diff --git a/phpBB/common.php b/phpBB/common.php index f8f124c3f2..7c1f867a71 100644 --- a/phpBB/common.php +++ b/phpBB/common.php @@ -179,7 +179,7 @@ else } } -if( $board_config['board_disable'] && !defined("IN_ADMIN") ) +if( $board_config['board_disable'] && !defined("IN_ADMIN") && !defined("IN_LOGIN") ) { message_die(GENERAL_MESSAGE, 'Board_disable', 'Information'); } diff --git a/phpBB/includes/page_header.php b/phpBB/includes/page_header.php index 14766d52b4..910e9bb04d 100644 --- a/phpBB/includes/page_header.php +++ b/phpBB/includes/page_header.php @@ -241,7 +241,8 @@ $template->assign_vars(array( "PRIVATE_MESSAGE_INFO" => $l_privmsgs_text, "PRIVATE_MESSAGE_INFO_UNREAD" => $l_privmsgs_text_unread, "PRIVATE_MESSAGE_NEW_FLAG" => $s_privmsg_new, - "LAST_VISIT_DATE" => sprintf($lang['You_last_visit'], $s_last_visit), + "LAST_VISIT_DATE" => sprintf($lang['You_last_visit'], $s_last_visit), + "CURRENT_TIME" => sprintf($lang['Current_time'], create_date($board_config['default_dateformat'], time(), $board_config['board_timezone'])), "PRIVMSG_IMG" => $icon_pm, "FORUM_IMG" => $images['forum'], @@ -293,8 +294,6 @@ $template->assign_vars(array( "L_MESSAGE" => $lang['Message'], "L_BY" => $lang['by'], "L_LOGIN_LOGOUT" => $l_login_logout, - "L_SEARCH_UNANSWERED" => $lang['Search_unanswered'], - "L_SEARCH_SELF" => $lang['Search_your_posts'], "U_INDEX" => append_sid("index.".$phpEx), "U_REGISTER" => append_sid("profile.".$phpEx."?mode=register"), @@ -309,8 +308,6 @@ $template->assign_vars(array( "U_LOGIN_LOGOUT" => append_sid($u_login_logout), "U_MEMBERSLIST" => append_sid("memberlist.".$phpEx), "U_GROUP_CP" => append_sid("groupcp.".$phpEx), - "U_SEARCH_UNANSWERED" => append_sid("search.".$phpEx."?search_id=unanswered"), - "U_SEARCH_SELF" => append_sid("search.".$phpEx."?search_id=egosearch"), "S_CONTENT_DIRECTION" => $lang['DIRECTION'], "S_CONTENT_ENCODING" => $lang['ENCODING'], @@ -318,7 +315,6 @@ $template->assign_vars(array( "S_CONTENT_DIR_RIGHT" => $lang['RIGHT'], "S_TIMEZONE" => sprintf($lang['All_times'], $lang[$board_config['board_timezone']]), "S_LOGIN_ACTION" => append_sid("login.$phpEx"), - "S_CURRENT_TIME" => create_date($board_config['default_dateformat'], time(), $board_config['board_timezone']), "T_HEAD_STYLESHEET" => $theme['head_stylesheet'], "T_BODY_BACKGROUND" => $theme['body_background'], @@ -389,4 +385,4 @@ header ("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); $template->pparse("overall_header"); -?> +?> \ No newline at end of file diff --git a/phpBB/includes/sessions.php b/phpBB/includes/sessions.php index 3ed2c237a7..bbe924bbe3 100644 --- a/phpBB/includes/sessions.php +++ b/phpBB/includes/sessions.php @@ -26,10 +26,10 @@ // Adds/updates a new session to the database for the given userid. // Returns the new session ID on success. // -function session_begin($user_id, $user_ip, $page_id, $session_length, $login = 0, $autologin = 0) +function session_begin($user_id, $user_ip, $page_id, $session_length, $auto_create = 0, $enable_autologin = 0) { - global $db, $lang, $board_config, $phpEx; + global $db, $board_config; global $HTTP_COOKIE_VARS, $HTTP_GET_VARS, $SID; $cookiename = $board_config['cookie_name']; @@ -37,9 +37,9 @@ function session_begin($user_id, $user_ip, $page_id, $session_length, $login = 0 $cookiedomain = $board_config['cookie_domain']; $cookiesecure = $board_config['cookie_secure']; - if( isset($HTTP_COOKIE_VARS[$cookiename . '_sid']) || isset($HTTP_COOKIE_VARS[$cookiename]) ) + if( isset($HTTP_COOKIE_VARS[$cookiename . '_sid']) || isset($HTTP_COOKIE_VARS[$cookiename . '_data']) ) { - $sessiondata = isset($HTTP_COOKIE_VARS[$cookiename]) ? unserialize(stripslashes($HTTP_COOKIE_VARS[$cookiename])) : ""; + $sessiondata = isset($HTTP_COOKIE_VARS[$cookiename . '_data']) ? unserialize(stripslashes($HTTP_COOKIE_VARS[$cookiename . '_data'])) : ""; $session_id = isset($HTTP_COOKIE_VARS[$cookiename . '_sid']) ? stripslashes($HTTP_COOKIE_VARS[$cookiename . '_sid']) : ""; $sessionmethod = SESSION_METHOD_COOKIE; @@ -68,7 +68,7 @@ function session_begin($user_id, $user_ip, $page_id, $session_length, $login = 0 $result = $db->sql_query($sql); if (!$result) { - message_die(CRITICAL_ERROR, "Couldn't obtain ban information.", __LINE__, __FILE__, $sql); + message_die(CRITICAL_ERROR, "Couldn't obtain ban information.", "", __LINE__, __FILE__, $sql); } $ban_info = $db->sql_fetchrow($result); @@ -82,19 +82,19 @@ function session_begin($user_id, $user_ip, $page_id, $session_length, $login = 0 } else { - if( $user_id == ANONYMOUS ) - { - $login = 0; - $autologin = 0; - } - // // Try and pull the last time stored // in a cookie, if it exists // - if( $sessionmethod == SESSION_METHOD_GET && $user_id != ANONYMOUS ) + if( $user_id != ANONYMOUS ) { - $sql = "SELECT user_lastvisit + // + // This is a 'work-around' since I managed to + // freeze the schema without re-visiting sessions, + // what's needed is a session timer in the user table + // + the user_lastvisit ... damn damn damn damn and blast + // + $sql = "SELECT user_autologin_key, user_lastvisit FROM " . USERS_TABLE . " WHERE user_id = $user_id"; $result = $db->sql_query($sql); @@ -105,18 +105,52 @@ function session_begin($user_id, $user_ip, $page_id, $session_length, $login = 0 $row = $db->sql_fetchrow($result); - $sessiondata['lastvisit'] = $row['user_lastvisit']; + $sessiondata['lastvisit'] = $row['user_lastvisit']; + if( $auto_create ) + { + if( isset($sessiondata['autologinid']) ) + { + if( $sessiondata['autologinid'] == $row['user_autologin_key'] ) + { + $login = 1; + $enable_autologin = 1; + } + else + { + $login = 0; + $enable_autologin = 0; + $user_id = ANONYMOUS; + + $sessiondata['lastvisit'] = ( !empty($sessiondata['lastvisit']) ) ? $sessiondata['lastvisit'] : $current_time; + } + } + else + { + $login = 0; + $enable_autologin = 0; + $user_id = ANONYMOUS; + + $sessiondata['lastvisit'] = ( !empty($sessiondata['lastvisit']) ) ? $sessiondata['lastvisit'] : $current_time; + } + } + else + { + $login = 1; + } } else { - $sessiondata['lastvisit'] = (!empty($sessiondata['sessiontime'])) ? $sessiondata['sessiontime'] : $current_time; + $login = 0; + $enable_autologin = 0; + + $sessiondata['lastvisit'] = ( !empty($sessiondata['lastvisit']) ) ? $sessiondata['lastvisit'] : $current_time; } $sql = "UPDATE " . SESSIONS_TABLE . " - SET session_user_id = $user_id, session_start = $current_time, session_time = $current_time, session_page = $page_id, session_logged_in = $login - WHERE (session_id = '" . $session_id . "') - AND (session_ip = '$user_ip')"; + SET session_user_id = $user_id, session_start = $current_time, session_last_visit = " . $sessiondata['lastvisit'] . ", session_time = $current_time, session_page = $page_id, session_logged_in = $login + WHERE session_id = '" . $session_id . "' + AND session_ip = '$user_ip'"; $result = $db->sql_query($sql); if( !$result || !$db->sql_affectedrows() ) @@ -129,33 +163,36 @@ function session_begin($user_id, $user_ip, $page_id, $session_length, $login = 0 $result = $db->sql_query($sql); if(!$result) { - message_die(CRITICAL_ERROR, "Error creating new session : session_begin", __LINE__, __FILE__, $sql); + message_die(CRITICAL_ERROR, "Error creating new session : session_begin", "", __LINE__, __FILE__, $sql); } } - if( $autologin && $sessionmethod = SESSION_METHOD_COOKIE ) + if( $user_id != ANONYMOUS ) { - mt_srand( (double) microtime() * 1000000); - $autologin_key = md5(uniqid(mt_rand())); + $autologin_sql = ""; + if( $enable_autologin && $sessionmethod = SESSION_METHOD_COOKIE ) + { + mt_srand( (double) microtime() * 1000000); + $autologin_key = md5(uniqid(mt_rand())); - $sql_auto = "UPDATE " . USERS_TABLE . " - SET user_autologin_key = '$autologin_key' + $sessiondata['autologinid'] = $autologin_key; + $autologin_sql = ", user_autologin_key = '$autologin_key'"; + } + + $sql_auto = "UPDATE " . USERS_TABLE . " + SET user_lastvisit = " . time() . $autologin_sql . " WHERE user_id = $user_id"; $result = $db->sql_query($sql_auto); if(!$result) { - message_die(CRITICAL_ERROR, "Couldn't update users autologin key : session_begin", __LINE__, __FILE__, $sql); + message_die(CRITICAL_ERROR, "Couldn't update users autologin key : session_begin", "", __LINE__, __FILE__, $sql); } - - $sessiondata['autologinid'] = $autologin_key; } $sessiondata['userid'] = $user_id; - $sessiondata['sessionstart'] = $current_time; - $sessiondata['sessiontime'] = $current_time; $serialised_cookiedata = serialize($sessiondata); - setcookie($cookiename, $serialised_cookiedata, ($current_time + 31536000), $cookiepath, $cookiedomain, $cookiesecure); + setcookie($cookiename . '_data', $serialised_cookiedata, ($current_time + 31536000), $cookiepath, $cookiedomain, $cookiesecure); setcookie($cookiename . '_sid', $session_id, 0, $cookiepath, $cookiedomain, $cookiesecure); $SID = ($sessionmethod == SESSION_METHOD_GET) ? "sid=" . $session_id : ""; @@ -180,21 +217,22 @@ function session_pagestart($user_ip, $thispage_id, $session_length) $cookiedomain = $board_config['cookie_domain']; $cookiesecure = $board_config['cookie_secure']; - if( isset($HTTP_COOKIE_VARS[$cookiename . '_sid']) || isset($HTTP_COOKIE_VARS[$cookiename]) ) + $current_time = time(); + unset($userdata); + + if( isset($HTTP_COOKIE_VARS[$cookiename . '_sid']) || isset($HTTP_COOKIE_VARS[$cookiename . '_data']) ) { - $sessiondata = isset( $HTTP_COOKIE_VARS[$cookiename] ) ? unserialize(stripslashes($HTTP_COOKIE_VARS[$cookiename])) : ""; + $sessiondata = isset( $HTTP_COOKIE_VARS[$cookiename . '_data'] ) ? unserialize(stripslashes($HTTP_COOKIE_VARS[$cookiename . '_data'])) : ""; $session_id = isset( $HTTP_COOKIE_VARS[$cookiename . '_sid'] ) ? stripslashes($HTTP_COOKIE_VARS[$cookiename . '_sid']) : ""; $sessionmethod = SESSION_METHOD_COOKIE; } else { - $session_id = (isset($HTTP_GET_VARS['sid'])) ? $HTTP_GET_VARS['sid'] : ""; + $session_id = ( isset($HTTP_GET_VARS['sid']) ) ? $HTTP_GET_VARS['sid'] : ""; $sessionmethod = SESSION_METHOD_GET; } - $current_time = time(); - unset($userdata); // // Does a session exist? @@ -211,9 +249,9 @@ function session_pagestart($user_ip, $thispage_id, $session_length) AND s.session_ip = '$user_ip' AND u.user_id = s.session_user_id"; $result = $db->sql_query($sql); - if (!