mirror of
https://github.com/phpbb/phpbb.git
synced 2025-08-06 08:47:45 +02:00
2.0.18 changes
git-svn-id: file:///svn/phpbb/branches/phpBB-2_0_0@5283 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Meik Sievertsen
@@ -167,6 +167,7 @@ define('SEARCH_TABLE', $table_prefix.'search_results');
|
||||
define('SEARCH_WORD_TABLE', $table_prefix.'search_wordlist');
|
||||
define('SEARCH_MATCH_TABLE', $table_prefix.'search_wordmatch');
|
||||
define('SESSIONS_TABLE', $table_prefix.'sessions');
|
||||
define('SESSIONS_KEYS_TABLE', $table_prefix.'sessions_keys');
|
||||
define('SMILIES_TABLE', $table_prefix.'smilies');
|
||||
define('THEMES_TABLE', $table_prefix.'themes');
|
||||
define('THEMES_NAME_TABLE', $table_prefix.'themes_name');
|
||||
|
||||
@@ -60,7 +60,7 @@ switch($dbms)
|
||||
$db = new sql_db($dbhost, $dbuser, $dbpasswd, $dbname, false);
|
||||
if(!$db->db_connect_id)
|
||||
{
|
||||
message_die(CRITICAL_ERROR, "Could not connect to the database");
|
||||
message_die(CRITICAL_ERROR, "Could not connect to the database");
|
||||
}
|
||||
|
||||
?>
|
||||
@@ -78,12 +78,41 @@ function get_db_stat($mode)
|
||||
function phpbb_clean_username($username)
|
||||
{
|
||||
$username = substr(htmlspecialchars(str_replace("\'", "'", trim($username))), 0, 25);
|
||||
$username = phpbb_rtrim($username, "\\");
|
||||
$username = phpbb_rtrim($username, "\\");
|
||||
$username = str_replace("'", "\'", $username);
|
||||
|
||||
return $username;
|
||||
}
|
||||
|
||||
/**
|
||||
* This function is a wrapper for ltrim, as charlist is only supported in php >= 4.1.0
|
||||
* Added in phpBB 2.0.18
|
||||
*/
|
||||
function phpbb_ltrim($str, $charlist = false)
|
||||
{
|
||||
if ($charlist === false)
|
||||
{
|
||||
return ltrim($str);
|
||||
}
|
||||
|
||||
$php_version = explode('.', PHP_VERSION);
|
||||
|
||||
// php version < 4.1.0
|
||||
if ((int) $php_version[0] < 4 || ((int) $php_version[0] == 4 && (int) $php_version[1] < 1))
|
||||
{
|
||||
while ($str{0} == $charlist)
|
||||
{
|
||||
$str = substr($str, 1);
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
$str = ltrim($str, $charlist);
|
||||
}
|
||||
|
||||
return $str;
|
||||
}
|
||||
|
||||
// added at phpBB 2.0.12 to fix a bug in PHP 4.3.10 (only supporting charlist in php >= 4.1.0)
|
||||
function phpbb_rtrim($str, $charlist = false)
|
||||
{
|
||||
|
||||
@@ -32,13 +32,13 @@ function validate_username($username)
|
||||
// Remove doubled up spaces
|
||||
$username = preg_replace('#\s+#', ' ', trim($username));
|
||||
$username = phpbb_clean_username($username);
|
||||
|
||||
|
||||
$sql = "SELECT username
|
||||
FROM " . USERS_TABLE . "
|
||||
FROM " . USERS_TABLE . "
|
||||
WHERE LOWER(username) = '" . strtolower($username) . "'";
|
||||
if ($result = $db->sql_query($sql))
|
||||
{
|
||||
if ($row = $db->sql_fetchrow($result))
|
||||
while ($row = $db->sql_fetchrow($result))
|
||||
{
|
||||
if (($userdata['session_logged_in'] && $row['username'] != $userdata['username']) || !$userdata['session_logged_in'])
|
||||
{
|
||||
|
||||
@@ -450,6 +450,14 @@ $template->assign_vars(array(
|
||||
if ( !$userdata['session_logged_in'] )
|
||||
{
|
||||
$template->assign_block_vars('switch_user_logged_out', array());
|
||||
//
|
||||
// Allow autologin?
