This commit was manufactured by cvs2svn to create tag 'milestone_3'.

git-svn-id: file:///svn/phpbb/tags/milestone_3@5258 89ea8834-ac86-4346-8a33-228a782c2dd0

phpBB/.htaccess

@@ -0,0 +1,9 @@
+<Files "config.php">
+Order Allow,Deny
+Deny from All
+</Files>
+
+<Files "common.php">
+Order Allow,Deny
+Deny from All
+</Files>

phpBB/adm/admin_ban.php

@@ -1,24 +1,15 @@
 <?php
-/***************************************************************************
- *                              admin_ban.php
- *                            -------------------
- *   begin                : Tuesday, Jul 31, 2001
- *   copyright            : (C) 2001 The phpBB Group
- *   email                : support@phpbb.com
- *
- *   $Id$
- *
- ***************************************************************************/
-
-/***************************************************************************
- *
- *   This program is free software; you can redistribute it and/or modify
- *   it under the terms of the GNU General Public License as published by
- *   the Free Software Foundation; either version 2 of the License, or
- *   (at your option) any later version.
- *
- ***************************************************************************/
+/** 
+*
+* @package acp
+* @version $Id$
+* @copyright (c) 2005 phpBB Group 
+* @license http://opensource.org/licenses/gpl-license.php GNU Public License 
+*
+*/
 
+/**
+*/
 if (!empty($setmodules))
 {
 	if (!$auth->acl_get('a_ban'))
@@ -37,8 +28,9 @@ if (!empty($setmodules))
 define('IN_PHPBB', 1);
 // Load default header
 $phpbb_root_path = '../';
-require($phpbb_root_path . 'extension.inc');
+$phpEx = substr(strrchr(__FILE__, '.'), 1);
 require('pagestart.' . $phpEx);
+include($phpbb_root_path . 'includes/functions_user.'.$phpEx);
 
 // Do we have ban permissions?
 if (!$auth->acl_get('a_ban'))
@@ -46,327 +38,33 @@ if (!$auth->acl_get('a_ban'))
 	trigger_error($user->lang['NO_ADMIN']);
 }
 
-
 // Mode setting
-$mode = (isset($_REQUEST['mode'])) ? $_REQUEST['mode'] : '';
-
+$mode		= request_var('mode', '');
+$bansubmit	= (isset($_POST['bansubmit'])) ? true : false;
+$unbansubmit= (isset($_POST['unbansubmit'])) ? true : false;
 
+// Set some vars
 $current_time = time();
 
-
 // Start program
-if (isset($_REQUEST['bansubmit']))
+if ($bansubmit)
 {
 	// Grab the list of entries
-	$ban = (!empty($_REQUEST['ban'])) ? $_REQUEST['ban'] : '';
-	$ban_list = array_unique(explode("\n", $ban));
-	$ban_list_log = implode(', ', $ban_list);
+	$ban			= request_var('ban', '');
+	$ban_len		= request_var('banlength', 0);
+	$ban_len_other	= request_var('banlengthother', '');
+	$ban_exclude	= request_var('banexclude', 0);
+	$ban_reason		= request_var('banreason', '');
 
-
-	$ban_exclude = (!empty($_POST['banexclude'])) ? 1 : 0;
-	$ban_reason = (isset($_POST['banreason'])) ? $_POST['banreason'] : '';
-
-
-	if (!empty($_POST['banlength']))
-	{
-		if ($_POST['banlength'] != -1 || empty($_POST['banlengthother']))
-		{
-			$ban_end = max($current_time, $current_time + (intval($_POST['banlength']) * 60));
-		}
-		else
-		{
-			$ban_other = explode('-', $_POST['banlengthother']);
-			$ban_end = max($current_time, gmmktime(0, 0, 0, $ban_other[1], $ban_other[2], $ban_other[0]));
-		}
-	}
-	else
-	{
-		$ban_end = 0;
-	}
-
-
-	$banlist = array();
-
-	switch ($mode)
-	{
-		case 'user':
-			$type = 'ban_userid';
-
-			if (in_array('*', $ban_list))
-			{
-				$banlist[] = '*';
-			}
-			else
-			{
-				$sql = 'SELECT user_id
-					FROM ' . USERS_TABLE . '
-					WHERE username IN (' . implode(', ', array_diff(preg_replace('#^[\s]*(.*?)[\s]*$#', "'\\1'", $ban_list), array("''"))) . ')';
-				$result = $db->sql_query($sql);
-
-				if ($row = $db->sql_fetchrow($result))
-				{
-					do
-					{
-						$banlist[] = $row['user_id'];
-					}
-					while ($row = $db->sql_fetchrow($result));
-				}
-			}
-			break;
-
-		case 'ip':
-			$type = 'ban_ip';
-
-			foreach ($ban_list as $ban_item)
-			{
-				if (preg_match('#^([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})[ ]*\-[ ]*([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})$#', trim($ban_item), $ip_range_explode))
-				{
-					// Don't ask about all this, just don't ask ... !
-					$ip_1_counter = $ip_range_explode[1];
-					$ip_1_end = $ip_range_explode[5];
-
-					while ($ip_1_counter <= $ip_1_end)
-					{
-						$ip_2_counter = ($ip_1_counter == $ip_range_explode[1]) ? $ip_range_explode[2] : 0;
-						$ip_2_end = ($ip_1_counter < $ip_1_end) ? 254 : $ip_range_explode[6];
-
-						if($ip_2_counter == 0 && $ip_2_end == 254)
-						{
-							$ip_2_counter = 256;
-							$ip_2_fragment = 256;
-
-							$banlist[] = "'$ip_1_counter.*'";
-						}
-
-						while ($ip_2_counter <= $ip_2_end)
-						{
-							$ip_3_counter = ($ip_2_counter == $ip_range_explode[2] && $ip_1_counter == $ip_range_explode[1]) ? $ip_range_explode[3] : 0;
-							$ip_3_end = ($ip_2_counter < $ip_2_end || $ip_1_counter < $ip_1_end) ? 254 : $ip_range_explode[7];
-
-							if ($ip_3_counter == 0 && $ip_3_end == 254)
-							{
-								$ip_3_counter = 256;
-								$ip_3_fragment = 256;
-
-								$banlist[] = "'$ip_1_counter.$ip_2_counter.*'";
-							}
-
-							while ($ip_3_counter <= $ip_3_end)
-							{
-								$ip_4_counter = ($ip_3_counter == $ip_range_explode[3] && $ip_2_counter == $ip_range_explode[2] && $ip_1_counter == $ip_range_explode[1]) ? $ip_range_explode[4] : 0;
-								$ip_4_end = ($ip_3_counter < $ip_3_end || $ip_2_counter < $ip_2_end) ? 254 : $ip_range_explode[8];
-
-								if ($ip_4_counter == 0 && $ip_4_end == 254)
-								{
-									$ip_4_counter = 256;
-									$ip_4_fragment = 256;
-
-									$banlist[] = "'$ip_1_counter.$ip_2_counter.$ip_3_counter.*'";
-								}
-
-								while ($ip_4_counter <= $ip_4_end)
-								{
-									$banlist[] = "'$ip_1_counter.$ip_2_counter.$ip_3_counter.$ip_4_counter'";
-									$ip_4_counter++;
-								}
-								$ip_3_counter++;
-							}
-							$ip_2_counter++;
-						}
-						$ip_1_counter++;
-					}
-				}
-				else if (preg_match('#^([\w\-_]\.?){2,}$#is', trim($ban_item)))
-				{
-					$ip_ary = gethostbynamel(trim($ban_item));
-
-					foreach ($ip_ary as $ip)
-					{
-						if (!empty($ip))
-						{
-							$banlist[] = "'" . $ip . "'";
-						}
-					}
-				}
-				else if (preg_match('#^([0-9]{1,3})\.([0-9\*]{1,3})\.([0-9\*]{1,3})\.([0-9\*]{1,3})$#', trim($ban_item)) || preg_match('#^[a-f0-9:]+\*?$#i', trim($ban_item)))
-				{
-					$banlist[] = "'" . trim($ban_item) . "'";
-				}
-				else if (preg_match('#^\*$#', trim($ban_item)))
-				{
-					$banlist[] = "'*'";
-				}
-			}
-			break;
-
-		case 'email':
-			$type = 'ban_email';
-
-			foreach ($ban_list as $ban_item)
-			{
-				if (preg_match('#^.*?@*|(([a-z0-9\-]+\.)+([a-z]{2,3}))$#i', trim($ban_item)))
-				{
-					$banlist[] = "'" . trim($ban_item) . "'";
-				}
-			}
-			break;
-	}
-
-	$sql = "SELECT $type
-		FROM " . BANLIST_TABLE . "
-		WHERE $type <> '' 
-			AND ban_exclude = $ban_exclude";
-	$result = $db->sql_query($sql);
-
-	if ($row = $db->sql_fetchrow($result))
-	{
-		$banlist_tmp = array();
-		do
-		{
-			switch ($mode)
-			{
-				case 'user':
-					$banlist_tmp[] = $row['ban_userid'];
-					break;
-
-				case 'ip':
-					$banlist_tmp[] = "'" . $row['ban_ip'] . "'";
-					break;
-
-				case 'email':
-					$banlist_tmp[] = "'" . $row['ban_email'] . "'";
-					break;
-			}
-		}
-		while ($row = $db->sql_fetchrow($result));
-
-		$banlist = array_unique(array_diff($banlist, $banlist_tmp));
-		unset($banlist_tmp);
-	}
-
-	if (sizeof($banlist))
-	{
-		$sql = '';
-		foreach ($banlist as $ban_entry)
-		{
-			switch (SQL_LAYER)
-			{
-				case 'mysql':
-				case 'mysql4':
-					$sql .= (($sql != '') ? ', ' : '') . "($ban_entry, $current_time, $ban_end, $ban_exclude, '$ban_reason')";
-					break;
-
-				case 'mssql':
-				case 'sqlite':
-					$sql .= (($sql != '') ? ' UNION ALL ' : '') . " SELECT $ban_entry, $current_time, $ban_end, $ban_exclude, '$ban_reason'";
-					break;
-
-				default:
-					$sql = 'INSERT INTO ' . BANLIST_TABLE . " ($type, ban_start, ban_end, ban_exclude, ban_reason)
-						VALUES ($ban_entryx, $current_time, $ban_end, $ban_exclude, '$ban_reason')";
-					$db->sql_query($sql);
-					$sql = '';
-			}
-		}
-
-		if ($sql != '')
-		{
-			$sql = 'INSERT INTO ' . BANLIST_TABLE . " ($type, ban_start, ban_end, ban_exclude, ban_reason)
-				VALUES $sql";
-			$db->sql_query($sql);
-		}
-
-		if (!$ban_exclude)
-		{
-			$sql = '';
-			switch ($mode)
-			{
-				case 'user':
-					$sql = "WHERE session_user_id IN (" . implode(', ', $banlist) . ")";
-					break;
-
-				case 'ip':
-					$sql = "WHERE session_ip IN (" . implode(', ', $banlist) . ")";
-					break;
-
-				case 'email':
-					$sql = "SELECT user_id
-						FROM " . USERS_TABLE . "
-						WHERE user_email IN (" . implode(', ', $banlist) . ")";
-					$result = $db->sql_query($sql);
-
-					$sql = '';
-					if ($row = $db->sql_fetchrow($result))
-					{
-						do
-						{
-							$sql .= (($sql != '') ? ', ' : '') . $row['user_id'];
-						}
-						while ($row = $db->sql_fetchrow($result));
-
-						$sql = "WHERE session_user_id IN (" . str_replace('*', '%', $sql) . ")";
-					}
-					break;
-			}
-
-			if ($sql != '')
-			{
-				$sql = "DELETE FROM " . SESSIONS_TABLE . "
-					$sql";
-				$db->sql_query($sql);
-			}
-		}
-
-		// Update log
-		$log_entry = ($ban_exclude) ? 'LOG_BAN_EXCLUDE_' : 'LOG_BAN_';
-		add_log('admin', $log_entry . strtoupper($mode), $ban_reason, $ban_list_log);
-	}
+	user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reason);
 
 	trigger_error($user->lang['BAN_UPDATE_SUCESSFUL']);
-
 }
-else if (isset($_POST['unbansubmit']))
+else if ($unbansubmit)
 {
-	$unban_sql = implode(', ', array_map('intval', $_POST['unban']));
+	$ban = request_var('unban', '');
 
-	if ($unban_sql != '')
-	{
-		$l_unban_list = '';
-		// Grab details of bans for logging information later
-		switch ($mode)
-		{
-			case 'user':
-				$sql = "SELECT u.username AS unban_info
-					FROM " . USERS_TABLE . " u, " . BANLIST_TABLE . " b 
-					WHERE b.ban_id IN ($unban_sql) 
-						AND u.user_id = b.ban_userid";
-				break;
-
-			case 'email':
-				$sql = "SELECT ban_email AS unban_info 
-					FROM " . BANLIST_TABLE . "
-					WHERE ban_id IN ($unban_sql)";
-				break;
-
-			case 'ip':
-				$sql = "SELECT ban_ip AS unban_info 
-					FROM " . BANLIST_TABLE . "
-					WHERE ban_id IN ($unban_sql)";
-				break;
-		}
-		$result = $db->sql_query($sql);
-
-		while ($row = $db->sql_fetchrow($result))
-		{
-			$l_unban_list .= (($l_unban_list != '') ? ', ' : '') . $row['unban_info'];
-		}
-
-		$sql = "DELETE FROM " . BANLIST_TABLE . "
-			WHERE ban_id IN ($unban_sql)";
-		$db->sql_query($sql);
-
-		add_log('admin', 'LOG_UNBAN_' . strtoupper($mode), $l_unban_list);
-	}
+	user_unban($mode, $ban);
 
 	trigger_error($user->lang['BAN_UPDATE_SUCESSFUL']);
 }
@@ -375,13 +73,6 @@ else if (isset($_POST['unbansubmit']))
 // Output relevant entry page
 //
 
-//
-// Remove timed out bans
-//
-$sql = "DELETE FROM " . BANLIST_TABLE . "
-	WHERE ban_end < " . time() . "
-		AND ban_end <> 0";
-$db->sql_query($sql);
 
 //
 // Ban length options
@@ -427,18 +118,17 @@ switch ($mode)
 		$l_ban_exclude_explain = $user->lang['BAN_USER_EXCLUDE_EXPLAIN'];
 		$l_unban_title = $user->lang['UNBAN_USERNAME'];
 		$l_unban_explain = $user->lang['UNBAN_USERNAME_EXPLAIN'];
-		$l_ban_cell = $user->lang['USERNAME'];
+		$l_ban_cell = $user->lang['USERNAME'] . ': <br /><span class="gensmall">[ <a href="' . "../memberlist.$phpEx$SID&amp;mode=searchuser&amp;form=banning&amp;field=ban\" onclick=\"window.open('../memberlist.$phpEx$SID&amp;mode=searchuser&amp;form=banning&amp;field=ban', '_phpbbsearch', 'HEIGHT=500,resizable=yes,scrollbars=yes,WIDTH=740');return false;\">" . $user->lang['FIND_USERNAME'] .'</a> ]</span>';
 		$l_no_ban_cell = $user->lang['NO_BANNED_USERS'];
-		$s_submit_extra = '<input type="submit" name="usersubmit" value="' . $user->lang['LOOK_UP_USER'] . '" class="btnlite" onclick="window.open(\'../memberlist.' . $phpEx . $SID . '&amp;mode=searchuser&amp;field=ban\', \'_phpbbsearch\', \'HEIGHT=500,resizable=yes,scrollbars=yes,WIDTH=740\');return false;" />';
 
-		$sql = "SELECT b.*, u.user_id, u.username
-			FROM " . BANLIST_TABLE . " b, " . USERS_TABLE . " u
-			WHERE (b.ban_end >= " . time() . "
+		$sql = 'SELECT b.*, u.user_id, u.username
+			FROM ' . BANLIST_TABLE . ' b, ' . USERS_TABLE . ' u
+			WHERE (b.ban_end >= ' . time() . '
 					OR b.ban_end = 0)
 				AND u.user_id = b.ban_userid
 				AND b.ban_userid <> 0
-				AND u.user_id <> " . ANONYMOUS . "
-			ORDER BY u.user_id ASC";
+				AND u.user_id <> ' . ANONYMOUS . '
+			ORDER BY u.user_id ASC';
 		break;
 
 	case 'ip':
@@ -449,13 +139,12 @@ switch ($mode)
 		$l_ban_exclude_explain = $user->lang['BAN_IP_EXCLUDE_EXPLAIN'];
 		$l_unban_title = $user->lang['UNBAN_IP'];
 		$l_unban_explain = $user->lang['UNBAN_IP_EXPLAIN'];
-		$l_ban_cell = $user->lang['IP_HOSTNAME'];
+		$l_ban_cell = $user->lang['IP_HOSTNAME'] . ':';
 		$l_no_ban_cell = $user->lang['NO_BANNED_IP'];
-		$s_submit_extra = '';
 
-		$sql = "SELECT *
-			FROM " . BANLIST_TABLE . "
-			WHERE (ban_end >= " . time() . "
+		$sql = 'SELECT *
+			FROM ' . BANLIST_TABLE . '
+			WHERE (ban_end >= ' . time() . "
 					OR ban_end = 0)
 				AND ban_ip <> ''";
 		break;
@@ -468,13 +157,12 @@ switch ($mode)
 		$l_ban_exclude_explain = $user->lang['BAN_EMAIL_EXCLUDE_EXPLAIN'];
 		$l_unban_title = $user->lang['UNBAN_EMAIL'];
 		$l_unban_explain = $user->lang['UNBAN_EMAIL_EXPLAIN'];
-		$l_ban_cell = $user->lang['EMAIL_ADDRESS'];
+		$l_ban_cell = $user->lang['EMAIL_ADDRESS'] . ':';
 		$l_no_ban_cell = $user->lang['NO_BANNED_EMAIL'];
-		$s_submit_extra = '';
 
-		$sql = "SELECT *
-			FROM " . BANLIST_TABLE . "
-			WHERE (ban_end >= " . time() . "
+		$sql = 'SELECT *
+			FROM ' . BANLIST_TABLE . '
+			WHERE (ban_end >= ' . time() . "
 					OR ban_end = 0)
 				AND ban_email <> ''";
 		break;
@@ -542,28 +230,28 @@ function display_details(option)
 //-->
 </script>
 
-<form method="post" action="<?php echo "admin_ban.$phpEx$SID&amp;mode=$mode"; ?>"><table class="bg" width="80%" cellspacing="1" cellpadding="4" border="0" align="center">
+<form name="banning" method="post" action="<?php echo "admin_ban.$phpEx$SID&amp;mode=$mode"; ?>"><table class="bg" width="80%" cellspacing="1" cellpadding="4" border="0" align="center">
 	<tr>
 		<th colspan="2"><?php echo $l_ban_title; ?></th>
 	</tr>
 	<tr>
-		<td class="row2" width="45%"><?php echo $l_ban_cell; ?>: </td>
-		<td class="row1"><textarea cols="40" rows="3" name="ban"></textarea></td>
+		<td class="row1" width="45%"><?php echo $l_ban_cell; ?></td>
+		<td class="row2"><textarea cols="40" rows="3" name="ban"></textarea></td>
 	</tr>
 	<tr>
-		<td class="row2" width="45%"><?php echo $user->lang['BAN_LENGTH']; ?>:</td>
-		<td class="row1"><select name="banlength"><?php echo $ban_end_options; ?></select>&nbsp; <input class="post" type="text" name="banlengthother" maxlength="10" size="10" /></td>
+		<td class="row1" width="45%"><?php echo $user->lang['BAN_LENGTH']; ?>:</td>
+		<td class="row2"><select name="banlength"><?php echo $ban_end_options; ?></select>&nbsp; <input class="post" type="text" name="banlengthother" maxlength="10" size="10" /></td>
 	</tr>
 	<tr>
-		<td class="row2" width="45%"><?php echo $user->lang['BAN_EXCLUDE']; ?>: <br /><span class="gensmall"><?php echo $l_ban_exclude_explain;;?></span></td>
-		<td class="row1"><input type="radio" name="banexclude" value="1" /> <?php echo $user->lang['YES']; ?> &nbsp; <input type="radio" name="banexclude" value="0" checked="checked" /> <?php echo $user->lang['NO']; ?></td>
+		<td class="row1" width="45%"><?php echo $user->lang['BAN_EXCLUDE']; ?>: <br /><span class="gensmall"><?php echo $l_ban_exclude_explain;;?></span></td>
+		<td class="row2"><input type="radio" name="banexclude" value="1" /> <?php echo $user->lang['YES']; ?> &nbsp; <input type="radio" name="banexclude" value="0" checked="checked" /> <?php echo $user->lang['NO']; ?></td>
 	</tr>
 	<tr>
-		<td class="row2" width="45%"><?php echo $user->lang['BAN_REASON']; ?>:</td>
-		<td class="row1"><input class="post" type="text" name="banreason" maxlength="255" size="40" /></td>
+		<td class="row1" width="45%"><?php echo $user->lang['BAN_REASON']; ?>:</td>
+		<td class="row2"><input class="post" type="text" name="banreason" maxlength="255" size="40" /></td>
 	</tr>
 	<tr>
-		<td class="cat" colspan="2" align="center"> <input type="submit" name="bansubmit" value="<?php echo $user->lang['SUBMIT']; ?>" class="btnmain" />&nbsp; <input type="reset" value="<?php echo $user->lang['RESET']; ?>" class="btnlite" />&nbsp; <?php echo $s_submit_extra; ?></td>
+		<td class="cat" colspan="2" align="center"> <input type="submit" name="bansubmit" value="<?php echo $user->lang['SUBMIT']; ?>" class="btnmain" />&nbsp; <input type="reset" value="<?php echo $user->lang['RESET']; ?>" class="btnlite" />&nbsp;</td>
 	</tr>
 </table>
 
@@ -577,21 +265,21 @@ function display_details(option)
 	</tr>
 <?php
 
-	if ($banned_options != '')
+	if ($banned_options)
 	{
 
 ?>
 	<tr>
-		<td class="row2" width="45%"><?php echo $l_ban_cell; ?>: <br /></td>
-		<td class="row1"> <select name="unban[]" multiple="multiple" size="5" onchange="display_details(this.options[this.selectedIndex].value)"><?php echo $banned_options; ?></select></td>
+		<td class="row1" width="45%"><?php echo $l_ban_cell; ?>: <br /></td>
+		<td class="row2"> <select name="unban[]" multiple="multiple" size="5" onchange="display_details(this.options[this.selectedIndex].value)"><?php echo $banned_options; ?></select></td>
 	</tr>
 	<tr>
-		<td class="row2" width="45%"><?php echo $user->lang['BAN_REASON']; ?>:</td>
-		<td class="row1"><input class="row1" style="border:0px" type="text" name="unbanreason" size="40" /></td>
+		<td class="row1" width="45%"><?php echo $user->lang['BAN_REASON']; ?>:</td>
+		<td class="row2"><input class="row1" style="border:0px" type="text" name="unbanreason" size="40" /></td>
 	</tr>
 	<tr>
-		<td class="row2" width="45%"><?php echo $user->lang['BAN_LENGTH']; ?>:</td>
-		<td class="row1"><input class="row1" style="border:0px" type="text" name="unbanlength" size="40" /></td>
+		<td class="row1" width="45%"><?php echo $user->lang['BAN_LENGTH']; ?>:</td>
+		<td class="row2"><input class="row1" style="border:0px" type="text" name="unbanlength" size="40" /></td>
 	</tr>
 	<tr>
 		<td class="cat" colspan="2" align="center"><input type="submit" name="unbansubmit" value="<?php echo $user->lang['SUBMIT']; ?>" class="btnmain" />&nbsp; <input type="reset" value="<?php echo $user->lang['RESET']; ?>" class="btnlite" /></td>
@@ -604,7 +292,7 @@ function display_details(option)
 
 ?>
 	<tr>
-		<td class="row1" colspan="2" align="center"><?php echo $l_no_ban_cell;  ?></td>
+		<td class="row2" colspan="2" align="center"><?php echo $l_no_ban_cell;  ?></td>
 	</tr>
 <?php
 

phpBB/adm/admin_bbcodes.php

@@ -0,0 +1,440 @@
+<?php
+/** 
+*
+* @package acp
+* @version $Id$
+* @copyright (c) 2005 phpBB Group 
+* @license http://opensource.org/licenses/gpl-license.php GNU Public License 
+*
+*/
+
+/**
+*/
+if (!empty($setmodules))
+{
+	if (!$auth->acl_get('a_bbcode'))
+	{
+		return;
+	}
+
+	$module['POST']['BBCODES'] = basename(__FILE__) . $SID;
+	return;
+}
+
+define('IN_PHPBB', 1);
+
+// Include files
+$phpbb_root_path = '../';
+$phpEx = substr(strrchr(__FILE__, '.'), 1);
+require('pagestart.' . $phpEx);
+
+// Do we have general permissions?
+if (!$auth->acl_get('a_bbcode'))
+{
+	trigger_error('NO_ADMIN');
+}
+
+// Set up general vars
+$mode = request_var('mode', '');
+$bbcode_id = request_var('bbcode', 0);
+
+// Set up mode-specific vars
+switch ($mode)
+{
+	case 'add':
+		$bbcode_match = $bbcode_tpl = '';
+		break;
+
+	case 'edit':
+		$sql = 'SELECT bbcode_match, bbcode_tpl
+			FROM ' . BBCODES_TABLE . '
+			WHERE bbcode_id = ' . $bbcode_id;
+		$result = $db->sql_query($sql);
+		if (!$row = $db->sql_fetchrow($result))
+		{
+			trigger_error('BBCODE_NOT_EXIST');
+		}
+		$db->sql_freeresult($result);
+
+		$bbcode_match = $row['bbcode_match'];
+		$bbcode_tpl = htmlspecialchars($row['bbcode_tpl']);
+		break;
+
+	case 'modify':
+		$sql = 'SELECT bbcode_id
+			FROM ' . BBCODES_TABLE . '
+			WHERE bbcode_id = ' . $bbcode_id;
+		$result = $db->sql_query($sql);
+		if (!$row = $db->sql_fetchrow($result))
+		{
+			trigger_error('BBCODE_NOT_EXIST');
+		}
+		$db->sql_freeresult($result);
+
+		// No break here
+
+	case 'create':
+		$bbcode_match = htmlspecialchars(stripslashes($_POST['bbcode_match']));
+		$bbcode_tpl = stripslashes($_POST['bbcode_tpl']);
+		break;
+}
+
+// Do major work
+switch ($mode)
+{
+	case 'edit':
+	case 'add':
+		adm_page_header($user->lang['BBCODES']);
+
+?>
+
+<h1><?php echo $user->lang['BBCODES'] ?></h1>
+
+<p><?php echo $user->lang['BBCODES_EXPLAIN'] ?></p>
+
+<form method="post" action="admin_bbcodes.<?php echo $phpEx . $SID . '&amp;mode=' . (($mode == 'add') ? 'create' : 'modify') . (($bbcode_id) ? "&amp;bbcode=$bbcode_id" : '') ?>">
+<table cellspacing="1" cellpadding="0" border="0" align="center" width="90%">
+	<tr>
+		<td><table class="bg" width="100%" cellspacing="1" cellpadding="4" border="0" align="center">
+			<tr>
+				<th colspan="2"><?php echo $user->lang['BBCODE_USAGE'] ?></th>
+			</tr>
+			<tr>
+				<td class="row3" colspan="2"><?php echo $user->lang['BBCODE_USAGE_EXPLAIN'] ?></td>
+			</tr>
+			<tr valign="top">
+				<td class="row1" width="40%"><b><?php echo $user->lang['EXAMPLES'] ?></b><br /><br /><?php echo $user->lang['BBCODE_USAGE_EXAMPLE'] ?></td>
+				<td class="row2"><textarea name="bbcode_match" cols="60" rows="5"><?php echo $bbcode_match ?></textarea></td>
+			</tr>
+		</table></td>
+	</tr>
+</table>
+
+<br clear="all" />
+
+<table cellspacing="1" cellpadding="0" border="0" align="center" width="90%">
+	<tr>
+		<td><table class="bg" width="100%" cellspacing="1" cellpadding="4" border="0" align="center">
+			<tr>
+				<th colspan="2"><?php echo $user->lang['HTML_REPLACEMENT'] ?></th>
+			</tr>
+			<tr>
+				<td class="row3" colspan="2"><?php echo $user->lang['HTML_REPLACEMENT_EXPLAIN'] ?></td>
+			</tr>
+			<tr valign="top">
+				<td class="row1" width="40%"><b><?php echo $user->lang['EXAMPLES'] ?></b><br /><br /><?php echo $user->lang['HTML_REPLACEMENT_EXAMPLE'] ?></td>
+				<td class="row2"><textarea name="bbcode_tpl" cols="60" rows="8"><?php echo $bbcode_tpl ?></textarea></td>
+			</tr>
+			<tr>
+				<td class="cat" colspan="2" align="center"><input type="submit" value="<?php echo $user->lang['SUBMIT'] ?>" class="btnmain" /></td>
+			</tr>
+		</table></td>
+	</tr>
+</table>
+
+<br clear="all" />
+
+<table cellspacing="1" cellpadding="0" border="0" align="center" width="90%">
+	<tr>
+		<td><table class="bg" width="100%" cellspacing="1" cellpadding="4" border="0" align="center">
+			<tr>
+				<th colspan="2"><?php echo $user->lang['TOKENS'] ?></th>
+			</tr>
+			<tr>
+				<td class="row3" colspan="2"><?php echo $user->lang['TOKENS_EXPLAIN'] ?></td>
+			</tr>
+			<tr>
+				<th><?php echo $user->lang['TOKEN'] ?></th>
+				<th><?php echo $user->lang['TOKEN_DEFINITION'] ?></th>
+			</tr>
+<?php
+
+		foreach ($user->lang['tokens'] as $token => $token_explain)
+		{
+			?><tr valign="top">
+				<td class="row1">{<?php echo $token ?>}</td>
+				<td class="row2"><?php echo $token_explain ?></td>
+			</tr><?php
+		}
+
+?>
+		</table></td>
+	</tr>
+</table>
+</form>
+
+<?php
+
+		adm_page_footer();
+		break;
+
+	case 'modify':
+	case 'create':
+		adm_page_header($user->lang['BBCODES']);
+
+		$data = build_regexp($bbcode_match, $bbcode_tpl);
+
+		$sql_ary = array(
+			'bbcode_tag'				=> $data['bbcode_tag'],
+			'bbcode_match'				=> $bbcode_match,
+			'bbcode_tpl'				=> $bbcode_tpl,
+			'first_pass_match'			=> $data['first_pass_match'],
+			'first_pass_replace'		=> $data['first_pass_replace'],
+			'second_pass_match'			=> $data['second_pass_match'],
+			'second_pass_replace'		=> $data['second_pass_replace']
+		);
+
+		if ($mode == 'create')
+		{
+			/* TODO: look for SQL incompatibilities
+			// NOTE: I'm sure there was another simpler (and obvious) way of finding a suitable bbcode_id
+			$sql = 'SELECT b1.bbcode_id
+				FROM ' . BBCODES_TABLE . ' b1, ' . BBCODES_TABLE . ' b2
+				WHERE b2.bbcode_id > b1.bbcode_id
+				GROUP BY b1.bbcode_id
+				HAVING MIN(b2.bbcode_id) > b1.bbcode_id + 1
+				ORDER BY b1.bbcode_id ASC';
+			$result = $db->sql_query_limit($sql, 1);
+			$row = $db->sql_fetchrow($result);
+			$db->sql_freeresult($result);
+*/
+			$sql = 'SELECT MAX(bbcode_id) as bbcode_id
+				FROM ' . BBCODES_TABLE;
+			$result = $db->sql_query($sql);
+			$row = $db->sql_fetchrow($result);
+			$db->sql_freeresult($result);
+
+			if ($row)
+			{
+				$bbcode_id = $row['bbcode_id'] + 1;
+			}
+			else
+			{
+				$sql = 'SELECT MIN(bbcode_id) AS min_id, MAX(bbcode_id) AS max_id
+					FROM ' . BBCODES_TABLE;
+				$result = $db->sql_query($sql);
+				$row = $db->sql_fetchrow($result);
+				$db->sql_freeresult($result);
+
+				if (empty($row['min_id']) || $row['min_id'] >= NUM_CORE_BBCODES)
+				{
+					$bbcode_id = NUM_CORE_BBCODES + 1;
+				}
+				else
+				{
+					$bbcode_id = $row['max_id'] + 1;
+				}
+			}
+
+			if ($bbcode_id > 31)
+			{
+				trigger_error('TOO_MANY_BBCODES');
+			}
+
+			$sql_ary['bbcode_id'] = (int) $bbcode_id;
+
+			$db->sql_query('INSERT INTO ' . BBCODES_TABLE . $db->sql_build_array('INSERT', $sql_ary));
+			$lang = 'BBCODE_ADDED';
+			$log_action = 'LOG_BBCODE_ADD';
+		}
+		else
+		{
+			$db->sql_query('UPDATE ' . BBCODES_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . ' WHERE bbcode_id = ' . $bbcode_id);
+			$lang = 'BBCODE_EDITED';
+			$log_action = 'LOG_BBCODE_EDIT';
+		}
+
+		add_log('admin', $log_action, $data['bbcode_tag']);
+
+		trigger_error($lang);
+		break;
+
+	case 'delete':
+		$sql = 'SELECT bbcode_tag
+			FROM ' . BBCODES_TABLE . "
+			WHERE bbcode_id = $bbcode_id";
+		$result = $db->sql_query($sql);
+		
+		if ($row = $db->sql_fetchrow($result))
+		{
+			$db->sql_query('DELETE FROM ' . BBCODES_TABLE . " WHERE bbcode_id = $bbcode_id");
+			add_log('admin', 'LOG_BBCODE_DELETE', $row['bbcode_tag']);
+		}
+		$db->sql_freeresult($result);
+
+		// No break here
+
+	default:
+
+		adm_page_header($user->lang['BBCODES']);
+
+?>
+
+<h1><?php echo $user->lang['BBCODES'] ?></h1>
+
+<p><?php echo $user->lang['BBCODES_EXPLAIN'] ?></p>
+
+
+<form method="post" action="admin_bbcodes.<?php echo $phpEx . $SID ?>&amp;mode=add"><table cellspacing="1" cellpadding="0" border="0" align="center">
+	<tr>
+		<td><table class="bg" width="100%" cellspacing="1" cellpadding="4" border="0" align="center">
+			<tr>
+				<th><?php echo $user->lang['BBCODE_TAG'] ?></th>
+				<th><?php echo $user->lang['ACTION'] ?></th>
+			</tr><?php
+
+		$sql = 'SELECT *
+			FROM ' . BBCODES_TABLE . '
+			ORDER BY bbcode_id';
+		$result = $db->sql_query($sql);
+
+		$row_class = '';
+		while ($row = $db->sql_fetchrow($result))
+		{
+			$row_class = ($row_class == 'row1') ? 'row2' : 'row1';
+?>
+			<tr>
+				<td class="<?php echo $row_class ?>" align="center"><?php echo $row['bbcode_tag'] ?></td>
+				<td class="<?php echo $row_class ?>" align="center"><a href="admin_bbcodes.<?php echo $phpEx . $SID ?>&amp;mode=edit&amp;bbcode=<?php echo $row['bbcode_id'] ?>"><?php echo $user->lang['EDIT'] ?></a> | <a href="admin_bbcodes.<?php echo $phpEx . $SID ?>&amp;mode=delete&amp;bbcode=<?php echo $row['bbcode_id'] ?>"><?php echo $user->lang['DELETE'] ?></a></td>
+			</tr>
+<?php
+		}
+		$db->sql_freeresult($result);
+
+?>
+
+			<tr>
+				<td class="cat" colspan="2" align="center"><input type="submit" value="<?php echo $user->lang['ADD_BBCODE'] ?>" class="btnmain" /></td>
+			</tr>
+		</table></td>
+	</tr>
+</table></form>
+
+<?php
+
+	adm_page_footer();
+}
+
+// -----------------------------
+// Functions
+function build_regexp($msg_bbcode, $msg_html)
+{
+	$msg_bbcode = trim($msg_bbcode);
+	$msg_html = trim($msg_html);
+
+	$fp_match = preg_quote($msg_bbcode, '!');
+	$fp_replace = preg_replace('#^\[(.*?)\]#', '[$1:$uid]', $msg_bbcode);
+	$fp_replace = preg_replace('#\[/(.*?)\]$#', '[/$1:$uid]', $fp_replace);
+
+	$sp_match = preg_quote($msg_bbcode, '!');
+	$sp_match = preg_replace('#^\\\\\[(.*?)\\\\\]#', '\[$1:$uid\]', $sp_match);
+	$sp_match = preg_replace('#\\\\\[/(.*?)\\\\\]$#', '\[/$1:$uid\]', $sp_match);
+	$sp_replace = $msg_html;
+
+	$tokens = array(
+		'URL'	 => array(
+			'!([a-z0-9]+://)?([^?].*?[^ \t\n\r<"]*)!ie'	=>	"(('\$1') ? '\$1\$2' : 'http://\$2')"
+		),
+		'LOCAL_URL'	 => array(
+			'!([^:]+/[^ \t\n\r<"]*)!'	=>	'$1'
+		),
+		'EMAIL' => array(
+			'!([a-z0-9]+[a-z0-9\-\._]*@(?:(?:[0-9]{1,3}\.){3,5}[0-9]{1,3}|[a-z0-9]+[a-z0-9\-\._]*\.[a-z]+))!i'	=>	'$1'
+		),
+		'TEXT' => array(
+			'!(.*?)!es'	 =>	"str_replace('\\\"', '&quot;', str_replace('\\'', '&#39;', '\$1'))"
+		),
+		'COLOR' => array(
+			'!([a-z]+|#[0-9abcdef]+!i'	=>	'$1'
+		),
+		'NUMBER' => array(
+			'!([0-9]+)!'	=>	'$1'
+		)
+	);
+
+	if (preg_match_all('/\{(' . implode('|', array_keys($tokens)) . ')[0-9]*\}/i', $msg_bbcode, $m))
+	{
+		$pad = 0;
+		$modifiers = 'i';
+
+		foreach ($m[0] as $n => $token)
+		{
+			$token_type = $m[1][$n];
+
+			reset($tokens[$token_type]);
+			list($match, $replace) = each($tokens[$token_type]);
+
+			// Pad backreference numbers from tokens
+			if (preg_match_all('/(?<!\\\\)\$([0-9]+)/', $replace, $repad))
+			{
+				$repad = $pad + count(array_unique($repad[0]));
+				$replace = preg_replace('/(?<!\\\\)\$([0-9]+)/e', "'\$' . (\$1 + \$pad)", $replace);
+				$pad = $repad;
+			}
+
+			// Obtain pattern modifiers to use and alter the regex accordingly
+			$regex = preg_replace('/!(.*)!([a-z]*)/', '$1', $match);
+			$regex_modifiers = preg_replace('/!(.*)!([a-z]*)/', '$2', $match);
+
+			for ($i = 0; $i < strlen($regex_modifiers); ++$i)
+			{
+				if (strpos($modifiers, $regex_modifiers[$i]) === FALSE)
+				{
+					$modifiers .= $regex_modifiers[$i];
+
+					if ($regex_modifiers[$i] == 'e')
+					{
+						$fp_replace = "'" . str_replace("'", "\\'", $fp_replace) . "'";
+					}
+				}
+
+				if ($regex_modifiers[$i] == 'e')
+				{
+					$replace = "'.$replace.'";
+				}
+			}
+
+			$fp_match = str_replace(preg_quote($token, '!'), $regex, $fp_match);
+			$fp_replace = str_replace($token, $replace, $fp_replace);
+
+			$sp_match = str_replace(preg_quote($token, '!'), '(.*?)', $sp_match);
+			$sp_replace = str_replace($token, '$' . ($n + 1), $sp_replace);
+		}
+
+		$fp_match = '!' . $fp_match . '!' . $modifiers;
+		$sp_match = '!' . $sp_match . '!s';
+
+		if (strpos($fp_match, 'e') !== FALSE)
+		{
+			$fp_replace = str_replace("'.'", '', $fp_replace);
+			$fp_replace = str_replace(".''.", '.', $fp_replace);
+		}
+	}
+	else
+	{
+		// No replacement is present, no need for a second-pass pattern replacement
+		// A simple str_replace will suffice
+		$fp_match = '!' . $fp_match . '!' . $modifiers;
+		$sp_match = $fp_replace;
+		$sp_replace = '';
+	}
+
+	// Lowercase tags
+	$bbcode_tag = preg_replace('/.*?\[([a-z]+).*/i', '$1', $msg_bbcode);
+	$fp_match = preg_replace('#\[/?' . $bbcode_tag . '#ie', "strtolower('\$0')", $fp_match);
+	$fp_replace = preg_replace('#\[/?' . $bbcode_tag . '#ie', "strtolower('\$0')", $fp_replace);
+	$sp_match = preg_replace('#\[/?' . $bbcode_tag . '#ie', "strtolower('\$0')", $sp_match);
+	$sp_replace = preg_replace('#\[/?' . $bbcode_tag . '#ie', "strtolower('\$0')", $sp_replace);
+
+	return array(
+		'bbcode_tag'				=> $bbcode_tag,
+		'first_pass_match'			=> $fp_match,
+		'first_pass_replace'		=> $fp_replace,
+		'second_pass_match'			=> $sp_match,
+		'second_pass_replace'		=> $sp_replace
+	);
+}
+// End Functions
+// -----------------------------
+
+?>

phpBB/adm/admin_bots.php

@@ -0,0 +1,394 @@
+<?php
+/** 
+*
+* @package acp
+* @version $Id$
+* @copyright (c) 2005 phpBB Group 
+* @license http://opensource.org/licenses/gpl-license.php GNU Public License 
+*
+*/
+
+/**
+*/
+if (!empty($setmodules))
+{
+	if (!$auth->acl_get('a_server'))
+	{
+		return;
+	}
+
+	$module['USER']['BOTS'] = basename(__FILE__) . $SID;
+
+	return;
+}
+
+define('IN_PHPBB', 1);
+// Include files
+$phpbb_root_path = '../';
+$phpEx = substr(strrchr(__FILE__, '.'), 1);
+require('pagestart.' . $phpEx);
+
+// Do we have permission?
+if (!$auth->acl_get('a_server'))
+{
+	trigger_error($user->lang['NO_ADMIN']);
+}
+
+// Set various vars
+$submit = (isset($_POST['submit'])) ? true : false;
+$action = request_var('action', '');
+$mark	= request_var('mark', 0);
+$id		= request_var('id', 0);
+
+if (isset($_POST['add']))
+{
+	$action = 'add';
+}
+
+$error = array();
+
+// User wants to do something, how inconsiderate of them!
+switch ($action)
+{
+	case 'activate':
+		if ($id || $mark)
+		{
+			$id = ($id) ? " = $id" : ' IN (' . implode(', ', $mark) . ')';
+			$sql = 'UPDATE ' . BOTS_TABLE . " 
+				SET bot_active = 1
+				WHERE bot_id $id";
+			$db->sql_query($sql);
+		}
+
+		$cache->destroy('bots');
+		break;
+
+	case 'deactivate':
+		if ($id || $mark)
+		{
+			$id = ($id) ? " = $id" : ' IN (' . implode(', ', $mark) . ')';
+			$sql = 'UPDATE ' . BOTS_TABLE . " 
+				SET bot_active = 0
+				WHERE bot_id $id";
+			$db->sql_query($sql);
+		}
+
+		$cache->destroy('bots');
+		break;
+
+	case 'delete':
+		if ($id || $mark)
+		{
+			// We need to delete the relevant user, usergroup and bot entries ...
+			$id = ($id) ? " = $id" : ' IN (' . implode(', ', $mark) . ')';
+			$sql = 'SELECT bot_name, user_id 
+				FROM ' . BOTS_TABLE . " 
+				WHERE bot_id $id";
+			$result = $db->sql_query($sql);
+
+			$user_id_ary = $bot_name_ary = array();
+			while ($row = $db->sql_fetchrow($result))
+			{
+				$user_id_ary[] = (int) $row['user_id'];
+				$bot_name_ary[] = $row['bot_name'];
+			}
+			$db->sql_freeresult($result);
+
+			$db->sql_transaction();
+
+			$sql = 'DELETE FROM ' . BOTS_TABLE . " 
+				WHERE bot_id $id";
+			$db->sql_query($sql);
+
+			foreach (array(USERS_TABLE, USER_GROUP_TABLE) as $table)
+			{
+				$sql = "DELETE FROM $table
+					WHERE user_id IN (" . implode(', ', $user_id_ary) . ')';
+				$db->sql_query($sql);
+			}
+
+			$db->sql_transaction('commit');
+
+			$cache->destroy('bots');
+
+			add_log('admin', 'LOG_BOT_DELETE', implode(', ', $bot_name_ary));
+			trigger_error($user->lang['BOT_DELETED']);
+		}
+		break;
+
+	case 'edit':
+	case 'add':
+		$bot_name	= request_var('bot_name', '');
+		$bot_agent	= request_var('bot_agent', '');
+		$bot_ip		= request_var('bot_ip', '');
+		$bot_active = request_var('bot_active', true);
+		$bot_lang	= request_var('bot_lang', $config['default_lang']);
+		$bot_style	= request_var('bot_style' , $config['default_style']);
+
+		if ($submit)
+		{
+			if (!$bot_agent && !$bot_ip)
+			{
+				$error[] = $user->lang['ERR_BOT_NO_MATCHES'];
+			}
+	
+			if ($bot_ip && !preg_match('#^[\d\.,:]+$#', $bot_ip))
+			{
+				if (!$ip_list = gethostbynamel($bot_ip))
+				{
+					$error[] = $user->lang['ERR_BOT_NO_IP'];
+				}
+				else
+				{
+					$bot_ip = implode(',', $ip_list);
+				}
+			}
+			$bot_ip = str_replace(' ', '', $bot_ip);
+
+			if (!sizeof($error))
+			{
+				$db->sql_transaction();
+
+				// New bot? Create a new user and group entry
+				if ($action == 'add')
+				{
+					$sql = 'SELECT group_id, group_colour 
+						FROM ' . GROUPS_TABLE . " 
+						WHERE group_name = 'BOTS' 
+							AND group_type = " . GROUP_SPECIAL;
+					$result = $db->sql_query($sql);
+
+					if (!extract($db->sql_fetchrow($result)))
+					{
+						trigger_error($user->lang['NO_GROUP']);
+					}
+					$db->sql_freeresult($result);
+
+					$sql = 'INSERT INTO ' . USERS_TABLE . ' ' . $db->sql_build_array('INSERT', array(
+						'group_id'		=> (int) $group_id, 
+						'username'		=> (string) $bot_name, 
+						'user_type'		=> (int) USER_IGNORE, 
+						'user_colour'	=> (string) $group_colour,
+						'user_lang'		=> (string) $bot_lang, 
+						'user_style'	=> (int) $bot_style,
+						'user_options'	=> 0)
+					);
+					$db->sql_query($sql);
+
+					$user_id = $db->sql_nextid();
+
+					// Add to Bots usergroup
+					$sql = 'INSERT INTO ' . USER_GROUP_TABLE . ' ' . $db->sql_build_array('INSERT', array(
+						'user_id'	=> $user_id, 
+						'group_id'	=> $group_id)
+					);
+					$db->sql_query($sql);
+
+					$sql = 'INSERT INTO ' . BOTS_TABLE . ' ' . $db->sql_build_array('INSERT', array(
+						'user_id'		=> (int) $user_id,
+						'bot_name'		=> (string) $bot_name, 
+						'bot_active'	=> (int) $bot_active, 
+						'bot_agent'		=> (string) $bot_agent,
+						'bot_ip'		=> (string) $bot_ip,)
+					);
+
+					$log = 'ADDED';
+				}
+				else
+				{
+					$sql = 'SELECT user_id 
+						FROM ' . BOTS_TABLE . " 
+						WHERE bot_id = $id";
+					$result = $db->sql_query($sql);
+
+					if (!extract($db->sql_fetchrow($result)))
+					{
+						trigger_error($user->lang['NO_BOT']);
+					}
+
+					$sql = 'UPDATE ' . USERS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', array(
+						'user_style'	=> (int) $bot_style,
+						'user_lang'		=> (string) $bot_lang,)
+					) . " WHERE user_id = $user_id";
+					$db->sql_query($sql);
+
+					$sql = 'UPDATE ' . BOTS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', array(
+						'bot_name'		=> (string) $bot_name, 
+						'bot_active'	=> (int) $bot_active, 
+						'bot_agent'		=> (string) $bot_agent,
+						'bot_ip'		=> (string) $bot_ip,)
+					) . " WHERE bot_id = $id";
+
+					$log = 'UPDATED';
+				}
+				$db->sql_query($sql);
+
+				$db->sql_transaction('commit');
+
+				$cache->destroy('bots');
+		
+				add_log('admin', 'LOG_BOT_' . $log, $bot_name);
+				trigger_error($user->lang['BOT_' . $log]);
+			}
+		}
+		else if ($id)
+		{
+			$sql = 'SELECT b.*, u.user_lang, u.user_style 
+				FROM ' . BOTS_TABLE . ' b, ' . USERS_TABLE . " u
+				WHERE b.bot_id = $id
+					AND u.user_id = b.user_id";
+			$result = $db->sql_query($sql);
+
+			if (!extract($db->sql_fetchrow($result)))
+			{
+				trigger_error($user->lang['NO_BOT']);
+			}
+			$db->sql_freeresult($result);
+
+			$bot_lang = $user_lang;
+			$bot_style = $user_style;
+		}
+
+		$s_active_options = '';
+		foreach (array('0' => 'NO', '1' => 'YES') as $value => $lang)
+		{
+			$selected = ($bot_active == $value) ? ' selected="selected"' : '';
+			$s_active_options .= '<option value="' . $value . '"' . $selected . '>' . $user->lang[$lang] . '</option>';
+		}
+
+		$style_select = style_select($bot_style, true);
+		$lang_select = language_select($bot_lang);
+
+		$l_title = ($action == 'edit') ? 'EDIT' : 'ADD';
+
+		// Output relevant page
+		adm_page_header($user->lang['BOT_' . $l_title]);
+
+?>
+
+<h1><?php echo $user->lang['BOT_' . $l_title]; ?></h1>
+
+<p><?php echo $user->lang['BOT_EDIT_EXPLAIN']; ?></p>
+
+<form method="post" action="<?php echo "admin_bots.$phpEx$SID&amp;action=$action&amp;id=$id"; ?>"><table class="bg" width="90%" cellspacing="1" cellpadding="4" border="0" align="center">
+	<tr>
+		<th colspan="2"><?php echo $user->lang['BOT_' . $l_title]; ?></th>
+	</tr>
+<?php
+
+	if (sizeof($error))
+	{
+
+?>
+	<tr>
+		<td class="row3" colspan="2" align="center"><span style="color:red"><?php echo implode('<br />', $error); ?></span></td>
+	</tr>
+<?php
+
+	}
+
+?>
+	<tr>
+		<td class="row1" width="40%"><b class="genmed"><?php echo $user->lang['BOT_NAME']; ?>: </b><br /><span class="gensmall"><?php echo $user->lang['BOT_NAME_EXPLAIN']; ?></span></td>
+		<td class="row2"><input class="post" type="text" name="bot_name" size="30" maxlength="255" value="<?php echo $bot_name; ?>" /></td>
+	</tr>
+	<tr>
+		<td class="row1" width="40%"><b class="genmed"><?php echo $user->lang['BOT_STYLE']; ?>: </b><br /><span class="gensmall"><?php echo $user->lang['BOT_STYLE_EXPLAIN']; ?></span></td>
+		<td class="row2"><select name="bot_style"><?php echo $style_select; ?></select></td>
+	</tr>
+	<tr>
+		<td class="row1" width="40%"><b class="genmed"><?php echo $user->lang['BOT_LANG']; ?>: </b><br /><span class="gensmall"><?php echo $user->lang['BOT_LANG_EXPLAIN']; ?></span></td>
+		<td class="row2"><select name="bot_lang"><?php echo $lang_select; ?></select></td>
+	</tr>
+	<tr>
+		<td class="row1" width="40%"><b class="genmed"><?php echo $user->lang['BOT_ACTIVE']; ?>: </b></td>
+		<td class="row2"><select name="bot_active"><?php echo $s_active_options; ?></select></td>
+	</tr>
+	<tr>
+		<td class="row1" width="40%"><b class="genmed"><?php echo $user->lang['BOT_AGENT']; ?>: </b><br /><span class="gensmall"><?php echo $user->lang['BOT_AGENT_EXPLAIN']; ?></span></td>
+		<td class="row2"><input class="post" type="text" name="bot_agent" size="30" maxlength="255" value="<?php echo $bot_agent; ?>" /></td>
+	</tr>
+	<tr>
+		<td class="row1" width="40%"><b class="genmed"><?php echo $user->lang['BOT_IP']; ?>: </b><br /><span class="gensmall"><?php echo $user->lang['BOT_IP_EXPLAIN']; ?></span></td>
+		<td class="row2"><input class="post" type="text" name="bot_ip" size="30" maxlength="255" value="<?php echo $bot_ip; ?>" /></td>
+	</tr>
+	<tr>
+		<td class="cat" colspan="2" align="center"><input class="btnmain" type="submit" name="submit" value="<?php echo $user->lang['SUBMIT']; ?>" />&nbsp;&nbsp;<input class="btnlite" type="reset" value="<?php echo $user->lang['RESET']; ?>" /></td>
+	</tr>
+</table></form>
+
+<?php
+
+		adm_page_footer();
+
+		break;
+}
+
+// Output relevant page
+adm_page_header($user->lang['BOTS']);
+
+?>
+
+<h1><?php echo $user->lang['BOTS']; ?></h1>
+
+<p><?php echo $user->lang['BOTS_EXPLAIN']; ?></p>
+
+<form method="post" action="<?php "admin_bots.$phpEx$SID"; ?>"><table class="bg" width="90%" cellspacing="1" cellpadding="4" border="0" align="center">
+	<tr>
+		<th nowrap="nowrap"><?php echo $user->lang['BOT_NAME']; ?></th>
+		<th nowrap="nowrap"><?php echo $user->lang['BOT_LAST_VISIT']; ?></th>
+		<th colspan="3" nowrap="nowrap"><?php echo $user->lang['OPTIONS']; ?></th>
+		<th nowrap="nowrap"><?php echo $user->lang['MARK']; ?></th>
+	</tr>
+<?php
+
+$s_options = '';
+foreach (array('activate' => 'BOT_ACTIVATE', 'deactivate' => 'BOT_DEACTIVATE', 'delete' => 'DELETE') as $value => $lang)
+{
+	$s_options .= '<option value="' . $value . '">' . $user->lang[$lang] . '</option>';
+}
+
+$sql = 'SELECT b.bot_id, b.bot_name, b.bot_active, u.user_lastvisit 
+	FROM ' . BOTS_TABLE . ' b, ' . USERS_TABLE . ' u
+	WHERE u.user_id = b.user_id
+	ORDER BY u.user_lastvisit DESC';
+$result = $db->sql_query($sql);
+
+$row_class = '';
+while ($row = $db->sql_fetchrow($result))
+{
+	$row_class = ($row_class == 'row1') ? 'row2' : 'row1';
+
+	$active_lang = (!$row['bot_active']) ? 'BOT_ACTIVATE' : 'BOT_DEACTIVATE';
+	$active_value = (!$row['bot_active']) ? 'activate' : 'deactivate';
+	$id = $row['bot_id'];
+
+?>	
+	<tr>
+		<td class="<?php echo $row_class; ?>" width="50%"><?php echo $row['bot_name']; ?></td>
+		<td class="<?php echo $row_class; ?>" width="15%" align="center" nowrap="nowrap">&nbsp;<?php echo ($row['user_lastvisit']) ?  $user->format_date($row['user_lastvisit']) : $user->lang['BOT_NEVER']; ?>&nbsp;</td>
+		<td class="<?php echo $row_class; ?>" width="1%"align="center">&nbsp;<a href="<?php echo "admin_bots.$phpEx$SID&amp;id=$id&amp;action=$active_value"; ?>"><?php echo $user->lang[$active_lang]; ?></a>&nbsp;</td>
+		<td class="<?php echo $row_class; ?>" width="1%" align="center">&nbsp;<a href="<?php echo "admin_bots.$phpEx$SID&amp;id=$id&amp;action=edit"; ?>"><?php echo $user->lang['EDIT']; ?></a>&nbsp;</td>
+		<td class="<?php echo $row_class; ?>" width="1%" align="center">&nbsp;<a href="<?php echo "admin_bots.$phpEx$SID&amp;id=$id&amp;action=delete"; ?>"><?php echo $user->lang['DELETE']; ?></a>&nbsp;</td>
+		<td class="<?php echo $row_class; ?>" width="1%" align="center"><input type="checkbox" name="mark[]" value="<?php echo $id; ?>" /></td>
+	</tr>
+<?php
+
+}
+$db->sql_freeresult($result);
+
+?>
+	<tr>
+		<td class="cat" colspan="6"><table width="100%" cellspacing="0" cellpadding="0" border="0">
+			<tr>
+				<td><input class="btnlite" type="submit" name="add" value="<?php echo $user->lang['BOT_ADD']; ?>" /></td>
+				<td align="right"><select name="action"><?php echo $s_options; ?></select> <input class="btnlite" type="submit" name="submit" value="<?php echo $user->lang['SUBMIT']; ?>" /></td>
+			</tr>
+		</table></td>
+	</tr>
+</table></form>
+<?php
+
+adm_page_footer();
+
+?>

phpBB/adm/admin_database.php

@@ -1,16 +1,15 @@
 <?php
-// -------------------------------------------------------------
-//
-// $Id$
-//
-// FILENAME  : admin_database.php
-// STARTED   : Thu May 31, 2001
-// COPYRIGHT : <20> 2003 phpBB Group
-// WWW       : http://www.phpbb.com/
-// LICENCE   : GPL vs2.0 [ see /docs/COPYING ] 
-// 
-// -------------------------------------------------------------
+/** 
+*
+* @package acp
+* @version $Id$
+* @copyright (c) 2005 phpBB Group 
+* @license http://opensource.org/licenses/gpl-license.php GNU Public License 
+*
+*/
 
+/**
+*/
 if (!empty($setmodules))
 {
 	$filename = basename(__FILE__);
@@ -19,7 +18,7 @@ if (!empty($setmodules))
 	$file_uploads = @ini_get('file_uploads');
 	if (!empty($file_uploads) && $file_uploads !== 0 && strtolower($file_uploads) != 'off' && $auth->acl_get('a_restore'))
 	{
-		$module['DB']['DB_RESTORE'] = "$filenamex$SID&amp;mode=restore";
+		$module['DB']['DB_RESTORE'] = "$filename$SID&amp;mode=restore";
 	}
 
 	return;
@@ -28,9 +27,9 @@ if (!empty($setmodules))
 define('IN_PHPBB', 1);
 // Load default header
 $phpbb_root_path = '../';
-require($phpbb_root_path . 'extension.inc');
+$phpEx = substr(strrchr(__FILE__, '.'), 1);
 require('pagestart.' . $phpEx);
-include($phpbb_root_path . 'functions_compress.'.$phpEx);
+include($phpbb_root_path . 'includes/functions_compress.'.$phpEx);
 
 @set_time_limit(1200);
 
@@ -346,7 +345,7 @@ switch($mode)
 			if ($sql_query != '')
 			{
 				// Strip out sql comments...
-				$sql_query = remove_remarks($sql_query);
+				remove_remarks($sql_query);
 				$pieces = split_sql_file($sql_query, ';');
 
 				$sql_count = count($pieces);
@@ -802,11 +801,11 @@ function get_table_def_mysql($table, $crlf)
 
 	if (get_magic_quotes_runtime())
 	{
-		return(stripslashes($schema_create));
+		return stripslashes($schema_create);
 	}
 	else
 	{
-		return($schema_create);
+		return $schema_create;
 	}
 
 } // End get_table_def_mysql

phpBB/adm/admin_disallow.php

@@ -1,24 +1,15 @@
 <?php
-/***************************************************************************
- *                            admin_disallow.php
- *                            -------------------
- *   begin                : Tuesday, Oct 05, 2001
- *   copyright            : (C) 2001 The phpBB Group
- *   email                : support@phpbb.com
- *
- *   $Id$
- *
- ***************************************************************************/
-
-/***************************************************************************
- *
- *   This program is free software; you can redistribute it and/or modify
- *   it under the terms of the GNU General Public License as published by
- *   the Free Software Foundation; either version 2 of the License, or
- *   (at your option) any later version.
- *
- ***************************************************************************/
+/** 
+*
+* @package acp
+* @version $Id$
+* @copyright (c) 2005 phpBB Group 
+* @license http://opensource.org/licenses/gpl-license.php GNU Public License 
+*
+*/
 
+/**
+*/
 if (!empty($setmodules))
 {
 	if (!$auth->acl_get('a_names'))
@@ -34,7 +25,7 @@ if (!empty($setmodules))
 define('IN_PHPBB', 1);
 // Include files
 $phpbb_root_path = '../';
-require($phpbb_root_path . 'extension.inc');
+$phpEx = substr(strrchr(__FILE__, '.'), 1);
 require('pagestart.' . $phpEx);
 require($phpbb_root_path . 'includes/functions_user.'.$phpEx);
 

phpBB/adm/admin_email.php

@@ -1,24 +1,15 @@
 <?php
-/***************************************************************************
-*                                admin_email.php
-*                              -------------------
-*     begin                : Thu May 31, 2001
-*     copyright            : (C) 2001 The phpBB Group
-*     email                : support@phpbb.com
+/** 
 *
-*     $Id$
+* @package acp
+* @version $Id$
+* @copyright (c) 2005 phpBB Group 
+* @license http://opensource.org/licenses/gpl-license.php GNU Public License 
 *
-****************************************************************************/
-
-/***************************************************************************
- *
- *   This program is free software; you can redistribute it and/or modify
- *   it under the terms of the GNU General Public License as published by
- *   the Free Software Foundation; either version 2 of the License, or
- *   (at your option) any later version.
- *
- ***************************************************************************/
+*/
 
+/**
+*/
 if (!empty($setmodules))
 {
 	$file = basename(__FILE__);
@@ -28,8 +19,8 @@ if (!empty($setmodules))
 
 define('IN_PHPBB', 1);
 // Include files
-$phpbb_root_path = '../';
-require($phpbb_root_path . 'extension.inc');
+$phpbb_root_path = './../';
+$phpEx = substr(strrchr(__FILE__, '.'), 1);
 require('pagestart.' . $phpEx);
 
 // Check permissions
@@ -44,30 +35,48 @@ $message = $subject = $group_id = '';
 // Do the job ...
 if (isset($_POST['submit']))
 {
-	// Increase maximum execution time in case of a lot of users, but don't complain
-	// about it if it isn't allowed.
-	@set_time_limit(1200);
-
 	// Error checking needs to go here ... if no subject and/or no message then skip 
 	// over the send and return to the form
-	$group_id = (isset($_POST['g'])) ? intval($_POST['g']) : 0;
-	$subject = (!empty($_POST['subject'])) ? stripslashes(trim($_POST['subject'])) : '';
-	$message = (!empty($_POST['message'])) ? stripslashes(trim($_POST['message'])) : '';
+	$group_id	= request_var('g', 0);
+	$usernames	= request_var('usernames', '');
+	$subject	= preg_replace('#&(\#[0-9]+;)#', '&\1', strtr(request_var('subject', ''), array_flip(get_html_translation_table(HTML_ENTITIES))));
+	$message	= preg_replace('#&(\#[0-9]+;)#', '&\1', strtr(request_var('message', ''), array_flip(get_html_translation_table(HTML_ENTITIES))));
+	$use_queue	= (isset($_POST['send_immediatly'])) ? false : true;
+	$priority	= request_var('mail_priority_flag', MAIL_NORMAL_PRIORITY);
+
+	// NOTE: Only temporary, i do not think this is a good idea for the final code, but i have to test this more than once. ;)
+	$log_session= (isset($_POST['log_session'])) ? true : false;
 
 	$error = array();
-	if ($subject == '')
+	if (!$subject)
 	{
 		$error[] = $user->lang['NO_EMAIL_SUBJECT'];
 	}
 
-	if ($message == '')
+	if (!$message)
 	{
 		$error[] = $user->lang['NO_EMAIL_MESSAGE'];
 	}
 
 	if (!sizeof($error))	
 	{
-		$sql = ($group_id) ? 'SELECT u.user_email, u.username, u.user_lang FROM ' . USERS_TABLE . ' u, ' . USER_GROUP_TABLE . " ug  WHERE ug.group_id = $group_id AND ug.user_pending <> 1 AND u.user_id = ug.user_id AND u.user_allow_massemail = 1" : 'SELECT user_email FROM ' . USERS_TABLE . ' WHERE user_allow_massemail = 1';
+		if ($usernames)
+		{
+			$usernames = implode(', ', preg_replace('#^[\s]*?(.*?)[\s]*?$#e', "\"'\" . \$db->sql_escape('\\1') . \"'\"", explode("\n", $usernames)));
+
+			$sql = 'SELECT username, user_email, user_jabber, user_notify_type, user_lang 
+				FROM ' . USERS_TABLE . " 
+				WHERE username IN ($usernames)
+					AND user_allow_massemail = 1
+				ORDER BY user_lang, user_notify_type, SUBSTRING(user_email FROM INSTR(user_email,'@'))";
+		}
+		else
+		{
+			$sql = ($group_id) ? 'SELECT u.user_email, u.username, u.user_lang, u.user_jabber, u.user_notify_type FROM ' . USERS_TABLE . ' u, ' . USER_GROUP_TABLE . " ug WHERE ug.group_id = $group_id AND ug.user_pending <> 1 AND u.user_id = ug.user_id AND u.user_allow_massemail = 1" : 'SELECT u.username, u.user_email, u.user_jabber, u.user_notify_type, u.user_lang FROM ' . USERS_TABLE . ' u WHERE u.user_allow_massemail = 1';
+
+			// TODO: different for other db servers?
+			$sql .= " ORDER BY u.user_lang, u.user_notify_type, SUBSTRING(u.user_email FROM INSTR(u.user_email,'@'))";
+		}
 		$result = $db->sql_query($sql);
 
 		if (!($row = $db->sql_fetchrow($result)))
@@ -76,62 +85,83 @@ if (isset($_POST['submit']))
 		}
 		$db->sql_freeresult($result);
 	
-		$i = 0;
+		$i = $j = 0;
+		// Send with BCC, no more than 50 recipients for one mail (to not exceed the limit)
+		$max_chunk_size = 50;
 		$email_list = array();
+		$old_lang = $row['user_lang'];
+		$old_notify_type = $row['user_notify_type'];
+
 		do
 		{
-			$email_list[$row['user_lang']][$i]['email'] = $row['user_email'];
-			$email_list[$row['user_lang']][$i]['name'] = $row['username'];
-			$i++;
+			if (($row['user_notify'] == NOTIFY_EMAIL && $row['user_email']) ||
+				($row['user_notify'] == NOTIFY_IM && $row['user_jabber']) ||
+				($row['user_notify'] == NOTIFY_BOTH && $row['user_email'] && $row['user_jabber']))
+			{
+				if ($i == $max_chunk_size || $row['user_lang'] != $old_lang || $row['user_notify_type'] != $old_notify_type)
+				{
+					$i = 0;
+					$j++;
+					$old_lang = $row['user_lang'];
+					$old_notify_type = $row['user_notify_type'];
+				}
+
+				$email_list[$j][$i]['lang']		= $row['user_lang'];
+				$email_list[$j][$i]['method']	= $row['user_notify_type'];
+				$email_list[$j][$i]['email']	= $row['user_email'];
+				$email_list[$j][$i]['name']		= $row['username'];
+				$email_list[$j][$i]['jabber']	= $row['user_jabber'];
+				$i++;
+			}
 		} 
 		while ($row = $db->sql_fetchrow($result));
 		$db->sql_freeresult($result);
 
+		// Send the messages
+		include_once($phpbb_root_path . 'includes/functions_messenger.'.$phpEx);
+		$messenger = new messenger($use_queue);
 
-		// Let's do some checking to make sure that mass mail functions are working in win32 versions of php.
-		if (preg_match('#^[c-z]:\\\#i', getenv('PATH')) && !$config['smtp_delivery'] && phpversion() < '4.3')
+		$errored = false;
+
+		for ($i = 0; $i < sizeof($email_list); $i++)
 		{
-			// We are running on windows, force delivery to use our smtp functions since
-			// php's are broken by default
-			$config['smtp_delivery'] = 1;
-			$config['smtp_host'] = @ini_get('SMTP');
-		}
+			$used_lang = $email_list[$i][0]['lang'];
+			$used_method = $email_list[$i][0]['method'];
 
-
-		include($phpbb_root_path . 'includes/emailer.'.$phpEx);
-		$emailer = new emailer(true);
-
-		$extra_headers = 'X-AntiAbuse: Board servername - ' . $config['server_name'] . "\n";
-		$extra_headers .= 'X-AntiAbuse: User_id - ' . $user->data['user_id'] . "\n";
-		$extra_headers .= 'X-AntiAbuse: Username - ' . $user->data['username'] . "\n";
-		$extra_headers .= 'X-AntiAbuse: User IP - ' . $user->ip . "\n";
-
-		foreach ($email_list as $lang => $to_ary)
-		{
-			foreach ($to_ary as $to)
+			for ($j = 0; $j < sizeof($email_list[$i]); $j++)
 			{
-				$emailer->template('admin_send_email', $lang);
+				$email_row = $email_list[$i][$j];
 
-				$emailer->subject($subject);
-				$emailer->headers($extra_headers);
+				$messenger->{((sizeof($email_list[$i]) == 1) ? 'to' : 'bcc')}($email_row['email'], $email_row['name']);
+				$messenger->im($email_row['jabber'], $email_row['name']);
+			}
 
-				$emailer->replyto($config['board_email']);
-				$emailer->to($to['email'], $to['name']);
+			$messenger->template('admin_send_email', $used_lang);
 
-				$emailer->assign_vars(array(
-					'SITENAME'		=> $config['sitename'],
-					'CONTACT_EMAIL' => $config['board_contact'],
-					'MESSAGE'		=> $message)
-				);
+			$messenger->headers('X-AntiAbuse: Board servername - ' . $config['server_name']);
+			$messenger->headers('X-AntiAbuse: User_id - ' . $user->data['user_id']);
+			$messenger->headers('X-AntiAbuse: Username - ' . $user->data['username']);
+			$messenger->headers('X-AntiAbuse: User IP - ' . $user->ip);
+			
+			$messenger->subject($subject);
+			$messenger->replyto($config['board_email']);
+			$messenger->set_mail_priority($priority);
 
-				$emailer->send();
-				$emailer->reset();
+			$messenger->assign_vars(array(
+				'SITENAME'		=> $config['sitename'],
+				'CONTACT_EMAIL' => $config['board_contact'],
+				'MESSAGE'		=> $message)
+			);
+	
+			if (!($messenger->send($used_method, $log_session)))
+			{
+				$errored = true;
 			}
 		}
-
-		$emailer->mail_queue->save();
 		unset($email_list);
 
+		$messenger->save_queue();
+
 		if ($group_id)
 		{
 			$sql = 'SELECT group_name 
@@ -151,7 +181,8 @@ if (isset($_POST['submit']))
 		}
 
 		add_log('admin', 'LOG_MASS_EMAIL', $group_name);
-		trigger_error($user->lang['EMAIL_SENT']);
+		$message = (!$errored) ? $user->lang['EMAIL_SENT'] : sprintf($user->lang['EMAIL_SEND_ERROR'], '<a href="admin_viewlogs.' . $phpEx . $SID . '&amp;mode=critical" class="gen">', '</a>');
+		trigger_error($message);
 	}
 }
 
@@ -173,6 +204,10 @@ if ($row = $db->sql_fetchrow($result))
 }
 $db->sql_freeresult($result);
 
+$s_priority_options = '<option value="' . MAIL_LOW_PRIORITY . '">' . $user->lang['MAIL_LOW_PRIORITY'] . '</option>';
+$s_priority_options .= '<option value="' . MAIL_NORMAL_PRIORITY . '" selected="selected">' . $user->lang['MAIL_NORMAL_PRIORITY'] . '</option>';
+$s_priority_options .= '<option value="' . MAIL_HIGH_PRIORITY . '">' . $user->lang['MAIL_HIGH_PRIORITY'] . '</option>';
+
 adm_page_header($user->lang['MASS_EMAIL']);
 
 ?>
@@ -181,7 +216,7 @@ adm_page_header($user->lang['MASS_EMAIL']);
 
 <p><?php echo $user->lang['MASS_EMAIL_EXPLAIN']; ?></p>
 
-<form method="post" action="admin_email.<?php echo $phpEx.$SID; ?>"><table class="bg" cellspacing="1" cellpadding="4" border="0" align="center">
+<form method="post" action="<?php echo "admin_email.$phpEx$SID"; ?>" name="email"><table class="bg" cellspacing="1" cellpadding="4" border="0" align="center">
 	<tr>
 		<th colspan="2"><?php echo $user->lang['COMPOSE']; ?></th>
 	</tr>
@@ -200,16 +235,32 @@ adm_page_header($user->lang['MASS_EMAIL']);
 
