diff -crN phpbb200/admin/admin_board.php phpbb2017/admin/admin_board.php *** phpbb200/admin/admin_board.php Sat Jul 10 20:16:13 2004 --- phpbb2017/admin/admin_board.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_board.php,v 1.51 2002/03/22 17:00:32 psotfx Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_board.php,v 1.51.2.9 2004/11/18 17:49:33 acydburn Exp $ * * ***************************************************************************/ *************** *** 16,31 **** if( !empty($setmodules) ) { $file = basename(__FILE__); ! $module['General']['Configuration'] = "$file?mode=config"; return; } // // Let's set the root dir for phpBB // ! $phpbb_root_path = "../"; require($phpbb_root_path . 'extension.inc'); ! require('pagestart.' . $phpEx); include($phpbb_root_path . 'includes/functions_selects.'.$phpEx); // --- 16,31 ---- if( !empty($setmodules) ) { $file = basename(__FILE__); ! $module['General']['Configuration'] = "$file"; return; } // // Let's set the root dir for phpBB // ! $phpbb_root_path = "./../"; require($phpbb_root_path . 'extension.inc'); ! require('./pagestart.' . $phpEx); include($phpbb_root_path . 'includes/functions_selects.'.$phpEx); // *************** *** 43,52 **** { $config_name = $row['config_name']; $config_value = $row['config_value']; ! $default_config[$config_name] = $config_value; $new[$config_name] = ( isset($HTTP_POST_VARS[$config_name]) ) ? $HTTP_POST_VARS[$config_name] : $default_config[$config_name]; if( isset($HTTP_POST_VARS['submit']) ) { $sql = "UPDATE " . CONFIG_TABLE . " SET --- 43,57 ---- { $config_name = $row['config_name']; $config_value = $row['config_value']; ! $default_config[$config_name] = isset($HTTP_POST_VARS['submit']) ? str_replace("'", "\'", $config_value) : $config_value; $new[$config_name] = ( isset($HTTP_POST_VARS[$config_name]) ) ? $HTTP_POST_VARS[$config_name] : $default_config[$config_name]; + if ($config_name == 'cookie_name') + { + $cookie_name = str_replace('.', '_', $new['cookie_name']); + } + if( isset($HTTP_POST_VARS['submit']) ) { $sql = "UPDATE " . CONFIG_TABLE . " SET *************** *** 68,74 **** } $style_select = style_select($new['default_style'], 'default_style', "../templates"); ! $lang_select = language_select($new['default_lang'], 'default_lang', "../language"); $timezone_select = tz_select($new['board_timezone'], 'board_timezone'); $disable_board_yes = ( $new['board_disable'] ) ? "checked=\"checked\"" : ""; --- 73,79 ---- } $style_select = style_select($new['default_style'], 'default_style', "../templates"); ! $lang_select = language_select($new['default_lang'], 'default_lang', "language"); $timezone_select = tz_select($new['board_timezone'], 'board_timezone'); $disable_board_yes = ( $new['board_disable'] ) ? "checked=\"checked\"" : ""; *************** *** 92,97 **** --- 97,105 ---- $activation_user = ( $new['require_activation'] == USER_ACTIVATION_SELF ) ? "checked=\"checked\"" : ""; $activation_admin = ( $new['require_activation'] == USER_ACTIVATION_ADMIN ) ? "checked=\"checked\"" : ""; + $confirm_yes = ($new['enable_confirm']) ? 'checked="checked"' : ''; + $confirm_no = (!$new['enable_confirm']) ? 'checked="checked"' : ''; + $board_email_form_yes = ( $new['board_email_form'] ) ? "checked=\"checked\"" : ""; $board_email_form_no = ( !$new['board_email_form'] ) ? "checked=\"checked\"" : ""; *************** *** 155,160 **** --- 163,170 ---- "L_NONE" => $lang['Acc_None'], "L_USER" => $lang['Acc_User'], "L_ADMIN" => $lang['Acc_Admin'], + "L_VISUAL_CONFIRM" => $lang['Visual_confirm'], + "L_VISUAL_CONFIRM_EXPLAIN" => $lang['Visual_confirm_explain'], "L_COOKIE_SETTINGS" => $lang['Cookie_settings'], "L_COOKIE_SETTINGS_EXPLAIN" => $lang['Cookie_settings_explain'], "L_COOKIE_DOMAIN" => $lang['Cookie_domain'], *************** *** 242,247 **** --- 252,260 ---- "ACTIVATION_USER_CHECKED" => $activation_user, "ACTIVATION_ADMIN" => USER_ACTIVATION_ADMIN, "ACTIVATION_ADMIN_CHECKED" => $activation_admin, + "CONFIRM_ENABLE" => $confirm_yes, + "CONFIRM_DISABLE" => $confirm_no, + "ACTIVATION_NONE_CHECKED" => $activation_none, "BOARD_EMAIL_FORM_ENABLE" => $board_email_form_yes, "BOARD_EMAIL_FORM_DISABLE" => $board_email_form_no, "MAX_POLL_OPTIONS" => $new['max_poll_options'], *************** *** 311,316 **** $template->pparse("body"); ! include('page_footer_admin.'.$phpEx); ?> --- 324,329 ---- $template->pparse("body"); ! include('./page_footer_admin.'.$phpEx); ?> diff -crN phpbb200/admin/admin_db_utilities.php phpbb2017/admin/admin_db_utilities.php *** phpbb200/admin/admin_db_utilities.php Sat Jul 10 20:16:13 2004 --- phpbb2017/admin/admin_db_utilities.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_db_utilities.php,v 1.42 2002/04/03 20:14:46 the_systech Exp $ * ****************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_db_utilities.php,v 1.42.2.11 2005/02/21 18:36:49 acydburn Exp $ * ****************************************************************************/ *************** *** 34,48 **** { $filename = basename(__FILE__); $module['General']['Backup_DB'] = $filename . "?perform=backup"; ! if(@phpversion() >= '4.0.0') ! { ! $file_uploads = @ini_get('file_uploads'); ! } ! else ! { ! $file_uploads = @get_cfg_var('file_uploads'); ! } ! if( ($file_uploads != 0 || empty($file_uploads)) && (strtolower($file_uploads) != 'off') && (@phpversion() != '4.0.4pl1') ) { $module['General']['Restore_DB'] = $filename . "?perform=restore"; } --- 34,43 ---- { $filename = basename(__FILE__); $module['General']['Backup_DB'] = $filename . "?perform=backup"; ! ! $file_uploads = (@phpversion() >= '4.0.0') ? @ini_get('file_uploads') : @get_cfg_var('file_uploads'); ! ! if( (empty($file_uploads) || $file_uploads != 0) && (strtolower($file_uploads) != 'off') && (@phpversion() != '4.0.4pl1') ) { $module['General']['Restore_DB'] = $filename . "?perform=restore"; } *************** *** 54,62 **** // Load default header // $no_page_header = TRUE; ! $phpbb_root_path = "../"; require($phpbb_root_path . 'extension.inc'); ! require('pagestart.' . $phpEx); include($phpbb_root_path . 'includes/sql_parse.'.$phpEx); // --- 49,57 ---- // Load default header // $no_page_header = TRUE; ! $phpbb_root_path = "./../"; require($phpbb_root_path . 'extension.inc'); ! require('./pagestart.' . $phpEx); include($phpbb_root_path . 'includes/sql_parse.'.$phpEx); // *************** *** 375,381 **** // Ok lets grab the fields... // $result = $db->sql_query($field_query); ! if(!result) { message_die(GENERAL_ERROR, "Failed in get_table_def (show fields)", "", __LINE__, __FILE__, $field_query); } --- 370,376 ---- // Ok lets grab the fields... // $result = $db->sql_query($field_query); ! if(!$result) { message_die(GENERAL_ERROR, "Failed in get_table_def (show fields)", "", __LINE__, __FILE__, $field_query); } *************** *** 571,656 **** function get_table_content_mysql($table, $handler) { global $db; - // - // Grab the data from the table. - // - $result = $db->sql_query("SELECT * FROM $table"); ! if (!$result) { message_die(GENERAL_ERROR, "Failed in get_table_content (select *)", "", __LINE__, __FILE__, "SELECT * FROM $table"); } - if($db->sql_numrows($result) > 0) - { - $schema_insert = "\n#\n# Table Data for $table\n#\n"; - } - else - { - $schema_insert = ""; - } - - $handler($schema_insert); - - // // Loop through the resulting rows and build the sql statement. ! // ! ! while ($row = $db->sql_fetchrow($result)) { ! $table_list = '('; ! $num_fields = $db->sql_numfields($result); ! // // Grab the list of field names. ! // for ($j = 0; $j < $num_fields; $j++) { ! $table_list .= $db->sql_fieldname($j, $result) . ', '; } - // - // Get rid of the last comma - // - $table_list = ereg_replace(', $', '', $table_list); $table_list .= ')'; ! // ! // Start building the SQL statement. ! // ! $schema_insert = "INSERT INTO $table $table_list VALUES("; ! // ! // Loop through the rows and fill in data for each column ! // ! for ($j = 0; $j < $num_fields; $j++) { ! if(!isset($row[$j])) ! { ! // ! // If there is no data for the column set it to null. ! // There was a problem here with an extra space causing the ! // sql file not to reimport if the last column was null in ! // any table. Should be fixed now :) JLH ! // ! $schema_insert .= ' NULL,'; ! } ! elseif ($row[$j] != '') ! { ! $schema_insert .= ' \'' . addslashes($row[$j]) . '\','; ! } ! else { ! $schema_insert .= '\'\','; } - } - // - // Get rid of the the last comma. - // - $schema_insert = ereg_replace(',$', '', $schema_insert); - $schema_insert .= ');'; - // - // Go ahead and send the insert statement to the handler function. - // - $handler(trim($schema_insert)); } return(true); } --- 566,634 ---- function get_table_content_mysql($table, $handler) { global $db; ! // Grab the data from the table. ! if (!($result = $db->sql_query("SELECT * FROM $table"))) { message_die(GENERAL_ERROR, "Failed in get_table_content (select *)", "", __LINE__, __FILE__, "SELECT * FROM $table"); } // Loop through the resulting rows and build the sql statement. ! if ($row = $db->sql_fetchrow($result)) { ! $handler("\n#\n# Table Data for $table\n#\n"); ! $field_names = array(); ! // Grab the list of field names. ! $num_fields = $db->sql_numfields($result); ! $table_list = '('; for ($j = 0; $j < $num_fields; $j++) { ! $field_names[$j] = $db->sql_fieldname($j, $result); ! $table_list .= (($j > 0) ? ', ' : '') . $field_names[$j]; ! } $table_list .= ')'; ! ! do { ! // Start building the SQL statement. ! $schema_insert = "INSERT INTO $table $table_list VALUES("; ! ! // Loop through the rows and fill in data for each column ! for ($j = 0; $j < $num_fields; $j++) { ! $schema_insert .= ($j > 0) ? ', ' : ''; ! ! if(!isset($row[$field_names[$j]])) ! { ! // ! // If there is no data for the column set it to null. ! // There was a problem here with an extra space causing the ! // sql file not to reimport if the last column was null in ! // any table. Should be fixed now :) JLH ! // ! $schema_insert .= 'NULL'; ! } ! elseif ($row[$field_names[$j]] != '') ! { ! $schema_insert .= '\'' . addslashes($row[$field_names[$j]]) . '\''; ! } ! else ! { ! $schema_insert .= '\'\''; ! } } + $schema_insert .= ');'; + + // Go ahead and send the insert statement to the handler function. + $handler(trim($schema_insert)); + + } + while ($row = $db->sql_fetchrow($result)); } + return(true); } *************** *** 671,677 **** // // Begin program proper // - if( isset($HTTP_GET_VARS['perform']) || isset($HTTP_POST_VARS['perform']) ) { $perform = (isset($HTTP_POST_VARS['perform'])) ? $HTTP_POST_VARS['perform'] : $HTTP_GET_VARS['perform']; --- 649,654 ---- *************** *** 680,701 **** { case 'backup': ! if( SQL_LAYER == 'oracle' || SQL_LAYER == 'odbc' || SQL_LAYER == 'mssql' ) { ! switch(SQL_LAYER) ! { ! case 'oracle': ! $db_type = "Oracle"; ! break; ! case 'odbc': ! $db_type = "ODBC"; ! break; ! case 'mssql': ! $db_type = "MSSQL"; ! break; ! } ! include('page_header_admin.'.$phpEx); $template->set_filenames(array( "body" => "admin/admin_message_body.tpl") --- 657,683 ---- { case 'backup': ! $error = false; ! switch(SQL_LAYER) { ! case 'oracle': ! $error = true; ! break; ! case 'db2': ! $error = true; ! break; ! case 'msaccess': ! $error = true; ! break; ! case 'mssql': ! case 'mssql-odbc': ! $error = true; ! break; ! } ! if ($error) ! { ! include('./page_header_admin.'.$phpEx); $template->set_filenames(array( "body" => "admin/admin_message_body.tpl") *************** *** 708,718 **** $template->pparse("body"); ! break; } ! $tables = array('auth_access', 'banlist', 'categories', 'config', 'disallow', 'forums', 'forum_prune', 'groups', 'posts', 'posts_text', 'privmsgs', 'privmsgs_text', 'ranks', 'search_results', 'search_results', 'search_wordlist', 'search_wordmatch', 'sessions', 'smilies', 'themes', 'themes_name', 'topics', 'topics_watch', 'user_group', 'users', 'vote_desc', 'vote_results', 'vote_voters', 'words'); ! $additional_tables = (isset($HTTP_POST_VARS['additional_tables'])) ? $HTTP_POST_VARS['additional_tables'] : ( (isset($HTTP_GET_VARS['additional_tables'])) ? $HTTP_GET_VARS['additional_tables'] : "" ); --- 690,699 ---- $template->pparse("body"); ! include('./page_footer_admin.'.$phpEx); } ! $tables = array('auth_access', 'banlist', 'categories', 'config', 'disallow', 'forums', 'forum_prune', 'groups', 'posts', 'posts_text', 'privmsgs', 'privmsgs_text', 'ranks', 'search_results', 'search_wordlist', 'search_wordmatch', 'sessions', 'smilies', 'themes', 'themes_name', 'topics', 'topics_watch', 'user_group', 'users', 'vote_desc', 'vote_results', 'vote_voters', 'words', 'confirm'); $additional_tables = (isset($HTTP_POST_VARS['additional_tables'])) ? $HTTP_POST_VARS['additional_tables'] : ( (isset($HTTP_GET_VARS['additional_tables'])) ? $HTTP_GET_VARS['additional_tables'] : "" ); *************** *** 720,725 **** --- 701,708 ---- $gzipcompress = (!empty($HTTP_POST_VARS['gzipcompress'])) ? $HTTP_POST_VARS['gzipcompress'] : ( (!empty($HTTP_GET_VARS['gzipcompress'])) ? $HTTP_GET_VARS['gzipcompress'] : 0 ); + $drop = (!empty($HTTP_POST_VARS['drop'])) ? intval($HTTP_POST_VARS['drop']) : ( (!empty($HTTP_GET_VARS['drop'])) ? intval($HTTP_GET_VARS['drop']) : 0 ); + if(!empty($additional_tables)) { if(ereg(",", $additional_tables)) *************** *** 740,751 **** if( !isset($HTTP_POST_VARS['backupstart']) && !isset($HTTP_GET_VARS['backupstart'])) { ! include('page_header_admin.'.$phpEx); $template->set_filenames(array( "body" => "admin/db_utils_backup_body.tpl") ! ); ! $s_hidden_fields = ""; $template->assign_vars(array( --- 723,733 ---- if( !isset($HTTP_POST_VARS['backupstart']) && !isset($HTTP_GET_VARS['backupstart'])) { ! include('./page_header_admin.'.$phpEx); $template->set_filenames(array( "body" => "admin/db_utils_backup_body.tpl") ! ); $s_hidden_fields = ""; $template->assign_vars(array( *************** *** 771,792 **** } else if( !isset($HTTP_POST_VARS['startdownload']) && !isset($HTTP_GET_VARS['startdownload']) ) { $template->set_filenames(array( "body" => "admin/admin_message_body.tpl") ); $template->assign_vars(array( ! "META" => "", "MESSAGE_TITLE" => $lang['Database_Utilities'] . " : " . $lang['Backup'], "MESSAGE_TEXT" => $lang['Backup_download']) ); ! include('page_header_admin.php'); $template->pparse("body"); ! include('page_footer_admin.'.$phpEx); } header("Pragma: no-cache"); --- 753,778 ---- } else if( !isset($HTTP_POST_VARS['startdownload']) && !isset($HTTP_GET_VARS['startdownload']) ) { + if(is_array($additional_tables)) + { + $additional_tables = implode(',', $additional_tables); + } $template->set_filenames(array( "body" => "admin/admin_message_body.tpl") ); $template->assign_vars(array( ! "META" => '', "MESSAGE_TITLE" => $lang['Database_Utilities'] . " : " . $lang['Backup'], "MESSAGE_TEXT" => $lang['Backup_download']) ); ! include('./page_header_admin.'.$phpEx); $template->pparse("body"); ! include('./page_footer_admin.'.$phpEx); } header("Pragma: no-cache"); *************** *** 807,813 **** { @ob_start(); @ob_implicit_flush(0); ! header("Content-Type: text/x-delimtext; name=\"phpbb_db_backup.sql.gz\""); header("Content-disposition: attachment; filename=phpbb_db_backup.sql.gz"); } else --- 793,799 ---- { @ob_start(); @ob_implicit_flush(0); ! header("Content-Type: application/x-gzip; name=\"phpbb_db_backup.sql.gz\""); header("Content-disposition: attachment; filename=phpbb_db_backup.sql.gz"); } else *************** *** 832,846 **** for($i = 0; $i < count($tables); $i++) { $table_name = $tables[$i]; ! if(SQL_LAYER != 'mysql4') ! { ! $table_def_function = "get_table_def_" . SQL_LAYER; ! $table_content_function = "get_table_content_" . SQL_LAYER; ! } ! else { ! $table_def_function = "get_table_def_mysql"; ! $table_content_function = "get_table_content_mysql"; } if($backup_type != 'data') --- 818,836 ---- for($i = 0; $i < count($tables); $i++) { $table_name = $tables[$i]; ! ! switch (SQL_LAYER) { ! case 'postgresql': ! $table_def_function = "get_table_def_postgresql"; ! $table_content_function = "get_table_content_postgresql"; ! break; ! ! case 'mysql': ! case 'mysql4': ! $table_def_function = "get_table_def_mysql"; ! $table_content_function = "get_table_content_mysql"; ! break; } if($backup_type != 'data') *************** *** 868,879 **** break; case 'restore': ! if(!isset($restore_start)) { // // Define Template files... // ! include('page_header_admin.'.$phpEx); $template->set_filenames(array( "body" => "admin/db_utils_restore_body.tpl") --- 858,869 ---- break; case 'restore': ! if(!isset($HTTP_POST_VARS['restore_start'])) { // // Define Template files... // ! include('./page_header_admin.'.$phpEx); $template->set_filenames(array( "body" => "admin/db_utils_restore_body.tpl") *************** *** 907,913 **** if($backup_file_tmpname == "" || $backup_file_name == "") { - include('page_header_admin.'.$phpEx); message_die(GENERAL_MESSAGE, $lang['Restore_Error_no_file']); } // --- 897,902 ---- *************** *** 916,922 **** // a hackers attempt at getting us to process a local system // file. // ! if( file_exists($backup_file_tmpname) ) { if( preg_match("/^(text\/[a-zA-Z]+)|(application\/(x\-)?gzip(\-compressed)?)|(application\/octet-stream)$/is", $backup_file_type) ) { --- 905,911 ---- // a hackers attempt at getting us to process a local system // file. // ! if( file_exists(phpbb_realpath($backup_file_tmpname)) ) { if( preg_match("/^(text\/[a-zA-Z]+)|(application\/(x\-)?gzip(\-compressed)?)|(application\/octet-stream)$/is", $backup_file_type) ) { *************** *** 943,949 **** } else { - include('page_header_admin.'.$phpEx); message_die(GENERAL_ERROR, $lang['Restore_Error_decompress']); } } --- 932,937 ---- *************** *** 958,970 **** } else { - include('page_header_admin.'.$phpEx); message_die(GENERAL_ERROR, $lang['Restore_Error_filename'] ." $backup_file_type $backup_file_name"); } } else { - include('page_header_admin.'.$phpEx); message_die(GENERAL_ERROR, $lang['Restore_Error_uploading']); } --- 946,956 ---- *************** *** 991,1005 **** if(!$result && ( !(SQL_LAYER == 'postgresql' && eregi("drop table", $sql) ) ) ) { - //include('page_header_admin.'.$phpEx); - // echo "~~$sql~~"; message_die(GENERAL_ERROR, "Error importing backup file", "", __LINE__, __FILE__, $sql); } } } } ! include('page_header_admin.'.$phpEx); $template->set_filenames(array( "body" => "admin/admin_message_body.tpl") --- 977,989 ---- if(!$result && ( !(SQL_LAYER == 'postgresql' && eregi("drop table", $sql) ) ) ) { message_die(GENERAL_ERROR, "Error importing backup file", "", __LINE__, __FILE__, $sql); } } } } ! include('./page_header_admin.'.$phpEx); $template->set_filenames(array( "body" => "admin/admin_message_body.tpl") *************** *** 1019,1024 **** } } ! include('page_footer_admin.'.$phpEx); ?> --- 1003,1008 ---- } } ! include('./page_footer_admin.'.$phpEx); ?> diff -crN phpbb200/admin/admin_disallow.php phpbb2017/admin/admin_disallow.php *** phpbb200/admin/admin_disallow.php Sat Jul 10 20:16:13 2004 --- phpbb2017/admin/admin_disallow.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_disallow.php,v 1.9 2002/03/22 17:00:32 psotfx Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_disallow.php,v 1.9.2.2 2002/11/26 11:42:11 psotfx Exp $ * * ***************************************************************************/ *************** *** 33,49 **** // // Include required files, get $phpEx and check permissions // ! $phpbb_root_path = "../"; require($phpbb_root_path . 'extension.inc'); ! require('pagestart.' . $phpEx); if( isset($HTTP_POST_VARS['add_name']) ) { include($phpbb_root_path . 'includes/functions_validate.'.$phpEx); ! $disallowed_user = ( isset($HTTP_POST_VARS['disallowed_user']) ) ? $HTTP_POST_VARS['disallowed_user'] : $HTTP_GET_VARS['disallowed_user']; ! $disallowed_user = preg_replace( '/\*/', '%', $disallowed_user ); if( !validate_username($disallowed_user) ) { $message = $lang['Disallowed_already']; --- 33,52 ---- // // Include required files, get $phpEx and check permissions // ! $phpbb_root_path = "./../"; require($phpbb_root_path . 'extension.inc'); ! require('./pagestart.' . $phpEx); if( isset($HTTP_POST_VARS['add_name']) ) { include($phpbb_root_path . 'includes/functions_validate.'.$phpEx); ! $disallowed_user = ( isset($HTTP_POST_VARS['disallowed_user']) ) ? trim($HTTP_POST_VARS['disallowed_user']) : trim($HTTP_GET_VARS['disallowed_user']); + if ($disallowed_user == '') + { + message_die(MESSAGE, $lang['Fields_empty']); + } if( !validate_username($disallowed_user) ) { $message = $lang['Disallowed_already']; *************** *** 110,117 **** $user = array(); for( $i = 0; $i < count($disallowed); $i++ ) { - $disallowed[$i]['disallow_username'] = preg_replace('/%/', '*', $disallowed[$i]['disallow_username']); - $disallow_select .= ''; } } --- 113,118 ---- *************** *** 139,143 **** --- 140,146 ---- ); $template->pparse("body"); + + include('./page_footer_admin.'.$phpEx); ?> diff -crN phpbb200/admin/admin_forum_prune.php phpbb2017/admin/admin_forum_prune.php *** phpbb200/admin/admin_forum_prune.php Sat Jul 10 20:16:13 2004 --- phpbb2017/admin/admin_forum_prune.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_forum_prune.php,v 1.22 2002/04/02 14:53:44 psotfx Exp $ * ****************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_forum_prune.php,v 1.22.2.3 2002/12/18 14:14:07 psotfx Exp $ * ****************************************************************************/ *************** *** 32,40 **** // // Load default header // ! $phpbb_root_path = '../'; require($phpbb_root_path . 'extension.inc'); ! require('pagestart.' . $phpEx); require($phpbb_root_path . 'includes/prune.'.$phpEx); require($phpbb_root_path . 'includes/functions_admin.'.$phpEx); --- 32,40 ---- // // Load default header // ! $phpbb_root_path = "./../"; require($phpbb_root_path . 'extension.inc'); ! require('./pagestart.' . $phpEx); require($phpbb_root_path . 'includes/prune.'.$phpEx); require($phpbb_root_path . 'includes/functions_admin.'.$phpEx); *************** *** 168,176 **** $forum_name = ( $forum_id == -1 ) ? $lang['All_Forums'] : $forum_rows[0]['forum_name']; $prune_data = $lang['Prune_topics_not_posted'] . " "; ! $prune_data .= ' ' . $lang['Days']; ! $hidden_input = ''; // // Assign the template variables. --- 168,176 ---- $forum_name = ( $forum_id == -1 ) ? $lang['All_Forums'] : $forum_rows[0]['forum_name']; $prune_data = $lang['Prune_topics_not_posted'] . " "; ! $prune_data .= ' ' . $lang['Days']; ! $hidden_input = ''; // // Assign the template variables. *************** *** 178,183 **** --- 178,184 ---- $template->assign_vars(array( 'FORUM_NAME' => $forum_name, + 'L_FORUM' => $lang['Forum'], 'L_FORUM_PRUNE' => $lang['Forum_Prune'], 'L_FORUM_PRUNE_EXPLAIN' => $lang['Forum_Prune_explain'], 'L_DO_PRUNE' => $lang['Do_Prune'], *************** *** 193,198 **** // $template->pparse('body'); ! include('page_footer_admin.'.$phpEx); ?> --- 194,199 ---- // $template->pparse('body'); ! include('./page_footer_admin.'.$phpEx); ?> diff -crN phpbb200/admin/admin_forumauth.php phpbb2017/admin/admin_forumauth.php *** phpbb200/admin/admin_forumauth.php Sat Jul 10 20:16:13 2004 --- phpbb2017/admin/admin_forumauth.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_forumauth.php,v 1.23 2002/03/22 17:00:32 psotfx Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_forumauth.php,v 1.23.2.5 2004/03/25 15:57:19 acydburn Exp $ * * ***************************************************************************/ *************** *** 34,42 **** // Load default header // $no_page_header = TRUE; ! $phpbb_root_path = "../"; require($phpbb_root_path . 'extension.inc'); ! require('pagestart.' . $phpEx); // // Start program - define vars --- 34,42 ---- // Load default header // $no_page_header = TRUE; ! $phpbb_root_path = './../'; require($phpbb_root_path . 'extension.inc'); ! require('./pagestart.' . $phpEx); // // Start program - define vars *************** *** 52,74 **** 6 => array(AUTH_MOD, AUTH_MOD, AUTH_MOD, AUTH_MOD, AUTH_MOD, AUTH_MOD, AUTH_MOD, AUTH_MOD, AUTH_MOD, AUTH_MOD), ); ! $simple_auth_types = array($lang['Public'], $lang['Registered'], $lang['Registered'] . " [" . $lang['Hidden'] . "]", $lang['Private'], $lang['Private'] . " [" . $lang['Hidden'] . "]", $lang['Moderators'], $lang['Moderators'] . " [" . $lang['Hidden'] . "]"); ! $forum_auth_fields = array("auth_view", "auth_read", "auth_post", "auth_reply", "auth_edit", "auth_delete", "auth_sticky", "auth_announce", "auth_vote", "auth_pollcreate"); $field_names = array( ! "auth_view" => $lang['View'], ! "auth_read" => $lang['Read'], ! "auth_post" => $lang['Post'], ! "auth_reply" => $lang['Reply'], ! "auth_edit" => $lang['Edit'], ! "auth_delete" => $lang['Delete'], ! "auth_sticky" => $lang['Sticky'], ! "auth_announce" => $lang['Announce'], ! "auth_vote" => $lang['Vote'], ! "auth_pollcreate" => $lang['Pollcreate']); ! $forum_auth_levels = array("ALL", "REG", "PRIVATE", "MOD", "ADMIN"); $forum_auth_const = array(AUTH_ALL, AUTH_REG, AUTH_ACL, AUTH_MOD, AUTH_ADMIN); if(isset($HTTP_GET_VARS[POST_FORUM_URL]) || isset($HTTP_POST_VARS[POST_FORUM_URL])) --- 52,74 ---- 6 => array(AUTH_MOD, AUTH_MOD, AUTH_MOD, AUTH_MOD, AUTH_MOD, AUTH_MOD, AUTH_MOD, AUTH_MOD, AUTH_MOD, AUTH_MOD), ); ! $simple_auth_types = array($lang['Public'], $lang['Registered'], $lang['Registered'] . ' [' . $lang['Hidden'] . ']', $lang['Private'], $lang['Private'] . ' [' . $lang['Hidden'] . ']', $lang['Moderators'], $lang['Moderators'] . ' [' . $lang['Hidden'] . ']'); ! $forum_auth_fields = array('auth_view', 'auth_read', 'auth_post', 'auth_reply', 'auth_edit', 'auth_delete', 'auth_sticky', 'auth_announce', 'auth_vote', 'auth_pollcreate'); $field_names = array( ! 'auth_view' => $lang['View'], ! 'auth_read' => $lang['Read'], ! 'auth_post' => $lang['Post'], ! 'auth_reply' => $lang['Reply'], ! 'auth_edit' => $lang['Edit'], ! 'auth_delete' => $lang['Delete'], ! 'auth_sticky' => $lang['Sticky'], ! 'auth_announce' => $lang['Announce'], ! 'auth_vote' => $lang['Vote'], ! 'auth_pollcreate' => $lang['Pollcreate']); ! $forum_auth_levels = array('ALL', 'REG', 'PRIVATE', 'MOD', 'ADMIN'); $forum_auth_const = array(AUTH_ALL, AUTH_REG, AUTH_ACL, AUTH_MOD, AUTH_ADMIN); if(isset($HTTP_GET_VARS[POST_FORUM_URL]) || isset($HTTP_POST_VARS[POST_FORUM_URL])) *************** *** 79,85 **** else { unset($forum_id); ! $forum_sql = ""; } if( isset($HTTP_GET_VARS['adv']) ) --- 79,85 ---- else { unset($forum_id); ! $forum_sql = ''; } if( isset($HTTP_GET_VARS['adv']) ) *************** *** 96,161 **** // if( isset($HTTP_POST_VARS['submit']) ) { ! $sql = ""; if(!empty($forum_id)) { - $sql = "UPDATE " . FORUMS_TABLE . " SET "; - if(isset($HTTP_POST_VARS['simpleauth'])) { ! $simple_ary = $simple_auth_ary[$HTTP_POST_VARS['simpleauth']]; for($i = 0; $i < count($simple_ary); $i++) { ! $sql .= $forum_auth_fields[$i] . " = " . $simple_ary[$i]; ! if($i < count($simple_ary) - 1) ! { ! $sql .= ", "; ! } } ! $sql .= " WHERE forum_id = $forum_id"; } else { for($i = 0; $i < count($forum_auth_fields); $i++) { ! $value = $HTTP_POST_VARS[$forum_auth_fields[$i]]; ! if($forum_auth_fields[$i] == 'auth_vote') { ! if( $HTTP_POST_VARS['auth_vote'] == AUTH_ALL ) { $value = AUTH_REG; } } ! $sql .= $forum_auth_fields[$i] . " = " . $value; ! if($i < count($forum_auth_fields) - 1) ! { ! $sql .= ", "; ! } } ! $sql .= " WHERE forum_id = $forum_id"; ! } ! if($sql != "") { ! if(!$db->sql_query($sql)) { ! message_die(GENERAL_ERROR, "Couldn't update auth table!", "", __LINE__, __FILE__, $sql); } } ! $forum_sql = ""; $adv = 0; } $template->assign_vars(array( ! "META" => '') ); $message = $lang['Forum_auth_updated'] . '

' . sprintf($lang['Click_return_forumauth'], '', ""); message_die(GENERAL_MESSAGE, $message); --- 96,153 ---- // if( isset($HTTP_POST_VARS['submit']) ) { ! $sql = ''; if(!empty($forum_id)) { if(isset($HTTP_POST_VARS['simpleauth'])) { ! $simple_ary = $simple_auth_ary[intval($HTTP_POST_VARS['simpleauth'])]; for($i = 0; $i < count($simple_ary); $i++) { ! $sql .= ( ( $sql != '' ) ? ', ' : '' ) . $forum_auth_fields[$i] . ' = ' . $simple_ary[$i]; } ! if (is_array($simple_ary)) ! { ! $sql = "UPDATE " . FORUMS_TABLE . " SET $sql WHERE forum_id = $forum_id"; ! } } else { for($i = 0; $i < count($forum_auth_fields); $i++) { ! $value = intval($HTTP_POST_VARS[$forum_auth_fields[$i]]); ! if ( $forum_auth_fields[$i] == 'auth_vote' ) { ! if ( $HTTP_POST_VARS['auth_vote'] == AUTH_ALL ) { $value = AUTH_REG; } } ! $sql .= ( ( $sql != '' ) ? ', ' : '' ) .$forum_auth_fields[$i] . ' = ' . $value; } ! $sql = "UPDATE " . FORUMS_TABLE . " SET $sql WHERE forum_id = $forum_id"; } ! if ( $sql != '' ) { ! if ( !$db->sql_query($sql) ) { ! message_die(GENERAL_ERROR, 'Could not update auth table', '', __LINE__, __FILE__, $sql); } } ! $forum_sql = ''; $adv = 0; } $template->assign_vars(array( ! 'META' => '') ); $message = $lang['Forum_auth_updated'] . '

' . sprintf($lang['Click_return_forumauth'], '', ""); message_die(GENERAL_MESSAGE, $message); *************** *** 187,193 **** // specified // $template->set_filenames(array( ! "body" => "admin/auth_select_body.tpl") ); $select_list = ''; *************** *** 198,210 **** $select_list .= ''; $template->assign_vars(array( ! "L_AUTH_TITLE" => $lang['Auth_Control_Forum'], ! "L_AUTH_EXPLAIN" => $lang['Forum_auth_explain'], ! "L_AUTH_SELECT" => $lang['Select_a_Forum'], ! "L_LOOK_UP" => $lang['Look_up_Forum'], ! "S_AUTH_ACTION" => append_sid("admin_forumauth.$phpEx"), ! "S_AUTH_SELECT" => $select_list) ); } --- 190,202 ---- $select_list .= ''; $template->assign_vars(array( ! 'L_AUTH_TITLE' => $lang['Auth_Control_Forum'], ! 'L_AUTH_EXPLAIN' => $lang['Forum_auth_explain'], ! 'L_AUTH_SELECT' => $lang['Select_a_Forum'], ! 'L_LOOK_UP' => $lang['Look_up_Forum'], ! 'S_AUTH_ACTION' => append_sid("admin_forumauth.$phpEx"), ! 'S_AUTH_SELECT' => $select_list) ); } *************** *** 215,221 **** // specified // $template->set_filenames(array( ! "body" => "admin/auth_forum_body.tpl") ); $forum_name = $forum_rows[0]['forum_name']; --- 207,213 ---- // specified // $template->set_filenames(array( ! 'body' => 'admin/auth_forum_body.tpl') ); $forum_name = $forum_rows[0]['forum_name']; *************** *** 244,281 **** // If we didn't get a match above then we // automatically switch into 'advanced' mode // ! if(!isset($adv) && !$matched) { $adv = 1; } $s_column_span == 0; ! if( empty($adv) ) { ! $simple_auth = ""; ! $template->assign_block_vars("forum_auth_titles", array( ! "CELL_TITLE" => $lang['Simple_mode']) ); ! $template->assign_block_vars("forum_auth_data", array( ! "S_AUTH_LEVELS_SELECT" => $simple_auth) ); $s_column_span++; --- 236,265 ---- // If we didn't get a match above then we // automatically switch into 'advanced' mode // ! if ( !isset($adv) && !$matched ) { $adv = 1; } $s_column_span == 0; ! if ( empty($adv) ) { ! $simple_auth = ''; ! $template->assign_block_vars('forum_auth_titles', array( ! 'CELL_TITLE' => $lang['Simple_mode']) ); ! $template->assign_block_vars('forum_auth_data', array( ! 'S_AUTH_LEVELS_SELECT' => $simple_auth) ); $s_column_span++; *************** *** 288,324 **** // for($j = 0; $j < count($forum_auth_fields); $j++) { ! $custom_auth[$j] = "  "; $cell_title = $field_names[$forum_auth_fields[$j]]; ! $template->assign_block_vars("forum_auth_titles", array( ! "CELL_TITLE" => $cell_title) ); ! $template->assign_block_vars("forum_auth_data", array( ! "S_AUTH_LEVELS_SELECT" => $custom_auth[$j]) ); $s_column_span++; } } ! $adv_mode = (empty($adv)) ? "1" : "0"; $switch_mode = append_sid("admin_forumauth.$phpEx?" . POST_FORUM_URL . "=" . $forum_id . "&adv=". $adv_mode); $switch_mode_text = ( empty($adv) ) ? $lang['Advanced_mode'] : $lang['Simple_mode']; $u_switch_mode = '' . $switch_mode_text . ''; --- 272,300 ---- // for($j = 0; $j < count($forum_auth_fields); $j++) { ! $custom_auth[$j] = '  '; $cell_title = $field_names[$forum_auth_fields[$j]]; ! $template->assign_block_vars('forum_auth_titles', array( ! 'CELL_TITLE' => $cell_title) ); ! $template->assign_block_vars('forum_auth_data', array( ! 'S_AUTH_LEVELS_SELECT' => $custom_auth[$j]) ); $s_column_span++; } } ! $adv_mode = ( empty($adv) ) ? '1' : '0'; $switch_mode = append_sid("admin_forumauth.$phpEx?" . POST_FORUM_URL . "=" . $forum_id . "&adv=". $adv_mode); $switch_mode_text = ( empty($adv) ) ? $lang['Advanced_mode'] : $lang['Simple_mode']; $u_switch_mode = '' . $switch_mode_text . ''; *************** *** 326,351 **** $s_hidden_fields = ''; $template->assign_vars(array( ! "FORUM_NAME" => $forum_name, ! "L_AUTH_TITLE" => $lang['Auth_Control_Forum'], ! "L_AUTH_EXPLAIN" => $lang['Forum_auth_explain'], ! "L_SUBMIT" => $lang['Submit'], ! "L_RESET" => $lang['Reset'], ! ! "U_SWITCH_MODE" => $u_switch_mode, ! ! "S_FORUMAUTH_ACTION" => append_sid("admin_forumauth.$phpEx"), ! "S_COLUMN_SPAN" => $s_column_span, ! "S_HIDDEN_FIELDS" => $s_hidden_fields) ); } ! include('page_header_admin.'.$phpEx); ! $template->pparse("body"); ! include('page_footer_admin.'.$phpEx); ?> --- 302,328 ---- $s_hidden_fields = ''; $template->assign_vars(array( ! 'FORUM_NAME' => $forum_name, ! 'L_FORUM' => $lang['Forum'], ! 'L_AUTH_TITLE' => $lang['Auth_Control_Forum'], ! 'L_AUTH_EXPLAIN' => $lang['Forum_auth_explain'], ! 'L_SUBMIT' => $lang['Submit'], ! 'L_RESET' => $lang['Reset'], ! ! 'U_SWITCH_MODE' => $u_switch_mode, ! ! 'S_FORUMAUTH_ACTION' => append_sid("admin_forumauth.$phpEx"), ! 'S_COLUMN_SPAN' => $s_column_span, ! 'S_HIDDEN_FIELDS' => $s_hidden_fields) ); } ! include('./page_header_admin.'.$phpEx); ! $template->pparse('body'); ! include('./page_footer_admin.'.$phpEx); ?> diff -crN phpbb200/admin/admin_forums.php phpbb2017/admin/admin_forums.php *** phpbb200/admin/admin_forums.php Sat Jul 10 20:16:13 2004 --- phpbb2017/admin/admin_forums.php Tue Jul 19 22:14:56 2005 *************** *** 1,13 **** AUTH_ALL, "auth_edit" => AUTH_REG, "auth_delete" => AUTH_REG, ! "auth_sticky" => AUTH_REG, "auth_announce" => AUTH_MOD, "auth_vote" => AUTH_REG, "auth_pollcreate" => AUTH_REG --- 43,49 ---- "auth_reply" => AUTH_ALL, "auth_edit" => AUTH_REG, "auth_delete" => AUTH_REG, ! "auth_sticky" => AUTH_MOD, "auth_announce" => AUTH_MOD, "auth_vote" => AUTH_REG, "auth_pollcreate" => AUTH_REG *************** *** 56,61 **** --- 55,61 ---- if( isset($HTTP_POST_VARS['mode']) || isset($HTTP_GET_VARS['mode']) ) { $mode = ( isset($HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode']; + $mode = htmlspecialchars($mode); } else { *************** *** 233,238 **** --- 233,239 ---- if( $mode == "addforum" ) { list($cat_id) = each($HTTP_POST_VARS['addforum']); + $cat_id = intval($cat_id); // // stripslashes needs to be run on this because slashes are added when the forum name is posted // *************** *** 302,309 **** $catlist = get_list('category', $cat_id, TRUE); $forumstatus == ( FORUM_LOCKED ) ? $forumlocked = "selected=\"selected\"" : $forumunlocked = "selected=\"selected\""; ! $statuslist = "\n"; ! $statuslist .= "\n"; $template->set_filenames(array( "body" => "admin/forum_edit_body.tpl") --- 303,316 ---- $catlist = get_list('category', $cat_id, TRUE); $forumstatus == ( FORUM_LOCKED ) ? $forumlocked = "selected=\"selected\"" : $forumunlocked = "selected=\"selected\""; ! ! // These two options ($lang['Status_unlocked'] and $lang['Status_locked']) seem to be missing from ! // the language files. ! $lang['Status_unlocked'] = isset($lang['Status_unlocked']) ? $lang['Status_unlocked'] : 'Unlocked'; ! $lang['Status_locked'] = isset($lang['Status_locked']) ? $lang['Status_locked'] : 'Locked'; ! ! $statuslist = "\n"; ! $statuslist .= "\n"; $template->set_filenames(array( "body" => "admin/forum_edit_body.tpl") *************** *** 493,499 **** // There is no problem having duplicate forum names so we won't check for it. // $sql = "INSERT INTO " . CATEGORIES_TABLE . " (cat_title, cat_order) ! VALUES ('" . $HTTP_POST_VARS['categoryname'] . "', $next_order)"; if( !$result = $db->sql_query($sql) ) { message_die(GENERAL_ERROR, "Couldn't insert row in categories table", "", __LINE__, __FILE__, $sql); --- 500,506 ---- // There is no problem having duplicate forum names so we won't check for it. // $sql = "INSERT INTO " . CATEGORIES_TABLE . " (cat_title, cat_order) ! VALUES ('" . str_replace("\'", "''", $HTTP_POST_VARS['categoryname']) . "', $next_order)"; if( !$result = $db->sql_query($sql) ) { message_die(GENERAL_ERROR, "Couldn't insert row in categories table", "", __LINE__, __FILE__, $sql); *************** *** 604,611 **** // Either delete or move all posts in a forum if($to_id == -1) { include($phpbb_root_path . "includes/prune.$phpEx"); ! prune($from_id, 0); // Delete everything from forum } else { --- 611,651 ---- // Either delete or move all posts in a forum if($to_id == -1) { + // Delete polls in this forum + $sql = "SELECT v.vote_id + FROM " . VOTE_DESC_TABLE . " v, " . TOPICS_TABLE . " t + WHERE t.forum_id = $from_id + AND v.topic_id = t.topic_id"; + if (!($result = $db->sql_query($sql))) + { + message_die(GENERAL_ERROR, "Couldn't obtain list of vote ids", "", __LINE__, __FILE__, $sql); + } + + if ($row = $db->sql_fetchrow($result)) + { + $vote_ids = ''; + do + { + $vote_ids = (($vote_ids != '') ? ', ' : '') . $row['vote_id']; + } + while ($row = $db->sql_fetchrow($result)); + + $sql = "DELETE FROM " . VOTE_DESC_TABLE . " + WHERE vote_id IN ($vote_ids)"; + $db->sql_query($sql); + + $sql = "DELETE FROM " . VOTE_RESULTS_TABLE . " + WHERE vote_id IN ($vote_ids)"; + $db->sql_query($sql); + + $sql = "DELETE FROM " . VOTE_USERS_TABLE . " + WHERE vote_id IN ($vote_ids)"; + $db->sql_query($sql); + } + $db->sql_freeresult($result); + include($phpbb_root_path . "includes/prune.$phpEx"); ! prune($from_id, 0, true); // Delete everything from forum } else { *************** *** 616,621 **** --- 656,662 ---- { message_die(GENERAL_ERROR, "Couldn't verify existence of forums", "", __LINE__, __FILE__, $sql); } + if($db->sql_numrows($result) != 2) { message_die(GENERAL_ERROR, "Ambiguous forum ID's", "", __LINE__, __FILE__); *************** *** 637,642 **** --- 678,734 ---- sync('forum', $to_id); } + // Alter Mod level if appropriate - 2.0.4 + $sql = "SELECT ug.user_id + FROM " . AUTH_ACCESS_TABLE . " a, " . USER_GROUP_TABLE . " ug + WHERE a.forum_id <> $from_id + AND a.auth_mod = 1 + AND ug.group_id = a.group_id"; + if( !$result = $db->sql_query($sql) ) + { + message_die(GENERAL_ERROR, "Couldn't obtain moderator list", "", __LINE__, __FILE__, $sql); + } + + if ($row = $db->sql_fetchrow($result)) + { + $user_ids = ''; + do + { + $user_ids .= (($user_ids != '') ? ', ' : '' ) . $row['user_id']; + } + while ($row = $db->sql_fetchrow($result)); + + $sql = "SELECT ug.user_id + FROM " . AUTH_ACCESS_TABLE . " a, " . USER_GROUP_TABLE . " ug + WHERE a.forum_id = $from_id + AND a.auth_mod = 1 + AND ug.group_id = a.group_id + AND ug.user_id NOT IN ($user_ids)"; + if( !$result2 = $db->sql_query($sql) ) + { + message_die(GENERAL_ERROR, "Couldn't obtain moderator list", "", __LINE__, __FILE__, $sql); + } + + if ($row = $db->sql_fetchrow($result2)) + { + $user_ids = ''; + do + { + $user_ids .= (($user_ids != '') ? ', ' : '' ) . $row['user_id']; + } + while ($row = $db->sql_fetchrow($result2)); + + $sql = "UPDATE " . USERS_TABLE . " + SET user_level = " . USER . " + WHERE user_id IN ($user_ids) + AND user_level <> " . ADMIN; + $db->sql_query($sql); + } + $db->sql_freeresult($result); + + } + $db->sql_freeresult($result2); + $sql = "DELETE FROM " . FORUMS_TABLE . " WHERE forum_id = $from_id"; if( !$result = $db->sql_query($sql) ) *************** *** 826,832 **** if ($show_index != TRUE) { ! include('page_footer_admin.'.$phpEx); exit; } } --- 918,924 ---- if ($show_index != TRUE) { ! include('./page_footer_admin.'.$phpEx); exit; } } *************** *** 931,936 **** $template->pparse("body"); ! include('page_footer_admin.'.$phpEx); ! ?> --- 1023,1028 ---- $template->pparse("body"); ! include('./page_footer_admin.'.$phpEx); ! ?> \ No newline at end of file diff -crN phpbb200/admin/admin_groups.php phpbb2017/admin/admin_groups.php *** phpbb200/admin/admin_groups.php Sat Jul 10 20:16:13 2004 --- phpbb2017/admin/admin_groups.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_groups.php,v 1.25 2002/03/22 17:00:32 psotfx Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_groups.php,v 1.25.2.9 2004/03/25 15:57:20 acydburn Exp $ * * ***************************************************************************/ *************** *** 22,28 **** define('IN_PHPBB', 1); ! if( !empty($setmodules) ) { $filename = basename(__FILE__); $module['Groups']['Manage'] = $filename; --- 22,28 ---- define('IN_PHPBB', 1); ! if ( !empty($setmodules) ) { $filename = basename(__FILE__); $module['Groups']['Manage'] = $filename; *************** *** 33,70 **** // // Load default header // ! $phpbb_root_path = "../"; require($phpbb_root_path . 'extension.inc'); ! require('pagestart.' . $phpEx); ! if( isset($HTTP_POST_VARS[POST_GROUPS_URL]) || isset($HTTP_GET_VARS[POST_GROUPS_URL]) ) { $group_id = ( isset($HTTP_POST_VARS[POST_GROUPS_URL]) ) ? intval($HTTP_POST_VARS[POST_GROUPS_URL]) : intval($HTTP_GET_VARS[POST_GROUPS_URL]); } else { ! $group_id = ""; } ! // ! // Mode setting ! // ! if( isset($HTTP_POST_VARS['mode']) || isset($HTTP_GET_VARS['mode']) ) { $mode = ( isset($HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode']; } else { ! $mode = ""; } ! if( isset($HTTP_POST_VARS['edit']) || isset($HTTP_POST_VARS['new']) ) { // // Ok they are editing a group or creating a new group // $template->set_filenames(array( ! "body" => "admin/group_edit_body.tpl") ); if ( isset($HTTP_POST_VARS['edit']) ) --- 33,68 ---- // // Load default header // ! $phpbb_root_path = './../'; require($phpbb_root_path . 'extension.inc'); ! require('./pagestart.' . $phpEx); ! if ( isset($HTTP_POST_VARS[POST_GROUPS_URL]) || isset($HTTP_GET_VARS[POST_GROUPS_URL]) ) { $group_id = ( isset($HTTP_POST_VARS[POST_GROUPS_URL]) ) ? intval($HTTP_POST_VARS[POST_GROUPS_URL]) : intval($HTTP_GET_VARS[POST_GROUPS_URL]); } else { ! $group_id = 0; } ! if ( isset($HTTP_POST_VARS['mode']) || isset($HTTP_GET_VARS['mode']) ) { $mode = ( isset($HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode']; + $mode = htmlspecialchars($mode); } else { ! $mode = ''; } ! if ( isset($HTTP_POST_VARS['edit']) || isset($HTTP_POST_VARS['new']) ) { // // Ok they are editing a group or creating a new group // $template->set_filenames(array( ! 'body' => 'admin/group_edit_body.tpl') ); if ( isset($HTTP_POST_VARS['edit']) ) *************** *** 76,109 **** FROM " . GROUPS_TABLE . " WHERE group_single_user <> " . TRUE . " AND group_id = $group_id"; ! if(!$result = $db->sql_query($sql)) { ! message_die(GENERAL_ERROR, "Error getting group information", "", __LINE__, __FILE__, $sql); } ! if( !$db->sql_numrows($result) ) { message_die(GENERAL_MESSAGE, $lang['Group_not_exist']); } ! $group_info = $db->sql_fetchrow($result); ! ! $mode = "editgroup"; ! $template->assign_block_vars("group_edit", array()); } ! else if( isset($HTTP_POST_VARS['new']) ) { $group_info = array ( ! "group_name" => "", ! "group_description" => "", ! "group_moderator" => "", ! "group_type" => GROUP_OPEN); ! $group_open = "checked=\"checked\""; ! $mode = "newgroup"; } // // Ok, now we know everything about them, let's show the page. // --- 74,106 ---- FROM " . GROUPS_TABLE . " WHERE group_single_user <> " . TRUE . " AND group_id = $group_id"; ! if ( !($result = $db->sql_query($sql)) ) { ! message_die(GENERAL_ERROR, 'Error getting group information', '', __LINE__, __FILE__, $sql); } ! if ( !($group_info = $db->sql_fetchrow($result)) ) { message_die(GENERAL_MESSAGE, $lang['Group_not_exist']); } ! $mode = 'editgroup'; ! $template->assign_block_vars('group_edit', array()); } ! else if ( isset($HTTP_POST_VARS['new']) ) { $group_info = array ( ! 'group_name' => '', ! 'group_description' => '', ! 'group_moderator' => '', ! 'group_type' => GROUP_OPEN); ! $group_open = ' checked="checked"'; ! $mode = 'newgroup'; } + // // Ok, now we know everything about them, let's show the page. // *************** *** 111,229 **** FROM " . USERS_TABLE . " WHERE user_id <> " . ANONYMOUS . " ORDER BY username"; ! $u_result = $db->sql_query($sql); ! if( !$u_result ) { ! message_die(GENERAL_ERROR, "Couldn't obtain user info for moderator list", "", __LINE__, __FILE__, $sql); } ! $user_list = $db->sql_fetchrowset($u_result); ! ! for($i = 0; $i < count($user_list); $i++) { ! if( $user_list[$i]['user_id'] == $group_info['group_moderator'] ) { ! $group_moderator = $user_list[$i]['username']; } } ! $group_open = ( $group_info['group_type'] == GROUP_OPEN ) ? "checked=\"checked\"" : ""; ! $group_closed = ( $group_info['group_type'] == GROUP_CLOSED ) ? "checked=\"checked\"" : ""; ! $group_hidden = ( $group_info['group_type'] == GROUP_HIDDEN ) ? "checked=\"checked\"" : ""; $s_hidden_fields = ''; $template->assign_vars(array( ! "GROUP_NAME" => $group_info['group_name'], ! "GROUP_DESCRIPTION" => $group_info['group_description'], ! "GROUP_MODERATOR" => $group_moderator, ! ! "L_GROUP_TITLE" => $lang['Group_administration'], ! "L_GROUP_EDIT_DELETE" => ( isset($HTTP_POST_VARS['new']) ) ? $lang['New_group'] : $lang['Edit_group'], ! "L_GROUP_NAME" => $lang['group_name'], ! "L_GROUP_DESCRIPTION" => $lang['group_description'], ! "L_GROUP_MODERATOR" => $lang['group_moderator'], ! "L_FIND_USERNAME" => $lang['Find_username'], ! "L_GROUP_STATUS" => $lang['group_status'], ! "L_GROUP_OPEN" => $lang['group_open'], ! "L_GROUP_CLOSED" => $lang['group_closed'], ! "L_GROUP_HIDDEN" => $lang['group_hidden'], ! "L_GROUP_DELETE" => $lang['group_delete'], ! "L_GROUP_DELETE_CHECK" => $lang['group_delete_check'], ! "L_SUBMIT" => $lang['Submit'], ! "L_RESET" => $lang['Reset'], ! "L_DELETE_MODERATOR" => $lang['delete_group_moderator'], ! "L_DELETE_MODERATOR_EXPLAIN" => $lang['delete_moderator_explain'], ! "L_YES" => $lang['Yes'], ! ! "U_SEARCH_USER" => append_sid("../search.$phpEx?mode=searchuser"), ! ! "S_GROUP_OPEN_TYPE" => GROUP_OPEN, ! "S_GROUP_CLOSED_TYPE" => GROUP_CLOSED, ! "S_GROUP_HIDDEN_TYPE" => GROUP_HIDDEN, ! "S_GROUP_OPEN_CHECKED" => $group_open, ! "S_GROUP_CLOSED_CHECKED" => $group_closed, ! "S_GROUP_HIDDEN_CHECKED" => $group_hidden, ! "S_GROUP_ACTION" => append_sid("admin_groups.$phpEx"), ! "S_HIDDEN_FIELDS" => $s_hidden_fields) ); $template->pparse('body'); } ! else if( isset($HTTP_POST_VARS['group_update']) ) { // // Ok, they are submitting a group, let's save the data based on if it's new or editing // ! if( isset($HTTP_POST_VARS['group_delete']) ) { $sql = "DELETE FROM " . GROUPS_TABLE . " WHERE group_id = " . $group_id; ! if ( !$result = $db->sql_query($sql) ) { ! message_die(GENERAL_ERROR, "Couldn't update group", "", __LINE__, __FILE__, $sql); } $sql = "DELETE FROM " . USER_GROUP_TABLE . " WHERE group_id = " . $group_id; ! if ( !$result = $db->sql_query($sql) ) { ! message_die(GENERAL_ERROR, "Couldn't update user_group", "", __LINE__, __FILE__, $sql); } $sql = "DELETE FROM " . AUTH_ACCESS_TABLE . " WHERE group_id = " . $group_id; ! if ( !$result = $db->sql_query($sql) ) { ! message_die(GENERAL_ERROR, "Couldn't update auth_access", "", __LINE__, __FILE__, $sql); } ! $message = $lang['Deleted_group'] . "

" . sprintf($lang['Click_return_groupsadmin'], "", "") . "

" . sprintf($lang['Click_return_admin_index'], "", "");; message_die(GENERAL_MESSAGE, $message); } else { $group_type = isset($HTTP_POST_VARS['group_type']) ? intval($HTTP_POST_VARS['group_type']) : GROUP_OPEN; ! $group_name = isset($HTTP_POST_VARS['group_name']) ? trim($HTTP_POST_VARS['group_name']) : ""; ! $group_description = isset($HTTP_POST_VARS['group_description']) ? trim($HTTP_POST_VARS['group_description']) : ""; ! $group_moderator = isset($HTTP_POST_VARS['username']) ? $HTTP_POST_VARS['username'] : ""; ! $delete_old_moderator = isset($HTTP_POST_VARS['delete_old_moderator']) ? intval($HTTP_POST_VARS['delete_old_moderator']) : ""; ! if( $group_name == "" ) { message_die(GENERAL_MESSAGE, $lang['No_group_name']); } ! else if( $group_moderator == "" ) { message_die(GENERAL_MESSAGE, $lang['No_group_moderator']); } ! $this_userdata = get_userdata($group_moderator); $group_moderator = $this_userdata['user_id']; ! if( !$group_moderator ) { message_die(GENERAL_MESSAGE, $lang['No_group_moderator']); } --- 108,273 ---- FROM " . USERS_TABLE . " WHERE user_id <> " . ANONYMOUS . " ORDER BY username"; ! if ( !($result = $db->sql_query($sql)) ) { ! message_die(GENERAL_ERROR, 'Could not obtain user info for moderator list', '', __LINE__, __FILE__, $sql); } ! while ( $row = $db->sql_fetchrow($result) ) { ! if ( $row['user_id'] == $group_info['group_moderator'] ) { ! $group_moderator = $row['username']; } } ! $group_open = ( $group_info['group_type'] == GROUP_OPEN ) ? ' checked="checked"' : ''; ! $group_closed = ( $group_info['group_type'] == GROUP_CLOSED ) ? ' checked="checked"' : ''; ! $group_hidden = ( $group_info['group_type'] == GROUP_HIDDEN ) ? ' checked="checked"' : ''; $s_hidden_fields = ''; $template->assign_vars(array( ! 'GROUP_NAME' => $group_info['group_name'], ! 'GROUP_DESCRIPTION' => $group_info['group_description'], ! 'GROUP_MODERATOR' => $group_moderator, ! ! 'L_GROUP_TITLE' => $lang['Group_administration'], ! 'L_GROUP_EDIT_DELETE' => ( isset($HTTP_POST_VARS['new']) ) ? $lang['New_group'] : $lang['Edit_group'], ! 'L_GROUP_NAME' => $lang['group_name'], ! 'L_GROUP_DESCRIPTION' => $lang['group_description'], ! 'L_GROUP_MODERATOR' => $lang['group_moderator'], ! 'L_FIND_USERNAME' => $lang['Find_username'], ! 'L_GROUP_STATUS' => $lang['group_status'], ! 'L_GROUP_OPEN' => $lang['group_open'], ! 'L_GROUP_CLOSED' => $lang['group_closed'], ! 'L_GROUP_HIDDEN' => $lang['group_hidden'], ! 'L_GROUP_DELETE' => $lang['group_delete'], ! 'L_GROUP_DELETE_CHECK' => $lang['group_delete_check'], ! 'L_SUBMIT' => $lang['Submit'], ! 'L_RESET' => $lang['Reset'], ! 'L_DELETE_MODERATOR' => $lang['delete_group_moderator'], ! 'L_DELETE_MODERATOR_EXPLAIN' => $lang['delete_moderator_explain'], ! 'L_YES' => $lang['Yes'], ! ! 'U_SEARCH_USER' => append_sid("../search.$phpEx?mode=searchuser"), ! ! 'S_GROUP_OPEN_TYPE' => GROUP_OPEN, ! 'S_GROUP_CLOSED_TYPE' => GROUP_CLOSED, ! 'S_GROUP_HIDDEN_TYPE' => GROUP_HIDDEN, ! 'S_GROUP_OPEN_CHECKED' => $group_open, ! 'S_GROUP_CLOSED_CHECKED' => $group_closed, ! 'S_GROUP_HIDDEN_CHECKED' => $group_hidden, ! 'S_GROUP_ACTION' => append_sid("admin_groups.$phpEx"), ! 'S_HIDDEN_FIELDS' => $s_hidden_fields) ); $template->pparse('body'); } ! else if ( isset($HTTP_POST_VARS['group_update']) ) { // // Ok, they are submitting a group, let's save the data based on if it's new or editing // ! if ( isset($HTTP_POST_VARS['group_delete']) ) { + // + // Reset User Moderator Level + // + + // Is Group moderating a forum ? + $sql = "SELECT auth_mod FROM " . AUTH_ACCESS_TABLE . " + WHERE group_id = " . $group_id; + if ( !($result = $db->sql_query($sql)) ) + { + message_die(GENERAL_ERROR, 'Could not select auth_access', '', __LINE__, __FILE__, $sql); + } + + $row = $db->sql_fetchrow($result); + if (intval($row['auth_mod']) == 1) + { + // Yes, get the assigned users and update their Permission if they are no longer moderator of one of the forums + $sql = "SELECT user_id FROM " . USER_GROUP_TABLE . " + WHERE group_id = " . $group_id; + if ( !($result = $db->sql_query($sql)) ) + { + message_die(GENERAL_ERROR, 'Could not select user_group', '', __LINE__, __FILE__, $sql); + } + + $rows = $db->sql_fetchrowset($result); + for ($i = 0; $i < count($rows); $i++) + { + $sql = "SELECT g.group_id FROM " . AUTH_ACCESS_TABLE . " a, " . GROUPS_TABLE . " g, " . USER_GROUP_TABLE . " ug + WHERE (a.auth_mod = 1) AND (g.group_id = a.group_id) AND (a.group_id = ug.group_id) AND (g.group_id = ug.group_id) + AND (ug.user_id = " . intval($rows[$i]['user_id']) . ") AND (ug.group_id <> " . $group_id . ")"; + if ( !($result = $db->sql_query($sql)) ) + { + message_die(GENERAL_ERROR, 'Could not obtain moderator permissions', '', __LINE__, __FILE__, $sql); + } + + if ($db->sql_numrows($result) == 0) + { + $sql = "UPDATE " . USERS_TABLE . " SET user_level = " . USER . " + WHERE user_level = " . MOD . " AND user_id = " . intval($rows[$i]['user_id']); + + if ( !$db->sql_query($sql) ) + { + message_die(GENERAL_ERROR, 'Could not update moderator permissions', '', __LINE__, __FILE__, $sql); + } + } + } + } + + // + // Delete Group + // $sql = "DELETE FROM " . GROUPS_TABLE . " WHERE group_id = " . $group_id; ! if ( !$db->sql_query($sql) ) { ! message_die(GENERAL_ERROR, 'Could not update group', '', __LINE__, __FILE__, $sql); } $sql = "DELETE FROM " . USER_GROUP_TABLE . " WHERE group_id = " . $group_id; ! if ( !$db->sql_query($sql) ) { ! message_die(GENERAL_ERROR, 'Could not update user_group', '', __LINE__, __FILE__, $sql); } $sql = "DELETE FROM " . AUTH_ACCESS_TABLE . " WHERE group_id = " . $group_id; ! if ( !$db->sql_query($sql) ) { ! message_die(GENERAL_ERROR, 'Could not update auth_access', '', __LINE__, __FILE__, $sql); } ! $message = $lang['Deleted_group'] . '

