diff -crN phpbb203/admin/admin_board.php phpbb2017/admin/admin_board.php *** phpbb203/admin/admin_board.php Sat Jul 10 20:16:18 2004 --- phpbb2017/admin/admin_board.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_board.php,v 1.51.2.1 2002/05/12 00:47:39 psotfx Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_board.php,v 1.51.2.9 2004/11/18 17:49:33 acydburn Exp $ * * ***************************************************************************/ *************** *** 16,22 **** if( !empty($setmodules) ) { $file = basename(__FILE__); ! $module['General']['Configuration'] = "$file?mode=config"; return; } --- 16,22 ---- if( !empty($setmodules) ) { $file = basename(__FILE__); ! $module['General']['Configuration'] = "$file"; return; } *************** *** 43,52 **** { $config_name = $row['config_name']; $config_value = $row['config_value']; ! $default_config[$config_name] = $config_value; $new[$config_name] = ( isset($HTTP_POST_VARS[$config_name]) ) ? $HTTP_POST_VARS[$config_name] : $default_config[$config_name]; if( isset($HTTP_POST_VARS['submit']) ) { $sql = "UPDATE " . CONFIG_TABLE . " SET --- 43,57 ---- { $config_name = $row['config_name']; $config_value = $row['config_value']; ! $default_config[$config_name] = isset($HTTP_POST_VARS['submit']) ? str_replace("'", "\'", $config_value) : $config_value; $new[$config_name] = ( isset($HTTP_POST_VARS[$config_name]) ) ? $HTTP_POST_VARS[$config_name] : $default_config[$config_name]; + if ($config_name == 'cookie_name') + { + $cookie_name = str_replace('.', '_', $new['cookie_name']); + } + if( isset($HTTP_POST_VARS['submit']) ) { $sql = "UPDATE " . CONFIG_TABLE . " SET *************** *** 68,74 **** } $style_select = style_select($new['default_style'], 'default_style', "../templates"); ! $lang_select = language_select($new['default_lang'], 'default_lang', "../language"); $timezone_select = tz_select($new['board_timezone'], 'board_timezone'); $disable_board_yes = ( $new['board_disable'] ) ? "checked=\"checked\"" : ""; --- 73,79 ---- } $style_select = style_select($new['default_style'], 'default_style', "../templates"); ! $lang_select = language_select($new['default_lang'], 'default_lang', "language"); $timezone_select = tz_select($new['board_timezone'], 'board_timezone'); $disable_board_yes = ( $new['board_disable'] ) ? "checked=\"checked\"" : ""; *************** *** 92,97 **** --- 97,105 ---- $activation_user = ( $new['require_activation'] == USER_ACTIVATION_SELF ) ? "checked=\"checked\"" : ""; $activation_admin = ( $new['require_activation'] == USER_ACTIVATION_ADMIN ) ? "checked=\"checked\"" : ""; + $confirm_yes = ($new['enable_confirm']) ? 'checked="checked"' : ''; + $confirm_no = (!$new['enable_confirm']) ? 'checked="checked"' : ''; + $board_email_form_yes = ( $new['board_email_form'] ) ? "checked=\"checked\"" : ""; $board_email_form_no = ( !$new['board_email_form'] ) ? "checked=\"checked\"" : ""; *************** *** 155,160 **** --- 163,170 ---- "L_NONE" => $lang['Acc_None'], "L_USER" => $lang['Acc_User'], "L_ADMIN" => $lang['Acc_Admin'], + "L_VISUAL_CONFIRM" => $lang['Visual_confirm'], + "L_VISUAL_CONFIRM_EXPLAIN" => $lang['Visual_confirm_explain'], "L_COOKIE_SETTINGS" => $lang['Cookie_settings'], "L_COOKIE_SETTINGS_EXPLAIN" => $lang['Cookie_settings_explain'], "L_COOKIE_DOMAIN" => $lang['Cookie_domain'], *************** *** 242,247 **** --- 252,260 ---- "ACTIVATION_USER_CHECKED" => $activation_user, "ACTIVATION_ADMIN" => USER_ACTIVATION_ADMIN, "ACTIVATION_ADMIN_CHECKED" => $activation_admin, + "CONFIRM_ENABLE" => $confirm_yes, + "CONFIRM_DISABLE" => $confirm_no, + "ACTIVATION_NONE_CHECKED" => $activation_none, "BOARD_EMAIL_FORM_ENABLE" => $board_email_form_yes, "BOARD_EMAIL_FORM_DISABLE" => $board_email_form_no, "MAX_POLL_OPTIONS" => $new['max_poll_options'], diff -crN phpbb203/admin/admin_db_utilities.php phpbb2017/admin/admin_db_utilities.php *** phpbb203/admin/admin_db_utilities.php Sat Jul 10 20:16:19 2004 --- phpbb2017/admin/admin_db_utilities.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_db_utilities.php,v 1.42.2.5 2002/06/27 21:26:46 dougk_ff7 Exp $ * ****************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_db_utilities.php,v 1.42.2.11 2005/02/21 18:36:49 acydburn Exp $ * ****************************************************************************/ *************** *** 34,49 **** { $filename = basename(__FILE__); $module['General']['Backup_DB'] = $filename . "?perform=backup"; - if(@phpversion() >= '4.0.0') - { - $file_uploads = @ini_get('file_uploads'); - } - else - { - $file_uploads = @get_cfg_var('file_uploads'); - } ! if( ($file_uploads != 0 || empty($file_uploads)) && (strtolower($file_uploads) != 'off') && (@phpversion() != '4.0.4pl1') ) { $module['General']['Restore_DB'] = $filename . "?perform=restore"; } --- 34,43 ---- { $filename = basename(__FILE__); $module['General']['Backup_DB'] = $filename . "?perform=backup"; ! $file_uploads = (@phpversion() >= '4.0.0') ? @ini_get('file_uploads') : @get_cfg_var('file_uploads'); ! ! if( (empty($file_uploads) || $file_uploads != 0) && (strtolower($file_uploads) != 'off') && (@phpversion() != '4.0.4pl1') ) { $module['General']['Restore_DB'] = $filename . "?perform=restore"; } *************** *** 572,657 **** function get_table_content_mysql($table, $handler) { global $db; - // - // Grab the data from the table. - // - $result = $db->sql_query("SELECT * FROM $table"); ! if (!$result) { message_die(GENERAL_ERROR, "Failed in get_table_content (select *)", "", __LINE__, __FILE__, "SELECT * FROM $table"); } - if($db->sql_numrows($result) > 0) - { - $schema_insert = "\n#\n# Table Data for $table\n#\n"; - } - else - { - $schema_insert = ""; - } - - $handler($schema_insert); - - // // Loop through the resulting rows and build the sql statement. ! // ! ! while ($row = $db->sql_fetchrow($result)) { ! $table_list = '('; ! $num_fields = $db->sql_numfields($result); ! // // Grab the list of field names. ! // for ($j = 0; $j < $num_fields; $j++) { ! $table_list .= $db->sql_fieldname($j, $result) . ', '; } - // - // Get rid of the last comma - // - $table_list = ereg_replace(', $', '', $table_list); $table_list .= ')'; ! // ! // Start building the SQL statement. ! // ! $schema_insert = "INSERT INTO $table $table_list VALUES("; ! // ! // Loop through the rows and fill in data for each column ! // ! for ($j = 0; $j < $num_fields; $j++) { ! if(!isset($row[$j])) ! { ! // ! // If there is no data for the column set it to null. ! // There was a problem here with an extra space causing the ! // sql file not to reimport if the last column was null in ! // any table. Should be fixed now :) JLH ! // ! $schema_insert .= ' NULL,'; ! } ! elseif ($row[$j] != '') ! { ! $schema_insert .= ' \'' . addslashes($row[$j]) . '\','; ! } ! else { ! $schema_insert .= '\'\','; } - } - // - // Get rid of the the last comma. - // - $schema_insert = ereg_replace(',$', '', $schema_insert); - $schema_insert .= ');'; - // - // Go ahead and send the insert statement to the handler function. - // - $handler(trim($schema_insert)); } return(true); } --- 566,634 ---- function get_table_content_mysql($table, $handler) { global $db; ! // Grab the data from the table. ! if (!($result = $db->sql_query("SELECT * FROM $table"))) { message_die(GENERAL_ERROR, "Failed in get_table_content (select *)", "", __LINE__, __FILE__, "SELECT * FROM $table"); } // Loop through the resulting rows and build the sql statement. ! if ($row = $db->sql_fetchrow($result)) { ! $handler("\n#\n# Table Data for $table\n#\n"); ! $field_names = array(); ! // Grab the list of field names. ! $num_fields = $db->sql_numfields($result); ! $table_list = '('; for ($j = 0; $j < $num_fields; $j++) { ! $field_names[$j] = $db->sql_fieldname($j, $result); ! $table_list .= (($j > 0) ? ', ' : '') . $field_names[$j]; ! } $table_list .= ')'; ! ! do { ! // Start building the SQL statement. ! $schema_insert = "INSERT INTO $table $table_list VALUES("; ! ! // Loop through the rows and fill in data for each column ! for ($j = 0; $j < $num_fields; $j++) { ! $schema_insert .= ($j > 0) ? ', ' : ''; ! ! if(!isset($row[$field_names[$j]])) ! { ! // ! // If there is no data for the column set it to null. ! // There was a problem here with an extra space causing the ! // sql file not to reimport if the last column was null in ! // any table. Should be fixed now :) JLH ! // ! $schema_insert .= 'NULL'; ! } ! elseif ($row[$field_names[$j]] != '') ! { ! $schema_insert .= '\'' . addslashes($row[$field_names[$j]]) . '\''; ! } ! else ! { ! $schema_insert .= '\'\''; ! } } + $schema_insert .= ');'; + + // Go ahead and send the insert statement to the handler function. + $handler(trim($schema_insert)); + + } + while ($row = $db->sql_fetchrow($result)); } + return(true); } *************** *** 672,678 **** // // Begin program proper // - if( isset($HTTP_GET_VARS['perform']) || isset($HTTP_POST_VARS['perform']) ) { $perform = (isset($HTTP_POST_VARS['perform'])) ? $HTTP_POST_VARS['perform'] : $HTTP_GET_VARS['perform']; --- 649,654 ---- *************** *** 681,701 **** { case 'backup': ! if( SQL_LAYER == 'oracle' || SQL_LAYER == 'odbc' || SQL_LAYER == 'mssql' ) { ! switch(SQL_LAYER) ! { ! case 'oracle': ! $db_type = "Oracle"; ! break; ! case 'odbc': ! $db_type = "ODBC"; ! break; ! case 'mssql': ! $db_type = "MSSQL"; ! break; ! } include('./page_header_admin.'.$phpEx); $template->set_filenames(array( --- 657,682 ---- { case 'backup': ! $error = false; ! switch(SQL_LAYER) { ! case 'oracle': ! $error = true; ! break; ! case 'db2': ! $error = true; ! break; ! case 'msaccess': ! $error = true; ! break; ! case 'mssql': ! case 'mssql-odbc': ! $error = true; ! break; ! } + if ($error) + { include('./page_header_admin.'.$phpEx); $template->set_filenames(array( *************** *** 709,719 **** $template->pparse("body"); ! break; } ! $tables = array('auth_access', 'banlist', 'categories', 'config', 'disallow', 'forums', 'forum_prune', 'groups', 'posts', 'posts_text', 'privmsgs', 'privmsgs_text', 'ranks', 'search_results', 'search_wordlist', 'search_wordmatch', 'sessions', 'smilies', 'themes', 'themes_name', 'topics', 'topics_watch', 'user_group', 'users', 'vote_desc', 'vote_results', 'vote_voters', 'words'); ! $additional_tables = (isset($HTTP_POST_VARS['additional_tables'])) ? $HTTP_POST_VARS['additional_tables'] : ( (isset($HTTP_GET_VARS['additional_tables'])) ? $HTTP_GET_VARS['additional_tables'] : "" ); --- 690,699 ---- $template->pparse("body"); ! include('./page_footer_admin.'.$phpEx); } ! $tables = array('auth_access', 'banlist', 'categories', 'config', 'disallow', 'forums', 'forum_prune', 'groups', 'posts', 'posts_text', 'privmsgs', 'privmsgs_text', 'ranks', 'search_results', 'search_wordlist', 'search_wordmatch', 'sessions', 'smilies', 'themes', 'themes_name', 'topics', 'topics_watch', 'user_group', 'users', 'vote_desc', 'vote_results', 'vote_voters', 'words', 'confirm'); $additional_tables = (isset($HTTP_POST_VARS['additional_tables'])) ? $HTTP_POST_VARS['additional_tables'] : ( (isset($HTTP_GET_VARS['additional_tables'])) ? $HTTP_GET_VARS['additional_tables'] : "" ); *************** *** 721,726 **** --- 701,708 ---- $gzipcompress = (!empty($HTTP_POST_VARS['gzipcompress'])) ? $HTTP_POST_VARS['gzipcompress'] : ( (!empty($HTTP_GET_VARS['gzipcompress'])) ? $HTTP_GET_VARS['gzipcompress'] : 0 ); + $drop = (!empty($HTTP_POST_VARS['drop'])) ? intval($HTTP_POST_VARS['drop']) : ( (!empty($HTTP_GET_VARS['drop'])) ? intval($HTTP_GET_VARS['drop']) : 0 ); + if(!empty($additional_tables)) { if(ereg(",", $additional_tables)) *************** *** 780,786 **** ); $template->assign_vars(array( ! "META" => "", "MESSAGE_TITLE" => $lang['Database_Utilities'] . " : " . $lang['Backup'], "MESSAGE_TEXT" => $lang['Backup_download']) --- 762,768 ---- ); $template->assign_vars(array( ! "META" => '', "MESSAGE_TITLE" => $lang['Database_Utilities'] . " : " . $lang['Backup'], "MESSAGE_TEXT" => $lang['Backup_download']) *************** *** 836,850 **** for($i = 0; $i < count($tables); $i++) { $table_name = $tables[$i]; ! if(SQL_LAYER != 'mysql4') ! { ! $table_def_function = "get_table_def_" . SQL_LAYER; ! $table_content_function = "get_table_content_" . SQL_LAYER; ! } ! else { ! $table_def_function = "get_table_def_mysql"; ! $table_content_function = "get_table_content_mysql"; } if($backup_type != 'data') --- 818,836 ---- for($i = 0; $i < count($tables); $i++) { $table_name = $tables[$i]; ! ! switch (SQL_LAYER) { ! case 'postgresql': ! $table_def_function = "get_table_def_postgresql"; ! $table_content_function = "get_table_content_postgresql"; ! break; ! ! case 'mysql': ! case 'mysql4': ! $table_def_function = "get_table_def_mysql"; ! $table_content_function = "get_table_content_mysql"; ! break; } if($backup_type != 'data') *************** *** 872,878 **** break; case 'restore': ! if(!isset($restore_start)) { // // Define Template files... --- 858,864 ---- break; case 'restore': ! if(!isset($HTTP_POST_VARS['restore_start'])) { // // Define Template files... *************** *** 919,925 **** // a hackers attempt at getting us to process a local system // file. // ! if( file_exists($backup_file_tmpname) ) { if( preg_match("/^(text\/[a-zA-Z]+)|(application\/(x\-)?gzip(\-compressed)?)|(application\/octet-stream)$/is", $backup_file_type) ) { --- 905,911 ---- // a hackers attempt at getting us to process a local system // file. // ! if( file_exists(phpbb_realpath($backup_file_tmpname)) ) { if( preg_match("/^(text\/[a-zA-Z]+)|(application\/(x\-)?gzip(\-compressed)?)|(application\/octet-stream)$/is", $backup_file_type) ) { diff -crN phpbb203/admin/admin_disallow.php phpbb2017/admin/admin_disallow.php *** phpbb203/admin/admin_disallow.php Sat Jul 10 20:16:19 2004 --- phpbb2017/admin/admin_disallow.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_disallow.php,v 1.9.2.1 2002/05/12 00:47:40 psotfx Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_disallow.php,v 1.9.2.2 2002/11/26 11:42:11 psotfx Exp $ * * ***************************************************************************/ *************** *** 41,48 **** { include($phpbb_root_path . 'includes/functions_validate.'.$phpEx); ! $disallowed_user = ( isset($HTTP_POST_VARS['disallowed_user']) ) ? $HTTP_POST_VARS['disallowed_user'] : $HTTP_GET_VARS['disallowed_user']; if( !validate_username($disallowed_user) ) { $message = $lang['Disallowed_already']; --- 41,52 ---- { include($phpbb_root_path . 'includes/functions_validate.'.$phpEx); ! $disallowed_user = ( isset($HTTP_POST_VARS['disallowed_user']) ) ? trim($HTTP_POST_VARS['disallowed_user']) : trim($HTTP_GET_VARS['disallowed_user']); + if ($disallowed_user == '') + { + message_die(MESSAGE, $lang['Fields_empty']); + } if( !validate_username($disallowed_user) ) { $message = $lang['Disallowed_already']; diff -crN phpbb203/admin/admin_forum_prune.php phpbb2017/admin/admin_forum_prune.php *** phpbb203/admin/admin_forum_prune.php Sat Jul 10 20:16:18 2004 --- phpbb2017/admin/admin_forum_prune.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_forum_prune.php,v 1.22.2.2 2002/05/12 15:57:44 psotfx Exp $ * ****************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_forum_prune.php,v 1.22.2.3 2002/12/18 14:14:07 psotfx Exp $ * ****************************************************************************/ *************** *** 168,176 **** $forum_name = ( $forum_id == -1 ) ? $lang['All_Forums'] : $forum_rows[0]['forum_name']; $prune_data = $lang['Prune_topics_not_posted'] . " "; ! $prune_data .= ' ' . $lang['Days']; ! $hidden_input = ''; // // Assign the template variables. --- 168,176 ---- $forum_name = ( $forum_id == -1 ) ? $lang['All_Forums'] : $forum_rows[0]['forum_name']; $prune_data = $lang['Prune_topics_not_posted'] . " "; ! $prune_data .= ' ' . $lang['Days']; ! $hidden_input = ''; // // Assign the template variables. diff -crN phpbb203/admin/admin_forumauth.php phpbb2017/admin/admin_forumauth.php *** phpbb203/admin/admin_forumauth.php Sat Jul 10 20:16:19 2004 --- phpbb2017/admin/admin_forumauth.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_forumauth.php,v 1.23.2.4 2002/05/21 16:52:08 psotfx Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_forumauth.php,v 1.23.2.5 2004/03/25 15:57:19 acydburn Exp $ * * ***************************************************************************/ *************** *** 102,121 **** { if(isset($HTTP_POST_VARS['simpleauth'])) { ! $simple_ary = $simple_auth_ary[$HTTP_POST_VARS['simpleauth']]; for($i = 0; $i < count($simple_ary); $i++) { $sql .= ( ( $sql != '' ) ? ', ' : '' ) . $forum_auth_fields[$i] . ' = ' . $simple_ary[$i]; } ! $sql = "UPDATE " . FORUMS_TABLE . " SET $sql WHERE forum_id = $forum_id"; } else { for($i = 0; $i < count($forum_auth_fields); $i++) { ! $value = $HTTP_POST_VARS[$forum_auth_fields[$i]]; if ( $forum_auth_fields[$i] == 'auth_vote' ) { --- 102,124 ---- { if(isset($HTTP_POST_VARS['simpleauth'])) { ! $simple_ary = $simple_auth_ary[intval($HTTP_POST_VARS['simpleauth'])]; for($i = 0; $i < count($simple_ary); $i++) { $sql .= ( ( $sql != '' ) ? ', ' : '' ) . $forum_auth_fields[$i] . ' = ' . $simple_ary[$i]; } ! if (is_array($simple_ary)) ! { ! $sql = "UPDATE " . FORUMS_TABLE . " SET $sql WHERE forum_id = $forum_id"; ! } } else { for($i = 0; $i < count($forum_auth_fields); $i++) { ! $value = intval($HTTP_POST_VARS[$forum_auth_fields[$i]]); if ( $forum_auth_fields[$i] == 'auth_vote' ) { diff -crN phpbb203/admin/admin_forums.php phpbb2017/admin/admin_forums.php *** phpbb203/admin/admin_forums.php Sat Jul 10 20:16:19 2004 --- phpbb2017/admin/admin_forums.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_forums.php,v 1.40.2.3 2002/07/19 14:10:06 psotfx Exp $ * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_forums.php,v 1.40.2.12 2005/05/07 22:18:10 acydburn Exp $ * ***************************************************************************/ *************** *** 43,49 **** "auth_reply" => AUTH_ALL, "auth_edit" => AUTH_REG, "auth_delete" => AUTH_REG, ! "auth_sticky" => AUTH_REG, "auth_announce" => AUTH_MOD, "auth_vote" => AUTH_REG, "auth_pollcreate" => AUTH_REG --- 43,49 ---- "auth_reply" => AUTH_ALL, "auth_edit" => AUTH_REG, "auth_delete" => AUTH_REG, ! "auth_sticky" => AUTH_MOD, "auth_announce" => AUTH_MOD, "auth_vote" => AUTH_REG, "auth_pollcreate" => AUTH_REG *************** *** 55,60 **** --- 55,61 ---- if( isset($HTTP_POST_VARS['mode']) || isset($HTTP_GET_VARS['mode']) ) { $mode = ( isset($HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode']; + $mode = htmlspecialchars($mode); } else { *************** *** 232,237 **** --- 233,239 ---- if( $mode == "addforum" ) { list($cat_id) = each($HTTP_POST_VARS['addforum']); + $cat_id = intval($cat_id); // // stripslashes needs to be run on this because slashes are added when the forum name is posted // *************** *** 301,310 **** $catlist = get_list('category', $cat_id, TRUE); $forumstatus == ( FORUM_LOCKED ) ? $forumlocked = "selected=\"selected\"" : $forumunlocked = "selected=\"selected\""; $statuslist = "\n"; $statuslist .= "\n"; - $template->set_filenames(array( "body" => "admin/forum_edit_body.tpl") ); --- 303,317 ---- $catlist = get_list('category', $cat_id, TRUE); $forumstatus == ( FORUM_LOCKED ) ? $forumlocked = "selected=\"selected\"" : $forumunlocked = "selected=\"selected\""; + + // These two options ($lang['Status_unlocked'] and $lang['Status_locked']) seem to be missing from + // the language files. + $lang['Status_unlocked'] = isset($lang['Status_unlocked']) ? $lang['Status_unlocked'] : 'Unlocked'; + $lang['Status_locked'] = isset($lang['Status_locked']) ? $lang['Status_locked'] : 'Locked'; + $statuslist = "\n"; $statuslist .= "\n"; $template->set_filenames(array( "body" => "admin/forum_edit_body.tpl") ); *************** *** 604,611 **** // Either delete or move all posts in a forum if($to_id == -1) { include($phpbb_root_path . "includes/prune.$phpEx"); ! prune($from_id, 0); // Delete everything from forum } else { --- 611,651 ---- // Either delete or move all posts in a forum if($to_id == -1) { + // Delete polls in this forum + $sql = "SELECT v.vote_id + FROM " . VOTE_DESC_TABLE . " v, " . TOPICS_TABLE . " t + WHERE t.forum_id = $from_id + AND v.topic_id = t.topic_id"; + if (!($result = $db->sql_query($sql))) + { + message_die(GENERAL_ERROR, "Couldn't obtain list of vote ids", "", __LINE__, __FILE__, $sql); + } + + if ($row = $db->sql_fetchrow($result)) + { + $vote_ids = ''; + do + { + $vote_ids = (($vote_ids != '') ? ', ' : '') . $row['vote_id']; + } + while ($row = $db->sql_fetchrow($result)); + + $sql = "DELETE FROM " . VOTE_DESC_TABLE . " + WHERE vote_id IN ($vote_ids)"; + $db->sql_query($sql); + + $sql = "DELETE FROM " . VOTE_RESULTS_TABLE . " + WHERE vote_id IN ($vote_ids)"; + $db->sql_query($sql); + + $sql = "DELETE FROM " . VOTE_USERS_TABLE . " + WHERE vote_id IN ($vote_ids)"; + $db->sql_query($sql); + } + $db->sql_freeresult($result); + include($phpbb_root_path . "includes/prune.$phpEx"); ! prune($from_id, 0, true); // Delete everything from forum } else { *************** *** 616,621 **** --- 656,662 ---- { message_die(GENERAL_ERROR, "Couldn't verify existence of forums", "", __LINE__, __FILE__, $sql); } + if($db->sql_numrows($result) != 2) { message_die(GENERAL_ERROR, "Ambiguous forum ID's", "", __LINE__, __FILE__); *************** *** 637,642 **** --- 678,734 ---- sync('forum', $to_id); } + // Alter Mod level if appropriate - 2.0.4 + $sql = "SELECT ug.user_id + FROM " . AUTH_ACCESS_TABLE . " a, " . USER_GROUP_TABLE . " ug + WHERE a.forum_id <> $from_id + AND a.auth_mod = 1 + AND ug.group_id = a.group_id"; + if( !$result = $db->sql_query($sql) ) + { + message_die(GENERAL_ERROR, "Couldn't obtain moderator list", "", __LINE__, __FILE__, $sql); + } + + if ($row = $db->sql_fetchrow($result)) + { + $user_ids = ''; + do + { + $user_ids .= (($user_ids != '') ? ', ' : '' ) . $row['user_id']; + } + while ($row = $db->sql_fetchrow($result)); + + $sql = "SELECT ug.user_id + FROM " . AUTH_ACCESS_TABLE . " a, " . USER_GROUP_TABLE . " ug + WHERE a.forum_id = $from_id + AND a.auth_mod = 1 + AND ug.group_id = a.group_id + AND ug.user_id NOT IN ($user_ids)"; + if( !$result2 = $db->sql_query($sql) ) + { + message_die(GENERAL_ERROR, "Couldn't obtain moderator list", "", __LINE__, __FILE__, $sql); + } + + if ($row = $db->sql_fetchrow($result2)) + { + $user_ids = ''; + do + { + $user_ids .= (($user_ids != '') ? ', ' : '' ) . $row['user_id']; + } + while ($row = $db->sql_fetchrow($result2)); + + $sql = "UPDATE " . USERS_TABLE . " + SET user_level = " . USER . " + WHERE user_id IN ($user_ids) + AND user_level <> " . ADMIN; + $db->sql_query($sql); + } + $db->sql_freeresult($result); + + } + $db->sql_freeresult($result2); + $sql = "DELETE FROM " . FORUMS_TABLE . " WHERE forum_id = $from_id"; if( !$result = $db->sql_query($sql) ) *************** *** 933,936 **** include('./page_footer_admin.'.$phpEx); ! ?> --- 1025,1028 ---- include('./page_footer_admin.'.$phpEx); ! ?> \ No newline at end of file diff -crN phpbb203/admin/admin_groups.php phpbb2017/admin/admin_groups.php *** phpbb203/admin/admin_groups.php Sat Jul 10 20:16:19 2004 --- phpbb2017/admin/admin_groups.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_groups.php,v 1.25.2.5 2002/07/31 19:14:46 dougk_ff7 Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_groups.php,v 1.25.2.9 2004/03/25 15:57:20 acydburn Exp $ * * ***************************************************************************/ *************** *** 43,54 **** } else { ! $group_id = ''; } if ( isset($HTTP_POST_VARS['mode']) || isset($HTTP_GET_VARS['mode']) ) { $mode = ( isset($HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode']; } else { --- 43,55 ---- } else { ! $group_id = 0; } if ( isset($HTTP_POST_VARS['mode']) || isset($HTTP_GET_VARS['mode']) ) { $mode = ( isset($HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode']; + $mode = htmlspecialchars($mode); } else { *************** *** 171,176 **** --- 172,227 ---- // if ( isset($HTTP_POST_VARS['group_delete']) ) { + // + // Reset User Moderator Level + // + + // Is Group moderating a forum ? + $sql = "SELECT auth_mod FROM " . AUTH_ACCESS_TABLE . " + WHERE group_id = " . $group_id; + if ( !($result = $db->sql_query($sql)) ) + { + message_die(GENERAL_ERROR, 'Could not select auth_access', '', __LINE__, __FILE__, $sql); + } + + $row = $db->sql_fetchrow($result); + if (intval($row['auth_mod']) == 1) + { + // Yes, get the assigned users and update their Permission if they are no longer moderator of one of the forums + $sql = "SELECT user_id FROM " . USER_GROUP_TABLE . " + WHERE group_id = " . $group_id; + if ( !($result = $db->sql_query($sql)) ) + { + message_die(GENERAL_ERROR, 'Could not select user_group', '', __LINE__, __FILE__, $sql); + } + + $rows = $db->sql_fetchrowset($result); + for ($i = 0; $i < count($rows); $i++) + { + $sql = "SELECT g.group_id FROM " . AUTH_ACCESS_TABLE . " a, " . GROUPS_TABLE . " g, " . USER_GROUP_TABLE . " ug + WHERE (a.auth_mod = 1) AND (g.group_id = a.group_id) AND (a.group_id = ug.group_id) AND (g.group_id = ug.group_id) + AND (ug.user_id = " . intval($rows[$i]['user_id']) . ") AND (ug.group_id <> " . $group_id . ")"; + if ( !($result = $db->sql_query($sql)) ) + { + message_die(GENERAL_ERROR, 'Could not obtain moderator permissions', '', __LINE__, __FILE__, $sql); + } + + if ($db->sql_numrows($result) == 0) + { + $sql = "UPDATE " . USERS_TABLE . " SET user_level = " . USER . " + WHERE user_level = " . MOD . " AND user_id = " . intval($rows[$i]['user_id']); + + if ( !$db->sql_query($sql) ) + { + message_die(GENERAL_ERROR, 'Could not update moderator permissions', '', __LINE__, __FILE__, $sql); + } + } + } + } + + // + // Delete Group + // $sql = "DELETE FROM " . GROUPS_TABLE . " WHERE group_id = " . $group_id; if ( !$db->sql_query($sql) ) *************** *** 213,219 **** message_die(GENERAL_MESSAGE, $lang['No_group_moderator']); } ! $this_userdata = get_userdata($group_moderator); $group_moderator = $this_userdata['user_id']; if ( !$group_moderator ) --- 264,270 ---- message_die(GENERAL_MESSAGE, $lang['No_group_moderator']); } ! $this_userdata = get_userdata($group_moderator, true); $group_moderator = $this_userdata['user_id']; if ( !$group_moderator ) diff -crN phpbb203/admin/admin_mass_email.php phpbb2017/admin/admin_mass_email.php *** phpbb203/admin/admin_mass_email.php Sat Jul 10 20:16:18 2004 --- phpbb2017/admin/admin_mass_email.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_mass_email.php,v 1.15.2.5 2002/05/20 00:52:18 psotfx Exp $ * ****************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_mass_email.php,v 1.15.2.7 2003/05/03 23:24:01 acydburn Exp $ * ****************************************************************************/ *************** *** 79,88 **** if ( $row = $db->sql_fetchrow($result) ) { ! $bcc_list = ''; do { ! $bcc_list .= ( ( $bcc_list != '' ) ? ', ' : '' ) . $row['user_email']; } while ( $row = $db->sql_fetchrow($result) ); --- 79,88 ---- if ( $row = $db->sql_fetchrow($result) ) { ! $bcc_list = array(); do { ! $bcc_list[] = $row['user_email']; } while ( $row = $db->sql_fetchrow($result) ); *************** *** 116,127 **** $emailer = new emailer($board_config['smtp_delivery']); ! $email_headers = 'Return-Path: ' . $userdata['board_email'] . "\nFrom: " . $board_config['board_email'] . "\n"; ! $email_headers .= 'X-AntiAbuse: Board servername - ' . $board_config['server_name'] . "\n"; $email_headers .= 'X-AntiAbuse: User_id - ' . $userdata['user_id'] . "\n"; $email_headers .= 'X-AntiAbuse: Username - ' . $userdata['username'] . "\n"; $email_headers .= 'X-AntiAbuse: User IP - ' . decode_ip($user_ip) . "\n"; - $email_headers .= "Bcc: $bcc_list\n"; $emailer->use_template('admin_send_email'); $emailer->email_address($board_config['board_email']); --- 116,133 ---- $emailer = new emailer($board_config['smtp_delivery']); ! $emailer->from($board_config['board_email']); ! $emailer->replyto($board_config['board_email']); ! ! for ($i = 0; $i < count($bcc_list); $i++) ! { ! $emailer->bcc($bcc_list[$i]); ! } ! ! $email_headers = 'X-AntiAbuse: Board servername - ' . $board_config['server_name'] . "\n"; $email_headers .= 'X-AntiAbuse: User_id - ' . $userdata['user_id'] . "\n"; $email_headers .= 'X-AntiAbuse: Username - ' . $userdata['username'] . "\n"; $email_headers .= 'X-AntiAbuse: User IP - ' . decode_ip($user_ip) . "\n"; $emailer->use_template('admin_send_email'); $emailer->email_address($board_config['board_email']); diff -crN phpbb203/admin/admin_ranks.php phpbb2017/admin/admin_ranks.php *** phpbb203/admin/admin_ranks.php Sat Jul 10 20:16:19 2004 --- phpbb2017/admin/admin_ranks.php Tue Jul 19 22:14:56 2005 *************** *** 6,13 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_ranks.php,v 1.13.2.2 2002/05/12 15:57:44 psotfx Exp $ ! * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_ranks.php,v 1.13.2.4 2004/03/25 15:57:20 acydburn Exp $ * ***************************************************************************/ *************** *** 39,44 **** --- 38,44 ---- if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) ) { $mode = ($HTTP_GET_VARS['mode']) ? $HTTP_GET_VARS['mode'] : $HTTP_POST_VARS['mode']; + $mode = htmlspecialchars($mode); } else { *************** *** 162,169 **** } } ! if( $rank_id ) { $sql = "UPDATE " . RANKS_TABLE . " SET rank_title = '" . str_replace("\'", "''", $rank_title) . "', rank_special = $special_rank, rank_min = $min_posts, rank_image = '" . str_replace("\'", "''", $rank_image) . "' WHERE rank_id = $rank_id"; --- 162,180 ---- } } ! if ($rank_id) { + if (!$special_rank) + { + $sql = "UPDATE " . USERS_TABLE . " + SET user_rank = 0 + WHERE user_rank = $rank_id"; + + if( !$result = $db->sql_query($sql) ) + { + message_die(GENERAL_ERROR, $lang['No_update_ranks'], "", __LINE__, __FILE__, $sql); + } + } $sql = "UPDATE " . RANKS_TABLE . " SET rank_title = '" . str_replace("\'", "''", $rank_title) . "', rank_special = $special_rank, rank_min = $min_posts, rank_image = '" . str_replace("\'", "''", $rank_image) . "' WHERE rank_id = $rank_id"; diff -crN phpbb203/admin/admin_smilies.php phpbb2017/admin/admin_smilies.php *** phpbb203/admin/admin_smilies.php Sat Jul 10 20:16:19 2004 --- phpbb2017/admin/admin_smilies.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_smilies.php,v 1.22.2.5 2002/07/19 14:10:07 psotfx Exp $ * ****************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_smilies.php,v 1.22.2.14 2005/05/06 20:50:09 acydburn Exp $ * ****************************************************************************/ *************** *** 57,62 **** --- 57,63 ---- if( isset($HTTP_POST_VARS['mode']) || isset($HTTP_GET_VARS['mode']) ) { $mode = ( isset($HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode']; + $mode = htmlspecialchars($mode); } else { *************** *** 72,78 **** while($file = @readdir($dir)) { ! if( !@is_dir($phpbb_root_path . $board_config['smilies_path'] . '/' . $file) ) { $img_size = @getimagesize($phpbb_root_path . $board_config['smilies_path'] . '/' . $file); --- 73,79 ---- while($file = @readdir($dir)) { ! if( !@is_dir(phpbb_realpath($phpbb_root_path . $board_config['smilies_path'] . '/' . $file)) ) { $img_size = @getimagesize($phpbb_root_path . $board_config['smilies_path'] . '/' . $file); *************** *** 239,245 **** FROM " . SMILIES_TABLE; if( !$result = $db->sql_query($sql) ) { ! message_die(GENERAL_ERROR, "Couldn't delete smiley", "", __LINE__, __FILE__, $sql); } $resultset = $db->sql_fetchrowset($result); --- 240,246 ---- FROM " . SMILIES_TABLE; if( !$result = $db->sql_query($sql) ) { ! message_die(GENERAL_ERROR, "Could not get smiley list", "", __LINE__, __FILE__, $sql); } $resultset = $db->sql_fetchrowset($result); *************** *** 313,318 **** --- 314,320 ---- // $smiley_id = ( !empty($HTTP_POST_VARS['id']) ) ? $HTTP_POST_VARS['id'] : $HTTP_GET_VARS['id']; + $smiley_id = intval($smiley_id); $sql = "DELETE FROM " . SMILIES_TABLE . " WHERE smilies_id = " . $smiley_id; *************** *** 333,338 **** --- 335,341 ---- // $smiley_id = ( !empty($HTTP_POST_VARS['id']) ) ? $HTTP_POST_VARS['id'] : $HTTP_GET_VARS['id']; + $smiley_id = intval($smiley_id); $sql = "SELECT * FROM " . SMILIES_TABLE . " *************** *** 399,408 **** // Get the submitted data, being careful to ensure that we only // accept the data we are looking for. // ! $smile_code = ( isset($HTTP_POST_VARS['smile_code']) ) ? $HTTP_POST_VARS['smile_code'] : $HTTP_GET_VARS['smile_code']; ! $smile_url = ( isset($HTTP_POST_VARS['smile_url']) ) ? $HTTP_POST_VARS['smile_url'] : $HTTP_GET_VARS['smile_url']; ! $smile_emotion = ( isset($HTTP_POST_VARS['smile_emotion']) ) ? $HTTP_POST_VARS['smile_emotion'] : $HTTP_GET_VARS['smile_emotion']; $smile_id = ( isset($HTTP_POST_VARS['smile_id']) ) ? intval($HTTP_POST_VARS['smile_id']) : intval($HTTP_GET_VARS['smile_id']); // // Convert < and > to proper htmlentities for parsing. // --- 402,418 ---- // Get the submitted data, being careful to ensure that we only // accept the data we are looking for. // ! $smile_code = ( isset($HTTP_POST_VARS['smile_code']) ) ? trim($HTTP_POST_VARS['smile_code']) : trim($HTTP_GET_VARS['smile_code']); ! $smile_url = ( isset($HTTP_POST_VARS['smile_url']) ) ? trim($HTTP_POST_VARS['smile_url']) : trim($HTTP_GET_VARS['smile_url']); ! $smile_emotion = ( isset($HTTP_POST_VARS['smile_emotion']) ) ? trim($HTTP_POST_VARS['smile_emotion']) : trim($HTTP_GET_VARS['smile_emotion']); $smile_id = ( isset($HTTP_POST_VARS['smile_id']) ) ? intval($HTTP_POST_VARS['smile_id']) : intval($HTTP_GET_VARS['smile_id']); + + // If no code was entered complain ... + if ($smile_code == '' || $smile_url == '') + { + message_die(MESSAGE, $lang['Fields_empty']); + } + // // Convert < and > to proper htmlentities for parsing. // *************** *** 415,422 **** $sql = "UPDATE " . SMILIES_TABLE . " SET code = '" . str_replace("\'", "''", $smile_code) . "', smile_url = '" . str_replace("\'", "''", $smile_url) . "', emoticon = '" . str_replace("\'", "''", $smile_emotion) . "' WHERE smilies_id = $smile_id"; ! $result = $db->sql_query($sql); ! if( !$result ) { message_die(GENERAL_ERROR, "Couldn't update smilies info", "", __LINE__, __FILE__, $sql); } --- 425,431 ---- $sql = "UPDATE " . SMILIES_TABLE . " SET code = '" . str_replace("\'", "''", $smile_code) . "', smile_url = '" . str_replace("\'", "''", $smile_url) . "', emoticon = '" . str_replace("\'", "''", $smile_emotion) . "' WHERE smilies_id = $smile_id"; ! if( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, "Couldn't update smilies info", "", __LINE__, __FILE__, $sql); } *************** *** 438,443 **** --- 447,461 ---- $smile_code = ( isset($HTTP_POST_VARS['smile_code']) ) ? $HTTP_POST_VARS['smile_code'] : $HTTP_GET_VARS['smile_code']; $smile_url = ( isset($HTTP_POST_VARS['smile_url']) ) ? $HTTP_POST_VARS['smile_url'] : $HTTP_GET_VARS['smile_url']; $smile_emotion = ( isset($HTTP_POST_VARS['smile_emotion']) ) ? $HTTP_POST_VARS['smile_emotion'] : $HTTP_GET_VARS['smile_emotion']; + $smile_code = trim($smile_code); + $smile_url = trim($smile_url); + $smile_emotion = trim($smile_emotion); + + // If no code was entered complain ... + if ($smile_code == '' || $smile_url == '') + { + message_die(MESSAGE, $lang['Fields_empty']); + } // // Convert < and > to proper htmlentities for parsing. diff -crN phpbb203/admin/admin_styles.php phpbb2017/admin/admin_styles.php *** phpbb203/admin/admin_styles.php Sat Jul 10 20:16:19 2004 --- phpbb2017/admin/admin_styles.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_styles.php,v 1.27.2.3 2002/05/13 13:18:17 psotfx Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_styles.php,v 1.27.2.14 2005/03/17 17:33:30 acydburn Exp $ * * ***************************************************************************/ *************** *** 39,65 **** // Check if the user has cancled a confirmation message. // $phpbb_root_path = "./../"; $confirm = ( isset($HTTP_POST_VARS['confirm']) ) ? TRUE : FALSE; $cancel = ( isset($HTTP_POST_VARS['cancel']) ) ? TRUE : FALSE; ! if( empty($HTTP_POST_VARS['send_file']) ) ! { ! $no_page_header = ( $cancel ) ? TRUE : FALSE; ! require($phpbb_root_path . 'extension.inc'); ! require('./pagestart.' . $phpEx); ! } ! if( $cancel ) { ! $header_location = ( @preg_match('/Microsoft|WebSTAR|Xitami/', getenv('SERVER_SOFTWARE')) ) ? 'Refresh: 0; URL=' : 'Location: '; ! header($header_location . append_sid("admin_styles.$phpEx")); ! exit; } if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) ) { $mode = ( isset($HTTP_GET_VARS['mode']) ) ? $HTTP_GET_VARS['mode'] : $HTTP_POST_VARS['mode']; } else { --- 39,65 ---- // Check if the user has cancled a confirmation message. // $phpbb_root_path = "./../"; + require($phpbb_root_path . 'extension.inc'); $confirm = ( isset($HTTP_POST_VARS['confirm']) ) ? TRUE : FALSE; $cancel = ( isset($HTTP_POST_VARS['cancel']) ) ? TRUE : FALSE; ! $no_page_header = (!empty($HTTP_POST_VARS['send_file']) || $cancel) ? TRUE : FALSE; ! ! require('./pagestart.' . $phpEx); ! ! $confirm = ( isset($HTTP_POST_VARS['confirm']) ) ? TRUE : FALSE; ! $cancel = ( isset($HTTP_POST_VARS['cancel']) ) ? TRUE : FALSE; ! if ($cancel) { ! redirect('admin/' . append_sid("admin_styles.$phpEx", true)); } if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) ) { $mode = ( isset($HTTP_GET_VARS['mode']) ) ? $HTTP_GET_VARS['mode'] : $HTTP_POST_VARS['mode']; + $mode = htmlspecialchars($mode); } else { *************** *** 75,81 **** if( isset($install_to) ) { ! include($phpbb_root_path. "templates/" . $install_to . "/theme_info.cfg"); $template_name = $$install_to; $found = FALSE; --- 75,81 ---- if( isset($install_to) ) { ! include($phpbb_root_path. "templates/" . basename($install_to) . "/theme_info.cfg"); $template_name = $$install_to; $found = FALSE; *************** *** 134,142 **** { while( $sub_dir = @readdir($dir) ) { ! if( !is_file($phpbb_root_path . 'templates/' .$sub_dir) && !is_link($phpbb_root_path . 'templates/' .$sub_dir) && $sub_dir != "." && $sub_dir != ".." && $sub_dir != "CVS" ) { ! if( @file_exists($phpbb_root_path. "templates/" . $sub_dir . "/theme_info.cfg") ) { include($phpbb_root_path. "templates/" . $sub_dir . "/theme_info.cfg"); --- 134,142 ---- { while( $sub_dir = @readdir($dir) ) { ! if( !is_file(phpbb_realpath($phpbb_root_path . 'templates/' .$sub_dir)) && !is_link(phpbb_realpath($phpbb_root_path . 'templates/' .$sub_dir)) && $sub_dir != "." && $sub_dir != ".." && $sub_dir != "CVS" ) { ! if( @file_exists(@phpbb_realpath($phpbb_root_path. "templates/" . $sub_dir . "/theme_info.cfg")) ) { include($phpbb_root_path. "templates/" . $sub_dir . "/theme_info.cfg"); *************** *** 492,498 **** $themes_title = $lang['Edit_theme']; $themes_explain = $lang['Edit_theme_explain']; ! $style_id = $HTTP_GET_VARS['style_id']; $selected_names = array(); $selected_values = array(); --- 492,498 ---- $themes_title = $lang['Edit_theme']; $themes_explain = $lang['Edit_theme_explain']; ! $style_id = intval($HTTP_GET_VARS['style_id']); $selected_names = array(); $selected_values = array(); *************** *** 551,557 **** $s_template_select = ''; while( $file = @readdir($dir) ) { ! if( !is_file(phpbb_realpath($phpbb_root_path . 'templates/' . $file)) && !is_link(phpbb_realpath($phpbb_root_path . 'templates/' . $file)) && $file != "." && $file != ".." && $file != "CVS" ) { if($file == $selected['template_name']) { *************** *** 707,713 **** $sql = "SELECT * FROM " . THEMES_TABLE . " ! WHERE template_name = '$template_name'"; if(!$result = $db->sql_query($sql)) { message_die(GENERAL_ERROR, "Could not get theme data for selected template", "", __LINE__, __FILE__, $sql); --- 707,713 ---- $sql = "SELECT * FROM " . THEMES_TABLE . " ! WHERE template_name = '" . str_replace("\'", "''", $template_name) . "'"; if(!$result = $db->sql_query($sql)) { message_die(GENERAL_ERROR, "Could not get theme data for selected template", "", __LINE__, __FILE__, $sql); *************** *** 739,745 **** @umask(0111); ! $fp = @fopen($phpbb_root_path . 'templates/' . $template_name . '/theme_info.cfg', 'w'); if( !$fp ) { --- 739,745 ---- @umask(0111); ! $fp = @fopen($phpbb_root_path . 'templates/' . basename($template_name) . '/theme_info.cfg', 'w'); if( !$fp ) { *************** *** 750,756 **** $s_hidden_fields = ''; $s_hidden_fields .= ''; ! $download_form = '
' . $s_hidden_fields; $template->set_filenames(array( "body" => "message_body.tpl") --- 750,756 ---- $s_hidden_fields = ''; $s_hidden_fields .= ''; ! $download_form = '' . $s_hidden_fields; $template->set_filenames(array( "body" => "message_body.tpl") *************** *** 792,798 **** $s_template_select = ''; while( $file = @readdir($dir) ) { ! if( !is_file(phpbb_realpath($phpbb_root_path . 'templates/' . $file)) && !is_link(phpbb_realpath($phpbb_root_path . 'templates/' .$file)) && $file != "." && $file != ".." && $file != "CVS" ) { $s_template_select .= '\n"; } *************** *** 932,940 **** break; } ! if( !$HTTP_POST_VARS['send_file'] ) { include('./page_footer_admin.'.$phpEx); } ! ?> --- 932,940 ---- break; } ! if (empty($HTTP_POST_VARS['send_file'])) { include('./page_footer_admin.'.$phpEx); } ! ?> \ No newline at end of file diff -crN phpbb203/admin/admin_ug_auth.php phpbb2017/admin/admin_ug_auth.php *** phpbb203/admin/admin_ug_auth.php Sat Jul 10 20:16:19 2004 --- phpbb2017/admin/admin_ug_auth.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_ug_auth.php,v 1.13.2.2 2002/05/12 15:57:44 psotfx Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_ug_auth.php,v 1.13.2.9 2005/07/19 20:01:05 acydburn Exp $ * * ***************************************************************************/ *************** *** 54,59 **** --- 54,64 ---- } } + $user_id = intval($user_id); + $group_id = intval($group_id); + $adv = intval($adv); + $mode = htmlspecialchars($mode); + // // Start program - define vars // *************** *** 409,414 **** --- 414,420 ---- FROM " . AUTH_ACCESS_TABLE . " aa, " . USER_GROUP_TABLE . " ug, " . USERS_TABLE . " u WHERE ug.group_id = aa.group_id AND u.user_id = ug.user_id + AND ug.user_pending = 0 AND u.user_level NOT IN (" . MOD . ", " . ADMIN . ") GROUP BY u.user_id HAVING SUM(aa.auth_mod) > 0"; *************** *** 503,508 **** --- 509,556 ---- } } + $sql = 'SELECT user_id FROM ' . USER_GROUP_TABLE . " + WHERE group_id = $group_id"; + $result = $db->sql_query($sql); + + $group_user = array(); + while ($row = $db->sql_fetchrow($result)) + { + $group_user[$row['user_id']] = $row['user_id']; + } + $db->sql_freeresult($result); + + $sql = "SELECT ug.user_id, COUNT(auth_mod) AS is_auth_mod + FROM " . AUTH_ACCESS_TABLE . " aa, " . USER_GROUP_TABLE . " ug + WHERE ug.user_id IN (" . implode(', ', $group_user) . ") + AND aa.group_id = ug.group_id + AND aa.auth_mod = 1 + GROUP BY ug.user_id"; + if ( !($result = $db->sql_query($sql)) ) + { + message_die(GENERAL_ERROR, 'Could not obtain moderator status', '', __LINE__, __FILE__, $sql); + } + + while ($row = $db->sql_fetchrow($result)) + { + if ($row['is_auth_mod']) + { + unset($group_user[$row['user_id']]); + } + } + $db->sql_freeresult($result); + + if (sizeof($group_user)) + { + $sql = "UPDATE " . USERS_TABLE . " + SET user_level = " . USER . " + WHERE user_id IN (" . implode(', ', $group_user) . ") AND user_level = " . MOD; + if ( !($result = $db->sql_query($sql)) ) + { + message_die(GENERAL_ERROR, 'Could not update user level', '', __LINE__, __FILE__, $sql); + } + } + message_die(GENERAL_MESSAGE, $message); } } *************** *** 510,516 **** { if ( isset($HTTP_POST_VARS['username']) ) { ! $this_userdata = get_userdata($HTTP_POST_VARS['username']); if ( !is_array($this_userdata) ) { message_die(GENERAL_MESSAGE, $lang['No_such_user']); --- 558,564 ---- { if ( isset($HTTP_POST_VARS['username']) ) { ! $this_userdata = get_userdata($HTTP_POST_VARS['username'], true); if ( !is_array($this_userdata) ) { message_die(GENERAL_MESSAGE, $lang['No_such_user']); *************** *** 521,529 **** // // Front end // ! $sql = "SELECT * ! FROM " . FORUMS_TABLE . " f ! ORDER BY forum_order"; if ( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, "Couldn't obtain forum information", "", __LINE__, __FILE__, $sql); --- 569,578 ---- // // Front end // ! $sql = "SELECT f.* ! FROM " . FORUMS_TABLE . " f, " . CATEGORIES_TABLE . " c ! WHERE f.cat_id = c.cat_id ! ORDER BY c.cat_order, f.forum_order ASC"; if ( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, "Couldn't obtain forum information", "", __LINE__, __FILE__, $sql); *************** *** 556,562 **** } } ! $sql = "SELECT u.user_id, u.username, u.user_level, g.group_id, g.group_name, g.group_single_user FROM " . USERS_TABLE . " u, " . GROUPS_TABLE . " g, " . USER_GROUP_TABLE . " ug WHERE "; $sql .= ( $mode == 'user' ) ? "u.user_id = $user_id AND ug.user_id = u.user_id AND g.group_id = ug.group_id" : "g.group_id = $group_id AND ug.group_id = g.group_id AND u.user_id = ug.user_id"; if ( !($result = $db->sql_query($sql)) ) { --- 605,611 ---- } } ! $sql = "SELECT u.user_id, u.username, u.user_level, g.group_id, g.group_name, g.group_single_user, ug.user_pending FROM " . USERS_TABLE . " u, " . GROUPS_TABLE . " g, " . USER_GROUP_TABLE . " ug WHERE "; $sql .= ( $mode == 'user' ) ? "u.user_id = $user_id AND ug.user_id = u.user_id AND g.group_id = ug.group_id" : "g.group_id = $group_id AND ug.group_id = g.group_id AND u.user_id = ug.user_id"; if ( !($result = $db->sql_query($sql)) ) { *************** *** 759,765 **** $i++; } ! @reset($auth_user); if ( $mode == 'user' ) { --- 808,814 ---- $i++; } ! // @reset($auth_user); if ( $mode == 'user' ) { *************** *** 784,795 **** if( count($name) ) { ! $t_usergroup_list = ''; for($i = 0; $i < count($ug_info); $i++) { $ug = ( $mode == 'user' ) ? 'group&' . POST_GROUPS_URL : 'user&' . POST_USERS_URL; ! $t_usergroup_list .= ( ( $t_usergroup_list != '' ) ? ', ' : '' ) . '' . $name[$i] . ''; } } else --- 833,851 ---- if( count($name) ) { ! $t_usergroup_list = $t_pending_list = ''; for($i = 0; $i < count($ug_info); $i++) { $ug = ( $mode == 'user' ) ? 'group&' . POST_GROUPS_URL : 'user&' . POST_USERS_URL; ! if (!$ug_info[$i]['user_pending']) ! { ! $t_usergroup_list .= ( ( $t_usergroup_list != '' ) ? ', ' : '' ) . '' . $name[$i] . ''; ! } ! else ! { ! $t_pending_list .= ( ( $t_pending_list != '' ) ? ', ' : '' ) . '' . $name[$i] . ''; ! } } } else *************** *** 852,858 **** $template->assign_vars(array( 'USERNAME' => $t_groupname, ! 'GROUP_MEMBERSHIP' => $lang['Usergroup_members'] . ' : ' . $t_usergroup_list) ); } --- 908,914 ---- $template->assign_vars(array( 'USERNAME' => $t_groupname, ! 'GROUP_MEMBERSHIP' => $lang['Usergroup_members'] . ' : ' . $t_usergroup_list . '
' . $lang['Pending_members'] . ' : ' . $t_pending_list) ); } diff -crN phpbb203/admin/admin_user_ban.php phpbb2017/admin/admin_user_ban.php *** phpbb203/admin/admin_user_ban.php Sat Jul 10 20:16:19 2004 --- phpbb2017/admin/admin_user_ban.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_user_ban.php,v 1.21.2.2 2002/05/12 15:57:45 psotfx Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_user_ban.php,v 1.21.2.5 2004/03/25 15:57:20 acydburn Exp $ * * ***************************************************************************/ *************** *** 49,55 **** $user_list = array(); if ( !empty($HTTP_POST_VARS['username']) ) { ! $this_userdata = get_userdata($HTTP_POST_VARS['username']); if( !$this_userdata ) { message_die(GENERAL_MESSAGE, $lang['No_user_id_specified'] ); --- 49,55 ---- $user_list = array(); if ( !empty($HTTP_POST_VARS['username']) ) { ! $this_userdata = get_userdata($HTTP_POST_VARS['username'], true); if( !$this_userdata ) { message_die(GENERAL_MESSAGE, $lang['No_user_id_specified'] ); *************** *** 155,161 **** // contained in the annotated php manual at php.com (ereg // section) // ! if ( eregi('^(([[:alnum:]\*]+([-_.][[:alnum:]\*]+)*\.?)|(\*))@([[:alnum:]]+([-_]?[[:alnum:]]+)*\.){1,3}([[:alnum:]]{2,6})$', trim($email_list_temp[$i])) ) { $email_list[] = trim($email_list_temp[$i]); } --- 155,161 ---- // contained in the annotated php manual at php.com (ereg // section) // ! if (preg_match('#^(([a-z0-9&.-_+])|(\*))+@[a-z0-9\-]+\.([a-z0-9\-]+\.)*?[a-z]+$#is', trim($email_list_temp[$i]))) { $email_list[] = trim($email_list_temp[$i]); } *************** *** 277,283 **** { if ( $user_list[$i] != -1 ) { ! $where_sql .= ( ( $where_sql != '' ) ? ', ' : '' ) . $user_list[$i]; } } } --- 277,283 ---- { if ( $user_list[$i] != -1 ) { ! $where_sql .= ( ( $where_sql != '' ) ? ', ' : '' ) . intval($user_list[$i]); } } } *************** *** 290,296 **** { if ( $ip_list[$i] != -1 ) { ! $where_sql .= ( ( $where_sql != '' ) ? ', ' : '' ) . $ip_list[$i]; } } } --- 290,296 ---- { if ( $ip_list[$i] != -1 ) { ! $where_sql .= ( ( $where_sql != '' ) ? ', ' : '' ) . str_replace("\'", "''", $ip_list[$i]); } } } *************** *** 303,309 **** { if ( $email_list[$i] != -1 ) { ! $where_sql .= ( ( $where_sql != '' ) ? ', ' : '' ) . $email_list[$i]; } } } --- 303,309 ---- { if ( $email_list[$i] != -1 ) { ! $where_sql .= ( ( $where_sql != '' ) ? ', ' : '' ) . str_replace("\'", "''", $email_list[$i]); } } } diff -crN phpbb203/admin/admin_users.php phpbb2017/admin/admin_users.php *** phpbb203/admin/admin_users.php Sat Jul 10 20:16:18 2004 --- phpbb2017/admin/admin_users.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_users.php,v 1.57.2.6 2002/06/27 22:54:09 dougk_ff7 Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_users.php,v 1.57.2.27 2005/07/19 20:01:07 acydburn Exp $ * * ***************************************************************************/ *************** *** 30,36 **** return; } ! $phpbb_root_path = "./../"; require($phpbb_root_path . 'extension.inc'); require('./pagestart.' . $phpEx); require($phpbb_root_path . 'includes/bbcode.'.$phpEx); --- 30,36 ---- return; } ! $phpbb_root_path = './../'; require($phpbb_root_path . 'extension.inc'); require('./pagestart.' . $phpEx); require($phpbb_root_path . 'includes/bbcode.'.$phpEx); *************** *** 38,49 **** --- 38,53 ---- require($phpbb_root_path . 'includes/functions_selects.'.$phpEx); require($phpbb_root_path . 'includes/functions_validate.'.$phpEx); + $html_entities_match = array('#<#', '#>#'); + $html_entities_replace = array('<', '>'); + // // Set mode // if( isset( $HTTP_POST_VARS['mode'] ) || isset( $HTTP_GET_VARS['mode'] ) ) { $mode = ( isset( $HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode']; + $mode = htmlspecialchars($mode); } else { *************** *** 53,74 **** // // Begin program // ! if( $mode == 'edit' || $mode == 'save' && ( isset($HTTP_POST_VARS['username']) || isset($HTTP_GET_VARS[POST_USERS_URL]) || isset( $HTTP_POST_VARS[POST_USERS_URL]) ) ) { // // Ok, the profile has been modified and submitted, let's update // ! if( ( $mode == 'save' && isset( $HTTP_POST_VARS['submit'] ) ) || isset( $HTTP_POST_VARS['avatargallery'] ) || isset( $HTTP_POST_VARS['submitavatar'] ) || isset( $HTTP_POST_VARS['cancelavatar'] ) ) { ! $user_id = intval( $HTTP_POST_VARS['id'] ); ! $this_userdata = get_userdata($user_id); ! if( !$this_userdata ) { message_die(GENERAL_MESSAGE, $lang['No_user_id_specified'] ); } ! $username = ( !empty($HTTP_POST_VARS['username']) ) ? trim(strip_tags( $HTTP_POST_VARS['username'] ) ) : ''; $email = ( !empty($HTTP_POST_VARS['email']) ) ? trim(strip_tags(htmlspecialchars( $HTTP_POST_VARS['email'] ) )) : ''; $password = ( !empty($HTTP_POST_VARS['password']) ) ? trim(strip_tags(htmlspecialchars( $HTTP_POST_VARS['password'] ) )) : ''; --- 57,223 ---- // // Begin program // ! if ( $mode == 'edit' || $mode == 'save' && ( isset($HTTP_POST_VARS['username']) || isset($HTTP_GET_VARS[POST_USERS_URL]) || isset( $HTTP_POST_VARS[POST_USERS_URL]) ) ) { // // Ok, the profile has been modified and submitted, let's update // ! if ( ( $mode == 'save' && isset( $HTTP_POST_VARS['submit'] ) ) || isset( $HTTP_POST_VARS['avatargallery'] ) || isset( $HTTP_POST_VARS['submitavatar'] ) || isset( $HTTP_POST_VARS['cancelavatar'] ) ) { ! $user_id = intval($HTTP_POST_VARS['id']); ! if (!($this_userdata = get_userdata($user_id))) { message_die(GENERAL_MESSAGE, $lang['No_user_id_specified'] ); } ! if( $HTTP_POST_VARS['deleteuser'] ) ! { ! $sql = "SELECT g.group_id ! FROM " . USER_GROUP_TABLE . " ug, " . GROUPS_TABLE . " g ! WHERE ug.user_id = $user_id ! AND g.group_id = ug.group_id ! AND g.group_single_user = 1"; ! if( !($result = $db->sql_query($sql)) ) ! { ! message_die(GENERAL_ERROR, 'Could not obtain group information for this user', '', __LINE__, __FILE__, $sql); ! } ! ! $row = $db->sql_fetchrow($result); ! ! $sql = "UPDATE " . POSTS_TABLE . " ! SET poster_id = " . DELETED . ", post_username = '" . str_replace("\\'", "''", addslashes($this_userdata['username'])) . "' ! WHERE poster_id = $user_id"; ! if( !$db->sql_query($sql) ) ! { ! message_die(GENERAL_ERROR, 'Could not update posts for this user', '', __LINE__, __FILE__, $sql); ! } ! ! $sql = "UPDATE " . TOPICS_TABLE . " ! SET topic_poster = " . DELETED . " ! WHERE topic_poster = $user_id"; ! if( !$db->sql_query($sql) ) ! { ! message_die(GENERAL_ERROR, 'Could not update topics for this user', '', __LINE__, __FILE__, $sql); ! } ! ! $sql = "UPDATE " . VOTE_USERS_TABLE . " ! SET vote_user_id = " . DELETED . " ! WHERE vote_user_id = $user_id"; ! if( !$db->sql_query($sql) ) ! { ! message_die(GENERAL_ERROR, 'Could not update votes for this user', '', __LINE__, __FILE__, $sql); ! } ! ! $sql = "SELECT group_id ! FROM " . GROUPS_TABLE . " ! WHERE group_moderator = $user_id"; ! if( !($result = $db->sql_query($sql)) ) ! { ! message_die(GENERAL_ERROR, 'Could not select groups where user was moderator', '', __LINE__, __FILE__, $sql); ! } ! ! while ( $row_group = $db->sql_fetchrow($result) ) ! { ! $group_moderator[] = $row_group['group_id']; ! } ! ! if ( count($group_moderator) ) ! { ! $update_moderator_id = implode(', ', $group_moderator); ! ! $sql = "UPDATE " . GROUPS_TABLE . " ! SET group_moderator = " . $userdata['user_id'] . " ! WHERE group_moderator IN ($update_moderator_id)"; ! if( !$db->sql_query($sql) ) ! { ! message_die(GENERAL_ERROR, 'Could not update group moderators', '', __LINE__, __FILE__, $sql); ! } ! } ! ! $sql = "DELETE FROM " . USERS_TABLE . " ! WHERE user_id = $user_id"; ! if( !$db->sql_query($sql) ) ! { ! message_die(GENERAL_ERROR, 'Could not delete user', '', __LINE__, __FILE__, $sql); ! } ! ! $sql = "DELETE FROM " . USER_GROUP_TABLE . " ! WHERE user_id = $user_id"; ! if( !$db->sql_query($sql) ) ! { ! message_die(GENERAL_ERROR, 'Could not delete user from user_group table', '', __LINE__, __FILE__, $sql); ! } ! ! $sql = "DELETE FROM " . GROUPS_TABLE . " ! WHERE group_id = " . $row['group_id']; ! if( !$db->sql_query($sql) ) ! { ! message_die(GENERAL_ERROR, 'Could not delete group for this user', '', __LINE__, __FILE__, $sql); ! } ! ! $sql = "DELETE FROM " . AUTH_ACCESS_TABLE . " ! WHERE group_id = " . $row['group_id']; ! if( !$db->sql_query($sql) ) ! { ! message_die(GENERAL_ERROR, 'Could not delete group for this user', '', __LINE__, __FILE__, $sql); ! } ! ! $sql = "DELETE FROM " . TOPICS_WATCH_TABLE . " ! WHERE user_id = $user_id"; ! if ( !$db->sql_query($sql) ) ! { ! message_die(GENERAL_ERROR, 'Could not delete user from topic watch table', '', __LINE__, __FILE__, $sql); ! } ! ! $sql = "DELETE FROM " . BANLIST_TABLE . " ! WHERE ban_userid = $user_id"; ! if ( !$db->sql_query($sql) ) ! { ! message_die(GENERAL_ERROR, 'Could not delete user from banlist table', '', __LINE__, __FILE__, $sql); ! } ! ! $sql = "SELECT privmsgs_id ! FROM " . PRIVMSGS_TABLE . " ! WHERE privmsgs_from_userid = $user_id ! OR privmsgs_to_userid = $user_id"; ! if ( !($result = $db->sql_query($sql)) ) ! { ! message_die(GENERAL_ERROR, 'Could not select all users private messages', '', __LINE__, __FILE__, $sql); ! } ! ! // This little bit of code directly from the private messaging section. ! while ( $row_privmsgs = $db->sql_fetchrow($result) ) ! { ! $mark_list[] = $row_privmsgs['privmsgs_id']; ! } ! ! if ( count($mark_list) ) ! { ! $delete_sql_id = implode(', ', $mark_list); ! ! $delete_text_sql = "DELETE FROM " . PRIVMSGS_TEXT_TABLE . " ! WHERE privmsgs_text_id IN ($delete_sql_id)"; ! $delete_sql = "DELETE FROM " . PRIVMSGS_TABLE . " ! WHERE privmsgs_id IN ($delete_sql_id)"; ! ! if ( !$db->sql_query($delete_sql) ) ! { ! message_die(GENERAL_ERROR, 'Could not delete private message info', '', __LINE__, __FILE__, $delete_sql); ! } ! ! if ( !$db->sql_query($delete_text_sql) ) ! { ! message_die(GENERAL_ERROR, 'Could not delete private message text', '', __LINE__, __FILE__, $delete_text_sql); ! } ! } ! ! $message = $lang['User_deleted'] . '