$result) + if( !$result ) { - message_die(CRITICAL_ERROR, "Error doing DB query userdata row fetch : session_pagestart", __LINE__, __FILE__, $sql); + message_die(CRITICAL_ERROR, "Error doing DB query userdata row fetch : session_pagestart", "", __LINE__, __FILE__, $sql); } $userdata = $db->sql_fetchrow($result); @@ -223,11 +261,22 @@ function session_pagestart($user_ip, $thispage_id, $session_length) // if( isset($userdata['user_id']) ) { - $SID = ($sessionmethod == SESSION_METHOD_GET) ? "sid=" . $session_id : ""; + $SID = ( $sessionmethod == SESSION_METHOD_GET ) ? "sid=" . $session_id : ""; - $sessiondata['sessiontime'] = $current_time; - $serialised_cookiedata = serialize($sessiondata); - setcookie($cookiename, $serialised_cookiedata, ($current_time + 31536000), $cookiepath, $cookiedomain, $cookiesecure); + if( empty($HTTP_COOKIE_VARS[$cookiename . '_data']) ) + { + if( !empty($userdata['user_autologin']) && $sessionmethod = SESSION_METHOD_COOKIE ) + { + $sessiondata['autologinid'] = $autologin_key; + } + $sessiondata['userid'] = $user_id; + $sessiondata['lastvisit'] = $userdata['session_last_visit']; + + $serialised_cookiedata = serialize($sessiondata); +// session_send_cookie("_data", $serialised_cookiedata, ($current_time + 31536000)); + setcookie($board_config['cookie_name'] . "_data", $serialised_cookiedata, ($current_time + 31536000), $board_config['cookie_path'], $board_config['cookie_domain'], $board_config['cookie_secure']); + setcookie($board_config['cookie_name'] . "_sid", $HTTP_COOKIE_VARS[$board_config['cookie_name'] . "_sid"], 0, $board_config['cookie_path'], $board_config['cookie_domain'], $board_config['cookie_secure']); + } // // Only update session DB a minute or so after last update @@ -240,35 +289,33 @@ function session_pagestart($user_ip, $thispage_id, $session_length) AND session_ip = '$user_ip' AND session_user_id = " . $userdata['user_id']; $result = $db->sql_query($sql); - if(!$result) + if( !$result ) { - message_die(CRITICAL_ERROR, "Error updating sessions table : session_pagestart", __LINE__, __FILE__, $sql); + message_die(CRITICAL_ERROR, "Error updating sessions table : session_pagestart", "", __LINE__, __FILE__, $sql); } - if( $sessionmethod == SESSION_METHOD_GET ) + if( $user_id != ANONYMOUS ) { $sql = "UPDATE " . USERS_TABLE . " SET user_lastvisit = $current_time WHERE user_id = " . $userdata['user_id']; $result = $db->sql_query($sql); - if(!$result) + if( !$result ) { - message_die(CRITICAL_ERROR, "Error updating users table : session_pagestart (GET)", __LINE__, __FILE__, $sql); + message_die(CRITICAL_ERROR, "Error updating users table : session_pagestart (GET)", "", __LINE__, __FILE__, $sql); } } - $userdata['session_time'] = $current_time; - // // Delete expired sessions // $expiry_time = $current_time - $board_config['session_length']; - $sql = "DELETE FROM " . SESSIONS_TABLE . " + $sql = "DELETE FROM " . SESSIONS_TABLE . " WHERE session_time < $expiry_time"; $result = $db->sql_query($sql); - if(!$result) + if( !$result ) { - message_die(CRITICAL_ERROR, "Error clearing sessions table : session_pagestart", __LINE__, __FILE__, $sql); + message_die(CRITICAL_ERROR, "Error clearing sessions table : session_pagestart", "", __LINE__, __FILE__, $sql); } return $userdata; @@ -281,60 +328,20 @@ function session_pagestart($user_ip, $thispage_id, $session_length) return $userdata; } } + else + { + } // // If we reach here then no (valid) session exists. So we'll create a new one, // using the cookie user_id if available to pull basic user prefs. // - $login = 0; - $autologin = 0; + $user_id = ( isset($sessiondata['userid']) ) ? $sessiondata['userid'] : ANONYMOUS; - if( isset($sessiondata['userid']) && isset($sessiondata['autologinid']) ) + $result_id = session_begin($user_id, $user_ip, $thispage_id, $board_config['session_length'], TRUE); + if( !$result_id ) { - $sql = "SELECT user_id, user_autologin_key - FROM " . USERS_TABLE . " - WHERE user_id = " . $sessiondata['userid']; - $result = $db->sql_query($sql); - if (!$result) - { - message_die(CRITICAL_ERROR, "Error doing DB query userdata row fetch (non-session) : session_pagestart", __LINE__, __FILE__, $sql); - } - - $userdata = $db->sql_fetchrow($result); - - if($userdata['user_autologin_key']) - { - if($userdata['user_autologin_key'] == $sessiondata['autologinid']) - { - // - // We have a match, and not the kind you light ... - // - $login = 1; - $autologin = 1; - $user_id = $sessiondata['userid']; - } - else - { - unset($userdata); - $user_id = ANONYMOUS; - } - } - else - { - unset($userdata); - $user_id = ANONYMOUS; - } - } - else - { - unset($userdata); - $user_id = ANONYMOUS; - } - - $result_id = session_begin($user_id, $user_ip, $thispage_id, $session_length, $login, $autologin); - if(!$result_id) - { - message_die(CRITICAL_ERROR, "Error creating user session : session_pagestart", __LINE__, __FILE__, $sql); + message_die(CRITICAL_ERROR, "Error creating user session : session_pagestart", "", __LINE__, __FILE__, $sql); } else { @@ -344,9 +351,9 @@ function session_pagestart($user_ip, $thispage_id, $session_length) AND s.session_ip = '$user_ip' AND u.user_id = s.session_user_id"; $result = $db->sql_query($sql); - if (!$result) + if ( !$result ) { - message_die(CRITICAL_ERROR, "Error doing DB query userdata row fetch : session_pagestart new user", __LINE__, __FILE__, $sql); + message_die(CRITICAL_ERROR, "Error doing DB query userdata row fetch : session_pagestart new user", "", __LINE__, __FILE__, $sql); } $userdata = $db->sql_fetchrow($result); @@ -354,7 +361,7 @@ function session_pagestart($user_ip, $thispage_id, $session_length) return $userdata; -} // session_check() +} // session_pagestart() // // session_end closes out a session @@ -371,10 +378,15 @@ function session_end($session_id, $user_id) $cookiedomain = $board_config['cookie_domain']; $cookiesecure = $board_config['cookie_secure']; - if( isset($HTTP_COOKIE_VARS[$cookiename . '_sid']) || isset($HTTP_COOKIE_VARS[$cookiename]) ) + $current_time = time(); + + // + // Pull cookiedata or grab the URI propagated sid + // + if( isset($HTTP_COOKIE_VARS[$cookiename . '_sid']) || isset($HTTP_COOKIE_VARS[$cookiename . '_data']) ) { - $sessiondata = isset( $HTTP_COOKIE_VARS[$cookiename] ) ? unserialize(stripslashes($HTTP_COOKIE_VARS[$cookiename])) : ""; - $session_id = isset( $HTTP_COOKIE_VARS[$cookiename . '_sid'] ) ? stripslashes($HTTP_COOKIE_VARS[$cookiename . '_sid']) : ""; + $sessiondata = isset( $HTTP_COOKIE_VARS[$cookiename . '_data'] ) ? unserialize(stripslashes($HTTP_COOKIE_VARS[$cookiename . '_data'])) : ""; + $session_id = isset( $HTTP_COOKIE_VARS[$cookiename . '_sid'] ) ? $HTTP_COOKIE_VARS[$cookiename . '_sid'] : ""; $sessionmethod = SESSION_METHOD_COOKIE; } @@ -384,36 +396,49 @@ function session_end($session_id, $user_id) $sessionmethod = SESSION_METHOD_GET; } - $current_time = time(); - $sql = "UPDATE " . SESSIONS_TABLE . " - SET session_logged_in = 0, session_user_id = -1, session_time = $current_time - WHERE (session_id = '" . $session_id . "') - AND (session_user_id = $user_id)"; - $result = $db->sql_query($sql, BEGIN_TRANSACTION); - if (!$result) + // + // Delete existing session + // + $sql = "DELETE FROM " . SESSIONS_TABLE . " + WHERE session_id = '$session_id' + AND session_user_id = $user_id"; + $result = $db->sql_query($sql); + if(!$result) { - message_die(CRITICAL_ERROR, "Couldn't delete user session : session_end", __LINE__, __FILE__, $sql); + message_die(CRITICAL_ERROR, "Error removing user session : session_end", "", __LINE__, __FILE__, $sql); } - if( isset($sessiondata['autologinid']) ) + // + // If a registered user then update their last visit + // and autologin (if necessary) details + // + if( $user_id != ANONYMOUS ) { + $autologin_sql = ""; + if( isset($sessiondata['autologinid']) && $sessionmethod = SESSION_METHOD_COOKIE ) + { + unset($sessiondata['autologinid']); + $autologin_sql = ", user_autologin_key = ''"; + } + $sql = "UPDATE " . USERS_TABLE . " - SET user_autologin_key = '' + SET user_lastvisit = " . time() . $autologin_sql . " WHERE user_id = $user_id"; $result = $db->sql_query($sql, END_TRANSACTION); if (!