' . sprintf($lang['Click_return_groupsadmin'], '', '') . '

' . sprintf($lang['Click_return_admin_index'], '', ''); message_die(GENERAL_MESSAGE, $message); } else { $group_type = isset($HTTP_POST_VARS['group_type']) ? intval($HTTP_POST_VARS['group_type']) : GROUP_OPEN; ! $group_name = isset($HTTP_POST_VARS['group_name']) ? trim($HTTP_POST_VARS['group_name']) : ''; ! $group_description = isset($HTTP_POST_VARS['group_description']) ? trim($HTTP_POST_VARS['group_description']) : ''; ! $group_moderator = isset($HTTP_POST_VARS['username']) ? $HTTP_POST_VARS['username'] : ''; ! $delete_old_moderator = isset($HTTP_POST_VARS['delete_old_moderator']) ? true : false; ! if ( $group_name == '' ) { message_die(GENERAL_MESSAGE, $lang['No_group_name']); } ! else if ( $group_moderator == '' ) { message_die(GENERAL_MESSAGE, $lang['No_group_moderator']); } ! $this_userdata = get_userdata($group_moderator, true); $group_moderator = $this_userdata['user_id']; ! if ( !$group_moderator ) { message_die(GENERAL_MESSAGE, $lang['No_group_moderator']); } *************** *** 234,314 **** FROM " . GROUPS_TABLE . " WHERE group_single_user <> " . TRUE . " AND group_id = " . $group_id; ! if(!$result = $db->sql_query($sql)) { ! message_die(GENERAL_ERROR, "Error getting group information", "", __LINE__, __FILE__, $sql); } ! if( !$db->sql_numrows($result) ) { message_die(GENERAL_MESSAGE, $lang['Group_not_exist']); } - $group_info = $db->sql_fetchrow($result); if ( $group_info['group_moderator'] != $group_moderator ) { ! if ( $delete_old_moderator != "" ) { $sql = "DELETE FROM " . USER_GROUP_TABLE . " WHERE user_id = " . $group_info['group_moderator'] . " AND group_id = " . $group_id; ! if ( !$result = $db->sql_query($sql) ) { ! message_die(GENERAL_ERROR, "Couldn't update group moderator", "", __LINE__, __FILE__, $sql); } } ! $sql = "INSERT INTO " . USER_GROUP_TABLE . " (group_id, user_id, user_pending) ! VALUES (" . $group_id . ", " . $group_moderator . ", 0)"; ! if ( !$result = $db->sql_query($sql) ) { ! message_die(GENERAL_ERROR, "Couldn't update group moderator", "", __LINE__, __FILE__, $sql); } } $sql = "UPDATE " . GROUPS_TABLE . " SET group_type = $group_type, group_name = '" . str_replace("\'", "''", $group_name) . "', group_description = '" . str_replace("\'", "''", $group_description) . "', group_moderator = $group_moderator WHERE group_id = $group_id"; ! if ( !$result = $db->sql_query($sql) ) { ! message_die(GENERAL_ERROR, "Couldn't update group", "", __LINE__, __FILE__, $sql); } ! $message = $lang['Updated_group'] . "

" . sprintf($lang['Click_return_groupsadmin'], "", "") . "

" . sprintf($lang['Click_return_admin_index'], "", "");; message_die(GENERAL_MESSAGE, $message); } ! else if( $mode == "newgroup" ) { ! $sql = "SELECT MAX(group_id) AS new_group_id ! FROM " . GROUPS_TABLE; ! if ( !$result = $db->sql_query($sql) ) ! { ! message_die(GENERAL_ERROR, "Couldn't insert new group", "", __LINE__, __FILE__, $sql); ! } ! $row = $db->sql_fetchrow($result); ! ! $new_group_id = $row['new_group_id'] + 1; ! ! $sql = "INSERT INTO " . GROUPS_TABLE . " (group_id, group_type, group_name, group_description, group_moderator, group_single_user) ! VALUES ($new_group_id, $group_type, '" . str_replace("\'", "''", $group_name) . "', '" . str_replace("\'", "''", $group_description) . "', $group_moderator, '0')"; ! if ( !$result = $db->sql_query($sql) ) { ! message_die(GENERAL_ERROR, "Couldn't insert new group", "", __LINE__, __FILE__, $sql); } $sql = "INSERT INTO " . USER_GROUP_TABLE . " (group_id, user_id, user_pending) VALUES ($new_group_id, $group_moderator, 0)"; ! if ( !$result = $db->sql_query($sql) ) { ! message_die(GENERAL_ERROR, "Couldn't insert new user-group info", "", __LINE__, __FILE__, $sql); } ! $message = $lang['Added_new_group'] . "

" . sprintf($lang['Click_return_groupsadmin'], "", "") . "

" . sprintf($lang['Click_return_admin_index'], "", "");; message_die(GENERAL_MESSAGE, $message); } else { ! message_die(GENERAL_MESSAGE, $lang['Group_mode_not_selected']); } } } --- 278,363 ---- FROM " . GROUPS_TABLE . " WHERE group_single_user <> " . TRUE . " AND group_id = " . $group_id; ! if ( !($result = $db->sql_query($sql)) ) { ! message_die(GENERAL_ERROR, 'Error getting group information', '', __LINE__, __FILE__, $sql); } ! ! if( !($group_info = $db->sql_fetchrow($result)) ) { message_die(GENERAL_MESSAGE, $lang['Group_not_exist']); } if ( $group_info['group_moderator'] != $group_moderator ) { ! if ( $delete_old_moderator ) { $sql = "DELETE FROM " . USER_GROUP_TABLE . " WHERE user_id = " . $group_info['group_moderator'] . " AND group_id = " . $group_id; ! if ( !$db->sql_query($sql) ) { ! message_die(GENERAL_ERROR, 'Could not update group moderator', '', __LINE__, __FILE__, $sql); } } ! ! $sql = "SELECT user_id ! FROM " . USER_GROUP_TABLE . " ! WHERE user_id = $group_moderator ! AND group_id = $group_id"; ! if ( !($result = $db->sql_query($sql)) ) ! { ! message_die(GENERAL_ERROR, 'Failed to obtain current group moderator info', '', __LINE__, __FILE__, $sql); ! } ! ! if ( !($row = $db->sql_fetchrow($result)) ) { ! $sql = "INSERT INTO " . USER_GROUP_TABLE . " (group_id, user_id, user_pending) ! VALUES (" . $group_id . ", " . $group_moderator . ", 0)"; ! if ( !$db->sql_query($sql) ) ! { ! message_die(GENERAL_ERROR, 'Could not update group moderator', '', __LINE__, __FILE__, $sql); ! } } } + $sql = "UPDATE " . GROUPS_TABLE . " SET group_type = $group_type, group_name = '" . str_replace("\'", "''", $group_name) . "', group_description = '" . str_replace("\'", "''", $group_description) . "', group_moderator = $group_moderator WHERE group_id = $group_id"; ! if ( !$db->sql_query($sql) ) { ! message_die(GENERAL_ERROR, 'Could not update group', '', __LINE__, __FILE__, $sql); } ! $message = $lang['Updated_group'] . '

' . sprintf($lang['Click_return_groupsadmin'], '', '') . '

' . sprintf($lang['Click_return_admin_index'], '', '');; message_die(GENERAL_MESSAGE, $message); } ! else if( $mode == 'newgroup' ) { ! $sql = "INSERT INTO " . GROUPS_TABLE . " (group_type, group_name, group_description, group_moderator, group_single_user) ! VALUES ($group_type, '" . str_replace("\'", "''", $group_name) . "', '" . str_replace("\'", "''", $group_description) . "', $group_moderator, '0')"; ! if ( !$db->sql_query($sql) ) { ! message_die(GENERAL_ERROR, 'Could not insert new group', '', __LINE__, __FILE__, $sql); } + $new_group_id = $db->sql_nextid(); $sql = "INSERT INTO " . USER_GROUP_TABLE . " (group_id, user_id, user_pending) VALUES ($new_group_id, $group_moderator, 0)"; ! if ( !$db->sql_query($sql) ) { ! message_die(GENERAL_ERROR, 'Could not insert new user-group info', '', __LINE__, __FILE__, $sql); } ! $message = $lang['Added_new_group'] . '

' . sprintf($lang['Click_return_groupsadmin'], '', '') . '

' . sprintf($lang['Click_return_admin_index'], '', '');; message_die(GENERAL_MESSAGE, $message); } else { ! message_die(GENERAL_MESSAGE, $lang['No_group_action']); } } } *************** *** 318,359 **** FROM " . GROUPS_TABLE . " WHERE group_single_user <> " . TRUE . " ORDER BY group_name"; ! $g_result = $db->sql_query($sql); ! $group_list = $db->sql_fetchrowset($g_result); ! $select_list = ""; $template->set_filenames(array( ! "body" => "admin/group_select_body.tpl") ); $template->assign_vars(array( ! "L_GROUP_TITLE" => $lang['Group_administration'], ! "L_GROUP_EXPLAIN" => $lang['Group_admin_explain'], ! "L_GROUP_SELECT" => $lang['Select_group'], ! "L_LOOK_UP" => $lang['Look_up_group'], ! "L_CREATE_NEW_GROUP" => $lang['New_group'], ! "S_GROUP_ACTION" => append_sid("admin_groups.$phpEx"), ! "S_GROUP_SELECT" => $select_list) ); ! // ! // Faking the IF... ELSE statements again... ! // ! if( count($group_list) > 0 ) { ! $template->assign_block_vars("select_box", array()); } $template->pparse('body'); } ! include('page_footer_admin.'.$phpEx); ?> --- 367,412 ---- FROM " . GROUPS_TABLE . " WHERE group_single_user <> " . TRUE . " ORDER BY group_name"; ! if ( !($result = $db->sql_query($sql)) ) ! { ! message_die(GENERAL_ERROR, 'Could not obtain group list', '', __LINE__, __FILE__, $sql); ! } ! $select_list = ''; ! if ( $row = $db->sql_fetchrow($result) ) { ! $select_list .= ''; } $template->set_filenames(array( ! 'body' => 'admin/group_select_body.tpl') ); $template->assign_vars(array( ! 'L_GROUP_TITLE' => $lang['Group_administration'], ! 'L_GROUP_EXPLAIN' => $lang['Group_admin_explain'], ! 'L_GROUP_SELECT' => $lang['Select_group'], ! 'L_LOOK_UP' => $lang['Look_up_group'], ! 'L_CREATE_NEW_GROUP' => $lang['New_group'], ! 'S_GROUP_ACTION' => append_sid("admin_groups.$phpEx"), ! 'S_GROUP_SELECT' => $select_list) ); ! if ( $select_list != '' ) { ! $template->assign_block_vars('select_box', array()); } $template->pparse('body'); } ! include('./page_footer_admin.'.$phpEx); ?> diff -crN phpbb200/admin/admin_mass_email.php phpbb2017/admin/admin_mass_email.php *** phpbb200/admin/admin_mass_email.php Sat Jul 10 20:16:13 2004 --- phpbb2017/admin/admin_mass_email.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_mass_email.php,v 1.15 2002/04/02 21:13:47 the_systech Exp $ * ****************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_mass_email.php,v 1.15.2.7 2003/05/03 23:24:01 acydburn Exp $ * ****************************************************************************/ *************** *** 33,41 **** // Load default header // $no_page_header = TRUE; ! $phpbb_root_path = "../"; require($phpbb_root_path . 'extension.inc'); ! require('pagestart.' . $phpEx); // // Increase maximum execution time in case of a lot of users, but don't complain about it if it isn't --- 33,41 ---- // Load default header // $no_page_header = TRUE; ! $phpbb_root_path = './../'; require($phpbb_root_path . 'extension.inc'); ! require('./pagestart.' . $phpEx); // // Increase maximum execution time in case of a lot of users, but don't complain about it if it isn't *************** *** 43,150 **** // @set_time_limit(1200); ! $message = ""; ! $subject = ""; // // Do the job ... // ! if( isset($HTTP_POST_VARS['submit']) ) { ! $group_id = intval($HTTP_POST_VARS[POST_GROUPS_URL]); ! if( $group_id != -1 ) { ! $sql = "SELECT u.user_email ! FROM " . USERS_TABLE . " u, " . USER_GROUP_TABLE . " ug ! WHERE ug.group_id = $group_id ! AND ug.user_pending <> " . TRUE . " ! AND u.user_id = ug.user_id"; } ! else { ! $sql = "SELECT user_email ! FROM " . USERS_TABLE; } ! if( !$result = $db->sql_query($sql) ) { ! message_die(GENERAL_ERROR, "Coult not select group members!", __LINE__, __FILE__, $sql); } ! if( !$db->sql_numrows($result) ) { ! // ! // Output a relevant GENERAL_MESSAGE about users/group ! // not existing ! // } ! $email_list = $db->sql_fetchrowset($g_result); ! ! $subject = stripslashes($HTTP_POST_VARS["subject"]); ! $message = stripslashes($HTTP_POST_VARS["message"]); ! ! // ! // Error checking needs to go here ... if no subject and/or ! // no message then skip over the send and return to the form ! // ! $error = FALSE; ! if( !$error ) { include($phpbb_root_path . 'includes/emailer.'.$phpEx); // // Let's do some checking to make sure that mass mail functions // are working in win32 versions of php. // ! if( preg_match('/[c-z]:\\\.*/i', getenv('PATH')) && !$board_config['smtp_delivery']) { ! // We are running on windows, force delivery to use ! // our smtp functions since php's are broken by default $board_config['smtp_delivery'] = 1; ! $board_config['smtp_host'] = get_cfg_var('SMTP'); } $emailer = new emailer($board_config['smtp_delivery']); ! $email_headers = "From: " . $board_config['board_email'] . "\n"; ! $bcc_list = ""; ! for($i = 0; $i < count($email_list); $i++) { ! if( $bcc_list != "" ) ! { ! $bcc_list .= ", "; ! } ! $bcc_list .= $email_list[$i]['user_email']; } - $email_headers .= "Bcc: $bcc_list\n"; - - $email_headers .= "Return-Path: " . $userdata['board_email'] . "\n"; - $email_headers .= "X-AntiAbuse: Board servername - " . $server_name . "\n"; - $email_headers .= "X-AntiAbuse: User_id - " . $userdata['user_id'] . "\n"; - $email_headers .= "X-AntiAbuse: Username - " . $userdata['username'] . "\n"; - $email_headers .= "X-AntiAbuse: User IP - " . decode_ip($user_ip) . "\r\n"; ! $emailer->use_template("admin_send_email"); $emailer->email_address($board_config['board_email']); $emailer->set_subject($subject); $emailer->extra_headers($email_headers); $emailer->assign_vars(array( ! "SITENAME" => $board_config['sitename'], ! "BOARD_EMAIL" => $board_config['board_email'], ! "MESSAGE" => $message) ); $emailer->send(); $emailer->reset(); ! $message = $lang['Email_sent'] . "

" . sprintf($lang['Click_return_admin_index'], "", ""); ! ! message_die(GENERAL_MESSAGE, $message); } } // // Initial selection // --- 43,162 ---- // @set_time_limit(1200); ! $message = ''; ! $subject = ''; // // Do the job ... // ! if ( isset($HTTP_POST_VARS['submit']) ) { ! $subject = stripslashes(trim($HTTP_POST_VARS['subject'])); ! $message = stripslashes(trim($HTTP_POST_VARS['message'])); ! ! $error = FALSE; ! $error_msg = ''; ! if ( empty($subject) ) { ! $error = true; ! $error_msg .= ( !empty($error_msg) ) ? '
' . $lang['Empty_subject'] : $lang['Empty_subject']; } ! ! if ( empty($message) ) { ! $error = true; ! $error_msg .= ( !empty($error_msg) ) ? '
' . $lang['Empty_message'] : $lang['Empty_message']; } ! $group_id = intval($HTTP_POST_VARS[POST_GROUPS_URL]); ! ! $sql = ( $group_id != -1 ) ? "SELECT u.user_email FROM " . USERS_TABLE . " u, " . USER_GROUP_TABLE . " ug WHERE ug.group_id = $group_id AND ug.user_pending <> " . TRUE . " AND u.user_id = ug.user_id" : "SELECT user_email FROM " . USERS_TABLE; ! if ( !($result = $db->sql_query($sql)) ) { ! message_die(GENERAL_ERROR, 'Could not select group members', '', __LINE__, __FILE__, $sql); } ! if ( $row = $db->sql_fetchrow($result) ) { ! $bcc_list = array(); ! do ! { ! $bcc_list[] = $row['user_email']; ! } ! while ( $row = $db->sql_fetchrow($result) ); ! ! $db->sql_freeresult($result); } + else + { + $message = ( $group_id != -1 ) ? $lang['Group_not_exist'] : $lang['No_such_user']; ! $error = true; ! $error_msg .= ( !empty($error_msg) ) ? '
' . $message : $message; ! } ! if ( !$error ) { include($phpbb_root_path . 'includes/emailer.'.$phpEx); + // // Let's do some checking to make sure that mass mail functions // are working in win32 versions of php. // ! if ( preg_match('/[c-z]:\\\.*/i', getenv('PATH')) && !$board_config['smtp_delivery']) { ! $ini_val = ( @phpversion() >= '4.0.0' ) ? 'ini_get' : 'get_cfg_var'; ! ! // We are running on windows, force delivery to use our smtp functions ! // since php's are broken by default $board_config['smtp_delivery'] = 1; ! $board_config['smtp_host'] = @$ini_val('SMTP'); } + $emailer = new emailer($board_config['smtp_delivery']); ! $emailer->from($board_config['board_email']); ! $emailer->replyto($board_config['board_email']); ! for ($i = 0; $i < count($bcc_list); $i++) { ! $emailer->bcc($bcc_list[$i]); } ! $email_headers = 'X-AntiAbuse: Board servername - ' . $board_config['server_name'] . "\n"; ! $email_headers .= 'X-AntiAbuse: User_id - ' . $userdata['user_id'] . "\n"; ! $email_headers .= 'X-AntiAbuse: Username - ' . $userdata['username'] . "\n"; ! $email_headers .= 'X-AntiAbuse: User IP - ' . decode_ip($user_ip) . "\n"; ! ! $emailer->use_template('admin_send_email'); $emailer->email_address($board_config['board_email']); $emailer->set_subject($subject); $emailer->extra_headers($email_headers); $emailer->assign_vars(array( ! 'SITENAME' => $board_config['sitename'], ! 'BOARD_EMAIL' => $board_config['board_email'], ! 'MESSAGE' => $message) ); $emailer->send(); $emailer->reset(); ! message_die(GENERAL_MESSAGE, $lang['Email_sent'] . '

' . sprintf($lang['Click_return_admin_index'], '', '')); } } + if ( $error ) + { + $template->set_filenames(array( + 'reg_header' => 'error_body.tpl') + ); + $template->assign_vars(array( + 'ERROR_MESSAGE' => $error_msg) + ); + $template->assign_var_from_handle('ERROR_BOX', 'reg_header'); + } + // // Initial selection // *************** *** 152,198 **** $sql = "SELECT group_id, group_name FROM ".GROUPS_TABLE . " WHERE group_single_user <> 1"; ! $g_result = $db->sql_query($sql); ! $group_list = $db->sql_fetchrowset($g_result); ! ! $select_list = '"; // // Generate page // ! include('page_header_admin.'.$phpEx); $template->set_filenames(array( ! "body" => "admin/user_email_body.tpl") ); $template->assign_vars(array( ! "MESSAGE" => $message, ! "SUBJECT" => $subject, ! "L_EMAIL_TITLE" => $lang['Email'], ! "L_EMAIL_EXPLAIN" => $lang['Mass_email_explain'], ! "L_COMPOSE" => $lang['Compose'], ! "L_RECIPIENTS" => $lang['Recipients'], ! "L_EMAIL_SUBJECT" => $lang['Subject'], ! "L_EMAIL_MSG" => $lang['Message'], ! "L_EMAIL" => $lang['Email'], ! "L_NOTICE" => $notice, ! "S_USER_ACTION" => append_sid('admin_mass_email.'.$phpEx), ! "S_GROUP_SELECT" => $select_list) ); $template->pparse('body'); ! include('page_footer_admin.'.$phpEx); ! ?> --- 164,213 ---- $sql = "SELECT group_id, group_name FROM ".GROUPS_TABLE . " WHERE group_single_user <> 1"; ! if ( !($result = $db->sql_query($sql)) ) ! { ! message_die(GENERAL_ERROR, 'Could not obtain list of groups', '', __LINE__, __FILE__, $sql); ! } ! $select_list = ''; // // Generate page // ! include('./page_header_admin.'.$phpEx); $template->set_filenames(array( ! 'body' => 'admin/user_email_body.tpl') ); $template->assign_vars(array( ! 'MESSAGE' => $message, ! 'SUBJECT' => $subject, ! 'L_EMAIL_TITLE' => $lang['Email'], ! 'L_EMAIL_EXPLAIN' => $lang['Mass_email_explain'], ! 'L_COMPOSE' => $lang['Compose'], ! 'L_RECIPIENTS' => $lang['Recipients'], ! 'L_EMAIL_SUBJECT' => $lang['Subject'], ! 'L_EMAIL_MSG' => $lang['Message'], ! 'L_EMAIL' => $lang['Email'], ! 'L_NOTICE' => $notice, ! 'S_USER_ACTION' => append_sid('admin_mass_email.'.$phpEx), ! 'S_GROUP_SELECT' => $select_list) ); $template->pparse('body'); ! include('./page_footer_admin.'.$phpEx); ! ?> \ No newline at end of file diff -crN phpbb200/admin/admin_ranks.php phpbb2017/admin/admin_ranks.php *** phpbb200/admin/admin_ranks.php Sat Jul 10 20:16:13 2004 --- phpbb2017/admin/admin_ranks.php Tue Jul 19 22:14:56 2005 *************** *** 6,13 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_ranks.php,v 1.13 2002/03/22 17:00:32 psotfx Exp $ ! * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_ranks.php,v 1.13.2.4 2004/03/25 15:57:20 acydburn Exp $ * ***************************************************************************/ *************** *** 32,44 **** // // Let's set the root dir for phpBB // ! $phpbb_root_path = "../"; require($phpbb_root_path . 'extension.inc'); ! require('pagestart.' . $phpEx); if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) ) { $mode = ($HTTP_GET_VARS['mode']) ? $HTTP_GET_VARS['mode'] : $HTTP_POST_VARS['mode']; } else { --- 31,44 ---- // // Let's set the root dir for phpBB // ! $phpbb_root_path = "./../"; require($phpbb_root_path . 'extension.inc'); ! require('./pagestart.' . $phpEx); if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) ) { $mode = ($HTTP_GET_VARS['mode']) ? $HTTP_GET_VARS['mode'] : $HTTP_POST_VARS['mode']; + $mode = htmlspecialchars($mode); } else { *************** *** 162,169 **** } } ! if( $rank_id ) { $sql = "UPDATE " . RANKS_TABLE . " SET rank_title = '" . str_replace("\'", "''", $rank_title) . "', rank_special = $special_rank, rank_min = $min_posts, rank_image = '" . str_replace("\'", "''", $rank_image) . "' WHERE rank_id = $rank_id"; --- 162,180 ---- } } ! if ($rank_id) { + if (!$special_rank) + { + $sql = "UPDATE " . USERS_TABLE . " + SET user_rank = 0 + WHERE user_rank = $rank_id"; + + if( !$result = $db->sql_query($sql) ) + { + message_die(GENERAL_ERROR, $lang['No_update_ranks'], "", __LINE__, __FILE__, $sql); + } + } $sql = "UPDATE " . RANKS_TABLE . " SET rank_title = '" . str_replace("\'", "''", $rank_title) . "', rank_special = $special_rank, rank_min = $min_posts, rank_image = '" . str_replace("\'", "''", $rank_image) . "' WHERE rank_id = $rank_id"; *************** *** 255,261 **** $template->assign_vars(array( "L_RANKS_TITLE" => $lang['Ranks_title'], "L_RANKS_TEXT" => $lang['Ranks_explain'], ! "L_RANK" => $lang['Rank'], "L_RANK_MINIMUM" => $lang['Rank_minimum'], "L_SPECIAL_RANK" => $lang['Special_rank'], "L_EDIT" => $lang['Edit'], --- 266,272 ---- $template->assign_vars(array( "L_RANKS_TITLE" => $lang['Ranks_title'], "L_RANKS_TEXT" => $lang['Ranks_explain'], ! "L_RANK" => $lang['Rank_title'], "L_RANK_MINIMUM" => $lang['Rank_minimum'], "L_SPECIAL_RANK" => $lang['Special_rank'], "L_EDIT" => $lang['Edit'], *************** *** 360,365 **** $template->pparse("body"); ! include('page_footer_admin.'.$phpEx); ?> --- 371,376 ---- $template->pparse("body"); ! include('./page_footer_admin.'.$phpEx); ?> diff -crN phpbb200/admin/admin_smilies.php phpbb2017/admin/admin_smilies.php *** phpbb200/admin/admin_smilies.php Sat Jul 10 20:16:13 2004 --- phpbb2017/admin/admin_smilies.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_smilies.php,v 1.22 2002/03/24 00:15:36 psotfx Exp $ * ****************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_smilies.php,v 1.22.2.14 2005/05/06 20:50:09 acydburn Exp $ * ****************************************************************************/ *************** *** 47,55 **** } } ! $phpbb_root_path = "../"; require($phpbb_root_path . 'extension.inc'); ! require('pagestart.' . $phpEx); // // Check to see what mode we should operate in. --- 47,55 ---- } } ! $phpbb_root_path = "./../"; require($phpbb_root_path . 'extension.inc'); ! require('./pagestart.' . $phpEx); // // Check to see what mode we should operate in. *************** *** 57,62 **** --- 57,63 ---- if( isset($HTTP_POST_VARS['mode']) || isset($HTTP_GET_VARS['mode']) ) { $mode = ( isset($HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode']; + $mode = htmlspecialchars($mode); } else { *************** *** 72,78 **** while($file = @readdir($dir)) { ! if( !@is_dir($phpbb_root_path . $board_config['smilies_path'] . '/' . $file) ) { $img_size = @getimagesize($phpbb_root_path . $board_config['smilies_path'] . '/' . $file); --- 73,79 ---- while($file = @readdir($dir)) { ! if( !@is_dir(phpbb_realpath($phpbb_root_path . $board_config['smilies_path'] . '/' . $file)) ) { $img_size = @getimagesize($phpbb_root_path . $board_config['smilies_path'] . '/' . $file); *************** *** 239,245 **** FROM " . SMILIES_TABLE; if( !$result = $db->sql_query($sql) ) { ! message_die(GENERAL_ERROR, "Couldn't delete smiley", "", __LINE__, __FILE__, $sql); } $resultset = $db->sql_fetchrowset($result); --- 240,246 ---- FROM " . SMILIES_TABLE; if( !$result = $db->sql_query($sql) ) { ! message_die(GENERAL_ERROR, "Could not get smiley list", "", __LINE__, __FILE__, $sql); } $resultset = $db->sql_fetchrowset($result); *************** *** 265,271 **** message_die(GENERAL_MESSAGE, $message); } ! else if( isset($HTTP_POST_VARS['add']) ) { // // Admin has selected to add a smiley. --- 266,272 ---- message_die(GENERAL_MESSAGE, $message); } ! else if( isset($HTTP_POST_VARS['add']) || isset($HTTP_GET_VARS['add']) ) { // // Admin has selected to add a smiley. *************** *** 286,292 **** $template->assign_vars(array( "L_SMILEY_TITLE" => $lang['smiley_title'], "L_SMILEY_CONFIG" => $lang['smiley_config'], ! "L_SMILEY_EXPLAIN" => $lang['smiley_instr'], "L_SMILEY_CODE" => $lang['smiley_code'], "L_SMILEY_URL" => $lang['smiley_url'], "L_SMILEY_EMOTION" => $lang['smiley_emot'], --- 287,293 ---- $template->assign_vars(array( "L_SMILEY_TITLE" => $lang['smiley_title'], "L_SMILEY_CONFIG" => $lang['smiley_config'], ! "L_SMILEY_EXPLAIN" => $lang['smile_desc'], "L_SMILEY_CODE" => $lang['smiley_code'], "L_SMILEY_URL" => $lang['smiley_url'], "L_SMILEY_EMOTION" => $lang['smiley_emot'], *************** *** 313,318 **** --- 314,320 ---- // $smiley_id = ( !empty($HTTP_POST_VARS['id']) ) ? $HTTP_POST_VARS['id'] : $HTTP_GET_VARS['id']; + $smiley_id = intval($smiley_id); $sql = "DELETE FROM " . SMILIES_TABLE . " WHERE smilies_id = " . $smiley_id; *************** *** 333,338 **** --- 335,341 ---- // $smiley_id = ( !empty($HTTP_POST_VARS['id']) ) ? $HTTP_POST_VARS['id'] : $HTTP_GET_VARS['id']; + $smiley_id = intval($smiley_id); $sql = "SELECT * FROM " . SMILIES_TABLE . " *************** *** 340,346 **** $result = $db->sql_query($sql); if( !$result ) { ! message_die(GENERAL_ERROR, $lang['smile_edit_err'], "", __LINE__, __FILE__, $sql); } $smile_data = $db->sql_fetchrow($result); --- 343,349 ---- $result = $db->sql_query($sql); if( !$result ) { ! message_die(GENERAL_ERROR, 'Could not obtain emoticon information', "", __LINE__, __FILE__, $sql); } $smile_data = $db->sql_fetchrow($result); *************** *** 399,408 **** // Get the submitted data, being careful to ensure that we only // accept the data we are looking for. // ! $smile_code = ( isset($HTTP_POST_VARS['smile_code']) ) ? $HTTP_POST_VARS['smile_code'] : $HTTP_GET_VARS['smile_code']; ! $smile_url = ( isset($HTTP_POST_VARS['smile_url']) ) ? $HTTP_POST_VARS['smile_url'] : $HTTP_GET_VARS['smile_url']; ! $smile_emotion = ( isset($HTTP_POST_VARS['smile_emotion']) ) ? $HTTP_POST_VARS['smile_emotion'] : $HTTP_GET_VARS['smile_emotion']; $smile_id = ( isset($HTTP_POST_VARS['smile_id']) ) ? intval($HTTP_POST_VARS['smile_id']) : intval($HTTP_GET_VARS['smile_id']); // // Convert < and > to proper htmlentities for parsing. // --- 402,418 ---- // Get the submitted data, being careful to ensure that we only // accept the data we are looking for. // ! $smile_code = ( isset($HTTP_POST_VARS['smile_code']) ) ? trim($HTTP_POST_VARS['smile_code']) : trim($HTTP_GET_VARS['smile_code']); ! $smile_url = ( isset($HTTP_POST_VARS['smile_url']) ) ? trim($HTTP_POST_VARS['smile_url']) : trim($HTTP_GET_VARS['smile_url']); ! $smile_emotion = ( isset($HTTP_POST_VARS['smile_emotion']) ) ? trim($HTTP_POST_VARS['smile_emotion']) : trim($HTTP_GET_VARS['smile_emotion']); $smile_id = ( isset($HTTP_POST_VARS['smile_id']) ) ? intval($HTTP_POST_VARS['smile_id']) : intval($HTTP_GET_VARS['smile_id']); + + // If no code was entered complain ... + if ($smile_code == '' || $smile_url == '') + { + message_die(MESSAGE, $lang['Fields_empty']); + } + // // Convert < and > to proper htmlentities for parsing. // *************** *** 415,422 **** $sql = "UPDATE " . SMILIES_TABLE . " SET code = '" . str_replace("\'", "''", $smile_code) . "', smile_url = '" . str_replace("\'", "''", $smile_url) . "', emoticon = '" . str_replace("\'", "''", $smile_emotion) . "' WHERE smilies_id = $smile_id"; ! $result = $db->sql_query($sql); ! if( !$result ) { message_die(GENERAL_ERROR, "Couldn't update smilies info", "", __LINE__, __FILE__, $sql); } --- 425,431 ---- $sql = "UPDATE " . SMILIES_TABLE . " SET code = '" . str_replace("\'", "''", $smile_code) . "', smile_url = '" . str_replace("\'", "''", $smile_url) . "', emoticon = '" . str_replace("\'", "''", $smile_emotion) . "' WHERE smilies_id = $smile_id"; ! if( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, "Couldn't update smilies info", "", __LINE__, __FILE__, $sql); } *************** *** 438,443 **** --- 447,461 ---- $smile_code = ( isset($HTTP_POST_VARS['smile_code']) ) ? $HTTP_POST_VARS['smile_code'] : $HTTP_GET_VARS['smile_code']; $smile_url = ( isset($HTTP_POST_VARS['smile_url']) ) ? $HTTP_POST_VARS['smile_url'] : $HTTP_GET_VARS['smile_url']; $smile_emotion = ( isset($HTTP_POST_VARS['smile_emotion']) ) ? $HTTP_POST_VARS['smile_emotion'] : $HTTP_GET_VARS['smile_emotion']; + $smile_code = trim($smile_code); + $smile_url = trim($smile_url); + $smile_emotion = trim($smile_emotion); + + // If no code was entered complain ... + if ($smile_code == '' || $smile_url == '') + { + message_die(MESSAGE, $lang['Fields_empty']); + } // // Convert < and > to proper htmlentities for parsing. *************** *** 536,541 **** // // Page Footer // ! include('page_footer_admin.'.$phpEx); ! ?> --- 554,559 ---- // // Page Footer // ! include('./page_footer_admin.'.$phpEx); ! ?> \ No newline at end of file diff -crN phpbb200/admin/admin_styles.php phpbb2017/admin/admin_styles.php *** phpbb200/admin/admin_styles.php Sat Jul 10 20:16:13 2004 --- phpbb2017/admin/admin_styles.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_styles.php,v 1.27 2002/04/02 21:13:47 the_systech Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_styles.php,v 1.27.2.14 2005/03/17 17:33:30 acydburn Exp $ * * ***************************************************************************/ *************** *** 38,63 **** // // Check if the user has cancled a confirmation message. // ! $phpbb_root_path = "../"; $confirm = ( isset($HTTP_POST_VARS['confirm']) ) ? TRUE : FALSE; $cancel = ( isset($HTTP_POST_VARS['cancel']) ) ? TRUE : FALSE; ! if( empty($HTTP_POST_VARS['send_file']) ) ! { ! $no_page_header = ( $cancel ) ? TRUE : FALSE; ! require($phpbb_root_path . 'extension.inc'); ! require('pagestart.' . $phpEx); ! } ! if( $cancel ) { ! header("Location: " . append_sid("admin_styles.$phpEx")); } if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) ) { $mode = ( isset($HTTP_GET_VARS['mode']) ) ? $HTTP_GET_VARS['mode'] : $HTTP_POST_VARS['mode']; } else { --- 38,65 ---- // // Check if the user has cancled a confirmation message. // ! $phpbb_root_path = "./../"; ! require($phpbb_root_path . 'extension.inc'); $confirm = ( isset($HTTP_POST_VARS['confirm']) ) ? TRUE : FALSE; $cancel = ( isset($HTTP_POST_VARS['cancel']) ) ? TRUE : FALSE; ! $no_page_header = (!empty($HTTP_POST_VARS['send_file']) || $cancel) ? TRUE : FALSE; ! require('./pagestart.' . $phpEx); ! ! $confirm = ( isset($HTTP_POST_VARS['confirm']) ) ? TRUE : FALSE; ! $cancel = ( isset($HTTP_POST_VARS['cancel']) ) ? TRUE : FALSE; ! ! if ($cancel) { ! redirect('admin/' . append_sid("admin_styles.$phpEx", true)); } if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) ) { $mode = ( isset($HTTP_GET_VARS['mode']) ) ? $HTTP_GET_VARS['mode'] : $HTTP_POST_VARS['mode']; + $mode = htmlspecialchars($mode); } else { *************** *** 73,79 **** if( isset($install_to) ) { ! include($phpbb_root_path. "templates/" . $install_to . "/theme_info.cfg"); $template_name = $$install_to; $found = FALSE; --- 75,81 ---- if( isset($install_to) ) { ! include($phpbb_root_path. "templates/" . basename($install_to) . "/theme_info.cfg"); $template_name = $$install_to; $found = FALSE; *************** *** 132,140 **** { while( $sub_dir = @readdir($dir) ) { ! if( !is_file($phpbb_root_path . 'templates/' .$sub_dir) && !is_link($phpbb_root_path . 'templates/' .$sub_dir) && $sub_dir != "." && $sub_dir != ".." && $sub_dir != "CVS" ) { ! if( @file_exists($phpbb_root_path. "templates/" . $sub_dir . "/theme_info.cfg") ) { include($phpbb_root_path. "templates/" . $sub_dir . "/theme_info.cfg"); --- 134,142 ---- { while( $sub_dir = @readdir($dir) ) { ! if( !is_file(phpbb_realpath($phpbb_root_path . 'templates/' .$sub_dir)) && !is_link(phpbb_realpath($phpbb_root_path . 'templates/' .$sub_dir)) && $sub_dir != "." && $sub_dir != ".." && $sub_dir != "CVS" ) { ! if( @file_exists(@phpbb_realpath($phpbb_root_path. "templates/" . $sub_dir . "/theme_info.cfg")) ) { include($phpbb_root_path. "templates/" . $sub_dir . "/theme_info.cfg"); *************** *** 490,496 **** $themes_title = $lang['Edit_theme']; $themes_explain = $lang['Edit_theme_explain']; ! $style_id = $HTTP_GET_VARS['style_id']; $selected_names = array(); $selected_values = array(); --- 492,498 ---- $themes_title = $lang['Edit_theme']; $themes_explain = $lang['Edit_theme_explain']; ! $style_id = intval($HTTP_GET_VARS['style_id']); $selected_names = array(); $selected_values = array(); *************** *** 549,555 **** $s_template_select = ''; while( $file = @readdir($dir) ) { ! if( !is_file(phpbb_realpath($phpbb_root_path . 'templates/' . $file)) && !is_link(phpbb_realpath($phpbb_root_path . 'templates/' . $file)) && $file != "." && $file != ".." && $file != "CVS" ) { if($file == $selected['template_name']) { *************** *** 561,566 **** --- 563,569 ---- } } } + $s_template_select .= ''; } else { *************** *** 704,710 **** $sql = "SELECT * FROM " . THEMES_TABLE . " ! WHERE template_name = '$template_name'"; if(!$result = $db->sql_query($sql)) { message_die(GENERAL_ERROR, "Could not get theme data for selected template", "", __LINE__, __FILE__, $sql); --- 707,713 ---- $sql = "SELECT * FROM " . THEMES_TABLE . " ! WHERE template_name = '" . str_replace("\'", "''", $template_name) . "'"; if(!$result = $db->sql_query($sql)) { message_die(GENERAL_ERROR, "Could not get theme data for selected template", "", __LINE__, __FILE__, $sql); *************** *** 736,742 **** @umask(0111); ! $fp = @fopen($phpbb_root_path . 'templates/' . $template_name . '/theme_info.cfg', 'w'); if( !$fp ) { --- 739,745 ---- @umask(0111); ! $fp = @fopen($phpbb_root_path . 'templates/' . basename($template_name) . '/theme_info.cfg', 'w'); if( !$fp ) { *************** *** 747,753 **** $s_hidden_fields = ''; $s_hidden_fields .= ''; ! $download_form = '
' . $s_hidden_fields; $template->set_filenames(array( "body" => "message_body.tpl") --- 750,756 ---- $s_hidden_fields = ''; $s_hidden_fields .= ''; ! $download_form = '' . $s_hidden_fields; $template->set_filenames(array( "body" => "message_body.tpl") *************** *** 789,795 **** $s_template_select = ''; while( $file = @readdir($dir) ) { ! if( !is_file(phpbb_realpath($phpbb_root_path . 'templates/' . $file)) && !is_link(phpbb_realpath($phpbb_root_path . 'templates/' .$file)) && $file != "." && $file != ".." && $file != "CVS" ) { $s_template_select .= '\n"; } *************** *** 929,937 **** break; } ! if( !$HTTP_POST_VARS['send_file'] ) { ! include('page_footer_admin.'.$phpEx); } ! ?> --- 932,940 ---- break; } ! if (empty($HTTP_POST_VARS['send_file'])) { ! include('./page_footer_admin.'.$phpEx); } ! ?> \ No newline at end of file diff -crN phpbb200/admin/admin_ug_auth.php phpbb2017/admin/admin_ug_auth.php *** phpbb200/admin/admin_ug_auth.php Sat Jul 10 20:16:13 2004 --- phpbb2017/admin/admin_ug_auth.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_ug_auth.php,v 1.13 2002/04/02 21:13:47 the_systech Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_ug_auth.php,v 1.13.2.9 2005/07/19 20:01:05 acydburn Exp $ * * ***************************************************************************/ *************** *** 36,44 **** // $no_page_header = TRUE; ! $phpbb_root_path = "../"; require($phpbb_root_path . 'extension.inc'); ! require('pagestart.' . $phpEx); $params = array('mode' => 'mode', 'user_id' => POST_USERS_URL, 'group_id' => POST_GROUPS_URL, 'adv' => 'adv'); --- 36,44 ---- // $no_page_header = TRUE; ! $phpbb_root_path = "./../"; require($phpbb_root_path . 'extension.inc'); ! require('./pagestart.' . $phpEx); $params = array('mode' => 'mode', 'user_id' => POST_USERS_URL, 'group_id' => POST_GROUPS_URL, 'adv' => 'adv'); *************** *** 54,59 **** --- 54,64 ---- } } + $user_id = intval($user_id); + $group_id = intval($group_id); + $adv = intval($adv); + $mode = htmlspecialchars($mode); + // // Start program - define vars // *************** *** 409,414 **** --- 414,420 ---- FROM " . AUTH_ACCESS_TABLE . " aa, " . USER_GROUP_TABLE . " ug, " . USERS_TABLE . " u WHERE ug.group_id = aa.group_id AND u.user_id = ug.user_id + AND ug.user_pending = 0 AND u.user_level NOT IN (" . MOD . ", " . ADMIN . ") GROUP BY u.user_id HAVING SUM(aa.auth_mod) > 0"; *************** *** 503,508 **** --- 509,556 ---- } } + $sql = 'SELECT user_id FROM ' . USER_GROUP_TABLE . " + WHERE group_id = $group_id"; + $result = $db->sql_query($sql); + + $group_user = array(); + while ($row = $db->sql_fetchrow($result)) + { + $group_user[$row['user_id']] = $row['user_id']; + } + $db->sql_freeresult($result); + + $sql = "SELECT ug.user_id, COUNT(auth_mod) AS is_auth_mod + FROM " . AUTH_ACCESS_TABLE . " aa, " . USER_GROUP_TABLE . " ug + WHERE ug.user_id IN (" . implode(', ', $group_user) . ") + AND aa.group_id = ug.group_id + AND aa.auth_mod = 1 + GROUP BY ug.user_id"; + if ( !($result = $db->sql_query($sql)) ) + { + message_die(GENERAL_ERROR, 'Could not obtain moderator status', '', __LINE__, __FILE__, $sql); + } + + while ($row = $db->sql_fetchrow($result)) + { + if ($row['is_auth_mod']) + { + unset($group_user[$row['user_id']]); + } + } + $db->sql_freeresult($result); + + if (sizeof($group_user)) + { + $sql = "UPDATE " . USERS_TABLE . " + SET user_level = " . USER . " + WHERE user_id IN (" . implode(', ', $group_user) . ") AND user_level = " . MOD; + if ( !($result = $db->sql_query($sql)) ) + { + message_die(GENERAL_ERROR, 'Could not update user level', '', __LINE__, __FILE__, $sql); + } + } + message_die(GENERAL_MESSAGE, $message); } } *************** *** 510,516 **** { if ( isset($HTTP_POST_VARS['username']) ) { ! $this_userdata = get_userdata($HTTP_POST_VARS['username']); if ( !is_array($this_userdata) ) { message_die(GENERAL_MESSAGE, $lang['No_such_user']); --- 558,564 ---- { if ( isset($HTTP_POST_VARS['username']) ) { ! $this_userdata = get_userdata($HTTP_POST_VARS['username'], true); if ( !is_array($this_userdata) ) { message_die(GENERAL_MESSAGE, $lang['No_such_user']); *************** *** 521,529 **** // // Front end // ! $sql = "SELECT * ! FROM " . FORUMS_TABLE . " f ! ORDER BY forum_order"; if ( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, "Couldn't obtain forum information", "", __LINE__, __FILE__, $sql); --- 569,578 ---- // // Front end // ! $sql = "SELECT f.* ! FROM " . FORUMS_TABLE . " f, " . CATEGORIES_TABLE . " c ! WHERE f.cat_id = c.cat_id ! ORDER BY c.cat_order, f.forum_order ASC"; if ( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, "Couldn't obtain forum information", "", __LINE__, __FILE__, $sql); *************** *** 556,562 **** } } ! $sql = "SELECT u.user_id, u.username, u.user_level, g.group_id, g.group_name, g.group_single_user FROM " . USERS_TABLE . " u, " . GROUPS_TABLE . " g, " . USER_GROUP_TABLE . " ug WHERE "; $sql .= ( $mode == 'user' ) ? "u.user_id = $user_id AND ug.user_id = u.user_id AND g.group_id = ug.group_id" : "g.group_id = $group_id AND ug.group_id = g.group_id AND u.user_id = ug.user_id"; if ( !($result = $db->sql_query($sql)) ) { --- 605,611 ---- } } ! $sql = "SELECT u.user_id, u.username, u.user_level, g.group_id, g.group_name, g.group_single_user, ug.user_pending FROM " . USERS_TABLE . " u, " . GROUPS_TABLE . " g, " . USER_GROUP_TABLE . " ug WHERE "; $sql .= ( $mode == 'user' ) ? "u.user_id = $user_id AND ug.user_id = u.user_id AND g.group_id = ug.group_id" : "g.group_id = $group_id AND ug.group_id = g.group_id AND u.user_id = ug.user_id"; if ( !($result = $db->sql_query($sql)) ) { *************** *** 759,765 **** $i++; } ! @reset($auth_user); if ( $mode == 'user' ) { --- 808,814 ---- $i++; } ! // @reset($auth_user); if ( $mode == 'user' ) { *************** *** 784,793 **** if( count($name) ) { ! $t_usergroup_list = ''; for($i = 0; $i < count($ug_info); $i++) { ! $t_usergroup_list .= ( ( $t_usergroup_list != '' ) ? ', ' : '' ) . '' . $name[$i] . ''; } } else --- 833,851 ---- if( count($name) ) { ! $t_usergroup_list = $t_pending_list = ''; for($i = 0; $i < count($ug_info); $i++) { ! $ug = ( $mode == 'user' ) ? 'group&' . POST_GROUPS_URL : 'user&' . POST_USERS_URL; ! ! if (!$ug_info[$i]['user_pending']) ! { ! $t_usergroup_list .= ( ( $t_usergroup_list != '' ) ? ', ' : '' ) . '' . $name[$i] . ''; ! } ! else ! { ! $t_pending_list .= ( ( $t_pending_list != '' ) ? ', ' : '' ) . '' . $name[$i] . ''; ! } } } else *************** *** 819,825 **** // // Dump in the page header ... // ! include('page_header_admin.'.$phpEx); $template->set_filenames(array( "body" => 'admin/auth_ug_body.tpl') --- 877,883 ---- // // Dump in the page header ... // ! include('./page_header_admin.'.$phpEx); $template->set_filenames(array( "body" => 'admin/auth_ug_body.tpl') *************** *** 850,869 **** $template->assign_vars(array( 'USERNAME' => $t_groupname, ! 'GROUP_MEMBERSHIP' => $lang['Usergroup_members'] . ' : ' . $t_usergroup_list) ); } $template->assign_vars(array( 'L_USER_OR_GROUPNAME' => ( $mode == 'user' ) ? $lang['Username'] : $lang['Group_name'], - 'L_USER_OR_GROUP' => ( $mode == 'user' ) ? $lang['User'] : $lang['Group'], 'L_AUTH_TITLE' => ( $mode == 'user' ) ? $lang['Auth_Control_User'] : $lang['Auth_Control_Group'], 'L_AUTH_EXPLAIN' => ( $mode == 'user' ) ? $lang['User_auth_explain'] : $lang['Group_auth_explain'], 'L_MODERATOR_STATUS' => $lang['Moderator_status'], 'L_PERMISSIONS' => $lang['Permissions'], 'L_SUBMIT' => $lang['Submit'], ! 'L_RESET' => $lang['Reset'], 'U_USER_OR_GROUP' => append_sid("admin_ug_auth.$phpEx"), 'U_SWITCH_MODE' => $u_switch_mode, --- 908,927 ---- $template->assign_vars(array( 'USERNAME' => $t_groupname, ! 'GROUP_MEMBERSHIP' => $lang['Usergroup_members'] . ' : ' . $t_usergroup_list . '
' . $lang['Pending_members'] . ' : ' . $t_pending_list) ); } $template->assign_vars(array( 'L_USER_OR_GROUPNAME' => ( $mode == 'user' ) ? $lang['Username'] : $lang['Group_name'], 'L_AUTH_TITLE' => ( $mode == 'user' ) ? $lang['Auth_Control_User'] : $lang['Auth_Control_Group'], 'L_AUTH_EXPLAIN' => ( $mode == 'user' ) ? $lang['User_auth_explain'] : $lang['Group_auth_explain'], 'L_MODERATOR_STATUS' => $lang['Moderator_status'], 'L_PERMISSIONS' => $lang['Permissions'], 'L_SUBMIT' => $lang['Submit'], ! 'L_RESET' => $lang['Reset'], ! 'L_FORUM' => $lang['Forum'], 'U_USER_OR_GROUP' => append_sid("admin_ug_auth.$phpEx"), 'U_SWITCH_MODE' => $u_switch_mode, *************** *** 878,884 **** // // Select a user/group // ! include('page_header_admin.'.$phpEx); $template->set_filenames(array( 'body' => ( $mode == 'user' ) ? 'admin/user_select_body.tpl' : 'admin/auth_select_body.tpl') --- 936,942 ---- // // Select a user/group // ! include('./page_header_admin.'.$phpEx); $template->set_filenames(array( 'body' => ( $mode == 'user' ) ? 'admin/user_select_body.tpl' : 'admin/auth_select_body.tpl') *************** *** 920,926 **** $s_hidden_fields = ''; ! $l_type = ( $mode == 'user' ) ? "USER" : "AUTH"; $template->assign_vars(array( 'L_' . $l_type . '_TITLE' => ( $mode == 'user' ) ? $lang['Auth_Control_User'] : $lang['Auth_Control_Group'], --- 978,984 ---- $s_hidden_fields = ''; ! $l_type = ( $mode == 'user' ) ? 'USER' : 'AUTH'; $template->assign_vars(array( 'L_' . $l_type . '_TITLE' => ( $mode == 'user' ) ? $lang['Auth_Control_User'] : $lang['Auth_Control_Group'], *************** *** 936,941 **** $template->pparse('body'); ! include('page_footer_admin.'.$phpEx); ! ?> --- 994,999 ---- $template->pparse('body'); ! include('./page_footer_admin.'.$phpEx); ! ?> \ No newline at end of file diff -crN phpbb200/admin/admin_user_ban.php phpbb2017/admin/admin_user_ban.php *** phpbb200/admin/admin_user_ban.php Sat Jul 10 20:16:13 2004 --- phpbb2017/admin/admin_user_ban.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_user_ban.php,v 1.21 2002/03/22 17:00:32 psotfx Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_user_ban.php,v 1.21.2.5 2004/03/25 15:57:20 acydburn Exp $ * * ***************************************************************************/ *************** *** 22,28 **** define('IN_PHPBB', 1); ! if( !empty($setmodules) ) { $filename = basename(__FILE__); $module['Users']['Ban_Management'] = $filename; --- 22,28 ---- define('IN_PHPBB', 1); ! if ( !empty($setmodules) ) { $filename = basename(__FILE__); $module['Users']['Ban_Management'] = $filename; *************** *** 33,70 **** // // Load default header // ! $phpbb_root_path = "../"; require($phpbb_root_path . 'extension.inc'); ! require('pagestart.' . $phpEx); // // Start program // ! if( isset($HTTP_POST_VARS['submit']) ) { ! $user_bansql = ""; ! $email_bansql = ""; ! $ip_bansql = ""; $user_list = array(); ! if( isset($HTTP_POST_VARS['ban_user']) ) { ! $user_list_temp = $HTTP_POST_VARS['ban_user']; ! ! for($i = 0; $i < count($user_list_temp); $i++) { ! $user_list[] = trim($user_list_temp[$i]); } } $ip_list = array(); ! if( isset($HTTP_POST_VARS['ban_ip']) ) { ! $ip_list_temp = explode(",", $HTTP_POST_VARS['ban_ip']); for($i = 0; $i < count($ip_list_temp); $i++) { ! if( preg_match("/^([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})[ ]*\-[ ]*([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})$/", trim($ip_list_temp[$i]), $ip_range_explode) ) { // // Don't ask about all this, just don't ask ... ! --- 33,71 ---- // // Load default header // ! $phpbb_root_path = './../'; require($phpbb_root_path . 'extension.inc'); ! require('./pagestart.' . $phpEx); // // Start program // ! if ( isset($HTTP_POST_VARS['submit']) ) { ! $user_bansql = ''; ! $email_bansql = ''; ! $ip_bansql = ''; $user_list = array(); ! if ( !empty($HTTP_POST_VARS['username']) ) { ! $this_userdata = get_userdata($HTTP_POST_VARS['username'], true); ! if( !$this_userdata ) { ! message_die(GENERAL_MESSAGE, $lang['No_user_id_specified'] ); } + + $user_list[] = $this_userdata['user_id']; } $ip_list = array(); ! if ( isset($HTTP_POST_VARS['ban_ip']) ) { ! $ip_list_temp = explode(',', $HTTP_POST_VARS['ban_ip']); for($i = 0; $i < count($ip_list_temp); $i++) { ! if ( preg_match('/^([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})[ ]*\-[ ]*([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})$/', trim($ip_list_temp[$i]), $ip_range_explode) ) { // // Don't ask about all this, just don't ask ... ! *************** *** 72,83 **** $ip_1_counter = $ip_range_explode[1]; $ip_1_end = $ip_range_explode[5]; ! while($ip_1_counter <= $ip_1_end) { ! $ip_2_counter = ($ip_1_counter == $ip_range_explode[1]) ? $ip_range_explode[2] : 0; ! $ip_2_end = ($ip_1_counter < $ip_1_end) ? 254 : $ip_range_explode[6]; ! if($ip_2_counter == 0 && $ip_2_end == 254) { $ip_2_counter = 255; $ip_2_fragment = 255; --- 73,84 ---- $ip_1_counter = $ip_range_explode[1]; $ip_1_end = $ip_range_explode[5]; ! while ( $ip_1_counter <= $ip_1_end ) { ! $ip_2_counter = ( $ip_1_counter == $ip_range_explode[1] ) ? $ip_range_explode[2] : 0; ! $ip_2_end = ( $ip_1_counter < $ip_1_end ) ? 254 : $ip_range_explode[6]; ! if ( $ip_2_counter == 0 && $ip_2_end == 254 ) { $ip_2_counter = 255; $ip_2_fragment = 255; *************** *** 85,96 **** $ip_list[] = encode_ip("$ip_1_counter.255.255.255"); } ! while($ip_2_counter <= $ip_2_end) { ! $ip_3_counter = ($ip_2_counter == $ip_range_explode[2] && $ip_1_counter == $ip_range_explode[1]) ? $ip_range_explode[3] : 0; ! $ip_3_end = ($ip_2_counter < $ip_2_end || $ip_1_counter < $ip_1_end) ? 254 : $ip_range_explode[7]; ! if($ip_3_counter == 0 && $ip_3_end == 254 ) { $ip_3_counter = 255; $ip_3_fragment = 255; --- 86,97 ---- $ip_list[] = encode_ip("$ip_1_counter.255.255.255"); } ! while ( $ip_2_counter <= $ip_2_end ) { ! $ip_3_counter = ( $ip_2_counter == $ip_range_explode[2] && $ip_1_counter == $ip_range_explode[1] ) ? $ip_range_explode[3] : 0; ! $ip_3_end = ( $ip_2_counter < $ip_2_end || $ip_1_counter < $ip_1_end ) ? 254 : $ip_range_explode[7]; ! if ( $ip_3_counter == 0 && $ip_3_end == 254 ) { $ip_3_counter = 255; $ip_3_fragment = 255; *************** *** 98,109 **** $ip_list[] = encode_ip("$ip_1_counter.$ip_2_counter.255.255"); } ! while($ip_3_counter <= $ip_3_end) { ! $ip_4_counter = ($ip_3_counter == $ip_range_explode[3] && $ip_2_counter == $ip_range_explode[2] && $ip_1_counter == $ip_range_explode[1]) ? $ip_range_explode[4] : 0; ! $ip_4_end = ($ip_3_counter < $ip_3_end || $ip_2_counter < $ip_2_end) ? 254 : $ip_range_explode[8]; ! if($ip_4_counter == 0 && $ip_4_end == 254) { $ip_4_counter = 255; $ip_4_fragment = 255; --- 99,110 ---- $ip_list[] = encode_ip("$ip_1_counter.$ip_2_counter.255.255"); } ! while ( $ip_3_counter <= $ip_3_end ) { ! $ip_4_counter = ( $ip_3_counter == $ip_range_explode[3] && $ip_2_counter == $ip_range_explode[2] && $ip_1_counter == $ip_range_explode[1] ) ? $ip_range_explode[4] : 0; ! $ip_4_end = ( $ip_3_counter < $ip_3_end || $ip_2_counter < $ip_2_end ) ? 254 : $ip_range_explode[8]; ! if ( $ip_4_counter == 0 && $ip_4_end == 254 ) { $ip_4_counter = 255; $ip_4_fragment = 255; *************** *** 111,117 **** $ip_list[] = encode_ip("$ip_1_counter.$ip_2_counter.$ip_3_counter.255"); } ! while($ip_4_counter <= $ip_4_end) { $ip_list[] = encode_ip("$ip_1_counter.$ip_2_counter.$ip_3_counter.$ip_4_counter"); $ip_4_counter++; --- 112,118 ---- $ip_list[] = encode_ip("$ip_1_counter.$ip_2_counter.$ip_3_counter.255"); } ! while ( $ip_4_counter <= $ip_4_end ) { $ip_list[] = encode_ip("$ip_1_counter.$ip_2_counter.$ip_3_counter.$ip_4_counter"); $ip_4_counter++; *************** *** 123,151 **** $ip_1_counter++; } } ! else if( preg_match("/^([\w\-_]\.?){2,}$/is", trim($ip_list_temp[$i])) ) { $ip = gethostbynamel(trim($ip_list_temp[$i])); for($j = 0; $j < count($ip); $j++) { ! if( !empty($ip[$j]) ) { $ip_list[] = encode_ip($ip[$j]); } } } ! else if( preg_match("/^([0-9]{1,3})\.([0-9\*]{1,3})\.([0-9\*]{1,3})\.([0-9\*]{1,3})$/", trim($ip_list_temp[$i])) ) { ! $ip_list[] = encode_ip(str_replace("*", "255", trim($ip_list_temp[$i]))); } } } $email_list = array(); ! if(isset($HTTP_POST_VARS['ban_email'])) { ! $email_list_temp = explode(",", $HTTP_POST_VARS['ban_email']); for($i = 0; $i < count($email_list_temp); $i++) { --- 124,152 ---- $ip_1_counter++; } } ! else if ( preg_match('/^([\w\-_]\.?){2,}$/is', trim($ip_list_temp[$i])) ) { $ip = gethostbynamel(trim($ip_list_temp[$i])); for($j = 0; $j < count($ip); $j++) { ! if ( !empty($ip[$j]) ) { $ip_list[] = encode_ip($ip[$j]); } } } ! else if ( preg_match('/^([0-9]{1,3})\.([0-9\*]{1,3})\.([0-9\*]{1,3})\.([0-9\*]{1,3})$/', trim($ip_list_temp[$i])) ) { ! $ip_list[] = encode_ip(str_replace('*', '255', trim($ip_list_temp[$i]))); } } } $email_list = array(); ! if ( isset($HTTP_POST_VARS['ban_email']) ) { ! $email_list_temp = explode(',', $HTTP_POST_VARS['ban_email']); for($i = 0; $i < count($email_list_temp); $i++) { *************** *** 154,160 **** // contained in the annotated php manual at php.com (ereg // section) // ! if( eregi("^(([[:alnum:]\*]+([-_.][[:alnum:]\*]+)*\.?)|(\*))@([[:alnum:]]+([-_]?[[:alnum:]]+)*\.){1,3}([[:alnum:]]{2,6})$", trim($email_list_temp[$i])) ) { $email_list[] = trim($email_list_temp[$i]); } --- 155,161 ---- // contained in the annotated php manual at php.com (ereg // section) // ! if (preg_match('#^(([a-z0-9&.-_+])|(\*))+@[a-z0-9\-]+\.([a-z0-9\-]+\.)*?[a-z]+$#is', trim($email_list_temp[$i]))) { $email_list[] = trim($email_list_temp[$i]); } *************** *** 163,194 **** $sql = "SELECT * FROM " . BANLIST_TABLE; ! if( !$result = $db->sql_query($sql) ) { message_die(GENERAL_ERROR, "Couldn't obtain banlist information", "", __LINE__, __FILE__, $sql); } $current_banlist = $db->sql_fetchrowset($result); ! $kill_session_sql = ""; for($i = 0; $i < count($user_list); $i++) { $in_banlist = false; for($j = 0; $j < count($current_banlist); $j++) { ! if($user_list[$i] == $current_banlist[$j]['ban_userid']) { $in_banlist = true; } } ! if(!$in_banlist) { ! $kill_session_sql .= ( ($kill_session_sql != "") ? " OR " : "" ) . "session_user_id = $user_list[$i]"; $sql = "INSERT INTO " . BANLIST_TABLE . " (ban_userid) VALUES (" . $user_list[$i] . ")"; ! if( !$result = $db->sql_query($sql) ) { message_die(GENERAL_ERROR, "Couldn't insert ban_userid info into database", "", __LINE__, __FILE__, $sql); } --- 164,196 ---- $sql = "SELECT * FROM " . BANLIST_TABLE; ! if ( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, "Couldn't obtain banlist information", "", __LINE__, __FILE__, $sql); } $current_banlist = $db->sql_fetchrowset($result); + $db->sql_freeresult($result); ! $kill_session_sql = ''; for($i = 0; $i < count($user_list); $i++) { $in_banlist = false; for($j = 0; $j < count($current_banlist); $j++) { ! if ( $user_list[$i] == $current_banlist[$j]['ban_userid'] ) { $in_banlist = true; } } ! if ( !$in_banlist ) { ! $kill_session_sql .= ( ( $kill_session_sql != '' ) ? ' OR ' : '' ) . "session_user_id = " . $user_list[$i]; $sql = "INSERT INTO " . BANLIST_TABLE . " (ban_userid) VALUES (" . $user_list[$i] . ")"; ! if ( !$db->sql_query($sql) ) { message_die(GENERAL_ERROR, "Couldn't insert ban_userid info into database", "", __LINE__, __FILE__, $sql); } *************** *** 200,227 **** $in_banlist = false; for($j = 0; $j < count($current_banlist); $j++) { ! if($ip_list[$i] == $current_banlist[$j]['ban_ip']) { $in_banlist = true; } } ! if(!$in_banlist) { ! if( preg_match("/(ff\.)|(\.ff)/is", chunk_split($ip_list[$i], 2, ".")) ) { ! $kill_ip_sql = "session_ip LIKE '" . str_replace(".", "", preg_replace("/(ff\.)|(\.ff)/is", "%", chunk_split($ip_list[$i], 2, "."))) . "'"; } else { $kill_ip_sql = "session_ip = '" . $ip_list[$i] . "'"; } ! $kill_session_sql .= ( ($kill_session_sql != "") ? " OR " : "" ) . $kill_ip_sql; $sql = "INSERT INTO " . BANLIST_TABLE . " (ban_ip) VALUES ('" . $ip_list[$i] . "')"; ! if( !$result = $db->sql_query($sql) ) { message_die(GENERAL_ERROR, "Couldn't insert ban_ip info into database", "", __LINE__, __FILE__, $sql); } --- 202,229 ---- $in_banlist = false; for($j = 0; $j < count($current_banlist); $j++) { ! if ( $ip_list[$i] == $current_banlist[$j]['ban_ip'] ) { $in_banlist = true; } } ! if ( !$in_banlist ) { ! if ( preg_match('/(ff\.)|(\.ff)/is', chunk_split($ip_list[$i], 2, '.')) ) { ! $kill_ip_sql = "session_ip LIKE '" . str_replace('.', '', preg_replace('/(ff\.)|(\.ff)/is', '%', chunk_split($ip_list[$i], 2, "."))) . "'"; } else { $kill_ip_sql = "session_ip = '" . $ip_list[$i] . "'"; } ! $kill_session_sql .= ( ( $kill_session_sql != '' ) ? ' OR ' : '' ) . $kill_ip_sql; $sql = "INSERT INTO " . BANLIST_TABLE . " (ban_ip) VALUES ('" . $ip_list[$i] . "')"; ! if ( !$db->sql_query($sql) ) { message_die(GENERAL_ERROR, "Couldn't insert ban_ip info into database", "", __LINE__, __FILE__, $sql); } *************** *** 229,246 **** } // ! // Now we'll delete all entries from the ! // session table with any of the banned ! // user or IP info just entered into the ! // ban table ... this will force a session ! // initialisation resulting in an instant ! // ban // ! if( $kill_session_sql != "" ) { $sql = "DELETE FROM " . SESSIONS_TABLE . " WHERE $kill_session_sql"; ! if( !$result = $db->sql_query($sql) ) { message_die(GENERAL_ERROR, "Couldn't delete banned sessions from database", "", __LINE__, __FILE__, $sql); } --- 231,245 ---- } // ! // Now we'll delete all entries from the session table with any of the banned ! // user or IP info just entered into the ban table ... this will force a session ! // initialisation resulting in an instant ban // ! if ( $kill_session_sql != '' ) { $sql = "DELETE FROM " . SESSIONS_TABLE . " WHERE $kill_session_sql"; ! if ( !$db->sql_query($sql) ) { message_die(GENERAL_ERROR, "Couldn't delete banned sessions from database", "", __LINE__, __FILE__, $sql); } *************** *** 251,337 **** $in_banlist = false; for($j = 0; $j < count($current_banlist); $j++) { ! if( $email_list[$i] == $current_banlist[$j]['ban_email'] ) { $in_banlist = true; } } ! if( !$in_banlist ) { $sql = "INSERT INTO " . BANLIST_TABLE . " (ban_email) VALUES ('" . str_replace("\'", "''", $email_list[$i]) . "')"; ! if( !$result = $db->sql_query($sql) ) { message_die(GENERAL_ERROR, "Couldn't insert ban_email info into database", "", __LINE__, __FILE__, $sql); } } } ! $where_sql = ""; ! if(isset($HTTP_POST_VARS['unban_user'])) { $user_list = $HTTP_POST_VARS['unban_user']; for($i = 0; $i < count($user_list); $i++) { ! if($user_list[$i] != -1) { ! if($where_sql != "") ! { ! $where_sql .= ", "; ! } ! $where_sql .= $user_list[$i]; } } } ! if( isset($HTTP_POST_VARS['unban_ip']) ) { $ip_list = $HTTP_POST_VARS['unban_ip']; for($i = 0; $i < count($ip_list); $i++) { ! if($ip_list[$i] != -1) { ! if($where_sql != "") ! { ! $where_sql .= ", "; ! } ! $where_sql .= $ip_list[$i]; } } } ! if( isset($HTTP_POST_VARS['unban_email']) ) { $email_list = $HTTP_POST_VARS['unban_email']; for($i = 0; $i < count($email_list); $i++) { ! if($email_list[$i] != -1) { ! if($where_sql != "") ! { ! $where_sql .= ", "; ! } ! $where_sql .= $email_list[$i]; } } } ! if( $where_sql != "" ) { $sql = "DELETE FROM " . BANLIST_TABLE . " WHERE ban_id IN ($where_sql)"; ! if( !$result = $db->sql_query($sql) ) { message_die(GENERAL_ERROR, "Couldn't delete ban info from database", "", __LINE__, __FILE__, $sql); } } ! $message = $lang['Ban_update_sucessful'] . "

