makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-10 21:38:54 +00:00
Code Issues Projects Releases Packages Wiki Activity

Various fixes

Browse source 
git-svn-id: file:///svn/phpbb/branches/phpBB-2_0_0@2894 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Paul S. Owen 2002-09-20 11:40:38 +00:00
parent 86a54358d0
commit 04a005c00a
2 changed files with 39 additions and 39 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

64
phpBB/includes/usercp_register.php
View file

@ -1,6 +1,6 @@
<?php <?php
/*************************************************************************** /***************************************************************************
* usercp_register.php * usercp_register.php
* ------------------- * -------------------
* begin : Saturday, Feb 13, 2001 * begin : Saturday, Feb 13, 2001
* copyright : (C) 2001 The phpBB Group * copyright : (C) 2001 The phpBB Group
@ -40,11 +40,11 @@ function show_coppa()
); );
$template->assign_vars(array( $template->assign_vars(array(
'REGISTRATION' => $lang['Registration'], 'REGISTRATION' => $lang['Registration'],
'AGREEMENT' => $lang['Reg_agreement'], 'AGREEMENT' => $lang['Reg_agreement'],
"AGREE_OVER_13" => $lang['Agree_over_13'], "AGREE_OVER_13" => $lang['Agree_over_13'],
"AGREE_UNDER_13" => $lang['Agree_under_13'], "AGREE_UNDER_13" => $lang['Agree_under_13'],
'DO_NOT_AGREE' => $lang['Agree_not'], 'DO_NOT_AGREE' => $lang['Agree_not'],
"U_AGREE_OVER13" => append_sid("profile.$phpEx?mode=register&amp;agreed=true"), "U_AGREE_OVER13" => append_sid("profile.$phpEx?mode=register&amp;agreed=true"),
"U_AGREE_UNDER13" => append_sid("profile.$phpEx?mode=register&amp;agreed=true&amp;coppa=true")) "U_AGREE_UNDER13" => append_sid("profile.$phpEx?mode=register&amp;agreed=true&amp;coppa=true"))
@ -73,11 +73,11 @@ $coppa = ( empty($HTTP_POST_VARS['coppa']) && empty($HTTP_GET_VARS['coppa']) ) ?
// //
// Check and initialize some variables if needed // Check and initialize some variables if needed
// //
if ( if (
isset($HTTP_POST_VARS['submit']) || isset($HTTP_POST_VARS['submit']) ||
isset($HTTP_POST_VARS['avatargallery']) || isset($HTTP_POST_VARS['avatargallery']) ||
isset($HTTP_POST_VARS['submitavatar']) || isset($HTTP_POST_VARS['submitavatar']) ||
isset($HTTP_POST_VARS['cancelavatar']) || isset($HTTP_POST_VARS['cancelavatar']) ||
$mode == 'register' ) $mode == 'register' )
{ {
include($phpbb_root_path . 'includes/functions_validate.'.$phpEx); include($phpbb_root_path . 'includes/functions_validate.'.$phpEx);
@ -114,7 +114,7 @@ if (
$email = htmlspecialchars($email); $email = htmlspecialchars($email);
$signature = str_replace('<br />', "\n", $signature); $signature = str_replace('<br />', "\n", $signature);
// Run some validation on the optional fields. These are pass-by-ref, so they'll be changed to // Run some validation on the optional fields. These are pass-by-ref, so they'll be changed to
// empty strings if they fail. // empty strings if they fail.
