makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-28 06:08:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

Permission related updates ... is still not final but is getting there ... faster than British Rail too

Browse source 
git-svn-id: file:///svn/phpbb/trunk@2943 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Paul S. Owen 2002-10-08 20:11:59 +00:00
parent 64aee6d171
commit 1d0e4ee436
40 changed files with 891 additions and 1213 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

34
phpBB/admin/admin_ban.php
View file

@ -23,7 +23,7 @@ define('IN_PHPBB', 1);
if( !empty($setmodules) )
{
if ( !$auth->get_acl_admin('ban') )
if ( !$auth->acl_get('a_ban') )
{
return;
}
@ -36,9 +36,7 @@ if( !empty($setmodules) )
return;
}
//
// Load default header
//
$phpbb_root_path = '../';
require($phpbb_root_path . 'extension.inc');
require('pagestart.' . $phpEx);
@ -46,7 +44,7 @@ require('pagestart.' . $phpEx);
//
// Do we have ban permissions?
//
if ( !$auth->get_acl_admin('ban') )
if ( !$auth->acl_get('a_ban') )
{
return;
}
@ -54,9 +52,9 @@ if ( !$auth->get_acl_admin('ban') )
//
// Mode setting
//
if ( isset($HTTP_POST_VARS['mode']) || isset($HTTP_GET_VARS['mode']) )
if ( isset($_POST['mode']) || isset($_GET['mode']) )
{
$mode = ( isset($HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode'];
$mode = ( isset($_POST['mode']) ) ? $_POST['mode'] : $_GET['mode'];
}
else
{
@ -68,21 +66,21 @@ $current_time = time();
//
// Start program
//
if ( isset($HTTP_POST_VARS['bansubmit']) )
if ( isset($_POST['bansubmit']) )
{
$ban_reason = ( isset($HTTP_POST_VARS['banreason']) ) ? $HTTP_POST_VARS['banreason'] : '';
$ban_list = array_unique(explode("\n", $HTTP_POST_VARS['ban']));
$ban_reason = ( isset($_POST['banreason']) ) ? $_POST['banreason'] : '';
$ban_list = array_unique(explode("\n", $_POST['ban']));
$ban_list_log = implode(', ', $ban_list);
if ( !empty($HTTP_POST_VARS['banlength']) )
if ( !empty($_POST['banlength']) )
{
if ( $HTTP_POST_VARS['banlength'] != -1 || empty($HTTP_POST_VARS['banlengthother']) )
if ( $_POST['banlength'] != -1 || empty($_POST['banlengthother']) )
{
$ban_end = max($current_time, $current_time + ( intval($HTTP_POST_VARS['banlength']) * 60 ));
$ban_end = max($current_time, $current_time + ( intval($_POST['banlength']) * 60 ));
}
else
{
$ban_other = explode('-', $HTTP_POST_VARS['banlengthother']);
$ban_other = explode('-', $_POST['banlengthother']);
$ban_end = max($current_time, gmmktime(0, 0, 0, $ban_other[1], $ban_other[2], $ban_other[0]));
}
}
@ -130,9 +128,7 @@ if ( isset($HTTP_POST_VARS['bansubmit']) )
{
if ( preg_match('/^([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})[ ]*\-[ ]*([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})$/', trim($ban_list[$i]), $ip_range_explode) )
{
//
// Don't ask about all this, just don't ask ... !
//
$ip_1_counter = $ip_range_explode[1];
$ip_1_end = $ip_range_explode[5];
@ -312,12 +308,12 @@ if ( isset($HTTP_POST_VARS['bansubmit']) )
message_die(MESSAGE, $message);
}
else if ( isset($HTTP_POST_VARS['unbansubmit']) )
else if ( isset($_POST['unbansubmit']) )
{
$unban_sql = '';
for($i = 0; $i < count($HTTP_POST_VARS['unban']); $i++ )
for($i = 0; $i < count($_POST['unban']); $i++ )
{
$unban_sql .= ( ( $unban_sql != '' ) ? ', ' : '' ) . intval($HTTP_POST_VARS['unban'][$i]);
$unban_sql .= ( ( $unban_sql != '' ) ? ', ' : '' ) . intval($_POST['unban'][$i]);
}
if ( $unban_sql != '' )
@ -326,7 +322,7 @@ else if ( isset($HTTP_POST_VARS['unbansubmit']) )
WHERE ban_id IN ($unban_sql)";
$db->sql_query($sql);
add_admin_log('log_unban_' . $mode, sizeof($HTTP_POST_VARS['unban']));
add_admin_log('log_unban_' . $mode, sizeof($_POST['unban']));
}
message_die(MESSAGE, $lang['Ban_update_sucessful']);

36
phpBB/admin/admin_board.php
View file

@ -21,7 +21,7 @@
if ( !empty($setmodules) )
{
if ( !$auth->get_acl_admin('general') )
if ( !$auth->acl_get('a_general') )
{
return;
}
@ -37,31 +37,29 @@ if ( !empty($setmodules) )
return;
}
//
// Let's set the root dir for phpBB
//
define('IN_PHPBB', 1);
$phpbb_root_path = '../';
require($phpbb_root_path . 'extension.inc');
require('pagestart.' . $phpEx);
if ( !$auth->get_acl_admin('general') )
// Are we authed?
if ( !$auth->acl_get('a_general') )
{
message_die(MESSAGE, $lang['No_admin']);
}
if ( isset($HTTP_POST_VARS['mode']) || isset($HTTP_GET_VARS['mode']) )
// Get mod
if ( isset($_POST['mode']) || isset($_GET['mode']) )
{
$mode = ( isset($HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode'];
$mode = ( isset($_POST['mode']) ) ? $_POST['mode'] : $_GET['mode'];
}
else
{
$mode = '';
}
//
// Pull all config data
//
$sql = "SELECT *
FROM " . CONFIG_TABLE;
$result = $db->sql_query($sql);
@ -72,9 +70,9 @@ while ( $row = $db->sql_fetchrow($result) )
$config_value = $row['config_value'];
$default_config[$config_name] = $config_value;
$new[$config_name] = ( isset($HTTP_POST_VARS[$config_name]) ) ? $HTTP_POST_VARS[$config_name] : $default_config[$config_name];
$new[$config_name] = ( isset($_POST[$config_name]) ) ? $_POST[$config_name] : $default_config[$config_name];
if ( isset($HTTP_POST_VARS['submit']) )
if ( isset($_POST['submit']) )
{
$sql = "UPDATE " . CONFIG_TABLE . " SET
config_value = '" . str_replace("\'", "''", $new[$config_name]) . "'
@ -83,7 +81,7 @@ while ( $row = $db->sql_fetchrow($result) )
}
}
if ( isset($HTTP_POST_VARS['submit']) )
if ( isset($_POST['submit']) )
{
add_admin_log('log_' . $mode . '_config');
message_die(MESSAGE, $lang['Config_updated']);
@ -163,10 +161,6 @@ switch ( $mode )
<td class="row1"><?php echo $lang['Cookie_secure']; ?>: <br /><span class="gensmall"><?php echo $lang['Cookie_secure_explain']; ?></span></td>
<td class="row2"><input type="radio" name="cookie_secure" value="0"<?php echo $cookie_secure_no; ?> /><?php echo $lang['Disabled']; ?>&nbsp; &nbsp;<input type="radio" name="cookie_secure" value="1"<?php echo $cookie_secure_yes; ?> /><?php echo $lang['Enabled']; ?></td>
</tr>
<tr>
<td class="row1"><?php echo $lang['Session_length']; ?>: </td>
<td class="row2"><input type="text" maxlength="5" size="5" name="session_length" value="<?php echo $new['session_length']; ?>" /></td>
</tr>
<?php
break;
@ -490,6 +484,10 @@ switch ( $mode )
<td class="row1"><?php echo $lang['Limit_load']; ?>: <br /><span class="gensmall"><?php echo $lang['Limit_load_explain']; ?></span></td>
<td class="row2"><input type="text" size="4" maxlength="4" name="limit_load" value="<?php echo $new['limit_load']; ?>" /></td>
</tr>
<tr>
<td class="row1"><?php echo $lang['Session_length']; ?>: </td>
<td class="row2"><input type="text" maxlength="5" size="5" name="session_length" value="<?php echo $new['session_length']; ?>" /></td>
</tr>
<tr>
<td class="row1"><?php echo $lang['Limit_sessions']; ?>: <br /><span class="gensmall"><?php echo $lang['Limit_sessions_explain']; ?></span></td>
<td class="row2"><input type="text" size="4" maxlength="4" name="active_sessions" value="<?php echo $new['active_sessions']; ?>" /></td>
@ -512,18 +510,14 @@ switch ( $mode )
case 'auth':
?>
<?php
$auth_plugins = array();
$dp = opendir($phpbb_root_path . 'includes/auth');
while ( $file = readdir($dp) )
{
if ( preg_match('/^auth_(.*?)\.' . $phpEx . '$/', $file) )
if ( preg_match('#^auth_(.*?)\.' . $phpEx . '$#', $file) )
{
$auth_plugins[] = preg_replace('/^auth_(.*?)\.' . $phpEx . '$/', '\1', $file);
$auth_plugins[] = preg_replace('#^auth_(.*?)\.' . $phpEx . '$#', '\1', $file);
}
}

26
phpBB/admin/admin_database.php
View file

@ -21,7 +21,7 @@
if ( !empty($setmodules) )
{
if ( !$auth->get_acl_admin('general') )
if ( !$auth->acl_get('a_general') )
{
return;
}
@ -50,7 +50,7 @@ include($phpbb_root_path . 'includes/functions_admin.'.$phpEx);
//
// Do we have DB backup/restore permissions?
//
if ( !$auth->get_acl_admin('general') )
if ( !$auth->acl_get('a_general') )
{
message_die(MESSAGE, $lang['No_admin']);
}
@ -61,7 +61,7 @@ if ( !$auth->get_acl_admin('general') )
//
@set_time_limit(1200);
$mode = ( isset($HTTP_GET_VARS['mode']) ) ? $HTTP_GET_VARS['mode'] : '';
$mode = ( isset($_GET['mode']) ) ? $_GET['mode'] : '';
//
// Begin program proper
@ -89,13 +89,13 @@ switch( $mode )
break;
}
$additional_tables = ( isset($HTTP_POST_VARS['tables']) ) ? $HTTP_POST_VARS['tables'] : ( ( isset($HTTP_GET_VARS['tables']) ) ? $HTTP_GET_VARS['tables'] : '' );
$backup_type = ( isset($HTTP_POST_VARS['type']) ) ? $HTTP_POST_VARS['type'] : ( ( isset($HTTP_GET_VARS['type']) ) ? $HTTP_GET_VARS['type'] : '' );
$search = ( !empty($HTTP_POST_VARS['search']) ) ? intval($HTTP_POST_VARS['search']) : ( ( !empty($HTTP_GET_VARS['search']) ) ? intval($HTTP_GET_VARS['search']) : 0 );
$store_path = ( isset($HTTP_POST_VARS['store']) ) ? $HTTP_POST_VARS['store'] : ( ( isset($HTTP_GET_VARS['store']) ) ? $HTTP_GET_VARS['store'] : '' );
$compress = ( !empty($HTTP_POST_VARS['compress']) ) ? $HTTP_POST_VARS['compress'] : ( ( !empty($HTTP_GET_VARS['compress']) ) ? $HTTP_GET_VARS['compress'] : 'none' );
$additional_tables = ( isset($_POST['tables']) ) ? $_POST['tables'] : ( ( isset($_GET['tables']) ) ? $_GET['tables'] : '' );
$backup_type = ( isset($_POST['type']) ) ? $_POST['type'] : ( ( isset($_GET['type']) ) ? $_GET['type'] : '' );
$search = ( !empty($_POST['search']) ) ? intval($_POST['search']) : ( ( !empty($_GET['search']) ) ? intval($_GET['search']) : 0 );
$store_path = ( isset($_POST['store']) ) ? $_POST['store'] : ( ( isset($_GET['store']) ) ? $_GET['store'] : '' );
$compress = ( !empty($_POST['compress']) ) ? $_POST['compress'] : ( ( !empty($_GET['compress']) ) ? $_GET['compress'] : 'none' );
if ( !isset($HTTP_POST_VARS['backupstart']) && !isset($HTTP_GET_VARS['backupstart']) )
if ( !isset($_POST['backupstart']) && !isset($_GET['backupstart']) )
{
page_header($lang['DB_Backup']);
@ -166,7 +166,7 @@ switch( $mode )
break;
}
else if ( !isset($HTTP_POST_VARS['startdownload']) && !isset($HTTP_GET_VARS['startdownload']) )
else if ( !isset($_POST['startdownload']) && !isset($_GET['startdownload']) )
{
$meta = "<meta http-equiv=\"refresh\" content=\"0;url=admin_database.$phpEx?mode=backup&amp;type=$backup_type&amp;tables=" . quotemeta($additional_tables) . "&amp;search=$search&amp;store=" . quotemeta($store_path) . "&amp;compress=$compress&amp;backupstart=1&amp;startdownload=1\">";
@ -309,15 +309,15 @@ switch( $mode )
case 'restore':
if ( isset($HTTP_POST_VARS['restorestart']) )
if ( isset($_POST['restorestart']) )
{
//
// Handle the file upload ....
// If no file was uploaded report an error...
//
if ( !empty($HTTP_POST_VARS['local']) )
if ( !empty($_POST['local']) )
{
$file_tmpname = './../' . str_replace('\\\\', '/', $HTTP_POST_VARS['local']);
$file_tmpname = './../' . str_replace('\\\\', '/', $_POST['local']);
$filename = substr($file_tmpname, strrpos($file_tmpname, '/'));
}
else

12
phpBB/admin/admin_disallow.php
View file

@ -23,7 +23,7 @@ define('IN_PHPBB', 1);
if( !empty($setmodules) )
{
if ( !$auth->get_acl_admin('user') )
if ( !$auth->acl_get('a_user') )
{
return;
}
@ -45,16 +45,16 @@ require('pagestart.' . $phpEx);
//
// Do we have user admin permissions?
//
if ( !$auth->get_acl_admin('user') )
if ( !$auth->acl_get('a_user') )
{
return;
}
if( isset($HTTP_POST_VARS['add_name']) )
if( isset($_POST['add_name']) )
{
include($phpbb_root_path . 'includes/functions_validate.'.$phpEx);
$disallowed_user = ( isset($HTTP_POST_VARS['disallowed_user']) ) ? $HTTP_POST_VARS['disallowed_user'] : $HTTP_GET_VARS['disallowed_user'];
$disallowed_user = ( isset($_POST['disallowed_user']) ) ? $_POST['disallowed_user'] : $_GET['disallowed_user'];
$disallowed_user = str_replace('*', '%', $disallowed_user);
if ( !validate_username($disallowed_user) )
@ -76,9 +76,9 @@ if( isset($HTTP_POST_VARS['add_name']) )
message_die(MESSAGE, $message);
}
else if( isset($HTTP_POST_VARS['delete_name']) )
else if( isset($_POST['delete_name']) )
{
$disallowed_id = ( isset($HTTP_POST_VARS['disallowed_id']) ) ? intval( $HTTP_POST_VARS['disallowed_id'] ) : intval( $HTTP_GET_VARS['disallowed_id'] );
$disallowed_id = ( isset($_POST['disallowed_id']) ) ? intval( $_POST['disallowed_id'] ) : intval( $_GET['disallowed_id'] );
$sql = "DELETE FROM " . DISALLOW_TABLE . "
WHERE disallow_id = $disallowed_id";

12
phpBB/admin/admin_email.php
View file

@ -21,7 +21,7 @@
if ( !empty($setmodules) )
{
if ( !$auth->get_acl_admin('general') )
if ( !$auth->acl_get('a_general') )
{
return;
}
@ -43,7 +43,7 @@ require('pagestart.' . $phpEx);
//
// Do we have general admin permissions?
//
if ( !$auth->get_acl_admin('general') )
if ( !$auth->acl_get('a_general') )
{
return;
}
@ -57,7 +57,7 @@ $subject = '';
//
// Do the job ...
//
if ( isset($HTTP_POST_VARS['submit']) )
if ( isset($_POST['submit']) )
{
//
// Increase maximum execution time in case of a lot of users, but don't complain about it if it isn't
@ -65,7 +65,7 @@ if ( isset($HTTP_POST_VARS['submit']) )
//
@set_time_limit(1200);
$group_id = intval($HTTP_POST_VARS['g']);
$group_id = intval($_POST['g']);
$sql = ( $group_id != -1 ) ? "SELECT u.user_email FROM " . USERS_TABLE . " u, " . USER_GROUP_TABLE . " ug WHERE ug.group_id = $group_id AND ug.user_pending <> " . TRUE . " AND u.user_id = ug.user_id" : "SELECT user_email FROM " . USERS_TABLE;
$result = $db->sql_query($sql);
@ -78,8 +78,8 @@ if ( isset($HTTP_POST_VARS['submit']) )
//
}
$subject = stripslashes($HTTP_POST_VARS['subject']);
$message = stripslashes($HTTP_POST_VARS['message']);
$subject = stripslashes($_POST['subject']);
$message = stripslashes($_POST['message']);
//
// Error checking needs to go here ... if no subject and/or

4
phpBB/admin/admin_forums.php
View file

@ -21,7 +21,7 @@
if (!empty($setmodules))
{
if (!$auth->get_acl_admin('forum'))
if (!$auth->acl_get('a_forum'))
{
return;
}
@ -43,7 +43,7 @@ include($phpbb_root_path . 'includes/functions_admin.'.$phpEx);
//
// Do we have forum admin permissions?
//
if (!$auth->get_acl_admin('forum'))
if (!$auth->acl_get('a_forum'))
{
message_die(MESSAGE, $lang['No_admin']);
}

34
phpBB/admin/admin_groups.php
View file

@ -21,7 +21,7 @@
if( !empty($setmodules) )
{
if ( !$auth->get_acl_admin('group') )
if ( !$auth->acl_get('a_group') )
{
return;
}
@ -45,14 +45,14 @@ require('pagestart.' . $phpEx);
//
// Do we have general permissions?
//
if ( !$auth->get_acl_admin('group') )
if ( !$auth->acl_get('a_group') )
{
message_die(MESSAGE, $lang['No_admin']);
}
if( isset($HTTP_POST_VARS[POST_GROUPS_URL]) || isset($HTTP_GET_VARS[POST_GROUPS_URL]) )
if( isset($_POST[POST_GROUPS_URL]) || isset($_GET[POST_GROUPS_URL]) )
{
$group_id = ( isset($HTTP_POST_VARS[POST_GROUPS_URL]) ) ? intval($HTTP_POST_VARS[POST_GROUPS_URL]) : intval($HTTP_GET_VARS[POST_GROUPS_URL]);
$group_id = ( isset($_POST[POST_GROUPS_URL]) ) ? intval($_POST[POST_GROUPS_URL]) : intval($_GET[POST_GROUPS_URL]);
}
else
{
@ -62,16 +62,16 @@ else
//
// Mode setting
//
if( isset($HTTP_POST_VARS['mode']) || isset($HTTP_GET_VARS['mode']) )
if( isset($_POST['mode']) || isset($_GET['mode']) )
{
$mode = ( isset($HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode'];
$mode = ( isset($_POST['mode']) ) ? $_POST['mode'] : $_GET['mode'];
}
else
{
$mode = "";
}
if( isset($HTTP_POST_VARS['edit']) || isset($HTTP_POST_VARS['new']) )
if( isset($_POST['edit']) || isset($_POST['new']) )
{
//
// Ok they are editing a group or creating a new group
@ -80,7 +80,7 @@ if( isset($HTTP_POST_VARS['edit']) || isset($HTTP_POST_VARS['new']) )
"body" => "admin/group_edit_body.tpl")
);
if ( isset($HTTP_POST_VARS['edit']) )
if ( isset($_POST['edit']) )
{
//
// They're editing. Grab the vars.
@ -105,7 +105,7 @@ if( isset($HTTP_POST_VARS['edit']) || isset($HTTP_POST_VARS['new']) )
$template->assign_block_vars("group_edit", array());
}
else if( isset($HTTP_POST_VARS['new']) )
else if( isset($_POST['new']) )
{
$group_info = array (
"group_name" => "",
@ -152,7 +152,7 @@ if( isset($HTTP_POST_VARS['edit']) || isset($HTTP_POST_VARS['new']) )
"GROUP_MODERATOR" => $group_moderator,
"L_GROUP_TITLE" => $lang['Group_administration'],
"L_GROUP_EDIT_DELETE" => ( isset($HTTP_POST_VARS['new']) ) ? $lang['New_group'] : $lang['Edit_group'],
"L_GROUP_EDIT_DELETE" => ( isset($_POST['new']) ) ? $lang['New_group'] : $lang['Edit_group'],
"L_GROUP_NAME" => $lang['group_name'],
"L_GROUP_DESCRIPTION" => $lang['group_description'],
"L_GROUP_MODERATOR" => $lang['group_moderator'],
@ -184,12 +184,12 @@ if( isset($HTTP_POST_VARS['edit']) || isset($HTTP_POST_VARS['new']) )
$template->pparse('body');
}
else if( isset($HTTP_POST_VARS['group_update']) )
else if( isset($_POST['group_update']) )
{
//
// Ok, they are submitting a group, let's save the data based on if it's new or editing
//
if( isset($HTTP_POST_VARS['group_delete']) )
if( isset($_POST['group_delete']) )
{
$sql = "DELETE FROM " . GROUPS_TABLE . "
WHERE group_id = " . $group_id;
@ -218,11 +218,11 @@ else if( isset($HTTP_POST_VARS['group_update']) )
}
else
{
$group_type = isset($HTTP_POST_VARS['group_type']) ? intval($HTTP_POST_VARS['group_type']) : GROUP_OPEN;
$group_name = isset($HTTP_POST_VARS['group_name']) ? trim($HTTP_POST_VARS['group_name']) : "";
$group_description = isset($HTTP_POST_VARS['group_description']) ? trim($HTTP_POST_VARS['group_description']) : "";
$group_moderator = isset($HTTP_POST_VARS['username']) ? $HTTP_POST_VARS['username'] : "";
$delete_old_moderator = isset($HTTP_POST_VARS['delete_old_moderator']) ? intval($HTTP_POST_VARS['delete_old_moderator']) : "";
$group_type = isset($_POST['group_type']) ? intval($_POST['group_type']) : GROUP_OPEN;
$group_name = isset($_POST['group_name']) ? trim($_POST['group_name']) : "";
$group_description = isset($_POST['group_description']) ? trim($_POST['group_description']) : "";
$group_moderator = isset($_POST['username']) ? $_POST['username'] : "";
$delete_old_moderator = isset($_POST['delete_old_moderator']) ? intval($_POST['delete_old_moderator']) : "";
if( $group_name == "" )
{

93
phpBB/admin/admin_permissions.php
View file

@ -21,7 +21,7 @@
if ( !empty($setmodules) )
{
if ( !$auth->get_acl_admin('auth') )
if ( !$auth->acl_get('a_auth') )
{
return;
}
@ -42,21 +42,18 @@ define('IN_PHPBB', 1);
$phpbb_root_path = '../';
require($phpbb_root_path . 'extension.inc');
require('pagestart.' . $phpEx);
require($phpbb_root_path . 'includes/functions_admin.'.$phpEx);
//
// Do we have forum admin permissions?
//
if ( !$auth->get_acl_admin('auth') )
if ( !$auth->acl_get('a_auth') )
{
message_die(MESSAGE, $lang['No_admin']);
}
//
// Define some vars
//
if ( isset($HTTP_GET_VARS['f']) || isset($HTTP_POST_VARS['f']) )
if ( isset($_GET['f']) || isset($_POST['f']) )
{
$forum_id = ( isset($HTTP_POST_VARS['f']) ) ? intval($HTTP_POST_VARS['f']) : intval($HTTP_GET_VARS['f']);
$forum_id = ( isset($_POST['f']) ) ? intval($_POST['f']) : intval($_GET['f']);
$forum_sql = " WHERE forum_id = $forum_id";
}
else
@ -65,9 +62,9 @@ else
$forum_sql = '';
}
if ( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) )
if ( isset($_GET['mode']) || isset($_POST['mode']) )
{
$mode = ( isset($HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode'];
$mode = ( isset($_POST['mode']) ) ? $_POST['mode'] : $_GET['mode'];
}
else
{
@ -108,45 +105,49 @@ switch ( $mode )
// to all other options, e.g. Moderator and Forums across the board.
// This is done via the acl class
//
if ( isset($HTTP_POST_VARS['update']) )
if ( isset($_POST['update']) )
{
switch ( $HTTP_POST_VARS['type'] )
$auth_admin = new auth_admin();
switch ( $_POST['type'] )
{
case 'user':
$set = 'set_acl_user';
$set = 'acl_set_user';
break;
case 'group':
$set = 'set_acl_group';
$set = 'acl_set_group';
break;
}
foreach ( $HTTP_POST_VARS['entries'] as $id )
foreach ( $_POST['entries'] as $id )
{
$auth->$set($forum_id, $id, $HTTP_POST_VARS['option']);
$auth_admin->$set($forum_id, $id, $_POST['option']);
}
message_die(MESSAGE, 'Permissions updated successfully');
}
else if ( isset($HTTP_POST_VARS['delete']) )
else if ( isset($_POST['delete']) )
{
switch ( $HTTP_POST_VARS['type'] )
$auth_admin = new auth_admin();
switch ( $_POST['type'] )
{
case 'user':
$set = 'delete_acl_user';
$set = 'acl_delete_user';
break;
case 'group':
$set = 'delete_acl_group';
$set = 'acl_delete_group';
break;
}
$option_ids = false;
if ( !empty($HTTP_POST_VARS['option']) )
if ( !empty($_POST['option']) )
{
$sql = "SELECT auth_option_id
FROM " . ACL_OPTIONS_TABLE . "
WHERE auth_value LIKE '" . $HTTP_POST_VARS['option'] . "_%'";
WHERE auth_value LIKE '" . $_POST['option'] . "_%'";
$result = $db->sql_query($sql);
if ( $row = $db->sql_fetchrow($result) )
@ -161,9 +162,9 @@ else if ( isset($HTTP_POST_VARS['delete']) )
$db->sql_freeresult($result);
}
foreach ( $HTTP_POST_VARS['entries'] as $id )
foreach ( $_POST['entries'] as $id )
{
$auth->$set($forum_id, $id, $option_ids);
$auth_admin->$set($forum_id, $id, $option_ids);
}
message_die(MESSAGE, 'Permissions updated successfully');
@ -209,22 +210,22 @@ if ( !empty($forum_id) || $mode == 'administrators' || $mode == 'supermoderators
switch ( $mode )
{
case 'forums':
$type_sql = 'forum';
$type_sql = 'f';
$forum_sql = "AND a.forum_id = $forum_id";
break;
case 'moderators':
$type_sql = 'mod';
$type_sql = 'm';
$forum_sql = "AND a.forum_id = $forum_id";
break;
case 'supermoderators':
$type_sql = 'mod';
$type_sql = 'm';
$forum_sql = '';
break;
case 'administrators':
$type_sql = 'admin';
$type_sql = 'a';
$forum_sql = '';
break;
}
@ -241,7 +242,7 @@ if ( !empty($forum_id) || $mode == 'administrators' || $mode == 'supermoderators
}
$db->sql_freeresult($result);
if ( empty($HTTP_POST_VARS['advanced']) || empty($HTTP_POST_VARS['entries']) )
if ( empty($_POST['advanced']) || empty($_POST['entries']) )
{
?>
@ -351,15 +352,14 @@ if ( !empty($forum_id) || $mode == 'administrators' || $mode == 'supermoderators
else
{
//
// Founder only operations ... these operations can
// only be altered by someone with founder status
//
$founder_sql = ( !$userdata['user_founder'] ) ? ' AND founder_only <> 1' : '';
$sql = "SELECT auth_option_id, auth_value
FROM " . ACL_OPTIONS_TABLE . "
WHERE auth_value LIKE '" . $type_sql . "_%'
AND auth_value <> '" . $type_sql . "_'
$founder_sql";
$result = $db->sql_query($sql);
@ -370,29 +370,29 @@ if ( !empty($forum_id) || $mode == 'administrators' || $mode == 'supermoderators
}
$db->sql_freeresult($result);
if ( $HTTP_POST_VARS['type'] == 'user' && !empty($HTTP_POST_VARS['new']) )
if ( $_POST['type'] == 'user' && !empty($_POST['new']) )
{
$HTTP_POST_VARS['entries'] = explode("\n", $HTTP_POST_VARS['entries']);
$_POST['entries'] = explode("\n", $_POST['entries']);
}
$where_sql = '';
foreach ( $HTTP_POST_VARS['entries'] as $value )
foreach ( $_POST['entries'] as $value )
{
$where_sql .= ( ( $where_sql != '' ) ? ', ' : '' ) . ( ( $HTTP_POST_VARS['type'] == 'user' && !empty($HTTP_POST_VARS['new']) ) ? '\'' . $value . '\'' : intval($value) );
$where_sql .= ( ( $where_sql != '' ) ? ', ' : '' ) . ( ( $_POST['type'] == 'user' && !empty($_POST['new']) ) ? '\'' . $value . '\'' : intval($value) );
}
switch ( $HTTP_POST_VARS['type'] )
switch ( $_POST['type'] )
{
case 'group':
$l_type = 'Group';
$sql = ( empty($HTTP_POST_VARS['new']) ) ? "SELECT g.group_id AS id, g.group_name AS name, o.auth_value, a.auth_allow_deny FROM " . GROUPS_TABLE . " g, " . ACL_GROUPS_TABLE . " a, " . ACL_OPTIONS_TABLE . " o WHERE o.auth_value LIKE '" . $type_sql . "_%' AND a.auth_option_id = o.auth_option_id $forum_sql AND g.group_id = a.group_id AND g.group_id IN ($where_sql) ORDER BY g.group_name ASC" : "SELECT group_id AS id, group_name AS name FROM " . GROUPS_TABLE . " WHERE group_id IN ($where_sql) ORDER BY group_name ASC";
$sql = ( empty($_POST['new']) ) ? "SELECT g.group_id AS id, g.group_name AS name, o.auth_value, a.auth_allow_deny FROM " . GROUPS_TABLE . " g, " . ACL_GROUPS_TABLE . " a, " . ACL_OPTIONS_TABLE . " o WHERE o.auth_value LIKE '" . $type_sql . "_%' AND a.auth_option_id = o.auth_option_id $forum_sql AND g.group_id = a.group_id AND g.group_id IN ($where_sql) ORDER BY g.group_name ASC" : "SELECT group_id AS id, group_name AS name FROM " . GROUPS_TABLE . " WHERE group_id IN ($where_sql) ORDER BY group_name ASC";
break;
case 'user':
$l_type = 'User';
$sql = ( empty($HTTP_POST_VARS['new']) ) ? "SELECT u.user_id AS id, u.username AS name, u.user_founder, o.auth_value, a.auth_allow_deny FROM " . USERS_TABLE . " u, " . ACL_USERS_TABLE . " a, " . ACL_OPTIONS_TABLE . " o WHERE o.auth_value LIKE '" . $type_sql . "_%' AND a.auth_option_id = o.auth_option_id $forum_sql AND u.user_id = a.user_id AND u.user_id IN ($where_sql) ORDER BY u.username, u.user_regdate ASC" : "SELECT user_id AS id, username AS name, user_founder FROM " . USERS_TABLE . " WHERE username IN ($where_sql) ORDER BY username, user_regdate ASC";
$sql = ( empty($_POST['new']) ) ? "SELECT u.user_id AS id, u.username AS name, u.user_founder, o.auth_value, a.auth_allow_deny FROM " . USERS_TABLE . " u, " . ACL_USERS_TABLE . " a, " . ACL_OPTIONS_TABLE . " o WHERE o.auth_value LIKE '" . $type_sql . "_%' AND a.auth_option_id = o.auth_option_id $forum_sql AND u.user_id = a.user_id AND u.user_id IN ($where_sql) ORDER BY u.username, u.user_regdate ASC" : "SELECT user_id AS id, username AS name, user_founder FROM " . USERS_TABLE . " WHERE username IN ($where_sql) ORDER BY username, user_regdate ASC";
break;
}
@ -460,7 +460,7 @@ if ( !empty($forum_id) || $mode == 'administrators' || $mode == 'supermoderators
<td class="row1" colspan="5" align="center"><textarea cols="40" rows="3"><?php echo trim($ug); ?></textarea></td>
</tr>
<tr>
<td class="cat" colspan="5" align="center"><input class="mainoption" type="submit" name="update" value="<?php echo $lang['Update']; ?>" />&nbsp;&nbsp;<input class="liteoption" type="submit" name="cancel" value="<?php echo $lang['Cancel']; ?>" /><input type="hidden" name="f" value="<?php echo $forum_id; ?>" /><input type="hidden" name="type" value="<?php echo $HTTP_POST_VARS['type']; ?>" /><?php echo $ug_hidden; ?></td>
<td class="cat" colspan="5" align="center"><input class="mainoption" type="submit" name="update" value="<?php echo $lang['Update']; ?>" />&nbsp;&nbsp;<input class="liteoption" type="submit" name="cancel" value="<?php echo $lang['Cancel']; ?>" /><input type="hidden" name="f" value="<?php echo $forum_id; ?>" /><input type="hidden" name="type" value="<?php echo $_POST['type']; ?>" /><?php echo $ug_hidden; ?></td>
</tr>
</table></form>
@ -471,19 +471,8 @@ if ( !empty($forum_id) || $mode == 'administrators' || $mode == 'supermoderators
}
else
{
$sql = "SELECT left_id, right_id, forum_id, forum_name
FROM " . FORUMS_TABLE . "
ORDER BY forum_id ASC";
$result = $db->sql_query($sql);
$select_list = '';
$sub_forum = '';
while ( $row = $db->sql_fetchrow($result) )
{
$select_list .= '<option value="' . $row['forum_id'] . '">' . $sub_forum . $row['forum_name'] . '</option>';
$sub_forum .= ( $row['right_id'] - $row['left_id'] > 1 ) ? '&nbsp;&nbsp;' : '';
}
$db->sql_freeresult($result);
$select_list = make_forum_select('f');
page_header($l_title);
@ -498,7 +487,7 @@ else
<th align="center"><?php echo $lang['Select_a_Forum']; ?></th>
</tr>
<tr>
<td class="row1" align="center">&nbsp;<select name="f"><?php echo $select_list; ?></select> &nbsp;<input type="submit" value="<?php echo $lang['Look_up_Forum']; ?>" class="mainoption" />&nbsp;</td>
<td class="row1" align="center">&nbsp;<?php echo $select_list; ?> &nbsp;<input type="submit" value="<?php echo $lang['Look_up_Forum']; ?>" class="mainoption" />&nbsp;</td>
</tr>
</table></form>