$result) { - message_die(CRITICAL_ERROR, "Couldn't reset user autologin key : session_end", __LINE__, __FILE__, $sql); + message_die(CRITICAL_ERROR, "Couldn't reset user autologin key : session_end", "", __LINE__, __FILE__, $sql); } - $sessiondata['autologinid'] = ""; + } - $sessiondata['sessionend'] = $current_time; + $sessiondata['userid'] = ANONYMOUS; + $sessiondata['lastvisit'] = $current_time; $serialised_cookiedata = serialize($sessiondata); - setcookie($cookiename, $serialised_cookiedata, ($current_time + 31536000), $cookiepath, $cookiedomain, $cookiesecure); - setcookie($cookiename . '_sid', $session_id, 0, $cookiepath, $cookiedomain, $cookiesecure); + setcookie($cookiename . '_data', $serialised_cookiedata, ($current_time + 31536000), $cookiepath, $cookiedomain, $cookiesecure); + setcookie($cookiename . '_sid', '', 0, $cookiepath, $cookiedomain, $cookiesecure); $SID = ($sessionmethod == SESSION_METHOD_GET) ? "sid=" . $session_id : ""; @@ -421,6 +446,35 @@ function session_end($session_id, $user_id) } // session_end() +// +// This checks to see if we're @ the 20 cookie limit +// if we are it re-sends the session id. This isn't a great +// solution but it does work, although resulting in +// more cookies being sent than necessary. Will re-evaluate +// this in 2.2 +// +function session_send_cookie($append_name, $set_value, $last_time) +{ + global $board_config; + global $HTTP_COOKIE_VARS, $HTTP_GET_VARS, $SID; + + setcookie($board_config['cookie_name'] . $append_name, $set_value, $last_time, $board_config['cookie_path'], $board_config['cookie_domain'], $board_config['cookie_secure']); + + $cookie_count = 0; + while( list(, $value) = each($HTTP_COOKIE_VARS) ) + { + $cookie_count += count($value); + } + + if( $cookie_count == 20 ) + { + setcookie($board_config['cookie_name'] . "_sid", stripslashes($HTTP_COOKIE_VARS[$board_config['cookie_name'] . "_sid"]), 0, $board_config['cookie_path'], $board_config['cookie_domain'], $board_config['cookie_secure']); + } + + return; +} + +// // // Append $SID to a url. Borrowed from phplib and modified. This is an // extra routine utilised by the session code above and acts as a wrapper @@ -431,9 +485,9 @@ function append_sid($url, $non_html_amp = false) { global $SID; - if(!empty($SID) && !eregi("sid=", $url)) + if( !empty($SID) && !eregi("sid=", $url) ) { - $url .= ( (strpos($url, "?") != false) ? ( ( $non_html_amp ) ? "&" : "&" ) : "?" ) . $SID; + $url .= ( ( strpos($url, "?") != false ) ? ( ( $non_html_amp ) ? "&" : "&" ) : "?" ) . $SID; } return($url); diff --git a/phpBB/index.php b/phpBB/index.php index f9e1965725..b19839314c 100644 --- a/phpBB/index.php +++ b/phpBB/index.php @@ -49,50 +49,34 @@ else // if( $mark_read == "forums" ) { - if( $userdata['session_last_visit'] ) + $sql = "SELECT MAX(post_time) AS last_post + FROM " . POSTS_TABLE; + if(!$result = $db->sql_query($sql)) { - $sql = "SELECT f.forum_id, t.topic_id - FROM " . FORUMS_TABLE . " f, " . TOPICS_TABLE . " t, " . POSTS_TABLE . " p - WHERE t.forum_id = f.forum_id - AND p.post_id = t.topic_last_post_id - AND p.post_time > " . $userdata['session_last_visit'] . " - AND t.topic_moved_id IS NULL"; - if(!$t_result = $db->sql_query($sql)) - { - message_die(GENERAL_ERROR, "Could not query new topic information", "", __LINE__, __FILE__, $sql); - } - - if( $mark_read_rows = $db->sql_numrows($t_result) ) - { - $mark_read_list = $db->sql_fetchrowset($t_result); - - for($i = 0; $i < $mark_read_rows; $i++ ) - { - $forum_id = $mark_read_list[$i]['forum_id']; - $topic_id = $mark_read_list[$i]['topic_id']; - - if( empty($HTTP_COOKIE_VARS['phpbb2_' . $forum_id . '_' . $topic_id]) ) - { - setcookie('phpbb2_' . $forum_id . '_' . $topic_id, time(), 0, $board_config['cookie_path'], $board_config['cookie_domain'], $board_config['cookie_secure']); - } - else - { - if( isset($HTTP_COOKIE_VARS['phpbb2_' . $forum_id . '_' . $topic_id]) ) - { - setcookie('phpbb2_' . $forum_id . '_' . $topic_id, time(), 0, $board_config['cookie_path'], $board_config['cookie_domain'], $board_config['cookie_secure']); - } - } - } - } - - $template->assign_vars(array( - "META" => '') - ); - - $message = $lang['Forums_marked_read'] . "

" . sprintf($lang['Click_return_index'], "", " "); - - message_die(GENERAL_MESSAGE, $message); + message_die(GENERAL_ERROR, "Could not query new topic information", "", __LINE__, __FILE__, $sql); } + + if( $forum_count = $db->sql_numrows($result) ) + { + $mark_read_list = $db->sql_fetchrow($result); + + $last_post_time = $mark_read_list['last_post']; + + if( $last_post_time > $userdata['session_last_visit'] ) + { + setcookie($board_config['cookie_name'] . "_f_all", time(), 0, $board_config['cookie_path'], $board_config['cookie_domain'], $board_config['cookie_secure']); +// session_send_cookie("_f_all", time(), 0); + } + } + + $template->assign_vars(array( + "META" => '') + ); + + $message = $lang['Forums_marked_read'] . "

" . sprintf($lang['Click_return_index'], "", " "); + + message_die(GENERAL_MESSAGE, $message); + } // // End handle marking posts @@ -150,7 +134,7 @@ if($total_categories = $db->sql_numrows($q_categories)) FROM " . POSTS_TABLE . " p WHERE p.post_id = f.forum_last_post_id ) - $limit_forums + $limit_forums )"; break; @@ -192,8 +176,7 @@ if($total_categories = $db->sql_numrows($q_categories)) WHERE t.forum_id = f.forum_id AND p.post_id = t.topic_last_post_id AND p.post_time > " . $userdata['session_last_visit'] . " - AND t.topic_moved_id IS NULL - AND t.topic_status <> " . TOPIC_LOCKED; + AND t.topic_moved_id IS NULL"; if(!$new_topic_ids = $db->sql_query($sql)) { message_die(GENERAL_ERROR, "Could not query new topic information", "", __LINE__, __FILE__, $sql); @@ -256,7 +239,11 @@ if($total_categories = $db->sql_numrows($q_categories)) "L_FORUM_LOCKED" => $lang['Forum_is_locked'], "L_MARK_FORUMS_READ" => $lang['Mark_all_forums'], "L_SEARCH_NEW" => $lang['Search_new'], + "L_SEARCH_UNANSWERED" => $lang['Search_unanswered'], + "L_SEARCH_SELF" => $lang['Search_your_posts'], + "U_SEARCH_UNANSWERED" => append_sid("search.".$phpEx."?search_id=unanswered"), + "U_SEARCH_SELF" => append_sid("search.".$phpEx."?search_id=egosearch"), "U_SEARCH_NEW" => append_sid("search.$phpEx?search_id=newposts"), "U_MARK_READ" => append_sid("index.$phpEx?mark=forums")) ); @@ -276,7 +263,7 @@ if($total_categories = $db->sql_numrows($q_categories)) { $forum_id = $forum_rows[$j]['forum_id']; - if( $is_auth_ary[$forum_id]['auth_view'] && ( ($forum_rows[$j]['cat_id'] == $cat_id && $viewcat == -1) || $cat_id == $viewcat) ) + if( $is_auth_ary[$forum_id]['auth_view'] && ( ( $forum_rows[$j]['cat_id'] == $cat_id && $viewcat == -1 ) || $cat_id == $viewcat) ) { if(!$gen_cat[$cat_id]) { @@ -297,23 +284,47 @@ if($total_categories = $db->sql_numrows($q_categories)) $unread_topics = false; if( count($new_topic_data[$forum_id]) ) { - while( list($check_topic_id, $check_post_time) = each($new_topic_data[$forum_id]) ) + $forum_last_post_time = 0; + + while( list($check_topic_id, $check_post_time) = @each($new_topic_data[$forum_id]) ) { - if( !isset($HTTP_COOKIE_VARS['phpbb2_' . $forum_id . '_' . $check_topic_id]) ) + if( !isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . "_t_$check_topic_id"]) ) { +// echo "NOT SET :: $forum_id :: $check_topic_id
\n"; $unread_topics = true; + $forum_last_post_time = max($check_post_time, $forum_last_post_time); + } else { - if($HTTP_COOKIE_VARS['phpbb2_' . $forum_id . '_' . $check_topic_id] < $check_post_time ) + if( $HTTP_COOKIE_VARS[$board_config['cookie_name'] . "_t_$check_topic_id"] < $check_post_time ) { +// echo "SET :: $forum_id :: $check_topic_id
\n"; $unread_topics = true; + $forum_last_post_time = max($check_post_time, $forum_last_post_time); } } } + + if( isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . "_f_$forum_id"]) ) + { + if( $HTTP_COOKIE_VARS[$board_config['cookie_name'] . "_f_$forum_id"] > $forum_last_post_time ) + { + $unread_topics = false; + } + } + + if( isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . "_f_all"]) ) + { + if( $HTTP_COOKIE_VARS[$board_config['cookie_name'] . "_f_all"] > $forum_last_post_time ) + { + $unread_topics = false; + } + } + } - $folder_image = ( $unread_topics ) ? "\""" : "\"""; + $folder_image = ( $unread_topics ) ? "\""" : "\"""; } $posts = $forum_rows[$j]['forum_posts']; @@ -323,11 +334,11 @@ if($total_categories = $db->sql_numrows($q_categories)) { $last_post_time = create_date($board_config['default_dateformat'], $forum_rows[$j]['post_time'], $board_config['board_timezone']); - $last_post = $last_post_time . "
" . $lang['by'] . " "; + $last_post = $last_post_time . "