 ?>
 	<tr>
-		<td class="row1" align="right"><b><?php echo $user->lang['RECIPIENTS']; ?></b></td>
-		<td class="row2" align="left"><select name="g"><?php echo $select_list; ?></select></td>
+		<td class="row1" width="40%"><b><?php echo $user->lang['SEND_TO_GROUP']; ?>: </b></td>
+		<td class="row2"><select name="g"><?php echo $select_list; ?></select></td>
 	</tr>
 	<tr>
-		<td class="row1" align="right"><b><?php echo $user->lang['SUBJECT']; ?></b></td>
+		<td class="row1" valign="top"><b><?php echo $user->lang['SEND_TO_USERS']; ?>: </b><br /><span class="gensmall"><?php echo $user->lang['SEND_TO_USERS_EXPLAIN']; ?><br />[ <a href="" onclick="window.open('<?php echo "../memberlist.$phpEx$SID"; ?>&amp;mode=searchuser&amp;form=email&amp;field=usernames', '_phpbbsearch', 'HEIGHT=500,resizable=yes,scrollbars=yes,WIDTH=740');return false;"><?php echo $user->lang['FIND_USERNAME']; ?></a> ]</span></td>
+		<td class="row2" align="left"><textarea name="usernames" rows="5" cols="40"><?php echo $usernames; ?></textarea></td>
+	</tr>
+	<tr>
+		<td class="row1"><b><?php echo $user->lang['SUBJECT']; ?>: </b></td>
 		<td class="row2"><input class="post" type="text" name="subject" size="45" maxlength="100" tabindex="2" value="<?php echo $subject; ?>" /></td>
 	</tr>
 	<tr>
-		<td class="row1" align="right" valign="top"><span class="gen"><b><?php echo $user->lang['MESSAGE']; ?></b></span>
-		<td class="row2"><textarea class="post" name="message" rows="10" cols="76" wrap="virtual" tabindex="3"><?php echo $message; ?></textarea></td>
+		<td class="row1" valign="top"><span class="gen"><b><?php echo $user->lang['MASS_MESSAGE']; ?>: </b><br /><span class="gensmall"><?php echo $user->lang['MASS_MESSAGE_EXPLAIN']; ?></span></td>
+		<td class="row2"><textarea class="post" name="message" rows="10" cols="60" tabindex="3"><?php echo $message; ?></textarea></td>
+	</tr>
+	<tr>
+		<td class="row1"><b><?php echo $user->lang['MAIL_PRIORITY']; ?>: </b></td>
+		<td class="row2"><select name="mail_priority_flag"><?php echo $s_priority_options; ?></select></td>
+	</tr>
+	<tr>
+		<td class="row1"><b><?php echo $user->lang['SEND_IMMEDIATLY']; ?>: </b></td>
+		<td class="row2"><input type="checkbox" name="send_immediatly" class="text" checked="checked" /></td>
+	</tr>
+	<tr>
+		<td class="row1"><b><?php echo $user->lang['LOG_SESSION']; ?>: </b></td>
+		<td class="row2"><input type="checkbox" name="log_session" class="text" /></td>
 	</tr>
 	<tr>
 		<td class="cat" colspan="2" align="center"><input type="submit" value="<?php echo $user->lang['EMAIL']; ?>" name="submit" class="btnmain" /></td>

phpBB/adm/admin_jabber.php

@@ -0,0 +1,212 @@
+<?php
+/** 
+*
+* @package acp
+* @version $Id$
+* @copyright (c) 2005 phpBB Group 
+* @license http://opensource.org/licenses/gpl-license.php GNU Public License 
+*
+* @todo Check/enter/update transport info
+*/
+
+/**
+*/
+if (!empty($setmodules))
+{
+	if (!$auth->acl_get('a_server'))
+	{
+		return;
+	}
+
+	$module['GENERAL']['IM'] = basename(__FILE__) . $SID;
+
+	return;
+}
+
+define('IN_PHPBB', 1);
+// Include files
+$phpbb_root_path = '../';
+$phpEx = substr(strrchr(__FILE__, '.'), 1);
+require('pagestart.' . $phpEx);
+include($phpbb_root_path . 'includes/functions_jabber.'.$phpEx);
+
+// Do we have general permissions?
+if (!$auth->acl_get('a_server'))
+{
+	trigger_error($user->lang['NO_ADMIN']);
+}
+
+// Grab some basic parameters
+$submit = (isset($_POST['submit'])) ? true : false;
+
+$jab_enable		= request_var('jab_enable', $config['jab_enable']);
+$jab_host		= request_var('jab_host', $config['jab_host']);
+$jab_port		= request_var('jab_port', $config['jab_port']);
+$jab_username	= request_var('jab_username', $config['jab_username']);
+$jab_password	= request_var('jab_password', $config['jab_password']);
+$jab_resource	= request_var('jab_resource', $config['jab_resource']);
+
+$jabber = new jabber();
+$error = array();
+
+// Setup the basis vars for jabber connection
+$jabber->server		= $jab_host;
+$jabber->port		= ($jab_port) ? $jab_port : 5222;
+$jabber->username	= $jab_username;
+$jabber->password	= $jab_password;
+$jabber->resource	= $jab_resource;
+
+// Are changing (or initialising) a new host or username? If so run some checks and 
+// try to create account if it doesn't exist
+if ($jab_enable)
+{
+	if ($jab_host != $config['jab_host'] || $jab_username != $config['jab_username'])
+	{
+		if (!$jabber->Connect())
+		{
+			trigger_error('Could not connect to Jabber server', E_USER_ERROR);
+		}
+
+		// First we'll try to authorise using this account, if that fails we'll
+		// try to create it.
+		if (!($result = $jabber->SendAuth()))
+		{
+			if (($result = $jabber->AccountRegistration($config['board_email'], $config['sitename'])) <> 2)
+			{
+
+				$error[] = ($result == 1) ? $user->lang['ERR_JAB_USERNAME'] : sprintf($user->lang['ERR_JAB_REGISTER'], $result);
+			}
+			else
+			{
+				$message = $user->lang['JAB_REGISTERED'];
+				$log = 'JAB_REGISTER';
+			}
+		}
+		else
+		{
+			$message = $user->lang['JAB_CHANGED'];
+			$log = 'JAB_CHANGED';
+		}
+
+		sleep(1);
+		$jabber->Disconnect();
+	}
+	else if ($jab_password != $config['jab_password'])
+	{
+		if (!$jabber->Connect())
+		{
+			trigger_error('Could not connect to Jabber server', E_USER_ERROR);
+		}
+
+		if (!$jabber->SendAuth())
+		{
+			trigger_error('Could not authorise on Jabber server', E_USER_ERROR);
+		}
+		$jabber->SendPresence(NULL, NULL, 'online');
+
+		if (($result = $jabber->ChangePassword($jab_password))  <> 2)
+		{
+			$error[] = ($result == 1) ? $user->lang['ERR_JAB_PASSCHG'] : sprintf($user->lang['ERR_JAB_PASSFAIL'], $result);
+		}
+		else
+		{
+			$message = $user->lang['JAB_PASS_CHANGED'];
+			$log = 'JAB_PASSCHG';
+		}
+
+		sleep(1);
+		$jabber->Disconnect();
+	}
+}
+
+// Pull relevant config data
+$sql = 'SELECT *
+	FROM ' . CONFIG_TABLE . "
+	WHERE config_name LIKE 'jab_%'";
+$result = $db->sql_query($sql);
+
+while ($row = $db->sql_fetchrow($result))
+{
+	$config_name = $row['config_name'];
+	$config_value = $row['config_value'];
+
+	$default_config[$config_name] = $config_value;
+	$new[$config_name] = (isset($_POST[$config_name])) ? request_var($config_name, '') : $default_config[$config_name];
+
+	if ($submit && !sizeof($error))
+	{
+		set_config($config_name, $new[$config_name]);
+	}
+}
+
+if ($submit && !sizeof($error))
+{
+	add_log('admin', 'LOG_' . $log);
+	trigger_error($message);
+}
+
+
+
+// Output the page
+adm_page_header($user->lang['IM']);
+
+$jab_enable_yes		= ($new['jab_enable']) ? 'checked="checked"' : '';
+$jab_enable_no		= (!$new['jab_enable']) ? 'checked="checked"' : '';
+
+?>
+<h1><?php echo $user->lang['IM']; ?></h1>
+
+<p><?php echo $user->lang['IM_EXPLAIN']; ?></p>
+
+<form method="post" action="<?php echo "admin_jabber.$phpEx$SID"; ?>"><table class="bg" width="95%" cellspacing="1" cellpadding="4" border="0" align="center">
+	<tr>
+		<th colspan="2"><?php echo $user->lang['IM']; ?></th>
+	</tr>
+<?php
+
+	if (sizeof($error))
+	{
+
+?>
+	<tr>
+		<td class="row3" colspan="2" align="center"><span style="color:red"><?php echo implode('<br />', $error); ?></td>
+	</tr>
+<?php
+
+	}
+
+?>
+	<tr>
+		<td class="row1" width="40%"><b><?php echo $user->lang['JAB_ENABLE']; ?>: </b><br /><span class="gensmall"><?php echo $user->lang['JAB_ENABLE_EXPLAIN']; ?></span></td>
+		<td class="row2"><input type="radio" name="jab_enable" value="1"<?php echo $jab_enable_yes; ?> /><?php echo $user->lang['ENABLED']; ?>&nbsp; &nbsp;<input type="radio" name="jab_enable" value="0"<?php echo $jab_enable_no; ?> /><?php echo $user->lang['DISABLED']; ?></td>
+	</tr>
+	<tr>
+		<td class="row1" width="40%"><b><?php echo $user->lang['JAB_SERVER']; ?>: </b><br /><span class="gensmall"><?php echo sprintf($user->lang['JAB_SERVER_EXPLAIN'], '<a href="http://www.jabber.org/user/publicservers.php" target="_blank">', '</a>'); ?></span></td>
+		<td class="row2"><input class="post" type="text" name="jab_host" value="<?php echo $new['jab_host']; ?>" /></td>
+	</tr>
+	<tr>
+		<td class="row1" width="40%"><b><?php echo $user->lang['JAB_PORT']; ?>: </b><br /><span class="gensmall"><?php echo $user->lang['JAB_PORT_EXPLAIN']; ?></span></td>
+		<td class="row2"><input class="post" type="text" name="jab_port" value="<?php echo $new['jab_port']; ?>" /></td>
+	</tr>
+	<tr>
+		<td class="row1"><b><?php echo $user->lang['JAB_USERNAME']; ?>: </b><br /><span class="gensmall"><?php echo $user->lang['JAB_USERNAME_EXPLAIN']; ?></span></td>
+		<td class="row2"><input class="post" type="text" name="jab_username" value="<?php echo $new['jab_username']; ?>" /></td>
+	</tr>
+	<tr>
+		<td class="row1"><b><?php echo $user->lang['JAB_PASSWORD']; ?>: </b></td>
+		<td class="row2"><input class="post" type="text" name="jab_password" value="<?php echo $new['jab_password']; ?>" /></td>
+	</tr>
+	<tr>
+		<td class="row1"><b><?php echo $user->lang['JAB_RESOURCE']; ?>: </b><br /><span class="gensmall"><?php echo $user->lang['JAB_RESOURCE_EXPLAIN']; ?></span></td>
+		<td class="row2"><input class="post" type="text" name="jab_resource" value="<?php echo $new['jab_resource']; ?>" /></td>
+	</tr>
+	<tr>
+		<td class="cat" colspan="2" align="center"><input class="btnmain" type="submit" name="submit" value="<?php echo $user->lang['SUBMIT']; ?>" />&nbsp;&nbsp;<input class="btnlite" type="reset" value="<?php echo $user->lang['RESET']; ?>" /></td>
+	</tr>
+</table></form>
+
+<?php
+
+	adm_page_footer();
+
+?>

phpBB/adm/admin_permissions.php

@@ -1,33 +1,24 @@
 <?php
-/***************************************************************************
- *                           admin_permissions.php
- *                            -------------------
- *   begin                : Saturday, Feb 13, 2001
- *   copyright            : <20> 2001 The phpBB Group
- *   email                : support@phpbb.com
- *
- *   $Id$
- *
- ***************************************************************************/
-
-/***************************************************************************
- *
- *   This program is free software; you can redistribute it and/or modify
- *   it under the terms of the GNU General Public License as published by
- *   the Free Software Foundation; either version 2 of the License, or
- *   (at your option) any later version.
- *
- ***************************************************************************/
+/** 
+*
+* @package acp
+* @version $Id$
+* @copyright (c) 2005 phpBB Group 
+* @license http://opensource.org/licenses/gpl-license.php GNU Public License 
+*
+*/
 
+/**
+*/
 if (!empty($setmodules))
 {
 	$filename = basename(__FILE__);
-	$module['FORUM']['PERMISSIONS'] = ($auth->acl_get('a_auth')) ? $filename . $SID . '&amp;mode=forum' : '';
-	$module['FORUM']['MODERATORS'] = ($auth->acl_get('a_authmods')) ? $filename . $SID . '&amp;mode=mod' : '';
-	$module['FORUM']['SUPER_MODERATORS'] = ($auth->acl_get('a_authmods')) ? $filename . $SID . '&amp;mode=supermod' : '';
-	$module['FORUM']['ADMINISTRATORS'] = ($auth->acl_get('a_authadmins')) ? $filename . $SID . '&amp;mode=admin' : '';
-	$module['USER']['PERMISSIONS'] = ($auth->acl_get('a_authusers')) ? $filename . $SID . '&amp;mode=user' : '';
-	$module['GROUP']['PERMISSIONS'] = ($auth->acl_get('a_authgroups')) ? $filename . $SID . '&amp;mode=group' : '';
+	$module['PERM']['PERMISSIONS'] = ($auth->acl_get('a_auth')) ? "$filename$SID&amp;mode=forum" : '';
+	$module['PERM']['MODERATORS'] = ($auth->acl_get('a_authmods')) ? "$filename$SID&amp;mode=mod" : '';
+	$module['PERM']['SUPER_MODERATORS'] = ($auth->acl_get('a_authmods')) ? "$filename$SID&amp;mode=supermod" : '';
+	$module['PERM']['ADMINISTRATORS'] = ($auth->acl_get('a_authadmins')) ? "$filename$SID&amp;mode=admin" : '';
+	$module['PERM']['USER_PERMS'] = ($auth->acl_get('a_authusers')) ? "$filename$SID&amp;mode=user" : '';
+	$module['PERM']['GROUP_PERMS'] = ($auth->acl_get('a_authgroups')) ? "$filename$SID&amp;mode=group" : '';
 
 	return;
 }
@@ -35,7 +26,7 @@ if (!empty($setmodules))
 define('IN_PHPBB', 1);
 // Include files
 $phpbb_root_path = '../';
-require($phpbb_root_path . 'extension.inc');
+$phpEx = substr(strrchr(__FILE__, '.'), 1);
 require('pagestart.' . $phpEx);
 
 
@@ -233,11 +224,17 @@ switch ($submit)
 
 			// Do we need to recache the moderator lists? We do if the mode
 			// was mod or auth_settings['mod'] is a non-zero size array
-			if ($mode == 'mod' || sizeof($auth_settings['mod']))
+			if ($mode == 'mod' || (isset($auth_settings['mod']) && sizeof($auth_settings['mod'])))
 			{
 				cache_moderators();
 			}
 
+			// Remove users who are now moderators or admins from everyones foes
+			// list
+			if ($mode == 'mod' || (isset($auth_settings['mod']) && sizeof($auth_settings['mod'])) || $mode == 'admin' || (isset($auth_settings['admin']) && sizeof($auth_settings['admin'])))
+			{
+				update_foes();
+			}
 
 			// Logging ... first grab user or groupnames ...
 			$sql = ($ug_type == 'group') ? 'SELECT group_name as name, group_type FROM ' . GROUPS_TABLE . ' WHERE group_id' : 'SELECT username as name FROM ' . USERS_TABLE . ' WHERE user_id';
@@ -297,7 +294,7 @@ switch ($submit)
 			{
 				$option_id_ary[] = $row['auth_option_id'];
 			}
-			while($row = $db->sql_fetchrow($result));
+			while ($row = $db->sql_fetchrow($result));
 
 			foreach ($ug_data as $id)
 			{
@@ -310,7 +307,7 @@ switch ($submit)
 
 		// Do we need to recache the moderator lists? We do if the mode
 		// was mod or auth_settings['mod'] is a non-zero size array
-		if ($mode == 'mod' || sizeof($auth_settings['mod']))
+		if ($mode == 'mod' || (isset($auth_settings['mod']) && sizeof($auth_settings['mod'])))
 		{
 			cache_moderators();
 		}
@@ -357,7 +354,7 @@ switch ($submit)
 	case 'presetsave':
 
 		$holding_ary = array();
-		foreach ($auth_settings as $option => $setting)
+		foreach ($auth_settings[$which_mode] as $option => $setting)
 		{
 			switch ($setting)
 			{
@@ -708,7 +705,23 @@ if (in_array($submit, array('add_options', 'edit_options', 'presetsave', 'preset
 			$sql = 'SELECT user_id AS id, username AS name 
 				FROM ' . USERS_TABLE . ' 
 				WHERE ';
-			$sql .= ($submit == 'add_options') ? ' username IN (' . implode(', ', array_unique(preg_replace('#^[\s]*?(.*?)[\s]*?$#', "'\\1'", explode("\n", $ug_data[0])))) . ')' : ' user_id ' . ((is_array($ug_data)) ? 'IN (' . implode(', ', $ug_data) . ')' : '= ' . $ug_data);
+			
+			if ($submit == 'add_options')
+			{
+				$_ug_data = explode("\r\n", $ug_data[0]);
+				
+				$_u_sql = '';
+				foreach ($_ug_data as $_u_name)
+				{
+					$_u_sql .= (($_u_sql) ? ', ' : '') . "'" . $db->sql_escape($_u_name) . "'";
+				}
+				$sql .= ' username IN (' . $_u_sql . ')';
+			}
+			else
+			{
+				$sql .= ' user_id ' . ((is_array($ug_data)) ? 'IN (' . implode(', ', $ug_data) . ')' : '= ' . $ug_data);
+			}
+			
 			break;
 
 		case 'group':
@@ -740,7 +753,7 @@ if (in_array($submit, array('add_options', 'edit_options', 'presetsave', 'preset
 
 	// Grab the list of options ... if we're in deps mode we want all options, 
 	// else we skip the master options
-	$sql_founder = ($user->data['user_founder']) ? ' AND founder_only <> 1' : '';
+	$sql_founder = ($user->data['user_type'] == USER_FOUNDER) ? ' AND founder_only <> 1' : '';
 	$sql_limit_option = ($mode == 'deps') ? '' : "AND auth_option <> '" . $sql_option_mode . "_'";
 	$sql = "SELECT auth_option_id, auth_option
 		FROM " . ACL_OPTIONS_TABLE . "
@@ -762,6 +775,7 @@ if (in_array($submit, array('add_options', 'edit_options', 'presetsave', 'preset
 	// Now we'll build a list of preset options ...
 	$preset_options = $preset_js = $preset_update_options = '';
 	$holding = array();
+	$holding['allow'] = $holding['deny'] = $holding['inherit'] = '';
 
 	// Do we have a parent forum? If so offer option to inherit from that
 	if ($forum_data['parent_id'] != 0)
@@ -820,8 +834,8 @@ if (in_array($submit, array('add_options', 'edit_options', 'presetsave', 'preset
 			$preset_update_options .= '<option value="' . $row['preset_id'] . '">' . $row['preset_name'] . '</option>';
 			$preset_options .= '<option value="preset_' . $row['preset_id'] . '">' . $row['preset_name'] . '</option>';
 
-			$preset_data = unserialize($row['preset_data']);
-			
+			$preset_data = unserialize(stripslashes($row['preset_data']));
+
 			foreach ($preset_data as $preset_type => $preset_type_ary)
 			{
 				$holding[$preset_type] = '';
@@ -832,7 +846,7 @@ if (in_array($submit, array('add_options', 'edit_options', 'presetsave', 'preset
 			}
 
 			$preset_js .= "\tpresets['preset_" . $row['preset_id'] . "'] = new Array();" . "\n";
-			$preset_js .= "\tpresets['preset_" . $row['preset_id'] . "'] = new preset_obj('" . $holding['yes'] . "', '" . $holding['no'] . "', '" . $holding['unset'] . "');\n";
+			$preset_js .= "\tpresets['preset_" . $row['preset_id'] . "'] = new preset_obj('" . $holding['yes'] . "', '" . $holding['no'] . "', '" . $holding['inherit'] . "');\n";
 		}
 		while ($row = $db->sql_fetchrow($result));
 	}
@@ -843,7 +857,7 @@ if (in_array($submit, array('add_options', 'edit_options', 'presetsave', 'preset
 
 	// If we aren't looking @ deps then we try and grab existing sessions for
 	// the given forum and user/group
-	if (empty($auth_settings[$which_mode]))
+	if (!is_array($auth_settings) || empty($auth_settings[$which_mode]))
 	{
 		if ($which_mode == $mode)
 		{
@@ -1143,7 +1157,8 @@ if (in_array($submit, array('add_options', 'edit_options', 'presetsave', 'preset
 			</tr>
 <?php
 
-	for($i = 0; $i < sizeof($auth_options); $i++)
+	$row_class = 'row2';
+	for ($i = 0; $i < sizeof($auth_options); $i++)
 	{
 		$row_class = ($row_class == 'row1') ? 'row2' : 'row1';
 
@@ -1314,4 +1329,32 @@ if (in_array($submit, array('add_options', 'edit_options', 'presetsave', 'preset
 // Output page footer
 adm_page_footer();
 
+// ---------
+// FUNCTIONS
+//
+function update_foes()
+{
+	global $db, $auth;
+
+	$perms = array();
+	foreach ($auth->acl_get_list(false, array('a_', 'm_'), false) as $forum_id => $forum_ary)
+	{
+		foreach ($forum_ary as $auth_option => $user_ary)
+		{
+			$perms += $user_ary;
+		}
+	}
+
+	if (sizeof($perms))
+	{
+		$sql = 'DELETE FROM ' . ZEBRA_TABLE . ' 
+			WHERE zebra_id IN (' . implode(', ', $perms) . ')';
+		$db->sql_query($sql);
+	}
+	unset($perms);
+}
+//
+// FUNCTIONS
+// ---------
+
 ?>

phpBB/adm/admin_phpinfo.php

@@ -1,24 +1,15 @@
 <?php
-/***************************************************************************
- *                              admin_board.php
- *                            -------------------
- *   begin                : Thursday, Jul 12, 2001
- *   copyright            : (C) 2001 The phpBB Group
- *   email                : support@phpbb.com
- *
- *   $Id$
- *
- ***************************************************************************/
-
-/***************************************************************************
- *
- *   This program is free software; you can redistribute it and/or modify
- *   it under the terms of the GNU General Public License as published by
- *   the Free Software Foundation; either version 2 of the License, or
- *   (at your option) any later version.
- *
- ***************************************************************************/
+/** 
+*
+* @package acp
+* @version $Id$
+* @copyright (c) 2005 phpBB Group 
+* @license http://opensource.org/licenses/gpl-license.php GNU Public License 
+*
+*/
 
+/**
+*/
 if (!empty($setmodules))
 {
 	$module['GENERAL']['PHP_INFO'] = ($auth->acl_get('a_server')) ? basename(__FILE__) . $SID : '';
@@ -28,7 +19,7 @@ if (!empty($setmodules))
 define('IN_PHPBB', 1);
 // Load default header
 $phpbb_root_path = '../';
-require($phpbb_root_path . 'extension.inc');
+$phpEx = substr(strrchr(__FILE__, '.'), 1);
 require('pagestart.' . $phpEx);
 
 

phpBB/adm/admin_prune.php

@@ -1,24 +1,15 @@
 <?php
-/***************************************************************************
-*                                admin_prune.php
-*                              -------------------
-*     begin                : Mon Jul 31, 2001
-*     copyright            : (C) 2001 The phpBB Group
-*     email                : support@phpbb.com
+/** 
 *
-*     $Id$
+* @package acp
+* @version $Id$
+* @copyright (c) 2005 phpBB Group 
+* @license http://opensource.org/licenses/gpl-license.php GNU Public License 
 *
-****************************************************************************/
-
-/***************************************************************************
- *
- *   This program is free software; you can redistribute it and/or modify
- *   it under the terms of the GNU General Public License as published by
- *   the Free Software Foundation; either version 2 of the License, or
- *   (at your option) any later version.
- *
- ***************************************************************************/
+*/
 
+/**
+*/
 if (!empty($setmodules))
 {
 	if (!$auth->acl_get('a_prune'))
@@ -34,7 +25,7 @@ if (!empty($setmodules))
 define('IN_PHPBB', 1);
 // Include files
 $phpbb_root_path = '../';
-require($phpbb_root_path . 'extension.inc');
+$phpEx = substr(strrchr(__FILE__, '.'), 1);
 require('pagestart.' . $phpEx);
 
 // Do we have permission?
@@ -44,19 +35,23 @@ if (!$auth->acl_get('a_prune'))
 }
 
 // Get the forum ID for pruning
-$forum_id = (isset($_REQUEST['f'])) ? array_map('intval', $_REQUEST['f']) : 0;
+$forum_id = (isset($_REQUEST['f'])) ? array_map('intval', $_REQUEST['f']) : array();
 
 // Check for submit to be equal to Prune. If so then proceed with the pruning.
 if (isset($_POST['submit']))
 {
-	$prunedays = (isset($_POST['prunedays'])) ? intval($_POST['prunedays']) : 0;
+	$prune_posted = (isset($_POST['prune_days'])) ? intval($_POST['prune_days']) : 0;
+	$prune_viewed = (isset($_POST['prune_vieweddays'])) ? intval($_POST['prune_vieweddays']) : 0;
+	$prune_all = !$prune_posted && !$prune_viewed;
+	
 	$prune_flags = 0;
 	$prune_flags += (!empty($_POST['prune_old_polls'])) ? 2 : 0;
 	$prune_flags += (!empty($_POST['prune_announce'])) ? 4 : 0;
 	$prune_flags += (!empty($_POST['prune_sticky'])) ? 8 : 0;
 
 	// Convert days to seconds for timestamp functions...
-	$prunedate = time() - ($prunedays * 86400);
+	$prunedate_posted = time() - ($prune_posted * 86400);
+	$prunedate_viewed = time() - ($prune_viewed * 86400);
 
 	adm_page_header($user->lang['PRUNE']);
 
@@ -74,7 +69,7 @@ if (isset($_POST['submit']))
 	</tr>
 <?php
 
-	$sql_forum = ($forum_id) ? ' AND forum_id IN (' . implode(', ', $forum_id) . ')' : '';
+	$sql_forum = (sizeof($forum_id)) ? ' AND forum_id IN (' . implode(', ', $forum_id) . ')' : '';
 
 	// Get a list of forum's or the data for the forum that we are pruning.
 	$sql = 'SELECT forum_id, forum_name 
@@ -87,12 +82,34 @@ if (isset($_POST['submit']))
 	if ($row = $db->sql_fetchrow($result))
 	{
 		$prune_ids = array();
+		$p_result['topics'] = 0;
+		$p_result['posts'] = 0;
 		$log_data = '';
 		do
 		{
 			if ($auth->acl_get('f_list', $row['forum_id']))
 			{
-				$p_result = prune($row['forum_id'], $prunedate, $prune_flags, FALSE);
+				if ($prune_all)
+				{
+					$p_result = prune($row['forum_id'], 'posted', time(), $prune_flags, false);
+				}
+				else
+				{
+					if ($prune_posted)
+					{
+						$return = prune($row['forum_id'], 'posted', $prunedate_posted, $prune_flags, false);
+						$p_result['topics'] += $return['topics'];
+						$p_result['posts'] += $return['posts'];
+					}
+					if ($prune_viewed)
+					{
+						$return = prune($row['forum_id'], 'viewed', $prunedate_viewed, $prune_flags, false);
+						$p_result['topics'] += $return['topics'];
+						$p_result['posts'] += $return['posts'];
+					}
+				}
+
+				
 				$prune_ids[] = $row['forum_id'];
 
 				$row_class = ($row_class == 'row1') ? 'row2' : 'row1';
@@ -207,6 +224,10 @@ else
 		<td class="row1"><?php echo $user->lang['PRUNE_NOT_POSTED']; ?></td>
 		<td class="row2"><input type="text" name="prune_days" size="4" /></td>
 	</tr>
+	<tr>
+		<td class="row1"><?php echo $user->lang['PRUNE_NOT_VIEWED']; ?></td>
+		<td class="row2"><input type="text" name="prune_vieweddays" size="4" /></td>
+	</tr>
 	<tr>
 		<td class="row1"><?php echo $user->lang['PRUNE_OLD_POLLS'] ?>: <br /><span class="gensmall"><?php echo $user->lang['PRUNE_OLD_POLLS_EXPLAIN']; ?></span></td>
 		<td class="row2"><input type="radio" name="prune_old_polls" value="1" /> <?php echo $user->lang['YES']; ?> &nbsp; <input type="radio" name="prune_old_polls" value="0" checked="checked" /> <?php echo $user->lang['NO']; ?></td>
@@ -220,7 +241,7 @@ else
 		<td class="row2"><input type="radio" name="prune_sticky" value="1" /> <?php echo $user->lang['YES']; ?> &nbsp; <input type="radio" name="prune_sticky" value="0" checked="checked" /> <?php echo $user->lang['NO']; ?></td>
 	</tr>
 	<tr>
-		<td class="cat" colspan="2" align="center"><input type="submit" name="submit" value="<?php echo $user->lang['SUBMIT']; ?>" class="btnmain"></td>
+		<td class="cat" colspan="2" align="center"><?php echo $s_hidden_fields; ?><input type="submit" name="submit" value="<?php echo $user->lang['SUBMIT']; ?>" class="btnmain"></td>
 	</tr>
 </table></form>
 

phpBB/adm/admin_prune_users.php

@@ -1,24 +1,15 @@
 <?php
-/***************************************************************************
- *                           admin_prune_users.php
- *                            -------------------
- *   begin                : Saturday, Feb 13, 2001
- *   copyright            : (C) 2001 The phpBB Group
- *   email                : support@phpbb.com
- *
- *   $Id$
- *
- ***************************************************************************/
-
-/***************************************************************************
- *
- *   This program is free software; you can redistribute it and/or modify
- *   it under the terms of the GNU General Public License as published by
- *   the Free Software Foundation; either version 2 of the License, or
- *   (at your option) any later version.
- *
- ***************************************************************************/
+/** 
+*
+* @package acp
+* @version $Id$
+* @copyright (c) 2005 phpBB Group 
+* @license http://opensource.org/licenses/gpl-license.php GNU Public License 
+*
+*/
 
+/**
+*/
 if (!empty($setmodules))
 {
 	if (!$auth->acl_get('a_userdel'))
@@ -34,7 +25,7 @@ if (!empty($setmodules))
 define('IN_PHPBB', 1);
 // Include files
 $phpbb_root_path = '../';
-require($phpbb_root_path . 'extension.inc');
+$phpEx = substr(strrchr(__FILE__, '.'), 1);
 require('pagestart.' . $phpEx);
 
 // Do we have forum admin permissions?

phpBB/adm/admin_ranks.php

@@ -1,24 +1,15 @@
 <?php
-/***************************************************************************
- *                              admin_ranks.php
- *                            -------------------
- *   begin                : Thursday, Jul 12, 2001
- *   copyright            : (C) 2001 The phpBB Group
- *   email                : support@phpbb.com
- *
- *   $Id$
- *
- ***************************************************************************/
-
-/***************************************************************************
- *
- *   This program is free software; you can redistribute it and/or modify
- *   it under the terms of the GNU General Public License as published by
- *   the Free Software Foundation; either version 2 of the License, or
- *   (at your option) any later version.
- *
- ***************************************************************************/
+/** 
+*
+* @package acp
+* @version $Id$
+* @copyright (c) 2005 phpBB Group 
+* @license http://opensource.org/licenses/gpl-license.php GNU Public License 
+*
+*/
 
+/**
+*/
 if (!empty($setmodules))
 {
 	if (!$auth->acl_get('a_ranks'))
@@ -33,7 +24,7 @@ if (!empty($setmodules))
 define('IN_PHPBB', 1);
 // Let's set the root dir for phpBB
 $phpbb_root_path = '../';
-require($phpbb_root_path . 'extension.inc');
+$phpEx = substr(strrchr(__FILE__, '.'), 1);
 require('pagestart.' . $phpEx);
 
 // Do we have permission?

phpBB/adm/admin_search.php

@@ -1,24 +1,15 @@
 <?php
-/***************************************************************************
- *                             admin_search.php
- *                            -------------------
- *   begin                : Saturday, Feb 13, 2001
- *   copyright            : (C) 2001 The phpBB Group
- *   email                : support@phpbb.com
- *
- *   $Id$
- *
- ***************************************************************************/
-
-/***************************************************************************
- *
- *   This program is free software; you can redistribute it and/or modify
- *   it under the terms of the GNU General Public License as published by
- *   the Free Software Foundation; either version 2 of the License, or
- *   (at your option) any later version.
- *
- ***************************************************************************/
+/** 
+*
+* @package acp
+* @version $Id$
+* @copyright (c) 2005 phpBB Group 
+* @license http://opensource.org/licenses/gpl-license.php GNU Public License 
+*
+*/
 
+/**
+*/
 if (!empty($setmodules))
 {
 	if (!$auth->acl_get('a_search'))
@@ -34,9 +25,9 @@ if (!empty($setmodules))
 define('IN_PHPBB', 1);
 // Include files
 $phpbb_root_path = '../';
-require($phpbb_root_path . 'extension.inc');
+$phpEx = substr(strrchr(__FILE__, '.'), 1);
 require('pagestart.' . $phpEx);
-include($phpbb_root_path . 'includes/functions_posting.'.$phpEx);
+include($phpbb_root_path . 'includes/message_parser.'.$phpEx);
 
 // Check permissions
 if (!$auth->acl_get('a_search'))
@@ -47,11 +38,12 @@ if (!$auth->acl_get('a_search'))
 // Start indexing
 if (isset($_POST['start']) || isset($_GET['batchstart']))
 {
-	$batchsize = 200; // Process this many posts per batch
-	$batchstart = (!isset($_GET['batchstart'])) ? $row['min_post_id'] : $_GET['batchstart'];
-	$batchcount = (!isset($_GET['batchcount'])) ? 1 : $_GET['batchcount'];
+	$batchsize = 5000; // Process this many posts per batch
+	$batchcount = request_var('batchcount', 1);
+	$batchstart = request_var('batchstart', 0);
 	$loopcount = 0;
-	$batchend = $batchstart + $batchsize;
+
+	$fulltext = new fulltext_search();
 
 	// Search re-indexing is tough on the server ... so we'll check the load
 	// each loop and if we're on a 1min load of 3 or more we'll re-load the page
@@ -64,39 +56,12 @@ if (isset($_POST['start']) || isset($_GET['batchstart']))
 
 			if ($load > 3)
 			{
-				redirect("admin_search.$phpEx$SID&batchstart=$batchstart&batchcount=$batch_count");
+				redirect("adm/admin_search.$phpEx$SID&batchstart=$batchstart&batchcount=$batchcount", 3);
 			}
 		}
 	}
 
-	// Try and load stopword and synonym files
-	$stopword_array = array();
-	$synonym_array = array();
-
-	$dir = opendir($phpbb_root_path . 'language/');
-	while ($file = readdir($dir))
-	{
-		if (preg_match('#^lang_#', $file) && !is_file($phpbb_root_path . 'language/' . $file) && !is_link($phpbb_root_path . 'language/' . $file))
-		{
-			unset($tmp_array);
-			$tmp_array = @file($phpbb_root_path . 'language/' . $file . '/search_stopwords.txt');
-			if (is_array($tmp_array))
-			{
-				$stopword_array = array_unique(array_merge($stopword_array, $tmp_array));
-			}
-
-			unset($tmp_array);
-			$tmp_array = @file($phpbb_root_path . 'language/' . $file . '/search_synonyms.txt');
-			if (is_array($tmp_array))
-			{
-				$synonym_array = array_unique(array_merge($synonym_array, $tmp_array));
-			}
-		}
-	}
-
-	closedir($dir);
-
-	if (!isset($_GET['batchstart']))
+	if (!$batchstart)
 	{
 		// Take board offline
 		set_config('board_disable', 1);
@@ -109,17 +74,20 @@ if (isset($_POST['start']) || isset($_GET['batchstart']))
 
 	// Fetch a batch of posts_text entries
 	$sql = "SELECT COUNT(*) AS total, MAX(post_id) AS max_post_id, MIN(post_id) AS min_post_id
-		FROM " . POSTS_TEXT_TABLE;
+		FROM " . POSTS_TABLE;
 	$result = $db->sql_query($sql);
 
 	$row = $db->sql_fetchrow($result);
 	$totalposts = $row['total'];
 	$max_post_id = $row['max_post_id'];
 
+	$batchstart = (!$batchstart) ? $row['min_post_id'] : $batchstart;
+	$batchend = $batchstart + $batchsize;
+
 	$db->sql_freeresult($result);
 
 	$sql = "SELECT *
-		FROM " . POSTS_TEXT_TABLE . "
+		FROM " . POSTS_TABLE . "
 		WHERE post_id
 			BETWEEN $batchstart
 				AND $batchend";
@@ -129,151 +97,26 @@ if (isset($_POST['start']) || isset($_GET['batchstart']))
 	{
 		do
 		{
-			$post_id = $row['post_id'];
-
-			$search_raw_words = array();
-			$search_raw_words['text'] = split_words(clean_words('post', $row['post_text'], $stopword_array, $synonym_array));
-			$search_raw_words['title'] = split_words(clean_words('post', $row['post_subject'], $stopword_array, $synonym_array));
-
-			$word = array();
-			$word_insert_sql = array();
-			foreach ($search_raw_words as $word_in => $search_matches)
-			{
-				$word_insert_sql[$word_in] = '';
-				if (!empty($search_matches))
-				{
-					for ($i = 0; $i < count($search_matches); $i++)
-					{
-						$search_matches[$i] = trim($search_matches[$i]);
-
-						if ($search_matches[$i] != '')
-						{
-							$word[] = $search_matches[$i];
-							$word_insert_sql[$word_in] .= ($word_insert_sql[$word_in] != '') ? ", '" . $search_matches[$i] . "'" : "'" . $search_matches[$i] . "'";
-						}
-					}
-				}
-			}
-
-			if (count($word))
-			{
-				$word_text_sql = '';
-				$word = array_unique($word);
-
-				for($i = 0; $i < count($word); $i++)
-				{
-					$word_text_sql .= (($word_text_sql != '') ? ', ' : '') . "'" . $word[$i] . "'";
-				}
-
-				$check_words = array();
-				switch(SQL_LAYER)
-				{
-					case 'postgresql':
-					case 'msaccess':
-					case 'mssql-odbc':
-					case 'oracle':
-					case 'db2':
-						$sql = "SELECT word_id, word_text
-							FROM " . SEARCH_WORD_TABLE . "
-							WHERE word_text IN ($word_text_sql)";
-						$result = $db->sql_query($sql);
-
-						while ($row = $db->sql_fetchrow($result))
-						{
-							$check_words[$row['word_text']] = $row['word_id'];
-						}
-						break;
-				}
-
-				$value_sql = '';
-				$match_word = array();
-				for ($i = 0; $i < count($word); $i++)
-				{
-					$new_match = true;
-					if (isset($check_words[$word[$i]]))
-					{
-						$new_match = false;
-					}
-
-					if ($new_match)
-					{
-						switch(SQL_LAYER)
-						{
-							case 'mysql':
-							case 'mysql4':
-								$value_sql .= (($value_sql != '') ? ', ' : '') . "('" . $word[$i] . "')";
-								break;
-
-							case 'mssql':
-							case 'sqlite':
-								$value_sql .= (($value_sql != '') ? ' UNION ALL ' : '') . "SELECT '" . $word[$i] . "'";
-								break;
-
-							default:
-								$sql = 'INSERT INTO ' . SEARCH_WORD_TABLE . " (word_text)
-									VALUES ('" . $word[$i] . "')";
-								$db->sql_query($sql);
-								break;
-						}
-					}
-				}
-
-				if ($value_sql != '')
-				{
-					switch (SQL_LAYER)
-					{
-						case 'mysql':
-						case 'mysql4':
-							$sql = 'INSERT IGNORE INTO ' . SEARCH_WORD_TABLE . " (word_text)
-								VALUES $value_sql";
-							break;
-
-						case 'mssql':
-						case 'sqlite':
-							$sql = 'INSERT INTO ' . SEARCH_WORD_TABLE . " (word_text)
-								$value_sql";
-							break;
-					}
-
-					$db->sql_query($sql);
-				}
-			}
-
-			foreach ($word_insert_sql as $word_in => $match_sql)
-			{
-				$title_match = ($word_in == 'title') ? 1 : 0;
-
-				if ($match_sql != '')
-				{
-					$sql = 'INSERT INTO ' . SEARCH_MATCH_TABLE . " (post_id, word_id, title_match)
-						SELECT $post_id, word_id, $title_match
-							FROM " . SEARCH_WORD_TABLE . "
-							WHERE word_text IN ($match_sql)";
-					$db->sql_query($sql);
-				}
-			}
-
+			$fulltext->add('admin', $row['post_id'], $row['post_text'], $row['post_subject']);
 		}
 		while ($row = $db->sql_fetchrow($result));
 	}
 
 	$db->sql_freeresult($result);
 
-	// Remove common words after the first 2 batches and after every 4th batch after that.
-	if ($batchcount % 4 == 3)
-	{
-//		remove_common('global', $config['common_search']);
-	}
-
 	$batchcount++;
 
 	if (($batchstart + $batchsize) < $max_post_id)
 	{
-		redirect("Location: admin_search.$phpEx$SID&batchstart=" . ($batchstart + $batchsize) . "&batchcount=$batch_count");
+		redirect("adm/admin_search.$phpEx$SID&batchstart=" . ($batchstart + $batchsize) . "&batchcount=$batchcount", 3);
 	}
 	else
 	{
 		set_config('board_disable', 0);
+
+		// search tidy
+		$fulltext->search_tidy();
+
 		adm_page_header($user->lang['SEARCH_INDEX']);
 
 ?>
@@ -309,7 +152,7 @@ else if (isset($_POST['cancel']))
 }
 else
 {
-	adm_page_header($user->lang['Search_index']);
+	adm_page_header($user->lang['SEARCH_INDEX']);
 
 ?>
 

phpBB/adm/admin_styles.php

@@ -1,15 +1,15 @@
 <?php
-// -------------------------------------------------------------
-//
-// $Id$
-//
-// FILENAME  : admin_styles.php
-// STARTED   : Thu Aug 7 2003
-// COPYRIGHT : <20> 2003 phpBB Group
-// WWW       : http://www.phpbb.com/
-// LICENCE   : GPL vs2.0 [ see /docs/COPYING ] 
-// 
-// -------------------------------------------------------------
+/** 
+*
+* @package acp
+* @version $Id$
+* @copyright (c) 2005 phpBB Group 
+* @license http://opensource.org/licenses/gpl-license.php GNU Public License 
+*
+*/
+
+/**
+*/
 
 // TODO
 // For M-3
@@ -18,6 +18,9 @@
 // Previews of templates, imagesets, themes ... unified
 // Security review
 
+// BUGS
+// Editing template -> store in DB -> some kind of failure
+
 if (!empty($setmodules))
 {
 	if (!$auth->acl_get('a_styles'))
@@ -37,7 +40,7 @@ if (!empty($setmodules))
 define('IN_PHPBB', 1);
 // Include files
 $phpbb_root_path = '../';
-require($phpbb_root_path . 'extension.inc');
+$phpEx = substr(strrchr(__FILE__, '.'), 1);
 require('pagestart.' . $phpEx);
 
 // Do we have styles admin permissions?
@@ -160,7 +163,7 @@ switch ($mode)
 				'viewforum_body.html', 'viewforum_subforum.html', 
 			),
 			'topic'		=> array(
-				'viewtopic_attach_body.html', 'viewtopic_body.html', 'viewtopic_print.html',
+				'attachment.html', 'viewtopic_body.html', 'viewtopic_print.html',
 			),
 			'group'		=> array(
 				'gcp_body.html', 'gcp_pending_info.html', 'gcp_user_body.html', 
@@ -2518,7 +2521,7 @@ function install_style($action, &$error, $name, $copyright, $active, $default, $
 		// and do the install if necessary
 		if (!${$element . '_id'})
 		{
-			$error = install_element($element, $action, $root_path, ${$element . '_id'}, ${$element . '_name'}, ${$element . '_copyright'});
+			$error = install_element($element, $error, $action, $root_path, ${$element . '_id'}, ${$element . '_name'}, ${$element . '_copyright'});
 		}
 	}
 
@@ -3048,7 +3051,8 @@ function install($type, $action, $id)
 	<tr>
 		<td class="row1" width="40%"><b><?php echo $user->lang[$l_type . '_NAME']; ?>:</b></td>
 		<td class="row2"><?php
-	
+		$style_name = 'subSilver2';
+		$style_copyright = '(c) 2004 Tom Beddard';
 	echo ($action == 'add') ? '<input class="post" type="text" name="name" maxlength="30" size="30" value="' . $name . '" />' : '<b>' . ${$type . '_name'} . '</b>';
 
 ?></td>

phpBB/adm/admin_viewlogs.php

@@ -1,24 +1,15 @@
 <?php
-/***************************************************************************
- *                            admin_viewlogs.php
- *                            -------------------
- *   begin                : Friday, May 11, 2001
- *   copyright            : (C) 2001 The phpBB Group
- *   email                : support@phpbb.com
- *
- *   $Id$
- *
- ***************************************************************************/
-
-/***************************************************************************
- *
- *   This program is free software; you can redistribute it and/or modify
- *   it under the terms of the GNU General Public License as published by
- *   the Free Software Foundation; either version 2 of the License, or
- *   (at your option) any later version.
- *
- ***************************************************************************/
+/** 
+*
+* @package acp
+* @version $Id$
+* @copyright (c) 2005 phpBB Group 
+* @license http://opensource.org/licenses/gpl-license.php GNU Public License 
+*
+*/
 
+/**
+*/
 if (!empty($setmodules))
 {
 	if (!$auth->acl_get('a_'))
@@ -37,7 +28,7 @@ if (!empty($setmodules))
 define('IN_PHPBB', 1);
 // Include files
 $phpbb_root_path = '../';
-require($phpbb_root_path . 'extension.inc');
+$phpEx = substr(strrchr(__FILE__, '.'), 1);
 require('pagestart.' . $phpEx);
 
 // Do we have styles admin permissions?
@@ -46,58 +37,61 @@ if (!$auth->acl_get('a_'))
 	trigger_error($user->lang['NO_ADMIN']);
 }
 
-
 // Set some variables
-$forum_id = (isset($_REQUEST['f'])) ? intval($_REQUEST['f']) : 0;
-$start = (isset($_GET['start'])) ? intval($_GET['start']) : 0;
-$mode = (isset($_REQUEST['mode'])) ? $_REQUEST['mode'] : 'admin';
-
+$mode		= request_var('mode', 'admin');
+$forum_id	= request_var('f', 0);
+$start		= request_var('start', 0);
+$deletemark = (isset($_POST['delmarked'])) ? true : false;
+$deleteall	= (isset($_POST['delall'])) ? true : false;
+$marked		= request_var('mark', array(0));
 
 // Sort keys
-$sort_days = (!empty($_REQUEST['st'])) ? max(intval($_REQUEST['st']), 0) : 0;
-$sort_key = (!empty($_REQUEST['sk'])) ? htmlspecialchars($_REQUEST['sk']) : 't';
-$sort_dir = (!empty($_REQUEST['sd'])) ? htmlspecialchars($_REQUEST['sd']) : 'd';
-
+$sort_days	= request_var('st', 0);
+$sort_key	= request_var('sk', 't');
+$sort_dir	= request_var('sd', 'd');
 
 // Define some vars depending on which logs we're looking at
 $log_type = ($mode == 'admin') ? LOG_ADMIN : (($mode == 'mod') ? LOG_MOD : LOG_CRITICAL);
-$l_title = $user->lang[strtoupper($mode) . '_LOGS'];
-$l_title_explain = $user->lang[strtoupper($mode) . '_LOGS_EXPLAIN'];
 
+$user->add_lang('mcp');
 
 // Delete entries if requested and able
-if ((isset($_POST['delmarked']) || isset($_POST['delall'])) && $auth->acl_get('a_clearlogs'))
+if (($deletemark || $deleteall) && $auth->acl_get('a_clearlogs'))
 {
 	$where_sql = '';
-	if (isset($_POST['delmarked']) && isset($_POST['mark']))
+	if ($deletemark && $marked)
 	{
-		foreach ($_POST['mark'] as $marked)
+		$sql_in = array();
+		foreach ($marked as $mark)
 		{
-			$where_sql .= (($where_sql != '') ? ', ' : '') . intval($marked);
+			$sql_in[] =  $mark;
 		}
-		$where_sql = "WHERE log_type = $log_type AND log_id IN ($where_sql)";
+		$where_sql = ' AND log_id IN (' . implode(', ', $sql_in) . ')';
+		unset($sql_in);
 	}
 
-	$sql = "DELETE FROM " . LOG_TABLE . "
-		$where_sql";
+	$sql = 'DELETE FROM ' . LOG_TABLE . "
+		WHERE log_type = $log_type 
+			$where_sql";
 	$db->sql_query($sql);
 
-	add_log('admin', 'log_' . $mode . '_clear');
+	add_log('admin', 'LOG_' . strtoupper($mode) . '_CLEAR');
 }
 
-
 // Sorting
 $limit_days = array(0 => $user->lang['ALL_ENTRIES'], 1 => $user->lang['1_DAY'], 7 => $user->lang['7_DAYS'], 14 => $user->lang['2_WEEKS'], 30 => $user->lang['1_MONTH'], 90 => $user->lang['3_MONTHS'], 180 => $user->lang['6_MONTHS'], 364 => $user->lang['1_YEAR']);
 $sort_by_text = array('u' => $user->lang['SORT_USERNAME'], 't' => $user->lang['SORT_DATE'], 'i' => $user->lang['SORT_IP'], 'o' => $user->lang['SORT_ACTION']);
 $sort_by_sql = array('u' => 'l.user_id', 't' => 'l.log_time', 'i' => 'l.log_ip', 'o' => 'l.log_operation');
 
-$s_limit_days = $s_sort_key = $s_sort_dir = '';
-gen_sort_selects($limit_days, $sort_by_text, $sort_days, $sort_key, $sort_dir, $s_limit_days, $s_sort_key, $s_sort_dir);
+$s_limit_days = $s_sort_key = $s_sort_dir = $u_sort_param = '';
+gen_sort_selects($limit_days, $sort_by_text, $sort_days, $sort_key, $sort_dir, $s_limit_days, $s_sort_key, $s_sort_dir, $u_sort_param);
 
 // Define where and sort sql for use in displaying logs
 $sql_where = ($sort_days) ? (time() - ($sort_days * 86400)) : 0;
 $sql_sort = $sort_by_sql[$sort_key] . ' ' . (($sort_dir == 'd') ? 'DESC' : 'ASC');
 
+$l_title = $user->lang[strtoupper($mode) . '_LOGS'];
+$l_title_explain = $user->lang[strtoupper($mode) . '_LOGS_EXPLAIN'];
 
 // Output page
 adm_page_header($l_title);
@@ -108,7 +102,7 @@ adm_page_header($l_title);
 
 <p><?php echo $l_title_explain; ?></p>
 
-<form method="post" action="<?php echo "admin_viewlogs.$phpEx$SID&amp;mode=$mode"; ?>">
+<form name="list" method="post" action="<?php echo "admin_viewlogs.$phpEx$SID&amp;mode=$mode"; ?>">
 <?php
 
 // Define forum list if we're looking @ mod logs
@@ -127,8 +121,24 @@ if ($mode == 'mod')
 
 }
 
+//
+// Grab log data
+//
+$log_data = array();
+$log_count = 0;
+view_log($mode, $log_data, $log_count, $config['topics_per_page'], $start, $forum_id, 0, 0, $sql_where, $sql_sort);
+
 ?>
 
+<table width="100%" cellspacing="2" cellpadding="2" border="0" align="center">
+<tr>
+	<td align="left" valign="top">&nbsp;<span class="nav"><?php echo on_page($log_count, $config['topics_per_page'], $start); ?></span></td>
+	<td align="right" valign="top" nowrap="nowrap">
+		<span class="nav"><?php	echo generate_pagination("admin_viewlogs.$phpEx$SID&amp;mode=$mode&amp;$u_sort_param", $log_count, $config['topics_per_page'], $start, true); ?></span>
+	</td>
+</tr>
+</table>
+
 <table class="bg" width="100%" cellpadding="4" cellspacing="1" border="0">
 	<tr>
 		<td class="cat" colspan="5" height="28" align="center"><?php echo $user->lang['DISPLAY_LOG']; ?>: &nbsp;<?php echo $s_limit_days; ?>&nbsp;<?php echo $user->lang['SORT_BY']; ?>: <?php echo $s_sort_key; ?> <?php echo $s_sort_dir; ?>&nbsp;<input class="btnlite" type="submit" value="<?php echo $user->lang['GO']; ?>" name="sort" /></td>
@@ -142,25 +152,38 @@ if ($mode == 'mod')
 	</tr>
 <?php
 
-//
-// Grab log data
-//
-$log_data = array();
-$log_count = 0;
-view_log($mode, $log_data, $log_count, $config['topics_per_page'], $start, $forum_id, 0, $sql_where, $sql_sort);
+$row_class = '';
 
 if ($log_count)
 {
-	for($i = 0; $i < sizeof($log_data); $i++)
+	for ($i = 0; $i < sizeof($log_data); $i++)
 	{
 		$row_class = ($row_class == 'row1') ? 'row2' : 'row1';
-
+		
 ?>
 	<tr>
 		<td class="<?php echo $row_class; ?>" nowrap="nowrap"><?php echo $log_data[$i]['username']; ?></td>
 		<td class="<?php echo $row_class; ?>" align="center" nowrap="nowrap"><?php echo $log_data[$i]['ip']; ?></td>
 		<td class="<?php echo $row_class; ?>" align="center" nowrap="nowrap"><?php echo $user->format_date($log_data[$i]['time']); ?></td>
-		<td class="<?php echo $row_class; ?>"><?php echo $log_data[$i]['action']; ?></td>
+		<td class="<?php echo $row_class; ?>"><?php 
+			echo $log_data[$i]['action']; 
+
+			$data = array();
+				
+			foreach (array('viewtopic', 'viewlogs', 'viewforum') as $check)
+			{
+				if (isset($log_data[$i][$check]) && $log_data[$i][$check])
+				{
+					$data[] = '<a href="' . $log_data[$i][$check] . '">' . $user->lang['LOGVIEW_' . strtoupper($check)] . '</a>';
+				}
+			}
+
+			if (sizeof($data))
+			{
+				echo '<br />&#187; <span class="gensmall">[ ' . implode(' | ', $data) . ' ]</span>';
+			}
+?>
+		</td>
 		<td class="<?php echo $row_class; ?>" align="center" nowrap="nowrap"><input type="checkbox" name="mark[]" value="<?php echo $log_data[$i]['id']; ?>" /></td>
 	</tr>
 <?php
@@ -200,21 +223,24 @@ else
 	{
 
 
-?><b><a href="javascript:marklist(true);"><?php echo $user->lang['MARK_ALL']; ?></a> :: <a href="javascript:marklist(false);"><?php echo $user->lang['UNMARK_ALL']; ?></a></b>&nbsp;<br /><br /><?php
+?><b><a href="javascript:marklist('list', true);"><?php echo $user->lang['MARK_ALL']; ?></a> :: <a href="javascript:marklist('list', false);"><?php echo $user->lang['UNMARK_ALL']; ?></a></b>&nbsp;<br /><br /><?php
 
 	}
-
-	echo generate_pagination("admin_viewlogs.$phpEx$SID&amp;mode=$mode&amp;st=$sort_days&amp;sk=$sort_key&amp;sd=$sort_dir", $log_count, $config['topics_per_page'], $start); ?></span></td>
+	
+	echo generate_pagination("admin_viewlogs.$phpEx$SID&amp;mode=$mode&amp;$u_sort_param", $log_count, $config['topics_per_page'], $start, true);
+	
+?></span></td>
 	</tr>
 </table></form>
 
 <script language="Javascript" type="text/javascript">
 <!--
-function marklist(status)
+function marklist(match, status)
 {
-	for (i = 0; i < document.log.length; i++)
+	len = eval('document.' + match + '.length');
+	for (i = 0; i < len; i++)
 	{
-		document.log.elements[i].checked = status;
+		eval('document.' + match + '.elements[i].checked = ' + status);
 	}
 }
 //-->

phpBB/adm/admin_words.php

@@ -1,24 +1,15 @@
 <?php
-/***************************************************************************
- *                              admin_words.php
- *                            -------------------
- *   begin                : Thursday, Jul 12, 2001
- *   copyright            : (C) 2001 The phpBB Group
- *   email                : support@phpbb.com
- *
- *   $Id$
- *
- ***************************************************************************/
-
-/***************************************************************************
- *
- *   This program is free software; you can redistribute it and/or modify
- *   it under the terms of the GNU General Public License as published by
- *   the Free Software Foundation; either version 2 of the License, or
- *   (at your option) any later version.
- *
- ***************************************************************************/
+/** 
+*
+* @package acp
+* @version $Id$
+* @copyright (c) 2005 phpBB Group 
+* @license http://opensource.org/licenses/gpl-license.php GNU Public License 
+*
+*/
 
+/**
+*/
 if (!empty($setmodules))
 {
 	if (!$auth->acl_get('a_words'))
@@ -32,8 +23,8 @@ if (!empty($setmodules))
 
 define('IN_PHPBB', 1);
 // Include files
-$phpbb_root_path = '../';
-require($phpbb_root_path . 'extension.inc');
+$phpbb_root_path = './../';
+$phpEx = substr(strrchr(__FILE__, '.'), 1);
 require('pagestart.' . $phpEx);
 
 // Do we have forum admin permissions?
@@ -42,57 +33,35 @@ if (!$auth->acl_get('a_words'))
 	trigger_error($user->lang['NO_ADMIN']);
 }
 
-// What do we want to do?
-if (isset($_REQUEST['mode']))
+$mode = request_var('mode', '');
+$mode = (isset($_POST['add'])) ? 'add' : ((isset($_POST['save'])) ? 'save' : $mode);
+
+$s_hidden_fields = '';
+$word_info = array();
+
+switch ($mode)
 {
-	$mode = $_REQUEST['mode'];
-}
-else
-{
-	// These could be entered via a form button
-	if (isset($_POST['add']))
-	{
-		$mode = 'add';
-	}
-	else if (isset($_POST['save']))
-	{
-		$mode = 'save';
-	}
-	else
-	{
-		$mode = '';
-	}
-}
+	case 'edit':
+		$word_id = request_var('id', 0);
+		
+		if (!$word_id)
+		{
+			trigger_error($user->lang['NO_WORD']);
+		}
 
-if ($mode != '')
-{
-	switch ($mode)
-	{
-		case 'edit':
-		case 'add':
-			$word_id = (isset($_GET['id'])) ? intval($_GET['id']) : 0;
+		$sql = 'SELECT *
+			FROM ' . WORDS_TABLE . "
+			WHERE word_id = $word_id";
+		$result = $db->sql_query_limit($sql, 1);
 
-			$s_hidden_fields = '';
-			if ($mode == 'edit')
-			{
-				if (!$word_id)
-				{
-					trigger_error($user->lang['NO_WORD']);
-				}
+		$word_info = $db->sql_fetchrow($result);
+		$db->sql_freeresult($result);
 
-				$sql = "SELECT *
-					FROM " . WORDS_TABLE . "
-					WHERE word_id = $word_id";
-				$result = $db->sql_query($sql);
+		$s_hidden_fields .= '<input type="hidden" name="id" value="' . $word_id . '" />';
 
-				$word_info = $db->sql_fetchrow($result);
-				$db->sql_freeresult($result);
-
-				$s_hidden_fields .= '<input type="hidden" name="id" value="' . $word_id . '" />';
-			}
-
-			adm_page_header($user->lang['WORDS_TITLE']);
+	case 'add':
 
+		adm_page_header($user->lang['WORDS_TITLE']);
 ?>
 
 <h1><?php echo $user->lang['WORDS_TITLE']; ?></h1>
@@ -104,11 +73,11 @@ if ($mode != '')
 		<th colspan="2"><?php echo $user->lang['EDIT_WORD']; ?></th>
 	</tr>
 	<tr>
-		<td class="row1"><?php echo $user->lang['WORD']; ?></td>
+		<td class="row1"><b><?php echo $user->lang['WORD']; ?>: </b></td>
 		<td class="row2"><input class="post" type="text" name="word" value="<?php echo $word_info['word']; ?>" /></td>
 	</tr>
 	<tr>
-		<td class="row1"><?php echo $user->lang['REPLACEMENT']; ?></td>
+		<td class="row1"><b><?php echo $user->lang['REPLACEMENT']; ?>: </b></td>
 		<td class="row2"><input class="post" type="text" name="replacement" value="<?php echo $word_info['replacement']; ?>" /></td>
 	</tr>
 	<tr>
@@ -122,11 +91,11 @@ if ($mode != '')
 			break;
 
 		case 'save':
-			$word_id = (isset($_POST['id'])) ? intval($_POST['id']) : 0;
-			$word = (isset($_POST['word'])) ? trim($_POST['word']) : '';
-			$replacement = (isset($_POST['replacement'])) ? trim($_POST['replacement']) : '';
+			$word_id = request_var('id', 0);
+			$word = request_var('word', '');
+			$replacement = request_var('replacement', '');
 
-			if ($word == '' || $replacement == '')
+			if (!$word || !$replacement)
 			{
 				trigger_error($user->lang['ENTER_WORD']);
 			}
@@ -136,44 +105,45 @@ if ($mode != '')
 
 			$cache->destroy('word_censors');
 
-			$log_action = ($word_id) ? 'log_edit_word' : 'log_add_word';
-			add_log('admin', $log_action, stripslashes($word));
+			$log_action = ($word_id) ? 'LOG_EDIT_WORD' : 'LOG_ADD_WORD';
+			add_log('admin', $log_action, $word);
 
 			$message = ($word_id) ? $user->lang['WORD_UPDATED'] : $user->lang['WORD_ADDED'];
+			trigger_error($message);
 			break;
 
 		case 'delete':
 
-			if (isset($_POST['id']) || isset($_GET['id']))
-			{
-				$word_id = (isset($_POST['id'])) ? intval($_POST['id']) : intval($_GET['id']);
-			}
-			else
+			$word_id = request_var('id', 0);
+
+			if (!$word_id)
 			{
 				trigger_error($user->lang['NO_WORD']);
 			}
 
-			$sql = "DELETE FROM " . WORDS_TABLE . "
+			$sql = 'SELECT word
+				FROM ' . WORDS_TABLE . "
+				WHERE word_id = $word_id";
+			$result = $db->sql_query($sql);
+			$deleted_word = $db->sql_fetchfield('word', 0, $result);
+			$db->sql_freeresult($result);
+
+			$sql = 'DELETE FROM ' . WORDS_TABLE . "
 				WHERE word_id = $word_id";
 			$db->sql_query($sql);
 
 			$cache->destroy('word_censors');
 
-			add_log('admin', 'log_delete_word');
+			add_log('admin', 'LOG_DELETE_WORD', $deleted_word);
 
 			$message = $user->lang['WORD_REMOVE'];
+			trigger_error($message);
+		
 			break;
 
-	}
-
-	trigger_error($message);
-
-}
-else
-{
-
-	adm_page_header($user->lang['WORDS_TITLE']);
+		default:
 
+			adm_page_header($user->lang['WORDS_TITLE']);
 ?>
 
 <h1><?php echo $user->lang['WORDS_TITLE']; ?></h1>
@@ -189,16 +159,17 @@ else
 
 <?php
 
-	$sql = "SELECT *
-		FROM " . WORDS_TABLE . "
-		ORDER BY word";
-	$result = $db->sql_query($sql);
+		$sql = 'SELECT *
+			FROM ' . WORDS_TABLE . '
+			ORDER BY word';
+		$result = $db->sql_query($sql);
 
-	if ($row = $db->sql_fetchrow($result))
-	{
-		do
+		$row_class = '';
+		if ($row = $db->sql_fetchrow($result))
 		{
-			$row_class = ($row_class == 'row1') ? 'row2' : 'row1';
+			do
+			{
+				$row_class = ($row_class == 'row1') ? 'row2' : 'row1';
 
 ?>
 	<tr>
@@ -209,10 +180,10 @@ else
 	</tr>
 <?php
 
+			}
+			while ($row = $db->sql_fetchrow($result));
 		}
-		while ($row = $db->sql_fetchrow($result));
-	}
-	$db->sql_freeresult($result);
+		$db->sql_freeresult($result);
 
 ?>
 	<tr>
@@ -222,8 +193,8 @@ else
 
 <?php
 
-	adm_page_footer();
-
+		adm_page_footer();
+		break;
 }
 
 ?>

phpBB/adm/editor.js

@@ -0,0 +1,306 @@
+// bbCode control by subBlue design [ www.subBlue.com ]
+// Includes unixsafe colour palette selector by SHS`
+
+// Startup variables
+var imageTag = false;
+var theSelection = false;
+
+// Check for Browser & Platform for PC & IE specific bits
+// More details from: http://www.mozilla.org/docs/web-developer/sniffer/browser_type.html
+var clientPC = navigator.userAgent.toLowerCase(); // Get client info
+var clientVer = parseInt(navigator.appVersion); // Get browser version
+
+var is_ie = ((clientPC.indexOf("msie") != -1) && (clientPC.indexOf("opera") == -1));
+var is_nav = ((clientPC.indexOf('mozilla')!=-1) && (clientPC.indexOf('spoofer')==-1)
+                && (clientPC.indexOf('compatible') == -1) && (clientPC.indexOf('opera')==-1)
+                && (clientPC.indexOf('webtv')==-1) && (clientPC.indexOf('hotjava')==-1));
+
+var is_win = ((clientPC.indexOf("win")!=-1) || (clientPC.indexOf("16bit") != -1));
+var is_mac = (clientPC.indexOf("mac")!=-1);
+
+// Shows the help messages in the helpline window
+function helpline(help) {
+	document.forms[form_name].helpbox.value = eval(help + "_help");
+}
+
+// Replacement for arrayname.length property
+function getarraysize(thearray) {
+	for (i = 0; i < thearray.length; i++) {
+		if ((thearray[i] == "undefined") || (thearray[i] == "") || (thearray[i] == null))
+			return i;
+		}
+	return thearray.length;
+}
+
+// Replacement for arrayname.push(value) not implemented in IE until version 5.5
+// Appends element to the array
+function arraypush(thearray,value) {
+	thearray[ getarraysize(thearray) ] = value;
+}
+
+// Replacement for arrayname.pop() not implemented in IE until version 5.5
+// Removes and returns the last element of an array
+function arraypop(thearray) {
+	thearraysize = getarraysize(thearray);
+	retval = thearray[thearraysize - 1];
+	delete thearray[thearraysize - 1];
+	return retval;
+}
+
+function smiley(text) {
+	text = ' ' + text + ' ';
+	if (document.forms[form_name].elements[text_name].createTextRange && document.forms[form_name].elements[text_name].caretPos) {
+		var caretPos = document.forms[form_name].elements[text_name].caretPos;
+
+		caretPos.text = caretPos.text.charAt(caretPos.text.length - 1) == ' ' ? caretPos.text + text + ' ' : caretPos.text + text;
+		document.forms[form_name].elements[text_name].focus();
+	} else {
+		var selStart = document.forms[form_name].elements[text_name].selectionStart;
+		var selEnd = document.forms[form_name].elements[text_name].selectionEnd;
+
+		mozWrap(document.forms[form_name].elements[text_name], text, '')
+		document.forms[form_name].elements[text_name].focus();
+		document.forms[form_name].elements[text_name].selectionStart = selStart + text.length;
+		document.forms[form_name].elements[text_name].selectionEnd = selEnd + text.length;
+	}
+}
+
+function bbfontstyle(bbopen, bbclose) {
+	if ((clientVer >= 4) && is_ie && is_win) {
+		theSelection = document.selection.createRange().text;
+		if (!theSelection) {
+			insert_text(bbopen + bbclose);
+			document.forms[form_name].elements[text_name].focus();
+			return;
+		}
+		document.selection.createRange().text = bbopen + theSelection + bbclose;
+		document.forms[form_name].elements[text_name].focus();
+		return;
+	} else {
+		insert_text(bbopen + bbclose);
+		document.forms[form_name].elements[text_name].focus();
+		return;
+	}
+	storeCaret(document.forms[form_name].elements[text_name]);
+}
+
+function insert_text(text) {
+	if (document.forms[form_name].elements[text_name].createTextRange && document.forms[form_name].elements[text_name].caretPos) {
+		var caretPos = document.forms[form_name].elements[text_name].caretPos;
+		caretPos.text = caretPos.text.charAt(caretPos.text.length - 1) == ' ' ? caretPos.text + text + ' ' : caretPos.text + text;
+	} else {
+		var selStart = document.forms[form_name].elements[text_name].selectionStart;
+		var selEnd = document.forms[form_name].elements[text_name].selectionEnd;
+
+		mozWrap(document.forms[form_name].elements[text_name], text, '')
+		document.forms[form_name].elements[text_name].selectionStart = selStart + text.length;
+		document.forms[form_name].elements[text_name].selectionEnd = selEnd + text.length;
+	}
+}
+
+function attach_inline() {
+	insert_text('[attachment=' + document.forms[form_name].elements['attachments'].value + ']' + document.forms[form_name].elements['attachments'].options[document.forms[form_name].elements['attachments'].selectedIndex].text + '[/attachment]');
+}
+
+function bbstyle(bbnumber) {
+
+	donotinsert = false;
+	theSelection = false;
+	bblast = 0;
+	document.forms[form_name].elements[text_name].focus();
+
+	if (bbnumber == -1) { // Close all open tags & default button names
+		while (bbcode[0]) {
+			butnumber = arraypop(bbcode) - 1;
+			document.forms[form_name].elements[text_name].value += bbtags[butnumber + 1];
+			buttext = eval('document.forms[form_name].addbbcode' + butnumber + '.value');
+			if (buttext != "[*]")
+			{
+				eval('document.forms[form_name].addbbcode' + butnumber + '.value ="' + buttext.substr(0,(buttext.length - 1)) + '"');
+			}
+		}
+		document.forms[form_name].addbbcode10.value = "List";
+		bbtags[10] = "[list]";
+		document.forms[form_name].addbbcode12.value = "List=";
+		bbtags[12] = "[list=]";
+		imageTag = false; // All tags are closed including image tags :D
+		document.forms[form_name].elements[text_name].focus();
+		return;
+	}
+
+	if ((clientVer >= 4) && is_ie && is_win)
+	{
+		theSelection = document.selection.createRange().text; // Get text selection
+		if (theSelection) {
+			// Add tags around selection
+			document.selection.createRange().text = bbtags[bbnumber] + theSelection + bbtags[bbnumber+1];
+			document.forms[form_name].elements[text_name].focus();
+			theSelection = '';
+			return;
+		}
+	}
+	else if (document.forms[form_name].elements[text_name].selectionEnd && (document.forms[form_name].elements[text_name].selectionEnd - document.forms[form_name].elements[text_name].selectionStart > 0))
+	{
+		mozWrap(document.forms[form_name].elements[text_name], bbtags[bbnumber], bbtags[bbnumber+1]);
+		document.forms[form_name].elements[text_name].focus();
+		theSelection = '';
+		return;
+	}
+
+	// Find last occurance of an open tag the same as the one just clicked
+	for (i = 0; i < bbcode.length; i++) {
+		if (bbcode[i] == bbnumber+1) {
+			bblast = i;
+			donotinsert = true;
+		}
+	}
+
+	if ((bbnumber == 10) && (bbtags[10] != "[*]"))
+	{
+		if (donotinsert)
+		{
+			document.forms[form_name].addbbcode12.value = "List=";
+			tmp_help = o_help;
+			o_help = e_help;
+			e_help = tmp_help;
+			bbtags[12] = "[list=]";
+		}
+		else
+		{
+			document.forms[form_name].addbbcode12.value = "[*]";
+			tmp_help = o_help;
+			o_help = e_help;
+			e_help = tmp_help;
+			bbtags[12] = "[*]";
+		}
+	}
+
+	if ((bbnumber == 12) && (bbtags[12] != "[*]"))
+	{
+		if (donotinsert)
+		{
+			document.forms[form_name].addbbcode10.value = "List";
+			tmp_help = l_help;
+			l_help = e_help;
+			e_help = tmp_help;
+			bbtags[10] = "[list]";
+		}
+		else
+		{
+			document.forms[form_name].addbbcode10.value = "[*]";
+			tmp_help = l_help;
+			l_help = e_help;
+			e_help = tmp_help;
+			bbtags[10] = "[*]";
+		}
+	}
+
+	if (donotinsert) {		// Close all open tags up to the one just clicked & default button names
+		while (bbcode[bblast]) {
+				butnumber = arraypop(bbcode) - 1;
+				if (bbtags[butnumber] != "[*]")
+				{
+					insert_text(bbtags[butnumber + 1]);
+				}
+				else
+				{
+					insert_text(bbtags[butnumber]);
+				}
+				buttext = eval('document.forms[form_name].addbbcode' + butnumber + '.value');
+				if (bbtags[butnumber] != "[*]")
+				{
+					eval('document.forms[form_name].addbbcode' + butnumber + '.value ="' + buttext.substr(0,(buttext.length - 1)) + '"');
+				}
+				imageTag = false;
+			}
+			document.forms[form_name].elements[text_name].focus();
+			return;
+	} else { // Open tags
+
+		if (imageTag && (bbnumber != 14)) {		// Close image tag before adding another
+			insert_text(bbtags[15]);
+
+			lastValue = arraypop(bbcode) - 1;	// Remove the close image tag from the list
+			document.forms[form_name].addbbcode14.value = "Img";	// Return button back to normal state
+			imageTag = false;
+		}
+
+		// Open tag
+		insert_text(bbtags[bbnumber]);
+
+		if ((bbnumber == 14) && (imageTag == false)) imageTag = 1; // Check to stop additional tags after an unclosed image tag
+		if (bbtags[bbnumber] != "[*]")
+		{
+			arraypush(bbcode,bbnumber+1);
+			eval('document.forms[form_name].addbbcode'+bbnumber+'.value += "*"');
+		}
+		document.forms[form_name].elements[text_name].focus();
+		return;
+	}
+
+	storeCaret(document.forms[form_name].elements[text_name]);
+}
+
+// From http://www.massless.org/mozedit/
+function mozWrap(txtarea, open, close)
+{
+	var selLength = txtarea.textLength;
+	var selStart = txtarea.selectionStart;
+	var selEnd = txtarea.selectionEnd;
+	if (selEnd == 1 || selEnd == 2) 
+		selEnd = selLength;
+
+	var s1 = (txtarea.value).substring(0,selStart);
+	var s2 = (txtarea.value).substring(selStart, selEnd)
+	var s3 = (txtarea.value).substring(selEnd, selLength);
+	txtarea.value = s1 + open + s2 + close + s3;
+	return;
+}
+
+// Insert at Claret position. Code from
+// http://www.faqts.com/knowledge_base/view.phtml/aid/1052/fid/130
+function storeCaret(textEl) {
+	if (textEl.createTextRange) { textEl.caretPos = document.selection.createRange().duplicate(); }
+}
+
+function colorPalette(dir, width, height)
+{
+	var r = 0, g = 0, b = 0;
+	var numberList = new Array(6);
+	numberList[0] = "00";
+	numberList[1] = "40";
+	numberList[2] = "80";
+	numberList[3] = "BF";
+	numberList[4] = "FF";
+	document.writeln('<table cellspacing="1" cellpadding="0" border="0">');
+	for(r = 0; r < 5; r++)
+	{
+		if (dir == 'h')
+		{
+			document.writeln('<tr>');
+		}
+		for(g = 0; g < 5; g++)
+		{
+			if (dir == 'v')
+			{
+				document.writeln('<tr>');
+			}
+			for(b = 0; b < 5; b++)
+			{
+				color = String(numberList[r]) + String(numberList[g]) + String(numberList[b]);
+				document.write('<td bgcolor="#' + color + '">');
+				document.write('<a href="javascript:bbfontstyle(\'[color=#' + color + ']\', \'[/color]\');" onmouseover="helpline(\'s\');"><img src="images/spacer.gif" width="' + width + '" height="' + height + '" border="0" alt="#' + color + '" title="#' + color + '" /></a>');
+				document.writeln('</td>');
+			}
+			if (dir == 'v')
+			{
+				document.writeln('</tr>');
+			}
+		}
+		if (dir == 'h')
+		{
+			document.writeln('</tr>');
+		}
+	}
+	document.writeln('</table>');
+}

phpBB/adm/index.php

@@ -1,22 +1,19 @@
 <?php
-// -------------------------------------------------------------
-//
-// $Id$
-//
-// FILENAME  : adm/index.php
-// STARTED   : Sat Feb 13, 2001
-// COPYRIGHT : <20> 2003 phpBB Group
-// WWW       : http://www.phpbb.com/
-// LICENCE   : GPL vs2.0 [ see /docs/COPYING ] 
-// 
-// -------------------------------------------------------------
-
+/** 
+*
+* @package acp
+* @version $Id$
+* @copyright (c) 2005 phpBB Group 
+* @license http://opensource.org/licenses/gpl-license.php GNU Public License 
+*
+*/
 
