diff --git a/phpBB/includes/auth.php b/phpBB/includes/auth.php new file mode 100644 index 0000000000..3730cd5872 --- /dev/null +++ b/phpBB/includes/auth.php @@ -0,0 +1,87 @@ +sql_query($sql)) + { + $userdata = array("error" => "1"); + return ($userdata); + } + if($db->sql_numrows($result)) + { + $myrow = $db->sql_fetchrowset($result); + return($myrow[0]); + } + else + { + $userdata = array("error" => "1"); + return ($userdata); + } +} + +function get_userdata($username, $db) { + $sql = "SELECT * FROM ".USERS_TABLE." WHERE username = '$username' AND user_level != ".DELETED; + if(!$result = $db->sql_query($sql)) + { + $userdata = array("error" => "1"); + } + + if($db->sql_numrows($result)) + { + $myrow = $db->sql_fetchrowset($result); + return($myrow[0]); + } + else + { + $userdata = array("error" => "1"); + return ($userdata); + } +} + +?> diff --git a/phpBB/includes/bbcode.php b/phpBB/includes/bbcode.php new file mode 100644 index 0000000000..b1a6a794cc --- /dev/null +++ b/phpBB/includes/bbcode.php @@ -0,0 +1,508 @@ +', $text); + // li tags + $text = str_replace("[*:$uid]", '
  • ', $text); + // ending tags + $text = str_replace("[/list:u:$uid]", '', $text); + $text = str_replace("[/list:o:$uid]", '', $text); + // Ordered lists + $text = preg_replace("/\[list=([a1]):$uid\]/si", '
      ', $text); + + // [QUOTE] and [/QUOTE] for posting replies with quote, or just for quoting stuff. + $text = str_replace("[quote:$uid]", '
      Quote:
      ', $text); + $text = str_replace("[/quote:$uid]", '
      ', $text); + + // [b] and [/b] for bolding text. + $text = str_replace("[b:$uid]", '', $text); + $text = str_replace("[/b:$uid]", '', $text); + + // [i] and [/i] for italicizing text. + $text = str_replace("[i:$uid]", '', $text); + $text = str_replace("[/i:$uid]", '', $text); + + // [img]image_url_here[/img] code.. + $text = str_replace("[img:$uid]", '', $text); + + // Patterns and replacements for URL and email tags.. + $patterns = array(); + $replacements = array(); + + // [url]xxxx://www.phpbb.com[/url] code.. + $patterns[0] = "#\[url\]([a-z]+?://){1}(.*?)\[/url\]#si"; + $replacements[0] = '\1\2'; + + // [url]www.phpbb.com[/url] code.. (no xxxx:// prefix). + $patterns[1] = "#\[url\](.*?)\[/url\]#si"; + $replacements[1] = '\1'; + + // [url=xxxx://www.phpbb.com]phpBB[/url] code.. + $patterns[2] = "#\[url=([a-z]+?://){1}(.*?)\](.*?)\[/url\]#si"; + $replacements[2] = '\3'; + + // [url=www.phpbb.com]phpBB[/url] code.. (no xxxx:// prefix). + $patterns[3] = "#\[url=(.*?)\](.*?)\[/url\]#si"; + $replacements[3] = '\2'; + + // [email]user@domain.tld[/email] code.. + $patterns[4] = "#\[email\](.*?)\[/email\]#si"; + $replacements[4] = '\1'; + + $text = preg_replace($patterns, $replacements, $text); + + // Remove our padding from the string.. + $text = substr($text, 1); + + return $text; + +} // bbencode_second_pass() + + + +function make_bbcode_uid() +{ + // Unique ID for this message.. + $uid = md5(uniqid(rand())); + $uid = substr($uid, 0, BBCODE_UID_LEN); + + return $uid; +} + + + +function bbencode_first_pass($text, $uid) +{ + // pad it with a space so we can distinguish between FALSE and matching the 1st char (index 0). + // This is important; bbencode_quote(), bbencode_list(), and bbencode_code() all depend on it. + $text = " " . $text; + + // [CODE] and [/CODE] for posting code (HTML, PHP, C etc etc) in your posts. + $text = bbencode_first_pass_pda($text, $uid, '[code]', '[/code]', '', true, ''); + + // [QUOTE] and [/QUOTE] for posting replies with quote, or just for quoting stuff. + $text = bbencode_first_pass_pda($text, $uid, '[quote]', '[/quote]', '', false, ''); + + // [list] and [list=x] for (un)ordered lists. + $open_tag = array(); + $open_tag[0] = "[list]"; + + // unordered.. + $text = bbencode_first_pass_pda($text, $uid, $open_tag, "[/list]", "[/list:u]", false, 'replace_listitems'); + + $open_tag[0] = "[list=1]"; + $open_tag[1] = "[list=a]"; + + // ordered. + $text = bbencode_first_pass_pda($text, $uid, $open_tag, "[/list]", "[/list:o]", false, 'replace_listitems'); + + // [b] and [/b] for bolding text. + $text = preg_replace("#\[b\](.