44
phpBB/admin/admin_prune.php
View file

@ -21,7 +21,7 @@
if ( !empty($setmodules) )
{
if ( !$auth->get_acl_admin('forum') )
if ( !$auth->acl_get('a_forum') )
{
return;
}
@ -41,10 +41,8 @@ require($phpbb_root_path . 'extension.inc');
require('pagestart.' . $phpEx);
require($phpbb_root_path . 'includes/functions_admin.'.$phpEx);
//
// Do we have forum admin permissions?
//
if ( !$auth->get_acl_admin('forum') )
if ( !$auth->acl_get('a_forum') )
{
message_die(MESSAGE, $lang['No_admin']);
}
@ -52,9 +50,9 @@ if ( !$auth->get_acl_admin('forum') )
//
// Get the forum ID for pruning
//
if ( isset($HTTP_GET_VARS['f']) || isset($HTTP_POST_VARS['f']) )
if ( isset($_GET['f']) || isset($_POST['f']) )
{
$forum_id = ( isset($HTTP_POST_VARS['f']) ) ? intval($HTTP_POST_VARS['f']) : intval($HTTP_GET_VARS['f']);
$forum_id = ( isset($_POST['f']) ) ? intval($_POST['f']) : intval($_GET['f']);
$forum_sql = ( $forum_id == -1 ) ? '' : "AND forum_id = $forum_id";
}
else
@ -65,11 +63,9 @@ else
//
// Get a list of forum's or the data for the forum that we are pruning.
//
$sql = "SELECT f.*
FROM " . FORUMS_TABLE . " f, " . CATEGORIES_TABLE . " c
WHERE c.cat_id = f.cat_id
$forum_sql
ORDER BY c.cat_order ASC, f.forum_order ASC";
$sql = "SELECT forum_id, forum_name, left_id, right_id
FROM " . FORUMS_TABLE . "
ORDER BY left_id ASC";
$result = $db->sql_query($sql);
$forum_rows = array();
@ -77,13 +73,14 @@ while( $row = $db->sql_fetchrow($result) )
{
$forum_rows[] = $row;
}
$db->sql_freeresult($result);
//
// Check for submit to be equal to Prune. If so then proceed with the pruning.
//
if ( isset($HTTP_POST_VARS['doprune']) )
if ( isset($_POST['doprune']) )
{
$prunedays = ( isset($HTTP_POST_VARS['prunedays']) ) ? intval($HTTP_POST_VARS['prunedays']) : 0;
$prunedays = ( isset($_POST['prunedays']) ) ? intval($_POST['prunedays']) : 0;
// Convert days to seconds for timestamp functions...
$prunedate = time() - ( $prunedays * 86400 );
@ -133,10 +130,25 @@ else
//
// Output a selection table if no forum id has been specified.
//
$select_list .= '<option value="-1">' . $lang['All_Forums'] . '</option>';
for($i = 0; $i < count($forum_rows); $i++)
$select_list = '<option value="-1">' . $lang['All_Forums'] . '</option>';
$right = 0;
$subforum = '';
$forum_list = '';
foreach ( $forum_rows as $row )
{
$select_list .= '<option value="' . $forum_rows[$i]['forum_id'] . '">' . $forum_rows[$i]['forum_name'] . '</option>';
if ( $row['left_id'] < $right )
{
$subforum .= '&nbsp;&nbsp;&nbsp;';
}
else if ( $row['left_id'] > $right + 1 )
{
$subforum = substr($subforum, 0, -18 * ( $row['left_id'] - $right + 1 ));
}
$select_list .= '<option value="' . $row['forum_id'] . '">' . $subforum . $row['forum_name'] . '</option>';
$right = $row['right_id'];
}
?>

42
phpBB/admin/admin_prune_users.php
View file

@ -21,7 +21,7 @@
if ( !empty($setmodules) )
{
if ( !$auth->get_acl_admin('user') )
if ( !$auth->acl_get('a_user') )
{
return;
}
@ -43,7 +43,7 @@ require('pagestart.' . $phpEx);
//
// Do we have forum admin permissions?
//
if ( !$auth->get_acl_admin('user') )
if ( !$auth->acl_get('a_user') )
{
return;
}
@ -51,9 +51,9 @@ if ( !$auth->get_acl_admin('user') )
//
// Set mode
//
if( isset( $HTTP_POST_VARS['mode'] ) || isset( $HTTP_GET_VARS['mode'] ) )
if( isset( $_POST['mode'] ) || isset( $_GET['mode'] ) )
{
$mode = ( isset( $HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode'];
$mode = ( isset( $_POST['mode']) ) ? $_POST['mode'] : $_GET['mode'];
}
else
{
@ -63,9 +63,9 @@ else
//
//
//
if ( isset($HTTP_POST_VARS['prune']) )
if ( isset($_POST['prune']) )
{
if ( empty($HTTP_POST_VARS['confirm']) )
if ( empty($_POST['confirm']) )
{
$values = array('prune', 'deactivate', 'delete', 'users', 'username', 'email', 'joined_select', 'active_select', 'count_select', 'joined', 'active', 'count', 'deleteposts');
@ -73,7 +73,7 @@ if ( isset($HTTP_POST_VARS['prune']) )
foreach ( $values as $field )
{
$l_message .= ( !empty($HTTP_POST_VARS[$field]) ) ? '<input type="hidden" name="' . $field . '" value="' . urlencode($HTTP_POST_VARS[$field]) . '" />' : '';
$l_message .= ( !empty($_POST[$field]) ) ? '<input type="hidden" name="' . $field . '" value="' . urlencode($_POST[$field]) . '" />' : '';
}
$l_message .= '</form>';
@ -92,11 +92,11 @@ if ( isset($HTTP_POST_VARS['prune']) )
page_footer();
}
else if ( isset($HTTP_POST_VARS['confirm']) )
else if ( isset($_POST['confirm']) )
{
if ( !empty($HTTP_POST_VARS['users']) )
if ( !empty($_POST['users']) )
{
$users = explode("\n", urldecode($HTTP_POST_VARS['users']));
$users = explode("\n", urldecode($_POST['users']));
$where_sql = '';
foreach ( $users as $username )
@ -107,15 +107,15 @@ if ( isset($HTTP_POST_VARS['prune']) )
}
else
{
$username = ( !empty($HTTP_POST_VARS['username']) ) ? urldecode($HTTP_POST_VARS['username']) : '';
$email = ( !empty($HTTP_POST_VARS['email']) ) ? urldecode($HTTP_POST_VARS['email']) : '';
$username = ( !empty($_POST['username']) ) ? urldecode($_POST['username']) : '';
$email = ( !empty($_POST['email']) ) ? urldecode($_POST['email']) : '';
$joined_select = ( !empty($HTTP_POST_VARS['joined_select']) ) ? $HTTP_POST_VARS['joined_select'] : 'lt';
$active_select = ( !empty($HTTP_POST_VARS['active_select']) ) ? $HTTP_POST_VARS['active_select'] :'lt';
$count_select = ( !empty($HTTP_POST_VARS['count_select']) ) ? $HTTP_POST_VARS['count_select'] : 'eq';
$joined = ( !empty($HTTP_POST_VARS['joined']) ) ? explode('-', $HTTP_POST_VARS['joined']) : array();
$active = ( !empty($HTTP_POST_VARS['active']) ) ? explode('-', $HTTP_POST_VARS['active']) :array();
$count = ( !empty($HTTP_POST_VARS['count']) ) ? intval($HTTP_POST_VARS['count']) : '';
$joined_select = ( !empty($_POST['joined_select']) ) ? $_POST['joined_select'] : 'lt';
$active_select = ( !empty($_POST['active_select']) ) ? $_POST['active_select'] :'lt';
$count_select = ( !empty($_POST['count_select']) ) ? $_POST['count_select'] : 'eq';
$joined = ( !empty($_POST['joined']) ) ? explode('-', $_POST['joined']) : array();
$active = ( !empty($_POST['active']) ) ? explode('-', $_POST['active']) :array();
$count = ( !empty($_POST['count']) ) ? intval($_POST['count']) : '';
$key_match = array('lt' => '<', 'gt' => '>', 'eq' => '=');
$sort_by_types = array('username', 'user_email', 'user_posts', 'user_regdate', 'user_lastvisit');
@ -153,9 +153,9 @@ if ( isset($HTTP_POST_VARS['prune']) )
if ( $where_sql != '' )
{
$sql = '';
if ( !empty($HTTP_POST_VARS['delete']) )
if ( !empty($_POST['delete']) )
{
if ( !empty($HTTP_POST_VARS['deleteposts']) )
if ( !empty($_POST['deleteposts']) )
{
$l_admin_log = 'log_prune_user_del_del';
@ -178,7 +178,7 @@ if ( isset($HTTP_POST_VARS['prune']) )
$sql = "DELETE FROM " . USERS_TABLE;
}
else if ( !empty($HTTP_POST_VARS['deactivate']) )
else if ( !empty($_POST['deactivate']) )
{
$l_admin_log = 'log_prune_user_deac';

28
phpBB/admin/admin_ranks.php
View file

@ -23,7 +23,7 @@ define('IN_PHPBB', 1);
if( !empty($setmodules) )
{
if ( !$auth->get_acl_admin('user') )
if ( !$auth->acl_get('a_user') )
{
return;
}
@ -43,7 +43,7 @@ require('pagestart.' . $phpEx);
//
//
//
if ( !$auth->get_acl_admin('user') )
if ( !$auth->acl_get('a_user') )
{
return;
}
@ -51,20 +51,20 @@ if ( !$auth->get_acl_admin('user') )
//
//
//
if ( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) )
if ( isset($_GET['mode']) || isset($_POST['mode']) )
{
$mode = ( isset($HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode'];
$mode = ( isset($_POST['mode']) ) ? $_POST['mode'] : $_GET['mode'];
}
else
{
//
// These could be entered via a form button
//
if ( isset($HTTP_POST_VARS['add']) )
if ( isset($_POST['add']) )
{
$mode = 'add';
}
else if ( isset($HTTP_POST_VARS['save']) )
else if ( isset($_POST['save']) )
{
$mode = 'save';
}
@ -84,7 +84,7 @@ if ( $mode != '' )
//
// They want to add a new rank, show the form.
//
$rank_id = ( isset($HTTP_GET_VARS['id']) ) ? intval($HTTP_GET_VARS['id']) : 0;
$rank_id = ( isset($_GET['id']) ) ? intval($_GET['id']) : 0;
$s_hidden_fields = '<input type="hidden" name="mode" value="save" />';
@ -152,11 +152,11 @@ if ( $mode != '' )
// Ok, they sent us our info, let's update it.
//
$rank_id = ( isset($HTTP_POST_VARS['id']) ) ? intval($HTTP_POST_VARS['id']) : 0;
$rank_title = ( isset($HTTP_POST_VARS['title']) ) ? trim($HTTP_POST_VARS['title']) : '';
$special_rank = ( $HTTP_POST_VARS['special_rank'] == 1 ) ? TRUE : 0;
$min_posts = ( isset($HTTP_POST_VARS['min_posts']) ) ? intval($HTTP_POST_VARS['min_posts']) : -1;
$rank_image = ( (isset($HTTP_POST_VARS['rank_image'])) ) ? trim($HTTP_POST_VARS['rank_image']) : '';
$rank_id = ( isset($_POST['id']) ) ? intval($_POST['id']) : 0;
$rank_title = ( isset($_POST['title']) ) ? trim($_POST['title']) : '';
$special_rank = ( $_POST['special_rank'] == 1 ) ? TRUE : 0;
$min_posts = ( isset($_POST['min_posts']) ) ? intval($_POST['min_posts']) : -1;
$rank_image = ( (isset($_POST['rank_image'])) ) ? trim($_POST['rank_image']) : '';
if ( $rank_title == '' )
{
@ -208,9 +208,9 @@ if ( $mode != '' )
// Ok, they want to delete their rank
//
if ( isset($HTTP_POST_VARS['id']) || isset($HTTP_GET_VARS['id']) )
if ( isset($_POST['id']) || isset($_GET['id']) )
{
$rank_id = ( isset($HTTP_POST_VARS['id']) ) ? intval($HTTP_POST_VARS['id']) : intval($HTTP_GET_VARS['id']);
$rank_id = ( isset($_POST['id']) ) ? intval($_POST['id']) : intval($_GET['id']);
}
else
{

14
phpBB/admin/admin_search.php
View file

@ -21,7 +21,7 @@
if ( !empty($setmodules) )
{
if ( !$auth->get_acl_admin('general') )
if ( !$auth->acl_get('a_general') )
{
return;
}
@ -44,7 +44,7 @@ include($phpbb_root_path . 'includes/functions_posting.'.$phpEx);
//
// Do we have forum admin permissions?
//
if ( !$auth->get_acl_admin('general') )
if ( !$auth->acl_get('a_general') )
{
message_die(MESSAGE, $lang['No_admin']);
}
@ -52,11 +52,11 @@ if ( !$auth->get_acl_admin('general') )
//
// Start indexing
//
if ( isset($HTTP_POST_VARS['start']) || isset($HTTP_GET_VARS['batchstart']) )
if ( isset($_POST['start']) || isset($_GET['batchstart']) )
{
$batchsize = 200; // Process this many posts per batch
$batchstart = ( !isset($HTTP_GET_VARS['batchstart']) ) ? $row['min_post_id'] : $HTTP_GET_VARS['batchstart'];
$batchcount = ( !isset($HTTP_GET_VARS['batchcount']) ) ? 1 : $HTTP_GET_VARS['batchcount'];
$batchstart = ( !isset($_GET['batchstart']) ) ? $row['min_post_id'] : $_GET['batchstart'];
$batchcount = ( !isset($_GET['batchcount']) ) ? 1 : $_GET['batchcount'];
$loopcount = 0;
$batchend = $batchstart + $batchsize;
@ -108,7 +108,7 @@ if ( isset($HTTP_POST_VARS['start']) || isset($HTTP_GET_VARS['batchstart']) )
closedir($dir);
if ( !isset($HTTP_GET_VARS['batchstart']) )
if ( !isset($_GET['batchstart']) )
{
//
// Take board offline
@ -312,7 +312,7 @@ if ( isset($HTTP_POST_VARS['start']) || isset($HTTP_GET_VARS['batchstart']) )
exit;
}
else if ( isset($HTTP_POST_VARS['cancel']) )
else if ( isset($_POST['cancel']) )
{
$sql = "UPDATE " . CONFIG_TABLE . "
SET config_value = '0'

73
phpBB/admin/admin_smilies.php
View file

@ -21,7 +21,7 @@
if ( !empty($setmodules) )
{
if ( !$auth->get_acl_admin('general') )
if ( !$auth->acl_get('a_general') )
{
return;
}
@ -43,7 +43,7 @@ require('pagestart.' . $phpEx);
//
// Do we have general permissions?
//
if (!$auth->get_acl_admin('general'))
if (!$auth->acl_get('a_general'))
{
message_die(MESSAGE, $lang['No_admin']);
}
@ -51,9 +51,9 @@ if (!$auth->get_acl_admin('general'))
//
// Check to see what mode we should operate in.
//
if (isset($HTTP_POST_VARS['mode']) || isset($HTTP_GET_VARS['mode']))
if (isset($_POST['mode']) || isset($_GET['mode']))
{
$mode = (!empty($HTTP_POST_VARS['mode'])) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode'];
$mode = (!empty($_POST['mode'])) ? $_POST['mode'] : $_GET['mode'];
}
else
{
@ -62,10 +62,8 @@ else
$delimiter = '=+:';
$smilies_images = $smilies_paks = array();
$click_return = '<br /><br />' . sprintf($lang['Click_return_smileadmin'], '<a href="admin_smilies.' . $phpEx . $SID . '">', '</a>');
$click_return .= '<br /><br />' . sprintf($lang['Click_return_admin_index'], '<a href="index.' . $phpEx . $SID . '&amp;pane=right">', '</a>');
if ($mode == 'edit' || !empty($HTTP_POST_VARS['add']) || !empty($HTTP_POST_VARS['import_pak']))
if ($mode == 'edit' || !empty($_POST['add']) || !empty($_POST['import_pak']))
{
$dir = @opendir($phpbb_root_path . $board_config['smilies_path']);
while ($file = @readdir($dir))
@ -90,15 +88,15 @@ if ($mode == 'edit' || !empty($HTTP_POST_VARS['add']) || !empty($HTTP_POST_VARS[
//
// Select main mode
//
if (isset($HTTP_POST_VARS['import_pak']))
if (isset($_POST['import_pak']))
{
if (!empty($HTTP_POST_VARS['smilies_pak']))
if (!empty($_POST['smilies_pak']))
{
$smile_order = 0;
//
// The user has already selected a smilies_pak file.. Import it.
//
if (!empty($HTTP_POST_VARS['clear_current']))
if (!empty($_POST['clear_current']))
{
$db->sql_query('DELETE FROM ' . SMILIES_TABLE);
}
@ -118,7 +116,7 @@ if (isset($HTTP_POST_VARS['import_pak']))
if (empty($fcontents))
{
message_die(ERROR, 'Could not read smiley pak file' . $click_return);
message_die(ERROR, 'Could not read smiley pak file');
}
foreach ($fcontents as $line)
@ -147,7 +145,7 @@ if (isset($HTTP_POST_VARS['import_pak']))
if (!empty($smilies[$code]))
{
if (!empty($HTTP_POST_VARS['replace_existing']))
if (!empty($_POST['replace_existing']))
{
$code_sql = str_replace("'", "''", str_replace('\\', '\\\\', $code));
$sql = array(
@ -175,7 +173,7 @@ if (isset($HTTP_POST_VARS['import_pak']))
}
}
message_die(MESSAGE, $lang['Smilies_import_success'] . $click_return);
message_die(MESSAGE, $lang['Smilies_import_success']);
}
else
{
@ -202,7 +200,7 @@ if (isset($HTTP_POST_VARS['import_pak']))
<form method="post" action="admin_smilies.<?php echo $phpEx . $SID ?>"><table class="bg" cellspacing="1" cellpadding="4" border="0" align="center">
<tr>
<th class="thHead" colspan="2"><?php echo $lang['Smilies_import'] ?></th>
<th colspan="2"><?php echo $lang['Smilies_import'] ?></th>
</tr>
<tr>
<td class="row2"><?php echo $lang['Select_package'] ?></td>
@ -228,7 +226,7 @@ if (isset($HTTP_POST_VARS['import_pak']))
page_footer();
}
}
elseif (isset($HTTP_GET_VARS['export_pak']))
elseif (isset($_GET['export_pak']))
{
$smilies_pak = '';
@ -250,12 +248,12 @@ elseif (isset($HTTP_GET_VARS['export_pak']))
exit;
}
elseif (isset($HTTP_POST_VARS['export_pak']))
elseif (isset($_POST['export_pak']))
{
page_header($lang['Export_smilies']);
message_die(MESSAGE, sprintf($lang['Export_smilies_explain'], '<a href="admin_smilies.' . $phpEx . $SID . '&amp;export_pak=send">', '</a>') . $click_return);
message_die(MESSAGE, sprintf($lang['Export_smilies_explain'], '<a href="admin_smilies.' . $phpEx . $SID . '&amp;export_pak=send">', '</a>'));
}
elseif (isset($HTTP_POST_VARS['add']))
elseif (isset($_POST['add']))
{
$filename_list = '';
foreach ($smilies_images as $smile_url)
@ -290,7 +288,7 @@ function update_smile_dimensions()
<form method="post" action="admin_smilies.<?php echo $phpEx . $SID ?>&amp;mode=create"><table class="bg" cellspacing="1" cellpadding="4" border="0" align="center">
<tr>
<th class="thHead" colspan="2"><?php echo $lang['smile_config'] ?></th>
<th colspan="2"><?php echo $lang['smile_config'] ?></th>
</tr>
<tr>
<td class="row2"><?php echo $lang['Smile_code'] ?></td>
@ -324,20 +322,13 @@ function update_smile_dimensions()
switch ($mode)
{
case 'delete':
$db->sql_query('DELETE FROM ' . SMILIES_TABLE . ' WHERE smilies_id = ' . intval($HTTP_GET_VARS['smile_id']));
message_die(MESSAGE, $lang['Smile_deleted'] . $click_return);
$db->sql_query('DELETE FROM ' . SMILIES_TABLE . ' WHERE smilies_id = ' . intval($_GET['smile_id']));
message_die(MESSAGE, $lang['Smile_deleted']);
break;
case 'edit':
$smile_id = intval($HTTP_GET_VARS['smile_id']);
$smile_id = intval($_GET['smile_id']);
/*
$sql = 'SELECT *
FROM ' . SMILIES_TABLE . "
WHERE smilies_id = $smile_id";
$result = $db->sql_query($sql);
$smile_data = $db->sql_fetchrow($result);
*/
$order_list = '';
$result = $db->sql_query('SELECT * FROM ' . SMILIES_TABLE . ' ORDER BY smile_order DESC');
while ($row = $db->sql_fetchrow($result))
@ -441,26 +432,26 @@ function update_smile_dimensions()
case 'create':
case 'modify':
$smile_width = intval($HTTP_POST_VARS['smile_width']);
$smile_height = intval($HTTP_POST_VARS['smile_height']);
$smile_width = intval($_POST['smile_width']);
$smile_height = intval($_POST['smile_height']);
if ($smile_width == 0 || $smile_height == 0)
{
$img_size = @getimagesize($phpbb_root_path . $board_config['smilies_path'] . '/' . stripslashes($HTTP_POST_VARS['smile_url']));
$img_size = @getimagesize($phpbb_root_path . $board_config['smilies_path'] . '/' . stripslashes($_POST['smile_url']));
$smile_width = $img_size[0];
$smile_height = $img_size[1];
}
$sql = array(
'code' => htmlspecialchars(stripslashes($HTTP_POST_VARS['smile_code'])),
'smile_url' => stripslashes($HTTP_POST_VARS['smile_url']),
'code' => htmlspecialchars(stripslashes($_POST['smile_code'])),
'smile_url' => stripslashes($_POST['smile_url']),
'smile_width' => $smile_width,
'smile_height' => $smile_height,
'smile_order' => $smile_order,
'emoticon' => stripslashes($HTTP_POST_VARS['smile_emotion']),
'smile_on_posting' => (!empty($HTTP_POST_VARS['smile_on_posting'])) ? 1 : 0
'emoticon' => stripslashes($_POST['smile_emotion']),
'smile_on_posting' => (!empty($_POST['smile_on_posting'])) ? 1 : 0
);
$smile_id = $HTTP_POST_VARS['smile_id'];
$smile_order = $HTTP_POST_VARS['smile_order'];
$smile_id = $_POST['smile_id'];
$smile_order = $_POST['smile_order'];
if ($mode == 'modify')
{
@ -500,18 +491,18 @@ function update_smile_dimensions()
if ($mode == 'modify')
{
$db->sql_query_array('UPDATE ' . SMILIES_TABLE . " SET WHERE smilies_id = $smile_id", $sql);
message_die(MESSAGE, $lang['Smile_edited'] . $click_return);
message_die(MESSAGE, $lang['Smile_edited']);
}
else
{
$db->sql_query_array('INSERT INTO ' . SMILIES_TABLE, $sql);
message_die(MESSAGE, $lang['Smile_added'] . $click_return);
message_die(MESSAGE, $lang['Smile_added']);
}
break;
case 'move_up':
case 'move_down':
$smile_order = intval($HTTP_GET_VARS['smile_order']);
$smile_order = intval($_GET['smile_order']);
$order_total = $smile_order * 2 + (($mode == 'move_up') ? -1 : 1);
$sql = 'UPDATE ' . SMILIES_TABLE . "

42
phpBB/admin/admin_styles.php
View file

@ -2,7 +2,7 @@
if ( !empty($setmodules) )
{
if ( !$auth->get_acl_admin('styles') )
if ( !$auth->acl_get('a_styles') )
{
return;
}
@ -27,7 +27,7 @@ require('pagestart.' . $phpEx);
//
// Do we have styles admin permissions?
//
if ( !$auth->get_acl_admin('styles') )
if ( !$auth->acl_get('a_styles') )
{
message_die(MESSAGE, $lang['No_admin']);
}
@ -48,26 +48,26 @@ closedir($dp);
//
//
//
$mode = ( isset($HTTP_GET_VARS['mode']) ) ? $HTTP_GET_VARS['mode'] : $HTTP_POST_VARS['mode'];
$mode = ( isset($_GET['mode']) ) ? $_GET['mode'] : $_POST['mode'];
switch ( $mode )
{
case 'editimageset':
$imgroot = ( isset($HTTP_POST_VARS['imgroot']) ) ? $HTTP_POST_VARS['imgroot'] : 'subSilver';
$imgroot = ( isset($_POST['imgroot']) ) ? $_POST['imgroot'] : 'subSilver';
if ( isset($HTTP_POST_VARS['img_root']) )
if ( isset($_POST['img_root']) )
{
$sql = "SELECT *
FROM " . STYLES_IMAGE_TABLE . "
WHERE imageset_path LIKE '" . $HTTP_POST_VARS['imgroot'] . "'";
WHERE imageset_path LIKE '" . $_POST['imgroot'] . "'";
$result = $db->sql_query($sql);
$images = $db->sql_fetchrow($result);
}
if ( isset($HTTP_POST_VARS['img_addconfig']) )
if ( isset($_POST['img_addconfig']) )
{
}
else if ( isset($HTTP_POST_VARS['img_addlocal']) )
else if ( isset($_POST['img_addlocal']) )
{
}
@ -142,15 +142,15 @@ switch ( $mode )
case 'edittemplate':
$tplcols = ( isset($HTTP_POST_VARS['tplcols']) ) ? max(60, intval($HTTP_POST_VARS['tplcols'])) : 90;
$tplrows = ( isset($HTTP_POST_VARS['tplrows']) ) ? max(4, intval($HTTP_POST_VARS['tplrows'])) : 30;
$tplname = ( isset($HTTP_POST_VARS['tplname']) ) ? $HTTP_POST_VARS['tplname'] : '';
$tplroot = ( isset($HTTP_POST_VARS['tplroot']) ) ? $HTTP_POST_VARS['tplroot'] : 'subSilver';
$tplcols = ( isset($_POST['tplcols']) ) ? max(60, intval($_POST['tplcols'])) : 90;
$tplrows = ( isset($_POST['tplrows']) ) ? max(4, intval($_POST['tplrows'])) : 30;
$tplname = ( isset($_POST['tplname']) ) ? $_POST['tplname'] : '';
$tplroot = ( isset($_POST['tplroot']) ) ? $_POST['tplroot'] : 'subSilver';
$str = '';
if ( isset($HTTP_POST_VARS['tpl_compile']) && !empty($HTTP_POST_VARS['decompile']) )
if ( isset($_POST['tpl_compile']) && !empty($_POST['decompile']) )
{
$str = "<?php\n" . $template->compile(stripslashes($HTTP_POST_VARS['decompile'])) . "\n?".">";
$str = "<?php\n" . $template->compile(stripslashes($_POST['decompile'])) . "\n?".">";
$fp = fopen($phpbb_root_path . 'templates/cache/' . $tplroot . '/' . $tplname . '.html.' . $phpEx, 'w+');
fwrite ($fp, $str);
@ -162,7 +162,7 @@ switch ( $mode )
exit;
}
else if ( !empty($tplname) && isset($HTTP_POST_VARS['tpl_name']) )
else if ( !empty($tplname) && isset($_POST['tpl_name']) )
{
$fp = fopen($phpbb_root_path . 'templates/cache/' . $tplroot . '/' . $tplname . '.html.' . $phpEx, 'r');
while ( !feof($fp) )
@ -175,10 +175,10 @@ switch ( $mode )
}
else
{
$str = ( !empty($HTTP_POST_VARS['decompile']) ) ? stripslashes($HTTP_POST_VARS['decompile']) : '';
$str = ( !empty($_POST['decompile']) ) ? stripslashes($_POST['decompile']) : '';
}
if ( isset($HTTP_POST_VARS['tpl_download']) )
if ( isset($_POST['tpl_download']) )
{
header("Content-Type: text/html; name=\"" . $tplname . ".html\"");
header("Content-disposition: attachment; filename=" . $tplname . ".html");
@ -242,9 +242,9 @@ switch ( $mode )
case 'edittheme':
$theme_id = ( isset($HTTP_POST_VARS['themeroot']) ) ? $HTTP_POST_VARS['themeroot'] : '';
$theme_id = ( isset($_POST['themeroot']) ) ? $_POST['themeroot'] : '';
if ( isset($HTTP_POST_VARS['update']) )
if ( isset($_POST['update']) )
{
$sql = "SELECT theme_id, theme_name
FROM " . STYLES_CSS_TABLE . "
@ -255,8 +255,8 @@ switch ( $mode )
{
$theme_name = $row['theme_name'];
$css_data = ( !empty($HTTP_POST_VARS['css_data']) ) ? htmlentities($HTTP_POST_VARS['css_data']) : '';
$css_external = ( !empty($HTTP_POST_VARS['css_data']) ) ? $HTTP_POST_VARS['css_data'] : '';
$css_data = ( !empty($_POST['css_data']) ) ? htmlentities($_POST['css_data']) : '';
$css_external = ( !empty($_POST['css_data']) ) ? $_POST['css_data'] : '';
$sql = "UPDATE " > STYLES_CSS_TABLE . "
SET css_data = '$css_data', css_external = '$css_external'

