diff -crN phpbb2014/admin/admin_forums.php phpbb2017/admin/admin_forums.php
*** phpbb2014/admin/admin_forums.php Mon Apr 18 21:43:30 2005
--- phpbb2017/admin/admin_forums.php Tue Jul 19 22:14:56 2005
***************
*** 6,12 ****
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: admin_forums.php,v 1.40.2.11 2004/03/25 15:57:19 acydburn Exp $
*
***************************************************************************/
--- 6,12 ----
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: admin_forums.php,v 1.40.2.12 2005/05/07 22:18:10 acydburn Exp $
*
***************************************************************************/
***************
*** 233,238 ****
--- 233,239 ----
if( $mode == "addforum" )
{
list($cat_id) = each($HTTP_POST_VARS['addforum']);
+ $cat_id = intval($cat_id);
//
// stripslashes needs to be run on this because slashes are added when the forum name is posted
//
***************
*** 1024,1027 ****
include('./page_footer_admin.'.$phpEx);
! ?>
--- 1025,1028 ----
include('./page_footer_admin.'.$phpEx);
! ?>
\ No newline at end of file
diff -crN phpbb2014/admin/admin_smilies.php phpbb2017/admin/admin_smilies.php
*** phpbb2014/admin/admin_smilies.php Mon Apr 18 21:43:30 2005
--- phpbb2017/admin/admin_smilies.php Tue Jul 19 22:14:56 2005
***************
*** 6,12 ****
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: admin_smilies.php,v 1.22.2.13 2004/03/25 15:57:20 acydburn Exp $
*
****************************************************************************/
--- 6,12 ----
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: admin_smilies.php,v 1.22.2.14 2005/05/06 20:50:09 acydburn Exp $
*
****************************************************************************/
***************
*** 447,452 ****
--- 447,455 ----
$smile_code = ( isset($HTTP_POST_VARS['smile_code']) ) ? $HTTP_POST_VARS['smile_code'] : $HTTP_GET_VARS['smile_code'];
$smile_url = ( isset($HTTP_POST_VARS['smile_url']) ) ? $HTTP_POST_VARS['smile_url'] : $HTTP_GET_VARS['smile_url'];
$smile_emotion = ( isset($HTTP_POST_VARS['smile_emotion']) ) ? $HTTP_POST_VARS['smile_emotion'] : $HTTP_GET_VARS['smile_emotion'];
+ $smile_code = trim($smile_code);
+ $smile_url = trim($smile_url);
+ $smile_emotion = trim($smile_emotion);
// If no code was entered complain ...
if ($smile_code == '' || $smile_url == '')
***************
*** 553,556 ****
//
include('./page_footer_admin.'.$phpEx);
! ?>
--- 556,559 ----
//
include('./page_footer_admin.'.$phpEx);
! ?>
\ No newline at end of file
diff -crN phpbb2014/admin/admin_ug_auth.php phpbb2017/admin/admin_ug_auth.php
*** phpbb2014/admin/admin_ug_auth.php Mon Apr 18 21:43:30 2005
--- phpbb2017/admin/admin_ug_auth.php Tue Jul 19 22:14:56 2005
***************
*** 6,12 ****
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: admin_ug_auth.php,v 1.13.2.5 2004/03/25 15:57:20 acydburn Exp $
*
*
***************************************************************************/
--- 6,12 ----
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: admin_ug_auth.php,v 1.13.2.9 2005/07/19 20:01:05 acydburn Exp $
*
*
***************************************************************************/
***************
*** 414,419 ****
--- 414,420 ----
FROM " . AUTH_ACCESS_TABLE . " aa, " . USER_GROUP_TABLE . " ug, " . USERS_TABLE . " u
WHERE ug.group_id = aa.group_id
AND u.user_id = ug.user_id
+ AND ug.user_pending = 0
AND u.user_level NOT IN (" . MOD . ", " . ADMIN . ")
GROUP BY u.user_id
HAVING SUM(aa.auth_mod) > 0";
***************
*** 508,513 ****
--- 509,556 ----
}
}
+ $sql = 'SELECT user_id FROM ' . USER_GROUP_TABLE . "
+ WHERE group_id = $group_id";
+ $result = $db->sql_query($sql);
+
+ $group_user = array();
+ while ($row = $db->sql_fetchrow($result))
+ {
+ $group_user[$row['user_id']] = $row['user_id'];
+ }
+ $db->sql_freeresult($result);
+
+ $sql = "SELECT ug.user_id, COUNT(auth_mod) AS is_auth_mod
+ FROM " . AUTH_ACCESS_TABLE . " aa, " . USER_GROUP_TABLE . " ug
+ WHERE ug.user_id IN (" . implode(', ', $group_user) . ")
+ AND aa.group_id = ug.group_id
+ AND aa.auth_mod = 1
+ GROUP BY ug.user_id";
+ if ( !($result = $db->sql_query($sql)) )
+ {
+ message_die(GENERAL_ERROR, 'Could not obtain moderator status', '', __LINE__, __FILE__, $sql);
+ }
+
+ while ($row = $db->sql_fetchrow($result))
+ {
+ if ($row['is_auth_mod'])
+ {
+ unset($group_user[$row['user_id']]);
+ }
+ }
+ $db->sql_freeresult($result);
+
+ if (sizeof($group_user))
+ {
+ $sql = "UPDATE " . USERS_TABLE . "
+ SET user_level = " . USER . "
+ WHERE user_id IN (" . implode(', ', $group_user) . ") AND user_level = " . MOD;
+ if ( !($result = $db->sql_query($sql)) )
+ {
+ message_die(GENERAL_ERROR, 'Could not update user level', '', __LINE__, __FILE__, $sql);
+ }
+ }
+
message_die(GENERAL_MESSAGE, $message);
}
}
***************
*** 526,534 ****
//
// Front end
//
! $sql = "SELECT *
! FROM " . FORUMS_TABLE . " f
! ORDER BY forum_order";
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, "Couldn't obtain forum information", "", __LINE__, __FILE__, $sql);
--- 569,578 ----
//
// Front end
//
! $sql = "SELECT f.*
! FROM " . FORUMS_TABLE . " f, " . CATEGORIES_TABLE . " c
! WHERE f.cat_id = c.cat_id
! ORDER BY c.cat_order, f.forum_order ASC";
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, "Couldn't obtain forum information", "", __LINE__, __FILE__, $sql);
***************
*** 561,567 ****
}
}
! $sql = "SELECT u.user_id, u.username, u.user_level, g.group_id, g.group_name, g.group_single_user FROM " . USERS_TABLE . " u, " . GROUPS_TABLE . " g, " . USER_GROUP_TABLE . " ug WHERE ";
$sql .= ( $mode == 'user' ) ? "u.user_id = $user_id AND ug.user_id = u.user_id AND g.group_id = ug.group_id" : "g.group_id = $group_id AND ug.group_id = g.group_id AND u.user_id = ug.user_id";
if ( !($result = $db->sql_query($sql)) )
{
--- 605,611 ----
}
}
! $sql = "SELECT u.user_id, u.username, u.user_level, g.group_id, g.group_name, g.group_single_user, ug.user_pending FROM " . USERS_TABLE . " u, " . GROUPS_TABLE . " g, " . USER_GROUP_TABLE . " ug WHERE ";
$sql .= ( $mode == 'user' ) ? "u.user_id = $user_id AND ug.user_id = u.user_id AND g.group_id = ug.group_id" : "g.group_id = $group_id AND ug.group_id = g.group_id AND u.user_id = ug.user_id";
if ( !($result = $db->sql_query($sql)) )
{
***************
*** 764,770 ****
$i++;
}
! @reset($auth_user);
if ( $mode == 'user' )
{
--- 808,814 ----
$i++;
}
! // @reset($auth_user);
if ( $mode == 'user' )
{
***************
*** 789,800 ****
if( count($name) )
{
! $t_usergroup_list = '';
