify']) ? true : false,

32
phpBB/includes/mcp/mcp_queue.php
View File

@@ -542,23 +542,25 @@ function disapprove_post($post_id_list, $mode)
if ($reason_id)
{
$sql = 'SELECT reason_name
$sql = 'SELECT reason_title, reason_description
FROM ' . REASONS_TABLE . "
WHERE reason_id = $reason_id";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
if (!($row = $db->sql_fetchrow($result)) || (!$reason && $row['reason_name'] == 'other'))
if (!$row || (!$reason && $row['reason_title'] == 'other'))
{
$additional_msg = 'Please give an appropiate reason for disapproval';
unset($_POST['confirm']);
}
else
{
$disapprove_reason = ($row['reason_name'] != 'other') ? $user->lang['report_reasons']['DESCRIPTION'][strtoupper($row['reason_name'])] : '';
// If the reason is defined within the language file, we will use the localized version, else just use the database entry...
$disapprove_reason = ($row['reason_title'] != 'other') ? ((isset($user->lang['report_reasons']['DESCRIPTION'][strtoupper($row['reason_title'])]) ? $user->lang['report_reasons']['DESCRIPTION'][strtoupper($row['reason_title'])] : $row['reason_description']) : '';
$disapprove_reason .= ($reason) ? "\n\n" . $_REQUEST['reason'] : '';
unset($reason);
}
$db->sql_freeresult($result);
}
if (confirm_box(true))
@@ -683,27 +685,9 @@ function disapprove_post($post_id_list, $mode)
}
else
{
$sql = 'SELECT *
FROM ' . REASONS_TABLE . '
ORDER BY reason_priority ASC';
$result = $db->sql_query($sql);
include_once($phpbb_root_path . 'includes/functions_display.' . $phpEx);
while ($row = $db->sql_fetchrow($result))
{
$row['reason_name'] = strtoupper($row['reason_name']);
$reason_title = (!empty($user->lang['report_reasons']['TITLE'][$row['reason_name']])) ? $user->lang['report_reasons']['TITLE'][$row['reason_name']] : ucwords(str_replace('_', ' ', $row['reason_name']));
$reason_desc = (!empty($user->lang['report_reasons']['DESCRIPTION'][$row['reason_name']])) ? $user->lang['report_reasons']['DESCRIPTION'][$row['reason_name']] : $row['reason_desc'];
$template->assign_block_vars('reason', array(
'ID' => $row['reason_id'],
'NAME' => htmlspecialchars($reason_title),
'DESCRIPTION' => htmlspecialchars($reason_desc),
'S_SELECTED' => ($row['reason_id'] == $reason_id) ? true : false)
);
}
$db->sql_freeresult($result);
display_reasons($reason_id);
$template->assign_vars(array(
'S_NOTIFY_POSTER' => true,

2
phpBB/includes/session.php
View File

@@ -773,7 +773,7 @@ class user extends session
var $img_lang;
// Able to add new option (id 7)
var $keyoptions = array('viewimg' => 0, 'viewflash' => 1, 'viewsmilies' => 2, 'viewsigs' => 3, 'viewavatars' => 4, 'viewcensors' => 5, 'attachsig' => 6, 'bbcode' => 8, 'smilies' => 9, 'popuppm' => 10, 'report_pm_notify' => 11);
var $keyoptions = array('viewimg' => 0, 'viewflash' => 1, 'viewsmilies' => 2, 'viewsigs' => 3, 'viewavatars' => 4, 'viewcensors' => 5, 'attachsig' => 6, 'bbcode' => 8, 'smilies' => 9, 'popuppm' => 10);
var $keyvalues = array();
function setup($lang_set = false, $style = false)

