makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-28 06:08:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

This is a mass commit ... expect trouble! Changes made here are primarily to how login is handled, schema changes necessary!

Browse source 
git-svn-id: file:///svn/phpbb/trunk@4970 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Paul S. Owen 2004-09-01 15:47:46 +00:00
parent 3c8e36b458
commit 070cbefa46
27 changed files with 1785 additions and 2654 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

87
phpBB/adm/pagestart.php
View file

@ -11,27 +11,40 @@
//
// -------------------------------------------------------------
if (!defined('IN_PHPBB') || !isset($phpbb_root_path))
if (!defined('IN_PHPBB'))
{
die('Hacking attempt');
exit;
}
define('NEED_SID', true);
define('IN_ADMIN', true);
require($phpbb_root_path . 'common.'.$phpEx);
require($phpbb_root_path . 'includes/functions_admin.'.$phpEx);
// Start session management
$user->start();
$auth->acl($user->data);
$user->setup('admin');
// End session management
// Did user forget to login? Give 'em a chance to here ...
if ($user->data['user_id'] == ANONYMOUS)
{
login_box("./adm/index.$phpEx$SID", '', $user->lang['LOGIN_ADMIN']);
login_box('', $user->lang['LOGIN_ADMIN'], $user->lang['LOGIN_ADMIN_SUCCESS'], true);
}
$auth->acl($user->data);
$user->setup('admin');
// End session management
// Have they authenticated (again) as an admin for this session?
if (!$user->data['session_admin'])
{
login_box('', $user->lang['LOGIN_ADMIN_CONFIRM'], $user->lang['LOGIN_ADMIN_SUCCESS'], true, false);
}
// Is user any type of admin? No, then stop here, each script needs to
// check specific permissions but this is a catchall
if (!$auth->acl_get('a_'))
{
trigger_error($user->lang['NO_ADMIN']);
}
// Some oft used variables
$safe_mode = (@ini_get('safe_mode') || @strtolower(ini_get('safe_mode')) == 'on') ? true : false;
@ -257,6 +270,68 @@ function adm_page_confirm($title, $message)
}
function build_cfg_template($tpl_type, $config_key, $options = '')
{
global $new, $user;
$tpl = '';
$name = 'config[' . $config_key . ']';
switch ($tpl_type[0])
{
case 'text':
case 'password':
$size = (int) $tpl_type[1];
$maxlength = (int) $tpl_type[2];
$tpl = '<input class="post" type="' . $tpl_type[0] . '"' . (($size) ? ' size="' . $size . '"' : '') . ' maxlength="' . (($maxlength) ? $maxlength : 255) . '" name="' . $name . '" value="' . $new[$config_key] . '" />';
break;
case 'dimension':
$size = (int) $tpl_type[1];
$maxlength = (int) $tpl_type[2];
$tpl = '<input class="post" type="text"' . (($size) ? ' size="' . $size . '"' : '') . ' maxlength="' . (($maxlength) ? $maxlength : 255) . '" name="config[' . $config_key . '_height]" value="' . $new[$config_key . '_height'] . '" /> x <input class="post" type="text"' . (($size) ? ' size="' . $size . '"' : '') . ' maxlength="' . (($maxlength) ? $maxlength : 255) . '" name="config[' . $config_key . '_width]" value="' . $new[$config_key . '_width'] . '" />';
break;
case 'textarea':
$rows = (int) $tpl_type[1];
$cols = (int) $tpl_type[2];
$tpl = '<textarea name="' . $name . '" rows="' . $rows . '" cols="' . $cols . '">' . $new[$config_key] . '</textarea>';
break;
case 'radio':
$key_yes = ($new[$config_key]) ? ' checked="checked"' : '';
$key_no = (!$new[$config_key]) ? ' checked="checked"' : '';
$tpl_type_cond = explode('_', $tpl_type[1]);
$type_no = ($tpl_type_cond[0] == 'disabled' || $tpl_type_cond[0] == 'enabled') ? false : true;
$tpl_no = '<input type="radio" name="' . $name . '" value="0"' . $key_no . ' />' . (($type_no) ? $user->lang['NO'] : $user->lang['DISABLED']);
$tpl_yes = '<input type="radio" name="' . $name . '" value="1"' . $key_yes . ' />' . (($type_no) ? $user->lang['YES'] : $user->lang['ENABLED']);
$tpl = ($tpl_type_cond[0] == 'yes' || $tpl_type_cond[0] == 'enabled') ? $tpl_yes . '&nbsp;&nbsp;' . $tpl_no : $tpl_no . '&nbsp;&nbsp;' . $tpl_yes;
break;
case 'select':
eval('$s_options = ' . str_replace('{VALUE}', $new[$config_key], $options) . ';');
$tpl = '<select name="' . $name . '">' . $s_options . '</select>';
break;
case 'custom':
eval('$tpl = ' . str_replace('{VALUE}', $new[$config_key], $options) . ';');
break;
default:
break;
}
return $tpl;
}
// General ACP module class
class module
{

2
phpBB/common.php
View file

@ -13,7 +13,7 @@
if (!defined('IN_PHPBB'))
{
die('Hacking attempt');
exit;
}
$starttime = explode(' ', microtime());