110
phpBB/admin/admin_users.php
View file

@ -21,7 +21,7 @@
if ( !empty($setmodules) )
{
if ( !$auth->get_acl_admin('user') )
if ( !$auth->acl_get('a_user') )
{
return;
}
@ -46,7 +46,7 @@ require($phpbb_root_path . 'includes/functions_validate.'.$phpEx);
//
// Do we have forum admin permissions?
//
if ( !$auth->get_acl_admin('user') )
if ( !$auth->acl_get('a_user') )
{
return;
}
@ -54,9 +54,9 @@ if ( !$auth->get_acl_admin('user') )
//
// Set mode
//
if( isset( $HTTP_POST_VARS['mode'] ) || isset( $HTTP_GET_VARS['mode'] ) )
if( isset( $_POST['mode'] ) || isset( $_GET['mode'] ) )
{
$mode = ( isset( $HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode'];
$mode = ( isset( $_POST['mode']) ) ? $_POST['mode'] : $_GET['mode'];
}
else
{
@ -66,14 +66,14 @@ else
//
// Begin program
//
if ( $mode == 'edit' || $mode == 'save' && ( isset($HTTP_POST_VARS['username']) || isset($HTTP_GET_VARS['u']) || isset( $HTTP_POST_VARS['u']) ) )
if ( $mode == 'edit' || $mode == 'save' && ( isset($_POST['username']) || isset($_GET['u']) || isset( $_POST['u']) ) )
{
//
// Ok, the profile has been modified and submitted, let's update
//
if( ( $mode == 'save' && isset( $HTTP_POST_VARS['submit'] ) ) || isset( $HTTP_POST_VARS['avatargallery'] ) || isset( $HTTP_POST_VARS['submitavatar'] ) || isset( $HTTP_POST_VARS['cancelavatar'] ) )
if( ( $mode == 'save' && isset( $_POST['submit'] ) ) || isset( $_POST['avatargallery'] ) || isset( $_POST['submitavatar'] ) || isset( $_POST['cancelavatar'] ) )
{
$user_id = intval( $HTTP_POST_VARS['id'] );
$user_id = intval( $_POST['id'] );
$this_userdata = get_userdata($user_id);
if( !$this_userdata )
@ -81,46 +81,46 @@ if ( $mode == 'edit' || $mode == 'save' && ( isset($HTTP_POST_VARS['username'])
message_die(MESSAGE, $lang['No_user_id_specified'] );
}
$username = ( !empty($HTTP_POST_VARS['username']) ) ? trim(strip_tags( $HTTP_POST_VARS['username'] ) ) : '';
$email = ( !empty($HTTP_POST_VARS['email']) ) ? trim(strip_tags(htmlspecialchars( $HTTP_POST_VARS['email'] ) )) : '';
$username = ( !empty($_POST['username']) ) ? trim(strip_tags( $_POST['username'] ) ) : '';
$email = ( !empty($_POST['email']) ) ? trim(strip_tags(htmlspecialchars( $_POST['email'] ) )) : '';
$password = ( !empty($HTTP_POST_VARS['password']) ) ? trim(strip_tags(htmlspecialchars( $HTTP_POST_VARS['password'] ) )) : '';
$password_confirm = ( !empty($HTTP_POST_VARS['password_confirm']) ) ? trim(strip_tags(htmlspecialchars( $HTTP_POST_VARS['password_confirm'] ) )) : '';
$password = ( !empty($_POST['password']) ) ? trim(strip_tags(htmlspecialchars( $_POST['password'] ) )) : '';
$password_confirm = ( !empty($_POST['password_confirm']) ) ? trim(strip_tags(htmlspecialchars( $_POST['password_confirm'] ) )) : '';
$icq = ( !empty($HTTP_POST_VARS['icq']) ) ? trim(strip_tags( $HTTP_POST_VARS['icq'] ) ) : '';
$aim = ( !empty($HTTP_POST_VARS['aim']) ) ? trim(strip_tags( $HTTP_POST_VARS['aim'] ) ) : '';
$msn = ( !empty($HTTP_POST_VARS['msn']) ) ? trim(strip_tags( $HTTP_POST_VARS['msn'] ) ) : '';
$yim = ( !empty($HTTP_POST_VARS['yim']) ) ? trim(strip_tags( $HTTP_POST_VARS['yim'] ) ) : '';
$icq = ( !empty($_POST['icq']) ) ? trim(strip_tags( $_POST['icq'] ) ) : '';
$aim = ( !empty($_POST['aim']) ) ? trim(strip_tags( $_POST['aim'] ) ) : '';
$msn = ( !empty($_POST['msn']) ) ? trim(strip_tags( $_POST['msn'] ) ) : '';
$yim = ( !empty($_POST['yim']) ) ? trim(strip_tags( $_POST['yim'] ) ) : '';
$website = ( !empty($HTTP_POST_VARS['website']) ) ? trim(strip_tags( $HTTP_POST_VARS['website'] ) ) : '';
$location = ( !empty($HTTP_POST_VARS['location']) ) ? trim(strip_tags( $HTTP_POST_VARS['location'] ) ) : '';
$occupation = ( !empty($HTTP_POST_VARS['occupation']) ) ? trim(strip_tags( $HTTP_POST_VARS['occupation'] ) ) : '';
$interests = ( !empty($HTTP_POST_VARS['interests']) ) ? trim(strip_tags( $HTTP_POST_VARS['interests'] ) ) : '';
$signature = ( !empty($HTTP_POST_VARS['signature']) ) ? trim(str_replace('<br />', "\n", $HTTP_POST_VARS['signature'] ) ) : '';
$website = ( !empty($_POST['website']) ) ? trim(strip_tags( $_POST['website'] ) ) : '';
$location = ( !empty($_POST['location']) ) ? trim(strip_tags( $_POST['location'] ) ) : '';
$occupation = ( !empty($_POST['occupation']) ) ? trim(strip_tags( $_POST['occupation'] ) ) : '';
$interests = ( !empty($_POST['interests']) ) ? trim(strip_tags( $_POST['interests'] ) ) : '';
$signature = ( !empty($_POST['signature']) ) ? trim(str_replace('<br />', "\n", $_POST['signature'] ) ) : '';
validate_optional_fields($icq, $aim, $msn, $yim, $website, $location, $occupation, $interests, $signature);
$viewemail = ( isset( $HTTP_POST_VARS['viewemail']) ) ? ( ( $HTTP_POST_VARS['viewemail'] ) ? TRUE : 0 ) : 0;
$allowviewonline = ( isset( $HTTP_POST_VARS['hideonline']) ) ? ( ( $HTTP_POST_VARS['hideonline'] ) ? 0 : TRUE ) : TRUE;
$notifyreply = ( isset( $HTTP_POST_VARS['notifyreply']) ) ? ( ( $HTTP_POST_VARS['notifyreply'] ) ? TRUE : 0 ) : 0;
$notifypm = ( isset( $HTTP_POST_VARS['notifypm']) ) ? ( ( $HTTP_POST_VARS['notifypm'] ) ? TRUE : 0 ) : TRUE;
$popuppm = ( isset( $HTTP_POST_VARS['popup_pm']) ) ? ( ( $HTTP_POST_VARS['popup_pm'] ) ? TRUE : 0 ) : TRUE;
$attachsig = ( isset( $HTTP_POST_VARS['attachsig']) ) ? ( ( $HTTP_POST_VARS['attachsig'] ) ? TRUE : 0 ) : 0;
$viewemail = ( isset( $_POST['viewemail']) ) ? ( ( $_POST['viewemail'] ) ? TRUE : 0 ) : 0;
$allowviewonline = ( isset( $_POST['hideonline']) ) ? ( ( $_POST['hideonline'] ) ? 0 : TRUE ) : TRUE;
$notifyreply = ( isset( $_POST['notifyreply']) ) ? ( ( $_POST['notifyreply'] ) ? TRUE : 0 ) : 0;
$notifypm = ( isset( $_POST['notifypm']) ) ? ( ( $_POST['notifypm'] ) ? TRUE : 0 ) : TRUE;
$popuppm = ( isset( $_POST['popup_pm']) ) ? ( ( $_POST['popup_pm'] ) ? TRUE : 0 ) : TRUE;
$attachsig = ( isset( $_POST['attachsig']) ) ? ( ( $_POST['attachsig'] ) ? TRUE : 0 ) : 0;
$allowhtml = ( isset( $HTTP_POST_VARS['allowhtml']) ) ? intval( $HTTP_POST_VARS['allowhtml'] ) : $board_config['allow_html'];
$allowbbcode = ( isset( $HTTP_POST_VARS['allowbbcode']) ) ? intval( $HTTP_POST_VARS['allowbbcode'] ) : $board_config['allow_bbcode'];
$allowsmilies = ( isset( $HTTP_POST_VARS['allowsmilies']) ) ? intval( $HTTP_POST_VARS['allowsmilies'] ) : $board_config['allow_smilies'];
$allowhtml = ( isset( $_POST['allowhtml']) ) ? intval( $_POST['allowhtml'] ) : $board_config['allow_html'];
$allowbbcode = ( isset( $_POST['allowbbcode']) ) ? intval( $_POST['allowbbcode'] ) : $board_config['allow_bbcode'];
$allowsmilies = ( isset( $_POST['allowsmilies']) ) ? intval( $_POST['allowsmilies'] ) : $board_config['allow_smilies'];
$user_style = ( $HTTP_POST_VARS['style'] ) ? intval( $HTTP_POST_VARS['style'] ) : $board_config['default_style'];
$user_lang = ( $HTTP_POST_VARS['language'] ) ? $HTTP_POST_VARS['language'] : $board_config['default_lang'];
$user_timezone = ( isset( $HTTP_POST_VARS['timezone']) ) ? doubleval( $HTTP_POST_VARS['timezone'] ) : $board_config['board_timezone'];
$user_template = ( $HTTP_POST_VARS['template'] ) ? $HTTP_POST_VARS['template'] : $board_config['board_template'];
$user_dateformat = ( $HTTP_POST_VARS['dateformat'] ) ? trim( $HTTP_POST_VARS['dateformat'] ) : $board_config['default_dateformat'];
$user_style = ( $_POST['style'] ) ? intval( $_POST['style'] ) : $board_config['default_style'];
$user_lang = ( $_POST['language'] ) ? $_POST['language'] : $board_config['default_lang'];
$user_timezone = ( isset( $_POST['timezone']) ) ? doubleval( $_POST['timezone'] ) : $board_config['board_timezone'];
$user_template = ( $_POST['template'] ) ? $_POST['template'] : $board_config['board_template'];
$user_dateformat = ( $_POST['dateformat'] ) ? trim( $_POST['dateformat'] ) : $board_config['default_dateformat'];
$user_avatar_local = ( isset( $HTTP_POST_VARS['avatarselect'] ) && !empty($HTTP_POST_VARS['submitavatar'] ) && $board_config['allow_avatar_local'] ) ? $HTTP_POST_VARS['avatarselect'] : ( ( isset( $HTTP_POST_VARS['avatarlocal'] ) ) ? $HTTP_POST_VARS['avatarlocal'] : '' );
$user_avatar_local = ( isset( $_POST['avatarselect'] ) && !empty($_POST['submitavatar'] ) && $board_config['allow_avatar_local'] ) ? $_POST['avatarselect'] : ( ( isset( $_POST['avatarlocal'] ) ) ? $_POST['avatarlocal'] : '' );
$user_avatar_remoteurl = ( !empty($HTTP_POST_VARS['avatarremoteurl']) ) ? trim( $HTTP_POST_VARS['avatarremoteurl'] ) : '';
$user_avatar_url = ( !empty($HTTP_POST_VARS['avatarurl']) ) ? trim( $HTTP_POST_VARS['avatarurl'] ) : '';
$user_avatar_remoteurl = ( !empty($_POST['avatarremoteurl']) ) ? trim( $_POST['avatarremoteurl'] ) : '';
$user_avatar_url = ( !empty($_POST['avatarurl']) ) ? trim( $_POST['avatarurl'] ) : '';
$user_avatar_loc = ( $HTTP_POST_FILES['avatar']['tmp_name'] != "none") ? $HTTP_POST_FILES['avatar']['tmp_name'] : '';
$user_avatar_name = ( !empty($HTTP_POST_FILES['avatar']['name']) ) ? $HTTP_POST_FILES['avatar']['name'] : '';
$user_avatar_size = ( !empty($HTTP_POST_FILES['avatar']['size']) ) ? $HTTP_POST_FILES['avatar']['size'] : 0;
@ -129,12 +129,12 @@ if ( $mode == 'edit' || $mode == 'save' && ( isset($HTTP_POST_VARS['username'])
$user_avatar = ( empty($user_avatar_loc) ) ? $this_userdata['user_avatar'] : '';
$user_avatar_type = ( empty($user_avatar_loc) ) ? $this_userdata['user_avatar_type'] : '';
$user_status = ( !empty($HTTP_POST_VARS['user_status']) ) ? intval( $HTTP_POST_VARS['user_status'] ) : 0;
$user_allowpm = ( !empty($HTTP_POST_VARS['user_allowpm']) ) ? intval( $HTTP_POST_VARS['user_allowpm'] ) : 0;
$user_rank = ( !empty($HTTP_POST_VARS['user_rank']) ) ? intval( $HTTP_POST_VARS['user_rank'] ) : 0;
$user_allowavatar = ( !empty($HTTP_POST_VARS['user_allowavatar']) ) ? intval( $HTTP_POST_VARS['user_allowavatar'] ) : 0;
$user_status = ( !empty($_POST['user_status']) ) ? intval( $_POST['user_status'] ) : 0;
$user_allowpm = ( !empty($_POST['user_allowpm']) ) ? intval( $_POST['user_allowpm'] ) : 0;
$user_rank = ( !empty($_POST['user_rank']) ) ? intval( $_POST['user_rank'] ) : 0;
$user_allowavatar = ( !empty($_POST['user_allowavatar']) ) ? intval( $_POST['user_allowavatar'] ) : 0;
if( isset( $HTTP_POST_VARS['avatargallery'] ) || isset( $HTTP_POST_VARS['submitavatar'] ) || isset( $HTTP_POST_VARS['cancelavatar'] ) )
if( isset( $_POST['avatargallery'] ) || isset( $_POST['submitavatar'] ) || isset( $_POST['cancelavatar'] ) )
{
$username = stripslashes($username);
$email = stripslashes($email);
@ -155,7 +155,7 @@ if ( $mode == 'edit' || $mode == 'save' && ( isset($HTTP_POST_VARS['username'])
$user_lang = stripslashes($user_lang);
$user_dateformat = stripslashes($user_dateformat);
if ( !isset($HTTP_POST_VARS['cancelavatar']))
if ( !isset($_POST['cancelavatar']))
{
$user_avatar = $user_avatar_local;
$user_avatar_type = USER_AVATAR_GALLERY;
@ -163,7 +163,7 @@ if ( $mode == 'edit' || $mode == 'save' && ( isset($HTTP_POST_VARS['username'])
}
}
if( isset( $HTTP_POST_VARS['submit'] ) )
if( isset( $_POST['submit'] ) )
{
include($phpbb_root_path . 'includes/usercp_avatar.'.$phpEx);
@ -250,7 +250,7 @@ if ( $mode == 'edit' || $mode == 'save' && ( isset($HTTP_POST_VARS['username'])
// Avatar stuff
//
$avatar_sql = '';
if( isset($HTTP_POST_VARS['avatardel']) )
if( isset($_POST['avatardel']) )
{
if( $this_userdata['user_avatar_type'] == USER_AVATAR_UPLOAD && $this_userdata['user_avatar'] != "" )
{
@ -518,7 +518,7 @@ if ( $mode == 'edit' || $mode == 'save' && ( isset($HTTP_POST_VARS['username'])
//
if( !$error )
{
if( $HTTP_POST_VARS['deleteuser'] )
if( $_POST['deleteuser'] )
{
$sql = "SELECT g.group_id
FROM " . USER_GROUP_TABLE . " ug, " . GROUPS_TABLE . " g
@ -621,11 +621,11 @@ if ( $mode == 'edit' || $mode == 'save' && ( isset($HTTP_POST_VARS['username'])
$user_dateformat = stripslashes($user_dateformat);
}
}
else if( !isset( $HTTP_POST_VARS['submit'] ) && $mode != 'save' && !isset( $HTTP_POST_VARS['avatargallery'] ) && !isset( $HTTP_POST_VARS['submitavatar'] ) && !isset( $HTTP_POST_VARS['cancelavatar'] ) )
else if( !isset( $_POST['submit'] ) && $mode != 'save' && !isset( $_POST['avatargallery'] ) && !isset( $_POST['submitavatar'] ) && !isset( $_POST['cancelavatar'] ) )
{
if( isset( $HTTP_GET_VARS[POST_USERS_URL]) || isset( $HTTP_POST_VARS[POST_USERS_URL]) )
if( isset( $_GET[POST_USERS_URL]) || isset( $_POST[POST_USERS_URL]) )
{
$user_id = ( isset( $HTTP_POST_VARS[POST_USERS_URL]) ) ? intval( $HTTP_POST_VARS[POST_USERS_URL]) : intval( $HTTP_GET_VARS[POST_USERS_URL]);
$user_id = ( isset( $_POST[POST_USERS_URL]) ) ? intval( $_POST[POST_USERS_URL]) : intval( $_GET[POST_USERS_URL]);
$this_userdata = get_userdata($user_id);
if( !$this_userdata )
{
@ -634,7 +634,7 @@ if ( $mode == 'edit' || $mode == 'save' && ( isset($HTTP_POST_VARS['username'])
}
else
{
$this_userdata = get_userdata( $HTTP_POST_VARS['username'] );
$this_userdata = get_userdata( $_POST['username'] );
if( !$this_userdata )
{
message_die(MESSAGE, $lang['No_user_id_specified'] );
@ -689,11 +689,11 @@ if ( $mode == 'edit' || $mode == 'save' && ( isset($HTTP_POST_VARS['username'])
$smilies_status = ($this_userdata['user_allowsmile'] ) ? $lang['Smilies_are_ON'] : $lang['Smilies_are_OFF'];
}
if( isset($HTTP_POST_VARS['avatargallery']) && !$error )
if( isset($_POST['avatargallery']) && !$error )
{
if( !$error )
{
$user_id = intval($HTTP_POST_VARS['id']);
$user_id = intval($_POST['id']);
$template->set_filenames(array(
"body" => "admin/user_avatar_gallery.tpl")
@ -730,9 +730,9 @@ if ( $mode == 'edit' || $mode == 'save' && ( isset($HTTP_POST_VARS['username'])
@closedir($dir);
if( isset($HTTP_POST_VARS['avatarcategory']) )
if( isset($_POST['avatarcategory']) )
{
$category = $HTTP_POST_VARS['avatarcategory'];
$category = $_POST['avatarcategory'];
}
else
{
@ -769,7 +769,7 @@ if ( $mode == 'edit' || $mode == 'save' && ( isset($HTTP_POST_VARS['username'])
}
}
$coppa = ( ( !$HTTP_POST_VARS['coppa'] && !$HTTP_GET_VARS['coppa'] ) || $mode == "register") ? 0 : TRUE;
$coppa = ( ( !$_POST['coppa'] && !$_GET['coppa'] ) || $mode == "register") ? 0 : TRUE;
$s_hidden_fields = '<input type="hidden" name="mode" value="edit" /><input type="hidden" name="agreed" value="true" /><input type="hidden" name="coppa" value="' . $coppa . '" />';
$s_hidden_fields .= '<input type="hidden" name="id" value="' . $user_id . '" />';

57
phpBB/admin/admin_viewlogs.php
View file

@ -21,7 +21,7 @@
if ( !empty($setmodules) )
{
if ( !$auth->get_acl_admin('general') )
if ( !$auth->acl_get('a_general') )
{
return;
}
@ -44,7 +44,7 @@ require('pagestart.' . $phpEx);
//
// Do we have styles admin permissions?
//
if ( !$auth->get_acl_admin('general') )
if ( !$auth->acl_get('a_general') )
{
message_die(MESSAGE, $lang['No_admin']);
}
@ -52,11 +52,11 @@ if ( !$auth->get_acl_admin('general') )
//
// Set some variables
//
$start = ( isset($HTTP_GET_VARS['start']) ) ? intval($HTTP_GET_VARS['start']) : 0;
$start = ( isset($_GET['start']) ) ? intval($_GET['start']) : 0;
if ( isset($HTTP_POST_VARS['mode']) || isset($HTTP_GET_VARS['mode']) )
if ( isset($_POST['mode']) || isset($_GET['mode']) )
{
$mode = ( isset($HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode'];
$mode = ( isset($_POST['mode']) ) ? $_POST['mode'] : $_GET['mode'];
}
else
{
@ -73,12 +73,12 @@ $l_title_explain = ( $mode == 'admin' ) ? $lang['Admin_logs_explain'] : $lang['M
//
// Delete entries if requested and able
//
if ( ( isset($HTTP_POST_VARS['delmarked']) || isset($HTTP_POST_VARS['delall']) ) && $auth->get_acl_admin('clearlogs'))
if ( ( isset($_POST['delmarked']) || isset($_POST['delall']) ) && $auth->acl_get('a_clearlogs'))
{
$where_sql = '';
if ( isset($HTTP_POST_VARS['delmarked']) && isset($HTTP_POST_VARS['mark']) )
if ( isset($_POST['delmarked']) && isset($_POST['mark']) )
{
foreach ( $HTTP_POST_VARS['mark'] as $marked )
foreach ( $_POST['mark'] as $marked )
{
$where_sql .= ( ( $where_sql != '' ) ? ', ' : '' ) . intval($marked);
}
@ -95,11 +95,11 @@ if ( ( isset($HTTP_POST_VARS['delmarked']) || isset($HTTP_POST_VARS['delall']) )
//
// Sorting ... this could become a function
//
if ( isset($HTTP_POST_VARS['sort']) || $start )
if ( isset($_POST['sort']) || $start )
{
if ( !empty($HTTP_POST_VARS['sort_days']) || !empty($HTTP_GET_VARS['sort_days']) )
if ( !empty($_POST['sort_days']) || !empty($_GET['sort_days']) )
{
$sort_days = ( !empty($HTTP_POST_VARS['sort_days']) ) ? intval($HTTP_POST_VARS['sort_days']) : intval($HTTP_GET_VARS['sort_days']);
$sort_days = ( !empty($_POST['sort_days']) ) ? intval($_POST['sort_days']) : intval($_GET['sort_days']);
$where_sql = time() - ( $sort_days * 86400 );
}
else
@ -107,8 +107,8 @@ if ( isset($HTTP_POST_VARS['sort']) || $start )
$where_sql = 0;
}
$sort_key = ( isset($HTTP_POST_VARS['sort_key']) ) ? $HTTP_POST_VARS['sort_key'] : $HTTP_GET_VARS['sort_key'];
$sort_dir = ( isset($HTTP_POST_VARS['sort_dir']) ) ? $HTTP_POST_VARS['sort_dir'] : $HTTP_GET_VARS['sort_dir'];
$sort_key = ( isset($_POST['sort_key']) ) ? $_POST['sort_key'] : $_GET['sort_key'];
$sort_dir = ( isset($_POST['sort_dir']) ) ? $_POST['sort_dir'] : $_GET['sort_dir'];
}
else
{
@ -144,30 +144,11 @@ $sort_sql = $sort_by[$sort_key] . ' ' . ( ( $sort_dir == 'd' ) ? 'DESC' : 'ASC'
//
// Define forum list if we're looking @ mod logs
//
$forum_options = '';
$forum_box = '';
if ( $mode == 'mod' )
{
$sql = "SELECT forum_id, forum_name
FROM " . FORUMS_TABLE . "
ORDER BY cat_id, forum_order";
$result = $db->sql_query($sql);
if ( $row = $db->sql_fetchrow($result) )
{
$forum_id = ( isset($HTTP_POST_VARS['f']) ) ? intval($HTTP_POST_VARS['f']) : $row['forum_id'];
do
{
$selected = ( $row['forum_id'] == $forum_id ) ? ' selected="selected"' : '';
$forum_options .= '<option value="' . $row['forum_id'] . '"' . $selected . '>' . $row['forum_name'] . '</option>';
}
while ( $row = $db->sql_fetchrow($result) );
}
else
{
$forum_id = 0;
$forum_options = '<option>' . $lang['No_forums'] . '</option>';
}
include($phpbb_root_path . '/includes/functions_admin.'.$phpEx);
$forum_box = make_forum_select('f');
}
//
@ -190,7 +171,7 @@ if ( $mode == 'mod' )
?>
<table width="100%" cellpadding="1" cellspacing="1" border="0">
<tr>
<td align="right"><?php echo $lang['Select_forum']; ?>: <select name="f" onchange="this.form.submit()"><?php echo $forum_options; ?></select> <input class="liteoption" type="submit" value="<?php echo $lang['Go']; ?>" /></td>
<td align="right"><?php echo $lang['Select_forum']; ?>: <?php echo $forum_box; ?> <input class="liteoption" type="submit" value="<?php echo $lang['Go']; ?>" /></td>
</tr>
</table>
<?php
@ -237,7 +218,7 @@ if ( $log_count )
}
if ( $auth->get_acl_admin('clearlogs') )
if ( $auth->acl_get('a_clearlogs') )
{
?>
@ -266,7 +247,7 @@ else
<td align="left" valign="top">&nbsp;<span class="nav"><?php echo on_page($log_count, $board_config['topics_per_page'], $start); ?></span></td>
<td align="right" valign="top" nowrap="nowrap"><?php
if ( $auth->get_acl_admin('clearlogs') )
if ( $auth->acl_get('a_clearlogs') )
{

24
phpBB/admin/admin_words.php
View file

@ -21,7 +21,7 @@
if ( !empty($setmodules) )
{
if ( !$auth->get_acl_admin('general') )
if ( !$auth->acl_get('a_general') )
{
return;
}
@ -42,7 +42,7 @@ require('pagestart.' . $phpEx);
//
// Do we have forum admin permissions?
//
if ( !$auth->get_acl_admin('general') )
if ( !$auth->acl_get('a_general') )
{
return;
}
@ -50,20 +50,20 @@ if ( !$auth->get_acl_admin('general') )
//
//
//
if ( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) )
if ( isset($_GET['mode']) || isset($_POST['mode']) )
{
$mode = ( isset($HTTP_GET_VARS['mode']) ) ? $HTTP_GET_VARS['mode'] : $HTTP_POST_VARS['mode'];
$mode = ( isset($_GET['mode']) ) ? $_GET['mode'] : $_POST['mode'];
}
else
{
//
// These could be entered via a form button
//
if ( isset($HTTP_POST_VARS['add']) )
if ( isset($_POST['add']) )
{
$mode = 'add';
}
else if ( isset($HTTP_POST_VARS['save']) )
else if ( isset($_POST['save']) )
{
$mode = 'save';
}
@ -79,7 +79,7 @@ if( $mode != '' )
{
case 'edit':
case 'add':
$word_id = ( isset($HTTP_GET_VARS['id']) ) ? intval($HTTP_GET_VARS['id']) : 0;
$word_id = ( isset($_GET['id']) ) ? intval($_GET['id']) : 0;
$s_hidden_fields = '';
if ( $mode == 'edit' )
@ -128,9 +128,9 @@ if( $mode != '' )
break;
case 'save':
$word_id = ( isset($HTTP_POST_VARS['id']) ) ? intval($HTTP_POST_VARS['id']) : 0;
$word = ( isset($HTTP_POST_VARS['word']) ) ? trim($HTTP_POST_VARS['word']) : '';
$replacement = ( isset($HTTP_POST_VARS['replacement']) ) ? trim($HTTP_POST_VARS['replacement']) : '';
$word_id = ( isset($_POST['id']) ) ? intval($_POST['id']) : 0;
$word = ( isset($_POST['word']) ) ? trim($_POST['word']) : '';
$replacement = ( isset($_POST['replacement']) ) ? trim($_POST['replacement']) : '';
if ( $word == '' || $replacement == '' )
{
@ -149,9 +149,9 @@ if( $mode != '' )
case 'delete':
if ( isset($HTTP_POST_VARS['id']) || isset($HTTP_GET_VARS['id']) )
if ( isset($_POST['id']) || isset($_GET['id']) )
{
$word_id = ( isset($HTTP_POST_VARS['id']) ) ? intval($HTTP_POST_VARS['id']) : intval($HTTP_GET_VARS['id']);
$word_id = ( isset($_POST['id']) ) ? intval($_POST['id']) : intval($_GET['id']);
}
else
{

2
phpBB/admin/index.php
View file

@ -37,7 +37,7 @@ require('pagestart.' . $phpEx);
//
// Do we have any admin permissions at all?
//
if ( !$auth->get_acl_admin() )
if ( !$auth->acl_get('a_') )
{
message_die(MESSAGE, 'No_admin', '', true);
}

65
phpBB/admin/pagestart.php
View file

@ -31,57 +31,28 @@ include($phpbb_root_path . 'common.'.$phpEx);
// Start session management
//
$userdata = $session->start($update);
$auth->acl($userdata);
$auth->acl($userdata, false, 'a_');
$user = new user($userdata);
//
// End session management
//
//
// Configure style, language, etc.
//
//$session->configure($userdata);
// -----------------------------
// Functions
//
function page_header($sub_title, $meta = '', $table_html = true)
{
global $board_config, $db, $lang, $phpEx, $gzip_compress;
global $HTTP_SERVER_VARS;
global $board_config, $db, $lang, $phpEx;
define('HEADER_INC', true);
//
// gzip_compression
//
$gzip_compress = false;
if ( $board_config['gzip_compress'] )
{
$phpver = phpversion();
if ( $phpver >= '4.0.4pl1' && strstr($HTTP_SERVER_VARS['HTTP_USER_AGENT'], 'compatible') )
{
if ( extension_loaded('zlib') )
if ( extension_loaded('zlib') && strstr($HTTP_USER_AGENT,'compatible') && !headers_sent() )
{
ob_start('ob_gzhandler');
}
}
else if ( $phpver > '4.0' )
{
if ( strstr($HTTP_SERVER_VARS['HTTP_ACCEPT_ENCODING'], 'gzip') )
{
if ( extension_loaded('zlib') )
{
$gzip_compress = true;
ob_start();
ob_implicit_flush(0);
header("Content-Encoding: gzip");
}
}
}
}
header("Content-type: text/html; charset=" . $lang['ENCODING']);
@ -133,7 +104,7 @@ td.cat { background-image: url('images/cellpic1.gif') }
function page_footer($copyright_html = true)
{
global $board_config, $db, $lang, $phpEx, $gzip_compress;
global $board_config, $db, $lang, $phpEx;
?>
@ -157,37 +128,10 @@ function page_footer($copyright_html = true)
}
//
// Close our DB connection.
//
$db->sql_close();
//
// Compress buffered output if required
// and send to browser
//
if ( $gzip_compress )
{
//
// Borrowed from php.net!
//
$gzip_contents = ob_get_contents();
ob_end_clean();
$gzip_size = strlen($gzip_contents);
$gzip_crc = crc32($gzip_contents);
$gzip_contents = gzcompress($gzip_contents, 9);
$gzip_contents = substr($gzip_contents, 0, strlen($gzip_contents) - 4);
echo "\x1f\x8b\x08\x00\x00\x00\x00\x00";
echo $gzip_contents;
echo pack("V", $gzip_crc);
echo pack("V", $gzip_size);
}
exit;
}
function page_message($title, $message, $show_header = false)
@ -305,7 +249,6 @@ function view_log($mode, &$log, &$log_count, $limit = 0, $offset = 0, $forum_id
return;
}
//
// End Functions
// -----------------------------

21
phpBB/faq.php
View file

@ -24,26 +24,16 @@ $phpbb_root_path = './';
include($phpbb_root_path . 'extension.inc');
include($phpbb_root_path . 'common.'.$phpEx);
//
// Start session management
//
$userdata = $session->start();
$auth->acl($userdata);
//
$user = new user($userdata);
// End session management
//
//
// Configure style, language, etc.
//
$session->configure($userdata);
//
// Load the appropriate faq file
//
if ( isset($HTTP_GET_VARS['mode']) )
if ( isset($_GET['mode']) )
{
switch( $HTTP_GET_VARS['mode'] )
switch( $_GET['mode'] )
{
case 'bbcode':
$lang_file = 'lang_bbcode';
@ -60,11 +50,10 @@ else
$lang_file = 'lang_faq';
$l_title = $lang['FAQ'];
}
include($phpbb_root_path . 'language/lang_' . $board_config['default_lang'] . '/' . $lang_file . '.' . $phpEx);
//
include($user->lang_path . $lang_file . '.' . $phpEx);
// Pull the array data from the lang pack
//
$j = 0;
$counter = 0;
$counter_2 = 0;

8
phpBB/index.php
View file

@ -39,11 +39,9 @@ else
// Start session management
$userdata = $session->start();
$auth->acl($userdata);
$user = new user($userdata);
// End session management
// Configure style, language, etc.
$session->configure($userdata);
// Handle marking posts
if ($mark_read == 'forums')
{
@ -116,7 +114,7 @@ else
{
$is_nav = TRUE;
if (!$auth->get_acl($cat_id, 'forum', 'list'))
if (!$auth->acl_get('f_list', $cat_id))
{
// TODO: Deal with hidden categories
message_die(ERROR, $lang['Category_not_exist']);
@ -194,7 +192,7 @@ while ($row = $db->sql_fetchrow($result))
elseif ($row['display_on_index'] && $row['forum_status'] != ITEM_CATEGORY)
{
// Subforum, store it for direct linking
if ($auth->get_acl($row['forum_id'], 'forum', 'list'))
if ($auth->acl_get('f_list', $row['forum_id']))
{
$subforums[$parent_id][] = $row;
}

107
phpBB/install/schemas/mysql_basic.sql
View file

@ -86,59 +86,63 @@ INSERT INTO phpbb_config (config_name, config_value) VALUES ('ldap_base_dn', '')
INSERT INTO phpbb_config (config_name, config_value) VALUES ('ldap_uid', '');
# -- auth options
INSERT INTO phpbb_auth_options (auth_value) VALUES ('forum_list');
INSERT INTO phpbb_auth_options (auth_value) VALUES ('forum_read');
INSERT INTO phpbb_auth_options (auth_value) VALUES ('forum_post');
INSERT INTO phpbb_auth_options (auth_value) VALUES ('forum_reply');
INSERT INTO phpbb_auth_options (auth_value) VALUES ('forum_edit');
INSERT INTO phpbb_auth_options (auth_value) VALUES ('forum_delete');
INSERT INTO phpbb_auth_options (auth_value) VALUES ('forum_poll');
INSERT INTO phpbb_auth_options (auth_value) VALUES ('forum_vote');
INSERT INTO phpbb_auth_options (auth_value) VALUES ('forum_announce');
INSERT INTO phpbb_auth_options (auth_value) VALUES ('forum_sticky');
INSERT INTO phpbb_auth_options (auth_value) VALUES ('forum_attach');
INSERT INTO phpbb_auth_options (auth_value) VALUES ('forum_download');
INSERT INTO phpbb_auth_options (auth_value) VALUES ('forum_html');
INSERT INTO phpbb_auth_options (auth_value) VALUES ('forum_bbcode');
INSERT INTO phpbb_auth_options (auth_value) VALUES ('forum_smilies');
INSERT INTO phpbb_auth_options (auth_value) VALUES ('forum_img');
INSERT INTO phpbb_auth_options (auth_value) VALUES ('forum_flash');
INSERT INTO phpbb_auth_options (auth_value) VALUES ('forum_sigs');
INSERT INTO phpbb_auth_options (auth_value) VALUES ('forum_search');
INSERT INTO phpbb_auth_options (auth_value) VALUES ('forum_email');
INSERT INTO phpbb_auth_options (auth_value) VALUES ('forum_rate');
INSERT INTO phpbb_auth_options (auth_value) VALUES ('forum_print');
INSERT INTO phpbb_auth_options (auth_value) VALUES ('forum_ignoreflood');
INSERT INTO phpbb_auth_options (auth_value) VALUES ('forum_ignorequeue');
INSERT INTO phpbb_auth_options (auth_value) VALUES ('f_');
INSERT INTO phpbb_auth_options (auth_value) VALUES ('m_');
INSERT INTO phpbb_auth_options (auth_value) VALUES ('a_');
INSERT INTO phpbb_auth_options (auth_value) VALUES ('mod_edit');
INSERT INTO phpbb_auth_options (auth_value) VALUES ('mod_delete');
INSERT INTO phpbb_auth_options (auth_value) VALUES ('mod_move');
INSERT INTO phpbb_auth_options (auth_value) VALUES ('mod_lock');
INSERT INTO phpbb_auth_options (auth_value) VALUES ('mod_split');
INSERT INTO phpbb_auth_options (auth_value) VALUES ('mod_merge');
INSERT INTO phpbb_auth_options (auth_value) VALUES ('mod_approve');
INSERT INTO phpbb_auth_options (auth_value) VALUES ('mod_unrate');
INSERT INTO phpbb_auth_options (auth_value) VALUES ('mod_auth');
INSERT INTO phpbb_auth_options (auth_value) VALUES ('f_list');
INSERT INTO phpbb_auth_options (auth_value) VALUES ('f_read');
INSERT INTO phpbb_auth_options (auth_value) VALUES ('f_post');
INSERT INTO phpbb_auth_options (auth_value) VALUES ('f_reply');
INSERT INTO phpbb_auth_options (auth_value) VALUES ('f_edit');
INSERT INTO phpbb_auth_options (auth_value) VALUES ('f_delete');
INSERT INTO phpbb_auth_options (auth_value) VALUES ('f_poll');
INSERT INTO phpbb_auth_options (auth_value) VALUES ('f_vote');
INSERT INTO phpbb_auth_options (auth_value) VALUES ('f_announce');
INSERT INTO phpbb_auth_options (auth_value) VALUES ('f_sticky');
INSERT INTO phpbb_auth_options (auth_value) VALUES ('f_attach');
INSERT INTO phpbb_auth_options (auth_value) VALUES ('f_download');
INSERT INTO phpbb_auth_options (auth_value) VALUES ('f_html');
INSERT INTO phpbb_auth_options (auth_value) VALUES ('f_bbcode');
INSERT INTO phpbb_auth_options (auth_value) VALUES ('f_smilies');
INSERT INTO phpbb_auth_options (auth_value) VALUES ('f_img');
INSERT INTO phpbb_auth_options (auth_value) VALUES ('f_flash');
INSERT INTO phpbb_auth_options (auth_value) VALUES ('f_sigs');
INSERT INTO phpbb_auth_options (auth_value) VALUES ('f_search');
INSERT INTO phpbb_auth_options (auth_value) VALUES ('f_email');
INSERT INTO phpbb_auth_options (auth_value) VALUES ('f_rate');
INSERT INTO phpbb_auth_options (auth_value) VALUES ('f_print');
INSERT INTO phpbb_auth_options (auth_value) VALUES ('f_ignoreflood');
INSERT INTO phpbb_auth_options (auth_value) VALUES ('f_ignorequeue');
INSERT INTO phpbb_auth_options (auth_value) VALUES ('admin_general');
INSERT INTO phpbb_auth_options (auth_value) VALUES ('admin_user');
INSERT INTO phpbb_auth_options (auth_value) VALUES ('admin_group');
INSERT INTO phpbb_auth_options (auth_value) VALUES ('admin_forum');
INSERT INTO phpbb_auth_options (auth_value) VALUES ('admin_post');
INSERT INTO phpbb_auth_options (auth_value) VALUES ('admin_ban');
INSERT INTO phpbb_auth_options (auth_value) VALUES ('admin_auth');
INSERT INTO phpbb_auth_options (auth_value) VALUES ('admin_email');
INSERT INTO phpbb_auth_options (auth_value) VALUES ('admin_styles');
INSERT INTO phpbb_auth_options (auth_value) VALUES ('admin_backup');
INSERT INTO phpbb_auth_options (auth_value) VALUES ('admin_clearlogs');
INSERT INTO phpbb_auth_options (auth_value) VALUES ('m_edit');
INSERT INTO phpbb_auth_options (auth_value) VALUES ('m_delete');
INSERT INTO phpbb_auth_options (auth_value) VALUES ('m_move');
INSERT INTO phpbb_auth_options (auth_value) VALUES ('m_lock');
INSERT INTO phpbb_auth_options (auth_value) VALUES ('m_split');
INSERT INTO phpbb_auth_options (auth_value) VALUES ('m_merge');
INSERT INTO phpbb_auth_options (auth_value) VALUES ('m_approve');
INSERT INTO phpbb_auth_options (auth_value) VALUES ('m_unrate');
INSERT INTO phpbb_auth_options (auth_value) VALUES ('m_auth');
INSERT INTO phpbb_auth_options (auth_value) VALUES ('a_general');
INSERT INTO phpbb_auth_options (auth_value) VALUES ('a_user');
INSERT INTO phpbb_auth_options (auth_value) VALUES ('a_group');
INSERT INTO phpbb_auth_options (auth_value) VALUES ('a_forum');
INSERT INTO phpbb_auth_options (auth_value) VALUES ('a_post');
INSERT INTO phpbb_auth_options (auth_value) VALUES ('a_ban');
INSERT INTO phpbb_auth_options (auth_value) VALUES ('a_auth');
INSERT INTO phpbb_auth_options (auth_value) VALUES ('a_email');
INSERT INTO phpbb_auth_options (auth_value) VALUES ('a_styles');
INSERT INTO phpbb_auth_options (auth_value) VALUES ('a_backup');
INSERT INTO phpbb_auth_options (auth_value) VALUES ('a_clearlogs');
# -- phpbb_styles
INSERT INTO phpbb_styles (style_id, template_id, theme_id, imageset_id, style_name) VALUES (1, 1, 1, 1, 'subSilver');
# -- phpbb_styles_imageset
INSERT INTO phpbb_styles_imageset (imageset_id, imageset_name, imageset_path, post_new, post_locked, post_pm, reply_new, reply_pm, reply_locked, icon_quote, icon_edit, icon_search, icon_profile, icon_pm, icon_email, icon_www, icon_icq, icon_aim, icon_yim, icon_msnm, icon_no_email, icon_no_www, icon_no_icq, icon_no_aim, icon_no_yim, icon_no_msnm, icon_delete, icon_ip, goto_post, goto_post_new, goto_post_latest, goto_post_newest, forum, forum_new, forum_locked, folder, folder_new, folder_hot, folder_hot_new, folder_locked, folder_locked_new, folder_sticky, folder_sticky_new, folder_announce, folder_announce_new, topic_watch, topic_unwatch, poll_left, poll_center, poll_right, rating) VALUES (1, 'subSilver &copy; phpBB Group', 'subSilver', '"imagesets/subSilver/{LANG}/post.gif" width="82" height="25" border="0"', '"imagesets/subSilver/{LANG}/reply-locked.gif" width="82" height="25" border="0"', '"imagesets/subSilver/{LANG}/post.gif" width="82" height="25" border="0"', '"imagesets/subSilver/{LANG}/reply.gif" width="88" height="27" border="0"', '"imagesets/subSilver/{LANG}/reply.gif" width="88" height="27" border="0"', '"imagesets/subSilver/{LANG}/reply-locked.gif" width="82" height="25" border="0"', '"imagesets/subSilver/{LANG}/icon_quote.gif" width="59" height="18" border="0"', '"imagesets/subSilver/{LANG}/icon_edit.gif" width="59" height="18" border="0"', '"imagesets/subSilver/{LANG}/icon_search.gif" width="59" height="18" border="0"', '"imagesets/subSilver/{LANG}/icon_profile.gif" width="59" height="18" border="0"', '"imagesets/subSilver/{LANG}/icon_pm.gif" width="59" height="18" border="0"', '"imagesets/subSilver/{LANG}/icon_email.gif" width="59" height="18" border="0"', '"imagesets/subSilver/{LANG}/icon_www.gif" width="59" height="18" border="0"', '"imagesets/subSilver/{LANG}/icon_icq_add.gif" width="59" height="18" border="0"', '"imagesets/subSilver/{LANG}/icon_aim.gif" width="59" height="18" border="0"', '"imagesets/subSilver/{LANG}/icon_yim.gif" width="59" height="18" border="0"', '"imagesets/subSilver/{LANG}/icon_msnm.gif" width="59" height="18" border="0"', '', '', '', '', '', '', '"imagesets/subSilver/icon_delete.gif" width="16" height="18" border="0"', '"imagesets/subSilver/{LANG}/icon_ip.gif" width="16" height="18" border="0"', '"imagesets/subSilver/icon_minipost.gif" width="12" height="9" border="0"', '"imagesets/subSilver/icon_minipost_new.gif" width="12" height="9" border="0"', '"imagesets/subSilver/icon_latest_reply.gif" width="18" height="9" border="0"', '"imagesets/subSilver/icon_newest_reply.gif" width="18" height="9" border="0"', '"imagesets/subSilver/folder_big.gif" width="46" height="25" border="0"', '"imagesets/subSilver/folder_new_big.gif" width="46" height="25" border="0"', '"imagesets/subSilver/folder_locked_big.gif" width="46" height="25" border="0"', '"imagesets/subSilver/folder.gif" width="19" height="18" border="0"', '"imagesets/subSilver/folder_new.gif" width="19" height="18" border="0"', '"imagesets/subSilver/folder_hot.gif" width="19" height="18" border="0"', '"imagesets/subSilver/folder_new_hot.gif" width="19" height="18" border="0"', '"imagesets/subSilver/folder_lock.gif" width="19" height="18" border="0"', '"imagesets/subSilver/folder_lock_new.gif" width="19" height="18" border="0"', '"imagesets/subSilver/folder_sticky.gif" width="19" height="18" border="0"', '"imagesets/subSilver/folder_sticky_new.gif" width="19" height="18" border="0"', '"imagesets/subSilver/folder_announce.gif" width="19" height="18" border="0"', '"imagesets/subSilver/folder_announce_new.gif" width="19" height="18" border="0"', '', '', '"imagesets/subSilver/voting_lcap.gif" width="4" height="12" border="0"', '"imagesets/subSilver/voting_rcap.gif" height="12" border="0"', '"imagesets/subSilver/voting_bar.gif" width="4" height="12" border="0"', '"imagesets/subSilver/ratings/{RATE}.gif" width="45" height="17" border="0"');
INSERT INTO phpbb_styles_imageset (imageset_id, imageset_name, imageset_path, post_new, post_locked, post_pm, reply_new, reply_pm, reply_locked, icon_quote, icon_edit, icon_search, icon_profile, icon_pm, icon_email, icon_www, icon_icq, icon_aim, icon_yim, icon_msnm, icon_no_email, icon_no_www, icon_no_icq, icon_no_aim, icon_no_yim, icon_no_msnm, icon_delete, icon_ip, goto_post, goto_post_new, goto_post_latest, goto_post_newest, forum, forum_new, forum_locked, sub_forum, sub_forum_new, folder, folder_new, folder_hot, folder_hot_new, folder_locked, folder_locked_new, folder_sticky, folder_sticky_new, folder_announce, folder_announce_new, topic_watch, topic_unwatch, poll_left, poll_center, poll_right, rating) VALUES (1, 'subSilver &copy; phpBB Group', 'subSilver', '"imagesets/subSilver/{LANG}/post.gif" width="82" height="25" border="0"', '"imagesets/subSilver/{LANG}/reply-locked.gif" width="82" height="25" border="0"', '"imagesets/subSilver/{LANG}/post.gif" width="82" height="25" border="0"', '"imagesets/subSilver/{LANG}/reply.gif" width="88" height="27" border="0"', '"imagesets/subSilver/{LANG}/reply.gif" width="88" height="27" border="0"', '"imagesets/subSilver/{LANG}/reply-locked.gif" width="82" height="25" border="0"', '"imagesets/subSilver/{LANG}/icon_quote.gif" width="59" height="18" border="0"', '"imagesets/subSilver/{LANG}/icon_edit.gif" width="59" height="18" border="0"', '"imagesets/subSilver/{LANG}/icon_search.gif" width="59" height="18" border="0"', '"imagesets/subSilver/{LANG}/icon_profile.gif" width="59" height="18" border="0"', '"imagesets/subSilver/{LANG}/icon_pm.gif" width="59" height="18" border="0"', '"imagesets/subSilver/{LANG}/icon_email.gif" width="59" height="18" border="0"', '"imagesets/subSilver/{LANG}/icon_www.gif" width="59" height="18" border="0"', '"imagesets/subSilver/{LANG}/icon_icq_add.gif" width="59" height="18" border="0"', '"imagesets/subSilver/{LANG}/icon_aim.gif" width="59" height="18" border="0"', '"imagesets/subSilver/{LANG}/icon_yim.gif" width="59" height="18" border="0"', '"imagesets/subSilver/{LANG}/icon_msnm.gif" width="59" height="18" border="0"', '', '', '', '', '', '', '"imagesets/subSilver/icon_delete.gif" width="16" height="18" border="0"', '"imagesets/subSilver/{LANG}/icon_ip.gif" width="16" height="18" border="0"', '"imagesets/subSilver/icon_minipost.gif" width="12" height="9" border="0"', '"imagesets/subSilver/icon_minipost_new.gif" width="12" height="9" border="0"', '"imagesets/subSilver/icon_latest_reply.gif" width="18" height="9" border="0"', '"imagesets/subSilver/icon_newest_reply.gif" width="18" height="9" border="0"', '"imagesets/subSilver/folder_big.gif" width="46" height="25" border="0"', '"imagesets/subSilver/folder_new_big.gif" width="46" height="25" border="0"', '"imagesets/subSilver/folder_locked_big.gif" width="46" height="25" border="0"', '"imagesets/subSilver/subfolder_big.gif" width="46" height="25" border="0"', '"imagesets/subSilver/subfolder_new_big.gif" width="46" height="25" border="0"', '"imagesets/subSilver/folder.gif" width="19" height="18" border="0"', '"imagesets/subSilver/folder_new.gif" width="19" height="18" border="0"', '"imagesets/subSilver/folder_hot.gif" width="19" height="18" border="0"', '"imagesets/subSilver/folder_new_hot.gif" width="19" height="18" border="0"', '"imagesets/subSilver/folder_lock.gif" width="19" height="18" border="0"', '"imagesets/subSilver/folder_lock_new.gif" width="19" height="18" border="0"', '"imagesets/subSilver/folder_sticky.gif" width="19" height="18" border="0"', '"imagesets/subSilver/folder_sticky_new.gif" width="19" height="18" border="0"', '"imagesets/subSilver/folder_announce.gif" width="19" height="18" border="0"', '"imagesets/subSilver/folder_announce_new.gif" width="19" height="18" border="0"', '', '', '"imagesets/subSilver/voting_lcap.gif" width="4" height="12" border="0"', '"imagesets/subSilver/voting_rcap.gif" height="12" border="0"', '"imagesets/subSilver/voting_bar.gif" width="4" height="12" border="0"', '"imagesets/subSilver/ratings/{RATE}.gif" width="45" height="17" border="0"');
# -- phpbb_styles_template
INSERT INTO phpbb_styles_template (template_id, template_name, template_path, poll_length, pm_box_length, compile_crc) VALUES (1, 'subSilver &copy; phpBB Group', 'subSilver', 205, 175, '');
@ -177,16 +181,17 @@ INSERT INTO phpbb_user_group (group_id, user_id, user_pending) VALUES (5, 2, 0);
# -- User auth
INSERT INTO phpbb_auth_users (user_id, forum_id, auth_option_id, auth_allow_deny) SELECT 2, 1, auth_option_id, 8 FROM phpbb_auth_options WHERE auth_value LIKE 'm_%';
# -- Group auth
INSERT INTO phpbb_auth_groups (group_id, forum_id, auth_option_id, auth_allow_deny) SELECT 1, 1, auth_option_id, 4 FROM phpbb_auth_options WHERE auth_value IN ('forum_list', 'forum_read', 'forum_post', 'forum_reply');
INSERT INTO phpbb_auth_groups (group_id, forum_id, auth_option_id, auth_allow_deny) SELECT 2, 1, auth_option_id, 8 FROM phpbb_auth_options WHERE auth_value LIKE 'forum%';
INSERT INTO phpbb_auth_groups (group_id, forum_id, auth_option_id, auth_allow_deny) SELECT 5, 0, auth_option_id, 8 FROM phpbb_auth_options WHERE auth_value LIKE 'admin%';
INSERT INTO phpbb_auth_groups (group_id, forum_id, auth_option_id, auth_allow_deny) SELECT 1, 1, auth_option_id, 4 FROM phpbb_auth_options WHERE auth_value IN ('f_list', 'f_read', 'f_post', 'f_reply');
INSERT INTO phpbb_auth_groups (group_id, forum_id, auth_option_id, auth_allow_deny) SELECT 2, 1, auth_option_id, 8 FROM phpbb_auth_options WHERE auth_value LIKE 'f_%';
INSERT INTO phpbb_auth_groups (group_id, forum_id, auth_option_id, auth_allow_deny) SELECT 5, 0, auth_option_id, 8 FROM phpbb_auth_options WHERE auth_value LIKE 'a_%';
# -- Prefetch auth
INSERT INTO phpbb_auth_prefetch (user_id, forum_id, auth_option_id, auth_allow_deny) SELECT 0, 1, auth_option_id, 1 FROM phpbb_auth_options WHERE auth_value IN ('forum_list', 'forum_read', 'forum_post', 'forum_reply');
INSERT INTO phpbb_auth_prefetch (user_id, forum_id, auth_option_id, auth_allow_deny) SELECT 2, 0, auth_option_id, 1 FROM phpbb_auth_options WHERE auth_value LIKE 'admin%';
INSERT INTO phpbb_auth_prefetch (user_id, forum_id, auth_option_id, auth_allow_deny) SELECT 2, 1, auth_option_id, 1 FROM phpbb_auth_options WHERE auth_value LIKE 'forum_mod%';
INSERT INTO phpbb_auth_prefetch (user_id, forum_id, auth_option_id, auth_allow_deny) SELECT 0, 1, auth_option_id, 1 FROM phpbb_auth_options WHERE auth_value IN ('f_list', 'f_read', 'f_post', 'f_reply');
INSERT INTO phpbb_auth_prefetch (user_id, forum_id, auth_option_id, auth_allow_deny) SELECT 2, 0, auth_option_id, 1 FROM phpbb_auth_options WHERE auth_value LIKE 'a_%';
INSERT INTO phpbb_auth_prefetch (user_id, forum_id, auth_option_id, auth_allow_deny) SELECT 2, 1, auth_option_id, 1 FROM phpbb_auth_options WHERE auth_value LIKE 'm_%';
# -- Demo Topic