+/**
+*/
 define('IN_PHPBB', 1);
-
 // Include files
-$phpbb_root_path = '../';
-require($phpbb_root_path . 'extension.inc');
+$phpbb_root_path = './../';
+$phpEx = substr(strrchr(__FILE__, '.'), 1);
 require('pagestart.' . $phpEx);
 
 // Do we have any admin permissions at all?
@@ -25,10 +22,8 @@ if (!$auth->acl_get('a_'))
 	trigger_error($user->lang['NO_ADMIN']);
 }
 
-
 // Define some vars
-$pane = (!empty($_GET['pane'])) ? htmlspecialchars($_GET['pane']) : '';
-
+$pane = request_var('pane', '');
 
 // Generate relevant output
 if ($pane == 'top')
@@ -39,7 +34,7 @@ if ($pane == 'top')
 
 <table width="100%" cellspacing="0" cellpadding="0" border="0">
 	<tr>
-		<td><a href="<?php echo "../index.$phpEx$SID"; ?>" target="_top"><img src="images/header_left.jpg" width="200" height="60" alt="phpBB Logo" title="phpBB Logo" border="0"/></a></td>
+		<td><a href="<?php echo "{$phpbb_root_path}index.$phpEx$SID"; ?>" target="_top"><img src="images/header_left.jpg" width="200" height="60" alt="phpBB Logo" title="phpBB Logo" border="0"/></a></td>
 		<td width="100%" background="images/header_bg.jpg" height="60" align="right" nowrap="nowrap"><span class="maintitle"><?php echo $user->lang['ADMIN_TITLE']; ?></span> &nbsp; &nbsp; &nbsp;</td>
 	</tr>
 </table>
@@ -58,14 +53,13 @@ else if ($pane == 'left')
 	$dir = @opendir('.');
 
 	$setmodules = 1;
-	while ($file = @readdir($dir))
+	while ($file = readdir($dir))
 	{
 		if (preg_match('#^admin_(.*?)\.' . $phpEx . '$#', $file))
 		{
 			include($file);
 		}
 	}
-
 	@closedir($dir);
 
 	unset($setmodules);
@@ -106,7 +100,7 @@ else if ($pane == 'left')
 			{
 				if (!empty($file))
 				{
-					$action = (!empty($user->lang[$action])) ? $user->lang[$action] : preg_replace('/_/', ' ', $action);
+					$action = (!empty($user->lang[$action])) ? $user->lang[$action] : preg_replace('#_#', ' ', $action);
 
 					$row_class = ($row_class == 'row1') ? 'row2' : 'row1';
 ?>
@@ -134,160 +128,240 @@ else if ($pane == 'left')
 }
 elseif ($pane == 'right')
 {
-	if ((isset($_POST['activate']) || isset($_POST['delete'])) && !empty($_POST['mark']))
+	$action = request_var('action', '');
+	$mark	= (isset($_REQUEST['mark'])) ? implode(', ', request_var('mark', array(0))) : '';
+
+	if ($mark)
 	{
-		if (!$auth->acl_get('a_user'))
+		switch ($action)
 		{
-			trigger_error($user->lang['NO_ADMIN']);
-		}
-
-		if (is_array($_POST['mark']))
-		{
-			$in_sql = '';
-			foreach ($_POST['mark'] as $user_id)
-			{
-				$in_sql .= (($in_sql != '') ? ', ' : '') . intval($user_id);
-			}
-
-			if ($in_sql != '')
-			{
-				$sql = (isset($_POST['activate'])) ? 'UPDATE ' . USERS_TABLE . " SET user_active = 1 WHERE user_id IN ($in_sql)" : "DELETE FROM " . USERS_TABLE . " WHERE user_id IN ($in_sql)";
-				$db->sql_query($sql);
-
-				if (!isset($_POST['delete']))
+			case 'activate':
+			case 'delete':
+				if (!$auth->acl_get('a_user'))
 				{
-					set_config('num_users', $config['num_users'] + sizeof($mark));
+					trigger_error($user->lang['NO_ADMIN']);
 				}
 
-				$log_action = (isset($_POST['activate'])) ? 'log_index_activate' : 'log_index_delete';
-				add_log('admin', $log_action, sizeof($_POST['mark']));
-			}
-		}
-	}
-	else if (isset($_POST['remind']))
-	{
-		if (!$auth->acl_get('a_user'))
-		{
-			trigger_error($user->lang['NO_ADMIN']);
-		}
+				$sql = 'SELECT username 
+					FROM ' . USERS_TABLE . "
+					WHERE user_id IN ($mark)";
+				$result = $db->sql_query($sql);
+				
+				$user_affected = array();
+				while ($row = $db->sql_fetchrow($result))
+				{
+					$user_affected[] = $row['username'];
+				}
+				$db->sql_freeresult($result);
 
-		if (empty($config['email_enable']))
-		{
-			trigger_error($user->lang['EMAIL_DISABLED']);
-		}
+				if ($action == 'activate')
+				{
+					include($phpbb_root_path . 'includes/functions_user.php');
+					$mark_ary = explode(', ', $mark);
 
-		if (is_array($_POST['mark']))
-		{
-			$in_sql = '';
-			foreach ($_POST['mark'] as $user_id)
-			{
-				$in_sql .= (($in_sql != '') ? ', ' : '') . intval($user_id);
-			}
+					foreach ($mark_ary as $user_id)
+					{
+						user_active_flip($user_id, USER_INACTIVE);
+					}
+				}
+				else if ($action == 'delete')
+				{
+					$sql = 'DELETE FROM ' . USER_GROUP_TABLE . " WHERE user_id IN ($mark)";
+					$db->sql_query($sql);
+					$sql = 'DELETE FROM ' . USERS_TABLE . " WHERE user_id IN ($mark)";
+					$db->sql_query($sql);
+	
+					add_log('admin', 'LOG_INDEX_' . strtoupper($action), implode(', ', $user_affected));
+				}
 
-			if ($in_sql != '')
-			{
-				$sql = "SELECT user_id, username, user_email, user_lang, user_regdate, user_actkey 
-					FROM " . USERS_TABLE . " 
-					WHERE user_id IN ($in_sql)";
+				if ($action != 'delete')
+				{
+					set_config('num_users', $config['num_users'] + $db->sql_affectedrows(), true);
+				}
+
+				break;
+
+			case 'remind':
+				if (!$auth->acl_get('a_user'))
+				{
+					trigger_error($user->lang['NO_ADMIN']);
+				}
+
+				if (empty($config['email_enable']))
+				{
+					trigger_error($user->lang['EMAIL_DISABLED']);
+				}
+
+				$sql = 'SELECT user_id, username, user_email, user_lang, user_jabber, user_notify_type, user_regdate, user_actkey 
+					FROM ' . USERS_TABLE . " 
+					WHERE user_id IN ($mark)";
 				$result = $db->sql_query($sql);
 
 				if ($row = $db->sql_fetchrow($result))
 				{
-					include($phpbb_root_path . 'includes/emailer.'.$phpEx);
-					$emailer = new emailer();
-	
-					$board_url = generate_board_url() . '/ucp.' . $phpEx;
-					$usernames = '';
+					// Send the messages
+					include_once($phpbb_root_path . 'includes/functions_messenger.'.$phpEx);
 
+					$messenger = new messenger();
+
+					$board_url = generate_board_url() . "/ucp.$phpEx?mode=activate";
+					$sig = str_replace('<br />', "\n", "-- \n" . $config['board_email_sig']);
+
+					$usernames = array();
 					do
 					{
-						$emailer->use_template('user_remind_inactive', $row['user_lang']);
-						$emailer->to($row['user_email'], $row['username']);
-					
-						$emailer->assign_vars(array(
-							'EMAIL_SIG'		=> str_replace('<br />', "\n", "-- \n" . $config['board_email_sig']),
+						$messenger->template('user_remind_inactive', $row['user_lang']);
+
+						$messenger->replyto($config['board_email']);
+						$messenger->to($row['user_email'], $row['username']);
+						$messenger->im($row['user_jabber'], $row['username']);
+
+						$messenger->assign_vars(array(
+							'EMAIL_SIG'		=> $sig,
 							'USERNAME'		=> $row['username'],
 							'SITENAME'		=> $config['sitename'],
 							'REGISTER_DATE'	=> $user->format_date($row['user_regdate']), 
 							
-							'U_ACTIVATE'	=> $board_url . '&mode=activate&u=' . $row['user_id'] . '&k=' . $row['user_actkey'])
+							'U_ACTIVATE'	=> "$board_url&mode=activate&u=" . $row['user_id'] . '&k=' . $row['user_actkey'])
 						);
-					
-						$emailer->send();
-						$emailer->reset();
 
-						$usernames .= (($usernames != '') ? ', ' : '') . $row['username'];
+						$messenger->send($row['user_notify_type']);
+
+						$usernames[] = $row['username'];
 					}
 					while ($row = $db->sql_fetchrow($result));
 
-					add_log('admin', 'LOG_INDEX_REMIND', $usernames);
+					$messenger->save_queue();
+
+					unset($email_list);
+
+					add_log('admin', 'LOG_INDEX_REMIND', implode(', ', $usernames));
+					unset($usernames);
+				}
+				$db->sql_freeresult($result);
+				break;
+		}
+	}
+
+	switch ($action)
+	{
+		case 'online':
+			if (!$auth->acl_get('a_defaults'))
+			{
+				trigger_error($user->lang['NO_ADMIN']);
+			}
+
+			set_config('record_online_users', 1, true);
+			set_config('record_online_date', time(), true);
+			add_log('admin', 'LOG_RESET_ONLINE');
+			break;
+
+		case 'stats':
+			if (!$auth->acl_get('a_defaults'))
+			{
+				trigger_error($user->lang['NO_ADMIN']);
+			}
+
+			$sql = 'SELECT COUNT(post_id) AS stat 
+				FROM ' . POSTS_TABLE . '
+				WHERE post_approved = 1';
+			$result = $db->sql_query($sql);
+
+			$row = $db->sql_fetchrow($result);
+			$db->sql_freeresult($result);
+			set_config('num_posts', (int) $row['stat'], true);
+
+			$sql = 'SELECT COUNT(topic_id) AS stat
+				FROM ' . TOPICS_TABLE . '
+				WHERE topic_approved = 1';
+			$result = $db->sql_query($sql);
+
+			$row = $db->sql_fetchrow($result);
+			$db->sql_freeresult($result);
+			set_config('num_topics', (int) $row['stat'], true);
+
+			$sql = 'SELECT COUNT(user_id) AS stat
+				FROM ' . USERS_TABLE . '
+				WHERE user_type IN (' . USER_NORMAL . ',' . USER_FOUNDER . ')';
+			$result = $db->sql_query($sql);
+
+			$row = $db->sql_fetchrow($result);
+			$db->sql_freeresult($result);
+			set_config('num_users', (int) $row['stat'], true);
+
+			$sql = 'SELECT COUNT(attach_id) as stat
+				FROM ' . ATTACHMENTS_TABLE;
+			$result = $db->sql_query($sql);
+
+			set_config('num_files', (int) $db->sql_fetchfield('stat', 0, $result), true);
+			$db->sql_freeresult($result);
+
+			$sql = 'SELECT SUM(filesize) as stat
+				FROM ' . ATTACHMENTS_TABLE;
+			$result = $db->sql_query($sql);
+
+			set_config('upload_dir_size', (int) $db->sql_fetchfield('stat', 0, $result), true);
+			$db->sql_freeresult($result);
+
+			add_log('admin', 'LOG_RESYNC_STATS');
+			break;
+
+		case 'user':
+			if (!$auth->acl_get('a_defaults'))
+			{
+				trigger_error($user->lang['NO_ADMIN']);
+			}
+
+			$post_count_ary = $auth->acl_getf('f_postcount');
+
+			$forum_ary = array();
+			foreach ($post_count_ary as $forum_id => $allowed)
+			{
+				if ($allowed['f_postcount'])
+				{
+					$forum_ary[] = $forum_id;
+				}
+			}
+			
+			if (!sizeof($forum_ary))
+			{
+				$db->sql_query('UPDATE ' . USERS_TABLE . ' SET user_posts = 0');
+			}
+			else
+			{
+				$sql = 'SELECT COUNT(post_id) AS num_posts, poster_id
+					FROM ' . POSTS_TABLE . '
+					WHERE poster_id <> ' . ANONYMOUS . '
+						AND forum_id IN (' . implode(', ', $forum_ary) . ')
+					GROUP BY poster_id';
+				$result = $db->sql_query($sql);
+
+				while ($row = $db->sql_fetchrow($result))
+				{
+					$db->sql_query('UPDATE ' . USERS_TABLE . " SET user_posts = {$row['num_posts']} WHERE user_id = {$row['poster_id']}");
 				}
 				$db->sql_freeresult($result);
 			}
-		}
-	}
-	else if (isset($_POST['online']))
-	{
-		if (!$auth->acl_get('a_defaults'))
-		{
-			trigger_error($user->lang['NO_ADMIN']);
-		}
 
-		set_config('record_online_users', 1);
-		set_config('record_online_date', time());
-		add_log('admin', 'LOG_RESET_ONLINE');
-	}
-	else if (isset($_POST['stats']))
-	{
-		if (!$auth->acl_get('a_defaults'))
-		{
-			trigger_error($user->lang['NO_ADMIN']);
-		}
+			add_log('admin', 'LOG_RESYNC_POSTCOUNTS');
+			break;
+		
+		case 'date':
+			if (!$auth->acl_get('a_defaults'))
+			{
+				trigger_error($user->lang['NO_ADMIN']);
+			}
 
-		$sql = "SELECT COUNT(post_id) AS stat 
-			FROM " . POSTS_TABLE . "
-			WHERE post_approved = 1";
-		$result = $db->sql_query($sql);
-
-		$row = $db->sql_fetchrow($result);
-		$db->sql_freeresult($result);
-		set_config('num_posts', $row['stat']);
-
-		$sql = "SELECT COUNT(topic_id) AS stat
-			FROM " . TOPICS_TABLE . "
-			WHERE topic_approved = 1";
-		$result = $db->sql_query($sql);
-
-		$row = $db->sql_fetchrow($result);
-		$db->sql_freeresult($result);
-		set_config('num_topics', $row['stat']);
-
-		$sql = "SELECT COUNT(user_id) AS stat
-			FROM " . USERS_TABLE . "
-			WHERE user_active = 1";
-		$result = $db->sql_query($sql);
-
-		$row = $db->sql_fetchrow($result);
-		$db->sql_freeresult($result);
-		set_config('num_users', $row['stat']);
-
-		add_log('admin', 'LOG_RESYNC_STATS');
-	}
-	else if (isset($_POST['date']))
-	{
-		if (!$auth->acl_get('a_defaults'))
-		{
-			trigger_error($user->lang['NO_ADMIN']);
-		}
-
-		set_config('board_startdate', time() - 1);
-		add_log('admin', 'LOG_RESET_DATE');
+			set_config('board_startdate', time() - 1);
+			add_log('admin', 'LOG_RESET_DATE');
+			break;
 	}
 
 	// Get forum statistics
 	$total_posts = $config['num_posts'];
 	$total_topics = $config['num_topics'];
 	$total_users = $config['num_users'];
+	$total_files = $config['num_files'];
 
 	$start_date = $user->format_date($config['board_startdate']);
 
@@ -296,16 +370,19 @@ elseif ($pane == 'right')
 	$posts_per_day = sprintf('%.2f', $total_posts / $boarddays);
 	$topics_per_day = sprintf('%.2f', $total_topics / $boarddays);
 	$users_per_day = sprintf('%.2f', $total_users / $boarddays);
+	$files_per_day = sprintf('%.2f', $total_files / $boarddays);
+
+	$upload_dir_size = ($config['upload_dir_size'] >= 1048576) ? sprintf('%.2f ' . $user->lang['MB'], ($config['upload_dir_size'] / 1048576)) : (($config['upload_dir_size'] >= 1024) ? sprintf('%.2f ' . $user->lang['KB'], ($config['upload_dir_size'] / 1024)) : sprintf('%.2f ' . $user->lang['BYTES'], $config['upload_dir_size']));
 
 	$avatar_dir_size = 0;
 
 	if ($avatar_dir = @opendir($phpbb_root_path . $config['avatar_path']))
 	{
-		while ($file = @readdir($avatar_dir))
+		while ($file = readdir($avatar_dir))
 		{
-			if ($file != '.' && $file != '..')
+			if ($file{0} != '.')
 			{
-				$avatar_dir_size += @filesize($phpbb_root_path . $config['avatar_path'] . '/' . $file);
+				$avatar_dir_size += filesize($phpbb_root_path . $config['avatar_path'] . '/' . $file);
 			}
 		}
 		@closedir($avatar_dir);
@@ -313,24 +390,12 @@ elseif ($pane == 'right')
 		// This bit of code translates the avatar directory size into human readable format
 		// Borrowed the code from the PHP.net annoted manual, origanally written by:
 		// Jesse (jesse@jess.on.ca)
-		if ($avatar_dir_size >= 1048576)
-		{
-			$avatar_dir_size = round($avatar_dir_size / 1048576 * 100) / 100 . ' MB';
-		}
-		else if ($avatar_dir_size >= 1024)
-		{
-			$avatar_dir_size = round($avatar_dir_size / 1024 * 100) / 100 . ' KB';
-		}
-		else
-		{
-			$avatar_dir_size = $avatar_dir_size . ' Bytes';
-		}
-
+		$avatar_dir_size = ($avatar_dir_size >= 1048576) ? sprintf('%.2f ' . $user->lang['MB'], ($avatar_dir_size / 1048576)) : (($avatar_dir_size >= 1024) ? sprintf('%.2f ' . $user->lang['KB'], ($avatar_dir_size / 1024)) : sprintf('%.2f ' . $user->lang['BYTES'], $avatar_dir_size));
 	}
 	else
 	{
 		// Couldn't open Avatar dir.
-		$avatar_dir_size = $user->lang['Not_available'];
+		$avatar_dir_size = $user->lang['NOT_AVAILABLE'];
 	}
 
 	if ($posts_per_day > $total_posts)
@@ -348,10 +413,15 @@ elseif ($pane == 'right')
 		$users_per_day = $total_users;
 	}
 
+	if ($files_per_day > $total_files)
+	{
+		$files_per_day = $total_files;
+	}
+
 	// DB size ... MySQL only
 	// This code is heavily influenced by a similar routine
 	// in phpMyAdmin 2.2.0
-	if (preg_match('/^mysql/', SQL_LAYER))
+	if (preg_match('#^mysql#', SQL_LAYER))
 	{
 		$result = $db->sql_query('SELECT VERSION() AS mysql_version');
 
@@ -370,7 +440,7 @@ elseif ($pane == 'right')
 				$dbsize = 0;
 				while ($row = $db->sql_fetchrow($result))
 				{
-					if ($row['Type'] != 'MRG_MyISAM')
+					if ((isset($row['Type']) && $row['Type'] != 'MRG_MyISAM') || (isset($row['Engine']) && $row['Engine'] == 'MyISAM'))
 					{
 						if ($table_prefix != '')
 						{
@@ -398,8 +468,8 @@ elseif ($pane == 'right')
 	}
 	else if (preg_match('#^mssql#', SQL_LAYER))
 	{
-		$sql = "SELECT ((SUM(size) * 8.0) * 1024.0) as dbsize
-			FROM sysfiles";
+		$sql = 'SELECT ((SUM(size) * 8.0) * 1024.0) as dbsize
+			FROM sysfiles';
 		$result = $db->sql_query($sql);
 
 		$dbsize = ($row = $db->sql_fetchrow($result)) ? intval($row['dbsize']) : $user->lang['NOT_AVAILABLE'];
@@ -411,7 +481,7 @@ elseif ($pane == 'right')
 
 	if (is_int($dbsize))
 	{
-		$dbsize = ($dbsize >= 1048576) ? sprintf('%.2f MB', ($dbsize / 1048576)) : (($dbsize >= 1024) ? sprintf('%.2f KB', ($dbsize / 1024)) : sprintf('%.2f Bytes', $dbsize));
+		$dbsize = ($dbsize >= 1048576) ? sprintf('%.2f ' . $user->lang['MB'], ($dbsize / 1048576)) : (($dbsize >= 1024) ? sprintf('%.2f ' . $user->lang['KB'], ($dbsize / 1024)) : sprintf('%.2f ' . $user->lang['BYTES'], $dbsize));
 	}
 
 	adm_page_header($user->lang['ADMIN_INDEX']);
@@ -461,6 +531,12 @@ elseif ($pane == 'right')
 		<td class="row1" nowrap="nowrap"><?php echo $user->lang['USERS_PER_DAY']; ?>:</td>
 		<td class="row2"><b><?php echo $users_per_day; ?></b></td>
 	</tr>
+	<tr>
+		<td class="row1" nowrap="nowrap"><?php echo $user->lang['NUMBER_FILES']; ?>:</td>
+		<td class="row2"><b><?php echo $total_files; ?></b></td>
+		<td class="row1" nowrap="nowrap"><?php echo $user->lang['FILES_PER_DAY']; ?>:</td>
+		<td class="row2"><b><?php echo $files_per_day; ?></b></td>
+	</tr>
 	<tr>
 		<td class="row1" nowrap="nowrap"><?php echo $user->lang['BOARD_STARTED']; ?>:</td>
 		<td class="row2"><b><?php echo $start_date; ?></b></td>
@@ -470,11 +546,18 @@ elseif ($pane == 'right')
 	<tr>
 		<td class="row1" nowrap="nowrap"><?php echo $user->lang['DATABASE_SIZE']; ?>:</td>
 		<td class="row2"><b><?php echo $dbsize; ?></b></td>
-		<td class="row1" nowrap="nowrap"><?php echo $user->lang['GZIP_COMPRESSION']; ?>:</td>
-		<td class="row2"><b><?php echo ($config['gzip_compress']) ? $user->lang['ON'] : $user->lang['OFF']; ?></b></td>
+		<td class="row1" nowrap="nowrap"><?php echo $user->lang['UPLOAD_DIR_SIZE']; ?>:</td>
+		<td class="row2"><b><?php echo $upload_dir_size; ?></b></td>
 	</tr>
 	<tr>
-		<td class="cat" colspan="4" align="right"><input class="btnlite" type="submit" name="online" value="<?php echo $user->lang['RESET_ONLINE']; ?>" /> &nbsp;<input class="btnlite" type="submit" name="date" value="<?php echo $user->lang['RESET_DATE']; ?>" /> &nbsp;<input class="btnlite" type="submit" name="stats" value="<?php echo $user->lang['RESYNC_STATS']; ?>" />&nbsp;</td>
+		<td class="row1" nowrap="nowrap"><?php echo $user->lang['GZIP_COMPRESSION']; ?>:</td>
+		<td class="row2"><b><?php echo ($config['gzip_compress']) ? $user->lang['ON'] : $user->lang['OFF']; ?></b></td>
+		<td class="row1" nowrap="nowrap">&nbsp;</td>
+		<td class="row2">&nbsp;</td>
+	</tr>
+	<tr>
+		<td class="cat" colspan="4" align="right"><select name="action"><option value="online"><?php echo $user->lang['RESET_ONLINE']; ?></option><option value="date"><?php echo $user->lang['RESET_DATE']; ?></option><option value="stats"><?php echo $user->lang['RESYNC_STATS']; ?></option><option value="user"><?php echo $user->lang['RESYNC_POSTCOUNTS']; ?></option>
+			</select> <input class="btnlite" type="submit" name="submit" value="<?php echo $user->lang['SUBMIT']; ?>" />&nbsp;</td>
 	</tr>
 </table></form>
 
@@ -493,6 +576,7 @@ elseif ($pane == 'right')
 
 	view_log('admin', $log_data, $log_count, 5);
 
+	$row_class = 'row2';
 	for($i = 0; $i < sizeof($log_data); $i++)
 	{
 		$row_class = ($row_class == 'row1') ? 'row2' : 'row1';
@@ -527,9 +611,8 @@ elseif ($pane == 'right')
 <?php
 
 		$sql = 'SELECT user_id, username, user_regdate
-			FROM ' . USERS_TABLE . '
-			WHERE user_active = 0
-				AND user_id <> ' . ANONYMOUS . '
+			FROM ' . USERS_TABLE . ' 
+			WHERE user_type = ' . USER_INACTIVE . ' 
 			ORDER BY user_regdate ASC';
 		$result = $db->sql_query($sql);
 
@@ -552,16 +635,16 @@ elseif ($pane == 'right')
 
 ?>
 	<tr>
-		<td class="cat" colspan="3" height="28" align="right"><input class="btnlite" type="submit" name="activate" value="<?php echo $user->lang['ACTIVATE']; ?>" />&nbsp; <?php 
+		<td class="cat" colspan="3" height="28" align="right"><select name="action"><option value="activate"><?php echo $user->lang['ACTIVATE']; ?></option><?php 
 			
 			if (!empty($config['email_enable']))
 			{
 
-?><input class="btnlite" type="submit" name="remind" value="<?php echo $user->lang['REMIND']; ?>" />&nbsp; <?php
+?><option value="remind"><?php echo $user->lang['REMIND']; ?></option><?php
 
 			}
 
-?><input class="btnlite" type="submit" name="delete" value="<?php echo $user->lang['DELETE']; ?>" />&nbsp;</td>
+?><option value="delete"><?php echo $user->lang['DELETE']; ?></option></select> <input class="btnlite" type="submit" name="submit" value="<?php echo $user->lang['SUBMIT']; ?>" />&nbsp;</td>
 	</tr>
 <?php
 
@@ -644,4 +727,4 @@ else
 	exit;
 }
 
-?>
+?>

phpBB/adm/pagestart.php

@@ -1,46 +1,59 @@
 <?php
-/***************************************************************************
- *                               pagestart.php
- *                            -------------------
- *   begin                : Thursday, Aug 2, 2001
- *   copyright            : (C) 2001 The phpBB Group
- *   email                : support@phpbb.com
- *
- *   $Id$
- *
- ***************************************************************************/
-
-/***************************************************************************
- *
- *   This program is free software; you can redistribute it and/or modify
- *   it under the terms of the GNU General Public License as published by
- *   the Free Software Foundation; either version 2 of the License, or
- *   (at your option) any later version.
- *
- ***************************************************************************/
+/** 
+*
+* @package acp
+* @version $Id$
+* @copyright (c) 2005 phpBB Group 
+* @license http://opensource.org/licenses/gpl-license.php GNU Public License 
+*
+*/
 
 if (!defined('IN_PHPBB'))
 {
-	die('Hacking attempt');
+	exit;
 }
 
-define('IN_ADMIN', true);
+/**
+*/
 define('NEED_SID', true);
+define('IN_ADMIN', true);
 require($phpbb_root_path . 'common.'.$phpEx);
 require($phpbb_root_path . 'includes/functions_admin.'.$phpEx);
 
 // Start session management
-$user->start();
-$user->setup();
+$user->session_begin();
+$auth->acl($user->data);
+$user->setup('admin');
+// End session management
 
 // Did user forget to login? Give 'em a chance to here ...
-if ($user->data['user_id'] == ANONYMOUS)
+if (!$user->data['is_registered'])
 {
-	login_box("index.$phpEx$SID", '', $user->lang['LOGIN_ADMIN']);
+	if ($user->data['is_bot'])
+	{
+		redirect("../index.$phpEx$SID");
+	}
+
+	login_box('', $user->lang['LOGIN_ADMIN'], $user->lang['LOGIN_ADMIN_SUCCESS'], true);
 }
 
-$auth->acl($user->data);
-// End session management
+// Have they authenticated (again) as an admin for this session?
+if (!$user->data['session_admin'])
+{
+	login_box('', $user->lang['LOGIN_ADMIN_CONFIRM'], $user->lang['LOGIN_ADMIN_SUCCESS'], true, false);
+}
+
+// Is user any type of admin? No, then stop here, each script needs to
+// check specific permissions but this is a catchall
+if (!$auth->acl_get('a_'))
+{
+	trigger_error($user->lang['NO_ADMIN']);
+}
+
+// Some oft used variables
+$safe_mode	= (@ini_get('safe_mode') || @strtolower(ini_get('safe_mode')) == 'on') ? true : false;
+$file_uploads = (@ini_get('file_uploads') || strtolower(@ini_get('file_uploads')) == 'on') ? true : false;
+
 
 // -----------------------------
 // Functions
@@ -155,7 +168,7 @@ function adm_page_message($title, $message, $show_header = false)
 
 <table width="100%" cellspacing="0" cellpadding="0" border="0">
 	<tr>
-		<td><a href="../index.<?php echo $phpEx . $SID; ?>"><img src="images/header_left.jpg" width="200" height="60" alt="phpBB Logo" title="phpBB Logo" border="0"/></a></td>
+		<td><a href="<?php echo "../index.$phpEx$SID"; ?>"><img src="images/header_left.jpg" width="200" height="60" alt="phpBB Logo" title="phpBB Logo" border="0"/></a></td>
 		<td width="100%" background="images/header_bg.jpg" height="60" align="right" nowrap="nowrap"><span class="maintitle"><?php echo $user->lang['ADMIN_TITLE']; ?></span> &nbsp; &nbsp; &nbsp;</td>
 	</tr>
 </table>
@@ -168,7 +181,7 @@ function adm_page_message($title, $message, $show_header = false)
 
 <br /><br />
 
-<table class="bg" width="80%" cellpadding="4" cellspacing="1" border="0" align="center">
+<table class="bg" width="80%" cellspacing="1" cellpadding="4" border="0" align="center">
 	<tr>
 		<th><?php echo $title; ?></th>
 	</tr>
@@ -182,6 +195,274 @@ function adm_page_message($title, $message, $show_header = false)
 <?php
 
 }
+
+function adm_page_confirm($title, $message)
+{
+	global $phpEx, $SID, $user;
+
+	// Grab data from GET and POST arrays ... note this is _not_
+	// validated! Everything is typed as string to ensure no
+	// funny business on displayed hidden field data. Validation
+	// will be carried out by whatever processes this form.
+	$var_ary = array_merge($_GET, $_POST);
+
+	$s_hidden_fields = '';
+	foreach ($var_ary as $key => $var)
+	{
+		if (empty($var))
+		{
+			continue;
+		}
+
+		if (is_array($var))
+		{
+			foreach ($var as $k => $v)
+			{
+				if (is_array($v))
+				{
+					foreach ($v as $_k => $_v)
+					{
+						set_var($var[$k][$_k], $_v, 'string');
+						$s_hidden_fields .= "<input type=\"hidden\" name=\"${key}[$k][$_k]\" value=\"" . addslashes($_v) . '" />';
+					}
+				}
+				else
+				{
+					set_var($var[$k], $v, 'string');
+					$s_hidden_fields .= "<input type=\"hidden\" name=\"${key}[$k]\" value=\"" . addslashes($v) . '" />';
+				}
+			}
+		}
+		else
+		{
+			set_var($var, $var, 'string');
+			$s_hidden_fields .= '<input type="hidden" name="' . $key . '" value="' . addslashes($var) . '" />';
+		}
+		unset($var_ary[$key]);
+	}
+
+?>
+
+<br /><br />
+
+<form name="confirm" method="post" action="<?php echo $_SERVER['SCRIPT_NAME'] . $SID; ?>">
+<table class="bg" width="80%" cellspacing="1" cellpadding="4" border="0" align="center">
+	<tr>
+		<th><?php echo $title; ?></th>
+	</tr>
+	<tr>
+		<td class="row1" align="center"><?php echo $message; ?><br /><br /><input class="btnlite" type="submit" name="confirm" value="<?php echo $user->lang['YES']; ?>" />&nbsp;&nbsp;<input class="btnmain" type="submit" name="cancel" value="<?php echo $user->lang['NO']; ?>" /></td>
+	</tr>
+</table>
+
+<?php echo $s_hidden_fields; ?>
+</form>
+
+<br />
+
+<?php
+
+	adm_page_footer();
+
+}
+
+
+function build_cfg_template($tpl_type, $config_key, $options = '')
+{
+	global $new, $user;
+
+	$tpl = '';
+	$name = 'config[' . $config_key . ']';
+
+	switch ($tpl_type[0])
+	{
+		case 'text':
+		case 'password':
+			$size = (int) $tpl_type[1];
+			$maxlength = (int) $tpl_type[2];
+
+			$tpl = '<input class="post" type="' . $tpl_type[0] . '"' . (($size) ? ' size="' . $size . '"' : '') . ' maxlength="' . (($maxlength) ? $maxlength : 255) . '" name="' . $name . '" value="' . $new[$config_key] . '" />';
+			break;
+
+		case 'dimension':
+			$size = (int) $tpl_type[1];
+			$maxlength = (int) $tpl_type[2];
+
+			$tpl = '<input class="post" type="text"' . (($size) ? ' size="' . $size . '"' : '') . ' maxlength="' . (($maxlength) ? $maxlength : 255) . '" name="config[' . $config_key . '_height]" value="' . $new[$config_key . '_height'] . '" /> x <input class="post" type="text"' . (($size) ? ' size="' . $size . '"' : '') . ' maxlength="' . (($maxlength) ? $maxlength : 255) . '" name="config[' . $config_key . '_width]" value="' . $new[$config_key . '_width'] . '" />';
+			break;
+
+		case 'textarea':
+			$rows = (int) $tpl_type[1];
+			$cols = (int) $tpl_type[2];
+
+			$tpl = '<textarea name="' . $name . '" rows="' . $rows . '" cols="' . $cols . '">' . $new[$config_key] . '</textarea>';
+			break;
+
+		case 'radio':
+			$key_yes	= ($new[$config_key]) ? ' checked="checked"' : '';
+			$key_no		= (!$new[$config_key]) ? ' checked="checked"' : '';
+
+			$tpl_type_cond = explode('_', $tpl_type[1]);
+			$type_no = ($tpl_type_cond[0] == 'disabled' || $tpl_type_cond[0] == 'enabled') ? false : true;
+
+			$tpl_no = '<input type="radio" name="' . $name . '" value="0"' . $key_no . ' />' . (($type_no) ? $user->lang['NO'] : $user->lang['DISABLED']);
+			$tpl_yes = '<input type="radio" name="' . $name . '" value="1"' . $key_yes . ' />' . (($type_no) ? $user->lang['YES'] : $user->lang['ENABLED']);
+
+			$tpl = ($tpl_type_cond[0] == 'yes' || $tpl_type_cond[0] == 'enabled') ? $tpl_yes . '&nbsp;&nbsp;' . $tpl_no : $tpl_no . '&nbsp;&nbsp;' . $tpl_yes;
+			break;
+
+		case 'select':
+			eval('$s_options = ' . str_replace('{VALUE}', $new[$config_key], $options) . ';');
+			$tpl = '<select name="' . $name . '">' . $s_options . '</select>';
+			break;
+
+		case 'custom':
+			eval('$tpl = ' . str_replace('{VALUE}', $new[$config_key], $options) . ';');
+			break;
+
+		default:
+			break;
+	}
+
+	return $tpl;
+}
+
+
+/**
+* @package acp
+* General ACP module class
+*/
+class module
+{
+	var $id = 0;
+	var $type;
+	var $name;
+	var $mode;
+
+	// Private methods, should not be overwritten
+	function create($module_type, $module_url, $selected_mod = false, $selected_submod = false)
+	{
+		global $template, $auth, $db, $user, $config;
+
+		$sql = 'SELECT module_id, module_title, module_filename, module_subs, module_acl
+			FROM ' . MODULES_TABLE . "
+			WHERE module_type = 'acp'
+				AND module_enabled = 1
+			ORDER BY module_order ASC";
+		$result = $db->sql_query($sql);
+
+		while ($row = $db->sql_fetchrow($result))
+		{
+			// Authorisation is required for the basic module
+			if ($row['module_acl'])
+			{
+				$is_auth = false;
+
+				eval('$is_auth = (' . preg_replace(array('#acl_([a-z_]+)#e', '#cfg_([a-z_]+)#e'), array('$auth->acl_get("\\1")', '$config["\\1"]'), $row['module_acl']) . ');');
+
+				// The user is not authorised to use this module, skip it
+				if (!$is_auth)
+				{
+					continue;
+				}
+			}
+
+			$selected = ($row['module_filename'] == $selected_mod || $row['module_id'] == $selected_mod || (!$selected_mod && !$i)) ?  true : false;
+/*
+			// Get the localised lang string if available, or make up our own otherwise
+			$template->assign_block_vars($module_type . '_section', array(
+				'L_TITLE'		=> (isset($user->lang[strtoupper($module_type) . '_' . $row['module_title']])) ? $user->lang[strtoupper($module_type) . '_' . $row['module_title']] : ucfirst(str_replace('_', ' ', strtolower($row['module_title']))),
+				'S_SELECTED'	=> $selected,
+				'U_TITLE'		=> $module_url . '&amp;i=' . $row['module_id'])
+			);
+*/
+			if ($selected)
+			{
+				$module_id = $row['module_id'];
+				$module_name = $row['module_filename'];
+
+				if ($row['module_subs'])
+				{
+					$j = 0;
+					$submodules_ary = explode("\n", $row['module_subs']);
+					foreach ($submodules_ary as $submodule)
+					{
+						$submodule = explode(',', trim($submodule));
+						$submodule_title = array_shift($submodule);
+
+						$is_auth = true;
+						foreach ($submodule as $auth_option)
+						{
+							if (!$auth->acl_get($auth_option))
+							{
+								$is_auth = false;
+							}
+						}
+
+						if (!$is_auth)
+						{
+							continue;
+						}
+
+						$selected = ($submodule_title == $selected_submod || (!$selected_submod && !$j)) ? true : false;
+/*
+						// Get the localised lang string if available, or make up our own otherwise
+						$template->assign_block_vars("{$module_type}_section.{$module_type}_subsection", array(
+							'L_TITLE'		=> (isset($user->lang[strtoupper($module_type) . '_' . strtoupper($submodule_title)])) ? $user->lang[strtoupper($module_type) . '_' . strtoupper($submodule_title)] : ucfirst(str_replace('_', ' ', strtolower($submodule_title))),
+							'S_SELECTED'	=> $selected,
+							'U_TITLE'		=> $module_url . '&amp;i=' . $module_id . '&amp;mode=' . $submodule_title
+						));
+*/
+						if ($selected)
+						{
+							$this->mode = $submodule_title;
+						}
+
+						$j++;
+					}
+				}
+			}
+
+			$i++;
+		}
+		$db->sql_freeresult($result);
+
+		if (!$module_id)
+		{
+			trigger_error('MODULE_NOT_EXIST');
+		}
+
+		$this->type = $module_type;
+		$this->id = $module_id;
+		$this->name = $module_name;
+	}
+
+	// Public methods to be overwritten by modules
+	function module()
+	{
+		// Module name
+		// Module filename
+		// Module description
+		// Module version
+		// Module compatibility
+		return false;
+	}
+
+	function init()
+	{
+		return false;
+	}
+
+	function install()
+	{
+		return false;
+	}
+
+	function uninstall()
+	{
+		return false;
+	}
+}
 // End Functions
 // -----------------------------
 

phpBB/adm/subSilver.css

@@ -60,23 +60,16 @@ h2 {
 /*
 	Anchors
 */
-a:link, a:active, a:visited {
-	color:	#006699;
-	text-decoration:	none;
-}
-a:hover {
-	color:				#DD6900;
-	text-decoration:	underline;
-}
+a:link, a:active, a:visited { color: #006699; text-decoration: none; }
+a:hover { color: #DD6900; text-decoration: underline; }
 
-a.nav {
-	color:				#006699;
-	text-decoration:	none;
-}
-a.nav:hover {
-	text-decoration:	underline;
-}
+a.nav { color: #006699; text-decoration: none; }
+a.nav:hover { text-decoration: underline; }
 
+a.th:link { color: #FFA34F; text-decoration: none; }
+a.th:active { color: #FFA34F; text-decoration: none; }
+a.th:visited { color: #FFA34F; text-decoration: none; }
+a.th:hover {  color: #FFA34F; text-decoration: underline; }
 
 /*
 	Non-tag specific
@@ -92,7 +85,7 @@ a.nav:hover {
 }
 .nav {
 	color:	black;
-	font:	bold 11px;
+	font:	bold 7pt;
 }
 .forumlink {
 	font:	bold 120% Verdana, Arial, Helvetica, sans-serif;
@@ -220,3 +213,5 @@ textarea.edit {
 	font-weight:		normal;
 	border-width:		1px;
 }
+
+.helpline { background-color: #DEE3E7; border-style: none; }

phpBB/adm/swatch.php

@@ -1,6 +1,6 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
 <html>
-<title>phpBB 2.2 Color Swatch</title>
+<title>phpBB3 Color Swatch</title>
 <style type="text/css">
 
 td {
@@ -37,17 +37,17 @@ td {
 			{
 				color = String(numberList[r]) + String(numberList[g]) + String(numberList[b]);
 				document.write('<td bgcolor="#' + color + '" onmouseover="this.className=\'over\'" onmouseout="this.className=\'out\'">');
-				document.write('<a href="javascript:cell(\'' + color + '\');"><img src="../images/spacer.gif" width="15" height="12" border="0" alt="#' + color + '" title="#' + color + '" /></a>');
-				document.writeln('</td>');
+				document.write('<a href="javascript:cell(\'' + color + '\');"><img src="../images/spacer.gif" width="15" height="12" border="0" alt="#' + color + '" title="#' + color + '" \/><\/a>');
+				document.writeln('<\/td>');
 			}
 		}
-		document.writeln('</tr>');
+		document.writeln('<\/tr>');
 	}
-	document.writeln('</table>');
+	document.writeln('<\/table>');
 
 function cell(color)
 {
-	opener.document.forms['<?php echo htmlspecialchars(addslashes($_GET['form'])); ?>'].<?php echo htmlspecialchars(addslashes($_GET['name'])); ?>.value = '#' + color;
+	opener.document.forms['<?php echo htmlspecialchars(addslashes($_GET['form'])); ?>'].<?php echo htmlspecialchars(addslashes($_GET['name'])); ?>.value = color;
 }
 //-->
 </script>

phpBB/common.php

@@ -1,27 +1,22 @@
 <?php
-/***************************************************************************
- *                                common.php
- *                            -------------------
- *   begin                : Saturday, Feb 23, 2001
- *   copyright            : (C) 2001 The phpBB Group
- *   email                : support@phpbb.com
- *
- *   $Id$
- *
- ***************************************************************************/
+/** 
+*
+* @package phpBB3
+* @version $Id$
+* @copyright (c) 2005 phpBB Group 
+* @license http://opensource.org/licenses/gpl-license.php GNU Public License 
+*
+*/
 
-/***************************************************************************
- *
- *   This program is free software; you can redistribute it and/or modify
- *   it under the terms of the GNU General Public License as published by
- *   the Free Software Foundation; either version 2 of the License, or
- *   (at your option) any later version.
- *
- ***************************************************************************/
+// Remove the following line to enable this software, be sure you note what it
+// says before continuing
+die('This software is unsupported in any and all respects. By removing this notice (found in common.php) you are noting your acceptance of this. Do not ask support questions of any kind for this release at either area51.phpbb.com or www.phpbb.com. Support for this version will appear when the beta cycle begins');
 
+/**
+*/
 if (!defined('IN_PHPBB'))
 {
-	die('Hacking attempt');
+	exit;
 }
 
 $starttime = explode(' ', microtime());
@@ -40,15 +35,12 @@ if (@ini_get('register_globals'))
 	}
 }
 
-// If magic quotes is off, addslashes
-if (!get_magic_quotes_gpc())
+if (defined('IN_CRON'))
 {
-	$_GET = slash_input_data($_GET);
-	$_POST = slash_input_data($_POST);
-	$_COOKIE = slash_input_data($_COOKIE);
+	chdir($phpbb_root_path);
+	$phpbb_root_path = getcwd() . '/';
 }
 
-
 require($phpbb_root_path . 'config.'.$phpEx);
 
 if (!defined('PHPBB_INSTALLED'))
@@ -57,6 +49,15 @@ if (!defined('PHPBB_INSTALLED'))
 	exit;
 }
 
+if (defined('DEBUG_EXTRA'))
+{
+	$base_memory_usage = 0;
+	if (function_exists('memory_get_usage'))
+	{
+		$base_memory_usage = memory_get_usage();
+	}
+}
+
 // Load Extensions
 if (!empty($load_extensions))
 {
@@ -68,133 +69,16 @@ if (!empty($load_extensions))
 	}
 }
 
+define('STRIP', (get_magic_quotes_gpc()) ? true : false);
+
 // Include files
-require($phpbb_root_path . 'includes/acm/acm_' . $acm_type . '.'.$phpEx);
-require($phpbb_root_path . 'includes/db/' . $dbms . '.'.$phpEx);
-require($phpbb_root_path . 'includes/template.'.$phpEx);
-require($phpbb_root_path . 'includes/session.'.$phpEx);
-require($phpbb_root_path . 'includes/functions.'.$phpEx);
-
-// User related
-define('ANONYMOUS', 1);
-
-define('USER_ACTIVATION_NONE', 0);
-define('USER_ACTIVATION_SELF', 1);
-define('USER_ACTIVATION_ADMIN', 2);
-define('USER_ACTIVATION_DISABLE', 3);
-define('USER_ACTIVATION_SELF_ADMIN', 4);
-
-define('AVATAR_UPLOAD', 1);
-define('AVATAR_REMOTE', 2);
-define('AVATAR_GALLERY', 3);
-
-// ACL
-define('ACL_NO', 0);
-define('ACL_YES', 1);
-define('ACL_UNSET', -1);
-
-// Group settings
-define('GROUP_OPEN', 0);
-define('GROUP_CLOSED', 1);
-define('GROUP_HIDDEN', 2);
-define('GROUP_SPECIAL', 3);
-define('GROUP_FREE', 4);
-
-// Forum/Topic states
-define('FORUM_CAT', 0);
-define('FORUM_POST', 1);
-define('FORUM_LINK', 2);
-define('ITEM_UNLOCKED', 0);
-define('ITEM_LOCKED', 1);
-define('ITEM_MOVED', 2);
-
-// Topic types
-define('POST_NORMAL', 0);
-define('POST_STICKY', 1);
-define('POST_ANNOUNCE', 2);
-define('POST_GLOBAL', 3);
-
-// Lastread types
-define('TRACK_NORMAL', 0); // not used at the moment
-define('TRACK_POSTED', 1);
-
-// Log types
-define('LOG_ADMIN', 0);
-define('LOG_MOD', 1);
-define('LOG_CRITICAL', 2);
-
-// Private messaging
-define('PRIVMSGS_READ_MAIL', 0);
-define('PRIVMSGS_NEW_MAIL', 1);
-define('PRIVMSGS_UNREAD_MAIL', 5);
-
-// Download Modes - Attachments
-define('INLINE_LINK', 1);
-define('PHYSICAL_LINK', 2);
-
-// Categories - Attachments
-define('NONE_CAT', 0);
-define('IMAGE_CAT', 1); // Inline Images
-define('WM_CAT', 2); // Windows Media Files - Streaming
-define('RM_CAT', 3); // Real Media Files - Streaming
-define('THUMB_CAT', 4); // Not used within the database, only while displaying posts
-//define('SWF_CAT', 5); // Replaced by [flash] ? or an additional possibility ?
-
-// BBCode UID length
-define('BBCODE_UID_LEN', 5);
-
-// Table names
-define('ACL_GROUPS_TABLE', $table_prefix.'auth_groups');
-define('ACL_OPTIONS_TABLE', $table_prefix.'auth_options');
-define('ACL_DEPS_TABLE', $table_prefix.'auth_deps');
-define('ACL_PRESETS_TABLE', $table_prefix.'auth_presets');
-define('ACL_USERS_TABLE', $table_prefix.'auth_users');
-define('ATTACHMENTS_TABLE', $table_prefix.'attachments');
-define('ATTACHMENTS_DESC_TABLE', $table_prefix.'attach_desc');
-define('BANLIST_TABLE', $table_prefix.'banlist');
-define('BBCODES_TABLE', $table_prefix.'bbcodes');
-define('CACHE_TABLE', $table_prefix.'cache');
-define('CONFIG_TABLE', $table_prefix.'config');
-define('CONFIRM_TABLE', $table_prefix.'confirm');
-define('DISALLOW_TABLE', $table_prefix.'disallow'); //
-define('EXTENSIONS_TABLE', $table_prefix.'extensions');
-define('EXTENSION_GROUPS_TABLE', $table_prefix.'extension_groups');
-define('FORUMS_TABLE', $table_prefix.'forums');
-define('FORUMS_TRACK_TABLE', $table_prefix.'forums_marking');
-define('FORUMS_WATCH_TABLE', $table_prefix.'forums_watch');
-define('GROUPS_TABLE', $table_prefix.'groups');
-define('GROUPS_MODERATOR_TABLE', $table_prefix.'groups_moderator');
-define('ICONS_TABLE', $table_prefix.'icons');
-define('LANG_TABLE', $table_prefix.'lang');
-define('LOG_TABLE', $table_prefix.'log');
-define('MODERATOR_TABLE', $table_prefix.'moderator_cache');
-define('POSTS_TABLE', $table_prefix.'posts');
-define('POSTS_TEXT_TABLE', $table_prefix.'posts_text');
-define('PRIVMSGS_TABLE', $table_prefix.'privmsgs');
-define('PRIVMSGS_TEXT_TABLE', $table_prefix.'privmsgs_text');
-define('RANKS_TABLE', $table_prefix.'ranks');
-define('RATINGS_TABLE', $table_prefix.'ratings');
-define('REPORTS_TABLE', $table_prefix.'reports');
-define('REASONS_TABLE', $table_prefix.'reports_reasons');
-define('SEARCH_TABLE', $table_prefix.'search_results');
-define('SEARCH_WORD_TABLE', $table_prefix.'search_wordlist');
-define('SEARCH_MATCH_TABLE', $table_prefix.'search_wordmatch');
-define('SESSIONS_TABLE', $table_prefix.'sessions');
-define('SMILIES_TABLE', $table_prefix.'smilies');
-define('STYLES_TABLE', $table_prefix.'styles');
-define('STYLES_TPL_TABLE', $table_prefix.'styles_template');
-define('STYLES_TPLDATA_TABLE', $table_prefix.'styles_template_data');
-define('STYLES_CSS_TABLE', $table_prefix.'styles_theme');
-define('STYLES_IMAGE_TABLE', $table_prefix.'styles_imageset');
-define('TOPICS_TABLE', $table_prefix.'topics');
-define('TOPICS_TRACK_TABLE', $table_prefix.'topics_marking');
-define('TOPICS_WATCH_TABLE', $table_prefix.'topics_watch');
-define('UCP_MODULES_TABLE', $table_prefix.'ucp_modules');
-define('USER_GROUP_TABLE', $table_prefix.'user_group');
-define('USERS_TABLE', $table_prefix.'users');
-define('WORDS_TABLE', $table_prefix.'words');
-define('POLL_OPTIONS_TABLE', $table_prefix.'poll_results');
-define('POLL_VOTES_TABLE', $table_prefix.'poll_voters');
+require($phpbb_root_path . 'includes/acm/acm_' . $acm_type . '.' . $phpEx);
+require($phpbb_root_path . 'includes/acm/acm_main.' . $phpEx);
+require($phpbb_root_path . 'includes/db/' . $dbms . '.' . $phpEx);
+require($phpbb_root_path . 'includes/template.' . $phpEx);
+require($phpbb_root_path . 'includes/session.' . $phpEx);
+require($phpbb_root_path . 'includes/functions.' . $phpEx);
+require($phpbb_root_path . 'includes/constants.' . $phpEx);
 
 // Set PHP error handler to ours
 set_error_handler('msg_handler');
@@ -203,65 +87,17 @@ set_error_handler('msg_handler');
 $user		= new user();
 $auth		= new auth();
 $template	= new template();
-$cache		= new acm();
-$db			= new sql_db();
+$cache		= new cache();
+$db			= new $sql_db();
 
 // Connect to DB
 $db->sql_connect($dbhost, $dbuser, $dbpasswd, $dbname, $dbport, false);
 
+// We do not need this any longer, unset for safety purposes
+unset($dbpasswd);
+
 // Grab global variables, re-cache if necessary
-if ($config = $cache->get('config'))
-{
-	$sql = 'SELECT * 
-		FROM ' . CONFIG_TABLE . '
-		WHERE is_dynamic = 1';
-	$result = $db->sql_query($sql);
-
-	while ($row = $db->sql_fetchrow($result))
-	{
-		$config[$row['config_name']] = $row['config_value'];
-	}
-}
-else
-{
-	$config = $cached_config = array();
-
-	$sql = 'SELECT * 
-		FROM ' . CONFIG_TABLE;
-	$result = $db->sql_query($sql);
-
-	while ($row = $db->sql_fetchrow($result))
-	{
-		if (!$row['is_dynamic'])
-		{
-			$cached_config[$row['config_name']] = $row['config_value'];
-		}
-
-		$config[$row['config_name']] = $row['config_value'];
-	}
-	$db->sql_freeresult($result);
-
-	$cache->put('config', $cached_config);
-	unset($cached_config);
-}
-
-/*
-if (time() - $config['cache_interval'] >= $config['cache_last_gc'])
-{
-	$cache->tidy($config['cache_gc']);
-}
-*/
-
-// Handle email/cron queue.
-if (time() - $config['queue_interval'] >= $config['last_queue_run'] && !defined('IN_ADMIN'))
-{
-	if (file_exists($phpbb_root_path . 'cache/queue.' . $phpEx))
-	{
-		include($phpbb_root_path . 'includes/emailer.'.$phpEx);
-		$queue = new queue();
-		$queue->process();
-	}
-}
+$config = $cache->obtain_config();
 
 // Warn about install/ directory
 if (file_exists('install'))
@@ -269,24 +105,4 @@ if (file_exists('install'))
 //	trigger_error('REMOVE_INSTALL');
 }
 
-// Show 'Board is disabled' message
-if ($config['board_disable'] && !defined('IN_ADMIN') && !defined('IN_LOGIN'))
-{
-	$message = (!empty($config['board_disable_msg'])) ? $config['board_disable_msg'] : 'BOARD_DISABLE';
-	trigger_error($message);
-}
-
-// addslashes to vars if magic_quotes_gpc is off
-function slash_input_data(&$data)
-{
-	if (is_array($data))
-	{
-		foreach ($data as $k => $v)
-		{
-			$data[$k] = (is_array($v)) ? slash_input_data($v) : addslashes($v);
-		}
-	}
-	return $data;
-}
-
 ?>

phpBB/cron.php

@@ -0,0 +1,85 @@
+<?php 
+/** 
+*
+* @package phpBB3
+* @version $Id$
+* @copyright (c) 2005 phpBB Group 
+* @license http://opensource.org/licenses/gpl-license.php GNU Public License 
+*
+*/
+
+/**
+*/
+define('IN_PHPBB', true);
+define('IN_CRON', true);
+$phpbb_root_path = './';
+$phpEx = substr(strrchr(__FILE__, '.'), 1);
+include($phpbb_root_path . 'common.'.$phpEx);
+
+$cron_type = request_var('cron_type', '');
+
+$use_shutdown_function = (@function_exists('register_shutdown_function')) ? true : false;
+
+// Run cron-like action
+// Real cron-based layer will be introduced in 3.2
+switch ($cron_type)
+{
+	case 'queue':
+		include_once($phpbb_root_path . 'includes/functions_messenger.'.$phpEx);
+		$queue = new queue();
+		if ($use_shutdown_function)
+		{
+			register_shutdown_function(array(&$queue, 'process'));
+		}
+		else
+		{
+			$queue->process();
+		}
+		break;
+
+	case 'tidy_cache':
+		if ($use_shutdown_function)
+		{
+			register_shutdown_function(array(&$cache, 'tidy'));
+		}
+		else
+		{
+			$cache->tidy();
+		}
+		break;
+
+	case 'tidy_database':
+		include_once($phpbb_root_path . 'includes/functions_admin.'.$phpEx);
+
+		if ($use_shutdown_function)
+		{
+			register_shutdown_function('tidy_database');
+		}
+		else
+		{
+			tidy_database();
+		}
+		break;
+		
+	case 'tidy_login_keys':
+		if ($use_shutdown_function)
+		{
+			register_shutdown_function(array(&$user, 'tidy_login_keys'));
+		}
+		else
+		{
+			$user->tidy_login_keys();
+		}
+}
+
+// Output transparent gif
+header('Cache-Control: no-cache');
+header('Content-type: image/gif');
+header('Content-length: 43');
+
+echo base64_decode('R0lGODlhAQABAIAAAP///wAAACH5BAEAAAAALAAAAAABAAEAAAICRAEAOw==');
+
+flush();
+exit;
+
+?>

phpBB/develop/add_permissions.php

@@ -0,0 +1,425 @@
+<?php
+// -------------------------------------------------------------
+//
+// $Id$
+//
+// FILENAME  : add_permissions.php
+// STARTED   : Sat Nov 06, 2004
+// COPYRIGHT : <20> 2004 phpBB Group
+// WWW       : http://www.phpbb.com/
+// LICENCE   : GPL vs2.0 [ see /docs/COPYING ] 
+// 
+// -------------------------------------------------------------
+
+//
+// Security message:
+//
+// This script is potentially dangerous.
+// Remove or comment the next line (die(".... ) to enable this script.
+// Do NOT FORGET to either remove this script or disable it after you have used it.
+//
+die("Please read the first lines of this script for instructions on how to enable it");
+
+
+// This script adds missing permissions
+$db = $dbhost = $dbuser = $dbpasswd = $dbport = $dbname = '';
+
+define('IN_PHPBB', 1);
+define('ANONYMOUS', 1);
+$phpEx = substr(strrchr(__FILE__, '.'), 1);
+$phpbb_root_path='./../';
+include($phpbb_root_path . 'config.'.$phpEx);
+require($phpbb_root_path . 'includes/acm/acm_' . $acm_type . '.'.$phpEx);
+require($phpbb_root_path . 'includes/db/' . $dbms . '.'.$phpEx);
+include($phpbb_root_path . 'includes/functions.'.$phpEx);
+
+define('ACL_NO', 0);
+define('ACL_YES', 1);
+define('ACL_UNSET', -1);
+
+define('ACL_GROUPS_TABLE', $table_prefix.'auth_groups');
+define('ACL_OPTIONS_TABLE', $table_prefix.'auth_options');
+define('ACL_USERS_TABLE', $table_prefix.'auth_users');
+define('GROUPS_TABLE', $table_prefix.'groups');
+define('USERS_TABLE', $table_prefix.'users');
+
+$cache		= new acm();
+$db			= new sql_db();
+
+// Connect to DB
+$db->sql_connect($dbhost, $dbuser, $dbpasswd, $dbname, $dbport, false);
+
+// auth => is_local, is_global
+$f_permissions = array(
+	'f_'		=> array(1, 0),
+	'f_list'	=> array(1, 0),
+	'f_read'	=> array(1, 0),
+	'f_post'	=> array(1, 0),
+	'f_reply'	=> array(1, 0),
+	'f_quote'	=> array(1, 0),
+	'f_edit'	=> array(1, 0),
+	'f_user_lock'	=> array(1, 0),
+	'f_delete'	=> array(1, 0),
+	'f_bump'	=> array(1, 0),
+	'f_poll'	=> array(1, 0),
+	'f_vote'	=> array(1, 0),
+	'f_votechg'	=> array(1, 0),
+	'f_announce'=> array(1, 0),
+	'f_sticky'	=> array(1, 0),
+	'f_attach'	=> array(1, 0),
+	'f_download'=> array(1, 0),
+	'f_icons'	=> array(1, 0),
+	'f_html'	=> array(1, 0),
+	'f_bbcode'	=> array(1, 0),
+	'f_smilies'	=> array(1, 0),
+	'f_img'		=> array(1, 0),
+	'f_flash'	=> array(1, 0),
+	'f_sigs'	=> array(1, 0),
+	'f_search'	=> array(1, 0),
+	'f_email'	=> array(1, 0),
+	'f_rate'	=> array(1, 0),
+	'f_print'	=> array(1, 0),
+	'f_ignoreflood'	=> array(1, 0),
+	'f_postcount'	=> array(1, 0),
+	'f_moderate'=> array(1, 0),
+	'f_report'	=> array(1, 0),
+	'f_subscribe'	=> array(1, 0),
+);
+
+$m_permissions = array(
+	'm_'		=> array(1, 1),
+	'm_edit'	=> array(1, 1),
+	'm_delete'	=> array(1, 1),
+	'm_move'	=> array(1, 1),
+	'm_lock'	=> array(1, 1),
+	'm_split'	=> array(1, 1),
+	'm_merge'	=> array(1, 1),
+	'm_approve'	=> array(1, 1),
+	'm_unrate'	=> array(1, 1),
+	'm_auth'	=> array(1, 1),
+	'm_ip'		=> array(1, 1),
+	'm_info'	=> array(1, 1),
+);
+
+$a_permissions = array(
+	'a_'		=> array(0, 1),
+	'a_server'	=> array(0, 1),
+	'a_defaults'=> array(0, 1),
+	'a_board'	=> array(0, 1),
+	'a_cookies'	=> array(0, 1),
+	'a_clearlogs'	=> array(0, 1),
+	'a_words'	=> array(0, 1),
+	'a_icons'	=> array(0, 1),
+	'a_bbcode'	=> array(0, 1),
+	'a_attach'	=> array(0, 1),
+	'a_email'	=> array(0, 1),
+	'a_styles'	=> array(0, 1),
+	'a_user'	=> array(0, 1),
+	'a_useradd'	=> array(0, 1),
+	'a_userdel'	=> array(0, 1),
+	'a_ranks'	=> array(0, 1),
+	'a_ban'		=> array(0, 1),
+	'a_names'	=> array(0, 1),
+	'a_group'	=> array(0, 1),
+	'a_groupadd'=> array(0, 1),
+	'a_groupdel'=> array(0, 1),
+	'a_forum'	=> array(0, 1),
+	'a_forumadd'=> array(0, 1),
+	'a_forumdel'=> array(0, 1),
+	'a_prune'	=> array(0, 1),
+	'a_auth'	=> array(0, 1),
+	'a_authmods'=> array(0, 1),
+	'a_authadmins'	=> array(0, 1),
+	'a_authusers'	=> array(0, 1),
+	'a_authgroups'	=> array(0, 1),
+	'a_authdeps'=> array(0, 1),
+	'a_backup'	=> array(0, 1),
+	'a_restore'	=> array(0, 1),
+	'a_search'	=> array(0, 1),
+	'a_events'	=> array(0, 1),
+	'a_cron'	=> array(0, 1),
+);
+
+$u_permissions = array(
+	'u_'			=> array(0, 1),
+	'u_sendemail'	=> array(0, 1),
+	'u_readpm'		=> array(0, 1),
+	'u_sendpm'		=> array(0, 1),
+	'u_sendim'		=> array(0, 1),
+	'u_hideonline'	=> array(0, 1),
+	'u_viewonline'	=> array(0, 1),
+	'u_viewprofile'	=> array(0, 1),
+	'u_chgavatar'	=> array(0, 1),
+	'u_chggrp'		=> array(0, 1),
+	'u_chgemail'	=> array(0, 1),
+	'u_chgname'		=> array(0, 1),
+	'u_chgpasswd'	=> array(0, 1),
+	'u_chgcensors'	=> array(0, 1),
+	'u_search'		=> array(0, 1),
+	'u_savedrafts'	=> array(0, 1),
+	'u_download'	=> array(0, 1),
+	'u_attach'		=> array(0, 1),
+	'u_sig'			=> array(0, 1),
+	'u_pm_attach'	=> array(0, 1),
+	'u_pm_html'		=> array(0, 1),
+	'u_pm_bbcode'	=> array(0, 1),
+	'u_pm_smilies'	=> array(0, 1),
+	'u_pm_download'	=> array(0, 1),
+	'u_pm_report'	=> array(0, 1),
+	'u_pm_edit'		=> array(0, 1),
+	'u_pm_printpm'	=> array(0, 1),
+	'u_pm_emailpm'	=> array(0, 1),
+	'u_pm_forward'	=> array(0, 1),
+	'u_pm_delete'	=> array(0, 1),
+	'u_pm_img'		=> array(0, 1),
+	'u_pm_flash'	=> array(0, 1),
+);
+
+echo "<p><b>Determining existing permissions</b></p>\n";
+
+$sql = 'SELECT auth_option_id, auth_option FROM ' . ACL_OPTIONS_TABLE;
+$result = $db->sql_query($sql);
+
+$remove_auth_options = array();
+while ($row = $db->sql_fetchrow($result))
+{
+	if (!in_array($row['auth_option'], array_keys(${substr($row['auth_option'], 0, 2) . 'permissions'})))
+	{
+		$remove_auth_options[$row['auth_option']] = $row['auth_option_id'];
+	}
+	unset(${substr($row['auth_option'], 0, 2) . 'permissions'}[$row['auth_option']]);
+}
+$db->sql_freeresult($result);
+
+if (sizeof($remove_auth_options))
+{
+	$db->sql_query('DELETE FROM ' . ACL_USERS_TABLE . ' WHERE auth_option_id IN (' . implode(', ', $remove_auth_options) . ')');
+	$db->sql_query('DELETE FROM ' . ACL_GROUPS_TABLE . ' WHERE auth_option_id IN (' . implode(', ', $remove_auth_options) . ')');
+	$db->sql_query('DELETE FROM ' . ACL_OPTIONS_TABLE . ' WHERE auth_option_id IN (' . implode(', ', $remove_auth_options) . ')');
+
+	echo '<p><b>Removed the following auth options... [<i>' . implode(', ', array_keys($remove_auth_options)) . "</i>]</b></p>\n\n";
+}
+
+$prefixes = array('f_', 'a_', 'm_', 'u_');
+
+foreach ($prefixes as $prefix)
+{
+	$var = $prefix . 'permissions';
+	if (sizeof($$var))
+	{
+		foreach ($$var as $auth_option => $l_ary)
+		{
+			$sql_ary = array(
+				'auth_option'	=> $auth_option,
+				'is_local'		=> $l_ary[0],
+				'is_global'		=> $l_ary[1]
+			);
+
+			$db->sql_query('INSERT INTO ' . ACL_OPTIONS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary));
+		
+			echo "<p><b>Adding $auth_option...</b></p>\n";
+
+			mass_auth('group', 0, 'guests', $auth_option, ACL_NO);
+			mass_auth('group', 0, 'inactive', $auth_option, ACL_NO);
+			mass_auth('group', 0, 'inactive_coppa', $auth_option, ACL_NO);
+			mass_auth('group', 0, 'registered_coppa', $auth_option, ACL_NO);
+			mass_auth('group', 0, 'registered', $auth_option, (($prefix != 'm_' && $prefix != 'a_') ? ACL_YES : ACL_NO));
+			mass_auth('group', 0, 'super_moderators', $auth_option, (($prefix != 'a_') ? ACL_YES : ACL_NO));
+			mass_auth('group', 0, 'administrators', $auth_option, ACL_YES);
+			mass_auth('group', 0, 'bots', $auth_option, (($prefix != 'm_' && $prefix != 'a_') ? ACL_YES : ACL_NO));
+		}
+	}
+}
+
+$sql = 'UPDATE ' . USERS_TABLE . " SET user_permissions = ''";
+$db->sql_query($sql);
+
+$cache->destroy('acl_options');
+$cache->save();
+
+echo "<p><b>Done</b></p>\n";
+ 
+/*
+	$ug_type = user|group
+	$forum_id = forum ids (array|int|0) -> 0 == all forums
+	$ug_id = [int] user_id|group_id : [string] usergroup name
+	$acl_list = [string] acl entry : [array] acl entries
+	$setting = ACL_YES|ACL_NO|ACL_UNSET
+*/
+function mass_auth($ug_type, $forum_id, $ug_id, $acl_list, $setting)
+{
+	global $db;
+	static $acl_option_ids, $group_ids;
+
+	if ($ug_type == 'group' && is_string($ug_id))
+	{
+		if (!isset($group_ids[$ug_id]))
+		{
+			$sql = 'SELECT group_id FROM ' . GROUPS_TABLE . " 
+				WHERE group_name = '" . strtoupper($ug_id) . "'";
+			$result = $db->sql_query_limit($sql, 1);
+			$id = (int) $db->sql_fetchfield('group_id', 0, $result);
+			$db->sql_freeresult($result);
+
+			if (!$id)
+			{
+				return;
+			}
+
+			$group_ids[$ug_id] = $id;
+		}
+
+		$ug_id = (int) $group_ids[$ug_id];
+	}
+
+	// Build correct parameters
+	$auth = array();
+
+	if (!is_array($acl_list))
+	{
+		$auth = array($acl_list => $setting);
+	}
+	else
+	{
+		foreach ($acl_list as $auth_option)
+		{
+			$auth[$auth_option] = $setting;
+		}
+	}
+	unset($acl_list);
+
+	if (!is_array($forum_id))
+	{
+		$forum_id = array($forum_id);
+	}
+
+	// Set any flags as required
+	foreach ($auth as $auth_option => $acl_setting)
+	{
+		$flag = substr($auth_option, 0, strpos($auth_option, '_') + 1);
+		if (empty($auth[$flag]))
+		{
+			$auth[$flag] = $acl_setting;
+		}
+	}
+
+	if (!is_array($acl_option_ids) || empty($acl_option_ids))
+	{
+		$sql = 'SELECT auth_option_id, auth_option
+			FROM ' . ACL_OPTIONS_TABLE;
+		$result = $db->sql_query($sql);
+
+		while ($row = $db->sql_fetchrow($result))
+		{
+			$acl_option_ids[$row['auth_option']] = $row['auth_option_id'];
+		}
+		$db->sql_freeresult($result);
+	}
+
+	$sql_forum = 'AND a.forum_id IN (' . implode(', ', array_map('intval', $forum_id)) . ')';
+
+	$sql = ($ug_type == 'user') ? 'SELECT o.auth_option_id, o.auth_option, a.forum_id, a.auth_setting FROM ' . ACL_USERS_TABLE . ' a, ' . ACL_OPTIONS_TABLE . " o WHERE a.auth_option_id = o.auth_option_id $sql_forum AND a.user_id = $ug_id" : 'SELECT o.auth_option_id, o.auth_option, a.forum_id, a.auth_setting FROM ' . ACL_GROUPS_TABLE . ' a, ' . ACL_OPTIONS_TABLE . " o WHERE a.auth_option_id = o.auth_option_id $sql_forum AND a.group_id = $ug_id";
+	$result = $db->sql_query($sql);
+
+	$cur_auth = array();
+	while ($row = $db->sql_fetchrow($result))
+	{
+		$cur_auth[$row['forum_id']][$row['auth_option_id']] = $row['auth_setting'];
+	}
+	$db->sql_freeresult($result);
+
+	$table = ($ug_type == 'user') ? ACL_USERS_TABLE : ACL_GROUPS_TABLE;
+	$id_field  = $ug_type . '_id';
+
+	$sql_ary = array();
+	foreach ($forum_id as $forum)
+	{
+		foreach ($auth as $auth_option => $setting)
+		{
+			$auth_option_id = $acl_option_ids[$auth_option];
+
+			if (!$auth_option_id)
+			{
+				continue;
+			}
+
+			switch ($setting)
+			{
+				case ACL_UNSET:
+					if (isset($cur_auth[$forum][$auth_option_id]))
+					{
+						$sql_ary['delete'][] = "DELETE FROM $table 
+							WHERE forum_id = $forum
+								AND auth_option_id = $auth_option_id
+								AND $id_field = $ug_id";
+					}
+					break;
+
+				default:
+					if (!isset($cur_auth[$forum][$auth_option_id]))
+					{
+						$sql_ary['insert'][] = "$ug_id, $forum, $auth_option_id, $setting";
+					}
+					else if ($cur_auth[$forum][$auth_option_id] != $setting)
+					{
+						$sql_ary['update'][] = "UPDATE " . $table . " 
+							SET auth_setting = $setting 
+							WHERE $id_field = $ug_id 
+								AND forum_id = $forum 
+								AND auth_option_id = $auth_option_id";
+					}
+			}
+		}
+	}
+	unset($cur_auth);
+
+	$sql = '';
+	foreach ($sql_ary as $sql_type => $sql_subary)
+	{
+		switch ($sql_type)
+		{
+			case 'insert':
+				switch (SQL_LAYER)
+				{
+					case 'mysql':
+					case 'mysql4':
+						$sql = 'VALUES ' . implode(', ', preg_replace('#^(.*?)$#', '(\1)', $sql_subary));
+						break;
+
+					case 'mssql':
+					case 'sqlite':
+						$sql = implode(' UNION ALL ', preg_replace('#^(.*?)$#', 'SELECT \1', $sql_subary));
+						break;
+
+					default:
+						foreach ($sql_subary as $sql)
+						{
+							$sql = "INSERT INTO $table ($id_field, forum_id, auth_option_id, auth_setting) VALUES ($sql)";
+							$result = $db->sql_query($sql);
+							$sql = '';
+						}
+				}
+
+				if ($sql != '')
+				{
+					$sql = "INSERT INTO $table ($id_field, forum_id, auth_option_id, auth_setting) $sql";
+					$result = $db->sql_query($sql);
+				}
+				break;
+
+			case 'update':
+			case 'delete':
+				foreach ($sql_subary as $sql)
+				{
+					$result = $db->sql_query($sql);
+					$sql = '';
+				}
+				break;
+		}
+		unset($sql_ary[$sql_type]);
+	}
+	unset($sql_ary);
+
+}
+
+?>

phpBB/develop/benchmark.php

@@ -422,7 +422,7 @@ function make_user($username)
 	}
 
 
-	$sql = "INSERT INTO " . USERS_TABLE . "	(user_id, username, user_regdate, user_password, user_email, user_icq, user_website, user_occ, user_from, user_interests, user_sig, user_sig_bbcode_uid, user_avatar, user_viewemail, user_aim, user_yim, user_msnm, user_attachsig, user_allowsmile, user_allowhtml, user_allowbbcode, user_allow_viewonline, user_notify, user_notify_pm, user_timezone, user_dateformat, user_lang, user_style, user_level, user_allow_pm, user_active, user_actkey)
+	$sql = "INSERT INTO " . USERS_TABLE . "	(user_id, username, user_regdate, user_password, user_email, user_icq, user_website, user_occ, user_from, user_interests, user_sig, user_sig_bbcode_uid, user_avatar, user_viewemail, user_aim, user_yim, user_msnm, user_attachsig, user_allowsmilies, user_allowhtml, user_allowbbcode, user_allow_viewonline, user_notify, user_notify_pm, user_timezone, user_dateformat, user_lang, user_style, user_level, user_allow_pm, user_active, user_actkey)
 		VALUES ($new_user_id, '$username', " . time() . ", '$password', '$email', '$icq', '$website', '$occupation', '$location', '$interests', '$signature', '$signature_bbcode_uid', '$avatar_filename', $viewemail, '$aim', '$yim', '$msn', $attachsig, $allowsmilies, $allowhtml, $allowbbcode, $allowviewonline, $notifyreply, $notifypm, $user_timezone, '$user_dateformat', '$user_lang', $user_style, 0, 1, ";
 