' . sprintf($lang['Click_return_useradmin'], '', '') . '

' . sprintf($lang['Click_return_admin_index'], '', ''); ! ! message_die(GENERAL_MESSAGE, $message); ! } ! ! $username = ( !empty($HTTP_POST_VARS['username']) ) ? trim(strip_tags(htmlspecialchars($HTTP_POST_VARS['username']))) : ''; $email = ( !empty($HTTP_POST_VARS['email']) ) ? trim(strip_tags(htmlspecialchars( $HTTP_POST_VARS['email'] ) )) : ''; $password = ( !empty($HTTP_POST_VARS['password']) ) ? trim(strip_tags(htmlspecialchars( $HTTP_POST_VARS['password'] ) )) : ''; *************** *** 129,146 **** $password_confirm = ''; $icq = stripslashes($icq); ! $aim = stripslashes($aim); ! $msn = stripslashes($msn); ! $yim = stripslashes($yim); ! ! $website = stripslashes($website); ! $location = stripslashes($location); ! $occupation = stripslashes($occupation); ! $interests = stripslashes($interests); ! $signature = stripslashes($signature); $user_lang = stripslashes($user_lang); ! $user_dateformat = stripslashes($user_dateformat); if ( !isset($HTTP_POST_VARS['cancelavatar'])) { --- 278,295 ---- $password_confirm = ''; $icq = stripslashes($icq); ! $aim = htmlspecialchars(stripslashes($aim)); ! $msn = htmlspecialchars(stripslashes($msn)); ! $yim = htmlspecialchars(stripslashes($yim)); ! ! $website = htmlspecialchars(stripslashes($website)); ! $location = htmlspecialchars(stripslashes($location)); ! $occupation = htmlspecialchars(stripslashes($occupation)); ! $interests = htmlspecialchars(stripslashes($interests)); ! $signature = htmlspecialchars(stripslashes($signature)); $user_lang = stripslashes($user_lang); ! $user_dateformat = htmlspecialchars(stripslashes($user_dateformat)); if ( !isset($HTTP_POST_VARS['cancelavatar'])) { *************** *** 156,179 **** $error = FALSE; ! if( stripslashes($username) != $this_userdata['username'] ) { unset($rename_user); ! $result = validate_username($username); ! if ( $result['error'] ) { ! $error = TRUE; ! $error_msg .= ( ( isset($error_msg) ) ? '
' : '' ) . $result['error_msg']; } ! else { ! $username_sql = "username = '" . str_replace("\'", "''", $username) . "', "; $rename_user = $username; // Used for renaming usergroup } } ! $passwd_sql = ""; if( !empty($password) && !empty($password_confirm) ) { // --- 305,337 ---- $error = FALSE; ! if (stripslashes($username) != $this_userdata['username']) { unset($rename_user); ! if ( stripslashes(strtolower($username)) != strtolower($this_userdata['username']) ) { ! $result = validate_username($username); ! if ( $result['error'] ) ! { ! $error = TRUE; ! $error_msg .= ( ( isset($error_msg) ) ? '
' : '' ) . $result['error_msg']; ! } ! else if ( strtolower(str_replace("\\'", "''", $username)) == strtolower($userdata['username']) ) ! { ! $error = TRUE; ! $error_msg .= ( ( isset($error_msg) ) ? '
' : '' ) . $lang['Username_taken']; ! } } ! ! if (!$error) { ! $username_sql = "username = '" . str_replace("\\'", "''", $username) . "', "; $rename_user = $username; // Used for renaming usergroup } } ! $passwd_sql = ''; if( !empty($password) && !empty($password_confirm) ) { // *************** *** 201,207 **** $error_msg .= ( ( isset($error_msg) ) ? '
' : '' ) . $lang['Password_mismatch']; } ! if( $signature != "" ) { $sig_length_check = preg_replace('/(\[.*?)(=.*?)\]/is', '\\1]', stripslashes($signature)); if ( $allowhtml ) --- 359,365 ---- $error_msg .= ( ( isset($error_msg) ) ? '
' : '' ) . $lang['Password_mismatch']; } ! if ($signature != '') { $sig_length_check = preg_replace('/(\[.*?)(=.*?)\]/is', '\\1]', stripslashes($signature)); if ( $allowhtml ) *************** *** 231,237 **** { if( $this_userdata['user_avatar_type'] == USER_AVATAR_UPLOAD && $this_userdata['user_avatar'] != "" ) { ! if( @file_exists("./" . $board_config['avatar_path'] . "/" . $this_userdata['user_avatar']) ) { @unlink("./" . $board_config['avatar_path'] . "/" . $this_userdata['user_avatar']); } --- 389,395 ---- { if( $this_userdata['user_avatar_type'] == USER_AVATAR_UPLOAD && $this_userdata['user_avatar'] != "" ) { ! if( @file_exists(@phpbb_realpath("./" . $board_config['avatar_path'] . "/" . $this_userdata['user_avatar'])) ) { @unlink("./" . $board_config['avatar_path'] . "/" . $this_userdata['user_avatar']); } *************** *** 256,264 **** if( $user_avatar_loc != "" ) { ! if( file_exists($user_avatar_loc) && ereg(".jpg$|.gif$|.png$", $user_avatar_name) ) { ! if( $user_avatar_size <= $board_config['avatar_filesize'] && $avatar_size > 0) { $error_type = false; --- 414,422 ---- if( $user_avatar_loc != "" ) { ! if( file_exists(@phpbb_realpath($user_avatar_loc)) && ereg(".jpg$|.gif$|.png$", $user_avatar_name) ) { ! if( $user_avatar_size <= $board_config['avatar_filesize'] && $user_avatar_size > 0) { $error_type = false; *************** *** 299,305 **** if( $this_userdata['user_avatar_type'] == USER_AVATAR_UPLOAD && $this_userdata['user_avatar'] != "" ) { ! if( @file_exists("./../" . $board_config['avatar_path'] . "/" . $this_userdata['user_avatar']) ) { @unlink("./../" . $board_config['avatar_path'] . "/". $this_userdata['user_avatar']); } --- 457,463 ---- if( $this_userdata['user_avatar_type'] == USER_AVATAR_UPLOAD && $this_userdata['user_avatar'] != "" ) { ! if( @file_exists(@phpbb_realpath("./../" . $board_config['avatar_path'] . "/" . $this_userdata['user_avatar'])) ) { @unlink("./../" . $board_config['avatar_path'] . "/". $this_userdata['user_avatar']); } *************** *** 408,414 **** if( $this_userdata['user_avatar_type'] == USER_AVATAR_UPLOAD && $this_userdata['user_avatar'] != "") { ! if( file_exists("./../" . $board_config['avatar_path'] . "/" . $this_userdata['user_avatar']) ) { @unlink("./../" . $board_config['avatar_path'] . "/" . $this_userdata['user_avatar']); } --- 566,572 ---- if( $this_userdata['user_avatar_type'] == USER_AVATAR_UPLOAD && $this_userdata['user_avatar'] != "") { ! if( file_exists(@phpbb_realpath("./../" . $board_config['avatar_path'] . "/" . $this_userdata['user_avatar'])) ) { @unlink("./../" . $board_config['avatar_path'] . "/" . $this_userdata['user_avatar']); } *************** *** 495,700 **** // if( !$error ) { ! if( $HTTP_POST_VARS['deleteuser'] ) ! { ! $sql = "SELECT g.group_id ! FROM " . USER_GROUP_TABLE . " ug, " . GROUPS_TABLE . " g ! WHERE ug.user_id = $user_id ! AND g.group_id = ug.group_id ! AND g.group_single_user = 1"; ! if( !($result = $db->sql_query($sql)) ) ! { ! message_die(GENERAL_ERROR, 'Could not obtain group information for this user', '', __LINE__, __FILE__, $sql); ! } ! ! $row = $db->sql_fetchrow($result); ! ! $sql = "UPDATE " . POSTS_TABLE . " ! SET poster_id = " . DELETED . ", post_username = '$username' ! WHERE poster_id = $user_id"; ! if( !$db->sql_query($sql) ) ! { ! message_die(GENERAL_ERROR, 'Could not update posts for this user', '', __LINE__, __FILE__, $sql); ! } ! $sql = "UPDATE " . TOPICS_TABLE . " ! SET topic_poster = " . DELETED . " ! WHERE topic_poster = $user_id"; ! if( !$db->sql_query($sql) ) ! { ! message_die(GENERAL_ERROR, 'Could not update topics for this user', '', __LINE__, __FILE__, $sql); ! } ! ! $sql = "UPDATE " . VOTE_USERS_TABLE . " ! SET vote_user_id = " . DELETED . " ! WHERE vote_user_id = $user_id"; ! if( !$db->sql_query($sql) ) ! { ! message_die(GENERAL_ERROR, 'Could not update votes for this user', '', __LINE__, __FILE__, $sql); ! } ! ! $sql = "SELECT group_id ! FROM " . GROUPS_TABLE . " ! WHERE group_moderator = $user_id"; ! if( !($result = $db->sql_query($sql)) ) ! { ! message_die(GENERAL_ERROR, 'Could not select groups where user was moderator', '', __LINE__, __FILE__, $sql); ! } ! ! while ( $row_group = $db->sql_fetchrow($result) ) ! { ! $group_moderator[] = $row_group['group_id']; ! } ! ! if ( count($group_moderator) ) { - $update_moderator_id = implode(', ', $group_moderator); - $sql = "UPDATE " . GROUPS_TABLE . " ! SET group_moderator = " . $userdata['user_id'] . " ! WHERE group_moderator IN ($update_moderator_id)"; ! if( !$db->sql_query($sql) ) { ! message_die(GENERAL_ERROR, 'Could not update group moderators', '', __LINE__, __FILE__, $sql); } } - - $sql = "DELETE FROM " . USERS_TABLE . " - WHERE user_id = $user_id"; - if( !$db->sql_query($sql) ) - { - message_die(GENERAL_ERROR, 'Could not delete user', '', __LINE__, __FILE__, $sql); - } - - $sql = "DELETE FROM " . USER_GROUP_TABLE . " - WHERE user_id = $user_id"; - if( !$db->sql_query($sql) ) - { - message_die(GENERAL_ERROR, 'Could not delete user from user_group table', '', __LINE__, __FILE__, $sql); - } - - $sql = "DELETE FROM " . GROUPS_TABLE . " - WHERE group_id = " . $row['group_id']; - if( !$db->sql_query($sql) ) - { - message_die(GENERAL_ERROR, 'Could not delete group for this user', '', __LINE__, __FILE__, $sql); - } - - $sql = "DELETE FROM " . AUTH_ACCESS_TABLE . " - WHERE group_id = " . $row['group_id']; - if( !$db->sql_query($sql) ) - { - message_die(GENERAL_ERROR, 'Could not delete group for this user', '', __LINE__, __FILE__, $sql); - } - - $sql = "DELETE FROM " . TOPICS_WATCH_TABLE . " - WHERE user_id = $user_id"; - if ( !$db->sql_query($sql) ) - { - message_die(GENERAL_ERROR, 'Could not delete user from topic watch table', '', __LINE__, __FILE__, $sql); - } - - $sql = "SELECT privmsgs_id - FROM " . PRIVMSGS_TABLE . " - WHERE ( ( privmsgs_from_userid = $user_id - AND privmsgs_type = " . PRIVMSGS_NEW_MAIL . " ) - OR ( privmsgs_from_userid = $user_id - AND privmsgs_type = " . PRIVMSGS_SENT_MAIL . " ) - OR ( privmsgs_to_userid = $user_id - AND privmsgs_type = " . PRIVMSGS_READ_MAIL . " ) - OR ( privmsgs_to_userid = $user_id - AND privmsgs_type = " . PRIVMSGS_SAVED_IN_MAIL . " ) - OR ( privmsgs_from_userid = $user_id - AND privmsgs_type = " . PRIVMSGS_SAVED_OUT_MAIL . " ) )"; - if ( !($result = $db->sql_query($sql)) ) - { - message_die(GENERAL_ERROR, 'Could not select all user\'s private messages', '', __LINE__, __FILE__, $sql); - } - - // - // This little bit of code directly from the private messaging section. - // Thanks Paul! - // ! while ( $row_privmsgs = $db->sql_fetchrow($result) ) { ! $mark_list[] = $row_privmsgs['privmsgs_id']; ! } ! ! if ( count($mark_list) ) ! { ! $delete_sql_id = implode(', ', $mark_list); ! ! // ! // We shouldn't need to worry about updating conters here... ! // They are already gone! ! // ! ! $delete_text_sql = "DELETE FROM " . PRIVMSGS_TEXT_TABLE . " ! WHERE privmsgs_text_id IN ($delete_sql_id)"; ! $delete_sql = "DELETE FROM " . PRIVMSGS_TABLE . " ! WHERE privmsgs_id IN ($delete_sql_id)"; ! ! // ! // Shouldn't need the switch statement here, either, as we just want ! // to take out all of the private messages. This will not affect ! // the other messages we want to keep; the ids are unique. ! // ! ! if ( !$db->sql_query($delete_sql) ) ! { ! message_die(GENERAL_ERROR, 'Could not delete private message info', '', __LINE__, __FILE__, $delete_sql); ! } ! ! if ( !$db->sql_query($delete_text_sql) ) { ! message_die(GENERAL_ERROR, 'Could not delete private message text', '', __LINE__, __FILE__, $delete_text_sql); } } ! $sql = "UPDATE " . PRIVMSGS_TABLE . " ! SET privmsgs_to_userid = " . DELETED . " ! WHERE privmsgs_to_userid = $user_id"; ! if ( !$db->sql_query($sql) ) ! { ! message_die(GENERAL_ERROR, 'Could not update private messages saved to the user', '', __LINE__, __FILE__, $sql); ! } ! ! $sql = "UPDATE " . PRIVMSGS_TABLE . " ! SET privmsgs_from_userid = " . DELETED . " ! WHERE privmsgs_from_userid = $user_id"; ! if ( !$db->sql_query($sql) ) ! { ! message_die(GENERAL_ERROR, 'Could not update private messages saved from the user', '', __LINE__, __FILE__, $sql); ! } ! ! $message = $lang['User_deleted']; ! } else { ! $sql = "UPDATE " . USERS_TABLE . " ! SET " . $username_sql . $passwd_sql . "user_email = '" . str_replace("\'", "''", $email) . "', user_icq = '" . str_replace("\'", "''", $icq) . "', user_website = '" . str_replace("\'", "''", $website) . "', user_occ = '" . str_replace("\'", "''", $occupation) . "', user_from = '" . str_replace("\'", "''", $location) . "', user_interests = '" . str_replace("\'", "''", $interests) . "', user_sig = '" . str_replace("\'", "''", $signature) . "', user_viewemail = $viewemail, user_aim = '" . str_replace("\'", "''", $aim) . "', user_yim = '" . str_replace("\'", "''", $yim) . "', user_msnm = '" . str_replace("\'", "''", $msn) . "', user_attachsig = $attachsig, user_sig_bbcode_uid = '$signature_bbcode_uid', user_allowsmile = $allowsmilies, user_allowhtml = $allowhtml, user_allowavatar = $user_allowavatar, user_allowbbcode = $allowbbcode, user_allow_viewonline = $allowviewonline, user_notify = $notifyreply, user_allow_pm = $user_allowpm, user_notify_pm = $notifypm, user_popup_pm = $popuppm, user_lang = '" . str_replace("\'", "''", $user_lang) . "', user_style = $user_style, user_timezone = $user_timezone, user_dateformat = '" . str_replace("\'", "''", $user_dateformat) . "', user_active = $user_status, user_rank = $user_rank" . $avatar_sql . " ! WHERE user_id = $user_id"; ! if( $result = $db->sql_query($sql) ) ! { ! if( isset($rename_user) ) ! { ! $sql = "UPDATE " . GROUPS_TABLE . " ! SET group_name = '".str_replace("\'", "''", $rename_user)."' ! WHERE group_name = '".str_replace("\'", "''", $this_userdata['username'] )."'"; ! if( !$result = $db->sql_query($sql) ) ! { ! message_die(GENERAL_ERROR, 'Could not rename users group', '', __LINE__, __FILE__, $sql); ! } ! } ! $message .= $lang['Admin_user_updated']; ! } ! else ! { ! $error = TRUE; ! $error_msg .= ( ( isset($error_msg) ) ? '
' : '' ) . $lang['Admin_user_fail']; ! } } $message .= '

' . sprintf($lang['Click_return_useradmin'], '', '') . '

' . sprintf($lang['Click_return_admin_index'], '', ''); --- 653,693 ---- // if( !$error ) { ! $sql = "UPDATE " . USERS_TABLE . " ! SET " . $username_sql . $passwd_sql . "user_email = '" . str_replace("\'", "''", $email) . "', user_icq = '" . str_replace("\'", "''", $icq) . "', user_website = '" . str_replace("\'", "''", $website) . "', user_occ = '" . str_replace("\'", "''", $occupation) . "', user_from = '" . str_replace("\'", "''", $location) . "', user_interests = '" . str_replace("\'", "''", $interests) . "', user_sig = '" . str_replace("\'", "''", $signature) . "', user_viewemail = $viewemail, user_aim = '" . str_replace("\'", "''", $aim) . "', user_yim = '" . str_replace("\'", "''", $yim) . "', user_msnm = '" . str_replace("\'", "''", $msn) . "', user_attachsig = $attachsig, user_sig_bbcode_uid = '$signature_bbcode_uid', user_allowsmile = $allowsmilies, user_allowhtml = $allowhtml, user_allowavatar = $user_allowavatar, user_allowbbcode = $allowbbcode, user_allow_viewonline = $allowviewonline, user_notify = $notifyreply, user_allow_pm = $user_allowpm, user_notify_pm = $notifypm, user_popup_pm = $popuppm, user_lang = '" . str_replace("\'", "''", $user_lang) . "', user_style = $user_style, user_timezone = $user_timezone, user_dateformat = '" . str_replace("\'", "''", $user_dateformat) . "', user_active = $user_status, user_rank = $user_rank" . $avatar_sql . " ! WHERE user_id = $user_id"; ! if( $result = $db->sql_query($sql) ) ! { ! if( isset($rename_user) ) { $sql = "UPDATE " . GROUPS_TABLE . " ! SET group_name = '".str_replace("\'", "''", $rename_user)."' ! WHERE group_name = '".str_replace("'", "''", $this_userdata['username'] )."'"; ! if( !$result = $db->sql_query($sql) ) { ! message_die(GENERAL_ERROR, 'Could not rename users group', '', __LINE__, __FILE__, $sql); } } ! // Delete user session, to prevent the user navigating the forum (if logged in) when disabled ! if (!$user_status) { ! $sql = "DELETE FROM " . SESSIONS_TABLE . " ! WHERE session_user_id = " . $user_id; ! ! if ( !$db->sql_query($sql) ) { ! message_die(GENERAL_ERROR, 'Error removing user session', '', __LINE__, __FILE__, $sql); } } ! $message .= $lang['Admin_user_updated']; } else { ! $error = TRUE; ! $error_msg .= ( ( isset($error_msg) ) ? '
' : '' ) . $lang['Admin_user_fail']; } $message .= '

' . sprintf($lang['Click_return_useradmin'], '', '') . '

' . sprintf($lang['Click_return_admin_index'], '', ''); *************** *** 713,736 **** $template->assign_var_from_handle('ERROR_BOX', 'reg_header'); ! $username = stripslashes($username); $email = stripslashes($email); $password = ''; $password_confirm = ''; $icq = stripslashes($icq); ! $aim = str_replace('+', ' ', stripslashes($aim)); ! $msn = stripslashes($msn); ! $yim = stripslashes($yim); ! ! $website = stripslashes($website); ! $location = stripslashes($location); ! $occupation = stripslashes($occupation); ! $interests = stripslashes($interests); ! $signature = stripslashes($signature); $user_lang = stripslashes($user_lang); ! $user_dateformat = stripslashes($user_dateformat); } } else if( !isset( $HTTP_POST_VARS['submit'] ) && $mode != 'save' && !isset( $HTTP_POST_VARS['avatargallery'] ) && !isset( $HTTP_POST_VARS['submitavatar'] ) && !isset( $HTTP_POST_VARS['cancelavatar'] ) ) --- 706,729 ---- $template->assign_var_from_handle('ERROR_BOX', 'reg_header'); ! $username = htmlspecialchars(stripslashes($username)); $email = stripslashes($email); $password = ''; $password_confirm = ''; $icq = stripslashes($icq); ! $aim = htmlspecialchars(str_replace('+', ' ', stripslashes($aim))); ! $msn = htmlspecialchars(stripslashes($msn)); ! $yim = htmlspecialchars(stripslashes($yim)); ! ! $website = htmlspecialchars(stripslashes($website)); ! $location = htmlspecialchars(stripslashes($location)); ! $occupation = htmlspecialchars(stripslashes($occupation)); ! $interests = htmlspecialchars(stripslashes($interests)); ! $signature = htmlspecialchars(stripslashes($signature)); $user_lang = stripslashes($user_lang); ! $user_dateformat = htmlspecialchars(stripslashes($user_dateformat)); } } else if( !isset( $HTTP_POST_VARS['submit'] ) && $mode != 'save' && !isset( $HTTP_POST_VARS['avatargallery'] ) && !isset( $HTTP_POST_VARS['submitavatar'] ) && !isset( $HTTP_POST_VARS['cancelavatar'] ) ) *************** *** 746,752 **** } else { ! $this_userdata = get_userdata( $HTTP_POST_VARS['username'] ); if( !$this_userdata ) { message_die(GENERAL_MESSAGE, $lang['No_user_id_specified'] ); --- 739,745 ---- } else { ! $this_userdata = get_userdata($HTTP_POST_VARS['username'], true); if( !$this_userdata ) { message_die(GENERAL_MESSAGE, $lang['No_user_id_specified'] ); *************** *** 763,777 **** $password_confirm = ''; $icq = $this_userdata['user_icq']; ! $aim = str_replace('+', ' ', $this_userdata['user_aim'] ); ! $msn = $this_userdata['user_msnm']; ! $yim = $this_userdata['user_yim']; ! ! $website = $this_userdata['user_website']; ! $location = $this_userdata['user_from']; ! $occupation = $this_userdata['user_occ']; ! $interests = $this_userdata['user_interests']; ! $signature = $this_userdata['user_sig']; $viewemail = $this_userdata['user_viewemail']; $notifypm = $this_userdata['user_notify_pm']; --- 756,772 ---- $password_confirm = ''; $icq = $this_userdata['user_icq']; ! $aim = htmlspecialchars(str_replace('+', ' ', $this_userdata['user_aim'] )); ! $msn = htmlspecialchars($this_userdata['user_msnm']); ! $yim = htmlspecialchars($this_userdata['user_yim']); ! ! $website = htmlspecialchars($this_userdata['user_website']); ! $location = htmlspecialchars($this_userdata['user_from']); ! $occupation = htmlspecialchars($this_userdata['user_occ']); ! $interests = htmlspecialchars($this_userdata['user_interests']); ! ! $signature = ($this_userdata['user_sig_bbcode_uid'] != '') ? preg_replace('#:' . $this_userdata['user_sig_bbcode_uid'] . '#si', '', $this_userdata['user_sig']) : $this_userdata['user_sig']; ! $signature = preg_replace($html_entities_match, $html_entities_replace, $signature); $viewemail = $this_userdata['user_viewemail']; $notifypm = $this_userdata['user_notify_pm']; *************** *** 788,794 **** $user_style = $this_userdata['user_style']; $user_lang = $this_userdata['user_lang']; $user_timezone = $this_userdata['user_timezone']; ! $user_dateformat = $this_userdata['user_dateformat']; $user_status = $this_userdata['user_active']; $user_allowavatar = $this_userdata['user_allowavatar']; --- 783,789 ---- $user_style = $this_userdata['user_style']; $user_lang = $this_userdata['user_lang']; $user_timezone = $this_userdata['user_timezone']; ! $user_dateformat = htmlspecialchars($this_userdata['user_dateformat']); $user_status = $this_userdata['user_active']; $user_allowavatar = $this_userdata['user_allowavatar']; *************** *** 816,822 **** $avatar_images = array(); while( $file = @readdir($dir) ) { ! if( $file != "." && $file != ".." && !is_file("./../" . $board_config['avatar_gallery_path'] . "/" . $file) && !is_link("./../" . $board_config['avatar_gallery_path'] . "/" . $file) ) { $sub_dir = @opendir("../" . $board_config['avatar_gallery_path'] . "/" . $file); --- 811,817 ---- $avatar_images = array(); while( $file = @readdir($dir) ) { ! if( $file != "." && $file != ".." && !is_file(phpbb_realpath("./../" . $board_config['avatar_gallery_path'] . "/" . $file)) && !is_link(phpbb_realpath("./../" . $board_config['avatar_gallery_path'] . "/" . $file)) ) { $sub_dir = @opendir("../" . $board_config['avatar_gallery_path'] . "/" . $file); *************** *** 844,850 **** if( isset($HTTP_POST_VARS['avatarcategory']) ) { ! $category = $HTTP_POST_VARS['avatarcategory']; } else { --- 839,845 ---- if( isset($HTTP_POST_VARS['avatarcategory']) ) { ! $category = htmlspecialchars($HTTP_POST_VARS['avatarcategory']); } else { *************** *** 980,987 **** $rank_select_box .= ''; } - $signature = preg_replace('/\:[0-9a-z\:]*?\]/si', ']', $signature); - $template->set_filenames(array( "body" => "admin/user_edit_body.tpl") ); --- 975,980 ---- *************** *** 1024,1030 **** 'ALWAYS_ALLOW_SMILIES_YES' => ($allowsmilies) ? 'checked="checked"' : '', 'ALWAYS_ALLOW_SMILIES_NO' => (!$allowsmilies) ? 'checked="checked"' : '', 'AVATAR' => $avatar, ! 'LANGUAGE_SELECT' => language_select($user_lang, 'language', '../language'), 'TIMEZONE_SELECT' => tz_select($user_timezone), 'STYLE_SELECT' => style_select($user_style, 'style'), 'DATE_FORMAT' => $user_dateformat, --- 1017,1023 ---- 'ALWAYS_ALLOW_SMILIES_YES' => ($allowsmilies) ? 'checked="checked"' : '', 'ALWAYS_ALLOW_SMILIES_NO' => (!$allowsmilies) ? 'checked="checked"' : '', 'AVATAR' => $avatar, ! 'LANGUAGE_SELECT' => language_select($user_lang), 'TIMEZONE_SELECT' => tz_select($user_timezone), 'STYLE_SELECT' => style_select($user_style, 'style'), 'DATE_FORMAT' => $user_dateformat, *************** *** 1108,1114 **** 'S_PROFILE_ACTION' => append_sid("admin_users.$phpEx")) ); ! if( file_exists('./../' . $board_config['avatar_path'] ) && ($board_config['allow_avatar_upload'] == TRUE) ) { if ( $form_enctype != '' ) { --- 1101,1107 ---- 'S_PROFILE_ACTION' => append_sid("admin_users.$phpEx")) ); ! if( file_exists(@phpbb_realpath('./../' . $board_config['avatar_path'])) && ($board_config['allow_avatar_upload'] == TRUE) ) { if ( $form_enctype != '' ) { *************** *** 1117,1123 **** $template->assign_block_vars('avatar_remote_upload', array() ); } ! if( file_exists('./../' . $board_config['avatar_gallery_path'] ) && ($board_config['allow_avatar_local'] == TRUE) ) { $template->assign_block_vars('avatar_local_gallery', array() ); } --- 1110,1116 ---- $template->assign_block_vars('avatar_remote_upload', array() ); } ! if( file_exists(@phpbb_realpath('./../' . $board_config['avatar_gallery_path'])) && ($board_config['allow_avatar_local'] == TRUE) ) { $template->assign_block_vars('avatar_local_gallery', array() ); } *************** *** 1157,1160 **** include('./page_footer_admin.'.$phpEx); ! ?> --- 1150,1153 ---- include('./page_footer_admin.'.$phpEx); ! ?> \ No newline at end of file diff -crN phpbb203/admin/admin_words.php phpbb2017/admin/admin_words.php *** phpbb203/admin/admin_words.php Sat Jul 10 20:16:19 2004 --- phpbb2017/admin/admin_words.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_words.php,v 1.10.2.2 2002/05/12 15:57:45 psotfx Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_words.php,v 1.10.2.3 2004/03/25 15:57:20 acydburn Exp $ * * ***************************************************************************/ *************** *** 39,44 **** --- 39,45 ---- if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) ) { $mode = ($HTTP_GET_VARS['mode']) ? $HTTP_GET_VARS['mode'] : $HTTP_POST_VARS['mode']; + $mode = htmlspecialchars($mode); } else { *************** *** 63,69 **** { if( $mode == "edit" || $mode == "add" ) { ! $word_id = ( isset($HTTP_GET_VARS['id']) ) ? $HTTP_GET_VARS['id'] : 0; $template->set_filenames(array( "body" => "admin/words_edit_body.tpl") --- 64,70 ---- { if( $mode == "edit" || $mode == "add" ) { ! $word_id = ( isset($HTTP_GET_VARS['id']) ) ? intval($HTTP_GET_VARS['id']) : 0; $template->set_filenames(array( "body" => "admin/words_edit_body.tpl") *************** *** 113,119 **** } else if( $mode == "save" ) { ! $word_id = ( isset($HTTP_POST_VARS['id']) ) ? $HTTP_POST_VARS['id'] : 0; $word = ( isset($HTTP_POST_VARS['word']) ) ? trim($HTTP_POST_VARS['word']) : ""; $replacement = ( isset($HTTP_POST_VARS['replacement']) ) ? trim($HTTP_POST_VARS['replacement']) : ""; --- 114,120 ---- } else if( $mode == "save" ) { ! $word_id = ( isset($HTTP_POST_VARS['id']) ) ? intval($HTTP_POST_VARS['id']) : 0; $word = ( isset($HTTP_POST_VARS['word']) ) ? trim($HTTP_POST_VARS['word']) : ""; $replacement = ( isset($HTTP_POST_VARS['replacement']) ) ? trim($HTTP_POST_VARS['replacement']) : ""; *************** *** 150,155 **** --- 151,157 ---- if( isset($HTTP_POST_VARS['id']) || isset($HTTP_GET_VARS['id']) ) { $word_id = ( isset($HTTP_POST_VARS['id']) ) ? $HTTP_POST_VARS['id'] : $HTTP_GET_VARS['id']; + $word_id = intval($word_id); } else { diff -crN phpbb203/admin/index.php phpbb2017/admin/index.php *** phpbb203/admin/index.php Sat Jul 10 20:16:19 2004 --- phpbb2017/admin/index.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: index.php,v 1.40.2.2 2002/05/17 22:58:18 psotfx Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: index.php,v 1.40.2.7 2005/02/21 18:37:02 acydburn Exp $ * * ***************************************************************************/ *************** *** 132,137 **** --- 132,138 ---- "L_ADMIN_INTRO" => $lang['Admin_intro'], "L_FORUM_STATS" => $lang['Forum_stats'], "L_WHO_IS_ONLINE" => $lang['Who_is_Online'], + "L_USERNAME" => $lang['Username'], "L_LOCATION" => $lang['Location'], "L_LAST_UPDATE" => $lang['Last_updated'], "L_IP_ADDRESS" => $lang['IP_Address'], *************** *** 331,337 **** WHERE s.session_logged_in = " . TRUE . " AND u.user_id = s.session_user_id AND u.user_id <> " . ANONYMOUS . " ! AND u.user_session_time >= " . ( time() - 300 ) . " ORDER BY u.user_session_time DESC"; if(!$result = $db->sql_query($sql)) { --- 332,338 ---- WHERE s.session_logged_in = " . TRUE . " AND u.user_id = s.session_user_id AND u.user_id <> " . ANONYMOUS . " ! AND s.session_time >= " . ( time() - 300 ) . " ORDER BY u.user_session_time DESC"; if(!$result = $db->sql_query($sql)) { *************** *** 454,460 **** "FORUM_LOCATION" => $location, "IP_ADDRESS" => $reg_ip, ! "U_WHOIS_IP" => "http://www.samspade.org/t/ipwhois?a=$reg_ip", "U_USER_PROFILE" => append_sid("admin_users.$phpEx?mode=edit&" . POST_USERS_URL . "=" . $onlinerow_reg[$i]['user_id']), "U_FORUM_LOCATION" => append_sid($location_url)) ); --- 455,461 ---- "FORUM_LOCATION" => $location, "IP_ADDRESS" => $reg_ip, ! "U_WHOIS_IP" => "http://network-tools.com/default.asp?host=$reg_ip", "U_USER_PROFILE" => append_sid("admin_users.$phpEx?mode=edit&" . POST_USERS_URL . "=" . $onlinerow_reg[$i]['user_id']), "U_FORUM_LOCATION" => append_sid($location_url)) ); *************** *** 546,552 **** "FORUM_LOCATION" => $location, "IP_ADDRESS" => $guest_ip, ! "U_WHOIS_IP" => "http://www.samspade.org/t/ipwhois?a=$guest_ip", "U_FORUM_LOCATION" => append_sid($location_url)) ); } --- 547,553 ---- "FORUM_LOCATION" => $location, "IP_ADDRESS" => $guest_ip, ! "U_WHOIS_IP" => "http://network-tools.com/default.asp?host=$guest_ip", "U_FORUM_LOCATION" => append_sid($location_url)) ); } *************** *** 558,563 **** --- 559,629 ---- "L_NO_GUESTS_BROWSING" => $lang['No_users_browsing']) ); } + + // Check for new version + $current_version = explode('.', '2' . $board_config['version']); + $minor_revision = (int) $current_version[2]; + + $errno = 0; + $errstr = $version_info = ''; + + if ($fsock = @fsockopen('www.phpbb.com', 80, $errno, $errstr)) + { + @fputs($fsock, "GET /updatecheck/20x.txt HTTP/1.1\r\n"); + @fputs($fsock, "HOST: www.phpbb.com\r\n"); + @fputs($fsock, "Connection: close\r\n\r\n"); + + $get_info = false; + while (!@feof($fsock)) + { + if ($get_info) + { + $version_info .= @fread($fsock, 1024); + } + else + { + if (@fgets($fsock, 1024) == "\r\n") + { + $get_info = true; + } + } + } + @fclose($fsock); + + $version_info = explode("\n", $version_info); + $latest_head_revision = (int) $version_info[0]; + $latest_minor_revision = (int) $version_info[2]; + $latest_version = (int) $version_info[0] . '.' . (int) $version_info[1] . '.' . (int) $version_info[2]; + + if ($latest_head_revision == 2 && $minor_revision == $latest_minor_revision) + { + $version_info = '

' . $lang['Version_up_to_date'] . '

'; + } + else + { + $version_info = '

' . $lang['Version_not_up_to_date']; + $version_info .= '
' . sprintf($lang['Latest_version_info'], $latest_version) . sprintf($lang['Current_version_info'], '2' . $board_config['version']) . '

'; + } + } + else + { + if ($errstr) + { + $version_info = '

' . sprintf($lang['Connect_socket_error'], $errstr) . '

'; + } + else + { + $version_info = '

' . $lang['Socket_functions_disabled'] . '

'; + } + } + + $version_info .= '

' . $lang['Mailing_list_subscribe_reminder'] . '

'; + + + $template->assign_vars(array( + 'VERSION_INFO' => $version_info, + 'L_VERSION_INFORMATION' => $lang['Version_information']) + ); $template->pparse("body"); diff -crN phpbb203/admin/page_footer_admin.php phpbb2017/admin/page_footer_admin.php *** phpbb203/admin/page_footer_admin.php Sat Jul 10 20:16:19 2004 --- phpbb2017/admin/page_footer_admin.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: page_footer_admin.php,v 1.9.2.2 2002/05/12 15:57:45 psotfx Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: page_footer_admin.php,v 1.9.2.3 2005/04/15 20:15:47 acydburn Exp $ * * ***************************************************************************/ *************** *** 33,39 **** ); $template->assign_vars(array( ! 'PHPBB_VERSION' => '2' . $board_config['version'], 'TRANSLATION_INFO' => $lang['TRANSLATION_INFO']) ); --- 33,39 ---- ); $template->assign_vars(array( ! 'PHPBB_VERSION' => ($userdata['user_level'] == ADMIN && $userdata['user_id'] != ANONYMOUS) ? '2' . $board_config['version'] : '', 'TRANSLATION_INFO' => $lang['TRANSLATION_INFO']) ); diff -crN phpbb203/admin/page_header_admin.php phpbb2017/admin/page_header_admin.php *** phpbb203/admin/page_header_admin.php Sat Jul 10 20:16:19 2004 --- phpbb2017/admin/page_header_admin.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: page_header_admin.php,v 1.12.2.2 2002/05/12 15:57:45 psotfx Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: page_header_admin.php,v 1.12.2.6 2005/03/26 14:15:59 acydburn Exp $ * * ***************************************************************************/ *************** *** 35,41 **** { $phpver = phpversion(); ! if ( $phpver >= '4.0.4pl1' && strstr($HTTP_USER_AGENT,'compatible') ) { if ( extension_loaded('zlib') ) { --- 35,43 ---- { $phpver = phpversion(); ! $useragent = (isset($HTTP_SERVER_VARS['HTTP_USER_AGENT'])) ? $HTTP_SERVER_VARS['HTTP_USER_AGENT'] : getenv('HTTP_USER_AGENT'); ! ! if ( $phpver >= '4.0.4pl1' && ( strstr($useragent,'compatible') || strstr($useragent,'Gecko') ) ) { if ( extension_loaded('zlib') ) { *************** *** 62,67 **** --- 64,73 ---- 'header' => 'admin/page_header.tpl') ); + // Format Timezone. We are unable to use array_pop here, because of PHP3 compatibility + $l_timezone = explode('.', $board_config['board_timezone']); + $l_timezone = (count($l_timezone) > 1 && $l_timezone[count($l_timezone)-1] != 0) ? $lang[sprintf('%.1f', $board_config['board_timezone'])] : $lang[number_format($board_config['board_timezone'])]; + // // The following assigns all _common_ variables that may be used at any point // in a template. Note that all URL's should be wrapped in append_sid, as *************** *** 77,83 **** 'U_INDEX' => append_sid('../index.'.$phpEx), ! 'S_TIMEZONE' => sprintf($lang['All_times'], $lang[$board_config['board_timezone']]), 'S_LOGIN_ACTION' => append_sid('../login.'.$phpEx), 'S_JUMPBOX_ACTION' => append_sid('../viewforum.'.$phpEx), 'S_CURRENT_TIME' => sprintf($lang['Current_time'], create_date($board_config['default_dateformat'], time(), $board_config['board_timezone'])), --- 83,89 ---- 'U_INDEX' => append_sid('../index.'.$phpEx), ! 'S_TIMEZONE' => sprintf($lang['All_times'], $l_timezone), 'S_LOGIN_ACTION' => append_sid('../login.'.$phpEx), 'S_JUMPBOX_ACTION' => append_sid('../viewforum.'.$phpEx), 'S_CURRENT_TIME' => sprintf($lang['Current_time'], create_date($board_config['default_dateformat'], time(), $board_config['board_timezone'])), *************** *** 129,132 **** $template->pparse('header'); ! ?> \ No newline at end of file --- 135,138 ---- $template->pparse('header'); ! ?> diff -crN phpbb203/admin/pagestart.php phpbb2017/admin/pagestart.php *** phpbb203/admin/pagestart.php Sat Jul 10 20:16:19 2004 --- phpbb2017/admin/pagestart.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: pagestart.php,v 1.1.2.2 2002/05/13 13:18:17 psotfx Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: pagestart.php,v 1.1.2.9 2005/06/26 14:39:30 acydburn Exp $ * * ***************************************************************************/ *************** *** 20,32 **** * ***************************************************************************/ ! if ( !defined('IN_PHPBB') ) { die("Hacking attempt"); } define('IN_ADMIN', true); ! include($phpbb_root_path . 'common.'.$phpEx); // --- 20,32 ---- * ***************************************************************************/ ! if (!defined('IN_PHPBB')) { die("Hacking attempt"); } define('IN_ADMIN', true); ! // Include files include($phpbb_root_path . 'common.'.$phpEx); // *************** *** 37,54 **** // // End session management // ! if( !$userdata['session_logged_in'] ) { ! $header_location = ( @preg_match('/Microsoft|WebSTAR|Xitami/', getenv('SERVER_SOFTWARE')) ) ? 'Refresh: 0; URL=' : 'Location: '; ! header($header_location . '../' . append_sid("login.$phpEx?redirect=admin/")); ! exit; } ! else if( $userdata['user_level'] != ADMIN ) { message_die(GENERAL_MESSAGE, $lang['Not_admin']); } ! if ( empty($no_page_header) ) { // Not including the pageheader can be neccesarry if META tags are // needed in the calling script. --- 37,70 ---- // // End session management // ! ! if (!$userdata['session_logged_in']) { ! redirect(append_sid("login.$phpEx?redirect=admin/index.$phpEx", true)); } ! else if ($userdata['user_level'] != ADMIN) { message_die(GENERAL_MESSAGE, $lang['Not_admin']); } ! if ($HTTP_GET_VARS['sid'] != $userdata['session_id']) ! { ! $url = str_replace(preg_replace('#^\/?(.*?)\/?$#', '\1', trim($board_config['server_name'])), '', $HTTP_SERVER_VARS['REQUEST_URI']); ! $url = str_replace(preg_replace('#^\/?(.*?)\/?$#', '\1', trim($board_config['script_path'])), '', $url); ! $url = str_replace('//', '/', $url); ! $url = preg_replace('/sid=([^&]*)(&?)/i', '', $url); ! $url = preg_replace('/\?$/', '', $url); ! $url .= ((strpos($url, '?')) ? '&' : '?') . 'sid=' . $userdata['session_id']; ! ! redirect("index.$phpEx?sid=" . $userdata['session_id']); ! } ! ! if (!$userdata['session_admin']) ! { ! redirect(append_sid("login.$phpEx?redirect=admin/index.$phpEx&admin=1", true)); ! } ! ! if (empty($no_page_header)) { // Not including the pageheader can be neccesarry if META tags are // needed in the calling script. diff -crN phpbb203/common.php phpbb2017/common.php *** phpbb203/common.php Sat Jul 10 20:16:20 2004 --- phpbb2017/common.php Tue Jul 19 22:14:58 2005 *************** *** 6,13 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: common.php,v 1.74.2.3 2002/05/13 13:18:17 psotfx Exp $ ! * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: common.php,v 1.74.2.17 2005/02/21 19:29:30 acydburn Exp $ * ***************************************************************************/ *************** *** 25,33 **** --- 24,105 ---- die("Hacking attempt"); } + // error_reporting (E_ERROR | E_WARNING | E_PARSE); // This will NOT report uninitialized variables set_magic_quotes_runtime(0); // Disable magic_quotes_runtime + // The following code (unsetting globals) was contributed by Matt Kavanagh + + // PHP5 with register_long_arrays off? + if (!isset($HTTP_POST_VARS) && isset($_POST)) + { + $HTTP_POST_VARS = $_POST; + $HTTP_GET_VARS = $_GET; + $HTTP_SERVER_VARS = $_SERVER; + $HTTP_COOKIE_VARS = $_COOKIE; + $HTTP_ENV_VARS = $_ENV; + $HTTP_POST_FILES = $_FILES; + + // _SESSION is the only superglobal which is conditionally set + if (isset($_SESSION)) + { + $HTTP_SESSION_VARS = $_SESSION; + } + } + + if (@phpversion() < '4.0.0') + { + // PHP3 path; in PHP3, globals are _always_ registered + + // We 'flip' the array of variables to test like this so that + // we can validate later with isset($test[$var]) (no in_array()) + $test = array('HTTP_GET_VARS' => NULL, 'HTTP_POST_VARS' => NULL, 'HTTP_COOKIE_VARS' => NULL, 'HTTP_SERVER_VARS' => NULL, 'HTTP_ENV_VARS' => NULL, 'HTTP_POST_FILES' => NULL, 'phpEx' => NULL, 'phpbb_root_path' => NULL); + + // Loop through each input array + @reset($test); + while (list($input,) = @each($test)) + { + while (list($var,) = @each($$input)) + { + // Validate the variable to be unset + if (!isset($test[$var]) && $var != 'test' && $var != 'input') + { + unset($$var); + } + } + } + } + else if (@ini_get('register_globals') == '1' || strtolower(@ini_get('register_globals')) == 'on') + { + // PHP4+ path + $not_unset = array('HTTP_GET_VARS', 'HTTP_POST_VARS', 'HTTP_COOKIE_VARS', 'HTTP_SERVER_VARS', 'HTTP_SESSION_VARS', 'HTTP_ENV_VARS', 'HTTP_POST_FILES', 'phpEx', 'phpbb_root_path'); + + // Not only will array_merge give a warning if a parameter + // is not an array, it will actually fail. So we check if + // HTTP_SESSION_VARS has been initialised. + if (!isset($HTTP_SESSION_VARS)) + { + $HTTP_SESSION_VARS = array(); + } + + // Merge all into one extremely huge array; unset + // this later + $input = array_merge($HTTP_GET_VARS, $HTTP_POST_VARS, $HTTP_COOKIE_VARS, $HTTP_SERVER_VARS, $HTTP_SESSION_VARS, $HTTP_ENV_VARS, $HTTP_POST_FILES); + + unset($input['input']); + unset($input['not_unset']); + + while (list($var,) = @each($input)) + { + if (!in_array($var, $not_unset)) + { + unset($$var); + } + } + + unset($input); + } + // // addslashes to vars if magic_quotes_gpc is off // this is a security precaution to prevent someone *************** *** 106,118 **** $theme = array(); $images = array(); $lang = array(); $gen_simple_header = FALSE; include($phpbb_root_path . 'config.'.$phpEx); if( !defined("PHPBB_INSTALLED") ) { ! header("Location: install.$phpEx"); exit; } --- 178,191 ---- $theme = array(); $images = array(); $lang = array(); + $nav_links = array(); $gen_simple_header = FALSE; include($phpbb_root_path . 'config.'.$phpEx); if( !defined("PHPBB_INSTALLED") ) { ! header("Location: install/install.$phpEx"); exit; } *************** *** 124,167 **** include($phpbb_root_path . 'includes/db.'.$phpEx); // - // Mozilla navigation bar - // Default items that should be valid on all pages. - // Defined here and not in page_header.php so they can be redefined in the code - // - $nav_links['top'] = array ( - 'url' => append_sid($phpbb_root_dir."index.".$phpEx), - 'title' => sprintf($lang['Forum_Index'], $board_config['sitename']) - ); - $nav_links['search'] = array ( - 'url' => append_sid($phpbb_root_dir."search.".$phpEx), - 'title' => $lang['Search'] - ); - $nav_links['help'] = array ( - 'url' => append_sid($phpbb_root_dir."faq.".$phpEx), - 'title' => $lang['FAQ'] - ); - $nav_links['author'] = array ( - 'url' => append_sid($phpbb_root_dir."memberlist.".$phpEx), - 'title' => $lang['Memberlist'] - ); - - // // Obtain and encode users IP // ! if( getenv('HTTP_X_FORWARDED_FOR') != '' ) ! { ! $client_ip = ( !empty($HTTP_SERVER_VARS['REMOTE_ADDR']) ) ? $HTTP_SERVER_VARS['REMOTE_ADDR'] : ( ( !empty($HTTP_ENV_VARS['REMOTE_ADDR']) ) ? $HTTP_ENV_VARS['REMOTE_ADDR'] : $REMOTE_ADDR ); ! ! if ( preg_match("/^([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)/", getenv('HTTP_X_FORWARDED_FOR'), $ip_list) ) ! { ! $private_ip = array('/^0\./', '/^127\.0\.0\.1/', '/^192\.168\..*/', '/^172\.16\..*/', '/^10..*/', '/^224..*/', '/^240..*/'); ! $client_ip = preg_replace($private_ip, $client_ip, $ip_list[1]); ! } ! } ! else ! { ! $client_ip = ( !empty($HTTP_SERVER_VARS['REMOTE_ADDR']) ) ? $HTTP_SERVER_VARS['REMOTE_ADDR'] : ( ( !empty($HTTP_ENV_VARS['REMOTE_ADDR']) ) ? $HTTP_ENV_VARS['REMOTE_ADDR'] : $REMOTE_ADDR ); ! } $user_ip = encode_ip($client_ip); // --- 197,210 ---- include($phpbb_root_path . 'includes/db.'.$phpEx); // // Obtain and encode users IP // ! // I'm removing HTTP_X_FORWARDED_FOR ... this may well cause other problems such as ! // private range IP's appearing instead of the guilty routable IP, tough, don't ! // even bother complaining ... go scream and shout at the idiots out there who feel ! // "clever" is doing harm rather than good ... karma is a great thing ... :) ! // ! $client_ip = ( !empty($HTTP_SERVER_VARS['REMOTE_ADDR']) ) ? $HTTP_SERVER_VARS['REMOTE_ADDR'] : ( ( !empty($HTTP_ENV_VARS['REMOTE_ADDR']) ) ? $HTTP_ENV_VARS['REMOTE_ADDR'] : getenv('REMOTE_ADDR') ); $user_ip = encode_ip($client_ip); // *************** *** 179,184 **** --- 222,232 ---- while ( $row = $db->sql_fetchrow($result) ) { $board_config[$row['config_name']] = $row['config_value']; + } + + if (file_exists('install') || file_exists('contrib')) + { + message_die(GENERAL_MESSAGE, 'Please ensure both the install/ and contrib/ directories are deleted'); } // diff -crN phpbb203/db/mssql.php phpbb2017/db/mssql.php *** phpbb203/db/mssql.php Sat Jul 10 20:16:18 2004 --- phpbb2017/db/mssql.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : supportphpbb.com * ! * $Id: mssql.php,v 1.22.2.1 2002/05/12 01:27:26 psotfx Exp $ * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : supportphpbb.com * ! * $Id: mssql.php,v 1.22.2.2 2002/12/21 18:31:53 psotfx Exp $ * ***************************************************************************/ *************** *** 51,57 **** $this->server = $sqlserver; $this->dbname = $database; ! $this->db_connect_id = ( $this->persistency ) ? mssql_pconnect($this->server, $this->user, $this->password) : mssql_connect($this->server, $this->user, $this->password); if( $this->db_connect_id && $this->dbname != "" ) { --- 51,57 ---- $this->server = $sqlserver; $this->dbname = $database; ! $this->db_connect_id = ( $this->persistency ) ? @mssql_pconnect($this->server, $this->user, $this->password) : @mssql_connect($this->server, $this->user, $this->password); if( $this->db_connect_id && $this->dbname != "" ) { *************** *** 92,98 **** // // Query method // ! function sql_query($query = "", $transaction = FALSE) { // // Remove any pre-existing queries --- 92,98 ---- // // Query method // ! function sql_query($query = '', $transaction = FALSE) { // // Remove any pre-existing queries *************** *** 100,112 **** unset($this->result); unset($this->row); ! if ( $query != "" ) { $this->num_queries++; if ( $transaction == BEGIN_TRANSACTION && !$this->in_transaction ) { ! if ( !mssql_query("BEGIN TRANSACTION", $this->db_connect_id) ) { return false; } --- 100,112 ---- unset($this->result); unset($this->row); ! if ( $query != '' ) { $this->num_queries++; if ( $transaction == BEGIN_TRANSACTION && !$this->in_transaction ) { ! if ( !@mssql_query('BEGIN TRANSACTION', $this->db_connect_id) ) { return false; } *************** *** 125,131 **** // returns something then there's a problem. This may well be a false assumption though // ... needs checking under Windows itself. // ! if( preg_match("/^SELECT(.*?)(LIMIT ([0-9]+)[, ]*([0-9]+)*)?$/s", $query, $limits) ) { $query = $limits[1]; --- 125,131 ---- // returns something then there's a problem. This may well be a false assumption though // ... needs checking under Windows itself. // ! if( preg_match('#^SELECT(.*?)(LIMIT ([0-9]+)[, ]*([0-9]+)*)?$#s', $query, $limits) ) { $query = $limits[1]; *************** *** 134,143 **** $row_offset = ( $limits[4] ) ? $limits[3] : ""; $num_rows = ( $limits[4] ) ? $limits[4] : $limits[3]; ! $query = "TOP " . ( $row_offset + $num_rows ) . $query; } ! $this->result = mssql_query("SELECT $query", $this->db_connect_id); if( $this->result ) { --- 134,143 ---- $row_offset = ( $limits[4] ) ? $limits[3] : ""; $num_rows = ( $limits[4] ) ? $limits[4] : $limits[3]; ! $query = 'TOP ' . ( $row_offset + $num_rows ) . $query; } ! $this->result = @mssql_query("SELECT $query", $this->db_connect_id); if( $this->result ) { *************** *** 145,164 **** if( $row_offset > 0 ) { ! mssql_data_seek($this->result, $row_offset); } } } ! else if( eregi("^INSERT ", $query) ) { ! if( mssql_query($query, $this->db_connect_id) ) { $this->result = time() + microtime(); ! $result_id = mssql_query("SELECT @@IDENTITY AS id, @@ROWCOUNT as affected", $this->db_connect_id); if( $result_id ) { ! if( $row = mssql_fetch_array($result_id) ) { $this->next_id[$this->db_connect_id] = $row['id']; $this->affected_rows[$this->db_connect_id] = $row['affected']; --- 145,164 ---- if( $row_offset > 0 ) { ! @mssql_data_seek($this->result, $row_offset); } } } ! else if( preg_match('#^INSERT #i', $query) ) { ! if( @mssql_query($query, $this->db_connect_id) ) { $this->result = time() + microtime(); ! $result_id = @mssql_query('SELECT @@IDENTITY AS id, @@ROWCOUNT as affected', $this->db_connect_id); if( $result_id ) { ! if( $row = @mssql_fetch_array($result_id) ) { $this->next_id[$this->db_connect_id] = $row['id']; $this->affected_rows[$this->db_connect_id] = $row['affected']; *************** *** 168,181 **** } else { ! if( mssql_query($query, $this->db_connect_id) ) { $this->result = time() + microtime(); ! $result_id = mssql_query("SELECT @@ROWCOUNT as affected", $this->db_connect_id); if( $result_id ) { ! if( $row = mssql_fetch_array($result_id) ) { $this->affected_rows[$this->db_connect_id] = $row['affected']; } --- 168,181 ---- } else { ! if( @mssql_query($query, $this->db_connect_id) ) { $this->result = time() + microtime(); ! $result_id = @mssql_query('SELECT @@ROWCOUNT as affected', $this->db_connect_id); if( $result_id ) { ! if( $row = @mssql_fetch_array($result_id) ) { $this->affected_rows[$this->db_connect_id] = $row['affected']; } *************** *** 187,193 **** { if( $this->in_transaction ) { ! mssql_query("ROLLBACK", $this->db_connect_id); $this->in_transaction = FALSE; } --- 187,193 ---- { if( $this->in_transaction ) { ! @mssql_query('ROLLBACK', $this->db_connect_id); $this->in_transaction = FALSE; } *************** *** 198,204 **** { $this->in_transaction = FALSE; ! if( !@mssql_query("COMMIT", $this->db_connect_id) ) { @mssql_query("ROLLBACK", $this->db_connect_id); return false; --- 198,204 ---- { $this->in_transaction = FALSE; ! if( !@mssql_query('COMMIT', $this->db_connect_id) ) { @mssql_query("ROLLBACK", $this->db_connect_id); return false; *************** *** 213,221 **** { $this->in_transaction = FALSE; ! if( !@mssql_query("COMMIT", $this->db_connect_id) ) { ! @mssql_query("ROLLBACK", $this->db_connect_id); return false; } } --- 213,221 ---- { $this->in_transaction = FALSE; ! if( !@mssql_query('COMMIT', $this->db_connect_id) ) { ! @mssql_query('ROLLBACK', $this->db_connect_id); return false; } } *************** *** 236,242 **** if( $query_id ) { ! return ( !empty($this->limit_offset[$query_id]) ) ? mssql_num_rows($query_id) - $this->limit_offset[$query_id] : @mssql_num_rows($query_id); } else { --- 236,242 ---- if( $query_id ) { ! return ( !empty($this->limit_offset[$query_id]) ) ? @mssql_num_rows($query_id) - $this->limit_offset[$query_id] : @mssql_num_rows($query_id); } else { *************** *** 251,257 **** $query_id = $this->result; } ! return ( $query_id ) ? mssql_num_fields($query_id) : false; } function sql_fieldname($offset, $query_id = 0) --- 251,257 ---- $query_id = $this->result; } ! return ( $query_id ) ? @mssql_num_fields($query_id) : false; } function sql_fieldname($offset, $query_id = 0) *************** *** 261,267 **** $query_id = $this->result; } ! return ( $query_id ) ? mssql_field_name($query_id, $offset) : false; } function sql_fieldtype($offset, $query_id = 0) --- 261,267 ---- $query_id = $this->result; } ! return ( $query_id ) ? @mssql_field_name($query_id, $offset) : false; } function sql_fieldtype($offset, $query_id = 0) *************** *** 271,277 **** $query_id = $this->result; } ! return ( $query_id ) ? mssql_field_type($query_id, $offset) : false; } function sql_fetchrow($query_id = 0) --- 271,277 ---- $query_id = $this->result; } ! return ( $query_id ) ? @mssql_field_type($query_id, $offset) : false; } function sql_fetchrow($query_id = 0) *************** *** 285,291 **** { empty($row); ! $row = mssql_fetch_array($query_id); while( list($key, $value) = @each($row) ) { --- 285,291 ---- { empty($row); ! $row = @mssql_fetch_array($query_id); while( list($key, $value) = @each($row) ) { *************** *** 313,319 **** $i = 0; empty($rowset); ! while( $row = mssql_fetch_array($query_id)) { while( list($key, $value) = @each($row) ) { --- 313,319 ---- $i = 0; empty($rowset); ! while( $row = @mssql_fetch_array($query_id)) { while( list($key, $value) = @each($row) ) { *************** *** 344,361 **** { if( $this->limit_offset[$query_id] > 0 ) { ! $result = ( !empty($this->limit_offset[$query_id]) ) ? mssql_result($this->result, ($this->limit_offset[$query_id] + $row), $field) : false; } else { ! $result = mssql_result($this->result, $row, $field); } } else { if( empty($this->row[$query_id]) ) { ! $this->row[$query_id] = mssql_fetch_array($query_id); $result = stripslashes($this->row[$query_id][$field]); } } --- 344,361 ---- { if( $this->limit_offset[$query_id] > 0 ) { ! $result = ( !empty($this->limit_offset[$query_id]) ) ? @mssql_result($this->result, ($this->limit_offset[$query_id] + $row), $field) : false; } else { ! $result = @mssql_result($this->result, $row, $field); } } else { if( empty($this->row[$query_id]) ) { ! $this->row[$query_id] = @mssql_fetch_array($query_id); $result = stripslashes($this->row[$query_id][$field]); } } *************** *** 377,383 **** if( $query_id ) { ! return ( !empty($this->limit_offset[$query_id]) ) ? mssql_data_seek($query_id, ($this->limit_offset[$query_id] + $rownum)) : mssql_data_seek($query_id, $rownum); } else { --- 377,383 ---- if( $query_id ) { ! return ( !empty($this->limit_offset[$query_id]) ) ? @mssql_data_seek($query_id, ($this->limit_offset[$query_id] + $rownum)) : @mssql_data_seek($query_id, $rownum); } else { *************** *** 402,408 **** $query_id = $this->result; } ! return ( $query_id ) ? mssql_free_result($query_id) : false; } function sql_error($query_id = 0) --- 402,408 ---- $query_id = $this->result; } ! return ( $query_id ) ? @mssql_free_result($query_id) : false; } function sql_error($query_id = 0) diff -crN phpbb203/db/oracle.php phpbb2017/db/oracle.php *** phpbb203/db/oracle.php Sat Jul 10 20:16:18 2004 --- phpbb2017/db/oracle.php Thu Jan 1 01:00:00 1970 *************** *** 1,472 **** - persistency = $persistency; - $this->user = $sqluser; - $this->password = $sqlpassword; - $this->server = $sqlserver; - $this->dbname = $database; - - if($this->persistency) - { - $this->db_connect_id = @OCIPLogon($this->user, $this->password, $this->server); - } - else - { - $this->db_connect_id = @OCINLogon($this->user, $this->password, $this->server); - } - if($this->db_connect_id) - { - return $this->db_connect_id; - } - else - { - return false; - } - } - - // - // Other base methods - // - function sql_close() - { - if($this->db_connect_id) - { - // Commit outstanding transactions - if($this->in_transaction) - { - OCICommit($this->db_connect_id); - } - - if($this->query_result) - { - @OCIFreeStatement($this->query_result); - } - $result = @OCILogoff($this->db_connect_id); - return $result; - } - else - { - return false; - } - } - - // - // Base query method - // - function sql_query($query = "", $transaction = FALSE) - { - // Remove any pre-existing queries - unset($this->query_result); - - // Put us in transaction mode because with Oracle as soon as you make a query you're in a transaction - $this->in_transaction = TRUE; - - if($query != "") - { - $this->last_query = $query; - $this->num_queries++; - - if(eregi("LIMIT", $query)) - { - preg_match("/^(.*)LIMIT ([0-9]+)[, ]*([0-9]+)*/s", $query, $limits); - - $query = $limits[1]; - if($limits[3]) - { - $row_offset = $limits[2]; - $num_rows = $limits[3]; - } - else - { - $row_offset = 0; - $num_rows = $limits[2]; - } - } - - if(eregi("^(INSERT|UPDATE) ", $query)) - { - $query = preg_replace("/\\\'/s", "''", $query); - } - - $this->query_result = @OCIParse($this->db_connect_id, $query); - $success = @OCIExecute($this->query_result, OCI_DEFAULT); - } - if($success) - { - if($transaction == END_TRANSACTION) - { - OCICommit($this->db_connect_id); - $this->in_transaction = FALSE; - } - - unset($this->row[$this->query_result]); - unset($this->rowset[$this->query_result]); - $this->last_query_text[$this->query_result] = $query; - - return $this->query_result; - } - else - { - if($this->in_transaction) - { - OCIRollback($this->db_connect_id); - } - return false; - } - } - - // - // Other query methods - // - function sql_numrows($query_id = 0) - { - if(!$query_id) - { - $query_id = $this->query_result; - } - if($query_id) - { - $result = @OCIFetchStatement($query_id, $this->rowset); - // OCIFetchStatment kills our query result so we have to execute the statment again - // if we ever want to use the query_id again. - @OCIExecute($query_id, OCI_DEFAULT); - return $result; - } - else - { - return false; - } - } - function sql_affectedrows($query_id = 0) - { - if(!$query_id) - { - $query_id = $this->query_result; - } - if($query_id) - { - $result = @OCIRowCount($query_id); - return $result; - } - else - { - return false; - } - } - function sql_numfields($query_id = 0) - { - if(!$query_id) - { - $query_id = $this->query_result; - } - if($query_id) - { - $result = @OCINumCols($query_id); - return $result; - } - else - { - return false; - } - } - function sql_fieldname($offset, $query_id = 0) - { - // OCIColumnName uses a 1 based array so we have to up the offset by 1 in here to maintain - // full abstraction compatibitly - $offset += 1; - if(!$query_id) - { - $query_id = $this->query_result; - } - if($query_id) - { - $result = strtolower(@OCIColumnName($query_id, $offset)); - return $result; - } - else - { - return false; - } - } - function sql_fieldtype($offset, $query_id = 0) - { - // This situation is the same as fieldname - $offset += 1; - if(!$query_id) - { - $query_id = $this->query_result; - } - if($query_id) - { - $result = @OCIColumnType($query_id, $offset); - return $result; - } - else - { - return false; - } - } - function sql_fetchrow($query_id = 0, $debug = FALSE) - { - if(!$query_id) - { - $query_id = $this->query_result; - } - if($query_id) - { - $result_row = ""; - $result = @OCIFetchInto($query_id, $result_row, OCI_ASSOC+OCI_RETURN_NULLS); - if($debug) - { - echo "Query was: ".$this->last_query . "
"; - echo "Result: $result
"; - echo "Query ID: $query_id
"; - echo "
";
- 				var_dump($result_row);
- 				echo "
"; - } - if($result_row == "") - { - return false; - } - - for($i = 0; $i < count($result_row); $i++) - { - list($key, $val) = each($result_row); - $return_arr[strtolower($key)] = $val; - } - $this->row[$query_id] = $return_arr; - - return $this->row[$query_id]; - } - else - { - return false; - } - } - // This function probably isn't as efficant is it could be but any other way I do it - // I end up losing 1 row... - function sql_fetchrowset($query_id = 0) - { - if(!$query_id) - { - $query_id = $this->query_result; - } - if($query_id) - { - $rows = @OCIFetchStatement($query_id, $results); - @OCIExecute($query_id, OCI_DEFAULT); - for($i = 0; $i <= $rows; $i++) - { - @OCIFetchInto($query_id, $tmp_result, OCI_ASSOC+OCI_RETURN_NULLS); - - for($j = 0; $j < count($tmp_result); $j++) - { - list($key, $val) = each($tmp_result); - $return_arr[strtolower($key)] = $val; - } - $result[] = $return_arr; - } - return $result; - } - else - { - return false; - } - } - function sql_fetchfield($field, $rownum = -1, $query_id = 0) - { - if(!$query_id) - { - $query_id = $this->query_result; - } - if($query_id) - { - if($rownum > -1) - { - // Reset the internal rownum pointer. - @OCIExecute($query_id, OCI_DEFAULT); - for($i = 0; $i < $rownum; $i++) - { - // Move the interal pointer to the row we want - @OCIFetch($query_id); - } - // Get the field data. - $result = @OCIResult($query_id, strtoupper($field)); - } - else - { - // The internal pointer should be where we want it - // so we just grab the field out of the current row. - $result = @OCIResult($query_id, strtoupper($field)); - } - return $result; - } - else - { - return false; - } - } - function sql_rowseek($rownum, $query_id = 0) - { - if(!$query_id) - { - $query_id = $this->query_result; - } - if($query_id) - { - @OCIExecute($query_id, OCI_DEFAULT); - for($i = 0; $i < $rownum; $i++) - { - @OCIFetch($query_id); - } - $result = @OCIFetch($query_id); - return $result; - } - else - { - return false; - } - } - function sql_nextid($query_id = 0) - { - if(!$query_id) - { - $query_id = $this->query_result; - } - if($query_id && $this->last_query_text[$query_id] != "") - { - if( eregi("^(INSERT{1}|^INSERT INTO{1})[[:space:]][\"]?([a-zA-Z0-9\_\-]+)[\"]?", $this->last_query_text[$query_id], $tablename)) - { - $query = "SELECT ".$tablename[2]."_id_seq.currval FROM DUAL"; - $stmt = @OCIParse($this->db_connect_id, $query); - @OCIExecute($stmt,OCI_DEFAULT ); - $temp_result = @OCIFetchInto($stmt, $temp_result, OCI_ASSOC+OCI_RETURN_NULLS); - if($temp_result) - { - return $temp_result['CURRVAL']; - } - else - { - return false; - } - } - else - { - return false; - } - } - else - { - return false; - } - } - - function sql_nextid($query_id = 0) - { - if(!$query_id) - { - $query_id = $this->query_result; - } - if($query_id && $this->last_query_text[$query_id] != "") - { - if( eregi("^(INSERT{1}|^INSERT INTO{1})[[:space:]][\"]?([a-zA-Z0-9\_\-]+)[\"]?", $this->last_query_text[$query_id], $tablename)) - { - $query = "SELECT ".$tablename[2]."_id_seq.CURRVAL FROM DUAL"; - $temp_q_id = @OCIParse($this->db_connect_id, $query); - @OCIExecute($temp_q_id, OCI_DEFAULT); - @OCIFetchInto($temp_q_id, $temp_result, OCI_ASSOC+OCI_RETURN_NULLS); - - if($temp_result) - { - return $temp_result['CURRVAL']; - } - else - { - return false; - } - } - else - { - return false; - } - } - else - { - return false; - } - } - - - - function sql_freeresult($query_id = 0) - { - if(!$query_id) - { - $query_id = $this->query_result; - } - if($query_id) - { - $result = @OCIFreeStatement($query_id); - return $result; - } - else - { - return false; - } - } - function sql_error($query_id = 0) - { - if(!$query_id) - { - $query_id = $this->query_result; - } - $result = @OCIError($query_id); - return $result; - } - - } // class sql_db - - } // if ... define - - ?> \ No newline at end of file --- 0 ---- diff -crN phpbb203/db/postgres7.php phpbb2017/db/postgres7.php *** phpbb203/db/postgres7.php Sat Jul 10 20:16:18 2004 --- phpbb2017/db/postgres7.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : supportphpbb.com * ! * $Id: postgres7.php,v 1.19 2002/03/05 02:19:38 psotfx Exp $ * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : supportphpbb.com * ! * $Id: postgres7.php,v 1.19.2.3 2005/05/06 20:50:10 acydburn Exp $ * ***************************************************************************/ diff -crN phpbb203/faq.php phpbb2017/faq.php *** phpbb203/faq.php Sat Jul 10 20:16:19 2004 --- phpbb2017/faq.php Tue Jul 19 22:14:58 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: faq.php,v 1.14 2002/03/31 00:06:33 psotfx Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: faq.php,v 1.14.2.2 2004/07/11 16:46:15 acydburn Exp $ * * ***************************************************************************/ *************** *** 34,39 **** --- 34,42 ---- // End session management // + // Set vars to prevent naughtiness + $faq = array(); + // // Load the appropriate faq file // *************** *** 97,103 **** $template->set_filenames(array( 'body' => 'faq_body.tpl') ); ! make_jumpbox('viewforum.'.$phpEx, $forum_id); $template->assign_vars(array( 'L_FAQ_TITLE' => $l_title, --- 100,106 ---- $template->set_filenames(array( 'body' => 'faq_body.tpl') ); ! make_jumpbox('viewforum.'.$phpEx); $template->assign_vars(array( 'L_FAQ_TITLE' => $l_title, diff -crN phpbb203/groupcp.php phpbb2017/groupcp.php *** phpbb203/groupcp.php Sat Jul 10 20:16:18 2004 --- phpbb2017/groupcp.php Tue Jul 19 22:14:58 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: groupcp.php,v 1.58.2.5 2002/05/20 00:21:09 psotfx Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: groupcp.php,v 1.58.2.23 2005/05/06 20:50:10 acydburn Exp $ * * ***************************************************************************/ *************** *** 127,133 **** if ( isset($HTTP_GET_VARS[POST_GROUPS_URL]) || isset($HTTP_POST_VARS[POST_GROUPS_URL]) ) { ! $group_id = ( isset($HTTP_GET_VARS[POST_GROUPS_URL]) ) ? intval($HTTP_GET_VARS[POST_GROUPS_URL]) : intval($HTTP_POST_VARS[POST_GROUPS_URL]); } else { --- 127,133 ---- if ( isset($HTTP_GET_VARS[POST_GROUPS_URL]) || isset($HTTP_POST_VARS[POST_GROUPS_URL]) ) { ! $group_id = ( isset($HTTP_POST_VARS[POST_GROUPS_URL]) ) ? intval($HTTP_POST_VARS[POST_GROUPS_URL]) : intval($HTTP_GET_VARS[POST_GROUPS_URL]); } else { *************** *** 137,142 **** --- 137,143 ---- if ( isset($HTTP_POST_VARS['mode']) || isset($HTTP_GET_VARS['mode']) ) { $mode = ( isset($HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode']; + $mode = htmlspecialchars($mode); } else { *************** *** 151,165 **** // // Default var values // - $header_location = ( @preg_match('/Microsoft|WebSTAR/', getenv('SERVER_SOFTWARE')) ) ? 'Refresh: 0; URL=' : 'Location: '; $is_moderator = FALSE; if ( isset($HTTP_POST_VARS['groupstatus']) && $group_id ) { if ( !$userdata['session_logged_in'] ) { ! header($header_location . append_sid("login.$phpEx?redirect=groupcp.$phpEx&" . POST_GROUPS_URL . "=$group_id", true)); ! exit; } $sql = "SELECT group_moderator --- 152,164 ---- // // Default var values // $is_moderator = FALSE; if ( isset($HTTP_POST_VARS['groupstatus']) && $group_id ) { if ( !$userdata['session_logged_in'] ) { ! redirect(append_sid("login.$phpEx?redirect=groupcp.$phpEx&" . POST_GROUPS_URL . "=$group_id", true)); } $sql = "SELECT group_moderator *************** *** 208,215 **** // if ( !$userdata['session_logged_in'] ) { ! header($header_location . append_sid("login.$phpEx?redirect=groupcp.$phpEx&" . POST_GROUPS_URL . "=$group_id", true)); ! exit; } $sql = "SELECT ug.user_id, g.group_type --- 207,213 ---- // if ( !$userdata['session_logged_in'] ) { ! redirect(append_sid("login.$phpEx?redirect=groupcp.$phpEx&" . POST_GROUPS_URL . "=$group_id", true)); } $sql = "SELECT ug.user_id, g.group_type *************** *** 277,293 **** include($phpbb_root_path . 'includes/emailer.'.$phpEx); $emailer = new emailer($board_config['smtp_delivery']); ! $email_headers = 'From: ' . $board_config['board_email'] . "\nReturn-Path: " . $board_config['board_email'] . "\n"; $emailer->use_template('group_request', $moderator['user_lang']); $emailer->email_address($moderator['user_email']); ! $emailer->set_subject();//$lang['Group_request'] ! $emailer->extra_headers($email_headers); $emailer->assign_vars(array( 'SITENAME' => $board_config['sitename'], 'GROUP_MODERATOR' => $moderator['username'], ! 'EMAIL_SIG' => str_replace('
', "\n", "-- \n" . $board_config['board_email_sig']), 'U_GROUPCP' => $server_url . '?' . POST_GROUPS_URL . "=$group_id&validate=true") ); --- 275,291 ---- include($phpbb_root_path . 'includes/emailer.'.$phpEx); $emailer = new emailer($board_config['smtp_delivery']); ! $emailer->from($board_config['board_email']); ! $emailer->replyto($board_config['board_email']); $emailer->use_template('group_request', $moderator['user_lang']); $emailer->email_address($moderator['user_email']); ! $emailer->set_subject($lang['Group_request']); $emailer->assign_vars(array( 'SITENAME' => $board_config['sitename'], 'GROUP_MODERATOR' => $moderator['username'], ! 'EMAIL_SIG' => (!empty($board_config['board_email_sig'])) ? str_replace('
', "\n", "-- \n" . $board_config['board_email_sig']) : '', 'U_GROUPCP' => $server_url . '?' . POST_GROUPS_URL . "=$group_id&validate=true") ); *************** *** 310,322 **** // if ( $cancel ) { ! header($header_location . append_sid("groupcp.$phpEx", true)); ! exit; } elseif ( !$userdata['session_logged_in'] ) { ! header($header_location . append_sid("login.$phpEx?redirect=groupcp.$phpEx&" . POST_GROUPS_URL . "=$group_id", true)); ! exit; } if ( $confirm ) --- 308,318 ---- // if ( $cancel ) { ! redirect(append_sid("groupcp.$phpEx", true)); } elseif ( !$userdata['session_logged_in'] ) { ! redirect(append_sid("login.$phpEx?redirect=groupcp.$phpEx&" . POST_GROUPS_URL . "=$group_id", true)); } if ( $confirm ) *************** *** 341,347 **** message_die(GENERAL_ERROR, 'Could not obtain moderator status', '', __LINE__, __FILE__, $sql); } ! if ( !($row = $db->sql_fetchrow($result)) ) { $sql = "UPDATE " . USERS_TABLE . " SET user_level = " . USER . " --- 337,343 ---- message_die(GENERAL_ERROR, 'Could not obtain moderator status', '', __LINE__, __FILE__, $sql); } ! if ( !($row = $db->sql_fetchrow($result)) || $row['is_auth_mod'] == 0 ) { $sql = "UPDATE " . USERS_TABLE . " SET user_level = " . USER . " *************** *** 357,363 **** 'META' => '') ); ! $message = $lang['Usub_success'] . '