1197
phpBB/groupcp.php
View file

File diff suppressed because it is too large Load diff

52
phpBB/includes/functions.php
View file

@ -293,7 +293,7 @@ function get_moderators(&$forum_moderators, $forum_id = false)
while ($row = $db->sql_fetchrow($result))
{
$forum_moderators[$row['forum_id']][] = (!empty($row['user_id'])) ? '<a href="memberlist.' . $phpEx . $SID . '&amp;mode=viewprofile&amp;u=' . $row['user_id'] . '">' . $row['username'] . '</a>' : '<a href="groupcp.' . $phpEx . $SID . '&amp;g=' . $row['group_id'] . '">' . $row['groupname'] . '</a>';
$forum_moderators[$row['forum_id']][] = (!empty($row['user_id'])) ? '<a href="memberlist.' . $phpEx . $SID . '&amp;mode=viewprofile&amp;u=' . $row['user_id'] . '">' . $row['username'] . '</a>' : '<a href="memberlist.' . $phpEx . $SID . '&amp;mode=group&amp;g=' . $row['group_id'] . '">' . $row['groupname'] . '</a>';
}
$db->sql_freeresult($result);
@ -601,7 +601,7 @@ function watch_topic_forum($mode, &$s_watching, &$s_watching_img, $user_id, $mat
{
if ($_GET['unwatch'] == $mode)
{
login_box($user->cur_page);
login_box();
}
}
else
@ -1139,25 +1139,28 @@ function confirm_box($check, $title = '', $hidden = '', $html_body = 'confirm_bo
}
// Generate login box or verify password
function login_box($s_action, $s_hidden_fields = '', $login_explain = '', $ucp_login = false)
function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = false, $s_display = true)
{
global $SID, $db, $user, $template, $auth, $phpEx, $phpbb_root_path;
$err = '';
if (isset($_POST['login']))
{
$username = request_var('username', '');
$password = request_var('password', '');
$autologin = (!empty($_POST['autologin'])) ? TRUE : FALSE;
$viewonline = (!empty($_POST['viewonline'])) ? 0 : 1;
$admin = ($admin) ? 1 : 0;
if (($result = $auth->login($username, $password, $autologin, $viewonline)) === true)
// If authentication is successful we redirect user to previous page
if (($result = $auth->login($username, $password, $autologin, $viewonline, $admin)) === true)
{
// TODO
// Force change password ... plugin for EVENT_LOGIN in future
// but for now we'll do it here
$redirect = request_var('redirect', "index.$phpEx$SID");
meta_refresh(3, $redirect);
return true;
$message = (($l_success) ? $l_success : $user->lang['LOGIN_REDIRECT']) . '<br /><br />' . sprintf($user->lang['RETURN_PAGE'], '<a href="' . $redirect . '">', '</a> ');
trigger_error($message);
}
// If we get a non-numeric (e.g. string) value we output an error
@ -1170,18 +1173,34 @@ function login_box($s_action, $s_hidden_fields = '', $login_explain = '', $ucp_l
$err = ($result === 0) ? $user->lang['ACTIVE_ERROR'] : $user->lang['LOGIN_ERROR'];
}
$s_hidden_fields .= ($ucp_login && !empty($_SERVER['HTTP_REFERER'])) ? '<input type="hidden" name="redirect" value="' . htmlspecialchars($_SERVER['HTTP_REFERER']) . '" />' : '<input type="hidden" name="redirect" value="' . $s_action . '" />';
if (!$redirect)
{
$split_page = array();
preg_match_all('#^.*?([a-z]+?)\.' . $phpEx . '\?(.*?)$#i', $user->page, $split_page, PREG_SET_ORDER);
// No script name set? Assume index
if (empty($split_page[0][1]))
{
$split_page[0][1] = 'index';
}
// Current page correctly formatted for (login) redirects
$redirect = htmlspecialchars($split_page[0][1] . '.' . $phpEx . $SID . ((!empty($split_page[0][2])) ? '&' . $split_page[0][2] : ''));
}
$s_hidden_fields = '<input type="hidden" name="redirect" value="' . $redirect . '" />';
$s_hidden_fields .= '<input type="hidden" name="sid" value="' . $SID . '" />';
$template->assign_vars(array(
'LOGIN_ERROR' => $err,
'LOGIN_EXPLAIN' => $login_explain,
'LOGIN_EXPLAIN' => $l_explain,
'U_SEND_PASSWORD' => "{$phpbb_root_path}ucp.$phpEx$SID&amp;mode=sendpassword",
'U_TERMS_USE' => "{$phpbb_root_path}ucp.$phpEx$SID&amp;mode=terms",
'U_PRIVACY' => "{$phpbb_root_path}ucp.$phpEx$SID&amp;mode=privacy",
'S_LOGIN_ACTION' => "{$phpbb_root_path}ucp.$phpEx$SID&amp;mode=login",
'S_DISPLAY_FULL_LOGIN' => ($s_display) ? true : false,
'S_LOGIN_ACTION' => $redirect_page,
'S_HIDDEN_FIELDS' => $s_hidden_fields)
);
@ -1410,7 +1429,7 @@ function msg_handler($errno, $msg_text, $errfile, $errline)
if (!defined('HEADER_INC'))
{
if (defined('IN_ADMIN'))
if (defined('IN_ADMIN') && !empty($user->data['session_admin']))
{
adm_page_header('', '', false);
}
@ -1425,7 +1444,7 @@ function msg_handler($errno, $msg_text, $errfile, $errline)
$display_header = (!isset($display_header)) ? false : (bool) $display_header;
$show_prev_info = (!isset($show_prev_info)) ? true : (bool) $show_prev_info;
if (defined('IN_ADMIN'))
if (defined('IN_ADMIN') && !empty($user->data['session_admin']))
{
adm_page_message($msg_title, $msg_text, $display_header, $show_prev_info);
adm_page_footer();
@ -1445,6 +1464,7 @@ function msg_handler($errno, $msg_text, $errfile, $errline)
}
exit;
break;
default:
if (defined('DEBUG_EXTRA'))
{
@ -1503,7 +1523,7 @@ function page_header($page_title = '')
$reading_sql = "AND s.session_page LIKE '%f=$f%'";
}
$sql = 'SELECT u.username, u.user_id, u.user_type, u.user_allow_viewonline, u.user_colour, s.session_ip, s.session_allow_viewonline
$sql = 'SELECT u.username, u.user_id, u.user_type, u.user_allow_viewonline, u.user_colour, s.session_ip, s.session_viewonline
FROM ' . USERS_TABLE . ' u, ' . SESSIONS_TABLE . ' s
WHERE s.session_time >= ' . (time() - (intval($config['load_online_time']) * 60)) . "
$reading_sql
@ -1666,8 +1686,9 @@ function page_header($page_title = '')
'SITENAME' => $config['sitename'],
'SITE_DESCRIPTION' => $config['site_desc'],
'PAGE_TITLE' => $page_title,
'SCRIPT_NAME' => substr($user->page, 0, strpos($user->page, '.')),
'LAST_VISIT_DATE' => sprintf($user->lang['YOU_LAST_VISIT'], $s_last_visit),
'CURRENT_TIME' => sprintf($user->lang['CURRENT_TIME'], $user->format_date(time())),
'CURRENT_TIME' => sprintf($user->lang['CURRENT_TIME'], $user->format_date(time(), false, true)),
'TOTAL_USERS_ONLINE' => $l_online_users,
'LOGGED_IN_USER_LIST' => $online_userlist,
'RECORD_USERS' => $l_online_record,
@ -1685,7 +1706,6 @@ function page_header($page_title = '')
'U_MEMBERLIST' => "{$phpbb_root_path}memberlist.$phpEx$SID",
'U_VIEWONLINE' => "{$phpbb_root_path}viewonline.$phpEx$SID",
'U_MEMBERSLIST' => "{$phpbb_root_path}memberlist.$phpEx$SID",
'U_GROUP_CP' => "{$phpbb_root_path}groupcp.$phpEx$SID",
'U_LOGIN_LOGOUT' => $u_login_logout,
'U_INDEX' => "{$phpbb_root_path}index.$phpEx$SID",
'U_SEARCH' => "{$phpbb_root_path}search.$phpEx$SID",