|
||||
//
|
||||
if (!isset($board_config['allow_autologin']) || $board_config['allow_autologin'] )
|
||||
{
|
||||
$template->assign_block_vars('switch_allow_autologin', array());
|
||||
$template->assign_block_vars('switch_user_logged_out.switch_allow_autologin', array());
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
|
||||
@@ -57,73 +57,90 @@ function session_begin($user_id, $user_ip, $page_id, $auto_create = 0, $enable_a
|
||||
|
||||
$last_visit = 0;
|
||||
$current_time = time();
|
||||
$expiry_time = $current_time - $board_config['session_length'];
|
||||
|
||||
//
|
||||
// Try and pull the last time stored in a cookie, if it exists
|
||||
// Are auto-logins allowed?
|
||||
// If allow_autologin is not set or is true then they are
|
||||
// (same behaviour as old 2.0.x session code)
|
||||
//
|
||||
$sql = "SELECT *
|
||||
FROM " . USERS_TABLE . "
|
||||
WHERE user_id = $user_id";
|
||||
if ( !($result = $db->sql_query($sql)) )
|
||||
if (isset($board_config['allow_autologin']) && !$board_config['allow_autologin'])
|
||||
{
|
||||
message_die(CRITICAL_ERROR, 'Could not obtain lastvisit data from user table', '', __LINE__, __FILE__, $sql);
|
||||
$enable_autologin = $sessiondata['autologinid'] = false;
|
||||
}
|
||||
|
||||
$userdata = $db->sql_fetchrow($result);
|
||||
//
|
||||
// First off attempt to join with the autologin value if we have one
|
||||
// If not, just use the user_id value
|
||||
//
|
||||
$userdata = array();
|
||||
|
||||
if ( $user_id != ANONYMOUS )
|
||||
if ($user_id != ANONYMOUS)
|
||||
{
|
||||
$auto_login_key = $userdata['user_password'];
|
||||
|
||||
if ( $auto_create )
|
||||
if (isset($sessiondata['autologinid']) && (string) $sessiondata['autologinid'] != '' && $user_id)
|
||||
{
|
||||
if ( isset($sessiondata['autologinid']) && $userdata['user_active'] )
|
||||
$sql = 'SELECT u.*
|
||||
FROM ' . USERS_TABLE . ' u, ' . SESSIONS_KEYS_TABLE . ' k
|
||||
WHERE u.user_id = ' . (int) $user_id . "
|
||||
AND u.user_active = 1
|
||||
AND k.user_id = u.user_id
|
||||
AND k.key_id = '" . md5($sessiondata['autologinid']) . "'";
|
||||
if (!($result = $db->sql_query($sql)))
|
||||
{
|
||||
// We have to login automagically
|
||||
if( $sessiondata['autologinid'] === $auto_login_key )
|
||||
{
|
||||
// autologinid matches password
|
||||
$login = 1;
|
||||
$enable_autologin = 1;
|
||||
}
|
||||
else
|
||||
{
|
||||
// No match; don't login, set as anonymous user
|
||||
$login = 0;
|
||||
$enable_autologin = 0;
|
||||
$user_id = $userdata['user_id'] = ANONYMOUS;
|
||||
|
||||
$sql = 'SELECT * FROM ' . USERS_TABLE . ' WHERE user_id = ' . ANONYMOUS;
|
||||
$result = $db->sql_query($sql);
|
||||
$userdata = $db->sql_fetchrow($result);
|
||||
$db->sql_freeresult($result);
|
||||
}
|
||||
message_die(CRITICAL_ERROR, 'Error doing DB query userdata row fetch', '', __LINE__, __FILE__, $sql);
|
||||
}
|
||||
else
|
||||
{
|
||||
// Autologin is not set. Don't login, set as anonymous user
|
||||
$login = 0;
|
||||
$enable_autologin = 0;
|
||||
$user_id = $userdata['user_id'] = ANONYMOUS;
|
||||
|
||||
$sql = 'SELECT * FROM ' . USERS_TABLE . ' WHERE user_id = ' . ANONYMOUS;
|
||||
$result = $db->sql_query($sql);
|
||||
$userdata = $db->sql_fetchrow($result);
|
||||
$db->sql_freeresult($result);
|
||||
}
|
||||