' . sprintf($lang['Click_return_group'], '', '') . '

' . sprintf($lang['Click_return_index'], '', ''); message_die(GENERAL_MESSAGE, $message); } --- 353,359 ---- 'META' => '') ); ! $message = $lang['Unsub_success'] . '

' . sprintf($lang['Click_return_group'], '', '') . '

' . sprintf($lang['Click_return_index'], '', ''); message_die(GENERAL_MESSAGE, $message); } *************** *** 399,406 **** { if ( !$userdata['session_logged_in'] ) { ! header($header_location . append_sid("login.$phpEx?redirect=groupcp.$phpEx&" . POST_GROUPS_URL . "=$group_id", true)); ! exit; } } --- 395,401 ---- { if ( !$userdata['session_logged_in'] ) { ! redirect(append_sid("login.$phpEx?redirect=groupcp.$phpEx&" . POST_GROUPS_URL . "=$group_id", true)); } } *************** *** 430,436 **** $sql = "SELECT g.group_moderator, g.group_type, aa.auth_mod FROM " . GROUPS_TABLE . " g, " . AUTH_ACCESS_TABLE . " aa WHERE g.group_id = $group_id ! AND aa.group_id = g.group_id(+)"; break; default: --- 425,431 ---- $sql = "SELECT g.group_moderator, g.group_type, aa.auth_mod FROM " . GROUPS_TABLE . " g, " . AUTH_ACCESS_TABLE . " aa WHERE g.group_id = $group_id ! AND aa.group_id (+) = g.group_id"; break; default: *************** *** 461,468 **** { if ( !$userdata['session_logged_in'] ) { ! header($header_location . append_sid("login.$phpEx?redirect=groupcp.$phpEx&" . POST_GROUPS_URL . "=$group_id", true)); ! exit; } if ( !$is_moderator ) --- 456,462 ---- { if ( !$userdata['session_logged_in'] ) { ! redirect(append_sid("login.$phpEx?redirect=groupcp.$phpEx&" . POST_GROUPS_URL . "=$group_id", true)); } if ( !$is_moderator ) *************** *** 478,484 **** if ( isset($HTTP_POST_VARS['add']) ) { ! $username = ( isset($HTTP_POST_VARS['username']) ) ? $HTTP_POST_VARS['username'] : ""; $sql = "SELECT user_id, user_email, user_lang, user_level FROM " . USERS_TABLE . " --- 472,478 ---- if ( isset($HTTP_POST_VARS['add']) ) { ! $username = ( isset($HTTP_POST_VARS['username']) ) ? phpbb_clean_username($HTTP_POST_VARS['username']) : ''; $sql = "SELECT user_id, user_email, user_lang, user_level FROM " . USERS_TABLE . " *************** *** 559,575 **** include($phpbb_root_path . 'includes/emailer.'.$phpEx); $emailer = new emailer($board_config['smtp_delivery']); ! $email_headers = 'From: ' . $board_config['board_email'] . "\nReturn-Path: " . $board_config['board_email'] . "\n"; $emailer->use_template('group_added', $row['user_lang']); $emailer->email_address($row['user_email']); ! $emailer->set_subject();//$lang['Group_added'] ! $emailer->extra_headers($email_headers); $emailer->assign_vars(array( 'SITENAME' => $board_config['sitename'], 'GROUP_NAME' => $group_name, ! 'EMAIL_SIG' => str_replace('
', "\n", "-- \n" . $board_config['board_email_sig']), 'U_GROUPCP' => $server_url . '?' . POST_GROUPS_URL . "=$group_id") ); --- 553,569 ---- include($phpbb_root_path . 'includes/emailer.'.$phpEx); $emailer = new emailer($board_config['smtp_delivery']); ! $emailer->from($board_config['board_email']); ! $emailer->replyto($board_config['board_email']); $emailer->use_template('group_added', $row['user_lang']); $emailer->email_address($row['user_email']); ! $emailer->set_subject($lang['Group_added']); $emailer->assign_vars(array( 'SITENAME' => $board_config['sitename'], 'GROUP_NAME' => $group_name, ! 'EMAIL_SIG' => (!empty($board_config['board_email_sig'])) ? str_replace('
', "\n", "-- \n" . $board_config['board_email_sig']) : '', 'U_GROUPCP' => $server_url . '?' . POST_GROUPS_URL . "=$group_id") ); *************** *** 597,603 **** $sql_in = ''; for($i = 0; $i < count($members); $i++) { ! $sql_in .= ( ( $sql_in != '' ) ? ', ' : '' ) . $members[$i]; } if ( isset($HTTP_POST_VARS['approve']) ) --- 591,597 ---- $sql_in = ''; for($i = 0; $i < count($members); $i++) { ! $sql_in .= ( ( $sql_in != '' ) ? ', ' : '' ) . intval($members[$i]); } if ( isset($HTTP_POST_VARS['approve']) ) *************** *** 691,700 **** message_die(GENERAL_ERROR, 'Could not get user email information', '', __LINE__, __FILE__, $sql); } ! $email_addresses = ''; ! while( $row = $db->sql_fetchrow($result) ) { ! $email_addresses .= ( ( $email_addresses != '' ) ? ', ' : '' ) . $row['user_email']; } // --- 685,694 ---- message_die(GENERAL_ERROR, 'Could not get user email information', '', __LINE__, __FILE__, $sql); } ! $bcc_list = array(); ! while ($row = $db->sql_fetchrow($result)) { ! $bcc_list[] = $row['user_email']; } // *************** *** 714,730 **** include($phpbb_root_path . 'includes/emailer.'.$phpEx); $emailer = new emailer($board_config['smtp_delivery']); ! $email_headers = 'From: ' . $board_config['board_email'] . "\nReturn-Path: " . $board_config['board_email'] . "\nBcc: " . $email_addresses . "\n"; $emailer->use_template('group_approved'); ! $emailer->email_address($userdata['user_email']); ! $emailer->set_subject();//$lang['Group_approved'] ! $emailer->extra_headers($email_headers); $emailer->assign_vars(array( 'SITENAME' => $board_config['sitename'], 'GROUP_NAME' => $group_name, ! 'EMAIL_SIG' => str_replace('
', "\n", "-- \n" . $board_config['board_email_sig']), 'U_GROUPCP' => $server_url . '?' . POST_GROUPS_URL . "=$group_id") ); --- 708,728 ---- include($phpbb_root_path . 'includes/emailer.'.$phpEx); $emailer = new emailer($board_config['smtp_delivery']); ! $emailer->from($board_config['board_email']); ! $emailer->replyto($board_config['board_email']); ! ! for ($i = 0; $i < count($bcc_list); $i++) ! { ! $emailer->bcc($bcc_list[$i]); ! } $emailer->use_template('group_approved'); ! $emailer->set_subject($lang['Group_approved']); $emailer->assign_vars(array( 'SITENAME' => $board_config['sitename'], 'GROUP_NAME' => $group_name, ! 'EMAIL_SIG' => (!empty($board_config['board_email_sig'])) ? str_replace('
', "\n", "-- \n" . $board_config['board_email_sig']) : '', 'U_GROUPCP' => $server_url . '?' . POST_GROUPS_URL . "=$group_id") ); *************** *** 899,904 **** --- 897,904 ---- generate_user_info($group_moderator, $board_config['default_dateformat'], $is_moderator, $from, $posts, $joined, $poster_avatar, $profile_img, $profile, $search_img, $search, $pm_img, $pm, $email_img, $email, $www_img, $www, $icq_status_img, $icq_img, $icq, $aim_img, $aim, $msn_img, $msn, $yim_img, $yim); + $s_hidden_fields .= ''; + $template->assign_vars(array( 'L_GROUP_INFORMATION' => $lang['Group_Information'], 'L_GROUP_NAME' => $lang['Group_name'], *************** *** 1149,1154 **** --- 1149,1156 ---- // Select all group that the user is a member of or where the user has // a pending membership. // + $in_group = array(); + if ( $userdata['session_logged_in'] ) { $sql = "SELECT g.group_id, g.group_name, g.group_type, ug.user_pending diff -crN phpbb203/includes/auth.php phpbb2017/includes/auth.php *** phpbb203/includes/auth.php Sat Jul 10 20:16:19 2004 --- phpbb2017/includes/auth.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: auth.php,v 1.37.2.1 2002/05/13 01:30:59 psotfx Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: auth.php,v 1.37.2.5 2004/03/01 16:49:03 psotfx Exp $ * * ***************************************************************************/ *************** *** 129,137 **** if ( !($f_access = $db->$sql_fetchrow($result)) ) { ! message_die(GENERAL_ERROR, 'No forum access control lists exist', '', __LINE__, __FILE__, $sql); } - $db->sql_freeresult($result); } --- 129,137 ---- if ( !($f_access = $db->$sql_fetchrow($result)) ) { ! $db->sql_freeresult($result); ! return array(); } $db->sql_freeresult($result); } *************** *** 171,176 **** --- 171,177 ---- } while( $row = $db->sql_fetchrow($result) ); } + $db->sql_freeresult($result); } $is_admin = ( $userdata['user_level'] == ADMIN && $userdata['session_logged_in'] ) ? TRUE : 0; *************** *** 199,205 **** { case AUTH_ALL: $auth_user[$key] = TRUE; ! $auth_user[$key . '_type'] = $lang['Auth_Anonymous_users']; break; case AUTH_REG: --- 200,206 ---- { case AUTH_ALL: $auth_user[$key] = TRUE; ! $auth_user[$key . '_type'] = $lang['Auth_Anonymous_Users']; break; case AUTH_REG: *************** *** 238,244 **** { case AUTH_ALL: $auth_user[$f_forum_id][$key] = TRUE; ! $auth_user[$f_forum_id][$key . '_type'] = $lang['Auth_Anonymous_users']; break; case AUTH_REG: --- 239,245 ---- { case AUTH_ALL: $auth_user[$f_forum_id][$key] = TRUE; ! $auth_user[$f_forum_id][$key . '_type'] = $lang['Auth_Anonymous_Users']; break; case AUTH_REG: diff -crN phpbb203/includes/bbcode.php phpbb2017/includes/bbcode.php *** phpbb203/includes/bbcode.php Sat Jul 10 20:16:19 2004 --- phpbb2017/includes/bbcode.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: bbcode.php,v 1.36.2.11 2002/07/19 15:28:49 psotfx Exp $ * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: bbcode.php,v 1.36.2.35 2005/07/19 20:01:10 acydburn Exp $ * ***************************************************************************/ *************** *** 26,32 **** define("BBCODE_UID_LEN", 10); ! // global that holds loaded-and-prepared bbcode templates, so we only have to do // that stuff once. $bbcode_tpl = null; --- 26,32 ---- define("BBCODE_UID_LEN", 10); ! // global that holds loaded-and-prepared bbcode templates, so we only have to do // that stuff once. $bbcode_tpl = null; *************** *** 45,65 **** global $template; $tpl_filename = $template->make_filename('bbcode.tpl'); $tpl = fread(fopen($tpl_filename, 'r'), filesize($tpl_filename)); ! // replace \ with \\ and then ' with \'. $tpl = str_replace('\\', '\\\\', $tpl); $tpl = str_replace('\'', '\\\'', $tpl); ! // strip newlines. $tpl = str_replace("\n", '', $tpl); ! // Turn template blocks into PHP assignment statements for the values of $bbcode_tpls.. $tpl = preg_replace('#(.*?)#', "\n" . '$bbcode_tpls[\'\\1\'] = \'\\2\';', $tpl); ! $bbcode_tpls = array(); eval($tpl); ! return $bbcode_tpls; } --- 45,65 ---- global $template; $tpl_filename = $template->make_filename('bbcode.tpl'); $tpl = fread(fopen($tpl_filename, 'r'), filesize($tpl_filename)); ! // replace \ with \\ and then ' with \'. $tpl = str_replace('\\', '\\\\', $tpl); $tpl = str_replace('\'', '\\\'', $tpl); ! // strip newlines. $tpl = str_replace("\n", '', $tpl); ! // Turn template blocks into PHP assignment statements for the values of $bbcode_tpls.. $tpl = preg_replace('#(.*?)#', "\n" . '$bbcode_tpls[\'\\1\'] = \'\\2\';', $tpl); ! $bbcode_tpls = array(); eval($tpl); ! return $bbcode_tpls; } *************** *** 68,74 **** * Prepares the loaded bbcode templates for insertion into preg_replace() * or str_replace() calls in the bbencode_second_pass functions. This * means replacing template placeholders with the appropriate preg backrefs ! * or with language vars. NOTE: If you change how the regexps work in * bbencode_second_pass(), you MUST change this function. * * Nathan Codding, Sept 26 2001 --- 68,74 ---- * Prepares the loaded bbcode templates for insertion into preg_replace() * or str_replace() calls in the bbencode_second_pass functions. This * means replacing template placeholders with the appropriate preg backrefs ! * or with language vars. NOTE: If you change how the regexps work in * bbencode_second_pass(), you MUST change this function. * * Nathan Codding, Sept 26 2001 *************** *** 77,129 **** function prepare_bbcode_template($bbcode_tpl) { global $lang; ! $bbcode_tpl['olist_open'] = str_replace('{LIST_TYPE}', '\\1', $bbcode_tpl['olist_open']); ! $bbcode_tpl['color_open'] = str_replace('{COLOR}', '\\1', $bbcode_tpl['color_open']); ! $bbcode_tpl['size_open'] = str_replace('{SIZE}', '\\1', $bbcode_tpl['size_open']); ! $bbcode_tpl['quote_open'] = str_replace('{L_QUOTE}', $lang['Quote'], $bbcode_tpl['quote_open']); ! $bbcode_tpl['quote_username_open'] = str_replace('{L_QUOTE}', $lang['Quote'], $bbcode_tpl['quote_username_open']); $bbcode_tpl['quote_username_open'] = str_replace('{L_WROTE}', $lang['wrote'], $bbcode_tpl['quote_username_open']); $bbcode_tpl['quote_username_open'] = str_replace('{USERNAME}', '\\1', $bbcode_tpl['quote_username_open']); ! $bbcode_tpl['code_open'] = str_replace('{L_CODE}', $lang['Code'], $bbcode_tpl['code_open']); $bbcode_tpl['img'] = str_replace('{URL}', '\\1', $bbcode_tpl['img']); ! // We do URLs in several different ways.. ! $bbcode_tpl['url1'] = str_replace('{URL}', '\\1\\2', $bbcode_tpl['url']); ! $bbcode_tpl['url1'] = str_replace('{DESCRIPTION}', '\\1\\2', $bbcode_tpl['url1']); ! $bbcode_tpl['url2'] = str_replace('{URL}', 'http://\\1', $bbcode_tpl['url']); $bbcode_tpl['url2'] = str_replace('{DESCRIPTION}', '\\1', $bbcode_tpl['url2']); ! ! $bbcode_tpl['url3'] = str_replace('{URL}', '\\1\\2', $bbcode_tpl['url']); ! $bbcode_tpl['url3'] = str_replace('{DESCRIPTION}', '\\3', $bbcode_tpl['url3']); ! $bbcode_tpl['url4'] = str_replace('{URL}', 'http://\\1', $bbcode_tpl['url']); ! $bbcode_tpl['url4'] = str_replace('{DESCRIPTION}', '\\2', $bbcode_tpl['url4']); $bbcode_tpl['email'] = str_replace('{EMAIL}', '\\1', $bbcode_tpl['email']); ! define("BBCODE_TPL_READY", true); ! return $bbcode_tpl; } /** * Does second-pass bbencoding. This should be used before displaying the message in ! * a thread. Assumes the message is already first-pass encoded, and we are given the * correct UID as used in first-pass encoding. */ function bbencode_second_pass($text, $uid) { global $lang, $bbcode_tpl; // pad it with a space so we can distinguish between FALSE and matching the 1st char (index 0). // This is important; bbencode_quote(), bbencode_list(), and bbencode_code() all depend on it. $text = " " . $text; --- 77,131 ---- function prepare_bbcode_template($bbcode_tpl) { global $lang; ! $bbcode_tpl['olist_open'] = str_replace('{LIST_TYPE}', '\\1', $bbcode_tpl['olist_open']); ! $bbcode_tpl['color_open'] = str_replace('{COLOR}', '\\1', $bbcode_tpl['color_open']); ! $bbcode_tpl['size_open'] = str_replace('{SIZE}', '\\1', $bbcode_tpl['size_open']); ! $bbcode_tpl['quote_open'] = str_replace('{L_QUOTE}', $lang['Quote'], $bbcode_tpl['quote_open']); ! $bbcode_tpl['quote_username_open'] = str_replace('{L_QUOTE}', $lang['Quote'], $bbcode_tpl['quote_username_open']); $bbcode_tpl['quote_username_open'] = str_replace('{L_WROTE}', $lang['wrote'], $bbcode_tpl['quote_username_open']); $bbcode_tpl['quote_username_open'] = str_replace('{USERNAME}', '\\1', $bbcode_tpl['quote_username_open']); ! $bbcode_tpl['code_open'] = str_replace('{L_CODE}', $lang['Code'], $bbcode_tpl['code_open']); $bbcode_tpl['img'] = str_replace('{URL}', '\\1', $bbcode_tpl['img']); ! // We do URLs in several different ways.. ! $bbcode_tpl['url1'] = str_replace('{URL}', '\\1', $bbcode_tpl['url']); ! $bbcode_tpl['url1'] = str_replace('{DESCRIPTION}', '\\1', $bbcode_tpl['url1']); ! $bbcode_tpl['url2'] = str_replace('{URL}', 'http://\\1', $bbcode_tpl['url']); $bbcode_tpl['url2'] = str_replace('{DESCRIPTION}', '\\1', $bbcode_tpl['url2']); ! ! $bbcode_tpl['url3'] = str_replace('{URL}', '\\1', $bbcode_tpl['url']); ! $bbcode_tpl['url3'] = str_replace('{DESCRIPTION}', '\\2', $bbcode_tpl['url3']); ! $bbcode_tpl['url4'] = str_replace('{URL}', 'http://\\1', $bbcode_tpl['url']); ! $bbcode_tpl['url4'] = str_replace('{DESCRIPTION}', '\\3', $bbcode_tpl['url4']); $bbcode_tpl['email'] = str_replace('{EMAIL}', '\\1', $bbcode_tpl['email']); ! define("BBCODE_TPL_READY", true); ! return $bbcode_tpl; } /** * Does second-pass bbencoding. This should be used before displaying the message in ! * a thread. Assumes the message is already first-pass encoded, and we are given the * correct UID as used in first-pass encoding. */ function bbencode_second_pass($text, $uid) { global $lang, $bbcode_tpl; + $text = preg_replace('#(script|about|applet|activex|chrome):#is', "\\1:", $text); + // pad it with a space so we can distinguish between FALSE and matching the 1st char (index 0). // This is important; bbencode_quote(), bbencode_list(), and bbencode_code() all depend on it. $text = " " . $text; *************** *** 135,147 **** $text = substr($text, 1); return $text; } ! // Only load the templates ONCE.. if (!defined("BBCODE_TPL_READY")) { // load templates from file into array. $bbcode_tpl = load_bbcode_template(); ! // prepare array for use in regexps. $bbcode_tpl = prepare_bbcode_template($bbcode_tpl); } --- 137,149 ---- $text = substr($text, 1); return $text; } ! // Only load the templates ONCE.. if (!defined("BBCODE_TPL_READY")) { // load templates from file into array. $bbcode_tpl = load_bbcode_template(); ! // prepare array for use in regexps. $bbcode_tpl = prepare_bbcode_template($bbcode_tpl); } *************** *** 149,154 **** --- 151,164 ---- // [CODE] and [/CODE] for posting code (HTML, PHP, C etc etc) in your posts. $text = bbencode_second_pass_code($text, $uid, $bbcode_tpl); + // [QUOTE] and [/QUOTE] for posting replies with quote, or just for quoting stuff. + $text = str_replace("[quote:$uid]", $bbcode_tpl['quote_open'], $text); + $text = str_replace("[/quote:$uid]", $bbcode_tpl['quote_close'], $text); + + // New one liner to deal with opening quotes with usernames... + // replaces the two line version that I had here before.. + $text = preg_replace("/\[quote:$uid=\"(.*?)\"\]/si", $bbcode_tpl['quote_username_open'], $text); + // [list] and [list=x] for (un)ordered lists. // unordered lists $text = str_replace("[list:$uid]", $bbcode_tpl['ulist_open'], $text); *************** *** 165,181 **** $text = str_replace("[/color:$uid]", $bbcode_tpl['color_close'], $text); // size ! $text = preg_replace("/\[size=([\-\+]?[1-2]?[0-9]):$uid\]/si", $bbcode_tpl['size_open'], $text); $text = str_replace("[/size:$uid]", $bbcode_tpl['size_close'], $text); - // [QUOTE] and [/QUOTE] for posting replies with quote, or just for quoting stuff. - $text = str_replace("[quote:$uid]", $bbcode_tpl['quote_open'], $text); - $text = str_replace("[/quote:$uid]", $bbcode_tpl['quote_close'], $text); - - // New one liner to deal with opening quotes with usernames... - // replaces the two line version that I had here before.. - $text = preg_replace("/\[quote:$uid=(?:\"?([^\"]*)\"?)\]/si", $bbcode_tpl['quote_username_open'], $text); - // [b] and [/b] for bolding text. $text = str_replace("[b:$uid]", $bbcode_tpl['b_open'], $text); $text = str_replace("[/b:$uid]", $bbcode_tpl['b_close'], $text); --- 175,183 ---- $text = str_replace("[/color:$uid]", $bbcode_tpl['color_close'], $text); // size ! $text = preg_replace("/\[size=([1-2]?[0-9]):$uid\]/si", $bbcode_tpl['size_open'], $text); $text = str_replace("[/size:$uid]", $bbcode_tpl['size_close'], $text); // [b] and [/b] for bolding text. $text = str_replace("[b:$uid]", $bbcode_tpl['b_open'], $text); $text = str_replace("[/b:$uid]", $bbcode_tpl['b_close'], $text); *************** *** 194,221 **** // [img]image_url_here[/img] code.. // This one gets first-passed.. ! $patterns[0] = "#\[img:$uid\](.*?)\[/img:$uid\]#si"; ! $replacements[0] = $bbcode_tpl['img']; ! ! // [url]xxxx://www.phpbb.com[/url] code.. ! $patterns[1] = "#\[url\]([a-z]+?://){1}([a-z0-9\-\.,\?!%\*_\#:;~\\&$@\/=\+\(\)]+)\[/url\]#si"; ! $replacements[1] = $bbcode_tpl['url1']; // [url]www.phpbb.com[/url] code.. (no xxxx:// prefix). ! $patterns[2] = "#\[url\]([a-z0-9\-\.,\?!%\*_\#:;~\\&$@\/=\+\(\)]+)\[/url\]#si"; ! $replacements[2] = $bbcode_tpl['url2']; // [url=xxxx://www.phpbb.com]phpBB[/url] code.. ! $patterns[3] = "#\[url=([a-z]+?://){1}([a-z0-9\-\.,\?!%\*_\#:;~\\&$@\/=\+\(\)]+)\](.*?)\[/url\]#si"; ! $replacements[3] = $bbcode_tpl['url3']; // [url=www.phpbb.com]phpBB[/url] code.. (no xxxx:// prefix). ! $patterns[4] = "#\[url=([a-z0-9\-\.,\?!%\*_\#:;~\\&$@\/=\+\(\)]+)\](.*?)\[/url\]#si"; ! $replacements[4] = $bbcode_tpl['url4']; // [email]user@domain.tld[/email] code.. ! $patterns[5] = "#\[email\]([a-z0-9\-_.]+?@[\w\-]+\.([\w\-\.]+\.)?[\w]+)\[/email\]#si"; ! $replacements[5] = $bbcode_tpl['email']; $text = preg_replace($patterns, $replacements, $text); --- 196,223 ---- // [img]image_url_here[/img] code.. // This one gets first-passed.. ! $patterns[] = "#\[img:$uid\]([^?].*?)\[/img:$uid\]#i"; ! $replacements[] = $bbcode_tpl['img']; ! ! // matches a [url]xxxx://www.phpbb.com[/url] code.. ! $patterns[] = "#\[url\]([\w]+?://[\w\#$%&~/.\-;:=,?@\[\]+]*?)\[/url\]#is"; ! $replacements[] = $bbcode_tpl['url1']; // [url]www.phpbb.com[/url] code.. (no xxxx:// prefix). ! $patterns[] = "#\[url\]((www|ftp)\.[\w\#$%&~/.\-;:=,?@\[\]+]*?)\[/url\]#is"; ! $replacements[] = $bbcode_tpl['url2']; // [url=xxxx://www.phpbb.com]phpBB[/url] code.. ! $patterns[] = "#\[url=([\w]+?://[\w\#$%&~/.\-;:=,?@\[\]+]*?)\]([^?\n\r\t].*?)\[/url\]#is"; ! $replacements[] = $bbcode_tpl['url3']; // [url=www.phpbb.com]phpBB[/url] code.. (no xxxx:// prefix). ! $patterns[] = "#\[url=((www|ftp)\.[\w\#$%&~/.\-;:=,?@\[\]+]*?)\]([^?\n\r\t].*?)\[/url\]#is"; ! $replacements[] = $bbcode_tpl['url4']; // [email]user@domain.tld[/email] code.. ! $patterns[] = "#\[email\]([a-z0-9&\-_.]+?@[\w\-]+\.([\w\-\.]+\.)?[\w]+)\[/email\]#si"; ! $replacements[] = $bbcode_tpl['email']; $text = preg_replace($patterns, $replacements, $text); *************** *** 250,257 **** // [QUOTE] and [/QUOTE] for posting replies with quote, or just for quoting stuff. $text = bbencode_first_pass_pda($text, $uid, '[quote]', '[/quote]', '', false, ''); ! ! $text = bbencode_first_pass_pda($text, $uid, '/\[quote=(\\\\"[^"]*?\\\\")\]/is', '[/quote]', '', false, '', "[quote:$uid=\\1]"); // [list] and [list=x] for (un)ordered lists. $open_tag = array(); --- 252,258 ---- // [QUOTE] and [/QUOTE] for posting replies with quote, or just for quoting stuff. $text = bbencode_first_pass_pda($text, $uid, '[quote]', '[/quote]', '', false, ''); ! $text = bbencode_first_pass_pda($text, $uid, '/\[quote=(\\\".*?\\\")\]/is', '[/quote]', '', false, '', "[quote:$uid=\\1]"); // [list] and [list=x] for (un)ordered lists. $open_tag = array(); *************** *** 270,276 **** $text = preg_replace("#\[color=(\#[0-9A-F]{6}|[a-z\-]+)\](.*?)\[/color\]#si", "[color=\\1:$uid]\\2[/color:$uid]", $text); // [size] and [/size] for setting text size ! $text = preg_replace("#\[size=([\-\+]?[1-2]?[0-9])\](.*?)\[/size\]#si", "[size=\\1:$uid]\\2[/size:$uid]", $text); // [b] and [/b] for bolding text. $text = preg_replace("#\[b\](.*?)\[/b\]#si", "[b:$uid]\\1[/b:$uid]", $text); --- 271,277 ---- $text = preg_replace("#\[color=(\#[0-9A-F]{6}|[a-z\-]+)\](.*?)\[/color\]#si", "[color=\\1:$uid]\\2[/color:$uid]", $text); // [size] and [/size] for setting text size ! $text = preg_replace("#\[size=([1-2]?[0-9])\](.*?)\[/size\]#si", "[size=\\1:$uid]\\2[/size:$uid]", $text); // [b] and [/b] for bolding text. $text = preg_replace("#\[b\](.*?)\[/b\]#si", "[b:$uid]\\1[/b:$uid]", $text); *************** *** 282,294 **** $text = preg_replace("#\[i\](.*?)\[/i\]#si", "[i:$uid]\\1[/i:$uid]", $text); // [img]image_url_here[/img] code.. ! $text = preg_replace("#\[img\](http(s)?://)([a-z0-9\-\.,\?!%\*_\#:;~\\&$@\/=\+]+)\[/img\]#si", "[img:$uid]\\1\\3[/img:$uid]", $text); // Remove our padding from the string.. ! $text = substr($text, 1); ! ! ! return $text; } // bbencode_first_pass() --- 283,292 ---- $text = preg_replace("#\[i\](.*?)\[/i\]#si", "[i:$uid]\\1[/i:$uid]", $text); // [img]image_url_here[/img] code.. ! $text = preg_replace("#\[img\]((http|ftp|https|ftps)://)([^ \?&=\#\"\n\r\t<]*?(\.(jpg|jpeg|gif|png)))\[/img\]#sie", "'[img:$uid]\\1' . str_replace(' ', '%20', '\\3') . '[/img:$uid]'", $text); // Remove our padding from the string.. ! return substr($text, 1);; } // bbencode_first_pass() *************** *** 349,357 **** $open_tag[0] = $open_tag_temp; $open_tag_count = 1; } ! $open_is_regexp = false; ! if ($open_regexp_replace) { $open_is_regexp = true; --- 347,355 ---- $open_tag[0] = $open_tag_temp; $open_tag_count = 1; } ! $open_is_regexp = false; ! if ($open_regexp_replace) { $open_is_regexp = true; *************** *** 362,373 **** $open_regexp_replace[0] = $open_regexp_temp; } } ! if ($mark_lowest_level && $open_is_regexp) { message_die(GENERAL_ERROR, "Unsupported operation for bbcode_first_pass_pda()."); } - // Start at the 2nd char of the string, looking for opening tags. $curr_pos = 1; --- 360,370 ---- $open_regexp_replace[0] = $open_regexp_temp; } } ! if ($mark_lowest_level && $open_is_regexp) { message_die(GENERAL_ERROR, "Unsupported operation for bbcode_first_pass_pda()."); } // Start at the 2nd char of the string, looking for opening tags. $curr_pos = 1; *************** *** 383,411 **** $found_start = false; $which_start_tag = ""; $start_tag_index = -1; for ($i = 0; $i < $open_tag_count; $i++) { // Grab everything until the first "]"... ! $possible_start = substr($text, $curr_pos, strpos($text, "]", $curr_pos + 1) - $curr_pos + 1); // // We're going to try and catch usernames with "[' characters. // ! if( preg_match('/\[quote\=\\\\"/si', $possible_start) && !preg_match('/\[quote=\\\\"[^"]*\\\\"\]/si', $possible_start) ) { - // // OK we are in a quote tag that probably contains a ] bracket. // Grab a bit more of the string to hopefully get all of it.. ! // ! $possible_start = substr($text, $curr_pos, strpos($text, "\"]", $curr_pos + 1) - $curr_pos + 2); } ! // // Now compare, either using regexp or not. - if ($open_is_regexp) { $match_result = array(); - // PREG regexp comparison. if (preg_match($open_tag[$i], $possible_start, $match_result)) { $found_start = true; --- 380,411 ---- $found_start = false; $which_start_tag = ""; $start_tag_index = -1; + for ($i = 0; $i < $open_tag_count; $i++) { // Grab everything until the first "]"... ! $possible_start = substr($text, $curr_pos, strpos($text, ']', $curr_pos + 1) - $curr_pos + 1); // // We're going to try and catch usernames with "[' characters. // ! if( preg_match('#\[quote=\\\"#si', $possible_start, $match) && !preg_match('#\[quote=\\\"(.*?)\\\"\]#si', $possible_start) ) { // OK we are in a quote tag that probably contains a ] bracket. // Grab a bit more of the string to hopefully get all of it.. ! if ($close_pos = strpos($text, '"]', $curr_pos + 9)) ! { ! if (strpos(substr($text, $curr_pos + 9, $close_pos - ($curr_pos + 9)), '[quote') === false) ! { ! $possible_start = substr($text, $curr_pos, $close_pos - $curr_pos + 2); ! } ! } } ! // Now compare, either using regexp or not. if ($open_is_regexp) { $match_result = array(); if (preg_match($open_tag[$i], $possible_start, $match_result)) { $found_start = true; *************** *** 434,445 **** $match = array("pos" => $curr_pos, "tag" => $which_start_tag, "index" => $start_tag_index); bbcode_array_push($stack, $match); // ! // Rather than just increment $curr_pos ! // Set it to the ending of the tag we just found ! // Keeps error in nested tag from breaking out ! // of table structure.. ! // ! $curr_pos = $curr_pos + strlen($possible_start); } else { --- 434,445 ---- $match = array("pos" => $curr_pos, "tag" => $which_start_tag, "index" => $start_tag_index); bbcode_array_push($stack, $match); // ! // Rather than just increment $curr_pos ! // Set it to the ending of the tag we just found ! // Keeps error in nested tag from breaking out ! // of table structure.. ! // ! $curr_pos += strlen($possible_start); } else { *************** *** 522,529 **** { $match = bbcode_array_pop($stack); $curr_pos = $match['pos']; ! bbcode_array_push($stack, $match); ! ++$curr_pos; } else { --- 522,529 ---- { $match = bbcode_array_pop($stack); $curr_pos = $match['pos']; ! // bbcode_array_push($stack, $match); ! // ++$curr_pos; } else { *************** *** 572,586 **** { $before_replace = $matches[1][$i]; $after_replace = $matches[1][$i]; ! // Replace 2 spaces with "  " so non-tabbed code indents without making huge long lines. $after_replace = str_replace(" ", "  ", $after_replace); // now Replace 2 spaces with "  " to catch odd #s of spaces. $after_replace = str_replace(" ", "  ", $after_replace); ! // Replace tabs with "   " so tabbed code indents sorta right without making huge long lines. $after_replace = str_replace("\t", "   ", $after_replace); $str_to_match = "[code:1:$uid]" . $before_replace . "[/code:1:$uid]"; $replacement = $code_start_html; --- 572,589 ---- { $before_replace = $matches[1][$i]; $after_replace = $matches[1][$i]; ! // Replace 2 spaces with "  " so non-tabbed code indents without making huge long lines. $after_replace = str_replace(" ", "  ", $after_replace); // now Replace 2 spaces with "  " to catch odd #s of spaces. $after_replace = str_replace(" ", "  ", $after_replace); ! // Replace tabs with "   " so tabbed code indents sorta right without making huge long lines. $after_replace = str_replace("\t", "   ", $after_replace); + // now Replace space occurring at the beginning of a line + $after_replace = preg_replace("/^ {1}/m", ' ', $after_replace); + $str_to_match = "[code:1:$uid]" . $before_replace . "[/code:1:$uid]"; $replacement = $code_start_html; *************** *** 613,638 **** */ function make_clickable($text) { // pad it with a space so we can match things at the start of the 1st line. ! $ret = " " . $text; // matches an "xxxx://yyyy" URL at the start of a line, or after a space. // xxxx can only be alpha characters. ! // yyyy is anything up to the first space, newline, or comma. ! $ret = preg_replace("#([\n ])([a-z]+?)://([a-z0-9\-\.,\?!%\*_\#:;~\\&$@\/=\+]+)#i", "\\1\\2://\\3", $ret); ! // matches a "www.xxxx.yyyy[/zzzz]" kinda lazy URL thing // Must contain at least 2 dots. xxxx contains either alphanum, or "-" ! // yyyy contains either alphanum, "-", or "." ! // zzzz is optional.. will contain everything up to the first space, newline, or comma. ! // This is slightly restrictive - it's not going to match stuff like "forums.foo.com" ! // This is to keep it from getting annoying and matching stuff that's not meant to be a link. ! $ret = preg_replace("#([\n ])www\.([a-z0-9\-]+)\.([a-z0-9\-.\~]+)((?:/[a-z0-9\-\.,\?!%\*_\#:;~\\&$@\/=\+]*)?)#i", "\\1www.\\2.\\3\\4", $ret); // matches an email@domain type address at the start of a line, or after a space. // Note: Only the followed chars are valid; alphanums, "-", "_" and or ".". ! $ret = preg_replace("#([\n ])([a-z0-9\-_.]+?)@([\w\-]+\.([\w\-\.]+\.)?[\w]+)#i", "\\1\\2@\\3", $ret); // Remove our padding.. $ret = substr($ret, 1); --- 616,640 ---- */ function make_clickable($text) { + $text = preg_replace('#(script|about|applet|activex|chrome):#is', "\\1:", $text); // pad it with a space so we can match things at the start of the 1st line. ! $ret = ' ' . $text; // matches an "xxxx://yyyy" URL at the start of a line, or after a space. // xxxx can only be alpha characters. ! // yyyy is anything up to the first space, newline, comma, double quote or < ! $ret = preg_replace("#(^|[\n ])([\w]+?://[\w\#$%&~/.\-;:=,?@\[\]+]*)#is", "\\1\\2", $ret); ! // matches a "www|ftp.xxxx.yyyy[/zzzz]" kinda lazy URL thing // Must contain at least 2 dots. xxxx contains either alphanum, or "-" ! // zzzz is optional.. will contain everything up to the first space, newline, ! // comma, double quote or <. ! $ret = preg_replace("#(^|[\n ])((www|ftp)\.[\w\#$%&~/.\-;:=,?@\[\]+]*)#is", "\\1\\2", $ret); // matches an email@domain type address at the start of a line, or after a space. // Note: Only the followed chars are valid; alphanums, "-", "_" and or ".". ! $ret = preg_replace("#(^|[\n ])([a-z0-9&\-_.]+?)@([\w\-]+\.([\w\-\.]+\.)*[\w]+)#i", "\\1\\2@\\3", $ret); // Remove our padding.. $ret = substr($ret, 1); *************** *** 736,771 **** // Smilies code ... would this be better tagged on to the end of bbcode.php? // Probably so and I'll move it before B2 // ! function smilies_pass($message) ! { ! static $orig, $repl; ! ! if (!isset($orig)) ! { ! global $db, $board_config; ! $orig = $repl = array(); ! ! $sql = 'SELECT code, smile_url FROM ' . SMILIES_TABLE; ! if( !$result = $db->sql_query($sql) ) ! { ! message_die(GENERAL_ERROR, "Couldn't obtain smilies data", "", __LINE__, __FILE__, $sql); ! } ! $smilies = $db->sql_fetchrowset($result); ! ! usort($smilies, 'smiley_sort'); ! for($i = 0; $i < count($smilies); $i++) ! { ! $orig[] = "/(?<=.\W|\W.|^\W)" . phpbb_preg_quote($smilies[$i]['code'], "/") . "(?=.\W|\W.|\W$)/"; ! $repl[] = '' . $smilies[$i]['smile_url'] . ''; ! } ! } ! ! if (count($orig)) ! { ! $message = preg_replace($orig, $repl, ' ' . $message . ' '); ! $message = substr($message, 1, -1); ! } ! return $message; } function smiley_sort($a, $b) --- 738,778 ---- // Smilies code ... would this be better tagged on to the end of bbcode.php? // Probably so and I'll move it before B2 // ! function smilies_pass($message) ! { ! static $orig, $repl; ! ! if (!isset($orig)) ! { ! global $db, $board_config; ! $orig = $repl = array(); ! ! $sql = 'SELECT * FROM ' . SMILIES_TABLE; ! if( !$result = $db->sql_query($sql) ) ! { ! message_die(GENERAL_ERROR, "Couldn't obtain smilies data", "", __LINE__, __FILE__, $sql); ! } ! $smilies = $db->sql_fetchrowset($result); ! ! if (count($smilies)) ! { ! usort($smilies, 'smiley_sort'); ! } ! ! for ($i = 0; $i < count($smilies); $i++) ! { ! $orig[] = "/(?<=.\W|\W.|^\W)" . phpbb_preg_quote($smilies[$i]['code'], "/") . "(?=.\W|\W.|\W$)/"; ! $repl[] = '' . $smilies[$i]['emoticon'] . ''; ! } ! } ! ! if (count($orig)) ! { ! $message = preg_replace($orig, $repl, ' ' . $message . ' '); ! $message = substr($message, 1, -1); ! } ! ! return $message; } function smiley_sort($a, $b) *************** *** 778,782 **** return ( strlen($a['code']) > strlen($b['code']) ) ? -1 : 1; } ! ! ?> --- 785,788 ---- return ( strlen($a['code']) > strlen($b['code']) ) ? -1 : 1; } ! ?> \ No newline at end of file diff -crN phpbb203/includes/constants.php phpbb2017/includes/constants.php *** phpbb203/includes/constants.php Sat Jul 10 20:16:19 2004 --- phpbb2017/includes/constants.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : ('C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: constants.php,v 1.47.2.1 2002/07/29 05:04:04 dougk_ff7 Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : ('C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: constants.php,v 1.47.2.5 2004/11/18 17:49:42 acydburn Exp $ * * ***************************************************************************/ *************** *** 27,33 **** // Debug Level //define('DEBUG', 1); // Debugging on ! define('DEBUG', 0); // Debugging off // User Levels <- Do not change the values of USER or ADMIN --- 27,33 ---- // Debug Level //define('DEBUG', 1); // Debugging on ! define('DEBUG', 1); // Debugging off // User Levels <- Do not change the values of USER or ADMIN *************** *** 148,153 **** --- 148,154 ---- // Table names + define('CONFIRM_TABLE', $table_prefix.'confirm'); define('AUTH_ACCESS_TABLE', $table_prefix.'auth_access'); define('BANLIST_TABLE', $table_prefix.'banlist'); define('CATEGORIES_TABLE', $table_prefix.'categories'); *************** *** 178,181 **** define('VOTE_RESULTS_TABLE', $table_prefix.'vote_results'); define('VOTE_USERS_TABLE', $table_prefix.'vote_voters'); ! ?> --- 179,182 ---- define('VOTE_RESULTS_TABLE', $table_prefix.'vote_results'); define('VOTE_USERS_TABLE', $table_prefix.'vote_voters'); ! ?> \ No newline at end of file diff -crN phpbb203/includes/emailer.php phpbb2017/includes/emailer.php *** phpbb203/includes/emailer.php Sat Jul 10 20:16:19 2004 --- phpbb2017/includes/emailer.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** copyright : (C) 2001 The phpBB Group email : support@phpbb.com ! $Id: emailer.php,v 1.15.2.6 2002/08/07 22:36:33 dougk_ff7 Exp $ ***************************************************************************/ --- 6,12 ---- copyright : (C) 2001 The phpBB Group email : support@phpbb.com ! $Id: emailer.php,v 1.15.2.34 2003/07/26 11:41:35 acydburn Exp $ ***************************************************************************/ *************** *** 26,185 **** // class emailer { ! var $tpl_file; var $use_smtp; ! var $msg; ! var $mimeOut; ! var $arrPlaceHolders = array(); // an associative array that has the key = placeHolderName and val = placeHolderValue. ! var $subject, $extra_headers, $address; function emailer($use_smtp) { $this->use_smtp = $use_smtp; ! $this->tpl_file = NULL; ! $this->address = NULL; ! $this->msg = ''; ! $this->mimeOut = ''; } - // // Resets all the data (address, template file, etc etc to default - // function reset() { ! $this->tpl_file = ''; ! $this->address = ''; ! $this->msg = ''; ! $this->memOut = ''; ! $this->vars = ''; } - // // Sets an email address to send to - // function email_address($address) { ! $this->address = ''; ! $this->address .= $address; } - // // set up subject for mail - // function set_subject($subject = '') { ! $this->subject = $subject; } - // // set up extra mail headers - // function extra_headers($headers) { ! $this->extra_headers = $headers; } function use_template($template_file, $template_lang = '') { global $board_config, $phpbb_root_path; ! if ( $template_lang == '' ) { ! $template_lang = $board_config['default_lang']; } ! $this->tpl_file = $phpbb_root_path . 'language/lang_' . $template_lang . '/email/' . $template_file . '.tpl'; ! if ( !file_exists($this->tpl_file) ) { ! message_die(GENERAL_ERROR, 'Could not find email template file ' . $template_file, '', __LINE__, __FILE__); } ! if ( !$this->load_msg() ) { ! message_die(GENERAL_ERROR, 'Could not load email template file ' . $template_file, '', __LINE__, __FILE__); ! } ! return true; ! } ! // ! // Open the template file and read in the message ! // ! function load_msg() ! { ! if ( $this->tpl_file == NULL ) ! { ! message_die(GENERAL_ERROR, 'No template file set', '', __LINE__, __FILE__); ! } ! if ( !($fd = fopen($this->tpl_file, 'r')) ) ! { ! message_die(GENERAL_ERROR, 'Failed opening template file', '', __LINE__, __FILE__); } ! $this->msg .= fread($fd, filesize($this->tpl_file)); ! fclose($fd); return true; } function assign_vars($vars) { ! $this->vars = ( empty($this->vars) ) ? $vars : $this->vars . $vars; } ! function parse_email() { ! global $lang; ! @reset($this->vars); ! while (list($key, $val) = @each($this->vars)) ! { ! $$key = $val; ! } // Escape all quotes, else the eval will fail. $this->msg = str_replace ("'", "\'", $this->msg); $this->msg = preg_replace('#\{([a-z0-9\-_]*?)\}#is', "' . $\\1 . '", $this->msg); eval("\$this->msg = '$this->msg';"); ! // // We now try and pull a subject from the email body ... if it exists, // do this here because the subject may contain a variable ! // $match = array(); ! preg_match("/^(Subject:(.*?)[\r\n]+?)?(Charset:(.*?)[\r\n]+?)?(.*?)$/is", $this->msg, $match); ! ! $this->msg = ( isset($match[5]) ) ? trim($match[5]) : ''; ! $this->subject = ( $this->subject != '' ) ? $this->subject : trim($match[2]); ! $this->encoding = ( trim($match[4]) != '' ) ? trim($match[4]) : $lang['ENCODING']; ! ! return true; ! } ! ! // ! // Send the mail out to the recipients set previously in var $this->address ! // ! function send() ! { ! global $phpEx, $phpbb_root_path; ! if ( $this->address == NULL ) { ! message_die(GENERAL_ERROR, 'No email address set', '', __LINE__, __FILE__); } ! if ( !$this->parse_email() ) { ! return false; } ! // ! // Add date and encoding type ! // ! $universal_extra = "MIME-Version: 1.0\nContent-type: text/plain; charset=" . $this->encoding . "\nContent-transfer-encoding: 8bit\nDate: " . gmdate('D, d M Y H:i:s', time()) . " UT\n"; ! $this->extra_headers = $universal_extra . $this->extra_headers; if ( $this->use_smtp ) { if ( !defined('SMTP_INCLUDED') ) --- 26,200 ---- // class emailer { ! var $msg, $subject, $extra_headers; ! var $addresses, $reply_to, $from; var $use_smtp; ! ! var $tpl_msg = array(); function emailer($use_smtp) { + $this->reset(); $this->use_smtp = $use_smtp; ! $this->reply_to = $this->from = ''; } // Resets all the data (address, template file, etc etc to default function reset() { ! $this->addresses = array(); ! $this->vars = $this->msg = $this->extra_headers = ''; } // Sets an email address to send to function email_address($address) { ! $this->addresses['to'] = trim($address); ! } ! ! function cc($address) ! { ! $this->addresses['cc'][] = trim($address); ! } ! ! function bcc($address) ! { ! $this->addresses['bcc'][] = trim($address); ! } ! ! function replyto($address) ! { ! $this->reply_to = trim($address); ! } ! ! function from($address) ! { ! $this->from = trim($address); } // set up subject for mail function set_subject($subject = '') { ! $this->subject = trim(preg_replace('#[\n\r]+#s', '', $subject)); } // set up extra mail headers function extra_headers($headers) { ! $this->extra_headers .= trim($headers) . "\n"; } function use_template($template_file, $template_lang = '') { global $board_config, $phpbb_root_path; ! if (trim($template_file) == '') { ! message_die(GENERAL_ERROR, 'No template file set', '', __LINE__, __FILE__); } ! if (trim($template_lang) == '') { ! $template_lang = $board_config['default_lang']; } ! if (empty($this->tpl_msg[$template_lang . $template_file])) { ! $tpl_file = $phpbb_root_path . 'language/lang_' . $template_lang . '/email/' . $template_file . '.tpl'; ! if (!@file_exists(@phpbb_realpath($tpl_file))) ! { ! $tpl_file = $phpbb_root_path . 'language/lang_' . $board_config['default_lang'] . '/email/' . $template_file . '.tpl'; ! if (!@file_exists(@phpbb_realpath($tpl_file))) ! { ! message_die(GENERAL_ERROR, 'Could not find email template file :: ' . $template_file, '', __LINE__, __FILE__); ! } ! } ! if (!($fd = @fopen($tpl_file, 'r'))) ! { ! message_die(GENERAL_ERROR, 'Failed opening template file :: ' . $tpl_file, '', __LINE__, __FILE__); ! } ! ! $this->tpl_msg[$template_lang . $template_file] = fread($fd, filesize($tpl_file)); ! fclose($fd); } ! $this->msg = $this->tpl_msg[$template_lang . $template_file]; return true; } + // assign variables function assign_vars($vars) { ! $this->vars = (empty($this->vars)) ? $vars : $this->vars . $vars; } ! // Send the mail out to the recipients set previously in var $this->address ! function send() { ! global $board_config, $lang, $phpEx, $phpbb_root_path, $db; // Escape all quotes, else the eval will fail. $this->msg = str_replace ("'", "\'", $this->msg); $this->msg = preg_replace('#\{([a-z0-9\-_]*?)\}#is', "' . $\\1 . '", $this->msg); + // Set vars + reset ($this->vars); + while (list($key, $val) = each($this->vars)) + { + $$key = $val; + } + eval("\$this->msg = '$this->msg';"); ! // Clear vars ! reset ($this->vars); ! while (list($key, $val) = each($this->vars)) ! { ! unset($$key); ! } ! // We now try and pull a subject from the email body ... if it exists, // do this here because the subject may contain a variable ! $drop_header = ''; $match = array(); ! if (preg_match('#^(Subject:(.*?))$#m', $this->msg, $match)) ! { ! $this->subject = (trim($match[2]) != '') ? trim($match[2]) : (($this->subject != '') ? $this->subject : 'No Subject'); ! $drop_header .= '[\r\n]*?' . phpbb_preg_quote($match[1], '#'); ! } ! else ! { ! $this->subject = (($this->subject != '') ? $this->subject : 'No Subject'); ! } ! if (preg_match('#^(Charset:(.*?))$#m', $this->msg, $match)) ! { ! $this->encoding = (trim($match[2]) != '') ? trim($match[2]) : trim($lang['ENCODING']); ! $drop_header .= '[\r\n]*?' . phpbb_preg_quote($match[1], '#'); ! } ! else { ! $this->encoding = trim($lang['ENCODING']); } ! if ($drop_header != '') { ! $this->msg = trim(preg_replace('#' . $drop_header . '#s', '', $this->msg)); } ! $to = $this->addresses['to']; + $cc = (count($this->addresses['cc'])) ? implode(', ', $this->addresses['cc']) : ''; + $bcc = (count($this->addresses['bcc'])) ? implode(', ', $this->addresses['bcc']) : ''; + + // Build header + $this->extra_headers = (($this->reply_to != '') ? "Reply-to: $this->reply_to\n" : '') . (($this->from != '') ? "From: $this->from\n" : "From: " . $board_config['board_email'] . "\n") . "Return-Path: " . $board_config['board_email'] . "\nMessage-ID: <" . md5(uniqid(time())) . "@" . $board_config['server_name'] . ">\nMIME-Version: 1.0\nContent-type: text/plain; charset=" . $this->encoding . "\nContent-transfer-encoding: 8bit\nDate: " . date('r', time()) . "\nX-Priority: 3\nX-MSMail-Priority: Normal\nX-Mailer: PHP\nX-MimeOLE: Produced By phpBB2\n" . $this->extra_headers . (($cc != '') ? "Cc: $cc\n" : '') . (($bcc != '') ? "Bcc: $bcc\n" : ''); + + // Send message ... removed $this->encode() from subject for time being if ( $this->use_smtp ) { if ( !defined('SMTP_INCLUDED') ) *************** *** 187,207 **** include($phpbb_root_path . 'includes/smtp.' . $phpEx); } ! $result = smtpmail($this->address, $this->subject, $this->msg, $this->extra_headers); } else { ! $result = @mail($this->address, $this->subject, $this->msg, $this->extra_headers); } ! if ( !$result ) { ! message_die(GENERAL_ERROR, 'Failed sending email', '', __LINE__, __FILE__); } return true; } // // Attach files via MIME. --- 202,270 ---- include($phpbb_root_path . 'includes/smtp.' . $phpEx); } ! $result = smtpmail($to, $this->subject, $this->msg, $this->extra_headers); } else { ! $empty_to_header = ($to == '') ? TRUE : FALSE; ! $to = ($to == '') ? (($board_config['sendmail_fix']) ? ' ' : 'Undisclosed-recipients:;') : $to; ! ! $result = @mail($to, $this->subject, preg_replace("#(?msg), $this->extra_headers); ! ! if (!$result && !$board_config['sendmail_fix'] && $empty_to_header) ! { ! $to = ' '; ! ! $sql = "UPDATE " . CONFIG_TABLE . " ! SET config_value = '1' ! WHERE config_name = 'sendmail_fix'"; ! if (!$db->sql_query($sql)) ! { ! message_die(GENERAL_ERROR, 'Unable to update config table', '', __LINE__, __FILE__, $sql); ! } ! ! $board_config['sendmail_fix'] = 1; ! $result = @mail($to, $this->subject, preg_replace("#(?msg), $this->extra_headers); ! } } ! // Did it work? ! if (!$result) { ! message_die(GENERAL_ERROR, 'Failed sending email :: ' . (($this->use_smtp) ? 'SMTP' : 'PHP') . ' :: ' . $result, '', __LINE__, __FILE__); } return true; } + // Encodes the given string for proper display for this encoding ... nabbed + // from php.net and modified. There is an alternative encoding method which + // may produce lesd output but it's questionable as to its worth in this + // scenario IMO + function encode($str) + { + if ($this->encoding == '') + { + return $str; + } + + // define start delimimter, end delimiter and spacer + $end = "?="; + $start = "=?$this->encoding?B?"; + $spacer = "$end\r\n $start"; + + // determine length of encoded text within chunks and ensure length is even + $length = 75 - strlen($start) - strlen($end); + $length = floor($length / 2) * 2; + + // encode the string and split it into chunks with spacers after each chunk + $str = chunk_split(base64_encode($str), $length, $spacer); + + // remove trailing spacer and add start and end delimiters + $str = preg_replace('#' . phpbb_preg_quote($spacer, '#') . '$#', '', $str); + + return $start . $str . $end; + } // // Attach files via MIME. *************** *** 211,217 **** global $lang; $mime_boundary = "--==================_846811060==_"; ! $this->mailMsg = '--' . $mime_boundary . "\nContent-Type: text/plain;\n\tcharset=\"" . $lang['ENCODING'] . "\"\n\n" . $this->mailMsg; if ($mime_filename) { --- 274,280 ---- global $lang; $mime_boundary = "--==================_846811060==_"; ! $this->msg = '--' . $mime_boundary . "\nContent-Type: text/plain;\n\tcharset=\"" . $lang['ENCODING'] . "\"\n\n" . $this->msg; if ($mime_filename) { *************** *** 294,300 **** // function encode_file($sourcefile) { ! if (is_readable($sourcefile)) { $fd = fopen($sourcefile, "r"); $contents = fread($fd, filesize($sourcefile)); --- 357,363 ---- // function encode_file($sourcefile) { ! if (is_readable(phpbb_realpath($sourcefile))) { $fd = fopen($sourcefile, "r"); $contents = fread($fd, filesize($sourcefile)); *************** *** 307,310 **** } // class emailer ! ?> --- 370,373 ---- } // class emailer ! ?> \ No newline at end of file diff -crN phpbb203/includes/functions.php phpbb2017/includes/functions.php *** phpbb203/includes/functions.php Sat Jul 10 20:16:19 2004 --- phpbb2017/includes/functions.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: functions.php,v 1.133.2.5 2002/07/08 10:30:41 psotfx Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: functions.php,v 1.133.2.35 2005/07/19 20:01:11 acydburn Exp $ * * ***************************************************************************/ *************** *** 74,87 **** return false; } ! function get_userdata($user) { global $db; $sql = "SELECT * FROM " . USERS_TABLE . " WHERE "; ! $sql .= ( ( is_integer($user) ) ? "user_id = $user" : "username = '" . str_replace("\'", "''", $user) . "'" ) . " AND user_id <> " . ANONYMOUS; if ( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, 'Tried obtaining data for a non-existent user', '', __LINE__, __FILE__, $sql); --- 74,135 ---- return false; } ! // added at phpBB 2.0.11 to properly format the username ! function phpbb_clean_username($username) ! { ! $username = substr(htmlspecialchars(str_replace("\'", "'", trim($username))), 0, 25); ! $username = phpbb_rtrim($username, "\\"); ! $username = str_replace("'", "\'", $username); ! ! return $username; ! } ! ! // added at phpBB 2.0.12 to fix a bug in PHP 4.3.10 (only supporting charlist in php >= 4.1.0) ! function phpbb_rtrim($str, $charlist = false) ! { ! if ($charlist === false) ! { ! return rtrim($str); ! } ! ! $php_version = explode('.', PHP_VERSION); ! ! // php version < 4.1.0 ! if ((int) $php_version[0] < 4 || ((int) $php_version[0] == 4 && (int) $php_version[1] < 1)) ! { ! while ($str{strlen($str)-1} == $charlist) ! { ! $str = substr($str, 0, strlen($str)-1); ! } ! } ! else ! { ! $str = rtrim($str, $charlist); ! } ! ! return $str; ! } ! ! // ! // Get Userdata, $user can be username or user_id. If force_str is true, the username will be forced. ! // ! function get_userdata($user, $force_str = false) { global $db; + if (!is_numeric($user) || $force_str) + { + $user = phpbb_clean_username($user); + } + else + { + $user = intval($user); + } + $sql = "SELECT * FROM " . USERS_TABLE . " WHERE "; ! $sql .= ( ( is_integer($user) ) ? "user_id = $user" : "username = '" . $user . "'" ) . " AND user_id <> " . ANONYMOUS; if ( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, 'Tried obtaining data for a non-existent user', '', __LINE__, __FILE__, $sql); *************** *** 92,98 **** function make_jumpbox($action, $match_forum_id = 0) { ! global $template, $lang, $db, $SID, $nav_links, $phpEx; // $is_auth = auth(AUTH_VIEW, AUTH_LIST_ALL, $userdata); --- 140,146 ---- function make_jumpbox($action, $match_forum_id = 0) { ! global $template, $userdata, $lang, $db, $nav_links, $phpEx, $SID; // $is_auth = auth(AUTH_VIEW, AUTH_LIST_ALL, $userdata); *************** *** 122,128 **** message_die(GENERAL_ERROR, 'Could not obtain forums information', '', __LINE__, __FILE__, $sql); } ! $boxstring = ''; $forum_rows = array(); while ( $row = $db->sql_fetchrow($result) ) *************** *** 171,183 **** } else { ! $boxstring .= ''; } ! if ( isset($SID) ) ! { ! $boxstring .= ''; ! } $template->set_filenames(array( 'jumpbox' => 'jumpbox.tpl') --- 219,232 ---- } else { ! $boxstring .= ''; } ! // Let the jumpbox work again in sites having additional session id checks. ! // if ( !empty($SID) ) ! // { ! $boxstring .= ''; ! // } $template->set_filenames(array( 'jumpbox' => 'jumpbox.tpl') *************** *** 201,206 **** --- 250,256 ---- { global $board_config, $theme, $images; global $template, $lang, $phpEx, $phpbb_root_path; + global $nav_links; if ( $userdata['user_id'] != ANONYMOUS ) { *************** *** 220,226 **** } } ! if ( !file_exists($phpbb_root_path . 'language/lang_' . $board_config['default_lang'] . '/lang_main.'.$phpEx) ) { $board_config['default_lang'] = 'english'; } --- 270,276 ---- } } ! if ( !file_exists(@phpbb_realpath($phpbb_root_path . 'language/lang_' . $board_config['default_lang'] . '/lang_main.'.$phpEx)) ) { $board_config['default_lang'] = 'english'; } *************** *** 229,235 **** if ( defined('IN_ADMIN') ) { ! if( !file_exists($phpbb_root_path . 'language/lang_' . $board_config['default_lang'] . '/lang_admin.'.$phpEx) ) { $board_config['default_lang'] = 'english'; } --- 279,285 ---- if ( defined('IN_ADMIN') ) { ! if( !file_exists(@phpbb_realpath($phpbb_root_path . 'language/lang_' . $board_config['default_lang'] . '/lang_admin.'.$phpEx)) ) { $board_config['default_lang'] = 'english'; } *************** *** 253,258 **** --- 303,331 ---- $theme = setup_style($board_config['default_style']); + // + // Mozilla navigation bar + // Default items that should be valid on all pages. + // Defined here to correctly assign the Language Variables + // and be able to change the variables within code. + // + $nav_links['top'] = array ( + 'url' => append_sid($phpbb_root_path . 'index.' . $phpEx), + 'title' => sprintf($lang['Forum_Index'], $board_config['sitename']) + ); + $nav_links['search'] = array ( + 'url' => append_sid($phpbb_root_path . 'search.' . $phpEx), + 'title' => $lang['Search'] + ); + $nav_links['help'] = array ( + 'url' => append_sid($phpbb_root_path . 'faq.' . $phpEx), + 'title' => $lang['FAQ'] + ); + $nav_links['author'] = array ( + 'url' => append_sid($phpbb_root_path . 'memberlist.' . $phpEx), + 'title' => $lang['Memberlist'] + ); + return; } *************** *** 276,282 **** $template_path = 'templates/' ; $template_name = $row['template_name'] ; ! $template = new Template($phpbb_root_path . $template_path . $template_name, $board_config, $db); if ( $template ) { --- 349,355 ---- $template_path = 'templates/' ; $template_name = $row['template_name'] ; ! $template = new Template($phpbb_root_path . $template_path . $template_name); if ( $template ) { *************** *** 288,294 **** message_die(CRITICAL_ERROR, "Could not open $template_name template config file", '', __LINE__, __FILE__); } ! $img_lang = ( file_exists($current_template_path . '/images/lang_' . $board_config['default_lang']) ) ? $board_config['default_lang'] : 'english'; while( list($key, $value) = @each($images) ) { --- 361,367 ---- message_die(CRITICAL_ERROR, "Could not open $template_name template config file", '', __LINE__, __FILE__); } ! $img_lang = ( file_exists(@phpbb_realpath($phpbb_root_path . $current_template_path . '/images/lang_' . $board_config['default_lang'])) ) ? $board_config['default_lang'] : 'english'; while( list($key, $value) = @each($images) ) { *************** *** 496,505 **** // function message_die($msg_code, $msg_text = '', $msg_title = '', $err_line = '', $err_file = '', $sql = '') { ! global $db, $template, $board_config, $theme, $lang, $phpEx, $phpbb_root_path, $nav_links, $gen_simple_header; global $userdata, $user_ip, $session_length; global $starttime; $sql_store = $sql; // --- 569,586 ---- // function message_die($msg_code, $msg_text = '', $msg_title = '', $err_line = '', $err_file = '', $sql = '') { ! global $db, $template, $board_config, $theme, $lang, $phpEx, $phpbb_root_path, $nav_links, $gen_simple_header, $images; global $userdata, $user_ip, $session_length; global $starttime; + if(defined('HAS_DIED')) + { + die("message_die() was called multiple times. This isn't supposed to happen. Was message_die() used in page_tail.php?"); + } + + define('HAS_DIED', 1); + + $sql_store = $sql; // *************** *** 524,530 **** if ( $err_line != '' && $err_file != '' ) { ! $debug_text .= '

