makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-07-25 19:38:53 +00:00
Code Issues Projects Releases Packages Wiki Activity

Updates to overcome security issue + updates of various functions, initial version of profile registration include ... not completed but should be functional for obvious reasons(!)

Browse source 
git-svn-id: file:///svn/phpbb/trunk@2304 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Paul S. Owen 2002-03-18 13:35:23 +00:00
parent 21ab952fe2
commit 502e4aceea
25 changed files with 1199 additions and 409 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
phpBB/includes/auth.php
View file

@ -20,6 +20,11 @@
*
***************************************************************************/
if ( !defined('IN_PHPBB') )
{
die("Hacking attempt");
}
/*
$type's accepted (pre-pend with AUTH_):
VIEW, READ, POST, REPLY, EDIT, DELETE, STICKY, ANNOUNCE, VOTE, VOTECREATE,

30
phpBB/includes/bbcode.php
View file

@ -19,6 +19,11 @@
*
***************************************************************************/
if ( !defined('IN_PHPBB') )
{
die("Hacking attempt");
}
define("BBCODE_UID_LEN", 10);
// global that holds loaded-and-prepared bbcode templates, so we only have to do
@ -536,9 +541,6 @@ function bbencode_second_pass_code($text, $uid, $bbcode_tpl)
{
global $lang;
$html_entities_match = array("#<#", "#>#");
$html_entities_replace = array("&lt;", "&gt;");
$code_start_html = $bbcode_tpl['code_open'];
$code_end_html = $bbcode_tpl['code_close'];
@ -550,8 +552,6 @@ function bbencode_second_pass_code($text, $uid, $bbcode_tpl)
{
$before_replace = $matches[1][$i];
$after_replace = $matches[1][$i];
$after_replace = preg_replace($html_entities_match, $html_entities_replace, $after_replace);
// Replace 2 spaces with "&nbsp; " so non-tabbed code indents without making huge long lines.
$after_replace = str_replace(" ", "&nbsp; ", $after_replace);
@ -764,4 +764,22 @@ function smiley_sort($a, $b)
return ( strlen($a['code']) > strlen($b['code']) ) ? -1 : 1;
}
?>
//
// this does exactly what preg_quote() does in PHP 4-ish:
// http://www.php.net/manual/en/function.preg-quote.php
//
// This function is here because the 2nd paramter to preg_quote was added in some
// version of php 4.0.x.. So we use this in order to maintain compatibility with
// earlier versions of PHP.
//
// If you just need the 1-parameter preg_quote call, then don't bother using this.
//
function phpbb_preg_quote($str, $delimiter)
{
$text = preg_quote($str);
$text = str_replace($delimiter, "\\" . $delimiter, $text);
return $text;
}
?>

5
phpBB/includes/constants.php
View file

@ -20,6 +20,11 @@
*
***************************************************************************/
if ( !defined('IN_PHPBB') )
{
die("Hacking attempt");
}
// Debug Level
define('DEBUG', 1); // Debugging on
//define('DEBUG', 0); // Debugging off

5
phpBB/includes/db.php
View file

@ -20,6 +20,11 @@
*
***************************************************************************/
if ( !defined('IN_PHPBB') )
{
die("Hacking attempt");
}
switch($dbms)
{
case 'mysql':

5
phpBB/includes/emailer.php
View file

@ -19,6 +19,11 @@
*
***************************************************************************/
if ( !defined('IN_PHPBB') )
{
die("Hacking attempt");
}
//
// The emailer class has support for attaching files, that isn't implemented
// in the 2.0 release but we can probable find some way of using it in a future