76
phpBB/includes/session.php
View file

@ -30,28 +30,9 @@ class session
$current_time = time();
$this->browser = (!empty($_SERVER['HTTP_USER_AGENT'])) ? $_SERVER['HTTP_USER_AGENT'] : $_ENV['HTTP_USER_AGENT'];
$this->page = (!empty($_SERVER['REQUEST_URI'])) ? $_SERVER['REQUEST_URI'] : $_ENV['REQUEST_URI'];
$split_page = array();
preg_match_all('#^.*?([a-z]+?)\.' . $phpEx . '\?sid=[a-z0-9]*?(&.*)?$#i', $this->page, $split_page, PREG_SET_ORDER);
// Take care of SID
if (!isset($split_page[0][1]))
{
$split_page[0][1] = substr(strrchr($this->page, '/'), 1);
}
// Page for session_page value
$this->page = $split_page[0][1] . ((isset($split_page[0][2])) ? $split_page[0][2] : '');
$this->page = preg_replace('#^.*?\/?(\/adm\/)?([a-z]+?\.' . $phpEx . '\?)sid=[a-z0-9]*&?(.*?)$#i', '\1\2\3', $this->page);
$this->page .= (isset($_POST['f'])) ? 'f=' . intval($_POST['f']) : '';
// Current page correctly formatted for (login) redirects
$this->cur_page = str_replace('&amp;', '&', htmlspecialchars($split_page[0][1] . '.' . $phpEx . ((isset($split_page[0][2])) ? '?' . $split_page[0][2] : '')));
// Current page filename for use in template (index, viewtopic, viewforum...)
$this->current_page_filename = $split_page[0][1];
unset($split_page);
if (isset($_COOKIE[$config['cookie_name'] . '_sid']) || isset($_COOKIE[$config['cookie_name'] . '_data']))
{
$sessiondata = (!empty($_COOKIE[$config['cookie_name'] . '_data'])) ? unserialize(stripslashes($_COOKIE[$config['cookie_name'] . '_data'])) : array();
@ -145,12 +126,13 @@ class session
}
// Create a new session
function create(&$user_id, &$autologin, $set_autologin = false, $viewonline = 1)
function create(&$user_id, &$autologin, $set_autologin = false, $viewonline = 1, $admin = 0)
{
global $SID, $db, $config;
$sessiondata = array();
$current_time = time();
$current_user = $this->data['user_id'];
$bot = false;
// Pull bot information from DB and loop through it
@ -290,38 +272,45 @@ class session
// Create or update the session
$db->sql_return_on_error(true);
$sql = 'UPDATE ' . SESSIONS_TABLE . "
SET session_user_id = $user_id, session_last_visit = " . $this->data['session_last_visit'] . ", session_start = $current_time, session_time = $current_time, session_browser = '" . $db->sql_escape($this->browser) . "', session_page = '" . $db->sql_escape($this->page) . "', session_allow_viewonline = $viewonline
$sql_ary = array(
'session_user_id' => (int) $user_id,
'session_start' => (int) $current_time,
'session_last_visit' => (int) $this->data['session_last_visit'],
'session_time' => (int) $current_time,
'session_browser' => (string) $this->browser,
'session_page' => (string) $this->page,
'session_viewonline' => (int) $viewonline,
'session_admin' => (int) $admin,
);
$sql = 'UPDATE ' . SESSIONS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . "
WHERE session_id = '" . $db->sql_escape($this->session_id) . "'";
if ($this->session_id == '' || !$db->sql_query($sql) || !$db->sql_affectedrows())
{
$db->sql_return_on_error(false);
$this->session_id = md5(uniqid($this->ip));
$sql = 'INSERT INTO ' . SESSIONS_TABLE . ' ' . $db->sql_build_array('INSERT', array(
'session_id' => (string) $this->session_id,
'session_user_id' => (int) $user_id,
'session_start' => (int) $current_time,
'session_last_visit' => (int) $this->data['session_last_visit'],
'session_time' => (int) $current_time,
'session_ip' => (string) $this->ip,
'session_browser' => (string) $this->browser,
'session_page' => (string) $this->page,
'session_allow_viewonline' => (int) $viewonline
));
$db->sql_query($sql);
$sql_ary['session_id'] = (string) $this->session_id;
$db->sql_query('INSERT INTO ' . SESSIONS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary));
}
$db->sql_return_on_error(false);
if (!$bot)
{
$this->data['session_id'] = $this->session_id;
$sessiondata['autologinid'] = ($autologin && $user_id != ANONYMOUS) ? $autologin : '';
// Don't set cookies if we're an admin re-authenticating
if (!$admin || ($admin && $current_user == ANONYMOUS))
{
$sessiondata['userid'] = $user_id;
$sessiondata['autologinid'] = ($autologin && $user_id != ANONYMOUS) ? $autologin : '';
$this->set_cookie('data', serialize($sessiondata), $current_time + 31536000);
$this->set_cookie('sid', $this->session_id, 0);
}
$SID = '?sid=' . $this->session_id;
if ($this->data['user_id'] != ANONYMOUS)
@ -359,12 +348,12 @@ class session
AND session_user_id = " . $this->data['user_id'];
$db->sql_query($sql);
$this->session_id = '';
// Reset some basic data immediately
$this->session_id = $this->data['username'] = '';
$this->data['user_id'] = ANONYMOUS;
$this->data['session_admin'] = 0;
if ($this->data['user_id'] != ANONYMOUS)
{
// Trigger EVENT_END_SESSION
}
return true;
}
@ -1159,9 +1148,9 @@ class auth
}
// Authentication plug-ins is largely down to Sergey Kanareykin, our thanks to him.
function login($username, $password, $autologin = false, $viewonline = 1)
function login($username, $password, $autologin = false, $viewonline = 1, $admin = 0)
{
global $config, $user, $phpbb_root_path, $phpEx;
global $config, $db, $user, $phpbb_root_path, $phpEx;
$method = trim($config['auth_method']);
@ -1182,8 +1171,7 @@ class auth
$autologin = (!empty($autologin)) ? md5($password) : '';
// Trigger EVENT_LOGIN
return $user->create($login['user_id'], $autologin, true, $viewonline);
return $user->create($login['user_id'], $autologin, true, $viewonline, $admin);
}
}

126
phpBB/includes/ucp/ucp_groups.php Normal file
View file

@ -0,0 +1,126 @@
<?php
// -------------------------------------------------------------
//
// $Id$
//
// FILENAME : ucp_groups.php
// STARTED : Sun Jun 6, 2004
// COPYRIGHT : © 2001, 2004 phpBB Group
// WWW : http://www.phpbb.com/
// LICENCE : GPL vs2.0 [ see /docs/COPYING ]
//
// -------------------------------------------------------------
class ucp_groups extends module
{
function ucp_groups($id, $mode)
{
global $config, $db, $user, $auth, $SID, $template, $phpbb_root_path, $phpEx;
$user->add_lang('groups');
$submit = (!empty($_POST['submit'])) ? true : false;
$delete = (!empty($_POST['delete'])) ? true : false;
$error = $data = array();
switch ($mode)
{
case 'membership':
$sql = 'SELECT g.group_id, g.group_name, g.group_description, g.group_type, ug.group_leader, ug.user_pending
FROM ' . GROUPS_TABLE . ' g, ' . USER_GROUP_TABLE . ' ug
WHERE ug.user_id = ' . $user->data['user_id'] . '
AND g.group_id = ug.group_id
ORDER BY g.group_type DESC, g.group_name';
$result = $db->sql_query($sql);
$group_id_ary = array();
$leader_count = $member_count = $pending_count = 0;
while ($row = $db->sql_fetchrow($result))
{
$block = ($row['group_leader']) ? 'leader' : (($row['user_pending']) ? 'pending' : 'member');
$template->assign_block_vars($block, array(
'GROUP_ID' => $row['group_id'],
'GROUP_NAME' => ($row['group_type'] == GROUP_SPECIAL) ? $user->lang['G_' . $row['group_name']] : $row['group_name'],
'GROUP_DESC' => ($row['group_type'] <> GROUP_SPECIAL) ? $row['group_description'] : $user->lang['GROUP_IS_SPECIAL'],
'GROUP_SPECIAL' => ($row['group_type'] <> GROUP_SPECIAL) ? false : true,
'U_VIEW_GROUP' => "memberlist.$phpEx$SID&amp;mode=group&amp;g=" . $row['group_id'],
'S_GROUP_DEFAULT' => ($row['group_id'] == $user->data['group_id']) ? true : false,
'S_ROW_COUNT' => ${$block . '_count'}++,)
);
$group_id_ary[] = $row['group_id'];
}
$db->sql_freeresult($result);
// Hide hidden groups unless user is an admin with group privileges
$sql_and = ($auth->acl_gets('a_group', 'a_groupadd', 'a_groupdel')) ? '<> ' . GROUP_SPECIAL : 'NOT IN (' . GROUP_SPECIAL . ', ' . GROUP_HIDDEN . ')';
$sql = 'SELECT group_id, group_name, group_description, group_type
FROM ' . GROUPS_TABLE . '
WHERE group_id NOT IN (' . implode(', ', $group_id_ary) . ")
AND group_type $sql_and
ORDER BY group_type DESC, group_name";
$result = $db->sql_query($sql);
$nonmember_count = 0;
while ($row = $db->sql_fetchrow($result))
{
$template->assign_block_vars('nonmember', array(
'GROUP_ID' => $row['group_id'],
'GROUP_NAME' => ($row['group_type'] == GROUP_SPECIAL) ? $user->lang['G_' . $row['group_name']] : $row['group_name'],
'GROUP_DESC' => $row['group_description'],
'GROUP_SPECIAL' => ($row['group_type'] <> GROUP_SPECIAL) ? false : true,
'GROUP_CLOSED' => ($row['group_type'] <> GROUP_CLOSED || $auth->acl_gets('a_group', 'a_groupadd', 'a_groupdel')) ? false : true,
'U_VIEW_GROUP' => "memberlist.$phpEx$SID&amp;mode=group&amp;g=" . $row['group_id'],
'S_ROW_COUNT' => $nonmember_count++,)
);
}
$db->sql_freeresult($result);
$template->assign_vars(array(
'S_CHANGE_DEFAULT' => ($auth->acl_get('u_chggrp')) ? true : false,
'S_LEADER_COUNT' => $leader_count,
'S_MEMBER_COUNT' => $member_count,
'S_PENDING_COUNT' => $pending_count,
'S_NONMEMBER_COUNT' => $nonmember_count,)
);
break;
case 'manage':
break;
}
$this->display($user->lang['UCP_GROUPS'], 'ucp_groups_' . $mode . '.html');
}
}
/*
include($phpbb_root_path . 'includes/emailer.'.$phpEx);
$emailer = new emailer($config['smtp_delivery']);
$email_headers = 'From: ' . $config['board_email'] . "\nReturn-Path: " . $config['board_email'] . "\r\n";
$emailer->use_template('group_request', $moderator['user_lang']);
$emailer->email_address($moderator['user_email']);
$emailer->set_subject();//$lang['Group_request']
$emailer->extra_headers($email_headers);
$emailer->assign_vars(array(
'SITENAME' => $config['sitename'],
'GROUP_MODERATOR' => $moderator['username'],
'EMAIL_SIG' => str_replace('<br />', "\n", "-- \n" . $config['board_email_sig']),
'U_GROUPCP' => $server_url . '?' . 'g' . "=$group_id&validate=true")
);
$emailer->send();
$emailer->reset();
*/
?>