Line : ' . $err_line . '
File : ' . $err_file; } } --- 605,611 ---- if ( $err_line != '' && $err_file != '' ) { ! $debug_text .= '

Line : ' . $err_line . '
File : ' . basename($err_file); } } *************** *** 675,678 **** --- 756,807 ---- exit; } + + // + // This function is for compatibility with PHP 4.x's realpath() + // function. In later versions of PHP, it needs to be called + // to do checks with some functions. Older versions of PHP don't + // seem to need this, so we'll just return the original value. + // dougk_ff7 + function phpbb_realpath($path) + { + global $phpbb_root_path, $phpEx; + + return (!@function_exists('realpath') || !@realpath($phpbb_root_path . 'includes/functions.'.$phpEx)) ? $path : @realpath($path); + } + + function redirect($url) + { + global $db, $board_config; + + if (!empty($db)) + { + $db->sql_close(); + } + + if (strstr(urldecode($url), "\n") || strstr(urldecode($url), "\r")) + { + message_die(GENERAL_ERROR, 'Tried to redirect to potentially insecure url.'); + } + + $server_protocol = ($board_config['cookie_secure']) ? 'https://' : 'http://'; + $server_name = preg_replace('#^\/?(.*?)\/?$#', '\1', trim($board_config['server_name'])); + $server_port = ($board_config['server_port'] <> 80) ? ':' . trim($board_config['server_port']) : ''; + $script_name = preg_replace('#^\/?(.*?)\/?$#', '\1', trim($board_config['script_path'])); + $script_name = ($script_name == '') ? $script_name : '/' . $script_name; + $url = preg_replace('#^\/?(.*?)\/?$#', '/\1', trim($url)); + + // Redirect via an HTML form for PITA webservers + if (@preg_match('/Microsoft|WebSTAR|Xitami/', getenv('SERVER_SOFTWARE'))) + { + header('Refresh: 0; URL=' . $server_protocol . $server_name . $server_port . $script_name . $url); + echo 'Redirect
If your browser does not support meta redirection please click HERE to be redirected
'; + exit; + } + + // Behave as per HTTP/1.1 spec for others + header('Location: ' . $server_protocol . $server_name . $server_port . $script_name . $url); + exit; + } + ?> diff -crN phpbb203/includes/functions_post.php phpbb2017/includes/functions_post.php *** phpbb203/includes/functions_post.php Sat Jul 10 20:16:19 2004 --- phpbb2017/includes/functions_post.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: functions_post.php,v 1.9.2.10 2002/07/19 22:18:55 psotfx Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: functions_post.php,v 1.9.2.37 2004/11/18 17:49:44 acydburn Exp $ * * ***************************************************************************/ *************** *** 20,31 **** * ***************************************************************************/ ! if ( !defined('IN_PHPBB') ) { die('Hacking attempt'); } ! $html_entities_match = array('#&#', '#<#', '#>#'); $html_entities_replace = array('&', '<', '>'); $unhtml_specialchars_match = array('#>#', '#<#', '#"#', '#&#'); --- 20,31 ---- * ***************************************************************************/ ! if (!defined('IN_PHPBB')) { die('Hacking attempt'); } ! $html_entities_match = array('#&(?!(\#[0-9]+;))#', '#<#', '#>#'); $html_entities_replace = array('&', '<', '>'); $unhtml_specialchars_match = array('#>#', '#<#', '#"#', '#&#'); *************** *** 37,52 **** // function prepare_message($message, $html_on, $bbcode_on, $smile_on, $bbcode_uid = 0) { ! global $board_config; ! global $html_entities_match, $html_entities_replace; ! global $code_entities_match, $code_entities_replace; // // Clean up the message // $message = trim($message); ! if ( $html_on ) { $allowed_html_tags = split(',', $board_config['allow_html_tags']); --- 37,50 ---- // function prepare_message($message, $html_on, $bbcode_on, $smile_on, $bbcode_uid = 0) { ! global $board_config, $html_entities_match, $html_entities_replace; // // Clean up the message // $message = trim($message); ! if ($html_on) { $allowed_html_tags = split(',', $board_config['allow_html_tags']); *************** *** 55,86 **** $tmp_message = ''; $message = ' ' . $message . ' '; ! while ( $start_html = strpos($message, '<', $start_html) ) { ! $tmp_message .= preg_replace($html_entities_match, $html_entities_replace, substr($message, $end_html + 1, ( $start_html - $end_html - 1 ))); ! if ( $end_html = strpos($message, '>', $start_html) ) { $length = $end_html - $start_html + 1; $hold_string = substr($message, $start_html, $length); ! if ( ( $unclosed_open = strrpos(' ' . $hold_string, '<') ) != 1 ) { $tmp_message .= preg_replace($html_entities_match, $html_entities_replace, substr($hold_string, 0, $unclosed_open - 1)); $hold_string = substr($hold_string, $unclosed_open - 1); } $tagallowed = false; ! for($i = 0; $i < sizeof($allowed_html_tags); $i++) { $match_tag = trim($allowed_html_tags[$i]); ! if ( preg_match('/^<\/?' . $match_tag . '(?!(\s*)style(\s*)\\=)/i', $hold_string) ) { ! $tagallowed = true; } } ! $tmp_message .= ( $length && !$tagallowed ) ? preg_replace($html_entities_match, $html_entities_replace, $hold_string) : $hold_string; $start_html += $length; } --- 53,84 ---- $tmp_message = ''; $message = ' ' . $message . ' '; ! while ($start_html = strpos($message, '<', $start_html)) { ! $tmp_message .= preg_replace($html_entities_match, $html_entities_replace, substr($message, $end_html + 1, ($start_html - $end_html - 1))); ! if ($end_html = strpos($message, '>', $start_html)) { $length = $end_html - $start_html + 1; $hold_string = substr($message, $start_html, $length); ! if (($unclosed_open = strrpos(' ' . $hold_string, '<')) != 1) { $tmp_message .= preg_replace($html_entities_match, $html_entities_replace, substr($hold_string, 0, $unclosed_open - 1)); $hold_string = substr($hold_string, $unclosed_open - 1); } $tagallowed = false; ! for ($i = 0; $i < sizeof($allowed_html_tags); $i++) { $match_tag = trim($allowed_html_tags[$i]); ! if (preg_match('#^<\/?' . $match_tag . '[> ]#i', $hold_string)) { ! $tagallowed = (preg_match('#^<\/?' . $match_tag . ' .*?(style[\t ]*?=|on[\w]+[\t ]*?=)#i', $hold_string)) ? false : true; } } ! $tmp_message .= ($length && !$tagallowed) ? preg_replace($html_entities_match, $html_entities_replace, $hold_string) : $hold_string; $start_html += $length; } *************** *** 93,111 **** } } ! if ( $end_html != strlen($message) && $tmp_message != '' ) { $tmp_message .= preg_replace($html_entities_match, $html_entities_replace, substr($message, $end_html + 1)); } ! $message = ( $tmp_message != '' ) ? trim($tmp_message) : trim($message); } else { $message = preg_replace($html_entities_match, $html_entities_replace, $message); } ! if( $bbcode_on && $bbcode_uid != '' ) { $message = bbencode_first_pass($message, $bbcode_uid); } --- 91,109 ---- } } ! if (!$end_html || ($end_html != strlen($message) && $tmp_message != '')) { $tmp_message .= preg_replace($html_entities_match, $html_entities_replace, substr($message, $end_html + 1)); } ! $message = ($tmp_message != '') ? trim($tmp_message) : trim($message); } else { $message = preg_replace($html_entities_match, $html_entities_replace, $message); } ! if($bbcode_on && $bbcode_uid != '') { $message = bbencode_first_pass($message, $bbcode_uid); } *************** *** 128,206 **** global $board_config, $userdata, $lang, $phpEx, $phpbb_root_path; // Check username ! if ( !empty($username) ) { ! $username = htmlspecialchars(trim(strip_tags($username))); ! if ( !$userdata['session_logged_in'] || ( $userdata['session_logged_in'] && $username != $userdata['username'] ) ) { include($phpbb_root_path . 'includes/functions_validate.'.$phpEx); $result = validate_username($username); ! if ( $result['error'] ) { ! $error_msg .= ( !empty($error_msg) ) ? '
' . $result['error_msg'] : $result['error_msg']; } } } // Check subject ! if ( !empty($subject) ) { $subject = htmlspecialchars(trim($subject)); } ! else if ( $mode == 'newtopic' || ( $mode == 'editpost' && $post_data['first_post'] ) ) { ! $error_msg .= ( !empty($error_msg) ) ? '
' . $lang['Empty_subject'] : $lang['Empty_subject']; } // Check message ! if ( !empty($message) ) { ! $bbcode_uid = ( $bbcode_on ) ? make_bbcode_uid() : ''; $message = prepare_message(trim($message), $html_on, $bbcode_on, $smilies_on, $bbcode_uid); } ! else if ( $mode != 'delete' && $mode != 'polldelete' ) { ! $error_msg .= ( !empty($error_msg) ) ? '
' . $lang['Empty_message'] : $lang['Empty_message']; } // // Handle poll stuff // ! if ( $mode == 'newtopic' || ( $mode == 'editpost' && $post_data['first_post'] ) ) { ! $poll_length = ( isset($poll_length) ) ? max(0, intval($poll_length)) : 0; ! if ( !empty($poll_title) ) { $poll_title = htmlspecialchars(trim($poll_title)); } ! if( !empty($poll_options) ) { $temp_option_text = array(); ! while( list($option_id, $option_text) = @each($poll_options) ) { $option_text = trim($option_text); ! if ( !empty($option_text) ) { $temp_option_text[$option_id] = htmlspecialchars($option_text); } } $option_text = $temp_option_text; ! if ( count($poll_options) < 2 ) { ! $error_msg .= ( !empty($error_msg) ) ? '
' . $lang['To_few_poll_options'] : $lang['To_few_poll_options']; } ! else if ( count($poll_options) > $board_config['max_poll_options'] ) { ! $error_msg .= ( !empty($error_msg) ) ? '
' . $lang['To_many_poll_options'] : $lang['To_many_poll_options']; } ! else if ( $poll_title == '' ) { ! $error_msg .= ( !empty($error_msg) ) ? '
' . $lang['Empty_poll_title'] : $lang['Empty_poll_title']; } } } --- 126,208 ---- global $board_config, $userdata, $lang, $phpEx, $phpbb_root_path; // Check username ! if (!empty($username)) { ! $username = phpbb_clean_username($username); ! if (!$userdata['session_logged_in'] || ($userdata['session_logged_in'] && $username != $userdata['username'])) { include($phpbb_root_path . 'includes/functions_validate.'.$phpEx); $result = validate_username($username); ! if ($result['error']) { ! $error_msg .= (!empty($error_msg)) ? '
' . $result['error_msg'] : $result['error_msg']; } } + else + { + $username = ''; + } } // Check subject ! if (!empty($subject)) { $subject = htmlspecialchars(trim($subject)); } ! else if ($mode == 'newtopic' || ($mode == 'editpost' && $post_data['first_post'])) { ! $error_msg .= (!empty($error_msg)) ? '
' . $lang['Empty_subject'] : $lang['Empty_subject']; } // Check message ! if (!empty($message)) { ! $bbcode_uid = ($bbcode_on) ? make_bbcode_uid() : ''; $message = prepare_message(trim($message), $html_on, $bbcode_on, $smilies_on, $bbcode_uid); } ! else if ($mode != 'delete' && $mode != 'poll_delete') { ! $error_msg .= (!empty($error_msg)) ? '
' . $lang['Empty_message'] : $lang['Empty_message']; } // // Handle poll stuff // ! if ($mode == 'newtopic' || ($mode == 'editpost' && $post_data['first_post'])) { ! $poll_length = (isset($poll_length)) ? max(0, intval($poll_length)) : 0; ! if (!empty($poll_title)) { $poll_title = htmlspecialchars(trim($poll_title)); } ! if(!empty($poll_options)) { $temp_option_text = array(); ! while(list($option_id, $option_text) = @each($poll_options)) { $option_text = trim($option_text); ! if (!empty($option_text)) { $temp_option_text[$option_id] = htmlspecialchars($option_text); } } $option_text = $temp_option_text; ! if (count($poll_options) < 2) { ! $error_msg .= (!empty($error_msg)) ? '
' . $lang['To_few_poll_options'] : $lang['To_few_poll_options']; } ! else if (count($poll_options) > $board_config['max_poll_options']) { ! $error_msg .= (!empty($error_msg)) ? '
' . $lang['To_many_poll_options'] : $lang['To_many_poll_options']; } ! else if ($poll_title == '') { ! $error_msg .= (!empty($error_msg)) ? '
' . $lang['Empty_poll_title'] : $lang['Empty_poll_title']; } } } *************** *** 220,316 **** $current_time = time(); ! if ( $mode == 'newtopic' || $mode == 'reply' ) { // // Flood control // ! $where_sql = ( $userdata['user_id'] == ANONYMOUS ) ? "poster_ip = '$user_ip'" : 'poster_id = ' . $userdata['user_id']; $sql = "SELECT MAX(post_time) AS last_post_time FROM " . POSTS_TABLE . " WHERE $where_sql"; ! if ( $result = $db->sql_query($sql) ) { ! if ( $row = $db->sql_fetchrow($result) ) { ! if ( $row['last_post_time'] > 0 && ( $current_time - $row['last_post_time'] ) < $board_config['flood_interval'] ) { message_die(GENERAL_MESSAGE, $lang['Flood_Error']); } } } } ! else if ( $mode == 'editpost' ) { remove_search_post($post_id); } ! if ( $mode == 'newtopic' || ( $mode == 'editpost' && $post_data['first_post'] ) ) { ! $topic_vote = ( !empty($poll_title) && count($poll_options) >= 2 ) ? 1 : 0; ! $sql = ( $mode != "editpost" ) ? "INSERT INTO " . TOPICS_TABLE . " (topic_title, topic_poster, topic_time, forum_id, topic_status, topic_type, topic_vote) VALUES ('$post_subject', " . $userdata['user_id'] . ", $current_time, $forum_id, " . TOPIC_UNLOCKED . ", $topic_type, $topic_vote)" : "UPDATE " . TOPICS_TABLE . " SET topic_title = '$post_subject', topic_type = $topic_type, topic_vote = $topic_vote WHERE topic_id = $topic_id"; ! if ( !$db->sql_query($sql) ) { message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql); } ! if ( $mode == 'newtopic' ) { $topic_id = $db->sql_nextid(); } } ! $edited_sql = ( $mode == 'editpost' && !$post_data['last_post'] && $post_data['poster_post'] ) ? ", post_edit_time = $current_time, post_edit_count = post_edit_count + 1 " : ""; ! $sql = ( $mode != "editpost" ) ? "INSERT INTO " . POSTS_TABLE . " (topic_id, forum_id, poster_id, post_username, post_time, poster_ip, enable_bbcode, enable_html, enable_smilies, enable_sig) VALUES ($topic_id, $forum_id, " . $userdata['user_id'] . ", '$post_username', $current_time, '$user_ip', $bbcode_on, $html_on, $smilies_on, $attach_sig)" : "UPDATE " . POSTS_TABLE . " SET enable_bbcode = $bbcode_on, enable_html = $html_on, enable_smilies = $smilies_on, enable_sig = $attach_sig" . $edited_sql . " WHERE post_id = $post_id"; ! if ( !$db->sql_query($sql, BEGIN_TRANSACTION) ) { message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql); } ! if ( $mode != 'editpost' ) { $post_id = $db->sql_nextid(); } ! $sql = ( $mode != 'editpost' ) ? "INSERT INTO " . POSTS_TEXT_TABLE . " (post_id, post_subject, bbcode_uid, post_text) VALUES ($post_id, '$post_subject', '$bbcode_uid', '$post_message')" : "UPDATE " . POSTS_TEXT_TABLE . " SET post_text = '$post_message', bbcode_uid = '$bbcode_uid', post_subject = '$post_subject' WHERE post_id = $post_id"; ! if ( !$db->sql_query($sql) ) { message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql); } ! add_search_words($post_id, stripslashes($post_message), stripslashes($post_subject)); // // Add poll // ! if ( ( $mode == 'newtopic' || $mode == 'editpost' ) && !empty($poll_title) && count($poll_options) >= 2 ) { ! $sql = ( !$post_data['has_poll'] ) ? "INSERT INTO " . VOTE_DESC_TABLE . " (topic_id, vote_text, vote_start, vote_length) VALUES ($topic_id, '$poll_title', $current_time, " . ( $poll_length * 86400 ) . ")" : "UPDATE " . VOTE_DESC_TABLE . " SET vote_text = '$poll_title', vote_length = " . ( $poll_length * 86400 ) . " WHERE topic_id = $topic_id"; ! if ( !$db->sql_query($sql) ) { message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql); } $delete_option_sql = ''; $old_poll_result = array(); ! if ( $mode == 'editpost' && $post_data['has_poll'] ) { $sql = "SELECT vote_option_id, vote_result FROM " . VOTE_RESULTS_TABLE . " WHERE vote_id = $poll_id ORDER BY vote_option_id ASC"; ! if ( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, 'Could not obtain vote data results for this topic', '', __LINE__, __FILE__, $sql); } ! while ( $row = $db->sql_fetchrow($result) ) { $old_poll_result[$row['vote_option_id']] = $row['vote_result']; ! if ( !isset($poll_options[$row['vote_option_id']]) ) { ! $delete_option_sql .= ( $delete_option_sql != '' ) ? ', ' . $row['vote_option_id'] : $row['vote_option_id']; } } } --- 222,320 ---- $current_time = time(); ! if ($mode == 'newtopic' || $mode == 'reply' || $mode == 'editpost') { // // Flood control // ! $where_sql = ($userdata['user_id'] == ANONYMOUS) ? "poster_ip = '$user_ip'" : 'poster_id = ' . $userdata['user_id']; $sql = "SELECT MAX(post_time) AS last_post_time FROM " . POSTS_TABLE . " WHERE $where_sql"; ! if ($result = $db->sql_query($sql)) { ! if ($row = $db->sql_fetchrow($result)) { ! if (intval($row['last_post_time']) > 0 && ($current_time - intval($row['last_post_time'])) < intval($board_config['flood_interval'])) { message_die(GENERAL_MESSAGE, $lang['Flood_Error']); } } } } ! ! if ($mode == 'editpost') { remove_search_post($post_id); } ! if ($mode == 'newtopic' || ($mode == 'editpost' && $post_data['first_post'])) { ! $topic_vote = (!empty($poll_title) && count($poll_options) >= 2) ? 1 : 0; ! ! $sql = ($mode != "editpost") ? "INSERT INTO " . TOPICS_TABLE . " (topic_title, topic_poster, topic_time, forum_id, topic_status, topic_type, topic_vote) VALUES ('$post_subject', " . $userdata['user_id'] . ", $current_time, $forum_id, " . TOPIC_UNLOCKED . ", $topic_type, $topic_vote)" : "UPDATE " . TOPICS_TABLE . " SET topic_title = '$post_subject', topic_type = $topic_type " . (($post_data['edit_vote'] || !empty($poll_title)) ? ", topic_vote = " . $topic_vote : "") . " WHERE topic_id = $topic_id"; ! if (!$db->sql_query($sql)) { message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql); } ! if ($mode == 'newtopic') { $topic_id = $db->sql_nextid(); } } ! $edited_sql = ($mode == 'editpost' && !$post_data['last_post'] && $post_data['poster_post']) ? ", post_edit_time = $current_time, post_edit_count = post_edit_count + 1 " : ""; ! $sql = ($mode != "editpost") ? "INSERT INTO " . POSTS_TABLE . " (topic_id, forum_id, poster_id, post_username, post_time, poster_ip, enable_bbcode, enable_html, enable_smilies, enable_sig) VALUES ($topic_id, $forum_id, " . $userdata['user_id'] . ", '$post_username', $current_time, '$user_ip', $bbcode_on, $html_on, $smilies_on, $attach_sig)" : "UPDATE " . POSTS_TABLE . " SET post_username = '$post_username', enable_bbcode = $bbcode_on, enable_html = $html_on, enable_smilies = $smilies_on, enable_sig = $attach_sig" . $edited_sql . " WHERE post_id = $post_id"; ! if (!$db->sql_query($sql, BEGIN_TRANSACTION)) { message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql); } ! if ($mode != 'editpost') { $post_id = $db->sql_nextid(); } ! $sql = ($mode != 'editpost') ? "INSERT INTO " . POSTS_TEXT_TABLE . " (post_id, post_subject, bbcode_uid, post_text) VALUES ($post_id, '$post_subject', '$bbcode_uid', '$post_message')" : "UPDATE " . POSTS_TEXT_TABLE . " SET post_text = '$post_message', bbcode_uid = '$bbcode_uid', post_subject = '$post_subject' WHERE post_id = $post_id"; ! if (!$db->sql_query($sql)) { message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql); } ! add_search_words('single', $post_id, stripslashes($post_message), stripslashes($post_subject)); // // Add poll // ! if (($mode == 'newtopic' || ($mode == 'editpost' && $post_data['edit_poll'])) && !empty($poll_title) && count($poll_options) >= 2) { ! $sql = (!$post_data['has_poll']) ? "INSERT INTO " . VOTE_DESC_TABLE . " (topic_id, vote_text, vote_start, vote_length) VALUES ($topic_id, '$poll_title', $current_time, " . ($poll_length * 86400) . ")" : "UPDATE " . VOTE_DESC_TABLE . " SET vote_text = '$poll_title', vote_length = " . ($poll_length * 86400) . " WHERE topic_id = $topic_id"; ! if (!$db->sql_query($sql)) { message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql); } $delete_option_sql = ''; $old_poll_result = array(); ! if ($mode == 'editpost' && $post_data['has_poll']) { $sql = "SELECT vote_option_id, vote_result FROM " . VOTE_RESULTS_TABLE . " WHERE vote_id = $poll_id ORDER BY vote_option_id ASC"; ! if (!($result = $db->sql_query($sql))) { message_die(GENERAL_ERROR, 'Could not obtain vote data results for this topic', '', __LINE__, __FILE__, $sql); } ! while ($row = $db->sql_fetchrow($result)) { $old_poll_result[$row['vote_option_id']] = $row['vote_result']; ! if (!isset($poll_options[$row['vote_option_id']])) { ! $delete_option_sql .= ($delete_option_sql != '') ? ', ' . $row['vote_option_id'] : $row['vote_option_id']; } } } *************** *** 322,336 **** @reset($poll_options); $poll_option_id = 1; ! while ( list($option_id, $option_text) = each($poll_options) ) { ! if ( !empty($option_text) ) { ! $option_text = str_replace("\'", "''", $option_text); ! $poll_result = ( $mode == "editpost" && isset($old_poll_result[$option_id]) ) ? $old_poll_result[$option_id] : 0; ! $sql = ( $mode != "editpost" || !isset($old_poll_result[$option_id]) ) ? "INSERT INTO " . VOTE_RESULTS_TABLE . " (vote_id, vote_option_id, vote_option_text, vote_result) VALUES ($poll_id, $poll_option_id, '$option_text', $poll_result)" : "UPDATE " . VOTE_RESULTS_TABLE . " SET vote_option_text = '$option_text', vote_result = $poll_result WHERE vote_option_id = $option_id AND vote_id = $poll_id"; ! if ( !$db->sql_query($sql) ) { message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql); } --- 326,340 ---- @reset($poll_options); $poll_option_id = 1; ! while (list($option_id, $option_text) = each($poll_options)) { ! if (!empty($option_text)) { ! $option_text = str_replace("\'", "''", htmlspecialchars($option_text)); ! $poll_result = ($mode == "editpost" && isset($old_poll_result[$option_id])) ? $old_poll_result[$option_id] : 0; ! $sql = ($mode != "editpost" || !isset($old_poll_result[$option_id])) ? "INSERT INTO " . VOTE_RESULTS_TABLE . " (vote_id, vote_option_id, vote_option_text, vote_result) VALUES ($poll_id, $poll_option_id, '$option_text', $poll_result)" : "UPDATE " . VOTE_RESULTS_TABLE . " SET vote_option_text = '$option_text', vote_result = $poll_result WHERE vote_option_id = $option_id AND vote_id = $poll_id"; ! if (!$db->sql_query($sql)) { message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql); } *************** *** 338,349 **** } } ! if ( $delete_option_sql != '' ) { $sql = "DELETE FROM " . VOTE_RESULTS_TABLE . " WHERE vote_option_id IN ($delete_option_sql) AND vote_id = $poll_id"; ! if ( !$db->sql_query($sql) ) { message_die(GENERAL_ERROR, 'Error deleting pruned poll options', '', __LINE__, __FILE__, $sql); } --- 342,353 ---- } } ! if ($delete_option_sql != '') { $sql = "DELETE FROM " . VOTE_RESULTS_TABLE . " WHERE vote_option_id IN ($delete_option_sql) AND vote_id = $poll_id"; ! if (!$db->sql_query($sql)) { message_die(GENERAL_ERROR, 'Error deleting pruned poll options', '', __LINE__, __FILE__, $sql); } *************** *** 363,377 **** { global $db; ! $sign = ( $mode == 'delete' ) ? '- 1' : '+ 1'; $forum_update_sql = "forum_posts = forum_posts $sign"; $topic_update_sql = ''; ! if ( $mode == 'delete' ) { ! if ( $post_data['last_post'] ) { ! if ( $post_data['first_post'] ) { $forum_update_sql .= ', forum_topics = forum_topics - 1'; } --- 367,381 ---- { global $db; ! $sign = ($mode == 'delete') ? '- 1' : '+ 1'; $forum_update_sql = "forum_posts = forum_posts $sign"; $topic_update_sql = ''; ! if ($mode == 'delete') { ! if ($post_data['last_post']) { ! if ($post_data['first_post']) { $forum_update_sql .= ', forum_topics = forum_topics - 1'; } *************** *** 383,426 **** $sql = "SELECT MAX(post_id) AS last_post_id FROM " . POSTS_TABLE . " WHERE topic_id = $topic_id"; ! if ( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, 'Error in deleting post', '', __LINE__, __FILE__, $sql); } ! if ( $row = $db->sql_fetchrow($result) ) { $topic_update_sql .= ', topic_last_post_id = ' . $row['last_post_id']; } } ! if ( $post_data['last_topic'] ) { $sql = "SELECT MAX(post_id) AS last_post_id FROM " . POSTS_TABLE . " WHERE forum_id = $forum_id"; ! if ( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, 'Error in deleting post', '', __LINE__, __FILE__, $sql); } ! if ( $row = $db->sql_fetchrow($result) ) { ! $forum_update_sql .= ( $row['last_post_id'] ) ? ', forum_last_post_id = ' . $row['last_post_id'] : ', forum_last_post_id = 0'; } } } ! else if ( $post_data['first_post'] ) { $sql = "SELECT MIN(post_id) AS first_post_id FROM " . POSTS_TABLE . " WHERE topic_id = $topic_id"; ! if ( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, 'Error in deleting post', '', __LINE__, __FILE__, $sql); } ! if ( $row = $db->sql_fetchrow($result) ) { $topic_update_sql .= 'topic_replies = topic_replies - 1, topic_first_post_id = ' . $row['first_post_id']; } --- 387,430 ---- $sql = "SELECT MAX(post_id) AS last_post_id FROM " . POSTS_TABLE . " WHERE topic_id = $topic_id"; ! if (!($result = $db->sql_query($sql))) { message_die(GENERAL_ERROR, 'Error in deleting post', '', __LINE__, __FILE__, $sql); } ! if ($row = $db->sql_fetchrow($result)) { $topic_update_sql .= ', topic_last_post_id = ' . $row['last_post_id']; } } ! if ($post_data['last_topic']) { $sql = "SELECT MAX(post_id) AS last_post_id FROM " . POSTS_TABLE . " WHERE forum_id = $forum_id"; ! if (!($result = $db->sql_query($sql))) { message_die(GENERAL_ERROR, 'Error in deleting post', '', __LINE__, __FILE__, $sql); } ! if ($row = $db->sql_fetchrow($result)) { ! $forum_update_sql .= ($row['last_post_id']) ? ', forum_last_post_id = ' . $row['last_post_id'] : ', forum_last_post_id = 0'; } } } ! else if ($post_data['first_post']) { $sql = "SELECT MIN(post_id) AS first_post_id FROM " . POSTS_TABLE . " WHERE topic_id = $topic_id"; ! if (!($result = $db->sql_query($sql))) { message_die(GENERAL_ERROR, 'Error in deleting post', '', __LINE__, __FILE__, $sql); } ! if ($row = $db->sql_fetchrow($result)) { $topic_update_sql .= 'topic_replies = topic_replies - 1, topic_first_post_id = ' . $row['first_post_id']; } *************** *** 430,439 **** $topic_update_sql .= 'topic_replies = topic_replies - 1'; } } ! else if ( $mode != 'poll_delete' ) { ! $forum_update_sql .= ", forum_last_post_id = $post_id" . ( ( $mode == 'newtopic' ) ? ", forum_topics = forum_topics $sign" : "" ); ! $topic_update_sql = "topic_last_post_id = $post_id" . ( ( $mode == 'reply' ) ? ", topic_replies = topic_replies $sign" : ", topic_first_post_id = $post_id" ); } else { --- 434,443 ---- $topic_update_sql .= 'topic_replies = topic_replies - 1'; } } ! else if ($mode != 'poll_delete') { ! $forum_update_sql .= ", forum_last_post_id = $post_id" . (($mode == 'newtopic') ? ", forum_topics = forum_topics $sign" : ""); ! $topic_update_sql = "topic_last_post_id = $post_id" . (($mode == 'reply') ? ", topic_replies = topic_replies $sign" : ", topic_first_post_id = $post_id"); } else { *************** *** 443,471 **** $sql = "UPDATE " . FORUMS_TABLE . " SET $forum_update_sql WHERE forum_id = $forum_id"; ! if ( !$db->sql_query($sql) ) { message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql); } ! if ( $topic_update_sql != '' ) { $sql = "UPDATE " . TOPICS_TABLE . " SET $topic_update_sql ! WHERE topic_id = $topic_id ! OR topic_moved_id = $topic_id"; ! if ( !$db->sql_query($sql) ) { message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql); } } ! if ( $mode != 'poll_delete' ) { $sql = "UPDATE " . USERS_TABLE . " SET user_posts = user_posts $sign WHERE user_id = $user_id"; ! if ( !$db->sql_query($sql, END_TRANSACTION) ) { message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql); } --- 447,474 ---- $sql = "UPDATE " . FORUMS_TABLE . " SET $forum_update_sql WHERE forum_id = $forum_id"; ! if (!$db->sql_query($sql)) { message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql); } ! if ($topic_update_sql != '') { $sql = "UPDATE " . TOPICS_TABLE . " SET $topic_update_sql ! WHERE topic_id = $topic_id"; ! if (!$db->sql_query($sql)) { message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql); } } ! if ($mode != 'poll_delete') { $sql = "UPDATE " . USERS_TABLE . " SET user_posts = user_posts $sign WHERE user_id = $user_id"; ! if (!$db->sql_query($sql, END_TRANSACTION)) { message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql); } *************** *** 482,521 **** global $board_config, $lang, $db, $phpbb_root_path, $phpEx; global $userdata, $user_ip; ! include($phpbb_root_path . 'includes/functions_search.'.$phpEx); ! ! if ( $mode != 'poll_delete' ) { $sql = "DELETE FROM " . POSTS_TABLE . " WHERE post_id = $post_id"; ! if ( !$db->sql_query($sql) ) { message_die(GENERAL_ERROR, 'Error in deleting post', '', __LINE__, __FILE__, $sql); } $sql = "DELETE FROM " . POSTS_TEXT_TABLE . " WHERE post_id = $post_id"; ! if ( !$db->sql_query($sql) ) { message_die(GENERAL_ERROR, 'Error in deleting post', '', __LINE__, __FILE__, $sql); } ! if ( $post_data['last_post'] ) { ! if ( $post_data['first_post'] ) { $forum_update_sql .= ', forum_topics = forum_topics - 1'; $sql = "DELETE FROM " . TOPICS_TABLE . " WHERE topic_id = $topic_id OR topic_moved_id = $topic_id"; ! if ( !$db->sql_query($sql) ) { message_die(GENERAL_ERROR, 'Error in deleting post', '', __LINE__, __FILE__, $sql); } $sql = "DELETE FROM " . TOPICS_WATCH_TABLE . " WHERE topic_id = $topic_id"; ! if ( !$db->sql_query($sql) ) { message_die(GENERAL_ERROR, 'Error in deleting post', '', __LINE__, __FILE__, $sql); } --- 485,524 ---- global $board_config, $lang, $db, $phpbb_root_path, $phpEx; global $userdata, $user_ip; ! if ($mode != 'poll_delete') { + include($phpbb_root_path . 'includes/functions_search.'.$phpEx); + $sql = "DELETE FROM " . POSTS_TABLE . " WHERE post_id = $post_id"; ! if (!$db->sql_query($sql)) { message_die(GENERAL_ERROR, 'Error in deleting post', '', __LINE__, __FILE__, $sql); } $sql = "DELETE FROM " . POSTS_TEXT_TABLE . " WHERE post_id = $post_id"; ! if (!$db->sql_query($sql)) { message_die(GENERAL_ERROR, 'Error in deleting post', '', __LINE__, __FILE__, $sql); } ! if ($post_data['last_post']) { ! if ($post_data['first_post']) { $forum_update_sql .= ', forum_topics = forum_topics - 1'; $sql = "DELETE FROM " . TOPICS_TABLE . " WHERE topic_id = $topic_id OR topic_moved_id = $topic_id"; ! if (!$db->sql_query($sql)) { message_die(GENERAL_ERROR, 'Error in deleting post', '', __LINE__, __FILE__, $sql); } $sql = "DELETE FROM " . TOPICS_WATCH_TABLE . " WHERE topic_id = $topic_id"; ! if (!$db->sql_query($sql)) { message_die(GENERAL_ERROR, 'Error in deleting post', '', __LINE__, __FILE__, $sql); } *************** *** 525,555 **** remove_search_post($post_id); } ! if ( $mode == 'poll_delete' || ( $mode == 'delete' && $post_data['first_post'] && $post_data['last_post'] ) && $post_data['has_poll'] && $post_data['edit_poll'] ) { $sql = "DELETE FROM " . VOTE_DESC_TABLE . " WHERE topic_id = $topic_id"; ! if ( !$db->sql_query($sql) ) { message_die(GENERAL_ERROR, 'Error in deleting poll', '', __LINE__, __FILE__, $sql); } $sql = "DELETE FROM " . VOTE_RESULTS_TABLE . " WHERE vote_id = $poll_id"; ! if ( !$db->sql_query($sql) ) { message_die(GENERAL_ERROR, 'Error in deleting poll', '', __LINE__, __FILE__, $sql); } $sql = "DELETE FROM " . VOTE_USERS_TABLE . " WHERE vote_id = $poll_id"; ! if ( !$db->sql_query($sql) ) { message_die(GENERAL_ERROR, 'Error in deleting poll', '', __LINE__, __FILE__, $sql); } } ! if ( $mode == 'delete' && $post_data['first_post'] && $post_data['last_post'] ) { $meta = ''; $message = $lang['Deleted']; --- 528,558 ---- remove_search_post($post_id); } ! if ($mode == 'poll_delete' || ($mode == 'delete' && $post_data['first_post'] && $post_data['last_post']) && $post_data['has_poll'] && $post_data['edit_poll']) { $sql = "DELETE FROM " . VOTE_DESC_TABLE . " WHERE topic_id = $topic_id"; ! if (!$db->sql_query($sql)) { message_die(GENERAL_ERROR, 'Error in deleting poll', '', __LINE__, __FILE__, $sql); } $sql = "DELETE FROM " . VOTE_RESULTS_TABLE . " WHERE vote_id = $poll_id"; ! if (!$db->sql_query($sql)) { message_die(GENERAL_ERROR, 'Error in deleting poll', '', __LINE__, __FILE__, $sql); } $sql = "DELETE FROM " . VOTE_USERS_TABLE . " WHERE vote_id = $poll_id"; ! if (!$db->sql_query($sql)) { message_die(GENERAL_ERROR, 'Error in deleting poll', '', __LINE__, __FILE__, $sql); } } ! if ($mode == 'delete' && $post_data['first_post'] && $post_data['last_post']) { $meta = ''; $message = $lang['Deleted']; *************** *** 557,563 **** else { $meta = ''; ! $message = ( ( $mode == 'poll_delete' ) ? $lang['Poll_delete'] : $lang['Deleted'] ) . '

' . sprintf($lang['Click_return_topic'], '', ''); } $message .= '

' . sprintf($lang['Click_return_forum'], '', ''); --- 560,566 ---- else { $meta = ''; ! $message = (($mode == 'poll_delete') ? $lang['Poll_delete'] : $lang['Deleted']) . '

' . sprintf($lang['Click_return_topic'], '', ''); } $message .= '