for($i = 0; $i < count($ug_info); $i++)
{
$ug = ( $mode == 'user' ) ? 'group&' . POST_GROUPS_URL : 'user&' . POST_USERS_URL;
! $t_usergroup_list .= ( ( $t_usergroup_list != '' ) ? ', ' : '' ) . '' . $name[$i] . '';
}
}
else
--- 833,851 ----
if( count($name) )
{
! $t_usergroup_list = $t_pending_list = '';
for($i = 0; $i < count($ug_info); $i++)
{
$ug = ( $mode == 'user' ) ? 'group&' . POST_GROUPS_URL : 'user&' . POST_USERS_URL;
! if (!$ug_info[$i]['user_pending'])
! {
! $t_usergroup_list .= ( ( $t_usergroup_list != '' ) ? ', ' : '' ) . '' . $name[$i] . '';
! }
! else
! {
! $t_pending_list .= ( ( $t_pending_list != '' ) ? ', ' : '' ) . '' . $name[$i] . '';
! }
}
}
else
***************
*** 857,863 ****
$template->assign_vars(array(
'USERNAME' => $t_groupname,
! 'GROUP_MEMBERSHIP' => $lang['Usergroup_members'] . ' : ' . $t_usergroup_list)
);
}
--- 908,914 ----
$template->assign_vars(array(
'USERNAME' => $t_groupname,
! 'GROUP_MEMBERSHIP' => $lang['Usergroup_members'] . ' : ' . $t_usergroup_list . '
' . $lang['Pending_members'] . ' : ' . $t_pending_list)
);
}
diff -crN phpbb2014/admin/admin_users.php phpbb2017/admin/admin_users.php
*** phpbb2014/admin/admin_users.php Mon Apr 18 21:43:30 2005
--- phpbb2017/admin/admin_users.php Tue Jul 19 22:14:56 2005
***************
*** 6,12 ****
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: admin_users.php,v 1.57.2.26 2004/03/25 15:57:20 acydburn Exp $
*
*
***************************************************************************/
--- 6,12 ----
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: admin_users.php,v 1.57.2.27 2005/07/19 20:01:07 acydburn Exp $
*
*
***************************************************************************/
***************
*** 86,92 ****
$row = $db->sql_fetchrow($result);
$sql = "UPDATE " . POSTS_TABLE . "
! SET poster_id = " . DELETED . ", post_username = '$username'
WHERE poster_id = $user_id";
if( !$db->sql_query($sql) )
{
--- 86,92 ----
$row = $db->sql_fetchrow($result);
$sql = "UPDATE " . POSTS_TABLE . "
! SET poster_id = " . DELETED . ", post_username = '" . str_replace("\\'", "''", addslashes($this_userdata['username'])) . "'
WHERE poster_id = $user_id";
if( !$db->sql_query($sql) )
{
diff -crN phpbb2014/admin/pagestart.php phpbb2017/admin/pagestart.php
*** phpbb2014/admin/pagestart.php Mon Apr 18 21:43:30 2005
--- phpbb2017/admin/pagestart.php Tue Jul 19 22:14:56 2005
***************
*** 6,12 ****
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: pagestart.php,v 1.1.2.7 2004/03/24 14:43:31 psotfx Exp $
*
*
***************************************************************************/
--- 6,12 ----
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: pagestart.php,v 1.1.2.9 2005/06/26 14:39:30 acydburn Exp $
*
*
***************************************************************************/
***************
*** 40,46 ****
if (!$userdata['session_logged_in'])
{
! redirect(append_sid("login.$phpEx?redirect=admin/", true));
}
else if ($userdata['user_level'] != ADMIN)
{
--- 40,46 ----
if (!$userdata['session_logged_in'])
{
! redirect(append_sid("login.$phpEx?redirect=admin/index.$phpEx", true));
}
else if ($userdata['user_level'] != ADMIN)
{
***************
*** 57,62 ****
--- 57,67 ----
$url .= ((strpos($url, '?')) ? '&' : '?') . 'sid=' . $userdata['session_id'];
redirect("index.$phpEx?sid=" . $userdata['session_id']);
+ }
+
+ if (!$userdata['session_admin'])
+ {
+ redirect(append_sid("login.$phpEx?redirect=admin/index.$phpEx&admin=1", true));
}
if (empty($no_page_header))
diff -crN phpbb2014/db/postgres7.php phpbb2017/db/postgres7.php
*** phpbb2014/db/postgres7.php Mon Apr 18 21:43:30 2005
--- phpbb2017/db/postgres7.php Tue Jul 19 22:14:56 2005
***************
*** 6,12 ****
* copyright : (C) 2001 The phpBB Group
* email : supportphpbb.com
*
! * $Id: postgres7.php,v 1.19.2.2 2005/04/15 20:53:10 acydburn Exp $
*
***************************************************************************/
--- 6,12 ----
* copyright : (C) 2001 The phpBB Group
* email : supportphpbb.com
*
! * $Id: postgres7.php,v 1.19.2.3 2005/05/06 20:50:10 acydburn Exp $
*
***************************************************************************/
***************
*** 123,129 ****
$this->num_queries++;
$query = preg_replace("/LIMIT ([0-9]+),([ 0-9]+)/", "LIMIT \\2 OFFSET \\1", $query);
- $query = preg_replace('#(.*WHERE.*)(username|user_email|ban_email) = \'(.*)\'#ise', "\"\\1LOWER(\\2) = '\" . strtolower('\\3') . \"'\"", $query);
if( $transaction == BEGIN_TRANSACTION && !$this->in_transaction )
{
--- 123,128 ----
diff -crN phpbb2014/groupcp.php phpbb2017/groupcp.php
*** phpbb2014/groupcp.php Mon Apr 18 21:43:32 2005
--- phpbb2017/groupcp.php Tue Jul 19 22:14:58 2005
***************
*** 6,12 ****
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: groupcp.php,v 1.58.2.22 2004/11/18 17:49:34 acydburn Exp $
*
*
***************************************************************************/
--- 6,12 ----
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: groupcp.php,v 1.58.2.23 2005/05/06 20:50:10 acydburn Exp $
*
*
***************************************************************************/
***************
*** 337,343 ****
message_die(GENERAL_ERROR, 'Could not obtain moderator status', '', __LINE__, __FILE__, $sql);
}
! if ( !($row = $db->sql_fetchrow($result)) )
{
$sql = "UPDATE " . USERS_TABLE . "
SET user_level = " . USER . "
--- 337,343 ----
message_die(GENERAL_ERROR, 'Could not obtain moderator status', '', __LINE__, __FILE__, $sql);
}
! if ( !($row = $db->sql_fetchrow($result)) || $row['is_auth_mod'] == 0 )
{
$sql = "UPDATE " . USERS_TABLE . "
SET user_level = " . USER . "
diff -crN phpbb2014/includes/bbcode.php phpbb2017/includes/bbcode.php
*** phpbb2014/includes/bbcode.php Mon Apr 18 21:43:30 2005
--- phpbb2017/includes/bbcode.php Tue Jul 19 22:14:56 2005
***************
*** 6,12 ****
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: bbcode.php,v 1.36.2.32 2004/07/11 16:46:19 acydburn Exp $
*
***************************************************************************/
--- 6,12 ----
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: bbcode.php,v 1.36.2.35 2005/07/19 20:01:10 acydburn Exp $
*
***************************************************************************/
***************
*** 124,129 ****
--- 124,131 ----
{
global $lang, $bbcode_tpl;
+ $text = preg_replace('#(script|about|applet|activex|chrome):#is', "\\1:", $text);
+
// pad it with a space so we can distinguish between FALSE and matching the 1st char (index 0).