477
phpBB/includes/functions.php
View file

@ -21,11 +21,16 @@
*
***************************************************************************/
if ( !defined('IN_PHPBB') )
{
die("Hacking attempt");
}
function get_db_stat($mode)
{
global $db;
switch($mode)
switch( $mode )
{
case 'usercount':
$sql = "SELECT COUNT(user_id) AS total
@ -50,7 +55,7 @@ function get_db_stat($mode)
if ( !($result = $db->sql_query($sql)) )
{
return 'ERROR';
return false;
}
$row = $db->sql_fetchrow($result);
@ -71,7 +76,7 @@ function get_db_stat($mode)
break;
}
return 'ERROR';
return false;
}
function get_userdata($user)
@ -84,7 +89,7 @@ function get_userdata($user)
$sql .= ( ( is_integer($user) ) ? "user_id = $user" : "username = '" . str_replace("\'", "''", $user) . "'" ) . " AND user_id <> " . ANONYMOUS;
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, "Tried obtaining data for a non-existent user", "", __LINE__, __FILE__, $sql);
message_die(GENERAL_ERROR, 'Tried obtaining data for a non-existent user', '', __LINE__, __FILE__, $sql);
}
return ( $row = $db->sql_fetchrow($result) ) ? $row : false;
@ -117,7 +122,7 @@ function make_jumpbox($match_forum_id = 0)
ORDER BY cat_id, forum_order";
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, "Couldn't obtain forums information.", "", __LINE__, __FILE__, $sql);
message_die(GENERAL_ERROR, 'Could not obtain forums information', '', __LINE__, __FILE__, $sql);
}
$boxstring = '<select name="' . POST_FORUM_URL . '" onChange="if(this.options[this.selectedIndex].value != -1){ forms[\'jumpbox\'].submit() }"><option value="-1">' . $lang['Select_forum'] . '</option>';
@ -132,7 +137,7 @@ function make_jumpbox($match_forum_id = 0)
{
for($i = 0; $i < $total_categories; $i++)
{
$boxstring_forums = "";
$boxstring_forums = '';
for($j = 0; $j < $total_forums; $j++)
{
if ( $forum_rows[$j]['cat_id'] == $category_rows[$i]['cat_id'] && $forum_rows[$j]['auth_view'] <= AUTH_REG )
@ -152,7 +157,7 @@ function make_jumpbox($match_forum_id = 0)
}
}
if ( $boxstring_forums != "" )
if ( $boxstring_forums != '' )
{
$boxstring .= '<option value="-1">&nbsp;</option>';
$boxstring .= '<option value="-1">' . $category_rows[$i]['cat_title'] . '</option>';
@ -177,37 +182,6 @@ function make_jumpbox($match_forum_id = 0)
return $boxstring;
}
//
// Simple version of jumpbox, just lists authed forums
//
function make_forum_select($box_name, $ignore_forum = false)
{
global $db, $userdata;
$is_auth_ary = auth(AUTH_READ, AUTH_LIST_ALL, $userdata);
$sql = "SELECT forum_id, forum_name
FROM " . FORUMS_TABLE . "
ORDER BY cat_id, forum_order";
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, "Couldn't obtain forums information.", "", __LINE__, __FILE__, $sql);
}
$forum_list = '';
while( $row = $db->sql_fetchrow($result) )
{
if ( $is_auth_ary[$row['forum_id']]['auth_read'] && $ignore_forum != $row['forum_id'] )
{
$forum_list .= '<option value="' . $row['forum_id'] . '">' . $row['forum_name'] . '</option>';
}
}
$forum_list = ( $forum_list == "" ) ? '<option value="-1">-- ! No Forums ! --</option>' : '<select name="' . $box_name . '">' . $forum_list . '</select>';
return $forum_list;
}
//
// Initialise user settings on page load
function init_userprefs($userdata)
@ -232,19 +206,28 @@ function init_userprefs($userdata)
$board_config['board_timezone'] = $userdata['user_timezone'];
}
}
/*switch( getenv('HTTP_ACCEPT_LANGUAGE') )
{
case 'en-gb':
$board_config['default_lang'] = 'english';
break;
case 'fr':
$board_config['default_lang'] = 'french';
break;
}*/
if ( !file_exists($phpbb_root_path . "language/lang_" . $board_config['default_lang'] . "/lang_main.".$phpEx) )
if ( !file_exists($phpbb_root_path . 'language/lang_' . $board_config['default_lang'] . '/lang_main.'.$phpEx) )
{
$board_config['default_lang'] = "english";
$board_config['default_lang'] = 'english';
}
include($phpbb_root_path . 'language/lang_' . $board_config['default_lang'] . '/lang_main.' . $phpEx);
if ( defined("IN_ADMIN") )
if ( defined('IN_ADMIN') )
{
if( !file_exists($phpbb_root_path . "language/lang_" . $board_config['default_lang'] . "/lang_admin.".$phpEx) )
if( !file_exists($phpbb_root_path . 'language/lang_' . $board_config['default_lang'] . '/lang_admin.'.$phpEx) )
{
$board_config['default_lang'] = "english";
$board_config['default_lang'] = 'english';
}
include($phpbb_root_path . 'language/lang_' . $board_config['default_lang'] . '/lang_admin.' . $phpEx);
@ -278,12 +261,12 @@ function setup_style($style)
WHERE themes_id = $style";
if ( !($result = $db->sql_query($sql)) )
{
message_die(CRITICAL_ERROR, "Couldn't query database for theme info.");
message_die(CRITICAL_ERROR, 'Could not query database for theme info');
}
if ( !($row = $db->sql_fetchrow($result)) )
{
message_die(CRITICAL_ERROR, "Couldn't get theme data for themes_id=$style.");
message_die(CRITICAL_ERROR, "Could not get theme data for themes_id [$style]");
}
$template_path = 'templates/' ;
@ -296,16 +279,19 @@ function setup_style($style)
$current_template_path = $template_path . $template_name;
@include($phpbb_root_path . $template_path . $template_name . '/' . $template_name . '.cfg');
if ( !defined("TEMPLATE_CONFIG") )
if ( !defined('TEMPLATE_CONFIG') )
{
message_die(CRITICAL_ERROR, "Couldn't open $template_name template config file");
message_die(CRITICAL_ERROR, "Could not open $template_name template config file", '', __LINE__, __FILE__);
}
$img_lang = ( file_exists($current_template_path . '/images/lang_' . $board_config['default_lang']) ) ? $board_config['default_lang'] : 'english';
while( list($key, $value) = @each($images) )
{
$images[$key] = str_replace("{LANG}", 'lang_' . $img_lang, $value);
if ( !is_array($value) )
{
$images[$key] = str_replace('{LANG}', 'lang_' . $img_lang, $value);
}
}
}
@ -314,14 +300,14 @@ function setup_style($style)
function encode_ip($dotquad_ip)
{
$ip_sep = explode(".", $dotquad_ip);
return sprintf("%02x%02x%02x%02x", $ip_sep[0], $ip_sep[1], $ip_sep[2], $ip_sep[3]);
$ip_sep = explode('.', $dotquad_ip);
return sprintf('%02x%02x%02x%02x', $ip_sep[0], $ip_sep[1], $ip_sep[2], $ip_sep[3]);
}
function decode_ip($int_ip)
{
$hexipbang = explode(".",chunk_split($int_ip, 2, "."));
return hexdec($hexipbang[0]).".".hexdec($hexipbang[1]).".".hexdec($hexipbang[2]).".".hexdec($hexipbang[3]);
$hexipbang = explode('.',chunk_split($int_ip, 2, '.'));
return hexdec($hexipbang[0]).'.'.hexdec($hexipbang[1]).'.'.hexdec($hexipbang[2]).'.'.hexdec($hexipbang[3]);
}
//
@ -330,19 +316,18 @@ function decode_ip($int_ip)
function create_date($format, $gmepoch, $tz)
{
global $board_config, $lang;
static $translate;
$result = @gmdate($format, $gmepoch + (3600 * $tz));
if ( $board_config['default_lang'] != 'english' )
if ( empty($translate) && $board_config['default_lang'] != 'english' )
{
@reset($lang['datetime']);
while ( list($match, $replace) = @each($lang['datetime']) )
{
$result = str_replace($match, $replace, $result);
$translate[$match] = $replace;
}
}
return $result;
return ( !empty($translate) ) ? strtr(@gmdate($format, $gmepoch + (3600 * $tz)), $translate) : @gmdate($format, $gmepoch + (3600 * $tz));
}
//
@ -362,7 +347,7 @@ function generate_pagination($base_url, $num_items, $per_page, $start_item, $add
