diff -crN phpbb201/admin/admin_board.php phpbb2017/admin/admin_board.php *** phpbb201/admin/admin_board.php Sat Jul 10 20:16:15 2004 --- phpbb2017/admin/admin_board.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_board.php,v 1.51.2.1 2002/05/12 00:47:39 psotfx Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_board.php,v 1.51.2.9 2004/11/18 17:49:33 acydburn Exp $ * * ***************************************************************************/ *************** *** 16,22 **** if( !empty($setmodules) ) { $file = basename(__FILE__); ! $module['General']['Configuration'] = "$file?mode=config"; return; } --- 16,22 ---- if( !empty($setmodules) ) { $file = basename(__FILE__); ! $module['General']['Configuration'] = "$file"; return; } *************** *** 43,52 **** { $config_name = $row['config_name']; $config_value = $row['config_value']; ! $default_config[$config_name] = $config_value; $new[$config_name] = ( isset($HTTP_POST_VARS[$config_name]) ) ? $HTTP_POST_VARS[$config_name] : $default_config[$config_name]; if( isset($HTTP_POST_VARS['submit']) ) { $sql = "UPDATE " . CONFIG_TABLE . " SET --- 43,57 ---- { $config_name = $row['config_name']; $config_value = $row['config_value']; ! $default_config[$config_name] = isset($HTTP_POST_VARS['submit']) ? str_replace("'", "\'", $config_value) : $config_value; $new[$config_name] = ( isset($HTTP_POST_VARS[$config_name]) ) ? $HTTP_POST_VARS[$config_name] : $default_config[$config_name]; + if ($config_name == 'cookie_name') + { + $cookie_name = str_replace('.', '_', $new['cookie_name']); + } + if( isset($HTTP_POST_VARS['submit']) ) { $sql = "UPDATE " . CONFIG_TABLE . " SET *************** *** 68,74 **** } $style_select = style_select($new['default_style'], 'default_style', "../templates"); ! $lang_select = language_select($new['default_lang'], 'default_lang', "../language"); $timezone_select = tz_select($new['board_timezone'], 'board_timezone'); $disable_board_yes = ( $new['board_disable'] ) ? "checked=\"checked\"" : ""; --- 73,79 ---- } $style_select = style_select($new['default_style'], 'default_style', "../templates"); ! $lang_select = language_select($new['default_lang'], 'default_lang', "language"); $timezone_select = tz_select($new['board_timezone'], 'board_timezone'); $disable_board_yes = ( $new['board_disable'] ) ? "checked=\"checked\"" : ""; *************** *** 92,97 **** --- 97,105 ---- $activation_user = ( $new['require_activation'] == USER_ACTIVATION_SELF ) ? "checked=\"checked\"" : ""; $activation_admin = ( $new['require_activation'] == USER_ACTIVATION_ADMIN ) ? "checked=\"checked\"" : ""; + $confirm_yes = ($new['enable_confirm']) ? 'checked="checked"' : ''; + $confirm_no = (!$new['enable_confirm']) ? 'checked="checked"' : ''; + $board_email_form_yes = ( $new['board_email_form'] ) ? "checked=\"checked\"" : ""; $board_email_form_no = ( !$new['board_email_form'] ) ? "checked=\"checked\"" : ""; *************** *** 155,160 **** --- 163,170 ---- "L_NONE" => $lang['Acc_None'], "L_USER" => $lang['Acc_User'], "L_ADMIN" => $lang['Acc_Admin'], + "L_VISUAL_CONFIRM" => $lang['Visual_confirm'], + "L_VISUAL_CONFIRM_EXPLAIN" => $lang['Visual_confirm_explain'], "L_COOKIE_SETTINGS" => $lang['Cookie_settings'], "L_COOKIE_SETTINGS_EXPLAIN" => $lang['Cookie_settings_explain'], "L_COOKIE_DOMAIN" => $lang['Cookie_domain'], *************** *** 242,247 **** --- 252,260 ---- "ACTIVATION_USER_CHECKED" => $activation_user, "ACTIVATION_ADMIN" => USER_ACTIVATION_ADMIN, "ACTIVATION_ADMIN_CHECKED" => $activation_admin, + "CONFIRM_ENABLE" => $confirm_yes, + "CONFIRM_DISABLE" => $confirm_no, + "ACTIVATION_NONE_CHECKED" => $activation_none, "BOARD_EMAIL_FORM_ENABLE" => $board_email_form_yes, "BOARD_EMAIL_FORM_DISABLE" => $board_email_form_no, "MAX_POLL_OPTIONS" => $new['max_poll_options'], diff -crN phpbb201/admin/admin_db_utilities.php phpbb2017/admin/admin_db_utilities.php *** phpbb201/admin/admin_db_utilities.php Sat Jul 10 20:16:15 2004 --- phpbb2017/admin/admin_db_utilities.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_db_utilities.php,v 1.42.2.3 2002/05/13 22:00:37 the_systech Exp $ * ****************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_db_utilities.php,v 1.42.2.11 2005/02/21 18:36:49 acydburn Exp $ * ****************************************************************************/ *************** *** 34,49 **** { $filename = basename(__FILE__); $module['General']['Backup_DB'] = $filename . "?perform=backup"; - if(@phpversion() >= '4.0.0') - { - $file_uploads = @ini_get('file_uploads'); - } - else - { - $file_uploads = @get_cfg_var('file_uploads'); - } ! if( ($file_uploads != 0 || empty($file_uploads)) && (strtolower($file_uploads) != 'off') && (@phpversion() != '4.0.4pl1') ) { $module['General']['Restore_DB'] = $filename . "?perform=restore"; } --- 34,43 ---- { $filename = basename(__FILE__); $module['General']['Backup_DB'] = $filename . "?perform=backup"; ! $file_uploads = (@phpversion() >= '4.0.0') ? @ini_get('file_uploads') : @get_cfg_var('file_uploads'); ! ! if( (empty($file_uploads) || $file_uploads != 0) && (strtolower($file_uploads) != 'off') && (@phpversion() != '4.0.4pl1') ) { $module['General']['Restore_DB'] = $filename . "?perform=restore"; } *************** *** 376,382 **** // Ok lets grab the fields... // $result = $db->sql_query($field_query); ! if(!result) { message_die(GENERAL_ERROR, "Failed in get_table_def (show fields)", "", __LINE__, __FILE__, $field_query); } --- 370,376 ---- // Ok lets grab the fields... // $result = $db->sql_query($field_query); ! if(!$result) { message_die(GENERAL_ERROR, "Failed in get_table_def (show fields)", "", __LINE__, __FILE__, $field_query); } *************** *** 572,657 **** function get_table_content_mysql($table, $handler) { global $db; - // - // Grab the data from the table. - // - $result = $db->sql_query("SELECT * FROM $table"); ! if (!$result) { message_die(GENERAL_ERROR, "Failed in get_table_content (select *)", "", __LINE__, __FILE__, "SELECT * FROM $table"); } - if($db->sql_numrows($result) > 0) - { - $schema_insert = "\n#\n# Table Data for $table\n#\n"; - } - else - { - $schema_insert = ""; - } - - $handler($schema_insert); - - // // Loop through the resulting rows and build the sql statement. ! // ! ! while ($row = $db->sql_fetchrow($result)) { ! $table_list = '('; ! $num_fields = $db->sql_numfields($result); ! // // Grab the list of field names. ! // for ($j = 0; $j < $num_fields; $j++) { ! $table_list .= $db->sql_fieldname($j, $result) . ', '; } - // - // Get rid of the last comma - // - $table_list = ereg_replace(', $', '', $table_list); $table_list .= ')'; ! // ! // Start building the SQL statement. ! // ! $schema_insert = "INSERT INTO $table $table_list VALUES("; ! // ! // Loop through the rows and fill in data for each column ! // ! for ($j = 0; $j < $num_fields; $j++) { ! if(!isset($row[$j])) ! { ! // ! // If there is no data for the column set it to null. ! // There was a problem here with an extra space causing the ! // sql file not to reimport if the last column was null in ! // any table. Should be fixed now :) JLH ! // ! $schema_insert .= ' NULL,'; ! } ! elseif ($row[$j] != '') ! { ! $schema_insert .= ' \'' . addslashes($row[$j]) . '\','; ! } ! else { ! $schema_insert .= '\'\','; } - } - // - // Get rid of the the last comma. - // - $schema_insert = ereg_replace(',$', '', $schema_insert); - $schema_insert .= ');'; - // - // Go ahead and send the insert statement to the handler function. - // - $handler(trim($schema_insert)); } return(true); } --- 566,634 ---- function get_table_content_mysql($table, $handler) { global $db; ! // Grab the data from the table. ! if (!($result = $db->sql_query("SELECT * FROM $table"))) { message_die(GENERAL_ERROR, "Failed in get_table_content (select *)", "", __LINE__, __FILE__, "SELECT * FROM $table"); } // Loop through the resulting rows and build the sql statement. ! if ($row = $db->sql_fetchrow($result)) { ! $handler("\n#\n# Table Data for $table\n#\n"); ! $field_names = array(); ! // Grab the list of field names. ! $num_fields = $db->sql_numfields($result); ! $table_list = '('; for ($j = 0; $j < $num_fields; $j++) { ! $field_names[$j] = $db->sql_fieldname($j, $result); ! $table_list .= (($j > 0) ? ', ' : '') . $field_names[$j]; ! } $table_list .= ')'; ! ! do { ! // Start building the SQL statement. ! $schema_insert = "INSERT INTO $table $table_list VALUES("; ! ! // Loop through the rows and fill in data for each column ! for ($j = 0; $j < $num_fields; $j++) { ! $schema_insert .= ($j > 0) ? ', ' : ''; ! ! if(!isset($row[$field_names[$j]])) ! { ! // ! // If there is no data for the column set it to null. ! // There was a problem here with an extra space causing the ! // sql file not to reimport if the last column was null in ! // any table. Should be fixed now :) JLH ! // ! $schema_insert .= 'NULL'; ! } ! elseif ($row[$field_names[$j]] != '') ! { ! $schema_insert .= '\'' . addslashes($row[$field_names[$j]]) . '\''; ! } ! else ! { ! $schema_insert .= '\'\''; ! } } + $schema_insert .= ');'; + + // Go ahead and send the insert statement to the handler function. + $handler(trim($schema_insert)); + + } + while ($row = $db->sql_fetchrow($result)); } + return(true); } *************** *** 672,678 **** // // Begin program proper // - if( isset($HTTP_GET_VARS['perform']) || isset($HTTP_POST_VARS['perform']) ) { $perform = (isset($HTTP_POST_VARS['perform'])) ? $HTTP_POST_VARS['perform'] : $HTTP_GET_VARS['perform']; --- 649,654 ---- *************** *** 681,701 **** { case 'backup': ! if( SQL_LAYER == 'oracle' || SQL_LAYER == 'odbc' || SQL_LAYER == 'mssql' ) { ! switch(SQL_LAYER) ! { ! case 'oracle': ! $db_type = "Oracle"; ! break; ! case 'odbc': ! $db_type = "ODBC"; ! break; ! case 'mssql': ! $db_type = "MSSQL"; ! break; ! } include('./page_header_admin.'.$phpEx); $template->set_filenames(array( --- 657,682 ---- { case 'backup': ! $error = false; ! switch(SQL_LAYER) { ! case 'oracle': ! $error = true; ! break; ! case 'db2': ! $error = true; ! break; ! case 'msaccess': ! $error = true; ! break; ! case 'mssql': ! case 'mssql-odbc': ! $error = true; ! break; ! } + if ($error) + { include('./page_header_admin.'.$phpEx); $template->set_filenames(array( *************** *** 709,719 **** $template->pparse("body"); ! break; } ! $tables = array('auth_access', 'banlist', 'categories', 'config', 'disallow', 'forums', 'forum_prune', 'groups', 'posts', 'posts_text', 'privmsgs', 'privmsgs_text', 'ranks', 'search_results', 'search_results', 'search_wordlist', 'search_wordmatch', 'sessions', 'smilies', 'themes', 'themes_name', 'topics', 'topics_watch', 'user_group', 'users', 'vote_desc', 'vote_results', 'vote_voters', 'words'); ! $additional_tables = (isset($HTTP_POST_VARS['additional_tables'])) ? $HTTP_POST_VARS['additional_tables'] : ( (isset($HTTP_GET_VARS['additional_tables'])) ? $HTTP_GET_VARS['additional_tables'] : "" ); --- 690,699 ---- $template->pparse("body"); ! include('./page_footer_admin.'.$phpEx); } ! $tables = array('auth_access', 'banlist', 'categories', 'config', 'disallow', 'forums', 'forum_prune', 'groups', 'posts', 'posts_text', 'privmsgs', 'privmsgs_text', 'ranks', 'search_results', 'search_wordlist', 'search_wordmatch', 'sessions', 'smilies', 'themes', 'themes_name', 'topics', 'topics_watch', 'user_group', 'users', 'vote_desc', 'vote_results', 'vote_voters', 'words', 'confirm'); $additional_tables = (isset($HTTP_POST_VARS['additional_tables'])) ? $HTTP_POST_VARS['additional_tables'] : ( (isset($HTTP_GET_VARS['additional_tables'])) ? $HTTP_GET_VARS['additional_tables'] : "" ); *************** *** 721,726 **** --- 701,708 ---- $gzipcompress = (!empty($HTTP_POST_VARS['gzipcompress'])) ? $HTTP_POST_VARS['gzipcompress'] : ( (!empty($HTTP_GET_VARS['gzipcompress'])) ? $HTTP_GET_VARS['gzipcompress'] : 0 ); + $drop = (!empty($HTTP_POST_VARS['drop'])) ? intval($HTTP_POST_VARS['drop']) : ( (!empty($HTTP_GET_VARS['drop'])) ? intval($HTTP_GET_VARS['drop']) : 0 ); + if(!empty($additional_tables)) { if(ereg(",", $additional_tables)) *************** *** 780,786 **** ); $template->assign_vars(array( ! "META" => "", "MESSAGE_TITLE" => $lang['Database_Utilities'] . " : " . $lang['Backup'], "MESSAGE_TEXT" => $lang['Backup_download']) --- 762,768 ---- ); $template->assign_vars(array( ! "META" => '', "MESSAGE_TITLE" => $lang['Database_Utilities'] . " : " . $lang['Backup'], "MESSAGE_TEXT" => $lang['Backup_download']) *************** *** 836,850 **** for($i = 0; $i < count($tables); $i++) { $table_name = $tables[$i]; ! if(SQL_LAYER != 'mysql4') ! { ! $table_def_function = "get_table_def_" . SQL_LAYER; ! $table_content_function = "get_table_content_" . SQL_LAYER; ! } ! else { ! $table_def_function = "get_table_def_mysql"; ! $table_content_function = "get_table_content_mysql"; } if($backup_type != 'data') --- 818,836 ---- for($i = 0; $i < count($tables); $i++) { $table_name = $tables[$i]; ! ! switch (SQL_LAYER) { ! case 'postgresql': ! $table_def_function = "get_table_def_postgresql"; ! $table_content_function = "get_table_content_postgresql"; ! break; ! ! case 'mysql': ! case 'mysql4': ! $table_def_function = "get_table_def_mysql"; ! $table_content_function = "get_table_content_mysql"; ! break; } if($backup_type != 'data') *************** *** 872,878 **** break; case 'restore': ! if(!isset($restore_start)) { // // Define Template files... --- 858,864 ---- break; case 'restore': ! if(!isset($HTTP_POST_VARS['restore_start'])) { // // Define Template files... *************** *** 919,925 **** // a hackers attempt at getting us to process a local system // file. // ! if( file_exists($backup_file_tmpname) ) { if( preg_match("/^(text\/[a-zA-Z]+)|(application\/(x\-)?gzip(\-compressed)?)|(application\/octet-stream)$/is", $backup_file_type) ) { --- 905,911 ---- // a hackers attempt at getting us to process a local system // file. // ! if( file_exists(phpbb_realpath($backup_file_tmpname)) ) { if( preg_match("/^(text\/[a-zA-Z]+)|(application\/(x\-)?gzip(\-compressed)?)|(application\/octet-stream)$/is", $backup_file_type) ) { diff -crN phpbb201/admin/admin_disallow.php phpbb2017/admin/admin_disallow.php *** phpbb201/admin/admin_disallow.php Sat Jul 10 20:16:15 2004 --- phpbb2017/admin/admin_disallow.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_disallow.php,v 1.9.2.1 2002/05/12 00:47:40 psotfx Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_disallow.php,v 1.9.2.2 2002/11/26 11:42:11 psotfx Exp $ * * ***************************************************************************/ *************** *** 41,48 **** { include($phpbb_root_path . 'includes/functions_validate.'.$phpEx); ! $disallowed_user = ( isset($HTTP_POST_VARS['disallowed_user']) ) ? $HTTP_POST_VARS['disallowed_user'] : $HTTP_GET_VARS['disallowed_user']; if( !validate_username($disallowed_user) ) { $message = $lang['Disallowed_already']; --- 41,52 ---- { include($phpbb_root_path . 'includes/functions_validate.'.$phpEx); ! $disallowed_user = ( isset($HTTP_POST_VARS['disallowed_user']) ) ? trim($HTTP_POST_VARS['disallowed_user']) : trim($HTTP_GET_VARS['disallowed_user']); + if ($disallowed_user == '') + { + message_die(MESSAGE, $lang['Fields_empty']); + } if( !validate_username($disallowed_user) ) { $message = $lang['Disallowed_already']; diff -crN phpbb201/admin/admin_forum_prune.php phpbb2017/admin/admin_forum_prune.php *** phpbb201/admin/admin_forum_prune.php Sat Jul 10 20:16:15 2004 --- phpbb2017/admin/admin_forum_prune.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_forum_prune.php,v 1.22.2.2 2002/05/12 15:57:44 psotfx Exp $ * ****************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_forum_prune.php,v 1.22.2.3 2002/12/18 14:14:07 psotfx Exp $ * ****************************************************************************/ *************** *** 168,176 **** $forum_name = ( $forum_id == -1 ) ? $lang['All_Forums'] : $forum_rows[0]['forum_name']; $prune_data = $lang['Prune_topics_not_posted'] . " "; ! $prune_data .= ' ' . $lang['Days']; ! $hidden_input = ''; // // Assign the template variables. --- 168,176 ---- $forum_name = ( $forum_id == -1 ) ? $lang['All_Forums'] : $forum_rows[0]['forum_name']; $prune_data = $lang['Prune_topics_not_posted'] . " "; ! $prune_data .= ' ' . $lang['Days']; ! $hidden_input = ''; // // Assign the template variables. diff -crN phpbb201/admin/admin_forumauth.php phpbb2017/admin/admin_forumauth.php *** phpbb201/admin/admin_forumauth.php Sat Jul 10 20:16:15 2004 --- phpbb2017/admin/admin_forumauth.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_forumauth.php,v 1.23.2.4 2002/05/21 16:52:08 psotfx Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_forumauth.php,v 1.23.2.5 2004/03/25 15:57:19 acydburn Exp $ * * ***************************************************************************/ *************** *** 102,121 **** { if(isset($HTTP_POST_VARS['simpleauth'])) { ! $simple_ary = $simple_auth_ary[$HTTP_POST_VARS['simpleauth']]; for($i = 0; $i < count($simple_ary); $i++) { $sql .= ( ( $sql != '' ) ? ', ' : '' ) . $forum_auth_fields[$i] . ' = ' . $simple_ary[$i]; } ! $sql = "UPDATE " . FORUMS_TABLE . " SET $sql WHERE forum_id = $forum_id"; } else { for($i = 0; $i < count($forum_auth_fields); $i++) { ! $value = $HTTP_POST_VARS[$forum_auth_fields[$i]]; if ( $forum_auth_fields[$i] == 'auth_vote' ) { --- 102,124 ---- { if(isset($HTTP_POST_VARS['simpleauth'])) { ! $simple_ary = $simple_auth_ary[intval($HTTP_POST_VARS['simpleauth'])]; for($i = 0; $i < count($simple_ary); $i++) { $sql .= ( ( $sql != '' ) ? ', ' : '' ) . $forum_auth_fields[$i] . ' = ' . $simple_ary[$i]; } ! if (is_array($simple_ary)) ! { ! $sql = "UPDATE " . FORUMS_TABLE . " SET $sql WHERE forum_id = $forum_id"; ! } } else { for($i = 0; $i < count($forum_auth_fields); $i++) { ! $value = intval($HTTP_POST_VARS[$forum_auth_fields[$i]]); if ( $forum_auth_fields[$i] == 'auth_vote' ) { diff -crN phpbb201/admin/admin_forums.php phpbb2017/admin/admin_forums.php *** phpbb201/admin/admin_forums.php Sat Jul 10 20:16:15 2004 --- phpbb2017/admin/admin_forums.php Tue Jul 19 22:14:56 2005 *************** *** 1,13 **** AUTH_ALL, "auth_edit" => AUTH_REG, "auth_delete" => AUTH_REG, ! "auth_sticky" => AUTH_REG, "auth_announce" => AUTH_MOD, "auth_vote" => AUTH_REG, "auth_pollcreate" => AUTH_REG --- 43,49 ---- "auth_reply" => AUTH_ALL, "auth_edit" => AUTH_REG, "auth_delete" => AUTH_REG, ! "auth_sticky" => AUTH_MOD, "auth_announce" => AUTH_MOD, "auth_vote" => AUTH_REG, "auth_pollcreate" => AUTH_REG *************** *** 56,61 **** --- 55,61 ---- if( isset($HTTP_POST_VARS['mode']) || isset($HTTP_GET_VARS['mode']) ) { $mode = ( isset($HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode']; + $mode = htmlspecialchars($mode); } else { *************** *** 233,238 **** --- 233,239 ---- if( $mode == "addforum" ) { list($cat_id) = each($HTTP_POST_VARS['addforum']); + $cat_id = intval($cat_id); // // stripslashes needs to be run on this because slashes are added when the forum name is posted // *************** *** 302,309 **** $catlist = get_list('category', $cat_id, TRUE); $forumstatus == ( FORUM_LOCKED ) ? $forumlocked = "selected=\"selected\"" : $forumunlocked = "selected=\"selected\""; ! $statuslist = "\n"; ! $statuslist .= "\n"; $template->set_filenames(array( "body" => "admin/forum_edit_body.tpl") --- 303,316 ---- $catlist = get_list('category', $cat_id, TRUE); $forumstatus == ( FORUM_LOCKED ) ? $forumlocked = "selected=\"selected\"" : $forumunlocked = "selected=\"selected\""; ! ! // These two options ($lang['Status_unlocked'] and $lang['Status_locked']) seem to be missing from ! // the language files. ! $lang['Status_unlocked'] = isset($lang['Status_unlocked']) ? $lang['Status_unlocked'] : 'Unlocked'; ! $lang['Status_locked'] = isset($lang['Status_locked']) ? $lang['Status_locked'] : 'Locked'; ! ! $statuslist = "\n"; ! $statuslist .= "\n"; $template->set_filenames(array( "body" => "admin/forum_edit_body.tpl") *************** *** 493,499 **** // There is no problem having duplicate forum names so we won't check for it. // $sql = "INSERT INTO " . CATEGORIES_TABLE . " (cat_title, cat_order) ! VALUES ('" . $HTTP_POST_VARS['categoryname'] . "', $next_order)"; if( !$result = $db->sql_query($sql) ) { message_die(GENERAL_ERROR, "Couldn't insert row in categories table", "", __LINE__, __FILE__, $sql); --- 500,506 ---- // There is no problem having duplicate forum names so we won't check for it. // $sql = "INSERT INTO " . CATEGORIES_TABLE . " (cat_title, cat_order) ! VALUES ('" . str_replace("\'", "''", $HTTP_POST_VARS['categoryname']) . "', $next_order)"; if( !$result = $db->sql_query($sql) ) { message_die(GENERAL_ERROR, "Couldn't insert row in categories table", "", __LINE__, __FILE__, $sql); *************** *** 604,611 **** // Either delete or move all posts in a forum if($to_id == -1) { include($phpbb_root_path . "includes/prune.$phpEx"); ! prune($from_id, 0); // Delete everything from forum } else { --- 611,651 ---- // Either delete or move all posts in a forum if($to_id == -1) { + // Delete polls in this forum + $sql = "SELECT v.vote_id + FROM " . VOTE_DESC_TABLE . " v, " . TOPICS_TABLE . " t + WHERE t.forum_id = $from_id + AND v.topic_id = t.topic_id"; + if (!($result = $db->sql_query($sql))) + { + message_die(GENERAL_ERROR, "Couldn't obtain list of vote ids", "", __LINE__, __FILE__, $sql); + } + + if ($row = $db->sql_fetchrow($result)) + { + $vote_ids = ''; + do + { + $vote_ids = (($vote_ids != '') ? ', ' : '') . $row['vote_id']; + } + while ($row = $db->sql_fetchrow($result)); + + $sql = "DELETE FROM " . VOTE_DESC_TABLE . " + WHERE vote_id IN ($vote_ids)"; + $db->sql_query($sql); + + $sql = "DELETE FROM " . VOTE_RESULTS_TABLE . " + WHERE vote_id IN ($vote_ids)"; + $db->sql_query($sql); + + $sql = "DELETE FROM " . VOTE_USERS_TABLE . " + WHERE vote_id IN ($vote_ids)"; + $db->sql_query($sql); + } + $db->sql_freeresult($result); + include($phpbb_root_path . "includes/prune.$phpEx"); ! prune($from_id, 0, true); // Delete everything from forum } else { *************** *** 616,621 **** --- 656,662 ---- { message_die(GENERAL_ERROR, "Couldn't verify existence of forums", "", __LINE__, __FILE__, $sql); } + if($db->sql_numrows($result) != 2) { message_die(GENERAL_ERROR, "Ambiguous forum ID's", "", __LINE__, __FILE__); *************** *** 637,642 **** --- 678,734 ---- sync('forum', $to_id); } + // Alter Mod level if appropriate - 2.0.4 + $sql = "SELECT ug.user_id + FROM " . AUTH_ACCESS_TABLE . " a, " . USER_GROUP_TABLE . " ug + WHERE a.forum_id <> $from_id + AND a.auth_mod = 1 + AND ug.group_id = a.group_id"; + if( !$result = $db->sql_query($sql) ) + { + message_die(GENERAL_ERROR, "Couldn't obtain moderator list", "", __LINE__, __FILE__, $sql); + } + + if ($row = $db->sql_fetchrow($result)) + { + $user_ids = ''; + do + { + $user_ids .= (($user_ids != '') ? ', ' : '' ) . $row['user_id']; + } + while ($row = $db->sql_fetchrow($result)); + + $sql = "SELECT ug.user_id + FROM " . AUTH_ACCESS_TABLE . " a, " . USER_GROUP_TABLE . " ug + WHERE a.forum_id = $from_id + AND a.auth_mod = 1 + AND ug.group_id = a.group_id + AND ug.user_id NOT IN ($user_ids)"; + if( !$result2 = $db->sql_query($sql) ) + { + message_die(GENERAL_ERROR, "Couldn't obtain moderator list", "", __LINE__, __FILE__, $sql); + } + + if ($row = $db->sql_fetchrow($result2)) + { + $user_ids = ''; + do + { + $user_ids .= (($user_ids != '') ? ', ' : '' ) . $row['user_id']; + } + while ($row = $db->sql_fetchrow($result2)); + + $sql = "UPDATE " . USERS_TABLE . " + SET user_level = " . USER . " + WHERE user_id IN ($user_ids) + AND user_level <> " . ADMIN; + $db->sql_query($sql); + } + $db->sql_freeresult($result); + + } + $db->sql_freeresult($result2); + $sql = "DELETE FROM " . FORUMS_TABLE . " WHERE forum_id = $from_id"; if( !$result = $db->sql_query($sql) ) *************** *** 933,936 **** include('./page_footer_admin.'.$phpEx); ! ?> --- 1025,1028 ---- include('./page_footer_admin.'.$phpEx); ! ?> \ No newline at end of file diff -crN phpbb201/admin/admin_groups.php phpbb2017/admin/admin_groups.php *** phpbb201/admin/admin_groups.php Sat Jul 10 20:16:15 2004 --- phpbb2017/admin/admin_groups.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_groups.php,v 1.25.2.3 2002/05/19 14:03:51 psotfx Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_groups.php,v 1.25.2.9 2004/03/25 15:57:20 acydburn Exp $ * * ***************************************************************************/ *************** *** 43,54 **** } else { ! $group_id = ''; } if ( isset($HTTP_POST_VARS['mode']) || isset($HTTP_GET_VARS['mode']) ) { $mode = ( isset($HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode']; } else { --- 43,55 ---- } else { ! $group_id = 0; } if ( isset($HTTP_POST_VARS['mode']) || isset($HTTP_GET_VARS['mode']) ) { $mode = ( isset($HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode']; + $mode = htmlspecialchars($mode); } else { *************** *** 171,176 **** --- 172,227 ---- // if ( isset($HTTP_POST_VARS['group_delete']) ) { + // + // Reset User Moderator Level + // + + // Is Group moderating a forum ? + $sql = "SELECT auth_mod FROM " . AUTH_ACCESS_TABLE . " + WHERE group_id = " . $group_id; + if ( !($result = $db->sql_query($sql)) ) + { + message_die(GENERAL_ERROR, 'Could not select auth_access', '', __LINE__, __FILE__, $sql); + } + + $row = $db->sql_fetchrow($result); + if (intval($row['auth_mod']) == 1) + { + // Yes, get the assigned users and update their Permission if they are no longer moderator of one of the forums + $sql = "SELECT user_id FROM " . USER_GROUP_TABLE . " + WHERE group_id = " . $group_id; + if ( !($result = $db->sql_query($sql)) ) + { + message_die(GENERAL_ERROR, 'Could not select user_group', '', __LINE__, __FILE__, $sql); + } + + $rows = $db->sql_fetchrowset($result); + for ($i = 0; $i < count($rows); $i++) + { + $sql = "SELECT g.group_id FROM " . AUTH_ACCESS_TABLE . " a, " . GROUPS_TABLE . " g, " . USER_GROUP_TABLE . " ug + WHERE (a.auth_mod = 1) AND (g.group_id = a.group_id) AND (a.group_id = ug.group_id) AND (g.group_id = ug.group_id) + AND (ug.user_id = " . intval($rows[$i]['user_id']) . ") AND (ug.group_id <> " . $group_id . ")"; + if ( !($result = $db->sql_query($sql)) ) + { + message_die(GENERAL_ERROR, 'Could not obtain moderator permissions', '', __LINE__, __FILE__, $sql); + } + + if ($db->sql_numrows($result) == 0) + { + $sql = "UPDATE " . USERS_TABLE . " SET user_level = " . USER . " + WHERE user_level = " . MOD . " AND user_id = " . intval($rows[$i]['user_id']); + + if ( !$db->sql_query($sql) ) + { + message_die(GENERAL_ERROR, 'Could not update moderator permissions', '', __LINE__, __FILE__, $sql); + } + } + } + } + + // + // Delete Group + // $sql = "DELETE FROM " . GROUPS_TABLE . " WHERE group_id = " . $group_id; if ( !$db->sql_query($sql) ) *************** *** 213,219 **** message_die(GENERAL_MESSAGE, $lang['No_group_moderator']); } ! $this_userdata = get_userdata($group_moderator); $group_moderator = $this_userdata['user_id']; if ( !$group_moderator ) --- 264,270 ---- message_die(GENERAL_MESSAGE, $lang['No_group_moderator']); } ! $this_userdata = get_userdata($group_moderator, true); $group_moderator = $this_userdata['user_id']; if ( !$group_moderator ) *************** *** 284,305 **** } else if( $mode == 'newgroup' ) { ! $sql = "SELECT MAX(group_id) AS new_group_id ! FROM " . GROUPS_TABLE; ! if ( !($result = $db->sql_query($sql)) ) ! { ! message_die(GENERAL_ERROR, 'Could not insert new group', '', __LINE__, __FILE__, $sql); ! } ! $row = $db->sql_fetchrow($result); ! ! $new_group_id = $row['new_group_id'] + 1; ! ! $sql = "INSERT INTO " . GROUPS_TABLE . " (group_id, group_type, group_name, group_description, group_moderator, group_single_user) ! VALUES ($new_group_id, $group_type, '" . str_replace("\'", "''", $group_name) . "', '" . str_replace("\'", "''", $group_description) . "', $group_moderator, '0')"; if ( !$db->sql_query($sql) ) { message_die(GENERAL_ERROR, 'Could not insert new group', '', __LINE__, __FILE__, $sql); } $sql = "INSERT INTO " . USER_GROUP_TABLE . " (group_id, user_id, user_pending) VALUES ($new_group_id, $group_moderator, 0)"; --- 335,347 ---- } else if( $mode == 'newgroup' ) { ! $sql = "INSERT INTO " . GROUPS_TABLE . " (group_type, group_name, group_description, group_moderator, group_single_user) ! VALUES ($group_type, '" . str_replace("\'", "''", $group_name) . "', '" . str_replace("\'", "''", $group_description) . "', $group_moderator, '0')"; if ( !$db->sql_query($sql) ) { message_die(GENERAL_ERROR, 'Could not insert new group', '', __LINE__, __FILE__, $sql); } + $new_group_id = $db->sql_nextid(); $sql = "INSERT INTO " . USER_GROUP_TABLE . " (group_id, user_id, user_pending) VALUES ($new_group_id, $group_moderator, 0)"; *************** *** 367,370 **** include('./page_footer_admin.'.$phpEx); ! ?> \ No newline at end of file --- 409,412 ---- include('./page_footer_admin.'.$phpEx); ! ?> diff -crN phpbb201/admin/admin_mass_email.php phpbb2017/admin/admin_mass_email.php *** phpbb201/admin/admin_mass_email.php Sat Jul 10 20:16:15 2004 --- phpbb2017/admin/admin_mass_email.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_mass_email.php,v 1.15.2.5 2002/05/20 00:52:18 psotfx Exp $ * ****************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_mass_email.php,v 1.15.2.7 2003/05/03 23:24:01 acydburn Exp $ * ****************************************************************************/ *************** *** 79,88 **** if ( $row = $db->sql_fetchrow($result) ) { ! $bcc_list = ''; do { ! $bcc_list .= ( ( $bcc_list != '' ) ? ', ' : '' ) . $row['user_email']; } while ( $row = $db->sql_fetchrow($result) ); --- 79,88 ---- if ( $row = $db->sql_fetchrow($result) ) { ! $bcc_list = array(); do { ! $bcc_list[] = $row['user_email']; } while ( $row = $db->sql_fetchrow($result) ); *************** *** 116,127 **** $emailer = new emailer($board_config['smtp_delivery']); ! $email_headers = 'Return-Path: ' . $userdata['board_email'] . "\nFrom: " . $board_config['board_email'] . "\n"; ! $email_headers .= 'X-AntiAbuse: Board servername - ' . $board_config['server_name'] . "\n"; $email_headers .= 'X-AntiAbuse: User_id - ' . $userdata['user_id'] . "\n"; $email_headers .= 'X-AntiAbuse: Username - ' . $userdata['username'] . "\n"; $email_headers .= 'X-AntiAbuse: User IP - ' . decode_ip($user_ip) . "\n"; - $email_headers .= "Bcc: $bcc_list\n"; $emailer->use_template('admin_send_email'); $emailer->email_address($board_config['board_email']); --- 116,133 ---- $emailer = new emailer($board_config['smtp_delivery']); ! $emailer->from($board_config['board_email']); ! $emailer->replyto($board_config['board_email']); ! ! for ($i = 0; $i < count($bcc_list); $i++) ! { ! $emailer->bcc($bcc_list[$i]); ! } ! ! $email_headers = 'X-AntiAbuse: Board servername - ' . $board_config['server_name'] . "\n"; $email_headers .= 'X-AntiAbuse: User_id - ' . $userdata['user_id'] . "\n"; $email_headers .= 'X-AntiAbuse: Username - ' . $userdata['username'] . "\n"; $email_headers .= 'X-AntiAbuse: User IP - ' . decode_ip($user_ip) . "\n"; $emailer->use_template('admin_send_email'); $emailer->email_address($board_config['board_email']); diff -crN phpbb201/admin/admin_ranks.php phpbb2017/admin/admin_ranks.php *** phpbb201/admin/admin_ranks.php Sat Jul 10 20:16:15 2004 --- phpbb2017/admin/admin_ranks.php Tue Jul 19 22:14:56 2005 *************** *** 6,13 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_ranks.php,v 1.13.2.2 2002/05/12 15:57:44 psotfx Exp $ ! * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_ranks.php,v 1.13.2.4 2004/03/25 15:57:20 acydburn Exp $ * ***************************************************************************/ *************** *** 39,44 **** --- 38,44 ---- if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) ) { $mode = ($HTTP_GET_VARS['mode']) ? $HTTP_GET_VARS['mode'] : $HTTP_POST_VARS['mode']; + $mode = htmlspecialchars($mode); } else { *************** *** 162,169 **** } } ! if( $rank_id ) { $sql = "UPDATE " . RANKS_TABLE . " SET rank_title = '" . str_replace("\'", "''", $rank_title) . "', rank_special = $special_rank, rank_min = $min_posts, rank_image = '" . str_replace("\'", "''", $rank_image) . "' WHERE rank_id = $rank_id"; --- 162,180 ---- } } ! if ($rank_id) { + if (!$special_rank) + { + $sql = "UPDATE " . USERS_TABLE . " + SET user_rank = 0 + WHERE user_rank = $rank_id"; + + if( !$result = $db->sql_query($sql) ) + { + message_die(GENERAL_ERROR, $lang['No_update_ranks'], "", __LINE__, __FILE__, $sql); + } + } $sql = "UPDATE " . RANKS_TABLE . " SET rank_title = '" . str_replace("\'", "''", $rank_title) . "', rank_special = $special_rank, rank_min = $min_posts, rank_image = '" . str_replace("\'", "''", $rank_image) . "' WHERE rank_id = $rank_id"; diff -crN phpbb201/admin/admin_smilies.php phpbb2017/admin/admin_smilies.php *** phpbb201/admin/admin_smilies.php Sat Jul 10 20:16:15 2004 --- phpbb2017/admin/admin_smilies.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_smilies.php,v 1.22.2.2 2002/05/12 15:57:44 psotfx Exp $ * ****************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_smilies.php,v 1.22.2.14 2005/05/06 20:50:09 acydburn Exp $ * ****************************************************************************/ *************** *** 57,62 **** --- 57,63 ---- if( isset($HTTP_POST_VARS['mode']) || isset($HTTP_GET_VARS['mode']) ) { $mode = ( isset($HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode']; + $mode = htmlspecialchars($mode); } else { *************** *** 72,78 **** while($file = @readdir($dir)) { ! if( !@is_dir($phpbb_root_path . $board_config['smilies_path'] . '/' . $file) ) { $img_size = @getimagesize($phpbb_root_path . $board_config['smilies_path'] . '/' . $file); --- 73,79 ---- while($file = @readdir($dir)) { ! if( !@is_dir(phpbb_realpath($phpbb_root_path . $board_config['smilies_path'] . '/' . $file)) ) { $img_size = @getimagesize($phpbb_root_path . $board_config['smilies_path'] . '/' . $file); *************** *** 239,245 **** FROM " . SMILIES_TABLE; if( !$result = $db->sql_query($sql) ) { ! message_die(GENERAL_ERROR, "Couldn't delete smiley", "", __LINE__, __FILE__, $sql); } $resultset = $db->sql_fetchrowset($result); --- 240,246 ---- FROM " . SMILIES_TABLE; if( !$result = $db->sql_query($sql) ) { ! message_die(GENERAL_ERROR, "Could not get smiley list", "", __LINE__, __FILE__, $sql); } $resultset = $db->sql_fetchrowset($result); *************** *** 265,271 **** message_die(GENERAL_MESSAGE, $message); } ! else if( isset($HTTP_POST_VARS['add']) ) { // // Admin has selected to add a smiley. --- 266,272 ---- message_die(GENERAL_MESSAGE, $message); } ! else if( isset($HTTP_POST_VARS['add']) || isset($HTTP_GET_VARS['add']) ) { // // Admin has selected to add a smiley. *************** *** 313,318 **** --- 314,320 ---- // $smiley_id = ( !empty($HTTP_POST_VARS['id']) ) ? $HTTP_POST_VARS['id'] : $HTTP_GET_VARS['id']; + $smiley_id = intval($smiley_id); $sql = "DELETE FROM " . SMILIES_TABLE . " WHERE smilies_id = " . $smiley_id; *************** *** 333,338 **** --- 335,341 ---- // $smiley_id = ( !empty($HTTP_POST_VARS['id']) ) ? $HTTP_POST_VARS['id'] : $HTTP_GET_VARS['id']; + $smiley_id = intval($smiley_id); $sql = "SELECT * FROM " . SMILIES_TABLE . " *************** *** 399,408 **** // Get the submitted data, being careful to ensure that we only // accept the data we are looking for. // ! $smile_code = ( isset($HTTP_POST_VARS['smile_code']) ) ? $HTTP_POST_VARS['smile_code'] : $HTTP_GET_VARS['smile_code']; ! $smile_url = ( isset($HTTP_POST_VARS['smile_url']) ) ? $HTTP_POST_VARS['smile_url'] : $HTTP_GET_VARS['smile_url']; ! $smile_emotion = ( isset($HTTP_POST_VARS['smile_emotion']) ) ? $HTTP_POST_VARS['smile_emotion'] : $HTTP_GET_VARS['smile_emotion']; $smile_id = ( isset($HTTP_POST_VARS['smile_id']) ) ? intval($HTTP_POST_VARS['smile_id']) : intval($HTTP_GET_VARS['smile_id']); // // Convert < and > to proper htmlentities for parsing. // --- 402,418 ---- // Get the submitted data, being careful to ensure that we only // accept the data we are looking for. // ! $smile_code = ( isset($HTTP_POST_VARS['smile_code']) ) ? trim($HTTP_POST_VARS['smile_code']) : trim($HTTP_GET_VARS['smile_code']); ! $smile_url = ( isset($HTTP_POST_VARS['smile_url']) ) ? trim($HTTP_POST_VARS['smile_url']) : trim($HTTP_GET_VARS['smile_url']); ! $smile_emotion = ( isset($HTTP_POST_VARS['smile_emotion']) ) ? trim($HTTP_POST_VARS['smile_emotion']) : trim($HTTP_GET_VARS['smile_emotion']); $smile_id = ( isset($HTTP_POST_VARS['smile_id']) ) ? intval($HTTP_POST_VARS['smile_id']) : intval($HTTP_GET_VARS['smile_id']); + + // If no code was entered complain ... + if ($smile_code == '' || $smile_url == '') + { + message_die(MESSAGE, $lang['Fields_empty']); + } + // // Convert < and > to proper htmlentities for parsing. // *************** *** 415,422 **** $sql = "UPDATE " . SMILIES_TABLE . " SET code = '" . str_replace("\'", "''", $smile_code) . "', smile_url = '" . str_replace("\'", "''", $smile_url) . "', emoticon = '" . str_replace("\'", "''", $smile_emotion) . "' WHERE smilies_id = $smile_id"; ! $result = $db->sql_query($sql); ! if( !$result ) { message_die(GENERAL_ERROR, "Couldn't update smilies info", "", __LINE__, __FILE__, $sql); } --- 425,431 ---- $sql = "UPDATE " . SMILIES_TABLE . " SET code = '" . str_replace("\'", "''", $smile_code) . "', smile_url = '" . str_replace("\'", "''", $smile_url) . "', emoticon = '" . str_replace("\'", "''", $smile_emotion) . "' WHERE smilies_id = $smile_id"; ! if( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, "Couldn't update smilies info", "", __LINE__, __FILE__, $sql); } *************** *** 438,443 **** --- 447,461 ---- $smile_code = ( isset($HTTP_POST_VARS['smile_code']) ) ? $HTTP_POST_VARS['smile_code'] : $HTTP_GET_VARS['smile_code']; $smile_url = ( isset($HTTP_POST_VARS['smile_url']) ) ? $HTTP_POST_VARS['smile_url'] : $HTTP_GET_VARS['smile_url']; $smile_emotion = ( isset($HTTP_POST_VARS['smile_emotion']) ) ? $HTTP_POST_VARS['smile_emotion'] : $HTTP_GET_VARS['smile_emotion']; + $smile_code = trim($smile_code); + $smile_url = trim($smile_url); + $smile_emotion = trim($smile_emotion); + + // If no code was entered complain ... + if ($smile_code == '' || $smile_url == '') + { + message_die(MESSAGE, $lang['Fields_empty']); + } // // Convert < and > to proper htmlentities for parsing. *************** *** 538,541 **** // include('./page_footer_admin.'.$phpEx); ! ?> --- 556,559 ---- // include('./page_footer_admin.'.$phpEx); ! ?> \ No newline at end of file diff -crN phpbb201/admin/admin_styles.php phpbb2017/admin/admin_styles.php *** phpbb201/admin/admin_styles.php Sat Jul 10 20:16:15 2004 --- phpbb2017/admin/admin_styles.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_styles.php,v 1.27.2.3 2002/05/13 13:18:17 psotfx Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_styles.php,v 1.27.2.14 2005/03/17 17:33:30 acydburn Exp $ * * ***************************************************************************/ *************** *** 39,65 **** // Check if the user has cancled a confirmation message. // $phpbb_root_path = "./../"; $confirm = ( isset($HTTP_POST_VARS['confirm']) ) ? TRUE : FALSE; $cancel = ( isset($HTTP_POST_VARS['cancel']) ) ? TRUE : FALSE; ! if( empty($HTTP_POST_VARS['send_file']) ) ! { ! $no_page_header = ( $cancel ) ? TRUE : FALSE; ! require($phpbb_root_path . 'extension.inc'); ! require('./pagestart.' . $phpEx); ! } ! if( $cancel ) { ! $header_location = ( @preg_match('/Microsoft|WebSTAR|Xitami/', getenv('SERVER_SOFTWARE')) ) ? 'Refresh: 0; URL=' : 'Location: '; ! header($header_location . append_sid("admin_styles.$phpEx")); ! exit; } if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) ) { $mode = ( isset($HTTP_GET_VARS['mode']) ) ? $HTTP_GET_VARS['mode'] : $HTTP_POST_VARS['mode']; } else { --- 39,65 ---- // Check if the user has cancled a confirmation message. // $phpbb_root_path = "./../"; + require($phpbb_root_path . 'extension.inc'); $confirm = ( isset($HTTP_POST_VARS['confirm']) ) ? TRUE : FALSE; $cancel = ( isset($HTTP_POST_VARS['cancel']) ) ? TRUE : FALSE; ! $no_page_header = (!empty($HTTP_POST_VARS['send_file']) || $cancel) ? TRUE : FALSE; ! ! require('./pagestart.' . $phpEx); ! ! $confirm = ( isset($HTTP_POST_VARS['confirm']) ) ? TRUE : FALSE; ! $cancel = ( isset($HTTP_POST_VARS['cancel']) ) ? TRUE : FALSE; ! if ($cancel) { ! redirect('admin/' . append_sid("admin_styles.$phpEx", true)); } if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) ) { $mode = ( isset($HTTP_GET_VARS['mode']) ) ? $HTTP_GET_VARS['mode'] : $HTTP_POST_VARS['mode']; + $mode = htmlspecialchars($mode); } else { *************** *** 75,81 **** if( isset($install_to) ) { ! include($phpbb_root_path. "templates/" . $install_to . "/theme_info.cfg"); $template_name = $$install_to; $found = FALSE; --- 75,81 ---- if( isset($install_to) ) { ! include($phpbb_root_path. "templates/" . basename($install_to) . "/theme_info.cfg"); $template_name = $$install_to; $found = FALSE; *************** *** 134,142 **** { while( $sub_dir = @readdir($dir) ) { ! if( !is_file($phpbb_root_path . 'templates/' .$sub_dir) && !is_link($phpbb_root_path . 'templates/' .$sub_dir) && $sub_dir != "." && $sub_dir != ".." && $sub_dir != "CVS" ) { ! if( @file_exists($phpbb_root_path. "templates/" . $sub_dir . "/theme_info.cfg") ) { include($phpbb_root_path. "templates/" . $sub_dir . "/theme_info.cfg"); --- 134,142 ---- { while( $sub_dir = @readdir($dir) ) { ! if( !is_file(phpbb_realpath($phpbb_root_path . 'templates/' .$sub_dir)) && !is_link(phpbb_realpath($phpbb_root_path . 'templates/' .$sub_dir)) && $sub_dir != "." && $sub_dir != ".." && $sub_dir != "CVS" ) { ! if( @file_exists(@phpbb_realpath($phpbb_root_path. "templates/" . $sub_dir . "/theme_info.cfg")) ) { include($phpbb_root_path. "templates/" . $sub_dir . "/theme_info.cfg"); *************** *** 492,498 **** $themes_title = $lang['Edit_theme']; $themes_explain = $lang['Edit_theme_explain']; ! $style_id = $HTTP_GET_VARS['style_id']; $selected_names = array(); $selected_values = array(); --- 492,498 ---- $themes_title = $lang['Edit_theme']; $themes_explain = $lang['Edit_theme_explain']; ! $style_id = intval($HTTP_GET_VARS['style_id']); $selected_names = array(); $selected_values = array(); *************** *** 551,557 **** $s_template_select = ''; while( $file = @readdir($dir) ) { ! if( !is_file(phpbb_realpath($phpbb_root_path . 'templates/' . $file)) && !is_link(phpbb_realpath($phpbb_root_path . 'templates/' . $file)) && $file != "." && $file != ".." && $file != "CVS" ) { if($file == $selected['template_name']) { *************** *** 707,713 **** $sql = "SELECT * FROM " . THEMES_TABLE . " ! WHERE template_name = '$template_name'"; if(!$result = $db->sql_query($sql)) { message_die(GENERAL_ERROR, "Could not get theme data for selected template", "", __LINE__, __FILE__, $sql); --- 707,713 ---- $sql = "SELECT * FROM " . THEMES_TABLE . " ! WHERE template_name = '" . str_replace("\'", "''", $template_name) . "'"; if(!$result = $db->sql_query($sql)) { message_die(GENERAL_ERROR, "Could not get theme data for selected template", "", __LINE__, __FILE__, $sql); *************** *** 739,745 **** @umask(0111); ! $fp = @fopen($phpbb_root_path . 'templates/' . $template_name . '/theme_info.cfg', 'w'); if( !$fp ) { --- 739,745 ---- @umask(0111); ! $fp = @fopen($phpbb_root_path . 'templates/' . basename($template_name) . '/theme_info.cfg', 'w'); if( !$fp ) { *************** *** 750,756 **** $s_hidden_fields = ''; $s_hidden_fields .= ''; ! $download_form = '
' . $s_hidden_fields; $template->set_filenames(array( "body" => "message_body.tpl") --- 750,756 ---- $s_hidden_fields = ''; $s_hidden_fields .= ''; ! $download_form = '' . $s_hidden_fields; $template->set_filenames(array( "body" => "message_body.tpl") *************** *** 792,798 **** $s_template_select = ''; while( $file = @readdir($dir) ) { ! if( !is_file(phpbb_realpath($phpbb_root_path . 'templates/' . $file)) && !is_link(phpbb_realpath($phpbb_root_path . 'templates/' .$file)) && $file != "." && $file != ".." && $file != "CVS" ) { $s_template_select .= '\n"; } *************** *** 932,940 **** break; } ! if( !$HTTP_POST_VARS['send_file'] ) { include('./page_footer_admin.'.$phpEx); } ! ?> --- 932,940 ---- break; } ! if (empty($HTTP_POST_VARS['send_file'])) { include('./page_footer_admin.'.$phpEx); } ! ?> \ No newline at end of file diff -crN phpbb201/admin/admin_ug_auth.php phpbb2017/admin/admin_ug_auth.php *** phpbb201/admin/admin_ug_auth.php Sat Jul 10 20:16:15 2004 --- phpbb2017/admin/admin_ug_auth.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_ug_auth.php,v 1.13.2.2 2002/05/12 15:57:44 psotfx Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_ug_auth.php,v 1.13.2.9 2005/07/19 20:01:05 acydburn Exp $ * * ***************************************************************************/ *************** *** 54,59 **** --- 54,64 ---- } } + $user_id = intval($user_id); + $group_id = intval($group_id); + $adv = intval($adv); + $mode = htmlspecialchars($mode); + // // Start program - define vars // *************** *** 409,414 **** --- 414,420 ---- FROM " . AUTH_ACCESS_TABLE . " aa, " . USER_GROUP_TABLE . " ug, " . USERS_TABLE . " u WHERE ug.group_id = aa.group_id AND u.user_id = ug.user_id + AND ug.user_pending = 0 AND u.user_level NOT IN (" . MOD . ", " . ADMIN . ") GROUP BY u.user_id HAVING SUM(aa.auth_mod) > 0"; *************** *** 503,508 **** --- 509,556 ---- } } + $sql = 'SELECT user_id FROM ' . USER_GROUP_TABLE . " + WHERE group_id = $group_id"; + $result = $db->sql_query($sql); + + $group_user = array(); + while ($row = $db->sql_fetchrow($result)) + { + $group_user[$row['user_id']] = $row['user_id']; + } + $db->sql_freeresult($result); + + $sql = "SELECT ug.user_id, COUNT(auth_mod) AS is_auth_mod + FROM " . AUTH_ACCESS_TABLE . " aa, " . USER_GROUP_TABLE . " ug + WHERE ug.user_id IN (" . implode(', ', $group_user) . ") + AND aa.group_id = ug.group_id + AND aa.auth_mod = 1 + GROUP BY ug.user_id"; + if ( !($result = $db->sql_query($sql)) ) + { + message_die(GENERAL_ERROR, 'Could not obtain moderator status', '', __LINE__, __FILE__, $sql); + } + + while ($row = $db->sql_fetchrow($result)) + { + if ($row['is_auth_mod']) + { + unset($group_user[$row['user_id']]); + } + } + $db->sql_freeresult($result); + + if (sizeof($group_user)) + { + $sql = "UPDATE " . USERS_TABLE . " + SET user_level = " . USER . " + WHERE user_id IN (" . implode(', ', $group_user) . ") AND user_level = " . MOD; + if ( !($result = $db->sql_query($sql)) ) + { + message_die(GENERAL_ERROR, 'Could not update user level', '', __LINE__, __FILE__, $sql); + } + } + message_die(GENERAL_MESSAGE, $message); } } *************** *** 510,516 **** { if ( isset($HTTP_POST_VARS['username']) ) { ! $this_userdata = get_userdata($HTTP_POST_VARS['username']); if ( !is_array($this_userdata) ) { message_die(GENERAL_MESSAGE, $lang['No_such_user']); --- 558,564 ---- { if ( isset($HTTP_POST_VARS['username']) ) { ! $this_userdata = get_userdata($HTTP_POST_VARS['username'], true); if ( !is_array($this_userdata) ) { message_die(GENERAL_MESSAGE, $lang['No_such_user']); *************** *** 521,529 **** // // Front end // ! $sql = "SELECT * ! FROM " . FORUMS_TABLE . " f ! ORDER BY forum_order"; if ( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, "Couldn't obtain forum information", "", __LINE__, __FILE__, $sql); --- 569,578 ---- // // Front end // ! $sql = "SELECT f.* ! FROM " . FORUMS_TABLE . " f, " . CATEGORIES_TABLE . " c ! WHERE f.cat_id = c.cat_id ! ORDER BY c.cat_order, f.forum_order ASC"; if ( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, "Couldn't obtain forum information", "", __LINE__, __FILE__, $sql); *************** *** 556,562 **** } } ! $sql = "SELECT u.user_id, u.username, u.user_level, g.group_id, g.group_name, g.group_single_user FROM " . USERS_TABLE . " u, " . GROUPS_TABLE . " g, " . USER_GROUP_TABLE . " ug WHERE "; $sql .= ( $mode == 'user' ) ? "u.user_id = $user_id AND ug.user_id = u.user_id AND g.group_id = ug.group_id" : "g.group_id = $group_id AND ug.group_id = g.group_id AND u.user_id = ug.user_id"; if ( !($result = $db->sql_query($sql)) ) { --- 605,611 ---- } } ! $sql = "SELECT u.user_id, u.username, u.user_level, g.group_id, g.group_name, g.group_single_user, ug.user_pending FROM " . USERS_TABLE . " u, " . GROUPS_TABLE . " g, " . USER_GROUP_TABLE . " ug WHERE "; $sql .= ( $mode == 'user' ) ? "u.user_id = $user_id AND ug.user_id = u.user_id AND g.group_id = ug.group_id" : "g.group_id = $group_id AND ug.group_id = g.group_id AND u.user_id = ug.user_id"; if ( !($result = $db->sql_query($sql)) ) { *************** *** 759,765 **** $i++; } ! @reset($auth_user); if ( $mode == 'user' ) { --- 808,814 ---- $i++; } ! // @reset($auth_user); if ( $mode == 'user' ) { *************** *** 784,795 **** if( count($name) ) { ! $t_usergroup_list = ''; for($i = 0; $i < count($ug_info); $i++) { $ug = ( $mode == 'user' ) ? 'group&' . POST_GROUPS_URL : 'user&' . POST_USERS_URL; ! $t_usergroup_list .= ( ( $t_usergroup_list != '' ) ? ', ' : '' ) . '' . $name[$i] . ''; } } else --- 833,851 ---- if( count($name) ) { ! $t_usergroup_list = $t_pending_list = ''; for($i = 0; $i < count($ug_info); $i++) { $ug = ( $mode == 'user' ) ? 'group&' . POST_GROUPS_URL : 'user&' . POST_USERS_URL; ! if (!$ug_info[$i]['user_pending']) ! { ! $t_usergroup_list .= ( ( $t_usergroup_list != '' ) ? ', ' : '' ) . '' . $name[$i] . ''; ! } ! else ! { ! $t_pending_list .= ( ( $t_pending_list != '' ) ? ', ' : '' ) . '' . $name[$i] . ''; ! } } } else *************** *** 852,858 **** $template->assign_vars(array( 'USERNAME' => $t_groupname, ! 'GROUP_MEMBERSHIP' => $lang['Usergroup_members'] . ' : ' . $t_usergroup_list) ); } --- 908,914 ---- $template->assign_vars(array( 'USERNAME' => $t_groupname, ! 'GROUP_MEMBERSHIP' => $lang['Usergroup_members'] . ' : ' . $t_usergroup_list . '
' . $lang['Pending_members'] . ' : ' . $t_pending_list) ); } diff -crN phpbb201/admin/admin_user_ban.php phpbb2017/admin/admin_user_ban.php *** phpbb201/admin/admin_user_ban.php Sat Jul 10 20:16:15 2004 --- phpbb2017/admin/admin_user_ban.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_user_ban.php,v 1.21.2.2 2002/05/12 15:57:45 psotfx Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_user_ban.php,v 1.21.2.5 2004/03/25 15:57:20 acydburn Exp $ * * ***************************************************************************/ *************** *** 49,55 **** $user_list = array(); if ( !empty($HTTP_POST_VARS['username']) ) { ! $this_userdata = get_userdata($HTTP_POST_VARS['username']); if( !$this_userdata ) { message_die(GENERAL_MESSAGE, $lang['No_user_id_specified'] ); --- 49,55 ---- $user_list = array(); if ( !empty($HTTP_POST_VARS['username']) ) { ! $this_userdata = get_userdata($HTTP_POST_VARS['username'], true); if( !$this_userdata ) { message_die(GENERAL_MESSAGE, $lang['No_user_id_specified'] ); *************** *** 155,161 **** // contained in the annotated php manual at php.com (ereg // section) // ! if ( eregi('^(([[:alnum:]\*]+([-_.][[:alnum:]\*]+)*\.?)|(\*))@([[:alnum:]]+([-_]?[[:alnum:]]+)*\.){1,3}([[:alnum:]]{2,6})$', trim($email_list_temp[$i])) ) { $email_list[] = trim($email_list_temp[$i]); } --- 155,161 ---- // contained in the annotated php manual at php.com (ereg // section) // ! if (preg_match('#^(([a-z0-9&.-_+])|(\*))+@[a-z0-9\-]+\.([a-z0-9\-]+\.)*?[a-z]+$#is', trim($email_list_temp[$i]))) { $email_list[] = trim($email_list_temp[$i]); } *************** *** 277,283 **** { if ( $user_list[$i] != -1 ) { ! $where_sql .= ( ( $where_sql != '' ) ? ', ' : '' ) . $user_list[$i]; } } } --- 277,283 ---- { if ( $user_list[$i] != -1 ) { ! $where_sql .= ( ( $where_sql != '' ) ? ', ' : '' ) . intval($user_list[$i]); } } } *************** *** 290,296 **** { if ( $ip_list[$i] != -1 ) { ! $where_sql .= ( ( $where_sql != '' ) ? ', ' : '' ) . $ip_list[$i]; } } } --- 290,296 ---- { if ( $ip_list[$i] != -1 ) { ! $where_sql .= ( ( $where_sql != '' ) ? ', ' : '' ) . str_replace("\'", "''", $ip_list[$i]); } } } *************** *** 303,309 **** { if ( $email_list[$i] != -1 ) { ! $where_sql .= ( ( $where_sql != '' ) ? ', ' : '' ) . $email_list[$i]; } } } --- 303,309 ---- { if ( $email_list[$i] != -1 ) { ! $where_sql .= ( ( $where_sql != '' ) ? ', ' : '' ) . str_replace("\'", "''", $email_list[$i]); } } } diff -crN phpbb201/admin/admin_users.php phpbb2017/admin/admin_users.php *** phpbb201/admin/admin_users.php Sat Jul 10 20:16:15 2004 --- phpbb2017/admin/admin_users.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_users.php,v 1.57.2.2 2002/05/12 15:57:45 psotfx Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_users.php,v 1.57.2.27 2005/07/19 20:01:07 acydburn Exp $ * * ***************************************************************************/ *************** *** 30,36 **** return; } ! $phpbb_root_path = "./../"; require($phpbb_root_path . 'extension.inc'); require('./pagestart.' . $phpEx); require($phpbb_root_path . 'includes/bbcode.'.$phpEx); --- 30,36 ---- return; } ! $phpbb_root_path = './../'; require($phpbb_root_path . 'extension.inc'); require('./pagestart.' . $phpEx); require($phpbb_root_path . 'includes/bbcode.'.$phpEx); *************** *** 38,49 **** --- 38,53 ---- require($phpbb_root_path . 'includes/functions_selects.'.$phpEx); require($phpbb_root_path . 'includes/functions_validate.'.$phpEx); + $html_entities_match = array('#<#', '#>#'); + $html_entities_replace = array('<', '>'); + // // Set mode // if( isset( $HTTP_POST_VARS['mode'] ) || isset( $HTTP_GET_VARS['mode'] ) ) { $mode = ( isset( $HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode']; + $mode = htmlspecialchars($mode); } else { *************** *** 53,74 **** // // Begin program // ! if( $mode == 'edit' || $mode == 'save' && ( isset($HTTP_POST_VARS['username']) || isset($HTTP_GET_VARS[POST_USERS_URL]) || isset( $HTTP_POST_VARS[POST_USERS_URL]) ) ) { // // Ok, the profile has been modified and submitted, let's update // ! if( ( $mode == 'save' && isset( $HTTP_POST_VARS['submit'] ) ) || isset( $HTTP_POST_VARS['avatargallery'] ) || isset( $HTTP_POST_VARS['submitavatar'] ) || isset( $HTTP_POST_VARS['cancelavatar'] ) ) { ! $user_id = intval( $HTTP_POST_VARS['id'] ); ! $this_userdata = get_userdata($user_id); ! if( !$this_userdata ) { message_die(GENERAL_MESSAGE, $lang['No_user_id_specified'] ); } ! $username = ( !empty($HTTP_POST_VARS['username']) ) ? trim(strip_tags( $HTTP_POST_VARS['username'] ) ) : ''; $email = ( !empty($HTTP_POST_VARS['email']) ) ? trim(strip_tags(htmlspecialchars( $HTTP_POST_VARS['email'] ) )) : ''; $password = ( !empty($HTTP_POST_VARS['password']) ) ? trim(strip_tags(htmlspecialchars( $HTTP_POST_VARS['password'] ) )) : ''; --- 57,223 ---- // // Begin program // ! if ( $mode == 'edit' || $mode == 'save' && ( isset($HTTP_POST_VARS['username']) || isset($HTTP_GET_VARS[POST_USERS_URL]) || isset( $HTTP_POST_VARS[POST_USERS_URL]) ) ) { // // Ok, the profile has been modified and submitted, let's update // ! if ( ( $mode == 'save' && isset( $HTTP_POST_VARS['submit'] ) ) || isset( $HTTP_POST_VARS['avatargallery'] ) || isset( $HTTP_POST_VARS['submitavatar'] ) || isset( $HTTP_POST_VARS['cancelavatar'] ) ) { ! $user_id = intval($HTTP_POST_VARS['id']); ! if (!($this_userdata = get_userdata($user_id))) { message_die(GENERAL_MESSAGE, $lang['No_user_id_specified'] ); } ! if( $HTTP_POST_VARS['deleteuser'] ) ! { ! $sql = "SELECT g.group_id ! FROM " . USER_GROUP_TABLE . " ug, " . GROUPS_TABLE . " g ! WHERE ug.user_id = $user_id ! AND g.group_id = ug.group_id ! AND g.group_single_user = 1"; ! if( !($result = $db->sql_query($sql)) ) ! { ! message_die(GENERAL_ERROR, 'Could not obtain group information for this user', '', __LINE__, __FILE__, $sql); ! } ! ! $row = $db->sql_fetchrow($result); ! ! $sql = "UPDATE " . POSTS_TABLE . " ! SET poster_id = " . DELETED . ", post_username = '" . str_replace("\\'", "''", addslashes($this_userdata['username'])) . "' ! WHERE poster_id = $user_id"; ! if( !$db->sql_query($sql) ) ! { ! message_die(GENERAL_ERROR, 'Could not update posts for this user', '', __LINE__, __FILE__, $sql); ! } ! ! $sql = "UPDATE " . TOPICS_TABLE . " ! SET topic_poster = " . DELETED . " ! WHERE topic_poster = $user_id"; ! if( !$db->sql_query($sql) ) ! { ! message_die(GENERAL_ERROR, 'Could not update topics for this user', '', __LINE__, __FILE__, $sql); ! } ! ! $sql = "UPDATE " . VOTE_USERS_TABLE . " ! SET vote_user_id = " . DELETED . " ! WHERE vote_user_id = $user_id"; ! if( !$db->sql_query($sql) ) ! { ! message_die(GENERAL_ERROR, 'Could not update votes for this user', '', __LINE__, __FILE__, $sql); ! } ! ! $sql = "SELECT group_id ! FROM " . GROUPS_TABLE . " ! WHERE group_moderator = $user_id"; ! if( !($result = $db->sql_query($sql)) ) ! { ! message_die(GENERAL_ERROR, 'Could not select groups where user was moderator', '', __LINE__, __FILE__, $sql); ! } ! ! while ( $row_group = $db->sql_fetchrow($result) ) ! { ! $group_moderator[] = $row_group['group_id']; ! } ! ! if ( count($group_moderator) ) ! { ! $update_moderator_id = implode(', ', $group_moderator); ! ! $sql = "UPDATE " . GROUPS_TABLE . " ! SET group_moderator = " . $userdata['user_id'] . " ! WHERE group_moderator IN ($update_moderator_id)"; ! if( !$db->sql_query($sql) ) ! { ! message_die(GENERAL_ERROR, 'Could not update group moderators', '', __LINE__, __FILE__, $sql); ! } ! } ! ! $sql = "DELETE FROM " . USERS_TABLE . " ! WHERE user_id = $user_id"; ! if( !$db->sql_query($sql) ) ! { ! message_die(GENERAL_ERROR, 'Could not delete user', '', __LINE__, __FILE__, $sql); ! } ! ! $sql = "DELETE FROM " . USER_GROUP_TABLE . " ! WHERE user_id = $user_id"; ! if( !$db->sql_query($sql) ) ! { ! message_die(GENERAL_ERROR, 'Could not delete user from user_group table', '', __LINE__, __FILE__, $sql); ! } ! ! $sql = "DELETE FROM " . GROUPS_TABLE . " ! WHERE group_id = " . $row['group_id']; ! if( !$db->sql_query($sql) ) ! { ! message_die(GENERAL_ERROR, 'Could not delete group for this user', '', __LINE__, __FILE__, $sql); ! } ! ! $sql = "DELETE FROM " . AUTH_ACCESS_TABLE . " ! WHERE group_id = " . $row['group_id']; ! if( !$db->sql_query($sql) ) ! { ! message_die(GENERAL_ERROR, 'Could not delete group for this user', '', __LINE__, __FILE__, $sql); ! } ! ! $sql = "DELETE FROM " . TOPICS_WATCH_TABLE . " ! WHERE user_id = $user_id"; ! if ( !$db->sql_query($sql) ) ! { ! message_die(GENERAL_ERROR, 'Could not delete user from topic watch table', '', __LINE__, __FILE__, $sql); ! } ! ! $sql = "DELETE FROM " . BANLIST_TABLE . " ! WHERE ban_userid = $user_id"; ! if ( !$db->sql_query($sql) ) ! { ! message_die(GENERAL_ERROR, 'Could not delete user from banlist table', '', __LINE__, __FILE__, $sql); ! } ! ! $sql = "SELECT privmsgs_id ! FROM " . PRIVMSGS_TABLE . " ! WHERE privmsgs_from_userid = $user_id ! OR privmsgs_to_userid = $user_id"; ! if ( !($result = $db->sql_query($sql)) ) ! { ! message_die(GENERAL_ERROR, 'Could not select all users private messages', '', __LINE__, __FILE__, $sql); ! } ! ! // This little bit of code directly from the private messaging section. ! while ( $row_privmsgs = $db->sql_fetchrow($result) ) ! { ! $mark_list[] = $row_privmsgs['privmsgs_id']; ! } ! ! if ( count($mark_list) ) ! { ! $delete_sql_id = implode(', ', $mark_list); ! ! $delete_text_sql = "DELETE FROM " . PRIVMSGS_TEXT_TABLE . " ! WHERE privmsgs_text_id IN ($delete_sql_id)"; ! $delete_sql = "DELETE FROM " . PRIVMSGS_TABLE . " ! WHERE privmsgs_id IN ($delete_sql_id)"; ! ! if ( !$db->sql_query($delete_sql) ) ! { ! message_die(GENERAL_ERROR, 'Could not delete private message info', '', __LINE__, __FILE__, $delete_sql); ! } ! ! if ( !$db->sql_query($delete_text_sql) ) ! { ! message_die(GENERAL_ERROR, 'Could not delete private message text', '', __LINE__, __FILE__, $delete_text_sql); ! } ! } ! ! $message = $lang['User_deleted'] . '