' . sprintf($lang['Click_return_forum'], '', ''); *************** *** 568,655 **** // // Handle user notification on new post // ! function user_notification($mode, &$post_data, &$forum_id, &$topic_id, &$post_id, &$notify_user) { global $board_config, $lang, $db, $phpbb_root_path, $phpEx; global $userdata, $user_ip; $current_time = time(); ! if ( $mode == 'delete' ) { ! $delete_sql = ( !$post_data['first_post'] && !$post_data['last_post'] ) ? " AND user_id = " . $userdata['user_id'] : ''; $sql = "DELETE FROM " . TOPICS_WATCH_TABLE . " WHERE topic_id = $topic_id" . $delete_sql; ! if ( !$db->sql_query($sql) ) { message_die(GENERAL_ERROR, 'Could not change topic notify data', '', __LINE__, __FILE__, $sql); } } else { ! if ( $mode == 'reply' ) { $sql = "SELECT ban_userid FROM " . BANLIST_TABLE; ! if ( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, 'Could not obtain banlist', '', __LINE__, __FILE__, $sql); } $user_id_sql = ''; ! while ( $row = $db->sql_fetchrow($result) ) { ! if ( isset($row['ban_userid']) ) { ! $user_id_sql = ', ' . $row['ban_userid']; } } ! $sql = "SELECT u.user_id, u.username, u.user_email, u.user_lang, t.topic_title ! FROM " . TOPICS_WATCH_TABLE . " tw, " . TOPICS_TABLE . " t, " . USERS_TABLE . " u WHERE tw.topic_id = $topic_id ! AND tw.user_id NOT IN (" . $userdata['user_id'] . ", " . ANONYMOUS . $user_id_sql . " ) AND tw.notify_status = " . TOPIC_WATCH_UN_NOTIFIED . " - AND t.topic_id = tw.topic_id AND u.user_id = tw.user_id"; ! if ( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, 'Could not obtain list of topic watchers', '', __LINE__, __FILE__, $sql); } - $orig_word = array(); - $replacement_word = array(); - obtain_word_list($orig_word, $replacement_word); - - include($phpbb_root_path . 'includes/emailer.'.$phpEx); - $emailer = new emailer($board_config['smtp_delivery']); - - $script_name = preg_replace('/^\/?(.*?)\/?$/', '\1', trim($board_config['script_path'])); - $script_name = ( $script_name != '' ) ? $script_name . '/viewtopic.'.$phpEx : 'viewtopic.'.$phpEx; - $server_name = trim($board_config['server_name']); - $server_protocol = ( $board_config['cookie_secure'] ) ? 'https://' : 'http://'; - $server_port = ( $board_config['server_port'] <> 80 ) ? ':' . trim($board_config['server_port']) . '/' : '/'; - - $email_headers = 'From: ' . $board_config['board_email'] . "\nReturn-Path: " . $board_config['board_email'] . "\n"; - $update_watched_sql = ''; ! if ( $row = $db->sql_fetchrow($result) ) { ! @set_time_limit(120); ! ! $topic_title = preg_replace($orig_word, $replacement_word, unprepare_message($row['topic_title'])); do { ! if ( $row['user_email'] != '' ) { ! $emailer->use_template('topic_notify', $row['user_lang']); ! $emailer->email_address($row['user_email']); ! $emailer->set_subject(); ! $emailer->extra_headers($email_headers); $emailer->assign_vars(array( ! 'EMAIL_SIG' => str_replace('
', "\n", "-- \n" . $board_config['board_email_sig']), ! 'USERNAME' => $row['username'], 'SITENAME' => $board_config['sitename'], 'TOPIC_TITLE' => $topic_title, --- 571,696 ---- // // Handle user notification on new post // ! function user_notification($mode, &$post_data, &$topic_title, &$forum_id, &$topic_id, &$post_id, &$notify_user) { global $board_config, $lang, $db, $phpbb_root_path, $phpEx; global $userdata, $user_ip; $current_time = time(); ! if ($mode == 'delete') { ! $delete_sql = (!$post_data['first_post'] && !$post_data['last_post']) ? " AND user_id = " . $userdata['user_id'] : ''; $sql = "DELETE FROM " . TOPICS_WATCH_TABLE . " WHERE topic_id = $topic_id" . $delete_sql; ! if (!$db->sql_query($sql)) { message_die(GENERAL_ERROR, 'Could not change topic notify data', '', __LINE__, __FILE__, $sql); } } else { ! if ($mode == 'reply') { $sql = "SELECT ban_userid FROM " . BANLIST_TABLE; ! if (!($result = $db->sql_query($sql))) { message_die(GENERAL_ERROR, 'Could not obtain banlist', '', __LINE__, __FILE__, $sql); } $user_id_sql = ''; ! while ($row = $db->sql_fetchrow($result)) { ! if (isset($row['ban_userid']) && !empty($row['ban_userid'])) { ! $user_id_sql .= ', ' . $row['ban_userid']; } } ! $sql = "SELECT u.user_id, u.user_email, u.user_lang ! FROM " . TOPICS_WATCH_TABLE . " tw, " . USERS_TABLE . " u WHERE tw.topic_id = $topic_id ! AND tw.user_id NOT IN (" . $userdata['user_id'] . ", " . ANONYMOUS . $user_id_sql . ") AND tw.notify_status = " . TOPIC_WATCH_UN_NOTIFIED . " AND u.user_id = tw.user_id"; ! if (!($result = $db->sql_query($sql))) { message_die(GENERAL_ERROR, 'Could not obtain list of topic watchers', '', __LINE__, __FILE__, $sql); } $update_watched_sql = ''; ! $bcc_list_ary = array(); ! ! if ($row = $db->sql_fetchrow($result)) { ! // Sixty second limit ! @set_time_limit(60); do { ! if ($row['user_email'] != '') { ! $bcc_list_ary[$row['user_lang']][] = $row['user_email']; ! } ! $update_watched_sql .= ($update_watched_sql != '') ? ', ' . $row['user_id'] : $row['user_id']; ! } ! while ($row = $db->sql_fetchrow($result)); ! ! // ! // Let's do some checking to make sure that mass mail functions ! // are working in win32 versions of php. ! // ! if (preg_match('/[c-z]:\\\.*/i', getenv('PATH')) && !$board_config['smtp_delivery']) ! { ! $ini_val = (@phpversion() >= '4.0.0') ? 'ini_get' : 'get_cfg_var'; ! ! // We are running on windows, force delivery to use our smtp functions ! // since php's are broken by default ! $board_config['smtp_delivery'] = 1; ! $board_config['smtp_host'] = @$ini_val('SMTP'); ! } ! ! if (sizeof($bcc_list_ary)) ! { ! include($phpbb_root_path . 'includes/emailer.'.$phpEx); ! $emailer = new emailer($board_config['smtp_delivery']); ! ! $script_name = preg_replace('/^\/?(.*?)\/?$/', '\1', trim($board_config['script_path'])); ! $script_name = ($script_name != '') ? $script_name . '/viewtopic.'.$phpEx : 'viewtopic.'.$phpEx; ! $server_name = trim($board_config['server_name']); ! $server_protocol = ($board_config['cookie_secure']) ? 'https://' : 'http://'; ! $server_port = ($board_config['server_port'] <> 80) ? ':' . trim($board_config['server_port']) . '/' : '/'; ! ! $orig_word = array(); ! $replacement_word = array(); ! obtain_word_list($orig_word, $replacement_word); ! ! $emailer->from($board_config['board_email']); ! $emailer->replyto($board_config['board_email']); ! ! $topic_title = (count($orig_word)) ? preg_replace($orig_word, $replacement_word, unprepare_message($topic_title)) : unprepare_message($topic_title); ! ! @reset($bcc_list_ary); ! while (list($user_lang, $bcc_list) = each($bcc_list_ary)) ! { ! $emailer->use_template('topic_notify', $user_lang); ! ! for ($i = 0; $i < count($bcc_list); $i++) ! { ! $emailer->bcc($bcc_list[$i]); ! } ! ! // The Topic_reply_notification lang string below will be used ! // if for some reason the mail template subject cannot be read ! // ... note it will not necessarily be in the posters own language! ! $emailer->set_subject($lang['Topic_reply_notification']); ! ! // This is a nasty kludge to remove the username var ... till (if?) ! // translators update their templates ! $emailer->msg = preg_replace('#[ ]?{USERNAME}#', '', $emailer->msg); $emailer->assign_vars(array( ! 'EMAIL_SIG' => (!empty($board_config['board_email_sig'])) ? str_replace('
', "\n", "-- \n" . $board_config['board_email_sig']) : '', 'SITENAME' => $board_config['sitename'], 'TOPIC_TITLE' => $topic_title, *************** *** 659,672 **** $emailer->send(); $emailer->reset(); - - $update_watched_sql .= ( $update_watched_sql != '' ) ? ', ' . $row['user_id'] : $row['user_id']; } } - while ( $row = $db->sql_fetchrow($result) ); } ! if ( $update_watched_sql != '' ) { $sql = "UPDATE " . TOPICS_WATCH_TABLE . " SET notify_status = " . TOPIC_WATCH_NOTIFIED . " --- 700,711 ---- $emailer->send(); $emailer->reset(); } } } + $db->sql_freeresult($result); ! if ($update_watched_sql != '') { $sql = "UPDATE " . TOPICS_WATCH_TABLE . " SET notify_status = " . TOPIC_WATCH_NOTIFIED . " *************** *** 680,707 **** FROM " . TOPICS_WATCH_TABLE . " WHERE topic_id = $topic_id AND user_id = " . $userdata['user_id']; ! if ( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, 'Could not obtain topic watch information', '', __LINE__, __FILE__, $sql); } $row = $db->sql_fetchrow($result); ! if ( !$notify_user && !empty($row['topic_id']) ) { $sql = "DELETE FROM " . TOPICS_WATCH_TABLE . " WHERE topic_id = $topic_id AND user_id = " . $userdata['user_id']; ! if ( !$db->sql_query($sql) ) { message_die(GENERAL_ERROR, 'Could not delete topic watch information', '', __LINE__, __FILE__, $sql); } } ! else if ( $notify_user && empty($row['topic_id']) ) { $sql = "INSERT INTO " . TOPICS_WATCH_TABLE . " (user_id, topic_id, notify_status) VALUES (" . $userdata['user_id'] . ", $topic_id, 0)"; ! if ( !$db->sql_query($sql) ) { message_die(GENERAL_ERROR, 'Could not insert topic watch information', '', __LINE__, __FILE__, $sql); } --- 719,746 ---- FROM " . TOPICS_WATCH_TABLE . " WHERE topic_id = $topic_id AND user_id = " . $userdata['user_id']; ! if (!($result = $db->sql_query($sql))) { message_die(GENERAL_ERROR, 'Could not obtain topic watch information', '', __LINE__, __FILE__, $sql); } $row = $db->sql_fetchrow($result); ! if (!$notify_user && !empty($row['topic_id'])) { $sql = "DELETE FROM " . TOPICS_WATCH_TABLE . " WHERE topic_id = $topic_id AND user_id = " . $userdata['user_id']; ! if (!$db->sql_query($sql)) { message_die(GENERAL_ERROR, 'Could not delete topic watch information', '', __LINE__, __FILE__, $sql); } } ! else if ($notify_user && empty($row['topic_id'])) { $sql = "INSERT INTO " . TOPICS_WATCH_TABLE . " (user_id, topic_id, notify_status) VALUES (" . $userdata['user_id'] . ", $topic_id, 0)"; ! if (!$db->sql_query($sql)) { message_die(GENERAL_ERROR, 'Could not insert topic watch information', '', __LINE__, __FILE__, $sql); } *************** *** 723,736 **** $inline_rows = 5; $window_columns = 8; ! if ( $mode == 'window' ) { $userdata = session_pagestart($user_ip, $page_id); init_userprefs($userdata); $gen_simple_header = TRUE; ! $page_title = $lang['Review_topic'] . " - $topic_title"; include($phpbb_root_path . 'includes/page_header.'.$phpEx); $template->set_filenames(array( --- 762,775 ---- $inline_rows = 5; $window_columns = 8; ! if ($mode == 'window') { $userdata = session_pagestart($user_ip, $page_id); init_userprefs($userdata); $gen_simple_header = TRUE; ! $page_title = $lang['Emoticons'] . " - $topic_title"; include($phpbb_root_path . 'includes/page_header.'.$phpEx); $template->set_filenames(array( *************** *** 741,772 **** $sql = "SELECT emoticon, code, smile_url FROM " . SMILIES_TABLE . " ORDER BY smilies_id"; ! if ( $result = $db->sql_query($sql) ) { $num_smilies = 0; $rowset = array(); ! while ( $row = $db->sql_fetchrow($result) ) { ! if ( empty($rowset[$row['smile_url']]) ) { ! $rowset[$row['smile_url']]['code'] = str_replace('\\', '\\\\', str_replace("'", "\\'", $row['code'])); $rowset[$row['smile_url']]['emoticon'] = $row['emoticon']; $num_smilies++; } } ! if ( $num_smilies ) { ! $smilies_count = ( $mode == 'inline' ) ? min(19, $num_smilies) : $num_smilies; ! $smilies_split_row = ( $mode == 'inline' ) ? $inline_columns - 1 : $window_columns - 1; $s_colspan = 0; $row = 0; $col = 0; ! while ( list($smile_url, $data) = @each($rowset) ) { ! if ( !$col ) { $template->assign_block_vars('smilies_row', array()); } --- 780,811 ---- $sql = "SELECT emoticon, code, smile_url FROM " . SMILIES_TABLE . " ORDER BY smilies_id"; ! if ($result = $db->sql_query($sql)) { $num_smilies = 0; $rowset = array(); ! while ($row = $db->sql_fetchrow($result)) { ! if (empty($rowset[$row['smile_url']])) { ! $rowset[$row['smile_url']]['code'] = str_replace("'", "\\'", str_replace('\\', '\\\\', $row['code'])); $rowset[$row['smile_url']]['emoticon'] = $row['emoticon']; $num_smilies++; } } ! if ($num_smilies) { ! $smilies_count = ($mode == 'inline') ? min(19, $num_smilies) : $num_smilies; ! $smilies_split_row = ($mode == 'inline') ? $inline_columns - 1 : $window_columns - 1; $s_colspan = 0; $row = 0; $col = 0; ! while (list($smile_url, $data) = @each($rowset)) { ! if (!$col) { $template->assign_block_vars('smilies_row', array()); } *************** *** 779,787 **** $s_colspan = max($s_colspan, $col + 1); ! if ( $col == $smilies_split_row ) { ! if ( $mode == 'inline' && $row == $inline_rows - 1 ) { break; } --- 818,826 ---- $s_colspan = max($s_colspan, $col + 1); ! if ($col == $smilies_split_row) { ! if ($mode == 'inline' && $row == $inline_rows - 1) { break; } *************** *** 794,800 **** } } ! if ( $mode == 'inline' && $num_smilies > $inline_rows * $inline_columns ) { $template->assign_block_vars('switch_smilies_extra', array()); --- 833,839 ---- } } ! if ($mode == 'inline' && $num_smilies > $inline_rows * $inline_columns) { $template->assign_block_vars('switch_smilies_extra', array()); *************** *** 812,818 **** } } ! if ( $mode == 'window' ) { $template->pparse('smiliesbody'); --- 851,857 ---- } } ! if ($mode == 'window') { $template->pparse('smiliesbody'); *************** *** 820,823 **** } } ! ?> --- 859,862 ---- } } ! ?> \ No newline at end of file diff -crN phpbb203/includes/functions_search.php phpbb2017/includes/functions_search.php *** phpbb203/includes/functions_search.php Sat Jul 10 20:16:19 2004 --- phpbb2017/includes/functions_search.php Tue Jul 19 22:14:56 2005 *************** *** 3,12 **** * functions_search.php * ------------------- * begin : Wed Sep 05 2001 ! * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: functions_search.php,v 1.8.2.5 2002/05/13 13:27:12 psotfx Exp $ * ****************************************************************************/ --- 3,12 ---- * functions_search.php * ------------------- * begin : Wed Sep 05 2001 ! * copyright : (C) 2002 The phpBB Group * email : support@phpbb.com * ! * $Id: functions_search.php,v 1.8.2.19 2004/11/18 17:49:45 acydburn Exp $ * ****************************************************************************/ *************** *** 58,64 **** $entry = str_replace('*', ' ', $entry); // 'words' that consist of <3 or >20 characters are removed. ! $entry = preg_replace('/\b([a-z0-9]{1,2}|[a-z0-9]{21,})\b/',' ', $entry); } if ( !empty($stopword_list) ) --- 58,64 ---- $entry = str_replace('*', ' ', $entry); // 'words' that consist of <3 or >20 characters are removed. ! $entry = preg_replace('/[ ]([\S]{1,2}|[\S]{21,})[ ]/',' ', $entry); } if ( !empty($stopword_list) ) *************** *** 69,75 **** if ( $mode == 'post' || ( $stopword != 'not' && $stopword != 'and' && $stopword != 'or' ) ) { ! $entry = preg_replace('#\b' . preg_quote($stopword) . '\b#', ' ', $entry); } } } --- 69,75 ---- if ( $mode == 'post' || ( $stopword != 'not' && $stopword != 'and' && $stopword != 'or' ) ) { ! $entry = str_replace(' ' . trim($stopword) . ' ', ' ', $entry); } } } *************** *** 81,87 **** list($replace_synonym, $match_synonym) = split(' ', trim(strtolower($synonym_list[$j]))); if ( $mode == 'post' || ( $match_synonym != 'not' && $match_synonym != 'and' && $match_synonym != 'or' ) ) { ! $entry = preg_replace('#\b' . trim($match_synonym) . '\b#', ' ' . trim($replace_synonym) . ' ', $entry); } } } --- 81,87 ---- list($replace_synonym, $match_synonym) = split(' ', trim(strtolower($synonym_list[$j]))); if ( $mode == 'post' || ( $match_synonym != 'not' && $match_synonym != 'and' && $match_synonym != 'or' ) ) { ! $entry = str_replace(' ' . trim($match_synonym) . ' ', ' ' . trim($replace_synonym) . ' ', $entry); } } } *************** *** 91,113 **** function split_words(&$entry, $mode = 'post') { ! $rex = ( $mode == 'post' ) ? "/\b(\w[\w']*\w+|\w+?)\b/" : '/(\*?[à-ÿa-z0-9]+\*?)|\b([à-ÿa-z0-9]+)\b/'; preg_match_all($rex, $entry, $split_entries); return $split_entries[1]; } ! function add_search_words($post_id, $post_text, $post_title = '') { global $db, $phpbb_root_path, $board_config, $lang; ! $stopwords_array = @file($phpbb_root_path . 'language/lang_' . $board_config['default_lang'] . "/search_stopwords.txt"); $synonym_array = @file($phpbb_root_path . 'language/lang_' . $board_config['default_lang'] . "/search_synonyms.txt"); $search_raw_words = array(); $search_raw_words['text'] = split_words(clean_words('post', $post_text, $stopword_array, $synonym_array)); $search_raw_words['title'] = split_words(clean_words('post', $post_title, $stopword_array, $synonym_array)); $word = array(); $word_insert_sql = array(); while ( list($word_in, $search_matches) = @each($search_raw_words) ) --- 91,120 ---- function split_words(&$entry, $mode = 'post') { ! // If you experience problems with the new method, uncomment this block. ! /* ! $rex = ( $mode == 'post' ) ? "/\b([\w±µ-ÿ][\w±µ-ÿ']*[\w±µ-ÿ]+|[\w±µ-ÿ]+?)\b/" : '/(\*?[a-z0-9±µ-ÿ]+\*?)|\b([a-z0-9±µ-ÿ]+)\b/'; preg_match_all($rex, $entry, $split_entries); return $split_entries[1]; + */ + // Trim 1+ spaces to one space and split this trimmed string into words. + return explode(' ', trim(preg_replace('#\s+#', ' ', $entry))); } ! function add_search_words($mode, $post_id, $post_text, $post_title = '') { global $db, $phpbb_root_path, $board_config, $lang; ! $stopword_array = @file($phpbb_root_path . 'language/lang_' . $board_config['default_lang'] . "/search_stopwords.txt"); $synonym_array = @file($phpbb_root_path . 'language/lang_' . $board_config['default_lang'] . "/search_synonyms.txt"); $search_raw_words = array(); $search_raw_words['text'] = split_words(clean_words('post', $post_text, $stopword_array, $synonym_array)); $search_raw_words['title'] = split_words(clean_words('post', $post_title, $stopword_array, $synonym_array)); + @set_time_limit(0); + $word = array(); $word_insert_sql = array(); while ( list($word_in, $search_matches) = @each($search_raw_words) ) *************** *** 191,196 **** --- 198,204 ---- $value_sql .= ( ( $value_sql != '' ) ? ', ' : '' ) . '(\'' . $word[$i] . '\', 0)'; break; case 'mssql': + case 'mssql-odbc': $value_sql .= ( ( $value_sql != '' ) ? ' UNION ALL ' : '' ) . "SELECT '" . $word[$i] . "', 0"; break; default: *************** *** 215,220 **** --- 223,229 ---- VALUES $value_sql"; break; case 'mssql': + case 'mssql-odbc': $sql = "INSERT INTO " . SEARCH_WORD_TABLE . " (word_text, word_common) $value_sql"; break; *************** *** 244,252 **** } } ! if ( $mode == 'single' ) { ! remove_common('single', 0.4, $word); } return; --- 253,261 ---- } } ! if ($mode == 'single') { ! remove_common('single', 4/10, $word); } return; *************** *** 259,265 **** { global $db; ! $sql = ( $mode == 'global' ) ? "SELECT COUNT(post_id) AS total_posts FROM " . SEARCH_MATCH_TABLE . " GROUP BY post_id" : "SELECT SUM(forum_posts) AS total_posts FROM " . FORUMS_TABLE; if ( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, 'Could not obtain post count', '', __LINE__, __FILE__, $sql); --- 268,275 ---- { global $db; ! $sql = "SELECT COUNT(post_id) AS total_posts ! FROM " . POSTS_TABLE; if ( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, 'Could not obtain post count', '', __LINE__, __FILE__, $sql); *************** *** 325,331 **** } } ! return $word_count; } function remove_search_post($post_id_sql) --- 335,341 ---- } } ! return; } function remove_search_post($post_id_sql) *************** *** 425,435 **** $username_list = ''; if ( !empty($search_match) ) { ! $username_search = preg_replace('/\*/', '%', trim(strip_tags($search_match))); $sql = "SELECT username FROM " . USERS_TABLE . " ! WHERE username LIKE '" . str_replace("\'", "''", $username_search) . "' ORDER BY username"; if ( !($result = $db->sql_query($sql)) ) { --- 435,445 ---- $username_list = ''; if ( !empty($search_match) ) { ! $username_search = preg_replace('/\*/', '%', phpbb_clean_username($search_match)); $sql = "SELECT username FROM " . USERS_TABLE . " ! WHERE username LIKE '" . str_replace("\'", "''", $username_search) . "' AND user_id <> " . ANONYMOUS . " ORDER BY username"; if ( !($result = $db->sql_query($sql)) ) { *************** *** 459,465 **** ); $template->assign_vars(array( ! 'USERNAME' => ( !empty($search_match) ) ? $search_match : '', 'L_CLOSE_WINDOW' => $lang['Close_window'], 'L_SEARCH_USERNAME' => $lang['Find_username'], --- 469,475 ---- ); $template->assign_vars(array( ! 'USERNAME' => (!empty($search_match)) ? phpbb_clean_username($search_match) : '', 'L_CLOSE_WINDOW' => $lang['Close_window'], 'L_SEARCH_USERNAME' => $lang['Find_username'], diff -crN phpbb203/includes/functions_selects.php phpbb2017/includes/functions_selects.php *** phpbb203/includes/functions_selects.php Sat Jul 10 20:16:19 2004 --- phpbb2017/includes/functions_selects.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: functions_selects.php,v 1.3 2002/03/18 23:53:12 psotfx Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: functions_selects.php,v 1.3.2.5 2005/05/06 20:50:11 acydburn Exp $ * * ***************************************************************************/ *************** *** 26,39 **** // function language_select($default, $select_name = "language", $dirname="language") { ! global $phpEx; ! $dir = opendir($dirname); $lang = array(); while ( $file = readdir($dir) ) { ! if ( ereg("^lang_", $file) && !is_file($dirname . "/" . $file) && !is_link($dirname . "/" . $file) ) { $filename = trim(str_replace("lang_", "", $file)); $displayname = preg_replace("/^(.*?)_(.*)$/", "\\1 [ \\2 ]", $filename); --- 26,39 ---- // function language_select($default, $select_name = "language", $dirname="language") { ! global $phpEx, $phpbb_root_path; ! $dir = opendir($phpbb_root_path . $dirname); $lang = array(); while ( $file = readdir($dir) ) { ! if (preg_match('#^lang_#i', $file) && !is_file(@phpbb_realpath($phpbb_root_path . $dirname . '/' . $file)) && !is_link(@phpbb_realpath($phpbb_root_path . $dirname . '/' . $file))) { $filename = trim(str_replace("lang_", "", $file)); $displayname = preg_replace("/^(.*?)_(.*)$/", "\\1 [ \\2 ]", $filename); diff -crN phpbb203/includes/functions_validate.php phpbb2017/includes/functions_validate.php *** phpbb203/includes/functions_validate.php Sat Jul 10 20:16:19 2004 --- phpbb2017/includes/functions_validate.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: functions_validate.php,v 1.6.2.2 2002/07/19 15:22:36 psotfx Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: functions_validate.php,v 1.6.2.13 2005/07/19 20:01:15 acydburn Exp $ * * ***************************************************************************/ *************** *** 18,24 **** * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * - * ***************************************************************************/ // --- 18,23 ---- *************** *** 30,90 **** { global $db, $lang, $userdata; ! $username = str_replace("\'", "''", $username); ! $sql = "SELECT username FROM " . USERS_TABLE . " WHERE LOWER(username) = '" . strtolower($username) . "'"; ! if ( $result = $db->sql_query($sql) ) { ! if ( $row = $db->sql_fetchrow($result) ) { ! if ( ( $userdata['session_logged_in'] && $row['username'] != $userdata['username'] ) || !$userdata['session_logged_in'] ) { return array('error' => true, 'error_msg' => $lang['Username_taken']); } } } $sql = "SELECT group_name FROM " . GROUPS_TABLE . " WHERE LOWER(group_name) = '" . strtolower($username) . "'"; ! if ( $result = $db->sql_query($sql) ) { ! if ( $row = $db->sql_fetchrow($result) ) { return array('error' => true, 'error_msg' => $lang['Username_taken']); } } $sql = "SELECT disallow_username FROM " . DISALLOW_TABLE; ! if ( $result = $db->sql_query($sql) ) { ! while( $row = $db->sql_fetchrow($result) ) { ! if ( preg_match("#\b(" . str_replace("\*", ".*?", phpbb_preg_quote($row['disallow_username'], '#')) . ")\b#i", $username) ) { ! return array('error' => true, 'error_msg' => $lang['Username_disallowed']); } } } $sql = "SELECT word FROM " . WORDS_TABLE; ! if ( $result = $db->sql_query($sql) ) { ! while( $row = $db->sql_fetchrow($result) ) { ! if ( preg_match("#\b(" . str_replace("\*", ".*?", phpbb_preg_quote($row['word'], '#')) . ")\b#i", $username) ) { ! return array('error' => true, 'error_msg' => $lang['Username_disallowed']); } } } ! // Don't allow " in username. ! if ( strstr($username, '"') ) { return array('error' => true, 'error_msg' => $lang['Username_invalid']); } --- 29,107 ---- { global $db, $lang, $userdata; ! // Remove doubled up spaces ! $username = preg_replace('#\s+#', ' ', trim($username)); ! $username = phpbb_clean_username($username); ! $sql = "SELECT username FROM " . USERS_TABLE . " WHERE LOWER(username) = '" . strtolower($username) . "'"; ! if ($result = $db->sql_query($sql)) { ! if ($row = $db->sql_fetchrow($result)) { ! if (($userdata['session_logged_in'] && $row['username'] != $userdata['username']) || !$userdata['session_logged_in']) { + $db->sql_freeresult($result); return array('error' => true, 'error_msg' => $lang['Username_taken']); } } } + $db->sql_freeresult($result); $sql = "SELECT group_name FROM " . GROUPS_TABLE . " WHERE LOWER(group_name) = '" . strtolower($username) . "'"; ! if ($result = $db->sql_query($sql)) { ! if ($row = $db->sql_fetchrow($result)) { + $db->sql_freeresult($result); return array('error' => true, 'error_msg' => $lang['Username_taken']); } } + $db->sql_freeresult($result); $sql = "SELECT disallow_username FROM " . DISALLOW_TABLE; ! if ($result = $db->sql_query($sql)) { ! if ($row = $db->sql_fetchrow($result)) { ! do { ! if (preg_match("#\b(" . str_replace("\*", ".*?", phpbb_preg_quote($row['disallow_username'], '#')) . ")\b#i", $username)) ! { ! $db->sql_freeresult($result); ! return array('error' => true, 'error_msg' => $lang['Username_disallowed']); ! } } + while($row = $db->sql_fetchrow($result)); } } + $db->sql_freeresult($result); $sql = "SELECT word FROM " . WORDS_TABLE; ! if ($result = $db->sql_query($sql)) { ! if ($row = $db->sql_fetchrow($result)) { ! do { ! if (preg_match("#\b(" . str_replace("\*", ".*?", phpbb_preg_quote($row['word'], '#')) . ")\b#i", $username)) ! { ! $db->sql_freeresult($result); ! return array('error' => true, 'error_msg' => $lang['Username_disallowed']); ! } } + while ($row = $db->sql_fetchrow($result)); } } + $db->sql_freeresult($result); ! // Don't allow " and ALT-255 in username. ! if (strstr($username, '"') || strstr($username, '"') || strstr($username, chr(160))) { return array('error' => true, 'error_msg' => $lang['Username_invalid']); } *************** *** 100,135 **** { global $db, $lang; ! if ( $email != '' ) { ! if ( preg_match('/^[a-z0-9\.\-_\+]+@[a-z0-9\-_]+\.([a-z0-9\-_]+\.)*?[a-z]+$/is', $email) ) { $sql = "SELECT ban_email FROM " . BANLIST_TABLE; ! if ( $result = $db->sql_query($sql) ) { ! while( $row = $db->sql_fetchrow($result) ) { ! $match_email = str_replace('*', '.*?', $row['ban_email']); ! if ( preg_match('/^' . $match_email . '$/is', $email) ) { ! return array('error' => true, 'error_msg' => $lang['Email_banned']); } } } $sql = "SELECT user_email FROM " . USERS_TABLE . " WHERE user_email = '" . str_replace("\'", "''", $email) . "'"; ! if ( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, "Couldn't obtain user email information.", "", __LINE__, __FILE__, $sql); } ! ! if ( $row = $db->sql_fetchrow($result) ) { return array('error' => true, 'error_msg' => $lang['Email_taken']); } return array('error' => false, 'error_msg' => ''); } --- 117,159 ---- { global $db, $lang; ! if ($email != '') { ! if (preg_match('/^[a-z0-9&\'\.\-_\+]+@[a-z0-9\-]+\.([a-z0-9\-]+\.)*?[a-z]+$/is', $email)) { $sql = "SELECT ban_email FROM " . BANLIST_TABLE; ! if ($result = $db->sql_query($sql)) { ! if ($row = $db->sql_fetchrow($result)) { ! do { ! $match_email = str_replace('*', '.*?', $row['ban_email']); ! if (preg_match('/^' . $match_email . '$/is', $email)) ! { ! $db->sql_freeresult($result); ! return array('error' => true, 'error_msg' => $lang['Email_banned']); ! } } + while($row = $db->sql_fetchrow($result)); } } + $db->sql_freeresult($result); $sql = "SELECT user_email FROM " . USERS_TABLE . " WHERE user_email = '" . str_replace("\'", "''", $email) . "'"; ! if (!($result = $db->sql_query($sql))) { message_die(GENERAL_ERROR, "Couldn't obtain user email information.", "", __LINE__, __FILE__, $sql); } ! ! if ($row = $db->sql_fetchrow($result)) { return array('error' => true, 'error_msg' => $lang['Email_taken']); } + $db->sql_freeresult($result); return array('error' => false, 'error_msg' => ''); } *************** *** 148,175 **** for($i = 0; $i < count($check_var_length); $i++) { ! if ( strlen($$check_var_length[$i]) < 2 ) { $$check_var_length[$i] = ''; } } // ICQ number has to be only numbers. ! if ( !preg_match('/^[0-9]+$/', $icq) ) { $icq = ''; } // website has to start with http://, followed by something with length at least 3 that // contains at least one dot. ! if ( $website != "" ) { ! if ( !preg_match('#^http:\/\/#i', $website) ) { $website = 'http://' . $website; } ! if ( !preg_match('#^http\\:\\/\\/[a-z0-9\-]+\.([a-z0-9\-]+\.)?[a-z]+#i', $website) ) { $website = ''; } --- 172,199 ---- for($i = 0; $i < count($check_var_length); $i++) { ! if (strlen($$check_var_length[$i]) < 2) { $$check_var_length[$i] = ''; } } // ICQ number has to be only numbers. ! if (!preg_match('/^[0-9]+$/', $icq)) { $icq = ''; } // website has to start with http://, followed by something with length at least 3 that // contains at least one dot. ! if ($website != "") { ! if (!preg_match('#^http[s]?:\/\/#i', $website)) { $website = 'http://' . $website; } ! if (!preg_match('#^http[s]?\\:\\/\\/[a-z0-9\-]+\.([a-z0-9\-]+\.)?[a-z]+#i', $website)) { $website = ''; } *************** *** 178,181 **** return; } ! ?> --- 202,205 ---- return; } ! ?> \ No newline at end of file diff -crN phpbb203/includes/page_header.php phpbb2017/includes/page_header.php *** phpbb203/includes/page_header.php Sat Jul 10 20:16:19 2004 --- phpbb2017/includes/page_header.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: page_header.php,v 1.106.2.5 2002/09/18 12:10:22 psotfx Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: page_header.php,v 1.106.2.24 2005/03/26 14:15:59 acydburn Exp $ * * ***************************************************************************/ *************** *** 35,41 **** { $phpver = phpversion(); ! if ( $phpver >= '4.0.4pl1' && strstr($HTTP_USER_AGENT,'compatible') ) { if ( extension_loaded('zlib') ) { --- 35,43 ---- { $phpver = phpversion(); ! $useragent = (isset($HTTP_SERVER_VARS['HTTP_USER_AGENT'])) ? $HTTP_SERVER_VARS['HTTP_USER_AGENT'] : getenv('HTTP_USER_AGENT'); ! ! if ( $phpver >= '4.0.4pl1' && ( strstr($useragent,'compatible') || strstr($useragent,'Gecko') ) ) { if ( extension_loaded('zlib') ) { *************** *** 70,76 **** // if ( $userdata['session_logged_in'] ) { ! $u_login_logout = 'login.'.$phpEx.'?logout=true'; $l_login_logout = $lang['Logout'] . ' [ ' . $userdata['username'] . ' ]'; } else --- 72,78 ---- // if ( $userdata['session_logged_in'] ) { ! $u_login_logout = 'login.'.$phpEx.'?logout=true&sid=' . $userdata['session_id']; $l_login_logout = $lang['Logout'] . ' [ ' . $userdata['username'] . ' ]'; } else *************** *** 85,256 **** // Get basic (usernames + totals) online // situation // - $user_forum_sql = ( !empty($forum_id) ) ? "AND s.session_page = " . intval($forum_id) : ''; - $sql = "SELECT u.username, u.user_id, u.user_allow_viewonline, u.user_level, s.session_logged_in, s.session_ip - FROM ".USERS_TABLE." u, ".SESSIONS_TABLE." s - WHERE u.user_id = s.session_user_id - AND s.session_time >= ".( time() - 300 ) . " - $user_forum_sql - ORDER BY u.username ASC, s.session_ip ASC"; - if( !($result = $db->sql_query($sql)) ) - { - message_die(GENERAL_ERROR, 'Could not obtain user/online information', '', __LINE__, __FILE__, $sql); - } - - $userlist_ary = array(); - $userlist_visible = array(); - $logged_visible_online = 0; $logged_hidden_online = 0; $guests_online = 0; $online_userlist = ''; ! $prev_user_id = 0; ! $prev_user_ip = ''; ! ! while( $row = $db->sql_fetchrow($result) ) { ! // User is logged in and therefor not a guest ! if ( $row['session_logged_in'] ) { ! // Skip multiple sessions for one user ! if ( $row['user_id'] != $prev_user_id ) ! { ! $style_color = ''; ! if ( $row['user_level'] == ADMIN ) ! { ! $row['username'] = '' . $row['username'] . ''; ! $style_color = 'style="color:#' . $theme['fontcolor3'] . '"'; ! } ! else if ( $row['user_level'] == MOD ) ! { ! $row['username'] = '' . $row['username'] . ''; ! $style_color = 'style="color:#' . $theme['fontcolor2'] . '"'; ! } ! if ( $row['user_allow_viewonline'] ) ! { ! $user_online_link = '' . $row['username'] . ''; ! $logged_visible_online++; ! } ! else { ! $user_online_link = '' . $row['username'] . ''; ! $logged_hidden_online++; } ! if ( $row['user_allow_viewonline'] || $userdata['user_level'] == ADMIN ) { ! $online_userlist .= ( $online_userlist != '' ) ? ', ' . $user_online_link : $user_online_link; } } ! $prev_user_id = $row['user_id']; } ! else { ! // Skip multiple sessions for one user ! if ( $row['session_ip'] != $prev_session_ip ) ! { ! $guests_online++; ! } } ! $prev_session_ip = $row['session_ip']; ! } ! if ( empty($online_userlist) ) ! { ! $online_userlist = $lang['None']; ! } ! $online_userlist = ( ( isset($forum_id) ) ? $lang['Browsing_forum'] : $lang['Registered_users'] ) . ' ' . $online_userlist; ! $total_online_users = $logged_visible_online + $logged_hidden_online + $guests_online; ! if ( $total_online_users > $board_config['record_online_users']) ! { ! $board_config['record_online_users'] = $total_online_users; ! $board_config['record_online_date'] = time(); ! $sql = "UPDATE " . CONFIG_TABLE . " ! SET config_value = '$total_online_users' ! WHERE config_name = 'record_online_users'"; ! if ( !$db->sql_query($sql) ) { ! message_die(GENERAL_ERROR, 'Could not update online user record (nr of users)', '', __LINE__, __FILE__, $sql); } ! ! $sql = "UPDATE " . CONFIG_TABLE . " ! SET config_value = '" . $board_config['record_online_date'] . "' ! WHERE config_name = 'record_online_date'"; ! if ( !$db->sql_query($sql) ) { ! message_die(GENERAL_ERROR, 'Could not update online user record (date)', '', __LINE__, __FILE__, $sql); } - } ! if ( $total_online_users == 0 ) ! { ! $l_t_user_s = $lang['Online_users_zero_total']; ! } ! else if ( $total_online_users == 1 ) ! { ! $l_t_user_s = $lang['Online_user_total']; ! } ! else ! { ! $l_t_user_s = $lang['Online_users_total']; ! } ! if ( $logged_visible_online == 0 ) ! { ! $l_r_user_s = $lang['Reg_users_zero_total']; ! } ! else if ( $logged_visible_online == 1 ) ! { ! $l_r_user_s = $lang['Reg_user_total']; ! } ! else ! { ! $l_r_user_s = $lang['Reg_users_total']; ! } ! if ( $logged_hidden_online == 0 ) ! { ! $l_h_user_s = $lang['Hidden_users_zero_total']; ! } ! else if ( $logged_hidden_online == 1 ) ! { ! $l_h_user_s = $lang['Hidden_user_total']; ! } ! else ! { ! $l_h_user_s = $lang['Hidden_users_total']; ! } ! if ( $guests_online == 0 ) ! { ! $l_g_user_s = $lang['Guest_users_zero_total']; ! } ! else if ( $guests_online == 1 ) ! { ! $l_g_user_s = $lang['Guest_user_total']; ! } ! else ! { ! $l_g_user_s = $lang['Guest_users_total']; } - $l_online_users = sprintf($l_t_user_s, $total_online_users); - $l_online_users .= sprintf($l_r_user_s, $logged_visible_online); - $l_online_users .= sprintf($l_h_user_s, $logged_hidden_online); - $l_online_users .= sprintf($l_g_user_s, $guests_online); - // // Obtain number of new private messages // if user is logged in // ! if ( $userdata['session_logged_in'] ) { if ( $userdata['user_new_privmsg'] ) { --- 87,264 ---- // Get basic (usernames + totals) online // situation // $logged_visible_online = 0; $logged_hidden_online = 0; $guests_online = 0; $online_userlist = ''; + $l_online_users = ''; ! if (defined('SHOW_ONLINE')) { ! ! $user_forum_sql = ( !empty($forum_id) ) ? "AND s.session_page = " . intval($forum_id) : ''; ! $sql = "SELECT u.username, u.user_id, u.user_allow_viewonline, u.user_level, s.session_logged_in, s.session_ip ! FROM ".USERS_TABLE." u, ".SESSIONS_TABLE." s ! WHERE u.user_id = s.session_user_id ! AND s.session_time >= ".( time() - 300 ) . " ! $user_forum_sql ! ORDER BY u.username ASC, s.session_ip ASC"; ! if( !($result = $db->sql_query($sql)) ) { ! message_die(GENERAL_ERROR, 'Could not obtain user/online information', '', __LINE__, __FILE__, $sql); ! } ! $userlist_ary = array(); ! $userlist_visible = array(); ! ! $prev_user_id = 0; ! $prev_user_ip = $prev_session_ip = ''; ! ! while( $row = $db->sql_fetchrow($result) ) ! { ! // User is logged in and therefor not a guest ! if ( $row['session_logged_in'] ) ! { ! // Skip multiple sessions for one user ! if ( $row['user_id'] != $prev_user_id ) { ! $style_color = ''; ! if ( $row['user_level'] == ADMIN ) ! { ! $row['username'] = '' . $row['username'] . ''; ! $style_color = 'style="color:#' . $theme['fontcolor3'] . '"'; ! } ! else if ( $row['user_level'] == MOD ) ! { ! $row['username'] = '' . $row['username'] . ''; ! $style_color = 'style="color:#' . $theme['fontcolor2'] . '"'; ! } ! ! if ( $row['user_allow_viewonline'] ) ! { ! $user_online_link = '' . $row['username'] . ''; ! $logged_visible_online++; ! } ! else ! { ! $user_online_link = '' . $row['username'] . ''; ! $logged_hidden_online++; ! } ! ! if ( $row['user_allow_viewonline'] || $userdata['user_level'] == ADMIN ) ! { ! $online_userlist .= ( $online_userlist != '' ) ? ', ' . $user_online_link : $user_online_link; ! } } ! $prev_user_id = $row['user_id']; ! } ! else ! { ! // Skip multiple sessions for one user ! if ( $row['session_ip'] != $prev_session_ip ) { ! $guests_online++; } } ! $prev_session_ip = $row['session_ip']; } ! $db->sql_freeresult($result); ! ! if ( empty($online_userlist) ) { ! $online_userlist = $lang['None']; } + $online_userlist = ( ( isset($forum_id) ) ? $lang['Browsing_forum'] : $lang['Registered_users'] ) . ' ' . $online_userlist; ! $total_online_users = $logged_visible_online + $logged_hidden_online + $guests_online; ! if ( $total_online_users > $board_config['record_online_users']) ! { ! $board_config['record_online_users'] = $total_online_users; ! $board_config['record_online_date'] = time(); ! $sql = "UPDATE " . CONFIG_TABLE . " ! SET config_value = '$total_online_users' ! WHERE config_name = 'record_online_users'"; ! if ( !$db->sql_query($sql) ) ! { ! message_die(GENERAL_ERROR, 'Could not update online user record (nr of users)', '', __LINE__, __FILE__, $sql); ! } ! $sql = "UPDATE " . CONFIG_TABLE . " ! SET config_value = '" . $board_config['record_online_date'] . "' ! WHERE config_name = 'record_online_date'"; ! if ( !$db->sql_query($sql) ) ! { ! message_die(GENERAL_ERROR, 'Could not update online user record (date)', '', __LINE__, __FILE__, $sql); ! } ! } ! if ( $total_online_users == 0 ) { ! $l_t_user_s = $lang['Online_users_zero_total']; } ! else if ( $total_online_users == 1 ) { ! $l_t_user_s = $lang['Online_user_total']; ! } ! else ! { ! $l_t_user_s = $lang['Online_users_total']; } ! if ( $logged_visible_online == 0 ) ! { ! $l_r_user_s = $lang['Reg_users_zero_total']; ! } ! else if ( $logged_visible_online == 1 ) ! { ! $l_r_user_s = $lang['Reg_user_total']; ! } ! else ! { ! $l_r_user_s = $lang['Reg_users_total']; ! } ! if ( $logged_hidden_online == 0 ) ! { ! $l_h_user_s = $lang['Hidden_users_zero_total']; ! } ! else if ( $logged_hidden_online == 1 ) ! { ! $l_h_user_s = $lang['Hidden_user_total']; ! } ! else ! { ! $l_h_user_s = $lang['Hidden_users_total']; ! } ! if ( $guests_online == 0 ) ! { ! $l_g_user_s = $lang['Guest_users_zero_total']; ! } ! else if ( $guests_online == 1 ) ! { ! $l_g_user_s = $lang['Guest_user_total']; ! } ! else ! { ! $l_g_user_s = $lang['Guest_users_total']; ! } ! $l_online_users = sprintf($l_t_user_s, $total_online_users); ! $l_online_users .= sprintf($l_r_user_s, $logged_visible_online); ! $l_online_users .= sprintf($l_h_user_s, $logged_hidden_online); ! $l_online_users .= sprintf($l_g_user_s, $guests_online); } // // Obtain number of new private messages // if user is logged in // ! if ( ($userdata['session_logged_in']) && (empty($gen_simple_header)) ) { if ( $userdata['user_new_privmsg'] ) { *************** *** 273,279 **** else { $s_privmsg_new = 0; ! $icon_pm = $images['pm_no_new_msg']; } } else --- 281,287 ---- else { $s_privmsg_new = 0; ! $icon_pm = $images['pm_new_msg']; } } else *************** *** 305,317 **** // // Generate HTML required for Mozilla Navigation bar // $nav_links_html = ''; $nav_link_proto = '' . "\n"; while( list($nav_item, $nav_array) = @each($nav_links) ) { if ( !empty($nav_array['url']) ) { ! $nav_links_html .= sprintf($nav_link_proto, $nav_item, $nav_array['url'], $nav_array['title']); } else { --- 313,330 ---- // // Generate HTML required for Mozilla Navigation bar // + if (!isset($nav_links)) + { + $nav_links = array(); + } + $nav_links_html = ''; $nav_link_proto = '' . "\n"; while( list($nav_item, $nav_array) = @each($nav_links) ) { if ( !empty($nav_array['url']) ) { ! $nav_links_html .= sprintf($nav_link_proto, $nav_item, append_sid($nav_array['url']), $nav_array['title']); } else { *************** *** 323,328 **** --- 336,344 ---- } } + // Format Timezone. We are unable to use array_pop here, because of PHP3 compatibility + $l_timezone = explode('.', $board_config['board_timezone']); + $l_timezone = (count($l_timezone) > 1 && $l_timezone[count($l_timezone)-1] != 0) ? $lang[sprintf('%.1f', $board_config['board_timezone'])] : $lang[number_format($board_config['board_timezone'])]; // // The following assigns all _common_ variables that may be used at any point // in a template. *************** *** 377,390 **** 'U_FAQ' => append_sid('faq.'.$phpEx), 'U_VIEWONLINE' => append_sid('viewonline.'.$phpEx), 'U_LOGIN_LOGOUT' => append_sid($u_login_logout), - 'U_MEMBERSLIST' => append_sid('memberlist.'.$phpEx), 'U_GROUP_CP' => append_sid('groupcp.'.$phpEx), 'S_CONTENT_DIRECTION' => $lang['DIRECTION'], 'S_CONTENT_ENCODING' => $lang['ENCODING'], 'S_CONTENT_DIR_LEFT' => $lang['LEFT'], 'S_CONTENT_DIR_RIGHT' => $lang['RIGHT'], ! 'S_TIMEZONE' => sprintf($lang['All_times'], $lang[number_format($board_config['board_timezone'])]), 'S_LOGIN_ACTION' => append_sid('login.'.$phpEx), 'T_HEAD_STYLESHEET' => $theme['head_stylesheet'], --- 393,405 ---- 'U_FAQ' => append_sid('faq.'.$phpEx), 'U_VIEWONLINE' => append_sid('viewonline.'.$phpEx), 'U_LOGIN_LOGOUT' => append_sid($u_login_logout), 'U_GROUP_CP' => append_sid('groupcp.'.$phpEx), 'S_CONTENT_DIRECTION' => $lang['DIRECTION'], 'S_CONTENT_ENCODING' => $lang['ENCODING'], 'S_CONTENT_DIR_LEFT' => $lang['LEFT'], 'S_CONTENT_DIR_RIGHT' => $lang['RIGHT'], ! 'S_TIMEZONE' => sprintf($lang['All_times'], $l_timezone), 'S_LOGIN_ACTION' => append_sid('login.'.$phpEx), 'T_HEAD_STYLESHEET' => $theme['head_stylesheet'], *************** *** 446,454 **** } } ! header ('Cache-Control: private, pre-check=0, post-check=0, max-age=0'); ! header ('Expires: ' . gmdate('D, d M Y H:i:s', time()) . ' GMT'); ! header ('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT'); $template->pparse('overall_header'); --- 461,481 ---- } } ! // Add no-cache control for cookies if they are set ! //$c_no_cache = (isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_sid']) || isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_data'])) ? 'no-cache="set-cookie", ' : ''; ! ! // Work around for "current" Apache 2 + PHP module which seems to not ! // cope with private cache control setting ! if (!empty($HTTP_SERVER_VARS['SERVER_SOFTWARE']) && strstr($HTTP_SERVER_VARS['SERVER_SOFTWARE'], 'Apache/2')) ! { ! header ('Cache-Control: no-cache, pre-check=0, post-check=0'); ! } ! else ! { ! header ('Cache-Control: private, pre-check=0, post-check=0, max-age=0'); ! } ! header ('Expires: 0'); ! header ('Pragma: no-cache'); $template->pparse('overall_header'); diff -crN phpbb203/includes/page_tail.php phpbb2017/includes/page_tail.php *** phpbb203/includes/page_tail.php Sat Jul 10 20:16:19 2004 --- phpbb2017/includes/page_tail.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: page_tail.php,v 1.27.2.1 2002/05/12 00:47:41 psotfx Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: page_tail.php,v 1.27.2.3 2004/12/22 02:04:00 psotfx Exp $ * * ***************************************************************************/ *************** *** 28,42 **** // // Show the overall footer. // ! $admin_link = ( $userdata['user_level'] == ADMIN ) ? '' . $lang['Admin_panel'] . '

' : ''; $template->set_filenames(array( 'overall_footer' => ( empty($gen_simple_header) ) ? 'overall_footer.tpl' : 'simple_footer.tpl') ); $template->assign_vars(array( ! 'PHPBB_VERSION' => '2' . $board_config['version'], ! 'TRANSLATION_INFO' => ( isset($lang['TRANSLATION_INFO']) ) ? $lang['TRANSLATION_INFO'] : '', 'ADMIN_LINK' => $admin_link) ); --- 28,41 ---- // // Show the overall footer. // ! $admin_link = ( $userdata['user_level'] == ADMIN ) ? '' . $lang['Admin_panel'] . '