 	

phpBB/develop/calc_email_hash.php

@@ -0,0 +1,76 @@
+<?php
+// -------------------------------------------------------------
+//
+// $Id$
+//
+// FILENAME  : calc_email_hash.php
+// STARTED   : Tue Feb 03, 2004
+// COPYRIGHT : <20> 2004 phpBB Group
+// WWW       : http://www.phpbb.com/
+// LICENCE   : GPL vs2.0 [ see /docs/COPYING ] 
+// 
+// -------------------------------------------------------------
+
+//
+// Security message:
+//
+// This script is potentially dangerous.
+// Remove or comment the next line (die(".... ) to enable this script.
+// Do NOT FORGET to either remove this script or disable it after you have used it.
+//
+die("Please read the first lines of this script for instructions on how to enable it");
+@set_time_limit(300);
+
+$db = $dbhost = $dbuser = $dbpasswd = $dbport = $dbname = '';
+
+define('IN_PHPBB', 1);
+define('ANONYMOUS', 1);
+$phpEx = substr(strrchr(__FILE__, '.'), 1);
+$phpbb_root_path='./../';
+include($phpbb_root_path . 'config.'.$phpEx);
+require($phpbb_root_path . 'includes/acm/acm_' . $acm_type . '.'.$phpEx);
+require($phpbb_root_path . 'includes/db/' . $dbms . '.'.$phpEx);
+include($phpbb_root_path . 'includes/functions.'.$phpEx);
+
+$cache		= new acm();
+$db			= new sql_db();
+
+// Connect to DB
+$db->sql_connect($dbhost, $dbuser, $dbpasswd, $dbname, $dbport, false);
+
+$start = 0;
+do
+{
+	// Batch query for group members, call group_user_del
+	$sql = "SELECT user_id, user_email 
+		FROM  {$table_prefix}users
+		LIMIT $start, 100";
+	$result = $db->sql_query($sql);
+
+	if ($row = $db->sql_fetchrow($result))
+	{
+		do
+		{
+			$sql = "UPDATE {$table_prefix}users 
+				SET user_email_hash = " . (crc32(strtolower($row['user_email'])) . strlen($row['user_email'])) . '
+				WHERE user_id = ' . $row['user_id'];
+			$db->sql_query($sql);
+
+			$start++;
+		}
+		while ($row = $db->sql_fetchrow($result));
+
+		echo "<br />Batch -> $start\n";
+		flush();
+	}
+	else
+	{
+		$start = 0;
+	}
+	$db->sql_freeresult($result);
+}
+while ($start);
+
+echo "<p><b>Done</b></p>\n";
+ 
+?>

phpBB/develop/change_smiley_ref.php

@@ -0,0 +1,62 @@
+<?php
+/***************************************************************************  
+ *                           merge_clean_posts.php  
+ *                            -------------------                         
+ *   begin                : Tuesday, February 25, 2003 
+ *   copyright            : (C) 2003 The phpBB Group        
+ *   email                : support@phpbb.com                           
+ *                                                          
+ *   $Id$
+ * 
+ ***************************************************************************/ 
+
+/***************************************************************************  
+ *                                                     
+ *   This program is free software; you can redistribute it and/or modify    
+ *   it under the terms of the GNU General Public License as published by   
+ *   the Free Software Foundation; either version 2 of the License, or  
+ *   (at your option) any later version.                      
+ * 
+ ***************************************************************************/ 
+
+//
+// Security message:
+//
+// This script is potentially dangerous.
+// Remove or comment the next line (die(".... ) to enable this script.
+// Do NOT FORGET to either remove this script or disable it after you have used it.
+//
+die("Please read the first lines of this script for instructions on how to enable it");
+
+@set_time_limit(2400);
+
+// This script adds missing permissions
+$db = $dbhost = $dbuser = $dbpasswd = $dbport = $dbname = '';
+
+define('IN_PHPBB', 1);
+define('ANONYMOUS', 1);
+$phpEx = substr(strrchr(__FILE__, '.'), 1);
+$phpbb_root_path='./../';
+include($phpbb_root_path . 'config.'.$phpEx);
+require($phpbb_root_path . 'includes/acm/acm_' . $acm_type . '.'.$phpEx);
+require($phpbb_root_path . 'includes/db/' . $dbms . '.'.$phpEx);
+include($phpbb_root_path . 'includes/functions.'.$phpEx);
+
+$cache		= new acm();
+$db			= new $sql_db();
+
+// Connect to DB
+$db->sql_connect($dbhost, $dbuser, $dbpasswd, $dbname, $dbport, false);
+
+$sql = "SELECT post_id, post_text FROM {$table_prefix}posts WHERE post_text LIKE '%{SMILE_PATH}%'";
+$result = $db->sql_query($sql);
+
+while ($row = $db->sql_fetchrow($result))
+{
+	$db->sql_query("UPDATE {$table_prefix}posts SET post_text = '" . $db->sql_escape(str_replace('{SMILE_PATH}', '{SMILIES_PATH}', $row['post_text'])) . "' WHERE post_id = " . $row['post_id']);
+}
+$db->sql_freeresult($result);
+
+echo "<p><b>Done</b></p>\n";
+ 
+?>

phpBB/develop/create_variable_overview.php

@@ -0,0 +1,547 @@
+<?php
+// -------------------------------------------------------------
+//
+// $Id$
+//
+// FILENAME  : create_variable_overview.php
+// STARTED   : Fri Aug 15 2003
+// COPYRIGHT : <20> 2003 phpBB Group
+// WWW       : http://www.phpbb.com/
+// LICENCE   : GPL vs2.0 [ see /docs/COPYING ] 
+// 
+// -------------------------------------------------------------
+
+/*
+	This script generates an index of some template vars and their use within the templates.
+	It writes down all language variables used by various templates.
+*/
+
+//
+// Security message:
+//
+// This script is potentially dangerous.
+// Remove or comment the next line (die(".... ) to enable this script.
+// Do NOT FORGET to either remove this script or disable it after you have used it.
+//
+die("Please read the first lines of this script for instructions on how to enable it");
+
+$directory = '../styles/subSilver/template/';
+$ext = 'html';
+$store_dir = '../store/';
+
+$phpfiles_directories = array('../', '../includes/', '../includes/acm/', '../includes/auth/', '../includes/mcp/', '../includes/ucp/');
+// Template Files beginning with this names are merged together
+$merge = array('gcp', 'login', 'mcp', 'memberlist', 'posting', 'ucp');
+
+if (!is_writable($store_dir))
+{
+	die("Directory $store_dir is not writeable!");
+}
+
+$contents = implode('', file('../adm/subSilver.css', filesize('../adm/subSilver.css')));
+$fp = fopen($store_dir . 'subSilver.css', 'w');
+fwrite($fp, $contents);
+fclose($fp);
+
+$html_skeleton = '
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html>
+<head>
+<link rel="stylesheet" href="subSilver.css" type="text/css">
+<style type="text/css">
+<!--
+th		{ background-image: url(\'cellpic3.gif\') }
+td.cat	{ background-image: url(\'cellpic1.gif\') }
+//-->
+</style>
+<title>{FILENAME}</title>
+</head>
+<body>
+
+<table width="100%" cellspacing="0" cellpadding="0" border="0">
+	<tr>
+		<td><img src="header_left.jpg" width="200" height="60" alt="phpBB Logo" title="phpBB Logo" border="0"/></td>
+		<td width="100%" background="header_bg.jpg" height="60" align="right" nowrap="nowrap"><span class="maintitle">File {FILENAME}</span> &nbsp; &nbsp; &nbsp;</td>
+	</tr>
+</table>
+
+<table width="95%" cellspacing="0" cellpadding="0" border="0" align="center">
+	<tr>
+		<td><br clear="all" />
+
+';
+$html_skeleton .= '<br><a href="./index.html" class="gen">Back to Contents</a><br><br>';
+$html_skeleton .= '<br><a href="#lang" class="gen">Language Variables</a> :: <a href="#includes" class="gen">Includes</a> :: <a href="#cond" class="gen">Conditionals</a><br><a href="#remain" class="gen">Remaining Vars</a> :: <a href="#usedby" class="gen">phpBB File Usage</a> :: <a href="#ref" class="gen">References</a>';
+$html_skeleton .= '<br><br><a name="lang"></a><b>Language Variables</b><br><br>{LANGUAGE_VARIABLES}';
+$html_skeleton .= '<br><br><a name="includes"></a><b>Included Files</b><br><br>{INCLUDES}';
+$html_skeleton .= '<br><br><a name="cond"></a><b>Used Conditionals</b><br><br>{CONDITIONALS}';
+$html_skeleton .= '<br><br><a name="remain"></a><b>Remaining Vars used</b><br><br>{REMAINING_VARS}';
+$html_skeleton .= '<br><br><a name="usedby"></a><b>This Template File is used by the following phpBB Files</b><br><br>{USED_BY}';
+$html_skeleton .= '<br><br><a name="ref"></a><b>References: </b>{SEE_FILES}';
+
+//$html_skeleton .= "</body>\n</html>\n";
+
+$html_skeleton .= '
+<br><br>
+<div class="copyright" align="center">Powered by phpBB 2.2 &copy; <a href="http://www.phpbb.com/" target="_phpbb" class="copyright">phpBB Group</a>, 2003</div>
+
+		<br clear="all" /></td>
+	</tr>
+</table>
+
+</body>
+</html>
+';
+
+// Open Language File
+include('../language/en/lang_main.php');
+include('../language/en/lang_admin.php');
+
+$files_to_parse = $php_files = array();
+
+$dhandler = opendir($directory);
+if (!$dhandler)
+{
+	die("Unable to open $directory");
+}
+
+$num = 0;
+while ($file = readdir($dhandler))
+{
+	if (is_file($directory . $file) && preg_match('#\.' . $ext . '$#i', $file))
+	{
+		$files_to_parse[$num]['filename'] = $directory . $file;
+		$files_to_parse[$num]['single_filename'] = $file;
+		$files_to_parse[$num]['destfile'] = str_replace(".{$ext}", '', $file) . '_' . $num . '.html';
+		$file_to_destfile[$file] = $files_to_parse[$num]['destfile'];
+		$num++;
+	}
+}
+closedir($dhandler);
+
+$num = 0;
+foreach ($phpfiles_directories as $directory)
+{
+	$dhandler = opendir($directory);
+	if (!$dhandler)
+	{
+		die("Unable to open $directory");
+	}
+
+	while ($file = readdir($dhandler))
+	{
+		if (is_file($directory . $file) && preg_match('#\.php$#i', $file))
+		{
+			$php_files[$num]['filename'] = $directory . $file;
+			$php_files[$num]['single_filename'] = $file;
+			$num++;
+		}
+	}
+	closedir($dhandler);
+}
+
+$php_files_includes = $lang_references = array();
+
+//$php_files_includes['viewtopic_attach_body.html'][0] = filename
+
+echo '<br>Parsing PHP Files';
+
+// Parse PHP Files and get our filenames
+foreach ($php_files as $file_num => $data)
+{
+	echo '.';
+	flush();
+	$contents = implode('', file($data['filename'], filesize($data['filename'])));
+
+	$html_files = array();
+	preg_match_all('#([a-zA-Z0-9\-_]*?)\.' . $ext . '#s', $contents, $html_files);
+	$html_files = array_unique($html_files[1]);
+
+	foreach ($html_files as $html_file)
+	{
+		$html_file = trim($html_file);
+		if ($html_file != '')
+		{
+			$php_files_includes[$html_file . '.' . $ext][] = $data['filename'];
+		}
+	}
+}
+
+echo '<br>Parsing HTML Files';
+foreach ($files_to_parse as $file_num => $data)
+{
+	echo '.';
+	flush();
+	$contents = implode('', file($data['filename'], filesize($data['filename'])));
+
+	// Language Variables -> [0]:tpl [1]:lang
+	$lang_vars = array();
+	preg_match_all('#{L_([a-z0-9\-_]*?)\}#is', $contents, $lang_vars);
+	$contents = preg_replace('#{L_([a-z0-9\-_]*?)\}#is', '', $contents);
+	$lang_vars[0] = array_unique($lang_vars[0]);
+	$lang_vars[1] = array_unique($lang_vars[1]);
+
+	// Includes
+	$includes = array();
+	preg_match_all('#<!-- INCLUDE ([a-zA-Z0-9\_\-\+\.]+?) -->#s', $contents, $includes);
+	$contents = preg_replace('#<!-- INCLUDE ([a-zA-Z0-9\_\-\+\.]+?) -->#', '', $contents);
+	$includes = $includes[1];
+	$includes = array_unique($includes);
+
+	// IF Conditions
+	$switches = array();
+	preg_match_all('#<!-- [IF]|[ELSEIF] ([a-zA-Z0-9\-_\.]+?) (.*?)?[ ]?-->#', $contents, $switches);
+	$contents = preg_replace('#<!-- [IF]|[ELSEIF] ([a-zA-Z0-9\-_]) (.*?)?[ ]?-->#s', '', $contents);
+	$switches[0] = array_unique($switches[1]); // No resorting please
+	$switches[1] = $switches[2];
+	unset($switches[2]);
+
+	// Remaining Vars
+	$remaining_vars = array();
+	preg_match_all('#{([a-z0-9\-_\.]*?)\}#is', $contents, $remaining_vars);
+	$contents = preg_replace('#{([a-z0-9\-_]*?)\}#is', '', $contents);
+	$remaining_vars = array_unique($remaining_vars[1]);
+	sort($remaining_vars, SORT_STRING);
+
+	// Now build the filename specific site
+	$fp = fopen($store_dir . $data['destfile'], 'w');
+	$html_data = $html_skeleton;
+
+	$html_data = str_replace('{FILENAME}', $data['single_filename'], $html_data);
+
+	// Write up the Language Variables
+	if (count($lang_vars[0]))
+	{
+		$lang_data = '<ul>';
+		for ($num = 0; $num <= count($lang_vars[0]); $num++)
+		{
+			$var = $lang_vars[0][$num];
+			if ($var != '')
+			{
+				$_var = str_replace(array('{', '}'), array('', ''), $var);
+				$lang_references[$_var][] = $data['single_filename'];
+				$lang_data .= '<li>' . $var . '<br>' . "\n" . ((isset($lang[$_var])) ? htmlspecialchars(str_replace("\\'", "'", $lang[$_var])) : '<span style="color:red">No Language Variable available</span>') . '<br></li><br>' . "\n";
+			}
+		}
+		$lang_data .= '</ul>';
+	}
+	else
+	{
+		$lang_data = '<b>NONE</b><br>' . "\n";
+	}
+
+	$html_data = str_replace('{LANGUAGE_VARIABLES}', $lang_data, $html_data);
+
+	// Write up the Includes
+	echo '.';
+	flush();
+	if (count($includes))
+	{
+		$includes_data = '<ul>';
+		$see_files = '';
+		for ($num = 0; $num <= count($includes); $num++)
+		{
+			$var = $includes[$num];
+			if ($var != '')
+			{
+				$includes_data .= '<li><a href="./' . $file_to_destfile[$var] . '" class="gen">' . $var . '</a></li><br>' . "\n";
+				$see_files .= ($see_files != '') ? ' :: ' : '';
+				$see_files .= '<a href="./' . $file_to_destfile[$var] . '" class="gen">' . $var . '</a>';
+			}
+		}
+		$includes_data .= '</ul>';
+	}
+	else
+	{
+		$includes_data = '<b>NONE</b><br>' . "\n";
+		$see_files = '<b>NONE</b>';
+	}
+
+	$html_data = str_replace('{INCLUDES}', $includes_data, $html_data);
+	$html_data = str_replace('{SEE_FILES}', $see_files, $html_data);
+
+	// Write up Conditionals
+	echo '.';
+	flush();
+	if (count($switches[0]))
+	{
+		$conditionals = '<ul>';
+		for ($num = 0; $num <= count($switches[0]); $num++)
+		{
+			$var = trim($switches[0][$num]);
+			if ($var != '')
+			{
+				if ($var == 'not')
+				{
+					$conditionals .= '<li>' . trim($switches[1][$num]) . '<br><b>Negation</b><br>' . "\n";
+					$block_var = explode('.', trim($switches[1][$num]));
+					unset($block_var[0]);
+				}
+				else
+				{
+					$conditionals .= '<li>' . $var . ((trim($switches[1][$num]) != '') ? '<br>' . "\n" . '<i>Compared with</i> -&gt; <b>' . trim($switches[1][$num]) . '</b>' : '') . '<br>' . "\n";
+					$block_var = explode('.', $var);
+					unset($block_var[count($block_var)-1]);
+				}
+
+				if (count($block_var))
+				{
+					for ($_num = count($block_var)-1; $_num >= 0; $_num--)
+					{
+						$conditionals .= ($_num == count($block_var)-1) ? '<i>Element of Block</i> -&gt; <b>' . $block_var[$_num] . '</b><br>' . "\n" : '<i>...which is an element of</i> -&gt; <b>' . $block_var[$_num] . '</b><br>' . "\n";
+					}
+				}
+				$conditionals .= '<br></li>' . "\n";
+			}
+		}
+		$conditionals .= '</ul>';
+	}
+	else
+	{
+		$conditionals = '<b>NONE</b><br>' . "\n";
+	}
+
+	$html_data = str_replace('{CONDITIONALS}', $conditionals, $html_data);
+
+	// Write up Remaining Vars
+	echo '.';
+	flush();
+	if (count($remaining_vars))
+	{
+		$remaining = '<ul>';
+		for ($num = 0; $num <= count($remaining_vars); $num++)
+		{
+			$var = trim($remaining_vars[$num]);
+			if ($var != '')
+			{
+				$remaining .= '<li>' . $var . '<br>' . "\n";
+				$block_var = explode('.', $var);
+				unset($block_var[count($block_var)-1]);
+
+				if (count($block_var))
+				{
+					for ($_num = count($block_var)-1; $_num >= 0; $_num--)
+					{
+						$remaining .= ($_num == count($block_var)-1) ? '<i>Element of Block</i> -&gt; <b>' . $block_var[$_num] . '</b><br>' . "\n" : '<i>...which is an element of</i> -&gt; <b>' . $block_var[$_num] . '</b><br>' . "\n";
+					}
+				}
+				$remaining .= '<br></li>' . "\n";
+			}
+		}
+		$remaining .= '</ul>';
+	}
+	else
+	{
+		$remaining = '<b>NONE</b><br>' . "\n";
+	}
+
+	$html_data = str_replace('{REMAINING_VARS}', $remaining, $html_data);
+
+	if (isset($php_files_includes[$data['single_filename']]) && count($php_files_includes[$data['single_filename']]))
+	{
+		$usedby = '<ul>';
+		foreach ($php_files_includes[$data['single_filename']] as $php_filename)
+		{
+			$usedby .= '<li>' . str_replace('../', '', $php_filename) . '</li>';
+		}
+		$usedby .= '</ul>';
+	}
+	else
+	{
+		$usedby = '<b>NONE</b><br>' . "\n";
+	}
+
+	$html_data = str_replace('{USED_BY}', $usedby, $html_data);
+
+	fwrite($fp, $html_data);
+	fclose($fp);
+}
+
+echo '<br>Store Files';
+
+$fp = fopen($store_dir . 'index.html', 'w');
+
+$html_data = '
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html>
+<head>
+<link rel="stylesheet" href="subSilver.css" type="text/css">
+<style type="text/css">
+<!--
+th		{ background-image: url(\'cellpic3.gif\') }
+td.cat	{ background-image: url(\'cellpic1.gif\') }
+//-->
+</style>
+<title>Contents</title>
+</head>
+<body>
+
+<table width="100%" cellspacing="0" cellpadding="0" border="0">
+	<tr>
+		<td><img src="header_left.jpg" width="200" height="60" alt="phpBB Logo" title="phpBB Logo" border="0"/></td>
+		<td width="100%" background="header_bg.jpg" height="60" align="right" nowrap="nowrap"><span class="maintitle">Available Template Files</span> &nbsp; &nbsp; &nbsp;</td>
+	</tr>
+</table>
+
+<table width="95%" cellspacing="0" cellpadding="0" border="0" align="center">
+	<tr>
+		<td><br clear="all" />
+<br>This Style Document is 100% auto-generated... no human interaction included. :D<br>
+<h2>phpBB 2.2 Template</h2>
+<br>
+<ol>
+';
+
+sort($files_to_parse);
+foreach ($files_to_parse as $file_num => $data)
+{
+	echo '.';
+	flush();
+	$var = $data['single_filename'];
+	$html_data .= '<li><a href="./' . $file_to_destfile[$var] . '" class="gen">' . $var . '</a></li><br>' . "\n";
+}
+
+$html_data .= '<br><li><a href="./lang_index.html" class="gen">Appendix A: Language Variable Index</a></li><br>';
+
+$html_data .= '
+</ol><br><br>
+<div class="copyright" align="center">Powered by phpBB 2.2 &copy; <a href="http://www.phpbb.com/" target="_phpbb" class="copyright">phpBB Group</a>, 2003</div>
+
+		<br clear="all" /></td>
+	</tr>
+</table>
+
+</body>
+</html>
+';
+
+fwrite($fp, $html_data);
+fclose($fp);
+
+// Not only write down all language files, place them into a specific array, named by the template file
+// All Language vars assigned to more than one template will be placed into a common file
+$entry = array();
+$common_fp = fopen($store_dir . 'lang_common.php', 'w');
+fwrite($common_fp, "<?php\n\n \$lang = array(\n");
+
+$fp = fopen($store_dir . 'lang_index.html', 'w');
+
+$html_data = '
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html>
+<head>
+<link rel="stylesheet" href="subSilver.css" type="text/css">
+<style type="text/css">
+<!--
+th		{ background-image: url(\'cellpic3.gif\') }
+td.cat	{ background-image: url(\'cellpic1.gif\') }
+//-->
+</style>
+<title>Appendix A :: Language Variable Index</title>
+</head>
+<body>
+
+<table width="100%" cellspacing="0" cellpadding="0" border="0">
+	<tr>
+		<td><img src="header_left.jpg" width="200" height="60" alt="phpBB Logo" title="phpBB Logo" border="0"/></td>
+		<td width="100%" background="header_bg.jpg" height="60" align="right" nowrap="nowrap"><span class="maintitle">Language Variable Index</span> &nbsp; &nbsp; &nbsp;</td>
+	</tr>
+</table>
+
+<table width="95%" cellspacing="0" cellpadding="0" border="0" align="center">
+	<tr>
+		<td><br clear="all" />
+<br><a href="./index.html" class="gen">Back to Contents</a><br><br>
+<br>
+';
+
+echo '<br>Write Language Files';
+
+asort($lang_references);
+ksort($lang_references);
+$_index = '';
+$old_char = '';
+foreach ($lang_references as $lang_var => $filenames)
+{
+	$var = preg_replace('#^L_(.*?)#', '\1', $lang_var);
+	$char = $var{0};
+	if ($old_char != $char)
+	{
+		$old_char = $char;
+		$_index .= ($_index != '') ? ' :: ' : '';
+		$_index .= '<a href="#' . $char . '" class="gen"><b>' . $char . '</b></a>';
+	}
+}
+
+$html_data .= $_index . '<br><br><br>';
+$old_char = '';
+foreach ($lang_references as $lang_var => $filenames)
+{
+	echo '.';
+	flush();
+	$var = preg_replace('#^L_(.*?)#', '\1', $lang_var);
+	$char = $var{0};
+	if ($old_char != $char)
+	{
+		$old_char = $char;
+		$html_data .= '<br><hr><br><a name="' . $char . '"></a><h2>Letter ' . $char . '</h2><br><br>';
+	}
+
+	$html_data .= '<b>' . $lang_var . '</b><ul>';
+
+	if (sizeof($filenames) != 1)
+	{
+		fwrite($common_fp, (($entry['common']) ? ",\n" : '') . "\t'$var' => '" . $lang[$var] . "'");
+		$entry['common'] = true;
+	}
+	else if (sizeof($filenames) == 1)
+	{
+		// Merge logical - hardcoded
+		$fname = (preg_match('#^(' . implode('|', $merge) . ')#', $filenames[0], $match)) ? $match[0] . '.php' : str_replace($ext, 'php', $filenames[0]);
+		
+		if (!$lang_fp[$fname])
+		{
+			$lang_fp[$fname] = fopen($store_dir . 'lang_' . $fname, 'w');
+			fwrite($lang_fp[$fname], "<?php\n\n\$lang = array(\n");
+			$entry[$fname] = false;
+		}
+		fwrite($lang_fp[$fname], (($entry[$fname]) ? ",\n" : '') . "\t'$var' => '" . $lang[$var] . "'");
+		$entry[$fname] = true;
+	}
+	
+	foreach ($filenames as $f_name)
+	{
+		$var = trim($f_name);
+		$html_data .= '<li><a href="./' . $file_to_destfile[$var] . '" class="gen">' . $var . '</a></li><br>' . "\n";
+	}
+	$html_data .= '</ul><br><br>';
+}
+
+fwrite($common_fp, ")\n);\n?>");
+fclose($common_fp);
+
+foreach ($lang_fp as $filepointer)
+{
+	fwrite($filepointer, ")\n);\n?>");
+	fclose($filepointer);
+}
+
+$html_data .= '
+<br><br>
+<div class="copyright" align="center">Powered by phpBB 2.2 &copy; <a href="http://www.phpbb.com/" target="_phpbb" class="copyright">phpBB Group</a>, 2003</div>
+
+		<br clear="all" /></td>
+	</tr>
+</table>
+
+</body>
+</html>
+';
+
+fwrite($fp, $html_data);
+fclose($fp);
+
+echo '<br>Finished!';
+flush();
+
+?>

phpBB/develop/fill.php

@@ -0,0 +1,176 @@
+<?php
+// -------------------------------------------------------------
+//
+// $Id$
+//
+// FILENAME  : fill.php
+// STARTED   : Mon Sep 15, 2003
+// COPYRIGHT : <20> 2001, 2003 phpBB Group
+// WWW       : http://www.phpbb.com/
+// LICENCE   : GPL vs2.0 [ see /docs/COPYING ]
+//
+// -------------------------------------------------------------
+
+define('IN_PHPBB', true);
+$phpbb_root_path = './';
+$phpEx = substr(strrchr(__FILE__, '.'), 1);
+include($phpbb_root_path . 'common.'.$phpEx);
+include($phpbb_root_path . 'includes/functions_admin.'.$phpEx);
+
+set_time_limit(0);
+header('Expires: 0');
+ignore_user_abort(true);
+
+// number of topics to create
+$num_topics = 5000000;
+
+// number of topics to be generated per call
+$batch_size = 100000;
+
+// max number of posts per topic
+$posts_per_topic = 500000;
+
+
+// general vars
+$mode = (isset($_REQUEST['mode'])) ? $_REQUEST['mode'] : 'generate';
+$start = (isset($_REQUEST['start'])) ? intval($_REQUEST['start']) : 0;
+
+switch ($mode)
+{
+	case 'generate':
+		$user_ids = $forum_ids = $topic_rows = array();
+
+		$sql = 'SELECT user_id FROM ' . USERS_TABLE;
+		$result = $db->sql_query($sql);
+		while ($row = $db->sql_fetchrow($result))
+		{
+			$user_ids[] = $row['user_id'];
+		}
+		$db->sql_freeresult($result);
+
+		$sql = 'SELECT forum_id FROM ' . FORUMS_TABLE . ' WHERE forum_type = ' . FORUM_POST;
+		$result = $db->sql_query($sql);
+		while ($row = $db->sql_fetchrow($result))
+		{
+			$forum_ids[$row['forum_id']] = $row['forum_id'];
+		}
+		$db->sql_freeresult($result);
+
+		if (!$start)
+		{
+			$db->sql_query('TRUNCATE TABLE ' . POSTS_TABLE);
+			$db->sql_query('TRUNCATE TABLE ' . TOPICS_TABLE);
+			$db->sql_query('TRUNCATE TABLE ' . TOPICS_TABLE . '_prefetch');
+		}
+
+		$db->sql_query('LOCK TABLES ' . POSTS_TABLE . ' WRITE, ' . TOPICS_TABLE . ' WRITE');
+
+		for ($topic_id = $start + 1; $topic_id < min($start + $batch_size, $num_topics + 1); ++$topic_id)
+		{
+			$forum_id = array_rand($forum_ids);
+
+			if (count($topic_rows) == 10)
+			{
+				$sql = 'INSERT IGNORE INTO ' . TOPICS_TABLE . " (topic_id, forum_id, topic_title, topic_reported)
+					VALUES " . implode(', ', $topic_rows);
+				$db->sql_query($sql);
+
+				$topic_rows = array();
+			}
+
+			$topic_rows[] = "($topic_id, $forum_id, '$forum_id-$topic_id', " . (($topic_id % 34) ? '0' : '1') . ')';
+
+			$sql = 'INSERT IGNORE INTO ' . POSTS_TABLE . ' (topic_id, forum_id, poster_id, post_subject, post_text, post_username, post_approved, post_time, post_reported)
+				VALUES ';
+
+			$rows = array();
+			$post_time = mt_rand(0, time());
+
+			$num_posts = mt_rand(1, $posts_per_topic);
+			for ($i = 0; $i < $num_posts; ++$i)
+			{
+				$poster_id = $user_ids[array_rand($user_ids)];
+				$poster_name = ($poster_id == ANONYMOUS) ? rndm_username() : '';
+				$rows[] = "($topic_id, $forum_id, $poster_id, '$forum_id-$topic_id-$i', '$forum_id-$topic_id-$i', '$poster_name', " . (mt_rand(0, 12) ? '1' : '0') . ', ' . ($post_time + $i * 60) . ', ' . (mt_rand(0, 32) ? '0' : '1') . ')';
+			}
+
+			$db->sql_query($sql . implode(', ', $rows));
+		}
+
+		if (count($topic_rows))
+		{
+			$sql = 'INSERT IGNORE INTO ' . TOPICS_TABLE . " (topic_id, forum_id, topic_title, topic_reported)
+				VALUES " . implode(', ', $topic_rows);
+			$db->sql_query($sql);
+		}
+
+		$db->sql_query('UNLOCK TABLES');
+
+		if ($topic_id >= $num_topics)
+		{
+			echo '<meta http-equiv="refresh" content="0; url=fill.' . $phpEx . '?mode=sync&amp;' . time() . '">And now for something completely different...';
+
+			$db->sql_query('ANALYZE TABLES ' . TOPICS_TABLE . ', ' . POSTS_TABLE);
+		}
+		else
+		{
+			echo '<meta http-equiv="refresh" content="0; url=fill.' . $phpEx . '?start=' . $topic_id . '&amp;' . time() . '">To the next page... (' . $topic_id . '/' . $num_topics . ')';
+		}
+	break;
+
+	case 'sync':
+		error_reporting(E_ALL);
+		$sync_all = TRUE;
+
+		if ($sync_all)
+		{
+			$s = explode(' ', microtime());
+			sync('topic', '', '', TRUE, FALSE);
+//			sync('forum');
+			$e = explode(' ', microtime());
+
+			echo '<pre><b>' . ($e[0] + $e[1] - $s[0] - $s[1]) . '</b></pre>';
+			echo '<a href="fill.' . $phpEx . '">Here we go again</a>';
+		}
+		else
+		{
+			$batch_size = $batch_size * 10;
+			$end = $start + $batch_size;
+
+			$s = explode(' ', microtime());
+			sync('topic', 'range', "topic_id BETWEEN $start AND $end", TRUE, FALSE);
+			$e = explode(' ', microtime());
+
+			echo '<pre>Time taken: <b>' . ($e[0] + $e[1] - $s[0] - $s[1]) . '</b></pre>';
+
+			if ($end < $num_topics)
+			{
+				$start += $batch_size;
+				echo '<meta http-equiv="refresh" content="0; url=fill.' . $phpEx . "?mode=sync&amp;start=$start&amp;" . time() . "\">And now for something completely different... ($start/$num_topics)";
+			}
+			else
+			{
+				echo '<a href="fill.' . $phpEx . '">Here we go again</a>';
+			}
+		}
+
+		if (isset($_GET['explain']))
+		{
+			trigger_error('Done');
+		}
+}
+
+function rndm_username()
+{
+	static $usernames;
+
+	if (!isset($usernames))
+	{
+		$usernames = get_defined_functions();
+		$usernames = $usernames['internal'];
+	}
+
+	return $usernames[array_rand($usernames)];
+}
+
+?>

phpBB/develop/fix_files.sh

@@ -7,18 +7,21 @@
 #
 # UPDATE: 7/31/2001: fix so that it doesn't touch things in the images directory
 #
+# UPDATE: 12/15/2003: Fix so that it doesn't touch any "non-text" files
+#
 
 find . > FILELIST.$$
 grep -sv FILELIST FILELIST.$$ > FILELIST2.$$
 grep -sv $(basename $0) FILELIST2.$$ > FILELIST.$$
 grep -sv "^\.$" FILELIST.$$ > FILELIST2.$$
-grep -sv "images" FILELIST2.$$ > FILELIST
+file -f FILELIST2.$$  |grep text | sed -e 's/^\([^\:]*\)\:.*$/\1/' > FILELIST
+file -f FILELIST2.$$  |grep -sv text | sed -e 's/^\([^\:]*\)\:.*$/Not Modifying file: \1/'
 rm FILELIST2.$$
 rm FILELIST.$$
 
 for i in $(cat FILELIST); do
 	if [ -f $i ]; then  	 
-  		sed -e s/
+		sed -e s/
 //g $i > $i.tmp
   		mv $i.tmp $i
 	fi	

phpBB/develop/merge_attachment_tables.php

@@ -0,0 +1,80 @@
+<?php
+// -------------------------------------------------------------
+//
+// $Id$
+//
+// FILENAME  : merge_attachment_tables.php
+// STARTED   : Tue Nov 04, 2003
+// COPYRIGHT : <20> 2001, 2003 phpBB Group
+// WWW       : http://www.phpbb.com/
+// LICENCE   : GPL vs2.0 [ see /docs/COPYING ] 
+// 
+// -------------------------------------------------------------
+
+//
+// Security message:
+//
+// This script is potentially dangerous.
+// Remove or comment the next line (die(".... ) to enable this script.
+// Do NOT FORGET to either remove this script or disable it after you have used it.
+//
+die("Please read the first lines of this script for instructions on how to enable it");
+
+$db = $dbhost = $dbuser = $dbpasswd = $dbport = $dbname = '';
+
+define('IN_PHPBB', 1);
+define('ANONYMOUS', 1);
+$phpEx = substr(strrchr(__FILE__, '.'), 1);
+$phpbb_root_path='./../';
+include($phpbb_root_path . 'config.'.$phpEx);
+require($phpbb_root_path . 'includes/acm/acm_' . $acm_type . '.'.$phpEx);
+require($phpbb_root_path . 'includes/db/' . $dbms . '.'.$phpEx);
+include($phpbb_root_path . 'includes/functions.'.$phpEx);
+
+$cache		= new acm();
+$db			= new sql_db();
+
+// Connect to DB
+$db->sql_connect($dbhost, $dbuser, $dbpasswd, $dbname, $dbport, false);
+
+// Rename the attachments table... 
+$sql = "RENAME TABLE {$table_prefix}attachments TO {$table_prefix}attach_temp";
+$db->sql_query($sql);
+
+$sql = "CREATE TABLE {$table_prefix}attachments 
+	SELECT d.*, a.post_id, a.user_id_from as poster_id, p.topic_id
+		FROM {$table_prefix}attach_desc d, {$table_prefix}attach_temp a, {$table_prefix}posts p
+		WHERE a.attach_id = d.attach_id
+			AND a.post_id = p.post_id";
+$db->sql_query($sql);
+
+switch (SQL_LAYER)
+{
+	case 'mysql':
+	case 'mysql4':
+		$sql = 'ALTER TABLE ' . $table_prefix . 'attachments 
+			ADD PRIMARY KEY (attach_id), 
+			ADD INDEX filetime (filetime),
+			ADD INDEX post_id (post_id),
+			ADD INDEX poster_id (poster_id),
+			ADD INDEX physical_filename (physical_filename(10)),
+			ADD INDEX filesize (filesize),
+			ADD INDEX topic_id (topic_id),
+			MODIFY COLUMN attach_id mediumint(8) UNSIGNED NOT NULL auto_increment';
+		break;
+
+	case 'mssql':
+	case 'mssql-odbc':
+	case 'msaccess':
+		break;
+
+	case 'postgresql':
+		break;
+}
+$db->sql_query($sql);
+
+//$db->sql_query("DROP TABLE {$table_prefix}attach_temp");
+
+echo "<p><b>Done</b></p>\n";
+ 
+?>

phpBB/docs/AUTHORS

@@ -16,11 +16,7 @@ phpBB Developers      : Ashe (Ludovic Arnaud)
 phpBB Group           : theFinn (James Atkinson)
                         psoTFX (Paul S. Owen)
                         BartVB (Bart Van Bragt)
-                        AbelaJohnB (John Abela)
                         ffeingol (Frank Feingold)
-                        dougk_f77 (Doug Kelly)
-                        nathan (Nathan Codding)
-                        The_Systech (Jonathan Haase)
 
 Original subSilver by subBlue Design, Tom Beddard, <20> 2001 phpBB Group
 
@@ -32,3 +28,6 @@ Smarty
 GPL licenced:
 phpMyAdmin <20> 2001,2003 phpMyAdmin Devel team, http://www.phpmyadmin.net/ 
 Jabber class <20> 2003 Carlo Zottmann, http://phpjabber.g-blog.net
+
+PHP License, version 3.0:
+Pear <20> 2001-2004 PHP Group, http://pear.php.net

phpBB/docs/coding-guidelines.txt

@@ -1,26 +0,0 @@
-CODING GUIDELINES : Initials by psoTFX (July 2001)
------------------
-
-* The coding style is defined in the codingstandards.html file, all attempts should be made to follow it as closely as possible
-
-* All SQL should be cross-DB compatible, if DB specific SQL is used alternatives must be provided which work on all supported DB's (MySQL, MSSQL (7.0 and 2000), PostgreSQL (7.0+), Oracle8, ODBC (generalised if possible, otherwise MS Access, DB2))
-
-* All SQL commands should utilise the DataBase Abstraction Layer (DBAL)
-
-* All URL's (and form actions) _must_ be wrapped in append_sid, this ensures the session_id is propagated when cookies aren't available
-
-* The minimum amount of data should be passed via GET or POST, checking should occur within individual scripts (to prevent spoofing of information)
-
-* The auth function should be used for all authorisation checking
-
-* Sessions should be initiated on each page, as near the top as possible using the session_pagestart function (userdata should be obtained by calling the init_userprefs immediately after session initialisation)
-
-* Login checks should be forwarded to the login page (supplying a page to forward onto once check is complete if required)
-
-* All template variables should be named appropriately (using underscores for spaces), language entries should be prefixed with L_, system data with S_, urls with U_, all other variables should be presented 'as is'.
-
-* Functions used by more than page should be placed in functions.php, functions specific to one page should be placed on that page (at the top to maintain compatibility with PHP3) surrounded by comments indicating the start and end of the function block
-
-* All messages/errors should be output by the message_die function using the appropriate message type (see function for details)
-
-* No attempt should be made to remove any copyright information (either contained within the source or displayed interactively when the source is run/compiled), neither should the copyright information be altered in any way (it may be added to)

phpBB/docs/codingstandards.htm

@@ -1,327 +0,0 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
-<!-- saved from url=(0044) -->
-<HTML><HEAD><TITLE>phpBB Coding Standard Guidelines</TITLE>
-<META content="text/html; charset=windows-1252" http-equiv=Content-Type>
-<META content="MSHTML 5.00.2920.0" name=GENERATOR></HEAD>
-<BODY aLink=#cccccc bgColor=#ffffff link=#0000ff text=#000000 
-vLink=#0000ff><FONT face=verdana,arial,tahoma size=-1><A name=top></A>
-<H2>phpBB Coding Standard Guidelines</H2>Comments or suggestions? email <A 
-href="mailto:nate@phpbb.com">nate@phpbb.com</A><BR><BR><A 
-href="#editor">Editor 
-Settings</A><BR><A 
-href="#naming">Naming 
-Conventions</A><BR><A 
-href="#layout">Code Layout</A><BR><A 
-href="#general">General 
-Guidelines</A><BR><BR><BR><A name=editor></A><A 
-href="#top">top</A> 
-<H3>Editor Settings</H3>
-<P><B>Tabs vs Spaces:</B> In order to make this as simple as possible, we will 
-be using tabs, not spaces. Feel free to set how many spaces your editor uses 
-when it <B>displays</B> tabs, but make sure that when you <B>save</B> the file, 
-it's saving tabs and not spaces. This way, we can each have the code be 
-displayed the way we like it, without breaking the layout of the actual files. 
-</P>
-<P><B>Linefeeds:</B> Ensure that your editor is saving files in the UNIX format. 
-This means lines are terminated with a newline, not with a CR/LF combo as they 
-are on Win32, or whatever the Mac uses. Any decent Win32 editor should be able 
-to do this, but it might not always be the default. Know your editor. If you 
-want advice on Windows text editors, just ask one of the developers. Some of 
-them do their editing on Win32. </P><BR><BR><A name=naming></A><A 
-href="#top">top</A> 
-<H3>Naming Conventions</H3>
-<P>We will not be using any form of hungarian notation in our naming 
-conventions. Many of us believe that hungarian naming is one of the primary code 
-obfuscation techniques currently in use. </P>
-<P><B>Variable Names:</B> Variable names should be in all lowercase, with words 
-separated by an underscore. <BR><BR>&nbsp;&nbsp;&nbsp;&nbsp;Example: <CODE><FONT 
-size=+1>$current_user</FONT></CODE> is right, but <CODE><FONT 
-size=+1>$currentuser</FONT></CODE> and <CODE><FONT 
-size=+1>$currentUser</FONT></CODE> are not. <BR><BR>Names should be descriptive, 
-but concise. We don't want huge sentences as our variable names, but typing an 
-extra couple of characters is always better than wondering what exactly a 
-certain variable is for. </P>
-<P><B>Loop Indices:</B> The <I>only</I> situation where a one-character variable 
-name is allowed is when it's the index for some looping construct. In this case, 
-the index of the outer loop should always be $i. If there's a loop inside that 
-loop, its index should be $j, followed by $k, and so on. If the loop is being 
-indexed by some already-existing variable with a meaningful name, this guideline 
-does not apply. <BR><BR>&nbsp;&nbsp;&nbsp;&nbsp;Example: <PRE><FONT size=+1>
-		for ($i = 0; $i &lt; $outer_size; $i++) 
-		{
-		   for ($j = 0; $j &lt; $inner_size; $j++) 
-		   {
-		      foo($i, $j);
-		   }
-		} </FONT></PRE>
-<P></P>
-<P><B>Function Names:</B> Functions should also be named descriptively. We're 
-not programming in C here, we don't want to write functions called things like 
-"stristr()". Again, all lower-case names with words separated by a single 
-underscore character. Function names should preferably have a verb in them 
-somewhere. Good function names are <CODE><FONT 
-size=+1>print_login_status()</FONT></CODE>, <CODE><FONT 
-size=+1>get_user_data()</FONT></CODE>, etc.. </P>
-<P><B>Function Arguments:</B> Arguments are subject to the same guidelines as 
-variable names. We don't want a bunch of functions like: <CODE><FONT 
-size=+1>do_stuff($a, $b, $c)</FONT></CODE>. In most cases, we'd like to be able 
-to tell how to use a function by just looking at its declaration. </P>
-<P><B>Summary:</B> The basic philosophy here is to not hurt code clarity for the 
-sake of laziness. This has to be balanced by a little bit of common sense, 
-though; <CODE><FONT size=+1>print_login_status_for_a_given_user()</FONT></CODE> 
-goes too far, for example -- that function would be better named <CODE><FONT 
-size=+1>print_user_login_status()</FONT></CODE> , or just <CODE><FONT 
-size=+1>print_login_status()</FONT></CODE>. </P><BR><BR><A name=layout></A><A 
-href="#top">top</A> 
-<H3>Code Layout</H3>
-<P><B>Standard header for new files:</B> Here a template of the header that must 
-be included at the start of all phpBB files: <PRE><FONT size=+1>
-		/***************************************************************************
-		                                filename.php
-		                             -------------------
-		    begin                : Sat June 17 2000
-		    copyright            : (C) 2000 The phpBB Group
-		    email                : support@phpBB.com
-		
-		    $Id$
-		
-		 ***************************************************************************/
-		
-		/***************************************************************************
-		 *                                         				                                
-		 *   This program is free software; you can redistribute it and/or modify  	
-		 *   it under the terms of the GNU General Public License as published by  
-		 *   the Free Software Foundation; either version 2 of the License, or	    	
-		 *   (at your option) any later version.
-		 *
-		 ***************************************************************************/
-	</FONT></PRE>
-<P></P>
-<P><B>Always include the braces:</B> This is another case of being too lazy to 
-type 2 extra characters causing problems with code clarity. Even if the body of 
-some construct is only one line long, do <I>not</I> drop the braces. Just don't. 
-<BR><BR>&nbsp;&nbsp;&nbsp;Examples:<PRE><FONT size=+1>
-		/* These are all wrong. */
-		if (condition)	do_stuff();
-		if (condition)
-			do_stuff();
-		while (condition) 
-			do_stuff();
-		for ($i = 0; $i &lt; size; $i++)
-			do_stuff($i);
-		
-		/* These are right. */
-		if (condition) 
-		{
-			do_stuff();
-		}
-		while (condition) 
-		{
-			do_stuff();
-		}
-		for ($i = 0; $i &lt; size; $i++) 
-		{
-			do_stuff();
-		}
-	</FONT></PRE>
-<P></P>
-<P><B>Where to put the braces:</B> This one is a bit of a holy war, but we're 
-going to use a style that can be summed up in one sentence: Braces always go on 
-their own line. The closing brace should also always be at the same column as 
-the corresponding opening brace. <BR><BR>&nbsp;&nbsp;&nbsp;Examples:<PRE><FONT size=+1>
-		if (condition) 
-		{
-			while (condition2)
-			{
-				...
-			}
-		}
-		else 
-		{
-			...
-		}
-
-		for ($i = 0; $i &lt; $size; $i++) 
-		{
-			...
-		}
-		
-		while (condition) 
-		{
-			...
-		}
-		
-		function do_stuff() 
-		{
-			...
-		}
-	</FONT></PRE>
-<P></P>
-<P><B>Use spaces between tokens:</B> This is another simple, easy step that 
-helps keep code readable without much effort. Whenever you write an assignment, 
-expression, etc.. Always leave <I>one</I> space between the tokens. Basically, 
-write code as if it was English. Put spaces between variable names and 
-operators. Don't put spaces just after an opening bracket or before a closing 
-bracket. Don't put spaces just before a comma or a semicolon. This is best shown 
-with a few examples. <BR><BR>&nbsp;&nbsp;&nbsp;Examples:<PRE><FONT size=+1>
-		/* Each pair shows the wrong way followed by the right way. */
-		
-		$i=0;
-		$i = 0;
-		
-		if($i&lt;7) ...
-		if ($i &lt; 7) ...
-		
-		if ( ($i &lt; 7)&amp;&amp;($j &gt; 8) ) ...
-		if (($i &lt; 7) &amp;&amp; ($j &gt; 8)) ...
-		
-		do_stuff( $i, "foo", $b );
-		do_stuff($i, "foo", $b);
-		
-		for($i=0; $i&lt;$size; $i++) ...
-		for($i = 0; $i &lt; $size; $i++) ... 
-		
-		$i=($j &lt; $size)?0:1;
-		$i = ($j &lt; $size) ? 0 : 1;
-	</FONT></PRE>
-<P></P>
-<P><B>Operator precedence:</B> Do you know the exact precedence of all the 
-operators in PHP? Neither do I. Don't guess. Always make it obvious by using 
-brackets to force the precedence of an equation so you know what it does. 
-<BR><BR>&nbsp;&nbsp;&nbsp;Examples:<PRE><FONT size=+1>
-		/* what's the result? who knows. */
-		$bool = ($i &lt; 7 &amp;&amp; $j &gt; 8 || $k == 4);
-		
-		/* now you can be certain what I'm doing here. */
-		$bool = (($i &lt; 7) &amp;&amp; (($j &lt; 8) || ($k == 4)))
-		</FONT></PRE>
-<P></P>
-<P><B>SQL code layout:</B> Since we'll all be using different editor settings, 
-don't try to do anything complex like aligning columns in SQL code. Do, however, 
-break statements onto their own lines. Here's a sample of how SQL code should 
-look. Note where the lines break, the capitalization, and the use of brackets. 
-<BR><BR>&nbsp;&nbsp;&nbsp;Examples:<PRE><FONT size=+1>
-		SELECT field1 AS something, field2, field3
-		FROM table a, table b
-		WHERE (this = that) AND (this2 = that2)
-		</FONT></PRE>
-<P></P>
-<P><B>SQL insert statements:</B> SQL INSERT statements can be written in two 
-different ways. Either you specify explicitly the columns being inserted, or
-you rely on knowing the order of the columns in the database and do not
-specify them. We want to use the former approach, where it is explicitly
-stated whcih columns are being inserted. This means our application-level code
-will not depend on the order of the fields in the database, and will not be broken
-if we add additional fields (unless they're specified as NOT NULL, of course).
-<BR><BR>&nbsp;&nbsp;&nbsp;Examples:<PRE><FONT size=+1>
-		# This is not what we want.
-		INSERT INTO mytable
-		VALUES ('something', 1, 'else')
-		
-		# This is correct.
-		INSERT INTO mytable (column1, column2, column3)
-		VALUES ('something', 1, 'else')
-		</FONT></PRE>		
-<P></P><BR><BR><A name=general></A><A 
-href="#top">top</A> 
-<H3>General Guidelines</H3>
-<P><B>Quoting strings:</B> There are two different ways to quote strings in PHP 
-- either with single quotes or with double quotes. The main difference is that 
-the parser does variable interpolation in double-quoted strings, but not in 
-single quoted strings. Because of this, you should <I>always</I> use single 
-quotes <I>unless</I> you specifically need variable interpolation to be done on 
-that string. This way, we can save the parser the trouble of parsing a bunch of 
-strings where no interpolation needs to be done. Also, if you are using a string 
-variable as part of a function call, you do not need to enclose that variable in 
-quotes. Again, this will just make unnecessary work for the parser. Note, 
-however, that nearly all of the escape sequences that exist for double-quoted 
-strings will not work with single-quoted strings. Be careful, and feel free to 
-break this guideline if it's making your code harder to read. 
-<BR><BR>&nbsp;&nbsp;&nbsp;Examples:<PRE><FONT size=+1>
-		/* wrong */
-		$str = "This is a really long string with no variables for the parser to find.";
-		do_stuff("$str");
-		
-		/* right */
-		$str = 'This is a really long string with no variables for the parser to find.';
-		do_stuff($str);
-		</FONT></PRE>
-<P></P>
-<P><B>Associative array keys:</B> In PHP, it's legal to use a literal string as 
-a key to an associative array without quoting that string. We don't want to do 
-this -- the string should always be quoted to avoid confusion. Note that this is 
-only when we're using a literal, not when we're using a variable. 
-<BR><BR>&nbsp;&nbsp;&nbsp;Examples:<PRE><FONT size=+1>
-		/* wrong */
-		$foo = $assoc_array[blah];
-		
-		/* right */
-		$foo = $assoc_array['blah'];
-		</FONT></PRE>
-<P></P>
-<P><B>Comments:</B> Each function should be preceded by a comment that tells a 
-programmer everything they need to know to use that function. The meaning of 
-every parameter, the expected input, and the output are required as a minimal 
-comment. The function's behaviour in error conditions (and what those error 
-conditions are) should also be present. Nobody should have to look at the actual 
-source of a function in order to be able to call it with confidence in their own 
-code. <BR><BR>In addition, commenting any tricky, obscure, or otherwise 
-not-immediately-obvious code is clearly something we should be doing. Especially 
-important to document are any assumptions your code makes, or preconditions for 
-its proper operation. Any one of the developers should be able to look at any 
-part of the application and figure out what's going on in a reasonable amount of 
-time. </P>
-<P><B>Magic numbers:</B> Don't use them. Use named constants for any literal 
-value other than obvious special cases. Basically, it's OK to check if an array 
-has 0 elements by using the literal 0. It's not OK to assign some special 
-meaning to a number and then use it everywhere as a literal. This hurts 
-readability AND maintainability. Included in this guideline is that we should be 
-using the constants TRUE and FALSE in place of the literals 1 and 0 -- even 
-though they have the same values, it's more obvious what the actual logic is 
-when you use the named constants. </P>
-<P><B>Shortcut operators:</B> The only shortcut operators that cause readability 
-problems are the shortcut increment ($i++) and decrement ($j--) operators. These 
-operators should not be used as part of an expression. They can, however, be 
-used on their own line. Using them in expressions is just not worth the 
-headaches when debugging. <BR><BR>&nbsp;&nbsp;&nbsp;Examples:<PRE><FONT size=+1>
-		/* wrong */
-		$array[++$i] = $j;
-		$array[$i++] = $k;
-		
-		
-		/* right */
-		$i++;
-		$array[$i] = $j;
-		
-		$array[$i] = $k;
-		$i++;
-		</FONT></PRE>
-<P></P>
-<P><B>Inline conditionals:</B> Inline conditionals should only be used to do 
-very simple things. Preferably, they will only be used to do assignments, and 
-not for function calls or anything complex at all. They can be harmful to 
-readability if used incorrectly, so don't fall in love with saving typing by 
-using them. <BR><BR>&nbsp;&nbsp;&nbsp;Examples:<PRE><FONT size=+1>
-		/* Bad place to use them */
-		(($i &lt; $size) &amp;&amp; ($j &gt; $size)) ? do_stuff($foo) : do_stuff($bar);
-		
-		
-		/* OK place to use them */
-		$min = ($i &lt; $j) ? $i : $j;
-		</FONT></PRE>
-<P></P>
-<P><B>Don't use uninitialized variables.</B> for phpBB 2, we intend to use a 
-higher level of run-time error reporting. This will mean that the use of an 
-uninitialized variable will be reported as an error. This will come up most 
-often when checking which HTML form variables were passed. These errors can be 
-avoided by using the built-in isset() function to check whether a variable has 
-been set. <BR><BR>&nbsp;&nbsp;&nbsp;Examples:<PRE><FONT size=+1>
-		/* Old way */
-		if ($forum) ...
-		
-		
-		/* New way */
-		if (isset($forum)) ...
-		</FONT></PRE>
-<P></P><BR><BR><A href="#top">Return 
-to top</A> </FONT></BODY></HTML>

phpBB/download.php

@@ -1,96 +1,197 @@
 <?php
-/***************************************************************************
- *                           download.php
- *                            -------------------
- *   begin                : Thu, Apr 10, 2003
- *   copyright            : (C) 2003 The phpBB Group
- *   email                : support@phpbb.com
- *
- *   $Id$
- *
- ***************************************************************************/
+/** 
+*
+* @package phpBB3
+* @version $Id$
+* @copyright (c) 2005 phpBB Group 
+* @license http://opensource.org/licenses/gpl-license.php GNU Public License 
+*
+*/
 
-/***************************************************************************
- *
- *   This program is free software; you can redistribute it and/or modify
- *   it under the terms of the GNU General Public License as published by
- *   the Free Software Foundation; either version 2 of the License, or
- *   (at your option) any later version.
- *
- ***************************************************************************/
+/**
+*/
+define('IN_PHPBB', true);
+$phpbb_root_path = './';
+$phpEx = substr(strrchr(__FILE__, '.'), 1);
+include($phpbb_root_path . 'common.'.$phpEx);
 
+$download_id = request_var('id', 0);
 
-if ( defined('IN_PHPBB') )
+// Thumbnails are not handled by this file by default - but for modders this should be interesting. ;)
+$thumbnail = request_var('t', false);
+
+// Start session management
+$user->session_begin();
+$auth->acl($user->data);
+$user->setup('viewtopic');
+
+if (!$download_id)
 {
-	die('Hacking attempt');
+	trigger_error('NO_ATTACHMENT_SELECTED');
+}
+
+if (!$config['allow_attachments'] && !$config['allow_pm_attach'])
+{
+	trigger_error('ATTACHMENT_FUNCTIONALITY_DISABLED');
+}
+
+$sql = 'SELECT attach_id, in_message, post_msg_id, extension
+	FROM ' . ATTACHMENTS_TABLE . "
+	WHERE attach_id = $download_id";
+$result = $db->sql_query_limit($sql, 1);
+
+if (!($attachment = $db->sql_fetchrow($result)))
+{
+	trigger_error('ERROR_NO_ATTACHMENT');
+}
+$db->sql_freeresult($result);
+
+if ((!$attachment['in_message'] && !$config['allow_attachments']) || ($attachment['in_message'] && !$config['allow_pm_attach']))
+{
+	trigger_error('ATTACHMENT_FUNCTIONALITY_DISABLED');
+}
+
+$row = array();
+if (!$attachment['in_message'])
+{
+	// 
+	$sql = 'SELECT p.forum_id, f.forum_password, f.parent_id
+		FROM ' . POSTS_TABLE . ' p, ' . FORUMS_TABLE . ' f
+		WHERE p.post_id = ' . $attachment['post_msg_id'] . '
+			AND p.forum_id = f.forum_id';
+	$result = $db->sql_query_limit($sql, 1);
+	$row = $db->sql_fetchrow($result);
+	$db->sql_freeresult($result);
+
+	if ($auth->acl_gets('f_download', 'u_download', $row['forum_id']))
+	{
+		if ($row['forum_password'])
+		{
+			// Do something else ... ?
+			login_forum_box($row);
+		}
+	}
+	else
+	{
+		trigger_error('SORRY_AUTH_VIEW_ATTACH');
+	}
+}
+else
+{
+	$row['forum_id'] = 0;
+	if (!$auth->acl_get('u_pm_download') || !$config['auth_download_pm'])
+	{
+		trigger_error('SORRY_AUTH_VIEW_ATTACH');
+	}
+}
+
+// disallowed ?
+$extensions = array();
+if (!extension_allowed($row['forum_id'], $attachment['extension'], $extensions))
+{
+	trigger_error(sprintf($user->lang['EXTENSION_DISABLED_AFTER_POSTING'], $attachment['extension']));
+}
+
+if (!download_allowed())
+{
+	trigger_error($user->lang['LINKAGE_FORBIDDEN']);
+}
+
+$download_mode = (int) $extensions[$attachment['extension']]['download_mode'];
+
+// Fetching filename here to prevent sniffing of filename
+$sql = 'SELECT attach_id, in_message, post_msg_id, extension, physical_filename, real_filename, mimetype
+	FROM ' . ATTACHMENTS_TABLE . "
+	WHERE attach_id = $download_id";
+$result = $db->sql_query_limit($sql, 1);
+
+if (!($attachment = $db->sql_fetchrow($result)))
+{
+	trigger_error('ERROR_NO_ATTACHMENT');
+}
+$db->sql_freeresult($result);
+
+$attachment['physical_filename'] = basename($attachment['physical_filename']);
+
+if ($thumbnail)
+{
+	$attachment['physical_filename'] = 'thumb_' . $attachment['physical_filename'];
+}
+else
+{
+	// Update download count
+	$sql = 'UPDATE ' . ATTACHMENTS_TABLE . ' 
+		SET download_count = download_count + 1 
+		WHERE attach_id = ' . $attachment['attach_id'];
+	$db->sql_query($sql);
+}
+
+// Determine the 'presenting'-method
+if ($download_mode == PHYSICAL_LINK)
+{
+	if (!@is_dir($phpbb_root_path . $config['upload_path']))
+	{
+		trigger_error($user->lang['PHYSICAL_DOWNLOAD_NOT_POSSIBLE']);
+	}
+
+	redirect($phpbb_root_path . $config['upload_path'] . '/' . $attachment['physical_filename']);
+}
+else
+{
+	send_file_to_browser($attachment, $config['upload_path'], $extensions[$attachment['extension']]['display_cat']);
 	exit;
 }
 
-define('IN_PHPBB', true);
-$phpbb_root_path = './';
-include($phpbb_root_path . 'extension.inc');
-include($phpbb_root_path . 'common.'.$phpEx);
-
-$download_id = (isset($_REQUEST['id'])) ? intval($_REQUEST['id']) : FALSE;
-$thumbnail = (isset($_REQUEST['thumb'])) ? intval($_REQUEST['thumb']) : FALSE;
 
+/**
+* Send file to browser
+*/
 function send_file_to_browser($attachment, $upload_dir, $category)
 {
-	global $_SERVER, $HTTP_USER_AGENT, $HTTP_SERVER_VARS, $user, $db, $config;
+	global $user, $db, $config, $phpbb_root_path;
 
-	$filename = ($upload_dir == '') ? $attachment['physical_filename'] : $upload_dir . '/' . $attachment['physical_filename'];
+	$filename = $phpbb_root_path . $upload_dir . '/' . $attachment['physical_filename'];
 
-	if (!file_exists($filename))
+	if (!@file_exists($filename))
 	{
 		trigger_error($user->lang['ERROR_NO_ATTACHMENT'] . '<br /><br />' . sprintf($user->lang['FILE_NOT_FOUND_404'], $filename));
 	}
 
 	// Determine the Browser the User is using, because of some nasty incompatibilities.
 	// borrowed from phpMyAdmin. :)
-	if (!empty($_SERVER['HTTP_USER_AGENT'])) 
-	{
-		$HTTP_USER_AGENT = $_SERVER['HTTP_USER_AGENT'];
-	} 
-	else if (!empty($HTTP_SERVER_VARS['HTTP_USER_AGENT'])) 
-	{
-		$HTTP_USER_AGENT = $HTTP_SERVER_VARS['HTTP_USER_AGENT'];
-	}
-	else if (!isset($HTTP_USER_AGENT))
-	{
-		$HTTP_USER_AGENT = '';
-	}
+	$user_agent = (!empty($_SERVER['HTTP_USER_AGENT'])) ? $_SERVER['HTTP_USER_AGENT'] : '';
 
-	if (ereg('Opera(/| )([0-9].[0-9]{1,2})', $HTTP_USER_AGENT, $log_version)) 
+	if (ereg('Opera(/| )([0-9].[0-9]{1,2})', $user_agent, $log_version))
 	{
 		$browser_version = $log_version[2];
 		$browser_agent = 'opera';
-	} 
-	else if (ereg('MSIE ([0-9].[0-9]{1,2})', $HTTP_USER_AGENT, $log_version)) 
+	}
+	else if (ereg('MSIE ([0-9].[0-9]{1,2})', $user_agent, $log_version))
 	{
 		$browser_version = $log_version[1];
 		$browser_agent = 'ie';
-	} 
-	else if (ereg('OmniWeb/([0-9].[0-9]{1,2})', $HTTP_USER_AGENT, $log_version)) 
+	}
+	else if (ereg('OmniWeb/([0-9].[0-9]{1,2})', $user_agent, $log_version))
 	{
 		$browser_version = $log_version[1];
 		$browser_agent = 'omniweb';
-	} 
-	else if (ereg('Netscape([0-9]{1})', $HTTP_USER_AGENT, $log_version)) 
+	}
+	else if (ereg('(Konqueror/)(.*)(;)', $user_agent, $log_version))
 	{
-		$browser_version = $log_version[1];
-		$browser_agent = 'netscape';
-	} 
-	else if (ereg('Mozilla/([0-9].[0-9]{1,2})', $HTTP_USER_AGENT, $log_version)) 
+		$browser_version = $log_version[2];
+		$browser_agent = 'konqueror';
+	}
+	else if (ereg('Mozilla/([0-9].[0-9]{1,2})', $user_agent, $log_version) && ereg('Safari/([0-9]*)', $user_agent, $log_version2))
+	{
+		$browser_version = $log_version[1] . '.' . $log_version2[1];
+		$browser_agent = 'safari';
+	}
+	else if (ereg('Mozilla/([0-9].[0-9]{1,2})', $user_agent, $log_version))
 	{
 		$browser_version = $log_version[1];
 		$browser_agent = 'mozilla';
-	} 
-	else if (ereg('Konqueror/([0-9].[0-9]{1,2})', $HTTP_USER_AGENT, $log_version)) 
-	{
-		$browser_version = $log_version[1];
-		$browser_agent = 'konqueror';
-	} 
-	else 
+	}
+	else
 	{
 		$browser_version = 0;
 		$browser_agent = 'other';
@@ -98,16 +199,18 @@ function send_file_to_browser($attachment, $upload_dir, $category)
 
 	// Correct the mime type - we force application/octetstream for all files, except images
 	// Please do not change this, it is a security precaution
-	if ($category == NONE_CAT && !strstr($attachment['mimetype'], 'image'))
+	if ($category == ATTACHMENT_CATEGORY_NONE && strpos($attachment['mimetype'], 'image') === false)
 	{
 		$attachment['mimetype'] = ($browser_agent == 'ie' || $browser_agent == 'opera') ? 'application/octetstream' : 'application/octet-stream';
 	}
 
+	if (@ob_get_length())
+	{
+		@ob_end_clean();
+	}
+	
 	// Now the tricky part... let's dance
-	@ob_end_clean();
-	@ini_set('zlib.output_compression', 'Off');
 	header('Pragma: public');
-	header('Content-Transfer-Encoding: none');
 
 	// Send out the Headers
 	header('Content-Type: ' . $attachment['mimetype'] . '; name="' . $attachment['real_filename'] . '"');
@@ -119,115 +222,112 @@ function send_file_to_browser($attachment, $upload_dir, $category)
 	{
 		header("Content-length: $size");
 	}
-	readfile($filename);
-
-	exit;
-}
-
-// Start session management
-$user->start();
-$auth->acl($user->data);
-$user->setup();
-
-if (!$download_id)
-{
-	trigger_error('NO_ATTACHMENT_SELECTED');
-}
-
-if (!$config['allow_attachments'])
-{
-	trigger_error('ATTACHMENT_FUNCTIONALITY_DISABLED');
-}
+	$result = @readfile($filename);
 	
-$sql = 'SELECT *
-	FROM ' . ATTACHMENTS_DESC_TABLE . "
-	WHERE attach_id = $download_id";
-$result = $db->sql_query($sql);
-
-if (!($attachment = $db->sql_fetchrow($result)))
-{
-	trigger_error('ERROR_NO_ATTACHMENT');
-}
-
-// get forum_id for attachment authorization or private message authorization
-$authorised = FALSE;
-
-// Additional query, because of more than one attachment assigned to posts and private messages
-$sql = 'SELECT a.*, p.forum_id, f.forum_password, f.parent_id
-	FROM ' . ATTACHMENTS_TABLE . ' a, ' . POSTS_TABLE . ' p, ' . FORUMS_TABLE . ' f
-	WHERE a.attach_id = ' . $attachment['attach_id'] . '
-		AND ((a.post_id = p.post_id AND p.forum_id = f.forum_id) 
-			OR a.post_id = 0)';
-$result = $db->sql_query($sql);
-
-while ($row = $db->sql_fetchrow($result))
-{
-	if ($row['post_id'] && $auth->acl_get('f_download', $row['forum_id']))
+	if (!$result)
 	{
-		if ($row['forum_password'])
-		{
-			// Do something else ... ?
-			login_forum_box($row);
-		}
-
-		$authorised = TRUE;
-		break;
-	}
-	else
-	{
-		if ($config['allow_pm_attach'] && ($user->data['user_id'] == $row['user_id_2'] || $user->data['user_id'] == $row['user_id_1']))
-		{
-			$authorised = TRUE;
-			break;
-		}
-	}
-}
-$db->sql_freeresult($result);
-
-if (!$authorised)
-{
-	trigger_error('SORRY_AUTH_VIEW_ATTACH');
-}
-
-$extensions = array();
-obtain_attach_extensions($extensions);
-
-// disallowed ?
-if (!in_array($attachment['extension'], $extensions['_allowed_']))
-{
-	trigger_error(sprintf($lang['EXTENSION_DISABLED_AFTER_POSTING'], $attachment['extension']));
-}
-
-$download_mode = intval($extensions[$attachment['extension']]['download_mode']);
-
-if ($thumbnail)
-{
-	$attachment['physical_filename'] = 'thumbs/t_' . $attachment['physical_filename'];
-}
-
-// Update download count
-if (!$thumbnail)
-{
-	$sql = 'UPDATE ' . ATTACHMENTS_DESC_TABLE . ' 
-		SET download_count = download_count + 1 
-		WHERE attach_id = ' . $attachment['attach_id'];
-	$db->sql_query($sql);
-}
-
-// Determine the 'presenting'-method
-if ($download_mode == PHYSICAL_LINK)
-{
-	if ($config['use_ftp_upload'] && $config['upload_dir'] == '')
-	{
-		trigger_error($user->lang['PHYSICAL_DOWNLOAD_NOT_POSSIBLE']);
+		trigger_error('Unable to deliver file.<br />Error was: ' . $php_errormsg, E_USER_WARNING);
 	}
 