*?)\[/b\]#si", "[b:$uid]\\1[/b:$uid]", $text); + + // [i] and [/i] for italicizing text. + $text = preg_replace("#\[i\](.*?)\[/i\]#si", "[i:$uid]\\1[/i:$uid]", $text); + + // [img]image_url_here[/img] code.. + $text = preg_replace("#\[img\](.*?)\[/img\]#si", "[img:$uid]\\1[/img:$uid]", $text); + + // Remove our padding from the string.. + $text = substr($text, 1); + + // Add the uid tag to the start of the string.. + //$text = '[uid=' . $uid . ']' . $text; + + return $text; + +} // bbencode_first_pass() + + +/** + * $text - The text to operate on. + * $uid - The UID to add to matching tags. + * $open_tag - The opening tag to match. Can be an array of opening tags. + * $close_tag - The closing tag to match. + * $close_tag_new - The closing tag to replace with. + * $mark_lowest_level - boolean - should we specially mark the tags that occur + * at the lowest level of nesting? (useful for [code], because + * we need to match these tags first and transform HTML tags + * in their contents.. + * $func - This variable should contain a string that is the name of a function. + * That function will be called when a match is found, and passed 2 + * parameters: ($text, $uid). The function should return a string. + * This is used when some transformation needs to be applied to the + * text INSIDE a pair of matching tags. If this variable is FALSE or the + * empty string, it will not be executed. + * If open_tag is an array, then the pda will try to match pairs consisting of + * any element of open_tag followed by close_tag. This allows us to match things + * like [list=A]...[/list] and [list=1]...[/list] in one pass of the PDA. + * + * NOTES: - this function assumes the first character of $text is a space. + * - every opening tag and closing tag must be of the [...] format. + */ +function bbencode_first_pass_pda($text, $uid, $open_tag, $close_tag, $close_tag_new, $mark_lowest_level, $func) +{ + $open_tag_count = 0; + $open_tag_length = array(); + + if (!$close_tag_new || ($close_tag_new == '')) + { + $close_tag_new = $close_tag; + } + + $close_tag_length = strlen($close_tag); + $close_tag_new_length = strlen($close_tag_new); + $uid_length = strlen($uid); + + $use_function_pointer = ($func && ($func != '')); + + $stack = array(); + + if (is_array($open_tag)) + { + if (0 == count($open_tag)) + { + // No opening tags to match, so return. + return $text; + } + + for ($i = 0; $i < count($open_tag); $i++) + { + ++$open_tag_count; + $open_tag_length[$i] = strlen($open_tag[$i]); + } + } + else + { + // only one opening tag. make it into a 1-element array. + $open_tag_temp = $open_tag; + $open_tag = array(); + $open_tag[0] = $open_tag_temp; + $open_tag_length[0] = strlen($open_tag[0]); + $open_tag_count = 1; + } + + + // Start at the 2nd char of the string, looking for opening tags. + $curr_pos = 1; + while ($curr_pos && ($curr_pos < strlen($text))) + { + $curr_pos = strpos($text, "[", $curr_pos); + + // If not found, $curr_pos will be 0, and the loop will end. + if ($curr_pos) + { + // We found a [. It starts at $curr_pos. + // check if it's a starting or ending tag. + $found_start = false; + $which_start_tag = -1; + for ($i = 0; $i < $open_tag_count; $i++) + { + $possible_start = substr($text, $curr_pos, $open_tag_length[$i]); + if (0 == strcasecmp($open_tag[$i], $possible_start)) + { + $found_start = true; + $which_start_tag = $i; + break; + } + } + + if ($found_start) + { + // We have an opening tag. + // Push its position and length on to the stack, and then keep going to the right. + $match = array("pos" => $curr_pos, "tag" => $which_start_tag); + bbcode_array_push($stack, $match); + ++$curr_pos; + } + else + { + // check for a closing tag.. + $possible_end = substr($text, $curr_pos, $close_tag_length); + if (0 == strcasecmp($close_tag, $possible_end)) + { + // We have an ending tag. + // Check if we've already found a