$on_page = floor($start_item / $per_page) + 1;
$page_string = "";
$page_string = '';
if ( $total_pages > 10 )
{
$init_page_max = ( $total_pages > 3 ) ? 3 : $total_pages;
@ -442,274 +427,6 @@ function generate_pagination($base_url, $num_items, $per_page, $start_item, $add
return $page_string;
}
//
// Check to see if the username has been taken, or if it is disallowed.
// Also checks if it includes the " character, which we don't allow in usernames.
// Used for registering, changing names, and posting anonymously with a username
//
function validate_username($username)
{
global $db, $lang, $userdata;
$username = str_replace("\'", "''", $username);
$sql = "SELECT username
FROM " . USERS_TABLE . "
WHERE LOWER(username) = '" . strtolower($username) . "'";
if ( $result = $db->sql_query($sql) )
{
if ( $row = $db->sql_fetchrow($result) )
{
if ( ( $userdata['session_logged_in'] && $row['username'] != $userdata['username'] ) || !$userdata['session_logged_in'] )
{
return array('error' => true, 'error_msg' => $lang['Username_taken']);
}
}
}
$sql = "SELECT group_name
FROM " . GROUPS_TABLE . "
WHERE LOWER(group_name) = '" . strtolower($username) . "'";
if ( $result = $db->sql_query($sql) )
{
if ( $row = $db->sql_fetchrow($result) )
{
return array('error' => true, 'error_msg' => $lang['Username_taken']);
}
}
$sql = "SELECT disallow_username
FROM " . DISALLOW_TABLE . "
WHERE disallow_username LIKE '$username'";
if ( $result = $db->sql_query($sql) )
{
if ( $db->sql_fetchrow($result) )
{
return array('error' => true, 'error_msg' => $lang['Username_disallowed']);
}
}
$sql = "SELECT word
FROM " . WORDS_TABLE;
if ( $result = $db->sql_query($sql) )
{
while( $row = $db->sql_fetchrow($result) )
{
if ( preg_match("/\b(" . str_replace("\*", "\w*?", preg_quote($row['word'])) . ")\b/i", $username) )
{
return array('error' => true, 'error_msg' => $lang['Username_disallowed']);
}
}
}
// Don't allow " in username.
if ( strstr($username, '"') )
{
return array('error' => true, 'error_msg' => $lang['Username_invalid']);
}
return array('error' => false, 'error_msg' => '');
}
//
// Synchronise functions for forums/topics
//
function sync($type, $id)
{
global $db;
switch($type)
{
case 'all forums':
$sql = "SELECT forum_id
FROM " . FORUMS_TABLE;
if ( !$result = $db->sql_query($sql) )
{
message_die(GENERAL_ERROR, "Could not get forum IDs", "Error", __LINE__, __FILE__, $sql);
}
while( $row = $db->sql_fetchrow($result) )
{
sync("forum", $row['forum_id']);
}
break;
case 'all topics':
$sql = "SELECT topic_id
FROM " . TOPICS_TABLE;
if ( !$result = $db->sql_query($sql) )
{
message_die(GENERAL_ERROR, "Could not get topic ID's", "Error", __LINE__, __FILE__, $sql);
}
while( $row = $db->sql_fetchrow($result) )
{
sync("topic", $row['topic_id']);
}
break;
case 'forum':
$sql = "SELECT MAX(post_id) AS last_post, COUNT(post_id) AS total
FROM " . POSTS_TABLE . "
WHERE forum_id = $id";
if ( !$result = $db->sql_query($sql) )
{
message_die(GENERAL_ERROR, "Could not get post ID", "Error", __LINE__, __FILE__, $sql);
}
if ( $row = $db->sql_fetchrow($result) )
{
$last_post = ($row['last_post']) ? $row['last_post'] : 0;
$total_posts = ($row['total']) ? $row['total'] : 0;
}
else
{
$last_post = 0;
$total_posts = 0;
}
$sql = "SELECT COUNT(topic_id) AS total
FROM " . TOPICS_TABLE . "
WHERE forum_id = $id
AND topic_status <> " . TOPIC_MOVED;
if ( !$result = $db->sql_query($sql) )
{
message_die(GENERAL_ERROR, "Could not get topic count", "Error", __LINE__, __FILE__, $sql);
}
if ( $row = $db->sql_fetchrow($result) )
{
$total_topics = ($row['total']) ? $row['total'] : 0;
}
else
{
$total_topics = 0;
}
$sql = "UPDATE " . FORUMS_TABLE . "
SET forum_last_post_id = $last_post, forum_posts = $total_posts, forum_topics = $total_topics
WHERE forum_id = $id";
if ( !$result = $db->sql_query($sql) )
{
message_die(GENERAL_ERROR, "Could not update forum $id", "Error", __LINE__, __FILE__, $sql);
}
break;
case 'topic':
$sql = "SELECT MAX(post_id) AS last_post, MIN(post_id) AS first_post, COUNT(post_id) AS total_posts
FROM " . POSTS_TABLE . "
WHERE topic_id = $id";
if ( !$result = $db->sql_query($sql) )
{
message_die(GENERAL_ERROR, "Could not get post ID", "Error", __LINE__, __FILE__, $sql);
}
if ( $row = $db->sql_fetchrow($result) )
{
$sql = "UPDATE " . TOPICS_TABLE . "
SET topic_replies = " . ( $row['total_posts'] - 1 ) . ", topic_first_post_id = " . $row['first_post'] . ", topic_last_post_id = " . $row['last_post'] . "
WHERE topic_id = $id";
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, "Could not update topic $id", "Error", __LINE__, __FILE__, $sql);
}
}
break;
}
return true;
}
//
// Pick a language, any language ...
//
function language_select($default, $select_name = "language", $dirname="language")
{
global $phpEx;
$dir = opendir($dirname);
$lang = array();
while ( $file = readdir($dir) )
{
if ( ereg("^lang_", $file) && !is_file($dirname . "/" . $file) && !is_link($dirname . "/" . $file) )
{
$filename = trim(str_replace("lang_", "", $file));
$displayname = preg_replace("/^(.*?)_(.*)$/", "\\1 [ \\2 ]", $filename);
$displayname = preg_replace("/\[(.*?)_(.*)\]/", "[ \\1 - \\2 ]", $displayname);
$lang[$displayname] = $filename;
}
}
closedir($dir);
@asort($lang);
@reset($lang);
$lang_select = '<select name="' . $select_name . '">';
while ( list($displayname, $filename) = @each($lang) )
{
$selected = ( strtolower($default) == strtolower($filename) ) ? ' selected="selected"' : '';
$lang_select .= '<option value="' . $filename . '"' . $selected . '>' . ucwords($displayname) . '</option>';
}
$lang_select .= '</select>';
return $lang_select;
}
//
// Pick a template/theme combo,
//
function style_select($default_style, $select_name = "style", $dirname = "templates")
{
global $db;
$sql = "SELECT themes_id, style_name
FROM " . THEMES_TABLE . "
ORDER BY template_name, themes_id";
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, "Couldn't query themes table", "", __LINE__, __FILE__, $sql);
}
$style_select = '<select name="' . $select_name . '">';
while ( $row = $db->sql_fetchrow($result) )
{
$selected = ( $row['themes_id'] == $default_style ) ? ' selected="selected"' : '';
$style_select .= '<option value="' . $row['themes_id'] . '"' . $selected . '>' . $row['style_name'] . '</option>';
}
$style_select .= "</select>";
return $style_select;
}
//
// Pick a timezone
//
function tz_select($default, $select_name = 'timezone')
{
global $sys_timezone, $lang;
if ( !isset($default) )
{
$default == $sys_timezone;
}
$tz_select = '<select name="' . $select_name . '">';
while( list($offset, $zone) = @each($lang['tz']) )
{
$selected = ( $offset == $default ) ? ' selected="selected"' : '';
$tz_select .= '<option value="' . $offset . '"' . $selected . '>' . $zone . '</option>';
}
$tz_select .= '</select>';
return $tz_select;
}
//
// Obtain list of naughty words and build preg style replacement arrays for use by the
// calling script, note that the vars are passed as references this just makes it easier
@ -726,14 +443,14 @@ function obtain_word_list(&$orig_word, &$replacement_word)
FROM " . WORDS_TABLE;
if( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, "Couldn't get censored words from database.", "", __LINE__, __FILE__, $sql);