// This is important; bbencode_quote(), bbencode_list(), and bbencode_code() all depend on it.
$text = " " . $text;
***************
*** 194,216 ****
// [img]image_url_here[/img] code..
// This one gets first-passed..
! $patterns[] = "#\[img:$uid\](.*?)\[/img:$uid\]#si";
$replacements[] = $bbcode_tpl['img'];
// matches a [url]xxxx://www.phpbb.com[/url] code..
! $patterns[] = "#\[url\]([\w]+?://[^ \"\n\r\t<]*?)\[/url\]#is";
$replacements[] = $bbcode_tpl['url1'];
// [url]www.phpbb.com[/url] code.. (no xxxx:// prefix).
! $patterns[] = "#\[url\]((www|ftp)\.[^ \"\n\r\t<]*?)\[/url\]#is";
$replacements[] = $bbcode_tpl['url2'];
// [url=xxxx://www.phpbb.com]phpBB[/url] code..
! $patterns[] = "#\[url=([\w]+?://[^ \"\n\r\t<]*?)\](.*?)\[/url\]#is";
$replacements[] = $bbcode_tpl['url3'];
// [url=www.phpbb.com]phpBB[/url] code.. (no xxxx:// prefix).
! $patterns[] = "#\[url=((www|ftp)\.[^ \"\n\r\t<]*?)\](.*?)\[/url\]#is";
$replacements[] = $bbcode_tpl['url4'];
// [email]user@domain.tld[/email] code..
--- 196,218 ----
// [img]image_url_here[/img] code..
// This one gets first-passed..
! $patterns[] = "#\[img:$uid\]([^?].*?)\[/img:$uid\]#i";
$replacements[] = $bbcode_tpl['img'];
// matches a [url]xxxx://www.phpbb.com[/url] code..
! $patterns[] = "#\[url\]([\w]+?://[\w\#$%&~/.\-;:=,?@\[\]+]*?)\[/url\]#is";
$replacements[] = $bbcode_tpl['url1'];
// [url]www.phpbb.com[/url] code.. (no xxxx:// prefix).
! $patterns[] = "#\[url\]((www|ftp)\.[\w\#$%&~/.\-;:=,?@\[\]+]*?)\[/url\]#is";
$replacements[] = $bbcode_tpl['url2'];
// [url=xxxx://www.phpbb.com]phpBB[/url] code..
! $patterns[] = "#\[url=([\w]+?://[\w\#$%&~/.\-;:=,?@\[\]+]*?)\]([^?\n\r\t].*?)\[/url\]#is";
$replacements[] = $bbcode_tpl['url3'];
// [url=www.phpbb.com]phpBB[/url] code.. (no xxxx:// prefix).
! $patterns[] = "#\[url=((www|ftp)\.[\w\#$%&~/.\-;:=,?@\[\]+]*?)\]([^?\n\r\t].*?)\[/url\]#is";
$replacements[] = $bbcode_tpl['url4'];
// [email]user@domain.tld[/email] code..
***************
*** 614,619 ****
--- 616,622 ----
*/
function make_clickable($text)
{
+ $text = preg_replace('#(script|about|applet|activex|chrome):#is', "\\1:", $text);
// pad it with a space so we can match things at the start of the 1st line.
$ret = ' ' . $text;
***************
*** 621,633 ****
// matches an "xxxx://yyyy" URL at the start of a line, or after a space.
// xxxx can only be alpha characters.
// yyyy is anything up to the first space, newline, comma, double quote or <
! $ret = preg_replace("#(^|[\n ])([\w]+?://[^ \"\n\r\t<]*)#is", "\\1\\2", $ret);
// matches a "www|ftp.xxxx.yyyy[/zzzz]" kinda lazy URL thing
// Must contain at least 2 dots. xxxx contains either alphanum, or "-"
// zzzz is optional.. will contain everything up to the first space, newline,
// comma, double quote or <.
! $ret = preg_replace("#(^|[\n ])((www|ftp)\.[^ \"\t\n\r<]*)#is", "\\1\\2", $ret);
// matches an email@domain type address at the start of a line, or after a space.
// Note: Only the followed chars are valid; alphanums, "-", "_" and or ".".
--- 624,636 ----
// matches an "xxxx://yyyy" URL at the start of a line, or after a space.
// xxxx can only be alpha characters.
// yyyy is anything up to the first space, newline, comma, double quote or <
! $ret = preg_replace("#(^|[\n ])([\w]+?://[\w\#$%&~/.\-;:=,?@\[\]+]*)#is", "\\1\\2", $ret);
// matches a "www|ftp.xxxx.yyyy[/zzzz]" kinda lazy URL thing
// Must contain at least 2 dots. xxxx contains either alphanum, or "-"
// zzzz is optional.. will contain everything up to the first space, newline,
// comma, double quote or <.
! $ret = preg_replace("#(^|[\n ])((www|ftp)\.[\w\#$%&~/.\-;:=,?@\[\]+]*)#is", "\\1\\2", $ret);
// matches an email@domain type address at the start of a line, or after a space.
// Note: Only the followed chars are valid; alphanums, "-", "_" and or ".".
diff -crN phpbb2014/includes/functions.php phpbb2017/includes/functions.php
*** phpbb2014/includes/functions.php Mon Apr 18 21:43:30 2005
--- phpbb2017/includes/functions.php Tue Jul 19 22:14:56 2005
***************
*** 6,12 ****
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: functions.php,v 1.133.2.34 2005/02/21 18:37:33 acydburn Exp $
*
*
***************************************************************************/
--- 6,12 ----
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: functions.php,v 1.133.2.35 2005/07/19 20:01:11 acydburn Exp $
*
*
***************************************************************************/
***************
*** 117,123 ****
{
global $db;
! if (intval($user) == 0 || $force_str)
{
$user = phpbb_clean_username($user);
}
--- 117,123 ----
{
global $db;
! if (!is_numeric($user) || $force_str)
{
$user = phpbb_clean_username($user);
}
***************
*** 578,584 ****
die("message_die() was called multiple times. This isn't supposed to happen. Was message_die() used in page_tail.php?");
}
! define(HAS_DIED, 1);
$sql_store = $sql;
--- 578,584 ----
die("message_die() was called multiple times. This isn't supposed to happen. Was message_die() used in page_tail.php?");
}
! define('HAS_DIED', 1);
$sql_store = $sql;
diff -crN phpbb2014/includes/functions_selects.php phpbb2017/includes/functions_selects.php
*** phpbb2014/includes/functions_selects.php Mon Apr 18 21:43:30 2005
--- phpbb2017/includes/functions_selects.php Tue Jul 19 22:14:56 2005
***************
*** 6,12 ****
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: functions_selects.php,v 1.3.2.4 2002/12/22 12:20:35 psotfx Exp $
*
*
***************************************************************************/
--- 6,12 ----
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: functions_selects.php,v 1.3.2.5 2005/05/06 20:50:11 acydburn Exp $
*
*
***************************************************************************/
***************
*** 108,111 ****
return $tz_select;
}
! ?>
--- 108,111 ----
return $tz_select;
}
! ?>
\ No newline at end of file
diff -crN phpbb2014/includes/functions_validate.php phpbb2017/includes/functions_validate.php
*** phpbb2014/includes/functions_validate.php Mon Apr 18 21:43:30 2005
--- phpbb2017/includes/functions_validate.php Tue Jul 19 22:14:56 2005
***************
*** 6,12 ****
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: functions_validate.php,v 1.6.2.12 2003/06/09 19:13:05 psotfx Exp $
*
*
***************************************************************************/
--- 6,12 ----
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: functions_validate.php,v 1.6.2.13 2005/07/19 20:01:15 acydburn Exp $
*
*
***************************************************************************/
***************
*** 30,40 ****
global $db, $lang, $userdata;
// Remove doubled up spaces
! $username = preg_replace('#\s+#', ' ', $username);
! // Limit username length
! $username = substr(str_replace("\'", "'", $username), 0, 25);
! $username = str_replace("'", "''", $username);
!
