diff -crN phpbb2017/admin/admin_board.php phpbb2022/admin/admin_board.php *** phpbb2017/admin/admin_board.php Tue Jul 19 22:14:56 2005 --- phpbb2022/admin/admin_board.php Tue Dec 19 18:29:14 2006 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_board.php,v 1.51.2.9 2004/11/18 17:49:33 acydburn Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_board.php,v 1.51.2.16 2006/12/16 13:11:24 acydburn Exp $ * * ***************************************************************************/ *************** *** 16,22 **** if( !empty($setmodules) ) { $file = basename(__FILE__); ! $module['General']['Configuration'] = "$file"; return; } --- 16,22 ---- if( !empty($setmodules) ) { $file = basename(__FILE__); ! $module['General']['Configuration'] = $file; return; } *************** *** 49,55 **** if ($config_name == 'cookie_name') { ! $cookie_name = str_replace('.', '_', $new['cookie_name']); } if( isset($HTTP_POST_VARS['submit']) ) --- 49,72 ---- if ($config_name == 'cookie_name') { ! $new['cookie_name'] = str_replace('.', '_', $new['cookie_name']); ! } ! ! // Attempt to prevent a common mistake with this value, ! // http:// is the protocol and not part of the server name ! if ($config_name == 'server_name') ! { ! $new['server_name'] = str_replace('http://', '', $new['server_name']); ! } ! ! // Attempt to prevent a mistake with this value. ! if ($config_name == 'avatar_path') ! { ! $new['avatar_path'] = trim($new['avatar_path']); ! if (strstr($new['avatar_path'], "\0") || !is_dir($phpbb_root_path . $new['avatar_path']) || !is_writable($phpbb_root_path . $new['avatar_path'])) ! { ! $new['avatar_path'] = $default_config['avatar_path']; ! } } if( isset($HTTP_POST_VARS['submit']) ) *************** *** 100,105 **** --- 117,125 ---- $confirm_yes = ($new['enable_confirm']) ? 'checked="checked"' : ''; $confirm_no = (!$new['enable_confirm']) ? 'checked="checked"' : ''; + $allow_autologin_yes = ($new['allow_autologin']) ? 'checked="checked"' : ''; + $allow_autologin_no = (!$new['allow_autologin']) ? 'checked="checked"' : ''; + $board_email_form_yes = ( $new['board_email_form'] ) ? "checked=\"checked\"" : ""; $board_email_form_no = ( !$new['board_email_form'] ) ? "checked=\"checked\"" : ""; *************** *** 165,170 **** --- 185,194 ---- "L_ADMIN" => $lang['Acc_Admin'], "L_VISUAL_CONFIRM" => $lang['Visual_confirm'], "L_VISUAL_CONFIRM_EXPLAIN" => $lang['Visual_confirm_explain'], + "L_ALLOW_AUTOLOGIN" => $lang['Allow_autologin'], + "L_ALLOW_AUTOLOGIN_EXPLAIN" => $lang['Allow_autologin_explain'], + "L_AUTOLOGIN_TIME" => $lang['Autologin_time'], + "L_AUTOLOGIN_TIME_EXPLAIN" => $lang['Autologin_time_explain'], "L_COOKIE_SETTINGS" => $lang['Cookie_settings'], "L_COOKIE_SETTINGS_EXPLAIN" => $lang['Cookie_settings_explain'], "L_COOKIE_DOMAIN" => $lang['Cookie_domain'], *************** *** 184,189 **** --- 208,223 ---- "L_MAX_POLL_OPTIONS" => $lang['Max_poll_options'], "L_FLOOD_INTERVAL" => $lang['Flood_Interval'], "L_FLOOD_INTERVAL_EXPLAIN" => $lang['Flood_Interval_explain'], + "L_SEARCH_FLOOD_INTERVAL" => $lang['Search_Flood_Interval'], + "L_SEARCH_FLOOD_INTERVAL_EXPLAIN" => $lang['Search_Flood_Interval_explain'], + + 'L_MAX_LOGIN_ATTEMPTS' => $lang['Max_login_attempts'], + 'L_MAX_LOGIN_ATTEMPTS_EXPLAIN' => $lang['Max_login_attempts_explain'], + 'L_LOGIN_RESET_TIME' => $lang['Login_reset_time'], + 'L_LOGIN_RESET_TIME_EXPLAIN' => $lang['Login_reset_time_explain'], + 'MAX_LOGIN_ATTEMPTS' => $new['max_login_attempts'], + 'LOGIN_RESET_TIME' => $new['login_reset_time'], + "L_BOARD_EMAIL_FORM" => $lang['Board_email_form'], "L_BOARD_EMAIL_FORM_EXPLAIN" => $lang['Board_email_form_explain'], "L_TOPICS_PER_PAGE" => $lang['Topics_per_page'], *************** *** 254,264 **** "ACTIVATION_ADMIN_CHECKED" => $activation_admin, "CONFIRM_ENABLE" => $confirm_yes, "CONFIRM_DISABLE" => $confirm_no, ! "ACTIVATION_NONE_CHECKED" => $activation_none, "BOARD_EMAIL_FORM_ENABLE" => $board_email_form_yes, "BOARD_EMAIL_FORM_DISABLE" => $board_email_form_no, "MAX_POLL_OPTIONS" => $new['max_poll_options'], "FLOOD_INTERVAL" => $new['flood_interval'], "TOPICS_PER_PAGE" => $new['topics_per_page'], "POSTS_PER_PAGE" => $new['posts_per_page'], "HOT_TOPIC" => $new['hot_threshold'], --- 288,301 ---- "ACTIVATION_ADMIN_CHECKED" => $activation_admin, "CONFIRM_ENABLE" => $confirm_yes, "CONFIRM_DISABLE" => $confirm_no, ! 'ALLOW_AUTOLOGIN_YES' => $allow_autologin_yes, ! 'ALLOW_AUTOLOGIN_NO' => $allow_autologin_no, ! 'AUTOLOGIN_TIME' => (int) $new['max_autologin_time'], "BOARD_EMAIL_FORM_ENABLE" => $board_email_form_yes, "BOARD_EMAIL_FORM_DISABLE" => $board_email_form_no, "MAX_POLL_OPTIONS" => $new['max_poll_options'], "FLOOD_INTERVAL" => $new['flood_interval'], + "SEARCH_FLOOD_INTERVAL" => $new['search_flood_interval'], "TOPICS_PER_PAGE" => $new['topics_per_page'], "POSTS_PER_PAGE" => $new['posts_per_page'], "HOT_TOPIC" => $new['hot_threshold'], diff -crN phpbb2017/admin/admin_db_utilities.php phpbb2022/admin/admin_db_utilities.php *** phpbb2017/admin/admin_db_utilities.php Tue Jul 19 22:14:56 2005 --- phpbb2022/admin/admin_db_utilities.php Tue Dec 19 18:29:14 2006 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_db_utilities.php,v 1.42.2.11 2005/02/21 18:36:49 acydburn Exp $ * ****************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_db_utilities.php,v 1.42.2.14 2006/02/10 20:35:40 grahamje Exp $ * ****************************************************************************/ *************** *** 499,507 **** while($row = $db->sql_fetchrow($result)) { ! unset($schema_vals); ! unset($schema_fields); ! unset($schema_insert); // // Build the SQL statement to recreate the data. // --- 499,507 ---- while($row = $db->sql_fetchrow($result)) { ! $schema_vals = ''; ! $schema_fields = ''; ! $schema_insert = ''; // // Build the SQL statement to recreate the data. // *************** *** 516,522 **** } elseif (eregi("date|timestamp", $aryType[$i])) { ! if ($empty($strVal)) { $strQuote = ""; } --- 516,522 ---- } elseif (eregi("date|timestamp", $aryType[$i])) { ! if (empty($strVal)) { $strQuote = ""; } *************** *** 693,699 **** include('./page_footer_admin.'.$phpEx); } ! $tables = array('auth_access', 'banlist', 'categories', 'config', 'disallow', 'forums', 'forum_prune', 'groups', 'posts', 'posts_text', 'privmsgs', 'privmsgs_text', 'ranks', 'search_results', 'search_wordlist', 'search_wordmatch', 'sessions', 'smilies', 'themes', 'themes_name', 'topics', 'topics_watch', 'user_group', 'users', 'vote_desc', 'vote_results', 'vote_voters', 'words', 'confirm'); $additional_tables = (isset($HTTP_POST_VARS['additional_tables'])) ? $HTTP_POST_VARS['additional_tables'] : ( (isset($HTTP_GET_VARS['additional_tables'])) ? $HTTP_GET_VARS['additional_tables'] : "" ); --- 693,699 ---- include('./page_footer_admin.'.$phpEx); } ! $tables = array('auth_access', 'banlist', 'categories', 'config', 'disallow', 'forums', 'forum_prune', 'groups', 'posts', 'posts_text', 'privmsgs', 'privmsgs_text', 'ranks', 'search_results', 'search_wordlist', 'search_wordmatch', 'sessions', 'smilies', 'themes', 'themes_name', 'topics', 'topics_watch', 'user_group', 'users', 'vote_desc', 'vote_results', 'vote_voters', 'words', 'confirm', 'sessions_keys'); $additional_tables = (isset($HTTP_POST_VARS['additional_tables'])) ? $HTTP_POST_VARS['additional_tables'] : ( (isset($HTTP_GET_VARS['additional_tables'])) ? $HTTP_GET_VARS['additional_tables'] : "" ); diff -crN phpbb2017/admin/admin_disallow.php phpbb2022/admin/admin_disallow.php *** phpbb2017/admin/admin_disallow.php Tue Jul 19 22:14:56 2005 --- phpbb2022/admin/admin_disallow.php Tue Dec 19 18:29:14 2006 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_disallow.php,v 1.9.2.2 2002/11/26 11:42:11 psotfx Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_disallow.php,v 1.9.2.4 2005/12/18 13:57:50 grahamje Exp $ * * ***************************************************************************/ *************** *** 25,31 **** if( !empty($setmodules) ) { $filename = basename(__FILE__); ! $module['Users']['Disallow'] = append_sid($filename); return; } --- 25,31 ---- if( !empty($setmodules) ) { $filename = basename(__FILE__); ! $module['Users']['Disallow'] = $filename; return; } *************** *** 45,51 **** if ($disallowed_user == '') { ! message_die(MESSAGE, $lang['Fields_empty']); } if( !validate_username($disallowed_user) ) { --- 45,51 ---- if ($disallowed_user == '') { ! message_die(GENERAL_MESSAGE, $lang['Fields_empty']); } if( !validate_username($disallowed_user) ) { diff -crN phpbb2017/admin/admin_forums.php phpbb2022/admin/admin_forums.php *** phpbb2017/admin/admin_forums.php Tue Jul 19 22:14:56 2005 --- phpbb2022/admin/admin_forums.php Tue Dec 19 18:29:14 2006 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_forums.php,v 1.40.2.12 2005/05/07 22:18:10 acydburn Exp $ * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_forums.php,v 1.40.2.13 2006/03/09 21:55:09 grahamje Exp $ * ***************************************************************************/ *************** *** 39,46 **** $forum_auth_ary = array( "auth_view" => AUTH_ALL, "auth_read" => AUTH_ALL, ! "auth_post" => AUTH_ALL, ! "auth_reply" => AUTH_ALL, "auth_edit" => AUTH_REG, "auth_delete" => AUTH_REG, "auth_sticky" => AUTH_MOD, --- 39,46 ---- $forum_auth_ary = array( "auth_view" => AUTH_ALL, "auth_read" => AUTH_ALL, ! "auth_post" => AUTH_REG, ! "auth_reply" => AUTH_REG, "auth_edit" => AUTH_REG, "auth_delete" => AUTH_REG, "auth_sticky" => AUTH_MOD, diff -crN phpbb2017/admin/admin_groups.php phpbb2022/admin/admin_groups.php *** phpbb2017/admin/admin_groups.php Tue Jul 19 22:14:56 2005 --- phpbb2022/admin/admin_groups.php Tue Dec 19 18:29:14 2006 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_groups.php,v 1.25.2.9 2004/03/25 15:57:20 acydburn Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_groups.php,v 1.25.2.13 2006/03/09 19:42:41 grahamje Exp $ * * ***************************************************************************/ *************** *** 104,124 **** // // Ok, now we know everything about them, let's show the page. // ! $sql = "SELECT user_id, username ! FROM " . USERS_TABLE . " ! WHERE user_id <> " . ANONYMOUS . " ! ORDER BY username"; ! if ( !($result = $db->sql_query($sql)) ) { ! message_die(GENERAL_ERROR, 'Could not obtain user info for moderator list', '', __LINE__, __FILE__, $sql); ! } ! while ( $row = $db->sql_fetchrow($result) ) ! { ! if ( $row['user_id'] == $group_info['group_moderator'] ) { ! $group_moderator = $row['username']; } } $group_open = ( $group_info['group_type'] == GROUP_OPEN ) ? ' checked="checked"' : ''; --- 104,129 ---- // // Ok, now we know everything about them, let's show the page. // ! if ($group_info['group_moderator'] != '') { ! $sql = "SELECT user_id, username ! FROM " . USERS_TABLE . " ! WHERE user_id = " . $group_info['group_moderator']; ! if ( !($result = $db->sql_query($sql)) ) ! { ! message_die(GENERAL_ERROR, 'Could not obtain user info for moderator list', '', __LINE__, __FILE__, $sql); ! } ! if ( !($row = $db->sql_fetchrow($result)) ) { ! message_die(GENERAL_ERROR, 'Could not obtain user info for moderator list', '', __LINE__, __FILE__, $sql); } + + $group_moderator = $row['username']; + } + else + { + $group_moderator = ''; } $group_open = ( $group_info['group_type'] == GROUP_OPEN ) ? ' checked="checked"' : ''; *************** *** 250,256 **** else { $group_type = isset($HTTP_POST_VARS['group_type']) ? intval($HTTP_POST_VARS['group_type']) : GROUP_OPEN; ! $group_name = isset($HTTP_POST_VARS['group_name']) ? trim($HTTP_POST_VARS['group_name']) : ''; $group_description = isset($HTTP_POST_VARS['group_description']) ? trim($HTTP_POST_VARS['group_description']) : ''; $group_moderator = isset($HTTP_POST_VARS['username']) ? $HTTP_POST_VARS['username'] : ''; $delete_old_moderator = isset($HTTP_POST_VARS['delete_old_moderator']) ? true : false; --- 255,261 ---- else { $group_type = isset($HTTP_POST_VARS['group_type']) ? intval($HTTP_POST_VARS['group_type']) : GROUP_OPEN; ! $group_name = isset($HTTP_POST_VARS['group_name']) ? htmlspecialchars(trim($HTTP_POST_VARS['group_name'])) : ''; $group_description = isset($HTTP_POST_VARS['group_description']) ? trim($HTTP_POST_VARS['group_description']) : ''; $group_moderator = isset($HTTP_POST_VARS['username']) ? $HTTP_POST_VARS['username'] : ''; $delete_old_moderator = isset($HTTP_POST_VARS['delete_old_moderator']) ? true : false; diff -crN phpbb2017/admin/admin_ranks.php phpbb2022/admin/admin_ranks.php *** phpbb2017/admin/admin_ranks.php Tue Jul 19 22:14:56 2005 --- phpbb2022/admin/admin_ranks.php Tue Dec 19 18:29:14 2006 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_ranks.php,v 1.13.2.4 2004/03/25 15:57:20 acydburn Exp $ * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_ranks.php,v 1.13.2.8 2006/04/13 09:56:48 grahamje Exp $ * ***************************************************************************/ *************** *** 19,43 **** * ***************************************************************************/ - define('IN_PHPBB', 1); - if( !empty($setmodules) ) { $file = basename(__FILE__); ! $module['Users']['Ranks'] = "$file"; return; } // // Let's set the root dir for phpBB // $phpbb_root_path = "./../"; require($phpbb_root_path . 'extension.inc'); require('./pagestart.' . $phpEx); if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) ) { ! $mode = ($HTTP_GET_VARS['mode']) ? $HTTP_GET_VARS['mode'] : $HTTP_POST_VARS['mode']; $mode = htmlspecialchars($mode); } else --- 19,52 ---- * ***************************************************************************/ if( !empty($setmodules) ) { $file = basename(__FILE__); ! $module['Users']['Ranks'] = $file; return; } + define('IN_PHPBB', 1); + // // Let's set the root dir for phpBB // $phpbb_root_path = "./../"; require($phpbb_root_path . 'extension.inc'); + + $cancel = ( isset($HTTP_POST_VARS['cancel']) ) ? true : false; + $no_page_header = $cancel; + require('./pagestart.' . $phpEx); + if ($cancel) + { + redirect('admin/' . append_sid("admin_ranks.$phpEx", true)); + } + if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) ) { ! $mode = (isset($HTTP_GET_VARS['mode'])) ? $HTTP_GET_VARS['mode'] : $HTTP_POST_VARS['mode']; $mode = htmlspecialchars($mode); } else *************** *** 59,64 **** --- 68,75 ---- } } + // Restrict mode input to valid options + $mode = ( in_array($mode, array('add', 'edit', 'save', 'delete')) ) ? $mode : ''; if( $mode != "" ) { *************** *** 213,220 **** { $rank_id = 0; } ! if( $rank_id ) { $sql = "DELETE FROM " . RANKS_TABLE . " WHERE rank_id = $rank_id"; --- 224,233 ---- { $rank_id = 0; } + + $confirm = isset($HTTP_POST_VARS['confirm']); ! if( $rank_id && $confirm ) { $sql = "DELETE FROM " . RANKS_TABLE . " WHERE rank_id = $rank_id"; *************** *** 238,372 **** message_die(GENERAL_MESSAGE, $message); } ! else ! { ! message_die(GENERAL_MESSAGE, $lang['Must_select_rank']); ! } ! } ! else ! { ! // ! // They didn't feel like giving us any information. Oh, too bad, we'll just display the ! // list then... ! // ! $template->set_filenames(array( ! "body" => "admin/ranks_list_body.tpl") ! ); ! ! $sql = "SELECT * FROM " . RANKS_TABLE . " ! ORDER BY rank_min, rank_title"; ! if( !$result = $db->sql_query($sql) ) ! { ! message_die(GENERAL_ERROR, "Couldn't obtain ranks data", "", __LINE__, __FILE__, $sql); ! } ! ! $rank_rows = $db->sql_fetchrowset($result); ! $rank_count = count($rank_rows); ! ! $template->assign_vars(array( ! "L_RANKS_TITLE" => $lang['Ranks_title'], ! "L_RANKS_TEXT" => $lang['Ranks_explain'], ! "L_RANK" => $lang['Rank_title'], ! "L_RANK_MINIMUM" => $lang['Rank_minimum'], ! "L_SPECIAL_RANK" => $lang['Special_rank'], ! "L_EDIT" => $lang['Edit'], ! "L_DELETE" => $lang['Delete'], ! "L_ADD_RANK" => $lang['Add_new_rank'], ! "L_ACTION" => $lang['Action'], ! ! "S_RANKS_ACTION" => append_sid("admin_ranks.$phpEx")) ! ); ! ! for( $i = 0; $i < $rank_count; $i++) { ! $rank = $rank_rows[$i]['rank_title']; ! $special_rank = $rank_rows[$i]['rank_special']; ! $rank_id = $rank_rows[$i]['rank_id']; ! $rank_min = $rank_rows[$i]['rank_min']; ! if($special_rank) ! { ! $rank_min = $rank_max = "-"; ! } ! ! $row_color = ( !($i % 2) ) ? $theme['td_color1'] : $theme['td_color2']; ! $row_class = ( !($i % 2) ) ? $theme['td_class1'] : $theme['td_class2']; ! ! $template->assign_block_vars("ranks", array( ! "ROW_COLOR" => "#" . $row_color, ! "ROW_CLASS" => $row_class, ! "RANK" => $rank, ! "RANK_MIN" => $rank_min, ! "SPECIAL_RANK" => ( $special_rank == 1 ) ? $lang['Yes'] : $lang['No'], ! "U_RANK_EDIT" => append_sid("admin_ranks.$phpEx?mode=edit&id=$rank_id"), ! "U_RANK_DELETE" => append_sid("admin_ranks.$phpEx?mode=delete&id=$rank_id")) ); } } } ! else { ! // ! // Show the default page ! // ! $template->set_filenames(array( ! "body" => "admin/ranks_list_body.tpl") ! ); ! ! $sql = "SELECT * FROM " . RANKS_TABLE . " ! ORDER BY rank_min ASC, rank_special ASC"; ! if( !$result = $db->sql_query($sql) ) ! { ! message_die(GENERAL_ERROR, "Couldn't obtain ranks data", "", __LINE__, __FILE__, $sql); ! } ! $rank_count = $db->sql_numrows($result); ! $rank_rows = $db->sql_fetchrowset($result); ! $template->assign_vars(array( ! "L_RANKS_TITLE" => $lang['Ranks_title'], ! "L_RANKS_TEXT" => $lang['Ranks_explain'], ! "L_RANK" => $lang['Rank_title'], ! "L_RANK_MINIMUM" => $lang['Rank_minimum'], ! "L_SPECIAL_RANK" => $lang['Rank_special'], ! "L_EDIT" => $lang['Edit'], ! "L_DELETE" => $lang['Delete'], ! "L_ADD_RANK" => $lang['Add_new_rank'], ! "L_ACTION" => $lang['Action'], ! ! "S_RANKS_ACTION" => append_sid("admin_ranks.$phpEx")) ! ); ! for($i = 0; $i < $rank_count; $i++) { ! $rank = $rank_rows[$i]['rank_title']; ! $special_rank = $rank_rows[$i]['rank_special']; ! $rank_id = $rank_rows[$i]['rank_id']; ! $rank_min = $rank_rows[$i]['rank_min']; ! ! if( $special_rank == 1 ) ! { ! $rank_min = $rank_max = "-"; ! } ! $row_color = ( !($i % 2) ) ? $theme['td_color1'] : $theme['td_color2']; ! $row_class = ( !($i % 2) ) ? $theme['td_class1'] : $theme['td_class2']; ! $rank_is_special = ( $special_rank ) ? $lang['Yes'] : $lang['No']; ! ! $template->assign_block_vars("ranks", array( ! "ROW_COLOR" => "#" . $row_color, ! "ROW_CLASS" => $row_class, ! "RANK" => $rank, ! "SPECIAL_RANK" => $rank_is_special, ! "RANK_MIN" => $rank_min, ! "U_RANK_EDIT" => append_sid("admin_ranks.$phpEx?mode=edit&id=$rank_id"), ! "U_RANK_DELETE" => append_sid("admin_ranks.$phpEx?mode=delete&id=$rank_id")) ! ); ! } } $template->pparse("body"); --- 251,345 ---- message_die(GENERAL_MESSAGE, $message); } ! elseif( $rank_id && !$confirm) { ! // Present the confirmation screen to the user ! $template->set_filenames(array( ! 'body' => 'admin/confirm_body.tpl') ! ); ! $hidden_fields = ''; ! $template->assign_vars(array( ! 'MESSAGE_TITLE' => $lang['Confirm'], ! 'MESSAGE_TEXT' => $lang['Confirm_delete_rank'], ! 'L_YES' => $lang['Yes'], ! 'L_NO' => $lang['No'], ! ! 'S_CONFIRM_ACTION' => append_sid("admin_ranks.$phpEx"), ! 'S_HIDDEN_FIELDS' => $hidden_fields) ); } + else + { + message_die(GENERAL_MESSAGE, $lang['Must_select_rank']); + } } + + $template->pparse("body"); + + include('./page_footer_admin.'.$phpEx); } ! ! // ! // Show the default page ! // ! $template->set_filenames(array( ! "body" => "admin/ranks_list_body.tpl") ! ); ! ! $sql = "SELECT * FROM " . RANKS_TABLE . " ! ORDER BY rank_min ASC, rank_special ASC"; ! if( !$result = $db->sql_query($sql) ) { ! message_die(GENERAL_ERROR, "Couldn't obtain ranks data", "", __LINE__, __FILE__, $sql); ! } ! $rank_count = $db->sql_numrows($result); ! ! $rank_rows = $db->sql_fetchrowset($result); ! $template->assign_vars(array( ! "L_RANKS_TITLE" => $lang['Ranks_title'], ! "L_RANKS_TEXT" => $lang['Ranks_explain'], ! "L_RANK" => $lang['Rank_title'], ! "L_RANK_MINIMUM" => $lang['Rank_minimum'], ! "L_SPECIAL_RANK" => $lang['Rank_special'], ! "L_EDIT" => $lang['Edit'], ! "L_DELETE" => $lang['Delete'], ! "L_ADD_RANK" => $lang['Add_new_rank'], ! "L_ACTION" => $lang['Action'], ! "S_RANKS_ACTION" => append_sid("admin_ranks.$phpEx")) ! ); ! ! for($i = 0; $i < $rank_count; $i++) ! { ! $rank = $rank_rows[$i]['rank_title']; ! $special_rank = $rank_rows[$i]['rank_special']; ! $rank_id = $rank_rows[$i]['rank_id']; ! $rank_min = $rank_rows[$i]['rank_min']; ! if( $special_rank == 1 ) { ! $rank_min = $rank_max = "-"; ! } ! $row_color = ( !($i % 2) ) ? $theme['td_color1'] : $theme['td_color2']; ! $row_class = ( !($i % 2) ) ? $theme['td_class1'] : $theme['td_class2']; ! $rank_is_special = ( $special_rank ) ? $lang['Yes'] : $lang['No']; ! ! $template->assign_block_vars("ranks", array( ! "ROW_COLOR" => "#" . $row_color, ! "ROW_CLASS" => $row_class, ! "RANK" => $rank, ! "SPECIAL_RANK" => $rank_is_special, ! "RANK_MIN" => $rank_min, ! "U_RANK_EDIT" => append_sid("admin_ranks.$phpEx?mode=edit&id=$rank_id"), ! "U_RANK_DELETE" => append_sid("admin_ranks.$phpEx?mode=delete&id=$rank_id")) ! ); } $template->pparse("body"); diff -crN phpbb2017/admin/admin_smilies.php phpbb2022/admin/admin_smilies.php *** phpbb2017/admin/admin_smilies.php Tue Jul 19 22:14:56 2005 --- phpbb2022/admin/admin_smilies.php Tue Dec 19 18:29:14 2006 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_smilies.php,v 1.22.2.14 2005/05/06 20:50:09 acydburn Exp $ * ****************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_smilies.php,v 1.22.2.18 2006/04/13 09:56:48 grahamje Exp $ * ****************************************************************************/ *************** *** 49,56 **** --- 49,65 ---- $phpbb_root_path = "./../"; require($phpbb_root_path . 'extension.inc'); + + $cancel = ( isset($HTTP_POST_VARS['cancel']) ) ? true : false; + $no_page_header = $cancel; + require('./pagestart.' . $phpEx); + if ($cancel) + { + redirect('admin/' . append_sid("admin_smilies.$phpEx", true)); + } + // // Check to see what mode we should operate in. // *************** *** 316,332 **** $smiley_id = ( !empty($HTTP_POST_VARS['id']) ) ? $HTTP_POST_VARS['id'] : $HTTP_GET_VARS['id']; $smiley_id = intval($smiley_id); ! $sql = "DELETE FROM " . SMILIES_TABLE . " ! WHERE smilies_id = " . $smiley_id; ! $result = $db->sql_query($sql); ! if( !$result ) { ! message_die(GENERAL_ERROR, "Couldn't delete smiley", "", __LINE__, __FILE__, $sql); } ! $message = $lang['smiley_del_success'] . "

" . sprintf($lang['Click_return_smileadmin'], "", "") . "

" . sprintf($lang['Click_return_admin_index'], "", ""); ! message_die(GENERAL_MESSAGE, $message); break; case 'edit': --- 325,367 ---- $smiley_id = ( !empty($HTTP_POST_VARS['id']) ) ? $HTTP_POST_VARS['id'] : $HTTP_GET_VARS['id']; $smiley_id = intval($smiley_id); ! $confirm = isset($HTTP_POST_VARS['confirm']); ! ! if( $confirm ) { ! $sql = "DELETE FROM " . SMILIES_TABLE . " ! WHERE smilies_id = " . $smiley_id; ! $result = $db->sql_query($sql); ! if( !$result ) ! { ! message_die(GENERAL_ERROR, "Couldn't delete smiley", "", __LINE__, __FILE__, $sql); ! } ! ! $message = $lang['smiley_del_success'] . "

" . sprintf($lang['Click_return_smileadmin'], "", "") . "