' : ''; $template->set_filenames(array( 'overall_footer' => ( empty($gen_simple_header) ) ? 'overall_footer.tpl' : 'simple_footer.tpl') ); $template->assign_vars(array( ! 'TRANSLATION_INFO' => ( isset($lang['TRANSLATION_INFO']) ) ? $lang['TRANSLATION_INFO'] : '', 'ADMIN_LINK' => $admin_link) ); diff -crN phpbb203/includes/prune.php phpbb2017/includes/prune.php *** phpbb203/includes/prune.php Sat Jul 10 20:16:19 2004 --- phpbb2017/includes/prune.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: prune.php,v 1.19 2002/04/04 11:51:25 psotfx Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: prune.php,v 1.19.2.6 2003/03/18 23:23:57 acydburn Exp $ * * ***************************************************************************/ *************** *** 27,44 **** require($phpbb_root_path . 'includes/functions_search.'.$phpEx); ! function prune($forum_id, $prune_date) { global $db, $lang; // ! // Those without polls ... // $sql = "SELECT t.topic_id FROM " . POSTS_TABLE . " p, " . TOPICS_TABLE . " t WHERE t.forum_id = $forum_id ! AND t.topic_vote = 0 ! AND t.topic_type <> " . POST_ANNOUNCE . " AND ( p.post_id = t.topic_last_post_id OR t.topic_last_post_id = 0 )"; if ( $prune_date != '' ) --- 27,44 ---- require($phpbb_root_path . 'includes/functions_search.'.$phpEx); ! function prune($forum_id, $prune_date, $prune_all = false) { global $db, $lang; + $prune_all = ($prune_all) ? '' : 'AND t.topic_vote = 0 AND t.topic_type <> ' . POST_ANNOUNCE; // ! // Those without polls and announcements ... unless told otherwise! // $sql = "SELECT t.topic_id FROM " . POSTS_TABLE . " p, " . TOPICS_TABLE . " t WHERE t.forum_id = $forum_id ! $prune_all AND ( p.post_id = t.topic_last_post_id OR t.topic_last_post_id = 0 )"; if ( $prune_date != '' ) *************** *** 56,61 **** --- 56,62 ---- { $sql_topics .= ( ( $sql_topics != '' ) ? ', ' : '' ) . $row['topic_id']; } + $db->sql_freeresult($result); if( $sql_topics != '' ) { *************** *** 73,85 **** { $sql_post .= ( ( $sql_post != '' ) ? ', ' : '' ) . $row['post_id']; } if ( $sql_post != '' ) { ! $sql = "DELETE FROM " . TOPICS_TABLE . " WHERE topic_id IN ($sql_topics)"; if ( !$db->sql_query($sql, BEGIN_TRANSACTION) ) { message_die(GENERAL_ERROR, 'Could not delete topics during prune', '', __LINE__, __FILE__, $sql); } --- 74,94 ---- { $sql_post .= ( ( $sql_post != '' ) ? ', ' : '' ) . $row['post_id']; } + $db->sql_freeresult($result); if ( $sql_post != '' ) { ! $sql = "DELETE FROM " . TOPICS_WATCH_TABLE . " WHERE topic_id IN ($sql_topics)"; if ( !$db->sql_query($sql, BEGIN_TRANSACTION) ) { + message_die(GENERAL_ERROR, 'Could not delete watched topics during prune', '', __LINE__, __FILE__, $sql); + } + + $sql = "DELETE FROM " . TOPICS_TABLE . " + WHERE topic_id IN ($sql_topics)"; + if ( !$db->sql_query($sql) ) + { message_die(GENERAL_ERROR, 'Could not delete topics during prune', '', __LINE__, __FILE__, $sql); } *************** *** 99,111 **** if ( !$db->sql_query($sql) ) { message_die(GENERAL_ERROR, 'Could not delete post during prune', '', __LINE__, __FILE__, $sql); - } - - $sql = "DELETE FROM " . SEARCH_MATCH_TABLE . " - WHERE post_id IN ($sql_post)"; - if ( !$db->sql_query($sql) ) - { - message_die(GENERAL_ERROR, 'Could not delete search matches', '', __LINE__, __FILE__, $sql); } remove_search_post($sql_post); --- 108,113 ---- diff -crN phpbb203/includes/sessions.php phpbb2017/includes/sessions.php *** phpbb203/includes/sessions.php Sat Jul 10 20:16:19 2004 --- phpbb2017/includes/sessions.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: sessions.php,v 1.58.2.6 2002/07/19 22:19:08 psotfx Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: sessions.php,v 1.58.2.14 2005/05/06 20:50:11 acydburn Exp $ * * ***************************************************************************/ *************** *** 24,30 **** // Adds/updates a new session to the database for the given userid. // Returns the new session ID on success. // ! function session_begin($user_id, $user_ip, $page_id, $auto_create = 0, $enable_autologin = 0) { global $db, $board_config; global $HTTP_COOKIE_VARS, $HTTP_GET_VARS, $SID; --- 24,30 ---- // Adds/updates a new session to the database for the given userid. // Returns the new session ID on success. // ! function session_begin($user_id, $user_ip, $page_id, $auto_create = 0, $enable_autologin = 0, $admin = 0) { global $db, $board_config; global $HTTP_COOKIE_VARS, $HTTP_GET_VARS, $SID; *************** *** 37,52 **** if ( isset($HTTP_COOKIE_VARS[$cookiename . '_sid']) || isset($HTTP_COOKIE_VARS[$cookiename . '_data']) ) { $session_id = isset($HTTP_COOKIE_VARS[$cookiename . '_sid']) ? $HTTP_COOKIE_VARS[$cookiename . '_sid'] : ''; ! $sessiondata = isset($HTTP_COOKIE_VARS[$cookiename . '_data']) ? unserialize(stripslashes($HTTP_COOKIE_VARS[$cookiename . '_data'])) : ''; $sessionmethod = SESSION_METHOD_COOKIE; } else { ! $sessiondata = ''; $session_id = ( isset($HTTP_GET_VARS['sid']) ) ? $HTTP_GET_VARS['sid'] : ''; $sessionmethod = SESSION_METHOD_GET; } $last_visit = 0; $current_time = time(); $expiry_time = $current_time - $board_config['session_length']; --- 37,60 ---- if ( isset($HTTP_COOKIE_VARS[$cookiename . '_sid']) || isset($HTTP_COOKIE_VARS[$cookiename . '_data']) ) { $session_id = isset($HTTP_COOKIE_VARS[$cookiename . '_sid']) ? $HTTP_COOKIE_VARS[$cookiename . '_sid'] : ''; ! $sessiondata = isset($HTTP_COOKIE_VARS[$cookiename . '_data']) ? unserialize(stripslashes($HTTP_COOKIE_VARS[$cookiename . '_data'])) : array(); $sessionmethod = SESSION_METHOD_COOKIE; } else { ! $sessiondata = array(); $session_id = ( isset($HTTP_GET_VARS['sid']) ) ? $HTTP_GET_VARS['sid'] : ''; $sessionmethod = SESSION_METHOD_GET; } + // + if (!preg_match('/^[A-Za-z0-9]*$/', $session_id)) + { + $session_id = ''; + } + + $page_id = (int) $page_id; + $last_visit = 0; $current_time = time(); $expiry_time = $current_time - $board_config['session_length']; *************** *** 73,79 **** if ( isset($sessiondata['autologinid']) && $userdata['user_active'] ) { // We have to login automagically ! if( $sessiondata['autologinid'] == $auto_login_key ) { // autologinid matches password $login = 1; --- 81,87 ---- if ( isset($sessiondata['autologinid']) && $userdata['user_active'] ) { // We have to login automagically ! if( $sessiondata['autologinid'] === $auto_login_key ) { // autologinid matches password $login = 1; *************** *** 84,90 **** // No match; don't login, set as anonymous user $login = 0; $enable_autologin = 0; ! $user_id = ANONYMOUS; } } else --- 92,103 ---- // No match; don't login, set as anonymous user $login = 0; $enable_autologin = 0; ! $user_id = $userdata['user_id'] = ANONYMOUS; ! ! $sql = 'SELECT * FROM ' . USERS_TABLE . ' WHERE user_id = ' . ANONYMOUS; ! $result = $db->sql_query($sql); ! $userdata = $db->sql_fetchrow($result); ! $db->sql_freeresult($result); } } else *************** *** 92,98 **** // Autologin is not set. Don't login, set as anonymous user $login = 0; $enable_autologin = 0; ! $user_id = ANONYMOUS; } } else --- 105,116 ---- // Autologin is not set. Don't login, set as anonymous user $login = 0; $enable_autologin = 0; ! $user_id = $userdata['user_id'] = ANONYMOUS; ! ! $sql = 'SELECT * FROM ' . USERS_TABLE . ' WHERE user_id = ' . ANONYMOUS; ! $result = $db->sql_query($sql); ! $userdata = $db->sql_fetchrow($result); ! $db->sql_freeresult($result); } } else *************** *** 137,152 **** // Create or update the session // $sql = "UPDATE " . SESSIONS_TABLE . " ! SET session_user_id = $user_id, session_start = $current_time, session_time = $current_time, session_page = $page_id, session_logged_in = $login WHERE session_id = '" . $session_id . "' AND session_ip = '$user_ip'"; if ( !$db->sql_query($sql) || !$db->sql_affectedrows() ) { ! $session_id = md5(uniqid($user_ip)); $sql = "INSERT INTO " . SESSIONS_TABLE . " ! (session_id, session_user_id, session_start, session_time, session_ip, session_page, session_logged_in) ! VALUES ('$session_id', $user_id, $current_time, $current_time, '$user_ip', $page_id, $login)"; if ( !$db->sql_query($sql) ) { message_die(CRITICAL_ERROR, 'Error creating new session', '', __LINE__, __FILE__, $sql); --- 155,172 ---- // Create or update the session // $sql = "UPDATE " . SESSIONS_TABLE . " ! SET session_user_id = $user_id, session_start = $current_time, session_time = $current_time, session_page = $page_id, session_logged_in = $login, session_admin = $admin WHERE session_id = '" . $session_id . "' AND session_ip = '$user_ip'"; if ( !$db->sql_query($sql) || !$db->sql_affectedrows() ) { ! list($sec, $usec) = explode(' ', microtime()); ! mt_srand((float) $sec + ((float) $usec * 100000)); ! $session_id = md5(uniqid(mt_rand(), true)); $sql = "INSERT INTO " . SESSIONS_TABLE . " ! (session_id, session_user_id, session_start, session_time, session_ip, session_page, session_logged_in, session_admin) ! VALUES ('$session_id', $user_id, $current_time, $current_time, '$user_ip', $page_id, $login, $admin)"; if ( !$db->sql_query($sql) ) { message_die(CRITICAL_ERROR, 'Error creating new session', '', __LINE__, __FILE__, $sql); *************** *** 157,173 **** {// ( $userdata['user_session_time'] > $expiry_time && $auto_create ) ? $userdata['user_lastvisit'] : ( $last_visit = ( $userdata['user_session_time'] > 0 ) ? $userdata['user_session_time'] : $current_time; ! $sql = "UPDATE " . USERS_TABLE . " ! SET user_session_time = $current_time, user_session_page = $page_id, user_lastvisit = $last_visit ! WHERE user_id = $user_id"; ! if ( !$db->sql_query($sql) ) { ! message_die(CRITICAL_ERROR, 'Error updating last visit time', '', __LINE__, __FILE__, $sql); } $userdata['user_lastvisit'] = $last_visit; ! $sessiondata['autologinid'] = ( $enable_autologin && $sessionmethod == SESSION_METHOD_COOKIE ) ? $auto_login_key : ''; $sessiondata['userid'] = $user_id; } --- 177,196 ---- {// ( $userdata['user_session_time'] > $expiry_time && $auto_create ) ? $userdata['user_lastvisit'] : ( $last_visit = ( $userdata['user_session_time'] > 0 ) ? $userdata['user_session_time'] : $current_time; ! if (!$admin) { ! $sql = "UPDATE " . USERS_TABLE . " ! SET user_session_time = $current_time, user_session_page = $page_id, user_lastvisit = $last_visit ! WHERE user_id = $user_id"; ! if ( !$db->sql_query($sql) ) ! { ! message_die(CRITICAL_ERROR, 'Error updating last visit time', '', __LINE__, __FILE__, $sql); ! } } $userdata['user_lastvisit'] = $last_visit; ! $sessiondata['autologinid'] = (!$admin) ? (( $enable_autologin && $sessionmethod == SESSION_METHOD_COOKIE ) ? $auto_login_key : '') : $sessiondata['autologinid']; $sessiondata['userid'] = $user_id; } *************** *** 178,188 **** $userdata['session_page'] = $page_id; $userdata['session_start'] = $current_time; $userdata['session_time'] = $current_time; setcookie($cookiename . '_data', serialize($sessiondata), $current_time + 31536000, $cookiepath, $cookiedomain, $cookiesecure); setcookie($cookiename . '_sid', $session_id, 0, $cookiepath, $cookiedomain, $cookiesecure); ! $SID = ( $sessionmethod == SESSION_METHOD_GET ) ? 'sid=' . $session_id : ''; return $userdata; } --- 201,212 ---- $userdata['session_page'] = $page_id; $userdata['session_start'] = $current_time; $userdata['session_time'] = $current_time; + $userdata['session_admin'] = $admin; setcookie($cookiename . '_data', serialize($sessiondata), $current_time + 31536000, $cookiepath, $cookiedomain, $cookiesecure); setcookie($cookiename . '_sid', $session_id, 0, $cookiepath, $cookiedomain, $cookiesecure); ! $SID = 'sid=' . $session_id; return $userdata; } *************** *** 206,222 **** if ( isset($HTTP_COOKIE_VARS[$cookiename . '_sid']) || isset($HTTP_COOKIE_VARS[$cookiename . '_data']) ) { ! $sessiondata = isset( $HTTP_COOKIE_VARS[$cookiename . '_data'] ) ? unserialize(stripslashes($HTTP_COOKIE_VARS[$cookiename . '_data'])) : ''; $session_id = isset( $HTTP_COOKIE_VARS[$cookiename . '_sid'] ) ? $HTTP_COOKIE_VARS[$cookiename . '_sid'] : ''; $sessionmethod = SESSION_METHOD_COOKIE; } else { ! $sessiondata = ''; $session_id = ( isset($HTTP_GET_VARS['sid']) ) ? $HTTP_GET_VARS['sid'] : ''; $sessionmethod = SESSION_METHOD_GET; } // // Does a session exist? // --- 230,254 ---- if ( isset($HTTP_COOKIE_VARS[$cookiename . '_sid']) || isset($HTTP_COOKIE_VARS[$cookiename . '_data']) ) { ! $sessiondata = isset( $HTTP_COOKIE_VARS[$cookiename . '_data'] ) ? unserialize(stripslashes($HTTP_COOKIE_VARS[$cookiename . '_data'])) : array(); $session_id = isset( $HTTP_COOKIE_VARS[$cookiename . '_sid'] ) ? $HTTP_COOKIE_VARS[$cookiename . '_sid'] : ''; $sessionmethod = SESSION_METHOD_COOKIE; } else { ! $sessiondata = array(); $session_id = ( isset($HTTP_GET_VARS['sid']) ) ? $HTTP_GET_VARS['sid'] : ''; $sessionmethod = SESSION_METHOD_GET; } + // + if (!preg_match('/^[A-Za-z0-9]*$/', $session_id)) + { + $session_id = ''; + } + + $thispage_id = (int) $thispage_id; + // // Does a session exist? // *************** *** 250,266 **** $ip_check_s = substr($userdata['session_ip'], 0, 6); $ip_check_u = substr($user_ip, 0, 6); ! if ( $ip_check_s == $ip_check_u ) { ! $SID = ( $sessionmethod == SESSION_METHOD_GET ) ? 'sid=' . $session_id : ''; // // Only update session DB a minute or so after last update // if ( $current_time - $userdata['session_time'] > 60 ) { $sql = "UPDATE " . SESSIONS_TABLE . " ! SET session_time = $current_time, session_page = $thispage_id WHERE session_id = '" . $userdata['session_id'] . "'"; if ( !$db->sql_query($sql) ) { --- 282,301 ---- $ip_check_s = substr($userdata['session_ip'], 0, 6); $ip_check_u = substr($user_ip, 0, 6); ! if ($ip_check_s == $ip_check_u) { ! $SID = ($sessionmethod == SESSION_METHOD_GET || defined('IN_ADMIN')) ? 'sid=' . $session_id : ''; // // Only update session DB a minute or so after last update // if ( $current_time - $userdata['session_time'] > 60 ) { + // A little trick to reset session_admin on session re-usage + $update_admin = (!defined('IN_ADMIN') && $current_time - $userdata['session_time'] > ($board_config['session_length']+60)) ? ', session_admin = 0' : ''; + $sql = "UPDATE " . SESSIONS_TABLE . " ! SET session_time = $current_time, session_page = $thispage_id$update_admin WHERE session_id = '" . $userdata['session_id'] . "'"; if ( !$db->sql_query($sql) ) { *************** *** 270,276 **** if ( $userdata['user_id'] != ANONYMOUS ) { $sql = "UPDATE " . USERS_TABLE . " ! SET user_session_time = $current_time, user_session_page = $thispage_id WHERE user_id = " . $userdata['user_id']; if ( !$db->sql_query($sql) ) { --- 305,311 ---- if ( $userdata['user_id'] != ANONYMOUS ) { $sql = "UPDATE " . USERS_TABLE . " ! SET user_session_time = $current_time, user_session_page = $thispage_id WHERE user_id = " . $userdata['user_id']; if ( !$db->sql_query($sql) ) { *************** *** 282,287 **** --- 317,323 ---- // Delete expired sessions // $expiry_time = $current_time - $board_config['session_length']; + $sql = "DELETE FROM " . SESSIONS_TABLE . " WHERE session_time < $expiry_time AND session_id <> '$session_id'"; *************** *** 329,334 **** --- 365,372 ---- $cookiedomain = $board_config['cookie_domain']; $cookiesecure = $board_config['cookie_secure']; + $current_time = time(); + // // Pull cookiedata or grab the URI propagated sid // *************** *** 343,348 **** --- 381,391 ---- $sessionmethod = SESSION_METHOD_GET; } + if (!preg_match('/^[A-Za-z0-9]*$/', $session_id)) + { + return; + } + // // Delete existing session // *************** *** 370,381 **** { global $SID; ! if ( !empty($SID) && !eregi('sid=', $url) ) { $url .= ( ( strpos($url, '?') != false ) ? ( ( $non_html_amp ) ? '&' : '&' ) : '?' ) . $SID; } ! return($url); } ?> --- 413,424 ---- { global $SID; ! if ( !empty($SID) && !preg_match('#sid=#', $url) ) { $url .= ( ( strpos($url, '?') != false ) ? ( ( $non_html_amp ) ? '&' : '&' ) : '?' ) . $SID; } ! return $url; } ?> diff -crN phpbb203/includes/smtp.php phpbb2017/includes/smtp.php *** phpbb203/includes/smtp.php Sat Jul 10 20:16:19 2004 --- phpbb2017/includes/smtp.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: smtp.php,v 1.16.2.1 2002/07/19 13:48:24 psotfx Exp $ * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: smtp.php,v 1.16.2.10 2005/05/06 20:50:11 acydburn Exp $ * ***************************************************************************/ *************** *** 20,73 **** ***************************************************************************/ define('SMTP_INCLUDED', 1); // // This function has been modified as provided // by SirSir to allow multiline responses when // using SMTP Extensions // ! function server_parse($socket, $response) { ! while ( substr($server_response,3,1) != ' ' ) ! { ! if( !( $server_response = fgets($socket, 256) ) ) ! { ! message_die(GENERAL_ERROR, "Couldn't get mail server response codes", "", __LINE__, __FILE__); ! } ! } ! ! if( !( substr($server_response, 0, 3) == $response ) ) ! { ! message_die(GENERAL_ERROR, "Ran into problems sending Mail. Response: $server_response", "", __LINE__, __FILE__); ! } ! } ! ! /**************************************************************************** ! * Function: smtpmail ! * Description: This is a functional replacement for php's builtin mail ! * function, that uses smtp. ! * Usage: The usage for this function is identical to that of php's ! * built in mail function. ! ****************************************************************************/ ! function smtpmail($mail_to, $subject, $message, $headers = "") { - // For now I'm using an array based $smtp_vars to hold the smtp server - // info, but it should probably change to $board_config... - // then the relevant info would be $board_config['smtp_host'] and - // $board_config['smtp_port']. global $board_config; - // // Fix any bare linefeeds in the message to make it RFC821 Compliant. ! // ! $message = preg_replace("/(? 1) { ! $headers = join("\r\n", $headers); } else { --- 20,62 ---- ***************************************************************************/ define('SMTP_INCLUDED', 1); + // // This function has been modified as provided // by SirSir to allow multiline responses when // using SMTP Extensions // ! function server_parse($socket, $response, $line = __LINE__) { ! while (substr($server_response, 3, 1) != ' ') ! { ! if (!($server_response = fgets($socket, 256))) ! { ! message_die(GENERAL_ERROR, "Couldn't get mail server response codes", "", $line, __FILE__); ! } ! } ! ! if (!(substr($server_response, 0, 3) == $response)) ! { ! message_die(GENERAL_ERROR, "Ran into problems sending Mail. Response: $server_response", "", $line, __FILE__); ! } ! } ! ! // Replacement or substitute for PHP's mail command ! function smtpmail($mail_to, $subject, $message, $headers = '') { global $board_config; // Fix any bare linefeeds in the message to make it RFC821 Compliant. ! $message = preg_replace("#(? 1) { ! $headers = join("\n", $headers); } else { *************** *** 76,215 **** } $headers = chop($headers); - // // Make sure there are no bare linefeeds in the headers ! // ! $headers = preg_replace("/(?\r\n"); ! server_parse($socket, "250"); // Specify each user to send to and build to header. ! $to_header = "To: "; ! @reset( $mail_to_array ); ! while( list( , $mail_to_address ) = each( $mail_to_array )) ! { ! // ! // Add an additional bit of error checking to the To field. ! // ! $mail_to_address = trim($mail_to_address); ! if ( preg_match('/[^ ]+\@[^ ]+/', $mail_to_address) ) ! { ! fputs( $socket, "RCPT TO: <$mail_to_address>\r\n" ); ! server_parse( $socket, "250" ); ! } ! $to_header .= ( ( $mail_to_address != '' ) ? ', ' : '' ) . "<$mail_to_address>"; } // Ok now do the CC and BCC fields... ! @reset( $bcc ); ! while( list( , $bcc_address ) = each( $bcc )) { - // // Add an additional bit of error checking to bcc header... ! // ! $bcc_address = trim( $bcc_address ); ! if ( preg_match('/[^ ]+\@[^ ]+/', $bcc_address) ) { ! fputs( $socket, "RCPT TO: <$bcc_address>\r\n" ); ! server_parse( $socket, "250" ); } } ! @reset( $cc ); ! while( list( , $cc_address ) = each( $cc )) { - // // Add an additional bit of error checking to cc header ! // ! $cc_address = trim( $cc_address ); ! if ( preg_match('/[^ ]+\@[^ ]+/', $cc_address) ) { fputs($socket, "RCPT TO: <$cc_address>\r\n"); ! server_parse($socket, "250"); } } // Ok now we tell the server we are ready to start sending data fputs($socket, "DATA\r\n"); // This is the last response code we look for until the end of the message. ! server_parse($socket, "354"); // Send the Subject Line... fputs($socket, "Subject: $subject\r\n"); // Now the To Header. ! fputs($socket, "$to_header\r\n"); // Now any custom headers.... fputs($socket, "$headers\r\n\r\n"); --- 65,193 ---- } $headers = chop($headers); // Make sure there are no bare linefeeds in the headers ! $headers = preg_replace('#(?\r\n"); ! server_parse($socket, "250", __LINE__); // Specify each user to send to and build to header. ! $to_header = ''; ! ! // Add an additional bit of error checking to the To field. ! $mail_to = (trim($mail_to) == '') ? 'Undisclosed-recipients:;' : trim($mail_to); ! if (preg_match('#[^ ]+\@[^ ]+#', $mail_to)) ! { ! fputs($socket, "RCPT TO: <$mail_to>\r\n"); ! server_parse($socket, "250", __LINE__); } + // Ok now do the CC and BCC fields... ! @reset($bcc); ! while(list(, $bcc_address) = each($bcc)) { // Add an additional bit of error checking to bcc header... ! $bcc_address = trim($bcc_address); ! if (preg_match('#[^ ]+\@[^ ]+#', $bcc_address)) { ! fputs($socket, "RCPT TO: <$bcc_address>\r\n"); ! server_parse($socket, "250", __LINE__); } } ! ! @reset($cc); ! while(list(, $cc_address) = each($cc)) { // Add an additional bit of error checking to cc header ! $cc_address = trim($cc_address); ! if (preg_match('#[^ ]+\@[^ ]+#', $cc_address)) { fputs($socket, "RCPT TO: <$cc_address>\r\n"); ! server_parse($socket, "250", __LINE__); } } + // Ok now we tell the server we are ready to start sending data fputs($socket, "DATA\r\n"); // This is the last response code we look for until the end of the message. ! server_parse($socket, "354", __LINE__); // Send the Subject Line... fputs($socket, "Subject: $subject\r\n"); // Now the To Header. ! fputs($socket, "To: $mail_to\r\n"); // Now any custom headers.... fputs($socket, "$headers\r\n\r\n"); *************** *** 219,225 **** // Ok the all the ingredients are mixed in let's cook this puppy... fputs($socket, ".\r\n"); ! server_parse($socket, "250"); // Now tell the server we are done and close the socket... fputs($socket, "QUIT\r\n"); --- 197,203 ---- // Ok the all the ingredients are mixed in let's cook this puppy... fputs($socket, ".\r\n"); ! server_parse($socket, "250", __LINE__); // Now tell the server we are done and close the socket... fputs($socket, "QUIT\r\n"); *************** *** 228,231 **** return TRUE; } ! ?> --- 206,209 ---- return TRUE; } ! ?> \ No newline at end of file diff -crN phpbb203/includes/template.php phpbb2017/includes/template.php *** phpbb203/includes/template.php Sat Jul 10 20:16:19 2004 --- phpbb2017/includes/template.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: template.php,v 1.10 2002/04/02 21:13:47 the_systech Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: template.php,v 1.10.2.5 2005/05/06 20:50:11 acydburn Exp $ * * ***************************************************************************/ *************** *** 230,236 **** // Check if it's an absolute or relative path. if (substr($filename, 0, 1) != '/') { ! $filename = $this->root . '/' . $filename; } if (!file_exists($filename)) --- 230,236 ---- // Check if it's an absolute or relative path. if (substr($filename, 0, 1) != '/') { ! $filename = ($rp_filename = phpbb_realpath($this->root . '/' . $filename)) ? $rp_filename : $filename; } if (!file_exists($filename)) *************** *** 331,337 **** if ($block_nesting_level < 2) { // Block is not nested. ! $code_lines[$i] = '$_' . $a[1] . '_count = ( isset($this->_tpldata[\'' . $n[1] . '.\']) ) ? sizeof($this->_tpldata[\'' . $n[1] . '.\']) : 0;'; $code_lines[$i] .= "\n" . 'for ($_' . $n[1] . '_i = 0; $_' . $n[1] . '_i < $_' . $n[1] . '_count; $_' . $n[1] . '_i++)'; $code_lines[$i] .= "\n" . '{'; } --- 331,337 ---- if ($block_nesting_level < 2) { // Block is not nested. ! $code_lines[$i] = '$_' . $n[1] . '_count = ( isset($this->_tpldata[\'' . $n[1] . '.\']) ) ? sizeof($this->_tpldata[\'' . $n[1] . '.\']) : 0;'; $code_lines[$i] .= "\n" . 'for ($_' . $n[1] . '_i = 0; $_' . $n[1] . '_i < $_' . $n[1] . '_count; $_' . $n[1] . '_i++)'; $code_lines[$i] .= "\n" . '{'; } *************** *** 347,353 **** // current indices of all parent blocks. $varref = $this->generate_block_data_ref($namespace, false); // Create the for loop code to iterate over this block. ! $code_lines[$i] = '$_' . $a[1] . '_count = ( isset(' . $varref . ') ) ? sizeof(' . $varref . ') : 0;'; $code_lines[$i] .= "\n" . 'for ($_' . $n[1] . '_i = 0; $_' . $n[1] . '_i < $_' . $n[1] . '_count; $_' . $n[1] . '_i++)'; $code_lines[$i] .= "\n" . '{'; } --- 347,353 ---- // current indices of all parent blocks. $varref = $this->generate_block_data_ref($namespace, false); // Create the for loop code to iterate over this block. ! $code_lines[$i] = '$_' . $n[1] . '_count = ( isset(' . $varref . ') ) ? sizeof(' . $varref . ') : 0;'; $code_lines[$i] .= "\n" . 'for ($_' . $n[1] . '_i = 0; $_' . $n[1] . '_i < $_' . $n[1] . '_count; $_' . $n[1] . '_i++)'; $code_lines[$i] .= "\n" . '{'; } *************** *** 475,478 **** } ! ?> --- 475,478 ---- } ! ?> \ No newline at end of file diff -crN phpbb203/includes/topic_review.php phpbb2017/includes/topic_review.php *** phpbb203/includes/topic_review.php Sat Jul 10 20:16:19 2004 --- phpbb2017/includes/topic_review.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: topic_review.php,v 1.5.2.1 2002/05/03 15:58:35 the_systech Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: topic_review.php,v 1.5.2.4 2005/05/06 20:50:12 acydburn Exp $ * * ***************************************************************************/ *************** *** 30,38 **** if ( !$is_inline_review ) { ! if ( !isset($topic_id) ) { ! message_die(GENERAL_MESSAGE, 'Topic_not_exist'); } // --- 30,38 ---- if ( !$is_inline_review ) { ! if ( !isset($topic_id) || !$topic_id) { ! message_die(GENERAL_MESSAGE, 'Topic_post_not_exist'); } // *************** *** 51,56 **** --- 51,57 ---- { message_die(GENERAL_MESSAGE, 'Topic_post_not_exist'); } + $db->sql_freeresult($result); $forum_id = $forum_row['forum_id']; $topic_title = $forum_row['topic_title']; *************** *** 207,212 **** --- 208,214 ---- { message_die(GENERAL_MESSAGE, 'Topic_post_not_exist', '', __LINE__, __FILE__, $sql); } + $db->sql_freeresult($result); $template->assign_vars(array( 'L_AUTHOR' => $lang['Author'], *************** *** 223,226 **** } } ! ?> --- 225,228 ---- } } ! ?> \ No newline at end of file diff -crN phpbb203/includes/usercp_activate.php phpbb2017/includes/usercp_activate.php *** phpbb203/includes/usercp_activate.php Sat Jul 10 20:16:19 2004 --- phpbb2017/includes/usercp_activate.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: usercp_activate.php,v 1.6.2.3 2002/05/20 00:21:38 psotfx Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: usercp_activate.php,v 1.6.2.8 2005/07/19 20:01:16 acydburn Exp $ * * ***************************************************************************/ *************** *** 27,33 **** exit; } ! $sql = "SELECT user_active, user_id, user_email, user_newpasswd, user_lang, user_actkey FROM " . USERS_TABLE . " WHERE user_id = " . intval($HTTP_GET_VARS[POST_USERS_URL]); if ( !($result = $db->sql_query($sql)) ) --- 27,33 ---- exit; } ! $sql = "SELECT user_active, user_id, username, user_email, user_newpasswd, user_lang, user_actkey FROM " . USERS_TABLE . " WHERE user_id = " . intval($HTTP_GET_VARS[POST_USERS_URL]); if ( !($result = $db->sql_query($sql)) ) *************** *** 37,43 **** if ( $row = $db->sql_fetchrow($result) ) { ! if ( $row['user_active'] && $row['user_actkey'] == '' ) { $template->assign_vars(array( 'META' => '') --- 37,43 ---- if ( $row = $db->sql_fetchrow($result) ) { ! if ( $row['user_active'] && trim($row['user_actkey']) == '' ) { $template->assign_vars(array( 'META' => '') *************** *** 45,52 **** message_die(GENERAL_MESSAGE, $lang['Already_activated']); } ! else if ( $row['user_actkey'] == $HTTP_GET_VARS['act_key'] ) { $sql_update_pass = ( $row['user_newpasswd'] != '' ) ? ", user_password = '" . str_replace("\'", "''", $row['user_newpasswd']) . "', user_newpasswd = ''" : ''; $sql = "UPDATE " . USERS_TABLE . " --- 45,57 ---- message_die(GENERAL_MESSAGE, $lang['Already_activated']); } ! else if ((trim($row['user_actkey']) == trim($HTTP_GET_VARS['act_key'])) && (trim($row['user_actkey']) != '')) { + if (intval($board_config['require_activation']) == USER_ACTIVATION_ADMIN && $userdata['user_level'] != ADMIN) + { + message_die(GENERAL_MESSAGE, $lang['Not_Authorised']); + } + $sql_update_pass = ( $row['user_newpasswd'] != '' ) ? ", user_password = '" . str_replace("\'", "''", $row['user_newpasswd']) . "', user_newpasswd = ''" : ''; $sql = "UPDATE " . USERS_TABLE . " *************** *** 57,79 **** message_die(GENERAL_ERROR, 'Could not update users table', '', __LINE__, __FILE__, $sql_update); } ! if ( $board_config['require_activation'] == USER_ACTIVATION_ADMIN && $sql_update_pass == '' ) { include($phpbb_root_path . 'includes/emailer.'.$phpEx); $emailer = new emailer($board_config['smtp_delivery']); ! $email_headers = 'From: ' . $board_config['board_email'] . "\nReturn-Path: " . $board_config['board_email'] . "\n"; $emailer->use_template('admin_welcome_activated', $row['user_lang']); $emailer->email_address($row['user_email']); ! $emailer->set_subject();//$lang['Account_activated_subject'] ! $emailer->extra_headers($email_headers); $emailer->assign_vars(array( 'SITENAME' => $board_config['sitename'], ! 'USERNAME' => $username, 'PASSWORD' => $password_confirm, ! 'EMAIL_SIG' => str_replace('
', "\n", "-- \n" . $board_config['board_email_sig'])) ); $emailer->send(); $emailer->reset(); --- 62,84 ---- message_die(GENERAL_ERROR, 'Could not update users table', '', __LINE__, __FILE__, $sql_update); } ! if ( intval($board_config['require_activation']) == USER_ACTIVATION_ADMIN && $sql_update_pass == '' ) { include($phpbb_root_path . 'includes/emailer.'.$phpEx); $emailer = new emailer($board_config['smtp_delivery']); ! $emailer->from($board_config['board_email']); ! $emailer->replyto($board_config['board_email']); $emailer->use_template('admin_welcome_activated', $row['user_lang']); $emailer->email_address($row['user_email']); ! $emailer->set_subject($lang['Account_activated_subject']); $emailer->assign_vars(array( 'SITENAME' => $board_config['sitename'], ! 'USERNAME' => $row['username'], 'PASSWORD' => $password_confirm, ! 'EMAIL_SIG' => (!empty($board_config['board_email_sig'])) ? str_replace('
', "\n", "-- \n" . $board_config['board_email_sig']) : '') ); $emailer->send(); $emailer->reset(); diff -crN phpbb203/includes/usercp_avatar.php phpbb2017/includes/usercp_avatar.php *** phpbb203/includes/usercp_avatar.php Sat Jul 10 20:16:19 2004 --- phpbb2017/includes/usercp_avatar.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: usercp_avatar.php,v 1.8.2.8 2002/08/07 17:20:31 dougk_ff7 Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: usercp_avatar.php,v 1.8.2.21 2005/07/19 20:01:16 acydburn Exp $ * * ***************************************************************************/ *************** *** 51,59 **** { global $board_config, $userdata; if ( $avatar_type == USER_AVATAR_UPLOAD && $avatar_file != '' ) { ! if ( @file_exists('./' . $board_config['avatar_path'] . '/' . $avatar_file) ) { @unlink('./' . $board_config['avatar_path'] . '/' . $avatar_file); } --- 51,60 ---- { global $board_config, $userdata; + $avatar_file = basename($avatar_file); if ( $avatar_type == USER_AVATAR_UPLOAD && $avatar_file != '' ) { ! if ( @file_exists(@phpbb_realpath('./' . $board_config['avatar_path'] . '/' . $avatar_file)) ) { @unlink('./' . $board_config['avatar_path'] . '/' . $avatar_file); } *************** *** 65,71 **** function user_avatar_gallery($mode, &$error, &$error_msg, $avatar_filename) { global $board_config; ! if ( file_exists($board_config['avatar_gallery_path'] . '/' . $avatar_filename) && ($mode == 'editprofile') ) { $return = ", user_avatar = '" . str_replace("\'", "''", $avatar_filename) . "', user_avatar_type = " . USER_AVATAR_GALLERY; } --- 66,79 ---- function user_avatar_gallery($mode, &$error, &$error_msg, $avatar_filename) { global $board_config; ! ! $avatar_filename = str_replace(array('../', '..\\', './', '.\\'), '', $avatar_filename); ! if ($avatar_filename{0} == '/' || $avatar_filename{0} == "\\") ! { ! return ''; ! } ! ! if ( file_exists(@phpbb_realpath($board_config['avatar_gallery_path'] . '/' . $avatar_filename)) && ($mode == 'editprofile') ) { $return = ", user_avatar = '" . str_replace("\'", "''", $avatar_filename) . "', user_avatar_type = " . USER_AVATAR_GALLERY; } *************** *** 78,89 **** function user_avatar_url($mode, &$error, &$error_msg, $avatar_filename) { if ( !preg_match('#^(http)|(ftp):\/\/#i', $avatar_filename) ) { $avatar_filename = 'http://' . $avatar_filename; } ! if ( !preg_match('#^((http)|(ftp):\/\/[a-z0-9\-]+?\.([a-z0-9\-]+\.)+[a-z]+(:[0-9]+)*\/.*?\.(gif|jpg|jpeg|png)$)#is', $avatar_filename) ) { $error = true; $error_msg = ( !empty($error_msg) ) ? $error_msg . '
' . $lang['Wrong_remote_avatar_format'] : $lang['Wrong_remote_avatar_format']; --- 86,99 ---- function user_avatar_url($mode, &$error, &$error_msg, $avatar_filename) { + global $lang; + if ( !preg_match('#^(http)|(ftp):\/\/#i', $avatar_filename) ) { $avatar_filename = 'http://' . $avatar_filename; } ! if ( !preg_match("#^((ht|f)tp://)([^ \?&=\#\"\n\r\t<]*?(\.(jpg|jpeg|gif|png))$)#is", $avatar_filename) ) { $error = true; $error_msg = ( !empty($error_msg) ) ? $error_msg . '
' . $lang['Wrong_remote_avatar_format'] : $lang['Wrong_remote_avatar_format']; *************** *** 96,102 **** function user_avatar_upload($mode, $avatar_mode, &$current_avatar, &$current_type, &$error, &$error_msg, $avatar_filename, $avatar_realname, $avatar_filesize, $avatar_filetype) { ! global $board_config, $user_ip, $db, $lang; $ini_val = ( @phpversion() >= '4.0.0' ) ? 'ini_get' : 'get_cfg_var'; --- 106,112 ---- function user_avatar_upload($mode, $avatar_mode, &$current_avatar, &$current_type, &$error, &$error_msg, $avatar_filename, $avatar_realname, $avatar_filesize, $avatar_filetype) { ! global $board_config, $db, $lang; $ini_val = ( @phpversion() >= '4.0.0' ) ? 'ini_get' : 'get_cfg_var'; *************** *** 130,136 **** } @fclose($fsock); ! if ( !preg_match('/Content-Length\: ([0-9]+)[^\/ ][\s]+/i', $avatar_data, $file_data1) || !preg_match('/Content-Type\: image\/[x\-]*([a-z]+)[\s]+/i', $avatar_data, $file_data2) ) { $error = true; $error_msg = ( !empty($error_msg) ) ? $error_msg . '
' . $lang['File_no_data'] : $lang['File_no_data']; --- 140,146 ---- } @fclose($fsock); ! if (!preg_match('#Content-Length\: ([0-9]+)[^ /][\s]+#i', $avatar_data, $file_data1) || !preg_match('#Content-Type\: image/[x\-]*([a-z]+)[\s]+#i', $avatar_data, $file_data2)) { $error = true; $error_msg = ( !empty($error_msg) ) ? $error_msg . '
' . $lang['File_no_data'] : $lang['File_no_data']; *************** *** 145,151 **** $avatar_data = substr($avatar_data, strlen($avatar_data) - $avatar_filesize, $avatar_filesize); $tmp_path = ( !@$ini_val('safe_mode') ) ? '/tmp' : './' . $board_config['avatar_path'] . '/tmp'; ! $tmp_filename = tempnam($tmp_path, uniqid($user_ip) . '-'); $fptr = @fopen($tmp_filename, 'wb'); $bytes_written = @fwrite($fptr, $avatar_data, $avatar_filesize); --- 155,161 ---- $avatar_data = substr($avatar_data, strlen($avatar_data) - $avatar_filesize, $avatar_filesize); $tmp_path = ( !@$ini_val('safe_mode') ) ? '/tmp' : './' . $board_config['avatar_path'] . '/tmp'; ! $tmp_filename = tempnam($tmp_path, uniqid(rand()) . '-'); $fptr = @fopen($tmp_filename, 'wb'); $bytes_written = @fwrite($fptr, $avatar_data, $avatar_filesize); *************** *** 167,173 **** $error_msg = ( !empty($error_msg) ) ? $error_msg . '
' . $l_avatar_size : $l_avatar_size; } } ! else if ( $avatar_mode == 'local' && file_exists($avatar_filename) && preg_match('/\.(jpg|jpeg|gif|png)$/i', $avatar_realname) ) { if ( $avatar_filesize <= $board_config['avatar_filesize'] && $avatar_filesize > 0 ) { --- 177,183 ---- $error_msg = ( !empty($error_msg) ) ? $error_msg . '
' . $l_avatar_size : $l_avatar_size; } } ! else if ( ( file_exists(@phpbb_realpath($avatar_filename)) ) && preg_match('/\.(jpg|jpeg|gif|png)$/i', $avatar_realname) ) { if ( $avatar_filesize <= $board_config['avatar_filesize'] && $avatar_filesize > 0 ) { *************** *** 191,203 **** return; } ! if ( $width <= $board_config['avatar_max_width'] && $height <= $board_config['avatar_max_height'] ) { ! $new_filename = uniqid($user_ip) . $imgtype; if ( $mode == 'editprofile' && $current_type == USER_AVATAR_UPLOAD && $current_avatar != '' ) { ! if ( file_exists('./' . $board_config['avatar_path'] . '/' . $current_avatar) ) { @unlink('./' . $board_config['avatar_path'] . '/' . $current_avatar); } --- 201,213 ---- return; } ! if ( $width > 0 && $height > 0 && $width <= $board_config['avatar_max_width'] && $height <= $board_config['avatar_max_height'] ) { ! $new_filename = uniqid(rand()) . $imgtype; if ( $mode == 'editprofile' && $current_type == USER_AVATAR_UPLOAD && $current_avatar != '' ) { ! if ( file_exists(@phpbb_realpath('./' . $board_config['avatar_path'] . '/' . $current_avatar)) ) { @unlink('./' . $board_config['avatar_path'] . '/' . $current_avatar); } *************** *** 224,229 **** --- 234,243 ---- $move_file = 'copy'; } + if (!is_uploaded_file($avatar_filename)) + { + message_die(GENERAL_ERROR, 'Unable to upload file', '', __LINE__, __FILE__); + } $move_file($avatar_filename, './' . $board_config['avatar_path'] . "/$new_filename"); } *************** *** 242,248 **** return $avatar_sql; } ! function display_avatar_gallery($mode, &$category, &$user_id, &$email, &$current_email, &$coppa, &$username, &$email, &$new_password, &$cur_password, &$password_confirm, &$icq, &$aim, &$msn, &$yim, &$website, &$location, &$occupation, &$interests, &$signature, &$viewemail, &$notifypm, &$popuppm, &$notifyreply, &$attachsig, &$allowhtml, &$allowbbcode, &$allowsmilies, &$hideonline, &$style, &$language, &$timezone, &$dateformat) { global $board_config, $db, $template, $lang, $images, $theme; global $phpbb_root_path, $phpEx; --- 256,262 ---- return $avatar_sql; } ! function display_avatar_gallery($mode, &$category, &$user_id, &$email, &$current_email, &$coppa, &$username, &$email, &$new_password, &$cur_password, &$password_confirm, &$icq, &$aim, &$msn, &$yim, &$website, &$location, &$occupation, &$interests, &$signature, &$viewemail, &$notifypm, &$popup_pm, &$notifyreply, &$attachsig, &$allowhtml, &$allowbbcode, &$allowsmilies, &$hideonline, &$style, &$language, &$timezone, &$dateformat, &$session_id) { global $board_config, $db, $template, $lang, $images, $theme; global $phpbb_root_path, $phpEx; *************** *** 318,326 **** } } ! $params = array('coppa', 'user_id', 'username', 'email', 'current_email', 'cur_password', 'new_password', 'password_confirm', 'icq', 'aim', 'msn', 'yim', 'website', 'location', 'occupation', 'interests', 'signature', 'viewemail', 'notifypm', 'popuppm', 'notifyreply', 'attachsig', 'allowhtml', 'allowbbcode', 'allowsmilies', 'hideonline', 'style', 'language', 'timezone', 'dateformat'); ! $s_hidden_vars = ''; for($i = 0; $i < count($params); $i++) { --- 332,340 ---- } } ! $params = array('coppa', 'user_id', 'username', 'email', 'current_email', 'cur_password', 'new_password', 'password_confirm', 'icq', 'aim', 'msn', 'yim', 'website', 'location', 'occupation', 'interests', 'signature', 'viewemail', 'notifypm', 'popup_pm', 'notifyreply', 'attachsig', 'allowhtml', 'allowbbcode', 'allowsmilies', 'hideonline', 'style', 'language', 'timezone', 'dateformat'); ! $s_hidden_vars = ''; for($i = 0; $i < count($params); $i++) { *************** *** 342,345 **** return; } ! ?> --- 356,359 ---- return; } ! ?> \ No newline at end of file diff -crN phpbb203/includes/usercp_confirm.php phpbb2017/includes/usercp_confirm.php *** phpbb203/includes/usercp_confirm.php Thu Jan 1 01:00:00 1970 --- phpbb2017/includes/usercp_confirm.php Tue Jul 19 22:14:56 2005 *************** *** 0 **** --- 1,435 ---- + sql_query($sql); + + // If we have a row then grab data else create a new id + if ($row = $db->sql_fetchrow($result)) + { + $db->sql_freeresult($result); + $code = $row['code']; + } + else + { + exit; + } + + // If we can we will generate a single filtered png else we will have to simply + // output six seperate original pngs ... first way is preferable! + if (@extension_loaded('zlib')) + { + $_png = define_filtered_pngs(); + + $total_width = 320; + $total_height = 50; + $img_height = 40; + $img_width = 0; + $l = 0; + + list($usec, $sec) = explode(' ', microtime()); + mt_srand($sec * $usec); + + $char_widths = array(); + for ($i = 0; $i < strlen($code); $i++) + { + $char = $code{$i}; + + $width = mt_rand(0, 4); + $char_widths[] = $width; + $img_width += $_png[$char]['width'] - $width; + } + + $offset_x = mt_rand(0, $total_width - $img_width); + $offset_y = mt_rand(0, $total_height - $img_height); + + $image = ''; + $hold_chars = array(); + for ($i = 0; $i < $total_height; $i++) + { + $image .= chr(0); + + if ($i > $offset_y && $i < $offset_y + $img_height) + { + $j = 0; + + for ($k = 0; $k < $offset_x; $k++) + { + $image .= chr(mt_rand(140, 255)); + } + + for ($k = 0; $k < strlen($code); $k++) + { + $char = $code{$k}; + + if (empty($hold_chars[$char])) + { + $hold_chars[$char] = explode("\n", chunk_split(base64_decode($_png[$char]['data']), $_png[$char]['width'] + 1, "\n")); + } + $image .= randomise(substr($hold_chars[$char][$l], 1), $char_widths[$j]); + $j++; + } + + for ($k = $offset_x + $img_width; $k < $total_width; $k++) + { + $image .= chr(mt_rand(140, 255)); + } + + $l++; + } + else + { + for ($k = 0; $k < $total_width; $k++) + { + $image .= chr(mt_rand(140, 255)); + } + } + + } + unset($hold); + + $image = create_png(gzcompress($image), $total_width, $total_height); + + // Output image + header('Content-Type: image/png'); + header('Cache-control: no-cache, no-store'); + echo $image; + + unset($image); + unset($_png); + exit; + + } + else + { + if (!empty($HTTP_GET_VARS['c'])) + { + $_png = define_raw_pngs(); + + $char = substr($code, intval($HTTP_GET_VARS['c']) - 1, 1); + header('Content-Type: image/png'); + header('Cache-control: no-cache, no-store'); + echo base64_decode($_png[$char]); + + unset($_png); + exit; + } + } + + exit; + + // This is designed to randomise the pixels of the image data within + // certain limits so as to keep it readable. It also varies the image + // width a little + function randomise($scanline, $width) + { + $new_line = ''; + $start = floor($width/2); + $end = strlen($scanline) - ceil($width/2); + + for ($i = $start; $i < $end; $i++) + { + $pixel = ord($scanline{$i}); + + if ($pixel < 190) + { + $new_line .= chr(mt_rand(0, 205)); + } + else if ($pixel > 190) + { + $new_line .= chr(mt_rand(145, 255)); + } + else + { + $new_line .= $scanline{$i}; + } + } + + return $new_line; + } + + // This creates a chunk of the given type, with the given data + // of the given length adding the relevant crc + function png_chunk($length, $type, $data) + { + $raw = $type; + $raw .= $data; + $crc = crc32($raw); + $raw .= pack('C4', $crc >> 24, $crc >> 16, $crc >> 8, $crc); + + return pack('C4', $length >> 24, $length >> 16, $length >> 8, $length) . $raw; + } + + // Creates greyscale 8bit png - The PNG spec can be found at + // http://www.libpng.org/pub/png/spec/PNG-Contents.html we use + // png because it's a fully recognised open standard and supported + // by practically all modern browsers and OSs + function create_png($gzimage, $width, $height) + { + // SIG + $image = pack('C8', 137, 80, 78, 71, 13, 10, 26, 10); + // IHDR + $raw = pack('C4', $width >> 24, $width >> 16, $width >> 8, $width); + $raw .= pack('C4', $height >> 24, $height >> 16, $height >> 8, $height); + $raw .= pack('C5', 8, 0, 0, 0, 0); + $image .= png_chunk(13, 'IHDR', $raw); + // IDAT + $image .= png_chunk(strlen($gzimage), 'IDAT', $gzimage); + // IEND + $image .= png_chunk(0, 'IEND', ''); + + return $image; + } + + // Each 'data' element is base64_encoded uncompressed IDAT + // png image data + function define_filtered_pngs() + { + $_png = array( + '0' => array( + 'data' => 'AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A///////////////////olFAkBAAAGDyA4P///M31/////////////wD////////////////0dAgAAAAAAAAAAAAEcPipFGHn////////////AP//////////////6DAAAAAAAAAAAAAAAAAALSEAN+T///////////8A//////////////xAAAAAAAAAAAAAAAAAAAAAACPA/////////////wD/////////////oAAAAAAAAAAAAAAAAAAAAAAAev//////////////AP////////////8oAAAAAAAAPNj/zDAAAAAAAABD//////////////8A////////////1AAAAAAAABjw////5BAAAAAAAADo/////////////wD///////////+QAAAAAAAAbP//////QgAAAAAAAKj/////////////AP///////////1wAAAAAAACs/////8AXAAAAAAAAcP////////////8A////////////OAAAAAAAAND////dNwAAAAAAAABI/////////////wD///////////8gAAAAAAAA4P//7koACwAAAAAAACT/////////////AP///////////wgAAAAAAAD///VqAwaPAAAAAAAAEP////////////8A////////////AAAAAAAAAP/8kQYDavUAAAAAAAAA/////////////wD///////////8AAAAAAAAA/6kNAEru/wAAAAAAAAD/////////////AP///////////wAAAAAAAADAIwA33f//AAAAAAAAAP////////////8A////////////FAAAAAAAADYAI8D///8AAAAAAAAQ/////////////wD///////////8kAAAAAAAAAA2p////5AAAAAAAACD/////////////AP///////////0gAAAAAAAAFkfz////UAAAAAAAAQP////////////8A////////////cAAAAAAAAET1/////7AAAAAAAABo/////////////wD///////////+oAAAAAAAAXfX/////sAAAAAAAAGj/////////////AAAAALgAAAAAAAAwAAAAAAAAAAAAAAD////////////oAAAAAAAACOT////oEAAAAAAAAOD/////////////AP////////////8+AAAAAAAAKMz/zDQAAAAAAAA0//////////////8A////////////7jgAAAAAAAAAAAAAAAAAAAAAAKT//////////////wD///////////VqAwIAAAAAAAAAAAAAAAAAAAA8////////////////AP//////////rQcDaVEAAAAAAAAAAAAAAAAAKOj///////////////8A///////////nblnu/IAIAAAAAAAAAAAAAFzw/////////////////wD////////////79////+iITCAAAAAgSITg////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////w==', + 'width' => 40 + ), + '1' => array( + 'data' => 'AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////8BAAAAAAAP//////////////////AP////////////////////////9sAAAAAAAA//////////////////8A////////////////////////pAAAAAAAAAD//////////////////wD//////////////////////6wEAAAAAAAAAP//////////////////AP////////////////////h4AAAAAAAAAAAA//////////////////8A//////////////////ygJAAAAAAAAAAAAAD//////////////////wD//////////////9x8HAAAAAAAAAAAAAAAAP//////////////////AP//////////////AAAAAAAAAAAAAAAAAAAA//////////////////8A//////////////8AAAAAAAAAAAAAAAAAAAD//////////////////wD//////////////wAAAAAAAAR4AAAAAAAAAP//////////////////AP//////////////AAAAAAA4zP8AAAAAAAAA//////////////////8A//////////////8AAAA4sP///wAAAAAAAAD//////////////////wD//////////////yR80P//////AAAAAAAAAP//////////////////AP////////////////////////8AAAAAAAAA//////////////////8A/////////////////////////wAAAAAAAAD//////////////////wD/////////////////////////AAAAAAAAAP//////////////////AP////////////////////////8AAAAAAAAA//////////////////8A/////////////////////////wAAAAAAAAD//////////////////wD/////////////////////////AAAAAAAAAP//////////////////AP////////////////////////8AAAAAAAAA//////////////////8A/////////////////////////wAAAAAAAAD//////////////////wD/////////////////////////AAAAAAAAAP//////////////////AP////////////////////////8AAAAAAAAA//////////////////8A/////////////////////////wAAAAAAAAD//////////////////wD/////////////////////////AAAAAAAAAP//////////////////AP////////////////////////8AAAAAAAAA//////////////////8A/////////////////////////wAAAAAAAAD//////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8=', + 'width' => 40 + ), + '2' => array( + 'data' => 'AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP/////////////////okFAkCAAABCBIfNT///////////////////8A///////////////8hAgAAAAAAAAAAAAAAFTo/////////////////wD//////////////1QAAAAAAAAAAAAAAAAAACjo////////////////AP////////////+MAAAAAAAAAAAAAAAAAAAAADj///////////////8A////////////9BAAAAAAAAAAAAAAAAAAAAAAALD//////////////wD///////////+gAAAAAAAAAHjs+KwMAAAAAAAAVP//////////////AP///////////1gAAAAAAABM/////6QAAAAAAAAU//////////////8A////////////KAAAAAAAALj/////+AAAAAAAAAD//////////////wD///////////+MfGBMOCAI8P/////wAAAAAAAACP//////////////AP///////////////////////////5wAAAAAAAAw//////////////8A///////////////////////////oFAAAAAAAAHz//////////////wD/////////////////////////6CgAAAAAAAAE3P//////////////AP///////////////////////9ggAAAAAAAAAHT///////////////8A//////////////////////+0DAAAAAAAAAA8+P///////////////wD/////////////////////gAAAAAAAAAAAKOj/////////////////AP//////////////////9FAAAAAAAAAAADzw//////////////////8A/////////////////+g4AAAAAAAAAABk/P///////////////////wD////////////////oKAAAAAAAAAAMqP//////////////////////AP//////////////6CgAAAAAAAAAMNz///////////////////////8A//////////////g4AAAAAAAAAFT0/////////////////////////wD/////////////bAAAAAAAAABU/P//////////////////////////AP///////////8wAAAAAAAAAAAAAAAAAAAAAAAAA//////////////8A////////////SAAAAAAAAAAAAAAAAAAAAAAAAAD//////////////wD//////////9wAAAAAAAAAAAAAAAAAAAAAAAAAAP//////////////AP//////////hAAAAAAAAAAAAAAAAAAAAAAAAAAA//////////////8A//////////9AAAAAAAAAAAAAAAAAAAAAAAAAAAD//////////////wD//////////xAAAAAAAAAAAAAAAAAAAAAAAAAAAP//////////////AP////////////////////////////////////////////////////8=', + 'width' => 40 + ), + '3' => array( + 'data' => 'AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD////////////////8sGg0FAAAACA4cLz8////////////////////AP//////////////rBgAAAAAAAAAAAAAACTA//////////////////8A/////////////3QAAAAAAAAAAAAAAAAAAASs/////////////////wD///////////+YAAAAAAAAAAAAAAAAAAAAAAjc////////////////AP//////////6AwAAAAAAAAAAAAAAAAAAAAAAGT///////////////8A//////////94AAAAAAAABJDw/8g4AAAAAAAAHP///////////////wD//////////yAAAAAAAACE/////9gAAAAAAAAA////////////////AP///////////NSwiGQ4FOT//////AAAAAAAABD///////////////8A//////////////////////////+YAAAAAAAAVP///////////////wD//////////////////////P/ggAQAAAAAAATM////////////////AP////////////////////9gAAAAAAAAAAAElP////////////////8A/////////////////////0AAAAAAAAAAHLj//////////////////wD/////////////////////OAAAAAAAAAAwkPj/////////////////AP////////////////////8gAAAAAAAAAAAAINj///////////////8A/////////////////////xAAAAAAAAAAAAAAIPD//////////////wD/////////////////////uOz/4HgEAAAAAAAAhP//////////////AP///////////////////////////3wAAAAAAAAw//////////////8A////////////////////////////6AAAAAAAAAj//////////////wD/////////////////////////////AAAAAAAAAP//////////////AP//////////tJh8YEQoDNz//////+AAAAAAAAAY//////////////8A//////////88AAAAAAAAaP//////dAAAAAAAAEz//////////////wD//////////6QAAAAAAAAAdOD/5HQAAAAAAAAApP//////////////AP///////////CgAAAAAAAAAAAAAAAAAAAAAACD4//////////////8A////////////yAQAAAAAAAAAAAAAAAAAAAAEuP///////////////wD/////////////rAQAAAAAAAAAAAAAAAAABJD/////////////////AP//////////////zDQAAAAAAAAAAAAAACTA//////////////////8A/////////////////8BwOCAAAAAUNGi0/P///////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8=', + 'width' => 40 + ), + '4' => array( + 'data' => 'AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP//////////////////////////nAAAAAAAAAD///////////////8A/////////////////////////8AEAAAAAAAAAP///////////////wD////////////////////////gGAAAAAAAAAAA////////////////AP//////////////////////9DAAAAAAAAAAAAD///////////////8A//////////////////////9UAAAAAAAAAAAAAP///////////////wD/////////////////////hAAAAAAAAAAAAAAA////////////////AP///////////////////7QAAAAAAAAAAAAAAAD///////////////8A///////////////////UDAAAAAAUAAAAAAAAAP///////////////wD/////////////////7CQAAAAABMAAAAAAAAAA////////////////AP////////////////xEAAAAAACU/wAAAAAAAAD///////////////8A////////////////cAAAAAAAZP//AAAAAAAAAP///////////////wD//////////////6AAAAAAADz8//8AAAAAAAAA////////////////AP/////////////IBAAAAAAc6P///wAAAAAAAAD///////////////8A////////////5BgAAAAADMz/////AAAAAAAAAP///////////////wD///////////g0AAAAAACk//////8AAAAAAAAA////////////////AP//////////XAAAAAAAfP///////wAAAAAAAAD///////////////8A//////////8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP///////////wD//////////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA////////////AP//////////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD///////////8A//////////8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP///////////wD//////////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA////////////AP//////////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD///////////8A////////////////////////////AAAAAAAAAP///////////////wD///////////////////////////8AAAAAAAAA////////////////AP///////////////////////////wAAAAAAAAD///////////////8A////////////////////////////AAAAAAAAAP///////////////wD///////////////////////////8AAAAAAAAA////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8=', + 'width' => 40 + ), + '5' => array( + 'data' => 'AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP//////////////8AAAAAAAAAAAAAAAAAAAAAAA//////////////8A///////////////MAAAAAAAAAAAAAAAAAAAAAAD//////////////wD//////////////6wAAAAAAAAAAAAAAAAAAAAAAP//////////////AP//////////////iAAAAAAAAAAAAAAAAAAAAAAA//////////////8A//////////////9kAAAAAAAAAAAAAAAAAAAAAAD//////////////wD//////////////0QAAAAAAAAAAAAAAAAAAAAAAP//////////////AP//////////////IAAAAAAAYP////////////////////////////8A//////////////wAAAAAAAB8/////////////////////////////wD/////////////3AAAAAAAAIj/////////////////////////////AP////////////+4AAAAAAAAoLRYHAAEKGTE//////////////////8A/////////////5QAAAAAAAAQAAAAAAAAAABY9P///////////////wD/////////////dAAAAAAAAAAAAAAAAAAAAAA89P//////////////AP////////////9QAAAAAAAAAAAAAAAAAAAAAABg//////////////8A/////////////zAAAAAAAAAAAAAAAAAAAAAAAADQ/////////////wD/////////////IAAAAAAAAGjY/+h4BAAAAAAAAGz/////////////AP//////////////9NS0lHSc//////90AAAAAAAALP////////////8A/////////////////////////////9QAAAAAAAAE/////////////wD//////////////////////////////wAAAAAAAAD/////////////AP/////////////////////////////8AAAAAAAAEP////////////8A////////////pIRwWEAgDOD//////8wAAAAAAAA8/////////////wD///////////9EAAAAAAAAaP//////ZAAAAAAAAHz/////////////AP///////////6QAAAAAAAAAaOD/4GQAAAAAAAAE4P////////////8A/////////////CQAAAAAAAAAAAAAAAAAAAAAAGD//////////////wD/////////////yAQAAAAAAAAAAAAAAAAAAAAc7P//////////////AP//////////////rAwAAAAAAAAAAAAAAAAAGNj///////////////8A////////////////0EAAAAAAAAAAAAAAAFTo/////////////////wD//////////////////8h4QCAAAAAcQHzU////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8=', + 'width' => 40 + ), + '6' => array( + 'data' => 'AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD///////////////////+0ZCwMAAAUNGjI////////////////////AP/////////////////EMAAAAAAAAAAAAABM6P////////////////8A////////////////lAQAAAAAAAAAAAAAAAAo6P///////////////wD//////////////6wAAAAAAAAAAAAAAAAAAABI////////////////AP/////////////oEAAAAAAAAAAAAAAAAAAAAACw//////////////8A/////////////3AAAAAAAAAoxP/YPAAAAAAAAEj//////////////wD////////////4EAAAAAAACOD////YDCBAVGiAoP//////////////AP///////////7gAAAAAAABY//////////////////////////////8A////////////eAAAAAAAAJT//////////////////////////////wD///////////9MAAAAAAAAvP/IXBgABCx03P//////////////////AP///////////ygAAAAAAADcdAAAAAAAAAAEiP////////////////8A////////////FAAAAAAAAFAAAAAAAAAAAAAAcP///////////////wD///////////8AAAAAAAAAAAAAAAAAAAAAAAAAlP//////////////AP///////////wAAAAAAAAAAAAAAAAAAAAAAAAAQ8P////////////8A////////////AAAAAAAAAABAyP/kZAAAAAAAAACQ/////////////wD///////////8MAAAAAAAALPj/////WAAAAAAAAET/////////////AP///////////yQAAAAAAACY///////MAAAAAAAAFP////////////8A////////////SAAAAAAAAMD///////wAAAAAAAAA/////////////wD///////////9wAAAAAAAAvP///////wAAAAAAAAD/////////////AP///////////7QAAAAAAACI///////UAAAAAAAAJP////////////8A////////////+AwAAAAAACDw/////2wAAAAAAABY/////////////wD/////////////cAAAAAAAADC8/Ox4AAAAAAAAAKj/////////////AP/////////////oEAAAAAAAAAAAAAAAAAAAAAAk/P////////////8A//////////////+oAAAAAAAAAAAAAAAAAAAABLj//////////////wD///////////////+QAAAAAAAAAAAAAAAAAACQ////////////////AP////////////////+0JAAAAAAAAAAAAAAkuP////////////////8A///////////////////8sGg0FAAADCxgqPz//////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8=', + 'width' => 40 + ), + '7' => array( + 'data' => 'AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD///////////8AAAAAAAAAAAAAAAAAAAAAAAAAAAD/////////////AP///////////wAAAAAAAAAAAAAAAAAAAAAAAAAAAP////////////8A////////////AAAAAAAAAAAAAAAAAAAAAAAAAAAA/////////////wD///////////8AAAAAAAAAAAAAAAAAAAAAAAAAAAD/////////////AP///////////wAAAAAAAAAAAAAAAAAAAAAAAAAABP////////////8A////////////AAAAAAAAAAAAAAAAAAAAAAAAAAy4/////////////wD//////////////////////////+QUAAAAAAAEuP//////////////AP/////////////////////////8QAAAAAAAAKT///////////////8A/////////////////////////4wAAAAAAAB0/////////////////wD////////////////////////cCAAAAAAANPz/////////////////AP///////////////////////0QAAAAAAATY//////////////////8A//////////////////////+0AAAAAAAAeP///////////////////wD//////////////////////CQAAAAAABTw////////////////////AP////////////////////+gAAAAAAAAkP////////////////////8A/////////////////////ywAAAAAABDw/////////////////////wD///////////////////+4AAAAAAAAbP//////////////////////AP///////////////////1wAAAAAAADQ//////////////////////8A///////////////////4DAAAAAAAMP///////////////////////wD//////////////////7QAAAAAAAB8////////////////////////AP//////////////////aAAAAAAAAMj///////////////////////8A//////////////////8oAAAAAAAM/P///////////////////////wD/////////////////8AAAAAAAAET/////////////////////////AP////////////////+0AAAAAAAAcP////////////////////////8A/////////////////4wAAAAAAACY/////////////////////////wD/////////////////WAAAAAAAAMD/////////////////////////AP////////////////80AAAAAAAA4P////////////////////////8A/////////////////xAAAAAAAAD4/////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8=', + 'width' => 40 + ), + '8' => array( + 'data' => 'AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD////////////////////IdDQUAAAEIEiA1P//////////////////AP/////////////////gRAAAAAAAAAAAAAAAROD///////////////8A////////////////0BgAAAAAAAAAAAAAAAAAEMj//////////////wD///////////////AcAAAAAAAAAAAAAAAAAAAAHPD/////////////AP//////////////hAAAAAAAAAAAAAAAAAAAAAAAhP////////////8A//////////////8sAAAAAAAAKMz/zCgAAAAAAAAs/////////////wD//////////////wAAAAAAAADM////zAAAAAAAAAD/////////////AP//////////////BAAAAAAAAP//////AAAAAAAABP////////////8A//////////////8sAAAAAAAAzP///9QAAAAAAAAw/////////////wD//////////////3wAAAAAAAAoyP/YNAAAAAAAAIT/////////////AP//////////////7BgAAAAAAAAAAAAAAAAAAAAc8P////////////8A////////////////xBgAAAAAAAAAAAAAAAAAGNj//////////////wD/////////////////tAQAAAAAAAAAAAAAAACo////////////////AP///////////////HAAAAAAAAAAAAAAAAAAAAB8//////////////8A//////////////9gAAAAAAAAAAAAAAAAAAAAAAB8/////////////wD/////////////wAAAAAAAAABk4P/UWAAAAAAAAATQ////////////AP////////////9UAAAAAAAAaP//////XAAAAAAAAGT///////////8A/////////////xgAAAAAAADg///////cAAAAAAAAJP///////////wD/////////////AAAAAAAAAP////////8AAAAAAAAA////////////AP////////////8AAAAAAAAA4P//////3AAAAAAAAAT///////////8A/////////////ygAAAAAAABg//////9cAAAAAAAALP///////////wD/////////////ZAAAAAAAAABY1P/cXAAAAAAAAABw////////////AP/////////////QAAAAAAAAAAAAAAAAAAAAAAAABNz///////////8A//////////////9gAAAAAAAAAAAAAAAAAAAAAAB0/////////////wD///////////////Q8AAAAAAAAAAAAAAAAAAAAUPz/////////////AP////////////////x4CAAAAAAAAAAAAAAAEIT8//////////////8A///////////////////smFQwGAAAABg0ZKT0/////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8=', + 'width' => 40 + ), + '9' => array( + 'data' => 'AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD///////////////////ysYCwMAAAUNGiw/P//////////////////AP////////////////+4JAAAAAAAAAAAAAAkuP////////////////8A////////////////lAQAAAAAAAAAAAAAAAAAkP///////////////wD//////////////8AEAAAAAAAAAAAAAAAAAAAAqP//////////////AP/////////////8JAAAAAAAAAAAAAAAAAAAAAAQ7P////////////8A/////////////6wAAAAAAAAAfOz8vCwAAAAAAABw/////////////wD/////////////WAAAAAAAAHD/////7BgAAAAAAAz4////////////AP////////////8kAAAAAAAA1P//////hAAAAAAAALT///////////8A/////////////wAAAAAAAAD///////+4AAAAAAAAcP///////////wD/////////////AAAAAAAAAPz//////8AAAAAAAABI////////////AP////////////8UAAAAAAAAzP//////lAAAAAAAACT///////////8A/////////////0QAAAAAAABY//////gsAAAAAAAADP///////////wD/////////////kAAAAAAAAABw5P/IPAAAAAAAAAAA////////////AP/////////////wEAAAAAAAAAAAAAAAAAAAAAAAAAD///////////8A//////////////+UAAAAAAAAAAAAAAAAAAAAAAAAAP///////////wD///////////////9wAAAAAAAAAAAAAFAAAAAAAAAU////////////AP////////////////+IBAAAAAAAAABw3AAAAAAAACj///////////8A///////////////////cdCwEABhcxP+8AAAAAAAATP///////////wD//////////////////////////////5AAAAAAAAB4////////////AP//////////////////////////////UAAAAAAAALj///////////8A//////////////+kgGxUQCAM2P///+AIAAAAAAAQ+P///////////wD//////////////0gAAAAAAAA42P/EKAAAAAAAAHD/////////////AP//////////////sAAAAAAAAAAAAAAAAAAAAAAQ6P////////////8A////////////////TAAAAAAAAAAAAAAAAAAAAKz//////////////wD////////////////oKAAAAAAAAAAAAAAAAASU////////////////AP/////////////////sUAAAAAAAAAAAAAAwxP////////////////8A////////////////////yHA0FAAADCxktP///////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8=', + 'width' => 40 + ), + 'A' => array( + 'data' => 'AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD//////////////////+QAAAAAAAAAAAAAAOT/////////////////AP//////////////////kAAAAAAAAAAAAAAAkP////////////////8A//////////////////88AAAAAAAAAAAAAAA8/////////////////wD/////////////////5AAAAAAAAAAAAAAAAADk////////////////AP////////////////+QAAAAAAAAAAAAAAAAAJD///////////////8A/////////////////zwAAAAAAAAAAAAAAAAAPP///////////////wD////////////////kAAAAAAAAAAgAAAAAAAAA5P//////////////AP///////////////5AAAAAAAAAAgAAAAAAAAACQ//////////////8A////////////////PAAAAAAAAAz8HAAAAAAAADz//////////////wD//////////////+QAAAAAAAAAWP9kAAAAAAAAANz/////////////AP//////////////kAAAAAAAAACk/7wAAAAAAAAAhP////////////8A//////////////88AAAAAAAABOz//BQAAAAAAAAw/////////////wD/////////////4AAAAAAAAAA8////ZAAAAAAAAADc////////////AP////////////+EAAAAAAAAAIj///+8AAAAAAAAAIT///////////8A/////////////zAAAAAAAAAA2P////wQAAAAAAAAMP///////////wD////////////cAAAAAAAAACT//////1wAAAAAAAAA3P//////////AP///////////4QAAAAAAAAAAAAAAAAAAAAAAAAAAACE//////////8A////////////MAAAAAAAAAAAAAAAAAAAAAAAAAAAADD//////////wD//////////9wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANz/////////AP//////////hAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAhP////////8A//////////8wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAw/////////wD/////////3AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADc////////AP////////+EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIT///////8A/////////zAAAAAAAAAAhP///////////2QAAAAAAAAAMP///////wD////////cAAAAAAAAAADM////////////vAAAAAAAAAAA3P//////AP///////4QAAAAAAAAAHP/////////////4DAAAAAAAAACE//////8A////////MAAAAAAAAABk//////////////9cAAAAAAAAADD//////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8=', + 'width' => 40 + ), + 'B' => array( + 'data' => 'AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A//////////8AAAAAAAAAAAAAAAAAAAAAEDh83P///////////////wD//////////wAAAAAAAAAAAAAAAAAAAAAAAAAEhP//////////////AP//////////AAAAAAAAAAAAAAAAAAAAAAAAAAAAeP////////////8A//////////8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAxP///////////wD//////////wAAAAAAAAAAAAAAAAAAAAAAAAAAAABY////////////AP//////////AAAAAAAAAAAAAAAAAAAAAAAAAAAAABT///////////8A//////////8AAAAAAAAAAP/////4zEwAAAAAAAAAAP///////////wD//////////wAAAAAAAAAA////////7AAAAAAAAAAQ////////////AP//////////AAAAAAAAAAD////////sAAAAAAAAAEj///////////8A//////////8AAAAAAAAAAP/////4zEQAAAAAAAAAtP///////////wD//////////wAAAAAAAAAAAAAAAAAAAAAAAAAAAFz/////////////AP//////////AAAAAAAAAAAAAAAAAAAAAAAAAAiA/P////////////8A//////////8AAAAAAAAAAAAAAAAAAAAAAAAIjPj//////////////wD//////////wAAAAAAAAAAAAAAAAAAAAAAAAAAGKz/////////////AP//////////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAJT///////////8A//////////8AAAAAAAAAAAAAAAAAAAAAAAAAAAAABNz//////////wD//////////wAAAAAAAAAA///////sqCAAAAAAAAAAbP//////////AP//////////AAAAAAAAAAD/////////yAAAAAAAAAAs//////////8A//////////8AAAAAAAAAAP//////////AAAAAAAAAAT//////////wD//////////wAAAAAAAAAA/////////7wAAAAAAAAAAP//////////AP//////////AAAAAAAAAAD//////+ikGAAAAAAAAAAY//////////8A//////////8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFT//////////wD//////////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsP//////////AP//////////AAAAAAAAAAAAAAAAAAAAAAAAAAAAADj///////////8A//////////8AAAAAAAAAAAAAAAAAAAAAAAAAAAAc6P///////////wD//////////wAAAAAAAAAAAAAAAAAAAAAAAAAATOj/////////////AP//////////AAAAAAAAAAAAAAAAAAAEIEBkkNj///////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8=', + 'width' => 40 + ), + 'C' => array( + 'data' => 'AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP//////////////////5JRULBAAAAgkTIDQ//////////////////8A////////////////1FAAAAAAAAAAAAAAAABAyP///////////////wD//////////////4gEAAAAAAAAAAAAAAAAAAAElP//////////////AP////////////9wAAAAAAAAAAAAAAAAAAAAAAAAlP////////////8A////////////kAAAAAAAAAAAAAAAAAAAAAAAAAAEyP///////////wD//////////9wIAAAAAAAAAAAAAAAAAAAAAAAAAAAw////////////AP//////////WAAAAAAAAAAAWMz/8JwQAAAAAAAAAACw//////////8A/////////+wEAAAAAAAAAID//////9QMAAAAAAAAAET//////////wD/////////nAAAAAAAAAAo/P///////3wAAAAABDBspP//////////AP////////9gAAAAAAAAAIz/////////3BxQjMT0//////////////8A/////////zQAAAAAAAAAzP///////////////////////////////wD/////////GAAAAAAAAADo////////////////////////////////AP////////8AAAAAAAAAAP////////////////////////////////8A/////////wAAAAAAAAAA/////////////////////////////////wD/////////AAAAAAAAAAD/////////////////////////////////AP////////8cAAAAAAAAAOj///////////////////////////////8A/////////zgAAAAAAAAA0P/////////kIGio7P///////////////wD/////////bAAAAAAAAACg/////////5wAAAAAMHS49P//////////AP////////+oAAAAAAAAAEz/////////PAAAAAAAAAAc//////////8A//////////QIAAAAAAAAALz//////6QAAAAAAAAAAGT//////////wD//////////3AAAAAAAAAADIzo/+SEBAAAAAAAAAAAyP//////////AP//////////7BAAAAAAAAAAAAAAAAAAAAAAAAAAAED///////////8A////////////rAAAAAAAAAAAAAAAAAAAAAAAAAAE0P///////////wD/////////////fAAAAAAAAAAAAAAAAAAAAAAAAJz/////////////AP//////////////iAQAAAAAAAAAAAAAAAAAAASY//////////////8A////////////////yEAAAAAAAAAAAAAAAAA8yP///////////////wD//////////////////9yIUCwQAAAAIEB4yP//////////////////AP////////////////////////////////////////////////////8=', + 'width' => 40 + ), + 'D' => array( + 'data' => 'AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD///////////8AAAAAAAAAAAAAAAAADChQkOT/////////////////AP///////////wAAAAAAAAAAAAAAAAAAAAAABGjw//////////////8A////////////AAAAAAAAAAAAAAAAAAAAAAAAACDY/////////////wD///////////8AAAAAAAAAAAAAAAAAAAAAAAAAABjk////////////AP///////////wAAAAAAAAAAAAAAAAAAAAAAAAAAAED///////////8A////////////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAKj//////////wD///////////8AAAAAAAAAAP///+isSAAAAAAAAAAANP//////////AP///////////wAAAAAAAAAA////////hAAAAAAAAAAA2P////////8A////////////AAAAAAAAAAD/////////MAAAAAAAAACQ/////////wD///////////8AAAAAAAAAAP////////+MAAAAAAAAAFj/////////AP///////////wAAAAAAAAAA/////////8gAAAAAAAAAMP////////8A////////////AAAAAAAAAAD/////////5AAAAAAAAAAY/////////wD///////////8AAAAAAAAAAP//////////AAAAAAAAAAD/////////AP///////////wAAAAAAAAAA//////////8AAAAAAAAAAP////////8A////////////AAAAAAAAAAD//////////wAAAAAAAAAA/////////wD///////////8AAAAAAAAAAP/////////wAAAAAAAAABD/////////AP///////////wAAAAAAAAAA/////////9QAAAAAAAAAJP////////8A////////////AAAAAAAAAAD/////////qAAAAAAAAABI/////////wD///////////8AAAAAAAAAAP////////9QAAAAAAAAAHj/////////AP///////////wAAAAAAAAAA////////uAAAAAAAAAAAvP////////8A////////////AAAAAAAAAAD////w0HwEAAAAAAAAACT8/////////wD///////////8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAoP//////////AP///////////wAAAAAAAAAAAAAAAAAAAAAAAAAAADz8//////////8A////////////AAAAAAAAAAAAAAAAAAAAAAAAAAAY6P///////////wD///////////8AAAAAAAAAAAAAAAAAAAAAAAAAKNz/////////////AP///////////wAAAAAAAAAAAAAAAAAAAAAACHT0//////////////8A////////////AAAAAAAAAAAAAAAAABg4bKj0/////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8=', + 'width' => 40 + ), + 'E' => array( + 'data' => 'AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP//////////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAP////////////8A//////////8AAAAAAAAAAAAAAAAAAAAAAAAAAAAA/////////////wD//////////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/////////////AP//////////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAP////////////8A//////////8AAAAAAAAAAAAAAAAAAAAAAAAAAAAA/////////////wD//////////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/////////////AP//////////AAAAAAAAAAD///////////////////////////////8A//////////8AAAAAAAAAAP///////////////////////////////wD//////////wAAAAAAAAAA////////////////////////////////AP//////////AAAAAAAAAAD///////////////////////////////8A//////////8AAAAAAAAAAAAAAAAAAAAAAAAAAAD//////////////wD//////////wAAAAAAAAAAAAAAAAAAAAAAAAAAAP//////////////AP//////////AAAAAAAAAAAAAAAAAAAAAAAAAAAA//////////////8A//////////8AAAAAAAAAAAAAAAAAAAAAAAAAAAD//////////////wD//////////wAAAAAAAAAAAAAAAAAAAAAAAAAAAP//////////////AP//////////AAAAAAAAAAAAAAAAAAAAAAAAAAAA//////////////8A//////////8AAAAAAAAAAP///////////////////////////////wD//////////wAAAAAAAAAA////////////////////////////////AP//////////AAAAAAAAAAD///////////////////////////////8A//////////8AAAAAAAAAAP///////////////////////////////wD//////////wAAAAAAAAAA////////////////////////////////AP//////////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAP////////////8A//////////8AAAAAAAAAAAAAAAAAAAAAAAAAAAAA/////////////wD//////////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/////////////AP//////////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAP////////////8A//////////8AAAAAAAAAAAAAAAAAAAAAAAAAAAAA/////////////wD//////////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/////////////AP////////////////////////////////////////////////////8=', + 'width' => 40 + ), + 'F' => array( + 'data' => 'AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////wAAAAAAAAAAAAAAAAAAAAAAAAAA/////////////wD/////////////AAAAAAAAAAAAAAAAAAAAAAAAAAD/////////////AP////////////8AAAAAAAAAAAAAAAAAAAAAAAAAAP////////////8A/////////////wAAAAAAAAAAAAAAAAAAAAAAAAAA/////////////wD/////////////AAAAAAAAAAAAAAAAAAAAAAAAAAD/////////////AP////////////8AAAAAAAAAAAAAAAAAAAAAAAAAAP////////////8A/////////////wAAAAAAAAAA/////////////////////////////wD/////////////AAAAAAAAAAD/////////////////////////////AP////////////8AAAAAAAAAAP////////////////////////////8A/////////////wAAAAAAAAAA/////////////////////////////wD/////////////AAAAAAAAAAAAAAAAAAAAAAAA////////////////AP////////////8AAAAAAAAAAAAAAAAAAAAAAAD///////////////8A/////////////wAAAAAAAAAAAAAAAAAAAAAAAP///////////////wD/////////////AAAAAAAAAAAAAAAAAAAAAAAA////////////////AP////////////8AAAAAAAAAAAAAAAAAAAAAAAD///////////////8A/////////////wAAAAAAAAAAAAAAAAAAAAAAAP///////////////wD/////////////AAAAAAAAAAD/////////////////////////////AP////////////8AAAAAAAAAAP////////////////////////////8A/////////////wAAAAAAAAAA/////////////////////////////wD/////////////AAAAAAAAAAD/////////////////////////////AP////////////8AAAAAAAAAAP////////////////////////////8A/////////////wAAAAAAAAAA/////////////////////////////wD/////////////AAAAAAAAAAD/////////////////////////////AP////////////8AAAAAAAAAAP////////////////////////////8A/////////////wAAAAAAAAAA/////////////////////////////wD/////////////AAAAAAAAAAD/////////////////////////////AP////////////8AAAAAAAAAAP////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8=', + 'width' => 40 + ), + 'G' => array( + 'data' => 'AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD//////////////////MB8TCgQAAAACCA4YJzs////////////////AP///////////////JQcAAAAAAAAAAAAAAAAAAhw8P////////////8A/////////////9gwAAAAAAAAAAAAAAAAAAAAAAAk2P///////////wD////////////EDAAAAAAAAAAAAAAAAAAAAAAAAAAc7P//////////AP//////////2AwAAAAAAAAAAAAAAAAAAAAAAAAAAABY//////////8A//////////wwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQ/////////wD/////////kAAAAAAAAAAAEHzQ/P/gmCAAAAAAAAAAAFz/////////AP////////wcAAAAAAAAACjg////////8CwAAAAAAAAgWP////////8A////////vAAAAAAAAAAI2P//////////yBRAcJjI8P///////////wD///////94AAAAAAAAAGD/////////////////////////////////AP///////0AAAAAAAAAAsP////////////////////////////////8A////////IAAAAAAAAADc/////////////////////////////////wD///////8AAAAAAAAAAP///////wAAAAAAAAAAAAAAAAD/////////AP///////wAAAAAAAAAA////////AAAAAAAAAAAAAAAAAP////////8A////////AAAAAAAAAAD///////8AAAAAAAAAAAAAAAAA/////////wD///////8gAAAAAAAAAOD//////wAAAAAAAAAAAAAAAAD/////////AP///////0AAAAAAAAAAtP//////AAAAAAAAAAAAAAAAAP////////8A////////cAAAAAAAAABw//////8AAAAAAAAAAAAAAAAA/////////wD///////+8AAAAAAAAABDs////////////AAAAAAAAAAD/////////AP////////wYAAAAAAAAADz0//////////AAAAAAAAAAAP////////8A/////////5AAAAAAAAAAACCY4P//3KhcCAAAAAAAAAAA/////////wD/////////+CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/////////AP//////////xAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIP////////8A////////////rAQAAAAAAAAAAAAAAAAAAAAAAAAAAGTw/////////wD/////////////vBQAAAAAAAAAAAAAAAAAAAAAADjI////////////AP//////////////8HAQAAAAAAAAAAAAAAAAAEiw//////////////8A//////////////////iwcEAgBAAABCA4aKDk/////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8=', + 'width' => 40 + ), + 'H' => array( + 'data' => 'AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////8AAAAAAAAAAP///////////wAAAAAAAAAA//////////8A/////////wAAAAAAAAAA////////////AAAAAAAAAAD//////////wD/////////AAAAAAAAAAD///////////8AAAAAAAAAAP//////////AP////////8AAAAAAAAAAP///////////wAAAAAAAAAA//////////8A/////////wAAAAAAAAAA////////////AAAAAAAAAAD//////////wD/////////AAAAAAAAAAD///////////8AAAAAAAAAAP//////////AP////////8AAAAAAAAAAP///////////wAAAAAAAAAA//////////8A/////////wAAAAAAAAAA////////////AAAAAAAAAAD//////////wD/////////AAAAAAAAAAD///////////8AAAAAAAAAAP//////////AP////////8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA//////////8A/////////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD//////////wD/////////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP//////////AP////////8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA//////////8A/////////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD//////////wD/////////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP//////////AP////////8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA//////////8A/////////wAAAAAAAAAA////////////AAAAAAAAAAD//////////wD/////////AAAAAAAAAAD///////////8AAAAAAAAAAP//////////AP////////8AAAAAAAAAAP///////////wAAAAAAAAAA//////////8A/////////wAAAAAAAAAA////////////AAAAAAAAAAD//////////wD/////////AAAAAAAAAAD///////////8AAAAAAAAAAP//////////AP////////8AAAAAAAAAAP///////////wAAAAAAAAAA//////////8A/////////wAAAAAAAAAA////////////AAAAAAAAAAD//////////wD/////////AAAAAAAAAAD///////////8AAAAAAAAAAP//////////AP////////8AAAAAAAAAAP///////////wAAAAAAAAAA//////////8A/////////wAAAAAAAAAA////////////AAAAAAAAAAD//////////wD/////////AAAAAAAAAAD///////////8AAAAAAAAAAP//////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8=', + 'width' => 40 + ), + 'I' => array( + 'data' => 'AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////AAAAAAAAAAAAAAAAAAAAAAAA////////////////AP////////////8AAAAAAAAAAAAAAAAAAAAAAAD///////////////8A/////////////wAAAAAAAAAAAAAAAAAAAAAAAP///////////////wD/////////////AAAAAAAAAAAAAAAAAAAAAAAA////////////////AP////////////8AAAAAAAAAAAAAAAAAAAAAAAD///////////////8A/////////////wAAAAAAAAAAAAAAAAAAAAAAAP///////////////wD/////////////AAAAAAAAAAAAAAAAAAAAAAAA////////////////AP///////////////////wAAAAAAAAAA//////////////////////8A////////////////////AAAAAAAAAAD//////////////////////wD///////////////////8AAAAAAAAAAP//////////////////////AP///////////////////wAAAAAAAAAA//////////////////////8A////////////////////AAAAAAAAAAD//////////////////////wD///////////////////8AAAAAAAAAAP//////////////////////AP///////////////////wAAAAAAAAAA//////////////////////8A////////////////////AAAAAAAAAAD//////////////////////wD///////////////////8AAAAAAAAAAP//////////////////////AP///////////////////wAAAAAAAAAA//////////////////////8A////////////////////AAAAAAAAAAD//////////////////////wD///////////////////8AAAAAAAAAAP//////////////////////AP///////////////////wAAAAAAAAAA//////////////////////8A////////////////////AAAAAAAAAAD//////////////////////wD///////////////////8AAAAAAAAAAP//////////////////////AP////////////8AAAAAAAAAAAAAAAAAAAAAAAD///////////////8A/////////////wAAAAAAAAAAAAAAAAAAAAAAAP///////////////wD/////////////AAAAAAAAAAAAAAAAAAAAAAAA////////////////AP////////////8AAAAAAAAAAAAAAAAAAAAAAAD///////////////8A/////////////wAAAAAAAAAAAAAAAAAAAAAAAP///////////////wD/////////////AAAAAAAAAAAAAAAAAAAAAAAA////////////////AP////////////8AAAAAAAAAAAAAAAAAAAAAAAD///////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8=', + 'width' => 40 + ), + 'J' => array( + 'data' => 'AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP///////////////////////////wAAAAAAAAAA//////////////8A////////////////////////////AAAAAAAAAAD//////////////wD///////////////////////////8AAAAAAAAAAP//////////////AP///////////////////////////wAAAAAAAAAA//////////////8A////////////////////////////AAAAAAAAAAD//////////////wD///////////////////////////8AAAAAAAAAAP//////////////AP///////////////////////////wAAAAAAAAAA//////////////8A////////////////////////////AAAAAAAAAAD//////////////wD///////////////////////////8AAAAAAAAAAP//////////////AP///////////////////////////wAAAAAAAAAA//////////////8A////////////////////////////AAAAAAAAAAD//////////////wD///////////////////////////8AAAAAAAAAAP//////////////AP///////////////////////////wAAAAAAAAAA//////////////8A////////////////////////////AAAAAAAAAAD//////////////wD///////////////////////////8AAAAAAAAAAP//////////////AP///////////////////////////wAAAAAAAAAA//////////////8A////////////////////////////AAAAAAAAAAj//////////////wD//////////+zMrIxwUDAQ//////wAAAAAAAAAIP//////////////AP//////////DAAAAAAAAADo////2AAAAAAAAAA0//////////////8A//////////8wAAAAAAAAAKj///+YAAAAAAAAAFj//////////////wD//////////2gAAAAAAAAAIND/yBgAAAAAAAAAkP//////////////AP//////////vAAAAAAAAAAAAAAAAAAAAAAAAADc//////////////8A////////////MAAAAAAAAAAAAAAAAAAAAAAAUP///////////////wD////////////EBAAAAAAAAAAAAAAAAAAAABjk////////////////AP////////////+sBAAAAAAAAAAAAAAAAAAY2P////////////////8A///////////////EMAAAAAAAAAAAAAAAVOj//////////////////wD/////////////////vHBAIAAAABg8fNT/////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8=', + 'width' => 40 + ), + 'K' => array( + 'data' => 'AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD///////8AAAAAAAAAAP//////////wAQAAAAAAAAAAABw////////AP///////wAAAAAAAAAA/////////9AMAAAAAAAAAAAAcP////////8A////////AAAAAAAAAAD////////cGAAAAAAAAAAAAHD//////////wD///////8AAAAAAAAAAP//////6CgAAAAAAAAAAABs////////////AP///////wAAAAAAAAAA//////Q0AAAAAAAAAAAAVPz///////////8A////////AAAAAAAAAAD////8RAAAAAAAAAAAAFT8/////////////wD///////8AAAAAAAAAAP///1gAAAAAAAAAAABU/P//////////////AP///////wAAAAAAAAAA//9wAAAAAAAAAAAASPz///////////////8A////////AAAAAAAAAAD/jAAAAAAAAAAAADz0/////////////////wD///////8AAAAAAAAAAKQAAAAAAAAAAAA89P//////////////////AP///////wAAAAAAAAAABAAAAAAAAAAAFPT///////////////////8A////////AAAAAAAAAAAAAAAAAAAAAAAApP///////////////////wD///////8AAAAAAAAAAAAAAAAAAAAAAAAU8P//////////////////AP///////wAAAAAAAAAAAAAAAAAAAAAAAABk//////////////////8A////////AAAAAAAAAAAAAAAAAAAAAAAAAADE/////////////////wD///////8AAAAAAAAAAAAAAAAoEAAAAAAAACz8////////////////AP///////wAAAAAAAAAAAAAAGNiAAAAAAAAAAIj///////////////8A////////AAAAAAAAAAAAABjY//gYAAAAAAAACOD//////////////wD///////8AAAAAAAAAAAAY2P///5wAAAAAAAAASP//////////////AP///////wAAAAAAAAAAGNj//////CgAAAAAAAAAqP////////////8A////////AAAAAAAAAADI////////sAAAAAAAAAAc8P///////////wD///////8AAAAAAAAAAP//////////QAAAAAAAAABs////////////AP///////wAAAAAAAAAA///////////IAAAAAAAAAATI//////////8A////////AAAAAAAAAAD///////////9YAAAAAAAAADD8/////////wD///////8AAAAAAAAAAP///////////9wEAAAAAAAAAJD/////////AP///////wAAAAAAAAAA/////////////3AAAAAAAAAADOT///////8A////////AAAAAAAAAAD/////////////7BAAAAAAAAAAUP///////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8=', + 'width' => 40 + ), + 'L' => array( + 'data' => 'AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////8AAAAAAAAAAP////////////////////////////8A/////////////wAAAAAAAAAA/////////////////////////////wD/////////////AAAAAAAAAAD/////////////////////////////AP////////////8AAAAAAAAAAP////////////////////////////8A/////////////wAAAAAAAAAA/////////////////////////////wD/////////////AAAAAAAAAAD/////////////////////////////AP////////////8AAAAAAAAAAP////////////////////////////8A/////////////wAAAAAAAAAA/////////////////////////////wD/////////////AAAAAAAAAAD/////////////////////////////AP////////////8AAAAAAAAAAP////////////////////////////8A/////////////wAAAAAAAAAA/////////////////////////////wD/////////////AAAAAAAAAAD/////////////////////////////AP////////////8AAAAAAAAAAP////////////////////////////8A/////////////wAAAAAAAAAA/////////////////////////////wD/////////////AAAAAAAAAAD/////////////////////////////AP////////////8AAAAAAAAAAP////////////////////////////8A/////////////wAAAAAAAAAA/////////////////////////////wD/////////////AAAAAAAAAAD/////////////////////////////AP////////////8AAAAAAAAAAP////////////////////////////8A/////////////wAAAAAAAAAA/////////////////////////////wD/////////////AAAAAAAAAAAAAAAAAAAAAAAAAAD/////////////AP////////////8AAAAAAAAAAAAAAAAAAAAAAAAAAP////////////8A/////////////wAAAAAAAAAAAAAAAAAAAAAAAAAA/////////////wD/////////////AAAAAAAAAAAAAAAAAAAAAAAAAAD/////////////AP////////////8AAAAAAAAAAAAAAAAAAAAAAAAAAP////////////8A/////////////wAAAAAAAAAAAAAAAAAAAAAAAAAA/////////////wD/////////////AAAAAAAAAAAAAAAAAAAAAAAAAAD/////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8=', + 'width' => 40 + ), + 'M' => array( + 'data' => 'AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A//////8AAAAAAAAAAAAAAHz//////3wAAAAAAAAAAAAAAP///////wD//////wAAAAAAAAAAAAAATP//////UAAAAAAAAAAAAAAA////////AP//////AAAAAAAAAAAAAAAc//////8cAAAAAAAAAAAAAAD///////8A//////8AAAAAAAAAAAAAAADw////8AAAAAAAAAAAAAAAAP///////wD//////wAAAAAAAAAAAAAAALz////AAAAAAAAAAAAAAAAA////////AP//////AAAAAAAAAAAAAAAAkP///5AAAAAAAAAAAAAAAAD///////8A//////8AAAAAAAAAAAAAAABc////ZAAAAAAAAAAAAAAAAP///////wD//////wAAAAAAAAAoAAAAADD///8wAAAAACQAAAAAAAAA////////AP//////AAAAAAAAAFwAAAAABPz//AgAAAAAXAAAAAAAAAD///////8A//////8AAAAAAAAAkAAAAAAA0P/UAAAAAACQAAAAAAAAAP///////wD//////wAAAAAAAADMAAAAAACg/6gAAAAAAMQAAAAAAAAA////////AP//////AAAAAAAAAPgEAAAAAHD/dAAAAAAE+AAAAAAAAAD///////8A//////8AAAAAAAAA/zQAAAAAQP9IAAAAADD/AAAAAAAAAP///////wD//////wAAAAAAAAD/bAAAAAAQ/xQAAAAAaP8AAAAAAAAA////////AP//////AAAAAAAAAP+gAAAAAADQAAAAAACc/wAAAAAAAAD///////8A//////8AAAAAAAAA/9QAAAAAAGgAAAAAAND/AAAAAAAAAP///////wD//////wAAAAAAAAD//wwAAAAAFAAAAAAM/P8AAAAAAAAA////////AP//////AAAAAAAAAP//RAAAAAAAAAAAADz//wAAAAAAAAD///////8A//////8AAAAAAAAA//94AAAAAAAAAAAAcP//AAAAAAAAAP///////wD//////wAAAAAAAAD//7AAAAAAAAAAAACo//8AAAAAAAAA////////AP//////AAAAAAAAAP//5AAAAAAAAAAAANz//wAAAAAAAAD///////8A//////8AAAAAAAAA////HAAAAAAAAAAQ////AAAAAAAAAP///////wD//////wAAAAAAAAD///9QAAAAAAAAAEz///8AAAAAAAAA////////AP//////AAAAAAAAAP///4gAAAAAAAAAfP///wAAAAAAAAD///////8A//////8AAAAAAAAA////vAAAAAAAAACw////AAAAAAAAAP///////wD//////wAAAAAAAAD////wAAAAAAAAAOz///8AAAAAAAAA////////AP//////AAAAAAAAAP////8sAAAAAAAc/////wAAAAAAAAD///////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8=', + 'width' => 40 + ), + 'N' => array( + 'data' => 'AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////AAAAAAAAALD/////////////AAAAAAAAAP//////////AP////////8AAAAAAAAAFOj///////////8AAAAAAAAA//////////8A/////////wAAAAAAAAAASP///////////wAAAAAAAAD//////////wD/////////AAAAAAAAAAAAkP//////////AAAAAAAAAP//////////AP////////8AAAAAAAAAAAAI1P////////8AAAAAAAAA//////////8A/////////wAAAAAAAAAAAAAw+P///////wAAAAAAAAD//////////wD/////////AAAAAAAAAAAAAABw////////AAAAAAAAAP//////////AP////////8AAAAAAAAAAAAAAAC8//////8AAAAAAAAA//////////8A/////////wAAAAAAAAAAAAAAABzs/////wAAAAAAAAD//////////wD/////////AAAAAAAAAAAAAAAAAFD/////AAAAAAAAAP//////////AP////////8AAAAAAAAAAAAAAAAAAJz///8AAAAAAAAA//////////8A/////////wAAAAAAAAAUAAAAAAAADNz//wAAAAAAAAD//////////wD/////////AAAAAAAAALQAAAAAAAAANPz/AAAAAAAAAP//////////AP////////8AAAAAAAAA/2wAAAAAAAAAfP8AAAAAAAAA//////////8A/////////wAAAAAAAAD/+CwAAAAAAAAExAAAAAAAAAD//////////wD/////////AAAAAAAAAP//0AQAAAAAAAAgAAAAAAAAAP//////////AP////////8AAAAAAAAA////jAAAAAAAAAAAAAAAAAAA//////////8A/////////wAAAAAAAAD/////RAAAAAAAAAAAAAAAAAD//////////wD/////////AAAAAAAAAP/////kFAAAAAAAAAAAAAAAAP//////////AP////////8AAAAAAAAA//////+sAAAAAAAAAAAAAAAA//////////8A/////////wAAAAAAAAD///////9kAAAAAAAAAAAAAAD//////////wD/////////AAAAAAAAAP////////QkAAAAAAAAAAAAAP//////////AP////////8AAAAAAAAA/////////8wEAAAAAAAAAAAA//////////8A/////////wAAAAAAAAD//////////4QAAAAAAAAAAAD//////////wD/////////AAAAAAAAAP///////////DwAAAAAAAAAAP//////////AP////////8AAAAAAAAA////////////4BAAAAAAAAAA//////////8A/////////wAAAAAAAAD/////////////qAAAAAAAAAD//////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8=', + 'width' => 40 + ), + 'O' => array( + 'data' => 'AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A///////////////////0qGw4HAAAABw4aKT0/////////////////wD////////////////wcAwAAAAAAAAAAAAAAAho6P//////////////AP//////////////uBQAAAAAAAAAAAAAAAAAAAAMoP////////////8A/////////////6AEAAAAAAAAAAAAAAAAAAAAAAAAkP///////////wD///////////+4BAAAAAAAAAAAAAAAAAAAAAAAAAAAoP//////////AP//////////8BQAAAAAAAAAAAAAAAAAAAAAAAAAAAAM5P////////8A//////////9wAAAAAAAAAAAsrPD/7KQsAAAAAAAAAABg/////////wD/////////+BAAAAAAAAAAUPj///////hQAAAAAAAAAAjs////////AP////////+sAAAAAAAAABDw//////////AYAAAAAAAAAKD///////8A/////////2wAAAAAAAAAdP///////////3wAAAAAAAAAYP///////wD/////////OAAAAAAAAAC4////////////xAAAAAAAAAAw////////AP////////8cAAAAAAAAAOD////////////oAAAAAAAAABT///////8A/////////wAAAAAAAAAA//////////////8AAAAAAAAAAP///////wD/////////AAAAAAAAAAD//////////////wAAAAAAAAAA////////AP////////8AAAAAAAAAAP/////////////8AAAAAAAAAAD///////8A/////////xwAAAAAAAAA5P///////////+AAAAAAAAAAHP///////wD/////////NAAAAAAAAAC8////////////uAAAAAAAAAA4////////AP////////9oAAAAAAAAAHj///////////98AAAAAAAAAGT///////8A/////////6gAAAAAAAAAGPD/////////+BgAAAAAAAAApP///////wD/////////9AwAAAAAAAAAUPz///////xcAAAAAAAAAAjs////////AP//////////cAAAAAAAAAAALKjs//CwOAAAAAAAAAAAYP////////8A///////////wFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAzk/////////wD///////////+4BAAAAAAAAAAAAAAAAAAAAAAAAAAAoP//////////AP////////////+QAAAAAAAAAAAAAAAAAAAAAAAAAJD///////////8A//////////////+sEAAAAAAAAAAAAAAAAAAAAAyg/////////////wD////////////////oZAgAAAAAAAAAAAAAAARg4P//////////////AP//////////////////9KhsOCAAAAAUMFyc7P////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8=', + 'width' => 40 + ), + 'P' => array( + 'data' => 'AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP///////////wAAAAAAAAAAAAAAAAAACCxguP////////////////8A////////////AAAAAAAAAAAAAAAAAAAAAAAAOOD//////////////wD///////////8AAAAAAAAAAAAAAAAAAAAAAAAAGOD/////////////AP///////////wAAAAAAAAAAAAAAAAAAAAAAAAAARP////////////8A////////////AAAAAAAAAAAAAAAAAAAAAAAAAAAAxP///////////wD///////////8AAAAAAAAAAAAAAAAAAAAAAAAAAABo////////////AP///////////wAAAAAAAAAA////6JwMAAAAAAAAADD///////////8A////////////AAAAAAAAAAD//////6AAAAAAAAAADP///////////wD///////////8AAAAAAAAAAP//////9AAAAAAAAAAA////////////AP///////////wAAAAAAAAAA///////0AAAAAAAAAAD///////////8A////////////AAAAAAAAAAD//////5gAAAAAAAAAHP///////////wD///////////8AAAAAAAAAAP///9iICAAAAAAAAABI////////////AP///////////wAAAAAAAAAAAAAAAAAAAAAAAAAAAJD///////////8A////////////AAAAAAAAAAAAAAAAAAAAAAAAAAAI6P///////////wD///////////8AAAAAAAAAAAAAAAAAAAAAAAAAAIT/////////////AP///////////wAAAAAAAAAAAAAAAAAAAAAAAABU/P////////////8A////////////AAAAAAAAAAAAAAAAAAAAAAAIhPz//////////////wD///////////8AAAAAAAAAAAAAAAAABCRMkOz/////////////////AP///////////wAAAAAAAAAA//////////////////////////////8A////////////AAAAAAAAAAD//////////////////////////////wD///////////8AAAAAAAAAAP//////////////////////////////AP///////////wAAAAAAAAAA//////////////////////////////8A////////////AAAAAAAAAAD//////////////////////////////wD///////////8AAAAAAAAAAP//////////////////////////////AP///////////wAAAAAAAAAA//////////////////////////////8A////////////AAAAAAAAAAD//////////////////////////////wD///////////8AAAAAAAAAAP//////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8=', + 'width' => 40 + ), + 'Q' => array( + 'data' => 'AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////SoaDQcAAAAHDhoqPT///////////////////8A//////////////BwDAAAAAAAAAAAAAAACHDo/////////////////wD///////////+4FAAAAAAAAAAAAAAAAAAAABCo////////////////AP//////////nAQAAAAAAAAAAAAAAAAAAAAAAACQ//////////////8A/////////7gEAAAAAAAAAAAAAAAAAAAAAAAAAACg/////////////wD////////wFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAzo////////////AP///////3AAAAAAAAAAACyo8P/sqCwAAAAAAAAAAGT///////////8A///////4EAAAAAAAAABM+P///////FQAAAAAAAAACPT//////////wD//////7AAAAAAAAAAFPD/////////9BgAAAAAAAAApP//////////AP//////bAAAAAAAAAB4////////////fAAAAAAAAABk//////////8A//////84AAAAAAAAALz///////////+8AAAAAAAAADT//////////wD//////xwAAAAAAAAA6P///////////+QAAAAAAAAAHP//////////AP//////AAAAAAAAAAD//////////////wAAAAAAAAAA//////////8A//////8AAAAAAAAAAP//////////////AAAAAAAAAAD//////////wD//////wAAAAAAAAAA/P////////////8AAAAAAAAAAP//////////AP//////GAAAAAAAAADg////////////4AAAAAAAAAAc//////////8A//////84AAAAAAAAALT////MJHTo//+8AAAAAAAAADT//////////wD//////2wAAAAAAAAAdP///2AAABCg/3wAAAAAAAAAZP//////////AP//////rAAAAAAAAAAY9P/sCAAAAABMGAAAAAAAAACk//////////8A///////4EAAAAAAAAABU/P+0OAAAAAAAAAAAAAAACPT//////////wD///////94AAAAAAAAAAA4sPD/gAAAAAAAAAAAAABk////////////AP////////AcAAAAAAAAAAAAAAAAAAAAAAAAAAAADOT///////////8A/////////7wEAAAAAAAAAAAAAAAAAAAAAAAAAACQ/////////////wD//////////6wEAAAAAAAAAAAAAAAAAAAAAAAAABSs////////////AP///////////7gUAAAAAAAAAAAAAAAAAAAAAAAAAABAwP////////8A//////////////BwDAAAAAAAAAAAAAAABAgAAAAAAAA8/////////wD////////////////0qGg0GAAAABgwXJjkxBgAAAAAALD/////////AP//////////////////////////////////5DQAAAAk/P////////8A////////////////////////////////////+GwAAJD//////////wD//////////////////////////////////////8A49P//////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8=', + 'width' => 40 + ), + 'R' => array( + 'data' => 'AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////wAAAAAAAAAAAAAAAAAAAAQgOGSk+P///////////////wD/////////AAAAAAAAAAAAAAAAAAAAAAAAAAAcuP//////////////AP////////8AAAAAAAAAAAAAAAAAAAAAAAAAAAAEsP////////////8A/////////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQ6P///////////wD/////////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB8////////////AP////////8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAADD///////////8A/////////wAAAAAAAAAA///////svDgAAAAAAAAACP///////////wD/////////AAAAAAAAAAD/////////7AAAAAAAAAAA////////////AP////////8AAAAAAAAAAP/////////cAAAAAAAAABD///////////8A/////////wAAAAAAAAAA//////DQoCQAAAAAAAAAQP///////////wD/////////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAACU////////////AP////////8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAIPj///////////8A/////////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAzU/////////////wD/////////AAAAAAAAAAAAAAAAAAAAAAAAAAA02P//////////////AP////////8AAAAAAAAAAAAAAAAAAAAAAAxctPz///////////////8A/////////wAAAAAAAAAAAAAAAAAAAAAAAEDY/////////////////wD/////////AAAAAAAAAAD/9LAsAAAAAAAAAAzc////////////////AP////////8AAAAAAAAAAP///+wkAAAAAAAAADD8//////////////8A/////////wAAAAAAAAAA/////8QAAAAAAAAAAJD//////////////wD/////////AAAAAAAAAAD//////1QAAAAAAAAAFPD/////////////AP////////8AAAAAAAAAAP//////3AQAAAAAAAAAgP////////////8A/////////wAAAAAAAAAA////////aAAAAAAAAAAM6P///////////wD/////////AAAAAAAAAAD////////oCAAAAAAAAABs////////////AP////////8AAAAAAAAAAP////////+AAAAAAAAAAATc//////////8A/////////wAAAAAAAAAA//////////AUAAAAAAAAAFj//////////wD/////////AAAAAAAAAAD//////////5AAAAAAAAAAAND/////////AP////////8AAAAAAAAAAP//////////+CQAAAAAAAAAQP////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8=', + 'width' => 40 + ), + 'S' => array( + 'data' => 'AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP/////////////////8vHBEIAgAAAQgQHC8/P////////////////8A////////////////pCQAAAAAAAAAAAAAAAAcoP///////////////wD//////////////FwAAAAAAAAAAAAAAAAAAAAAXP//////////////AP////////////9oAAAAAAAAAAAAAAAAAAAAAAAAhP////////////8A////////////zAAAAAAAAAAAAAAAAAAAAAAAAAAI6P///////////wD///////////9cAAAAAAAAAAAAAAAAAAAAAAAAAACA////////////AP///////////xgAAAAAAAAAUOD/8KwkAAAAAAAAADj///////////8A////////////AAAAAAAAAAD0/////8wABCAgICxASP///////////wD///////////8MAAAAAAAAAMz/////////////////////////////AP///////////0AAAAAAAAAACFiQxPT///////////////////////8A////////////oAAAAAAAAAAAAAAAADBwtPT//////////////////wD////////////8QAAAAAAAAAAAAAAAAAAACFTA////////////////AP/////////////oOAAAAAAAAAAAAAAAAAAAAABM6P////////////8A///////////////4fAgAAAAAAAAAAAAAAAAAAAAY2P///////////wD/////////////////7IwwAAAAAAAAAAAAAAAAAAAo+P//////////AP/////////////////////koGw0BAAAAAAAAAAAAACU//////////8A///////////////////////////4uFgAAAAAAAAAADz//////////wD//////////2BgSEA0IBwA6P///////5QAAAAAAAAADP//////////AP//////////JAAAAAAAAACc/////////AAAAAAAAAAA//////////8A//////////9YAAAAAAAAACDo///////AAAAAAAAAABT//////////wD//////////6QAAAAAAAAAACCk7P/snBQAAAAAAAAAUP//////////AP//////////+BAAAAAAAAAAAAAAAAAAAAAAAAAAAACs//////////8A////////////kAAAAAAAAAAAAAAAAAAAAAAAAAAAOP///////////wD////////////8RAAAAAAAAAAAAAAAAAAAAAAAABjc////////////AP/////////////0PAAAAAAAAAAAAAAAAAAAAAAg2P////////////8A///////////////8hBQAAAAAAAAAAAAAAAAMdPT//////////////wD/////////////////+LRwSCAMAAAAHDhoqPT/////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8=', + 'width' => 40 + ), + 'T' => array( + 'data' => 'AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA////////////AP////////8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD///////////8A/////////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP///////////wD/////////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA////////////AP////////8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD///////////8A/////////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP///////////wD///////////////////8AAAAAAAAAAP//////////////////////AP///////////////////wAAAAAAAAAA//////////////////////8A////////////////////AAAAAAAAAAD//////////////////////wD///////////////////8AAAAAAAAAAP//////////////////////AP///////////////////wAAAAAAAAAA//////////////////////8A////////////////////AAAAAAAAAAD//////////////////////wD///////////////////8AAAAAAAAAAP//////////////////////AP///////////////////wAAAAAAAAAA//////////////////////8A////////////////////AAAAAAAAAAD//////////////////////wD///////////////////8AAAAAAAAAAP//////////////////////AP///////////////////wAAAAAAAAAA//////////////////////8A////////////////////AAAAAAAAAAD//////////////////////wD///////////////////8AAAAAAAAAAP//////////////////////AP///////////////////wAAAAAAAAAA//////////////////////8A////////////////////AAAAAAAAAAD//////////////////////wD///////////////////8AAAAAAAAAAP//////////////////////AP///////////////////wAAAAAAAAAA//////////////////////8A////////////////////AAAAAAAAAAD//////////////////////wD///////////////////8AAAAAAAAAAP//////////////////////AP///////////////////wAAAAAAAAAA//////////////////////8A////////////////////AAAAAAAAAAD//////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8=', + 'width' => 40 + ), + 'U' => array( + 'data' => 'AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////8AAAAAAAAAAP///////////wAAAAAAAAAA//////////8A/////////wAAAAAAAAAA////////////AAAAAAAAAAD//////////wD/////////AAAAAAAAAAD///////////8AAAAAAAAAAP//////////AP////////8AAAAAAAAAAP///////////wAAAAAAAAAA//////////8A/////////wAAAAAAAAAA////////////AAAAAAAAAAD//////////wD/////////AAAAAAAAAAD///////////8AAAAAAAAAAP//////////AP////////8AAAAAAAAAAP///////////wAAAAAAAAAA//////////8A/////////wAAAAAAAAAA////////////AAAAAAAAAAD//////////wD/////////AAAAAAAAAAD///////////8AAAAAAAAAAP//////////AP////////8AAAAAAAAAAP///////////wAAAAAAAAAA//////////8A/////////wAAAAAAAAAA////////////AAAAAAAAAAD//////////wD/////////AAAAAAAAAAD///////////8AAAAAAAAAAP//////////AP////////8AAAAAAAAAAP///////////wAAAAAAAAAA//////////8A/////////wAAAAAAAAAA////////////AAAAAAAAAAD//////////wD/////////AAAAAAAAAAD///////////8AAAAAAAAAAP//////////AP////////8AAAAAAAAAAP///////////wAAAAAAAAAA//////////8A/////////wAAAAAAAAAA////////////AAAAAAAAAAD//////////wD/////////JAAAAAAAAADk/////////+gAAAAAAAAAHP//////////AP////////9MAAAAAAAAAJz/////////nAAAAAAAAABE//////////8A/////////4gAAAAAAAAAHOj//////+ggAAAAAAAAAHz//////////wD/////////0AAAAAAAAAAAIJzs/+ykIAAAAAAAAAAA0P//////////AP//////////QAAAAAAAAAAAAAAAAAAAAAAAAAAAAED///////////8A///////////IBAAAAAAAAAAAAAAAAAAAAAAAAAAE0P///////////wD///////////+YAAAAAAAAAAAAAAAAAAAAAAAAAJj/////////////AP////////////+UBAAAAAAAAAAAAAAAAAAAAASU//////////////8A///////////////IPAAAAAAAAAAAAAAAAAAwyP///////////////wD/////////////////0IxYOCAIAAAEIEiAyP//////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8=', + 'width' => 40 + ), + 'V' => array( + 'data' => 'AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD//////zAAAAAAAAAAYP//////////////ZAAAAAAAAAAw////////AP//////kAAAAAAAAAAU/P////////////8UAAAAAAAAAJD///////8A///////oBAAAAAAAAADE////////////xAAAAAAAAAAE7P///////wD///////9MAAAAAAAAAHD///////////94AAAAAAAAAEz/////////AP///////6gAAAAAAAAAJP///////////yQAAAAAAAAArP////////8A////////+BAAAAAAAAAA1P/////////YAAAAAAAAABT4/////////wD/////////aAAAAAAAAACE/////////4QAAAAAAAAAbP//////////AP/////////EAAAAAAAAADT/////////OAAAAAAAAADM//////////8A//////////8kAAAAAAAAAOT//////+QAAAAAAAAAKP///////////wD//////////4QAAAAAAAAAmP//////nAAAAAAAAACI////////////AP//////////5AAAAAAAAABE//////9EAAAAAAAABOT///////////8A////////////QAAAAAAAAAT0////9AgAAAAAAABI/////////////wD///////////+gAAAAAAAAAKT///+kAAAAAAAAAKj/////////////AP////////////QIAAAAAAAAXP///1wAAAAAAAAM+P////////////8A/////////////1wAAAAAAAAM+P/8DAAAAAAAAGT//////////////wD/////////////vAAAAAAAAAC8/7wAAAAAAAAAxP//////////////AP//////////////HAAAAAAAAGj/aAAAAAAAACT///////////////8A//////////////94AAAAAAAAHP8cAAAAAAAAhP///////////////wD//////////////9gAAAAAAAAAkAAAAAAAAADk////////////////AP///////////////zgAAAAAAAAQAAAAAAAAQP////////////////8A////////////////lAAAAAAAAAAAAAAAAACg/////////////////wD////////////////sCAAAAAAAAAAAAAAADPT/////////////////AP////////////////9QAAAAAAAAAAAAAABg//////////////////8A/////////////////7AAAAAAAAAAAAAAAMD//////////////////wD//////////////////BQAAAAAAAAAAAAc////////////////////AP//////////////////cAAAAAAAAAAAAHz///////////////////8A///////////////////MAAAAAAAAAAAA3P///////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8=', + 'width' => 40 + ), + 'W' => array( + 'data' => 'AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A//8cAAAAAAAAALz/////4AAAAAAAAAAA6P////+8AAAAAAAAABz//wD//1QAAAAAAAAAjP////+gAAAAAAAAAACo/////4wAAAAAAAAAUP//AP//jAAAAAAAAABU/////2AAAAAAAAAAAGj/////VAAAAAAAAACM//8A///EAAAAAAAAACT/////IAAAAAAAAAAAKP////8kAAAAAAAAAMT//wD///gEAAAAAAAAAPD//+AAAAAAAAAAAAAA6P//8AAAAAAAAAAE9P//AP///zAAAAAAAAAAvP//oAAAAAAAAAAAAACo//+8AAAAAAAAADD///8A////bAAAAAAAAACM//9gAAAAAAAAAAAAAGT//4wAAAAAAAAAaP///wD///+kAAAAAAAAAFT//yAAAAAAAAAAAAAAIP//VAAAAAAAAACc////AP///9gAAAAAAAAAJP/gAAAAAAAAAAAAAAAA4P8kAAAAAAAAANT///8A/////xAAAAAAAAAA8KAAAAAAAAAAAAAAAACg8AAAAAAAAAAQ/////wD/////TAAAAAAAAAC8YAAAAAAAAAAAAAAAAGC8AAAAAAAAAET/////AP////+AAAAAAAAAAIwgAAAAAAAAAAAAAAAAIIwAAAAAAAAAfP////8A/////7gAAAAAAAAANAAAAAAAACwwAAAAAAAANAAAAAAAAACw/////wD/////8AAAAAAAAAAAAAAAAAAAdHgAAAAAAAAAAAAAAAAAAOz/////AP//////KAAAAAAAAAAAAAAAAAC4vAAAAAAAAAAAAAAAAAAg//////8A//////9gAAAAAAAAAAAAAAAACPj4CAAAAAAAAAAAAAAAAFj//////wD//////5QAAAAAAAAAAAAAAABE//9IAAAAAAAAAAAAAAAAkP//////AP//////0AAAAAAAAAAAAAAAAIj//4wAAAAAAAAAAAAAAADI//////8A///////8DAAAAAAAAAAAAAAAzP//1AAAAAAAAAAAAAAABPj//////wD///////88AAAAAAAAAAAAABT/////GAAAAAAAAAAAAAA0////////AP///////3QAAAAAAAAAAAAAWP////9gAAAAAAAAAAAAAHD///////8A////////sAAAAAAAAAAAAACg/////6QAAAAAAAAAAAAApP///////wD////////kAAAAAAAAAAAAAOT/////6AAAAAAAAAAAAADc////////AP////////8cAAAAAAAAAAAo////////MAAAAAAAAAAAEP////////8A/////////1QAAAAAAAAAAHD///////94AAAAAAAAAABM/////////wD/////////jAAAAAAAAAAAtP///////7wAAAAAAAAAAID/////////AP/////////EAAAAAAAAAAT0////////+AgAAAAAAAAAuP////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8=', + 'width' => 40 + ), + 'X' => array( + 'data' => 'AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD///////9UAAAAAAAAAKz///////////+sAAAAAAAAAFD/////////AP///////+QQAAAAAAAAFOT/////////8BwAAAAAAAAM5P////////8A/////////5gAAAAAAAAATP////////9kAAAAAAAAAJD//////////wD//////////0AAAAAAAAAAoP//////wAAAAAAAAAA0/P//////////AP//////////2AgAAAAAAAAQ4P////gkAAAAAAAABMz///////////8A////////////iAAAAAAAAABA////dAAAAAAAAABw/////////////wD////////////8MAAAAAAAAACU/9AEAAAAAAAAHPD/////////////AP/////////////IBAAAAAAAAAzYMAAAAAAAAACs//////////////8A//////////////90AAAAAAAAABAAAAAAAAAATP///////////////wD///////////////QgAAAAAAAAAAAAAAAAAAzg////////////////AP///////////////7wAAAAAAAAAAAAAAAAAjP////////////////8A/////////////////2AAAAAAAAAAAAAAADD8/////////////////wD/////////////////7BQAAAAAAAAAAAAEyP//////////////////AP/////////////////gDAAAAAAAAAAAAAjY//////////////////8A/////////////////0AAAAAAAAAAAAAAADj8/////////////////wD///////////////+UAAAAAAAAAAAAAAAAAJD/////////////////AP//////////////4AwAAAAAAAAAAAAAAAAADOD///////////////8A//////////////9AAAAAAAAAAAAAAAAAAAAAQP///////////////wD/////////////nAAAAAAAAAAAWAAAAAAAAAAAlP//////////////AP///////////+QQAAAAAAAAAGD/YAAAAAAAAAAM4P////////////8A////////////TAAAAAAAAAAs9P/0LAAAAAAAAABM/////////////wD//////////6AAAAAAAAAADNT////UDAAAAAAAAACg////////////AP/////////kEAAAAAAAAACg//////+gAAAAAAAAABDk//////////8A/////////0wAAAAAAAAAYP////////9gAAAAAAAAAEz//////////wD///////+oAAAAAAAAACz0//////////QsAAAAAAAAAKT/////////AP//////7BQAAAAAAAAM1P///////////9QMAAAAAAAAFOz///////8A//////9UAAAAAAAAAKD//////////////6AAAAAAAAAAVP///////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8=', + 'width' => 40 + ), + 'Y' => array( + 'data' => 'AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP///////1QAAAAAAAAAAGj//////////2gAAAAAAAAAAFT///////8A////////5BAAAAAAAAAAAMT////////EAAAAAAAAAAAQ5P///////wD/////////mAAAAAAAAAAAKPj/////+CgAAAAAAAAAAJj/////////AP//////////PAAAAAAAAAAAgP////+AAAAAAAAAAAA8//////////8A///////////YCAAAAAAAAAAE2P//2AQAAAAAAAAACNj//////////wD///////////+AAAAAAAAAAAA4//84AAAAAAAAAACA////////////AP////////////woAAAAAAAAAACUlAAAAAAAAAAAKPz///////////8A/////////////8gAAAAAAAAAABAQAAAAAAAAAADI/////////////wD//////////////2wAAAAAAAAAAAAAAAAAAAAAbP//////////////AP//////////////8BwAAAAAAAAAAAAAAAAAABzw//////////////8A////////////////tAAAAAAAAAAAAAAAAAAAtP///////////////wD/////////////////VAAAAAAAAAAAAAAAAFT/////////////////AP/////////////////oEAAAAAAAAAAAAAAQ6P////////////////8A//////////////////+cAAAAAAAAAAAAAJz//////////////////wD///////////////////9AAAAAAAAAAABA////////////////////AP///////////////////9gAAAAAAAAAANj///////////////////8A/////////////////////wAAAAAAAAAA/////////////////////wD/////////////////////AAAAAAAAAAD/////////////////////AP////////////////////8AAAAAAAAAAP////////////////////8A/////////////////////wAAAAAAAAAA/////////////////////wD/////////////////////AAAAAAAAAAD/////////////////////AP////////////////////8AAAAAAAAAAP////////////////////8A/////////////////////wAAAAAAAAAA/////////////////////wD/////////////////////AAAAAAAAAAD/////////////////////AP////////////////////8AAAAAAAAAAP////////////////////8A/////////////////////wAAAAAAAAAA/////////////////////wD/////////////////////AAAAAAAAAAD/////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8=', + 'width' => 40 + ), + 'Z' => array( + 'data' => 'AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A//////////8AAAAAAAAAAAAAAAAAAAAAAAAAAAD//////////////wD//////////wAAAAAAAAAAAAAAAAAAAAAAAAAAAP//////////////AP//////////AAAAAAAAAAAAAAAAAAAAAAAAAAAA//////////////8A//////////8AAAAAAAAAAAAAAAAAAAAAAAAAAAD//////////////wD//////////wAAAAAAAAAAAAAAAAAAAAAAAAAAAP//////////////AP//////////AAAAAAAAAAAAAAAAAAAAAAAAAAAQ//////////////8A/////////////////////////1AAAAAAAAAABLz//////////////wD///////////////////////98AAAAAAAAAACY////////////////AP//////////////////////pAAAAAAAAAAAaP////////////////8A/////////////////////8QIAAAAAAAAAET8/////////////////wD////////////////////gGAAAAAAAAAAo9P//////////////////AP//////////////////9CwAAAAAAAAAFNz///////////////////8A//////////////////xMAAAAAAAAAATA/////////////////////wD/////////////////eAAAAAAAAAAAnP//////////////////////AP///////////////5wAAAAAAAAAAHT///////////////////////8A///////////////ABAAAAAAAAABM/P///////////////////////wD/////////////3BQAAAAAAAAALPT/////////////////////////AP////////////QoAAAAAAAAABjg//////////////////////////8A///////////8SAAAAAAAAAAExP///////////////////////////wD//////////2wAAAAAAAAAAKD/////////////////////////////AP////////+YAAAAAAAAAAB8//////////////////////////////8A/////////wQAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/////////////wD/////////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/////////////AP////////8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP////////////8A/////////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/////////////wD/////////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/////////////AP////////8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8A/////////////////////////////////////////////////////wD/////////////////////////////////////////////////////AP////////////////////////////////////////////////////8=', + 'width' => 40 + ), + ); + + return $_png; + } + + // These define base64_encoded raw png image data used + // when we cannot generate our own single png image + function define_raw_pngs() + { + $_png = array( + '0' => 'iVBORw0KGgoAAAANSUhEUgAAACgAAAAoCAAAAACpleexAAAAFXRFWHRDcmVhdGlvbiBUaW1lAAfTBQ4QKCNGXKO6AAAAB3RJTUUH0wUOEDQ6EUG1VwAAAAlwSFlzAAALEgAACxIB0t1+/AAAAXNJREFUeNpj/M9AHGAiUt2wVvhyaqAqKyOjpG3jQwaGv+e+IUn9RwJfSjjg4iwFP1aKJD6HyyErfGGAYrquIoP5E2wK/zigu0v5wH9sChdgeKDqP1aFGhBZmxv/z0Dd4IxV4RWIpMQHIPuJAITzAqEQETx7IFQIP5CQNoJwDmALxzMQCuyjg1chnBPYwtECwr8AZN41h0p6YHOjAkTuwf//77wYuCEcFWwKOWA2fM1iZuuHcASwKYQ55c9ENuasrxgRjKlwJS+D17v/hBUeUGYwv/sfn0IRiJQZJIbxuFEFagjvSlDUQNgK2GIGqpC1JRhIfoAqxBYz0DRhn8IMJO+giKEqhMaMJBeI3AHhIKdkRPqG8DlAifqFADyasKRHO6h1Z/6fMYEwTbCmx3cWGCl8CTaFwBhGz+M2/7EpXMvOnBmIok7jBVaFz/Mi3/1pQORrhpgPyOr+M8IL0j9/gKpeLjhy5QEwoDVsYuRR3cE4IktcAJNx8cJaZBeQAAAAAElFTkSuQmCC', + '1' => 'iVBORw0KGgoAAAANSUhEUgAAACgAAAAoCAAAAACpleexAAAAFXRFWHRDcmVhdGlvbiBUaW1lAAfTBQ4QMi//xxVKAAAAB3RJTUUH0wUOEDYLcqnX7wAAAAlwSFlzAAALEgAACxIB0t1+/AAAAHpJREFUeNpj/M9AHGAiUh1WhR8FGUGAsMKaD9iM/I8BlmCVwVS4hoUohT8qcNiFyv2zQIWBCIV3amRwu54RKcDRAgQ1KigIcJYK7CqR3QsCFmf+Y8qgeQakbANMAz6FKjUXECbj8zWa76nm61GFw1UhI10KqVGFNFQIADdK9Zj7PsV9AAAAAElFTkSuQmCC', + '2' => 'iVBORw0KGgoAAAANSUhEUgAAACgAAAAoCAAAAACpleexAAAAFXRFWHRDcmVhdGlvbiBUaW1lAAfTBQ4QMwPUBEjoAAAAB3RJTUUH0wUOEDUqFe2UcgAAAAlwSFlzAAALEgAACxIB0t1+/AAAAQxJREFUeNpj/M9AHGAiUt2owkGrkAWF93LFgStPfjCwyGiYRGijqfyPAH9aOJAkQl78RwbICkNQjdB4gUNhD7qzLLAr/CKA4YENSAoRvl7zAUJXvPmxhgfCXILVMxEQvg+IDVUhgtVqDYjkDhD7B2aQIMIx5cOTN29evLAAsaEKObBajQzmQOQMcIQjHLwQgSisIaDwBdS5LHfwK7yhAHVVyX+8CrdAA5HB5gdehQ3Yoxpd4ZcAmDqbD//xKISEIjhU//zHoxDmXQaeFRhOZ8CmzuDOf3wKf8DsDfnyH6/CHJi6P//xKjyDJethVehBpMI7DPgVwrPCCgb8AK5wDwGFcNMF8EkCASOx1QcAGUxu1untnFIAAAAASUVORK5CYII=', + '3' => 'iVBORw0KGgoAAAANSUhEUgAAACgAAAAoCAAAAACpleexAAAAFXRFWHRDcmVhdGlvbiBUaW1lAAfTBQ4QMxBQugk2AAAAB3RJTUUH0wUOEDU3duv4qwAAAAlwSFlzAAALEgAACxIB0t1+/AAAATdJREFUeNpj/M9AHGAiUt0IVciCzPm7ZceZB28YGBQkLHwcmNFU/keANRJI4ioH/qMAJIUlaHatwaFwBrqrOO5gVfiCB8P9KVgVVkAtnPDh/wkLCFsGq0IFiGQLiH0D06P/GWHJ7O+NOzfuXLlzQRrEhgSawHscwYPurxAcwQMBf/4/aIAYyHIGr8IEeDhO+Y9XoQNUncwOVHGMRPEDSovc+IkzrpGDCQgUbuC1WgBhhsIHfAp3vPn/oIIFKfRxKQSDGohCA4IKX0DTD7YoRAWMUJ9iyQpbn4DBBWUQ5yFEDDnFw622gXAzwBxoYvfB5sYlUI0lD/4/gWWKJdgU/tHAcKjCD6y+PsGCpo4FJbaRgmcNqkqWCThTzxkTJHXo+Ro1HA9uOPHiATDlKJj4eKCVFIzDqWgGAK7GW/haPS+zAAAAAElFTkSuQmCC', + '4' => 'iVBORw0KGgoAAAANSUhEUgAAACgAAAAoCAAAAACpleexAAAAFXRFWHRDcmVhdGlvbiBUaW1lAAfTBQ4QMyqWttCEAAAAB3RJTUUH0wUOEDUxn4hdngAAAAlwSFlzAAALEgAACxIB0t1+/AAAAKBJREFUeNpj/M9AHGAiUh2FCucyQgCK4H9McIAFixwWhQ8kGIhS+MWAgTiFIQzEKWxhIE7hFgbiFF7hASkQIajwjQpInuUAIYV/XMDyU/4TUlgAlk75T0jhArCszR9CCk+AY07mxX8CCp+AY47nzH8CCn+YgOWW/CekMAYsVfMfl0JGmCBq4kNEDp2zAn0UMmItABjRvDykPTO43DgyFQIANP6pTFLWAdoAAAAASUVORK5CYII=', + '5' => 'iVBORw0KGgoAAAANSUhEUgAAACgAAAAoCAAAAACpleexAAAAFXRFWHRDcmVhdGlvbiBUaW1lAAfTBQ4QMzPy3XhEAAAAB3RJTUUH0wUOEDUk8lW5dQAAAAlwSFlzAAALEgAACxIB0t1+/AAAAQpJREFUeNpj/M9AHGAiUt2oQuIVfmREBzgU3iHWxAfEKiTaRFpZnfAfAbAr/AsxUYagiVCbeQgqhPpFYmukLCOrZupRNJUIB02BCAjAZCK+/Ed2LoJZgm6bzRfsCgMw3JWAXaEBpg8uIGSRPPMBQmXc+P+iggXCnoOQZUQK1K8PgEAjGcQs7QGL6FzG5mtkcAUiyYIQYcRRUkDTLEIWR1b4ixamQMPhrKUP3rx48eDNFXmwdyFiOthixgXqaTAnBcKpwRaOS6A6Mx78fwBVx/IAm8I/KsTGzAkWNHUyb7Ar/L8GNSlK3MCRev7/v+CApC7kBUoUoAX4yQ0nHjwAWqpiE6GNFgNDoAwHAKC2Q2lMNcCmAAAAAElFTkSuQmCC', + '6' => 'iVBORw0KGgoAAAANSUhEUgAAACgAAAAoCAAAAACpleexAAAAFXRFWHRDcmVhdGlvbiBUaW1lAAfTBQ4QNAObRd4vAAAAB3RJTUUH0wUOEDUc2lcB6wAAAAlwSFlzAAALEgAACxIB0t1+/AAAATtJREFUeNpj/M9AHGAiUh2Gwq2puryMjKKmmSfRVf5HBkcMEBI+L1CkUBROYUE2QuMFLoVr0CzzwKHwhQC6szZgV1gAtfHI/xs2mEYywsPxp8QHEMVxQ56B4aaJiIKIiIRCPDZf74DwI/5jB4hwPAChbAgG+BWoExlOxkoysuqW3sUV4BoQ/p0SqARLB44AF4HIByDMKMCuEIu7phCrUOADNl/DgMOJ/09SIMwPC7B5hgfC1/kB4kRAOC7YrFaByM0Ac85AOCLYrFaBhSMIQNPlG2wBDg3HP2CSGU/MuEAoiKVXUWxB9cwPiG8UwEGSg5FCMNOjwZ4/byqgpqwgMoWr/MGeZ1agqWPZgSNz/Z+AqnDCf1wK/29B8qbKDhQpRtTE8HfLjjMP3jDwKJh4hKCGJSPNC6lRhTRWCABWpdoxd/bZ4QAAAABJRU5ErkJggg==', + '7' => 'iVBORw0KGgoAAAANSUhEUgAAACgAAAAoCAAAAACpleexAAAAFXRFWHRDcmVhdGlvbiBUaW1lAAfTBQ4QNA18/fMoAAAAB3RJTUUH0wUOEDUVo4u5TwAAAAlwSFlzAAALEgAACxIB0t1+/AAAAM9JREFUeNpj/M9AHGAiUt2oQnorZIGzGLFJIyJ40HqGhUiFPFuQ/YUFPBGBmLcDSQybwj8OEDOW/CegsAeiruQ/AYV3OMDqTP4QUugCceCN/wQUQn1a8Z+Awj8qYHUiHwgpXAAxcMJ/Qgp1wOoEPhBSuANiYM5/QgpjIAovEFL4gweszgAz0NASxZ4vYMqHYDKDBiIWhWhWa0CS1x9CVn+8AaYsmAlZfQRC6RDMChADGTQIKjxDrMI7EEoBi0JGlMJe8AOY+sFOSCEeQHQBAABCZ7xyT9fJhwAAAABJRU5ErkJggg==', + '8' => 'iVBORw0KGgoAAAANSUhEUgAAACgAAAAoCAAAAACpleexAAAAFXRFWHRDcmVhdGlvbiBUaW1lAAfTBQ4QNBeBnwpSAAAAB3RJTUUH0wUOEDUOKe5wowAAAAlwSFlzAAALEgAACxIB0t1+/AAAATVJREFUeNpj/M9AHGAiUt1AKmRB459cc+DBGwYWGQ2LEG1Umf/I4IELkozLA2QpFIUXJFDMEDiBQ+EHGTR3yHzArrAFwwct2BXqQGQ1zvw/owFh6mBXCDXmDJB5BsOrjEhxzfoHIgkiGCGB9xtrgEPtOwvEV6FWY4+ZAAgVc5LhZgKEGYI9wN+gBiPu4Pl/BFWlxA1cMfN/C0rUr8AVhX8K0KyuwaEwASNmarAqPACVTXnw/0oENBFewKYQGhYZYE4MVBM2hVAvQ1LhHQhHBVsUMjIgYhCdhy3PPASTd6GOxBYz0KhOQHajDjY3pkC1Rlz5fweqjqEAm8ILGK5gYLlDZICXYI+ZLzZo6gL+4EgUfyo4kJQJtCCpQ8kKQPB2zZ47L14AU5iMgUMAN7IM43AqHwdQIQAhMPz6Gz5V/wAAAABJRU5ErkJggg==', + '9' => 'iVBORw0KGgoAAAANSUhEUgAAACgAAAAoCAAAAACpleexAAAAFXRFWHRDcmVhdGlvbiBUaW1lAAfTBQ4QNCQ+T2tEAAAAB3RJTUUH0wUOEDUHUDLIBwAAAAlwSFlzAAALEgAACxIB0t1+/AAAAUZJREFUeNpj/M9AHGAiUh26wr9rE3V5GRlFTTM3/kVT+R8Z7FBBSKjsQJFCUTiFBcWMCbgUHmBBs20FdoV/VNDUMQi8wapwDVS65s2fPToQZgFWhRFIkm8kwGyeH9gUQm2+Aua0QDhb4LJI4XgHQmmDSRMIZw+emIEENAeEcwObQhEIdQHiABRbUGPGBSIQAWL/gHqbB5tnJkC1Fjz5f8IGwxwkhR8EsCQarFE4hViF/wsQCgKgHsSu8H8HLFkUQL2rgUPh/zslOiwMEjFH/kND2geXQvQgqMAWhSjgAIRygAswIuXCpXfevHjz4M0ZdQaGhxo/wAnyBTuWmPnvARGxuPH/iAa+9Ph/A7r9Ai+wK/zvg6ZwzX8cCl9oICtjmfIfl8L/bwIQ6gyO/Met8P//EwUmwHTJo5OyBU2CkdaF1KhCWisEAM/sJxmZkdWnAAAAAElFTkSuQmCC', + 'A' => 'iVBORw0KGgoAAAANSUhEUgAAACgAAAAoCAAAAACpleexAAAAFXRFWHRDcmVhdGlvbiBUaW1lAAfTBQ4QFwy1U7TfAAAAB3RJTUUH0wUOEC0ZKCZtPQAAAAlwSFlzAAALEgAACxIB0t1+/AAAAO1JREFUeNrt1LERwiAUBuAHZ2GRwsIypQMwQEZwgBQpM4QDZBSLFI7gCA5gQWGRdA5gkTuMSh48eMTUnq96wH98B+QiDCwruTD3D76qF676ueAp0Y9lSBXeSkFWaLAje3T+kkzK4SgpBzZw8pqxJWcdOJuRsyGPbWDk0tS20zw9SXsobdfytJVXdzNsP61i6Zt3K7Ht0UeUgbPdjsrOXMd+2IS2C2qb271HVWi7YANcNXFQsUEVBTXwNdl46jYRxPl52dnwRUZbhkLSDmS8DnxFRWiULxg8UxvobefuRR8ZQYDKtffVVcQWv/RrfgJC4bd0upw4MQAAAABJRU5ErkJggg==', + 'B' => 'iVBORw0KGgoAAAANSUhEUgAAACgAAAAoCAAAAACpleexAAAAFXRFWHRDcmVhdGlvbiBUaW1lAAfTBQ4QGAusrz2zAAAAB3RJTUUH0wUOEC01Gv4B3gAAAAlwSFlzAAALEgAACxIB0t1+/AAAANJJREFUeNpj/M9AHGAiUh0tFTKiAUHL2rsoKv9DARZDWFr+IwA+hQwMFcQqZDhCrMIIYhWK4FYIYv8444PuV+wK//9/A+UJwBUSCHAL3OEIsdoFyttCpGdiiAtHjoY/RCnk6PlBbBRKrCE6CqcQq5DlDs5whIT3CgUI788EvOEIBCegXB2YPCNMBSNMISqf5TeUjysK90LpP/itfrFEAhZCMHkWdKMYUbk2MAah7BqD02pUYEFkgMu8IE6hD0IdpmegwSejoKLjoY7syaFU7A0HhQA2e4cJytImvAAAAABJRU5ErkJggg==', + 'C' => 'iVBORw0KGgoAAAANSUhEUgAAACgAAAAoCAAAAACpleexAAAAFXRFWHRDcmVhdGlvbiBUaW1lAAfTBQ4QGBbPqVFqAAAAB3RJTUUH0wUOEC4BEGemqAAAAAlwSFlzAAALEgAACxIB0t1+/AAAASlJREFUeNpj/M9AHGAiUt2owkGrkAWV+3TDgRtPPjBwyGiYBOijSv1HAlcCkGUcTiDLISvsQDOeZQp2hQWYDpuCTeEEbD44ganwDgc2vxpgKoyAyUWc+f9hjgCMtwFd4RuYRxog/ueBcl3QFc6BSmj8gfBrwE40yFmCrjABqrAH5mSZgJ4jX7AEjwlU4Zn/OAAsrp9AaRlccc0IzdeMsBilOPWQrBDmtpfEKnwBpZ8qZq58i6IS6vscKHcBcgQYlOz4gh6OK6AKfaB8G5hN6Aq/wBLPHjB3CczCFIzUA0u2PD0v/j9pgaf1ExgK3wgwYAEOWFL4GizqWC5gyzM1mArnEJkLZ2DPhf//n3BAVmeDkq8ZUZPL3TUn7gBLCgYFBYsAcxQZRmKrDwABNsv9SJSDwwAAAABJRU5ErkJggg==', + 'D' => 'iVBORw0KGgoAAAANSUhEUgAAACgAAAAoCAAAAACpleexAAAAFXRFWHRDcmVhdGlvbiBUaW1lAAfTBQ4QGC1+orhOAAAAB3RJTUUH0wUOEC4yr7fHvgAAAAlwSFlzAAALEgAACxIB0t1+/AAAAM9JREFUeNpj/M9AHGAiUt1AKmSBsxiRhXlkNBxCpFFU/ocBTDMyPvxHADwKGRgUbhCpkEHiCZEKGRyIVciwArdCIPPFGg8YzwSvQiBogXFvEFD43wDKnQDl44yZGCh9glAU2sCsJqRQBkq/gMUw3G2wuP6PnU/H9PgRSgsQUvgESosQUngFSqsQUrgCSsNiCFcU7oBx9+CL6w8XamB5SeUPkelxAZEJ1+YPcQolXhCXFTTuEJULOUq+IOVrFgasQELBxMaHG1mEcTiVjwOoEADAIkCnGpmJKgAAAABJRU5ErkJggg==', + 'E' => 'iVBORw0KGgoAAAANSUhEUgAAACgAAAAoCAAAAACpleexAAAAFXRFWHRDcmVhdGlvbiBUaW1lAAfTBQ4QGDeDwEE0AAAAB3RJTUUH0wUOEC8CkHXGUwAAAAlwSFlzAAALEgAACxIB0t1+/AAAAD5JREFUeNpj/M9AHGAiUt2owkGrkAXGYMQqjUgJQ8EzpPsa05+D140oMYTk4KEQ4MMqZqgUhcM1czESW30AABfqB1XDnLzcAAAAAElFTkSuQmCC', + 'F' => 'iVBORw0KGgoAAAANSUhEUgAAACgAAAAoCAAAAACpleexAAAAFXRFWHRDcmVhdGlvbiBUaW1lAAfTBQ4QGQe8AkDZAAAAB3RJTUUH0wUOEC8JB6cf2wAAAAlwSFlzAAALEgAACxIB0t1+/AAAADlJREFUeNpj/M9AHGAiUt3wUsiCYDJikUYE3lDwDDm+xvTp4HUjIoaQXTsUAnxYxcyoQryAcUSWuAAW/gZTg/yEMAAAAABJRU5ErkJggg==', + 'G' => 'iVBORw0KGgoAAAANSUhEUgAAACgAAAAoCAAAAACpleexAAAAFXRFWHRDcmVhdGlvbiBUaW1lAAfTBQ4QGRFI1vWIAAAAB3RJTUUH0wUOEC8QY8y3GwAAAAlwSFlzAAALEgAACxIB0t1+/AAAASZJREFUeNpj/M9AHGAiUt0IVciCwvt7ZM+FOy8+MDBwSEho2AQII8v9R4A/U2RQtHEUfEBIIim8YYBhn8oNLAqP8GBxmcwbDIU3sKljYIhAV/jHgAE7uICmcAJMQqDmwp//D2YowPgxqAr/wPyr8QAi8EEHwleIQFW4BxYicG+eEHEomHECET5QhRVQhQn/cQFoFJ6AKgwgFNcPoFwdnAoZIXmGERahKDwkIdqlR1j4PiRW4RVCCmExvQenQrSYEXiDiAoUBfC4loAK23yBSnzArhCRehRmAJPFnRUxHDgU/lDA7zZECj/Cgl2dAkaeWYNVZcoHDIX/94hgKLM4gS27/v9QIICizGMDkiQjSon7c8eBCw+e/GFgkZEwsHCRRpZiHE5FMwCa2YE+WcAOUwAAAABJRU5ErkJggg==', + 'H' => 'iVBORw0KGgoAAAANSUhEUgAAACgAAAAoCAAAAACpleexAAAAFXRFWHRDcmVhdGlvbiBUaW1lAAfTBQ4QGRw2Z4k1AAAAB3RJTUUH0wUOEC8agxleBQAAAAlwSFlzAAALEgAACxIB0t1+/AAAAD1JREFUeNpj/M9AHGAiUt2oQvyABUozQml4+KMLDAXPDAWFLGh8RlwKh4JnaB88GOlxELhxVCFewDgEynAAN2sFVHAvevkAAAAASUVORK5CYII=', + 'I' => 'iVBORw0KGgoAAAANSUhEUgAAACgAAAAoCAAAAACpleexAAAAFXRFWHRDcmVhdGlvbiBUaW1lAAfTBQ4QGSlg1E0WAAAAB3RJTUUH0wUOEC86uHd+zQAAAAlwSFlzAAALEgAACxIB0t1+/AAAAD5JREFUeNpj/M9AHGAiUt1AKmRBMBkxJJE9OhQ8Q32FjGhxDQsjjCQwFDwzqnCwKkRKZqO5EBMwDqcSl2iFAMMeB0s/kLo2AAAAAElFTkSuQmCC', + 'J' => 'iVBORw0KGgoAAAANSUhEUgAAACgAAAAoCAAAAACpleexAAAAFXRFWHRDcmVhdGlvbiBUaW1lAAfTBQ4QGywiiNsbAAAAB3RJTUUH0wUOEDAFw0tdbgAAAAlwSFlzAAALEgAACxIB0t1+/AAAAKdJREFUeNpj/M9AHGAiUh3xClmwijJCaSR3Ud/qUYWjCklTyIHEhifctw8ePHgCxO+B7L9QMQlsChW+QOiX4gwMd6BiItisVoHSB6AYWQwM/kNBBszkC/9PwKyc8B8B4Ar3YPHMHWwK/xtgqAv4j1XhEfScK/EEu8L/a1BVStz4j0Ph/yPItoe8QFH3nxGlkNq75cKDB0DDVBwitNEcwjhwpdmoQrwAAN6ioiFapgUdAAAAAElFTkSuQmCC', + 'K' => 'iVBORw0KGgoAAAANSUhEUgAAACgAAAAoCAAAAACpleexAAAAFXRFWHRDcmVhdGlvbiBUaW1lAAfTBQ4QHAEoFhGpAAAAB3RJTUUH0wUOEDANzZDVXAAAAAlwSFlzAAALEgAACxIB0t1+/AAAAPZJREFUeNpj/M9AHGAiUt2owgFSyAgFMOGDrDARxkKo0H8wYEDh/b/AAzepACqEVeEdCQx1WBW+0ICry/mPR+EXE7i6kD94FP5xwaYOi8IIrOowFRbA1Xkgq8NQ2ANXZ/PlPx6FS3CpQ1fIAmOIoKn7jxbXf2CMNxvQIxvVRAQQ+YDXaiSQQqxChiOEFGoIQGidP/gVStxogLI68CqUuPH/BzSVcTzAoxCo7v//ObBIxK0QrO7/H1iCXIFT4QkIFxbaMh9wKYQJO0D5OYQUnoDF/QkCCuHJ1+APAYV3YOloAgGF8JTO84SAwjfQiGQIgPAZqV4rAACnKSarzdlc4gAAAABJRU5ErkJggg==', + 'L' => 'iVBORw0KGgoAAAANSUhEUgAAACgAAAAoCAAAAACpleexAAAAFXRFWHRDcmVhdGlvbiBUaW1lAAfTBQ4QHA64qQw4AAAAB3RJTUUH0wUOEDAXMPIsJgAAAAlwSFlzAAALEgAACxIB0t1+/AAAADlJREFUeNpj/M9AHGAiUt2QUMiCYDJCaezhMBQ8M6pwVCEdFLJgCjEisRH5Zyh4hvoKGUdkQUq0QgARaARRV9jUFQAAAABJRU5ErkJggg==', + 'M' => 'iVBORw0KGgoAAAANSUhEUgAAACgAAAAoCAAAAACpleexAAAAFXRFWHRDcmVhdGlvbiBUaW1lAAfTBQ4QHBhMfblpAAAAB3RJTUUH0wUOEDAqaJpgNwAAAAlwSFlzAAALEgAACxIB0t1+/AAAAPNJREFUeNrdlK0OgzAUhS8bCQYxMYmcmEAgEAgejQfZQyG2pAIxOYlATkAu691o2tvSYia2iv7lyzn3NG0jhG1tt5H7Aggom7ZuaKPhBFqKV+pFWDGjjcxStEAYXuvBkrKtoVX+gdRiK9i6sxjgeVGUMJzWwZLACaZOTqoAOAronmrlBuvPkQsIgHn8BqnE2AMmhaaYJ57jqTRFMwsDyW249XaJLhAujizm7UFM5XCUXTqiTvBLQYWRc7H3WWt+3NmlyGbOGh9q/45mjQxUb+CA6A2jSqu5MweX0ooQWLJxLYx6fz0GwmBOsww5GP3At/dX4Ayb7qpFI9y5ygAAAABJRU5ErkJggg==', + 'N' => 'iVBORw0KGgoAAAANSUhEUgAAACgAAAAoCAAAAACpleexAAAAFXRFWHRDcmVhdGlvbiBUaW1lAAfTBQ4QHC6DxyzwAAAAB3RJTUUH0wUOEDAye/b4YQAAAAlwSFlzAAALEgAACxIB0t1+/AAAALRJREFUeNpj/M9AHGAiUt0IV8gIARsRMlAROP8/BEB5Ii/+/0cVgXNRhRk8iFXIMIFYhRxXiFTIYPCDSIUMBcQqZNhDrEKZN0QqZAggViHDHIIKRSAUzx1CCrdAaZM/BBT+z4Eyaggp/KEDYbAcIaDw/wUWCEuBkML/PagBgFvhfxdiFT4RIVLh/zXEKvyfQqzCLypEKvx/hoVIhf9biFX4x4ZIhf8fCBCp8P8KNBHG4VQ0AwDEOyeZhO5p1AAAAABJRU5ErkJggg==', + 'O' => 'iVBORw0KGgoAAAANSUhEUgAAACgAAAAoCAAAAACpleexAAAAFXRFWHRDcmVhdGlvbiBUaW1lAAfTBQ4QHQExDSDoAAAAB3RJTUUH0wUOEDA4myMRfwAAAAlwSFlzAAALEgAACxIB0t1+/AAAATtJREFUeNpj/M9AHGAiUt3wUsiCyv265ciZJ08YGGRkDGwCuFGk/iOBDwU8SDIcGS+Q5JAV7hBBs45nAVaFC1gwXTYBi8IdWNQxMCzAUPhBBJs6Bp4n6AoLYFI6az78f7NEB8ZNQFP4QwAqEfADwg+A+f0NqsI1UHGBDzCnSKC6EhYzB6B0Cj+UwZ+CKgNTeAZKu8C94QGlL6DGjAyU+wAeXC+gIiIQLiM0KzDC9CFCBlWICsnsL3aFMDc+hcs8QZWBKYSF2g24whvYFZpA6T1whUegNCwyoYGxAmYyLGZ+wOxYghqFX2BpO+APmP8nBspHj2uk1LPizf8PGyxgXPTUQ3x6JDqF//8/AYs6bHkGmCYF0O3FnguBCSaFA0kZS8IDJDlG1IIUVFK8eABMWzI6DgHCyDKMI7LEBQCD5YgI9wbKGgAAAABJRU5ErkJggg==', + 'P' => 'iVBORw0KGgoAAAANSUhEUgAAACgAAAAoCAAAAACpleexAAAAFXRFWHRDcmVhdGlvbiBUaW1lAAfTBQ4QHQvR2Mn2AAAAB3RJTUUH0wUOEDEDMzPJGgAAAAlwSFlzAAALEgAACxIB0t1+/AAAAKVJREFUeNpj/M9AHGAiUh05ChlRAKdu4k5Ulf9hANMQiwf/EQCfQgaJB0QqZHAhViHDEbg0AV8vwRM8QN0v5vBAOSfw+BrMWQDl8MClGeEKGGEKQcRXHmQemTGD1RMy+N14o4MDyvGAS7NgGMaIzPHAYyIy4HhBZMy0EBmFIX+IUsjRgqQOi2fAgEVBwyVGGEUEQw2O3EbLzDWSFDIOhtJsVCEWAAC/Yt2X+2PYcgAAAABJRU5ErkJggg==', + 'Q' => 'iVBORw0KGgoAAAANSUhEUgAAACgAAAAoCAAAAACpleexAAAAFXRFWHRDcmVhdGlvbiBUaW1lAAfTBQ4QHRxSC0wxAAAAB3RJTUUH0wUOEDEKSu9xvgAAAAlwSFlzAAALEgAACxIB0t1+/AAAAW1JREFUeNpj/M9AHGAiUt2QUMiCzPm65cCZF08YGGRkDBx8uNFU/oeDDwU8SOIcBS/+IwOEwh0iaEYIrMCqcA4LprsmYFG4A4s6BoYFGAo/iGBTx8DzAl1hAUxKZ8WH/29W6MC4KWgKfwhAJXx+gPl/QmB+/4KqcANUXOQDVPiLBFRkCUwhJGb2wGzihzK4U6CMA6hReAbKc4F7wwFKX0CNGRkoB+HJJ1ARGZgAIziFM8J0IUIGXYjMZPaXkEJYYDyBiz+EuRFVoQKUdwWIz6qWvmRguAMVkUBVaIIUalPu9GgshIefAWrwrIHp//L/DQc4KjFiBi2uQ/7832KB5AX0uP5fAZOx2PDhfwNCIXrq+f9BhgEb4HmCkcL3YE3hSHkBnmfWYFMpsoaYXAgGDgcwFKLlaxYOCG2DqRCYrldkmIACUMIgZsaTI5Cg3IBNISp4AoovlT+EFf7/kYPkb3wK//8/YAGPGcYhUIYDAHBC9Yak1w7iAAAAAElFTkSuQmCC', + 'R' => 'iVBORw0KGgoAAAANSUhEUgAAACgAAAAoCAAAAACpleexAAAAFXRFWHRDcmVhdGlvbiBUaW1lAAfTBQ4QHSkEuIgSAAAAB3RJTUUH0wUOEDEUsOBM3QAAAAlwSFlzAAALEgAACxIB0t1+/AAAAOZJREFUeNpj/M9AHGAiUh0NFLJAaUY0YRkJHYcQdmSh/xCAzRCZHf8RAJ9CBpYNRCpkEHgBV4jfMx+mEOVGIDDAaTWY82aPBZTLgV8hUCkaH6cbP8B8gxHgyODjgwstMDfiVIgWQyFE+lrhB3EBznOFuJgxuUFMXPPEbPmDpA53FH55osKMIoAe4F826MDMvPMfj9WgWFGBBeIf/Ar/H4FxJhBQ+B8WzCIfCCi8A4uvBgIK/2fA/POCgMIXHFBuDqH02ABLM3cIKPwgAuVHEFD4fwJM4AIBhT9goe4AFWAcAsXesFIIAEvJyZHTCSiTAAAAAElFTkSuQmCC', + 'S' => 'iVBORw0KGgoAAAANSUhEUgAAACgAAAAoCAAAAACpleexAAAAFXRFWHRDcmVhdGlvbiBUaW1lAAfTBQ4QHTRnvuTLAAAAB3RJTUUH0wUOEDEbIF9RTAAAAAlwSFlzAAALEgAACxIB0t1+/AAAAVZJREFUeNpj/M9AHGAiUt2oQvyABYX398CWK3de/GBgkVEw8HFgRpH7jwSWqCDLyCxAlkNS+CcG3boY7AozMB3Wgk3hGSw+4HgBl0b4egIWhT9mYPGMBFQg4MH/D2tgvrKASzPC0yMjlP7CDSTOmrDIMDDwiHBsxzSRBypw5j9WgFDoAPNAxIQjX/ApXIDsC4OCLV9wKfzjwIACOEIO4IiZFxbooePzAqvC/z9qONBUStzAqvD//zc9BqgqNX5gVwgETxbkmCClvSk4FYLdsCMCptAGI2YSGV78+PLmz5MX4mDu1ByIMM9n9JiBxe4caGChy8MZMMsUIEFyAMoVwVC4BGaEwpI3/9/MEYGlJQyFPwQYsIE1mL7GlnCR0iNSXLtgqpO4gy1mvtigq1NAxCBKgP9pEUFWxlOCnNIYUYrmn3v23Ljx5gsw88sYOPhwI0sxDoEyHAABtSc836a1EQAAAABJRU5ErkJggg==', + 'T' => 'iVBORw0KGgoAAAANSUhEUgAAACgAAAAoCAAAAACpleexAAAAFXRFWHRDcmVhdGlvbiBUaW1lAAfTBQ4QHgUdTbcyAAAAB3RJTUUH0wUOEDEgkVS4aAAAAAlwSFlzAAALEgAACxIB0t1+/AAAADdJREFUeNpj/M9AHGAiUt0IVcgCpRlxyMODeSh4hmiFjGipB+Z7jEQ1FDwzqnBU4WBSyDicimYAb/AFTaJpyH8AAAAASUVORK5CYII=', + 'U' => 'iVBORw0KGgoAAAANSUhEUgAAACgAAAAoCAAAAACpleexAAAAFXRFWHRDcmVhdGlvbiBUaW1lAAfTBQ4QHhEHl2NPAAAAB3RJTUUH0wUOEDEon48wWgAAAAlwSFlzAAALEgAACxIB0t1+/AAAAKlJREFUeNpj/M9AHGAiUh3xClmgNCOUhrsEXYD6Vo8qHFVIuUIVKP0USr+E0jLoCjWg9A4ovQVNHJjUIaADZsILMPeFApRfA5X/D1N4AaZRYc6b/2+WwNQxXEBX+N8Bqxcc/mMoPMGCRR3LBUyF/2dgUTjjPxaF/6egm8ky5T9Whf9P2KCoMziBJPefEaWQurjnzIMXL34wsMhoWHiYo2hjHLjSbFQhXgAAKzejCLAOcVMAAAAASUVORK5CYII=', + 'V' => 'iVBORw0KGgoAAAANSUhEUgAAACgAAAAoCAAAAACpleexAAAAFXRFWHRDcmVhdGlvbiBUaW1lAAfTBQ4QHh/gL05IAAAAB3RJTUUH0wUOEDEuduyVbwAAAAlwSFlzAAALEgAACxIB0t1+/AAAAVNJREFUeNpj/M9AHGAiUt2owoFRaMgIAYlIMqlQMUMo/z8ITIByRP78hwMRqNgECBei8AULVPQIXN0RqAjLGwgfYrW4B1R4DdzmLVDaQxjZ6v8roDwVuIkqMK3/ka3+/0MAKn4FKn4D5uof/5GtZmCPgEpsQHNDBDsDitVwt5tA+RZQ/pn/qFYj3PQEzHsC5WnA3QyPmQQU3+5AE0VYDTfDBcxzgQbik/8YVv93gMp9AbK/cEAD8T+m1TBb/oD8veEHhs0IE2GmxADZMRAmz4//WKxGkv3DA2Gm/MeqcA/Ujj1w1hHsCv/LQKQz/megRzyawgqIvAxMRwsuhbCEAEvGT3AphEUwNCU5IEv9R8lcUH9/wAxE5HAEgjccSBI8X3CbKOyBxAnhxm3i/w1IEgdQZFA98/+PCFydDKo6VKsZmGPQ0wgOq/+fgYvfQTORkeq1AgCIAvD7+THsDgAAAABJRU5ErkJggg==', + 'W' => 'iVBORw0KGgoAAAANSUhEUgAAACgAAAAoCAAAAACpleexAAAAFXRFWHRDcmVhdGlvbiBUaW1lAAfTBQ4QFhZRKnzkAAAAB3RJTUUH0wUOEDIR66frkQAAAAlwSFlzAAALEgAACxIB0t1+/AAAAXNJREFUeNrtlK1ywkAUhZdMZsJMKyIqKhAIBAKBiEBEVCDyCJV9iIo+Do9QGRERgUBEVCAqKhAIREVERURnTvfn3t27xSA6g+kOQ/ZkP/aec5NlBHXZSC7k/sE/AhUwoVkDPQ58/2RUQ2IC6B1XpN7MV8tg62/pUdjSDO7OwR2J0pbekpqZYlMG50bNSGwBDQ4pyV5YtCZ7mqZf1mO2IN2Jynba0XRx49pThjQCbEKWFfVRpIlBzlK4PuLdpxEWlTr4LHvYMEDOaTYS3HCW3DAJt8mmaSXYchZbOfEzkyYGZRbrEbX8qe7GMpLqFeyxV9F4fon1pwcxjxbqJpJTBPBJLoyHYSz1I3xq78aOMssepHZZHFjKhbX9/AZd6e9bsdABeyHTQXiE2PLO6PugCwiP/r1QVLYSlpXwKE1Wno7b7jY+hoWj0aegPyA9+jPrzgqwZJ0j8hhMVtElmDoD19FFPAvamc+sOXBm+KdYEzC63p/9D7Tr72kj/8qjAAAAAElFTkSuQmCC', + 'X' => 'iVBORw0KGgoAAAANSUhEUgAAACgAAAAoCAAAAACpleexAAAAFXRFWHRDcmVhdGlvbiBUaW1lAAfTBQ4QHi/G9n7kAAAAB3RJTUUH0wUOEDIXAsROpAAAAAlwSFlzAAALEgAACxIB0t1+/AAAAT9JREFUeNpj/M9AHGAiUt3IVhjKCAFr4RJroSKBMIH/YPBEAMITeQLh//8gAxHggQlAFf6fAdXnA+WnQPkT/qMp/O8AlVkA5h2A8kz+YCi8wQGREngA5PxQgXBYzvzHUPi/A2qIA5BdAmUX/Mei8I8BVHbK/wssEJbMB2wK/5+ASvPcgGlZ8x+rQriFAmghgKHwiwJKXPA8wKXw/x4UhT3/cSr8n4CkzuAPHoVvRODqWE6gyPxHTT1ffiAUCjCgAhRtDkgSFnisnoJixAScCh/wEBk8DmiucsChcA5MQQSMMQWrQlgiZ0iAByey5QiFPlBZnS//v+hgxjZc4QKYKVeAnCswby3AUAi3eAGKNoEn6Ap94A5EjXUfNIUrEA6EALgzl6AohCUGsAMhAOZMkTfICkMw3I5wZgiEyzicimYAFRFkVwgDfJ0AAAAASUVORK5CYII=', + 'Y' => 'iVBORw0KGgoAAAANSUhEUgAAACgAAAAoCAAAAACpleexAAAAFXRFWHRDcmVhdGlvbiBUaW1lAAfTBQ4QHjkyIsu1AAAAB3RJTUUH0wUOEDIkvRQvsgAAAAlwSFlzAAALEgAACxIB0t1+/AAAANJJREFUeNrt1L0NgzAQBWAcUVB6AAZgBAoKhmAICoZgCAoKxmAECkbwABSUlBRILwF8duwYhFJEihJ37+6T5T9g8K6N20X3FdDDNjKKOeTIqZLtWcKBU73bCx1lPhgQNTWieY1zRLmGCZFQp1xTSSmBDUUgW754BF+GQLxAPUkMxMb0FlzUsqpKLXhxQPRqo+oIerggCvuMC7jhFJounA4gWhO2OIL6Jp/uzglHrh0fTyAaDRucQaTkUpxDQVBYDWZ/hYze6bsv/A8/DNlP/kgvwzuer4kCMGPZDgAAAABJRU5ErkJggg==', + 'Z' => 'iVBORw0KGgoAAAANSUhEUgAAACgAAAAoCAAAAACpleexAAAAFXRFWHRDcmVhdGlvbiBUaW1lAAfTBQ4QHwfqWOdfAAAAB3RJTUUH0wUOEDIrLasyIwAAAAlwSFlzAAALEgAACxIB0t1+/AAAAL5JREFUeNrl1C0OwkAQBWCWQIJEVPQIFT0GAlHBMRBIBKIHqahAIDlERY9R0UOs3ORh5qVLunmp5GfUZvczbzKzDqtltV7ofgtueHCp16h33xBGwn0KYqoTO/J868Csaj418e0cPujOkLDfmTsECcfcXOGhoC/NZQMUDBUDd5DwxiAtJGzprpCw48xVQcIhM1d6KOgLc/kIBcORgXtIeGGQOyRs6Oq0g7P92YbkRE7bRZhcwhh+6nLF5f7yx30B8Z7FgxzMWtEAAAAASUVORK5CYII=', + ); + + return $_png; + } + + ?> \ No newline at end of file diff -crN phpbb203/includes/usercp_email.php phpbb2017/includes/usercp_email.php *** phpbb203/includes/usercp_email.php Sat Jul 10 20:16:19 2004 --- phpbb2017/includes/usercp_email.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: usercp_email.php,v 1.7.2.4 2002/08/03 22:24:13 psotfx Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: usercp_email.php,v 1.7.2.13 2003/06/06 18:02:15 acydburn Exp $ * * ***************************************************************************/ *************** *** 27,32 **** --- 27,38 ---- exit; } + // Is send through board enabled? No, return to index + if (!$board_config['board_email_form']) + { + redirect(append_sid("index.$phpEx", true)); + } + if ( !empty($HTTP_GET_VARS[POST_USERS_URL]) || !empty($HTTP_POST_VARS[POST_USERS_URL]) ) { $user_id = ( !empty($HTTP_GET_VARS[POST_USERS_URL]) ) ? intval($HTTP_GET_VARS[POST_USERS_URL]) : intval($HTTP_POST_VARS[POST_USERS_URL]); *************** *** 38,45 **** if ( !$userdata['session_logged_in'] ) { ! header('Location: ' . append_sid("login.$phpEx?redirect=profile.$phpEx&mode=email&" . POST_USERS_URL . "=$user_id", true)); ! exit; } $sql = "SELECT username, user_email, user_viewemail, user_lang --- 44,50 ---- if ( !$userdata['session_logged_in'] ) { ! redirect(append_sid("login.$phpEx?redirect=profile.$phpEx&mode=email&" . POST_USERS_URL . "=$user_id", true)); } $sql = "SELECT username, user_email, user_viewemail, user_lang *************** *** 94,101 **** include($phpbb_root_path . 'includes/emailer.'.$phpEx); $emailer = new emailer($board_config['smtp_delivery']); ! $email_headers = 'Return-Path: ' . $userdata['user_email'] . "\nFrom: " . $userdata['user_email'] . "\n"; ! $email_headers .= 'X-AntiAbuse: Board servername - ' . $server_name . "\n"; $email_headers .= 'X-AntiAbuse: User_id - ' . $userdata['user_id'] . "\n"; $email_headers .= 'X-AntiAbuse: Username - ' . $userdata['username'] . "\n"; $email_headers .= 'X-AntiAbuse: User IP - ' . decode_ip($user_ip) . "\n"; --- 99,108 ---- include($phpbb_root_path . 'includes/emailer.'.$phpEx); $emailer = new emailer($board_config['smtp_delivery']); ! $emailer->from($userdata['user_email']); ! $emailer->replyto($userdata['user_email']); ! ! $email_headers = 'X-AntiAbuse: Board servername - ' . $server_name . "\n"; $email_headers .= 'X-AntiAbuse: User_id - ' . $userdata['user_id'] . "\n"; $email_headers .= 'X-AntiAbuse: Username - ' . $userdata['username'] . "\n"; $email_headers .= 'X-AntiAbuse: User IP - ' . decode_ip($user_ip) . "\n"; *************** *** 117,127 **** if ( !empty($HTTP_POST_VARS['cc_email']) ) { ! $email_headers = 'Return-Path: ' . $userdata['user_email'] . "\nFrom: " . $userdata['user_email'] . "\n"; $emailer->use_template('profile_send_email'); $emailer->email_address($userdata['user_email']); $emailer->set_subject($subject); - $emailer->extra_headers($email_headers); $emailer->assign_vars(array( 'SITENAME' => $board_config['sitename'], --- 124,134 ---- if ( !empty($HTTP_POST_VARS['cc_email']) ) { ! $emailer->from($userdata['user_email']); ! $emailer->replyto($userdata['user_email']); $emailer->use_template('profile_send_email'); $emailer->email_address($userdata['user_email']); $emailer->set_subject($subject); $emailer->assign_vars(array( 'SITENAME' => $board_config['sitename'], *************** *** 170,176 **** $template->assign_vars(array( 'USERNAME' => $username, ! 'S_POST_ACTION' => append_sid("profile.$phpEx?&mode=email&" . POST_USERS_URL . "=$user_id"), 'L_SEND_EMAIL_MSG' => $lang['Send_email_msg'], 'L_RECIPIENT' => $lang['Recipient'], --- 177,184 ---- $template->assign_vars(array( 'USERNAME' => $username, ! 'S_HIDDEN_FIELDS' => '', ! 'S_POST_ACTION' => append_sid("profile.$phpEx?mode=email&" . POST_USERS_URL . "=$user_id"), 'L_SEND_EMAIL_MSG' => $lang['Send_email_msg'], 'L_RECIPIENT' => $lang['Recipient'], diff -crN phpbb203/includes/usercp_register.php phpbb2017/includes/usercp_register.php *** phpbb203/includes/usercp_register.php Sat Jul 10 20:16:19 2004 --- phpbb2017/includes/usercp_register.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: usercp_register.php,v 1.20.2.20 2002/09/20 11:40:38 psotfx Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: usercp_register.php,v 1.20.2.61 2005/06/26 12:03:44 acydburn Exp $ * * ***************************************************************************/ *************** *** 21,39 **** * ***************************************************************************/ if ( !defined('IN_PHPBB') ) { die("Hacking attempt"); exit; } // --------------------------------------- // Load agreement template since user has not yet // agreed to registration conditions/coppa // function show_coppa() { ! global $template, $lang, $phpbb_root_path, $phpEx; $template->set_filenames(array( 'body' => 'agreement.tpl') --- 21,55 ---- * ***************************************************************************/ + /* + + This code has been modified from its original form by psoTFX @ phpbb.com + Changes introduce the back-ported phpBB 2.2 visual confirmation code. + + NOTE: Anyone using the modified code contained within this script MUST include + a relevant message such as this in usercp_register.php ... failure to do so + will affect a breach of Section 2a of the GPL and our copyright + + png visual confirmation system : (c) phpBB Group, 2003 : All Rights Reserved + + */ + if ( !defined('IN_PHPBB') ) { die("Hacking attempt"); exit; } + $unhtml_specialchars_match = array('#>#', '#<#', '#"#', '#&#'); + $unhtml_specialchars_replace = array('>', '<', '"', '&'); + // --------------------------------------- // Load agreement template since user has not yet // agreed to registration conditions/coppa // function show_coppa() { ! global $userdata, $template, $lang, $phpbb_root_path, $phpEx; $template->set_filenames(array( 'body' => 'agreement.tpl') *************** *** 87,102 **** if ( $mode == 'editprofile' ) { $user_id = intval($HTTP_POST_VARS['user_id']); ! $current_email = trim(strip_tags(htmlspecialchars($HTTP_POST_VARS['current_email']))); } $strip_var_list = array('username' => 'username', 'email' => 'email', 'icq' => 'icq', 'aim' => 'aim', 'msn' => 'msn', 'yim' => 'yim', 'website' => 'website', 'location' => 'location', 'occupation' => 'occupation', 'interests' => 'interests'); while( list($var, $param) = @each($strip_var_list) ) { if ( !empty($HTTP_POST_VARS[$param]) ) { ! $$var = trim(strip_tags($HTTP_POST_VARS[$param])); } } --- 103,122 ---- if ( $mode == 'editprofile' ) { $user_id = intval($HTTP_POST_VARS['user_id']); ! $current_email = trim(htmlspecialchars($HTTP_POST_VARS['current_email'])); } $strip_var_list = array('username' => 'username', 'email' => 'email', 'icq' => 'icq', 'aim' => 'aim', 'msn' => 'msn', 'yim' => 'yim', 'website' => 'website', 'location' => 'location', 'occupation' => 'occupation', 'interests' => 'interests'); + $strip_var_list['confirm_code'] = 'confirm_code'; + // Strip all tags from data ... may p**s some people off, bah, strip_tags is + // doing the job but can still break HTML output ... have no choice, have + // to use htmlspecialchars ... be prepared to be moaned at. while( list($var, $param) = @each($strip_var_list) ) { if ( !empty($HTTP_POST_VARS[$param]) ) { ! $$var = trim(htmlspecialchars($HTTP_POST_VARS[$param])); } } *************** *** 110,117 **** } } - $username = str_replace(' ', '', $username); - $email = htmlspecialchars($email); $signature = str_replace('
', "\n", $signature); // Run some validation on the optional fields. These are pass-by-ref, so they'll be changed to --- 130,135 ---- *************** *** 122,128 **** $allowviewonline = ( isset($HTTP_POST_VARS['hideonline']) ) ? ( ($HTTP_POST_VARS['hideonline']) ? 0 : TRUE ) : TRUE; $notifyreply = ( isset($HTTP_POST_VARS['notifyreply']) ) ? ( ($HTTP_POST_VARS['notifyreply']) ? TRUE : 0 ) : 0; $notifypm = ( isset($HTTP_POST_VARS['notifypm']) ) ? ( ($HTTP_POST_VARS['notifypm']) ? TRUE : 0 ) : TRUE; ! $popuppm = ( isset($HTTP_POST_VARS['popup_pm']) ) ? ( ($HTTP_POST_VARS['popup_pm']) ? TRUE : 0 ) : TRUE; if ( $mode == 'register' ) { --- 140,146 ---- $allowviewonline = ( isset($HTTP_POST_VARS['hideonline']) ) ? ( ($HTTP_POST_VARS['hideonline']) ? 0 : TRUE ) : TRUE; $notifyreply = ( isset($HTTP_POST_VARS['notifyreply']) ) ? ( ($HTTP_POST_VARS['notifyreply']) ? TRUE : 0 ) : 0; $notifypm = ( isset($HTTP_POST_VARS['notifypm']) ) ? ( ($HTTP_POST_VARS['notifypm']) ? TRUE : 0 ) : TRUE; ! $popup_pm = ( isset($HTTP_POST_VARS['popup_pm']) ) ? ( ($HTTP_POST_VARS['popup_pm']) ? TRUE : 0 ) : TRUE; if ( $mode == 'register' ) { *************** *** 138,144 **** $allowhtml = ( isset($HTTP_POST_VARS['allowhtml']) ) ? ( ($HTTP_POST_VARS['allowhtml']) ? TRUE : 0 ) : $userdata['user_allowhtml']; $allowbbcode = ( isset($HTTP_POST_VARS['allowbbcode']) ) ? ( ($HTTP_POST_VARS['allowbbcode']) ? TRUE : 0 ) : $userdata['user_allowbbcode']; ! $allowsmilies = ( isset($HTTP_POST_VARS['allowsmilies']) ) ? ( ($HTTP_POST_VARS['allowsmilies']) ? TRUE : 0 ) : $userdata['user_allowsmiles']; } $user_style = ( isset($HTTP_POST_VARS['style']) ) ? intval($HTTP_POST_VARS['style']) : $board_config['default_style']; --- 156,162 ---- $allowhtml = ( isset($HTTP_POST_VARS['allowhtml']) ) ? ( ($HTTP_POST_VARS['allowhtml']) ? TRUE : 0 ) : $userdata['user_allowhtml']; $allowbbcode = ( isset($HTTP_POST_VARS['allowbbcode']) ) ? ( ($HTTP_POST_VARS['allowbbcode']) ? TRUE : 0 ) : $userdata['user_allowbbcode']; ! $allowsmilies = ( isset($HTTP_POST_VARS['allowsmilies']) ) ? ( ($HTTP_POST_VARS['allowsmilies']) ? TRUE : 0 ) : $userdata['user_allowsmile']; } $user_style = ( isset($HTTP_POST_VARS['style']) ) ? intval($HTTP_POST_VARS['style']) : $board_config['default_style']; *************** *** 147,153 **** { if ( preg_match('/^[a-z_]+$/i', $HTTP_POST_VARS['language']) ) { ! $user_lang = $HTTP_POST_VARS['language']; } else { --- 165,171 ---- { if ( preg_match('/^[a-z_]+$/i', $HTTP_POST_VARS['language']) ) { ! $user_lang = htmlspecialchars($HTTP_POST_VARS['language']); } else { *************** *** 161,167 **** } $user_timezone = ( isset($HTTP_POST_VARS['timezone']) ) ? doubleval($HTTP_POST_VARS['timezone']) : $board_config['board_timezone']; ! $user_dateformat = ( !empty($HTTP_POST_VARS['dateformat']) ) ? trim($HTTP_POST_VARS['dateformat']) : $board_config['default_dateformat']; $user_avatar_local = ( isset($HTTP_POST_VARS['avatarselect']) && !empty($HTTP_POST_VARS['submitavatar']) && $board_config['allow_avatar_local'] ) ? htmlspecialchars($HTTP_POST_VARS['avatarselect']) : ( ( isset($HTTP_POST_VARS['avatarlocal']) ) ? htmlspecialchars($HTTP_POST_VARS['avatarlocal']) : '' ); --- 179,195 ---- } $user_timezone = ( isset($HTTP_POST_VARS['timezone']) ) ? doubleval($HTTP_POST_VARS['timezone']) : $board_config['board_timezone']; ! ! $sql = "SELECT config_value ! FROM " . CONFIG_TABLE . " ! WHERE config_name = 'default_dateformat'"; ! if ( !($result = $db->sql_query($sql)) ) ! { ! message_die(GENERAL_ERROR, 'Could not select default dateformat', '', __LINE__, __FILE__, $sql); ! } ! $row = $db->sql_fetchrow($result); ! $board_config['default_dateformat'] = $row['config_value']; ! $user_dateformat = ( !empty($HTTP_POST_VARS['dateformat']) ) ? trim(htmlspecialchars($HTTP_POST_VARS['dateformat'])) : $board_config['default_dateformat']; $user_avatar_local = ( isset($HTTP_POST_VARS['avatarselect']) && !empty($HTTP_POST_VARS['submitavatar']) && $board_config['allow_avatar_local'] ) ? htmlspecialchars($HTTP_POST_VARS['avatarselect']) : ( ( isset($HTTP_POST_VARS['avatarlocal']) ) ? htmlspecialchars($HTTP_POST_VARS['avatarlocal']) : '' ); *************** *** 178,186 **** { $username = stripslashes($username); $email = stripslashes($email); ! $cur_password = stripslashes($cur_password); ! $new_password = stripslashes($new_password); ! $password_confirm = stripslashes($password_confirm); $icq = stripslashes($icq); $aim = stripslashes($aim); --- 206,214 ---- { $username = stripslashes($username); $email = stripslashes($email); ! $cur_password = htmlspecialchars(stripslashes($cur_password)); ! $new_password = htmlspecialchars(stripslashes($new_password)); ! $password_confirm = htmlspecialchars(stripslashes($password_confirm)); $icq = stripslashes($icq); $aim = stripslashes($aim); *************** *** 200,225 **** { $user_avatar = $user_avatar_local; $user_avatar_type = USER_AVATAR_GALLERY; - - if ( $userdata['user_avatar_type'] == USER_AVATAR_UPLOAD && @file_exists('./' . $board_config['avatar_path'] . '/' . $userdata['user_avatar']) ) - { - @unlink('./' . $board_config['avatar_path'] . '/' . $userdata['user_avatar']); - } - } } } // // Let's make sure the user isn't logged in while registering, // and ensure that they were trying to register a second time // (Prevents double registrations) // ! if ( $userdata['session_logged_in'] && $mode =="register" && $username == $userdata['username']) { message_die(GENERAL_MESSAGE, $lang['Username_taken'], '', __LINE__, __FILE__); } - // // Did the user submit? In this case build a query to update the users profile in the DB // --- 228,247 ---- { $user_avatar = $user_avatar_local; $user_avatar_type = USER_AVATAR_GALLERY; } } } + // // Let's make sure the user isn't logged in while registering, // and ensure that they were trying to register a second time // (Prevents double registrations) // ! if ($mode == 'register' && ($userdata['session_logged_in'] || $username == $userdata['username'])) { message_die(GENERAL_MESSAGE, $lang['Username_taken'], '', __LINE__, __FILE__); } // // Did the user submit? In this case build a query to update the users profile in the DB // *************** *** 243,249 **** --- 265,321 ---- $error = TRUE; $error_msg .= ( ( isset($error_msg) ) ? '
' : '' ) . $lang['Fields_empty']; } + } + if ($board_config['enable_confirm'] && $mode == 'register') + { + if (empty($HTTP_POST_VARS['confirm_id'])) + { + $error = TRUE; + $error_msg .= ( ( isset($error_msg) ) ? '
' : '' ) . $lang['Confirm_code_wrong']; + } + else + { + $confirm_id = htmlspecialchars($HTTP_POST_VARS['confirm_id']); + if (!preg_match('/^[A-Za-z0-9]+$/', $confirm_id)) + { + $confirm_id = ''; + } + + $sql = 'SELECT code + FROM ' . CONFIRM_TABLE . " + WHERE confirm_id = '$confirm_id' + AND session_id = '" . $userdata['session_id'] . "'"; + if (!($result = $db->sql_query($sql))) + { + message_die(GENERAL_ERROR, 'Could not obtain confirmation code', __LINE__, __FILE__, $sql); + } + + if ($row = $db->sql_fetchrow($result)) + { + if ($row['code'] != $confirm_code) + { + $error = TRUE; + $error_msg .= ( ( isset($error_msg) ) ? '
' : '' ) . $lang['Confirm_code_wrong']; + } + else + { + $sql = 'DELETE FROM ' . CONFIRM_TABLE . " + WHERE confirm_id = '$confirm_id' + AND session_id = '" . $userdata['session_id'] . "'"; + if (!$db->sql_query($sql)) + { + message_die(GENERAL_ERROR, 'Could not delete confirmation code', __LINE__, __FILE__, $sql); + } + } + } + else + { + $error = TRUE; + $error_msg .= ( ( isset($error_msg) ) ? '
' : '' ) . $lang['Confirm_code_wrong']; + } + $db->sql_freeresult($result); + } } $passwd_sql = ''; *************** *** 334,351 **** { if ( empty($username) ) { $error = TRUE; - $error_msg .= ( ( isset($error_msg) ) ? '
' : '' ) . $lang['Username_disallowed']; } ! else if ( $username != $userdata['username'] || $mode == 'register' ) { ! $result = validate_username($username); ! if ( $result['error'] ) { ! $error = TRUE; ! $error_msg .= ( ( isset($error_msg) ) ? '
' : '' ) . $result['error_msg']; } ! else { $username_sql = "username = '" . str_replace("\'", "''", $username) . "', "; } --- 406,427 ---- { if ( empty($username) ) { + // Error is already triggered, since one field is empty. $error = TRUE; } ! else if ( $username != $userdata['username'] || $mode == 'register') { ! if (strtolower($username) != strtolower($userdata['username']) || $mode == 'register') { ! $result = validate_username($username); ! if ( $result['error'] ) ! { ! $error = TRUE; ! $error_msg .= ( ( isset($error_msg) ) ? '
' : '' ) . $result['error_msg']; ! } } ! ! if (!$error) { $username_sql = "username = '" . str_replace("\'", "''", $username) . "', "; } *************** *** 372,386 **** rawurlencode($website); } if ( isset($HTTP_POST_VARS['avatardel']) && $mode == 'editprofile' ) { $avatar_sql = user_avatar_delete($userdata['user_avatar_type'], $userdata['user_avatar']); } ! else if ( ( !empty($user_avatar_upload) || !empty($user_avatar_name) ) && $board_config['allow_avatar_upload'] ) { if ( !empty($user_avatar_upload) ) { ! $avatar_mode = ( !empty($user_avatar_name) ) ? 'local' : 'remote'; $avatar_sql = user_avatar_upload($mode, $avatar_mode, $userdata['user_avatar'], $userdata['user_avatar_type'], $error, $error_msg, $user_avatar_upload, $user_avatar_name, $user_avatar_size, $user_avatar_filetype); } else if ( !empty($user_avatar_name) ) --- 448,465 ---- rawurlencode($website); } + $avatar_sql = ''; + if ( isset($HTTP_POST_VARS['avatardel']) && $mode == 'editprofile' ) { $avatar_sql = user_avatar_delete($userdata['user_avatar_type'], $userdata['user_avatar']); } ! else ! if ( ( !empty($user_avatar_upload) || !empty($user_avatar_name) ) && $board_config['allow_avatar_upload'] ) { if ( !empty($user_avatar_upload) ) { ! $avatar_mode = (empty($user_avatar_name)) ? 'remote' : 'local'; $avatar_sql = user_avatar_upload($mode, $avatar_mode, $userdata['user_avatar'], $userdata['user_avatar_type'], $error, $error_msg, $user_avatar_upload, $user_avatar_name, $user_avatar_size, $user_avatar_filetype); } else if ( !empty($user_avatar_name) ) *************** *** 393,408 **** } else if ( $user_avatar_remoteurl != '' && $board_config['allow_avatar_remote'] ) { $avatar_sql = user_avatar_url($mode, $error, $error_msg, $user_avatar_remoteurl); } else if ( $user_avatar_local != '' && $board_config['allow_avatar_local'] ) { $avatar_sql = user_avatar_gallery($mode, $error, $error_msg, $user_avatar_local); } - else - { - $avatar_sql = ''; - } if ( !$error ) { --- 472,491 ---- } else if ( $user_avatar_remoteurl != '' && $board_config['allow_avatar_remote'] ) { + if ( @file_exists(@phpbb_realpath('./' . $board_config['avatar_path'] . '/' . $userdata['user_avatar'])) ) + { + @unlink(@phpbb_realpath('./' . $board_config['avatar_path'] . '/' . $userdata['user_avatar'])); + } $avatar_sql = user_avatar_url($mode, $error, $error_msg, $user_avatar_remoteurl); } else if ( $user_avatar_local != '' && $board_config['allow_avatar_local'] ) { + if ( @file_exists(@phpbb_realpath('./' . $board_config['avatar_path'] . '/' . $userdata['user_avatar'])) ) + { + @unlink(@phpbb_realpath('./' . $board_config['avatar_path'] . '/' . $userdata['user_avatar'])); + } $avatar_sql = user_avatar_gallery($mode, $error, $error_msg, $user_avatar_local); } if ( !$error ) { *************** *** 434,440 **** } $sql = "UPDATE " . USERS_TABLE . " ! SET " . $username_sql . $passwd_sql . "user_email = '" . str_replace("\'", "''", $email) ."', user_icq = '" . str_replace("\'", "''", $icq) . "', user_website = '" . str_replace("\'", "''", $website) . "', user_occ = '" . str_replace("\'", "''", $occupation) . "', user_from = '" . str_replace("\'", "''", $location) . "', user_interests = '" . str_replace("\'", "''", $interests) . "', user_sig = '" . str_replace("\'", "''", $signature) . "', user_sig_bbcode_uid = '$signature_bbcode_uid', user_viewemail = $viewemail, user_aim = '" . str_replace("\'", "''", str_replace(' ', '+', $aim)) . "', user_yim = '" . str_replace("\'", "''", $yim) . "', user_msnm = '" . str_replace("\'", "''", $msn) . "', user_attachsig = $attachsig, user_allowsmile = $allowsmilies, user_allowhtml = $allowhtml, user_allowbbcode = $allowbbcode, user_allow_viewonline = $allowviewonline, user_notify = $notifyreply, user_notify_pm = $notifypm, user_popup_pm = $popuppm, user_timezone = $user_timezone, user_dateformat = '" . str_replace("\'", "''", $user_dateformat) . "', user_lang = '" . str_replace("\'", "''", $user_lang) . "', user_style = $user_style, user_active = $user_active, user_actkey = '" . str_replace("\'", "''", $user_actkey) . "'" . $avatar_sql . " WHERE user_id = $user_id"; if ( !($result = $db->sql_query($sql)) ) { --- 517,523 ---- } $sql = "UPDATE " . USERS_TABLE . " ! SET " . $username_sql . $passwd_sql . "user_email = '" . str_replace("\'", "''", $email) ."', user_icq = '" . str_replace("\'", "''", $icq) . "', user_website = '" . str_replace("\'", "''", $website) . "', user_occ = '" . str_replace("\'", "''", $occupation) . "', user_from = '" . str_replace("\'", "''", $location) . "', user_interests = '" . str_replace("\'", "''", $interests) . "', user_sig = '" . str_replace("\'", "''", $signature) . "', user_sig_bbcode_uid = '$signature_bbcode_uid', user_viewemail = $viewemail, user_aim = '" . str_replace("\'", "''", str_replace(' ', '+', $aim)) . "', user_yim = '" . str_replace("\'", "''", $yim) . "', user_msnm = '" . str_replace("\'", "''", $msn) . "', user_attachsig = $attachsig, user_allowsmile = $allowsmilies, user_allowhtml = $allowhtml, user_allowbbcode = $allowbbcode, user_allow_viewonline = $allowviewonline, user_notify = $notifyreply, user_notify_pm = $notifypm, user_popup_pm = $popup_pm, user_timezone = $user_timezone, user_dateformat = '" . str_replace("\'", "''", $user_dateformat) . "', user_lang = '" . str_replace("\'", "''", $user_lang) . "', user_style = $user_style, user_active = $user_active, user_actkey = '" . str_replace("\'", "''", $user_actkey) . "'" . $avatar_sql . " WHERE user_id = $user_id"; if ( !($result = $db->sql_query($sql)) ) { *************** *** 449,465 **** include($phpbb_root_path . 'includes/emailer.'.$phpEx); $emailer = new emailer($board_config['smtp_delivery']); ! $email_headers = "From: " . $board_config['board_email'] . "\nReturn-Path: " . $board_config['board_email'] . "\n"; $emailer->use_template('user_activate', stripslashes($user_lang)); $emailer->email_address($email); ! $emailer->set_subject();//$lang['Reactivate'] ! $emailer->extra_headers($email_headers); $emailer->assign_vars(array( 'SITENAME' => $board_config['sitename'], ! 'USERNAME' => $username, ! 'EMAIL_SIG' => str_replace('
', "\n", "-- \n" . $board_config['board_email_sig']), 'U_ACTIVATE' => $server_url . '?mode=activate&' . POST_USERS_URL . '=' . $user_id . '&act_key=' . $user_actkey) ); --- 532,548 ---- include($phpbb_root_path . 'includes/emailer.'.$phpEx); $emailer = new emailer($board_config['smtp_delivery']); ! $emailer->from($board_config['board_email']); ! $emailer->replyto($board_config['board_email']); $emailer->use_template('user_activate', stripslashes($user_lang)); $emailer->email_address($email); ! $emailer->set_subject($lang['Reactivate']); $emailer->assign_vars(array( 'SITENAME' => $board_config['sitename'], ! 'USERNAME' => preg_replace($unhtml_specialchars_match, $unhtml_specialchars_replace, substr(str_replace("\'", "'", $username), 0, 25)), ! 'EMAIL_SIG' => (!empty($board_config['board_email_sig'])) ? str_replace('
', "\n", "-- \n" . $board_config['board_email_sig']) : '', 'U_ACTIVATE' => $server_url . '?mode=activate&' . POST_USERS_URL . '=' . $user_id . '&act_key=' . $user_actkey) ); *************** *** 498,504 **** // Get current date // $sql = "INSERT INTO " . USERS_TABLE . " (user_id, username, user_regdate, user_password, user_email, user_icq, user_website, user_occ, user_from, user_interests, user_sig, user_sig_bbcode_uid, user_avatar, user_avatar_type, user_viewemail, user_aim, user_yim, user_msnm, user_attachsig, user_allowsmile, user_allowhtml, user_allowbbcode, user_allow_viewonline, user_notify, user_notify_pm, user_popup_pm, user_timezone, user_dateformat, user_lang, user_style, user_level, user_allow_pm, user_active, user_actkey) ! VALUES ($user_id, '" . str_replace("\'", "''", $username) . "', " . time() . ", '" . str_replace("\'", "''", $new_password) . "', '" . str_replace("\'", "''", $email) . "', '" . str_replace("\'", "''", $icq) . "', '" . str_replace("\'", "''", $website) . "', '" . str_replace("\'", "''", $occupation) . "', '" . str_replace("\'", "''", $location) . "', '" . str_replace("\'", "''", $interests) . "', '" . str_replace("\'", "''", $signature) . "', '$signature_bbcode_uid', $avatar_sql, $viewemail, '" . str_replace("\'", "''", str_replace(' ', '+', $aim)) . "', '" . str_replace("\'", "''", $yim) . "', '" . str_replace("\'", "''", $msn) . "', $attachsig, $allowsmilies, $allowhtml, $allowbbcode, $allowviewonline, $notifyreply, $notifypm, $popuppm, $user_timezone, '" . str_replace("\'", "''", $user_dateformat) . "', '" . str_replace("\'", "''", $user_lang) . "', $user_style, 0, 1, "; if ( $board_config['require_activation'] == USER_ACTIVATION_SELF || $board_config['require_activation'] == USER_ACTIVATION_ADMIN || $coppa ) { $user_actkey = gen_rand_string(true); --- 581,587 ---- // Get current date // $sql = "INSERT INTO " . USERS_TABLE . " (user_id, username, user_regdate, user_password, user_email, user_icq, user_website, user_occ, user_from, user_interests, user_sig, user_sig_bbcode_uid, user_avatar, user_avatar_type, user_viewemail, user_aim, user_yim, user_msnm, user_attachsig, user_allowsmile, user_allowhtml, user_allowbbcode, user_allow_viewonline, user_notify, user_notify_pm, user_popup_pm, user_timezone, user_dateformat, user_lang, user_style, user_level, user_allow_pm, user_active, user_actkey) ! VALUES ($user_id, '" . str_replace("\'", "''", $username) . "', " . time() . ", '" . str_replace("\'", "''", $new_password) . "', '" . str_replace("\'", "''", $email) . "', '" . str_replace("\'", "''", $icq) . "', '" . str_replace("\'", "''", $website) . "', '" . str_replace("\'", "''", $occupation) . "', '" . str_replace("\'", "''", $location) . "', '" . str_replace("\'", "''", $interests) . "', '" . str_replace("\'", "''", $signature) . "', '$signature_bbcode_uid', $avatar_sql, $viewemail, '" . str_replace("\'", "''", str_replace(' ', '+', $aim)) . "', '" . str_replace("\'", "''", $yim) . "', '" . str_replace("\'", "''", $msn) . "', $attachsig, $allowsmilies, $allowhtml, $allowbbcode, $allowviewonline, $notifyreply, $notifypm, $popup_pm, $user_timezone, '" . str_replace("\'", "''", $user_dateformat) . "', '" . str_replace("\'", "''", $user_lang) . "', $user_style, 0, 1, "; if ( $board_config['require_activation'] == USER_ACTIVATION_SELF || $board_config['require_activation'] == USER_ACTIVATION_ADMIN || $coppa ) { $user_actkey = gen_rand_string(true); *************** *** 557,575 **** include($phpbb_root_path . 'includes/emailer.'.$phpEx); $emailer = new emailer($board_config['smtp_delivery']); ! $email_headers = "From: " . $board_config['board_email'] . "\nReturn-Path: " . $board_config['board_email'] . "\n"; $emailer->use_template($email_template, stripslashes($user_lang)); $emailer->email_address($email); ! $emailer->set_subject();//sprintf($lang['Welcome_subject'], $board_config['sitename']) ! $emailer->extra_headers($email_headers); if( $coppa ) { $emailer->assign_vars(array( 'SITENAME' => $board_config['sitename'], 'WELCOME_MSG' => sprintf($lang['Welcome_subject'], $board_config['sitename']), ! 'USERNAME' => $username, 'PASSWORD' => $password_confirm, 'EMAIL_SIG' => str_replace('
', "\n", "-- \n" . $board_config['board_email_sig']), --- 640,658 ---- include($phpbb_root_path . 'includes/emailer.'.$phpEx); $emailer = new emailer($board_config['smtp_delivery']); ! $emailer->from($board_config['board_email']); ! $emailer->replyto($board_config['board_email']); $emailer->use_template($email_template, stripslashes($user_lang)); $emailer->email_address($email); ! $emailer->set_subject(sprintf($lang['Welcome_subject'], $board_config['sitename'])); if( $coppa ) { $emailer->assign_vars(array( 'SITENAME' => $board_config['sitename'], 'WELCOME_MSG' => sprintf($lang['Welcome_subject'], $board_config['sitename']), ! 'USERNAME' => preg_replace($unhtml_specialchars_match, $unhtml_specialchars_replace, substr(str_replace("\'", "'", $username), 0, 25)), 'PASSWORD' => $password_confirm, 'EMAIL_SIG' => str_replace('
', "\n", "-- \n" . $board_config['board_email_sig']), *************** *** 591,597 **** $emailer->assign_vars(array( 'SITENAME' => $board_config['sitename'], 'WELCOME_MSG' => sprintf($lang['Welcome_subject'], $board_config['sitename']), ! 'USERNAME' => $username, 'PASSWORD' => $password_confirm, 'EMAIL_SIG' => str_replace('
', "\n", "-- \n" . $board_config['board_email_sig']), --- 674,680 ---- $emailer->assign_vars(array( 'SITENAME' => $board_config['sitename'], 'WELCOME_MSG' => sprintf($lang['Welcome_subject'], $board_config['sitename']), ! 'USERNAME' => preg_replace($unhtml_specialchars_match, $unhtml_specialchars_replace, substr(str_replace("\'", "'", $username), 0, 25)), 'PASSWORD' => $password_confirm, 'EMAIL_SIG' => str_replace('
', "\n", "-- \n" . $board_config['board_email_sig']), *************** *** 604,623 **** if ( $board_config['require_activation'] == USER_ACTIVATION_ADMIN ) { ! //$emailer->use_template("admin_activate", stripslashes($user_lang)); ! $emailer->use_template("admin_activate", $board_config['default_lang']); ! $emailer->email_address($board_config['board_email']); ! $emailer->set_subject(); //$lang['New_account_subject'] ! $emailer->extra_headers($email_headers); ! ! $emailer->assign_vars(array( ! 'USERNAME' => $username, ! 'EMAIL_SIG' => str_replace('
', "\n", "-- \n" . $board_config['board_email_sig']), ! ! 'U_ACTIVATE' => $server_url . '?mode=activate&' . POST_USERS_URL . '=' . $user_id . '&act_key=' . $user_actkey) ! ); ! $emailer->send(); ! $emailer->reset(); } $message = $message . '