matching starting tag. + if (sizeof($stack) > 0) + { + // There exists a starting tag. + $curr_nesting_depth = sizeof($stack); + // We need to do 2 replacements now. + $match = bbcode_array_pop($stack); + $start_index = $match['pos']; + $which_start_tag = $match['tag']; + $start_length = $open_tag_length[$which_start_tag]; + $start_tag = $open_tag[$which_start_tag]; + + // everything before the opening tag. + $before_start_tag = substr($text, 0, $start_index); + + // everything after the opening tag, but before the closing tag. + $between_tags = substr($text, $start_index + $start_length, $curr_pos - $start_index - $start_length); + + // Run the given function on the text between the tags.. + if ($use_function_pointer) + { + $between_tags = $func($between_tags, $uid); + } + + // everything after the closing tag. + $after_end_tag = substr($text, $curr_pos + $close_tag_length); + + // Mark the lowest nesting level if needed. + if ($mark_lowest_level && ($curr_nesting_depth == 1)) + { + $text = $before_start_tag . substr($start_tag, 0, $start_length - 1) . ":$curr_nesting_depth:$uid]"; + $text .= $between_tags . substr($close_tag_new, 0, $close_tag_new_length - 1) . ":$curr_nesting_depth:$uid]"; + } + else + { + $text = $before_start_tag . substr($start_tag, 0, $start_length - 1) . ":$uid]"; + $text .= $between_tags . substr($close_tag_new, 0, $close_tag_new_length - 1) . ":$uid]"; + } + + $text .= $after_end_tag; + + // Now.. we've screwed up the indices by changing the length of the string. + // So, if there's anything in the stack, we want to resume searching just after it. + // otherwise, we go back to the start. + if (sizeof($stack) > 0) + { + $match = bbcode_array_pop($stack); + $curr_pos = $match['pos']; + bbcode_array_push($stack, $match); + ++$curr_pos; + } + else + { + $curr_pos = 1; + } + } + else + { + // No matching start tag found. Increment pos, keep going. + ++$curr_pos; + } + } + else + { + // No starting tag or ending tag.. Increment pos, keep looping., + ++$curr_pos; + } + } + } + } // while + + return $text; + +} // bbencode_first_pass_pda() + + + + +/** + * Does second-pass bbencoding of the [code] tags. This includes + * running htmlspecialchars() over the text contained between + * any pair of [code] tags that are at the first level of + * nesting. Tags at the first level of nesting are indicated + * by this format: [code:1:$uid] ... [/code:1:$uid] + * Other tags are in this format: [code:$uid] ... [/code:$uid] + */ +function bbencode_second_pass_code($text, $uid) +{ + + $code_start_html = '
      Code:
      ';
+	$code_end_html =  '
      '; + + // First, do all the 1st-level matches. These need an htmlspecialchars() run, + // so they have to be handled differently. + $match_count = preg_match_all("#\[code:1:$uid\](.*?)\[/code:1:$uid\]#si", $text, $matches); + + for ($i = 0; $i < $match_count; $i++) + { + $before_replace = $matches[1][$i]; + $after_replace = $matches[1][$i]; + + $after_replace = htmlspecialchars($after_replace); + + $str_to_match = "[code:1:$uid]" . $before_replace . "[/code:1:$uid]"; + + $replacement = $code_start_html; + $replacement .= $after_replace; + $replacement .= $code_end_html; + + $text = str_replace($str_to_match, $replacement, $text); + } + + // Now, do all the non-first-level matches. These are simple. + $text = str_replace("[code:$uid]", $code_start_html, $text); + $text = str_replace("[/code:$uid]", $code_end_html, $text); + + return $text; + +} // bbencode_second_pass_code() + + +/** + * Rewritten by Nathan Codding - Feb 6, 2001. + * - Goes through the given string, and replaces xxxx://yyyy with an HTML tag linking + * to that URL + * - Goes through the given string, and replaces www.xxxx.yyyy[zzzz] with an HTML tag linking + * to http://www.xxxx.yyyy[/zzzz] + * - Goes through the given string, and replaces xxxx@yyyy with an HTML mailto: tag linking + * to that email address + * - Only matches these 2 patterns either after a space, or at the beginning of a line + * + * Notes: the email one might get annoying - it's easy to make it more restrictive, though.. maybe + * have it require something like xxxx@yyyy.zzzz or such. We'll see. + */ + +function make_clickable($text) +{ + + // pad it with a space so we can match things at the start of the 1st line. + $ret = " " . $text; + + // matches an "xxxx://yyyy" URL at the start of a line, or after a space. + // xxxx can only be alpha characters. + // yyyy is anything up to the first space, newline, or comma. + $ret = preg_replace("#([\n ])([a-z]+?)://([^, \n\r]+)#i", "\\1\\2://\\3", $ret); + + // matches a "www.xxxx.yyyy[/zzzz]" kinda lazy URL thing + // Must contain at least 2 dots. xxxx contains either alphanum, or "-" + // yyyy contains either alphanum, "-", or "." + // zzzz is optional.. will contain everything up to the first space, newline, or comma. + // This is slightly restrictive - it's not going to match stuff like "forums.foo.com" + // This is to keep it from getting annoying and matching stuff that's not meant to be a link. + $ret = preg_replace("#([\n ])www\.([a-z0-9\-]+)\.([a-z0-9\-.\~]+)((?:/[^, \n\r]*)?)#i", "\\1www.\\2.\\3\\4", $ret); + + // matches an email@domain type address at the start of a line, or after a space. + // Note: before the @ sign, the only valid characters are the alphanums and "-", "_", or ".". + // After the @ sign, we accept anything up to the first space, linebreak, or comma. + $ret = preg_replace("#([\n ])([a-z0-9\-_.]+?)@([^, \n\r]+)#i", "\\1\\2@\\3", $ret); + + // Remove our padding.. + $ret = substr($ret, 1); + + return($ret); +} + + + +/** + * This is used to change a [*] tag into a [*:$uid] tag as part + * of the first-pass bbencoding of [list] tags. It fits the + * standard required in order to be passed as a variable + * function into bbencode_first_pass_pda(). + */ +function replace_listitems($text, $uid) +{ + $text = str_replace("[*]", "[*:$uid]", $text); + + return $text; +} + + +/** + * Escapes the "/" character with "\/". This is useful when you need + * to stick a runtime string into a PREG regexp that is being delimited + * with slashes. + */ +function escape_slashes($input) +{ + $output = str_replace('/', '\/', $input); + return $output; +} + + +/** + * This function does exactly what the PHP4 function array_push() does + * however, to keep phpBB compatable with PHP 3 we had to come up with our own + * method of doing it. + */ +function bbcode_array_push(&$stack, $value) { + $stack[] = $value; + return(sizeof($stack)); +} + +/** + * This function does exactly what the PHP4 function array_pop() does + * however, to keep phpBB compatable with PHP 3 we had to come up with our own + * method of doing it. + */ +function bbcode_array_pop(&$stack) { + $arrSize = count($stack); + $x = 1; + while(list($key, $val) = each($stack)) + { + if($x < count($stack)) + { + $tmpArr[] = $val; + } + else + { + $return_val = $val; + } + $x++; + } + $stack = $tmpArr; + + return($return_val); +} + + + +?> diff --git a/phpBB/includes/error.php b/phpBB/includes/error.php new file mode 100644 index 0000000000..76acc188e5 --- /dev/null +++ b/phpBB/includes/error.php @@ -0,0 +1,96 @@ +sql_error(); + $error_msg .= "
      SQL connect error - " . $db_error["message"]; + break; + + case BANNED: + $error_msg = "You have been banned from this forum."; + break; + + case SQL_QUERY: + $db_error = $db->sql_error(); + $error_msg .= "
      SQL query error - ".$db_error["message"]; + break; + + case SESSION_CREATE: + $error_msg = "Error creating session. Could not log you in. Please go back and try again."; + break; + + case NO_POSTS: + $error_msg = "There are no posts in this forum. Click on the Post New Topic link on this page to post one."; + break; + + case LOGIN_FAILED: + $error_msg = "Login Failed. You have specified an incorrect/inactive username or invalid password, please go back and try again."; + break; + } + } + if(DEBUG) + { + if($line != "" && $file != "") + $error_msg .= "

      DEBUG INFO

      Line: ".$line."