" . sprintf($lang['Click_return_admin_index'], "", ""); ! ! message_die(GENERAL_MESSAGE, $message); } + else + { + // Present the confirmation screen to the user + $template->set_filenames(array( + 'body' => 'admin/confirm_body.tpl') + ); ! $hidden_fields = ''; ! $template->assign_vars(array( ! 'MESSAGE_TITLE' => $lang['Confirm'], ! 'MESSAGE_TEXT' => $lang['Confirm_delete_smiley'], ! ! 'L_YES' => $lang['Yes'], ! 'L_NO' => $lang['No'], ! ! 'S_CONFIRM_ACTION' => append_sid("admin_smilies.$phpEx"), ! 'S_HIDDEN_FIELDS' => $hidden_fields) ! ); ! $template->pparse('body'); ! } break; case 'edit': *************** *** 402,416 **** // Get the submitted data, being careful to ensure that we only // accept the data we are looking for. // ! $smile_code = ( isset($HTTP_POST_VARS['smile_code']) ) ? trim($HTTP_POST_VARS['smile_code']) : trim($HTTP_GET_VARS['smile_code']); ! $smile_url = ( isset($HTTP_POST_VARS['smile_url']) ) ? trim($HTTP_POST_VARS['smile_url']) : trim($HTTP_GET_VARS['smile_url']); ! $smile_emotion = ( isset($HTTP_POST_VARS['smile_emotion']) ) ? trim($HTTP_POST_VARS['smile_emotion']) : trim($HTTP_GET_VARS['smile_emotion']); ! $smile_id = ( isset($HTTP_POST_VARS['smile_id']) ) ? intval($HTTP_POST_VARS['smile_id']) : intval($HTTP_GET_VARS['smile_id']); // If no code was entered complain ... if ($smile_code == '' || $smile_url == '') { ! message_die(MESSAGE, $lang['Fields_empty']); } // --- 437,454 ---- // Get the submitted data, being careful to ensure that we only // accept the data we are looking for. // ! $smile_code = ( isset($HTTP_POST_VARS['smile_code']) ) ? trim($HTTP_POST_VARS['smile_code']) : ''; ! $smile_url = ( isset($HTTP_POST_VARS['smile_url']) ) ? trim($HTTP_POST_VARS['smile_url']) : ''; ! $smile_url = phpbb_ltrim(basename($smile_url), "'"); ! $smile_emotion = ( isset($HTTP_POST_VARS['smile_emotion']) ) ? htmlspecialchars(trim($HTTP_POST_VARS['smile_emotion'])) : ''; ! $smile_id = ( isset($HTTP_POST_VARS['smile_id']) ) ? intval($HTTP_POST_VARS['smile_id']) : 0; ! $smile_code = trim($smile_code); ! $smile_url = trim($smile_url); // If no code was entered complain ... if ($smile_code == '' || $smile_url == '') { ! message_die(GENERAL_MESSAGE, $lang['Fields_empty']); } // *************** *** 444,460 **** // Get the submitted data being careful to ensure the the data // we recieve and process is only the data we are looking for. // ! $smile_code = ( isset($HTTP_POST_VARS['smile_code']) ) ? $HTTP_POST_VARS['smile_code'] : $HTTP_GET_VARS['smile_code']; ! $smile_url = ( isset($HTTP_POST_VARS['smile_url']) ) ? $HTTP_POST_VARS['smile_url'] : $HTTP_GET_VARS['smile_url']; ! $smile_emotion = ( isset($HTTP_POST_VARS['smile_emotion']) ) ? $HTTP_POST_VARS['smile_emotion'] : $HTTP_GET_VARS['smile_emotion']; $smile_code = trim($smile_code); $smile_url = trim($smile_url); - $smile_emotion = trim($smile_emotion); // If no code was entered complain ... if ($smile_code == '' || $smile_url == '') { ! message_die(MESSAGE, $lang['Fields_empty']); } // --- 482,498 ---- // Get the submitted data being careful to ensure the the data // we recieve and process is only the data we are looking for. // ! $smile_code = ( isset($HTTP_POST_VARS['smile_code']) ) ? $HTTP_POST_VARS['smile_code'] : ''; ! $smile_url = ( isset($HTTP_POST_VARS['smile_url']) ) ? $HTTP_POST_VARS['smile_url'] : ''; ! $smile_url = phpbb_ltrim(basename($smile_url), "'"); ! $smile_emotion = ( isset($HTTP_POST_VARS['smile_emotion']) ) ? htmlspecialchars(trim($HTTP_POST_VARS['smile_emotion'])) : ''; $smile_code = trim($smile_code); $smile_url = trim($smile_url); // If no code was entered complain ... if ($smile_code == '' || $smile_url == '') { ! message_die(GENERAL_MESSAGE, $lang['Fields_empty']); } // diff -crN phpbb2017/admin/admin_styles.php phpbb2022/admin/admin_styles.php *** phpbb2017/admin/admin_styles.php Tue Jul 19 22:14:56 2005 --- phpbb2022/admin/admin_styles.php Tue Dec 19 18:29:14 2006 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_styles.php,v 1.27.2.14 2005/03/17 17:33:30 acydburn Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_styles.php,v 1.27.2.17 2006/04/20 13:34:15 grahamje Exp $ * * ***************************************************************************/ *************** *** 27,33 **** $file = basename(__FILE__); $module['Styles']['Add_new'] = "$file?mode=addnew"; $module['Styles']['Create_new'] = "$file?mode=create"; ! $module['Styles']['Manage'] = "$file"; $module['Styles']['Export'] = "$file?mode=export"; return; } --- 27,33 ---- $file = basename(__FILE__); $module['Styles']['Add_new'] = "$file?mode=addnew"; $module['Styles']['Create_new'] = "$file?mode=create"; ! $module['Styles']['Manage'] = $file; $module['Styles']['Export'] = "$file?mode=export"; return; } *************** *** 582,587 **** --- 582,588 ---- "L_SIMPLE_NAME" => $lang['Simple_name'], "L_VALUE" => $lang['Value'], "L_STYLESHEET" => $lang['Stylesheet'], + "L_STYLESHEET_EXPLAIN" => $lang['Stylesheet_explain'], "L_BACKGROUND_IMAGE" => $lang['Background_image'], "L_BACKGROUND_COLOR" => $lang['Background_color'], "L_BODY_TEXT_COLOR" => $lang['Text_color'], *************** *** 835,841 **** // Set template files // $template->set_filenames(array( ! "confirm" => "confirm_body.tpl") ); $template->assign_vars(array( --- 836,842 ---- // Set template files // $template->set_filenames(array( ! "confirm" => "admin/confirm_body.tpl") ); $template->assign_vars(array( diff -crN phpbb2017/admin/admin_ug_auth.php phpbb2022/admin/admin_ug_auth.php *** phpbb2017/admin/admin_ug_auth.php Tue Jul 19 22:14:56 2005 --- phpbb2022/admin/admin_ug_auth.php Tue Dec 19 18:29:15 2006 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_ug_auth.php,v 1.13.2.9 2005/07/19 20:01:05 acydburn Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_ug_auth.php,v 1.13.2.10 2005/09/14 18:14:29 acydburn Exp $ * * ***************************************************************************/ *************** *** 251,259 **** } } ! $sql = "SELECT * ! FROM " . FORUMS_TABLE . " f ! ORDER BY forum_order"; if ( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, "Couldn't obtain forum information", "", __LINE__, __FILE__, $sql); --- 251,260 ---- } } ! $sql = 'SELECT f.* ! FROM ' . FORUMS_TABLE . ' f, ' . CATEGORIES_TABLE . ' c ! WHERE f.cat_id = c.cat_id ! ORDER BY c.cat_order, f.forum_order'; if ( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, "Couldn't obtain forum information", "", __LINE__, __FILE__, $sql); *************** *** 831,839 **** } } if( count($name) ) { - $t_usergroup_list = $t_pending_list = ''; for($i = 0; $i < count($ug_info); $i++) { $ug = ( $mode == 'user' ) ? 'group&' . POST_GROUPS_URL : 'user&' . POST_USERS_URL; --- 832,840 ---- } } + $t_usergroup_list = $t_pending_list = ''; if( count($name) ) { for($i = 0; $i < count($ug_info); $i++) { $ug = ( $mode == 'user' ) ? 'group&' . POST_GROUPS_URL : 'user&' . POST_USERS_URL; *************** *** 848,857 **** } } } ! else ! { ! $t_usergroup_list = $lang['None']; ! } $s_column_span = 2; // Two columns always present if( !$adv ) --- 849,857 ---- } } } ! ! $t_usergroup_list = ($t_usergroup_list == '') ? $lang['None'] : $t_usergroup_list; ! $t_pending_list = ($t_pending_list == '') ? $lang['None'] : $t_pending_list; $s_column_span = 2; // Two columns always present if( !$adv ) diff -crN phpbb2017/admin/admin_user_ban.php phpbb2022/admin/admin_user_ban.php *** phpbb2017/admin/admin_user_ban.php Tue Jul 19 22:14:56 2005 --- phpbb2022/admin/admin_user_ban.php Tue Dec 19 18:29:15 2006 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_user_ban.php,v 1.21.2.5 2004/03/25 15:57:20 acydburn Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_user_ban.php,v 1.21.2.6 2005/10/30 15:17:13 acydburn Exp $ * * ***************************************************************************/ *************** *** 155,161 **** // contained in the annotated php manual at php.com (ereg // section) // ! if (preg_match('#^(([a-z0-9&.-_+])|(\*))+@[a-z0-9\-]+\.([a-z0-9\-]+\.)*?[a-z]+$#is', trim($email_list_temp[$i]))) { $email_list[] = trim($email_list_temp[$i]); } --- 155,161 ---- // contained in the annotated php manual at php.com (ereg // section) // ! if (preg_match('/^(([a-z0-9&\'\.\-_\+])|(\*))+@(([a-z0-9\-])|(\*))+\.([a-z0-9\-]+\.)*?[a-z]+$/is', trim($email_list_temp[$i]))) { $email_list[] = trim($email_list_temp[$i]); } diff -crN phpbb2017/admin/admin_users.php phpbb2022/admin/admin_users.php *** phpbb2017/admin/admin_users.php Tue Jul 19 22:14:56 2005 --- phpbb2022/admin/admin_users.php Tue Dec 19 18:29:15 2006 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_users.php,v 1.57.2.27 2005/07/19 20:01:07 acydburn Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_users.php,v 1.57.2.35 2006/03/26 14:43:24 grahamje Exp $ * * ***************************************************************************/ *************** *** 71,77 **** message_die(GENERAL_MESSAGE, $lang['No_user_id_specified'] ); } ! if( $HTTP_POST_VARS['deleteuser'] ) { $sql = "SELECT g.group_id FROM " . USER_GROUP_TABLE . " ug, " . GROUPS_TABLE . " g --- 71,77 ---- message_die(GENERAL_MESSAGE, $lang['No_user_id_specified'] ); } ! if( $HTTP_POST_VARS['deleteuser'] && ( $userdata['user_id'] != $user_id ) ) { $sql = "SELECT g.group_id FROM " . USER_GROUP_TABLE . " ug, " . GROUPS_TABLE . " g *************** *** 177,182 **** --- 177,196 ---- message_die(GENERAL_ERROR, 'Could not delete user from banlist table', '', __LINE__, __FILE__, $sql); } + $sql = "DELETE FROM " . SESSIONS_TABLE . " + WHERE session_user_id = $user_id"; + if ( !$db->sql_query($sql) ) + { + message_die(GENERAL_ERROR, 'Could not delete sessions for this user', '', __LINE__, __FILE__, $sql); + } + + $sql = "DELETE FROM " . SESSIONS_KEYS_TABLE . " + WHERE user_id = $user_id"; + if ( !$db->sql_query($sql) ) + { + message_die(GENERAL_ERROR, 'Could not delete auto-login keys for this user', '', __LINE__, __FILE__, $sql); + } + $sql = "SELECT privmsgs_id FROM " . PRIVMSGS_TABLE . " WHERE privmsgs_from_userid = $user_id *************** *** 217,223 **** message_die(GENERAL_MESSAGE, $message); } ! $username = ( !empty($HTTP_POST_VARS['username']) ) ? trim(strip_tags(htmlspecialchars($HTTP_POST_VARS['username']))) : ''; $email = ( !empty($HTTP_POST_VARS['email']) ) ? trim(strip_tags(htmlspecialchars( $HTTP_POST_VARS['email'] ) )) : ''; $password = ( !empty($HTTP_POST_VARS['password']) ) ? trim(strip_tags(htmlspecialchars( $HTTP_POST_VARS['password'] ) )) : ''; --- 231,237 ---- message_die(GENERAL_MESSAGE, $message); } ! $username = ( !empty($HTTP_POST_VARS['username']) ) ? phpbb_clean_username($HTTP_POST_VARS['username']) : ''; $email = ( !empty($HTTP_POST_VARS['email']) ) ? trim(strip_tags(htmlspecialchars( $HTTP_POST_VARS['email'] ) )) : ''; $password = ( !empty($HTTP_POST_VARS['password']) ) ? trim(strip_tags(htmlspecialchars( $HTTP_POST_VARS['password'] ) )) : ''; *************** *** 247,259 **** $allowbbcode = ( isset( $HTTP_POST_VARS['allowbbcode']) ) ? intval( $HTTP_POST_VARS['allowbbcode'] ) : $board_config['allow_bbcode']; $allowsmilies = ( isset( $HTTP_POST_VARS['allowsmilies']) ) ? intval( $HTTP_POST_VARS['allowsmilies'] ) : $board_config['allow_smilies']; ! $user_style = ( $HTTP_POST_VARS['style'] ) ? intval( $HTTP_POST_VARS['style'] ) : $board_config['default_style']; $user_lang = ( $HTTP_POST_VARS['language'] ) ? $HTTP_POST_VARS['language'] : $board_config['default_lang']; $user_timezone = ( isset( $HTTP_POST_VARS['timezone']) ) ? doubleval( $HTTP_POST_VARS['timezone'] ) : $board_config['board_timezone']; - $user_template = ( $HTTP_POST_VARS['template'] ) ? $HTTP_POST_VARS['template'] : $board_config['board_template']; $user_dateformat = ( $HTTP_POST_VARS['dateformat'] ) ? trim( $HTTP_POST_VARS['dateformat'] ) : $board_config['default_dateformat']; $user_avatar_local = ( isset( $HTTP_POST_VARS['avatarselect'] ) && !empty($HTTP_POST_VARS['submitavatar'] ) && $board_config['allow_avatar_local'] ) ? $HTTP_POST_VARS['avatarselect'] : ( ( isset( $HTTP_POST_VARS['avatarlocal'] ) ) ? $HTTP_POST_VARS['avatarlocal'] : '' ); $user_avatar_remoteurl = ( !empty($HTTP_POST_VARS['avatarremoteurl']) ) ? trim( $HTTP_POST_VARS['avatarremoteurl'] ) : ''; $user_avatar_url = ( !empty($HTTP_POST_VARS['avatarurl']) ) ? trim( $HTTP_POST_VARS['avatarurl'] ) : ''; --- 261,273 ---- $allowbbcode = ( isset( $HTTP_POST_VARS['allowbbcode']) ) ? intval( $HTTP_POST_VARS['allowbbcode'] ) : $board_config['allow_bbcode']; $allowsmilies = ( isset( $HTTP_POST_VARS['allowsmilies']) ) ? intval( $HTTP_POST_VARS['allowsmilies'] ) : $board_config['allow_smilies']; ! $user_style = ( isset( $HTTP_POST_VARS['style'] ) ) ? intval( $HTTP_POST_VARS['style'] ) : $board_config['default_style']; $user_lang = ( $HTTP_POST_VARS['language'] ) ? $HTTP_POST_VARS['language'] : $board_config['default_lang']; $user_timezone = ( isset( $HTTP_POST_VARS['timezone']) ) ? doubleval( $HTTP_POST_VARS['timezone'] ) : $board_config['board_timezone']; $user_dateformat = ( $HTTP_POST_VARS['dateformat'] ) ? trim( $HTTP_POST_VARS['dateformat'] ) : $board_config['default_dateformat']; $user_avatar_local = ( isset( $HTTP_POST_VARS['avatarselect'] ) && !empty($HTTP_POST_VARS['submitavatar'] ) && $board_config['allow_avatar_local'] ) ? $HTTP_POST_VARS['avatarselect'] : ( ( isset( $HTTP_POST_VARS['avatarlocal'] ) ) ? $HTTP_POST_VARS['avatarlocal'] : '' ); + $user_avatar_category = ( isset($HTTP_POST_VARS['avatarcatname']) && $board_config['allow_avatar_local'] ) ? htmlspecialchars($HTTP_POST_VARS['avatarcatname']) : '' ; $user_avatar_remoteurl = ( !empty($HTTP_POST_VARS['avatarremoteurl']) ) ? trim( $HTTP_POST_VARS['avatarremoteurl'] ) : ''; $user_avatar_url = ( !empty($HTTP_POST_VARS['avatarurl']) ) ? trim( $HTTP_POST_VARS['avatarurl'] ) : ''; *************** *** 293,299 **** if ( !isset($HTTP_POST_VARS['cancelavatar'])) { ! $user_avatar = $user_avatar_local; $user_avatar_type = USER_AVATAR_GALLERY; } } --- 307,313 ---- if ( !isset($HTTP_POST_VARS['cancelavatar'])) { ! $user_avatar = $user_avatar_category . '/' . $user_avatar_local; $user_avatar_type = USER_AVATAR_GALLERY; } } *************** *** 389,397 **** { if( $this_userdata['user_avatar_type'] == USER_AVATAR_UPLOAD && $this_userdata['user_avatar'] != "" ) { ! if( @file_exists(@phpbb_realpath("./" . $board_config['avatar_path'] . "/" . $this_userdata['user_avatar'])) ) { ! @unlink("./" . $board_config['avatar_path'] . "/" . $this_userdata['user_avatar']); } } $avatar_sql = ", user_avatar = '', user_avatar_type = " . USER_AVATAR_NONE; --- 403,411 ---- { if( $this_userdata['user_avatar_type'] == USER_AVATAR_UPLOAD && $this_userdata['user_avatar'] != "" ) { ! if( @file_exists(@phpbb_realpath('./../' . $board_config['avatar_path'] . "/" . $this_userdata['user_avatar'])) ) { ! @unlink('./../' . $board_config['avatar_path'] . "/" . $this_userdata['user_avatar']); } } $avatar_sql = ", user_avatar = '', user_avatar_type = " . USER_AVATAR_NONE; *************** *** 645,651 **** } else if( $user_avatar_local != "" && $avatar_sql == "" && !$error ) { ! $avatar_sql = ", user_avatar = '" . str_replace("\'", "''", $user_avatar_local) . "', user_avatar_type = " . USER_AVATAR_GALLERY; } // --- 659,665 ---- } else if( $user_avatar_local != "" && $avatar_sql == "" && !$error ) { ! $avatar_sql = ", user_avatar = '" . str_replace("\'", "''", phpbb_ltrim(basename($user_avatar_category), "'") . '/' . phpbb_ltrim(basename($user_avatar_local), "'")) . "', user_avatar_type = " . USER_AVATAR_GALLERY; } // *************** *** 681,693 **** message_die(GENERAL_ERROR, 'Error removing user session', '', __LINE__, __FILE__, $sql); } } $message .= $lang['Admin_user_updated']; } else { ! $error = TRUE; ! $error_msg .= ( ( isset($error_msg) ) ? '
' : '' ) . $lang['Admin_user_fail']; } $message .= '

' . sprintf($lang['Click_return_useradmin'], '', '') . '

' . sprintf($lang['Click_return_admin_index'], '', ''); --- 695,713 ---- message_die(GENERAL_ERROR, 'Error removing user session', '', __LINE__, __FILE__, $sql); } } + + // We remove all stored login keys since the password has been updated + // and change the current one (if applicable) + if ( !empty($passwd_sql) ) + { + session_reset_keys($user_id, $user_ip); + } $message .= $lang['Admin_user_updated']; } else { ! message_die(GENERAL_ERROR, 'Admin_user_fail', '', __LINE__, __FILE__, $sql); } $message .= '

' . sprintf($lang['Click_return_useradmin'], '', '') . '

' . sprintf($lang['Click_return_admin_index'], '', ''); *************** *** 822,828 **** { if( preg_match("/(\.gif$|\.png$|\.jpg)$/is", $sub_file) ) { ! $avatar_images[$file][$avatar_row_count][$avatar_col_count] = $file . "/" . $sub_file; $avatar_col_count++; if( $avatar_col_count == 5 ) --- 842,848 ---- { if( preg_match("/(\.gif$|\.png$|\.jpg)$/is", $sub_file) ) { ! $avatar_images[$file][$avatar_row_count][$avatar_col_count] = $sub_file; $avatar_col_count++; if( $avatar_col_count == 5 ) *************** *** 867,873 **** for($j = 0; $j < count($avatar_images[$category][$i]); $j++) { $template->assign_block_vars("avatar_row.avatar_column", array( ! "AVATAR_IMAGE" => "../" . $board_config['avatar_gallery_path'] . "/" . $avatar_images[$category][$i][$j]) ); $template->assign_block_vars("avatar_row.avatar_option_column", array( --- 887,893 ---- for($j = 0; $j < count($avatar_images[$category][$i]); $j++) { $template->assign_block_vars("avatar_row.avatar_column", array( ! "AVATAR_IMAGE" => "../" . $board_config['avatar_gallery_path'] . '/' . $category . '/' . $avatar_images[$category][$i][$j]) ); $template->assign_block_vars("avatar_row.avatar_option_column", array( *************** *** 878,884 **** $coppa = ( ( !$HTTP_POST_VARS['coppa'] && !$HTTP_GET_VARS['coppa'] ) || $mode == "register") ? 0 : TRUE; ! $s_hidden_fields = ''; $s_hidden_fields .= ''; $s_hidden_fields .= ''; --- 898,904 ---- $coppa = ( ( !$HTTP_POST_VARS['coppa'] && !$HTTP_GET_VARS['coppa'] ) || $mode == "register") ? 0 : TRUE; ! $s_hidden_fields = ''; $s_hidden_fields .= ''; $s_hidden_fields .= ''; *************** *** 934,940 **** if( !empty($user_avatar_local) ) { ! $s_hidden_fields .= ''; } if( $user_avatar_type ) --- 954,960 ---- if( !empty($user_avatar_local) ) { ! $s_hidden_fields .= ''; } if( $user_avatar_type ) diff -crN phpbb2017/admin/admin_words.php phpbb2022/admin/admin_words.php *** phpbb2017/admin/admin_words.php Tue Jul 19 22:14:56 2005 --- phpbb2022/admin/admin_words.php Tue Dec 19 18:29:15 2006 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_words.php,v 1.10.2.3 2004/03/25 15:57:20 acydburn Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_words.php,v 1.10.2.6 2006/04/13 09:56:48 grahamje Exp $ * * ***************************************************************************/ *************** *** 20,44 **** * ***************************************************************************/ - define('IN_PHPBB', 1); - if( !empty($setmodules) ) { $file = basename(__FILE__); ! $module['General']['Word_Censor'] = "$file"; return; } // // Load default header // $phpbb_root_path = "./../"; require($phpbb_root_path . 'extension.inc'); require('./pagestart.' . $phpEx); if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) ) { ! $mode = ($HTTP_GET_VARS['mode']) ? $HTTP_GET_VARS['mode'] : $HTTP_POST_VARS['mode']; $mode = htmlspecialchars($mode); } else --- 20,53 ---- * ***************************************************************************/ if( !empty($setmodules) ) { $file = basename(__FILE__); ! $module['General']['Word_Censor'] = $file; return; } + define('IN_PHPBB', 1); + // // Load default header // $phpbb_root_path = "./../"; require($phpbb_root_path . 'extension.inc'); + + $cancel = ( isset($HTTP_POST_VARS['cancel']) ) ? true : false; + $no_page_header = $cancel; + require('./pagestart.' . $phpEx); + if ($cancel) + { + redirect('admin/' . append_sid("admin_words.$phpEx", true)); + } + if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) ) { ! $mode = (isset($HTTP_GET_VARS['mode'])) ? $HTTP_GET_VARS['mode'] : $HTTP_POST_VARS['mode']; $mode = htmlspecialchars($mode); } else *************** *** 60,65 **** --- 69,77 ---- } } + // Restrict mode input to valid options + $mode = ( in_array($mode, array('add', 'edit', 'save', 'delete')) ) ? $mode : ''; + if( $mode != "" ) { if( $mode == "edit" || $mode == "add" ) *************** *** 70,75 **** --- 82,88 ---- "body" => "admin/words_edit_body.tpl") ); + $word_info = array('word' => '', 'replacement' => ''); $s_hidden_fields = ''; if( $mode == "edit" ) *************** *** 158,164 **** $word_id = 0; } ! if( $word_id ) { $sql = "DELETE FROM " . WORDS_TABLE . " WHERE word_id = $word_id"; --- 171,179 ---- $word_id = 0; } ! $confirm = isset($HTTP_POST_VARS['confirm']); ! ! if( $word_id && $confirm ) { $sql = "DELETE FROM " . WORDS_TABLE . " WHERE word_id = $word_id"; *************** *** 172,177 **** --- 187,212 ---- message_die(GENERAL_MESSAGE, $message); } + elseif( $word_id && !$confirm) + { + // Present the confirmation screen to the user + $template->set_filenames(array( + 'body' => 'admin/confirm_body.tpl') + ); + + $hidden_fields = ''; + + $template->assign_vars(array( + 'MESSAGE_TITLE' => $lang['Confirm'], + 'MESSAGE_TEXT' => $lang['Confirm_delete_word'], + + 'L_YES' => $lang['Yes'], + 'L_NO' => $lang['No'], + + 'S_CONFIRM_ACTION' => append_sid("admin_words.$phpEx"), + 'S_HIDDEN_FIELDS' => $hidden_fields) + ); + } else { message_die(GENERAL_MESSAGE, $lang['No_word_selected']); *************** *** 193,198 **** --- 228,234 ---- } $word_rows = $db->sql_fetchrowset($result); + $db->sql_freeresult($result); $word_count = count($word_rows); $template->assign_vars(array( diff -crN phpbb2017/admin/index.php phpbb2022/admin/index.php *** phpbb2017/admin/index.php Tue Jul 19 22:14:56 2005 --- phpbb2022/admin/index.php Tue Dec 19 18:29:15 2006 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: index.php,v 1.40.2.7 2005/02/21 18:37:02 acydburn Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: index.php,v 1.40.2.10 2005/12/04 12:55:28 grahamje Exp $ * * ***************************************************************************/ *************** *** 60,66 **** { if( preg_match("/^admin_.*?\." . $phpEx . "$/", $file) ) { ! include($file); } } --- 60,66 ---- { if( preg_match("/^admin_.*?\." . $phpEx . "$/", $file) ) { ! include('./' . $file); } } *************** *** 234,242 **** $row = $db->sql_fetchrow($result); $version = $row['mysql_version']; ! if( preg_match("/^(3\.23|4\.)/", $version) ) { ! $db_name = ( preg_match("/^(3\.23\.[6-9])|(3\.23\.[1-9][1-9])|(4\.)/", $version) ) ? "`$dbname`" : $dbname; $sql = "SHOW TABLE STATUS FROM " . $db_name; --- 234,242 ---- $row = $db->sql_fetchrow($result); $version = $row['mysql_version']; ! if( preg_match("/^(3\.23|4\.|5\.)/", $version) ) { ! $db_name = ( preg_match("/^(3\.23\.[6-9])|(3\.23\.[1-9][1-9])|(4\.)|(5\.)/", $version) ) ? "`$dbname`" : $dbname; $sql = "SHOW TABLE STATUS FROM " . $db_name; *************** *** 567,573 **** $errno = 0; $errstr = $version_info = ''; ! if ($fsock = @fsockopen('www.phpbb.com', 80, $errno, $errstr)) { @fputs($fsock, "GET /updatecheck/20x.txt HTTP/1.1\r\n"); @fputs($fsock, "HOST: www.phpbb.com\r\n"); --- 567,573 ---- $errno = 0; $errstr = $version_info = ''; ! if ($fsock = @fsockopen('www.phpbb.com', 80, $errno, $errstr, 10)) { @fputs($fsock, "GET /updatecheck/20x.txt HTTP/1.1\r\n"); @fputs($fsock, "HOST: www.phpbb.com\r\n"); *************** *** 602,608 **** else { $version_info = '

' . $lang['Version_not_up_to_date']; ! $version_info .= '
' . sprintf($lang['Latest_version_info'], $latest_version) . sprintf($lang['Current_version_info'], '2' . $board_config['version']) . '

'; } } else --- 602,608 ---- else { $version_info = '

' . $lang['Version_not_up_to_date']; ! $version_info .= '
' . sprintf($lang['Latest_version_info'], $latest_version) . ' ' . sprintf($lang['Current_version_info'], '2' . $board_config['version']) . '