10
phpBB/includes/template.php
View File

@@ -314,7 +314,7 @@ class template
// Now we add the block that we're actually assigning to.
// We're adding a new iteration to this block with the given
// variable assignments.
$str[$blocks[$blockcount]][] = &$vararray;
$str[$blocks[$blockcount]][] = $vararray;
}
else
{
@@ -337,7 +337,7 @@ class template
// Add a new iteration to this block with the variable assignments
// we were given.
$this->_tpldata[$blockname][] = &$vararray;
$this->_tpldata[$blockname][] = $vararray;
}
return true;
@@ -349,7 +349,7 @@ class template
* Some Examples:
* <code>
*
* alter_block_array('loop', $varrarray); // Insert vararray at the end
* alter_block_array('loop', $vararray); // Insert vararray at the beginning
* alter_block_array('loop', $vararray, 2); // Insert vararray at position 2
* alter_block_array('loop', $vararray, array('KEY' => 'value')); // Insert vararray at the position where the key 'KEY' has the value of 'value'
* alter_block_array('loop', $vararray, false); // Insert vararray at first position
@@ -447,7 +447,7 @@ class template
// Insert vararray at given position
$vararray['S_ROW_COUNT'] = $key;
$this->_tpldata[$blockname][$key] = &$vararray;
$this->_tpldata[$blockname][$key] = $vararray;
return true;
}
@@ -460,7 +460,7 @@ class template
$key--;
}
$this->_tpldata[$blockname][$key] = array_merge($this->_tpldata[$blockname][$key], &$vararray);
$this->_tpldata[$blockname][$key] = array_merge($this->_tpldata[$blockname][$key], $vararray);
return true;
}
}

6
phpBB/includes/ucp/ucp_confirm.php
View File

@@ -28,8 +28,9 @@ class ucp_confirm
// Do we have an id? No, then just exit
$confirm_id = request_var('id', '');
$type = request_var('type', 0);
if (!$confirm_id)
if (!$confirm_id || !$type)
{
exit;
}
@@ -38,7 +39,8 @@ class ucp_confirm
$sql = 'SELECT code
FROM ' . CONFIRM_TABLE . "
WHERE session_id = '" . $db->sql_escape($user->session_id) . "'
AND confirm_id = '" . $db->sql_escape($confirm_id) . "'";
AND confirm_id = '" . $db->sql_escape($confirm_id) . "'
AND confirm_type = $type";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);

11
phpBB/includes/ucp/ucp_pm_viewfolder.php
View File

@@ -29,7 +29,7 @@ function view_folder($id, $mode, $folder_id, $folder, $type)
$icons = array();
$cache->obtain_icons($icons);
$color_rows = array('marked', 'replied', 'message_reported', 'friend', 'foe');
$color_rows = array('marked', 'replied', 'friend', 'foe');
foreach ($color_rows as $var)
{
@@ -167,14 +167,11 @@ function view_folder($id, $mode, $folder_id, $folder, $type)
'PM_IMG' => ($row_indicator) ? $user->img('pm_' . $row_indicator, '') : '',
'ATTACH_ICON_IMG' => ($auth->acl_get('u_download') && $row['message_attachment'] && $config['allow_pm_attach'] && $config['auth_download_pm']) ? $user->img('icon_attach', $user->lang['TOTAL_ATTACHMENTS']) : '',
'S_PM_REPORTED' => (!empty($row['message_reported']) && $auth->acl_get('m_')) ? true : false,
'S_PM_DELETED' => ($row['deleted']) ? true : false,
'U_VIEW_PM' => ($row['deleted']) ? '' : $view_message_url,
'U_REMOVE_PM' => ($row['deleted']) ? $remove_message_url : '',
'RECIPIENTS' => ($folder_id == PRIVMSGS_OUTBOX || $folder_id == PRIVMSGS_SENTBOX) ? implode(', ', $address_list[$message_id]) : '',
'U_MCP_REPORT' => "{$phpbb_root_path}mcp.$phpEx?sid={$user->session_id}&amp;i=reports&amp;pm=$message_id")
// 'U_MCP_QUEUE' => "mcp.$phpEx?sid={$user->session_id}&amp;i=mod_queue&amp;t=$topic_id")
'RECIPIENTS' => ($folder_id == PRIVMSGS_OUTBOX || $folder_id == PRIVMSGS_SENTBOX) ? implode(', ', $address_list[$message_id]) : '')
);
}
unset($folder_info['rowset']);
@@ -437,8 +434,6 @@ function get_pm_from($folder_id, $folder, $user_id, $url, $type = 'folder')
'POST_IMG' => (!$auth->acl_get('u_sendpm')) ? $user->img('btn_locked', 'PM_LOCKED') : $user->img('btn_post_pm', 'POST_PM'),
'REPORTED_IMG' => $user->img('icon_reported', 'MESSAGE_REPORTED'),
'L_NO_MESSAGES' => (!$auth->acl_get('u_sendpm')) ? $user->lang['POST_PM_LOCKED'] : $user->lang['NO_MESSAGES'],
'S_SELECT_SORT_DIR' => $s_sort_dir,
@@ -476,7 +471,7 @@ function get_pm_from($folder_id, $folder, $user_id, $url, $type = 'folder')
$sql_start = $start;
}
$sql = 'SELECT t.*, p.author_id, p.root_level, p.message_time, p.message_subject, p.icon_id, p.message_reported, p.to_address, p.message_attachment, p.bcc_address, u.username
$sql = 'SELECT t.*, p.author_id, p.root_level, p.message_time, p.message_subject, p.icon_id, p.to_address, p.message_attachment, p.bcc_address, u.username
FROM ' . PRIVMSGS_TO_TABLE . ' t, ' . PRIVMSGS_TABLE . ' p, ' . USERS_TABLE . " u
WHERE t.user_id = $user_id
AND p.author_id = u.user_id