1
phpBB/install/schemas/mysql_schema.sql
View file

@ -618,6 +618,7 @@ CREATE TABLE phpbb_users (
user_id mediumint(8) UNSIGNED NOT NULL auto_increment,
user_active tinyint(1) DEFAULT '1',
user_founder tinyint(1) DEFAULT '0' NOT NULL,
user_permissions text NULL,
user_ip varchar(40),
user_regdate int(11) DEFAULT '0' NOT NULL,
username varchar(30) NOT NULL,

12
phpBB/install/update_script.php
View file

@ -20,7 +20,7 @@ $db = new sql_db($dbhost, $dbuser, $dbpasswd, $dbname, $dbport, false);
//
// Updates to this version ...
//
$version = '2.1.0 [20020817]';
$version = '2.1.0 [20020820]';
// ----------------
// BEGIN VARS DEFNS
@ -506,7 +506,9 @@ switch ( $this_version )
$sql_ary = array(
"INSERT INTO " . $table_prefix . "styles (style_id, template_id, theme_id, imageset_id, style_name) VALUES (1, 1, 1, 1, 'subSilver')",
"INSERT INTO " . $table_prefix . "styles_imageset (imageset_id, imageset_name, imageset_path, post_new, post_locked, post_pm, reply_new, reply_pm, reply_locked, icon_quote, icon_edit, icon_search, icon_profile, icon_pm, icon_email, icon_www, icon_icq, icon_aim, icon_yim, icon_msnm, icon_no_email, icon_no_www, icon_no_icq, icon_no_aim, icon_no_yim, icon_no_msnm, icon_delete, icon_ip, goto_post, goto_post_new, goto_post_latest, goto_post_newest, forum, forum_new, forum_locked, folder, folder_new, folder_hot, folder_hot_new, folder_locked, folder_locked_new, folder_sticky, folder_sticky_new, folder_announce, folder_announce_new, topic_watch, topic_unwatch, poll_left, poll_center, poll_right, rating) VALUES (1, 'subSilver &copy; phpBB Group', 'subSilver', '\"imagesets/subSilver/{LANG}/post.gif\" width=\"82\" height=\"25\" border=\"0\"', '\"imagesets/subSilver/{LANG}/reply-locked.gif\" width=\"82\" height=\"25\" border=\"0\"', '\"imagesets/subSilver/{LANG}/post.gif\" width=\"82\" height=\"25\" border=\"0\"', '\"imagesets/subSilver/{LANG}/reply.gif\" width=\"88\" height=\"27\" border=\"0\"', '\"imagesets/subSilver/{LANG}/reply.gif\" width=\"88\" height=\"27\" border=\"0\"', '\"imagesets/subSilver/{LANG}/reply-locked.gif\" width=\"82\" height=\"25\" border=\"0\"', '\"imagesets/subSilver/{LANG}/icon_quote.gif\" width=\"59\" height=\"18\" border=\"0\"', '\"imagesets/subSilver/{LANG}/icon_edit.gif\" width=\"59\" height=\"18\" border=\"0\"', '\"imagesets/subSilver/{LANG}/icon_search.gif\" width=\"59\" height=\"18\" border=\"0\"', '\"imagesets/subSilver/{LANG}/icon_profile.gif\" width=\"59\" height=\"18\" border=\"0\"', '\"imagesets/subSilver/{LANG}/icon_pm.gif\" width=\"59\" height=\"18\" border=\"0\"', '\"imagesets/subSilver/{LANG}/icon_email.gif\" width=\"59\" height=\"18\" border=\"0\"', '\"imagesets/subSilver/{LANG}/icon_www.gif\" width=\"59\" height=\"18\" border=\"0\"', '\"imagesets/subSilver/{LANG}/icon_icq_add.gif\" width=\"59\" height=\"18\" border=\"0\"', '\"imagesets/subSilver/{LANG}/icon_aim.gif\" width=\"59\" height=\"18\" border=\"0\"', '\"imagesets/subSilver/{LANG}/icon_yim.gif\" width=\"59\" height=\"18\" border=\"0\"', '\"imagesets/subSilver/{LANG}/icon_msnm.gif\" width=\"59\" height=\"18\" border=\"0\"', '', '', '', '', '', '', '\"imagesets/subSilver/icon_delete.gif\" width=\"16\" height=\"18\" border=\"0\"', '\"imagesets/subSilver/{LANG}/icon_ip.gif\" width=\"16\" height=\"18\" border=\"0\"', '\"imagesets/subSilver/icon_minipost.gif\" width=\"12\" height=\"9\" border=\"0\"', '\"imagesets/subSilver/icon_minipost_new.gif\" width=\"12\" height=\"9\" border=\"0\"', '\"imagesets/subSilver/icon_latest_reply.gif\" width=\"18\" height=\"9\" border=\"0\"', '\"imagesets/subSilver/icon_newest_reply.gif\" width=\"18\" height=\"9\" border=\"0\"', '\"imagesets/subSilver/folder_big.gif\" width=\"46\" height=\"25\" border=\"0\"', '\"imagesets/subSilver/folder_new_big.gif\" width=\"46\" height=\"25\" border=\"0\"', '\"imagesets/subSilver/folder_locked_big.gif\" width=\"46\" height=\"25\" border=\"0\"', '\"imagesets/subSilver/folder.gif\" width=\"19\" height=\"18\" border=\"0\"', '\"imagesets/subSilver/folder_new.gif\" width=\"19\" height=\"18\" border=\"0\"', '\"imagesets/subSilver/folder_hot.gif\" width=\"19\" height=\"18\" border=\"0\"', '\"imagesets/subSilver/folder_new_hot.gif\" width=\"19\" height=\"18\" border=\"0\"', '\"imagesets/subSilver/folder_lock.gif\" width=\"19\" height=\"18\" border=\"0\"', '\"imagesets/subSilver/folder_lock_new.gif\" width=\"19\" height=\"18\" border=\"0\"', '\"imagesets/subSilver/folder_sticky.gif\" width=\"19\" height=\"18\" border=\"0\"', '\"imagesets/subSilver/folder_sticky_new.gif\" width=\"19\" height=\"18\" border=\"0\"', '\"imagesets/subSilver/folder_announce.gif\" width=\"19\" height=\"18\" border=\"0\"', '\"imagesets/subSilver/folder_announce_new.gif\" width=\"19\" height=\"18\" border=\"0\"', '', '', '\"imagesets/subSilver/voting_lcap.gif\" width=\"4\" height=\"12\" border=\"0\"', '\"imagesets/subSilver/voting_rcap.gif\" height=\"12\" border=\"0\"', '\"imagesets/subSilver/voting_bar.gif\" width=\"4\" height=\"12\" border=\"0\"', '\"imagesets/subSilver/ratings/{RATE}.gif\" width=\"45\" height=\"17\" border=\"0\"')",
"INSERT INTO " . $table_prefix . "styles_imageset (imageset_id, imageset_name, imageset_path, post_new, post_locked, post_pm, reply_new, reply_pm, reply_locked, icon_quote, icon_edit, icon_search, icon_profile, icon_pm, icon_email, icon_www, icon_icq, icon_aim, icon_yim, icon_msnm, icon_no_email, icon_no_www, icon_no_icq, icon_no_aim, icon_no_yim, icon_no_msnm, icon_delete, icon_ip, goto_post, goto_post_new, goto_post_latest, goto_post_newest, forum, forum_new, forum_locked, folder, folder_new, folder_hot, folder_hot_new, folder_locked, folder_locked_new, folder_sticky, folder_sticky_new, folder_announce, folder_announce_new, topic_watch, topic_unwatch, poll_left, poll_center, poll_right, rating) VALUES (1, 'subSilver &copy; phpBB Group', 'subSilver', '\"imagesets/subSilver/{LANG}/post.gif\" width=\"82\" height=\"25\" border=\"0\"', '\"imagesets/subSilver/{LANG}/reply-locked.gif\" width=\"82\" height=\"25\" border=\"0\"', '\"imagesets/subSilver/{LANG}/post.gif\" width=\"82\" height=\"25\" border=\"0\"', '\"imagesets/subSilver/{LANG}/reply.gif\" width=\"88\" height=\"27\" border=\"0\"', '\"imagesets/subSilver/{LANG}/reply.gif\" width=\"88\" height=\"27\" border=\"0\"', '\"imagesets/subSilver/{LANG}/reply-locked.gif\" width=\"82\" height=\"25\" border=\"0\"', '\"imagesets/subSilver/{LANG}/icon_quote.gif\" width=\"59\" height=\"18\" border=\"0\"', '\"imagesets/subSilver/{LANG}/icon_edit.gif\" width=\"59\" height=\"18\" border=\"0\"', '\"imagesets/subSilver/{LANG}/icon_search.gif\" width=\"59\" height=\"18\" border=\"0\"', '\"imagesets/subSilver/{LANG}/icon_profile.gif\" width=\"59\" height=\"18\" border=\"0\"', '\"imagesets/subSilver/{LANG}/icon_pm.gif\" width=\"59\" height=\"18\" border=\"0\"', '\"imagesets/subSilver/{LANG}/icon_email.gif\" width=\"59\" height=\"18\" border=\"0\"', '\"imagesets/subSilver/{LANG}/icon_www.gif\" width=\"59\" height=\"18\" border=\"0\"', '\"imagesets/subSilver/{LANG}/icon_icq_add.gif\" width=\"59\" height=\"18\" border=\"0\"', '\"imagesets/subSilver/{LANG}/icon_aim.gif\" width=\"59\" height=\"18\" border=\"0\"', '\"imagesets/subSilver/{LANG}/icon_yim.gif\" width=\"59\" height=\"18\" border=\"0\"', '\"imagesets/subSilver/{LANG}/icon_msnm.gif\" width=\"59\" height=\"18\" border=\"0\"', '', '', '', '', '', '', '\"imagesets/subSilver/icon_delete.gif\" width=\"16\" height=\"18\" border=\"0\"', '\"imagesets/subSilver/{LANG}/icon_ip.gif\" width=\"16\" height=\"18\" border=\"0\"', '\"imagesets/subSilver/icon_minipost.gif\" width=\"12\" height=\"9\" border=\"0\"', '\"imagesets/subSilver/icon_minipost_new.gif\" width=\"12\" height=\"9\" border=\"0\"', '\"imagesets/subSilver/icon_latest_reply.gif\" width=\"18\" height=\"9\" border=\"0\"', '\"imagesets/subSilver/icon_newest_reply.gif\" width=\"18\" height=\"9\" border=\"0\"', '\"imagesets/subSilver/folder_big.gif\" width=\"46\" height=\"25\" border=\"0\"', '\"imagesets/subSilver/folder_new_big.gif\" width=\"46\" height=\"25\" border=\"0\"', '\"imagesets/subSilver/folder_locked_big.gif\" width=\"46\" height=\"25\" border=\"0\"', '\"imagesets/subSilver/folder.gif\" width=\"19\" height=\"18\" border=\"0\"', '\"imagesets/subSilver/folder_new.gif\" width=\"19\" height=\"18\" border=\"0\"', '\"imagesets/subSilver/folder_hot.gif\" width=\"19\" height=\"18\" border=\"0\"', '\"imagesets/subSilver/folder_new_hot.gif\" width=\"19\" height=\"18\" border=\"0\"', '\"imagesets/subSilver/folder_lock.gif\" width=\"19\" height=\"18\" border=\"0\"', '\"imagesets/subSilver/folder_lock_new.gif\" width=\"19\" height=\"18\" border=\"0\"', '\"imagesets/subSilver/folder_sticky.gif\" width=\"19\" height=\"18\" border=\"0\"', '\"imagesets/subSilver/folder_sticky_new.gif\" width=\"19\" height=\"18\" border=\"0\"', '\"imagesets/subSilver/folder_announce.gif\" width=\"19\" height=\"18\" border=\"0\"', '\"imagesets/subSilver/folder_announce_new.gif\" width=\"19\" height=\"18\" border=\"0\"', '', '', '\"imagesets/subSilver/voting_lcap.gif\" width=\"4\" height=\"12\" border=\"0\"', '\"imagesets/subSilver/voting_rcap.gif\" height=\"12\" border=\"0\"', '\"imagesets/subSilver/voting_bar
.gif\" width=\"4\" height=\"12\" border=\"0\"', '\"imagesets/subSilver/ratings/{RATE}.gif\" width=\"45\" height=\"17\" border=\"0\"')",
"INSERT INTO " . $table_prefix . "styles_template (template_id, template_name, template_path, poll_length, pm_box_length, compile_crc) VALUES (1, 'subSilver &copy; phpBB Group', 'subSilver', 205, 175, '')",
@ -937,7 +939,11 @@ switch ( $this_version )
gen_str_ok();
break;
case '2.1.0 [20020817]':
$sql = "INSERT INTO phpbb_config (config_name, config_value)
VALUES ('ip_check', '4')";
$db->sql_query($sql);
default;
print "<span class=\"updtext\">* No updates needed</span><br />\n";

90
phpBB/language/en/lang_admin.php
View file

@ -168,7 +168,7 @@ $lang = array_merge($lang, array(
'Restore_Error_no_file' => 'No file was uploaded',
'Permissions_explain' => 'Here you can alter which users and groups can access which forums. Permissions can be set for individual operations such as; reading, posting, voting, etc via the <i>Advanced</i> form. This page only applies to forum permissions. To assign moderators or define administrators please use the appropriate page (see left hand side menu).',
'Permissions_extra_explain' => 'Permissions are based on a; PERMIT, ALLOW, DENY, PREVENT system. By default users and groups are set to DENY access to all operations, to do anything users or groups have to be granted ALLOW access. When conflicts exist, e.g. a user having ALLOW permissions to a function belongs to a group that is set to DENY such a function the user setting takes precidence, i.e. in this case the user would be ALLOWed access to this function. Similarly a user denied access to a function will be denied even if they belong to a group that grants them access. If a user belongs to two groups one of which grants an ALLOW while another is set to DENY the user will be denied access.',
'Permissions_extra2_explain' => 'There may be times when you want to deny (or allow) access to a group no matter what their individual user settings are, this is what PERMIT and PREVENT are for. By setting a user (or more likely a group) to one of these will PERMIT (ALLOW) or PREVENT (DENY) access to a function no matter what their user settings are. You may find this useful for things such as \"banned\" groups, etc. doing away with any need to check for individual user permissions.',
'Permissions_extra2_explain' => 'There may be times when you want to deny (or allow) access to a group no matter what their individual user settings are, this is what PERMIT and PREVENT are for. By setting a user (or more likely a group) to one of these will PERMIT (ALLOW) or PREVENT (DENY) access to a function no matter what their user settings are. You may find this useful for things such as "banned" groups, etc. doing away with any need to check for individual user permissions.',
'Moderators' => 'Moderators',
'Moderators_explain' => 'Here you can assign users and groups as forum moderators. You can give users or groups individual access to certain moderator functions as you set fit via the <i>Advanced</i> form. Moderators have additional power in a given forum and by default can post and reply even when a forum or topic is locked.',
'Super_Moderators' => 'Super Moderators',
@ -196,50 +196,50 @@ $lang = array_merge($lang, array(
'Permit' => 'Permit',
'Deny' => 'Deny',
'Prevent' => 'Prevent',
'acl_admin_general' => 'General Settings',
'acl_admin_user' => 'Users',
'acl_admin_group' => 'Groups',
'acl_admin_forum' => 'Forums',
'acl_admin_post' => 'Posts',
'acl_admin_ban' => 'Banning',
'acl_admin_auth' => 'Permissions',
'acl_admin_email' => 'Email',
'acl_admin_styles' => 'Styles',
'acl_admin_backup' => 'Backups',
'acl_admin_clearlogs' => 'Clear Admin Log',
'acl_mod_edit' => 'Edit posts',
'acl_mod_delete' => 'Delete posts',
'acl_mod_move' => 'Move posts',
'acl_mod_lock' => 'Lock topics',
'acl_mod_split' => 'Split topics',
'acl_mod_merge' => 'Merge topics',
'acl_mod_approve' => 'Approve posts',
'acl_mod_unrate' => 'Un-rate topics',
'acl_mod_auth' => 'Set permissions',
'acl_forum_list' => 'See forum',
'acl_forum_read' => 'Read forum',
'acl_forum_post' => 'Post in forum',
'acl_forum_reply' => 'Reply to posts',
'acl_forum_edit' => 'Edit own posts',
'acl_forum_delete' => 'Delete own posts',
'acl_forum_poll' => 'Create polls',
'acl_forum_vote' => 'Vote in polls',
'acl_forum_announce' => 'Post announcements',
'acl_forum_sticky' => 'Post stickies',
'acl_forum_attach' => 'Attach files',
'acl_forum_download' => 'Download files',
'acl_forum_html' => 'Post HTML',
'acl_forum_bbcode' => 'Post BBCode',
'acl_forum_smilies' => 'Post smilies',
'acl_forum_img' => 'Post images',
'acl_forum_flash' => 'Post Flash',
'acl_forum_sigs' => 'Use signatures',
'acl_forum_search' => 'Search the forum',
'acl_forum_email' => 'Email topics',
'acl_forum_rate' => 'Rate topics',
'acl_forum_print' => 'Print topics',
'acl_forum_ignoreflood' => 'Ignore flood limit',
'acl_forum_ignorequeue' => 'Ignore mod queue',
'acl_a_general' => 'General Settings',
'acl_a_user' => 'Users',
'acl_a_group' => 'Groups',
'acl_a_forum' => 'Forums',
'acl_a_post' => 'Posts',
'acl_a_ban' => 'Banning',
'acl_a_auth' => 'Permissions',
'acl_a_email' => 'Email',
'acl_a_styles' => 'Styles',
'acl_a_backup' => 'Backups',
'acl_a_clearlogs' => 'Clear Admin Log',
'acl_m__edit' => 'Edit posts',
'acl_m__delete' => 'Delete posts',
'acl_m__move' => 'Move posts',
'acl_m__lock' => 'Lock topics',
'acl_m__split' => 'Split topics',
'acl_m__merge' => 'Merge topics',
'acl_m__approve' => 'Approve posts',
'acl_m__unrate' => 'Un-rate topics',
'acl_m__auth' => 'Set permissions',
'acl_f_list' => 'See forum',
'acl_f_read' => 'Read forum',
'acl_f_post' => 'Post in forum',
'acl_f_reply' => 'Reply to posts',
'acl_f_edit' => 'Edit own posts',
'acl_f_delete' => 'Delete own posts',
'acl_f_poll' => 'Create polls',
'acl_f_vote' => 'Vote in polls',
'acl_f_announce' => 'Post announcements',
'acl_f_sticky' => 'Post stickies',
'acl_f_attach' => 'Attach files',
'acl_f_download' => 'Download files',
'acl_f_html' => 'Post HTML',
'acl_f_bbcode' => 'Post BBCode',
'acl_f_smilies' => 'Post smilies',
'acl_f_img' => 'Post images',
'acl_f_flash' => 'Post Flash',
'acl_f_sigs' => 'Use signatures',
'acl_f_search' => 'Search the forum',
'acl_f_email' => 'Email topics',
'acl_f_rate' => 'Rate topics',
'acl_f_print' => 'Print topics',
'acl_f_ignoreflood' => 'Ignore flood limit',
'acl_f_ignorequeue' => 'Ignore mod queue',
'Auth_updated' => 'Permissions have been updated',
'Prune_users' => 'Prune Users',
'Prune_users_explain' => 'Here you can delete (or deactivate) users from you board. This can be done in a variety of ways; by post count, last activity, etc. Each of these criteria can be combined, i.e. you can prune users last active before 2002-01-01 with fewer than 10 posts. Alternatively you can enter a list of users directly into the text box, any criteria entered will be ignored. Take care with this facility! Once a user is deleted there is no way back.',

33
phpBB/language/en/lang_main.php
View file

@ -19,7 +19,7 @@
*
***************************************************************************/
$lang = array_merge($lang, array(
$lang = array_merge($lang, array(
'ENCODING' => 'iso-8859-15',
'DIRECTION' => 'ltr',
'LEFT' => 'left',
@ -711,24 +711,24 @@
'-3' => 'GMT - 3 Hours',
'-2' => 'GMT - 2 Hours',
'-1' => 'GMT - 1 Hours',
0 => 'GMT',
1 => 'GMT + 1 Hour',
2 => 'GMT + 2 Hours',
3 => 'GMT + 3 Hours',
'0' => 'GMT',
'1' => 'GMT + 1 Hour',
'2' => 'GMT + 2 Hours',
'3' => 'GMT + 3 Hours',
'3.5' => 'GMT + 3.5 Hours',
4 => 'GMT + 4 Hours',
'4' => 'GMT + 4 Hours',
'4.5' => 'GMT + 4.5 Hours',
5 => 'GMT + 5 Hours',
'5' => 'GMT + 5 Hours',
'5.5' => 'GMT + 5.5 Hours',
6 => 'GMT + 6 Hours',
'6' => 'GMT + 6 Hours',
'6.5' => 'GMT + 6.5 Hours',
7 => 'GMT + 7 Hours',
8 => 'GMT + 8 Hours',
9 => 'GMT + 9 Hours',
'7' => 'GMT + 7 Hours',
'8' => 'GMT + 8 Hours',
'9' => 'GMT + 9 Hours',
'9.5' => 'GMT + 9.5 Hours',
10 => 'GMT + 10 Hours',
11 => 'GMT + 11 Hours',
12 => 'GMT + 12 Hours',
'10' => 'GMT + 10 Hours',
'11' => 'GMT + 11 Hours',
'12' => 'GMT + 12 Hours',
'tz' => array(
'-12' => 'GMT - 12 Hours',
'-11' => 'GMT - 11 Hours',
@ -800,8 +800,11 @@
'Sep' => 'Sep',
'Oct' => 'Oct',
'Nov' => 'Nov',
'Dec' => 'Dec'
'Dec' => 'Dec',
'AM' => 'AM',
'PM' => 'PM'
),
'Information' => 'Information',
'Critical_Information' => 'Critical Information',
'General_Error' => 'General Error',

23
phpBB/login.php
View file

@ -26,16 +26,11 @@ $phpbb_root_path = './';
include($phpbb_root_path . 'extension.inc');
include($phpbb_root_path . 'common.'.$phpEx);
//
// Set page ID for session management
//
$userdata = $session->start();
$auth = new auth($userdata);
$session->configure($userdata);
//
$user = new user($userdata);
// End session management
//
//
// This appears to work for IIS5 CGI under Win2K. Uses getenv since this doesn't exist for
@ -43,24 +38,22 @@ $session->configure($userdata);
//
$header_location = ( @preg_match('/Microsoft|WebSTAR|Xitami/', getenv('SERVER_SOFTWARE')) ) ? 'Refresh: 0; URL=' : 'Location: ';
extract($HTTP_GET_VARS);
extract($HTTP_POST_VARS);
extract($_GET);
extract($_POST);
$redirect = ( !empty($redirect) ) ? $HTTP_SERVER_VARS['QUERY_STRING'] : '';
$redirect = ( !empty($redirect) ) ? $_SERVER['QUERY_STRING'] : '';
//
// Do the login/logout/form/whatever
//
if ( isset($login) || isset($logout) )
{
if ( isset($login) && $userdata['user_id'] == ANONYMOUS )
if ( isset($login) && !$userdata['user_id'] )
{
$autologin = ( !empty($autologin) ) ? true : false;
//
// Is the board disabled? Are we an admin? No, then back to the index we go
//
if ( $board_config['board_disable'] && !$auth->get_acl_admin() )
if ( $board_config['board_disable'] && !$auth->acl_get('a_') )
{
header($header_location . "index.$phpEx$SID");
exit;
@ -76,7 +69,7 @@ if ( isset($login) || isset($logout) )
message_die(MESSAGE, $message);
}
}
else if ( $userdata['user_id'] != ANONYMOUS )
else if ( $userdata['user_id'] )
{
$session->destroy($userdata);
}
@ -89,7 +82,7 @@ if ( isset($login) || isset($logout) )
exit;
}
if ( $userdata['user_id'] == ANONYMOUS )
if ( !$userdata['user_id'] )
{
$template->assign_vars(array(
'L_ENTER_PASSWORD' => $lang['Enter_password'],