validate_optional_fields($icq, $aim, $msn, $yim, $website, $location, $occupation, $interests, $signature); validate_optional_fields($icq, $aim, $msn, $yim, $website, $location, $occupation, $interests, $signature);
@ -163,9 +163,9 @@ if (
$user_timezone = ( isset($HTTP_POST_VARS['timezone']) ) ? doubleval($HTTP_POST_VARS['timezone']) : $board_config['board_timezone']; $user_timezone = ( isset($HTTP_POST_VARS['timezone']) ) ? doubleval($HTTP_POST_VARS['timezone']) : $board_config['board_timezone'];
$user_dateformat = ( !empty($HTTP_POST_VARS['dateformat']) ) ? trim($HTTP_POST_VARS['dateformat']) : $board_config['default_dateformat']; $user_dateformat = ( !empty($HTTP_POST_VARS['dateformat']) ) ? trim($HTTP_POST_VARS['dateformat']) : $board_config['default_dateformat'];
$user_avatar_local = ( isset($HTTP_POST_VARS['avatarselect']) && !empty($HTTP_POST_VARS['submitavatar']) && $board_config['allow_avatar_local'] ) ? $HTTP_POST_VARS['avatarselect'] : ( ( isset($HTTP_POST_VARS['avatarlocal']) ) ? $HTTP_POST_VARS['avatarlocal'] : '' ); $user_avatar_local = ( isset($HTTP_POST_VARS['avatarselect']) && !empty($HTTP_POST_VARS['submitavatar']) && $board_config['allow_avatar_local'] ) ? $HTTP_POST_VARS['avatarselect'] : ( ( isset($HTTP_POST_VARS['avatarlocal']) ) ? htmlspecialchars($HTTP_POST_VARS['avatarlocal']) : '' );
$user_avatar_remoteurl = ( !empty($HTTP_POST_VARS['avatarremoteurl']) ) ? trim($HTTP_POST_VARS['avatarremoteurl']) : ''; $user_avatar_remoteurl = ( !empty($HTTP_POST_VARS['avatarremoteurl']) ) ? trim(htmlspecialchars($HTTP_POST_VARS['avatarremoteurl'])) : '';
$user_avatar_upload = ( !empty($HTTP_POST_VARS['avatarurl']) ) ? trim($HTTP_POST_VARS['avatarurl']) : ( ( $HTTP_POST_FILES['avatar']['tmp_name'] != "none") ? $HTTP_POST_FILES['avatar']['tmp_name'] : '' ); $user_avatar_upload = ( !empty($HTTP_POST_VARS['avatarurl']) ) ? trim($HTTP_POST_VARS['avatarurl']) : ( ( $HTTP_POST_FILES['avatar']['tmp_name'] != "none") ? $HTTP_POST_FILES['avatar']['tmp_name'] : '' );
$user_avatar_name = ( !empty($HTTP_POST_FILES['avatar']['name']) ) ? $HTTP_POST_FILES['avatar']['name'] : ''; $user_avatar_name = ( !empty($HTTP_POST_FILES['avatar']['name']) ) ? $HTTP_POST_FILES['avatar']['name'] : '';
$user_avatar_size = ( !empty($HTTP_POST_FILES['avatar']['size']) ) ? $HTTP_POST_FILES['avatar']['size'] : 0; $user_avatar_size = ( !empty($HTTP_POST_FILES['avatar']['size']) ) ? $HTTP_POST_FILES['avatar']['size'] : 0;
@ -196,7 +196,7 @@ if (
$user_lang = stripslashes($user_lang); $user_lang = stripslashes($user_lang);
$user_dateformat = stripslashes($user_dateformat); $user_dateformat = stripslashes($user_dateformat);
if ( !isset($HTTP_POST_VARS['cancelavatar'])) if ( !isset($HTTP_POST_VARS['cancelavatar']))
{ {
$user_avatar = $user_avatar_local; $user_avatar = $user_avatar_local;
$user_avatar_type = USER_AVATAR_GALLERY; $user_avatar_type = USER_AVATAR_GALLERY;
@ -243,7 +243,7 @@ if ( isset($HTTP_POST_VARS['submit']) )
$error = TRUE; $error = TRUE;
$error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Fields_empty']; $error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Fields_empty'];
} }
} }
$passwd_sql = ''; $passwd_sql = '';