      File: ".$file; + } + + $template->set_filenames(array("error_body" => "error_body.tpl")); + $template->assign_vars(array("ERROR_MESSAGE" => $error_msg)); + $template->pparse("error_body"); + + include('includes/page_tail.'.$phpEx); + + exit(); +} + +?> diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php new file mode 100644 index 0000000000..e7b236f207 --- /dev/null +++ b/phpBB/includes/functions.php @@ -0,0 +1,418 @@ +sql_query($sql)) + { + return 'ERROR'; + } + else + { + $row = $db->sql_fetchrow($result); + if($mode == 'newestuser') + { + return($row); + } + else if($mode == "usersonline") + { + return ($row['online']); + } + else + { + return($row['total']); + } + } +} + + +function make_jumpbox($db) +{ + global $l_jumpto, $l_noforums, $l_nocategories; + + $sql = "SELECT c.* + FROM ".CATEGORIES_TABLE." c, ".FORUMS_TABLE." f + WHERE f.cat_id = c.cat_id + GROUP BY c.cat_id, c.cat_title, c.cat_order + ORDER BY c.cat_order"; + if(!$q_categories = $db->sql_query($sql)) + { + $db_error = $db->sql_error(); + error_die(SQL_QUERY, "Couldn't obtain category list.", __LINE__, __FILE__); + } + + $total_categories = $db->sql_numrows(); + if($total_categories) + { + $category_rows = $db->sql_fetchrowset($q_categories); + + $limit_forums = ""; + + $sql = "SELECT * + FROM ".FORUMS_TABLE." + ORDER BY cat_id, forum_order"; + if(!$q_forums = $db->sql_query($sql)) + { + error_die(SQL_QUERY, "Couldn't obtain forums information.", __LINE__, __FILE__); + } + $total_forums = $db->sql_numrows($q_forums); + $forum_rows = $db->sql_fetchrowset($q_forums); + + $boxstring = ''; + for($i = 0; $i < $total_categories; $i++) + { + $boxstring .= "\n"; + $boxstring .= "\n"; + $boxstring .= "\n"; + + if($total_forums) + { + for($y = 0; $y < $total_forums; $y++) + { + if( $forum_rows[$y]["cat_id"] == $category_rows[$i]["cat_id"] ) + { + $name = stripslashes($forum_rows[$y]["forum_name"]); + $boxstring .= "\n"; + } + } + } + else + { + $boxstring .= "\n"; + } + } + } + else + { + $boxstring .= "\n"; + } + + return($boxstring); +} + +function language_select($default, $name="language", $dirname="language/") +{ + global $phpEx; + $dir = opendir($dirname); + $lang_select = "\n"; + closedir($dir); + return $lang_select; +} + +function theme_select($default, $db) +{ + $sql = "SELECT theme_id, theme_name FROM ".THEMES_TABLE." ORDER BY theme_name"; + if($result = $db->sql_query($sql)) + { + $num = $db->sql_numrows($result); + $rowset = $db->sql_fetchrowset($result); + $theme_select = "\n"; + } + else + { + $theme_select = ""; + } + return($theme_select); +} + +// +// Initialise user settings on page load +// +function init_userprefs($userdata) +{ + + global $override_user_theme; + global $bgcolor, $table_bgcolor, $textcolor, $category_title, $table_header; + global $color1, $color2, $header_image, $newtopic_image; + global $reply_locked_image, $reply_image, $linkcolor, $vlinkcolor; + global $default_lang, $date_format, $sys_timezone; + + if(!$override_user_theme) + { + if($userdata['user_id'] != ANONYMOUS || $userdata['user_id'] != DELETED) + { + $theme = setuptheme($userdata["user_theme"]); + } + else + { + $theme = setuptheme($default_theme); + } + } + else + { + $theme = setuptheme($override_user_theme); + } + if($theme) + { + $bgcolor = $theme["bgcolor"]; + $table_bgcolor = $theme["table_bgcolor"]; + $textcolor = $theme["textcolor"]; + $category_title = $theme["category_title"]; + $table_header = $theme["table_header"]; + $color1 = $theme["color1"]; + $color2 = $theme["color2"]; + $header_image = $theme["header_image"]; + $newtopic_image = $theme["newtopic_image"]; + $reply_locked_image = $theme["reply_locked_image"]; + $reply_image = $theme["reply_image"]; + $linkcolor = $theme["linkcolor"]; + $vlinkcolor = $theme["vlinkcolor"]; + } + if($userdata["user_lang"] != "") + { + $default_lang = $userdata["user_lang"]; + } + if($userdata["user_dateformat"] != "") + { + $date_format = $userdata["user_dateformat"]; + } + if($userdata["user_timezone"]) + { + $sys_timezone = $userdata["user_timezone"]; + } + + // Include the appropriate language file ... if it exists. + if(!strstr($PHP_SELF, "admin")) + { + if(file_exists('language/lang_'.