$userdata = $db->sql_fetchrow($result);
|
||||
$db->sql_freeresult($result);
|
||||
|
||||
$enable_autologin = $login = 1;
|
||||
}
|
||||
else
|
||||
else if (!$auto_create)
|
||||
{
|
||||
$sessiondata['autologinid'] = '';
|
||||
$sessiondata['userid'] = $user_id;
|
||||
|
||||
$sql = 'SELECT *
|
||||
FROM ' . USERS_TABLE . '
|
||||
WHERE user_id = ' . (int) $user_id . '
|
||||
AND user_active = 1';
|
||||
if (!($result = $db->sql_query($sql)))
|
||||
{
|
||||
message_die(CRITICAL_ERROR, 'Error doing DB query userdata row fetch', '', __LINE__, __FILE__, $sql);
|
||||
}
|
||||
|
||||
$userdata = $db->sql_fetchrow($result);
|
||||
$db->sql_freeresult($result);
|
||||
|
||||
$login = 1;
|
||||
}
|
||||
}
|
||||
else
|
||||
|
||||
//
|
||||
// At this point either $userdata should be populated or
|
||||
// one of the below is true
|
||||
// * Key didn't match one in the DB
|
||||
// * User does not exist
|
||||
// * User is inactive
|
||||
//
|
||||
if (!sizeof($userdata) || !is_array($userdata) || !$userdata)
|
||||
{
|
||||
$login = 0;
|
||||
$enable_autologin = 0;
|
||||
$sessiondata['autologinid'] = '';
|
||||
$sessiondata['userid'] = $user_id = ANONYMOUS;
|
||||
$enable_autologin = $login = 0;
|
||||
|
||||
$sql = 'SELECT *
|
||||
FROM ' . USERS_TABLE . '
|
||||
WHERE user_id = ' . (int) $user_id;
|
||||
if (!($result = $db->sql_query($sql)))
|
||||
{
|
||||
message_die(CRITICAL_ERROR, 'Error doing DB query userdata row fetch', '', __LINE__, __FILE__, $sql);
|
||||
}
|
||||
|
||||
$userdata = $db->sql_fetchrow($result);
|
||||
$db->sql_freeresult($result);
|
||||
}
|
||||
|
||||
|
||||
//
|
||||
// Initial ban check against user id, IP and email address
|
||||
//
|
||||
@@ -174,7 +191,7 @@ function session_begin($user_id, $user_ip, $page_id, $auto_create = 0, $enable_a
|
||||
}
|
||||
|
||||
if ( $user_id != ANONYMOUS )
|
||||
{// ( $userdata['user_session_time'] > $expiry_time && $auto_create ) ? $userdata['user_lastvisit'] : (
|
||||
{
|
||||
$last_visit = ( $userdata['user_session_time'] > 0 ) ? $userdata['user_session_time'] : $current_time;
|
||||
|
||||
if (!$admin)
|
||||
@@ -190,7 +207,41 @@ function session_begin($user_id, $user_ip, $page_id, $auto_create = 0, $enable_a
|
||||
|
||||
$userdata['user_lastvisit'] = $last_visit;
|
||||
|
||||
$sessiondata['autologinid'] = (!$admin) ? (( $enable_autologin && $sessionmethod == SESSION_METHOD_COOKIE ) ? $auto_login_key : '') : $sessiondata['autologinid'];
|
||||
//
|
||||
// Regenerate the auto-login key
|
||||
//
|
||||
if ($enable_autologin)
|
||||
{
|
||||
list($sec, $usec) = explode(' ', microtime());
|
||||
mt_srand(hexdec(substr($session_id, 0, 8)) + (float) $sec + ((float) $usec * 1000000));
|
||||
$auto_login_key = uniqid(mt_rand(), true);
|
||||
|
||||
if (isset($sessiondata['autologinid']) && (string) $sessiondata['autologinid'] != '')
|
||||
{
|
||||
$sql = 'UPDATE ' . SESSIONS_KEYS_TABLE . "
|
||||
SET last_ip = '$user_ip', key_id = '" . md5($auto_login_key) . "', last_login = $current_time
|
||||
WHERE key_id = '" . md5($sessiondata['autologinid']) . "'";
|
||||
}
|
||||
else
|
||||
{
|
||||
$sql = 'INSERT INTO ' . SESSIONS_KEYS_TABLE . "(key_id, user_id, last_ip, last_login)
|
||||
VALUES ('" . md5($auto_login_key) . "', $user_id, '$user_ip', $current_time)";
|
||||