'; } } else diff -crN phpbb2017/admin/page_footer_admin.php phpbb2022/admin/page_footer_admin.php *** phpbb2017/admin/page_footer_admin.php Tue Jul 19 22:14:56 2005 --- phpbb2022/admin/page_footer_admin.php Tue Dec 19 18:29:15 2006 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: page_footer_admin.php,v 1.9.2.3 2005/04/15 20:15:47 acydburn Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: page_footer_admin.php,v 1.9.2.5 2005/09/19 20:49:06 grahamje Exp $ * * ***************************************************************************/ *************** *** 25,30 **** --- 25,32 ---- die("Hacking attempt"); } + global $do_gzip_compress; + // // Show the overall footer. // *************** *** 34,40 **** $template->assign_vars(array( 'PHPBB_VERSION' => ($userdata['user_level'] == ADMIN && $userdata['user_id'] != ANONYMOUS) ? '2' . $board_config['version'] : '', ! 'TRANSLATION_INFO' => $lang['TRANSLATION_INFO']) ); $template->pparse('page_footer'); --- 36,42 ---- $template->assign_vars(array( 'PHPBB_VERSION' => ($userdata['user_level'] == ADMIN && $userdata['user_id'] != ANONYMOUS) ? '2' . $board_config['version'] : '', ! 'TRANSLATION_INFO' => (isset($lang['TRANSLATION_INFO'])) ? $lang['TRANSLATION_INFO'] : ((isset($lang['TRANSLATION'])) ? $lang['TRANSLATION'] : '')) ); $template->pparse('page_footer'); diff -crN phpbb2017/admin/page_header_admin.php phpbb2022/admin/page_header_admin.php *** phpbb2017/admin/page_header_admin.php Tue Jul 19 22:14:56 2005 --- phpbb2022/admin/page_header_admin.php Tue Dec 19 18:29:15 2006 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: page_header_admin.php,v 1.12.2.6 2005/03/26 14:15:59 acydburn Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: page_header_admin.php,v 1.12.2.7 2006/01/29 21:19:02 grahamje Exp $ * * ***************************************************************************/ *************** *** 132,137 **** --- 132,149 ---- 'T_SPAN_CLASS3' => $theme['span_class3']) ); + // Work around for "current" Apache 2 + PHP module which seems to not + // cope with private cache control setting + if (!empty($HTTP_SERVER_VARS['SERVER_SOFTWARE']) && strstr($HTTP_SERVER_VARS['SERVER_SOFTWARE'], 'Apache/2')) + { + header ('Cache-Control: no-cache, pre-check=0, post-check=0'); + } + else + { + header ('Cache-Control: private, pre-check=0, post-check=0, max-age=0'); + } + header ('Expires: 0'); + header ('Pragma: no-cache'); $template->pparse('header'); diff -crN phpbb2017/admin/pagestart.php phpbb2022/admin/pagestart.php *** phpbb2017/admin/pagestart.php Tue Jul 19 22:14:56 2005 --- phpbb2022/admin/pagestart.php Tue Dec 19 18:29:15 2006 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: pagestart.php,v 1.1.2.9 2005/06/26 14:39:30 acydburn Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: pagestart.php,v 1.1.2.10 2006/01/22 17:11:09 grahamje Exp $ * * ***************************************************************************/ *************** *** 49,61 **** if ($HTTP_GET_VARS['sid'] != $userdata['session_id']) { - $url = str_replace(preg_replace('#^\/?(.*?)\/?$#', '\1', trim($board_config['server_name'])), '', $HTTP_SERVER_VARS['REQUEST_URI']); - $url = str_replace(preg_replace('#^\/?(.*?)\/?$#', '\1', trim($board_config['script_path'])), '', $url); - $url = str_replace('//', '/', $url); - $url = preg_replace('/sid=([^&]*)(&?)/i', '', $url); - $url = preg_replace('/\?$/', '', $url); - $url .= ((strpos($url, '?')) ? '&' : '?') . 'sid=' . $userdata['session_id']; - redirect("index.$phpEx?sid=" . $userdata['session_id']); } --- 49,54 ---- diff -crN phpbb2017/common.php phpbb2022/common.php *** phpbb2017/common.php Tue Jul 19 22:14:58 2005 --- phpbb2022/common.php Tue Dec 19 18:29:16 2006 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: common.php,v 1.74.2.17 2005/02/21 19:29:30 acydburn Exp $ * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: common.php,v 1.74.2.25 2006/05/26 17:46:59 grahamje Exp $ * ***************************************************************************/ *************** *** 28,37 **** error_reporting (E_ERROR | E_WARNING | E_PARSE); // This will NOT report uninitialized variables set_magic_quotes_runtime(0); // Disable magic_quotes_runtime ! // The following code (unsetting globals) was contributed by Matt Kavanagh // PHP5 with register_long_arrays off? ! if (!isset($HTTP_POST_VARS) && isset($_POST)) { $HTTP_POST_VARS = $_POST; $HTTP_GET_VARS = $_GET; --- 28,38 ---- error_reporting (E_ERROR | E_WARNING | E_PARSE); // This will NOT report uninitialized variables set_magic_quotes_runtime(0); // Disable magic_quotes_runtime ! // The following code (unsetting globals) ! // Thanks to Matt Kavanagh and Stefan Esser for providing feedback as well as patch files // PHP5 with register_long_arrays off? ! if (@phpversion() >= '5.0.0' && (!@ini_get('register_long_arrays') || @ini_get('register_long_arrays') == '0' || strtolower(@ini_get('register_long_arrays')) == 'off')) { $HTTP_POST_VARS = $_POST; $HTTP_GET_VARS = $_GET; *************** *** 47,75 **** } } ! if (@phpversion() < '4.0.0') { ! // PHP3 path; in PHP3, globals are _always_ registered ! ! // We 'flip' the array of variables to test like this so that ! // we can validate later with isset($test[$var]) (no in_array()) ! $test = array('HTTP_GET_VARS' => NULL, 'HTTP_POST_VARS' => NULL, 'HTTP_COOKIE_VARS' => NULL, 'HTTP_SERVER_VARS' => NULL, 'HTTP_ENV_VARS' => NULL, 'HTTP_POST_FILES' => NULL, 'phpEx' => NULL, 'phpbb_root_path' => NULL); ! ! // Loop through each input array ! @reset($test); ! while (list($input,) = @each($test)) ! { ! while (list($var,) = @each($$input)) ! { ! // Validate the variable to be unset ! if (!isset($test[$var]) && $var != 'test' && $var != 'input') ! { ! unset($$var); ! } ! } ! } } ! else if (@ini_get('register_globals') == '1' || strtolower(@ini_get('register_globals')) == 'on') { // PHP4+ path $not_unset = array('HTTP_GET_VARS', 'HTTP_POST_VARS', 'HTTP_COOKIE_VARS', 'HTTP_SERVER_VARS', 'HTTP_SESSION_VARS', 'HTTP_ENV_VARS', 'HTTP_POST_FILES', 'phpEx', 'phpbb_root_path'); --- 48,66 ---- } } ! // Protect against GLOBALS tricks ! if (isset($HTTP_POST_VARS['GLOBALS']) || isset($HTTP_POST_FILES['GLOBALS']) || isset($HTTP_GET_VARS['GLOBALS']) || isset($HTTP_COOKIE_VARS['GLOBALS'])) { ! die("Hacking attempt"); } ! ! // Protect against HTTP_SESSION_VARS tricks ! if (isset($HTTP_SESSION_VARS) && !is_array($HTTP_SESSION_VARS)) ! { ! die("Hacking attempt"); ! } ! ! if (@ini_get('register_globals') == '1' || strtolower(@ini_get('register_globals')) == 'on') { // PHP4+ path $not_unset = array('HTTP_GET_VARS', 'HTTP_POST_VARS', 'HTTP_COOKIE_VARS', 'HTTP_SERVER_VARS', 'HTTP_SESSION_VARS', 'HTTP_ENV_VARS', 'HTTP_POST_FILES', 'phpEx', 'phpbb_root_path'); *************** *** 77,83 **** // Not only will array_merge give a warning if a parameter // is not an array, it will actually fail. So we check if // HTTP_SESSION_VARS has been initialised. ! if (!isset($HTTP_SESSION_VARS)) { $HTTP_SESSION_VARS = array(); } --- 68,74 ---- // Not only will array_merge give a warning if a parameter // is not an array, it will actually fail. So we check if // HTTP_SESSION_VARS has been initialised. ! if (!isset($HTTP_SESSION_VARS) || !is_array($HTTP_SESSION_VARS)) { $HTTP_SESSION_VARS = array(); } *************** *** 91,102 **** while (list($var,) = @each($input)) { ! if (!in_array($var, $not_unset)) { ! unset($$var); } } ! unset($input); } --- 82,94 ---- while (list($var,) = @each($input)) { ! if (in_array($var, $not_unset)) { ! die('Hacking attempt!'); } + unset($$var); } ! unset($input); } *************** *** 179,191 **** $images = array(); $lang = array(); $nav_links = array(); $gen_simple_header = FALSE; include($phpbb_root_path . 'config.'.$phpEx); if( !defined("PHPBB_INSTALLED") ) { ! header("Location: install/install.$phpEx"); exit; } --- 171,184 ---- $images = array(); $lang = array(); $nav_links = array(); + $dss_seeded = false; $gen_simple_header = FALSE; include($phpbb_root_path . 'config.'.$phpEx); if( !defined("PHPBB_INSTALLED") ) { ! header('Location: ' . $phpbb_root_path . 'install/install.' . $phpEx); exit; } *************** *** 196,201 **** --- 189,197 ---- include($phpbb_root_path . 'includes/functions.'.$phpEx); include($phpbb_root_path . 'includes/db.'.$phpEx); + // We do not need this any longer, unset for safety purposes + unset($dbpasswd); + // // Obtain and encode users IP // *************** *** 226,232 **** if (file_exists('install') || file_exists('contrib')) { ! message_die(GENERAL_MESSAGE, 'Please ensure both the install/ and contrib/ directories are deleted'); } // --- 222,228 ---- if (file_exists('install') || file_exists('contrib')) { ! message_die(GENERAL_MESSAGE, 'Please_remove_install_contrib'); } // diff -crN phpbb2017/db/mssql.php phpbb2022/db/mssql.php *** phpbb2017/db/mssql.php Tue Jul 19 22:14:56 2005 --- phpbb2022/db/mssql.php Tue Dec 19 18:29:15 2006 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : supportphpbb.com * ! * $Id: mssql.php,v 1.22.2.2 2002/12/21 18:31:53 psotfx Exp $ * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : supportphpbb.com * ! * $Id: mssql.php,v 1.22.2.4 2006/03/09 19:57:37 grahamje Exp $ * ***************************************************************************/ *************** *** 289,295 **** while( list($key, $value) = @each($row) ) { ! $row[$key] = stripslashes($value); } @reset($row); --- 289,295 ---- while( list($key, $value) = @each($row) ) { ! $row[$key] = ($value === ' ') ? '' : stripslashes($value); } @reset($row); *************** *** 317,323 **** { while( list($key, $value) = @each($row) ) { ! $rowset[$i][$key] = stripslashes($value); } $i++; } --- 317,323 ---- { while( list($key, $value) = @each($row) ) { ! $rowset[$i][$key] = ($value === ' ') ? '' : stripslashes($value); } $i++; } *************** *** 356,362 **** if( empty($this->row[$query_id]) ) { $this->row[$query_id] = @mssql_fetch_array($query_id); ! $result = stripslashes($this->row[$query_id][$field]); } } --- 356,362 ---- if( empty($this->row[$query_id]) ) { $this->row[$query_id] = @mssql_fetch_array($query_id); ! $result = ($this->row[$query_id][$field] === ' ') ? '' : stripslashes($this->row[$query_id][$field]); } } diff -crN phpbb2017/db/mysql.php phpbb2022/db/mysql.php *** phpbb2017/db/mysql.php Tue Jul 19 22:14:56 2005 --- phpbb2022/db/mysql.php Tue Dec 19 18:29:15 2006 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: mysql.php,v 1.16 2002/03/19 01:07:36 psotfx Exp $ * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: mysql.php,v 1.16.2.1 2005/09/18 16:17:20 acydburn Exp $ * ***************************************************************************/ *************** *** 259,265 **** { if($this->rowset[$query_id]) { ! $result = $this->rowset[$query_id][$field]; } else if($this->row[$query_id]) { --- 259,265 ---- { if($this->rowset[$query_id]) { ! $result = $this->rowset[$query_id][0][$field]; } else if($this->row[$query_id]) { diff -crN phpbb2017/db/mysql4.php phpbb2022/db/mysql4.php *** phpbb2017/db/mysql4.php Tue Jul 19 22:14:56 2005 --- phpbb2022/db/mysql4.php Tue Dec 19 18:29:15 2006 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : supportphpbb.com * ! * $Id: mysql4.php,v 1.5 2002/04/02 21:13:47 the_systech Exp $ * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : supportphpbb.com * ! * $Id: mysql4.php,v 1.5.2.1 2005/09/18 16:17:20 acydburn Exp $ * ***************************************************************************/ *************** *** 271,277 **** { if( $this->rowset[$query_id] ) { ! $result = $this->rowset[$query_id][$field]; } else if( $this->row[$query_id] ) { --- 271,277 ---- { if( $this->rowset[$query_id] ) { ! $result = $this->rowset[$query_id][0][$field]; } else if( $this->row[$query_id] ) { diff -crN phpbb2017/groupcp.php phpbb2022/groupcp.php *** phpbb2017/groupcp.php Tue Jul 19 22:14:58 2005 --- phpbb2022/groupcp.php Tue Dec 19 18:29:16 2006 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: groupcp.php,v 1.58.2.23 2005/05/06 20:50:10 acydburn Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: groupcp.php,v 1.58.2.27 2006/12/16 13:11:24 acydburn Exp $ * * ***************************************************************************/ *************** *** 99,107 **** $yim_img = ( $row['user_yim'] ) ? '' . $lang['YIM'] . '' : ''; $yim = ( $row['user_yim'] ) ? '' . $lang['YIM'] . '' : ''; ! $temp_url = append_sid("search.$phpEx?search_author=" . urlencode($username) . "&showresults=posts"); ! $search_img = '' . $lang['Search_user_posts'] . ''; ! $search = '' . $lang['Search_user_posts'] . ''; return; } --- 99,107 ---- $yim_img = ( $row['user_yim'] ) ? '' . $lang['YIM'] . '' : ''; $yim = ( $row['user_yim'] ) ? '' . $lang['YIM'] . '' : ''; ! $temp_url = append_sid("search.$phpEx?search_author=" . urlencode($row['username']) . "&showresults=posts"); ! $search_img = '' . sprintf($lang['Search_user_posts'], $row['username']) . ''; ! $search = '' . sprintf($lang['Search_user_posts'], $row['username']) . ''; return; } *************** *** 148,153 **** --- 148,154 ---- $cancel = ( isset($HTTP_POST_VARS['cancel']) ) ? TRUE : 0; $start = ( isset($HTTP_GET_VARS['start']) ) ? intval($HTTP_GET_VARS['start']) : 0; + $start = ($start < 0) ? 0 : $start; // // Default var values *************** *** 418,438 **** FROM " . AUTH_ACCESS_TABLE . " aa WHERE aa.group_id = g.group_id ) ! )"; break; case 'oracle': $sql = "SELECT g.group_moderator, g.group_type, aa.auth_mod FROM " . GROUPS_TABLE . " g, " . AUTH_ACCESS_TABLE . " aa WHERE g.group_id = $group_id ! AND aa.group_id (+) = g.group_id"; break; default: $sql = "SELECT g.group_moderator, g.group_type, aa.auth_mod FROM ( " . GROUPS_TABLE . " g LEFT JOIN " . AUTH_ACCESS_TABLE . " aa ON aa.group_id = g.group_id ) ! WHERE g.group_id = $group_id"; break; } if ( !($result = $db->sql_query($sql)) ) --- 419,442 ---- FROM " . AUTH_ACCESS_TABLE . " aa WHERE aa.group_id = g.group_id ) ! ) ! ORDER BY aa.auth_mod DESC"; break; case 'oracle': $sql = "SELECT g.group_moderator, g.group_type, aa.auth_mod FROM " . GROUPS_TABLE . " g, " . AUTH_ACCESS_TABLE . " aa WHERE g.group_id = $group_id ! AND aa.group_id (+) = g.group_id ! ORDER BY aa.auth_mod DESC"; break; default: $sql = "SELECT g.group_moderator, g.group_type, aa.auth_mod FROM ( " . GROUPS_TABLE . " g LEFT JOIN " . AUTH_ACCESS_TABLE . " aa ON aa.group_id = g.group_id ) ! WHERE g.group_id = $group_id ! ORDER BY aa.auth_mod DESC"; break; } if ( !($result = $db->sql_query($sql)) ) *************** *** 1218,1223 **** --- 1222,1228 ---- // // Load and process templates // + $page_title = $lang['Group_Control_Panel']; include($phpbb_root_path . 'includes/page_header.'.$phpEx); $template->set_filenames(array( diff -crN phpbb2017/includes/auth.php phpbb2022/includes/auth.php *** phpbb2017/includes/auth.php Tue Jul 19 22:14:56 2005 --- phpbb2022/includes/auth.php Tue Dec 19 18:29:15 2006 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: auth.php,v 1.37.2.5 2004/03/01 16:49:03 psotfx Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: auth.php,v 1.37.2.7 2006/03/06 17:28:51 grahamje Exp $ * * ***************************************************************************/ *************** *** 234,239 **** --- 234,240 ---- { $value = $f_access[$k][$key]; $f_forum_id = $f_access[$k]['forum_id']; + $u_access[$f_forum_id] = isset($u_access[$f_forum_id]) ? $u_access[$f_forum_id] : array(); switch( $value ) { *************** *** 282,287 **** --- 283,289 ---- for($k = 0; $k < count($f_access); $k++) { $f_forum_id = $f_access[$k]['forum_id']; + $u_access[$f_forum_id] = isset($u_access[$f_forum_id]) ? $u_access[$f_forum_id] : array(); $auth_user[$f_forum_id]['auth_mod'] = ( $userdata['session_logged_in'] ) ? auth_check_user(AUTH_MOD, 'auth_mod', $u_access[$f_forum_id], $is_admin) : 0; } diff -crN phpbb2017/includes/bbcode.php phpbb2022/includes/bbcode.php *** phpbb2017/includes/bbcode.php Tue Jul 19 22:14:56 2005 --- phpbb2022/includes/bbcode.php Tue Dec 19 18:29:15 2006 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: bbcode.php,v 1.36.2.35 2005/07/19 20:01:10 acydburn Exp $ * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: bbcode.php,v 1.36.2.41 2006/02/26 17:34:50 grahamje Exp $ * ***************************************************************************/ *************** *** 196,210 **** // [img]image_url_here[/img] code.. // This one gets first-passed.. ! $patterns[] = "#\[img:$uid\]([^?].*?)\[/img:$uid\]#i"; $replacements[] = $bbcode_tpl['img']; // matches a [url]xxxx://www.phpbb.com[/url] code.. ! $patterns[] = "#\[url\]([\w]+?://[\w\#$%&~/.\-;:=,?@\[\]+]*?)\[/url\]#is"; $replacements[] = $bbcode_tpl['url1']; // [url]www.phpbb.com[/url] code.. (no xxxx:// prefix). ! $patterns[] = "#\[url\]((www|ftp)\.[\w\#$%&~/.\-;:=,?@\[\]+]*?)\[/url\]#is"; $replacements[] = $bbcode_tpl['url2']; // [url=xxxx://www.phpbb.com]phpBB[/url] code.. --- 196,210 ---- // [img]image_url_here[/img] code.. // This one gets first-passed.. ! $patterns[] = "#\[img:$uid\]([^?](?:[^\[]+|\[(?!url))*?)\[/img:$uid\]#i"; $replacements[] = $bbcode_tpl['img']; // matches a [url]xxxx://www.phpbb.com[/url] code.. ! $patterns[] = "#\[url\]([\w]+?://([\w\#$%&~/.\-;:=,?@\]+]+|\[(?!url=))*?)\[/url\]#is"; $replacements[] = $bbcode_tpl['url1']; // [url]www.phpbb.com[/url] code.. (no xxxx:// prefix). ! $patterns[] = "#\[url\]((www|ftp)\.([\w\#$%&~/.\-;:=,?@\]+]+|\[(?!url=))*?)\[/url\]#is"; $replacements[] = $bbcode_tpl['url2']; // [url=xxxx://www.phpbb.com]phpBB[/url] code.. *************** *** 235,241 **** { // Unique ID for this message.. ! $uid = md5(mt_rand()); $uid = substr($uid, 0, BBCODE_UID_LEN); return $uid; --- 235,241 ---- { // Unique ID for this message.. ! $uid = dss_rand(); $uid = substr($uid, 0, BBCODE_UID_LEN); return $uid; *************** *** 252,258 **** // [QUOTE] and [/QUOTE] for posting replies with quote, or just for quoting stuff. $text = bbencode_first_pass_pda($text, $uid, '[quote]', '[/quote]', '', false, ''); ! $text = bbencode_first_pass_pda($text, $uid, '/\[quote=(\\\".*?\\\")\]/is', '[/quote]', '', false, '', "[quote:$uid=\\1]"); // [list] and [list=x] for (un)ordered lists. $open_tag = array(); --- 252,258 ---- // [QUOTE] and [/QUOTE] for posting replies with quote, or just for quoting stuff. $text = bbencode_first_pass_pda($text, $uid, '[quote]', '[/quote]', '', false, ''); ! $text = bbencode_first_pass_pda($text, $uid, '/\[quote=\\\\"(.*?)\\\\"\]/is', '[/quote]', '', false, '', "[quote:$uid=\\\"\\1\\\"]"); // [list] and [list=x] for (un)ordered lists. $open_tag = array(); *************** *** 389,403 **** // // We're going to try and catch usernames with "[' characters. // ! if( preg_match('#\[quote=\\\"#si', $possible_start, $match) && !preg_match('#\[quote=\\\"(.*?)\\\"\]#si', $possible_start) ) { // OK we are in a quote tag that probably contains a ] bracket. // Grab a bit more of the string to hopefully get all of it.. ! if ($close_pos = strpos($text, '"]', $curr_pos + 9)) { ! if (strpos(substr($text, $curr_pos + 9, $close_pos - ($curr_pos + 9)), '[quote') === false) { ! $possible_start = substr($text, $curr_pos, $close_pos - $curr_pos + 2); } } } --- 389,403 ---- // // We're going to try and catch usernames with "[' characters. // ! if( preg_match('#\[quote=\\\"#si', $possible_start, $match) && !preg_match('#\[quote=\\\"(.*?)\\\"\]#si', $possible_start) ) { // OK we are in a quote tag that probably contains a ] bracket. // Grab a bit more of the string to hopefully get all of it.. ! if ($close_pos = strpos($text, '"]', $curr_pos + 14)) { ! if (strpos(substr($text, $curr_pos + 14, $close_pos - ($curr_pos + 14)), '[quote') === false) { ! $possible_start = substr($text, $curr_pos, $close_pos - $curr_pos + 7); } } } *************** *** 432,438 **** // We have an opening tag. // Push its position, the text we matched, and its index in the open_tag array on to the stack, and then keep going to the right. $match = array("pos" => $curr_pos, "tag" => $which_start_tag, "index" => $start_tag_index); ! bbcode_array_push($stack, $match); // // Rather than just increment $curr_pos // Set it to the ending of the tag we just found --- 432,438 ---- // We have an opening tag. // Push its position, the text we matched, and its index in the open_tag array on to the stack, and then keep going to the right. $match = array("pos" => $curr_pos, "tag" => $which_start_tag, "index" => $start_tag_index); ! array_push($stack, $match); // // Rather than just increment $curr_pos // Set it to the ending of the tag we just found *************** *** 454,460 **** // There exists a starting tag. $curr_nesting_depth = sizeof($stack); // We need to do 2 replacements now. ! $match = bbcode_array_pop($stack); $start_index = $match['pos']; $start_tag = $match['tag']; $start_length = strlen($start_tag); --- 454,460 ---- // There exists a starting tag. $curr_nesting_depth = sizeof($stack); // We need to do 2 replacements now. ! $match = array_pop($stack); $start_index = $match['pos']; $start_tag = $match['tag']; $start_length = strlen($start_tag); *************** *** 520,526 **** // otherwise, we go back to the start. if (sizeof($stack) > 0) { ! $match = bbcode_array_pop($stack); $curr_pos = $match['pos']; // bbcode_array_push($stack, $match); // ++$curr_pos; --- 520,526 ---- // otherwise, we go back to the start. if (sizeof($stack) > 0) { ! $match = array_pop($stack); $curr_pos = $match['pos']; // bbcode_array_push($stack, $match); // ++$curr_pos; *************** *** 700,705 **** --- 700,706 ---- * This function does exactly what the PHP4 function array_push() does * however, to keep phpBB compatable with PHP 3 we had to come up with our own * method of doing it. + * This function was deprecated in phpBB 2.0.18 */ function bbcode_array_push(&$stack, $value) { *************** *** 711,716 **** --- 712,718 ---- * This function does exactly what the PHP4 function array_pop() does * however, to keep phpBB compatable with PHP 3 we had to come up with our own * method of doing it. + * This function was deprecated in phpBB 2.0.18 */ function bbcode_array_pop(&$stack) { *************** *** 761,767 **** for ($i = 0; $i < count($smilies); $i++) { ! $orig[] = "/(?<=.\W|\W.|^\W)" . phpbb_preg_quote($smilies[$i]['code'], "/") . "(?=.\W|\W.|\W$)/"; $repl[] = '' . $smilies[$i]['emoticon'] . ''; } } --- 763,769 ---- for ($i = 0; $i < count($smilies); $i++) { ! $orig[] = "/(?<=.\W|\W.|^\W)" . preg_quote($smilies[$i]['code'], "/") . "(?=.\W|\W.|\W$)/"; $repl[] = '' . $smilies[$i]['emoticon'] . ''; } } diff -crN phpbb2017/includes/constants.php phpbb2022/includes/constants.php *** phpbb2017/includes/constants.php Tue Jul 19 22:14:56 2005 --- phpbb2022/includes/constants.php Tue Dec 19 18:29:15 2006 *************** *** 6,12 **** * copyright : ('C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: constants.php,v 1.47.2.5 2004/11/18 17:49:42 acydburn Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : ('C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: constants.php,v 1.47.2.6 2005/10/30 15:17:14 acydburn Exp $ * * ***************************************************************************/ *************** *** 167,172 **** --- 167,173 ---- define('SEARCH_WORD_TABLE', $table_prefix.'search_wordlist'); define('SEARCH_MATCH_TABLE', $table_prefix.'search_wordmatch'); define('SESSIONS_TABLE', $table_prefix.'sessions'); + define('SESSIONS_KEYS_TABLE', $table_prefix.'sessions_keys'); define('SMILIES_TABLE', $table_prefix.'smilies'); define('THEMES_TABLE', $table_prefix.'themes'); define('THEMES_NAME_TABLE', $table_prefix.'themes_name'); diff -crN phpbb2017/includes/db.php phpbb2022/includes/db.php *** phpbb2017/includes/db.php Tue Jul 19 22:14:56 2005 --- phpbb2022/includes/db.php Tue Dec 19 18:29:15 2006 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: db.php,v 1.10 2002/03/18 13:35:22 psotfx Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: db.php,v 1.10.2.3 2005/10/30 15:17:14 acydburn Exp $ * * ***************************************************************************/ *************** *** 60,66 **** $db = new sql_db($dbhost, $dbuser, $dbpasswd, $dbname, false); if(!$db->db_connect_id) { ! message_die(CRITICAL_ERROR, "Could not connect to the database"); } ?> \ No newline at end of file --- 60,66 ---- $db = new sql_db($dbhost, $dbuser, $dbpasswd, $dbname, false); if(!$db->db_connect_id) { ! message_die(CRITICAL_ERROR, "Could not connect to the database"); } ?> \ No newline at end of file diff -crN phpbb2017/includes/emailer.php phpbb2022/includes/emailer.php *** phpbb2017/includes/emailer.php Tue Jul 19 22:14:56 2005 --- phpbb2022/includes/emailer.php Tue Dec 19 18:29:15 2006 *************** *** 6,12 **** copyright : (C) 2001 The phpBB Group email : support@phpbb.com ! $Id: emailer.php,v 1.15.2.34 2003/07/26 11:41:35 acydburn Exp $ ***************************************************************************/ --- 6,12 ---- copyright : (C) 2001 The phpBB Group email : support@phpbb.com ! $Id: emailer.php,v 1.15.2.35 2005/10/05 17:42:04 grahamje Exp $ ***************************************************************************/ *************** *** 164,170 **** if (preg_match('#^(Subject:(.*?))$#m', $this->msg, $match)) { $this->subject = (trim($match[2]) != '') ? trim($match[2]) : (($this->subject != '') ? $this->subject : 'No Subject'); ! $drop_header .= '[\r\n]*?' . phpbb_preg_quote($match[1], '#'); } else { --- 164,170 ---- if (preg_match('#^(Subject:(.*?))$#m', $this->msg, $match)) { $this->subject = (trim($match[2]) != '') ? trim($match[2]) : (($this->subject != '') ? $this->subject : 'No Subject'); ! $drop_header .= '[\r\n]*?' . preg_quote($match[1], '#'); } else { *************** *** 174,180 **** if (preg_match('#^(Charset:(.*?))$#m', $this->msg, $match)) { $this->encoding = (trim($match[2]) != '') ? trim($match[2]) : trim($lang['ENCODING']); ! $drop_header .= '[\r\n]*?' . phpbb_preg_quote($match[1], '#'); } else { --- 174,180 ---- if (preg_match('#^(Charset:(.*?))$#m', $this->msg, $match)) { $this->encoding = (trim($match[2]) != '') ? trim($match[2]) : trim($lang['ENCODING']); ! $drop_header .= '[\r\n]*?' . preg_quote($match[1], '#'); } else { *************** *** 261,267 **** $str = chunk_split(base64_encode($str), $length, $spacer); // remove trailing spacer and add start and end delimiters ! $str = preg_replace('#' . phpbb_preg_quote($spacer, '#') . '$#', '', $str); return $start . $str . $end; } --- 261,267 ---- $str = chunk_split(base64_encode($str), $length, $spacer); // remove trailing spacer and add start and end delimiters ! $str = preg_replace('#' . preg_quote($spacer, '#') . '$#', '', $str); return $start . $str . $end; } diff -crN phpbb2017/includes/functions.php phpbb2022/includes/functions.php *** phpbb2017/includes/functions.php Tue Jul 19 22:14:56 2005 --- phpbb2022/includes/functions.php Tue Dec 19 18:29:15 2006 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: functions.php,v 1.133.2.35 2005/07/19 20:01:11 acydburn Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: functions.php,v 1.133.2.48 2006/12/16 13:11:26 acydburn Exp $ * * ***************************************************************************/ *************** *** 78,89 **** function phpbb_clean_username($username) { $username = substr(htmlspecialchars(str_replace("\'", "'", trim($username))), 0, 25); ! $username = phpbb_rtrim($username, "\\"); $username = str_replace("'", "\'", $username); return $username; } // added at phpBB 2.0.12 to fix a bug in PHP 4.3.10 (only supporting charlist in php >= 4.1.0) function phpbb_rtrim($str, $charlist = false) { --- 78,118 ---- function phpbb_clean_username($username) { $username = substr(htmlspecialchars(str_replace("\'", "'", trim($username))), 0, 25); ! $username = phpbb_rtrim($username, "\\"); $username = str_replace("'", "\'", $username); return $username; } + /** + * This function is a wrapper for ltrim, as charlist is only supported in php >= 4.1.0 + * Added in phpBB 2.0.18 + */ + function phpbb_ltrim($str, $charlist = false) + { + if ($charlist === false) + { + return ltrim($str); + } + + $php_version = explode('.', PHP_VERSION); + + // php version < 4.1.0 + if ((int) $php_version[0] < 4 || ((int) $php_version[0] == 4 && (int) $php_version[1] < 1)) + { + while ($str{0} == $charlist) + { + $str = substr($str, 1); + } + } + else + { + $str = ltrim($str, $charlist); + } + + return $str; + } + // added at phpBB 2.0.12 to fix a bug in PHP 4.3.10 (only supporting charlist in php >= 4.1.0) function phpbb_rtrim($str, $charlist = false) { *************** *** 110,115 **** --- 139,175 ---- return $str; } + /** + * Our own generator of random values + * This uses a constantly changing value as the base for generating the values + * The board wide setting is updated once per page if this code is called + * With thanks to Anthrax101 for the inspiration on this one + * Added in phpBB 2.0.20 + */ + function dss_rand() + { + global $db, $board_config, $dss_seeded; + + $val = $board_config['rand_seed'] . microtime(); + $val = md5($val); + $board_config['rand_seed'] = md5($board_config['rand_seed'] . $val . 'a'); + + if($dss_seeded !== true) + { + $sql = "UPDATE " . CONFIG_TABLE . " SET + config_value = '" . $board_config['rand_seed'] . "' + WHERE config_name = 'rand_seed'"; + + if( !$db->sql_query($sql) ) + { + message_die(GENERAL_ERROR, "Unable to reseed PRNG", "", __LINE__, __FILE__, $sql); + } + + $dss_seeded = true; + } + + return substr($val, 4, 16); + } // // Get Userdata, $user can be username or user_id. If force_str is true, the username will be forced. // *************** *** 129,135 **** $sql = "SELECT * FROM " . USERS_TABLE . " WHERE "; ! $sql .= ( ( is_integer($user) ) ? "user_id = $user" : "username = '" . $user . "'" ) . " AND user_id <> " . ANONYMOUS; if ( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, 'Tried obtaining data for a non-existent user', '', __LINE__, __FILE__, $sql); --- 189,195 ---- $sql = "SELECT * FROM " . USERS_TABLE . " WHERE "; ! $sql .= ( ( is_integer($user) ) ? "user_id = $user" : "username = '" . str_replace("\'", "''", $user) . "'" ) . " AND user_id <> " . ANONYMOUS; if ( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, 'Tried obtaining data for a non-existent user', '', __LINE__, __FILE__, $sql); *************** *** 249,262 **** function init_userprefs($userdata) { global $board_config, $theme, $images; ! global $template, $lang, $phpEx, $phpbb_root_path; global $nav_links; if ( $userdata['user_id'] != ANONYMOUS ) { if ( !empty($userdata['user_lang'])) { ! $board_config['default_lang'] = $userdata['user_lang']; } if ( !empty($userdata['user_dateformat']) ) --- 309,322 ---- function init_userprefs($userdata) { global $board_config, $theme, $images; ! global $template, $lang, $phpEx, $phpbb_root_path, $db; global $nav_links; if ( $userdata['user_id'] != ANONYMOUS ) { if ( !empty($userdata['user_lang'])) { ! $default_lang = phpbb_ltrim(basename(phpbb_rtrim($userdata['user_lang'])), "'"); } if ( !empty($userdata['user_dateformat']) ) *************** *** 269,279 **** $board_config['board_timezone'] = $userdata['user_timezone']; } } ! if ( !file_exists(@phpbb_realpath($phpbb_root_path . 'language/lang_' . $board_config['default_lang'] . '/lang_main.'.$phpEx)) ) { ! $board_config['default_lang'] = 'english'; } include($phpbb_root_path . 'language/lang_' . $board_config['default_lang'] . '/lang_main.' . $phpEx); --- 329,388 ---- $board_config['board_timezone'] = $userdata['user_timezone']; } } + else + { + $default_lang = phpbb_ltrim(basename(phpbb_rtrim($board_config['default_lang'])), "'"); + } + + if ( !file_exists(@phpbb_realpath($phpbb_root_path . 'language/lang_' . $default_lang . '/lang_main.'.$phpEx)) ) + { + if ( $userdata['user_id'] != ANONYMOUS ) + { + // For logged in users, try the board default language next + $default_lang = phpbb_ltrim(basename(phpbb_rtrim($board_config['default_lang'])), "'"); + } + else + { + // For guests it means the default language is not present, try english + // This is a long shot since it means serious errors in the setup to reach here, + // but english is part of a new install so it's worth us trying + $default_lang = 'english'; + } + + if ( !file_exists(@phpbb_realpath($phpbb_root_path . 'language/lang_' . $default_lang . '/lang_main.'.$phpEx)) ) + { + message_die(CRITICAL_ERROR, 'Could not locate valid language pack'); + } + } ! // If we've had to change the value in any way then let's write it back to the database ! // before we go any further since it means there is something wrong with it ! if ( $userdata['user_id'] != ANONYMOUS && $userdata['user_lang'] !== $default_lang ) { ! $sql = 'UPDATE ' . USERS_TABLE . " ! SET user_lang = '" . $default_lang . "' ! WHERE user_lang = '" . $userdata['user_lang'] . "'"; ! ! if ( !($result = $db->sql_query($sql)) ) ! { ! message_die(CRITICAL_ERROR, 'Could not update user language info'); ! } ! ! $userdata['user_lang'] = $default_lang; } + elseif ( $userdata['user_id'] === ANONYMOUS && $board_config['default_lang'] !== $default_lang ) + { + $sql = 'UPDATE ' . CONFIG_TABLE . " + SET config_value = '" . $default_lang . "' + WHERE config_name = 'default_lang'"; + + if ( !($result = $db->sql_query($sql)) ) + { + message_die(CRITICAL_ERROR, 'Could not update user language info'); + } + } + + $board_config['default_lang'] = $default_lang; include($phpbb_root_path . 'language/lang_' . $board_config['default_lang'] . '/lang_main.' . $phpEx); *************** *** 333,341 **** { global $db, $board_config, $template, $images, $phpbb_root_path; ! $sql = "SELECT * ! FROM " . THEMES_TABLE . " ! WHERE themes_id = $style"; if ( !($result = $db->sql_query($sql)) ) { message_die(CRITICAL_ERROR, 'Could not query database for theme info'); --- 442,450 ---- { global $db, $board_config, $template, $images, $phpbb_root_path; ! $sql = 'SELECT * ! FROM ' . THEMES_TABLE . ' ! WHERE themes_id = ' . (int) $style; if ( !($result = $db->sql_query($sql)) ) { message_die(CRITICAL_ERROR, 'Could not query database for theme info'); *************** *** 343,349 **** if ( !($row = $db->sql_fetchrow($result)) ) { ! message_die(CRITICAL_ERROR, "Could not get theme data for themes_id [$style]"); } $template_path = 'templates/' ; --- 452,491 ---- if ( !($row = $db->sql_fetchrow($result)) ) { ! // We are trying to setup a style which does not exist in the database ! // Try to fallback to the board default (if the user had a custom style) ! // and then any users using this style to the default if it succeeds ! if ( $style != $board_config['default_style']) ! { ! $sql = 'SELECT * ! FROM ' . THEMES_TABLE . ' ! WHERE themes_id = ' . (int) $board_config['default_style']; ! if ( !($result = $db->sql_query($sql)) ) ! { ! message_die(CRITICAL_ERROR, 'Could not query database for theme info'); ! } ! ! if ( $row = $db->sql_fetchrow($result) ) ! { ! $db->sql_freeresult($result); ! ! $sql = 'UPDATE ' . USERS_TABLE . ' ! SET user_style = ' . (int) $board_config['default_style'] . " ! WHERE user_style = $style"; ! if ( !($result = $db->sql_query($sql)) ) ! { ! message_die(CRITICAL_ERROR, 'Could not update user theme info'); ! } ! } ! else ! { ! message_die(CRITICAL_ERROR, "Could not get theme data for themes_id [$style]"); ! } ! } ! else ! { ! message_die(CRITICAL_ERROR, "Could not get theme data for themes_id [$style]"); ! } } $template_path = 'templates/' ; *************** *** 539,545 **** { do { ! $orig_word[] = '#\b(' . str_replace('\*', '\w*?', phpbb_preg_quote($row['word'], '#')) . ')\b#i'; $replacement_word[] = $row['replacement']; } while ( $row = $db->sql_fetchrow($result) ); --- 681,687 ---- { do { ! $orig_word[] = '#\b(' . str_replace('\*', '\w*?', preg_quote($row['word'], '#')) . ')\b#i'; $replacement_word[] = $row['replacement']; } while ( $row = $db->sql_fetchrow($result) ); *************** *** 605,611 **** if ( $err_line != '' && $err_file != '' ) { ! $debug_text .= '

Line : ' . $err_line . '
File : ' . basename($err_file); } } --- 747,753 ---- if ( $err_line != '' && $err_file != '' ) { ! $debug_text .= '