' . sprintf($lang['Click_return_index'], '', ''); --- 687,720 ---- if ( $board_config['require_activation'] == USER_ACTIVATION_ADMIN ) { ! $sql = "SELECT user_email, user_lang ! FROM " . USERS_TABLE . " ! WHERE user_level = " . ADMIN; ! ! if ( !($result = $db->sql_query($sql)) ) ! { ! message_die(GENERAL_ERROR, 'Could not select Administrators', '', __LINE__, __FILE__, $sql); ! } ! ! while ($row = $db->sql_fetchrow($result)) ! { ! $emailer->from($board_config['board_email']); ! $emailer->replyto($board_config['board_email']); ! ! $emailer->email_address(trim($row['user_email'])); ! $emailer->use_template("admin_activate", $row['user_lang']); ! $emailer->set_subject($lang['New_account_subject']); ! ! $emailer->assign_vars(array( ! 'USERNAME' => preg_replace($unhtml_specialchars_match, $unhtml_specialchars_replace, substr(str_replace("\'", "'", $username), 0, 25)), ! 'EMAIL_SIG' => str_replace('
', "\n", "-- \n" . $board_config['board_email_sig']), ! ! 'U_ACTIVATE' => $server_url . '?mode=activate&' . POST_USERS_URL . '=' . $user_id . '&act_key=' . $user_actkey) ! ); ! $emailer->send(); ! $emailer->reset(); ! } ! $db->sql_freeresult($result); } $message = $message . '