"; $last_post .= ( $forum_rows[$j]['user_id'] == ANONYMOUS ) ? ( ($forum_rows[$j]['post_username'] != "" ) ? $forum_rows[$j]['post_username'] . " " : $lang['Guest'] . " " ) : "" . $forum_rows[$j]['username'] . " "; - $last_post .= "\"""; + $last_post .= "\"""; } else { @@ -363,8 +374,8 @@ if($total_categories = $db->sql_numrows($q_categories)) $moderators_links = " "; } - $row_color = ( !($count%2) ) ? $theme['td_color1'] : $theme['td_color2']; - $row_class = ( !($count%2) ) ? $theme['td_class1'] : $theme['td_class2']; + $row_color = ( !($count % 2) ) ? $theme['td_color1'] : $theme['td_color2']; + $row_class = ( !($count % 2) ) ? $theme['td_class1'] : $theme['td_class2']; $template->assign_block_vars("catrow.forumrow", array( "ROW_COLOR" => "#" . $row_color, diff --git a/phpBB/language/lang_english/lang_main.php b/phpBB/language/lang_english/lang_main.php index 3bd012bd9b..ed11dcb0e4 100644 --- a/phpBB/language/lang_english/lang_main.php +++ b/phpBB/language/lang_english/lang_main.php @@ -92,6 +92,7 @@ $lang['IP_Address'] = "IP Address"; $lang['Select_forum'] = "Select a forum"; $lang['View_latest_post'] = "View latest post"; +$lang['View_newest_post'] = "View newest post"; $lang['Page_of'] = "Page %d of %d"; // Replaces with: Page 1 of 2 for example $lang['ICQ'] = "ICQ Number"; @@ -131,9 +132,12 @@ $lang['Guest_users_total'] = "%d Guests"; $lang['Guest_user_total'] = "%d Guest"; $lang['You_last_visit'] = "You last visited on %s"; // %s replaced by date/time +$lang['Current_time'] = "The time now is %s"; // %s replaced by time + $lang['Search_new'] = "View posts since last visit"; $lang['Search_your_posts'] = "View your posts"; $lang['Search_unanswered'] = "View unanswered posts"; + $lang['Register'] = "Register"; $lang['Profile'] = "Profile"; $lang['Edit_profile'] = "Edit your profile"; diff --git a/phpBB/login.php b/phpBB/login.php index d9d5cba201..3f9645a1e8 100644 --- a/phpBB/login.php +++ b/phpBB/login.php @@ -24,12 +24,13 @@ // Allow people to reach login page if // board is shut down // -define("IN_ADMIN", true); +define("IN_LOGIN", true); $phpbb_root_path = "./"; include($phpbb_root_path . 'extension.inc'); include($phpbb_root_path . 'common.'.$phpEx); + // // Set page ID for session management // @@ -69,7 +70,7 @@ if( isset($HTTP_POST_VARS['login']) || isset($HTTP_GET_VARS['login']) || isset($ { $autologin = ( isset($HTTP_POST_VARS['autologin']) ) ? TRUE : 0; - $session_id = session_begin($rowresult['user_id'], $user_ip, PAGE_INDEX, $session_length, TRUE, $autologin); + $session_id = session_begin($rowresult['user_id'], $user_ip, PAGE_INDEX, $session_length, FALSE, $autologin); if( $session_id ) { @@ -96,7 +97,7 @@ if( isset($HTTP_POST_VARS['login']) || isset($HTTP_GET_VARS['login']) || isset($ ); $message = $lang['Error_login'] . "

" . sprintf($lang['Click_return_login'], "", " ") . "

" . sprintf($lang['Click_return_index'], "", " "); - + message_die(GENERAL_MESSAGE, $message); } } @@ -110,7 +111,7 @@ if( isset($HTTP_POST_VARS['login']) || isset($HTTP_GET_VARS['login']) || isset($ ); $message = $lang['Error_login'] . "

" . sprintf($lang['Click_return_login'], "", " ") . "

" . sprintf($lang['Click_return_index'], "", " "); - + message_die(GENERAL_MESSAGE, $message); } } diff --git a/phpBB/search.php b/phpBB/search.php index cba7b0eef8..0ffc8dd57f 100644 --- a/phpBB/search.php +++ b/phpBB/search.php @@ -256,36 +256,107 @@ if( $mode == "searchuser" ) else if( $query_keywords != "" || $query_author != "" || $search_id ) { - if( $query_keywords != "" || $query_author != "" || $search_id == "newposts" || $search_id == "egosearch" || $search_id == "unanswered") - { - $synonym_array = @file($phpbb_root_path . "language/lang_" . $board_config['default_lang'] . "/search_synonyms.txt"); - $stopword_array = @file($phpbb_root_path . "language/lang_" . $board_config['default_lang'] . "/search_stopwords.txt"); + $search_sql = ""; + // + // Cycle through options ... + // + if( $search_id == "newposts" || $search_id == "egosearch" || ( $query_author != "" && $query_keywords == "" ) ) + { if( $search_id == "newposts" ) { - $show_results = "topics"; - $search_time = $userdata['session_last_visit']; - $sortby = 0; - $sortby_dir = "DESC"; + $sql = "SELECT post_id + FROM " . POSTS_TABLE . " + WHERE post_time >= " . $userdata['session_last_visit'] . " + ORDER BY post_time DESC"; } - - if( $search_id == "egosearch" ) + else if( $search_id == "egosearch" ) { - $query_author = $userdata['username']; - $show_results = "topics"; - $search_time = 0; - $sortby = 0; - $sortby_dir = "DESC"; + $sql = "SELECT post_id + FROM " . POSTS_TABLE . " + WHERE poster_id = " . $userdata['user_id'] . " + ORDER BY post_time DESC"; } - - if( $search_id == "unanswered" ) + else { - $show_results = "topics"; - $search_time = 0; - $sortby = 0; - $sortby_dir = "DESC"; + $query_author = str_replace("*", "%", trim($query_author)); + + $sql = "SELECT p.post_id + FROM " . POSTS_TABLE . " p, " . USERS_TABLE . " u + WHERE u.username LIKE '$query_author' + AND p.poster_id = u.user_id + ORDER BY p.post_time DESC"; } - + $result = $db->sql_query($sql); + if( !$result ) + { + message_die(GENERAL_ERROR, "Couldn't obtain matched posts list", "", __LINE__, __FILE__, $sql); + } + + $sql_post_id_in = ""; + while( $row = $db->sql_fetchrow($result) ) + { + if( $sql_post_id_in != "" ) + { + $sql_post_id_in .= ", "; + } + $sql_post_id_in .= $row['post_id']; + + $total_posts++; + } + + if( $sql_post_id_in != "" ) + { + $sql = "SELECT topic_id + FROM " . POSTS_TABLE . " + WHERE post_id IN ($sql_post_id_in) + GROUP BY topic_id"; + $result = $db->sql_query($sql); + if( !$result ) + { + message_die(GENERAL_ERROR, "Couldn't matched posts", "", __LINE__, __FILE__, $sql); + } + + $sql_post_id_in = ""; + while( $row = $db->sql_fetchrow($result) ) + { + if( $sql_post_id_in != "" ) + { + $sql_post_id_in .= ", "; + } + $sql_post_id_in .= $row['topic_id']; + } + + $search_sql .= "t.topic_id IN ($sql_post_id_in) "; + } + else + { + message_die(GENERAL_MESSAGE, $lang['No_search_match']); + } + + $show_results = "topics"; + $sortby = 0; + $sortby_dir = "DESC"; + + } + else if( $search_id == "unanswered" ) + { + + $search_sql = "t.topic_replies = 0 "; + + // + // Basic requirements + // + $show_results = "topics"; + $sortby = 0; + $sortby_dir = "DESC"; + } + else if( $query_keywords != "" || $query_author != "" ) + { + + $synonym_array = @file($phpbb_root_path . "language/lang_" . $board_config['default_lang'] . "/search_synonyms.txt"); + $stopword_array = @file($phpbb_root_path . "language/lang_" . $board_config['default_lang'] . "/search_stopwords.txt"); + $cleaned_search = clean_words_search($query_keywords); $cleaned_search = remove_stop_words($cleaned_search, $stopword_array); $cleaned_search = replace_synonyms($cleaned_search, $synonym_array); @@ -384,14 +455,13 @@ else if( $query_keywords != "" || $query_author != "" || $search_id ) } } - - $sql_fields = ( $show_results == "posts") ? "pt.post_text, pt.post_subject, p.post_id, p.post_time, p.post_username, f.forum_name, t.topic_id, t.topic_title, t.topic_poster, t.topic_time, u.username, u.user_id, u.user_sig, u.user_sig_bbcode_uid" : "f.forum_id, f.forum_name, t.topic_id, t.topic_title, t.topic_poster, t.topic_time, t.topic_views, t.topic_replies, t.topic_last_post_id, u.username, u.user_id, u2.username as user2, u2.user_id as id2, p.post_time, p.post_username" ; - - $sql_from = ( $show_results == "posts") ? FORUMS_TABLE . " f, " . TOPICS_TABLE . " t, " . USERS_TABLE . " u, " . POSTS_TABLE . " p, " . POSTS_TEXT_TABLE . " pt" : FORUMS_TABLE . " f, " . TOPICS_TABLE . " t, " . USERS_TABLE . " u, " . POSTS_TABLE . " p, " . USERS_TABLE . " u2"; - - $sql_where = ( $show_results == "posts") ? "pt.post_id = p.post_id AND f.forum_id = p.forum_id AND p.topic_id = t.topic_id AND p.poster_id = u.user_id" : "f.forum_id = t.forum_id AND u.user_id = t.topic_poster AND p.post_id = t.topic_last_post_id AND u2.user_id = p.poster_id"; - - $search_sql = ""; + // + // Author name search + // + if( $query_author != "" ) + { + $query_author = str_replace("*", "%", trim($query_author)); + } // // Keyword search @@ -400,229 +470,255 @@ else if( $query_keywords != "" || $query_author != "" || $search_id ) { if( $show_results == "posts" ) { - $search_sql .= "p.post_id IN ($sql_post_id_in) "; - } - else - { - switch(SQL_LAYER) + $search_sql .= ( $query_author == "" ) ? "p.post_id IN ($sql_post_id_in)" : "p.post_id IN ($sql_post_id_in) AND u.username LIKE '$query_author' "; + + if( $search_time ) { - case 'mysql': - case 'mysql4': - $sql = "SELECT topic_id - FROM " . POSTS_TABLE . " - WHERE post_id IN ($sql_post_id_in) - GROUP BY topic_id"; - $result = $db->sql_query($sql); - if( !$result ) - { - message_die(GENERAL_ERROR, "Couldn't matched posts", "", __LINE__, __FILE__, $sql); - } - - $sql_post_id_in = ""; - while( $row = $db->sql_fetchrow($result) ) - { - if( $sql_post_id_in != "" ) - { - $sql_post_id_in .= ", "; - } - $sql_post_id_in .= $row['topic_id']; - } - - $search_sql .= "t.topic_id IN ($sql_post_id_in) "; - - break; - - default: - $search_sql .= "t.topic_id IN ( - SELECT topic_id - FROM " . POSTS_TABLE . " - WHERE post_id IN ($sql_post_id_in) - GROUP BY topic_id )"; - break; + $search_sql .= " AND p.post_time >= $search_time "; } - } - } - // - // Author name search - // - if( $query_author != "" ) - { - $query_author = str_replace("*", "%", trim($query_author)); - - if( $show_results == "posts" ) - { - $search_sql .= ( $search_sql == "" ) ? "u.username LIKE '$query_author' " : " AND u.username LIKE '$query_author' "; } else { - $search_sql .= ( $search_sql == "" ) ? "us.username LIKE '$query_author' AND us.user_id = p.poster_id " : " AND us.username LIKE '$query_author' AND us.user_id = p.poster_id "; - $sql_from .= ", " . USERS_TABLE . " us "; - } - } - // - // Unanswered Posts - // - if( $search_id == "unanswered" ) - { - $search_sql .= ( $search_sql == "" ) ? "t.topic_replies = 0 " : "AND t.topic_replies = 0 "; - } - - // - // If user is logged in then we'll check to see which (if any) private - // forums they are allowed to view and include them in the search. - // - // If not logged in we explicitly prevent searching of private forums - // - if( $search_sql != "" || $search_id == "newposts" || $search_id == "egosearch" || $search_id == "unanswered" ) - { - $sql = "SELECT $sql_fields - FROM $sql_from "; - - $sql .