Line : ' . $err_line . '
File : ' . basename($err_file); } } *************** *** 632,642 **** } } ! if ( empty($template) ) ! { ! $template = new Template($phpbb_root_path . 'templates/' . $board_config['board_template']); ! } ! if ( empty($theme) ) { $theme = setup_style($board_config['default_style']); } --- 774,780 ---- } } ! if ( empty($template) || empty($theme) ) { $theme = setup_style($board_config['default_style']); } *************** *** 779,785 **** $db->sql_close(); } ! if (strstr(urldecode($url), "\n") || strstr(urldecode($url), "\r")) { message_die(GENERAL_ERROR, 'Tried to redirect to potentially insecure url.'); } --- 917,923 ---- $db->sql_close(); } ! if (strstr(urldecode($url), "\n") || strstr(urldecode($url), "\r") || strstr(urldecode($url), ';url')) { message_die(GENERAL_ERROR, 'Tried to redirect to potentially insecure url.'); } diff -crN phpbb2017/includes/functions_admin.php phpbb2022/includes/functions_admin.php *** phpbb2017/includes/functions_admin.php Tue Jul 19 22:14:56 2005 --- phpbb2022/includes/functions_admin.php Tue Dec 19 18:29:15 2006 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: functions_admin.php,v 1.5.2.3 2002/07/19 17:03:47 psotfx Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: functions_admin.php,v 1.5.2.5 2005/09/14 19:16:21 acydburn Exp $ * * ***************************************************************************/ *************** *** 30,38 **** $is_auth_ary = auth(AUTH_READ, AUTH_LIST_ALL, $userdata); ! $sql = "SELECT forum_id, forum_name ! FROM " . FORUMS_TABLE . " ! ORDER BY cat_id, forum_order"; if ( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, 'Couldn not obtain forums information', '', __LINE__, __FILE__, $sql); --- 30,39 ---- $is_auth_ary = auth(AUTH_READ, AUTH_LIST_ALL, $userdata); ! $sql = 'SELECT f.forum_id, f.forum_name ! FROM ' . CATEGORIES_TABLE . ' c, ' . FORUMS_TABLE . ' f ! WHERE f.cat_id = c.cat_id ! ORDER BY c.cat_order, f.forum_order'; if ( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, 'Couldn not obtain forums information', '', __LINE__, __FILE__, $sql); *************** *** 140,149 **** if ( $row = $db->sql_fetchrow($result) ) { ! $sql = ( $row['total_posts'] ) ? "UPDATE " . TOPICS_TABLE . " SET topic_replies = " . ( $row['total_posts'] - 1 ) . ", topic_first_post_id = " . $row['first_post'] . ", topic_last_post_id = " . $row['last_post'] . " WHERE topic_id = $id" : "DELETE FROM " . TOPICS_TABLE . " WHERE topic_id = $id"; ! if ( !$db->sql_query($sql) ) { ! message_die(GENERAL_ERROR, 'Could not update topic', '', __LINE__, __FILE__, $sql); } } break; --- 141,185 ---- if ( $row = $db->sql_fetchrow($result) ) { ! if ($row['total_posts']) { ! // Correct the details of this topic ! $sql = 'UPDATE ' . TOPICS_TABLE . ' ! SET topic_replies = ' . ($row['total_posts'] - 1) . ', topic_first_post_id = ' . $row['first_post'] . ', topic_last_post_id = ' . $row['last_post'] . " ! WHERE topic_id = $id"; ! ! if (!$db->sql_query($sql)) ! { ! message_die(GENERAL_ERROR, 'Could not update topic', '', __LINE__, __FILE__, $sql); ! } ! } ! else ! { ! // There are no replies to this topic ! // Check if it is a move stub ! $sql = 'SELECT topic_moved_id ! FROM ' . TOPICS_TABLE . " ! WHERE topic_id = $id"; ! ! if (!($result = $db->sql_query($sql))) ! { ! message_die(GENERAL_ERROR, 'Could not get topic ID', '', __LINE__, __FILE__, $sql); ! } ! ! if ($row = $db->sql_fetchrow($result)) ! { ! if (!$row['topic_moved_id']) ! { ! $sql = 'DELETE FROM ' . TOPICS_TABLE . " WHERE topic_id = $id"; ! ! if (!$db->sql_query($sql)) ! { ! message_die(GENERAL_ERROR, 'Could not remove topic', '', __LINE__, __FILE__, $sql); ! } ! } ! } ! ! $db->sql_freeresult($result); } } break; diff -crN phpbb2017/includes/functions_post.php phpbb2022/includes/functions_post.php *** phpbb2017/includes/functions_post.php Tue Jul 19 22:14:56 2005 --- phpbb2022/includes/functions_post.php Tue Dec 19 18:29:15 2006 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: functions_post.php,v 1.9.2.37 2004/11/18 17:49:44 acydburn Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: functions_post.php,v 1.9.2.52 2006/05/06 13:38:55 grahamje Exp $ * * ***************************************************************************/ *************** *** 25,32 **** die('Hacking attempt'); } ! $html_entities_match = array('#&(?!(\#[0-9]+;))#', '#<#', '#>#'); ! $html_entities_replace = array('&', '<', '>'); $unhtml_specialchars_match = array('#>#', '#<#', '#"#', '#&#'); $unhtml_specialchars_replace = array('>', '<', '"', '&'); --- 25,32 ---- die('Hacking attempt'); } ! $html_entities_match = array('#&(?!(\#[0-9]+;))#', '#<#', '#>#', '#"#'); ! $html_entities_replace = array('&', '<', '>', '"'); $unhtml_specialchars_match = array('#>#', '#<#', '#"#', '#&#'); $unhtml_specialchars_replace = array('>', '<', '"', '&'); *************** *** 46,102 **** if ($html_on) { ! $allowed_html_tags = split(',', $board_config['allow_html_tags']); ! $end_html = 0; ! $start_html = 1; ! $tmp_message = ''; ! $message = ' ' . $message . ' '; ! while ($start_html = strpos($message, '<', $start_html)) ! { ! $tmp_message .= preg_replace($html_entities_match, $html_entities_replace, substr($message, $end_html + 1, ($start_html - $end_html - 1))); ! ! if ($end_html = strpos($message, '>', $start_html)) ! { ! $length = $end_html - $start_html + 1; ! $hold_string = substr($message, $start_html, $length); ! ! if (($unclosed_open = strrpos(' ' . $hold_string, '<')) != 1) ! { ! $tmp_message .= preg_replace($html_entities_match, $html_entities_replace, substr($hold_string, 0, $unclosed_open - 1)); ! $hold_string = substr($hold_string, $unclosed_open - 1); ! } ! ! $tagallowed = false; ! for ($i = 0; $i < sizeof($allowed_html_tags); $i++) ! { ! $match_tag = trim($allowed_html_tags[$i]); ! if (preg_match('#^<\/?' . $match_tag . '[> ]#i', $hold_string)) ! { ! $tagallowed = (preg_match('#^<\/?' . $match_tag . ' .*?(style[\t ]*?=|on[\w]+[\t ]*?=)#i', $hold_string)) ? false : true; ! } ! } ! ! $tmp_message .= ($length && !$tagallowed) ? preg_replace($html_entities_match, $html_entities_replace, $hold_string) : $hold_string; ! ! $start_html += $length; ! } ! else ! { ! $tmp_message .= preg_replace($html_entities_match, $html_entities_replace, substr($message, $start_html, strlen($message))); ! $start_html = strlen($message); ! $end_html = $start_html; ! } ! } ! ! if (!$end_html || ($end_html != strlen($message) && $tmp_message != '')) { ! $tmp_message .= preg_replace($html_entities_match, $html_entities_replace, substr($message, $end_html + 1)); } ! $message = ($tmp_message != '') ? trim($tmp_message) : trim($message); } else { --- 46,71 ---- if ($html_on) { ! // If HTML is on, we try to make it safe ! // This approach is quite agressive and anything that does not look like a valid tag ! // is going to get converted to HTML entities ! $message = stripslashes($message); ! $html_match = '#<[^\w<]*(\w+)((?:"[^"]*"|\'[^\']*\'|[^<>\'"])+)?>#'; ! $matches = array(); ! $message_split = preg_split($html_match, $message); ! preg_match_all($html_match, $message, $matches); ! $message = ''; ! foreach ($message_split as $part) { ! $tag = array(array_shift($matches[0]), array_shift($matches[1]), array_shift($matches[2])); ! $message .= preg_replace($html_entities_match, $html_entities_replace, $part) . clean_html($tag); } ! $message = addslashes($message); ! $message = str_replace('"', '\"', $message); } else { *************** *** 187,193 **** $option_text = trim($option_text); if (!empty($option_text)) { ! $temp_option_text[$option_id] = htmlspecialchars($option_text); } } $option_text = $temp_option_text; --- 156,162 ---- $option_text = trim($option_text); if (!empty($option_text)) { ! $temp_option_text[intval($option_id)] = htmlspecialchars($option_text); } } $option_text = $temp_option_text; *************** *** 213,219 **** // // Post a new topic/reply/poll or edit existing post/poll // ! function submit_post($mode, &$post_data, &$message, &$meta, &$forum_id, &$topic_id, &$post_id, &$poll_id, &$topic_type, &$bbcode_on, &$html_on, &$smilies_on, &$attach_sig, &$bbcode_uid, &$post_username, &$post_subject, &$post_message, &$poll_title, &$poll_options, &$poll_length) { global $board_config, $lang, $db, $phpbb_root_path, $phpEx; global $userdata, $user_ip; --- 182,188 ---- // // Post a new topic/reply/poll or edit existing post/poll // ! function submit_post($mode, &$post_data, &$message, &$meta, &$forum_id, &$topic_id, &$post_id, &$poll_id, &$topic_type, &$bbcode_on, &$html_on, &$smilies_on, &$attach_sig, &$bbcode_uid, $post_username, $post_subject, $post_message, $poll_title, &$poll_options, &$poll_length) { global $board_config, $lang, $db, $phpbb_root_path, $phpEx; global $userdata, $user_ip; *************** *** 444,455 **** $topic_update_sql .= 'topic_vote = 0'; } ! $sql = "UPDATE " . FORUMS_TABLE . " SET ! $forum_update_sql ! WHERE forum_id = $forum_id"; ! if (!$db->sql_query($sql)) { ! message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql); } if ($topic_update_sql != '') --- 413,427 ---- $topic_update_sql .= 'topic_vote = 0'; } ! if ($mode != 'poll_delete') { ! $sql = "UPDATE " . FORUMS_TABLE . " SET ! $forum_update_sql ! WHERE forum_id = $forum_id"; ! if (!$db->sql_query($sql)) ! { ! message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql); ! } } if ($topic_update_sql != '') *************** *** 578,593 **** $current_time = time(); ! if ($mode == 'delete') ! { ! $delete_sql = (!$post_data['first_post'] && !$post_data['last_post']) ? " AND user_id = " . $userdata['user_id'] : ''; ! $sql = "DELETE FROM " . TOPICS_WATCH_TABLE . " WHERE topic_id = $topic_id" . $delete_sql; ! if (!$db->sql_query($sql)) ! { ! message_die(GENERAL_ERROR, 'Could not change topic notify data', '', __LINE__, __FILE__, $sql); ! } ! } ! else { if ($mode == 'reply') { --- 550,556 ---- $current_time = time(); ! if ($mode != 'delete') { if ($mode == 'reply') { *************** *** 769,775 **** $gen_simple_header = TRUE; ! $page_title = $lang['Emoticons'] . " - $topic_title"; include($phpbb_root_path . 'includes/page_header.'.$phpEx); $template->set_filenames(array( --- 732,738 ---- $gen_simple_header = TRUE; ! $page_title = $lang['Emoticons']; include($phpbb_root_path . 'includes/page_header.'.$phpEx); $template->set_filenames(array( *************** *** 859,862 **** --- 822,887 ---- } } + /** + * Called from within prepare_message to clean included HTML tags if HTML is + * turned on for that post + * @param array $tag Matching text from the message to parse + */ + function clean_html($tag) + { + global $board_config; + + if (empty($tag[0])) + { + return ''; + } + + $allowed_html_tags = preg_split('/, */', strtolower($board_config['allow_html_tags'])); + $disallowed_attributes = '/^(?:style|on)/i'; + + // Check if this is an end tag + preg_match('/<[^\w\/]*\/[\W]*(\w+)/', $tag[0], $matches); + if (sizeof($matches)) + { + if (in_array(strtolower($matches[1]), $allowed_html_tags)) + { + return ''; + } + else + { + return htmlspecialchars(''); + } + } + + // Check if this is an allowed tag + if (in_array(strtolower($tag[1]), $allowed_html_tags)) + { + $attributes = ''; + if (!empty($tag[2])) + { + preg_match_all('/[\W]*?(\w+)[\W]*?=[\W]*?(["\'])((?:(?!\2).)*)\2/', $tag[2], $test); + for ($i = 0; $i < sizeof($test[0]); $i++) + { + if (preg_match($disallowed_attributes, $test[1][$i])) + { + continue; + } + $attributes .= ' ' . $test[1][$i] . '=' . $test[2][$i] . str_replace(array('[', ']'), array('[', ']'), htmlspecialchars($test[3][$i])) . $test[2][$i]; + } + } + if (in_array(strtolower($tag[1]), $allowed_html_tags)) + { + return '<' . $tag[1] . $attributes . '>'; + } + else + { + return htmlspecialchars('<' . $tag[1] . $attributes . '>'); + } + } + // Finally, this is not an allowed tag so strip all the attibutes and escape it + else + { + return htmlspecialchars('<' . $tag[1] . '>'); + } + } ?> \ No newline at end of file diff -crN phpbb2017/includes/functions_search.php phpbb2022/includes/functions_search.php *** phpbb2017/includes/functions_search.php Tue Jul 19 22:14:56 2005 --- phpbb2022/includes/functions_search.php Tue Dec 19 18:29:15 2006 *************** *** 6,12 **** * copyright : (C) 2002 The phpBB Group * email : support@phpbb.com * ! * $Id: functions_search.php,v 1.8.2.19 2004/11/18 17:49:45 acydburn Exp $ * ****************************************************************************/ --- 6,12 ---- * copyright : (C) 2002 The phpBB Group * email : support@phpbb.com * ! * $Id: functions_search.php,v 1.8.2.20 2005/09/14 18:14:30 acydburn Exp $ * ****************************************************************************/ *************** *** 89,95 **** return $entry; } ! function split_words(&$entry, $mode = 'post') { // If you experience problems with the new method, uncomment this block. /* --- 89,95 ---- return $entry; } ! function split_words($entry, $mode = 'post') { // If you experience problems with the new method, uncomment this block. /* diff -crN phpbb2017/includes/functions_validate.php phpbb2022/includes/functions_validate.php *** phpbb2017/includes/functions_validate.php Tue Jul 19 22:14:56 2005 --- phpbb2022/includes/functions_validate.php Tue Dec 19 18:29:15 2006 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: functions_validate.php,v 1.6.2.13 2005/07/19 20:01:15 acydburn Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: functions_validate.php,v 1.6.2.15 2005/10/30 15:17:14 acydburn Exp $ * * ***************************************************************************/ *************** *** 32,44 **** // Remove doubled up spaces $username = preg_replace('#\s+#', ' ', trim($username)); $username = phpbb_clean_username($username); ! $sql = "SELECT username ! FROM " . USERS_TABLE . " WHERE LOWER(username) = '" . strtolower($username) . "'"; if ($result = $db->sql_query($sql)) { ! if ($row = $db->sql_fetchrow($result)) { if (($userdata['session_logged_in'] && $row['username'] != $userdata['username']) || !$userdata['session_logged_in']) { --- 32,44 ---- // Remove doubled up spaces $username = preg_replace('#\s+#', ' ', trim($username)); $username = phpbb_clean_username($username); ! $sql = "SELECT username ! FROM " . USERS_TABLE . " WHERE LOWER(username) = '" . strtolower($username) . "'"; if ($result = $db->sql_query($sql)) { ! while ($row = $db->sql_fetchrow($result)) { if (($userdata['session_logged_in'] && $row['username'] != $userdata['username']) || !$userdata['session_logged_in']) { *************** *** 70,76 **** { do { ! if (preg_match("#\b(" . str_replace("\*", ".*?", phpbb_preg_quote($row['disallow_username'], '#')) . ")\b#i", $username)) { $db->sql_freeresult($result); return array('error' => true, 'error_msg' => $lang['Username_disallowed']); --- 70,76 ---- { do { ! if (preg_match("#\b(" . str_replace("\*", ".*?", preg_quote($row['disallow_username'], '#')) . ")\b#i", $username)) { $db->sql_freeresult($result); return array('error' => true, 'error_msg' => $lang['Username_disallowed']); *************** *** 89,95 **** { do { ! if (preg_match("#\b(" . str_replace("\*", ".*?", phpbb_preg_quote($row['word'], '#')) . ")\b#i", $username)) { $db->sql_freeresult($result); return array('error' => true, 'error_msg' => $lang['Username_disallowed']); --- 89,95 ---- { do { ! if (preg_match("#\b(" . str_replace("\*", ".*?", preg_quote($row['word'], '#')) . ")\b#i", $username)) { $db->sql_freeresult($result); return array('error' => true, 'error_msg' => $lang['Username_disallowed']); diff -crN phpbb2017/includes/page_header.php phpbb2022/includes/page_header.php *** phpbb2017/includes/page_header.php Tue Jul 19 22:14:56 2005 --- phpbb2022/includes/page_header.php Tue Dec 19 18:29:15 2006 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: page_header.php,v 1.106.2.24 2005/03/26 14:15:59 acydburn Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: page_header.php,v 1.106.2.25 2005/10/30 15:17:14 acydburn Exp $ * * ***************************************************************************/ *************** *** 450,455 **** --- 450,463 ---- if ( !$userdata['session_logged_in'] ) { $template->assign_block_vars('switch_user_logged_out', array()); + // + // Allow autologin? + // + if (!isset($board_config['allow_autologin']) || $board_config['allow_autologin'] ) + { + $template->assign_block_vars('switch_allow_autologin', array()); + $template->assign_block_vars('switch_user_logged_out.switch_allow_autologin', array()); + } } else { diff -crN phpbb2017/includes/page_tail.php phpbb2022/includes/page_tail.php *** phpbb2017/includes/page_tail.php Tue Jul 19 22:14:56 2005 --- phpbb2022/includes/page_tail.php Tue Dec 19 18:29:15 2006 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: page_tail.php,v 1.27.2.3 2004/12/22 02:04:00 psotfx Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: page_tail.php,v 1.27.2.4 2005/09/14 18:14:30 acydburn Exp $ * * ***************************************************************************/ *************** *** 25,30 **** --- 25,32 ---- die('Hacking attempt'); } + global $do_gzip_compress; + // // Show the overall footer. // *************** *** 35,41 **** ); $template->assign_vars(array( ! 'TRANSLATION_INFO' => ( isset($lang['TRANSLATION_INFO']) ) ? $lang['TRANSLATION_INFO'] : '', 'ADMIN_LINK' => $admin_link) ); --- 37,43 ---- ); $template->assign_vars(array( ! 'TRANSLATION_INFO' => (isset($lang['TRANSLATION_INFO'])) ? $lang['TRANSLATION_INFO'] : ((isset($lang['TRANSLATION'])) ? $lang['TRANSLATION'] : ''), 'ADMIN_LINK' => $admin_link) ); diff -crN phpbb2017/includes/prune.php phpbb2022/includes/prune.php *** phpbb2017/includes/prune.php Tue Jul 19 22:14:56 2005 --- phpbb2022/includes/prune.php Tue Dec 19 18:29:15 2006 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: prune.php,v 1.19.2.6 2003/03/18 23:23:57 acydburn Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: prune.php,v 1.19.2.7 2006/01/29 17:31:16 grahamje Exp $ * * ***************************************************************************/ *************** *** 31,36 **** --- 31,51 ---- { global $db, $lang; + // Before pruning, lets try to clean up the invalid topic entries + $sql = 'SELECT topic_id FROM ' . TOPICS_TABLE . ' + WHERE topic_last_post_id = 0'; + if ( !($result = $db->sql_query($sql)) ) + { + message_die(GENERAL_ERROR, 'Could not obtain lists of topics to sync', '', __LINE__, __FILE__, $sql); + } + + while( $row = $db->sql_fetchrow($result) ) + { + sync('topic', $row['topic_id']); + } + + $db->sql_freeresult($result); + $prune_all = ($prune_all) ? '' : 'AND t.topic_vote = 0 AND t.topic_type <> ' . POST_ANNOUNCE; // // Those without polls and announcements ... unless told otherwise! *************** *** 39,46 **** FROM " . POSTS_TABLE . " p, " . TOPICS_TABLE . " t WHERE t.forum_id = $forum_id $prune_all ! AND ( p.post_id = t.topic_last_post_id ! OR t.topic_last_post_id = 0 )"; if ( $prune_date != '' ) { $sql .= " AND p.post_time < $prune_date"; --- 54,60 ---- FROM " . POSTS_TABLE . " p, " . TOPICS_TABLE . " t WHERE t.forum_id = $forum_id $prune_all ! AND p.post_id = t.topic_last_post_id"; if ( $prune_date != '' ) { $sql .= " AND p.post_time < $prune_date"; diff -crN phpbb2017/includes/sessions.php phpbb2022/includes/sessions.php *** phpbb2017/includes/sessions.php Tue Jul 19 22:14:56 2005 --- phpbb2022/includes/sessions.php Tue Dec 19 18:29:15 2006 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: sessions.php,v 1.58.2.14 2005/05/06 20:50:11 acydburn Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: sessions.php,v 1.58.2.25 2006/05/18 19:23:07 grahamje Exp $ * * ***************************************************************************/ *************** *** 57,129 **** $last_visit = 0; $current_time = time(); - $expiry_time = $current_time - $board_config['session_length']; // ! // Try and pull the last time stored in a cookie, if it exists // ! $sql = "SELECT * ! FROM " . USERS_TABLE . " ! WHERE user_id = $user_id"; ! if ( !($result = $db->sql_query($sql)) ) { ! message_die(CRITICAL_ERROR, 'Could not obtain lastvisit data from user table', '', __LINE__, __FILE__, $sql); } ! $userdata = $db->sql_fetchrow($result); ! if ( $user_id != ANONYMOUS ) { ! $auto_login_key = $userdata['user_password']; ! ! if ( $auto_create ) { ! if ( isset($sessiondata['autologinid']) && $userdata['user_active'] ) ! { ! // We have to login automagically ! if( $sessiondata['autologinid'] === $auto_login_key ) ! { ! // autologinid matches password ! $login = 1; ! $enable_autologin = 1; ! } ! else ! { ! // No match; don't login, set as anonymous user ! $login = 0; ! $enable_autologin = 0; ! $user_id = $userdata['user_id'] = ANONYMOUS; ! ! $sql = 'SELECT * FROM ' . USERS_TABLE . ' WHERE user_id = ' . ANONYMOUS; ! $result = $db->sql_query($sql); ! $userdata = $db->sql_fetchrow($result); ! $db->sql_freeresult($result); ! } ! } ! else { ! // Autologin is not set. Don't login, set as anonymous user ! $login = 0; ! $enable_autologin = 0; ! $user_id = $userdata['user_id'] = ANONYMOUS; ! ! $sql = 'SELECT * FROM ' . USERS_TABLE . ' WHERE user_id = ' . ANONYMOUS; ! $result = $db->sql_query($sql); ! $userdata = $db->sql_fetchrow($result); ! $db->sql_freeresult($result); } } ! else { $login = 1; } } ! else ! { ! $login = 0; ! $enable_autologin = 0; } // // Initial ban check against user id, IP and email address // --- 57,146 ---- $last_visit = 0; $current_time = time(); // ! // Are auto-logins allowed? ! // If allow_autologin is not set or is true then they are ! // (same behaviour as old 2.0.x session code) // ! if (isset($board_config['allow_autologin']) && !$board_config['allow_autologin']) { ! $enable_autologin = $sessiondata['autologinid'] = false; } ! // ! // First off attempt to join with the autologin value if we have one ! // If not, just use the user_id value ! // ! $userdata = array(); ! if ($user_id != ANONYMOUS) { ! if (isset($sessiondata['autologinid']) && (string) $sessiondata['autologinid'] != '' && $user_id) { ! $sql = 'SELECT u.* ! FROM ' . USERS_TABLE . ' u, ' . SESSIONS_KEYS_TABLE . ' k ! WHERE u.user_id = ' . (int) $user_id . " ! AND u.user_active = 1 ! AND k.user_id = u.user_id ! AND k.key_id = '" . md5($sessiondata['autologinid']) . "'"; ! if (!($result = $db->sql_query($sql))) { ! message_die(CRITICAL_ERROR, 'Error doing DB query userdata row fetch', '', __LINE__, __FILE__, $sql); } + + $userdata = $db->sql_fetchrow($result); + $db->sql_freeresult($result); + + $enable_autologin = $login = 1; } ! else if (!$auto_create) { + $sessiondata['autologinid'] = ''; + $sessiondata['userid'] = $user_id; + + $sql = 'SELECT * + FROM ' . USERS_TABLE . ' + WHERE user_id = ' . (int) $user_id . ' + AND user_active = 1'; + if (!($result = $db->sql_query($sql))) + { + message_die(CRITICAL_ERROR, 'Error doing DB query userdata row fetch', '', __LINE__, __FILE__, $sql); + } + + $userdata = $db->sql_fetchrow($result); + $db->sql_freeresult($result); + $login = 1; } } ! ! // ! // At this point either $userdata should be populated or ! // one of the below is true ! // * Key didn't match one in the DB ! // * User does not exist ! // * User is inactive ! // ! if (!sizeof($userdata) || !is_array($userdata) || !$userdata) ! { ! $sessiondata['autologinid'] = ''; ! $sessiondata['userid'] = $user_id = ANONYMOUS; ! $enable_autologin = $login = 0; ! ! $sql = 'SELECT * ! FROM ' . USERS_TABLE . ' ! WHERE user_id = ' . (int) $user_id; ! if (!($result = $db->sql_query($sql))) ! { ! message_die(CRITICAL_ERROR, 'Error doing DB query userdata row fetch', '', __LINE__, __FILE__, $sql); ! } ! ! $userdata = $db->sql_fetchrow($result); ! $db->sql_freeresult($result); } + // // Initial ban check against user id, IP and email address // *************** *** 160,168 **** AND session_ip = '$user_ip'"; if ( !$db->sql_query($sql) || !$db->sql_affectedrows() ) { ! list($sec, $usec) = explode(' ', microtime()); ! mt_srand((float) $sec + ((float) $usec * 100000)); ! $session_id = md5(uniqid(mt_rand(), true)); $sql = "INSERT INTO " . SESSIONS_TABLE . " (session_id, session_user_id, session_start, session_time, session_ip, session_page, session_logged_in, session_admin) --- 177,183 ---- AND session_ip = '$user_ip'"; if ( !$db->sql_query($sql) || !$db->sql_affectedrows() ) { ! $session_id = md5(dss_rand()); $sql = "INSERT INTO " . SESSIONS_TABLE . " (session_id, session_user_id, session_start, session_time, session_ip, session_page, session_logged_in, session_admin) *************** *** 174,180 **** } if ( $user_id != ANONYMOUS ) ! {// ( $userdata['user_session_time'] > $expiry_time && $auto_create ) ? $userdata['user_lastvisit'] : ( $last_visit = ( $userdata['user_session_time'] > 0 ) ? $userdata['user_session_time'] : $current_time; if (!$admin) --- 189,195 ---- } if ( $user_id != ANONYMOUS ) ! { $last_visit = ( $userdata['user_session_time'] > 0 ) ? $userdata['user_session_time'] : $current_time; if (!$admin) *************** *** 190,196 **** $userdata['user_lastvisit'] = $last_visit; ! $sessiondata['autologinid'] = (!$admin) ? (( $enable_autologin && $sessionmethod == SESSION_METHOD_COOKIE ) ? $auto_login_key : '') : $sessiondata['autologinid']; $sessiondata['userid'] = $user_id; } --- 205,243 ---- $userdata['user_lastvisit'] = $last_visit; ! // ! // Regenerate the auto-login key ! // ! if ($enable_autologin) ! { ! $auto_login_key = dss_rand() . dss_rand(); ! ! if (isset($sessiondata['autologinid']) && (string) $sessiondata['autologinid'] != '') ! { ! $sql = 'UPDATE ' . SESSIONS_KEYS_TABLE . " ! SET last_ip = '$user_ip', key_id = '" . md5($auto_login_key) . "', last_login = $current_time ! WHERE key_id = '" . md5($sessiondata['autologinid']) . "'"; ! } ! else ! { ! $sql = 'INSERT INTO ' . SESSIONS_KEYS_TABLE . "(key_id, user_id, last_ip, last_login) ! VALUES ('" . md5($auto_login_key) . "', $user_id, '$user_ip', $current_time)"; ! } ! ! if ( !$db->sql_query($sql) ) ! { ! message_die(CRITICAL_ERROR, 'Error updating session key', '', __LINE__, __FILE__, $sql); ! } ! ! $sessiondata['autologinid'] = $auto_login_key; ! unset($auto_login_key); ! } ! else ! { ! $sessiondata['autologinid'] = ''; ! } ! ! // $sessiondata['autologinid'] = (!$admin) ? (( $enable_autologin && $sessionmethod == SESSION_METHOD_COOKIE ) ? $auto_login_key : '') : $sessiondata['autologinid']; $sessiondata['userid'] = $user_id; } *************** *** 202,207 **** --- 249,255 ---- $userdata['session_start'] = $current_time; $userdata['session_time'] = $current_time; $userdata['session_admin'] = $admin; + $userdata['session_key'] = $sessiondata['autologinid']; setcookie($cookiename . '_data', serialize($sessiondata), $current_time + 31536000, $cookiepath, $cookiedomain, $cookiesecure); setcookie($cookiename . '_sid', $session_id, 0, $cookiepath, $cookiedomain, $cookiesecure); *************** *** 313,335 **** } } ! // ! // Delete expired sessions ! // ! $expiry_time = $current_time - $board_config['session_length']; ! ! $sql = "DELETE FROM " . SESSIONS_TABLE . " ! WHERE session_time < $expiry_time ! AND session_id <> '$session_id'"; ! if ( !$db->sql_query($sql) ) ! { ! message_die(CRITICAL_ERROR, 'Error clearing sessions table', '', __LINE__, __FILE__, $sql); ! } setcookie($cookiename . '_data', serialize($sessiondata), $current_time + 31536000, $cookiepath, $cookiedomain, $cookiesecure); setcookie($cookiename . '_sid', $session_id, 0, $cookiepath, $cookiedomain, $cookiesecure); } return $userdata; } } --- 361,378 ---- } } ! session_clean($userdata['session_id']); setcookie($cookiename . '_data', serialize($sessiondata), $current_time + 31536000, $cookiepath, $cookiedomain, $cookiesecure); setcookie($cookiename . '_sid', $session_id, 0, $cookiepath, $cookiedomain, $cookiesecure); } + // Add the session_key to the userdata array if it is set + if ( isset($sessiondata['autologinid']) && $sessiondata['autologinid'] != '' ) + { + $userdata['session_key'] = $sessiondata['autologinid']; + } + return $userdata; } } *************** *** 350,363 **** } ! // ! // session_end closes out a session ! // deleting the corresponding entry ! // in the sessions table ! // function session_end($session_id, $user_id) { ! global $db, $lang, $board_config; global $HTTP_COOKIE_VARS, $HTTP_GET_VARS, $SID; $cookiename = $board_config['cookie_name']; --- 393,406 ---- } ! /** ! * Terminates the specified session ! * It will delete the entry in the sessions table for this session, ! * remove the corresponding auto-login key and reset the cookies ! */ function session_end($session_id, $user_id) { ! global $db, $lang, $board_config, $userdata; global $HTTP_COOKIE_VARS, $HTTP_GET_VARS, $SID; $cookiename = $board_config['cookie_name']; *************** *** 367,386 **** $current_time = time(); - // - // Pull cookiedata or grab the URI propagated sid - // - if ( isset($HTTP_COOKIE_VARS[$cookiename . '_sid']) ) - { - $session_id = isset( $HTTP_COOKIE_VARS[$cookiename . '_sid'] ) ? $HTTP_COOKIE_VARS[$cookiename . '_sid'] : ''; - $sessionmethod = SESSION_METHOD_COOKIE; - } - else - { - $session_id = ( isset($HTTP_GET_VARS['sid']) ) ? $HTTP_GET_VARS['sid'] : ''; - $sessionmethod = SESSION_METHOD_GET; - } - if (!preg_match('/^[A-Za-z0-9]*$/', $session_id)) { return; --- 410,415 ---- *************** *** 389,395 **** // // Delete existing session // ! $sql = "DELETE FROM " . SESSIONS_TABLE . " WHERE session_id = '$session_id' AND session_user_id = $user_id"; if ( !$db->sql_query($sql) ) --- 418,424 ---- // // Delete existing session // ! $sql = 'DELETE FROM ' . SESSIONS_TABLE . " WHERE session_id = '$session_id' AND session_user_id = $user_id"; if ( !$db->sql_query($sql) ) *************** *** 397,408 **** --- 426,562 ---- message_die(CRITICAL_ERROR, 'Error removing user session', '', __LINE__, __FILE__, $sql); } + // + // Remove this auto-login entry (if applicable) + // + if ( isset($userdata['session_key']) && $userdata['session_key'] != '' ) + { + $autologin_key = md5($userdata['session_key']); + $sql = 'DELETE FROM ' . SESSIONS_KEYS_TABLE . ' + WHERE user_id = ' . (int) $user_id . " + AND key_id = '$autologin_key'"; + if ( !$db->sql_query($sql) ) + { + message_die(CRITICAL_ERROR, 'Error removing auto-login key', '', __LINE__, __FILE__, $sql); + } + } + + // + // We expect that message_die will be called after this function, + // but just in case it isn't, reset $userdata to the details for a guest + // + $sql = 'SELECT * + FROM ' . USERS_TABLE . ' + WHERE user_id = ' . ANONYMOUS; + if ( !($result = $db->sql_query($sql)) ) + { + message_die(CRITICAL_ERROR, 'Error obtaining user details', '', __LINE__, __FILE__, $sql); + } + if ( !($userdata = $db->sql_fetchrow($result)) ) + { + message_die(CRITICAL_ERROR, 'Error obtaining user details', '', __LINE__, __FILE__, $sql); + } + $db->sql_freeresult($result); + + setcookie($cookiename . '_data', '', $current_time - 31536000, $cookiepath, $cookiedomain, $cookiesecure); setcookie($cookiename . '_sid', '', $current_time - 31536000, $cookiepath, $cookiedomain, $cookiesecure); return true; } + /** + * Removes expired sessions and auto-login keys from the database + */ + function session_clean($session_id) + { + global $board_config, $db; + + // + // Delete expired sessions + // + $sql = 'DELETE FROM ' . SESSIONS_TABLE . ' + WHERE session_time < ' . (time() - (int) $board_config['session_length']) . " + AND session_id <> '$session_id'"; + if ( !$db->sql_query($sql) ) + { + message_die(CRITICAL_ERROR, 'Error clearing sessions table', '', __LINE__, __FILE__, $sql); + } + + // + // Delete expired auto-login keys + // If max_autologin_time is not set then keys will never be deleted + // (same behaviour as old 2.0.x session code) + // + if (!empty($board_config['max_autologin_time']) && $board_config['max_autologin_time'] > 0) + { + $sql = 'DELETE FROM ' . SESSIONS_KEYS_TABLE . ' + WHERE last_login < ' . (time() - (86400 * (int) $board_config['max_autologin_time'])); + $db->sql_query($sql); + } + + return true; + } + + /** + * Reset all login keys for the specified user + * Called on password changes + */ + function session_reset_keys($user_id, $user_ip) + { + global $db, $userdata, $board_config; + + $key_sql = ($user_id == $userdata['user_id'] && !empty($userdata['session_key'])) ? "AND key_id != '" . md5($userdata['session_key']) . "'" : ''; + + $sql = 'DELETE FROM ' . SESSIONS_KEYS_TABLE . ' + WHERE user_id = ' . (int) $user_id . " + $key_sql"; + + if ( !$db->sql_query($sql) ) + { + message_die(CRITICAL_ERROR, 'Error removing auto-login keys', '', __LINE__, __FILE__, $sql); + } + + $where_sql = 'session_user_id = ' . (int) $user_id; + $where_sql .= ($user_id == $userdata['user_id']) ? " AND session_id <> '" . $userdata['session_id'] . "'" : ''; + $sql = 'DELETE FROM ' . SESSIONS_TABLE . " + WHERE $where_sql"; + if ( !$db->sql_query($sql) ) + { + message_die(CRITICAL_ERROR, 'Error removing user session(s)', '', __LINE__, __FILE__, $sql); + } + + if ( !empty($key_sql) ) + { + $auto_login_key = dss_rand() . dss_rand(); + + $current_time = time(); + + $sql = 'UPDATE ' . SESSIONS_KEYS_TABLE . " + SET last_ip = '$user_ip', key_id = '" . md5($auto_login_key) . "', last_login = $current_time + WHERE key_id = '" . md5($userdata['session_key']) . "'"; + + if ( !$db->sql_query($sql) ) + { + message_die(CRITICAL_ERROR, 'Error updating session key', '', __LINE__, __FILE__, $sql); + } + + // And now rebuild the cookie + $sessiondata['userid'] = $user_id; + $sessiondata['autologinid'] = $auto_login_key; + $cookiename = $board_config['cookie_name']; + $cookiepath = $board_config['cookie_path']; + $cookiedomain = $board_config['cookie_domain']; + $cookiesecure = $board_config['cookie_secure']; + + setcookie($cookiename . '_data', serialize($sessiondata), $current_time + 31536000, $cookiepath, $cookiedomain, $cookiesecure); + + $userdata['session_key'] = $auto_login_key; + unset($sessiondata); + unset($auto_login_key); + } + } + // // Append $SID to a url. Borrowed from phplib and modified. This is an // extra routine utilised by the session code above and acts as a wrapper *************** *** 415,421 **** if ( !empty($SID) && !preg_match('#sid=#', $url) ) { ! $url .= ( ( strpos($url, '?') != false ) ? ( ( $non_html_amp ) ? '&' : '&' ) : '?' ) . $SID; } return $url; --- 569,575 ---- if ( !empty($SID) && !preg_match('#sid=#', $url) ) { ! $url .= ( ( strpos($url, '?') !== false ) ? ( ( $non_html_amp ) ? '&' : '&' ) : '?' ) . $SID; } return $url; diff -crN phpbb2017/includes/smtp.php phpbb2022/includes/smtp.php *** phpbb2017/includes/smtp.php Tue Jul 19 22:14:56 2005 --- phpbb2022/includes/smtp.php Tue Dec 19 18:29:15 2006 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: smtp.php,v 1.16.2.10 2005/05/06 20:50:11 acydburn Exp $ * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: smtp.php,v 1.16.2.11 2005/09/27 20:24:35 grahamje Exp $ * ***************************************************************************/ *************** *** 27,33 **** // using SMTP Extensions // function server_parse($socket, $response, $line = __LINE__) ! { while (substr($server_response, 3, 1) != ' ') { if (!($server_response = fgets($socket, 256))) --- 27,34 ---- // using SMTP Extensions // function server_parse($socket, $response, $line = __LINE__) ! { ! $server_response = ''; while (substr($server_response, 3, 1) != ' ') { if (!($server_response = fgets($socket, 256))) diff -crN phpbb2017/includes/usercp_activate.php phpbb2022/includes/usercp_activate.php *** phpbb2017/includes/usercp_activate.php Tue Jul 19 22:14:56 2005 --- phpbb2022/includes/usercp_activate.php Tue Dec 19 18:29:15 2006 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: usercp_activate.php,v 1.6.2.8 2005/07/19 20:01:16 acydburn Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: usercp_activate.php,v 1.6.2.9 2005/09/14 18:14:30 acydburn Exp $ * * ***************************************************************************/ *************** *** 47,55 **** } else if ((trim($row['user_actkey']) == trim($HTTP_GET_VARS['act_key'])) && (trim($row['user_actkey']) != '')) { ! if (intval($board_config['require_activation']) == USER_ACTIVATION_ADMIN && $userdata['user_level'] != ADMIN) { ! message_die(GENERAL_MESSAGE, $lang['Not_Authorised']); } $sql_update_pass = ( $row['user_newpasswd'] != '' ) ? ", user_password = '" . str_replace("\'", "''", $row['user_newpasswd']) . "', user_newpasswd = ''" : ''; --- 47,62 ---- } else if ((trim($row['user_actkey']) == trim($HTTP_GET_VARS['act_key'])) && (trim($row['user_actkey']) != '')) { ! if (intval($board_config['require_activation']) == USER_ACTIVATION_ADMIN && $row['user_newpasswd'] == '') { ! if (!$userdata['session_logged_in']) ! { ! redirect(append_sid('login.' . $phpEx . '?redirect=profile.' . $phpEx . '&mode=activate&' . POST_USERS_URL . '=' . $row['user_id'] . '&act_key=' . trim($HTTP_GET_VARS['act_key']))); ! } ! else if ($userdata['user_level'] != ADMIN) ! { ! message_die(GENERAL_MESSAGE, $lang['Not_Authorised']); ! } } $sql_update_pass = ( $row['user_newpasswd'] != '' ) ? ", user_password = '" . str_replace("\'", "''", $row['user_newpasswd']) . "', user_newpasswd = ''" : ''; diff -crN phpbb2017/includes/usercp_avatar.php phpbb2022/includes/usercp_avatar.php *** phpbb2017/includes/usercp_avatar.php Tue Jul 19 22:14:56 2005 --- phpbb2022/includes/usercp_avatar.php Tue Dec 19 18:29:15 2006 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: usercp_avatar.php,v 1.8.2.21 2005/07/19 20:01:16 acydburn Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: usercp_avatar.php,v 1.8.2.24 2006/05/23 21:09:27 grahamje Exp $ * * ***************************************************************************/ *************** *** 63,81 **** return ", user_avatar = '', user_avatar_type = " . USER_AVATAR_NONE; } ! function user_avatar_gallery($mode, &$error, &$error_msg, $avatar_filename) { global $board_config; ! $avatar_filename = str_replace(array('../', '..\\', './', '.\\'), '', $avatar_filename); ! if ($avatar_filename{0} == '/' || $avatar_filename{0} == "\\") { return ''; } ! if ( file_exists(@phpbb_realpath($board_config['avatar_gallery_path'] . '/' . $avatar_filename)) && ($mode == 'editprofile') ) { ! $return = ", user_avatar = '" . str_replace("\'", "''", $avatar_filename) . "', user_avatar_type = " . USER_AVATAR_GALLERY; } else { --- 63,88 ---- return ", user_avatar = '', user_avatar_type = " . USER_AVATAR_NONE; } ! function user_avatar_gallery($mode, &$error, &$error_msg, $avatar_filename, $avatar_category) { global $board_config; ! $avatar_filename = phpbb_ltrim(basename($avatar_filename), "'"); ! $avatar_category = phpbb_ltrim(basename($avatar_category), "'"); ! ! if(!preg_match('/(\.gif$|\.png$|\.jpg|\.jpeg)$/is', $avatar_filename)) { return ''; } ! if ($avatar_filename == "" || $avatar_category == "") ! { ! return ''; ! } ! ! if ( file_exists(@phpbb_realpath($board_config['avatar_gallery_path'] . '/' . $avatar_category . '/' . $avatar_filename)) && ($mode == 'editprofile') ) { ! $return = ", user_avatar = '" . str_replace("\'", "''", $avatar_category . '/' . $avatar_filename) . "', user_avatar_type = " . USER_AVATAR_GALLERY; } else { *************** *** 93,98 **** --- 100,107 ---- $avatar_filename = 'http://' . $avatar_filename; } + $avatar_filename = substr($avatar_filename, 0, 100); + if ( !preg_match("#^((ht|f)tp://)([^ \?&=\#\"\n\r\t<]*?(\.(jpg|jpeg|gif|png))$)#is", $avatar_filename) ) { $error = true; *************** *** 110,116 **** $ini_val = ( @phpversion() >= '4.0.0' ) ? 'ini_get' : 'get_cfg_var'; ! if ( $avatar_mode == 'remote' && preg_match('/^(http:\/\/)?([\w\-\.]+)\:?([0-9]*)\/(.*)$/', $avatar_filename, $url_ary) ) { if ( empty($url_ary[4]) ) { --- 119,128 ---- $ini_val = ( @phpversion() >= '4.0.0' ) ? 'ini_get' : 'get_cfg_var'; ! $width = $height = 0; ! $type = ''; ! ! if ( $avatar_mode == 'remote' && preg_match('/^(http:\/\/)?([\w\-\.]+)\:?([0-9]*)\/([^ \?&=\#\"\n\r\t<]*?(\.(jpg|jpeg|gif|png)))$/', $avatar_filename, $url_ary) ) { if ( empty($url_ary[4]) ) { *************** *** 167,173 **** message_die(GENERAL_ERROR, 'Could not write avatar file to local storage. Please contact the board administrator with this message', '', __LINE__, __FILE__); } ! list($width, $height) = @getimagesize($tmp_filename); } else { --- 179,185 ---- message_die(GENERAL_ERROR, 'Could not write avatar file to local storage. Please contact the board administrator with this message', '', __LINE__, __FILE__); } ! list($width, $height, $type) = @getimagesize($tmp_filename); } else { *************** *** 193,199 **** return; } ! list($width, $height) = @getimagesize($avatar_filename); } if ( !($imgtype = check_image_type($avatar_filetype, $error, $error_msg)) ) --- 205,211 ---- return; } ! list($width, $height, $type) = @getimagesize($avatar_filename); } if ( !($imgtype = check_image_type($avatar_filetype, $error, $error_msg)) ) *************** *** 201,216 **** return; } if ( $width > 0 && $height > 0 && $width <= $board_config['avatar_max_width'] && $height <= $board_config['avatar_max_height'] ) { $new_filename = uniqid(rand()) . $imgtype; if ( $mode == 'editprofile' && $current_type == USER_AVATAR_UPLOAD && $current_avatar != '' ) { ! if ( file_exists(@phpbb_realpath('./' . $board_config['avatar_path'] . '/' . $current_avatar)) ) ! { ! @unlink('./' . $board_config['avatar_path'] . '/' . $current_avatar); ! } } if( $avatar_mode == 'remote' ) --- 213,263 ---- return; } + switch ($type) + { + // GIF + case 1: + if ($imgtype != '.gif') + { + @unlink($tmp_filename); + message_die(GENERAL_ERROR, 'Unable to upload file', '', __LINE__, __FILE__); + } + break; + + // JPG, JPC, JP2, JPX, JB2 + case 2: + case 9: + case 10: + case 11: + case 12: + if ($imgtype != '.jpg' && $imgtype != '.jpeg') + { + @unlink($tmp_filename); + message_die(GENERAL_ERROR, 'Unable to upload file', '', __LINE__, __FILE__); + } + break; + + // PNG + case 3: + if ($imgtype != '.png') + { + @unlink($tmp_filename); + message_die(GENERAL_ERROR, 'Unable to upload file', '', __LINE__, __FILE__); + } + break; + + default: + @unlink($tmp_filename); + message_die(GENERAL_ERROR, 'Unable to upload file', '', __LINE__, __FILE__); + } + if ( $width > 0 && $height > 0 && $width <= $board_config['avatar_max_width'] && $height <= $board_config['avatar_max_height'] ) { $new_filename = uniqid(rand()) . $imgtype; if ( $mode == 'editprofile' && $current_type == USER_AVATAR_UPLOAD && $current_avatar != '' ) { ! user_avatar_delete($current_type, $current_avatar); } if( $avatar_mode == 'remote' ) *************** *** 276,282 **** { if( preg_match('/(\.gif$|\.png$|\.jpg|\.jpeg)$/is', $sub_file) ) { ! $avatar_images[$file][$avatar_row_count][$avatar_col_count] = $file . '/' . $sub_file; $avatar_name[$file][$avatar_row_count][$avatar_col_count] = ucfirst(str_replace("_", " ", preg_replace('/^(.*)\..*$/', '\1', $sub_file))); $avatar_col_count++; --- 323,329 ---- { if( preg_match('/(\.gif$|\.png$|\.jpg|\.jpeg)$/is', $sub_file) ) { ! $avatar_images[$file][$avatar_row_count][$avatar_col_count] = $sub_file; $avatar_name[$file][$avatar_row_count][$avatar_col_count] = ucfirst(str_replace("_", " ", preg_replace('/^(.*)\..*$/', '\1', $sub_file))); $avatar_col_count++; *************** *** 322,328 **** for($j = 0; $j < count($avatar_images[$category][$i]); $j++) { $template->assign_block_vars('avatar_row.avatar_column', array( ! "AVATAR_IMAGE" => $board_config['avatar_gallery_path'] . '/' . $avatar_images[$category][$i][$j], "AVATAR_NAME" => $avatar_name[$category][$i][$j]) ); --- 369,375 ---- for($j = 0; $j < count($avatar_images[$category][$i]); $j++) { $template->assign_block_vars('avatar_row.avatar_column', array( ! "AVATAR_IMAGE" => $board_config['avatar_gallery_path'] . '/' . $category . '/' . $avatar_images[$category][$i][$j], "AVATAR_NAME" => $avatar_name[$category][$i][$j]) ); *************** *** 334,340 **** $params = array('coppa', 'user_id', 'username', 'email', 'current_email', 'cur_password', 'new_password', 'password_confirm', 'icq', 'aim', 'msn', 'yim', 'website', 'location', 'occupation', 'interests', 'signature', 'viewemail', 'notifypm', 'popup_pm', 'notifyreply', 'attachsig', 'allowhtml', 'allowbbcode', 'allowsmilies', 'hideonline', 'style', 'language', 'timezone', 'dateformat'); ! $s_hidden_vars = ''; for($i = 0; $i < count($params); $i++) { --- 381,387 ---- $params = array('coppa', 'user_id', 'username', 'email', 'current_email', 'cur_password', 'new_password', 'password_confirm', 'icq', 'aim', 'msn', 'yim', 'website', 'location', 'occupation', 'interests', 'signature', 'viewemail', 'notifypm', 'popup_pm', 'notifyreply', 'attachsig', 'allowhtml', 'allowbbcode', 'allowsmilies', 'hideonline', 'style', 'language', 'timezone', 'dateformat'); ! $s_hidden_vars = ''; for($i = 0; $i < count($params); $i++) { diff -crN phpbb2017/includes/usercp_confirm.php phpbb2022/includes/usercp_confirm.php *** phpbb2017/includes/usercp_confirm.php Tue Jul 19 22:14:56 2005 --- phpbb2022/includes/usercp_confirm.php Tue Dec 19 18:29:15 2006 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: usercp_confirm.php,v 1.1.2.1 2004/11/18 17:49:45 acydburn Exp $ * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: usercp_confirm.php,v 1.1.2.4 2006/05/30 19:29:43 grahamje Exp $ * ***************************************************************************/ *************** *** 66,174 **** exit; } ! // If we can we will generate a single filtered png else we will have to simply ! // output six seperate original pngs ... first way is preferable! ! if (@extension_loaded('zlib')) ! { ! $_png = define_filtered_pngs(); ! ! $total_width = 320; ! $total_height = 50; ! $img_height = 40; ! $img_width = 0; ! $l = 0; ! list($usec, $sec) = explode(' ', microtime()); ! mt_srand($sec * $usec); ! $char_widths = array(); ! for ($i = 0; $i < strlen($code); $i++) ! { ! $char = $code{$i}; ! $width = mt_rand(0, 4); ! $char_widths[] = $width; ! $img_width += $_png[$char]['width'] - $width; ! } ! $offset_x = mt_rand(0, $total_width - $img_width); ! $offset_y = mt_rand(0, $total_height - $img_height); ! $image = ''; ! $hold_chars = array(); ! for ($i = 0; $i < $total_height; $i++) ! { ! $image .= chr(0); ! if ($i > $offset_y && $i < $offset_y + $img_height) ! { ! $j = 0; ! for ($k = 0; $k < $offset_x; $k++) ! { ! $image .= chr(mt_rand(140, 255)); ! } ! for ($k = 0; $k < strlen($code); $k++) ! { ! $char = $code{$k}; ! if (empty($hold_chars[$char])) ! { ! $hold_chars[$char] = explode("\n", chunk_split(base64_decode($_png[$char]['data']), $_png[$char]['width'] + 1, "\n")); ! } ! $image .= randomise(substr($hold_chars[$char][$l], 1), $char_widths[$j]); ! $j++; ! } ! for ($k = $offset_x + $img_width; $k < $total_width; $k++) { ! $image .= chr(mt_rand(140, 255)); } ! ! $l++; } ! else { ! for ($k = 0; $k < $total_width; $k++) ! { ! $image .= chr(mt_rand(140, 255)); ! } } } - unset($hold); - - $image = create_png(gzcompress($image), $total_width, $total_height); - - // Output image - header('Content-Type: image/png'); - header('Cache-control: no-cache, no-store'); - echo $image; - - unset($image); - unset($_png); - exit; } ! else ! { ! if (!empty($HTTP_GET_VARS['c'])) ! { ! $_png = define_raw_pngs(); ! $char = substr($code, intval($HTTP_GET_VARS['c']) - 1, 1); ! header('Content-Type: image/png'); ! header('Cache-control: no-cache, no-store'); ! echo base64_decode($_png[$char]); ! unset($_png); ! exit; ! } ! } exit; // This is designed to randomise the pixels of the image data within // certain limits so as to keep it readable. It also varies the image // width a little --- 66,154 ---- exit; } ! // We can we will generate a single filtered png ! // Thanks to DavidMJ for emulating zlib within the code :) ! $_png = define_filtered_pngs(); ! $total_width = 320; ! $total_height = 50; ! $img_height = 40; ! $img_width = 0; ! $l = 0; ! list($usec, $sec) = explode(' ', microtime()); ! mt_srand($sec * $usec); ! $char_widths = array(); ! for ($i = 0; $i < strlen($code); $i++) ! { ! $char = $code{$i}; ! $width = mt_rand(0, 4); ! $char_widths[] = $width; ! $img_width += $_png[$char]['width'] - $width; ! } ! $offset_x = mt_rand(0, $total_width - $img_width); ! $offset_y = mt_rand(0, $total_height - $img_height); ! $image = ''; ! $hold_chars = array(); ! for ($i = 0; $i < $total_height; $i++) ! { ! $image .= chr(0); ! if ($i > $offset_y && $i < $offset_y + $img_height) ! { ! $j = 0; ! for ($k = 0; $k < $offset_x; $k++) ! { ! $image .= chr(mt_rand(140, 255)); ! } ! for ($k = 0; $k < strlen($code); $k++) ! { ! $char = $code{$k}; ! if (empty($hold_chars[$char])) { ! $hold_chars[$char] = explode("\n", chunk_split(base64_decode($_png[$char]['data']), $_png[$char]['width'] + 1, "\n")); } ! $image .= randomise(substr($hold_chars[$char][$l], 1), $char_widths[$j]); ! $j++; } ! ! for ($k = $offset_x + $img_width; $k < $total_width; $k++) { ! $image .= chr(mt_rand(140, 255)); } + $l++; + } + else + { + for ($k = 0; $k < $total_width; $k++) + { + $image .= chr(mt_rand(140, 255)); + } } } ! unset($hold); ! $image = create_png($image, $total_width, $total_height); ! // Output image ! header('Content-Type: image/png'); ! header('Cache-control: no-cache, no-store'); ! echo $image; + unset($image); + unset($_png); exit; + // This is designed to randomise the pixels of the image data within // certain limits so as to keep it readable. It also varies the image // width a little *************** *** 215,221 **** // http://www.libpng.org/pub/png/spec/PNG-Contents.html we use // png because it's a fully recognised open standard and supported // by practically all modern browsers and OSs ! function create_png($gzimage, $width, $height) { // SIG $image = pack('C8', 137, 80, 78, 71, 13, 10, 26, 10); --- 195,201 ---- // http://www.libpng.org/pub/png/spec/PNG-Contents.html we use // png because it's a fully recognised open standard and supported // by practically all modern browsers and OSs ! function create_png($raw_image, $width, $height) { // SIG $image = pack('C8', 137, 80, 78, 71, 13, 10, 26, 10); *************** *** 224,231 **** $raw .= pack('C4', $height >> 24, $height >> 16, $height >> 8, $height); $raw .= pack('C5', 8, 0, 0, 0, 0); $image .= png_chunk(13, 'IHDR', $raw); // IDAT ! $image .= png_chunk(strlen($gzimage), 'IDAT', $gzimage); // IEND $image .= png_chunk(0, 'IEND', ''); --- 204,256 ---- $raw .= pack('C4', $height >> 24, $height >> 16, $height >> 8, $height); $raw .= pack('C5', 8, 0, 0, 0, 0); $image .= png_chunk(13, 'IHDR', $raw); + + if (@extension_loaded('zlib')) + { + $raw_image = gzcompress($raw_image); + $length = strlen($raw_image); + } + else + { + // The total length of this image, uncompressed, is just a calculation of pixels + $length = ($width + 1) * $height; + + // Adler-32 hash generation + // Optimized Adler-32 loop ported from the GNU Classpath project + $temp_length = $length; + $s1 = 1; + $s2 = $index = 0; + + while ($temp_length > 0) + { + // We can defer the modulo operation: + // s1 maximally grows from 65521 to 65521 + 255 * 3800 + // s2 maximally grows by 3800 * median(s1) = 2090079800 < 2^31 + $substract_value = ($temp_length < 3800) ? $temp_length : 3800; + $temp_length -= $substract_value; + + while (--$substract_value >= 0) + { + $s1 += ord($raw_image[$index]); + $s2 += $s1; + + $index++; + } + + $s1 %= 65521; + $s2 %= 65521; + } + $adler_hash = pack('N', ($s2 << 16) | $s1); + + // This is the same thing as gzcompress($raw_image, 0) but does not need zlib + $raw_image = pack('C3v2', 0x78, 0x01, 0x01, $length, ~$length) . $raw_image . $adler_hash; + + // The Zlib header + Adler hash make us add on 11 + $length += 11; + } + // IDAT ! $image .= png_chunk($length, 'IDAT', $raw_image); // IEND $image .= png_chunk(0, 'IEND', ''); diff -crN phpbb2017/includes/usercp_email.php phpbb2022/includes/usercp_email.php *** phpbb2017/includes/usercp_email.php Tue Jul 19 22:14:56 2005 --- phpbb2022/includes/usercp_email.php Tue Dec 19 18:29:15 2006 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: usercp_email.php,v 1.7.2.13 2003/06/06 18:02:15 acydburn Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: usercp_email.php,v 1.7.2.14 2006/12/16 13:11:26 acydburn Exp $ * * ***************************************************************************/ *************** *** 52,135 **** WHERE user_id = $user_id"; if ( $result = $db->sql_query($sql) ) { ! $row = $db->sql_fetchrow($result); ! ! $username = $row['username']; ! $user_email = $row['user_email']; ! $user_lang = $row['user_lang']; ! ! if ( $row['user_viewemail'] || $userdata['user_level'] == ADMIN ) { - if ( time() - $userdata['user_emailtime'] < $board_config['flood_interval'] ) - { - message_die(GENERAL_MESSAGE, $lang['Flood_email_limit']); - } ! if ( isset($HTTP_POST_VARS['submit']) ) { ! $error = FALSE; ! ! if ( !empty($HTTP_POST_VARS['subject']) ) ! { ! $subject = trim(stripslashes($HTTP_POST_VARS['subject'])); ! } ! else { ! $error = TRUE; ! $error_msg = ( !empty($error_msg) ) ? $error_msg . '
' . $lang['Empty_subject_email'] : $lang['Empty_subject_email']; } ! ! if ( !empty($HTTP_POST_VARS['message']) ) ! { ! $message = trim(stripslashes($HTTP_POST_VARS['message'])); ! } ! else ! { ! $error = TRUE; ! $error_msg = ( !empty($error_msg) ) ? $error_msg . '
' . $lang['Empty_message_email'] : $lang['Empty_message_email']; ! } ! ! if ( !$error ) { ! $sql = "UPDATE " . USERS_TABLE . " ! SET user_emailtime = " . time() . " ! WHERE user_id = " . $userdata['user_id']; ! if ( $result = $db->sql_query($sql) ) { ! include($phpbb_root_path . 'includes/emailer.'.$phpEx); ! $emailer = new emailer($board_config['smtp_delivery']); ! ! $emailer->from($userdata['user_email']); ! $emailer->replyto($userdata['user_email']); ! ! $email_headers = 'X-AntiAbuse: Board servername - ' . $server_name . "\n"; ! $email_headers .= 'X-AntiAbuse: User_id - ' . $userdata['user_id'] . "\n"; ! $email_headers .= 'X-AntiAbuse: Username - ' . $userdata['username'] . "\n"; ! $email_headers .= 'X-AntiAbuse: User IP - ' . decode_ip($user_ip) . "\n"; ! ! $emailer->use_template('profile_send_email', $user_lang); ! $emailer->email_address($user_email); ! $emailer->set_subject($subject); ! $emailer->extra_headers($email_headers); ! ! $emailer->assign_vars(array( ! 'SITENAME' => $board_config['sitename'], ! 'BOARD_EMAIL' => $board_config['board_email'], ! 'FROM_USERNAME' => $userdata['username'], ! 'TO_USERNAME' => $username, ! 'MESSAGE' => $message) ! ); ! $emailer->send(); ! $emailer->reset(); ! ! if ( !empty($HTTP_POST_VARS['cc_email']) ) { $emailer->from($userdata['user_email']); $emailer->replyto($userdata['user_email']); ! $emailer->use_template('profile_send_email'); ! $emailer->email_address($userdata['user_email']); $emailer->set_subject($subject); ! $emailer->assign_vars(array( 'SITENAME' => $board_config['sitename'], 'BOARD_EMAIL' => $board_config['board_email'], --- 52,118 ---- WHERE user_id = $user_id"; if ( $result = $db->sql_query($sql) ) { ! if ( $row = $db->sql_fetchrow($result) ) { ! $username = $row['username']; ! $user_email = $row['user_email']; ! $user_lang = $row['user_lang']; ! ! if ( $row['user_viewemail'] || $userdata['user_level'] == ADMIN ) { ! if ( time() - $userdata['user_emailtime'] < $board_config['flood_interval'] ) { ! message_die(GENERAL_MESSAGE, $lang['Flood_email_limit']); } ! ! if ( isset($HTTP_POST_VARS['submit']) ) { ! $error = FALSE; ! ! if ( !empty($HTTP_POST_VARS['subject']) ) { ! $subject = trim(stripslashes($HTTP_POST_VARS['subject'])); ! } ! else ! { ! $error = TRUE; ! $error_msg = ( !empty($error_msg) ) ? $error_msg . '
' . $lang['Empty_subject_email'] : $lang['Empty_subject_email']; ! } ! ! if ( !empty($HTTP_POST_VARS['message']) ) ! { ! $message = trim(stripslashes($HTTP_POST_VARS['message'])); ! } ! else ! { ! $error = TRUE; ! $error_msg = ( !empty($error_msg) ) ? $error_msg . '
' . $lang['Empty_message_email'] : $lang['Empty_message_email']; ! } ! ! if ( !$error ) ! { ! $sql = "UPDATE " . USERS_TABLE . " ! SET user_emailtime = " . time() . " ! WHERE user_id = " . $userdata['user_id']; ! if ( $result = $db->sql_query($sql) ) { + include($phpbb_root_path . 'includes/emailer.'.$phpEx); + $emailer = new emailer($board_config['smtp_delivery']); + $emailer->from($userdata['user_email']); $emailer->replyto($userdata['user_email']); ! ! $email_headers = 'X-AntiAbuse: Board servername - ' . $server_name . "\n"; ! $email_headers .= 'X-AntiAbuse: User_id - ' . $userdata['user_id'] . "\n"; ! $email_headers .= 'X-AntiAbuse: Username - ' . $userdata['username'] . "\n"; ! $email_headers .= 'X-AntiAbuse: User IP - ' . decode_ip($user_ip) . "\n"; ! ! $emailer->use_template('profile_send_email', $user_lang); ! $emailer->email_address($user_email); $emailer->set_subject($subject); ! $emailer->extra_headers($email_headers); ! $emailer->assign_vars(array( 'SITENAME' => $board_config['sitename'], 'BOARD_EMAIL' => $board_config['board_email'], *************** *** 139,210 **** ); $emailer->send(); $emailer->reset(); } - - $template->assign_vars(array( - 'META' => '') - ); - - $message = $lang['Email_sent'] . '