' . sprintf($lang['Click_return_useradmin'], '', '') . '

' . sprintf($lang['Click_return_admin_index'], '', ''); ! ! message_die(GENERAL_MESSAGE, $message); ! } ! ! $username = ( !empty($HTTP_POST_VARS['username']) ) ? trim(strip_tags(htmlspecialchars($HTTP_POST_VARS['username']))) : ''; $email = ( !empty($HTTP_POST_VARS['email']) ) ? trim(strip_tags(htmlspecialchars( $HTTP_POST_VARS['email'] ) )) : ''; $password = ( !empty($HTTP_POST_VARS['password']) ) ? trim(strip_tags(htmlspecialchars( $HTTP_POST_VARS['password'] ) )) : ''; *************** *** 129,146 **** $password_confirm = ''; $icq = stripslashes($icq); ! $aim = stripslashes($aim); ! $msn = stripslashes($msn); ! $yim = stripslashes($yim); ! ! $website = stripslashes($website); ! $location = stripslashes($location); ! $occupation = stripslashes($occupation); ! $interests = stripslashes($interests); ! $signature = stripslashes($signature); $user_lang = stripslashes($user_lang); ! $user_dateformat = stripslashes($user_dateformat); if ( !isset($HTTP_POST_VARS['cancelavatar'])) { --- 278,295 ---- $password_confirm = ''; $icq = stripslashes($icq); ! $aim = htmlspecialchars(stripslashes($aim)); ! $msn = htmlspecialchars(stripslashes($msn)); ! $yim = htmlspecialchars(stripslashes($yim)); ! ! $website = htmlspecialchars(stripslashes($website)); ! $location = htmlspecialchars(stripslashes($location)); ! $occupation = htmlspecialchars(stripslashes($occupation)); ! $interests = htmlspecialchars(stripslashes($interests)); ! $signature = htmlspecialchars(stripslashes($signature)); $user_lang = stripslashes($user_lang); ! $user_dateformat = htmlspecialchars(stripslashes($user_dateformat)); if ( !isset($HTTP_POST_VARS['cancelavatar'])) { *************** *** 156,179 **** $error = FALSE; ! if( stripslashes($username) != $this_userdata['username'] ) { unset($rename_user); ! $result = validate_username($username); ! if ( $result['error'] ) { ! $error = TRUE; ! $error_msg .= ( ( isset($error_msg) ) ? '
' : '' ) . $result['error_msg']; } ! else { ! $username_sql = "username = '" . str_replace("\'", "''", $username) . "', "; $rename_user = $username; // Used for renaming usergroup } } ! $passwd_sql = ""; if( !empty($password) && !empty($password_confirm) ) { // --- 305,337 ---- $error = FALSE; ! if (stripslashes($username) != $this_userdata['username']) { unset($rename_user); ! if ( stripslashes(strtolower($username)) != strtolower($this_userdata['username']) ) { ! $result = validate_username($username); ! if ( $result['error'] ) ! { ! $error = TRUE; ! $error_msg .= ( ( isset($error_msg) ) ? '
' : '' ) . $result['error_msg']; ! } ! else if ( strtolower(str_replace("\\'", "''", $username)) == strtolower($userdata['username']) ) ! { ! $error = TRUE; ! $error_msg .= ( ( isset($error_msg) ) ? '
' : '' ) . $lang['Username_taken']; ! } } ! ! if (!$error) { ! $username_sql = "username = '" . str_replace("\\'", "''", $username) . "', "; $rename_user = $username; // Used for renaming usergroup } } ! $passwd_sql = ''; if( !empty($password) && !empty($password_confirm) ) { // *************** *** 201,225 **** $error_msg .= ( ( isset($error_msg) ) ? '
' : '' ) . $lang['Password_mismatch']; } ! if( $user_status == 0 ) ! { ! // User is (made) inactive. Delete all their sessions. ! $sql = "DELETE FROM " . SESSIONS_TABLE . " ! WHERE session_user_id = $user_id"; ! if( !$db->sql_query($sql) ) ! { ! message_die(GENERAL_ERROR, 'Could not delete this users sessions', '', __LINE__, __FILE__, $sql); ! } ! } ! ! if( $signature != "" ) { $sig_length_check = preg_replace('/(\[.*?)(=.*?)\]/is', '\\1]', stripslashes($signature)); if ( $allowhtml ) { $sig_length_check = preg_replace('/(\<.*?)(=.*?)( .*?=.*?)?([ \/]?\>)/is', '\\1\\3\\4', $sig_length_check); } - $sig_length_check = preg_replace('/(\[.*?)(=.*?)\]/is', '\\1]', stripslashes($signature)); // Only create a new bbcode_uid when there was no uid yet. if ( $signature_bbcode_uid == '' ) --- 359,371 ---- $error_msg .= ( ( isset($error_msg) ) ? '
' : '' ) . $lang['Password_mismatch']; } ! if ($signature != '') { $sig_length_check = preg_replace('/(\[.*?)(=.*?)\]/is', '\\1]', stripslashes($signature)); if ( $allowhtml ) { $sig_length_check = preg_replace('/(\<.*?)(=.*?)( .*?=.*?)?([ \/]?\>)/is', '\\1\\3\\4', $sig_length_check); } // Only create a new bbcode_uid when there was no uid yet. if ( $signature_bbcode_uid == '' ) *************** *** 238,252 **** // // Avatar stuff // - // - // Avatar stuff - // $avatar_sql = ""; if( isset($HTTP_POST_VARS['avatardel']) ) { if( $this_userdata['user_avatar_type'] == USER_AVATAR_UPLOAD && $this_userdata['user_avatar'] != "" ) { ! if( @file_exists("./" . $board_config['avatar_path'] . "/" . $this_userdata['user_avatar']) ) { @unlink("./" . $board_config['avatar_path'] . "/" . $this_userdata['user_avatar']); } --- 384,395 ---- // // Avatar stuff // $avatar_sql = ""; if( isset($HTTP_POST_VARS['avatardel']) ) { if( $this_userdata['user_avatar_type'] == USER_AVATAR_UPLOAD && $this_userdata['user_avatar'] != "" ) { ! if( @file_exists(@phpbb_realpath("./" . $board_config['avatar_path'] . "/" . $this_userdata['user_avatar'])) ) { @unlink("./" . $board_config['avatar_path'] . "/" . $this_userdata['user_avatar']); } *************** *** 271,279 **** if( $user_avatar_loc != "" ) { ! if( file_exists($user_avatar_loc) && ereg(".jpg$|.gif$|.png$", $user_avatar_name) ) { ! if( $user_avatar_size <= $board_config['avatar_filesize'] && $avatar_size > 0) { $error_type = false; --- 414,422 ---- if( $user_avatar_loc != "" ) { ! if( file_exists(@phpbb_realpath($user_avatar_loc)) && ereg(".jpg$|.gif$|.png$", $user_avatar_name) ) { ! if( $user_avatar_size <= $board_config['avatar_filesize'] && $user_avatar_size > 0) { $error_type = false; *************** *** 314,320 **** if( $this_userdata['user_avatar_type'] == USER_AVATAR_UPLOAD && $this_userdata['user_avatar'] != "" ) { ! if( @file_exists("./../" . $board_config['avatar_path'] . "/" . $this_userdata['user_avatar']) ) { @unlink("./../" . $board_config['avatar_path'] . "/". $this_userdata['user_avatar']); } --- 457,463 ---- if( $this_userdata['user_avatar_type'] == USER_AVATAR_UPLOAD && $this_userdata['user_avatar'] != "" ) { ! if( @file_exists(@phpbb_realpath("./../" . $board_config['avatar_path'] . "/" . $this_userdata['user_avatar'])) ) { @unlink("./../" . $board_config['avatar_path'] . "/". $this_userdata['user_avatar']); } *************** *** 423,429 **** if( $this_userdata['user_avatar_type'] == USER_AVATAR_UPLOAD && $this_userdata['user_avatar'] != "") { ! if( file_exists("./../" . $board_config['avatar_path'] . "/" . $this_userdata['user_avatar']) ) { @unlink("./../" . $board_config['avatar_path'] . "/" . $this_userdata['user_avatar']); } --- 566,572 ---- if( $this_userdata['user_avatar_type'] == USER_AVATAR_UPLOAD && $this_userdata['user_avatar'] != "") { ! if( file_exists(@phpbb_realpath("./../" . $board_config['avatar_path'] . "/" . $this_userdata['user_avatar'])) ) { @unlink("./../" . $board_config['avatar_path'] . "/" . $this_userdata['user_avatar']); } *************** *** 510,607 **** // if( !$error ) { ! if( $HTTP_POST_VARS['deleteuser'] ) { ! $sql = "SELECT g.group_id ! FROM " . USER_GROUP_TABLE . " ug, " . GROUPS_TABLE . " g ! WHERE ug.user_id = $user_id ! AND g.group_id = ug.group_id ! AND g.group_single_user = 1"; ! if( !($result = $db->sql_query($sql)) ) { ! message_die(GENERAL_ERROR, 'Could not obtain group information for this user', '', __LINE__, __FILE__, $sql); } - - $row = $db->sql_fetchrow($result); ! $sql = "UPDATE " . POSTS_TABLE . " ! SET poster_id = " . ANONYMOUS . ", post_username = '$username' ! WHERE poster_id = $user_id"; ! if( !$db->sql_query($sql) ) ! { ! message_die(GENERAL_ERROR, 'Could not update posts for this user', '', __LINE__, __FILE__, $sql); ! } ! ! $sql = "UPDATE " . TOPICS_TABLE . " ! SET topic_poster = " . ANONYMOUS . " ! WHERE topic_poster = $user_id"; ! if( !$db->sql_query($sql) ) { ! message_die(GENERAL_ERROR, 'Could not update topics for this user', '', __LINE__, __FILE__, $sql); ! } ! $sql = "DELETE FROM " . USERS_TABLE . " ! WHERE user_id = $user_id"; ! if( !$db->sql_query($sql) ) ! { ! message_die(GENERAL_ERROR, 'Could not delete user', '', __LINE__, __FILE__, $sql); ! } ! ! $sql = "DELETE FROM " . USER_GROUP_TABLE . " ! WHERE user_id = $user_id"; ! if( !$db->sql_query($sql) ) ! { ! message_die(GENERAL_ERROR, 'Could not delete user from user_group table', '', __LINE__, __FILE__, $sql); ! } ! ! $sql = "DELETE FROM " . GROUPS_TABLE . " ! WHERE group_id = " . $row['group_id']; ! if( !$db->sql_query($sql) ) ! { ! message_die(GENERAL_ERROR, 'Could not delete group for this user', '', __LINE__, __FILE__, $sql); ! } ! ! $sql = "DELETE FROM " . AUTH_ACCESS_TABLE . " ! WHERE group_id = " . $row['group_id']; ! if( !$db->sql_query($sql) ) ! { ! message_die(GENERAL_ERROR, 'Could not delete group for this user', '', __LINE__, __FILE__, $sql); ! } ! ! $sql = "DELETE FROM " . TOPICS_WATCH_TABLE . " ! WHERE user_id = $user_id"; ! if ( !$db->sql_query($sql) ) ! { ! message_die(GENERAL_ERROR, 'Could not delete user from topic watch table', '', __LINE__, __FILE__, $sql); } ! ! $message = $lang['User_deleted']; ! } else { ! $sql = "UPDATE " . USERS_TABLE . " ! SET " . $username_sql . $passwd_sql . "user_email = '" . str_replace("\'", "''", $email) . "', user_icq = '" . str_replace("\'", "''", $icq) . "', user_website = '" . str_replace("\'", "''", $website) . "', user_occ = '" . str_replace("\'", "''", $occupation) . "', user_from = '" . str_replace("\'", "''", $location) . "', user_interests = '" . str_replace("\'", "''", $interests) . "', user_sig = '" . str_replace("\'", "''", $signature) . "', user_viewemail = $viewemail, user_aim = '" . str_replace("\'", "''", $aim) . "', user_yim = '" . str_replace("\'", "''", $yim) . "', user_msnm = '" . str_replace("\'", "''", $msn) . "', user_attachsig = $attachsig, user_sig_bbcode_uid = '$signature_bbcode_uid', user_allowsmile = $allowsmilies, user_allowhtml = $allowhtml, user_allowavatar = $user_allowavatar, user_allowbbcode = $allowbbcode, user_allow_viewonline = $allowviewonline, user_notify = $notifyreply, user_allow_pm = $user_allowpm, user_notify_pm = $notifypm, user_popup_pm = $popuppm, user_lang = '" . str_replace("\'", "''", $user_lang) . "', user_style = $user_style, user_timezone = $user_timezone, user_dateformat = '" . str_replace("\'", "''", $user_dateformat) . "', user_active = $user_status, user_rank = $user_rank" . $avatar_sql . " ! WHERE user_id = $user_id"; ! if( $result = $db->sql_query($sql) ) ! { ! if( isset($rename_user) ) ! { ! $sql = "UPDATE " . GROUPS_TABLE . " ! SET group_name = '".str_replace("\'", "''", $rename_user)."' ! WHERE group_name = '".str_replace("\'", "''", $this_userdata['username'] )."'"; ! if( !$result = $db->sql_query($sql) ) ! { ! message_die(GENERAL_ERROR, 'Could not rename users group', '', __LINE__, __FILE__, $sql); ! } ! } ! $message .= $lang['Admin_user_updated']; ! } ! else ! { ! $error = TRUE; ! $error_msg .= ( ( isset($error_msg) ) ? '
' : '' ) . $lang['Admin_user_fail']; ! } } $message .= '

' . sprintf($lang['Click_return_useradmin'], '', '') . '

' . sprintf($lang['Click_return_admin_index'], '', ''); --- 653,693 ---- // if( !$error ) { ! $sql = "UPDATE " . USERS_TABLE . " ! SET " . $username_sql . $passwd_sql . "user_email = '" . str_replace("\'", "''", $email) . "', user_icq = '" . str_replace("\'", "''", $icq) . "', user_website = '" . str_replace("\'", "''", $website) . "', user_occ = '" . str_replace("\'", "''", $occupation) . "', user_from = '" . str_replace("\'", "''", $location) . "', user_interests = '" . str_replace("\'", "''", $interests) . "', user_sig = '" . str_replace("\'", "''", $signature) . "', user_viewemail = $viewemail, user_aim = '" . str_replace("\'", "''", $aim) . "', user_yim = '" . str_replace("\'", "''", $yim) . "', user_msnm = '" . str_replace("\'", "''", $msn) . "', user_attachsig = $attachsig, user_sig_bbcode_uid = '$signature_bbcode_uid', user_allowsmile = $allowsmilies, user_allowhtml = $allowhtml, user_allowavatar = $user_allowavatar, user_allowbbcode = $allowbbcode, user_allow_viewonline = $allowviewonline, user_notify = $notifyreply, user_allow_pm = $user_allowpm, user_notify_pm = $notifypm, user_popup_pm = $popuppm, user_lang = '" . str_replace("\'", "''", $user_lang) . "', user_style = $user_style, user_timezone = $user_timezone, user_dateformat = '" . str_replace("\'", "''", $user_dateformat) . "', user_active = $user_status, user_rank = $user_rank" . $avatar_sql . " ! WHERE user_id = $user_id"; ! ! if( $result = $db->sql_query($sql) ) { ! if( isset($rename_user) ) { ! $sql = "UPDATE " . GROUPS_TABLE . " ! SET group_name = '".str_replace("\'", "''", $rename_user)."' ! WHERE group_name = '".str_replace("'", "''", $this_userdata['username'] )."'"; ! if( !$result = $db->sql_query($sql) ) ! { ! message_die(GENERAL_ERROR, 'Could not rename users group', '', __LINE__, __FILE__, $sql); ! } } ! // Delete user session, to prevent the user navigating the forum (if logged in) when disabled ! if (!$user_status) { ! $sql = "DELETE FROM " . SESSIONS_TABLE . " ! WHERE session_user_id = " . $user_id; ! if ( !$db->sql_query($sql) ) ! { ! message_die(GENERAL_ERROR, 'Error removing user session', '', __LINE__, __FILE__, $sql); ! } } ! ! $message .= $lang['Admin_user_updated']; } else { ! $error = TRUE; ! $error_msg .= ( ( isset($error_msg) ) ? '
' : '' ) . $lang['Admin_user_fail']; } $message .= '

' . sprintf($lang['Click_return_useradmin'], '', '') . '

' . sprintf($lang['Click_return_admin_index'], '', ''); *************** *** 620,643 **** $template->assign_var_from_handle('ERROR_BOX', 'reg_header'); ! $username = stripslashes($username); $email = stripslashes($email); $password = ''; $password_confirm = ''; $icq = stripslashes($icq); ! $aim = str_replace('+', ' ', stripslashes($aim)); ! $msn = stripslashes($msn); ! $yim = stripslashes($yim); ! ! $website = stripslashes($website); ! $location = stripslashes($location); ! $occupation = stripslashes($occupation); ! $interests = stripslashes($interests); ! $signature = stripslashes($signature); $user_lang = stripslashes($user_lang); ! $user_dateformat = stripslashes($user_dateformat); } } else if( !isset( $HTTP_POST_VARS['submit'] ) && $mode != 'save' && !isset( $HTTP_POST_VARS['avatargallery'] ) && !isset( $HTTP_POST_VARS['submitavatar'] ) && !isset( $HTTP_POST_VARS['cancelavatar'] ) ) --- 706,729 ---- $template->assign_var_from_handle('ERROR_BOX', 'reg_header'); ! $username = htmlspecialchars(stripslashes($username)); $email = stripslashes($email); $password = ''; $password_confirm = ''; $icq = stripslashes($icq); ! $aim = htmlspecialchars(str_replace('+', ' ', stripslashes($aim))); ! $msn = htmlspecialchars(stripslashes($msn)); ! $yim = htmlspecialchars(stripslashes($yim)); ! ! $website = htmlspecialchars(stripslashes($website)); ! $location = htmlspecialchars(stripslashes($location)); ! $occupation = htmlspecialchars(stripslashes($occupation)); ! $interests = htmlspecialchars(stripslashes($interests)); ! $signature = htmlspecialchars(stripslashes($signature)); $user_lang = stripslashes($user_lang); ! $user_dateformat = htmlspecialchars(stripslashes($user_dateformat)); } } else if( !isset( $HTTP_POST_VARS['submit'] ) && $mode != 'save' && !isset( $HTTP_POST_VARS['avatargallery'] ) && !isset( $HTTP_POST_VARS['submitavatar'] ) && !isset( $HTTP_POST_VARS['cancelavatar'] ) ) *************** *** 653,659 **** } else { ! $this_userdata = get_userdata( $HTTP_POST_VARS['username'] ); if( !$this_userdata ) { message_die(GENERAL_MESSAGE, $lang['No_user_id_specified'] ); --- 739,745 ---- } else { ! $this_userdata = get_userdata($HTTP_POST_VARS['username'], true); if( !$this_userdata ) { message_die(GENERAL_MESSAGE, $lang['No_user_id_specified'] ); *************** *** 670,684 **** $password_confirm = ''; $icq = $this_userdata['user_icq']; ! $aim = str_replace('+', ' ', $this_userdata['user_aim'] ); ! $msn = $this_userdata['user_msnm']; ! $yim = $this_userdata['user_yim']; ! ! $website = $this_userdata['user_website']; ! $location = $this_userdata['user_from']; ! $occupation = $this_userdata['user_occ']; ! $interests = $this_userdata['user_interests']; ! $signature = $this_userdata['user_sig']; $viewemail = $this_userdata['user_viewemail']; $notifypm = $this_userdata['user_notify_pm']; --- 756,772 ---- $password_confirm = ''; $icq = $this_userdata['user_icq']; ! $aim = htmlspecialchars(str_replace('+', ' ', $this_userdata['user_aim'] )); ! $msn = htmlspecialchars($this_userdata['user_msnm']); ! $yim = htmlspecialchars($this_userdata['user_yim']); ! ! $website = htmlspecialchars($this_userdata['user_website']); ! $location = htmlspecialchars($this_userdata['user_from']); ! $occupation = htmlspecialchars($this_userdata['user_occ']); ! $interests = htmlspecialchars($this_userdata['user_interests']); ! ! $signature = ($this_userdata['user_sig_bbcode_uid'] != '') ? preg_replace('#:' . $this_userdata['user_sig_bbcode_uid'] . '#si', '', $this_userdata['user_sig']) : $this_userdata['user_sig']; ! $signature = preg_replace($html_entities_match, $html_entities_replace, $signature); $viewemail = $this_userdata['user_viewemail']; $notifypm = $this_userdata['user_notify_pm']; *************** *** 695,701 **** $user_style = $this_userdata['user_style']; $user_lang = $this_userdata['user_lang']; $user_timezone = $this_userdata['user_timezone']; ! $user_dateformat = $this_userdata['user_dateformat']; $user_status = $this_userdata['user_active']; $user_allowavatar = $this_userdata['user_allowavatar']; --- 783,789 ---- $user_style = $this_userdata['user_style']; $user_lang = $this_userdata['user_lang']; $user_timezone = $this_userdata['user_timezone']; ! $user_dateformat = htmlspecialchars($this_userdata['user_dateformat']); $user_status = $this_userdata['user_active']; $user_allowavatar = $this_userdata['user_allowavatar']; *************** *** 723,729 **** $avatar_images = array(); while( $file = @readdir($dir) ) { ! if( $file != "." && $file != ".." && !is_file("./../" . $board_config['avatar_gallery_path'] . "/" . $file) && !is_link("./../" . $board_config['avatar_gallery_path'] . "/" . $file) ) { $sub_dir = @opendir("../" . $board_config['avatar_gallery_path'] . "/" . $file); --- 811,817 ---- $avatar_images = array(); while( $file = @readdir($dir) ) { ! if( $file != "." && $file != ".." && !is_file(phpbb_realpath("./../" . $board_config['avatar_gallery_path'] . "/" . $file)) && !is_link(phpbb_realpath("./../" . $board_config['avatar_gallery_path'] . "/" . $file)) ) { $sub_dir = @opendir("../" . $board_config['avatar_gallery_path'] . "/" . $file); *************** *** 751,757 **** if( isset($HTTP_POST_VARS['avatarcategory']) ) { ! $category = $HTTP_POST_VARS['avatarcategory']; } else { --- 839,845 ---- if( isset($HTTP_POST_VARS['avatarcategory']) ) { ! $category = htmlspecialchars($HTTP_POST_VARS['avatarcategory']); } else { *************** *** 887,894 **** $rank_select_box .= ''; } - $signature = preg_replace('/\:[0-9a-z\:]*?\]/si', ']', $signature); - $template->set_filenames(array( "body" => "admin/user_edit_body.tpl") ); --- 975,980 ---- *************** *** 931,937 **** 'ALWAYS_ALLOW_SMILIES_YES' => ($allowsmilies) ? 'checked="checked"' : '', 'ALWAYS_ALLOW_SMILIES_NO' => (!$allowsmilies) ? 'checked="checked"' : '', 'AVATAR' => $avatar, ! 'LANGUAGE_SELECT' => language_select($user_lang, 'language', '../language'), 'TIMEZONE_SELECT' => tz_select($user_timezone), 'STYLE_SELECT' => style_select($user_style, 'style'), 'DATE_FORMAT' => $user_dateformat, --- 1017,1023 ---- 'ALWAYS_ALLOW_SMILIES_YES' => ($allowsmilies) ? 'checked="checked"' : '', 'ALWAYS_ALLOW_SMILIES_NO' => (!$allowsmilies) ? 'checked="checked"' : '', 'AVATAR' => $avatar, ! 'LANGUAGE_SELECT' => language_select($user_lang), 'TIMEZONE_SELECT' => tz_select($user_timezone), 'STYLE_SELECT' => style_select($user_style, 'style'), 'DATE_FORMAT' => $user_dateformat, *************** *** 943,948 **** --- 1029,1035 ---- 'USER_ACTIVE_NO' => (!$user_status) ? 'checked="checked"' : '', 'RANK_SELECT_BOX' => $rank_select_box, + 'L_USERNAME' => $lang['Username'], 'L_USER_TITLE' => $lang['User_admin'], 'L_USER_EXPLAIN' => $lang['User_admin_explain'], 'L_NEW_PASSWORD' => $lang['New_password'], *************** *** 956,962 **** 'L_YAHOO' => $lang['YIM'], 'L_WEBSITE' => $lang['Website'], 'L_AIM' => $lang['AIM'], ! 'L_LOCATION' => $lang['From'], 'L_OCCUPATION' => $lang['Occupation'], 'L_BOARD_LANGUAGE' => $lang['Board_lang'], 'L_BOARD_STYLE' => $lang['Board_style'], --- 1043,1049 ---- 'L_YAHOO' => $lang['YIM'], 'L_WEBSITE' => $lang['Website'], 'L_AIM' => $lang['AIM'], ! 'L_LOCATION' => $lang['Location'], 'L_OCCUPATION' => $lang['Occupation'], 'L_BOARD_LANGUAGE' => $lang['Board_lang'], 'L_BOARD_STYLE' => $lang['Board_style'], *************** *** 1014,1020 **** 'S_PROFILE_ACTION' => append_sid("admin_users.$phpEx")) ); ! if( file_exists('./../' . $board_config['avatar_path'] ) ) { if ( $form_enctype != '' ) { --- 1101,1107 ---- 'S_PROFILE_ACTION' => append_sid("admin_users.$phpEx")) ); ! if( file_exists(@phpbb_realpath('./../' . $board_config['avatar_path'])) && ($board_config['allow_avatar_upload'] == TRUE) ) { if ( $form_enctype != '' ) { *************** *** 1023,1036 **** $template->assign_block_vars('avatar_remote_upload', array() ); } ! if( file_exists('./../' . $board_config['avatar_gallery_path'] ) ) { $template->assign_block_vars('avatar_local_gallery', array() ); } } $template->pparse('body'); - } else { --- 1110,1127 ---- $template->assign_block_vars('avatar_remote_upload', array() ); } ! if( file_exists(@phpbb_realpath('./../' . $board_config['avatar_gallery_path'])) && ($board_config['allow_avatar_local'] == TRUE) ) { $template->assign_block_vars('avatar_local_gallery', array() ); } + + if( $board_config['allow_avatar_remote'] == TRUE ) + { + $template->assign_block_vars('avatar_remote_link', array() ); + } } $template->pparse('body'); } else { diff -crN phpbb201/admin/admin_words.php phpbb2017/admin/admin_words.php *** phpbb201/admin/admin_words.php Sat Jul 10 20:16:15 2004 --- phpbb2017/admin/admin_words.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_words.php,v 1.10.2.2 2002/05/12 15:57:45 psotfx Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_words.php,v 1.10.2.3 2004/03/25 15:57:20 acydburn Exp $ * * ***************************************************************************/ *************** *** 39,44 **** --- 39,45 ---- if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) ) { $mode = ($HTTP_GET_VARS['mode']) ? $HTTP_GET_VARS['mode'] : $HTTP_POST_VARS['mode']; + $mode = htmlspecialchars($mode); } else { *************** *** 63,69 **** { if( $mode == "edit" || $mode == "add" ) { ! $word_id = ( isset($HTTP_GET_VARS['id']) ) ? $HTTP_GET_VARS['id'] : 0; $template->set_filenames(array( "body" => "admin/words_edit_body.tpl") --- 64,70 ---- { if( $mode == "edit" || $mode == "add" ) { ! $word_id = ( isset($HTTP_GET_VARS['id']) ) ? intval($HTTP_GET_VARS['id']) : 0; $template->set_filenames(array( "body" => "admin/words_edit_body.tpl") *************** *** 113,119 **** } else if( $mode == "save" ) { ! $word_id = ( isset($HTTP_POST_VARS['id']) ) ? $HTTP_POST_VARS['id'] : 0; $word = ( isset($HTTP_POST_VARS['word']) ) ? trim($HTTP_POST_VARS['word']) : ""; $replacement = ( isset($HTTP_POST_VARS['replacement']) ) ? trim($HTTP_POST_VARS['replacement']) : ""; --- 114,120 ---- } else if( $mode == "save" ) { ! $word_id = ( isset($HTTP_POST_VARS['id']) ) ? intval($HTTP_POST_VARS['id']) : 0; $word = ( isset($HTTP_POST_VARS['word']) ) ? trim($HTTP_POST_VARS['word']) : ""; $replacement = ( isset($HTTP_POST_VARS['replacement']) ) ? trim($HTTP_POST_VARS['replacement']) : ""; *************** *** 150,155 **** --- 151,157 ---- if( isset($HTTP_POST_VARS['id']) || isset($HTTP_GET_VARS['id']) ) { $word_id = ( isset($HTTP_POST_VARS['id']) ) ? $HTTP_POST_VARS['id'] : $HTTP_GET_VARS['id']; + $word_id = intval($word_id); } else { diff -crN phpbb201/admin/index.php phpbb2017/admin/index.php *** phpbb201/admin/index.php Sat Jul 10 20:16:15 2004 --- phpbb2017/admin/index.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: index.php,v 1.40.2.2 2002/05/17 22:58:18 psotfx Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: index.php,v 1.40.2.7 2005/02/21 18:37:02 acydburn Exp $ * * ***************************************************************************/ *************** *** 132,137 **** --- 132,138 ---- "L_ADMIN_INTRO" => $lang['Admin_intro'], "L_FORUM_STATS" => $lang['Forum_stats'], "L_WHO_IS_ONLINE" => $lang['Who_is_Online'], + "L_USERNAME" => $lang['Username'], "L_LOCATION" => $lang['Location'], "L_LAST_UPDATE" => $lang['Last_updated'], "L_IP_ADDRESS" => $lang['IP_Address'], *************** *** 331,337 **** WHERE s.session_logged_in = " . TRUE . " AND u.user_id = s.session_user_id AND u.user_id <> " . ANONYMOUS . " ! AND u.user_session_time >= " . ( time() - 300 ) . " ORDER BY u.user_session_time DESC"; if(!$result = $db->sql_query($sql)) { --- 332,338 ---- WHERE s.session_logged_in = " . TRUE . " AND u.user_id = s.session_user_id AND u.user_id <> " . ANONYMOUS . " ! AND s.session_time >= " . ( time() - 300 ) . " ORDER BY u.user_session_time DESC"; if(!$result = $db->sql_query($sql)) { *************** *** 454,460 **** "FORUM_LOCATION" => $location, "IP_ADDRESS" => $reg_ip, ! "U_WHOIS_IP" => "http://www.samspade.org/t/ipwhois?a=$reg_ip", "U_USER_PROFILE" => append_sid("admin_users.$phpEx?mode=edit&" . POST_USERS_URL . "=" . $onlinerow_reg[$i]['user_id']), "U_FORUM_LOCATION" => append_sid($location_url)) ); --- 455,461 ---- "FORUM_LOCATION" => $location, "IP_ADDRESS" => $reg_ip, ! "U_WHOIS_IP" => "http://network-tools.com/default.asp?host=$reg_ip", "U_USER_PROFILE" => append_sid("admin_users.$phpEx?mode=edit&" . POST_USERS_URL . "=" . $onlinerow_reg[$i]['user_id']), "U_FORUM_LOCATION" => append_sid($location_url)) ); *************** *** 546,552 **** "FORUM_LOCATION" => $location, "IP_ADDRESS" => $guest_ip, ! "U_WHOIS_IP" => "http://www.samspade.org/t/ipwhois?a=$guest_ip", "U_FORUM_LOCATION" => append_sid($location_url)) ); } --- 547,553 ---- "FORUM_LOCATION" => $location, "IP_ADDRESS" => $guest_ip, ! "U_WHOIS_IP" => "http://network-tools.com/default.asp?host=$guest_ip", "U_FORUM_LOCATION" => append_sid($location_url)) ); } *************** *** 558,563 **** --- 559,629 ---- "L_NO_GUESTS_BROWSING" => $lang['No_users_browsing']) ); } + + // Check for new version + $current_version = explode('.', '2' . $board_config['version']); + $minor_revision = (int) $current_version[2]; + + $errno = 0; + $errstr = $version_info = ''; + + if ($fsock = @fsockopen('www.phpbb.com', 80, $errno, $errstr)) + { + @fputs($fsock, "GET /updatecheck/20x.txt HTTP/1.1\r\n"); + @fputs($fsock, "HOST: www.phpbb.com\r\n"); + @fputs($fsock, "Connection: close\r\n\r\n"); + + $get_info = false; + while (!@feof($fsock)) + { + if ($get_info) + { + $version_info .= @fread($fsock, 1024); + } + else + { + if (@fgets($fsock, 1024) == "\r\n") + { + $get_info = true; + } + } + } + @fclose($fsock); + + $version_info = explode("\n", $version_info); + $latest_head_revision = (int) $version_info[0]; + $latest_minor_revision = (int) $version_info[2]; + $latest_version = (int) $version_info[0] . '.' . (int) $version_info[1] . '.' . (int) $version_info[2]; + + if ($latest_head_revision == 2 && $minor_revision == $latest_minor_revision) + { + $version_info = '

' . $lang['Version_up_to_date'] . '

'; + } + else + { + $version_info = '

' . $lang['Version_not_up_to_date']; + $version_info .= '
' . sprintf($lang['Latest_version_info'], $latest_version) . sprintf($lang['Current_version_info'], '2' . $board_config['version']) . '

'; + } + } + else + { + if ($errstr) + { + $version_info = '

' . sprintf($lang['Connect_socket_error'], $errstr) . '

'; + } + else + { + $version_info = '

' . $lang['Socket_functions_disabled'] . '

'; + } + } + + $version_info .= '

' . $lang['Mailing_list_subscribe_reminder'] . '

'; + + + $template->assign_vars(array( + 'VERSION_INFO' => $version_info, + 'L_VERSION_INFORMATION' => $lang['Version_information']) + ); $template->pparse("body"); diff -crN phpbb201/admin/page_footer_admin.php phpbb2017/admin/page_footer_admin.php *** phpbb201/admin/page_footer_admin.php Sat Jul 10 20:16:15 2004 --- phpbb2017/admin/page_footer_admin.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: page_footer_admin.php,v 1.9.2.2 2002/05/12 15:57:45 psotfx Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: page_footer_admin.php,v 1.9.2.3 2005/04/15 20:15:47 acydburn Exp $ * * ***************************************************************************/ *************** *** 33,39 **** ); $template->assign_vars(array( ! 'PHPBB_VERSION' => '2' . $board_config['version'], 'TRANSLATION_INFO' => $lang['TRANSLATION_INFO']) ); --- 33,39 ---- ); $template->assign_vars(array( ! 'PHPBB_VERSION' => ($userdata['user_level'] == ADMIN && $userdata['user_id'] != ANONYMOUS) ? '2' . $board_config['version'] : '', 'TRANSLATION_INFO' => $lang['TRANSLATION_INFO']) ); diff -crN phpbb201/admin/page_header_admin.php phpbb2017/admin/page_header_admin.php *** phpbb201/admin/page_header_admin.php Sat Jul 10 20:16:15 2004 --- phpbb2017/admin/page_header_admin.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: page_header_admin.php,v 1.12.2.2 2002/05/12 15:57:45 psotfx Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: page_header_admin.php,v 1.12.2.6 2005/03/26 14:15:59 acydburn Exp $ * * ***************************************************************************/ *************** *** 35,41 **** { $phpver = phpversion(); ! if ( $phpver >= '4.0.4pl1' && strstr($HTTP_USER_AGENT,'compatible') ) { if ( extension_loaded('zlib') ) { --- 35,43 ---- { $phpver = phpversion(); ! $useragent = (isset($HTTP_SERVER_VARS['HTTP_USER_AGENT'])) ? $HTTP_SERVER_VARS['HTTP_USER_AGENT'] : getenv('HTTP_USER_AGENT'); ! ! if ( $phpver >= '4.0.4pl1' && ( strstr($useragent,'compatible') || strstr($useragent,'Gecko') ) ) { if ( extension_loaded('zlib') ) { *************** *** 62,67 **** --- 64,73 ---- 'header' => 'admin/page_header.tpl') ); + // Format Timezone. We are unable to use array_pop here, because of PHP3 compatibility + $l_timezone = explode('.', $board_config['board_timezone']); + $l_timezone = (count($l_timezone) > 1 && $l_timezone[count($l_timezone)-1] != 0) ? $lang[sprintf('%.1f', $board_config['board_timezone'])] : $lang[number_format($board_config['board_timezone'])]; + // // The following assigns all _common_ variables that may be used at any point // in a template. Note that all URL's should be wrapped in append_sid, as *************** *** 77,83 **** 'U_INDEX' => append_sid('../index.'.$phpEx), ! 'S_TIMEZONE' => sprintf($lang['All_times'], $lang[$board_config['board_timezone']]), 'S_LOGIN_ACTION' => append_sid('../login.'.$phpEx), 'S_JUMPBOX_ACTION' => append_sid('../viewforum.'.$phpEx), 'S_CURRENT_TIME' => sprintf($lang['Current_time'], create_date($board_config['default_dateformat'], time(), $board_config['board_timezone'])), --- 83,89 ---- 'U_INDEX' => append_sid('../index.'.$phpEx), ! 'S_TIMEZONE' => sprintf($lang['All_times'], $l_timezone), 'S_LOGIN_ACTION' => append_sid('../login.'.$phpEx), 'S_JUMPBOX_ACTION' => append_sid('../viewforum.'.$phpEx), 'S_CURRENT_TIME' => sprintf($lang['Current_time'], create_date($board_config['default_dateformat'], time(), $board_config['board_timezone'])), *************** *** 129,132 **** $template->pparse('header'); ! ?> \ No newline at end of file --- 135,138 ---- $template->pparse('header'); ! ?> diff -crN phpbb201/admin/pagestart.php phpbb2017/admin/pagestart.php *** phpbb201/admin/pagestart.php Sat Jul 10 20:16:15 2004 --- phpbb2017/admin/pagestart.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: pagestart.php,v 1.1.2.2 2002/05/13 13:18:17 psotfx Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: pagestart.php,v 1.1.2.9 2005/06/26 14:39:30 acydburn Exp $ * * ***************************************************************************/ *************** *** 20,32 **** * ***************************************************************************/ ! if ( !defined('IN_PHPBB') ) { die("Hacking attempt"); } define('IN_ADMIN', true); ! include($phpbb_root_path . 'common.'.$phpEx); // --- 20,32 ---- * ***************************************************************************/ ! if (!defined('IN_PHPBB')) { die("Hacking attempt"); } define('IN_ADMIN', true); ! // Include files include($phpbb_root_path . 'common.'.$phpEx); // *************** *** 37,54 **** // // End session management // ! if( !$userdata['session_logged_in'] ) { ! $header_location = ( @preg_match('/Microsoft|WebSTAR|Xitami/', getenv('SERVER_SOFTWARE')) ) ? 'Refresh: 0; URL=' : 'Location: '; ! header($header_location . '../' . append_sid("login.$phpEx?redirect=admin/")); ! exit; } ! else if( $userdata['user_level'] != ADMIN ) { message_die(GENERAL_MESSAGE, $lang['Not_admin']); } ! if ( empty($no_page_header) ) { // Not including the pageheader can be neccesarry if META tags are // needed in the calling script. --- 37,70 ---- // // End session management // ! ! if (!$userdata['session_logged_in']) { ! redirect(append_sid("login.$phpEx?redirect=admin/index.$phpEx", true)); } ! else if ($userdata['user_level'] != ADMIN) { message_die(GENERAL_MESSAGE, $lang['Not_admin']); } ! if ($HTTP_GET_VARS['sid'] != $userdata['session_id']) ! { ! $url = str_replace(preg_replace('#^\/?(.*?)\/?$#', '\1', trim($board_config['server_name'])), '', $HTTP_SERVER_VARS['REQUEST_URI']); ! $url = str_replace(preg_replace('#^\/?(.*?)\/?$#', '\1', trim($board_config['script_path'])), '', $url); ! $url = str_replace('//', '/', $url); ! $url = preg_replace('/sid=([^&]*)(&?)/i', '', $url); ! $url = preg_replace('/\?$/', '', $url); ! $url .= ((strpos($url, '?')) ? '&' : '?') . 'sid=' . $userdata['session_id']; ! ! redirect("index.$phpEx?sid=" . $userdata['session_id']); ! } ! ! if (!$userdata['session_admin']) ! { ! redirect(append_sid("login.$phpEx?redirect=admin/index.$phpEx&admin=1", true)); ! } ! ! if (empty($no_page_header)) { // Not including the pageheader can be neccesarry if META tags are // needed in the calling script. diff -crN phpbb201/common.php phpbb2017/common.php *** phpbb201/common.php Sat Jul 10 20:16:16 2004 --- phpbb2017/common.php Tue Jul 19 22:14:58 2005 *************** *** 6,13 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: common.php,v 1.74.2.3 2002/05/13 13:18:17 psotfx Exp $ ! * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: common.php,v 1.74.2.17 2005/02/21 19:29:30 acydburn Exp $ * ***************************************************************************/ *************** *** 25,33 **** --- 24,105 ---- die("Hacking attempt"); } + // error_reporting (E_ERROR | E_WARNING | E_PARSE); // This will NOT report uninitialized variables set_magic_quotes_runtime(0); // Disable magic_quotes_runtime + // The following code (unsetting globals) was contributed by Matt Kavanagh + + // PHP5 with register_long_arrays off? + if (!isset($HTTP_POST_VARS) && isset($_POST)) + { + $HTTP_POST_VARS = $_POST; + $HTTP_GET_VARS = $_GET; + $HTTP_SERVER_VARS = $_SERVER; + $HTTP_COOKIE_VARS = $_COOKIE; + $HTTP_ENV_VARS = $_ENV; + $HTTP_POST_FILES = $_FILES; + + // _SESSION is the only superglobal which is conditionally set + if (isset($_SESSION)) + { + $HTTP_SESSION_VARS = $_SESSION; + } + } + + if (@phpversion() < '4.0.0') + { + // PHP3 path; in PHP3, globals are _always_ registered + + // We 'flip' the array of variables to test like this so that + // we can validate later with isset($test[$var]) (no in_array()) + $test = array('HTTP_GET_VARS' => NULL, 'HTTP_POST_VARS' => NULL, 'HTTP_COOKIE_VARS' => NULL, 'HTTP_SERVER_VARS' => NULL, 'HTTP_ENV_VARS' => NULL, 'HTTP_POST_FILES' => NULL, 'phpEx' => NULL, 'phpbb_root_path' => NULL); + + // Loop through each input array + @reset($test); + while (list($input,) = @each($test)) + { + while (list($var,) = @each($$input)) + { + // Validate the variable to be unset + if (!isset($test[$var]) && $var != 'test' && $var != 'input') + { + unset($$var); + } + } + } + } + else if (@ini_get('register_globals') == '1' || strtolower(@ini_get('register_globals')) == 'on') + { + // PHP4+ path + $not_unset = array('HTTP_GET_VARS', 'HTTP_POST_VARS', 'HTTP_COOKIE_VARS', 'HTTP_SERVER_VARS', 'HTTP_SESSION_VARS', 'HTTP_ENV_VARS', 'HTTP_POST_FILES', 'phpEx', 'phpbb_root_path'); + + // Not only will array_merge give a warning if a parameter + // is not an array, it will actually fail. So we check if + // HTTP_SESSION_VARS has been initialised. + if (!isset($HTTP_SESSION_VARS)) + { + $HTTP_SESSION_VARS = array(); + } + + // Merge all into one extremely huge array; unset + // this later + $input = array_merge($HTTP_GET_VARS, $HTTP_POST_VARS, $HTTP_COOKIE_VARS, $HTTP_SERVER_VARS, $HTTP_SESSION_VARS, $HTTP_ENV_VARS, $HTTP_POST_FILES); + + unset($input['input']); + unset($input['not_unset']); + + while (list($var,) = @each($input)) + { + if (!in_array($var, $not_unset)) + { + unset($$var); + } + } + + unset($input); + } + // // addslashes to vars if magic_quotes_gpc is off // this is a security precaution to prevent someone *************** *** 106,118 **** $theme = array(); $images = array(); $lang = array(); $gen_simple_header = FALSE; include($phpbb_root_path . 'config.'.$phpEx); if( !defined("PHPBB_INSTALLED") ) { ! header("Location: install.$phpEx"); exit; } --- 178,191 ---- $theme = array(); $images = array(); $lang = array(); + $nav_links = array(); $gen_simple_header = FALSE; include($phpbb_root_path . 'config.'.$phpEx); if( !defined("PHPBB_INSTALLED") ) { ! header("Location: install/install.$phpEx"); exit; } *************** *** 124,167 **** include($phpbb_root_path . 'includes/db.'.$phpEx); // - // Mozilla navigation bar - // Default items that should be valid on all pages. - // Defined here and not in page_header.php so they can be redefined in the code - // - $nav_links['top'] = array ( - 'url' => append_sid($phpbb_root_dir."index.".$phpEx), - 'title' => sprintf($lang['Forum_Index'], $board_config['sitename']) - ); - $nav_links['search'] = array ( - 'url' => append_sid($phpbb_root_dir."search.".$phpEx), - 'title' => $lang['Search'] - ); - $nav_links['help'] = array ( - 'url' => append_sid($phpbb_root_dir."faq.".$phpEx), - 'title' => $lang['FAQ'] - ); - $nav_links['author'] = array ( - 'url' => append_sid($phpbb_root_dir."memberlist.".$phpEx), - 'title' => $lang['Memberlist'] - ); - - // // Obtain and encode users IP // ! if( getenv('HTTP_X_FORWARDED_FOR') != '' ) ! { ! $client_ip = ( !empty($HTTP_SERVER_VARS['REMOTE_ADDR']) ) ? $HTTP_SERVER_VARS['REMOTE_ADDR'] : ( ( !empty($HTTP_ENV_VARS['REMOTE_ADDR']) ) ? $HTTP_ENV_VARS['REMOTE_ADDR'] : $REMOTE_ADDR ); ! ! if ( preg_match("/^([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)/", getenv('HTTP_X_FORWARDED_FOR'), $ip_list) ) ! { ! $private_ip = array('/^0\./', '/^127\.0\.0\.1/', '/^192\.168\..*/', '/^172\.16\..*/', '/^10..*/', '/^224..*/', '/^240..*/'); ! $client_ip = preg_replace($private_ip, $client_ip, $ip_list[1]); ! } ! } ! else ! { ! $client_ip = ( !empty($HTTP_SERVER_VARS['REMOTE_ADDR']) ) ? $HTTP_SERVER_VARS['REMOTE_ADDR'] : ( ( !empty($HTTP_ENV_VARS['REMOTE_ADDR']) ) ? $HTTP_ENV_VARS['REMOTE_ADDR'] : $REMOTE_ADDR ); ! } $user_ip = encode_ip($client_ip); // --- 197,210 ---- include($phpbb_root_path . 'includes/db.'.$phpEx); // // Obtain and encode users IP // ! // I'm removing HTTP_X_FORWARDED_FOR ... this may well cause other problems such as ! // private range IP's appearing instead of the guilty routable IP, tough, don't ! // even bother complaining ... go scream and shout at the idiots out there who feel ! // "clever" is doing harm rather than good ... karma is a great thing ... :) ! // ! $client_ip = ( !empty($HTTP_SERVER_VARS['REMOTE_ADDR']) ) ? $HTTP_SERVER_VARS['REMOTE_ADDR'] : ( ( !empty($HTTP_ENV_VARS['REMOTE_ADDR']) ) ? $HTTP_ENV_VARS['REMOTE_ADDR'] : getenv('REMOTE_ADDR') ); $user_ip = encode_ip($client_ip); // *************** *** 179,184 **** --- 222,232 ---- while ( $row = $db->sql_fetchrow($result) ) { $board_config[$row['config_name']] = $row['config_value']; + } + + if (file_exists('install') || file_exists('contrib')) + { + message_die(GENERAL_MESSAGE, 'Please ensure both the install/ and contrib/ directories are deleted'); } // diff -crN phpbb201/db/msaccess.php phpbb2017/db/msaccess.php *** phpbb201/db/msaccess.php Sat Jul 10 20:16:15 2004 --- phpbb2017/db/msaccess.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: msaccess.php,v 1.8.2.1 2002/05/12 00:47:40 psotfx Exp $ * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: msaccess.php,v 1.8.2.2 2002/09/28 12:50:59 psotfx Exp $ * ***************************************************************************/ *************** *** 117,123 **** $query = "TOP " . ( $row_offset + $num_rows ) . $query; } ! $this->result = odbc_exec($this->db_connect_id, "SELECT $query"); if( $this->result ) { --- 117,123 ---- $query = "TOP " . ( $row_offset + $num_rows ) . $query; } ! $this->result = odbc_exec($this->db_connect_id, "SELECT $query"); if( $this->result ) { *************** *** 137,143 **** $row_outer_max = ( isset($num_rows) ) ? $row_offset + $num_rows + 1 : 1E9; $row_inner = 0; ! while( odbc_fetch_row($this->result) && $row_outer < $row_outer_max ) { for($j = 0; $j < count($this->field_names[$this->result]); $j++) { --- 137,143 ---- $row_outer_max = ( isset($num_rows) ) ? $row_offset + $num_rows + 1 : 1E9; $row_inner = 0; ! while( odbc_fetch_row($this->result, $row_outer) && $row_outer < $row_outer_max ) { for($j = 0; $j < count($this->field_names[$this->result]); $j++) { *************** *** 148,154 **** $row_inner++; } ! $this->num_rows[$this->result] = count($this->result_rowset[$this->result]); odbc_free_result($this->result); } --- 148,154 ---- $row_inner++; } ! $this->num_rows[$this->result] = count($this->result_rowset[$this->result]); odbc_free_result($this->result); } *************** *** 165,171 **** { if( odbc_fetch_row($result_id) ) { ! $this->next_id[$this->db_connect_id] = odbc_result($result_id, 1); $this->affected_rows[$this->db_connect_id] = odbc_num_rows($this->result); } } --- 165,171 ---- { if( odbc_fetch_row($result_id) ) { ! $this->next_id[$this->db_connect_id] = odbc_result($result_id, 1); $this->affected_rows[$this->db_connect_id] = odbc_num_rows($this->result); } } *************** *** 232,238 **** // function sql_numrows($query_id = 0) { ! if( !$query_id ) { $query_id = $this->result; } --- 232,238 ---- // function sql_numrows($query_id = 0) { ! if( !$query_id ) { $query_id = $this->result; } diff -crN phpbb201/db/mssql.php phpbb2017/db/mssql.php *** phpbb201/db/mssql.php Sat Jul 10 20:16:15 2004 --- phpbb2017/db/mssql.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : supportphpbb.com * ! * $Id: mssql.php,v 1.22.2.1 2002/05/12 01:27:26 psotfx Exp $ * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : supportphpbb.com * ! * $Id: mssql.php,v 1.22.2.2 2002/12/21 18:31:53 psotfx Exp $ * ***************************************************************************/ *************** *** 51,57 **** $this->server = $sqlserver; $this->dbname = $database; ! $this->db_connect_id = ( $this->persistency ) ? mssql_pconnect($this->server, $this->user, $this->password) : mssql_connect($this->server, $this->user, $this->password); if( $this->db_connect_id && $this->dbname != "" ) { --- 51,57 ---- $this->server = $sqlserver; $this->dbname = $database; ! $this->db_connect_id = ( $this->persistency ) ? @mssql_pconnect($this->server, $this->user, $this->password) : @mssql_connect($this->server, $this->user, $this->password); if( $this->db_connect_id && $this->dbname != "" ) { *************** *** 92,98 **** // // Query method // ! function sql_query($query = "", $transaction = FALSE) { // // Remove any pre-existing queries --- 92,98 ---- // // Query method // ! function sql_query($query = '', $transaction = FALSE) { // // Remove any pre-existing queries *************** *** 100,112 **** unset($this->result); unset($this->row); ! if ( $query != "" ) { $this->num_queries++; if ( $transaction == BEGIN_TRANSACTION && !$this->in_transaction ) { ! if ( !mssql_query("BEGIN TRANSACTION", $this->db_connect_id) ) { return false; } --- 100,112 ---- unset($this->result); unset($this->row); ! if ( $query != '' ) { $this->num_queries++; if ( $transaction == BEGIN_TRANSACTION && !$this->in_transaction ) { ! if ( !@mssql_query('BEGIN TRANSACTION', $this->db_connect_id) ) { return false; } *************** *** 125,131 **** // returns something then there's a problem. This may well be a false assumption though // ... needs checking under Windows itself. // ! if( preg_match("/^SELECT(.*?)(LIMIT ([0-9]+)[, ]*([0-9]+)*)?$/s", $query, $limits) ) { $query = $limits[1]; --- 125,131 ---- // returns something then there's a problem. This may well be a false assumption though // ... needs checking under Windows itself. // ! if( preg_match('#^SELECT(.*?)(LIMIT ([0-9]+)[, ]*([0-9]+)*)?$#s', $query, $limits) ) { $query = $limits[1]; *************** *** 134,143 **** $row_offset = ( $limits[4] ) ? $limits[3] : ""; $num_rows = ( $limits[4] ) ? $limits[4] : $limits[3]; ! $query = "TOP " . ( $row_offset + $num_rows ) . $query; } ! $this->result = mssql_query("SELECT $query", $this->db_connect_id); if( $this->result ) { --- 134,143 ---- $row_offset = ( $limits[4] ) ? $limits[3] : ""; $num_rows = ( $limits[4] ) ? $limits[4] : $limits[3]; ! $query = 'TOP ' . ( $row_offset + $num_rows ) . $query; } ! $this->result = @mssql_query("SELECT $query", $this->db_connect_id); if( $this->result ) { *************** *** 145,164 **** if( $row_offset > 0 ) { ! mssql_data_seek($this->result, $row_offset); } } } ! else if( eregi("^INSERT ", $query) ) { ! if( mssql_query($query, $this->db_connect_id) ) { $this->result = time() + microtime(); ! $result_id = mssql_query("SELECT @@IDENTITY AS id, @@ROWCOUNT as affected", $this->db_connect_id); if( $result_id ) { ! if( $row = mssql_fetch_array($result_id) ) { $this->next_id[$this->db_connect_id] = $row['id']; $this->affected_rows[$this->db_connect_id] = $row['affected']; --- 145,164 ---- if( $row_offset > 0 ) { ! @mssql_data_seek($this->result, $row_offset); } } } ! else if( preg_match('#^INSERT #i', $query) ) { ! if( @mssql_query($query, $this->db_connect_id) ) { $this->result = time() + microtime(); ! $result_id = @mssql_query('SELECT @@IDENTITY AS id, @@ROWCOUNT as affected', $this->db_connect_id); if( $result_id ) { ! if( $row = @mssql_fetch_array($result_id) ) { $this->next_id[$this->db_connect_id] = $row['id']; $this->affected_rows[$this->db_connect_id] = $row['affected']; *************** *** 168,181 **** } else { ! if( mssql_query($query, $this->db_connect_id) ) { $this->result = time() + microtime(); ! $result_id = mssql_query("SELECT @@ROWCOUNT as affected", $this->db_connect_id); if( $result_id ) { ! if( $row = mssql_fetch_array($result_id) ) { $this->affected_rows[$this->db_connect_id] = $row['affected']; } --- 168,181 ---- } else { ! if( @mssql_query($query, $this->db_connect_id) ) { $this->result = time() + microtime(); ! $result_id = @mssql_query('SELECT @@ROWCOUNT as affected', $this->db_connect_id); if( $result_id ) { ! if( $row = @mssql_fetch_array($result_id) ) { $this->affected_rows[$this->db_connect_id] = $row['affected']; } *************** *** 187,193 **** { if( $this->in_transaction ) { ! mssql_query("ROLLBACK", $this->db_connect_id); $this->in_transaction = FALSE; } --- 187,193 ---- { if( $this->in_transaction ) { ! @mssql_query('ROLLBACK', $this->db_connect_id); $this->in_transaction = FALSE; } *************** *** 198,204 **** { $this->in_transaction = FALSE; ! if( !@mssql_query("COMMIT", $this->db_connect_id) ) { @mssql_query("ROLLBACK", $this->db_connect_id); return false; --- 198,204 ---- { $this->in_transaction = FALSE; ! if( !@mssql_query('COMMIT', $this->db_connect_id) ) { @mssql_query("ROLLBACK", $this->db_connect_id); return false; *************** *** 213,221 **** { $this->in_transaction = FALSE; ! if( !@mssql_query("COMMIT", $this->db_connect_id) ) { ! @mssql_query("ROLLBACK", $this->db_connect_id); return false; } } --- 213,221 ---- { $this->in_transaction = FALSE; ! if( !@mssql_query('COMMIT', $this->db_connect_id) ) { ! @mssql_query('ROLLBACK', $this->db_connect_id); return false; } } *************** *** 236,242 **** if( $query_id ) { ! return ( !empty($this->limit_offset[$query_id]) ) ? mssql_num_rows($query_id) - $this->limit_offset[$query_id] : @mssql_num_rows($query_id); } else { --- 236,242 ---- if( $query_id ) { ! return ( !empty($this->limit_offset[$query_id]) ) ? @mssql_num_rows($query_id) - $this->limit_offset[$query_id] : @mssql_num_rows($query_id); } else { *************** *** 251,257 **** $query_id = $this->result; } ! return ( $query_id ) ? mssql_num_fields($query_id) : false; } function sql_fieldname($offset, $query_id = 0) --- 251,257 ---- $query_id = $this->result; } ! return ( $query_id ) ? @mssql_num_fields($query_id) : false; } function sql_fieldname($offset, $query_id = 0) *************** *** 261,267 **** $query_id = $this->result; } ! return ( $query_id ) ? mssql_field_name($query_id, $offset) : false; } function sql_fieldtype($offset, $query_id = 0) --- 261,267 ---- $query_id = $this->result; } ! return ( $query_id ) ? @mssql_field_name($query_id, $offset) : false; } function sql_fieldtype($offset, $query_id = 0) *************** *** 271,277 **** $query_id = $this->result; } ! return ( $query_id ) ? mssql_field_type($query_id, $offset) : false; } function sql_fetchrow($query_id = 0) --- 271,277 ---- $query_id = $this->result; } ! return ( $query_id ) ? @mssql_field_type($query_id, $offset) : false; } function sql_fetchrow($query_id = 0) *************** *** 285,291 **** { empty($row); ! $row = mssql_fetch_array($query_id); while( list($key, $value) = @each($row) ) { --- 285,291 ---- { empty($row); ! $row = @mssql_fetch_array($query_id); while( list($key, $value) = @each($row) ) { *************** *** 313,319 **** $i = 0; empty($rowset); ! while( $row = mssql_fetch_array($query_id)) { while( list($key, $value) = @each($row) ) { --- 313,319 ---- $i = 0; empty($rowset); ! while( $row = @mssql_fetch_array($query_id)) { while( list($key, $value) = @each($row) ) { *************** *** 344,361 **** { if( $this->limit_offset[$query_id] > 0 ) { ! $result = ( !empty($this->limit_offset[$query_id]) ) ? mssql_result($this->result, ($this->limit_offset[$query_id] + $row), $field) : false; } else { ! $result = mssql_result($this->result, $row, $field); } } else { if( empty($this->row[$query_id]) ) { ! $this->row[$query_id] = mssql_fetch_array($query_id); $result = stripslashes($this->row[$query_id][$field]); } } --- 344,361 ---- { if( $this->limit_offset[$query_id] > 0 ) { ! $result = ( !empty($this->limit_offset[$query_id]) ) ? @mssql_result($this->result, ($this->limit_offset[$query_id] + $row), $field) : false; } else { ! $result = @mssql_result($this->result, $row, $field); } } else { if( empty($this->row[$query_id]) ) { ! $this->row[$query_id] = @mssql_fetch_array($query_id); $result = stripslashes($this->row[$query_id][$field]); } } *************** *** 377,383 **** if( $query_id ) { ! return ( !empty($this->limit_offset[$query_id]) ) ? mssql_data_seek($query_id, ($this->limit_offset[$query_id] + $rownum)) : mssql_data_seek($query_id, $rownum); } else { --- 377,383 ---- if( $query_id ) { ! return ( !empty($this->limit_offset[$query_id]) ) ? @mssql_data_seek($query_id, ($this->limit_offset[$query_id] + $rownum)) : @mssql_data_seek($query_id, $rownum); } else { *************** *** 402,408 **** $query_id = $this->result; } ! return ( $query_id ) ? mssql_free_result($query_id) : false; } function sql_error($query_id = 0) --- 402,408 ---- $query_id = $this->result; } ! return ( $query_id ) ? @mssql_free_result($query_id) : false; } function sql_error($query_id = 0) diff -crN phpbb201/db/oracle.php phpbb2017/db/oracle.php *** phpbb201/db/oracle.php Sat Jul 10 20:16:15 2004 --- phpbb2017/db/oracle.php Thu Jan 1 01:00:00 1970 *************** *** 1,472 **** - persistency = $persistency; - $this->user = $sqluser; - $this->password = $sqlpassword; - $this->server = $sqlserver; - $this->dbname = $database; - - if($this->persistency) - { - $this->db_connect_id = @OCIPLogon($this->user, $this->password, $this->server); - } - else - { - $this->db_connect_id = @OCINLogon($this->user, $this->password, $this->server); - } - if($this->db_connect_id) - { - return $this->db_connect_id; - } - else - { - return false; - } - } - - // - // Other base methods - // - function sql_close() - { - if($this->db_connect_id) - { - // Commit outstanding transactions - if($this->in_transaction) - { - OCICommit($this->db_connect_id); - } - - if($this->query_result) - { - @OCIFreeStatement($this->query_result); - } - $result = @OCILogoff($this->db_connect_id); - return $result; - } - else - { - return false; - } - } - - // - // Base query method - // - function sql_query($query = "", $transaction = FALSE) - { - // Remove any pre-existing queries - unset($this->query_result); - - // Put us in transaction mode because with Oracle as soon as you make a query you're in a transaction - $this->in_transaction = TRUE; - - if($query != "") - { - $this->last_query = $query; - $this->num_queries++; - - if(eregi("LIMIT", $query)) - { - preg_match("/^(.*)LIMIT ([0-9]+)[, ]*([0-9]+)*/s", $query, $limits); - - $query = $limits[1]; - if($limits[3]) - { - $row_offset = $limits[2]; - $num_rows = $limits[3]; - } - else - { - $row_offset = 0; - $num_rows = $limits[2]; - } - } - - if(eregi("^(INSERT|UPDATE) ", $query)) - { - $query = preg_replace("/\\\'/s", "''", $query); - } - - $this->query_result = @OCIParse($this->db_connect_id, $query); - $success = @OCIExecute($this->query_result, OCI_DEFAULT); - } - if($success) - { - if($transaction == END_TRANSACTION) - { - OCICommit($this->db_connect_id); - $this->in_transaction = FALSE; - } - - unset($this->row[$this->query_result]); - unset($this->rowset[$this->query_result]); - $this->last_query_text[$this->query_result] = $query; - - return $this->query_result; - } - else - { - if($this->in_transaction) - { - OCIRollback($this->db_connect_id); - } - return false; - } - } - - // - // Other query methods - // - function sql_numrows($query_id = 0) - { - if(!$query_id) - { - $query_id = $this->query_result; - } - if($query_id) - { - $result = @OCIFetchStatement($query_id, $this->rowset); - // OCIFetchStatment kills our query result so we have to execute the statment again - // if we ever want to use the query_id again. - @OCIExecute($query_id, OCI_DEFAULT); - return $result; - } - else - { - return false; - } - } - function sql_affectedrows($query_id = 0) - { - if(!$query_id) - { - $query_id = $this->query_result; - } - if($query_id) - { - $result = @OCIRowCount($query_id); - return $result; - } - else - { - return false; - } - } - function sql_numfields($query_id = 0) - { - if(!$query_id) - { - $query_id = $this->query_result; - } - if($query_id) - { - $result = @OCINumCols($query_id); - return $result; - } - else - { - return false; - } - } - function sql_fieldname($offset, $query_id = 0) - { - // OCIColumnName uses a 1 based array so we have to up the offset by 1 in here to maintain - // full abstraction compatibitly - $offset += 1; - if(!$query_id) - { - $query_id = $this->query_result; - } - if($query_id) - { - $result = strtolower(@OCIColumnName($query_id, $offset)); - return $result; - } - else - { - return false; - } - } - function sql_fieldtype($offset, $query_id = 0) - { - // This situation is the same as fieldname - $offset += 1; - if(!$query_id) - { - $query_id = $this->query_result; - } - if($query_id) - { - $result = @OCIColumnType($query_id, $offset); - return $result; - } - else - { - return false; - } - } - function sql_fetchrow($query_id = 0, $debug = FALSE) - { - if(!$query_id) - { - $query_id = $this->query_result; - } - if($query_id) - { - $result_row = ""; - $result = @OCIFetchInto($query_id, $result_row, OCI_ASSOC+OCI_RETURN_NULLS); - if($debug) - { - echo "Query was: ".$this->last_query . "
"; - echo "Result: $result
"; - echo "Query ID: $query_id
"; - echo "
";
- 				var_dump($result_row);
- 				echo "
"; - } - if($result_row == "") - { - return false; - } - - for($i = 0; $i < count($result_row); $i++) - { - list($key, $val) = each($result_row); - $return_arr[strtolower($key)] = $val; - } - $this->row[$query_id] = $return_arr; - - return $this->row[$query_id]; - } - else - { - return false; - } - } - // This function probably isn't as efficant is it could be but any other way I do it - // I end up losing 1 row... - function sql_fetchrowset($query_id = 0) - { - if(!$query_id) - { - $query_id = $this->query_result; - } - if($query_id) - { - $rows = @OCIFetchStatement($query_id, $results); - @OCIExecute($query_id, OCI_DEFAULT); - for($i = 0; $i <= $rows; $i++) - { - @OCIFetchInto($query_id, $tmp_result, OCI_ASSOC+OCI_RETURN_NULLS); - - for($j = 0; $j < count($tmp_result); $j++) - { - list($key, $val) = each($tmp_result); - $return_arr[strtolower($key)] = $val; - } - $result[] = $return_arr; - } - return $result; - } - else - { - return false; - } - } - function sql_fetchfield($field, $rownum = -1, $query_id = 0) - { - if(!$query_id) - { - $query_id = $this->query_result; - } - if($query_id) - { - if($rownum > -1) - { - // Reset the internal rownum pointer. - @OCIExecute($query_id, OCI_DEFAULT); - for($i = 0; $i < $rownum; $i++) - { - // Move the interal pointer to the row we want - @OCIFetch($query_id); - } - // Get the field data. - $result = @OCIResult($query_id, strtoupper($field)); - } - else - { - // The internal pointer should be where we want it - // so we just grab the field out of the current row. - $result = @OCIResult($query_id, strtoupper($field)); - } - return $result; - } - else - { - return false; - } - } - function sql_rowseek($rownum, $query_id = 0) - { - if(!$query_id) - { - $query_id = $this->query_result; - } - if($query_id) - { - @OCIExecute($query_id, OCI_DEFAULT); - for($i = 0; $i < $rownum; $i++) - { - @OCIFetch($query_id); - } - $result = @OCIFetch($query_id); - return $result; - } - else - { - return false; - } - } - function sql_nextid($query_id = 0) - { - if(!$query_id) - { - $query_id = $this->query_result; - } - if($query_id && $this->last_query_text[$query_id] != "") - { - if( eregi("^(INSERT{1}|^INSERT INTO{1})[[:space:]][\"]?([a-zA-Z0-9\_\-]+)[\"]?", $this->last_query_text[$query_id], $tablename)) - { - $query = "SELECT ".$tablename[2]."_id_seq.currval FROM DUAL"; - $stmt = @OCIParse($this->db_connect_id, $query); - @OCIExecute($stmt,OCI_DEFAULT ); - $temp_result = @OCIFetchInto($stmt, $temp_result, OCI_ASSOC+OCI_RETURN_NULLS); - if($temp_result) - { - return $temp_result['CURRVAL']; - } - else - { - return false; - } - } - else - { - return false; - } - } - else - { - return false; - } - } - - function sql_nextid($query_id = 0) - { - if(!$query_id) - { - $query_id = $this->query_result; - } - if($query_id && $this->last_query_text[$query_id] != "") - { - if( eregi("^(INSERT{1}|^INSERT INTO{1})[[:space:]][\"]?([a-zA-Z0-9\_\-]+)[\"]?", $this->last_query_text[$query_id], $tablename)) - { - $query = "SELECT ".$tablename[2]."_id_seq.CURRVAL FROM DUAL"; - $temp_q_id = @OCIParse($this->db_connect_id, $query); - @OCIExecute($temp_q_id, OCI_DEFAULT); - @OCIFetchInto($temp_q_id, $temp_result, OCI_ASSOC+OCI_RETURN_NULLS); - - if($temp_result) - { - return $temp_result['CURRVAL']; - } - else - { - return false; - } - } - else - { - return false; - } - } - else - { - return false; - } - } - - - - function sql_freeresult($query_id = 0) - { - if(!$query_id) - { - $query_id = $this->query_result; - } - if($query_id) - { - $result = @OCIFreeStatement($query_id); - return $result; - } - else - { - return false; - } - } - function sql_error($query_id = 0) - { - if(!$query_id) - { - $query_id = $this->query_result; - } - $result = @OCIError($query_id); - return $result; - } - - } // class sql_db - - } // if ... define - - ?> \ No newline at end of file --- 0 ---- diff -crN phpbb201/db/postgres7.php phpbb2017/db/postgres7.php *** phpbb201/db/postgres7.php Sat Jul 10 20:16:15 2004 --- phpbb2017/db/postgres7.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : supportphpbb.com * ! * $Id: postgres7.php,v 1.19 2002/03/05 02:19:38 psotfx Exp $ * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : supportphpbb.com * ! * $Id: postgres7.php,v 1.19.2.3 2005/05/06 20:50:10 acydburn Exp $ * ***************************************************************************/ diff -crN phpbb201/faq.php phpbb2017/faq.php *** phpbb201/faq.php Sat Jul 10 20:16:15 2004 --- phpbb2017/faq.php Tue Jul 19 22:14:58 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: faq.php,v 1.14 2002/03/31 00:06:33 psotfx Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: faq.php,v 1.14.2.2 2004/07/11 16:46:15 acydburn Exp $ * * ***************************************************************************/ *************** *** 34,39 **** --- 34,42 ---- // End session management // + // Set vars to prevent naughtiness + $faq = array(); + // // Load the appropriate faq file // *************** *** 97,103 **** $template->set_filenames(array( 'body' => 'faq_body.tpl') ); ! make_jumpbox('viewforum.'.$phpEx, $forum_id); $template->assign_vars(array( 'L_FAQ_TITLE' => $l_title, --- 100,106 ---- $template->set_filenames(array( 'body' => 'faq_body.tpl') ); ! make_jumpbox('viewforum.'.$phpEx); $template->assign_vars(array( 'L_FAQ_TITLE' => $l_title, diff -crN phpbb201/groupcp.php phpbb2017/groupcp.php *** phpbb201/groupcp.php Sat Jul 10 20:16:15 2004 --- phpbb2017/groupcp.php Tue Jul 19 22:14:58 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: groupcp.php,v 1.58.2.5 2002/05/20 00:21:09 psotfx Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: groupcp.php,v 1.58.2.23 2005/05/06 20:50:10 acydburn Exp $ * * ***************************************************************************/ *************** *** 127,133 **** if ( isset($HTTP_GET_VARS[POST_GROUPS_URL]) || isset($HTTP_POST_VARS[POST_GROUPS_URL]) ) { ! $group_id = ( isset($HTTP_GET_VARS[POST_GROUPS_URL]) ) ? intval($HTTP_GET_VARS[POST_GROUPS_URL]) : intval($HTTP_POST_VARS[POST_GROUPS_URL]); } else { --- 127,133 ---- if ( isset($HTTP_GET_VARS[POST_GROUPS_URL]) || isset($HTTP_POST_VARS[POST_GROUPS_URL]) ) { ! $group_id = ( isset($HTTP_POST_VARS[POST_GROUPS_URL]) ) ? intval($HTTP_POST_VARS[POST_GROUPS_URL]) : intval($HTTP_GET_VARS[POST_GROUPS_URL]); } else { *************** *** 137,142 **** --- 137,143 ---- if ( isset($HTTP_POST_VARS['mode']) || isset($HTTP_GET_VARS['mode']) ) { $mode = ( isset($HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode']; + $mode = htmlspecialchars($mode); } else { *************** *** 151,165 **** // // Default var values // - $header_location = ( @preg_match('/Microsoft|WebSTAR/', getenv('SERVER_SOFTWARE')) ) ? 'Refresh: 0; URL=' : 'Location: '; $is_moderator = FALSE; if ( isset($HTTP_POST_VARS['groupstatus']) && $group_id ) { if ( !$userdata['session_logged_in'] ) { ! header($header_location . append_sid("login.$phpEx?redirect=groupcp.$phpEx&" . POST_GROUPS_URL . "=$group_id", true)); ! exit; } $sql = "SELECT group_moderator --- 152,164 ---- // // Default var values // $is_moderator = FALSE; if ( isset($HTTP_POST_VARS['groupstatus']) && $group_id ) { if ( !$userdata['session_logged_in'] ) { ! redirect(append_sid("login.$phpEx?redirect=groupcp.$phpEx&" . POST_GROUPS_URL . "=$group_id", true)); } $sql = "SELECT group_moderator *************** *** 208,215 **** // if ( !$userdata['session_logged_in'] ) { ! header($header_location . append_sid("login.$phpEx?redirect=groupcp.$phpEx&" . POST_GROUPS_URL . "=$group_id", true)); ! exit; } $sql = "SELECT ug.user_id, g.group_type --- 207,213 ---- // if ( !$userdata['session_logged_in'] ) { ! redirect(append_sid("login.$phpEx?redirect=groupcp.$phpEx&" . POST_GROUPS_URL . "=$group_id", true)); } $sql = "SELECT ug.user_id, g.group_type *************** *** 277,293 **** include($phpbb_root_path . 'includes/emailer.'.$phpEx); $emailer = new emailer($board_config['smtp_delivery']); ! $email_headers = 'From: ' . $board_config['board_email'] . "\nReturn-Path: " . $board_config['board_email'] . "\n"; $emailer->use_template('group_request', $moderator['user_lang']); $emailer->email_address($moderator['user_email']); ! $emailer->set_subject();//$lang['Group_request'] ! $emailer->extra_headers($email_headers); $emailer->assign_vars(array( 'SITENAME' => $board_config['sitename'], 'GROUP_MODERATOR' => $moderator['username'], ! 'EMAIL_SIG' => str_replace('
', "\n", "-- \n" . $board_config['board_email_sig']), 'U_GROUPCP' => $server_url . '?' . POST_GROUPS_URL . "=$group_id&validate=true") ); --- 275,291 ---- include($phpbb_root_path . 'includes/emailer.'.$phpEx); $emailer = new emailer($board_config['smtp_delivery']); ! $emailer->from($board_config['board_email']); ! $emailer->replyto($board_config['board_email']); $emailer->use_template('group_request', $moderator['user_lang']); $emailer->email_address($moderator['user_email']); ! $emailer->set_subject($lang['Group_request']); $emailer->assign_vars(array( 'SITENAME' => $board_config['sitename'], 'GROUP_MODERATOR' => $moderator['username'], ! 'EMAIL_SIG' => (!empty($board_config['board_email_sig'])) ? str_replace('
', "\n", "-- \n" . $board_config['board_email_sig']) : '', 'U_GROUPCP' => $server_url . '?' . POST_GROUPS_URL . "=$group_id&validate=true") ); *************** *** 310,322 **** // if ( $cancel ) { ! header($header_location . append_sid("groupcp.$phpEx", true)); ! exit; } elseif ( !$userdata['session_logged_in'] ) { ! header($header_location . append_sid("login.$phpEx?redirect=groupcp.$phpEx&" . POST_GROUPS_URL . "=$group_id", true)); ! exit; } if ( $confirm ) --- 308,318 ---- // if ( $cancel ) { ! redirect(append_sid("groupcp.$phpEx", true)); } elseif ( !$userdata['session_logged_in'] ) { ! redirect(append_sid("login.$phpEx?redirect=groupcp.$phpEx&" . POST_GROUPS_URL . "=$group_id", true)); } if ( $confirm ) *************** *** 341,347 **** message_die(GENERAL_ERROR, 'Could not obtain moderator status', '', __LINE__, __FILE__, $sql); } ! if ( !($row = $db->sql_fetchrow($result)) ) { $sql = "UPDATE " . USERS_TABLE . " SET user_level = " . USER . " --- 337,343 ---- message_die(GENERAL_ERROR, 'Could not obtain moderator status', '', __LINE__, __FILE__, $sql); } ! if ( !($row = $db->sql_fetchrow($result)) || $row['is_auth_mod'] == 0 ) { $sql = "UPDATE " . USERS_TABLE . " SET user_level = " . USER . " *************** *** 357,363 **** 'META' => '') ); ! $message = $lang['Usub_success'] . '