$default_lang.'.'.$phpEx)) + { + include('language/lang_'.$default_lang.'.'.$phpEx); + } + } + else + { + if(strstr($PHP_SELF, "topicadmin")) + { + include('language/lang_'.$default_lang.'.'.$phpEx); + } + else + { + include('../language/lang_'.$default_lang.'.'.$phpEx); + } + } + + return; + +} +function setuptheme($theme) +{ + global $db; + + $sql = "SELECT * + FROM ".THEMES_TABLE." + WHERE theme_id = '$theme'"; + if(!$result = $db->sql_query($sql)) + return(0); + + if(!$myrow = $db->sql_fetchrow($result)) + return(0); + + return($myrow); +} + +function tz_select($default) +{ + global $board_tz; + if(!isset($default)) + { + $default == $board_tz; + } + $tz_select = "\n"; + return($tz_select); +} + +function validate_username(&$username, $db) +{ + $username = trim($username); + $username = strip_tags($username); + $username = htmlspecialchars($username); + if(empty($username)) + { + return(FALSE); + } + + $valid_name = TRUE; + $sql = "SELECT LOWER(username) FROM ".USERS_TABLE." WHERE username = '$username'"; + if($result = $db->sql_query($sql)) + { + if( ($numrows = $db->sql_numrows($result) ) > 0) + { + $valid_name = FALSE; + } + } + + $sql = "SELECT disallow_username FROM ".DISALLOW_TABLE." WHERE disallow_username = '$username'"; + if($result = $db->sql_query($sql)) + { + if(($numrows = $db->sql_numrows($result)) > 0) + { + $valid_name = FALSE; + } + } + + return($valid_name); +} +function generate_activation_key() +{ + $chars = array( + "a","A","b","B","c","C","d","D","e","E","f","F","g","G","h","H","i","I","j","J", + "k","K","l","L","m","M","n","N","o","O","p","P","q","Q","r","R","s","S","t","T", + "u","U","v","V","w","W","x","X","y","Y","z","Z","1","2","3","4","5","6","7","8", + "9","0" + ); + $max_elements = count($chars) - 1; + srand((double)microtime()*1000000); + $act_key = $chars[rand(0,$max_elements)]; + $act_key .= $chars[rand(0,$max_elements)]; + $act_key .= $chars[rand(0,$max_elements)]; + $act_key .= $chars[rand(0,$max_elements)]; + $act_key .= $chars[rand(0,$max_elements)]; + $act_key .= $chars[rand(0,$max_elements)]; + $act_key .= $chars[rand(0,$max_elements)]; + $act_key .= $chars[rand(0,$max_elements)]; + $act_key_md = md5($act_key); + + return($act_key_md); +} + +function encode_ip($dotquad_ip) +{ + $ip_sep = explode(".", $dotquad_ip); + return (sprintf("%02x%02x%02x%02x", $ip_sep[0], $ip_sep[1], $ip_sep[2], $ip_sep[3])); + + //return (( $ip_sep[0] * 0xFFFFFF + $ip_sep[0] ) + ( $ip_sep[1] * 0xFFFF + $ip_sep[1] ) + ( $ip_sep[2] * 0xFF + $ip_sep[2] ) + ( $ip_sep[3] ) ); +} + +function decode_ip($int_ip) +{ + $hexipbang = explode(".",chunk_split($int_ip, 2, ".")); + return hexdec($hexipbang[0]).".".hexdec($hexipbang[1]).".".hexdec($hexipbang[2]).".".hexdec($hexipbang[3]); + + //return sprintf( "%d.%d.%d.%d", ( ( $int_ip >> 24 ) & 0xFF ), ( ( $int_ip >> 16 ) & 0xFF ), ( ( $int_ip >> 8 ) & 0xFF ), ( ( $int_ip ) & 0xFF ) ); + +} + +// +// Create date/time from format and timezone +// +function create_date($format, $gmepoch, $tz) +{ + return (gmdate($format, $gmepoch + (3600 * $tz))); +} +?> \ No newline at end of file diff --git a/phpBB/includes/post.php b/phpBB/includes/post.php new file mode 100644 index 0000000000..a6f3cdad39 --- /dev/null +++ b/phpBB/includes/post.php @@ -0,0 +1,26 @@ +' diff --git a/phpBB/includes/sessions.php b/phpBB/includes/sessions.php new file mode 100644 index 0000000000..158e2d5976 --- /dev/null +++ b/phpBB/includes/sessions.php @@ -0,0 +1,357 @@ + $current_time )"; + $result = $db->sql_query($sql); + if (!