$sql = "SELECT username
FROM " . USERS_TABLE . "
WHERE LOWER(username) = '" . strtolower($username) . "'";
--- 30,38 ----
global $db, $lang, $userdata;
// Remove doubled up spaces
! $username = preg_replace('#\s+#', ' ', trim($username));
! $username = phpbb_clean_username($username);
!
$sql = "SELECT username
FROM " . USERS_TABLE . "
WHERE LOWER(username) = '" . strtolower($username) . "'";
diff -crN phpbb2014/includes/sessions.php phpbb2017/includes/sessions.php
*** phpbb2014/includes/sessions.php Mon Apr 18 21:43:31 2005
--- phpbb2017/includes/sessions.php Tue Jul 19 22:14:56 2005
***************
*** 6,12 ****
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: sessions.php,v 1.58.2.13 2005/03/15 18:24:37 acydburn Exp $
*
*
***************************************************************************/
--- 6,12 ----
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: sessions.php,v 1.58.2.14 2005/05/06 20:50:11 acydburn Exp $
*
*
***************************************************************************/
***************
*** 24,30 ****
// Adds/updates a new session to the database for the given userid.
// Returns the new session ID on success.
//
! function session_begin($user_id, $user_ip, $page_id, $auto_create = 0, $enable_autologin = 0)
{
global $db, $board_config;
global $HTTP_COOKIE_VARS, $HTTP_GET_VARS, $SID;
--- 24,30 ----
// Adds/updates a new session to the database for the given userid.
// Returns the new session ID on success.
//
! function session_begin($user_id, $user_ip, $page_id, $auto_create = 0, $enable_autologin = 0, $admin = 0)
{
global $db, $board_config;
global $HTTP_COOKIE_VARS, $HTTP_GET_VARS, $SID;
***************
*** 155,170 ****
// Create or update the session
//
$sql = "UPDATE " . SESSIONS_TABLE . "
! SET session_user_id = $user_id, session_start = $current_time, session_time = $current_time, session_page = $page_id, session_logged_in = $login
WHERE session_id = '" . $session_id . "'
AND session_ip = '$user_ip'";
if ( !$db->sql_query($sql) || !$db->sql_affectedrows() )
{
! $session_id = md5(uniqid($user_ip));
$sql = "INSERT INTO " . SESSIONS_TABLE . "
! (session_id, session_user_id, session_start, session_time, session_ip, session_page, session_logged_in)
! VALUES ('$session_id', $user_id, $current_time, $current_time, '$user_ip', $page_id, $login)";
if ( !$db->sql_query($sql) )
{
message_die(CRITICAL_ERROR, 'Error creating new session', '', __LINE__, __FILE__, $sql);
--- 155,172 ----
// Create or update the session
//
$sql = "UPDATE " . SESSIONS_TABLE . "
! SET session_user_id = $user_id, session_start = $current_time, session_time = $current_time, session_page = $page_id, session_logged_in = $login, session_admin = $admin
WHERE session_id = '" . $session_id . "'
AND session_ip = '$user_ip'";
if ( !$db->sql_query($sql) || !$db->sql_affectedrows() )
{
! list($sec, $usec) = explode(' ', microtime());
! mt_srand((float) $sec + ((float) $usec * 100000));
! $session_id = md5(uniqid(mt_rand(), true));
$sql = "INSERT INTO " . SESSIONS_TABLE . "
! (session_id, session_user_id, session_start, session_time, session_ip, session_page, session_logged_in, session_admin)
! VALUES ('$session_id', $user_id, $current_time, $current_time, '$user_ip', $page_id, $login, $admin)";
if ( !$db->sql_query($sql) )
{
message_die(CRITICAL_ERROR, 'Error creating new session', '', __LINE__, __FILE__, $sql);
***************
*** 175,191 ****
{// ( $userdata['user_session_time'] > $expiry_time && $auto_create ) ? $userdata['user_lastvisit'] : (
$last_visit = ( $userdata['user_session_time'] > 0 ) ? $userdata['user_session_time'] : $current_time;
! $sql = "UPDATE " . USERS_TABLE . "
! SET user_session_time = $current_time, user_session_page = $page_id, user_lastvisit = $last_visit
! WHERE user_id = $user_id";
! if ( !$db->sql_query($sql) )
{
! message_die(CRITICAL_ERROR, 'Error updating last visit time', '', __LINE__, __FILE__, $sql);
}
$userdata['user_lastvisit'] = $last_visit;
! $sessiondata['autologinid'] = ( $enable_autologin && $sessionmethod == SESSION_METHOD_COOKIE ) ? $auto_login_key : '';
$sessiondata['userid'] = $user_id;
}
--- 177,196 ----
{// ( $userdata['user_session_time'] > $expiry_time && $auto_create ) ? $userdata['user_lastvisit'] : (
$last_visit = ( $userdata['user_session_time'] > 0 ) ? $userdata['user_session_time'] : $current_time;
! if (!$admin)
{
! $sql = "UPDATE " . USERS_TABLE . "
! SET user_session_time = $current_time, user_session_page = $page_id, user_lastvisit = $last_visit
! WHERE user_id = $user_id";
! if ( !$db->sql_query($sql) )
! {
! message_die(CRITICAL_ERROR, 'Error updating last visit time', '', __LINE__, __FILE__, $sql);
! }
}
$userdata['user_lastvisit'] = $last_visit;
! $sessiondata['autologinid'] = (!$admin) ? (( $enable_autologin && $sessionmethod == SESSION_METHOD_COOKIE ) ? $auto_login_key : '') : $sessiondata['autologinid'];
$sessiondata['userid'] = $user_id;
}
***************
*** 196,201 ****
--- 201,207 ----
$userdata['session_page'] = $page_id;
$userdata['session_start'] = $current_time;
$userdata['session_time'] = $current_time;
+ $userdata['session_admin'] = $admin;
setcookie($cookiename . '_data', serialize($sessiondata), $current_time + 31536000, $cookiepath, $cookiedomain, $cookiesecure);
setcookie($cookiename . '_sid', $session_id, 0, $cookiepath, $cookiedomain, $cookiesecure);
***************
*** 285,292 ****
//
if ( $current_time - $userdata['session_time'] > 60 )
{
$sql = "UPDATE " . SESSIONS_TABLE . "
! SET session_time = $current_time, session_page = $thispage_id
WHERE session_id = '" . $userdata['session_id'] . "'";
if ( !$db->sql_query($sql) )
{
--- 291,301 ----
//
if ( $current_time - $userdata['session_time'] > 60 )
{
+ // A little trick to reset session_admin on session re-usage
+ $update_admin = (!defined('IN_ADMIN') && $current_time - $userdata['session_time'] > ($board_config['session_length']+60)) ? ', session_admin = 0' : '';
+
$sql = "UPDATE " . SESSIONS_TABLE . "
! SET session_time = $current_time, session_page = $thispage_id$update_admin
WHERE session_id = '" . $userdata['session_id'] . "'";
if ( !$db->sql_query($sql) )
{
***************
*** 296,302 ****
if ( $userdata['user_id'] != ANONYMOUS )
{
$sql = "UPDATE " . USERS_TABLE . "
! SET user_session_time = $current_time, user_session_page = $thispage_id
WHERE user_id = " . $userdata['user_id'];
if ( !$db->sql_query($sql) )
{
--- 305,311 ----
if ( $userdata['user_id'] != ANONYMOUS )