1
phpBB/includes/ucp/ucp_profile.php
View file

@ -433,7 +433,6 @@ class ucp_profile extends module
$html_status = ($config['allow_html']) ? true : false;
$bbcode_status = ($config['allow_bbcode']) ? true : false;
$smilies_status = ($config['allow_smilies']) ? true : false;
// NOTE: allow_img and allow_flash do not exist in config table
$img_status = ($config['allow_img']) ? true : false;
$flash_status = ($config['allow_flash']) ? true : false;

3
phpBB/install/schemas/mysql_schema.sql
View file

@ -602,7 +602,8 @@ CREATE TABLE phpbb_sessions (
session_ip varchar(40) DEFAULT '0' NOT NULL,
session_browser varchar(100) DEFAULT '' NULL,
session_page varchar(100) DEFAULT '' NOT NULL,
session_allow_viewonline tinyint(1) DEFAULT '1' NOT NULL,
session_viewonline tinyint(1) DEFAULT '1' NOT NULL,
session_admin tinyint(1) DEFAULT '0' NOT NULL,
PRIMARY KEY (session_id),
KEY session_time (session_time),
KEY session_user_id (session_user_id)

4
phpBB/language/en/admin.php
View file

@ -28,7 +28,9 @@ if (empty($lang) || !is_array($lang))
// in a url you again do not need to specify an order e.g., 'Click %sHERE%s' is fine
$lang += array(
'LOGIN_ADMIN' => 'You must be a registered, logged in user before attempting to administer the board.',
'LOGIN_ADMIN' => 'To administer the board you must be an authenticated user.',
'LOGIN_ADMIN_CONFIRM' => 'To administer the board you must re-authenticate yourself.',
'LOGIN_ADMIN_SUCCESS' => 'You have successfully authenticated and will now be redirected to the Administration Control Panel',
'NO_ADMIN' => 'You are not authorised to administer this board.',
'NO_FRAMES' => 'Sorry, your browser does not support frames.',

5
phpBB/language/en/common.php
View file

@ -32,7 +32,7 @@ $lang += array(
'DIRECTION' => 'ltr',
'LEFT' => 'left',
'RIGHT' => 'right',
'DATE_FORMAT' => 'd M Y',
'DATE_FORMAT' => '|d M Y|',
'1_DAY' => '1 Day',
@ -415,6 +415,9 @@ $lang += array(
'YOU_NO_NEW_PM' => 'No new private messages are waiting for you',
'datetime' => array(
'TODAY' => 'Today, ',
'YESTERDAY' => 'Yesterday, ',
'Sunday' => 'Sunday',
'Monday' => 'Monday',
'Tuesday' => 'Tuesday',

12
phpBB/language/en/gcp.php → phpBB/language/en/groups.php
View file

@ -28,17 +28,23 @@ if (empty($lang) || !is_array($lang))
// in a url you again do not need to specify an order e.g., 'Click %sHERE%s' is fine
$lang += array(
'GROUP_AVATAR' => 'Group avatar',
'GROUP_CLOSED' => 'Closed',
'GROUP_DESC' => 'Group description',
'GROUP_HIDDEN' => 'Hidden',
'GROUP_INFORMATION' => 'Usergroup Information',
'GROUP_MEMBERS' => 'Group members',
'GROUP_NAME' => 'Group name',
'GROUP_OPEN' => 'Open',
'GROUP_RANK' => 'Group rank',
'GROUP_TYPE' => 'Group type',
'GROUP_IS_CLOSED' => 'This is a closed group, new members cannot automatically join.',
'GROUP_IS_OPEN' => 'This is an open group, members can apply to join.',
'GROUP_IS_HIDDEN' => 'This is a hidden group, only members of this group can view its membership.',
'GROUP_IS_FREE' => 'This is a freely open group, all new members are welcome.',
'GROUP_IS_SPECIAL' => 'This is a special group, special groups are managed by the board administrators.',
'No_groups_exist' => 'No Groups Exist',
'REMOVE_SELECTED' => 'Remove selected'
'REMOVE_SELECTED' => 'Remove selected',
);
?>

21
phpBB/language/en/ucp.php
View file

@ -362,8 +362,27 @@ $lang += array(
'REPORTED' => 'Reported',
'TO_GROUP' => 'Usergroup',
'TO_ME' => 'Me'
)
),
'UCP_GROUPS_MEMBERSHIP' => 'Memberships',
'UCP_GROUPS_MANAGE' => 'Manage groups',
'GROUPS_EXPLAIN' => 'Usergroups enable board admins to better administer users. By default you will be placed in a specific group, this is your default group. This group defines how you may appear to other users, for example your username colouration, avatar, rank, etc. Depending on whether the administrator allows it you may be allowed to change your default group. You may also be placed in or allowed to join other groups. Some groups may give you extra rights to view content or increase your capabilities in other areas.',
'GROUP_LEADER' => 'Leaderships',
'GROUP_MEMBER' => 'Memberships',
'GROUP_PENDING' => 'Pending memberships',
'GROUP_NONMEMBER' => 'Non-memberships',
'GROUP_DETAILS' => 'Group details',
'NO_LEADER' => 'No group leaderships',
'NO_MEMBER' => 'No group memberships',
'NO_PENDING' => 'No pending memberships',
'NO_NONMEMBER' => 'No non-member groups',
'QUIT_ALL' => 'Quit all',
'QUIT_MARKED' => 'Quit marked',
'JOIN_ALL' => 'Join all',
'JOIN_MARKED' => 'Join marked',
);
?>

2
phpBB/mcp.php
View file

@ -356,7 +356,7 @@ if ($mode == 'approve' || $mode == 'disapprove')
// Only Moderators can go beyond this point
if ($user->data['user_id'] == ANONYMOUS)
{
login_box("{$phpbb_root_path}mcp.$phpEx$SID&amp;mode=$mode&amp;i=$module", '', $user->lang['LOGIN_EXPLAIN_MCP']);
login_box('', $user->lang['LOGIN_EXPLAIN_MCP']);
if ($user->data['user_id'] == ANONYMOUS)
{