" . sprintf($lang['Click_return_banadmin'], "", "") . "

" . sprintf($lang['Click_return_admin_index'], "", ""); message_die(GENERAL_MESSAGE, $message); --- 250,324 ---- $in_banlist = false; for($j = 0; $j < count($current_banlist); $j++) { ! if ( $email_list[$i] == $current_banlist[$j]['ban_email'] ) { $in_banlist = true; } } ! if ( !$in_banlist ) { $sql = "INSERT INTO " . BANLIST_TABLE . " (ban_email) VALUES ('" . str_replace("\'", "''", $email_list[$i]) . "')"; ! if ( !$db->sql_query($sql) ) { message_die(GENERAL_ERROR, "Couldn't insert ban_email info into database", "", __LINE__, __FILE__, $sql); } } } ! $where_sql = ''; ! if ( isset($HTTP_POST_VARS['unban_user']) ) { $user_list = $HTTP_POST_VARS['unban_user']; for($i = 0; $i < count($user_list); $i++) { ! if ( $user_list[$i] != -1 ) { ! $where_sql .= ( ( $where_sql != '' ) ? ', ' : '' ) . intval($user_list[$i]); } } } ! if ( isset($HTTP_POST_VARS['unban_ip']) ) { $ip_list = $HTTP_POST_VARS['unban_ip']; for($i = 0; $i < count($ip_list); $i++) { ! if ( $ip_list[$i] != -1 ) { ! $where_sql .= ( ( $where_sql != '' ) ? ', ' : '' ) . str_replace("\'", "''", $ip_list[$i]); } } } ! if ( isset($HTTP_POST_VARS['unban_email']) ) { $email_list = $HTTP_POST_VARS['unban_email']; for($i = 0; $i < count($email_list); $i++) { ! if ( $email_list[$i] != -1 ) { ! $where_sql .= ( ( $where_sql != '' ) ? ', ' : '' ) . str_replace("\'", "''", $email_list[$i]); } } } ! if ( $where_sql != '' ) { $sql = "DELETE FROM " . BANLIST_TABLE . " WHERE ban_id IN ($where_sql)"; ! if ( !$db->sql_query($sql) ) { message_die(GENERAL_ERROR, "Couldn't delete ban info from database", "", __LINE__, __FILE__, $sql); } } ! $message = $lang['Ban_update_sucessful'] . '

' . sprintf($lang['Click_return_banadmin'], '', '') . '

' . sprintf($lang['Click_return_admin_index'], '', ''); message_die(GENERAL_MESSAGE, $message); *************** *** 354,390 **** 'S_BANLIST_ACTION' => append_sid("admin_user_ban.$phpEx")) ); - $userban_count = 0; - - $sql = "SELECT user_id, username - FROM " . USERS_TABLE . " - WHERE user_id <> " . ANONYMOUS . " - ORDER BY username ASC"; - if ( !($result = $db->sql_query($sql)) ) - { - message_die(GENERAL_ERROR, 'Could not select current user_id ban list', '', __LINE__, __FILE__, $sql); - } - - $user_list = $db->sql_fetchrowset($result); - $db->sql_freeresult($result); - - $select_userlist = ''; - for($i = 0; $i < count($user_list); $i++) - { - $select_userlist .= ''; - $userban_count++; - } - $select_userlist = ''; - $template->assign_vars(array( 'L_BAN_USER' => $lang['Ban_username'], 'L_BAN_USER_EXPLAIN' => $lang['Ban_username_explain'], 'L_BAN_IP' => $lang['Ban_IP'], 'L_BAN_IP_EXPLAIN' => $lang['Ban_IP_explain'], 'L_BAN_EMAIL' => $lang['Ban_email'], ! 'L_BAN_EMAIL_EXPLAIN' => $lang['Ban_email_explain'], ! ! 'S_BAN_USERLIST_SELECT' => $select_userlist) ); $userban_count = 0; --- 341,353 ---- 'S_BANLIST_ACTION' => append_sid("admin_user_ban.$phpEx")) ); $template->assign_vars(array( 'L_BAN_USER' => $lang['Ban_username'], 'L_BAN_USER_EXPLAIN' => $lang['Ban_username_explain'], 'L_BAN_IP' => $lang['Ban_IP'], 'L_BAN_IP_EXPLAIN' => $lang['Ban_IP_explain'], 'L_BAN_EMAIL' => $lang['Ban_email'], ! 'L_BAN_EMAIL_EXPLAIN' => $lang['Ban_email_explain']) ); $userban_count = 0; *************** *** 469,476 **** 'L_UNBAN_IP' => $lang['Unban_IP'], 'L_UNBAN_IP_EXPLAIN' => $lang['Unban_IP_explain'], 'L_UNBAN_EMAIL' => $lang['Unban_email'], ! 'L_UNBAN_EMAIL_EXPLAIN' => $lang['Unban_email_explain'], 'S_UNBAN_USERLIST_SELECT' => $select_userlist, 'S_UNBAN_IPLIST_SELECT' => $select_iplist, 'S_UNBAN_EMAILLIST_SELECT' => $select_emaillist, --- 432,443 ---- 'L_UNBAN_IP' => $lang['Unban_IP'], 'L_UNBAN_IP_EXPLAIN' => $lang['Unban_IP_explain'], 'L_UNBAN_EMAIL' => $lang['Unban_email'], ! 'L_UNBAN_EMAIL_EXPLAIN' => $lang['Unban_email_explain'], ! 'L_USERNAME' => $lang['Username'], ! 'L_LOOK_UP' => $lang['Look_up_User'], ! 'L_FIND_USERNAME' => $lang['Find_username'], + 'U_SEARCH_USER' => append_sid("./../search.$phpEx?mode=searchuser"), 'S_UNBAN_USERLIST_SELECT' => $select_userlist, 'S_UNBAN_IPLIST_SELECT' => $select_iplist, 'S_UNBAN_EMAILLIST_SELECT' => $select_emaillist, *************** *** 480,485 **** $template->pparse('body'); ! include('page_footer_admin.'.$phpEx); ?> --- 447,452 ---- $template->pparse('body'); ! include('./page_footer_admin.'.$phpEx); ?> diff -crN phpbb200/admin/admin_users.php phpbb2017/admin/admin_users.php *** phpbb200/admin/admin_users.php Sat Jul 10 20:16:13 2004 --- phpbb2017/admin/admin_users.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_users.php,v 1.57 2002/03/27 19:15:39 the_systech Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_users.php,v 1.57.2.27 2005/07/19 20:01:07 acydburn Exp $ * * ***************************************************************************/ *************** *** 30,49 **** return; } ! $phpbb_root_path = "../"; require($phpbb_root_path . 'extension.inc'); ! require('pagestart.' . $phpEx); require($phpbb_root_path . 'includes/bbcode.'.$phpEx); require($phpbb_root_path . 'includes/functions_post.'.$phpEx); require($phpbb_root_path . 'includes/functions_selects.'.$phpEx); require($phpbb_root_path . 'includes/functions_validate.'.$phpEx); // // Set mode // if( isset( $HTTP_POST_VARS['mode'] ) || isset( $HTTP_GET_VARS['mode'] ) ) { $mode = ( isset( $HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode']; } else { --- 30,53 ---- return; } ! $phpbb_root_path = './../'; require($phpbb_root_path . 'extension.inc'); ! require('./pagestart.' . $phpEx); require($phpbb_root_path . 'includes/bbcode.'.$phpEx); require($phpbb_root_path . 'includes/functions_post.'.$phpEx); require($phpbb_root_path . 'includes/functions_selects.'.$phpEx); require($phpbb_root_path . 'includes/functions_validate.'.$phpEx); + $html_entities_match = array('#<#', '#>#'); + $html_entities_replace = array('<', '>'); + // // Set mode // if( isset( $HTTP_POST_VARS['mode'] ) || isset( $HTTP_GET_VARS['mode'] ) ) { $mode = ( isset( $HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode']; + $mode = htmlspecialchars($mode); } else { *************** *** 53,74 **** // // Begin program // ! if( $mode == 'edit' || $mode == 'save' && ( isset($HTTP_POST_VARS['username']) || isset($HTTP_GET_VARS[POST_USERS_URL]) || isset( $HTTP_POST_VARS[POST_USERS_URL]) ) ) { // // Ok, the profile has been modified and submitted, let's update // ! if( ( $mode == 'save' && isset( $HTTP_POST_VARS['submit'] ) ) || isset( $HTTP_POST_VARS['avatargallery'] ) || isset( $HTTP_POST_VARS['submitavatar'] ) || isset( $HTTP_POST_VARS['cancelavatar'] ) ) { ! $user_id = intval( $HTTP_POST_VARS['id'] ); ! $this_userdata = get_userdata($user_id); ! if( !$this_userdata ) { message_die(GENERAL_MESSAGE, $lang['No_user_id_specified'] ); } ! $username = ( !empty($HTTP_POST_VARS['username']) ) ? trim(strip_tags( $HTTP_POST_VARS['username'] ) ) : ''; $email = ( !empty($HTTP_POST_VARS['email']) ) ? trim(strip_tags(htmlspecialchars( $HTTP_POST_VARS['email'] ) )) : ''; $password = ( !empty($HTTP_POST_VARS['password']) ) ? trim(strip_tags(htmlspecialchars( $HTTP_POST_VARS['password'] ) )) : ''; --- 57,223 ---- // // Begin program // ! if ( $mode == 'edit' || $mode == 'save' && ( isset($HTTP_POST_VARS['username']) || isset($HTTP_GET_VARS[POST_USERS_URL]) || isset( $HTTP_POST_VARS[POST_USERS_URL]) ) ) { // // Ok, the profile has been modified and submitted, let's update // ! if ( ( $mode == 'save' && isset( $HTTP_POST_VARS['submit'] ) ) || isset( $HTTP_POST_VARS['avatargallery'] ) || isset( $HTTP_POST_VARS['submitavatar'] ) || isset( $HTTP_POST_VARS['cancelavatar'] ) ) { ! $user_id = intval($HTTP_POST_VARS['id']); ! if (!($this_userdata = get_userdata($user_id))) { message_die(GENERAL_MESSAGE, $lang['No_user_id_specified'] ); } ! if( $HTTP_POST_VARS['deleteuser'] ) ! { ! $sql = "SELECT g.group_id ! FROM " . USER_GROUP_TABLE . " ug, " . GROUPS_TABLE . " g ! WHERE ug.user_id = $user_id ! AND g.group_id = ug.group_id ! AND g.group_single_user = 1"; ! if( !($result = $db->sql_query($sql)) ) ! { ! message_die(GENERAL_ERROR, 'Could not obtain group information for this user', '', __LINE__, __FILE__, $sql); ! } ! ! $row = $db->sql_fetchrow($result); ! ! $sql = "UPDATE " . POSTS_TABLE . " ! SET poster_id = " . DELETED . ", post_username = '" . str_replace("\\'", "''", addslashes($this_userdata['username'])) . "' ! WHERE poster_id = $user_id"; ! if( !$db->sql_query($sql) ) ! { ! message_die(GENERAL_ERROR, 'Could not update posts for this user', '', __LINE__, __FILE__, $sql); ! } ! ! $sql = "UPDATE " . TOPICS_TABLE . " ! SET topic_poster = " . DELETED . " ! WHERE topic_poster = $user_id"; ! if( !$db->sql_query($sql) ) ! { ! message_die(GENERAL_ERROR, 'Could not update topics for this user', '', __LINE__, __FILE__, $sql); ! } ! ! $sql = "UPDATE " . VOTE_USERS_TABLE . " ! SET vote_user_id = " . DELETED . " ! WHERE vote_user_id = $user_id"; ! if( !$db->sql_query($sql) ) ! { ! message_die(GENERAL_ERROR, 'Could not update votes for this user', '', __LINE__, __FILE__, $sql); ! } ! ! $sql = "SELECT group_id ! FROM " . GROUPS_TABLE . " ! WHERE group_moderator = $user_id"; ! if( !($result = $db->sql_query($sql)) ) ! { ! message_die(GENERAL_ERROR, 'Could not select groups where user was moderator', '', __LINE__, __FILE__, $sql); ! } ! ! while ( $row_group = $db->sql_fetchrow($result) ) ! { ! $group_moderator[] = $row_group['group_id']; ! } ! ! if ( count($group_moderator) ) ! { ! $update_moderator_id = implode(', ', $group_moderator); ! ! $sql = "UPDATE " . GROUPS_TABLE . " ! SET group_moderator = " . $userdata['user_id'] . " ! WHERE group_moderator IN ($update_moderator_id)"; ! if( !$db->sql_query($sql) ) ! { ! message_die(GENERAL_ERROR, 'Could not update group moderators', '', __LINE__, __FILE__, $sql); ! } ! } ! ! $sql = "DELETE FROM " . USERS_TABLE . " ! WHERE user_id = $user_id"; ! if( !$db->sql_query($sql) ) ! { ! message_die(GENERAL_ERROR, 'Could not delete user', '', __LINE__, __FILE__, $sql); ! } ! ! $sql = "DELETE FROM " . USER_GROUP_TABLE . " ! WHERE user_id = $user_id"; ! if( !$db->sql_query($sql) ) ! { ! message_die(GENERAL_ERROR, 'Could not delete user from user_group table', '', __LINE__, __FILE__, $sql); ! } ! ! $sql = "DELETE FROM " . GROUPS_TABLE . " ! WHERE group_id = " . $row['group_id']; ! if( !$db->sql_query($sql) ) ! { ! message_die(GENERAL_ERROR, 'Could not delete group for this user', '', __LINE__, __FILE__, $sql); ! } ! ! $sql = "DELETE FROM " . AUTH_ACCESS_TABLE . " ! WHERE group_id = " . $row['group_id']; ! if( !$db->sql_query($sql) ) ! { ! message_die(GENERAL_ERROR, 'Could not delete group for this user', '', __LINE__, __FILE__, $sql); ! } ! ! $sql = "DELETE FROM " . TOPICS_WATCH_TABLE . " ! WHERE user_id = $user_id"; ! if ( !$db->sql_query($sql) ) ! { ! message_die(GENERAL_ERROR, 'Could not delete user from topic watch table', '', __LINE__, __FILE__, $sql); ! } ! ! $sql = "DELETE FROM " . BANLIST_TABLE . " ! WHERE ban_userid = $user_id"; ! if ( !$db->sql_query($sql) ) ! { ! message_die(GENERAL_ERROR, 'Could not delete user from banlist table', '', __LINE__, __FILE__, $sql); ! } ! ! $sql = "SELECT privmsgs_id ! FROM " . PRIVMSGS_TABLE . " ! WHERE privmsgs_from_userid = $user_id ! OR privmsgs_to_userid = $user_id"; ! if ( !($result = $db->sql_query($sql)) ) ! { ! message_die(GENERAL_ERROR, 'Could not select all users private messages', '', __LINE__, __FILE__, $sql); ! } ! ! // This little bit of code directly from the private messaging section. ! while ( $row_privmsgs = $db->sql_fetchrow($result) ) ! { ! $mark_list[] = $row_privmsgs['privmsgs_id']; ! } ! ! if ( count($mark_list) ) ! { ! $delete_sql_id = implode(', ', $mark_list); ! ! $delete_text_sql = "DELETE FROM " . PRIVMSGS_TEXT_TABLE . " ! WHERE privmsgs_text_id IN ($delete_sql_id)"; ! $delete_sql = "DELETE FROM " . PRIVMSGS_TABLE . " ! WHERE privmsgs_id IN ($delete_sql_id)"; ! ! if ( !$db->sql_query($delete_sql) ) ! { ! message_die(GENERAL_ERROR, 'Could not delete private message info', '', __LINE__, __FILE__, $delete_sql); ! } ! ! if ( !$db->sql_query($delete_text_sql) ) ! { ! message_die(GENERAL_ERROR, 'Could not delete private message text', '', __LINE__, __FILE__, $delete_text_sql); ! } ! } ! ! $message = $lang['User_deleted'] . '

' . sprintf($lang['Click_return_useradmin'], '', '') . '

' . sprintf($lang['Click_return_admin_index'], '', ''); ! ! message_die(GENERAL_MESSAGE, $message); ! } ! ! $username = ( !empty($HTTP_POST_VARS['username']) ) ? trim(strip_tags(htmlspecialchars($HTTP_POST_VARS['username']))) : ''; $email = ( !empty($HTTP_POST_VARS['email']) ) ? trim(strip_tags(htmlspecialchars( $HTTP_POST_VARS['email'] ) )) : ''; $password = ( !empty($HTTP_POST_VARS['password']) ) ? trim(strip_tags(htmlspecialchars( $HTTP_POST_VARS['password'] ) )) : ''; *************** *** 129,146 **** $password_confirm = ''; $icq = stripslashes($icq); ! $aim = stripslashes($aim); ! $msn = stripslashes($msn); ! $yim = stripslashes($yim); ! ! $website = stripslashes($website); ! $location = stripslashes($location); ! $occupation = stripslashes($occupation); ! $interests = stripslashes($interests); ! $signature = stripslashes($signature); $user_lang = stripslashes($user_lang); ! $user_dateformat = stripslashes($user_dateformat); if ( !isset($HTTP_POST_VARS['cancelavatar'])) { --- 278,295 ---- $password_confirm = ''; $icq = stripslashes($icq); ! $aim = htmlspecialchars(stripslashes($aim)); ! $msn = htmlspecialchars(stripslashes($msn)); ! $yim = htmlspecialchars(stripslashes($yim)); ! ! $website = htmlspecialchars(stripslashes($website)); ! $location = htmlspecialchars(stripslashes($location)); ! $occupation = htmlspecialchars(stripslashes($occupation)); ! $interests = htmlspecialchars(stripslashes($interests)); ! $signature = htmlspecialchars(stripslashes($signature)); $user_lang = stripslashes($user_lang); ! $user_dateformat = htmlspecialchars(stripslashes($user_dateformat)); if ( !isset($HTTP_POST_VARS['cancelavatar'])) { *************** *** 156,177 **** $error = FALSE; ! if( stripslashes($username) != $this_userdata['username'] ) { unset($rename_user); ! if( !validate_username($username) ) { ! $error = TRUE; ! $error_msg .= ( ( isset($error_msg) ) ? '
' : '' ) . $lang['Invalid_username']; } ! else { ! $username_sql = "username = '" . str_replace("\'", "''", $username) . "', "; $rename_user = $username; // Used for renaming usergroup } } ! $passwd_sql = ""; if( !empty($password) && !empty($password_confirm) ) { // --- 305,337 ---- $error = FALSE; ! if (stripslashes($username) != $this_userdata['username']) { unset($rename_user); ! ! if ( stripslashes(strtolower($username)) != strtolower($this_userdata['username']) ) { ! $result = validate_username($username); ! if ( $result['error'] ) ! { ! $error = TRUE; ! $error_msg .= ( ( isset($error_msg) ) ? '
' : '' ) . $result['error_msg']; ! } ! else if ( strtolower(str_replace("\\'", "''", $username)) == strtolower($userdata['username']) ) ! { ! $error = TRUE; ! $error_msg .= ( ( isset($error_msg) ) ? '
' : '' ) . $lang['Username_taken']; ! } } ! ! if (!$error) { ! $username_sql = "username = '" . str_replace("\\'", "''", $username) . "', "; $rename_user = $username; // Used for renaming usergroup } } ! $passwd_sql = ''; if( !empty($password) && !empty($password_confirm) ) { // *************** *** 199,223 **** $error_msg .= ( ( isset($error_msg) ) ? '
' : '' ) . $lang['Password_mismatch']; } ! if( $user_status == 0 ) ! { ! // User is (made) inactive. Delete all their sessions. ! $sql = "DELETE FROM " . SESSIONS_TABLE . " ! WHERE session_user_id = $user_id"; ! if( !$db->sql_query($sql) ) ! { ! message_die(GENERAL_ERROR, 'Could not delete this users sessions', '', __LINE__, __FILE__, $sql); ! } ! } ! ! if( $signature != "" ) { $sig_length_check = preg_replace('/(\[.*?)(=.*?)\]/is', '\\1]', stripslashes($signature)); if ( $allowhtml ) { $sig_length_check = preg_replace('/(\<.*?)(=.*?)( .*?=.*?)?([ \/]?\>)/is', '\\1\\3\\4', $sig_length_check); } - $sig_length_check = preg_replace('/(\[.*?)(=.*?)\]/is', '\\1]', stripslashes($signature)); // Only create a new bbcode_uid when there was no uid yet. if ( $signature_bbcode_uid == '' ) --- 359,371 ---- $error_msg .= ( ( isset($error_msg) ) ? '
' : '' ) . $lang['Password_mismatch']; } ! if ($signature != '') { $sig_length_check = preg_replace('/(\[.*?)(=.*?)\]/is', '\\1]', stripslashes($signature)); if ( $allowhtml ) { $sig_length_check = preg_replace('/(\<.*?)(=.*?)( .*?=.*?)?([ \/]?\>)/is', '\\1\\3\\4', $sig_length_check); } // Only create a new bbcode_uid when there was no uid yet. if ( $signature_bbcode_uid == '' ) *************** *** 236,250 **** // // Avatar stuff // - // - // Avatar stuff - // $avatar_sql = ""; if( isset($HTTP_POST_VARS['avatardel']) ) { if( $this_userdata['user_avatar_type'] == USER_AVATAR_UPLOAD && $this_userdata['user_avatar'] != "" ) { ! if( @file_exists("./" . $board_config['avatar_path'] . "/" . $this_userdata['user_avatar']) ) { @unlink("./" . $board_config['avatar_path'] . "/" . $this_userdata['user_avatar']); } --- 384,395 ---- // // Avatar stuff // $avatar_sql = ""; if( isset($HTTP_POST_VARS['avatardel']) ) { if( $this_userdata['user_avatar_type'] == USER_AVATAR_UPLOAD && $this_userdata['user_avatar'] != "" ) { ! if( @file_exists(@phpbb_realpath("./" . $board_config['avatar_path'] . "/" . $this_userdata['user_avatar'])) ) { @unlink("./" . $board_config['avatar_path'] . "/" . $this_userdata['user_avatar']); } *************** *** 269,277 **** if( $user_avatar_loc != "" ) { ! if( file_exists($user_avatar_loc) && ereg(".jpg$|.gif$|.png$", $user_avatar_name) ) { ! if( $user_avatar_size <= $board_config['avatar_filesize'] && $avatar_size > 0) { $error_type = false; --- 414,422 ---- if( $user_avatar_loc != "" ) { ! if( file_exists(@phpbb_realpath($user_avatar_loc)) && ereg(".jpg$|.gif$|.png$", $user_avatar_name) ) { ! if( $user_avatar_size <= $board_config['avatar_filesize'] && $user_avatar_size > 0) { $error_type = false; *************** *** 312,318 **** if( $this_userdata['user_avatar_type'] == USER_AVATAR_UPLOAD && $this_userdata['user_avatar'] != "" ) { ! if( @file_exists("./../" . $board_config['avatar_path'] . "/" . $this_userdata['user_avatar']) ) { @unlink("./../" . $board_config['avatar_path'] . "/". $this_userdata['user_avatar']); } --- 457,463 ---- if( $this_userdata['user_avatar_type'] == USER_AVATAR_UPLOAD && $this_userdata['user_avatar'] != "" ) { ! if( @file_exists(@phpbb_realpath("./../" . $board_config['avatar_path'] . "/" . $this_userdata['user_avatar'])) ) { @unlink("./../" . $board_config['avatar_path'] . "/". $this_userdata['user_avatar']); } *************** *** 421,427 **** if( $this_userdata['user_avatar_type'] == USER_AVATAR_UPLOAD && $this_userdata['user_avatar'] != "") { ! if( file_exists("./../" . $board_config['avatar_path'] . "/" . $this_userdata['user_avatar']) ) { @unlink("./../" . $board_config['avatar_path'] . "/" . $this_userdata['user_avatar']); } --- 566,572 ---- if( $this_userdata['user_avatar_type'] == USER_AVATAR_UPLOAD && $this_userdata['user_avatar'] != "") { ! if( file_exists(@phpbb_realpath("./../" . $board_config['avatar_path'] . "/" . $this_userdata['user_avatar'])) ) { @unlink("./../" . $board_config['avatar_path'] . "/" . $this_userdata['user_avatar']); } *************** *** 508,605 **** // if( !$error ) { ! if( $HTTP_POST_VARS['deleteuser'] ) { ! $sql = "SELECT g.group_id ! FROM " . USER_GROUP_TABLE . " ug, " . GROUPS_TABLE . " g ! WHERE ug.user_id = $user_id ! AND g.group_id = ug.group_id ! AND g.group_single_user = 1"; ! if( !($result = $db->sql_query($sql)) ) { ! message_die(GENERAL_ERROR, 'Could not obtain group information for this user', '', __LINE__, __FILE__, $sql); } - - $row = $db->sql_fetchrow($result); ! $sql = "UPDATE " . POSTS_TABLE . " ! SET poster_id = " . ANONYMOUS . ", post_username = '$username' ! WHERE poster_id = $user_id"; ! if( !$db->sql_query($sql) ) ! { ! message_die(GENERAL_ERROR, 'Could not update posts for this user', '', __LINE__, __FILE__, $sql); ! } ! ! $sql = "UPDATE " . TOPICS_TABLE . " ! SET topic_poster = " . ANONYMOUS . " ! WHERE topic_poster = $user_id"; ! if( !$db->sql_query($sql) ) { ! message_die(GENERAL_ERROR, 'Could not update topics for this user', '', __LINE__, __FILE__, $sql); ! } ! ! $sql = "DELETE FROM " . USERS_TABLE . " ! WHERE user_id = $user_id"; ! if( !$db->sql_query($sql) ) ! { ! message_die(GENERAL_ERROR, 'Could not delete user', '', __LINE__, __FILE__, $sql); ! } ! ! $sql = "DELETE FROM " . USER_GROUP_TABLE . " ! WHERE user_id = $user_id"; ! if( !$db->sql_query($sql) ) ! { ! message_die(GENERAL_ERROR, 'Could not delete user from user_group table', '', __LINE__, __FILE__, $sql); ! } ! $sql = "DELETE FROM " . GROUPS_TABLE . " ! WHERE group_id = " . $row['group_id']; ! if( !$db->sql_query($sql) ) ! { ! message_die(GENERAL_ERROR, 'Could not delete group for this user', '', __LINE__, __FILE__, $sql); ! } ! ! $sql = "DELETE FROM " . AUTH_ACCESS_TABLE . " ! WHERE group_id = " . $row['group_id']; ! if( !$db->sql_query($sql) ) ! { ! message_die(GENERAL_ERROR, 'Could not delete group for this user', '', __LINE__, __FILE__, $sql); ! } ! ! $sql = "DELETE FROM " . TOPICS_WATCH_TABLE . " ! WHERE user_id = $user_id"; ! if ( !$db->sql_query($sql) ) ! { ! message_die(GENERAL_ERROR, 'Could not delete user from topic watch table', '', __LINE__, __FILE__, $sql); } ! ! $message = $lang['User_deleted']; ! } else { ! $sql = "UPDATE " . USERS_TABLE . " ! SET " . $username_sql . $passwd_sql . "user_email = '" . str_replace("\'", "''", $email) . "', user_icq = '" . str_replace("\'", "''", $icq) . "', user_website = '" . str_replace("\'", "''", $website) . "', user_occ = '" . str_replace("\'", "''", $occupation) . "', user_from = '" . str_replace("\'", "''", $location) . "', user_interests = '" . str_replace("\'", "''", $interests) . "', user_sig = '" . str_replace("\'", "''", $signature) . "', user_viewemail = $viewemail, user_aim = '" . str_replace("\'", "''", $aim) . "', user_yim = '" . str_replace("\'", "''", $yim) . "', user_msnm = '" . str_replace("\'", "''", $msn) . "', user_attachsig = $attachsig, user_sig_bbcode_uid = '$signature_bbcode_uid', user_allowsmile = $allowsmilies, user_allowhtml = $allowhtml, user_allowavatar = $user_allowavatar, user_allowbbcode = $allowbbcode, user_allow_viewonline = $allowviewonline, user_notify = $notifyreply, user_allow_pm = $user_allowpm, user_notify_pm = $notifypm, user_popup_pm = $popuppm, user_lang = '" . str_replace("\'", "''", $user_lang) . "', user_style = $user_style, user_timezone = $user_timezone, user_dateformat = '" . str_replace("\'", "''", $user_dateformat) . "', user_active = $user_status, user_rank = $user_rank" . $avatar_sql . " ! WHERE user_id = $user_id"; ! if( $result = $db->sql_query($sql) ) ! { ! if( isset($rename_user) ) ! { ! $sql = "UPDATE " . GROUPS_TABLE . " ! SET group_name = '".str_replace("\'", "''", $rename_user)."' ! WHERE group_name = '".str_replace("\'", "''", $this_userdata['username'] )."'"; ! if( !$result = $db->sql_query($sql) ) ! { ! message_die(GENERAL_ERROR, 'Could not rename users group', '', __LINE__, __FILE__, $sql); ! } ! } ! $message .= $lang['Admin_user_updated']; ! } ! else ! { ! $error = TRUE; ! $error_msg .= ( ( isset($error_msg) ) ? '
' : '' ) . $lang['Admin_user_fail']; ! } } $message .= '

' . sprintf($lang['Click_return_useradmin'], '', '') . '

' . sprintf($lang['Click_return_admin_index'], '', ''); --- 653,693 ---- // if( !$error ) { ! $sql = "UPDATE " . USERS_TABLE . " ! SET " . $username_sql . $passwd_sql . "user_email = '" . str_replace("\'", "''", $email) . "', user_icq = '" . str_replace("\'", "''", $icq) . "', user_website = '" . str_replace("\'", "''", $website) . "', user_occ = '" . str_replace("\'", "''", $occupation) . "', user_from = '" . str_replace("\'", "''", $location) . "', user_interests = '" . str_replace("\'", "''", $interests) . "', user_sig = '" . str_replace("\'", "''", $signature) . "', user_viewemail = $viewemail, user_aim = '" . str_replace("\'", "''", $aim) . "', user_yim = '" . str_replace("\'", "''", $yim) . "', user_msnm = '" . str_replace("\'", "''", $msn) . "', user_attachsig = $attachsig, user_sig_bbcode_uid = '$signature_bbcode_uid', user_allowsmile = $allowsmilies, user_allowhtml = $allowhtml, user_allowavatar = $user_allowavatar, user_allowbbcode = $allowbbcode, user_allow_viewonline = $allowviewonline, user_notify = $notifyreply, user_allow_pm = $user_allowpm, user_notify_pm = $notifypm, user_popup_pm = $popuppm, user_lang = '" . str_replace("\'", "''", $user_lang) . "', user_style = $user_style, user_timezone = $user_timezone, user_dateformat = '" . str_replace("\'", "''", $user_dateformat) . "', user_active = $user_status, user_rank = $user_rank" . $avatar_sql . " ! WHERE user_id = $user_id"; ! ! if( $result = $db->sql_query($sql) ) { ! if( isset($rename_user) ) { ! $sql = "UPDATE " . GROUPS_TABLE . " ! SET group_name = '".str_replace("\'", "''", $rename_user)."' ! WHERE group_name = '".str_replace("'", "''", $this_userdata['username'] )."'"; ! if( !$result = $db->sql_query($sql) ) ! { ! message_die(GENERAL_ERROR, 'Could not rename users group', '', __LINE__, __FILE__, $sql); ! } } ! // Delete user session, to prevent the user navigating the forum (if logged in) when disabled ! if (!$user_status) { ! $sql = "DELETE FROM " . SESSIONS_TABLE . " ! WHERE session_user_id = " . $user_id; ! if ( !$db->sql_query($sql) ) ! { ! message_die(GENERAL_ERROR, 'Error removing user session', '', __LINE__, __FILE__, $sql); ! } } ! ! $message .= $lang['Admin_user_updated']; } else { ! $error = TRUE; ! $error_msg .= ( ( isset($error_msg) ) ? '
' : '' ) . $lang['Admin_user_fail']; } $message .= '

' . sprintf($lang['Click_return_useradmin'], '', '') . '

' . sprintf($lang['Click_return_admin_index'], '', ''); *************** *** 618,641 **** $template->assign_var_from_handle('ERROR_BOX', 'reg_header'); ! $username = stripslashes($username); $email = stripslashes($email); $password = ''; $password_confirm = ''; $icq = stripslashes($icq); ! $aim = str_replace('+', ' ', stripslashes($aim)); ! $msn = stripslashes($msn); ! $yim = stripslashes($yim); ! ! $website = stripslashes($website); ! $location = stripslashes($location); ! $occupation = stripslashes($occupation); ! $interests = stripslashes($interests); ! $signature = stripslashes($signature); $user_lang = stripslashes($user_lang); ! $user_dateformat = stripslashes($user_dateformat); } } else if( !isset( $HTTP_POST_VARS['submit'] ) && $mode != 'save' && !isset( $HTTP_POST_VARS['avatargallery'] ) && !isset( $HTTP_POST_VARS['submitavatar'] ) && !isset( $HTTP_POST_VARS['cancelavatar'] ) ) --- 706,729 ---- $template->assign_var_from_handle('ERROR_BOX', 'reg_header'); ! $username = htmlspecialchars(stripslashes($username)); $email = stripslashes($email); $password = ''; $password_confirm = ''; $icq = stripslashes($icq); ! $aim = htmlspecialchars(str_replace('+', ' ', stripslashes($aim))); ! $msn = htmlspecialchars(stripslashes($msn)); ! $yim = htmlspecialchars(stripslashes($yim)); ! ! $website = htmlspecialchars(stripslashes($website)); ! $location = htmlspecialchars(stripslashes($location)); ! $occupation = htmlspecialchars(stripslashes($occupation)); ! $interests = htmlspecialchars(stripslashes($interests)); ! $signature = htmlspecialchars(stripslashes($signature)); $user_lang = stripslashes($user_lang); ! $user_dateformat = htmlspecialchars(stripslashes($user_dateformat)); } } else if( !isset( $HTTP_POST_VARS['submit'] ) && $mode != 'save' && !isset( $HTTP_POST_VARS['avatargallery'] ) && !isset( $HTTP_POST_VARS['submitavatar'] ) && !isset( $HTTP_POST_VARS['cancelavatar'] ) ) *************** *** 651,657 **** } else { ! $this_userdata = get_userdata( $HTTP_POST_VARS['username'] ); if( !$this_userdata ) { message_die(GENERAL_MESSAGE, $lang['No_user_id_specified'] ); --- 739,745 ---- } else { ! $this_userdata = get_userdata($HTTP_POST_VARS['username'], true); if( !$this_userdata ) { message_die(GENERAL_MESSAGE, $lang['No_user_id_specified'] ); *************** *** 668,682 **** $password_confirm = ''; $icq = $this_userdata['user_icq']; ! $aim = str_replace('+', ' ', $this_userdata['user_aim'] ); ! $msn = $this_userdata['user_msnm']; ! $yim = $this_userdata['user_yim']; ! ! $website = $this_userdata['user_website']; ! $location = $this_userdata['user_from']; ! $occupation = $this_userdata['user_occ']; ! $interests = $this_userdata['user_interests']; ! $signature = $this_userdata['user_sig']; $viewemail = $this_userdata['user_viewemail']; $notifypm = $this_userdata['user_notify_pm']; --- 756,772 ---- $password_confirm = ''; $icq = $this_userdata['user_icq']; ! $aim = htmlspecialchars(str_replace('+', ' ', $this_userdata['user_aim'] )); ! $msn = htmlspecialchars($this_userdata['user_msnm']); ! $yim = htmlspecialchars($this_userdata['user_yim']); ! ! $website = htmlspecialchars($this_userdata['user_website']); ! $location = htmlspecialchars($this_userdata['user_from']); ! $occupation = htmlspecialchars($this_userdata['user_occ']); ! $interests = htmlspecialchars($this_userdata['user_interests']); ! ! $signature = ($this_userdata['user_sig_bbcode_uid'] != '') ? preg_replace('#:' . $this_userdata['user_sig_bbcode_uid'] . '#si', '', $this_userdata['user_sig']) : $this_userdata['user_sig']; ! $signature = preg_replace($html_entities_match, $html_entities_replace, $signature); $viewemail = $this_userdata['user_viewemail']; $notifypm = $this_userdata['user_notify_pm']; *************** *** 693,699 **** $user_style = $this_userdata['user_style']; $user_lang = $this_userdata['user_lang']; $user_timezone = $this_userdata['user_timezone']; ! $user_dateformat = $this_userdata['user_dateformat']; $user_status = $this_userdata['user_active']; $user_allowavatar = $this_userdata['user_allowavatar']; --- 783,789 ---- $user_style = $this_userdata['user_style']; $user_lang = $this_userdata['user_lang']; $user_timezone = $this_userdata['user_timezone']; ! $user_dateformat = htmlspecialchars($this_userdata['user_dateformat']); $user_status = $this_userdata['user_active']; $user_allowavatar = $this_userdata['user_allowavatar']; *************** *** 721,727 **** $avatar_images = array(); while( $file = @readdir($dir) ) { ! if( $file != "." && $file != ".." && !is_file("./../" . $board_config['avatar_gallery_path'] . "/" . $file) && !is_link("./../" . $board_config['avatar_gallery_path'] . "/" . $file) ) { $sub_dir = @opendir("../" . $board_config['avatar_gallery_path'] . "/" . $file); --- 811,817 ---- $avatar_images = array(); while( $file = @readdir($dir) ) { ! if( $file != "." && $file != ".." && !is_file(phpbb_realpath("./../" . $board_config['avatar_gallery_path'] . "/" . $file)) && !is_link(phpbb_realpath("./../" . $board_config['avatar_gallery_path'] . "/" . $file)) ) { $sub_dir = @opendir("../" . $board_config['avatar_gallery_path'] . "/" . $file); *************** *** 749,755 **** if( isset($HTTP_POST_VARS['avatarcategory']) ) { ! $category = $HTTP_POST_VARS['avatarcategory']; } else { --- 839,845 ---- if( isset($HTTP_POST_VARS['avatarcategory']) ) { ! $category = htmlspecialchars($HTTP_POST_VARS['avatarcategory']); } else { *************** *** 885,892 **** $rank_select_box .= ''; } - $signature = preg_replace('/\:[0-9a-z\:]*?\]/si', ']', $signature); - $template->set_filenames(array( "body" => "admin/user_edit_body.tpl") ); --- 975,980 ---- *************** *** 929,935 **** 'ALWAYS_ALLOW_SMILIES_YES' => ($allowsmilies) ? 'checked="checked"' : '', 'ALWAYS_ALLOW_SMILIES_NO' => (!$allowsmilies) ? 'checked="checked"' : '', 'AVATAR' => $avatar, ! 'LANGUAGE_SELECT' => language_select($user_lang, 'language', '../language'), 'TIMEZONE_SELECT' => tz_select($user_timezone), 'STYLE_SELECT' => style_select($user_style, 'style'), 'DATE_FORMAT' => $user_dateformat, --- 1017,1023 ---- 'ALWAYS_ALLOW_SMILIES_YES' => ($allowsmilies) ? 'checked="checked"' : '', 'ALWAYS_ALLOW_SMILIES_NO' => (!$allowsmilies) ? 'checked="checked"' : '', 'AVATAR' => $avatar, ! 'LANGUAGE_SELECT' => language_select($user_lang), 'TIMEZONE_SELECT' => tz_select($user_timezone), 'STYLE_SELECT' => style_select($user_style, 'style'), 'DATE_FORMAT' => $user_dateformat, *************** *** 941,946 **** --- 1029,1035 ---- 'USER_ACTIVE_NO' => (!$user_status) ? 'checked="checked"' : '', 'RANK_SELECT_BOX' => $rank_select_box, + 'L_USERNAME' => $lang['Username'], 'L_USER_TITLE' => $lang['User_admin'], 'L_USER_EXPLAIN' => $lang['User_admin_explain'], 'L_NEW_PASSWORD' => $lang['New_password'], *************** *** 954,960 **** 'L_YAHOO' => $lang['YIM'], 'L_WEBSITE' => $lang['Website'], 'L_AIM' => $lang['AIM'], ! 'L_LOCATION' => $lang['From'], 'L_OCCUPATION' => $lang['Occupation'], 'L_BOARD_LANGUAGE' => $lang['Board_lang'], 'L_BOARD_STYLE' => $lang['Board_style'], --- 1043,1049 ---- 'L_YAHOO' => $lang['YIM'], 'L_WEBSITE' => $lang['Website'], 'L_AIM' => $lang['AIM'], ! 'L_LOCATION' => $lang['Location'], 'L_OCCUPATION' => $lang['Occupation'], 'L_BOARD_LANGUAGE' => $lang['Board_lang'], 'L_BOARD_STYLE' => $lang['Board_style'], *************** *** 971,977 **** 'L_ALWAYS_ADD_SIGNATURE' => $lang['Always_add_sig'], 'L_SPECIAL' => $lang['User_special'], ! 'L_SPECIAL_EXPLAIN' => $lang['User_specail_explain'], 'L_USER_ACTIVE' => $lang['User_status'], 'L_ALLOW_PM' => $lang['User_allowpm'], 'L_ALLOW_AVATAR' => $lang['User_allowavatar'], --- 1060,1066 ---- 'L_ALWAYS_ADD_SIGNATURE' => $lang['Always_add_sig'], 'L_SPECIAL' => $lang['User_special'], ! 'L_SPECIAL_EXPLAIN' => $lang['User_special_explain'], 'L_USER_ACTIVE' => $lang['User_status'], 'L_ALLOW_PM' => $lang['User_allowpm'], 'L_ALLOW_AVATAR' => $lang['User_allowavatar'], *************** *** 1012,1018 **** 'S_PROFILE_ACTION' => append_sid("admin_users.$phpEx")) ); ! if( file_exists('./../' . $board_config['avatar_path'] ) ) { if ( $form_enctype != '' ) { --- 1101,1107 ---- 'S_PROFILE_ACTION' => append_sid("admin_users.$phpEx")) ); ! if( file_exists(@phpbb_realpath('./../' . $board_config['avatar_path'])) && ($board_config['allow_avatar_upload'] == TRUE) ) { if ( $form_enctype != '' ) { *************** *** 1021,1053 **** $template->assign_block_vars('avatar_remote_upload', array() ); } ! if( file_exists('./../' . $board_config['avatar_gallery_path'] ) ) { $template->assign_block_vars('avatar_local_gallery', array() ); } } $template->pparse('body'); - } else { // // Default user selection box // - $sql = "SELECT user_id, username - FROM " . USERS_TABLE . " - WHERE user_id <> " . ANONYMOUS ." - ORDER BY username"; - $result = $db->sql_query($sql); - - $select_list = ''; - $template->set_filenames(array( 'body' => 'admin/user_select_body.tpl') ); --- 1110,1133 ---- $template->assign_block_vars('avatar_remote_upload', array() ); } ! if( file_exists(@phpbb_realpath('./../' . $board_config['avatar_gallery_path'])) && ($board_config['allow_avatar_local'] == TRUE) ) { $template->assign_block_vars('avatar_local_gallery', array() ); } + + if( $board_config['allow_avatar_remote'] == TRUE ) + { + $template->assign_block_vars('avatar_remote_link', array() ); + } } $template->pparse('body'); } else { // // Default user selection box // $template->set_filenames(array( 'body' => 'admin/user_select_body.tpl') ); *************** *** 1059,1065 **** 'L_LOOK_UP' => $lang['Look_up_user'], 'L_FIND_USERNAME' => $lang['Find_username'], ! 'U_SEARCH_USER' => append_sid("../search.$phpEx?mode=searchuser"), 'S_USER_ACTION' => append_sid("admin_users.$phpEx"), 'S_USER_SELECT' => $select_list) --- 1139,1145 ---- 'L_LOOK_UP' => $lang['Look_up_user'], 'L_FIND_USERNAME' => $lang['Find_username'], ! 'U_SEARCH_USER' => append_sid("./../search.$phpEx?mode=searchuser"), 'S_USER_ACTION' => append_sid("admin_users.$phpEx"), 'S_USER_SELECT' => $select_list) *************** *** 1068,1073 **** } ! include('page_footer_admin.'.$phpEx); ! ?> --- 1148,1153 ---- } ! include('./page_footer_admin.'.$phpEx); ! ?> \ No newline at end of file diff -crN phpbb200/admin/admin_words.php phpbb2017/admin/admin_words.php *** phpbb200/admin/admin_words.php Sat Jul 10 20:16:13 2004 --- phpbb2017/admin/admin_words.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_words.php,v 1.10 2002/03/22 17:00:33 psotfx Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_words.php,v 1.10.2.3 2004/03/25 15:57:20 acydburn Exp $ * * ***************************************************************************/ *************** *** 32,44 **** // // Load default header // ! $phpbb_root_path = "../"; require($phpbb_root_path . 'extension.inc'); ! require('pagestart.' . $phpEx); if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) ) { $mode = ($HTTP_GET_VARS['mode']) ? $HTTP_GET_VARS['mode'] : $HTTP_POST_VARS['mode']; } else { --- 32,45 ---- // // Load default header // ! $phpbb_root_path = "./../"; require($phpbb_root_path . 'extension.inc'); ! require('./pagestart.' . $phpEx); if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) ) { $mode = ($HTTP_GET_VARS['mode']) ? $HTTP_GET_VARS['mode'] : $HTTP_POST_VARS['mode']; + $mode = htmlspecialchars($mode); } else { *************** *** 63,69 **** { if( $mode == "edit" || $mode == "add" ) { ! $word_id = ( isset($HTTP_GET_VARS['id']) ) ? $HTTP_GET_VARS['id'] : 0; $template->set_filenames(array( "body" => "admin/words_edit_body.tpl") --- 64,70 ---- { if( $mode == "edit" || $mode == "add" ) { ! $word_id = ( isset($HTTP_GET_VARS['id']) ) ? intval($HTTP_GET_VARS['id']) : 0; $template->set_filenames(array( "body" => "admin/words_edit_body.tpl") *************** *** 109,119 **** $template->pparse("body"); ! include('page_footer_admin.'.$phpEx); } else if( $mode == "save" ) { ! $word_id = ( isset($HTTP_POST_VARS['id']) ) ? $HTTP_POST_VARS['id'] : 0; $word = ( isset($HTTP_POST_VARS['word']) ) ? trim($HTTP_POST_VARS['word']) : ""; $replacement = ( isset($HTTP_POST_VARS['replacement']) ) ? trim($HTTP_POST_VARS['replacement']) : ""; --- 110,120 ---- $template->pparse("body"); ! include('./page_footer_admin.'.$phpEx); } else if( $mode == "save" ) { ! $word_id = ( isset($HTTP_POST_VARS['id']) ) ? intval($HTTP_POST_VARS['id']) : 0; $word = ( isset($HTTP_POST_VARS['word']) ) ? trim($HTTP_POST_VARS['word']) : ""; $replacement = ( isset($HTTP_POST_VARS['replacement']) ) ? trim($HTTP_POST_VARS['replacement']) : ""; *************** *** 150,155 **** --- 151,157 ---- if( isset($HTTP_POST_VARS['id']) || isset($HTTP_GET_VARS['id']) ) { $word_id = ( isset($HTTP_POST_VARS['id']) ) ? $HTTP_POST_VARS['id'] : $HTTP_GET_VARS['id']; + $word_id = intval($word_id); } else { *************** *** 172,178 **** } else { ! message_die(GENERAL_MESSAGE, $lang['Must_specify_word']); } } } --- 174,180 ---- } else { ! message_die(GENERAL_MESSAGE, $lang['No_word_selected']); } } } *************** *** 230,235 **** $template->pparse("body"); ! include('page_footer_admin.'.$phpEx); ?> --- 232,237 ---- $template->pparse("body"); ! include('./page_footer_admin.'.$phpEx); ?> diff -crN phpbb200/admin/index.php phpbb2017/admin/index.php *** phpbb200/admin/index.php Sat Jul 10 20:16:13 2004 --- phpbb2017/admin/index.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: index.php,v 1.40 2002/03/25 20:37:14 the_systech Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: index.php,v 1.40.2.7 2005/02/21 18:37:02 acydburn Exp $ * * ***************************************************************************/ *************** *** 26,34 **** // Load default header // $no_page_header = TRUE; ! $phpbb_root_path = "../"; require($phpbb_root_path . 'extension.inc'); ! require('pagestart.' . $phpEx); // --------------- // Begin functions --- 26,34 ---- // Load default header // $no_page_header = TRUE; ! $phpbb_root_path = "./../"; require($phpbb_root_path . 'extension.inc'); ! require('./pagestart.' . $phpEx); // --------------- // Begin functions *************** *** 68,74 **** unset($setmodules); ! include('page_header_admin.'.$phpEx); $template->set_filenames(array( "body" => "admin/index_navigate.tpl") --- 68,74 ---- unset($setmodules); ! include('./page_header_admin.'.$phpEx); $template->set_filenames(array( "body" => "admin/index_navigate.tpl") *************** *** 116,127 **** $template->pparse("body"); ! include('page_footer_admin.'.$phpEx); } elseif( isset($HTTP_GET_VARS['pane']) && $HTTP_GET_VARS['pane'] == 'right' ) { ! include('page_header_admin.'.$phpEx); $template->set_filenames(array( "body" => "admin/index_body.tpl") --- 116,127 ---- $template->pparse("body"); ! include('./page_footer_admin.'.$phpEx); } elseif( isset($HTTP_GET_VARS['pane']) && $HTTP_GET_VARS['pane'] == 'right' ) { ! include('./page_header_admin.'.$phpEx); $template->set_filenames(array( "body" => "admin/index_body.tpl") *************** *** 132,137 **** --- 132,138 ---- "L_ADMIN_INTRO" => $lang['Admin_intro'], "L_FORUM_STATS" => $lang['Forum_stats'], "L_WHO_IS_ONLINE" => $lang['Who_is_Online'], + "L_USERNAME" => $lang['Username'], "L_LOCATION" => $lang['Location'], "L_LAST_UPDATE" => $lang['Last_updated'], "L_IP_ADDRESS" => $lang['IP_Address'], *************** *** 331,337 **** WHERE s.session_logged_in = " . TRUE . " AND u.user_id = s.session_user_id AND u.user_id <> " . ANONYMOUS . " ! AND u.user_session_time >= " . ( time() - 300 ) . " ORDER BY u.user_session_time DESC"; if(!$result = $db->sql_query($sql)) { --- 332,338 ---- WHERE s.session_logged_in = " . TRUE . " AND u.user_id = s.session_user_id AND u.user_id <> " . ANONYMOUS . " ! AND s.session_time >= " . ( time() - 300 ) . " ORDER BY u.user_session_time DESC"; if(!$result = $db->sql_query($sql)) { *************** *** 454,460 **** "FORUM_LOCATION" => $location, "IP_ADDRESS" => $reg_ip, ! "U_WHOIS_IP" => "http://www.samspade.org/t/ipwhois?a=$reg_ip", "U_USER_PROFILE" => append_sid("admin_users.$phpEx?mode=edit&" . POST_USERS_URL . "=" . $onlinerow_reg[$i]['user_id']), "U_FORUM_LOCATION" => append_sid($location_url)) ); --- 455,461 ---- "FORUM_LOCATION" => $location, "IP_ADDRESS" => $reg_ip, ! "U_WHOIS_IP" => "http://network-tools.com/default.asp?host=$reg_ip", "U_USER_PROFILE" => append_sid("admin_users.$phpEx?mode=edit&" . POST_USERS_URL . "=" . $onlinerow_reg[$i]['user_id']), "U_FORUM_LOCATION" => append_sid($location_url)) ); *************** *** 546,552 **** "FORUM_LOCATION" => $location, "IP_ADDRESS" => $guest_ip, ! "U_WHOIS_IP" => "http://www.samspade.org/t/ipwhois?a=$guest_ip", "U_FORUM_LOCATION" => append_sid($location_url)) ); } --- 547,553 ---- "FORUM_LOCATION" => $location, "IP_ADDRESS" => $guest_ip, ! "U_WHOIS_IP" => "http://network-tools.com/default.asp?host=$guest_ip", "U_FORUM_LOCATION" => append_sid($location_url)) ); } *************** *** 559,567 **** ); } $template->pparse("body"); ! include('page_footer_admin.'.$phpEx); } else --- 560,633 ---- ); } + // Check for new version + $current_version = explode('.', '2' . $board_config['version']); + $minor_revision = (int) $current_version[2]; + + $errno = 0; + $errstr = $version_info = ''; + + if ($fsock = @fsockopen('www.phpbb.com', 80, $errno, $errstr)) + { + @fputs($fsock, "GET /updatecheck/20x.txt HTTP/1.1\r\n"); + @fputs($fsock, "HOST: www.phpbb.com\r\n"); + @fputs($fsock, "Connection: close\r\n\r\n"); + + $get_info = false; + while (!@feof($fsock)) + { + if ($get_info) + { + $version_info .= @fread($fsock, 1024); + } + else + { + if (@fgets($fsock, 1024) == "\r\n") + { + $get_info = true; + } + } + } + @fclose($fsock); + + $version_info = explode("\n", $version_info); + $latest_head_revision = (int) $version_info[0]; + $latest_minor_revision = (int) $version_info[2]; + $latest_version = (int) $version_info[0] . '.' . (int) $version_info[1] . '.' . (int) $version_info[2]; + + if ($latest_head_revision == 2 && $minor_revision == $latest_minor_revision) + { + $version_info = '

' . $lang['Version_up_to_date'] . '

'; + } + else + { + $version_info = '

' . $lang['Version_not_up_to_date']; + $version_info .= '
' . sprintf($lang['Latest_version_info'], $latest_version) . sprintf($lang['Current_version_info'], '2' . $board_config['version']) . '

'; + } + } + else + { + if ($errstr) + { + $version_info = '

' . sprintf($lang['Connect_socket_error'], $errstr) . '

'; + } + else + { + $version_info = '

' . $lang['Socket_functions_disabled'] . '

'; + } + } + + $version_info .= '

' . $lang['Mailing_list_subscribe_reminder'] . '