-	redirect($config['upload_dir'] . '/' . $attachment['physical_filename']);
-}
-else
-{
-	send_file_to_browser($attachment, $config['upload_dir'], $extensions[$attachment['extension']]['display_cat']);
+	flush();
 	exit;
 }
 
+/**
+* Check if downloading item is allowed
+*/
+function download_allowed()
+{
+	global $config, $user, $db;
+
+	if (!$config['secure_downloads'])
+	{
+		return true;
+	}
+
+	$url = (getenv('HTTP_REFERER')) ? trim(getenv('HTTP_REFERER')) : trim($_SERVER['HTTP_REFERER']);
+
+	if (!$url)
+	{
+		return ($config['secure_allow_empty_referer']) ? true : false;
+	}
+
+	// Split URL into domain and script part
+	$url = explode('?', str_replace(array('http://', 'https://'), array('', ''), $url));
+	$hostname = trim($url[0]);
+	unset($url);
+
+	$allowed = ($config['secure_allow_deny']) ? false : true;
+	$iplist = array();
+
+	$ip_ary = gethostbynamel($hostname);
+
+	foreach ($ip_ary as $ip)
+	{
+		if ($ip)
+		{
+			$iplist[] = $ip;
+		}
+	}
+	
+	// Check for own server...
+	if (preg_match('#^.*?' . $config['server_name'] . '.*?$#i', $hostname))
+	{
+		$allowed = true;
+	}
+	
+	// Get IP's and Hostnames
+	if (!$allowed)
+	{
+		$sql = 'SELECT site_ip, site_hostname, ip_exclude
+			FROM ' . SITELIST_TABLE;
+		$result = $db->sql_query($sql);
+
+		while ($row = $db->sql_fetchrow($result))
+		{
+			$site_ip = trim($row['site_ip']);
+			$site_hostname = trim($row['site_hostname']);
+
+			if ($site_ip)
+			{
+				foreach ($iplist as $ip)
+				{
+					if (preg_match('#^' . str_replace('*', '.*?', $site_ip) . '$#i', $ip))
+					{
+						if ($row['ip_exclude'])
+						{
+							$allowed = ($config['secure_allow_deny']) ? false : true;
+							break 2;
+						}
+						else
+						{
+							$allowed = ($config['secure_allow_deny']) ? true : false;
+						}
+					}
+				}
+			}
+
+			if ($site_hostname)
+			{
+				if (preg_match('#^' . str_replace('*', '.*?', $site_hostname) . '$#i', $hostname))
+				{
+					if ($row['ip_exclude'])
+					{
+						$allowed = ($config['secure_allow_deny']) ? false : true;
+						break;
+					}
+					else
+					{
+						$allowed = ($config['secure_allow_deny']) ? true : false;
+					}
+				}
+			}
+		}
+
+		$db->sql_freeresult($result);
+	}
+	
+	return $allowed;
+}
+
 ?>

phpBB/extension.inc

@@ -1,25 +0,0 @@
-<?php
-/***************************************************************************  
- *                               extension.inc
- *                            -------------------                         
- *   begin                : Saturday, Feb 13, 2001 
- *   copyright            : (C) 2001 The phpBB Group        
- *   email                : support@phpbb.com                           
- *                                                          
- *   $Id$
- *                                                            
- * 
- ***************************************************************************/ 
-
-//
-// Change this if your extension is not .php!
-//
-$phpEx = 'php';
-
-//
-// For debug timing
-// 
-$starttime = explode(' ', microtime());
-$starttime = $starttime[1] + $starttime[0];
-
-?>

phpBB/faq.php

@@ -1,73 +1,55 @@
 <?php
-/***************************************************************************
- *                                  faq.php
- *                            -------------------
- *   begin                : Sunday, Jul 8, 2001
- *   copyright            : (C) 2001 The phpBB Group
- *   email                : support@phpbb.com
- *
- *   $Id$
- *
- ***************************************************************************/
-
-/***************************************************************************
- *
- *   This program is free software; you can redistribute it and/or modify
- *   it under the terms of the GNU General Public License as published by
- *   the Free Software Foundation; either version 2 of the License, or
- *   (at your option) any later version.
- *
- ***************************************************************************/
+/** 
+*
+* @package phpBB3
+* @version $Id$
+* @copyright (c) 2005 phpBB Group 
+* @license http://opensource.org/licenses/gpl-license.php GNU Public License 
+*
+*/
 
+/**
+*/
 define('IN_PHPBB', true);
 $phpbb_root_path = './';
-include($phpbb_root_path . 'extension.inc');
+$phpEx = substr(strrchr(__FILE__, '.'), 1);
 include($phpbb_root_path . 'common.'.$phpEx);
 
 // Start session management
-$user->start();
+$user->session_begin();
 $auth->acl($user->data);
-
 $user->setup();
 
+$mode = request_var('mode', '');
 
 // Load the appropriate faq file
-if (isset($_GET['mode']))
+switch ($mode)
 {
-	switch($_GET['mode'])
-	{
-		case 'bbcode':
-			$lang_file = 'lang_bbcode';
-			$l_title = $lang['BBCode_guide'];
-			break;
-		default:
-			$lang_file = 'lang_faq';
-			$l_title = $lang['FAQ'];
-			break;
-	}
-}
-else
-{
-	$lang_file = 'lang_faq';
-	$l_title = $lang['FAQ'];
-}
+	case 'bbcode':
+		$l_title = $user->lang['BBCODE_GUIDE'];
+		$user->add_lang('bbcode', false, true);
+		break;
 
-include($user->lang_path . $lang_file . '.' . $phpEx);
+	default:
+		$l_title = $user->lang['FAQ'];
+		$user->add_lang('faq', false, true);
+		break;
+}
 
 // Pull the array data from the lang pack
 $j = 0;
 $counter = 0;
 $counter_2 = 0;
-$faq_block = array();
-$faq_block_titles = array();
+$help_block = array();
+$help_block_titles = array();
 
-for($i = 0; $i < count($faq); $i++)
+foreach ($user->help as $help_ary)
 {
-	if ($faq[$i][0] != '--')
+	if ($help_ary[0] != '--')
 	{
-		$faq_block[$j][$counter]['id'] = $counter_2;
-		$faq_block[$j][$counter]['question'] = $faq[$i][0];
-		$faq_block[$j][$counter]['answer'] = $faq[$i][1];
+		$help_block[$j][$counter]['id'] = $counter_2;
+		$help_block[$j][$counter]['question'] = $help_ary[0];
+		$help_block[$j][$counter]['answer'] = $help_ary[1];
 
 		$counter++;
 		$counter_2++;
@@ -76,7 +58,7 @@ for($i = 0; $i < count($faq); $i++)
 	{
 		$j = ($counter != 0) ? $j + 1 : 0;
 
-		$faq_block_titles[$j] = $faq[$i][1];
+		$help_block_titles[$j] = $help_ary[1];
 
 		$counter = 0;
 	}
@@ -84,39 +66,36 @@ for($i = 0; $i < count($faq); $i++)
 
 //
 // Lets build a page ...
-//
 $template->assign_vars(array(
-	'L_FAQ_TITLE' => $l_title,
-	'L_BACK_TO_TOP' => $lang['Back_to_top'])
+	'L_FAQ_TITLE'	=> $l_title,
+	'L_BACK_TO_TOP'	=> $user->lang['BACK_TO_TOP'])
 );
 
-for($i = 0; $i < count($faq_block); $i++)
+for ($i = 0, $size = sizeof($help_block); $i < $size; $i++)
 {
-	if (count($faq_block[$i]))
+	if (sizeof($help_block[$i]))
 	{
 		$template->assign_block_vars('faq_block', array(
-			'BLOCK_TITLE' => $faq_block_titles[$i])
+			'BLOCK_TITLE' => $help_block_titles[$i])
 		);
 
 		$template->assign_block_vars('faq_block_link', array(
-			'BLOCK_TITLE' => $faq_block_titles[$i])
+			'BLOCK_TITLE' => $help_block_titles[$i])
 		);
 
-		for($j = 0; $j < count($faq_block[$i]); $j++)
+		for ($j = 0, $_size = sizeof($help_block[$i]); $j < $_size; $j++)
 		{
 			$template->assign_block_vars('faq_block.faq_row', array(
-				'FAQ_QUESTION' => $faq_block[$i][$j]['question'],
-				'FAQ_ANSWER' => $faq_block[$i][$j]['answer'],
+				'FAQ_QUESTION' => $help_block[$i][$j]['question'],
+				'FAQ_ANSWER' => $help_block[$i][$j]['answer'],
 
-				'S_ROW_COUNT' => $j,
-				'U_FAQ_ID' => $faq_block[$i][$j]['id'])
+				'U_FAQ_ID' => $help_block[$i][$j]['id'])
 			);
 
 			$template->assign_block_vars('faq_block_link.faq_row_link', array(
-				'FAQ_LINK' => $faq_block[$i][$j]['question'],
+				'FAQ_LINK' => $help_block[$i][$j]['question'],
 
-				'S_ROW_COUNT' => $j,
-				'U_FAQ_LINK' => '#' . $faq_block[$i][$j]['id'])
+				'U_FAQ_LINK' => '#' . $help_block[$i][$j]['id'])
 			);
 		}
 	}

phpBB/includes/acm/acm_db.php

@@ -1,50 +1,64 @@
 <?php
-/***************************************************************************
- *                                acm_db.php
- *                            -------------------
- *   begin                : Saturday, Feb 13, 2001
- *   copyright            : (C) 2001 The phpBB Group
- *   email                : support@phpbb.com
- *
- *   $Id$
- *
- ***************************************************************************/
-
-/***************************************************************************
- *
- *   This program is free software; you can redistribute it and/or modify
- *   it under the terms of the GNU General Public License as published by
- *   the Free Software Foundation; either version 2 of the License, or
- *   (at your option) any later version.
- *
- ***************************************************************************/
+/**
+*
+* @package acm_db
+* @version $Id$
+* @copyright (c) 2005 phpBB Group 
+* @license http://opensource.org/licenses/gpl-license.php GNU Public License 
+*
+*/
 
+/**
+* @package acm_db
+* ACM Database Caching
+*/
 class acm
 {
-	var $is_modified = FALSE;
+	// Contains all loaded variables
 	var $vars = '';
 
+	// Contains the names of the variables that are ready to be used
+	// (iow, variables that have been unserialized)
+	var $var_ready = array();
+
+	// Contains variables that have been updated or destroyed this session
+	var $var_expires = array();
+
+	// Contains variables that have already been requested
+	// If a variable has been requested but not loaded, it simply means it
+	// wasn't found in the db
+	var $var_requested = array();
+
 	function load($var_names = '')
 	{
 		global $db;
 		$this->vars = array();
 
-		$sql = 'SELECT var_name, var_ts, var_data
-			FROM ' . CACHE_TABLE;
-		
-		if (!empty($var_names))
+		if (is_array($var_names))
 		{
-			$sql .= " WHERE var_name IN ('" . implode("', '", $var_names) . "')";
+			$var_requested = $var_names;
+			$sql_condition = "var_name IN ('" . implode("', '", $var_names) . "')";
+		}
+		else
+		{
+//			$sql_condition = "var_name NOT LIKE '\_%'";
+			$sql_condition = "LEFT(var_name, 1) <> '_'";
 		}
 
+		$sql = 'SELECT var_name, var_data
+			FROM ' . CACHE_TABLE . '
+			WHERE var_expires > ' . time() . "
+				AND $sql_condition";
 		$result = $db->sql_query($sql);
 
 		while ($row = $db->sql_fetchrow($result))
 		{
-			$this->vars[$row['var_name']] = array(
-				'data'	=>	unserialize($row['var_data']),
-				'ts'		=>	intval($row['var_ts'])
-			);
+			$this->vars[$row['var_name']] = $row['var_data'];
+
+			if (!$var_names)
+			{
+				$var_requested[] = $row['var_name'];
+			}
 		}
 	}
 
@@ -54,118 +68,160 @@ class acm
 		unset($this->vars);
 	}
 
-	function save() 
+	function save()
 	{
-		if (!$this->is_modified)
-		{
-			return;
-		}
-
 		global $db;
 
 		$delete = $insert = array();
-		foreach ($this->vars as $var_name => $var_ary)
+		foreach ($this->var_expires as $var_name => $expires)
 		{
-			if (!empty($var_ary['is_modified']))
+			if ($expires == 'now')
 			{
-				if (!empty($var_ary['delete']))
-				{
-					$delete[] = $var_name;
-				}
-				else
-				{
-					$delete[] = $var_name;
-					$insert[] = "'$var_name', " . time() . ", '" . $db->sql_escape(serialize($var_ary['data'])) . "'";
-				}
-
-				$db->sql_query($sql);
+				$delete[] = $var_name;
+			}
+			else
+			{
+				$delete[] = $var_name;
+				$insert[] = "'$var_name', $expires, '" . $db->sql_escape(serialize($this->vars[$var_name])) . "'";
 			}
 		}
+		$this->var_expires = array();
 
-		if (count($delete))
+		if (sizeof($delete))
 		{
 			$sql = 'DELETE FROM ' . CACHE_TABLE . "
 				WHERE var_name IN ('" . implode("', '", $delete) . "')";
 			$db->sql_query($sql);
 		}
-		if (count($insert))
+
+		if (sizeof($insert))
 		{
 			switch (SQL_LAYER)
 			{
 				case 'mysql':
-					$sql = 'INSERT INTO ' . CACHE_TABLE . ' (var_name, var_ts, var_data)
+				case 'mysql4':
+				case 'mysqli':
+					$sql = 'INSERT INTO ' . CACHE_TABLE . ' (var_name, var_expires, var_data)
 						VALUES (' . implode('), (', $insert) . ')';
 					$db->sql_query($sql);
 				break;
-			
+
 				default:
 					foreach ($insert as $values)
 					{
-						$sql = 'INSERT INTO ' . CACHE_TABLE . " (var_name, var_ts, var_data)
+						$sql = 'INSERT INTO ' . CACHE_TABLE . " (var_name, var_expires, var_data)
 							VALUES ($values)";
 						$db->sql_query($sql);
 					}
 			}
 		}
-
-		$this->is_modified = FALSE;
 	}
 
-	function tidy($max_age = 0)
+	function tidy()
 	{
 		global $db;
 
 		$sql = 'DELETE FROM ' . CACHE_TABLE . '
-			WHERE var_ts < ' . (time() - $max_age);
+			WHERE var_expires < ' . time();
 		$db->sql_query($sql);
+
+		set_config('cache_last_gc', time(), true);
 	}
 
-	function get($var_name, $max_age = 0)
-	{
-		return ($this->exists($var_name, $max_age)) ? $this->vars[$var_name]['data'] : NULL;
-	}
-
-	function put($var_name, $var_data)
-	{
-		$this->vars[$var_name] = array(
-			'data'			=>	$var_data,
-			'ts'				=>	time(),
-			'is_modified'	=>	TRUE
-		);
-
-		$this->is_modified = TRUE;
-	}
-
-	function destroy($var_name, $void = NULL)
-	{
-		if (isset($this->vars[$var_name]))
-		{
-			$this->is_modified = TRUE;
-
-			$this->vars[$var_name] = array(
-				'is_modified'	=>	TRUE,
-				'delete'			=>	TRUE
-			);
-		}
-	}
-
-	function exists($var_name, $max_age = 0)
+	function get($var_name)
 	{
 		if (!is_array($this->vars))
 		{
 			$this->load();
 		}
 
-		if ($max_age > 0 && isset($this->vars[$var_name]))
+		if ($var_name{0} == '_')
 		{
-			if ($this->vars[$var_name]['ts'] + $max_age < time())
+			if (!in_array($this->var_requested, $var_name))
 			{
-				$this->destroy($var_name);
-				return FALSE;
+				$this->var_requested[] = $var_name;
+
+				global $db;
+				$sql = 'SELECT var_data
+					FROM ' . CACHE_TABLE . "
+					WHERE var_name = '$var_name'
+						AND var_expires > " . time();
+				$result = $db->sql_query($sql);
+				if ($row = $db->sql_fetchrow($result))
+				{
+					$this->vars[$var_name] = $row['var_data'];
+				}
 			}
 		}
 
+		if ($this->exists($var_name))
+		{
+			if (empty($this->var_ready[$var_name]))
+			{
+				$this->vars[$var_name] = unserialize($this->vars[$var_name]);
+				$this->var_ready[$var_name] = TRUE;
+			}
+
+			return $this->vars[$var_name];
+		}
+		else
+		{
+			return NULL;
+		}
+	}
+
+	function put($var_name, $var_data, $ttl = 31536000)
+	{
+		$this->vars[$var_name] = $var_data;
+
+		if ($var_name{0} == '_')
+		{
+			global $db;
+
+			switch (SQL_LAYER)
+			{
+				case 'mysql':
+				case 'mysql4':
+				case 'mysqli':
+					$INSERT = 'REPLACE';
+				break;
+			
+				default:
+					$sql = 'DELETE FROM ' . CACHE_TABLE . "
+						WHERE var_name = '$var_name'";
+					$db->sql_query($sql);
+
+					$INSERT = 'INSERT';
+			}
+
+			$sql = "$INSERT INTO " . CACHE_TABLE . " (var_name, var_expires, var_data)
+				VALUES ('$var_name', " . (time() + $ttl) . ", '" . $db->sql_escape(serialize($var_data)) . "')";
+			$db->sql_query($sql);
+		}
+		else
+		{
+			$this->var_expires[$var_name] = time() + $ttl;
+		}
+	}
+
+	function destroy($var_name, $void = NULL)
+	{
+		if (isset($this->vars[$var_name]))
+		{
+			$this->var_expires[$var_name] = 'now';
+			unset($this->vars[$var_name]);
+		}
+	}
+
+	function exists($var_name)
+	{
+		if (!is_array($this->vars))
+		{
+			$this->load();
+		}
+
 		return isset($this->vars[$var_name]);
 	}
 }
+
 ?>

phpBB/includes/acm/acm_file.php

@@ -1,29 +1,22 @@
 <?php
-/***************************************************************************
- *                              acm_file.php
- *                            -------------------
- *   begin                : Saturday, Feb 13, 2001
- *   copyright            : (C) 2001 The phpBB Group
- *   email                : support@phpbb.com
- *
- *   $Id$
- *
- ***************************************************************************/
-
-/***************************************************************************
- *
- *   This program is free software; you can redistribute it and/or modify
- *   it under the terms of the GNU General Public License as published by
- *   the Free Software Foundation; either version 2 of the License, or
- *   (at your option) any later version.
- *
- ***************************************************************************/
+/** 
+*
+* @package acm_file
+* @version $Id$
+* @copyright (c) 2005 phpBB Group 
+* @license http://opensource.org/licenses/gpl-license.php GNU Public License 
+*
+*/
 
+/**
+* @package acm_file
+* ACM File Based Caching
+*/
 class acm
 {
-	var $vars = '';
-	var $vars_ts = array();
-	var $is_modified = FALSE;
+	var $vars = array();
+	var $var_expires = array();
+	var $is_modified = false;
 
 	var $sql_rowset = array();
 
@@ -36,14 +29,21 @@ class acm
 	function load()
 	{
 		global $phpEx;
-		@include($this->cache_dir . 'data_global.' . $phpEx);
+		if (file_exists($this->cache_dir . 'data_global.' . $phpEx))
+		{
+			include($this->cache_dir . 'data_global.' . $phpEx);
+		}
+		else
+		{
+			return false;
+		}
 	}
 
 	function unload()
 	{
 		$this->save();
 		unset($this->vars);
-		unset($this->vars_ts);
+		unset($this->var_expires);
 		unset($this->sql_rowset);
 	}
 
@@ -55,7 +55,7 @@ class acm
 		}
 
 		global $phpEx;
-		$file = '<?php $this->vars=' . $this->format_array($this->vars) . ";\n\$this->vars_ts=" . $this->format_array($this->vars_ts) . ' ?>';
+		$file = '<?php $this->vars=' . $this->format_array($this->vars) . ";\n\$this->var_expires=" . $this->format_array($this->var_expires) . ' ?>';
 
 		if ($fp = @fopen($this->cache_dir . 'data_global.' . $phpEx, 'wb'))
 		{
@@ -65,22 +65,24 @@ class acm
 			fclose($fp);
 		}
 
-		$this->is_modified = FALSE;
+		$this->is_modified = false;
 	}
 
-	function tidy($max_age = 0)
+	function tidy()
 	{
 		global $phpEx;
 
 		$dir = opendir($this->cache_dir);
 		while ($entry = readdir($dir))
 		{
-			if (substr($entry, 0, 4) != 'sql_')
+			if (!preg_match('/^(sql_|data_(?!global))/', $entry))
 			{
 				continue;
 			}
 
-			if (time() > filemtime($this->cache_dir . $entry) + $max_age)
+			$expired = true;
+			include($this->cache_dir . $entry);
+			if ($expired)
 			{
 				unlink($this->cache_dir . $entry);
 			}
@@ -89,35 +91,64 @@ class acm
 
 		if (file_exists($this->cache_dir . 'data_global.' . $phpEx))
 		{
-			foreach ($this->vars_ts as $var_name => $timestamp)
+			if (!sizeof($this->vars))
 			{
-				if (time() > $timestamp + $max_age)
+				$this->load();
+			}
+
+			foreach ($this->var_expires as $var_name => $expires)
+			{
+				if (time() > $expires)
 				{
 					$this->destroy($var_name);
 				}
 			}
 		}
+		
+		set_config('cache_last_gc', time(), true);
+	}
+
+	function get($var_name)
+	{
+		if ($var_name{0} == '_')
+		{
+			global $phpEx;
+
+			include($this->cache_dir . 'data' . $var_name . ".$phpEx");
+			return (isset($data)) ? $data : NULL;
+		}
 		else
 		{
-			$this->vars = $this->vars_ts = array();
+			return ($this->exists($var_name)) ? $this->vars[$var_name] : NULL;
+		}
+	}
+
+	function put($var_name, $var, $ttl = 31536000)
+	{
+		if ($var_name{0} == '_')
+		{
+			global $phpEx;
+
+			if ($fp = @fopen($this->cache_dir . 'data' . $var_name . ".$phpEx", 'wb'))
+			{
+				@flock($fp, LOCK_EX);
+				fwrite($fp, "<?php\n\$expired = (time() > " . (time() + $ttl) . ") ? TRUE : FALSE;\nif (\$expired) { return; }\n\n\$data = unserialize('" . str_replace("'", "\\'", str_replace('\\', '\\\\', serialize($var))) . "');\n?>");
+				@flock($fp, LOCK_UN);
+				fclose($fp);
+			}
+		}
+		else
+		{
+			$this->vars[$var_name] = $var;
+			$this->var_expires[$var_name] = time() + $ttl;
 			$this->is_modified = TRUE;
 		}
 	}
 
-	function get($var_name, $max_age = 0)
-	{
-		return ($this->exists($var_name, $max_age)) ? $this->vars[$var_name] : NULL;
-	}
-
-	function put($var_name, $var)
-	{
-		$this->vars[$var_name] = $var;
-		$this->vars_ts[$var_name] = time();
-		$this->is_modified = TRUE;
-	}
-
 	function destroy($var_name, $table = '')
 	{
+		global $phpEx;
+
 		if ($var_name == 'sql' && !empty($table))
 		{
 			$regex = '(' . ((is_array($table)) ? implode('|', $table) : $table) . ')';
@@ -141,31 +172,39 @@ class acm
 			}
 			@closedir($dir);
 		}
+		elseif ($var_name{0} == '_')
+		{
+			@unlink($this->cache_dir . 'data' . $var_name . ".$phpEx");
+		}
 		elseif (isset($this->vars[$var_name]))
 		{
 			$this->is_modified = TRUE;
 			unset($this->vars[$var_name]);
-			unset($this->vars_ts[$var_name]);
+			unset($this->var_expires[$var_name]);
 		}
 	}
 
-	function exists($var_name, $max_age = 0)
+	function exists($var_name)
 	{
-		if (!is_array($this->vars))
+		if ($var_name{0} == '_')
 		{
-			$this->load();
+			global $phpEx;
+			return file_exists($this->cache_dir . 'data' . $var_name . ".$phpEx");
 		}
-
-		if ($max_age > 0 && isset($this->vars_ts[$var_name]))
+		else
 		{
-			if (time() > $this->vars_ts[$var_name] + $max_age)
+			if (!sizeof($this->vars))
 			{
-				$this->destroy($var_name);
-				return FALSE;
+				$this->load();
 			}
-		}
 
-		return isset($this->vars[$var_name]);
+			if (!isset($this->var_expires[$var_name]))
+			{
+				return false;
+			}
+
+			return (time() > $this->var_expires[$var_name]) ? false : isset($this->vars[$var_name]);
+		}
 	}
 
 	function format_array($array)
@@ -187,34 +226,41 @@ class acm
 			}
 			else
 			{
-				$lines[] = "'$k'=>'" . str_replace("'", "\'", str_replace('\\', '\\\\', $v)) . "'";
+				$lines[] = "'$k'=>'" . str_replace("'", "\\'", str_replace('\\', '\\\\', $v)) . "'";
 			}
 		}
 		return 'array(' . implode(',', $lines) . ')';
 	}
 
-	function sql_load($query, $max_age)
+	function sql_load($query)
 	{
 		global $phpEx;
 
 		// Remove extra spaces and tabs
 		$query = preg_replace('/[\n\r\s\t]+/', ' ', $query);
+		$query_id = 'Cache id #' . sizeof($this->sql_rowset);
 
-		$filemtime = intval(@filemtime($this->cache_dir . 'sql_' . md5($query) . '.' . $phpEx));
-		if (time() > $filemtime + $max_age)
+		if (!file_exists($this->cache_dir . 'sql_' . md5($query) . ".$phpEx"))
+		{
+			return false;
+		}
+
+		@include($this->cache_dir . 'sql_' . md5($query) . ".$phpEx");
+
+		if (!isset($expired))
 		{
 			return FALSE;
 		}
-
-		include($this->cache_dir . 'sql_' . md5($query) . '.' . $phpEx);
-
-		$query_id = 'Cache id #' . count($this->sql_rowset);
-		$this->sql_rowset[$query_id] = $rowset;
+		elseif ($expired)
+		{
+			unlink($this->cache_dir . 'sql_' . md5($query) . ".$phpEx");
+			return FALSE;
+		}
 
 		return $query_id;
 	}
 
-	function sql_save($query, &$query_result)
+	function sql_save($query, &$query_result, $ttl)
 	{
 		global $db, $phpEx;
 
@@ -226,22 +272,18 @@ class acm
 			@flock($fp, LOCK_EX);
 
 			$lines = array();
-			$query_id = 'Cache id #' . count($this->sql_rowset);
+			$query_id = 'Cache id #' . sizeof($this->sql_rowset);
 			$this->sql_rowset[$query_id] = array();
 
 			while ($row = $db->sql_fetchrow($query_result))
 			{
 				$this->sql_rowset[$query_id][] = $row;
 
-				$line = 'array(';
-				foreach ($row as $key => $val)
-				{
-					$line .= "'$key'=>'" . str_replace("'", "\'", str_replace('\\', '\\\\', $val)) . "',";
-				}
-				$lines[] = substr($line, 0, -1) . ')';
+				$lines[] = "unserialize('" . str_replace("'", "\\'", str_replace('\\', '\\\\', serialize($row))) . "')";
 			}
+			$db->sql_freeresult($query_result);
 
-			fwrite($fp, "<?php\n\n/*\n$query\n*/\n\n\$rowset = array(" . implode(',', $lines) . ') ?>');
+			fwrite($fp, "<?php\n\n/*\n$query\n*/\n\n\$expired = (time() > " . (time() + $ttl) . ") ? TRUE : FALSE;\nif (\$expired) { return; }\n\n\$this->sql_rowset[\$query_id] = array(" . implode(',', $lines) . ') ?>');
 			@flock($fp, LOCK_UN);
 			fclose($fp);
 
@@ -259,4 +301,5 @@ class acm
 		return array_shift($this->sql_rowset[$query_id]);
 	}
 }
+
 ?>

phpBB/includes/acm/acm_main.php

@@ -0,0 +1,310 @@
+<?php
+/** 
+*
+* @package acm
+* @version $Id$
+* @copyright (c) 2005 phpBB Group 
+* @license http://opensource.org/licenses/gpl-license.php GNU Public License 
+*
+*/
+
+/**
+* @package acm
+* Class for grabbing/handling cached entries, extends acm_file or acm_db depending on the setup
+*/
+class cache extends acm
+{
+	/**
+	* Get config values
+	*/
+	function obtain_config()
+	{
+		global $db;
+
+		if ($config = $this->get('config'))
+		{
+			$sql = 'SELECT config_name, config_value
+				FROM ' . CONFIG_TABLE . '
+				WHERE is_dynamic = 1';
+			$result = $db->sql_query($sql);
+
+			while ($row = $db->sql_fetchrow($result))
+			{
+				$config[$row['config_name']] = $row['config_value'];
+			}
+			$db->sql_freeresult($result);
+		}
+		else
+		{
+			$config = $cached_config = array();
+
+			$sql = 'SELECT config_name, config_value, is_dynamic
+				FROM ' . CONFIG_TABLE;
+			$result = $db->sql_query($sql);
+
+			while ($row = $db->sql_fetchrow($result))
+			{
+				if (!$row['is_dynamic'])
+				{
+					$cached_config[$row['config_name']] = $row['config_value'];
+				}
+
+				$config[$row['config_name']] = $row['config_value'];
+			}
+			$db->sql_freeresult($result);
+
+			$this->put('config', $cached_config);
+		}
+	
+		return $config;
+	}
+
+	/**
+	* Obtain list of naughty words and build preg style replacement arrays for use by the
+	* calling script
+	*/
+	function obtain_word_list(&$censors)
+	{
+		global $db, $user;
+
+		if (!$user->optionget('viewcensors') && $config['allow_nocensors'])
+		{
+			return false;
+		}
+
+		if ($this->exists('word_censors'))
+		{
+			$censors = $this->get('word_censors');
+		}
+		else
+		{
+			$sql = 'SELECT word, replacement
+				FROM  ' . WORDS_TABLE;
+			$result = $db->sql_query($sql);
+
+			$censors = array();
+			while ($row = $db->sql_fetchrow($result))
+			{
+				$censors['match'][] = '#\b(' . str_replace('\*', '\w*?', preg_quote($row['word'], '#')) . ')\b#i';
+				$censors['replace'][] = $row['replacement'];
+			}
+			$db->sql_freeresult($result);
+
+			$this->put('word_censors', $censors);
+		}
+
+		return true;
+	}
+
+	/**
+	* Obtain currently listed icons
+	*/
+	function obtain_icons(&$icons)
+	{
+		global $db;
+
+		if ($this->exists('icons'))
+		{
+			$icons = $this->get('icons');
+		}
+		else
+		{
+			// Topic icons
+			$sql = 'SELECT *
+				FROM ' . ICONS_TABLE . '
+				ORDER BY icons_order';
+			$result = $db->sql_query($sql);
+
+			$icons = array();
+			while ($row = $db->sql_fetchrow($result))
+			{
+				$icons[$row['icons_id']]['img'] = $row['icons_url'];
+				$icons[$row['icons_id']]['width'] = (int) $row['icons_width'];
+				$icons[$row['icons_id']]['height'] = (int) $row['icons_height'];
+				$icons[$row['icons_id']]['display'] = (bool) $row['display_on_posting'];
+			}
+			$db->sql_freeresult($result);
+
+			$this->put('icons', $icons);
+		}
+
+		return;
+	}
+
+	/**
+	* Obtain ranks
+	*/
+	function obtain_ranks(&$ranks)
+	{
+		global $db;
+
+		if ($this->exists('ranks'))
+		{
+			$ranks = $this->get('ranks');
+		}
+		else
+		{
+			$sql = 'SELECT *
+				FROM ' . RANKS_TABLE . '
+				ORDER BY rank_min DESC';
+			$result = $db->sql_query($sql);
+
+			$ranks = array();
+			while ($row = $db->sql_fetchrow($result))
+			{
+				if ($row['rank_special'])
+				{
+					$ranks['special'][$row['rank_id']] = array(
+						'rank_title'	=>	$row['rank_title'],
+						'rank_image'	=>	$row['rank_image']
+					);
+				}
+				else
+				{
+					$ranks['normal'][] = array(
+						'rank_title'	=>	$row['rank_title'],
+						'rank_min'		=>	$row['rank_min'],
+						'rank_image'	=>	$row['rank_image']
+					);
+				}
+			}
+			$db->sql_freeresult($result);
+
+			$this->put('ranks', $ranks);
+		}
+
+		return;
+	}
+
+	/**
+	* Obtain allowed extensions
+	*/
+	function obtain_attach_extensions(&$extensions, $forum_id = false)
+	{
+		global $db;
+
+		if ($this->exists('extensions'))
+		{
+			$extensions = $this->get('extensions');
+		}
+		else
+		{
+			// The rule is to only allow those extensions defined. ;)
+			$sql = 'SELECT e.extension, g.*
+				FROM ' . EXTENSIONS_TABLE . ' e, ' . EXTENSION_GROUPS_TABLE . ' g
+				WHERE e.group_id = g.group_id
+					AND g.allow_group = 1';
+			$result = $db->sql_query($sql);
+
+			$extensions = array();
+			while ($row = $db->sql_fetchrow($result))
+			{
+				$extension = strtolower(trim($row['extension']));
+
+				$extensions[$extension] = array(
+					'display_cat'	=> (int) $row['cat_id'],
+					'download_mode'	=> (int) $row['download_mode'],
+					'upload_icon'	=> trim($row['upload_icon']),
+					'max_filesize'	=> (int) $row['max_filesize']
+				);
+
+				$allowed_forums = ($row['allowed_forums']) ? unserialize(trim($row['allowed_forums'])) : array();
+
+				if ($row['allow_in_pm'])
+				{
+					$allowed_forums = array_merge($allowed_forums, array(0));
+				}
+
+				// Store allowed extensions forum wise
+				$extensions['_allowed_'][$extension] = (!sizeof($allowed_forums)) ? 0 : $allowed_forums;
+			}
+			$db->sql_freeresult($result);
+
+			$this->put('extensions', $extensions);
+		}
+
+		if ($forum_id !== false)
+		{
+			$return = array();
+
+			foreach ($extensions['_allowed_'] as $extension => $check)
+			{
+				$allowed = false;
+
+				if (is_array($check))
+				{
+					// Check for private messaging
+					if (sizeof($check) == 1 && $check[0] == 0)
+					{
+						$allowed = true;
+						continue;
+					}
+
+					$allowed = (!in_array($forum_id, $check)) ? false : true;
+				}
+				else
+				{
+					$allowed = ($forum_id == 0) ? false : true;
+				}
+			
+				if ($allowed)
+				{
+					$return['_allowed_'][$extension] = 0;
+					$return[$extension] = $extensions[$extension];
+				}
+			}
+
+			$extensions = $return;
+		}
+
+		return;
+	}
+
+	/**
+	* Obtain active bots
+	*/
+	function obtain_bots(&$bots)
+	{
+		global $db;
+
+		if ($this->exists('bots'))
+		{
+			$bots = $this->get('bots');
+		}
+		else
+		{
+			switch (SQL_LAYER)
+			{
+				case 'mssql':
+				case 'mssql_odbc':
+					$sql = 'SELECT user_id, bot_agent, bot_ip 
+						FROM ' . BOTS_TABLE . '
+						WHERE bot_active = 1
+					ORDER BY LEN(bot_agent) DESC';
+				break;
+	
+				// LENGTH supported by MySQL, IBM DB2 and Oracle for sure...
+				default:
+					$sql = 'SELECT user_id, bot_agent, bot_ip 
+						FROM ' . BOTS_TABLE . '
+						WHERE bot_active = 1
+					ORDER BY LENGTH(bot_agent) DESC';
+				break;
+			}
+			$result = $db->sql_query($sql);
+		
+			while ($row = $db->sql_fetchrow($result))
+			{
+				$bots[] = $row;
+			}
+			$db->sql_freeresult($result);
+
+			$this->put('bots', $bots);
+		}
+	
+		return;
+	}
+
+}
+
+?>

phpBB/includes/auth/auth_apache.php

@@ -1,16 +1,26 @@
 <?php
+/**
+* Apache auth plug-in for phpBB3
+*
+* Authentication plug-ins is largely down to Sergey Kanareykin, our thanks to him.
+*
+* This is for initial authentication via Apaches basic realm authentication methods,
+* user data is then obtained from the integrated user table
+*
+* You can do any kind of checking you like here ... the return data format is
+* either the resulting row of user information, an integer zero (indicating an
+* inactive user) or some error string
+*
+* @package login
+* @version $Id$
+* @copyright (c) 2005 phpBB Group 
+* @license http://opensource.org/licenses/gpl-license.php GNU Public License 
+*
+*/
 
-// Apache auth plug-in for phpBB 2.2
-// $Id$
-//
-// Authentication plug-ins is largely down to Sergey Kanareykin, our thanks to him.
-//
-// This is for initial authentication via Apaches basic realm authentication methods,
-// user data is then obtained from the integrated user table
-//
-// You can do any kind of checking you like here ... the return data format is
-// either the resulting row of user information, an integer zero (indicating an
-// inactive user) or some error string
+/**
+* Login function
+*/
 function login_apache(&$username, &$password)
 {
 	global $db;
@@ -20,15 +30,15 @@ function login_apache(&$username, &$password)
 
 	if ($php_auth_user && $php_auth_pw)
 	{
-		$sql = "SELECT user_id, username, user_password, user_email, user_active
-			FROM " . USERS_TABLE . "
+		$sql = ' user_id, username, user_password, user_passchg, user_email, user_type 
+			FROM ' . USERS_TABLE . "
 			WHERE username = '" . $db->sql_escape($username) . "'";
 		$result = $db->sql_query($sql);
 
 		if ($row = $db->sql_fetchrow($result))
 		{
 			$db->sql_freeresult($result);
-			return (empty($row['user_active'])) ? 0 : $row;
+			return ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE) ? 0 : $row;
 		}
 	}
 

phpBB/includes/auth/auth_db.php

@@ -1,21 +1,31 @@
 <?php
+/**
+* Database auth plug-in for phpBB3
+*
+* Authentication plug-ins is largely down to Sergey Kanareykin, our thanks to him.
+*
+* This is for authentication via the integrated user table
+*
+* You can do any kind of checking you like here ... the return data format is
+* either the resulting row of user information, an integer zero (indicating an
+* inactive user) or some error string
+*
+* @package login
+* @version $Id$
+* @copyright (c) 2005 phpBB Group 
+* @license http://opensource.org/licenses/gpl-license.php GNU Public License 
+*
+*/
 
-// Database auth plug-in for phpBB 2.2
-// $Id$
-//
-// Authentication plug-ins is largely down to Sergey Kanareykin, our thanks to him.
-//
-// This is for authentication via the integrated user table
-//
-// You can do any kind of checking you like here ... the return data format is
-// either the resulting row of user information, an integer zero (indicating an
-// inactive user) or some error string
+/**
+* Login function
+*/
 function login_db(&$username, &$password)
 {
 	global $db, $config;
 
-	$sql = "SELECT user_id, username, user_password, user_email, user_active
-		FROM " . USERS_TABLE . "
+	$sql = 'SELECT user_id, username, user_password, user_passchg, user_email, user_type
+		FROM ' . USERS_TABLE . "
 		WHERE username = '" . $db->sql_escape($username) . "'";
 	$result = $db->sql_query($sql);
 
@@ -24,7 +34,7 @@ function login_db(&$username, &$password)
 		$db->sql_freeresult($result);
 		if (md5($password) == $row['user_password'])
 		{
-			return (empty($row['user_active'])) ? 0 : $row;
+			return ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE) ? 0 : $row;
 		}
 	}
 

phpBB/includes/auth/auth_ldap.php

@@ -1,16 +1,27 @@
 <?php
+/** 
+*
+* LDAP auth plug-in for phpBB3
+*
+* Authentication plug-ins is largely down to Sergey Kanareykin, our thanks to him.
+*
+* This is for initial authentication via an LDAP server, user information is then
+* obtained from the integrated user table
+*
+* You can do any kind of checking you like here ... the return data format is
+* either the resulting row of user information, an integer zero (indicating an
+* inactive user) or some error string
+*
+* @package login
+* @version $Id$
+* @copyright (c) 2005 phpBB Group 
+* @license http://opensource.org/licenses/gpl-license.php GNU Public License 
+*
+*/
 
-// LDAP auth plug-in for phpBB 2.2
-// $Id$
-//
-// Authentication plug-ins is largely down to Sergey Kanareykin, our thanks to him.
-//
-// This is for initial authentication via an LDAP server, user information is then
-// obtained from the integrated user table
-//
-// You can do any kind of checking you like here ... the return data format is
-// either the resulting row of user information, an integer zero (indicating an
-// inactive user) or some error string
+/**
+* Login function
+*/
 function login_ldap(&$username, &$password)
 {
 	global $db, $config;
@@ -28,21 +39,21 @@ function login_ldap(&$username, &$password)
 	$search = @ldap_search($ldap, $config['ldap_base_dn'], $config['ldap_uid'] . '=' . $username, array($config['ldap_uid']));
 	$result = @ldap_get_entries($ldap, $search);
 
-	if (is_array($result) && count($result) > 1)
+	if (is_array($result) && sizeof($result) > 1)
 	{
 		if (@ldap_bind($ldap, $result[0]['dn'], $password))
 		{
 			@ldap_close($ldap);
 
-			$sql = "SELECT user_id, username, user_password, user_email, user_active
-				FROM " . USERS_TABLE . "
+			$sql ='SELECT user_id, username, user_password, user_passchg, user_email, user_type
+				FROM ' . USERS_TABLE . "
 				WHERE username = '" . $db->sql_escape($username) . "'";
 			$result = $db->sql_query($sql);
 
 			if ($row = $db->sql_fetchrow($result))
 			{
 				$db->sql_freeresult($result);
-				return (empty($row['user_active'])) ? 0 : $row;
+				return ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE) ? 0 : $row;
 			}
 		}
 	}
@@ -52,8 +63,10 @@ function login_ldap(&$username, &$password)
 	return false;
 }
 
-// This function is used to output any required fields in the authentication
-// admin panel. It also defines any required configuration table fields.
+/**
+* This function is used to output any required fields in the authentication
+* admin panel. It also defines any required configuration table fields.
+*/
 function admin_ldap(&$new)
 {
 	global $user;
@@ -78,11 +91,13 @@ function admin_ldap(&$new)
 
 }
 
-// Would be nice to allow syncing of 'appropriate' data when user updates
-// their username, password, etc. ... should be up to the plugin what data
-// is updated.
-//
-// $mode perhaps being one of NEW, UPDATE, DELETE
+/**
+* Would be nice to allow syncing of 'appropriate' data when user updates
+* their username, password, etc. ... should be up to the plugin what data
+* is updated.
+*
+* @param new|update|delete $mode defining the action to take on user updates
+*/
 function usercp_ldap($mode)
 {
 	global $db, $config;

phpBB/includes/bbcode.php

@@ -1,24 +1,17 @@
 <?php
-/***************************************************************************
- *                              bbcode.php
- *                            -------------------
- *   begin                : Saturday, Feb 13, 2001
- *   copyright            : (C) 2001 The phpBB Group
- *   email                : support@phpbb.com
- *
- *   $Id$
- *
- ***************************************************************************/
-
-/***************************************************************************
- *
- *   This program is free software; you can redistribute it and/or modify
- *   it under the terms of the GNU General Public License as published by
- *   the Free Software Foundation; either version 2 of the License, or
- *   (at your option) any later version.
- *
- ***************************************************************************/
+/** 
+*
+* @package phpBB3
+* @version $Id$
+* @copyright (c) 2005 phpBB Group 
+* @license http://opensource.org/licenses/gpl-license.php GNU Public License 
+*
+*/
 
+/**
+* @package phpBB3
+* BBCode class
+*/
 class bbcode
 {
 	var $bbcode_uid = '';
@@ -26,6 +19,8 @@ class bbcode
 	var $bbcode_cache = array();
 	var $bbcode_template = array();
 
+	var $bbcodes = array();
+
 	var $template_bitfield = 0;
 	var $template_filename = '';
 
@@ -38,27 +33,26 @@ class bbcode
 		}
 	}
 
-	function bbcode_second_pass(&$message, $bbcode_uid = '', $bbcode_bitfield = FALSE)
+	function bbcode_second_pass(&$message, $bbcode_uid = '', $bbcode_bitfield = false)
 	{
 		if ($bbcode_uid)
 		{
 			$this->bbcode_uid = $bbcode_uid;
 		}
 
-		if ($bbcode_bitfield !== FALSE)
+		if ($bbcode_bitfield !== false)
 		{
 			$this->bbcode_bitfield = $bbcode_bitfield;
+
+			// Init those added with a new bbcode_bitfield (already stored codes will not get parsed again)
+			$this->bbcode_cache_init();
 		}
+
 		if (!$this->bbcode_bitfield)
 		{
 			return $message;
 		}
 
-		if (empty($this->bbcode_cache))
-		{
-			$this->bbcode_cache_init();
-		}
-
 		$str = array('search' => array(), 'replace' => array());
 		$preg = array('search' => array(), 'replace' => array());
 
@@ -67,28 +61,34 @@ class bbcode
 		{
 			if ($this->bbcode_bitfield & (1 << $bbcode_id))
 			{
-				foreach ($this->bbcode_cache[$bbcode_id] as $type => $array)
+				if (!empty($this->bbcode_cache[$bbcode_id]))
 				{
-					foreach ($array as $search => $replace)
+					foreach ($this->bbcode_cache[$bbcode_id] as $type => $array)
 					{
-						${$type}['search'][] = str_replace('$uid', $this->bbcode_uid, $search);
-						${$type}['replace'][] = $replace;
+						foreach ($array as $search => $replace)
+						{
+							${$type}['search'][] = str_replace('$uid', $this->bbcode_uid, $search);
+							${$type}['replace'][] = $replace;
+						}
 
+						if (sizeof($str['search']))
+						{
+							$message = str_replace($str['search'], $str['replace'], $message);
+							$str = array('search' => array(), 'replace' => array());
+						}
+
+						if (sizeof($preg['search']))
+						{
+							$message = preg_replace($preg['search'], $preg['replace'], $message);
+							$preg = array('search' => array(), 'replace' => array());
+						}
 					}
 				}
 			}
 		}
 
-		if (count($str['search']))
-		{
-			$message = str_replace($str['search'], $str['replace'], $message);
-		}
-		if (count($preg['search']))
-		{
-			$message = preg_replace($preg['search'], $preg['replace'], $message);
-		}
-
-		return $message;
+		// Remove the uid from tags that have not been transformed into HTML
+		$message = str_replace(':' . $this->bbcode_uid, '', $message);
 	}
 	
 	//
@@ -99,21 +99,19 @@ class bbcode
 	//
 	function bbcode_cache_init()
 	{
+		global $user, $phpbb_root_path;
+
 		if (empty($this->template_filename))
 		{
-			global $user, $phpbb_root_path;
-
 			$style = 'primary';
 			if (!empty($user->theme['secondary']))
 			{
-				$merged_bitfield = $user->theme['primary']['bbcode_bitfield'] | $user->theme['secondary']['bbcode_bitfield'];
+				// If the primary style has custom templates for BBCodes then we'll make sure
+				// the bbcode.html file is present, otherwise we'll use the secondary style
 
-				// If any of styles has a specific template for any of applicable
-				// bbcodes then load the primary bbcode.html if present, otherwise
-				// load the secondary bbcode.html file
-				if ($this->bbcode_bitfield & $merged_bitfield)
+				if ($this->bbcode_bitfield & $user->theme['primary']['bbcode_bitfield'])
 				{
-					$style = (file_exists($phpbb_root_path . 'styles/templates/' . $user->theme['primary']['template_path'] . '/bbcode.html')) ? 'primary' : 'secondary';
+					$style = (file_exists($phpbb_root_path . 'styles/' . $user->theme['primary']['template_path'] . '/template/bbcode.html')) ? 'primary' : 'secondary';
 				}
 			}
 
@@ -132,23 +130,22 @@ class bbcode
 				// do not try to re-cache it if it's already in
 				continue;
 			}
-			$bbcode_ids[$bbcode_id] = $bbcode_id;
+			$bbcode_ids[] = $bbcode_id;
 
-			// WARNING: hardcoded values. it assumes that bbcodes with bbcode_id > 11 are user-defined bbcodes
-			if ($bbcode_id > 11)
+			if ($bbcode_id > NUM_CORE_BBCODES)
 			{
-				$sql .= (($sql) ? ',' : '') . $bbcode_id . ',';
+				$sql .= (($sql) ? ',' : '') . $bbcode_id;
 			}
 		}
-/*
+
 		if ($sql)
 		{
 			global $db;
 			$rowset = array();
 
-			$sql = 'SELECT bbcode_id, second_pass_regexp, second_pass_replacement
+			$sql = 'SELECT *
 				FROM ' . BBCODES_TABLE . "
-				WHERE bbcode_id IN ($sql);
+				WHERE bbcode_id IN ($sql)";
 
 			$result = $db->sql_query($sql);
 			while ($row = $db->sql_fetchrow($result))
@@ -157,7 +154,6 @@ class bbcode
 			}
 			$db->sql_freeresult($result);
 		}
-*/
 
 		foreach ($bbcode_ids as $bbcode_id)
 		{
@@ -166,11 +162,10 @@ class bbcode
 				case 0:
 					$this->bbcode_cache[$bbcode_id] = array(
 						'str' => array(
-							'[quote:$uid]'	=>	$this->bbcode_tpl('quote_open', $bbcode_id),
 							'[/quote:$uid]'	=>	$this->bbcode_tpl('quote_close', $bbcode_id)
 						),
 						'preg' => array(
-							'#\[quote="(.*?)":$uid\]#'	=>	$this->bbcode_tpl('quote_username_open', $bbcode_id)
+							'#\[quote(?:=&quot;(.*?)&quot;)?:$uid\](.)#ise'	=>	"\$this->bbcode_second_pass_quote('\$1', '\$2')"
 						)
 					);
 				break;
@@ -193,7 +188,7 @@ class bbcode
 					));
 				break;
 				case 4:
-					if ($user->data['user_viewimg'])
+					if ($user->optionget('viewimg'))
 					{
 						$this->bbcode_cache[$bbcode_id] = array('preg' => array(
 							'#\[img:$uid\](.*?)\[/img:$uid\]#s'		=>	$this->bbcode_tpl('img', $bbcode_id)
@@ -202,7 +197,7 @@ class bbcode
 					else
 					{
 						$this->bbcode_cache[$bbcode_id] = array('preg' => array(
-							'#\[img:$uid\](.*?)\[/img:$uid\]#s'		=>	str_replace('\\2', '[ img ]', $this->bbcode_tpl('url', $bbcode_id))
+							'#\[img:$uid\](.*?)\[/img:$uid\]#s'		=>	str_replace('$2', '[ img ]', $this->bbcode_tpl('url', $bbcode_id))
 						));
 					}
 				break;
@@ -224,32 +219,34 @@ class bbcode
 				break;
 				case 8:
 					$this->bbcode_cache[$bbcode_id] = array('preg' => array(
-						'#\[code(?:=([a-z]+))?:$uid\](.*?)\[/code:$uid\]#ise'	=>	"\$this->bbcode_second_pass_code('\\1', '\\2')"
+						'#\[code(?:=([a-z]+))?:$uid\](.*?)\[/code:$uid\]#ise'	=>	"\$this->bbcode_second_pass_code('\$1', '\$2')"
 					));
 				break;
 				case 9:
 					$this->bbcode_cache[$bbcode_id] = array(
-						'str' => array(
-							'[list:$uid]'			=>	$this->bbcode_tpl('ulist_open_default', $bbcode_id),
-							'[/list:u:$uid]'		=>	$this->bbcode_tpl('ulist_close', $bbcode_id),
-							'[/list:o:$uid]'		=>	$this->bbcode_tpl('olist_close', $bbcode_id),
-							'[*:$uid]'				=>	$this->bbcode_tpl('listitem', $bbcode_id),
-							'[/*:$uid]'				=>	$this->bbcode_tpl('listitem_close', $bbcode_id),
-							'[/*:m:$uid]'			=>	$this->bbcode_tpl('listitem_close', $bbcode_id)
-						),
 						'preg' => array(
-							'#\[list=([^\[]+):$uid\]#e'	=>	"\$this->bbcode_list('\\1')",
-						)
+							'#(\[\/?(list|\*):[mou]?:?$uid\])[\n]{1}#'	=> "\$1",
+							'#(\[list=([^\[]+):$uid\])[\n]{1}#'	=> "\$1",
+							'#\[list=([^\[]+):$uid\]#e'	=>	"\$this->bbcode_list('\$1')",
+						),
+						'str' => array(
+							'[list:$uid]'		=>	$this->bbcode_tpl('ulist_open_default', $bbcode_id),
+							'[/list:u:$uid]'	=>	$this->bbcode_tpl('ulist_close', $bbcode_id),
+							'[/list:o:$uid]'	=>	$this->bbcode_tpl('olist_close', $bbcode_id),
+							'[*:$uid]'			=>	$this->bbcode_tpl('listitem', $bbcode_id),
+							'[/*:$uid]'			=>	$this->bbcode_tpl('listitem_close', $bbcode_id),
+							'[/*:m:$uid]'		=>	$this->bbcode_tpl('listitem_close', $bbcode_id)
+						),
 					);
 				break;
 				case 10:
 					$this->bbcode_cache[$bbcode_id] = array('preg' => array(
-							'#\[email:$uid\]((.*?))\[/email:$uid\]#is'		=>	$this->bbcode_tpl('email', $bbcode_id),
+							'#\[email:$uid\]((.*?))\[/email:$uid\]#is'				=>	$this->bbcode_tpl('email', $bbcode_id),
 							'#\[email=([^\[]+):$uid\](.*?)\[/email:$uid\]#is'	=>	$this->bbcode_tpl('email', $bbcode_id)
 					));
 				break;
 				case 11:
-					if ($user->data['user_viewflash'])
+					if ($user->optionget('viewflash'))
 					{
 						$this->bbcode_cache[$bbcode_id] = array('preg' => array(
 							'#\[flash=([0-9]+),([0-9]+):$uid\](.*?)\[/flash:$uid\]#'	=>	$this->bbcode_tpl('flash', $bbcode_id)
@@ -258,20 +255,75 @@ class bbcode
 					else
 					{
 						$this->bbcode_cache[$bbcode_id] = array('preg' => array(
-							'#\[flash=([0-9]+),([0-9]+):$uid\](.*?)\[/flash:$uid\]#'	=>	str_replace('\\1', '\\3', str_replace('\\2', '[ flash ]', $this->bbcode_tpl('url', $bbcode_id)))
+							'#\[flash=([0-9]+),([0-9]+):$uid\](.*?)\[/flash:$uid\]#'	=>	str_replace('$1', '$3', str_replace('$2', '[ flash ]', $this->bbcode_tpl('url', $bbcode_id)))
 						));
 					}
 				break;
+				case 12:
+					$this->bbcode_cache[$bbcode_id] = array(
+						'str'	=> array(
+							'[/attachment:$uid]'	=> $this->bbcode_tpl('inline_attachment_close', $bbcode_id)),
+						'preg'	=> array(
+							'#\[attachment=([0-9]+):$uid\]#'	=> $this->bbcode_tpl('inline_attachment_open', $bbcode_id))
+					);
+					break;
 				default:
 					if (isset($rowset[$bbcode_id]))
 					{
-						$this->bbcode_cache[$bbcode_id] = array(
-							'preg' => array($rowset[$bbcode_id]['second_pass_regexp'], $rowset[$bbcode_id]['second_pass_replacement'])
-						);
+						if ($this->template_bitfield & (1 << $bbcode_id))
+						{
+							// The bbcode requires a custom template to be loaded
+
+							if (!$bbcode_tpl = $this->bbcode_tpl($rowset[$bbcode_id]['bbcode_tag'], $bbcode_id))
+							{
+								// For some reason, the required template seems not to be available,
+								// use the default template
+
+								$bbcode_tpl = (!empty($rowset[$bbcode_id]['second_pass_replace'])) ? $rowset[$bbcode_id]['second_pass_replace'] : $rowset[$bbcode_id]['bbcode_tpl'];
+							}
+							else
+							{
+								// In order to use templates with custom bbcodes we need
+								// to replace all {VARS} to corresponding backreferences
+								// Note that backreferences are numbered from bbcode_match
+
+								if (preg_match_all('/\{(URL|EMAIL|TEXT|COLOR|NUMBER)[0-9]*\}/', $rowset[$bbcode_id]['bbcode_match'], $m))
+								{
+									foreach ($m[0] as $i => $tok)
+									{
+										$bbcode_tpl = str_replace($tok, '$' . ($i + 1), $bbcode_tpl);
+									}
+								}
+							}
+						}
+						else
+						{
+							// Default template
+
+							$bbcode_tpl = (!empty($rowset[$bbcode_id]['second_pass_replace'])) ? $rowset[$bbcode_id]['second_pass_replace'] : $rowset[$bbcode_id]['bbcode_tpl'];
+						}
+
+						// Replace {L_*} lang strings
+						$bbcode_tpl = preg_replace('/{L_([A-Z_]+)}/e', "(!empty(\$user->lang['\$1'])) ? \$user->lang['\$1'] : ucwords(strtolower(str_replace'_', ' ', '\$1')))", $bbcode_tpl);
+
+						if (!empty($rowset[$bbcode_id]['second_pass_replace']))
+						{
+							// The custom BBCode requires second-pass pattern replacements
+
+							$this->bbcode_cache[$bbcode_id] = array(
+								'preg' => array($rowset[$bbcode_id]['second_pass_match'] => $bbcode_tpl)
+							);
+						}
+						else
+						{
+							$this->bbcode_cache[$bbcode_id] = array(
+								'str' => array($rowset[$bbcode_id]['second_pass_match'] => $bbcode_tpl)
+							);
+						}
 					}
 					else
 					{
-						$this->bbcode_cache[$bbcode_id] = array();
+						$this->bbcode_cache[$bbcode_id] = FALSE;
 					}
 			}
 		}
@@ -282,23 +334,22 @@ class bbcode
 		if (empty($bbcode_hardtpl))
 		{
 			static $bbcode_hardtpl = array(
-				'b_open'		=>	'<span style="font-weight: bold">',
-				'b_close'		=>	'</span>',
-				'i_open'		=>	'<span style="font-style: italic">',
-				'i_close'		=>	'</span>',
-				'u_open'		=>	'<span style="text-decoration: underline">',
-				'u_close'		=>	'</span>',
-				'url'			=>	'<a href="\1" target="_blank">\2</a>',
-				'img'			=>	'<img src="\1" border="0" />',
-				'size'			=>	'<span style="font-size: \1px; line-height: normal">\2</span>',
-				'color'			=>	'<span style="color: \1">\2</span>',
-				'email'			=>	'<a href="mailto:\1">\2</a>'
+				'b_open'	=>	'<span style="font-weight: bold">',
+				'b_close'	=>	'</span>',
+				'i_open'	=>	'<span style="font-style: italic">',
+				'i_close'	=>	'</span>',
+				'u_open'	=>	'<span style="text-decoration: underline">',
+				'u_close'	=>	'</span>',
+				'img'		=>	'<img src="$1" border="0" />',
+				'size'		=>	'<span style="font-size: $1px; line-height: normal">$2</span>',
+				'color'		=>	'<span style="color: $1">$2</span>',
+				'email'		=>	'<a href="mailto:$1">$2</a>'
 			);
 		}
 
 		if ($bbcode_id != -1 && !($this->template_bitfield & (1 << $bbcode_id)))
 		{
-			return $bbcode_hardtpl[$tpl_name];
+			return (isset($bbcode_hardtpl[$tpl_name])) ? $bbcode_hardtpl[$tpl_name] : FALSE;
 		}
 
 		if (empty($this->bbcode_template))
@@ -318,28 +369,30 @@ class bbcode
 			$tpl = preg_replace("/\n[\n\r\s\t]*/", '', $tpl);
 
 			// Turn template blocks into PHP assignment statements for the values of $bbcode_tpl..
-			$tpl = preg_replace('#<!-- BEGIN (.*?) -->(.*?)<!-- END (.*?) -->#', "\n" . "\$this->bbcode_template['\\1'] = \$this->bbcode_tpl_replace('\\1','\\2');", $tpl);
+			$tpl = preg_replace('#<!-- BEGIN (.*?) -->(.*?)<!-- END (.*?) -->#', "\n" . "\$this->bbcode_template['\$1'] = \$this->bbcode_tpl_replace('\$1','\$2');", $tpl);
 
 			$this->bbcode_template = array();
 			eval($tpl);
 		}
 
-		return $this->bbcode_template[$tpl_name];
+		return (isset($this->bbcode_template[$tpl_name])) ? $this->bbcode_template[$tpl_name] : ((isset($bbcode_hardtpl[$tpl_name])) ? $bbcode_hardtpl[$tpl_name] : FALSE);
 	}
 	
 	function bbcode_tpl_replace($tpl_name, $tpl)
 	{
+		global $user;
+		
 		static $replacements = array(
-			'quote_username_open'	=>	array('{USERNAME}'	=>	'\\1'),
-			'color'					=>	array('{COLOR}'		=>	'\\1', 'TEXT'			=>	'\\2'),
-			'size'					=>	array('{SIZE}'		=>	'\\1', 'TEXT'			=>	'\\2'),
-			'img'					=>	array('{URL}'		=>	'\\1'),
-			'flash'					=>	array('{WIDTH}'		=>	'\\1', '{HEIGHT}'		=>	'\\2', '{URL}'		=>	'\\3'),
-			'url'					=>	array('{URL}'		=>	'\\1', '{DESCRIPTION}'	=>	'\\2'),
-			'email'					=>	array('{EMAIL}'		=>	'\\1', '{DESCRIPTION}'	=>	'\\2')
+			'quote_username_open'	=>	array('{USERNAME}'	=>	'$1'),
+			'color'					=>	array('{COLOR}'		=>	'$1', '{TEXT}'			=>	'$2'),
+			'size'					=>	array('{SIZE}'		=>	'$1', '{TEXT}'			=>	'$2'),
+			'img'					=>	array('{URL}'		=>	'$1'),
+			'flash'					=>	array('{WIDTH}'		=>	'$1', '{HEIGHT}'		=>	'$2', '{URL}'	=>	'$3'),
+			'url'					=>	array('{URL}'		=>	'$1', '{DESCRIPTION}'	=>	'$2'),
+			'email'					=>	array('{EMAIL}'		=>	'$1', '{DESCRIPTION}'	=>	'$2')
 		);
 
-		$tpl = preg_replace('/{L_([A-Z_]+)}/e', "(!empty(\$user->lang['\\1'])) ? \$user->lang['\\1'] : ucwords(strtolower('\\1'))", $tpl);
+		$tpl = preg_replace('/{L_([A-Z_]+)}/e', "(!empty(\$user->lang['\$1'])) ? \$user->lang['\$1'] : ucwords(strtolower(str_replace('_', ' ', '\$1')))", $tpl);
 
 		if (!empty($replacements[$tpl_name]))
 		{
@@ -391,7 +444,7 @@ class bbcode
 		{
 			$tpl = 'olist_open';
 			$type = 'arabic-numbers';
-			$start = intval($chr);
+			$start = intval($type);
 		}
 		else
 		{
@@ -403,17 +456,48 @@ class bbcode
 		return str_replace('{LIST_TYPE}', $type, $this->bbcode_tpl($tpl));
 	}
 
+	function bbcode_second_pass_quote($username, $quote)
+	{
+		// when using the /e modifier, preg_replace slashes double-quotes but does not
+		// seem to slash anything else
+		$quote = str_replace('\"', '"', $quote);
+
+		// remove newline at the beginning
+		if ($quote{0} == "\n")
+		{
+			$quote = substr($quote, 1);
+		}
+
+		$quote = (($username) ? str_replace('$1', $username, $this->bbcode_tpl('quote_username_open')) : $this->bbcode_tpl('quote_open')) . $quote;
+
+		return $quote;
+	}
+
 	function bbcode_second_pass_code($type, $code)
 	{
-		$code = stripslashes($code);
+		// when using the /e modifier, preg_replace slashes double-quotes but does not
+		// seem to slash anything else
+		$code = str_replace('\"', '"', $code);
 
 		switch ($type)
 		{
 			case 'php':
+				// Not the english way, but valid because of hardcoded syntax highlighting
+				if (strpos($code, '<span class="syntaxdefault"><br /></span>') === 0)
+				{
+					$code = substr($code, 41);
+				}
+
 			default:
 				$code = str_replace("\t", '&nbsp; &nbsp;', $code);
 				$code = str_replace('  ', '&nbsp; ', $code);
 				$code = str_replace('  ', ' &nbsp;', $code);
+
+				// remove newline at the beginning
+				if ($code{0} == "\n")
+				{
+					$code = substr($code, 1);
+				}
 		}
 
 		$code = $this->bbcode_tpl('code_open') . $code . $this->bbcode_tpl('code_close');
@@ -421,4 +505,5 @@ class bbcode
 		return $code;
 	}
 }
+
 ?>

phpBB/includes/constants.php

@@ -0,0 +1,185 @@
+<?php
+/** 
+*
+* @package phpBB3
+* @version $Id$
+* @copyright (c) 2005 phpBB Group 
+* @license http://opensource.org/licenses/gpl-license.php GNU Public License 
+*
+*/
+
+/**
+*/
+
+// User related
+define('ANONYMOUS', 1);
+
+define('USER_ACTIVATION_NONE', 0);
+define('USER_ACTIVATION_SELF', 1);
+define('USER_ACTIVATION_ADMIN', 2);
+define('USER_ACTIVATION_DISABLE', 3);
+
+define('AVATAR_UPLOAD', 1);
+define('AVATAR_REMOTE', 2);
+define('AVATAR_GALLERY', 3);
+
+define('USER_NORMAL', 0);
+define('USER_INACTIVE', 1);
+define('USER_IGNORE', 2);
+define('USER_FOUNDER', 3);
+//define('USER_BOT', 2);
+//define('USER_GUEST', 4);
+
+// ACL
+define('ACL_NO', 0);
+define('ACL_YES', 1);
+define('ACL_UNSET', -1);
+
+// Group settings
+define('GROUP_OPEN', 0);
+define('GROUP_CLOSED', 1);
+define('GROUP_HIDDEN', 2);
+define('GROUP_SPECIAL', 3);
+define('GROUP_FREE', 4);
+
+// Forum/Topic states
+define('FORUM_CAT', 0);
+define('FORUM_POST', 1);
+define('FORUM_LINK', 2);
+define('ITEM_UNLOCKED', 0);
+define('ITEM_LOCKED', 1);
+define('ITEM_MOVED', 2);
+
+// Topic types
+define('POST_NORMAL', 0);
+define('POST_STICKY', 1);
+define('POST_ANNOUNCE', 2);
+define('POST_GLOBAL', 3);
+
+// Lastread types
+define('TRACK_NORMAL', 0);
+define('TRACK_POSTED', 1);
+
+// Notify methods
+define('NOTIFY_EMAIL', 0);
+define('NOTIFY_IM', 1);
+define('NOTIFY_BOTH', 2);
+
+// Email Priority Settings
+define('MAIL_LOW_PRIORITY', 4);
+define('MAIL_NORMAL_PRIORITY', 3);
+define('MAIL_HIGH_PRIORITY', 2);
+
+// Log types
+define('LOG_ADMIN', 0);
+define('LOG_MOD', 1);
+define('LOG_CRITICAL', 2);
+define('LOG_USERS', 3);
+
+// Private messaging - Do NOT change these values
+define('PRIVMSGS_HOLD_BOX', -4);
+define('PRIVMSGS_NO_BOX', -3);
+define('PRIVMSGS_OUTBOX', -2);
+define('PRIVMSGS_SENTBOX', -1);
+define('PRIVMSGS_INBOX', 0);
+
+// Full Folder Actions
+define('FULL_FOLDER_NONE', -3);
+define('FULL_FOLDER_DELETE', -2);
+define('FULL_FOLDER_HOLD', -1);
+
+// Download Modes - Attachments
+define('INLINE_LINK', 1);
+define('PHYSICAL_LINK', 2);
+
+// Categories - Attachments
+define('ATTACHMENT_CATEGORY_NONE', 0);
+define('ATTACHMENT_CATEGORY_IMAGE', 1); // Inline Images
+define('ATTACHMENT_CATEGORY_WM', 2); // Windows Media Files - Streaming
+define('ATTACHMENT_CATEGORY_RM', 3); // Real Media Files - Streaming
+define('ATTACHMENT_CATEGORY_THUMB', 4); // Not used within the database, only while displaying posts
+//define('SWF_CAT', 5); // Replaced by [flash]? or an additional possibility?
+
+// BBCode UID length
+define('BBCODE_UID_LEN', 5);
+
+// Number of core BBCodes
+define('NUM_CORE_BBCODES', 12);
+
+// Profile Field Types
+define('FIELD_INT', 1);
+define('FIELD_STRING', 2);
+define('FIELD_TEXT', 3);
+define('FIELD_BOOL', 4);
+define('FIELD_DROPDOWN', 5);
+define('FIELD_DATE', 6);
+
+// Table names
+define('ACL_GROUPS_TABLE', $table_prefix.'auth_groups');
+define('ACL_OPTIONS_TABLE', $table_prefix.'auth_options');
+define('ACL_DEPS_TABLE', $table_prefix.'auth_deps');
+define('ACL_PRESETS_TABLE', $table_prefix.'auth_presets');
+define('ACL_USERS_TABLE', $table_prefix.'auth_users');
+define('ATTACHMENTS_TABLE', $table_prefix.'attachments');
+define('BANLIST_TABLE', $table_prefix.'banlist');
+define('BBCODES_TABLE', $table_prefix.'bbcodes');
+define('BOOKMARKS_TABLE', $table_prefix.'bookmarks');
+define('BOTS_TABLE', $table_prefix.'bots');
+define('CACHE_TABLE', $table_prefix.'cache');
+define('CONFIG_TABLE', $table_prefix.'config');
+define('CONFIRM_TABLE', $table_prefix.'confirm');
+define('PROFILE_FIELDS_TABLE', $table_prefix.'profile_fields');
+define('PROFILE_LANG_TABLE', $table_prefix.'profile_lang');
+define('PROFILE_DATA_TABLE', $table_prefix.'profile_fields_data');
+define('PROFILE_FIELDS_LANG_TABLE', $table_prefix.'profile_fields_lang');
+define('DISALLOW_TABLE', $table_prefix.'disallow'); //
+define('DRAFTS_TABLE', $table_prefix.'drafts');
+define('EXTENSIONS_TABLE', $table_prefix.'extensions');
+define('EXTENSION_GROUPS_TABLE', $table_prefix.'extension_groups');
+define('FORUMS_TABLE', $table_prefix.'forums');
+define('FORUMS_ACCESS_TABLE', $table_prefix.'forum_access');
+define('FORUMS_TRACK_TABLE', $table_prefix.'forums_marking');
+define('FORUMS_WATCH_TABLE', $table_prefix.'forums_watch');
+define('GROUPS_TABLE', $table_prefix.'groups');
+define('GROUPS_MODERATOR_TABLE', $table_prefix.'groups_moderator');
+define('ICONS_TABLE', $table_prefix.'icons');
+define('LANG_TABLE', $table_prefix.'lang');
+define('LOG_TABLE', $table_prefix.'log');
+define('MODERATOR_TABLE', $table_prefix.'moderator_cache');
+define('MODULES_TABLE', $table_prefix . 'modules');
+define('POSTS_TABLE', $table_prefix.'posts');
+define('PRIVMSGS_TABLE', $table_prefix.'privmsgs');
+define('PRIVMSGS_TO_TABLE', $table_prefix.'privmsgs_to');
+define('PRIVMSGS_FOLDER_TABLE', $table_prefix.'privmsgs_folder');
+define('PRIVMSGS_RULES_TABLE', $table_prefix.'privmsgs_rules');
+define('RANKS_TABLE', $table_prefix.'ranks');
+define('RATINGS_TABLE', $table_prefix.'ratings');
+define('REPORTS_TABLE', $table_prefix.'reports');
+define('REASONS_TABLE', $table_prefix.'reports_reasons');
+define('SEARCH_TABLE', $table_prefix.'search_results');
+define('SEARCH_WORD_TABLE', $table_prefix.'search_wordlist');
+define('SEARCH_MATCH_TABLE', $table_prefix.'search_wordmatch');
+define('SESSIONS_TABLE', $table_prefix.'sessions');
+define('SESSIONS_KEYS_TABLE', $table_prefix.'sessions_keys');
+define('SITELIST_TABLE', $table_prefix.'sitelist');
+define('SMILIES_TABLE', $table_prefix.'smilies');
+define('STYLES_TABLE', $table_prefix.'styles');
+define('STYLES_TPL_TABLE', $table_prefix.'styles_template');
+define('STYLES_TPLDATA_TABLE', $table_prefix.'styles_template_data');
+define('STYLES_CSS_TABLE', $table_prefix.'styles_theme');
+define('STYLES_IMAGE_TABLE', $table_prefix.'styles_imageset');
+define('TOPICS_TABLE', $table_prefix.'topics');
+define('TOPICS_TRACK_TABLE', $table_prefix.'topics_marking');
+define('TOPICS_WATCH_TABLE', $table_prefix.'topics_watch');
+define('USER_GROUP_TABLE', $table_prefix.'user_group');
+define('USERS_TABLE', $table_prefix.'users');
+define('USERS_PASSWD_TABLE', $table_prefix.'users_passwd');
+define('USERS_NOTES_TABLE', $table_prefix.'users_notes');
+define('WORDS_TABLE', $table_prefix.'words');
+define('POLL_OPTIONS_TABLE', $table_prefix.'poll_results');
+define('POLL_VOTES_TABLE', $table_prefix.'poll_voters');
+define('ZEBRA_TABLE', $table_prefix.'zebra');
+
+// Additional constants
+
+?>

phpBB/includes/db/db2.php

@@ -1,30 +1,26 @@
 <?php
-/***************************************************************************
- *                                 db2.php
- *                            -------------------
- *   begin                : Saturday, Feb 13, 2001
- *   copyright            : (C) 2001 The phpBB Group
- *   email                : support@phpbb.com
- *
- *   $Id$
- *
- ***************************************************************************/
-
-/***************************************************************************
- *
- *   This program is free software; you can redistribute it and/or modify
- *   it under the terms of the GNU General Public License as published by
- *   the Free Software Foundation; either version 2 of the License, or
- *   (at your option) any later version.
- *
- ***************************************************************************/
+/** 
+*
+* @package dbal
+* @version $Id$
+* @copyright (c) 2005 phpBB Group 
+* @license http://opensource.org/licenses/gpl-license.php GNU Public License 
+*
+*/
 