message_die(GENERAL_ERROR, 'Could not get censored words from database', '', __LINE__, __FILE__, $sql);
}
if ( $row = $db->sql_fetchrow($result) )
{
do
{
$orig_word[] = "#\b(" . str_replace("\*", "\w*?", preg_quote($row['word'])) . ")\b#is";
$orig_word[] = '#\W(' . str_replace('\*', '\w*?', preg_quote($row['word'])) . ')\W#is';
$replacement_word[] = $row['replacement'];
}
while ( $row = $db->sql_fetchrow($result) );
@ -743,31 +460,25 @@ function obtain_word_list(&$orig_word, &$replacement_word)
}
//
// This function gets called to output any message or error
// that doesn't require additional output from the calling
// page.
// This is general replacement for die(), allows templated
// output in users (or default) language, etc.
//
// $msg_code takes one of four constant values:
// $msg_code can be one of these constants:
//
// GENERAL_MESSAGE -> Use for any simple text message, eg.
// results of an operation, authorisation failures, etc.
// GENERAL_MESSAGE : Use for any simple text message, eg. results
// of an operation, authorisation failures, etc.
//
// GENERAL ERROR -> Use for any error which occurs _AFTER_
// the common.php include and session code, ie. most errors
// in pages/functions
// GENERAL ERROR : Use for any error which occurs _AFTER_ the
// common.php include and session code, ie. most errors in
// pages/functions
//
// CRITICAL_MESSAGE -> Only currently used to announce a user
// has been banned, can be used where session results cannot
// be relied upon to exist but we can and do assume that basic
// board configuration data is available
// CRITICAL_MESSAGE : Used when basic config data is available but
// a session may not exist, eg. banned users
//
// CRITICAL_ERROR -> Used whenever a DB connection cannot be
// guaranteed and/or we've been unable to obtain basic board
// configuration data. Shouldn't be used in general
// pages/functions (it results in a simple echo'd statement,
// no templates are used)
// CRITICAL_ERROR : Used when config data cannot be obtained, eg
// no database connection. Should _not_ be used in 99.5% of cases
//
function message_die($msg_code, $msg_text = "", $msg_title = "", $err_line = "", $err_file = "", $sql = "")
function message_die($msg_code, $msg_text = '', $msg_title = '', $err_line = '', $err_file = '', $sql = '')
{
global $db, $template, $board_config, $theme, $lang, $phpEx, $phpbb_root_path, $nav_links;
global $userdata, $user_ip, $session_length;
@ -783,34 +494,34 @@ function message_die($msg_code, $msg_text = "", $msg_title = "", $err_line = "",
{
$sql_error = $db->sql_error();
$debug_text = "";
$debug_text = '';
if ( $sql_error['message'] != "" )
if ( $sql_error['message'] != '' )
{
$debug_text .= "<br /><br />SQL Error : " . $sql_error['code'] . " " . $sql_error['message'];
$debug_text .= '<br /><br />SQL Error : ' . $sql_error['code'] . ' ' . $sql_error['message'];
}
if ( $sql_store != "" )
if ( $sql_store != '' )
{
$debug_text .= "<br /><br />$sql_store";
}
if ( $err_line != "" && $err_file != "" )
if ( $err_line != '' && $err_file != '' )
{
$debug_text .= "</br /><br />Line : " . $err_line . "<br />File : " . $err_file;
$debug_text .= '</br /><br />Line : ' . $err_line . '<br />File : ' . $err_file;
}
}
if( empty($userdata) && ( $msg_code == GENERAL_MESSAGE || $msg_code == GENERAL_ERROR ) )
{
$userdata = session_pagestart($user_ip, PAGE_INDEX, $session_length);
$userdata = session_pagestart($user_ip, PAGE_INDEX);
init_userprefs($userdata);
}
//
// If the header hasn't been output then do it
//
if ( !defined("HEADER_INC") && $msg_code != CRITICAL_ERROR )
if ( !defined('HEADER_INC') && $msg_code != CRITICAL_ERROR )
{
if ( empty($lang) )
{
@ -826,7 +537,7 @@ function message_die($msg_code, $msg_text = "", $msg_title = "", $err_line = "",
if ( empty($template) )
{
$template = new Template($phpbb_root_path . "templates/" . $board_config['board_template']);
$template = new Template($phpbb_root_path . 'templates/' . $board_config['board_template']);
}
if ( empty($theme) )
{
@ -836,7 +547,7 @@ function message_die($msg_code, $msg_text = "", $msg_title = "", $err_line = "",
//
// Load the Page Header
//
if ( !defined("IN_ADMIN") )
if ( !defined('IN_ADMIN') )
{
include($phpbb_root_path . 'includes/page_header.'.$phpEx);
}
@ -849,26 +560,26 @@ function message_die($msg_code, $msg_text = "", $msg_title = "", $err_line = "",
switch($msg_code)
{
case GENERAL_MESSAGE:
if ( $msg_title == "" )
if ( $msg_title == '' )
{
$msg_title = $lang['Information'];
}
break;
case CRITICAL_MESSAGE:
if ( $msg_title == "" )
if ( $msg_title == '' )
{
$msg_title = $lang['Critical_Information'];
}
break;
case GENERAL_ERROR:
if ( $msg_text == "" )
if ( $msg_text == '' )
{
$msg_text = $lang['An_error_occured'];
}
if ( $msg_title == "" )
if ( $msg_title == '' )
{
$msg_title = $lang['General_Error'];
}
@ -880,14 +591,14 @@ function message_die($msg_code, $msg_text = "", $msg_title = "", $err_line = "",
//
include($phpbb_root_path . 'language/lang_english/lang_main.'.$phpEx);
if ( $msg_text == "" )
if ( $msg_text == '' )
{
$msg_text = $lang['A_critical_error'];
}
if ( $msg_title == "" )
if ( $msg_title == '' )
{
$msg_title = "phpBB : <b>" . $lang['Critical_Error'] . "</b>";
$msg_title = 'phpBB : <b>' . $lang['Critical_Error'] . '</b>';
}
break;
}
@ -899,9 +610,9 @@ function message_die($msg_code, $msg_text = "", $msg_title = "", $err_line = "",
//
if ( DEBUG && ( $msg_code == GENERAL_ERROR || $msg_code == CRITICAL_ERROR ) )
{
if ( $debug_text != "" )
if ( $debug_text != '' )
{
$msg_text = $msg_text . "<br /><br /><b><u>DEBUG MODE</u></b>" . $debug_text;
$msg_text = $msg_text . '<br /><br /><b><u>DEBUG MODE</u></b>' . $debug_text;
}
}
@ -912,26 +623,26 @@ function message_die($msg_code, $msg_text = "", $msg_title = "", $err_line = "",
$msg_text = $lang[$msg_text];
}
if ( !defined("IN_ADMIN") )
if ( !defined('IN_ADMIN') )
{
$template->set_filenames(array(
"message_body" => "message_body.tpl")
'message_body' => 'message_body.tpl')
);
}
else
{
$template->set_filenames(array(
"message_body" => "admin/admin_message_body.tpl")
'message_body' => 'admin/admin_message_body.tpl')
);
}
$template->assign_vars(array(
"MESSAGE_TITLE" => $msg_title,
"MESSAGE_TEXT" => $msg_text)
'MESSAGE_TITLE' => $msg_title,
'MESSAGE_TEXT' => $msg_text)
);
$template->pparse("message_body");
$template->pparse('message_body');
if ( !defined("IN_ADMIN") )
if ( !defined('IN_ADMIN') )
{
include($phpbb_root_path . 'includes/page_tail.'.$phpEx);
}
@ -948,22 +659,4 @@ function message_die($msg_code, $msg_text = "", $msg_title = "", $err_line = "",
exit;
}
//
// this does exactly what preg_quote() does in PHP 4-ish:
// http://www.php.net/manual/en/function.preg-quote.php
//
// This function is here because the 2nd paramter to preg_quote was added in some
// version of php 4.0.x.. So we use this in order to maintain compatibility with
// earlier versions of PHP.
//
// If you just need the 1-parameter preg_quote call, then don't bother using this.
//
function phpbb_preg_quote($str, $delimiter)
{
$text = preg_quote($str);
$text = str_replace($delimiter, "\\" . $delimiter, $text);
return $text;
}
?>
?>