7
phpBB/includes/ucp/ucp_pm_viewmessage.php
View File

@@ -164,8 +164,6 @@ function view_message($id, $mode, $folder_id, $msg_id, $folder, $message_row)
'S_ONLINE' => (!$config['load_onlinetrack']) ? false : ((isset($user_info['online']) && $user_info['online']) ? true : false),
'DELETE_IMG' => $user->img('btn_delete', $user->lang['DELETE_MESSAGE']),
'INFO_IMG' => $user->img('btn_info', $user->lang['VIEW_PM_INFO']),
'REPORT_IMG' => $user->img('btn_report', $user->lang['REPORT_PM']),
'REPORTED_IMG' => $user->img('icon_reported', $user->lang['MESSAGE_REPORTED_MESSAGE']),
'PROFILE_IMG' => $user->img('btn_profile', $user->lang['READ_PROFILE']),
'EMAIL_IMG' => $user->img('btn_email', $user->lang['SEND_EMAIL']),
'QUOTE_IMG' => $user->img('btn_quote', $user->lang['POST_QUOTE_PM']),
@@ -179,9 +177,7 @@ function view_message($id, $mode, $folder_id, $msg_id, $folder, $message_row)
'SIGNATURE' => ($message_row['enable_sig']) ? $signature : '',
'EDITED_MESSAGE' => $l_edited_by,
'U_MCP_REPORT' => "{$phpbb_root_path}mcp.$phpEx$SID&amp;mode=pm_details&amp;p=" . $message_row['msg_id'],
'U_REPORT' => ($config['auth_report_pm'] && $auth->acl_get('u_pm_report')) ? "{$phpbb_root_path}report.$phpEx$SID&amp;pm=" . $message_row['msg_id'] : '',
'U_INFO' => ($auth->acl_get('m_') && ($message_row['message_reported'] || $message_row['forwarded'])) ? "{$phpbb_root_path}mcp.$phpEx$SID&amp;mode=pm_details&amp;p=" . $message_row['msg_id'] : '',
'U_INFO' => ($auth->acl_get('m_') && $message_row['forwarded']) ? "{$phpbb_root_path}mcp.$phpEx$SID&amp;mode=pm_details&amp;p=" . $message_row['msg_id'] : '',
'U_DELETE' => ($auth->acl_get('u_pm_delete')) ? "$url&amp;mode=compose&amp;action=delete&amp;f=$folder_id&amp;p=" . $message_row['msg_id'] : '',
'U_AUTHOR_PROFILE' => "{$phpbb_root_path}memberlist.$phpEx$SID&amp;mode=viewprofile&amp;u=" . $author_id,
'U_EMAIL' => $user_info['email'],
@@ -191,7 +187,6 @@ function view_message($id, $mode, $folder_id, $msg_id, $folder, $message_row)
'U_PREVIOUS_PM' => "$url&amp;f=$folder_id&amp;p=" . $message_row['msg_id'] . "&amp;view=previous",
'U_NEXT_PM' => "$url&amp;f=$folder_id&amp;p=" . $message_row['msg_id'] . "&amp;view=next",
'S_MESSAGE_REPORTED'=> ($message_row['message_reported'] && $auth->acl_get('m_')) ? true : false,
'S_HAS_ATTACHMENTS' => (sizeof($attachments)) ? true : false,
'S_DISPLAY_NOTICE' => $display_notice && $message_row['message_attachment'],