}
|
||||
|
||||
if ( !$db->sql_query($sql) )
|
||||
{
|
||||
message_die(CRITICAL_ERROR, 'Error updating session key', '', __LINE__, __FILE__, $sql);
|
||||
}
|
||||
|
||||
$sessiondata['autologinid'] = $auto_login_key;
|
||||
unset($auto_login_key);
|
||||
}
|
||||
else
|
||||
{
|
||||
$sessiondata['autologinid'] = '';
|
||||
}
|
||||
|
||||
// $sessiondata['autologinid'] = (!$admin) ? (( $enable_autologin && $sessionmethod == SESSION_METHOD_COOKIE ) ? $auto_login_key : '') : $sessiondata['autologinid'];
|
||||
$sessiondata['userid'] = $user_id;
|
||||
}
|
||||
|
||||
@@ -202,6 +253,7 @@ function session_begin($user_id, $user_ip, $page_id, $auto_create = 0, $enable_a
|
||||
$userdata['session_start'] = $current_time;
|
||||
$userdata['session_time'] = $current_time;
|
||||
$userdata['session_admin'] = $admin;
|
||||
$userdata['session_key'] = $sessiondata['autologinid'];
|
||||
|
||||
setcookie($cookiename . '_data', serialize($sessiondata), $current_time + 31536000, $cookiepath, $cookiedomain, $cookiesecure);
|
||||
setcookie($cookiename . '_sid', $session_id, 0, $cookiepath, $cookiedomain, $cookiesecure);
|
||||
@@ -313,18 +365,7 @@ function session_pagestart($user_ip, $thispage_id)
|
||||
}
|
||||
}
|
||||
|
||||
//
|
||||
// Delete expired sessions
|
||||
//
|
||||
$expiry_time = $current_time - $board_config['session_length'];
|
||||
|
||||
$sql = "DELETE FROM " . SESSIONS_TABLE . "
|
||||
WHERE session_time < $expiry_time
|
||||
AND session_id <> '$session_id'";
|
||||
if ( !$db->sql_query($sql) )
|
||||
{
|
||||
message_die(CRITICAL_ERROR, 'Error clearing sessions table', '', __LINE__, __FILE__, $sql);
|
||||
}
|
||||
session_clean($userdata['session_id']);
|
||||
|
||||
setcookie($cookiename . '_data', serialize($sessiondata), $current_time + 31536000, $cookiepath, $cookiedomain, $cookiesecure);
|
||||
setcookie($cookiename . '_sid', $session_id, 0, $cookiepath, $cookiedomain, $cookiesecure);
|
||||
@@ -350,14 +391,14 @@ function session_pagestart($user_ip, $thispage_id)
|
||||
|
||||
}
|
||||
|
||||
//
|
||||
// session_end closes out a session
|
||||
// deleting the corresponding entry
|
||||
// in the sessions table
|
||||
//
|
||||
/**
|
||||
* Terminates the specified session
|
||||
* It will delete the entry in the sessions table for this session,
|
||||
* remove the corresponding auto-login key and reset the cookies
|
||||
*/
|
||||
function session_end($session_id, $user_id)
|
||||
{
|
||||
global $db, $lang, $board_config;
|
||||
global $db, $lang, $board_config, $userdata;
|
||||
global $HTTP_COOKIE_VARS, $HTTP_GET_VARS, $SID;
|
||||
|
||||
$cookiename = $board_config['cookie_name'];
|
||||
@@ -367,20 +408,6 @@ function session_end($session_id, $user_id)
|
||||
|
||||
$current_time = time();
|
||||
|
||||
//
|
||||
// Pull cookiedata or grab the URI propagated sid
|
||||
//
|
||||
if ( isset($HTTP_COOKIE_VARS[$cookiename . '_sid']) )
|
||||
{
|
||||
$session_id = isset( $HTTP_COOKIE_VARS[$cookiename . '_sid'] ) ? $HTTP_COOKIE_VARS[$cookiename . '_sid'] : '';
|
||||
$sessionmethod = SESSION_METHOD_COOKIE;
|
||||
}
|
||||
else
|
||||
{
|
||||
$session_id = ( isset($HTTP_GET_VARS['sid']) ) ? $HTTP_GET_VARS['sid'] : '';
|
||||
$sessionmethod = SESSION_METHOD_GET;
|
||||
}
|
||||
|
||||
if (!preg_match('/^[A-Za-z0-9]*$/', $session_id))