4
phpBB/includes/functions_admin.php
View file

@ -21,6 +21,10 @@
*
***************************************************************************/
if ( !defined('IN_PHPBB') )
{
die("Hacking attempt");
}
//
// Simple version of jumpbox, just lists authed forums

20
phpBB/includes/functions_post.php
View file

@ -20,6 +20,11 @@
*
***************************************************************************/
if ( !defined('IN_PHPBB') )
{
die("Hacking attempt");
}
$html_entities_match = array('#&#', '#<#', '#>#');
$html_entities_replace = array('&amp;', '&lt;', '&gt;');
@ -254,7 +259,7 @@ function submit_post($mode, &$post_data, &$message, &$meta, &$forum_id, &$topic_
}
else if ( $mode == 'editpost' )
{
$result = remove_search_post($post_id);
remove_search_post($post_id);
}
if ( $mode == 'newtopic' || ( $mode == 'editpost' && $post_data['first_post'] ) )
@ -370,9 +375,9 @@ function submit_post($mode, &$post_data, &$message, &$meta, &$forum_id, &$topic_
//
// Update post stats and details
//
function update_post_stats(&$mode, &$post_data, &$forum_id, &$topic_id, &$post_id)
function update_post_stats(&$mode, &$post_data, &$forum_id, &$topic_id, &$post_id, &$user_id)
{
global $db, $userdata;
global $db;
$sign = ( $mode == 'delete' ) ? "- 1" : "+ 1";
$forum_update_sql = "forum_posts = forum_posts $sign";
@ -388,6 +393,9 @@ function update_post_stats(&$mode, &$post_data, &$forum_id, &$topic_id, &$post_i
}
else
{
$topic_update_sql = "topic_replies = topic_replies - 1";
$sql = "SELECT MAX(post_id) AS post_id
FROM " . POSTS_TABLE . "
WHERE topic_id = $topic_id";
@ -398,7 +406,7 @@ function update_post_stats(&$mode, &$post_data, &$forum_id, &$topic_id, &$post_i
if ( $row = $db->sql_fetchrow($result) )
{
$topic_update_sql = 'topic_last_post_id = ' . $row['post_id'];
$topic_update_sql .= ', topic_last_post_id = ' . $row['post_id'];
}
}
@ -467,7 +475,7 @@ function update_post_stats(&$mode, &$post_data, &$forum_id, &$topic_id, &$post_i
{
$sql = "UPDATE " . USERS_TABLE . "
SET user_posts = user_posts $sign
WHERE user_id = " . $userdata['user_id'];
WHERE user_id = $user_id";
if ( !($result = $db->sql_query($sql, END_TRANSACTION)) )
{
message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql);
@ -558,7 +566,7 @@ function delete_post($mode, &$post_data, &$message, &$meta, &$forum_id, &$topic_
}
}
remove_unmatched_words();
remove_search_post($post_id);
if ( $mode == 'delete' && $post_data['first_post'] && $post_data['last_post'] )
{

5
phpBB/includes/functions_search.php
View file

@ -19,6 +19,11 @@
*
***************************************************************************/
if ( !defined('IN_PHPBB') )
{
die("Hacking attempt");
}
function clean_words($mode, &$entry, &$stopword_list, &$synonym_list)
{
// Weird, $init_match doesn't work with static when double quotes (") are used...

5
phpBB/includes/functions_selects.php
View file

@ -21,6 +21,11 @@
*
***************************************************************************/
if ( !defined('IN_PHPBB') )
{
die("Hacking attempt");
}
//
// Pick a language, any language ...
//

5
phpBB/includes/functions_validate.php
View file

@ -21,6 +21,11 @@
*
***************************************************************************/
if ( !defined('IN_PHPBB') )
{
die("Hacking attempt");
}
//
// Check to see if the username has been taken, or if it is disallowed.
// Also checks if it includes the " character, which we don't allow in usernames.

5
phpBB/includes/page_header.php
View file

@ -20,6 +20,11 @@
*
***************************************************************************/
if ( !defined('IN_PHPBB') )
{
die("Hacking attempt");
}
define('HEADER_INC', TRUE);
//

5
phpBB/includes/page_tail.php
View file

@ -20,6 +20,11 @@
*
***************************************************************************/
if ( !defined('IN_PHPBB') )
{
die("Hacking attempt");
}
//
// Show the overall footer.
//

7
phpBB/includes/prune.php
View file

@ -20,7 +20,12 @@
*
***************************************************************************/
require($phpbb_root_path . 'includes/search.'.$phpEx);
if ( !defined('IN_PHPBB') )
{
die("Hacking attempt");
}
require($phpbb_root_path . 'includes/functions_search.'.$phpEx);
function prune($forum_id, $prune_date)
{

5
phpBB/includes/sessions.php
View file

@ -20,6 +20,11 @@
*
***************************************************************************/
if ( !defined('IN_PHPBB') )
{
die("Hacking attempt");
}
//
// session_begin()
//

5
phpBB/includes/smtp.php
View file

@ -19,6 +19,11 @@
*
***************************************************************************/
if ( !defined('IN_PHPBB') )
{
die("Hacking attempt");
}
define('SMTP_INCLUDED', 1);
//
// This function has been modified as provided

5
phpBB/includes/sql_parse.php
View file

@ -28,6 +28,11 @@
*
\***************************************************************************/
if ( !defined('IN_PHPBB') )
{
die("Hacking attempt");
}
//
// remove_comments will strip the sql comment lines out of an uploaded sql file
// specifically for mssql and postgres type files in the install....

5
phpBB/includes/template.php
View file

@ -20,6 +20,11 @@
*
***************************************************************************/
if ( !defined('IN_PHPBB') )
{
die("Hacking attempt");
}
/**
* Template class. By Nathan Codding of the phpBB group.
* The interface was originally inspired by PHPLib templates,

26
phpBB/includes/topic_review.php
View file

@ -1,4 +1,30 @@
<?php
/***************************************************************************
* topic_review.php
* -------------------
* begin : Saturday, Feb 13, 2001
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
* $Id$
*
*
***************************************************************************/
/***************************************************************************
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
*
***************************************************************************/
if ( !defined('IN_PHPBB') )
{
die("Hacking attempt");
}
// -----------------------
// Page specific functions

2
phpBB/includes/usercp_activate.php
View file

@ -23,7 +23,7 @@
if ( !defined('IN_PROFILE') )
{
header("Location: ../index.$phpEx");
die("Hacking attempt");
exit;
}

6
phpBB/includes/usercp_avatar.php
View file

@ -21,6 +21,12 @@
*
***************************************************************************/
if ( !defined('IN_PROFILE') )
{
die("Hacking attempt");
exit;
}
function check_image_type(&$type, &$error, &$error_msg)
{
global $lang;

2
phpBB/includes/usercp_email.php
View file

@ -23,7 +23,7 @@
if ( !defined('IN_PROFILE') )
{
header("Location: ../index.$phpEx");
die("Hacking attempt");
exit;
}