7
phpBB/includes/ucp/ucp_prefs.php
View File

@@ -42,7 +42,6 @@ class ucp_prefs
'notifypm' => true,
'popuppm' => false,
'allowpm' => true,
'report_pm_notify' => false
);
foreach ($var_ary as $var => $default)
@@ -63,7 +62,6 @@ class ucp_prefs
if (!sizeof($error))
{
$user->optionset('popuppm', $popuppm);
$user->optionset('report_pm_notify', $report_pm_notify);
$sql_ary = array(
'user_allow_pm' => $allowpm,
@@ -113,9 +111,6 @@ class ucp_prefs
$popuppm = (isset($popuppm)) ? $popuppm : $user->optionget('popuppm');
$popup_pm_yes = ($popuppm) ? ' checked="checked"' : '';
$popup_pm_no = (!$popuppm) ? ' checked="checked"' : '';
$report_pm_notify = (isset($report_pm_notify)) ? $report_pm_notify : $user->optionget('report_pm_notify');
$report_pm_notify_yes = ($report_pm_notify) ? ' checked="checked"' : '';
$report_pm_notify_no = (!$report_pm_notify) ? ' checked="checked"' : '';
$dst = (isset($dst)) ? $dst : $user->data['user_dst'];
$dst_yes = ($dst) ? ' checked="checked"' : '';
$dst_no = (!$dst) ? ' checked="checked"' : '';
@@ -160,8 +155,6 @@ class ucp_prefs
'NOTIFY_PM_NO' => $notify_pm_no,
'POPUP_PM_YES' => $popup_pm_yes,
'POPUP_PM_NO' => $popup_pm_no,
'REPORT_PM_YES' => $report_pm_notify_yes,
'REPORT_PM_NO' => $report_pm_notify_no,
'DST_YES' => $dst_yes,
'DST_NO' => $dst_no,
'NOTIFY_EMAIL' => ($notifymethod == NOTIFY_EMAIL) ? 'checked="checked"' : '',

18
phpBB/includes/ucp/ucp_register.php
View File

@@ -150,7 +150,8 @@ class ucp_register
$sql = 'SELECT code
FROM ' . CONFIRM_TABLE . "
WHERE confirm_id = '" . $db->sql_escape($confirm_id) . "'
AND session_id = '" . $db->sql_escape($user->session_id) . "'";
AND session_id = '" . $db->sql_escape($user->session_id) . "'
AND confirm_type = " . CONFIRM_REG;
$result = $db->sql_query($sql);
if ($row = $db->sql_fetchrow($result))
@@ -164,7 +165,8 @@ class ucp_register
{
$sql = 'DELETE FROM ' . CONFIRM_TABLE . "
WHERE confirm_id = '" . $db->sql_escape($confirm_id) . "'
AND session_id = '" . $db->sql_escape($user->session_id) . "'";
AND session_id = '" . $db->sql_escape($user->session_id) . "'
AND confirm_type = " . CONFIRM_REG;
$db->sql_query($sql);
}
}
@@ -401,14 +403,16 @@ class ucp_register
while ($row = $db->sql_fetchrow($result));
$sql = 'DELETE FROM ' . CONFIRM_TABLE . '
WHERE session_id NOT IN (' . implode(', ', $sql_in) . ')';
WHERE session_id NOT IN (' . implode(', ', $sql_in) . ')
AND confirm_type = ' . CONFIRM_REG;
$db->sql_query($sql);
}
$db->sql_freeresult($result);
$sql = 'SELECT COUNT(session_id) AS attempts
FROM ' . CONFIRM_TABLE . "
WHERE session_id = '" . $db->sql_escape($user->session_id) . "'";
WHERE session_id = '" . $db->sql_escape($user->session_id) . "'
AND confirm_type = " . CONFIRM_REG;
$result = $db->sql_query($sql);
if ($row = $db->sql_fetchrow($result))
@@ -421,18 +425,18 @@ class ucp_register
$db->sql_freeresult($result);
$code = gen_rand_string(mt_rand(5, 8));
$confirm_id = md5(uniqid($user->ip));
$confirm_id = md5(unique_id(0, $user->ip));
$sql = 'INSERT INTO ' . CONFIRM_TABLE . ' ' . $db->sql_build_array('INSERT', array(
'confirm_id' => (string) $confirm_id,
'session_id' => (string) $user->session_id,
'confirm_type' => (int) CONFIRM_REG,
'code' => (string) $code)
);
$db->sql_query($sql);
}
$confirm_image = "<img src=\"ucp.$phpEx$SID&amp;mode=confirm&amp;id=$confirm_id\" alt=\"\" title=\"\" />";
$confirm_image = '<img src="' . $phpbb_root_path . 'ucp.' . $phpEx . $SID . '&amp;mode=confirm&amp;id=' . $confirm_id . '&amp;type=' . CONFIRM_REG . '" alt="" title="" />';
$s_hidden_fields .= '<input type="hidden" name="confirm_id" value="' . $confirm_id . '" />';
}