|
||||
{
|
||||
return;
|
||||
@@ -389,7 +416,7 @@ function session_end($session_id, $user_id)
|
||||
//
|
||||
// Delete existing session
|
||||
//
|
||||
$sql = "DELETE FROM " . SESSIONS_TABLE . "
|
||||
$sql = 'DELETE FROM ' . SESSIONS_TABLE . "
|
||||
WHERE session_id = '$session_id'
|
||||
AND session_user_id = $user_id";
|
||||
if ( !$db->sql_query($sql) )
|
||||
@@ -397,12 +424,78 @@ function session_end($session_id, $user_id)
|
||||
message_die(CRITICAL_ERROR, 'Error removing user session', '', __LINE__, __FILE__, $sql);
|
||||
}
|
||||
|
||||
//
|
||||
// Remove this auto-login entry (if applicable)
|
||||
//
|
||||
if ( isset($userdata['session_key']) && $userdata['session_key'] != '' )
|
||||
{
|
||||
$autologin_key = md5($userdata['session_key']);
|
||||
$sql = 'DELETE FROM ' . SESSIONS_KEYS_TABLE . '
|
||||
WHERE user_id = ' . (int) $user_id . "
|
||||
AND key_id = '$autologin_key'";
|
||||
if ( !$db->sql_query($sql) )
|
||||
{
|
||||
message_die(CRITICAL_ERROR, 'Error removing auto-login key', '', __LINE__, __FILE__, $sql);
|
||||
}
|
||||
}
|
||||
|
||||
//
|
||||
// We expect that message_die will be called after this function,
|
||||
// but just in case it isn't, reset $userdata to the details for a guest
|
||||
//
|
||||
$sql = 'SELECT *
|
||||
FROM ' . USERS_TABLE . '
|
||||
WHERE user_id = ' . ANONYMOUS;
|
||||
if ( !($result = $db->sql_query($sql)) )
|
||||
{
|
||||
message_die(CRITICAL_ERROR, 'Error obtaining user details', '', __LINE__, __FILE__, $sql);
|
||||
}
|
||||
if ( !($userdata = $db->sql_fetchrow($result)) )
|
||||
{
|
||||
message_die(CRITICAL_ERROR, 'Error obtaining user details', '', __LINE__, __FILE__, $sql);
|
||||
}
|
||||
$db->sql_freeresult($result);
|
||||
|
||||
|
||||
setcookie($cookiename . '_data', '', $current_time - 31536000, $cookiepath, $cookiedomain, $cookiesecure);
|
||||
setcookie($cookiename . '_sid', '', $current_time - 31536000, $cookiepath, $cookiedomain, $cookiesecure);
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
/**
|
||||
* Removes expired sessions and auto-login keys from the database
|
||||
*/
|
||||
function session_clean($session_id)
|
||||
{
|
||||
global $board_config, $db;
|
||||
|
||||
//
|
||||
// Delete expired sessions
|
||||
//
|
||||
$sql = 'DELETE FROM ' . SESSIONS_TABLE . '
|
||||
WHERE session_time < ' . (time() - (int) $board_config['session_length']) . "
|
||||
AND session_id <> '$session_id'";
|
||||
if ( !$db->sql_query($sql) )
|
||||
{
|
||||
message_die(CRITICAL_ERROR, 'Error clearing sessions table', '', __LINE__, __FILE__, $sql);
|
||||
}
|
||||
|
||||
//
|
||||
// Delete expired auto-login keys
|
||||
// If max_autologin_time is not set then keys will never be deleted
|
||||
// (same behaviour as old 2.0.x session code)
|
||||
//
|
||||
if (!empty($board_config['max_autologin_time']) && $board_config['max_autologin_time'] > 0)
|
||||
{
|
||||
$sql = 'DELETE FROM ' . SESSIONS_KEYS_TABLE . '
|
||||
WHERE last_login < ' . (time() - (86400 * (int) $board_config['max_autologin_time']));
|
||||
$db->sql_query($sql);
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
//
|
||||
// Append $SID to a url. Borrowed from phplib and modified. This is an
|
||||
// extra routine utilised by the session code above and acts as a wrapper
|
||||