' . sprintf($lang['Click_return_group'], '', '') . '

' . sprintf($lang['Click_return_index'], '', ''); message_die(GENERAL_MESSAGE, $message); } --- 353,359 ---- 'META' => '') ); ! $message = $lang['Unsub_success'] . '

' . sprintf($lang['Click_return_group'], '', '') . '

' . sprintf($lang['Click_return_index'], '', ''); message_die(GENERAL_MESSAGE, $message); } *************** *** 399,406 **** { if ( !$userdata['session_logged_in'] ) { ! header($header_location . append_sid("login.$phpEx?redirect=groupcp.$phpEx&" . POST_GROUPS_URL . "=$group_id", true)); ! exit; } } --- 395,401 ---- { if ( !$userdata['session_logged_in'] ) { ! redirect(append_sid("login.$phpEx?redirect=groupcp.$phpEx&" . POST_GROUPS_URL . "=$group_id", true)); } } *************** *** 430,436 **** $sql = "SELECT g.group_moderator, g.group_type, aa.auth_mod FROM " . GROUPS_TABLE . " g, " . AUTH_ACCESS_TABLE . " aa WHERE g.group_id = $group_id ! AND aa.group_id = g.group_id(+)"; break; default: --- 425,431 ---- $sql = "SELECT g.group_moderator, g.group_type, aa.auth_mod FROM " . GROUPS_TABLE . " g, " . AUTH_ACCESS_TABLE . " aa WHERE g.group_id = $group_id ! AND aa.group_id (+) = g.group_id"; break; default: *************** *** 461,468 **** { if ( !$userdata['session_logged_in'] ) { ! header($header_location . append_sid("login.$phpEx?redirect=groupcp.$phpEx&" . POST_GROUPS_URL . "=$group_id", true)); ! exit; } if ( !$is_moderator ) --- 456,462 ---- { if ( !$userdata['session_logged_in'] ) { ! redirect(append_sid("login.$phpEx?redirect=groupcp.$phpEx&" . POST_GROUPS_URL . "=$group_id", true)); } if ( !$is_moderator ) *************** *** 478,484 **** if ( isset($HTTP_POST_VARS['add']) ) { ! $username = ( isset($HTTP_POST_VARS['username']) ) ? $HTTP_POST_VARS['username'] : ""; $sql = "SELECT user_id, user_email, user_lang, user_level FROM " . USERS_TABLE . " --- 472,478 ---- if ( isset($HTTP_POST_VARS['add']) ) { ! $username = ( isset($HTTP_POST_VARS['username']) ) ? phpbb_clean_username($HTTP_POST_VARS['username']) : ''; $sql = "SELECT user_id, user_email, user_lang, user_level FROM " . USERS_TABLE . " *************** *** 559,575 **** include($phpbb_root_path . 'includes/emailer.'.$phpEx); $emailer = new emailer($board_config['smtp_delivery']); ! $email_headers = 'From: ' . $board_config['board_email'] . "\nReturn-Path: " . $board_config['board_email'] . "\n"; $emailer->use_template('group_added', $row['user_lang']); $emailer->email_address($row['user_email']); ! $emailer->set_subject();//$lang['Group_added'] ! $emailer->extra_headers($email_headers); $emailer->assign_vars(array( 'SITENAME' => $board_config['sitename'], 'GROUP_NAME' => $group_name, ! 'EMAIL_SIG' => str_replace('
', "\n", "-- \n" . $board_config['board_email_sig']), 'U_GROUPCP' => $server_url . '?' . POST_GROUPS_URL . "=$group_id") ); --- 553,569 ---- include($phpbb_root_path . 'includes/emailer.'.$phpEx); $emailer = new emailer($board_config['smtp_delivery']); ! $emailer->from($board_config['board_email']); ! $emailer->replyto($board_config['board_email']); $emailer->use_template('group_added', $row['user_lang']); $emailer->email_address($row['user_email']); ! $emailer->set_subject($lang['Group_added']); $emailer->assign_vars(array( 'SITENAME' => $board_config['sitename'], 'GROUP_NAME' => $group_name, ! 'EMAIL_SIG' => (!empty($board_config['board_email_sig'])) ? str_replace('
', "\n", "-- \n" . $board_config['board_email_sig']) : '', 'U_GROUPCP' => $server_url . '?' . POST_GROUPS_URL . "=$group_id") ); *************** *** 597,603 **** $sql_in = ''; for($i = 0; $i < count($members); $i++) { ! $sql_in .= ( ( $sql_in != '' ) ? ', ' : '' ) . $members[$i]; } if ( isset($HTTP_POST_VARS['approve']) ) --- 591,597 ---- $sql_in = ''; for($i = 0; $i < count($members); $i++) { ! $sql_in .= ( ( $sql_in != '' ) ? ', ' : '' ) . intval($members[$i]); } if ( isset($HTTP_POST_VARS['approve']) ) *************** *** 691,700 **** message_die(GENERAL_ERROR, 'Could not get user email information', '', __LINE__, __FILE__, $sql); } ! $email_addresses = ''; ! while( $row = $db->sql_fetchrow($result) ) { ! $email_addresses .= ( ( $email_addresses != '' ) ? ', ' : '' ) . $row['user_email']; } // --- 685,694 ---- message_die(GENERAL_ERROR, 'Could not get user email information', '', __LINE__, __FILE__, $sql); } ! $bcc_list = array(); ! while ($row = $db->sql_fetchrow($result)) { ! $bcc_list[] = $row['user_email']; } // *************** *** 714,730 **** include($phpbb_root_path . 'includes/emailer.'.$phpEx); $emailer = new emailer($board_config['smtp_delivery']); ! $email_headers = 'From: ' . $board_config['board_email'] . "\nReturn-Path: " . $board_config['board_email'] . "\nBcc: " . $email_addresses . "\n"; $emailer->use_template('group_approved'); ! $emailer->email_address($userdata['user_email']); ! $emailer->set_subject();//$lang['Group_approved'] ! $emailer->extra_headers($email_headers); $emailer->assign_vars(array( 'SITENAME' => $board_config['sitename'], 'GROUP_NAME' => $group_name, ! 'EMAIL_SIG' => str_replace('
', "\n", "-- \n" . $board_config['board_email_sig']), 'U_GROUPCP' => $server_url . '?' . POST_GROUPS_URL . "=$group_id") ); --- 708,728 ---- include($phpbb_root_path . 'includes/emailer.'.$phpEx); $emailer = new emailer($board_config['smtp_delivery']); ! $emailer->from($board_config['board_email']); ! $emailer->replyto($board_config['board_email']); ! ! for ($i = 0; $i < count($bcc_list); $i++) ! { ! $emailer->bcc($bcc_list[$i]); ! } $emailer->use_template('group_approved'); ! $emailer->set_subject($lang['Group_approved']); $emailer->assign_vars(array( 'SITENAME' => $board_config['sitename'], 'GROUP_NAME' => $group_name, ! 'EMAIL_SIG' => (!empty($board_config['board_email_sig'])) ? str_replace('
', "\n", "-- \n" . $board_config['board_email_sig']) : '', 'U_GROUPCP' => $server_url . '?' . POST_GROUPS_URL . "=$group_id") ); *************** *** 899,904 **** --- 897,904 ---- generate_user_info($group_moderator, $board_config['default_dateformat'], $is_moderator, $from, $posts, $joined, $poster_avatar, $profile_img, $profile, $search_img, $search, $pm_img, $pm, $email_img, $email, $www_img, $www, $icq_status_img, $icq_img, $icq, $aim_img, $aim, $msn_img, $msn, $yim_img, $yim); + $s_hidden_fields .= ''; + $template->assign_vars(array( 'L_GROUP_INFORMATION' => $lang['Group_Information'], 'L_GROUP_NAME' => $lang['Group_name'], *************** *** 1149,1154 **** --- 1149,1156 ---- // Select all group that the user is a member of or where the user has // a pending membership. // + $in_group = array(); + if ( $userdata['session_logged_in'] ) { $sql = "SELECT g.group_id, g.group_name, g.group_type, ug.user_pending diff -crN phpbb201/includes/auth.php phpbb2017/includes/auth.php *** phpbb201/includes/auth.php Sat Jul 10 20:16:15 2004 --- phpbb2017/includes/auth.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: auth.php,v 1.37.2.1 2002/05/13 01:30:59 psotfx Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: auth.php,v 1.37.2.5 2004/03/01 16:49:03 psotfx Exp $ * * ***************************************************************************/ *************** *** 129,137 **** if ( !($f_access = $db->$sql_fetchrow($result)) ) { ! message_die(GENERAL_ERROR, 'No forum access control lists exist', '', __LINE__, __FILE__, $sql); } - $db->sql_freeresult($result); } --- 129,137 ---- if ( !($f_access = $db->$sql_fetchrow($result)) ) { ! $db->sql_freeresult($result); ! return array(); } $db->sql_freeresult($result); } *************** *** 171,176 **** --- 171,177 ---- } while( $row = $db->sql_fetchrow($result) ); } + $db->sql_freeresult($result); } $is_admin = ( $userdata['user_level'] == ADMIN && $userdata['session_logged_in'] ) ? TRUE : 0; *************** *** 199,205 **** { case AUTH_ALL: $auth_user[$key] = TRUE; ! $auth_user[$key . '_type'] = $lang['Auth_Anonymous_users']; break; case AUTH_REG: --- 200,206 ---- { case AUTH_ALL: $auth_user[$key] = TRUE; ! $auth_user[$key . '_type'] = $lang['Auth_Anonymous_Users']; break; case AUTH_REG: *************** *** 238,244 **** { case AUTH_ALL: $auth_user[$f_forum_id][$key] = TRUE; ! $auth_user[$f_forum_id][$key . '_type'] = $lang['Auth_Anonymous_users']; break; case AUTH_REG: --- 239,245 ---- { case AUTH_ALL: $auth_user[$f_forum_id][$key] = TRUE; ! $auth_user[$f_forum_id][$key . '_type'] = $lang['Auth_Anonymous_Users']; break; case AUTH_REG: diff -crN phpbb201/includes/bbcode.php phpbb2017/includes/bbcode.php *** phpbb201/includes/bbcode.php Sat Jul 10 20:16:15 2004 --- phpbb2017/includes/bbcode.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: bbcode.php,v 1.36.2.7 2002/05/17 18:22:34 the_systech Exp $ * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: bbcode.php,v 1.36.2.35 2005/07/19 20:01:10 acydburn Exp $ * ***************************************************************************/ *************** *** 26,32 **** define("BBCODE_UID_LEN", 10); ! // global that holds loaded-and-prepared bbcode templates, so we only have to do // that stuff once. $bbcode_tpl = null; --- 26,32 ---- define("BBCODE_UID_LEN", 10); ! // global that holds loaded-and-prepared bbcode templates, so we only have to do // that stuff once. $bbcode_tpl = null; *************** *** 45,65 **** global $template; $tpl_filename = $template->make_filename('bbcode.tpl'); $tpl = fread(fopen($tpl_filename, 'r'), filesize($tpl_filename)); ! // replace \ with \\ and then ' with \'. $tpl = str_replace('\\', '\\\\', $tpl); $tpl = str_replace('\'', '\\\'', $tpl); ! // strip newlines. $tpl = str_replace("\n", '', $tpl); ! // Turn template blocks into PHP assignment statements for the values of $bbcode_tpls.. $tpl = preg_replace('#(.*?)#', "\n" . '$bbcode_tpls[\'\\1\'] = \'\\2\';', $tpl); ! $bbcode_tpls = array(); eval($tpl); ! return $bbcode_tpls; } --- 45,65 ---- global $template; $tpl_filename = $template->make_filename('bbcode.tpl'); $tpl = fread(fopen($tpl_filename, 'r'), filesize($tpl_filename)); ! // replace \ with \\ and then ' with \'. $tpl = str_replace('\\', '\\\\', $tpl); $tpl = str_replace('\'', '\\\'', $tpl); ! // strip newlines. $tpl = str_replace("\n", '', $tpl); ! // Turn template blocks into PHP assignment statements for the values of $bbcode_tpls.. $tpl = preg_replace('#(.*?)#', "\n" . '$bbcode_tpls[\'\\1\'] = \'\\2\';', $tpl); ! $bbcode_tpls = array(); eval($tpl); ! return $bbcode_tpls; } *************** *** 68,74 **** * Prepares the loaded bbcode templates for insertion into preg_replace() * or str_replace() calls in the bbencode_second_pass functions. This * means replacing template placeholders with the appropriate preg backrefs ! * or with language vars. NOTE: If you change how the regexps work in * bbencode_second_pass(), you MUST change this function. * * Nathan Codding, Sept 26 2001 --- 68,74 ---- * Prepares the loaded bbcode templates for insertion into preg_replace() * or str_replace() calls in the bbencode_second_pass functions. This * means replacing template placeholders with the appropriate preg backrefs ! * or with language vars. NOTE: If you change how the regexps work in * bbencode_second_pass(), you MUST change this function. * * Nathan Codding, Sept 26 2001 *************** *** 77,129 **** function prepare_bbcode_template($bbcode_tpl) { global $lang; ! $bbcode_tpl['olist_open'] = str_replace('{LIST_TYPE}', '\\1', $bbcode_tpl['olist_open']); ! $bbcode_tpl['color_open'] = str_replace('{COLOR}', '\\1', $bbcode_tpl['color_open']); ! $bbcode_tpl['size_open'] = str_replace('{SIZE}', '\\1', $bbcode_tpl['size_open']); ! $bbcode_tpl['quote_open'] = str_replace('{L_QUOTE}', $lang['Quote'], $bbcode_tpl['quote_open']); ! $bbcode_tpl['quote_username_open'] = str_replace('{L_QUOTE}', $lang['Quote'], $bbcode_tpl['quote_username_open']); $bbcode_tpl['quote_username_open'] = str_replace('{L_WROTE}', $lang['wrote'], $bbcode_tpl['quote_username_open']); $bbcode_tpl['quote_username_open'] = str_replace('{USERNAME}', '\\1', $bbcode_tpl['quote_username_open']); ! $bbcode_tpl['code_open'] = str_replace('{L_CODE}', $lang['Code'], $bbcode_tpl['code_open']); $bbcode_tpl['img'] = str_replace('{URL}', '\\1', $bbcode_tpl['img']); ! // We do URLs in several different ways.. ! $bbcode_tpl['url1'] = str_replace('{URL}', '\\1\\2', $bbcode_tpl['url']); ! $bbcode_tpl['url1'] = str_replace('{DESCRIPTION}', '\\1\\2', $bbcode_tpl['url1']); ! $bbcode_tpl['url2'] = str_replace('{URL}', 'http://\\1', $bbcode_tpl['url']); $bbcode_tpl['url2'] = str_replace('{DESCRIPTION}', '\\1', $bbcode_tpl['url2']); ! ! $bbcode_tpl['url3'] = str_replace('{URL}', '\\1\\2', $bbcode_tpl['url']); ! $bbcode_tpl['url3'] = str_replace('{DESCRIPTION}', '\\3', $bbcode_tpl['url3']); ! $bbcode_tpl['url4'] = str_replace('{URL}', 'http://\\1', $bbcode_tpl['url']); ! $bbcode_tpl['url4'] = str_replace('{DESCRIPTION}', '\\2', $bbcode_tpl['url4']); $bbcode_tpl['email'] = str_replace('{EMAIL}', '\\1', $bbcode_tpl['email']); ! define("BBCODE_TPL_READY", true); ! return $bbcode_tpl; } /** * Does second-pass bbencoding. This should be used before displaying the message in ! * a thread. Assumes the message is already first-pass encoded, and we are given the * correct UID as used in first-pass encoding. */ function bbencode_second_pass($text, $uid) { global $lang, $bbcode_tpl; // pad it with a space so we can distinguish between FALSE and matching the 1st char (index 0). // This is important; bbencode_quote(), bbencode_list(), and bbencode_code() all depend on it. $text = " " . $text; --- 77,131 ---- function prepare_bbcode_template($bbcode_tpl) { global $lang; ! $bbcode_tpl['olist_open'] = str_replace('{LIST_TYPE}', '\\1', $bbcode_tpl['olist_open']); ! $bbcode_tpl['color_open'] = str_replace('{COLOR}', '\\1', $bbcode_tpl['color_open']); ! $bbcode_tpl['size_open'] = str_replace('{SIZE}', '\\1', $bbcode_tpl['size_open']); ! $bbcode_tpl['quote_open'] = str_replace('{L_QUOTE}', $lang['Quote'], $bbcode_tpl['quote_open']); ! $bbcode_tpl['quote_username_open'] = str_replace('{L_QUOTE}', $lang['Quote'], $bbcode_tpl['quote_username_open']); $bbcode_tpl['quote_username_open'] = str_replace('{L_WROTE}', $lang['wrote'], $bbcode_tpl['quote_username_open']); $bbcode_tpl['quote_username_open'] = str_replace('{USERNAME}', '\\1', $bbcode_tpl['quote_username_open']); ! $bbcode_tpl['code_open'] = str_replace('{L_CODE}', $lang['Code'], $bbcode_tpl['code_open']); $bbcode_tpl['img'] = str_replace('{URL}', '\\1', $bbcode_tpl['img']); ! // We do URLs in several different ways.. ! $bbcode_tpl['url1'] = str_replace('{URL}', '\\1', $bbcode_tpl['url']); ! $bbcode_tpl['url1'] = str_replace('{DESCRIPTION}', '\\1', $bbcode_tpl['url1']); ! $bbcode_tpl['url2'] = str_replace('{URL}', 'http://\\1', $bbcode_tpl['url']); $bbcode_tpl['url2'] = str_replace('{DESCRIPTION}', '\\1', $bbcode_tpl['url2']); ! ! $bbcode_tpl['url3'] = str_replace('{URL}', '\\1', $bbcode_tpl['url']); ! $bbcode_tpl['url3'] = str_replace('{DESCRIPTION}', '\\2', $bbcode_tpl['url3']); ! $bbcode_tpl['url4'] = str_replace('{URL}', 'http://\\1', $bbcode_tpl['url']); ! $bbcode_tpl['url4'] = str_replace('{DESCRIPTION}', '\\3', $bbcode_tpl['url4']); $bbcode_tpl['email'] = str_replace('{EMAIL}', '\\1', $bbcode_tpl['email']); ! define("BBCODE_TPL_READY", true); ! return $bbcode_tpl; } /** * Does second-pass bbencoding. This should be used before displaying the message in ! * a thread. Assumes the message is already first-pass encoded, and we are given the * correct UID as used in first-pass encoding. */ function bbencode_second_pass($text, $uid) { global $lang, $bbcode_tpl; + $text = preg_replace('#(script|about|applet|activex|chrome):#is', "\\1:", $text); + // pad it with a space so we can distinguish between FALSE and matching the 1st char (index 0). // This is important; bbencode_quote(), bbencode_list(), and bbencode_code() all depend on it. $text = " " . $text; *************** *** 135,147 **** $text = substr($text, 1); return $text; } ! // Only load the templates ONCE.. if (!defined("BBCODE_TPL_READY")) { // load templates from file into array. $bbcode_tpl = load_bbcode_template(); ! // prepare array for use in regexps. $bbcode_tpl = prepare_bbcode_template($bbcode_tpl); } --- 137,149 ---- $text = substr($text, 1); return $text; } ! // Only load the templates ONCE.. if (!defined("BBCODE_TPL_READY")) { // load templates from file into array. $bbcode_tpl = load_bbcode_template(); ! // prepare array for use in regexps. $bbcode_tpl = prepare_bbcode_template($bbcode_tpl); } *************** *** 149,154 **** --- 151,164 ---- // [CODE] and [/CODE] for posting code (HTML, PHP, C etc etc) in your posts. $text = bbencode_second_pass_code($text, $uid, $bbcode_tpl); + // [QUOTE] and [/QUOTE] for posting replies with quote, or just for quoting stuff. + $text = str_replace("[quote:$uid]", $bbcode_tpl['quote_open'], $text); + $text = str_replace("[/quote:$uid]", $bbcode_tpl['quote_close'], $text); + + // New one liner to deal with opening quotes with usernames... + // replaces the two line version that I had here before.. + $text = preg_replace("/\[quote:$uid=\"(.*?)\"\]/si", $bbcode_tpl['quote_username_open'], $text); + // [list] and [list=x] for (un)ordered lists. // unordered lists $text = str_replace("[list:$uid]", $bbcode_tpl['ulist_open'], $text); *************** *** 165,181 **** $text = str_replace("[/color:$uid]", $bbcode_tpl['color_close'], $text); // size ! $text = preg_replace("/\[size=([\-\+]?[1-2]?[0-9]):$uid\]/si", $bbcode_tpl['size_open'], $text); $text = str_replace("[/size:$uid]", $bbcode_tpl['size_close'], $text); - // [QUOTE] and [/QUOTE] for posting replies with quote, or just for quoting stuff. - $text = str_replace("[quote:$uid]", $bbcode_tpl['quote_open'], $text); - $text = str_replace("[/quote:$uid]", $bbcode_tpl['quote_close'], $text); - - // New one liner to deal with opening quotes with usernames... - // replaces the two line version that I had here before.. - $text = preg_replace("/\[quote:$uid=(?:\"?([^\"]*)\"?)\]/si", $bbcode_tpl['quote_username_open'], $text); - // [b] and [/b] for bolding text. $text = str_replace("[b:$uid]", $bbcode_tpl['b_open'], $text); $text = str_replace("[/b:$uid]", $bbcode_tpl['b_close'], $text); --- 175,183 ---- $text = str_replace("[/color:$uid]", $bbcode_tpl['color_close'], $text); // size ! $text = preg_replace("/\[size=([1-2]?[0-9]):$uid\]/si", $bbcode_tpl['size_open'], $text); $text = str_replace("[/size:$uid]", $bbcode_tpl['size_close'], $text); // [b] and [/b] for bolding text. $text = str_replace("[b:$uid]", $bbcode_tpl['b_open'], $text); $text = str_replace("[/b:$uid]", $bbcode_tpl['b_close'], $text); *************** *** 194,221 **** // [img]image_url_here[/img] code.. // This one gets first-passed.. ! $patterns[0] = "#\[img:$uid\](.*?)\[/img:$uid\]#si"; ! $replacements[0] = $bbcode_tpl['img']; ! ! // [url]xxxx://www.phpbb.com[/url] code.. ! $patterns[1] = "#\[url\]([a-z]+?://){1}([a-z0-9\-\.,\?!%\*_\#:;~\\&$@\/=\+]+)\[/url\]#si"; ! $replacements[1] = $bbcode_tpl['url1']; // [url]www.phpbb.com[/url] code.. (no xxxx:// prefix). ! $patterns[2] = "#\[url\]([a-z0-9\-\.,\?!%\*_\#:;~\\&$@\/=\+]+)\[/url\]#si"; ! $replacements[2] = $bbcode_tpl['url2']; // [url=xxxx://www.phpbb.com]phpBB[/url] code.. ! $patterns[3] = "#\[url=([a-z]+?://){1}([a-z0-9\-\.,\?!%\*_\#:;~\\&$@\/=\+]+)\](.*?)\[/url\]#si"; ! $replacements[3] = $bbcode_tpl['url3']; // [url=www.phpbb.com]phpBB[/url] code.. (no xxxx:// prefix). ! $patterns[4] = "#\[url=([a-z0-9\-\.,\?!%\*_\#:;~\\&$@\/=\+]+)\](.*?)\[/url\]#si"; ! $replacements[4] = $bbcode_tpl['url4']; // [email]user@domain.tld[/email] code.. ! $patterns[5] = "#\[email\]([a-z0-9\-_.]+?@[\w\-]+\.([\w\-\.]+\.)?[\w]+)\[/email\]#si"; ! $replacements[5] = $bbcode_tpl['email']; $text = preg_replace($patterns, $replacements, $text); --- 196,223 ---- // [img]image_url_here[/img] code.. // This one gets first-passed.. ! $patterns[] = "#\[img:$uid\]([^?].*?)\[/img:$uid\]#i"; ! $replacements[] = $bbcode_tpl['img']; ! ! // matches a [url]xxxx://www.phpbb.com[/url] code.. ! $patterns[] = "#\[url\]([\w]+?://[\w\#$%&~/.\-;:=,?@\[\]+]*?)\[/url\]#is"; ! $replacements[] = $bbcode_tpl['url1']; // [url]www.phpbb.com[/url] code.. (no xxxx:// prefix). ! $patterns[] = "#\[url\]((www|ftp)\.[\w\#$%&~/.\-;:=,?@\[\]+]*?)\[/url\]#is"; ! $replacements[] = $bbcode_tpl['url2']; // [url=xxxx://www.phpbb.com]phpBB[/url] code.. ! $patterns[] = "#\[url=([\w]+?://[\w\#$%&~/.\-;:=,?@\[\]+]*?)\]([^?\n\r\t].*?)\[/url\]#is"; ! $replacements[] = $bbcode_tpl['url3']; // [url=www.phpbb.com]phpBB[/url] code.. (no xxxx:// prefix). ! $patterns[] = "#\[url=((www|ftp)\.[\w\#$%&~/.\-;:=,?@\[\]+]*?)\]([^?\n\r\t].*?)\[/url\]#is"; ! $replacements[] = $bbcode_tpl['url4']; // [email]user@domain.tld[/email] code.. ! $patterns[] = "#\[email\]([a-z0-9&\-_.]+?@[\w\-]+\.([\w\-\.]+\.)?[\w]+)\[/email\]#si"; ! $replacements[] = $bbcode_tpl['email']; $text = preg_replace($patterns, $replacements, $text); *************** *** 250,257 **** // [QUOTE] and [/QUOTE] for posting replies with quote, or just for quoting stuff. $text = bbencode_first_pass_pda($text, $uid, '[quote]', '[/quote]', '', false, ''); ! ! $text = bbencode_first_pass_pda($text, $uid, '/\[quote=(\\\\"[^"]*?\\\\")\]/is', '[/quote]', '', false, '', "[quote:$uid=\\1]"); // [list] and [list=x] for (un)ordered lists. $open_tag = array(); --- 252,258 ---- // [QUOTE] and [/QUOTE] for posting replies with quote, or just for quoting stuff. $text = bbencode_first_pass_pda($text, $uid, '[quote]', '[/quote]', '', false, ''); ! $text = bbencode_first_pass_pda($text, $uid, '/\[quote=(\\\".*?\\\")\]/is', '[/quote]', '', false, '', "[quote:$uid=\\1]"); // [list] and [list=x] for (un)ordered lists. $open_tag = array(); *************** *** 270,276 **** $text = preg_replace("#\[color=(\#[0-9A-F]{6}|[a-z\-]+)\](.*?)\[/color\]#si", "[color=\\1:$uid]\\2[/color:$uid]", $text); // [size] and [/size] for setting text size ! $text = preg_replace("#\[size=([\-\+]?[1-2]?[0-9])\](.*?)\[/size\]#si", "[size=\\1:$uid]\\2[/size:$uid]", $text); // [b] and [/b] for bolding text. $text = preg_replace("#\[b\](.*?)\[/b\]#si", "[b:$uid]\\1[/b:$uid]", $text); --- 271,277 ---- $text = preg_replace("#\[color=(\#[0-9A-F]{6}|[a-z\-]+)\](.*?)\[/color\]#si", "[color=\\1:$uid]\\2[/color:$uid]", $text); // [size] and [/size] for setting text size ! $text = preg_replace("#\[size=([1-2]?[0-9])\](.*?)\[/size\]#si", "[size=\\1:$uid]\\2[/size:$uid]", $text); // [b] and [/b] for bolding text. $text = preg_replace("#\[b\](.*?)\[/b\]#si", "[b:$uid]\\1[/b:$uid]", $text); *************** *** 282,294 **** $text = preg_replace("#\[i\](.*?)\[/i\]#si", "[i:$uid]\\1[/i:$uid]", $text); // [img]image_url_here[/img] code.. ! $text = preg_replace("#\[img\](([a-z]+?)://([^ \"\n\r]+?))\[/img\]#si", "[img:$uid]\\1[/img:$uid]", $text); // Remove our padding from the string.. ! $text = substr($text, 1); ! ! ! return $text; } // bbencode_first_pass() --- 283,292 ---- $text = preg_replace("#\[i\](.*?)\[/i\]#si", "[i:$uid]\\1[/i:$uid]", $text); // [img]image_url_here[/img] code.. ! $text = preg_replace("#\[img\]((http|ftp|https|ftps)://)([^ \?&=\#\"\n\r\t<]*?(\.(jpg|jpeg|gif|png)))\[/img\]#sie", "'[img:$uid]\\1' . str_replace(' ', '%20', '\\3') . '[/img:$uid]'", $text); // Remove our padding from the string.. ! return substr($text, 1);; } // bbencode_first_pass() *************** *** 349,357 **** $open_tag[0] = $open_tag_temp; $open_tag_count = 1; } ! $open_is_regexp = false; ! if ($open_regexp_replace) { $open_is_regexp = true; --- 347,355 ---- $open_tag[0] = $open_tag_temp; $open_tag_count = 1; } ! $open_is_regexp = false; ! if ($open_regexp_replace) { $open_is_regexp = true; *************** *** 362,373 **** $open_regexp_replace[0] = $open_regexp_temp; } } ! if ($mark_lowest_level && $open_is_regexp) { message_die(GENERAL_ERROR, "Unsupported operation for bbcode_first_pass_pda()."); } - // Start at the 2nd char of the string, looking for opening tags. $curr_pos = 1; --- 360,370 ---- $open_regexp_replace[0] = $open_regexp_temp; } } ! if ($mark_lowest_level && $open_is_regexp) { message_die(GENERAL_ERROR, "Unsupported operation for bbcode_first_pass_pda()."); } // Start at the 2nd char of the string, looking for opening tags. $curr_pos = 1; *************** *** 383,411 **** $found_start = false; $which_start_tag = ""; $start_tag_index = -1; for ($i = 0; $i < $open_tag_count; $i++) { // Grab everything until the first "]"... ! $possible_start = substr($text, $curr_pos, strpos($text, "]", $curr_pos + 1) - $curr_pos + 1); // // We're going to try and catch usernames with "[' characters. // ! if( preg_match('/\[quote\=\\\\"/si', $possible_start) && !preg_match('/\[quote=\\\\"[^"]*\\\\"\]/si', $possible_start) ) { - // // OK we are in a quote tag that probably contains a ] bracket. // Grab a bit more of the string to hopefully get all of it.. ! // ! $possible_start = substr($text, $curr_pos, strpos($text, "\"]", $curr_pos + 1) - $curr_pos + 2); } ! // // Now compare, either using regexp or not. - if ($open_is_regexp) { $match_result = array(); - // PREG regexp comparison. if (preg_match($open_tag[$i], $possible_start, $match_result)) { $found_start = true; --- 380,411 ---- $found_start = false; $which_start_tag = ""; $start_tag_index = -1; + for ($i = 0; $i < $open_tag_count; $i++) { // Grab everything until the first "]"... ! $possible_start = substr($text, $curr_pos, strpos($text, ']', $curr_pos + 1) - $curr_pos + 1); // // We're going to try and catch usernames with "[' characters. // ! if( preg_match('#\[quote=\\\"#si', $possible_start, $match) && !preg_match('#\[quote=\\\"(.*?)\\\"\]#si', $possible_start) ) { // OK we are in a quote tag that probably contains a ] bracket. // Grab a bit more of the string to hopefully get all of it.. ! if ($close_pos = strpos($text, '"]', $curr_pos + 9)) ! { ! if (strpos(substr($text, $curr_pos + 9, $close_pos - ($curr_pos + 9)), '[quote') === false) ! { ! $possible_start = substr($text, $curr_pos, $close_pos - $curr_pos + 2); ! } ! } } ! // Now compare, either using regexp or not. if ($open_is_regexp) { $match_result = array(); if (preg_match($open_tag[$i], $possible_start, $match_result)) { $found_start = true; *************** *** 434,445 **** $match = array("pos" => $curr_pos, "tag" => $which_start_tag, "index" => $start_tag_index); bbcode_array_push($stack, $match); // ! // Rather than just increment $curr_pos ! // Set it to the ending of the tag we just found ! // Keeps error in nested tag from breaking out ! // of table structure.. ! // ! $curr_pos = $curr_pos + strlen($possible_start); } else { --- 434,445 ---- $match = array("pos" => $curr_pos, "tag" => $which_start_tag, "index" => $start_tag_index); bbcode_array_push($stack, $match); // ! // Rather than just increment $curr_pos ! // Set it to the ending of the tag we just found ! // Keeps error in nested tag from breaking out ! // of table structure.. ! // ! $curr_pos += strlen($possible_start); } else { *************** *** 522,529 **** { $match = bbcode_array_pop($stack); $curr_pos = $match['pos']; ! bbcode_array_push($stack, $match); ! ++$curr_pos; } else { --- 522,529 ---- { $match = bbcode_array_pop($stack); $curr_pos = $match['pos']; ! // bbcode_array_push($stack, $match); ! // ++$curr_pos; } else { *************** *** 572,586 **** { $before_replace = $matches[1][$i]; $after_replace = $matches[1][$i]; ! // Replace 2 spaces with "  " so non-tabbed code indents without making huge long lines. $after_replace = str_replace(" ", "  ", $after_replace); // now Replace 2 spaces with "  " to catch odd #s of spaces. $after_replace = str_replace(" ", "  ", $after_replace); ! // Replace tabs with "   " so tabbed code indents sorta right without making huge long lines. $after_replace = str_replace("\t", "   ", $after_replace); $str_to_match = "[code:1:$uid]" . $before_replace . "[/code:1:$uid]"; $replacement = $code_start_html; --- 572,589 ---- { $before_replace = $matches[1][$i]; $after_replace = $matches[1][$i]; ! // Replace 2 spaces with "  " so non-tabbed code indents without making huge long lines. $after_replace = str_replace(" ", "  ", $after_replace); // now Replace 2 spaces with "  " to catch odd #s of spaces. $after_replace = str_replace(" ", "  ", $after_replace); ! // Replace tabs with "   " so tabbed code indents sorta right without making huge long lines. $after_replace = str_replace("\t", "   ", $after_replace); + // now Replace space occurring at the beginning of a line + $after_replace = preg_replace("/^ {1}/m", ' ', $after_replace); + $str_to_match = "[code:1:$uid]" . $before_replace . "[/code:1:$uid]"; $replacement = $code_start_html; *************** *** 613,638 **** */ function make_clickable($text) { // pad it with a space so we can match things at the start of the 1st line. ! $ret = " " . $text; // matches an "xxxx://yyyy" URL at the start of a line, or after a space. // xxxx can only be alpha characters. ! // yyyy is anything up to the first space, newline, or comma. ! $ret = preg_replace("#([\n ])([a-z]+?)://([^\t <\n\r]+)#i", "\\1\\2://\\3", $ret); ! // matches a "www.xxxx.yyyy[/zzzz]" kinda lazy URL thing // Must contain at least 2 dots. xxxx contains either alphanum, or "-" ! // yyyy contains either alphanum, "-", or "." ! // zzzz is optional.. will contain everything up to the first space, newline, or comma. ! // This is slightly restrictive - it's not going to match stuff like "forums.foo.com" ! // This is to keep it from getting annoying and matching stuff that's not meant to be a link. ! $ret = preg_replace("#([\n ])www\.([a-z0-9\-]+)\.([a-z0-9\-.\~]+)((?:/[^\t <\n\r]*)?)#i", "\\1www.\\2.\\3\\4", $ret); // matches an email@domain type address at the start of a line, or after a space. // Note: Only the followed chars are valid; alphanums, "-", "_" and or ".". ! $ret = preg_replace("#([\n ])([a-z0-9\-_.]+?)@([\w\-]+\.([\w\-\.]+\.)?[\w]+)#i", "\\1\\2@\\3", $ret); // Remove our padding.. $ret = substr($ret, 1); --- 616,640 ---- */ function make_clickable($text) { + $text = preg_replace('#(script|about|applet|activex|chrome):#is', "\\1:", $text); // pad it with a space so we can match things at the start of the 1st line. ! $ret = ' ' . $text; // matches an "xxxx://yyyy" URL at the start of a line, or after a space. // xxxx can only be alpha characters. ! // yyyy is anything up to the first space, newline, comma, double quote or < ! $ret = preg_replace("#(^|[\n ])([\w]+?://[\w\#$%&~/.\-;:=,?@\[\]+]*)#is", "\\1\\2", $ret); ! // matches a "www|ftp.xxxx.yyyy[/zzzz]" kinda lazy URL thing // Must contain at least 2 dots. xxxx contains either alphanum, or "-" ! // zzzz is optional.. will contain everything up to the first space, newline, ! // comma, double quote or <. ! $ret = preg_replace("#(^|[\n ])((www|ftp)\.[\w\#$%&~/.\-;:=,?@\[\]+]*)#is", "\\1\\2", $ret); // matches an email@domain type address at the start of a line, or after a space. // Note: Only the followed chars are valid; alphanums, "-", "_" and or ".". ! $ret = preg_replace("#(^|[\n ])([a-z0-9&\-_.]+?)@([\w\-]+\.([\w\-\.]+\.)*[\w]+)#i", "\\1\\2@\\3", $ret); // Remove our padding.. $ret = substr($ret, 1); *************** *** 738,776 **** // function smilies_pass($message) { ! global $db, $board_config; ! static $smilies; ! if( empty($smilies) ) { ! $sql = "SELECT code, smile_url ! FROM " . SMILIES_TABLE; if( !$result = $db->sql_query($sql) ) { message_die(GENERAL_ERROR, "Couldn't obtain smilies data", "", __LINE__, __FILE__, $sql); } ! if( !$db->sql_numrows($result) ) { ! return $message; } ! $smilies = $db->sql_fetchrowset($result); ! } ! ! usort($smilies, 'smiley_sort'); ! for($i = 0; $i < count($smilies); $i++) ! { ! $orig[] = "/(?<=.\\W|\\W.|^\\W)" . phpbb_preg_quote($smilies[$i]['code'], "/") . "(?=.\\W|\\W.|\\W$)/"; ! $repl[] = '' . $smilies[$i]['smile_url'] . ''; } ! if( $i > 0 ) { $message = preg_replace($orig, $repl, ' ' . $message . ' '); $message = substr($message, 1, -1); } ! return $message; } --- 740,777 ---- // function smilies_pass($message) { ! static $orig, $repl; ! if (!isset($orig)) { ! global $db, $board_config; ! $orig = $repl = array(); ! ! $sql = 'SELECT * FROM ' . SMILIES_TABLE; if( !$result = $db->sql_query($sql) ) { message_die(GENERAL_ERROR, "Couldn't obtain smilies data", "", __LINE__, __FILE__, $sql); } + $smilies = $db->sql_fetchrowset($result); ! if (count($smilies)) { ! usort($smilies, 'smiley_sort'); } ! for ($i = 0; $i < count($smilies); $i++) ! { ! $orig[] = "/(?<=.\W|\W.|^\W)" . phpbb_preg_quote($smilies[$i]['code'], "/") . "(?=.\W|\W.|\W$)/"; ! $repl[] = '' . $smilies[$i]['emoticon'] . ''; ! } } ! if (count($orig)) { $message = preg_replace($orig, $repl, ' ' . $message . ' '); $message = substr($message, 1, -1); } ! return $message; } *************** *** 784,788 **** return ( strlen($a['code']) > strlen($b['code']) ) ? -1 : 1; } ! ! ?> --- 785,788 ---- return ( strlen($a['code']) > strlen($b['code']) ) ? -1 : 1; } ! ?> \ No newline at end of file diff -crN phpbb201/includes/constants.php phpbb2017/includes/constants.php *** phpbb201/includes/constants.php Sat Jul 10 20:16:15 2004 --- phpbb2017/includes/constants.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : ('C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: constants.php,v 1.47 2002/04/04 11:53:50 psotfx Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : ('C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: constants.php,v 1.47.2.5 2004/11/18 17:49:42 acydburn Exp $ * * ***************************************************************************/ *************** *** 27,33 **** // Debug Level //define('DEBUG', 1); // Debugging on ! define('DEBUG', 0); // Debugging off // User Levels <- Do not change the values of USER or ADMIN --- 27,33 ---- // Debug Level //define('DEBUG', 1); // Debugging on ! define('DEBUG', 1); // Debugging off // User Levels <- Do not change the values of USER or ADMIN *************** *** 148,153 **** --- 148,154 ---- // Table names + define('CONFIRM_TABLE', $table_prefix.'confirm'); define('AUTH_ACCESS_TABLE', $table_prefix.'auth_access'); define('BANLIST_TABLE', $table_prefix.'banlist'); define('CATEGORIES_TABLE', $table_prefix.'categories'); diff -crN phpbb201/includes/emailer.php phpbb2017/includes/emailer.php *** phpbb201/includes/emailer.php Sat Jul 10 20:16:15 2004 --- phpbb2017/includes/emailer.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** copyright : (C) 2001 The phpBB Group email : support@phpbb.com ! $Id: emailer.php,v 1.15.2.3 2002/05/20 00:21:38 psotfx Exp $ ***************************************************************************/ --- 6,12 ---- copyright : (C) 2001 The phpBB Group email : support@phpbb.com ! $Id: emailer.php,v 1.15.2.34 2003/07/26 11:41:35 acydburn Exp $ ***************************************************************************/ *************** *** 26,184 **** // class emailer { ! var $tpl_file; var $use_smtp; ! var $msg; ! var $mimeOut; ! var $arrPlaceHolders = array(); // an associative array that has the key = placeHolderName and val = placeHolderValue. ! var $subject, $extra_headers, $address; function emailer($use_smtp) { $this->use_smtp = $use_smtp; ! $this->tpl_file = NULL; ! $this->address = NULL; ! $this->msg = ''; ! $this->mimeOut = ''; } - // // Resets all the data (address, template file, etc etc to default - // function reset() { ! $this->tpl_file = ''; ! $this->address = ''; ! $this->msg = ''; ! $this->memOut = ''; ! $this->vars = ''; } - // // Sets an email address to send to - // function email_address($address) { ! $this->address = ''; ! $this->address .= $address; } - // // set up subject for mail - // function set_subject($subject = '') { ! $this->subject = $subject; } - // // set up extra mail headers - // function extra_headers($headers) { ! $this->extra_headers = $headers; } function use_template($template_file, $template_lang = '') { global $board_config, $phpbb_root_path; ! if ( $template_lang == '' ) { ! $template_lang = $board_config['default_lang']; } ! $this->tpl_file = $phpbb_root_path . 'language/lang_' . $template_lang . '/email/' . $template_file . '.tpl'; ! if ( !file_exists($this->tpl_file) ) { ! message_die(GENERAL_ERROR, 'Could not find email template file ' . $template_file, '', __LINE__, __FILE__); } ! if ( !$this->load_msg() ) { ! message_die(GENERAL_ERROR, 'Could not load email template file ' . $template_file, '', __LINE__, __FILE__); ! } ! return true; ! } ! // ! // Open the template file and read in the message ! // ! function load_msg() ! { ! if ( $this->tpl_file == NULL ) ! { ! message_die(GENERAL_ERROR, 'No template file set', '', __LINE__, __FILE__); ! } ! if ( !($fd = fopen($this->tpl_file, 'r')) ) ! { ! message_die(GENERAL_ERROR, 'Failed opening template file', '', __LINE__, __FILE__); } ! $this->msg .= fread($fd, filesize($this->tpl_file)); ! fclose($fd); return true; } function assign_vars($vars) { ! $this->vars = ( empty($this->vars) ) ? $vars : $this->vars . $vars; } ! function parse_email() { ! @reset($this->vars); ! while (list($key, $val) = @each($this->vars)) ! { ! $$key = $val; ! } // Escape all quotes, else the eval will fail. $this->msg = str_replace ("'", "\'", $this->msg); $this->msg = preg_replace('#\{([a-z0-9\-_]*?)\}#is', "' . $\\1 . '", $this->msg); eval("\$this->msg = '$this->msg';"); ! // // We now try and pull a subject from the email body ... if it exists, // do this here because the subject may contain a variable ! // $match = array(); ! preg_match("/^(Subject:(.*?)[\r\n]+?)?(Charset:(.*?)[\r\n]+?)?(.*?)$/is", $this->msg, $match); ! ! $this->msg = ( isset($match[5]) ) ? trim($match[5]) : ''; ! $this->subject = ( $this->subject != '' ) ? $this->subject : trim($match[2]); ! $this->encoding = ( trim($match[4]) != '' ) ? trim($match[4]) : 'iso-8859-1'; ! ! return true; ! } ! ! // ! // Send the mail out to the recipients set previously in var $this->address ! // ! function send() ! { ! global $phpEx, $phpbb_root_path; ! if ( $this->address == NULL ) { ! message_die(GENERAL_ERROR, 'No email address set', '', __LINE__, __FILE__); } ! if ( !$this->parse_email() ) { ! return false; } ! // ! // Add date and encoding type ! // ! $universal_extra = "MIME-Version: 1.0\nContent-type: text/plain; charset=" . $this->encoding . "\nContent-transfer-encoding: 8bit\nDate: " . gmdate('D, d M Y H:i:s', time()) . " UT\n"; ! $this->extra_headers = $universal_extra . $this->extra_headers; if ( $this->use_smtp ) { if ( !defined('SMTP_INCLUDED') ) --- 26,200 ---- // class emailer { ! var $msg, $subject, $extra_headers; ! var $addresses, $reply_to, $from; var $use_smtp; ! ! var $tpl_msg = array(); function emailer($use_smtp) { + $this->reset(); $this->use_smtp = $use_smtp; ! $this->reply_to = $this->from = ''; } // Resets all the data (address, template file, etc etc to default function reset() { ! $this->addresses = array(); ! $this->vars = $this->msg = $this->extra_headers = ''; } // Sets an email address to send to function email_address($address) { ! $this->addresses['to'] = trim($address); ! } ! ! function cc($address) ! { ! $this->addresses['cc'][] = trim($address); ! } ! ! function bcc($address) ! { ! $this->addresses['bcc'][] = trim($address); ! } ! ! function replyto($address) ! { ! $this->reply_to = trim($address); ! } ! ! function from($address) ! { ! $this->from = trim($address); } // set up subject for mail function set_subject($subject = '') { ! $this->subject = trim(preg_replace('#[\n\r]+#s', '', $subject)); } // set up extra mail headers function extra_headers($headers) { ! $this->extra_headers .= trim($headers) . "\n"; } function use_template($template_file, $template_lang = '') { global $board_config, $phpbb_root_path; ! if (trim($template_file) == '') { ! message_die(GENERAL_ERROR, 'No template file set', '', __LINE__, __FILE__); } ! if (trim($template_lang) == '') { ! $template_lang = $board_config['default_lang']; } ! if (empty($this->tpl_msg[$template_lang . $template_file])) { ! $tpl_file = $phpbb_root_path . 'language/lang_' . $template_lang . '/email/' . $template_file . '.tpl'; ! if (!@file_exists(@phpbb_realpath($tpl_file))) ! { ! $tpl_file = $phpbb_root_path . 'language/lang_' . $board_config['default_lang'] . '/email/' . $template_file . '.tpl'; ! if (!@file_exists(@phpbb_realpath($tpl_file))) ! { ! message_die(GENERAL_ERROR, 'Could not find email template file :: ' . $template_file, '', __LINE__, __FILE__); ! } ! } ! if (!($fd = @fopen($tpl_file, 'r'))) ! { ! message_die(GENERAL_ERROR, 'Failed opening template file :: ' . $tpl_file, '', __LINE__, __FILE__); ! } ! ! $this->tpl_msg[$template_lang . $template_file] = fread($fd, filesize($tpl_file)); ! fclose($fd); } ! $this->msg = $this->tpl_msg[$template_lang . $template_file]; return true; } + // assign variables function assign_vars($vars) { ! $this->vars = (empty($this->vars)) ? $vars : $this->vars . $vars; } ! // Send the mail out to the recipients set previously in var $this->address ! function send() { ! global $board_config, $lang, $phpEx, $phpbb_root_path, $db; // Escape all quotes, else the eval will fail. $this->msg = str_replace ("'", "\'", $this->msg); $this->msg = preg_replace('#\{([a-z0-9\-_]*?)\}#is', "' . $\\1 . '", $this->msg); + // Set vars + reset ($this->vars); + while (list($key, $val) = each($this->vars)) + { + $$key = $val; + } + eval("\$this->msg = '$this->msg';"); ! // Clear vars ! reset ($this->vars); ! while (list($key, $val) = each($this->vars)) ! { ! unset($$key); ! } ! // We now try and pull a subject from the email body ... if it exists, // do this here because the subject may contain a variable ! $drop_header = ''; $match = array(); ! if (preg_match('#^(Subject:(.*?))$#m', $this->msg, $match)) ! { ! $this->subject = (trim($match[2]) != '') ? trim($match[2]) : (($this->subject != '') ? $this->subject : 'No Subject'); ! $drop_header .= '[\r\n]*?' . phpbb_preg_quote($match[1], '#'); ! } ! else ! { ! $this->subject = (($this->subject != '') ? $this->subject : 'No Subject'); ! } ! if (preg_match('#^(Charset:(.*?))$#m', $this->msg, $match)) ! { ! $this->encoding = (trim($match[2]) != '') ? trim($match[2]) : trim($lang['ENCODING']); ! $drop_header .= '[\r\n]*?' . phpbb_preg_quote($match[1], '#'); ! } ! else { ! $this->encoding = trim($lang['ENCODING']); } ! if ($drop_header != '') { ! $this->msg = trim(preg_replace('#' . $drop_header . '#s', '', $this->msg)); } ! $to = $this->addresses['to']; + $cc = (count($this->addresses['cc'])) ? implode(', ', $this->addresses['cc']) : ''; + $bcc = (count($this->addresses['bcc'])) ? implode(', ', $this->addresses['bcc']) : ''; + + // Build header + $this->extra_headers = (($this->reply_to != '') ? "Reply-to: $this->reply_to\n" : '') . (($this->from != '') ? "From: $this->from\n" : "From: " . $board_config['board_email'] . "\n") . "Return-Path: " . $board_config['board_email'] . "\nMessage-ID: <" . md5(uniqid(time())) . "@" . $board_config['server_name'] . ">\nMIME-Version: 1.0\nContent-type: text/plain; charset=" . $this->encoding . "\nContent-transfer-encoding: 8bit\nDate: " . date('r', time()) . "\nX-Priority: 3\nX-MSMail-Priority: Normal\nX-Mailer: PHP\nX-MimeOLE: Produced By phpBB2\n" . $this->extra_headers . (($cc != '') ? "Cc: $cc\n" : '') . (($bcc != '') ? "Bcc: $bcc\n" : ''); + + // Send message ... removed $this->encode() from subject for time being if ( $this->use_smtp ) { if ( !defined('SMTP_INCLUDED') ) *************** *** 186,215 **** include($phpbb_root_path . 'includes/smtp.' . $phpEx); } ! $result = smtpmail($this->address, $this->subject, $this->msg, $this->extra_headers); } else { ! $result = @mail($this->address, $this->subject, $this->msg, $this->extra_headers); } ! if ( !$result ) { ! message_die(GENERAL_ERROR, 'Failed sending email', '', __LINE__, __FILE__); } return true; } // // Attach files via MIME. // function attachFile($filename, $mimetype = "application/octet-stream", $szFromAddress, $szFilenameToDisplay) { $mime_boundary = "--==================_846811060==_"; ! $this->mailMsg = '--' . $mime_boundary . "\nContent-Type: text/plain;\n\tcharset=\"iso-8859-1\"\n\n" . $this->mailMsg; if ($mime_filename) { --- 202,280 ---- include($phpbb_root_path . 'includes/smtp.' . $phpEx); } ! $result = smtpmail($to, $this->subject, $this->msg, $this->extra_headers); } else { ! $empty_to_header = ($to == '') ? TRUE : FALSE; ! $to = ($to == '') ? (($board_config['sendmail_fix']) ? ' ' : 'Undisclosed-recipients:;') : $to; ! ! $result = @mail($to, $this->subject, preg_replace("#(?msg), $this->extra_headers); ! ! if (!$result && !$board_config['sendmail_fix'] && $empty_to_header) ! { ! $to = ' '; ! ! $sql = "UPDATE " . CONFIG_TABLE . " ! SET config_value = '1' ! WHERE config_name = 'sendmail_fix'"; ! if (!$db->sql_query($sql)) ! { ! message_die(GENERAL_ERROR, 'Unable to update config table', '', __LINE__, __FILE__, $sql); ! } ! ! $board_config['sendmail_fix'] = 1; ! $result = @mail($to, $this->subject, preg_replace("#(?msg), $this->extra_headers); ! } } ! // Did it work? ! if (!$result) { ! message_die(GENERAL_ERROR, 'Failed sending email :: ' . (($this->use_smtp) ? 'SMTP' : 'PHP') . ' :: ' . $result, '', __LINE__, __FILE__); } return true; } + // Encodes the given string for proper display for this encoding ... nabbed + // from php.net and modified. There is an alternative encoding method which + // may produce lesd output but it's questionable as to its worth in this + // scenario IMO + function encode($str) + { + if ($this->encoding == '') + { + return $str; + } + + // define start delimimter, end delimiter and spacer + $end = "?="; + $start = "=?$this->encoding?B?"; + $spacer = "$end\r\n $start"; + + // determine length of encoded text within chunks and ensure length is even + $length = 75 - strlen($start) - strlen($end); + $length = floor($length / 2) * 2; + + // encode the string and split it into chunks with spacers after each chunk + $str = chunk_split(base64_encode($str), $length, $spacer); + + // remove trailing spacer and add start and end delimiters + $str = preg_replace('#' . phpbb_preg_quote($spacer, '#') . '$#', '', $str); + + return $start . $str . $end; + } // // Attach files via MIME. // function attachFile($filename, $mimetype = "application/octet-stream", $szFromAddress, $szFilenameToDisplay) { + global $lang; $mime_boundary = "--==================_846811060==_"; ! $this->msg = '--' . $mime_boundary . "\nContent-Type: text/plain;\n\tcharset=\"" . $lang['ENCODING'] . "\"\n\n" . $this->msg; if ($mime_filename) { *************** *** 292,298 **** // function encode_file($sourcefile) { ! if (is_readable($sourcefile)) { $fd = fopen($sourcefile, "r"); $contents = fread($fd, filesize($sourcefile)); --- 357,363 ---- // function encode_file($sourcefile) { ! if (is_readable(phpbb_realpath($sourcefile))) { $fd = fopen($sourcefile, "r"); $contents = fread($fd, filesize($sourcefile)); diff -crN phpbb201/includes/functions.php phpbb2017/includes/functions.php *** phpbb201/includes/functions.php Sat Jul 10 20:16:15 2004 --- phpbb2017/includes/functions.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: functions.php,v 1.133.2.2 2002/05/12 00:47:40 psotfx Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: functions.php,v 1.133.2.35 2005/07/19 20:01:11 acydburn Exp $ * * ***************************************************************************/ *************** *** 74,87 **** return false; } ! function get_userdata($user) { global $db; $sql = "SELECT * FROM " . USERS_TABLE . " WHERE "; ! $sql .= ( ( is_integer($user) ) ? "user_id = $user" : "username = '" . str_replace("\'", "''", $user) . "'" ) . " AND user_id <> " . ANONYMOUS; if ( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, 'Tried obtaining data for a non-existent user', '', __LINE__, __FILE__, $sql); --- 74,135 ---- return false; } ! // added at phpBB 2.0.11 to properly format the username ! function phpbb_clean_username($username) ! { ! $username = substr(htmlspecialchars(str_replace("\'", "'", trim($username))), 0, 25); ! $username = phpbb_rtrim($username, "\\"); ! $username = str_replace("'", "\'", $username); ! ! return $username; ! } ! ! // added at phpBB 2.0.12 to fix a bug in PHP 4.3.10 (only supporting charlist in php >= 4.1.0) ! function phpbb_rtrim($str, $charlist = false) ! { ! if ($charlist === false) ! { ! return rtrim($str); ! } ! ! $php_version = explode('.', PHP_VERSION); ! ! // php version < 4.1.0 ! if ((int) $php_version[0] < 4 || ((int) $php_version[0] == 4 && (int) $php_version[1] < 1)) ! { ! while ($str{strlen($str)-1} == $charlist) ! { ! $str = substr($str, 0, strlen($str)-1); ! } ! } ! else ! { ! $str = rtrim($str, $charlist); ! } ! ! return $str; ! } ! ! // ! // Get Userdata, $user can be username or user_id. If force_str is true, the username will be forced. ! // ! function get_userdata($user, $force_str = false) { global $db; + if (!is_numeric($user) || $force_str) + { + $user = phpbb_clean_username($user); + } + else + { + $user = intval($user); + } + $sql = "SELECT * FROM " . USERS_TABLE . " WHERE "; ! $sql .= ( ( is_integer($user) ) ? "user_id = $user" : "username = '" . $user . "'" ) . " AND user_id <> " . ANONYMOUS; if ( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, 'Tried obtaining data for a non-existent user', '', __LINE__, __FILE__, $sql); *************** *** 92,98 **** function make_jumpbox($action, $match_forum_id = 0) { ! global $template, $lang, $db, $SID, $nav_links, $phpEx; $sql = "SELECT c.cat_id, c.cat_title, c.cat_order FROM " . CATEGORIES_TABLE . " c, " . FORUMS_TABLE . " f --- 140,148 ---- function make_jumpbox($action, $match_forum_id = 0) { ! global $template, $userdata, $lang, $db, $nav_links, $phpEx, $SID; ! ! // $is_auth = auth(AUTH_VIEW, AUTH_LIST_ALL, $userdata); $sql = "SELECT c.cat_id, c.cat_title, c.cat_order FROM " . CATEGORIES_TABLE . " c, " . FORUMS_TABLE . " f *************** *** 120,126 **** message_die(GENERAL_ERROR, 'Could not obtain forums information', '', __LINE__, __FILE__, $sql); } ! $boxstring = ''; $forum_rows = array(); while ( $row = $db->sql_fetchrow($result) ) *************** *** 137,142 **** --- 187,195 ---- { if ( $forum_rows[$j]['cat_id'] == $category_rows[$i]['cat_id'] && $forum_rows[$j]['auth_view'] <= AUTH_REG ) { + + // if ( $forum_rows[$j]['cat_id'] == $category_rows[$i]['cat_id'] && $is_auth[$forum_rows[$j]['forum_id']]['auth_view'] ) + // { $selected = ( $forum_rows[$j]['forum_id'] == $match_forum_id ) ? 'selected="selected"' : ''; $boxstring_forums .= ''; *************** *** 166,178 **** } else { ! $boxstring .= ''; } ! if ( isset($SID) ) ! { ! $boxstring .= ''; ! } $template->set_filenames(array( 'jumpbox' => 'jumpbox.tpl') --- 219,232 ---- } else { ! $boxstring .= ''; } ! // Let the jumpbox work again in sites having additional session id checks. ! // if ( !empty($SID) ) ! // { ! $boxstring .= ''; ! // } $template->set_filenames(array( 'jumpbox' => 'jumpbox.tpl') *************** *** 196,201 **** --- 250,256 ---- { global $board_config, $theme, $images; global $template, $lang, $phpEx, $phpbb_root_path; + global $nav_links; if ( $userdata['user_id'] != ANONYMOUS ) { *************** *** 215,221 **** } } ! if ( !file_exists($phpbb_root_path . 'language/lang_' . $board_config['default_lang'] . '/lang_main.'.$phpEx) ) { $board_config['default_lang'] = 'english'; } --- 270,276 ---- } } ! if ( !file_exists(@phpbb_realpath($phpbb_root_path . 'language/lang_' . $board_config['default_lang'] . '/lang_main.'.$phpEx)) ) { $board_config['default_lang'] = 'english'; } *************** *** 224,230 **** if ( defined('IN_ADMIN') ) { ! if( !file_exists($phpbb_root_path . 'language/lang_' . $board_config['default_lang'] . '/lang_admin.'.$phpEx) ) { $board_config['default_lang'] = 'english'; } --- 279,285 ---- if ( defined('IN_ADMIN') ) { ! if( !file_exists(@phpbb_realpath($phpbb_root_path . 'language/lang_' . $board_config['default_lang'] . '/lang_admin.'.$phpEx)) ) { $board_config['default_lang'] = 'english'; } *************** *** 248,253 **** --- 303,331 ---- $theme = setup_style($board_config['default_style']); + // + // Mozilla navigation bar + // Default items that should be valid on all pages. + // Defined here to correctly assign the Language Variables + // and be able to change the variables within code. + // + $nav_links['top'] = array ( + 'url' => append_sid($phpbb_root_path . 'index.' . $phpEx), + 'title' => sprintf($lang['Forum_Index'], $board_config['sitename']) + ); + $nav_links['search'] = array ( + 'url' => append_sid($phpbb_root_path . 'search.' . $phpEx), + 'title' => $lang['Search'] + ); + $nav_links['help'] = array ( + 'url' => append_sid($phpbb_root_path . 'faq.' . $phpEx), + 'title' => $lang['FAQ'] + ); + $nav_links['author'] = array ( + 'url' => append_sid($phpbb_root_path . 'memberlist.' . $phpEx), + 'title' => $lang['Memberlist'] + ); + return; } *************** *** 271,277 **** $template_path = 'templates/' ; $template_name = $row['template_name'] ; ! $template = new Template($phpbb_root_path . $template_path . $template_name, $board_config, $db); if ( $template ) { --- 349,355 ---- $template_path = 'templates/' ; $template_name = $row['template_name'] ; ! $template = new Template($phpbb_root_path . $template_path . $template_name); if ( $template ) { *************** *** 283,289 **** message_die(CRITICAL_ERROR, "Could not open $template_name template config file", '', __LINE__, __FILE__); } ! $img_lang = ( file_exists($current_template_path . '/images/lang_' . $board_config['default_lang']) ) ? $board_config['default_lang'] : 'english'; while( list($key, $value) = @each($images) ) { --- 361,367 ---- message_die(CRITICAL_ERROR, "Could not open $template_name template config file", '', __LINE__, __FILE__); } ! $img_lang = ( file_exists(@phpbb_realpath($phpbb_root_path . $current_template_path . '/images/lang_' . $board_config['default_lang'])) ) ? $board_config['default_lang'] : 'english'; while( list($key, $value) = @each($images) ) { *************** *** 491,500 **** // function message_die($msg_code, $msg_text = '', $msg_title = '', $err_line = '', $err_file = '', $sql = '') { ! global $db, $template, $board_config, $theme, $lang, $phpEx, $phpbb_root_path, $nav_links, $gen_simple_header; global $userdata, $user_ip, $session_length; global $starttime; $sql_store = $sql; // --- 569,586 ---- // function message_die($msg_code, $msg_text = '', $msg_title = '', $err_line = '', $err_file = '', $sql = '') { ! global $db, $template, $board_config, $theme, $lang, $phpEx, $phpbb_root_path, $nav_links, $gen_simple_header, $images; global $userdata, $user_ip, $session_length; global $starttime; + if(defined('HAS_DIED')) + { + die("message_die() was called multiple times. This isn't supposed to happen. Was message_die() used in page_tail.php?"); + } + + define('HAS_DIED', 1); + + $sql_store = $sql; // *************** *** 519,525 **** if ( $err_line != '' && $err_file != '' ) { ! $debug_text .= '