145
phpBB/memberlist.php
View file

@ -13,10 +13,7 @@
// TODO
// Add permission check for IM clients
// Combine Jabber and email contact capabilities?
// When registering a new jabber user the message doesn't get sent first time
define('IN_PHPBB', true);
$phpbb_root_path = './';
$phpEx = substr(strrchr(__FILE__, '.'), 1);
include($phpbb_root_path . 'common.'.$phpEx);
@ -24,12 +21,13 @@ include($phpbb_root_path . 'common.'.$phpEx);
// Start session management
$user->start();
$auth->acl($user->data);
$user->setup('memberlist');
$user->setup(array('memberlist', 'groups'));
// Grab data
$mode = request_var('mode', '');
$action = request_var('action', '');
$user_id = request_var('u', ANONYMOUS);
$group_id = request_var('g', 0);
$topic_id = request_var('t', 0);
switch ($mode)
@ -46,7 +44,7 @@ switch ($mode)
trigger_error($user->lang['NO_VIEW_USERS']);
}
login_box($user->cur_page, '', $user->lang['LOGIN_EXPLAIN_' . strtoupper($mode)]);
login_box('', $user->lang['LOGIN_EXPLAIN_' . strtoupper($mode)]);
}
break;
}
@ -68,6 +66,7 @@ obtain_ranks($ranks);
switch ($mode)
{
case 'leaders':
// TODO
// Display a listing of board admins, moderators?
$user_ary = $auth->acl_get_list(false, array('a_', 'm_'), false);
@ -406,7 +405,7 @@ switch ($mode)
'JABBER_IMG' => $user->img('btn_jabber', $user->lang['JABBER']),
'SEARCH_IMG' => $user->img('btn_search', $user->lang['SEARCH']),
'S_PROFILE_ACTION' => "groupcp.$phpEx$SID",
'S_PROFILE_ACTION' => "memberlist.$phpEx$SID&amp;mode=group",
'S_GROUP_OPTIONS' => $group_options,
'U_ADD_FRIEND' => "ucp.$phpEx$SID&amp;i=zebra&amp;add=" . urlencode($member['username']),
@ -603,6 +602,7 @@ switch ($mode)
);
break;
case 'group':
default:
// The basic memberlist
$page_title = $user->lang['MEMBERLIST'];
@ -610,7 +610,7 @@ switch ($mode)
// Sorting
$sort_key_text = array('a' => $user->lang['SORT_USERNAME'], 'b' => $user->lang['SORT_LOCATION'], 'c' => $user->lang['SORT_JOINED'], 'd' => $user->lang['SORT_POST_COUNT'], 'e' => $user->lang['SORT_EMAIL'], 'f' => $user->lang['WEBSITE'], 'g' => $user->lang['ICQ'], 'h' => $user->lang['AIM'], 'i' => $user->lang['MSNM'], 'j' => $user->lang['YIM'], 'k' => $user->lang['SORT_LAST_ACTIVE'], 'l' => $user->lang['SORT_RANK']);
$sort_key_sql = array('a' => 'username', 'b' => 'user_from', 'c' => 'user_regdate', 'd' => 'user_posts', 'e' => 'user_email', 'f' => 'user_website', 'g' => 'user_icq', 'h' => 'user_aim', 'i' => 'user_msnm', 'j' => 'user_yim', 'k' => 'user_lastvisit', 'l' => 'user_rank DESC, user_posts');
$sort_key_sql = array('a' => 'u.username', 'b' => 'u.user_from', 'c' => 'u.user_regdate', 'd' => 'u.user_posts', 'e' => 'u.user_email', 'f' => 'u.user_website', 'g' => 'u.user_icq', 'h' => 'u.user_aim', 'i' => 'u.user_msnm', 'j' => 'u.user_yim', 'k' => 'u.user_lastvisit', 'l' => 'u.user_rank DESC, u.user_posts');
$sort_dir_text = array('a' => $user->lang['ASCENDING'], 'd' => $user->lang['DESCENDING']);
@ -676,15 +676,15 @@ switch ($mode)
$s_find_active_time .= '<option value="' . $key . '"' . $selected . '>' . $value . '</option>';
}
$where_sql .= ($username) ? " AND username LIKE '" . str_replace('*', '%', $db->sql_escape($username)) ."'" : '';
$where_sql .= ($email) ? " AND user_email LIKE '" . str_replace('*', '%', $db->sql_escape($email)) ."' " : '';
$where_sql .= ($icq) ? " AND user_icq LIKE '" . str_replace('*', '%', $db->sql_escape($icq)) ."' " : '';
$where_sql .= ($aim) ? " AND user_aim LIKE '" . str_replace('*', '%', $db->sql_escape($aim)) ."' " : '';
$where_sql .= ($yahoo) ? " AND user_yim LIKE '" . str_replace('*', '%', $db->sql_escape($yahoo)) ."' " : '';
$where_sql .= ($msn) ? " AND user_msnm LIKE '" . str_replace('*', '%', $db->sql_escape($msn)) ."' " : '';
$where_sql .= ($count) ? " AND user_posts " . $find_key_match[$count_select] . " $count " : '';
$where_sql .= (sizeof($joined) > 1) ? " AND user_regdate " . $find_key_match[$joined_select] . ' ' . gmmktime(0, 0, 0, intval($joined[1]), intval($joined[2]), intval($joined[0])) : '';
$where_sql .= (sizeof($active) > 1) ? " AND user_lastvisit " . $find_key_match[$active_select] . ' ' . gmmktime(0, 0, 0, $active[1], intval($active[2]), intval($active[0])) : '';
$sql_where .= ($username) ? " AND u.username LIKE '" . str_replace('*', '%', $db->sql_escape($username)) ."'" : '';
$sql_where .= ($email) ? " AND u.user_email LIKE '" . str_replace('*', '%', $db->sql_escape($email)) ."' " : '';
$sql_where .= ($icq) ? " AND u.user_icq LIKE '" . str_replace('*', '%', $db->sql_escape($icq)) ."' " : '';
$sql_where .= ($aim) ? " AND u.user_aim LIKE '" . str_replace('*', '%', $db->sql_escape($aim)) ."' " : '';
$sql_where .= ($yahoo) ? " AND u.user_yim LIKE '" . str_replace('*', '%', $db->sql_escape($yahoo)) ."' " : '';
$sql_where .= ($msn) ? " AND u.user_msnm LIKE '" . str_replace('*', '%', $db->sql_escape($msn)) ."' " : '';
$sql_where .= ($count) ? " AND u.user_posts " . $find_key_match[$count_select] . " $count " : '';
$sql_where .= (sizeof($joined) > 1) ? " AND u.user_regdate " . $find_key_match[$joined_select] . ' ' . gmmktime(0, 0, 0, intval($joined[1]), intval($joined[2]), intval($joined[0])) : '';
$sql_where .= (sizeof($active) > 1) ? " AND u.user_lastvisit " . $find_key_match[$active_select] . ' ' . gmmktime(0, 0, 0, $active[1], intval($active[2]), intval($active[0])) : '';
if ($ipdomain)
{
@ -704,26 +704,102 @@ switch ($mode)
}
while ($row = $db->sql_fetchrow($result));
$where_sql .= ' AND user_id IN (' . implode(', ', $ip_sql) . ')';
$sql_where .= ' AND u.user_id IN (' . implode(', ', $ip_sql) . ')';
}
else
{
// A minor fudge but it does the job :D
$where_sql .= " AND user_id IN ('-1')";
$sql_where .= " AND u.user_id IN ('-1')";
}
}
}
// Are we looking at a usergroup? If so, fetch additional info
// and further restrict the user info query
$sql_from = '';
if ($mode == 'group')
{
$sql = 'SELECT *
FROM ' . GROUPS_TABLE . "
WHERE group_id = $group_id";
$result = $db->sql_query($sql);
if (!extract($db->sql_fetchrow($result)))
{
trigger_error($user->lang['NO_GROUP']);
}
$db->sql_freeresult($result);
switch ($group_type)
{
case GROUP_OPEN:
$group_type = 'OPEN';
break;
case GROUP_CLOSED:
$group_type = 'CLOSED';
break;
case GROUP_HIDDEN:
$group_type = 'HIDDEN';
break;
case GROUP_SPECIAL:
$group_type = 'SPECIAL';
break;
case GROUP_FREE:
$group_type = 'FREE';
break;
}
$avatar_img = '';
if ($group_avatar)
{
switch ($group_avatar_type)
{
case AVATAR_UPLOAD:
$avatar_img = $phpbb_root_path . $config['avatar_path'] . '/';
break;
case AVATAR_GALLERY:
$avatar_img = $phpbb_root_path . $config['avatar_gallery_path'] . '/';
break;
}
$avatar_img .= $group_avatar;
$avatar_img = '<img src="' . $avatar_img . '" width="' . $group_avatar_width . '" height="' . $group_avatar_height . '" border="0" alt="" />';
}
$rank_title = $rank_img = '';
if (!empty($group_rank))
{
$rank_title = $ranks['special'][$group_rank]['rank_title'];
$rank_img = (!empty($ranks['special'][$group_rank]['rank_image'])) ? '<img src="' . $config['ranks_path'] . '/' . $ranks['special'][$group_rank]['rank_image'] . '" border="0" alt="' . $ranks['special'][$group_rank]['rank_title'] . '" title="' . $ranks['special'][$group_rank]['rank_title'] . '" /><br />' : '';
}
$template->assign_vars(array(
'GROUP_DESC' => $group_description,
'GROUP_NAME' => $group_name,
'GROUP_COLOR' => $group_colour,
'GROUP_TYPE' => $user->lang['GROUP_IS_' . $group_type],
'GROUP_RANK' => $rank_title,
'AVATAR_IMG' => $avatar_img,
'RANK_IMG' => $rank_img,
'U_PM' => ($auth->acl_get('u_sendpm')) ? "ucp.$phpEx$SID&amp;i=pm&amp;mode=compose&amp;address_list[g][$group_id]=to" : '',)
);
$sql_from = ', ' . USER_GROUP_TABLE . ' ug ';
$sql_where .= " AND u.user_id = ug.user_id AND ug.group_id = $group_id";
}
// Sorting and order
$order_by = $sort_key_sql[$sort_key] . ' ' . (($sort_dir == 'a') ? 'ASC' : 'DESC');
// Count the users ...
if ($where_sql)
if ($sql_where)
{
$sql = 'SELECT COUNT(user_id) AS total_users
FROM ' . USERS_TABLE . '
WHERE user_type <> ' . USER_IGNORE . "
$where_sql";
$sql = 'SELECT COUNT(u.user_id) AS total_users
FROM ' . USERS_TABLE . " u$sql_from
WHERE u.user_type <> " . USER_IGNORE . "
$sql_where";
$result = $db->sql_query($sql);
$total_users = ($row = $db->sql_fetchrow($result)) ? $row['total_users'] : 0;
@ -733,6 +809,10 @@ switch ($mode)
$total_users = $config['num_users'];
}
// Pagination string
$pagination_url = "memberlist.$phpEx$SID&amp;mode=$mode";
@ -747,6 +827,9 @@ switch ($mode)
$pagination_url .= '&amp;' . $key . '=' . urlencode(htmlspecialchars($var));
}
// Some search user specific data
if ($mode == 'searchuser' && ($config['load_search'] || $auth->acl_get('a_')))
{
@ -774,8 +857,6 @@ switch ($mode)
);
}
// TODO
// ?????????
$sql = 'SELECT session_user_id, MAX(session_time) AS session_time
FROM ' . SESSIONS_TABLE . '
WHERE session_time >= ' . (time() - 300) . '
@ -791,10 +872,10 @@ switch ($mode)
$db->sql_freeresult($result);
// Do the SQL thang
$sql = 'SELECT username, user_id, user_colour, user_allow_viewemail, user_posts, user_regdate, user_rank, user_from, user_website, user_email, user_icq, user_aim, user_yim, user_msnm, user_avatar, user_avatar_type, user_lastvisit
FROM ' . USERS_TABLE . '
WHERE user_type IN (' . USER_NORMAL . ', ' . USER_FOUNDER . ")
$where_sql
$sql = 'SELECT u.username, u.user_id, u.user_colour, u.user_allow_viewemail, u.user_posts, u.user_regdate, u.user_rank, u.user_from, u.user_website, u.user_email, u.user_icq, u.user_aim, u.user_yim, u.user_msnm, u.user_avatar, u.user_avatar_type, u.user_lastvisit
FROM ' . USERS_TABLE . " u$sql_from
WHERE u.user_type IN (" . USER_NORMAL . ', ' . USER_FOUNDER . ")
$sql_where
ORDER BY $order_by";
$result = $db->sql_query_limit($sql, $config['topics_per_page'], $start);
@ -807,6 +888,7 @@ switch ($mode)
$template->assign_block_vars('memberrow', array_merge(show_profile($row), array(
'ROW_NUMBER' => $i + ($start + 1),
'U_VIEWPROFILE' => "memberlist.$phpEx$SID&amp;mode=viewprofile&amp;u=" . $row['user_id']))
);
@ -846,9 +928,10 @@ switch ($mode)
'U_SORT_ACTIVE' => "memberlist.$phpEx$SID&amp;sk=k&amp;sd=" . (($sort_key == 'k' && $sort_dir == 'a') ? 'd' : 'a'),
'U_SORT_RANK' => "memberlist.$phpEx$SID&amp;sk=l&amp;sd=" . (($sort_key == 'l' && $sort_dir == 'a') ? 'd' : 'a'),
'S_SHOW_GROUP' => ($mode == 'group') ? true : false,
'S_MODE_SELECT' => $s_sort_key,
'S_ORDER_SELECT' => $s_sort_dir,
'S_MODE_ACTION' => "memberlist.$phpEx$SID&amp;mode=$mode&amp;form=$form")
'S_MODE_ACTION' => $pagination_url . "&amp;form=$form")
);
}
@ -914,7 +997,7 @@ function show_profile($data)
'U_PROFILE' => "memberlist.$phpEx$SID&amp;mode=viewprofile&amp;u=$user_id",
'U_SEARCH_USER' => ($auth->acl_get('u_search')) ? "search.$phpEx$SID&amp;search_author=" . urlencode($username) . "&amp;show_results=posts" : '',
'U_PM' => ($auth->acl_get('u_sendpm')) ? "ucp.$phpEx$SID&amp;i=pm&amp;mode=compose&amp;u=$user_id" : '',
'U_PM' => ($auth->acl_get('u_sendpm')) ? "ucp.$phpEx$SID&amp;mode=pm&amp;action=send&amp;u=$user_id" : '',
'U_EMAIL' => $email,
'U_WWW' => (!empty($data['user_website'])) ? $data['user_website'] : '',
'U_ICQ' => ($data['user_icq']) ? "memberlist.$phpEx$SID&amp;mode=contact&amp;action=icq&amp;u=$user_id" : '',