+/**
+* @ignore
+*/
 if(!defined("SQL_LAYER"))
 {
 
 define("SQL_LAYER","db2");
 
-class sql_db
+/**
+* @package dbal
+* DB2 Database Abstraction Layer - not finished yet
+*/
+class dbal_db2 extends dbal
 {
 
 	var $db_connect_id;

phpBB/includes/db/dbal.php

@@ -0,0 +1,271 @@
+<?php
+/** 
+*
+* @package dbal
+* @version $Id$
+* @copyright (c) 2005 phpBB Group 
+* @license http://opensource.org/licenses/gpl-license.php GNU Public License 
+*
+*/
+
+/**
+* @package dbal
+* Database Abstraction Layer
+*/
+class dbal
+{
+	var $db_connect_id;
+	var $query_result;
+	var $return_on_error = false;
+	var $transaction = false;
+	var $sql_time = 0;
+	var $num_queries = 0;
+	var $open_queries = array();
+
+	var $curtime = 0;
+	var $query_hold = '';
+	var $html_hold = '';
+	var $sql_report = '';
+	var $cache_num_queries = 0;
+	
+	
+	/**
+	* return on error or display error message
+	*/
+	function sql_return_on_error($fail = false)
+	{
+		$this->return_on_error = $fail;
+	}
+
+	/**
+	* Return number of sql queries used (cached and real queries are counted the same)
+	*/
+	function sql_num_queries()
+	{
+		return $this->num_queries;
+	}
+
+	/**
+	* Build sql statement from array for insert/update/select statements
+	*
+	* Idea for this from Ikonboard
+	*/
+	function sql_build_array($query, $assoc_ary = false)
+	{
+		if (!is_array($assoc_ary))
+		{
+			return false;
+		}
+
+		$fields = array();
+		$values = array();
+		if ($query == 'INSERT')
+		{
+			foreach ($assoc_ary as $key => $var)
+			{
+				$fields[] = $key;
+
+				if (is_null($var))
+				{
+					$values[] = 'NULL';
+				}
+				elseif (is_string($var))
+				{
+					$values[] = "'" . $this->sql_escape($var) . "'";
+				}
+				else
+				{
+					$values[] = (is_bool($var)) ? intval($var) : $var;
+				}
+			}
+
+			$query = ' (' . implode(', ', $fields) . ') VALUES (' . implode(', ', $values) . ')';
+		}
+		else if ($query == 'MULTI_INSERT')
+		{
+			$ary = array();
+			foreach ($assoc_ary as $id => $sql_ary)
+			{
+				$values = array();
+				foreach ($sql_ary as $key => $var)
+				{
+					if (is_null($var))
+					{
+						$values[] = 'NULL';
+					}
+					elseif (is_string($var))
+					{
+						$values[] = "'" . $this->sql_escape($var) . "'";
+					}
+					else
+					{
+						$values[] = (is_bool($var)) ? intval($var) : $var;
+					}
+				}
+				$ary[] = '(' . implode(', ', $values) . ')';
+			}
+
+			$query = ' (' . implode(', ', array_keys($assoc_ary[0])) . ') VALUES ' . implode(', ', $ary);
+		}
+		else if ($query == 'UPDATE' || $query == 'SELECT')
+		{
+			$values = array();
+			foreach ($assoc_ary as $key => $var)
+			{
+				if (is_null($var))
+				{
+					$values[] = "$key = NULL";
+				}
+				elseif (is_string($var))
+				{
+					$values[] = "$key = '" . $this->sql_escape($var) . "'";
+				}
+				else
+				{
+					$values[] = (is_bool($var)) ? "$key = " . intval($var) : "$key = $var";
+				}
+			}
+			$query = implode(($query == 'UPDATE') ? ', ' : ' AND ', $values);
+		}
+
+		return $query;
+	}
+
+	/**
+	* display sql error page
+	*/
+	function sql_error($sql = '')
+	{
+		$error = $this->db_sql_error();
+
+		if (!$this->return_on_error)
+		{
+			$this_page = (isset($_SERVER['PHP_SELF']) && !empty($_SERVER['PHP_SELF'])) ? $_SERVER['PHP_SELF'] : $_ENV['PHP_SELF'];
+			$this_page .= '&' . ((isset($_SERVER['QUERY_STRING']) && !empty($_SERVER['QUERY_STRING'])) ? $_SERVER['QUERY_STRING'] : (isset($_ENV['QUERY_STRING']) ? $_ENV['QUERY_STRING'] : ''));
+
+			$message = '<u>SQL ERROR</u> [ ' . SQL_LAYER . ' ]<br /><br />' . $error['message'] . ' [' . $error['code'] . ']<br /><br /><u>CALLING PAGE</u><br /><br />'  . htmlspecialchars($this_page) . (($sql != '') ? '<br /><br /><u>SQL</u><br /><br />' . $sql : '') . '<br />';
+
+			if ($this->transaction)
+			{
+				$this->sql_transaction('rollback');
+			}
+			
+			trigger_error($message, E_USER_ERROR);
+		}
+		
+		return $error;
+	}
+
+	/**
+	* Explain queries
+	* @child _sql_report
+	*/
+	function sql_report($mode, $query = '')
+	{
+		global $cache, $starttime, $phpbb_root_path;
+
+		if (empty($_GET['explain']))
+		{
+			return;
+		}
+
+		if (!$query && $this->query_hold != '')
+		{
+			$query = $this->query_hold;
+		}
+
+		switch ($mode)
+		{
+			case 'display':
+				if (!empty($cache))
+				{
+					$cache->unload();
+				}
+				$this->sql_close();
+
+				$mtime = explode(' ', microtime());
+				$totaltime = $mtime[0] + $mtime[1] - $starttime;
+
+				echo '
+					<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8869-1"><meta http-equiv="Content-Style-Type" content="text/css"><link rel="stylesheet" href="' . $phpbb_root_path . 'adm/subSilver.css" type="text/css">
+					<style type="text/css">	th { background-image: url(\'' . $phpbb_root_path . 'adm/images/cellpic3.gif\') }	td.cat	{ background-image: url(\'' . $phpbb_root_path . 'adm/images/cellpic1.gif\') } </style>
+					<title>Explain</title></head><body>
+					<table width="100%" cellspacing="0" cellpadding="0" border="0"><tr>
+						<td><a href="' . htmlspecialchars(preg_replace('/&explain=([^&]*)/', '', $_SERVER['REQUEST_URI'])) . '"><img src="' . $phpbb_root_path . 'adm/images/header_left.jpg" width="200" height="60" alt="phpBB Logo" title="phpBB Logo" border="0" /></a></td>
+						<td width="100%" background="' . $phpbb_root_path . 'adm/images/header_bg.jpg" height="60" align="right" nowrap="nowrap"><span class="maintitle">SQL Report</span> &nbsp; &nbsp; &nbsp;</td>
+					</tr></table>
+					<br clear="all"/>
+					<table width="95%" cellspacing="1" cellpadding="4" border="0" align="center"><tr>
+						<td height="40" align="center" valign="middle"><b>Page generated in ' . round($totaltime, 4) . " seconds with {$this->num_queries} queries" . (($this->cache_num_queries) ? " + {$this->cache_num_queries} " . (($this->cache_num_queries == 1) ? 'query' : 'queries') . ' returning data from cache' : '') . '</b></td>
+					</tr><tr>
+						<td align="center" nowrap="nowrap">Time spent on MySQL queries: <b>' . round($this->sql_time, 5) . 's</b> | Time spent on PHP: <b>' . round($totaltime - $this->sql_time, 5) . 's</b></td>
+					</tr></table>
+					<table width="95%" cellspacing="1" cellpadding="4" border="0" align="center"><tr>
+						<td>
+				' . $this->sql_report . '</td>
+					</tr></table>
+					<br />
+					</body></html>
+				';
+				exit;
+				break;
+
+			case 'stop':
+				$endtime = explode(' ', microtime());
+				$endtime = $endtime[0] + $endtime[1];
+
+				$this->sql_report .= '
+					<hr width="100%"/><br />
+
+					<table class="bg" width="100%" cellspacing="1" cellpadding="4" border="0">
+					<tr>
+						<th>Query #' . $this->num_queries . '</th>
+					</tr>
+					<tr>
+						<td class="row1"><textarea style="font-family:\'Courier New\',monospace;width:100%" rows="5">' . preg_replace('/\t(AND|OR)(\W)/', "\$1\$2", htmlspecialchars(preg_replace('/[\s]*[\n\r\t]+[\n\r\s\t]*/', "\n", $query))) . '</textarea></td>
+					</tr>
+					</table> ' . $this->html_hold . '
+					<p align="center">
+				';
+
+				if ($this->query_result)
+				{
+					if (preg_match('/^(UPDATE|DELETE|REPLACE)/', $query))
+					{
+						$this->sql_report .= 'Affected rows: <b>' . $this->sql_affectedrows($this->query_result) . '</b> | ';
+					}
+					$this->sql_report .= 'Before: ' . sprintf('%.5f', $this->curtime - $starttime) . 's | After: ' . sprintf('%.5f', $endtime - $starttime) . 's | Elapsed: <b>' . sprintf('%.5f', $endtime - $this->curtime) . 's</b>';
+				}
+				else
+				{
+					$error = $this->sql_error();
+					$this->sql_report .= '<b style="color: red">FAILED</b> - ' . SQL_LAYER . ' Error ' . $error['code'] . ': ' . htmlspecialchars($error['message']);
+				}
+
+				$this->sql_report .= '</p>';
+
+				$this->sql_time += $endtime - $this->curtime;
+				break;
+
+			default:
+			
+				$this->_sql_report($mode, $query);
+
+			break;
+		}
+	}
+}
+
+/**
+*/
+if (!defined('IN_PHPBB'))
+{
+	exit;
+}
+
+/**
+* This variable holds the class name to use later
+*/
+$sql_db = 'dbal_' . $dbms;
+
+?>

phpBB/includes/db/firebird.php

@@ -1,54 +1,46 @@
 <?php
-/***************************************************************************
- *                                 firebird.php
- *                            -------------------
- *   begin                : Saturday, Feb 13, 2001
- *   copyright            :(C) 2001 The phpBB Group
- *   email                : support@phpbb.com
- *
- *   $Id$
- *
- ***************************************************************************/
-
-/***************************************************************************
- *
- *   This program is free software; you can redistribute it and/or modify
- *   it under the terms of the GNU General Public License as published by
- *   the Free Software Foundation; either version 2 of the License, or
- *  (at your option) any later version.
- *
- ***************************************************************************/
+/** 
+*
+* @package dbal
+* @version $Id$
+* @copyright (c) 2005 phpBB Group 
+* @license http://opensource.org/licenses/gpl-license.php GNU Public License 
+*
+*/
 
+/**
+* @ignore
+*/
 if (!defined('SQL_LAYER'))
 {
 
-define('SQL_LAYER', 'firebird');
+	define('SQL_LAYER', 'firebird');
+	include($phpbb_root_path . 'includes/db/dbal.' . $phpEx);
 
-class sql_db
+/**
+* @package dbal
+* Firebird/Interbase Database Abstraction Layer
+* Minimum Requirement is Firebird 1.5+/Interbase 7.1+
+*/
+class dbal_firebird extends dbal
 {
-	var $db_connect_id;
-	var $query_result;
-	var $return_on_error = false;
-	var $transaction = false;
-	var $sql_report = '';
-	var $sql_time = 0;
+	var $last_query_text = '';
 
-	function sql_connect($sqlserver, $sqluser, $sqlpassword, $database = '', $port = '', $persistency = false)
+	function sql_connect($sqlserver, $sqluser, $sqlpassword, $database, $port = false, $persistency = false)
 	{
-		$this->open_queries = array();
-		$this->num_queries = 0;
-
 		$this->persistency = $persistency;
 		$this->user = $sqluser;
-		$this->password = $sqlpassword;
-		$this->server = $sqlserver;
+		$this->server = $sqlserver . (($port) ? ':' . $port : '');
+		$this->dbname = $database;
 
-		$this->db_connect_id =($this->persistency) ? @ibase_pconnect($this->server, $this->user, $this->password, false, false, 3) : @ibase_connect($this->server, $this->user, $this->password, false, false, 3);
+		$this->db_connect_id = ($this->persistency) ? @ibase_pconnect($this->server . ':' . $this->dbname, $this->user, $sqlpassword, false, false, 3) : @ibase_connect($this->server . ':' . $this->dbname, $this->user, $sqlpassword, false, false, 3);
 
 		return ($this->db_connect_id) ? $this->db_connect_id : $this->sql_error('');
 	}
 
+	//
 	// Other base methods
+	//
 	function sql_close()
 	{
 		if (!$this->db_connect_id)
@@ -56,9 +48,14 @@ class sql_db
 			return false;
 		}
 
-		if (count($this->open_queries))
+		if ($this->transaction)
 		{
-			foreach($this->open_queries as $query_id)
+			@ibase_commit($this->db_connect_id);
+		}
+
+		if (sizeof($this->open_queries))
+		{
+			foreach ($this->open_queries as $i_query_id => $query_id)
 			{
 				@ibase_free_query($query_id);
 			}
@@ -67,31 +64,26 @@ class sql_db
 		return @ibase_close($this->db_connect_id);
 	}
 
-	function sql_return_on_error($fail = false)
-	{
-		$this->return_on_error = $fail;
-	}
-
-	function sql_num_queries()
-	{
-		return $this->num_queries;
-	}
-
 	function sql_transaction($status = 'begin')
 	{
-		switch($status)
+		switch ($status)
 		{
 			case 'begin':
 				$this->transaction = true;
 				break;
 
 			case 'commit':
-				$result = ibase_commit();
+				$result = @ibase_commit();
 				$this->transaction = false;
+
+				if (!$result)
+				{
+					@ibase_rollback();
+				}
 				break;
 
 			case 'rollback':
-				$result = ibase_rollback();
+				$result = @ibase_rollback();
 				$this->transaction = false;
 				break;
 
@@ -103,95 +95,34 @@ class sql_db
 	}
 
 	// Base query method
-	function sql_query($query = '', $expire_time = 0)
+	function sql_query($query = '', $cache_ttl = 0)
 	{
 		if ($query != '')
 		{
 			global $cache;
 
-			if (!$expire_time || !$cache->sql_load($query, $expire_time))
-			{
-				if ($expire_time)
-				{
-					$cache_result = true;
-				}
+			$this->last_query_text = $query;
+			$this->query_result = ($cache_ttl && method_exists($cache, 'sql_load')) ? $cache->sql_load($query) : false;
 
-				$this->query_result = false;
+			if (!$this->query_result)
+			{
 				$this->num_queries++;
 
-				if (!empty($_GET['explain']))
-				{
-					global $starttime;
-
-					$curtime = explode(' ', microtime());
-					$curtime = $curtime[0] + $curtime[1] - $starttime;
-				}
-
-				if (($this->query_result = ibase_query($query, $this->db_connect_id)) === FALSE)
+				if (($this->query_result = @ibase_query($this->db_connect_id, $query)) === false)
 				{
 					$this->sql_error($query);
 				}
 
-				if (!$this->transaction && (strpos($query, 'INSERT') === 0 || strpos($query, 'UPDATE') === 0))
+				// TODO: have to debug the commit states in firebird
+				if (!$this->transaction)
 				{
-					echo $query;
-					ibase_commit();
+					@ibase_commit_ret();
 				}
 
-				if (!empty($_GET['explain']))
+				if ($cache_ttl && method_exists($cache, 'sql_save'))
 				{
-					$endtime = explode(' ', microtime());
-					$endtime = $endtime[0] + $endtime[1] - $starttime;
-
-					$this->sql_report .= "<pre>Query:\t" . htmlspecialchars(preg_replace('/[\s]*[\n\r\t]+[\n\r\s\t]*/', "\n\t", $query)) . "\n\n";
-
-					if ($this->query_result)
-					{
-						$this->sql_report .= "Time before:  $curtime\nTime after:   $endtime\nElapsed time: <b>" .($endtime - $curtime) . "</b>\n</pre>";
-					}
-					else
-					{
-						$error = $this->sql_error();
-						$this->sql_report .= '<b>FAILED</b> - SQL Error ' . $error['code'] . ': ' . htmlspecialchars($error['message']) . '<br><br><pre>';
-					}
-
-					$this->sql_time += $endtime - $curtime;
-/*
-					if (preg_match('/^SELECT/', $query))
-					{
-						$html_table = FALSE;
-						if ($result = mysql_query("EXPLAIN $query", $this->db_connect_id))
-						{
-							while($row = mysql_fetch_assoc($result))
-							{
-								if (!$html_table && count($row))
-								{
-									$html_table = TRUE;
-									$this->sql_report .= "<table width=100% border=1 cellpadding=2 cellspacing=1>\n";
-									$this->sql_report .= "<tr>\n<td><b>" . implode("</b></td>\n<td><b>", array_keys($row)) . "</b></td>\n</tr>\n";
-								}
-								$this->sql_report .= "<tr>\n<td>" . implode("&nbsp;</td>\n<td>", array_values($row)) . "&nbsp;</td>\n</tr>\n";
-							}
-						}
-
-						if ($html_table)
-						{
-							$this->sql_report .= '</table><br>';
-						}
-					}
-*/
-					$this->sql_report .= "<hr>\n";
+					$cache->sql_save($query, $this->query_result, $cache_ttl);
 				}
-
-				$this->open_queries[] = $this->query_result;
-			}
-
-			$this->last_query_text[$this->query_result] = $query;
-
-			if (!empty($cache_result))
-			{
-				$cache->sql_save($query, $this->query_result);
-				@ibase_free_result(array_pop($this->open_queries));
 			}
 		}
 		else
@@ -202,91 +133,38 @@ class sql_db
 		return ($this->query_result) ? $this->query_result : false;
 	}
 
-	function sql_query_limit($query, $total, $offset = 0, $expire_time = 0)
-	{
-		if ($query != '')
+	function sql_query_limit($query, $total, $offset = 0, $cache_ttl = 0) 
+	{ 
+		if ($query != '') 
 		{
-			$this->query_result = false;
-			$this->num_queries++;
+			$this->query_result = false; 
 
 			$query = 'SELECT FIRST ' . $total . ((!empty($offset)) ? ' SKIP ' . $offset : '') . substr($query, 6);
 
-			return $this->sql_query($query, $expire_time);
-		}
-		else
-		{
-			return false;
-		}
-	}
-
-	// Idea for this from Ikonboard
-	function sql_build_array($query, $assoc_ary = false)
-	{
-		if (!is_array($assoc_ary))
-		{
-			return false;
-		}
-
-		$fields = array();
-		$values = array();
-		if ($query == 'INSERT')
-		{
-			foreach($assoc_ary as $key => $var)
-			{
-				$fields[] = $key;
-
-				if (is_null($var))
-				{
-					$values[] = 'NULL';
-				}
-				elseif (is_string($var))
-				{
-					$values[] = "'" . $this->sql_escape($var) . "'";
-				}
-				else
-				{
-					$values[] =(is_bool($var)) ? intval($var) : $var;
-				}
-			}
-
-			$query = '(' . implode(', ', $fields) . ') VALUES(' . implode(', ', $values) . ')';
-		}
-		else if ($query == 'UPDATE')
-		{
-			$values = array();
-			foreach($assoc_ary as $key => $var)
-			{
-				if (is_null($var))
-				{
-					$values[] = "$key = NULL";
-				}
-				elseif (is_string($var))
-				{
-					$values[] = "$key = '" . $this->sql_escape($var) . "'";
-				}
-				else
-				{
-					$values[] =(is_bool($var)) ? "$key = " . intval($var) : "$key = $var";
-				}
-			}
-			$query = implode(', ', $values);
-		}
-
-		return $query;
+			return $this->sql_query($query, $cache_ttl); 
+		} 
+		else 
+		{ 
+			return false; 
+		} 
 	}
 
 	// Other query methods
+	//
+	// NOTE :: Want to remove _ALL_ reliance on sql_numrows from core code ...
+	//         don't want this here by a middle Milestone
 	function sql_numrows($query_id = false)
 	{
-		return FALSE;
+		return false;
 	}
 
 	function sql_affectedrows()
 	{
-		return ($this->query_result !== FALSE) ? TRUE : FALSE; // Does this work?
+		// TODO: hmm, maybe doing something similar as in mssql_odbc.php?
+		return ($this->query_result) ? true : false;
 	}
 
-	function sql_fetchrow($query_id = 0)
+	function sql_fetchrow($query_id = false)
 	{
 		global $cache;
 
@@ -295,20 +173,27 @@ class sql_db
 			$query_id = $this->query_result;
 		}
 
-		if ($cache->sql_exists($query_id))
+		if (isset($cache->sql_rowset[$query_id]))
 		{
 			return $cache->sql_fetchrow($query_id);
 		}
 
 		$row = array();
-		foreach (get_object_vars(ibase_fetch_object($query_id, IBASE_TEXT)) as $key => $value)
+		$cur_row = @ibase_fetch_object($query_id, IBASE_TEXT);
+
+		if (!$cur_row)
+		{
+			return false;
+		}
+
+		foreach (get_object_vars($cur_row) as $key => $value)
 		{
 			$row[strtolower($key)] = trim(str_replace("\\0", "\0", str_replace("\\n", "\n", $value)));
 		}
 		return ($query_id) ? $row : false;
 	}
 
-	function sql_fetchrowset($query_id = 0)
+	function sql_fetchrowset($query_id = false)
 	{
 		if (!$query_id)
 		{
@@ -319,10 +204,13 @@ class sql_db
 		{
 			unset($this->rowset[$query_id]);
 			unset($this->row[$query_id]);
-			while($this->rowset[$query_id] = get_object_vars(@ibase_fetch_object($query_id, IBASE_TEXT )))
+
+			$result = array();
+			while ($this->rowset[$query_id] = get_object_vars(@ibase_fetch_object($query_id, IBASE_TEXT)))
 			{
 				$result[] = $this->rowset[$query_id];
 			}
+
 			return $result;
 		}
 		else
@@ -342,13 +230,19 @@ class sql_db
 		{
 			if ($rownum > -1)
 			{
-				$result = @mysql_result($query_id, $rownum, $field);
+				// erm... ok, my bad, we always use zero. :/
+				for ($i = 0; $i <= $rownum; $i++)
+				{
+					$row = $this->sql_fetchrow($query_id);
+				}
+
+				return $row[$field];
 			}
 			else
 			{
 				if (empty($this->row[$query_id]) && empty($this->rowset[$query_id]))
 				{
-					if ($this->sql_fetchrow())
+					if ($this->row[$query_id] = $this->sql_fetchrow($query_id))
 					{
 						$result = $this->row[$query_id][$field];
 					}
@@ -365,6 +259,7 @@ class sql_db
 					}
 				}
 			}
+
 			return $result;
 		}
 		else
@@ -393,7 +288,7 @@ class sql_db
 
 	function sql_nextid()
 	{
-		if ($this->query_result && preg_match('#^INSERT[\t\n ]+INTO[\t\n ]+([a-z0-9\_\-]+)#is', $this->last_query_text[$query_id], $tablename))
+		if ($this->query_result && preg_match('#^INSERT[\t\n ]+INTO[\t\n ]+([a-z0-9\_\-]+)#is', $this->last_query_text, $tablename))
 		{
 			$query = "SELECT GEN_ID('" . $tablename[1] . "_gen', 0) AS new_id  
 				FROM RDB\$DATABASE";
@@ -416,6 +311,11 @@ class sql_db
 			$query_id = $this->query_result;
 		}
 
+		if (!$this->transaction && $query_id)
+		{
+			@ibase_commit();
+		}
+
 		return ($query_id) ? @ibase_free_result($query_id) : false;
 	}
 
@@ -424,29 +324,61 @@ class sql_db
 		return (@ini_get('magic_quotes_sybase') || strtolower(@ini_get('magic_quotes_sybase')) == 'on') ? str_replace('\\\'', '\'', addslashes($msg)) : str_replace('\'', '\'\'', stripslashes($msg));
 	}
 
-	function sql_error($sql = '')
+	function db_sql_error()
 	{
-		if (!$this->return_on_error)
-		{
-			if ($this->transaction)
-			{
-				$this->sql_transaction('rollback');
-			}
-
-			$this_page =(!empty($_SERVER['PHP_SELF'])) ? $_SERVER['PHP_SELF'] : $_ENV['PHP_SELF'];
-			$this_page .= '&' .((!empty($_SERVER['QUERY_STRING'])) ? $_SERVER['QUERY_STRING'] : $_ENV['QUERY_STRING']);
-
-			$message = '<u>SQL ERROR</u> [ ' . SQL_LAYER . ' ]<br /><br />' . @ibase_errmsg() . '<br /><br /><u>CALLING PAGE</u><br /><br />'  . $this_page .(($sql != '') ? '<br /><br /><u>SQL</u><br /><br />' . $sql : '') . '<br />';
-			trigger_error($message, E_USER_ERROR);
-		}
-
-		$result['message'] = @ibase_errmsg();
-		$result['code'] = '';
-
-		return $result;
+		return array(
+			'message'	=> @ibase_errmsg(),
+			'code'		=> ''
+		);
 	}
 
-} // class sql_db
+	function _sql_report($mode, $query = '')
+	{
+		global $cache, $starttime, $phpbb_root_path;
+		static $curtime, $query_hold, $html_hold;
+		static $sql_report = '';
+		static $cache_num_queries = 0;
+
+		switch ($mode)
+		{
+			case 'start':
+				$query_hold = $query;
+				$html_hold = '';
+
+				$curtime = explode(' ', microtime());
+				$curtime = $curtime[0] + $curtime[1];
+				break;
+
+			case 'fromcache':
+				$endtime = explode(' ', microtime());
+				$endtime = $endtime[0] + $endtime[1];
+
+				$result = @ibase_query($this->db_connect_id, $query);
+				while ($void = @ibase_fetch_object($result, IBASE_TEXT))
+				{
+					// Take the time spent on parsing rows into account
+				}
+				$splittime = explode(' ', microtime());
+				$splittime = $splittime[0] + $splittime[1];
+
+				$time_cache = $endtime - $curtime;
+				$time_db = $splittime - $endtime;
+				$color = ($time_db > $time_cache) ? 'green' : 'red';
+
+				$sql_report .= '<hr width="100%"/><br /><table class="bg" width="100%" cellspacing="1" cellpadding="4" border="0"><tr><th>Query results obtained from the cache</th></tr><tr><td class="row1"><textarea style="font-family:\'Courier New\',monospace;width:100%" rows="5">' . preg_replace('/\t(AND|OR)(\W)/', "\$1\$2", htmlspecialchars(preg_replace('/[\s]*[\n\r\t]+[\n\r\s\t]*/', "\n", $query))) . '</textarea></td></tr></table><p align="center">';
+
+				$sql_report .= 'Before: ' . sprintf('%.5f', $curtime - $starttime) . 's | After: ' . sprintf('%.5f', $endtime - $starttime) . 's | Elapsed [cache]: <b style="color: ' . $color . '">' . sprintf('%.5f', ($time_cache)) . 's</b> | Elapsed [db]: <b>' . sprintf('%.5f', $time_db) . 's</b></p>';
+
+				// Pad the start time to not interfere with page timing
+				$starttime += $time_db;
+
+				@ibase_freeresult($result);
+				$cache_num_queries++;
+				break;
+		}
+	}
+
+}
 
 } // if ... define
 

phpBB/includes/db/msaccess.php

@@ -1,413 +0,0 @@
-<?php
-/***************************************************************************
- *                               msaccess.php
- *                            -------------------
- *   begin                : Saturday, Feb 13, 2001
- *   copyright            : (C) 2001 The phpBB Group
- *   email                : support@phpbb.com
- *
- *   $Id$
- *
- ***************************************************************************/
-
-/***************************************************************************
- *
- *   This program is free software; you can redistribute it and/or modify
- *   it under the terms of the GNU General Public License as published by
- *   the Free Software Foundation; either version 2 of the License, or
- *   (at your option) any later version.
- *
- ***************************************************************************/
-
-if(!defined("SQL_LAYER"))
-{
-
-define("SQL_LAYER","msaccess");
-
-class sql_db
-{
-
-	var $db_connect_id;
-	var $result_ids = array();
-	var $result;
-
-	var $next_id;
-
-	var $num_rows = array();
-	var $current_row = array();
-	var $field_names = array();
-	var $field_types = array();
-	var $result_rowset = array();
-
-	var $num_queries = 0;
-
-	function sql_connect($sqlserver, $sqluser, $sqlpassword, $database, $persistency = true)
-	{
-		$this->persistency = $persistency;
-		$this->server = $sqlserver;
-		$this->user = $sqluser;
-		$this->password = $sqlpassword;
-		$this->dbname = $database;
-
-		$this->db_connect_id = ($this->persistency) ? @odbc_pconnect($this->server, $this->user, $this->password) : @odbc_connect($this->server, $this->user, $this->password);
-
-		return ($this->db_connect_id) ? $this->db_connect_id : $this->sql_error('');
-	}
-
-	function sql_return_on_error($fail = false)
-	{
-		$this->return_on_error = $fail;
-	}
-
-	function sql_num_queries()
-	{
-		return $this->num_queries;
-	}
-
-	//
-	// Other base methods
-	//
-	function sql_close()
-	{
-		if($this->db_connect_id)
-		{
-			if($this->in_transaction)
-			{
-				@odbc_commit($this->db_connect_id);
-			}
-
-			if(count($this->result_rowset))
-			{
-				unset($this->result_rowset);
-				unset($this->field_names);
-				unset($this->field_types);
-				unset($this->num_rows);
-				unset($this->current_row);
-			}
-
-			return @odbc_close($this->db_connect_id);
-		}
-		else
-		{
-			return false;
-		}
-	}
-
-	//
-	// Query method
-	//
-	function sql_query($query = "", $transaction = FALSE)
-	{
-		if($query != "")
-		{
-			$this->num_queries++;
-
-			if($transaction == BEGIN_TRANSACTION && !$this->in_transaction)
-			{
-				if(!odbc_autocommit($this->db_connect_id, false))
-				{
-					return false;
-				}
-				$this->in_transaction = TRUE;
-			}
-
-			$query = str_replace("LOWER(", "LCASE(", $query);
-
-			if(preg_match("/^SELECT(.*?)(LIMIT ([0-9]+)[, ]*([0-9]+)*)?$/s", $query, $limits))
-			{
-				$query = $limits[1];
-
-				if(!empty($limits[2]))
-				{
-					$row_offset = ($limits[4]) ? $limits[3] : "";
-					$num_rows = ($limits[4]) ? $limits[4] : $limits[3];
-
-					$query = "TOP " . ($row_offset + $num_rows) . $query;
-				}
-
-				$this->result = odbc_exec($this->db_connect_id, "SELECT $query"); 
-
-				if($this->result)
-				{
-					if(empty($this->field_names[$this->result]))
-					{
-						for($i = 1; $i < odbc_num_fields($this->result) + 1; $i++)
-						{
-							$this->field_names[$this->result][] = odbc_field_name($this->result, $i);
-							$this->field_types[$this->result][] = odbc_field_type($this->result, $i);
-						}
-					}
-
-					$this->current_row[$this->result] = 0;
-					$this->result_rowset[$this->result] = array();
-
-					$row_outer = (isset($row_offset)) ? $row_offset + 1 : 1;
-					$row_outer_max = (isset($num_rows)) ? $row_offset + $num_rows + 1 : 1E9;
-					$row_inner = 0;
-
-					while(odbc_fetch_row($this->result, $row_outer) && $row_outer < $row_outer_max)
-					{
-						for($j = 0; $j < count($this->field_names[$this->result]); $j++)
-						{
-							$this->result_rowset[$this->result][$row_inner][$this->field_names[$this->result][$j]] = stripslashes(odbc_result($this->result, $j + 1));
-						}
-
-						$row_outer++;
-						$row_inner++;
-					}
-
-					$this->num_rows[$this->result] = count($this->result_rowset[$this->result]);	
-
-					odbc_free_result($this->result);
-				}
-
-			}
-			else if(eregi("^INSERT ", $query))
-			{
-				$this->result = odbc_exec($this->db_connect_id, $query);
-
-				if($this->result)
-				{
-					$result_id = odbc_exec($this->db_connect_id, "SELECT @@IDENTITY");
-					if($result_id)
-					{
-						if(odbc_fetch_row($result_id))
-						{
-							$this->next_id[$this->db_connect_id] = odbc_result($result_id, 1);	
-							$this->affected_rows[$this->db_connect_id] = odbc_num_rows($this->result);
-						}
-					}
-				}
-			}
-			else
-			{
-				$this->result = odbc_exec($this->db_connect_id, $query);
-
-				if($this->result)
-				{
-					$this->affected_rows[$this->db_connect_id] = odbc_num_rows($this->result);
-				}
-			}
-
-			if(!$this->result)
-			{
-				if($this->in_transaction)
-				{
-					odbc_rollback($this->db_connect_id);
-					odbc_autocommit($this->db_connect_id, true);
-					$this->in_transaction = FALSE;
-				}
-
-				return false;
-			}
-
-			if($transaction == END_TRANSACTION && $this->in_transaction)
-			{
-				$this->in_transaction = FALSE;
-
-				if (!@odbc_commit($this->db_connect_id))
-				{
-					odbc_rollback($this->db_connect_id);
-					odbc_autocommit($this->db_connect_id, true);
-					return false;
-				}
-				odbc_autocommit($this->db_connect_id, true);
-			}
-
-			return $this->result;
-		}
-		else
-		{
-			if($transaction == END_TRANSACTION && $this->in_transaction)
-			{
-				$this->in_transaction = FALSE;
-
-				if (!@odbc_commit($this->db_connect_id))
-				{
-					odbc_rollback($this->db_connect_id);
-					odbc_autocommit($this->db_connect_id, true);
-					return false;
-				}
-				odbc_autocommit($this->db_connect_id, true);
-			}
-
-			return true;
-		}
-	}
-
-	//
-	// Other query methods
-	//
-	function sql_numrows($query_id = 0)
-	{
-		if(!$query_id) 
-		{
-			$query_id = $this->result;
-		}
-
-		return ($query_id) ? $this->num_rows[$query_id] : false;
-	}
-
-	function sql_numfields($query_id = 0)
-	{
-		if(!$query_id)
-		{
-			$query_id = $this->result;
-		}
-
-		return ($query_id) ? count($this->field_names[$query_id]) : false;
-	}
-
-	function sql_fieldname($offset, $query_id = 0)
-	{
-		if(!$query_id)
-		{
-			$query_id = $this->result;
-		}
-
-		return ($query_id) ? $this->field_names[$query_id][$offset] : false;
-	}
-
-	function sql_fieldtype($offset, $query_id = 0)
-	{
-		if(!$query_id)
-		{
-			$query_id = $this->result;
-		}
-
-		return ($query_id) ? $this->field_types[$query_id][$offset] : false;
-	}
-
-	function sql_fetchrow($query_id = 0)
-	{
-		if(!$query_id)
-		{
-			$query_id = $this->result;
-		}
-
-		if($query_id)
-		{
-			return ($this->num_rows[$query_id] && $this->current_row[$query_id] < $this->num_rows[$query_id]) ? $this->result_rowset[$query_id][$this->current_row[$query_id]++] : false;
-		}
-		else
-		{
-			return false;
-		}
-	}
-
-	function sql_fetchrowset($query_id = 0)
-	{
-		if(!$query_id)
-		{
-			$query_id = $this->result;
-		}
-
-		if($query_id)
-		{
-			return ($this->num_rows[$query_id]) ? $this->result_rowset[$query_id] : false;
-		}
-		else
-		{
-			return false;
-		}
-	}
-
-	function sql_fetchfield($field, $row = -1, $query_id = 0)
-	{
-		if(!$query_id)
-		{
-			$query_id = $this->result;
-		}
-
-		if($query_id)
-		{
-			if($row < $this->num_rows[$query_id])
-			{
-				$getrow = ($row == -1) ? $this->current_row[$query_id] - 1 : $row;
-
-				return $this->result_rowset[$query_id][$getrow][$this->field_names[$query_id][$field]];
-			}
-			else
-			{
-				return false;
-			}
-		}
-		else
-		{
-			return false;
-		}
-	}
-
-	function sql_rowseek($offset, $query_id = 0)
-	{
-		if(!$query_id)
-		{
-			$query_id = $this->result;
-		}
-
-		if($query_id)
-		{
-			$this->current_row[$query_id] = $offset - 1;
-			return true;
-		}
-		else
-		{
-			return false;
-		}
-	}
-
-	function sql_nextid()
-	{
-		return ($this->next_id[$this->db_connect_id]) ? $this->next_id[$this->db_connect_id] : false;
-	}
-
-	function sql_affectedrows()
-	{
-		return ($this->affected_rows[$this->db_connect_id]) ? $this->affected_rows[$this->db_connect_id] : false;
-	}
-
-	function sql_freeresult($query_id = 0)
-	{
-		if(!$query_id)
-		{
-			$query_id = $this->result;
-		}
-
-		unset($this->num_rows[$query_id]);
-		unset($this->current_row[$query_id]);
-		unset($this->result_rowset[$query_id]);
-		unset($this->field_names[$query_id]);
-		unset($this->field_types[$query_id]);
-
-		return true;
-	}
-
-	function sql_error($sql = '')
-	{
-		if (!$this->return_on_error)
-		{
-			if ($this->transaction)
-			{
-				$this->sql_transaction('rollback');
-			}
-
-			$this_page = (!empty($_SERVER['PHP_SELF'])) ? $_SERVER['PHP_SELF'] : $_ENV['PHP_SELF'];
-			$this_page .= '&' . ((!empty($_SERVER['QUERY_STRING'])) ? $_SERVER['QUERY_STRING'] : $_ENV['QUERY_STRING']);
-
-			$message = '<u>SQL ERROR</u> [ ' . SQL_LAYER . ' ]<br /><br />' . @odbc_errormsg() . '<br /><br /><u>CALLING PAGE</u><br /><br />'  . htmlspecialchars($this_page) . (($sql != '') ? '<br /><br /><u>SQL</u><br /><br />' . $sql : '') . '<br />';
-			trigger_error($message, E_USER_ERROR);
-		}
-
-		$result = array(
-			'message'	=> @odbc_errormsg(),
-			'code'		=> @odbc_error()
-		);
-
-		return $result;
-	}
-
-} // class sql_db
-
-} // if ... define
-
-?>

phpBB/includes/db/mssql-odbc.php

@@ -1,411 +0,0 @@
-<?php
-/***************************************************************************
- *                              mssql-odbc.php
- *                            -------------------
- *   begin                : Saturday, Feb 13, 2001
- *   copyright            : (C) 2001 The phpBB Group
- *   email                : support@phpbb.com
- *
- *   $Id$
- *
- ***************************************************************************/
-
-/***************************************************************************
- *
- *   This program is free software; you can redistribute it and/or modify
- *   it under the terms of the GNU General Public License as published by
- *   the Free Software Foundation; either version 2 of the License, or
- *   (at your option) any later version.
- *
- ***************************************************************************/
-
-if(!defined("SQL_LAYER"))
-{
-
-define("SQL_LAYER","mssql-odbc");
-
-class sql_db
-{
-
-	var $db_connect_id;
-	var $result;
-
-	var $next_id;
-
-	var $num_rows = array();
-	var $current_row = array();
-	var $field_names = array();
-	var $field_types = array();
-	var $result_rowset = array();
-
-	var $num_queries = 0;
-
-	function sql_connect($sqlserver, $sqluser, $sqlpassword, $database, $persistency = true)
-	{
-		$this->persistency = $persistency;
-		$this->server = $sqlserver;
-		$this->user = $sqluser;
-		$this->password = $sqlpassword;
-		$this->dbname = $database;
-
-		$this->db_connect_id = ($this->persistency) ? @odbc_pconnect($this->server, $this->user, $this->password) : @odbc_connect($this->server, $this->user, $this->password);
-
-		return ($this->db_connect_id) ? $this->db_connect_id : $this->sql_error('');
-	}
-
-	function sql_return_on_error($fail = false)
-	{
-		$this->return_on_error = $fail;
-	}
-
-	function sql_num_queries()
-	{
-		return $this->num_queries;
-	}
-
-	//
-	// Other base methods
-	//
-	function sql_close()
-	{
-		if($this->db_connect_id)
-		{
-			if($this->in_transaction)
-			{
-				@odbc_commit($this->db_connect_id);
-			}
-
-			if(count($this->result_rowset))
-			{
-				unset($this->result_rowset);
-				unset($this->field_names);
-				unset($this->field_types);
-				unset($this->num_rows);
-				unset($this->current_row);
-			}
-
-			return @odbc_close($this->db_connect_id);
-		}
-		else
-		{
-			return false;
-		}
-	}
-
-	//
-	// Query method
-	//
-	function sql_query($query = "", $transaction = FALSE)
-	{
-		if($query != "")
-		{
-			$this->num_queries++;
-
-			if($transaction == BEGIN_TRANSACTION && !$this->in_transaction)
-			{
-				if(!odbc_autocommit($this->db_connect_id, false))
-				{
-					return false;
-				}
-				$this->in_transaction = TRUE;
-			}
-
-			if(preg_match("/^SELECT(.*?)(LIMIT ([0-9]+)[, ]*([0-9]+)*)?$/s", $query, $limits))
-			{
-				$query = $limits[1];
-
-				if(!empty($limits[2]))
-				{
-					$row_offset = ($limits[4]) ? $limits[3] : "";
-					$num_rows = ($limits[4]) ? $limits[4] : $limits[3];
-
-					$query = "TOP " . ($row_offset + $num_rows) . $query;
-				}
-
-				$this->result = odbc_exec($this->db_connect_id, "SELECT $query"); 
-
-				if($this->result)
-				{
-					if(empty($this->field_names[$this->result]))
-					{
-						for($i = 1; $i < odbc_num_fields($this->result) + 1; $i++)
-						{
-							$this->field_names[$this->result][] = odbc_field_name($this->result, $i);
-							$this->field_types[$this->result][] = odbc_field_type($this->result, $i);
-						}
-					}
-
-					$this->current_row[$this->result] = 0;
-					$this->result_rowset[$this->result] = array();
-
-					$row_outer = (isset($row_offset)) ? $row_offset + 1 : 1;
-					$row_outer_max = (isset($num_rows)) ? $row_offset + $num_rows + 1 : 1E9;
-					$row_inner = 0;
-
-					while(odbc_fetch_row($this->result, $row_outer) && $row_outer < $row_outer_max)
-					{
-						for($j = 0; $j < count($this->field_names[$this->result]); $j++)
-						{
-							$this->result_rowset[$this->result][$row_inner][$this->field_names[$this->result][$j]] = stripslashes(odbc_result($this->result, $j + 1));
-						}
-
-						$row_outer++;
-						$row_inner++;
-					}
-
-					$this->num_rows[$this->result] = count($this->result_rowset[$this->result]);	
-				}
-
-			}
-			else if(eregi("^INSERT ", $query))
-			{
-				$this->result = odbc_exec($this->db_connect_id, $query);
-
-				if($this->result)
-				{
-					$result_id = odbc_exec($this->db_connect_id, "SELECT @@IDENTITY");
-					if($result_id)
-					{
-						if(odbc_fetch_row($result_id))
-						{
-							$this->next_id[$this->db_connect_id] = odbc_result($result_id, 1);	
-							$this->affected_rows[$this->db_connect_id] = odbc_num_rows($this->result);
-						}
-					}
-				}
-			}
-			else
-			{
-				$this->result = odbc_exec($this->db_connect_id, $query);
-
-				if($this->result)
-				{
-					$this->affected_rows[$this->db_connect_id] = odbc_num_rows($this->result);
-				}
-			}
-
-			if(!$this->result)
-			{
-				if($this->in_transaction)
-				{
-					odbc_rollback($this->db_connect_id);
-					odbc_autocommit($this->db_connect_id, true);
-					$this->in_transaction = FALSE;
-				}
-
-				return false;
-			}
-
-			if($transaction == END_TRANSACTION && $this->in_transaction)
-			{
-				$this->in_transaction = FALSE;
-
-				if (!odbc_commit($this->db_connect_id))
-				{
-					odbc_rollback($this->db_connect_id);
-					odbc_autocommit($this->db_connect_id, true);
-					return false;
-				}
-				odbc_autocommit($this->db_connect_id, true);
-			}
-
-			odbc_free_result($this->result);
-
-			return $this->result;
-		}
-		else
-		{
-			if($transaction == END_TRANSACTION && $this->in_transaction)
-			{
-				$this->in_transaction = FALSE;
-
-				if (!@odbc_commit($this->db_connect_id))
-				{
-					odbc_rollback($this->db_connect_id);
-					odbc_autocommit($this->db_connect_id, true);
-					return false;
-				}
-				odbc_autocommit($this->db_connect_id, true);
-			}
-
-			return true;
-		}
-	}
-
-	//
-	// Other query methods
-	//
-	function sql_numrows($query_id = 0)
-	{
-		if(!$query_id) 
-		{
-			$query_id = $this->result;
-		}
-
-		return ($query_id) ? $this->num_rows[$query_id] : false;
-	}
-
-	function sql_numfields($query_id = 0)
-	{
-		if(!$query_id)
-		{
-			$query_id = $this->result;
-		}
-
-		return ($query_id) ? count($this->field_names[$query_id]) : false;
-	}
-
-	function sql_fieldname($offset, $query_id = 0)
-	{
-		if(!$query_id)
-		{
-			$query_id = $this->result;
-		}
-
-		return ($query_id) ? $this->field_names[$query_id][$offset] : false;
-	}
-
-	function sql_fieldtype($offset, $query_id = 0)
-	{
-		if(!$query_id)
-		{
-			$query_id = $this->result;
-		}
-
-		return ($query_id) ? $this->field_types[$query_id][$offset] : false;
-	}
-
-	function sql_fetchrow($query_id = 0)
-	{
-		if(!$query_id)
-		{
-			$query_id = $this->result;
-		}
-
-		if($query_id)
-		{
-			return ($this->num_rows[$query_id] && $this->current_row[$query_id] < $this->num_rows[$query_id]) ? $this->result_rowset[$query_id][$this->current_row[$query_id]++] : false;
-		}
-		else
-		{
-			return false;
-		}
-	}
-
-	function sql_fetchrowset($query_id = 0)
-	{
-		if(!$query_id)
-		{
-			$query_id = $this->result;
-		}
-
-		if($query_id)
-		{
-			return ($this->num_rows[$query_id]) ? $this->result_rowset[$query_id] : false;
-		}
-		else
-		{
-			return false;
-		}
-	}
-
-	function sql_fetchfield($field, $row = -1, $query_id = 0)
-	{
-		if(!$query_id)
-		{
-			$query_id = $this->result;
-		}
-
-		if($query_id)
-		{
-			if($row < $this->num_rows[$query_id])
-			{
-				$getrow = ($row == -1) ? $this->current_row[$query_id] - 1 : $row;
-
-				return $this->result_rowset[$query_id][$getrow][$this->field_names[$query_id][$field]];
-
-			}
-			else
-			{
-				return false;
-			}
-		}
-		else
-		{
-			return false;
-		}
-	}
-
-	function sql_rowseek($offset, $query_id = 0)
-	{
-		if(!$query_id)
-		{
-			$query_id = $this->result;
-		}
-
-		if($query_id)
-		{
-			$this->current_row[$query_id] = $offset - 1;
-			return true;
-		}
-		else
-		{
-			return false;
-		}
-	}
-
-	function sql_nextid()
-	{
-		return ($this->next_id[$this->db_connect_id]) ? $this->next_id[$this->db_connect_id] : false;
-	}
-
-	function sql_affectedrows()
-	{
-		return ($this->affected_rows[$this->db_connect_id]) ? $this->affected_rows[$this->db_connect_id] : false;
-	}
-
-	function sql_freeresult($query_id = 0)
-	{
-		if(!$query_id)
-		{
-			$query_id = $this->result;
-		}
-
-		unset($this->num_rows[$query_id]);
-		unset($this->current_row[$query_id]);
-		unset($this->result_rowset[$query_id]);
-		unset($this->field_names[$query_id]);
-		unset($this->field_types[$query_id]);
-
-		return true;
-	}
-
-	function sql_error($sql = '')
-	{
-		if (!$this->return_on_error)
-		{
-			if ($this->transaction)
-			{
-				$this->sql_transaction('rollback');
-			}
-
-			$this_page = (!empty($_SERVER['PHP_SELF'])) ? $_SERVER['PHP_SELF'] : $_ENV['PHP_SELF'];
-			$this_page .= '&' . ((!empty($_SERVER['QUERY_STRING'])) ? $_SERVER['QUERY_STRING'] : $_ENV['QUERY_STRING']);
-
-			$message = '<u>SQL ERROR</u> [ ' . SQL_LAYER . ' ]<br /><br />' . @odbc_errormsg() . '<br /><br /><u>CALLING PAGE</u><br /><br />'  . htmlspecialchars($this_page) . (($sql != '') ? '<br /><br /><u>SQL</u><br /><br />' . $sql : '') . '<br />';
-			trigger_error($message, E_USER_ERROR);
-		}
-
-		$result = array(
-			'message'	=> @odbc_errormsg(),
-			'code'		=> @odbc_error()
-		);
-
-		return $result;
-	}
-
-} // class sql_db
-
-} // if ... define
-
-?>

phpBB/includes/db/mssql.php

@@ -1,58 +1,42 @@
 <?php
-/***************************************************************************
- *                                 mssql.php
- *                            -------------------
- *   begin                : Saturday, Feb 13, 2001
- *   copyright            : (C) 2001 The phpBB Group
- *   email                : supportphpbb.com
- *
- *   $Id$
- *
- ***************************************************************************/
+/** 
+*
+* @package dbal
+* @version $Id$
+* @copyright (c) 2005 phpBB Group 
+* @license http://opensource.org/licenses/gpl-license.php GNU Public License 
+*
+*/
 
-/***************************************************************************
- *
- *   This program is free software; you can redistribute it and/or modify
- *   it under the terms of the GNU General Public License as published by
- *   the Free Software Foundation; either version 2 of the License, or
- *   (at your option) any later version.
- *
- ***************************************************************************/
-
-if(!defined("SQL_LAYER"))
+/**
+* @ignore
+*/
+if (!defined('SQL_LAYER'))
 {
 
-define("SQL_LAYER","mssql");
+	define('SQL_LAYER', 'mssql');
+	include($phpbb_root_path . 'includes/db/dbal.' . $phpEx);
 
-class sql_db
+/**
+* @package dbal
+* MSSQL Database Abstraction Layer
+* Minimum Requirement is MSSQL 2000+
+*/
+class dbal_mssql extends dbal
 {
 
-	var $db_connect_id;
-	var $result;
-
-	var $next_id;
-	var $in_transaction = 0;
-
-	var $row = array();
-	var $rowset = array();
-	var $limit_offset;
-	var $query_limit_success;
-
-	var $num_queries = 0;
-
-	function sql_connect($sqlserver, $sqluser, $sqlpassword, $database, $persistency = true)
+	function sql_connect($sqlserver, $sqluser, $sqlpassword, $database, $port = false, $persistency = false)
 	{
 		$this->persistency = $persistency;
 		$this->user = $sqluser;
-		$this->password = $sqlpassword;
-		$this->server = $sqlserver;
+		$this->server = $sqlserver . (($port) ? ':' . $port : '');
 		$this->dbname = $database;
 
-		$this->db_connect_id = ($this->persistency) ? @mssql_pconnect($this->server, $this->user, $this->password) : @mssql_connect($this->server, $this->user, $this->password);
+		$this->db_connect_id = ($this->persistency) ? @mssql_pconnect($this->server, $this->user, $sqlpassword) : @mssql_connect($this->server, $this->user, $sqlpassword);
 
-		if($this->db_connect_id && $this->dbname != '')
+		if ($this->db_connect_id && $this->dbname != '')
 		{
-			if(!@mssql_select_db($this->dbname, $this->db_connect_id))
+			if (!@mssql_select_db($this->dbname, $this->db_connect_id))
 			{
 				@mssql_close($this->db_connect_id);
 				return false;
@@ -62,352 +46,299 @@ class sql_db
 		return ($this->db_connect_id) ? $this->db_connect_id : $this->sql_error('');
 	}
 
-	function sql_return_on_error($fail = false)
-	{
-		$this->return_on_error = $fail;
-	}
-
-	function sql_num_queries()
-	{
-		return $this->num_queries;
-	}
-
-	//
-	// Other base methods
-	//
 	function sql_close()
 	{
-		if($this->db_connect_id)
+		if (!$this->db_connect_id)
 		{
-			//
-			// Commit any remaining transactions
-			//
-			if($this->in_transaction)
+			return false;
+		}
+
+		if ($this->transaction)
+		{
+			@mssql_query('COMMIT', $this->db_connect_id);
+		}
+
+		if (sizeof($this->open_queries))
+		{
+			foreach ($this->open_queries as $i_query_id => $query_id)
 			{
-				@mssql_query("COMMIT", $this->db_connect_id);
+				@mssql_free_result($query_id);
+			}
+		}
+
+		return @mssql_close($this->db_connect_id);
+	}
+
+	function sql_transaction($status = 'begin')
+	{
+		switch ($status)
+		{
+			case 'begin':
+				$result = @mssql_query('BEGIN TRANSACTION', $this->db_connect_id);
+				$this->transaction = true;
+				break;
+
+			case 'commit':
+				$result = @mssql_query('commit', $this->db_connect_id);
+				$this->transaction = false;
+
+				if (!$result)
+				{
+					@mssql_query('ROLLBACK', $this->db_connect_id);
+				}
+				break;
+
+			case 'rollback':
+				$result = @mssql_query('ROLLBACK', $this->db_connect_id);
+				$this->transaction = false;
+				break;
+
+			default:
+				$result = true;
+		}
+
+		return $result;
+	}
+
+	// Base query method
+	function sql_query($query = '', $cache_ttl = 0)
+	{
+		if ($query != '')
+		{
+			global $cache;
+
+			// EXPLAIN only in extra debug mode
+			if (defined('DEBUG_EXTRA'))
+			{
+				$this->sql_report('start', $query);
 			}
 
-			return @mssql_close($this->db_connect_id);
+			$this->query_result = ($cache_ttl && method_exists($cache, 'sql_load')) ? $cache->sql_load($query) : false;
+
+			if (!$this->query_result)
+			{
+				$this->num_queries++;
+				
+				if (($this->query_result = @mssql_query($query, $this->db_connect_id)) === false)
+				{
+					$this->sql_error($query);
+				}
+
+				if (defined('DEBUG_EXTRA'))
+				{
+					$this->sql_report('stop', $query);
+				}
+
+				if ($cache_ttl && method_exists($cache, 'sql_save'))
+				{
+					$this->open_queries[(int) $this->query_result] = $this->query_result;
+					$cache->sql_save($query, $this->query_result, $cache_ttl);
+					// sql_freeresult called within sql_save()
+				}
+				else if (strpos($query, 'SELECT') !== false && $this->query_result)
+				{
+					$this->open_queries[(int) $this->query_result] = $this->query_result;
+				}
+			}
+			else if (defined('DEBUG_EXTRA'))
+			{
+				$this->sql_report('fromcache', $query);
+			}
 		}
 		else
 		{
 			return false;
 		}
+
+		return ($this->query_result) ? $this->query_result : false;
 	}
 
-
-	//
-	// Query method
-	//
-	function sql_query($query = "", $transaction = FALSE)
-	{
-		//
-		// Remove any pre-existing queries
-		//
-		unset($this->result);
-		unset($this->row);
-
-		if ($query != "")
+	function sql_query_limit($query, $total, $offset = 0, $cache_ttl = 0) 
+	{ 
+		if ($query != '') 
 		{
-			$this->num_queries++;
+			$this->query_result = false; 
 
-			if ($transaction == BEGIN_TRANSACTION && !$this->in_transaction)
+			// if $total is set to 0 we do not want to limit the number of rows
+			if ($total == 0)
 			{
-				if (!mssql_query("BEGIN TRANSACTION", $this->db_connect_id))
-				{
-					return false;
-				}
-				$this->in_transaction = TRUE;
+				$total = -1;
 			}
 
-			//
-			// Does query contain any LIMIT code? If so pull out relevant start and num_results
-			// This isn't terribly easy with MSSQL, whatever you do will potentially impact
-			// performance compared to an 'in-built' limit
-			//
-			// Another issue is the 'lack' of a returned true value when a query is valid but has
-			// no result set (as with all the other DB interfaces). It seems though that it's
-			// 'fair' to say that if a query returns a false result (ie. no resource id) then the
-			// SQL was valid but had no result set. If the query returns nothing but the rowcount
-			// returns something then there's a problem. This may well be a false assumption though
-			// ... needs checking under Windows itself.
-			//
-			if(preg_match("/^SELECT(.*?)(LIMIT ([0-9]+)[, ]*([0-9]+)*)?$/s", $query, $limits))
+			$row_offset = ($total) ? $offset : '';
+			$num_rows = ($total) ? $total : $offset;
+
+			$query = 'SELECT TOP ' . ($row_offset + $num_rows) . ' ' . substr($query, 6);
+
+			return $this->sql_query($query, $cache_ttl); 
+		} 
+		else 
+		{ 
+			return false; 
+		} 
+	}
+
+	// Other query methods
+	//
+	// NOTE :: Want to remove _ALL_ reliance on sql_numrows from core code ...
+	//         don't want this here by a middle Milestone
+	function sql_numrows($query_id = false)
+	{
+		if (!$query_id)
+		{
+			$query_id = $this->query_result;
+		}
+
+//		return (isset($this->limit_offset[$query_id])) ? @mssql_num_rows($query_id) - $this->limit_offset[$query_id] : @mssql_num_rows($query_id);
+		return ($query_id) ? @mssql_num_rows($query_id) : false;
+	}
+
+	function sql_affectedrows()
+	{
+		return ($this->db_connect_id) ? @mssql_rows_affected($this->db_connect_id) : false;
+	}
+
+	function sql_fetchrow($query_id = false)
+	{
+		global $cache;
+
+		if (!$query_id)
+		{
+			$query_id = $this->query_result;
+		}
+
+		if (isset($cache->sql_rowset[$query_id]))
+		{
+			return $cache->sql_fetchrow($query_id);
+		}
+
+		$row = @mssql_fetch_array($query_id, MSSQL_ASSOC);
+		
+		if ($row)
+		{
+			foreach ($row as $key => $value)
 			{
-				$query = $limits[1];
-
-				if(!empty($limits[2]))
-				{
-					$row_offset = ($limits[4]) ? $limits[3] : "";
-					$num_rows = ($limits[4]) ? $limits[4] : $limits[3];
-
-					$query = "TOP " . ($row_offset + $num_rows) . $query;
-				}
-
-				$this->result = mssql_query("SELECT $query", $this->db_connect_id); 
-
-				if($this->result)
-				{
-					$this->limit_offset[$this->result] = (!empty($row_offset)) ? $row_offset : 0;
-
-					if($row_offset > 0)
-					{
-						mssql_data_seek($this->result, $row_offset);
-					}
-				}
+				$row[$key] = ($value === ' ') ? trim($value) : $value;
 			}
-			else if(eregi("^INSERT ", $query))
-			{
-				if(mssql_query($query, $this->db_connect_id))
-				{
-					$this->result = time() + microtime();
+		}
 
-					$result_id = mssql_query("SELECT @@IDENTITY AS id, @@ROWCOUNT as affected", $this->db_connect_id);
-					if($result_id)
-					{
-						if($row = mssql_fetch_array($result_id))
-						{
-							$this->next_id[$this->db_connect_id] = $row['id'];	
-							$this->affected_rows[$this->db_connect_id] = $row['affected'];
-						}
-					}
-				}
+		return $row;
+	}
+
+	function sql_fetchrowset($query_id = false)
+	{
+		if (!$query_id)
+		{
+			$query_id = $this->query_result;
+		}
+
+		if ($query_id)
+		{
+			unset($this->rowset[$query_id]);
+			unset($this->row[$query_id]);
+
+			$result = array();
+			while ($this->rowset[$query_id] = $this->sql_fetchrow($query_id))
+			{
+				$result[] = $this->rowset[$query_id];
+			}
+			return $result;
+		}
+
+		return false;
+	}
+
+	function sql_fetchfield($field, $rownum = -1, $query_id = false)
+	{
+		if (!$query_id)
+		{
+			$query_id = $this->query_result;
+		}
+
+		if ($query_id)
+		{
+			if ($rownum > -1)
+			{
+//				(!empty($this->limit_offset[$query_id])) ? @mssql_data_seek($query_id, ($this->limit_offset[$query_id] + $rownum)) : @mssql_data_seek($query_id, $rownum);
+				@mssql_data_seek($query_id, $rownum);
+				$row = @mssql_fetch_array($query_id, MSSQL_ASSOC);
+				$result = isset($row[$field]) ? $row[$field] : false;
 			}
 			else
 			{
-				if(mssql_query($query, $this->db_connect_id))
+				if (empty($this->row[$query_id]) && empty($this->rowset[$query_id]))
 				{
-					$this->result = time() + microtime();
-
-					$result_id = mssql_query("SELECT @@ROWCOUNT as affected", $this->db_connect_id);
-					if($result_id)
+					if ($this->row[$query_id] = $this->sql_fetchrow($query_id))
 					{
-						if($row = mssql_fetch_array($result_id))
-						{
-							$this->affected_rows[$this->db_connect_id] = $row['affected'];
-						}
+						$result = $this->row[$query_id][$field];
 					}
 				}
-			}
-
-			if(!$this->result)
-			{
-				if($this->in_transaction)
-				{
-					mssql_query("ROLLBACK", $this->db_connect_id);
-					$this->in_transaction = FALSE;
-				}
-
-				return false;
-			}
-
-			if($transaction == END_TRANSACTION && $this->in_transaction)
-			{
-				$this->in_transaction = FALSE;
-
-				if(!@mssql_query("COMMIT", $this->db_connect_id))
-				{
-					@mssql_query("ROLLBACK", $this->db_connect_id);
-					return false;
-				}
-			}
-
-			return $this->result;
-		}
-		else
-		{
-			if($transaction == END_TRANSACTION && $this->in_transaction )
-			{
-				$this->in_transaction = FALSE;
-
-				if(!@mssql_query("COMMIT", $this->db_connect_id))
-				{
-					@mssql_query("ROLLBACK", $this->db_connect_id);
-					return false;
-				}
-			}
-
-			return true;
-		}
-	}
-
-	//
-	// Other query methods
-	//
-	function sql_numrows($query_id = 0)
-	{
-		if(!$query_id)
-		{
-			$query_id = $this->result;
-		}
-
-		if($query_id)
-		{
-			return (!empty($this->limit_offset[$query_id])) ? mssql_num_rows($query_id) - $this->limit_offset[$query_id] : @mssql_num_rows($query_id);
-		}
-		else
-		{
-			return false;
-		}
-	}
-
-	function sql_numfields($query_id = 0)
-	{
-		if(!$query_id)
-		{
-			$query_id = $this->result;
-		}
-
-		return ($query_id) ? mssql_num_fields($query_id) : false;
-	}
-
-	function sql_fieldname($offset, $query_id = 0)
-	{
-		if(!$query_id)
-		{
-			$query_id = $this->result;
-		}
-
-		return ($query_id) ? mssql_field_name($query_id, $offset) : false;
-	}
-
-	function sql_fieldtype($offset, $query_id = 0)
-	{
-		if(!$query_id)
-		{
-			$query_id = $this->result;
-		}
-
-		return ($query_id) ? mssql_field_type($query_id, $offset) : false;
-	}
-
-	function sql_fetchrow($query_id = 0)
-	{
-		if(!$query_id)
-		{
-			$query_id = $this->result;
-		}
-
-		if($query_id)
-		{
-			empty($row);
-
-			$row = mssql_fetch_array($query_id);
-
-			while(list($key, $value) = @each($row))
-			{
-				$row[$key] = stripslashes($value);
-			}
-
-			return $row;
-		}
-		else
-		{
-			return false;
-		}
-	}
-
-	function sql_fetchrowset($query_id = 0)
-	{
-		if(!$query_id)
-		{
-			$query_id = $this->result;
-		}
-
-		if($query_id)
-		{
-			$i = 0;
-			empty($rowset);
-
-			while($row = mssql_fetch_array($query_id))
-			{
-				while(list($key, $value) = @each($row))
-				{
-					$rowset[$i][$key] = stripslashes($value);
-				}
-				$i++;
-			}
-
-			return $rowset;
-		}
-		else
-		{
-			return false;
-		}
-	}
-
-	function sql_fetchfield($field, $row = -1, $query_id)
-	{
-		if(!$query_id)
-		{
-			$query_id = $this->result;
-		}
-
-		if($query_id)
-		{
-			if($row != -1)
-			{
-				if($this->limit_offset[$query_id] > 0)
-				{
-					$result = (!empty($this->limit_offset[$query_id])) ? mssql_result($this->result, ($this->limit_offset[$query_id] + $row), $field) : false;
-				}
 				else
 				{
-					$result = mssql_result($this->result, $row, $field);
-				}
-			}
-			else
-			{
-				if(empty($this->row[$query_id]))
-				{
-					$this->row[$query_id] = mssql_fetch_array($query_id);
-					$result = stripslashes($this->row[$query_id][$field]);
+					if ($this->rowset[$query_id])
+					{
+						$result = $this->rowset[$query_id][$field];
+					}
+					elseif ($this->row[$query_id])
+					{
+						$result = $this->row[$query_id][$field];
+					}
 				}
 			}
 
 			return $result;
 		}
-		else
-		{
-			return false;
-		}
+
+		return false;
 	}
 
-	function sql_rowseek($rownum, $query_id = 0)
+	function sql_rowseek($rownum, $query_id = false)
 	{
-		if(!$query_id)
+		if (!$query_id)
 		{
-			$query_id = $this->result;
+			$query_id = $this->query_result;
 		}
 
-		if($query_id)
+		if (isset($this->current_row[$query_id]))
 		{
-			return (!empty($this->limit_offset[$query_id])) ? mssql_data_seek($query_id, ($this->limit_offset[$query_id] + $rownum)) : mssql_data_seek($query_id, $rownum);
-		}
-		else
-		{
-			return false;
+//			(!empty($this->limit_offset[$query_id])) ? @mssql_data_seek($query_id, ($this->limit_offset[$query_id] + $rownum)) : @mssql_data_seek($query_id, $rownum);
+			@mssql_data_seek($query_id, $rownum);
+			return true;
 		}
+
+		return false;
 	}
 
 	function sql_nextid()
 	{
-		return ($this->next_id[$this->db_connect_id]) ? $this->next_id[$this->db_connect_id] : false;
-	}
-
-	function sql_affectedrows()
-	{
-		return ($this->affected_rows[$this->db_connect_id]) ? $this->affected_rows[$this->db_connect_id] : false;
-	}
-
-	function sql_freeresult($query_id = 0)
-	{
-		if(!$query_id)
+		$result_id = @mssql_query('SELECT @@IDENTITY', $this->db_connect_id);
+		if ($result_id)
 		{
-			$query_id = $this->result;
+			if (@mssql_fetch_array($result_id, MSSQL_ASSOC))
+			{
+				return @mssql_result($result_id, 1);	
+			}
 		}
 
-		return ($query_id) ? mssql_free_result($query_id) : false;
+		return false;
+	}
+
+	function sql_freeresult($query_id = false)
+	{
+		if (!$query_id)
+		{
+			$query_id = $this->query_result;
+		}
+
+		if (isset($this->open_queries[$query_id]))
+		{
+			unset($this->open_queries[$query_id]);
+			unset($this->result_rowset[$query_id]);
+
+			return @mssql_free_result($query_id);
+		}
+
+		return false;
 	}
 
 	function sql_escape($msg)
@@ -415,31 +346,61 @@ class sql_db
 		return str_replace("'", "''", str_replace('\\', '\\\\', $msg));
 	}
 
-	function sql_error($sql = '')
+	function db_sql_error()
 	{
-		if (!$this->return_on_error)
-		{
-			if ($this->transaction)
-			{
-				$this->sql_transaction('rollback');
-			}
-
-			$this_page = (!empty($_SERVER['PHP_SELF'])) ? $_SERVER['PHP_SELF'] : $_ENV['PHP_SELF'];
-			$this_page .= '&' . ((!empty($_SERVER['QUERY_STRING'])) ? $_SERVER['QUERY_STRING'] : $_ENV['QUERY_STRING']);
-
-			$message = '<u>SQL ERROR</u> [ ' . SQL_LAYER . ' ]<br /><br />' . @mssql_get_last_message() . '<br /><br /><u>CALLING PAGE</u><br /><br />'  . htmlspecialchars($this_page) . (($sql != '') ? '<br /><br /><u>SQL</u><br /><br />' . $sql : '') . '<br />';
-			trigger_error($message, E_USER_ERROR);
-		}
-
-		$result = array(
-			'message'	=> @mssql_get_last_message(),
+		return array(
+			'message'	=> @mssql_get_last_message($this->db_connect_id),
 			'code'		=> ''
 		);
-
-		return $result;
 	}
 
-} // class sql_db
+	function _sql_report($mode, $query = '')
+	{
+		global $cache, $starttime, $phpbb_root_path;
+		static $curtime, $query_hold, $html_hold;
+		static $sql_report = '';
+		static $cache_num_queries = 0;
+
+		switch ($mode)
+		{
+			case 'start':
+				$query_hold = $query;
+				$html_hold = '';
+
+				$curtime = explode(' ', microtime());
+				$curtime = $curtime[0] + $curtime[1];
+				break;
+
+			case 'fromcache':
+				$endtime = explode(' ', microtime());
+				$endtime = $endtime[0] + $endtime[1];
+
+				$result = @mssql_query($query, $this->db_connect_id);
+				while ($void = @mssql_fetch_array($result, MSSQL_ASSOC))
+				{
+					// Take the time spent on parsing rows into account
+				}
+				$splittime = explode(' ', microtime());
+				$splittime = $splittime[0] + $splittime[1];
+
+				$time_cache = $endtime - $curtime;
+				$time_db = $splittime - $endtime;
+				$color = ($time_db > $time_cache) ? 'green' : 'red';
+
+				$sql_report .= '<hr width="100%"/><br /><table class="bg" width="100%" cellspacing="1" cellpadding="4" border="0"><tr><th>Query results obtained from the cache</th></tr><tr><td class="row1"><textarea style="font-family:\'Courier New\',monospace;width:100%" rows="5">' . preg_replace('/\t(AND|OR)(\W)/', "\$1\$2", htmlspecialchars(preg_replace('/[\s]*[\n\r\t]+[\n\r\s\t]*/', "\n", $query))) . '</textarea></td></tr></table><p align="center">';
+
+				$sql_report .= 'Before: ' . sprintf('%.5f', $curtime - $starttime) . 's | After: ' . sprintf('%.5f', $endtime - $starttime) . 's | Elapsed [cache]: <b style="color: ' . $color . '">' . sprintf('%.5f', ($time_cache)) . 's</b> | Elapsed [db]: <b>' . sprintf('%.5f', $time_db) . 's</b></p>';
+
+				// Pad the start time to not interfere with page timing
+				$starttime += $time_db;
+
+				@mssql_free_result($result);
+				$cache_num_queries++;
+				break;
+		}
+	}
+
+}
 