' . sprintf($lang['Click_return_index'], '', ''); - - message_die(GENERAL_MESSAGE, $message); - } - else - { - message_die(GENERAL_ERROR, 'Could not update last email time', '', __LINE__, __FILE__, $sql); } } ! } ! ! include($phpbb_root_path . 'includes/page_header.'.$phpEx); ! ! $template->set_filenames(array( ! 'body' => 'profile_send_email.tpl') ! ); ! make_jumpbox('viewforum.'.$phpEx); ! ! if ( $error ) ! { $template->set_filenames(array( ! 'reg_header' => 'error_body.tpl') ); $template->assign_vars(array( ! 'ERROR_MESSAGE' => $error_msg) ); ! $template->assign_var_from_handle('ERROR_BOX', 'reg_header'); } - - $template->assign_vars(array( - 'USERNAME' => $username, - - 'S_HIDDEN_FIELDS' => '', - 'S_POST_ACTION' => append_sid("profile.$phpEx?mode=email&" . POST_USERS_URL . "=$user_id"), - - 'L_SEND_EMAIL_MSG' => $lang['Send_email_msg'], - 'L_RECIPIENT' => $lang['Recipient'], - 'L_SUBJECT' => $lang['Subject'], - 'L_MESSAGE_BODY' => $lang['Message_body'], - 'L_MESSAGE_BODY_DESC' => $lang['Email_message_desc'], - 'L_EMPTY_SUBJECT_EMAIL' => $lang['Empty_subject_email'], - 'L_EMPTY_MESSAGE_EMAIL' => $lang['Empty_message_email'], - 'L_OPTIONS' => $lang['Options'], - 'L_CC_EMAIL' => $lang['CC_email'], - 'L_SPELLCHECK' => $lang['Spellcheck'], - 'L_SEND_EMAIL' => $lang['Send_email']) - ); - - $template->pparse('body'); - - include($phpbb_root_path . 'includes/page_tail.'.$phpEx); } else { ! message_die(GENERAL_MESSAGE, $lang['User_prevent_email']); } } else { ! message_die(GENERAL_MESSAGE, $lang['User_not_exist']); } ?> \ No newline at end of file --- 122,216 ---- ); $emailer->send(); $emailer->reset(); + + if ( !empty($HTTP_POST_VARS['cc_email']) ) + { + $emailer->from($userdata['user_email']); + $emailer->replyto($userdata['user_email']); + $emailer->use_template('profile_send_email'); + $emailer->email_address($userdata['user_email']); + $emailer->set_subject($subject); + + $emailer->assign_vars(array( + 'SITENAME' => $board_config['sitename'], + 'BOARD_EMAIL' => $board_config['board_email'], + 'FROM_USERNAME' => $userdata['username'], + 'TO_USERNAME' => $username, + 'MESSAGE' => $message) + ); + $emailer->send(); + $emailer->reset(); + } + + $template->assign_vars(array( + 'META' => '') + ); + + $message = $lang['Email_sent'] . '