19
phpBB/posting.php
View file

@ -265,7 +265,7 @@ if (!$auth->acl_get('f_' . $mode, $forum_id) && $forum_type == FORUM_POST)
trigger_error('USER_CANNOT_' . strtoupper($mode));
}
login_box($user->cur_page, '', $user->lang['LOGIN_EXPLAIN_' . strtoupper($mode)]);
login_box('', $user->lang['LOGIN_EXPLAIN_' . strtoupper($mode)]);
}
@ -276,26 +276,29 @@ if (($forum_status == ITEM_LOCKED || $topic_status == ITEM_LOCKED) && !$auth->ac
trigger_error($message);
}
// Can we edit this post?
// Can we edit this post ... if we're a moderator with rights then always yes
// else it depends on editing times, lock status and if we're the correct user
// !$preview && !$refresh && !$submit &&
if ($mode == 'edit' && !$preview && !$refresh && !$submit && !$auth->acl_get('m_edit', $forum_id))
{
if ($user->data['user_id'] != $poster_id)
{
trigger_error('USER_CANNOT_EDIT');
}
if (!($post_time > time() - $config['edit_time'] || !$config['edit_time']))
{
trigger_error('CANNOT_EDIT_TIME');
}
}
// Do we want to edit our post ?
if ($mode == 'edit' && !$auth->acl_get('m_edit', $forum_id) && ($user->data['user_id'] != $poster_id || $post_edit_locked))
{
if ($post_edit_locked)
{
trigger_error('CANNOT_EDIT_POST_LOCKED');
}
trigger_error('USER_CANNOT_EDIT');
}
// Do we want to edit our post ?
if ($mode == 'edit')
{
$message_parser->bbcode_uid = $bbcode_uid;