Line : ' . $err_line . '
File : ' . $err_file; } } --- 605,611 ---- if ( $err_line != '' && $err_file != '' ) { ! $debug_text .= '

Line : ' . $err_line . '
File : ' . basename($err_file); } } *************** *** 668,673 **** --- 754,806 ---- echo "\n\n" . $msg_title . "\n

\n" . $msg_text . "\n"; } + exit; + } + + // + // This function is for compatibility with PHP 4.x's realpath() + // function. In later versions of PHP, it needs to be called + // to do checks with some functions. Older versions of PHP don't + // seem to need this, so we'll just return the original value. + // dougk_ff7 + function phpbb_realpath($path) + { + global $phpbb_root_path, $phpEx; + + return (!@function_exists('realpath') || !@realpath($phpbb_root_path . 'includes/functions.'.$phpEx)) ? $path : @realpath($path); + } + + function redirect($url) + { + global $db, $board_config; + + if (!empty($db)) + { + $db->sql_close(); + } + + if (strstr(urldecode($url), "\n") || strstr(urldecode($url), "\r")) + { + message_die(GENERAL_ERROR, 'Tried to redirect to potentially insecure url.'); + } + + $server_protocol = ($board_config['cookie_secure']) ? 'https://' : 'http://'; + $server_name = preg_replace('#^\/?(.*?)\/?$#', '\1', trim($board_config['server_name'])); + $server_port = ($board_config['server_port'] <> 80) ? ':' . trim($board_config['server_port']) : ''; + $script_name = preg_replace('#^\/?(.*?)\/?$#', '\1', trim($board_config['script_path'])); + $script_name = ($script_name == '') ? $script_name : '/' . $script_name; + $url = preg_replace('#^\/?(.*?)\/?$#', '/\1', trim($url)); + + // Redirect via an HTML form for PITA webservers + if (@preg_match('/Microsoft|WebSTAR|Xitami/', getenv('SERVER_SOFTWARE'))) + { + header('Refresh: 0; URL=' . $server_protocol . $server_name . $server_port . $script_name . $url); + echo 'Redirect
If your browser does not support meta redirection please click HERE to be redirected
'; + exit; + } + + // Behave as per HTTP/1.1 spec for others + header('Location: ' . $server_protocol . $server_name . $server_port . $script_name . $url); exit; } diff -crN phpbb201/includes/functions_admin.php phpbb2017/includes/functions_admin.php *** phpbb201/includes/functions_admin.php Sat Jul 10 20:16:15 2004 --- phpbb2017/includes/functions_admin.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: functions_admin.php,v 1.5.2.2 2002/05/17 13:13:35 psotfx Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: functions_admin.php,v 1.5.2.3 2002/07/19 17:03:47 psotfx Exp $ * * ***************************************************************************/ *************** *** 24,30 **** // // Simple version of jumpbox, just lists authed forums // ! function make_forum_select($box_name, $ignore_forum = false) { global $db, $userdata; --- 24,30 ---- // // Simple version of jumpbox, just lists authed forums // ! function make_forum_select($box_name, $ignore_forum = false, $select_forum = '') { global $db, $userdata; *************** *** 43,49 **** { if ( $is_auth_ary[$row['forum_id']]['auth_read'] && $ignore_forum != $row['forum_id'] ) { ! $forum_list .= ''; } } --- 43,50 ---- { if ( $is_auth_ary[$row['forum_id']]['auth_read'] && $ignore_forum != $row['forum_id'] ) { ! $selected = ( $select_forum == $row['forum_id'] ) ? ' selected="selected"' : ''; ! $forum_list .= ''; } } diff -crN phpbb201/includes/functions_post.php phpbb2017/includes/functions_post.php *** phpbb201/includes/functions_post.php Sat Jul 10 20:16:16 2004 --- phpbb2017/includes/functions_post.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: functions_post.php,v 1.9.2.7 2002/05/20 00:21:38 psotfx Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: functions_post.php,v 1.9.2.37 2004/11/18 17:49:44 acydburn Exp $ * * ***************************************************************************/ *************** *** 20,31 **** * ***************************************************************************/ ! if ( !defined('IN_PHPBB') ) { die('Hacking attempt'); } ! $html_entities_match = array('#&#', '#<#', '#>#'); $html_entities_replace = array('&', '<', '>'); $unhtml_specialchars_match = array('#>#', '#<#', '#"#', '#&#'); --- 20,31 ---- * ***************************************************************************/ ! if (!defined('IN_PHPBB')) { die('Hacking attempt'); } ! $html_entities_match = array('#&(?!(\#[0-9]+;))#', '#<#', '#>#'); $html_entities_replace = array('&', '<', '>'); $unhtml_specialchars_match = array('#>#', '#<#', '#"#', '#&#'); *************** *** 37,52 **** // function prepare_message($message, $html_on, $bbcode_on, $smile_on, $bbcode_uid = 0) { ! global $board_config; ! global $html_entities_match, $html_entities_replace; ! global $code_entities_match, $code_entities_replace; // // Clean up the message // $message = trim($message); ! if ( $html_on ) { $allowed_html_tags = split(',', $board_config['allow_html_tags']); --- 37,50 ---- // function prepare_message($message, $html_on, $bbcode_on, $smile_on, $bbcode_uid = 0) { ! global $board_config, $html_entities_match, $html_entities_replace; // // Clean up the message // $message = trim($message); ! if ($html_on) { $allowed_html_tags = split(',', $board_config['allow_html_tags']); *************** *** 55,87 **** $tmp_message = ''; $message = ' ' . $message . ' '; ! while ( $start_html = strpos($message, '<', $start_html) ) { ! $tmp_message .= preg_replace($html_entities_match, $html_entities_replace, substr($message, $end_html + 1, ( $start_html - $end_html - 1 ))); ! if ( $end_html = strpos($message, '>', $start_html) ) { $length = $end_html - $start_html + 1; $hold_string = substr($message, $start_html, $length); ! if ( ( $unclosed_open = strrpos(' ' . $hold_string, '<') ) != 1 ) { $tmp_message .= preg_replace($html_entities_match, $html_entities_replace, substr($hold_string, 0, $unclosed_open - 1)); $hold_string = substr($hold_string, $unclosed_open - 1); } $tagallowed = false; ! for($i = 0; $i < sizeof($allowed_html_tags); $i++) { $match_tag = trim($allowed_html_tags[$i]); ! ! if ( preg_match('/^<\/?' . $match_tag . '\b/i', $hold_string) ) { ! $tagallowed = true; } } ! $tmp_message .= ( $length && !$tagallowed ) ? preg_replace($html_entities_match, $html_entities_replace, $hold_string) : $hold_string; $start_html += $length; } --- 53,84 ---- $tmp_message = ''; $message = ' ' . $message . ' '; ! while ($start_html = strpos($message, '<', $start_html)) { ! $tmp_message .= preg_replace($html_entities_match, $html_entities_replace, substr($message, $end_html + 1, ($start_html - $end_html - 1))); ! if ($end_html = strpos($message, '>', $start_html)) { $length = $end_html - $start_html + 1; $hold_string = substr($message, $start_html, $length); ! if (($unclosed_open = strrpos(' ' . $hold_string, '<')) != 1) { $tmp_message .= preg_replace($html_entities_match, $html_entities_replace, substr($hold_string, 0, $unclosed_open - 1)); $hold_string = substr($hold_string, $unclosed_open - 1); } $tagallowed = false; ! for ($i = 0; $i < sizeof($allowed_html_tags); $i++) { $match_tag = trim($allowed_html_tags[$i]); ! if (preg_match('#^<\/?' . $match_tag . '[> ]#i', $hold_string)) { ! $tagallowed = (preg_match('#^<\/?' . $match_tag . ' .*?(style[\t ]*?=|on[\w]+[\t ]*?=)#i', $hold_string)) ? false : true; } } ! $tmp_message .= ($length && !$tagallowed) ? preg_replace($html_entities_match, $html_entities_replace, $hold_string) : $hold_string; $start_html += $length; } *************** *** 94,112 **** } } ! if ( $end_html != strlen($message) && $tmp_message != '' ) { $tmp_message .= preg_replace($html_entities_match, $html_entities_replace, substr($message, $end_html + 1)); } ! $message = ( $tmp_message != '' ) ? trim($tmp_message) : trim($message); } else { $message = preg_replace($html_entities_match, $html_entities_replace, $message); } ! if( $bbcode_on && $bbcode_uid != '' ) { $message = bbencode_first_pass($message, $bbcode_uid); } --- 91,109 ---- } } ! if (!$end_html || ($end_html != strlen($message) && $tmp_message != '')) { $tmp_message .= preg_replace($html_entities_match, $html_entities_replace, substr($message, $end_html + 1)); } ! $message = ($tmp_message != '') ? trim($tmp_message) : trim($message); } else { $message = preg_replace($html_entities_match, $html_entities_replace, $message); } ! if($bbcode_on && $bbcode_uid != '') { $message = bbencode_first_pass($message, $bbcode_uid); } *************** *** 129,207 **** global $board_config, $userdata, $lang, $phpEx, $phpbb_root_path; // Check username ! if ( !empty($username) ) { ! $username = htmlspecialchars(trim(strip_tags($username))); ! if ( !$userdata['session_logged_in'] || ( $userdata['session_logged_in'] && $username != $userdata['username'] ) ) { include($phpbb_root_path . 'includes/functions_validate.'.$phpEx); $result = validate_username($username); ! if ( $result['error'] ) { ! $error_msg .= ( !empty($error_msg) ) ? '
' . $result['error_msg'] : $result['error_msg']; } } } // Check subject ! if ( !empty($subject) ) { $subject = htmlspecialchars(trim($subject)); } ! else if ( $mode == 'newtopic' || ( $mode == 'editpost' && $post_data['first_post'] ) ) { ! $error_msg .= ( !empty($error_msg) ) ? '
' . $lang['Empty_subject'] : $lang['Empty_subject']; } // Check message ! if ( !empty($message) ) { ! $bbcode_uid = ( $bbcode_on ) ? make_bbcode_uid() : ''; $message = prepare_message(trim($message), $html_on, $bbcode_on, $smilies_on, $bbcode_uid); } ! else if ( $mode != 'delete' && $mode != 'polldelete' ) { ! $error_msg .= ( !empty($error_msg) ) ? '
' . $lang['Empty_message'] : $lang['Empty_message']; } // // Handle poll stuff // ! if ( $mode == 'newtopic' || ( $mode == 'editpost' && $post_data['first_post'] ) ) { ! $poll_length = ( isset($poll_length) ) ? max(0, intval($poll_length)) : 0; ! if ( !empty($poll_title) ) { $poll_title = htmlspecialchars(trim($poll_title)); } ! if( !empty($poll_options) ) { $temp_option_text = array(); ! while( list($option_id, $option_text) = @each($poll_options) ) { $option_text = trim($option_text); ! if ( !empty($option_text) ) { $temp_option_text[$option_id] = htmlspecialchars($option_text); } } $option_text = $temp_option_text; ! if ( count($poll_options) < 2 ) { ! $error_msg .= ( !empty($error_msg) ) ? '
' . $lang['To_few_poll_options'] : $lang['To_few_poll_options']; } ! else if ( count($poll_options) > $board_config['max_poll_options'] ) { ! $error_msg .= ( !empty($error_msg) ) ? '
' . $lang['To_many_poll_options'] : $lang['To_many_poll_options']; } ! else if ( $poll_title == '' ) { ! $error_msg .= ( !empty($error_msg) ) ? '
' . $lang['Empty_poll_title'] : $lang['Empty_poll_title']; } } } --- 126,208 ---- global $board_config, $userdata, $lang, $phpEx, $phpbb_root_path; // Check username ! if (!empty($username)) { ! $username = phpbb_clean_username($username); ! if (!$userdata['session_logged_in'] || ($userdata['session_logged_in'] && $username != $userdata['username'])) { include($phpbb_root_path . 'includes/functions_validate.'.$phpEx); $result = validate_username($username); ! if ($result['error']) { ! $error_msg .= (!empty($error_msg)) ? '
' . $result['error_msg'] : $result['error_msg']; } } + else + { + $username = ''; + } } // Check subject ! if (!empty($subject)) { $subject = htmlspecialchars(trim($subject)); } ! else if ($mode == 'newtopic' || ($mode == 'editpost' && $post_data['first_post'])) { ! $error_msg .= (!empty($error_msg)) ? '
' . $lang['Empty_subject'] : $lang['Empty_subject']; } // Check message ! if (!empty($message)) { ! $bbcode_uid = ($bbcode_on) ? make_bbcode_uid() : ''; $message = prepare_message(trim($message), $html_on, $bbcode_on, $smilies_on, $bbcode_uid); } ! else if ($mode != 'delete' && $mode != 'poll_delete') { ! $error_msg .= (!empty($error_msg)) ? '
' . $lang['Empty_message'] : $lang['Empty_message']; } // // Handle poll stuff // ! if ($mode == 'newtopic' || ($mode == 'editpost' && $post_data['first_post'])) { ! $poll_length = (isset($poll_length)) ? max(0, intval($poll_length)) : 0; ! if (!empty($poll_title)) { $poll_title = htmlspecialchars(trim($poll_title)); } ! if(!empty($poll_options)) { $temp_option_text = array(); ! while(list($option_id, $option_text) = @each($poll_options)) { $option_text = trim($option_text); ! if (!empty($option_text)) { $temp_option_text[$option_id] = htmlspecialchars($option_text); } } $option_text = $temp_option_text; ! if (count($poll_options) < 2) { ! $error_msg .= (!empty($error_msg)) ? '
' . $lang['To_few_poll_options'] : $lang['To_few_poll_options']; } ! else if (count($poll_options) > $board_config['max_poll_options']) { ! $error_msg .= (!empty($error_msg)) ? '
' . $lang['To_many_poll_options'] : $lang['To_many_poll_options']; } ! else if ($poll_title == '') { ! $error_msg .= (!empty($error_msg)) ? '
' . $lang['Empty_poll_title'] : $lang['Empty_poll_title']; } } } *************** *** 221,317 **** $current_time = time(); ! if ( $mode == 'newtopic' || $mode == 'reply' ) { // // Flood control // ! $where_sql = ( $userdata['user_id'] == ANONYMOUS ) ? "poster_ip = '$user_ip'" : 'poster_id = ' . $userdata['user_id']; $sql = "SELECT MAX(post_time) AS last_post_time FROM " . POSTS_TABLE . " WHERE $where_sql"; ! if ( $result = $db->sql_query($sql) ) { ! if ( $row = $db->sql_fetchrow($result) ) { ! if ( $row['last_post_time'] > 0 && ( $current_time - $row['last_post_time'] ) < $board_config['flood_interval'] ) { message_die(GENERAL_MESSAGE, $lang['Flood_Error']); } } } } ! else if ( $mode == 'editpost' ) { remove_search_post($post_id); } ! if ( $mode == 'newtopic' || ( $mode == 'editpost' && $post_data['first_post'] ) ) { ! $topic_vote = ( !empty($poll_title) && count($poll_options) >= 2 ) ? 1 : 0; ! $sql = ( $mode != "editpost" ) ? "INSERT INTO " . TOPICS_TABLE . " (topic_title, topic_poster, topic_time, forum_id, topic_status, topic_type, topic_vote) VALUES ('$post_subject', " . $userdata['user_id'] . ", $current_time, $forum_id, " . TOPIC_UNLOCKED . ", $topic_type, $topic_vote)" : "UPDATE " . TOPICS_TABLE . " SET topic_title = '$post_subject', topic_type = $topic_type, topic_vote = $topic_vote WHERE topic_id = $topic_id"; ! if ( !$db->sql_query($sql) ) { message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql); } ! if ( $mode == 'newtopic' ) { $topic_id = $db->sql_nextid(); } } ! $edited_sql = ( $mode == 'editpost' && !$post_data['last_post'] && $post_data['poster_post'] ) ? ", post_edit_time = $current_time, post_edit_count = post_edit_count + 1 " : ""; ! $sql = ( $mode != "editpost" ) ? "INSERT INTO " . POSTS_TABLE . " (topic_id, forum_id, poster_id, post_username, post_time, poster_ip, enable_bbcode, enable_html, enable_smilies, enable_sig) VALUES ($topic_id, $forum_id, " . $userdata['user_id'] . ", '$post_username', $current_time, '$user_ip', $bbcode_on, $html_on, $smilies_on, $attach_sig)" : "UPDATE " . POSTS_TABLE . " SET enable_bbcode = $bbcode_on, enable_html = $html_on, enable_smilies = $smilies_on, enable_sig = $attach_sig" . $edited_sql . " WHERE post_id = $post_id"; ! if ( !$db->sql_query($sql, BEGIN_TRANSACTION) ) { message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql); } ! if ( $mode != 'editpost' ) { $post_id = $db->sql_nextid(); } ! $sql = ( $mode != 'editpost' ) ? "INSERT INTO " . POSTS_TEXT_TABLE . " (post_id, post_subject, bbcode_uid, post_text) VALUES ($post_id, '$post_subject', '$bbcode_uid', '$post_message')" : "UPDATE " . POSTS_TEXT_TABLE . " SET post_text = '$post_message', bbcode_uid = '$bbcode_uid', post_subject = '$post_subject' WHERE post_id = $post_id"; ! if ( !$db->sql_query($sql) ) { message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql); } ! add_search_words($post_id, stripslashes($post_message), stripslashes($post_subject)); // // Add poll // ! if ( ( $mode == 'newtopic' || $mode == 'editpost' ) && !empty($poll_title) && count($poll_options) >= 2 ) { ! $sql = ( !$post_data['has_poll'] ) ? "INSERT INTO " . VOTE_DESC_TABLE . " (topic_id, vote_text, vote_start, vote_length) VALUES ($topic_id, '$poll_title', $current_time, " . ( $poll_length * 86400 ) . ")" : "UPDATE " . VOTE_DESC_TABLE . " SET vote_text = '$poll_title', vote_length = " . ( $poll_length * 86400 ) . " WHERE topic_id = $topic_id"; ! if ( !$db->sql_query($sql) ) { message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql); } $delete_option_sql = ''; $old_poll_result = array(); ! if ( $mode == 'editpost' && $post_data['has_poll'] ) { $sql = "SELECT vote_option_id, vote_result FROM " . VOTE_RESULTS_TABLE . " WHERE vote_id = $poll_id ORDER BY vote_option_id ASC"; ! if ( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, 'Could not obtain vote data results for this topic', '', __LINE__, __FILE__, $sql); } ! while ( $row = $db->sql_fetchrow($result) ) { $old_poll_result[$row['vote_option_id']] = $row['vote_result']; ! if ( !isset($poll_options[$row['vote_option_id']]) ) { ! $delete_option_sql .= ( $delete_option_sql != '' ) ? ', ' . $row['vote_option_id'] : $row['vote_option_id']; } } } --- 222,320 ---- $current_time = time(); ! if ($mode == 'newtopic' || $mode == 'reply' || $mode == 'editpost') { // // Flood control // ! $where_sql = ($userdata['user_id'] == ANONYMOUS) ? "poster_ip = '$user_ip'" : 'poster_id = ' . $userdata['user_id']; $sql = "SELECT MAX(post_time) AS last_post_time FROM " . POSTS_TABLE . " WHERE $where_sql"; ! if ($result = $db->sql_query($sql)) { ! if ($row = $db->sql_fetchrow($result)) { ! if (intval($row['last_post_time']) > 0 && ($current_time - intval($row['last_post_time'])) < intval($board_config['flood_interval'])) { message_die(GENERAL_MESSAGE, $lang['Flood_Error']); } } } } ! ! if ($mode == 'editpost') { remove_search_post($post_id); } ! if ($mode == 'newtopic' || ($mode == 'editpost' && $post_data['first_post'])) { ! $topic_vote = (!empty($poll_title) && count($poll_options) >= 2) ? 1 : 0; ! ! $sql = ($mode != "editpost") ? "INSERT INTO " . TOPICS_TABLE . " (topic_title, topic_poster, topic_time, forum_id, topic_status, topic_type, topic_vote) VALUES ('$post_subject', " . $userdata['user_id'] . ", $current_time, $forum_id, " . TOPIC_UNLOCKED . ", $topic_type, $topic_vote)" : "UPDATE " . TOPICS_TABLE . " SET topic_title = '$post_subject', topic_type = $topic_type " . (($post_data['edit_vote'] || !empty($poll_title)) ? ", topic_vote = " . $topic_vote : "") . " WHERE topic_id = $topic_id"; ! if (!$db->sql_query($sql)) { message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql); } ! if ($mode == 'newtopic') { $topic_id = $db->sql_nextid(); } } ! $edited_sql = ($mode == 'editpost' && !$post_data['last_post'] && $post_data['poster_post']) ? ", post_edit_time = $current_time, post_edit_count = post_edit_count + 1 " : ""; ! $sql = ($mode != "editpost") ? "INSERT INTO " . POSTS_TABLE . " (topic_id, forum_id, poster_id, post_username, post_time, poster_ip, enable_bbcode, enable_html, enable_smilies, enable_sig) VALUES ($topic_id, $forum_id, " . $userdata['user_id'] . ", '$post_username', $current_time, '$user_ip', $bbcode_on, $html_on, $smilies_on, $attach_sig)" : "UPDATE " . POSTS_TABLE . " SET post_username = '$post_username', enable_bbcode = $bbcode_on, enable_html = $html_on, enable_smilies = $smilies_on, enable_sig = $attach_sig" . $edited_sql . " WHERE post_id = $post_id"; ! if (!$db->sql_query($sql, BEGIN_TRANSACTION)) { message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql); } ! if ($mode != 'editpost') { $post_id = $db->sql_nextid(); } ! $sql = ($mode != 'editpost') ? "INSERT INTO " . POSTS_TEXT_TABLE . " (post_id, post_subject, bbcode_uid, post_text) VALUES ($post_id, '$post_subject', '$bbcode_uid', '$post_message')" : "UPDATE " . POSTS_TEXT_TABLE . " SET post_text = '$post_message', bbcode_uid = '$bbcode_uid', post_subject = '$post_subject' WHERE post_id = $post_id"; ! if (!$db->sql_query($sql)) { message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql); } ! add_search_words('single', $post_id, stripslashes($post_message), stripslashes($post_subject)); // // Add poll // ! if (($mode == 'newtopic' || ($mode == 'editpost' && $post_data['edit_poll'])) && !empty($poll_title) && count($poll_options) >= 2) { ! $sql = (!$post_data['has_poll']) ? "INSERT INTO " . VOTE_DESC_TABLE . " (topic_id, vote_text, vote_start, vote_length) VALUES ($topic_id, '$poll_title', $current_time, " . ($poll_length * 86400) . ")" : "UPDATE " . VOTE_DESC_TABLE . " SET vote_text = '$poll_title', vote_length = " . ($poll_length * 86400) . " WHERE topic_id = $topic_id"; ! if (!$db->sql_query($sql)) { message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql); } $delete_option_sql = ''; $old_poll_result = array(); ! if ($mode == 'editpost' && $post_data['has_poll']) { $sql = "SELECT vote_option_id, vote_result FROM " . VOTE_RESULTS_TABLE . " WHERE vote_id = $poll_id ORDER BY vote_option_id ASC"; ! if (!($result = $db->sql_query($sql))) { message_die(GENERAL_ERROR, 'Could not obtain vote data results for this topic', '', __LINE__, __FILE__, $sql); } ! while ($row = $db->sql_fetchrow($result)) { $old_poll_result[$row['vote_option_id']] = $row['vote_result']; ! if (!isset($poll_options[$row['vote_option_id']])) { ! $delete_option_sql .= ($delete_option_sql != '') ? ', ' . $row['vote_option_id'] : $row['vote_option_id']; } } } *************** *** 323,337 **** @reset($poll_options); $poll_option_id = 1; ! while ( list($option_id, $option_text) = each($poll_options) ) { ! if ( !empty($option_text) ) { ! $option_text = str_replace("\'", "''", $option_text); ! $poll_result = ( $mode == "editpost" && isset($old_poll_result[$option_id]) ) ? $old_poll_result[$option_id] : 0; ! $sql = ( $mode != "editpost" || !isset($old_poll_result[$option_id]) ) ? "INSERT INTO " . VOTE_RESULTS_TABLE . " (vote_id, vote_option_id, vote_option_text, vote_result) VALUES ($poll_id, $poll_option_id, '$option_text', $poll_result)" : "UPDATE " . VOTE_RESULTS_TABLE . " SET vote_option_text = '$option_text', vote_result = $poll_result WHERE vote_option_id = $option_id AND vote_id = $poll_id"; ! if ( !$db->sql_query($sql) ) { message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql); } --- 326,340 ---- @reset($poll_options); $poll_option_id = 1; ! while (list($option_id, $option_text) = each($poll_options)) { ! if (!empty($option_text)) { ! $option_text = str_replace("\'", "''", htmlspecialchars($option_text)); ! $poll_result = ($mode == "editpost" && isset($old_poll_result[$option_id])) ? $old_poll_result[$option_id] : 0; ! $sql = ($mode != "editpost" || !isset($old_poll_result[$option_id])) ? "INSERT INTO " . VOTE_RESULTS_TABLE . " (vote_id, vote_option_id, vote_option_text, vote_result) VALUES ($poll_id, $poll_option_id, '$option_text', $poll_result)" : "UPDATE " . VOTE_RESULTS_TABLE . " SET vote_option_text = '$option_text', vote_result = $poll_result WHERE vote_option_id = $option_id AND vote_id = $poll_id"; ! if (!$db->sql_query($sql)) { message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql); } *************** *** 339,350 **** } } ! if ( $delete_option_sql != '' ) { $sql = "DELETE FROM " . VOTE_RESULTS_TABLE . " WHERE vote_option_id IN ($delete_option_sql) AND vote_id = $poll_id"; ! if ( !$db->sql_query($sql) ) { message_die(GENERAL_ERROR, 'Error deleting pruned poll options', '', __LINE__, __FILE__, $sql); } --- 342,353 ---- } } ! if ($delete_option_sql != '') { $sql = "DELETE FROM " . VOTE_RESULTS_TABLE . " WHERE vote_option_id IN ($delete_option_sql) AND vote_id = $poll_id"; ! if (!$db->sql_query($sql)) { message_die(GENERAL_ERROR, 'Error deleting pruned poll options', '', __LINE__, __FILE__, $sql); } *************** *** 364,378 **** { global $db; ! $sign = ( $mode == 'delete' ) ? '- 1' : '+ 1'; $forum_update_sql = "forum_posts = forum_posts $sign"; $topic_update_sql = ''; ! if ( $mode == 'delete' ) { ! if ( $post_data['last_post'] ) { ! if ( $post_data['first_post'] ) { $forum_update_sql .= ', forum_topics = forum_topics - 1'; } --- 367,381 ---- { global $db; ! $sign = ($mode == 'delete') ? '- 1' : '+ 1'; $forum_update_sql = "forum_posts = forum_posts $sign"; $topic_update_sql = ''; ! if ($mode == 'delete') { ! if ($post_data['last_post']) { ! if ($post_data['first_post']) { $forum_update_sql .= ', forum_topics = forum_topics - 1'; } *************** *** 384,427 **** $sql = "SELECT MAX(post_id) AS last_post_id FROM " . POSTS_TABLE . " WHERE topic_id = $topic_id"; ! if ( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, 'Error in deleting post', '', __LINE__, __FILE__, $sql); } ! if ( $row = $db->sql_fetchrow($result) ) { $topic_update_sql .= ', topic_last_post_id = ' . $row['last_post_id']; } } ! if ( $post_data['last_topic'] ) { $sql = "SELECT MAX(post_id) AS last_post_id FROM " . POSTS_TABLE . " WHERE forum_id = $forum_id"; ! if ( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, 'Error in deleting post', '', __LINE__, __FILE__, $sql); } ! if ( $row = $db->sql_fetchrow($result) ) { ! $forum_update_sql .= ( $row['last_post_id'] ) ? ', forum_last_post_id = ' . $row['last_post_id'] : ', forum_last_post_id = 0'; } } } ! else if ( $post_data['first_post'] ) { $sql = "SELECT MIN(post_id) AS first_post_id FROM " . POSTS_TABLE . " WHERE topic_id = $topic_id"; ! if ( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, 'Error in deleting post', '', __LINE__, __FILE__, $sql); } ! if ( $row = $db->sql_fetchrow($result) ) { $topic_update_sql .= 'topic_replies = topic_replies - 1, topic_first_post_id = ' . $row['first_post_id']; } --- 387,430 ---- $sql = "SELECT MAX(post_id) AS last_post_id FROM " . POSTS_TABLE . " WHERE topic_id = $topic_id"; ! if (!($result = $db->sql_query($sql))) { message_die(GENERAL_ERROR, 'Error in deleting post', '', __LINE__, __FILE__, $sql); } ! if ($row = $db->sql_fetchrow($result)) { $topic_update_sql .= ', topic_last_post_id = ' . $row['last_post_id']; } } ! if ($post_data['last_topic']) { $sql = "SELECT MAX(post_id) AS last_post_id FROM " . POSTS_TABLE . " WHERE forum_id = $forum_id"; ! if (!($result = $db->sql_query($sql))) { message_die(GENERAL_ERROR, 'Error in deleting post', '', __LINE__, __FILE__, $sql); } ! if ($row = $db->sql_fetchrow($result)) { ! $forum_update_sql .= ($row['last_post_id']) ? ', forum_last_post_id = ' . $row['last_post_id'] : ', forum_last_post_id = 0'; } } } ! else if ($post_data['first_post']) { $sql = "SELECT MIN(post_id) AS first_post_id FROM " . POSTS_TABLE . " WHERE topic_id = $topic_id"; ! if (!($result = $db->sql_query($sql))) { message_die(GENERAL_ERROR, 'Error in deleting post', '', __LINE__, __FILE__, $sql); } ! if ($row = $db->sql_fetchrow($result)) { $topic_update_sql .= 'topic_replies = topic_replies - 1, topic_first_post_id = ' . $row['first_post_id']; } *************** *** 431,440 **** $topic_update_sql .= 'topic_replies = topic_replies - 1'; } } ! else if ( $mode != 'poll_delete' ) { ! $forum_update_sql .= ", forum_last_post_id = $post_id" . ( ( $mode == 'newtopic' ) ? ", forum_topics = forum_topics $sign" : "" ); ! $topic_update_sql = "topic_last_post_id = $post_id" . ( ( $mode == 'reply' ) ? ", topic_replies = topic_replies $sign" : ", topic_first_post_id = $post_id" ); } else { --- 434,443 ---- $topic_update_sql .= 'topic_replies = topic_replies - 1'; } } ! else if ($mode != 'poll_delete') { ! $forum_update_sql .= ", forum_last_post_id = $post_id" . (($mode == 'newtopic') ? ", forum_topics = forum_topics $sign" : ""); ! $topic_update_sql = "topic_last_post_id = $post_id" . (($mode == 'reply') ? ", topic_replies = topic_replies $sign" : ", topic_first_post_id = $post_id"); } else { *************** *** 444,472 **** $sql = "UPDATE " . FORUMS_TABLE . " SET $forum_update_sql WHERE forum_id = $forum_id"; ! if ( !$db->sql_query($sql) ) { message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql); } ! if ( $topic_update_sql != '' ) { $sql = "UPDATE " . TOPICS_TABLE . " SET $topic_update_sql ! WHERE topic_id = $topic_id ! OR topic_moved_id = $topic_id"; ! if ( !$db->sql_query($sql) ) { message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql); } } ! if ( $mode != 'poll_delete' ) { $sql = "UPDATE " . USERS_TABLE . " SET user_posts = user_posts $sign WHERE user_id = $user_id"; ! if ( !$db->sql_query($sql, END_TRANSACTION) ) { message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql); } --- 447,474 ---- $sql = "UPDATE " . FORUMS_TABLE . " SET $forum_update_sql WHERE forum_id = $forum_id"; ! if (!$db->sql_query($sql)) { message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql); } ! if ($topic_update_sql != '') { $sql = "UPDATE " . TOPICS_TABLE . " SET $topic_update_sql ! WHERE topic_id = $topic_id"; ! if (!$db->sql_query($sql)) { message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql); } } ! if ($mode != 'poll_delete') { $sql = "UPDATE " . USERS_TABLE . " SET user_posts = user_posts $sign WHERE user_id = $user_id"; ! if (!$db->sql_query($sql, END_TRANSACTION)) { message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql); } *************** *** 483,522 **** global $board_config, $lang, $db, $phpbb_root_path, $phpEx; global $userdata, $user_ip; ! include($phpbb_root_path . 'includes/functions_search.'.$phpEx); ! ! if ( $mode != 'poll_delete' ) { $sql = "DELETE FROM " . POSTS_TABLE . " WHERE post_id = $post_id"; ! if ( !$db->sql_query($sql) ) { message_die(GENERAL_ERROR, 'Error in deleting post', '', __LINE__, __FILE__, $sql); } $sql = "DELETE FROM " . POSTS_TEXT_TABLE . " WHERE post_id = $post_id"; ! if ( !$db->sql_query($sql) ) { message_die(GENERAL_ERROR, 'Error in deleting post', '', __LINE__, __FILE__, $sql); } ! if ( $post_data['last_post'] ) { ! if ( $post_data['first_post'] ) { $forum_update_sql .= ', forum_topics = forum_topics - 1'; $sql = "DELETE FROM " . TOPICS_TABLE . " WHERE topic_id = $topic_id OR topic_moved_id = $topic_id"; ! if ( !$db->sql_query($sql) ) { message_die(GENERAL_ERROR, 'Error in deleting post', '', __LINE__, __FILE__, $sql); } $sql = "DELETE FROM " . TOPICS_WATCH_TABLE . " WHERE topic_id = $topic_id"; ! if ( !$db->sql_query($sql) ) { message_die(GENERAL_ERROR, 'Error in deleting post', '', __LINE__, __FILE__, $sql); } --- 485,524 ---- global $board_config, $lang, $db, $phpbb_root_path, $phpEx; global $userdata, $user_ip; ! if ($mode != 'poll_delete') { + include($phpbb_root_path . 'includes/functions_search.'.$phpEx); + $sql = "DELETE FROM " . POSTS_TABLE . " WHERE post_id = $post_id"; ! if (!$db->sql_query($sql)) { message_die(GENERAL_ERROR, 'Error in deleting post', '', __LINE__, __FILE__, $sql); } $sql = "DELETE FROM " . POSTS_TEXT_TABLE . " WHERE post_id = $post_id"; ! if (!$db->sql_query($sql)) { message_die(GENERAL_ERROR, 'Error in deleting post', '', __LINE__, __FILE__, $sql); } ! if ($post_data['last_post']) { ! if ($post_data['first_post']) { $forum_update_sql .= ', forum_topics = forum_topics - 1'; $sql = "DELETE FROM " . TOPICS_TABLE . " WHERE topic_id = $topic_id OR topic_moved_id = $topic_id"; ! if (!$db->sql_query($sql)) { message_die(GENERAL_ERROR, 'Error in deleting post', '', __LINE__, __FILE__, $sql); } $sql = "DELETE FROM " . TOPICS_WATCH_TABLE . " WHERE topic_id = $topic_id"; ! if (!$db->sql_query($sql)) { message_die(GENERAL_ERROR, 'Error in deleting post', '', __LINE__, __FILE__, $sql); } *************** *** 526,556 **** remove_search_post($post_id); } ! if ( $mode == 'poll_delete' || ( $mode == 'delete' && $post_data['first_post'] && $post_data['last_post'] ) && $post_data['has_poll'] && $post_data['edit_poll'] ) { $sql = "DELETE FROM " . VOTE_DESC_TABLE . " WHERE topic_id = $topic_id"; ! if ( !$db->sql_query($sql) ) { message_die(GENERAL_ERROR, 'Error in deleting poll', '', __LINE__, __FILE__, $sql); } $sql = "DELETE FROM " . VOTE_RESULTS_TABLE . " WHERE vote_id = $poll_id"; ! if ( !$db->sql_query($sql) ) { message_die(GENERAL_ERROR, 'Error in deleting poll', '', __LINE__, __FILE__, $sql); } $sql = "DELETE FROM " . VOTE_USERS_TABLE . " WHERE vote_id = $poll_id"; ! if ( !$db->sql_query($sql) ) { message_die(GENERAL_ERROR, 'Error in deleting poll', '', __LINE__, __FILE__, $sql); } } ! if ( $mode == 'delete' && $post_data['first_post'] && $post_data['last_post'] ) { $meta = ''; $message = $lang['Deleted']; --- 528,558 ---- remove_search_post($post_id); } ! if ($mode == 'poll_delete' || ($mode == 'delete' && $post_data['first_post'] && $post_data['last_post']) && $post_data['has_poll'] && $post_data['edit_poll']) { $sql = "DELETE FROM " . VOTE_DESC_TABLE . " WHERE topic_id = $topic_id"; ! if (!$db->sql_query($sql)) { message_die(GENERAL_ERROR, 'Error in deleting poll', '', __LINE__, __FILE__, $sql); } $sql = "DELETE FROM " . VOTE_RESULTS_TABLE . " WHERE vote_id = $poll_id"; ! if (!$db->sql_query($sql)) { message_die(GENERAL_ERROR, 'Error in deleting poll', '', __LINE__, __FILE__, $sql); } $sql = "DELETE FROM " . VOTE_USERS_TABLE . " WHERE vote_id = $poll_id"; ! if (!$db->sql_query($sql)) { message_die(GENERAL_ERROR, 'Error in deleting poll', '', __LINE__, __FILE__, $sql); } } ! if ($mode == 'delete' && $post_data['first_post'] && $post_data['last_post']) { $meta = ''; $message = $lang['Deleted']; *************** *** 558,564 **** else { $meta = ''; ! $message = ( ( $mode == 'poll_delete' ) ? $lang['Poll_delete'] : $lang['Deleted'] ) . '

' . sprintf($lang['Click_return_topic'], '', ''); } $message .= '

' . sprintf($lang['Click_return_forum'], '', ''); --- 560,566 ---- else { $meta = ''; ! $message = (($mode == 'poll_delete') ? $lang['Poll_delete'] : $lang['Deleted']) . '

' . sprintf($lang['Click_return_topic'], '', ''); } $message .= '