' . sprintf($lang['Click_return_index'], '', ''); *************** *** 639,654 **** $password_confirm = ''; $icq = stripslashes($icq); ! $aim = htmlspecialchars(str_replace('+', ' ', stripslashes($aim))); ! $msn = htmlspecialchars(stripslashes($msn)); ! $yim = htmlspecialchars(stripslashes($yim)); ! ! $website = htmlspecialchars(stripslashes($website)); ! $location = htmlspecialchars(stripslashes($location)); ! $occupation = htmlspecialchars(stripslashes($occupation)); ! $interests = htmlspecialchars(stripslashes($interests)); $signature = stripslashes($signature); ! $signature = ( $signature_bbcode_uid != '' ) ? preg_replace("/:(([a-z0-9]+:)?)$signature_bbcode_uid\]/si", ']', $signature) : $signature; $user_lang = stripslashes($user_lang); $user_dateformat = stripslashes($user_dateformat); --- 736,751 ---- $password_confirm = ''; $icq = stripslashes($icq); ! $aim = str_replace('+', ' ', stripslashes($aim)); ! $msn = stripslashes($msn); ! $yim = stripslashes($yim); ! ! $website = stripslashes($website); ! $location = stripslashes($location); ! $occupation = stripslashes($occupation); ! $interests = stripslashes($interests); $signature = stripslashes($signature); ! $signature = ($signature_bbcode_uid != '') ? preg_replace("/:(([a-z0-9]+:)?)$signature_bbcode_uid(=|\])/si", '\\3', $signature) : $signature; $user_lang = stripslashes($user_lang); $user_dateformat = stripslashes($user_dateformat); *************** *** 657,682 **** else if ( $mode == 'editprofile' && !isset($HTTP_POST_VARS['avatargallery']) && !isset($HTTP_POST_VARS['submitavatar']) && !isset($HTTP_POST_VARS['cancelavatar']) ) { $user_id = $userdata['user_id']; ! $username = htmlspecialchars($userdata['username']); $email = $userdata['user_email']; $new_password = ''; $password_confirm = ''; $icq = $userdata['user_icq']; ! $aim = htmlspecialchars(str_replace('+', ' ', $userdata['user_aim'])); ! $msn = htmlspecialchars($userdata['user_msnm']); ! $yim = htmlspecialchars($userdata['user_yim']); ! ! $website = htmlspecialchars($userdata['user_website']); ! $location = htmlspecialchars($userdata['user_from']); ! $occupation = htmlspecialchars($userdata['user_occ']); ! $interests = htmlspecialchars($userdata['user_interests']); $signature_bbcode_uid = $userdata['user_sig_bbcode_uid']; ! $signature = ( $signature_bbcode_uid != '' ) ? preg_replace("/:(([a-z0-9]+:)?)$signature_bbcode_uid\]/si", ']', $userdata['user_sig']) : $userdata['user_sig']; $viewemail = $userdata['user_viewemail']; $notifypm = $userdata['user_notify_pm']; ! $popuppm = $userdata['user_popup_pm']; $notifyreply = $userdata['user_notify']; $attachsig = $userdata['user_attachsig']; $allowhtml = $userdata['user_allowhtml']; --- 754,779 ---- else if ( $mode == 'editprofile' && !isset($HTTP_POST_VARS['avatargallery']) && !isset($HTTP_POST_VARS['submitavatar']) && !isset($HTTP_POST_VARS['cancelavatar']) ) { $user_id = $userdata['user_id']; ! $username = $userdata['username']; $email = $userdata['user_email']; $new_password = ''; $password_confirm = ''; $icq = $userdata['user_icq']; ! $aim = str_replace('+', ' ', $userdata['user_aim']); ! $msn = $userdata['user_msnm']; ! $yim = $userdata['user_yim']; ! ! $website = $userdata['user_website']; ! $location = $userdata['user_from']; ! $occupation = $userdata['user_occ']; ! $interests = $userdata['user_interests']; $signature_bbcode_uid = $userdata['user_sig_bbcode_uid']; ! $signature = ($signature_bbcode_uid != '') ? preg_replace("/:(([a-z0-9]+:)?)$signature_bbcode_uid(=|\])/si", '\\3', $userdata['user_sig']) : $userdata['user_sig']; $viewemail = $userdata['user_viewemail']; $notifypm = $userdata['user_notify_pm']; ! $popup_pm = $userdata['user_popup_pm']; $notifyreply = $userdata['user_notify']; $attachsig = $userdata['user_attachsig']; $allowhtml = $userdata['user_allowhtml']; *************** *** 713,719 **** { include($phpbb_root_path . 'includes/usercp_avatar.'.$phpEx); ! $avatar_category = ( !empty($HTTP_POST_VARS['avatarcategory']) ) ? $HTTP_POST_VARS['avatarcategory'] : ''; $template->set_filenames(array( 'body' => 'profile_avatar_gallery.tpl') --- 810,816 ---- { include($phpbb_root_path . 'includes/usercp_avatar.'.$phpEx); ! $avatar_category = ( !empty($HTTP_POST_VARS['avatarcategory']) ) ? htmlspecialchars($HTTP_POST_VARS['avatarcategory']) : ''; $template->set_filenames(array( 'body' => 'profile_avatar_gallery.tpl') *************** *** 721,727 **** $allowviewonline = !$allowviewonline; ! display_avatar_gallery($mode, $avatar_category, $user_id, $email, $current_email, $coppa, $username, $email, &$new_password, &$cur_password, $password_confirm, $icq, $aim, $msn, $yim, $website, $location, $occupation, $interests, $signature, $viewemail, $notifypm, $popuppm, $notifyreply, $attachsig, $allowhtml, $allowbbcode, $allowsmilies, $allowviewonline, $user_style, $user_lang, $user_timezone, $user_dateformat); } else { --- 818,824 ---- $allowviewonline = !$allowviewonline; ! display_avatar_gallery($mode, $avatar_category, $user_id, $email, $current_email, $coppa, $username, $email, &$new_password, &$cur_password, $password_confirm, $icq, $aim, $msn, $yim, $website, $location, $occupation, $interests, $signature, $viewemail, $notifypm, $popup_pm, $notifyreply, $attachsig, $allowhtml, $allowbbcode, $allowsmilies, $allowviewonline, $user_style, $user_lang, $user_timezone, $user_dateformat, $userdata['session_id']); } else { *************** *** 794,799 **** --- 891,982 ---- $template->assign_block_vars('switch_edit_profile', array()); } + if ( ($mode == 'register') || ($board_config['allow_namechange']) ) + { + $template->assign_block_vars('switch_namechange_allowed', array()); + } + else + { + $template->assign_block_vars('switch_namechange_disallowed', array()); + } + + + // Visual Confirmation + $confirm_image = ''; + if (!empty($board_config['enable_confirm']) && $mode == 'register') + { + $sql = 'SELECT session_id + FROM ' . SESSIONS_TABLE; + if (!($result = $db->sql_query($sql))) + { + message_die(GENERAL_ERROR, 'Could not select session data', '', __LINE__, __FILE__, $sql); + } + + if ($row = $db->sql_fetchrow($result)) + { + $confirm_sql = ''; + do + { + $confirm_sql .= (($confirm_sql != '') ? ', ' : '') . "'" . $row['session_id'] . "'"; + } + while ($row = $db->sql_fetchrow($result)); + + $sql = 'DELETE FROM ' . CONFIRM_TABLE . " + WHERE session_id NOT IN ($confirm_sql)"; + if (!$db->sql_query($sql)) + { + message_die(GENERAL_ERROR, 'Could not delete stale confirm data', '', __LINE__, __FILE__, $sql); + } + } + $db->sql_freeresult($result); + + $sql = 'SELECT COUNT(session_id) AS attempts + FROM ' . CONFIRM_TABLE . " + WHERE session_id = '" . $userdata['session_id'] . "'"; + if (!($result = $db->sql_query($sql))) + { + message_die(GENERAL_ERROR, 'Could not obtain confirm code count', '', __LINE__, __FILE__, $sql); + } + + if ($row = $db->sql_fetchrow($result)) + { + if ($row['attempts'] > 3) + { + message_die(GENERAL_MESSAGE, $lang['Too_many_registers']); + } + } + $db->sql_freeresult($result); + + $confirm_chars = array('A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', '1', '2', '3', '4', '5', '6', '7', '8', '9'); + + list($usec, $sec) = explode(' ', microtime()); + mt_srand($sec * $usec); + + $max_chars = count($confirm_chars) - 1; + $code = ''; + for ($i = 0; $i < 6; $i++) + { + $code .= $confirm_chars[mt_rand(0, $max_chars)]; + } + + $confirm_id = md5(uniqid($user_ip)); + + $sql = 'INSERT INTO ' . CONFIRM_TABLE . " (confirm_id, session_id, code) + VALUES ('$confirm_id', '". $userdata['session_id'] . "', '$code')"; + if (!$db->sql_query($sql)) + { + message_die(GENERAL_ERROR, 'Could not insert new confirm code information', '', __LINE__, __FILE__, $sql); + } + + unset($code); + + $confirm_image = (@extension_loaded('zlib')) ? '' : ''; + $s_hidden_fields .= ''; + + $template->assign_block_vars('switch_confirm', array()); + } + + // // Let's do an overall check for settings/versions which would prevent // us from doing file uploads.... *************** *** 807,812 **** --- 990,996 ---- 'NEW_PASSWORD' => $new_password, 'PASSWORD_CONFIRM' => $password_confirm, 'EMAIL' => $email, + 'CONFIRM_IMG' => $confirm_image, 'YIM' => $yim, 'ICQ' => $icq, 'MSN' => $msn, *************** *** 822,829 **** 'HIDE_USER_NO' => ( $allowviewonline ) ? 'checked="checked"' : '', 'NOTIFY_PM_YES' => ( $notifypm ) ? 'checked="checked"' : '', 'NOTIFY_PM_NO' => ( !$notifypm ) ? 'checked="checked"' : '', ! 'POPUP_PM_YES' => ( $popuppm ) ? 'checked="checked"' : '', ! 'POPUP_PM_NO' => ( !$popuppm ) ? 'checked="checked"' : '', 'ALWAYS_ADD_SIGNATURE_YES' => ( $attachsig ) ? 'checked="checked"' : '', 'ALWAYS_ADD_SIGNATURE_NO' => ( !$attachsig ) ? 'checked="checked"' : '', 'NOTIFY_REPLY_YES' => ( $notifyreply ) ? 'checked="checked"' : '', --- 1006,1013 ---- 'HIDE_USER_NO' => ( $allowviewonline ) ? 'checked="checked"' : '', 'NOTIFY_PM_YES' => ( $notifypm ) ? 'checked="checked"' : '', 'NOTIFY_PM_NO' => ( !$notifypm ) ? 'checked="checked"' : '', ! 'POPUP_PM_YES' => ( $popup_pm ) ? 'checked="checked"' : '', ! 'POPUP_PM_NO' => ( !$popup_pm ) ? 'checked="checked"' : '', 'ALWAYS_ADD_SIGNATURE_YES' => ( $attachsig ) ? 'checked="checked"' : '', 'ALWAYS_ADD_SIGNATURE_NO' => ( !$attachsig ) ? 'checked="checked"' : '', 'NOTIFY_REPLY_YES' => ( $notifyreply ) ? 'checked="checked"' : '', *************** *** 901,906 **** --- 1085,1094 ---- 'L_PROFILE_INFO_NOTICE' => $lang['Profile_info_warn'], 'L_EMAIL_ADDRESS' => $lang['Email_address'], + 'L_CONFIRM_CODE_IMPAIRED' => sprintf($lang['Confirm_code_impaired'], '', ''), + 'L_CONFIRM_CODE' => $lang['Confirm_code'], + 'L_CONFIRM_CODE_EXPLAIN' => $lang['Confirm_code_explain'], + 'S_ALLOW_AVATAR_UPLOAD' => $board_config['allow_avatar_upload'], 'S_ALLOW_AVATAR_LOCAL' => $board_config['allow_avatar_local'], 'S_ALLOW_AVATAR_REMOTE' => $board_config['allow_avatar_remote'], *************** *** 920,926 **** { $template->assign_block_vars('switch_avatar_block', array() ); ! if ( $board_config['allow_avatar_upload'] && file_exists('./' . $board_config['avatar_path']) ) { if ( $form_enctype != '' ) { --- 1108,1114 ---- { $template->assign_block_vars('switch_avatar_block', array() ); ! if ( $board_config['allow_avatar_upload'] && file_exists(@phpbb_realpath('./' . $board_config['avatar_path'])) ) { if ( $form_enctype != '' ) { *************** *** 934,940 **** $template->assign_block_vars('switch_avatar_block.switch_avatar_remote_link', array() ); } ! if ( $board_config['allow_avatar_local'] && file_exists('./' . $board_config['avatar_gallery_path']) ) { $template->assign_block_vars('switch_avatar_block.switch_avatar_local_gallery', array() ); } --- 1122,1128 ---- $template->assign_block_vars('switch_avatar_block.switch_avatar_remote_link', array() ); } ! if ( $board_config['allow_avatar_local'] && file_exists(@phpbb_realpath('./' . $board_config['avatar_gallery_path'])) ) { $template->assign_block_vars('switch_avatar_block.switch_avatar_local_gallery', array() ); } *************** *** 946,949 **** include($phpbb_root_path . 'includes/page_tail.'.$phpEx); ! ?> --- 1134,1137 ---- include($phpbb_root_path . 'includes/page_tail.'.$phpEx); ! ?> \ No newline at end of file diff -crN phpbb203/includes/usercp_sendpasswd.php phpbb2017/includes/usercp_sendpasswd.php *** phpbb203/includes/usercp_sendpasswd.php Sat Jul 10 20:16:19 2004 --- phpbb2017/includes/usercp_sendpasswd.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: usercp_sendpasswd.php,v 1.6.2.4 2002/05/20 00:21:38 psotfx Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: usercp_sendpasswd.php,v 1.6.2.12 2004/11/18 17:49:45 acydburn Exp $ * * ***************************************************************************/ *************** *** 29,35 **** if ( isset($HTTP_POST_VARS['submit']) ) { ! $username = ( !empty($HTTP_POST_VARS['username']) ) ? trim(strip_tags($HTTP_POST_VARS['username'])) : ''; $email = ( !empty($HTTP_POST_VARS['email']) ) ? trim(strip_tags(htmlspecialchars($HTTP_POST_VARS['email']))) : ''; $sql = "SELECT user_id, username, user_email, user_active, user_lang --- 29,35 ---- if ( isset($HTTP_POST_VARS['submit']) ) { ! $username = ( !empty($HTTP_POST_VARS['username']) ) ? phpbb_clean_username($HTTP_POST_VARS['username']) : ''; $email = ( !empty($HTTP_POST_VARS['email']) ) ? trim(strip_tags(htmlspecialchars($HTTP_POST_VARS['email']))) : ''; $sql = "SELECT user_id, username, user_email, user_active, user_lang *************** *** 65,82 **** include($phpbb_root_path . 'includes/emailer.'.$phpEx); $emailer = new emailer($board_config['smtp_delivery']); ! $email_headers = 'From: ' . $board_config['board_email'] . "\nReturn-Path: " . $board_config['board_email'] . "\n"; $emailer->use_template('user_activate_passwd', $row['user_lang']); $emailer->email_address($row['user_email']); ! $emailer->set_subject();//$lang['New_password_activation'] ! $emailer->extra_headers($email_headers); $emailer->assign_vars(array( 'SITENAME' => $board_config['sitename'], 'USERNAME' => $username, 'PASSWORD' => $user_password, ! 'EMAIL_SIG' => str_replace('
', "\n", "-- \n" . $board_config['board_email_sig']), 'U_ACTIVATE' => $server_url . '?mode=activate&' . POST_USERS_URL . '=' . $user_id . '&act_key=' . $user_actkey) ); --- 65,82 ---- include($phpbb_root_path . 'includes/emailer.'.$phpEx); $emailer = new emailer($board_config['smtp_delivery']); ! $emailer->from($board_config['board_email']); ! $emailer->replyto($board_config['board_email']); $emailer->use_template('user_activate_passwd', $row['user_lang']); $emailer->email_address($row['user_email']); ! $emailer->set_subject($lang['New_password_activation']); $emailer->assign_vars(array( 'SITENAME' => $board_config['sitename'], 'USERNAME' => $username, 'PASSWORD' => $user_password, ! 'EMAIL_SIG' => (!empty($board_config['board_email_sig'])) ? str_replace('
', "\n", "-- \n" . $board_config['board_email_sig']) : '', 'U_ACTIVATE' => $server_url . '?mode=activate&' . POST_USERS_URL . '=' . $user_id . '&act_key=' . $user_actkey) ); *************** *** 127,132 **** --- 127,133 ---- 'L_SUBMIT' => $lang['Submit'], 'L_RESET' => $lang['Reset'], + 'S_HIDDEN_FIELDS' => '', 'S_PROFILE_ACTION' => append_sid("profile.$phpEx?mode=sendpassword")) ); diff -crN phpbb203/includes/usercp_viewprofile.php phpbb2017/includes/usercp_viewprofile.php *** phpbb203/includes/usercp_viewprofile.php Sat Jul 10 20:16:19 2004 --- phpbb2017/includes/usercp_viewprofile.php Tue Jul 19 22:14:57 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: usercp_viewprofile.php,v 1.5 2002/03/31 00:06:34 psotfx Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: usercp_viewprofile.php,v 1.5.2.5 2005/07/19 20:01:16 acydburn Exp $ * * ***************************************************************************/ *************** *** 31,37 **** { message_die(GENERAL_MESSAGE, $lang['No_user_id_specified']); } ! $profiledata = get_userdata(intval($HTTP_GET_VARS[POST_USERS_URL])); $sql = "SELECT * FROM " . RANKS_TABLE . " --- 31,42 ---- { message_die(GENERAL_MESSAGE, $lang['No_user_id_specified']); } ! $profiledata = get_userdata($HTTP_GET_VARS[POST_USERS_URL]); ! ! if (!$profiledata) ! { ! message_die(GENERAL_MESSAGE, $lang['No_user_id_specified']); ! } $sql = "SELECT * FROM " . RANKS_TABLE . " *************** *** 41,46 **** --- 46,52 ---- message_die(GENERAL_ERROR, 'Could not obtain ranks information', '', __LINE__, __FILE__, $sql); } + $ranksrow = array(); while ( $row = $db->sql_fetchrow($result) ) { $ranksrow[] = $row; *************** *** 159,166 **** $yim = ( $profiledata['user_yim'] ) ? '' . $lang['YIM'] . '' : ''; $temp_url = append_sid("search.$phpEx?search_author=" . urlencode($profiledata['username']) . "&showresults=posts"); ! $search_img = '' . $lang['Search_user_posts'] . ''; ! $search = '' . $lang['Search_user_posts'] . ''; // // Generate page --- 165,172 ---- $yim = ( $profiledata['user_yim'] ) ? '' . $lang['YIM'] . '' : ''; $temp_url = append_sid("search.$phpEx?search_author=" . urlencode($profiledata['username']) . "&showresults=posts"); ! $search_img = '' . $lang['Search_user_posts'] . ''; ! $search = '' . sprintf($lang['Search_user_posts'], $profiledata['username']) . ''; // // Generate page *************** *** 168,173 **** --- 174,188 ---- $page_title = $lang['Viewing_profile']; include($phpbb_root_path . 'includes/page_header.'.$phpEx); + if (function_exists('get_html_translation_table')) + { + $u_search_author = urlencode(strtr($profiledata['username'], array_flip(get_html_translation_table(HTML_ENTITIES)))); + } + else + { + $u_search_author = urlencode(str_replace(array('&', ''', '"', '<', '>'), array('&', "'", '"', '<', '>'), $profiledata['username'])); + } + $template->assign_vars(array( 'USERNAME' => $profiledata['username'], 'JOINED' => create_date($lang['DATE_FORMAT'], $profiledata['user_regdate'], $board_config['board_timezone']), *************** *** 222,228 **** 'L_OCCUPATION' => $lang['Occupation'], 'L_INTERESTS' => $lang['Interests'], ! 'U_SEARCH_USER' => append_sid("search.$phpEx?search_author=" . urlencode($profiledata['username'])), 'S_PROFILE_ACTION' => append_sid("profile.$phpEx")) ); --- 237,243 ---- 'L_OCCUPATION' => $lang['Occupation'], 'L_INTERESTS' => $lang['Interests'], ! 'U_SEARCH_USER' => append_sid("search.$phpEx?search_author=" . $u_search_author), 'S_PROFILE_ACTION' => append_sid("profile.$phpEx")) ); diff -crN phpbb203/index.php phpbb2017/index.php *** phpbb203/index.php Sat Jul 10 20:16:19 2004 --- phpbb2017/index.php Tue Jul 19 22:14:58 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: index.php,v 1.99 2002/03/31 13:58:01 psotfx Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: index.php,v 1.99.2.3 2004/07/11 16:46:15 acydburn Exp $ * * ***************************************************************************/ *************** *** 118,124 **** --- 118,126 ---- message_die(GENERAL_ERROR, 'Could not query categories list', '', __LINE__, __FILE__, $sql); } + $category_rows = array(); while( $category_rows[] = $db->sql_fetchrow($result) ); + $db->sql_freeresult($result); if( ( $total_categories = count($category_rows) ) ) { *************** *** 170,175 **** --- 172,178 ---- { $forum_data[] = $row; } + $db->sql_freeresult($result); if ( !($total_forums = count($forum_data)) ) { *************** *** 197,202 **** --- 200,206 ---- { $new_topic_data[$topic_data['forum_id']][$topic_data['topic_id']] = $topic_data['post_time']; } + $db->sql_freeresult($result); } // *************** *** 222,227 **** --- 226,232 ---- { $forum_moderators[$row['forum_id']][] = '' . $row['username'] . ''; } + $db->sql_freeresult($result); $sql = "SELECT aa.forum_id, g.group_id, g.group_name FROM " . AUTH_ACCESS_TABLE . " aa, " . USER_GROUP_TABLE . " ug, " . GROUPS_TABLE . " g *************** *** 241,246 **** --- 246,252 ---- { $forum_moderators[$row['forum_id']][] = '' . $row['group_name'] . ''; } + $db->sql_freeresult($result); // // Find which forums are visible for this user *************** *** 251,256 **** --- 257,263 ---- // // Start output of page // + define('SHOW_ONLINE', true); $page_title = $lang['Index']; include($phpbb_root_path . 'includes/page_header.'.$phpEx); diff -crN phpbb203/language/lang_english/email/coppa_welcome_inactive.tpl phpbb2017/language/lang_english/email/coppa_welcome_inactive.tpl *** phpbb203/language/lang_english/email/coppa_welcome_inactive.tpl Sat Jul 10 20:16:19 2004 --- phpbb2017/language/lang_english/email/coppa_welcome_inactive.tpl Tue Jul 19 22:14:57 2005 *************** *** 44,50 **** ------------------------------ CUT HERE ------------------------------ ! Once the administrator has recived the above form via fax or regular mail your account will be activated. Please do not forget your password as it has been encrypted in our database and we cannot retrieve it for you. However, should you forget your password you can request a new one which will be activated in the same way as this account. --- 44,50 ---- ------------------------------ CUT HERE ------------------------------ ! Once the administrator has received the above form via fax or regular mail your account will be activated. Please do not forget your password as it has been encrypted in our database and we cannot retrieve it for you. However, should you forget your password you can request a new one which will be activated in the same way as this account. diff -crN phpbb203/language/lang_english/lang_admin.php phpbb2017/language/lang_english/lang_admin.php *** phpbb203/language/lang_english/lang_admin.php Sat Jul 10 20:16:19 2004 --- phpbb2017/language/lang_english/lang_admin.php Tue Jul 19 22:14:57 2005 *************** *** 7,13 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: lang_admin.php,v 1.35.2.3 2002/06/27 20:06:44 thefinn Exp $ * ****************************************************************************/ --- 7,13 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: lang_admin.php,v 1.35.2.10 2005/02/21 18:38:17 acydburn Exp $ * ****************************************************************************/ *************** *** 20,25 **** --- 20,30 ---- * ***************************************************************************/ + /* CONTRIBUTORS + 2002-12-15 Philip M. White (pwhite@mailhaven.com) + Fixed many minor grammatical mistakes + */ + // // Format is same as lang_main // *************** *** 57,63 **** $lang['Admin'] = 'Administration'; $lang['Not_admin'] = 'You are not authorised to administer this board'; $lang['Welcome_phpBB'] = 'Welcome to phpBB'; ! $lang['Admin_intro'] = 'Thank you for choosing phpBB as your forum solution. This screen will give you a quick overview of all the various statistics of your board. You can get back to this page by clicking on the Admin Index link in the left pane. To return to the index of your board, click the phpBB logo also in the left pane. The other links on the left hand side of this screen will allow you to control every aspect of your forum experience, each screen will have instructions on how to use the tools.'; $lang['Main_index'] = 'Forum Index'; $lang['Forum_stats'] = 'Forum Statistics'; $lang['Admin_Index'] = 'Admin Index'; --- 62,68 ---- $lang['Admin'] = 'Administration'; $lang['Not_admin'] = 'You are not authorised to administer this board'; $lang['Welcome_phpBB'] = 'Welcome to phpBB'; ! $lang['Admin_intro'] = 'Thank you for choosing phpBB as your forum solution. This screen will give you a quick overview of all the various statistics of your board. You can get back to this page by clicking on the Admin Index link in the left pane. To return to the index of your board, click the phpBB logo also in the left pane. The other links on the left hand side of this screen will allow you to control every aspect of your forum experience. Each screen will have instructions on how to use the tools.'; $lang['Main_index'] = 'Forum Index'; $lang['Forum_stats'] = 'Forum Statistics'; $lang['Admin_Index'] = 'Admin Index'; *************** *** 90,102 **** $lang['Restore'] = 'Restore'; $lang['Backup'] = 'Backup'; ! $lang['Restore_explain'] = 'This will perform a full restore of all phpBB tables from a saved file. If your server supports it you may upload a gzip compressed text file and it will automatically be decompressed. WARNING This will overwrite any existing data. The restore may take a long time to process please do not move from this page till it is complete.'; ! $lang['Backup_explain'] = 'Here you can backup all your phpBB related data. If you have any additional custom tables in the same database with phpBB that you would like to back up as well please enter their names separated by commas in the Additional Tables textbox below. If your server supports it you may also gzip compress the file to reduce its size before download.'; $lang['Backup_options'] = 'Backup options'; $lang['Start_backup'] = 'Start Backup'; $lang['Full_backup'] = 'Full backup'; ! $lang['Structure_backup'] = 'Structure Only backup'; $lang['Data_backup'] = 'Data only backup'; $lang['Additional_tables'] = 'Additional tables'; $lang['Gzip_compress'] = 'Gzip compress file'; --- 95,107 ---- $lang['Restore'] = 'Restore'; $lang['Backup'] = 'Backup'; ! $lang['Restore_explain'] = 'This will perform a full restore of all phpBB tables from a saved file. If your server supports it, you may upload a gzip-compressed text file and it will automatically be decompressed. WARNING: This will overwrite any existing data. The restore may take a long time to process, so please do not move from this page until it is complete.'; ! $lang['Backup_explain'] = 'Here you can back up all your phpBB-related data. If you have any additional custom tables in the same database with phpBB that you would like to back up as well, please enter their names, separated by commas, in the Additional Tables textbox below. If your server supports it you may also gzip-compress the file to reduce its size before download.'; $lang['Backup_options'] = 'Backup options'; $lang['Start_backup'] = 'Start Backup'; $lang['Full_backup'] = 'Full backup'; ! $lang['Structure_backup'] = 'Structure-Only backup'; $lang['Data_backup'] = 'Data only backup'; $lang['Additional_tables'] = 'Additional tables'; $lang['Gzip_compress'] = 'Gzip compress file'; *************** *** 104,115 **** $lang['Start_Restore'] = 'Start Restore'; $lang['Restore_success'] = 'The Database has been successfully restored.

Your board should be back to the state it was when the backup was made.'; ! $lang['Backup_download'] = 'Your download will start shortly please wait till it begins'; ! $lang['Backups_not_supported'] = 'Sorry but database backups are not currently supported for your database system'; $lang['Restore_Error_uploading'] = 'Error in uploading the backup file'; ! $lang['Restore_Error_filename'] = 'Filename problem, please try an alternative file'; ! $lang['Restore_Error_decompress'] = 'Cannot decompress a gzip file, please upload a plain text version'; $lang['Restore_Error_no_file'] = 'No file was uploaded'; --- 109,120 ---- $lang['Start_Restore'] = 'Start Restore'; $lang['Restore_success'] = 'The Database has been successfully restored.

Your board should be back to the state it was when the backup was made.'; ! $lang['Backup_download'] = 'Your download will start shortly; please wait until it begins.'; ! $lang['Backups_not_supported'] = 'Sorry, but database backups are not currently supported for your database system.'; $lang['Restore_Error_uploading'] = 'Error in uploading the backup file'; ! $lang['Restore_Error_filename'] = 'Filename problem; please try an alternative file'; ! $lang['Restore_Error_decompress'] = 'Cannot decompress a gzip file; please upload a plain text version'; $lang['Restore_Error_no_file'] = 'No file was uploaded'; *************** *** 128,134 **** $lang['Group_auth_explain'] = 'Here you can alter the permissions and moderator status assigned to each user group. Do not forget when changing group permissions that individual user permissions may still allow the user entry to forums, etc. You will be warned if this is the case.'; $lang['User_auth_explain'] = 'Here you can alter the permissions and moderator status assigned to each individual user. Do not forget when changing user permissions that group permissions may still allow the user entry to forums, etc. You will be warned if this is the case.'; ! $lang['Forum_auth_explain'] = 'Here you can alter the authorisation levels of each forum. You will have both a simple and advanced method for doing this, advanced offers greater control of each forum operation. Remember that changing the permission level of forums will affect which users can carry out the various operations within them.'; $lang['Simple_mode'] = 'Simple Mode'; $lang['Advanced_mode'] = 'Advanced Mode'; --- 133,139 ---- $lang['Group_auth_explain'] = 'Here you can alter the permissions and moderator status assigned to each user group. Do not forget when changing group permissions that individual user permissions may still allow the user entry to forums, etc. You will be warned if this is the case.'; $lang['User_auth_explain'] = 'Here you can alter the permissions and moderator status assigned to each individual user. Do not forget when changing user permissions that group permissions may still allow the user entry to forums, etc. You will be warned if this is the case.'; ! $lang['Forum_auth_explain'] = 'Here you can alter the authorisation levels of each forum. You will have both a simple and advanced method for doing this, where advanced offers greater control of each forum operation. Remember that changing the permission level of forums will affect which users can carry out the various operations within them.'; $lang['Simple_mode'] = 'Simple Mode'; $lang['Advanced_mode'] = 'Advanced Mode'; *************