965
phpBB/includes/usercp_register.php Normal file
View file

@ -0,0 +1,965 @@
<?php
/***************************************************************************
* avatars.php
* -------------------
* begin : Saturday, Feb 13, 2001
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
* $Id$
*
*
***************************************************************************/
/***************************************************************************
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
*
***************************************************************************/
if ( !defined('IN_PROFILE') )
{
die("Hacking attempt");
exit;
}
//
// Load agreement template since user has not yet
// agreed to registration conditions/coppa
//
function show_coppa(&$coppa)
{
global $template, $lang, $phpbb_root_path, $phpEx;
$template->set_filenames(array(
'body' => 'agreement.tpl')
);
$template->assign_vars(array(
'COPPA' => $coppa,
'REGISTRATION' => $lang['Registration'],
'AGREEMENT' => $lang['Reg_agreement'],
"AGREE_OVER_13" => $lang['Agree_over_13'],
"AGREE_UNDER_13" => $lang['Agree_under_13'],
'DO_NOT_AGREE' => $lang['Agree_not'],
"U_AGREE_OVER13" => append_sid("profile.$phpEx?mode=register&amp;agreed=true"),
"U_AGREE_UNDER13" => append_sid("profile.$phpEx?mode=register&amp;agreed=true&amp;coppa=true"))
);
$template->pparse('body');
}
function parse_variables()
{
}
function process_data()
{
}
function show_profile_page()
{
}
//
//
//
$page_title = ( $mode == 'editprofile' ) ? $lang['Edit_profile'] : $lang['Register'];
if ( $mode == 'register' && !isset($HTTP_POST_VARS['agreed']) && !isset($HTTP_GET_VARS['agreed']) )
{
if ( !isset($HTTP_POST_VARS['agreed']) && !isset($HTTP_GET_VARS['agreed']) )
{
include($phpbb_root_path . 'includes/page_header.'.$phpEx);
show_coppa($coppa);
include($phpbb_root_path . 'includes/page_tail.'.$phpEx);
}
}
$coppa = ( ( !$HTTP_POST_VARS['coppa'] && !$HTTP_GET_VARS['coppa'] ) || $mode == 'register' ) ? 0 : TRUE;
if ( isset($HTTP_POST_VARS['submit']) || isset($HTTP_POST_VARS['avatargallery']) || isset($HTTP_POST_VARS['submitavatar']) || isset($HTTP_POST_VARS['cancelavatar']) || $mode == 'register' )
{
include($phpbb_root_path . 'includes/functions_validate.'.$phpEx);
include($phpbb_root_path . 'includes/bbcode.'.$phpEx);
include($phpbb_root_path . 'includes/functions_post.'.$phpEx);
if ( $mode == 'editprofile' )
{
$user_id = intval($HTTP_POST_VARS['user_id']);
$current_email = trim(strip_tags(htmlspecialchars($HTTP_POST_VARS['current_email'])));
}
$strip_var_list = array('username' => 'username', 'email' => 'email', 'icq' => 'icq', 'aim' => 'aim', 'msn' => 'msn', 'yim' => 'yim', 'website' => 'website', 'location' => 'location', 'occupation' => 'occupation', 'interests' => 'interests');
while( list($var, $param) = @each($strip_var_list) )
{
if ( !empty($HTTP_POST_VARS[$param]) )
{
$$var = trim(strip_tags($HTTP_POST_VARS[$param]));
}
}
$trim_var_list = array('password_current' => 'cur_password', 'password' => 'new_password', 'password_confirm' => 'password_confirm', 'signature' => 'signature');
while( list($var, $param) = @each($trim_var_list) )
{
if ( !empty($HTTP_POST_VARS[$param]) )
{
$$var = trim($HTTP_POST_VARS[$param]);
}
}
$username = str_replace('&nbsp;', '', $username);
$email = htmlspecialchars($email);
$signature = str_replace('<br />', '\n', $signature);
// Run some validation on the optional fields. These are pass-by-ref, so they'll be changed to
// empty strings if they fail.
validate_optional_fields($icq, $aim, $msn, $yim, $website, $location, $occupation, $interests, $signature);
$viewemail = ( isset($HTTP_POST_VARS['viewemail']) ) ? ( ($HTTP_POST_VARS['viewemail']) ? TRUE : 0 ) : 0;
$allowviewonline = ( isset($HTTP_POST_VARS['hideonline']) ) ? ( ($HTTP_POST_VARS['hideonline']) ? 0 : TRUE ) : TRUE;
$notifyreply = ( isset($HTTP_POST_VARS['notifyreply']) ) ? ( ($HTTP_POST_VARS['notifyreply']) ? TRUE : 0 ) : 0;
$notifypm = ( isset($HTTP_POST_VARS['notifypm']) ) ? ( ($HTTP_POST_VARS['notifypm']) ? TRUE : 0 ) : TRUE;
$popuppm = ( isset($HTTP_POST_VARS['popup_pm']) ) ? ( ($HTTP_POST_VARS['popup_pm']) ? TRUE : 0 ) : TRUE;
if ( $mode == 'register' )
{
$attachsig = ( isset($HTTP_POST_VARS['attachsig']) ) ? ( ($HTTP_POST_VARS['attachsig']) ? TRUE : 0 ) : $board_config['allow_sig'];
$allowhtml = ( isset($HTTP_POST_VARS['allowhtml']) ) ? ( ($HTTP_POST_VARS['allowhtml']) ? TRUE : 0 ) : $board_config['allow_html'];
$allowbbcode = ( isset($HTTP_POST_VARS['allowbbcode']) ) ? ( ($HTTP_POST_VARS['allowbbcode']) ? TRUE : 0 ) : $board_config['allow_bbcode'];
$allowsmilies = ( isset($HTTP_POST_VARS['allowsmilies']) ) ? ( ($HTTP_POST_VARS['allowsmilies']) ? TRUE : 0 ) : $board_config['allow_smilies'];
}
else
{
$attachsig = ( isset($HTTP_POST_VARS['attachsig']) ) ? ( ($HTTP_POST_VARS['attachsig']) ? TRUE : 0 ) : 0;
$allowhtml = ( isset($HTTP_POST_VARS['allowhtml']) ) ? ( ($HTTP_POST_VARS['allowhtml']) ? TRUE : 0 ) : $userdata['user_allowhtml'];
$allowbbcode = ( isset($HTTP_POST_VARS['allowbbcode']) ) ? ( ($HTTP_POST_VARS['allowbbcode']) ? TRUE : 0 ) : $userdata['user_allowbbcode'];
$allowsmilies = ( isset($HTTP_POST_VARS['allowsmilies']) ) ? ( ($HTTP_POST_VARS['allowsmilies']) ? TRUE : 0 ) : $userdata['user_allowsmiles'];
}
$user_style = ( isset($HTTP_POST_VARS['style']) ) ? intval($HTTP_POST_VARS['style']) : $board_config['default_style'];
$user_lang = ( !empty($HTTP_POST_VARS['language']) ) ? $HTTP_POST_VARS['language'] : $board_config['default_lang'];
$user_timezone = ( isset($HTTP_POST_VARS['timezone']) ) ? doubleval($HTTP_POST_VARS['timezone']) : $board_config['board_timezone'];
$user_dateformat = ( !empty($HTTP_POST_VARS['dateformat']) ) ? trim($HTTP_POST_VARS['dateformat']) : $board_config['default_dateformat'];
$user_avatar_local = ( isset($HTTP_POST_VARS['avatarselect']) && !empty($HTTP_POST_VARS['submitavatar']) && $board_config['allow_avatar_local'] ) ? $HTTP_POST_VARS['avatarselect'] : ( ( isset($HTTP_POST_VARS['avatarlocal']) ) ? $HTTP_POST_VARS['avatarlocal'] : '' );
$user_avatar_remoteurl = ( !empty($HTTP_POST_VARS['avatarremoteurl']) ) ? trim($HTTP_POST_VARS['avatarremoteurl']) : '';
$user_avatar_url = ( !empty($HTTP_POST_VARS['avatarurl']) ) ? trim($HTTP_POST_VARS['avatarurl']) : '';
$user_avatar_loc = ( $HTTP_POST_FILES['avatar']['tmp_name'] != "none") ? $HTTP_POST_FILES['avatar']['tmp_name'] : '';
$user_avatar_name = ( !empty($HTTP_POST_FILES['avatar']['name']) ) ? $HTTP_POST_FILES['avatar']['name'] : '';
$user_avatar_size = ( !empty($HTTP_POST_FILES['avatar']['size']) ) ? $HTTP_POST_FILES['avatar']['size'] : 0;
$user_avatar_filetype = ( !empty($HTTP_POST_FILES['avatar']['type']) ) ? $HTTP_POST_FILES['avatar']['type'] : '';
$user_avatar = ( empty($user_avatar_loc) && $mode == 'editprofile' ) ? $userdata['user_avatar'] : '';
$user_avatar_type = ( empty($user_avatar_loc) && $mode == 'editprofile' ) ? $userdata['user_avatar_type'] : '';