$result) + { + error_die(SQL_QUERY, "Couldn't obtain ban information.", __LINE__, __FILE__); + } + $ban_info = $db->sql_fetchrow($result); + + // + // Check for user and ip ban ... + // + if($ban_info['ban_ip'] || $ban_info['ban_userid']) + { + error_die(AUTH_BANNED); + } + else + { + if($user_id == ANONYMOUS) + { + $login = 0; + } + + $sql_update = "UPDATE ".SESSIONS_TABLE." + SET session_user_id = $user_id, session_time = $current_time, session_page = $page_id, session_logged_in = $login + WHERE (session_id = ".$HTTP_COOKIE_VARS[$cookiename]['sessionid'].") + AND (session_ip = '$int_ip')"; + + $result = $db->sql_query($sql_update); + + if(!$result || !$db->sql_affectedrows()) + { + mt_srand( (double) microtime() * 1000000); + $session_id = mt_rand(); + + $sql_insert = "INSERT INTO ".SESSIONS_TABLE." + (session_id, session_user_id, session_time, session_ip, session_page, session_logged_in) + VALUES + ($session_id, $user_id, $current_time, '$int_ip', $page_id, $login)"; + $result = $db->sql_query($sql_insert); + if(!$result) + { + if(DEBUG) + { + error_die(SQL_QUERY, "Error creating new session : session_begin", __LINE__, __FILE__); + } + else + { + error_die(SESSION_CREATE); + } + } + + setcookie($cookiename."[sessionid]", $session_id, $session_length, $cookiepath, $cookiedomain, $cookiesecure); + } + else + { + $session_id = $HTTP_COOKIE_VARS[$cookiename]['sessionid']; + } + + if(!empty($password) && AUTOLOGON) + { + setcookie($cookiename."[useridref]", $password, $cookielife, $cookiepath, $cookiedomain, $cookiesecure); + } + setcookie($cookiename."[userid]", $user_id, $cookielife, $cookiepath, $cookiedomain, $cookiesecure); + setcookie($cookiename."[sessionstart]", $current_time, $cookielife, $cookiepath, $cookiedomain, $cookiesecure); + setcookie($cookiename."[sessiontime]", $current_time, $session_length, $cookiepath, $cookiedomain, $cookiesecure); + +// echo $sql_update."

      ".$sql_insert."

      "; + + } + + return $session_id; + +} // session_begin + + +// +// Checks for a given user session, tidies session +// table and updates user sessions at each page refresh +// +function session_pagestart($user_ip, $thispage_id, $session_length) +{ + global $db; + global $cookiename, $cookiedomain, $cookiepath, $cookiesecure, $cookielife; + global $HTTP_COOKIE_VARS; + + unset($userdata); + $current_time = time(); + $int_ip = encode_ip($user_ip); + + // + // Delete expired sessions + // + $expiry_time = $current_time - $session_length; + $sql = "DELETE FROM ".SESSIONS_TABLE." + WHERE session_time < $expiry_time"; + $result = $db->sql_query($sql); + if(!$result) + { + if(DEBUG) + { + error_die(SQL_QUERY, "Error clearing sessions table : session_pagestart", __LINE__, __FILE__); + } + else + { + error_die(SESSION_CREATE); + } + } + + if(isset($HTTP_COOKIE_VARS[$cookiename]['userid'])) + { + // + // userid exists so go ahead and grab all + // data in preparation + // + $userid = $HTTP_COOKIE_VARS[$cookiename]['userid']; + $sql = "SELECT u.*, s.session_id, s.session_time, s.session_logged_in, b.ban_ip, b.ban_userid + FROM ".USERS_TABLE." u + LEFT JOIN ".BANLIST_TABLE." b ON ( (b.ban_ip = '$int_ip' OR b.ban_userid = u.user_id) + AND ( b.ban_start < $current_time AND b.ban_end > $current_time ) ) + LEFT JOIN ".SESSIONS_TABLE." s ON ( u.user_id = s.session_user_id AND s.session_ip = '$int_ip' ) + WHERE u.user_id = $userid"; + $result = $db->sql_query($sql); + if (!$result) + { + if(DEBUG) + { + error_die(SQL_QUERY, "Error doing DB query userdata row fetch : session_pagestart", __LINE__, __FILE__); + } + else + { + error_die(SESSION_CREATE); + } + } + $userdata = $db->sql_fetchrow($result); + } + + if($userdata['user_id'] != ''){ // The ID in the cookie was really in the DB. + // + // Check for user and ip ban ... + // + if($userdata['ban_ip'] || $userdata['ban_userid']) + { + error_die(BANNED); + } + + // + // Now, check to see if a session exists. + // If it does then update it, if it doesn't + // then create one. + // + if(isset($HTTP_COOKIE_VARS[$cookiename]['sessionid'])) + { + + // + // Is the id the same as that in the cookie? + // If it is then we see if it needs updating + // + if($HTTP_COOKIE_VARS[$cookiename]['sessionid'] == $userdata['session_id']) + { + + // + // Only update session DB a minute or so after last update + // + if($current_time - $userdata['session_time'] > 60) + { + + $sql = "UPDATE ".SESSIONS_TABLE." + SET session_time = '$current_time', session_page = '$thispage_id' + WHERE (session_id = ".