= ( $search_id == "newposts" ) ? "WHERE $sql_where" : "WHERE $search_sql AND $sql_where"; - - if( $search_forum != "all" ) - { - $is_auth = auth(AUTH_READ, $search_forum, $userdata); - - if( !$is_auth['auth_read'] ) + $search_time_sql = ""; + if( $search_time ) { - message_die(GENERAL_MESSAGE, $lang['No_search_match']); + $search_time_sql = ( $query_author == "" ) ? "AND post_time >= $search_time " : "AND p.post_time >= $search_time "; + } + + if( $query_author == "" ) + { + $sql = "SELECT topic_id + FROM " . POSTS_TABLE . " + WHERE post_id IN ($sql_post_id_in) + $search_time_sql + GROUP BY topic_id"; } else { - $sql .= " AND f.forum_id = $search_forum"; + $sql = "SELECT p.topic_id + FROM " . POSTS_TABLE . " p, " . USERS_TABLE . " u + WHERE p.post_id IN ($sql_post_id_in) + AND u.username LIKE '$query_author' + AND p.poster_id = u.user_id + $search_time_sql + GROUP BY p.topic_id"; } - } - else - { - $is_auth_ary = auth(AUTH_READ, AUTH_LIST_ALL, $userdata); - - if( $search_cat != "all" ) + $result = $db->sql_query($sql); + if( !$result ) { - $sql .= " AND f.cat_id = $search_cat"; + message_die(GENERAL_ERROR, "Couldn't matched posts", "", __LINE__, __FILE__, $sql); } - $ignore_forum_sql = ""; - while( list($key, $value) = each($is_auth_ary) ) - { - if( !$value['auth_read'] ) - { - if( $ignore_forum_sql != "" ) - { - $ignore_forum_sql .= ", "; - } - $ignore_forum_sql .= $key; - } - } - - if( $ignore_forum_sql != "" ) - { - $sql .= " AND f.forum_id NOT IN ($ignore_forum_sql) "; - } - } - - if( $search_time ) - { - $sql .= " AND p.post_time >= $search_time "; - } - - $sql .= " ORDER BY " . $sortby_sql[$sortby] . " $sortby_dir"; - - if( !$result = $db->sql_query($sql) ) - { - message_die(GENERAL_ERROR, "Couldn't obtain search results", "", __LINE__, __FILE__, $sql); - } - - $total_match_count = $db->sql_numrows($result); - - $searchset = $db->sql_fetchrowset($result); - - // - // Clean up search results table - // - $sql = "SELECT session_id - FROM " . SESSIONS_TABLE; - if( $result = $db->sql_query($sql) ) - { - $delete_search_id_sql = ""; + $sql_post_id_in = ""; while( $row = $db->sql_fetchrow($result) ) { - if( $delete_search_id_sql != "" ) + if( $sql_post_id_in != "" ) { - $delete_search_id_sql .= ", "; + $sql_post_id_in .= ", "; } - $delete_search_id_sql .= "'" . $row['session_id'] . "'"; + $sql_post_id_in .= $row['topic_id']; } + $search_sql .= "t.topic_id IN ($sql_post_id_in) "; +/* + if( $query_author == "" ) + { + $search_sql .= "t.topic_id IN ( + SELECT topic_id + FROM " . POSTS_TABLE . " + WHERE post_id IN ($sql_post_id_in) + $search_time_sql + GROUP BY topic_id )"; + } + else + { + $search_sql .= "t.topic_id IN ( + SELECT p.topic_id + FROM " . POSTS_TABLE . " p, " . USERS_TABLE . " u + WHERE p.post_id IN ($sql_post_id_in) + AND u.username LIKE '$query_author' + AND p.poster_id = u.user_id + $search_time_sql + GROUP BY p.topic_id )"; + } +*/ + + } + } + else + { + message_die(GENERAL_MESSAGE, $lang['No_search_match']); + } + } + + // + // Define common SQL + // + $sql_fields = ( $show_results == "posts") ? "pt.post_text, pt.post_subject, p.post_id, p.post_time, p.post_username, f.forum_name, t.topic_id, t.topic_title, t.topic_poster, t.topic_time, t.topic_views, t.topic_replies, u.username, u.user_id, u.user_sig, u.user_sig_bbcode_uid" : "f.forum_id, f.forum_name, t.topic_id, t.topic_title, t.topic_poster, t.topic_time, t.topic_views, t.topic_replies, t.topic_last_post_id, u.username, u.user_id, u2.username as user2, u2.user_id as id2, p.post_time, p.post_username" ; + + $sql_from = ( $show_results == "posts") ? FORUMS_TABLE . " f, " . TOPICS_TABLE . " t, " . USERS_TABLE . " u, " . POSTS_TABLE . " p, " . POSTS_TEXT_TABLE . " pt" : FORUMS_TABLE . " f, " . TOPICS_TABLE . " t, " . USERS_TABLE . " u, " . POSTS_TABLE . " p, " . USERS_TABLE . " u2"; + + $sql_where = ( $show_results == "posts") ? "pt.post_id = p.post_id AND f.forum_id = p.forum_id AND p.topic_id = t.topic_id AND p.poster_id = u.user_id" : "f.forum_id = t.forum_id AND u.user_id = t.topic_poster AND p.post_id = t.topic_last_post_id AND u2.user_id = p.poster_id"; + + // + // Build query ... + // + $sql = "SELECT $sql_fields + FROM $sql_from "; + + $sql .= "WHERE $search_sql AND $sql_where "; + + // + // If user is logged in then we'll check to see which (if any) private + // forums they are allowed to view and include them in the search. + // + // If not logged in we explicitly prevent searching of private forums + // + $auth_sql = ""; + if( $search_forum != "all" ) + { + $is_auth = auth(AUTH_READ, $search_forum, $userdata); + + if( !$is_auth['auth_read'] ) + { + message_die(GENERAL_MESSAGE, $lang['No_searchable_forums']); + } + else + { + $auth_sql = "f.forum_id = $search_forum"; + } + } + else + { + $is_auth_ary = auth(AUTH_READ, AUTH_LIST_ALL, $userdata); + + if( $search_cat != "all" ) + { + $auth_sql = "f.cat_id = $search_cat"; + } + + $ignore_forum_sql = ""; + while( list($key, $value) = each($is_auth_ary) ) + { + if( !$value['auth_read'] ) + { + if( $ignore_forum_sql != "" ) + { + $ignore_forum_sql .= ", "; + } + $ignore_forum_sql .= $key; + } + } + + if( $ignore_forum_sql != "" ) + { + $auth_sql .= ( $auth_sql != "" ) ? " AND f.forum_id NOT IN ($ignore_forum_sql) " : "f.forum_id NOT IN ($ignore_forum_sql) "; + } + } + + // + // Finish building query (for all combinations) + // and run it ... + // + if( $search_sql != "" || $search_id == "newposts" || $search_id == "egosearch" || $search_id == "unanswered" ) + { + if( $auth_sql != "" ) + { + $sql .= " AND " . $auth_sql; + } + + $sql .= " ORDER BY " . $sortby_sql[$sortby] . " $sortby_dir"; + + if( !$result = $db->sql_query($sql) ) + { + message_die(GENERAL_ERROR, "Couldn't obtain search results", "", __LINE__, __FILE__, $sql); + } + + $total_match_count = $db->sql_numrows($result); + + $searchset = $db->sql_fetchrowset($result); + + // + // Clean up search results table + // + $sql = "SELECT session_id + FROM " . SESSIONS_TABLE; + if( $result = $db->sql_query($sql) ) + { + $delete_search_id_sql = ""; + while( $row = $db->sql_fetchrow($result) ) + { if( $delete_search_id_sql != "" ) { - $sql = "DELETE FROM " . SEARCH_TABLE . " - WHERE session_id NOT IN ($delete_search_id_sql)"; - if( !$result = $db->sql_query($sql) ) - { - message_die(GENERAL_ERROR, "Couldn't delete old search id sessions", "", __LINE__, __FILE__, $sql); - } + $delete_search_id_sql .= ", "; + } + $delete_search_id_sql .= "'" . $row['session_id'] . "'"; + } + + if( $delete_search_id_sql != "" ) + { + $sql = "DELETE FROM " . SEARCH_TABLE . " + WHERE session_id NOT IN ($delete_search_id_sql)"; + if( !$result = $db->sql_query($sql) ) + { + message_die(GENERAL_ERROR, "Couldn't delete old search id sessions", "", __LINE__, __FILE__, $sql); } } + } + + // + // Store new result data + // + if( $total_match_count ) + { + $search_results = ""; + for($i = 0; $i < count($searchset); $i++) + { + if( $show_results == "posts") + { + $search_results .= ($search_results != "") ? ", " . $searchset[$i]['post_id'] : $searchset[$i]['post_id']; + } + else + { + $search_results .= ($search_results != "") ? ", " . $searchset[$i]['topic_id'] : $searchset[$i]['topic_id']; + } + } + + $per_page = ( $show_results == "posts" ) ? $board_config['posts_per_page'] : $board_config['topics_per_page']; // - // Store new result data + // Combine both results and search data (apart from original query) + // so we can serialize it and place it in the DB // - if( $total_match_count ) + $store_search_data = array(); + $store_search_data['results'] = $search_results; + $store_search_data['word_array'] = $split_search; + $store_search_data['match_count'] = $total_match_count; + + $result_array = serialize($store_search_data); + unset($store_search_data); + unset($search_results); + + mt_srand ((double) microtime() * 1000000); + $search_id = mt_rand(); + + $sql = "UPDATE " . SEARCH_TABLE . " + SET search_id = $search_id, search_array = '$result_array' + WHERE session_id = '" . $userdata['session_id'] . "'"; + $result = $db->sql_query($sql); + if( !$result || !$db->sql_affectedrows() ) { - $search_results = ""; - for($i = 0; $i < count($searchset); $i++) + $sql = "INSERT INTO " . SEARCH_TABLE . " (search_id, session_id, search_array) + VALUES($search_id, '" . $userdata['session_id'] . "', '$result_array')"; + if( !$result = $db->sql_query($sql) ) { - if( $show_results == "posts") - { - $search_results .= ($search_results != "") ? ", " . $searchset[$i]['post_id'] : $searchset[$i]['post_id']; - } - else - { - $search_results .= ($search_results != "") ? ", " . $searchset[$i]['topic_id'] : $searchset[$i]['topic_id']; - } + message_die(GENERAL_ERROR, "Couldn't insert search results", "", __LINE__, __FILE__, $sql); } - - $per_page = ( $show_results == "posts" ) ? $board_config['posts_per_page'] : $board_config['topics_per_page']; - - // - // Combine both results and search data (apart from original query) - // so we can serialize it and place it in the DB - // - $store_search_data = array(); - $store_search_data['results'] = $search_results; - $store_search_data['word_array'] = $split_search; - $store_search_data['match_count'] = $total_match_count; - - $result_array = serialize($store_search_data); - unset($store_search_data); - unset($search_results); - - mt_srand ((double) microtime() * 1000000); - $search_id = mt_rand(); - - $sql = "UPDATE " . SEARCH_TABLE . " - SET search_id = $search_id, search_array = '$result_array' - WHERE session_id = '" . $userdata['session_id'] . "'"; - $result = $db->sql_query($sql); - if( !