if ( isset($HTTP_POST_VARS['avatargallery']) || isset($HTTP_POST_VARS['submitavatar']) || isset($HTTP_POST_VARS['cancelavatar']) )
{
$username = stripslashes($username);
$email = stripslashes($email);
$password = '';
$password_confirm = '';
$icq = stripslashes($icq);
$aim = stripslashes($aim);
$msn = stripslashes($msn);
$yim = stripslashes($yim);
$website = stripslashes($website);
$location = stripslashes($location);
$occupation = stripslashes($occupation);
$interests = stripslashes($interests);
$signature = stripslashes($signature);
$user_lang = stripslashes($user_lang);
$user_dateformat = stripslashes($user_dateformat);
$user_avatar = $user_avatar_local;
$user_avatar_type = USER_AVATAR_GALLERY;
}
}
if ( isset($HTTP_POST_VARS['submit']) )
{
$error = FALSE;
$passwd_sql = '';
if ( $mode == 'editprofile' )
{
if ( $user_id != $userdata['user_id'] )
{
$error = TRUE;
$error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Wrong_Profile'];
}
}
else if ( $mode == 'register' )
{
$coppa = (!$HTTP_POST_VARS['coppa'] && !$HTTP_GET_VARS['coppa']) ? 0 : TRUE;
if ( empty($username) || empty($password) || empty($password_confirm) || empty($email) )
{
$error = TRUE;
$error_ms .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Fields_empty'];
}
}
$passwd_sql = '';
if ( !empty($password) && !empty($password_confirm) )
{
if ( $password != $password_confirm )
{
$error = TRUE;
$error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Password_mismatch'];
}
else if ( strlen($password) > 32 )
{
$error = TRUE;
$error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Password_long'];
}
else
{
if ( $mode == 'editprofile' )
{
$sql = "SELECT user_password
FROM " . USERS_TABLE . "
WHERE user_id = $user_id";
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not obtain user_password information', '', __LINE__, __FILE__, $sql);
}
$row = $db->sql_fetchrow($result);
if ( $row['user_password'] != md5($password_current) )
{
$error = TRUE;
$error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Current_password_mismatch'];
}
}
if ( !$error )
{
$password = md5($password);
$passwd_sql = "user_password = '$password', ";
}
}
}
else if ( ( $password && !$password_confirm ) || ( !$password && $password_confirm ) )
{
$error = TRUE;
$error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Password_mismatch'];
}
//
// Do a ban check on this email address
//
if ( $email != $userdata['user_email'] || $mode == 'register' )
{
$result = validate_email($email);
if ( $result['error'] )
{
$email = $userdata['user_email'];
$error = TRUE;
$error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $result['error_msg'];
}
if ( $mode == 'editprofile' )
{
$sql = "SELECT user_password
FROM " . USERS_TABLE . "
WHERE user_id = $user_id";
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not obtain user_password information', '', __LINE__, __FILE__, $sql);
}
$row = $db->sql_fetchrow($result);
if ( $row['user_password'] != md5($password_current) )
{
$email = $userdata['user_email'];
$error = TRUE;
$error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Current_password_mismatch'];
}
}
}
$username_sql = '';
if ( $board_config['allow_namechange'] || $mode == 'register' )
{
if ( $username != $userdata['username'] || $mode == 'register' )
{
$result = validate_username($username);
if ( $result['error'] )
{
$error = TRUE;
$error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $result['error_msg'];
}
else
{
$username_sql = "username = '" . str_replace("\'", "''", $username) . "', ";
}
}
}
if ( $signature != '' )
{
if ( strlen($signature) > $board_config['max_sig_chars'] )
{
$error = TRUE;
$error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Signature_too_long'];
}
if ( $signature_bbcode_uid == '' )
{
$signature_bbcode_uid = ( $allowbbcode ) ? make_bbcode_uid() : '';
}
$signature = prepare_message($signature, $allowhtml, $allowbbcode, $allowsmilies, $signature_bbcode_uid);
}
include($phpbb_root_path . 'includes/usercp_avatar.'.$phpEx);
if ( isset($HTTP_POST_VARS['avatardel']) && $mode == 'editprofile' )
{
$avatar_sql = user_avatar_delete($userdata['avatar_type'], $userdata['avatar_file']);
}
else if ( ( $user_avatar_loc != '' || !empty($user_avatar_url) ) && $board_config['allow_avatar_upload'] )
{
if ( !empty($user_avatar_loc) && !empty($user_avatar_url) )
{
$error = true;
$error_msg .= ( ( !empty($error_msg) ) ? '<br />' : '' ) . $lang['Only_one_avatar'];
}
$id = ( $mode == 'register' ) ? $new_user_id : $userdata['user_id'];
if ( !empty($user_avatar_loc) )
{
$avatar_sql = user_avatar_upload($mode, 'local', $id, $error, $error_msg, $user_avatar_loc, $user_avatar_name, $user_avatar_size, $user_avatar_filetype);
}
else if ( !empty($user_avatar_url) )
{
$avatar_sql = user_avatar_upload($mode, 'remote', $id, $error, $error_msg, $user_avatar_url, $user_avatar_name, $user_avatar_size, $user_avatar_filetype);
}
else if ( !empty($user_avatar_name) )
{
$l_avatar_size = sprintf($lang['Avatar_filesize'], round($board_config['avatar_filesize'] / 1024));
$error = true;
$error_msg = ( ( !empty($error_msg) ) ? '<br />' : '' ) . $l_avatar_size;
}
}
else if ( $user_avatar_remoteurl != '' && $board_config['allow_avatar_remote'] )
{
$avatar_sql = user_avatar_url($mode, $error, $error_msg, $user_avatar_remoteurl);
}
else if ( $user_avatar_local != '' && $board_config['allow_avatar_local'] )
{
$avatar_sql = user_avatar_gallery($mode, $error, $error_msg, $user_avatar_local);
}
if ( !$error )
{
if ( $avatar_sql == '' )
{
$avatar_sql = ( $mode == 'editprofile' ) ? '' : "'', " . USER_AVATAR_NONE;
}
if ( $mode == 'editprofile' )
{
if ( $email != $current_email && ( $board_config['require_activation'] == USER_ACTIVATION_SELF || $board_config['require_activation'] == USER_ACTIVATION_ADMIN ) && $userdata['user_level'] != ADMIN )
{
$user_active = 0;
$user_actkey = gen_rand_string(true);
//
// The user is inactive, remove their session forcing them to login again before they can post.
//
if ( $userdata['session_logged_in'] )
{
session_end($userdata['session_id'], $userdata['user_id']);
}
}
else
{
$user_active = 1;
$user_actkey = '';
}
$sql = "UPDATE " . USERS_TABLE . "
SET " . $username_sql . $passwd_sql . "user_email = '" . str_replace("\'", "''", $email) ."', user_icq = '" . str_replace("\'", "''", $icq) . "', user_website = '" . str_replace("\'", "''", $website) . "', user_occ = '" . str_replace("\'", "''", $occupation) . "', user_from = '" . str_replace("\'", "''", $location) . "', user_interests = '" . str_replace("\'", "''", $interests) . "', user_sig = '" . str_replace("\'", "''", $signature) . "', user_sig_bbcode_uid = '$signature_bbcode_uid', user_viewemail = $viewemail, user_aim = '" . str_replace("\'", "''", $aim) . "', user_yim = '" . str_replace("\'", "''", $yim) . "', user_msnm = '" . str_replace("\'", "''", $msn) . "', user_attachsig = $attachsig, user_allowsmile = $allowsmilies, user_allowhtml = $allowhtml, user_allowbbcode = $allowbbcode, user_allow_viewonline = $allowviewonline, user_notify = $notifyreply, user_notify_pm = $notifypm, user_popup_pm = $popuppm, user_timezone = $user_timezone, user_dateformat = '" . str_replace("\'", "''", $user_dateformat) . "', user_lang = '" . str_replace("\'", "''", $user_lang) . "', user_style = $user_style, user_active = $user_active, user_actkey = '" . str_replace("\'", "''", $user_actkey) . "'" . $avatar_sql . "