' . sprintf($lang['Click_return_forum'], '', ''); *************** *** 569,654 **** // // Handle user notification on new post // ! function user_notification($mode, &$post_data, &$forum_id, &$topic_id, &$post_id, &$notify_user) { global $board_config, $lang, $db, $phpbb_root_path, $phpEx; global $userdata, $user_ip; $current_time = time(); ! if ( $mode == 'delete' ) { ! $delete_sql = ( !$post_data['first_post'] && !$post_data['last_post'] ) ? " AND user_id = " . $userdata['user_id'] : ''; $sql = "DELETE FROM " . TOPICS_WATCH_TABLE . " WHERE topic_id = $topic_id" . $delete_sql; ! if ( !$db->sql_query($sql) ) { message_die(GENERAL_ERROR, 'Could not change topic notify data', '', __LINE__, __FILE__, $sql); } } else { ! if ( $mode == 'reply' ) { $sql = "SELECT ban_userid FROM " . BANLIST_TABLE; ! if ( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, 'Could not obtain banlist', '', __LINE__, __FILE__, $sql); } $user_id_sql = ''; ! while ( $row = $db->sql_fetchrow($result) ) { ! if ( isset($row['ban_userid']) ) { ! $user_id_sql = ', ' . $row['ban_userid']; } } ! $sql = "SELECT u.user_id, u.username, u.user_email, u.user_lang, t.topic_title ! FROM " . TOPICS_WATCH_TABLE . " tw, " . TOPICS_TABLE . " t, " . USERS_TABLE . " u WHERE tw.topic_id = $topic_id ! AND tw.user_id NOT IN (" . $userdata['user_id'] . ", " . ANONYMOUS . $user_id_sql . " ) AND tw.notify_status = " . TOPIC_WATCH_UN_NOTIFIED . " - AND t.topic_id = tw.topic_id AND u.user_id = tw.user_id"; ! if ( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, 'Could not obtain list of topic watchers', '', __LINE__, __FILE__, $sql); } - $orig_word = array(); - $replacement_word = array(); - obtain_word_list($orig_word, $replacement_word); - - include($phpbb_root_path . 'includes/emailer.'.$phpEx); - $emailer = new emailer($board_config['smtp_delivery']); - - $script_name = preg_replace('/^\/?(.*?)\/?$/', '\1', trim($board_config['script_path'])); - $script_name = ( $script_name != '' ) ? $script_name . '/viewtopic.'.$phpEx : 'viewtopic.'.$phpEx; - $server_name = trim($board_config['server_name']); - $server_protocol = ( $board_config['cookie_secure'] ) ? 'https://' : 'http://'; - $server_port = ( $board_config['server_port'] <> 80 ) ? ':' . trim($board_config['server_port']) . '/' : '/'; - - $email_headers = 'From: ' . $board_config['board_email'] . "\nReturn-Path: " . $board_config['board_email'] . "\n"; - $update_watched_sql = ''; ! if ( $row = $db->sql_fetchrow($result) ) { ! $topic_title = preg_replace($orig_word, $replacement_word, unprepare_message($row['topic_title'])); do { ! if ( $row['user_email'] != '' ) { ! $emailer->use_template('topic_notify', $row['user_lang']); ! $emailer->email_address($row['user_email']); ! $emailer->set_subject(); ! $emailer->extra_headers($email_headers); $emailer->assign_vars(array( ! 'EMAIL_SIG' => str_replace('
', "\n", "-- \n" . $board_config['board_email_sig']), ! 'USERNAME' => $row['username'], 'SITENAME' => $board_config['sitename'], 'TOPIC_TITLE' => $topic_title, --- 571,696 ---- // // Handle user notification on new post // ! function user_notification($mode, &$post_data, &$topic_title, &$forum_id, &$topic_id, &$post_id, &$notify_user) { global $board_config, $lang, $db, $phpbb_root_path, $phpEx; global $userdata, $user_ip; $current_time = time(); ! if ($mode == 'delete') { ! $delete_sql = (!$post_data['first_post'] && !$post_data['last_post']) ? " AND user_id = " . $userdata['user_id'] : ''; $sql = "DELETE FROM " . TOPICS_WATCH_TABLE . " WHERE topic_id = $topic_id" . $delete_sql; ! if (!$db->sql_query($sql)) { message_die(GENERAL_ERROR, 'Could not change topic notify data', '', __LINE__, __FILE__, $sql); } } else { ! if ($mode == 'reply') { $sql = "SELECT ban_userid FROM " . BANLIST_TABLE; ! if (!($result = $db->sql_query($sql))) { message_die(GENERAL_ERROR, 'Could not obtain banlist', '', __LINE__, __FILE__, $sql); } $user_id_sql = ''; ! while ($row = $db->sql_fetchrow($result)) { ! if (isset($row['ban_userid']) && !empty($row['ban_userid'])) { ! $user_id_sql .= ', ' . $row['ban_userid']; } } ! $sql = "SELECT u.user_id, u.user_email, u.user_lang ! FROM " . TOPICS_WATCH_TABLE . " tw, " . USERS_TABLE . " u WHERE tw.topic_id = $topic_id ! AND tw.user_id NOT IN (" . $userdata['user_id'] . ", " . ANONYMOUS . $user_id_sql . ") AND tw.notify_status = " . TOPIC_WATCH_UN_NOTIFIED . " AND u.user_id = tw.user_id"; ! if (!($result = $db->sql_query($sql))) { message_die(GENERAL_ERROR, 'Could not obtain list of topic watchers', '', __LINE__, __FILE__, $sql); } $update_watched_sql = ''; ! $bcc_list_ary = array(); ! ! if ($row = $db->sql_fetchrow($result)) { ! // Sixty second limit ! @set_time_limit(60); do { ! if ($row['user_email'] != '') { ! $bcc_list_ary[$row['user_lang']][] = $row['user_email']; ! } ! $update_watched_sql .= ($update_watched_sql != '') ? ', ' . $row['user_id'] : $row['user_id']; ! } ! while ($row = $db->sql_fetchrow($result)); ! ! // ! // Let's do some checking to make sure that mass mail functions ! // are working in win32 versions of php. ! // ! if (preg_match('/[c-z]:\\\.*/i', getenv('PATH')) && !$board_config['smtp_delivery']) ! { ! $ini_val = (@phpversion() >= '4.0.0') ? 'ini_get' : 'get_cfg_var'; ! ! // We are running on windows, force delivery to use our smtp functions ! // since php's are broken by default ! $board_config['smtp_delivery'] = 1; ! $board_config['smtp_host'] = @$ini_val('SMTP'); ! } ! ! if (sizeof($bcc_list_ary)) ! { ! include($phpbb_root_path . 'includes/emailer.'.$phpEx); ! $emailer = new emailer($board_config['smtp_delivery']); ! ! $script_name = preg_replace('/^\/?(.*?)\/?$/', '\1', trim($board_config['script_path'])); ! $script_name = ($script_name != '') ? $script_name . '/viewtopic.'.$phpEx : 'viewtopic.'.$phpEx; ! $server_name = trim($board_config['server_name']); ! $server_protocol = ($board_config['cookie_secure']) ? 'https://' : 'http://'; ! $server_port = ($board_config['server_port'] <> 80) ? ':' . trim($board_config['server_port']) . '/' : '/'; ! ! $orig_word = array(); ! $replacement_word = array(); ! obtain_word_list($orig_word, $replacement_word); ! ! $emailer->from($board_config['board_email']); ! $emailer->replyto($board_config['board_email']); ! ! $topic_title = (count($orig_word)) ? preg_replace($orig_word, $replacement_word, unprepare_message($topic_title)) : unprepare_message($topic_title); ! ! @reset($bcc_list_ary); ! while (list($user_lang, $bcc_list) = each($bcc_list_ary)) ! { ! $emailer->use_template('topic_notify', $user_lang); ! ! for ($i = 0; $i < count($bcc_list); $i++) ! { ! $emailer->bcc($bcc_list[$i]); ! } ! ! // The Topic_reply_notification lang string below will be used ! // if for some reason the mail template subject cannot be read ! // ... note it will not necessarily be in the posters own language! ! $emailer->set_subject($lang['Topic_reply_notification']); ! ! // This is a nasty kludge to remove the username var ... till (if?) ! // translators update their templates ! $emailer->msg = preg_replace('#[ ]?{USERNAME}#', '', $emailer->msg); $emailer->assign_vars(array( ! 'EMAIL_SIG' => (!empty($board_config['board_email_sig'])) ? str_replace('
', "\n", "-- \n" . $board_config['board_email_sig']) : '', 'SITENAME' => $board_config['sitename'], 'TOPIC_TITLE' => $topic_title, *************** *** 658,671 **** $emailer->send(); $emailer->reset(); - - $update_watched_sql .= ( $update_watched_sql != '' ) ? ', ' . $row['user_id'] : $row['user_id']; } } - while ( $row = $db->sql_fetchrow($result) ); } ! if ( $update_watched_sql != '' ) { $sql = "UPDATE " . TOPICS_WATCH_TABLE . " SET notify_status = " . TOPIC_WATCH_NOTIFIED . " --- 700,711 ---- $emailer->send(); $emailer->reset(); } } } + $db->sql_freeresult($result); ! if ($update_watched_sql != '') { $sql = "UPDATE " . TOPICS_WATCH_TABLE . " SET notify_status = " . TOPIC_WATCH_NOTIFIED . " *************** *** 679,706 **** FROM " . TOPICS_WATCH_TABLE . " WHERE topic_id = $topic_id AND user_id = " . $userdata['user_id']; ! if ( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, 'Could not obtain topic watch information', '', __LINE__, __FILE__, $sql); } $row = $db->sql_fetchrow($result); ! if ( !$notify_user && !empty($row['topic_id']) ) { $sql = "DELETE FROM " . TOPICS_WATCH_TABLE . " WHERE topic_id = $topic_id AND user_id = " . $userdata['user_id']; ! if ( !$db->sql_query($sql) ) { message_die(GENERAL_ERROR, 'Could not delete topic watch information', '', __LINE__, __FILE__, $sql); } } ! else if ( $notify_user && empty($row['topic_id']) ) { $sql = "INSERT INTO " . TOPICS_WATCH_TABLE . " (user_id, topic_id, notify_status) VALUES (" . $userdata['user_id'] . ", $topic_id, 0)"; ! if ( !$db->sql_query($sql) ) { message_die(GENERAL_ERROR, 'Could not insert topic watch information', '', __LINE__, __FILE__, $sql); } --- 719,746 ---- FROM " . TOPICS_WATCH_TABLE . " WHERE topic_id = $topic_id AND user_id = " . $userdata['user_id']; ! if (!($result = $db->sql_query($sql))) { message_die(GENERAL_ERROR, 'Could not obtain topic watch information', '', __LINE__, __FILE__, $sql); } $row = $db->sql_fetchrow($result); ! if (!$notify_user && !empty($row['topic_id'])) { $sql = "DELETE FROM " . TOPICS_WATCH_TABLE . " WHERE topic_id = $topic_id AND user_id = " . $userdata['user_id']; ! if (!$db->sql_query($sql)) { message_die(GENERAL_ERROR, 'Could not delete topic watch information', '', __LINE__, __FILE__, $sql); } } ! else if ($notify_user && empty($row['topic_id'])) { $sql = "INSERT INTO " . TOPICS_WATCH_TABLE . " (user_id, topic_id, notify_status) VALUES (" . $userdata['user_id'] . ", $topic_id, 0)"; ! if (!$db->sql_query($sql)) { message_die(GENERAL_ERROR, 'Could not insert topic watch information', '', __LINE__, __FILE__, $sql); } *************** *** 722,735 **** $inline_rows = 5; $window_columns = 8; ! if ( $mode == 'window' ) { $userdata = session_pagestart($user_ip, $page_id); init_userprefs($userdata); $gen_simple_header = TRUE; ! $page_title = $lang['Review_topic'] . " - $topic_title"; include($phpbb_root_path . 'includes/page_header.'.$phpEx); $template->set_filenames(array( --- 762,775 ---- $inline_rows = 5; $window_columns = 8; ! if ($mode == 'window') { $userdata = session_pagestart($user_ip, $page_id); init_userprefs($userdata); $gen_simple_header = TRUE; ! $page_title = $lang['Emoticons'] . " - $topic_title"; include($phpbb_root_path . 'includes/page_header.'.$phpEx); $template->set_filenames(array( *************** *** 740,771 **** $sql = "SELECT emoticon, code, smile_url FROM " . SMILIES_TABLE . " ORDER BY smilies_id"; ! if ( $result = $db->sql_query($sql) ) { $num_smilies = 0; $rowset = array(); ! while ( $row = $db->sql_fetchrow($result) ) { ! if ( empty($rowset[$row['smile_url']]) ) { ! $rowset[$row['smile_url']]['code'] = str_replace('\\', '\\\\', str_replace("'", "\\'", $row['code'])); $rowset[$row['smile_url']]['emoticon'] = $row['emoticon']; $num_smilies++; } } ! if ( $num_smilies ) { ! $smilies_count = ( $mode == 'inline' ) ? min(19, $num_smilies) : $num_smilies; ! $smilies_split_row = ( $mode == 'inline' ) ? $inline_columns - 1 : $window_columns - 1; $s_colspan = 0; $row = 0; $col = 0; ! while ( list($smile_url, $data) = @each($rowset) ) { ! if ( !$col ) { $template->assign_block_vars('smilies_row', array()); } --- 780,811 ---- $sql = "SELECT emoticon, code, smile_url FROM " . SMILIES_TABLE . " ORDER BY smilies_id"; ! if ($result = $db->sql_query($sql)) { $num_smilies = 0; $rowset = array(); ! while ($row = $db->sql_fetchrow($result)) { ! if (empty($rowset[$row['smile_url']])) { ! $rowset[$row['smile_url']]['code'] = str_replace("'", "\\'", str_replace('\\', '\\\\', $row['code'])); $rowset[$row['smile_url']]['emoticon'] = $row['emoticon']; $num_smilies++; } } ! if ($num_smilies) { ! $smilies_count = ($mode == 'inline') ? min(19, $num_smilies) : $num_smilies; ! $smilies_split_row = ($mode == 'inline') ? $inline_columns - 1 : $window_columns - 1; $s_colspan = 0; $row = 0; $col = 0; ! while (list($smile_url, $data) = @each($rowset)) { ! if (!$col) { $template->assign_block_vars('smilies_row', array()); } *************** *** 778,786 **** $s_colspan = max($s_colspan, $col + 1); ! if ( $col == $smilies_split_row ) { ! if ( $mode == 'inline' && $row == $inline_rows - 1 ) { break; } --- 818,826 ---- $s_colspan = max($s_colspan, $col + 1); ! if ($col == $smilies_split_row) { ! if ($mode == 'inline' && $row == $inline_rows - 1) { break; } *************** *** 793,799 **** } } ! if ( $mode == 'inline' && $num_smilies > $inline_rows * $inline_columns ) { $template->assign_block_vars('switch_smilies_extra', array()); --- 833,839 ---- } } ! if ($mode == 'inline' && $num_smilies > $inline_rows * $inline_columns) { $template->assign_block_vars('switch_smilies_extra', array()); *************** *** 811,817 **** } } ! if ( $mode == 'window' ) { $template->pparse('smiliesbody'); --- 851,857 ---- } } ! if ($mode == 'window') { $template->pparse('smiliesbody'); *************** *** 819,822 **** } } ! ?> --- 859,862 ---- } } ! ?> \ No newline at end of file diff -crN phpbb201/includes/functions_search.php phpbb2017/includes/functions_search.php *** phpbb201/includes/functions_search.php Sat Jul 10 20:16:15 2004 --- phpbb2017/includes/functions_search.php Tue Jul 19 22:14:56 2005 *************** *** 3,12 **** * functions_search.php * ------------------- * begin : Wed Sep 05 2001 ! * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: functions_search.php,v 1.8.2.5 2002/05/13 13:27:12 psotfx Exp $ * ****************************************************************************/ --- 3,12 ---- * functions_search.php * ------------------- * begin : Wed Sep 05 2001 ! * copyright : (C) 2002 The phpBB Group * email : support@phpbb.com * ! * $Id: functions_search.php,v 1.8.2.19 2004/11/18 17:49:45 acydburn Exp $ * ****************************************************************************/ *************** *** 58,64 **** $entry = str_replace('*', ' ', $entry); // 'words' that consist of <3 or >20 characters are removed. ! $entry = preg_replace('/\b([a-z0-9]{1,2}|[a-z0-9]{21,})\b/',' ', $entry); } if ( !empty($stopword_list) ) --- 58,64 ---- $entry = str_replace('*', ' ', $entry); // 'words' that consist of <3 or >20 characters are removed. ! $entry = preg_replace('/[ ]([\S]{1,2}|[\S]{21,})[ ]/',' ', $entry); } if ( !empty($stopword_list) ) *************** *** 69,75 **** if ( $mode == 'post' || ( $stopword != 'not' && $stopword != 'and' && $stopword != 'or' ) ) { ! $entry = preg_replace('#\b' . preg_quote($stopword) . '\b#', ' ', $entry); } } } --- 69,75 ---- if ( $mode == 'post' || ( $stopword != 'not' && $stopword != 'and' && $stopword != 'or' ) ) { ! $entry = str_replace(' ' . trim($stopword) . ' ', ' ', $entry); } } } *************** *** 81,87 **** list($replace_synonym, $match_synonym) = split(' ', trim(strtolower($synonym_list[$j]))); if ( $mode == 'post' || ( $match_synonym != 'not' && $match_synonym != 'and' && $match_synonym != 'or' ) ) { ! $entry = preg_replace('#\b' . trim($match_synonym) . '\b#', ' ' . trim($replace_synonym) . ' ', $entry); } } } --- 81,87 ---- list($replace_synonym, $match_synonym) = split(' ', trim(strtolower($synonym_list[$j]))); if ( $mode == 'post' || ( $match_synonym != 'not' && $match_synonym != 'and' && $match_synonym != 'or' ) ) { ! $entry = str_replace(' ' . trim($match_synonym) . ' ', ' ' . trim($replace_synonym) . ' ', $entry); } } } *************** *** 91,113 **** function split_words(&$entry, $mode = 'post') { ! $rex = ( $mode == 'post' ) ? "/\b(\w[\w']*\w+|\w+?)\b/" : '/(\*?[à-ÿa-z0-9]+\*?)|\b([à-ÿa-z0-9]+)\b/'; preg_match_all($rex, $entry, $split_entries); return $split_entries[1]; } ! function add_search_words($post_id, $post_text, $post_title = '') { global $db, $phpbb_root_path, $board_config, $lang; ! $stopwords_array = @file($phpbb_root_path . 'language/lang_' . $board_config['default_lang'] . "/search_stopwords.txt"); $synonym_array = @file($phpbb_root_path . 'language/lang_' . $board_config['default_lang'] . "/search_synonyms.txt"); $search_raw_words = array(); $search_raw_words['text'] = split_words(clean_words('post', $post_text, $stopword_array, $synonym_array)); $search_raw_words['title'] = split_words(clean_words('post', $post_title, $stopword_array, $synonym_array)); $word = array(); $word_insert_sql = array(); while ( list($word_in, $search_matches) = @each($search_raw_words) ) --- 91,120 ---- function split_words(&$entry, $mode = 'post') { ! // If you experience problems with the new method, uncomment this block. ! /* ! $rex = ( $mode == 'post' ) ? "/\b([\w±µ-ÿ][\w±µ-ÿ']*[\w±µ-ÿ]+|[\w±µ-ÿ]+?)\b/" : '/(\*?[a-z0-9±µ-ÿ]+\*?)|\b([a-z0-9±µ-ÿ]+)\b/'; preg_match_all($rex, $entry, $split_entries); return $split_entries[1]; + */ + // Trim 1+ spaces to one space and split this trimmed string into words. + return explode(' ', trim(preg_replace('#\s+#', ' ', $entry))); } ! function add_search_words($mode, $post_id, $post_text, $post_title = '') { global $db, $phpbb_root_path, $board_config, $lang; ! $stopword_array = @file($phpbb_root_path . 'language/lang_' . $board_config['default_lang'] . "/search_stopwords.txt"); $synonym_array = @file($phpbb_root_path . 'language/lang_' . $board_config['default_lang'] . "/search_synonyms.txt"); $search_raw_words = array(); $search_raw_words['text'] = split_words(clean_words('post', $post_text, $stopword_array, $synonym_array)); $search_raw_words['title'] = split_words(clean_words('post', $post_title, $stopword_array, $synonym_array)); + @set_time_limit(0); + $word = array(); $word_insert_sql = array(); while ( list($word_in, $search_matches) = @each($search_raw_words) ) *************** *** 191,196 **** --- 198,204 ---- $value_sql .= ( ( $value_sql != '' ) ? ', ' : '' ) . '(\'' . $word[$i] . '\', 0)'; break; case 'mssql': + case 'mssql-odbc': $value_sql .= ( ( $value_sql != '' ) ? ' UNION ALL ' : '' ) . "SELECT '" . $word[$i] . "', 0"; break; default: *************** *** 215,220 **** --- 223,229 ---- VALUES $value_sql"; break; case 'mssql': + case 'mssql-odbc': $sql = "INSERT INTO " . SEARCH_WORD_TABLE . " (word_text, word_common) $value_sql"; break; *************** *** 244,252 **** } } ! if ( $mode == 'single' ) { ! remove_common('single', 0.4, $word); } return; --- 253,261 ---- } } ! if ($mode == 'single') { ! remove_common('single', 4/10, $word); } return; *************** *** 259,265 **** { global $db; ! $sql = ( $mode == 'global' ) ? "SELECT COUNT(post_id) AS total_posts FROM " . SEARCH_MATCH_TABLE . " GROUP BY post_id" : "SELECT SUM(forum_posts) AS total_posts FROM " . FORUMS_TABLE; if ( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, 'Could not obtain post count', '', __LINE__, __FILE__, $sql); --- 268,275 ---- { global $db; ! $sql = "SELECT COUNT(post_id) AS total_posts ! FROM " . POSTS_TABLE; if ( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, 'Could not obtain post count', '', __LINE__, __FILE__, $sql); *************** *** 325,331 **** } } ! return $word_count; } function remove_search_post($post_id_sql) --- 335,341 ---- } } ! return; } function remove_search_post($post_id_sql) *************** *** 425,435 **** $username_list = ''; if ( !empty($search_match) ) { ! $username_search = preg_replace('/\*/', '%', trim(strip_tags($search_match))); $sql = "SELECT username FROM " . USERS_TABLE . " ! WHERE username LIKE '" . str_replace("\'", "''", $username_search) . "' ORDER BY username"; if ( !($result = $db->sql_query($sql)) ) { --- 435,445 ---- $username_list = ''; if ( !empty($search_match) ) { ! $username_search = preg_replace('/\*/', '%', phpbb_clean_username($search_match)); $sql = "SELECT username FROM " . USERS_TABLE . " ! WHERE username LIKE '" . str_replace("\'", "''", $username_search) . "' AND user_id <> " . ANONYMOUS . " ORDER BY username"; if ( !($result = $db->sql_query($sql)) ) { *************** *** 459,465 **** ); $template->assign_vars(array( ! 'USERNAME' => ( !empty($search_match) ) ? $search_match : '', 'L_CLOSE_WINDOW' => $lang['Close_window'], 'L_SEARCH_USERNAME' => $lang['Find_username'], --- 469,475 ---- ); $template->assign_vars(array( ! 'USERNAME' => (!empty($search_match)) ? phpbb_clean_username($search_match) : '', 'L_CLOSE_WINDOW' => $lang['Close_window'], 'L_SEARCH_USERNAME' => $lang['Find_username'], diff -crN phpbb201/includes/functions_selects.php phpbb2017/includes/functions_selects.php *** phpbb201/includes/functions_selects.php Sat Jul 10 20:16:16 2004 --- phpbb2017/includes/functions_selects.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: functions_selects.php,v 1.3 2002/03/18 23:53:12 psotfx Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: functions_selects.php,v 1.3.2.5 2005/05/06 20:50:11 acydburn Exp $ * * ***************************************************************************/ *************** *** 26,39 **** // function language_select($default, $select_name = "language", $dirname="language") { ! global $phpEx; ! $dir = opendir($dirname); $lang = array(); while ( $file = readdir($dir) ) { ! if ( ereg("^lang_", $file) && !is_file($dirname . "/" . $file) && !is_link($dirname . "/" . $file) ) { $filename = trim(str_replace("lang_", "", $file)); $displayname = preg_replace("/^(.*?)_(.*)$/", "\\1 [ \\2 ]", $filename); --- 26,39 ---- // function language_select($default, $select_name = "language", $dirname="language") { ! global $phpEx, $phpbb_root_path; ! $dir = opendir($phpbb_root_path . $dirname); $lang = array(); while ( $file = readdir($dir) ) { ! if (preg_match('#^lang_#i', $file) && !is_file(@phpbb_realpath($phpbb_root_path . $dirname . '/' . $file)) && !is_link(@phpbb_realpath($phpbb_root_path . $dirname . '/' . $file))) { $filename = trim(str_replace("lang_", "", $file)); $displayname = preg_replace("/^(.*?)_(.*)$/", "\\1 [ \\2 ]", $filename); diff -crN phpbb201/includes/functions_validate.php phpbb2017/includes/functions_validate.php *** phpbb201/includes/functions_validate.php Sat Jul 10 20:16:16 2004 --- phpbb2017/includes/functions_validate.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: functions_validate.php,v 1.6.2.1 2002/04/07 15:37:02 psotfx Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: functions_validate.php,v 1.6.2.13 2005/07/19 20:01:15 acydburn Exp $ * * ***************************************************************************/ *************** *** 18,24 **** * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * - * ***************************************************************************/ // --- 18,23 ---- *************** *** 30,90 **** { global $db, $lang, $userdata; ! $username = str_replace("\'", "''", $username); ! $sql = "SELECT username FROM " . USERS_TABLE . " WHERE LOWER(username) = '" . strtolower($username) . "'"; ! if ( $result = $db->sql_query($sql) ) { ! if ( $row = $db->sql_fetchrow($result) ) { ! if ( ( $userdata['session_logged_in'] && $row['username'] != $userdata['username'] ) || !$userdata['session_logged_in'] ) { return array('error' => true, 'error_msg' => $lang['Username_taken']); } } } $sql = "SELECT group_name FROM " . GROUPS_TABLE . " WHERE LOWER(group_name) = '" . strtolower($username) . "'"; ! if ( $result = $db->sql_query($sql) ) { ! if ( $row = $db->sql_fetchrow($result) ) { return array('error' => true, 'error_msg' => $lang['Username_taken']); } } $sql = "SELECT disallow_username FROM " . DISALLOW_TABLE; ! if ( $result = $db->sql_query($sql) ) { ! while( $row = $db->sql_fetchrow($result) ) { ! if ( preg_match("#\b(" . str_replace("\*", ".*?", preg_quote($row['disallow_username'])) . ")\b#i", $username) ) { ! return array('error' => true, 'error_msg' => $lang['Username_disallowed']); } } } $sql = "SELECT word FROM " . WORDS_TABLE; ! if ( $result = $db->sql_query($sql) ) { ! while( $row = $db->sql_fetchrow($result) ) { ! if ( preg_match("#\b(" . str_replace("\*", ".*?", preg_quote($row['word'])) . ")\b#i", $username) ) { ! return array('error' => true, 'error_msg' => $lang['Username_disallowed']); } } } ! // Don't allow " in username. ! if ( strstr($username, '"') ) { return array('error' => true, 'error_msg' => $lang['Username_invalid']); } --- 29,107 ---- { global $db, $lang, $userdata; ! // Remove doubled up spaces ! $username = preg_replace('#\s+#', ' ', trim($username)); ! $username = phpbb_clean_username($username); ! $sql = "SELECT username FROM " . USERS_TABLE . " WHERE LOWER(username) = '" . strtolower($username) . "'"; ! if ($result = $db->sql_query($sql)) { ! if ($row = $db->sql_fetchrow($result)) { ! if (($userdata['session_logged_in'] && $row['username'] != $userdata['username']) || !$userdata['session_logged_in']) { + $db->sql_freeresult($result); return array('error' => true, 'error_msg' => $lang['Username_taken']); } } } + $db->sql_freeresult($result); $sql = "SELECT group_name FROM " . GROUPS_TABLE . " WHERE LOWER(group_name) = '" . strtolower($username) . "'"; ! if ($result = $db->sql_query($sql)) { ! if ($row = $db->sql_fetchrow($result)) { + $db->sql_freeresult($result); return array('error' => true, 'error_msg' => $lang['Username_taken']); } } + $db->sql_freeresult($result); $sql = "SELECT disallow_username FROM " . DISALLOW_TABLE; ! if ($result = $db->sql_query($sql)) { ! if ($row = $db->sql_fetchrow($result)) { ! do { ! if (preg_match("#\b(" . str_replace("\*", ".*?", phpbb_preg_quote($row['disallow_username'], '#')) . ")\b#i", $username)) ! { ! $db->sql_freeresult($result); ! return array('error' => true, 'error_msg' => $lang['Username_disallowed']); ! } } + while($row = $db->sql_fetchrow($result)); } } + $db->sql_freeresult($result); $sql = "SELECT word FROM " . WORDS_TABLE; ! if ($result = $db->sql_query($sql)) { ! if ($row = $db->sql_fetchrow($result)) { ! do { ! if (preg_match("#\b(" . str_replace("\*", ".*?", phpbb_preg_quote($row['word'], '#')) . ")\b#i", $username)) ! { ! $db->sql_freeresult($result); ! return array('error' => true, 'error_msg' => $lang['Username_disallowed']); ! } } + while ($row = $db->sql_fetchrow($result)); } } + $db->sql_freeresult($result); ! // Don't allow " and ALT-255 in username. ! if (strstr($username, '"') || strstr($username, '"') || strstr($username, chr(160))) { return array('error' => true, 'error_msg' => $lang['Username_invalid']); } *************** *** 100,135 **** { global $db, $lang; ! if ( $email != '' ) { ! if ( preg_match('/^[a-z0-9\.\-_\+]+@[a-z0-9\-_]+\.([a-z0-9\-_]+\.)*?[a-z]+$/is', $email) ) { $sql = "SELECT ban_email FROM " . BANLIST_TABLE; ! if ( $result = $db->sql_query($sql) ) { ! while( $row = $db->sql_fetchrow($result) ) { ! $match_email = str_replace('*', '.*?', $row['ban_email']); ! if ( preg_match('/^' . $match_email . '$/is', $email) ) { ! return array('error' => true, 'error_msg' => $lang['Email_banned']); } } } $sql = "SELECT user_email FROM " . USERS_TABLE . " WHERE user_email = '" . str_replace("\'", "''", $email) . "'"; ! if ( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, "Couldn't obtain user email information.", "", __LINE__, __FILE__, $sql); } ! ! if ( $row = $db->sql_fetchrow($result) ) { return array('error' => true, 'error_msg' => $lang['Email_taken']); } return array('error' => false, 'error_msg' => ''); } --- 117,159 ---- { global $db, $lang; ! if ($email != '') { ! if (preg_match('/^[a-z0-9&\'\.\-_\+]+@[a-z0-9\-]+\.([a-z0-9\-]+\.)*?[a-z]+$/is', $email)) { $sql = "SELECT ban_email FROM " . BANLIST_TABLE; ! if ($result = $db->sql_query($sql)) { ! if ($row = $db->sql_fetchrow($result)) { ! do { ! $match_email = str_replace('*', '.*?', $row['ban_email']); ! if (preg_match('/^' . $match_email . '$/is', $email)) ! { ! $db->sql_freeresult($result); ! return array('error' => true, 'error_msg' => $lang['Email_banned']); ! } } + while($row = $db->sql_fetchrow($result)); } } + $db->sql_freeresult($result); $sql = "SELECT user_email FROM " . USERS_TABLE . " WHERE user_email = '" . str_replace("\'", "''", $email) . "'"; ! if (!($result = $db->sql_query($sql))) { message_die(GENERAL_ERROR, "Couldn't obtain user email information.", "", __LINE__, __FILE__, $sql); } ! ! if ($row = $db->sql_fetchrow($result)) { return array('error' => true, 'error_msg' => $lang['Email_taken']); } + $db->sql_freeresult($result); return array('error' => false, 'error_msg' => ''); } *************** *** 148,175 **** for($i = 0; $i < count($check_var_length); $i++) { ! if ( strlen($$check_var_length[$i]) < 2 ) { $$check_var_length[$i] = ''; } } // ICQ number has to be only numbers. ! if ( !preg_match('/^[0-9]+$/', $icq) ) { $icq = ''; } // website has to start with http://, followed by something with length at least 3 that // contains at least one dot. ! if ( $website != "" ) { ! if ( !preg_match('#^http:\/\/#i', $website) ) { $website = 'http://' . $website; } ! if ( !preg_match('#^http\\:\\/\\/[a-z0-9\-]+\.([a-z0-9\-]+\.)?[a-z]+#i', $website) ) { $website = ''; } --- 172,199 ---- for($i = 0; $i < count($check_var_length); $i++) { ! if (strlen($$check_var_length[$i]) < 2) { $$check_var_length[$i] = ''; } } // ICQ number has to be only numbers. ! if (!preg_match('/^[0-9]+$/', $icq)) { $icq = ''; } // website has to start with http://, followed by something with length at least 3 that // contains at least one dot. ! if ($website != "") { ! if (!preg_match('#^http[s]?:\/\/#i', $website)) { $website = 'http://' . $website; } ! if (!preg_match('#^http[s]?\\:\\/\\/[a-z0-9\-]+\.([a-z0-9\-]+\.)?[a-z]+#i', $website)) { $website = ''; } *************** *** 178,181 **** return; } ! ?> --- 202,205 ---- return; } ! ?> \ No newline at end of file diff -crN phpbb201/includes/page_header.php phpbb2017/includes/page_header.php *** phpbb201/includes/page_header.php Sat Jul 10 20:16:15 2004 --- phpbb2017/includes/page_header.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: page_header.php,v 1.106.2.3 2002/05/12 00:47:41 psotfx Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: page_header.php,v 1.106.2.24 2005/03/26 14:15:59 acydburn Exp $ * * ***************************************************************************/ *************** *** 35,41 **** { $phpver = phpversion(); ! if ( $phpver >= '4.0.4pl1' && strstr($HTTP_USER_AGENT,'compatible') ) { if ( extension_loaded('zlib') ) { --- 35,43 ---- { $phpver = phpversion(); ! $useragent = (isset($HTTP_SERVER_VARS['HTTP_USER_AGENT'])) ? $HTTP_SERVER_VARS['HTTP_USER_AGENT'] : getenv('HTTP_USER_AGENT'); ! ! if ( $phpver >= '4.0.4pl1' && ( strstr($useragent,'compatible') || strstr($useragent,'Gecko') ) ) { if ( extension_loaded('zlib') ) { *************** *** 70,76 **** // if ( $userdata['session_logged_in'] ) { ! $u_login_logout = 'login.'.$phpEx.'?logout=true'; $l_login_logout = $lang['Logout'] . ' [ ' . $userdata['username'] . ' ]'; } else --- 72,78 ---- // if ( $userdata['session_logged_in'] ) { ! $u_login_logout = 'login.'.$phpEx.'?logout=true&sid=' . $userdata['session_id']; $l_login_logout = $lang['Logout'] . ' [ ' . $userdata['username'] . ' ]'; } else *************** *** 85,266 **** // Get basic (usernames + totals) online // situation // - $user_forum_sql = ( !empty($forum_id) ) ? "AND s.session_page = $forum_id" : ''; - $sql = "SELECT u.username, u.user_id, u.user_allow_viewonline, u.user_level, s.session_logged_in, s.session_ip - FROM ".USERS_TABLE." u, ".SESSIONS_TABLE." s - WHERE u.user_id = s.session_user_id - AND s.session_time >= ".( time() - 300 ) . " - $user_forum_sql - ORDER BY u.username ASC, s.session_ip ASC"; - if( !($result = $db->sql_query($sql)) ) - { - message_die(GENERAL_ERROR, 'Could not obtain user/online information', '', __LINE__, __FILE__, $sql); - } - - $userlist_ary = array(); - $userlist_visible = array(); - $logged_visible_online = 0; $logged_hidden_online = 0; $guests_online = 0; $online_userlist = ''; ! $prev_user_id = 0; ! $prev_user_ip = ''; ! ! while( $row = $db->sql_fetchrow($result) ) { ! // User is logged in and therefor not a guest ! if ( $row['session_logged_in'] ) { ! // Skip multiple sessions for one user ! if ( $row['user_id'] != $prev_user_id ) { ! $style_color = ''; ! if ( $row['user_level'] == ADMIN ) ! { ! $row['username'] = '' . $row['username'] . ''; ! $style_color = 'style="color:#' . $theme['fontcolor3'] . '"'; ! } ! else if ( $row['user_level'] == MOD ) { ! $row['username'] = '' . $row['username'] . ''; ! $style_color = 'style="color:#' . $theme['fontcolor2'] . '"'; } ! if ( $row['user_allow_viewonline'] ) ! { ! $user_online_link = '' . $row['username'] . ''; ! $logged_visible_online++; ! } ! else ! { ! $user_online_link = '' . $row['username'] . ''; ! $logged_hidden_online++; ! } ! ! if ( $row['user_allow_viewonline'] || $userdata['user_level'] == ADMIN ) { ! $online_userlist .= ( $online_userlist != '' ) ? ', ' . $user_online_link : $user_online_link; } } ! $prev_user_id = $row['user_id']; } ! else { ! // Skip multiple sessions for one user ! if ( $row['session_ip'] != $prev_session_ip ) ! { ! $guests_online++; ! } } ! $prev_session_ip = $row['session_ip']; ! } ! if ( empty($online_userlist) ) ! { ! $online_userlist = $lang['None']; ! } ! $online_userlist = ( ( isset($forum_id) ) ? $lang['Browsing_forum'] : $lang['Registered_users'] ) . ' ' . $online_userlist; ! $total_online_users = $logged_visible_online + $logged_hidden_online + $guests_online; ! if ( $total_online_users > $board_config['record_online_users']) ! { ! $board_config['record_online_users'] = $total_online_users; ! $board_config['record_online_date'] = time(); ! $sql = "UPDATE " . CONFIG_TABLE . " ! SET config_value = '$total_online_users' ! WHERE config_name = 'record_online_users'"; ! if ( !$db->sql_query($sql) ) { ! message_die(GENERAL_ERROR, 'Could not update online user record (nr of users)', '', __LINE__, __FILE__, $sql); } ! ! $sql = "UPDATE " . CONFIG_TABLE . " ! SET config_value = '" . $board_config['record_online_date'] . "' ! WHERE config_name = 'record_online_date'"; ! if ( !$db->sql_query($sql) ) { ! message_die(GENERAL_ERROR, 'Could not update online user record (date)', '', __LINE__, __FILE__, $sql); } - } ! if ( $total_online_users == 0 ) ! { ! $l_t_user_s = $lang['Online_users_zero_total']; ! } ! else if ( $total_online_users == 1 ) ! { ! $l_t_user_s = $lang['Online_user_total']; ! } ! else ! { ! $l_t_user_s = $lang['Online_users_total']; ! } ! if ( $logged_visible_online == 0 ) ! { ! $l_r_user_s = $lang['Reg_users_zero_total']; ! } ! else if ( $logged_visible_online == 1 ) ! { ! $l_r_user_s = $lang['Reg_user_total']; ! } ! else ! { ! $l_r_user_s = $lang['Reg_users_total']; ! } ! if ( $logged_hidden_online == 0 ) ! { ! $l_h_user_s = $lang['Hidden_users_zero_total']; ! } ! else if ( $logged_hidden_online == 1 ) ! { ! $l_h_user_s = $lang['Hidden_user_total']; ! } ! else ! { ! $l_h_user_s = $lang['Hidden_users_total']; ! } ! if ( $guests_online == 0 ) ! { ! $l_g_user_s = $lang['Guest_users_zero_total']; ! } ! else if ( $guests_online == 1 ) ! { ! $l_g_user_s = $lang['Guest_user_total']; ! } ! else ! { ! $l_g_user_s = $lang['Guest_users_total']; } - $l_online_users = sprintf($l_t_user_s, $total_online_users); - $l_online_users .= sprintf($l_r_user_s, $logged_visible_online); - $l_online_users .= sprintf($l_h_user_s, $logged_hidden_online); - $l_online_users .= sprintf($l_g_user_s, $guests_online); - // // Obtain number of new private messages // if user is logged in // ! if ( $userdata['session_logged_in'] ) { if ( $userdata['user_new_privmsg'] ) { ! $l_message_new = ( $userdata['user_new_privmsg'] == 1 ) ? $lang['New_pm'] : $lang['New_pms']; ! $l_privmsgs_text = sprintf($l_message_new, $userdata['user_new_privmsg']); if ( $userdata['user_last_privmsg'] > $userdata['user_lastvisit'] ) { $sql = "UPDATE " . USERS_TABLE . " ! SET user_last_privmsg = " . $userdata['user_lastvisit'] . " WHERE user_id = " . $userdata['user_id']; if ( !$db->sql_query($sql) ) { --- 87,274 ---- // Get basic (usernames + totals) online // situation // $logged_visible_online = 0; $logged_hidden_online = 0; $guests_online = 0; $online_userlist = ''; + $l_online_users = ''; ! if (defined('SHOW_ONLINE')) { ! ! $user_forum_sql = ( !empty($forum_id) ) ? "AND s.session_page = " . intval($forum_id) : ''; ! $sql = "SELECT u.username, u.user_id, u.user_allow_viewonline, u.user_level, s.session_logged_in, s.session_ip ! FROM ".USERS_TABLE." u, ".SESSIONS_TABLE." s ! WHERE u.user_id = s.session_user_id ! AND s.session_time >= ".( time() - 300 ) . " ! $user_forum_sql ! ORDER BY u.username ASC, s.session_ip ASC"; ! if( !($result = $db->sql_query($sql)) ) { ! message_die(GENERAL_ERROR, 'Could not obtain user/online information', '', __LINE__, __FILE__, $sql); ! } ! ! $userlist_ary = array(); ! $userlist_visible = array(); ! ! $prev_user_id = 0; ! $prev_user_ip = $prev_session_ip = ''; ! ! while( $row = $db->sql_fetchrow($result) ) ! { ! // User is logged in and therefor not a guest ! if ( $row['session_logged_in'] ) { ! // Skip multiple sessions for one user ! if ( $row['user_id'] != $prev_user_id ) { ! $style_color = ''; ! if ( $row['user_level'] == ADMIN ) ! { ! $row['username'] = '' . $row['username'] . ''; ! $style_color = 'style="color:#' . $theme['fontcolor3'] . '"'; ! } ! else if ( $row['user_level'] == MOD ) ! { ! $row['username'] = '' . $row['username'] . ''; ! $style_color = 'style="color:#' . $theme['fontcolor2'] . '"'; ! } ! ! if ( $row['user_allow_viewonline'] ) ! { ! $user_online_link = '' . $row['username'] . ''; ! $logged_visible_online++; ! } ! else ! { ! $user_online_link = '' . $row['username'] . ''; ! $logged_hidden_online++; ! } ! ! if ( $row['user_allow_viewonline'] || $userdata['user_level'] == ADMIN ) ! { ! $online_userlist .= ( $online_userlist != '' ) ? ', ' . $user_online_link : $user_online_link; ! } } ! $prev_user_id = $row['user_id']; ! } ! else ! { ! // Skip multiple sessions for one user ! if ( $row['session_ip'] != $prev_session_ip ) { ! $guests_online++; } } ! $prev_session_ip = $row['session_ip']; } ! $db->sql_freeresult($result); ! ! if ( empty($online_userlist) ) { ! $online_userlist = $lang['None']; } + $online_userlist = ( ( isset($forum_id) ) ? $lang['Browsing_forum'] : $lang['Registered_users'] ) . ' ' . $online_userlist; ! $total_online_users = $logged_visible_online + $logged_hidden_online + $guests_online; ! if ( $total_online_users > $board_config['record_online_users']) ! { ! $board_config['record_online_users'] = $total_online_users; ! $board_config['record_online_date'] = time(); ! $sql = "UPDATE " . CONFIG_TABLE . " ! SET config_value = '$total_online_users' ! WHERE config_name = 'record_online_users'"; ! if ( !$db->sql_query($sql) ) ! { ! message_die(GENERAL_ERROR, 'Could not update online user record (nr of users)', '', __LINE__, __FILE__, $sql); ! } ! $sql = "UPDATE " . CONFIG_TABLE . " ! SET config_value = '" . $board_config['record_online_date'] . "' ! WHERE config_name = 'record_online_date'"; ! if ( !$db->sql_query($sql) ) ! { ! message_die(GENERAL_ERROR, 'Could not update online user record (date)', '', __LINE__, __FILE__, $sql); ! } ! } ! if ( $total_online_users == 0 ) { ! $l_t_user_s = $lang['Online_users_zero_total']; } ! else if ( $total_online_users == 1 ) { ! $l_t_user_s = $lang['Online_user_total']; ! } ! else ! { ! $l_t_user_s = $lang['Online_users_total']; } ! if ( $logged_visible_online == 0 ) ! { ! $l_r_user_s = $lang['Reg_users_zero_total']; ! } ! else if ( $logged_visible_online == 1 ) ! { ! $l_r_user_s = $lang['Reg_user_total']; ! } ! else ! { ! $l_r_user_s = $lang['Reg_users_total']; ! } ! if ( $logged_hidden_online == 0 ) ! { ! $l_h_user_s = $lang['Hidden_users_zero_total']; ! } ! else if ( $logged_hidden_online == 1 ) ! { ! $l_h_user_s = $lang['Hidden_user_total']; ! } ! else ! { ! $l_h_user_s = $lang['Hidden_users_total']; ! } ! if ( $guests_online == 0 ) ! { ! $l_g_user_s = $lang['Guest_users_zero_total']; ! } ! else if ( $guests_online == 1 ) ! { ! $l_g_user_s = $lang['Guest_user_total']; ! } ! else ! { ! $l_g_user_s = $lang['Guest_users_total']; ! } ! $l_online_users = sprintf($l_t_user_s, $total_online_users); ! $l_online_users .= sprintf($l_r_user_s, $logged_visible_online); ! $l_online_users .= sprintf($l_h_user_s, $logged_hidden_online); ! $l_online_users .= sprintf($l_g_user_s, $guests_online); } // // Obtain number of new private messages // if user is logged in // ! if ( ($userdata['session_logged_in']) && (empty($gen_simple_header)) ) { if ( $userdata['user_new_privmsg'] ) { ! $l_message_new = ( $userdata['user_new_privmsg'] == 1 ) ? $lang['New_pm'] : $lang['New_pms']; ! $l_privmsgs_text = sprintf($l_message_new, $userdata['user_new_privmsg']); if ( $userdata['user_last_privmsg'] > $userdata['user_lastvisit'] ) { $sql = "UPDATE " . USERS_TABLE . " ! SET user_last_privmsg = " . $userdata['user_lastvisit'] . " WHERE user_id = " . $userdata['user_id']; if ( !$db->sql_query($sql) ) { *************** *** 273,279 **** else { $s_privmsg_new = 0; ! $icon_pm = $images['pm_no_new_msg']; } } else --- 281,287 ---- else { $s_privmsg_new = 0; ! $icon_pm = $images['pm_new_msg']; } } else *************** *** 286,293 **** if ( $userdata['user_unread_privmsg'] ) { ! $l_message_unread = ( $userdata['user_unread_privmsg'] == 1 ) ? $lang['Unread_pm'] : $lang['Unread_pms']; ! $l_privmsgs_text_unread = sprintf($l_message_unread, $userdata['user_unread_privmsg']); } else { --- 294,301 ---- if ( $userdata['user_unread_privmsg'] ) { ! $l_message_unread = ( $userdata['user_unread_privmsg'] == 1 ) ? $lang['Unread_pm'] : $lang['Unread_pms']; ! $l_privmsgs_text_unread = sprintf($l_message_unread, $userdata['user_unread_privmsg']); } else { *************** *** 305,390 **** // // Generate HTML required for Mozilla Navigation bar // $nav_links_html = ''; $nav_link_proto = '' . "\n"; while( list($nav_item, $nav_array) = @each($nav_links) ) { if ( !empty($nav_array['url']) ) { ! $nav_links_html .= sprintf($nav_link_proto, $nav_item, $nav_array['url'], $nav_array['title']); } else { // We have a nested array, used for items like that can occur more than once. while( list(,$nested_array) = each($nav_array) ) ! { $nav_links_html .= sprintf($nav_link_proto, $nav_item, $nested_array['url'], $nested_array['title']); } } ! } // // The following assigns all _common_ variables that may be used at any point // in a template. // $template->assign_vars(array( ! 'SITENAME' => $board_config['sitename'], ! 'SITE_DESCRIPTION' => $board_config['site_desc'], 'PAGE_TITLE' => $page_title, ! 'LAST_VISIT_DATE' => sprintf($lang['You_last_visit'], $s_last_visit), ! 'CURRENT_TIME' => sprintf($lang['Current_time'], create_date($board_config['default_dateformat'], time(), $board_config['board_timezone'])), 'TOTAL_USERS_ONLINE' => $l_online_users, ! 'LOGGED_IN_USER_LIST' => $online_userlist, 'RECORD_USERS' => sprintf($lang['Record_online_users'], $board_config['record_online_users'], create_date($board_config['default_dateformat'], $board_config['record_online_date'], $board_config['board_timezone'])), 'PRIVATE_MESSAGE_INFO' => $l_privmsgs_text, 'PRIVATE_MESSAGE_INFO_UNREAD' => $l_privmsgs_text_unread, ! 'PRIVATE_MESSAGE_NEW_FLAG' => $s_privmsg_new, 'PRIVMSG_IMG' => $icon_pm, ! 'L_USERNAME' => $lang['Username'], ! 'L_PASSWORD' => $lang['Password'], ! 'L_LOGIN_LOGOUT' => $l_login_logout, ! 'L_LOGIN' => $lang['Login'], ! 'L_LOG_ME_IN' => $lang['Log_me_in'], ! 'L_AUTO_LOGIN' => $lang['Log_me_in'], ! 'L_INDEX' => sprintf($lang['Forum_Index'], $board_config['sitename']), ! 'L_REGISTER' => $lang['Register'], ! 'L_PROFILE' => $lang['Profile'], ! 'L_SEARCH' => $lang['Search'], ! 'L_PRIVATEMSGS' => $lang['Private_Messages'], ! 'L_WHO_IS_ONLINE' => $lang['Who_is_Online'], ! 'L_MEMBERLIST' => $lang['Memberlist'], ! 'L_FAQ' => $lang['FAQ'], ! 'L_USERGROUPS' => $lang['Usergroups'], ! 'L_SEARCH_NEW' => $lang['Search_new'], ! 'L_SEARCH_UNANSWERED' => $lang['Search_unanswered'], ! 'L_SEARCH_SELF' => $lang['Search_your_posts'], ! 'L_WHOSONLINE_ADMIN' => sprintf($lang['Admin_online_color'], '', ''), ! 'L_WHOSONLINE_MOD' => sprintf($lang['Mod_online_color'], '', ''), 'U_SEARCH_UNANSWERED' => append_sid('search.'.$phpEx.'?search_id=unanswered'), ! 'U_SEARCH_SELF' => append_sid('search.'.$phpEx.'?search_id=egosearch'), ! 'U_SEARCH_NEW' => append_sid('search.'.$phpEx.'?search_id=newposts'), 'U_INDEX' => append_sid('index.'.$phpEx), 'U_REGISTER' => append_sid('profile.'.$phpEx.'?mode=register'), 'U_PROFILE' => append_sid('profile.'.$phpEx.'?mode=editprofile'), ! 'U_PRIVATEMSGS' => append_sid('privmsg.'.$phpEx.'?folder=inbox'), ! 'U_PRIVATEMSGS_POPUP' => append_sid('privmsg.'.$phpEx.'?mode=newpm'), 'U_SEARCH' => append_sid('search.'.$phpEx), ! 'U_MEMBERLIST' => append_sid('memberlist.'.$phpEx), ! 'U_MODCP' => append_sid('modcp.'.$phpEx), 'U_FAQ' => append_sid('faq.'.$phpEx), 'U_VIEWONLINE' => append_sid('viewonline.'.$phpEx), 'U_LOGIN_LOGOUT' => append_sid($u_login_logout), - 'U_MEMBERSLIST' => append_sid('memberlist.'.$phpEx), 'U_GROUP_CP' => append_sid('groupcp.'.$phpEx), ! 'S_CONTENT_DIRECTION' => $lang['DIRECTION'], ! 'S_CONTENT_ENCODING' => $lang['ENCODING'], ! 'S_CONTENT_DIR_LEFT' => $lang['LEFT'], ! 'S_CONTENT_DIR_RIGHT' => $lang['RIGHT'], ! 'S_TIMEZONE' => sprintf($lang['All_times'], $lang[number_format($board_config['board_timezone'])]), 'S_LOGIN_ACTION' => append_sid('login.'.$phpEx), 'T_HEAD_STYLESHEET' => $theme['head_stylesheet'], --- 313,405 ---- // // Generate HTML required for Mozilla Navigation bar // + if (!isset($nav_links)) + { + $nav_links = array(); + } + $nav_links_html = ''; $nav_link_proto = '' . "\n"; while( list($nav_item, $nav_array) = @each($nav_links) ) { if ( !empty($nav_array['url']) ) { ! $nav_links_html .= sprintf($nav_link_proto, $nav_item, append_sid($nav_array['url']), $nav_array['title']); } else { // We have a nested array, used for items like that can occur more than once. while( list(,$nested_array) = each($nav_array) ) ! { $nav_links_html .= sprintf($nav_link_proto, $nav_item, $nested_array['url'], $nested_array['title']); } } ! } + // Format Timezone. We are unable to use array_pop here, because of PHP3 compatibility + $l_timezone = explode('.', $board_config['board_timezone']); + $l_timezone = (count($l_timezone) > 1 && $l_timezone[count($l_timezone)-1] != 0) ? $lang[sprintf('%.1f', $board_config['board_timezone'])] : $lang[number_format($board_config['board_timezone'])]; // // The following assigns all _common_ variables that may be used at any point // in a template. // $template->assign_vars(array( ! 'SITENAME' => $board_config['sitename'], ! 'SITE_DESCRIPTION' => $board_config['site_desc'], 'PAGE_TITLE' => $page_title, ! 'LAST_VISIT_DATE' => sprintf($lang['You_last_visit'], $s_last_visit), ! 'CURRENT_TIME' => sprintf($lang['Current_time'], create_date($board_config['default_dateformat'], time(), $board_config['board_timezone'])), 'TOTAL_USERS_ONLINE' => $l_online_users, ! 'LOGGED_IN_USER_LIST' => $online_userlist, 'RECORD_USERS' => sprintf($lang['Record_online_users'], $board_config['record_online_users'], create_date($board_config['default_dateformat'], $board_config['record_online_date'], $board_config['board_timezone'])), 'PRIVATE_MESSAGE_INFO' => $l_privmsgs_text, 'PRIVATE_MESSAGE_INFO_UNREAD' => $l_privmsgs_text_unread, ! 'PRIVATE_MESSAGE_NEW_FLAG' => $s_privmsg_new, 'PRIVMSG_IMG' => $icon_pm, ! 'L_USERNAME' => $lang['Username'], ! 'L_PASSWORD' => $lang['Password'], ! 'L_LOGIN_LOGOUT' => $l_login_logout, ! 'L_LOGIN' => $lang['Login'], ! 'L_LOG_ME_IN' => $lang['Log_me_in'], ! 'L_AUTO_LOGIN' => $lang['Log_me_in'], ! 'L_INDEX' => sprintf($lang['Forum_Index'], $board_config['sitename']), ! 'L_REGISTER' => $lang['Register'], ! 'L_PROFILE' => $lang['Profile'], ! 'L_SEARCH' => $lang['Search'], ! 'L_PRIVATEMSGS' => $lang['Private_Messages'], ! 'L_WHO_IS_ONLINE' => $lang['Who_is_Online'], ! 'L_MEMBERLIST' => $lang['Memberlist'], ! 'L_FAQ' => $lang['FAQ'], ! 'L_USERGROUPS' => $lang['Usergroups'], ! 'L_SEARCH_NEW' => $lang['Search_new'], ! 'L_SEARCH_UNANSWERED' => $lang['Search_unanswered'], ! 'L_SEARCH_SELF' => $lang['Search_your_posts'], ! 'L_WHOSONLINE_ADMIN' => sprintf($lang['Admin_online_color'], '', ''), ! 'L_WHOSONLINE_MOD' => sprintf($lang['Mod_online_color'], '', ''), 'U_SEARCH_UNANSWERED' => append_sid('search.'.$phpEx.'?search_id=unanswered'), ! 'U_SEARCH_SELF' => append_sid('search.'.$phpEx.'?search_id=egosearch'), ! 'U_SEARCH_NEW' => append_sid('search.'.$phpEx.'?search_id=newposts'), 'U_INDEX' => append_sid('index.'.$phpEx), 'U_REGISTER' => append_sid('profile.'.$phpEx.'?mode=register'), 'U_PROFILE' => append_sid('profile.'.$phpEx.'?mode=editprofile'), ! 'U_PRIVATEMSGS' => append_sid('privmsg.'.$phpEx.'?folder=inbox'), ! 'U_PRIVATEMSGS_POPUP' => append_sid('privmsg.'.$phpEx.'?mode=newpm'), 'U_SEARCH' => append_sid('search.'.$phpEx), ! 'U_MEMBERLIST' => append_sid('memberlist.'.$phpEx), ! 'U_MODCP' => append_sid('modcp.'.$phpEx), 'U_FAQ' => append_sid('faq.'.$phpEx), 'U_VIEWONLINE' => append_sid('viewonline.'.$phpEx), 'U_LOGIN_LOGOUT' => append_sid($u_login_logout), 'U_GROUP_CP' => append_sid('groupcp.'.$phpEx), ! 'S_CONTENT_DIRECTION' => $lang['DIRECTION'], ! 'S_CONTENT_ENCODING' => $lang['ENCODING'], ! 'S_CONTENT_DIR_LEFT' => $lang['LEFT'], ! 'S_CONTENT_DIR_RIGHT' => $lang['RIGHT'], ! 'S_TIMEZONE' => sprintf($lang['All_times'], $l_timezone), 'S_LOGIN_ACTION' => append_sid('login.'.$phpEx), 'T_HEAD_STYLESHEET' => $theme['head_stylesheet'], *************** *** 425,431 **** 'T_SPAN_CLASS1' => $theme['span_class1'], 'T_SPAN_CLASS2' => $theme['span_class2'], 'T_SPAN_CLASS3' => $theme['span_class3'], ! 'NAV_LINKS' => $nav_links_html) ); --- 440,446 ---- 'T_SPAN_CLASS1' => $theme['span_class1'], 'T_SPAN_CLASS2' => $theme['span_class2'], 'T_SPAN_CLASS3' => $theme['span_class3'], ! 'NAV_LINKS' => $nav_links_html) ); *************** *** 446,455 **** } } ! header ('Cache-Control: private, pre-check=0, post-check=0, max-age=0'); ! header ('Expires: ' . gmdate('D, d M Y H:i:s', time()) . ' GMT'); ! header ('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT'); $template->pparse('overall_header'); ! ?> --- 461,482 ---- } } ! // Add no-cache control for cookies if they are set ! //$c_no_cache = (isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_sid']) || isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_data'])) ? 'no-cache="set-cookie", ' : ''; ! ! // Work around for "current" Apache 2 + PHP module which seems to not ! // cope with private cache control setting ! if (!empty($HTTP_SERVER_VARS['SERVER_SOFTWARE']) && strstr($HTTP_SERVER_VARS['SERVER_SOFTWARE'], 'Apache/2')) ! { ! header ('Cache-Control: no-cache, pre-check=0, post-check=0'); ! } ! else ! { ! header ('Cache-Control: private, pre-check=0, post-check=0, max-age=0'); ! } ! header ('Expires: 0'); ! header ('Pragma: no-cache'); $template->pparse('overall_header'); ! ?> \ No newline at end of file diff -crN phpbb201/includes/page_tail.php phpbb2017/includes/page_tail.php *** phpbb201/includes/page_tail.php Sat Jul 10 20:16:15 2004 --- phpbb2017/includes/page_tail.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: page_tail.php,v 1.27.2.1 2002/05/12 00:47:41 psotfx Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: page_tail.php,v 1.27.2.3 2004/12/22 02:04:00 psotfx Exp $ * * ***************************************************************************/ *************** *** 28,42 **** // // Show the overall footer. // ! $admin_link = ( $userdata['user_level'] == ADMIN ) ? '' . $lang['Admin_panel'] . '

' : ''; $template->set_filenames(array( 'overall_footer' => ( empty($gen_simple_header) ) ? 'overall_footer.tpl' : 'simple_footer.tpl') ); $template->assign_vars(array( ! 'PHPBB_VERSION' => '2' . $board_config['version'], ! 'TRANSLATION_INFO' => ( isset($lang['TRANSLATION_INFO']) ) ? $lang['TRANSLATION_INFO'] : '', 'ADMIN_LINK' => $admin_link) ); --- 28,41 ---- // // Show the overall footer. // ! $admin_link = ( $userdata['user_level'] == ADMIN ) ? '' . $lang['Admin_panel'] . '