' . sprintf($lang['Click_return_index'], '', ''); + + message_die(GENERAL_MESSAGE, $message); + } + else + { + message_die(GENERAL_ERROR, 'Could not update last email time', '', __LINE__, __FILE__, $sql); } } } ! ! include($phpbb_root_path . 'includes/page_header.'.$phpEx); ! $template->set_filenames(array( ! 'body' => 'profile_send_email.tpl') ); + make_jumpbox('viewforum.'.$phpEx); + + if ( $error ) + { + $template->set_filenames(array( + 'reg_header' => 'error_body.tpl') + ); + $template->assign_vars(array( + 'ERROR_MESSAGE' => $error_msg) + ); + $template->assign_var_from_handle('ERROR_BOX', 'reg_header'); + } + $template->assign_vars(array( ! 'USERNAME' => $username, ! ! 'S_HIDDEN_FIELDS' => '', ! 'S_POST_ACTION' => append_sid("profile.$phpEx?mode=email&" . POST_USERS_URL . "=$user_id"), ! ! 'L_SEND_EMAIL_MSG' => $lang['Send_email_msg'], ! 'L_RECIPIENT' => $lang['Recipient'], ! 'L_SUBJECT' => $lang['Subject'], ! 'L_MESSAGE_BODY' => $lang['Message_body'], ! 'L_MESSAGE_BODY_DESC' => $lang['Email_message_desc'], ! 'L_EMPTY_SUBJECT_EMAIL' => $lang['Empty_subject_email'], ! 'L_EMPTY_MESSAGE_EMAIL' => $lang['Empty_message_email'], ! 'L_OPTIONS' => $lang['Options'], ! 'L_CC_EMAIL' => $lang['CC_email'], ! 'L_SPELLCHECK' => $lang['Spellcheck'], ! 'L_SEND_EMAIL' => $lang['Send_email']) ); ! ! $template->pparse('body'); ! ! include($phpbb_root_path . 'includes/page_tail.'.$phpEx); ! } ! else ! { ! message_die(GENERAL_MESSAGE, $lang['User_prevent_email']); } } else { ! message_die(GENERAL_MESSAGE, $lang['User_not_exist']); } } else { ! message_die(GENERAL_ERROR, 'Could not select user data', '', __LINE__, __FILE__, $sql); } ?> \ No newline at end of file diff -crN phpbb2017/includes/usercp_register.php phpbb2022/includes/usercp_register.php *** phpbb2017/includes/usercp_register.php Tue Jul 19 22:14:56 2005 --- phpbb2022/includes/usercp_register.php Tue Dec 19 18:29:15 2006 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: usercp_register.php,v 1.20.2.61 2005/06/26 12:03:44 acydburn Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: usercp_register.php,v 1.20.2.78 2006/12/17 10:51:27 acydburn Exp $ * * ***************************************************************************/ *************** *** 73,78 **** --- 73,79 ---- // --------------------------------------- $error = FALSE; + $error_msg = ''; $page_title = ( $mode == 'editprofile' ) ? $lang['Edit_profile'] : $lang['Register']; if ( $mode == 'register' && !isset($HTTP_POST_VARS['agreed']) && !isset($HTTP_GET_VARS['agreed']) ) *************** *** 106,113 **** $current_email = trim(htmlspecialchars($HTTP_POST_VARS['current_email'])); } ! $strip_var_list = array('username' => 'username', 'email' => 'email', 'icq' => 'icq', 'aim' => 'aim', 'msn' => 'msn', 'yim' => 'yim', 'website' => 'website', 'location' => 'location', 'occupation' => 'occupation', 'interests' => 'interests'); ! $strip_var_list['confirm_code'] = 'confirm_code'; // Strip all tags from data ... may p**s some people off, bah, strip_tags is // doing the job but can still break HTML output ... have no choice, have --- 107,113 ---- $current_email = trim(htmlspecialchars($HTTP_POST_VARS['current_email'])); } ! $strip_var_list = array('email' => 'email', 'icq' => 'icq', 'aim' => 'aim', 'msn' => 'msn', 'yim' => 'yim', 'website' => 'website', 'location' => 'location', 'occupation' => 'occupation', 'interests' => 'interests', 'confirm_code' => 'confirm_code'); // Strip all tags from data ... may p**s some people off, bah, strip_tags is // doing the job but can still break HTML output ... have no choice, have *************** *** 120,125 **** --- 120,127 ---- } } + $username = ( !empty($HTTP_POST_VARS['username']) ) ? phpbb_clean_username($HTTP_POST_VARS['username']) : ''; + $trim_var_list = array('cur_password' => 'cur_password', 'new_password' => 'new_password', 'password_confirm' => 'password_confirm', 'signature' => 'signature'); while( list($var, $param) = @each($trim_var_list) ) *************** *** 130,136 **** } } ! $signature = str_replace('
', "\n", $signature); // Run some validation on the optional fields. These are pass-by-ref, so they'll be changed to // empty strings if they fail. --- 132,139 ---- } } ! $signature = (isset($signature)) ? str_replace('
', "\n", $signature) : ''; ! $signature_bbcode_uid = ''; // Run some validation on the optional fields. These are pass-by-ref, so they'll be changed to // empty strings if they fail. *************** *** 141,146 **** --- 144,150 ---- $notifyreply = ( isset($HTTP_POST_VARS['notifyreply']) ) ? ( ($HTTP_POST_VARS['notifyreply']) ? TRUE : 0 ) : 0; $notifypm = ( isset($HTTP_POST_VARS['notifypm']) ) ? ( ($HTTP_POST_VARS['notifypm']) ? TRUE : 0 ) : TRUE; $popup_pm = ( isset($HTTP_POST_VARS['popup_pm']) ) ? ( ($HTTP_POST_VARS['popup_pm']) ? TRUE : 0 ) : TRUE; + $sid = (isset($HTTP_POST_VARS['sid'])) ? $HTTP_POST_VARS['sid'] : 0; if ( $mode == 'register' ) { *************** *** 152,158 **** } else { ! $attachsig = ( isset($HTTP_POST_VARS['attachsig']) ) ? ( ($HTTP_POST_VARS['attachsig']) ? TRUE : 0 ) : 0; $allowhtml = ( isset($HTTP_POST_VARS['allowhtml']) ) ? ( ($HTTP_POST_VARS['allowhtml']) ? TRUE : 0 ) : $userdata['user_allowhtml']; $allowbbcode = ( isset($HTTP_POST_VARS['allowbbcode']) ) ? ( ($HTTP_POST_VARS['allowbbcode']) ? TRUE : 0 ) : $userdata['user_allowbbcode']; --- 156,162 ---- } else { ! $attachsig = ( isset($HTTP_POST_VARS['attachsig']) ) ? ( ($HTTP_POST_VARS['attachsig']) ? TRUE : 0 ) : $userdata['user_attachsig']; $allowhtml = ( isset($HTTP_POST_VARS['allowhtml']) ) ? ( ($HTTP_POST_VARS['allowhtml']) ? TRUE : 0 ) : $userdata['user_allowhtml']; $allowbbcode = ( isset($HTTP_POST_VARS['allowbbcode']) ) ? ( ($HTTP_POST_VARS['allowbbcode']) ? TRUE : 0 ) : $userdata['user_allowbbcode']; *************** *** 192,197 **** --- 196,202 ---- $user_dateformat = ( !empty($HTTP_POST_VARS['dateformat']) ) ? trim(htmlspecialchars($HTTP_POST_VARS['dateformat'])) : $board_config['default_dateformat']; $user_avatar_local = ( isset($HTTP_POST_VARS['avatarselect']) && !empty($HTTP_POST_VARS['submitavatar']) && $board_config['allow_avatar_local'] ) ? htmlspecialchars($HTTP_POST_VARS['avatarselect']) : ( ( isset($HTTP_POST_VARS['avatarlocal']) ) ? htmlspecialchars($HTTP_POST_VARS['avatarlocal']) : '' ); + $user_avatar_category = ( isset($HTTP_POST_VARS['avatarcatname']) && $board_config['allow_avatar_local'] ) ? htmlspecialchars($HTTP_POST_VARS['avatarcatname']) : '' ; $user_avatar_remoteurl = ( !empty($HTTP_POST_VARS['avatarremoteurl']) ) ? trim(htmlspecialchars($HTTP_POST_VARS['avatarremoteurl'])) : ''; $user_avatar_upload = ( !empty($HTTP_POST_VARS['avatarurl']) ) ? trim($HTTP_POST_VARS['avatarurl']) : ( ( $HTTP_POST_FILES['avatar']['tmp_name'] != "none") ? $HTTP_POST_FILES['avatar']['tmp_name'] : '' ); *************** *** 199,206 **** $user_avatar_size = ( !empty($HTTP_POST_FILES['avatar']['size']) ) ? $HTTP_POST_FILES['avatar']['size'] : 0; $user_avatar_filetype = ( !empty($HTTP_POST_FILES['avatar']['type']) ) ? $HTTP_POST_FILES['avatar']['type'] : ''; ! $user_avatar = ( empty($user_avatar_loc) && $mode == 'editprofile' ) ? $userdata['user_avatar'] : ''; ! $user_avatar_type = ( empty($user_avatar_loc) && $mode == 'editprofile' ) ? $userdata['user_avatar_type'] : ''; if ( (isset($HTTP_POST_VARS['avatargallery']) || isset($HTTP_POST_VARS['submitavatar']) || isset($HTTP_POST_VARS['cancelavatar'])) && (!isset($HTTP_POST_VARS['submit'])) ) { --- 204,211 ---- $user_avatar_size = ( !empty($HTTP_POST_FILES['avatar']['size']) ) ? $HTTP_POST_FILES['avatar']['size'] : 0; $user_avatar_filetype = ( !empty($HTTP_POST_FILES['avatar']['type']) ) ? $HTTP_POST_FILES['avatar']['type'] : ''; ! $user_avatar = ( empty($user_avatar_local) && $mode == 'editprofile' ) ? $userdata['user_avatar'] : ''; ! $user_avatar_type = ( empty($user_avatar_local) && $mode == 'editprofile' ) ? $userdata['user_avatar_type'] : ''; if ( (isset($HTTP_POST_VARS['avatargallery']) || isset($HTTP_POST_VARS['submitavatar']) || isset($HTTP_POST_VARS['cancelavatar'])) && (!isset($HTTP_POST_VARS['submit'])) ) { *************** *** 219,232 **** $location = stripslashes($location); $occupation = stripslashes($occupation); $interests = stripslashes($interests); ! $signature = stripslashes($signature); $user_lang = stripslashes($user_lang); $user_dateformat = stripslashes($user_dateformat); if ( !isset($HTTP_POST_VARS['cancelavatar'])) { ! $user_avatar = $user_avatar_local; $user_avatar_type = USER_AVATAR_GALLERY; } } --- 224,237 ---- $location = stripslashes($location); $occupation = stripslashes($occupation); $interests = stripslashes($interests); ! $signature = htmlspecialchars(stripslashes($signature)); $user_lang = stripslashes($user_lang); $user_dateformat = stripslashes($user_dateformat); if ( !isset($HTTP_POST_VARS['cancelavatar'])) { ! $user_avatar = $user_avatar_category . '/' . $user_avatar_local; $user_avatar_type = USER_AVATAR_GALLERY; } } *************** *** 249,254 **** --- 254,266 ---- { include($phpbb_root_path . 'includes/usercp_avatar.'.$phpEx); + // session id check + if ($sid == '' || $sid != $userdata['session_id']) + { + $error = true; + $error_msg .= ( ( isset($error_msg) ) ? '
' : '' ) . $lang['Session_invalid']; + } + $passwd_sql = ''; if ( $mode == 'editprofile' ) { *************** *** 288,294 **** AND session_id = '" . $userdata['session_id'] . "'"; if (!($result = $db->sql_query($sql))) { ! message_die(GENERAL_ERROR, 'Could not obtain confirmation code', __LINE__, __FILE__, $sql); } if ($row = $db->sql_fetchrow($result)) --- 300,306 ---- AND session_id = '" . $userdata['session_id'] . "'"; if (!($result = $db->sql_query($sql))) { ! message_die(GENERAL_ERROR, 'Could not obtain confirmation code', '', __LINE__, __FILE__, $sql); } if ($row = $db->sql_fetchrow($result)) *************** *** 305,311 **** AND session_id = '" . $userdata['session_id'] . "'"; if (!$db->sql_query($sql)) { ! message_die(GENERAL_ERROR, 'Could not delete confirmation code', __LINE__, __FILE__, $sql); } } } --- 317,323 ---- AND session_id = '" . $userdata['session_id'] . "'"; if (!$db->sql_query($sql)) { ! message_die(GENERAL_ERROR, 'Could not delete confirmation code', '', __LINE__, __FILE__, $sql); } } } *************** *** 436,442 **** $error_msg .= ( ( isset($error_msg) ) ? '
' : '' ) . $lang['Signature_too_long']; } ! if ( $signature_bbcode_uid == '' ) { $signature_bbcode_uid = ( $allowbbcode ) ? make_bbcode_uid() : ''; } --- 448,454 ---- $error_msg .= ( ( isset($error_msg) ) ? '
' : '' ) . $lang['Signature_too_long']; } ! if ( !isset($signature_bbcode_uid) || $signature_bbcode_uid == '' ) { $signature_bbcode_uid = ( $allowbbcode ) ? make_bbcode_uid() : ''; } *************** *** 472,490 **** } else if ( $user_avatar_remoteurl != '' && $board_config['allow_avatar_remote'] ) { ! if ( @file_exists(@phpbb_realpath('./' . $board_config['avatar_path'] . '/' . $userdata['user_avatar'])) ) ! { ! @unlink(@phpbb_realpath('./' . $board_config['avatar_path'] . '/' . $userdata['user_avatar'])); ! } $avatar_sql = user_avatar_url($mode, $error, $error_msg, $user_avatar_remoteurl); } else if ( $user_avatar_local != '' && $board_config['allow_avatar_local'] ) { ! if ( @file_exists(@phpbb_realpath('./' . $board_config['avatar_path'] . '/' . $userdata['user_avatar'])) ) ! { ! @unlink(@phpbb_realpath('./' . $board_config['avatar_path'] . '/' . $userdata['user_avatar'])); ! } ! $avatar_sql = user_avatar_gallery($mode, $error, $error_msg, $user_avatar_local); } if ( !$error ) --- 484,496 ---- } else if ( $user_avatar_remoteurl != '' && $board_config['allow_avatar_remote'] ) { ! user_avatar_delete($userdata['user_avatar_type'], $userdata['user_avatar']); $avatar_sql = user_avatar_url($mode, $error, $error_msg, $user_avatar_remoteurl); } else if ( $user_avatar_local != '' && $board_config['allow_avatar_local'] ) { ! user_avatar_delete($userdata['user_avatar_type'], $userdata['user_avatar']); ! $avatar_sql = user_avatar_gallery($mode, $error, $error_msg, $user_avatar_local, $user_avatar_category); } if ( !$error ) *************** *** 524,529 **** --- 530,542 ---- message_die(GENERAL_ERROR, 'Could not update users table', '', __LINE__, __FILE__, $sql); } + // We remove all stored login keys since the password has been updated + // and change the current one (if applicable) + if ( !empty($passwd_sql) ) + { + session_reset_keys($user_id, $user_ip); + } + if ( !$user_active ) { // *************** *** 532,553 **** include($phpbb_root_path . 'includes/emailer.'.$phpEx); $emailer = new emailer($board_config['smtp_delivery']); ! $emailer->from($board_config['board_email']); ! $emailer->replyto($board_config['board_email']); ! ! $emailer->use_template('user_activate', stripslashes($user_lang)); ! $emailer->email_address($email); ! $emailer->set_subject($lang['Reactivate']); ! ! $emailer->assign_vars(array( ! 'SITENAME' => $board_config['sitename'], ! 'USERNAME' => preg_replace($unhtml_specialchars_match, $unhtml_specialchars_replace, substr(str_replace("\'", "'", $username), 0, 25)), ! 'EMAIL_SIG' => (!empty($board_config['board_email_sig'])) ? str_replace('
', "\n", "-- \n" . $board_config['board_email_sig']) : '', ! ! 'U_ACTIVATE' => $server_url . '?mode=activate&' . POST_USERS_URL . '=' . $user_id . '&act_key=' . $user_actkey) ! ); ! $emailer->send(); ! $emailer->reset(); $message = $lang['Profile_updated_inactive'] . '

' . sprintf($lang['Click_return_index'], '', ''); } --- 545,600 ---- include($phpbb_root_path . 'includes/emailer.'.$phpEx); $emailer = new emailer($board_config['smtp_delivery']); ! if ( $board_config['require_activation'] != USER_ACTIVATION_ADMIN ) ! { ! $emailer->from($board_config['board_email']); ! $emailer->replyto($board_config['board_email']); ! ! $emailer->use_template('user_activate', stripslashes($user_lang)); ! $emailer->email_address($email); ! $emailer->set_subject($lang['Reactivate']); ! ! $emailer->assign_vars(array( ! 'SITENAME' => $board_config['sitename'], ! 'USERNAME' => preg_replace($unhtml_specialchars_match, $unhtml_specialchars_replace, substr(str_replace("\'", "'", $username), 0, 25)), ! 'EMAIL_SIG' => (!empty($board_config['board_email_sig'])) ? str_replace('
', "\n", "-- \n" . $board_config['board_email_sig']) : '', ! ! 'U_ACTIVATE' => $server_url . '?mode=activate&' . POST_USERS_URL . '=' . $user_id . '&act_key=' . $user_actkey) ! ); ! $emailer->send(); ! $emailer->reset(); ! } ! else if ( $board_config['require_activation'] == USER_ACTIVATION_ADMIN ) ! { ! $sql = 'SELECT user_email, user_lang ! FROM ' . USERS_TABLE . ' ! WHERE user_level = ' . ADMIN; ! ! if ( !($result = $db->sql_query($sql)) ) ! { ! message_die(GENERAL_ERROR, 'Could not select Administrators', '', __LINE__, __FILE__, $sql); ! } ! ! while ($row = $db->sql_fetchrow($result)) ! { ! $emailer->from($board_config['board_email']); ! $emailer->replyto($board_config['board_email']); ! ! $emailer->email_address(trim($row['user_email'])); ! $emailer->use_template("admin_activate", $row['user_lang']); ! $emailer->set_subject($lang['Reactivate']); ! ! $emailer->assign_vars(array( ! 'USERNAME' => preg_replace($unhtml_specialchars_match, $unhtml_specialchars_replace, substr(str_replace("\'", "'", $username), 0, 25)), ! 'EMAIL_SIG' => str_replace('
', "\n", "-- \n" . $board_config['board_email_sig']), ! ! 'U_ACTIVATE' => $server_url . '?mode=activate&' . POST_USERS_URL . '=' . $user_id . '&act_key=' . $user_actkey) ! ); ! $emailer->send(); ! $emailer->reset(); ! } ! $db->sql_freeresult($result); ! } $message = $lang['Profile_updated_inactive'] . '

' . sprintf($lang['Click_return_index'], '', ''); } *************** *** 732,737 **** --- 779,785 ---- // $username = stripslashes($username); $email = stripslashes($email); + $cur_password = ''; $new_password = ''; $password_confirm = ''; *************** *** 756,761 **** --- 804,810 ---- $user_id = $userdata['user_id']; $username = $userdata['username']; $email = $userdata['user_email']; + $cur_password = ''; $new_password = ''; $password_confirm = ''; *************** *** 818,824 **** $allowviewonline = !$allowviewonline; ! display_avatar_gallery($mode, $avatar_category, $user_id, $email, $current_email, $coppa, $username, $email, &$new_password, &$cur_password, $password_confirm, $icq, $aim, $msn, $yim, $website, $location, $occupation, $interests, $signature, $viewemail, $notifypm, $popup_pm, $notifyreply, $attachsig, $allowhtml, $allowbbcode, $allowsmilies, $allowviewonline, $user_style, $user_lang, $user_timezone, $user_dateformat, $userdata['session_id']); } else { --- 867,873 ---- $allowviewonline = !$allowviewonline; ! display_avatar_gallery($mode, $avatar_category, $user_id, $email, $current_email, $coppa, $username, $email, $new_password, $cur_password, $password_confirm, $icq, $aim, $msn, $yim, $website, $location, $occupation, $interests, $signature, $viewemail, $notifypm, $popup_pm, $notifyreply, $attachsig, $allowhtml, $allowbbcode, $allowsmilies, $allowviewonline, $user_style, $user_lang, $user_timezone, $user_dateformat, $userdata['session_id']); } else { *************** *** 829,837 **** $coppa = FALSE; } ! if ( !isset($user_template) ) { ! $selected_template = $board_config['system_template']; } $avatar_img = ''; --- 878,886 ---- $coppa = FALSE; } ! if ( !isset($user_style) ) { ! $user_style = $board_config['default_style']; } $avatar_img = ''; *************** *** 852,857 **** --- 901,907 ---- } $s_hidden_fields = ''; + $s_hidden_fields .= ''; if( $mode == 'editprofile' ) { $s_hidden_fields .= ''; *************** *** 864,870 **** if ( !empty($user_avatar_local) ) { ! $s_hidden_fields .= ''; } $html_status = ( $userdata['user_allowhtml'] && $board_config['allow_html'] ) ? $lang['HTML_is_ON'] : $lang['HTML_is_OFF']; --- 914,920 ---- if ( !empty($user_avatar_local) ) { ! $s_hidden_fields .= ''; } $html_status = ( $userdata['user_allowhtml'] && $board_config['allow_html'] ) ? $lang['HTML_is_ON'] : $lang['HTML_is_OFF']; *************** *** 947,963 **** } $db->sql_freeresult($result); ! $confirm_chars = array('A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', '1', '2', '3', '4', '5', '6', '7', '8', '9'); ! ! list($usec, $sec) = explode(' ', microtime()); ! mt_srand($sec * $usec); ! ! $max_chars = count($confirm_chars) - 1; ! $code = ''; ! for ($i = 0; $i < 6; $i++) ! { ! $code .= $confirm_chars[mt_rand(0, $max_chars)]; ! } $confirm_id = md5(uniqid($user_ip)); --- 997,1006 ---- } $db->sql_freeresult($result); ! // Generate the required confirmation code ! // NB 0 (zero) could get confused with O (the letter) so we make change it ! $code = dss_rand(); ! $code = substr(str_replace('0', 'Z', strtoupper(base_convert($code, 16, 35))), 2, 6); $confirm_id = md5(uniqid($user_ip)); *************** *** 970,976 **** unset($code); ! $confirm_image = (@extension_loaded('zlib')) ? '' : ''; $s_hidden_fields .= ''; $template->assign_block_vars('switch_confirm', array()); --- 1013,1019 ---- unset($code); ! $confirm_image = ''; $s_hidden_fields .= ''; $template->assign_block_vars('switch_confirm', array()); *************** *** 985,995 **** $form_enctype = ( @$ini_val('file_uploads') == '0' || strtolower(@$ini_val('file_uploads') == 'off') || phpversion() == '4.0.4pl1' || !$board_config['allow_avatar_upload'] || ( phpversion() < '4.0.3' && @$ini_val('open_basedir') != '' ) ) ? '' : 'enctype="multipart/form-data"'; $template->assign_vars(array( ! 'USERNAME' => $username, ! 'CUR_PASSWORD' => $cur_password, ! 'NEW_PASSWORD' => $new_password, ! 'PASSWORD_CONFIRM' => $password_confirm, ! 'EMAIL' => $email, 'CONFIRM_IMG' => $confirm_image, 'YIM' => $yim, 'ICQ' => $icq, --- 1028,1038 ---- $form_enctype = ( @$ini_val('file_uploads') == '0' || strtolower(@$ini_val('file_uploads') == 'off') || phpversion() == '4.0.4pl1' || !$board_config['allow_avatar_upload'] || ( phpversion() < '4.0.3' && @$ini_val('open_basedir') != '' ) ) ? '' : 'enctype="multipart/form-data"'; $template->assign_vars(array( ! 'USERNAME' => isset($username) ? $username : '', ! 'CUR_PASSWORD' => isset($cur_password) ? $cur_password : '', ! 'NEW_PASSWORD' => isset($new_password) ? $new_password : '', ! 'PASSWORD_CONFIRM' => isset($password_confirm) ? $password_confirm : '', ! 'EMAIL' => isset($email) ? $email : '', 'CONFIRM_IMG' => $confirm_image, 'YIM' => $yim, 'ICQ' => $icq, diff -crN phpbb2017/includes/usercp_sendpasswd.php phpbb2022/includes/usercp_sendpasswd.php *** phpbb2017/includes/usercp_sendpasswd.php Tue Jul 19 22:14:56 2005 --- phpbb2022/includes/usercp_sendpasswd.php Tue Dec 19 18:29:15 2006 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: usercp_sendpasswd.php,v 1.6.2.12 2004/11/18 17:49:45 acydburn Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: usercp_sendpasswd.php,v 1.6.2.13 2005/09/14 18:14:30 acydburn Exp $ * * ***************************************************************************/ *************** *** 50,56 **** $user_actkey = gen_rand_string(true); $key_len = 54 - strlen($server_url); ! $key_len = ( $str_len > 6 ) ? $key_len : 6; $user_actkey = substr($user_actkey, 0, $key_len); $user_password = gen_rand_string(false); --- 50,56 ---- $user_actkey = gen_rand_string(true); $key_len = 54 - strlen($server_url); ! $key_len = ($key_len > 6) ? $key_len : 6; $user_actkey = substr($user_actkey, 0, $key_len); $user_password = gen_rand_string(false); diff -crN phpbb2017/includes/usercp_viewprofile.php phpbb2022/includes/usercp_viewprofile.php *** phpbb2017/includes/usercp_viewprofile.php Tue Jul 19 22:14:57 2005 --- phpbb2022/includes/usercp_viewprofile.php Tue Dec 19 18:29:15 2006 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: usercp_viewprofile.php,v 1.5.2.5 2005/07/19 20:01:16 acydburn Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: usercp_viewprofile.php,v 1.5.2.6 2005/09/14 18:14:30 acydburn Exp $ * * ***************************************************************************/ *************** *** 165,171 **** $yim = ( $profiledata['user_yim'] ) ? '' . $lang['YIM'] . '' : ''; $temp_url = append_sid("search.$phpEx?search_author=" . urlencode($profiledata['username']) . "&showresults=posts"); ! $search_img = '' . $lang['Search_user_posts'] . ''; $search = '' . sprintf($lang['Search_user_posts'], $profiledata['username']) . ''; // --- 165,171 ---- $yim = ( $profiledata['user_yim'] ) ? '' . $lang['YIM'] . '' : ''; $temp_url = append_sid("search.$phpEx?search_author=" . urlencode($profiledata['username']) . "&showresults=posts"); ! $search_img = '' . sprintf($lang['Search_user_posts'], $profiledata['username']) . ''; $search = '' . sprintf($lang['Search_user_posts'], $profiledata['username']) . ''; // diff -crN phpbb2017/index.php phpbb2022/index.php *** phpbb2017/index.php Tue Jul 19 22:14:58 2005 --- phpbb2022/index.php Tue Dec 19 18:29:16 2006 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: index.php,v 1.99.2.3 2004/07/11 16:46:15 acydburn Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: index.php,v 1.99.2.7 2006/01/28 11:13:39 acydburn Exp $ * * ***************************************************************************/ *************** *** 119,125 **** } $category_rows = array(); ! while( $category_rows[] = $db->sql_fetchrow($result) ); $db->sql_freeresult($result); if( ( $total_categories = count($category_rows) ) ) --- 119,128 ---- } $category_rows = array(); ! while ($row = $db->sql_fetchrow($result)) ! { ! $category_rows[] = $row; ! } $db->sql_freeresult($result); if( ( $total_categories = count($category_rows) ) ) *************** *** 183,190 **** // Obtain a list of topic ids which contain // posts made since user last visited // ! if ( $userdata['session_logged_in'] ) { $sql = "SELECT t.forum_id, t.topic_id, p.post_time FROM " . TOPICS_TABLE . " t, " . POSTS_TABLE . " p WHERE p.post_id = t.topic_last_post_id --- 186,199 ---- // Obtain a list of topic ids which contain // posts made since user last visited // ! if ($userdata['session_logged_in']) { + // 60 days limit + if ($userdata['user_lastvisit'] < (time() - 5184000)) + { + $userdata['user_lastvisit'] = time() - 5184000; + } + $sql = "SELECT t.forum_id, t.topic_id, p.post_time FROM " . TOPICS_TABLE . " t, " . POSTS_TABLE . " p WHERE p.post_id = t.topic_last_post_id *************** *** 294,299 **** --- 303,321 ---- ); // + // Let's decide which categories we should display + // + $display_categories = array(); + + for ($i = 0; $i < $total_forums; $i++ ) + { + if ($is_auth_ary[$forum_data[$i]['forum_id']]['auth_view']) + { + $display_categories[$forum_data[$i]['cat_id']] = true; + } + } + + // // Okay, let's build the index // for($i = 0; $i < $total_categories; $i++) *************** *** 301,322 **** $cat_id = $category_rows[$i]['cat_id']; // - // Should we display this category/forum set? - // - $display_forums = false; - for($j = 0; $j < $total_forums; $j++) - { - if ( $is_auth_ary[$forum_data[$j]['forum_id']]['auth_view'] && $forum_data[$j]['cat_id'] == $cat_id ) - { - $display_forums = true; - } - } - - // // Yes, we should, so first dump out the category // title, then, if appropriate the forum list // ! if ( $display_forums ) { $template->assign_block_vars('catrow', array( 'CAT_ID' => $cat_id, --- 323,332 ---- $cat_id = $category_rows[$i]['cat_id']; // // Yes, we should, so first dump out the category // title, then, if appropriate the forum list // ! if (isset($display_categories[$cat_id]) && $display_categories[$cat_id]) { $template->assign_block_vars('catrow', array( 'CAT_ID' => $cat_id, diff -crN phpbb2017/language/lang_english/email/group_request.tpl phpbb2022/language/lang_english/email/group_request.tpl *** phpbb2017/language/lang_english/email/group_request.tpl Tue Jul 19 22:14:57 2005 --- phpbb2022/language/lang_english/email/group_request.tpl Tue Dec 19 18:29:15 2006 *************** *** 3,9 **** Dear {GROUP_MODERATOR}, ! A user has requested to join a group you moderator on {SITENAME}. To approve or deny this request for group membership please visit the following link: {U_GROUPCP} --- 3,9 ---- Dear {GROUP_MODERATOR}, ! A user has requested to join a group you moderate on {SITENAME}. To approve or deny this request for group membership please visit the following link: {U_GROUPCP} diff -crN phpbb2017/language/lang_english/email/topic_notify.tpl phpbb2022/language/lang_english/email/topic_notify.tpl *** phpbb2017/language/lang_english/email/topic_notify.tpl Tue Jul 19 22:14:57 2005 --- phpbb2022/language/lang_english/email/topic_notify.tpl Tue Dec 19 18:29:15 2006 *************** *** 1,7 **** Subject: Topic Reply Notification - {TOPIC_TITLE} Charset: iso-8859-1 ! Hello {USERNAME}, You are receiving this email because you are watching the topic, "{TOPIC_TITLE}" at {SITENAME}. This topic has received a reply since your last visit. You can use the following link to view the replies made, no more notifications will be sent until you visit the topic. --- 1,7 ---- Subject: Topic Reply Notification - {TOPIC_TITLE} Charset: iso-8859-1 ! Hello, You are receiving this email because you are watching the topic, "{TOPIC_TITLE}" at {SITENAME}. This topic has received a reply since your last visit. You can use the following link to view the replies made, no more notifications will be sent until you visit the topic. diff -crN phpbb2017/language/lang_english/email/user_activate_passwd.tpl phpbb2022/language/lang_english/email/user_activate_passwd.tpl *** phpbb2017/language/lang_english/email/user_activate_passwd.tpl Tue Jul 19 22:14:57 2005 --- phpbb2022/language/lang_english/email/user_activate_passwd.tpl Tue Dec 19 18:29:15 2006 *************** *** 9,15 **** {U_ACTIVATE} ! If sucessful you will be able to login using the following password: Password: {PASSWORD} --- 9,15 ---- {U_ACTIVATE} ! If successful you will be able to login using the following password: Password: {PASSWORD} diff -crN phpbb2017/language/lang_english/lang_admin.php phpbb2022/language/lang_english/lang_admin.php *** phpbb2017/language/lang_english/lang_admin.php Tue Jul 19 22:14:57 2005 --- phpbb2022/language/lang_english/lang_admin.php Tue Dec 19 18:29:15 2006 *************** *** 7,13 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: lang_admin.php,v 1.35.2.10 2005/02/21 18:38:17 acydburn Exp $ * ****************************************************************************/ --- 7,13 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: lang_admin.php,v 1.35.2.17 2006/02/05 15:59:48 grahamje Exp $ * ****************************************************************************/ *************** *** 335,340 **** --- 335,350 ---- $lang['Visual_confirm'] = 'Enable Visual Confirmation'; $lang['Visual_confirm_explain'] = 'Requires users enter a code defined by an image when registering.'; + // Autologin Keys - added 2.0.18 + $lang['Allow_autologin'] = 'Allow automatic logins'; + $lang['Allow_autologin_explain'] = 'Determines whether users are allowed to select to be automatically logged in when visiting the forum'; + $lang['Autologin_time'] = 'Automatic login key expiry'; + $lang['Autologin_time_explain'] = 'How long a autologin key is valid for in days if the user does not visit the board. Set to zero to disable expiry.'; + + // Search Flood Control - added 2.0.20 + $lang['Search_Flood_Interval'] = 'Search Flood Interval'; + $lang['Search_Flood_Interval_explain'] = 'Number of seconds a user must wait between search requests'; + // // Forum Management // *************** *** 419,424 **** --- 429,435 ---- $lang['smiley_del_success'] = 'The Smiley was successfully removed'; $lang['Click_return_smileadmin'] = 'Click %sHere%s to return to Smiley Administration'; + $lang['Confirm_delete_smiley'] = 'Are you sure you want to delete this Smiley?'; // // User Management *************** *** 512,517 **** --- 523,530 ---- $lang['Click_return_wordadmin'] = 'Click %sHere%s to return to Word Censor Administration'; + $lang['Confirm_delete_word'] = 'Are you sure you want to delete this word censor?'; + // // Mass Email *************** *** 551,556 **** --- 564,570 ---- $lang['Click_return_rankadmin'] = 'Click %sHere%s to return to Rank Administration'; + $lang['Confirm_delete_rank'] = 'Are you sure you want to delete this rank?'; // // Disallow Username Admin *************** *** 621,626 **** --- 635,641 ---- $lang['Save_Settings'] = 'Save Settings'; $lang['Stylesheet'] = 'CSS Stylesheet'; + $lang['Stylesheet_explain'] = 'Filename for CSS stylesheet to use for this theme.'; $lang['Background_image'] = 'Background Image'; $lang['Background_color'] = 'Background Colour'; $lang['Theme_name'] = 'Theme Name'; *************** *** 737,742 **** --- 752,765 ---- $lang['Version_information'] = 'Version Information'; // + // Login attempts configuration + // + $lang['Max_login_attempts'] = 'Allowed login attempts'; + $lang['Max_login_attempts_explain'] = 'The number of allowed board login attempts.'; + $lang['Login_reset_time'] = 'Login lock time'; + $lang['Login_reset_time_explain'] = 'Time in minutes the user have to wait until he is allowed to login again after exceeding the number of allowed login attempts.'; + + // // That's all Folks! // ------------------------------------------------- diff -crN phpbb2017/language/lang_english/lang_main.php phpbb2022/language/lang_english/lang_main.php *** phpbb2017/language/lang_english/lang_main.php Tue Jul 19 22:14:57 2005 --- phpbb2022/language/lang_english/lang_main.php Tue Dec 19 18:29:15 2006 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: lang_main.php,v 1.85.2.16 2005/05/06 20:50:13 acydburn Exp $ * ****************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: lang_main.php,v 1.85.2.22 2006/12/16 13:11:28 acydburn Exp $ * ****************************************************************************/ *************** *** 274,280 **** $lang['Back_to_top'] = 'Back to top'; $lang['Read_profile'] = 'View user\'s profile'; - $lang['Send_email'] = 'Send e-mail to user'; $lang['Visit_website'] = 'Visit poster\'s website'; $lang['ICQ_status'] = 'ICQ Status'; $lang['Edit_delete_post'] = 'Edit/Delete this post'; --- 274,279 ---- *************** *** 367,373 **** $lang['Attach_signature'] = 'Attach signature (signatures can be changed in profile)'; $lang['Notify'] = 'Notify me when a reply is posted'; - $lang['Delete_post'] = 'Delete this post'; $lang['Stored'] = 'Your message has been entered successfully.'; $lang['Deleted'] = 'Your message has been deleted successfully.'; --- 366,371 ---- *************** *** 527,536 **** $lang['Location'] = 'Location'; $lang['Contact'] = 'Contact'; $lang['Email_address'] = 'E-mail address'; - $lang['Email'] = 'E-mail'; $lang['Send_private_message'] = 'Send private message'; $lang['Hidden_email'] = '[ Hidden ]'; - $lang['Search_user_posts'] = 'Search for posts by this user'; $lang['Interests'] = 'Interests'; $lang['Occupation'] = 'Occupation'; $lang['Poster_rank'] = 'Poster rank'; --- 525,532 ---- *************** *** 604,610 **** $lang['Password_mismatch'] = 'The passwords you entered did not match.'; $lang['Current_password_mismatch'] = 'The current password you supplied does not match that stored in the database.'; $lang['Password_long'] = 'Your password must be no more than 32 characters.'; - $lang['Too_many_registers'] = 'You have made too many registration attempts. Please try again later.'; $lang['Username_taken'] = 'Sorry, but this username has already been taken.'; $lang['Username_invalid'] = 'Sorry, but this username contains an invalid character such as \'.'; $lang['Username_disallowed'] = 'Sorry, but this username has been disallowed.'; --- 600,605 ---- *************** *** 789,794 **** --- 784,790 ---- $lang['No_search_match'] = 'No topics or posts met your search criteria'; $lang['Found_search_match'] = 'Search found %d match'; // eg. Search found 1 match $lang['Found_search_matches'] = 'Search found %d matches'; // eg. Search found 24 matches + $lang['Search_Flood_Error'] = 'You cannot make another search so soon after your last; please try again in a short while.'; $lang['Close_window'] = 'Close Window'; *************** *** 1019,1024 **** --- 1015,1024 ---- $lang['A_critical_error'] = 'A Critical Error Occurred'; $lang['Admin_reauthenticate'] = 'To administer the board you must re-authenticate yourself.'; + $lang['Login_attempts_exceeded'] = 'The maximum number of %s login attempts has been exceeded. You are not allowed to login for the next %s minutes.'; + $lang['Please_remove_install_contrib'] = 'Please ensure both the install/ and contrib/ directories are deleted'; + + $lang['Session_invalid'] = 'Invalid Session. Please resubmit the form.'; // // That's all, Folks! diff -crN phpbb2017/login.php phpbb2022/login.php *** phpbb2017/login.php Tue Jul 19 22:14:58 2005 --- phpbb2022/login.php Tue Dec 19 18:29:16 2006 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: login.php,v 1.47.2.18 2005/05/06 20:50:10 acydburn Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: login.php,v 1.47.2.25 2006/12/16 13:11:24 acydburn Exp $ * * ***************************************************************************/ *************** *** 57,63 **** $username = isset($HTTP_POST_VARS['username']) ? phpbb_clean_username($HTTP_POST_VARS['username']) : ''; $password = isset($HTTP_POST_VARS['password']) ? $HTTP_POST_VARS['password'] : ''; ! $sql = "SELECT user_id, username, user_password, user_active, user_level FROM " . USERS_TABLE . " WHERE username = '" . str_replace("\\'", "''", $username) . "'"; if ( !($result = $db->sql_query($sql)) ) --- 57,63 ---- $username = isset($HTTP_POST_VARS['username']) ? phpbb_clean_username($HTTP_POST_VARS['username']) : ''; $password = isset($HTTP_POST_VARS['password']) ? $HTTP_POST_VARS['password'] : ''; ! $sql = "SELECT user_id, username, user_password, user_active, user_level, user_login_tries, user_last_login_try FROM " . USERS_TABLE . " WHERE username = '" . str_replace("\\'", "''", $username) . "'"; if ( !($result = $db->sql_query($sql)) ) *************** *** 73,78 **** --- 73,92 ---- } else { + // If the last login is more than x minutes ago, then reset the login tries/time + if ($row['user_last_login_try'] && $board_config['login_reset_time'] && $row['user_last_login_try'] < (time() - ($board_config['login_reset_time'] * 60))) + { + $db->sql_query('UPDATE ' . USERS_TABLE . ' SET user_login_tries = 0, user_last_login_try = 0 WHERE user_id = ' . $row['user_id']); + $row['user_last_login_try'] = $row['user_login_tries'] = 0; + } + + // Check to see if user is allowed to login again... if his tries are exceeded + if ($row['user_last_login_try'] && $board_config['login_reset_time'] && $board_config['max_login_attempts'] && + $row['user_last_login_try'] >= (time() - ($board_config['login_reset_time'] * 60)) && $row['user_login_tries'] >= $board_config['max_login_attempts'] && $userdata['user_level'] != ADMIN) + { + message_die(GENERAL_MESSAGE, sprintf($lang['Login_attempts_exceeded'], $board_config['max_login_attempts'], $board_config['login_reset_time'])); + } + if( md5($password) == $row['user_password'] && $row['user_active'] ) { $autologin = ( isset($HTTP_POST_VARS['autologin']) ) ? TRUE : 0; *************** *** 80,85 **** --- 94,102 ---- $admin = (isset($HTTP_POST_VARS['admin'])) ? 1 : 0; $session_id = session_begin($row['user_id'], $user_ip, PAGE_INDEX, FALSE, $autologin, $admin); + // Reset login tries + $db->sql_query('UPDATE ' . USERS_TABLE . ' SET user_login_tries = 0, user_last_login_try = 0 WHERE user_id = ' . $row['user_id']); + if( $session_id ) { $url = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : "index.$phpEx"; *************** *** 90,113 **** message_die(CRITICAL_ERROR, "Couldn't start session : login", "", __LINE__, __FILE__); } } ! else { ! $redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : ''; ! $redirect = str_replace('?', '&', $redirect); ! ! if (strstr(urldecode($redirect), "\n") || strstr(urldecode($redirect), "\r")) { ! message_die(GENERAL_ERROR, 'Tried to redirect to potentially insecure url.'); } ! $template->assign_vars(array( ! 'META' => "") ! ); ! ! $message = $lang['Error_login'] . '