367
phpBB/includes/ucp/ucp_reports.php
View File

@@ -1,367 +0,0 @@
<?php
/**
*
* @package ucp
* @version $Id$
* @copyright (c) 2005 phpBB Group
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
*
*/
/**
* @package ucp
* ucp_reports
*/
class ucp_reports
{
function main($id, $mode)
{
global $config, $db, $user, $auth, $SID, $template, $phpbb_root_path, $phpEx;
switch ($mode)
{
case 'list':
$this->ucp_reports_list($id, $mode);
break;
case 'report':
$this->ucp_reports_report($id, $mode);
break;
}
}
function ucp_reports_list($id, $mode)
{
global $db, $user, $config, $template;
$sql = "SELECT
r.report_id, r.report_time, r.report_status,
p.post_id, p.poster_id,
t.topic_id, t.topic_title,
f.forum_id, f.forum_name,
u.username
FROM " .
REPORTS_TABLE . " r
LEFT JOIN " . POSTS_TABLE . " p USING (post_id)
LEFT JOIN " . TOPICS_TABLE . " t USING (topic_id)
LEFT JOIN " . FORUMS_TABLE . " f USING (forum_id)," .
REASONS_TABLE . " re, " .
USERS_TABLE . " u
WHERE
p.poster_id = u.user_id
&& r.reason_id = re.reason_id
&& r.user_id = " . $user->data['user_id'] . "
ORDER BY
report_time DESC";
$start = request_var('start', 0);
$result = $db->sql_query_limit($sql, $config['topics_per_page'], $start);
while ($row = $db->sql_fetchrow($result))
{
if ($row['poster_id'] == ANONYMOUS)
{
$poster = (!empty($row['post_username'])) ? $row['post_username'] : $user->lang['GUEST'];
}
else
{
$poster = $row['username'];
}
$template->assign_block_vars('report', array(
'U_FORUM' => "mcp.$phpEx$SID&amp;i=report&amp;mode=&amp;f={$row['forum_id']}",
// Q: Why accessing the topic by a post_id instead of its topic_id?
// A: To prevent the post from being hidden because of wrong encoding or different charset
'U_REPORT_TOPIC' => "mcp.$phpEx$SID&amp;i=report&amp;mode=report_view_topic&amp;t={$row['topic_id']}",
'U_VIEW_DETAILS'=> "mcp.$phpEx$SID&amp;i=queue&amp;start=$start&amp;mode=approve_details&amp;f={$forum_id}&amp;p={$row['post_id']}",
'U_VIEWPROFILE' => ($row['poster_id'] != ANONYMOUS) ? "memberlist.$phpEx$SID&amp;mode=viewprofile&amp;u={$row['poster_id']}" : '',
'REPORT_COUNT' => $row['report_count'],
'FORUM_NAME' => $row['forum_name'],
'TOPIC_TITLE' => $row['topic_title'],
'POSTER' => $poster,
'REPORT_TIME' => $user->format_date($row['report_time']),
)
);
}
$db->sql_freeresult($result);
$this->tpl_name = 'ucp_reports_list';
}
function ucp_reports_report($id, $mode)
{
global $db, $user, $config, $template, $auth;
$post_id = request_var('p', 0);
$report_type = ($post_id > 0) ? REPORT_POST : REPORT_GENERAL;
// Insert or update report in the database if a form has been submitted
if (isset($_POST['submit']))
{
$report_id = request_var('report_id', 0);
$reason_id = request_var('reason_id', 0);
$user_notify = (!empty($_REQUEST['notify']) && $user->data['is_registered']) ? true : false;
$report_text = request_var('report_text', '');
$sql = 'SELECT reason_name
FROM ' . REASONS_TABLE . "
WHERE reason_id = $reason_id";
$result = $db->sql_query($sql);
// TODO: 'other' is used as a special value. Make sure that you can't remove this in the admin.
if (!($row = $db->sql_fetchrow($result)) || (!$report_text && $row['reason_name'] == 'other'))
{
trigger_error('EMPTY_REPORT');
}
$db->sql_freeresult($result);
if (!empty($user->lang['report_reasons']['DESCRIPTION'][$row['reason_name']]))
{