' : ''; $template->set_filenames(array( 'overall_footer' => ( empty($gen_simple_header) ) ? 'overall_footer.tpl' : 'simple_footer.tpl') ); $template->assign_vars(array( ! 'TRANSLATION_INFO' => ( isset($lang['TRANSLATION_INFO']) ) ? $lang['TRANSLATION_INFO'] : '', 'ADMIN_LINK' => $admin_link) ); diff -crN phpbb201/includes/prune.php phpbb2017/includes/prune.php *** phpbb201/includes/prune.php Sat Jul 10 20:16:15 2004 --- phpbb2017/includes/prune.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: prune.php,v 1.19 2002/04/04 11:51:25 psotfx Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: prune.php,v 1.19.2.6 2003/03/18 23:23:57 acydburn Exp $ * * ***************************************************************************/ *************** *** 27,44 **** require($phpbb_root_path . 'includes/functions_search.'.$phpEx); ! function prune($forum_id, $prune_date) { global $db, $lang; // ! // Those without polls ... // $sql = "SELECT t.topic_id FROM " . POSTS_TABLE . " p, " . TOPICS_TABLE . " t WHERE t.forum_id = $forum_id ! AND t.topic_vote = 0 ! AND t.topic_type <> " . POST_ANNOUNCE . " AND ( p.post_id = t.topic_last_post_id OR t.topic_last_post_id = 0 )"; if ( $prune_date != '' ) --- 27,44 ---- require($phpbb_root_path . 'includes/functions_search.'.$phpEx); ! function prune($forum_id, $prune_date, $prune_all = false) { global $db, $lang; + $prune_all = ($prune_all) ? '' : 'AND t.topic_vote = 0 AND t.topic_type <> ' . POST_ANNOUNCE; // ! // Those without polls and announcements ... unless told otherwise! // $sql = "SELECT t.topic_id FROM " . POSTS_TABLE . " p, " . TOPICS_TABLE . " t WHERE t.forum_id = $forum_id ! $prune_all AND ( p.post_id = t.topic_last_post_id OR t.topic_last_post_id = 0 )"; if ( $prune_date != '' ) *************** *** 56,61 **** --- 56,62 ---- { $sql_topics .= ( ( $sql_topics != '' ) ? ', ' : '' ) . $row['topic_id']; } + $db->sql_freeresult($result); if( $sql_topics != '' ) { *************** *** 73,85 **** { $sql_post .= ( ( $sql_post != '' ) ? ', ' : '' ) . $row['post_id']; } if ( $sql_post != '' ) { ! $sql = "DELETE FROM " . TOPICS_TABLE . " WHERE topic_id IN ($sql_topics)"; if ( !$db->sql_query($sql, BEGIN_TRANSACTION) ) { message_die(GENERAL_ERROR, 'Could not delete topics during prune', '', __LINE__, __FILE__, $sql); } --- 74,94 ---- { $sql_post .= ( ( $sql_post != '' ) ? ', ' : '' ) . $row['post_id']; } + $db->sql_freeresult($result); if ( $sql_post != '' ) { ! $sql = "DELETE FROM " . TOPICS_WATCH_TABLE . " WHERE topic_id IN ($sql_topics)"; if ( !$db->sql_query($sql, BEGIN_TRANSACTION) ) { + message_die(GENERAL_ERROR, 'Could not delete watched topics during prune', '', __LINE__, __FILE__, $sql); + } + + $sql = "DELETE FROM " . TOPICS_TABLE . " + WHERE topic_id IN ($sql_topics)"; + if ( !$db->sql_query($sql) ) + { message_die(GENERAL_ERROR, 'Could not delete topics during prune', '', __LINE__, __FILE__, $sql); } *************** *** 99,111 **** if ( !$db->sql_query($sql) ) { message_die(GENERAL_ERROR, 'Could not delete post during prune', '', __LINE__, __FILE__, $sql); - } - - $sql = "DELETE FROM " . SEARCH_MATCH_TABLE . " - WHERE post_id IN ($sql_post)"; - if ( !$db->sql_query($sql) ) - { - message_die(GENERAL_ERROR, 'Could not delete search matches', '', __LINE__, __FILE__, $sql); } remove_search_post($sql_post); --- 108,113 ---- diff -crN phpbb201/includes/sessions.php phpbb2017/includes/sessions.php *** phpbb201/includes/sessions.php Sat Jul 10 20:16:15 2004 --- phpbb2017/includes/sessions.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: sessions.php,v 1.58.2.2 2002/04/08 13:11:58 psotfx Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: sessions.php,v 1.58.2.14 2005/05/06 20:50:11 acydburn Exp $ * * ***************************************************************************/ *************** *** 24,30 **** // Adds/updates a new session to the database for the given userid. // Returns the new session ID on success. // ! function session_begin($user_id, $user_ip, $page_id, $auto_create = 0, $enable_autologin = 0) { global $db, $board_config; global $HTTP_COOKIE_VARS, $HTTP_GET_VARS, $SID; --- 24,30 ---- // Adds/updates a new session to the database for the given userid. // Returns the new session ID on success. // ! function session_begin($user_id, $user_ip, $page_id, $auto_create = 0, $enable_autologin = 0, $admin = 0) { global $db, $board_config; global $HTTP_COOKIE_VARS, $HTTP_GET_VARS, $SID; *************** *** 37,52 **** if ( isset($HTTP_COOKIE_VARS[$cookiename . '_sid']) || isset($HTTP_COOKIE_VARS[$cookiename . '_data']) ) { $session_id = isset($HTTP_COOKIE_VARS[$cookiename . '_sid']) ? $HTTP_COOKIE_VARS[$cookiename . '_sid'] : ''; ! $sessiondata = isset($HTTP_COOKIE_VARS[$cookiename . '_data']) ? unserialize(stripslashes($HTTP_COOKIE_VARS[$cookiename . '_data'])) : ''; $sessionmethod = SESSION_METHOD_COOKIE; } else { ! $sessiondata = ''; $session_id = ( isset($HTTP_GET_VARS['sid']) ) ? $HTTP_GET_VARS['sid'] : ''; $sessionmethod = SESSION_METHOD_GET; } $last_visit = 0; $current_time = time(); $expiry_time = $current_time - $board_config['session_length']; --- 37,60 ---- if ( isset($HTTP_COOKIE_VARS[$cookiename . '_sid']) || isset($HTTP_COOKIE_VARS[$cookiename . '_data']) ) { $session_id = isset($HTTP_COOKIE_VARS[$cookiename . '_sid']) ? $HTTP_COOKIE_VARS[$cookiename . '_sid'] : ''; ! $sessiondata = isset($HTTP_COOKIE_VARS[$cookiename . '_data']) ? unserialize(stripslashes($HTTP_COOKIE_VARS[$cookiename . '_data'])) : array(); $sessionmethod = SESSION_METHOD_COOKIE; } else { ! $sessiondata = array(); $session_id = ( isset($HTTP_GET_VARS['sid']) ) ? $HTTP_GET_VARS['sid'] : ''; $sessionmethod = SESSION_METHOD_GET; } + // + if (!preg_match('/^[A-Za-z0-9]*$/', $session_id)) + { + $session_id = ''; + } + + $page_id = (int) $page_id; + $last_visit = 0; $current_time = time(); $expiry_time = $current_time - $board_config['session_length']; *************** *** 73,79 **** if ( isset($sessiondata['autologinid']) && $userdata['user_active'] ) { // We have to login automagically ! if( $sessiondata['autologinid'] == $auto_login_key ) { // autologinid matches password $login = 1; --- 81,87 ---- if ( isset($sessiondata['autologinid']) && $userdata['user_active'] ) { // We have to login automagically ! if( $sessiondata['autologinid'] === $auto_login_key ) { // autologinid matches password $login = 1; *************** *** 84,90 **** // No match; don't login, set as anonymous user $login = 0; $enable_autologin = 0; ! $user_id = ANONYMOUS; } } else --- 92,103 ---- // No match; don't login, set as anonymous user $login = 0; $enable_autologin = 0; ! $user_id = $userdata['user_id'] = ANONYMOUS; ! ! $sql = 'SELECT * FROM ' . USERS_TABLE . ' WHERE user_id = ' . ANONYMOUS; ! $result = $db->sql_query($sql); ! $userdata = $db->sql_fetchrow($result); ! $db->sql_freeresult($result); } } else *************** *** 92,98 **** // Autologin is not set. Don't login, set as anonymous user $login = 0; $enable_autologin = 0; ! $user_id = ANONYMOUS; } } else --- 105,116 ---- // Autologin is not set. Don't login, set as anonymous user $login = 0; $enable_autologin = 0; ! $user_id = $userdata['user_id'] = ANONYMOUS; ! ! $sql = 'SELECT * FROM ' . USERS_TABLE . ' WHERE user_id = ' . ANONYMOUS; ! $result = $db->sql_query($sql); ! $userdata = $db->sql_fetchrow($result); ! $db->sql_freeresult($result); } } else *************** *** 117,124 **** OR ban_userid = $user_id"; if ( $user_id != ANONYMOUS ) { ! $sql .= " OR ban_email LIKE '" . str_replace("\'", "''", $row['user_email']) . "' ! OR ban_email LIKE '" . substr(str_replace("\'", "''", $row['user_email']), strpos(str_replace("\'", "''", $row['user_email']), "@")) . "'"; } if ( !($result = $db->sql_query($sql)) ) { --- 135,142 ---- OR ban_userid = $user_id"; if ( $user_id != ANONYMOUS ) { ! $sql .= " OR ban_email LIKE '" . str_replace("\'", "''", $userdata['user_email']) . "' ! OR ban_email LIKE '" . substr(str_replace("\'", "''", $userdata['user_email']), strpos(str_replace("\'", "''", $userdata['user_email']), "@")) . "'"; } if ( !($result = $db->sql_query($sql)) ) { *************** *** 137,152 **** // Create or update the session // $sql = "UPDATE " . SESSIONS_TABLE . " ! SET session_user_id = $user_id, session_start = $current_time, session_time = $current_time, session_page = $page_id, session_logged_in = $login WHERE session_id = '" . $session_id . "' AND session_ip = '$user_ip'"; if ( !$db->sql_query($sql) || !$db->sql_affectedrows() ) { ! $session_id = md5(uniqid($user_ip)); $sql = "INSERT INTO " . SESSIONS_TABLE . " ! (session_id, session_user_id, session_start, session_time, session_ip, session_page, session_logged_in) ! VALUES ('$session_id', $user_id, $current_time, $current_time, '$user_ip', $page_id, $login)"; if ( !$db->sql_query($sql) ) { message_die(CRITICAL_ERROR, 'Error creating new session', '', __LINE__, __FILE__, $sql); --- 155,172 ---- // Create or update the session // $sql = "UPDATE " . SESSIONS_TABLE . " ! SET session_user_id = $user_id, session_start = $current_time, session_time = $current_time, session_page = $page_id, session_logged_in = $login, session_admin = $admin WHERE session_id = '" . $session_id . "' AND session_ip = '$user_ip'"; if ( !$db->sql_query($sql) || !$db->sql_affectedrows() ) { ! list($sec, $usec) = explode(' ', microtime()); ! mt_srand((float) $sec + ((float) $usec * 100000)); ! $session_id = md5(uniqid(mt_rand(), true)); $sql = "INSERT INTO " . SESSIONS_TABLE . " ! (session_id, session_user_id, session_start, session_time, session_ip, session_page, session_logged_in, session_admin) ! VALUES ('$session_id', $user_id, $current_time, $current_time, '$user_ip', $page_id, $login, $admin)"; if ( !$db->sql_query($sql) ) { message_die(CRITICAL_ERROR, 'Error creating new session', '', __LINE__, __FILE__, $sql); *************** *** 157,173 **** {// ( $userdata['user_session_time'] > $expiry_time && $auto_create ) ? $userdata['user_lastvisit'] : ( $last_visit = ( $userdata['user_session_time'] > 0 ) ? $userdata['user_session_time'] : $current_time; ! $sql = "UPDATE " . USERS_TABLE . " ! SET user_session_time = $current_time, user_session_page = $page_id, user_lastvisit = $last_visit ! WHERE user_id = $user_id"; ! if ( !$db->sql_query($sql) ) { ! message_die(CRITICAL_ERROR, 'Error updating last visit time', '', __LINE__, __FILE__, $sql); } $userdata['user_lastvisit'] = $last_visit; ! $sessiondata['autologinid'] = ( $enable_autologin && $sessionmethod == SESSION_METHOD_COOKIE ) ? $auto_login_key : ''; $sessiondata['userid'] = $user_id; } --- 177,196 ---- {// ( $userdata['user_session_time'] > $expiry_time && $auto_create ) ? $userdata['user_lastvisit'] : ( $last_visit = ( $userdata['user_session_time'] > 0 ) ? $userdata['user_session_time'] : $current_time; ! if (!$admin) { ! $sql = "UPDATE " . USERS_TABLE . " ! SET user_session_time = $current_time, user_session_page = $page_id, user_lastvisit = $last_visit ! WHERE user_id = $user_id"; ! if ( !$db->sql_query($sql) ) ! { ! message_die(CRITICAL_ERROR, 'Error updating last visit time', '', __LINE__, __FILE__, $sql); ! } } $userdata['user_lastvisit'] = $last_visit; ! $sessiondata['autologinid'] = (!$admin) ? (( $enable_autologin && $sessionmethod == SESSION_METHOD_COOKIE ) ? $auto_login_key : '') : $sessiondata['autologinid']; $sessiondata['userid'] = $user_id; } *************** *** 178,188 **** $userdata['session_page'] = $page_id; $userdata['session_start'] = $current_time; $userdata['session_time'] = $current_time; setcookie($cookiename . '_data', serialize($sessiondata), $current_time + 31536000, $cookiepath, $cookiedomain, $cookiesecure); setcookie($cookiename . '_sid', $session_id, 0, $cookiepath, $cookiedomain, $cookiesecure); ! $SID = ( $sessionmethod == SESSION_METHOD_GET ) ? 'sid=' . $session_id : ''; return $userdata; } --- 201,212 ---- $userdata['session_page'] = $page_id; $userdata['session_start'] = $current_time; $userdata['session_time'] = $current_time; + $userdata['session_admin'] = $admin; setcookie($cookiename . '_data', serialize($sessiondata), $current_time + 31536000, $cookiepath, $cookiedomain, $cookiesecure); setcookie($cookiename . '_sid', $session_id, 0, $cookiepath, $cookiedomain, $cookiesecure); ! $SID = 'sid=' . $session_id; return $userdata; } *************** *** 206,222 **** if ( isset($HTTP_COOKIE_VARS[$cookiename . '_sid']) || isset($HTTP_COOKIE_VARS[$cookiename . '_data']) ) { ! $sessiondata = isset( $HTTP_COOKIE_VARS[$cookiename . '_data'] ) ? unserialize(stripslashes($HTTP_COOKIE_VARS[$cookiename . '_data'])) : ''; $session_id = isset( $HTTP_COOKIE_VARS[$cookiename . '_sid'] ) ? $HTTP_COOKIE_VARS[$cookiename . '_sid'] : ''; $sessionmethod = SESSION_METHOD_COOKIE; } else { ! $session_data = ''; $session_id = ( isset($HTTP_GET_VARS['sid']) ) ? $HTTP_GET_VARS['sid'] : ''; $sessionmethod = SESSION_METHOD_GET; } // // Does a session exist? // --- 230,254 ---- if ( isset($HTTP_COOKIE_VARS[$cookiename . '_sid']) || isset($HTTP_COOKIE_VARS[$cookiename . '_data']) ) { ! $sessiondata = isset( $HTTP_COOKIE_VARS[$cookiename . '_data'] ) ? unserialize(stripslashes($HTTP_COOKIE_VARS[$cookiename . '_data'])) : array(); $session_id = isset( $HTTP_COOKIE_VARS[$cookiename . '_sid'] ) ? $HTTP_COOKIE_VARS[$cookiename . '_sid'] : ''; $sessionmethod = SESSION_METHOD_COOKIE; } else { ! $sessiondata = array(); $session_id = ( isset($HTTP_GET_VARS['sid']) ) ? $HTTP_GET_VARS['sid'] : ''; $sessionmethod = SESSION_METHOD_GET; } + // + if (!preg_match('/^[A-Za-z0-9]*$/', $session_id)) + { + $session_id = ''; + } + + $thispage_id = (int) $thispage_id; + // // Does a session exist? // *************** *** 229,236 **** $sql = "SELECT u.*, s.* FROM " . SESSIONS_TABLE . " s, " . USERS_TABLE . " u WHERE s.session_id = '$session_id' ! AND u.user_id = s.session_user_id ! AND s.session_ip = '$user_ip'"; if ( !($result = $db->sql_query($sql)) ) { message_die(CRITICAL_ERROR, 'Error doing DB query userdata row fetch', '', __LINE__, __FILE__, $sql); --- 261,267 ---- $sql = "SELECT u.*, s.* FROM " . SESSIONS_TABLE . " s, " . USERS_TABLE . " u WHERE s.session_id = '$session_id' ! AND u.user_id = s.session_user_id"; if ( !($result = $db->sql_query($sql)) ) { message_die(CRITICAL_ERROR, 'Error doing DB query userdata row fetch', '', __LINE__, __FILE__, $sql); *************** *** 243,293 **** // if ( isset($userdata['user_id']) ) { - $SID = ( $sessionmethod == SESSION_METHOD_GET ) ? 'sid=' . $session_id : ''; - // ! // Only update session DB a minute or so after last update // ! if ( $current_time - $userdata['session_time'] > 60 ) { ! // || $userdata['user_session_page'] != $thispage_id ! $sql = "UPDATE " . SESSIONS_TABLE . " ! SET session_time = $current_time, session_page = $thispage_id ! WHERE session_id = '" . $userdata['session_id'] . "' ! AND session_ip = '$user_ip'"; ! if ( !$db->sql_query($sql) ) ! { ! message_die(CRITICAL_ERROR, 'Error updating sessions table', '', __LINE__, __FILE__, $sql); ! } ! if ( $userdata['user_id'] != ANONYMOUS ) { ! $sql = "UPDATE " . USERS_TABLE . " ! SET user_session_time = $current_time, user_session_page = $thispage_id ! WHERE user_id = " . $userdata['user_id']; if ( !$db->sql_query($sql) ) { message_die(CRITICAL_ERROR, 'Error updating sessions table', '', __LINE__, __FILE__, $sql); } - } ! // ! // Delete expired sessions ! // ! $expiry_time = $current_time - $board_config['session_length']; ! $sql = "DELETE FROM " . SESSIONS_TABLE . " ! WHERE session_time < $expiry_time ! AND session_id <> '$session_id'"; ! if ( !$db->sql_query($sql) ) ! { ! message_die(CRITICAL_ERROR, 'Error clearing sessions table', '', __LINE__, __FILE__, $sql); } ! setcookie($cookiename . '_data', serialize($sessiondata), $current_time + 31536000, $cookiepath, $cookiedomain, $cookiesecure); ! setcookie($cookiename . '_sid', $session_id, 0, $cookiepath, $cookiedomain, $cookiesecure); } - - return $userdata; } } --- 274,337 ---- // if ( isset($userdata['user_id']) ) { // ! // Do not check IP assuming equivalence, if IPv4 we'll check only first 24 ! // bits ... I've been told (by vHiker) this should alleviate problems with ! // load balanced et al proxies while retaining some reliance on IP security. // ! $ip_check_s = substr($userdata['session_ip'], 0, 6); ! $ip_check_u = substr($user_ip, 0, 6); ! ! if ($ip_check_s == $ip_check_u) { ! $SID = ($sessionmethod == SESSION_METHOD_GET || defined('IN_ADMIN')) ? 'sid=' . $session_id : ''; ! // ! // Only update session DB a minute or so after last update ! // ! if ( $current_time - $userdata['session_time'] > 60 ) { ! // A little trick to reset session_admin on session re-usage ! $update_admin = (!defined('IN_ADMIN') && $current_time - $userdata['session_time'] > ($board_config['session_length']+60)) ? ', session_admin = 0' : ''; ! ! $sql = "UPDATE " . SESSIONS_TABLE . " ! SET session_time = $current_time, session_page = $thispage_id$update_admin ! WHERE session_id = '" . $userdata['session_id'] . "'"; if ( !$db->sql_query($sql) ) { message_die(CRITICAL_ERROR, 'Error updating sessions table', '', __LINE__, __FILE__, $sql); } ! if ( $userdata['user_id'] != ANONYMOUS ) ! { ! $sql = "UPDATE " . USERS_TABLE . " ! SET user_session_time = $current_time, user_session_page = $thispage_id ! WHERE user_id = " . $userdata['user_id']; ! if ( !$db->sql_query($sql) ) ! { ! message_die(CRITICAL_ERROR, 'Error updating sessions table', '', __LINE__, __FILE__, $sql); ! } ! } ! ! // ! // Delete expired sessions ! // ! $expiry_time = $current_time - $board_config['session_length']; ! ! $sql = "DELETE FROM " . SESSIONS_TABLE . " ! WHERE session_time < $expiry_time ! AND session_id <> '$session_id'"; ! if ( !$db->sql_query($sql) ) ! { ! message_die(CRITICAL_ERROR, 'Error clearing sessions table', '', __LINE__, __FILE__, $sql); ! } ! ! setcookie($cookiename . '_data', serialize($sessiondata), $current_time + 31536000, $cookiepath, $cookiedomain, $cookiesecure); ! setcookie($cookiename . '_sid', $session_id, 0, $cookiepath, $cookiedomain, $cookiesecure); } ! return $userdata; } } } *************** *** 295,301 **** // If we reach here then no (valid) session exists. So we'll create a new one, // using the cookie user_id if available to pull basic user prefs. // ! $user_id = ( isset($sessiondata['userid']) ) ? $sessiondata['userid'] : ANONYMOUS; if ( !($userdata = session_begin($user_id, $user_ip, $thispage_id, TRUE)) ) { --- 339,345 ---- // If we reach here then no (valid) session exists. So we'll create a new one, // using the cookie user_id if available to pull basic user prefs. // ! $user_id = ( isset($sessiondata['userid']) ) ? intval($sessiondata['userid']) : ANONYMOUS; if ( !($userdata = session_begin($user_id, $user_ip, $thispage_id, TRUE)) ) { *************** *** 321,326 **** --- 365,372 ---- $cookiedomain = $board_config['cookie_domain']; $cookiesecure = $board_config['cookie_secure']; + $current_time = time(); + // // Pull cookiedata or grab the URI propagated sid // *************** *** 335,340 **** --- 381,391 ---- $sessionmethod = SESSION_METHOD_GET; } + if (!preg_match('/^[A-Za-z0-9]*$/', $session_id)) + { + return; + } + // // Delete existing session // *************** *** 362,373 **** { global $SID; ! if ( !empty($SID) && !eregi('sid=', $url) ) { $url .= ( ( strpos($url, '?') != false ) ? ( ( $non_html_amp ) ? '&' : '&' ) : '?' ) . $SID; } ! return($url); } ?> --- 413,424 ---- { global $SID; ! if ( !empty($SID) && !preg_match('#sid=#', $url) ) { $url .= ( ( strpos($url, '?') != false ) ? ( ( $non_html_amp ) ? '&' : '&' ) : '?' ) . $SID; } ! return $url; } ?> diff -crN phpbb201/includes/smtp.php phpbb2017/includes/smtp.php *** phpbb201/includes/smtp.php Sat Jul 10 20:16:16 2004 --- phpbb2017/includes/smtp.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: smtp.php,v 1.16 2002/04/02 21:13:47 the_systech Exp $ * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: smtp.php,v 1.16.2.10 2005/05/06 20:50:11 acydburn Exp $ * ***************************************************************************/ *************** *** 20,73 **** ***************************************************************************/ define('SMTP_INCLUDED', 1); // // This function has been modified as provided // by SirSir to allow multiline responses when // using SMTP Extensions // ! function server_parse($socket, $response) { ! while ( substr($server_response,3,1) != ' ' ) ! { ! if( !( $server_response = fgets($socket, 256) ) ) ! { ! message_die(GENERAL_ERROR, "Couldn't get mail server response codes", "", __LINE__, __FILE__); ! } ! } ! ! if( !( substr($server_response, 0, 3) == $response ) ) ! { ! message_die(GENERAL_ERROR, "Ran into problems sending Mail. Response: $server_response", "", __LINE__, __FILE__); ! } ! } ! ! /**************************************************************************** ! * Function: smtpmail ! * Description: This is a functional replacement for php's builtin mail ! * function, that uses smtp. ! * Usage: The usage for this function is identical to that of php's ! * built in mail function. ! ****************************************************************************/ ! function smtpmail($mail_to, $subject, $message, $headers = "") { - // For now I'm using an array based $smtp_vars to hold the smtp server - // info, but it should probably change to $board_config... - // then the relevant info would be $board_config['smtp_host'] and - // $board_config['smtp_port']. global $board_config; - // // Fix any bare linefeeds in the message to make it RFC821 Compliant. ! // ! $message = preg_replace("/(? 1) { ! $headers = join("\r\n", $headers); } else { --- 20,62 ---- ***************************************************************************/ define('SMTP_INCLUDED', 1); + // // This function has been modified as provided // by SirSir to allow multiline responses when // using SMTP Extensions // ! function server_parse($socket, $response, $line = __LINE__) { ! while (substr($server_response, 3, 1) != ' ') ! { ! if (!($server_response = fgets($socket, 256))) ! { ! message_die(GENERAL_ERROR, "Couldn't get mail server response codes", "", $line, __FILE__); ! } ! } ! ! if (!(substr($server_response, 0, 3) == $response)) ! { ! message_die(GENERAL_ERROR, "Ran into problems sending Mail. Response: $server_response", "", $line, __FILE__); ! } ! } ! ! // Replacement or substitute for PHP's mail command ! function smtpmail($mail_to, $subject, $message, $headers = '') { global $board_config; // Fix any bare linefeeds in the message to make it RFC821 Compliant. ! $message = preg_replace("#(? 1) { ! $headers = join("\n", $headers); } else { *************** *** 76,215 **** } $headers = chop($headers); - // // Make sure there are no bare linefeeds in the headers ! // ! $headers = preg_replace("/(?\r\n"); ! server_parse($socket, "250"); // Specify each user to send to and build to header. ! $to_header = "To: "; ! @reset( $mail_to_array ); ! while( list( , $mail_to_address ) = each( $mail_to_array )) ! { ! // ! // Add an additional bit of error checking to the To field. ! // ! $mail_to_address = trim($mail_to_address); ! if ( preg_match('/[^ ]+\@[^ ]+/', $mail_to_address) ) ! { ! fputs( $socket, "RCPT TO: <$mail_to_address>\r\n" ); ! server_parse( $socket, "250" ); ! } ! $to_header .= "<$mail_to_address>, "; } // Ok now do the CC and BCC fields... ! @reset( $bcc ); ! while( list( , $bcc_address ) = each( $bcc )) { - // // Add an additional bit of error checking to bcc header... ! // ! $bcc_address = trim( $bcc_address ); ! if ( preg_match('/[^ ]+\@[^ ]+/', $bcc_address) ) { ! fputs( $socket, "RCPT TO: <$bcc_address>\r\n" ); ! server_parse( $socket, "250" ); } } ! @reset( $cc ); ! while( list( , $cc_address ) = each( $cc )) { - // // Add an additional bit of error checking to cc header ! // ! $cc_address = trim( $cc_address ); ! if ( preg_match('/[^ ]+\@[^ ]+/', $cc_address) ) { fputs($socket, "RCPT TO: <$cc_address>\r\n"); ! server_parse($socket, "250"); } } // Ok now we tell the server we are ready to start sending data fputs($socket, "DATA\r\n"); // This is the last response code we look for until the end of the message. ! server_parse($socket, "354"); // Send the Subject Line... fputs($socket, "Subject: $subject\r\n"); // Now the To Header. ! fputs($socket, "$to_header\r\n"); // Now any custom headers.... fputs($socket, "$headers\r\n\r\n"); --- 65,193 ---- } $headers = chop($headers); // Make sure there are no bare linefeeds in the headers ! $headers = preg_replace('#(?\r\n"); ! server_parse($socket, "250", __LINE__); // Specify each user to send to and build to header. ! $to_header = ''; ! ! // Add an additional bit of error checking to the To field. ! $mail_to = (trim($mail_to) == '') ? 'Undisclosed-recipients:;' : trim($mail_to); ! if (preg_match('#[^ ]+\@[^ ]+#', $mail_to)) ! { ! fputs($socket, "RCPT TO: <$mail_to>\r\n"); ! server_parse($socket, "250", __LINE__); } + // Ok now do the CC and BCC fields... ! @reset($bcc); ! while(list(, $bcc_address) = each($bcc)) { // Add an additional bit of error checking to bcc header... ! $bcc_address = trim($bcc_address); ! if (preg_match('#[^ ]+\@[^ ]+#', $bcc_address)) { ! fputs($socket, "RCPT TO: <$bcc_address>\r\n"); ! server_parse($socket, "250", __LINE__); } } ! ! @reset($cc); ! while(list(, $cc_address) = each($cc)) { // Add an additional bit of error checking to cc header ! $cc_address = trim($cc_address); ! if (preg_match('#[^ ]+\@[^ ]+#', $cc_address)) { fputs($socket, "RCPT TO: <$cc_address>\r\n"); ! server_parse($socket, "250", __LINE__); } } + // Ok now we tell the server we are ready to start sending data fputs($socket, "DATA\r\n"); // This is the last response code we look for until the end of the message. ! server_parse($socket, "354", __LINE__); // Send the Subject Line... fputs($socket, "Subject: $subject\r\n"); // Now the To Header. ! fputs($socket, "To: $mail_to\r\n"); // Now any custom headers.... fputs($socket, "$headers\r\n\r\n"); *************** *** 219,225 **** // Ok the all the ingredients are mixed in let's cook this puppy... fputs($socket, ".\r\n"); ! server_parse($socket, "250"); // Now tell the server we are done and close the socket... fputs($socket, "QUIT\r\n"); --- 197,203 ---- // Ok the all the ingredients are mixed in let's cook this puppy... fputs($socket, ".\r\n"); ! server_parse($socket, "250", __LINE__); // Now tell the server we are done and close the socket... fputs($socket, "QUIT\r\n"); *************** *** 228,231 **** return TRUE; } ! ?> --- 206,209 ---- return TRUE; } ! ?> \ No newline at end of file diff -crN phpbb201/includes/template.php phpbb2017/includes/template.php *** phpbb201/includes/template.php Sat Jul 10 20:16:16 2004 --- phpbb2017/includes/template.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: template.php,v 1.10 2002/04/02 21:13:47 the_systech Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: template.php,v 1.10.2.5 2005/05/06 20:50:11 acydburn Exp $ * * ***************************************************************************/ *************** *** 230,236 **** // Check if it's an absolute or relative path. if (substr($filename, 0, 1) != '/') { ! $filename = $this->root . '/' . $filename; } if (!file_exists($filename)) --- 230,236 ---- // Check if it's an absolute or relative path. if (substr($filename, 0, 1) != '/') { ! $filename = ($rp_filename = phpbb_realpath($this->root . '/' . $filename)) ? $rp_filename : $filename; } if (!file_exists($filename)) *************** *** 331,337 **** if ($block_nesting_level < 2) { // Block is not nested. ! $code_lines[$i] = '$_' . $a[1] . '_count = ( isset($this->_tpldata[\'' . $n[1] . '.\']) ) ? sizeof($this->_tpldata[\'' . $n[1] . '.\']) : 0;'; $code_lines[$i] .= "\n" . 'for ($_' . $n[1] . '_i = 0; $_' . $n[1] . '_i < $_' . $n[1] . '_count; $_' . $n[1] . '_i++)'; $code_lines[$i] .= "\n" . '{'; } --- 331,337 ---- if ($block_nesting_level < 2) { // Block is not nested. ! $code_lines[$i] = '$_' . $n[1] . '_count = ( isset($this->_tpldata[\'' . $n[1] . '.\']) ) ? sizeof($this->_tpldata[\'' . $n[1] . '.\']) : 0;'; $code_lines[$i] .= "\n" . 'for ($_' . $n[1] . '_i = 0; $_' . $n[1] . '_i < $_' . $n[1] . '_count; $_' . $n[1] . '_i++)'; $code_lines[$i] .= "\n" . '{'; } *************** *** 347,353 **** // current indices of all parent blocks. $varref = $this->generate_block_data_ref($namespace, false); // Create the for loop code to iterate over this block. ! $code_lines[$i] = '$_' . $a[1] . '_count = ( isset(' . $varref . ') ) ? sizeof(' . $varref . ') : 0;'; $code_lines[$i] .= "\n" . 'for ($_' . $n[1] . '_i = 0; $_' . $n[1] . '_i < $_' . $n[1] . '_count; $_' . $n[1] . '_i++)'; $code_lines[$i] .= "\n" . '{'; } --- 347,353 ---- // current indices of all parent blocks. $varref = $this->generate_block_data_ref($namespace, false); // Create the for loop code to iterate over this block. ! $code_lines[$i] = '$_' . $n[1] . '_count = ( isset(' . $varref . ') ) ? sizeof(' . $varref . ') : 0;'; $code_lines[$i] .= "\n" . 'for ($_' . $n[1] . '_i = 0; $_' . $n[1] . '_i < $_' . $n[1] . '_count; $_' . $n[1] . '_i++)'; $code_lines[$i] .= "\n" . '{'; } *************** *** 475,478 **** } ! ?> --- 475,478 ---- } ! ?> \ No newline at end of file diff -crN phpbb201/includes/topic_review.php phpbb2017/includes/topic_review.php *** phpbb201/includes/topic_review.php Sat Jul 10 20:16:15 2004 --- phpbb2017/includes/topic_review.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: topic_review.php,v 1.5.2.1 2002/05/03 15:58:35 the_systech Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: topic_review.php,v 1.5.2.4 2005/05/06 20:50:12 acydburn Exp $ * * ***************************************************************************/ *************** *** 30,38 **** if ( !$is_inline_review ) { ! if ( !isset($topic_id) ) { ! message_die(GENERAL_MESSAGE, 'Topic_not_exist'); } // --- 30,38 ---- if ( !$is_inline_review ) { ! if ( !isset($topic_id) || !$topic_id) { ! message_die(GENERAL_MESSAGE, 'Topic_post_not_exist'); } // *************** *** 51,56 **** --- 51,57 ---- { message_die(GENERAL_MESSAGE, 'Topic_post_not_exist'); } + $db->sql_freeresult($result); $forum_id = $forum_row['forum_id']; $topic_title = $forum_row['topic_title']; *************** *** 207,212 **** --- 208,214 ---- { message_die(GENERAL_MESSAGE, 'Topic_post_not_exist', '', __LINE__, __FILE__, $sql); } + $db->sql_freeresult($result); $template->assign_vars(array( 'L_AUTHOR' => $lang['Author'], *************** *** 223,226 **** } } ! ?> --- 225,228 ---- } } ! ?> \ No newline at end of file diff -crN phpbb201/includes/usercp_activate.php phpbb2017/includes/usercp_activate.php *** phpbb201/includes/usercp_activate.php Sat Jul 10 20:16:15 2004 --- phpbb2017/includes/usercp_activate.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: usercp_activate.php,v 1.6.2.3 2002/05/20 00:21:38 psotfx Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: usercp_activate.php,v 1.6.2.8 2005/07/19 20:01:16 acydburn Exp $ * * ***************************************************************************/ *************** *** 27,33 **** exit; } ! $sql = "SELECT user_active, user_id, user_email, user_newpasswd, user_lang, user_actkey FROM " . USERS_TABLE . " WHERE user_id = " . intval($HTTP_GET_VARS[POST_USERS_URL]); if ( !($result = $db->sql_query($sql)) ) --- 27,33 ---- exit; } ! $sql = "SELECT user_active, user_id, username, user_email, user_newpasswd, user_lang, user_actkey FROM " . USERS_TABLE . " WHERE user_id = " . intval($HTTP_GET_VARS[POST_USERS_URL]); if ( !($result = $db->sql_query($sql)) ) *************** *** 37,43 **** if ( $row = $db->sql_fetchrow($result) ) { ! if ( $row['user_active'] && $row['user_actkey'] == '' ) { $template->assign_vars(array( 'META' => '') --- 37,43 ---- if ( $row = $db->sql_fetchrow($result) ) { ! if ( $row['user_active'] && trim($row['user_actkey']) == '' ) { $template->assign_vars(array( 'META' => '') *************** *** 45,52 **** message_die(GENERAL_MESSAGE, $lang['Already_activated']); } ! else if ( $row['user_actkey'] == $HTTP_GET_VARS['act_key'] ) { $sql_update_pass = ( $row['user_newpasswd'] != '' ) ? ", user_password = '" . str_replace("\'", "''", $row['user_newpasswd']) . "', user_newpasswd = ''" : ''; $sql = "UPDATE " . USERS_TABLE . " --- 45,57 ---- message_die(GENERAL_MESSAGE, $lang['Already_activated']); } ! else if ((trim($row['user_actkey']) == trim($HTTP_GET_VARS['act_key'])) && (trim($row['user_actkey']) != '')) { + if (intval($board_config['require_activation']) == USER_ACTIVATION_ADMIN && $userdata['user_level'] != ADMIN) + { + message_die(GENERAL_MESSAGE, $lang['Not_Authorised']); + } + $sql_update_pass = ( $row['user_newpasswd'] != '' ) ? ", user_password = '" . str_replace("\'", "''", $row['user_newpasswd']) . "', user_newpasswd = ''" : ''; $sql = "UPDATE " . USERS_TABLE . " *************** *** 57,79 **** message_die(GENERAL_ERROR, 'Could not update users table', '', __LINE__, __FILE__, $sql_update); } ! if ( $board_config['require_activation'] == USER_ACTIVATION_ADMIN && $sql_update_pass == '' ) { include($phpbb_root_path . 'includes/emailer.'.$phpEx); $emailer = new emailer($board_config['smtp_delivery']); ! $email_headers = 'From: ' . $board_config['board_email'] . "\nReturn-Path: " . $board_config['board_email'] . "\n"; $emailer->use_template('admin_welcome_activated', $row['user_lang']); $emailer->email_address($row['user_email']); ! $emailer->set_subject();//$lang['Account_activated_subject'] ! $emailer->extra_headers($email_headers); $emailer->assign_vars(array( 'SITENAME' => $board_config['sitename'], ! 'USERNAME' => $username, 'PASSWORD' => $password_confirm, ! 'EMAIL_SIG' => str_replace('
', "\n", "-- \n" . $board_config['board_email_sig'])) ); $emailer->send(); $emailer->reset(); --- 62,84 ---- message_die(GENERAL_ERROR, 'Could not update users table', '', __LINE__, __FILE__, $sql_update); } ! if ( intval($board_config['require_activation']) == USER_ACTIVATION_ADMIN && $sql_update_pass == '' ) { include($phpbb_root_path . 'includes/emailer.'.$phpEx); $emailer = new emailer($board_config['smtp_delivery']); ! $emailer->from($board_config['board_email']); ! $emailer->replyto($board_config['board_email']); $emailer->use_template('admin_welcome_activated', $row['user_lang']); $emailer->email_address($row['user_email']); ! $emailer->set_subject($lang['Account_activated_subject']); $emailer->assign_vars(array( 'SITENAME' => $board_config['sitename'], ! 'USERNAME' => $row['username'], 'PASSWORD' => $password_confirm, ! 'EMAIL_SIG' => (!empty($board_config['board_email_sig'])) ? str_replace('
', "\n", "-- \n" . $board_config['board_email_sig']) : '') ); $emailer->send(); $emailer->reset(); diff -crN phpbb201/includes/usercp_avatar.php phpbb2017/includes/usercp_avatar.php *** phpbb201/includes/usercp_avatar.php Sat Jul 10 20:16:15 2004 --- phpbb2017/includes/usercp_avatar.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: usercp_avatar.php,v 1.8.2.4 2002/05/12 15:57:45 psotfx Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: usercp_avatar.php,v 1.8.2.21 2005/07/19 20:01:16 acydburn Exp $ * * ***************************************************************************/ *************** *** 51,59 **** { global $board_config, $userdata; if ( $avatar_type == USER_AVATAR_UPLOAD && $avatar_file != '' ) { ! if ( @file_exists('./' . $board_config['avatar_path'] . '/' . $avatar_file) ) { @unlink('./' . $board_config['avatar_path'] . '/' . $avatar_file); } --- 51,60 ---- { global $board_config, $userdata; + $avatar_file = basename($avatar_file); if ( $avatar_type == USER_AVATAR_UPLOAD && $avatar_file != '' ) { ! if ( @file_exists(@phpbb_realpath('./' . $board_config['avatar_path'] . '/' . $avatar_file)) ) { @unlink('./' . $board_config['avatar_path'] . '/' . $avatar_file); } *************** *** 64,80 **** function user_avatar_gallery($mode, &$error, &$error_msg, $avatar_filename) { ! return ( $mode == 'editprofile' ) ? ", user_avatar = '" . str_replace("\'", "''", $avatar_filename) . "', user_avatar_type = " . USER_AVATAR_GALLERY : ''; } function user_avatar_url($mode, &$error, &$error_msg, $avatar_filename) { ! if ( !preg_match('#^http:\/\/#i', $avatar_filename) ) { $avatar_filename = 'http://' . $avatar_filename; } ! if ( !preg_match('#^(http:\/\/[a-z0-9\-]+?\.([a-z0-9\-]+\.)*[a-z]+(:[0-9]+)*\/[^\"]*?\.(gif|jpg|jpeg|png)$)#is', $avatar_filename) ) { $error = true; $error_msg = ( !empty($error_msg) ) ? $error_msg . '
' . $lang['Wrong_remote_avatar_format'] : $lang['Wrong_remote_avatar_format']; --- 65,99 ---- function user_avatar_gallery($mode, &$error, &$error_msg, $avatar_filename) { ! global $board_config; ! ! $avatar_filename = str_replace(array('../', '..\\', './', '.\\'), '', $avatar_filename); ! if ($avatar_filename{0} == '/' || $avatar_filename{0} == "\\") ! { ! return ''; ! } ! ! if ( file_exists(@phpbb_realpath($board_config['avatar_gallery_path'] . '/' . $avatar_filename)) && ($mode == 'editprofile') ) ! { ! $return = ", user_avatar = '" . str_replace("\'", "''", $avatar_filename) . "', user_avatar_type = " . USER_AVATAR_GALLERY; ! } ! else ! { ! $return = ''; ! } ! return $return; } function user_avatar_url($mode, &$error, &$error_msg, $avatar_filename) { ! global $lang; ! ! if ( !preg_match('#^(http)|(ftp):\/\/#i', $avatar_filename) ) { $avatar_filename = 'http://' . $avatar_filename; } ! if ( !preg_match("#^((ht|f)tp://)([^ \?&=\#\"\n\r\t<]*?(\.(jpg|jpeg|gif|png))$)#is", $avatar_filename) ) { $error = true; $error_msg = ( !empty($error_msg) ) ? $error_msg . '
' . $lang['Wrong_remote_avatar_format'] : $lang['Wrong_remote_avatar_format']; *************** *** 87,93 **** function user_avatar_upload($mode, $avatar_mode, &$current_avatar, &$current_type, &$error, &$error_msg, $avatar_filename, $avatar_realname, $avatar_filesize, $avatar_filetype) { ! global $board_config, $user_ip, $db, $lang; $ini_val = ( @phpversion() >= '4.0.0' ) ? 'ini_get' : 'get_cfg_var'; --- 106,112 ---- function user_avatar_upload($mode, $avatar_mode, &$current_avatar, &$current_type, &$error, &$error_msg, $avatar_filename, $avatar_realname, $avatar_filesize, $avatar_filetype) { ! global $board_config, $db, $lang; $ini_val = ( @phpversion() >= '4.0.0' ) ? 'ini_get' : 'get_cfg_var'; *************** *** 121,127 **** } @fclose($fsock); ! if ( !preg_match('/Content-Length\: ([0-9]+)[^\/ ][\s]+/i', $avatar_data, $file_data1) || !preg_match('/Content-Type\: image\/[x\-]*([a-z]+)[\s]+/i', $avatar_data, $file_data2) ) { $error = true; $error_msg = ( !empty($error_msg) ) ? $error_msg . '
' . $lang['File_no_data'] : $lang['File_no_data']; --- 140,146 ---- } @fclose($fsock); ! if (!preg_match('#Content-Length\: ([0-9]+)[^ /][\s]+#i', $avatar_data, $file_data1) || !preg_match('#Content-Type\: image/[x\-]*([a-z]+)[\s]+#i', $avatar_data, $file_data2)) { $error = true; $error_msg = ( !empty($error_msg) ) ? $error_msg . '
' . $lang['File_no_data'] : $lang['File_no_data']; *************** *** 136,142 **** $avatar_data = substr($avatar_data, strlen($avatar_data) - $avatar_filesize, $avatar_filesize); $tmp_path = ( !@$ini_val('safe_mode') ) ? '/tmp' : './' . $board_config['avatar_path'] . '/tmp'; ! $tmp_filename = tempnam($tmp_path, uniqid($user_ip) . '-'); $fptr = @fopen($tmp_filename, 'wb'); $bytes_written = @fwrite($fptr, $avatar_data, $avatar_filesize); --- 155,161 ---- $avatar_data = substr($avatar_data, strlen($avatar_data) - $avatar_filesize, $avatar_filesize); $tmp_path = ( !@$ini_val('safe_mode') ) ? '/tmp' : './' . $board_config['avatar_path'] . '/tmp'; ! $tmp_filename = tempnam($tmp_path, uniqid(rand()) . '-'); $fptr = @fopen($tmp_filename, 'wb'); $bytes_written = @fwrite($fptr, $avatar_data, $avatar_filesize); *************** *** 158,164 **** $error_msg = ( !empty($error_msg) ) ? $error_msg . '
' . $l_avatar_size : $l_avatar_size; } } ! else if ( $avatar_mode == 'local' && file_exists($avatar_filename) && preg_match('/\.(jpg|jpeg|gif|png)$/i', $avatar_realname) ) { if ( $avatar_filesize <= $board_config['avatar_filesize'] && $avatar_filesize > 0 ) { --- 177,183 ---- $error_msg = ( !empty($error_msg) ) ? $error_msg . '
' . $l_avatar_size : $l_avatar_size; } } ! else if ( ( file_exists(@phpbb_realpath($avatar_filename)) ) && preg_match('/\.(jpg|jpeg|gif|png)$/i', $avatar_realname) ) { if ( $avatar_filesize <= $board_config['avatar_filesize'] && $avatar_filesize > 0 ) { *************** *** 182,194 **** return; } ! if ( $width <= $board_config['avatar_max_width'] && $height <= $board_config['avatar_max_height'] ) { ! $new_filename = uniqid($user_ip) . $imgtype; if ( $mode == 'editprofile' && $current_type == USER_AVATAR_UPLOAD && $current_avatar != '' ) { ! if ( file_exists('./' . $board_config['avatar_path'] . '/' . $current_avatar) ) { @unlink('./' . $board_config['avatar_path'] . '/' . $current_avatar); } --- 201,213 ---- return; } ! if ( $width > 0 && $height > 0 && $width <= $board_config['avatar_max_width'] && $height <= $board_config['avatar_max_height'] ) { ! $new_filename = uniqid(rand()) . $imgtype; if ( $mode == 'editprofile' && $current_type == USER_AVATAR_UPLOAD && $current_avatar != '' ) { ! if ( file_exists(@phpbb_realpath('./' . $board_config['avatar_path'] . '/' . $current_avatar)) ) { @unlink('./' . $board_config['avatar_path'] . '/' . $current_avatar); } *************** *** 215,220 **** --- 234,243 ---- $move_file = 'copy'; } + if (!is_uploaded_file($avatar_filename)) + { + message_die(GENERAL_ERROR, 'Unable to upload file', '', __LINE__, __FILE__); + } $move_file($avatar_filename, './' . $board_config['avatar_path'] . "/$new_filename"); } *************** *** 233,239 **** return $avatar_sql; } ! function display_avatar_gallery($mode, &$category, &$user_id, &$email, &$current_email, &$coppa, &$username, &$email, &$new_password, &$cur_password, &$password_confirm, &$icq, &$aim, &$msn, &$yim, &$website, &$location, &$occupation, &$interests, &$signature, &$viewemail, &$notifypm, &$popuppm, &$notifyreply, &$attachsig, &$allowhtml, &$allowbbcode, &$allowsmilies, &$hideonline, &$style, &$language, &$timezone, &$dateformat) { global $board_config, $db, $template, $lang, $images, $theme; global $phpbb_root_path, $phpEx; --- 256,262 ---- return $avatar_sql; } ! function display_avatar_gallery($mode, &$category, &$user_id, &$email, &$current_email, &$coppa, &$username, &$email, &$new_password, &$cur_password, &$password_confirm, &$icq, &$aim, &$msn, &$yim, &$website, &$location, &$occupation, &$interests, &$signature, &$viewemail, &$notifypm, &$popup_pm, &$notifyreply, &$attachsig, &$allowhtml, &$allowbbcode, &$allowsmilies, &$hideonline, &$style, &$language, &$timezone, &$dateformat, &$session_id) { global $board_config, $db, $template, $lang, $images, $theme; global $phpbb_root_path, $phpEx; *************** *** 309,317 **** } } ! $params = array('coppa', 'user_id', 'username', 'email', 'current_email', 'cur_password', 'new_password', 'password_confirm', 'icq', 'aim', 'msn', 'yim', 'website', 'location', 'occupation', 'interests', 'signature', 'viewemail', 'notifypm', 'popuppm', 'notifyreply', 'attachsig', 'allowhtml', 'allowbbcode', 'allowsmilies', 'hideonline', 'style', 'language', 'timezone', 'dateformat'); ! $s_hidden_vars = ''; for($i = 0; $i < count($params); $i++) { --- 332,340 ---- } } ! $params = array('coppa', 'user_id', 'username', 'email', 'current_email', 'cur_password', 'new_password', 'password_confirm', 'icq', 'aim', 'msn', 'yim', 'website', 'location', 'occupation', 'interests', 'signature', 'viewemail', 'notifypm', 'popup_pm', 'notifyreply', 'attachsig', 'allowhtml', 'allowbbcode', 'allowsmilies', 'hideonline', 'style', 'language', 'timezone', 'dateformat'); ! $s_hidden_vars = ''; for($i = 0; $i < count($params); $i++) { *************** *** 333,336 **** return; } ! ?> --- 356,359 ---- return; } ! ?> \ No newline at end of file diff -crN phpbb201/includes/usercp_confirm.php phpbb2017/includes/usercp_confirm.php *** phpbb201/includes/usercp_confirm.php Thu Jan 1 01:00:00 1970 --- phpbb2017/includes/usercp_confirm.php Tue Jul 19 22:14:56 2005 *************** *** 0 **** --- 1,435 ---- + sql_query($sql); + + // If we have a row then grab data else create a new id + if ($row = $db->sql_fetchrow($result)) + { + $db->sql_freeresult($result); + $code = $row['code']; + } + else + { + exit; + } + + // If we can we will generate a single filtered png else we will have to simply + // output six seperate original pngs ... first way is preferable! + if (@extension_loaded('zlib')) + { + $_png = define_filtered_pngs(); + + $total_width = 320; + $total_height = 50; + $img_height = 40; + $img_width = 0; + $l = 0; + + list($usec, $sec) = explode(' ', microtime()); + mt_srand($sec * $usec); + + $char_widths = array(); + for ($i = 0; $i < strlen($code); $i++) + { + $char = $code{$i}; + + $width = mt_rand(0, 4); + $char_widths[] = $width; + $img_width += $_png[$char]['width'] - $width; + } + + $offset_x = mt_rand(0, $total_width - $img_width); + $offset_y = mt_rand(0, $total_height - $img_height); + + $image = ''; + $hold_chars = array(); + for ($i = 0; $i < $total_height; $i++) + { + $image .= chr(0); + + if ($i > $offset_y && $i < $offset_y + $img_height) + { + $j = 0; + + for ($k = 0; $k < $offset_x; $k++) + { + $image .= chr(mt_rand(140, 255)); + } + + for ($k = 0; $k < strlen($code); $k++) + { + $char = $code{$k}; + + if (empty($hold_chars[$char])) + { + $hold_chars[$char] = explode("\n", chunk_split(base64_decode($_png[$char]['data']), $_png[$char]['width'] + 1, "\n")); + } + $image .= randomise(substr($hold_chars[$char][$l], 1), $char_widths[$j]); + $j++; + } + + for ($k = $offset_x + $img_width; $k < $total_width; $k++) + { + $image .= chr(mt_rand(140, 255)); + } + + $l++; + } + else + { + for ($k = 0; $k < $total_width; $k++) + { + $image .= chr(mt_rand(140, 255)); + } + } + + } + unset($hold); + + $image = create_png(gzcompress($image), $total_width, $total_height); + + // Output image + header('Content-Type: image/png'); + header('Cache-control: no-cache, no-store'); + echo $image; + + unset($image); + unset($_png); + exit; + + } + else + { + if (!empty($HTTP_GET_VARS['c'])) + { + $_png = define_raw_pngs(); + + $char = substr($code, intval($HTTP_GET_VARS['c']) - 1, 1); + header('Content-Type: image/png'); + header('Cache-control: no-cache, no-store'); + echo base64_decode($_png[$char]); + + unset($_png); + exit; + } + } + + exit; + + // This is designed to randomise the pixels of the image data within + // certain limits so as to keep it readable. It also varies the image + // width a little + function randomise($scanline, $width) + { + $new_line = ''; + $start = floor($width/2); + $end = strlen($scanline) - ceil($width/2); + + for ($i = $start; $i < $end; $i++) + { + $pixel = ord($scanline{$i}); + + if ($pixel < 190) + { + $new_line .= chr(mt_rand(0, 205)); + } + else if ($pixel > 190) + { + $new_line .= chr(mt_rand(145, 255)); + } + else + { + $new_line .= $scanline{$i}; + } + } + + return $new_line; + } + + // This creates a chunk of the given type, with the given data + // of the given length adding the relevant crc + function png_chunk($length, $type, $data) + { + $raw = $type; + $raw .= $data; + $crc = crc32($raw); + $raw .= pack('C4', $crc >> 24, $crc >> 16, $crc >> 8, $crc); + + return pack('C4', $length >> 24, $length >> 16, $length >> 8, $length) . $raw; + } + + // Creates greyscale 8bit png - The PNG spec can be found at + // http://www.libpng.org/pub/png/spec/PNG-Contents.html we use + // png because it's a fully recognised open standard and supported + // by practically all modern browsers and OSs + function create_png($gzimage, $width, $height) + { + // SIG + $image = pack('C8', 137, 80, 78, 71, 13, 10, 26, 10); + // IHDR + $raw = pack('C4', $width >> 24, $width >> 16, $width >> 8, $width); + $raw .= pack('C4', $height >> 24, $height >> 16, $height >> 8, $height); + $raw .= pack('C5', 8, 0, 0, 0, 0); + $image .= png_chunk(13, 'IHDR', $raw); + // IDAT + $image .= png_chunk(strlen($gzimage), 'IDAT', $gzimage); + // IEND + $image .= png_chunk(0, 'IEND', ''); + + return $image; + } + + // Each 'data' element is base64_encoded uncompressed IDAT + // png image data + function define_filtered_pngs() + { + $_png = array( + '0' => array( + 'data' => 'AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A///////////////////olFAkBAAAGDyA4P///M31/////////////wD////////////////0dAgAAAAAAAAAAAAEcPipFGHn////////////AP//////////////6DAAAAAAAAAAAAAAAAAALSEAN+T///////////8A//////////////xAAAAAAAAAAAAAAAAAAAAAACPA/////////////wD/////////////oAAAAAAAAAAAAAAAAAAAAAAAev//////////////AP////////////8oAAAAAAAAPNj/zDAAAAAAAABD//////////////8A////////////1AAAAAAAABjw////5BAAAAAAAADo/////////////wD///////////+QAAAAAAAAbP//////QgAAAAAAAKj/////////////AP///////////1wAAAAAAACs/////8AXAAAAAAAAcP////////////8A////////////OAAAAAAAAND////dNwAAAAAAAABI/////////////wD///////////8gAAAAAAAA4P//7koACwAAAAAAACT/////////////AP///////////wgAAAAAAAD///VqAwaPAAAAAAAAEP////////////8A////////////AAAAAAAAAP/8kQYDavUAAAAAAAAA/////////////wD///////////8AAAAAAAAA/6kNAEru/wAAAAAAAAD/////////////AP///////////wAAAAAAAADAIwA33f//AAAAAAAAAP////////////8A////////////FAAAAAAAADYAI8D///8AAAAAAAAQ/////////////wD///////////8kAAAAAAAAAA2p////5AAAAAAAACD/////////////AP///////////0gAAAAAAAAFkfz////UAAAAAAAAQP////////////8A////////////cAAAAAAAAET1/////7AAAAAAAABo/////////////wD///////////+oAAAAAAAAXfX/////sAAAAAAAAGj/////////////AAAAALgAAAAAAAAwAAAAAAAAAAAAAAD////////////oAAAAAAAACOT////oEAAAAAAAAOD/////////////AP////////////8+AAAAAAAAKMz/zDQAAAAAAAA0//////////////8A////////////7jgAAAAAAAAAAAAAAAAAAAAAAKT//////////////wD///////////VqAwIAAAAAAAAAAAAAAAAAAAA8////////////////AP//////////rQcDaVEAAAAAAAAAAAAAAAAAKOj///////////////8A///////////nblnu/IAIAAAAAAAAAAAAAFzw/////////////////wD////////////79////+iITCAAAAAgSITg////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////w==', + 'width' => 40 + ), + '1' => array( + 'data' => 'AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////8BAAAAAAAP//////////////////AP////////////////////////9sAAAAAAAA//////////////////8A////////////////////////pAAAAAAAAAD//////////////////wD//////////////////////6wEAAAAAAAAAP//////////////////AP////////////////////h4AAAAAAAAAAAA//////////////////8A//////////////////ygJAAAAAAAAAAAAAD//////////////////wD//////////////9x8HAAAAAAAAAAAAAAAAP//////////////////AP//////////////AAAAAAAAAAAAAAAAAAAA//////////////////8A//////////////8AAAAAAAAAAAAAAAAAAAD//////////////////wD//////////////wAAAAAAAAR4AAAAAAAAAP//////////////////AP//////////////AAAAAAA4zP8AAAAAAAAA//////////////////8A//////////////8AAAA4sP///wAAAAAAAAD//////////////////wD//////////////yR80P//////AAAAAAAAAP//////////////////AP////////////////////////8AAAAAAAAA//////////////////8A/////////////////////////wAAAAAAAAD//////////////////wD/////////////////////////AAAAAAAAAP//////////////////AP////////////////////////8AAAAAAAAA//////////////////8A/////////////////////////wAAAAAAAAD//////////////////wD/////////////////////////AAAAAAAAAP//////////////////AP////////////////////////8AAAAAAAAA//////////////////8A/////////////////////////wAAAAAAAAD//////////////////wD/////////////////////////AAAAAAAAAP//////////////////AP////////////////////////8AAAAAAAAA//////////////////8A/////////////////////////wAAAAAAAAD//////////////////wD/////////////////////////AAAAAAAAAP//////////////////AP////////////////////////8AAAAAAAAA//////////////////8A/////////////////////////wAAAAAAAAD//////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8=', + 'width' => 40 + ), + '2' => array( + 'data' => 'AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP/////////////////okFAkCAAABCBIfNT///////////////////8A///////////////8hAgAAAAAAAAAAAAAAFTo/////////////////wD//////////////1QAAAAAAAAAAAAAAAAAACjo////////////////AP////////////+MAAAAAAAAAAAAAAAAAAAAADj///////////////8A////////////9BAAAAAAAAAAAAAAAAAAAAAAALD//////////////wD///////////+gAAAAAAAAAHjs+KwMAAAAAAAAVP//////////////AP///////////1gAAAAAAABM/////6QAAAAAAAAU//////////////8A////////////KAAAAAAAALj/////+AAAAAAAAAD//////////////wD///////////+MfGBMOCAI8P/////wAAAAAAAACP//////////////AP///////////////////////////5wAAAAAAAAw//////////////8A///////////////////////////oFAAAAAAAAHz//////////////wD/////////////////////////6CgAAAAAAAAE3P//////////////AP///////////////////////9ggAAAAAAAAAHT///////////////8A//////////////////////+0DAAAAAAAAAA8+P///////////////wD/////////////////////gAAAAAAAAAAAKOj/////////////////AP//////////////////9FAAAAAAAAAAADzw//////////////////8A/////////////////+g4AAAAAAAAAABk/P///////////////////wD////////////////oKAAAAAAAAAAMqP//////////////////////AP//////////////6CgAAAAAAAAAMNz///////////////////////8A//////////////g4AAAAAAAAAFT0/////////////////////////wD/////////////bAAAAAAAAABU/P//////////////////////////AP///////////8wAAAAAAAAAAAAAAAAAAAAAAAAA//////////////8A////////////SAAAAAAAAAAAAAAAAAAAAAAAAAD//////////////wD//////////9wAAAAAAAAAAAAAAAAAAAAAAAAAAP//////////////AP//////////hAAAAAAAAAAAAAAAAAAAAAAAAAAA//////////////8A//////////9AAAAAAAAAAAAAAAAAAAAAAAAAAAD//////////////wD//////////xAAAAAAAAAAAAAAAAAAAAAAAAAAAP//////////////AP////////////////////////////////////////////////////8=', + 'width' => 40 + ), + '3' => array( + 'data' => 'AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD////////////////8sGg0FAAAACA4cLz8////////////////////AP//////////////rBgAAAAAAAAAAAAAACTA//////////////////8A/////////////3QAAAAAAAAAAAAAAAAAAASs/////////////////wD///////////+YAAAAAAAAAAAAAAAAAAAAAAjc////////////////AP//////////6AwAAAAAAAAAAAAAAAAAAAAAAGT///////////////8A//////////94AAAAAAAABJDw/8g4AAAAAAAAHP///////////////wD//////////yAAAAAAAACE/////9gAAAAAAAAA////////////////AP///////////NSwiGQ4FOT//////AAAAAAAABD///////////////8A//////////////////////////+YAAAAAAAAVP///////////////wD//////////////////////P/ggAQAAAAAAATM////////////////AP////////////////////9gAAAAAAAAAAAElP////////////////8A/////////////////////0AAAAAAAAAAHLj//////////////////wD/////////////////////OAAAAAAAAAAwkPj/////////////////AP////////////////////8gAAAAAAAAAAAAINj///////////////8A/////////////////////xAAAAAAAAAAAAAAIPD//////////////wD/////////////////////uOz/4HgEAAAAAAAAhP//////////////AP///////////////////////////3wAAAAAAAAw//////////////8A////////////////////////////6AAAAAAAAAj//////////////wD/////////////////////////////AAAAAAAAAP//////////////AP//////////tJh8YEQoDNz//////+AAAAAAAAAY//////////////8A//////////88AAAAAAAAaP//////dAAAAAAAAEz//////////////wD//////////6QAAAAAAAAAdOD/5HQAAAAAAAAApP//////////////AP///////////CgAAAAAAAAAAAAAAAAAAAAAACD4//////////////8A////////////yAQAAAAAAAAAAAAAAAAAAAAEuP///////////////wD/////////////rAQAAAAAAAAAAAAAAAAABJD/////////////////AP//////////////zDQAAAAAAAAAAAAAACTA//////////////////8A/////////////////8BwOCAAAAAUNGi0/P///////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8=', + 'width' => 40 + ), + '4' => array( + 'data' => 'AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP//////////////////////////nAAAAAAAAAD///////////////8A/////////////////////////8AEAAAAAAAAAP///////////////wD////////////////////////gGAAAAAAAAAAA////////////////AP//////////////////////9DAAAAAAAAAAAAD///////////////8A//////////////////////9UAAAAAAAAAAAAAP///////////////wD/////////////////////hAAAAAAAAAAAAAAA////////////////AP///////////////////7QAAAAAAAAAAAAAAAD///////////////8A///////////////////UDAAAAAAUAAAAAAAAAP///////////////wD/////////////////7CQAAAAABMAAAAAAAAAA////////////////AP////////////////xEAAAAAACU/wAAAAAAAAD///////////////8A////////////////cAAAAAAAZP//AAAAAAAAAP///////////////wD//////////////6AAAAAAADz8//8AAAAAAAAA////////////////AP/////////////IBAAAAAAc6P///wAAAAAAAAD///////////////8A////////////5BgAAAAADMz/////AAAAAAAAAP///////////////wD///////////g0AAAAAACk//////8AAAAAAAAA////////////////AP//////////XAAAAAAAfP///////wAAAAAAAAD///////////////8A//////////8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP///////////wD//////////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA////////////AP//////////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD///////////8A//////////8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP///////////wD//////////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA////////////AP//////////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD///////////8A////////////////////////////AAAAAAAAAP///////////////wD///////////////////////////8AAAAAAAAA////////////////AP///////////////////////////wAAAAAAAAD///////////////8A////////////////////////////AAAAAAAAAP///////////////wD///////////////////////////8AAAAAAAAA////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8=', + 'width' => 40 + ), + '5' => array( + 'data' => 'AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP//////////////8AAAAAAAAAAAAAAAAAAAAAAA//////////////8A///////////////MAAAAAAAAAAAAAAAAAAAAAAD//////////////wD//////////////6wAAAAAAAAAAAAAAAAAAAAAAP//////////////AP//////////////iAAAAAAAAAAAAAAAAAAAAAAA//////////////8A//////////////9kAAAAAAAAAAAAAAAAAAAAAAD//////////////wD//////////////0QAAAAAAAAAAAAAAAAAAAAAAP//////////////AP//////////////IAAAAAAAYP////////////////////////////8A//////////////wAAAAAAAB8/////////////////////////////wD/////////////3AAAAAAAAIj/////////////////////////////AP////////////+4AAAAAAAAoLRYHAAEKGTE//////////////////8A/////////////5QAAAAAAAAQAAAAAAAAAABY9P///////////////wD/////////////dAAAAAAAAAAAAAAAAAAAAAA89P//////////////AP////////////9QAAAAAAAAAAAAAAAAAAAAAABg//////////////8A/////////////zAAAAAAAAAAAAAAAAAAAAAAAADQ/////////////wD/////////////IAAAAAAAAGjY/+h4BAAAAAAAAGz/////////////AP//////////////9NS0lHSc//////90AAAAAAAALP////////////8A/////////////////////////////9QAAAAAAAAE/////////////wD//////////////////////////////wAAAAAAAAD/////////////AP/////////////////////////////8AAAAAAAAEP////////////8A////////////pIRwWEAgDOD//////8wAAAAAAAA8/////////////wD///////////9EAAAAAAAAaP//////ZAAAAAAAAHz/////////////AP///////////6QAAAAAAAAAaOD/4GQAAAAAAAAE4P////////////8A/////////////CQAAAAAAAAAAAAAAAAAAAAAAGD//////////////wD/////////////yAQAAAAAAAAAAAAAAAAAAAAc7P//////////////AP//////////////rAwAAAAAAAAAAAAAAAAAGNj///////////////8A////////////////0EAAAAAAAAAAAAAAAFTo/////////////////wD//////////////////8h4QCAAAAAcQHzU////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8=', + 'width' => 40 + ), + '6' => array( + 'data' => 'AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD///////////////////+0ZCwMAAAUNGjI////////////////////AP/////////////////EMAAAAAAAAAAAAABM6P////////////////8A////////////////lAQAAAAAAAAAAAAAAAAo6P///////////////wD//////////////6wAAAAAAAAAAAAAAAAAAABI////////////////AP/////////////oEAAAAAAAAAAAAAAAAAAAAACw//////////////8A/////////////3AAAAAAAAAoxP/YPAAAAAAAAEj//////////////wD////////////4EAAAAAAACOD////YDCBAVGiAoP//////////////AP///////////7gAAAAAAABY//////////////////////////////8A////////////eAAAAAAAAJT//////////////////////////////wD///////////9MAAAAAAAAvP/IXBgABCx03P//////////////////AP///////////ygAAAAAAADcdAAAAAAAAAAEiP////////////////8A////////////FAAAAAAAAFAAAAAAAAAAAAAAcP///////////////wD///////////8AAAAAAAAAAAAAAAAAAAAAAAAAlP//////////////AP///////////wAAAAAAAAAAAAAAAAAAAAAAAAAQ8P////////////8A////////////AAAAAAAAAABAyP/kZAAAAAAAAACQ/////////////wD///////////8MAAAAAAAALPj/////WAAAAAAAAET/////////////AP///////////yQAAAAAAACY///////MAAAAAAAAFP////////////8A////////////SAAAAAAAAMD///////wAAAAAAAAA/////////////wD///////////9wAAAAAAAAvP///////wAAAAAAAAD/////////////AP///////////7QAAAAAAACI///////UAAAAAAAAJP////////////8A////////////+AwAAAAAACDw/////2wAAAAAAABY/////////////wD/////////////cAAAAAAAADC8/Ox4AAAAAAAAAKj/////////////AP/////////////oEAAAAAAAAAAAAAAAAAAAAAAk/P////////////8A//////////////+oAAAAAAAAAAAAAAAAAAAABLj//////////////wD///////////////+QAAAAAAAAAAAAAAAAAACQ////////////////AP////////////////+0JAAAAAAAAAAAAAAkuP////////////////8A///////////////////8sGg0FAAADCxgqPz//////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8=', + 'width' => 40 + ), + '7' => array( + 'data' => 'AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD///////////8AAAAAAAAAAAAAAAAAAAAAAAAAAAD/////////////AP///////////wAAAAAAAAAAAAAAAAAAAAAAAAAAAP////////////8A////////////AAAAAAAAAAAAAAAAAAAAAAAAAAAA/////////////wD///////////8AAAAAAAAAAAAAAAAAAAAAAAAAAAD/////////////AP///////////wAAAAAAAAAAAAAAAAAAAAAAAAAABP////////////8A////////////AAAAAAAAAAAAAAAAAAAAAAAAAAy4/////////////wD//////////////////////////+QUAAAAAAAEuP//////////////AP/////////////////////////8QAAAAAAAAKT///////////////8A/////////////////////////4wAAAAAAAB0/////////////////wD////////////////////////cCAAAAAAANPz/////////////////AP///////////////////////0QAAAAAAATY//////////////////8A//////////////////////+0AAAAAAAAeP///////////////////wD//////////////////////CQAAAAAABTw////////////////////AP////////////////////+gAAAAAAAAkP////////////////////8A/////////////////////ywAAAAAABDw/////////////////////wD///////////////////+4AAAAAAAAbP//////////////////////AP///////////////////1wAAAAAAADQ//////////////////////8A///////////////////4DAAAAAAAMP///////////////////////wD//////////////////7QAAAAAAAB8////////////////////////AP//////////////////aAAAAAAAAMj///////////////////////8A//////////////////8oAAAAAAAM/P///////////////////////wD/////////////////8AAAAAAAAET/////////////////////////AP////////////////+0AAAAAAAAcP////////////////////////8A/////////////////4wAAAAAAACY/////////////////////////wD/////////////////WAAAAAAAAMD/////////////////////////AP////////////////80AAAAAAAA4P////////////////////////8A/////////////////xAAAAAAAAD4/////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8=', + 'width' => 40 + ), + '8' => array( + 'data' => 'AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD////////////////////IdDQUAAAEIEiA1P//////////////////AP/////////////////gRAAAAAAAAAAAAAAAROD///////////////8A////////////////0BgAAAAAAAAAAAAAAAAAEMj//////////////wD///////////////AcAAAAAAAAAAAAAAAAAAAAHPD/////////////AP//////////////hAAAAAAAAAAAAAAAAAAAAAAAhP////////////8A//////////////8sAAAAAAAAKMz/zCgAAAAAAAAs/////////////wD//////////////wAAAAAAAADM////zAAAAAAAAAD/////////////AP//////////////BAAAAAAAAP//////AAAAAAAABP////////////8A//////////////8sAAAAAAAAzP///9QAAAAAAAAw/////////////wD//////////////3wAAAAAAAAoyP/YNAAAAAAAAIT/////////////AP//////////////7BgAAAAAAAAAAAAAAAAAAAAc8P////////////8A////////////////xBgAAAAAAAAAAAAAAAAAGNj//////////////wD/////////////////tAQAAAAAAAAAAAAAAACo////////////////AP///////////////HAAAAAAAAAAAAAAAAAAAAB8//////////////8A//////////////9gAAAAAAAAAAAAAAAAAAAAAAB8/////////////wD/////////////wAAAAAAAAABk4P/UWAAAAAAAAATQ////////////AP////////////9UAAAAAAAAaP//////XAAAAAAAAGT///////////8A/////////////xgAAAAAAADg///////cAAAAAAAAJP///////////wD/////////////AAAAAAAAAP////////8AAAAAAAAA////////////AP////////////8AAAAAAAAA4P//////3AAAAAAAAAT///////////8A/////////////ygAAAAAAABg//////9cAAAAAAAALP///////////wD/////////////ZAAAAAAAAABY1P/cXAAAAAAAAABw////////////AP/////////////QAAAAAAAAAAAAAAAAAAAAAAAABNz///////////8A//////////////9gAAAAAAAAAAAAAAAAAAAAAAB0/////////////wD///////////////Q8AAAAAAAAAAAAAAAAAAAAUPz/////////////AP////////////////x4CAAAAAAAAAAAAAAAEIT8//////////////8A///////////////////smFQwGAAAABg0ZKT0/////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8=', + 'width' => 40 + ), + '9' => array( + 'data' => 'AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD///////////////////ysYCwMAAAUNGiw/P//////////////////AP////////////////+4JAAAAAAAAAAAAAAkuP////////////////8A////////////////lAQAAAAAAAAAAAAAAAAAkP///////////////wD//////////////8AEAAAAAAAAAAAAAAAAAAAAqP//////////////AP/////////////8JAAAAAAAAAAAAAAAAAAAAAAQ7P////////////8A/////////////6wAAAAAAAAAfOz8vCwAAAAAAABw/////////////wD/////////////WAAAAAAAAHD/////7BgAAAAAAAz4////////////AP////////////8kAAAAAAAA1P//////hAAAAAAAALT///////////8A/////////////wAAAAAAAAD///////+4AAAAAAAAcP///////////wD/////////////AAAAAAAAAPz//////8AAAAAAAABI////////////AP////////////8UAAAAAAAAzP//////lAAAAAAAACT///////////8A/////////////0QAAAAAAABY//////gsAAAAAAAADP///////////wD/////////////kAAAAAAAAABw5P/IPAAAAAAAAAAA////////////AP/////////////wEAAAAAAAAAAAAAAAAAAAAAAAAAD///////////8A//////////////+UAAAAAAAAAAAAAAAAAAAAAAAAAP///////////wD///////////////9wAAAAAAAAAAAAAFAAAAAAAAAU////////////AP////////////////+IBAAAAAAAAABw3AAAAAAAACj///////////8A///////////////////cdCwEABhcxP+8AAAAAAAATP///////////wD//////////////////////////////5AAAAAAAAB4////////////AP//////////////////////////////UAAAAAAAALj///////////8A//////////////+kgGxUQCAM2P///+AIAAAAAAAQ+P///////////wD//////////////0gAAAAAAAA42P/EKAAAAAAAAHD/////////////AP//////////////sAAAAAAAAAAAAAAAAAAAAAAQ6P////////////8A////////////////TAAAAAAAAAAAAAAAAAAAAKz//////////////wD////////////////oKAAAAAAAAAAAAAAAAASU////////////////AP/////////////////sUAAAAAAAAAAAAAAwxP////////////////8A////////////////////yHA0FAAADCxktP///////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8=', + 'width' => 40 + ), + 'A' => array( + 'data' => 'AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD//////////////////+QAAAAAAAAAAAAAAOT/////////////////AP//////////////////kAAAAAAAAAAAAAAAkP////////////////8A//////////////////88AAAAAAAAAAAAAAA8/////////////////wD/////////////////5AAAAAAAAAAAAAAAAADk////////////////AP////////////////+QAAAAAAAAAAAAAAAAAJD///////////////8A/////////////////zwAAAAAAAAAAAAAAAAAPP///////////////wD////////////////kAAAAAAAAAAgAAAAAAAAA5P//////////////AP///////////////5AAAAAAAAAAgAAAAAAAAACQ//////////////8A////////////////PAAAAAAAAAz8HAAAAAAAADz//////////////wD//////////////+QAAAAAAAAAWP9kAAAAAAAAANz/////////////AP//////////////kAAAAAAAAACk/7wAAAAAAAAAhP////////////8A//////////////88AAAAAAAABOz//BQAAAAAAAAw/////////////wD/////////////4AAAAAAAAAA8////ZAAAAAAAAADc////////////AP////////////+EAAAAAAAAAIj///+8AAAAAAAAAIT///////////8A/////////////zAAAAAAAAAA2P////wQAAAAAAAAMP///////////wD////////////cAAAAAAAAACT//////1wAAAAAAAAA3P//////////AP///////////4QAAAAAAAAAAAAAAAAAAAAAAAAAAACE//////////8A////////////MAAAAAAAAAAAAAAAAAAAAAAAAAAAADD//////////wD//////////9wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANz/////////AP//////////hAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAhP////////8A//////////8wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAw/////////wD/////////3AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADc////////AP////////+EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIT///////8A/////////zAAAAAAAAAAhP///////////2QAAAAAAAAAMP///////wD////////cAAAAAAAAAADM////////////vAAAAAAAAAAA3P//////AP///////4QAAAAAAAAAHP/////////////4DAAAAAAAAACE//////8A////////MAAAAAAAAABk//////////////9cAAAAAAAAADD//////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8=', + 'width' => 40 + ), + 'B' => array( + 'data' => 'AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A//////////8AAAAAAAAAAAAAAAAAAAAAEDh83P///////////////wD//////////wAAAAAAAAAAAAAAAAAAAAAAAAAEhP//////////////AP//////////AAAAAAAAAAAAAAAAAAAAAAAAAAAAeP////////////8A//////////8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAxP///////////wD//////////wAAAAAAAAAAAAAAAAAAAAAAAAAAAABY////////////AP//////////AAAAAAAAAAAAAAAAAAAAAAAAAAAAABT///////////8A//////////8AAAAAAAAAAP/////4zEwAAAAAAAAAAP///////////wD//////////wAAAAAAAAAA////////7AAAAAAAAAAQ////////////AP//////////AAAAAAAAAAD////////sAAAAAAAAAEj///////////8A//////////8AAAAAAAAAAP/////4zEQAAAAAAAAAtP///////////wD//////////wAAAAAAAAAAAAAAAAAAAAAAAAAAAFz/////////////AP//////////AAAAAAAAAAAAAAAAAAAAAAAAAAiA/P////////////8A//////////8AAAAAAAAAAAAAAAAAAAAAAAAIjPj//////////////wD//////////wAAAAAAAAAAAAAAAAAAAAAAAAAAGKz/////////////AP//////////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAJT///////////8A//////////8AAAAAAAAAAAAAAAAAAAAAAAAAAAAABNz//////////wD//////////wAAAAAAAAAA///////sqCAAAAAAAAAAbP//////////AP//////////AAAAAAAAAAD/////////yAAAAAAAAAAs//////////8A//////////8AAAAAAAAAAP//////////AAAAAAAAAAT//////////wD//////////wAAAAAAAAAA/////////7wAAAAAAAAAAP//////////AP//////////AAAAAAAAAAD//////+ikGAAAAAAAAAAY//////////8A//////////8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFT//////////wD//////////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsP//////////AP//////////AAAAAAAAAAAAAAAAAAAAAAAAAAAAADj///////////8A//////////8AAAAAAAAAAAAAAAAAAAAAAAAAAAAc6P///////////wD//////////wAAAAAAAAAAAAAAAAAAAAAAAAAATOj/////////////AP//////////AAAAAAAAAAAAAAAAAAAEIEBkkNj///////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8=', + 'width' => 40 + ), + 'C' => array( + 'data' => 'AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP//////////////////5JRULBAAAAgkTIDQ//////////////////8A////////////////1FAAAAAAAAAAAAAAAABAyP///////////////wD//////////////4gEAAAAAAAAAAAAAAAAAAAElP//////////////AP////////////9wAAAAAAAAAAAAAAAAAAAAAAAAlP////////////8A////////////kAAAAAAAAAAAAAAAAAAAAAAAAAAEyP///////////wD//////////9wIAAAAAAAAAAAAAAAAAAAAAAAAAAAw////////////AP//////////WAAAAAAAAAAAWMz/8JwQAAAAAAAAAACw//////////8A/////////+wEAAAAAAAAAID//////9QMAAAAAAAAAET//////////wD/////////nAAAAAAAAAAo/P///////3wAAAAABDBspP//////////AP////////9gAAAAAAAAAIz/////////3BxQjMT0//////////////8A/////////zQAAAAAAAAAzP///////////////////////////////wD/////////GAAAAAAAAADo////////////////////////////////AP////////8AAAAAAAAAAP////////////////////////////////8A/////////wAAAAAAAAAA/////////////////////////////////wD/////////AAAAAAAAAAD/////////////////////////////////AP////////8cAAAAAAAAAOj///////////////////////////////8A/////////zgAAAAAAAAA0P/////////kIGio7P///////////////wD/////////bAAAAAAAAACg/////////5wAAAAAMHS49P//////////AP////////+oAAAAAAAAAEz/////////PAAAAAAAAAAc//////////8A//////////QIAAAAAAAAALz//////6QAAAAAAAAAAGT//////////wD//////////3AAAAAAAAAADIzo/+SEBAAAAAAAAAAAyP//////////AP//////////7BAAAAAAAAAAAAAAAAAAAAAAAAAAAED///////////8A////////////rAAAAAAAAAAAAAAAAAAAAAAAAAAE0P///////////wD/////////////fAAAAAAAAAAAAAAAAAAAAAAAAJz/////////////AP//////////////iAQAAAAAAAAAAAAAAAAAAASY//////////////8A////////////////yEAAAAAAAAAAAAAAAAA8yP///////////////wD//////////////////9yIUCwQAAAAIEB4yP//////////////////AP////////////////////////////////////////////////////8=', + 'width' => 40 + ), + 'D' => array( + 'data' => 'AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD///////////8AAAAAAAAAAAAAAAAADChQkOT/////////////////AP///////////wAAAAAAAAAAAAAAAAAAAAAABGjw//////////////8A////////////AAAAAAAAAAAAAAAAAAAAAAAAACDY/////////////wD///////////8AAAAAAAAAAAAAAAAAAAAAAAAAABjk////////////AP///////////wAAAAAAAAAAAAAAAAAAAAAAAAAAAED///////////8A////////////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAKj//////////wD///////////8AAAAAAAAAAP///+isSAAAAAAAAAAANP//////////AP///////////wAAAAAAAAAA////////hAAAAAAAAAAA2P////////8A////////////AAAAAAAAAAD/////////MAAAAAAAAACQ/////////wD///////////8AAAAAAAAAAP////////+MAAAAAAAAAFj/////////AP///////////wAAAAAAAAAA/////////8gAAAAAAAAAMP////////8A////////////AAAAAAAAAAD/////////5AAAAAAAAAAY/////////wD///////////8AAAAAAAAAAP//////////AAAAAAAAAAD/////////AP///////////wAAAAAAAAAA//////////8AAAAAAAAAAP////////8A////////////AAAAAAAAAAD//////////wAAAAAAAAAA/////////wD///////////8AAAAAAAAAAP/////////wAAAAAAAAABD/////////AP///////////wAAAAAAAAAA/////////9QAAAAAAAAAJP////////8A////////////AAAAAAAAAAD/////////qAAAAAAAAABI/////////wD///////////8AAAAAAAAAAP////////9QAAAAAAAAAHj/////////AP///////////wAAAAAAAAAA////////uAAAAAAAAAAAvP////////8A////////////AAAAAAAAAAD////w0HwEAAAAAAAAACT8/////////wD///////////8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAoP//////////AP///////////wAAAAAAAAAAAAAAAAAAAAAAAAAAADz8//////////8A////////////AAAAAAAAAAAAAAAAAAAAAAAAAAAY6P///////////wD///////////8AAAAAAAAAAAAAAAAAAAAAAAAAKNz/////////////AP///////////wAAAAAAAAAAAAAAAAAAAAAACHT0//////////////8A////////////AAAAAAAAAAAAAAAAABg4bKj0/////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8=', + 'width' => 40 + ), + 'E' => array( + 'data' => 'AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP//////////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAP////////////8A//////////8AAAAAAAAAAAAAAAAAAAAAAAAAAAAA/////////////wD//////////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/////////////AP//////////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAP////////////8A//////////8AAAAAAAAAAAAAAAAAAAAAAAAAAAAA/////////////wD//////////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/////////////AP//////////AAAAAAAAAAD///////////////////////////////8A//////////8AAAAAAAAAAP///////////////////////////////wD//////////wAAAAAAAAAA////////////////////////////////AP//////////AAAAAAAAAAD///////////////////////////////8A//////////8AAAAAAAAAAAAAAAAAAAAAAAAAAAD//////////////wD//////////wAAAAAAAAAAAAAAAAAAAAAAAAAAAP//////////////AP//////////AAAAAAAAAAAAAAAAAAAAAAAAAAAA//////////////8A//////////8AAAAAAAAAAAAAAAAAAAAAAAAAAAD//////////////wD//////////wAAAAAAAAAAAAAAAAAAAAAAAAAAAP//////////////AP//////////AAAAAAAAAAAAAAAAAAAAAAAAAAAA//////////////8A//////////8AAAAAAAAAAP///////////////////////////////wD//////////wAAAAAAAAAA////////////////////////////////AP//////////AAAAAAAAAAD///////////////////////////////8A//////////8AAAAAAAAAAP///////////////////////////////wD//////////wAAAAAAAAAA////////////////////////////////AP//////////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAP////////////8A//////////8AAAAAAAAAAAAAAAAAAAAAAAAAAAAA/////////////wD//////////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/////////////AP//////////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAP////////////8A//////////8AAAAAAAAAAAAAAAAAAAAAAAAAAAAA/////////////wD//////////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/////////////AP////////////////////////////////////////////////////8=', + 'width' => 40 + ), + 'F' => array( + 'data' => 'AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////wAAAAAAAAAAAAAAAAAAAAAAAAAA/////////////wD/////////////AAAAAAAAAAAAAAAAAAAAAAAAAAD/////////////AP////////////8AAAAAAAAAAAAAAAAAAAAAAAAAAP////////////8A/////////////wAAAAAAAAAAAAAAAAAAAAAAAAAA/////////////wD/////////////AAAAAAAAAAAAAAAAAAAAAAAAAAD/////////////AP////////////8AAAAAAAAAAAAAAAAAAAAAAAAAAP////////////8A/////////////wAAAAAAAAAA/////////////////////////////wD/////////////AAAAAAAAAAD/////////////////////////////AP////////////8AAAAAAAAAAP////////////////////////////8A/////////////wAAAAAAAAAA/////////////////////////////wD/////////////AAAAAAAAAAAAAAAAAAAAAAAA////////////////AP////////////8AAAAAAAAAAAAAAAAAAAAAAAD///////////////8A/////////////wAAAAAAAAAAAAAAAAAAAAAAAP///////////////wD/////////////AAAAAAAAAAAAAAAAAAAAAAAA////////////////AP////////////8AAAAAAAAAAAAAAAAAAAAAAAD///////////////8A/////////////wAAAAAAAAAAAAAAAAAAAAAAAP///////////////wD/////////////AAAAAAAAAAD/////////////////////////////AP////////////8AAAAAAAAAAP////////////////////////////8A/////////////wAAAAAAAAAA/////////////////////////////wD/////////////AAAAAAAAAAD/////////////////////////////AP////////////8AAAAAAAAAAP////////////////////////////8A/////////////wAAAAAAAAAA/////////////////////////////wD/////////////AAAAAAAAAAD/////////////////////////////AP////////////8AAAAAAAAAAP////////////////////////////8A/////////////wAAAAAAAAAA/////////////////////////////wD/////////////AAAAAAAAAAD/////////////////////////////AP////////////8AAAAAAAAAAP////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8=', + 'width' => 40 + ), + 'G' => array( + 'data' => 'AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD//////////////////MB8TCgQAAAACCA4YJzs////////////////AP///////////////JQcAAAAAAAAAAAAAAAAAAhw8P////////////8A/////////////9gwAAAAAAAAAAAAAAAAAAAAAAAk2P///////////wD////////////EDAAAAAAAAAAAAAAAAAAAAAAAAAAc7P//////////AP//////////2AwAAAAAAAAAAAAAAAAAAAAAAAAAAABY//////////8A//////////wwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQ/////////wD/////////kAAAAAAAAAAAEHzQ/P/gmCAAAAAAAAAAAFz/////////AP////////wcAAAAAAAAACjg////////8CwAAAAAAAAgWP////////8A////////vAAAAAAAAAAI2P//////////yBRAcJjI8P///////////wD///////94AAAAAAAAAGD/////////////////////////////////AP///////0AAAAAAAAAAsP////////////////////////////////8A////////IAAAAAAAAADc/////////////////////////////////wD///////8AAAAAAAAAAP///////wAAAAAAAAAAAAAAAAD/////////AP///////wAAAAAAAAAA////////AAAAAAAAAAAAAAAAAP////////8A////////AAAAAAAAAAD///////8AAAAAAAAAAAAAAAAA/////////wD///////8gAAAAAAAAAOD//////wAAAAAAAAAAAAAAAAD/////////AP///////0AAAAAAAAAAtP//////AAAAAAAAAAAAAAAAAP////////8A////////cAAAAAAAAABw//////8AAAAAAAAAAAAAAAAA/////////wD///////+8AAAAAAAAABDs////////////AAAAAAAAAAD/////////AP////////wYAAAAAAAAADz0//////////AAAAAAAAAAAP////////8A/////////5AAAAAAAAAAACCY4P//3KhcCAAAAAAAAAAA/////////wD/////////+CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/////////AP//////////xAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIP////////8A////////////rAQAAAAAAAAAAAAAAAAAAAAAAAAAAGTw/////////wD/////////////vBQAAAAAAAAAAAAAAAAAAAAAADjI////////////AP//////////////8HAQAAAAAAAAAAAAAAAAAEiw//////////////8A//////////////////iwcEAgBAAABCA4aKDk/////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8=', + 'width' => 40 + ), + 'H' => array( + 'data' => 'AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////8AAAAAAAAAAP///////////wAAAAAAAAAA//////////8A/////////wAAAAAAAAAA////////////AAAAAAAAAAD//////////wD/////////AAAAAAAAAAD///////////8AAAAAAAAAAP//////////AP////////8AAAAAAAAAAP///////////wAAAAAAAAAA//////////8A/////////wAAAAAAAAAA////////////AAAAAAAAAAD//////////wD/////////AAAAAAAAAAD///////////8AAAAAAAAAAP//////////AP////////8AAAAAAAAAAP///////////wAAAAAAAAAA//////////8A/////////wAAAAAAAAAA////////////AAAAAAAAAAD//////////wD/////////AAAAAAAAAAD///////////8AAAAAAAAAAP//////////AP////////8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA//////////8A/////////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD//////////wD/////////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP//////////AP////////8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA//////////8A/////////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD//////////wD/////////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP//////////AP////////8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA//////////8A/////////wAAAAAAAAAA////////////AAAAAAAAAAD//////////wD/////////AAAAAAAAAAD///////////8AAAAAAAAAAP//////////AP////////8AAAAAAAAAAP///////////wAAAAAAAAAA//////////8A/////////wAAAAAAAAAA////////////AAAAAAAAAAD//////////wD/////////AAAAAAAAAAD///////////8AAAAAAAAAAP//////////AP////////8AAAAAAAAAAP///////////wAAAAAAAAAA//////////8A/////////wAAAAAAAAAA////////////AAAAAAAAAAD//////////wD/////////AAAAAAAAAAD///////////8AAAAAAAAAAP//////////AP////////8AAAAAAAAAAP///////////wAAAAAAAAAA//////////8A/////////wAAAAAAAAAA////////////AAAAAAAAAAD//////////wD/////////AAAAAAAAAAD///////////8AAAAAAAAAAP//////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8=', + 'width' => 40 + ), + 'I' => array( + 'data' => 'AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////AAAAAAAAAAAAAAAAAAAAAAAA////////////////AP////////////8AAAAAAAAAAAAAAAAAAAAAAAD///////////////8A/////////////wAAAAAAAAAAAAAAAAAAAAAAAP///////////////wD/////////////AAAAAAAAAAAAAAAAAAAAAAAA////////////////AP////////////8AAAAAAAAAAAAAAAAAAAAAAAD///////////////8A/////////////wAAAAAAAAAAAAAAAAAAAAAAAP///////////////wD/////////////AAAAAAAAAAAAAAAAAAAAAAAA////////////////AP///////////////////wAAAAAAAAAA//////////////////////8A////////////////////AAAAAAAAAAD//////////////////////wD///////////////////8AAAAAAAAAAP//////////////////////AP///////////////////wAAAAAAAAAA//////////////////////8A////////////////////AAAAAAAAAAD//////////////////////wD///////////////////8AAAAAAAAAAP//////////////////////AP///////////////////wAAAAAAAAAA//////////////////////8A////////////////////AAAAAAAAAAD//////////////////////wD///////////////////8AAAAAAAAAAP//////////////////////AP///////////////////wAAAAAAAAAA//////////////////////8A////////////////////AAAAAAAAAAD//////////////////////wD///////////////////8AAAAAAAAAAP//////////////////////AP///////////////////wAAAAAAAAAA//////////////////////8A////////////////////AAAAAAAAAAD//////////////////////wD///////////////////8AAAAAAAAAAP//////////////////////AP////////////8AAAAAAAAAAAAAAAAAAAAAAAD///////////////8A/////////////wAAAAAAAAAAAAAAAAAAAAAAAP///////////////wD/////////////AAAAAAAAAAAAAAAAAAAAAAAA////////////////AP////////////8AAAAAAAAAAAAAAAAAAAAAAAD///////////////8A/////////////wAAAAAAAAAAAAAAAAAAAAAAAP///////////////wD/////////////AAAAAAAAAAAAAAAAAAAAAAAA////////////////AP////////////8AAAAAAAAAAAAAAAAAAAAAAAD///////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8=', + 'width' => 40 + ), + 'J' => array( + 'data' => 'AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP///////////////////////////wAAAAAAAAAA//////////////8A////////////////////////////AAAAAAAAAAD//////////////wD///////////////////////////8AAAAAAAAAAP//////////////AP///////////////////////////wAAAAAAAAAA//////////////8A////////////////////////////AAAAAAAAAAD//////////////wD///////////////////////////8AAAAAAAAAAP//////////////AP///////////////////////////wAAAAAAAAAA//////////////8A////////////////////////////AAAAAAAAAAD//////////////wD///////////////////////////8AAAAAAAAAAP//////////////AP///////////////////////////wAAAAAAAAAA//////////////8A////////////////////////////AAAAAAAAAAD//////////////wD///////////////////////////8AAAAAAAAAAP//////////////AP///////////////////////////wAAAAAAAAAA//////////////8A////////////////////////////AAAAAAAAAAD//////////////wD///////////////////////////8AAAAAAAAAAP//////////////AP///////////////////////////wAAAAAAAAAA//////////////8A////////////////////////////AAAAAAAAAAj//////////////wD//////////+zMrIxwUDAQ//////wAAAAAAAAAIP//////////////AP//////////DAAAAAAAAADo////2AAAAAAAAAA0//////////////8A//////////8wAAAAAAAAAKj///+YAAAAAAAAAFj//////////////wD//////////2gAAAAAAAAAIND/yBgAAAAAAAAAkP//////////////AP//////////vAAAAAAAAAAAAAAAAAAAAAAAAADc//////////////8A////////////MAAAAAAAAAAAAAAAAAAAAAAAUP///////////////wD////////////EBAAAAAAAAAAAAAAAAAAAABjk////////////////AP////////////+sBAAAAAAAAAAAAAAAAAAY2P////////////////8A///////////////EMAAAAAAAAAAAAAAAVOj//////////////////wD/////////////////vHBAIAAAABg8fNT/////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8=', + 'width' => 40 + ), + 'K' => array( + 'data' => 'AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD///////8AAAAAAAAAAP//////////wAQAAAAAAAAAAABw////////AP///////wAAAAAAAAAA/////////9AMAAAAAAAAAAAAcP////////8A////////AAAAAAAAAAD////////cGAAAAAAAAAAAAHD//////////wD///////8AAAAAAAAAAP//////6CgAAAAAAAAAAABs////////////AP///////wAAAAAAAAAA//////Q0AAAAAAAAAAAAVPz///////////8A////////AAAAAAAAAAD////8RAAAAAAAAAAAAFT8/////////////wD///////8AAAAAAAAAAP///1gAAAAAAAAAAABU/P//////////////AP///////wAAAAAAAAAA//9wAAAAAAAAAAAASPz///////////////8A////////AAAAAAAAAAD/jAAAAAAAAAAAADz0/////////////////wD///////8AAAAAAAAAAKQAAAAAAAAAAAA89P//////////////////AP///////wAAAAAAAAAABAAAAAAAAAAAFPT///////////////////8A////////AAAAAAAAAAAAAAAAAAAAAAAApP///////////////////wD///////8AAAAAAAAAAAAAAAAAAAAAAAAU8P//////////////////AP///////wAAAAAAAAAAAAAAAAAAAAAAAABk//////////////////8A////////AAAAAAAAAAAAAAAAAAAAAAAAAADE/////////////////wD///////8AAAAAAAAAAAAAAAAoEAAAAAAAACz8////////////////AP///////wAAAAAAAAAAAAAAGNiAAAAAAAAAAIj///////////////8A////////AAAAAAAAAAAAABjY//gYAAAAAAAACOD//////////////wD///////8AAAAAAAAAAAAY2P///5wAAAAAAAAASP//////////////AP///////wAAAAAAAAAAGNj//////CgAAAAAAAAAqP////////////8A////////AAAAAAAAAADI////////sAAAAAAAAAAc8P///////////wD///////8AAAAAAAAAAP//////////QAAAAAAAAABs////////////AP///////wAAAAAAAAAA///////////IAAAAAAAAAATI//////////8A////////AAAAAAAAAAD///////////9YAAAAAAAAADD8/////////wD///////8AAAAAAAAAAP///////////9wEAAAAAAAAAJD/////////AP///////wAAAAAAAAAA/////////////3AAAAAAAAAADOT///////8A////////AAAAAAAAAAD/////////////7BAAAAAAAAAAUP///////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8=', + 'width' => 40 + ), + 'L' => array( + 'data' => 'AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////8AAAAAAAAAAP////////////////////////////8A/////////////wAAAAAAAAAA/////////////////////////////wD/////////////AAAAAAAAAAD/////////////////////////////AP////////////8AAAAAAAAAAP////////////////////////////8A/////////////wAAAAAAAAAA/////////////////////////////wD/////////////AAAAAAAAAAD/////////////////////////////AP////////////8AAAAAAAAAAP////////////////////////////8A/////////////wAAAAAAAAAA/////////////////////////////wD/////////////AAAAAAAAAAD/////////////////////////////AP////////////8AAAAAAAAAAP////////////////////////////8A/////////////wAAAAAAAAAA/////////////////////////////wD/////////////AAAAAAAAAAD/////////////////////////////AP////////////8AAAAAAAAAAP////////////////////////////8A/////////////wAAAAAAAAAA/////////////////////////////wD/////////////AAAAAAAAAAD/////////////////////////////AP////////////8AAAAAAAAAAP////////////////////////////8A/////////////wAAAAAAAAAA/////////////////////////////wD/////////////AAAAAAAAAAD/////////////////////////////AP////////////8AAAAAAAAAAP////////////////////////////8A/////////////wAAAAAAAAAA/////////////////////////////wD/////////////AAAAAAAAAAAAAAAAAAAAAAAAAAD/////////////AP////////////8AAAAAAAAAAAAAAAAAAAAAAAAAAP////////////8A/////////////wAAAAAAAAAAAAAAAAAAAAAAAAAA/////////////wD/////////////AAAAAAAAAAAAAAAAAAAAAAAAAAD/////////////AP////////////8AAAAAAAAAAAAAAAAAAAAAAAAAAP////////////8A/////////////wAAAAAAAAAAAAAAAAAAAAAAAAAA/////////////wD/////////////AAAAAAAAAAAAAAAAAAAAAAAAAAD/////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8=', + 'width' => 40 + ), + 'M' => array( + 'data' => 'AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A//////8AAAAAAAAAAAAAAHz//////3wAAAAAAAAAAAAAAP///////wD//////wAAAAAAAAAAAAAATP//////UAAAAAAAAAAAAAAA////////AP//////AAAAAAAAAAAAAAAc//////8cAAAAAAAAAAAAAAD///////8A//////8AAAAAAAAAAAAAAADw////8AAAAAAAAAAAAAAAAP///////wD//////wAAAAAAAAAAAAAAALz////AAAAAAAAAAAAAAAAA////////AP//////AAAAAAAAAAAAAAAAkP///5AAAAAAAAAAAAAAAAD///////8A//////8AAAAAAAAAAAAAAABc////ZAAAAAAAAAAAAAAAAP///////wD//////wAAAAAAAAAoAAAAADD///8wAAAAACQAAAAAAAAA////////AP//////AAAAAAAAAFwAAAAABPz//AgAAAAAXAAAAAAAAAD///////8A//////8AAAAAAAAAkAAAAAAA0P/UAAAAAACQAAAAAAAAAP///////wD//////wAAAAAAAADMAAAAAACg/6gAAAAAAMQAAAAAAAAA////////AP//////AAAAAAAAAPgEAAAAAHD/dAAAAAAE+AAAAAAAAAD///////8A//////8AAAAAAAAA/zQAAAAAQP9IAAAAADD/AAAAAAAAAP///////wD//////wAAAAAAAAD/bAAAAAAQ/xQAAAAAaP8AAAAAAAAA////////AP//////AAAAAAAAAP+gAAAAAADQAAAAAACc/wAAAAAAAAD///////8A//////8AAAAAAAAA/9QAAAAAAGgAAAAAAND/AAAAAAAAAP///////wD//////wAAAAAAAAD//wwAAAAAFAAAAAAM/P8AAAAAAAAA////////AP//////AAAAAAAAAP//RAAAAAAAAAAAADz//wAAAAAAAAD///////8A//////8AAAAAAAAA//94AAAAAAAAAAAAcP//AAAAAAAAAP///////wD//////wAAAAAAAAD//7AAAAAAAAAAAACo//8AAAAAAAAA////////AP//////AAAAAAAAAP//5AAAAAAAAAAAANz//wAAAAAAAAD///////8A//////8AAAAAAAAA////HAAAAAAAAAAQ////AAAAAAAAAP///////wD//////wAAAAAAAAD///9QAAAAAAAAAEz///8AAAAAAAAA////////AP//////AAAAAAAAAP///4gAAAAAAAAAfP///wAAAAAAAAD///////8A//////8AAAAAAAAA////vAAAAAAAAACw////AAAAAAAAAP///////wD//////wAAAAAAAAD////wAAAAAAAAAOz///8AAAAAAAAA////////AP//////AAAAAAAAAP////8sAAAAAAAc/////wAAAAAAAAD///////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8=', + 'width' => 40 + ), + 'N' => array( + 'data' => 'AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////AAAAAAAAALD/////////////AAAAAAAAAP//////////AP////////8AAAAAAAAAFOj///////////8AAAAAAAAA//////////8A/////////wAAAAAAAAAASP///////////wAAAAAAAAD//////////wD/////////AAAAAAAAAAAAkP//////////AAAAAAAAAP//////////AP////////8AAAAAAAAAAAAI1P////////8AAAAAAAAA//////////8A/////////wAAAAAAAAAAAAAw+P///////wAAAAAAAAD//////////wD/////////AAAAAAAAAAAAAABw////////AAAAAAAAAP//////////AP////////8AAAAAAAAAAAAAAAC8//////8AAAAAAAAA//////////8A/////////wAAAAAAAAAAAAAAABzs/////wAAAAAAAAD//////////wD/////////AAAAAAAAAAAAAAAAAFD/////AAAAAAAAAP//////////AP////////8AAAAAAAAAAAAAAAAAAJz///8AAAAAAAAA//////////8A/////////wAAAAAAAAAUAAAAAAAADNz//wAAAAAAAAD//////////wD/////////AAAAAAAAALQAAAAAAAAANPz/AAAAAAAAAP//////////AP////////8AAAAAAAAA/2wAAAAAAAAAfP8AAAAAAAAA//////////8A/////////wAAAAAAAAD/+CwAAAAAAAAExAAAAAAAAAD//////////wD/////////AAAAAAAAAP//0AQAAAAAAAAgAAAAAAAAAP//////////AP////////8AAAAAAAAA////jAAAAAAAAAAAAAAAAAAA//////////8A/////////wAAAAAAAAD/////RAAAAAAAAAAAAAAAAAD//////////wD/////////AAAAAAAAAP/////kFAAAAAAAAAAAAAAAAP//////////AP////////8AAAAAAAAA//////+sAAAAAAAAAAAAAAAA//////////8A/////////wAAAAAAAAD///////9kAAAAAAAAAAAAAAD//////////wD/////////AAAAAAAAAP////////QkAAAAAAAAAAAAAP//////////AP////////8AAAAAAAAA/////////8wEAAAAAAAAAAAA//////////8A/////////wAAAAAAAAD//////////4QAAAAAAAAAAAD//////////wD/////////AAAAAAAAAP///////////DwAAAAAAAAAAP//////////AP////////8AAAAAAAAA////////////4BAAAAAAAAAA//////////8A/////////wAAAAAAAAD/////////////qAAAAAAAAAD//////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8=', + 'width' => 40 + ), + 'O' => array( + 'data' => 'AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A///////////////////0qGw4HAAAABw4aKT0/////////////////wD////////////////wcAwAAAAAAAAAAAAAAAho6P//////////////AP//////////////uBQAAAAAAAAAAAAAAAAAAAAMoP////////////8A/////////////6AEAAAAAAAAAAAAAAAAAAAAAAAAkP///////////wD///////////+4BAAAAAAAAAAAAAAAAAAAAAAAAAAAoP//////////AP//////////8BQAAAAAAAAAAAAAAAAAAAAAAAAAAAAM5P////////8A//////////9wAAAAAAAAAAAsrPD/7KQsAAAAAAAAAABg/////////wD/////////+BAAAAAAAAAAUPj///////hQAAAAAAAAAAjs////////AP////////+sAAAAAAAAABDw//////////AYAAAAAAAAAKD///////8A/////////2wAAAAAAAAAdP///////////3wAAAAAAAAAYP///////wD/////////OAAAAAAAAAC4////////////xAAAAAAAAAAw////////AP////////8cAAAAAAAAAOD////////////oAAAAAAAAABT///////8A/////////wAAAAAAAAAA//////////////8AAAAAAAAAAP///////wD/////////AAAAAAAAAAD//////////////wAAAAAAAAAA////////AP////////8AAAAAAAAAAP/////////////8AAAAAAAAAAD///////8A/////////xwAAAAAAAAA5P///////////+AAAAAAAAAAHP///////wD/////////NAAAAAAAAAC8////////////uAAAAAAAAAA4////////AP////////9oAAAAAAAAAHj///////////98AAAAAAAAAGT///////8A/////////6gAAAAAAAAAGPD/////////+BgAAAAAAAAApP///////wD/////////9AwAAAAAAAAAUPz///////xcAAAAAAAAAAjs////////AP//////////cAAAAAAAAAAALKjs//CwOAAAAAAAAAAAYP////////8A///////////wFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAzk/////////wD///////////+4BAAAAAAAAAAAAAAAAAAAAAAAAAAAoP//////////AP////////////+QAAAAAAAAAAAAAAAAAAAAAAAAAJD///////////8A//////////////+sEAAAAAAAAAAAAAAAAAAAAAyg/////////////wD////////////////oZAgAAAAAAAAAAAAAAARg4P//////////////AP//////////////////9KhsOCAAAAAUMFyc7P////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8=', + 'width' => 40 + ), + 'P' => array( + 'data' => 'AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP///////////wAAAAAAAAAAAAAAAAAACCxguP////////////////8A////////////AAAAAAAAAAAAAAAAAAAAAAAAOOD//////////////wD///////////8AAAAAAAAAAAAAAAAAAAAAAAAAGOD/////////////AP///////////wAAAAAAAAAAAAAAAAAAAAAAAAAARP////////////8A////////////AAAAAAAAAAAAAAAAAAAAAAAAAAAAxP///////////wD///////////8AAAAAAAAAAAAAAAAAAAAAAAAAAABo////////////AP///////////wAAAAAAAAAA////6JwMAAAAAAAAADD///////////8A////////////AAAAAAAAAAD//////6AAAAAAAAAADP///////////wD///////////8AAAAAAAAAAP//////9AAAAAAAAAAA////////////AP///////////wAAAAAAAAAA///////0AAAAAAAAAAD///////////8A////////////AAAAAAAAAAD//////5gAAAAAAAAAHP///////////wD///////////8AAAAAAAAAAP///9iICAAAAAAAAABI////////////AP///////////wAAAAAAAAAAAAAAAAAAAAAAAAAAAJD///////////8A////////////AAAAAAAAAAAAAAAAAAAAAAAAAAAI6P///////////wD///////////8AAAAAAAAAAAAAAAAAAAAAAAAAAIT/////////////AP///////////wAAAAAAAAAAAAAAAAAAAAAAAABU/P////////////8A////////////AAAAAAAAAAAAAAAAAAAAAAAIhPz//////////////wD///////////8AAAAAAAAAAAAAAAAABCRMkOz/////////////////AP///////////wAAAAAAAAAA//////////////////////////////8A////////////AAAAAAAAAAD//////////////////////////////wD///////////8AAAAAAAAAAP//////////////////////////////AP///////////wAAAAAAAAAA//////////////////////////////8A////////////AAAAAAAAAAD//////////////////////////////wD///////////8AAAAAAAAAAP//////////////////////////////AP///////////wAAAAAAAAAA//////////////////////////////8A////////////AAAAAAAAAAD//////////////////////////////wD///////////8AAAAAAAAAAP//////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8=', + 'width' => 40 + ), + 'Q' => array( + 'data' => 'AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////SoaDQcAAAAHDhoqPT///////////////////8A//////////////BwDAAAAAAAAAAAAAAACHDo/////////////////wD///////////+4FAAAAAAAAAAAAAAAAAAAABCo////////////////AP//////////nAQAAAAAAAAAAAAAAAAAAAAAAACQ//////////////8A/////////7gEAAAAAAAAAAAAAAAAAAAAAAAAAACg/////////////wD////////wFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAzo////////////AP///////3AAAAAAAAAAACyo8P/sqCwAAAAAAAAAAGT///////////8A///////4EAAAAAAAAABM+P///////FQAAAAAAAAACPT//////////wD//////7AAAAAAAAAAFPD/////////9BgAAAAAAAAApP//////////AP//////bAAAAAAAAAB4////////////fAAAAAAAAABk//////////8A//////84AAAAAAAAALz///////////+8AAAAAAAAADT//////////wD//////xwAAAAAAAAA6P///////////+QAAAAAAAAAHP//////////AP//////AAAAAAAAAAD//////////////wAAAAAAAAAA//////////8A//////8AAAAAAAAAAP//////////////AAAAAAAAAAD//////////wD//////wAAAAAAAAAA/P////////////8AAAAAAAAAAP//////////AP//////GAAAAAAAAADg////////////4AAAAAAAAAAc//////////8A//////84AAAAAAAAALT////MJHTo//+8AAAAAAAAADT//////////wD//////2wAAAAAAAAAdP///2AAABCg/3wAAAAAAAAAZP//////////AP//////rAAAAAAAAAAY9P/sCAAAAABMGAAAAAAAAACk//////////8A///////4EAAAAAAAAABU/P+0OAAAAAAAAAAAAAAACPT//////////wD///////94AAAAAAAAAAA4sPD/gAAAAAAAAAAAAABk////////////AP////////AcAAAAAAAAAAAAAAAAAAAAAAAAAAAADOT///////////8A/////////7wEAAAAAAAAAAAAAAAAAAAAAAAAAACQ/////////////wD//////////6wEAAAAAAAAAAAAAAAAAAAAAAAAABSs////////////AP///////////7gUAAAAAAAAAAAAAAAAAAAAAAAAAABAwP////////8A//////////////BwDAAAAAAAAAAAAAAABAgAAAAAAAA8/////////wD////////////////0qGg0GAAAABgwXJjkxBgAAAAAALD/////////AP//////////////////////////////////5DQAAAAk/P////////8A////////////////////////////////////+GwAAJD//////////wD//////////////////////////////////////8A49P//////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8=', + 'width' => 40 + ), + 'R' => array( + 'data' => 'AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////wAAAAAAAAAAAAAAAAAAAAQgOGSk+P///////////////wD/////////AAAAAAAAAAAAAAAAAAAAAAAAAAAcuP//////////////AP////////8AAAAAAAAAAAAAAAAAAAAAAAAAAAAEsP////////////8A/////////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQ6P///////////wD/////////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB8////////////AP////////8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAADD///////////8A/////////wAAAAAAAAAA///////svDgAAAAAAAAACP///////////wD/////////AAAAAAAAAAD/////////7AAAAAAAAAAA////////////AP////////8AAAAAAAAAAP/////////cAAAAAAAAABD///////////8A/////////wAAAAAAAAAA//////DQoCQAAAAAAAAAQP///////////wD/////////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAACU////////////AP////////8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAIPj///////////8A/////////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAzU/////////////wD/////////AAAAAAAAAAAAAAAAAAAAAAAAAAA02P//////////////AP////////8AAAAAAAAAAAAAAAAAAAAAAAxctPz///////////////8A/////////wAAAAAAAAAAAAAAAAAAAAAAAEDY/////////////////wD/////////AAAAAAAAAAD/9LAsAAAAAAAAAAzc////////////////AP////////8AAAAAAAAAAP///+wkAAAAAAAAADD8//////////////8A/////////wAAAAAAAAAA/////8QAAAAAAAAAAJD//////////////wD/////////AAAAAAAAAAD//////1QAAAAAAAAAFPD/////////////AP////////8AAAAAAAAAAP//////3AQAAAAAAAAAgP////////////8A/////////wAAAAAAAAAA////////aAAAAAAAAAAM6P///////////wD/////////AAAAAAAAAAD////////oCAAAAAAAAABs////////////AP////////8AAAAAAAAAAP////////+AAAAAAAAAAATc//////////8A/////////wAAAAAAAAAA//////////AUAAAAAAAAAFj//////////wD/////////AAAAAAAAAAD//////////5AAAAAAAAAAAND/////////AP////////8AAAAAAAAAAP//////////+CQAAAAAAAAAQP////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8=', + 'width' => 40 + ), + 'S' => array( + 'data' => 'AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP/////////////////8vHBEIAgAAAQgQHC8/P////////////////8A////////////////pCQAAAAAAAAAAAAAAAAcoP///////////////wD//////////////FwAAAAAAAAAAAAAAAAAAAAAXP//////////////AP////////////9oAAAAAAAAAAAAAAAAAAAAAAAAhP////////////8A////////////zAAAAAAAAAAAAAAAAAAAAAAAAAAI6P///////////wD///////////9cAAAAAAAAAAAAAAAAAAAAAAAAAACA////////////AP///////////xgAAAAAAAAAUOD/8KwkAAAAAAAAADj///////////8A////////////AAAAAAAAAAD0/////8wABCAgICxASP///////////wD///////////8MAAAAAAAAAMz/////////////////////////////AP///////////0AAAAAAAAAACFiQxPT///////////////////////8A////////////oAAAAAAAAAAAAAAAADBwtPT//////////////////wD////////////8QAAAAAAAAAAAAAAAAAAACFTA////////////////AP/////////////oOAAAAAAAAAAAAAAAAAAAAABM6P////////////8A///////////////4fAgAAAAAAAAAAAAAAAAAAAAY2P///////////wD/////////////////7IwwAAAAAAAAAAAAAAAAAAAo+P//////////AP/////////////////////koGw0BAAAAAAAAAAAAACU//////////8A///////////////////////////4uFgAAAAAAAAAADz//////////wD//////////2BgSEA0IBwA6P///////5QAAAAAAAAADP//////////AP//////////JAAAAAAAAACc/////////AAAAAAAAAAA//////////8A//////////9YAAAAAAAAACDo///////AAAAAAAAAABT//////////wD//////////6QAAAAAAAAAACCk7P/snBQAAAAAAAAAUP//////////AP//////////+BAAAAAAAAAAAAAAAAAAAAAAAAAAAACs//////////8A////////////kAAAAAAAAAAAAAAAAAAAAAAAAAAAOP///////////wD////////////8RAAAAAAAAAAAAAAAAAAAAAAAABjc////////////AP/////////////0PAAAAAAAAAAAAAAAAAAAAAAg2P////////////8A///////////////8hBQAAAAAAAAAAAAAAAAMdPT//////////////wD/////////////////+LRwSCAMAAAAHDhoqPT/////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8=', + 'width' => 40 + ), + 'T' => array( + 'data' => 'AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA////////////AP////////8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD///////////8A/////////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP///////////wD/////////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA////////////AP////////8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD///////////8A/////////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP///////////wD///////////////////8AAAAAAAAAAP//////////////////////AP///////////////////wAAAAAAAAAA//////////////////////8A////////////////////AAAAAAAAAAD//////////////////////wD///////////////////8AAAAAAAAAAP//////////////////////AP///////////////////wAAAAAAAAAA//////////////////////8A////////////////////AAAAAAAAAAD//////////////////////wD///////////////////8AAAAAAAAAAP//////////////////////AP///////////////////wAAAAAAAAAA//////////////////////8A////////////////////AAAAAAAAAAD//////////////////////wD///////////////////8AAAAAAAAAAP//////////////////////AP///////////////////wAAAAAAAAAA//////////////////////8A////////////////////AAAAAAAAAAD//////////////////////wD///////////////////8AAAAAAAAAAP//////////////////////AP///////////////////wAAAAAAAAAA//////////////////////8A////////////////////AAAAAAAAAAD//////////////////////wD///////////////////8AAAAAAAAAAP//////////////////////AP///////////////////wAAAAAAAAAA//////////////////////8A////////////////////AAAAAAAAAAD//////////////////////wD///////////////////8AAAAAAAAAAP//////////////////////AP///////////////////wAAAAAAAAAA//////////////////////8A////////////////////AAAAAAAAAAD//////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8=', + 'width' => 40 + ), + 'U' => array( + 'data' => 'AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////8AAAAAAAAAAP///////////wAAAAAAAAAA//////////8A/////////wAAAAAAAAAA////////////AAAAAAAAAAD//////////wD/////////AAAAAAAAAAD///////////8AAAAAAAAAAP//////////AP////////8AAAAAAAAAAP///////////wAAAAAAAAAA//////////8A/////////wAAAAAAAAAA////////////AAAAAAAAAAD//////////wD/////////AAAAAAAAAAD///////////8AAAAAAAAAAP//////////AP////////8AAAAAAAAAAP///////////wAAAAAAAAAA//////////8A/////////wAAAAAAAAAA////////////AAAAAAAAAAD//////////wD/////////AAAAAAAAAAD///////////8AAAAAAAAAAP//////////AP////////8AAAAAAAAAAP///////////wAAAAAAAAAA//////////8A/////////wAAAAAAAAAA////////////AAAAAAAAAAD//////////wD/////////AAAAAAAAAAD///////////8AAAAAAAAAAP//////////AP////////8AAAAAAAAAAP///////////wAAAAAAAAAA//////////8A/////////wAAAAAAAAAA////////////AAAAAAAAAAD//////////wD/////////AAAAAAAAAAD///////////8AAAAAAAAAAP//////////AP////////8AAAAAAAAAAP///////////wAAAAAAAAAA//////////8A/////////wAAAAAAAAAA////////////AAAAAAAAAAD//////////wD/////////JAAAAAAAAADk/////////+gAAAAAAAAAHP//////////AP////////9MAAAAAAAAAJz/////////nAAAAAAAAABE//////////8A/////////4gAAAAAAAAAHOj//////+ggAAAAAAAAAHz//////////wD/////////0AAAAAAAAAAAIJzs/+ykIAAAAAAAAAAA0P//////////AP//////////QAAAAAAAAAAAAAAAAAAAAAAAAAAAAED///////////8A///////////IBAAAAAAAAAAAAAAAAAAAAAAAAAAE0P///////////wD///////////+YAAAAAAAAAAAAAAAAAAAAAAAAAJj/////////////AP////////////+UBAAAAAAAAAAAAAAAAAAAAASU//////////////8A///////////////IPAAAAAAAAAAAAAAAAAAwyP///////////////wD/////////////////0IxYOCAIAAAEIEiAyP//////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8=', + 'width' => 40 + ), + 'V' => array( + 'data' => 'AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD//////zAAAAAAAAAAYP//////////////ZAAAAAAAAAAw////////AP//////kAAAAAAAAAAU/P////////////8UAAAAAAAAAJD///////8A///////oBAAAAAAAAADE////////////xAAAAAAAAAAE7P///////wD///////9MAAAAAAAAAHD///////////94AAAAAAAAAEz/////////AP///////6gAAAAAAAAAJP///////////yQAAAAAAAAArP////////8A////////+BAAAAAAAAAA1P/////////YAAAAAAAAABT4/////////wD/////////aAAAAAAAAACE/////////4QAAAAAAAAAbP//////////AP/////////EAAAAAAAAADT/////////OAAAAAAAAADM//////////8A//////////8kAAAAAAAAAOT//////+QAAAAAAAAAKP///////////wD//////////4QAAAAAAAAAmP//////nAAAAAAAAACI////////////AP//////////5AAAAAAAAABE//////9EAAAAAAAABOT///////////8A////////////QAAAAAAAAAT0////9AgAAAAAAABI/////////////wD///////////+gAAAAAAAAAKT///+kAAAAAAAAAKj/////////////AP////////////QIAAAAAAAAXP///1wAAAAAAAAM+P////////////8A/////////////1wAAAAAAAAM+P/8DAAAAAAAAGT//////////////wD/////////////vAAAAAAAAAC8/7wAAAAAAAAAxP//////////////AP//////////////HAAAAAAAAGj/aAAAAAAAACT///////////////8A//////////////94AAAAAAAAHP8cAAAAAAAAhP///////////////wD//////////////9gAAAAAAAAAkAAAAAAAAADk////////////////AP///////////////zgAAAAAAAAQAAAAAAAAQP////////////////8A////////////////lAAAAAAAAAAAAAAAAACg/////////////////wD////////////////sCAAAAAAAAAAAAAAADPT/////////////////AP////////////////9QAAAAAAAAAAAAAABg//////////////////8A/////////////////7AAAAAAAAAAAAAAAMD//////////////////wD//////////////////BQAAAAAAAAAAAAc////////////////////AP//////////////////cAAAAAAAAAAAAHz///////////////////8A///////////////////MAAAAAAAAAAAA3P///////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8=', + 'width' => 40 + ), + 'W' => array( + 'data' => 'AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A//8cAAAAAAAAALz/////4AAAAAAAAAAA6P////+8AAAAAAAAABz//wD//1QAAAAAAAAAjP////+gAAAAAAAAAACo/////4wAAAAAAAAAUP//AP//jAAAAAAAAABU/////2AAAAAAAAAAAGj/////VAAAAAAAAACM//8A///EAAAAAAAAACT/////IAAAAAAAAAAAKP////8kAAAAAAAAAMT//wD///gEAAAAAAAAAPD//+AAAAAAAAAAAAAA6P//8AAAAAAAAAAE9P//AP///zAAAAAAAAAAvP//oAAAAAAAAAAAAACo//+8AAAAAAAAADD///8A////bAAAAAAAAACM//9gAAAAAAAAAAAAAGT//4wAAAAAAAAAaP///wD///+kAAAAAAAAAFT//yAAAAAAAAAAAAAAIP//VAAAAAAAAACc////AP///9gAAAAAAAAAJP/gAAAAAAAAAAAAAAAA4P8kAAAAAAAAANT///8A/////xAAAAAAAAAA8KAAAAAAAAAAAAAAAACg8AAAAAAAAAAQ/////wD/////TAAAAAAAAAC8YAAAAAAAAAAAAAAAAGC8AAAAAAAAAET/////AP////+AAAAAAAAAAIwgAAAAAAAAAAAAAAAAIIwAAAAAAAAAfP////8A/////7gAAAAAAAAANAAAAAAAACwwAAAAAAAANAAAAAAAAACw/////wD/////8AAAAAAAAAAAAAAAAAAAdHgAAAAAAAAAAAAAAAAAAOz/////AP//////KAAAAAAAAAAAAAAAAAC4vAAAAAAAAAAAAAAAAAAg//////8A//////9gAAAAAAAAAAAAAAAACPj4CAAAAAAAAAAAAAAAAFj//////wD//////5QAAAAAAAAAAAAAAABE//9IAAAAAAAAAAAAAAAAkP//////AP//////0AAAAAAAAAAAAAAAAIj//4wAAAAAAAAAAAAAAADI//////8A///////8DAAAAAAAAAAAAAAAzP//1AAAAAAAAAAAAAAABPj//////wD///////88AAAAAAAAAAAAABT/////GAAAAAAAAAAAAAA0////////AP///////3QAAAAAAAAAAAAAWP////9gAAAAAAAAAAAAAHD///////8A////////sAAAAAAAAAAAAACg/////6QAAAAAAAAAAAAApP///////wD////////kAAAAAAAAAAAAAOT/////6AAAAAAAAAAAAADc////////AP////////8cAAAAAAAAAAAo////////MAAAAAAAAAAAEP////////8A/////////1QAAAAAAAAAAHD///////94AAAAAAAAAABM/////////wD/////////jAAAAAAAAAAAtP///////7wAAAAAAAAAAID/////////AP/////////EAAAAAAAAAAT0////////+AgAAAAAAAAAuP////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8=', + 'width' => 40 + ), + 'X' => array( + 'data' => 'AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD///////9UAAAAAAAAAKz///////////+sAAAAAAAAAFD/////////AP///////+QQAAAAAAAAFOT/////////8BwAAAAAAAAM5P////////8A/////////5gAAAAAAAAATP////////9kAAAAAAAAAJD//////////wD//////////0AAAAAAAAAAoP//////wAAAAAAAAAA0/P//////////AP//////////2AgAAAAAAAAQ4P////gkAAAAAAAABMz///////////8A////////////iAAAAAAAAABA////dAAAAAAAAABw/////////////wD////////////8MAAAAAAAAACU/9AEAAAAAAAAHPD/////////////AP/////////////IBAAAAAAAAAzYMAAAAAAAAACs//////////////8A//////////////90AAAAAAAAABAAAAAAAAAATP///////////////wD///////////////QgAAAAAAAAAAAAAAAAAAzg////////////////AP///////////////7wAAAAAAAAAAAAAAAAAjP////////////////8A/////////////////2AAAAAAAAAAAAAAADD8/////////////////wD/////////////////7BQAAAAAAAAAAAAEyP//////////////////AP/////////////////gDAAAAAAAAAAAAAjY//////////////////8A/////////////////0AAAAAAAAAAAAAAADj8/////////////////wD///////////////+UAAAAAAAAAAAAAAAAAJD/////////////////AP//////////////4AwAAAAAAAAAAAAAAAAADOD///////////////8A//////////////9AAAAAAAAAAAAAAAAAAAAAQP///////////////wD/////////////nAAAAAAAAAAAWAAAAAAAAAAAlP//////////////AP///////////+QQAAAAAAAAAGD/YAAAAAAAAAAM4P////////////8A////////////TAAAAAAAAAAs9P/0LAAAAAAAAABM/////////////wD//////////6AAAAAAAAAADNT////UDAAAAAAAAACg////////////AP/////////kEAAAAAAAAACg//////+gAAAAAAAAABDk//////////8A/////////0wAAAAAAAAAYP////////9gAAAAAAAAAEz//////////wD///////+oAAAAAAAAACz0//////////QsAAAAAAAAAKT/////////AP//////7BQAAAAAAAAM1P///////////9QMAAAAAAAAFOz///////8A//////9UAAAAAAAAAKD//////////////6AAAAAAAAAAVP///////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8=', + 'width' => 40 + ), + 'Y' => array( + 'data' => 'AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP///////1QAAAAAAAAAAGj//////////2gAAAAAAAAAAFT///////8A////////5BAAAAAAAAAAAMT////////EAAAAAAAAAAAQ5P///////wD/////////mAAAAAAAAAAAKPj/////+CgAAAAAAAAAAJj/////////AP//////////PAAAAAAAAAAAgP////+AAAAAAAAAAAA8//////////8A///////////YCAAAAAAAAAAE2P//2AQAAAAAAAAACNj//////////wD///////////+AAAAAAAAAAAA4//84AAAAAAAAAACA////////////AP////////////woAAAAAAAAAACUlAAAAAAAAAAAKPz///////////8A/////////////8gAAAAAAAAAABAQAAAAAAAAAADI/////////////wD//////////////2wAAAAAAAAAAAAAAAAAAAAAbP//////////////AP//////////////8BwAAAAAAAAAAAAAAAAAABzw//////////////8A////////////////tAAAAAAAAAAAAAAAAAAAtP///////////////wD/////////////////VAAAAAAAAAAAAAAAAFT/////////////////AP/////////////////oEAAAAAAAAAAAAAAQ6P////////////////8A//////////////////+cAAAAAAAAAAAAAJz//////////////////wD///////////////////9AAAAAAAAAAABA////////////////////AP///////////////////9gAAAAAAAAAANj///////////////////8A/////////////////////wAAAAAAAAAA/////////////////////wD/////////////////////AAAAAAAAAAD/////////////////////AP////////////////////8AAAAAAAAAAP////////////////////8A/////////////////////wAAAAAAAAAA/////////////////////wD/////////////////////AAAAAAAAAAD/////////////////////AP////////////////////8AAAAAAAAAAP////////////////////8A/////////////////////wAAAAAAAAAA/////////////////////wD/////////////////////AAAAAAAAAAD/////////////////////AP////////////////////8AAAAAAAAAAP////////////////////8A/////////////////////wAAAAAAAAAA/////////////////////wD/////////////////////AAAAAAAAAAD/////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8=', + 'width' => 40 + ), + 'Z' => array( + 'data' => 'AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A//////////8AAAAAAAAAAAAAAAAAAAAAAAAAAAD//////////////wD//////////wAAAAAAAAAAAAAAAAAAAAAAAAAAAP//////////////AP//////////AAAAAAAAAAAAAAAAAAAAAAAAAAAA//////////////8A//////////8AAAAAAAAAAAAAAAAAAAAAAAAAAAD//////////////wD//////////wAAAAAAAAAAAAAAAAAAAAAAAAAAAP//////////////AP//////////AAAAAAAAAAAAAAAAAAAAAAAAAAAQ//////////////8A/////////////////////////1AAAAAAAAAABLz//////////////wD///////////////////////98AAAAAAAAAACY////////////////AP//////////////////////pAAAAAAAAAAAaP////////////////8A/////////////////////8QIAAAAAAAAAET8/////////////////wD////////////////////gGAAAAAAAAAAo9P//////////////////AP//////////////////9CwAAAAAAAAAFNz///////////////////8A//////////////////xMAAAAAAAAAATA/////////////////////wD/////////////////eAAAAAAAAAAAnP//////////////////////AP///////////////5wAAAAAAAAAAHT///////////////////////8A///////////////ABAAAAAAAAABM/P///////////////////////wD/////////////3BQAAAAAAAAALPT/////////////////////////AP////////////QoAAAAAAAAABjg//////////////////////////8A///////////8SAAAAAAAAAAExP///////////////////////////wD//////////2wAAAAAAAAAAKD/////////////////////////////AP////////+YAAAAAAAAAAB8//////////////////////////////8A/////////wQAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/////////////wD/////////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/////////////AP////////8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP////////////8A/////////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/////////////wD/////////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/////////////AP////////8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8=', + 'width' => 40 + ), + ); + + return $_png; + } + + // These define base64_encoded raw png image data used + // when we cannot generate our own single png image + function define_raw_pngs() + { + $_png = array( + '0' => 'iVBORw0KGgoAAAANSUhEUgAAACgAAAAoCAAAAACpleexAAAAFXRFWHRDcmVhdGlvbiBUaW1lAAfTBQ4QKCNGXKO6AAAAB3RJTUUH0wUOEDQ6EUG1VwAAAAlwSFlzAAALEgAACxIB0t1+/AAAAXNJREFUeNpj/M9AHGAiUt2wVvhyaqAqKyOjpG3jQwaGv+e+IUn9RwJfSjjg4iwFP1aKJD6HyyErfGGAYrquIoP5E2wK/zigu0v5wH9sChdgeKDqP1aFGhBZmxv/z0Dd4IxV4RWIpMQHIPuJAITzAqEQETx7IFQIP5CQNoJwDmALxzMQCuyjg1chnBPYwtECwr8AZN41h0p6YHOjAkTuwf//77wYuCEcFWwKOWA2fM1iZuuHcASwKYQ55c9ENuasrxgRjKlwJS+D17v/hBUeUGYwv/sfn0IRiJQZJIbxuFEFagjvSlDUQNgK2GIGqpC1JRhIfoAqxBYz0DRhn8IMJO+giKEqhMaMJBeI3AHhIKdkRPqG8DlAifqFADyasKRHO6h1Z/6fMYEwTbCmx3cWGCl8CTaFwBhGz+M2/7EpXMvOnBmIok7jBVaFz/Mi3/1pQORrhpgPyOr+M8IL0j9/gKpeLjhy5QEwoDVsYuRR3cE4IktcAJNx8cJaZBeQAAAAAElFTkSuQmCC', + '1' => 'iVBORw0KGgoAAAANSUhEUgAAACgAAAAoCAAAAACpleexAAAAFXRFWHRDcmVhdGlvbiBUaW1lAAfTBQ4QMi//xxVKAAAAB3RJTUUH0wUOEDYLcqnX7wAAAAlwSFlzAAALEgAACxIB0t1+/AAAAHpJREFUeNpj/M9AHGAiUh1WhR8FGUGAsMKaD9iM/I8BlmCVwVS4hoUohT8qcNiFyv2zQIWBCIV3amRwu54RKcDRAgQ1KigIcJYK7CqR3QsCFmf+Y8qgeQakbANMAz6FKjUXECbj8zWa76nm61GFw1UhI10KqVGFNFQIADdK9Zj7PsV9AAAAAElFTkSuQmCC', + '2' => 'iVBORw0KGgoAAAANSUhEUgAAACgAAAAoCAAAAACpleexAAAAFXRFWHRDcmVhdGlvbiBUaW1lAAfTBQ4QMwPUBEjoAAAAB3RJTUUH0wUOEDUqFe2UcgAAAAlwSFlzAAALEgAACxIB0t1+/AAAAQxJREFUeNpj/M9AHGAiUt2owkGrkAWF93LFgStPfjCwyGiYRGijqfyPAH9aOJAkQl78RwbICkNQjdB4gUNhD7qzLLAr/CKA4YENSAoRvl7zAUJXvPmxhgfCXILVMxEQvg+IDVUhgtVqDYjkDhD7B2aQIMIx5cOTN29evLAAsaEKObBajQzmQOQMcIQjHLwQgSisIaDwBdS5LHfwK7yhAHVVyX+8CrdAA5HB5gdehQ3Yoxpd4ZcAmDqbD//xKISEIjhU//zHoxDmXQaeFRhOZ8CmzuDOf3wKf8DsDfnyH6/CHJi6P//xKjyDJethVehBpMI7DPgVwrPCCgb8AK5wDwGFcNMF8EkCASOx1QcAGUxu1untnFIAAAAASUVORK5CYII=', + '3' => 'iVBORw0KGgoAAAANSUhEUgAAACgAAAAoCAAAAACpleexAAAAFXRFWHRDcmVhdGlvbiBUaW1lAAfTBQ4QMxBQugk2AAAAB3RJTUUH0wUOEDU3duv4qwAAAAlwSFlzAAALEgAACxIB0t1+/AAAATdJREFUeNpj/M9AHGAiUt0IVciCzPm7ZceZB28YGBQkLHwcmNFU/keANRJI4ioH/qMAJIUlaHatwaFwBrqrOO5gVfiCB8P9KVgVVkAtnPDh/wkLCFsGq0IFiGQLiH0D06P/GWHJ7O+NOzfuXLlzQRrEhgSawHscwYPurxAcwQMBf/4/aIAYyHIGr8IEeDhO+Y9XoQNUncwOVHGMRPEDSovc+IkzrpGDCQgUbuC1WgBhhsIHfAp3vPn/oIIFKfRxKQSDGohCA4IKX0DTD7YoRAWMUJ9iyQpbn4DBBWUQ5yFEDDnFw622gXAzwBxoYvfB5sYlUI0lD/4/gWWKJdgU/tHAcKjCD6y+PsGCpo4FJbaRgmcNqkqWCThTzxkTJHXo+Ro1HA9uOPHiATDlKJj4eKCVFIzDqWgGAK7GW/haPS+zAAAAAElFTkSuQmCC', + '4' => 'iVBORw0KGgoAAAANSUhEUgAAACgAAAAoCAAAAACpleexAAAAFXRFWHRDcmVhdGlvbiBUaW1lAAfTBQ4QMyqWttCEAAAAB3RJTUUH0wUOEDUxn4hdngAAAAlwSFlzAAALEgAACxIB0t1+/AAAAKBJREFUeNpj/M9AHGAiUh2FCucyQgCK4H9McIAFixwWhQ8kGIhS+MWAgTiFIQzEKWxhIE7hFgbiFF7hASkQIajwjQpInuUAIYV/XMDyU/4TUlgAlk75T0jhArCszR9CCk+AY07mxX8CCp+AY47nzH8CCn+YgOWW/CekMAYsVfMfl0JGmCBq4kNEDp2zAn0UMmItABjRvDykPTO43DgyFQIANP6pTFLWAdoAAAAASUVORK5CYII=', + '5' => 'iVBORw0KGgoAAAANSUhEUgAAACgAAAAoCAAAAACpleexAAAAFXRFWHRDcmVhdGlvbiBUaW1lAAfTBQ4QMzPy3XhEAAAAB3RJTUUH0wUOEDUk8lW5dQAAAAlwSFlzAAALEgAACxIB0t1+/AAAAQpJREFUeNpj/M9AHGAiUt2oQuIVfmREBzgU3iHWxAfEKiTaRFpZnfAfAbAr/AsxUYagiVCbeQgqhPpFYmukLCOrZupRNJUIB02BCAjAZCK+/Ed2LoJZgm6bzRfsCgMw3JWAXaEBpg8uIGSRPPMBQmXc+P+iggXCnoOQZUQK1K8PgEAjGcQs7QGL6FzG5mtkcAUiyYIQYcRRUkDTLEIWR1b4ixamQMPhrKUP3rx48eDNFXmwdyFiOthixgXqaTAnBcKpwRaOS6A6Mx78fwBVx/IAm8I/KsTGzAkWNHUyb7Ar/L8GNSlK3MCRev7/v+CApC7kBUoUoAX4yQ0nHjwAWqpiE6GNFgNDoAwHAKC2Q2lMNcCmAAAAAElFTkSuQmCC', + '6' => 'iVBORw0KGgoAAAANSUhEUgAAACgAAAAoCAAAAACpleexAAAAFXRFWHRDcmVhdGlvbiBUaW1lAAfTBQ4QNAObRd4vAAAAB3RJTUUH0wUOEDUc2lcB6wAAAAlwSFlzAAALEgAACxIB0t1+/AAAATtJREFUeNpj/M9AHGAiUh2Gwq2puryMjKKmmSfRVf5HBkcMEBI+L1CkUBROYUE2QuMFLoVr0CzzwKHwhQC6szZgV1gAtfHI/xs2mEYywsPxp8QHEMVxQ56B4aaJiIKIiIRCPDZf74DwI/5jB4hwPAChbAgG+BWoExlOxkoysuqW3sUV4BoQ/p0SqARLB44AF4HIByDMKMCuEIu7phCrUOADNl/DgMOJ/09SIMwPC7B5hgfC1/kB4kRAOC7YrFaByM0Ac85AOCLYrFaBhSMIQNPlG2wBDg3HP2CSGU/MuEAoiKVXUWxB9cwPiG8UwEGSg5FCMNOjwZ4/byqgpqwgMoWr/MGeZ1agqWPZgSNz/Z+AqnDCf1wK/29B8qbKDhQpRtTE8HfLjjMP3jDwKJh4hKCGJSPNC6lRhTRWCABWpdoxd/bZ4QAAAABJRU5ErkJggg==', + '7' => 'iVBORw0KGgoAAAANSUhEUgAAACgAAAAoCAAAAACpleexAAAAFXRFWHRDcmVhdGlvbiBUaW1lAAfTBQ4QNA18/fMoAAAAB3RJTUUH0wUOEDUVo4u5TwAAAAlwSFlzAAALEgAACxIB0t1+/AAAAM9JREFUeNpj/M9AHGAiUt2oQnorZIGzGLFJIyJ40HqGhUiFPFuQ/YUFPBGBmLcDSQybwj8OEDOW/CegsAeiruQ/AYV3OMDqTP4QUugCceCN/wQUQn1a8Z+Awj8qYHUiHwgpXAAxcMJ/Qgp1wOoEPhBSuANiYM5/QgpjIAovEFL4gweszgAz0NASxZ4vYMqHYDKDBiIWhWhWa0CS1x9CVn+8AaYsmAlZfQRC6RDMChADGTQIKjxDrMI7EEoBi0JGlMJe8AOY+sFOSCEeQHQBAABCZ7xyT9fJhwAAAABJRU5ErkJggg==', + '8' => 'iVBORw0KGgoAAAANSUhEUgAAACgAAAAoCAAAAACpleexAAAAFXRFWHRDcmVhdGlvbiBUaW1lAAfTBQ4QNBeBnwpSAAAAB3RJTUUH0wUOEDUOKe5wowAAAAlwSFlzAAALEgAACxIB0t1+/AAAATVJREFUeNpj/M9AHGAiUt1AKmRB459cc+DBGwYWGQ2LEG1Umf/I4IELkozLA2QpFIUXJFDMEDiBQ+EHGTR3yHzArrAFwwct2BXqQGQ1zvw/owFh6mBXCDXmDJB5BsOrjEhxzfoHIgkiGCGB9xtrgEPtOwvEV6FWY4+ZAAgVc5LhZgKEGYI9wN+gBiPu4Pl/BFWlxA1cMfN/C0rUr8AVhX8K0KyuwaEwASNmarAqPACVTXnw/0oENBFewKYQGhYZYE4MVBM2hVAvQ1LhHQhHBVsUMjIgYhCdhy3PPASTd6GOxBYz0KhOQHajDjY3pkC1Rlz5fweqjqEAm8ILGK5gYLlDZICXYI+ZLzZo6gL+4EgUfyo4kJQJtCCpQ8kKQPB2zZ47L14AU5iMgUMAN7IM43AqHwdQIQAhMPz6Gz5V/wAAAABJRU5ErkJggg==', + '9' => 'iVBORw0KGgoAAAANSUhEUgAAACgAAAAoCAAAAACpleexAAAAFXRFWHRDcmVhdGlvbiBUaW1lAAfTBQ4QNCQ+T2tEAAAAB3RJTUUH0wUOEDUHUDLIBwAAAAlwSFlzAAALEgAACxIB0t1+/AAAAUZJREFUeNpj/M9AHGAiUh26wr9rE3V5GRlFTTM3/kVT+R8Z7FBBSKjsQJFCUTiFBcWMCbgUHmBBs20FdoV/VNDUMQi8wapwDVS65s2fPToQZgFWhRFIkm8kwGyeH9gUQm2+Aua0QDhb4LJI4XgHQmmDSRMIZw+emIEENAeEcwObQhEIdQHiABRbUGPGBSIQAWL/gHqbB5tnJkC1Fjz5f8IGwxwkhR8EsCQarFE4hViF/wsQCgKgHsSu8H8HLFkUQL2rgUPh/zslOiwMEjFH/kND2geXQvQgqMAWhSjgAIRygAswIuXCpXfevHjz4M0ZdQaGhxo/wAnyBTuWmPnvARGxuPH/iAa+9Ph/A7r9Ai+wK/zvg6ZwzX8cCl9oICtjmfIfl8L/bwIQ6gyO/Met8P//EwUmwHTJo5OyBU2CkdaF1KhCWisEAM/sJxmZkdWnAAAAAElFTkSuQmCC', + 'A' => 'iVBORw0KGgoAAAANSUhEUgAAACgAAAAoCAAAAACpleexAAAAFXRFWHRDcmVhdGlvbiBUaW1lAAfTBQ4QFwy1U7TfAAAAB3RJTUUH0wUOEC0ZKCZtPQAAAAlwSFlzAAALEgAACxIB0t1+/AAAAO1JREFUeNrt1LERwiAUBuAHZ2GRwsIypQMwQEZwgBQpM4QDZBSLFI7gCA5gQWGRdA5gkTuMSh48eMTUnq96wH98B+QiDCwruTD3D76qF676ueAp0Y9lSBXeSkFWaLAje3T+kkzK4SgpBzZw8pqxJWcdOJuRsyGPbWDk0tS20zw9SXsobdfytJVXdzNsP61i6Zt3K7Ht0UeUgbPdjsrOXMd+2IS2C2qb271HVWi7YANcNXFQsUEVBTXwNdl46jYRxPl52dnwRUZbhkLSDmS8DnxFRWiULxg8UxvobefuRR8ZQYDKtffVVcQWv/RrfgJC4bd0upw4MQAAAABJRU5ErkJggg==', + 'B' => 'iVBORw0KGgoAAAANSUhEUgAAACgAAAAoCAAAAACpleexAAAAFXRFWHRDcmVhdGlvbiBUaW1lAAfTBQ4QGAusrz2zAAAAB3RJTUUH0wUOEC01Gv4B3gAAAAlwSFlzAAALEgAACxIB0t1+/AAAANJJREFUeNpj/M9AHGAiUh0tFTKiAUHL2rsoKv9DARZDWFr+IwA+hQwMFcQqZDhCrMIIYhWK4FYIYv8444PuV+wK//9/A+UJwBUSCHAL3OEIsdoFyttCpGdiiAtHjoY/RCnk6PlBbBRKrCE6CqcQq5DlDs5whIT3CgUI788EvOEIBCegXB2YPCNMBSNMISqf5TeUjysK90LpP/itfrFEAhZCMHkWdKMYUbk2MAah7BqD02pUYEFkgMu8IE6hD0IdpmegwSejoKLjoY7syaFU7A0HhQA2e4cJytImvAAAAABJRU5ErkJggg==', + 'C' => 'iVBORw0KGgoAAAANSUhEUgAAACgAAAAoCAAAAACpleexAAAAFXRFWHRDcmVhdGlvbiBUaW1lAAfTBQ4QGBbPqVFqAAAAB3RJTUUH0wUOEC4BEGemqAAAAAlwSFlzAAALEgAACxIB0t1+/AAAASlJREFUeNpj/M9AHGAiUt2owkGrkAWV+3TDgRtPPjBwyGiYBOijSv1HAlcCkGUcTiDLISvsQDOeZQp2hQWYDpuCTeEEbD44ganwDgc2vxpgKoyAyUWc+f9hjgCMtwFd4RuYRxog/ueBcl3QFc6BSmj8gfBrwE40yFmCrjABqrAH5mSZgJ4jX7AEjwlU4Zn/OAAsrp9AaRlccc0IzdeMsBilOPWQrBDmtpfEKnwBpZ8qZq58i6IS6vscKHcBcgQYlOz4gh6OK6AKfaB8G5hN6Aq/wBLPHjB3CczCFIzUA0u2PD0v/j9pgaf1ExgK3wgwYAEOWFL4GizqWC5gyzM1mArnEJkLZ2DPhf//n3BAVmeDkq8ZUZPL3TUn7gBLCgYFBYsAcxQZRmKrDwABNsv9SJSDwwAAAABJRU5ErkJggg==', + 'D' => 'iVBORw0KGgoAAAANSUhEUgAAACgAAAAoCAAAAACpleexAAAAFXRFWHRDcmVhdGlvbiBUaW1lAAfTBQ4QGC1+orhOAAAAB3RJTUUH0wUOEC4yr7fHvgAAAAlwSFlzAAALEgAACxIB0t1+/AAAAM9JREFUeNpj/M9AHGAiUt1AKmSBsxiRhXlkNBxCpFFU/ocBTDMyPvxHADwKGRgUbhCpkEHiCZEKGRyIVciwArdCIPPFGg8YzwSvQiBogXFvEFD43wDKnQDl44yZGCh9glAU2sCsJqRQBkq/gMUw3G2wuP6PnU/H9PgRSgsQUvgESosQUngFSqsQUrgCSsNiCFcU7oBx9+CL6w8XamB5SeUPkelxAZEJ1+YPcQolXhCXFTTuEJULOUq+IOVrFgasQELBxMaHG1mEcTiVjwOoEADAIkCnGpmJKgAAAABJRU5ErkJggg==', + 'E' => 'iVBORw0KGgoAAAANSUhEUgAAACgAAAAoCAAAAACpleexAAAAFXRFWHRDcmVhdGlvbiBUaW1lAAfTBQ4QGDeDwEE0AAAAB3RJTUUH0wUOEC8CkHXGUwAAAAlwSFlzAAALEgAACxIB0t1+/AAAAD5JREFUeNpj/M9AHGAiUt2owkGrkAXGYMQqjUgJQ8EzpPsa05+D140oMYTk4KEQ4MMqZqgUhcM1czESW30AABfqB1XDnLzcAAAAAElFTkSuQmCC', + 'F' => 'iVBORw0KGgoAAAANSUhEUgAAACgAAAAoCAAAAACpleexAAAAFXRFWHRDcmVhdGlvbiBUaW1lAAfTBQ4QGQe8AkDZAAAAB3RJTUUH0wUOEC8JB6cf2wAAAAlwSFlzAAALEgAACxIB0t1+/AAAADlJREFUeNpj/M9AHGAiUt3wUsiCYDJikUYE3lDwDDm+xvTp4HUjIoaQXTsUAnxYxcyoQryAcUSWuAAW/gZTg/yEMAAAAABJRU5ErkJggg==', + 'G' => 'iVBORw0KGgoAAAANSUhEUgAAACgAAAAoCAAAAACpleexAAAAFXRFWHRDcmVhdGlvbiBUaW1lAAfTBQ4QGRFI1vWIAAAAB3RJTUUH0wUOEC8QY8y3GwAAAAlwSFlzAAALEgAACxIB0t1+/AAAASZJREFUeNpj/M9AHGAiUt0IVciCwvt7ZM+FOy8+MDBwSEho2AQII8v9R4A/U2RQtHEUfEBIIim8YYBhn8oNLAqP8GBxmcwbDIU3sKljYIhAV/jHgAE7uICmcAJMQqDmwp//D2YowPgxqAr/wPyr8QAi8EEHwleIQFW4BxYicG+eEHEomHECET5QhRVQhQn/cQFoFJ6AKgwgFNcPoFwdnAoZIXmGERahKDwkIdqlR1j4PiRW4RVCCmExvQenQrSYEXiDiAoUBfC4loAK23yBSnzArhCRehRmAJPFnRUxHDgU/lDA7zZECj/Cgl2dAkaeWYNVZcoHDIX/94hgKLM4gS27/v9QIICizGMDkiQjSon7c8eBCw+e/GFgkZEwsHCRRpZiHE5FMwCa2YE+WcAOUwAAAABJRU5ErkJggg==', + 'H' => 'iVBORw0KGgoAAAANSUhEUgAAACgAAAAoCAAAAACpleexAAAAFXRFWHRDcmVhdGlvbiBUaW1lAAfTBQ4QGRw2Z4k1AAAAB3RJTUUH0wUOEC8agxleBQAAAAlwSFlzAAALEgAACxIB0t1+/AAAAD1JREFUeNpj/M9AHGAiUt2oQvyABUozQml4+KMLDAXPDAWFLGh8RlwKh4JnaB88GOlxELhxVCFewDgEynAAN2sFVHAvevkAAAAASUVORK5CYII=', + 'I' => 'iVBORw0KGgoAAAANSUhEUgAAACgAAAAoCAAAAACpleexAAAAFXRFWHRDcmVhdGlvbiBUaW1lAAfTBQ4QGSlg1E0WAAAAB3RJTUUH0wUOEC86uHd+zQAAAAlwSFlzAAALEgAACxIB0t1+/AAAAD5JREFUeNpj/M9AHGAiUt1AKmRBMBkxJJE9OhQ8Q32FjGhxDQsjjCQwFDwzqnCwKkRKZqO5EBMwDqcSl2iFAMMeB0s/kLo2AAAAAElFTkSuQmCC', + 'J' => 'iVBORw0KGgoAAAANSUhEUgAAACgAAAAoCAAAAACpleexAAAAFXRFWHRDcmVhdGlvbiBUaW1lAAfTBQ4QGywiiNsbAAAAB3RJTUUH0wUOEDAFw0tdbgAAAAlwSFlzAAALEgAACxIB0t1+/AAAAKdJREFUeNpj/M9AHGAiUh3xClmwijJCaSR3Ud/qUYWjCklTyIHEhifctw8ePHgCxO+B7L9QMQlsChW+QOiX4gwMd6BiItisVoHSB6AYWQwM/kNBBszkC/9PwKyc8B8B4Ar3YPHMHWwK/xtgqAv4j1XhEfScK/EEu8L/a1BVStz4j0Ph/yPItoe8QFH3nxGlkNq75cKDB0DDVBwitNEcwjhwpdmoQrwAAN6ioiFapgUdAAAAAElFTkSuQmCC', + 'K' => 'iVBORw0KGgoAAAANSUhEUgAAACgAAAAoCAAAAACpleexAAAAFXRFWHRDcmVhdGlvbiBUaW1lAAfTBQ4QHAEoFhGpAAAAB3RJTUUH0wUOEDANzZDVXAAAAAlwSFlzAAALEgAACxIB0t1+/AAAAPZJREFUeNpj/M9AHGAiUt2owgFSyAgFMOGDrDARxkKo0H8wYEDh/b/AAzepACqEVeEdCQx1WBW+0ICry/mPR+EXE7i6kD94FP5xwaYOi8IIrOowFRbA1Xkgq8NQ2ANXZ/PlPx6FS3CpQ1fIAmOIoKn7jxbXf2CMNxvQIxvVRAQQ+YDXaiSQQqxChiOEFGoIQGidP/gVStxogLI68CqUuPH/BzSVcTzAoxCo7v//ObBIxK0QrO7/H1iCXIFT4QkIFxbaMh9wKYQJO0D5OYQUnoDF/QkCCuHJ1+APAYV3YOloAgGF8JTO84SAwjfQiGQIgPAZqV4rAACnKSarzdlc4gAAAABJRU5ErkJggg==', + 'L' => 'iVBORw0KGgoAAAANSUhEUgAAACgAAAAoCAAAAACpleexAAAAFXRFWHRDcmVhdGlvbiBUaW1lAAfTBQ4QHA64qQw4AAAAB3RJTUUH0wUOEDAXMPIsJgAAAAlwSFlzAAALEgAACxIB0t1+/AAAADlJREFUeNpj/M9AHGAiUt2QUMiCYDJCaezhMBQ8M6pwVCEdFLJgCjEisRH5Zyh4hvoKGUdkQUq0QgARaARRV9jUFQAAAABJRU5ErkJggg==', + 'M' => 'iVBORw0KGgoAAAANSUhEUgAAACgAAAAoCAAAAACpleexAAAAFXRFWHRDcmVhdGlvbiBUaW1lAAfTBQ4QHBhMfblpAAAAB3RJTUUH0wUOEDAqaJpgNwAAAAlwSFlzAAALEgAACxIB0t1+/AAAAPNJREFUeNrdlK0OgzAUhS8bCQYxMYmcmEAgEAgejQfZQyG2pAIxOYlATkAu691o2tvSYia2iv7lyzn3NG0jhG1tt5H7Aggom7ZuaKPhBFqKV+pFWDGjjcxStEAYXuvBkrKtoVX+gdRiK9i6sxjgeVGUMJzWwZLACaZOTqoAOAronmrlBuvPkQsIgHn8BqnE2AMmhaaYJ57jqTRFMwsDyW249XaJLhAujizm7UFM5XCUXTqiTvBLQYWRc7H3WWt+3NmlyGbOGh9q/45mjQxUb+CA6A2jSqu5MweX0ooQWLJxLYx6fz0GwmBOsww5GP3At/dX4Ayb7qpFI9y5ygAAAABJRU5ErkJggg==', + 'N' => 'iVBORw0KGgoAAAANSUhEUgAAACgAAAAoCAAAAACpleexAAAAFXRFWHRDcmVhdGlvbiBUaW1lAAfTBQ4QHC6DxyzwAAAAB3RJTUUH0wUOEDAye/b4YQAAAAlwSFlzAAALEgAACxIB0t1+/AAAALRJREFUeNpj/M9AHGAiUt0IV8gIARsRMlAROP8/BEB5Ii/+/0cVgXNRhRk8iFXIMIFYhRxXiFTIYPCDSIUMBcQqZNhDrEKZN0QqZAggViHDHIIKRSAUzx1CCrdAaZM/BBT+z4Eyaggp/KEDYbAcIaDw/wUWCEuBkML/PagBgFvhfxdiFT4RIVLh/zXEKvyfQqzCLypEKvx/hoVIhf9biFX4x4ZIhf8fCBCp8P8KNBHG4VQ0AwDEOyeZhO5p1AAAAABJRU5ErkJggg==', + 'O' => 'iVBORw0KGgoAAAANSUhEUgAAACgAAAAoCAAAAACpleexAAAAFXRFWHRDcmVhdGlvbiBUaW1lAAfTBQ4QHQExDSDoAAAAB3RJTUUH0wUOEDA4myMRfwAAAAlwSFlzAAALEgAACxIB0t1+/AAAATtJREFUeNpj/M9AHGAiUt3wUsiCyv265ciZJ08YGGRkDGwCuFGk/iOBDwU8SDIcGS+Q5JAV7hBBs45nAVaFC1gwXTYBi8IdWNQxMCzAUPhBBJs6Bp4n6AoLYFI6az78f7NEB8ZNQFP4QwAqEfADwg+A+f0NqsI1UHGBDzCnSKC6EhYzB6B0Cj+UwZ+CKgNTeAZKu8C94QGlL6DGjAyU+wAeXC+gIiIQLiM0KzDC9CFCBlWICsnsL3aFMDc+hcs8QZWBKYSF2g24whvYFZpA6T1whUegNCwyoYGxAmYyLGZ+wOxYghqFX2BpO+APmP8nBspHj2uk1LPizf8PGyxgXPTUQ3x6JDqF//8/AYs6bHkGmCYF0O3FnguBCSaFA0kZS8IDJDlG1IIUVFK8eABMWzI6DgHCyDKMI7LEBQCD5YgI9wbKGgAAAABJRU5ErkJggg==', + 'P' => 'iVBORw0KGgoAAAANSUhEUgAAACgAAAAoCAAAAACpleexAAAAFXRFWHRDcmVhdGlvbiBUaW1lAAfTBQ4QHQvR2Mn2AAAAB3RJTUUH0wUOEDEDMzPJGgAAAAlwSFlzAAALEgAACxIB0t1+/AAAAKVJREFUeNpj/M9AHGAiUh05ChlRAKdu4k5Ulf9hANMQiwf/EQCfQgaJB0QqZHAhViHDEbg0AV8vwRM8QN0v5vBAOSfw+BrMWQDl8MClGeEKGGEKQcRXHmQemTGD1RMy+N14o4MDyvGAS7NgGMaIzPHAYyIy4HhBZMy0EBmFIX+IUsjRgqQOi2fAgEVBwyVGGEUEQw2O3EbLzDWSFDIOhtJsVCEWAAC/Yt2X+2PYcgAAAABJRU5ErkJggg==', + 'Q' => 'iVBORw0KGgoAAAANSUhEUgAAACgAAAAoCAAAAACpleexAAAAFXRFWHRDcmVhdGlvbiBUaW1lAAfTBQ4QHRxSC0wxAAAAB3RJTUUH0wUOEDEKSu9xvgAAAAlwSFlzAAALEgAACxIB0t1+/AAAAW1JREFUeNpj/M9AHGAiUt2QUMiCzPm65cCZF08YGGRkDBx8uNFU/oeDDwU8SOIcBS/+IwOEwh0iaEYIrMCqcA4LprsmYFG4A4s6BoYFGAo/iGBTx8DzAl1hAUxKZ8WH/29W6MC4KWgKfwhAJXx+gPl/QmB+/4KqcANUXOQDVPiLBFRkCUwhJGb2wGzihzK4U6CMA6hReAbKc4F7wwFKX0CNGRkoB+HJJ1ARGZgAIziFM8J0IUIGXYjMZPaXkEJYYDyBiz+EuRFVoQKUdwWIz6qWvmRguAMVkUBVaIIUalPu9GgshIefAWrwrIHp//L/DQc4KjFiBi2uQ/7832KB5AX0uP5fAZOx2PDhfwNCIXrq+f9BhgEb4HmCkcL3YE3hSHkBnmfWYFMpsoaYXAgGDgcwFKLlaxYOCG2DqRCYrldkmIACUMIgZsaTI5Cg3IBNISp4AoovlT+EFf7/kYPkb3wK//8/YAGPGcYhUIYDAHBC9Yak1w7iAAAAAElFTkSuQmCC', + 'R' => 'iVBORw0KGgoAAAANSUhEUgAAACgAAAAoCAAAAACpleexAAAAFXRFWHRDcmVhdGlvbiBUaW1lAAfTBQ4QHSkEuIgSAAAAB3RJTUUH0wUOEDEUsOBM3QAAAAlwSFlzAAALEgAACxIB0t1+/AAAAOZJREFUeNpj/M9AHGAiUh0NFLJAaUY0YRkJHYcQdmSh/xCAzRCZHf8RAJ9CBpYNRCpkEHgBV4jfMx+mEOVGIDDAaTWY82aPBZTLgV8hUCkaH6cbP8B8gxHgyODjgwstMDfiVIgWQyFE+lrhB3EBznOFuJgxuUFMXPPEbPmDpA53FH55osKMIoAe4F826MDMvPMfj9WgWFGBBeIf/Ar/H4FxJhBQ+B8WzCIfCCi8A4uvBgIK/2fA/POCgMIXHFBuDqH02ABLM3cIKPwgAuVHEFD4fwJM4AIBhT9goe4AFWAcAsXesFIIAEvJyZHTCSiTAAAAAElFTkSuQmCC', + 'S' => 'iVBORw0KGgoAAAANSUhEUgAAACgAAAAoCAAAAACpleexAAAAFXRFWHRDcmVhdGlvbiBUaW1lAAfTBQ4QHTRnvuTLAAAAB3RJTUUH0wUOEDEbIF9RTAAAAAlwSFlzAAALEgAACxIB0t1+/AAAAVZJREFUeNpj/M9AHGAiUt2oQvyABYX398CWK3de/GBgkVEw8HFgRpH7jwSWqCDLyCxAlkNS+CcG3boY7AozMB3Wgk3hGSw+4HgBl0b4egIWhT9mYPGMBFQg4MH/D2tgvrKASzPC0yMjlP7CDSTOmrDIMDDwiHBsxzSRBypw5j9WgFDoAPNAxIQjX/ApXIDsC4OCLV9wKfzjwIACOEIO4IiZFxbooePzAqvC/z9qONBUStzAqvD//zc9BqgqNX5gVwgETxbkmCClvSk4FYLdsCMCptAGI2YSGV78+PLmz5MX4mDu1ByIMM9n9JiBxe4caGChy8MZMMsUIEFyAMoVwVC4BGaEwpI3/9/MEYGlJQyFPwQYsIE1mL7GlnCR0iNSXLtgqpO4gy1mvtigq1NAxCBKgP9pEUFWxlOCnNIYUYrmn3v23Ljx5gsw88sYOPhwI0sxDoEyHAABtSc836a1EQAAAABJRU5ErkJggg==', + 'T' => 'iVBORw0KGgoAAAANSUhEUgAAACgAAAAoCAAAAACpleexAAAAFXRFWHRDcmVhdGlvbiBUaW1lAAfTBQ4QHgUdTbcyAAAAB3RJTUUH0wUOEDEgkVS4aAAAAAlwSFlzAAALEgAACxIB0t1+/AAAADdJREFUeNpj/M9AHGAiUt0IVcgCpRlxyMODeSh4hmiFjGipB+Z7jEQ1FDwzqnBU4WBSyDicimYAb/AFTaJpyH8AAAAASUVORK5CYII=', + 'U' => 'iVBORw0KGgoAAAANSUhEUgAAACgAAAAoCAAAAACpleexAAAAFXRFWHRDcmVhdGlvbiBUaW1lAAfTBQ4QHhEHl2NPAAAAB3RJTUUH0wUOEDEon48wWgAAAAlwSFlzAAALEgAACxIB0t1+/AAAAKlJREFUeNpj/M9AHGAiUh3xClmgNCOUhrsEXYD6Vo8qHFVIuUIVKP0USr+E0jLoCjWg9A4ovQVNHJjUIaADZsILMPeFApRfA5X/D1N4AaZRYc6b/2+WwNQxXEBX+N8Bqxcc/mMoPMGCRR3LBUyF/2dgUTjjPxaF/6egm8ky5T9Whf9P2KCoMziBJPefEaWQurjnzIMXL34wsMhoWHiYo2hjHLjSbFQhXgAAKzejCLAOcVMAAAAASUVORK5CYII=', + 'V' => 'iVBORw0KGgoAAAANSUhEUgAAACgAAAAoCAAAAACpleexAAAAFXRFWHRDcmVhdGlvbiBUaW1lAAfTBQ4QHh/gL05IAAAAB3RJTUUH0wUOEDEuduyVbwAAAAlwSFlzAAALEgAACxIB0t1+/AAAAVNJREFUeNpj/M9AHGAiUt2owoFRaMgIAYlIMqlQMUMo/z8ITIByRP78hwMRqNgECBei8AULVPQIXN0RqAjLGwgfYrW4B1R4DdzmLVDaQxjZ6v8roDwVuIkqMK3/ka3+/0MAKn4FKn4D5uof/5GtZmCPgEpsQHNDBDsDitVwt5tA+RZQ/pn/qFYj3PQEzHsC5WnA3QyPmQQU3+5AE0VYDTfDBcxzgQbik/8YVv93gMp9AbK/cEAD8T+m1TBb/oD8veEHhs0IE2GmxADZMRAmz4//WKxGkv3DA2Gm/MeqcA/Ujj1w1hHsCv/LQKQz/megRzyawgqIvAxMRwsuhbCEAEvGT3AphEUwNCU5IEv9R8lcUH9/wAxE5HAEgjccSBI8X3CbKOyBxAnhxm3i/w1IEgdQZFA98/+PCFydDKo6VKsZmGPQ0wgOq/+fgYvfQTORkeq1AgCIAvD7+THsDgAAAABJRU5ErkJggg==', + 'W' => 'iVBORw0KGgoAAAANSUhEUgAAACgAAAAoCAAAAACpleexAAAAFXRFWHRDcmVhdGlvbiBUaW1lAAfTBQ4QFhZRKnzkAAAAB3RJTUUH0wUOEDIR66frkQAAAAlwSFlzAAALEgAACxIB0t1+/AAAAXNJREFUeNrtlK1ywkAUhZdMZsJMKyIqKhAIBAKBiEBEVCDyCJV9iIo+Do9QGRERgUBEVCAqKhAIREVERURnTvfn3t27xSA6g+kOQ/ZkP/aec5NlBHXZSC7k/sE/AhUwoVkDPQ58/2RUQ2IC6B1XpN7MV8tg62/pUdjSDO7OwR2J0pbekpqZYlMG50bNSGwBDQ4pyV5YtCZ7mqZf1mO2IN2Jynba0XRx49pThjQCbEKWFfVRpIlBzlK4PuLdpxEWlTr4LHvYMEDOaTYS3HCW3DAJt8mmaSXYchZbOfEzkyYGZRbrEbX8qe7GMpLqFeyxV9F4fon1pwcxjxbqJpJTBPBJLoyHYSz1I3xq78aOMssepHZZHFjKhbX9/AZd6e9bsdABeyHTQXiE2PLO6PugCwiP/r1QVLYSlpXwKE1Wno7b7jY+hoWj0aegPyA9+jPrzgqwZJ0j8hhMVtElmDoD19FFPAvamc+sOXBm+KdYEzC63p/9D7Tr72kj/8qjAAAAAElFTkSuQmCC', + 'X' => 'iVBORw0KGgoAAAANSUhEUgAAACgAAAAoCAAAAACpleexAAAAFXRFWHRDcmVhdGlvbiBUaW1lAAfTBQ4QHi/G9n7kAAAAB3RJTUUH0wUOEDIXAsROpAAAAAlwSFlzAAALEgAACxIB0t1+/AAAAT9JREFUeNpj/M9AHGAiUt3IVhjKCAFr4RJroSKBMIH/YPBEAMITeQLh//8gAxHggQlAFf6fAdXnA+WnQPkT/qMp/O8AlVkA5h2A8kz+YCi8wQGREngA5PxQgXBYzvzHUPi/A2qIA5BdAmUX/Mei8I8BVHbK/wssEJbMB2wK/5+ASvPcgGlZ8x+rQriFAmghgKHwiwJKXPA8wKXw/x4UhT3/cSr8n4CkzuAPHoVvRODqWE6gyPxHTT1ffiAUCjCgAhRtDkgSFnisnoJixAScCh/wEBk8DmiucsChcA5MQQSMMQWrQlgiZ0iAByey5QiFPlBZnS//v+hgxjZc4QKYKVeAnCswby3AUAi3eAGKNoEn6Ap94A5EjXUfNIUrEA6EALgzl6AohCUGsAMhAOZMkTfICkMw3I5wZgiEyzicimYAFRFkVwgDfJ0AAAAASUVORK5CYII=', + 'Y' => 'iVBORw0KGgoAAAANSUhEUgAAACgAAAAoCAAAAACpleexAAAAFXRFWHRDcmVhdGlvbiBUaW1lAAfTBQ4QHjkyIsu1AAAAB3RJTUUH0wUOEDIkvRQvsgAAAAlwSFlzAAALEgAACxIB0t1+/AAAANJJREFUeNrt1L0NgzAQBWAcUVB6AAZgBAoKhmAICoZgCAoKxmAECkbwABSUlBRILwF8duwYhFJEihJ37+6T5T9g8K6N20X3FdDDNjKKOeTIqZLtWcKBU73bCx1lPhgQNTWieY1zRLmGCZFQp1xTSSmBDUUgW754BF+GQLxAPUkMxMb0FlzUsqpKLXhxQPRqo+oIerggCvuMC7jhFJounA4gWhO2OIL6Jp/uzglHrh0fTyAaDRucQaTkUpxDQVBYDWZ/hYze6bsv/A8/DNlP/kgvwzuer4kCMGPZDgAAAABJRU5ErkJggg==', + 'Z' => 'iVBORw0KGgoAAAANSUhEUgAAACgAAAAoCAAAAACpleexAAAAFXRFWHRDcmVhdGlvbiBUaW1lAAfTBQ4QHwfqWOdfAAAAB3RJTUUH0wUOEDIrLasyIwAAAAlwSFlzAAALEgAACxIB0t1+/AAAAL5JREFUeNrl1C0OwkAQBWCWQIJEVPQIFT0GAlHBMRBIBKIHqahAIDlERY9R0UOs3ORh5qVLunmp5GfUZvczbzKzDqtltV7ofgtueHCp16h33xBGwn0KYqoTO/J868Csaj418e0cPujOkLDfmTsECcfcXOGhoC/NZQMUDBUDd5DwxiAtJGzprpCw48xVQcIhM1d6KOgLc/kIBcORgXtIeGGQOyRs6Oq0g7P92YbkRE7bRZhcwhh+6nLF5f7yx30B8Z7FgxzMWtEAAAAASUVORK5CYII=', + ); + + return $_png; + } + + ?> \ No newline at end of file diff -crN phpbb201/includes/usercp_email.php phpbb2017/includes/usercp_email.php *** phpbb201/includes/usercp_email.php Sat Jul 10 20:16:16 2004 --- phpbb2017/includes/usercp_email.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: usercp_email.php,v 1.7.2.3 2002/05/20 00:21:38 psotfx Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: usercp_email.php,v 1.7.2.13 2003/06/06 18:02:15 acydburn Exp $ * * ***************************************************************************/ *************** *** 27,35 **** exit; } if ( !empty($HTTP_GET_VARS[POST_USERS_URL]) || !empty($HTTP_POST_VARS[POST_USERS_URL]) ) { ! $user_id = ( !empty($HTTP_GET_VARS[POST_USERS_URL]) ) ? $HTTP_GET_VARS[POST_USERS_URL] : $HTTP_POST_VARS[POST_USERS_URL]; } else { --- 27,41 ---- exit; } + // Is send through board enabled? No, return to index + if (!$board_config['board_email_form']) + { + redirect(append_sid("index.$phpEx", true)); + } + if ( !empty($HTTP_GET_VARS[POST_USERS_URL]) || !empty($HTTP_POST_VARS[POST_USERS_URL]) ) { ! $user_id = ( !empty($HTTP_GET_VARS[POST_USERS_URL]) ) ? intval($HTTP_GET_VARS[POST_USERS_URL]) : intval($HTTP_POST_VARS[POST_USERS_URL]); } else { *************** *** 38,45 **** if ( !$userdata['session_logged_in'] ) { ! header('Location: ' . append_sid("login.$phpEx?redirect=profile.$phpEx&mode=email&" . POST_USERS_URL . "=$user_id", true)); ! exit; } $sql = "SELECT username, user_email, user_viewemail, user_lang --- 44,50 ---- if ( !$userdata['session_logged_in'] ) { ! redirect(append_sid("login.$phpEx?redirect=profile.$phpEx&mode=email&" . POST_USERS_URL . "=$user_id", true)); } $sql = "SELECT username, user_email, user_viewemail, user_lang *************** *** 94,101 **** include($phpbb_root_path . 'includes/emailer.'.$phpEx); $emailer = new emailer($board_config['smtp_delivery']); ! $email_headers = 'Return-Path: ' . $userdata['user_email'] . "\nFrom: " . $userdata['user_email'] . "\n"; ! $email_headers .= 'X-AntiAbuse: Board servername - ' . $server_name . "\n"; $email_headers .= 'X-AntiAbuse: User_id - ' . $userdata['user_id'] . "\n"; $email_headers .= 'X-AntiAbuse: Username - ' . $userdata['username'] . "\n"; $email_headers .= 'X-AntiAbuse: User IP - ' . decode_ip($user_ip) . "\n"; --- 99,108 ---- include($phpbb_root_path . 'includes/emailer.'.$phpEx); $emailer = new emailer($board_config['smtp_delivery']); ! $emailer->from($userdata['user_email']); ! $emailer->replyto($userdata['user_email']); ! ! $email_headers = 'X-AntiAbuse: Board servername - ' . $server_name . "\n"; $email_headers .= 'X-AntiAbuse: User_id - ' . $userdata['user_id'] . "\n"; $email_headers .= 'X-AntiAbuse: Username - ' . $userdata['username'] . "\n"; $email_headers .= 'X-AntiAbuse: User IP - ' . decode_ip($user_ip) . "\n"; *************** *** 117,127 **** if ( !empty($HTTP_POST_VARS['cc_email']) ) { ! $email_headers = 'Return-Path: ' . $userdata['user_email'] . "\nFrom: " . $userdata['user_email'] . "\n"; $emailer->use_template('profile_send_email'); $emailer->email_address($userdata['user_email']); $emailer->set_subject($subject); - $emailer->extra_headers($email_headers); $emailer->assign_vars(array( 'SITENAME' => $board_config['sitename'], --- 124,134 ---- if ( !empty($HTTP_POST_VARS['cc_email']) ) { ! $emailer->from($userdata['user_email']); ! $emailer->replyto($userdata['user_email']); $emailer->use_template('profile_send_email'); $emailer->email_address($userdata['user_email']); $emailer->set_subject($subject); $emailer->assign_vars(array( 'SITENAME' => $board_config['sitename'], *************** *** 170,176 **** $template->assign_vars(array( 'USERNAME' => $username, ! 'S_POST_ACTION' => append_sid("profile.$phpEx?&mode=email&" . POST_USERS_URL . "=$user_id"), 'L_SEND_EMAIL_MSG' => $lang['Send_email_msg'], 'L_RECIPIENT' => $lang['Recipient'], --- 177,184 ---- $template->assign_vars(array( 'USERNAME' => $username, ! 'S_HIDDEN_FIELDS' => '', ! 'S_POST_ACTION' => append_sid("profile.$phpEx?mode=email&" . POST_USERS_URL . "=$user_id"), 'L_SEND_EMAIL_MSG' => $lang['Send_email_msg'], 'L_RECIPIENT' => $lang['Recipient'], diff -crN phpbb201/includes/usercp_register.php phpbb2017/includes/usercp_register.php *** phpbb201/includes/usercp_register.php Sat Jul 10 20:16:15 2004 --- phpbb2017/includes/usercp_register.php Tue Jul 19 22:14:56 2005 *************** *** 1,12 **** set_filenames(array( 'body' => 'agreement.tpl') ); $template->assign_vars(array( ! 'REGISTRATION' => $lang['Registration'], ! 'AGREEMENT' => $lang['Reg_agreement'], ! "AGREE_OVER_13" => $lang['Agree_over_13'], ! "AGREE_UNDER_13" => $lang['Agree_under_13'], ! 'DO_NOT_AGREE' => $lang['Agree_not'], "U_AGREE_OVER13" => append_sid("profile.$phpEx?mode=register&agreed=true"), "U_AGREE_UNDER13" => append_sid("profile.$phpEx?mode=register&agreed=true&coppa=true")) --- 21,66 ---- * ***************************************************************************/ + /* + + This code has been modified from its original form by psoTFX @ phpbb.com + Changes introduce the back-ported phpBB 2.2 visual confirmation code. + + NOTE: Anyone using the modified code contained within this script MUST include + a relevant message such as this in usercp_register.php ... failure to do so + will affect a breach of Section 2a of the GPL and our copyright + + png visual confirmation system : (c) phpBB Group, 2003 : All Rights Reserved + + */ + if ( !defined('IN_PHPBB') ) { die("Hacking attempt"); exit; } + $unhtml_specialchars_match = array('#>#', '#<#', '#"#', '#&#'); + $unhtml_specialchars_replace = array('>', '<', '"', '&'); + // --------------------------------------- // Load agreement template since user has not yet // agreed to registration conditions/coppa // function show_coppa() { ! global $userdata, $template, $lang, $phpbb_root_path, $phpEx; $template->set_filenames(array( 'body' => 'agreement.tpl') ); $template->assign_vars(array( ! 'REGISTRATION' => $lang['Registration'], ! 'AGREEMENT' => $lang['Reg_agreement'], ! "AGREE_OVER_13" => $lang['Agree_over_13'], ! "AGREE_UNDER_13" => $lang['Agree_under_13'], ! 'DO_NOT_AGREE' => $lang['Agree_not'], "U_AGREE_OVER13" => append_sid("profile.$phpEx?mode=register&agreed=true"), "U_AGREE_UNDER13" => append_sid("profile.$phpEx?mode=register&agreed=true&coppa=true")) *************** *** 73,83 **** // // Check and initialize some variables if needed // ! if ( ! isset($HTTP_POST_VARS['submit']) || ! isset($HTTP_POST_VARS['avatargallery']) || ! isset($HTTP_POST_VARS['submitavatar']) || ! isset($HTTP_POST_VARS['cancelavatar']) || $mode == 'register' ) { include($phpbb_root_path . 'includes/functions_validate.'.$phpEx); --- 89,99 ---- // // Check and initialize some variables if needed // ! if ( ! isset($HTTP_POST_VARS['submit']) || ! isset($HTTP_POST_VARS['avatargallery']) || ! isset($HTTP_POST_VARS['submitavatar']) || ! isset($HTTP_POST_VARS['cancelavatar']) || $mode == 'register' ) { include($phpbb_root_path . 'includes/functions_validate.'.$phpEx); *************** *** 87,102 **** if ( $mode == 'editprofile' ) { $user_id = intval($HTTP_POST_VARS['user_id']); ! $current_email = trim(strip_tags(htmlspecialchars($HTTP_POST_VARS['current_email']))); } $strip_var_list = array('username' => 'username', 'email' => 'email', 'icq' => 'icq', 'aim' => 'aim', 'msn' => 'msn', 'yim' => 'yim', 'website' => 'website', 'location' => 'location', 'occupation' => 'occupation', 'interests' => 'interests'); while( list($var, $param) = @each($strip_var_list) ) { if ( !empty($HTTP_POST_VARS[$param]) ) { ! $$var = trim(strip_tags($HTTP_POST_VARS[$param])); } } --- 103,122 ---- if ( $mode == 'editprofile' ) { $user_id = intval($HTTP_POST_VARS['user_id']); ! $current_email = trim(htmlspecialchars($HTTP_POST_VARS['current_email'])); } $strip_var_list = array('username' => 'username', 'email' => 'email', 'icq' => 'icq', 'aim' => 'aim', 'msn' => 'msn', 'yim' => 'yim', 'website' => 'website', 'location' => 'location', 'occupation' => 'occupation', 'interests' => 'interests'); + $strip_var_list['confirm_code'] = 'confirm_code'; + // Strip all tags from data ... may p**s some people off, bah, strip_tags is + // doing the job but can still break HTML output ... have no choice, have + // to use htmlspecialchars ... be prepared to be moaned at. while( list($var, $param) = @each($strip_var_list) ) { if ( !empty($HTTP_POST_VARS[$param]) ) { ! $$var = trim(htmlspecialchars($HTTP_POST_VARS[$param])); } } *************** *** 110,120 **** } } - $username = str_replace(' ', '', $username); - $email = htmlspecialchars($email); $signature = str_replace('
', "\n", $signature); ! // Run some validation on the optional fields. These are pass-by-ref, so they'll be changed to // empty strings if they fail. validate_optional_fields($icq, $aim, $msn, $yim, $website, $location, $occupation, $interests, $signature); --- 130,138 ---- } } $signature = str_replace('
', "\n", $signature); ! // Run some validation on the optional fields. These are pass-by-ref, so they'll be changed to // empty strings if they fail. validate_optional_fields($icq, $aim, $msn, $yim, $website, $location, $occupation, $interests, $signature); *************** *** 122,128 **** $allowviewonline = ( isset($HTTP_POST_VARS['hideonline']) ) ? ( ($HTTP_POST_VARS['hideonline']) ? 0 : TRUE ) : TRUE; $notifyreply = ( isset($HTTP_POST_VARS['notifyreply']) ) ? ( ($HTTP_POST_VARS['notifyreply']) ? TRUE : 0 ) : 0; $notifypm = ( isset($HTTP_POST_VARS['notifypm']) ) ? ( ($HTTP_POST_VARS['notifypm']) ? TRUE : 0 ) : TRUE; ! $popuppm = ( isset($HTTP_POST_VARS['popup_pm']) ) ? ( ($HTTP_POST_VARS['popup_pm']) ? TRUE : 0 ) : TRUE; if ( $mode == 'register' ) { --- 140,146 ---- $allowviewonline = ( isset($HTTP_POST_VARS['hideonline']) ) ? ( ($HTTP_POST_VARS['hideonline']) ? 0 : TRUE ) : TRUE; $notifyreply = ( isset($HTTP_POST_VARS['notifyreply']) ) ? ( ($HTTP_POST_VARS['notifyreply']) ? TRUE : 0 ) : 0; $notifypm = ( isset($HTTP_POST_VARS['notifypm']) ) ? ( ($HTTP_POST_VARS['notifypm']) ? TRUE : 0 ) : TRUE; ! $popup_pm = ( isset($HTTP_POST_VARS['popup_pm']) ) ? ( ($HTTP_POST_VARS['popup_pm']) ? TRUE : 0 ) : TRUE; if ( $mode == 'register' ) { *************** *** 138,144 **** $allowhtml = ( isset($HTTP_POST_VARS['allowhtml']) ) ? ( ($HTTP_POST_VARS['allowhtml']) ? TRUE : 0 ) : $userdata['user_allowhtml']; $allowbbcode = ( isset($HTTP_POST_VARS['allowbbcode']) ) ? ( ($HTTP_POST_VARS['allowbbcode']) ? TRUE : 0 ) : $userdata['user_allowbbcode']; ! $allowsmilies = ( isset($HTTP_POST_VARS['allowsmilies']) ) ? ( ($HTTP_POST_VARS['allowsmilies']) ? TRUE : 0 ) : $userdata['user_allowsmiles']; } $user_style = ( isset($HTTP_POST_VARS['style']) ) ? intval($HTTP_POST_VARS['style']) : $board_config['default_style']; --- 156,162 ---- $allowhtml = ( isset($HTTP_POST_VARS['allowhtml']) ) ? ( ($HTTP_POST_VARS['allowhtml']) ? TRUE : 0 ) : $userdata['user_allowhtml']; $allowbbcode = ( isset($HTTP_POST_VARS['allowbbcode']) ) ? ( ($HTTP_POST_VARS['allowbbcode']) ? TRUE : 0 ) : $userdata['user_allowbbcode']; ! $allowsmilies = ( isset($HTTP_POST_VARS['allowsmilies']) ) ? ( ($HTTP_POST_VARS['allowsmilies']) ? TRUE : 0 ) : $userdata['user_allowsmile']; } $user_style = ( isset($HTTP_POST_VARS['style']) ) ? intval($HTTP_POST_VARS['style']) : $board_config['default_style']; *************** *** 147,153 **** { if ( preg_match('/^[a-z_]+$/i', $HTTP_POST_VARS['language']) ) { ! $user_lang = $HTTP_POST_VARS['language']; } else { --- 165,171 ---- { if ( preg_match('/^[a-z_]+$/i', $HTTP_POST_VARS['language']) ) { ! $user_lang = htmlspecialchars($HTTP_POST_VARS['language']); } else { *************** *** 161,171 **** } $user_timezone = ( isset($HTTP_POST_VARS['timezone']) ) ? doubleval($HTTP_POST_VARS['timezone']) : $board_config['board_timezone']; - $user_dateformat = ( !empty($HTTP_POST_VARS['dateformat']) ) ? trim($HTTP_POST_VARS['dateformat']) : $board_config['default_dateformat']; ! $user_avatar_local = ( isset($HTTP_POST_VARS['avatarselect']) && !empty($HTTP_POST_VARS['submitavatar']) && $board_config['allow_avatar_local'] ) ? $HTTP_POST_VARS['avatarselect'] : ( ( isset($HTTP_POST_VARS['avatarlocal']) ) ? $HTTP_POST_VARS['avatarlocal'] : '' ); ! $user_avatar_remoteurl = ( !empty($HTTP_POST_VARS['avatarremoteurl']) ) ? trim($HTTP_POST_VARS['avatarremoteurl']) : ''; $user_avatar_upload = ( !empty($HTTP_POST_VARS['avatarurl']) ) ? trim($HTTP_POST_VARS['avatarurl']) : ( ( $HTTP_POST_FILES['avatar']['tmp_name'] != "none") ? $HTTP_POST_FILES['avatar']['tmp_name'] : '' ); $user_avatar_name = ( !empty($HTTP_POST_FILES['avatar']['name']) ) ? $HTTP_POST_FILES['avatar']['name'] : ''; $user_avatar_size = ( !empty($HTTP_POST_FILES['avatar']['size']) ) ? $HTTP_POST_FILES['avatar']['size'] : 0; --- 179,199 ---- } $user_timezone = ( isset($HTTP_POST_VARS['timezone']) ) ? doubleval($HTTP_POST_VARS['timezone']) : $board_config['board_timezone']; ! $sql = "SELECT config_value ! FROM " . CONFIG_TABLE . " ! WHERE config_name = 'default_dateformat'"; ! if ( !($result = $db->sql_query($sql)) ) ! { ! message_die(GENERAL_ERROR, 'Could not select default dateformat', '', __LINE__, __FILE__, $sql); ! } ! $row = $db->sql_fetchrow($result); ! $board_config['default_dateformat'] = $row['config_value']; ! $user_dateformat = ( !empty($HTTP_POST_VARS['dateformat']) ) ? trim(htmlspecialchars($HTTP_POST_VARS['dateformat'])) : $board_config['default_dateformat']; ! ! $user_avatar_local = ( isset($HTTP_POST_VARS['avatarselect']) && !empty($HTTP_POST_VARS['submitavatar']) && $board_config['allow_avatar_local'] ) ? htmlspecialchars($HTTP_POST_VARS['avatarselect']) : ( ( isset($HTTP_POST_VARS['avatarlocal']) ) ? htmlspecialchars($HTTP_POST_VARS['avatarlocal']) : '' ); ! $user_avatar_remoteurl = ( !empty($HTTP_POST_VARS['avatarremoteurl']) ) ? trim(htmlspecialchars($HTTP_POST_VARS['avatarremoteurl'])) : ''; $user_avatar_upload = ( !empty($HTTP_POST_VARS['avatarurl']) ) ? trim($HTTP_POST_VARS['avatarurl']) : ( ( $HTTP_POST_FILES['avatar']['tmp_name'] != "none") ? $HTTP_POST_FILES['avatar']['tmp_name'] : '' ); $user_avatar_name = ( !empty($HTTP_POST_FILES['avatar']['name']) ) ? $HTTP_POST_FILES['avatar']['name'] : ''; $user_avatar_size = ( !empty($HTTP_POST_FILES['avatar']['size']) ) ? $HTTP_POST_FILES['avatar']['size'] : 0; *************** *** 174,186 **** $user_avatar = ( empty($user_avatar_loc) && $mode == 'editprofile' ) ? $userdata['user_avatar'] : ''; $user_avatar_type = ( empty($user_avatar_loc) && $mode == 'editprofile' ) ? $userdata['user_avatar_type'] : ''; ! if ( isset($HTTP_POST_VARS['avatargallery']) || isset($HTTP_POST_VARS['submitavatar']) || isset($HTTP_POST_VARS['cancelavatar']) ) { $username = stripslashes($username); $email = stripslashes($email); ! $cur_password = stripslashes($cur_password); ! $new_password = stripslashes($new_password); ! $password_confirm = stripslashes($password_confirm); $icq = stripslashes($icq); $aim = stripslashes($aim); --- 202,214 ---- $user_avatar = ( empty($user_avatar_loc) && $mode == 'editprofile' ) ? $userdata['user_avatar'] : ''; $user_avatar_type = ( empty($user_avatar_loc) && $mode == 'editprofile' ) ? $userdata['user_avatar_type'] : ''; ! if ( (isset($HTTP_POST_VARS['avatargallery']) || isset($HTTP_POST_VARS['submitavatar']) || isset($HTTP_POST_VARS['cancelavatar'])) && (!isset($HTTP_POST_VARS['submit'])) ) { $username = stripslashes($username); $email = stripslashes($email); ! $cur_password = htmlspecialchars(stripslashes($cur_password)); ! $new_password = htmlspecialchars(stripslashes($new_password)); ! $password_confirm = htmlspecialchars(stripslashes($password_confirm)); $icq = stripslashes($icq); $aim = stripslashes($aim); *************** *** 196,202 **** $user_lang = stripslashes($user_lang); $user_dateformat = stripslashes($user_dateformat); ! if ( !isset($HTTP_POST_VARS['cancelavatar'])) { $user_avatar = $user_avatar_local; $user_avatar_type = USER_AVATAR_GALLERY; --- 224,230 ---- $user_lang = stripslashes($user_lang); $user_dateformat = stripslashes($user_dateformat); ! if ( !isset($HTTP_POST_VARS['cancelavatar'])) { $user_avatar = $user_avatar_local; $user_avatar_type = USER_AVATAR_GALLERY; *************** *** 205,210 **** --- 233,248 ---- } // + // Let's make sure the user isn't logged in while registering, + // and ensure that they were trying to register a second time + // (Prevents double registrations) + // + if ($mode == 'register' && ($userdata['session_logged_in'] || $username == $userdata['username'])) + { + message_die(GENERAL_MESSAGE, $lang['Username_taken'], '', __LINE__, __FILE__); + } + + // // Did the user submit? In this case build a query to update the users profile in the DB // if ( isset($HTTP_POST_VARS['submit']) ) *************** *** 227,233 **** $error = TRUE; $error_msg .= ( ( isset($error_msg) ) ? '
' : '' ) . $lang['Fields_empty']; } ! } $passwd_sql = ''; --- 265,321 ---- $error = TRUE; $error_msg .= ( ( isset($error_msg) ) ? '
' : '' ) . $lang['Fields_empty']; } ! } ! ! if ($board_config['enable_confirm'] && $mode == 'register') ! { ! if (empty($HTTP_POST_VARS['confirm_id'])) ! { ! $error = TRUE; ! $error_msg .= ( ( isset($error_msg) ) ? '
' : '' ) . $lang['Confirm_code_wrong']; ! } ! else ! { ! $confirm_id = htmlspecialchars($HTTP_POST_VARS['confirm_id']); ! if (!preg_match('/^[A-Za-z0-9]+$/', $confirm_id)) ! { ! $confirm_id = ''; ! } ! ! $sql = 'SELECT code ! FROM ' . CONFIRM_TABLE . " ! WHERE confirm_id = '$confirm_id' ! AND session_id = '" . $userdata['session_id'] . "'"; ! if (!($result = $db->sql_query($sql))) ! { ! message_die(GENERAL_ERROR, 'Could not obtain confirmation code', __LINE__, __FILE__, $sql); ! } ! ! if ($row = $db->sql_fetchrow($result)) ! { ! if ($row['code'] != $confirm_code) ! { ! $error = TRUE; ! $error_msg .= ( ( isset($error_msg) ) ? '
' : '' ) . $lang['Confirm_code_wrong']; ! } ! else ! { ! $sql = 'DELETE FROM ' . CONFIRM_TABLE . " ! WHERE confirm_id = '$confirm_id' ! AND session_id = '" . $userdata['session_id'] . "'"; ! if (!$db->sql_query($sql)) ! { ! message_die(GENERAL_ERROR, 'Could not delete confirmation code', __LINE__, __FILE__, $sql); ! } ! } ! } ! else ! { ! $error = TRUE; ! $error_msg .= ( ( isset($error_msg) ) ? '
' : '' ) . $lang['Confirm_code_wrong']; ! } ! $db->sql_freeresult($result); ! } } $passwd_sql = ''; *************** *** 247,254 **** { if ( $mode == 'editprofile' ) { ! $sql = "SELECT user_password ! FROM " . USERS_TABLE . " WHERE user_id = $user_id"; if ( !($result = $db->sql_query($sql)) ) { --- 335,342 ---- { if ( $mode == 'editprofile' ) { ! $sql = "SELECT user_password ! FROM " . USERS_TABLE . " WHERE user_id = $user_id"; if ( !($result = $db->sql_query($sql)) ) { *************** *** 263,269 **** $error_msg .= ( ( isset($error_msg) ) ? '
' : '' ) . $lang['Current_password_mismatch']; } } ! if ( !$error ) { $new_password = md5($new_password); --- 351,357 ---- $error_msg .= ( ( isset($error_msg) ) ? '
' : '' ) . $lang['Current_password_mismatch']; } } ! if ( !$error ) { $new_password = md5($new_password); *************** *** 290,300 **** $error = TRUE; $error_msg .= ( ( isset($error_msg) ) ? '
' : '' ) . $result['error_msg']; } ! if ( $mode == 'editprofile' ) { ! $sql = "SELECT user_password ! FROM " . USERS_TABLE . " WHERE user_id = $user_id"; if ( !($result = $db->sql_query($sql)) ) { --- 378,388 ---- $error = TRUE; $error_msg .= ( ( isset($error_msg) ) ? '
' : '' ) . $result['error_msg']; } ! if ( $mode == 'editprofile' ) { ! $sql = "SELECT user_password ! FROM " . USERS_TABLE . " WHERE user_id = $user_id"; if ( !($result = $db->sql_query($sql)) ) { *************** *** 318,335 **** { if ( empty($username) ) { $error = TRUE; - $error_msg .= ( ( isset($error_msg) ) ? '
' : '' ) . $lang['Username_disallowed']; } ! else if ( $username != $userdata['username'] || $mode == 'register' ) { ! $result = validate_username($username); ! if ( $result['error'] ) { ! $error = TRUE; ! $error_msg .= ( ( isset($error_msg) ) ? '
' : '' ) . $result['error_msg']; } ! else { $username_sql = "username = '" . str_replace("\'", "''", $username) . "', "; } --- 406,427 ---- { if ( empty($username) ) { + // Error is already triggered, since one field is empty. $error = TRUE; } ! else if ( $username != $userdata['username'] || $mode == 'register') { ! if (strtolower($username) != strtolower($userdata['username']) || $mode == 'register') { ! $result = validate_username($username); ! if ( $result['error'] ) ! { ! $error = TRUE; ! $error_msg .= ( ( isset($error_msg) ) ? '
' : '' ) . $result['error_msg']; ! } } ! ! if (!$error) { $username_sql = "username = '" . str_replace("\'", "''", $username) . "', "; } *************** *** 351,365 **** $signature = prepare_message($signature, $allowhtml, $allowbbcode, $allowsmilies, $signature_bbcode_uid); } if ( isset($HTTP_POST_VARS['avatardel']) && $mode == 'editprofile' ) { $avatar_sql = user_avatar_delete($userdata['user_avatar_type'], $userdata['user_avatar']); } ! else if ( ( !empty($user_avatar_upload) || !empty($user_avatar_name) ) && $board_config['allow_avatar_upload'] ) { if ( !empty($user_avatar_upload) ) { ! $avatar_mode = ( !empty($user_avatar_name) ) ? 'local' : 'remote'; $avatar_sql = user_avatar_upload($mode, $avatar_mode, $userdata['user_avatar'], $userdata['user_avatar_type'], $error, $error_msg, $user_avatar_upload, $user_avatar_name, $user_avatar_size, $user_avatar_filetype); } else if ( !empty($user_avatar_name) ) --- 443,465 ---- $signature = prepare_message($signature, $allowhtml, $allowbbcode, $allowsmilies, $signature_bbcode_uid); } + if ( $website != '' ) + { + rawurlencode($website); + } + + $avatar_sql = ''; + if ( isset($HTTP_POST_VARS['avatardel']) && $mode == 'editprofile' ) { $avatar_sql = user_avatar_delete($userdata['user_avatar_type'], $userdata['user_avatar']); } ! else ! if ( ( !empty($user_avatar_upload) || !empty($user_avatar_name) ) && $board_config['allow_avatar_upload'] ) { if ( !empty($user_avatar_upload) ) { ! $avatar_mode = (empty($user_avatar_name)) ? 'remote' : 'local'; $avatar_sql = user_avatar_upload($mode, $avatar_mode, $userdata['user_avatar'], $userdata['user_avatar_type'], $error, $error_msg, $user_avatar_upload, $user_avatar_name, $user_avatar_size, $user_avatar_filetype); } else if ( !empty($user_avatar_name) ) *************** *** 372,381 **** --- 472,489 ---- } else if ( $user_avatar_remoteurl != '' && $board_config['allow_avatar_remote'] ) { + if ( @file_exists(@phpbb_realpath('./' . $board_config['avatar_path'] . '/' . $userdata['user_avatar'])) ) + { + @unlink(@phpbb_realpath('./' . $board_config['avatar_path'] . '/' . $userdata['user_avatar'])); + } $avatar_sql = user_avatar_url($mode, $error, $error_msg, $user_avatar_remoteurl); } else if ( $user_avatar_local != '' && $board_config['allow_avatar_local'] ) { + if ( @file_exists(@phpbb_realpath('./' . $board_config['avatar_path'] . '/' . $userdata['user_avatar'])) ) + { + @unlink(@phpbb_realpath('./' . $board_config['avatar_path'] . '/' . $userdata['user_avatar'])); + } $avatar_sql = user_avatar_gallery($mode, $error, $error_msg, $user_avatar_local); } *************** *** 409,415 **** } $sql = "UPDATE " . USERS_TABLE . " ! SET " . $username_sql . $passwd_sql . "user_email = '" . str_replace("\'", "''", $email) ."', user_icq = '" . str_replace("\'", "''", $icq) . "', user_website = '" . str_replace("\'", "''", $website) . "', user_occ = '" . str_replace("\'", "''", $occupation) . "', user_from = '" . str_replace("\'", "''", $location) . "', user_interests = '" . str_replace("\'", "''", $interests) . "', user_sig = '" . str_replace("\'", "''", $signature) . "', user_sig_bbcode_uid = '$signature_bbcode_uid', user_viewemail = $viewemail, user_aim = '" . str_replace("\'", "''", str_replace(' ', '+', $aim)) . "', user_yim = '" . str_replace("\'", "''", $yim) . "', user_msnm = '" . str_replace("\'", "''", $msn) . "', user_attachsig = $attachsig, user_allowsmile = $allowsmilies, user_allowhtml = $allowhtml, user_allowbbcode = $allowbbcode, user_allow_viewonline = $allowviewonline, user_notify = $notifyreply, user_notify_pm = $notifypm, user_popup_pm = $popuppm, user_timezone = $user_timezone, user_dateformat = '" . str_replace("\'", "''", $user_dateformat) . "', user_lang = '" . str_replace("\'", "''", $user_lang) . "', user_style = $user_style, user_active = $user_active, user_actkey = '" . str_replace("\'", "''", $user_actkey) . "'" . $avatar_sql . " WHERE user_id = $user_id"; if ( !($result = $db->sql_query($sql)) ) { --- 517,523 ---- } $sql = "UPDATE " . USERS_TABLE . " ! SET " . $username_sql . $passwd_sql . "user_email = '" . str_replace("\'", "''", $email) ."', user_icq = '" . str_replace("\'", "''", $icq) . "', user_website = '" . str_replace("\'", "''", $website) . "', user_occ = '" . str_replace("\'", "''", $occupation) . "', user_from = '" . str_replace("\'", "''", $location) . "', user_interests = '" . str_replace("\'", "''", $interests) . "', user_sig = '" . str_replace("\'", "''", $signature) . "', user_sig_bbcode_uid = '$signature_bbcode_uid', user_viewemail = $viewemail, user_aim = '" . str_replace("\'", "''", str_replace(' ', '+', $aim)) . "', user_yim = '" . str_replace("\'", "''", $yim) . "', user_msnm = '" . str_replace("\'", "''", $msn) . "', user_attachsig = $attachsig, user_allowsmile = $allowsmilies, user_allowhtml = $allowhtml, user_allowbbcode = $allowbbcode, user_allow_viewonline = $allowviewonline, user_notify = $notifyreply, user_notify_pm = $notifypm, user_popup_pm = $popup_pm, user_timezone = $user_timezone, user_dateformat = '" . str_replace("\'", "''", $user_dateformat) . "', user_lang = '" . str_replace("\'", "''", $user_lang) . "', user_style = $user_style, user_active = $user_active, user_actkey = '" . str_replace("\'", "''", $user_actkey) . "'" . $avatar_sql . " WHERE user_id = $user_id"; if ( !($result = $db->sql_query($sql)) ) { *************** *** 424,440 **** include($phpbb_root_path . 'includes/emailer.'.$phpEx); $emailer = new emailer($board_config['smtp_delivery']); ! $email_headers = "From: " . $board_config['board_email'] . "\nReturn-Path: " . $board_config['board_email'] . "\n"; $emailer->use_template('user_activate', stripslashes($user_lang)); $emailer->email_address($email); ! $emailer->set_subject();//$lang['Reactivate'] ! $emailer->extra_headers($email_headers); $emailer->assign_vars(array( 'SITENAME' => $board_config['sitename'], ! 'USERNAME' => $username, ! 'EMAIL_SIG' => str_replace('
', "\n", "-- \n" . $board_config['board_email_sig']), 'U_ACTIVATE' => $server_url . '?mode=activate&' . POST_USERS_URL . '=' . $user_id . '&act_key=' . $user_actkey) ); --- 532,548 ---- include($phpbb_root_path . 'includes/emailer.'.$phpEx); $emailer = new emailer($board_config['smtp_delivery']); ! $emailer->from($board_config['board_email']); ! $emailer->replyto($board_config['board_email']); $emailer->use_template('user_activate', stripslashes($user_lang)); $emailer->email_address($email); ! $emailer->set_subject($lang['Reactivate']); $emailer->assign_vars(array( 'SITENAME' => $board_config['sitename'], ! 'USERNAME' => preg_replace($unhtml_specialchars_match, $unhtml_specialchars_replace, substr(str_replace("\'", "'", $username), 0, 25)), ! 'EMAIL_SIG' => (!empty($board_config['board_email_sig'])) ? str_replace('
', "\n", "-- \n" . $board_config['board_email_sig']) : '', 'U_ACTIVATE' => $server_url . '?mode=activate&' . POST_USERS_URL . '=' . $user_id . '&act_key=' . $user_actkey) ); *************** *** 469,492 **** } $user_id = $row['total'] + 1; - $sql = "SELECT MAX(group_id) AS total - FROM " . GROUPS_TABLE; - if ( !($result = $db->sql_query($sql)) ) - { - message_die(GENERAL_ERROR, 'Could not obtain next user_id information', '', __LINE__, __FILE__, $sql); - } - - if ( !($row = $db->sql_fetchrow($result)) ) - { - message_die(GENERAL_ERROR, 'Could not obtain next user_id information', '', __LINE__, __FILE__, $sql); - } - $group_id = $row['total'] + 1; - // // Get current date // $sql = "INSERT INTO " . USERS_TABLE . " (user_id, username, user_regdate, user_password, user_email, user_icq, user_website, user_occ, user_from, user_interests, user_sig, user_sig_bbcode_uid, user_avatar, user_avatar_type, user_viewemail, user_aim, user_yim, user_msnm, user_attachsig, user_allowsmile, user_allowhtml, user_allowbbcode, user_allow_viewonline, user_notify, user_notify_pm, user_popup_pm, user_timezone, user_dateformat, user_lang, user_style, user_level, user_allow_pm, user_active, user_actkey) ! VALUES ($user_id, '" . str_replace("\'", "''", $username) . "', " . time() . ", '" . str_replace("\'", "''", $new_password) . "', '" . str_replace("\'", "''", $email) . "', '" . str_replace("\'", "''", $icq) . "', '" . str_replace("\'", "''", $website) . "', '" . str_replace("\'", "''", $occupation) . "', '" . str_replace("\'", "''", $location) . "', '" . str_replace("\'", "''", $interests) . "', '" . str_replace("\'", "''", $signature) . "', '$signature_bbcode_uid', $avatar_sql, $viewemail, '" . str_replace("\'", "''", str_replace(' ', '+', $aim)) . "', '" . str_replace("\'", "''", $yim) . "', '" . str_replace("\'", "''", $msn) . "', $attachsig, $allowsmilies, $allowhtml, $allowbbcode, $allowviewonline, $notifyreply, $notifypm, $popuppm, $user_timezone, '" . str_replace("\'", "''", $user_dateformat) . "', '" . str_replace("\'", "''", $user_lang) . "', $user_style, 0, 1, "; if ( $board_config['require_activation'] == USER_ACTIVATION_SELF || $board_config['require_activation'] == USER_ACTIVATION_ADMIN || $coppa ) { $user_actkey = gen_rand_string(true); --- 577,587 ---- } $user_id = $row['total'] + 1; // // Get current date // $sql = "INSERT INTO " . USERS_TABLE . " (user_id, username, user_regdate, user_password, user_email, user_icq, user_website, user_occ, user_from, user_interests, user_sig, user_sig_bbcode_uid, user_avatar, user_avatar_type, user_viewemail, user_aim, user_yim, user_msnm, user_attachsig, user_allowsmile, user_allowhtml, user_allowbbcode, user_allow_viewonline, user_notify, user_notify_pm, user_popup_pm, user_timezone, user_dateformat, user_lang, user_style, user_level, user_allow_pm, user_active, user_actkey) ! VALUES ($user_id, '" . str_replace("\'", "''", $username) . "', " . time() . ", '" . str_replace("\'", "''", $new_password) . "', '" . str_replace("\'", "''", $email) . "', '" . str_replace("\'", "''", $icq) . "', '" . str_replace("\'", "''", $website) . "', '" . str_replace("\'", "''", $occupation) . "', '" . str_replace("\'", "''", $location) . "', '" . str_replace("\'", "''", $interests) . "', '" . str_replace("\'", "''", $signature) . "', '$signature_bbcode_uid', $avatar_sql, $viewemail, '" . str_replace("\'", "''", str_replace(' ', '+', $aim)) . "', '" . str_replace("\'", "''", $yim) . "', '" . str_replace("\'", "''", $msn) . "', $attachsig, $allowsmilies, $allowhtml, $allowbbcode, $allowviewonline, $notifyreply, $notifypm, $popup_pm, $user_timezone, '" . str_replace("\'", "''", $user_dateformat) . "', '" . str_replace("\'", "''", $user_lang) . "', $user_style, 0, 1, "; if ( $board_config['require_activation'] == USER_ACTIVATION_SELF || $board_config['require_activation'] == USER_ACTIVATION_ADMIN || $coppa ) { $user_actkey = gen_rand_string(true); *************** *** 505,517 **** message_die(GENERAL_ERROR, 'Could not insert data into users table', '', __LINE__, __FILE__, $sql); } ! $sql = "INSERT INTO " . GROUPS_TABLE . " (group_id, group_name, group_description, group_single_user, group_moderator) ! VALUES ($group_id, '', 'Personal User', 1, 0)"; if ( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, 'Could not insert data into groups table', '', __LINE__, __FILE__, $sql); } $sql = "INSERT INTO " . USER_GROUP_TABLE . " (user_id, group_id, user_pending) VALUES ($user_id, $group_id, 0)"; if( !($result = $db->sql_query($sql, END_TRANSACTION)) ) --- 600,614 ---- message_die(GENERAL_ERROR, 'Could not insert data into users table', '', __LINE__, __FILE__, $sql); } ! $sql = "INSERT INTO " . GROUPS_TABLE . " (group_name, group_description, group_single_user, group_moderator) ! VALUES ('', 'Personal User', 1, 0)"; if ( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, 'Could not insert data into groups table', '', __LINE__, __FILE__, $sql); } + $group_id = $db->sql_nextid(); + $sql = "INSERT INTO " . USER_GROUP_TABLE . " (user_id, group_id, user_pending) VALUES ($user_id, $group_id, 0)"; if( !($result = $db->sql_query($sql, END_TRANSACTION)) ) *************** *** 543,561 **** include($phpbb_root_path . 'includes/emailer.'.$phpEx); $emailer = new emailer($board_config['smtp_delivery']); ! $email_headers = "From: " . $board_config['board_email'] . "\nReturn-Path: " . $board_config['board_email'] . "\n"; $emailer->use_template($email_template, stripslashes($user_lang)); $emailer->email_address($email); ! $emailer->set_subject();//sprintf($lang['Welcome_subject'], $board_config['sitename']) ! $emailer->extra_headers($email_headers); if( $coppa ) { $emailer->assign_vars(array( ! 'SITENAME' => $board_config['sitename'], 'WELCOME_MSG' => sprintf($lang['Welcome_subject'], $board_config['sitename']), ! 'USERNAME' => $username, 'PASSWORD' => $password_confirm, 'EMAIL_SIG' => str_replace('
', "\n", "-- \n" . $board_config['board_email_sig']), --- 640,658 ---- include($phpbb_root_path . 'includes/emailer.'.$phpEx); $emailer = new emailer($board_config['smtp_delivery']); ! $emailer->from($board_config['board_email']); ! $emailer->replyto($board_config['board_email']); $emailer->use_template($email_template, stripslashes($user_lang)); $emailer->email_address($email); ! $emailer->set_subject(sprintf($lang['Welcome_subject'], $board_config['sitename'])); if( $coppa ) { $emailer->assign_vars(array( ! 'SITENAME' => $board_config['sitename'], 'WELCOME_MSG' => sprintf($lang['Welcome_subject'], $board_config['sitename']), ! 'USERNAME' => preg_replace($unhtml_specialchars_match, $unhtml_specialchars_replace, substr(str_replace("\'", "'", $username), 0, 25)), 'PASSWORD' => $password_confirm, 'EMAIL_SIG' => str_replace('
', "\n", "-- \n" . $board_config['board_email_sig']), *************** *** 575,583 **** else { $emailer->assign_vars(array( ! 'SITENAME' => $board_config['sitename'], 'WELCOME_MSG' => sprintf($lang['Welcome_subject'], $board_config['sitename']), ! 'USERNAME' => $username, 'PASSWORD' => $password_confirm, 'EMAIL_SIG' => str_replace('
', "\n", "-- \n" . $board_config['board_email_sig']), --- 672,680 ---- else { $emailer->assign_vars(array( ! 'SITENAME' => $board_config['sitename'], 'WELCOME_MSG' => sprintf($lang['Welcome_subject'], $board_config['sitename']), ! 'USERNAME' => preg_replace($unhtml_specialchars_match, $unhtml_specialchars_replace, substr(str_replace("\'", "'", $username), 0, 25)), 'PASSWORD' => $password_confirm, 'EMAIL_SIG' => str_replace('
', "\n", "-- \n" . $board_config['board_email_sig']), *************** *** 590,608 **** if ( $board_config['require_activation'] == USER_ACTIVATION_ADMIN ) { ! $emailer->use_template("admin_activate", stripslashes($user_lang)); ! $emailer->email_address($board_config['board_email']); ! $emailer->set_subject(); //$lang['New_account_subject'] ! $emailer->extra_headers($email_headers); ! ! $emailer->assign_vars(array( ! 'USERNAME' => $username, ! 'EMAIL_SIG' => str_replace('
', "\n", "-- \n" . $board_config['board_email_sig']), ! ! 'U_ACTIVATE' => $server_url . '?mode=activate&' . POST_USERS_URL . '=' . $user_id . '&act_key=' . $user_actkey) ! ); ! $emailer->send(); ! $emailer->reset(); } $message = $message . '