$result || !$db->sql_affectedrows() ) - { - $sql = "INSERT INTO " . SEARCH_TABLE . " (search_id, session_id, search_array) - VALUES($search_id, '" . $userdata['session_id'] . "', '$result_array')"; - if( !$result = $db->sql_query($sql) ) - { - message_die(GENERAL_ERROR, "Couldn't insert search results", "", __LINE__, __FILE__, $sql); - } - } - - $db->sql_freeresult($result); - - } - else - { - message_die(GENERAL_MESSAGE, $lang['No_search_match']); } + + $db->sql_freeresult($result); + } else { @@ -742,6 +838,8 @@ else if( $query_keywords != "" || $query_author != "" || $search_id ) ); $highlight_active = ""; + $search_string = array(); + $replace_string = array(); for($j = 0; $j < count($split_search); $j++ ) { $split_word = $split_search[$j]; @@ -750,7 +848,7 @@ else if( $query_keywords != "" || $query_author != "" || $search_id ) { $highlight_active .= " " . $split_word; - $search_string[] = "#\b(" . preg_quote(str_replace("*", ".*?", $split_word), "#") . ")\b#i"; + $search_string[] = "#\b(" . str_replace("\*", ".*?", preg_quote($split_word, "#")) . ")(?!.*?<\/a>)(?!.*?\[/url\])\b#i"; $replace_string[] = "\\1"; for ($k = 0; $k < count($synonym_array); $k++) @@ -759,7 +857,7 @@ else if( $query_keywords != "" || $query_author != "" || $search_id ) if( $replace_synonym == $split_word ) { - $search_string[] = "#\b(" . preg_quote($match_synonym, "#") . ")\b#i"; + $search_string[] = "#\b(" . str_replace("\*", ".*?", preg_quote($replace_synonym, "#")) . ")(?!.*?<\/a>)(?!.*?\[/url\])\b#i"; $replace_string[] = "\\1"; $highlight_active .= " " . $match_synonym; @@ -797,13 +895,27 @@ else if( $query_keywords != "" || $query_author != "" || $search_id ) $message = (strlen($message) > $return_chars) ? substr($message, 0, $return_chars) . " ..." : $message; $message = strip_tags($message); $message = preg_replace("/\[.*?:$bbcode_uid:?.*?\]/si", "", $message); + + if( count($search_string) ) + { + $message = preg_replace($search_string, $replace_string, $message); + } + $message = preg_replace("/\[url\]|\[\/url\]/si", "", $message); + } else { $user_sig = $searchset[$i]['user_sig']; $user_sig_bbcode_uid = $searchset[$i]['user_sig_bbcode_uid']; + $message = make_clickable($message); + + if( count($search_string) ) + { + $message = preg_replace($search_string, $replace_string, $message); + } + if( !$board_config['allow_html'] ) { if( $user_sig != "" && $searchset[$i]['enable_sig'] && $userdata['user_allowhtml'] ) @@ -827,8 +939,6 @@ else if( $query_keywords != "" || $query_author != "" || $search_id ) $message = ( $board_config['allow_bbcode'] ) ? bbencode_second_pass($message, $bbcode_uid) : preg_replace("/\:[0-9a-z\:]+\]/si", "]", $message); } - $message = make_clickable($message); - if( $searchset[$i]['enable_sig'] ) { $message .= "

_________________
" . make_clickable($user_sig); @@ -854,11 +964,8 @@ else if( $query_keywords != "" || $query_author != "" || $search_id ) $message = str_replace("\n", "
", $message); - if( count($search_string) ) - { - $message = preg_replace($search_string, $replace_string, $message); - } } + $template->assign_block_vars("searchresults", array( "TOPIC_TITLE" => $topic_title, "FORUM_NAME" => $searchset[$i]['forum_name'], @@ -983,35 +1090,63 @@ else if( $query_keywords != "" || $query_author != "" || $search_id ) } } - if( empty($HTTP_COOKIE_VARS['phpbb2_' . $forum_id . '_' . $topic_id]) && $searchset[$i]['post_time'] > $userdata['session_last_visit'] ) + if( isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . "_t_$topic_id"]) || + isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . "_f_$forum_id"]) || + isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . "_f_all"]) ) { - $folder_image = "\"""; - $newest_post_img = "\"" "; - } - else - { - if( isset($HTTP_COOKIE_VARS['phpbb2_' . $forum_id . '_' . $topic_id]) ) + $unread_topics = true; + + if( isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . "_t_$topic_id"]) ) { - if( $HTTP_COOKIE_VARS['phpbb2_' . $forum_id . '_' . $topic_id] < $searchset[$i]['post_time'] && $searchset[$i]['post_time'] > $userdata['session_last_visit'] ) + if( $HTTP_COOKIE_VARS[$board_config['cookie_name'] . "_t_$topic_id"] > $topic_rowset[$i]['post_time'] ) { - $folder_image = "\"""; + $unread_topics = false; + } + } - $newest_post_img = "\"" "; - } - else + if( isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . "_f_$forum_id"]) ) + { + if( $HTTP_COOKIE_VARS[$board_config['cookie_name'] . "_f_$forum_id"] > $topic_rowset[$i]['post_time'] ) { - $folder_alt = ( $searchset[$i]['topic_status'] == TOPIC_LOCKED ) ? $lang['Topic_locked'] : $lang['No_new_posts']; - $folder_image = "\"$folder_alt\""; - $newest_post_img = ""; + $unread_topics = false; } } + + if( isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . "_f_all"]) ) + { + if( $HTTP_COOKIE_VARS[$board_config['cookie_name'] . "_f_all"] > $topic_rowset[$i]['post_time'] ) + { + $unread_topics = false; + } + } + + if( $unread_topics ) + { + $folder_image = "\"""; + + $newest_post_img = "\"" "; + } else { - $folder_alt = ( $searchset[$i]['topic_status'] == TOPIC_LOCKED ) ? $lang['Topic_locked'] : $lang['No_new_posts']; - $folder_image = "\"$folder_alt\""; + $folder_alt = ( $topic_rowset[$i]['topic_status'] == TOPIC_LOCKED ) ? $lang['Topic_locked'] : $lang['No_new_posts']; + + $folder_image = "\"$folder_alt\""; $newest_post_img = ""; } + + } + else if( $topic_rowset[$i]['post_time'] > $userdata['session_last_visit'] ) + { + $folder_image = "\"""; + + $newest_post_img = "\"" "; + } + else + { + $folder_alt = ( $topic_rowset[$i]['topic_status'] == TOPIC_LOCKED ) ? $lang['Topic_locked'] : $lang['No_new_posts']; + $folder_image = "\"$folder_alt\""; + $newest_post_img = ""; } } diff --git a/phpBB/templates/subSilver/index_body.tpl b/phpBB/templates/subSilver/index_body.tpl index 55d2fe0bcf..d8265135b1 100644 --- a/phpBB/templates/subSilver/index_body.tpl +++ b/phpBB/templates/subSilver/index_body.tpl @@ -1,13 +1,14 @@ +
+ - - + + {L_SEARCH_UNANSWERED}
{L_SEARCH_NEW}
{L_INDEX} + {LAST_VISIT_DATE}
{CURRENT_TIME}

{L_INDEX}		 {L_SEARCH_SELF}
- {L_SEARCH_UNANSWERED}
- {L_SEARCH_NEW}
{LAST_VISIT_DATE}
diff --git a/phpBB/viewforum.php b/phpBB/viewforum.php index 306fce295c..84b8636cad 100644 --- a/phpBB/viewforum.php +++ b/phpBB/viewforum.php @@ -112,49 +112,31 @@ if( !$is_auth['auth_read'] || !$is_auth['auth_view'] ) // if( $mark_read == "topics" ) { - if( $userdata['session_last_visit'] ) + $sql = "SELECT MAX(post_time) AS last_post + FROM " . POSTS_TABLE . " + WHERE forum_id = $forum_id"; + if( !$result = $db->sql_query($sql) ) { - $sql = "SELECT t.topic_id, p.post_time - FROM " . TOPICS_TABLE . " t, " . POSTS_TABLE . " p - WHERE t.forum_id = $forum_id - AND p.post_id = t.topic_last_post_id - AND p.post_time > " . $userdata['session_last_visit'] . " - AND t.topic_moved_id IS NULL"; - if(!$t_result = $db->sql_query($sql)) - { - message_die(GENERAL_ERROR, "Couldn't obtain topic information", "", __LINE__, __FILE__, $sql); - } - - if( $mark_read_rows = $db->sql_numrows($t_result) ) - { - $mark_read_list = $db->sql_fetchrowset($t_result); - - for($i = 0; $i < $mark_read_rows; $i++ ) - { - $topic_id = $mark_read_list[$i]['topic_id']; - $post_time = $mark_read_list[$i]['post_time']; - - if( empty($HTTP_COOKIE_VARS['phpbb2_' . $forum_id . '_' . $topic_id]) ) - { - setcookie('phpbb2_' . $forum_id . '_' . $topic_id, time(), 0, $board_config['cookie_path'], $board_config['cookie_domain'], $board_config['cookie_secure']); - } - else - { - if( isset($HTTP_COOKIE_VARS['phpbb2_' . $forum_id . '_' . $topic_id]) ) - { - setcookie('phpbb2_' . $forum_id . '_' . $topic_id, time(), 0, $board_config['cookie_path'], $board_config['cookie_domain'], $board_config['cookie_secure']); - } - } - } - } - - $template->assign_vars(array( - "META" => '') - ); - - $message = $lang['Topics_marked_read'] . "

" . sprintf($lang['Click_return_forum'], "", " "); - message_die(GENERAL_MESSAGE, $message); + message_die(GENERAL_ERROR, "Couldn't obtain forums information.", "", __LINE__, __FILE__, $sql); } + + if( $db->sql_numrows($result) ) + { + $row = $db->sql_fetchrow($result); + + if( $row['last_post'] > $userdata['session_last_visit'] ) + { + setcookie($board_config['cookie_name'] . "_f_$forum_id", time(), 0, $board_config['cookie_path'], $board_config['cookie_domain'], $board_config['cookie_secure']); +// session_send_cookie("_f_$forum_id", time(), 0); + } + } + + $template->assign_vars(array( + "META" => '') + ); + + $message = $lang['Topics_marked_read'] . "