101
phpBB/memberlist.php
View file

@ -24,49 +24,44 @@ $phpbb_root_path = './';
include($phpbb_root_path . 'extension.inc');
include($phpbb_root_path . 'common.'.$phpEx);
//
// Start session management
//
$userdata = $session->start();
$auth->acl($userdata);
$session->configure($userdata);
//
$user = new user($userdata);
// End session management
//
$start = ( isset($HTTP_GET_VARS['start']) ) ? intval($HTTP_GET_VARS['start']) : 0;
$form = ( !empty($HTTP_GET_VARS['form']) ) ? $HTTP_GET_VARS['form'] : 0;
$field = ( isset($HTTP_GET_VARS['field']) ) ? $HTTP_GET_VARS['field'] : 'username';
$start = ( isset($_GET['start']) ) ? intval($_GET['start']) : 0;
$form = ( !empty($_GET['form']) ) ? $_GET['form'] : 0;
$field = ( isset($_GET['field']) ) ? $_GET['field'] : 'username';
$sort_by = ( !empty($HTTP_POST_VARS['sort_by']) ) ? intval($HTTP_POST_VARS['sort_by']) : ( ( !empty($HTTP_GET_VARS['sort_by']) ) ? $HTTP_GET_VARS['sort_by'] : '4' );
$sort_order = ( !empty($HTTP_POST_VARS['sort_order']) ) ? $HTTP_POST_VARS['sort_order'] : ( ( !empty($HTTP_GET_VARS['sort_order']) ) ? $HTTP_GET_VARS['sort_order'] : 'd' );
$sort_by = ( !empty($_POST['sort_by']) ) ? intval($_POST['sort_by']) : ( ( !empty($_GET['sort_by']) ) ? $_GET['sort_by'] : '4' );
$sort_order = ( !empty($_POST['sort_order']) ) ? $_POST['sort_order'] : ( ( !empty($_GET['sort_order']) ) ? $_GET['sort_order'] : 'd' );
$username = ( !empty($HTTP_POST_VARS['username']) ) ? $HTTP_POST_VARS['username'] : ( ( !empty($HTTP_GET_VARS['username']) ) ? $HTTP_GET_VARS['username'] : '' );
$email = ( !empty($HTTP_POST_VARS['email']) ) ? $HTTP_POST_VARS['email'] : ( ( !empty($HTTP_GET_VARS['email']) ) ? $HTTP_GET_VARS['email'] : '' );
$icq = ( !empty($HTTP_POST_VARS['icq']) ) ? intval($HTTP_POST_VARS['icq']) : ( ( !empty($HTTP_GET_VARS['icq']) ) ? $HTTP_GET_VARS['icq'] : '' );
$aim = ( !empty($HTTP_POST_VARS['aim']) ) ? $HTTP_POST_VARS['aim'] : ( ( !empty($HTTP_GET_VARS['aim']) ) ? $HTTP_GET_VARS['aim'] : '' );
$yahoo = ( !empty($HTTP_POST_VARS['yahoo']) ) ? $HTTP_POST_VARS['yahoo'] : ( ( !empty($HTTP_GET_VARS['yahoo']) ) ? $HTTP_GET_VARS['yahoo'] : '' );
$msn = ( !empty($HTTP_POST_VARS['msn']) ) ? $HTTP_POST_VARS['msn'] : ( ( !empty($HTTP_GET_VARS['msn']) ) ? $HTTP_GET_VARS['msn'] : '' );
$username = ( !empty($_POST['username']) ) ? $_POST['username'] : ( ( !empty($_GET['username']) ) ? $_GET['username'] : '' );
$email = ( !empty($_POST['email']) ) ? $_POST['email'] : ( ( !empty($_GET['email']) ) ? $_GET['email'] : '' );
$icq = ( !empty($_POST['icq']) ) ? intval($_POST['icq']) : ( ( !empty($_GET['icq']) ) ? $_GET['icq'] : '' );
$aim = ( !empty($_POST['aim']) ) ? $_POST['aim'] : ( ( !empty($_GET['aim']) ) ? $_GET['aim'] : '' );
$yahoo = ( !empty($_POST['yahoo']) ) ? $_POST['yahoo'] : ( ( !empty($_GET['yahoo']) ) ? $_GET['yahoo'] : '' );
$msn = ( !empty($_POST['msn']) ) ? $_POST['msn'] : ( ( !empty($_GET['msn']) ) ? $_GET['msn'] : '' );
$joined_select = ( !empty($HTTP_POST_VARS['joined_select']) ) ? $HTTP_POST_VARS['joined_select'] : ( ( !empty($HTTP_GET_VARS['joined_select']) ) ? $HTTP_GET_VARS['joined_select'] : 'lt' );
$active_select = ( !empty($HTTP_POST_VARS['active_select']) ) ? $HTTP_POST_VARS['active_select'] : ( ( !empty($HTTP_GET_VARS['active_select']) ) ? $HTTP_GET_VARS['active_select'] : 'lt' );
$count_select = ( !empty($HTTP_POST_VARS['count_select']) ) ? $HTTP_POST_VARS['count_select'] : ( ( !empty($HTTP_GET_VARS['count_select']) ) ? $HTTP_GET_VARS['count_select'] : 'eq' );
$joined = ( !empty($HTTP_POST_VARS['joined']) ) ? explode('-', $HTTP_POST_VARS['joined']) : ( ( !empty($HTTP_GET_VARS['joined']) ) ? explode('-', $HTTP_GET_VARS['joined']) : array() );
$active = ( !empty($HTTP_POST_VARS['active']) ) ? explode('-', $HTTP_POST_VARS['active']) : ( ( !empty($HTTP_GET_VARS['active']) ) ? explode('-', $HTTP_GET_VARS['active']) : array() );
$count = ( !empty($HTTP_POST_VARS['count']) ) ? intval($HTTP_POST_VARS['count']) : ( ( !empty($HTTP_GET_VARS['count']) ) ? $HTTP_GET_VARS['count'] : '' );
$joined_select = ( !empty($_POST['joined_select']) ) ? $_POST['joined_select'] : ( ( !empty($_GET['joined_select']) ) ? $_GET['joined_select'] : 'lt' );
$active_select = ( !empty($_POST['active_select']) ) ? $_POST['active_select'] : ( ( !empty($_GET['active_select']) ) ? $_GET['active_select'] : 'lt' );
$count_select = ( !empty($_POST['count_select']) ) ? $_POST['count_select'] : ( ( !empty($_GET['count_select']) ) ? $_GET['count_select'] : 'eq' );
$joined = ( !empty($_POST['joined']) ) ? explode('-', $_POST['joined']) : ( ( !empty($_GET['joined']) ) ? explode('-', $_GET['joined']) : array() );
$active = ( !empty($_POST['active']) ) ? explode('-', $_POST['active']) : ( ( !empty($_GET['active']) ) ? explode('-', $_GET['active']) : array() );
$count = ( !empty($_POST['count']) ) ? intval($_POST['count']) : ( ( !empty($_GET['count']) ) ? $_GET['count'] : '' );
if ( isset($HTTP_POST_VARS['order']) )
if ( isset($_POST['order']) )
{
$sort_order = ($HTTP_POST_VARS['order'] == 'a') ? 'ASC' : 'DESC';
$sort_order = ($_POST['order'] == 'a') ? 'ASC' : 'DESC';
}
else if ( isset($HTTP_GET_VARS['order']) )
else if ( isset($_GET['order']) )
{
$sort_order = ($HTTP_GET_VARS['order'] == 'a') ? 'ASC' : 'DESC';
$sort_order = ($_GET['order'] == 'a') ? 'ASC' : 'DESC';
}
else
{
@ -129,9 +124,9 @@ $template->assign_vars(array(
'S_MODE_ACTION' => "memberlist.$phpEx$SID")
);
if ( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) )
if ( isset($_GET['mode']) || isset($_POST['mode']) )
{
$mode = ( isset($HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode'];
$mode = ( isset($_POST['mode']) ) ? $_POST['mode'] : $_GET['mode'];
switch( $mode )
{
@ -181,11 +176,11 @@ if ( $row = $db->sql_fetchrow($result) )
$user_id = $row['user_id'];
$from = ( !empty($row['user_from']) ) ? $row['user_from'] : '&nbsp;';
$joined = create_date($lang['DATE_FORMAT'], $row['user_regdate'], $board_config['board_timezone']);
$joined = $user->format_date($row['user_regdate'], $lang['DATE_FORMAT']);
$posts = ( $row['user_posts'] ) ? $row['user_posts'] : 0;
$poster_avatar = '';
if ( $row['user_avatar_type'] && $user_id != ANONYMOUS && $row['user_allowavatar'] )
if ( $row['user_avatar_type'] && $user_id && $row['user_allowavatar'] )
{
switch( $row['user_avatar_type'] )
{
@ -201,7 +196,7 @@ if ( $row = $db->sql_fetchrow($result) )
}
}
if ( $row['user_viewemail'] || $auth->get_acl_admin() )
if ( $row['user_viewemail'] || $auth->acl_get('a_') )
{
$email_uri = ( $board_config['board_email_form'] ) ? "profile.$phpEx$SID&amp;mode=email&amp;u=" . $user_id : 'mailto:' . $row['user_email'];
@ -302,30 +297,30 @@ include($phpbb_root_path . 'includes/page_tail.'.$phpEx);
// Username search
function username_search()
{
global $SID, $HTTP_GET_VARS, $HTTP_POST_VARS, $phpEx, $phpbb_root_path;
global $db, $board_config, $template, $auth, $lang, $theme;
global $SID, $phpEx, $phpbb_root_path;
global $db, $board_config, $template, $auth, $lang, $theme, $user;
global $starttime;
$form = ( !empty($HTTP_GET_VARS['form']) ) ? $HTTP_GET_VARS['form'] : 0;
$field = ( isset($HTTP_GET_VARS['field']) ) ? $HTTP_GET_VARS['field'] : 'username';
$start = ( isset($HTTP_GET_VARS['start']) ) ? intval($HTTP_GET_VARS['start']) : 0;
$form = ( !empty($_GET['form']) ) ? $_GET['form'] : 0;
$field = ( isset($_GET['field']) ) ? $_GET['field'] : 'username';
$start = ( isset($_GET['start']) ) ? intval($_GET['start']) : 0;
$sort_by = ( !empty($HTTP_POST_VARS['sort_by']) ) ? intval($HTTP_POST_VARS['sort_by']) : ( ( !empty($HTTP_GET_VARS['sort_by']) ) ? $HTTP_GET_VARS['sort_by'] : '4' );
$sort_order = ( !empty($HTTP_POST_VARS['sort_order']) ) ? $HTTP_POST_VARS['sort_order'] : ( ( !empty($HTTP_GET_VARS['sort_order']) ) ? $HTTP_GET_VARS['sort_order'] : 'd' );
$sort_by = ( !empty($_POST['sort_by']) ) ? intval($_POST['sort_by']) : ( ( !empty($_GET['sort_by']) ) ? $_GET['sort_by'] : '4' );
$sort_order = ( !empty($_POST['sort_order']) ) ? $_POST['sort_order'] : ( ( !empty($_GET['sort_order']) ) ? $_GET['sort_order'] : 'd' );
$username = ( !empty($HTTP_POST_VARS['username']) ) ? $HTTP_POST_VARS['username'] : ( ( !empty($HTTP_GET_VARS['username']) ) ? $HTTP_GET_VARS['username'] : '' );
$email = ( !empty($HTTP_POST_VARS['email']) ) ? $HTTP_POST_VARS['email'] : ( ( !empty($HTTP_GET_VARS['email']) ) ? $HTTP_GET_VARS['email'] : '' );
$icq = ( !empty($HTTP_POST_VARS['icq']) ) ? intval($HTTP_POST_VARS['icq']) : ( ( !empty($HTTP_GET_VARS['icq']) ) ? $HTTP_GET_VARS['icq'] : '' );
$aim = ( !empty($HTTP_POST_VARS['aim']) ) ? $HTTP_POST_VARS['aim'] : ( ( !empty($HTTP_GET_VARS['aim']) ) ? $HTTP_GET_VARS['aim'] : '' );
$yahoo = ( !empty($HTTP_POST_VARS['yahoo']) ) ? $HTTP_POST_VARS['yahoo'] : ( ( !empty($HTTP_GET_VARS['yahoo']) ) ? $HTTP_GET_VARS['yahoo'] : '' );
$msn = ( !empty($HTTP_POST_VARS['msn']) ) ? $HTTP_POST_VARS['msn'] : ( ( !empty($HTTP_GET_VARS['msn']) ) ? $HTTP_GET_VARS['msn'] : '' );
$username = ( !empty($_POST['username']) ) ? $_POST['username'] : ( ( !empty($_GET['username']) ) ? $_GET['username'] : '' );
$email = ( !empty($_POST['email']) ) ? $_POST['email'] : ( ( !empty($_GET['email']) ) ? $_GET['email'] : '' );
$icq = ( !empty($_POST['icq']) ) ? intval($_POST['icq']) : ( ( !empty($_GET['icq']) ) ? $_GET['icq'] : '' );
$aim = ( !empty($_POST['aim']) ) ? $_POST['aim'] : ( ( !empty($_GET['aim']) ) ? $_GET['aim'] : '' );
$yahoo = ( !empty($_POST['yahoo']) ) ? $_POST['yahoo'] : ( ( !empty($_GET['yahoo']) ) ? $_GET['yahoo'] : '' );
$msn = ( !empty($_POST['msn']) ) ? $_POST['msn'] : ( ( !empty($_GET['msn']) ) ? $_GET['msn'] : '' );
$joined_select = ( !empty($HTTP_POST_VARS['joined_select']) ) ? $HTTP_POST_VARS['joined_select'] : ( ( !empty($HTTP_GET_VARS['joined_select']) ) ? $HTTP_GET_VARS['joined_select'] : 'lt' );
$active_select = ( !empty($HTTP_POST_VARS['active_select']) ) ? $HTTP_POST_VARS['active_select'] : ( ( !empty($HTTP_GET_VARS['active_select']) ) ? $HTTP_GET_VARS['active_select'] : 'lt' );
$count_select = ( !empty($HTTP_POST_VARS['count_select']) ) ? $HTTP_POST_VARS['count_select'] : ( ( !empty($HTTP_GET_VARS['count_select']) ) ? $HTTP_GET_VARS['count_select'] : 'eq' );
$joined = ( !empty($HTTP_POST_VARS['joined']) ) ? explode('-', $HTTP_POST_VARS['joined']) : ( ( !empty($HTTP_GET_VARS['joined']) ) ? explode('-', $HTTP_GET_VARS['joined']) : array() );
$active = ( !empty($HTTP_POST_VARS['active']) ) ? explode('-', $HTTP_POST_VARS['active']) : ( ( !empty($HTTP_GET_VARS['active']) ) ? explode('-', $HTTP_GET_VARS['active']) : array() );
$count = ( !empty($HTTP_POST_VARS['count']) ) ? intval($HTTP_POST_VARS['count']) : ( ( !empty($HTTP_GET_VARS['count']) ) ? $HTTP_GET_VARS['count'] : '' );
$joined_select = ( !empty($_POST['joined_select']) ) ? $_POST['joined_select'] : ( ( !empty($_GET['joined_select']) ) ? $_GET['joined_select'] : 'lt' );
$active_select = ( !empty($_POST['active_select']) ) ? $_POST['active_select'] : ( ( !empty($_GET['active_select']) ) ? $_GET['active_select'] : 'lt' );
$count_select = ( !empty($_POST['count_select']) ) ? $_POST['count_select'] : ( ( !empty($_GET['count_select']) ) ? $_GET['count_select'] : 'eq' );
$joined = ( !empty($_POST['joined']) ) ? explode('-', $_POST['joined']) : ( ( !empty($_GET['joined']) ) ? explode('-', $_GET['joined']) : array() );
$active = ( !empty($_POST['active']) ) ? explode('-', $_POST['active']) : ( ( !empty($_GET['active']) ) ? explode('-', $_GET['active']) : array() );
$count = ( !empty($_POST['count']) ) ? intval($_POST['count']) : ( ( !empty($_GET['count']) ) ? $_GET['count'] : '' );
//
//
@ -467,9 +462,9 @@ function username_search()
$username = $row['username'];
$user_id = $row['user_id'];
$joined = create_date($lang['DATE_FORMAT'], $row['user_regdate'], $board_config['board_timezone']);
$joined = $user->format_date($row['user_regdate'], $lang['DATE_FORMAT']);
$posts = ( $row['user_posts'] ) ? $row['user_posts'] : 0;
$active = ( !$row['user_lastvisit'] ) ? $lang['Never'] : create_date($lang['DATE_FORMAT'], $row['user_lastvisit'], $board_config['board_timezone']);
$active = ( !$row['user_lastvisit'] ) ? $lang['Never'] : $user->format_date($row['user_lastvisit'], $lang['DATE_FORMAT']);
$temp_url = "profile.$phpEx$SID&amp;mode=viewprofile&amp;u=$user_id";
$profile_img = '<a href="' . $temp_url . '">' . create_img($theme['icon_profile'], $lang['Read_profile']) . '</a>';

183
phpBB/modcp.php
View file

@ -23,46 +23,45 @@ define('IN_PHPBB', true);
$phpbb_root_path = './';
include($phpbb_root_path . 'extension.inc');
include($phpbb_root_path . 'common.'.$phpEx);
include($phpbb_root_path . 'includes/bbcode.'.$phpEx);
include($phpbb_root_path . 'includes/functions_admin.'.$phpEx);
//
// Obtain initial var settings
//
if ( isset($HTTP_GET_VARS['f']) || isset($HTTP_POST_VARS['f']) )
if ( isset($_GET['f']) || isset($_POST['f']) )
{
$forum_id = (isset($HTTP_POST_VARS['f'])) ? intval($HTTP_POST_VARS['f']) : intval($HTTP_GET_VARS['f']);
$forum_id = (isset($_POST['f'])) ? intval($_POST['f']) : intval($_GET['f']);
}
else
{
$forum_id = '';
}
if ( isset($HTTP_GET_VARS['p']) || isset($HTTP_POST_VARS['p']) )
if ( isset($_GET['p']) || isset($_POST['p']) )
{
$post_id = (isset($HTTP_POST_VARS['p'])) ? intval($HTTP_POST_VARS['p']) : intval($HTTP_GET_VARS['p']);
$post_id = (isset($_POST['p'])) ? intval($_POST['p']) : intval($_GET['p']);
}
else
{
$post_id = '';
}
if ( isset($HTTP_GET_VARS['t']) || isset($HTTP_POST_VARS['t']) )
if ( isset($_GET['t']) || isset($_POST['t']) )
{
$topic_id = (isset($HTTP_POST_VARS['t'])) ? intval($HTTP_POST_VARS['t']) : intval($HTTP_GET_VARS['t']);
$topic_id = (isset($_POST['t'])) ? intval($_POST['t']) : intval($_GET['t']);
}
else
{
$topic_id = '';
}
$confirm = ( !empty($HTTP_POST_VARS['confirm']) ) ? TRUE : 0;
$confirm = ( !empty($_POST['confirm']) ) ? TRUE : 0;
//
// Check if user did or did not confirm
// If they did not, forward them to the last page they were on
//
if ( isset($HTTP_POST_VARS['cancel']) )
if ( isset($_POST['cancel']) )
{
if ( $topic_id )
{
@ -82,19 +81,26 @@ if ( isset($HTTP_POST_VARS['cancel']) )
exit;
}
// Start session management
$userdata = $session->start();
$auth->acl($userdata, $forum_id);
$user = new user($userdata);
// End session management
//
// Continue var definitions
//
$start = ( isset($HTTP_GET_VARS['start']) ) ? $HTTP_GET_VARS['start'] : 0;
$start = ( isset($_GET['start']) ) ? $_GET['start'] : 0;
$delete = ( isset($HTTP_POST_VARS['delete']) ) ? TRUE : FALSE;
$move = ( isset($HTTP_POST_VARS['move']) ) ? TRUE : FALSE;
$lock = ( isset($HTTP_POST_VARS['lock']) ) ? TRUE : FALSE;
$unlock = ( isset($HTTP_POST_VARS['unlock']) ) ? TRUE : FALSE;
$delete = ( isset($_POST['delete']) ) ? TRUE : FALSE;
$move = ( isset($_POST['move']) ) ? TRUE : FALSE;
$lock = ( isset($_POST['lock']) ) ? TRUE : FALSE;
$unlock = ( isset($_POST['unlock']) ) ? TRUE : FALSE;
if ( isset($HTTP_POST_VARS['mode']) || isset($HTTP_GET_VARS['mode']) )
if ( isset($_POST['mode']) || isset($_GET['mode']) )
{
$mode = ( isset($HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode'];
$mode = ( isset($_POST['mode']) ) ? $_POST['mode'] : $_GET['mode'];
}
else
{
@ -120,16 +126,6 @@ else
}
}
//
// Start session management
//
$userdata = $session->start();
$auth->acl($userdata, $forum_id);
//
// End session management
//
$session->configure($userdata);
//
// Obtain relevant data
//
@ -167,7 +163,7 @@ else
//
// Auth check
//
if ( !$auth->get_acl($forum_id, 'mod') )
if ( !$auth->acl_get('m_', $forum_id) && !$auth->acl_get('a_') )
{
message_die(MESSAGE, $lang['Not_Moderator'], $lang['Not_Authorised']);
}
@ -185,7 +181,7 @@ switch( $mode )
{
include($phpbb_root_path . 'includes/functions_search.'.$phpEx);
$topics = ( isset($HTTP_POST_VARS['topic_id_list']) ) ? $HTTP_POST_VARS['topic_id_list'] : array($topic_id);
$topics = ( isset($_POST['topic_id_list']) ) ? $_POST['topic_id_list'] : array($topic_id);
$topic_id_sql = '';
for($i = 0; $i < count($topics); $i++)
@ -293,16 +289,16 @@ switch( $mode )
{
// Not confirmed, show confirmation message
if ( empty($HTTP_POST_VARS['topic_id_list']) && empty($topic_id) )
if ( empty($_POST['topic_id_list']) && empty($topic_id) )
{
message_die(GENERAL_MESSAGE, $lang['None_selected']);
}
$hidden_fields = '<input type="hidden" name="mode" value="' . $mode . '" /><input type="hidden" name="' . POST_FORUM_URL . '" value="' . $forum_id . '" />';
if ( isset($HTTP_POST_VARS['topic_id_list']) )
if ( isset($_POST['topic_id_list']) )
{
$topics = $HTTP_POST_VARS['topic_id_list'];
$topics = $_POST['topic_id_list'];
for($i = 0; $i < count($topics); $i++)
{
$hidden_fields .= '<input type="hidden" name="topic_id_list[]" value="' . intval($topics[$i]) . '" />';
@ -343,12 +339,12 @@ switch( $mode )
if ( $confirm )
{
$new_forum_id = $HTTP_POST_VARS['new_forum'];
$new_forum_id = $_POST['new_forum'];
$old_forum_id = $forum_id;
if ( $new_forum_id != $old_forum_id )
{
$topics = ( isset($HTTP_POST_VARS['topic_id_list']) ) ? $HTTP_POST_VARS['topic_id_list'] : array($topic_id);
$topics = ( isset($_POST['topic_id_list']) ) ? $_POST['topic_id_list'] : array($topic_id);
$topic_list = '';
for($i = 0; $i < count($topics); $i++)
@ -372,7 +368,7 @@ switch( $mode )
{
$topic_id = $row[$i]['topic_id'];
if ( isset($HTTP_POST_VARS['move_leave_shadow']) )
if ( isset($_POST['move_leave_shadow']) )
{
// Insert topic in the old forum that indicates that the forum has moved.
$sql = "INSERT INTO " . TOPICS_TABLE . " (forum_id, topic_title, topic_poster, topic_time, topic_status, topic_type, topic_vote, topic_views, topic_replies, topic_first_post_id, topic_last_post_id, topic_moved_id)
@ -433,16 +429,16 @@ switch( $mode )
}
else
{
if ( empty($HTTP_POST_VARS['topic_id_list']) && empty($topic_id) )
if ( empty($_POST['topic_id_list']) && empty($topic_id) )
{
message_die(GENERAL_MESSAGE, $lang['None_selected']);
}
$hidden_fields = '<input type="hidden" name="mode" value="' . $mode . '" /><input type="hidden" name="' . POST_FORUM_URL . '" value="' . $forum_id . '" />';
if ( isset($HTTP_POST_VARS['topic_id_list']) )
if ( isset($_POST['topic_id_list']) )
{
$topics = $HTTP_POST_VARS['topic_id_list'];
$topics = $_POST['topic_id_list'];
for($i = 0; $i < count($topics); $i++)
{
@ -482,7 +478,7 @@ switch( $mode )
break;
case 'lock':
$topics = ( isset($HTTP_POST_VARS['topic_id_list']) ) ? $HTTP_POST_VARS['topic_id_list'] : array($topic_id);
$topics = ( isset($_POST['topic_id_list']) ) ? $_POST['topic_id_list'] : array($topic_id);
$topic_id_sql = '';
for($i = 0; $i < count($topics); $i++)
@ -521,7 +517,7 @@ switch( $mode )
break;
case 'unlock':
$topics = ( isset($HTTP_POST_VARS['topic_id_list']) ) ? $HTTP_POST_VARS['topic_id_list'] : array($topic_id);
$topics = ( isset($_POST['topic_id_list']) ) ? $_POST['topic_id_list'] : array($topic_id);
$topic_id_sql = '';
for($i = 0; $i < count($topics); $i++)
@ -533,29 +529,26 @@ switch( $mode )
SET topic_status = " . TOPIC_UNLOCKED . "
WHERE topic_id IN ($topic_id_sql)
AND topic_moved_id = 0";
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not update topics table', '', __LINE__, __FILE__, $sql);
}
$db->sql_query($sql);
if ( !empty($topic_id) )
{
$redirect_page = append_sid("viewtopic.$phpEx?" . POST_TOPIC_URL . "=$topic_id");
$redirect_page = "viewtopic.$phpEx$SID&amp;t=$topic_id";
$message = sprintf($lang['Click_return_topic'], '<a href="' . $redirect_page . '">', '</a>');
}
else
{
$redirect_page = append_sid("modcp.$phpEx?" . POST_FORUM_URL . "=$forum_id");
$redirect_page = "modcp.$phpEx$SID&amp;f=$forum_id";
$message = sprintf($lang['Click_return_modcp'], '<a href="' . $redirect_page . '">', '</a>');
}
$message = $message . '<br \><br \>' . sprintf($lang['Click_return_forum'], '<a href="' . append_sid("viewforum.$phpEx?" . POST_FORUM_URL . "=$forum_id") . '">', '</a>');
$message = $message . '<br \><br \>' . sprintf($lang['Click_return_forum'], '<a href="' . "viewforum.$phpEx$SID&amp;f=$forum_id" . '">', '</a>');
$template->assign_vars(array(
'META' => '<meta http-equiv="refresh" content="3;url=' . $redirect_page . '">')
);
message_die(GENERAL_MESSAGE, $lang['Topics_Unlocked'] . '<br /><br />' . $message);
message_die(MESSAGE, $lang['Topics_Unlocked'] . '<br /><br />' . $message);
break;
@ -563,42 +556,36 @@ switch( $mode )
$page_title = $lang['Mod_CP'];
include($phpbb_root_path . 'includes/page_header.'.$phpEx);
if ( isset($HTTP_POST_VARS['split_type_all']) || isset($HTTP_POST_VARS['split_type_beyond']) )
if ( isset($_POST['split_type_all']) || isset($_POST['split_type_beyond']) )
{
$posts = $HTTP_POST_VARS['post_id_list'];
$posts = $_POST['post_id_list'];
$sql = "SELECT poster_id, topic_id, post_time
FROM " . POSTS_TABLE . "
WHERE post_id = " . $posts[0];
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not get post information', '', __LINE__, __FILE__, $sql);
}
$result = $db->sql_query($sql);
$post_rowset = $db->sql_fetchrow($result);
$first_poster = str_replace("\'", "''", $post_rowset['poster_id']);
$topic_id = $post_rowset['topic_id'];
$post_time = $post_rowset['post_time'];
$post_subject = trim(htmlspecialchars($HTTP_POST_VARS['subject']));
$post_subject = trim(htmlspecialchars($_POST['subject']));
if ( empty($post_subject) )
{
message_die(GENERAL_MESSAGE, $lang['Empty_subject']);
message_die(MESSAGE, $lang['Empty_subject']);
}
$new_forum_id = intval($HTTP_POST_VARS['new_forum_id']);
$new_forum_id = intval($_POST['new_forum_id']);
$topic_time = time();
$sql = "INSERT INTO " . TOPICS_TABLE . " (topic_title, topic_poster, topic_time, forum_id, topic_status, topic_type)
VALUES ('" . str_replace("\'", "''", $post_subject) . "', $first_poster, " . $topic_time . ", $new_forum_id, " . TOPIC_UNLOCKED . ", " . POST_NORMAL . ")";
if ( !($result = $db->sql_query($sql, BEGIN_TRANSACTION)) )
{
message_die(GENERAL_ERROR, 'Could not insert new topic', '', __LINE__, __FILE__, $sql);
}
$db->sql_query($sql);
$new_topic_id = $db->sql_nextid();
if( !empty($HTTP_POST_VARS['split_type_all']) )
if( !empty($_POST['split_type_all']) )
{
$post_id_sql = '';
for($i = 0; $i < count($posts); $i++)
@ -610,7 +597,7 @@ switch( $mode )
SET topic_id = $new_topic_id, forum_id = $new_forum_id
WHERE post_id IN ($post_id_sql)";
}
else if( !empty($HTTP_POST_VARS['split_type_beyond']) )
else if( !empty($_POST['split_type_beyond']) )
{
$sql = "UPDATE " . POSTS_TABLE . "
SET topic_id = $new_topic_id, forum_id = $new_forum_id
@ -618,10 +605,7 @@ switch( $mode )
AND topic_id = $topic_id";
}
if( !$db->sql_query($sql, END_TRANSACTION) )
{
message_die(GENERAL_ERROR, 'Could not update posts table', '', __LINE__, __FILE__, $sql);
}
$db->sql_query($sql);
sync('topic', $new_topic_id);
sync('topic', $topic_id);
@ -629,11 +613,11 @@ switch( $mode )
sync('forum', $forum_id);
$template->assign_vars(array(
'META' => '<meta http-equiv="refresh" content="3;url=' . append_sid("viewtopic.$phpEx?" . POST_TOPIC_URL . "=$topic_id") . '">')
'META' => '<meta http-equiv="refresh" content="3;url=' . "viewtopic.$phpEx$SID&amp;t==$topic_id" . '">')
);
$message = $lang['Topic_split'] . '<br /><br />' . sprintf($lang['Click_return_topic'], '<a href="' . append_sid("viewtopic.$phpEx?" . POST_TOPIC_URL . "=$topic_id") . '">', '</a>');
message_die(GENERAL_MESSAGE, $message);
$message = $lang['Topic_split'] . '<br /><br />' . sprintf($lang['Click_return_topic'], '<a href="' . "viewtopic.$phpEx$SID&amp;t==$topic_id" . '">', '</a>');
message_die(MESSAGE, $message);
}
else
{
@ -650,12 +634,9 @@ switch( $mode )
AND p.poster_id = u.user_id
AND p.post_id = pt.post_id
ORDER BY p.post_time ASC";
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not get topic/post information', '', __LINE__, __FILE__, $sql);
}
$result = $db->sql_query($sql);
$s_hidden_fields = '<input type="hidden" name="' . POST_FORUM_URL . '" value="' . $forum_id . '" /><input type="hidden" name="mode" value="split" />';
$s_hidden_fields = '<input type="hidden" name="f" value="' . $forum_id . '" /><input type="hidden" name="mode" value="split" />';
if( ( $total_posts = $db->sql_numrows($result) ) > 0 )
{
@ -680,9 +661,9 @@ switch( $mode )
'FORUM_NAME' => $forum_name,
'U_VIEW_FORUM' => append_sid("viewforum.$phpEx?" . POST_FORUM_URL . "=$forum_id"),
'U_VIEW_FORUM' => "viewforum.$phpEx$SID&amp;f=$forum_id",
'S_SPLIT_ACTION' => append_sid("modcp.$phpEx"),
'S_SPLIT_ACTION' => "modcp.$phpEx$SID",
'S_HIDDEN_FIELDS' => $s_hidden_fields,
'S_FORUM_SELECT' => make_forum_select("new_forum_id"))
);
@ -693,7 +674,7 @@ switch( $mode )
$poster_id = $postrow[$i]['user_id'];
$poster = $postrow[$i]['username'];
$post_date = create_date($board_config['default_dateformat'], $postrow[$i]['post_time'], $board_config['board_timezone']);
$post_date = $user->format_date($postrow[$i]['post_time']);
$bbcode_uid = $postrow[$i]['bbcode_uid'];
$message = $postrow[$i]['post_text'];
@ -738,14 +719,9 @@ switch( $mode )
$message = str_replace("\n", '<br />', $message);
$row_color = ( !($i % 2) ) ? $theme['td_color1'] : $theme['td_color2'];
$row_class = ( !($i % 2) ) ? $theme['td_class1'] : $theme['td_class2'];
$checkbox = ( $i > 0 ) ? '<input type="checkbox" name="post_id_list[]" value="' . $post_id . '" />' : '&nbsp;';
$template->assign_block_vars('postrow', array(
'ROW_COLOR' => '#' . $row_color,
'ROW_CLASS' => $row_class,
'POSTER_NAME' => $poster,
'POST_DATE' => $post_date,
'POST_SUBJECT' => $post_subject,
@ -765,11 +741,11 @@ switch( $mode )
$page_title = $lang['Mod_CP'];
include($phpbb_root_path . 'includes/page_header.'.$phpEx);
$rdns_ip_num = ( isset($HTTP_GET_VARS['rdns']) ) ? $HTTP_GET_VARS['rdns'] : "";
$rdns_ip_num = ( isset($_GET['rdns']) ) ? $_GET['rdns'] : '';
if ( !$post_id )
{
message_die(GENERAL_MESSAGE, $lang['No_such_post']);
message_die(MESSAGE, $lang['No_such_post']);
}
//
@ -783,14 +759,11 @@ switch( $mode )
$sql = "SELECT poster_ip, poster_id
FROM " . POSTS_TABLE . "
WHERE post_id = $post_id";
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not get poster IP information', '', __LINE__, __FILE__, $sql);
}
$result = $db->sql_query($sql);
if ( !($post_row = $db->sql_fetchrow($result)) )
{
message_die(GENERAL_MESSAGE, $lang['No_such_post']);
message_die(MESSAGE, $lang['No_such_post']);
}
$ip_this_post = $post_row['poster_ip'];
@ -810,7 +783,7 @@ switch( $mode )
'IP' => $ip_this_post,
'U_LOOKUP_IP' => append_sid("modcp.$phpEx?mode=ip&amp;" . POST_POST_URL . "=$post_id&amp;" . POST_TOPIC_URL . "=$topic_id&amp;rdns=" . $ip_this_post))
'U_LOOKUP_IP' => "modcp.$phpEx$SID&amp;mode=ip&amp;p=$post_id&amp;t=$topic_id&amp;rdns=" . $ip_this_post)
);
//
@ -821,10 +794,7 @@ switch( $mode )
WHERE poster_id = $poster_id
GROUP BY poster_ip
ORDER BY postings DESC";
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not get IP information for this user', '', __LINE__, __FILE__, $sql);
}
$result = $db->sql_query($sql);
if ( $row = $db->sql_fetchrow($result) )
{
@ -842,16 +812,11 @@ switch( $mode )
$ip = $row['poster_ip'];
$ip = ( $rdns_ip_num == $row['poster_ip'] || $rdns_ip_num == 'all') ? gethostbyaddr($ip) : $ip;
$row_color = ( !($i % 2) ) ? $theme['td_color1'] : $theme['td_color2'];
$row_class = ( !($i % 2) ) ? $theme['td_class1'] : $theme['td_class2'];
$template->assign_block_vars('iprow', array(
'ROW_COLOR' => '#' . $row_color,
'ROW_CLASS' => $row_class,
'IP' => $ip,
'POSTS' => $row['postings'] . ' ' . ( ( $row['postings'] == 1 ) ? $lang['Post'] : $lang['Posts'] ),
'U_LOOKUP_IP' => append_sid("modcp.$phpEx?mode=ip&amp;" . POST_POST_URL . "=$post_id&amp;" . POST_TOPIC_URL . "=$topic_id&amp;rdns=" . $row['poster_ip']))
'U_LOOKUP_IP' => "modcp.$phpEx$SID&amp;mode=ip&amp;p=$post_id&amp;t=$topic_id&amp;rdns=" . $row['poster_ip'])
);
$i++;
@ -868,10 +833,7 @@ switch( $mode )
AND p.poster_ip = '" . $post_row['poster_ip'] . "'
GROUP BY u.user_id, u.username
ORDER BY postings DESC";
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not get posters information based on IP', '', __LINE__, __FILE__, $sql);
}
$result = $db->sql_query($sql);
if ( $row = $db->sql_fetchrow($result) )
{
@ -879,20 +841,15 @@ switch( $mode )
do
{
$id = $row['user_id'];
$username = ( $id == ANONYMOUS ) ? $lang['Guest'] : $row['username'];
$row_color = ( !($i % 2) ) ? $theme['td_color1'] : $theme['td_color2'];
$row_class = ( !($i % 2) ) ? $theme['td_class1'] : $theme['td_class2'];
$username = ( !$id ) ? $lang['Guest'] : $row['username'];
$template->assign_block_vars('userrow', array(
'ROW_COLOR' => '#' . $row_color,
'ROW_CLASS' => $row_class,
'USERNAME' => $username,
'POSTS' => $row['postings'] . ' ' . ( ( $row['postings'] == 1 ) ? $lang['Post'] : $lang['Posts'] ),
'L_SEARCH_POSTS' => sprintf($lang['Search_user_posts'], $username),
'U_PROFILE' => append_sid("profile.$phpEx?mode=viewprofile&amp;" . POST_USERS_URL . "=$id"),
'U_SEARCHPOSTS' => append_sid("search.$phpEx?search_author=" . urlencode($username) . "&amp;showresults=topics"))
'U_PROFILE' => "profile.$phpEx$SID&amp;mode=viewprofile&amp;u=$id",
'U_SEARCHPOSTS' => "search.$phpEx$SID&amp;search_author=" . urlencode($username) . "&amp;showresults=topics")
);
$i++;
@ -1012,7 +969,7 @@ switch( $mode )
$u_view_topic = "modcp.$phpEx$SID&amp;mode=split&amp;t=$topic_id";
$topic_replies = $row['topic_replies'];
$last_post_time = create_date($board_config['default_dateformat'], $row['post_time'], $board_config['board_timezone']);
$last_post_time = $user->format_date($row['post_time']);
$template->assign_block_vars('topicrow', array(
'U_VIEW_TOPIC' => $u_view_topic,