{
$sql = "UPDATE " . USERS_TABLE . "
! SET user_session_time = $current_time, user_session_page = $thispage_id
WHERE user_id = " . $userdata['user_id'];
if ( !$db->sql_query($sql) )
{
***************
*** 308,313 ****
--- 317,323 ----
// Delete expired sessions
//
$expiry_time = $current_time - $board_config['session_length'];
+
$sql = "DELETE FROM " . SESSIONS_TABLE . "
WHERE session_time < $expiry_time
AND session_id <> '$session_id'";
diff -crN phpbb2014/includes/smtp.php phpbb2017/includes/smtp.php
*** phpbb2014/includes/smtp.php Mon Apr 18 21:43:31 2005
--- phpbb2017/includes/smtp.php Tue Jul 19 22:14:56 2005
***************
*** 6,12 ****
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: smtp.php,v 1.16.2.9 2003/07/18 16:34:01 acydburn Exp $
*
***************************************************************************/
--- 6,12 ----
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: smtp.php,v 1.16.2.10 2005/05/06 20:50:11 acydburn Exp $
*
***************************************************************************/
***************
*** 106,112 ****
// Ok we have error checked as much as we can to this point let's get on
// it already.
! if( !$socket = fsockopen($board_config['smtp_host'], 25, $errno, $errstr, 20) )
{
message_die(GENERAL_ERROR, "Could not connect to smtp host : $errno : $errstr", "", __LINE__, __FILE__);
}
--- 106,112 ----
// Ok we have error checked as much as we can to this point let's get on
// it already.
! if( !$socket = @fsockopen($board_config['smtp_host'], 25, $errno, $errstr, 20) )
{
message_die(GENERAL_ERROR, "Could not connect to smtp host : $errno : $errstr", "", __LINE__, __FILE__);
}
diff -crN phpbb2014/includes/template.php phpbb2017/includes/template.php
*** phpbb2014/includes/template.php Mon Apr 18 21:43:31 2005
--- phpbb2017/includes/template.php Tue Jul 19 22:14:56 2005
***************
*** 6,12 ****
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: template.php,v 1.10.2.4 2005/02/21 18:37:50 acydburn Exp $
*
*
***************************************************************************/
--- 6,12 ----
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: template.php,v 1.10.2.5 2005/05/06 20:50:11 acydburn Exp $
*
*
***************************************************************************/
***************
*** 475,478 ****
}
! ?>
--- 475,478 ----
}
! ?>
\ No newline at end of file
diff -crN phpbb2014/includes/topic_review.php phpbb2017/includes/topic_review.php
*** phpbb2014/includes/topic_review.php Mon Apr 18 21:43:31 2005
--- phpbb2017/includes/topic_review.php Tue Jul 19 22:14:56 2005
***************
*** 6,12 ****
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: topic_review.php,v 1.5.2.3 2004/11/18 17:49:45 acydburn Exp $
*
*
***************************************************************************/
--- 6,12 ----
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: topic_review.php,v 1.5.2.4 2005/05/06 20:50:12 acydburn Exp $
*
*
***************************************************************************/
***************
*** 225,228 ****
}
}
! ?>
--- 225,228 ----
}
}
! ?>
\ No newline at end of file
diff -crN phpbb2014/includes/usercp_activate.php phpbb2017/includes/usercp_activate.php
*** phpbb2014/includes/usercp_activate.php Mon Apr 18 21:43:31 2005
--- phpbb2017/includes/usercp_activate.php Tue Jul 19 22:14:56 2005
***************
*** 6,12 ****
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: usercp_activate.php,v 1.6.2.7 2003/05/03 23:24:02 acydburn Exp $
*
*
***************************************************************************/
--- 6,12 ----
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: usercp_activate.php,v 1.6.2.8 2005/07/19 20:01:16 acydburn Exp $
*
*
***************************************************************************/
***************
*** 47,52 ****
--- 47,57 ----
}
else if ((trim($row['user_actkey']) == trim($HTTP_GET_VARS['act_key'])) && (trim($row['user_actkey']) != ''))
{
+ if (intval($board_config['require_activation']) == USER_ACTIVATION_ADMIN && $userdata['user_level'] != ADMIN)
+ {
+ message_die(GENERAL_MESSAGE, $lang['Not_Authorised']);
+ }
+
$sql_update_pass = ( $row['user_newpasswd'] != '' ) ? ", user_password = '" . str_replace("\'", "''", $row['user_newpasswd']) . "', user_newpasswd = ''" : '';
$sql = "UPDATE " . USERS_TABLE . "
diff -crN phpbb2014/includes/usercp_avatar.php phpbb2017/includes/usercp_avatar.php
*** phpbb2014/includes/usercp_avatar.php Mon Apr 18 21:43:31 2005
--- phpbb2017/includes/usercp_avatar.php Tue Jul 19 22:14:56 2005
***************
*** 6,12 ****
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: usercp_avatar.php,v 1.8.2.19 2005/02/21 18:37:51 acydburn Exp $
*
*
***************************************************************************/
--- 6,12 ----
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: usercp_avatar.php,v 1.8.2.21 2005/07/19 20:01:16 acydburn Exp $
*
*
***************************************************************************/
***************
*** 86,91 ****
--- 86,93 ----
function user_avatar_url($mode, &$error, &$error_msg, $avatar_filename)
{
+ global $lang;
+
if ( !preg_match('#^(http)|(ftp):\/\/#i', $avatar_filename) )
{
$avatar_filename = 'http://' . $avatar_filename;
***************
*** 199,205 ****
return;
}
! if ( $width <= $board_config['avatar_max_width'] && $height <= $board_config['avatar_max_height'] )
{
$new_filename = uniqid(rand()) . $imgtype;
--- 201,207 ----
return;
}
! if ( $width > 0 && $height > 0 && $width <= $board_config['avatar_max_width'] && $height <= $board_config['avatar_max_height'] )
{
$new_filename = uniqid(rand()) . $imgtype;
diff -crN phpbb2014/includes/usercp_register.php phpbb2017/includes/usercp_register.php
*** phpbb2014/includes/usercp_register.php Mon Apr 18 21:43:31 2005
--- phpbb2017/includes/usercp_register.php Tue Jul 19 22:14:56 2005
***************
*** 6,12 ****
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: usercp_register.php,v 1.20.2.59 2005/02/21 18:37:51 acydburn Exp $
*
*
***************************************************************************/
--- 6,12 ----
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: usercp_register.php,v 1.20.2.61 2005/06/26 12:03:44 acydburn Exp $
*
*
***************************************************************************/
***************
*** 409,417 ****
// Error is already triggered, since one field is empty.