'; + + + $template->assign_vars(array( + 'VERSION_INFO' => $version_info, + 'L_VERSION_INFORMATION' => $lang['Version_information']) + ); + $template->pparse("body"); ! include('./page_footer_admin.'.$phpEx); } else *************** *** 583,590 **** $template->pparse("body"); exit; } ! ?> --- 649,657 ---- $template->pparse("body"); + $db->sql_close(); exit; } ! ?> \ No newline at end of file diff -crN phpbb200/admin/page_footer_admin.php phpbb2017/admin/page_footer_admin.php *** phpbb200/admin/page_footer_admin.php Sat Jul 10 20:16:13 2004 --- phpbb2017/admin/page_footer_admin.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: page_footer_admin.php,v 1.9.2.1 2002/04/04 14:47:18 psotfx Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: page_footer_admin.php,v 1.9.2.3 2005/04/15 20:15:47 acydburn Exp $ * * ***************************************************************************/ *************** *** 33,39 **** ); $template->assign_vars(array( ! 'PHPBB_VERSION' => '2' . $board_config['version'], 'TRANSLATION_INFO' => $lang['TRANSLATION_INFO']) ); --- 33,39 ---- ); $template->assign_vars(array( ! 'PHPBB_VERSION' => ($userdata['user_level'] == ADMIN && $userdata['user_id'] != ANONYMOUS) ? '2' . $board_config['version'] : '', 'TRANSLATION_INFO' => $lang['TRANSLATION_INFO']) ); *************** *** 62,68 **** $gzip_contents = gzcompress($gzip_contents, 9); $gzip_contents = substr($gzip_contents, 0, strlen($gzip_contents) - 4); ! echo '\x1f\x8b\x08\x00\x00\x00\x00\x00'; echo $gzip_contents; echo pack('V', $gzip_crc); echo pack('V', $gzip_size); --- 62,68 ---- $gzip_contents = gzcompress($gzip_contents, 9); $gzip_contents = substr($gzip_contents, 0, strlen($gzip_contents) - 4); ! echo "\x1f\x8b\x08\x00\x00\x00\x00\x00"; echo $gzip_contents; echo pack('V', $gzip_crc); echo pack('V', $gzip_size); diff -crN phpbb200/admin/page_header_admin.php phpbb2017/admin/page_header_admin.php *** phpbb200/admin/page_header_admin.php Sat Jul 10 20:16:13 2004 --- phpbb2017/admin/page_header_admin.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: page_header_admin.php,v 1.12 2002/03/22 17:00:33 psotfx Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: page_header_admin.php,v 1.12.2.6 2005/03/26 14:15:59 acydburn Exp $ * * ***************************************************************************/ *************** *** 31,52 **** // gzip_compression // $do_gzip_compress = FALSE; ! if($board_config['gzip_compress']) { $phpver = phpversion(); ! if($phpver >= '4.0.4pl1') { ! if(extension_loaded('zlib')) { ob_start('ob_gzhandler'); } } ! else if($phpver > '4.0') { ! if(strstr($HTTP_SERVER_VARS['HTTP_ACCEPT_ENCODING'], 'gzip')) { ! if(extension_loaded('zlib')) { $do_gzip_compress = TRUE; ob_start(); --- 31,54 ---- // gzip_compression // $do_gzip_compress = FALSE; ! if ( $board_config['gzip_compress'] ) { $phpver = phpversion(); ! $useragent = (isset($HTTP_SERVER_VARS['HTTP_USER_AGENT'])) ? $HTTP_SERVER_VARS['HTTP_USER_AGENT'] : getenv('HTTP_USER_AGENT'); ! ! if ( $phpver >= '4.0.4pl1' && ( strstr($useragent,'compatible') || strstr($useragent,'Gecko') ) ) { ! if ( extension_loaded('zlib') ) { ob_start('ob_gzhandler'); } } ! else if ( $phpver > '4.0' ) { ! if ( strstr($HTTP_SERVER_VARS['HTTP_ACCEPT_ENCODING'], 'gzip') ) { ! if ( extension_loaded('zlib') ) { $do_gzip_compress = TRUE; ob_start(); *************** *** 62,67 **** --- 64,73 ---- 'header' => 'admin/page_header.tpl') ); + // Format Timezone. We are unable to use array_pop here, because of PHP3 compatibility + $l_timezone = explode('.', $board_config['board_timezone']); + $l_timezone = (count($l_timezone) > 1 && $l_timezone[count($l_timezone)-1] != 0) ? $lang[sprintf('%.1f', $board_config['board_timezone'])] : $lang[number_format($board_config['board_timezone'])]; + // // The following assigns all _common_ variables that may be used at any point // in a template. Note that all URL's should be wrapped in append_sid, as *************** *** 72,105 **** 'PAGE_TITLE' => $page_title, 'L_ADMIN' => $lang['Admin'], ! 'L_USERNAME' => $lang['Username'], ! 'L_PASSWORD' => $lang['Password'], ! 'L_INDEX' => $lang['Forum_Index'], ! 'L_REGISTER' => $lang['Register'], ! 'L_PROFILE' => $lang['Profile'], ! 'L_SEARCH' => $lang['Search'], ! 'L_PRIVATEMSGS' => $lang['Private_msgs'], ! 'L_MEMBERLIST' => $lang['Memberlist'], 'L_FAQ' => $lang['FAQ'], - 'L_USERGROUPS' => $lang['Usergroups'], - 'L_FORUM' => $lang['Forum'], - 'L_TOPICS' => $lang['Topics'], - 'L_REPLIES' => $lang['Replies'], - 'L_VIEWS' => $lang['Views'], - 'L_POSTS' => $lang['Posts'], - 'L_LASTPOST' => $lang['Last_Post'], - 'L_MODERATOR' => $lang['Moderator'], - 'L_NONEWPOSTS' => $lang['No_new_posts'], - 'L_NEWPOSTS' => $lang['New_posts'], - 'L_POSTED' => $lang['Posted'], - 'L_JOINED' => $lang['Joined'], - 'L_AUTHOR' => $lang['Author'], - 'L_MESSAGE' => $lang['Message'], - 'L_BY' => $lang['by'], 'U_INDEX' => append_sid('../index.'.$phpEx), ! 'S_TIMEZONE' => sprintf($lang['All_times'], $lang[$board_config['board_timezone']]), 'S_LOGIN_ACTION' => append_sid('../login.'.$phpEx), 'S_JUMPBOX_ACTION' => append_sid('../viewforum.'.$phpEx), 'S_CURRENT_TIME' => sprintf($lang['Current_time'], create_date($board_config['default_dateformat'], time(), $board_config['board_timezone'])), --- 78,89 ---- 'PAGE_TITLE' => $page_title, 'L_ADMIN' => $lang['Admin'], ! 'L_INDEX' => sprintf($lang['Forum_Index'], $board_config['sitename']), 'L_FAQ' => $lang['FAQ'], 'U_INDEX' => append_sid('../index.'.$phpEx), ! 'S_TIMEZONE' => sprintf($lang['All_times'], $l_timezone), 'S_LOGIN_ACTION' => append_sid('../login.'.$phpEx), 'S_JUMPBOX_ACTION' => append_sid('../viewforum.'.$phpEx), 'S_CURRENT_TIME' => sprintf($lang['Current_time'], create_date($board_config['default_dateformat'], time(), $board_config['board_timezone'])), *************** *** 151,154 **** $template->pparse('header'); ! ?> \ No newline at end of file --- 135,138 ---- $template->pparse('header'); ! ?> diff -crN phpbb200/admin/pagestart.php phpbb2017/admin/pagestart.php *** phpbb200/admin/pagestart.php Sat Jul 10 20:16:13 2004 --- phpbb2017/admin/pagestart.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: pagestart.php,v 1.1 2002/03/22 13:48:43 psotfx Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: pagestart.php,v 1.1.2.9 2005/06/26 14:39:30 acydburn Exp $ * * ***************************************************************************/ *************** *** 20,32 **** * ***************************************************************************/ ! if ( !defined('IN_PHPBB') ) { die("Hacking attempt"); } define('IN_ADMIN', true); ! include($phpbb_root_path . 'common.'.$phpEx); // --- 20,32 ---- * ***************************************************************************/ ! if (!defined('IN_PHPBB')) { die("Hacking attempt"); } define('IN_ADMIN', true); ! // Include files include($phpbb_root_path . 'common.'.$phpEx); // *************** *** 37,56 **** // // End session management // ! if( !$userdata['session_logged_in'] ) { ! header("Location: ../" . append_sid("login.$phpEx?redirect=admin/")); } ! else if( $userdata['user_level'] != ADMIN ) { message_die(GENERAL_MESSAGE, $lang['Not_admin']); } ! if ( empty($no_page_header) ) { // Not including the pageheader can be neccesarry if META tags are // needed in the calling script. ! include('page_header_admin.'.$phpEx); } ?> --- 37,74 ---- // // End session management // ! ! if (!$userdata['session_logged_in']) { ! redirect(append_sid("login.$phpEx?redirect=admin/index.$phpEx", true)); } ! else if ($userdata['user_level'] != ADMIN) { message_die(GENERAL_MESSAGE, $lang['Not_admin']); } ! if ($HTTP_GET_VARS['sid'] != $userdata['session_id']) ! { ! $url = str_replace(preg_replace('#^\/?(.*?)\/?$#', '\1', trim($board_config['server_name'])), '', $HTTP_SERVER_VARS['REQUEST_URI']); ! $url = str_replace(preg_replace('#^\/?(.*?)\/?$#', '\1', trim($board_config['script_path'])), '', $url); ! $url = str_replace('//', '/', $url); ! $url = preg_replace('/sid=([^&]*)(&?)/i', '', $url); ! $url = preg_replace('/\?$/', '', $url); ! $url .= ((strpos($url, '?')) ? '&' : '?') . 'sid=' . $userdata['session_id']; ! ! redirect("index.$phpEx?sid=" . $userdata['session_id']); ! } ! ! if (!$userdata['session_admin']) ! { ! redirect(append_sid("login.$phpEx?redirect=admin/index.$phpEx&admin=1", true)); ! } ! ! if (empty($no_page_header)) { // Not including the pageheader can be neccesarry if META tags are // needed in the calling script. ! include('./page_header_admin.'.$phpEx); } ?> diff -crN phpbb200/common.php phpbb2017/common.php *** phpbb200/common.php Sat Jul 10 20:16:14 2004 --- phpbb2017/common.php Tue Jul 19 22:14:58 2005 *************** *** 6,13 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: common.php,v 1.74 2002/03/18 23:45:24 psotfx Exp $ ! * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: common.php,v 1.74.2.17 2005/02/21 19:29:30 acydburn Exp $ * ***************************************************************************/ *************** *** 25,33 **** --- 24,105 ---- die("Hacking attempt"); } + // error_reporting (E_ERROR | E_WARNING | E_PARSE); // This will NOT report uninitialized variables set_magic_quotes_runtime(0); // Disable magic_quotes_runtime + // The following code (unsetting globals) was contributed by Matt Kavanagh + + // PHP5 with register_long_arrays off? + if (!isset($HTTP_POST_VARS) && isset($_POST)) + { + $HTTP_POST_VARS = $_POST; + $HTTP_GET_VARS = $_GET; + $HTTP_SERVER_VARS = $_SERVER; + $HTTP_COOKIE_VARS = $_COOKIE; + $HTTP_ENV_VARS = $_ENV; + $HTTP_POST_FILES = $_FILES; + + // _SESSION is the only superglobal which is conditionally set + if (isset($_SESSION)) + { + $HTTP_SESSION_VARS = $_SESSION; + } + } + + if (@phpversion() < '4.0.0') + { + // PHP3 path; in PHP3, globals are _always_ registered + + // We 'flip' the array of variables to test like this so that + // we can validate later with isset($test[$var]) (no in_array()) + $test = array('HTTP_GET_VARS' => NULL, 'HTTP_POST_VARS' => NULL, 'HTTP_COOKIE_VARS' => NULL, 'HTTP_SERVER_VARS' => NULL, 'HTTP_ENV_VARS' => NULL, 'HTTP_POST_FILES' => NULL, 'phpEx' => NULL, 'phpbb_root_path' => NULL); + + // Loop through each input array + @reset($test); + while (list($input,) = @each($test)) + { + while (list($var,) = @each($$input)) + { + // Validate the variable to be unset + if (!isset($test[$var]) && $var != 'test' && $var != 'input') + { + unset($$var); + } + } + } + } + else if (@ini_get('register_globals') == '1' || strtolower(@ini_get('register_globals')) == 'on') + { + // PHP4+ path + $not_unset = array('HTTP_GET_VARS', 'HTTP_POST_VARS', 'HTTP_COOKIE_VARS', 'HTTP_SERVER_VARS', 'HTTP_SESSION_VARS', 'HTTP_ENV_VARS', 'HTTP_POST_FILES', 'phpEx', 'phpbb_root_path'); + + // Not only will array_merge give a warning if a parameter + // is not an array, it will actually fail. So we check if + // HTTP_SESSION_VARS has been initialised. + if (!isset($HTTP_SESSION_VARS)) + { + $HTTP_SESSION_VARS = array(); + } + + // Merge all into one extremely huge array; unset + // this later + $input = array_merge($HTTP_GET_VARS, $HTTP_POST_VARS, $HTTP_COOKIE_VARS, $HTTP_SERVER_VARS, $HTTP_SESSION_VARS, $HTTP_ENV_VARS, $HTTP_POST_FILES); + + unset($input['input']); + unset($input['not_unset']); + + while (list($var,) = @each($input)) + { + if (!in_array($var, $not_unset)) + { + unset($$var); + } + } + + unset($input); + } + // // addslashes to vars if magic_quotes_gpc is off // this is a security precaution to prevent someone *************** *** 101,118 **** // malicious rewriting of language and otherarray values via // URI params // ! $board_config = Array(); ! $userdata = Array(); ! $theme = Array(); ! $images = Array(); ! $lang = Array(); $gen_simple_header = FALSE; ! @include($phpbb_root_path . 'config.'.$phpEx); if( !defined("PHPBB_INSTALLED") ) { ! header("Location: install.$phpEx"); } include($phpbb_root_path . 'includes/constants.'.$phpEx); --- 173,192 ---- // malicious rewriting of language and otherarray values via // URI params // ! $board_config = array(); ! $userdata = array(); ! $theme = array(); ! $images = array(); ! $lang = array(); ! $nav_links = array(); $gen_simple_header = FALSE; ! include($phpbb_root_path . 'config.'.$phpEx); if( !defined("PHPBB_INSTALLED") ) { ! header("Location: install/install.$phpEx"); ! exit; } include($phpbb_root_path . 'includes/constants.'.$phpEx); *************** *** 123,166 **** include($phpbb_root_path . 'includes/db.'.$phpEx); // - // Mozilla navigation bar - // Default items that should be valid on all pages. - // Defined here and not in page_header.php so they can be redefined in the code - // - $nav_links['top'] = array ( - 'url' => append_sid($phpbb_root_dir."index.".$phpEx), - 'title' => sprintf($lang['Forum_Index'], $board_config['sitename']) - ); - $nav_links['search'] = array ( - 'url' => append_sid($phpbb_root_dir."search.".$phpEx), - 'title' => $lang['Search'] - ); - $nav_links['help'] = array ( - 'url' => append_sid($phpbb_root_dir."faq.".$phpEx), - 'title' => $lang['FAQ'] - ); - $nav_links['author'] = array ( - 'url' => append_sid($phpbb_root_dir."memberlist.".$phpEx), - 'title' => $lang['Memberlist'] - ); - - // // Obtain and encode users IP // ! if( getenv('HTTP_X_FORWARDED_FOR') != '' ) ! { ! $client_ip = ( !empty($HTTP_SERVER_VARS['REMOTE_ADDR']) ) ? $HTTP_SERVER_VARS['REMOTE_ADDR'] : ( ( !empty($HTTP_ENV_VARS['REMOTE_ADDR']) ) ? $HTTP_ENV_VARS['REMOTE_ADDR'] : $REMOTE_ADDR ); ! ! if ( preg_match("/^([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)/", getenv('HTTP_X_FORWARDED_FOR'), $ip_list) ) ! { ! $private_ip = array('/^127\.0\.0\.1/', '/^192\.168\..*/', '/^172\.16\..*/', '/^10..*/', '/^224..*/', '/^240..*/'); ! $client_ip = preg_replace($private_ip, $client_ip, $ip_list[1]); ! } ! } ! else ! { ! $client_ip = ( !empty($HTTP_SERVER_VARS['REMOTE_ADDR']) ) ? $HTTP_SERVER_VARS['REMOTE_ADDR'] : ( ( !empty($HTTP_ENV_VARS['REMOTE_ADDR']) ) ? $HTTP_ENV_VARS['REMOTE_ADDR'] : $REMOTE_ADDR ); ! } $user_ip = encode_ip($client_ip); // --- 197,210 ---- include($phpbb_root_path . 'includes/db.'.$phpEx); // // Obtain and encode users IP // ! // I'm removing HTTP_X_FORWARDED_FOR ... this may well cause other problems such as ! // private range IP's appearing instead of the guilty routable IP, tough, don't ! // even bother complaining ... go scream and shout at the idiots out there who feel ! // "clever" is doing harm rather than good ... karma is a great thing ... :) ! // ! $client_ip = ( !empty($HTTP_SERVER_VARS['REMOTE_ADDR']) ) ? $HTTP_SERVER_VARS['REMOTE_ADDR'] : ( ( !empty($HTTP_ENV_VARS['REMOTE_ADDR']) ) ? $HTTP_ENV_VARS['REMOTE_ADDR'] : getenv('REMOTE_ADDR') ); $user_ip = encode_ip($client_ip); // *************** *** 170,185 **** // $sql = "SELECT * FROM " . CONFIG_TABLE; ! if(!$result = $db->sql_query($sql)) { message_die(CRITICAL_ERROR, "Could not query config information", "", __LINE__, __FILE__, $sql); } ! else { ! while($row = $db->sql_fetchrow($result)) ! { ! $board_config[$row['config_name']] = $row['config_value']; ! } } // --- 214,232 ---- // $sql = "SELECT * FROM " . CONFIG_TABLE; ! if( !($result = $db->sql_query($sql)) ) { message_die(CRITICAL_ERROR, "Could not query config information", "", __LINE__, __FILE__, $sql); } ! ! while ( $row = $db->sql_fetchrow($result) ) { ! $board_config[$row['config_name']] = $row['config_value']; ! } ! ! if (file_exists('install') || file_exists('contrib')) ! { ! message_die(GENERAL_MESSAGE, 'Please ensure both the install/ and contrib/ directories are deleted'); } // diff -crN phpbb200/db/msaccess.php phpbb2017/db/msaccess.php *** phpbb200/db/msaccess.php Sat Jul 10 20:16:13 2004 --- phpbb2017/db/msaccess.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: msaccess.php,v 1.8 2002/03/20 17:47:26 psotfx Exp $ * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: msaccess.php,v 1.8.2.2 2002/09/28 12:50:59 psotfx Exp $ * ***************************************************************************/ *************** *** 117,123 **** $query = "TOP " . ( $row_offset + $num_rows ) . $query; } ! $this->result = odbc_exec($this->db_connect_id, "SELECT $query"); if( $this->result ) { --- 117,123 ---- $query = "TOP " . ( $row_offset + $num_rows ) . $query; } ! $this->result = odbc_exec($this->db_connect_id, "SELECT $query"); if( $this->result ) { *************** *** 148,154 **** $row_inner++; } ! $this->num_rows[$this->result] = count($this->result_rowset[$this->result]); odbc_free_result($this->result); } --- 148,154 ---- $row_inner++; } ! $this->num_rows[$this->result] = count($this->result_rowset[$this->result]); odbc_free_result($this->result); } *************** *** 165,171 **** { if( odbc_fetch_row($result_id) ) { ! $this->next_id[$this->db_connect_id] = odbc_result($result_id, 1); $this->affected_rows[$this->db_connect_id] = odbc_num_rows($this->result); } } --- 165,171 ---- { if( odbc_fetch_row($result_id) ) { ! $this->next_id[$this->db_connect_id] = odbc_result($result_id, 1); $this->affected_rows[$this->db_connect_id] = odbc_num_rows($this->result); } } *************** *** 232,238 **** // function sql_numrows($query_id = 0) { ! if( !$query_id ) { $query_id = $this->result; } --- 232,238 ---- // function sql_numrows($query_id = 0) { ! if( !$query_id ) { $query_id = $this->result; } diff -crN phpbb200/db/mssql.php phpbb2017/db/mssql.php *** phpbb200/db/mssql.php Sat Jul 10 20:16:13 2004 --- phpbb2017/db/mssql.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : supportphpbb.com * ! * $Id: mssql.php,v 1.22 2002/03/05 02:19:38 psotfx Exp $ * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : supportphpbb.com * ! * $Id: mssql.php,v 1.22.2.2 2002/12/21 18:31:53 psotfx Exp $ * ***************************************************************************/ *************** *** 51,57 **** $this->server = $sqlserver; $this->dbname = $database; ! $this->db_connect_id = ( $this->persistency ) ? mssql_pconnect($this->server, $this->user, $this->password) : mssql_connect($this->server, $this->user, $this->password); if( $this->db_connect_id && $this->dbname != "" ) { --- 51,57 ---- $this->server = $sqlserver; $this->dbname = $database; ! $this->db_connect_id = ( $this->persistency ) ? @mssql_pconnect($this->server, $this->user, $this->password) : @mssql_connect($this->server, $this->user, $this->password); if( $this->db_connect_id && $this->dbname != "" ) { *************** *** 92,98 **** // // Query method // ! function sql_query($query = "", $transaction = FALSE) { // // Remove any pre-existing queries --- 92,98 ---- // // Query method // ! function sql_query($query = '', $transaction = FALSE) { // // Remove any pre-existing queries *************** *** 100,112 **** unset($this->result); unset($this->row); ! if ( $query != "" ) { $this->num_queries++; if ( $transaction == BEGIN_TRANSACTION && !$this->in_transaction ) { ! if ( !mssql_query("BEGIN TRANSACTION", $this->db_connect_id) ) { return false; } --- 100,112 ---- unset($this->result); unset($this->row); ! if ( $query != '' ) { $this->num_queries++; if ( $transaction == BEGIN_TRANSACTION && !$this->in_transaction ) { ! if ( !@mssql_query('BEGIN TRANSACTION', $this->db_connect_id) ) { return false; } *************** *** 125,131 **** // returns something then there's a problem. This may well be a false assumption though // ... needs checking under Windows itself. // ! if( preg_match("/^SELECT(.*?)(LIMIT ([0-9]+)[, ]*([0-9]+)*)?$/s", $query, $limits) ) { $query = $limits[1]; --- 125,131 ---- // returns something then there's a problem. This may well be a false assumption though // ... needs checking under Windows itself. // ! if( preg_match('#^SELECT(.*?)(LIMIT ([0-9]+)[, ]*([0-9]+)*)?$#s', $query, $limits) ) { $query = $limits[1]; *************** *** 134,143 **** $row_offset = ( $limits[4] ) ? $limits[3] : ""; $num_rows = ( $limits[4] ) ? $limits[4] : $limits[3]; ! $query = "TOP " . ( $row_offset + $num_rows ) . $query; } ! $this->result = mssql_query("SELECT $query", $this->db_connect_id); if( $this->result ) { --- 134,143 ---- $row_offset = ( $limits[4] ) ? $limits[3] : ""; $num_rows = ( $limits[4] ) ? $limits[4] : $limits[3]; ! $query = 'TOP ' . ( $row_offset + $num_rows ) . $query; } ! $this->result = @mssql_query("SELECT $query", $this->db_connect_id); if( $this->result ) { *************** *** 145,164 **** if( $row_offset > 0 ) { ! mssql_data_seek($this->result, $row_offset); } } } ! else if( eregi("^INSERT ", $query) ) { ! if( mssql_query($query, $this->db_connect_id) ) { $this->result = time() + microtime(); ! $result_id = mssql_query("SELECT @@IDENTITY AS id, @@ROWCOUNT as affected", $this->db_connect_id); if( $result_id ) { ! if( $row = mssql_fetch_array($result_id) ) { $this->next_id[$this->db_connect_id] = $row['id']; $this->affected_rows[$this->db_connect_id] = $row['affected']; --- 145,164 ---- if( $row_offset > 0 ) { ! @mssql_data_seek($this->result, $row_offset); } } } ! else if( preg_match('#^INSERT #i', $query) ) { ! if( @mssql_query($query, $this->db_connect_id) ) { $this->result = time() + microtime(); ! $result_id = @mssql_query('SELECT @@IDENTITY AS id, @@ROWCOUNT as affected', $this->db_connect_id); if( $result_id ) { ! if( $row = @mssql_fetch_array($result_id) ) { $this->next_id[$this->db_connect_id] = $row['id']; $this->affected_rows[$this->db_connect_id] = $row['affected']; *************** *** 168,181 **** } else { ! if( mssql_query($query, $this->db_connect_id) ) { $this->result = time() + microtime(); ! $result_id = mssql_query("SELECT @@ROWCOUNT as affected", $this->db_connect_id); if( $result_id ) { ! if( $row = mssql_fetch_array($result_id) ) { $this->affected_rows[$this->db_connect_id] = $row['affected']; } --- 168,181 ---- } else { ! if( @mssql_query($query, $this->db_connect_id) ) { $this->result = time() + microtime(); ! $result_id = @mssql_query('SELECT @@ROWCOUNT as affected', $this->db_connect_id); if( $result_id ) { ! if( $row = @mssql_fetch_array($result_id) ) { $this->affected_rows[$this->db_connect_id] = $row['affected']; } *************** *** 187,193 **** { if( $this->in_transaction ) { ! mssql_query("ROLLBACK", $this->db_connect_id); $this->in_transaction = FALSE; } --- 187,193 ---- { if( $this->in_transaction ) { ! @mssql_query('ROLLBACK', $this->db_connect_id); $this->in_transaction = FALSE; } *************** *** 198,204 **** { $this->in_transaction = FALSE; ! if( !@mssql_query("COMMIT", $this->db_connect_id) ) { @mssql_query("ROLLBACK", $this->db_connect_id); return false; --- 198,204 ---- { $this->in_transaction = FALSE; ! if( !@mssql_query('COMMIT', $this->db_connect_id) ) { @mssql_query("ROLLBACK", $this->db_connect_id); return false; *************** *** 213,221 **** { $this->in_transaction = FALSE; ! if( !@mssql_query("COMMIT", $this->db_connect_id) ) { ! @mssql_query("ROLLBACK", $this->db_connect_id); return false; } } --- 213,221 ---- { $this->in_transaction = FALSE; ! if( !@mssql_query('COMMIT', $this->db_connect_id) ) { ! @mssql_query('ROLLBACK', $this->db_connect_id); return false; } } *************** *** 236,242 **** if( $query_id ) { ! return ( !empty($this->limit_offset[$query_id]) ) ? mssql_num_rows($query_id) - $this->limit_offset[$query_id] : @mssql_num_rows($query_id); } else { --- 236,242 ---- if( $query_id ) { ! return ( !empty($this->limit_offset[$query_id]) ) ? @mssql_num_rows($query_id) - $this->limit_offset[$query_id] : @mssql_num_rows($query_id); } else { *************** *** 251,257 **** $query_id = $this->result; } ! return ( $query_id ) ? mssql_num_fields($query_id) : false; } function sql_fieldname($offset, $query_id = 0) --- 251,257 ---- $query_id = $this->result; } ! return ( $query_id ) ? @mssql_num_fields($query_id) : false; } function sql_fieldname($offset, $query_id = 0) *************** *** 261,267 **** $query_id = $this->result; } ! return ( $query_id ) ? mssql_field_name($query_id, $offset) : false; } function sql_fieldtype($offset, $query_id = 0) --- 261,267 ---- $query_id = $this->result; } ! return ( $query_id ) ? @mssql_field_name($query_id, $offset) : false; } function sql_fieldtype($offset, $query_id = 0) *************** *** 271,277 **** $query_id = $this->result; } ! return ( $query_id ) ? mssql_field_type($query_id, $offset) : false; } function sql_fetchrow($query_id = 0) --- 271,277 ---- $query_id = $this->result; } ! return ( $query_id ) ? @mssql_field_type($query_id, $offset) : false; } function sql_fetchrow($query_id = 0) *************** *** 285,296 **** { empty($row); ! $row = mssql_fetch_array($query_id); while( list($key, $value) = @each($row) ) { $row[$key] = stripslashes($value); } return $row; } --- 285,297 ---- { empty($row); ! $row = @mssql_fetch_array($query_id); while( list($key, $value) = @each($row) ) { $row[$key] = stripslashes($value); } + @reset($row); return $row; } *************** *** 312,318 **** $i = 0; empty($rowset); ! while( $row = mssql_fetch_array($query_id)) { while( list($key, $value) = @each($row) ) { --- 313,319 ---- $i = 0; empty($rowset); ! while( $row = @mssql_fetch_array($query_id)) { while( list($key, $value) = @each($row) ) { *************** *** 320,325 **** --- 321,327 ---- } $i++; } + @reset($rowset); return $rowset; } *************** *** 342,359 **** { if( $this->limit_offset[$query_id] > 0 ) { ! $result = ( !empty($this->limit_offset[$query_id]) ) ? mssql_result($this->result, ($this->limit_offset[$query_id] + $row), $field) : false; } else { ! $result = mssql_result($this->result, $row, $field); } } else { if( empty($this->row[$query_id]) ) { ! $this->row[$query_id] = mssql_fetch_array($query_id); $result = stripslashes($this->row[$query_id][$field]); } } --- 344,361 ---- { if( $this->limit_offset[$query_id] > 0 ) { ! $result = ( !empty($this->limit_offset[$query_id]) ) ? @mssql_result($this->result, ($this->limit_offset[$query_id] + $row), $field) : false; } else { ! $result = @mssql_result($this->result, $row, $field); } } else { if( empty($this->row[$query_id]) ) { ! $this->row[$query_id] = @mssql_fetch_array($query_id); $result = stripslashes($this->row[$query_id][$field]); } } *************** *** 375,381 **** if( $query_id ) { ! return ( !empty($this->limit_offset[$query_id]) ) ? mssql_data_seek($query_id, ($this->limit_offset[$query_id] + $rownum)) : mssql_data_seek($query_id, $rownum); } else { --- 377,383 ---- if( $query_id ) { ! return ( !empty($this->limit_offset[$query_id]) ) ? @mssql_data_seek($query_id, ($this->limit_offset[$query_id] + $rownum)) : @mssql_data_seek($query_id, $rownum); } else { *************** *** 400,406 **** $query_id = $this->result; } ! return ( $query_id ) ? mssql_free_result($query_id) : false; } function sql_error($query_id = 0) --- 402,408 ---- $query_id = $this->result; } ! return ( $query_id ) ? @mssql_free_result($query_id) : false; } function sql_error($query_id = 0) diff -crN phpbb200/db/oracle.php phpbb2017/db/oracle.php *** phpbb200/db/oracle.php Sat Jul 10 20:16:13 2004 --- phpbb2017/db/oracle.php Thu Jan 1 01:00:00 1970 *************** *** 1,472 **** - persistency = $persistency; - $this->user = $sqluser; - $this->password = $sqlpassword; - $this->server = $sqlserver; - $this->dbname = $database; - - if($this->persistency) - { - $this->db_connect_id = @OCIPLogon($this->user, $this->password, $this->server); - } - else - { - $this->db_connect_id = @OCINLogon($this->user, $this->password, $this->server); - } - if($this->db_connect_id) - { - return $this->db_connect_id; - } - else - { - return false; - } - } - - // - // Other base methods - // - function sql_close() - { - if($this->db_connect_id) - { - // Commit outstanding transactions - if($this->in_transaction) - { - OCICommit($this->db_connect_id); - } - - if($this->query_result) - { - @OCIFreeStatement($this->query_result); - } - $result = @OCILogoff($this->db_connect_id); - return $result; - } - else - { - return false; - } - } - - // - // Base query method - // - function sql_query($query = "", $transaction = FALSE) - { - // Remove any pre-existing queries - unset($this->query_result); - - // Put us in transaction mode because with Oracle as soon as you make a query you're in a transaction - $this->in_transaction = TRUE; - - if($query != "") - { - $this->last_query = $query; - $this->num_queries++; - - if(eregi("LIMIT", $query)) - { - preg_match("/^(.*)LIMIT ([0-9]+)[, ]*([0-9]+)*/s", $query, $limits); - - $query = $limits[1]; - if($limits[3]) - { - $row_offset = $limits[2]; - $num_rows = $limits[3]; - } - else - { - $row_offset = 0; - $num_rows = $limits[2]; - } - } - - if(eregi("^(INSERT|UPDATE) ", $query)) - { - $query = preg_replace("/\\\'/s", "''", $query); - } - - $this->query_result = @OCIParse($this->db_connect_id, $query); - $success = @OCIExecute($this->query_result, OCI_DEFAULT); - } - if($success) - { - if($transaction == END_TRANSACTION) - { - OCICommit($this->db_connect_id); - $this->in_transaction = FALSE; - } - - unset($this->row[$this->query_result]); - unset($this->rowset[$this->query_result]); - $this->last_query_text[$this->query_result] = $query; - - return $this->query_result; - } - else - { - if($this->in_transaction) - { - OCIRollback($this->db_connect_id); - } - return false; - } - } - - // - // Other query methods - // - function sql_numrows($query_id = 0) - { - if(!$query_id) - { - $query_id = $this->query_result; - } - if($query_id) - { - $result = @OCIFetchStatement($query_id, $this->rowset); - // OCIFetchStatment kills our query result so we have to execute the statment again - // if we ever want to use the query_id again. - @OCIExecute($query_id, OCI_DEFAULT); - return $result; - } - else - { - return false; - } - } - function sql_affectedrows($query_id = 0) - { - if(!$query_id) - { - $query_id = $this->query_result; - } - if($query_id) - { - $result = @OCIRowCount($query_id); - return $result; - } - else - { - return false; - } - } - function sql_numfields($query_id = 0) - { - if(!$query_id) - { - $query_id = $this->query_result; - } - if($query_id) - { - $result = @OCINumCols($query_id); - return $result; - } - else - { - return false; - } - } - function sql_fieldname($offset, $query_id = 0) - { - // OCIColumnName uses a 1 based array so we have to up the offset by 1 in here to maintain - // full abstraction compatibitly - $offset += 1; - if(!$query_id) - { - $query_id = $this->query_result; - } - if($query_id) - { - $result = strtolower(@OCIColumnName($query_id, $offset)); - return $result; - } - else - { - return false; - } - } - function sql_fieldtype($offset, $query_id = 0) - { - // This situation is the same as fieldname - $offset += 1; - if(!$query_id) - { - $query_id = $this->query_result; - } - if($query_id) - { - $result = @OCIColumnType($query_id, $offset); - return $result; - } - else - { - return false; - } - } - function sql_fetchrow($query_id = 0, $debug = FALSE) - { - if(!$query_id) - { - $query_id = $this->query_result; - } - if($query_id) - { - $result_row = ""; - $result = @OCIFetchInto($query_id, $result_row, OCI_ASSOC+OCI_RETURN_NULLS); - if($debug) - { - echo "Query was: ".$this->last_query . "
"; - echo "Result: $result
"; - echo "Query ID: $query_id
"; - echo "
";
- 				var_dump($result_row);
- 				echo "
"; - } - if($result_row == "") - { - return false; - } - - for($i = 0; $i < count($result_row); $i++) - { - list($key, $val) = each($result_row); - $return_arr[strtolower($key)] = $val; - } - $this->row[$query_id] = $return_arr; - - return $this->row[$query_id]; - } - else - { - return false; - } - } - // This function probably isn't as efficant is it could be but any other way I do it - // I end up losing 1 row... - function sql_fetchrowset($query_id = 0) - { - if(!$query_id) - { - $query_id = $this->query_result; - } - if($query_id) - { - $rows = @OCIFetchStatement($query_id, $results); - @OCIExecute($query_id, OCI_DEFAULT); - for($i = 0; $i <= $rows; $i++) - { - @OCIFetchInto($query_id, $tmp_result, OCI_ASSOC+OCI_RETURN_NULLS); - - for($j = 0; $j < count($tmp_result); $j++) - { - list($key, $val) = each($tmp_result); - $return_arr[strtolower($key)] = $val; - } - $result[] = $return_arr; - } - return $result; - } - else - { - return false; - } - } - function sql_fetchfield($field, $rownum = -1, $query_id = 0) - { - if(!$query_id) - { - $query_id = $this->query_result; - } - if($query_id) - { - if($rownum > -1) - { - // Reset the internal rownum pointer. - @OCIExecute($query_id, OCI_DEFAULT); - for($i = 0; $i < $rownum; $i++) - { - // Move the interal pointer to the row we want - @OCIFetch($query_id); - } - // Get the field data. - $result = @OCIResult($query_id, strtoupper($field)); - } - else - { - // The internal pointer should be where we want it - // so we just grab the field out of the current row. - $result = @OCIResult($query_id, strtoupper($field)); - } - return $result; - } - else - { - return false; - } - } - function sql_rowseek($rownum, $query_id = 0) - { - if(!$query_id) - { - $query_id = $this->query_result; - } - if($query_id) - { - @OCIExecute($query_id, OCI_DEFAULT); - for($i = 0; $i < $rownum; $i++) - { - @OCIFetch($query_id); - } - $result = @OCIFetch($query_id); - return $result; - } - else - { - return false; - } - } - function sql_nextid($query_id = 0) - { - if(!$query_id) - { - $query_id = $this->query_result; - } - if($query_id && $this->last_query_text[$query_id] != "") - { - if( eregi("^(INSERT{1}|^INSERT INTO{1})[[:space:]][\"]?([a-zA-Z0-9\_\-]+)[\"]?", $this->last_query_text[$query_id], $tablename)) - { - $query = "SELECT ".$tablename[2]."_id_seq.currval FROM DUAL"; - $stmt = @OCIParse($this->db_connect_id, $query); - @OCIExecute($stmt,OCI_DEFAULT ); - $temp_result = @OCIFetchInto($stmt, $temp_result, OCI_ASSOC+OCI_RETURN_NULLS); - if($temp_result) - { - return $temp_result['CURRVAL']; - } - else - { - return false; - } - } - else - { - return false; - } - } - else - { - return false; - } - } - - function sql_nextid($query_id = 0) - { - if(!$query_id) - { - $query_id = $this->query_result; - } - if($query_id && $this->last_query_text[$query_id] != "") - { - if( eregi("^(INSERT{1}|^INSERT INTO{1})[[:space:]][\"]?([a-zA-Z0-9\_\-]+)[\"]?", $this->last_query_text[$query_id], $tablename)) - { - $query = "SELECT ".$tablename[2]."_id_seq.CURRVAL FROM DUAL"; - $temp_q_id = @OCIParse($this->db_connect_id, $query); - @OCIExecute($temp_q_id, OCI_DEFAULT); - @OCIFetchInto($temp_q_id, $temp_result, OCI_ASSOC+OCI_RETURN_NULLS); - - if($temp_result) - { - return $temp_result['CURRVAL']; - } - else - { - return false; - } - } - else - { - return false; - } - } - else - { - return false; - } - } - - - - function sql_freeresult($query_id = 0) - { - if(!$query_id) - { - $query_id = $this->query_result; - } - if($query_id) - { - $result = @OCIFreeStatement($query_id); - return $result; - } - else - { - return false; - } - } - function sql_error($query_id = 0) - { - if(!$query_id) - { - $query_id = $this->query_result; - } - $result = @OCIError($query_id); - return $result; - } - - } // class sql_db - - } // if ... define - - ?> \ No newline at end of file --- 0 ---- diff -crN phpbb200/db/postgres7.php phpbb2017/db/postgres7.php *** phpbb200/db/postgres7.php Sat Jul 10 20:16:13 2004 --- phpbb2017/db/postgres7.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : supportphpbb.com * ! * $Id: postgres7.php,v 1.19 2002/03/05 02:19:38 psotfx Exp $ * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : supportphpbb.com * ! * $Id: postgres7.php,v 1.19.2.3 2005/05/06 20:50:10 acydburn Exp $ * ***************************************************************************/ diff -crN phpbb200/faq.php phpbb2017/faq.php *** phpbb200/faq.php Sat Jul 10 20:16:13 2004 --- phpbb2017/faq.php Tue Jul 19 22:14:58 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: faq.php,v 1.14 2002/03/31 00:06:33 psotfx Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: faq.php,v 1.14.2.2 2004/07/11 16:46:15 acydburn Exp $ * * ***************************************************************************/ *************** *** 34,39 **** --- 34,42 ---- // End session management // + // Set vars to prevent naughtiness + $faq = array(); + // // Load the appropriate faq file // *************** *** 97,103 **** $template->set_filenames(array( 'body' => 'faq_body.tpl') ); ! make_jumpbox('viewforum.'.$phpEx, $forum_id); $template->assign_vars(array( 'L_FAQ_TITLE' => $l_title, --- 100,106 ---- $template->set_filenames(array( 'body' => 'faq_body.tpl') ); ! make_jumpbox('viewforum.'.$phpEx); $template->assign_vars(array( 'L_FAQ_TITLE' => $l_title, diff -crN phpbb200/groupcp.php phpbb2017/groupcp.php *** phpbb200/groupcp.php Sat Jul 10 20:16:13 2004 --- phpbb2017/groupcp.php Tue Jul 19 22:14:58 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: groupcp.php,v 1.58 2002/04/03 22:24:56 psotfx Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: groupcp.php,v 1.58.2.23 2005/05/06 20:50:10 acydburn Exp $ * * ***************************************************************************/ *************** *** 29,35 **** // function generate_user_info(&$row, $date_format, $group_mod, &$from, &$posts, &$joined, &$poster_avatar, &$profile_img, &$profile, &$search_img, &$search, &$pm_img, &$pm, &$email_img, &$email, &$www_img, &$www, &$icq_status_img, &$icq_img, &$icq, &$aim_img, &$aim, &$msn_img, &$msn, &$yim_img, &$yim) { ! global $lang, $images, $board_config; $from = ( !empty($row['user_from']) ) ? $row['user_from'] : ' '; $joined = create_date($date_format, $row['user_regdate'], $board_config['board_timezone']); --- 29,35 ---- // function generate_user_info(&$row, $date_format, $group_mod, &$from, &$posts, &$joined, &$poster_avatar, &$profile_img, &$profile, &$search_img, &$search, &$pm_img, &$pm, &$email_img, &$email, &$www_img, &$www, &$icq_status_img, &$icq_img, &$icq, &$aim_img, &$aim, &$msn_img, &$msn, &$yim_img, &$yim) { ! global $lang, $images, $board_config, $phpEx; $from = ( !empty($row['user_from']) ) ? $row['user_from'] : ' '; $joined = create_date($date_format, $row['user_regdate'], $board_config['board_timezone']); *************** *** 127,133 **** if ( isset($HTTP_GET_VARS[POST_GROUPS_URL]) || isset($HTTP_POST_VARS[POST_GROUPS_URL]) ) { ! $group_id = ( isset($HTTP_GET_VARS[POST_GROUPS_URL]) ) ? intval($HTTP_GET_VARS[POST_GROUPS_URL]) : intval($HTTP_POST_VARS[POST_GROUPS_URL]); } else { --- 127,133 ---- if ( isset($HTTP_GET_VARS[POST_GROUPS_URL]) || isset($HTTP_POST_VARS[POST_GROUPS_URL]) ) { ! $group_id = ( isset($HTTP_POST_VARS[POST_GROUPS_URL]) ) ? intval($HTTP_POST_VARS[POST_GROUPS_URL]) : intval($HTTP_GET_VARS[POST_GROUPS_URL]); } else { *************** *** 137,142 **** --- 137,143 ---- if ( isset($HTTP_POST_VARS['mode']) || isset($HTTP_GET_VARS['mode']) ) { $mode = ( isset($HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode']; + $mode = htmlspecialchars($mode); } else { *************** *** 151,164 **** // // Default var values // - $header_location = ( @preg_match('/Microsoft|WebSTAR/', getenv('SERVER_SOFTWARE')) ) ? 'Refresh: 0; URL=' : 'Location: '; $is_moderator = FALSE; if ( isset($HTTP_POST_VARS['groupstatus']) && $group_id ) { if ( !$userdata['session_logged_in'] ) { ! header($header_location . append_sid("login.$phpEx?redirect=groupcp.$phpEx&" . POST_GROUPS_URL . "=$group_id", true)); } $sql = "SELECT group_moderator --- 152,164 ---- // // Default var values // $is_moderator = FALSE; if ( isset($HTTP_POST_VARS['groupstatus']) && $group_id ) { if ( !$userdata['session_logged_in'] ) { ! redirect(append_sid("login.$phpEx?redirect=groupcp.$phpEx&" . POST_GROUPS_URL . "=$group_id", true)); } $sql = "SELECT group_moderator *************** *** 207,213 **** // if ( !$userdata['session_logged_in'] ) { ! header($header_location . ppend_sid("login.$phpEx?redirect=groupcp.$phpEx&" . POST_GROUPS_URL . "=$group_id", true)); } $sql = "SELECT ug.user_id, g.group_type --- 207,213 ---- // if ( !$userdata['session_logged_in'] ) { ! redirect(append_sid("login.$phpEx?redirect=groupcp.$phpEx&" . POST_GROUPS_URL . "=$group_id", true)); } $sql = "SELECT ug.user_id, g.group_type *************** *** 275,291 **** include($phpbb_root_path . 'includes/emailer.'.$phpEx); $emailer = new emailer($board_config['smtp_delivery']); ! $email_headers = 'From: ' . $board_config['board_email'] . "\nReturn-Path: " . $board_config['board_email'] . "\r\n"; $emailer->use_template('group_request', $moderator['user_lang']); $emailer->email_address($moderator['user_email']); ! $emailer->set_subject();//$lang['Group_request'] ! $emailer->extra_headers($email_headers); $emailer->assign_vars(array( 'SITENAME' => $board_config['sitename'], 'GROUP_MODERATOR' => $moderator['username'], ! 'EMAIL_SIG' => str_replace('
', "\n", "-- \n" . $board_config['board_email_sig']), 'U_GROUPCP' => $server_url . '?' . POST_GROUPS_URL . "=$group_id&validate=true") ); --- 275,291 ---- include($phpbb_root_path . 'includes/emailer.'.$phpEx); $emailer = new emailer($board_config['smtp_delivery']); ! $emailer->from($board_config['board_email']); ! $emailer->replyto($board_config['board_email']); $emailer->use_template('group_request', $moderator['user_lang']); $emailer->email_address($moderator['user_email']); ! $emailer->set_subject($lang['Group_request']); $emailer->assign_vars(array( 'SITENAME' => $board_config['sitename'], 'GROUP_MODERATOR' => $moderator['username'], ! 'EMAIL_SIG' => (!empty($board_config['board_email_sig'])) ? str_replace('
', "\n", "-- \n" . $board_config['board_email_sig']) : '', 'U_GROUPCP' => $server_url . '?' . POST_GROUPS_URL . "=$group_id&validate=true") ); *************** *** 308,318 **** // if ( $cancel ) { ! header($header_location . ppend_sid("groupcp.$phpEx", true)); } elseif ( !$userdata['session_logged_in'] ) { ! header($header_location . append_sid("login.$phpEx?redirect=groupcp.$phpEx&" . POST_GROUPS_URL . "=$group_id", true)); } if ( $confirm ) --- 308,318 ---- // if ( $cancel ) { ! redirect(append_sid("groupcp.$phpEx", true)); } elseif ( !$userdata['session_logged_in'] ) { ! redirect(append_sid("login.$phpEx?redirect=groupcp.$phpEx&" . POST_GROUPS_URL . "=$group_id", true)); } if ( $confirm ) *************** *** 337,343 **** message_die(GENERAL_ERROR, 'Could not obtain moderator status', '', __LINE__, __FILE__, $sql); } ! if ( !($row = $db->sql_fetchrow($result)) ) { $sql = "UPDATE " . USERS_TABLE . " SET user_level = " . USER . " --- 337,343 ---- message_die(GENERAL_ERROR, 'Could not obtain moderator status', '', __LINE__, __FILE__, $sql); } ! if ( !($row = $db->sql_fetchrow($result)) || $row['is_auth_mod'] == 0 ) { $sql = "UPDATE " . USERS_TABLE . " SET user_level = " . USER . " *************** *** 353,359 **** 'META' => '') ); ! $message = $lang['Usub_success'] . '

' . sprintf($lang['Click_return_group'], '', '') . '

' . sprintf($lang['Click_return_index'], '', ''); message_die(GENERAL_MESSAGE, $message); } --- 353,359 ---- 'META' => '') ); ! $message = $lang['Unsub_success'] . '

' . sprintf($lang['Click_return_group'], '', '') . '