 } // if ... define
 

phpBB/includes/db/mssql_odbc.php

@@ -0,0 +1,431 @@
+<?php
+/** 
+*
+* @package dbal
+* @version $Id$
+* @copyright (c) 2005 phpBB Group 
+* @license http://opensource.org/licenses/gpl-license.php GNU Public License 
+*
+*/
+
+/**
+* @ignore
+*/
+if (!defined('SQL_LAYER'))
+{
+
+	define('SQL_LAYER', 'mssql_odbc');
+	include($phpbb_root_path . 'includes/db/dbal.' . $phpEx);
+
+/**
+* @package dbal
+* MSSQL ODBC Database Abstraction Layer for MSSQL
+* Minimum Requirement is Version 2000+
+*/
+class dbal_mssql_odbc extends dbal
+{
+	var $result_rowset = array();
+	var $field_names = array();
+	var $field_types = array();
+	var $num_rows = array();
+	var $current_row = array();
+
+	function sql_connect($sqlserver, $sqluser, $sqlpassword, $database, $port = false, $persistency = false)
+	{
+		$this->persistency = $persistency;
+		$this->user = $sqluser;
+		$this->server = $sqlserver . (($port) ? ':' . $port : '');
+		$this->dbname = $database;
+
+		$this->db_connect_id = ($this->persistency) ? @odbc_pconnect($this->server, $this->user, $sqlpassword) : @odbc_connect($this->server, $this->user, $sqlpassword);
+
+		return ($this->db_connect_id) ? $this->db_connect_id : $this->sql_error('');
+	}
+
+	//
+	// Other base methods
+	//
+	function sql_close()
+	{
+		if (!$this->db_connect_id)
+		{
+			return false;
+		}
+
+		if ($this->transaction)
+		{
+			@odbc_commit($this->db_connect_id);
+		}
+
+		if (sizeof($this->result_rowset))
+		{
+			unset($this->result_rowset);
+			unset($this->field_names);
+			unset($this->field_types);
+			unset($this->num_rows);
+			unset($this->current_row);
+		}
+
+		if (sizeof($this->open_queries))
+		{
+			foreach ($this->open_queries as $i_query_id => $query_id)
+			{
+				@odbc_free_result($query_id);
+			}
+		}
+
+		return @odbc_close($this->db_connect_id);
+	}
+
+	function sql_transaction($status = 'begin')
+	{
+		switch ($status)
+		{
+			case 'begin':
+				$result = @odbc_autocommit($this->db_connect_id, false);
+				$this->transaction = true;
+				break;
+
+			case 'commit':
+				$result = @odbc_commit($this->db_connect_id);
+				@odbc_autocommit($this->db_connect_id, true);
+				$this->transaction = false;
+
+				if (!$result)
+				{
+					@odbc_rollback($this->db_connect_id);
+					@odbc_autocommit($this->db_connect_id, true);
+				}
+				break;
+
+			case 'rollback':
+				$result = @odbc_rollback($this->db_connect_id);
+				@odbc_autocommit($this->db_connect_id, true);
+				$this->transaction = false;
+				break;
+
+			default:
+				$result = true;
+		}
+
+		return $result;
+	}
+
+	// Base query method
+	function sql_query($query = '', $cache_ttl = 0)
+	{
+		if ($query != '')
+		{
+			global $cache;
+
+			// EXPLAIN only in extra debug mode
+			if (defined('DEBUG_EXTRA'))
+			{
+				$this->sql_report('start', $query);
+			}
+
+			$this->query_result = ($cache_ttl && method_exists($cache, 'sql_load')) ? $cache->sql_load($query) : false;
+
+			if (!$this->query_result)
+			{
+				$this->num_queries++;
+
+				if (($this->query_result = $this->_odbc_execute_query($query)) === false)
+				{
+					$this->sql_error($query);
+				}
+
+				if (defined('DEBUG_EXTRA'))
+				{
+					$this->sql_report('stop', $query);
+				}
+
+				if ($cache_ttl && method_exists($cache, 'sql_save'))
+				{
+					$this->open_queries[(int) $this->query_result] = $this->query_result;
+					$cache->sql_save($query, $this->query_result, $cache_ttl);
+					// odbc_free_result called within sql_save()
+				}
+				else if (strpos($query, 'SELECT') !== false && $this->query_result)
+				{
+					$this->open_queries[(int) $this->query_result] = $this->query_result;
+				}
+			}
+			else if (defined('DEBUG_EXTRA'))
+			{
+				$this->sql_report('fromcache', $query);
+			}
+		}
+		else
+		{
+			return false;
+		}
+
+		return ($this->query_result) ? $this->query_result : false;
+	}
+
+	function _odbc_execute_query($query)
+	{
+		$result = false;
+		
+		if (eregi("^SELECT ", $query))
+		{
+			$result = @odbc_exec($this->db_connect_id, $query); 
+
+			if ($result)
+			{
+				if (empty($this->field_names[$result]))
+				{
+					for ($i = 1, $j = @odbc_num_fields($result) + 1; $i < $j; $i++)
+					{
+						$this->field_names[$result][] = @odbc_field_name($result, $i);
+						$this->field_types[$result][] = @odbc_field_type($result, $i);
+					}
+				}
+
+				$this->current_row[$result] = 0;
+				$this->result_rowset[$result] = array();
+
+				$row_outer = (isset($row_offset)) ? $row_offset + 1 : 1;
+				$row_outer_max = (isset($num_rows)) ? $row_offset + $num_rows + 1 : 1E9;
+				$row_inner = 0;
+
+				while (@odbc_fetch_row($result, $row_outer) && $row_outer < $row_outer_max)
+				{
+					for ($i = 0, $j = sizeof($this->field_names[$result]); $i < $j; $i++)
+					{
+						$this->result_rowset[$result][$row_inner][$this->field_names[$result][$i]] = stripslashes(@odbc_result($result, $i + 1));
+					}
+
+					$row_outer++;
+					$row_inner++;
+				}
+
+				$this->num_rows[$result] = sizeof($this->result_rowset[$result]);	
+			}
+		}
+		else if (eregi("^INSERT ", $query))
+		{
+			$result = @odbc_exec($this->db_connect_id, $query);
+
+			if ($result)
+			{
+				$result_id = @odbc_exec($this->db_connect_id, 'SELECT @@IDENTITY');
+				if ($result_id)
+				{
+					if (@odbc_fetch_row($result_id))
+					{
+						$this->next_id[$this->db_connect_id] = @odbc_result($result_id, 1);	
+						$this->affected_rows[$this->db_connect_id] = @odbc_num_rows($result);
+					}
+				}
+			}
+		}
+		else
+		{
+			$result = @odbc_exec($this->db_connect_id, $query);
+
+			if ($result)
+			{
+				$this->affected_rows[$this->db_connect_id] = @odbc_num_rows($result);
+			}
+		}
+
+		return $result;
+	}
+
+	function sql_query_limit($query, $total, $offset = 0, $cache_ttl = 0) 
+	{ 
+		if ($query != '') 
+		{
+			$this->query_result = false; 
+
+			// if $total is set to 0 we do not want to limit the number of rows
+			if ($total == 0)
+			{
+				$total = -1;
+			}
+
+			$row_offset = ($total) ? $offset : '';
+			$num_rows = ($total) ? $total : $offset;
+
+			$query = 'SELECT TOP ' . ($row_offset + $num_rows) . ' ' . substr($query, 6);
+
+			return $this->sql_query($query, $cache_ttl); 
+		} 
+		else 
+		{ 
+			return false; 
+		} 
+	}
+
+	// Other query methods
+	//
+	// NOTE :: Want to remove _ALL_ reliance on sql_numrows from core code ...
+	//         don't want this here by a middle Milestone
+	function sql_numrows($query_id = false)
+	{
+		if (!$query_id)
+		{
+			$query_id = $this->query_result;
+		}
+
+		return ($query_id) ? @$this->num_rows($query_id) : false;
+	}
+
+	function sql_affectedrows()
+	{
+		return ($this->affected_rows[$this->db_connect_id]) ? $this->affected_rows[$this->db_connect_id] : false;
+	}
+
+	function sql_fetchrow($query_id = false)
+	{
+		global $cache;
+
+		if (!$query_id)
+		{
+			$query_id = $this->query_result;
+		}
+
+		if (isset($cache->sql_rowset[$query_id]))
+		{
+			return $cache->sql_fetchrow($query_id);
+		}
+
+		return ($this->num_rows[$query_id] && $this->current_row[$query_id] < $this->num_rows[$query_id]) ? $this->result_rowset[$query_id][$this->current_row[$query_id]++] : false;
+	}
+
+	function sql_fetchrowset($query_id = false)
+	{
+		if (!$query_id)
+		{
+			$query_id = $this->query_result;
+		}
+
+		return ($this->num_rows[$query_id]) ? $this->result_rowset[$query_id] : false;
+	}
+
+	function sql_fetchfield($field, $rownum = -1, $query_id = false)
+	{
+		if (!$query_id)
+		{
+			$query_id = $this->query_result;
+		}
+
+		if ($query_id)
+		{
+			if ($rownum < $this->num_rows[$query_id])
+			{
+				$getrow = ($rownum == -1) ? $this->current_row[$query_id] - 1 : $rownum;
+
+				return $this->result_rowset[$query_id][$getrow][$this->field_names[$query_id][$field]];
+			}
+		}
+
+		return false;
+	}
+
+	function sql_rowseek($rownum, $query_id = false)
+	{
+		if (!$query_id)
+		{
+			$query_id = $this->query_result;
+		}
+
+		if (isset($this->current_row[$query_id]))
+		{
+			$this->current_row[$query_id] = $rownum;
+			return true;
+		}
+
+		return false;
+	}
+
+	function sql_nextid()
+	{
+		return ($this->next_id[$this->db_connect_id]) ? $this->next_id[$this->db_connect_id] : false;
+	}
+
+	function sql_freeresult($query_id = false)
+	{
+		if (!$query_id)
+		{
+			$query_id = $this->query_result;
+		}
+
+		if (isset($this->open_queries[(int) $query_id]))
+		{
+			unset($this->open_queries[(int) $query_id]);
+			unset($this->num_rows[$query_id]);
+			unset($this->current_row[$query_id]);
+			unset($this->result_rowset[$query_id]);
+			unset($this->field_names[$query_id]);
+			unset($this->field_types[$query_id]);
+
+			return @odbc_free_result($query_id);
+		}
+
+		return false;
+	}
+
+	function sql_escape($msg)
+	{
+		return str_replace("'", "''", str_replace('\\', '\\\\', $msg));
+	}
+
+	function db_sql_error()
+	{
+		return array(
+			'message'	=> @odbc_errormsg(),
+			'code'		=> @odbc_error()
+		);
+	}
+
+	function _sql_report($mode, $query = '')
+	{
+		global $cache, $starttime, $phpbb_root_path;
+		static $curtime, $query_hold, $html_hold;
+		static $sql_report = '';
+		static $cache_num_queries = 0;
+
+		switch ($mode)
+		{
+			case 'start':
+				$query_hold = $query;
+				$html_hold = '';
+
+				$curtime = explode(' ', microtime());
+				$curtime = $curtime[0] + $curtime[1];
+				break;
+
+			case 'fromcache':
+				$endtime = explode(' ', microtime());
+				$endtime = $endtime[0] + $endtime[1];
+
+				$result = $this->_odbc_execute_query($query);
+
+				$splittime = explode(' ', microtime());
+				$splittime = $splittime[0] + $splittime[1];
+
+				$time_cache = $endtime - $curtime;
+				$time_db = $splittime - $endtime;
+				$color = ($time_db > $time_cache) ? 'green' : 'red';
+
+				$sql_report .= '<hr width="100%"/><br /><table class="bg" width="100%" cellspacing="1" cellpadding="4" border="0"><tr><th>Query results obtained from the cache</th></tr><tr><td class="row1"><textarea style="font-family:\'Courier New\',monospace;width:100%" rows="5">' . preg_replace('/\t(AND|OR)(\W)/', "\$1\$2", htmlspecialchars(preg_replace('/[\s]*[\n\r\t]+[\n\r\s\t]*/', "\n", $query))) . '</textarea></td></tr></table><p align="center">';
+
+				$sql_report .= 'Before: ' . sprintf('%.5f', $curtime - $starttime) . 's | After: ' . sprintf('%.5f', $endtime - $starttime) . 's | Elapsed [cache]: <b style="color: ' . $color . '">' . sprintf('%.5f', ($time_cache)) . 's</b> | Elapsed [db]: <b>' . sprintf('%.5f', $time_db) . 's</b></p>';
+
+				// Pad the start time to not interfere with page timing
+				$starttime += $time_db;
+
+				@odbc_free_result($result);
+				$cache_num_queries++;
+				break;
+		}
+	}
+
+}
+
+} // if ... define
+
+?>

phpBB/includes/db/mysql.php

@@ -1,49 +1,38 @@
 <?php
-/***************************************************************************
- *                                 mysql.php
- *                            -------------------
- *   begin                : Saturday, Feb 13, 2001
- *   copyright            : (C) 2001 The phpBB Group
- *   email                : support@phpbb.com
- *
- *   $Id$
- *
- ***************************************************************************/
-
-/***************************************************************************
- *
- *   This program is free software; you can redistribute it and/or modify
- *   it under the terms of the GNU General Public License as published by
- *   the Free Software Foundation; either version 2 of the License, or
- *   (at your option) any later version.
- *
- ***************************************************************************/
+/** 
+*
+* @package dbal
+* @version $Id$
+* @copyright (c) 2005 phpBB Group 
+* @license http://opensource.org/licenses/gpl-license.php GNU Public License 
+*
+*/
 
+/**
+* @ignore
+*/
 if (!defined('SQL_LAYER'))
 {
 
-define('SQL_LAYER', 'mysql');
+	define('SQL_LAYER', 'mysql');
+	include($phpbb_root_path . 'includes/db/dbal.' . $phpEx);
 
-class sql_db
+/**
+* @package dbal
+* MySQL Database Abstraction Layer
+* Minimum Requirement is 3.23+/4.0+/4.1+
+*/
+class dbal_mysql extends dbal
 {
-	var $db_connect_id;
-	var $query_result;
-	var $return_on_error = false;
-	var $transaction = false;
-	var $sql_report = '';
-	var $sql_time = 0;
-	var $num_queries = 0;
-	var $open_queries = array();
 
 	function sql_connect($sqlserver, $sqluser, $sqlpassword, $database, $port = false, $persistency = false)
 	{
 		$this->persistency = $persistency;
 		$this->user = $sqluser;
-		$this->password = $sqlpassword;
 		$this->server = $sqlserver . (($port) ? ':' . $port : '');
 		$this->dbname = $database;
 
-		$this->db_connect_id = ($this->persistency) ? @mysql_pconnect($this->server, $this->user, $this->password) : @mysql_connect($this->server, $this->user, $this->password);
+		$this->db_connect_id = ($this->persistency) ? @mysql_pconnect($this->server, $this->user, $sqlpassword) : @mysql_connect($this->server, $this->user, $sqlpassword);
 
 		if ($this->db_connect_id && $this->dbname != '')
 		{
@@ -66,9 +55,9 @@ class sql_db
 			return false;
 		}
 
-		if (count($this->open_queries))
+		if (sizeof($this->open_queries))
 		{
-			foreach ($this->open_queries as $query_id)
+			foreach ($this->open_queries as $i_query_id => $query_id)
 			{
 				@mysql_free_result($query_id);
 			}
@@ -77,33 +66,28 @@ class sql_db
 		return @mysql_close($this->db_connect_id);
 	}
 
-	function sql_return_on_error($fail = false)
-	{
-		$this->return_on_error = $fail;
-	}
-
-	function sql_num_queries()
-	{
-		return $this->num_queries;
-	}
-
 	function sql_transaction($status = 'begin')
 	{
 		switch ($status)
 		{
 			case 'begin':
-				$this->transaction = true;
 				$result = @mysql_query('BEGIN', $this->db_connect_id);
+				$this->transaction = true;
 				break;
 
 			case 'commit':
-				$this->transaction = false;
 				$result = @mysql_query('COMMIT', $this->db_connect_id);
+				$this->transaction = false;
+				
+				if (!$result)
+				{
+					@mysql_query('ROLLBACK', $this->db_connect_id);
+				}
 				break;
 
 			case 'rollback':
-				$this->transaction = false;
 				$result = @mysql_query('ROLLBACK', $this->db_connect_id);
+				$this->transaction = false;
 				break;
 
 			default:
@@ -114,87 +98,49 @@ class sql_db
 	}
 
 	// Base query method
-	function sql_query($query = '', $max_age = 0)
+	function sql_query($query = '', $cache_ttl = 0)
 	{
 		if ($query != '')
 		{
 			global $cache;
-		
-			$this->query_result = ($max_age && method_exists($cache, 'sql_load')) ? $cache->sql_load($query, $max_age) : false;
+
+			// EXPLAIN only in extra debug mode
+			if (defined('DEBUG_EXTRA'))
+			{
+				$this->sql_report('start', $query);
+			}
+
+			$this->query_result = ($cache_ttl && method_exists($cache, 'sql_load')) ? $cache->sql_load($query) : false;
 
 			if (!$this->query_result)
 			{
 				$this->num_queries++;
 
-				if (!empty($_GET['explain']))
-				{
-					global $starttime;
-
-					$curtime = explode(' ', microtime());
-					$curtime = $curtime[0] + $curtime[1] - $starttime;
-				}
-
 				if (($this->query_result = @mysql_query($query, $this->db_connect_id)) === false)
 				{
 					$this->sql_error($query);
 				}
 
-				if (!empty($_GET['explain']))
+				if (defined('DEBUG_EXTRA'))
 				{
-					$endtime = explode(' ', microtime());
-					$endtime = $endtime[0] + $endtime[1] - $starttime;
-
-					$this->sql_report .= "<pre>Query:\t" . htmlspecialchars(preg_replace('/[\s]*[\n\r\t]+[\n\r\s\t]*/', "\n\t", $query)) . "\n\n";
-
-					if ($this->query_result)
-					{
-						$this->sql_report .= "Time before:  $curtime\nTime after:   $endtime\nElapsed time: <b>" . ($endtime - $curtime) . "</b>\n</pre>";
-					}
-					else
-					{
-						$error = $this->sql_error();
-						$this->sql_report .= '<b>FAILED</b> - MySQL Error ' . $error['code'] . ': ' . htmlspecialchars($error['message']) . '<br><br><pre>';
-					}
-
-					$this->sql_time += $endtime - $curtime;
-
-					if (preg_match('/^SELECT/', $query))
-					{
-						$html_table = FALSE;
-						if ($result = mysql_query("EXPLAIN $query", $this->db_connect_id))
-						{
-							while ($row = mysql_fetch_assoc($result))
-							{
-								if (!$html_table && count($row))
-								{
-									$html_table = TRUE;
-									$this->sql_report .= "<table width=100% border=1 cellpadding=2 cellspacing=1>\n";
-									$this->sql_report .= "<tr>\n<td><b>" . implode("</b></td>\n<td><b>", array_keys($row)) . "</b></td>\n</tr>\n";
-								}
-								$this->sql_report .= "<tr>\n<td>" . implode("&nbsp;</td>\n<td>", array_values($row)) . "&nbsp;</td>\n</tr>\n";
-							}
-						}
-
-						if ($html_table)
-						{
-							$this->sql_report .= '</table><br>';
-						}
-					}
-
-					$this->sql_report .= "<hr>\n";
+					$this->sql_report('stop', $query);
 				}
 
-				if (preg_match('/^SELECT/', $query))
+				if ($cache_ttl && method_exists($cache, 'sql_save'))
 				{
-					$this->open_queries[] = $this->query_result;
+					$this->open_queries[(int) $this->query_result] = $this->query_result;
+					$cache->sql_save($query, $this->query_result, $cache_ttl);
+					// mysql_free_result called within sql_save()
 				}
-
-				if ($max_age && method_exists($cache, 'sql_save'))
+				else if (strpos($query, 'SELECT') !== false && $this->query_result)
 				{
-					$cache->sql_save($query, $this->query_result);
-					@mysql_free_result(array_pop($this->open_queries));
+					$this->open_queries[(int) $this->query_result] = $this->query_result;
 				}
 			}
+			else if (defined('DEBUG_EXTRA'))
+			{
+				$this->sql_report('fromcache', $query);
+			}
 		}
 		else
 		{
@@ -204,7 +150,7 @@ class sql_db
 		return ($this->query_result) ? $this->query_result : false;
 	}
 
-	function sql_query_limit($query, $total, $offset = 0, $max_age = 0) 
+	function sql_query_limit($query, $total, $offset = 0, $cache_ttl = 0) 
 	{ 
 		if ($query != '') 
 		{
@@ -216,9 +162,9 @@ class sql_db
 				$total = -1;
 			}
 
-			$query .= ' LIMIT ' . ((!empty($offset)) ? $offset . ', ' . $total : $total);
+			$query .= "\n LIMIT " . ((!empty($offset)) ? $offset . ', ' . $total : $total);
 
-			return $this->sql_query($query, $max_age); 
+			return $this->sql_query($query, $cache_ttl); 
 		} 
 		else 
 		{ 
@@ -226,62 +172,6 @@ class sql_db
 		} 
 	}
 
-	// Idea for this from Ikonboard
-	function sql_build_array($query, $assoc_ary = false)
-	{
-		if (!is_array($assoc_ary))
-		{
-			return false;
-		}
-
-		$fields = array();
-		$values = array();
-		if ($query == 'INSERT')
-		{
-			foreach ($assoc_ary as $key => $var)
-			{
-				$fields[] = $key;
-
-				if (is_null($var))
-				{
-					$values[] = 'NULL';
-				}
-				elseif (is_string($var))
-				{
-					$values[] = "'" . $this->sql_escape($var) . "'";
-				}
-				else
-				{
-					$values[] = (is_bool($var)) ? intval($var) : $var;
-				}
-			}
-
-			$query = ' (' . implode(', ', $fields) . ') VALUES (' . implode(', ', $values) . ')';
-		}
-		else if ($query == 'UPDATE')
-		{
-			$values = array();
-			foreach ($assoc_ary as $key => $var)
-			{
-				if (is_null($var))
-				{
-					$values[] = "$key = NULL";
-				}
-				elseif (is_string($var))
-				{
-					$values[] = "$key = '" . $this->sql_escape($var) . "'";
-				}
-				else
-				{
-					$values[] = (is_bool($var)) ? "$key = " . intval($var) : "$key = $var";
-				}
-			}
-			$query = implode(', ', $values);
-		}
-
-		return $query;
-	}
-
 	// Other query methods
 	//
 	// NOTE :: Want to remove _ALL_ reliance on sql_numrows from core code ...
@@ -301,7 +191,7 @@ class sql_db
 		return ($this->db_connect_id) ? @mysql_affected_rows($this->db_connect_id) : false;
 	}
 
-	function sql_fetchrow($query_id = 0)
+	function sql_fetchrow($query_id = false)
 	{
 		global $cache;
 
@@ -310,7 +200,7 @@ class sql_db
 			$query_id = $this->query_result;
 		}
 
-		if (method_exists($cache, 'sql_fetchrow') && $cache->sql_exists($query_id))
+		if (isset($cache->sql_rowset[$query_id]))
 		{
 			return $cache->sql_fetchrow($query_id);
 		}
@@ -318,31 +208,36 @@ class sql_db
 		return ($query_id) ? @mysql_fetch_assoc($query_id) : false;
 	}
 
-	function sql_fetchrowset($query_id = 0)
+	function sql_fetchrowset($query_id = false)
 	{
 		if (!$query_id)
 		{
 			$query_id = $this->query_result;
 		}
+
 		if ($query_id)
 		{
 			unset($this->rowset[$query_id]);
 			unset($this->row[$query_id]);
+
+			$result = array();
 			while ($this->rowset[$query_id] = $this->sql_fetchrow($query_id))
 			{
 				$result[] = $this->rowset[$query_id];
 			}
 			return $result;
 		}
+		
 		return false;
 	}
 
-	function sql_fetchfield($field, $rownum = -1, $query_id = 0)
+	function sql_fetchfield($field, $rownum = -1, $query_id = false)
 	{
 		if (!$query_id)
 		{
 			$query_id = $this->query_result;
 		}
+
 		if ($query_id)
 		{
 			if ($rownum > -1)
@@ -353,7 +248,7 @@ class sql_db
 			{
 				if (empty($this->row[$query_id]) && empty($this->rowset[$query_id]))
 				{
-					if ($this->sql_fetchrow())
+					if ($this->row[$query_id] = $this->sql_fetchrow($query_id))
 					{
 						$result = $this->row[$query_id][$field];
 					}
@@ -370,12 +265,14 @@ class sql_db
 					}
 				}
 			}
+
 			return $result;
 		}
+
 		return false;
 	}
 
-	function sql_rowseek($rownum, $query_id = 0)
+	function sql_rowseek($rownum, $query_id = false)
 	{
 		if (!$query_id)
 		{
@@ -397,7 +294,13 @@ class sql_db
 			$query_id = $this->query_result;
 		}
 
-		return ($query_id) ? @mysql_free_result($query_id) : false;
+		if (isset($this->open_queries[(int) $query_id]))
+		{
+			unset($this->open_queries[(int) $query_id]);
+			return @mysql_free_result($query_id);
+		}
+
+		return false;
 	}
 
 	function sql_escape($msg)
@@ -405,31 +308,107 @@ class sql_db
 		return mysql_escape_string($msg);
 	}
 	
-	function sql_error($sql = '')
+	function db_sql_error()
 	{
-		if (!$this->return_on_error)
-		{
-			if ($this->transaction)
-			{
-				$this->sql_transaction('rollback');
-			}
-
-			$this_page = (!empty($_SERVER['PHP_SELF'])) ? $_SERVER['PHP_SELF'] : $_ENV['PHP_SELF'];
-			$this_page .= '&' . ((!empty($_SERVER['QUERY_STRING'])) ? $_SERVER['QUERY_STRING'] : $_ENV['QUERY_STRING']);
-
-			$message = '<u>SQL ERROR</u> [ ' . SQL_LAYER . ' ]<br /><br />' . @mysql_error() . '<br /><br /><u>CALLING PAGE</u><br /><br />'  . htmlspecialchars($this_page) . (($sql != '') ? '<br /><br /><u>SQL</u><br /><br />' . $sql : '') . '<br />';
-			trigger_error($message, E_USER_ERROR);
-		}
-
-		$result = array(
+		return array(
 			'message'	=> @mysql_error(),
 			'code'		=> @mysql_errno()
 		);
-
-		return $result;
 	}
 
-} // class sql_db
+	function _sql_report($mode, $query = '')
+	{
+		global $cache, $starttime, $phpbb_root_path;
+		static $curtime, $query_hold, $html_hold;
+		static $sql_report = '';
+		static $cache_num_queries = 0;
+
+		switch ($mode)
+		{
+			case 'start':
+				$query_hold = $query;
+				$html_hold = '';
+
+				$explain_query = $query;
+				if (preg_match('/UPDATE ([a-z0-9_]+).*?WHERE(.*)/s', $query, $m))
+				{
+					$explain_query = 'SELECT * FROM ' . $m[1] . ' WHERE ' . $m[2];
+				}
+				elseif (preg_match('/DELETE FROM ([a-z0-9_]+).*?WHERE(.*)/s', $query, $m))
+				{
+					$explain_query = 'SELECT * FROM ' . $m[1] . ' WHERE ' . $m[2];
+				}
+
+				if (preg_match('/^SELECT/', $explain_query))
+				{
+					$html_table = FALSE;
+
+					if ($result = mysql_query("EXPLAIN $explain_query", $this->db_connect_id))
+					{
+						while ($row = mysql_fetch_assoc($result))
+						{
+							if (!$html_table && sizeof($row))
+							{
+								$html_table = TRUE;
+								$html_hold .= '<table class="bg" width="100%" cellspacing="1" cellpadding="4" border="0" align="center"><tr>';
+								
+								foreach (array_keys($row) as $val)
+								{
+									$html_hold .= '<th nowrap="nowrap">' . (($val) ? ucwords(str_replace('_', ' ', $val)) : '&nbsp;') . '</th>';
+								}
+								$html_hold .= '</tr>';
+							}
+							$html_hold .= '<tr>';
+
+							$class = 'row1';
+							foreach (array_values($row) as $val)
+							{
+								$class = ($class == 'row1') ? 'row2' : 'row1';
+								$html_hold .= '<td class="' . $class . '">' . (($val) ? $val : '&nbsp;') . '</td>';
+							}
+							$html_hold .= '</tr>';
+						}
+					}
+
+					if ($html_table)
+					{
+						$html_hold .= '</table>';
+					}
+				}
+
+				$curtime = explode(' ', microtime());
+				$curtime = $curtime[0] + $curtime[1];
+				break;
+
+			case 'fromcache':
+				$endtime = explode(' ', microtime());
+				$endtime = $endtime[0] + $endtime[1];
+
+				$result = mysql_query($query, $this->db_connect_id);
+				while ($void = mysql_fetch_assoc($result))
+				{
+					// Take the time spent on parsing rows into account
+				}
+				$splittime = explode(' ', microtime());
+				$splittime = $splittime[0] + $splittime[1];
+
+				$time_cache = $endtime - $curtime;
+				$time_db = $splittime - $endtime;
+				$color = ($time_db > $time_cache) ? 'green' : 'red';
+
+				$sql_report .= '<hr width="100%"/><br /><table class="bg" width="100%" cellspacing="1" cellpadding="4" border="0"><tr><th>Query results obtained from the cache</th></tr><tr><td class="row1"><textarea style="font-family:\'Courier New\',monospace;width:100%" rows="5">' . preg_replace('/\t(AND|OR)(\W)/', "\$1\$2", htmlspecialchars(preg_replace('/[\s]*[\n\r\t]+[\n\r\s\t]*/', "\n", $query))) . '</textarea></td></tr></table><p align="center">';
+
+				$sql_report .= 'Before: ' . sprintf('%.5f', $curtime - $starttime) . 's | After: ' . sprintf('%.5f', $endtime - $starttime) . 's | Elapsed [cache]: <b style="color: ' . $color . '">' . sprintf('%.5f', ($time_cache)) . 's</b> | Elapsed [db]: <b>' . sprintf('%.5f', $time_db) . 's</b></p>';
+
+				// Pad the start time to not interfere with page timing
+				$starttime += $time_db;
+
+				mysql_free_result($result);
+				$cache_num_queries++;
+				break;
+		}
+	}
+}
 
 } // if ... define
 

phpBB/includes/db/mysql4.php

@@ -1,49 +1,41 @@
 <?php
-/***************************************************************************
- *                                 mysql.php
- *                            -------------------
- *   begin                : Saturday, Feb 13, 2001
- *   copyright            : (C) 2001 The phpBB Group
- *   email                : support@phpbb.com
- *
- *   $Id$
- *
- ***************************************************************************/
-
-/***************************************************************************
- *
- *   This program is free software; you can redistribute it and/or modify
- *   it under the terms of the GNU General Public License as published by
- *   the Free Software Foundation; either version 2 of the License, or
- *   (at your option) any later version.
- *
- ***************************************************************************/
+/** 
+*
+* @package dbal
+* @version $Id$
+* @copyright (c) 2005 phpBB Group 
+* @license http://opensource.org/licenses/gpl-license.php GNU Public License 
+*
+*/
 
+/**
+* @ignore
+*/
 if (!defined('SQL_LAYER'))
 {
 
-define('SQL_LAYER', 'mysql4');
+	define('SQL_LAYER', 'mysql4');
+	include($phpbb_root_path . 'includes/db/dbal.' . $phpEx);
 
-class sql_db
+/**
+* @package dbal
+* MySQL4 Database Abstraction Layer
+* Minimum Requirement is 4.0+ (4.1+ compatible)
+*/
+class dbal_mysql4 extends dbal
 {
-	var $db_connect_id;
-	var $query_result;
-	var $return_on_error = false;
-	var $transaction = false;
-	var $sql_report = '';
-	var $sql_time = 0;
-	var $num_queries = 0;
-	var $open_queries = array();
 
-	function sql_connect($sqlserver, $sqluser, $sqlpassword, $database, $port, $persistency = false)
+	/**
+	* Connect to sql server
+	*/
+	function sql_connect($sqlserver, $sqluser, $sqlpassword, $database, $port = false, $persistency = false)
 	{
 		$this->persistency = $persistency;
 		$this->user = $sqluser;
-		$this->password = $sqlpassword;
 		$this->server = $sqlserver . (($port) ? ':' . $port : '');
 		$this->dbname = $database;
 
-		$this->db_connect_id = ($this->persistency) ? @mysql_pconnect($this->server, $this->user, $this->password) : @mysql_connect($this->server, $this->user, $this->password);
+		$this->db_connect_id = ($this->persistency) ? @mysql_pconnect($this->server, $this->user, $sqlpassword) : @mysql_connect($this->server, $this->user, $sqlpassword);
 
 		if ($this->db_connect_id && $this->dbname != '')
 		{
@@ -56,7 +48,9 @@ class sql_db
 		return $this->sql_error('');
 	}
 
+	//
 	// Other base methods
+	//
 	function sql_close()
 	{
 		if (!$this->db_connect_id)
@@ -64,9 +58,9 @@ class sql_db
 			return false;
 		}
 
-		if (count($this->open_queries))
+		if (sizeof($this->open_queries))
 		{
-			foreach ($this->open_queries as $query_id)
+			foreach ($this->open_queries as $i_query_id => $query_id)
 			{
 				@mysql_free_result($query_id);
 			}
@@ -75,33 +69,28 @@ class sql_db
 		return @mysql_close($this->db_connect_id);
 	}
 
-	function sql_return_on_error($fail = false)
-	{
-		$this->return_on_error = $fail;
-	}
-
-	function sql_num_queries()
-	{
-		return $this->num_queries;
-	}
-
 	function sql_transaction($status = 'begin')
 	{
 		switch ($status)
 		{
 			case 'begin':
-				$this->transaction = true;
 				$result = @mysql_query('BEGIN', $this->db_connect_id);
+				$this->transaction = true;
 				break;
 
 			case 'commit':
-				$this->transaction = false;
 				$result = @mysql_query('COMMIT', $this->db_connect_id);
+				$this->transaction = false;
+				
+				if (!$result)
+				{
+					@mysql_query('ROLLBACK', $this->db_connect_id);
+				}
 				break;
 
 			case 'rollback':
-				$this->transaction = false;
 				$result = @mysql_query('ROLLBACK', $this->db_connect_id);
+				$this->transaction = false;
 				break;
 
 			default:
@@ -112,90 +101,48 @@ class sql_db
 	}
 
 	// Base query method
-	function sql_query($query = '', $expire_time = 0)
+	function sql_query($query = '', $cache_ttl = 0)
 	{
 		if ($query != '')
 		{
 			global $cache;
 
-			if (!$expire_time || !$cache->sql_load($query, $expire_time))
+			// EXPLAIN only in extra debug mode
+			if (defined('DEBUG_EXTRA'))
 			{
-				if ($expire_time)
-				{
-					$cache_result = true;
-				}
+				$this->sql_report('start', $query);
+			}
 
-				$this->query_result = false;
+			$this->query_result = ($cache_ttl && method_exists($cache, 'sql_load')) ? $cache->sql_load($query) : false;
+
+			if (!$this->query_result)
+			{
 				$this->num_queries++;
 
-				if (!empty($_GET['explain']))
-				{
-					global $starttime;
-
-					$curtime = explode(' ', microtime());
-					$curtime = $curtime[0] + $curtime[1] - $starttime;
-				}
-
-				if (!($this->query_result = @mysql_query($query, $this->db_connect_id)))
+				if (($this->query_result = @mysql_query($query, $this->db_connect_id)) === false)
 				{
 					$this->sql_error($query);
 				}
 
-				if (!empty($_GET['explain']))
+				if (defined('DEBUG_EXTRA'))
 				{
-					$endtime = explode(' ', microtime());
-					$endtime = $endtime[0] + $endtime[1] - $starttime;
-
-					$this->sql_report .= "<pre>Query:\t" . htmlspecialchars(preg_replace('/[\s]*[\n\r\t]+[\n\r\s\t]*/', "\n\t", $query)) . "\n\n";
-
-					if ($this->query_result)
-					{
-						$this->sql_report .= "Time before:  $curtime\nTime after:   $endtime\nElapsed time: <b>" . ($endtime - $curtime) . "</b>\n</pre>";
-					}
-					else
-					{
-						$error = $this->sql_error();
-						$this->sql_report .= '<b>FAILED</b> - MySQL Error ' . $error['code'] . ': ' . htmlspecialchars($error['message']) . '<br><br><pre>';
-					}
-
-					$this->sql_time += $endtime - $curtime;
-
-					if (preg_match('/^SELECT/', $query))
-					{
-						$html_table = FALSE;
-						if ($result = mysql_query("EXPLAIN $query", $this->db_connect_id))
-						{
-							while ($row = mysql_fetch_assoc($result))
-							{
-								if (!$html_table && count($row))
-								{
-									$html_table = TRUE;
-									$this->sql_report .= "<table width=100% border=1 cellpadding=2 cellspacing=1>\n";
-									$this->sql_report .= "<tr>\n<td><b>" . implode("</b></td>\n<td><b>", array_keys($row)) . "</b></td>\n</tr>\n";
-								}
-								$this->sql_report .= "<tr>\n<td>" . implode("&nbsp;</td>\n<td>", array_values($row)) . "&nbsp;</td>\n</tr>\n";
-							}
-						}
-
-						if ($html_table)
-						{
-							$this->sql_report .= '</table><br>';
-						}
-					}
-
-					$this->sql_report .= "<hr>\n";
+					$this->sql_report('stop', $query);
 				}
 
-				if (preg_match('/^SELECT/', $query))
+				if ($cache_ttl && method_exists($cache, 'sql_save'))
 				{
-					$this->open_queries[] = $this->query_result;
+					$this->open_queries[(int) $this->query_result] = $this->query_result;
+					$cache->sql_save($query, $this->query_result, $cache_ttl);
+					// mysql_free_result called within sql_save()
+				}
+				else if (strpos($query, 'SELECT') !== false && $this->query_result)
+				{
+					$this->open_queries[(int) $this->query_result] = $this->query_result;
 				}
 			}
-
-			if (!empty($cache_result))
+			else if (defined('DEBUG_EXTRA'))
 			{
-				$cache->sql_save($query, $this->query_result);
-				@mysql_free_result(array_pop($this->open_queries));
+				$this->sql_report('fromcache', $query);
 			}
 		}
 		else
@@ -206,76 +153,26 @@ class sql_db
 		return ($this->query_result) ? $this->query_result : false;
 	}
 
-	function sql_query_limit($query, $total, $offset = 0, $expire_time = 0)
-	{
-		if ($query != '')
+	function sql_query_limit($query, $total, $offset = 0, $cache_ttl = 0) 
+	{ 
+		if ($query != '') 
 		{
-			$this->query_result = false;
+			$this->query_result = false; 
 
-			$query .= ' LIMIT ' . ((!empty($offset)) ? $offset . ', ' . $total : $total);
-
-			return $this->sql_query($query, $expire_time);
-		}
-		else
-		{
-			return false;
-		}
-	}
-
-	// Idea for this from Ikonboard
-	function sql_build_array($query, $assoc_ary = false)
-	{
-		if (!is_array($assoc_ary))
-		{
-			return false;
-		}
-
-		$fields = array();
-		$values = array();
-		if ($query == 'INSERT')
-		{
-			foreach ($assoc_ary as $key => $var)
+			// if $total is set to 0 we do not want to limit the number of rows
+			if ($total == 0)
 			{
-				$fields[] = $key;
-
-				if (is_null($var))
-				{
-					$values[] = 'NULL';
-				}
-				elseif (is_string($var))
-				{
-					$values[] = "'" . $this->sql_escape($var) . "'";
-				}
-				else
-				{
-					$values[] = (is_bool($var)) ? intval($var) : $var;
-				}
+				$total = -1;
 			}
 
-			$query = ' (' . implode(', ', $fields) . ') VALUES (' . implode(', ', $values) . ')';
-		}
-		else if ($query == 'UPDATE')
-		{
-			$values = array();
-			foreach ($assoc_ary as $key => $var)
-			{
-				if (is_null($var))
-				{
-					$values[] = "$key = NULL";
-				}
-				elseif (is_string($var))
-				{
-					$values[] = "$key = '" . $this->sql_escape($var) . "'";
-				}
-				else
-				{
-					$values[] = (is_bool($var)) ? "$key = " . intval($var) : "$key = $var";
-				}
-			}
-			$query = implode(', ', $values);
-		}
+			$query .= "\n LIMIT " . ((!empty($offset)) ? $offset . ', ' . $total : $total);
 
-		return $query;
+			return $this->sql_query($query, $cache_ttl); 
+		} 
+		else 
+		{ 
+			return false; 
+		} 
 	}
 
 	// Other query methods
@@ -297,7 +194,7 @@ class sql_db
 		return ($this->db_connect_id) ? @mysql_affected_rows($this->db_connect_id) : false;
 	}
 
-	function sql_fetchrow($query_id = 0)
+	function sql_fetchrow($query_id = false)
 	{
 		global $cache;
 
@@ -306,7 +203,7 @@ class sql_db
 			$query_id = $this->query_result;
 		}
 
-		if ($cache->sql_exists($query_id))
+		if (isset($cache->sql_rowset[$query_id]))
 		{
 			return $cache->sql_fetchrow($query_id);
 		}
@@ -314,70 +211,71 @@ class sql_db
 		return ($query_id) ? @mysql_fetch_assoc($query_id) : false;
 	}
 
-	function sql_fetchrowset($query_id = 0)
+	function sql_fetchrowset($query_id = false)
 	{
-		if(!$query_id)
+		if (!$query_id)
 		{
 			$query_id = $this->query_result;
 		}
-		if($query_id)
+
+		if ($query_id)
 		{
 			unset($this->rowset[$query_id]);
 			unset($this->row[$query_id]);
-			while($this->rowset[$query_id] = @mysql_fetch_assoc($query_id))
+
+			$result = array();
+			while ($this->rowset[$query_id] = $this->sql_fetchrow($query_id))
 			{
 				$result[] = $this->rowset[$query_id];
 			}
 			return $result;
 		}
-		else
-		{
-			return false;
-		}
+		
+		return false;
 	}
 
-	function sql_fetchfield($field, $rownum = -1, $query_id = 0)
+	function sql_fetchfield($field, $rownum = -1, $query_id = false)
 	{
-		if(!$query_id)
+		if (!$query_id)
 		{
 			$query_id = $this->query_result;
 		}
-		if($query_id)
+
+		if ($query_id)
 		{
-			if($rownum > -1)
+			if ($rownum > -1)
 			{
 				$result = @mysql_result($query_id, $rownum, $field);
 			}
 			else
 			{
-				if(empty($this->row[$query_id]) && empty($this->rowset[$query_id]))
+				if (empty($this->row[$query_id]) && empty($this->rowset[$query_id]))
 				{
-					if($this->sql_fetchrow())
+					if ($this->row[$query_id] = $this->sql_fetchrow($query_id))
 					{
 						$result = $this->row[$query_id][$field];
 					}
 				}
 				else
 				{
-					if($this->rowset[$query_id])
+					if ($this->rowset[$query_id])
 					{
 						$result = $this->rowset[$query_id][$field];
 					}
-					else if($this->row[$query_id])
+					elseif ($this->row[$query_id])
 					{
 						$result = $this->row[$query_id][$field];
 					}
 				}
 			}
+
 			return $result;
 		}
-		else
-		{
-			return false;
-		}
+
+		return false;
 	}
 
-	function sql_rowseek($rownum, $query_id = 0)
+	function sql_rowseek($rownum, $query_id = false)
 	{
 		if (!$query_id)
 		{
@@ -399,39 +297,118 @@ class sql_db
 			$query_id = $this->query_result;
 		}
 
-		return ($query_id) ? @mysql_free_result($query_id) : false;
+		if (isset($this->open_queries[(int) $query_id]))
+		{
+			unset($this->open_queries[(int) $query_id]);
+			return @mysql_free_result($query_id);
+		}
+
+		return false;
 	}
 
 	function sql_escape($msg)
 	{
-		return @mysql_escape_string(stripslashes($msg));
+		return mysql_escape_string($msg);
 	}
-
-	function sql_error($sql = '')
+	
+	function db_sql_error()
 	{
-		if (!$this->return_on_error)
-		{
-			if ($this->transaction)
-			{
-				$this->sql_transaction('rollback');
-			}
-
-			$this_page = (!empty($_SERVER['PHP_SELF'])) ? $_SERVER['PHP_SELF'] : $_ENV['PHP_SELF'];
-			$this_page .= '&' . ((!empty($_SERVER['QUERY_STRING'])) ? $_SERVER['QUERY_STRING'] : $_ENV['QUERY_STRING']);
-
-			$message = '<u>SQL ERROR</u> [ ' . SQL_LAYER . ' ]<br /><br />' . @mysql_error() . '<br /><br /><u>CALLING PAGE</u><br /><br />'  . htmlspecialchars($this_page) . (($sql != '') ? '<br /><br /><u>SQL</u><br /><br />' . $sql : '') . '<br />';
-			trigger_error($message, E_USER_ERROR);
-		}
-
-		$result = array(
+		return array(
 			'message'	=> @mysql_error(),
 			'code'		=> @mysql_errno()
 		);
-
-		return $result;
 	}
 
-} // class sql_db
+	function _sql_report($mode, $query = '')
+	{
+		global $cache, $starttime, $phpbb_root_path;
+
+		switch ($mode)
+		{
+			case 'start':
+				$this->query_hold = $query;
+				$this->html_hold = '';
+
+				$explain_query = $query;
+				if (preg_match('/UPDATE ([a-z0-9_]+).*?WHERE(.*)/s', $query, $m))
+				{
+					$explain_query = 'SELECT * FROM ' . $m[1] . ' WHERE ' . $m[2];
+				}
+				elseif (preg_match('/DELETE FROM ([a-z0-9_]+).*?WHERE(.*)/s', $query, $m))
+				{
+					$explain_query = 'SELECT * FROM ' . $m[1] . ' WHERE ' . $m[2];
+				}
+
+				if (preg_match('/^SELECT/', $explain_query))
+				{
+					$html_table = false;
+
+					if ($result = mysql_query("EXPLAIN $explain_query", $this->db_connect_id))
+					{
+						while ($row = mysql_fetch_assoc($result))
+						{
+							if (!$html_table && sizeof($row))
+							{
+								$html_table = true;
+								$this->html_hold .= '<table class="bg" width="100%" cellspacing="1" cellpadding="4" border="0" align="center"><tr>';
+								
+								foreach (array_keys($row) as $val)
+								{
+									$this->html_hold .= '<th nowrap="nowrap">' . (($val) ? ucwords(str_replace('_', ' ', $val)) : '&nbsp;') . '</th>';
+								}
+								$this->html_hold .= '</tr>';
+							}
+							$this->html_hold .= '<tr>';
+
+							$class = 'row1';
+							foreach (array_values($row) as $val)
+							{
+								$class = ($class == 'row1') ? 'row2' : 'row1';
+								$this->html_hold .= '<td class="' . $class . '">' . (($val) ? $val : '&nbsp;') . '</td>';
+							}
+							$this->html_hold .= '</tr>';
+						}
+					}
+
+					if ($html_table)
+					{
+						$this->html_hold .= '</table>';
+					}
+				}
+
+				$this->curtime = explode(' ', microtime());
+				$this->curtime = $this->curtime[0] + $this->curtime[1];
+				break;
+
+			case 'fromcache':
+				$endtime = explode(' ', microtime());
+				$endtime = $endtime[0] + $endtime[1];
+
+				$result = mysql_query($query, $this->db_connect_id);
+				while ($void = mysql_fetch_assoc($result))
+				{
+					// Take the time spent on parsing rows into account
+				}
+				$splittime = explode(' ', microtime());
+				$splittime = $splittime[0] + $splittime[1];
+
+				$time_cache = $endtime - $this->curtime;
+				$time_db = $splittime - $endtime;
+				$color = ($time_db > $time_cache) ? 'green' : 'red';
+
+				$this->sql_report .= '<hr width="100%"/><br /><table class="bg" width="100%" cellspacing="1" cellpadding="4" border="0"><tr><th>Query results obtained from the cache</th></tr><tr><td class="row1"><textarea style="font-family:\'Courier New\',monospace;width:100%" rows="5">' . preg_replace('/\t(AND|OR)(\W)/', "\$1\$2", htmlspecialchars(preg_replace('/[\s]*[\n\r\t]+[\n\r\s\t]*/', "\n", $query))) . '</textarea></td></tr></table><p align="center">';
+
+				$this->sql_report .= 'Before: ' . sprintf('%.5f', $this->curtime - $starttime) . 's | After: ' . sprintf('%.5f', $endtime - $starttime) . 's | Elapsed [cache]: <b style="color: ' . $color . '">' . sprintf('%.5f', ($time_cache)) . 's</b> | Elapsed [db]: <b>' . sprintf('%.5f', $time_db) . 's</b></p>';
+
+				// Pad the start time to not interfere with page timing
+				$starttime += $time_db;
+
+				mysql_free_result($result);
+				$this->cache_num_queries++;
+				break;
+		}
+	}
+}
 
 } // if ... define
 

phpBB/includes/db/mysqli.php

@@ -0,0 +1,426 @@
+<?php
+/** 
+*
+* @package dbal
+* @version $Id$
+* @copyright (c) 2005 phpBB Group 
+* @license http://opensource.org/licenses/gpl-license.php GNU Public License 
+*
+*/
+
+/**
+* @ignore
+*/
+if (!defined('SQL_LAYER'))
+{
+
+	define('SQL_LAYER', 'mysqli');
+	include($phpbb_root_path . 'includes/db/dbal.' . $phpEx);
+
+/**
+* @package dbal
+* MySQLi Database Abstraction Layer
+* Minimum Requirement is MySQL 4.1+ and the mysqli-extension
+*/
+class dbal_mysqli extends dbal
+{
+	var $indexed = 0;
+
+	function sql_connect($sqlserver, $sqluser, $sqlpassword, $database, $port = false, $persistency = false)
+	{
+		$this->persistency = $persistency;
+		$this->user = $sqluser;
+		$this->server = $sqlserver . (($port) ? ':' . $port : '');
+		$this->dbname = $database;
+
+		$this->db_connect_id = ($this->persistency) ? @mysqli_pconnect($this->server, $this->user, $sqlpassword) : @mysqli_connect($this->server, $this->user, $sqlpassword);
+
+		if ($this->db_connect_id && $this->dbname != '')
+		{
+			if (@mysqli_select_db($this->db_connect_id, $this->dbname))
+			{
+				return $this->db_connect_id;
+			}
+		}
+
+		return $this->sql_error('');
+	}
+
+	//
+	// Other base methods
+	//
+	function sql_close()
+	{
+		if (!$this->db_connect_id)
+		{
+			return false;
+		}
+
+		if ($this->transaction)
+		{
+			@mysqli_commit($this->db_connect_id);
+		}
+
+		return @mysqli_close($this->db_connect_id);
+	}
+
+	function sql_transaction($status = 'begin')
+	{
+		switch ($status)
+		{
+			case 'begin':
+				$result = @mysqli_autocommit($this->db_connect_id, false);
+				$this->transaction = true;
+				break;
+
+			case 'commit':
+				$result = @mysqli_commit($this->db_connect_id);
+				@mysqli_autocommit($this->db_connect_id, true);
+				$this->transaction = false;
+
+				if (!$result)
+				{
+					@mysqli_rollback($this->db_connect_id);
+					@mysqli_autocommit($this->db_connect_id, true);
+				}
+				break;
+
+			case 'rollback':
+				$result = @mysqli_rollback($this->db_connect_id);
+				@mysqli_autocommit($this->db_connect_id, true);
+				$this->transaction = false;
+				break;
+
+			default:
+				$result = true;
+		}
+
+		return $result;
+	}
+
+	// Base query method
+	function sql_query($query = '', $cache_ttl = 0)
+	{
+		if ($query != '')
+		{
+			global $cache;
+
+			// EXPLAIN only in extra debug mode
+			if (defined('DEBUG_EXTRA'))
+			{
+				$this->sql_report('start', $query);
+			}
+
+			$this->query_result = ($cache_ttl && method_exists($cache, 'sql_load')) ? $cache->sql_load($query) : false;
+			
+			if (!$this->query_result)
+			{
+				$this->num_queries++;
+
+				if (($this->query_result = @mysqli_query($this->db_connect_id, $query)) === false)
+				{
+					$this->sql_error($query);
+				}
+
+				if (is_object($this->query_result))
+				{
+					$this->query_result->cur_index = $this->indexed++;
+				}
+
+				if (defined('DEBUG_EXTRA'))
+				{
+					$this->sql_report('stop', $query);
+				}
+
+				if ($cache_ttl && method_exists($cache, 'sql_save'))
+				{
+					$cache->sql_save($query, $this->query_result, $cache_ttl);
+				}
+			}
+			else if (defined('DEBUG_EXTRA'))
+			{
+				$this->sql_report('fromcache', $query);
+			}
+		}
+		else
+		{
+			return false;
+		}
+
+		return ($this->query_result) ? $this->query_result : false;
+	}
+
+	function sql_query_limit($query, $total, $offset = 0, $cache_ttl = 0) 
+	{ 
+		if ($query != '') 
+		{
+			$this->query_result = false; 
+
+			// if $total is set to 0 we do not want to limit the number of rows
+			if ($total == 0)
+			{
+				$total = -1;
+			}
+
+			$query .= "\n LIMIT " . ((!empty($offset)) ? $offset . ', ' . $total : $total);
+
+			return $this->sql_query($query, $cache_ttl); 
+		} 
+		else 
+		{ 
+			return false; 
+		} 
+	}
+
+	// Other query methods
+	//
+	// NOTE :: Want to remove _ALL_ reliance on sql_numrows from core code ...
+	//         don't want this here by a middle Milestone
+	function sql_numrows($query_id = false)
+	{
+		if (!$query_id)
+		{
+			$query_id = $this->query_result;
+		}
+
+		return ($query_id) ? @mysqli_num_rows($query_id) : false;
+	}
+
+	function sql_affectedrows()
+	{
+		return ($this->db_connect_id) ? @mysqli_affected_rows($this->db_connect_id) : false;
+	}
+
+	function sql_fetchrow($query_id = false)
+	{
+		global $cache;
+
+		if (!$query_id)
+		{
+			$query_id = $this->query_result;
+		}
+
+		if (!is_object($query_id) && isset($cache->sql_rowset[$query_id]))
+		{
+			return $cache->sql_fetchrow($query_id);
+		}
+
+		return ($query_id) ? @mysqli_fetch_assoc($query_id) : false;
+	}
+
+	function sql_fetchrowset($query_id = false)
+	{
+		if (!$query_id)
+		{
+			$query_id = $this->query_result;
+		}
+
+		if ($query_id)
+		{
+			$cur_index = (is_object($query_id)) ? $query_id->cur_index : $query_id;
+
+			unset($this->rowset[$cur_index]);
+			unset($this->row[$cur_index]);
+			
+			$result = array();
+			while ($this->rowset[$cur_index] = $this->sql_fetchrow($query_id))
+			{
+				$result[] = $this->rowset[$cur_index];
+			}
+			return $result;
+		}
+
+		return false;
+	}
+
+	function sql_fetchfield($field, $rownum = -1, $query_id = false)
+	{
+		if (!$query_id)
+		{
+			$query_id = $this->query_result;
+		}
+
+		if ($query_id)
+		{
+			if ($rownum > -1)
+			{
+				@mysqli_data_seek($query_id, $rownum);
+				$row = @mysqli_fetch_assoc($query_id);
+				$result = isset($row[$field]) ? $row[$field] : false;
+			}
+			else
+			{
+				$cur_index = (is_object($query_id)) ? $query_id->cur_index : $query_id;
+	
+				if (empty($this->row[$cur_index]) && empty($this->rowset[$cur_index]))
+				{
+					if ($this->row[$cur_index] = $this->sql_fetchrow($query_id))
+					{
+						$result = $this->row[$cur_index][$field];
+					}
+				}
+				else
+				{
+					if ($this->rowset[$cur_index])
+					{
+						$result = $this->rowset[$cur_index][$field];
+					}
+					elseif ($this->row[$cur_index])
+					{
+						$result = $this->row[$cur_index][$field];
+					}
+				}
+			}
+			return $result;
+		}
+		return false;
+	}
+
+	function sql_rowseek($rownum, $query_id = false)
+	{
+		if (!$query_id)
+		{
+			$query_id = $this->query_result;
+		}
+
+		return ($query_id) ? @mysqli_data_seek($query_id, $rownum) : false;
+	}
+
+	function sql_nextid()
+	{
+		return ($this->db_connect_id) ? @mysqli_insert_id($this->db_connect_id) : false;
+	}
+
+	function sql_freeresult($query_id = false)
+	{
+		if (!$query_id)
+		{
+			$query_id = $this->query_result;
+		}
+
+		$cur_index = (is_object($query_id)) ? $query_id->cur_index : $query_id;
+
+		unset($this->rowset[$cur_index]);
+		unset($this->row[$cur_index]);
+
+		if (is_object($query_id))
+		{
+			$this->indexed--;
+			return @mysqli_free_result($query_id);
+		}
+		else
+		{
+			return false;
+		}
+	}
+
+	function sql_escape($msg)
+	{
+		return @mysqli_real_escape_string($this->db_connect_id, $msg);
+	}
+	
+	function db_sql_error()
+	{
+		return array(
+			'message'	=> @mysqli_error($this->db_connect_id),
+			'code'		=> @mysqli_errno($this->db_connect_id)
+		);
+	}
+
+	function _sql_report($mode, $query = '')
+	{
+		global $cache, $starttime, $phpbb_root_path;
+		static $curtime, $query_hold, $html_hold;
+		static $sql_report = '';
+		static $cache_num_queries = 0;
+
+		switch ($mode)
+		{
+			case 'start':
+				$query_hold = $query;
+				$html_hold = '';
+
+				$explain_query = $query;
+				if (preg_match('/UPDATE ([a-z0-9_]+).*?WHERE(.*)/s', $query, $m))
+				{
+					$explain_query = 'SELECT * FROM ' . $m[1] . ' WHERE ' . $m[2];
+				}
+				elseif (preg_match('/DELETE FROM ([a-z0-9_]+).*?WHERE(.*)/s', $query, $m))
+				{
+					$explain_query = 'SELECT * FROM ' . $m[1] . ' WHERE ' . $m[2];
+				}
+
+				if (preg_match('/^SELECT/', $explain_query))
+				{
+					$html_table = FALSE;
+
+					if ($result = @mysqli_query($this->db_connect_id, "EXPLAIN $explain_query"))
+					{
+						while ($row = @mysqli_fetch_assoc($result))
+						{
+							if (!$html_table && sizeof($row))
+							{
+								$html_table = TRUE;
+								$html_hold .= '<table class="bg" width="100%" cellspacing="1" cellpadding="4" border="0" align="center"><tr>';
+								
+								foreach (array_keys($row) as $val)
+								{
+									$html_hold .= '<th nowrap="nowrap">' . (($val) ? ucwords(str_replace('_', ' ', $val)) : '&nbsp;') . '</th>';
+								}
+								$html_hold .= '</tr>';
+							}
+							$html_hold .= '<tr>';
+
+							$class = 'row1';
+							foreach (array_values($row) as $val)
+							{
+								$class = ($class == 'row1') ? 'row2' : 'row1';
+								$html_hold .= '<td class="' . $class . '">' . (($val) ? $val : '&nbsp;') . '</td>';
+							}
+							$html_hold .= '</tr>';
+						}
+					}
+
+					if ($html_table)
+					{
+						$html_hold .= '</table>';
+					}
+				}
+
+				$curtime = explode(' ', microtime());
+				$curtime = $curtime[0] + $curtime[1];
+				break;
+
+			case 'fromcache':
+				$endtime = explode(' ', microtime());
+				$endtime = $endtime[0] + $endtime[1];
+
+				$result = @mysqli_query($this->db_connect_id, $query);
+				while ($void = @mysqli_fetch_assoc($result))
+				{
+					// Take the time spent on parsing rows into account
+				}
+				$splittime = explode(' ', microtime());
+				$splittime = $splittime[0] + $splittime[1];
+
+				$time_cache = $endtime - $curtime;
+				$time_db = $splittime - $endtime;
+				$color = ($time_db > $time_cache) ? 'green' : 'red';
+
+				$sql_report .= '<hr width="100%"/><br /><table class="bg" width="100%" cellspacing="1" cellpadding="4" border="0"><tr><th>Query results obtained from the cache</th></tr><tr><td class="row1"><textarea style="font-family:\'Courier New\',monospace;width:100%" rows="5">' . preg_replace('/\t(AND|OR)(\W)/', "\$1\$2", htmlspecialchars(preg_replace('/[\s]*[\n\r\t]+[\n\r\s\t]*/', "\n", $query))) . '</textarea></td></tr></table><p align="center">';
+
+				$sql_report .= 'Before: ' . sprintf('%.5f', $curtime - $starttime) . 's | After: ' . sprintf('%.5f', $endtime - $starttime) . 's | Elapsed [cache]: <b style="color: ' . $color . '">' . sprintf('%.5f', ($time_cache)) . 's</b> | Elapsed [db]: <b>' . sprintf('%.5f', $time_db) . 's</b></p>';
+
+				// Pad the start time to not interfere with page timing
+				$starttime += $time_db;
+
+				@mysqli_free_result($result);
+				$cache_num_queries++;
+				break;
+		}
+	}
+}
+
+} // if ... define
+
+?>

phpBB/includes/db/oracle.php

@@ -1,67 +1,40 @@
 <?php
-/***************************************************************************
- *                                oracle.php
- *                            -------------------
- *   begin                : Thrusday Feb 15, 2001
- *   copyright            : (C) 2001 The phpBB Group
- *   email                : support@phpbb.com
- *
- *   $Id$
- *
- ***************************************************************************/
+/** 
+*
+* @package dbal
+* @version $Id$
+* @copyright (c) 2005 phpBB Group 
+* @license http://opensource.org/licenses/gpl-license.php GNU Public License 
+*
+*/
 
-/***************************************************************************
- *
- *   This program is free software; you can redistribute it and/or modify
- *   it under the terms of the GNU General Public License as published by
- *   the Free Software Foundation; either version 2 of the License, or
- *   (at your option) any later version.
- *
- ***************************************************************************/
-
-if(!defined("SQL_LAYER"))
+/**
+* @ignore
+*/
+if(!defined('SQL_LAYER'))
 {
 
-define("SQL_LAYER","oracle");
+	define('SQL_LAYER', 'oracle');
+	include($phpbb_root_path . 'includes/db/dbal.' . $phpEx);
 
-class sql_db
+/**
+* @package dbal
+* Oracle Database Abstraction Layer
+*/
+class dbal_oracle extends dbal
 {
+	var $last_query_text = '';
 
-	var $db_connect_id;
-	var $query_result;
-	var $in_transaction = 0;
-	var $row = array();
-	var $rowset = array();
-	var $num_queries = 0;
-	var $last_query_text = "";
-
-	//
-	// Constructor
-	//
-	function sql_db($sqlserver, $sqluser, $sqlpassword, $database="", $persistency = true)
+	function sql_connect($sqlserver, $sqluser, $sqlpassword, $database, $port = false, $persistency = false)
 	{
 		$this->persistency = $persistency;
 		$this->user = $sqluser;
-		$this->password = $sqlpassword;
-		$this->server = $sqlserver;
+		$this->server = $sqlserver . (($port) ? ':' . $port : '');
 		$this->dbname = $database;
+		
+		$this->db_connect_id = ($this->persistency) ? @ociplogon($this->user, $sqlpassword, $this->server) : @ocinlogon($this->user, $sqlpassword, $this->server);
 
-		if($this->persistency)
-		{
-			$this->db_connect_id = @OCIPLogon($this->user, $this->password, $this->server);
-		}
-		else
-		{
-			$this->db_connect_id = @OCINLogon($this->user, $this->password, $this->server);
-		}
-		if($this->db_connect_id)
-		{
-			return $this->db_connect_id;
-		}
-		else
-		{
-			return false;
-		}
+		return ($this->db_connect_id) ? $this->db_connect_id : $this->sql_error('');
 	}
 
 	//
@@ -69,320 +42,308 @@ class sql_db
 	//
 	function sql_close()
 	{
-		if($this->db_connect_id)
-		{
-			// Commit outstanding transactions
-			if($this->in_transaction)
-			{
-				OCICommit($this->db_connect_id);
-			}
-
-			if($this->query_result)
-			{
-				@OCIFreeStatement($this->query_result);
-			}
-			$result = @OCILogoff($this->db_connect_id);
-			return $result;
-		}
-		else
+		if (!$this->db_connect_id)
 		{
 			return false;
 		}
+
+		if ($this->transaction)
+		{
+			@ocicommit($this->db_connect_id);
+		}
+
+		if (sizeof($this->open_queries))
+		{
+			foreach ($this->open_queries as $i_query_id => $query_id)
+			{
+				@ocifreestatement($query_id);
+			}
+		}
+
+		return @ocilogoff($this->db_connect_id);
 	}
 
-	//
-	// Base query method
-	//
-	function sql_query($query = "", $transaction = FALSE)
+	function sql_transaction($status = 'begin')
 	{
-		// Remove any pre-existing queries
-		unset($this->query_result);
-
-		// Put us in transaction mode because with Oracle as soon as you make a query you're in a transaction
-		$this->in_transaction = TRUE;
-
-		if($query != "")
+		switch ($status)
 		{
-			$this->last_query = $query;
-			$this->num_queries++;
+			case 'begin':
+				$result = true;
+				$this->transaction = true;
+				break;
 
-			if(eregi("LIMIT", $query))
-			{
-				preg_match("/^(.*)LIMIT ([0-9]+)[, ]*([0-9]+)*/s", $query, $limits);
+			case 'commit':
+				$result = @ocicommit($this->db_connect_id);
+				$this->transaction = false;
 
-				$query = $limits[1];
-				if($limits[3])
+				if (!$result)
 				{
-					$row_offset = $limits[2];
-					$num_rows = $limits[3];
+					@ocirollback($this->db_connect_id);
+				}
+				break;
+
+			case 'rollback':
+				$result = @ocirollback($this->db_connect_id);
+				$this->transaction = false;
+				break;
+
+			default:
+				$result = true;
+		}
+
+		return $result;
+	}
+
+	// Base query method
+	function sql_query($query = '', $cache_ttl = 0)
+	{
+		if ($query != '')
+		{
+			global $cache;
+
+			// EXPLAIN only in extra debug mode
+			if (defined('DEBUG_EXTRA'))
+			{
+				$this->sql_report('start', $query);
+			}
+		
+			$this->last_query_text = $query;
+			$this->query_result = ($cache_ttl && method_exists($cache, 'sql_load')) ? $cache->sql_load($query) : false;
+			
+			if (!$this->query_result)
+			{
+				$this->num_queries++;
+
+				$in_transaction = false;
+				if (!$this->transaction)
+				{
+					$this->sql_transaction('begin');
 				}
 				else
 				{
-					$row_offset = 0;
-					$num_rows = $limits[2];
+					$in_transaction = true;
+				}
+
+				$this->query_result = @ociparse($this->db_connect_id, $query);
+				$success = @ociexecute($this->query_result, OCI_DEFAULT);
+
+				if (!$success)
+				{
+					$this->sql_error($query);
+					$this->query_result = false;
+				}
+				else
+				{
+					if (!$in_transaction)
+					{
+						$this->sql_transaction('commit');
+					}
+				}
+				
+				if (defined('DEBUG_EXTRA'))
+				{
+					$this->sql_report('stop', $query);
+				}
+
+				if ($cache_ttl && method_exists($cache, 'sql_save'))
+				{
+					$this->open_queries[(int) $this->query_result] = $this->query_result;
+					$cache->sql_save($query, $this->query_result, $cache_ttl);
+				}
+				else if (strpos($query, 'SELECT') !== false && $this->query_result)
+				{
+					$this->open_queries[(int) $this->query_result] = $this->query_result;
 				}
 			}
-
-			if(eregi("^(INSERT|UPDATE) ", $query))
+			else if (defined('DEBUG_EXTRA'))
 			{
-				$query = preg_replace("/\\\'/s", "''", $query);
+				$this->sql_report('fromcache', $query);
 			}
-
-			$this->query_result = @OCIParse($this->db_connect_id, $query);
-			$success = @OCIExecute($this->query_result, OCI_DEFAULT);
-		}
-		if($success)
-		{
-			if($transaction == END_TRANSACTION)
-			{
-				OCICommit($this->db_connect_id);
-				$this->in_transaction = FALSE;
-			}
-
-			unset($this->row[$this->query_result]);
-			unset($this->rowset[$this->query_result]);
-			$this->last_query_text[$this->query_result] = $query;
-
-			return $this->query_result;
 		}
 		else
 		{
-			if($this->in_transaction)
-			{
-				OCIRollback($this->db_connect_id);
-			}
 			return false;
 		}
+
+		return ($this->query_result) ? $this->query_result : false;
+	}
+
+	function sql_query_limit($query, $total, $offset = 0, $cache_ttl = 0) 
+	{ 
+		if ($query != '') 
+		{
+			$this->query_result = false; 
+
+			$query = 'SELECT * FROM (SELECT /*+ FIRST_ROWS */ rownum AS xrownum, a.* FROM (' . $query . ') a WHERE rownum <= ' . ($offset + $total) . ') WHERE xrownum >= ' . $offset;
+
+			return $this->sql_query($query, $cache_ttl); 
+		} 
+		else 
+		{ 
+			return false; 
+		} 
 	}
 
-	//
 	// Other query methods
 	//
-	function sql_numrows($query_id = 0)
+	// NOTE :: Want to remove _ALL_ reliance on sql_numrows from core code ...
+	//         don't want this here by a middle Milestone
+	function sql_numrows($query_id = false)
 	{
-		if(!$query_id)
+		if (!$query_id)
 		{
 			$query_id = $this->query_result;
 		}
-		if($query_id)
-		{
-			$result = @OCIFetchStatement($query_id, $this->rowset);
-			// OCIFetchStatment kills our query result so we have to execute the statment again
-			// if we ever want to use the query_id again.
-			@OCIExecute($query_id, OCI_DEFAULT);
-			return $result;
-		}
-		else
-		{
-			return false;
-		}
-	}
-	function sql_affectedrows($query_id = 0)
-	{
-		if(!$query_id)
-		{
-			$query_id = $this->query_result;
-		}
-		if($query_id)
-		{
-			$result = @OCIRowCount($query_id);
-			return $result;
-		}
-		else
-		{
-			return false;
-		}
-	}
-	function sql_numfields($query_id = 0)
-	{
-		if(!$query_id)
-		{
-			$query_id = $this->query_result;
-		}
-		if($query_id)
-		{
-			$result = @OCINumCols($query_id);
-			return $result;
-		}
-		else
-		{
-			return false;
-		}
-	}
-	function sql_fieldname($offset, $query_id = 0)
-	{
-		// OCIColumnName uses a 1 based array so we have to up the offset by 1 in here to maintain
-		// full abstraction compatibitly
-		$offset += 1;
-		if(!$query_id)
-		{
-			$query_id = $this->query_result;
-		}
-		if($query_id)
-		{
-			$result = strtolower(@OCIColumnName($query_id, $offset));
-			return $result;
-		}
-		else
-		{
-			return false;
-		}
-	}
-	function sql_fieldtype($offset, $query_id = 0)
-	{
-		// This situation is the same as fieldname
-		$offset += 1;
-		if(!$query_id)
-		{
-			$query_id = $this->query_result;
-		}
-		if($query_id)
-		{
-			$result = @OCIColumnType($query_id, $offset);
-			return $result;
-		}
-		else
-		{
-			return false;
-		}
-	}
-	function sql_fetchrow($query_id = 0, $debug = FALSE)
-	{
-		if(!$query_id)
-		{
-			$query_id = $this->query_result;
-		}
-		if($query_id)
-		{
-			$result_row = "";
-			$result = @OCIFetchInto($query_id, $result_row, OCI_ASSOC+OCI_RETURN_NULLS);
-			if($debug)
-			{
-				echo "Query was: ".$this->last_query . "<br>";
-				echo "Result: $result<br>";
-				echo "Query ID: $query_id<br>";
-				echo "<pre>";
-				var_dump($result_row);
-				echo "</pre>";
-			}
-			if($result_row == "")
-			{
-				return false;
-			}
 
-			for($i = 0; $i < count($result_row); $i++)
-			{
-				list($key, $val) = each($result_row);
-				$return_arr[strtolower($key)] = $val;
-			}
-			$this->row[$query_id] = $return_arr;
+		$result = @ocifetchstatement($query_id, $this->rowset);
+		// OCIFetchStatment kills our query result so we have to execute the statment again
+		// if we ever want to use the query_id again.
+		@ociexecute($query_id, OCI_DEFAULT);
 
-			return $this->row[$query_id];
-		}
-		else
-		{
-			return false;
-		}
+		return $result;
 	}
-	// This function probably isn't as efficant is it could be but any other way I do it
-	// I end up losing 1 row...
-	function sql_fetchrowset($query_id = 0)
+
+	function sql_affectedrows()
 	{
-		if(!$query_id)
+		$query_id = $this->query_result;
+
+		return ($query_id) ? @ocirowcount($query_id) : false;
+	}
+
+	function sql_fetchrow($query_id = false)
+	{
+		global $cache;
+
+		if (!$query_id)
 		{
 			$query_id = $this->query_result;
 		}
-		if($query_id)
-		{
-			$rows = @OCIFetchStatement($query_id, $results);
-			@OCIExecute($query_id, OCI_DEFAULT);
-			for($i = 0; $i <= $rows; $i++)
-			{
-				@OCIFetchInto($query_id, $tmp_result, OCI_ASSOC+OCI_RETURN_NULLS);
 