' . sprintf($lang['Click_return_login'], "", '') . '

' . sprintf($lang['Click_return_index'], '', ''); ! message_die(GENERAL_MESSAGE, $message); } } } else --- 107,140 ---- message_die(CRITICAL_ERROR, "Couldn't start session : login", "", __LINE__, __FILE__); } } ! // Only store a failed login attempt for an active user - inactive users can't login even with a correct password ! elseif( $row['user_active'] ) { ! // Save login tries and last login ! if ($row['user_id'] != ANONYMOUS) { ! $sql = 'UPDATE ' . USERS_TABLE . ' ! SET user_login_tries = user_login_tries + 1, user_last_login_try = ' . time() . ' ! WHERE user_id = ' . $row['user_id']; ! $db->sql_query($sql); } + } ! $redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : ''; ! $redirect = str_replace('?', '&', $redirect); ! if (strstr(urldecode($redirect), "\n") || strstr(urldecode($redirect), "\r") || strstr(urldecode($redirect), ';url')) ! { ! message_die(GENERAL_ERROR, 'Tried to redirect to potentially insecure url.'); } + + $template->assign_vars(array( + 'META' => "") + ); + + $message = $lang['Error_login'] . '

' . sprintf($lang['Click_return_login'], "", '') . '

' . sprintf($lang['Click_return_index'], '', ''); + + message_die(GENERAL_MESSAGE, $message); } } else *************** *** 115,121 **** $redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : ""; $redirect = str_replace("?", "&", $redirect); ! if (strstr(urldecode($redirect), "\n") || strstr(urldecode($redirect), "\r")) { message_die(GENERAL_ERROR, 'Tried to redirect to potentially insecure url.'); } --- 142,148 ---- $redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : ""; $redirect = str_replace("?", "&", $redirect); ! if (strstr(urldecode($redirect), "\n") || strstr(urldecode($redirect), "\r") || strstr(urldecode($redirect), ';url')) { message_die(GENERAL_ERROR, 'Tried to redirect to potentially insecure url.'); } *************** *** 131,136 **** --- 158,169 ---- } else if( ( isset($HTTP_GET_VARS['logout']) || isset($HTTP_POST_VARS['logout']) ) && $userdata['session_logged_in'] ) { + // session id check + if ($sid == '' || $sid != $userdata['session_id']) + { + message_die(GENERAL_ERROR, 'Invalid_session'); + } + if( $userdata['session_logged_in'] ) { session_end($userdata['session_id'], $userdata['user_id']); *************** *** 168,173 **** --- 201,208 ---- 'body' => 'login_body.tpl') ); + $forward_page = ''; + if( isset($HTTP_POST_VARS['redirect']) || isset($HTTP_GET_VARS['redirect']) ) { $forward_to = $HTTP_SERVER_VARS['QUERY_STRING']; *************** *** 179,186 **** if(count($forward_match) > 1) { - $forward_page = ''; - for($i = 1; $i < count($forward_match); $i++) { if( !ereg("sid=", $forward_match[$i]) ) --- 214,219 ---- *************** *** 200,216 **** } } } - else - { - $forward_page = ''; - } $username = ( $userdata['user_id'] != ANONYMOUS ) ? $userdata['username'] : ''; $s_hidden_fields = ''; $s_hidden_fields .= (isset($HTTP_GET_VARS['admin'])) ? '' : ''; ! make_jumpbox('viewforum.'.$phpEx, $forum_id); $template->assign_vars(array( 'USERNAME' => $username, --- 233,245 ---- } } } $username = ( $userdata['user_id'] != ANONYMOUS ) ? $userdata['username'] : ''; $s_hidden_fields = ''; $s_hidden_fields .= (isset($HTTP_GET_VARS['admin'])) ? '' : ''; ! make_jumpbox('viewforum.'.$phpEx); $template->assign_vars(array( 'USERNAME' => $username, diff -crN phpbb2017/memberlist.php phpbb2022/memberlist.php *** phpbb2017/memberlist.php Tue Jul 19 22:14:58 2005 --- phpbb2022/memberlist.php Tue Dec 19 18:29:16 2006 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: memberlist.php,v 1.36.2.10 2004/07/11 16:46:15 acydburn Exp $ * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: memberlist.php,v 1.36.2.13 2006/12/16 13:11:24 acydburn Exp $ * ***************************************************************************/ *************** *** 34,39 **** --- 34,40 ---- // $start = ( isset($HTTP_GET_VARS['start']) ) ? intval($HTTP_GET_VARS['start']) : 0; + $start = ($start < 0) ? 0 : $start; if ( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) ) { *************** *** 61,67 **** // Memberlist sorting // $mode_types_text = array($lang['Sort_Joined'], $lang['Sort_Username'], $lang['Sort_Location'], $lang['Sort_Posts'], $lang['Sort_Email'], $lang['Sort_Website'], $lang['Sort_Top_Ten']); ! $mode_types = array('joindate', 'username', 'location', 'posts', 'email', 'website', 'topten'); $select_sort_mode = ''; for($i = 0; $i < count($mode_types_text); $i++) *************** *** 228,235 **** $yim = ( $row['user_yim'] ) ? '' . $lang['YIM'] . '' : ''; $temp_url = append_sid("search.$phpEx?search_author=" . urlencode($username) . "&showresults=posts"); ! $search_img = '' . $lang['Search_user_posts'] . ''; ! $search = '' . $lang['Search_user_posts'] . ''; $row_color = ( !($i % 2) ) ? $theme['td_color1'] : $theme['td_color2']; $row_class = ( !($i % 2) ) ? $theme['td_class1'] : $theme['td_class2']; --- 229,236 ---- $yim = ( $row['user_yim'] ) ? '' . $lang['YIM'] . '' : ''; $temp_url = append_sid("search.$phpEx?search_author=" . urlencode($username) . "&showresults=posts"); ! $search_img = '' . sprintf($lang['Search_user_posts'], $username) . ''; ! $search = '' . sprintf($lang['Search_user_posts'], $username) . ''; $row_color = ( !($i % 2) ) ? $theme['td_color1'] : $theme['td_color2']; $row_class = ( !($i % 2) ) ? $theme['td_class1'] : $theme['td_class2']; diff -crN phpbb2017/modcp.php phpbb2022/modcp.php *** phpbb2017/modcp.php Tue Jul 19 22:14:58 2005 --- phpbb2022/modcp.php Tue Dec 19 18:29:16 2006 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: modcp.php,v 1.71.2.26 2005/06/26 12:03:46 acydburn Exp $ * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: modcp.php,v 1.71.2.29 2006/12/16 13:11:24 acydburn Exp $ * ***************************************************************************/ *************** *** 71,76 **** --- 71,77 ---- // Continue var definitions // $start = ( isset($HTTP_GET_VARS['start']) ) ? intval($HTTP_GET_VARS['start']) : 0; + $start = ($start < 0) ? 0 : $start; $delete = ( isset($HTTP_POST_VARS['delete']) ) ? TRUE : FALSE; $move = ( isset($HTTP_POST_VARS['move']) ) ? TRUE : FALSE; *************** *** 222,228 **** case 'delete': if (!$is_auth['auth_delete']) { ! message_die(MESSAGE, sprintf($lang['Sorry_auth_delete'], $is_auth['auth_delete_type'])); } $page_title = $lang['Mod_CP']; --- 223,229 ---- case 'delete': if (!$is_auth['auth_delete']) { ! message_die(GENERAL_MESSAGE, sprintf($lang['Sorry_auth_delete'], $is_auth['auth_delete_type'])); } $page_title = $lang['Mod_CP']; *************** *** 230,235 **** --- 231,241 ---- if ( $confirm ) { + if ( empty($HTTP_POST_VARS['topic_id_list']) && empty($topic_id) ) + { + message_die(GENERAL_MESSAGE, $lang['None_selected']); + } + include($phpbb_root_path . 'includes/functions_search.'.$phpEx); $topics = ( isset($HTTP_POST_VARS['topic_id_list']) ) ? $HTTP_POST_VARS['topic_id_list'] : array($topic_id); *************** *** 256,261 **** --- 262,272 ---- } $db->sql_freeresult($result); + if ( $topic_id_sql == '') + { + message_die(GENERAL_MESSAGE, $lang['None_selected']); + } + $sql = "SELECT poster_id, COUNT(post_id) AS posts FROM " . POSTS_TABLE . " WHERE topic_id IN ($topic_id_sql) *************** *** 737,742 **** --- 748,758 ---- } $db->sql_freeresult($result); + if ($post_id_sql == '') + { + message_die(GENERAL_MESSAGE, $lang['None_selected']); + } + $sql = "SELECT post_id, poster_id, topic_id, post_time FROM " . POSTS_TABLE . " WHERE post_id IN ($post_id_sql) *************** *** 987,993 **** } $ip_this_post = decode_ip($post_row['poster_ip']); ! $ip_this_post = ( $rdns_ip_num == $ip_this_post ) ? gethostbyaddr($ip_this_post) : $ip_this_post; $poster_id = $post_row['poster_id']; --- 1003,1009 ---- } $ip_this_post = decode_ip($post_row['poster_ip']); ! $ip_this_post = ( $rdns_ip_num == $ip_this_post ) ? htmlspecialchars(gethostbyaddr($ip_this_post)) : $ip_this_post; $poster_id = $post_row['poster_id']; *************** *** 1033,1039 **** } $ip = decode_ip($row['poster_ip']); ! $ip = ( $rdns_ip_num == $row['poster_ip'] || $rdns_ip_num == 'all') ? gethostbyaddr($ip) : $ip; $row_color = ( !($i % 2) ) ? $theme['td_color1'] : $theme['td_color2']; $row_class = ( !($i % 2) ) ? $theme['td_class1'] : $theme['td_class2']; --- 1049,1055 ---- } $ip = decode_ip($row['poster_ip']); ! $ip = ( $rdns_ip_num == $row['poster_ip'] || $rdns_ip_num == 'all') ? htmlspecialchars(gethostbyaddr($ip)) : $ip; $row_color = ( !($i % 2) ) ? $theme['td_color1'] : $theme['td_color2']; $row_class = ( !($i % 2) ) ? $theme['td_class1'] : $theme['td_class2']; *************** *** 1085,1091 **** 'L_SEARCH_POSTS' => sprintf($lang['Search_user_posts'], $username), 'U_PROFILE' => ($id == ANONYMOUS) ? "modcp.$phpEx?mode=ip&" . POST_POST_URL . "=" . $post_id . "&" . POST_TOPIC_URL . "=" . $topic_id . "&sid=" . $userdata['session_id'] : append_sid("profile.$phpEx?mode=viewprofile&" . POST_USERS_URL . "=$id"), ! 'U_SEARCHPOSTS' => append_sid("search.$phpEx?search_author=" . urlencode($username) . "&showresults=topics")) ); $i++; --- 1101,1107 ---- 'L_SEARCH_POSTS' => sprintf($lang['Search_user_posts'], $username), 'U_PROFILE' => ($id == ANONYMOUS) ? "modcp.$phpEx?mode=ip&" . POST_POST_URL . "=" . $post_id . "&" . POST_TOPIC_URL . "=" . $topic_id . "&sid=" . $userdata['session_id'] : append_sid("profile.$phpEx?mode=viewprofile&" . POST_USERS_URL . "=$id"), ! 'U_SEARCHPOSTS' => append_sid("search.$phpEx?search_author=" . (($id == ANONYMOUS) ? 'Anonymous' : urlencode($username)) . "&showresults=topics")) ); $i++; diff -crN phpbb2017/posting.php phpbb2022/posting.php *** phpbb2017/posting.php Tue Jul 19 22:14:58 2005 --- phpbb2022/posting.php Tue Dec 19 18:29:16 2006 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: posting.php,v 1.159.2.23 2005/05/06 20:50:10 acydburn Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: posting.php,v 1.159.2.30 2006/12/16 13:11:24 acydburn Exp $ * * ***************************************************************************/ *************** *** 44,49 **** --- 44,50 ---- } $confirm = isset($HTTP_POST_VARS['confirm']) ? true : false; + $sid = (isset($HTTP_POST_VARS['sid'])) ? $HTTP_POST_VARS['sid'] : 0; $params = array('forum_id' => POST_FORUM_URL, 'topic_id' => POST_TOPIC_URL, 'post_id' => POST_POST_URL); while( list($var, $param) = @each($params) ) *************** *** 59,69 **** --- 60,72 ---- } $refresh = $preview || $poll_add || $poll_edit || $poll_delete; + $orig_word = $replacement_word = array(); // // Set topic type // $topic_type = ( !empty($HTTP_POST_VARS['topictype']) ) ? intval($HTTP_POST_VARS['topictype']) : POST_NORMAL; + $topic_type = ( in_array($topic_type, array(POST_NORMAL, POST_STICKY, POST_ANNOUNCE)) ) ? $topic_type : POST_NORMAL; // // If the mode is set to topic review then output *************** *** 189,195 **** message_die(GENERAL_MESSAGE, $lang['No_topic_id']); } ! $sql = "SELECT f.*, t.topic_status, t.topic_title FROM " . FORUMS_TABLE . " f, " . TOPICS_TABLE . " t WHERE t.topic_id = $topic_id AND f.forum_id = t.forum_id"; --- 192,198 ---- message_die(GENERAL_MESSAGE, $lang['No_topic_id']); } ! $sql = "SELECT f.*, t.topic_status, t.topic_title, t.topic_type FROM " . FORUMS_TABLE . " f, " . TOPICS_TABLE . " t WHERE t.topic_id = $topic_id AND f.forum_id = t.forum_id"; *************** *** 204,210 **** message_die(GENERAL_MESSAGE, $lang['No_post_id']); } ! $select_sql = ( !$submit ) ? ", t.topic_title, p.enable_bbcode, p.enable_html, p.enable_smilies, p.enable_sig, p.post_username, pt.post_subject, pt.post_text, pt.bbcode_uid, u.username, u.user_id, u.user_sig" : ''; $from_sql = ( !$submit ) ? ", " . POSTS_TEXT_TABLE . " pt, " . USERS_TABLE . " u" : ''; $where_sql = ( !$submit ) ? "AND pt.post_id = p.post_id AND u.user_id = p.poster_id" : ''; --- 207,213 ---- message_die(GENERAL_MESSAGE, $lang['No_post_id']); } ! $select_sql = (!$submit) ? ', t.topic_title, p.enable_bbcode, p.enable_html, p.enable_smilies, p.enable_sig, p.post_username, pt.post_subject, pt.post_text, pt.bbcode_uid, u.username, u.user_id, u.user_sig, u.user_sig_bbcode_uid' : ''; $from_sql = ( !$submit ) ? ", " . POSTS_TEXT_TABLE . " pt, " . USERS_TABLE . " u" : ''; $where_sql = ( !$submit ) ? "AND pt.post_id = p.post_id AND u.user_id = p.poster_id" : ''; *************** *** 220,228 **** message_die(GENERAL_MESSAGE, $lang['No_valid_mode']); } ! if ( $result = $db->sql_query($sql) ) { - $post_info = $db->sql_fetchrow($result); $db->sql_freeresult($result); $forum_id = $post_info['forum_id']; --- 223,230 ---- message_die(GENERAL_MESSAGE, $lang['No_valid_mode']); } ! if ( ($result = $db->sql_query($sql)) && ($post_info = $db->sql_fetchrow($result)) ) { $db->sql_freeresult($result); $forum_id = $post_info['forum_id']; *************** *** 312,323 **** --- 314,333 ---- { $topic_id = $post_info['topic_id']; } + if ( $mode == 'newtopic' ) + { + $post_data['topic_type'] = POST_NORMAL; + } $post_data['first_post'] = ( $mode == 'newtopic' ) ? true : 0; $post_data['last_post'] = false; $post_data['has_poll'] = false; $post_data['edit_poll'] = false; } + if ( $mode == 'poll_delete' && !isset($poll_id) ) + { + message_die(GENERAL_MESSAGE, $lang['No_such_post']); + } } else { *************** *** 421,426 **** --- 431,437 ---- // $s_hidden_fields = ''; $s_hidden_fields .= ( $delete || $mode == "delete" ) ? '' : ''; + $s_hidden_fields .= ''; $l_confirm = ( $delete || $mode == 'delete' ) ? $lang['Confirm_delete'] : $lang['Confirm_delete_poll']; *************** *** 532,537 **** --- 543,554 ---- $return_message = ''; $return_meta = ''; + // session id check + if ($sid == '' || $sid != $userdata['session_id']) + { + $error_msg .= (!empty($error_msg)) ? '
' . $lang['Session_invalid'] : $lang['Session_invalid']; + } + switch ( $mode ) { case 'editpost': *************** *** 557,562 **** --- 574,584 ---- case 'delete': case 'poll_delete': + if ($error_msg != '') + { + message_die(GENERAL_MESSAGE, $error_msg); + } + delete_post($mode, $post_data, $return_message, $return_meta, $forum_id, $topic_id, $post_id, $poll_id); break; } *************** *** 617,623 **** } else if ( !empty($option_text) ) { ! $poll_options[$option_id] = htmlspecialchars(trim(stripslashes($option_text))); } } } --- 639,645 ---- } else if ( !empty($option_text) ) { ! $poll_options[intval($option_id)] = htmlspecialchars(trim(stripslashes($option_text))); } } } *************** *** 634,639 **** --- 656,662 ---- else if ( $mode == 'editpost' ) { $user_sig = ( $post_info['user_sig'] != '' && $board_config['allow_sig'] ) ? $post_info['user_sig'] : ''; + $userdata['user_sig_bbcode_uid'] = $post_info['user_sig_bbcode_uid']; } if( $preview ) *************** *** 918,923 **** --- 941,947 ---- } $hidden_form_fields = ''; + $hidden_form_fields .= ''; switch( $mode ) { diff -crN phpbb2017/privmsg.php phpbb2022/privmsg.php *** phpbb2017/privmsg.php Tue Jul 19 22:14:58 2005 --- phpbb2022/privmsg.php Tue Dec 19 18:29:16 2006 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: privmsg.php,v 1.96.2.40 2005/07/19 20:01:19 acydburn Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: privmsg.php,v 1.96.2.50 2006/12/16 13:11:25 acydburn Exp $ * * ***************************************************************************/ *************** *** 35,42 **** message_die(GENERAL_MESSAGE, 'PM_disabled'); } ! $html_entities_match = array('#&(?!(\#[0-9]+;))#', '#<#', '#>#'); ! $html_entities_replace = array('&', '<', '>'); // // Parameters --- 35,42 ---- message_die(GENERAL_MESSAGE, 'PM_disabled'); } ! $html_entities_match = array('#&(?!(\#[0-9]+;))#', '#<#', '#>#', '#"#'); ! $html_entities_replace = array('&', '<', '>', '"'); // // Parameters *************** *** 50,55 **** --- 50,56 ---- $delete = ( isset($HTTP_POST_VARS['delete']) ) ? TRUE : 0; $delete_all = ( isset($HTTP_POST_VARS['deleteall']) ) ? TRUE : 0; $save = ( isset($HTTP_POST_VARS['save']) ) ? TRUE : 0; + $sid = (isset($HTTP_POST_VARS['sid'])) ? $HTTP_POST_VARS['sid'] : 0; $refresh = $preview || $submit_search; *************** *** 101,106 **** --- 102,108 ---- } $start = ( !empty($HTTP_GET_VARS['start']) ) ? intval($HTTP_GET_VARS['start']) : 0; + $start = ($start < 0) ? 0 : $start; if ( isset($HTTP_POST_VARS[POST_POST_URL]) || isset($HTTP_GET_VARS[POST_POST_URL]) ) { *************** *** 295,301 **** if ( $sent_info = $db->sql_fetchrow($result) ) { ! if ( $sent_info['sent_items'] >= $board_config['max_sentbox_privmsgs'] ) { $sql = "SELECT privmsgs_id FROM " . PRIVMSGS_TABLE . " WHERE privmsgs_type = " . PRIVMSGS_SENT_MAIL . " --- 297,303 ---- if ( $sent_info = $db->sql_fetchrow($result) ) { ! if ($board_config['max_sentbox_privmsgs'] && $sent_info['sent_items'] >= $board_config['max_sentbox_privmsgs']) { $sql = "SELECT privmsgs_id FROM " . PRIVMSGS_TABLE . " WHERE privmsgs_type = " . PRIVMSGS_SENT_MAIL . " *************** *** 537,544 **** $yim = ( $privmsg['user_yim'] ) ? '' . $lang['YIM'] . '' : ''; $temp_url = append_sid("search.$phpEx?search_author=" . urlencode($username_from) . "&showresults=posts"); ! $search_img = '' . $lang['Search_user_posts'] . ''; ! $search = '' . $lang['Search_user_posts'] . ''; // // Processing of post --- 539,546 ---- $yim = ( $privmsg['user_yim'] ) ? '' . $lang['YIM'] . '' : ''; $temp_url = append_sid("search.$phpEx?search_author=" . urlencode($username_from) . "&showresults=posts"); ! $search_img = '' . sprintf($lang['Search_user_posts'], $username_from) . ''; ! $search = '' . sprintf($lang['Search_user_posts'], $username_from) . ''; // // Processing of post *************** *** 911,917 **** if ( $saved_info = $db->sql_fetchrow($result) ) { ! if ( $saved_info['savebox_items'] >= $board_config['max_savebox_privmsgs'] ) { $sql = "SELECT privmsgs_id FROM " . PRIVMSGS_TABLE . " WHERE ( ( privmsgs_to_userid = " . $userdata['user_id'] . " --- 913,919 ---- if ( $saved_info = $db->sql_fetchrow($result) ) { ! if ($board_config['max_savebox_privmsgs'] && $saved_info['savebox_items'] >= $board_config['max_savebox_privmsgs'] ) { $sql = "SELECT privmsgs_id FROM " . PRIVMSGS_TABLE . " WHERE ( ( privmsgs_to_userid = " . $userdata['user_id'] . " *************** *** 1138,1145 **** --- 1140,1175 ---- // } + if ($submit && $mode == 'edit') + { + $sql = 'SELECT privmsgs_from_userid + FROM ' . PRIVMSGS_TABLE . ' + WHERE privmsgs_id = ' . (int) $privmsg_id . ' + AND privmsgs_from_userid = ' . $userdata['user_id']; + + if (!($result = $db->sql_query($sql))) + { + message_die(GENERAL_ERROR, "Could not obtain message details", "", __LINE__, __FILE__, $sql); + } + + if (!($row = $db->sql_fetchrow($result))) + { + message_die(GENERAL_MESSAGE, $lang['No_such_post']); + } + $db->sql_freeresult($result); + + unset($row); + } + if ( $submit ) { + // session id check + if ($sid == '' || $sid != $userdata['session_id']) + { + $error = true; + $error_msg .= ( ( !empty($error_msg) ) ? '
' : '' ) . $lang['Session_invalid']; + } + if ( !empty($HTTP_POST_VARS['username']) ) { $to_username = phpbb_clean_username($HTTP_POST_VARS['username']); *************** *** 1154,1160 **** $error_msg = $lang['No_such_user']; } ! $to_userdata = $db->sql_fetchrow($result); } else { --- 1184,1194 ---- $error_msg = $lang['No_such_user']; } ! if (!($to_userdata = $db->sql_fetchrow($result))) ! { ! $error = TRUE; ! $error_msg = $lang['No_such_user']; ! } } else { *************** *** 1162,1168 **** $error_msg .= ( ( !empty($error_msg) ) ? '
' : '' ) . $lang['No_to_user']; } ! $privmsg_subject = trim(strip_tags($HTTP_POST_VARS['subject'])); if ( empty($privmsg_subject) ) { $error = TRUE; --- 1196,1202 ---- $error_msg .= ( ( !empty($error_msg) ) ? '
' : '' ) . $lang['No_to_user']; } ! $privmsg_subject = trim(htmlspecialchars($HTTP_POST_VARS['subject'])); if ( empty($privmsg_subject) ) { $error = TRUE; *************** *** 1222,1228 **** if ( $inbox_info = $db->sql_fetchrow($result) ) { ! if ( $inbox_info['inbox_items'] >= $board_config['max_inbox_privmsgs'] ) { $sql = "SELECT privmsgs_id FROM " . PRIVMSGS_TABLE . " WHERE ( privmsgs_type = " . PRIVMSGS_NEW_MAIL . " --- 1256,1262 ---- if ( $inbox_info = $db->sql_fetchrow($result) ) { ! if ($board_config['max_inbox_privmsgs'] && $inbox_info['inbox_items'] >= $board_config['max_inbox_privmsgs']) { $sql = "SELECT privmsgs_id FROM " . PRIVMSGS_TABLE . " WHERE ( privmsgs_type = " . PRIVMSGS_NEW_MAIL . " *************** *** 1284,1290 **** if ( !$db->sql_query($sql, END_TRANSACTION) ) { ! message_die(GENERAL_ERROR, "Could not insert/update private message sent text.", "", __LINE__, __FILE__, $sql_info); } if ( $mode != 'edit' ) --- 1318,1324 ---- if ( !$db->sql_query($sql, END_TRANSACTION) ) { ! message_die(GENERAL_ERROR, "Could not insert/update private message sent text.", "", __LINE__, __FILE__, $sql); } if ( $mode != 'edit' ) *************** *** 1319,1325 **** $emailer->set_subject($lang['Notification_subject']); $emailer->assign_vars(array( ! 'USERNAME' => $to_username, 'SITENAME' => $board_config['sitename'], 'EMAIL_SIG' => (!empty($board_config['board_email_sig'])) ? str_replace('
', "\n", "-- \n" . $board_config['board_email_sig']) : '', --- 1353,1359 ---- $emailer->set_subject($lang['Notification_subject']); $emailer->assign_vars(array( ! 'USERNAME' => stripslashes($to_username), 'SITENAME' => $board_config['sitename'], 'EMAIL_SIG' => (!empty($board_config['board_email_sig'])) ? str_replace('
', "\n", "-- \n" . $board_config['board_email_sig']) : '', *************** *** 1349,1357 **** // $to_username = (isset($HTTP_POST_VARS['username']) ) ? trim(htmlspecialchars(stripslashes($HTTP_POST_VARS['username']))) : ''; ! $privmsg_subject = ( isset($HTTP_POST_VARS['subject']) ) ? trim(strip_tags(stripslashes($HTTP_POST_VARS['subject']))) : ''; $privmsg_message = ( isset($HTTP_POST_VARS['message']) ) ? trim($HTTP_POST_VARS['message']) : ''; ! $privmsg_message = preg_replace('##si', '</textarea>', $privmsg_message); $user_sig = ( $board_config['allow_sig'] ) ? (($privmsg['privmsgs_type'] == PRIVMSGS_NEW_MAIL) ? $user_sig : $privmsg['user_sig']) : ''; --- 1489,1495 ---- } $privmsg_message = str_replace('
', "\n", $privmsg_message); ! // $privmsg_message = preg_replace('##si', '</textarea>', $privmsg_message); $user_sig = ( $board_config['allow_sig'] ) ? (($privmsg['privmsgs_type'] == PRIVMSGS_NEW_MAIL) ? $user_sig : $privmsg['user_sig']) : ''; *************** *** 1483,1489 **** --- 1516,1526 ---- redirect(append_sid("privmsg.$phpEx?folder=$folder", true)); } + $orig_word = $replacement_word = array(); + obtain_word_list($orig_word, $replacement_word); + $privmsg_subject = ( ( !preg_match('/^Re:/', $privmsg['privmsgs_subject']) ) ? 'Re: ' : '' ) . $privmsg['privmsgs_subject']; + $privmsg_subject = preg_replace($orig_word, $replacement_word, $privmsg_subject); $to_username = $privmsg['username']; $to_userid = $privmsg['user_id']; *************** *** 1495,1501 **** $privmsg_message = preg_replace("/\:(([a-z0-9]:)?)$privmsg_bbcode_uid/si", '', $privmsg_message); $privmsg_message = str_replace('
', "\n", $privmsg_message); ! $privmsg_message = preg_replace('##si', '</textarea>', $privmsg_message); $msg_date = create_date($board_config['default_dateformat'], $privmsg['privmsgs_date'], $board_config['board_timezone']); --- 1532,1539 ---- $privmsg_message = preg_replace("/\:(([a-z0-9]:)?)$privmsg_bbcode_uid/si", '', $privmsg_message); $privmsg_message = str_replace('
', "\n", $privmsg_message); ! // $privmsg_message = preg_replace('##si', '</textarea>', $privmsg_message); ! $privmsg_message = preg_replace($orig_word, $replacement_word, $privmsg_message); $msg_date = create_date($board_config['default_dateformat'], $privmsg['privmsgs_date'], $board_config['board_timezone']); *************** *** 1506,1512 **** } else { ! $privmsg_subject = $privmsg_message = ''; } } --- 1544,1550 ---- } else { ! $privmsg_subject = $privmsg_message = $to_username = ''; } } *************** *** 1621,1626 **** --- 1659,1665 ---- // if ($error) { + $privmsg_message = htmlspecialchars($privmsg_message); $template->set_filenames(array( 'reg_header' => 'error_body.tpl') ); *************** *** 1707,1712 **** --- 1746,1752 ---- $s_hidden_fields = ''; $s_hidden_fields .= ''; + $s_hidden_fields .= ''; if ( $mode == 'edit' ) { $s_hidden_fields .= ''; *************** *** 1717,1725 **** // generate_smilies('inline', PAGE_PRIVMSGS); - $privmsg_subject = preg_replace($html_entities_match, $html_entities_replace, $privmsg_subject); - $privmsg_subject = str_replace('"', '"', $privmsg_subject); - $template->assign_vars(array( 'SUBJECT' => $privmsg_subject, 'USERNAME' => $to_username, --- 1757,1762 ---- *************** *** 1799,1805 **** 'S_BBCODE_CHECKED' => ( !$bbcode_on ) ? ' checked="checked"' : '', 'S_SMILIES_CHECKED' => ( !$smilies_on ) ? ' checked="checked"' : '', 'S_SIGNATURE_CHECKED' => ( $attach_sig ) ? ' checked="checked"' : '', - 'S_NAMES_SELECT' => $user_names_select, 'S_HIDDEN_FORM_FIELDS' => $s_hidden_fields, 'S_POST_ACTION' => append_sid("privmsg.$phpEx"), --- 1836,1841 ---- diff -crN phpbb2017/profile.php phpbb2022/profile.php *** phpbb2017/profile.php Tue Jul 19 22:14:58 2005 --- phpbb2022/profile.php Tue Dec 19 18:29:16 2006 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: profile.php,v 1.193.2.5 2004/11/18 17:49:37 acydburn Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: profile.php,v 1.193.2.7 2006/04/09 16:17:27 grahamje Exp $ * * ***************************************************************************/ *************** *** 60,77 **** // function gen_rand_string($hash) { ! $chars = array( 'a', 'A', 'b', 'B', 'c', 'C', 'd', 'D', 'e', 'E', 'f', 'F', 'g', 'G', 'h', 'H', 'i', 'I', 'j', 'J', 'k', 'K', 'l', 'L', 'm', 'M', 'n', 'N', 'o', 'O', 'p', 'P', 'q', 'Q', 'r', 'R', 's', 'S', 't', 'T', 'u', 'U', 'v', 'V', 'w', 'W', 'x', 'X', 'y', 'Y', 'z', 'Z', '1', '2', '3', '4', '5', '6', '7', '8', '9', '0'); ! ! $max_chars = count($chars) - 1; ! srand( (double) microtime()*1000000); ! ! $rand_str = ''; ! for($i = 0; $i < 8; $i++) ! { ! $rand_str = ( $i == 0 ) ? $chars[rand(0, $max_chars)] : $rand_str . $chars[rand(0, $max_chars)]; ! } ! return ( $hash ) ? md5($rand_str) : $rand_str; } // // End page specific functions --- 60,68 ---- // function gen_rand_string($hash) { ! $rand_str = dss_rand(); ! return ( $hash ) ? md5($rand_str) : substr($rand_str, 0, 8); } // // End page specific functions diff -crN phpbb2017/search.php phpbb2022/search.php *** phpbb2017/search.php Tue Jul 19 22:14:58 2005 --- phpbb2022/search.php Tue Dec 19 18:29:16 2006 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: search.php,v 1.72.2.16 2005/03/15 18:34:34 acydburn Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: search.php,v 1.72.2.21 2006/12/16 13:11:25 acydburn Exp $ * * ***************************************************************************/ *************** *** 118,123 **** --- 118,124 ---- } $start = ( isset($HTTP_GET_VARS['start']) ) ? intval($HTTP_GET_VARS['start']) : 0; + $start = ($start < 0) ? 0 : $start; $sort_by_types = array($lang['Sort_Time'], $lang['Sort_Post_Subject'], $lang['Sort_Topic_Title'], $lang['Sort_Author'], $lang['Sort_Forum']); *************** *** 153,164 **** --- 154,184 ---- // // Search ID Limiter, decrease this value if you experience further timeout problems with searching forums $limiter = 5000; + $current_time = time(); // // Cycle through options ... // if ( $search_id == 'newposts' || $search_id == 'egosearch' || $search_id == 'unanswered' || $search_keywords != '' || $search_author != '' ) { + // + // Flood control + // + $where_sql = ($userdata['user_id'] == ANONYMOUS) ? "se.session_ip = '$user_ip'" : 'se.session_user_id = ' . $userdata['user_id']; + $sql = 'SELECT MAX(sr.search_time) AS last_search_time + FROM ' . SEARCH_TABLE . ' sr, ' . SESSIONS_TABLE . " se + WHERE sr.session_id = se.session_id + AND $where_sql"; + if ($result = $db->sql_query($sql)) + { + if ($row = $db->sql_fetchrow($result)) + { + if (intval($row['last_search_time']) > 0 && ($current_time - intval($row['last_search_time'])) < intval($board_config['search_flood_interval'])) + { + message_die(GENERAL_MESSAGE, $lang['Search_Flood_Error']); + } + } + } if ( $search_id == 'newposts' || $search_id == 'egosearch' || ( $search_author != '' && $search_keywords == '' ) ) { if ( $search_id == 'newposts' ) *************** *** 197,209 **** } else { ! if (preg_match('#^[\*%]+$#', trim($search_author)) || preg_match('#^[^\*]{1,2}$#', str_replace(array('*', '%'), '', trim($search_author)))) { $search_author = ''; } - $search_author = str_replace('*', '%', trim($search_author)); - $sql = "SELECT user_id FROM " . USERS_TABLE . " WHERE username LIKE '" . str_replace("\'", "''", $search_author) . "'"; --- 217,229 ---- } else { ! $search_author = str_replace('*', '%', trim($search_author)); ! ! if( ( strpos($search_author, '%') !== false ) && ( strlen(str_replace('%', '', $search_author)) < $board_config['search_min_chars'] ) ) { $search_author = ''; } $sql = "SELECT user_id FROM " . USERS_TABLE . " WHERE username LIKE '" . str_replace("\'", "''", $search_author) . "'"; *************** *** 257,263 **** $synonym_array = @file($phpbb_root_path . 'language/lang_' . $board_config['default_lang'] . '/search_synonyms.txt'); $split_search = array(); ! $split_search = ( !strstr($multibyte_charset, $lang['ENCODING']) ) ? split_words(clean_words('search', stripslashes($search_keywords), $stopword_array, $synonym_array), 'search') : split(' ', $search_keywords); $search_msg_only = ( !$search_fields ) ? "AND m.title_match = 0" : ( ( strstr($multibyte_charset, $lang['ENCODING']) ) ? '' : '' ); --- 277,285 ---- $synonym_array = @file($phpbb_root_path . 'language/lang_' . $board_config['default_lang'] . '/search_synonyms.txt'); $split_search = array(); ! $stripped_keywords = stripslashes($search_keywords); ! $split_search = ( !strstr($multibyte_charset, $lang['ENCODING']) ) ? split_words(clean_words('search', $stripped_keywords, $stopword_array, $synonym_array), 'search') : split(' ', $search_keywords); ! unset($stripped_keywords); $search_msg_only = ( !$search_fields ) ? "AND m.title_match = 0" : ( ( strstr($multibyte_charset, $lang['ENCODING']) ) ? '' : '' ); *************** *** 269,275 **** for($i = 0; $i < count($split_search); $i++) { ! if (preg_match('#^[\*%]+$#', trim($split_search[$i])) || preg_match('#^[^\*]{1,2}$#', str_replace(array('*', '%'), '', trim($split_search[$i])))) { $split_search[$i] = ''; continue; --- 291,297 ---- for($i = 0; $i < count($split_search); $i++) { ! if ( strlen(str_replace(array('*', '%'), '', trim($split_search[$i]))) < $board_config['search_min_chars'] ) { $split_search[$i] = ''; continue; *************** *** 418,429 **** // if ( $search_author != '' ) { ! if (preg_match('#^[\*%]+$#', trim($search_author)) || preg_match('#^[^\*]{1,2}$#', str_replace(array('*', '%'), '', trim($search_author)))) { $search_author = ''; } - - $search_author = str_replace('*', '%', trim(str_replace("\'", "''", $search_author))); } if ( $total_match_count ) --- 440,451 ---- // if ( $search_author != '' ) { ! $search_author = str_replace('*', '%', trim($search_author)); ! ! if( ( strpos($search_author, '%') !== false ) && ( strlen(str_replace('%', '', $search_author)) < $board_config['search_min_chars'] ) ) { $search_author = ''; } } if ( $total_match_count ) *************** *** 627,654 **** } // ! // Finish building query (for all combinations) ! // and run it ... // ! $sql = "SELECT session_id ! FROM " . SESSIONS_TABLE; ! if ( $result = $db->sql_query($sql) ) { ! $delete_search_ids = array(); ! while( $row = $db->sql_fetchrow($result) ) ! { ! $delete_search_ids[] = "'" . $row['session_id'] . "'"; ! } ! ! if ( count($delete_search_ids) ) ! { ! $sql = "DELETE FROM " . SEARCH_TABLE . " ! WHERE session_id NOT IN (" . implode(", ", $delete_search_ids) . ")"; ! if ( !$result = $db->sql_query($sql) ) ! { ! message_die(GENERAL_ERROR, 'Could not delete old search id sessions', '', __LINE__, __FILE__, $sql); ! } ! } } // --- 649,661 ---- } // ! // Delete old data from the search result table // ! $sql = 'DELETE FROM ' . SEARCH_TABLE . ' ! WHERE search_time < ' . ($current_time - (int) $board_config['session_length']); ! if ( !$result = $db->sql_query($sql) ) { ! message_die(GENERAL_ERROR, 'Could not delete old search id sessions', '', __LINE__, __FILE__, $sql); } // *************** *** 689,700 **** $search_id = mt_rand(); $sql = "UPDATE " . SEARCH_TABLE . " ! SET search_id = $search_id, search_array = '" . str_replace("\'", "''", $result_array) . "' WHERE session_id = '" . $userdata['session_id'] . "'"; if ( !($result = $db->sql_query($sql)) || !$db->sql_affectedrows() ) { ! $sql = "INSERT INTO " . SEARCH_TABLE . " (search_id, session_id, search_array) ! VALUES($search_id, '" . $userdata['session_id'] . "', '" . str_replace("\'", "''", $result_array) . "')"; if ( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, 'Could not insert search results', '', __LINE__, __FILE__, $sql); --- 696,707 ---- $search_id = mt_rand(); $sql = "UPDATE " . SEARCH_TABLE . " ! SET search_id = $search_id, search_time = $current_time, search_array = '" . str_replace("\'", "''", $result_array) . "' WHERE session_id = '" . $userdata['session_id'] . "'"; if ( !($result = $db->sql_query($sql)) || !$db->sql_affectedrows() ) { ! $sql = "INSERT INTO " . SEARCH_TABLE . " (search_id, session_id, search_time, search_array) ! VALUES($search_id, '" . $userdata['session_id'] . "', $current_time, '" . str_replace("\'", "''", $result_array) . "')"; if ( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, 'Could not insert search results', '', __LINE__, __FILE__, $sql); *************** *** 1301,1307 **** $sql = "SELECT c.cat_title, c.cat_id, f.forum_name, f.forum_id FROM " . CATEGORIES_TABLE . " c, " . FORUMS_TABLE . " f WHERE f.cat_id = c.cat_id ! ORDER BY c.cat_id, f.forum_order"; $result = $db->sql_query($sql); if ( !$result ) { --- 1308,1314 ---- $sql = "SELECT c.cat_title, c.cat_id, f.forum_name, f.forum_id FROM " . CATEGORIES_TABLE . " c, " . FORUMS_TABLE . " f WHERE f.cat_id = c.cat_id ! ORDER BY c.cat_order, f.forum_order"; $result = $db->sql_query($sql); if ( !$result ) { diff -crN phpbb2017/templates/subSilver/admin/board_config_body.tpl phpbb2022/templates/subSilver/admin/board_config_body.tpl *** phpbb2017/templates/subSilver/admin/board_config_body.tpl Tue Jul 19 22:14:57 2005 --- phpbb2022/templates/subSilver/admin/board_config_body.tpl Tue Dec 19 18:29:15 2006 *************** *** 40,45 **** --- 40,53 ---- {L_YES}   {L_NO} + {L_ALLOW_AUTOLOGIN}
{L_ALLOW_AUTOLOGIN_EXPLAIN} + {L_YES}   {L_NO} + + + {L_AUTOLOGIN_TIME}
{L_AUTOLOGIN_TIME_EXPLAIN} + + + {L_BOARD_EMAIL_FORM}
{L_BOARD_EMAIL_FORM_EXPLAIN} {L_ENABLED}   {L_DISABLED} *************** *** 48,53 **** --- 56,73 ---- + {L_SEARCH_FLOOD_INTERVAL}
{L_SEARCH_FLOOD_INTERVAL_EXPLAIN} + + + + {L_MAX_LOGIN_ATTEMPTS}
{L_MAX_LOGIN_ATTEMPTS_EXPLAIN} + + + + {L_LOGIN_RESET_TIME}
{L_LOGIN_RESET_TIME_EXPLAIN} + + + {L_TOPICS_PER_PAGE} diff -crN phpbb2017/templates/subSilver/admin/confirm_body.tpl phpbb2022/templates/subSilver/admin/confirm_body.tpl *** phpbb2017/templates/subSilver/admin/confirm_body.tpl Thu Jan 1 01:00:00 1970 --- phpbb2022/templates/subSilver/admin/confirm_body.tpl Tue Dec 19 18:29:16 2006 *************** *** 0 **** --- 1,11 ---- + + + + + + + + +
{MESSAGE_TITLE}