' . sprintf($lang['Click_return_index'], '', ''); message_die(GENERAL_MESSAGE, $message); } *************** *** 395,401 **** { if ( !$userdata['session_logged_in'] ) { ! header($header_location . append_sid("login.$phpEx?redirect=groupcp.$phpEx&" . POST_GROUPS_URL . "=$group_id", true)); } } --- 395,401 ---- { if ( !$userdata['session_logged_in'] ) { ! redirect(append_sid("login.$phpEx?redirect=groupcp.$phpEx&" . POST_GROUPS_URL . "=$group_id", true)); } } *************** *** 425,431 **** $sql = "SELECT g.group_moderator, g.group_type, aa.auth_mod FROM " . GROUPS_TABLE . " g, " . AUTH_ACCESS_TABLE . " aa WHERE g.group_id = $group_id ! AND aa.group_id = g.group_id(+)"; break; default: --- 425,431 ---- $sql = "SELECT g.group_moderator, g.group_type, aa.auth_mod FROM " . GROUPS_TABLE . " g, " . AUTH_ACCESS_TABLE . " aa WHERE g.group_id = $group_id ! AND aa.group_id (+) = g.group_id"; break; default: *************** *** 456,462 **** { if ( !$userdata['session_logged_in'] ) { ! header($header_location . append_sid("login.$phpEx?redirect=groupcp.$phpEx&" . POST_GROUPS_URL . "=$group_id", true)); } if ( !$is_moderator ) --- 456,462 ---- { if ( !$userdata['session_logged_in'] ) { ! redirect(append_sid("login.$phpEx?redirect=groupcp.$phpEx&" . POST_GROUPS_URL . "=$group_id", true)); } if ( !$is_moderator ) *************** *** 472,478 **** if ( isset($HTTP_POST_VARS['add']) ) { ! $username = ( isset($HTTP_POST_VARS['username']) ) ? $HTTP_POST_VARS['username'] : ""; $sql = "SELECT user_id, user_email, user_lang, user_level FROM " . USERS_TABLE . " --- 472,478 ---- if ( isset($HTTP_POST_VARS['add']) ) { ! $username = ( isset($HTTP_POST_VARS['username']) ) ? phpbb_clean_username($HTTP_POST_VARS['username']) : ''; $sql = "SELECT user_id, user_email, user_lang, user_level FROM " . USERS_TABLE . " *************** *** 553,569 **** include($phpbb_root_path . 'includes/emailer.'.$phpEx); $emailer = new emailer($board_config['smtp_delivery']); ! $email_headers = 'From: ' . $board_config['board_email'] . "\nReturn-Path: " . $board_config['board_email'] . "\r\n"; $emailer->use_template('group_added', $row['user_lang']); $emailer->email_address($row['user_email']); ! $emailer->set_subject();//$lang['Group_added'] ! $emailer->extra_headers($email_headers); $emailer->assign_vars(array( 'SITENAME' => $board_config['sitename'], 'GROUP_NAME' => $group_name, ! 'EMAIL_SIG' => str_replace('
', "\n", "-- \n" . $board_config['board_email_sig']), 'U_GROUPCP' => $server_url . '?' . POST_GROUPS_URL . "=$group_id") ); --- 553,569 ---- include($phpbb_root_path . 'includes/emailer.'.$phpEx); $emailer = new emailer($board_config['smtp_delivery']); ! $emailer->from($board_config['board_email']); ! $emailer->replyto($board_config['board_email']); $emailer->use_template('group_added', $row['user_lang']); $emailer->email_address($row['user_email']); ! $emailer->set_subject($lang['Group_added']); $emailer->assign_vars(array( 'SITENAME' => $board_config['sitename'], 'GROUP_NAME' => $group_name, ! 'EMAIL_SIG' => (!empty($board_config['board_email_sig'])) ? str_replace('
', "\n", "-- \n" . $board_config['board_email_sig']) : '', 'U_GROUPCP' => $server_url . '?' . POST_GROUPS_URL . "=$group_id") ); *************** *** 591,597 **** $sql_in = ''; for($i = 0; $i < count($members); $i++) { ! $sql_in .= ( ( $sql_in != '' ) ? ', ' : '' ) . $members[$i]; } if ( isset($HTTP_POST_VARS['approve']) ) --- 591,597 ---- $sql_in = ''; for($i = 0; $i < count($members); $i++) { ! $sql_in .= ( ( $sql_in != '' ) ? ', ' : '' ) . intval($members[$i]); } if ( isset($HTTP_POST_VARS['approve']) ) *************** *** 685,694 **** message_die(GENERAL_ERROR, 'Could not get user email information', '', __LINE__, __FILE__, $sql); } ! $email_addresses = ''; ! while( $row = $db->sql_fetchrow($result) ) { ! $email_addresses .= ( ( $email_addresses != '' ) ? ', ' : '' ) . $row['user_email']; } // --- 685,694 ---- message_die(GENERAL_ERROR, 'Could not get user email information', '', __LINE__, __FILE__, $sql); } ! $bcc_list = array(); ! while ($row = $db->sql_fetchrow($result)) { ! $bcc_list[] = $row['user_email']; } // *************** *** 708,724 **** include($phpbb_root_path . 'includes/emailer.'.$phpEx); $emailer = new emailer($board_config['smtp_delivery']); ! $email_headers = 'From: ' . $board_config['board_email'] . "\nReturn-Path: " . $board_config['board_email'] . "\nBcc: " . $email_addresses . "\r\n"; $emailer->use_template('group_approved'); ! $emailer->email_address($userdata['user_email']); ! $emailer->set_subject();//$lang['Group_approved'] ! $emailer->extra_headers($email_headers); $emailer->assign_vars(array( 'SITENAME' => $board_config['sitename'], 'GROUP_NAME' => $group_name, ! 'EMAIL_SIG' => str_replace('
', "\n", "-- \n" . $board_config['board_email_sig']), 'U_GROUPCP' => $server_url . '?' . POST_GROUPS_URL . "=$group_id") ); --- 708,728 ---- include($phpbb_root_path . 'includes/emailer.'.$phpEx); $emailer = new emailer($board_config['smtp_delivery']); ! $emailer->from($board_config['board_email']); ! $emailer->replyto($board_config['board_email']); ! ! for ($i = 0; $i < count($bcc_list); $i++) ! { ! $emailer->bcc($bcc_list[$i]); ! } $emailer->use_template('group_approved'); ! $emailer->set_subject($lang['Group_approved']); $emailer->assign_vars(array( 'SITENAME' => $board_config['sitename'], 'GROUP_NAME' => $group_name, ! 'EMAIL_SIG' => (!empty($board_config['board_email_sig'])) ? str_replace('
', "\n", "-- \n" . $board_config['board_email_sig']) : '', 'U_GROUPCP' => $server_url . '?' . POST_GROUPS_URL . "=$group_id") ); *************** *** 893,898 **** --- 897,904 ---- generate_user_info($group_moderator, $board_config['default_dateformat'], $is_moderator, $from, $posts, $joined, $poster_avatar, $profile_img, $profile, $search_img, $search, $pm_img, $pm, $email_img, $email, $www_img, $www, $icq_status_img, $icq_img, $icq, $aim_img, $aim, $msn_img, $msn, $yim_img, $yim); + $s_hidden_fields .= ''; + $template->assign_vars(array( 'L_GROUP_INFORMATION' => $lang['Group_Information'], 'L_GROUP_NAME' => $lang['Group_name'], *************** *** 912,918 **** 'L_PENDING_MEMBERS' => $lang['Pending_members'], 'L_SELECT_SORT_METHOD' => $lang['Select_sort_method'], 'L_PM' => $lang['Private_Message'], ! 'L_EMAIL' => $lang['Email'], 'L_WEBSITE' => $lang['Website'], 'L_FROM' => $lang['Location'], 'L_ORDER' => $lang['Order'], --- 918,925 ---- 'L_PENDING_MEMBERS' => $lang['Pending_members'], 'L_SELECT_SORT_METHOD' => $lang['Select_sort_method'], 'L_PM' => $lang['Private_Message'], ! 'L_EMAIL' => $lang['Email'], ! 'L_POSTS' => $lang['Posts'], 'L_WEBSITE' => $lang['Website'], 'L_FROM' => $lang['Location'], 'L_ORDER' => $lang['Order'], *************** *** 1142,1147 **** --- 1149,1156 ---- // Select all group that the user is a member of or where the user has // a pending membership. // + $in_group = array(); + if ( $userdata['session_logged_in'] ) { $sql = "SELECT g.group_id, g.group_name, g.group_type, ug.user_pending diff -crN phpbb200/includes/auth.php phpbb2017/includes/auth.php *** phpbb200/includes/auth.php Sat Jul 10 20:16:13 2004 --- phpbb2017/includes/auth.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: auth.php,v 1.37 2002/04/02 14:03:58 psotfx Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: auth.php,v 1.37.2.5 2004/03/01 16:49:03 psotfx Exp $ * * ***************************************************************************/ *************** *** 129,137 **** if ( !($f_access = $db->$sql_fetchrow($result)) ) { ! message_die(GENERAL_ERROR, 'No forum access control lists exist', '', __LINE__, __FILE__, $sql); } - $db->sql_freeresult($result); } --- 129,137 ---- if ( !($f_access = $db->$sql_fetchrow($result)) ) { ! $db->sql_freeresult($result); ! return array(); } $db->sql_freeresult($result); } *************** *** 158,176 **** if ( $row = $db->sql_fetchrow($result) ) { ! if ( $forum_id != AUTH_LIST_ALL) ! { ! $u_access[] = $row; ! } ! else { ! do { $u_access[$row['forum_id']][] = $row; } - while( $row = $db->sql_fetchrow($result) ); } } } $is_admin = ( $userdata['user_level'] == ADMIN && $userdata['session_logged_in'] ) ? TRUE : 0; --- 158,177 ---- if ( $row = $db->sql_fetchrow($result) ) { ! do { ! if ( $forum_id != AUTH_LIST_ALL) ! { ! $u_access[] = $row; ! } ! else { $u_access[$row['forum_id']][] = $row; } } + while( $row = $db->sql_fetchrow($result) ); } + $db->sql_freeresult($result); } $is_admin = ( $userdata['user_level'] == ADMIN && $userdata['session_logged_in'] ) ? TRUE : 0; *************** *** 199,205 **** { case AUTH_ALL: $auth_user[$key] = TRUE; ! $auth_user[$key . '_type'] = $lang['Auth_Anonymous_users']; break; case AUTH_REG: --- 200,206 ---- { case AUTH_ALL: $auth_user[$key] = TRUE; ! $auth_user[$key . '_type'] = $lang['Auth_Anonymous_Users']; break; case AUTH_REG: *************** *** 238,244 **** { case AUTH_ALL: $auth_user[$f_forum_id][$key] = TRUE; ! $auth_user[$f_forum_id][$key . '_type'] = $lang['Auth_Anonymous_users']; break; case AUTH_REG: --- 239,245 ---- { case AUTH_ALL: $auth_user[$f_forum_id][$key] = TRUE; ! $auth_user[$f_forum_id][$key . '_type'] = $lang['Auth_Anonymous_Users']; break; case AUTH_REG: diff -crN phpbb200/includes/bbcode.php phpbb2017/includes/bbcode.php *** phpbb200/includes/bbcode.php Sat Jul 10 20:16:13 2004 --- phpbb2017/includes/bbcode.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: bbcode.php,v 1.36 2002/03/25 12:41:41 psotfx Exp $ * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: bbcode.php,v 1.36.2.35 2005/07/19 20:01:10 acydburn Exp $ * ***************************************************************************/ *************** *** 26,32 **** define("BBCODE_UID_LEN", 10); ! // global that holds loaded-and-prepared bbcode templates, so we only have to do // that stuff once. $bbcode_tpl = null; --- 26,32 ---- define("BBCODE_UID_LEN", 10); ! // global that holds loaded-and-prepared bbcode templates, so we only have to do // that stuff once. $bbcode_tpl = null; *************** *** 45,65 **** global $template; $tpl_filename = $template->make_filename('bbcode.tpl'); $tpl = fread(fopen($tpl_filename, 'r'), filesize($tpl_filename)); ! // replace \ with \\ and then ' with \'. $tpl = str_replace('\\', '\\\\', $tpl); $tpl = str_replace('\'', '\\\'', $tpl); ! // strip newlines. $tpl = str_replace("\n", '', $tpl); ! // Turn template blocks into PHP assignment statements for the values of $bbcode_tpls.. $tpl = preg_replace('#(.*?)#', "\n" . '$bbcode_tpls[\'\\1\'] = \'\\2\';', $tpl); ! $bbcode_tpls = array(); eval($tpl); ! return $bbcode_tpls; } --- 45,65 ---- global $template; $tpl_filename = $template->make_filename('bbcode.tpl'); $tpl = fread(fopen($tpl_filename, 'r'), filesize($tpl_filename)); ! // replace \ with \\ and then ' with \'. $tpl = str_replace('\\', '\\\\', $tpl); $tpl = str_replace('\'', '\\\'', $tpl); ! // strip newlines. $tpl = str_replace("\n", '', $tpl); ! // Turn template blocks into PHP assignment statements for the values of $bbcode_tpls.. $tpl = preg_replace('#(.*?)#', "\n" . '$bbcode_tpls[\'\\1\'] = \'\\2\';', $tpl); ! $bbcode_tpls = array(); eval($tpl); ! return $bbcode_tpls; } *************** *** 68,74 **** * Prepares the loaded bbcode templates for insertion into preg_replace() * or str_replace() calls in the bbencode_second_pass functions. This * means replacing template placeholders with the appropriate preg backrefs ! * or with language vars. NOTE: If you change how the regexps work in * bbencode_second_pass(), you MUST change this function. * * Nathan Codding, Sept 26 2001 --- 68,74 ---- * Prepares the loaded bbcode templates for insertion into preg_replace() * or str_replace() calls in the bbencode_second_pass functions. This * means replacing template placeholders with the appropriate preg backrefs ! * or with language vars. NOTE: If you change how the regexps work in * bbencode_second_pass(), you MUST change this function. * * Nathan Codding, Sept 26 2001 *************** *** 77,129 **** function prepare_bbcode_template($bbcode_tpl) { global $lang; ! $bbcode_tpl['olist_open'] = str_replace('{LIST_TYPE}', '\\1', $bbcode_tpl['olist_open']); ! $bbcode_tpl['color_open'] = str_replace('{COLOR}', '\\1', $bbcode_tpl['color_open']); ! $bbcode_tpl['size_open'] = str_replace('{SIZE}', '\\1', $bbcode_tpl['size_open']); ! $bbcode_tpl['quote_open'] = str_replace('{L_QUOTE}', $lang['Quote'], $bbcode_tpl['quote_open']); ! $bbcode_tpl['quote_username_open'] = str_replace('{L_QUOTE}', $lang['Quote'], $bbcode_tpl['quote_username_open']); $bbcode_tpl['quote_username_open'] = str_replace('{L_WROTE}', $lang['wrote'], $bbcode_tpl['quote_username_open']); $bbcode_tpl['quote_username_open'] = str_replace('{USERNAME}', '\\1', $bbcode_tpl['quote_username_open']); ! $bbcode_tpl['code_open'] = str_replace('{L_CODE}', $lang['Code'], $bbcode_tpl['code_open']); $bbcode_tpl['img'] = str_replace('{URL}', '\\1', $bbcode_tpl['img']); ! // We do URLs in several different ways.. ! $bbcode_tpl['url1'] = str_replace('{URL}', '\\1\\2', $bbcode_tpl['url']); ! $bbcode_tpl['url1'] = str_replace('{DESCRIPTION}', '\\1\\2', $bbcode_tpl['url1']); ! $bbcode_tpl['url2'] = str_replace('{URL}', 'http://\\1', $bbcode_tpl['url']); $bbcode_tpl['url2'] = str_replace('{DESCRIPTION}', '\\1', $bbcode_tpl['url2']); ! ! $bbcode_tpl['url3'] = str_replace('{URL}', '\\1\\2', $bbcode_tpl['url']); ! $bbcode_tpl['url3'] = str_replace('{DESCRIPTION}', '\\3', $bbcode_tpl['url3']); ! $bbcode_tpl['url4'] = str_replace('{URL}', 'http://\\1', $bbcode_tpl['url']); ! $bbcode_tpl['url4'] = str_replace('{DESCRIPTION}', '\\2', $bbcode_tpl['url4']); $bbcode_tpl['email'] = str_replace('{EMAIL}', '\\1', $bbcode_tpl['email']); ! define("BBCODE_TPL_READY", true); ! return $bbcode_tpl; } /** * Does second-pass bbencoding. This should be used before displaying the message in ! * a thread. Assumes the message is already first-pass encoded, and we are given the * correct UID as used in first-pass encoding. */ function bbencode_second_pass($text, $uid) { global $lang, $bbcode_tpl; // pad it with a space so we can distinguish between FALSE and matching the 1st char (index 0). // This is important; bbencode_quote(), bbencode_list(), and bbencode_code() all depend on it. $text = " " . $text; --- 77,131 ---- function prepare_bbcode_template($bbcode_tpl) { global $lang; ! $bbcode_tpl['olist_open'] = str_replace('{LIST_TYPE}', '\\1', $bbcode_tpl['olist_open']); ! $bbcode_tpl['color_open'] = str_replace('{COLOR}', '\\1', $bbcode_tpl['color_open']); ! $bbcode_tpl['size_open'] = str_replace('{SIZE}', '\\1', $bbcode_tpl['size_open']); ! $bbcode_tpl['quote_open'] = str_replace('{L_QUOTE}', $lang['Quote'], $bbcode_tpl['quote_open']); ! $bbcode_tpl['quote_username_open'] = str_replace('{L_QUOTE}', $lang['Quote'], $bbcode_tpl['quote_username_open']); $bbcode_tpl['quote_username_open'] = str_replace('{L_WROTE}', $lang['wrote'], $bbcode_tpl['quote_username_open']); $bbcode_tpl['quote_username_open'] = str_replace('{USERNAME}', '\\1', $bbcode_tpl['quote_username_open']); ! $bbcode_tpl['code_open'] = str_replace('{L_CODE}', $lang['Code'], $bbcode_tpl['code_open']); $bbcode_tpl['img'] = str_replace('{URL}', '\\1', $bbcode_tpl['img']); ! // We do URLs in several different ways.. ! $bbcode_tpl['url1'] = str_replace('{URL}', '\\1', $bbcode_tpl['url']); ! $bbcode_tpl['url1'] = str_replace('{DESCRIPTION}', '\\1', $bbcode_tpl['url1']); ! $bbcode_tpl['url2'] = str_replace('{URL}', 'http://\\1', $bbcode_tpl['url']); $bbcode_tpl['url2'] = str_replace('{DESCRIPTION}', '\\1', $bbcode_tpl['url2']); ! ! $bbcode_tpl['url3'] = str_replace('{URL}', '\\1', $bbcode_tpl['url']); ! $bbcode_tpl['url3'] = str_replace('{DESCRIPTION}', '\\2', $bbcode_tpl['url3']); ! $bbcode_tpl['url4'] = str_replace('{URL}', 'http://\\1', $bbcode_tpl['url']); ! $bbcode_tpl['url4'] = str_replace('{DESCRIPTION}', '\\3', $bbcode_tpl['url4']); $bbcode_tpl['email'] = str_replace('{EMAIL}', '\\1', $bbcode_tpl['email']); ! define("BBCODE_TPL_READY", true); ! return $bbcode_tpl; } /** * Does second-pass bbencoding. This should be used before displaying the message in ! * a thread. Assumes the message is already first-pass encoded, and we are given the * correct UID as used in first-pass encoding. */ function bbencode_second_pass($text, $uid) { global $lang, $bbcode_tpl; + $text = preg_replace('#(script|about|applet|activex|chrome):#is', "\\1:", $text); + // pad it with a space so we can distinguish between FALSE and matching the 1st char (index 0). // This is important; bbencode_quote(), bbencode_list(), and bbencode_code() all depend on it. $text = " " . $text; *************** *** 135,147 **** $text = substr($text, 1); return $text; } ! // Only load the templates ONCE.. if (!defined("BBCODE_TPL_READY")) { // load templates from file into array. $bbcode_tpl = load_bbcode_template(); ! // prepare array for use in regexps. $bbcode_tpl = prepare_bbcode_template($bbcode_tpl); } --- 137,149 ---- $text = substr($text, 1); return $text; } ! // Only load the templates ONCE.. if (!defined("BBCODE_TPL_READY")) { // load templates from file into array. $bbcode_tpl = load_bbcode_template(); ! // prepare array for use in regexps. $bbcode_tpl = prepare_bbcode_template($bbcode_tpl); } *************** *** 149,154 **** --- 151,164 ---- // [CODE] and [/CODE] for posting code (HTML, PHP, C etc etc) in your posts. $text = bbencode_second_pass_code($text, $uid, $bbcode_tpl); + // [QUOTE] and [/QUOTE] for posting replies with quote, or just for quoting stuff. + $text = str_replace("[quote:$uid]", $bbcode_tpl['quote_open'], $text); + $text = str_replace("[/quote:$uid]", $bbcode_tpl['quote_close'], $text); + + // New one liner to deal with opening quotes with usernames... + // replaces the two line version that I had here before.. + $text = preg_replace("/\[quote:$uid=\"(.*?)\"\]/si", $bbcode_tpl['quote_username_open'], $text); + // [list] and [list=x] for (un)ordered lists. // unordered lists $text = str_replace("[list:$uid]", $bbcode_tpl['ulist_open'], $text); *************** *** 165,181 **** $text = str_replace("[/color:$uid]", $bbcode_tpl['color_close'], $text); // size ! $text = preg_replace("/\[size=([\-\+]?[1-2]?[0-9]):$uid\]/si", $bbcode_tpl['size_open'], $text); $text = str_replace("[/size:$uid]", $bbcode_tpl['size_close'], $text); - // [QUOTE] and [/QUOTE] for posting replies with quote, or just for quoting stuff. - $text = str_replace("[quote:$uid]", $bbcode_tpl['quote_open'], $text); - $text = str_replace("[/quote:$uid]", $bbcode_tpl['quote_close'], $text); - - // New one liner to deal with opening quotes with usernames... - // replaces the two line version that I had here before.. - $text = preg_replace("/\[quote:$uid=(?:\"?([^\"]*)\"?)\]/si", $bbcode_tpl['quote_username_open'], $text); - // [b] and [/b] for bolding text. $text = str_replace("[b:$uid]", $bbcode_tpl['b_open'], $text); $text = str_replace("[/b:$uid]", $bbcode_tpl['b_close'], $text); --- 175,183 ---- $text = str_replace("[/color:$uid]", $bbcode_tpl['color_close'], $text); // size ! $text = preg_replace("/\[size=([1-2]?[0-9]):$uid\]/si", $bbcode_tpl['size_open'], $text); $text = str_replace("[/size:$uid]", $bbcode_tpl['size_close'], $text); // [b] and [/b] for bolding text. $text = str_replace("[b:$uid]", $bbcode_tpl['b_open'], $text); $text = str_replace("[/b:$uid]", $bbcode_tpl['b_close'], $text); *************** *** 194,221 **** // [img]image_url_here[/img] code.. // This one gets first-passed.. ! $patterns[0] = "#\[img:$uid\](.*?)\[/img:$uid\]#si"; ! $replacements[0] = $bbcode_tpl['img']; ! ! // [url]xxxx://www.phpbb.com[/url] code.. ! $patterns[1] = "#\[url\]([a-z]+?://){1}([a-z0-9\-\.,\?!%\*_\#:;~\\&$@\/=\+]+)\[/url\]#si"; ! $replacements[1] = $bbcode_tpl['url1']; // [url]www.phpbb.com[/url] code.. (no xxxx:// prefix). ! $patterns[2] = "#\[url\]([a-z0-9\-\.,\?!%\*_\#:;~\\&$@\/=\+]+)\[/url\]#si"; ! $replacements[2] = $bbcode_tpl['url2']; // [url=xxxx://www.phpbb.com]phpBB[/url] code.. ! $patterns[3] = "#\[url=([a-z]+?://){1}([a-z0-9\-\.,\?!%\*_\#:;~\\&$@\/=\+]+)\](.*?)\[/url\]#si"; ! $replacements[3] = $bbcode_tpl['url3']; // [url=www.phpbb.com]phpBB[/url] code.. (no xxxx:// prefix). ! $patterns[4] = "#\[url=([a-z0-9\-\.,\?!%\*_\#:;~\\&$@\/=\+]+)\](.*?)\[/url\]#si"; ! $replacements[4] = $bbcode_tpl['url4']; // [email]user@domain.tld[/email] code.. ! $patterns[5] = "#\[email\]([a-z0-9\-_.]+?@[\w\-]+\.([\w\-\.]+\.)?[\w]+)\[/email\]#si"; ! $replacements[5] = $bbcode_tpl['email']; $text = preg_replace($patterns, $replacements, $text); --- 196,223 ---- // [img]image_url_here[/img] code.. // This one gets first-passed.. ! $patterns[] = "#\[img:$uid\]([^?].*?)\[/img:$uid\]#i"; ! $replacements[] = $bbcode_tpl['img']; ! ! // matches a [url]xxxx://www.phpbb.com[/url] code.. ! $patterns[] = "#\[url\]([\w]+?://[\w\#$%&~/.\-;:=,?@\[\]+]*?)\[/url\]#is"; ! $replacements[] = $bbcode_tpl['url1']; // [url]www.phpbb.com[/url] code.. (no xxxx:// prefix). ! $patterns[] = "#\[url\]((www|ftp)\.[\w\#$%&~/.\-;:=,?@\[\]+]*?)\[/url\]#is"; ! $replacements[] = $bbcode_tpl['url2']; // [url=xxxx://www.phpbb.com]phpBB[/url] code.. ! $patterns[] = "#\[url=([\w]+?://[\w\#$%&~/.\-;:=,?@\[\]+]*?)\]([^?\n\r\t].*?)\[/url\]#is"; ! $replacements[] = $bbcode_tpl['url3']; // [url=www.phpbb.com]phpBB[/url] code.. (no xxxx:// prefix). ! $patterns[] = "#\[url=((www|ftp)\.[\w\#$%&~/.\-;:=,?@\[\]+]*?)\]([^?\n\r\t].*?)\[/url\]#is"; ! $replacements[] = $bbcode_tpl['url4']; // [email]user@domain.tld[/email] code.. ! $patterns[] = "#\[email\]([a-z0-9&\-_.]+?@[\w\-]+\.([\w\-\.]+\.)?[\w]+)\[/email\]#si"; ! $replacements[] = $bbcode_tpl['email']; $text = preg_replace($patterns, $replacements, $text); *************** *** 250,257 **** // [QUOTE] and [/QUOTE] for posting replies with quote, or just for quoting stuff. $text = bbencode_first_pass_pda($text, $uid, '[quote]', '[/quote]', '', false, ''); ! ! $text = bbencode_first_pass_pda($text, $uid, '/\[quote=(\\\\".*?\\\\")\]/is', '[/quote]', '', false, '', "[quote:$uid=\\1]"); // [list] and [list=x] for (un)ordered lists. $open_tag = array(); --- 252,258 ---- // [QUOTE] and [/QUOTE] for posting replies with quote, or just for quoting stuff. $text = bbencode_first_pass_pda($text, $uid, '[quote]', '[/quote]', '', false, ''); ! $text = bbencode_first_pass_pda($text, $uid, '/\[quote=(\\\".*?\\\")\]/is', '[/quote]', '', false, '', "[quote:$uid=\\1]"); // [list] and [list=x] for (un)ordered lists. $open_tag = array(); *************** *** 270,276 **** $text = preg_replace("#\[color=(\#[0-9A-F]{6}|[a-z\-]+)\](.*?)\[/color\]#si", "[color=\\1:$uid]\\2[/color:$uid]", $text); // [size] and [/size] for setting text size ! $text = preg_replace("#\[size=([\-\+]?[1-2]?[0-9])\](.*?)\[/size\]#si", "[size=\\1:$uid]\\2[/size:$uid]", $text); // [b] and [/b] for bolding text. $text = preg_replace("#\[b\](.*?)\[/b\]#si", "[b:$uid]\\1[/b:$uid]", $text); --- 271,277 ---- $text = preg_replace("#\[color=(\#[0-9A-F]{6}|[a-z\-]+)\](.*?)\[/color\]#si", "[color=\\1:$uid]\\2[/color:$uid]", $text); // [size] and [/size] for setting text size ! $text = preg_replace("#\[size=([1-2]?[0-9])\](.*?)\[/size\]#si", "[size=\\1:$uid]\\2[/size:$uid]", $text); // [b] and [/b] for bolding text. $text = preg_replace("#\[b\](.*?)\[/b\]#si", "[b:$uid]\\1[/b:$uid]", $text); *************** *** 282,294 **** $text = preg_replace("#\[i\](.*?)\[/i\]#si", "[i:$uid]\\1[/i:$uid]", $text); // [img]image_url_here[/img] code.. ! $text = preg_replace("#\[img\](([a-z]+?)://([^ \n\r]+?))\[/img\]#si", "[img:$uid]\\1[/img:$uid]", $text); // Remove our padding from the string.. ! $text = substr($text, 1); ! ! ! return $text; } // bbencode_first_pass() --- 283,292 ---- $text = preg_replace("#\[i\](.*?)\[/i\]#si", "[i:$uid]\\1[/i:$uid]", $text); // [img]image_url_here[/img] code.. ! $text = preg_replace("#\[img\]((http|ftp|https|ftps)://)([^ \?&=\#\"\n\r\t<]*?(\.(jpg|jpeg|gif|png)))\[/img\]#sie", "'[img:$uid]\\1' . str_replace(' ', '%20', '\\3') . '[/img:$uid]'", $text); // Remove our padding from the string.. ! return substr($text, 1);; } // bbencode_first_pass() *************** *** 349,357 **** $open_tag[0] = $open_tag_temp; $open_tag_count = 1; } ! $open_is_regexp = false; ! if ($open_regexp_replace) { $open_is_regexp = true; --- 347,355 ---- $open_tag[0] = $open_tag_temp; $open_tag_count = 1; } ! $open_is_regexp = false; ! if ($open_regexp_replace) { $open_is_regexp = true; *************** *** 362,373 **** $open_regexp_replace[0] = $open_regexp_temp; } } ! if ($mark_lowest_level && $open_is_regexp) { message_die(GENERAL_ERROR, "Unsupported operation for bbcode_first_pass_pda()."); } - // Start at the 2nd char of the string, looking for opening tags. $curr_pos = 1; --- 360,370 ---- $open_regexp_replace[0] = $open_regexp_temp; } } ! if ($mark_lowest_level && $open_is_regexp) { message_die(GENERAL_ERROR, "Unsupported operation for bbcode_first_pass_pda()."); } // Start at the 2nd char of the string, looking for opening tags. $curr_pos = 1; *************** *** 383,411 **** $found_start = false; $which_start_tag = ""; $start_tag_index = -1; for ($i = 0; $i < $open_tag_count; $i++) { // Grab everything until the first "]"... ! $possible_start = substr($text, $curr_pos, strpos($text, "]", $curr_pos + 1) - $curr_pos + 1); // // We're going to try and catch usernames with "[' characters. // ! if( preg_match('/\[quote\=\\\\"/si', $possible_start) && !preg_match('/\[quote=\\\\"[^"]*\\\\"\]/si', $possible_start) ) { - // // OK we are in a quote tag that probably contains a ] bracket. // Grab a bit more of the string to hopefully get all of it.. ! // ! $possible_start = substr($text, $curr_pos, strpos($text, "\"]", $curr_pos + 1) - $curr_pos + 2); } ! // // Now compare, either using regexp or not. - if ($open_is_regexp) { $match_result = array(); - // PREG regexp comparison. if (preg_match($open_tag[$i], $possible_start, $match_result)) { $found_start = true; --- 380,411 ---- $found_start = false; $which_start_tag = ""; $start_tag_index = -1; + for ($i = 0; $i < $open_tag_count; $i++) { // Grab everything until the first "]"... ! $possible_start = substr($text, $curr_pos, strpos($text, ']', $curr_pos + 1) - $curr_pos + 1); // // We're going to try and catch usernames with "[' characters. // ! if( preg_match('#\[quote=\\\"#si', $possible_start, $match) && !preg_match('#\[quote=\\\"(.*?)\\\"\]#si', $possible_start) ) { // OK we are in a quote tag that probably contains a ] bracket. // Grab a bit more of the string to hopefully get all of it.. ! if ($close_pos = strpos($text, '"]', $curr_pos + 9)) ! { ! if (strpos(substr($text, $curr_pos + 9, $close_pos - ($curr_pos + 9)), '[quote') === false) ! { ! $possible_start = substr($text, $curr_pos, $close_pos - $curr_pos + 2); ! } ! } } ! // Now compare, either using regexp or not. if ($open_is_regexp) { $match_result = array(); if (preg_match($open_tag[$i], $possible_start, $match_result)) { $found_start = true; *************** *** 433,439 **** // Push its position, the text we matched, and its index in the open_tag array on to the stack, and then keep going to the right. $match = array("pos" => $curr_pos, "tag" => $which_start_tag, "index" => $start_tag_index); bbcode_array_push($stack, $match); ! ++$curr_pos; } else { --- 433,445 ---- // Push its position, the text we matched, and its index in the open_tag array on to the stack, and then keep going to the right. $match = array("pos" => $curr_pos, "tag" => $which_start_tag, "index" => $start_tag_index); bbcode_array_push($stack, $match); ! // ! // Rather than just increment $curr_pos ! // Set it to the ending of the tag we just found ! // Keeps error in nested tag from breaking out ! // of table structure.. ! // ! $curr_pos += strlen($possible_start); } else { *************** *** 477,496 **** // Mark the lowest nesting level if needed. if ($mark_lowest_level && ($curr_nesting_depth == 1)) { $text = $before_start_tag . substr($start_tag, 0, $start_length - 1) . ":$curr_nesting_depth:$uid]"; $text .= $between_tags . substr($close_tag_new, 0, $close_tag_new_length - 1) . ":$curr_nesting_depth:$uid]"; } else { ! if ($open_is_regexp) { ! $text = $before_start_tag . $start_tag; } else { ! $text = $before_start_tag . substr($start_tag, 0, $start_length - 1) . ":$uid]"; } - $text .= $between_tags . substr($close_tag_new, 0, $close_tag_new_length - 1) . ":$uid]"; } $text .= $after_end_tag; --- 483,516 ---- // Mark the lowest nesting level if needed. if ($mark_lowest_level && ($curr_nesting_depth == 1)) { + if ($open_tag[0] == '[code]') + { + $code_entities_match = array('#<#', '#>#', '#"#', '#:#', '#\[#', '#\]#', '#\(#', '#\)#', '#\{#', '#\}#'); + $code_entities_replace = array('<', '>', '"', ':', '[', ']', '(', ')', '{', '}'); + $between_tags = preg_replace($code_entities_match, $code_entities_replace, $between_tags); + } $text = $before_start_tag . substr($start_tag, 0, $start_length - 1) . ":$curr_nesting_depth:$uid]"; $text .= $between_tags . substr($close_tag_new, 0, $close_tag_new_length - 1) . ":$curr_nesting_depth:$uid]"; } else { ! if ($open_tag[0] == '[code]') { ! $text = $before_start_tag . '[code]'; ! $text .= $between_tags . '[/code]'; } else { ! if ($open_is_regexp) ! { ! $text = $before_start_tag . $start_tag; ! } ! else ! { ! $text = $before_start_tag . substr($start_tag, 0, $start_length - 1) . ":$uid]"; ! } ! $text .= $between_tags . substr($close_tag_new, 0, $close_tag_new_length - 1) . ":$uid]"; } } $text .= $after_end_tag; *************** *** 502,509 **** { $match = bbcode_array_pop($stack); $curr_pos = $match['pos']; ! bbcode_array_push($stack, $match); ! ++$curr_pos; } else { --- 522,529 ---- { $match = bbcode_array_pop($stack); $curr_pos = $match['pos']; ! // bbcode_array_push($stack, $match); ! // ++$curr_pos; } else { *************** *** 552,566 **** { $before_replace = $matches[1][$i]; $after_replace = $matches[1][$i]; ! // Replace 2 spaces with "  " so non-tabbed code indents without making huge long lines. $after_replace = str_replace(" ", "  ", $after_replace); // now Replace 2 spaces with "  " to catch odd #s of spaces. $after_replace = str_replace(" ", "  ", $after_replace); ! // Replace tabs with "   " so tabbed code indents sorta right without making huge long lines. $after_replace = str_replace("\t", "   ", $after_replace); $str_to_match = "[code:1:$uid]" . $before_replace . "[/code:1:$uid]"; $replacement = $code_start_html; --- 572,589 ---- { $before_replace = $matches[1][$i]; $after_replace = $matches[1][$i]; ! // Replace 2 spaces with "  " so non-tabbed code indents without making huge long lines. $after_replace = str_replace(" ", "  ", $after_replace); // now Replace 2 spaces with "  " to catch odd #s of spaces. $after_replace = str_replace(" ", "  ", $after_replace); ! // Replace tabs with "   " so tabbed code indents sorta right without making huge long lines. $after_replace = str_replace("\t", "   ", $after_replace); + // now Replace space occurring at the beginning of a line + $after_replace = preg_replace("/^ {1}/m", ' ', $after_replace); + $str_to_match = "[code:1:$uid]" . $before_replace . "[/code:1:$uid]"; $replacement = $code_start_html; *************** *** 593,618 **** */ function make_clickable($text) { // pad it with a space so we can match things at the start of the 1st line. ! $ret = " " . $text; // matches an "xxxx://yyyy" URL at the start of a line, or after a space. // xxxx can only be alpha characters. ! // yyyy is anything up to the first space, newline, or comma. ! $ret = preg_replace("#([\n ])([a-z]+?)://([^,\t \n\r]+)#i", "\\1\\2://\\3", $ret); ! // matches a "www.xxxx.yyyy[/zzzz]" kinda lazy URL thing // Must contain at least 2 dots. xxxx contains either alphanum, or "-" ! // yyyy contains either alphanum, "-", or "." ! // zzzz is optional.. will contain everything up to the first space, newline, or comma. ! // This is slightly restrictive - it's not going to match stuff like "forums.foo.com" ! // This is to keep it from getting annoying and matching stuff that's not meant to be a link. ! $ret = preg_replace("#([\n ])www\.([a-z0-9\-]+)\.([a-z0-9\-.\~]+)((?:/[^,\t \n\r]*)?)#i", "\\1www.\\2.\\3\\4", $ret); // matches an email@domain type address at the start of a line, or after a space. // Note: Only the followed chars are valid; alphanums, "-", "_" and or ".". ! $ret = preg_replace("#([\n ])([a-z0-9\-_.]+?)@([\w\-]+\.([\w\-\.]+\.)?[\w]+)#i", "\\1\\2@\\3", $ret); // Remove our padding.. $ret = substr($ret, 1); --- 616,640 ---- */ function make_clickable($text) { + $text = preg_replace('#(script|about|applet|activex|chrome):#is', "\\1:", $text); // pad it with a space so we can match things at the start of the 1st line. ! $ret = ' ' . $text; // matches an "xxxx://yyyy" URL at the start of a line, or after a space. // xxxx can only be alpha characters. ! // yyyy is anything up to the first space, newline, comma, double quote or < ! $ret = preg_replace("#(^|[\n ])([\w]+?://[\w\#$%&~/.\-;:=,?@\[\]+]*)#is", "\\1\\2", $ret); ! // matches a "www|ftp.xxxx.yyyy[/zzzz]" kinda lazy URL thing // Must contain at least 2 dots. xxxx contains either alphanum, or "-" ! // zzzz is optional.. will contain everything up to the first space, newline, ! // comma, double quote or <. ! $ret = preg_replace("#(^|[\n ])((www|ftp)\.[\w\#$%&~/.\-;:=,?@\[\]+]*)#is", "\\1\\2", $ret); // matches an email@domain type address at the start of a line, or after a space. // Note: Only the followed chars are valid; alphanums, "-", "_" and or ".". ! $ret = preg_replace("#(^|[\n ])([a-z0-9&\-_.]+?)@([\w\-]+\.([\w\-\.]+\.)*[\w]+)#i", "\\1\\2@\\3", $ret); // Remove our padding.. $ret = substr($ret, 1); *************** *** 718,756 **** // function smilies_pass($message) { ! global $db, $board_config; ! static $smilies; ! if( empty($smilies) ) { ! $sql = "SELECT code, smile_url ! FROM " . SMILIES_TABLE; if( !$result = $db->sql_query($sql) ) { message_die(GENERAL_ERROR, "Couldn't obtain smilies data", "", __LINE__, __FILE__, $sql); } ! if( !$db->sql_numrows($result) ) { ! return $message; } ! $smilies = $db->sql_fetchrowset($result); ! } ! ! usort($smilies, 'smiley_sort'); ! for($i = 0; $i < count($smilies); $i++) ! { ! $orig[] = "/(?<=.\\W|\\W.|^\\W)" . phpbb_preg_quote($smilies[$i]['code'], "/") . "(?=.\\W|\\W.|\\W$)/"; ! $repl[] = '' . $smilies[$i]['smile_url'] . ''; } ! if( $i > 0 ) { $message = preg_replace($orig, $repl, ' ' . $message . ' '); $message = substr($message, 1, -1); } ! return $message; } --- 740,777 ---- // function smilies_pass($message) { ! static $orig, $repl; ! if (!isset($orig)) { ! global $db, $board_config; ! $orig = $repl = array(); ! ! $sql = 'SELECT * FROM ' . SMILIES_TABLE; if( !$result = $db->sql_query($sql) ) { message_die(GENERAL_ERROR, "Couldn't obtain smilies data", "", __LINE__, __FILE__, $sql); } + $smilies = $db->sql_fetchrowset($result); ! if (count($smilies)) { ! usort($smilies, 'smiley_sort'); } ! for ($i = 0; $i < count($smilies); $i++) ! { ! $orig[] = "/(?<=.\W|\W.|^\W)" . phpbb_preg_quote($smilies[$i]['code'], "/") . "(?=.\W|\W.|\W$)/"; ! $repl[] = '' . $smilies[$i]['emoticon'] . ''; ! } } ! if (count($orig)) { $message = preg_replace($orig, $repl, ' ' . $message . ' '); $message = substr($message, 1, -1); } ! return $message; } *************** *** 763,768 **** return ( strlen($a['code']) > strlen($b['code']) ) ? -1 : 1; } - ?> --- 784,788 ---- diff -crN phpbb200/includes/constants.php phpbb2017/includes/constants.php *** phpbb200/includes/constants.php Sat Jul 10 20:16:13 2004 --- phpbb2017/includes/constants.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : ('C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: constants.php,v 1.47 2002/04/04 11:53:50 psotfx Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : ('C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: constants.php,v 1.47.2.5 2004/11/18 17:49:42 acydburn Exp $ * * ***************************************************************************/ *************** *** 27,33 **** // Debug Level //define('DEBUG', 1); // Debugging on ! define('DEBUG', 0); // Debugging off // User Levels <- Do not change the values of USER or ADMIN --- 27,33 ---- // Debug Level //define('DEBUG', 1); // Debugging on ! define('DEBUG', 1); // Debugging off // User Levels <- Do not change the values of USER or ADMIN *************** *** 148,153 **** --- 148,154 ---- // Table names + define('CONFIRM_TABLE', $table_prefix.'confirm'); define('AUTH_ACCESS_TABLE', $table_prefix.'auth_access'); define('BANLIST_TABLE', $table_prefix.'banlist'); define('CATEGORIES_TABLE', $table_prefix.'categories'); diff -crN phpbb200/includes/emailer.php phpbb2017/includes/emailer.php *** phpbb200/includes/emailer.php Sat Jul 10 20:16:13 2004 --- phpbb2017/includes/emailer.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** copyright : (C) 2001 The phpBB Group email : support@phpbb.com ! $Id: emailer.php,v 1.15 2002/03/22 19:33:28 psotfx Exp $ ***************************************************************************/ --- 6,12 ---- copyright : (C) 2001 The phpBB Group email : support@phpbb.com ! $Id: emailer.php,v 1.15.2.34 2003/07/26 11:41:35 acydburn Exp $ ***************************************************************************/ *************** *** 26,234 **** // class emailer { ! var $tpl_file; var $use_smtp; ! var $msg; ! var $mimeOut; ! var $arrPlaceHolders = array(); // an associative array that has the key = placeHolderName and val = placeHolderValue. ! var $subject, $extra_headers, $address; function emailer($use_smtp) { $this->use_smtp = $use_smtp; ! $this->tpl_file = NULL; ! $this->address = NULL; ! $this->msg = ""; ! $this->mimeOut = ""; } - // // Resets all the data (address, template file, etc etc to default - // function reset() { ! $this->tpl_file = ""; ! $this->address = ""; ! $this->msg = ""; ! $this->memOut = ""; ! $this->vars = ""; } - // // Sets an email address to send to - // function email_address($address) { ! $success = true; ! $this->address = ''; ! $this->address .= $address; ! return $success; } - // // set up subject for mail - // function set_subject($subject = '') { ! $this->subject = $subject; } - // // set up extra mail headers - // function extra_headers($headers) { ! $this->extra_headers = $headers; } ! function use_template($template_file, $template_lang = "") { global $board_config, $phpbb_root_path; ! if( $template_lang == "" ) { ! $template_lang = $board_config['default_lang']; } ! $template_file = $phpbb_root_path . "language/lang_" . $template_lang . "/email/" . $template_file . ".tpl"; ! if( !file_exists($template_file) ) { ! message_die(GENERAL_ERROR, "Couldn't find template file: $template_file", "", __LINE__, __FILE__); ! } ! else ! { ! $this->tpl_file = $template_file; ! if( !$this->load_msg() ) ! { ! message_die(GENERAL_ERROR, "Couldn't load template file: $template_file", "", __LINE__, __FILE__); ! } } ! return TRUE; ! } ! ! // ! // Open the template file and read in the message ! // ! function load_msg() ! { ! if ($this->tpl_file == NULL) ! { ! message_die(GENERAL_ERROR, "No template file set", "", __LINE__, __FILE__); ! } ! else { ! if(!($fd = fopen($this->tpl_file, 'r'))) { ! message_die(GENERAL_ERROR, "fopen failed opening template file", "", __LINE__, __FILE__); } ! else { ! $this->msg .= fread($fd, filesize($this->tpl_file)); ! fclose($fd); } } ! return TRUE; } function assign_vars($vars) { ! if(empty($this->vars)) ! { ! $this->vars = $vars; ! } ! else ! { ! $this->vars .= $vars; ! } } ! function parse_email() { ! @reset($this->vars); ! while (list($key, $val) = @each($this->vars)) ! { ! $$key = $val; ! } // Escape all quotes, else the eval will fail. $this->msg = str_replace ("'", "\'", $this->msg); $this->msg = preg_replace('#\{([a-z0-9\-_]*?)\}#is', "' . $\\1 . '", $this->msg); eval("\$this->msg = '$this->msg';"); ! // // We now try and pull a subject from the email body ... if it exists, // do this here because the subject may contain a variable ! // $match = array(); ! preg_match("/^(Subject:(.*?)[\r\n]+?)?(.*?)$/is", $this->msg, $match); ! ! $this->msg = ( isset($match[3]) ) ? trim($match[3]) : ''; ! $this->subject = ( $this->subject != '' ) ? $this->subject : trim($match[2]); ! ! return TRUE; ! } ! ! // ! // Send the mail out to the recipients set previously in var $this->address ! // ! function send() ! { ! global $phpEx, $phpbb_root_dir; ! ! if (isset($phpbb_root_dir)) { ! // we must be in the admin section. ! $phpbb_root_path = $phpbb_root_dir; } else { ! $phpbb_root_path = "./"; } ! if ($this->address == NULL) { ! message_die(GENERAL_ERROR, "No email address set", "", __LINE__, __FILE__); } else { ! if(!$this->parse_email()) { ! return FALSE; } ! if($this->use_smtp) { ! if(!defined('SMTP_INCLUDED')) ! { ! include($phpbb_root_path . "includes/smtp.".$phpEx); ! } ! if(!smtpmail($this->address, $this->subject, $this->msg, $this->extra_headers)) { ! message_die(GENERAL_ERROR, "Sending via SMTP failed", "", __LINE__, __FILE__); } ! } ! else ! { ! @mail($this->address, $this->subject, $this->msg, $this->extra_headers); } } ! return TRUE; } // ! // Attach files via MIME. // ! function attachFile($filename, $mimetype="application/octet-stream", $szFromAddress, $szFilenameToDisplay) { $mime_boundary = "--==================_846811060==_"; ! $this->mailMsg = "--".$mime_boundary."\nContent-Type: text/plain;\n\tcharset=\"iso-8859-1\"\n\n".$this->mailMsg; if ($mime_filename) { --- 26,280 ---- // class emailer { ! var $msg, $subject, $extra_headers; ! var $addresses, $reply_to, $from; var $use_smtp; ! ! var $tpl_msg = array(); function emailer($use_smtp) { + $this->reset(); $this->use_smtp = $use_smtp; ! $this->reply_to = $this->from = ''; } // Resets all the data (address, template file, etc etc to default function reset() { ! $this->addresses = array(); ! $this->vars = $this->msg = $this->extra_headers = ''; } // Sets an email address to send to function email_address($address) { + $this->addresses['to'] = trim($address); + } ! function cc($address) ! { ! $this->addresses['cc'][] = trim($address); ! } ! function bcc($address) ! { ! $this->addresses['bcc'][] = trim($address); ! } ! function replyto($address) ! { ! $this->reply_to = trim($address); ! } ! ! function from($address) ! { ! $this->from = trim($address); } // set up subject for mail function set_subject($subject = '') { ! $this->subject = trim(preg_replace('#[\n\r]+#s', '', $subject)); } // set up extra mail headers function extra_headers($headers) { ! $this->extra_headers .= trim($headers) . "\n"; } ! function use_template($template_file, $template_lang = '') { global $board_config, $phpbb_root_path; ! if (trim($template_file) == '') { ! message_die(GENERAL_ERROR, 'No template file set', '', __LINE__, __FILE__); } ! if (trim($template_lang) == '') { ! $template_lang = $board_config['default_lang']; } ! if (empty($this->tpl_msg[$template_lang . $template_file])) { ! $tpl_file = $phpbb_root_path . 'language/lang_' . $template_lang . '/email/' . $template_file . '.tpl'; ! ! if (!@file_exists(@phpbb_realpath($tpl_file))) { ! $tpl_file = $phpbb_root_path . 'language/lang_' . $board_config['default_lang'] . '/email/' . $template_file . '.tpl'; ! ! if (!@file_exists(@phpbb_realpath($tpl_file))) ! { ! message_die(GENERAL_ERROR, 'Could not find email template file :: ' . $template_file, '', __LINE__, __FILE__); ! } } ! ! if (!($fd = @fopen($tpl_file, 'r'))) { ! message_die(GENERAL_ERROR, 'Failed opening template file :: ' . $tpl_file, '', __LINE__, __FILE__); } + + $this->tpl_msg[$template_lang . $template_file] = fread($fd, filesize($tpl_file)); + fclose($fd); } ! ! $this->msg = $this->tpl_msg[$template_lang . $template_file]; ! ! return true; } + // assign variables function assign_vars($vars) { ! $this->vars = (empty($this->vars)) ? $vars : $this->vars . $vars; } ! // Send the mail out to the recipients set previously in var $this->address ! function send() { ! global $board_config, $lang, $phpEx, $phpbb_root_path, $db; // Escape all quotes, else the eval will fail. $this->msg = str_replace ("'", "\'", $this->msg); $this->msg = preg_replace('#\{([a-z0-9\-_]*?)\}#is', "' . $\\1 . '", $this->msg); + // Set vars + reset ($this->vars); + while (list($key, $val) = each($this->vars)) + { + $$key = $val; + } + eval("\$this->msg = '$this->msg';"); ! // Clear vars ! reset ($this->vars); ! while (list($key, $val) = each($this->vars)) ! { ! unset($$key); ! } ! // We now try and pull a subject from the email body ... if it exists, // do this here because the subject may contain a variable ! $drop_header = ''; $match = array(); ! if (preg_match('#^(Subject:(.*?))$#m', $this->msg, $match)) { ! $this->subject = (trim($match[2]) != '') ? trim($match[2]) : (($this->subject != '') ? $this->subject : 'No Subject'); ! $drop_header .= '[\r\n]*?' . phpbb_preg_quote($match[1], '#'); } else { ! $this->subject = (($this->subject != '') ? $this->subject : 'No Subject'); } ! if (preg_match('#^(Charset:(.*?))$#m', $this->msg, $match)) { ! $this->encoding = (trim($match[2]) != '') ? trim($match[2]) : trim($lang['ENCODING']); ! $drop_header .= '[\r\n]*?' . phpbb_preg_quote($match[1], '#'); } else { ! $this->encoding = trim($lang['ENCODING']); ! } ! ! if ($drop_header != '') ! { ! $this->msg = trim(preg_replace('#' . $drop_header . '#s', '', $this->msg)); ! } ! ! $to = $this->addresses['to']; ! ! $cc = (count($this->addresses['cc'])) ? implode(', ', $this->addresses['cc']) : ''; ! $bcc = (count($this->addresses['bcc'])) ? implode(', ', $this->addresses['bcc']) : ''; ! ! // Build header ! $this->extra_headers = (($this->reply_to != '') ? "Reply-to: $this->reply_to\n" : '') . (($this->from != '') ? "From: $this->from\n" : "From: " . $board_config['board_email'] . "\n") . "Return-Path: " . $board_config['board_email'] . "\nMessage-ID: <" . md5(uniqid(time())) . "@" . $board_config['server_name'] . ">\nMIME-Version: 1.0\nContent-type: text/plain; charset=" . $this->encoding . "\nContent-transfer-encoding: 8bit\nDate: " . date('r', time()) . "\nX-Priority: 3\nX-MSMail-Priority: Normal\nX-Mailer: PHP\nX-MimeOLE: Produced By phpBB2\n" . $this->extra_headers . (($cc != '') ? "Cc: $cc\n" : '') . (($bcc != '') ? "Bcc: $bcc\n" : ''); ! ! // Send message ... removed $this->encode() from subject for time being ! if ( $this->use_smtp ) ! { ! if ( !defined('SMTP_INCLUDED') ) { ! include($phpbb_root_path . 'includes/smtp.' . $phpEx); } ! ! $result = smtpmail($to, $this->subject, $this->msg, $this->extra_headers); ! } ! else ! { ! $empty_to_header = ($to == '') ? TRUE : FALSE; ! $to = ($to == '') ? (($board_config['sendmail_fix']) ? ' ' : 'Undisclosed-recipients:;') : $to; ! ! $result = @mail($to, $this->subject, preg_replace("#(?msg), $this->extra_headers); ! ! if (!$result && !$board_config['sendmail_fix'] && $empty_to_header) { ! $to = ' '; ! ! $sql = "UPDATE " . CONFIG_TABLE . " ! SET config_value = '1' ! WHERE config_name = 'sendmail_fix'"; ! if (!$db->sql_query($sql)) { ! message_die(GENERAL_ERROR, 'Unable to update config table', '', __LINE__, __FILE__, $sql); } ! ! $board_config['sendmail_fix'] = 1; ! $result = @mail($to, $this->subject, preg_replace("#(?msg), $this->extra_headers); } } ! // Did it work? ! if (!$result) ! { ! message_die(GENERAL_ERROR, 'Failed sending email :: ' . (($this->use_smtp) ? 'SMTP' : 'PHP') . ' :: ' . $result, '', __LINE__, __FILE__); ! } ! ! return true; } + // Encodes the given string for proper display for this encoding ... nabbed + // from php.net and modified. There is an alternative encoding method which + // may produce lesd output but it's questionable as to its worth in this + // scenario IMO + function encode($str) + { + if ($this->encoding == '') + { + return $str; + } + + // define start delimimter, end delimiter and spacer + $end = "?="; + $start = "=?$this->encoding?B?"; + $spacer = "$end\r\n $start"; + + // determine length of encoded text within chunks and ensure length is even + $length = 75 - strlen($start) - strlen($end); + $length = floor($length / 2) * 2; + + // encode the string and split it into chunks with spacers after each chunk + $str = chunk_split(base64_encode($str), $length, $spacer); + + // remove trailing spacer and add start and end delimiters + $str = preg_replace('#' . phpbb_preg_quote($spacer, '#') . '$#', '', $str); + + return $start . $str . $end; + } // ! // Attach files via MIME. // ! function attachFile($filename, $mimetype = "application/octet-stream", $szFromAddress, $szFilenameToDisplay) { + global $lang; $mime_boundary = "--==================_846811060==_"; ! $this->msg = '--' . $mime_boundary . "\nContent-Type: text/plain;\n\tcharset=\"" . $lang['ENCODING'] . "\"\n\n" . $this->msg; if ($mime_filename) { *************** *** 244,254 **** $this->mimeOut .= "Content-Transfer-Encoding: quoted-printable\n"; $this->mimeOut .= "Content-Disposition: attachment;\n\tfilename=\"$szFilenameToDisplay\"\n\n"; ! if ($mimetype == "message/rfc822") { $this->mimeOut .= "From: ".$szFromAddress."\n"; $this->mimeOut .= "To: ".$this->emailAddress."\n"; ! $this->mimeOut .= "Date: ".date("D, d M Y G:i:s ").$this->getTimeZoneInEmailFormat()."\n"; $this->mimeOut .= "Reply-To:".$szFromAddress."\n"; $this->mimeOut .= "Subject: ".$this->mailSubject."\n"; $this->mimeOut .= "X-Mailer: PHP/".phpversion()."\n"; --- 290,300 ---- $this->mimeOut .= "Content-Transfer-Encoding: quoted-printable\n"; $this->mimeOut .= "Content-Disposition: attachment;\n\tfilename=\"$szFilenameToDisplay\"\n\n"; ! if ( $mimetype == "message/rfc822" ) { $this->mimeOut .= "From: ".$szFromAddress."\n"; $this->mimeOut .= "To: ".$this->emailAddress."\n"; ! $this->mimeOut .= "Date: ".date("D, d M Y H:i:s") . " UT\n"; $this->mimeOut .= "Reply-To:".$szFromAddress."\n"; $this->mimeOut .= "Subject: ".$this->mailSubject."\n"; $this->mimeOut .= "X-Mailer: PHP/".phpversion()."\n"; *************** *** 311,317 **** // function encode_file($sourcefile) { ! if (is_readable($sourcefile)) { $fd = fopen($sourcefile, "r"); $contents = fread($fd, filesize($sourcefile)); --- 357,363 ---- // function encode_file($sourcefile) { ! if (is_readable(phpbb_realpath($sourcefile))) { $fd = fopen($sourcefile, "r"); $contents = fread($fd, filesize($sourcefile)); diff -crN phpbb200/includes/functions.php phpbb2017/includes/functions.php *** phpbb200/includes/functions.php Sat Jul 10 20:16:13 2004 --- phpbb2017/includes/functions.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: functions.php,v 1.133 2002/04/02 14:02:27 psotfx Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: functions.php,v 1.133.2.35 2005/07/19 20:01:11 acydburn Exp $ * * ***************************************************************************/ *************** *** 74,87 **** return false; } ! function get_userdata($user) { global $db; $sql = "SELECT * FROM " . USERS_TABLE . " WHERE "; ! $sql .= ( ( is_integer($user) ) ? "user_id = $user" : "username = '" . str_replace("\'", "''", $user) . "'" ) . " AND user_id <> " . ANONYMOUS; if ( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, 'Tried obtaining data for a non-existent user', '', __LINE__, __FILE__, $sql); --- 74,135 ---- return false; } ! // added at phpBB 2.0.11 to properly format the username ! function phpbb_clean_username($username) ! { ! $username = substr(htmlspecialchars(str_replace("\'", "'", trim($username))), 0, 25); ! $username = phpbb_rtrim($username, "\\"); ! $username = str_replace("'", "\'", $username); ! ! return $username; ! } ! ! // added at phpBB 2.0.12 to fix a bug in PHP 4.3.10 (only supporting charlist in php >= 4.1.0) ! function phpbb_rtrim($str, $charlist = false) ! { ! if ($charlist === false) ! { ! return rtrim($str); ! } ! ! $php_version = explode('.', PHP_VERSION); ! ! // php version < 4.1.0 ! if ((int) $php_version[0] < 4 || ((int) $php_version[0] == 4 && (int) $php_version[1] < 1)) ! { ! while ($str{strlen($str)-1} == $charlist) ! { ! $str = substr($str, 0, strlen($str)-1); ! } ! } ! else ! { ! $str = rtrim($str, $charlist); ! } ! ! return $str; ! } ! ! // ! // Get Userdata, $user can be username or user_id. If force_str is true, the username will be forced. ! // ! function get_userdata($user, $force_str = false) { global $db; + if (!is_numeric($user) || $force_str) + { + $user = phpbb_clean_username($user); + } + else + { + $user = intval($user); + } + $sql = "SELECT * FROM " . USERS_TABLE . " WHERE "; ! $sql .= ( ( is_integer($user) ) ? "user_id = $user" : "username = '" . $user . "'" ) . " AND user_id <> " . ANONYMOUS; if ( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, 'Tried obtaining data for a non-existent user', '', __LINE__, __FILE__, $sql); *************** *** 92,98 **** function make_jumpbox($action, $match_forum_id = 0) { ! global $template, $lang, $db, $SID, $nav_links, $phpEx; $sql = "SELECT c.cat_id, c.cat_title, c.cat_order FROM " . CATEGORIES_TABLE . " c, " . FORUMS_TABLE . " f --- 140,148 ---- function make_jumpbox($action, $match_forum_id = 0) { ! global $template, $userdata, $lang, $db, $nav_links, $phpEx, $SID; ! ! // $is_auth = auth(AUTH_VIEW, AUTH_LIST_ALL, $userdata); $sql = "SELECT c.cat_id, c.cat_title, c.cat_order FROM " . CATEGORIES_TABLE . " c, " . FORUMS_TABLE . " f *************** *** 120,126 **** message_die(GENERAL_ERROR, 'Could not obtain forums information', '', __LINE__, __FILE__, $sql); } ! $boxstring = ''; $forum_rows = array(); while ( $row = $db->sql_fetchrow($result) ) *************** *** 137,142 **** --- 187,195 ---- { if ( $forum_rows[$j]['cat_id'] == $category_rows[$i]['cat_id'] && $forum_rows[$j]['auth_view'] <= AUTH_REG ) { + + // if ( $forum_rows[$j]['cat_id'] == $category_rows[$i]['cat_id'] && $is_auth[$forum_rows[$j]['forum_id']]['auth_view'] ) + // { $selected = ( $forum_rows[$j]['forum_id'] == $match_forum_id ) ? 'selected="selected"' : ''; $boxstring_forums .= ''; *************** *** 166,178 **** } else { ! $boxstring .= ''; } ! if ( isset($SID) ) ! { ! $boxstring .= ''; ! } $template->set_filenames(array( 'jumpbox' => 'jumpbox.tpl') --- 219,232 ---- } else { ! $boxstring .= ''; } ! // Let the jumpbox work again in sites having additional session id checks. ! // if ( !empty($SID) ) ! // { ! $boxstring .= ''; ! // } $template->set_filenames(array( 'jumpbox' => 'jumpbox.tpl') *************** *** 196,201 **** --- 250,256 ---- { global $board_config, $theme, $images; global $template, $lang, $phpEx, $phpbb_root_path; + global $nav_links; if ( $userdata['user_id'] != ANONYMOUS ) { *************** *** 215,221 **** } } ! if ( !file_exists($phpbb_root_path . 'language/lang_' . $board_config['default_lang'] . '/lang_main.'.$phpEx) ) { $board_config['default_lang'] = 'english'; } --- 270,276 ---- } } ! if ( !file_exists(@phpbb_realpath($phpbb_root_path . 'language/lang_' . $board_config['default_lang'] . '/lang_main.'.$phpEx)) ) { $board_config['default_lang'] = 'english'; } *************** *** 224,230 **** if ( defined('IN_ADMIN') ) { ! if( !file_exists($phpbb_root_path . 'language/lang_' . $board_config['default_lang'] . '/lang_admin.'.$phpEx) ) { $board_config['default_lang'] = 'english'; } --- 279,285 ---- if ( defined('IN_ADMIN') ) { ! if( !file_exists(@phpbb_realpath($phpbb_root_path . 'language/lang_' . $board_config['default_lang'] . '/lang_admin.'.$phpEx)) ) { $board_config['default_lang'] = 'english'; } *************** *** 248,253 **** --- 303,331 ---- $theme = setup_style($board_config['default_style']); + // + // Mozilla navigation bar + // Default items that should be valid on all pages. + // Defined here to correctly assign the Language Variables + // and be able to change the variables within code. + // + $nav_links['top'] = array ( + 'url' => append_sid($phpbb_root_path . 'index.' . $phpEx), + 'title' => sprintf($lang['Forum_Index'], $board_config['sitename']) + ); + $nav_links['search'] = array ( + 'url' => append_sid($phpbb_root_path . 'search.' . $phpEx), + 'title' => $lang['Search'] + ); + $nav_links['help'] = array ( + 'url' => append_sid($phpbb_root_path . 'faq.' . $phpEx), + 'title' => $lang['FAQ'] + ); + $nav_links['author'] = array ( + 'url' => append_sid($phpbb_root_path . 'memberlist.' . $phpEx), + 'title' => $lang['Memberlist'] + ); + return; } *************** *** 271,277 **** $template_path = 'templates/' ; $template_name = $row['template_name'] ; ! $template = new Template($phpbb_root_path . $template_path . $template_name, $board_config, $db); if ( $template ) { --- 349,355 ---- $template_path = 'templates/' ; $template_name = $row['template_name'] ; ! $template = new Template($phpbb_root_path . $template_path . $template_name); if ( $template ) { *************** *** 283,289 **** message_die(CRITICAL_ERROR, "Could not open $template_name template config file", '', __LINE__, __FILE__); } ! $img_lang = ( file_exists($current_template_path . '/images/lang_' . $board_config['default_lang']) ) ? $board_config['default_lang'] : 'english'; while( list($key, $value) = @each($images) ) { --- 361,367 ---- message_die(CRITICAL_ERROR, "Could not open $template_name template config file", '', __LINE__, __FILE__); } ! $img_lang = ( file_exists(@phpbb_realpath($phpbb_root_path . $current_template_path . '/images/lang_' . $board_config['default_lang'])) ) ? $board_config['default_lang'] : 'english'; while( list($key, $value) = @each($images) ) { *************** *** 491,500 **** // function message_die($msg_code, $msg_text = '', $msg_title = '', $err_line = '', $err_file = '', $sql = '') { ! global $db, $template, $board_config, $theme, $lang, $phpEx, $phpbb_root_path, $nav_links; global $userdata, $user_ip, $session_length; global $starttime; $sql_store = $sql; // --- 569,586 ---- // function message_die($msg_code, $msg_text = '', $msg_title = '', $err_line = '', $err_file = '', $sql = '') { ! global $db, $template, $board_config, $theme, $lang, $phpEx, $phpbb_root_path, $nav_links, $gen_simple_header, $images; global $userdata, $user_ip, $session_length; global $starttime; + if(defined('HAS_DIED')) + { + die("message_die() was called multiple times. This isn't supposed to happen. Was message_die() used in page_tail.php?"); + } + + define('HAS_DIED', 1); + + $sql_store = $sql; // *************** *** 519,525 **** if ( $err_line != '' && $err_file != '' ) { ! $debug_text .= '

Line : ' . $err_line . '
File : ' . $err_file; } } --- 605,611 ---- if ( $err_line != '' && $err_file != '' ) { ! $debug_text .= '

Line : ' . $err_line . '
File : ' . basename($err_file); } } *************** *** 594,599 **** --- 680,686 ---- { $msg_title = $lang['General_Error']; } + break; case CRITICAL_ERROR: // *************** *** 667,672 **** --- 754,806 ---- echo "\n\n" . $msg_title . "\n