$userdata['session_id'].") + AND (session_ip = '$int_ip') + AND (session_user_id = ".$userdata['user_id'].")"; + $result = $db->sql_query($sql); + if(!$result) + { + if(DEBUG) + { + error_die(SQL_QUERY, "Error updating sessions table : session_pagestart", __LINE__, __FILE__); + } + else + { + error_die(SESSION_CREATE); + } + } + else + { + // + // Update was success, send current time to cookie + // and return userdata + // + setcookie($cookiename."[sessiontime]", $current_time, $session_length, $cookiepath, $cookiedomain, $cookiesecure); + + return $userdata; + } // if (affectedrows) + + } // if (current_time) + + // + // We didn't need to update session + // so just return userdata + // + return $userdata; + + } // if (cookie session_id = DB session id) + + } // if session_id cookie set + + // + // If we reach here then we have a valid + // user_id set in the cookie but no + // active session. So, try and create + // new session (uses AUTOLOGON to determine + // if user should be logged back on automatically) + // + if(AUTOLOGON && isset($HTTP_COOKIE_VARS[$cookiename]['useridref'])) + { + if($HTTP_COOKIE_VARS[$cookiename]['useridref'] == $userdata['user_password']) + { + $autologon = 1; + $password = $userdata['user_password']; + $userdata['session_logged_in'] = 1; + } + else + { + $autologon = 0; + $password = ""; + $userdata['session_logged_in'] = 0; + } + } + else + { + $autologon = 0; + $password = ""; + $userdata['session_logged_in'] = 0; + } + $result = session_begin($userdata['user_id'], $user_ip, $thispage_id, $session_length, $autologon, $password); + if(!$result) + { + if(DEBUG) + { + error_die(SQL_QUERY, "Error creating ".$userdata['user_id']." session : session_pagestart", __LINE__, __FILE__); + } + else + { + error_die(SESSION_CREATE); + } + } + + } + else + { + + // + // No userid cookie exists so we'll + // set up a new anonymous session + // + $result = session_begin(ANONYMOUS, $user_ip, $thispage_id, $session_length, 0); + if(!$result) + { + if(DEBUG) + { + error_die(SQL_QUERY, "Error creating anonymous session : session_pagestart", __LINE__, __FILE__); + } + else + { + error_die(SESSION_CREATE); + } + } + $userdata['session_logged_in'] = 0; + } + + return $userdata; + +} // session_check() + +// +// session_end closes out a session +// deleting the corresponding entry +// in the sessions table +// +function session_end($session_id, $user_id) +{ + + global $db; + global $cookiename, $cookiedomain, $cookiepath, $cookiesecure, $cookielife; + + $current_time = time(); + + $sql = "DELETE FROM ".SESSIONS_TABLE." + WHERE (session_user_id = $user_id) + AND (session_id = $session_id)"; + $result = $db->sql_query($sql, $db); + if (!$result) + { + if(DEBUG) + { + error_die(SQL_QUERY, "Couldn't delete user session : session_eng()", __LINE__, __FILE__); + } + else + { + error_die(SESSION_CREATE); + } + } + + setcookie($cookiename."[sessionid]", ""); + setcookie($cookiename."[sessionend]", $current_time, $cookielife, $cookiepath, $cookiedomain, $cookiesecure); + + return true; + +} // session_end() + +?> diff --git a/phpBB/viewtopic.php b/phpBB/viewtopic.php index 7b0e90bed6..2f89b1e8d6 100644 --- a/phpBB/viewtopic.php +++ b/phpBB/viewtopic.php @@ -22,7 +22,7 @@ ***************************************************************************/ include('extension.inc'); include('common.'.$phpEx); -include('functions/bbcode.'.$phpEx); +include('includes/bbcode.'.$phpEx); if(!isset($HTTP_GET_VARS['topic'])) // For backward compatibility {