$reason_desc = $user->lang['report_reasons']['DESCRIPTION'][$row['reason_name']];
}
else
{
$reason_desc = $row['reason_name'];
}
$sql_ary = array(
'reason_id' => (int) $reason_id,
'reason_type' => (int) $report_type,
'post_id' => (int) $post_id,
'user_id' => (int) $user->data['user_id'],
'user_notify' => (int) $user_notify,
'report_time' => (int) time(),
'report_text' => (string) $report_text // TODO: Add some BBcode magic
);
if ($report_id)
{
$sql = 'UPDATE ' . REPORTS_TABLE . '
SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
WHERE report_id = ' . $report_id . ' user_id = ' . $user->data['user_id'];
$db->sql_query($sql);
if ($db->sql_affectedrows() == 0)
{
// TODO: i18n?
trigger_error("You tried to change a report that isn't yours.");
}
}
else
{
$sql = 'INSERT INTO ' . REPORTS_TABLE . ' ' .
$db->sql_build_array('INSERT', $sql_ary);
$db->sql_query($sql);
$report_id = $db->sql_nextid();
}
if (!$report_data['post_reported'])
{
$sql = 'UPDATE ' . POSTS_TABLE . '
SET post_reported = 1
WHERE post_id = ' . $id;
$db->sql_query($sql);
}
if (!$report_data['topic_reported'])
{
$sql = 'UPDATE ' . TOPICS_TABLE . '
SET topic_reported = 1
WHERE topic_id = ' . $report_data['topic_id'];
$db->sql_query($sql);
}
// Send Notifications
// All persons get notified about a new report, if notified by PM, send out email notifications too
// Send notifications to moderators
$acl_list = $auth->acl_get_list(false, array('m_', 'a_'), array(0, $report_data['forum_id']));
$notify_user = $acl_list[$report_data['forum_id']]['m_'];
$notify_user = array_unique(array_merge($notify_user, $acl_list[0]['a_']));
unset($acl_list);
// How to notify them?
$sql = 'SELECT user_id, username, user_options, user_lang, user_email, user_notify_type, user_jabber
FROM ' . USERS_TABLE . '
WHERE user_id IN (' . implode(', ', $notify_user) . ')';
$result = $db->sql_query($sql);
$notify_user = array();
while ($row = $db->sql_fetchrow($result))
{
$notify_user[$row['user_id']] = array(
'name' => $row['username'],
'email' => $row['user_email'],
'jabber'=> $row['user_jabber'],
'lang' => $row['user_lang'],
'notify_type' => $row['user_notify_type'],
'pm' => $user->optionget('report_pm_notify', $row['user_options'])
);
}
$db->sql_freeresult($result);
$report_data = array(
'id' => $id,
'report_id' => $report_id,
'reporter' => $user->data['username'],
'reason' => $reason_desc,
'text' => $report_text,
'subject' => $report_data['post_subject'],
'view_post' => ($report_type == REPORT_POST) ? "viewtopic.$phpEx?f={$report_data['forum_id']}&t={$report_data['topic_id']}&p=$id&e=$id" : ''
);
report_notification($notify_user, $report_type, $report_data);
meta_refresh(3, $redirect_url);
$message = $user->lang['POST_REPORTED_SUCCESS'] . '<br /><br />' . sprintf($user->lang[(($report_type == REPORT_POST) ? 'RETURN_TOPIC' : 'RETURN_PREVIOUS')], '<a href="' . $redirect_url . '">', '</a>');
trigger_error($message);
}
// Show the 'create report' form
// Report about a specific post or a general report (i.e. message to the mods)?
$post_id = (request_var('p', 0)) ? true : false;
if ($report_type == REPORT_POST)
{
$sql = 'SELECT
f.forum_id,
t.topic_id
FROM ' . POSTS_TABLE . ' p, ' . TOPICS_TABLE . ' t, ' . FORUMS_TABLE . " f
WHERE p.post_id = $post_id
AND p.topic_id = t.topic_id
AND p.forum_id = f.forum_id";
$result = $db->sql_query($sql);