' . sprintf($lang['Click_return_index'], '', ''); --- 687,720 ---- if ( $board_config['require_activation'] == USER_ACTIVATION_ADMIN ) { ! $sql = "SELECT user_email, user_lang ! FROM " . USERS_TABLE . " ! WHERE user_level = " . ADMIN; ! ! if ( !($result = $db->sql_query($sql)) ) ! { ! message_die(GENERAL_ERROR, 'Could not select Administrators', '', __LINE__, __FILE__, $sql); ! } ! ! while ($row = $db->sql_fetchrow($result)) ! { ! $emailer->from($board_config['board_email']); ! $emailer->replyto($board_config['board_email']); ! ! $emailer->email_address(trim($row['user_email'])); ! $emailer->use_template("admin_activate", $row['user_lang']); ! $emailer->set_subject($lang['New_account_subject']); ! ! $emailer->assign_vars(array( ! 'USERNAME' => preg_replace($unhtml_specialchars_match, $unhtml_specialchars_replace, substr(str_replace("\'", "'", $username), 0, 25)), ! 'EMAIL_SIG' => str_replace('
', "\n", "-- \n" . $board_config['board_email_sig']), ! ! 'U_ACTIVATE' => $server_url . '?mode=activate&' . POST_USERS_URL . '=' . $user_id . '&act_key=' . $user_actkey) ! ); ! $emailer->send(); ! $emailer->reset(); ! } ! $db->sql_freeresult($result); } $message = $message . '

