makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-10 05:18:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

Various fixes

Browse source 
git-svn-id: file:///svn/phpbb/branches/phpBB-2_0_0@2894 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Paul S. Owen 2002-09-20 11:40:38 +00:00
parent 86a54358d0
commit 04a005c00a
2 changed files with 39 additions and 39 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

64
phpBB/includes/usercp_register.php
View file

@ -1,6 +1,6 @@
<?php
/***************************************************************************
* usercp_register.php
* usercp_register.php
* -------------------
* begin : Saturday, Feb 13, 2001
* copyright : (C) 2001 The phpBB Group
@ -40,11 +40,11 @@ function show_coppa()
);
$template->assign_vars(array(
'REGISTRATION' => $lang['Registration'],
'AGREEMENT' => $lang['Reg_agreement'],
"AGREE_OVER_13" => $lang['Agree_over_13'],
"AGREE_UNDER_13" => $lang['Agree_under_13'],
'DO_NOT_AGREE' => $lang['Agree_not'],
'REGISTRATION' => $lang['Registration'],
'AGREEMENT' => $lang['Reg_agreement'],
"AGREE_OVER_13" => $lang['Agree_over_13'],
"AGREE_UNDER_13" => $lang['Agree_under_13'],
'DO_NOT_AGREE' => $lang['Agree_not'],
"U_AGREE_OVER13" => append_sid("profile.$phpEx?mode=register&amp;agreed=true"),
"U_AGREE_UNDER13" => append_sid("profile.$phpEx?mode=register&amp;agreed=true&amp;coppa=true"))
@ -73,11 +73,11 @@ $coppa = ( empty($HTTP_POST_VARS['coppa']) && empty($HTTP_GET_VARS['coppa']) ) ?
//
// Check and initialize some variables if needed
//
if (
isset($HTTP_POST_VARS['submit']) ||
isset($HTTP_POST_VARS['avatargallery']) ||
isset($HTTP_POST_VARS['submitavatar']) ||
isset($HTTP_POST_VARS['cancelavatar']) ||
if (
isset($HTTP_POST_VARS['submit']) ||
isset($HTTP_POST_VARS['avatargallery']) ||
isset($HTTP_POST_VARS['submitavatar']) ||
isset($HTTP_POST_VARS['cancelavatar']) ||
$mode == 'register' )
{
include($phpbb_root_path . 'includes/functions_validate.'.$phpEx);
@ -114,7 +114,7 @@ if (
$email = htmlspecialchars($email);
$signature = str_replace('<br />', "\n", $signature);
// Run some validation on the optional fields. These are pass-by-ref, so they'll be changed to
// Run some validation on the optional fields. These are pass-by-ref, so they'll be changed to
// empty strings if they fail.
validate_optional_fields($icq, $aim, $msn, $yim, $website, $location, $occupation, $interests, $signature);
@ -163,9 +163,9 @@ if (
$user_timezone = ( isset($HTTP_POST_VARS['timezone']) ) ? doubleval($HTTP_POST_VARS['timezone']) : $board_config['board_timezone'];
$user_dateformat = ( !empty($HTTP_POST_VARS['dateformat']) ) ? trim($HTTP_POST_VARS['dateformat']) : $board_config['default_dateformat'];
$user_avatar_local = ( isset($HTTP_POST_VARS['avatarselect']) && !empty($HTTP_POST_VARS['submitavatar']) && $board_config['allow_avatar_local'] ) ? $HTTP_POST_VARS['avatarselect'] : ( ( isset($HTTP_POST_VARS['avatarlocal']) ) ? $HTTP_POST_VARS['avatarlocal'] : '' );
$user_avatar_local = ( isset($HTTP_POST_VARS['avatarselect']) && !empty($HTTP_POST_VARS['submitavatar']) && $board_config['allow_avatar_local'] ) ? $HTTP_POST_VARS['avatarselect'] : ( ( isset($HTTP_POST_VARS['avatarlocal']) ) ? htmlspecialchars($HTTP_POST_VARS['avatarlocal']) : '' );
$user_avatar_remoteurl = ( !empty($HTTP_POST_VARS['avatarremoteurl']) ) ? trim($HTTP_POST_VARS['avatarremoteurl']) : '';
$user_avatar_remoteurl = ( !empty($HTTP_POST_VARS['avatarremoteurl']) ) ? trim(htmlspecialchars($HTTP_POST_VARS['avatarremoteurl'])) : '';
$user_avatar_upload = ( !empty($HTTP_POST_VARS['avatarurl']) ) ? trim($HTTP_POST_VARS['avatarurl']) : ( ( $HTTP_POST_FILES['avatar']['tmp_name'] != "none") ? $HTTP_POST_FILES['avatar']['tmp_name'] : '' );
$user_avatar_name = ( !empty($HTTP_POST_FILES['avatar']['name']) ) ? $HTTP_POST_FILES['avatar']['name'] : '';
$user_avatar_size = ( !empty($HTTP_POST_FILES['avatar']['size']) ) ? $HTTP_POST_FILES['avatar']['size'] : 0;
@ -196,7 +196,7 @@ if (
$user_lang = stripslashes($user_lang);
$user_dateformat = stripslashes($user_dateformat);
if ( !isset($HTTP_POST_VARS['cancelavatar']))
if ( !isset($HTTP_POST_VARS['cancelavatar']))
{
$user_avatar = $user_avatar_local;