65
phpBB/search.php
View file

@ -21,35 +21,33 @@ define('IN_PHPBB', true);
$phpbb_root_path = './';
$phpEx = substr(strrchr(__FILE__, '.'), 1);
include($phpbb_root_path . 'common.'.$phpEx);
include($phpbb_root_path . 'includes/bbcode.'.$phpEx);
// Define initial vars
$mode = (isset($_REQUEST['mode'])) ? $_REQUEST['mode'] : false;
$search_id = (isset($_REQUEST['search_id'])) ? htmlspecialchars($_REQUEST['search_id']) : false;
$start = (isset($_REQUEST['start'])) ? intval($_REQUEST['start']) : 0;
$post_id = (isset($_GET['p'])) ? max(intval($_GET['p']), 0) : 0;
$view = (isset($_GET['view'])) ? htmlspecialchars($_GET['view']) : false;
$search_keywords = (!empty($_REQUEST['search_keywords'])) ? $_REQUEST['search_keywords'] : false;
$search_author = (!empty($_REQUEST['search_author'])) ? htmlspecialchars($_REQUEST['search_author']) : false;
$show_results = (isset($_REQUEST['show_results'])) ? htmlspecialchars($_REQUEST['show_results']) : 'posts';
$search_terms = (isset($_REQUEST['search_terms'])) ? (($_REQUEST['search_terms'] == 'all') ? 1 : 0) : 1;
$search_fields = (isset($_REQUEST['search_fields'])) ? $_REQUEST['search_fields'] : 'all';
$search_child = (!empty($_REQUEST['search_child'])) ? true : false;
$return_chars = (isset($_REQUEST['return_chars'])) ? intval($_REQUEST['return_chars']) : 200;
$search_forum = (!empty($_GET['f'])) ? array(intval($_GET['f'])) : ((isset($_REQUEST['search_forum'])) ? array_map('intval', $_REQUEST['search_forum']) : array());
$search_time = (isset($_REQUEST['search_time'])) ? (time() - intval($_REQUEST['search_time'])) * 86400 : 0;
$sort_days = (!empty($_REQUEST['st'])) ? intval($_REQUEST['st']) : 0;
$sort_key = (!empty($_REQUEST['sk'])) ? htmlspecialchars($_REQUEST['sk']) : 't';
$sort_dir = (!empty($_REQUEST['sd'])) ? htmlspecialchars($_REQUEST['sd']) : 'd';
// Start session management
$user->start();
$auth->acl($user->data);
$user->setup('search');
// Define initial vars
$mode = request_var('mode', '');
$search_id = request_var('search_id', '');
$start = request_var('start', 0);
$post_id = request_var('p', 0);
$view = request_var('view', '');
$search_keywords = request_var('search_keywords', '');
$search_author = request_var('search_author', '');
$show_results = request_var('show_results', 'posts');
$search_terms = request_var('search_terms', 'all');
$search_fields = request_var('search_fields', 'all');
$search_child = request_var('search_child', true);
$return_chars = request_var('return_chars', 200);
$search_forum = request_var('f', 0);
$sort_days = request_var('st', 0);
$sort_key = request_var('sk', 't');
$sort_dir = request_var('sd', 'd');
// Is user able to search? Has search been disabled?
if (!$auth->acl_get('u_search') || !$config['load_search'])
{
@ -100,11 +98,9 @@ if ($search_keywords || $search_author || $search_id)
$sql_forums = array();
while ($row = $db->sql_fetchrow($result))
{
// echo "<br />" . $row['forum_id'] . " -> " . $row['forum_name'] . " :: " . $auth->acl_get('f_read', $row['forum_id']) . " && " . ((!$row['forum_password'] || $row['user_id'] == $user->data['user_id']));
if ($search_child)
{
if (in_array($row['forum_id'], $search_forum) && $row['right_id'] > $right_id)
if (!$search_forum || (in_array($row['forum_id'], $search_forum) && $row['right_id'] > $right_id))
{
$right_id = $row['right_id'];
}
@ -320,13 +316,15 @@ if ($search_keywords || $search_author || $search_id)
}
if ($search_keywords && sizeof($split_words) && array_diff($split_words, $old_split_words))
if (sizeof($split_words) && array_diff($split_words, $old_split_words))
{
// This "entire" section may be switched out to allow for alternative search systems
// such as that built-in to MySQL, MSSQL, etc. or external solutions which provide
// an appropriate API
$bool = ($search_terms) ? 'AND' : 'OR';
$bool = ($search_terms == 'all') ? 'AND' : 'OR';
$sql_words = '';
foreach ($split_words as $word)
{
@ -342,8 +340,9 @@ if ($search_keywords || $search_author || $search_id)
$bool = 'OR';
continue;
default:
$bool = ($search_terms != 'all') ? 'OR' : $bool;
$sql_words[$bool][] = "'" . preg_replace('#\*+#', '%', trim($word)) . "'";
$bool = ($search_terms) ? 'AND' : 'OR';
$bool = ($search_terms == 'all') ? 'AND' : 'OR';
}
}
@ -486,6 +485,8 @@ if ($search_keywords || $search_author || $search_id)
$post_id_ary = array_unique($post_id_ary);
if (!sizeof($post_id_ary))
{
trigger_error($user->lang['NO_SEARCH_RESULTS']);
@ -579,6 +580,8 @@ if ($search_keywords || $search_author || $search_id)
unset($data);
}
// Include the bbcode parser
include($phpbb_root_path . 'includes/bbcode.'.$phpEx);
// Look up data ...
$per_page = ($show_results == 'posts') ? $config['posts_per_page'] : $config['topics_per_page'];
@ -598,8 +601,8 @@ if ($search_keywords || $search_author || $search_id)
$template->assign_vars(array(
'SEARCH_MATCHES' => $l_search_matches,
'SEARCH_WORDS' => $split_words,
'IGNORED_WORDS' => ($ignored_words) ? $ignored_words : 'No words',
'PAGINATION' => generate_pagination("search.$phpEx$SID&amp;search_id=$search_id&amp;sk=$sort_key&amp;sd=$sort_dir&amp;st=$sort_days", $total_match_count, $per_page, $start),
'IGNORED_WORDS' => ($ignored_words) ? $ignored_words : $user->lang['NO_IGNORE_WORDS'],
'PAGINATION' => generate_pagination("search.$phpEx$SID&amp;search_id=$search_id&amp;hilit=$hilit&amp;sk=$sort_key&amp;sd=$sort_dir&amp;st=$sort_days", $total_match_count, $per_page, $start),
'PAGE_NUMBER' => on_page($total_match_count, $start),
'S_SELECT_SORT_DIR' => $s_sort_dir,

2
phpBB/styles/subSilver/template/login_body.html
View file

@ -35,6 +35,7 @@
<td><b class="gensmall">{L_PASSWORD}:</b></td>
<td><input class="post" type="password" name="password" size="25" maxlength="25" tabindex="2" /><br /><a class="gensmall" href="{U_SEND_PASSWORD}">{L_FORGOT_PASS}</a></td>
</tr>
<!-- IF S_DISPLAY_FULL_LOGIN -->
<tr>
<td>&nbsp;</td>
<td><input type="checkbox" name="autologin" tabindex="4" /> <span class="gensmall">{L_LOG_ME_IN}</span></td>
@ -43,6 +44,7 @@
<td>&nbsp;</td>
<td><input type="checkbox" name="viewonline" tabindex="5" /> <span class="gensmall">{L_HIDE_ME}</span></td>
</tr>
<!-- ENDIF -->
</table></td>
</tr>
<tr>