\n" . $msg_text . "\n"; } + exit; + } + + // + // This function is for compatibility with PHP 4.x's realpath() + // function. In later versions of PHP, it needs to be called + // to do checks with some functions. Older versions of PHP don't + // seem to need this, so we'll just return the original value. + // dougk_ff7 + function phpbb_realpath($path) + { + global $phpbb_root_path, $phpEx; + + return (!@function_exists('realpath') || !@realpath($phpbb_root_path . 'includes/functions.'.$phpEx)) ? $path : @realpath($path); + } + + function redirect($url) + { + global $db, $board_config; + + if (!empty($db)) + { + $db->sql_close(); + } + + if (strstr(urldecode($url), "\n") || strstr(urldecode($url), "\r")) + { + message_die(GENERAL_ERROR, 'Tried to redirect to potentially insecure url.'); + } + + $server_protocol = ($board_config['cookie_secure']) ? 'https://' : 'http://'; + $server_name = preg_replace('#^\/?(.*?)\/?$#', '\1', trim($board_config['server_name'])); + $server_port = ($board_config['server_port'] <> 80) ? ':' . trim($board_config['server_port']) : ''; + $script_name = preg_replace('#^\/?(.*?)\/?$#', '\1', trim($board_config['script_path'])); + $script_name = ($script_name == '') ? $script_name : '/' . $script_name; + $url = preg_replace('#^\/?(.*?)\/?$#', '/\1', trim($url)); + + // Redirect via an HTML form for PITA webservers + if (@preg_match('/Microsoft|WebSTAR|Xitami/', getenv('SERVER_SOFTWARE'))) + { + header('Refresh: 0; URL=' . $server_protocol . $server_name . $server_port . $script_name . $url); + echo 'Redirect
If your browser does not support meta redirection please click HERE to be redirected
'; + exit; + } + + // Behave as per HTTP/1.1 spec for others + header('Location: ' . $server_protocol . $server_name . $server_port . $script_name . $url); exit; } diff -crN phpbb200/includes/functions_admin.php phpbb2017/includes/functions_admin.php *** phpbb200/includes/functions_admin.php Sat Jul 10 20:16:13 2004 --- phpbb2017/includes/functions_admin.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: functions_admin.php,v 1.5 2002/04/02 14:53:40 psotfx Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: functions_admin.php,v 1.5.2.3 2002/07/19 17:03:47 psotfx Exp $ * * ***************************************************************************/ *************** *** 24,30 **** // // Simple version of jumpbox, just lists authed forums // ! function make_forum_select($box_name, $ignore_forum = false) { global $db, $userdata; --- 24,30 ---- // // Simple version of jumpbox, just lists authed forums // ! function make_forum_select($box_name, $ignore_forum = false, $select_forum = '') { global $db, $userdata; *************** *** 43,49 **** { if ( $is_auth_ary[$row['forum_id']]['auth_read'] && $ignore_forum != $row['forum_id'] ) { ! $forum_list .= ''; } } --- 43,50 ---- { if ( $is_auth_ary[$row['forum_id']]['auth_read'] && $ignore_forum != $row['forum_id'] ) { ! $selected = ( $select_forum == $row['forum_id'] ) ? ' selected="selected"' : ''; ! $forum_list .= ''; } } *************** *** 55,61 **** // // Synchronise functions for forums/topics // ! function sync($type, $id) { global $db; --- 56,62 ---- // // Synchronise functions for forums/topics // ! function sync($type, $id = false) { global $db; *************** *** 64,70 **** case 'all forums': $sql = "SELECT forum_id FROM " . FORUMS_TABLE; ! if ( !$result = $db->sql_query($sql) ) { message_die(GENERAL_ERROR, 'Could not get forum IDs', '', __LINE__, __FILE__, $sql); } --- 65,71 ---- case 'all forums': $sql = "SELECT forum_id FROM " . FORUMS_TABLE; ! if ( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, 'Could not get forum IDs', '', __LINE__, __FILE__, $sql); } *************** *** 78,84 **** case 'all topics': $sql = "SELECT topic_id FROM " . TOPICS_TABLE; ! if ( !$result = $db->sql_query($sql) ) { message_die(GENERAL_ERROR, 'Could not get topic ID', '', __LINE__, __FILE__, $sql); } --- 79,85 ---- case 'all topics': $sql = "SELECT topic_id FROM " . TOPICS_TABLE; ! if ( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, 'Could not get topic ID', '', __LINE__, __FILE__, $sql); } *************** *** 90,101 **** break; case 'forum': ! $sql = "SELECT MAX(p.post_id) AS last_post, COUNT(p.post_id) AS total ! FROM " . POSTS_TABLE . " p, " . TOPICS_TABLE . " t ! WHERE p.forum_id = $id ! AND t.topic_id = p.topic_id ! AND t.topic_status <> " . TOPIC_MOVED; ! if ( !$result = $db->sql_query($sql) ) { message_die(GENERAL_ERROR, 'Could not get post ID', '', __LINE__, __FILE__, $sql); } --- 91,100 ---- break; case 'forum': ! $sql = "SELECT MAX(post_id) AS last_post, COUNT(post_id) AS total ! FROM " . POSTS_TABLE . " ! WHERE forum_id = $id"; ! if ( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, 'Could not get post ID', '', __LINE__, __FILE__, $sql); } *************** *** 113,121 **** $sql = "SELECT COUNT(topic_id) AS total FROM " . TOPICS_TABLE . " ! WHERE forum_id = $id ! AND topic_status <> " . TOPIC_MOVED; ! if ( !$result = $db->sql_query($sql) ) { message_die(GENERAL_ERROR, 'Could not get topic count', '', __LINE__, __FILE__, $sql); } --- 112,119 ---- $sql = "SELECT COUNT(topic_id) AS total FROM " . TOPICS_TABLE . " ! WHERE forum_id = $id"; ! if ( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, 'Could not get topic count', '', __LINE__, __FILE__, $sql); } *************** *** 135,156 **** $sql = "SELECT MAX(post_id) AS last_post, MIN(post_id) AS first_post, COUNT(post_id) AS total_posts FROM " . POSTS_TABLE . " WHERE topic_id = $id"; ! if ( !$result = $db->sql_query($sql) ) { message_die(GENERAL_ERROR, 'Could not get post ID', '', __LINE__, __FILE__, $sql); } if ( $row = $db->sql_fetchrow($result) ) { ! $sql = "UPDATE " . TOPICS_TABLE . " ! SET topic_replies = " . ( $row['total_posts'] - 1 ) . ", topic_first_post_id = " . $row['first_post'] . ", topic_last_post_id = " . $row['last_post'] . " ! WHERE topic_id = $id"; if ( !$db->sql_query($sql) ) { message_die(GENERAL_ERROR, 'Could not update topic', '', __LINE__, __FILE__, $sql); } } - break; } --- 133,151 ---- $sql = "SELECT MAX(post_id) AS last_post, MIN(post_id) AS first_post, COUNT(post_id) AS total_posts FROM " . POSTS_TABLE . " WHERE topic_id = $id"; ! if ( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, 'Could not get post ID', '', __LINE__, __FILE__, $sql); } if ( $row = $db->sql_fetchrow($result) ) { ! $sql = ( $row['total_posts'] ) ? "UPDATE " . TOPICS_TABLE . " SET topic_replies = " . ( $row['total_posts'] - 1 ) . ", topic_first_post_id = " . $row['first_post'] . ", topic_last_post_id = " . $row['last_post'] . " WHERE topic_id = $id" : "DELETE FROM " . TOPICS_TABLE . " WHERE topic_id = $id"; if ( !$db->sql_query($sql) ) { message_die(GENERAL_ERROR, 'Could not update topic', '', __LINE__, __FILE__, $sql); } } break; } diff -crN phpbb200/includes/functions_post.php phpbb2017/includes/functions_post.php *** phpbb200/includes/functions_post.php Sat Jul 10 20:16:13 2004 --- phpbb2017/includes/functions_post.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: functions_post.php,v 1.9 2002/04/03 14:38:56 psotfx Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: functions_post.php,v 1.9.2.37 2004/11/18 17:49:44 acydburn Exp $ * * ***************************************************************************/ *************** *** 20,31 **** * ***************************************************************************/ ! if ( !defined('IN_PHPBB') ) { ! die("Hacking attempt"); } ! $html_entities_match = array('#&#', '#<#', '#>#'); $html_entities_replace = array('&', '<', '>'); $unhtml_specialchars_match = array('#>#', '#<#', '#"#', '#&#'); --- 20,31 ---- * ***************************************************************************/ ! if (!defined('IN_PHPBB')) { ! die('Hacking attempt'); } ! $html_entities_match = array('#&(?!(\#[0-9]+;))#', '#<#', '#>#'); $html_entities_replace = array('&', '<', '>'); $unhtml_specialchars_match = array('#>#', '#<#', '#"#', '#&#'); *************** *** 37,52 **** // function prepare_message($message, $html_on, $bbcode_on, $smile_on, $bbcode_uid = 0) { ! global $board_config; ! global $html_entities_match, $html_entities_replace; ! global $code_entities_match, $code_entities_replace; // // Clean up the message // $message = trim($message); ! if ( $html_on ) { $allowed_html_tags = split(',', $board_config['allow_html_tags']); --- 37,50 ---- // function prepare_message($message, $html_on, $bbcode_on, $smile_on, $bbcode_uid = 0) { ! global $board_config, $html_entities_match, $html_entities_replace; // // Clean up the message // $message = trim($message); ! if ($html_on) { $allowed_html_tags = split(',', $board_config['allow_html_tags']); *************** *** 55,87 **** $tmp_message = ''; $message = ' ' . $message . ' '; ! while ( $start_html = strpos($message, '<', $start_html) ) { ! $tmp_message .= preg_replace($html_entities_match, $html_entities_replace, substr($message, $end_html + 1, ( $start_html - $end_html - 1 ))); ! if ( $end_html = strpos($message, '>', $start_html) ) { $length = $end_html - $start_html + 1; $hold_string = substr($message, $start_html, $length); ! if ( ( $unclosed_open = strrpos(' ' . $hold_string, '<') ) != 1 ) { $tmp_message .= preg_replace($html_entities_match, $html_entities_replace, substr($hold_string, 0, $unclosed_open - 1)); $hold_string = substr($hold_string, $unclosed_open - 1); } $tagallowed = false; ! for($i = 0; $i < sizeof($allowed_html_tags); $i++) { $match_tag = trim($allowed_html_tags[$i]); ! ! if ( preg_match('/^<\/?' . $match_tag . '\b/i', $hold_string) ) { ! $tagallowed = true; } } ! $tmp_message .= ( $length && !$tagallowed ) ? preg_replace($html_entities_match, $html_entities_replace, $hold_string) : $hold_string; $start_html += $length; } --- 53,84 ---- $tmp_message = ''; $message = ' ' . $message . ' '; ! while ($start_html = strpos($message, '<', $start_html)) { ! $tmp_message .= preg_replace($html_entities_match, $html_entities_replace, substr($message, $end_html + 1, ($start_html - $end_html - 1))); ! if ($end_html = strpos($message, '>', $start_html)) { $length = $end_html - $start_html + 1; $hold_string = substr($message, $start_html, $length); ! if (($unclosed_open = strrpos(' ' . $hold_string, '<')) != 1) { $tmp_message .= preg_replace($html_entities_match, $html_entities_replace, substr($hold_string, 0, $unclosed_open - 1)); $hold_string = substr($hold_string, $unclosed_open - 1); } $tagallowed = false; ! for ($i = 0; $i < sizeof($allowed_html_tags); $i++) { $match_tag = trim($allowed_html_tags[$i]); ! if (preg_match('#^<\/?' . $match_tag . '[> ]#i', $hold_string)) { ! $tagallowed = (preg_match('#^<\/?' . $match_tag . ' .*?(style[\t ]*?=|on[\w]+[\t ]*?=)#i', $hold_string)) ? false : true; } } ! $tmp_message .= ($length && !$tagallowed) ? preg_replace($html_entities_match, $html_entities_replace, $hold_string) : $hold_string; $start_html += $length; } *************** *** 94,130 **** } } ! if ( $end_html != strlen($message) && $tmp_message != '' ) { $tmp_message .= preg_replace($html_entities_match, $html_entities_replace, substr($message, $end_html + 1)); } ! $message = ( $tmp_message != '' ) ? trim($tmp_message) : trim($message); } else { $message = preg_replace($html_entities_match, $html_entities_replace, $message); } ! if( $bbcode_on && $bbcode_uid != '' ) { - $tmp_message = $message; - if ( ($match_count = preg_match_all('#^(.*?)\[code\](.*?)\[\/code\](.*?)$#is', $tmp_message, $match)) ) - { - $code_entities_match = array('#<#', '#>#', '#"#', '#:#', '#\[#', '#\]#', '#\(#', '#\)#', '#\{#', '#\}#'); - $code_entities_replace = array('<', '>', '"', ':', '[', ']', '(', ')', '{', '}'); - - $message = ''; - - for($i = 0; $i < $match_count; $i++) - { - $message .= $match[1][$i] . '[code]' . preg_replace($code_entities_match, $code_entities_replace, $match[2][$i]) . '[/code]'; - $tmp_message = $match[3][$i]; - } - - $message .= $tmp_message; - } - $message = bbencode_first_pass($message, $bbcode_uid); } --- 91,110 ---- } } ! if (!$end_html || ($end_html != strlen($message) && $tmp_message != '')) { $tmp_message .= preg_replace($html_entities_match, $html_entities_replace, substr($message, $end_html + 1)); } ! $message = ($tmp_message != '') ? trim($tmp_message) : trim($message); } else { $message = preg_replace($html_entities_match, $html_entities_replace, $message); } ! if($bbcode_on && $bbcode_uid != '') { $message = bbencode_first_pass($message, $bbcode_uid); } *************** *** 146,224 **** global $board_config, $userdata, $lang, $phpEx, $phpbb_root_path; // Check username ! if ( !empty($username) ) { ! $username = htmlspecialchars(trim(strip_tags($username))); ! if ( !$userdata['session_logged_in'] || ( $userdata['session_logged_in'] && $username != $userdata['username'] ) ) { include($phpbb_root_path . 'includes/functions_validate.'.$phpEx); $result = validate_username($username); ! if ( $result['error'] ) { ! $error_msg .= ( !empty($error_msg) ) ? '
' . $result['error_msg'] : $result['error_msg']; } } } // Check subject ! if ( !empty($subject) ) { $subject = htmlspecialchars(trim($subject)); } ! else if ( $mode == 'newtopic' || ( $mode == 'editpost' && $post_data['first_post'] ) ) { ! $error_msg .= ( !empty($error_msg) ) ? '
' . $lang['Empty_subject'] : $lang['Empty_subject']; } // Check message ! if ( !empty($message) ) { ! $bbcode_uid = ( $bbcode_on ) ? make_bbcode_uid() : ''; $message = prepare_message(trim($message), $html_on, $bbcode_on, $smilies_on, $bbcode_uid); } ! else if ( $mode != 'delete' && $mode != 'polldelete' ) { ! $error_msg .= ( !empty($error_msg) ) ? '
' . $lang['Empty_message'] : $lang['Empty_message']; } // // Handle poll stuff // ! if ( $mode == 'newtopic' || ( $mode == 'editpost' && $post_data['first_post'] ) ) { ! $poll_length = ( isset($poll_length) ) ? max(0, intval($poll_length)) : 0; ! if ( !empty($poll_title) ) { $poll_title = htmlspecialchars(trim($poll_title)); } ! if( !empty($poll_options) ) { $temp_option_text = array(); ! while( list($option_id, $option_text) = @each($poll_options) ) { $option_text = trim($option_text); ! if ( !empty($option_text) ) { $temp_option_text[$option_id] = htmlspecialchars($option_text); } } $option_text = $temp_option_text; ! if ( count($poll_options) < 2 ) { ! $error_msg .= ( !empty($error_msg) ) ? '
' . $lang['To_few_poll_options'] : $lang['To_few_poll_options']; } ! else if ( count($poll_options) > $board_config['max_poll_options'] ) { ! $error_msg .= ( !empty($error_msg) ) ? '
' . $lang['To_many_poll_options'] : $lang['To_many_poll_options']; } ! else if ( $poll_title == '' ) { ! $error_msg .= ( !empty($error_msg) ) ? '
' . $lang['Empty_poll_title'] : $lang['Empty_poll_title']; } } } --- 126,208 ---- global $board_config, $userdata, $lang, $phpEx, $phpbb_root_path; // Check username ! if (!empty($username)) { ! $username = phpbb_clean_username($username); ! if (!$userdata['session_logged_in'] || ($userdata['session_logged_in'] && $username != $userdata['username'])) { include($phpbb_root_path . 'includes/functions_validate.'.$phpEx); $result = validate_username($username); ! if ($result['error']) { ! $error_msg .= (!empty($error_msg)) ? '
' . $result['error_msg'] : $result['error_msg']; } } + else + { + $username = ''; + } } // Check subject ! if (!empty($subject)) { $subject = htmlspecialchars(trim($subject)); } ! else if ($mode == 'newtopic' || ($mode == 'editpost' && $post_data['first_post'])) { ! $error_msg .= (!empty($error_msg)) ? '
' . $lang['Empty_subject'] : $lang['Empty_subject']; } // Check message ! if (!empty($message)) { ! $bbcode_uid = ($bbcode_on) ? make_bbcode_uid() : ''; $message = prepare_message(trim($message), $html_on, $bbcode_on, $smilies_on, $bbcode_uid); } ! else if ($mode != 'delete' && $mode != 'poll_delete') { ! $error_msg .= (!empty($error_msg)) ? '
' . $lang['Empty_message'] : $lang['Empty_message']; } // // Handle poll stuff // ! if ($mode == 'newtopic' || ($mode == 'editpost' && $post_data['first_post'])) { ! $poll_length = (isset($poll_length)) ? max(0, intval($poll_length)) : 0; ! if (!empty($poll_title)) { $poll_title = htmlspecialchars(trim($poll_title)); } ! if(!empty($poll_options)) { $temp_option_text = array(); ! while(list($option_id, $option_text) = @each($poll_options)) { $option_text = trim($option_text); ! if (!empty($option_text)) { $temp_option_text[$option_id] = htmlspecialchars($option_text); } } $option_text = $temp_option_text; ! if (count($poll_options) < 2) { ! $error_msg .= (!empty($error_msg)) ? '
' . $lang['To_few_poll_options'] : $lang['To_few_poll_options']; } ! else if (count($poll_options) > $board_config['max_poll_options']) { ! $error_msg .= (!empty($error_msg)) ? '
' . $lang['To_many_poll_options'] : $lang['To_many_poll_options']; } ! else if ($poll_title == '') { ! $error_msg .= (!empty($error_msg)) ? '
' . $lang['Empty_poll_title'] : $lang['Empty_poll_title']; } } } *************** *** 238,334 **** $current_time = time(); ! if ( $mode == 'newtopic' || $mode == 'reply' ) { // // Flood control // ! $where_sql = ( $userdata['user_id'] == ANONYMOUS ) ? "poster_ip = '$user_ip'" : 'poster_id = ' . $userdata['user_id']; $sql = "SELECT MAX(post_time) AS last_post_time FROM " . POSTS_TABLE . " WHERE $where_sql"; ! if ( $result = $db->sql_query($sql) ) { ! if( $row = $db->sql_fetchrow($result) ) { ! if ( $row['last_post_time'] > 0 && ( $current_time - $row['last_post_time'] ) < $board_config['flood_interval'] ) { message_die(GENERAL_MESSAGE, $lang['Flood_Error']); } } } } ! else if ( $mode == 'editpost' ) { remove_search_post($post_id); } ! if ( $mode == 'newtopic' || ( $mode == 'editpost' && $post_data['first_post'] ) ) { ! $topic_vote = ( !empty($poll_title) && count($poll_options) >= 2 ) ? 1 : 0; ! $sql = ( $mode != "editpost" ) ? "INSERT INTO " . TOPICS_TABLE . " (topic_title, topic_poster, topic_time, forum_id, topic_status, topic_type, topic_vote) VALUES ('$post_subject', " . $userdata['user_id'] . ", $current_time, $forum_id, " . TOPIC_UNLOCKED . ", $topic_type, $topic_vote)" : "UPDATE " . TOPICS_TABLE . " SET topic_title = '$post_subject', topic_type = $topic_type, topic_vote = $topic_vote WHERE topic_id = $topic_id"; ! if ( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql); } ! if( $mode == 'newtopic' ) { $topic_id = $db->sql_nextid(); } } ! $edited_sql = ( $mode == 'editpost' && !$post_data['last_post'] && $post_data['poster_post'] ) ? ", post_edit_time = $current_time, post_edit_count = post_edit_count + 1 " : ""; ! $sql = ( $mode != "editpost" ) ? "INSERT INTO " . POSTS_TABLE . " (topic_id, forum_id, poster_id, post_username, post_time, poster_ip, enable_bbcode, enable_html, enable_smilies, enable_sig) VALUES ($topic_id, $forum_id, " . $userdata['user_id'] . ", '$post_username', $current_time, '$user_ip', $bbcode_on, $html_on, $smilies_on, $attach_sig)" : "UPDATE " . POSTS_TABLE . " SET enable_bbcode = $bbcode_on, enable_html = $html_on, enable_smilies = $smilies_on, enable_sig = $attach_sig" . $edited_sql . " WHERE post_id = $post_id"; ! if ( !($result = $db->sql_query($sql, BEGIN_TRANSACTION)) ) { message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql); } ! if( $mode != 'editpost' ) { $post_id = $db->sql_nextid(); } ! $sql = ( $mode != 'editpost' ) ? "INSERT INTO " . POSTS_TEXT_TABLE . " (post_id, post_subject, bbcode_uid, post_text) VALUES ($post_id, '$post_subject', '$bbcode_uid', '$post_message')" : "UPDATE " . POSTS_TEXT_TABLE . " SET post_text = '$post_message', bbcode_uid = '$bbcode_uid', post_subject = '$post_subject' WHERE post_id = $post_id"; ! if ( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql); } ! add_search_words($post_id, stripslashes($post_message), stripslashes($post_subject)); // // Add poll // ! if ( ( $mode == 'newtopic' || $mode == 'editpost' ) && !empty($poll_title) && count($poll_options) >= 2 ) { ! $sql = ( !$post_data['has_poll'] ) ? "INSERT INTO " . VOTE_DESC_TABLE . " (topic_id, vote_text, vote_start, vote_length) VALUES ($topic_id, '$poll_title', $current_time, " . ( $poll_length * 86400 ) . ")" : "UPDATE " . VOTE_DESC_TABLE . " SET vote_text = '$poll_title', vote_length = " . ( $poll_length * 86400 ) . " WHERE topic_id = $topic_id"; ! if ( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql); } $delete_option_sql = ''; $old_poll_result = array(); ! if ( $mode == 'editpost' && $post_data['has_poll'] ) { $sql = "SELECT vote_option_id, vote_result FROM " . VOTE_RESULTS_TABLE . " WHERE vote_id = $poll_id ORDER BY vote_option_id ASC"; ! if ( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, 'Could not obtain vote data results for this topic', '', __LINE__, __FILE__, $sql); } ! while ( $row = $db->sql_fetchrow($result) ) { $old_poll_result[$row['vote_option_id']] = $row['vote_result']; ! if( !isset($poll_options[$row['vote_option_id']]) ) { ! $delete_option_sql .= ( $delete_option_sql != '' ) ? ', ' . $row['vote_option_id'] : $row['vote_option_id']; } } } --- 222,320 ---- $current_time = time(); ! if ($mode == 'newtopic' || $mode == 'reply' || $mode == 'editpost') { // // Flood control // ! $where_sql = ($userdata['user_id'] == ANONYMOUS) ? "poster_ip = '$user_ip'" : 'poster_id = ' . $userdata['user_id']; $sql = "SELECT MAX(post_time) AS last_post_time FROM " . POSTS_TABLE . " WHERE $where_sql"; ! if ($result = $db->sql_query($sql)) { ! if ($row = $db->sql_fetchrow($result)) { ! if (intval($row['last_post_time']) > 0 && ($current_time - intval($row['last_post_time'])) < intval($board_config['flood_interval'])) { message_die(GENERAL_MESSAGE, $lang['Flood_Error']); } } } } ! ! if ($mode == 'editpost') { remove_search_post($post_id); } ! if ($mode == 'newtopic' || ($mode == 'editpost' && $post_data['first_post'])) { ! $topic_vote = (!empty($poll_title) && count($poll_options) >= 2) ? 1 : 0; ! ! $sql = ($mode != "editpost") ? "INSERT INTO " . TOPICS_TABLE . " (topic_title, topic_poster, topic_time, forum_id, topic_status, topic_type, topic_vote) VALUES ('$post_subject', " . $userdata['user_id'] . ", $current_time, $forum_id, " . TOPIC_UNLOCKED . ", $topic_type, $topic_vote)" : "UPDATE " . TOPICS_TABLE . " SET topic_title = '$post_subject', topic_type = $topic_type " . (($post_data['edit_vote'] || !empty($poll_title)) ? ", topic_vote = " . $topic_vote : "") . " WHERE topic_id = $topic_id"; ! if (!$db->sql_query($sql)) { message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql); } ! if ($mode == 'newtopic') { $topic_id = $db->sql_nextid(); } } ! $edited_sql = ($mode == 'editpost' && !$post_data['last_post'] && $post_data['poster_post']) ? ", post_edit_time = $current_time, post_edit_count = post_edit_count + 1 " : ""; ! $sql = ($mode != "editpost") ? "INSERT INTO " . POSTS_TABLE . " (topic_id, forum_id, poster_id, post_username, post_time, poster_ip, enable_bbcode, enable_html, enable_smilies, enable_sig) VALUES ($topic_id, $forum_id, " . $userdata['user_id'] . ", '$post_username', $current_time, '$user_ip', $bbcode_on, $html_on, $smilies_on, $attach_sig)" : "UPDATE " . POSTS_TABLE . " SET post_username = '$post_username', enable_bbcode = $bbcode_on, enable_html = $html_on, enable_smilies = $smilies_on, enable_sig = $attach_sig" . $edited_sql . " WHERE post_id = $post_id"; ! if (!$db->sql_query($sql, BEGIN_TRANSACTION)) { message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql); } ! if ($mode != 'editpost') { $post_id = $db->sql_nextid(); } ! $sql = ($mode != 'editpost') ? "INSERT INTO " . POSTS_TEXT_TABLE . " (post_id, post_subject, bbcode_uid, post_text) VALUES ($post_id, '$post_subject', '$bbcode_uid', '$post_message')" : "UPDATE " . POSTS_TEXT_TABLE . " SET post_text = '$post_message', bbcode_uid = '$bbcode_uid', post_subject = '$post_subject' WHERE post_id = $post_id"; ! if (!$db->sql_query($sql)) { message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql); } ! add_search_words('single', $post_id, stripslashes($post_message), stripslashes($post_subject)); // // Add poll // ! if (($mode == 'newtopic' || ($mode == 'editpost' && $post_data['edit_poll'])) && !empty($poll_title) && count($poll_options) >= 2) { ! $sql = (!$post_data['has_poll']) ? "INSERT INTO " . VOTE_DESC_TABLE . " (topic_id, vote_text, vote_start, vote_length) VALUES ($topic_id, '$poll_title', $current_time, " . ($poll_length * 86400) . ")" : "UPDATE " . VOTE_DESC_TABLE . " SET vote_text = '$poll_title', vote_length = " . ($poll_length * 86400) . " WHERE topic_id = $topic_id"; ! if (!$db->sql_query($sql)) { message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql); } $delete_option_sql = ''; $old_poll_result = array(); ! if ($mode == 'editpost' && $post_data['has_poll']) { $sql = "SELECT vote_option_id, vote_result FROM " . VOTE_RESULTS_TABLE . " WHERE vote_id = $poll_id ORDER BY vote_option_id ASC"; ! if (!($result = $db->sql_query($sql))) { message_die(GENERAL_ERROR, 'Could not obtain vote data results for this topic', '', __LINE__, __FILE__, $sql); } ! while ($row = $db->sql_fetchrow($result)) { $old_poll_result[$row['vote_option_id']] = $row['vote_result']; ! if (!isset($poll_options[$row['vote_option_id']])) { ! $delete_option_sql .= ($delete_option_sql != '') ? ', ' . $row['vote_option_id'] : $row['vote_option_id']; } } } *************** *** 340,354 **** @reset($poll_options); $poll_option_id = 1; ! while ( list($option_id, $option_text) = each($poll_options) ) { ! if( !empty($option_text) ) { ! $option_text = str_replace("\'", "''", $option_text); ! $poll_result = ( $mode == "editpost" && isset($old_poll_result[$option_id]) ) ? $old_poll_result[$option_id] : 0; ! $sql = ( $mode != "editpost" || !isset($old_poll_result[$option_id]) ) ? "INSERT INTO " . VOTE_RESULTS_TABLE . " (vote_id, vote_option_id, vote_option_text, vote_result) VALUES ($poll_id, $poll_option_id, '$option_text', $poll_result)" : "UPDATE " . VOTE_RESULTS_TABLE . " SET vote_option_text = '$option_text', vote_result = $poll_result WHERE vote_option_id = $option_id AND vote_id = $poll_id"; ! if ( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql); } --- 326,340 ---- @reset($poll_options); $poll_option_id = 1; ! while (list($option_id, $option_text) = each($poll_options)) { ! if (!empty($option_text)) { ! $option_text = str_replace("\'", "''", htmlspecialchars($option_text)); ! $poll_result = ($mode == "editpost" && isset($old_poll_result[$option_id])) ? $old_poll_result[$option_id] : 0; ! $sql = ($mode != "editpost" || !isset($old_poll_result[$option_id])) ? "INSERT INTO " . VOTE_RESULTS_TABLE . " (vote_id, vote_option_id, vote_option_text, vote_result) VALUES ($poll_id, $poll_option_id, '$option_text', $poll_result)" : "UPDATE " . VOTE_RESULTS_TABLE . " SET vote_option_text = '$option_text', vote_result = $poll_result WHERE vote_option_id = $option_id AND vote_id = $poll_id"; ! if (!$db->sql_query($sql)) { message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql); } *************** *** 356,366 **** } } ! if( $delete_option_sql != '' ) { $sql = "DELETE FROM " . VOTE_RESULTS_TABLE . " ! WHERE vote_option_id IN ($delete_option_sql)"; ! if ( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, 'Error deleting pruned poll options', '', __LINE__, __FILE__, $sql); } --- 342,353 ---- } } ! if ($delete_option_sql != '') { $sql = "DELETE FROM " . VOTE_RESULTS_TABLE . " ! WHERE vote_option_id IN ($delete_option_sql) ! AND vote_id = $poll_id"; ! if (!$db->sql_query($sql)) { message_die(GENERAL_ERROR, 'Error deleting pruned poll options', '', __LINE__, __FILE__, $sql); } *************** *** 380,452 **** { global $db; ! $sign = ( $mode == 'delete' ) ? "- 1" : "+ 1"; $forum_update_sql = "forum_posts = forum_posts $sign"; $topic_update_sql = ''; ! if ( $mode == 'delete' ) { ! if ( $post_data['last_post'] ) { ! if ( $post_data['first_post'] ) { $forum_update_sql .= ', forum_topics = forum_topics - 1'; } else { ! $topic_update_sql = "topic_replies = topic_replies - 1"; ! $sql = "SELECT MAX(post_id) AS post_id FROM " . POSTS_TABLE . " WHERE topic_id = $topic_id"; ! if ( !($db->sql_query($sql)) ) { message_die(GENERAL_ERROR, 'Error in deleting post', '', __LINE__, __FILE__, $sql); } ! if ( $row = $db->sql_fetchrow($result) ) { ! $topic_update_sql .= ', topic_last_post_id = ' . $row['post_id']; } } ! if ( $post_data['last_topic'] ) { ! $sql = "SELECT MAX(post_id) AS post_id FROM " . POSTS_TABLE . " WHERE forum_id = $forum_id"; ! if ( !($db->sql_query($sql)) ) { message_die(GENERAL_ERROR, 'Error in deleting post', '', __LINE__, __FILE__, $sql); } ! if ( $row = $db->sql_fetchrow($result) ) { ! $forum_update_sql .= ( $row['post_id'] ) ? ', forum_last_post_id = ' . $row['post_id'] : ', forum_last_post_id = 0'; } } } ! else if ( $post_data['first_post'] ) { ! $sql = "SELECT MIN(post_id) AS post_id FROM " . POSTS_TABLE . " WHERE topic_id = $topic_id"; ! if ( !($db->sql_query($sql)) ) { message_die(GENERAL_ERROR, 'Error in deleting post', '', __LINE__, __FILE__, $sql); } ! if ( $row = $db->sql_fetchrow($result) ) { ! $topic_update_sql = 'topic_replies = topic_replies - 1, topic_first_post_id = ' . $row['post_id']; } } } ! else if ( $mode != 'poll_delete' ) { ! $forum_update_sql .= ", forum_last_post_id = $post_id" . ( ( $mode == 'newtopic' ) ? ", forum_topics = forum_topics $sign" : "" ); ! $topic_update_sql = "topic_last_post_id = $post_id" . ( ( $mode == 'reply' ) ? ", topic_replies = topic_replies $sign" : ", topic_first_post_id = $post_id" ); } else { --- 367,443 ---- { global $db; ! $sign = ($mode == 'delete') ? '- 1' : '+ 1'; $forum_update_sql = "forum_posts = forum_posts $sign"; $topic_update_sql = ''; ! if ($mode == 'delete') { ! if ($post_data['last_post']) { ! if ($post_data['first_post']) { $forum_update_sql .= ', forum_topics = forum_topics - 1'; } else { ! $topic_update_sql .= 'topic_replies = topic_replies - 1'; ! $sql = "SELECT MAX(post_id) AS last_post_id FROM " . POSTS_TABLE . " WHERE topic_id = $topic_id"; ! if (!($result = $db->sql_query($sql))) { message_die(GENERAL_ERROR, 'Error in deleting post', '', __LINE__, __FILE__, $sql); } ! if ($row = $db->sql_fetchrow($result)) { ! $topic_update_sql .= ', topic_last_post_id = ' . $row['last_post_id']; } } ! if ($post_data['last_topic']) { ! $sql = "SELECT MAX(post_id) AS last_post_id FROM " . POSTS_TABLE . " WHERE forum_id = $forum_id"; ! if (!($result = $db->sql_query($sql))) { message_die(GENERAL_ERROR, 'Error in deleting post', '', __LINE__, __FILE__, $sql); } ! if ($row = $db->sql_fetchrow($result)) { ! $forum_update_sql .= ($row['last_post_id']) ? ', forum_last_post_id = ' . $row['last_post_id'] : ', forum_last_post_id = 0'; } } } ! else if ($post_data['first_post']) { ! $sql = "SELECT MIN(post_id) AS first_post_id FROM " . POSTS_TABLE . " WHERE topic_id = $topic_id"; ! if (!($result = $db->sql_query($sql))) { message_die(GENERAL_ERROR, 'Error in deleting post', '', __LINE__, __FILE__, $sql); } ! if ($row = $db->sql_fetchrow($result)) { ! $topic_update_sql .= 'topic_replies = topic_replies - 1, topic_first_post_id = ' . $row['first_post_id']; } } + else + { + $topic_update_sql .= 'topic_replies = topic_replies - 1'; + } } ! else if ($mode != 'poll_delete') { ! $forum_update_sql .= ", forum_last_post_id = $post_id" . (($mode == 'newtopic') ? ", forum_topics = forum_topics $sign" : ""); ! $topic_update_sql = "topic_last_post_id = $post_id" . (($mode == 'reply') ? ", topic_replies = topic_replies $sign" : ", topic_first_post_id = $post_id"); } else { *************** *** 456,483 **** $sql = "UPDATE " . FORUMS_TABLE . " SET $forum_update_sql WHERE forum_id = $forum_id"; ! if ( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql); } ! if ( $topic_update_sql != '' ) { $sql = "UPDATE " . TOPICS_TABLE . " SET $topic_update_sql WHERE topic_id = $topic_id"; ! if ( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql); } } ! if ( $mode != 'poll_delete' ) { $sql = "UPDATE " . USERS_TABLE . " SET user_posts = user_posts $sign WHERE user_id = $user_id"; ! if ( !($result = $db->sql_query($sql, END_TRANSACTION)) ) { message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql); } --- 447,474 ---- $sql = "UPDATE " . FORUMS_TABLE . " SET $forum_update_sql WHERE forum_id = $forum_id"; ! if (!$db->sql_query($sql)) { message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql); } ! if ($topic_update_sql != '') { $sql = "UPDATE " . TOPICS_TABLE . " SET $topic_update_sql WHERE topic_id = $topic_id"; ! if (!$db->sql_query($sql)) { message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql); } } ! if ($mode != 'poll_delete') { $sql = "UPDATE " . USERS_TABLE . " SET user_posts = user_posts $sign WHERE user_id = $user_id"; ! if (!$db->sql_query($sql, END_TRANSACTION)) { message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql); } *************** *** 494,584 **** global $board_config, $lang, $db, $phpbb_root_path, $phpEx; global $userdata, $user_ip; ! include($phpbb_root_path . 'includes/functions_search.'.$phpEx); ! ! $topic_update_sql = ''; ! if ( $mode != 'poll_delete' ) { $sql = "DELETE FROM " . POSTS_TABLE . " WHERE post_id = $post_id"; ! if ( !($db->sql_query($sql)) ) { message_die(GENERAL_ERROR, 'Error in deleting post', '', __LINE__, __FILE__, $sql); } $sql = "DELETE FROM " . POSTS_TEXT_TABLE . " WHERE post_id = $post_id"; ! if ( !($db->sql_query($sql)) ) ! { ! message_die(GENERAL_ERROR, 'Error in deleting post', '', __LINE__, __FILE__, $sql); ! } ! ! $sql = "DELETE FROM " . SEARCH_MATCH_TABLE . " ! WHERE post_id = $post_id"; ! if ( !($db->sql_query($sql)) ) { message_die(GENERAL_ERROR, 'Error in deleting post', '', __LINE__, __FILE__, $sql); } ! $forum_update_sql = 'forum_posts = forum_posts - 1'; ! $topic_update_sql .= 'topic_replies = topic_replies - 1'; ! if ( $post_data['last_post'] ) { ! if ( $post_data['first_post'] ) { $sql = "DELETE FROM " . TOPICS_TABLE . " WHERE topic_id = $topic_id OR topic_moved_id = $topic_id"; ! if ( !($db->sql_query($sql)) ) { message_die(GENERAL_ERROR, 'Error in deleting post', '', __LINE__, __FILE__, $sql); } $sql = "DELETE FROM " . TOPICS_WATCH_TABLE . " WHERE topic_id = $topic_id"; ! if ( !($db->sql_query($sql)) ) { message_die(GENERAL_ERROR, 'Error in deleting post', '', __LINE__, __FILE__, $sql); } } } } ! if( $mode == 'poll_delete' || ( $mode == 'delete' && $post_data['first_post'] && $post_data['last_post'] ) && $post_data['has_poll'] && $post_data['edit_poll'] ) { $sql = "DELETE FROM " . VOTE_DESC_TABLE . " ! WHERE vote_id = $poll_id"; ! if ( !($db->sql_query($sql)) ) { message_die(GENERAL_ERROR, 'Error in deleting poll', '', __LINE__, __FILE__, $sql); } $sql = "DELETE FROM " . VOTE_RESULTS_TABLE . " WHERE vote_id = $poll_id"; ! if ( !($db->sql_query($sql)) ) { message_die(GENERAL_ERROR, 'Error in deleting poll', '', __LINE__, __FILE__, $sql); } $sql = "DELETE FROM " . VOTE_USERS_TABLE . " WHERE vote_id = $poll_id"; ! if ( !($db->sql_query($sql)) ) { message_die(GENERAL_ERROR, 'Error in deleting poll', '', __LINE__, __FILE__, $sql); } } ! remove_search_post($post_id); ! ! if ( $mode == 'delete' && $post_data['first_post'] && $post_data['last_post'] ) { ! $meta = ''; $message = $lang['Deleted']; } else { ! $meta = ''; ! $message = ( ( $mode == "poll_delete" ) ? $lang['Poll_delete'] : $lang['Deleted'] ) . '

' . sprintf($lang['Click_return_topic'], '', ''); } $message .= '

' . sprintf($lang['Click_return_forum'], '', ''); --- 485,566 ---- global $board_config, $lang, $db, $phpbb_root_path, $phpEx; global $userdata, $user_ip; ! if ($mode != 'poll_delete') { + include($phpbb_root_path . 'includes/functions_search.'.$phpEx); + $sql = "DELETE FROM " . POSTS_TABLE . " WHERE post_id = $post_id"; ! if (!$db->sql_query($sql)) { message_die(GENERAL_ERROR, 'Error in deleting post', '', __LINE__, __FILE__, $sql); } $sql = "DELETE FROM " . POSTS_TEXT_TABLE . " WHERE post_id = $post_id"; ! if (!$db->sql_query($sql)) { message_die(GENERAL_ERROR, 'Error in deleting post', '', __LINE__, __FILE__, $sql); } ! if ($post_data['last_post']) { ! if ($post_data['first_post']) { + $forum_update_sql .= ', forum_topics = forum_topics - 1'; $sql = "DELETE FROM " . TOPICS_TABLE . " WHERE topic_id = $topic_id OR topic_moved_id = $topic_id"; ! if (!$db->sql_query($sql)) { message_die(GENERAL_ERROR, 'Error in deleting post', '', __LINE__, __FILE__, $sql); } $sql = "DELETE FROM " . TOPICS_WATCH_TABLE . " WHERE topic_id = $topic_id"; ! if (!$db->sql_query($sql)) { message_die(GENERAL_ERROR, 'Error in deleting post', '', __LINE__, __FILE__, $sql); } } } + + remove_search_post($post_id); } ! if ($mode == 'poll_delete' || ($mode == 'delete' && $post_data['first_post'] && $post_data['last_post']) && $post_data['has_poll'] && $post_data['edit_poll']) { $sql = "DELETE FROM " . VOTE_DESC_TABLE . " ! WHERE topic_id = $topic_id"; ! if (!$db->sql_query($sql)) { message_die(GENERAL_ERROR, 'Error in deleting poll', '', __LINE__, __FILE__, $sql); } $sql = "DELETE FROM " . VOTE_RESULTS_TABLE . " WHERE vote_id = $poll_id"; ! if (!$db->sql_query($sql)) { message_die(GENERAL_ERROR, 'Error in deleting poll', '', __LINE__, __FILE__, $sql); } $sql = "DELETE FROM " . VOTE_USERS_TABLE . " WHERE vote_id = $poll_id"; ! if (!$db->sql_query($sql)) { message_die(GENERAL_ERROR, 'Error in deleting poll', '', __LINE__, __FILE__, $sql); } } ! if ($mode == 'delete' && $post_data['first_post'] && $post_data['last_post']) { ! $meta = ''; $message = $lang['Deleted']; } else { ! $meta = ''; ! $message = (($mode == 'poll_delete') ? $lang['Poll_delete'] : $lang['Deleted']) . '

' . sprintf($lang['Click_return_topic'], '', ''); } $message .= '

' . sprintf($lang['Click_return_forum'], '', ''); *************** *** 589,674 **** // // Handle user notification on new post // ! function user_notification($mode, &$post_data, &$forum_id, &$topic_id, &$post_id, &$notify_user) { global $board_config, $lang, $db, $phpbb_root_path, $phpEx; global $userdata, $user_ip; $current_time = time(); ! if ( $mode == 'delete' ) { ! $delete_sql = ( !$post_data['first_post'] && !$post_data['last_post'] ) ? " AND user_id = " . $userdata['user_id'] : ""; $sql = "DELETE FROM " . TOPICS_WATCH_TABLE . " WHERE topic_id = $topic_id" . $delete_sql; ! if ( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, 'Could not change topic notify data', '', __LINE__, __FILE__, $sql); } } else { ! if ( $mode == 'reply' ) { $sql = "SELECT ban_userid FROM " . BANLIST_TABLE; ! if ( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, 'Could not obtain banlist', '', __LINE__, __FILE__, $sql); } $user_id_sql = ''; ! while ( $row = $db->sql_fetchrow($result) ) { ! if ( isset($row['ban_userid']) ) { ! $user_id_sql = ', ' . $row['ban_userid']; } } ! $sql = "SELECT u.user_id, u.username, u.user_email, u.user_lang, t.topic_title ! FROM " . TOPICS_WATCH_TABLE . " tw, " . TOPICS_TABLE . " t, " . USERS_TABLE . " u WHERE tw.topic_id = $topic_id ! AND tw.user_id NOT IN (" . $userdata['user_id'] . ", " . ANONYMOUS . $user_id_sql . " ) AND tw.notify_status = " . TOPIC_WATCH_UN_NOTIFIED . " - AND t.topic_id = tw.topic_id AND u.user_id = tw.user_id"; ! if ( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, 'Could not obtain list of topic watchers', '', __LINE__, __FILE__, $sql); } - $orig_word = array(); - $replacement_word = array(); - obtain_word_list($orig_word, $replacement_word); - - include($phpbb_root_path . 'includes/emailer.'.$phpEx); - $emailer = new emailer($board_config['smtp_delivery']); - - $script_name = preg_replace('/^\/?(.*?)\/?$/', '\1', trim($board_config['script_path'])); - $script_name = ( $script_name != '' ) ? $script_name . '/viewtopic.'.$phpEx : 'viewtopic.'.$phpEx; - $server_name = trim($board_config['server_name']); - $server_protocol = ( $board_config['cookie_secure'] ) ? 'https://' : 'http://'; - $server_port = ( $board_config['server_port'] <> 80 ) ? ':' . trim($board_config['server_port']) . '/' : '/'; - - $email_headers = "From: " . $board_config['board_email'] . "\nReturn-Path: " . $board_config['board_email'] . "\r\n"; - $update_watched_sql = ''; ! if ( $row = $db->sql_fetchrow($result) ) { ! $topic_title = preg_replace($orig_word, $replacement_word, unprepare_message($row['topic_title'])); do { ! if ( $row['user_email'] != '' ) { ! $emailer->use_template('topic_notify', $row['user_lang']); ! $emailer->email_address($row['user_email']); ! $emailer->set_subject();//$lang['Topic_reply_notification'] ! $emailer->extra_headers($email_headers); $emailer->assign_vars(array( ! 'EMAIL_SIG' => str_replace('
', "\n", "-- \n" . $board_config['board_email_sig']), ! 'USERNAME' => $row['username'], 'SITENAME' => $board_config['sitename'], 'TOPIC_TITLE' => $topic_title, --- 571,696 ---- // // Handle user notification on new post // ! function user_notification($mode, &$post_data, &$topic_title, &$forum_id, &$topic_id, &$post_id, &$notify_user) { global $board_config, $lang, $db, $phpbb_root_path, $phpEx; global $userdata, $user_ip; $current_time = time(); ! if ($mode == 'delete') { ! $delete_sql = (!$post_data['first_post'] && !$post_data['last_post']) ? " AND user_id = " . $userdata['user_id'] : ''; $sql = "DELETE FROM " . TOPICS_WATCH_TABLE . " WHERE topic_id = $topic_id" . $delete_sql; ! if (!$db->sql_query($sql)) { message_die(GENERAL_ERROR, 'Could not change topic notify data', '', __LINE__, __FILE__, $sql); } } else { ! if ($mode == 'reply') { $sql = "SELECT ban_userid FROM " . BANLIST_TABLE; ! if (!($result = $db->sql_query($sql))) { message_die(GENERAL_ERROR, 'Could not obtain banlist', '', __LINE__, __FILE__, $sql); } $user_id_sql = ''; ! while ($row = $db->sql_fetchrow($result)) { ! if (isset($row['ban_userid']) && !empty($row['ban_userid'])) { ! $user_id_sql .= ', ' . $row['ban_userid']; } } ! $sql = "SELECT u.user_id, u.user_email, u.user_lang ! FROM " . TOPICS_WATCH_TABLE . " tw, " . USERS_TABLE . " u WHERE tw.topic_id = $topic_id ! AND tw.user_id NOT IN (" . $userdata['user_id'] . ", " . ANONYMOUS . $user_id_sql . ") AND tw.notify_status = " . TOPIC_WATCH_UN_NOTIFIED . " AND u.user_id = tw.user_id"; ! if (!($result = $db->sql_query($sql))) { message_die(GENERAL_ERROR, 'Could not obtain list of topic watchers', '', __LINE__, __FILE__, $sql); } $update_watched_sql = ''; ! $bcc_list_ary = array(); ! ! if ($row = $db->sql_fetchrow($result)) { ! // Sixty second limit ! @set_time_limit(60); do { ! if ($row['user_email'] != '') { ! $bcc_list_ary[$row['user_lang']][] = $row['user_email']; ! } ! $update_watched_sql .= ($update_watched_sql != '') ? ', ' . $row['user_id'] : $row['user_id']; ! } ! while ($row = $db->sql_fetchrow($result)); ! ! // ! // Let's do some checking to make sure that mass mail functions ! // are working in win32 versions of php. ! // ! if (preg_match('/[c-z]:\\\.*/i', getenv('PATH')) && !$board_config['smtp_delivery']) ! { ! $ini_val = (@phpversion() >= '4.0.0') ? 'ini_get' : 'get_cfg_var'; ! ! // We are running on windows, force delivery to use our smtp functions ! // since php's are broken by default ! $board_config['smtp_delivery'] = 1; ! $board_config['smtp_host'] = @$ini_val('SMTP'); ! } ! ! if (sizeof($bcc_list_ary)) ! { ! include($phpbb_root_path . 'includes/emailer.'.$phpEx); ! $emailer = new emailer($board_config['smtp_delivery']); ! ! $script_name = preg_replace('/^\/?(.*?)\/?$/', '\1', trim($board_config['script_path'])); ! $script_name = ($script_name != '') ? $script_name . '/viewtopic.'.$phpEx : 'viewtopic.'.$phpEx; ! $server_name = trim($board_config['server_name']); ! $server_protocol = ($board_config['cookie_secure']) ? 'https://' : 'http://'; ! $server_port = ($board_config['server_port'] <> 80) ? ':' . trim($board_config['server_port']) . '/' : '/'; ! ! $orig_word = array(); ! $replacement_word = array(); ! obtain_word_list($orig_word, $replacement_word); ! ! $emailer->from($board_config['board_email']); ! $emailer->replyto($board_config['board_email']); ! ! $topic_title = (count($orig_word)) ? preg_replace($orig_word, $replacement_word, unprepare_message($topic_title)) : unprepare_message($topic_title); ! ! @reset($bcc_list_ary); ! while (list($user_lang, $bcc_list) = each($bcc_list_ary)) ! { ! $emailer->use_template('topic_notify', $user_lang); ! ! for ($i = 0; $i < count($bcc_list); $i++) ! { ! $emailer->bcc($bcc_list[$i]); ! } ! ! // The Topic_reply_notification lang string below will be used ! // if for some reason the mail template subject cannot be read ! // ... note it will not necessarily be in the posters own language! ! $emailer->set_subject($lang['Topic_reply_notification']); ! ! // This is a nasty kludge to remove the username var ... till (if?) ! // translators update their templates ! $emailer->msg = preg_replace('#[ ]?{USERNAME}#', '', $emailer->msg); $emailer->assign_vars(array( ! 'EMAIL_SIG' => (!empty($board_config['board_email_sig'])) ? str_replace('