$error = TRUE;
}
! else if ( $username != $userdata['username'] || $mode == 'register' )
{
! if (strtolower($username) != strtolower($userdata['username']))
{
$result = validate_username($username);
if ( $result['error'] )
--- 409,417 ----
// Error is already triggered, since one field is empty.
$error = TRUE;
}
! else if ( $username != $userdata['username'] || $mode == 'register')
{
! if (strtolower($username) != strtolower($userdata['username']) || $mode == 'register')
{
$result = validate_username($username);
if ( $result['error'] )
***************
*** 454,460 ****
{
$avatar_sql = user_avatar_delete($userdata['user_avatar_type'], $userdata['user_avatar']);
}
!
if ( ( !empty($user_avatar_upload) || !empty($user_avatar_name) ) && $board_config['allow_avatar_upload'] )
{
if ( !empty($user_avatar_upload) )
--- 454,460 ----
{
$avatar_sql = user_avatar_delete($userdata['user_avatar_type'], $userdata['user_avatar']);
}
! else
if ( ( !empty($user_avatar_upload) || !empty($user_avatar_name) ) && $board_config['allow_avatar_upload'] )
{
if ( !empty($user_avatar_upload) )
diff -crN phpbb2014/includes/usercp_viewprofile.php phpbb2017/includes/usercp_viewprofile.php
*** phpbb2014/includes/usercp_viewprofile.php Mon Apr 18 21:43:31 2005
--- phpbb2017/includes/usercp_viewprofile.php Tue Jul 19 22:14:57 2005
***************
*** 6,12 ****
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: usercp_viewprofile.php,v 1.5.2.3 2004/11/18 17:49:45 acydburn Exp $
*
*
***************************************************************************/
--- 6,12 ----
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: usercp_viewprofile.php,v 1.5.2.5 2005/07/19 20:01:16 acydburn Exp $
*
*
***************************************************************************/
***************
*** 33,38 ****
--- 33,43 ----
}
$profiledata = get_userdata($HTTP_GET_VARS[POST_USERS_URL]);
+ if (!$profiledata)
+ {
+ message_die(GENERAL_MESSAGE, $lang['No_user_id_specified']);
+ }
+
$sql = "SELECT *
FROM " . RANKS_TABLE . "
ORDER BY rank_special, rank_min";
***************
*** 160,167 ****
$yim = ( $profiledata['user_yim'] ) ? '' . $lang['YIM'] . '' : '';
$temp_url = append_sid("search.$phpEx?search_author=" . urlencode($profiledata['username']) . "&showresults=posts");
! $search_img = '![' . $lang['Search_user_posts'] . '](' . $images['icon_search'] . ' "' . $lang['Search_user_posts'] . '")
';
! $search = '' . $lang['Search_user_posts'] . '';
//
// Generate page
--- 165,172 ----
$yim = ( $profiledata['user_yim'] ) ? '' . $lang['YIM'] . '' : '';
$temp_url = append_sid("search.$phpEx?search_author=" . urlencode($profiledata['username']) . "&showresults=posts");
! $search_img = '';
! $search = '' . sprintf($lang['Search_user_posts'], $profiledata['username']) . '';
//
// Generate page
diff -crN phpbb2014/language/lang_english/lang_main.php phpbb2017/language/lang_english/lang_main.php
*** phpbb2014/language/lang_english/lang_main.php Mon Apr 18 21:43:31 2005
--- phpbb2017/language/lang_english/lang_main.php Tue Jul 19 22:14:57 2005
***************
*** 6,12 ****
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: lang_main.php,v 1.85.2.15 2003/06/10 00:31:19 psotfx Exp $
*
****************************************************************************/
--- 6,12 ----
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: lang_main.php,v 1.85.2.16 2005/05/06 20:50:13 acydburn Exp $
*
****************************************************************************/
***************
*** 1017,1022 ****
--- 1017,1024 ----
$lang['Critical_Error'] = 'Critical Error';
$lang['An_error_occured'] = 'An Error Occurred';
$lang['A_critical_error'] = 'A Critical Error Occurred';
+
+ $lang['Admin_reauthenticate'] = 'To administer the board you must re-authenticate yourself.';
//
// That's all, Folks!
diff -crN phpbb2014/login.php phpbb2017/login.php
*** phpbb2014/login.php Mon Apr 18 21:43:32 2005
--- phpbb2017/login.php Tue Jul 19 22:14:58 2005
***************
*** 6,12 ****
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: login.php,v 1.47.2.17 2004/11/18 17:49:35 acydburn Exp $
*
*
***************************************************************************/
--- 6,12 ----
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: login.php,v 1.47.2.18 2005/05/06 20:50:10 acydburn Exp $
*
*
***************************************************************************/
***************
*** 52,58 ****
if( isset($HTTP_POST_VARS['login']) || isset($HTTP_GET_VARS['login']) || isset($HTTP_POST_VARS['logout']) || isset($HTTP_GET_VARS['logout']) )
{
! if( ( isset($HTTP_POST_VARS['login']) || isset($HTTP_GET_VARS['login']) ) && !$userdata['session_logged_in'] )
{
$username = isset($HTTP_POST_VARS['username']) ? phpbb_clean_username($HTTP_POST_VARS['username']) : '';
$password = isset($HTTP_POST_VARS['password']) ? $HTTP_POST_VARS['password'] : '';
--- 52,58 ----
if( isset($HTTP_POST_VARS['login']) || isset($HTTP_GET_VARS['login']) || isset($HTTP_POST_VARS['logout']) || isset($HTTP_GET_VARS['logout']) )
{
! if( ( isset($HTTP_POST_VARS['login']) || isset($HTTP_GET_VARS['login']) ) && (!$userdata['session_logged_in'] || isset($HTTP_POST_VARS['admin'])) )
{
$username = isset($HTTP_POST_VARS['username']) ? phpbb_clean_username($HTTP_POST_VARS['username']) : '';
$password = isset($HTTP_POST_VARS['password']) ? $HTTP_POST_VARS['password'] : '';
***************
*** 77,83 ****
{
$autologin = ( isset($HTTP_POST_VARS['autologin']) ) ? TRUE : 0;
! $session_id = session_begin($row['user_id'], $user_ip, PAGE_INDEX, FALSE, $autologin);
if( $session_id )
{
--- 77,84 ----
{
$autologin = ( isset($HTTP_POST_VARS['autologin']) ) ? TRUE : 0;
! $admin = (isset($HTTP_POST_VARS['admin'])) ? 1 : 0;
! $session_id = session_begin($row['user_id'], $user_ip, PAGE_INDEX, FALSE, $autologin, $admin);
if( $session_id )
{
***************
*** 158,164 ****
// Do a full login page dohickey if
// user not already logged in
//
! if( !$userdata['session_logged_in'] )
{
$page_title = $lang['Login'];
include($phpbb_root_path . 'includes/page_header.'.$phpEx);
--- 159,165 ----
// Do a full login page dohickey if