{MESSAGE_TEXT}

{S_HIDDEN_FIELDS}  
+ +
diff -crN phpbb2017/templates/subSilver/admin/forum_admin_body.tpl phpbb2022/templates/subSilver/admin/forum_admin_body.tpl *** phpbb2017/templates/subSilver/admin/forum_admin_body.tpl Tue Jul 19 22:14:57 2005 --- phpbb2022/templates/subSilver/admin/forum_admin_body.tpl Tue Dec 19 18:29:15 2006 *************** *** 13,19 **** {L_EDIT} {L_DELETE} {L_MOVE_UP} {L_MOVE_DOWN} !   --- 13,19 ---- {L_EDIT} {L_DELETE} {L_MOVE_UP} {L_MOVE_DOWN} !   diff -crN phpbb2017/templates/subSilver/admin/index_body.tpl phpbb2022/templates/subSilver/admin/index_body.tpl *** phpbb2017/templates/subSilver/admin/index_body.tpl Tue Jul 19 22:14:57 2005 --- phpbb2022/templates/subSilver/admin/index_body.tpl Tue Dec 19 18:29:15 2006 *************** *** 43,48 **** --- 43,55 ---- {GZIP_COMPRESSION} + +

{L_VERSION_INFORMATION}

+ + {VERSION_INFO} + +
+

{L_WHO_IS_ONLINE}

*************** *** 77,85 ****

- -

{L_VERSION_INFORMATION}

- - {VERSION_INFO} - -
--- 84,86 ---- diff -crN phpbb2017/templates/subSilver/admin/index_frameset.tpl phpbb2022/templates/subSilver/admin/index_frameset.tpl *** phpbb2017/templates/subSilver/admin/index_frameset.tpl Tue Jul 19 22:14:57 2005 --- phpbb2022/templates/subSilver/admin/index_frameset.tpl Tue Dec 19 18:29:15 2006 *************** *** 1,4 **** ! phpBB Administration --- 1,4 ---- ! phpBB Administration diff -crN phpbb2017/templates/subSilver/admin/page_header.tpl phpbb2022/templates/subSilver/admin/page_header.tpl *** phpbb2017/templates/subSilver/admin/page_header.tpl Tue Jul 19 22:14:57 2005 --- phpbb2022/templates/subSilver/admin/page_header.tpl Tue Dec 19 18:29:15 2006 *************** *** 1,5 **** ! {META} --- 1,5 ---- ! {META} diff -crN phpbb2017/templates/subSilver/admin/styles_addnew_body.tpl phpbb2022/templates/subSilver/admin/styles_addnew_body.tpl *** phpbb2017/templates/subSilver/admin/styles_addnew_body.tpl Tue Jul 19 22:14:57 2005 --- phpbb2022/templates/subSilver/admin/styles_addnew_body.tpl Tue Dec 19 18:29:15 2006 *************** *** 1,7 ****

{L_STYLES_TITLE}

!

{L_STYLES_ADD_TEXT}

--- 1,7 ----

{L_STYLES_TITLE}

!

{L_STYLES_ADD_TEXT}

*************** *** 16,19 **** !
{L_INSTALL}
--- 16,19 ---- {L_INSTALL} ! diff -crN phpbb2017/templates/subSilver/admin/styles_edit_body.tpl phpbb2022/templates/subSilver/admin/styles_edit_body.tpl *** phpbb2017/templates/subSilver/admin/styles_edit_body.tpl Tue Jul 19 22:14:57 2005 --- phpbb2022/templates/subSilver/admin/styles_edit_body.tpl Tue Dec 19 18:29:15 2006 *************** *** 21,27 **** {L_SIMPLE_NAME} ! {L_STYLESHEET}:
Filename for CSS stylesheet to use for this theme.   --- 21,27 ---- {L_SIMPLE_NAME} ! {L_STYLESHEET}:
{L_STYLESHEET_EXPLAIN}   diff -crN phpbb2017/templates/subSilver/admin/styles_list_body.tpl phpbb2022/templates/subSilver/admin/styles_list_body.tpl *** phpbb2017/templates/subSilver/admin/styles_list_body.tpl Tue Jul 19 22:14:57 2005 --- phpbb2022/templates/subSilver/admin/styles_list_body.tpl Tue Dec 19 18:29:16 2006 *************** *** 1,7 ****

{L_STYLES_TITLE}

!

{L_STYLES_TEXT}

--- 1,7 ----

{L_STYLES_TITLE}

!

{L_STYLES_TEXT}

*************** *** 18,21 **** !
{L_DELETE}
--- 18,21 ---- {L_DELETE} ! diff -crN phpbb2017/templates/subSilver/admin/user_edit_body.tpl phpbb2022/templates/subSilver/admin/user_edit_body.tpl *** phpbb2017/templates/subSilver/admin/user_edit_body.tpl Tue Jul 19 22:14:57 2005 --- phpbb2022/templates/subSilver/admin/user_edit_body.tpl Tue Dec 19 18:29:16 2006 *************** *** 236,242 **** {L_UPLOAD_AVATAR_URL} ! --- 236,242 ---- {L_UPLOAD_AVATAR_URL} ! *************** *** 244,250 **** {L_LINK_REMOTE_AVATAR} ! --- 244,250 ---- {L_LINK_REMOTE_AVATAR} ! diff -crN phpbb2017/templates/subSilver/bbcode.tpl phpbb2022/templates/subSilver/bbcode.tpl *** phpbb2017/templates/subSilver/bbcode.tpl Tue Jul 19 22:14:57 2005 --- phpbb2022/templates/subSilver/bbcode.tpl Tue Dec 19 18:29:16 2006 *************** *** 57,60 **** {DESCRIPTION} ! {EMAIL} --- 57,60 ---- {DESCRIPTION} ! {EMAIL} diff -crN phpbb2017/templates/subSilver/confirm_body.tpl phpbb2022/templates/subSilver/confirm_body.tpl *** phpbb2017/templates/subSilver/confirm_body.tpl Tue Jul 19 22:14:57 2005 --- phpbb2022/templates/subSilver/confirm_body.tpl Tue Dec 19 18:29:16 2006 *************** *** 7,13 **** ! --- 7,13 ----
{MESSAGE_TITLE}

{MESSAGE_TEXT}

{S_HIDDEN_FIELDS}  
! diff -crN phpbb2017/templates/subSilver/groupcp_info_body.tpl phpbb2022/templates/subSilver/groupcp_info_body.tpl *** phpbb2017/templates/subSilver/groupcp_info_body.tpl Tue Jul 19 22:14:57 2005 --- phpbb2022/templates/subSilver/groupcp_info_body.tpl Tue Dec 19 18:29:16 2006 *************** *** 33,39 **** !
{MESSAGE_TITLE}

{MESSAGE_TEXT}

{S_HIDDEN_FIELDS}  
{L_GROUP_TYPE}: {L_GROUP_OPEN}    {L_GROUP_CLOSED}    {L_GROUP_HIDDEN}   
--- 33,39 ---- {L_GROUP_TYPE}: ! {L_GROUP_OPEN}    {L_GROUP_CLOSED}    {L_GROUP_HIDDEN}    *************** *** 99,106 **** ! ! --- 99,106 ---- ! ! diff -crN phpbb2017/templates/subSilver/index_body.tpl phpbb2022/templates/subSilver/index_body.tpl *** phpbb2017/templates/subSilver/index_body.tpl Tue Jul 19 22:14:57 2005 --- phpbb2022/templates/subSilver/index_body.tpl Tue Dec 19 18:29:16 2006 *************** *** 41,47 **** !
{L_MARK_FORUMS_READ} {S_TIMEZONE}
--- 41,51 ---- !
! ! {L_MARK_FORUMS_READ} ! ! {S_TIMEZONE}
*************** *** 77,84 **** --- 81,90 ----    {L_PASSWORD}: +      {L_AUTO_LOGIN} +     diff -crN phpbb2017/templates/subSilver/login_body.tpl phpbb2022/templates/subSilver/login_body.tpl *** phpbb2017/templates/subSilver/login_body.tpl Tue Jul 19 22:14:57 2005 --- phpbb2022/templates/subSilver/login_body.tpl Tue Dec 19 18:29:16 2006 *************** *** 28,36 **** --- 28,38 ---- + {L_AUTO_LOGIN}: + {S_HIDDEN_FIELDS} diff -crN phpbb2017/templates/subSilver/overall_header.tpl phpbb2022/templates/subSilver/overall_header.tpl *** phpbb2017/templates/subSilver/overall_header.tpl Tue Jul 19 22:14:57 2005 --- phpbb2022/templates/subSilver/overall_header.tpl Tue Dec 19 18:29:16 2006 *************** *** 232,242 **** {SITENAME}
{SITE_DESCRIPTION}
  ! --- 232,242 ----
 {L_FAQ}{L_FAQ}   {L_SEARCH}{L_SEARCH}   {L_MEMBERLIST}{L_MEMBERLIST}   {L_USERGROUPS}{L_USERGROUPS}  !  {L_REGISTER}{L_REGISTER}  !
 {L_PROFILE}{L_PROFILE}   {PRIVATE_MESSAGE_INFO}{PRIVATE_MESSAGE_INFO}   {L_LOGIN_LOGOUT}{L_LOGIN_LOGOUT} {SITENAME}
{SITE_DESCRIPTION}
  ! diff -crN phpbb2017/templates/subSilver/posting_body.tpl phpbb2022/templates/subSilver/posting_body.tpl *** phpbb2017/templates/subSilver/posting_body.tpl Tue Jul 19 22:14:57 2005 --- phpbb2022/templates/subSilver/posting_body.tpl Tue Dec 19 18:29:16 2006 *************** *** 372,378 **** !  {L_FONT_SIZE}:  {L_FONT_SIZE}: --- 77,131 ---- diff -crN phpbb2017/templates/subSilver/search_body.tpl phpbb2022/templates/subSilver/search_body.tpl *** phpbb2017/templates/subSilver/search_body.tpl Tue Jul 19 22:14:58 2005 --- phpbb2022/templates/subSilver/search_body.tpl Tue Dec 19 18:29:16 2006 *************** *** 31,37 **** ! --- 31,37 ---- ! diff -crN phpbb2017/templates/subSilver/search_results_posts.tpl phpbb2022/templates/subSilver/search_results_posts.tpl *** phpbb2017/templates/subSilver/search_results_posts.tpl Tue Jul 19 22:14:57 2005 --- phpbb2022/templates/subSilver/search_results_posts.tpl Tue Dec 19 18:29:16 2006 *************** *** 18,24 **** ! !
 {L_FAQ}{L_FAQ}   {L_SEARCH}{L_SEARCH}   {L_MEMBERLIST}{L_MEMBERLIST}   {L_USERGROUPS}{L_USERGROUPS}  !  {L_REGISTER}{L_REGISTER}  !
 {L_PROFILE}{L_PROFILE}   {PRIVATE_MESSAGE_INFO}{PRIVATE_MESSAGE_INFO}   {L_LOGIN_LOGOUT}{L_LOGIN_LOGOUT} 
{L_ICQ_NUMBER}: !
{L_AIM}: !
{L_MESSENGER}: !
{L_YAHOO}: !
{L_WEBSITE}: !
{L_LOCATION}: !
{L_OCCUPATION}: !
{L_INTERESTS}: !
{L_SIGNATURE}:
{L_SIGNATURE_EXPLAIN}

{HTML_STATUS}
{BBCODE_STATUS}
{SMILIES_STATUS}		 !
{L_ICQ_NUMBER}: !
{L_AIM}: !
{L_MESSENGER}: !
{L_YAHOO}: !
{L_WEBSITE}: !
{L_LOCATION}: !
{L_OCCUPATION}: !
{L_INTERESTS}: !
{L_SIGNATURE}:
{L_SIGNATURE_EXPLAIN}

{HTML_STATUS}
{BBCODE_STATUS}
{SMILIES_STATUS}		 !
{L_SORT_BY}: 
{L_SORT_ASCENDING}
{L_SORT_DESCENDING} 
{L_DISPLAY_RESULTS}:  {L_SORT_BY}: 
{L_SORT_ASCENDING}
{L_SORT_DESCENDING} 
{L_DISPLAY_RESULTS}: 
  {L_TOPIC}: {searchresults.TOPIC_TITLE}
{searchresults.POSTER_NAME}
--- 18,24 ----
  {L_TOPIC}: {searchresults.TOPIC_TITLE}
{searchresults.POSTER_NAME}
diff -crN phpbb2017/templates/subSilver/subSilver.cfg phpbb2022/templates/subSilver/subSilver.cfg *** phpbb2017/templates/subSilver/subSilver.cfg Tue Jul 19 22:14:58 2005 --- phpbb2022/templates/subSilver/subSilver.cfg Tue Dec 19 18:29:16 2006 *************** *** 8,14 **** // // ** subSilver dev. forum: www.subSky.com/phpBB2/ ** // ! // $Id: subSilver.cfg,v 1.11 2002/02/04 18:31:15 psotfx Exp $ // // Please note that to enable support of different languages // the {LANG} place holder is available. This will be replaced --- 8,14 ---- // // ** subSilver dev. forum: www.subSky.com/phpBB2/ ** // ! // $Id: subSilver.cfg,v 1.11.2.1 2005/10/08 19:41:31 grahamje Exp $ // // Please note that to enable support of different languages // the {LANG} place holder is available. This will be replaced *************** *** 77,83 **** $images['pm_new_msg'] = ""; $images['pm_no_new_msg'] = ""; ! $images['topic_watch'] = ""; $images['topic_un_watch'] = ""; $images['topic_mod_lock'] = "$current_template_images/topic_lock.gif"; $images['topic_mod_unlock'] = "$current_template_images/topic_unlock.gif"; --- 77,83 ---- $images['pm_new_msg'] = ""; $images['pm_no_new_msg'] = ""; ! $images['Topic_watch'] = ""; $images['topic_un_watch'] = ""; $images['topic_mod_lock'] = "$current_template_images/topic_lock.gif"; $images['topic_mod_unlock'] = "$current_template_images/topic_unlock.gif"; diff -crN phpbb2017/viewforum.php phpbb2022/viewforum.php *** phpbb2017/viewforum.php Tue Jul 19 22:14:58 2005 --- phpbb2022/viewforum.php Tue Dec 19 18:29:16 2006 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: viewforum.php,v 1.139.2.12 2004/03/13 15:08:23 acydburn Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: viewforum.php,v 1.139.2.13 2006/12/16 13:11:25 acydburn Exp $ * * ***************************************************************************/ *************** *** 42,47 **** --- 42,48 ---- } $start = ( isset($HTTP_GET_VARS['start']) ) ? intval($HTTP_GET_VARS['start']) : 0; + $start = ($start < 0) ? 0 : $start; if ( isset($HTTP_GET_VARS['mark']) || isset($HTTP_POST_VARS['mark']) ) { diff -crN phpbb2017/viewtopic.php phpbb2022/viewtopic.php *** phpbb2017/viewtopic.php Tue Jul 19 22:14:58 2005 --- phpbb2022/viewtopic.php Tue Dec 19 18:29:16 2006 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: viewtopic.php,v 1.186.2.43 2005/07/19 20:01:21 acydburn Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: viewtopic.php,v 1.186.2.47 2006/12/16 13:11:25 acydburn Exp $ * * ***************************************************************************/ *************** *** 46,53 **** $start = ( isset($HTTP_GET_VARS['start']) ) ? intval($HTTP_GET_VARS['start']) : 0; ! if ( !isset($topic_id) && !isset($post_id) ) { message_die(GENERAL_MESSAGE, 'Topic_post_not_exist'); } --- 46,54 ---- $start = ( isset($HTTP_GET_VARS['start']) ) ? intval($HTTP_GET_VARS['start']) : 0; + $start = ($start < 0) ? 0 : $start; ! if (!$topic_id && !$post_id) { message_die(GENERAL_MESSAGE, 'Topic_post_not_exist'); } *************** *** 114,119 **** --- 115,121 ---- WHERE t2.topic_id = $topic_id AND t.forum_id = t2.forum_id + AND t.topic_moved_id = 0 AND t.topic_last_post_id $sql_condition t2.topic_last_post_id ORDER BY t.topic_last_post_id $sql_ordering LIMIT 1"; *************** *** 139,149 **** // also allows for direct linking to a post (and the calculation of which // page the post is on and the correct display of viewtopic) // ! $join_sql_table = ( empty($post_id) ) ? '' : ", " . POSTS_TABLE . " p, " . POSTS_TABLE . " p2 "; ! $join_sql = ( empty($post_id) ) ? "t.topic_id = $topic_id" : "p.post_id = $post_id AND t.topic_id = p.topic_id AND p2.topic_id = p.topic_id AND p2.post_id <= $post_id"; ! $count_sql = ( empty($post_id) ) ? '' : ", COUNT(p2.post_id) AS prev_posts"; ! $order_sql = ( empty($post_id) ) ? '' : "GROUP BY p.post_id, t.topic_id, t.topic_title, t.topic_status, t.topic_replies, t.topic_time, t.topic_type, t.topic_vote, t.topic_last_post_id, f.forum_name, f.forum_status, f.forum_id, f.auth_view, f.auth_read, f.auth_post, f.auth_reply, f.auth_edit, f.auth_delete, f.auth_sticky, f.auth_announce, f.auth_pollcreate, f.auth_vote, f.auth_attachments ORDER BY p.post_id ASC"; $sql = "SELECT t.topic_id, t.topic_title, t.topic_status, t.topic_replies, t.topic_time, t.topic_type, t.topic_vote, t.topic_last_post_id, f.forum_name, f.forum_status, f.forum_id, f.auth_view, f.auth_read, f.auth_post, f.auth_reply, f.auth_edit, f.auth_delete, f.auth_sticky, f.auth_announce, f.auth_pollcreate, f.auth_vote, f.auth_attachments" . $count_sql . " FROM " . TOPICS_TABLE . " t, " . FORUMS_TABLE . " f" . $join_sql_table . " --- 141,151 ---- // also allows for direct linking to a post (and the calculation of which // page the post is on and the correct display of viewtopic) // ! $join_sql_table = (!$post_id) ? '' : ", " . POSTS_TABLE . " p, " . POSTS_TABLE . " p2 "; ! $join_sql = (!$post_id) ? "t.topic_id = $topic_id" : "p.post_id = $post_id AND t.topic_id = p.topic_id AND p2.topic_id = p.topic_id AND p2.post_id <= $post_id"; ! $count_sql = (!$post_id) ? '' : ", COUNT(p2.post_id) AS prev_posts"; ! $order_sql = (!$post_id) ? '' : "GROUP BY p.post_id, t.topic_id, t.topic_title, t.topic_status, t.topic_replies, t.topic_time, t.topic_type, t.topic_vote, t.topic_last_post_id, f.forum_name, f.forum_status, f.forum_id, f.auth_view, f.auth_read, f.auth_post, f.auth_reply, f.auth_edit, f.auth_delete, f.auth_sticky, f.auth_announce, f.auth_pollcreate, f.auth_vote, f.auth_attachments ORDER BY p.post_id ASC"; $sql = "SELECT t.topic_id, t.topic_title, t.topic_status, t.topic_replies, t.topic_time, t.topic_type, t.topic_vote, t.topic_last_post_id, f.forum_name, f.forum_status, f.forum_id, f.auth_view, f.auth_read, f.auth_post, f.auth_reply, f.auth_edit, f.auth_delete, f.auth_sticky, f.auth_announce, f.auth_pollcreate, f.auth_vote, f.auth_attachments" . $count_sql . " FROM " . TOPICS_TABLE . " t, " . FORUMS_TABLE . " f" . $join_sql_table . " *************** *** 181,188 **** { if ( !$userdata['session_logged_in'] ) { ! $redirect = ( isset($post_id) ) ? POST_POST_URL . "=$post_id" : POST_TOPIC_URL . "=$topic_id"; ! $redirect .= ( isset($start) ) ? "&start=$start" : ''; redirect(append_sid("login.$phpEx?redirect=viewtopic.$phpEx&$redirect", true)); } --- 183,190 ---- { if ( !$userdata['session_logged_in'] ) { ! $redirect = ($post_id) ? POST_POST_URL . "=$post_id" : POST_TOPIC_URL . "=$topic_id"; ! $redirect .= ($start) ? "&start=$start" : ''; redirect(append_sid("login.$phpEx?redirect=viewtopic.$phpEx&$redirect", true)); } *************** *** 199,205 **** $topic_id = intval($forum_topic_data['topic_id']); $topic_time = $forum_topic_data['topic_time']; ! if ( !empty($post_id) ) { $start = floor(($forum_topic_data['prev_posts'] - 1) / intval($board_config['posts_per_page'])) * intval($board_config['posts_per_page']); } --- 201,207 ---- $topic_id = intval($forum_topic_data['topic_id']); $topic_time = $forum_topic_data['topic_time']; ! if ($post_id) { $start = floor(($forum_topic_data['prev_posts'] - 1) / intval($board_config['posts_per_page'])) * intval($board_config['posts_per_page']); } *************** *** 489,495 **** { if (trim($words[$i]) != '') { ! $highlight_match .= (($highlight_match != '') ? '|' : '') . str_replace('*', '\w*', phpbb_preg_quote($words[$i], '#')); } } unset($words); --- 491,497 ---- { if (trim($words[$i]) != '') { ! $highlight_match .= (($highlight_match != '') ? '|' : '') . str_replace('*', '\w*', preg_quote($words[$i], '#')); } } unset($words); *************** *** 989,995 **** $quote = '' . $lang['Reply_with_quote'] . ''; $temp_url = append_sid("search.$phpEx?search_author=" . urlencode($postrow[$i]['username']) . "&showresults=posts"); ! $search_img = '' . $lang['Search_user_posts'] . ''; $search = '' . sprintf($lang['Search_user_posts'], $postrow[$i]['username']) . ''; if ( ( $userdata['user_id'] == $poster_id && $is_auth['auth_edit'] ) || $is_auth['auth_mod'] ) --- 991,997 ---- $quote = '' . $lang['Reply_with_quote'] . ''; $temp_url = append_sid("search.$phpEx?search_author=" . urlencode($postrow[$i]['username']) . "&showresults=posts"); ! $search_img = '' . sprintf($lang['Search_user_posts'], $postrow[$i]['username']) . ''; $search = '' . sprintf($lang['Search_user_posts'], $postrow[$i]['username']) . ''; if ( ( $userdata['user_id'] == $poster_id && $is_auth['auth_edit'] ) || $is_auth['auth_mod'] ) *************** *** 1065,1081 **** // // Parse message and/or sig for BBCode if reqd // ! if ( $board_config['allow_bbcode'] ) { ! if ( $user_sig != '' && $user_sig_bbcode_uid != '' ) ! { ! $user_sig = ( $board_config['allow_bbcode'] ) ? bbencode_second_pass($user_sig, $user_sig_bbcode_uid) : preg_replace('/\:[0-9a-z\:]+\]/si', ']', $user_sig); ! } ! if ( $bbcode_uid != '' ) ! { ! $message = ( $board_config['allow_bbcode'] ) ? bbencode_second_pass($message, $bbcode_uid) : preg_replace('/\:[0-9a-z\:]+\]/si', ']', $message); ! } } if ( $user_sig != '' ) --- 1067,1080 ---- // // Parse message and/or sig for BBCode if reqd // ! if ($user_sig != '' && $user_sig_bbcode_uid != '') { ! $user_sig = ($board_config['allow_bbcode']) ? bbencode_second_pass($user_sig, $user_sig_bbcode_uid) : preg_replace("/\:$user_sig_bbcode_uid/si", '', $user_sig); ! } ! if ($bbcode_uid != '') ! { ! $message = ($board_config['allow_bbcode']) ? bbencode_second_pass($message, $bbcode_uid) : preg_replace("/\:$bbcode_uid/si", '', $message); } if ( $user_sig != '' ) *************** *** 1105,1113 **** // if ($highlight_match) { ! // This was shamelessly 'borrowed' from volker at multiartstudio dot de ! // via php.net's annotated manual ! $message = str_replace('\"', '"', substr(@preg_replace('#(\>(((?>([^><]+|(?R)))*)\<))#se', "@preg_replace('#\b(" . str_replace('\\', '\\\\', addslashes($highlight_match)) . ")\b#i', '\\\\1', '\\0')", '>' . $message . '<'), 1, -1)); } // --- 1104,1111 ---- // if ($highlight_match) { ! // This has been back-ported from 3.0 CVS ! $message = preg_replace('#(?!<.*)(?]*>)#i', '\1', $message); } //