', "\n", "-- \n" . $board_config['board_email_sig']) : '', 'SITENAME' => $board_config['sitename'], 'TOPIC_TITLE' => $topic_title, *************** *** 678,691 **** $emailer->send(); $emailer->reset(); - - $update_watched_sql .= ( $update_watched_sql != '' ) ? ', ' . $row['user_id'] : $row['user_id']; } } - while ( $row = $db->sql_fetchrow($result) ); } ! if ( $update_watched_sql != '' ) { $sql = "UPDATE " . TOPICS_WATCH_TABLE . " SET notify_status = " . TOPIC_WATCH_NOTIFIED . " --- 700,711 ---- $emailer->send(); $emailer->reset(); } } } + $db->sql_freeresult($result); ! if ($update_watched_sql != '') { $sql = "UPDATE " . TOPICS_WATCH_TABLE . " SET notify_status = " . TOPIC_WATCH_NOTIFIED . " *************** *** 699,726 **** FROM " . TOPICS_WATCH_TABLE . " WHERE topic_id = $topic_id AND user_id = " . $userdata['user_id']; ! if ( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, 'Could not obtain topic watch information', '', __LINE__, __FILE__, $sql); } $row = $db->sql_fetchrow($result); ! if ( !$notify_user && !empty($row['topic_id']) ) { $sql = "DELETE FROM " . TOPICS_WATCH_TABLE . " WHERE topic_id = $topic_id AND user_id = " . $userdata['user_id']; ! if ( !$result = $db->sql_query($sql) ) { message_die(GENERAL_ERROR, 'Could not delete topic watch information', '', __LINE__, __FILE__, $sql); } } ! else if ( $notify_user && empty($row['topic_id']) ) { $sql = "INSERT INTO " . TOPICS_WATCH_TABLE . " (user_id, topic_id, notify_status) VALUES (" . $userdata['user_id'] . ", $topic_id, 0)"; ! if ( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, 'Could not insert topic watch information', '', __LINE__, __FILE__, $sql); } --- 719,746 ---- FROM " . TOPICS_WATCH_TABLE . " WHERE topic_id = $topic_id AND user_id = " . $userdata['user_id']; ! if (!($result = $db->sql_query($sql))) { message_die(GENERAL_ERROR, 'Could not obtain topic watch information', '', __LINE__, __FILE__, $sql); } $row = $db->sql_fetchrow($result); ! if (!$notify_user && !empty($row['topic_id'])) { $sql = "DELETE FROM " . TOPICS_WATCH_TABLE . " WHERE topic_id = $topic_id AND user_id = " . $userdata['user_id']; ! if (!$db->sql_query($sql)) { message_die(GENERAL_ERROR, 'Could not delete topic watch information', '', __LINE__, __FILE__, $sql); } } ! else if ($notify_user && empty($row['topic_id'])) { $sql = "INSERT INTO " . TOPICS_WATCH_TABLE . " (user_id, topic_id, notify_status) VALUES (" . $userdata['user_id'] . ", $topic_id, 0)"; ! if (!$db->sql_query($sql)) { message_die(GENERAL_ERROR, 'Could not insert topic watch information', '', __LINE__, __FILE__, $sql); } *************** *** 742,755 **** $inline_rows = 5; $window_columns = 8; ! if ( $mode == 'window' ) { $userdata = session_pagestart($user_ip, $page_id); init_userprefs($userdata); $gen_simple_header = TRUE; ! $page_title = $lang['Review_topic'] . " - $topic_title"; include($phpbb_root_path . 'includes/page_header.'.$phpEx); $template->set_filenames(array( --- 762,775 ---- $inline_rows = 5; $window_columns = 8; ! if ($mode == 'window') { $userdata = session_pagestart($user_ip, $page_id); init_userprefs($userdata); $gen_simple_header = TRUE; ! $page_title = $lang['Emoticons'] . " - $topic_title"; include($phpbb_root_path . 'includes/page_header.'.$phpEx); $template->set_filenames(array( *************** *** 760,791 **** $sql = "SELECT emoticon, code, smile_url FROM " . SMILIES_TABLE . " ORDER BY smilies_id"; ! if ( $result = $db->sql_query($sql) ) { $num_smilies = 0; $rowset = array(); ! while ( $row = $db->sql_fetchrow($result) ) { ! if ( empty($rowset[$row['smile_url']]) ) { ! $rowset[$row['smile_url']]['code'] = str_replace('\\', '\\\\', str_replace("'", "\\'", $row['code'])); $rowset[$row['smile_url']]['emoticon'] = $row['emoticon']; $num_smilies++; } } ! if ( $num_smilies ) { ! $smilies_count = ( $mode == 'inline' ) ? min(19, $num_smilies) : $num_smilies; ! $smilies_split_row = ( $mode == 'inline' ) ? $inline_columns - 1 : $window_columns - 1; $s_colspan = 0; $row = 0; $col = 0; ! while ( list($smile_url, $data) = @each($rowset) ) { ! if ( !$col ) { $template->assign_block_vars('smilies_row', array()); } --- 780,811 ---- $sql = "SELECT emoticon, code, smile_url FROM " . SMILIES_TABLE . " ORDER BY smilies_id"; ! if ($result = $db->sql_query($sql)) { $num_smilies = 0; $rowset = array(); ! while ($row = $db->sql_fetchrow($result)) { ! if (empty($rowset[$row['smile_url']])) { ! $rowset[$row['smile_url']]['code'] = str_replace("'", "\\'", str_replace('\\', '\\\\', $row['code'])); $rowset[$row['smile_url']]['emoticon'] = $row['emoticon']; $num_smilies++; } } ! if ($num_smilies) { ! $smilies_count = ($mode == 'inline') ? min(19, $num_smilies) : $num_smilies; ! $smilies_split_row = ($mode == 'inline') ? $inline_columns - 1 : $window_columns - 1; $s_colspan = 0; $row = 0; $col = 0; ! while (list($smile_url, $data) = @each($rowset)) { ! if (!$col) { $template->assign_block_vars('smilies_row', array()); } *************** *** 798,806 **** $s_colspan = max($s_colspan, $col + 1); ! if ( $col == $smilies_split_row ) { ! if ( $mode == 'inline' && $row == $inline_rows - 1 ) { break; } --- 818,826 ---- $s_colspan = max($s_colspan, $col + 1); ! if ($col == $smilies_split_row) { ! if ($mode == 'inline' && $row == $inline_rows - 1) { break; } *************** *** 813,819 **** } } ! if ( $mode == 'inline' && $num_smilies > $inline_rows * $inline_columns ) { $template->assign_block_vars('switch_smilies_extra', array()); --- 833,839 ---- } } ! if ($mode == 'inline' && $num_smilies > $inline_rows * $inline_columns) { $template->assign_block_vars('switch_smilies_extra', array()); *************** *** 831,837 **** } } ! if ( $mode == 'window' ) { $template->pparse('smiliesbody'); --- 851,857 ---- } } ! if ($mode == 'window') { $template->pparse('smiliesbody'); *************** *** 839,842 **** } } ! ?> --- 859,862 ---- } } ! ?> \ No newline at end of file diff -crN phpbb200/includes/functions_search.php phpbb2017/includes/functions_search.php *** phpbb200/includes/functions_search.php Sat Jul 10 20:16:13 2004 --- phpbb2017/includes/functions_search.php Tue Jul 19 22:14:56 2005 *************** *** 3,12 **** * functions_search.php * ------------------- * begin : Wed Sep 05 2001 ! * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: functions_search.php,v 1.8 2002/04/02 14:03:49 psotfx Exp $ * ****************************************************************************/ --- 3,12 ---- * functions_search.php * ------------------- * begin : Wed Sep 05 2001 ! * copyright : (C) 2002 The phpBB Group * email : support@phpbb.com * ! * $Id: functions_search.php,v 1.8.2.19 2004/11/18 17:49:45 acydburn Exp $ * ****************************************************************************/ *************** *** 21,29 **** function clean_words($mode, &$entry, &$stopword_list, &$synonym_list) { - // Weird, $init_match doesn't work with static when double quotes (") are used... static $drop_char_match = array('^', '$', '&', '(', ')', '<', '>', '`', '\'', '"', '|', ',', '@', '_', '?', '%', '-', '~', '+', '.', '[', ']', '{', '}', ':', '\\', '/', '=', '#', '\'', ';', '!'); ! static $drop_char_replace = array(' ', ' ', ' ', ' ', ' ', ' ', ' ', '', '', ' ', ' ', ' ', ' ', '', ' ', ' ', '', ' ', ' ', ' ', ' ', ' ', ' ', ' ', ' ', ' ' , ' ', ' ', ' ', ' ', ' ', ' '); $entry = ' ' . strip_tags(strtolower($entry)) . ' '; --- 21,28 ---- function clean_words($mode, &$entry, &$stopword_list, &$synonym_list) { static $drop_char_match = array('^', '$', '&', '(', ')', '<', '>', '`', '\'', '"', '|', ',', '@', '_', '?', '%', '-', '~', '+', '.', '[', ']', '{', '}', ':', '\\', '/', '=', '#', '\'', ';', '!'); ! static $drop_char_replace = array(' ', ' ', ' ', ' ', ' ', ' ', ' ', '', '', ' ', ' ', ' ', ' ', '', ' ', ' ', '', ' ', ' ', ' ', ' ', ' ', ' ', ' ', ' ', ' ' , ' ', ' ', ' ', ' ', ' ', ' '); $entry = ' ' . strip_tags(strtolower($entry)) . ' '; *************** *** 42,54 **** } else if ( $mode == 'search' ) { ! $entry = str_replace('+', ' and ', $entry); ! $entry = str_replace('-', ' not ', $entry); } - // Replace numbers on their own - $entry = preg_replace('/\b[0-9]+\b/', ' ', $entry); - // // Filter out strange characters like ^, $, &, change "it's" to "its" // --- 41,50 ---- } else if ( $mode == 'search' ) { ! $entry = str_replace(' +', ' and ', $entry); ! $entry = str_replace(' -', ' not ', $entry); } // // Filter out strange characters like ^, $, &, change "it's" to "its" // *************** *** 61,68 **** { $entry = str_replace('*', ' ', $entry); ! // 'words' that consist of <=3 or >=25 characters are removed. ! $entry = preg_replace('/\b([a-z0-9]{1,3}|[a-z0-9]{20,})\b/',' ', $entry); } if ( !empty($stopword_list) ) --- 57,64 ---- { $entry = str_replace('*', ' ', $entry); ! // 'words' that consist of <3 or >20 characters are removed. ! $entry = preg_replace('/[ ]([\S]{1,2}|[\S]{21,})[ ]/',' ', $entry); } if ( !empty($stopword_list) ) *************** *** 73,79 **** if ( $mode == 'post' || ( $stopword != 'not' && $stopword != 'and' && $stopword != 'or' ) ) { ! $entry = preg_replace('#\b' . preg_quote($stopword) . '\b#', ' ', $entry); } } } --- 69,75 ---- if ( $mode == 'post' || ( $stopword != 'not' && $stopword != 'and' && $stopword != 'or' ) ) { ! $entry = str_replace(' ' . trim($stopword) . ' ', ' ', $entry); } } } *************** *** 85,91 **** list($replace_synonym, $match_synonym) = split(' ', trim(strtolower($synonym_list[$j]))); if ( $mode == 'post' || ( $match_synonym != 'not' && $match_synonym != 'and' && $match_synonym != 'or' ) ) { ! $entry = preg_replace('#\b' . trim($match_synonym) . '\b#', ' ' . trim($replace_synonym) . ' ', $entry); } } } --- 81,87 ---- list($replace_synonym, $match_synonym) = split(' ', trim(strtolower($synonym_list[$j]))); if ( $mode == 'post' || ( $match_synonym != 'not' && $match_synonym != 'and' && $match_synonym != 'or' ) ) { ! $entry = str_replace(' ' . trim($match_synonym) . ' ', ' ' . trim($replace_synonym) . ' ', $entry); } } } *************** *** 95,123 **** function split_words(&$entry, $mode = 'post') { ! if ( $mode == 'post' ) ! { ! preg_match_all("/\b(\w[\w']*\w+|\w+?)\b/", $entry, $split_entries); ! } ! else ! { ! preg_match_all('/(\*?[a-z0-9]+\*?)|\b([a-z0-9]+)\b/', $entry, $split_entries); ! } return $split_entries[1]; } ! function add_search_words($post_id, $post_text, $post_title = '') { global $db, $phpbb_root_path, $board_config, $lang; ! $stopwords_array = @file($phpbb_root_path . 'language/lang_' . $board_config['default_lang'] . "/search_stopwords.txt"); $synonym_array = @file($phpbb_root_path . 'language/lang_' . $board_config['default_lang'] . "/search_synonyms.txt"); $search_raw_words = array(); $search_raw_words['text'] = split_words(clean_words('post', $post_text, $stopword_array, $synonym_array)); $search_raw_words['title'] = split_words(clean_words('post', $post_title, $stopword_array, $synonym_array)); $word = array(); $word_insert_sql = array(); while ( list($word_in, $search_matches) = @each($search_raw_words) ) --- 91,120 ---- function split_words(&$entry, $mode = 'post') { ! // If you experience problems with the new method, uncomment this block. ! /* ! $rex = ( $mode == 'post' ) ? "/\b([\w±µ-ÿ][\w±µ-ÿ']*[\w±µ-ÿ]+|[\w±µ-ÿ]+?)\b/" : '/(\*?[a-z0-9±µ-ÿ]+\*?)|\b([a-z0-9±µ-ÿ]+)\b/'; ! preg_match_all($rex, $entry, $split_entries); return $split_entries[1]; + */ + // Trim 1+ spaces to one space and split this trimmed string into words. + return explode(' ', trim(preg_replace('#\s+#', ' ', $entry))); } ! function add_search_words($mode, $post_id, $post_text, $post_title = '') { global $db, $phpbb_root_path, $board_config, $lang; ! $stopword_array = @file($phpbb_root_path . 'language/lang_' . $board_config['default_lang'] . "/search_stopwords.txt"); $synonym_array = @file($phpbb_root_path . 'language/lang_' . $board_config['default_lang'] . "/search_synonyms.txt"); $search_raw_words = array(); $search_raw_words['text'] = split_words(clean_words('post', $post_text, $stopword_array, $synonym_array)); $search_raw_words['title'] = split_words(clean_words('post', $post_title, $stopword_array, $synonym_array)); + @set_time_limit(0); + $word = array(); $word_insert_sql = array(); while ( list($word_in, $search_matches) = @each($search_raw_words) ) *************** *** 198,211 **** { case 'mysql': case 'mysql4': ! $value_sql .= ( ( $value_sql != '' ) ? ', ' : '' ) . '(\'' . $word[$i] . '\')'; break; case 'mssql': ! $value_sql .= ( ( $value_sql != '' ) ? ' UNION ALL ' : '' ) . "SELECT '" . $word[$i] . "'"; break; default: ! $sql = "INSERT INTO " . SEARCH_WORD_TABLE . " (word_text) ! VALUES ('" . $word[$i] . "')"; if( !$db->sql_query($sql) ) { message_die(GENERAL_ERROR, 'Could not insert new word', '', __LINE__, __FILE__, $sql); --- 195,209 ---- { case 'mysql': case 'mysql4': ! $value_sql .= ( ( $value_sql != '' ) ? ', ' : '' ) . '(\'' . $word[$i] . '\', 0)'; break; case 'mssql': ! case 'mssql-odbc': ! $value_sql .= ( ( $value_sql != '' ) ? ' UNION ALL ' : '' ) . "SELECT '" . $word[$i] . "', 0"; break; default: ! $sql = "INSERT INTO " . SEARCH_WORD_TABLE . " (word_text, word_common) ! VALUES ('" . $word[$i] . "', 0)"; if( !$db->sql_query($sql) ) { message_die(GENERAL_ERROR, 'Could not insert new word', '', __LINE__, __FILE__, $sql); *************** *** 221,231 **** { case 'mysql': case 'mysql4': ! $sql = "INSERT IGNORE INTO " . SEARCH_WORD_TABLE . " (word_text) VALUES $value_sql"; break; case 'mssql': ! $sql = "INSERT INTO " . SEARCH_WORD_TABLE . " (word_text) $value_sql"; break; } --- 219,230 ---- { case 'mysql': case 'mysql4': ! $sql = "INSERT IGNORE INTO " . SEARCH_WORD_TABLE . " (word_text, word_common) VALUES $value_sql"; break; case 'mssql': ! case 'mssql-odbc': ! $sql = "INSERT INTO " . SEARCH_WORD_TABLE . " (word_text, word_common) $value_sql"; break; } *************** *** 254,262 **** } } ! if ( $mode == 'single' ) { ! remove_common('single', 0.4, $word); } return; --- 253,261 ---- } } ! if ($mode == 'single') { ! remove_common('single', 4/10, $word); } return; *************** *** 269,275 **** { global $db; ! $sql = ( $mode == 'global' ) ? "SELECT COUNT(post_id) AS total_posts FROM " . SEARCH_MATCH_TABLE . " GROUP BY post_id" : "SELECT SUM(forum_posts) AS total_posts FROM " . FORUMS_TABLE; if ( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, 'Could not obtain post count', '', __LINE__, __FILE__, $sql); --- 268,275 ---- { global $db; ! $sql = "SELECT COUNT(post_id) AS total_posts ! FROM " . POSTS_TABLE; if ( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, 'Could not obtain post count', '', __LINE__, __FILE__, $sql); *************** *** 335,341 **** } } ! return $word_count; } function remove_search_post($post_id_sql) --- 335,341 ---- } } ! return; } function remove_search_post($post_id_sql) *************** *** 428,443 **** function username_search($search_match) { global $db, $board_config, $template, $lang, $images, $theme, $phpEx, $phpbb_root_path; ! global $starttime; $username_list = ''; if ( !empty($search_match) ) { ! $username_search = preg_replace('/\*/', '%', trim(strip_tags($search_match))); $sql = "SELECT username FROM " . USERS_TABLE . " ! WHERE username LIKE '" . str_replace("\'", "''", $username_search) . "' ORDER BY username"; if ( !($result = $db->sql_query($sql)) ) { --- 428,445 ---- function username_search($search_match) { global $db, $board_config, $template, $lang, $images, $theme, $phpEx, $phpbb_root_path; ! global $starttime, $gen_simple_header; ! ! $gen_simple_header = TRUE; $username_list = ''; if ( !empty($search_match) ) { ! $username_search = preg_replace('/\*/', '%', phpbb_clean_username($search_match)); $sql = "SELECT username FROM " . USERS_TABLE . " ! WHERE username LIKE '" . str_replace("\'", "''", $username_search) . "' AND user_id <> " . ANONYMOUS . " ORDER BY username"; if ( !($result = $db->sql_query($sql)) ) { *************** *** 459,465 **** $db->sql_freeresult($result); } - $gen_simple_header = TRUE; $page_title = $lang['Search']; include($phpbb_root_path . 'includes/page_header.'.$phpEx); --- 461,466 ---- *************** *** 468,474 **** ); $template->assign_vars(array( ! 'USERNAME' => ( !empty($search_match) ) ? $search_match : '', 'L_CLOSE_WINDOW' => $lang['Close_window'], 'L_SEARCH_USERNAME' => $lang['Find_username'], --- 469,475 ---- ); $template->assign_vars(array( ! 'USERNAME' => (!empty($search_match)) ? phpbb_clean_username($search_match) : '', 'L_CLOSE_WINDOW' => $lang['Close_window'], 'L_SEARCH_USERNAME' => $lang['Find_username'], diff -crN phpbb200/includes/functions_selects.php phpbb2017/includes/functions_selects.php *** phpbb200/includes/functions_selects.php Sat Jul 10 20:16:13 2004 --- phpbb2017/includes/functions_selects.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: functions_selects.php,v 1.3 2002/03/18 23:53:12 psotfx Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: functions_selects.php,v 1.3.2.5 2005/05/06 20:50:11 acydburn Exp $ * * ***************************************************************************/ *************** *** 26,39 **** // function language_select($default, $select_name = "language", $dirname="language") { ! global $phpEx; ! $dir = opendir($dirname); $lang = array(); while ( $file = readdir($dir) ) { ! if ( ereg("^lang_", $file) && !is_file($dirname . "/" . $file) && !is_link($dirname . "/" . $file) ) { $filename = trim(str_replace("lang_", "", $file)); $displayname = preg_replace("/^(.*?)_(.*)$/", "\\1 [ \\2 ]", $filename); --- 26,39 ---- // function language_select($default, $select_name = "language", $dirname="language") { ! global $phpEx, $phpbb_root_path; ! $dir = opendir($phpbb_root_path . $dirname); $lang = array(); while ( $file = readdir($dir) ) { ! if (preg_match('#^lang_#i', $file) && !is_file(@phpbb_realpath($phpbb_root_path . $dirname . '/' . $file)) && !is_link(@phpbb_realpath($phpbb_root_path . $dirname . '/' . $file))) { $filename = trim(str_replace("lang_", "", $file)); $displayname = preg_replace("/^(.*?)_(.*)$/", "\\1 [ \\2 ]", $filename); diff -crN phpbb200/includes/functions_validate.php phpbb2017/includes/functions_validate.php *** phpbb200/includes/functions_validate.php Sat Jul 10 20:16:13 2004 --- phpbb2017/includes/functions_validate.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: functions_validate.php,v 1.6 2002/04/02 21:13:47 the_systech Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: functions_validate.php,v 1.6.2.13 2005/07/19 20:01:15 acydburn Exp $ * * ***************************************************************************/ *************** *** 18,24 **** * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * - * ***************************************************************************/ // --- 18,23 ---- *************** *** 30,90 **** { global $db, $lang, $userdata; ! $username = str_replace("\'", "''", $username); ! $sql = "SELECT username FROM " . USERS_TABLE . " WHERE LOWER(username) = '" . strtolower($username) . "'"; ! if ( $result = $db->sql_query($sql) ) { ! if ( $row = $db->sql_fetchrow($result) ) { ! if ( ( $userdata['session_logged_in'] && $row['username'] != $userdata['username'] ) || !$userdata['session_logged_in'] ) { return array('error' => true, 'error_msg' => $lang['Username_taken']); } } } $sql = "SELECT group_name FROM " . GROUPS_TABLE . " WHERE LOWER(group_name) = '" . strtolower($username) . "'"; ! if ( $result = $db->sql_query($sql) ) { ! if ( $row = $db->sql_fetchrow($result) ) { return array('error' => true, 'error_msg' => $lang['Username_taken']); } } $sql = "SELECT disallow_username FROM " . DISALLOW_TABLE; ! if ( $result = $db->sql_query($sql) ) { ! while( $row = $db->sql_fetchrow($result) ) { ! if ( preg_match("#\b(" . str_replace("\*", "\w*?", preg_quote($row['disallow_username'])) . ")\b#i", $username) ) { ! return array('error' => true, 'error_msg' => $lang['Username_disallowed']); } } } $sql = "SELECT word FROM " . WORDS_TABLE; ! if ( $result = $db->sql_query($sql) ) { ! while( $row = $db->sql_fetchrow($result) ) { ! if ( preg_match("#\b(" . str_replace("\*", "\w*?", preg_quote($row['word'])) . ")\b#i", $username) ) { ! return array('error' => true, 'error_msg' => $lang['Username_disallowed']); } } } ! // Don't allow " in username. ! if ( strstr($username, '"') ) { return array('error' => true, 'error_msg' => $lang['Username_invalid']); } --- 29,107 ---- { global $db, $lang, $userdata; ! // Remove doubled up spaces ! $username = preg_replace('#\s+#', ' ', trim($username)); ! $username = phpbb_clean_username($username); ! $sql = "SELECT username FROM " . USERS_TABLE . " WHERE LOWER(username) = '" . strtolower($username) . "'"; ! if ($result = $db->sql_query($sql)) { ! if ($row = $db->sql_fetchrow($result)) { ! if (($userdata['session_logged_in'] && $row['username'] != $userdata['username']) || !$userdata['session_logged_in']) { + $db->sql_freeresult($result); return array('error' => true, 'error_msg' => $lang['Username_taken']); } } } + $db->sql_freeresult($result); $sql = "SELECT group_name FROM " . GROUPS_TABLE . " WHERE LOWER(group_name) = '" . strtolower($username) . "'"; ! if ($result = $db->sql_query($sql)) { ! if ($row = $db->sql_fetchrow($result)) { + $db->sql_freeresult($result); return array('error' => true, 'error_msg' => $lang['Username_taken']); } } + $db->sql_freeresult($result); $sql = "SELECT disallow_username FROM " . DISALLOW_TABLE; ! if ($result = $db->sql_query($sql)) { ! if ($row = $db->sql_fetchrow($result)) { ! do { ! if (preg_match("#\b(" . str_replace("\*", ".*?", phpbb_preg_quote($row['disallow_username'], '#')) . ")\b#i", $username)) ! { ! $db->sql_freeresult($result); ! return array('error' => true, 'error_msg' => $lang['Username_disallowed']); ! } } + while($row = $db->sql_fetchrow($result)); } } + $db->sql_freeresult($result); $sql = "SELECT word FROM " . WORDS_TABLE; ! if ($result = $db->sql_query($sql)) { ! if ($row = $db->sql_fetchrow($result)) { ! do { ! if (preg_match("#\b(" . str_replace("\*", ".*?", phpbb_preg_quote($row['word'], '#')) . ")\b#i", $username)) ! { ! $db->sql_freeresult($result); ! return array('error' => true, 'error_msg' => $lang['Username_disallowed']); ! } } + while ($row = $db->sql_fetchrow($result)); } } + $db->sql_freeresult($result); ! // Don't allow " and ALT-255 in username. ! if (strstr($username, '"') || strstr($username, '"') || strstr($username, chr(160))) { return array('error' => true, 'error_msg' => $lang['Username_invalid']); } *************** *** 100,135 **** { global $db, $lang; ! if ( $email != '' ) { ! if ( preg_match('/^[a-z0-9\.\-_]+@[a-z0-9\-_]+\.([a-z0-9\-_]+\.)*?[a-z]+$/is', $email) ) { $sql = "SELECT ban_email FROM " . BANLIST_TABLE; ! if ( $result = $db->sql_query($sql) ) { ! while( $row = $db->sql_fetchrow($result) ) { ! $match_email = str_replace('*', '.*', $row['ban_email']); ! if ( preg_match('/^' . $match_email . '$/is', $email) ) { ! return array('error' => true, 'error_msg' => $lang['Email_banned']); } } } $sql = "SELECT user_email FROM " . USERS_TABLE . " WHERE user_email = '" . str_replace("\'", "''", $email) . "'"; ! if ( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, "Couldn't obtain user email information.", "", __LINE__, __FILE__, $sql); } ! ! if ( $row = $db->sql_fetchrow($result) ) { return array('error' => true, 'error_msg' => $lang['Email_taken']); } return array('error' => false, 'error_msg' => ''); } --- 117,159 ---- { global $db, $lang; ! if ($email != '') { ! if (preg_match('/^[a-z0-9&\'\.\-_\+]+@[a-z0-9\-]+\.([a-z0-9\-]+\.)*?[a-z]+$/is', $email)) { $sql = "SELECT ban_email FROM " . BANLIST_TABLE; ! if ($result = $db->sql_query($sql)) { ! if ($row = $db->sql_fetchrow($result)) { ! do { ! $match_email = str_replace('*', '.*?', $row['ban_email']); ! if (preg_match('/^' . $match_email . '$/is', $email)) ! { ! $db->sql_freeresult($result); ! return array('error' => true, 'error_msg' => $lang['Email_banned']); ! } } + while($row = $db->sql_fetchrow($result)); } } + $db->sql_freeresult($result); $sql = "SELECT user_email FROM " . USERS_TABLE . " WHERE user_email = '" . str_replace("\'", "''", $email) . "'"; ! if (!($result = $db->sql_query($sql))) { message_die(GENERAL_ERROR, "Couldn't obtain user email information.", "", __LINE__, __FILE__, $sql); } ! ! if ($row = $db->sql_fetchrow($result)) { return array('error' => true, 'error_msg' => $lang['Email_taken']); } + $db->sql_freeresult($result); return array('error' => false, 'error_msg' => ''); } *************** *** 148,175 **** for($i = 0; $i < count($check_var_length); $i++) { ! if ( strlen($$check_var_length[$i]) < 2 ) { $$check_var_length[$i] = ''; } } // ICQ number has to be only numbers. ! if ( !preg_match('/^[0-9]+$/', $icq) ) { $icq = ''; } // website has to start with http://, followed by something with length at least 3 that // contains at least one dot. ! if ( $website != "" ) { ! if ( !preg_match('#^http:\/\/#i', $website) ) { $website = 'http://' . $website; } ! if ( !preg_match('#^http\\:\\/\\/[a-z0-9\-]+\.([a-z0-9\-]+\.)?[a-z]+#i', $website) ) { $website = ''; } --- 172,199 ---- for($i = 0; $i < count($check_var_length); $i++) { ! if (strlen($$check_var_length[$i]) < 2) { $$check_var_length[$i] = ''; } } // ICQ number has to be only numbers. ! if (!preg_match('/^[0-9]+$/', $icq)) { $icq = ''; } // website has to start with http://, followed by something with length at least 3 that // contains at least one dot. ! if ($website != "") { ! if (!preg_match('#^http[s]?:\/\/#i', $website)) { $website = 'http://' . $website; } ! if (!preg_match('#^http[s]?\\:\\/\\/[a-z0-9\-]+\.([a-z0-9\-]+\.)?[a-z]+#i', $website)) { $website = ''; } *************** *** 178,181 **** return; } ! ?> --- 202,205 ---- return; } ! ?> \ No newline at end of file diff -crN phpbb200/includes/page_header.php phpbb2017/includes/page_header.php *** phpbb200/includes/page_header.php Sat Jul 10 20:16:13 2004 --- phpbb2017/includes/page_header.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: page_header.php,v 1.106 2002/04/01 13:23:42 psotfx Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: page_header.php,v 1.106.2.24 2005/03/26 14:15:59 acydburn Exp $ * * ***************************************************************************/ *************** *** 35,41 **** { $phpver = phpversion(); ! if ( $phpver >= '4.0.4pl1' ) { if ( extension_loaded('zlib') ) { --- 35,43 ---- { $phpver = phpversion(); ! $useragent = (isset($HTTP_SERVER_VARS['HTTP_USER_AGENT'])) ? $HTTP_SERVER_VARS['HTTP_USER_AGENT'] : getenv('HTTP_USER_AGENT'); ! ! if ( $phpver >= '4.0.4pl1' && ( strstr($useragent,'compatible') || strstr($useragent,'Gecko') ) ) { if ( extension_loaded('zlib') ) { *************** *** 70,76 **** // if ( $userdata['session_logged_in'] ) { ! $u_login_logout = 'login.'.$phpEx.'?logout=true'; $l_login_logout = $lang['Logout'] . ' [ ' . $userdata['username'] . ' ]'; } else --- 72,78 ---- // if ( $userdata['session_logged_in'] ) { ! $u_login_logout = 'login.'.$phpEx.'?logout=true&sid=' . $userdata['session_id']; $l_login_logout = $lang['Logout'] . ' [ ' . $userdata['username'] . ' ]'; } else *************** *** 85,268 **** // Get basic (usernames + totals) online // situation // - $user_forum_sql = ( !empty($forum_id) ) ? "AND ( u.user_session_page = $forum_id - OR s.session_page = $forum_id)" : ''; - $sql = "SELECT u.username, u.user_id, u.user_allow_viewonline, u.user_level, s.session_logged_in, s.session_ip - FROM ".USERS_TABLE." u, ".SESSIONS_TABLE." s - WHERE u.user_id = s.session_user_id - AND ( s.session_time >= ".( time() - 300 ) . " - OR u.user_session_time >= " . ( time() - 300 ) . " ) - $user_forum_sql - ORDER BY u.username ASC, s.session_ip ASC"; - if( !($result = $db->sql_query($sql)) ) - { - message_die(GENERAL_ERROR, 'Could not obtain user/online information', '', __LINE__, __FILE__, $sql); - } - - $userlist_ary = array(); - $userlist_visible = array(); - $logged_visible_online = 0; $logged_hidden_online = 0; $guests_online = 0; $online_userlist = ''; ! $prev_user_id = 0; ! $prev_user_ip = ''; ! ! while( $row = $db->sql_fetchrow($result) ) { ! // User is logged in and therefor not a guest ! if ( $row['session_logged_in'] ) { ! // Skip multiple sessions for one user ! if ( $row['user_id'] != $prev_user_id ) { ! $style_color = ''; ! if ( $row['user_level'] == ADMIN ) ! { ! $row['username'] = '' . $row['username'] . ''; ! $style_color = 'style="color:#' . $theme['fontcolor3'] . '"'; ! } ! else if ( $row['user_level'] == MOD ) { ! $row['username'] = '' . $row['username'] . ''; ! $style_color = 'style="color:#' . $theme['fontcolor2'] . '"'; } ! if ( $row['user_allow_viewonline'] ) ! { ! $user_online_link = '' . $row['username'] . ''; ! $logged_visible_online++; ! } ! else ! { ! $user_online_link = '' . $row['username'] . ''; ! $logged_hidden_online++; ! } ! ! if ( $row['user_allow_viewonline'] || $userdata['user_level'] == ADMIN ) { ! $online_userlist .= ( $online_userlist != '' ) ? ', ' . $user_online_link : $user_online_link; } } ! $prev_user_id = $row['user_id']; } ! else { ! // Skip multiple sessions for one user ! if ( $row['session_ip'] != $prev_session_ip ) ! { ! $guests_online++; ! } } ! $prev_session_ip = $row['session_ip']; ! } ! if ( empty($online_userlist) ) ! { ! $online_userlist = $lang['None']; ! } ! $online_userlist = ( ( isset($forum_id) ) ? $lang['Browsing_forum'] : $lang['Registered_users'] ) . ' ' . $online_userlist; ! $total_online_users = $logged_visible_online + $logged_hidden_online + $guests_online; ! if ( $total_online_users > $board_config['record_online_users']) ! { ! $board_config['record_online_users'] = $total_online_users; ! $board_config['record_online_date'] = time(); ! $sql = "UPDATE " . CONFIG_TABLE . " ! SET config_value = '$total_online_users' ! WHERE config_name = 'record_online_users'"; ! if ( !$db->sql_query($sql) ) { ! message_die(GENERAL_ERROR, 'Could not update online user record (nr of users)', '', __LINE__, __FILE__, $sql); } ! ! $sql = "UPDATE " . CONFIG_TABLE . " ! SET config_value = '" . $board_config['record_online_date'] . "' ! WHERE config_name = 'record_online_date'"; ! if ( !$db->sql_query($sql) ) { ! message_die(GENERAL_ERROR, 'Could not update online user record (date)', '', __LINE__, __FILE__, $sql); } - } ! if ( $total_online_users == 0 ) ! { ! $l_t_user_s = $lang['Online_users_zero_total']; ! } ! else if ( $total_online_users == 1 ) ! { ! $l_t_user_s = $lang['Online_user_total']; ! } ! else ! { ! $l_t_user_s = $lang['Online_users_total']; ! } ! if ( $logged_visible_online == 0 ) ! { ! $l_r_user_s = $lang['Reg_users_zero_total']; ! } ! else if ( $logged_visible_online == 1 ) ! { ! $l_r_user_s = $lang['Reg_user_total']; ! } ! else ! { ! $l_r_user_s = $lang['Reg_users_total']; ! } ! if ( $logged_hidden_online == 0 ) ! { ! $l_h_user_s = $lang['Hidden_users_zero_total']; ! } ! else if ( $logged_hidden_online == 1 ) ! { ! $l_h_user_s = $lang['Hidden_user_total']; ! } ! else ! { ! $l_h_user_s = $lang['Hidden_users_total']; ! } ! if ( $guests_online == 0 ) ! { ! $l_g_user_s = $lang['Guest_users_zero_total']; ! } ! else if ( $guests_online == 1 ) ! { ! $l_g_user_s = $lang['Guest_user_total']; ! } ! else ! { ! $l_g_user_s = $lang['Guest_users_total']; } - $l_online_users = sprintf($l_t_user_s, $total_online_users); - $l_online_users .= sprintf($l_r_user_s, $logged_visible_online); - $l_online_users .= sprintf($l_h_user_s, $logged_hidden_online); - $l_online_users .= sprintf($l_g_user_s, $guests_online); - // // Obtain number of new private messages // if user is logged in // ! if ( $userdata['session_logged_in'] ) { if ( $userdata['user_new_privmsg'] ) { ! $l_message_new = ( $userdata['user_new_privmsg'] == 1 ) ? $lang['New_pm'] : $lang['New_pms']; ! $l_privmsgs_text = sprintf($l_message_new, $userdata['user_new_privmsg']); if ( $userdata['user_last_privmsg'] > $userdata['user_lastvisit'] ) { $sql = "UPDATE " . USERS_TABLE . " ! SET user_last_privmsg = " . $userdata['user_lastvisit'] . " WHERE user_id = " . $userdata['user_id']; if ( !$db->sql_query($sql) ) { --- 87,274 ---- // Get basic (usernames + totals) online // situation // $logged_visible_online = 0; $logged_hidden_online = 0; $guests_online = 0; $online_userlist = ''; + $l_online_users = ''; ! if (defined('SHOW_ONLINE')) { ! ! $user_forum_sql = ( !empty($forum_id) ) ? "AND s.session_page = " . intval($forum_id) : ''; ! $sql = "SELECT u.username, u.user_id, u.user_allow_viewonline, u.user_level, s.session_logged_in, s.session_ip ! FROM ".USERS_TABLE." u, ".SESSIONS_TABLE." s ! WHERE u.user_id = s.session_user_id ! AND s.session_time >= ".( time() - 300 ) . " ! $user_forum_sql ! ORDER BY u.username ASC, s.session_ip ASC"; ! if( !($result = $db->sql_query($sql)) ) { ! message_die(GENERAL_ERROR, 'Could not obtain user/online information', '', __LINE__, __FILE__, $sql); ! } ! ! $userlist_ary = array(); ! $userlist_visible = array(); ! ! $prev_user_id = 0; ! $prev_user_ip = $prev_session_ip = ''; ! ! while( $row = $db->sql_fetchrow($result) ) ! { ! // User is logged in and therefor not a guest ! if ( $row['session_logged_in'] ) { ! // Skip multiple sessions for one user ! if ( $row['user_id'] != $prev_user_id ) { ! $style_color = ''; ! if ( $row['user_level'] == ADMIN ) ! { ! $row['username'] = '' . $row['username'] . ''; ! $style_color = 'style="color:#' . $theme['fontcolor3'] . '"'; ! } ! else if ( $row['user_level'] == MOD ) ! { ! $row['username'] = '' . $row['username'] . ''; ! $style_color = 'style="color:#' . $theme['fontcolor2'] . '"'; ! } ! ! if ( $row['user_allow_viewonline'] ) ! { ! $user_online_link = '' . $row['username'] . ''; ! $logged_visible_online++; ! } ! else ! { ! $user_online_link = '' . $row['username'] . ''; ! $logged_hidden_online++; ! } ! ! if ( $row['user_allow_viewonline'] || $userdata['user_level'] == ADMIN ) ! { ! $online_userlist .= ( $online_userlist != '' ) ? ', ' . $user_online_link : $user_online_link; ! } } ! $prev_user_id = $row['user_id']; ! } ! else ! { ! // Skip multiple sessions for one user ! if ( $row['session_ip'] != $prev_session_ip ) { ! $guests_online++; } } ! $prev_session_ip = $row['session_ip']; } ! $db->sql_freeresult($result); ! ! if ( empty($online_userlist) ) { ! $online_userlist = $lang['None']; } + $online_userlist = ( ( isset($forum_id) ) ? $lang['Browsing_forum'] : $lang['Registered_users'] ) . ' ' . $online_userlist; ! $total_online_users = $logged_visible_online + $logged_hidden_online + $guests_online; ! if ( $total_online_users > $board_config['record_online_users']) ! { ! $board_config['record_online_users'] = $total_online_users; ! $board_config['record_online_date'] = time(); ! $sql = "UPDATE " . CONFIG_TABLE . " ! SET config_value = '$total_online_users' ! WHERE config_name = 'record_online_users'"; ! if ( !$db->sql_query($sql) ) ! { ! message_die(GENERAL_ERROR, 'Could not update online user record (nr of users)', '', __LINE__, __FILE__, $sql); ! } ! $sql = "UPDATE " . CONFIG_TABLE . " ! SET config_value = '" . $board_config['record_online_date'] . "' ! WHERE config_name = 'record_online_date'"; ! if ( !$db->sql_query($sql) ) ! { ! message_die(GENERAL_ERROR, 'Could not update online user record (date)', '', __LINE__, __FILE__, $sql); ! } ! } ! if ( $total_online_users == 0 ) { ! $l_t_user_s = $lang['Online_users_zero_total']; } ! else if ( $total_online_users == 1 ) { ! $l_t_user_s = $lang['Online_user_total']; ! } ! else ! { ! $l_t_user_s = $lang['Online_users_total']; } ! if ( $logged_visible_online == 0 ) ! { ! $l_r_user_s = $lang['Reg_users_zero_total']; ! } ! else if ( $logged_visible_online == 1 ) ! { ! $l_r_user_s = $lang['Reg_user_total']; ! } ! else ! { ! $l_r_user_s = $lang['Reg_users_total']; ! } ! if ( $logged_hidden_online == 0 ) ! { ! $l_h_user_s = $lang['Hidden_users_zero_total']; ! } ! else if ( $logged_hidden_online == 1 ) ! { ! $l_h_user_s = $lang['Hidden_user_total']; ! } ! else ! { ! $l_h_user_s = $lang['Hidden_users_total']; ! } ! if ( $guests_online == 0 ) ! { ! $l_g_user_s = $lang['Guest_users_zero_total']; ! } ! else if ( $guests_online == 1 ) ! { ! $l_g_user_s = $lang['Guest_user_total']; ! } ! else ! { ! $l_g_user_s = $lang['Guest_users_total']; ! } ! $l_online_users = sprintf($l_t_user_s, $total_online_users); ! $l_online_users .= sprintf($l_r_user_s, $logged_visible_online); ! $l_online_users .= sprintf($l_h_user_s, $logged_hidden_online); ! $l_online_users .= sprintf($l_g_user_s, $guests_online); } // // Obtain number of new private messages // if user is logged in // ! if ( ($userdata['session_logged_in']) && (empty($gen_simple_header)) ) { if ( $userdata['user_new_privmsg'] ) { ! $l_message_new = ( $userdata['user_new_privmsg'] == 1 ) ? $lang['New_pm'] : $lang['New_pms']; ! $l_privmsgs_text = sprintf($l_message_new, $userdata['user_new_privmsg']); if ( $userdata['user_last_privmsg'] > $userdata['user_lastvisit'] ) { $sql = "UPDATE " . USERS_TABLE . " ! SET user_last_privmsg = " . $userdata['user_lastvisit'] . " WHERE user_id = " . $userdata['user_id']; if ( !$db->sql_query($sql) ) { *************** *** 275,281 **** else { $s_privmsg_new = 0; ! $icon_pm = $images['pm_no_new_msg']; } } else --- 281,287 ---- else { $s_privmsg_new = 0; ! $icon_pm = $images['pm_new_msg']; } } else *************** *** 288,295 **** if ( $userdata['user_unread_privmsg'] ) { ! $l_message_unread = ( $userdata['user_unread_privmsg'] == 1 ) ? $lang['Unread_pm'] : $lang['Unread_pms']; ! $l_privmsgs_text_unread = sprintf($l_message_unread, $userdata['user_unread_privmsg']); } else { --- 294,301 ---- if ( $userdata['user_unread_privmsg'] ) { ! $l_message_unread = ( $userdata['user_unread_privmsg'] == 1 ) ? $lang['Unread_pm'] : $lang['Unread_pms']; ! $l_privmsgs_text_unread = sprintf($l_message_unread, $userdata['user_unread_privmsg']); } else { *************** *** 307,392 **** // // Generate HTML required for Mozilla Navigation bar // $nav_links_html = ''; $nav_link_proto = '' . "\n"; while( list($nav_item, $nav_array) = @each($nav_links) ) { if ( !empty($nav_array['url']) ) { ! $nav_links_html .= sprintf($nav_link_proto, $nav_item, $nav_array['url'], $nav_array['title']); } else { // We have a nested array, used for items like that can occur more than once. while( list(,$nested_array) = each($nav_array) ) ! { $nav_links_html .= sprintf($nav_link_proto, $nav_item, $nested_array['url'], $nested_array['title']); } } ! } // // The following assigns all _common_ variables that may be used at any point // in a template. // $template->assign_vars(array( ! 'SITENAME' => $board_config['sitename'], ! 'SITE_DESCRIPTION' => $board_config['site_desc'], 'PAGE_TITLE' => $page_title, ! 'LAST_VISIT_DATE' => sprintf($lang['You_last_visit'], $s_last_visit), ! 'CURRENT_TIME' => sprintf($lang['Current_time'], create_date($board_config['default_dateformat'], time(), $board_config['board_timezone'])), 'TOTAL_USERS_ONLINE' => $l_online_users, ! 'LOGGED_IN_USER_LIST' => $online_userlist, 'RECORD_USERS' => sprintf($lang['Record_online_users'], $board_config['record_online_users'], create_date($board_config['default_dateformat'], $board_config['record_online_date'], $board_config['board_timezone'])), 'PRIVATE_MESSAGE_INFO' => $l_privmsgs_text, 'PRIVATE_MESSAGE_INFO_UNREAD' => $l_privmsgs_text_unread, ! 'PRIVATE_MESSAGE_NEW_FLAG' => $s_privmsg_new, 'PRIVMSG_IMG' => $icon_pm, ! 'L_USERNAME' => $lang['Username'], ! 'L_PASSWORD' => $lang['Password'], ! 'L_LOGIN_LOGOUT' => $l_login_logout, ! 'L_LOGIN' => $lang['Login'], ! 'L_LOG_ME_IN' => $lang['Log_me_in'], ! 'L_AUTO_LOGIN' => $lang['Log_me_in'], ! 'L_INDEX' => sprintf($lang['Forum_Index'], $board_config['sitename']), ! 'L_REGISTER' => $lang['Register'], ! 'L_PROFILE' => $lang['Profile'], ! 'L_SEARCH' => $lang['Search'], ! 'L_PRIVATEMSGS' => $lang['Private_Messages'], ! 'L_WHO_IS_ONLINE' => $lang['Who_is_Online'], ! 'L_MEMBERLIST' => $lang['Memberlist'], ! 'L_FAQ' => $lang['FAQ'], ! 'L_USERGROUPS' => $lang['Usergroups'], ! 'L_SEARCH_NEW' => $lang['Search_new'], ! 'L_SEARCH_UNANSWERED' => $lang['Search_unanswered'], ! 'L_SEARCH_SELF' => $lang['Search_your_posts'], ! 'L_WHOSONLINE_ADMIN' => sprintf($lang['Admin_online_color'], '', ''), ! 'L_WHOSONLINE_MOD' => sprintf($lang['Mod_online_color'], '', ''), 'U_SEARCH_UNANSWERED' => append_sid('search.'.$phpEx.'?search_id=unanswered'), ! 'U_SEARCH_SELF' => append_sid('search.'.$phpEx.'?search_id=egosearch'), ! 'U_SEARCH_NEW' => append_sid('search.'.$phpEx.'?search_id=newposts'), 'U_INDEX' => append_sid('index.'.$phpEx), 'U_REGISTER' => append_sid('profile.'.$phpEx.'?mode=register'), 'U_PROFILE' => append_sid('profile.'.$phpEx.'?mode=editprofile'), ! 'U_PRIVATEMSGS' => append_sid('privmsg.'.$phpEx.'?folder=inbox'), ! 'U_PRIVATEMSGS_POPUP' => append_sid('privmsg.'.$phpEx.'?mode=newpm'), 'U_SEARCH' => append_sid('search.'.$phpEx), ! 'U_MEMBERLIST' => append_sid('memberlist.'.$phpEx), ! 'U_MODCP' => append_sid('modcp.'.$phpEx), 'U_FAQ' => append_sid('faq.'.$phpEx), 'U_VIEWONLINE' => append_sid('viewonline.'.$phpEx), 'U_LOGIN_LOGOUT' => append_sid($u_login_logout), - 'U_MEMBERSLIST' => append_sid('memberlist.'.$phpEx), 'U_GROUP_CP' => append_sid('groupcp.'.$phpEx), ! 'S_CONTENT_DIRECTION' => $lang['DIRECTION'], ! 'S_CONTENT_ENCODING' => $lang['ENCODING'], ! 'S_CONTENT_DIR_LEFT' => $lang['LEFT'], ! 'S_CONTENT_DIR_RIGHT' => $lang['RIGHT'], ! 'S_TIMEZONE' => sprintf($lang['All_times'], $lang[$board_config['board_timezone']]), 'S_LOGIN_ACTION' => append_sid('login.'.$phpEx), 'T_HEAD_STYLESHEET' => $theme['head_stylesheet'], --- 313,405 ---- // // Generate HTML required for Mozilla Navigation bar // + if (!isset($nav_links)) + { + $nav_links = array(); + } + $nav_links_html = ''; $nav_link_proto = '' . "\n"; while( list($nav_item, $nav_array) = @each($nav_links) ) { if ( !empty($nav_array['url']) ) { ! $nav_links_html .= sprintf($nav_link_proto, $nav_item, append_sid($nav_array['url']), $nav_array['title']); } else { // We have a nested array, used for items like that can occur more than once. while( list(,$nested_array) = each($nav_array) ) ! { $nav_links_html .= sprintf($nav_link_proto, $nav_item, $nested_array['url'], $nested_array['title']); } } ! } + // Format Timezone. We are unable to use array_pop here, because of PHP3 compatibility + $l_timezone = explode('.', $board_config['board_timezone']); + $l_timezone = (count($l_timezone) > 1 && $l_timezone[count($l_timezone)-1] != 0) ? $lang[sprintf('%.1f', $board_config['board_timezone'])] : $lang[number_format($board_config['board_timezone'])]; // // The following assigns all _common_ variables that may be used at any point // in a template. // $template->assign_vars(array( ! 'SITENAME' => $board_config['sitename'], ! 'SITE_DESCRIPTION' => $board_config['site_desc'], 'PAGE_TITLE' => $page_title, ! 'LAST_VISIT_DATE' => sprintf($lang['You_last_visit'], $s_last_visit), ! 'CURRENT_TIME' => sprintf($lang['Current_time'], create_date($board_config['default_dateformat'], time(), $board_config['board_timezone'])), 'TOTAL_USERS_ONLINE' => $l_online_users, ! 'LOGGED_IN_USER_LIST' => $online_userlist, 'RECORD_USERS' => sprintf($lang['Record_online_users'], $board_config['record_online_users'], create_date($board_config['default_dateformat'], $board_config['record_online_date'], $board_config['board_timezone'])), 'PRIVATE_MESSAGE_INFO' => $l_privmsgs_text, 'PRIVATE_MESSAGE_INFO_UNREAD' => $l_privmsgs_text_unread, ! 'PRIVATE_MESSAGE_NEW_FLAG' => $s_privmsg_new, 'PRIVMSG_IMG' => $icon_pm, ! 'L_USERNAME' => $lang['Username'], ! 'L_PASSWORD' => $lang['Password'], ! 'L_LOGIN_LOGOUT' => $l_login_logout, ! 'L_LOGIN' => $lang['Login'], ! 'L_LOG_ME_IN' => $lang['Log_me_in'], ! 'L_AUTO_LOGIN' => $lang['Log_me_in'], ! 'L_INDEX' => sprintf($lang['Forum_Index'], $board_config['sitename']), ! 'L_REGISTER' => $lang['Register'], ! 'L_PROFILE' => $lang['Profile'], ! 'L_SEARCH' => $lang['Search'], ! 'L_PRIVATEMSGS' => $lang['Private_Messages'], ! 'L_WHO_IS_ONLINE' => $lang['Who_is_Online'], ! 'L_MEMBERLIST' => $lang['Memberlist'], ! 'L_FAQ' => $lang['FAQ'], ! 'L_USERGROUPS' => $lang['Usergroups'], ! 'L_SEARCH_NEW' => $lang['Search_new'], ! 'L_SEARCH_UNANSWERED' => $lang['Search_unanswered'], ! 'L_SEARCH_SELF' => $lang['Search_your_posts'], ! 'L_WHOSONLINE_ADMIN' => sprintf($lang['Admin_online_color'], '', ''), ! 'L_WHOSONLINE_MOD' => sprintf($lang['Mod_online_color'], '', ''), 'U_SEARCH_UNANSWERED' => append_sid('search.'.$phpEx.'?search_id=unanswered'), ! 'U_SEARCH_SELF' => append_sid('search.'.$phpEx.'?search_id=egosearch'), ! 'U_SEARCH_NEW' => append_sid('search.'.$phpEx.'?search_id=newposts'), 'U_INDEX' => append_sid('index.'.$phpEx), 'U_REGISTER' => append_sid('profile.'.$phpEx.'?mode=register'), 'U_PROFILE' => append_sid('profile.'.$phpEx.'?mode=editprofile'), ! 'U_PRIVATEMSGS' => append_sid('privmsg.'.$phpEx.'?folder=inbox'), ! 'U_PRIVATEMSGS_POPUP' => append_sid('privmsg.'.$phpEx.'?mode=newpm'), 'U_SEARCH' => append_sid('search.'.$phpEx), ! 'U_MEMBERLIST' => append_sid('memberlist.'.$phpEx), ! 'U_MODCP' => append_sid('modcp.'.$phpEx), 'U_FAQ' => append_sid('faq.'.$phpEx), 'U_VIEWONLINE' => append_sid('viewonline.'.$phpEx), 'U_LOGIN_LOGOUT' => append_sid($u_login_logout), 'U_GROUP_CP' => append_sid('groupcp.'.$phpEx), ! 'S_CONTENT_DIRECTION' => $lang['DIRECTION'], ! 'S_CONTENT_ENCODING' => $lang['ENCODING'], ! 'S_CONTENT_DIR_LEFT' => $lang['LEFT'], ! 'S_CONTENT_DIR_RIGHT' => $lang['RIGHT'], ! 'S_TIMEZONE' => sprintf($lang['All_times'], $l_timezone), 'S_LOGIN_ACTION' => append_sid('login.'.$phpEx), 'T_HEAD_STYLESHEET' => $theme['head_stylesheet'], *************** *** 427,433 **** 'T_SPAN_CLASS1' => $theme['span_class1'], 'T_SPAN_CLASS2' => $theme['span_class2'], 'T_SPAN_CLASS3' => $theme['span_class3'], ! 'NAV_LINKS' => $nav_links_html) ); --- 440,446 ---- 'T_SPAN_CLASS1' => $theme['span_class1'], 'T_SPAN_CLASS2' => $theme['span_class2'], 'T_SPAN_CLASS3' => $theme['span_class3'], ! 'NAV_LINKS' => $nav_links_html) ); *************** *** 448,456 **** } } ! header ('Cache-Control: private, pre-check=0, post-check=0, max-age=0'); ! header ('Expires: ' . gmdate('D, d M Y H:i:s', time()) . ' GMT'); ! header ('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT'); $template->pparse('overall_header'); --- 461,481 ---- } } ! // Add no-cache control for cookies if they are set ! //$c_no_cache = (isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_sid']) || isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_data'])) ? 'no-cache="set-cookie", ' : ''; ! ! // Work around for "current" Apache 2 + PHP module which seems to not ! // cope with private cache control setting ! if (!empty($HTTP_SERVER_VARS['SERVER_SOFTWARE']) && strstr($HTTP_SERVER_VARS['SERVER_SOFTWARE'], 'Apache/2')) ! { ! header ('Cache-Control: no-cache, pre-check=0, post-check=0'); ! } ! else ! { ! header ('Cache-Control: private, pre-check=0, post-check=0, max-age=0'); ! } ! header ('Expires: 0'); ! header ('Pragma: no-cache'); $template->pparse('overall_header'); diff -crN phpbb200/includes/page_tail.php phpbb2017/includes/page_tail.php *** phpbb200/includes/page_tail.php Sat Jul 10 20:16:13 2004 --- phpbb2017/includes/page_tail.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: page_tail.php,v 1.27 2002/04/04 11:53:13 psotfx Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: page_tail.php,v 1.27.2.3 2004/12/22 02:04:00 psotfx Exp $ * * ***************************************************************************/ *************** *** 28,42 **** // // Show the overall footer. // ! $admin_link = ( $userdata['user_level'] == ADMIN ) ? '' . $lang['Admin_panel'] . '