// user not already logged in
//
! if( !$userdata['session_logged_in'] || (isset($HTTP_GET_VARS['admin']) && $userdata['session_logged_in'] && $userdata['user_level'] == ADMIN))
{
$page_title = $lang['Login'];
include($phpbb_root_path . 'includes/page_header.'.$phpEx);
***************
*** 207,218 ****
$username = ( $userdata['user_id'] != ANONYMOUS ) ? $userdata['username'] : '';
$s_hidden_fields = '';
make_jumpbox('viewforum.'.$phpEx, $forum_id);
$template->assign_vars(array(
'USERNAME' => $username,
! 'L_ENTER_PASSWORD' => $lang['Enter_password'],
'L_SEND_PASSWORD' => $lang['Forgotten_password'],
'U_SEND_PASSWORD' => append_sid("profile.$phpEx?mode=sendpassword"),
--- 208,220 ----
$username = ( $userdata['user_id'] != ANONYMOUS ) ? $userdata['username'] : '';
$s_hidden_fields = '';
+ $s_hidden_fields .= (isset($HTTP_GET_VARS['admin'])) ? '' : '';
make_jumpbox('viewforum.'.$phpEx, $forum_id);
$template->assign_vars(array(
'USERNAME' => $username,
! 'L_ENTER_PASSWORD' => (isset($HTTP_GET_VARS['admin'])) ? $lang['Admin_reauthenticate'] : $lang['Enter_password'],
'L_SEND_PASSWORD' => $lang['Forgotten_password'],
'U_SEND_PASSWORD' => append_sid("profile.$phpEx?mode=sendpassword"),
diff -crN phpbb2014/modcp.php phpbb2017/modcp.php
*** phpbb2014/modcp.php Mon Apr 18 21:43:32 2005
--- phpbb2017/modcp.php Tue Jul 19 22:14:58 2005
***************
*** 6,12 ****
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: modcp.php,v 1.71.2.25 2005/03/15 18:09:22 acydburn Exp $
*
***************************************************************************/
--- 6,12 ----
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: modcp.php,v 1.71.2.26 2005/06/26 12:03:46 acydburn Exp $
*
***************************************************************************/
***************
*** 463,468 ****
--- 463,482 ----
$new_forum_id = intval($HTTP_POST_VARS['new_forum']);
$old_forum_id = $forum_id;
+ $sql = 'SELECT forum_id FROM ' . FORUMS_TABLE . '
+ WHERE forum_id = ' . $new_forum_id;
+ if ( !($result = $db->sql_query($sql)) )
+ {
+ message_die(GENERAL_ERROR, 'Could not select from forums table', '', __LINE__, __FILE__, $sql);
+ }
+
+ if (!$db->sql_fetchrow($result))
+ {
+ message_die(GENERAL_MESSAGE, 'New forum does not exist');
+ }
+
+ $db->sql_freeresult($result);
+
if ( $new_forum_id != $old_forum_id )
{
$topics = ( isset($HTTP_POST_VARS['topic_id_list']) ) ? $HTTP_POST_VARS['topic_id_list'] : array($topic_id);
***************
*** 756,761 ****
--- 770,789 ----
$new_forum_id = intval($HTTP_POST_VARS['new_forum_id']);
$topic_time = time();
+ $sql = 'SELECT forum_id FROM ' . FORUMS_TABLE . '
+ WHERE forum_id = ' . $new_forum_id;
+ if ( !($result = $db->sql_query($sql)) )
+ {
+ message_die(GENERAL_ERROR, 'Could not select from forums table', '', __LINE__, __FILE__, $sql);
+ }
+
+ if (!$db->sql_fetchrow($result))
+ {
+ message_die(GENERAL_MESSAGE, 'New forum does not exist');
+ }
+
+ $db->sql_freeresult($result);
+
$sql = "INSERT INTO " . TOPICS_TABLE . " (topic_title, topic_poster, topic_time, forum_id, topic_status, topic_type)
VALUES ('" . str_replace("\'", "''", $post_subject) . "', $first_poster, " . $topic_time . ", $new_forum_id, " . TOPIC_UNLOCKED . ", " . POST_NORMAL . ")";
if (!($db->sql_query($sql, BEGIN_TRANSACTION)))
diff -crN phpbb2014/posting.php phpbb2017/posting.php
*** phpbb2014/posting.php Mon Apr 18 21:43:32 2005
--- phpbb2017/posting.php Tue Jul 19 22:14:58 2005
***************
*** 6,12 ****
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: posting.php,v 1.159.2.22 2004/07/11 16:46:16 acydburn Exp $
*
*
***************************************************************************/
--- 6,12 ----
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: posting.php,v 1.159.2.23 2005/05/06 20:50:10 acydburn Exp $
*
*
***************************************************************************/
***************
*** 1105,1108 ****
include($phpbb_root_path . 'includes/page_tail.'.$phpEx);
! ?>
--- 1105,1108 ----
include($phpbb_root_path . 'includes/page_tail.'.$phpEx);
! ?>
\ No newline at end of file
diff -crN phpbb2014/privmsg.php phpbb2017/privmsg.php
*** phpbb2014/privmsg.php Mon Apr 18 21:43:32 2005
--- phpbb2017/privmsg.php Tue Jul 19 22:14:58 2005
***************
*** 6,12 ****
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: privmsg.php,v 1.96.2.38 2005/03/15 18:09:23 acydburn Exp $
*
*
***************************************************************************/
--- 6,12 ----
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: privmsg.php,v 1.96.2.40 2005/07/19 20:01:19 acydburn Exp $
*
*
***************************************************************************/
***************
*** 698,744 ****
}
else if ( $confirm )
{
! if ( $delete_all )
{
! switch($folder)
{
! case 'inbox':
! $delete_type = "privmsgs_to_userid = " . $userdata['user_id'] . " AND (
! privmsgs_type = " . PRIVMSGS_READ_MAIL . " OR privmsgs_type = " . PRIVMSGS_NEW_MAIL . " OR privmsgs_type = " . PRIVMSGS_UNREAD_MAIL . " )";
! break;
! case 'outbox':
! $delete_type = "privmsgs_from_userid = " . $userdata['user_id'] . " AND ( privmsgs_type = " . PRIVMSGS_NEW_MAIL . " OR privmsgs_type = " . PRIVMSGS_UNREAD_MAIL . " )";
! break;
! case 'sentbox':
! $delete_type = "privmsgs_from_userid = " . $userdata['user_id'] . " AND privmsgs_type = " . PRIVMSGS_SENT_MAIL;
! break;
! case 'savebox':
! $delete_type = "( ( privmsgs_from_userid = " . $userdata['user_id'] . "
! AND privmsgs_type = " . PRIVMSGS_SAVED_OUT_MAIL . " )
! OR ( privmsgs_to_userid = " . $userdata['user_id'] . "
! AND privmsgs_type = " . PRIVMSGS_SAVED_IN_MAIL . " ) )";
! break;
! }
! $sql = "SELECT privmsgs_id
! FROM " . PRIVMSGS_TABLE . "
! WHERE $delete_type";
! if ( !($result = $db->sql_query($sql)) )
! {
! message_die(GENERAL_ERROR, 'Could not obtain id list to delete all messages', '', __LINE__, __FILE__, $sql);
! }
! while ( $row = $db->sql_fetchrow($result) )
! {
! $mark_list[] = $row['privmsgs_id'];
! }
! unset($delete_type);
}
if ( count($mark_list) )
{
$delete_sql_id = '';
--- 698,754 ----
}
else if ( $confirm )
{
! $delete_sql_id = '';
!