' . sprintf($lang['Click_return_index'], '', ''); *************** *** 617,638 **** { // // If an error occured we need to stripslashes on returned data ! // $username = stripslashes($username); $email = stripslashes($email); $new_password = ''; $password_confirm = ''; $icq = stripslashes($icq); ! $aim = htmlspecialchars(str_replace('+', ' ', stripslashes($aim))); ! $msn = htmlspecialchars(stripslashes($msn)); ! $yim = htmlspecialchars(stripslashes($yim)); ! ! $website = htmlspecialchars(stripslashes($website)); ! $location = htmlspecialchars(stripslashes($location)); ! $occupation = htmlspecialchars(stripslashes($occupation)); ! $interests = htmlspecialchars(stripslashes($interests)); $signature = stripslashes($signature); $user_lang = stripslashes($user_lang); $user_dateformat = stripslashes($user_dateformat); --- 729,751 ---- { // // If an error occured we need to stripslashes on returned data ! // $username = stripslashes($username); $email = stripslashes($email); $new_password = ''; $password_confirm = ''; $icq = stripslashes($icq); ! $aim = str_replace('+', ' ', stripslashes($aim)); ! $msn = stripslashes($msn); ! $yim = stripslashes($yim); ! ! $website = stripslashes($website); ! $location = stripslashes($location); ! $occupation = stripslashes($occupation); ! $interests = stripslashes($interests); $signature = stripslashes($signature); + $signature = ($signature_bbcode_uid != '') ? preg_replace("/:(([a-z0-9]+:)?)$signature_bbcode_uid(=|\])/si", '\\3', $signature) : $signature; $user_lang = stripslashes($user_lang); $user_dateformat = stripslashes($user_dateformat); *************** *** 641,666 **** else if ( $mode == 'editprofile' && !isset($HTTP_POST_VARS['avatargallery']) && !isset($HTTP_POST_VARS['submitavatar']) && !isset($HTTP_POST_VARS['cancelavatar']) ) { $user_id = $userdata['user_id']; ! $username = htmlspecialchars($userdata['username']); $email = $userdata['user_email']; $new_password = ''; $password_confirm = ''; $icq = $userdata['user_icq']; ! $aim = htmlspecialchars(str_replace('+', ' ', $userdata['user_aim'])); ! $msn = htmlspecialchars($userdata['user_msnm']); ! $yim = htmlspecialchars($userdata['user_yim']); ! ! $website = htmlspecialchars($userdata['user_website']); ! $location = htmlspecialchars($userdata['user_from']); ! $occupation = htmlspecialchars($userdata['user_occ']); ! $interests = htmlspecialchars($userdata['user_interests']); $signature_bbcode_uid = $userdata['user_sig_bbcode_uid']; ! $signature = ( $signature_bbcode_uid != '' ) ? preg_replace("/:(([a-z0-9]+:)?)$signature_bbcode_uid\]/si", ']', $userdata['user_sig']) : $userdata['user_sig']; $viewemail = $userdata['user_viewemail']; $notifypm = $userdata['user_notify_pm']; ! $popuppm = $userdata['user_popup_pm']; $notifyreply = $userdata['user_notify']; $attachsig = $userdata['user_attachsig']; $allowhtml = $userdata['user_allowhtml']; --- 754,779 ---- else if ( $mode == 'editprofile' && !isset($HTTP_POST_VARS['avatargallery']) && !isset($HTTP_POST_VARS['submitavatar']) && !isset($HTTP_POST_VARS['cancelavatar']) ) { $user_id = $userdata['user_id']; ! $username = $userdata['username']; $email = $userdata['user_email']; $new_password = ''; $password_confirm = ''; $icq = $userdata['user_icq']; ! $aim = str_replace('+', ' ', $userdata['user_aim']); ! $msn = $userdata['user_msnm']; ! $yim = $userdata['user_yim']; ! ! $website = $userdata['user_website']; ! $location = $userdata['user_from']; ! $occupation = $userdata['user_occ']; ! $interests = $userdata['user_interests']; $signature_bbcode_uid = $userdata['user_sig_bbcode_uid']; ! $signature = ($signature_bbcode_uid != '') ? preg_replace("/:(([a-z0-9]+:)?)$signature_bbcode_uid(=|\])/si", '\\3', $userdata['user_sig']) : $userdata['user_sig']; $viewemail = $userdata['user_viewemail']; $notifypm = $userdata['user_notify_pm']; ! $popup_pm = $userdata['user_popup_pm']; $notifyreply = $userdata['user_notify']; $attachsig = $userdata['user_attachsig']; $allowhtml = $userdata['user_allowhtml']; *************** *** 697,703 **** { include($phpbb_root_path . 'includes/usercp_avatar.'.$phpEx); ! $avatar_category = ( !empty($HTTP_POST_VARS['avatarcategory']) ) ? $HTTP_POST_VARS['avatarcategory'] : ''; $template->set_filenames(array( 'body' => 'profile_avatar_gallery.tpl') --- 810,816 ---- { include($phpbb_root_path . 'includes/usercp_avatar.'.$phpEx); ! $avatar_category = ( !empty($HTTP_POST_VARS['avatarcategory']) ) ? htmlspecialchars($HTTP_POST_VARS['avatarcategory']) : ''; $template->set_filenames(array( 'body' => 'profile_avatar_gallery.tpl') *************** *** 705,711 **** $allowviewonline = !$allowviewonline; ! display_avatar_gallery($mode, $avatar_category, $user_id, $email, $current_email, $coppa, $username, $email, &$new_password, &$cur_password, $password_confirm, $icq, $aim, $msn, $yim, $website, $location, $occupation, $interests, $signature, $viewemail, $notifypm, $popuppm, $notifyreply, $attachsig, $allowhtml, $allowbbcode, $allowsmilies, $allowviewonline, $user_style, $user_lang, $user_timezone, $user_dateformat); } else { --- 818,824 ---- $allowviewonline = !$allowviewonline; ! display_avatar_gallery($mode, $avatar_category, $user_id, $email, $current_email, $coppa, $username, $email, &$new_password, &$cur_password, $password_confirm, $icq, $aim, $msn, $yim, $website, $location, $occupation, $interests, $signature, $viewemail, $notifypm, $popup_pm, $notifyreply, $attachsig, $allowhtml, $allowbbcode, $allowsmilies, $allowviewonline, $user_style, $user_lang, $user_timezone, $user_dateformat, $userdata['session_id']); } else { *************** *** 778,796 **** $template->assign_block_vars('switch_edit_profile', array()); } // // Let's do an overall check for settings/versions which would prevent // us from doing file uploads.... // $ini_val = ( phpversion() >= '4.0.0' ) ? 'ini_get' : 'get_cfg_var'; $form_enctype = ( @$ini_val('file_uploads') == '0' || strtolower(@$ini_val('file_uploads') == 'off') || phpversion() == '4.0.4pl1' || !$board_config['allow_avatar_upload'] || ( phpversion() < '4.0.3' && @$ini_val('open_basedir') != '' ) ) ? '' : 'enctype="multipart/form-data"'; ! $template->assign_vars(array( ! 'U