' : ''; $template->set_filenames(array( 'overall_footer' => ( empty($gen_simple_header) ) ? 'overall_footer.tpl' : 'simple_footer.tpl') ); $template->assign_vars(array( ! 'PHPBB_VERSION' => '2' . $board_config['version'], ! 'TRANSLATION_INFO' => ( isset($lang['TRANSLATION_INFO']) ) ? $lang['TRANSLATION_INFO'] : '', 'ADMIN_LINK' => $admin_link) ); --- 28,41 ---- // // Show the overall footer. // ! $admin_link = ( $userdata['user_level'] == ADMIN ) ? '' . $lang['Admin_panel'] . '

' : ''; $template->set_filenames(array( 'overall_footer' => ( empty($gen_simple_header) ) ? 'overall_footer.tpl' : 'simple_footer.tpl') ); $template->assign_vars(array( ! 'TRANSLATION_INFO' => ( isset($lang['TRANSLATION_INFO']) ) ? $lang['TRANSLATION_INFO'] : '', 'ADMIN_LINK' => $admin_link) ); *************** *** 64,70 **** $gzip_contents = gzcompress($gzip_contents, 9); $gzip_contents = substr($gzip_contents, 0, strlen($gzip_contents) - 4); ! echo '\x1f\x8b\x08\x00\x00\x00\x00\x00'; echo $gzip_contents; echo pack('V', $gzip_crc); echo pack('V', $gzip_size); --- 63,69 ---- $gzip_contents = gzcompress($gzip_contents, 9); $gzip_contents = substr($gzip_contents, 0, strlen($gzip_contents) - 4); ! echo "\x1f\x8b\x08\x00\x00\x00\x00\x00"; echo $gzip_contents; echo pack('V', $gzip_crc); echo pack('V', $gzip_size); diff -crN phpbb200/includes/prune.php phpbb2017/includes/prune.php *** phpbb200/includes/prune.php Sat Jul 10 20:16:13 2004 --- phpbb2017/includes/prune.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: prune.php,v 1.19 2002/04/04 11:51:25 psotfx Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: prune.php,v 1.19.2.6 2003/03/18 23:23:57 acydburn Exp $ * * ***************************************************************************/ *************** *** 27,44 **** require($phpbb_root_path . 'includes/functions_search.'.$phpEx); ! function prune($forum_id, $prune_date) { global $db, $lang; // ! // Those without polls ... // $sql = "SELECT t.topic_id FROM " . POSTS_TABLE . " p, " . TOPICS_TABLE . " t WHERE t.forum_id = $forum_id ! AND t.topic_vote = 0 ! AND t.topic_type <> " . POST_ANNOUNCE . " AND ( p.post_id = t.topic_last_post_id OR t.topic_last_post_id = 0 )"; if ( $prune_date != '' ) --- 27,44 ---- require($phpbb_root_path . 'includes/functions_search.'.$phpEx); ! function prune($forum_id, $prune_date, $prune_all = false) { global $db, $lang; + $prune_all = ($prune_all) ? '' : 'AND t.topic_vote = 0 AND t.topic_type <> ' . POST_ANNOUNCE; // ! // Those without polls and announcements ... unless told otherwise! // $sql = "SELECT t.topic_id FROM " . POSTS_TABLE . " p, " . TOPICS_TABLE . " t WHERE t.forum_id = $forum_id ! $prune_all AND ( p.post_id = t.topic_last_post_id OR t.topic_last_post_id = 0 )"; if ( $prune_date != '' ) *************** *** 56,61 **** --- 56,62 ---- { $sql_topics .= ( ( $sql_topics != '' ) ? ', ' : '' ) . $row['topic_id']; } + $db->sql_freeresult($result); if( $sql_topics != '' ) { *************** *** 73,85 **** { $sql_post .= ( ( $sql_post != '' ) ? ', ' : '' ) . $row['post_id']; } if ( $sql_post != '' ) { ! $sql = "DELETE FROM " . TOPICS_TABLE . " WHERE topic_id IN ($sql_topics)"; if ( !$db->sql_query($sql, BEGIN_TRANSACTION) ) { message_die(GENERAL_ERROR, 'Could not delete topics during prune', '', __LINE__, __FILE__, $sql); } --- 74,94 ---- { $sql_post .= ( ( $sql_post != '' ) ? ', ' : '' ) . $row['post_id']; } + $db->sql_freeresult($result); if ( $sql_post != '' ) { ! $sql = "DELETE FROM " . TOPICS_WATCH_TABLE . " WHERE topic_id IN ($sql_topics)"; if ( !$db->sql_query($sql, BEGIN_TRANSACTION) ) { + message_die(GENERAL_ERROR, 'Could not delete watched topics during prune', '', __LINE__, __FILE__, $sql); + } + + $sql = "DELETE FROM " . TOPICS_TABLE . " + WHERE topic_id IN ($sql_topics)"; + if ( !$db->sql_query($sql) ) + { message_die(GENERAL_ERROR, 'Could not delete topics during prune', '', __LINE__, __FILE__, $sql); } *************** *** 99,111 **** if ( !$db->sql_query($sql) ) { message_die(GENERAL_ERROR, 'Could not delete post during prune', '', __LINE__, __FILE__, $sql); - } - - $sql = "DELETE FROM " . SEARCH_MATCH_TABLE . " - WHERE post_id IN ($sql_post)"; - if ( !$db->sql_query($sql) ) - { - message_die(GENERAL_ERROR, 'Could not delete search matches', '', __LINE__, __FILE__, $sql); } remove_search_post($sql_post); --- 108,113 ---- diff -crN phpbb200/includes/sessions.php phpbb2017/includes/sessions.php *** phpbb200/includes/sessions.php Sat Jul 10 20:16:13 2004 --- phpbb2017/includes/sessions.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: sessions.php,v 1.58 2002/03/19 11:59:36 psotfx Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: sessions.php,v 1.58.2.14 2005/05/06 20:50:11 acydburn Exp $ * * ***************************************************************************/ *************** *** 21,32 **** ***************************************************************************/ // - // session_begin() - // // Adds/updates a new session to the database for the given userid. // Returns the new session ID on success. // ! function session_begin($user_id, $user_ip, $page_id, $auto_create = 0, $enable_autologin = 0) { global $db, $board_config; global $HTTP_COOKIE_VARS, $HTTP_GET_VARS, $SID; --- 21,30 ---- ***************************************************************************/ // // Adds/updates a new session to the database for the given userid. // Returns the new session ID on success. // ! function session_begin($user_id, $user_ip, $page_id, $auto_create = 0, $enable_autologin = 0, $admin = 0) { global $db, $board_config; global $HTTP_COOKIE_VARS, $HTTP_GET_VARS, $SID; *************** *** 39,61 **** if ( isset($HTTP_COOKIE_VARS[$cookiename . '_sid']) || isset($HTTP_COOKIE_VARS[$cookiename . '_data']) ) { $session_id = isset($HTTP_COOKIE_VARS[$cookiename . '_sid']) ? $HTTP_COOKIE_VARS[$cookiename . '_sid'] : ''; ! $sessiondata = isset($HTTP_COOKIE_VARS[$cookiename . '_data']) ? unserialize(stripslashes($HTTP_COOKIE_VARS[$cookiename . '_data'])) : ''; $sessionmethod = SESSION_METHOD_COOKIE; } else { ! $sessiondata = ''; $session_id = ( isset($HTTP_GET_VARS['sid']) ) ? $HTTP_GET_VARS['sid'] : ''; $sessionmethod = SESSION_METHOD_GET; } $last_visit = 0; $current_time = time(); $expiry_time = $current_time - $board_config['session_length']; // ! // Try and pull the last time stored ! // in a cookie, if it exists // $sql = "SELECT * FROM " . USERS_TABLE . " --- 37,66 ---- if ( isset($HTTP_COOKIE_VARS[$cookiename . '_sid']) || isset($HTTP_COOKIE_VARS[$cookiename . '_data']) ) { $session_id = isset($HTTP_COOKIE_VARS[$cookiename . '_sid']) ? $HTTP_COOKIE_VARS[$cookiename . '_sid'] : ''; ! $sessiondata = isset($HTTP_COOKIE_VARS[$cookiename . '_data']) ? unserialize(stripslashes($HTTP_COOKIE_VARS[$cookiename . '_data'])) : array(); $sessionmethod = SESSION_METHOD_COOKIE; } else { ! $sessiondata = array(); $session_id = ( isset($HTTP_GET_VARS['sid']) ) ? $HTTP_GET_VARS['sid'] : ''; $sessionmethod = SESSION_METHOD_GET; } + // + if (!preg_match('/^[A-Za-z0-9]*$/', $session_id)) + { + $session_id = ''; + } + + $page_id = (int) $page_id; + $last_visit = 0; $current_time = time(); $expiry_time = $current_time - $board_config['session_length']; // ! // Try and pull the last time stored in a cookie, if it exists // $sql = "SELECT * FROM " . USERS_TABLE . " *************** *** 76,95 **** if ( isset($sessiondata['autologinid']) && $userdata['user_active'] ) { // We have to login automagically ! if( $sessiondata['autologinid'] == $auto_login_key ) { // autologinid matches password $login = 1; $enable_autologin = 1; - - $last_visit = ( $userdata['user_session_time'] > 0 ) ? $userdata['user_session_time'] : $current_time; } else { // No match; don't login, set as anonymous user $login = 0; $enable_autologin = 0; ! $user_id = ANONYMOUS; } } else --- 81,103 ---- if ( isset($sessiondata['autologinid']) && $userdata['user_active'] ) { // We have to login automagically ! if( $sessiondata['autologinid'] === $auto_login_key ) { // autologinid matches password $login = 1; $enable_autologin = 1; } else { // No match; don't login, set as anonymous user $login = 0; $enable_autologin = 0; ! $user_id = $userdata['user_id'] = ANONYMOUS; ! ! $sql = 'SELECT * FROM ' . USERS_TABLE . ' WHERE user_id = ' . ANONYMOUS; ! $result = $db->sql_query($sql); ! $userdata = $db->sql_fetchrow($result); ! $db->sql_freeresult($result); } } else *************** *** 97,108 **** // Autologin is not set. Don't login, set as anonymous user $login = 0; $enable_autologin = 0; ! $user_id = ANONYMOUS; } } else { - $last_visit = ( $userdata['user_session_time'] > 0 ) ? $userdata['user_session_time'] : $current_time; $login = 1; } } --- 105,120 ---- // Autologin is not set. Don't login, set as anonymous user $login = 0; $enable_autologin = 0; ! $user_id = $userdata['user_id'] = ANONYMOUS; ! ! $sql = 'SELECT * FROM ' . USERS_TABLE . ' WHERE user_id = ' . ANONYMOUS; ! $result = $db->sql_query($sql); ! $userdata = $db->sql_fetchrow($result); ! $db->sql_freeresult($result); } } else { $login = 1; } } *************** *** 123,130 **** OR ban_userid = $user_id"; if ( $user_id != ANONYMOUS ) { ! $sql .= " OR ban_email LIKE '" . str_replace("\'", "''", $row['user_email']) . "' ! OR ban_email LIKE '" . substr(str_replace("\'", "''", $row['user_email']), strpos(str_replace("\'", "''", $row['user_email']), "@")) . "'"; } if ( !($result = $db->sql_query($sql)) ) { --- 135,142 ---- OR ban_userid = $user_id"; if ( $user_id != ANONYMOUS ) { ! $sql .= " OR ban_email LIKE '" . str_replace("\'", "''", $userdata['user_email']) . "' ! OR ban_email LIKE '" . substr(str_replace("\'", "''", $userdata['user_email']), strpos(str_replace("\'", "''", $userdata['user_email']), "@")) . "'"; } if ( !($result = $db->sql_query($sql)) ) { *************** *** 143,177 **** // Create or update the session // $sql = "UPDATE " . SESSIONS_TABLE . " ! SET session_user_id = $user_id, session_start = $current_time, session_time = $current_time, session_page = $page_id, session_logged_in = $login WHERE session_id = '" . $session_id . "' AND session_ip = '$user_ip'"; ! if ( !($result = $db->sql_query($sql)) || !$db->sql_affectedrows() ) { ! $session_id = md5(uniqid($user_ip)); $sql = "INSERT INTO " . SESSIONS_TABLE . " ! (session_id, session_user_id, session_start, session_time, session_ip, session_page, session_logged_in) ! VALUES ('$session_id', $user_id, $current_time, $current_time, '$user_ip', $page_id, $login)"; ! if ( !($result = $db->sql_query($sql)) ) { ! message_die(CRITICAL_ERROR, 'Error creating new session : session_begin', '', __LINE__, __FILE__, $sql); } } if ( $user_id != ANONYMOUS ) ! { ! $sql = "UPDATE " . USERS_TABLE . " ! SET user_session_time = $current_time, user_session_page = $page_id, user_lastvisit = $last_visit ! WHERE user_id = $user_id"; ! if ( !$db->sql_query($sql) ) { ! message_die(CRITICAL_ERROR, 'Error updating last visit time : session_begin', '', __LINE__, __FILE__, $sql); } $userdata['user_lastvisit'] = $last_visit; ! $sessiondata['autologinid'] = ( $enable_autologin && $sessionmethod == SESSION_METHOD_COOKIE ) ? $auto_login_key : ''; $sessiondata['userid'] = $user_id; } --- 155,196 ---- // Create or update the session // $sql = "UPDATE " . SESSIONS_TABLE . " ! SET session_user_id = $user_id, session_start = $current_time, session_time = $current_time, session_page = $page_id, session_logged_in = $login, session_admin = $admin WHERE session_id = '" . $session_id . "' AND session_ip = '$user_ip'"; ! if ( !$db->sql_query($sql) || !$db->sql_affectedrows() ) { ! list($sec, $usec) = explode(' ', microtime()); ! mt_srand((float) $sec + ((float) $usec * 100000)); ! $session_id = md5(uniqid(mt_rand(), true)); $sql = "INSERT INTO " . SESSIONS_TABLE . " ! (session_id, session_user_id, session_start, session_time, session_ip, session_page, session_logged_in, session_admin) ! VALUES ('$session_id', $user_id, $current_time, $current_time, '$user_ip', $page_id, $login, $admin)"; ! if ( !$db->sql_query($sql) ) { ! message_die(CRITICAL_ERROR, 'Error creating new session', '', __LINE__, __FILE__, $sql); } } if ( $user_id != ANONYMOUS ) ! {// ( $userdata['user_session_time'] > $expiry_time && $auto_create ) ? $userdata['user_lastvisit'] : ( ! $last_visit = ( $userdata['user_session_time'] > 0 ) ? $userdata['user_session_time'] : $current_time; ! ! if (!$admin) { ! $sql = "UPDATE " . USERS_TABLE . " ! SET user_session_time = $current_time, user_session_page = $page_id, user_lastvisit = $last_visit ! WHERE user_id = $user_id"; ! if ( !$db->sql_query($sql) ) ! { ! message_die(CRITICAL_ERROR, 'Error updating last visit time', '', __LINE__, __FILE__, $sql); ! } } $userdata['user_lastvisit'] = $last_visit; ! $sessiondata['autologinid'] = (!$admin) ? (( $enable_autologin && $sessionmethod == SESSION_METHOD_COOKIE ) ? $auto_login_key : '') : $sessiondata['autologinid']; $sessiondata['userid'] = $user_id; } *************** *** 182,201 **** $userdata['session_page'] = $page_id; $userdata['session_start'] = $current_time; $userdata['session_time'] = $current_time; setcookie($cookiename . '_data', serialize($sessiondata), $current_time + 31536000, $cookiepath, $cookiedomain, $cookiesecure); setcookie($cookiename . '_sid', $session_id, 0, $cookiepath, $cookiedomain, $cookiesecure); - // header('Set-cookie: ' . $cookiename . '_data=' . urlencode(serialize($sessiondata)) . '; expires=' . gmdate("l, d-M-Y H:i:s", $current_time + 31536000) . ' GMT; domain=' . $cookiedomain . '; path=' . $cookiepath . $cookiesecure); - // header('Set-cookie: ' . $cookiename . '_sid=' . $session_id . '; domain=' . $cookiedomain . '; path=' . $cookiepath . $cookiesecure); ! $SID = ( $sessionmethod == SESSION_METHOD_GET ) ? 'sid=' . $session_id : ''; return $userdata; } // ! // Checks for a given user session, tidies session ! // table and updates user sessions at each page refresh // function session_pagestart($user_ip, $thispage_id) { --- 201,219 ---- $userdata['session_page'] = $page_id; $userdata['session_start'] = $current_time; $userdata['session_time'] = $current_time; + $userdata['session_admin'] = $admin; setcookie($cookiename . '_data', serialize($sessiondata), $current_time + 31536000, $cookiepath, $cookiedomain, $cookiesecure); setcookie($cookiename . '_sid', $session_id, 0, $cookiepath, $cookiedomain, $cookiesecure); ! $SID = 'sid=' . $session_id; return $userdata; } // ! // Checks for a given user session, tidies session table and updates user ! // sessions at each page refresh // function session_pagestart($user_ip, $thispage_id) { *************** *** 206,229 **** $cookiepath = $board_config['cookie_path']; $cookiedomain = $board_config['cookie_domain']; $cookiesecure = $board_config['cookie_secure']; - $cookiesecure = ( $board_config['cookie_secure'] ) ? '; secure' : ''; $current_time = time(); unset($userdata); if ( isset($HTTP_COOKIE_VARS[$cookiename . '_sid']) || isset($HTTP_COOKIE_VARS[$cookiename . '_data']) ) { ! $sessiondata = isset( $HTTP_COOKIE_VARS[$cookiename . '_data'] ) ? unserialize(stripslashes($HTTP_COOKIE_VARS[$cookiename . '_data'])) : ''; $session_id = isset( $HTTP_COOKIE_VARS[$cookiename . '_sid'] ) ? $HTTP_COOKIE_VARS[$cookiename . '_sid'] : ''; $sessionmethod = SESSION_METHOD_COOKIE; } else { ! $session_data = ''; $session_id = ( isset($HTTP_GET_VARS['sid']) ) ? $HTTP_GET_VARS['sid'] : ''; $sessionmethod = SESSION_METHOD_GET; } // // Does a session exist? // --- 224,254 ---- $cookiepath = $board_config['cookie_path']; $cookiedomain = $board_config['cookie_domain']; $cookiesecure = $board_config['cookie_secure']; $current_time = time(); unset($userdata); if ( isset($HTTP_COOKIE_VARS[$cookiename . '_sid']) || isset($HTTP_COOKIE_VARS[$cookiename . '_data']) ) { ! $sessiondata = isset( $HTTP_COOKIE_VARS[$cookiename . '_data'] ) ? unserialize(stripslashes($HTTP_COOKIE_VARS[$cookiename . '_data'])) : array(); $session_id = isset( $HTTP_COOKIE_VARS[$cookiename . '_sid'] ) ? $HTTP_COOKIE_VARS[$cookiename . '_sid'] : ''; $sessionmethod = SESSION_METHOD_COOKIE; } else { ! $sessiondata = array(); $session_id = ( isset($HTTP_GET_VARS['sid']) ) ? $HTTP_GET_VARS['sid'] : ''; $sessionmethod = SESSION_METHOD_GET; } + // + if (!preg_match('/^[A-Za-z0-9]*$/', $session_id)) + { + $session_id = ''; + } + + $thispage_id = (int) $thispage_id; + // // Does a session exist? // *************** *** 236,246 **** $sql = "SELECT u.*, s.* FROM " . SESSIONS_TABLE . " s, " . USERS_TABLE . " u WHERE s.session_id = '$session_id' ! AND u.user_id = s.session_user_id ! AND s.session_ip = '$user_ip'"; if ( !($result = $db->sql_query($sql)) ) { ! message_die(CRITICAL_ERROR, 'Error doing DB query userdata row fetch : session_pagestart', '', __LINE__, __FILE__, $sql); } $userdata = $db->sql_fetchrow($result); --- 261,270 ---- $sql = "SELECT u.*, s.* FROM " . SESSIONS_TABLE . " s, " . USERS_TABLE . " u WHERE s.session_id = '$session_id' ! AND u.user_id = s.session_user_id"; if ( !($result = $db->sql_query($sql)) ) { ! message_die(CRITICAL_ERROR, 'Error doing DB query userdata row fetch', '', __LINE__, __FILE__, $sql); } $userdata = $db->sql_fetchrow($result); *************** *** 250,289 **** // if ( isset($userdata['user_id']) ) { - $SID = ( $sessionmethod == SESSION_METHOD_GET ) ? 'sid=' . $session_id : ''; - // ! // Only update session DB a minute or so after last update // ! $last_update = ( $userdata['user_id'] == ANONYMOUS ) ? $userdata['session_time'] : $userdata['user_session_time']; ! if ( $current_time - $last_update > 60 ) ! { // || $userdata['user_session_page'] != $thispage_id ! $sql = ( $userdata['user_id'] == ANONYMOUS ) ? "UPDATE " . SESSIONS_TABLE . " SET session_time = $current_time, session_page = $thispage_id WHERE session_id = '" . $userdata['session_id'] . "' AND session_ip = '$user_ip'" : "UPDATE " . USERS_TABLE . " SET user_session_time = $current_time, user_session_page = $thispage_id WHERE user_id = " . $userdata['user_id']; ! if ( !$db->sql_query($sql) ) ! { ! message_die(CRITICAL_ERROR, 'Error updating sessions table : session_pagestart', '', __LINE__, __FILE__, $sql); ! } // ! // Delete expired sessions // ! $expiry_time = $current_time - $board_config['session_length']; ! $sql = "DELETE FROM " . SESSIONS_TABLE . " ! WHERE session_time < $expiry_time ! AND session_id <> '$session_id'"; ! if ( !($result = $db->sql_query($sql)) ) { ! message_die(CRITICAL_ERROR, 'Error clearing sessions table : session_pagestart', '', __LINE__, __FILE__, $sql); } ! setcookie($cookiename . '_data', serialize($sessiondata), $current_time + 31536000, $cookiepath, $cookiedomain, $cookiesecure); ! setcookie($cookiename . '_sid', $session_id, 0, $cookiepath, $cookiedomain, $cookiesecure); ! // header('Set-cookie: ' . $cookiename . '_data=' . urlencode(serialize($sessiondata)) . '; expires=' . gmdate("l, d-M-Y H:i:s", $current_time + 31536000) . ' GMT; domain=' . $cookiedomain . '; path=' . $cookiepath . $cookiesecure); ! // header('Set-cookie: ' . $cookiename . '_sid=' . $session_id . '; domain=' . $cookiedomain . '; path=' . $cookiepath . $cookiesecure); } - - return $userdata; } } --- 274,337 ---- // if ( isset($userdata['user_id']) ) { // ! // Do not check IP assuming equivalence, if IPv4 we'll check only first 24 ! // bits ... I've been told (by vHiker) this should alleviate problems with ! // load balanced et al proxies while retaining some reliance on IP security. // ! $ip_check_s = substr($userdata['session_ip'], 0, 6); ! $ip_check_u = substr($user_ip, 0, 6); ! if ($ip_check_s == $ip_check_u) ! { ! $SID = ($sessionmethod == SESSION_METHOD_GET || defined('IN_ADMIN')) ? 'sid=' . $session_id : ''; // ! // Only update session DB a minute or so after last update // ! if ( $current_time - $userdata['session_time'] > 60 ) { ! // A little trick to reset session_admin on session re-usage ! $update_admin = (!defined('IN_ADMIN') && $current_time - $userdata['session_time'] > ($board_config['session_length']+60)) ? ', session_admin = 0' : ''; ! ! $sql = "UPDATE " . SESSIONS_TABLE . " ! SET session_time = $current_time, session_page = $thispage_id$update_admin ! WHERE session_id = '" . $userdata['session_id'] . "'"; ! if ( !$db->sql_query($sql) ) ! { ! message_die(CRITICAL_ERROR, 'Error updating sessions table', '', __LINE__, __FILE__, $sql); ! } ! ! if ( $userdata['user_id'] != ANONYMOUS ) ! { ! $sql = "UPDATE " . USERS_TABLE . " ! SET user_session_time = $current_time, user_session_page = $thispage_id ! WHERE user_id = " . $userdata['user_id']; ! if ( !$db->sql_query($sql) ) ! { ! message_die(CRITICAL_ERROR, 'Error updating sessions table', '', __LINE__, __FILE__, $sql); ! } ! } ! ! // ! // Delete expired sessions ! // ! $expiry_time = $current_time - $board_config['session_length']; ! ! $sql = "DELETE FROM " . SESSIONS_TABLE . " ! WHERE session_time < $expiry_time ! AND session_id <> '$session_id'"; ! if ( !$db->sql_query($sql) ) ! { ! message_die(CRITICAL_ERROR, 'Error clearing sessions table', '', __LINE__, __FILE__, $sql); ! } ! ! setcookie($cookiename . '_data', serialize($sessiondata), $current_time + 31536000, $cookiepath, $cookiedomain, $cookiesecure); ! setcookie($cookiename . '_sid', $session_id, 0, $cookiepath, $cookiedomain, $cookiesecure); } ! return $userdata; } } } *************** *** 291,301 **** // If we reach here then no (valid) session exists. So we'll create a new one, // using the cookie user_id if available to pull basic user prefs. // ! $user_id = ( isset($sessiondata['userid']) ) ? $sessiondata['userid'] : ANONYMOUS; if ( !($userdata = session_begin($user_id, $user_ip, $thispage_id, TRUE)) ) { ! message_die(CRITICAL_ERROR, 'Error creating user session : session_pagestart', '', __LINE__, __FILE__, $sql); } return $userdata; --- 339,349 ---- // If we reach here then no (valid) session exists. So we'll create a new one, // using the cookie user_id if available to pull basic user prefs. // ! $user_id = ( isset($sessiondata['userid']) ) ? intval($sessiondata['userid']) : ANONYMOUS; if ( !($userdata = session_begin($user_id, $user_ip, $thispage_id, TRUE)) ) { ! message_die(CRITICAL_ERROR, 'Error creating user session', '', __LINE__, __FILE__, $sql); } return $userdata; *************** *** 316,322 **** $cookiepath = $board_config['cookie_path']; $cookiedomain = $board_config['cookie_domain']; $cookiesecure = $board_config['cookie_secure']; ! // $cookiesecure = ( $board_config['cookie_secure'] ) ? '; secure' : ''; // // Pull cookiedata or grab the URI propagated sid --- 364,371 ---- $cookiepath = $board_config['cookie_path']; $cookiedomain = $board_config['cookie_domain']; $cookiesecure = $board_config['cookie_secure']; ! ! $current_time = time(); // // Pull cookiedata or grab the URI propagated sid *************** *** 332,357 **** $sessionmethod = SESSION_METHOD_GET; } // // Delete existing session // $sql = "DELETE FROM " . SESSIONS_TABLE . " WHERE session_id = '$session_id' AND session_user_id = $user_id"; ! if ( !($result = $db->sql_query($sql)) ) { ! message_die(CRITICAL_ERROR, 'Error removing user session : session_end', '', __LINE__, __FILE__, $sql); } setcookie($cookiename . '_data', '', $current_time - 31536000, $cookiepath, $cookiedomain, $cookiesecure); setcookie($cookiename . '_sid', '', $current_time - 31536000, $cookiepath, $cookiedomain, $cookiesecure); - // header('Set-cookie: ' . $cookiename . '_data=0; expires=' . gmdate("l, d-M-Y H:i:s", 0) . ' GMT; domain=' . $cookiedomain . '; path=' . $cookiepath. $cookiesecure); - // header('Set-cookie: ' . $cookiename . '_sid=0; expires=' . gmdate("l, d-M-Y H:i:s", 0) . ' GMT; domain=' . $cookiedomain . '; path=' . $cookiepath . $cookiesecure); - - $SID = ( $sessionmethod == SESSION_METHOD_GET ) ? 'sid=' . $session_id : ''; - - return TRUE; } // --- 381,406 ---- $sessionmethod = SESSION_METHOD_GET; } + if (!preg_match('/^[A-Za-z0-9]*$/', $session_id)) + { + return; + } + // // Delete existing session // $sql = "DELETE FROM " . SESSIONS_TABLE . " WHERE session_id = '$session_id' AND session_user_id = $user_id"; ! if ( !$db->sql_query($sql) ) { ! message_die(CRITICAL_ERROR, 'Error removing user session', '', __LINE__, __FILE__, $sql); } setcookie($cookiename . '_data', '', $current_time - 31536000, $cookiepath, $cookiedomain, $cookiesecure); setcookie($cookiename . '_sid', '', $current_time - 31536000, $cookiepath, $cookiedomain, $cookiesecure); + return true; } // *************** *** 364,375 **** { global $SID; ! if ( !empty($SID) && !eregi('sid=', $url) ) { $url .= ( ( strpos($url, '?') != false ) ? ( ( $non_html_amp ) ? '&' : '&' ) : '?' ) . $SID; } ! return($url); } ! ?> --- 413,424 ---- { global $SID; ! if ( !empty($SID) && !preg_match('#sid=#', $url) ) { $url .= ( ( strpos($url, '?') != false ) ? ( ( $non_html_amp ) ? '&' : '&' ) : '?' ) . $SID; } ! return $url; } ! ?> \ No newline at end of file diff -crN phpbb200/includes/smtp.php phpbb2017/includes/smtp.php *** phpbb200/includes/smtp.php Sat Jul 10 20:16:13 2004 --- phpbb2017/includes/smtp.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: smtp.php,v 1.16 2002/04/02 21:13:47 the_systech Exp $ * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: smtp.php,v 1.16.2.10 2005/05/06 20:50:11 acydburn Exp $ * ***************************************************************************/ *************** *** 20,73 **** ***************************************************************************/ define('SMTP_INCLUDED', 1); // // This function has been modified as provided // by SirSir to allow multiline responses when // using SMTP Extensions // ! function server_parse($socket, $response) { ! while ( substr($server_response,3,1) != ' ' ) ! { ! if( !( $server_response = fgets($socket, 256) ) ) ! { ! message_die(GENERAL_ERROR, "Couldn't get mail server response codes", "", __LINE__, __FILE__); ! } ! } ! ! if( !( substr($server_response, 0, 3) == $response ) ) ! { ! message_die(GENERAL_ERROR, "Ran into problems sending Mail. Response: $server_response", "", __LINE__, __FILE__); ! } ! } ! ! /**************************************************************************** ! * Function: smtpmail ! * Description: This is a functional replacement for php's builtin mail ! * function, that uses smtp. ! * Usage: The usage for this function is identical to that of php's ! * built in mail function. ! ****************************************************************************/ ! function smtpmail($mail_to, $subject, $message, $headers = "") { - // For now I'm using an array based $smtp_vars to hold the smtp server - // info, but it should probably change to $board_config... - // then the relevant info would be $board_config['smtp_host'] and - // $board_config['smtp_port']. global $board_config; - // // Fix any bare linefeeds in the message to make it RFC821 Compliant. ! // ! $message = preg_replace("/(? 1) { ! $headers = join("\r\n", $headers); } else { --- 20,62 ---- ***************************************************************************/ define('SMTP_INCLUDED', 1); + // // This function has been modified as provided // by SirSir to allow multiline responses when // using SMTP Extensions // ! function server_parse($socket, $response, $line = __LINE__) { ! while (substr($server_response, 3, 1) != ' ') ! { ! if (!($server_response = fgets($socket, 256))) ! { ! message_die(GENERAL_ERROR, "Couldn't get mail server response codes", "", $line, __FILE__); ! } ! } ! ! if (!(substr($server_response, 0, 3) == $response)) ! { ! message_die(GENERAL_ERROR, "Ran into problems sending Mail. Response: $server_response", "", $line, __FILE__); ! } ! } ! ! // Replacement or substitute for PHP's mail command ! function smtpmail($mail_to, $subject, $message, $headers = '') { global $board_config; // Fix any bare linefeeds in the message to make it RFC821 Compliant. ! $message = preg_replace("#(? 1) { ! $headers = join("\n", $headers); } else { *************** *** 76,215 **** } $headers = chop($headers); - // // Make sure there are no bare linefeeds in the headers ! // ! $headers = preg_replace("/(?\r\n"); ! server_parse($socket, "250"); // Specify each user to send to and build to header. ! $to_header = "To: "; ! @reset( $mail_to_array ); ! while( list( , $mail_to_address ) = each( $mail_to_array )) ! { ! // ! // Add an additional bit of error checking to the To field. ! // ! $mail_to_address = trim($mail_to_address); ! if ( preg_match('/[^ ]+\@[^ ]+/', $mail_to_address) ) ! { ! fputs( $socket, "RCPT TO: <$mail_to_address>\r\n" ); ! server_parse( $socket, "250" ); ! } ! $to_header .= "<$mail_to_address>, "; } // Ok now do the CC and BCC fields... ! @reset( $bcc ); ! while( list( , $bcc_address ) = each( $bcc )) { - // // Add an additional bit of error checking to bcc header... ! // ! $bcc_address = trim( $bcc_address ); ! if ( preg_match('/[^ ]+\@[^ ]+/', $bcc_address) ) { ! fputs( $socket, "RCPT TO: <$bcc_address>\r\n" ); ! server_parse( $socket, "250" ); } } ! @reset( $cc ); ! while( list( , $cc_address ) = each( $cc )) { - // // Add an additional bit of error checking to cc header ! // ! $cc_address = trim( $cc_address ); ! if ( preg_match('/[^ ]+\@[^ ]+/', $cc_address) ) { fputs($socket, "RCPT TO: <$cc_address>\r\n"); ! server_parse($socket, "250"); } } // Ok now we tell the server we are ready to start sending data fputs($socket, "DATA\r\n"); // This is the last response code we look for until the end of the message. ! server_parse($socket, "354"); // Send the Subject Line... fputs($socket, "Subject: $subject\r\n"); // Now the To Header. ! fputs($socket, "$to_header\r\n"); // Now any custom headers.... fputs($socket, "$headers\r\n\r\n"); --- 65,193 ---- } $headers = chop($headers); // Make sure there are no bare linefeeds in the headers ! $headers = preg_replace('#(?\r\n"); ! server_parse($socket, "250", __LINE__); // Specify each user to send to and build to header. ! $to_header = ''; ! ! // Add an additional bit of error checking to the To field. ! $mail_to = (trim($mail_to) == '') ? 'Undisclosed-recipients:;' : trim($mail_to); ! if (preg_match('#[^ ]+\@[^ ]+#', $mail_to)) ! { ! fputs($socket, "RCPT TO: <$mail_to>\r\n"); ! server_parse($socket, "250", __LINE__); } + // Ok now do the CC and BCC fields... ! @reset($bcc); ! while(list(, $bcc_address) = each($bcc)) { // Add an additional bit of error checking to bcc header... ! $bcc_address = trim($bcc_address); ! if (preg_match('#[^ ]+\@[^ ]+#', $bcc_address)) { ! fputs($socket, "RCPT TO: <$bcc_address>\r\n"); ! server_parse($socket, "250", __LINE__); } } ! ! @reset($cc); ! while(list(, $cc_address) = each($cc)) { // Add an additional bit of error checking to cc header ! $cc_address = trim($cc_address); ! if (preg_match('#[^ ]+\@[^ ]+#', $cc_address)) { fputs($socket, "RCPT TO: <$cc_address>\r\n"); ! server_parse($socket, "250", __LINE__); } } + // Ok now we tell the server we are ready to start sending data fputs($socket, "DATA\r\n"); // This is the last response code we look for until the end of the message. ! server_parse($socket, "354", __LINE__); // Send the Subject Line... fputs($socket, "Subject: $subject\r\n"); // Now the To Header. ! fputs($socket, "To: $mail_to\r\n"); // Now any custom headers.... fputs($socket, "$headers\r\n\r\n"); *************** *** 219,225 **** // Ok the all the ingredients are mixed in let's cook this puppy... fputs($socket, ".\r\n"); ! server_parse($socket, "250"); // Now tell the server we are done and close the socket... fputs($socket, "QUIT\r\n"); --- 197,203 ---- // Ok the all the ingredients are mixed in let's cook this puppy... fputs($socket, ".\r\n"); ! server_parse($socket, "250", __LINE__); // Now tell the server we are done and close the socket... fputs($socket, "QUIT\r\n"); *************** *** 228,231 **** return TRUE; } ! ?> --- 206,209 ---- return TRUE; } ! ?> \ No newline at end of file diff -crN phpbb200/includes/template.php phpbb2017/includes/template.php *** phpbb200/includes/template.php Sat Jul 10 20:16:13 2004 --- phpbb2017/includes/template.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: template.php,v 1.10 2002/04/02 21:13:47 the_systech Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: template.php,v 1.10.2.5 2005/05/06 20:50:11 acydburn Exp $ * * ***************************************************************************/ *************** *** 230,236 **** // Check if it's an absolute or relative path. if (substr($filename, 0, 1) != '/') { ! $filename = $this->root . '/' . $filename; } if (!file_exists($filename)) --- 230,236 ---- // Check if it's an absolute or relative path. if (substr($filename, 0, 1) != '/') { ! $filename = ($rp_filename = phpbb_realpath($this->root . '/' . $filename)) ? $rp_filename : $filename; } if (!file_exists($filename)) *************** *** 331,337 **** if ($block_nesting_level < 2) { // Block is not nested. ! $code_lines[$i] = '$_' . $a[1] . '_count = ( isset($this->_tpldata[\'' . $n[1] . '.\']) ) ? sizeof($this->_tpldata[\'' . $n[1] . '.\']) : 0;'; $code_lines[$i] .= "\n" . 'for ($_' . $n[1] . '_i = 0; $_' . $n[1] . '_i < $_' . $n[1] . '_count; $_' . $n[1] . '_i++)'; $code_lines[$i] .= "\n" . '{'; } --- 331,337 ---- if ($block_nesting_level < 2) { // Block is not nested. ! $code_lines[$i] = '$_' . $n[1] . '_count = ( isset($this->_tpldata[\'' . $n[1] . '.\']) ) ? sizeof($this->_tpldata[\'' . $n[1] . '.\']) : 0;'; $code_lines[$i] .= "\n" . 'for ($_' . $n[1] . '_i = 0; $_' . $n[1] . '_i < $_' . $n[1] . '_count; $_' . $n[1] . '_i++)'; $code_lines[$i] .= "\n" . '{'; } *************** *** 347,353 **** // current indices of all parent blocks. $varref = $this->generate_block_data_ref($namespace, false); // Create the for loop code to iterate over this block. ! $code_lines[$i] = '$_' . $a[1] . '_count = ( isset(' . $varref . ') ) ? sizeof(' . $varref . ') : 0;'; $code_lines[$i] .= "\n" . 'for ($_' . $n[1] . '_i = 0; $_' . $n[1] . '_i < $_' . $n[1] . '_count; $_' . $n[1] . '_i++)'; $code_lines[$i] .= "\n" . '{'; } --- 347,353 ---- // current indices of all parent blocks. $varref = $this->generate_block_data_ref($namespace, false); // Create the for loop code to iterate over this block. ! $code_lines[$i] = '$_' . $n[1] . '_count = ( isset(' . $varref . ') ) ? sizeof(' . $varref . ') : 0;'; $code_lines[$i] .= "\n" . 'for ($_' . $n[1] . '_i = 0; $_' . $n[1] . '_i < $_' . $n[1] . '_count; $_' . $n[1] . '_i++)'; $code_lines[$i] .= "\n" . '{'; } *************** *** 475,478 **** } ! ?> --- 475,478 ---- } ! ?> \ No newline at end of file diff -crN phpbb200/includes/topic_review.php phpbb2017/includes/topic_review.php *** phpbb200/includes/topic_review.php Sat Jul 10 20:16:13 2004 --- phpbb2017/includes/topic_review.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: topic_review.php,v 1.5 2002/03/31 00:06:34 psotfx Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: topic_review.php,v 1.5.2.4 2005/05/06 20:50:12 acydburn Exp $ * * ***************************************************************************/ *************** *** 30,38 **** if ( !$is_inline_review ) { ! if ( !isset($topic_id) ) { ! message_die(GENERAL_MESSAGE, 'Topic_not_exist'); } // --- 30,38 ---- if ( !$is_inline_review ) { ! if ( !isset($topic_id) || !$topic_id) { ! message_die(GENERAL_MESSAGE, 'Topic_post_not_exist'); } // *************** *** 51,56 **** --- 51,57 ---- { message_die(GENERAL_MESSAGE, 'Topic_post_not_exist'); } + $db->sql_freeresult($result); $forum_id = $forum_row['forum_id']; $topic_title = $forum_row['topic_title']; *************** *** 139,144 **** --- 140,150 ---- $poster = $row['post_username']; $poster_rank = $lang['Guest']; } + elseif ( $poster_id == ANONYMOUS ) + { + $poster = $lang['Guest']; + $poster_rank = ''; + } $post_subject = ( $row['post_subject'] != '' ) ? $row['post_subject'] : ''; *************** *** 202,207 **** --- 208,214 ---- { message_die(GENERAL_MESSAGE, 'Topic_post_not_exist', '', __LINE__, __FILE__, $sql); } + $db->sql_freeresult($result); $template->assign_vars(array( 'L_AUTHOR' => $lang['Author'], diff -crN phpbb200/includes/usercp_activate.php phpbb2017/includes/usercp_activate.php *** phpbb200/includes/usercp_activate.php Sat Jul 10 20:16:13 2004 --- phpbb2017/includes/usercp_activate.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: usercp_activate.php,v 1.6 2002/04/03 20:14:47 the_systech Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: usercp_activate.php,v 1.6.2.8 2005/07/19 20:01:16 acydburn Exp $ * * ***************************************************************************/ *************** *** 27,96 **** exit; } ! $sql = "SELECT user_id, user_email, user_newpasswd, user_lang FROM " . USERS_TABLE . " ! WHERE user_actkey = '" . str_replace("\'", "''", $HTTP_GET_VARS['act_key']) . "'"; ! if ( $result = $db->sql_query($sql) ) { ! if ( $row = $db->sql_fetchrow($result) ) { ! $sql_update_pass = ( $row['user_newpasswd'] != '' ) ? ", user_password = '" . str_replace("\'", "''", $row['user_newpasswd']) . "', user_newpasswd = ''" : ""; $sql = "UPDATE " . USERS_TABLE . " SET user_active = 1, user_actkey = ''" . $sql_update_pass . " ! WHERE user_id = " . $row['user_id']; ! if ( $result = $db->sql_query($sql) ) { ! if ( $board_config['require_activation'] == USER_ACTIVATION_ADMIN && $sql_update_pass == '' ) ! { ! include($phpbb_root_path . 'includes/emailer.'.$phpEx); ! $emailer = new emailer($board_config['smtp_delivery']); ! ! $email_headers = 'From: ' . $board_config['board_email'] . "\r\nReturn-Path: " . $board_config['board_email'] . "\r\n"; ! ! $emailer->use_template('admin_welcome_activated', $row['user_lang']); ! $emailer->email_address($row['user_email']); ! $emailer->set_subject();//$lang['Account_activated_subject'] ! $emailer->extra_headers($email_headers); ! ! $emailer->assign_vars(array( ! 'SITENAME' => $board_config['sitename'], ! 'USERNAME' => $username, ! 'PASSWORD' => $password_confirm, ! 'EMAIL_SIG' => str_replace('
', "\n", "-- \n" . $board_config['board_email_sig'])) ! ); ! $emailer->send(); ! $emailer->reset(); ! ! $template->assign_vars(array( ! 'META' => '') ! ); ! ! message_die(GENERAL_MESSAGE, $lang['Account_active_admin']); ! } ! else ! { ! $template->assign_vars(array( ! 'META' => '') ! ); ! ! $message = ( $sql_update_pass == '' ) ? $lang['Account_active'] : $lang['Password_activated']; ! message_die(GENERAL_MESSAGE, $message); ! } } else { ! message_die(GENERAL_ERROR, 'Could not update users table', '', __LINE__, __FILE__, $sql_update); } } else { ! message_die(GENERAL_ERROR, $lang['Wrong_activation']); //wrongactiv } } else { ! message_die(GENERAL_ERROR, 'Could not obtain user information', '', __LINE__, __FILE__, $sql); } ! ?> --- 27,112 ---- exit; } ! $sql = "SELECT user_active, user_id, username, user_email, user_newpasswd, user_lang, user_actkey FROM " . USERS_TABLE . " ! WHERE user_id = " . intval($HTTP_GET_VARS[POST_USERS_URL]); ! if ( !($result = $db->sql_query($sql)) ) { ! message_die(GENERAL_ERROR, 'Could not obtain user information', '', __LINE__, __FILE__, $sql); ! } ! ! if ( $row = $db->sql_fetchrow($result) ) ! { ! if ( $row['user_active'] && trim($row['user_actkey']) == '' ) ! { ! $template->assign_vars(array( ! 'META' => '') ! ); ! ! message_die(GENERAL_MESSAGE, $lang['Already_activated']); ! } ! else if ((trim($row['user_actkey']) == trim($HTTP_GET_VARS['act_key'])) && (trim($row['user_actkey']) != '')) { ! if (intval($board_config['require_activation']) == USER_ACTIVATION_ADMIN && $userdata['user_level'] != ADMIN) ! { ! message_die(GENERAL_MESSAGE, $lang['Not_Authorised']); ! } ! ! $sql_update_pass = ( $row['user_newpasswd'] != '' ) ? ", user_password = '" . str_replace("\'", "''", $row['user_newpasswd']) . "', user_newpasswd = ''" : ''; $sql = "UPDATE " . USERS_TABLE . " SET user_active = 1, user_actkey = ''" . $sql_update_pass . " ! WHERE user_id = " . $row['user_id']; ! if ( !($result = $db->sql_query($sql)) ) { ! message_die(GENERAL_ERROR, 'Could not update users table', '', __LINE__, __FILE__, $sql_update); ! } ! ! if ( intval($board_config['require_activation']) == USER_ACTIVATION_ADMIN && $sql_update_pass == '' ) ! { ! include($phpbb_root_path . 'includes/emailer.'.$phpEx); ! $emailer = new emailer($board_config['smtp_delivery']); ! ! $emailer->from($board_config['board_email']); ! $emailer->replyto($board_config['board_email']); ! ! $emailer->use_template('admin_welcome_activated', $row['user_lang']); ! $emailer->email_address($row['user_email']); ! $emailer->set_subject($lang['Account_activated_subject']); ! ! $emailer->assign_vars(array( ! 'SITENAME' => $board_config['sitename'], ! 'USERNAME' => $row['username'], ! 'PASSWORD' => $password_confirm, ! 'EMAIL_SIG' => (!empty($board_config['board_email_sig'])) ? str_replace('
', "\n", "-- \n" . $board_config['board_email_sig']) : '') ! ); ! $emailer->send(); ! $emailer->reset(); ! ! $template->assign_vars(array( ! 'META' => '') ! ); ! ! message_die(GENERAL_MESSAGE, $lang['Account_active_admin']); } else { ! $template->assign_vars(array( ! 'META' => '') ! ); ! ! $message = ( $sql_update_pass == '' ) ? $lang['Account_active'] : $lang['Password_activated']; ! message_die(GENERAL_MESSAGE, $message); } } else { ! message_die(GENERAL_MESSAGE, $lang['Wrong_activation']); } } else { ! message_die(GENERAL_MESSAGE, $lang['No_such_user']); } ! ?> \ No newline at end of file diff -crN phpbb200/includes/usercp_avatar.php phpbb2017/includes/usercp_avatar.php *** phpbb200/includes/usercp_avatar.php Sat Jul 10 20:16:13 2004 --- phpbb2017/includes/usercp_avatar.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: usercp_avatar.php,v 1.8 2002/03/31 00:06:34 psotfx Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: usercp_avatar.php,v 1.8.2.21 2005/07/19 20:01:16 acydburn Exp $ * * ***************************************************************************/ *************** *** 51,59 **** { global $board_config, $userdata; if ( $avatar_type == USER_AVATAR_UPLOAD && $avatar_file != '' ) { ! if ( @file_exists('./' . $board_config['avatar_path'] . '/' . $avatar_file) ) { @unlink('./' . $board_config['avatar_path'] . '/' . $avatar_file); } --- 51,60 ---- { global $board_config, $userdata; + $avatar_file = basename($avatar_file); if ( $avatar_type == USER_AVATAR_UPLOAD && $avatar_file != '' ) { ! if ( @file_exists(@phpbb_realpath('./' . $board_config['avatar_path'] . '/' . $avatar_file)) ) { @unlink('./' . $board_config['avatar_path'] . '/' . $avatar_file); } *************** *** 64,80 **** function user_avatar_gallery($mode, &$error, &$error_msg, $avatar_filename) { ! return ( $mode == 'editprofile' ) ? ", user_avatar = '" . str_replace("\'", "''", $avatar_filename) . "', user_avatar_type = " . USER_AVATAR_GALLERY : ''; } function user_avatar_url($mode, &$error, &$error_msg, $avatar_filename) { ! if ( !preg_match('#^http:\/\/#i', $avatar_filename) ) { $avatar_filename = 'http://' . $avatar_filename; } ! if ( !preg_match('#^(http:\/\/[a-z0-9\-]+?\.([a-z0-9\-]+\.)*[a-z]+(:[0-9]+)*\/.*?\.(gif|jpg|jpeg|png)$)#is', $avatar_filename) ) { $error = true; $error_msg = ( !empty($error_msg) ) ? $error_msg . '
' . $lang['Wrong_remote_avatar_format'] : $lang['Wrong_remote_avatar_format']; --- 65,99 ---- function user_avatar_gallery($mode, &$error, &$error_msg, $avatar_filename) { ! global $board_config; ! ! $avatar_filename = str_replace(array('../', '..\\', './', '.\\'), '', $avatar_filename); ! if ($avatar_filename{0} == '/' || $avatar_filename{0} == "\\") ! { ! return ''; ! } ! ! if ( file_exists(@phpbb_realpath($board_config['avatar_gallery_path'] . '/' . $avatar_filename)) && ($mode == 'editprofile') ) ! { ! $return = ", user_avatar = '" . str_replace("\'", "''", $avatar_filename) . "', user_avatar_type = " . USER_AVATAR_GALLERY; ! } ! else ! { ! $return = ''; ! } ! return $return; } function user_avatar_url($mode, &$error, &$error_msg, $avatar_filename) { ! global $lang; ! ! if ( !preg_match('#^(http)|(ftp):\/\/#i', $avatar_filename) ) { $avatar_filename = 'http://' . $avatar_filename; } ! if ( !preg_match("#^((ht|f)tp://)([^ \?&=\#\"\n\r\t<]*?(\.(jpg|jpeg|gif|png))$)#is", $avatar_filename) ) { $error = true; $error_msg = ( !empty($error_msg) ) ? $error_msg . '
' . $lang['Wrong_remote_avatar_format'] : $lang['Wrong_remote_avatar_format']; *************** *** 87,93 **** function user_avatar_upload($mode, $avatar_mode, &$current_avatar, &$current_type, &$error, &$error_msg, $avatar_filename, $avatar_realname, $avatar_filesize, $avatar_filetype) { ! global $board_config, $user_ip, $db, $lang; $ini_val = ( @phpversion() >= '4.0.0' ) ? 'ini_get' : 'get_cfg_var'; --- 106,112 ---- function user_avatar_upload($mode, $avatar_mode, &$current_avatar, &$current_type, &$error, &$error_msg, $avatar_filename, $avatar_realname, $avatar_filesize, $avatar_filetype) { ! global $board_config, $db, $lang; $ini_val = ( @phpversion() >= '4.0.0' ) ? 'ini_get' : 'get_cfg_var'; *************** *** 121,127 **** } @fclose($fsock); ! if ( !preg_match('/Content-Length\: ([0-9]+)[^\/ ][\s]+/i', $avatar_data, $file_data1) || !preg_match('/Content-Type\: image\/[x\-]*([a-z]+)[\s]+/i', $avatar_data, $file_data2) ) { $error = true; $error_msg = ( !empty($error_msg) ) ? $error_msg . '
' . $lang['File_no_data'] : $lang['File_no_data']; --- 140,146 ---- } @fclose($fsock); ! if (!preg_match('#Content-Length\: ([0-9]+)[^ /][\s]+#i', $avatar_data, $file_data1) || !preg_match('#Content-Type\: image/[x\-]*([a-z]+)[\s]+#i', $avatar_data, $file_data2)) { $error = true; $error_msg = ( !empty($error_msg) ) ? $error_msg . '
' . $lang['File_no_data'] : $lang['File_no_data']; *************** *** 136,142 **** $avatar_data = substr($avatar_data, strlen($avatar_data) - $avatar_filesize, $avatar_filesize); $tmp_path = ( !@$ini_val('safe_mode') ) ? '/tmp' : './' . $board_config['avatar_path'] . '/tmp'; ! $tmp_filename = tempnam($tmp_path, uniqid($user_ip) . '-'); $fptr = @fopen($tmp_filename, 'wb'); $bytes_written = @fwrite($fptr, $avatar_data, $avatar_filesize); --- 155,161 ---- $avatar_data = substr($avatar_data, strlen($avatar_data) - $avatar_filesize, $avatar_filesize); $tmp_path = ( !@$ini_val('safe_mode') ) ? '/tmp' : './' . $board_config['avatar_path'] . '/tmp'; ! $tmp_filename = tempnam($tmp_path, uniqid(rand()) . '-'); $fptr = @fopen($tmp_filename, 'wb'); $bytes_written = @fwrite($fptr, $avatar_data, $avatar_filesize); *************** *** 158,168 **** $error_msg = ( !empty($error_msg) ) ? $error_msg . '
' . $l_avatar_size : $l_avatar_size; } } ! else if ( $avatar_mode == 'local' && file_exists($avatar_filename) && preg_match('/\.(jpg|jpeg|gif|png)$/i', $avatar_realname) ) { if ( $avatar_filesize <= $board_config['avatar_filesize'] && $avatar_filesize > 0 ) { ! preg_match("'image\/[x\-]*([a-z]+)'", $avatar_filetype, $avatar_filetype); $avatar_filetype = $avatar_filetype[1]; } else --- 177,187 ---- $error_msg = ( !empty($error_msg) ) ? $error_msg . '
' . $l_avatar_size : $l_avatar_size; } } ! else if ( ( file_exists(@phpbb_realpath($avatar_filename)) ) && preg_match('/\.(jpg|jpeg|gif|png)$/i', $avatar_realname) ) { if ( $avatar_filesize <= $board_config['avatar_filesize'] && $avatar_filesize > 0 ) { ! preg_match('#image\/[x\-]*([a-z]+)#', $avatar_filetype, $avatar_filetype); $avatar_filetype = $avatar_filetype[1]; } else *************** *** 182,194 **** return; } ! if ( $width <= $board_config['avatar_max_width'] && $height <= $board_config['avatar_max_height'] ) { ! $new_filename = ( $current_avatar != '' && $mode != 'register' ) ? $current_avatar : uniqid($user_ip) . $imgtype; if ( $mode == 'editprofile' && $current_type == USER_AVATAR_UPLOAD && $current_avatar != '' ) { ! if ( file_exists('./' . $board_config['avatar_path'] . '/' . $current_avatar) ) { @unlink('./' . $board_config['avatar_path'] . '/' . $current_avatar); } --- 201,213 ---- return; } ! if ( $width > 0 && $height > 0 && $width <= $board_config['avatar_max_width'] && $height <= $board_config['avatar_max_height'] ) { ! $new_filename = uniqid(rand()) . $imgtype; if ( $mode == 'editprofile' && $current_type == USER_AVATAR_UPLOAD && $current_avatar != '' ) { ! if ( file_exists(@phpbb_realpath('./' . $board_config['avatar_path'] . '/' . $current_avatar)) ) { @unlink('./' . $board_config['avatar_path'] . '/' . $current_avatar); } *************** *** 215,220 **** --- 234,243 ---- $move_file = 'copy'; } + if (!is_uploaded_file($avatar_filename)) + { + message_die(GENERAL_ERROR, 'Unable to upload file', '', __LINE__, __FILE__); + } $move_file($avatar_filename, './' . $board_config['avatar_path'] . "/$new_filename"); } *************** *** 233,239 **** return $avatar_sql; } ! function display_avatar_gallery($mode, &$category, &$user_id, &$email, &$current_email, &$coppa, &$username, &$email, &$icq, &$aim, &$msn, &$yim, &$website, &$location, &$occupation, &$interests, &$signature, &$viewemail, &$notifypm, &$popuppm, &$notifyreply, &$attachsig, &$allowhtml, &$allowbbcode, &$allowsmilies, &$allowviewonline, &$style, &$language, &$timezone, &$dateformat) { global $board_config, $db, $template, $lang, $images, $theme; global $phpbb_root_path, $phpEx; --- 256,262 ---- return $avatar_sql; } ! function display_avatar_gallery($mode, &$category, &$user_id, &$email, &$current_email, &$coppa, &$username, &$email, &$new_password, &$cur_password, &$password_confirm, &$icq, &$aim, &$msn, &$yim, &$website, &$location, &$occupation, &$interests, &$signature, &$viewemail, &$notifypm, &$popup_pm, &$notifyreply, &$attachsig, &$allowhtml, &$allowbbcode, &$allowsmilies, &$hideonline, &$style, &$language, &$timezone, &$dateformat, &$session_id) { global $board_config, $db, $template, $lang, $images, $theme; global $phpbb_root_path, $phpEx; *************** *** 309,317 **** } } ! $params = array('coppa', 'user_id', 'username', 'email', 'current_email', 'icq', 'aim', 'msn', 'yim', 'website', 'location', 'occupation', 'interests', 'signature', 'viewemail', 'notifypm', 'popuppm', 'notifyreply', 'attachsig', 'allowhtml', 'allowbbcode', 'allowsmilies', 'allowviewonline', 'style', 'language', 'timezone', 'dateformat'); ! $s_hidden_vars = ''; for($i = 0; $i < count($params); $i++) { --- 332,340 ---- } } ! $params = array('coppa', 'user_id', 'username', 'email', 'current_email', 'cur_password', 'new_password', 'password_confirm', 'icq', 'aim', 'msn', 'yim', 'website', 'location', 'occupation', 'interests', 'signature', 'viewemail', 'notifypm', 'popup_pm', 'notifyreply', 'attachsig', 'allowhtml', 'allowbbcode', 'allowsmilies', 'hideonline', 'style', 'language', 'timezone', 'dateformat'); ! $s_hidden_vars = ''; for($i = 0; $i < count($params); $i++) { *************** *** 333,336 **** return; } ! ?> --- 356,359 ---- return; } ! ?> \ No newline at end of file diff -crN phpbb200/includes/usercp_confirm.php phpbb2017/includes/usercp_confirm.php *** phpbb200/includes/usercp_confirm.php Thu Jan 1 01:00:00 1970 --- phpbb2017/includes/usercp_confirm.php Tue Jul 19 22:14:56 2005 *************** *** 0 **** --- 1,435 ---- + sql_query($sql); + + // If we have a row then grab data else create a new id + if ($row = $db->sql_fetchrow($result)) + { + $db->sql_freeresult($result); + $code = $row['code']; + } + else + { + exit; + } + + // If we can we will generate a single filtered png else we will have to simply + // output six seperate original pngs ... first way is preferable! + if (@extension_loaded('zlib')) + { + $_png = define_filtered_pngs(); + + $total_width = 320; + $total_height = 50; + $img_height = 40; + $img_width = 0; + $l = 0; + + list($usec, $sec) = explode(' ', microtime()); + mt_srand($sec * $usec); + + $char_widths = array(); + for ($i = 0; $i < strlen($code); $i++) + { + $char = $code{$i}; + + $width = mt_rand(0, 4); + $char_widths[] = $width; + $img_width += $_png[$char]['width'] - $width; + } + + $offset_x = mt_rand(0, $total_width - $img_width); + $offset_y = mt_rand(0, $total_height - $img_height); + + $image = ''; + $hold_chars = array(); + for ($i = 0; $i < $total_height; $i++) + { + $image .= chr(0); + + if ($i > $offset_y && $i < $offset_y + $img_height) + { + $j = 0; + + for ($k = 0; $k < $offset_x; $k++) + { + $image .= chr(mt_rand(140, 255)); + } + + for ($k = 0; $k < strlen($code); $k++) + { + $char = $code{$k}; + + if (empty($hold_chars[$char])) + { + $hold_chars[$char] = explode("\n", chunk_split(base64_decode($_png[$char]['data']), $_png[$char]['width'] + 1, "\n")); + } + $image .= randomise(substr($hold_chars[$char][$l], 1), $char_widths[$j]); + $j++; + } + + for ($k = $offset_x + $img_width; $k < $total_width; $k++) + { + $image .= chr(mt_rand(140, 255)); + } + + $l++; + } + else + { + for ($k = 0; $k < $total_width; $k++) + { + $image .= chr(mt_rand(140, 255)); + } + } + + } + unset($hold); + + $image = create_png(gzcompress($image), $total_width, $total_height); + + // Output image + header('Content-Type: image/png'); + header('Cache-control: no-cache, no-store'); + echo $image; + + unset($image); + unset($_png); + exit; + + } + else + { + if (!empty($HTTP_GET_VARS['c'])) + { + $_png = define_raw_pngs(); + + $char = substr($code, intval($HTTP_GET_VARS['c']) - 1, 1); + header('Content-Type: image/png'); + header('Cache-control: no-cache, no-store'); + echo base64_decode($_png[$char]); + + unset($_png); + exit; + } + } + + exit; + + // This is designed to randomise the pixels of the image data within + // certain limits so as to keep it readable. It also varies the image + // width a little + function randomise($scanline, $width) + { + $new_line = ''; + $start = floor($width/2); + $end = strlen($scanline) - ceil($width/2); + + for ($i = $start; $i < $end; $i++) + { + $pixel = ord($scanline{$i}); + + if ($pixel < 190) + { + $new_line .= chr(mt_rand(0, 205)); + } + else if ($pixel > 190) + { + $new_line .= chr(mt_rand(145, 255)); + } + else + { + $new_line .= $scanline{$i}; + } + } + + return $new_line; + } + + // This creates a chunk of the given type, with the given data + // of the given length adding the relevant crc + function png_chunk($length, $type, $data) + { + $raw = $type; + $raw .= $data; + $crc = crc32($raw); + $raw .= pack('C4', $crc >> 24, $crc >> 16, $crc >> 8, $crc); + + return pack('C4', $length >> 24, $length >> 16, $length >> 8, $length) . $raw; + } + + // Creates greyscale 8bit png - The PNG spec can be found at + // http://www.libpng.org/pub/png/spec/PNG-Contents.html we use + // png because it's a fully recognised open standard and supported + // by practically all modern browsers and OSs + function create_png($gzimage, $width, $height) + { + // SIG + $image = pack('C8', 137, 80, 78, 71, 13, 10, 26, 10); + // IHDR + $raw = pack('C4', $width >> 24, $width >> 16, $width >> 8, $width); + $raw .= pack('C4', $height >> 24, $height >> 16, $height >> 8, $height); + $raw .= pack('C5', 8, 0, 0, 0, 0); + $image .= png_chunk(13, 'IHDR', $raw); + // IDAT + $image .= png_chunk(strlen($gzimage), 'IDAT', $gzimage); + // IEND + $image .= png_chunk(0, 'IEND', ''); + + return $image; + } + + // Each 'data' element is base64_encoded uncompressed IDAT + // png image data + function define_filtered_pngs() + { + $_png = array( + '0' => array( + 'data' => 'AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A///////////////////olFAkBAAAGDyA4P///M31/////////////wD////////////////0dAgAAAAAAAAAAAAEcPipFGHn////////////AP//////////////6DAAAAAAAAAAAAAAAAAALSEAN+T///////////8A//////////////xAAAAAAAAAAAAAAAAAAAAAACPA/////////////wD/////////////oAAAAAAAAAAAAAAAAAAAAAAAev//////////////AP////////////8oAAAAAAAAPNj/zDAAAAAAAABD//////////////8A////////////1AAAAAAAABjw////5BAAAAAAAADo/////////////wD///////////+QAAAAAAAAbP//////QgAAAAAAAKj/////////////AP///////////1wAAAAAAACs/////8AXAAAAAAAAcP////////////8A////////////OAAAAAAAAND////dNwAAAAAAAABI/////////////wD///////////8gAAAAAAAA4P//7koACwAAAAAAACT/////////////AP///////////wgAAAAAAAD///VqAwaPAAAAAAAAEP////////////8A////////////AAAAAAAAAP/8kQYDavUAAAAAAAAA/////////////wD///////////8AAAAAAAAA/6kNAEru/wAAAAAAAAD/////////////AP///////////wAAAAAAAADAIwA33f//AAAAAAAAAP////////////8A////////////FAAAAAAAADYAI8D///8AAAAAAAAQ/////////////wD///////////8kAAAAAAAAAA2p////5AAAAAAAACD/////////////AP///////////0gAAAAAAAAFkfz////UAAAAAAAAQP////////////8A////////////cAAAAAAAAET1/////7AAAAAAAABo/////////////wD///////////+oAAAAAAAAXfX/////sAAAAAAAAGj/////////////AAAAALgAAAAAAAAwAAAAAAAAAAAAAAD////////////oAAAAAAAACOT////oEAAAAAAAAOD/////////////AP////////////8+AAAAAAAAKMz/zDQAAAAAAAA0//////////////8A////////////7jgAAAAAAAAAAAAAAAAAAAAAAKT//////////////wD///////////VqAwIAAAAAAAAAAAAAAAAAAAA8////////////////AP//////////rQcDaVEAAAAAAAAAAAAAAAAAKOj///////////////8A///////////nblnu/IAIAAAAAAAAAAAAAFzw/////////////////wD////////////79////+iITCAAAAAgSITg////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////w==', + 'width' => 40 + ), + '1' => array( + 'data' => 'AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////8BAAAAAAAP//////////////////AP////////////////////////9sAAAAAAAA//////////////////8A////////////////////////pAAAAAAAAAD//////////////////wD//////////////////////6wEAAAAAAAAAP//////////////////AP////////////////////h4AAAAAAAAAAAA//////////////////8A//////////////////ygJAAAAAAAAAAAAAD//////////////////wD//////////////9x8HAAAAAAAAAAAAAAAAP//////////////////AP//////////////AAAAAAAAAAAAAAAAAAAA//////////////////8A//////////////8AAAAAAAAAAAAAAAAAAAD//////////////////wD//////////////wAAAAAAAAR4AAAAAAAAAP//////////////////AP//////////////AAAAAAA4zP8AAAAAAAAA//////////////////8A//////////////8AAAA4sP///wAAAAAAAAD//////////////////wD//////////////yR80P//////AAAAAAAAAP//////////////////AP////////////////////////8AAAAAAAAA//////////////////8A/////////////////////////wAAAAAAAAD//////////////////wD/////////////////////////AAAAAAAAAP//////////////////AP////////////////////////8AAAAAAAAA//////////////////8A/////////////////////////wAAAAAAAAD//////////////////wD/////////////////////////AAAAAAAAAP//////////////////AP////////////////////////8AAAAAAAAA//////////////////8A/////////////////////////wAAAAAAAAD//////////////////wD/////////////////////////AAAAAAAAAP//////////////////AP////////////////////////8AAAAAAAAA//////////////////8A/////////////////////////wAAAAAAAAD//////////////////wD/////////////////////////AAAAAAAAAP//////////////////AP////////////////////////8AAAAAAAAA//////////////////8A/////////////////////////wAAAAAAAAD//////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8=', + 'width' => 40 + ), + '2' => array( + 'data' => 'AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP/////////////////okFAkCAAABCBIfNT///////////////////8A///////////////8hAgAAAAAAAAAAAAAAFTo/////////////////wD//////////////1QAAAAAAAAAAAAAAAAAACjo////////////////AP////////////+MAAAAAAAAAAAAAAAAAAAAADj///////////////8A////////////9BAAAAAAAAAAAAAAAAAAAAAAALD//////////////wD///////////+gAAAAAAAAAHjs+KwMAAAAAAAAVP//////////////AP///////////1gAAAAAAABM/////6QAAAAAAAAU//////////////8A////////////KAAAAAAAALj/////+AAAAAAAAAD//////////////wD///////////+MfGBMOCAI8P/////wAAAAAAAACP//////////////AP///////////////////////////5wAAAAAAAAw//////////////8A///////////////////////////oFAAAAAAAAHz//////////////wD/////////////////////////6CgAAAAAAAAE3P//////////////AP///////////////////////9ggAAAAAAAAAHT///////////////8A//////////////////////+0DAAAAAAAAAA8+P///////////////wD/////////////////////gAAAAAAAAAAAKOj/////////////////AP//////////////////9FAAAAAAAAAAADzw//////////////////8A/////////////////+g4AAAAAAAAAABk/P///////////////////wD////////////////oKAAAAAAAAAAMqP//////////////////////AP//////////////6CgAAAAAAAAAMNz///////////////////////8A//////////////g4AAAAAAAAAFT0/////////////////////////wD/////////////bAAAAAAAAABU/P//////////////////////////AP///////////8wAAAAAAAAAAAAAAAAAAAAAAAAA//////////////8A////////////SAAAAAAAAAAAAAAAAAAAAAAAAAD//////////////wD//////////9wAAAAAAAAAAAAAAAAAAAAAAAAAAP//////////////AP//////////hAAAAAAAAAAAAAAAAAAAAAAAAAAA//////////////8A//////////9AAAAAAAAAAAAAAAAAAAAAAAAAAAD//////////////wD//////////xAAAAAAAAAAAAAAAAAAAAAAAAAAAP//////////////AP////////////////////////////////////////////////////8=', + 'width' => 40 + ), + '3' => array( + 'data' => 'AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD////////////////8sGg0FAAAACA4cLz8////////////////////AP//////////////rBgAAAAAAAAAAAAAACTA//////////////////8A/////////////3QAAAAAAAAAAAAAAAAAAASs/////////////////wD///////////+YAAAAAAAAAAAAAAAAAAAAAAjc////////////////AP//////////6AwAAAAAAAAAAAAAAAAAAAAAAGT///////////////8A//////////94AAAAAAAABJDw/8g4AAAAAAAAHP///////////////wD//////////yAAAAAAAACE/////9gAAAAAAAAA////////////////AP///////////NSwiGQ4FOT//////AAAAAAAABD///////////////8A//////////////////////////+YAAAAAAAAVP///////////////wD//////////////////////P/ggAQAAAAAAATM////////////////AP////////////////////9gAAAAAAAAAAAElP////////////////8A/////////////////////0AAAAAAAAAAHLj//////////////////wD/////////////////////OAAAAAAAAAAwkPj/////////////////AP////////////////////8gAAAAAAAAAAAAINj///////////////8A/////////////////////xAAAAAAAAAAAAAAIPD//////////////wD/////////////////////uOz/4HgEAAAAAAAAhP//////////////AP///////////////////////////3wAAAAAAAAw//////////////8A////////////////////////////6AAAAAAAAAj//////////////wD/////////////////////////////AAAAAAAAAP//////////////AP//////////tJh8YEQoDNz//////+AAAAAAAAAY//////////////8A//////////88AAAAAAAAaP//////dAAAAAAAAEz//////////////wD//////////6QAAAAAAAAAdOD/5HQAAAAAAAAApP//////////////AP///////////CgAAAAAAAAAAAAAAAAAAAAAACD4//////////////8A////////////yAQAAAAAAAAAAAAAAAAAAAAEuP///////////////wD/////////////rAQAAAAAAAAAAAAAAAAABJD/////////////////AP//////////////zDQAAAAAAAAAAAAAACTA//////////////////8A/////////////////8BwOCAAAAAUNGi0/P///////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8=', + 'width' => 40 + ), + '4' => array( + 'data' => 'AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP//////////////////////////nAAAAAAAAAD///////////////8A/////////////////////////8AEAAAAAAAAAP///////////////wD////////////////////////gGAAAAAAAAAAA////////////////AP//////////////////////9DAAAAAAAAAAAAD///////////////8A//////////////////////9UAAAAAAAAAAAAAP///////////////wD/////////////////////hAAAAAAAAAAAAAAA////////////////AP///////////////////7QAAAAAAAAAAAAAAAD///////////////8A///////////////////UDAAAAAAUAAAAAAAAAP///////////////wD/////////////////7CQAAAAABMAAAAAAAAAA////////////////AP////////////////xEAAAAAACU/wAAAAAAAAD///////////////8A////////////////cAAAAAAAZP//AAAAAAAAAP///////////////wD//////////////6AAAAAAADz8//8AAAAAAAAA////////////////AP/////////////IBAAAAAAc6P///wAAAAAAAAD///////////////8A////////////5BgAAAAADMz/////AAAAAAAAAP///////////////wD///////////g0AAAAAACk//////8AAAAAAAAA////////////////AP//////////XAAAAAAAfP///////wAAAAAAAAD///////////////8A//////////8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP///////////wD//////////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA////////////AP//////////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD///////////8A//////////8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP///////////wD//////////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA////////////AP//////////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD///////////8A////////////////////////////AAAAAAAAAP///////////////wD///////////////////////////8AAAAAAAAA////////////////AP///////////////////////////wAAAAAAAAD///////////////8A////////////////////////////AAAAAAAAAP///////////////wD///////////////////////////8AAAAAAAAA////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8=', + 'width' => 40 + ), + '5' => array( + 'data' => 'AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP//////////////8AAAAAAAAAAAAAAAAAAAAAAA//////////////8A///////////////MAAAAAAAAAAAAAAAAAAAAAAD//////////////wD//////////////6wAAAAAAAAAAAAAAAAAAAAAAP//////////////AP//////////////iAAAAAAAAAAAAAAAAAAAAAAA//////////////8A//////////////9kAAAAAAAAAAAAAAAAAAAAAAD//////////////wD//////////////0QAAAAAAAAAAAAAAAAAAAAAAP//////////////AP//////////////IAAAAAAAYP////////////////////////////8A//////////////wAAAAAAAB8/////////////////////////////wD/////////////3AAAAAAAAIj/////////////////////////////AP////////////+4AAAAAAAAoLRYHAAEKGTE//////////////////8A/////////////5QAAAAAAAAQAAAAAAAAAABY9P///////////////wD/////////////dAAAAAAAAAAAAAAAAAAAAAA89P//////////////AP////////////9QAAAAAAAAAAAAAAAAAAAAAABg//////////////8A/////////////zAAAAAAAAAAAAAAAAAAAAAAAADQ/////////////wD/////////////IAAAAAAAAGjY/+h4BAAAAAAAAGz/////////////AP//////////////9NS0lHSc//////90AAAAAAAALP////////////8A/////////////////////////////9QAAAAAAAAE/////////////wD//////////////////////////////wAAAAAAAAD/////////////AP/////////////////////////////8AAAAAAAAEP////////////8A////////////pIRwWEAgDOD//////8wAAAAAAAA8/////////////wD///////////9EAAAAAAAAaP//////ZAAAAAAAAHz/////////////AP///////////6QAAAAAAAAAaOD/4GQAAAAAAAAE4P////////////8A/////////////CQAAAAAAAAAAAAAAAAAAAAAAGD//////////////wD/////////////yAQAAAAAAAAAAAAAAAAAAAAc7P//////////////AP//////////////rAwAAAAAAAAAAAAAAAAAGNj///////////////8A////////////////0EAAAAAAAAAAAAAAAFTo/////////////////wD//////////////////8h4QCAAAAAcQHzU////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8=', + 'width' => 40 + ), + '6' => array( + 'data' => 'AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD///////////////////+0ZCwMAAAUNGjI////////////////////AP/////////////////EMAAAAAAAAAAAAABM6P////////////////8A////////////////lAQAAAAAAAAAAAAAAAAo6P///////////////wD//////////////6wAAAAAAAAAAAAAAAAAAABI////////////////AP/////////////oEAAAAAAAAAAAAAAAAAAAAACw//////////////8A/////////////3AAAAAAAAAoxP/YPAAAAAAAAEj//////////////wD////////////4EAAAAAAACOD////YDCBAVGiAoP//////////////AP///////////7gAAAAAAABY//////////////////////////////8A////////////eAAAAAAAAJT//////////////////////////////wD///////////9MAAAAAAAAvP/IXBgABCx03P//////////////////AP///////////ygAAAAAAADcdAAAAAAAAAAEiP////////////////8A////////////FAAAAAAAAFAAAAAAAAAAAAAAcP///////////////wD///////////8AAAAAAAAAAAAAAAAAAAAAAAAAlP//////////////AP///////////wAAAAAAAAAAAAAAAAAAAAAAAAAQ8P////////////8A////////////AAAAAAAAAABAyP/kZAAAAAAAAACQ/////////////wD///////////8MAAAAAAAALPj/////WAAAAAAAAET/////////////AP///////////yQAAAAAAACY///////MAAAAAAAAFP////////////8A////////////SAAAAAAAAMD///////wAAAAAAAAA/////////////wD///////////9wAAAAAAAAvP///////wAAAAAAAAD/////////////AP///////////7QAAAAAAACI///////UAAAAAAAAJP////////////8A////////////+AwAAAAAACDw/////2wAAAAAAABY/////////////wD/////////////cAAAAAAAADC8/Ox4AAAAAAAAAKj/////////////AP/////////////oEAAAAAAAAAAAAAAAAAAAAAAk/P////////////8A//////////////+oAAAAAAAAAAAAAAAAAAAABLj//////////////wD///////////////+QAAAAAAAAAAAAAAAAAACQ////////////////AP////////////////+0JAAAAAAAAAAAAAAkuP////////////////8A///////////////////8sGg0FAAADCxgqPz//////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8=', + 'width' => 40 + ), + '7' => array( + 'data' => 'AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD///////////8AAAAAAAAAAAAAAAAAAAAAAAAAAAD/////////////AP///////////wAAAAAAAAAAAAAAAAAAAAAAAAAAAP////////////8A////////////AAAAAAAAAAAAAAAAAAAAAAAAAAAA/////////////wD///////////8AAAAAAAAAAAAAAAAAAAAAAAAAAAD/////////////AP///////////wAAAAAAAAAAAAAAAAAAAAAAAAAABP////////////8A////////////AAAAAAAAAAAAAAAAAAAAAAAAAAy4/////////////wD//////////////////////////+QUAAAAAAAEuP//////////////AP/////////////////////////8QAAAAAAAAKT///////////////8A/////////////////////////4wAAAAAAAB0/////////////////wD////////////////////////cCAAAAAAANPz/////////////////AP///////////////////////0QAAAAAAATY//////////////////8A//////////////////////+0AAAAAAAAeP///////////////////wD//////////////////////CQAAAAAABTw////////////////////AP////////////////////+gAAAAAAAAkP////////////////////8A/////////////////////ywAAAAAABDw/////////////////////wD///////////////////+4AAAAAAAAbP//////////////////////AP///////////////////1wAAAAAAADQ//////////////////////8A///////////////////4DAAAAAAAMP///////////////////////wD//////////////////7QAAAAAAAB8////////////////////////AP//////////////////aAAAAAAAAMj///////////////////////8A//////////////////8oAAAAAAAM/P///////////////////////wD/////////////////8AAAAAAAAET/////////////////////////AP////////////////+0AAAAAAAAcP////////////////////////8A/////////////////4wAAAAAAACY/////////////////////////wD/////////////////WAAAAAAAAMD/////////////////////////AP////////////////80AAAAAAAA4P////////////////////////8A/////////////////xAAAAAAAAD4/////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8=', + 'width' => 40 + ), + '8' => array( + 'data' => 'AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD////////////////////IdDQUAAAEIEiA1P//////////////////AP/////////////////gRAAAAAAAAAAAAAAAROD///////////////8A////////////////0BgAAAAAAAAAAAAAAAAAEMj//////////////wD///////////////AcAAAAAAAAAAAAAAAAAAAAHPD/////////////AP//////////////hAAAAAAAAAAAAAAAAAAAAAAAhP////////////8A//////////////8sAAAAAAAAKMz/zCgAAAAAAAAs/////////////wD//////////////wAAAAAAAADM////zAAAAAAAAAD/////////////AP//////////////BAAAAAAAAP//////AAAAAAAABP////////////8A//////////////8sAAAAAAAAzP///9QAAAAAAAAw/////////////wD//////////////3wAAAAAAAAoyP/YNAAAAAAAAIT/////////////AP//////////////7BgAAAAAAAAAAAAAAAAAAAAc8P////////////8A////////////////xBgAAAAAAAAAAAAAAAAAGNj//////////////wD/////////////////tAQAAAAAAAAAAAAAAACo////////////////AP///////////////HAAAAAAAAAAAAAAAAAAAAB8//////////////8A//////////////9gAAAAAAAAAAAAAAAAAAAAAAB8/////////////wD/////////////wAAAAAAAAABk4P/UWAAAAAAAAATQ////////////AP////////////9UAAAAAAAAaP//////XAAAAAAAAGT///////////8A/////////////xgAAAAAAADg///////cAAAAAAAAJP///////////wD/////////////AAAAAAAAAP////////8AAAAAAAAA////////////AP////////////8AAAAAAAAA4P//////3AAAAAAAAAT///////////8A/////////////ygAAAAAAABg//////9cAAAAAAAALP///////////wD/////////////ZAAAAAAAAABY1P/cXAAAAAAAAABw////////////AP/////////////QAAAAAAAAAAAAAAAAAAAAAAAABNz///////////8A//////////////9gAAAAAAAAAAAAAAAAAAAAAAB0/////////////wD///////////////Q8AAAAAAAAAAAAAAAAAAAAUPz/////////////AP////////////////x4CAAAAAAAAAAAAAAAEIT8//////////////8A///////////////////smFQwGAAAABg0ZKT0/////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8=', + 'width' => 40 + ), + '9' => array( + 'data' => 'AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD///////////////////ysYCwMAAAUNGiw/P//////////////////AP////////////////+4JAAAAAAAAAAAAAAkuP////////////////8A////////////////lAQAAAAAAAAAAAAAAAAAkP///////////////wD//////////////8AEAAAAAAAAAAAAAAAAAAAAqP//////////////AP/////////////8JAAAAAAAAAAAAAAAAAAAAAAQ7P////////////8A/////////////6wAAAAAAAAAfOz8vCwAAAAAAABw/////////////wD/////////////WAAAAAAAAHD/////7BgAAAAAAAz4////////////AP////////////8kAAAAAAAA1P//////hAAAAAAAALT///////////8A/////////////wAAAAAAAAD///////+4AAAAAAAAcP///////////wD/////////////AAAAAAAAAPz//////8AAAAAAAABI////////////AP////////////8UAAAAAAAAzP//////lAAAAAAAACT///////////8A/////////////0QAAAAAAABY//////gsAAAAAAAADP///////////wD/////////////kAAAAAAAAABw5P/IPAAAAAAAAAAA////////////AP/////////////wEAAAAAAAAAAAAAAAAAAAAAAAAAD///////////8A//////////////+UAAAAAAAAAAAAAAAAAAAAAAAAAP///////////wD///////////////9wAAAAAAAAAAAAAFAAAAAAAAAU////////////AP////////////////+IBAAAAAAAAABw3AAAAAAAACj///////////8A///////////////////cdCwEABhcxP+8AAAAAAAATP///////////wD//////////////////////////////5AAAAAAAAB4////////////AP//////////////////////////////UAAAAAAAALj///////////8A//////////////+kgGxUQCAM2P///+AIAAAAAAAQ+P///////////wD//////////////0gAAAAAAAA42P/EKAAAAAAAAHD/////////////AP//////////////sAAAAAAAAAAAAAAAAAAAAAAQ6P////////////8A////////////////TAAAAAAAAAAAAAAAAAAAAKz//////////////wD////////////////oKAAAAAAAAAAAAAAAAASU////////////////AP/////////////////sUAAAAAAAAAAAAAAwxP////////////////8A////////////////////yHA0FAAADCxktP///////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8=', + 'width' => 40 + ), + 'A' => array( + 'data' => 'AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD//////////////////+QAAAAAAAAAAAAAAOT/////////////////AP//////////////////kAAAAAAAAAAAAAAAkP////////////////8A//////////////////88AAAAAAAAAAAAAAA8/////////////////wD/////////////////5AAAAAAAAAAAAAAAAADk////////////////AP////////////////+QAAAAAAAAAAAAAAAAAJD///////////////8A/////////////////zwAAAAAAAAAAAAAAAAAPP///////////////wD////////////////kAAAAAAAAAAgAAAAAAAAA5P//////////////AP///////////////5AAAAAAAAAAgAAAAAAAAACQ//////////////8A////////////////PAAAAAAAAAz8HAAAAAAAADz//////////////wD//////////////+QAAAAAAAAAWP9kAAAAAAAAANz/////////////AP//////////////kAAAAAAAAACk/7wAAAAAAAAAhP////////////8A//////////////88AAAAAAAABOz//BQAAAAAAAAw/////////////wD/////////////4AAAAAAAAAA8////ZAAAAAAAAADc////////////AP////////////+EAAAAAAAAAIj///+8AAAAAAAAAIT///////////8A/////////////zAAAAAAAAAA2P////wQAAAAAAAAMP///////////wD////////////cAAAAAAAAACT//////1wAAAAAAAAA3P//////////AP///////////4QAAAAAAAAAAAAAAAAAAAAAAAAAAACE//////////8A////////////MAAAAAAAAAAAAAAAAAAAAAAAAAAAADD//////////wD//////////9wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANz/////////AP//////////hAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAhP////////8A//////////8wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAw/////////wD/////////3AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADc////////AP////////+EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIT///////8A/////////zAAAAAAAAAAhP///////////2QAAAAAAAAAMP///////wD////////cAAAAAAAAAADM////////////vAAAAAAAAAAA3P//////AP///////4QAAAAAAAAAHP/////////////4DAAAAAAAAACE//////8A////////MAAAAAAAAABk//////////////9cAAAAAAAAADD//////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8=', + 'width' => 40 + ), + 'B' => array( + 'data' => 'AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A//////////8AAAAAAAAAAAAAAAAAAAAAEDh83P///////////////wD//////////wAAAAAAAAAAAAAAAAAAAAAAAAAEhP//////////////AP//////////AAAAAAAAAAAAAAAAAAAAAAAAAAAAeP////////////8A//////////8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAxP///////////wD//////////wAAAAAAAAAAAAAAAAAAAAAAAAAAAABY////////////AP//////////AAAAAAAAAAAAAAAAAAAAAAAAAAAAABT///////////8A//////////8AAAAAAAAAAP/////4zEwAAAAAAAAAAP///////////wD//////////wAAAAAAAAAA////////7AAAAAAAAAAQ////////////AP//////////AAAAAAAAAAD////////sAAAAAAAAAEj///////////8A//////////8AAAAAAAAAAP/////4zEQAAAAAAAAAtP///////////wD//////////wAAAAAAAAAAAAAAAAAAAAAAAAAAAFz/////////////AP//////////AAAAAAAAAAAAAAAAAAAAAAAAAAiA/P////////////8A//////////8AAAAAAAAAAAAAAAAAAAAAAAAIjPj//////////////wD//////////wAAAAAAAAAAAAAAAAAAAAAAAAAAGKz/////////////AP//////////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAJT///////////8A//////////8AAAAAAAAAAAAAAAAAAAAAAAAAAAAABNz//////////wD//////////wAAAAAAAAAA///////sqCAAAAAAAAAAbP//////////AP//////////AAAAAAAAAAD/////////yAAAAAAAAAAs//////////8A//////////8AAAAAAAAAAP//////////AAAAAAAAAAT//////////wD//////////wAAAAAAAAAA/////////7wAAAAAAAAAAP//////////AP//////////AAAAAAAAAAD//////+ikGAAAAAAAAAAY//////////8A//////////8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFT//////////wD//////////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsP//////////AP//////////AAAAAAAAAAAAAAAAAAAAAAAAAAAAADj///////////8A//////////8AAAAAAAAAAAAAAAAAAAAAAAAAAAAc6P///////////wD//////////wAAAAAAAAAAAAAAAAAAAAAAAAAATOj/////////////AP//////////AAAAAAAAAAAAAAAAAAAEIEBkkNj///////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8=', + 'width' => 40 + ), + 'C' => array( + 'data' => 'AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP//////////////////5JRULBAAAAgkTIDQ//////////////////8A////////////////1FAAAAAAAAAAAAAAAABAyP///////////////wD//////////////4gEAAAAAAAAAAAAAAAAAAAElP//////////////AP////////////9wAAAAAAAAAAAAAAAAAAAAAAAAlP////////////8A////////////kAAAAAAAAAAAAAAAAAAAAAAAAAAEyP///////////wD//////////9wIAAAAAAAAAAAAAAAAAAAAAAAAAAAw////////////AP//////////WAAAAAAAAAAAWMz/8JwQAAAAAAAAAACw//////////8A/////////+wEAAAAAAAAAID//////9QMAAAAAAAAAET//////////wD/////////nAAAAAAAAAAo/P///////3wAAAAABDBspP//////////AP////////9gAAAAAAAAAIz/////////3BxQjMT0//////////////8A/////////zQAAAAAAAAAzP///////////////////////////////wD/////////GAAAAAAAAADo////////////////////////////////AP////////8AAAAAAAAAAP////////////////////////////////8A/////////wAAAAAAAAAA/////////////////////////////////wD/////////AAAAAAAAAAD/////////////////////////////////AP////////8cAAAAAAAAAOj///////////////////////////////8A/////////zgAAAAAAAAA0P/////////kIGio7P///////////////wD/////////bAAAAAAAAACg/////////5wAAAAAMHS49P//////////AP////////+oAAAAAAAAAEz/////////PAAAAAAAAAAc//////////8A//////////QIAAAAAAAAALz//////6QAAAAAAAAAAGT//////////wD//////////3AAAAAAAAAADIzo/+SEBAAAAAAAAAAAyP//////////AP//////////7BAAAAAAAAAAAAAAAAAAAAAAAAAAAED///////////8A////////////rAAAAAAAAAAAAAAAAAAAAAAAAAAE0P///////////wD/////////////fAAAAAAAAAAAAAAAAAAAAAAAAJz/////////////AP//////////////iAQAAAAAAAAAAAAAAAAAAASY//////////////8A////////////////yEAAAAAAAAAAAAAAAAA8yP///////////////wD//////////////////9yIUCwQAAAAIEB4yP//////////////////AP////////////////////////////////////////////////////8=', + 'width' => 40 + ), + 'D' => array( + 'data' => 'AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD///////////8AAAAAAAAAAAAAAAAADChQkOT/////////////////AP///////////wAAAAAAAAAAAAAAAAAAAAAABGjw//////////////8A////////////AAAAAAAAAAAAAAAAAAAAAAAAACDY/////////////wD///////////8AAAAAAAAAAAAAAAAAAAAAAAAAABjk////////////AP///////////wAAAAAAAAAAAAAAAAAAAAAAAAAAAED///////////8A////////////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAKj//////////wD///////////8AAAAAAAAAAP///+isSAAAAAAAAAAANP//////////AP///////////wAAAAAAAAAA////////hAAAAAAAAAAA2P////////8A////////////AAAAAAAAAAD/////////MAAAAAAAAACQ/////////wD///////////8AAAAAAAAAAP////////+MAAAAAAAAAFj/////////AP///////////wAAAAAAAAAA/////////8gAAAAAAAAAMP////////8A////////////AAAAAAAAAAD/////////5AAAAAAAAAAY/////////wD///////////8AAAAAAAAAAP//////////AAAAAAAAAAD/////////AP///////////wAAAAAAAAAA//////////8AAAAAAAAAAP////////8A////////////AAAAAAAAAAD//////////wAAAAAAAAAA/////////wD///////////8AAAAAAAAAAP/////////wAAAAAAAAABD/////////AP///////////wAAAAAAAAAA/////////9QAAAAAAAAAJP////////8A////////////AAAAAAAAAAD/////////qAAAAAAAAABI/////////wD///////////8AAAAAAAAAAP////////9QAAAAAAAAAHj/////////AP///////////wAAAAAAAAAA////////uAAAAAAAAAAAvP////////8A////////////AAAAAAAAAAD////w0HwEAAAAAAAAACT8/////////wD///////////8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAoP//////////AP///////////wAAAAAAAAAAAAAAAAAAAAAAAAAAADz8//////////8A////////////AAAAAAAAAAAAAAAAAAAAAAAAAAAY6P///////////wD///////////8AAAAAAAAAAAAAAAAAAAAAAAAAKNz/////////////AP///////////wAAAAAAAAAAAAAAAAAAAAAACHT0//////////////8A////////////AAAAAAAAAAAAAAAAABg4bKj0/////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8=', + 'width' => 40 + ), + 'E' => array( + 'data' => 'AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP//////////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAP////////////8A//////////8AAAAAAAAAAAAAAAAAAAAAAAAAAAAA/////////////wD//////////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/////////////AP//////////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAP////////////8A//////////8AAAAAAAAAAAAAAAAAAAAAAAAAAAAA/////////////wD//////////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/////////////AP//////////AAAAAAAAAAD///////////////////////////////8A//////////8AAAAAAAAAAP///////////////////////////////wD//////////wAAAAAAAAAA////////////////////////////////AP//////////AAAAAAAAAAD///////////////////////////////8A//////////8AAAAAAAAAAAAAAAAAAAAAAAAAAAD//////////////wD//////////wAAAAAAAAAAAAAAAAAAAAAAAAAAAP//////////////AP//////////AAAAAAAAAAAAAAAAAAAAAAAAAAAA//////////////8A//////////8AAAAAAAAAAAAAAAAAAAAAAAAAAAD//////////////wD//////////wAAAAAAAAAAAAAAAAAAAAAAAAAAAP//////////////AP//////////AAAAAAAAAAAAAAAAAAAAAAAAAAAA//////////////8A//////////8AAAAAAAAAAP///////////////////////////////wD//////////wAAAAAAAAAA////////////////////////////////AP//////////AAAAAAAAAAD///////////////////////////////8A//////////8AAAAAAAAAAP///////////////////////////////wD//////////wAAAAAAAAAA////////////////////////////////AP//////////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAP////////////8A//////////8AAAAAAAAAAAAAAAAAAAAAAAAAAAAA/////////////wD//////////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/////////////AP//////////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAP////////////8A//////////8AAAAAAAAAAAAAAAAAAAAAAAAAAAAA/////////////wD//////////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/////////////AP////////////////////////////////////////////////////8=', + 'width' => 40 + ), + 'F' => array( + 'data' => 'AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////wAAAAAAAAAAAAAAAAAAAAAAAAAA/////////////wD/////////////AAAAAAAAAAAAAAAAAAAAAAAAAAD/////////////AP////////////8AAAAAAAAAAAAAAAAAAAAAAAAAAP////////////8A/////////////wAAAAAAAAAAAAAAAAAAAAAAAAAA/////////////wD/////////////AAAAAAAAAAAAAAAAAAAAAAAAAAD/////////////AP////////////8AAAAAAAAAAAAAAAAAAAAAAAAAAP////////////8A/////////////wAAAAAAAAAA/////////////////////////////wD/////////////AAAAAAAAAAD/////////////////////////////AP////////////8AAAAAAAAAAP////////////////////////////8A/////////////wAAAAAAAAAA/////////////////////////////wD/////////////AAAAAAAAAAAAAAAAAAAAAAAA////////////////AP////////////8AAAAAAAAAAAAAAAAAAAAAAAD///////////////8A/////////////wAAAAAAAAAAAAAAAAAAAAAAAP///////////////wD/////////////AAAAAAAAAAAAAAAAAAAAAAAA////////////////AP////////////8AAAAAAAAAAAAAAAAAAAAAAAD///////////////8A/////////////wAAAAAAAAAAAAAAAAAAAAAAAP///////////////wD/////////////AAAAAAAAAAD/////////////////////////////AP////////////8AAAAAAAAAAP////////////////////////////8A/////////////wAAAAAAAAAA/////////////////////////////wD/////////////AAAAAAAAAAD/////////////////////////////AP////////////8AAAAAAAAAAP////////////////////////////8A/////////////wAAAAAAAAAA/////////////////////////////wD/////////////AAAAAAAAAAD/////////////////////////////AP////////////8AAAAAAAAAAP////////////////////////////8A/////////////wAAAAAAAAAA/////////////////////////////wD/////////////AAAAAAAAAAD/////////////////////////////AP////////////8AAAAAAAAAAP////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8=', + 'width' => 40 + ), + 'G' => array( + 'data' => 'AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD//////////////////MB8TCgQAAAACCA4YJzs////////////////AP///////////////JQcAAAAAAAAAAAAAAAAAAhw8P////////////8A/////////////9gwAAAAAAAAAAAAAAAAAAAAAAAk2P///////////wD////////////EDAAAAAAAAAAAAAAAAAAAAAAAAAAc7P//////////AP//////////2AwAAAAAAAAAAAAAAAAAAAAAAAAAAABY//////////8A//////////wwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQ/////////wD/////////kAAAAAAAAAAAEHzQ/P/gmCAAAAAAAAAAAFz/////////AP////////wcAAAAAAAAACjg////////8CwAAAAAAAAgWP////////8A////////vAAAAAAAAAAI2P//////////yBRAcJjI8P///////////wD///////94AAAAAAAAAGD/////////////////////////////////AP///////0AAAAAAAAAAsP////////////////////////////////8A////////IAAAAAAAAADc/////////////////////////////////wD///////8AAAAAAAAAAP///////wAAAAAAAAAAAAAAAAD/////////AP///////wAAAAAAAAAA////////AAAAAAAAAAAAAAAAAP////////8A////////AAAAAAAAAAD///////8AAAAAAAAAAAAAAAAA/////////wD///////8gAAAAAAAAAOD//////wAAAAAAAAAAAAAAAAD/////////AP///////0AAAAAAAAAAtP//////AAAAAAAAAAAAAAAAAP////////8A////////cAAAAAAAAABw//////8AAAAAAAAAAAAAAAAA/////////wD///////+8AAAAAAAAABDs////////////AAAAAAAAAAD/////////AP////////wYAAAAAAAAADz0//////////AAAAAAAAAAAP////////8A/////////5AAAAAAAAAAACCY4P//3KhcCAAAAAAAAAAA/////////wD/////////+CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/////////AP//////////xAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIP////////8A////////////rAQAAAAAAAAAAAAAAAAAAAAAAAAAAGTw/////////wD/////////////vBQAAAAAAAAAAAAAAAAAAAAAADjI////////////AP//////////////8HAQAAAAAAAAAAAAAAAAAEiw//////////////8A//////////////////iwcEAgBAAABCA4aKDk/////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8=', + 'width' => 40 + ), + 'H' => array( + 'data' => 'AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////8AAAAAAAAAAP///////////wAAAAAAAAAA//////////8A/////////wAAAAAAAAAA////////////AAAAAAAAAAD//////////wD/////////AAAAAAAAAAD///////////8AAAAAAAAAAP//////////AP////////8AAAAAAAAAAP///////////wAAAAAAAAAA//////////8A/////////wAAAAAAAAAA////////////AAAAAAAAAAD//////////wD/////////AAAAAAAAAAD///////////8AAAAAAAAAAP//////////AP////////8AAAAAAAAAAP///////////wAAAAAAAAAA//////////8A/////////wAAAAAAAAAA////////////AAAAAAAAAAD//////////wD/////////AAAAAAAAAAD///////////8AAAAAAAAAAP//////////AP////////8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA//////////8A/////////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD//////////wD/////////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP//////////AP////////8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA//////////8A/////////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD//////////wD/////////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP//////////AP////////8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA//////////8A/////////wAAAAAAAAAA////////////AAAAAAAAAAD//////////wD/////////AAAAAAAAAAD///////////8AAAAAAAAAAP//////////AP////////8AAAAAAAAAAP///////////wAAAAAAAAAA//////////8A/////////wAAAAAAAAAA////////////AAAAAAAAAAD//////////wD/////////AAAAAAAAAAD///////////8AAAAAAAAAAP//////////AP////////8AAAAAAAAAAP///////////wAAAAAAAAAA//////////8A/////////wAAAAAAAAAA////////////AAAAAAAAAAD//////////wD/////////AAAAAAAAAAD///////////8AAAAAAAAAAP//////////AP////////8AAAAAAAAAAP///////////wAAAAAAAAAA//////////8A/////////wAAAAAAAAAA////////////AAAAAAAAAAD//////////wD/////////AAAAAAAAAAD///////////8AAAAAAAAAAP//////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8=', + 'width' => 40 + ), + 'I' => array( + 'data' => 'AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////AAAAAAAAAAAAAAAAAAAAAAAA////////////////AP////////////8AAAAAAAAAAAAAAAAAAAAAAAD///////////////8A/////////////wAAAAAAAAAAAAAAAAAAAAAAAP///////////////wD/////////////AAAAAAAAAAAAAAAAAAAAAAAA////////////////AP////////////8AAAAAAAAAAAAAAAAAAAAAAAD///////////////8A/////////////wAAAAAAAAAAAAAAAAAAAAAAAP///////////////wD/////////////AAAAAAAAAAAAAAAAAAAAAAAA////////////////AP///////////////////wAAAAAAAAAA//////////////////////8A////////////////////AAAAAAAAAAD//////////////////////wD///////////////////8AAAAAAAAAAP//////////////////////AP///////////////////wAAAAAAAAAA//////////////////////8A////////////////////AAAAAAAAAAD//////////////////////wD///////////////////8AAAAAAAAAAP//////////////////////AP///////////////////wAAAAAAAAAA//////////////////////8A////////////////////AAAAAAAAAAD//////////////////////wD///////////////////8AAAAAAAAAAP//////////////////////AP///////////////////wAAAAAAAAAA//////////////////////8A////////////////////AAAAAAAAAAD//////////////////////wD///////////////////8AAAAAAAAAAP//////////////////////AP///////////////////wAAAAAAAAAA//////////////////////8A////////////////////AAAAAAAAAAD//////////////////////wD///////////////////8AAAAAAAAAAP//////////////////////AP////////////8AAAAAAAAAAAAAAAAAAAAAAAD///////////////8A/////////////wAAAAAAAAAAAAAAAAAAAAAAAP///////////////wD/////////////AAAAAAAAAAAAAAAAAAAAAAAA////////////////AP////////////8AAAAAAAAAAAAAAAAAAAAAAAD///////////////8A/////////////wAAAAAAAAAAAAAAAAAAAAAAAP///////////////wD///////////