@ -263,8 +263,8 @@ if ( isset($HTTP_POST_VARS['submit']) )
{ {
if ( $mode == 'editprofile' ) if ( $mode == 'editprofile' )
{ {
$sql = "SELECT user_password $sql = "SELECT user_password
FROM " . USERS_TABLE . " FROM " . USERS_TABLE . "
WHERE user_id = $user_id"; WHERE user_id = $user_id";
if ( !($result = $db->sql_query($sql)) ) if ( !($result = $db->sql_query($sql)) )
{ {
@ -279,7 +279,7 @@ if ( isset($HTTP_POST_VARS['submit']) )
$error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Current_password_mismatch']; $error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Current_password_mismatch'];
} }
} }
if ( !$error ) if ( !$error )
{ {
$new_password = md5($new_password); $new_password = md5($new_password);
@ -306,11 +306,11 @@ if ( isset($HTTP_POST_VARS['submit']) )
$error = TRUE; $error = TRUE;
$error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $result['error_msg']; $error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $result['error_msg'];
} }
if ( $mode == 'editprofile' ) if ( $mode == 'editprofile' )
{ {
$sql = "SELECT user_password $sql = "SELECT user_password
FROM " . USERS_TABLE . " FROM " . USERS_TABLE . "
WHERE user_id = $user_id"; WHERE user_id = $user_id";
if ( !($result = $db->sql_query($sql)) ) if ( !($result = $db->sql_query($sql)) )
{ {
@ -459,7 +459,7 @@ if ( isset($HTTP_POST_VARS['submit']) )
$emailer->assign_vars(array( $emailer->assign_vars(array(
'SITENAME' => $board_config['sitename'], 'SITENAME' => $board_config['sitename'],
'USERNAME' => $username, 'USERNAME' => $username,
'EMAIL_SIG' => str_replace('<br />', "\n", "-- \n" . $board_config['board_email_sig']), 'EMAIL_SIG' => str_replace('<br />', "\n", "-- \n" . $board_config['board_email_sig']),
'U_ACTIVATE' => $server_url . '?mode=activate&' . POST_USERS_URL . '=' . $user_id . '&act_key=' . $user_actkey) 'U_ACTIVATE' => $server_url . '?mode=activate&' . POST_USERS_URL . '=' . $user_id . '&act_key=' . $user_actkey)
); );
@ -523,7 +523,7 @@ if ( isset($HTTP_POST_VARS['submit']) )
{ {
message_die(GENERAL_ERROR, 'Could not insert data into groups table', '', __LINE__, __FILE__, $sql); message_die(GENERAL_ERROR, 'Could not insert data into groups table', '', __LINE__, __FILE__, $sql);
} }
$group_id = $db->sql_nextid(); $group_id = $db->sql_nextid();
$sql = "INSERT INTO " . USER_GROUP_TABLE . " (user_id, group_id, user_pending) $sql = "INSERT INTO " . USER_GROUP_TABLE . " (user_id, group_id, user_pending)
@ -567,7 +567,7 @@ if ( isset($HTTP_POST_VARS['submit']) )
if( $coppa ) if( $coppa )
{ {
$emailer->assign_vars(array( $emailer->assign_vars(array(
'SITENAME' => $board_config['sitename'], 'SITENAME' => $board_config['sitename'],
'WELCOME_MSG' => sprintf($lang['Welcome_subject'], $board_config['sitename']), 'WELCOME_MSG' => sprintf($lang['Welcome_subject'], $board_config['sitename']),
'USERNAME' => $username, 'USERNAME' => $username,
'PASSWORD' => $password_confirm, 'PASSWORD' => $password_confirm,
@ -589,7 +589,7 @@ if ( isset($HTTP_POST_VARS['submit']) )
else else
{ {
$emailer->assign_vars(array( $emailer->assign_vars(array(
'SITENAME' => $board_config['sitename'], 'SITENAME' => $board_config['sitename'],