if (!($report_data = $db->sql_fetchrow($result)))
{
$message = $user->lang['POST_NOT_EXIST'];
trigger_error($message);
}
$forum_id = $report_data['forum_id'];
$topic_id = $report_data['topic_id'];
// Check required permissions
$acl_check_ary = array('f_list' => 'POST_NOT_EXIST', 'f_read' => 'USER_CANNOT_READ', 'f_report' => 'USER_CANNOT_REPORT');
foreach ($acl_check_ary as $acl => $error)
{
if (!$auth->acl_get($acl, $forum_id))
{
trigger_error($error);
}
}
unset($acl_check_ary);
// Check if the post has already been reported by this user
$sql = "SELECT
report_id, reason_id, post_id, user_notify, report_time, report_text, report_status,
bbcode_uid, bbcode_bitfield
FROM " . REPORTS_TABLE . "
WHERE post_id = $post_id
AND user_id = " . $user->data['user_id'];
$result = $db->sql_query($sql);
if ($row = $db->sql_fetchrow($result))
{
if ($user->data['is_registered'])
{
// A report exists, extract $row if we're going to display the form
if ($reason_id)
{
$report_id = (int) $row['report_id'];
}
else
{
// Overwrite set variables
$report_id = $row['report_id'];
$reason_id = $row['reason_id'];
$post_id = $row['post_id'];
$user_notify = $row['user_notify'];
$report_time = $row['report_time'];
$report_text = $row['report_text'];
$report_status = $row['report_status'];
$bbcode_uid = $row['bbcode_uid'];
$bbcode_bitfield= $row['bbcode_bitfield'];
}
}
else
{
// TODO: is this what we want?
trigger_error($user->lang['ALREADY_REPORTED'] . '<br /><br />' . sprintf($user->lang[(($report_type == REPORT_POST) ? 'RETURN_TOPIC' : 'RETURN_PREVIOUS')], '<a href="' . $redirect_url . '">', '</a>'));
}
}
else
{
$report_id = 0;
}
}
// Show create report form
// Generate the form
$sql = "SELECT *
FROM " . REASONS_TABLE . "
WHERE report_type = $report_type
ORDER BY reason_priority ASC";
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result))
{
$row['reason_name'] = strtoupper($row['reason_name']);
$reason_title = (!empty($user->lang['report_reasons']['TITLE'][$row['reason_name']])) ? $user->lang['report_reasons']['TITLE'][$row['reason_name']] : ucwords(str_replace('_', ' ', $row['reason_name']));
$reason_desc = (!empty($user->lang['report_reasons']['DESCRIPTION'][$row['reason_name']])) ? $user->lang['report_reasons']['DESCRIPTION'][$row['reason_name']] : $row['reason_description'];
$template->assign_block_vars('reason', array(
'ID' => $row['reason_id'],
'NAME' => htmlspecialchars($reason_title),
'DESCRIPTION' => htmlspecialchars($reason_desc),
'S_SELECTED' => ($row['reason_id'] == $reason_id) ? true : false)
);
}
$template->assign_vars(array(
'REPORT_TEXT' => $report_text,
'S_REPORT_ACTION' => "{$phpbb_root_path}report.$phpEx$SID&amp;p=$id" . (($report_id) ? "&amp;report_id=$report_id" : ''),
'S_NOTIFY' => (!empty($user_notify)) ? true : false,
'S_CAN_NOTIFY' => ($user->data['is_registered']) ? true : false,
'S_REPORT_POST' => ($report_type == REPORT_POST) ? true : false)
);
$this->tpl_name = 'ucp_reports_report';
}
}
/**
* @package module_install
*/
class ucp_reports_info
{
function module()
{
return array(
'filename' => 'ucp_reports',
'title' => 'UCP_REPORTS',
'version' => '1.0.0',
'modes' => array(
'list' => array('title' => 'UCP_REPORTS_LIST', 'auth' => ''),
'report' => array('title' => 'UCP_REPORTS_REPORT', 'auth' => ''),
),
);
}
function install()
{
}
function uninstall()
{
}
}
?>