65
phpBB/posting.php
View file

@ -26,12 +26,15 @@ include($phpbb_root_path . 'common.'.$phpEx);
include($phpbb_root_path . 'includes/functions_posting.'.$phpEx);
include($phpbb_root_path . 'includes/bbcode.'.$phpEx);
extract($_GET);
extract($_POST);
// Check and impose var types?
$vars = array(
'intval' => array(
'forum_id' => 'f',
'post_id' => 'p'
'post_id' => 'p',
'topic_id' => 't',
)
);
@ -43,12 +46,6 @@ foreach ( $vars as $vartype => $varcheck)
}
}
extract($_GET);
extract($_POST);
$refresh = $preview || $poll_add || $poll_edit || $poll_delete;
// ------------------------------------------------
@ -57,11 +54,10 @@ $refresh = $preview || $poll_add || $poll_edit || $poll_delete;
// Start session management
$userdata = $session->start();
$auth->acl($userdata, $f);
$session->configure($userdata);
//
$auth->acl($userdata, $f, array('f_post', 'f_edit', 'f_delete', 'f_attach', 'f_poll', 'f_img', 'f_flash', 'f_bbcode', 'f_html', 'f_smilies', 'f_vote', 'f_sticky', 'f_announce'));
$user = new user($userdata);
// End session management
//
// Was cancel pressed? If so then redirect to the appropriate
// page, no point in continuing with any further checks
@ -332,7 +328,7 @@ if ( $row = $db->sql_fetchrow($result) )
$topic_type_toggle = '';
if ( $mode == 'newtopic' || ( $mode == 'editpost' && $post_data['first_post'] ) )
{
if ( $auth->get_acl($f, 'forum', 'sticky') )
if ( $auth->acl_get('f_sticky', $forum_id) )
{
$topic_type_toggle .= '<input type="radio" name="topictype" value="' . POST_STICKY . '"';
if ( $post_data['topic_type'] == POST_STICKY || $topic_type == POST_STICKY )
@ -342,7 +338,7 @@ if ( $mode == 'newtopic' || ( $mode == 'editpost' && $post_data['first_post'] )
$topic_type_toggle .= ' /> ' . $lang['Post_Sticky'] . '&nbsp;&nbsp;';
}
if ( $auth->get_acl($f, 'forum', 'announce') )
if ( $auth->acl_get('f_announce', $forum_id) )
{
$topic_type_toggle .= '<input type="radio" name="topictype" value="' . POST_ANNOUNCE . '"';
if ( $post_data['topic_type'] == POST_ANNOUNCE || $topic_type == POST_ANNOUNCE )
@ -359,11 +355,11 @@ if ( $mode == 'newtopic' || ( $mode == 'editpost' && $post_data['first_post'] )
}
// HTML, BBCode, Smilies, Images and Flash status
$html_status = ( $board_config['allow_html'] && $auth->get_acl($f, 'forum', 'html') ) ? $lang['HTML_is_ON'] : $lang['HTML_is_OFF'];
$bbcode_status = ( $board_config['allow_bbcode'] && $auth->get_acl($f, 'forum', 'bbcode') ) ? $lang['BBCode_is_ON'] : $lang['BBCode_is_OFF'];
$smilies_status = ( $board_config['allow_smilies'] && $auth->get_acl($f, 'forum', 'smilies') ) ? $lang['Smilies_are_ON'] : $lang['Smilies_are_OFF'];
$img_status = ( $board_config['allow_img'] && $auth->get_acl($f, 'forum', 'img') ) ? $lang['Images_are_ON'] : $lang['Images_are_OFF'];
$flash_status = ( $board_config['allow_flash'] && $auth->get_acl($f, 'forum', 'flash') ) ? $lang['Flash_is_ON'] : $lang['Flash_is_OFF'];
$html_status = ( $board_config['allow_html'] && $auth->acl_get('f_html', $f) ) ? true : false;
$bbcode_status = ( $board_config['allow_bbcode'] && $auth->acl_get('f_bbcode', $f) ) ? true : false;
$smilies_status = ( $board_config['allow_smilies'] && $auth->acl_get('f_smilies', $f) ) ? true : false;
$img_status = ( $board_config['allow_img'] && $auth->acl_get('f_img', $f) ) ? true : false;
$flash_status = ( $board_config['allow_flash'] && $auth->acl_get('f_flash', $f) ) ? true : false;
// Page title/hidden fields
$s_hidden_fields = '<input type="hidden" name="mode" value="' . $mode . '" />';
@ -393,11 +389,11 @@ $template->assign_vars(array(
'USERNAME' => $username,
'SUBJECT' => $subject,
'MESSAGE' => $message,
'HTML_STATUS' => $html_status,
'BBCODE_STATUS' => sprintf($bbcode_status, '<a href="' . "faq.$phpEx$SID&amp;mode=bbcode" . '" target="_phpbbcode">', '</a>'),
'SMILIES_STATUS' => $smilies_status,
'IMG_STATUS' => $img_status,
'FLASH_STATUS' => $flash_status,
'HTML_STATUS' => ( $html_status ) ? $lang['HTML_is_ON'] : $lang['HTML_is_OFF'],
'BBCODE_STATUS' => ( $bbcode_status ) ? sprintf($lang['BBCode_is_ON'], '<a href="' . "faq.$phpEx$SID&amp;mode=bbcode" . '" target="_phpbbcode">', '</a>') : sprintf($lang['BBCode_is_OFF'], '<a href="' . "faq.$phpEx$SID&amp;mode=bbcode" . '" target="_phpbbcode">', '</a>'),
'SMILIES_STATUS' => ( $smilies_status ) ? $lang['Smilies_are_ON'] : $lang['Smilies_are_OFF'],
'IMG_STATUS' => ( $img_status ) ? $lang['Images_are_ON'] : $lang['Images_are_OFF'],
'FLASH_STATUS' => ( $flash_status ) ? $lang['Flash_is_ON'] : $lang['Flash_is_OFF'],
'L_POST_A' => $page_title,
'L_POST_SUBJECT' => $lang['Post_subject'],
@ -457,13 +453,13 @@ $template->assign_vars(array(
'S_NOTIFY_CHECKED' => ( $notify_user ) ? 'checked="checked"' : '',
'S_DISPLAY_USERNAME' => ( !$userdata['user_id'] || ( $mode == 'editpost' && $post_info['post_username'] ) ) ? true : false,
'S_SAVE_ALLOWED' => ( $auth->get_acl($f, 'forum', 'save') ) ? true : false,
'S_HTML_ALLOWED' => ( $board_config['allow_html'] && $auth->get_acl($f, 'forum', 'html') ) ? true : false,
'S_BBCODE_ALLOWED' => ( $board_config['allow_bbcode'] && $auth->get_acl($f, 'forum', 'bbcode') ) ? true : false,
'S_SMILIES_ALLOWED' => ( $board_config['allow_smilies'] && $auth->get_acl($f, 'forum', 'smilies') ) ? true : false,
'S_SIG_ALLOWED' => ( $auth->get_acl($f, 'forum', 'sigs') ) ? true : false,
'S_SAVE_ALLOWED' => ( $auth->acl_get('f_save', $f) ) ? true : false,
'S_HTML_ALLOWED' => $html_status,
'S_BBCODE_ALLOWED' => $bbcode_status,
'S_SMILIES_ALLOWED' => $smilies_status,
'S_SIG_ALLOWED' => ( $auth->acl_get('f_sigs', $f) ) ? true : false,
'S_NOTIFY_ALLOWED' => ( $userdata['user_id'] ) ? true : false,
'S_DELETE_ALLOWED' => ( $mode == 'editpost' && ( ( $auth->get_acl($f, 'forum', 'delete') && $post_data['last_post'] && ( !$post_data['has_poll'] || $post_data['edit_poll'] ) ) || $auth->get_acl($f, 'mod') ) ) ? true : false,
'S_DELETE_ALLOWED' => ( $mode == 'editpost' && ( ( $auth->acl_get('f_delete', $f) && $post_data['last_post'] && ( !$post_data['has_poll'] || $post_data['edit_poll'] ) ) || $auth->acl_is_mod($f) ) ) ? true : false,
'S_TYPE_TOGGLE' => $topic_type_toggle,
'S_TOPIC_ID' => $t,
@ -474,7 +470,7 @@ $template->assign_vars(array(
//
// Poll entry
//
if ( ( $mode == 'newtopic' || ( $mode == 'editpost' && $post_data['first_post'] ) ) && $auth->get_acl($f, 'forum', 'poll') )
if ( ( $mode == 'newtopic' || ( $mode == 'editpost' && $post_data['first_post'] ) ) && $auth->acl_get('f_poll', $f) )
{
$template->assign_vars(array(
'S_SHOW_POLL_BOX' => true,
@ -509,10 +505,8 @@ if ( ( $mode == 'newtopic' || ( $mode == 'editpost' && $post_data['first_post']
}
}
//
// Attachment entry
//
if ( $auth->get_acl($f, 'forum', 'attach') )
if ( $auth->acl_get('f_attach', $f) )
{
$template->assign_vars(array(
'S_SHOW_ATTACH_BOX' => true,
@ -525,21 +519,16 @@ if ( $auth->get_acl($f, 'forum', 'attach') )
);
}
//
// Output page ...
//
include($phpbb_root_path . 'includes/page_header.'.$phpEx);
$template->set_filenames(array(
'body' => 'posting_body.html',
'reviewbody' => 'posting_topic_review.html')
);
make_jumpbox('viewforum.'.$phpEx);
//
// Topic review
//
if ( $mode == 'reply' )
{
require($phpbb_root_path . 'includes/topic_review.'.$phpEx);

339
phpBB/privmsg.php
View file

@ -25,14 +25,14 @@ $phpbb_root_path = './';
include($phpbb_root_path . 'extension.inc');
include($phpbb_root_path . 'common.'.$phpEx);
include($phpbb_root_path . 'includes/bbcode.'.$phpEx);
include($phpbb_root_path . 'includes/functions_post.'.$phpEx);
include($phpbb_root_path . 'includes/functions_posting.'.$phpEx);
//
// Is PM disabled?
//
if ( !empty($board_config['privmsg_disable']) )
{
message_die(GENERAL_MESSAGE, 'PM_disabled');
message_die(MESSAGE, 'PM_disabled');
}
$html_entities_match = array('#&#', '#<#', '#>#');
@ -41,22 +41,22 @@ $html_entities_replace = array('&amp;', '&lt;', '&gt;');
//
// Parameters
//
$submit = ( isset($HTTP_POST_VARS['post']) ) ? TRUE : 0;
$submit_search = ( isset($HTTP_POST_VARS['usersubmit']) ) ? TRUE : 0;
$submit_msgdays = ( isset($HTTP_POST_VARS['submit_msgdays']) ) ? TRUE : 0;
$cancel = ( isset($HTTP_POST_VARS['cancel']) ) ? TRUE : 0;
$preview = ( isset($HTTP_POST_VARS['preview']) ) ? TRUE : 0;
$confirm = ( isset($HTTP_POST_VARS['confirm']) ) ? TRUE : 0;
$delete = ( isset($HTTP_POST_VARS['delete']) ) ? TRUE : 0;
$delete_all = ( isset($HTTP_POST_VARS['deleteall']) ) ? TRUE : 0;
$submit = ( isset($_POST['post']) ) ? TRUE : 0;
$submit_search = ( isset($_POST['usersubmit']) ) ? TRUE : 0;
$submit_msgdays = ( isset($_POST['submit_msgdays']) ) ? TRUE : 0;
$cancel = ( isset($_POST['cancel']) ) ? TRUE : 0;
$preview = ( isset($_POST['preview']) ) ? TRUE : 0;
$confirm = ( isset($_POST['confirm']) ) ? TRUE : 0;
$delete = ( isset($_POST['delete']) ) ? TRUE : 0;
$delete_all = ( isset($_POST['deleteall']) ) ? TRUE : 0;
$refresh = $preview || $submit_search;
$mark_list = ( !empty($HTTP_POST_VARS['mark']) ) ? $HTTP_POST_VARS['mark'] : 0;
$mark_list = ( !empty($_POST['mark']) ) ? $_POST['mark'] : 0;
if ( isset($HTTP_POST_VARS['folder']) || isset($HTTP_GET_VARS['folder']) )
if ( isset($_POST['folder']) || isset($_GET['folder']) )
{
$folder = ( isset($HTTP_POST_VARS['folder']) ) ? $HTTP_POST_VARS['folder'] : $HTTP_GET_VARS['folder'];
$folder = ( isset($_POST['folder']) ) ? $_POST['folder'] : $_GET['folder'];
if ( $folder != 'inbox' && $folder != 'outbox' && $folder != 'sentbox' && $folder != 'savebox' )
{
@ -78,32 +78,29 @@ if ( $cancel )
exit;
}
//
// Start session management
//
$userdata = $session->start();
$auth->acl($userdata);
//
$user = new user($userdata);
// End session management
//
//
// Var definitions
//
if ( !empty($HTTP_POST_VARS['mode']) || !empty($HTTP_GET_VARS['mode']) )
if ( !empty($_POST['mode']) || !empty($_GET['mode']) )
{
$mode = ( !empty($HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode'];
$mode = ( !empty($_POST['mode']) ) ? $_POST['mode'] : $_GET['mode'];
}
else
{
$mode = '';
}
$start = ( !empty($HTTP_GET_VARS['start']) ) ? intval($HTTP_GET_VARS['start']) : 0;
$start = ( !empty($_GET['start']) ) ? intval($_GET['start']) : 0;
if ( isset($HTTP_POST_VARS[POST_POST_URL]) || isset($HTTP_GET_VARS[POST_POST_URL]) )
if ( isset($_POST['p']) || isset($_GET['p']) )
{
$privmsg_id = ( isset($HTTP_POST_VARS[POST_POST_URL]) ) ? intval($HTTP_POST_VARS[POST_POST_URL]) : intval($HTTP_GET_VARS[POST_POST_URL]);
$privmsg_id = ( isset($_POST['p']) ) ? intval($_POST['p']) : intval($_GET['p']);
}
else
{
@ -141,7 +138,7 @@ if ( $mode == 'newpm' )
'body' => 'privmsgs_popup.tpl')
);
if ( $userdata['session_logged_in'] )
if ( $userdata['user_id'] )
{
if ( $userdata['user_new_privmsg'] )
{
@ -171,16 +168,16 @@ if ( $mode == 'newpm' )
}
else if ( $mode == 'read' )
{
if ( !empty($HTTP_GET_VARS[POST_POST_URL]) )
if ( !empty($_GET['p']) )
{
$privmsgs_id = intval($HTTP_GET_VARS[POST_POST_URL]);
$privmsgs_id = intval($_GET['p']);
}
else
{
message_die(GENERAL_ERROR, $lang['No_post_id']);
message_die(MESSAGE, $lang['No_post_id']);
}
if ( !$userdata['session_logged_in'] )
if ( !$userdata['user_id'] )
{
$header_location = ( @preg_match('/Microsoft|WebSTAR|Xitami/', getenv('SERVER_SOFTWARE')) ) ? 'Refresh: 0; URL=' : 'Location: ';
header($header_location . append_sid("login.$phpEx?redirect=privmsg.$phpEx&folder=$folder&mode=$mode&" . POST_POST_URL . "=$privmsgs_id", true));
@ -219,7 +216,7 @@ else if ( $mode == 'read' )
)";
break;
default:
message_die(GENERAL_ERROR, $lang['No_such_folder']);
message_die(MESSAGE, $lang['No_such_folder']);
break;
}
@ -233,10 +230,7 @@ else if ( $mode == 'read' )
$pm_sql_user
AND u.user_id = pm.privmsgs_from_userid
AND u2.user_id = pm.privmsgs_to_userid";
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not query private message post information', '', __LINE__, __FILE__, $sql);
}
$result = $db->sql_query($sql);
//
// Did the query return any data?
@ -258,18 +252,12 @@ else if ( $mode == 'read' )
$sql = "UPDATE " . PRIVMSGS_TABLE . "
SET privmsgs_type = " . PRIVMSGS_READ_MAIL . "
WHERE privmsgs_id = " . $privmsg['privmsgs_id'];
if ( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not update private message read status', '', __LINE__, __FILE__, $sql);
}
$db->sql_query($sql);
$sql = "UPDATE " . USERS_TABLE . "
SET user_unread_privmsg = user_unread_privmsg - 1
WHERE user_id = " . $userdata['user_id'];
if ( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not update private message read status for user', '', __LINE__, __FILE__, $sql);
}
$db->sql_query($sql);
//
// Check to see if the poster has a 'full' sent box
@ -278,10 +266,7 @@ else if ( $mode == 'read' )
FROM " . PRIVMSGS_TABLE . "
WHERE privmsgs_type = " . PRIVMSGS_SENT_MAIL . "
AND privmsgs_from_userid = " . $privmsg['privmsgs_from_userid'];
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not obtain sent message info for sendee', '', __LINE__, __FILE__, $sql);
}
$result = $db->sql_query($sql);
$sql_priority = ( SQL_LAYER == 'mysql' ) ? 'LOW_PRIORITY' : '';
@ -293,10 +278,7 @@ else if ( $mode == 'read' )
WHERE privmsgs_type = " . PRIVMSGS_SENT_MAIL . "
AND privmsgs_date = " . $sent_info['oldest_post_time'] . "
AND privmsgs_from_userid = " . $privmsg['privmsgs_from_userid'];
if ( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not delete oldest privmsgs', '', __LINE__, __FILE__, $sql);
}
$db->sql_query($sql);
}
}
@ -307,19 +289,13 @@ else if ( $mode == 'read' )
//
$sql = "INSERT $sql_priority INTO " . PRIVMSGS_TABLE . " (privmsgs_type, privmsgs_subject, privmsgs_from_userid, privmsgs_to_userid, privmsgs_date, privmsgs_ip, privmsgs_enable_html, privmsgs_enable_bbcode, privmsgs_enable_smilies, privmsgs_attach_sig)
VALUES (" . PRIVMSGS_SENT_MAIL . ", '" . str_replace("\'", "''", addslashes($privmsg['privmsgs_subject'])) . "', " . $privmsg['privmsgs_from_userid'] . ", " . $privmsg['privmsgs_to_userid'] . ", " . $privmsg['privmsgs_date'] . ", '" . $privmsg['privmsgs_ip'] . "', " . $privmsg['privmsgs_enable_html'] . ", " . $privmsg['privmsgs_enable_bbcode'] . ", " . $privmsg['privmsgs_enable_smilies'] . ", " . $privmsg['privmsgs_attach_sig'] . ")";
if ( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not insert private message sent info', '', __LINE__, __FILE__, $sql);
}
$db->sql_query($sql);
$privmsg_sent_id = $db->sql_nextid();
$sql = "INSERT $sql_priority INTO " . PRIVMSGS_TEXT_TABLE . " (privmsgs_text_id, privmsgs_bbcode_uid, privmsgs_text)
VALUES ($privmsg_sent_id, '" . $privmsg['privmsgs_bbcode_uid'] . "', '" . str_replace("\'", "''", addslashes($privmsg['privmsgs_text'])) . "')";
if ( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not insert private message sent text', '', __LINE__, __FILE__, $sql);
}
$db->sql_query($sql);
}
//
@ -462,19 +438,19 @@ else if ( $mode == 'read' )
$username_to = $privmsg['username_2'];
$user_id_to = $privmsg['user_id_2'];
$post_date = create_date($board_config['default_dateformat'], $privmsg['privmsgs_date'], $board_config['board_timezone']);
$post_date = $user->format_date($privmsg['privmsgs_date']);
$temp_url = append_sid("profile.$phpEx?mode=viewprofile&amp;" . POST_USERS_URL . '=' . $user_id_from);
$temp_url = append_sid("profile.$phpEx?mode=viewprofile&amp;u=$user_id_from");
$profile_img = '<a href="' . $temp_url . '"><img src="' . $images['icon_profile'] . '" alt="' . $lang['Read_profile'] . '" title="' . $lang['Read_profile'] . '" border="0" /></a>';
$profile = '<a href="' . $temp_url . '">' . $lang['Read_profile'] . '</a>';
$temp_url = append_sid("privmsg.$phpEx?mode=post&amp;" . POST_USERS_URL . "=$poster_id");
$temp_url = append_sid("privmsg.$phpEx?mode=post&amp;u=$poster_id");
$pm_img = '<a href="' . $temp_url . '"><img src="' . $images['icon_pm'] . '" alt="' . $lang['Send_private_message'] . '" title="' . $lang['Send_private_message'] . '" border="0" /></a>';
$pm = '<a href="' . $temp_url . '">' . $lang['Send_private_message'] . '</a>';
if ( !empty($privmsg['user_viewemail']) || $userdata['user_level'] == ADMIN )
if ( !empty($privmsg['user_viewemail']) || $auth->acl_get('a_') )
{
$email_uri = ( $board_config['board_email_form'] ) ? append_sid("profile.$phpEx?mode=email&amp;" . POST_USERS_URL .'=' . $user_id_from) : 'mailto:' . $privmsg['user_email'];
$email_uri = ( $board_config['board_email_form'] ) ? append_sid("profile.$phpEx?mode=email&amp;u$user_id_from") : 'mailto:' . $privmsg['user_email'];
$email_img = '<a href="' . $email_uri . '"><img src="' . $images['icon_email'] . '" alt="' . $lang['Send_email'] . '" title="' . $lang['Send_email'] . '" border="0" /></a>';
$email = '<a href="' . $email_uri . '">' . $lang['Send_email'] . '</a>';
@ -504,7 +480,7 @@ else if ( $mode == 'read' )
$aim_img = ( $privmsg['user_aim'] ) ? '<a href="aim:goim?screenname=' . $privmsg['user_aim'] . '&amp;message=Hello+Are+you+there?"><img src="' . $images['icon_aim'] . '" alt="' . $lang['AIM'] . '" title="' . $lang['AIM'] . '" border="0" /></a>' : '';
$aim = ( $privmsg['user_aim'] ) ? '<a href="aim:goim?screenname=' . $privmsg['user_aim'] . '&amp;message=Hello+Are+you+there?">' . $lang['AIM'] . '</a>' : '';
$temp_url = append_sid("profile.$phpEx?mode=viewprofile&amp;" . POST_USERS_URL . "=$poster_id");
$temp_url = append_sid("profile.$phpEx?mode=viewprofile&amp;u=$poster_id");
$msn_img = ( $privmsg['user_msnm'] ) ? '<a href="' . $temp_url . '"><img src="' . $images['icon_msnm'] . '" alt="' . $lang['MSNM'] . '" title="' . $lang['MSNM'] . '" border="0" /></a>' : '';
$msn = ( $privmsg['user_msnm'] ) ? '<a href="' . $temp_url . '">' . $lang['MSNM'] . '</a>' : '';
@ -579,7 +555,7 @@ else if ( $mode == 'read' )
$private_message = smilies_pass($private_message);
}
$private_message = str_replace("\n", '<br />', $private_message);
$private_message = nl2br($private_message);
//
// Dump it to the templating engine
@ -622,7 +598,7 @@ else if ( $mode == 'read' )
}
else if ( ( $delete && $mark_list ) || $delete_all )
{
if ( !$userdata['session_logged_in'] )
if ( !$userdata['user_id'] )
{
$header_location = ( @preg_match('/Microsoft|WebSTAR|Xitami/', getenv('SERVER_SOFTWARE')) ) ? 'Refresh: 0; URL=' : 'Location: ';
header($header_location . append_sid("login.$phpEx?redirect=privmsg.$phpEx&folder=inbox", true));
@ -636,7 +612,7 @@ else if ( ( $delete && $mark_list ) || $delete_all )
if ( !$confirm )
{
$s_hidden_fields = '<input type="hidden" name="mode" value="' . $mode . '" />';
$s_hidden_fields .= ( isset($HTTP_POST_VARS['delete']) ) ? '<input type="hidden" name="delete" value="true" />' : '<input type="hidden" name="deleteall" value="true" />';
$s_hidden_fields .= ( isset($_POST['delete']) ) ? '<input type="hidden" name="delete" value="true" />' : '<input type="hidden" name="deleteall" value="true" />';
for($i = 0; $i < count($mark_list); $i++)
{
@ -697,10 +673,7 @@ else if ( ( $delete && $mark_list ) || $delete_all )
$sql = "SELECT privmsgs_id
FROM " . PRIVMSGS_TABLE . "
WHERE $delete_type";
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not obtain id list to delete all messages', '', __LINE__, __FILE__, $sql);
}
$result = $db->sql_query($sql);
while ( $row = $db->sql_fetchrow($result) )
{
@ -714,11 +687,9 @@ else if ( ( $delete && $mark_list ) || $delete_all )
{
$delete_sql_id = implode(', ', $mark_list);
//
// Need to decrement the new message counter of recipient
// problem is this doesn't affect the unread counter even
// though it may be the one that needs changing ... hhmmm
//
if ( $folder == 'outbox' )
{
$sql = "SELECT privmsgs_to_userid
@ -726,10 +697,7 @@ else if ( ( $delete && $mark_list ) || $delete_all )
WHERE privmsgs_id IN ($delete_sql_id)
AND privmsgs_from_userid = " . $userdata['user_id'] . "
AND privmsgs_type = " . PRIVMSGS_NEW_MAIL;
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not obtain user id list for outbox messages', '', __LINE__, __FILE__, $sql);
}
$result = $db->sql_query($sql);
$update_pm_sql = '';
while( $row = $db->sql_fetchrow($result) )
@ -742,10 +710,7 @@ else if ( ( $delete && $mark_list ) || $delete_all )
$sql = "UPDATE " . USERS_TABLE . "
SET user_new_privmsg = user_new_privmsg - 1
WHERE user_id IN ($update_pm_sql)";
if ( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not update users new msg counters', '', __LINE__, __FILE__, $sql);
}
$db->sql_query($sql);
}
$sql = "SELECT privmsgs_to_userid
@ -753,10 +718,7 @@ else if ( ( $delete && $mark_list ) || $delete_all )
WHERE privmsgs_id IN ($delete_sql_id)
AND privmsgs_from_userid = " . $userdata['user_id'] . "
AND privmsgs_type = " . PRIVMSGS_UNREAD_MAIL;
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not obtain user id list for outbox messages', '', __LINE__, __FILE__, $sql);
}
$result = $db->sql_query($sql);
$update_pm_sql = '';
while( $row = $db->sql_fetchrow($result) )
@ -769,10 +731,7 @@ else if ( ( $delete && $mark_list ) || $delete_all )
$sql = "UPDATE " . USERS_TABLE . "
SET user_unread_privmsg = user_unread_privmsg - 1
WHERE user_id IN ($update_pm_sql)";
if ( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not update users new msg counters', '', __LINE__, __FILE__, $sql);
}
$db->sql_query($sql);
}
}
@ -806,21 +765,14 @@ else if ( ( $delete && $mark_list ) || $delete_all )
break;
}
if ( !$db->sql_query($delete_sql, BEGIN_TRANSACTION) )
{
message_die(GENERAL_ERROR, 'Could not delete private message info', '', __LINE__, __FILE__, $delete_sql);
}
if ( !$db->sql_query($delete_text_sql, END_TRANSACTION) )
{
message_die(GENERAL_ERROR, 'Could not delete private message text', '', __LINE__, __FILE__, $delete_text_sql);
}
$db->sql_query($delete_sql);
$db->sql_query($delete_text_sql);
}
}
}
else if ( $save && $mark_list && $folder != 'savebox' && $folder != 'outbox' )
{
if ( !$userdata['session_logged_in'] )
if ( !$userdata['user_id'] )
{
$header_location = ( @preg_match('/Microsoft|WebSTAR|Xitami/', getenv('SERVER_SOFTWARE')) ) ? 'Refresh: 0; URL=' : 'Location: ';
header($header_location . append_sid("login.$phpEx?redirect=privmsg.$phpEx&folder=inbox", true));
@ -835,10 +787,7 @@ else if ( $save && $mark_list && $folder != 'savebox' && $folder != 'outbox' )
AND privmsgs_type = " . PRIVMSGS_SAVED_IN_MAIL . " )
OR ( privmsgs_from_userid = " . $userdata['user_id'] . "
AND privmsgs_type = " . PRIVMSGS_SAVED_OUT_MAIL . ") )";
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not obtain sent message info for sendee', '', __LINE__, __FILE__, $sql);
}
$result = $db->sql_query($sql);
$sql_priority = ( SQL_LAYER == 'mysql' ) ? 'LOW_PRIORITY' : '';
@ -852,10 +801,7 @@ else if ( $save && $mark_list && $folder != 'savebox' && $folder != 'outbox' )
OR ( privmsgs_from_userid = " . $userdata['user_id'] . "
AND privmsgs_type = " . PRIVMSGS_SAVED_OUT_MAIL . ") )
AND privmsgs_date = " . $saved_info['oldest_post_time'];
if ( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not delete oldest privmsgs', '', __LINE__, __FILE__, $sql);
}
$db->sql_query($sql);
}
}
@ -898,19 +844,16 @@ else if ( $save && $mark_list && $folder != 'savebox' && $folder != 'outbox' )
$saved_sql .= " AND privmsgs_id IN ($saved_sql_id)";
if ( !$db->sql_query($saved_sql) )
{
message_die(GENERAL_ERROR, 'Could not save private messages', '', __LINE__, __FILE__, $saved_sql);
}
$db->sql_query($saved_sql);
}
}
else if ( $submit || $refresh || $mode != '' )
{
if ( !$userdata['session_logged_in'] )
if ( !$userdata['user_id'] )
{
$user_id = ( isset($HTTP_GET_VARS[POST_USERS_URL]) ) ? '&' . POST_USERS_URL . '=' . intval($HTTP_GET_VARS[POST_USERS_URL]) : '';
$user_id = ( isset($_GET['u']) ) ? '&u=' . intval($_GET['u']) : '';
$header_location = ( @preg_match('/Microsoft|WebSTAR|Xitami/', getenv('SERVER_SOFTWARE')) ) ? 'Refresh: 0; URL=' : 'Location: ';
header($header_location . append_sid("login.$phpEx?redirect=privmsg.$phpEx&folder=$folder&mode=$mode" . $user_id, true));
}
@ -924,7 +867,7 @@ else if ( $submit || $refresh || $mode != '' )
}
else
{
$html_on = ( $submit || $refresh ) ? ( ( !empty($HTTP_POST_VARS['disable_html']) ) ? 0 : TRUE ) : $userdata['user_allowhtml'];
$html_on = ( $submit || $refresh ) ? ( ( !empty($_POST['disable_html']) ) ? 0 : TRUE ) : $userdata['user_allowhtml'];
}
if ( !$board_config['allow_bbcode'] )
@ -933,7 +876,7 @@ else if ( $submit || $refresh || $mode != '' )
}
else
{
$bbcode_on = ( $submit || $refresh ) ? ( ( !empty($HTTP_POST_VARS['disable_bbcode']) ) ? 0 : TRUE ) : $userdata['user_allowbbcode'];
$bbcode_on = ( $submit || $refresh ) ? ( ( !empty($_POST['disable_bbcode']) ) ? 0 : TRUE ) : $userdata['user_allowbbcode'];
}
if ( !$board_config['allow_smilies'] )
@ -942,22 +885,20 @@ else if ( $submit || $refresh || $mode != '' )
}
else
{
$smilies_on = ( $submit || $refresh ) ? ( ( !empty($HTTP_POST_VARS['disable_smilies']) ) ? 0 : TRUE ) : $userdata['user_allowsmile'];
$smilies_on = ( $submit || $refresh ) ? ( ( !empty($_POST['disable_smilies']) ) ? 0 : TRUE ) : $userdata['user_allowsmile'];
}
$attach_sig = ( $submit || $refresh ) ? ( ( !empty($HTTP_POST_VARS['attach_sig']) ) ? TRUE : 0 ) : $userdata['user_attachsig'];
$attach_sig = ( $submit || $refresh ) ? ( ( !empty($_POST['attach_sig']) ) ? TRUE : 0 ) : $userdata['user_attachsig'];
$user_sig = ( $userdata['user_sig'] != '' && $board_config['allow_sig'] ) ? $userdata['user_sig'] : "";
if ( $submit && $mode != 'edit' )
{
//
// Flood control
//
$sql = "SELECT MAX(privmsgs_date) AS last_post_time
FROM " . PRIVMSGS_TABLE . "
WHERE privmsgs_from_userid = " . $userdata['user_id'];
if ( $result = $db->sql_query($sql) )
{
$result = $db->sql_query($sql);
$db_row = $db->sql_fetchrow($result);
$last_post_time = $db_row['last_post_time'];
@ -965,19 +906,16 @@ else if ( $submit || $refresh || $mode != '' )
if ( ( $current_time - $last_post_time ) < $board_config['flood_interval'])
{
message_die(GENERAL_MESSAGE, $lang['Flood_Error']);
message_die(MESSAGE, $lang['Flood_Error']);
}
}
//
// End Flood control
//
}
if ( $submit )
{
if ( !empty($HTTP_POST_VARS['username']) )
if ( !empty($_POST['username']) )
{
$to_username = $HTTP_POST_VARS['username'];
$to_username = $_POST['username'];
$sql = "SELECT user_id, user_notify_pm, user_email, user_lang, user_active
FROM " . USERS_TABLE . "
@ -997,14 +935,14 @@ else if ( $submit || $refresh || $mode != '' )
$error_msg .= ( ( !empty($error_msg) ) ? '<br />' : '' ) . $lang['No_to_user'];
}
$privmsg_subject = trim(strip_tags($HTTP_POST_VARS['subject']));
$privmsg_subject = trim(strip_tags($_POST['subject']));
if ( empty($privmsg_subject) )
{
$error = TRUE;
$error_msg .= ( ( !empty($error_msg) ) ? '<br />' : '' ) . $lang['Empty_subject'];
}
if ( !empty($HTTP_POST_VARS['message']) )
if ( !empty($_POST['message']) )
{
if ( !$error )
{
@ -1013,7 +951,7 @@ else if ( $submit || $refresh || $mode != '' )
$bbcode_uid = make_bbcode_uid();
}
$privmsg_message = prepare_message($HTTP_POST_VARS['message'], $html_on, $bbcode_on, $smilies_on, $bbcode_uid);
$privmsg_message = prepare_message($_POST['message'], $html_on, $bbcode_on, $smilies_on, $bbcode_uid);
}
}
@ -1032,7 +970,7 @@ else if ( $submit || $refresh || $mode != '' )
if ( !$userdata['user_allow_pm'] )
{
$message = $lang['Cannot_send_privmsg'];
message_die(GENERAL_MESSAGE, $message);
message_die(MESSAGE, $message);
}
$msg_time = time();
@ -1048,10 +986,7 @@ else if ( $submit || $refresh || $mode != '' )
OR privmsgs_type = " . PRIVMSGS_READ_MAIL . "
OR privmsgs_type = " . PRIVMSGS_UNREAD_MAIL . " )
AND privmsgs_to_userid = " . $to_userdata['user_id'];
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_MESSAGE, $lang['No_such_user']);
}
$result = $db->sql_query($sql);
$sql_priority = ( SQL_LAYER == 'mysql' ) ? 'LOW_PRIORITY' : '';
@ -1065,10 +1000,7 @@ else if ( $submit || $refresh || $mode != '' )
OR privmsgs_type = " . PRIVMSGS_UNREAD_MAIL . " )
AND privmsgs_date = " . $inbox_info['oldest_post_time'] . "
AND privmsgs_to_userid = " . $to_userdata['user_id'];
if ( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not delete oldest privmsgs', '', __LINE__, __FILE__, $sql);
}
$db->sql_query($sql);
}
}
@ -1082,10 +1014,7 @@ else if ( $submit || $refresh || $mode != '' )
WHERE privmsgs_id = $privmsg_id";
}
if ( !($result = $db->sql_query($sql_info, BEGIN_TRANSACTION)) )
{
message_die(GENERAL_ERROR, "Could not insert/update private message sent info.", "", __LINE__, __FILE__, $sql_info);
}
$db->sql_query($sql_info);
if ( $mode != 'edit' )
{
@ -1101,10 +1030,7 @@ else if ( $submit || $refresh || $mode != '' )
WHERE privmsgs_text_id = $privmsg_id";
}
if ( !$db->sql_query($sql, END_TRANSACTION) )
{
message_die(GENERAL_ERROR, "Could not insert/update private message sent text.", "", __LINE__, __FILE__, $sql_info);
}
$db->sql_query($sql);
if ( $mode != 'edit' )
{
@ -1156,7 +1082,7 @@ else if ( $submit || $refresh || $mode != '' )
$msg = $lang['Message_sent'] . '<br /><br />' . sprintf($lang['Click_return_inbox'], '<a href="' . append_sid("privmsg.$phpEx?folder=inbox") . '">', '</a> ') . '<br /><br />' . sprintf($lang['Click_return_index'], '<a href="' . append_sid("index.$phpEx") . '">', '</a>');
message_die(GENERAL_MESSAGE, $msg);
message_die(GMESSAGE, $msg);
}
else if ( $preview || $refresh || $error )
{
@ -1166,9 +1092,9 @@ else if ( $submit || $refresh || $mode != '' )
// passed to the script, process it a little, do some checks
// where neccessary, etc.
//
$to_username = ( isset($HTTP_POST_VARS['username']) ) ? trim(strip_tags(stripslashes($HTTP_POST_VARS['username']))) : '';
$privmsg_subject = ( isset($HTTP_POST_VARS['subject']) ) ? trim(strip_tags(stripslashes($HTTP_POST_VARS['subject']))) : '';
$privmsg_message = ( isset($HTTP_POST_VARS['message']) ) ? trim($HTTP_POST_VARS['message']) : '';
$to_username = ( isset($_POST['username']) ) ? trim(strip_tags(stripslashes($_POST['username']))) : '';
$privmsg_subject = ( isset($_POST['subject']) ) ? trim(strip_tags(stripslashes($_POST['subject']))) : '';
$privmsg_message = ( isset($_POST['message']) ) ? trim($_POST['message']) : '';
$privmsg_message = preg_replace('#<textarea>#si', '&lt;textarea&gt;', $privmsg_message);
if ( !$preview )
{
@ -1200,16 +1126,13 @@ else if ( $submit || $refresh || $mode != '' )
FROM " . PRIVMSGS_TABLE . " pm, " . USERS_TABLE . " u
WHERE pm.privmsgs_id = $privmsg_id
AND u.user_id = pm.privmsgs_from_userid";
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, "Could not obtain post and post text", "", __LINE__, __FILE__, $sql);
}
$result = $db->sql_query($sql);
if ( $postrow = $db->sql_fetchrow($result) )
{
if ( $userdata['user_id'] != $postrow['user_id'] )
{
message_die(GENERAL_MESSAGE, $lang['Sorry_edit_own_posts']);
message_die(MESSAGE, $lang['Sorry_edit_own_posts']);
}
$user_sig = ( $postrow['user_sig'] != '' && $board_config['allow_sig'] ) ? $postrow['user_sig'] : '';
@ -1223,9 +1146,9 @@ else if ( $submit || $refresh || $mode != '' )
message_die(GENERAL_ERROR, $lang['No_post_id']);
}
if ( !empty($HTTP_GET_VARS[POST_USERS_URL]) )
if ( !empty($_GET['u']) )
{
$user_id = intval($HTTP_GET_VARS[POST_USERS_URL]);
$user_id = intval($_GET['u']);
$sql = "SELECT username
FROM " . USERS_TABLE . "
@ -1253,10 +1176,7 @@ else if ( $submit || $refresh || $mode != '' )
AND ( pm.privmsgs_type = " . PRIVMSGS_NEW_MAIL . "
OR pm.privmsgs_type = " . PRIVMSGS_UNREAD_MAIL . " )
AND u.user_id = pm.privmsgs_to_userid";
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not obtain private message for editing', '', __LINE__, __FILE__, $sql);
}
$result = $db->sql_query($sql);
if ( !($privmsg = $db->sql_fetchrow($result)) )
{
@ -1292,10 +1212,7 @@ else if ( $submit || $refresh || $mode != '' )
AND pmt.privmsgs_text_id = pm.privmsgs_id
AND pm.privmsgs_to_userid = " . $userdata['user_id'] . "
AND u.user_id = pm.privmsgs_from_userid";
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not obtain private message for editing', '', __LINE__, __FILE__, $sql);
}
$result = $db->sql_query($sql);
if ( !($privmsg = $db->sql_fetchrow($result)) )
{
@ -1317,7 +1234,7 @@ else if ( $submit || $refresh || $mode != '' )
$privmsg_message = str_replace('<br />', "\n", $privmsg_message);
$privmsg_message = preg_replace('#</textarea>#si', '&lt;/textarea&gt;', $privmsg_message);
$msg_date = create_date($board_config['default_dateformat'], $privmsg['privmsgs_date'], $board_config['board_timezone']);
$msg_date = $user->format_date($privmsg['privmsgs_date']);
$privmsg_message = '[quote="' . $to_username . '"]' . $privmsg_message . '[/quote]';
@ -1332,7 +1249,7 @@ else if ( $submit || $refresh || $mode != '' )
if ( !$userdata['user_allow_pm'] && $mode != 'edit' )
{
$message = $lang['Cannot_send_privmsg'];
message_die(GENERAL_MESSAGE, $message);
message_die(MESSAGE, $message);
}
//
@ -1397,14 +1314,14 @@ else if ( $submit || $refresh || $mode != '' )
}
$preview_message = make_clickable($preview_message);
$preview_message = str_replace("\n", '<br />', $preview_message);
$preview_message = nl2br($preview_message);
$s_hidden_fields = '<input type="hidden" name="folder" value="' . $folder . '" />';
$s_hidden_fields .= '<input type="hidden" name="mode" value="' . $mode . '" />';
if ( isset($privmsg_id) )
{
$s_hidden_fields .= '<input type="hidden" name="' . POST_POST_URL . '" value="' . $privmsg_id . '" />';
$s_hidden_fields .= '<input type="hidden" name="p" value="' . $privmsg_id . '" />';
}
$template->set_filenames(array(
@ -1416,7 +1333,7 @@ else if ( $submit || $refresh || $mode != '' )
'POST_SUBJECT' => $preview_subject,
'MESSAGE_TO' => $to_username,
'MESSAGE_FROM' => $userdata['username'],
'POST_DATE' => create_date($board_config['default_dateformat'], time(), $board_config['board_timezone']),
'POST_DATE' => $user->date_format(time()),
'MESSAGE' => $preview_message,
'S_HIDDEN_FIELDS' => $s_hidden_fields,
@ -1581,23 +1498,6 @@ else if ( $submit || $refresh || $mode != '' )
'L_BBCODE_F_HELP' => $lang['bbcode_f_help'],
'L_EMPTY_MESSAGE' => $lang['Empty_message'],
'L_FONT_COLOR' => $lang['Font_color'],
'L_COLOR_DEFAULT' => $lang['color_default'],
'L_COLOR_DARK_RED' => $lang['color_dark_red'],
'L_COLOR_RED' => $lang['color_red'],
'L_COLOR_ORANGE' => $lang['color_orange'],
'L_COLOR_BROWN' => $lang['color_brown'],
'L_COLOR_YELLOW' => $lang['color_yellow'],
'L_COLOR_GREEN' => $lang['color_green'],
'L_COLOR_OLIVE' => $lang['color_olive'],
'L_COLOR_CYAN' => $lang['color_cyan'],
'L_COLOR_BLUE' => $lang['color_blue'],
'L_COLOR_DARK_BLUE' => $lang['color_dark_blue'],
'L_COLOR_INDIGO' => $lang['color_indigo'],
'L_COLOR_VIOLET' => $lang['color_violet'],
'L_COLOR_WHITE' => $lang['color_white'],
'L_COLOR_BLACK' => $lang['color_black'],
'L_FONT_SIZE' => $lang['Font_size'],
'L_FONT_TINY' => $lang['font_tiny'],
'L_FONT_SMALL' => $lang['font_small'],
@ -1620,7 +1520,7 @@ else if ( $submit || $refresh || $mode != '' )
'U_VIEW_FORUM' => append_sid("privmsg.$phpEx"))
);
$template->pparse('body');
$template->display('body');
include($phpbb_root_path . 'includes/page_tail.'.$phpEx);
}
@ -1628,47 +1528,33 @@ else if ( $submit || $refresh || $mode != '' )
//
// Default page
//
if ( !$userdata['session_logged_in'] )
if ( !$userdata['user_id'] )
{
$header_location = ( @preg_match('/Microsoft|WebSTAR|Xitami/', getenv('SERVER_SOFTWARE')) ) ? 'Refresh: 0; URL=' : 'Location: ';
header($header_location . append_sid("login.$phpEx?redirect=privmsg.$phpEx&folder=inbox", true));
}
//
// Update unread status
//
$sql = "UPDATE " . USERS_TABLE . "
SET user_unread_privmsg = user_unread_privmsg + user_new_privmsg, user_new_privmsg = 0, user_last_privmsg = " . $userdata['session_start'] . "
WHERE user_id = " . $userdata['user_id'];
if ( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not update private message new/read status for user', '', __LINE__, __FILE__, $sql);
}
$db->sql_query($sql);
$sql = "UPDATE " . PRIVMSGS_TABLE . "
SET privmsgs_type = " . PRIVMSGS_UNREAD_MAIL . "
WHERE privmsgs_type = " . PRIVMSGS_NEW_MAIL . "
AND privmsgs_to_userid = " . $userdata['user_id'];
if ( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not update private message new/read status (2) for user', '', __LINE__, __FILE__, $sql);
}
$db->sql_query($sql);
//
// Reset PM counters
//
$userdata['user_new_privmsg'] = 0;
$userdata['user_unread_privmsg'] = ( $userdata['user_new_privmsg'] + $userdata['user_unread_privmsg'] );
//
// Generate page
//
$page_title = $lang['Private_Messaging'];
include($phpbb_root_path . 'includes/page_header.'.$phpEx);
//
// Load templates
//
$template->set_filenames(array(
'body' => 'privmsgs_body.tpl')
);
@ -1736,22 +1622,22 @@ switch( $folder )
break;
default:
message_die(GENERAL_MESSAGE, $lang['No_such_folder']);
message_die(MESSAGE, $lang['No_such_folder']);
break;
}
//
// Show messages over previous x days/months
//
if ( $submit_msgdays && ( !empty($HTTP_POST_VARS['msgdays']) || !empty($HTTP_GET_VARS['msgdays']) ) )
if ( $submit_msgdays && ( !empty($_POST['msgdays']) || !empty($_GET['msgdays']) ) )
{
$msg_days = ( !empty($HTTP_POST_VARS['msgdays']) ) ? intval($HTTP_POST_VARS['msgdays']) : intval($HTTP_GET_VARS['msgdays']);
$msg_days = ( !empty($_POST['msgdays']) ) ? intval($_POST['msgdays']) : intval($_GET['msgdays']);
$min_msg_time = time() - ($msg_days * 86400);
$limit_msg_time_total = " AND privmsgs_date > $min_msg_time";
$limit_msg_time = " AND pm.privmsgs_date > $min_msg_time ";
if ( !empty($HTTP_POST_VARS['msgdays']) )
if ( !empty($_POST['msgdays']) )
{
$start = 0;
}
@ -1769,18 +1655,10 @@ $sql_tot .= $limit_msg_time_total;
//
// Get messages
//
if ( !($result = $db->sql_query($sql_tot)) )
{
message_die(GENERAL_ERROR, 'Could not query private message information', '', __LINE__, __FILE__, $sql_tot);
}
$result = $db->sql_query($sql_tot);
$pm_total = ( $row = $db->sql_fetchrow($result) ) ? $row['total'] : 0;
if ( !($result = $db->sql_query($sql_all_tot)) )
{
message_die(GENERAL_ERROR, 'Could not query private message information', '', __LINE__, __FILE__, $sql_tot);
}
$result = $db->sql_query($sql_all_tot);
$pm_all_total = ( $row = $db->sql_fetchrow($result) ) ? $row['total'] : 0;
//
@ -1802,8 +1680,8 @@ for($i = 0; $i < count($previous_days); $i++)
if ( $folder == 'inbox' )
{
$post_pm_img = '<a href="' . append_sid("privmsg.$phpEx?mode=post") . '"><img src="' . $images['pm_postmsg'] . '" alt="' . $lang['Post_new_pm'] . '" border="0"></a>';
$reply_pm_img = '<a href="' . append_sid("privmsg.$phpEx?mode=reply&amp;" . POST_POST_URL . "=$privmsg_id") . '"><img src="' . $images['pm_replymsg'] . '" alt="' . $lang['Post_reply_pm'] . '" border="0"></a>';
$quote_pm_img = '<a href="' . append_sid("privmsg.$phpEx?mode=quote&amp;" . POST_POST_URL . "=$privmsg_id") . '"><img src="' . $images['pm_quotemsg'] . '" alt="' . $lang['Post_quote_pm'] . '" border="0"></a>';
$reply_pm_img = '<a href="' . append_sid("privmsg.$phpEx?mode=reply&amp;p=$privmsg_id") . '"><img src="' . $images['pm_replymsg'] . '" alt="' . $lang['Post_reply_pm'] . '" border="0"></a>';
$quote_pm_img = '<a href="' . append_sid("privmsg.$phpEx?mode=quote&amp;p=$privmsg_id") . '"><img src="' . $images['pm_quotemsg'] . '" alt="' . $lang['Post_quote_pm'] . '" border="0"></a>';
$edit_pm_img = '';
$l_box_name = $lang['Inbox'];
@ -1813,15 +1691,15 @@ else if ( $folder == 'outbox' )
$post_pm_img = '<a href="' . append_sid("privmsg.$phpEx?mode=post") . '"><img src="' . $images['pm_postmsg'] . '" alt="' . $lang['Post_new_pm'] . '" border="0"></a>';
$reply_pm_img = '';
$quote_pm_img = '';
$edit_pm_img = '<a href="' . append_sid("privmsg.$phpEx?mode=edit&amp;" . POST_POST_URL . "=$privmsg_id") . '"><img src="' . $images['pm_editmsg'] . '" alt="' . $lang['Edit_pm'] . '" border="0"></a>';
$edit_pm_img = '<a href="' . append_sid("privmsg.$phpEx?mode=edit&amp;p=$privmsg_id") . '"><img src="' . $images['pm_editmsg'] . '" alt="' . $lang['Edit_pm'] . '" border="0"></a>';
$l_box_name = $lang['Outbox'];
}
else if ( $folder == 'savebox' )
{
$post_pm_img = '<a href="' . append_sid("privmsg.$phpEx?mode=post") . '"><img src="' . $images['pm_postmsg'] . '" alt="' . $lang['Post_new_pm'] . '" border="0"></a>';
$reply_pm_img = '<a href="' . append_sid("privmsg.$phpEx?mode=reply&amp;" . POST_POST_URL . "=$privmsg_id") . '"><img src="' . $images['pm_replymsg'] . '" alt="' . $lang['Post_reply_pm'] . '" border="0"></a>';
$quote_pm_img = '<a href="' . append_sid("privmsg.$phpEx?mode=quote&amp;" . POST_POST_URL . "=$privmsg_id") . '"><img src="' . $images['pm_quotemsg'] . '" alt="' . $lang['Post_quote_pm'] . '" border="0"></a>';
$reply_pm_img = '<a href="' . append_sid("privmsg.$phpEx?mode=reply&amp;p=$privmsg_id") . '"><img src="' . $images['pm_replymsg'] . '" alt="' . $lang['Post_reply_pm'] . '" border="0"></a>';
$quote_pm_img = '<a href="' . append_sid("privmsg.$phpEx?mode=quote&amp;p=$privmsg_id") . '"><img src="' . $images['pm_quotemsg'] . '" alt="' . $lang['Post_quote_pm'] . '" border="0"></a>';
$edit_pm_img = '';
$l_box_name = $lang['Savedbox'];
@ -1830,7 +1708,7 @@ else if ( $folder == 'sentbox' )
{
$post_pm_img = '<a href="' . append_sid("privmsg.$phpEx?mode=post") . '"><img src="' . $images['pm_postmsg'] . '" alt="' . $lang['Post_new_pm'] . '" border="0"></a>';
$reply_pm_img = '';
$quote_pm_img = '<a href="' . append_sid("privmsg.$phpEx?mode=quote&amp;" . POST_POST_URL . "=$privmsg_id") . '"><img src="' . $images['pm_quotemsg'] . '" alt="' . $lang['Post_quote_pm'] . '" border="0"></a>';
$quote_pm_img = '<a href="' . append_sid("privmsg.$phpEx?mode=quote&amp;p=$privmsg_id") . '"><img src="' . $images['pm_quotemsg'] . '" alt="' . $lang['Post_quote_pm'] . '" border="0"></a>';
$edit_pm_img = '';
$l_box_name = $lang['Sentbox'];
@ -1930,13 +1808,8 @@ $template->assign_vars(array(
'U_POST_NEW_TOPIC' => $post_new_topic_url)
);
//
// Okay, let's build the correct folder
//
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not query private messages', '', __LINE__, __FILE__, $sql);
}
$result = $db->sql_query($sql);
if ( $row = $db->sql_fetchrow($result) )
{
@ -1952,7 +1825,7 @@ if ( $row = $db->sql_fetchrow($result) )
$msg_userid = $row['user_id'];
$msg_username = $row['username'];
$u_from_user_profile = append_sid("profile.$phpEx?mode=viewprofile&amp;" . POST_USERS_URL . "=$msg_userid");
$u_from_user_profile = append_sid("profile.$phpEx?mode=viewprofile&amp;u=$msg_userid");
$msg_subject = $row['privmsgs_subject'];
@ -1961,9 +1834,9 @@ if ( $row = $db->sql_fetchrow($result) )
$msg_subject = preg_replace($orig_word, $replacement_word, $msg_subject);
}
$u_subject = append_sid("privmsg.$phpEx?folder=$folder&amp;mode=read&amp;" . POST_POST_URL . "=$privmsg_id");
$u_subject = append_sid("privmsg.$phpEx?folder=$folder&amp;mode=read&amp;p=$privmsg_id");
$msg_date = create_date($board_config['default_dateformat'], $row['privmsgs_date'], $board_config['board_timezone']);
$msg_date = $user_format_date($row['privmsgs_date']);
if ( $flag == PRIVMSGS_NEW_MAIL && $folder == 'inbox' )
{