'WELCOME_MSG' => sprintf($lang['Welcome_subject'], $board_config['sitename']), 'WELCOME_MSG' => sprintf($lang['Welcome_subject'], $board_config['sitename']),
'USERNAME' => $username, 'USERNAME' => $username,
'PASSWORD' => $password_confirm, 'PASSWORD' => $password_confirm,
@ -632,7 +632,7 @@ if ( $error )
{ {
// //
// If an error occured we need to stripslashes on returned data // If an error occured we need to stripslashes on returned data
// //
$username = stripslashes($username); $username = stripslashes($username);
$email = stripslashes($email); $email = stripslashes($email);
$new_password = ''; $new_password = '';
@ -800,9 +800,9 @@ else
// //
$ini_val = ( phpversion() >= '4.0.0' ) ? 'ini_get' : 'get_cfg_var'; $ini_val = ( phpversion() >= '4.0.0' ) ? 'ini_get' : 'get_cfg_var';
$form_enctype = ( @$ini_val('file_uploads') == '0' || strtolower(@$ini_val('file_uploads') == 'off') || phpversion() == '4.0.4pl1' || !$board_config['allow_avatar_upload'] || ( phpversion() < '4.0.3' && @$ini_val('open_basedir') != '' ) ) ? '' : 'enctype="multipart/form-data"'; $form_enctype = ( @$ini_val('file_uploads') == '0' || strtolower(@$ini_val('file_uploads') == 'off') || phpversion() == '4.0.4pl1' || !$board_config['allow_avatar_upload'] || ( phpversion() < '4.0.3' && @$ini_val('open_basedir') != '' ) ) ? '' : 'enctype="multipart/form-data"';
$template->assign_vars(array( $template->assign_vars(array(
'USERNAME' => $username, 'USERNAME' => $username,
'CUR_PASSWORD' => $cur_password, 'CUR_PASSWORD' => $cur_password,
'NEW_PASSWORD' => $new_password, 'NEW_PASSWORD' => $new_password,
'PASSWORD_CONFIRM' => $password_confirm, 'PASSWORD_CONFIRM' => $password_confirm,
@ -842,11 +842,11 @@ else
'TIMEZONE_SELECT' => tz_select($user_timezone, 'timezone'), 'TIMEZONE_SELECT' => tz_select($user_timezone, 'timezone'),
'DATE_FORMAT' => $user_dateformat, 'DATE_FORMAT' => $user_dateformat,
'HTML_STATUS' => $html_status, 'HTML_STATUS' => $html_status,
'BBCODE_STATUS' => sprintf($bbcode_status, '<a href="' . append_sid("faq.$phpEx?mode=bbcode") . '" target="_phpbbcode">', '</a>'), 'BBCODE_STATUS' => sprintf($bbcode_status, '<a href="' . append_sid("faq.$phpEx?mode=bbcode") . '" target="_phpbbcode">', '</a>'),
'SMILIES_STATUS' => $smilies_status, 'SMILIES_STATUS' => $smilies_status,
'L_CURRENT_PASSWORD' => $lang['Current_password'], 'L_CURRENT_PASSWORD' => $lang['Current_password'],
'L_NEW_PASSWORD' => ( $mode == 'register' ) ? $lang['Password'] : $lang['New_password'], 'L_NEW_PASSWORD' => ( $mode == 'register' ) ? $lang['Password'] : $lang['New_password'],
'L_CONFIRM_PASSWORD' => $lang['Confirm_password'], 'L_CONFIRM_PASSWORD' => $lang['Confirm_password'],
'L_CONFIRM_PASSWORD_EXPLAIN' => ( $mode == 'editprofile' ) ? $lang['Confirm_password_explain'] : '', 'L_CONFIRM_PASSWORD_EXPLAIN' => ( $mode == 'editprofile' ) ? $lang['Confirm_password_explain'] : '',
'L_PASSWORD_IF_CHANGED' => ( $mode == 'editprofile' ) ? $lang['password_if_changed'] : '', 'L_PASSWORD_IF_CHANGED' => ( $mode == 'editprofile' ) ? $lang['password_if_changed'] : '',

14
phpBB/login.php
View file

@ -46,7 +46,7 @@ if( isset($HTTP_POST_VARS['login']) || isset($HTTP_GET_VARS['login']) || isset($
{ {
// //