|
||||
@@ -63,19 +63,26 @@ function user_avatar_delete($avatar_type, $avatar_file)
|
||||
return ", user_avatar = '', user_avatar_type = " . USER_AVATAR_NONE;
|
||||
}
|
||||
|
||||
function user_avatar_gallery($mode, &$error, &$error_msg, $avatar_filename)
|
||||
function user_avatar_gallery($mode, &$error, &$error_msg, $avatar_filename, $avatar_category)
|
||||
{
|
||||
global $board_config;
|
||||
|
||||
$avatar_filename = str_replace(array('../', '..\\', './', '.\\'), '', $avatar_filename);
|
||||
if ($avatar_filename{0} == '/' || $avatar_filename{0} == "\\")
|
||||
$avatar_filename = phpbb_ltrim(basename($avatar_filename), "'");
|
||||
$avatar_category = phpbb_ltrim(basename($avatar_category), "'");
|
||||
|
||||
if(!preg_match('/(\.gif$|\.png$|\.jpg|\.jpeg)$/is', $avatar_filename))
|
||||
{
|
||||
return '';
|
||||
}
|
||||
|
||||
if ( file_exists(@phpbb_realpath($board_config['avatar_gallery_path'] . '/' . $avatar_filename)) && ($mode == 'editprofile') )
|
||||
if ($avatar_filename == "" || $avatar_category == "")
|
||||
{
|
||||
$return = ", user_avatar = '" . str_replace("\'", "''", $avatar_filename) . "', user_avatar_type = " . USER_AVATAR_GALLERY;
|
||||
return '';
|
||||
}
|
||||
|
||||
if ( file_exists(@phpbb_realpath($board_config['avatar_gallery_path'] . '/' . $avatar_category . '/' . $avatar_filename)) && ($mode == 'editprofile') )
|
||||
{
|
||||
$return = ", user_avatar = '" . str_replace("\'", "''", $avatar_category . '/' . $avatar_filename) . "', user_avatar_type = " . USER_AVATAR_GALLERY;
|
||||
}
|
||||
else
|
||||
{
|
||||
@@ -110,6 +117,9 @@ function user_avatar_upload($mode, $avatar_mode, &$current_avatar, &$current_typ
|
||||
|
||||
$ini_val = ( @phpversion() >= '4.0.0' ) ? 'ini_get' : 'get_cfg_var';
|
||||
|
||||
$width = $height = 0;
|
||||
$type = '';
|
||||
|
||||
if ( $avatar_mode == 'remote' && preg_match('/^(http:\/\/)?([\w\-\.]+)\:?([0-9]*)\/(.*)$/', $avatar_filename, $url_ary) )
|
||||
{
|
||||
if ( empty($url_ary[4]) )
|
||||
@@ -167,7 +177,7 @@ function user_avatar_upload($mode, $avatar_mode, &$current_avatar, &$current_typ
|
||||
message_die(GENERAL_ERROR, 'Could not write avatar file to local storage. Please contact the board administrator with this message', '', __LINE__, __FILE__);
|
||||
}
|
||||
|
||||
list($width, $height) = @getimagesize($tmp_filename);
|
||||
list($width, $height, $type) = @getimagesize($tmp_filename);
|
||||
}
|
||||
else
|
||||
{
|
||||
@@ -193,7 +203,7 @@ function user_avatar_upload($mode, $avatar_mode, &$current_avatar, &$current_typ
|
||||
return;
|
||||
}
|
||||
|
||||
list($width, $height) = @getimagesize($avatar_filename);
|
||||
list($width, $height, $type) = @getimagesize($avatar_filename);
|
||||
}
|
||||
|
||||
if ( !($imgtype = check_image_type($avatar_filetype, $error, $error_msg)) )
|
||||
@@ -201,16 +211,51 @@ function user_avatar_upload($mode, $avatar_mode, &$current_avatar, &$current_typ
|
||||
return;
|
||||
}
|
||||
|
||||
switch ($type)
|
||||
{
|
||||
// GIF
|
||||
case 1:
|
||||
if ($imgtype != '.gif')
|
||||
{
|
||||
@unlink($tmp_filename);
|
||||
message_die(GENERAL_ERROR, 'Unable to upload file', '', __LINE__, __FILE__);
|
||||
}
|
||||
break;
|
||||
|
||||
// JPG, JPC, JP2, JPX, JB2
|
||||
case 2:
|
||||
case 9:
|
||||
case 10:
|
||||
case 11:
|