6
phpBB/styles/subSilver/template/memberlist_body.html
View file

@ -4,10 +4,10 @@
<div id="pagecontent">
<!-- You should retain this javascript in your own template! -->
<!-- IF S_SEARCH_USER --><!-- INCLUDE memberlist_search.html --><!-- ENDIF -->
<!-- IF S_SHOW_GROUP --><!-- INCLUDE memberlist_group.html --><!-- ENDIF -->
<!-- IF S_SEARCH_USER -->
<form method="post" name="results" action="{S_MODE_ACTION}" onsubmit="insert_marked(this.user);return false">
<!-- ELSEIF U_FIND_MEMBER-->
@ -41,7 +41,7 @@
<!-- ENDIF -->
<td class="gen" align="center">&nbsp;{memberrow.ROW_NUMBER}&nbsp;</td>
<td class="gen" align="center"><a href="{memberrow.U_VIEWPROFILE}"><!-- IF memberrow.USER_COLOR --><b style="color:{memberrow.USER_COLOR}"><!-- ELSE --><b><!-- ENDIF -->{memberrow.USERNAME}</b></a></td>
<td class="gen" align="center"><strong><a<!-- IF memberrow.USER_COLOR --> style="color:#{memberrow.USER_COLOR}"<!-- ENDIF --> href="{memberrow.U_VIEWPROFILE}">{memberrow.USERNAME}</a></strong></td>
<td class="gensmall" align="center" nowrap="nowrap">&nbsp;{memberrow.JOINED}&nbsp;</td>
<td class="gen" align="center">{memberrow.POSTS}</td>
<td class="gen" align="center">{memberrow.RANK_IMG}</td>

2
phpBB/styles/subSilver/template/memberlist_search.html
View file

@ -1,4 +1,6 @@
<!-- You should retain this javascript in your own template! -->
<script language="javascript" type="text/javascript">
<!--
function insert_user(user)

2
phpBB/styles/subSilver/template/memberlist_view.html
View file

@ -4,7 +4,7 @@
<div id="pagecontent">
<table class="tablebg" width="100%" cellspacing="1">
<form method="post" action="{S_PROFILE_ACTION}"><table class="tablebg" width="100%" cellspacing="1">
<tr>
<th colspan="2" nowrap="nowrap">{L_VIEWING_PROFILE}</th>
</tr>

7
phpBB/styles/subSilver/theme/stylesheet.css
View file

@ -86,13 +86,16 @@ p.postapprove { margin: 1px 0px; color: green; }
/*
TABLE
*/
th { height: 28px; color: #FFA34F; font-size: 70%; font-weight: bold; background-color: #006699; background-image: url('./images/cellpic3.gif'); white-space: nowrap; }
th { height: 28px; color: #FFA34F; font-size: 70%; font-weight: bold; background-color: #006699; background-image: url('./images/cellpic3.gif'); white-space: nowrap; padding-left: 5px; padding-right: 5px; }
.tablebg { background-color: #A9B8C2; }
.catdiv { height: 28px; margin: 0px; padding: 0px; border: 0px; background-color: white; background-image: url('./images/cellpic2.jpg'); background-repeat: repeat-y; }
.cat { height: 28px; margin: 0px; padding: 0px; border: 0px; background-color: #C7D0D7; background-image: url('./images/cellpic1.gif'); text-indent: 4px; }
.row1 { background-color: #ECECEC; padding: 4px; }
.row2 { background-color: #DCE1E5; padding: 4px; }
.row3 { background-color: #C7CFD7; padding: 4px; }
.row3 { background-color: #C0C8D0; padding: 4px; }
.rowgood { background-color: #C2D6CD; padding: 4px; }
.rowneutral { background-color: #CAC1D7; padding: 4px; }
.rowbad { background-color: #D7C1C3; padding: 4px; }
.spacer { background-color: #D1D7DC; }
hr { height: 1px; border-width: 0px; background-color: #D1D7DC; color: #D1D7DC }

15
phpBB/ucp.php
View file

@ -289,13 +289,7 @@ switch ($mode)
redirect("index.$phpEx$SID");
}
login_box("ucp.$phpEx$SID&amp;mode=login", '', '', true);
$redirect = request_var('redirect', "index.$phpEx$SID");
meta_refresh(3, $redirect);
$message = $user->lang['LOGIN_REDIRECT'] . '<br /><br />' . sprintf($user->lang['RETURN_PAGE'], '<a href="' . $redirect . '">', '</a> ');
trigger_error($message);
login_box("index.$phpEx$SID");
break;
case 'logout':
@ -304,10 +298,9 @@ switch ($mode)
$user->destroy();
}
$redirect = (!empty($_SERVER['HTTP_REFERER'])) ? htmlspecialchars($_SERVER['HTTP_REFERER']) : "index.$phpEx$SID";
meta_refresh(3, $redirect);
meta_refresh(3, "index.$phpEx$SID");
$message = $user->lang['LOGOUT_REDIRECT'] . '<br /><br />' . sprintf($user->lang['RETURN_PAGE'], '<a href="' . $redirect . '">', '</a> ');
$message = $user->lang['LOGOUT_REDIRECT'] . '<br /><br />' . sprintf($user->lang['RETURN_PAGE'], '<a href="' . "index.$phpEx$SID" . '">', '</a> ');
trigger_error($message);
break;
@ -353,7 +346,7 @@ if ($user->data['user_id'] == ANONYMOUS || $user->data['user_type'] == USER_INAC
redirect("index.$phpEx$SID");
}
login_box($user->cur_page, '', $user->lang['LOGIN_EXPLAIN_UCP']);
login_box('', $user->lang['LOGIN_EXPLAIN_UCP']);
}

2
phpBB/viewforum.php
View file

@ -109,7 +109,7 @@ if ($forum_data['forum_link'])
$db->sql_query($sql);
}
redirect($forum_data['forum_link']);
redirect(str_replace('&amp;', '&', $forum_data['forum_link']));
}
// Configure style, language, etc.

4
phpBB/viewonline.php
View file

@ -83,7 +83,7 @@ $db->sql_freeresult($result);
// Get user list
$sql = 'SELECT u.user_id, u.username, u.user_type, u.user_allow_viewonline, u.user_colour, s.session_id, s.session_time, s.session_page, s.session_ip, s.session_allow_viewonline
$sql = 'SELECT u.user_id, u.username, u.user_type, u.user_allow_viewonline, u.user_colour, s.session_id, s.session_time, s.session_page, s.session_ip, s.session_viewonline
FROM ' . USERS_TABLE . ' u, ' . SESSIONS_TABLE . ' s
WHERE u.user_id = s.session_user_id
AND s.session_time >= ' . (time() - ($config['load_online_time'] * 60)) . '
@ -105,7 +105,7 @@ while ($row = $db->sql_fetchrow($result))
$username = '<b style="color:#' . $row['user_colour'] . '">' . $username . '</b>';
}
if (!$row['user_allow_viewonline'] || !$row['session_allow_viewonline'])
if (!$row['user_allow_viewonline'] || !$row['session_viewonline'])
{
$view_online = ($auth->acl_gets('u_viewonline')) ? true : false;
$logged_hidden_online++;

2
phpBB/viewtopic.php
View file

@ -258,7 +258,7 @@ if (!$auth->acl_get('f_read', $forum_id))
trigger_error($user->lang['SORRY_AUTH_READ']);
}
login_box($user->cur_page, '', $user->lang['LOGIN_VIEWTOPIC']);
login_box('', $user->lang['LOGIN_VIEWFORUM']);
}
// Forum is passworded ... check whether access has been granted to this