! if (!$delete_all)
{
! for ($i = 0; $i < count($mark_list); $i++)
{
! $delete_sql_id .= (($delete_sql_id != '') ? ', ' : '') . intval($mark_list[$i]);
! }
! $delete_sql_id = "AND privmsgs_id IN ($delete_sql_id)";
! }
! switch($folder)
! {
! case 'inbox':
! $delete_type = "privmsgs_to_userid = " . $userdata['user_id'] . " AND (
! privmsgs_type = " . PRIVMSGS_READ_MAIL . " OR privmsgs_type = " . PRIVMSGS_NEW_MAIL . " OR privmsgs_type = " . PRIVMSGS_UNREAD_MAIL . " )";
! break;
! case 'outbox':
! $delete_type = "privmsgs_from_userid = " . $userdata['user_id'] . " AND ( privmsgs_type = " . PRIVMSGS_NEW_MAIL . " OR privmsgs_type = " . PRIVMSGS_UNREAD_MAIL . " )";
! break;
! case 'sentbox':
! $delete_type = "privmsgs_from_userid = " . $userdata['user_id'] . " AND privmsgs_type = " . PRIVMSGS_SENT_MAIL;
! break;
! case 'savebox':
! $delete_type = "( ( privmsgs_from_userid = " . $userdata['user_id'] . "
! AND privmsgs_type = " . PRIVMSGS_SAVED_OUT_MAIL . " )
! OR ( privmsgs_to_userid = " . $userdata['user_id'] . "
! AND privmsgs_type = " . PRIVMSGS_SAVED_IN_MAIL . " ) )";
! break;
! }
! $sql = "SELECT privmsgs_id
! FROM " . PRIVMSGS_TABLE . "
! WHERE $delete_type $delete_sql_id";
!
! if ( !($result = $db->sql_query($sql)) )
! {
! message_die(GENERAL_ERROR, 'Could not obtain id list to delete messages', '', __LINE__, __FILE__, $sql);
! }
! $mark_list = array();
! while ( $row = $db->sql_fetchrow($result) )
! {
! $mark_list[] = $row['privmsgs_id'];
}
+ unset($delete_type);
+
if ( count($mark_list) )
{
$delete_sql_id = '';
***************
*** 1494,1499 ****
--- 1504,1513 ----
$mode = 'reply';
}
}
+ else
+ {
+ $privmsg_subject = $privmsg_message = '';
+ }
}
//
***************
*** 2020,2025 ****
--- 2034,2043 ----
break;
}
}
+ else
+ {
+ $inbox_limit_img_length = $inbox_limit_pct = $l_box_size_status = '';
+ }
//
// Dump vars to template
***************
*** 2153,2156 ****
include($phpbb_root_path . 'includes/page_tail.'.$phpEx);
! ?>
--- 2171,2174 ----
include($phpbb_root_path . 'includes/page_tail.'.$phpEx);
! ?>
\ No newline at end of file
diff -crN phpbb2014/templates/subSilver/faq_body.tpl phpbb2017/templates/subSilver/faq_body.tpl
*** phpbb2014/templates/subSilver/faq_body.tpl Mon Apr 18 21:43:31 2005
--- phpbb2017/templates/subSilver/faq_body.tpl Tue Jul 19 22:14:57 2005
***************
*** 34,40 ****
! {faq_block.faq_row.FAQ_QUESTION}
{faq_block.faq_row.FAQ_ANSWER}
{L_BACK_TO_TOP} |
 |
--- 34,40 ----
! {faq_block.faq_row.FAQ_QUESTION}
{faq_block.faq_row.FAQ_ANSWER}
{L_BACK_TO_TOP} |
|
diff -crN phpbb2014/viewonline.php phpbb2017/viewonline.php
*** phpbb2014/viewonline.php Mon Apr 18 21:43:32 2005
--- phpbb2017/viewonline.php Tue Jul 19 22:14:58 2005
***************
*** 6,12 ****
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: viewonline.php,v 1.54.2.3 2004/07/11 16:46:17 acydburn Exp $
*
*
***************************************************************************/
--- 6,12 ----
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: viewonline.php,v 1.54.2.4 2005/05/06 20:50:10 acydburn Exp $
*
*
***************************************************************************/
***************
*** 286,289 ****
include($phpbb_root_path . 'includes/page_tail.'.$phpEx);
! ?>
--- 286,289 ----
include($phpbb_root_path . 'includes/page_tail.'.$phpEx);
! ?>
\ No newline at end of file
diff -crN phpbb2014/viewtopic.php phpbb2017/viewtopic.php
*** phpbb2014/viewtopic.php Mon Apr 18 21:43:32 2005
--- phpbb2017/viewtopic.php Tue Jul 19 22:14:58 2005
***************
*** 6,12 ****
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: viewtopic.php,v 1.186.2.40 2005/03/15 18:09:23 acydburn Exp $
*
*
***************************************************************************/
--- 6,12 ----
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: viewtopic.php,v 1.186.2.43 2005/07/19 20:01:21 acydburn Exp $
*
*
***************************************************************************/
***************
*** 989,996 ****
$quote = '' . $lang['Reply_with_quote'] . '';
$temp_url = append_sid("search.$phpEx?search_author=" . urlencode($postrow[$i]['username']) . "&showresults=posts");
! $search_img = '';
! $search = '' . $lang['Search_user_posts'] . '';
if ( ( $userdata['user_id'] == $poster_id && $is_auth['auth_edit'] ) || $is_auth['auth_mod'] )
{
--- 989,996 ----
$quote = '' . $lang['Reply_with_quote'] . '';
$temp_url = append_sid("search.$phpEx?search_author=" . urlencode($postrow[$i]['username']) . "&showresults=posts");
! $search_img = '';
! $search = '' . sprintf($lang['Search_user_posts'], $postrow[$i]['username']) . '';
if ( ( $userdata['user_id'] == $poster_id && $is_auth['auth_edit'] ) || $is_auth['auth_mod'] )
{
***************
*** 1107,1113 ****
{
// This was shamelessly 'borrowed' from volker at multiartstudio dot de
// via php.net's annotated manual
! $message = str_replace('\"', '"', substr(@preg_replace('#(\>(((?>([^><]+|(?R)))*)\<))#se', "@preg_replace('#\b(" . $highlight_match . ")\b#i', '\\\\1', '\\0')", '>' . $message . '<'), 1, -1));
}
//
--- 1107,1113 ----
{
// This was shamelessly 'borrowed' from volker at multiartstudio dot de
// via php.net's annotated manual
! $message = str_replace('\"', '"', substr(@preg_replace('#(\>(((?>([^><]+|(?R)))*)\<))#se', "@preg_replace('#\b(" . str_replace('\\', '\\\\', addslashes($highlight_match)) . ")\b#i', '\\\\1', '\\0')", '>' . $message . '<'), 1, -1));
}
//
***************
*** 1213,1216 ****
include($phpbb_root_path . 'includes/page_tail.'.$phpEx);
! ?>
--- 1213,1216 ----
include($phpbb_root_path . 'includes/page_tail.'.$phpEx);
! ?>
\ No newline at end of file