" . sprintf($lang['Click_return_forum'], "", " "); + message_die(GENERAL_MESSAGE, $message); } // // End handle marking posts @@ -238,11 +220,11 @@ if( !empty($HTTP_POST_VARS['topicdays']) || !empty($HTTP_GET_VARS['topicdays']) $topic_days = ( !empty($HTTP_POST_VARS['topicdays']) ) ? $HTTP_POST_VARS['topicdays'] : $HTTP_GET_VARS['topicdays']; $min_topic_time = time() - ($topic_days * 86400); - $sql = "SELECT COUNT(t.topic_id) AS forum_topics - FROM " . TOPICS_TABLE . " t, " . POSTS_TABLE . " p - WHERE t.forum_id = $forum_id + $sql = "SELECT COUNT(t.topic_id) AS forum_topics + FROM " . TOPICS_TABLE . " t, " . POSTS_TABLE . " p + WHERE t.forum_id = $forum_id AND p.post_id = t.topic_last_post_id - AND p.post_time >= $min_topic_time"; + AND p.post_time >= $min_topic_time"; if( !$result = $db->sql_query($sql) ) { @@ -449,7 +431,7 @@ if( $total_topics ) if( ( $replies + 1 ) > $board_config['posts_per_page'] ) { - $goto_page = " [ \""" . $lang['Goto_page'] . ": "; + $goto_page = " [ \""" . $lang['Goto_page'] . ": "; $times = 1; for($j = 0; $j < $replies + 1; $j += $board_config['posts_per_page']) @@ -483,7 +465,7 @@ if( $total_topics ) $topic_type = $lang['Topic_Moved'] . " "; $topic_id = $topic_rowset[$i]['topic_moved_id']; - $folder_image = "\"""; + $folder_image = "\"""; $newest_post_img = ""; } else @@ -517,35 +499,63 @@ if( $total_topics ) } } - if( empty($HTTP_COOKIE_VARS['phpbb2_' . $forum_id . '_' . $topic_id]) && $topic_rowset[$i]['post_time'] > $userdata['session_last_visit'] ) + if( isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . "_t_$topic_id"]) || + isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . "_f_$forum_id"]) || + isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . "_f_all"]) ) { - $folder_image = "\"""; - $newest_post_img = "\"" "; - } - else - { - if( isset($HTTP_COOKIE_VARS['phpbb2_' . $forum_id . '_' . $topic_id]) ) + $unread_topics = true; + + if( isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . "_t_$topic_id"]) ) { - if( $HTTP_COOKIE_VARS['phpbb2_' . $forum_id . '_' . $topic_id] < $topic_rowset[$i]['post_time'] ) + if( $HTTP_COOKIE_VARS[$board_config['cookie_name'] . "_t_$topic_id"] > $topic_rowset[$i]['post_time'] ) { - $folder_image = "\"""; + $unread_topics = false; + } + } - $newest_post_img = "\"" "; - } - else + if( isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . "_f_$forum_id"]) ) + { + if( $HTTP_COOKIE_VARS[$board_config['cookie_name'] . "_f_$forum_id"] > $topic_rowset[$i]['post_time'] ) { - $folder_alt = ( $topic_rowset[$i]['topic_status'] == TOPIC_LOCKED ) ? $lang['Topic_locked'] : $lang['No_new_posts']; - $folder_image = "\"$folder_alt\""; - $newest_post_img = ""; + $unread_topics = false; } } + + if( isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . "_f_all"]) ) + { + if( $HTTP_COOKIE_VARS[$board_config['cookie_name'] . "_f_all"] > $topic_rowset[$i]['post_time'] ) + { + $unread_topics = false; + } + } + + if( $unread_topics ) + { + $folder_image = "\"""; + + $newest_post_img = "\"" "; + } else { $folder_alt = ( $topic_rowset[$i]['topic_status'] == TOPIC_LOCKED ) ? $lang['Topic_locked'] : $lang['No_new_posts']; - $folder_image = "\"$folder_alt\""; + + $folder_image = "\"$folder_alt\""; $newest_post_img = ""; } + + } + else if( $topic_rowset[$i]['post_time'] > $userdata['session_last_visit'] ) + { + $folder_image = "\"""; + + $newest_post_img = "\"" "; + } + else + { + $folder_alt = ( $topic_rowset[$i]['topic_status'] == TOPIC_LOCKED ) ? $lang['Topic_locked'] : $lang['No_new_posts']; + $folder_image = "\"$folder_alt\""; + $newest_post_img = ""; } } @@ -557,15 +567,14 @@ if( $total_topics ) $last_post_time = create_date($board_config['default_dateformat'], $topic_rowset[$i]['post_time'], $board_config['board_timezone']); - $last_post = $last_post_time . "
" . $lang['by'] . " "; + $last_post = $last_post_time . "
"; $last_post .= ( $topic_rowset[$i]['id2'] == ANONYMOUS ) ? ( ($topic_rowset[$i]['post_username'] != "" ) ? $topic_rowset[$i]['post_username'] . " " : $lang['Guest'] . " " ) : "" . $topic_rowset[$i]['user2'] . " "; - $last_post .= "\"""; + $last_post .= "\"""; $views = $topic_rowset[$i]['topic_views']; - $row_color = ( !($i%2) ) ? $theme['td_color1'] : $theme['td_color2']; - $row_class = ( !($i%2) ) ? $theme['td_class1'] : $theme['td_class2']; - + $row_color = ( !($i % 2) ) ? $theme['td_color1'] : $theme['td_color2']; + $row_class = ( !($i % 2) ) ? $theme['td_class1'] : $theme['td_class2']; $template->assign_block_vars("topicrow", array( "FORUM_ID" => $forum_id, @@ -634,4 +643,4 @@ $template->pparse("body"); // include($phpbb_root_path . 'includes/page_tail.'.$phpEx); -?> +?> \ No newline at end of file diff --git a/phpBB/viewtopic.php b/phpBB/viewtopic.php index 5869f0e6df..f132455c0d 100644 --- a/phpBB/viewtopic.php +++ b/phpBB/viewtopic.php @@ -56,31 +56,37 @@ if( isset($HTTP_GET_VARS["view"]) && empty($HTTP_GET_VARS[POST_POST_URL]) ) { if( $HTTP_GET_VARS["view"] == "newest" ) { - if( isset($HTTP_COOKIE_VARS[$board_config['cookie_name']]) ) + if( isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . "_sid"]) ) { - $sessiondata = unserialize(stripslashes($HTTP_COOKIE_VARS[$board_config['cookie_name']])); + $session_id = $HTTP_COOKIE_VARS[$board_config['cookie_name'] . "_sid"]; - $newest_time = $sessiondata['lastvisit']; - - $sql = "SELECT post_id - FROM " . POSTS_TABLE . " - WHERE topic_id = $topic_id - AND post_time >= $newest_time - ORDER BY post_time ASC - LIMIT 1"; - if( !$result = $db->sql_query($sql) ) + if( $session_id ) { - message_die(GENERAL_ERROR, "Couldn't obtain newer/older topic information", "", __LINE__, __FILE__, $sql); - } + $sql = "SELECT p.post_id + FROM " . POSTS_TABLE . " p, " . SESSIONS_TABLE . " s + WHERE topic_id = $topic_id + AND s.session_id = '$session_id' + AND p.post_time >= s.session_last_visit + ORDER BY p.post_time ASC + LIMIT 1"; + if( !$result = $db->sql_query($sql) ) + { + message_die(GENERAL_ERROR, "Couldn't obtain newer/older topic information", "", __LINE__, __FILE__, $sql); + } - if( !($row = $db->sql_fetchrow($result)) ) - { - message_die(GENERAL_MESSAGE, $lang['No_new_posts_last_visit']); + if( !($row = $db->sql_fetchrow($result)) ) + { + message_die(GENERAL_MESSAGE, $lang['No_new_posts_last_visit']); + } + else + { + $post_id = $row['post_id']; + header("Location: " . append_sid("viewtopic.$phpEx?" . POST_POST_URL . "=$post_id#$post_id", true)); + } } else { - $post_id = $row['post_id']; - header("Location: " . append_sid("viewtopic.$phpEx?" . POST_POST_URL . "=$post_id#$post_id", true)); + header("Location: " . append_sid("viewtopic.$phpEx?" . POST_TOPIC_URL . "=$topic_id", true)); } } else @@ -137,24 +143,23 @@ if( isset($HTTP_GET_VARS["view"]) && empty($HTTP_GET_VARS[POST_POST_URL]) ) // also allows for direct linking to a post (and the calculation of which // page the post is on and the correct display of viewtopic) // -$join_sql_table = (!isset($post_id)) ? "" : "" . POSTS_TABLE . " p, " . POSTS_TABLE . " p2,"; -$join_sql = (!isset($post_id)) ? "t.topic_id = $topic_id" : "p.post_id = $post_id AND t.topic_id = p.topic_id AND p2.topic_id = p.topic_id AND p2.post_id <= $post_id"; -$count_sql = (!isset($post_id)) ? "" : ", COUNT(p2.post_id) AS prev_posts"; +$join_sql_table = ( !isset($post_id) ) ? "" : ", " . POSTS_TABLE . " p, " . POSTS_TABLE . " p2 "; +$join_sql = ( !isset($post_id) ) ? "t.topic_id = $topic_id" : "p.post_id = $post_id AND t.topic_id = p.topic_id AND p2.topic_id = p.topic_id AND p2.post_id <= $post_id"; +$count_sql = ( !isset($post_id) ) ? "" : ", COUNT(p2.post_id) AS prev_posts"; -$order_sql = (!isset($post_id)) ? "" : "GROUP BY p.post_id, t.topic_id, t.topic_title, t.topic_status, t.topic_replies, t.topic_time, t.topic_type, t.topic_vote, f.forum_name, f.forum_status, f.forum_id, f.auth_view, f.auth_read, f.auth_post, f.auth_reply, f.auth_edit, f.auth_delete, f.auth_sticky, f.auth_announce, f.auth_pollcreate, f.auth_vote, f.auth_attachments ORDER BY p.post_id ASC"; +$order_sql = ( !isset($post_id) ) ? "" : "GROUP BY p.post_id, t.topic_id, t.topic_title, t.topic_status, t.topic_replies, t.topic_time, t.topic_type, t.topic_vote, f.forum_name, f.forum_status, f.forum_id, f.auth_view, f.auth_read, f.auth_post, f.auth_reply, f.auth_edit, f.auth_delete, f.auth_sticky, f.auth_announce, f.auth_pollcreate, f.auth_vote, f.auth_attachments ORDER BY p.post_id ASC"; $sql = "SELECT t.topic_id, t.topic_title, t.topic_status, t.topic_replies, t.topic_time, t.topic_type, t.topic_vote, f.forum_name, f.forum_status, f.forum_id, f.auth_view, f.auth_read, f.auth_post, f.auth_reply, f.auth_edit, f.auth_delete, f.auth_sticky, f.auth_announce, f.auth_pollcreate, f.auth_vote, f.auth_attachments" . $count_sql . " - FROM $join_sql_table " . TOPICS_TABLE . " t, " . FORUMS_TABLE . " f + FROM " . TOPICS_TABLE . " t, " . FORUMS_TABLE . " f" . $join_sql_table . " WHERE $join_sql AND f.forum_id = t.forum_id $order_sql"; - -if(!$result = $db->sql_query($sql)) +if( !$result = $db->sql_query($sql) ) { message_die(GENERAL_ERROR, "Couldn't obtain topic information", "", __LINE__, __FILE__, $sql); } -if(!$total_rows = $db->sql_numrows($result)) +if( !$total_rows = $db->sql_numrows($result) ) { message_die(GENERAL_MESSAGE, 'Topic_post_not_exist', "", __LINE__, __FILE__, $sql); } @@ -206,7 +211,7 @@ if(!$is_auth['auth_view'] || !