||||
case 12:
|
||||
if ($imgtype != '.jpg' && $imgtype != '.jpeg')
|
||||
{
|
||||
@unlink($tmp_filename);
|
||||
message_die(GENERAL_ERROR, 'Unable to upload file', '', __LINE__, __FILE__);
|
||||
}
|
||||
break;
|
||||
|
||||
// PNG
|
||||
case 3:
|
||||
if ($imgtype != '.png')
|
||||
{
|
||||
@unlink($tmp_filename);
|
||||
message_die(GENERAL_ERROR, 'Unable to upload file', '', __LINE__, __FILE__);
|
||||
}
|
||||
break;
|
||||
|
||||
default:
|
||||
@unlink($tmp_filename);
|
||||
message_die(GENERAL_ERROR, 'Unable to upload file', '', __LINE__, __FILE__);
|
||||
}
|
||||
|
||||
if ( $width > 0 && $height > 0 && $width <= $board_config['avatar_max_width'] && $height <= $board_config['avatar_max_height'] )
|
||||
{
|
||||
$new_filename = uniqid(rand()) . $imgtype;
|
||||
|
||||
if ( $mode == 'editprofile' && $current_type == USER_AVATAR_UPLOAD && $current_avatar != '' )
|
||||
{
|
||||
if ( file_exists(@phpbb_realpath('./' . $board_config['avatar_path'] . '/' . $current_avatar)) )
|
||||
{
|
||||
@unlink('./' . $board_config['avatar_path'] . '/' . $current_avatar);
|
||||
}
|
||||
user_avatar_delete($current_type, $current_avatar);
|
||||
}
|
||||
|
||||
if( $avatar_mode == 'remote' )
|
||||
@@ -276,7 +321,7 @@ function display_avatar_gallery($mode, &$category, &$user_id, &$email, &$current
|
||||
{
|
||||
if( preg_match('/(\.gif$|\.png$|\.jpg|\.jpeg)$/is', $sub_file) )
|
||||
{
|
||||
$avatar_images[$file][$avatar_row_count][$avatar_col_count] = $file . '/' . $sub_file;
|
||||
$avatar_images[$file][$avatar_row_count][$avatar_col_count] = $sub_file;
|
||||
$avatar_name[$file][$avatar_row_count][$avatar_col_count] = ucfirst(str_replace("_", " ", preg_replace('/^(.*)\..*$/', '\1', $sub_file)));
|
||||
|
||||
$avatar_col_count++;
|
||||
@@ -322,7 +367,7 @@ function display_avatar_gallery($mode, &$category, &$user_id, &$email, &$current
|
||||
for($j = 0; $j < count($avatar_images[$category][$i]); $j++)
|
||||
{
|
||||
$template->assign_block_vars('avatar_row.avatar_column', array(
|
||||
"AVATAR_IMAGE" => $board_config['avatar_gallery_path'] . '/' . $avatar_images[$category][$i][$j],
|
||||
"AVATAR_IMAGE" => $board_config['avatar_gallery_path'] . '/' . $category . '/' . $avatar_images[$category][$i][$j],
|
||||
"AVATAR_NAME" => $avatar_name[$category][$i][$j])
|
||||
);
|
||||
|
||||
@@ -334,7 +379,7 @@ function display_avatar_gallery($mode, &$category, &$user_id, &$email, &$current
|
||||
|
||||
$params = array('coppa', 'user_id', 'username', 'email', 'current_email', 'cur_password', 'new_password', 'password_confirm', 'icq', 'aim', 'msn', 'yim', 'website', 'location', 'occupation', 'interests', 'signature', 'viewemail', 'notifypm', 'popup_pm', 'notifyreply', 'attachsig', 'allowhtml', 'allowbbcode', 'allowsmilies', 'hideonline', 'style', 'language', 'timezone', 'dateformat');
|
||||
|
||||
$s_hidden_vars = '<input type="hidden" name="sid" value="' . $session_id . '" /><input type="hidden" name="agreed" value="true" />';
|
||||
$s_hidden_vars = '<input type="hidden" name="sid" value="' . $session_id . '" /><input type="hidden" name="agreed" value="true" /><input type="hidden" name="avatarcatname" value="' . $category . '" />';
|
||||
|
||||
for($i = 0; $i < count($params); $i++)
|
||||
{
|
||||
|
||||
Reference in New Issue
Block a user