$user_avatar_type = USER_AVATAR_GALLERY;
@ -243,7 +243,7 @@ if ( isset($HTTP_POST_VARS['submit']) )
$error = TRUE;
$error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Fields_empty'];
}
}
$passwd_sql = '';
@ -263,8 +263,8 @@ if ( isset($HTTP_POST_VARS['submit']) )
{
if ( $mode == 'editprofile' )
{
$sql = "SELECT user_password
FROM " . USERS_TABLE . "
$sql = "SELECT user_password
FROM " . USERS_TABLE . "
WHERE user_id = $user_id";
if ( !($result = $db->sql_query($sql)) )
{
@ -279,7 +279,7 @@ if ( isset($HTTP_POST_VARS['submit']) )
$error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Current_password_mismatch'];
}
}
if ( !$error )
{
$new_password = md5($new_password);
@ -306,11 +306,11 @@ if ( isset($HTTP_POST_VARS['submit']) )
$error = TRUE;
$error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $result['error_msg'];
}
if ( $mode == 'editprofile' )
{
$sql = "SELECT user_password
FROM " . USERS_TABLE . "
$sql = "SELECT user_password
FROM " . USERS_TABLE . "
WHERE user_id = $user_id";
if ( !($result = $db->sql_query($sql)) )
{
@ -459,7 +459,7 @@ if ( isset($HTTP_POST_VARS['submit']) )
$emailer->assign_vars(array(
'SITENAME' => $board_config['sitename'],
'USERNAME' => $username,
'EMAIL_SIG' => str_replace('<br />', "\n", "-- \n" . $board_config['board_email_sig']),
'EMAIL_SIG' => str_replace('<br />', "\n", "-- \n" . $board_config['board_email_sig']),
'U_ACTIVATE' => $server_url . '?mode=activate&' . POST_USERS_URL . '=' . $user_id . '&act_key=' . $user_actkey)
);
@ -523,7 +523,7 @@ if ( isset($HTTP_POST_VARS['submit']) )
{
message_die(GENERAL_ERROR, 'Could not insert data into groups table', '', __LINE__, __FILE__, $sql);
}
$group_id = $db->sql_nextid();
$sql = "INSERT INTO " . USER_GROUP_TABLE . " (user_id, group_id, user_pending)
@ -567,7 +567,7 @@ if ( isset($HTTP_POST_VARS['submit']) )
if( $coppa )
{
$emailer->assign_vars(array(
'SITENAME' => $board_config['sitename'],
'SITENAME' => $board_config['sitename'],
'WELCOME_MSG' => sprintf($lang['Welcome_subject'], $board_config['sitename']),
'USERNAME' => $username,
'PASSWORD' => $password_confirm,
@ -589,7 +589,7 @@ if ( isset($HTTP_POST_VARS['submit']) )
else
{
$emailer->assign_vars(array(
'SITENAME' => $board_config['sitename'],
'SITENAME' => $board_config['sitename'],
'WELCOME_MSG' => sprintf($lang['Welcome_subject'], $board_config['sitename']),
'USERNAME' => $username,
'PASSWORD' => $password_confirm,
@ -632,7 +632,7 @@ if ( $error )
{
//
// If an error occured we need to stripslashes on returned data
//
//
$username = stripslashes($username);
$email = stripslashes($email);
$new_password = '';
@ -800,9 +800,9 @@ else
//
$ini_val = ( phpversion() >= '4.0.0' ) ? 'ini_get' : 'get_cfg_var';
$form_enctype = ( @$ini_val('file_uploads') == '0' || strtolower(@$ini_val('file_uploads') == 'off') || phpversion() == '4.0.4pl1' || !$board_config['allow_avatar_upload'] || ( phpversion() < '4.0.3' && @$ini_val('open_basedir') != '' ) ) ? '' : 'enctype="multipart/form-data"';
$template->assign_vars(array(
'USERNAME' => $username,
'USERNAME' => $username,
'CUR_PASSWORD' => $cur_password,
'NEW_PASSWORD' => $new_password,
'PASSWORD_CONFIRM' => $password_confirm,
@ -842,11 +842,11 @@ else
'TIMEZONE_SELECT' => tz_select($user_timezone, 'timezone'),
'DATE_FORMAT' => $user_dateformat,
'HTML_STATUS' => $html_status,
'BBCODE_STATUS' => sprintf($bbcode_status, '<a href="' . append_sid("faq.$phpEx?mode=bbcode") . '" target="_phpbbcode">', '</a>'),
'BBCODE_STATUS' => sprintf($bbcode_status, '<a href="' . append_sid("faq.$phpEx?mode=bbcode") . '" target="_phpbbcode">', '</a>'),
'SMILIES_STATUS' => $smilies_status,
'L_CURRENT_PASSWORD' => $lang['Current_password'],
'L_NEW_PASSWORD' => ( $mode == 'register' ) ? $lang['Password'] : $lang['New_password'],
'L_CURRENT_PASSWORD' => $lang['Current_password'],
'L_NEW_PASSWORD' => ( $mode == 'register' ) ? $lang['Password'] : $lang['New_password'],
'L_CONFIRM_PASSWORD' => $lang['Confirm_password'],
'L_CONFIRM_PASSWORD_EXPLAIN' => ( $mode == 'editprofile' ) ? $lang['Confirm_password_explain'] : '',
'L_PASSWORD_IF_CHANGED' => ( $mode == 'editprofile' ) ? $lang['password_if_changed'] : '',