$is_auth['auth_read']) // a number of problems which will probably end up in this // solution being practically as fast and certainly simpler! // -if($userdata['user_id'] != ANONYMOUS) +if( $userdata['user_id'] != ANONYMOUS ) { $can_watch_topic = TRUE; @@ -317,9 +322,9 @@ else $previous_days = array(0, 1, 7, 14, 30, 90, 180, 364); $previous_days_text = array($lang['All_Posts'], $lang['1_Day'], $lang['7_Days'], $lang['2_Weeks'], $lang['1_Month'], $lang['3_Months'], $lang['6_Months'], $lang['1_Year']); -if(!empty($HTTP_POST_VARS['postdays']) || !empty($HTTP_GET_VARS['postdays'])) +if( !empty($HTTP_POST_VARS['postdays']) || !empty($HTTP_GET_VARS['postdays']) ) { - $post_days = (!empty($HTTP_POST_VARS['postdays'])) ? $HTTP_POST_VARS['postdays'] : $HTTP_GET_VARS['postdays']; + $post_days = ( !empty($HTTP_POST_VARS['postdays']) ) ? $HTTP_POST_VARS['postdays'] : $HTTP_GET_VARS['postdays']; $min_post_time = time() - ($post_days * 86400); $sql = "SELECT COUNT(post_id) AS num_posts @@ -454,11 +459,28 @@ $post_alt = ( $forum_row['forum_status'] == FORUM_LOCKED ) ? $lang['Forum_locked // // Dump out the page header and load viewtopic body template // -$topic_last_read = ( isset($HTTP_COOKIE_VARS['phpbb2_' . $forum_id . '_' . $topic_id]) ) ? $HTTP_COOKIE_VARS['phpbb2_' . $forum_id . '_' . $topic_id] : 0; - -setcookie('phpbb2_' . $forum_id . '_' . $topic_id, time(), 0, $board_config['cookie_path'], $board_config['cookie_domain'], $board_config['cookie_secure']); +if( isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . "_t_$topic_id"]) && isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . "_f_$forum_id"]) ) +{ + $topic_last_read = ( $HTTP_COOKIE_VARS[$board_config['cookie_name'] . "_t_$topic_id"] > $HTTP_COOKIE_VARS[$board_config['cookie_name'] . "_f_$forum_id"] ) ? $HTTP_COOKIE_VARS[$board_config['cookie_name'] . "_t_$topic_id"] : $HTTP_COOKIE_VARS[$board_config['cookie_name'] . "_f_$forum_id"]; +} +else if( isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . "_t_$topic_id"]) || isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . "_f_$forum_id"]) ) +{ + $topic_last_read = ( isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . "_t_$topic_id"]) ) ? $HTTP_COOKIE_VARS[$board_config['cookie_name'] . "_t_$topic_id"] : $HTTP_COOKIE_VARS[$board_config['cookie_name'] . "_f_$forum_id"]; +} +else +{ + $topic_last_read = $userdata['session_last_visit']; +} +// +// Set a cookie for this topic +// +setcookie($board_config['cookie_name'] . "_t_$topic_id", time(), 0, $board_config['cookie_path'], $board_config['cookie_domain'], $board_config['cookie_secure']); +//session_send_cookie("_t_$topic_id", time(), 0); +// +// Load templates +// $template->set_filenames(array( "body" => "viewtopic_body.tpl", "jumpbox" => "jumpbox.tpl") @@ -514,6 +536,9 @@ if( count($orig_word) ) if( isset($HTTP_GET_VARS['highlight']) ) { + $highlight_match = array(); + $highlight_replace = array(); + // // Split words and phrases // @@ -523,8 +548,8 @@ if( isset($HTTP_GET_VARS['highlight']) ) { if( trim($words[$i]) != "" ) { - $highlight_match[] = "#\b(" . str_replace("\*", ".*?", preg_quote($words[$i], "#")) . ")\b#i"; - $highlight_replace[] = "\\1"; + $highlight_match[] = "#\b(" . str_replace("\*", ".*?", preg_quote($words[$i], "#")) . ")(?!.*?<\/a>)(?!.*?\[/url\])\b#i"; + $highlight_replace[] = "\\1"; } } @@ -726,13 +751,13 @@ for($i = 0; $i < $total_posts; $i++) switch( $postrow[$i]['user_avatar_type'] ) { case USER_AVATAR_UPLOAD: - $poster_avatar = ( $board_config['avatar_upload_db'] ) ? "\"\"" : "\"\""; + $poster_avatar = ( $board_config['avatar_upload_db'] ) ? "\"\"" : "\"\""; break; case USER_AVATAR_REMOTE: - $poster_avatar = "\"\""; + $poster_avatar = "\"\""; break; case USER_AVATAR_GALLERY: - $poster_avatar = "\"\""; + $poster_avatar = "\"\""; break; } } @@ -746,11 +771,11 @@ for($i = 0; $i < $total_posts; $i++) // if( $postrow[$i]['post_time'] > $userdata['session_last_visit'] && $postrow[$i]['post_time'] > $topic_last_read ) { - $mini_post_img = '' . $lang['New_post'] . ''; + $mini_post_img = '' . $lang['New_post'] . ''; } else { - $mini_post_img = '' . $lang['Post'] . ''; + $mini_post_img = '' . $lang['Post'] . ''; } // @@ -775,10 +800,10 @@ for($i = 0; $i < $total_posts; $i++) { for($j = 0; $j < count($ranksrow); $j++) { - if($postrow[$i]['user_rank'] == $ranksrow[$j]['rank_id'] && $ranksrow[$j]['rank_special']) + if( $postrow[$i]['user_rank'] == $ranksrow[$j]['rank_id'] && $ranksrow[$j]['rank_special'] ) { $poster_rank = $ranksrow[$j]['rank_title']; - $rank_image = ($ranksrow[$j]['rank_image']) ? "
" : ""; + $rank_image = ($ranksrow[$j]['rank_image']) ? "\"\"
" : ""; } } } @@ -786,10 +811,10 @@ for($i = 0; $i < $total_posts; $i++) { for($j = 0; $j < count($ranksrow); $j++) { - if($postrow[$i]['user_posts'] >= $ranksrow[$j]['rank_min'] && $postrow[$i]['user_posts'] < $ranksrow[$j]['rank_max'] && !$ranksrow[$j]['rank_special']) + if( $postrow[$i]['user_posts'] >= $ranksrow[$j]['rank_min'] && !$ranksrow[$j]['rank_special'] ) { $poster_rank = $ranksrow[$j]['rank_title']; - $rank_image = ($ranksrow[$j]['rank_image']) ? "
" : ""; + $rank_image = ($ranksrow[$j]['rank_image']) ? "\"\"
" : ""; } } } @@ -805,22 +830,22 @@ for($i = 0; $i < $total_posts; $i++) if($poster_id != ANONYMOUS) { - $profile_img = "\"""; + $profile_img = "\"""; - $pm_img = "\"""; + $pm_img = "\"""; if( !empty($postrow[$i]['user_viewemail']) ) { $email_uri = ( $board_config['board_email_form'] ) ? append_sid("profile.$phpEx?mode=email&" . POST_USERS_URL ."=" . $poster_id) : "mailto:" . $postrow[$i]['user_email']; - $email_img = "\"""; + $email_img = "\"""; } else { $email_img = ""; } - $www_img = ($postrow[$i]['user_website']) ? "\""" : ""; + $www_img = ($postrow[$i]['user_website']) ? "\""" : ""; if( !empty($postrow[$i]['user_icq']) ) { @@ -833,12 +858,12 @@ for($i = 0; $i < $total_posts; $i++) // if( $theme['template_name'] == "subSilver" ) { - $icq_add_img = '
' . $icq_status_img . '' . $lang['ICQ'] . '
'; + $icq_add_img = '
' . $icq_status_img . '' . $lang['ICQ'] . '
'; $icq_status_img = ""; } else { - $icq_add_img = "\"""; + $icq_add_img = "\"""; } } else @@ -847,11 +872,11 @@ for($i = 0; $i < $total_posts; $i++) $icq_add_img = ""; } - $aim_img = ($postrow[$i]['user_aim']) ? "\""" : ""; + $aim_img = ($postrow[$i]['user_aim']) ? "\""" : ""; - $msn_img = ($postrow[$i]['user_msnm']) ? "\""" : ""; + $msn_img = ($postrow[$i]['user_msnm']) ? "\""" : ""; - $yim_img = ($postrow[$i]['user_yim']) ? "\""" : ""; + $yim_img = ($postrow[$i]['user_yim']) ? "\""" : ""; } else { @@ -866,13 +891,13 @@ for($i = 0; $i < $total_posts; $i++) $yim_img = ""; } - $quote_img = "\"""; + $quote_img = "\"""; $search_img = ""; if( ( $userdata['user_id'] == $poster_id && $is_auth['auth_edit'] ) || $is_auth['auth_mod'] ) { - $edit_img = "\"""; + $edit_img = "\"""; } else { @@ -881,9 +906,9 @@ for($i = 0; $i < $total_posts; $i++) if( $is_auth['auth_mod'] ) { - $ip_img = "\"""; + $ip_img = "\"""; - $delpost_img = "\"""; + $delpost_img = "\"""; } else { @@ -891,7 +916,7 @@ for($i = 0; $i < $total_posts; $i++) if( $userdata['user_id'] == $poster_id && $is_auth['auth_delete'] && $i == $total_replies - 1 ) { - $delpost_img = "\"""; + $delpost_img = "\"""; } else { @@ -907,6 +932,21 @@ for($i = 0; $i < $total_posts; $i++) $user_sig = $postrow[$i]['user_sig']; $user_sig_bbcode_uid = $postrow[$i]['user_sig_bbcode_uid']; + // + // Note! The order used for parsing the message _is_ + // important, moving things around could break any + // output + // + $message = make_clickable($message); + + // + // Highlight active words (primarily for search) + // + if( $highlight_active ) + { + $message = preg_replace($highlight_match, $highlight_replace, $message); + } + // // If the board has HTML off but the post has HTML // on then we process it, else leave it alone @@ -924,39 +964,51 @@ for($i = 0; $i < $total_posts; $i++) } } + // + // Parse signature for BBCode if reqd. + // if( $user_sig != "" && $postrow[$i]['enable_sig'] && $user_sig_bbcode_uid != "" ) { $user_sig = ( $board_config['allow_bbcode'] ) ? bbencode_second_pass($user_sig, $user_sig_bbcode_uid) : preg_replace("/\:[0-9a-z\:]+\]/si", "]", $user_sig); } + // + // Parse message for BBCode if reqd + // if( $bbcode_uid != "" ) { $message = ( $board_config['allow_bbcode'] ) ? bbencode_second_pass($message, $bbcode_uid) : preg_replace("/\:[0-9a-z\:]+\]/si", "]", $message); } - if( $highlight_active ) - { - $message = preg_replace($highlight_match, $highlight_replace, $message); - } - - $message = make_clickable($message); - + // + // Append signature + // if( $postrow[$i]['enable_sig'] && $user_sig != "" ) { $message .= "

_________________
" . make_clickable($user_sig); } + // + // Replace naughty words + // if( count($orig_word) ) { $post_subject = preg_replace($orig_word, $replacement_word, $post_subject); $message = preg_replace($orig_word, $replacement_word, $message); } + // + // Parse smilies + // if( $board_config['allow_smilies'] && $postrow[$i]['enable_smilies'] ) { $message = smilies_pass($message); } + // + // Replace newlines (we use this rather than nl2br because + // till recently it wasn't XHTML compliant) + // $message = str_replace("\n", "
", $message); // @@ -1032,19 +1084,19 @@ if( $is_auth['auth_mod'] ) { $s_auth_can .= sprintf($lang['Rules_moderate'], "", ""); - $topic_mod = "\"" "; + $topic_mod = "\"" "; - $topic_mod .= "\"" "; + $topic_mod .= "\"" "; if($forum_row['topic_status'] == TOPIC_UNLOCKED) { - $topic_mod .= "\"" "; + $topic_mod .= "\"" "; } else { - $topic_mod .= "\"" "; + $topic_mod .= "\"" "; } - $topic_mod .= "\"" "; + $topic_mod .= "\"" "; } // @@ -1055,12 +1107,12 @@ if( $can_watch_topic ) if( $is_watching_topic ) { $s_watching_topic = "" . $lang['Stop_watching_topic'] . ""; - $s_watching_topic_img = "\"""; + $s_watching_topic_img = "\"""; } else { $s_watching_topic = "" . $lang['Start_watching_topic'] . ""; - $s_watching_topic_img = "\"""; + $s_watching_topic_img = "\"""; } } else