// This appears to work for IIS5 CGI under Win2K. Uses getenv // This appears to work for IIS5 CGI under Win2K. Uses getenv
// since this doesn't exist for ISAPI mode and therefore the // since this doesn't exist for ISAPI mode and therefore the
// normal Location redirector is used in preference // normal Location redirector is used in preference
// //
if( ( isset($HTTP_POST_VARS['login']) || isset($HTTP_GET_VARS['login']) ) && !$userdata['session_logged_in'] ) if( ( isset($HTTP_POST_VARS['login']) || isset($HTTP_GET_VARS['login']) ) && !$userdata['session_logged_in'] )
@ -54,7 +54,7 @@ if( isset($HTTP_POST_VARS['login']) || isset($HTTP_GET_VARS['login']) || isset($
$username = isset($HTTP_POST_VARS['username']) ? $HTTP_POST_VARS['username'] : ''; $username = isset($HTTP_POST_VARS['username']) ? $HTTP_POST_VARS['username'] : '';
$password = isset($HTTP_POST_VARS['password']) ? $HTTP_POST_VARS['password'] : ''; $password = isset($HTTP_POST_VARS['password']) ? $HTTP_POST_VARS['password'] : '';
$sql = "SELECT user_id, username, user_password, user_active, user_level $sql = "SELECT user_id, username, user_password, user_active, user_level
FROM " . USERS_TABLE . " FROM " . USERS_TABLE . "
WHERE username = '" . str_replace("\'", "''", $username) . "'"; WHERE username = '" . str_replace("\'", "''", $username) . "'";
if ( !($result = $db->sql_query($sql)) ) if ( !($result = $db->sql_query($sql)) )
@ -99,7 +99,7 @@ if( isset($HTTP_POST_VARS['login']) || isset($HTTP_GET_VARS['login']) || isset($
{ {
$redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? $HTTP_POST_VARS['redirect'] : ''; $redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? $HTTP_POST_VARS['redirect'] : '';
$redirect = str_replace("?", "&", $redirect); $redirect = str_replace("?", "&", $redirect);
$template->assign_vars(array( $template->assign_vars(array(
'META' => '<meta http-equiv="refresh" content="3;url=' . append_sid("login.$phpEx?redirect=$redirect") . '">') 'META' => '<meta http-equiv="refresh" content="3;url=' . append_sid("login.$phpEx?redirect=$redirect") . '">')
); );
@ -175,7 +175,7 @@ else
{ {
$forward_to = $HTTP_SERVER_VARS['QUERY_STRING']; $forward_to = $HTTP_SERVER_VARS['QUERY_STRING'];
if( preg_match("/^redirect=(.*)$/si", $forward_to, $forward_matches) ) if( preg_match("/^redirect=([a-z0-9\.#\/\?&=\+\-_]+)/si", $forward_to, $forward_matches) )
{ {
$forward_to = ( !empty($forward_matches[3]) ) ? $forward_matches[3] : $forward_matches[1]; $forward_to = ( !empty($forward_matches[3]) ) ? $forward_matches[3] : $forward_matches[1];
$forward_match = explode('&', $forward_to); $forward_match = explode('&', $forward_to);
@ -216,11 +216,11 @@ else
$template->assign_vars(array( $template->assign_vars(array(
'USERNAME' => $username, 'USERNAME' => $username,
'L_ENTER_PASSWORD' => $lang['Enter_password'], 'L_ENTER_PASSWORD' => $lang['Enter_password'],
'L_SEND_PASSWORD' => $lang['Forgotten_password'], 'L_SEND_PASSWORD' => $lang['Forgotten_password'],
'U_SEND_PASSWORD' => append_sid("profile.$phpEx?mode=sendpassword"), 'U_SEND_PASSWORD' => append_sid("profile.$phpEx?mode=sendpassword"),
'S_HIDDEN_FIELDS' => $s_hidden_fields) 'S_HIDDEN_FIELDS' => $s_hidden_fields)
); );