20
phpBB/profile.php
View file

@ -25,23 +25,13 @@ $phpbb_root_path = './';
include($phpbb_root_path . 'extension.inc');
include($phpbb_root_path . 'common.'.$phpEx);
//
// Start session management
//
$userdata = $session->start();
$auth->acl($userdata);
//
$user = new user($userdata);
// End session management
//
//
// Configure style, language, etc.
//
$session->configure($userdata);
//
// Set default email variables
//
$script_name = preg_replace('/^\/?(.*?)\/?$/', '\1', trim($board_config['script_path']));
$script_name = ( $script_name != '' ) ? $script_name . '/profile.'.$phpEx : 'profile.'.$phpEx;
$server_name = trim($board_config['server_name']);
@ -75,9 +65,9 @@ function gen_rand_string($hash)
//
// Start of program proper
//
if ( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) )
if ( isset($_GET['mode']) || isset($_POST['mode']) )
{
$mode = ( isset($HTTP_GET_VARS['mode']) ) ? $HTTP_GET_VARS['mode'] : $HTTP_POST_VARS['mode'];
$mode = ( isset($_GET['mode']) ) ? $_GET['mode'] : $_POST['mode'];
if ( $mode == 'viewprofile' )
{
@ -86,13 +76,13 @@ if ( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) )
}
else if ( $mode == 'editprofile' || $mode == 'register' )
{
if ( $userdata['user_id'] == ANONYMOUS && $mode == 'editprofile' )
if ( !$userdata['user_id'] && $mode == 'editprofile' )
{
$header_location = ( @preg_match("/Microsoft|WebSTAR|Xitami/", getenv("SERVER_SOFTWARE")) ) ? "Refresh: 0; URL=" : "Location: ";
header($header_location . "login.$phpEx$SID&redirect=profile.$phpEx&mode=editprofile");
exit;
}
else if ( $userdata['user_id'] != ANONYMOUS && $mode == 'register' )
else if ( $userdata['user_id'] && $mode == 'register' )
{
$header_location = ( @preg_match("/Microsoft|WebSTAR|Xitami/", getenv("SERVER_SOFTWARE")) ) ? "Refresh: 0; URL=" : "Location: ";
header($header_location . "index.$phpEx$SID");

57
phpBB/search.php
View file

@ -26,95 +26,88 @@ include($phpbb_root_path . 'common.'.$phpEx);
include($phpbb_root_path . 'includes/bbcode.'.$phpEx);
include($phpbb_root_path . 'includes/functions_posting.'.$phpEx);
//
// Start session management
//
$userdata = $session->start();
$auth->acl($userdata);
//
$user = new user($userdata);
// End session management
//
$session->configure($userdata);
//
// Define initial vars
//
if ( isset($HTTP_POST_VARS['mode']) || isset($HTTP_GET_VARS['mode']) )
if ( isset($_POST['mode']) || isset($_GET['mode']) )
{
$mode = ( isset($HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode'];
$mode = ( isset($_POST['mode']) ) ? $_POST['mode'] : $_GET['mode'];
}
else
{
$mode = '';
}
if ( isset($HTTP_POST_VARS['search_keywords']) || isset($HTTP_GET_VARS['search_keywords']) )
if ( isset($_POST['search_keywords']) || isset($_GET['search_keywords']) )
{
$search_keywords = ( isset($HTTP_POST_VARS['search_keywords']) ) ? $HTTP_POST_VARS['search_keywords'] : $HTTP_GET_VARS['search_keywords'];
$search_keywords = ( isset($_POST['search_keywords']) ) ? $_POST['search_keywords'] : $_GET['search_keywords'];
}
else
{
$search_keywords = '';
}
if ( isset($HTTP_POST_VARS['search_author']) || isset($HTTP_GET_VARS['search_author']))
if ( isset($_POST['search_author']) || isset($_GET['search_author']))
{
$search_author = ( isset($HTTP_POST_VARS['search_author']) ) ? $HTTP_POST_VARS['search_author'] : $HTTP_GET_VARS['search_author'];
$search_author = ( isset($_POST['search_author']) ) ? $_POST['search_author'] : $_GET['search_author'];
}
else
{
$search_author = '';
}
$search_id = ( isset($HTTP_GET_VARS['search_id']) ) ? $HTTP_GET_VARS['search_id'] : '';
$search_id = ( isset($_GET['search_id']) ) ? $_GET['search_id'] : '';
$show_results = ( isset($HTTP_POST_VARS['show_results']) ) ? $HTTP_POST_VARS['show_results'] : 'posts';
$show_results = ( isset($_POST['show_results']) ) ? $_POST['show_results'] : 'posts';
if ( isset($HTTP_POST_VARS['search_terms']) )
if ( isset($_POST['search_terms']) )
{
$search_terms = ( $HTTP_POST_VARS['search_terms'] == 'all' ) ? 1 : 0;
$search_terms = ( $_POST['search_terms'] == 'all' ) ? 1 : 0;
}
else
{
$search_terms = 0;
}
if ( isset($HTTP_POST_VARS['search_fields']) )
if ( isset($_POST['search_fields']) )
{
$search_fields = ( $HTTP_POST_VARS['search_fields'] == 'all' ) ? 1 : 0;
$search_fields = ( $_POST['search_fields'] == 'all' ) ? 1 : 0;
}
else
{
$search_fields = 0;
}
$return_chars = ( isset($HTTP_POST_VARS['return_chars']) ) ? intval($HTTP_POST_VARS['return_chars']) : 200;
$return_chars = ( isset($_POST['return_chars']) ) ? intval($_POST['return_chars']) : 200;
$search_cat = ( isset($HTTP_POST_VARS['search_cat']) ) ? intval($HTTP_POST_VARS['search_cat']) : -1;
$search_forum = ( isset($HTTP_POST_VARS['search_forum']) ) ? intval($HTTP_POST_VARS['search_forum']) : -1;
$search_cat = ( isset($_POST['search_cat']) ) ? intval($_POST['search_cat']) : -1;
$search_forum = ( isset($_POST['search_forum']) ) ? intval($_POST['search_forum']) : -1;
$sort_by = ( isset($HTTP_POST_VARS['sort_by']) ) ? intval($HTTP_POST_VARS['sort_by']) : 0;
$sort_by = ( isset($_POST['sort_by']) ) ? intval($_POST['sort_by']) : 0;
if ( isset($HTTP_POST_VARS['sort_dir']) )
if ( isset($_POST['sort_dir']) )
{
$sort_dir = ( $HTTP_POST_VARS['sort_dir'] == 'DESC' ) ? 'DESC' : 'ASC';
$sort_dir = ( $_POST['sort_dir'] == 'DESC' ) ? 'DESC' : 'ASC';
}
else
{
$sort_dir = 'DESC';
}
if ( !empty($HTTP_POST_VARS['search_time']) || !empty($HTTP_GET_VARS['search_time']))
if ( !empty($_POST['search_time']) || !empty($_GET['search_time']))
{
$search_time = time() - ( ( ( !empty($HTTP_POST_VARS['search_time']) ) ? intval($HTTP_POST_VARS['search_time']) : intval($HTTP_GET_VARS['search_time']) ) * 86400 );
$search_time = time() - ( ( ( !empty($_POST['search_time']) ) ? intval($_POST['search_time']) : intval($_GET['search_time']) ) * 86400 );
}
else
{
$search_time = 0;
}
$start = ( isset($HTTP_GET_VARS['start']) ) ? intval($HTTP_GET_VARS['start']) : 0;
$start = ( isset($_GET['start']) ) ? intval($_GET['start']) : 0;
$sort_by_types = array($lang['Sort_Time'], $lang['Sort_Post_Subject'], $lang['Sort_Topic_Title'], $lang['Sort_Author'], $lang['Sort_Forum']);
@ -324,7 +317,7 @@ if ( $search_keywords != '' || $search_author != '' || $search_id )
$auth_sql = '';
if ( $search_forum != -1 )
{
if ( !$auth->get_acl($search_forum, 'forum', 'read') )
if ( !$auth->acl_get($search_forum, 'forum', 'read') )
{
message_die(MESSAGE, $lang['No_searchable_forums']);
}
@ -338,7 +331,7 @@ if ( $search_keywords != '' || $search_author != '' || $search_id )
$auth_sql = "f.cat_id = $search_cat";
}
/*
$auth_ary = $auth->get_acl();
$auth_ary = $auth->acl_get();
@reset($auth_ary);
$allowed_forum_sql = '';
@ -1164,7 +1157,7 @@ $result = $db->sql_query($sql);
$s_forums = '';
while( $row = $db->sql_fetchrow($result) )
{
if ( $auth->get_acl($row['forum_id'], 'forum', 'read') )
if ( $auth->acl_get($row['forum_id'], 'forum', 'read') )
{
$s_forums .= '<option value="' . $row['forum_id'] . '">' . $row['forum_name'] . '</option>';
if ( empty($list_cat[$row['cat_id']]) )

2
phpBB/templates/subSilver/jumpbox.html
View file

@ -1,5 +1,5 @@
<form method="get" name="jumpbox" action="{S_JUMPBOX_ACTION}" onSubmit="if(document.jumpbox.f.value == -1){return false;}"><table cellspacing="0" cellpadding="0" border="0">
<form method="post" name="jumpbox" action="{S_JUMPBOX_ACTION}" onSubmit="if(document.jumpbox.f.value == -1){return false;}"><table cellspacing="0" cellpadding="0" border="0">
<tr>
<td nowrap="nowrap"><span class="gensmall">{L_JUMP_TO}:&nbsp;{S_JUMPBOX_SELECT}&nbsp;<input type="submit" value="{L_GO}" class="liteoption" /></span></td>
</tr>

8
phpBB/templates/subSilver/overall_footer.html
View file

@ -3,10 +3,10 @@
<!--
We request you retain the full copyright notice below including the link to www.phpbb.com.
This not only gives respect to the large amount of time given freely by the developers
but also helps build interest, traffic and use of phpBB 2.0. If you cannot (for good
reason) retain the full copyright we request you at least leave in place the
Powered by phpBB {PHPBB_VERSION} line, with phpBB linked to www.phpbb.com. If you refuse
to include even this then support on our forums may be affected.
but also helps build interest, traffic and use of phpBB2. If you (honestly) cannot retain
the full copyright we ask you at least leave in place the "Powered by phpBB {PHPBB_VERSION}"
line, with phpBB linked to www.phpbb.com. If you refuse to include even this then support on
our forums may be affected.
The phpBB Group : 2002
// -->

23
phpBB/templates/subSilver/overall_header.html
View file

@ -31,21 +31,22 @@
<tr>
<td class="bodyline"><table width="100%" cellspacing="0" cellpadding="0" border="0">
<tr>
<td><a href="{U_INDEX}"><img src="templates/subSilver/images/logo_phpBB.gif" border="0" alt="{L_INDEX}" vspace="1" /></a></td>
<td align="center" width="100%" valign="middle"><span class="maintitle">{SITENAME}</span><br /><span class="gen">{SITE_DESCRIPTION}<br />&nbsp; </span>
<table cellspacing="0" cellpadding="2" border="0">
<td>
<table width="100%" cellspacing="0" cellpadding="0" border="0">
<tr>
<td align="center" valign="top" nowrap="nowrap"><span class="mainmenu">&nbsp;<a href="{U_FAQ}" class="mainmenu"><img src="templates/subSilver/images/icon_mini_faq.gif" width="12" height="13" border="0" alt="{L_FAQ}" hspace="3" />{L_FAQ}</a></span><span class="mainmenu">&nbsp; &nbsp;<a href="{U_SEARCH}" class="mainmenu"><img src="templates/subSilver/images/icon_mini_search.gif" width="12" height="13" border="0" alt="{L_SEARCH}" hspace="3" />{L_SEARCH}</a>&nbsp; &nbsp;<a href="{U_MEMBERLIST}" class="mainmenu"><img src="templates/subSilver/images/icon_mini_members.gif" width="12" height="13" border="0" alt="{L_MEMBERLIST}" hspace="3" />{L_MEMBERLIST}</a>&nbsp; &nbsp;<a href="{U_GROUP_CP}" class="mainmenu"><img src="templates/subSilver/images/icon_mini_groups.gif" width="12" height="13" border="0" alt="{L_USERGROUPS}" hspace="3" />{L_USERGROUPS}</a>&nbsp;
<!-- IF not S_USER_LOGGED_IN -->
&nbsp;<a href="{U_REGISTER}" class="mainmenu"><img src="templates/subSilver/images/icon_mini_register.gif" width="12" height="13" border="0" alt="{L_REGISTER}" hspace="3" />{L_REGISTER}</a></span>&nbsp;
<!-- ENDIF -->
</td>
<td background="templates/subSilver/images/phpbb_logo_bg.jpg"><table width="100%" cellspacing="0" cellpadding="0" border="0">
<tr>
<td><a href="{U_INDEX}"><img src="templates/subSilver/images/phpbb_logo.jpg" height="100" width="205" border="0" /></a></td>
<td align="center"><span class="maintitle" style="color:white">{SITENAME}</span><br /><span class="gen" style="color:white">{SITE_DESCRIPTION}<br />&nbsp; </span></td>
</tr>
<tr>
<td height="25" align="center" valign="top" nowrap="nowrap"><span class="mainmenu">&nbsp;<a href="{U_PROFILE}" class="mainmenu"><img src="templates/subSilver/images/icon_mini_profile.gif" width="12" height="13" border="0" alt="{L_PROFILE}" hspace="3" />{L_PROFILE}</a>&nbsp; &nbsp;<a href="{U_PRIVATEMSGS}" class="mainmenu"><img src="templates/subSilver/images/icon_mini_message.gif" width="12" height="13" border="0" alt="{PRIVATE_MESSAGE_INFO}" hspace="3" />{PRIVATE_MESSAGE_INFO}</a>&nbsp; &nbsp;<a href="{U_LOGIN_LOGOUT}" class="mainmenu"><img src="templates/subSilver/images/icon_mini_login.gif" width="12" height="13" border="0" alt="{L_LOGIN_LOGOUT}" hspace="3" />{L_LOGIN_LOGOUT}</a>&nbsp;</span></td>
<td height="25" valign="middle" nowrap="nowrap">&nbsp;<span class="mainmenu"><a href="{U_LOGIN_LOGOUT}" class="mainmenu"><img src="templates/subSilver/images/icon_mini_login.gif" width="12" height="13" border="0" alt="{L_LOGIN_LOGOUT}" hspace="3" />{L_LOGIN_LOGOUT}</a>&nbsp;<!-- IF S_USER_LOGGED_IN --> &nbsp;<a href="{U_PRIVATEMSGS}" class="mainmenu"><img src="templates/subSilver/images/icon_mini_message.gif" width="12" height="13" border="0" alt="{PRIVATE_MESSAGE_INFO}" hspace="3" />{PRIVATE_MESSAGE_INFO}</a><!-- ELSE --> &nbsp;<a href="{U_REGISTER}" class="mainmenu"><img src="templates/subSilver/images/icon_mini_register.gif" width="12" height="13" border="0" alt="{L_REGISTER}" hspace="3" />{L_REGISTER}</a><!-- ENDIF --></span></td>
<td height="25" align="right" valign="middle" nowrap="nowrap"><span class="mainmenu">&nbsp;<a href="{U_FAQ}" class="mainmenuw"><img src="templates/subSilver/images/icon_mini_faq.gif" width="12" height="13" border="0" alt="{L_FAQ}" hspace="3" />{L_FAQ}</a>&nbsp; &nbsp;<a href="{U_SEARCH}" class="mainmenuw"><img src="templates/subSilver/images/icon_mini_search.gif" width="12" height="13" border="0" alt="{L_SEARCH}" hspace="3" />{L_SEARCH}</a>&nbsp; &nbsp;<a href="{U_MEMBERLIST}" class="mainmenuw"><img src="templates/subSilver/images/icon_mini_members.gif" width="12" height="13" border="0" alt="{L_MEMBERLIST}" hspace="3" />{L_MEMBERLIST}</a>&nbsp; &nbsp;<a href="{U_GROUP_CP}" class="mainmenuw"><img src="templates/subSilver/images/icon_mini_groups.gif" width="12" height="13" border="0" alt="{L_USERGROUPS}" hspace="3" />{L_USERGROUPS}</a><!-- IF S_USER_LOGGED_IN -->&nbsp; &nbsp;<a href="{U_PROFILE}" class="mainmenuw"><img src="templates/subSilver/images/icon_mini_profile.gif" width="12" height="13" border="0" alt="{L_PROFILE}" hspace="3" />{L_PROFILE}</a><!-- ENDIF --></span>&nbsp;</td>
</tr>
</table></td>
</tr>
</table>
</table>
<br />
<br clear="all" />

12
phpBB/templates/subSilver/posting_topic_review.html
View file

@ -1,12 +1,13 @@
<!-- BEGIN switch_inline_mode -->
<!-- IF S_DISPLAY_INLINE -->
<table border="0" cellpadding="3" cellspacing="1" width="100%" class="forumline">
<tr>
<td class="catHead" height="28" align="center"><b><span class="cattitle">{L_TOPIC_REVIEW}</span></b></td>
</tr>
<tr>
<td class="row1"><iframe width="100%" height="300" src="{U_REVIEW_TOPIC}" >
<!-- END switch_inline_mode -->
<td class="row1"><iframe width="100%" height="300" src="{U_REVIEW_TOPIC}">
<!-- ENDIF -->
<table border="0" cellpadding="3" cellspacing="1" width="100%" class="forumline">
<tr>
<th class="thCornerL" width="22%" height="26">{L_AUTHOR}</th>
@ -32,8 +33,9 @@
</tr>
<!-- END postrow -->
</table>
<!-- BEGIN switch_inline_mode -->
<!-- IF S_DISPLAY_INLINE -->
</iframe></td>
</tr>
</table>
<!-- END switch_inline_mode -->
<!-- ENDIF -->