14
phpBB/login.php
View file

@ -46,7 +46,7 @@ if( isset($HTTP_POST_VARS['login']) || isset($HTTP_GET_VARS['login']) || isset($
{
//
// This appears to work for IIS5 CGI under Win2K. Uses getenv
// since this doesn't exist for ISAPI mode and therefore the
// since this doesn't exist for ISAPI mode and therefore the
// normal Location redirector is used in preference
//
if( ( isset($HTTP_POST_VARS['login']) || isset($HTTP_GET_VARS['login']) ) && !$userdata['session_logged_in'] )
@ -54,7 +54,7 @@ if( isset($HTTP_POST_VARS['login']) || isset($HTTP_GET_VARS['login']) || isset($
$username = isset($HTTP_POST_VARS['username']) ? $HTTP_POST_VARS['username'] : '';
$password = isset($HTTP_POST_VARS['password']) ? $HTTP_POST_VARS['password'] : '';
$sql = "SELECT user_id, username, user_password, user_active, user_level
$sql = "SELECT user_id, username, user_password, user_active, user_level
FROM " . USERS_TABLE . "
WHERE username = '" . str_replace("\'", "''", $username) . "'";
if ( !($result = $db->sql_query($sql)) )
@ -99,7 +99,7 @@ if( isset($HTTP_POST_VARS['login']) || isset($HTTP_GET_VARS['login']) || isset($
{
$redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? $HTTP_POST_VARS['redirect'] : '';
$redirect = str_replace("?", "&", $redirect);
$template->assign_vars(array(
'META' => '<meta http-equiv="refresh" content="3;url=' . append_sid("login.$phpEx?redirect=$redirect") . '">')
);
@ -175,7 +175,7 @@ else
{
$forward_to = $HTTP_SERVER_VARS['QUERY_STRING'];
if( preg_match("/^redirect=(.*)$/si", $forward_to, $forward_matches) )
if( preg_match("/^redirect=([a-z0-9\.#\/\?&=\+\-_]+)/si", $forward_to, $forward_matches) )
{
$forward_to = ( !empty($forward_matches[3]) ) ? $forward_matches[3] : $forward_matches[1];
$forward_match = explode('&', $forward_to);
@ -216,11 +216,11 @@ else
$template->assign_vars(array(
'USERNAME' => $username,
'L_ENTER_PASSWORD' => $lang['Enter_password'],
'L_ENTER_PASSWORD' => $lang['Enter_password'],
'L_SEND_PASSWORD' => $lang['Forgotten_password'],
'U_SEND_PASSWORD' => append_sid("profile.$phpEx?mode=sendpassword"),
'U_SEND_PASSWORD' => append_sid("profile.$phpEx?mode=sendpassword"),
'S_HIDDEN_FIELDS' => $s_hidden_fields)
);