-				for($j = 0; $j < count($tmp_result); $j++)
-				{
-					list($key, $val) = each($tmp_result);
-					$return_arr[strtolower($key)] = $val;
-				}
-				$result[] = $return_arr;
+		if (isset($cache->sql_rowset[$query_id]))
+		{
+			return $cache->sql_fetchrow($query_id);
+		}
+		
+		$row = array();
+		$result = @ocifetchinto($query_id, $row, OCI_ASSOC + OCI_RETURN_NULLS);
+
+		if (!$result || !$row)
+		{
+			return false;
+		}
+
+		$result_row = array();
+		foreach ($row as $key => $value)
+		{
+			// OCI->CLOB?
+			if (is_object($value))
+			{
+				$value = ($value->size()) ? $value->read($value->size()) : '';
+			}
+			
+			$result_row[strtolower($key)] = $value;
+		}
+		$this->row[$query_id] = $result_row;
+
+		return $this->row[$query_id];
+	}
+
+	function sql_fetchrowset($query_id = false)
+	{
+		if (!$query_id)
+		{
+			$query_id = $this->query_result;
+		}
+
+		if ($query_id)
+		{
+			unset($this->rowset[$query_id]);
+			unset($this->row[$query_id]);
+
+			$result = array();
+			while ($this->rowset[$query_id] = $this->sql_fetchrow($query_id))
+			{
+				$result[] = $this->rowset[$query_id];
 			}
 			return $result;
 		}
-		else
-		{
-			return false;
-		}
+		
+		return false;
 	}
-	function sql_fetchfield($field, $rownum = -1, $query_id = 0)
+
+	function sql_fetchfield($field, $rownum = -1, $query_id = false)
 	{
-		if(!$query_id)
+		if (!$query_id)
 		{
 			$query_id = $this->query_result;
 		}
-		if($query_id)
+
+		if ($query_id)
 		{
-			if($rownum > -1)
+			if ($rownum > -1)
 			{
 				// Reset the internal rownum pointer.
-				@OCIExecute($query_id, OCI_DEFAULT);
-				for($i = 0; $i < $rownum; $i++)
-				  {
-						// Move the interal pointer to the row we want
-						@OCIFetch($query_id);
-				  }
+				@ociexecute($query_id, OCI_DEFAULT);
+				for ($i = 0; $i < $rownum; $i++)
+				{
+					// Move the interal pointer to the row we want
+					@ocifetch($query_id);
+				}
+				
 				// Get the field data.
-				$result = @OCIResult($query_id, strtoupper($field));
+				$result = @ociresult($query_id, strtoupper($field));
 			}
 			else
 			{
 				// The internal pointer should be where we want it
 				// so we just grab the field out of the current row.
-				$result = @OCIResult($query_id, strtoupper($field));
+				$result = @ociresult($query_id, strtoupper($field));
 			}
+
 			return $result;
 		}
-		else
-		{
-			return false;
-		}
+		
+		return false;
 	}
-	function sql_rowseek($rownum, $query_id = 0)
+
+	function sql_rowseek($rownum, $query_id = false)
 	{
-		if(!$query_id)
-		{
-				$query_id = $this->query_result;
-		}
-		if($query_id)
-		{
-				@OCIExecute($query_id, OCI_DEFAULT);
-			for($i = 0; $i < $rownum; $i++)
-				{
-					@OCIFetch($query_id);
-				}
-			$result = @OCIFetch($query_id);
-			return $result;
-		}
-		else
-		{
-				return false;
-		}
-	}
-	function sql_nextid($query_id = 0)
-	{
-		if(!$query_id)
+		if (!$query_id)
 		{
 			$query_id = $this->query_result;
 		}
-		if($query_id && $this->last_query_text[$query_id] != "")
+
+		if ($query_id)
 		{
-			if( eregi("^(INSERT{1}|^INSERT INTO{1})[[:space:]][\"]?([a-zA-Z0-9\_\-]+)[\"]?", $this->last_query_text[$query_id], $tablename))
+			@ociexecute($query_id, OCI_DEFAULT);
+
+			for ($i = 0; $i < $rownum; $i++)
 			{
-				$query = "SELECT ".$tablename[2]."_id_seq.currval FROM DUAL";
-				$stmt = @OCIParse($this->db_connect_id, $query);
-				@OCIExecute($stmt,OCI_DEFAULT );
-				$temp_result = @OCIFetchInto($stmt, $temp_result, OCI_ASSOC+OCI_RETURN_NULLS);
-				if($temp_result)
+				@ocifetch($query_id);
+			}
+			$result = @ocifetch($query_id);
+
+			return $result;
+		}
+		
+		return false;
+	}
+
+	function sql_nextid()
+	{
+		$query_id = $this->query_result;
+
+		if ($query_id && $this->last_query_text != '')
+		{
+			if (preg_match('#^INSERT[\t\n ]+INTO[\t\n ]+([a-z0-9\_\-]+)#is', $this->last_query_text, $tablename))
+			{
+				$query = 'SELECT ' . $tablename[1] . '_id_seq.currval FROM DUAL';
+				$stmt = @ociparse($this->db_connect_id, $query);
+				@ociexecute($stmt,OCI_DEFAULT );
+
+				$temp_result = @ocifetchinto($stmt, $temp_result, OCI_ASSOC + OCI_RETURN_NULLS);
+
+				if ($temp_result)
 				{
 					return $temp_result['CURRVAL'];
 				}
@@ -391,81 +352,101 @@ class sql_db
 					return false;
 				}
 			}
-			else
-			{
-				return false;
-			}
-		}
-		else
-		{
-			return false;
 		}
+
+		return false;
 	}
 
-	function sql_nextid($query_id = 0)
+	function sql_freeresult($query_id = false)
 	{
-		if(!$query_id)
+		if (!$query_id)
 		{
 			$query_id = $this->query_result;
 		}
-		if($query_id && $this->last_query_text[$query_id] != "")
-		{
-			if( eregi("^(INSERT{1}|^INSERT INTO{1})[[:space:]][\"]?([a-zA-Z0-9\_\-]+)[\"]?", $this->last_query_text[$query_id], $tablename))
-			{
-				$query = "SELECT ".$tablename[2]."_id_seq.CURRVAL FROM DUAL";
-				$temp_q_id =  @OCIParse($this->db_connect_id, $query);
-				@OCIExecute($temp_q_id, OCI_DEFAULT);
-				@OCIFetchInto($temp_q_id, $temp_result, OCI_ASSOC+OCI_RETURN_NULLS);
 
-				if($temp_result)
-				{
-					return $temp_result['CURRVAL'];
-				}
-				else
-				{
-					return false;
-				}
-			}
-			else
-			{
-				return false;
-			}
+		if (isset($this->open_queries[(int) $query_id]))
+		{
+			unset($this->open_queries[(int) $query_id]);
+			return @ocifreestatement($query_id);
+		}
+
+		return false;
+	}
+
+	function sql_escape($msg)
+	{
+		return str_replace("'", "''", str_replace('\\', '\\\\', $msg));
+	}
+
+	function db_sql_error()
+	{
+		$error = @ocierror();
+		$error = (!$error) ? @ocierror($this->query_result) : $error;
+		$error = (!$error) ? @ocierror($this->db_connect_id) : $error;
+
+		if ($error)
+		{
+			$this->last_error_result = $error;
 		}
 		else
 		{
-			return false;
+			$error = (isset($this->last_error_result) && $this->last_error_result) ? $this->last_error_result : array();
 		}
+
+		return $error;
 	}
 
-
-
-	function sql_freeresult($query_id = 0)
+	function _sql_report($mode, $query = '')
 	{
-		if(!$query_id)
+		global $cache, $starttime, $phpbb_root_path;
+		static $curtime, $query_hold, $html_hold;
+		static $sql_report = '';
+		static $cache_num_queries = 0;
+
+		switch ($mode)
 		{
-				$query_id = $this->query_result;
+			case 'start':
+				$query_hold = $query;
+				$html_hold = '';
+
+				$curtime = explode(' ', microtime());
+				$curtime = $curtime[0] + $curtime[1];
+				break;
+
+			case 'fromcache':
+				$endtime = explode(' ', microtime());
+				$endtime = $endtime[0] + $endtime[1];
+
+				$result = @ociparse($this->db_connect_id, $query);
+				$success = @ociexecute($result, OCI_DEFAULT);
+				$row = array();
+
+				while ($void = @ocifetchinto($query_id, $row, OCI_ASSOC + OCI_RETURN_NULLS))
+				{
+					// Take the time spent on parsing rows into account
+				}
+				$splittime = explode(' ', microtime());
+				$splittime = $splittime[0] + $splittime[1];
+
+				$time_cache = $endtime - $curtime;
+				$time_db = $splittime - $endtime;
+				$color = ($time_db > $time_cache) ? 'green' : 'red';
+
+				$sql_report .= '<hr width="100%"/><br /><table class="bg" width="100%" cellspacing="1" cellpadding="4" border="0"><tr><th>Query results obtained from the cache</th></tr><tr><td class="row1"><textarea style="font-family:\'Courier New\',monospace;width:100%" rows="5">' . preg_replace('/\t(AND|OR)(\W)/', "\$1\$2", htmlspecialchars(preg_replace('/[\s]*[\n\r\t]+[\n\r\s\t]*/', "\n", $query))) . '</textarea></td></tr></table><p align="center">';
+
+				$sql_report .= 'Before: ' . sprintf('%.5f', $curtime - $starttime) . 's | After: ' . sprintf('%.5f', $endtime - $starttime) . 's | Elapsed [cache]: <b style="color: ' . $color . '">' . sprintf('%.5f', ($time_cache)) . 's</b> | Elapsed [db]: <b>' . sprintf('%.5f', $time_db) . 's</b></p>';
+
+				// Pad the start time to not interfere with page timing
+				$starttime += $time_db;
+
+				@ocifreestatement($result);
+				$cache_num_queries++;
+				break;
 		}
-		if($query_id)
-		{
-				$result = @OCIFreeStatement($query_id);
-				return $result;
-		}
-		else
-		{
-				return false;
-		}
-	}
-	function sql_error($query_id  = 0)
-	{
-		if(!$query_id)
-		{
-			$query_id = $this->query_result;
-		}
-		$result  = @OCIError($query_id);
-		return $result;
 	}
 
-} // class sql_db
+
+}
 
 } // if ... define
 

phpBB/includes/db/postgres.php

@@ -1,41 +1,31 @@
 <?php
-  /***************************************************************************
-   *                               postgres7.php
-   *                            -------------------
-   *   begin                : Saturday, Feb 13, 2001
-   *   copyright            : (C) 2001 The phpBB Group
-   *   email                : supportphpbb.com
-   *
-   *   $Id$
-   *
-   ***************************************************************************/
+/** 
+*
+* @package dbal
+* @version $Id$
+* @copyright (c) 2005 phpBB Group 
+* @license http://opensource.org/licenses/gpl-license.php GNU Public License 
+*
+*/
 
-/***************************************************************************
- *
- *   This program is free software; you can redistribute it and/or modify
- *   it under the terms of the GNU General Public License as published by
- *   the Free Software Foundation; either version 2 of the License, or
- *   (at your option) any later version.
- *
- ***************************************************************************/
-
-if (!defined("SQL_LAYER"))
+/**
+* @ignore
+*/
+if (!defined('SQL_LAYER'))
 {
 
-define("SQL_LAYER","postgresql");
+	define('SQL_LAYER', 'postgresql');
+	include($phpbb_root_path . 'includes/db/dbal.' . $phpEx);
 
-class sql_db
+/**
+* @package dbal
+* PostgreSQL Database Abstraction Layer
+* Minimum Requirement is Version 7.3+
+*/
+class dbal_postgres extends dbal
 {
 
-	var $db_connect_id;
-	var $query_result;
-	var $in_transaction = 0;
-	var $row = array();
-	var $rowset = array();
-	var $rownum = array();
-	var $num_queries = 0;
-
-	function sql_connect($sqlserver, $sqluser, $sqlpassword, $database, $persistency = true)
+	function sql_connect($sqlserver, $sqluser, $sqlpassword, $database, $port = false, $persistency = false)
 	{
 		$this->connect_string = '';
 
@@ -62,6 +52,11 @@ class sql_db
 				{
 					$this->connect_string .= "host=$sqlserver ";
 				}
+			
+				if ($port)
+				{
+					$this->connect_string .= "port=$port ";
+				}
 			}
 		}
 
@@ -78,123 +73,130 @@ class sql_db
 		return ($this->db_connect_id) ? $this->db_connect_id : $this->sql_error('');
 	}
 
-	function sql_return_on_error($fail = false)
-	{
-		$this->return_on_error = $fail;
-	}
-
-	function sql_num_queries()
-	{
-		return $this->num_queries;
-	}
-
 	//
 	// Other base methods
 	//
 	function sql_close()
 	{
-		if ($this->db_connect_id)
+		if (!$this->db_connect_id)
 		{
-			//
-			// Commit any remaining transactions
-			//
-			if ($this->in_transaction)
+			return false;
+		}
+
+		if ($this->transaction)
+		{
+			@pg_exec($this->db_connect_id, 'COMMIT');
+		}
+
+		return @pg_close($this->db_connect_id);
+	}
+
+	function sql_transaction($status = 'begin')
+	{
+		switch ($status)
+		{
+			case 'begin':
+				$result = @pg_exec($this->db_connect_id, 'BEGIN');
+				$this->transaction = true;
+				break;
+
+			case 'commit':
+				$result = @pg_exec($this->db_connect_id, 'COMMIT');
+				$this->transaction = false;
+
+				if (!$result)
+				{
+					@pg_exec($this->db_connect_id, 'ROLLBACK');
+				}
+				break;
+
+			case 'rollback':
+				$result = @pg_exec($this->db_connect_id, 'ROLLBACK');
+				$this->transaction = false;
+				break;
+
+			default:
+				$result = true;
+		}
+
+		return $result;
+	}
+
+	// Base query method
+	function sql_query($query = '', $cache_ttl = 0)
+	{
+		if ($query != '')
+		{
+			global $cache;
+
+			// EXPLAIN only in extra debug mode
+			if (defined('DEBUG_EXTRA'))
 			{
-				@pg_exec($this->db_connect_id, "COMMIT");
+				$this->sql_report('start', $query);
 			}
 
-			if ($this->query_result)
+			$this->query_result = ($cache_ttl && method_exists($cache, 'sql_load')) ? $cache->sql_load($query) : false;
+			
+			if (!$this->query_result)
 			{
-				@pg_freeresult($this->query_result);
-			}
+				$this->num_queries++;
+				$this->last_query_text = $query;
 
-			return @pg_close($this->db_connect_id);
+				if (($this->query_result = @pg_exec($this->db_connect_id, $query)) === false)
+				{
+					$this->sql_error($query);
+				}
+
+				if (defined('DEBUG_EXTRA'))
+				{
+					$this->sql_report('stop', $query);
+				}
+
+				if ($cache_ttl && method_exists($cache, 'sql_save'))
+				{
+					$cache->sql_save($query, $this->query_result, $cache_ttl);
+				}
+			}
+			else if (defined('DEBUG_EXTRA'))
+			{
+				$this->sql_report('fromcache', $query);
+			}
 		}
 		else
 		{
 			return false;
 		}
+
+		return ($this->query_result) ? $this->query_result : false;
 	}
 
-	//
-	// Query method
-	//
-	function sql_query($query = "", $transaction = false)
-	{
-		//
-		// Remove any pre-existing queries
-		//
-		unset($this->query_result);
-		if ($query != "")
+	function sql_query_limit($query, $total, $offset = 0, $cache_ttl = 0) 
+	{ 
+		if ($query != '') 
 		{
-			$this->num_queries++;
+			$this->query_result = false; 
 
-			$query = preg_replace("/LIMIT ([0-9]+),([ 0-9]+)/", "LIMIT \\2 OFFSET \\1", $query);
-
-			if ($transaction == BEGIN_TRANSACTION && !$this->in_transaction)
+			// if $total is set to 0 we do not want to limit the number of rows
+			if ($total == 0)
 			{
-				$this->in_transaction = TRUE;
-
-				if (!@pg_exec($this->db_connect_id, "BEGIN"))
-				{
-					return false;
-				}
+				$total = -1;
 			}
 
-			$this->query_result = @pg_exec($this->db_connect_id, $query);
-			if ($this->query_result)
-			{
-				if ($transaction == END_TRANSACTION)
-				{
-					$this->in_transaction = FALSE;
+			$query .= "\n LIMIT $total OFFSET $offset";
 
-					if (!@pg_exec($this->db_connect_id, "COMMIT"))
-					{
-						@pg_exec($this->db_connect_id, "ROLLBACK");
-						return false;
-					}
-				}
-
-				$this->last_query_text[$this->query_result] = $query;
-				$this->rownum[$this->query_result] = 0;
-
-				unset($this->row[$this->query_result]);
-				unset($this->rowset[$this->query_result]);
-
-				return $this->query_result;
-			}
-			else
-			{
-				if ($this->in_transaction)
-				{
-					@pg_exec($this->db_connect_id, "ROLLBACK");
-				}
-				$this->in_transaction = FALSE;
-
-				return false;
-			}
-		}
-		else
-		{
-			if ($transaction == END_TRANSACTION && $this->in_transaction)
-			{
-				$this->in_transaction = FALSE;
-
-				if (!@pg_exec($this->db_connect_id, "COMMIT"))
-				{
-					@pg_exec($this->db_connect_id, "ROLLBACK");
-					return false;
-				}
-			}
-
-			return true;
-		}
+			return $this->sql_query($query, $cache_ttl); 
+		} 
+		else 
+		{ 
+			return false; 
+		} 
 	}
 
-	//
 	// Other query methods
 	//
-	function sql_numrows($query_id = 0)
+	// NOTE :: Want to remove _ALL_ reliance on sql_numrows from core code ...
+	//         don't want this here by a middle Milestone
+	function sql_numrows($query_id = false)
 	{
 		if (!$query_id)
 		{
@@ -204,95 +206,122 @@ class sql_db
 		return ($query_id) ? @pg_numrows($query_id) : false;
 	}
 
-	function sql_numfields($query_id = 0)
+	function sql_affectedrows($query_id = false)
 	{
 		if (!$query_id)
 		{
 			$query_id = $this->query_result;
 		}
 
-		return ($query_id) ? @pg_numfields($query_id) : false;
+		return ($query_id) ? @pg_cmdtuples($query_id) : false;
 	}
 
-	function sql_fieldname($offset, $query_id = 0)
+	function sql_fetchrow($query_id = false)
 	{
+		global $cache;
+
 		if (!$query_id)
 		{
 			$query_id = $this->query_result;
 		}
 
-		return ($query_id) ? @pg_fieldname($query_id, $offset) : false;
+		if (!isset($this->rownum[$query_id]))
+		{
+			$this->rownum[$query_id] = 0;
+		}
+
+		if (isset($cache->sql_rowset[$query_id]))
+		{
+			return $cache->sql_fetchrow($query_id);
+		}
+
+		$result = @pg_fetch_array($query_id, NULL, PGSQL_ASSOC);
+		
+		if ($result)
+		{
+			$this->rownum[$query_id]++;
+		}
+
+		return $result;
 	}
 
-	function sql_fieldtype($offset, $query_id = 0)
+	function sql_fetchrowset($query_id = false)
 	{
 		if (!$query_id)
 		{
 			$query_id = $this->query_result;
 		}
 
-		return ($query_id) ? @pg_fieldtype($query_id, $offset) : false;
-	}
-
-	function sql_fetchrow($query_id = 0)
-	{
-		if (!$query_id)
-		{
-			$query_id = $this->query_result;
-		}
-
-		if ($query_id)
-		{
-			$this->row = @pg_fetch_array($query_id, $this->rownum[$query_id]);
-
-			if ($this->row)
-			{
-				$this->rownum[$query_id]++;
-				return $this->row;
-			}
-		}
-
-		return false;
-	}
-
-	function sql_fetchrowset($query_id = 0)
-	{
-		if (!$query_id)
-		{
-			$query_id = $this->query_result;
-		}
+		$result = array();
 
 		if ($query_id)
 		{
 			unset($this->rowset[$query_id]);
 			unset($this->row[$query_id]);
-			$this->rownum[$query_id] = 0;
 
-			while($this->rowset = @pg_fetch_array($query_id, $this->rownum[$query_id], PGSQL_ASSOC))
+			$result = array();
+			while ($this->rowset[$query_id] = $this->sql_fetchrow($query_id))
 			{
-				$result[] = $this->rowset;
-				$this->rownum[$query_id]++;
+				$result[] = $this->rowset[$query_id];
 			}
-
 			return $result;
 		}
 
 		return false;
 	}
 
-	function sql_fetchfield($field, $row_offset=-1, $query_id = 0)
+	function sql_fetchfield($field, $rownum = -1, $query_id = false)
 	{
 		if (!$query_id)
 		{
 			$query_id = $this->query_result;
 		}
 
+		if ($query_id)
+		{
+			if ($rownum > -1)
+			{
+				if (@function_exists('pg_result_seek'))
+				{
+					@pg_result_seek($query_id, $rownum);
+					$row = @pg_fetch_assoc($query_id);
+					$result = isset($row[$field]) ? $row[$field] : false;
+				}
+				else
+				{
+					$this->sql_rowseek($offset, $query_id);
+					$row = $this->sql_fetchrow($query_id);
+					$result = isset($row[$field]) ? $row[$field] : false;
+				}
+			}
+			else
+			{
+				if (empty($this->row[$query_id]) && empty($this->rowset[$query_id]))
+				{
+					if ($this->row[$query_id] = $this->sql_fetchrow($query_id))
+					{
+						$result = $this->row[$query_id][$field];
+					}
+				}
+				else
+				{
+					if ($this->rowset[$query_id])
+					{
+						$result = $this->rowset[$query_id][$field];
+					}
+					elseif ($this->row[$query_id])
+					{
+						$result = $this->row[$query_id][$field];
+					}
+				}
+			}
+			return $result;
+		}
 		return false;
 	}
 
-	function sql_rowseek($offset, $query_id = 0)
+	function sql_rowseek($offset, $query_id = false)
 	{
-
 		if (!$query_id)
 		{
 			$query_id = $this->query_result;
@@ -302,7 +331,17 @@ class sql_db
 		{
 			if ($offset > -1)
 			{
-				$this->rownum[$query_id] = $offset;
+				if (@function_exists('pg_result_seek'))
+				{
+					@pg_result_seek($query_id, $rownum);
+				}
+				else
+				{
+					for ($i = $this->rownum[$query_id]; $i < $offset; $i++)
+					{
+						$this->sql_fetchrow($query_id);
+					}
+				}
 				return true;
 			}
 			else
@@ -318,9 +357,9 @@ class sql_db
 	{
 		$query_id = $this->query_result;
 
-		if ($query_id && $this->last_query_text[$query_id] != "")
+		if ($query_id && $this->last_query_text != '')
 		{
-			if (preg_match("/^INSERT[\t\n ]+INTO[\t\n ]+([a-z0-9\_\-]+)/is", $this->last_query_text[$query_id], $tablename))
+			if (preg_match("/^INSERT[\t\n ]+INTO[\t\n ]+([a-z0-9\_\-]+)/is", $this->last_query_text, $tablename))
 			{
 				$query = "SELECT currval('" . $tablename[1] . "_id_seq') AS last_value";
 				$temp_q_id =  @pg_exec($this->db_connect_id, $query);
@@ -329,7 +368,7 @@ class sql_db
 					return false;
 				}
 
-				$temp_result = @pg_fetch_array($temp_q_id, 0, PGSQL_ASSOC);
+				$temp_result = @pg_fetch_array($temp_q_id, NULL, PGSQL_ASSOC);
 
 				return ($temp_result) ? $temp_result['last_value'] : false;
 			}
@@ -338,51 +377,76 @@ class sql_db
 		return false;
 	}
 
-	function sql_affectedrows($query_id = 0)
+	function sql_freeresult($query_id = false)
 	{
 		if (!$query_id)
 		{
 			$query_id = $this->query_result;
 		}
 
-		return ($query_id) ? @pg_cmdtuples($query_id) : false;
+		return (is_resource($query_id)) ? @pg_freeresult($query_id) : false;
 	}
 
-	function sql_freeresult($query_id = 0)
+	function sql_escape($msg)
 	{
-		if (!$query_id)
-		{
-			$query_id = $this->query_result;
-		}
-
-		return ($query_id) ? @pg_freeresult($query_id) : false;
+		return str_replace("'", "''", str_replace('\\', '\\\\', $msg));
 	}
 
-	function sql_error($sql = '')
+	function db_sql_error()
 	{
-		if (!$this->return_on_error)
-		{
-			if ($this->transaction)
-			{
-				$this->sql_transaction('rollback');
-			}
-
-			$this_page = (!empty($_SERVER['PHP_SELF'])) ? $_SERVER['PHP_SELF'] : $_ENV['PHP_SELF'];
-			$this_page .= '&' . ((!empty($_SERVER['QUERY_STRING'])) ? $_SERVER['QUERY_STRING'] : $_ENV['QUERY_STRING']);
-
-			$message = '<u>SQL ERROR</u> [ ' . SQL_LAYER . ' ]<br /><br />' . @pg_errormessage() . '<br /><br /><u>CALLING PAGE</u><br /><br />'  . htmlspecialchars($this_page) . (($sql != '') ? '<br /><br /><u>SQL</u><br /><br />' . $sql : '') . '<br />';
-			trigger_error($message, E_USER_ERROR);
-		}
-
-		$result = array(
+		return array(
 			'message'	=> @pg_errormessage(),
 			'code'		=> ''
 		);
-
-		return $result;
 	}
 
-} // class ... db_sql
+	function _sql_report($mode, $query = '')
+	{
+		global $cache, $starttime, $phpbb_root_path;
+		static $curtime, $query_hold, $html_hold;
+		static $sql_report = '';
+		static $cache_num_queries = 0;
+
+		switch ($mode)
+		{
+			case 'start':
+				$query_hold = $query;
+				$html_hold = '';
+
+				$curtime = explode(' ', microtime());
+				$curtime = $curtime[0] + $curtime[1];
+				break;
+
+			case 'fromcache':
+				$endtime = explode(' ', microtime());
+				$endtime = $endtime[0] + $endtime[1];
+
+				$result = @pg_exec($this->db_connect_id, $query);
+				while ($void = @pg_fetch_array($result, NULL, PGSQL_ASSOC))
+				{
+					// Take the time spent on parsing rows into account
+				}
+				$splittime = explode(' ', microtime());
+				$splittime = $splittime[0] + $splittime[1];
+
+				$time_cache = $endtime - $curtime;
+				$time_db = $splittime - $endtime;
+				$color = ($time_db > $time_cache) ? 'green' : 'red';
+
+				$sql_report .= '<hr width="100%"/><br /><table class="bg" width="100%" cellspacing="1" cellpadding="4" border="0"><tr><th>Query results obtained from the cache</th></tr><tr><td class="row1"><textarea style="font-family:\'Courier New\',monospace;width:100%" rows="5">' . preg_replace('/\t(AND|OR)(\W)/', "\$1\$2", htmlspecialchars(preg_replace('/[\s]*[\n\r\t]+[\n\r\s\t]*/', "\n", $query))) . '</textarea></td></tr></table><p align="center">';
+
+				$sql_report .= 'Before: ' . sprintf('%.5f', $curtime - $starttime) . 's | After: ' . sprintf('%.5f', $endtime - $starttime) . 's | Elapsed [cache]: <b style="color: ' . $color . '">' . sprintf('%.5f', ($time_cache)) . 's</b> | Elapsed [db]: <b>' . sprintf('%.5f', $time_db) . 's</b></p>';
+
+				// Pad the start time to not interfere with page timing
+				$starttime += $time_db;
+
+				@pg_freeresult($result);
+				$cache_num_queries++;
+				break;
+		}
+	}
+
+}
 
 } // if ... defined
 

phpBB/includes/db/sqlite.php

@@ -1,54 +1,50 @@
 <?php
-/***************************************************************************
- *                                 mysql.php
- *                            -------------------
- *   begin                : Saturday, Feb 13, 2001
- *   copyright            : (C) 2001 The phpBB Group
- *   email                : support@phpbb.com
- *
- *   $Id$
- *
- ***************************************************************************/
-
-/***************************************************************************
- *
- *   This program is free software; you can redistribute it and/or modify
- *   it under the terms of the GNU General Public License as published by
- *   the Free Software Foundation; either version 2 of the License, or
- *   (at your option) any later version.
- *
- ***************************************************************************/
+/** 
+*
+* @package dbal
+* @version $Id$
+* @copyright (c) 2005 phpBB Group 
+* @license http://opensource.org/licenses/gpl-license.php GNU Public License 
+*
+*/
 
+/**
+* @ignore
+*/
 if (!defined('SQL_LAYER'))
 {
 
-define('SQL_LAYER', 'sqlite');
+	define('SQL_LAYER', 'sqlite');
+	include($phpbb_root_path . 'includes/db/dbal.' . $phpEx);
 
-class sql_db
+/**
+* @package dbal
+* Sqlite Database Abstraction Layer
+*/
+class dbal_sqlite extends dbal
 {
-	var $db_connect_id;
-	var $query_result;
-	var $return_on_error = false;
-	var $transaction = false;
-	var $sql_report = '';
-	var $sql_time = 0;
-	var $num_queries = 0;
-	var $open_queries = array();
 
-	function sql_connect($sqlserver, $sqluser, $sqlpassword, $database, $port, $persistency = false)
+	function sql_connect($sqlserver, $sqluser, $sqlpassword, $database, $port = false, $persistency = false)
 	{
 		$this->persistency = $persistency;
 		$this->user = $sqluser;
-		$this->password = $sqlpassword;
 		$this->server = $sqlserver . (($port) ? ':' . $port : '');
 		$this->dbname = $database;
 
-		$this->db_connect_id = ($this->persistency) ? @sqlite_popen($this->server, 0, $error) : @sqlite_open($this->server, 0, $error);
+		$error = '';
+		$this->db_connect_id = ($this->persistency) ? @sqlite_popen($this->server, 0666, $error) : @sqlite_open($this->server, 0666, $error);
 
-		return ($this->db_connect_id) ? true : $error;
+		if ($this->db_connect_id)
+		{
+			@sqlite_query('PRAGMA short_column_names = 1', $this->db_connect_id);
+		}
+		
+		return ($this->db_connect_id) ? true : array('message' => $error);
 	}
 
+	//
 	// Other base methods
+	//
 	function sql_close()
 	{
 		if (!$this->db_connect_id)
@@ -59,33 +55,28 @@ class sql_db
 		return @sqlite_close($this->db_connect_id);
 	}
 
-	function sql_return_on_error($fail = false)
-	{
-		$this->return_on_error = $fail;
-	}
-
-	function sql_num_queries()
-	{
-		return $this->num_queries;
-	}
-
 	function sql_transaction($status = 'begin')
 	{
 		switch ($status)
 		{
 			case 'begin':
-				$this->transaction = true;
 				$result = @sqlite_query('BEGIN', $this->db_connect_id);
+				$this->transaction = true;
 				break;
 
 			case 'commit':
-				$this->transaction = false;
 				$result = @sqlite_query('COMMIT', $this->db_connect_id);
+				$this->transaction = false;
+				
+				if (!$result)
+				{
+					@sqlite_query('ROLLBACK', $this->db_connect_id);
+				}
 				break;
 
 			case 'rollback':
-				$this->transaction = false;
 				$result = @sqlite_query('ROLLBACK', $this->db_connect_id);
+				$this->transaction = false;
 				break;
 
 			default:
@@ -96,91 +87,44 @@ class sql_db
 	}
 
 	// Base query method
-	function sql_query($query = '', $expire_time = 0)
+	function sql_query($query = '', $cache_ttl = 0)
 	{
 		if ($query != '')
 		{
 			global $cache;
 
-			$query = preg_replace('#FROM \((.*?)\)(,|[\n\t ]+?WHERE) #s', 'FROM \1\2 ', $query);
+			$query = preg_replace('#FROM \((.*?)\)(,|[\n\r\t ]+?WHERE) #s', 'FROM \1\2 ', $query);
 
-			if (!$expire_time || !$cache->sql_load($query, $expire_time))
+			// EXPLAIN only in extra debug mode
+			if (defined('DEBUG_EXTRA'))
 			{
-				if ($expire_time)
-				{
-					$cache_result = true;
-				}
+				$this->sql_report('start', $query);
+			}
 
-				$this->query_result = false;
+			$this->query_result = ($cache_ttl && method_exists($cache, 'sql_load')) ? $cache->sql_load($query) : false;
+
+			if (!$this->query_result)
+			{
 				$this->num_queries++;
 
-				if (!empty($_GET['explain']))
-				{
-					global $starttime;
-
-					$curtime = explode(' ', microtime());
-					$curtime = $curtime[0] + $curtime[1] - $starttime;
-				}
-
-				if (!($this->query_result = @sqlite_query($query, $this->db_connect_id)))
+				if (($this->query_result = @sqlite_query($query, $this->db_connect_id)) === false)
 				{
 					$this->sql_error($query);
 				}
 
-				if (!empty($_GET['explain']))
+				if (defined('DEBUG_EXTRA'))
 				{
-					$endtime = explode(' ', microtime());
-					$endtime = $endtime[0] + $endtime[1] - $starttime;
-
-					$this->sql_report .= "<pre>Query:\t" . htmlspecialchars(preg_replace('/[\s]*[\n\r\t]+[\n\r\s\t]*/', "\n\t", $query)) . "\n\n";
-
-					if ($this->query_result)
-					{
-						$this->sql_report .= "Time before:  $curtime\nTime after:   $endtime\nElapsed time: <b>" . ($endtime - $curtime) . "</b>\n</pre>";
-					}
-					else
-					{
-						$error = $this->sql_error();
-						$this->sql_report .= '<b>FAILED</b> - SQLite ' . $error['code'] . ': ' . htmlspecialchars($error['message']) . '<br><br><pre>';
-					}
-
-					$this->sql_time += $endtime - $curtime;
-
-					if (preg_match('#^SELECT#', $query))
-					{
-						$html_table = FALSE;
-						if ($result = @sqlite_query("EXPLAIN $query", $this->db_connect_id))
-						{
-							while ($row = @sqlite_fetch_array($result, @sqlite_ASSOC))
-							{
-								if (!$html_table && count($row))
-								{
-									$html_table = TRUE;
-									$this->sql_report .= "<table width=100% border=1 cellpadding=2 cellspacing=1>\n";
-									$this->sql_report .= "<tr>\n<td><b>" . implode("</b></td>\n<td><b>", array_keys($row)) . "</b></td>\n</tr>\n";
-								}
-								$this->sql_report .= "<tr>\n<td>" . implode("&nbsp;</td>\n<td>", array_values($row)) . "&nbsp;</td>\n</tr>\n";
-							}
-						}
-
-						if ($html_table)
-						{
-							$this->sql_report .= '</table><br>';
-						}
-					}
-
-					$this->sql_report .= "<hr>\n";
+					$this->sql_report('stop', $query);
 				}
 
-				if (preg_match('#^SELECT#', $query))
+				if ($cache_ttl && method_exists($cache, 'sql_save'))
 				{
-					$this->open_queries[] = $this->query_result;
+					$cache->sql_save($query, $this->query_result, $cache_ttl);
 				}
 			}
-
-			if (!empty($cache_result))
+			else if (defined('DEBUG_EXTRA'))
 			{
-				$cache->sql_save($query, $this->query_result);
+				$this->sql_report('fromcache', $query);
 			}
 		}
 		else
@@ -191,76 +135,26 @@ class sql_db
 		return ($this->query_result) ? $this->query_result : false;
 	}
 
-	function sql_query_limit($query, $total, $offset = 0, $expire_time = 0)
-	{
-		if ($query != '')
+	function sql_query_limit($query, $total, $offset = 0, $cache_ttl = 0) 
+	{ 
+		if ($query != '') 
 		{
-			$this->query_result = false;
+			$this->query_result = false; 
 
-			$query .= ' LIMIT ' . ((!empty($offset)) ? $total . ' OFFSET ' . $offset : $total);
-
-			return $this->sql_query($query, $expire_time);
-		}
-		else
-		{
-			return false;
-		}
-	}
-
-	// Idea for this from Ikonboard
-	function sql_build_array($query, $assoc_ary = false)
-	{
-		if (!is_array($assoc_ary))
-		{
-			return false;
-		}
-
-		$fields = array();
-		$values = array();
-		if ($query == 'INSERT')
-		{
-			foreach ($assoc_ary as $key => $var)
+			// if $total is set to 0 we do not want to limit the number of rows
+			if ($total == 0)
 			{
-				$fields[] = $key;
-
-				if (is_null($var))
-				{
-					$values[] = 'NULL';
-				}
-				elseif (is_string($var))
-				{
-					$values[] = "'" . $this->sql_escape($var) . "'";
-				}
-				else
-				{
-					$values[] = (is_bool($var)) ? intval($var) : $var;
-				}
+				$total = -1;
 			}
 
-			$query = ' (' . implode(', ', $fields) . ') VALUES (' . implode(', ', $values) . ')';
-		}
-		else if ($query == 'UPDATE')
-		{
-			$values = array();
-			foreach ($assoc_ary as $key => $var)
-			{
-				if (is_null($var))
-				{
-					$values[] = "$key = NULL";
-				}
-				elseif (is_string($var))
-				{
-					$values[] = "$key = '" . $this->sql_escape($var) . "'";
-				}
-				else
-				{
-					$values[] = (is_bool($var)) ? "$key = " . intval($var) : "$key = $var";
-				}
-			}
-			$query = implode(', ', $values);
-		}
+			$query .= "\n LIMIT " . ((!empty($offset)) ? $offset . ', ' . $total : $total);
 
-		return $query;
+			return $this->sql_query($query, $cache_ttl); 
+		} 
+		else 
+		{ 
+			return false; 
+		} 
 	}
 
 	// Other query methods
@@ -282,7 +176,7 @@ class sql_db
 		return ($this->db_connect_id) ? @sqlite_changes($this->db_connect_id) : false;
 	}
 
-	function sql_fetchrow($query_id = 0)
+	function sql_fetchrow($query_id = false)
 	{
 		global $cache;
 
@@ -291,50 +185,62 @@ class sql_db
 			$query_id = $this->query_result;
 		}
 
-		if ($cache->sql_exists($query_id))
+		if (isset($cache->sql_rowset[$query_id]))
 		{
 			return $cache->sql_fetchrow($query_id);
 		}
 
-		return ($query_id) ? @sqlite_fetch_array($query_id, @sqlite_ASSOC) : false;
+		return ($query_id) ? @sqlite_fetch_array($query_id, SQLITE_ASSOC) : false;
 	}
 
-	function sql_fetchrowset($query_id = 0)
+	function sql_fetchrowset($query_id = false)
 	{
-		if(!$query_id)
+		if (!$query_id)
 		{
 			$query_id = $this->query_result;
 		}
-		if($query_id)
+
+		if ($query_id)
 		{
 			unset($this->rowset[$query_id]);
 			unset($this->row[$query_id]);
-			while($this->rowset[$query_id] = @sqlite_fetch_array($query_id, @sqlite_ASSOC))
+
+			$result = array();
+			while ($this->rowset[$query_id] = $this->sql_fetchrow($query_id))
 			{
 				$result[] = $this->rowset[$query_id];
 			}
 			return $result;
 		}
-		else
-		{
-			return false;
-		}
+		
+		return false;
 	}
 
-	function sql_fetchfield($field, $rownum = -1, $query_id = 0)
+	function sql_fetchfield($field, $rownum = -1, $query_id = false)
 	{
-		if(!$query_id)
+		if (!$query_id)
 		{
 			$query_id = $this->query_result;
 		}
 
-		if($query_id)
+		if ($query_id)
 		{
-			return ($rownum > -1) ? ((@sqlite_seek($query_id, $rownum)) ? @sqlite_column($query_id, $field) : false) : @sqlite_column($query_id, $field);
+			if ($rownum > -1)
+			{
+				$result = (@sqlite_seek($query_id, $rownum)) ? @sqlite_column($query_id, $field) : false;
+			}
+			else
+			{
+				$result = @sqlite_column($query_id, $field);
+			}
+
+			return $result;
 		}
+
+		return false;
 	}
 
-	function sql_rowseek($rownum, $query_id = 0)
+	function sql_rowseek($rownum, $query_id = false)
 	{
 		if (!$query_id)
 		{
@@ -359,31 +265,60 @@ class sql_db
 		return @sqlite_escape_string(stripslashes($msg));
 	}
 
-	function sql_error($sql = '')
+	function db_sql_error()
 	{
-		if (!$this->return_on_error)
-		{
-			if ($this->transaction)
-			{
-				$this->sql_transaction('rollback');
-			}
-
-			$this_page = (!empty($_SERVER['PHP_SELF'])) ? $_SERVER['PHP_SELF'] : $_ENV['PHP_SELF'];
-			$this_page .= '&' . ((!empty($_SERVER['QUERY_STRING'])) ? $_SERVER['QUERY_STRING'] : $_ENV['QUERY_STRING']);
-
-			$message = '<u>SQL ERROR</u> [ ' . SQL_LAYER . ' ]<br /><br />' . @sqlite_error_string(@sqlite_last_error($this->db_connect_id)) . '<br /><br /><u>CALLING PAGE</u><br /><br />'  . htmlspecialchars($this_page) . (($sql != '') ? '<br /><br /><u>SQL</u><br /><br />' . $sql : '') . '<br />';
-			trigger_error($message, E_USER_ERROR);
-		}
-
-		$result = array(
+		return array(
 			'message'	=> @sqlite_error_string(@sqlite_last_error($this->db_connect_id)),
 			'code'		=> @sqlite_last_error($this->db_connect_id)
 		);
-
-		return $result;
 	}
 
-} // class sql_db
+	function _sql_report($mode, $query = '')
+	{
+		global $cache, $starttime, $phpbb_root_path;
+		static $curtime, $query_hold, $html_hold;
+		static $sql_report = '';
+		static $cache_num_queries = 0;
+
+		switch ($mode)
+		{
+			case 'start':
+				$query_hold = $query;
+				$html_hold = '';
+
+				$curtime = explode(' ', microtime());
+				$curtime = $curtime[0] + $curtime[1];
+				break;
+
+			case 'fromcache':
+				$endtime = explode(' ', microtime());
+				$endtime = $endtime[0] + $endtime[1];
+
+				$result = @sqlite_query($query, $this->db_connect_id);
+				while ($void = @sqlite_fetch_array($result, SQLITE_ASSOC))
+				{
+					// Take the time spent on parsing rows into account
+				}
+				$splittime = explode(' ', microtime());
+				$splittime = $splittime[0] + $splittime[1];
+
+				$time_cache = $endtime - $curtime;
+				$time_db = $splittime - $endtime;
+				$color = ($time_db > $time_cache) ? 'green' : 'red';
+
+				$sql_report .= '<hr width="100%"/><br /><table class="bg" width="100%" cellspacing="1" cellpadding="4" border="0"><tr><th>Query results obtained from the cache</th></tr><tr><td class="row1"><textarea style="font-family:\'Courier New\',monospace;width:100%" rows="5">' . preg_replace('/\t(AND|OR)(\W)/', "\$1\$2", htmlspecialchars(preg_replace('/[\s]*[\n\r\t]+[\n\r\s\t]*/', "\n", $query))) . '</textarea></td></tr></table><p align="center">';
+
+				$sql_report .= 'Before: ' . sprintf('%.5f', $curtime - $starttime) . 's | After: ' . sprintf('%.5f', $endtime - $starttime) . 's | Elapsed [cache]: <b style="color: ' . $color . '">' . sprintf('%.5f', ($time_cache)) . 's</b> | Elapsed [db]: <b>' . sprintf('%.5f', $time_db) . 's</b></p>';
+
+				// Pad the start time to not interfere with page timing
+				$starttime += $time_db;
+
+				$cache_num_queries++;
+				break;
+		}
+	}
+
+}
 
 } // if ... define
 

phpBB/includes/emailer.php

@@ -1,774 +0,0 @@
-<?php
-/***************************************************************************
-                                emailer.php
-                             -------------------
-    begin                : Sunday Aug. 12, 2001
-    copyright            : (C) 2001 The phpBB Group
-    email                : support@phpbb.com
-
-    $Id$
-
-***************************************************************************/
-
-/***************************************************************************
- *
- *   This program is free software; you can redistribute it and/or modify
- *   it under the terms of the GNU General Public License as published by
- *   the Free Software Foundation; either version 2 of the License, or
- *   (at your option) any later version.
- *
- ***************************************************************************/
-
-class emailer
-{
-	var $vars, $msg, $subject, $extra_headers, $encoding;
-	var $addresses;
-	var $reply_to, $from;
-	var $use_queue, $mail_queue;
-
-	var $tpl_msg = array();
-
-	function emailer($use_queue = false)
-	{
-		global $config;
-
-		$this->use_queue = $use_queue;
-		if ($use_queue)
-		{
-			$this->mail_queue = new queue();
-			$this->mail_queue->init('emailer', $config['email_package_size']);
-		}
-		$this->reset();
-	}
-
-	// Resets all the data (address, template file, etc etc to default
-	function reset()
-	{
-		$this->addresses = array();
-		$this->vars = $this->replyto = $this->from = $this->msg = $this->encoding = $this->extra_headers = '';
-	}
-
-	// Sets an email address to send to
-	function to($address, $realname = '')
-	{
-		$pos = sizeof($this->addresses['to']);
-		$this->addresses['to'][$pos]['email'] = trim($address);
-		$this->addresses['to'][$pos]['name'] = trim($realname);
-	}
-
-	function cc($address, $realname = '')
-	{
-		$pos = sizeof($this->addresses['cc']);
-		$this->addresses['cc'][$pos]['email'] = trim($address);
-		$this->addresses['cc'][$pos]['name'] = trim($realname);
-	}
-
-	function bcc($address, $realname = '')
-	{
-		$pos = sizeof($this->addresses['bcc']);
-		$this->addresses['bcc'][$pos]['email'] = trim($address);
-		$this->addresses['bcc'][$pos]['name'] = trim($realname);
-	}
-
-	function replyto($address, $realname = '')
-	{
-		$this->replyto = ($realname != '') ? mail_encode(trim($realname)) . ' ' : '';
-		$this->replyto .= '<' . trim($address) . '>';
-	}
-
-	function from($address, $realname = '')
-	{
-		$this->from = ($realname != '') ? mail_encode(trim($realname)) . ' ' : '';
-		$this->from .= '<' . trim($address) . '>';
-	}
-
-	// set up subject for mail
-	function subject($subject = '')
-	{
-		$this->subject = trim($subject);
-	}
-
-	// set up extra mail headers
-	function headers($headers)
-	{
-		$this->extra_headers .= trim($headers) . "\n";
-	}
-
-	function template($template_file, $template_lang = '')
-	{
-		global $config, $phpbb_root_path;
-
-		if (trim($template_file) == '')
-		{
-			trigger_error('No template file set', E_USER_ERROR);
-		}
-
-		if (trim($template_lang) == '')
-		{
-			$template_lang = $config['default_lang'];
-		}
-
-		if (empty($this->tpl_msg[$template_lang . $template_file]))
-		{
-			$tpl_file = $phpbb_root_path . 'language/' . $template_lang . '/email/' . $template_file . '.txt';
-
-			if (!file_exists($tpl_file))
-			{
-				$tpl_file = $phpbb_root_path . 'language/' . $config['default_lang'] . '/email/' . $template_file . '.txt';
-
-				if (!file_exists($tpl_file))
-				{
-					trigger_error('Could not find email template file :: ' . $template_file, E_USER_ERROR);
-				}
-			}
-
-			if (!($fd = @fopen($tpl_file, 'r')))
-			{
-				trigger_error('Failed opening template file', E_USER_ERROR);
-			}
-
-			$this->tpl_msg[$template_lang . $template_file] = fread($fd, filesize($tpl_file));
-			fclose($fd);
-		}
-
-		$this->msg = $this->tpl_msg[$template_lang . $template_file];
-
-		return true;
-	}
-
-	// assign variables
-	function assign_vars($vars)
-	{
-		$this->vars = (empty($this->vars)) ? $vars : $this->vars . $vars;
-	}
-
-	// Send the mail out to the recipients set previously in var $this->addresses
-	function send()
-	{
-		global $config, $user, $phpEx, $phpbb_root_path;
-
-		if (empty($config['email_enable']))
-		{
-			return false;
-		}
-
-		// Escape all quotes, else the eval will fail.
-		$this->msg = str_replace ("'", "\'", $this->msg);
-		$this->msg = preg_replace('#\{([a-z0-9\-_]*?)\}#is', "' . $\\1 . '", $this->msg);
-
-		// Set vars
-		foreach ($this->vars as $key => $val)
-		{
-			$$key = $val;
-		}
-
-		eval("\$this->msg = '$this->msg';");
-
-		// Clear vars
-		foreach ($this->vars as $key => $val)
-		{
-			unset($$key);
-		}
-
-		// We now try and pull a subject from the email body ... if it exists,
-		// do this here because the subject may contain a variable
-		$drop_header = '';
-		$match = array();
-		if (preg_match('#^(Subject:(.*?))$#m', $this->msg, $match))
-		{
-			$this->subject = (trim($match[2]) != '') ? trim($match[2]) : (($this->subject != '') ? $this->subject : $user->lang['NO_SUBJECT']);
-			$drop_header .= '[\n]*?' . preg_quote($match[1], '#');
-		}
-		else
-		{
-			$this->subject = (($this->subject != '') ? $this->subject : $user->lang['NO_SUBJECT']);
-		}
-
-		if (preg_match('#^(Charset:(.*?))$#m', $this->msg, $match))
-		{
-			$this->encoding = (trim($match[2]) != '') ? trim($match[2]) : trim($user->lang['ENCODING']);
-			$drop_header .= '[\n]*?' . preg_quote($match[1], '#');
-		}
-		else
-		{
-			$this->encoding = trim($user->lang['ENCODING']);
-		}
-
-		if ($drop_header != '')
-		{
-			$this->msg = trim(preg_replace('#' . $drop_header . '#s', '', $this->msg));
-		}
-
-		$to = $cc = $bcc = '';
-		// Build to, cc and bcc strings
-		foreach ($this->addresses as $type => $address_ary)
-		{
-			foreach ($address_ary as $which_ary)
-			{
-				$$type .= (($$type != '') ? ',' : '') . (($which_ary['name'] != '') ? mail_encode($which_ary['name']) . ' <' . $which_ary['email'] . '>' : '<' . $which_ary['email'] . '>');
-			}
-		}
-
-		if (empty($this->replyto))
-		{
-			$this->replyto = '<' . $config['board_email'] . '>';
-		}
-
-		if (empty($this->from))
-		{
-			$this->from = '<' . $config['board_email'] . '>';
-		}
-
-		// Build header
-		$headers = 'From: ' . $this->from . "\n";
-		$headers .= 'Reply-to: ' . $this->replyto . "\n";
-		$headers .= "Return-Path: <" . $config['board_email'] . ">\n";
-		$headers .= "Sender: <" . $config['board_email'] . ">\n";
-		$headers .= "MIME-Version: 1.0\n";
-		// Message-ID: <" . md5(uniqid(time())) . "@" . $config['server_name'] . ">\n
-		// $headers .= "Date: " . gmdate('D, d M Y H:i:s Z', time()) . "\n";
-		$headers .= "X-Priority: 3\n";
-		$headers .= "X-MSMail-Priority: Normal\n";
-		$headers .= "X-Mailer: PHP\n";
-		$headers .= "X-MimeOLE: Produced By phpBB2\n";
-		$headers .= "Content-type: text/plain; charset=" . $this->encoding . "\n";
-		$headers .= "Content-transfer-encoding: 8bit\n";
-		$headers .= ($this->extra_headers != '') ? $this->extra_headers : '';
-		$headers .= ($cc != '') ? "Cc:$cc\n" : '';
-		$headers .= ($bcc != '') ? "Bcc:$bcc\n" : ''; 
-
-		// Send message ... removed $this->encode() from subject for time being
-		if (!$this->use_queue)
-		{
-			$mail_to = ($to == '') ? 'Undisclosed-Recipients:;' : $to;
-			$err_msg = '';
-			$result = ($config['smtp_delivery']) ? smtpmail($this->addresses, $this->subject, $this->msg, $err_msg, $headers) : mail($mail_to, $this->subject, preg_replace("#(?<!\r)\n#s", "\n", $this->msg), $headers);
-		}
-		else
-		{
-			$this->mail_queue->put('emailer', array(
-				'to'			=> $to,
-				'addresses'		=> $this->addresses,
-				'subject'		=> $this->subject,
-				'msg'			=> $this->msg,
-				'extra_headers' => $headers)
-			);
-
-			$result = true;
-		}
-
-		// Did it work?
-		if (!$result)
-		{
-			$message = '<u>EMAIL ERROR</u> [ ' . (($config['smtp_delivery']) ? 'SMTP' : 'PHP') . ' ]<br /><br />' . $err_msg . '<br /><br /><u>CALLING PAGE</u><br /><br />'  . ((!empty($_SERVER['PHP_SELF'])) ? $_SERVER['PHP_SELF'] : $_ENV['PHP_SELF']) . '<br />';
-			@include_once($phpbb_root_path . 'includes/functions_admin.'.$phpEx);
-			add_log('critical', 'EMAIL_ERROR', $message);
-			trigger_error($message, E_USER_ERROR);
-		}
-
-		return true;
-	}
-
-} // class emailer
-
-// Encodes the given string for proper display for this encoding ... nabbed 
-// from php.net and modified. There is an alternative encoding method which 
-// may produce less output but it's questionable as to its worth in this 
-// scenario IMO
-function mail_encode($str)
-{
-	if ($this->encoding == '')
-	{
-		return $str;
-	}
-
-	// define start delimimter, end delimiter and spacer
-	$end = "?=";
-	$start = "=?$this->encoding?B?";
-	$spacer = "$end\r\n $start";
-
-	// determine length of encoded text within chunks and ensure length is even
-	$length = 75 - strlen($start) - strlen($end);
-	$length = floor($length / 2) * 2;
-
-	// encode the string and split it into chunks with spacers after each chunk
-	$str = chunk_split(base64_encode($str), $length, $spacer);
-
-	// remove trailing spacer and add start and end delimiters
-	$str = preg_replace('#' . preg_quote($spacer) . '$#', '', $str);
-
-	return $start . $str . $end;
-}
-
-// This function has been modified as provided by SirSir to allow multiline responses when
-// using SMTP Extensions
-function server_parse($socket, $response)
-{
-	while (substr($server_response, 3, 1) != ' ')
-	{
-		if (!($server_response = fgets($socket, 256)))
-		{
-			return 'Could not get mail server response codes';
-		}
-	}
-
-	if (!(substr($server_response, 0, 3) == $response))
-	{
-		return "Ran into problems sending Mail. Response: $server_response";
-	}
-
-	return 0;
-}
-
-// Replacement or substitute for PHP's mail command
-function smtpmail($addresses, $subject, $message, &$err_msg, $headers = '')
-{
-	global $config, $_SERVER;
-
-	// Fix any bare linefeeds in the message to make it RFC821 Compliant.
-	$message = preg_replace("#(?<!\r)\n#si", "\r\n", $message);
-
-	if ($headers != '')
-	{
-		if (is_array($headers))
-		{
-			if (sizeof($headers) > 1)
-			{
-				$headers = join("\n", $headers);
-			}
-			else
-			{
-				$headers = $headers[0];
-			}
-		}
-		$headers = chop($headers);
-
-		// Make sure there are no bare linefeeds in the headers
-		$headers = preg_replace('#(?<!\r)\n#si', "\r\n", $headers);
-
-		// Ok this is rather confusing all things considered,
-		// but we have to grab bcc and cc headers and treat them differently
-		// Something we really didn't take into consideration originally
-		$header_array = explode("\r\n", $headers);
-		$headers = '';
-		
-		foreach ($header_array as $header)
-		{
-			if (preg_match('#^cc:#si', $header) || preg_match('#^bcc:#si', $header))
-			{
-				$header = '';
-			}
-			$headers .= ($header != '') ? $header . "\r\n" : '';
-		}
-
-		$headers = chop($headers);
-	}
-
-	if (trim($subject) == '')
-	{
-		$err_msg = 'No email Subject specified';
-		return FALSE;
-	}
-
-	if (trim($message) == '')
-	{
-		$err_msg = 'Email message was blank';
-		return FALSE;
-	}
-
-	$mail_rcpt = $mail_to = $mail_cc = array();
-
-	// Build correct addresses for RCPT TO command and the client side display (TO, CC)
-	foreach ($addresses['to'] as $which_ary)
-	{
-		$mail_to[] = ($which_ary['name'] != '') ? mail_encode(trim($which_ary['name'])) . ' <' . trim($which_ary['email']) . '>' : '<' . trim($which_ary['email']) . '>';
-		$mail_rcpt['to'][] = '<' . trim($which_ary['email']) . '>';
-	}
-
-	foreach ($addresses['bcc'] as $which_ary)
-	{
-		$mail_rcpt['bcc'][] = '<' . trim($which_ary['email']) . '>';
-	}
-
-	foreach ($addresses['cc'] as $which_ary)
-	{
-		$mail_cc[] = ($which_ary['name'] != '') ? mail_encode(trim($which_ary['name'])) . ' <' . trim($which_ary['email']) . '>' : '<' . trim($which_ary['email']) . '>';
-		$mail_rcpt['cc'][] = '<' . trim($which_ary['email']) . '>';
-	}
-
-	// Ok we have error checked as much as we can to this point let's get on
-	// it already.
-	if (!$socket = fsockopen($config['smtp_host'], $config['smtp_port'], $errno, $errstr, 20))
-	{
-		$err_msg = "Could not connect to smtp host : $errno : $errstr";
-		return FALSE;
-	}
-
-	// Wait for reply
-	if ($err_msg = server_parse($socket, '220'))
-	{
-		return FALSE;
-	}
-
-/*
-	// Do we want to use AUTH?, send RFC2554 EHLO, else send RFC821 HELO
-	// This improved as provided by SirSir to accomodate
-	if( !empty($board_config['smtp_username']) && !empty($board_config['smtp_password']) )
-	{ 
-		fputs($socket, "EHLO " . $board_config['smtp_host'] . "\r\n");
-		server_parse($socket, "250");
-
-		fputs($socket, "AUTH LOGIN\r\n");
-		server_parse($socket, "334");
-
-		fputs($socket, base64_encode($board_config['smtp_username']) . "\r\n");
-		server_parse($socket, "334");
-
-		fputs($socket, base64_encode($board_config['smtp_password']) . "\r\n");
-		server_parse($socket, "235");
-	}
-	else
-	{
-		fputs($socket, "HELO " . $board_config['smtp_host'] . "\r\n");
-		server_parse($socket, "250");
-	}
-*/
-
-	// TEMP TEMP TEMP
-	$config['smtp_auth_method'] = 'LOGIN';
-
-	// I see the potential to use pipelining after the EHLO call... 
-
-	// Do we want to use AUTH?, send RFC2554 EHLO, else send RFC821 HELO
-	// This improved as provided by SirSir to accomodate
-	if (!empty($config['smtp_username']) && !empty($config['smtp_password']))
-	{
-		// See RFC 821 3.5
-		// best would be to do a reverse resolution on the IP and use the result (if any) as
-		// domain, or the IP as fallback. Since reverse dns is broken in many php versions (afaik)
-		// it seems better to just use the ip.
-		fputs($socket, "EHLO [" . $_SERVER["SERVER_ADDR"] . "]\r\n");
-		if ($err_msg = server_parse($socket, '250'))
-		{
-			return FALSE;
-		}
-
-		// EHLO returns the supported AUTH types
-		// NOTE: best way (IMO) is to first choose *MD5 (if it is available), then PLAIN, then LOGIN and if
-		// implemented (as a last resort) ANONYMOUS
-		switch ($config['smtp_auth_method'])
-		{
-			case 'PLAIN':
-				// Note: PLAIN should be default (if *MD5 is not available), since LOGIN is not fully compatible with
-				// Cyrus-SASL (used by many MTAs for SMTP-AUTH)
-				$base64_method_plain = base64_encode($config['smtp_username'] . "\0" . $config['smtp_username'] . "\0" . $config['smtp_password']);
-				fputs($socket, "AUTH PLAIN $base64_method_plain\r\n");
-				if ($err_msg = server_parse($socket, '235'))
-				{
-					return FALSE;
-				}
-				break;
-
-			case 'LOGIN':
-				fputs($socket, "AUTH LOGIN\r\n");
-				if ($err_msg = server_parse($socket, '334'))
-				{
-					return FALSE;
-				}
-
-				fputs($socket, base64_encode($config['smtp_username']) . "\r\n");
-				if ($err_msg = server_parse($socket, '334'))
-				{
-					return FALSE;
-				}
-
-				fputs($socket, base64_encode($config['smtp_password']) . "\r\n");
-				if ($err_msg = server_parse($socket, '235'))
-				{
-					return FALSE;
-				}
-				break;
-
-			// cram-md5, digest-md5...
-		}
-	}
-	else
-	{
-		fputs($socket, "HELO [" . $_SERVER["SERVER_ADDR"] . "]\r\n");
-		if ($err_msg = server_parse($socket, '250'))
-		{
-			return FALSE;
-		}
-	}
-
-	// From this point onward most server response codes should be 250
-	// Specify who the mail is from....
-	fputs($socket, "MAIL FROM: <" . $board_config['board_email'] . ">\r\n");
-	if ($err_msg = server_parse($socket, '250'))
-	{
-		return FALSE;
-	}
-
-	// Specify each user to send to and build to header.
-	$to_header = implode(', ', $mail_to);
-	$cc_header = implode(', ', $mail_cc);
-
-	// Now tell the MTA to send the Message to the following people... [TO, BCC, CC]
-	foreach ($mail_rcpt as $type => $mail_to_addresses)
-	{
-		foreach ($mail_to_addresses as $mail_to_address)
-		{
-			// Add an additional bit of error checking to the To field.
-			if (preg_match('#[^ ]+\@[^ ]+#', $mail_to_address))
-			{
-				fputs($socket, "RCPT TO: $mail_to_address\r\n");
-				if ($err_msg = server_parse($socket, '250'))
-				{
-					return FALSE;
-				}
-			}
-		}
-	}
-
-	// Ok now we tell the server we are ready to start sending data
-	fputs($socket, "DATA\r\n");
-
-	// This is the last response code we look for until the end of the message.
-	if ($err_msg = server_parse($socket, '354'))
-	{
-		return FALSE;
-	}
-
-	// Send the Subject Line...
-	fputs($socket, "Subject: $subject\r\n");
-
-	// Now the To Header.
-	$to_header = ($to_header == '') ? 'Undisclosed-Recipients:;' : $to_header;
-	fputs($socket, "To: $to_header\r\n");
-
-	// Now the CC Header.
-	if ($cc_header != '')
-	{
-		fputs($socket, "CC: $cc_header\r\n");
-	}
-
-	// Now any custom headers....
-	fputs($socket, "$headers\r\n\r\n");
-
-	// Ok now we are ready for the message...
-	fputs($socket, "$message\r\n");
-
-	// Ok the all the ingredients are mixed in let's cook this puppy...
-	fputs($socket, ".\r\n");
-	if ($err_msg = server_parse($socket, '250'))
-	{
-		return FALSE;
-	}
-
-	// Now tell the server we are done and close the socket...
-	fputs($socket, "QUIT\r\n");
-	fclose($socket);
-
-	return TRUE;
-}
-
-// This class is for handling queues - to be placed into another file ?
-// At the moment it is only handling the email queue
-class queue
-{
-	var $data = array();
-	var $queue_data = array();
-	var $package_size = 0;
-	var $cache_file = '';
-
-	function queue()
-	{
-		global $phpEx, $phpbb_root_path;
-
-		$this->data = array();
-		$this->cache_file = $phpbb_root_path . 'cache/queue.' . $phpEx;
-	}
-
-	//--TEMP
-	function is_queue_filled()
-	{
-		if (file_exists($this->cache_file))
-		{
-			return true;
-		}
-
-		return false;
-	}
-	
-	function init($object, $package_size)
-	{
-		$this->data[$object] = array();
-		$this->data[$object]['package_size'] = $package_size;
-		$this->data[$object]['data'] = array();
-	}
-
-	function put($object, $scope)
-	{
-		$this->data[$object]['data'][] = $scope;
-	}
-
-	//--TEMP
-	function show()
-	{
-		echo ";<pre>";
-		print_r($this->data);
-		echo "</pre>;";
-	}
-
-	// Thinking about a lock file...
-	function process()
-	{
-		global $db, $config, $phpEx, $phpbb_root_path;
-
-		if (file_exists($this->cache_file))
-		{
-			include($this->cache_file);
-			$fp = @fopen($this->cache_file, 'r');
-			@flock($fp, LOCK_EX);
-		}
-		else
-		{
-			return;
-		}
-			
-		foreach ($this->queue_data as $object => $data_array)
-		{
-			$package_size = $data_array['package_size'];
-
-			$num_items = (count($data_array['data']) < $package_size) ? count($data_array['data']) : $package_size;
-
-			switch ($object)
-			{
-				case 'emailer':
-					// Delete the email queued objects if mailing is disabled
-					if (!$config['email_enable'])
-					{
-						unset($this->queue_data['emailer']);
-						break 2;
-					}
-					include_once($phpbb_root_path . 'includes/functions_admin.'.$phpEx);
-					@set_time_limit(60);
-					break;
-				default:
-					return;
-			}
-
-			for ($i = 0; $i < $num_items; $i++)
-			{
-				foreach ($data_array['data'][0] as $var => $value)
-				{
-					$$var = $value;
-				}
-				
-				switch ($object)
-				{
-					case 'emailer':
-						$mail_to = ($to == '') ? 'Undisclosed-Recipients:;' : $to;
-						$err_msg = '';
-						$result = ($config['smtp_delivery']) ? smtpmail($addresses, $subject, $msg, $err_msg, $extra_headers) : mail($mail_to, $subject, preg_replace("#(?<!\r)\n#s", "\n", $msg), $extra_headers);
-				
-						if (!$result)
-						{
-							// Logging instead of displaying!?
-							$message = 'Method: [ ' . (($config['smtp_delivery']) ? 'SMTP' : 'PHP') . ' ]<br /><br />' . $err_msg . '<br /><br /><u>CALLING PAGE</u><br /><br />'  . ((!empty($_SERVER['PHP_SELF'])) ? $_SERVER['PHP_SELF'] : $_ENV['PHP_SELF']) . '<br />';
-							add_log('critical', 'MAIL_ERROR', $message);
-//							$message = '<u>EMAIL ERROR</u> [ ' . (($config['smtp_delivery']) ? 'SMTP' : 'PHP') . ' ]<br /><br />' . $result . '<br /><br /><u>CALLING PAGE</u><br /><br />'  . ((!empty($_SERVER['PHP_SELF'])) ? $_SERVER['PHP_SELF'] : $_ENV['PHP_SELF']) . '<br />';
-						}
-						break;
-				}
-
-				array_shift($this->queue_data[$object]['data']);
-			}
-
-			if (count($this->queue_data[$object]['data']) == 0)
-			{
-				unset($this->queue_data[$object]);
-			}
-		}
-	
-		if (!sizeof($this->queue_data))
-		{
-			@flock($fp, LOCK_UN);
-			fclose($fp);
-			unlink($this->cache_file);
-		}
-		else
-		{
-			$file = '<?php $this->queue_data=' . $this->format_array($this->queue_data) . '; ?>';
-			@flock($fp, LOCK_UN);
-			fclose($fp);
-
-			if ($fp = @fopen($this->cache_file, 'wb'))
-			{
-				@flock($fp, LOCK_EX);
-				fwrite($fp, $file);
-				@flock($fp, LOCK_UN);
-				fclose($fp);
-			}
-		}
-
-		$sql = "UPDATE " . CONFIG_TABLE . "
-			SET config_value = '" . time() . "'
-			WHERE config_name = 'last_queue_run'";
-		$db->sql_query($sql);
-	}
-
-	function save()
-	{
-		if (file_exists($this->cache_file))
-		{
-			include($this->cache_file);
-			
-			foreach ($this->queue_data as $object => $data_array)
-			{
-				if (count($this->data[$object]))
-				{
-					$this->data[$object]['data'] = array_merge($data_array['data'], $this->data[$object]['data']);
-				}
-			}
-		}
-		
-		$file = '<?php $this->queue_data = ' . $this->format_array($this->data) . '; ?>';
-
-		if ($fp = @fopen($this->cache_file, 'wt'))
-		{
-			@flock($fp, LOCK_EX);
-			fwrite($fp, $file);
-			@flock($fp, LOCK_UN);
-			fclose($fp);
-		}
-	}
-
-	function format_array($array)
-	{
-		$lines = array();
-		foreach ($array as $k => $v)
-		{
-			if (is_array($v))
-			{
-				$lines[] = "'$k'=>" . $this->format_array($v);
-			}
-			elseif (is_int($v))
-			{
-				$lines[] = "'$k'=>$v";
-			}
-			elseif (is_bool($v))
-			{
-				$lines[] = "'$k'=>" . (($v) ? 'TRUE' : 'FALSE');
-			}
-			else
-			{
-				$lines[] = "'$k'=>'" . str_replace("'", "\'", str_replace('\\', '\\\\', $v)) . "'";
-			}
-		}
-		return 'array(' . implode(',', $lines) . ')';
-	}
-
-}
-
-?>

phpBB/includes/functions_compress.php

@@ -1,20 +1,21 @@
-<?
-// -------------------------------------------------------------------------
-//
-// $Id$
-//
-// FILENAME  : functions_compress.php
-// STARTED   : Sat Jul 19 2003
-// COPYRIGHT : <20> 2003 phpBB Group
-// WWW       : http://www.phpbb.com/
-// LICENCE   : GPL vs2.0 [ see /docs/COPYING ] 
-// 
-// -------------------------------------------------------------------------
+<?php
+/** 
+*
+* @package phpBB3
+* @version $Id$ 
+* @copyright (c) 2005 phpBB Group 
+* @license http://opensource.org/licenses/gpl-license.php GNU Public License 
+*
+*/
 
+/**
+* @package phpBB3
+* Class for handling archives (compression/decompression)
+*/
 class compress 
 {
 	var $fp = 0;
-
+	
 	function add_file($src, $src_rm_prefix = '', $src_add_prefix = '', $skip_files = '')
 	{
 		global $phpbb_root_path;
@@ -63,7 +64,7 @@ class compress
 					$path = (substr($path, 0, 1) == '/') ? substr($path, 1) : $path;
 					$path = ($path && substr($path, -1) != '/') ? $path . '/' : $path;
 
-					$this->data("$src_path$path", '', filemtime("$phpbb_root_path$path"), true);
+					$this->data("$src_path$path", '', filemtime("$phpbb_root_path$src_path$path"), true);
 				}
 
 				foreach ($file_ary as $file)
@@ -73,7 +74,7 @@ class compress
 						continue;
 					}
 
-					$this->data("$src_path$path$file", implode('', file("$phpbb_root_path$src$path$file")), filemtime("$phpbb_root_path$src$path$file"), false);
+					$this->data("$src_path$path$file", implode('', file("$phpbb_root_path$src_path$path$file")), filemtime("$phpbb_root_path$src_path$path$file"), false);
 				}
 			}
 
@@ -104,13 +105,17 @@ class compress
 	}
 }
 
-// Zip creation class from phpMyAdmin 2.3.0 <20> Tobias Ratschiller, Olivier M<>ller, Lo<4C>c Chapeaux, 
-// Marc Delisle, http://www.phpmyadmin.net/
-//
-// Modified extensively by psoTFX, <20> phpBB Group, 2003
-//
-// Based on work by Eric Mueller and Denis125
-// Official ZIP file format: http://www.pkware.com/appnote.txt
+/**
+* @package phpBB3
+*
+* Zip creation class from phpMyAdmin 2.3.0 <20> Tobias Ratschiller, Olivier M<>ller, Lo<4C>c Chapeaux, 
+* Marc Delisle, http://www.phpmyadmin.net/
+*
+* Modified extensively by psoTFX, <20> phpBB Group, 2003
+*
+* Based on work by Eric Mueller and Denis125
+* Official ZIP file format: http://www.pkware.com/appnote.txt
+*/
 class compress_zip extends compress
 {
 	var $datasec = array();
@@ -374,16 +379,39 @@ class compress_zip extends compress
 			pack('V', $this->datasec_len) .			// offset to start of central dir
 			"\x00\x00";								// .zip file comment length
 	}
+
+	function download($filename)
+	{
+		global $phpbb_root_path;
+
+		$mimetype = 'application/zip';
+
+		header('Pragma: no-cache');
+		header("Content-Type: $mimetype; name=\"$filename.zip\"");
+		header("Content-disposition: attachment; filename=$filename.zip");
+
+		$fp = fopen("{$phpbb_root_path}store/$filename.zip", 'rb');
+		while ($buffer = fread($fp, 1024))
+		{
+			echo $buffer;
+		}
+		fclose($fp);
+	}
 }
 
-// Tar/tar.gz compression routine
-// Header/checksum creation derived from tarfile.pl, <20> Tom Horsley, 1994
+/**
+* @package phpBB3
+*
+* Tar/tar.gz compression routine
+* Header/checksum creation derived from tarfile.pl, <20> Tom Horsley, 1994
+*/
 class compress_tar extends compress 
 {
 	var $isgz = false;
 	var $isbz = false;
 	var $filename = '';
 	var $mode = '';
+	var $type = '';
 
 	function compress_tar($mode, $file, $type = '')
 	{
@@ -393,6 +421,7 @@ class compress_tar extends compress
 
 		$this->mode = &$mode;
 		$this->file = &$file;
+		$this->type = &$type;
 		$this->open();
 	}
 
@@ -529,6 +558,7 @@ class compress_tar extends compress
 		$header .= pack("x247");
 
 		// Checksum
+		$checksum = 0;
 		for ($i = 0; $i < 512; $i++)
 		{
 			$b = unpack("c1char", substr($header, $i, 1));
@@ -548,11 +578,46 @@ class compress_tar extends compress
 		unset($data);
 	}
 
-	function open($mode, $file)
+	function open()
 	{
 		$fzopen = ($this->isbz && function_exists('bzopen')) ? 'bzopen' : (($this->isgz && extension_loaded('zlib')) ? 'gzopen' : 'fopen');
 		return $this->fp = @$fzopen($this->file, $this->mode . 'b');
 	}
+
+	function download($filename)
+	{
+		global $phpbb_root_path;
+
+		switch ($this->type)
+		{
+			case 'tar':
+				$mimetype = 'application/x-tar';
+				break;
+
+			case 'tar.gz':
+				$mimetype = 'application/x-gzip';
+				break;
+
+			case 'tar.bz2':
+				$mimetype = 'application/x-bzip2';
+				break;
+			
+			default:
+				$mimetype = 'application/octet-stream';
+				break;
+		}
+
+		header('Pragma: no-cache');
+		header("Content-Type: $mimetype; name=\"$filename.$this->type\"");
+		header("Content-disposition: attachment; filename=$filename.$this->type");
+
+		$fp = fopen("{$phpbb_root_path}store/$filename.$this->type", 'rb');
+		while ($buffer = fread($fp, 1024))
+		{
+			echo $buffer;
+		}
+		fclose($fp);
+	}
 }
 
 ?>