72
phpBB/viewforum.php
View file

@ -27,65 +27,54 @@ include($phpbb_root_path . 'common.'.$phpEx);
//
// Start initial var setup
//
if ( isset($HTTP_GET_VARS['f']) || isset($HTTP_POST_VARS['f']) )
if ( isset($_GET['f']) || isset($_POST['f']) )
{
$forum_id = ( isset($HTTP_GET_VARS['f']) ) ? intval($HTTP_GET_VARS['f']) : intval($HTTP_POST_VARS['f']);
$forum_id = ( isset($_GET['f']) ) ? intval($_GET['f']) : intval($_POST['f']);
}
else
{
$forum_id = '';
}
if ( isset($HTTP_GET_VARS['mark']) || isset($HTTP_POST_VARS['mark']) )
if ( isset($_GET['mark']) || isset($_POST['mark']) )
{
$mark_read = ( isset($HTTP_POST_VARS['mark']) ) ? $HTTP_POST_VARS['mark'] : $HTTP_GET_VARS['mark'];
$mark_read = ( isset($_POST['mark']) ) ? $_POST['mark'] : $_GET['mark'];
}
else
{
$mark_read = '';
}
$start = ( isset($HTTP_GET_VARS['start']) ) ? intval($HTTP_GET_VARS['start']) : 0;
$start = ( isset($_GET['start']) ) ? intval($_GET['start']) : 0;
//
// End initial var setup
//
//
// Start session management
//
$userdata = $session->start();
$auth->acl($userdata, $forum_id);
//
// End session management
//
//
// Check if the user has actually sent a forum ID with his/her request
// If not give them a nice error page.
//
if (empty($forum_id))
{
message_die(MESSAGE, 'Forum_not_exist');
}
if (!$forum_branch = get_forum_branch($forum_id))
{
message_die(MESSAGE, 'Forum_not_exist');
}
//
// Configure style, language, etc.
$user = new user($userdata, false, $forum_branch['forum_style']);
$auth->acl($userdata, $forum_id, array('m_', 'f_read', 'f_post', 'f_attach', 'f_reply', 'f_edit', 'f_delete'));
//
$userdata['user_style'] = ( $forum_data['forum_style'] ) ? $forum_data['forum_style'] : $userdata['user_style'];
$session->configure($userdata);
//
// Auth check
//
if (!$auth->get_acl($forum_id, 'forum', 'read'))
if (!$auth->acl_get('f_read', $forum_id))
{
if ( $userdata['user_id'] )
if ( !$userdata['user_id'] )
{
$redirect = "f=$forum_id" . ( ( isset($start) ) ? "&start=$start" : '' );
$header_location = ( @preg_match('/Microsoft|WebSTAR|Xitami/', getenv('SERVER_SOFTWARE')) ) ? 'Refresh: 0; URL=' : 'Location: ';
@ -93,15 +82,12 @@ if (!$auth->get_acl($forum_id, 'forum', 'read'))
exit;
}
//
// The user is not authed to read this forum ...
//
message_die(MESSAGE, $lang['Sorry_auth_read']);
}
//
// End of auth check
//
// Build subforum if applicable
$type = 'parent';
$forum_rows = array();
@ -155,7 +141,7 @@ foreach ($forum_branch as $row)
}
elseif ($row['forum_status'] != ITEM_CATEGORY)
{
if ($auth->get_acl($row['forum_id'], 'forum', 'list'))
if ($auth->acl_get('f_list', $row['forum_id']))
{
$subforums[$parent_id][] = $row;
}
@ -166,8 +152,8 @@ foreach ($forum_branch as $row)
//
// Topic read tracking cookie info
//
$mark_topics = ( isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_t']) ) ? unserialize(stripslashes($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_t'])) : array();
$mark_forums = ( isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_f']) ) ? unserialize(stripslashes($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_f'])) : array();
$mark_topics = ( isset($_COOKIE[$board_config['cookie_name'] . '_t']) ) ? unserialize(stripslashes($_COOKIE[$board_config['cookie_name'] . '_t'])) : array();
$mark_forums = ( isset($_COOKIE[$board_config['cookie_name'] . '_f']) ) ? unserialize(stripslashes($_COOKIE[$board_config['cookie_name'] . '_f'])) : array();
//
// Handle marking posts
@ -195,7 +181,7 @@ if ( $mark_read == 'topics' )
//
// Do the forum Prune
//
if ( $auth->get_acl($forum_id, 'mod', 'prune') && $board_config['prune_enable'] )
if ( $auth->acl_get('m_prune', $forum_id) && $board_config['prune_enable'] )
{
if ( $forum_data['prune_next'] < time() && $forum_data['prune_enable'] )
{
@ -231,11 +217,11 @@ $previous_days = array(0 => $lang['All_Topics'], 1 => $lang['1_Day'], 7 => $lang
$sort_by_text = array('a' => $lang['Author'], 't' => $lang['Post_time'], 'r' => $lang['Replies'], 's' => $lang['Subject'], 'v' => $lang['Views']);
$sort_by = array('a' => 'u.username', 't' => 't.topic_last_post_id', 'r' => 't.topic_replies', 's' => 't.topic_title', 'v' => 't.topic_views');
if ( isset($HTTP_POST_VARS['sort']) )
if ( isset($_POST['sort']) )
{
if ( !empty($HTTP_POST_VARS['sort_days']) )
if ( !empty($_POST['sort_days']) )
{
$sort_days = ( !empty($HTTP_POST_VARS['sort_days']) ) ? intval($HTTP_POST_VARS['sort_days']) : intval($HTTP_GET_VARS['sort_days']);
$sort_days = ( !empty($_POST['sort_days']) ) ? intval($_POST['sort_days']) : intval($_GET['sort_days']);
$min_topic_time = time() - ( $sort_days * 86400 );
//
@ -256,8 +242,8 @@ if ( isset($HTTP_POST_VARS['sort']) )
$topics_count = ( $forum_data['forum_topics'] ) ? $forum_data['forum_topics'] : 1;
}
$sort_key = ( isset($HTTP_POST_VARS['sort_key']) ) ? $HTTP_POST_VARS['sort_key'] : $HTTP_GET_VARS['sort_key'];
$sort_dir = ( isset($HTTP_POST_VARS['sort_dir']) ) ? $HTTP_POST_VARS['sort_dir'] : $HTTP_GET_VARS['sort_dir'];
$sort_key = ( isset($_POST['sort_key']) ) ? $_POST['sort_key'] : $_GET['sort_key'];
$sort_dir = ( isset($_POST['sort_dir']) ) ? $_POST['sort_dir'] : $_GET['sort_dir'];
}
else
{
@ -388,9 +374,7 @@ if ( $start )
$db->sql_freeresult($result);
}
//
// topic icon join requires full table scan ... not good
//
// topic icon join requires full table scan ... not good ... order by is a killer too
$sql = "SELECT t.*, i.icons_url, i.icons_width, i.icons_height, u.username, u.user_id, u2.username as user2, u2.user_id as id2
FROM " . TOPICS_TABLE . " t, " . ICONS_TABLE . " i, " . USERS_TABLE . " u, " . USERS_TABLE . " u2
WHERE t.forum_id = $forum_id
@ -467,9 +451,9 @@ if ( $total_topics )
if ( $userdata['user_id'] && $topic_rowset[$i]['topic_last_post_time'] > $userdata['user_lastvisit'] )
{
$unread_topic = true;
if ( isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_f_all']) )
if ( isset($_COOKIE[$board_config['cookie_name'] . '_f_all']) )
{
if ( $HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_f_all'] > $topic_rowset[$i]['topic_last_post_time'] )
if ( $_COOKIE[$board_config['cookie_name'] . '_f_all'] > $topic_rowset[$i]['topic_last_post_time'] )
{
$unread_topic = false;
}
@ -539,15 +523,15 @@ if ( $total_topics )
$topic_author = ( $topic_rowset[$i]['user_id'] != ANONYMOUS ) ? '<a href="profile.' . $phpEx . $SID . '&amp;mode=viewprofile&amp;u=' . $topic_rowset[$i]['user_id'] . '">' : '';
$topic_author .= ( $topic_rowset[$i]['user_id'] != ANONYMOUS ) ? $topic_rowset[$i]['username'] : ( ( $topic_rowset[$i]['topic_first_poster_name'] != '' ) ? $topic_rowset[$i]['topic_first_poster_name'] : $lang['Guest'] );
$topic_author .= ( $topic_rowset[$i]['user_id'] != ANONYMOUS ) ? '</a>' : '';
$topic_author .= ( $topic_rowset[$i]['user_id'] ) ? '</a>' : '';
$first_post_time = create_date($board_config['default_dateformat'], $topic_rowset[$i]['topic_time'], $board_config['board_timezone']);
$first_post_time = $user->format_date($topic_rowset[$i]['topic_time'], $board_config['board_timezone']);
$last_post_time = create_date($board_config['default_dateformat'], $topic_rowset[$i]['topic_last_post_time'], $board_config['board_timezone']);
$last_post_time = $user->format_date($topic_rowset[$i]['topic_last_post_time']);
$last_post_author = ( $topic_rowset[$i]['id2'] == ANONYMOUS ) ? ( ( $topic_rowset[$i]['topic_last_poster_name'] != '' ) ? $topic_rowset[$i]['topic_last_poster_name'] . ' ' : $lang['Guest'] . ' ' ) : '<a href="profile.' . $phpEx . $SID . '&amp;mode=viewprofile&amp;u=' . $topic_rowset[$i]['topic_last_poster_id'] . '">' . $topic_rowset[$i]['user2'] . '</a>';
$last_post_author = ( !$topic_rowset[$i]['id2'] ) ? ( ( $topic_rowset[$i]['topic_last_poster_name'] != '' ) ? $topic_rowset[$i]['topic_last_poster_name'] . ' ' : $lang['Guest'] . ' ' ) : '<a href="profile.' . $phpEx . $SID . '&amp;mode=viewprofile&amp;u=' . $topic_rowset[$i]['topic_last_poster_id'] . '">' . $topic_rowset[$i]['user2'] . '</a>';
$last_post_url = '<a href="viewtopic.' . $phpEx . $SID . '&amp;p=' . $topic_rowset[$i]['topic_last_post_id'] . '#' . $topic_rowset[$i]['topic_last_post_id'] . '">' . create_img($theme['goto_post_latest'], $lang['View_latest_post']) . '</a>';
$last_post_url = '<a href="viewtopic.' . $phpEx . $SID . '&amp;f=' . $forum_id . '&amp;p=' . $topic_rowset[$i]['topic_last_post_id'] . '#' . $topic_rowset[$i]['topic_last_post_id'] . '">' . create_img($theme['goto_post_latest'], $lang['View_latest_post']) . '</a>';
//
// Send vars to template
@ -597,7 +581,7 @@ include($phpbb_root_path . 'includes/page_header.'.$phpEx);
$template->set_filenames(array(
'body' => 'viewforum_body.html'
));
make_jumpbox('viewforum.'.$phpEx);
make_jumpbox('viewforum.'.$phpEx . $SID);
include($phpbb_root_path . 'includes/page_tail.'.$phpEx);

8
phpBB/viewonline.php
View file

@ -65,7 +65,7 @@ while ( $row = $db->sql_fetchrow($result) )
{
$view_online = false;
if ( $row['user_id'] != ANONYMOUS )
if ( $row['user_id'] )
{
$user_id = $row['user_id'];
@ -80,7 +80,7 @@ while ( $row = $db->sql_fetchrow($result) )
if ( !$row['user_allow_viewonline'] )
{
$view_online = ( $auth->get_acl_admin() ) ? true : false;
$view_online = ( $auth->acl_get('a_') ) ? true : false;
$hidden_users++;
$username = '<i>' . $username . '</i>';
@ -128,7 +128,7 @@ while ( $row = $db->sql_fetchrow($result) )
preg_match('/f=([0-9]+)/', $row['session_page'], $forum_id);
$forum_id = $forum_id[1];
if ( $auth->get_acl($forum_id, 'forum' , 'list') )
if ( $auth->acl_get('f_list', $forum_id) )
{
$location = '';
switch ( $on_page[1] )
@ -183,7 +183,7 @@ while ( $row = $db->sql_fetchrow($result) )
break;
}
$template->assign_block_vars("$which_row", array(
$template->assign_block_vars($which_row, array(
'USERNAME' => $username,
'LASTUPDATE' => $user->format_date($row['session_time']),
'FORUM_LOCATION' => $location,

129
phpBB/viewtopic.php
View file

@ -28,9 +28,9 @@ include($phpbb_root_path . 'includes/bbcode.'.$phpEx);
//
// Start initial var setup
//
$topic_id = ( isset($HTTP_GET_VARS['t']) ) ? intval($HTTP_GET_VARS['t']) : 0;
$post_id = ( isset($HTTP_GET_VARS['p'])) ? intval($HTTP_GET_VARS['p']) : 0;
$start = ( isset($HTTP_GET_VARS['start']) ) ? intval($HTTP_GET_VARS['start']) : 0;
$topic_id = ( isset($_GET['t']) ) ? intval($_GET['t']) : 0;
$post_id = ( isset($_GET['p'])) ? intval($_GET['p']) : 0;
$start = ( isset($_GET['start']) ) ? intval($_GET['start']) : 0;
if ( empty($topic_id) && empty($post_id) )
{
@ -41,9 +41,9 @@ if ( empty($topic_id) && empty($post_id) )
// Find topic id if user requested a newer
// or older topic
//
if ( isset($HTTP_GET_VARS['view']) && empty($post_id) )
if ( isset($_GET['view']) && empty($post_id) )
{
if ( $HTTP_GET_VARS['view'] == 'newest' )
if ( $_GET['view'] == 'newest' )
{
$header_location = ( @preg_match('/Microsoft|WebSTAR|Xitami/', getenv('SERVER_SOFTWARE')) ) ? 'Refresh: 0; URL=' : 'Location: ';
@ -78,10 +78,10 @@ if ( isset($HTTP_GET_VARS['view']) && empty($post_id) )
header($header_location . 'index.' . $phpEx);
exit;
}
else if ( $HTTP_GET_VARS['view'] == 'next' || $HTTP_GET_VARS['view'] == 'previous' )
else if ( $_GET['view'] == 'next' || $_GET['view'] == 'previous' )
{
$sql_condition = ( $HTTP_GET_VARS['view'] == 'next' ) ? '>' : '<';
$sql_ordering = ( $HTTP_GET_VARS['view'] == 'next' ) ? 'ASC' : 'DESC';
$sql_condition = ( $_GET['view'] == 'next' ) ? '>' : '<';
$sql_ordering = ( $_GET['view'] == 'next' ) ? 'ASC' : 'DESC';
$sql = "SELECT t.topic_id
FROM " . TOPICS_TABLE . " t, " . TOPICS_TABLE . " t2
@ -94,7 +94,7 @@ if ( isset($HTTP_GET_VARS['view']) && empty($post_id) )
if ( !($row = $db->sql_fetchrow($result)) )
{
$message = ( $HTTP_GET_VARS['view'] == 'next' ) ? 'No_newer_topics' : 'No_older_topics';
$message = ( $_GET['view'] == 'next' ) ? 'No_newer_topics' : 'No_older_topics';
message_die(MESSAGE, $message);
}
else
@ -112,7 +112,7 @@ $userdata = $session->start();
// End session management
//
if ( $userdata['user_id'] != ANONYMOUS && isset($HTTP_POST_VARS['rating']) )
if ( $userdata['user_id'] && isset($_POST['rating']) )
{
$sql = "SELECT rating
FROM " . TOPICS_RATINGS_TABLE . "
@ -122,12 +122,12 @@ if ( $userdata['user_id'] != ANONYMOUS && isset($HTTP_POST_VARS['rating']) )
$rating = ( $row = $db->sql_fetchrow($result) ) ? $row['rating'] : '';
if ( empty($HTTP_POST_VARS['rating_value']) && $rating != '' )
if ( empty($_POST['rating_value']) && $rating != '' )
{
}
else
{
$new_rating = intval($HTTP_POST_VARS['rating']);
$new_rating = intval($_POST['rating']);
$sql = ( $rating != '' ) ? "UPDATE " . TOPICS_RATING_TABLE . " SET rating = $new_rating WHERE user_id = " . $userdata['user_id'] . " AND topic_id = $topic_id" : "INSERT INTO " . TOPICS_RATING_TABLE . " (topic_id, user_id, rating) VALUES ($topic_id, " . $userdata['user_id'] . ", $new_rating)";
}
@ -155,20 +155,17 @@ if ( !(extract($db->sql_fetchrow($result))) )
message_die(MESSAGE, 'Topic_post_not_exist');
}
//
// Configure style, language, etc.
//
$userdata['user_style'] = ( $forum_style ) ? $forum_style : $userdata['user_style'];
$session->configure($userdata);
$auth->acl($userdata, $forum_id);
$user = new user($userdata, false, $forum_style);
$auth->acl($userdata, $forum_id, array('f_read', 'f_post', 'f_reply', 'f_attach'));
// End configure
//
// Start auth check
//
if ( !$auth->get_acl($forum_id, 'forum', 'read') )
if ( !$auth->acl_get('f_read', $forum_id) )
{
if ( $userdata['user_id'] != ANONYMOUS )
if ( $userdata['user_id'] )
{
$redirect = ( isset($post_id) ) ? "p=$post_id" : "t=$topic_id";
$redirect .= ( isset($start) ) ? "&start=$start" : '';
@ -177,9 +174,7 @@ if ( !$auth->get_acl($forum_id, 'forum', 'read') )
exit;
}
$message = sprintf($lang['Sorry_auth_read'], $is_auth['auth_read_type']);
message_die(MESSAGE, $message);
message_die(MESSAGE, $lang['Sorry_auth_read']);
}
//
// End auth check
@ -201,11 +196,11 @@ $previous_days = array(0 => $lang['All_Posts'], 1 => $lang['1_Day'], 7 => $lang[
$sort_by_text = array('a' => $lang['Author'], 't' => $lang['Post_time'], 's' => $lang['Subject']);
$sort_by = array('a' => 'u.username', 't' => 'p.post_id', 's' => 'pt.post_subject');
if ( isset($HTTP_POST_VARS['sort']) )
if ( isset($_POST['sort']) )
{
if ( !empty($HTTP_POST_VARS['sort_days']) )
if ( !empty($_POST['sort_days']) )
{
$sort_days = ( !empty($HTTP_POST_VARS['sort_days']) ) ? intval($HTTP_POST_VARS['sort_days']) : intval($HTTP_GET_VARS['sort_days']);
$sort_days = ( !empty($_POST['sort_days']) ) ? intval($_POST['sort_days']) : intval($_GET['sort_days']);
$min_post_time = time() - ( $sort_days * 86400 );
$sql = "SELECT COUNT(post_id) AS num_posts
@ -224,8 +219,8 @@ if ( isset($HTTP_POST_VARS['sort']) )
$topic_replies++;
}
$sort_key = ( isset($HTTP_POST_VARS['sort_key']) ) ? $HTTP_POST_VARS['sort_key'] : $HTTP_GET_VARS['sort_key'];
$sort_dir = ( isset($HTTP_POST_VARS['sort_dir']) ) ? $HTTP_POST_VARS['sort_dir'] : $HTTP_GET_VARS['sort_dir'];
$sort_key = ( isset($_POST['sort_key']) ) ? $_POST['sort_key'] : $_GET['sort_key'];
$sort_dir = ( isset($_POST['sort_dir']) ) ? $_POST['sort_dir'] : $_GET['sort_dir'];
}
else
{
@ -305,14 +300,14 @@ if ( $userdata['user_id'] )
// taken from vB but we did already have a highlighter in place
// in search itself ... it's just been extended a bit!
//
if ( isset($HTTP_GET_VARS['highlight']) )
if ( isset($_GET['highlight']) )
{
$highlight_match = array();
//
// Split words and phrases
//
$words = explode(' ', trim(urldecode($HTTP_GET_VARS['highlight'])));
$words = explode(' ', trim(urldecode($_GET['highlight'])));
for($i = 0; $i < count($words); $i++)
{
@ -343,16 +338,16 @@ $s_forum_rules = '';
get_forum_rules('topic', $s_forum_rules, $forum_id);
$topic_mod = '';
$topic_mod .= ( $auth->get_acl($forum_id, 'mod', 'lock') ) ? ( ( $topic_status == TOPIC_UNLOCKED ) ? '<option value="lock">' . $lang['Lock_topic'] . '</option>' : '<option value="unlock">' . $lang['Unlock_topic'] . '</option>' ) : '';
$topic_mod .= ( $auth->get_acl($forum_id, 'mod', 'delete') ) ? '<option value="delete">' . $lang['Delete_topic'] . '</option>' : '';
$topic_mod .= ( $auth->get_acl($forum_id, 'mod', 'move') ) ? '<option value="move">' . $lang['Move_topic'] . '</option>' : '';
$topic_mod .= ( $auth->get_acl($forum_id, 'mod', 'split') ) ? '<option value="split">' . $lang['Split_topic'] . '</option>' : '';
$topic_mod .= ( $auth->get_acl($forum_id, 'mod', 'merge') ) ? '<option value="merge">' . $lang['Merge_topic'] . '</option>' : '';
$topic_mod .= ( $auth->acl_get('m_lock', $forum_id) ) ? ( ( $topic_status == TOPIC_UNLOCKED ) ? '<option value="lock">' . $lang['Lock_topic'] . '</option>' : '<option value="unlock">' . $lang['Unlock_topic'] . '</option>' ) : '';
$topic_mod .= ( $auth->acl_get('m_delete', $forum_id) ) ? '<option value="delete">' . $lang['Delete_topic'] . '</option>' : '';
$topic_mod .= ( $auth->acl_get('m_move', $forum_id) ) ? '<option value="move">' . $lang['Move_topic'] . '</option>' : '';
$topic_mod .= ( $auth->acl_get('m_split', $forum_id) ) ? '<option value="split">' . $lang['Split_topic'] . '</option>' : '';
$topic_mod .= ( $auth->acl_get('m_merge', $forum_id) ) ? '<option value="merge">' . $lang['Merge_topic'] . '</option>' : '';
//
// If we've got a hightlight set pass it on to pagination.
//
$pagination = ( $highlight_active ) ? generate_pagination("viewtopic.$phpEx$SID&amp;t=$topic_id&amp;postdays=$post_days&amp;postorder=$post_order&amp;highlight=" . $HTTP_GET_VARS['highlight'], $topic_replies, $board_config['posts_per_page'], $start) : generate_pagination("viewtopic.$phpEx$SID&amp;t=$topic_id&amp;postdays=$post_days&amp;postorder=$post_order", $topic_replies, $board_config['posts_per_page'], $start);
$pagination = ( $highlight_active ) ? generate_pagination("viewtopic.$phpEx$SID&amp;t=$topic_id&amp;postdays=$post_days&amp;postorder=$post_order&amp;highlight=" . $_GET['highlight'], $topic_replies, $board_config['posts_per_page'], $start) : generate_pagination("viewtopic.$phpEx$SID&amp;t=$topic_id&amp;postdays=$post_days&amp;postorder=$post_order", $topic_replies, $board_config['posts_per_page'], $start);
//
// Post, reply and other URL generation for
@ -441,7 +436,7 @@ $template->assign_vars(array(
'S_MOD_ACTION' => "modcp.$phpEx$SID",
'S_WATCH_TOPIC' => $s_watching_topic,
'U_VIEW_TOPIC' => "viewtopic.$phpEx$SID&amp;t=$topic_id&amp;start=$start&amp;postdays=$post_days&amp;postorder=$post_order&amp;highlight=" . $HTTP_GET_VARS['highlight'],
'U_VIEW_TOPIC' => "viewtopic.$phpEx$SID&amp;t=$topic_id&amp;start=$start&amp;postdays=$post_days&amp;postorder=$post_order&amp;highlight=" . $_GET['highlight'],
'U_VIEW_FORUM' => $view_forum_url,
'U_VIEW_OLDER_TOPIC' => $view_prev_topic_url,
'U_VIEW_NEWER_TOPIC' => $view_next_topic_url,
@ -494,9 +489,9 @@ if ( !empty($poll_start) )
$user_voted = ( $row = $db->sql_fetchrow($result) ) ? TRUE : 0;
$db->sql_freeresult($result);
if ( isset($HTTP_GET_VARS['vote']) || isset($HTTP_POST_VARS['vote']) )
if ( isset($_GET['vote']) || isset($_POST['vote']) )
{
$view_result = ( ( ( isset($HTTP_GET_VARS['vote']) ) ? $HTTP_GET_VARS['vote'] : $HTTP_POST_VARS['vote'] ) == 'viewresult' ) ? TRUE : 0;
$view_result = ( ( ( isset($_GET['vote']) ) ? $_GET['vote'] : $_POST['vote'] ) == 'viewresult' ) ? TRUE : 0;
}
else
{
@ -505,7 +500,7 @@ if ( !empty($poll_start) )
$poll_expired = ( $vote_info[0]['vote_length'] ) ? ( ( $vote_info[0]['vote_start'] + $vote_info[0]['vote_length'] < time() ) ? TRUE : 0 ) : 0;
if ( $user_voted || $view_result || $poll_expired || !$auth->get_acl($forum_id, 'forum', 'vote') || $topic_status == TOPIC_LOCKED )
if ( $user_voted || $view_result || $poll_expired || !$auth->acl_get('f_vote', $forum_id) || $topic_status == TOPIC_LOCKED )
{
$vote_results_sum = 0;
for($i = 0; $i < $vote_options; $i++)
@ -611,22 +606,20 @@ if ( $row = $db->sql_fetchrow($result) )
do
{
$poster_id = $row['user_id'];
$poster = ( $poster_id == ANONYMOUS ) ? $lang['Guest'] : $row['username'];
$poster = ( !$poster_id ) ? $lang['Guest'] : $row['username'];
$post_date = create_date($board_config['default_dateformat'], $row['post_time'], $board_config['board_timezone']);
$poster_posts = ( $row['user_id'] ) ? $lang['Posts'] . ': ' . $row['user_posts'] : '';
$poster_posts = ( $row['user_id'] != ANONYMOUS ) ? $lang['Posts'] . ': ' . $row['user_posts'] : '';
$poster_from = ( $row['user_from'] && $row['user_id'] != ANONYMOUS ) ? $lang['Location'] . ': ' . $row['user_from'] : '';
$poster_from = ( $row['user_from'] && $row['user_id'] ) ? $lang['Location'] . ': ' . $row['user_from'] : '';
if ( !isset($poster_details[$poster_id]['joined']) )
{
$poster_details[$poster_id]['joined'] = ( $row['user_id'] != ANONYMOUS ) ? $lang['Joined'] . ': ' . create_date($lang['DATE_FORMAT'], $row['user_regdate'], $board_config['board_timezone']) : '';
$poster_details[$poster_id]['joined'] = ( $row['user_id'] ) ? $lang['Joined'] . ': ' . $user->format_date($row['user_regdate'], $lang['DATE_FORMAT']) : '';
}
if ( !isset($poster_details[$poster_id]['avatar']) )
{
if ( $row['user_avatar_type'] && $poster_id != ANONYMOUS && $row['user_allowavatar'] )
if ( $row['user_avatar_type'] && $poster_id && $row['user_allowavatar'] )
{
switch( $row['user_avatar_type'] )
{
@ -679,13 +672,13 @@ if ( $row = $db->sql_fetchrow($result) )
//
// Handle anon users posting with usernames
//
if ( $poster_id == ANONYMOUS && $row['post_username'] != '' )
if ( !$poster_id && $row['post_username'] != '' )
{
$poster = $row['post_username'];
$poster_rank = $lang['Guest'];
}
if ( !isset($poster_details[$poster_id]['profile']) && $poster_id != ANONYMOUS )
if ( !isset($poster_details[$poster_id]['profile']) && $poster_id )
{
$temp_url = "profile.$phpEx$SID&amp;mode=viewprofile&amp;u=$poster_id";
$poster_details[$poster_id]['profile_img'] = '<a href="' . $temp_url . '">' . create_img($theme['icon_profile'], $lang['Read_profile']) . '</a>';
@ -695,7 +688,7 @@ if ( $row = $db->sql_fetchrow($result) )
$poster_details[$poster_id]['pm_img'] = '<a href="' . $temp_url . '">' . create_img($theme['icon_pm'], $lang['Send_private_message']) . '</a>';
$poster_details[$poster_id]['pm'] = '<a href="' . $temp_url . '">' . $lang['Send_private_message'] . '</a>';
if ( !empty($row['user_viewemail']) || $auth->get_acl($forum_id, 'mod') )
if ( !empty($row['user_viewemail']) || $auth->acl_get('m_', $forum_id) )
{
$email_uri = ( $board_config['board_email_form'] ) ? "profile.$phpEx$SID&amp;mode=email&amp;u=" . $poster_id : 'mailto:' . $row['user_email'];
@ -734,7 +727,7 @@ if ( $row = $db->sql_fetchrow($result) )
$poster_details[$poster_id]['yim_img'] = ( $row['user_yim'] ) ? '<a href="http://edit.yahoo.com/config/send_webmesg?.target=' . $row['user_yim'] . '&amp;.src=pg">' . create_img($theme['icon_yim'], $lang['YIM']) . '</a>' : '';
$poster_details[$poster_id]['yim'] = ( $row['user_yim'] ) ? '<a href="http://edit.yahoo.com/config/send_webmesg?.target=' . $row['user_yim'] . '&amp;.src=pg">' . $lang['YIM'] . '</a>' : '';
if ( $auth->get_acl($forum_id, 'forum', 'search') )
if ( $auth->acl_get('f_search', $forum_id) )
{
$temp_url = 'search.' . $phpEx . $SID . '&amp;search_author=' . urlencode($row['username']) .'"&amp;showresults=posts';
$search_img = '<a href="' . $temp_url . '">' . create_img($theme['icon_search'], $lang['Search_user_posts']) . '</a>';
@ -747,7 +740,7 @@ if ( $row = $db->sql_fetchrow($result) )
}
}
else if ( $poster_id == ANONYMOUS )
else if ( !$poster_id )
{
$poster_details[$poster_id]['profile_img'] = '';
$poster_details[$poster_id]['profile'] = '';
@ -775,7 +768,7 @@ if ( $row = $db->sql_fetchrow($result) )
$quote_img = '<a href="' . $temp_url . '">' . create_img($theme['icon_quote'], $lang['Reply_with_quote']) . '</a>';
$quote = '<a href="' . $temp_url . '">' . $lang['Reply_with_quote'] . '</a>';
if ( ( $userdata['user_id'] == $poster_id && $auth->get_acl($forum_id, 'forum', 'edit') ) || $auth->get_acl($forum_id, 'mod', 'edit') )
if ( ( $userdata['user_id'] == $poster_id && $auth->acl_get('f_edit', $forum_id) ) || $auth->acl_get('m_edit', $forum_id) || $auth->acl_get('a_') )
{
$temp_url = "posting.$phpEx$SID&amp;mode=editpost&amp;p=" . $row['post_id'];
$edit_img = '<a href="' . $temp_url . '">' . create_img($theme['icon_edit'], $lang['Edit_delete_post']) . '</a>';
@ -787,7 +780,7 @@ if ( $row = $db->sql_fetchrow($result) )
$edit = '';
}
if ( $auth->get_acl($forum_id, 'mod', 'ip') )
if ( $auth->acl_get('m_ip', $forum_id) )
{
$temp_url = "modcp.$phpEx$SID&amp;mode=ip&amp;p=" . $row['post_id'] . "&amp;t=" . $topic_id;
$ip_img = '<a href="' . $temp_url . '">' . create_img($theme['icon_ip'], $lang['View_IP']) . '</a>';
@ -799,7 +792,7 @@ if ( $row = $db->sql_fetchrow($result) )
$ip = '';
}
if ( ( $userdata['user_id'] == $poster_id && $auth->get_acl($forum_id, 'forum', 'delete') && $forum_topic_data['topic_last_post_id'] == $row['post_id'] ) || $auth->get_acl($forum_id, 'mod', 'delete') )
if ( ( $userdata['user_id'] == $poster_id && $auth->acl_get('f_delete', $forum_id) && $forum_topic_data['topic_last_post_id'] == $row['post_id'] ) || $auth->acl_get('m_delete', $forum_id) )
{
$temp_url = "posting.$phpEx$SID&amp;mode=delete&amp;p=" . $row['post_id'];
$delpost_img = '<a href="' . $temp_url . '">' . create_img($theme['icon_delete'], $lang['Delete_post']) . '</a>';
@ -825,9 +818,9 @@ if ( $row = $db->sql_fetchrow($result) )
// If the board has HTML off but the post has HTML
// on then we process it, else leave it alone
//
if ( !$auth->get_acl($forum_id, 'forum', 'html') )
if ( !$auth->acl_get('f_html', $forum_id) )
{
if ( $row['enable_html'] && $auth->get_acl($forum_id, 'forum', 'bbcode') )
if ( $row['enable_html'] && $auth->acl_get('f_bbcode', $forum_id) )
{
$message = preg_replace('#(<)([\/]?.*?)(>)#is', "&lt;\\2&gt;", $message);
}
@ -838,12 +831,12 @@ if ( $row = $db->sql_fetchrow($result) )
//
if ( $bbcode_uid != '' )
{
$message = ( $auth->get_acl($forum_id, 'forum', 'bbcode') ) ? bbencode_second_pass($message, $bbcode_uid, $auth->get_acl($forum_id, 'forum', 'img')) : preg_replace('/\:[0-9a-z\:]+\]/si', ']', $message);
// $message = ( $auth->acl_get('f_bbcode', $forum_id) ) ? bbencode_second_pass($message, $bbcode_uid, $auth->acl_get('f_img', $forum_id)) : preg_replace('/\:[0-9a-z\:]+\]/si', ']', $message);
}
if ( $row['enable_magic_url'] )
{
$message = make_clickable($message);
// $message = make_clickable($message);
}
//
@ -933,9 +926,9 @@ if ( $row = $db->sql_fetchrow($result) )
$message = preg_replace($orig_word, $replacement_word, $message);
}
if ( $row['enable_smilies'] && $auth->get_acl($forum_id, 'forum', 'smilies') )
if ( $row['enable_smilies'] && $auth->acl_get('f_smilies', $forum_id) )
{
$message = smilies_pass($message);
// $message = smilies_pass($message);
}
$message = nl2br($message);
@ -947,7 +940,7 @@ if ( $row = $db->sql_fetchrow($result) )
{
$l_edit_time_total = ( $row['post_edit_count'] == 1 ) ? $lang['Edited_time_total'] : $lang['Edited_times_total'];
$l_edited_by = '<br /><br />' . sprintf($l_edit_time_total, $poster, create_date($board_config['default_dateformat'], $row['post_edit_time'], $board_config['board_timezone']), $row['post_edit_count']);
$l_edited_by = '<br /><br />' . sprintf($l_edit_time_total, $poster, $user->format_date($row['post_edit_time']), $row['post_edit_count']);
}
else
{
@ -962,20 +955,20 @@ if ( $row = $db->sql_fetchrow($result) )
$user_sig = ( $row['enable_sig'] && $row['user_sig'] != '' && $board_config['allow_sig'] ) ? $row['user_sig'] : '';
$user_sig_bbcode_uid = $row['user_sig_bbcode_uid'];
if ( $user_sig != '' && $user_sig_bbcode_uid != '' && $auth->get_acl($forum_id, 'forum', 'sigs') )
if ( $user_sig != '' && $user_sig_bbcode_uid != '' && $auth->acl_get('f_sigs', $forum_id) )
{
if ( !$auth->get_acl($forum_id, 'forum', 'html') && $userdata['user_allowhtml'] )
if ( !$auth->acl_get('f_html', $forum_id) && $userdata['user_allowhtml'] )
{
$user_sig = preg_replace('#(<)([\/]?.*?)(>)#is', "&lt;\\2&gt;", $user_sig);
}
$poster_details[$poster_id]['sig'] = bbencode_second_pass($user_sig, $user_sig_bbcode_uid, $auth->get_acl($forum_id, 'forum', 'img'));
// $poster_details[$poster_id]['sig'] = bbencode_second_pass($user_sig, $user_sig_bbcode_uid, $auth->acl_get('f_img', $forum_id));
$poster_details[$poster_id]['sig'] = make_clickable($poster_details[$poster_id]['sig']);
// $poster_details[$poster_id]['sig'] = make_clickable($poster_details[$poster_id]['sig']);
if ( $row['user_allowsmile'] )
{
$poster_details[$poster_id]['sig'] = smilies_pass($poster_details[$poster_id]['sig']);
// $poster_details[$poster_id]['sig'] = smilies_pass($poster_details[$poster_id]['sig']);
}
if ( count($orig_word) )
@ -1008,7 +1001,7 @@ if ( $row = $db->sql_fetchrow($result) )
'POSTER_POSTS' => $poster_posts,
'POSTER_FROM' => $poster_from,
'POSTER_AVATAR' => $poster_details[$poster_id]['avatar'],
'POST_DATE' => $post_date,
'POST_DATE' => $user->format_date($row['post_time']),
'POST_SUBJECT' => $post_subject,
'MESSAGE' => $message,