WHERE user_id = $user_id";
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not update users table', '', __LINE__, __FILE__, $sql);
}
if ( !$user_active )
{
//
// The users account has been deactivated, send them an email with a new activation key
//
include($phpbb_root_path . 'includes/emailer.'.$phpEx);
$emailer = new emailer($board_config['smtp_delivery']);
$email_headers = "From: " . $board_config['board_email'] . "\nReturn-Path: " . $board_config['board_email'] . "\r\n";
$emailer->use_template('user_activate', stripslashes($user_lang));
$emailer->email_address($email);
$emailer->set_subject();//$lang['Reactivate']
$emailer->extra_headers($email_headers);
$emailer->assign_vars(array(
'SITENAME' => $board_config['sitename'],
'USERNAME' => $username,
'EMAIL_SIG' => str_replace('<br />', "\n", "-- \n" . $board_config['board_email_sig']),
'U_ACTIVATE' => $server_url . '?mode=activate&act_key=' . $user_actkey)
);
$emailer->send();
$emailer->reset();
$message = $lang['Profile_updated_inactive'] . '<br /><br />' . sprintf($lang['Click_return_index'], '<a href="' . append_sid("index.$phpEx") . '">', '</a>');
}
else
{
$message = $lang['Profile_updated'] . '<br /><br />' . sprintf($lang['Click_return_index'], '<a href="' . append_sid("index.$phpEx") . '">', '</a>');
}
$template->assign_vars(array(
"META" => '<meta http-equiv="refresh" content="5;url=' . append_sid("index.$phpEx") . '">')
);
message_die(GENERAL_MESSAGE, $message);
}
else
{
$sql = "SELECT MAX(user_id) AS total
FROM " . USERS_TABLE;
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not obtained next user_id information', '', __LINE__, __FILE__, $sql);
}
$row = $db->sql_fetchrow($result);
$user_id = $row['total'] + 1;
$sql = "SELECT MAX(group_id) AS total
FROM " . GROUPS_TABLE;
if ( $result = $db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not obtained next user_id information', '', __LINE__, __FILE__, $sql);
}
$row = $db->sql_fetchrow($result);
$group_id = $row['total'] + 1;
//
// Get current date
//
$sql = "INSERT INTO " . USERS_TABLE . " (user_id, username, user_regdate, user_password, user_email, user_icq, user_website, user_occ, user_from, user_interests, user_sig, user_sig_bbcode_uid, user_avatar, user_avatar_type, user_viewemail, user_aim, user_yim, user_msnm, user_attachsig, user_allowsmile, user_allowhtml, user_allowbbcode, user_allow_viewonline, user_notify, user_notify_pm, user_popup_pm, user_timezone, user_dateformat, user_lang, user_style, user_level, user_allow_pm, user_active, user_actkey)
VALUES ($user_id, '" . str_replace("\'", "''", $username) . "', " . time() . ", '" . str_replace("\'", "''", $password) . "', '" . str_replace("\'", "''", $email) . "', '" . str_replace("\'", "''", $icq) . "', '" . str_replace("\'", "''", $website) . "', '" . str_replace("\'", "''", $occupation) . "', '" . str_replace("\'", "''", $location) . "', '" . str_replace("\'", "''", $interests) . "', '" . str_replace("\'", "''", $signature) . "', '$signature_bbcode_uid', $avatar_sql, $viewemail, '" . str_replace("\'", "''", $aim) . "', '" . str_replace("\'", "''", $yim) . "', '" . str_replace("\'", "''", $msn) . "', $attachsig, $allowsmilies, $allowhtml, $allowbbcode, $allowviewonline, $notifyreply, $notifypm, $popuppm, $user_timezone, '" . str_replace("\'", "''", $user_dateformat) . "', '" . str_replace("\'", "''", $user_lang) . "', $user_style, 0, 1, ";
if ( $board_config['require_activation'] == USER_ACTIVATION_SELF || $board_config['require_activation'] == USER_ACTIVATION_ADMIN || $coppa )
{
$user_actkey = gen_rand_string(true);
$sql .= "0, '" . str_replace("\'", "''", $user_actkey) . "')";
}
else
{
$sql .= "1, '')";
}
if ( !($result = $db->sql_query($sql, BEGIN_TRANSACTION)) )
{
message_die(GENERAL_ERROR, 'Could not insert data into users table', '', __LINE__, __FILE__, $sql);
}
$sql = "INSERT INTO " . GROUPS_TABLE . " (group_id, group_name, group_description, group_single_user, group_moderator)
VALUES ($group_id, '', 'Personal User', 1, 0)";
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not insert data into groups table', '', __LINE__, __FILE__, $sql);
}
$sql = "INSERT INTO " . USER_GROUP_TABLE . " (user_id, group_id, user_pending)
VALUES ($user_id, $group_id, 0)";
if( !($result = $db->sql_query($sql, END_TRANSACTION)) )
{
message_die(GENERAL_ERROR, 'Could not insert data into user_group table', '', __LINE__, __FILE__, $sql);
}
if ( $coppa )
{
$message = $lang['COPPA'];
$email_template = 'coppa_welcome_inactive';
}
else if ( $board_config['require_activation'] == USER_ACTIVATION_SELF )
{
$message = $lang['Account_inactive'];
$email_template = 'user_welcome_inactive';
}
else if ( $board_config['require_activation'] == USER_ACTIVATION_ADMIN )
{
$message = $lang['Account_inactive_admin'];
$email_template = 'admin_welcome_inactive';
}
else
{
$message = $lang['Account_added'];
$email_template = 'user_welcome';
}
include($phpbb_root_path . 'includes/emailer.'.$phpEx);
$emailer = new emailer($board_config['smtp_delivery']);
$email_headers = "From: " . $board_config['board_email'] . "\nReturn-Path: " . $board_config['board_email'] . "\r\n";
$emailer->use_template($email_template, stripslashes($user_lang));
$emailer->email_address($email);
$emailer->set_subject();//sprintf($lang['Welcome_subject'], $board_config['sitename'])
$emailer->extra_headers($email_headers);
if( $coppa )
{
$emailer->assign_vars(array(
'SITENAME' => $board_config['sitename'],
'WELCOME_MSG' => sprintf($lang['Welcome_subject'], $board_config['sitename']),
'USERNAME' => $username,
'PASSWORD' => $password_confirm,
'EMAIL_SIG' => str_replace('<br />', "\n", "-- \n" . $board_config['board_email_sig']),
'U_ACTIVATE' => $server_url . '?mode=activate&act_key=' . $user_actkey,
'FAX_INFO' => $board_config['coppa_fax'],
'MAIL_INFO' => $board_config['coppa_mail'],
'EMAIL_ADDRESS' => $email,
'ICQ' => $icq,
'AIM' => $aim,
'YIM' => $yim,
'MSN' => $msn,
'WEB_SITE' => $website,
'FROM' => $location,
'OCC' => $occupation,
'INTERESTS' => $interests,
'SITENAME' => $board_config['sitename']));
}
else
{
$emailer->assign_vars(array(
'SITENAME' => $board_config['sitename'],
'WELCOME_MSG' => sprintf($lang['Welcome_subject'], $board_config['sitename']),
'USERNAME' => $username,
'PASSWORD' => $password_confirm,
'EMAIL_SIG' => str_replace('<br />', "\n", "-- \n" . $board_config['board_email_sig']),
'U_ACTIVATE' => $server_url . '?mode=activate&act_key=' . $user_actkey)
);
}
$emailer->send();
$emailer->reset();
if ( $board_config['require_activation'] == USER_ACTIVATION_ADMIN )
{
$emailer->use_template("admin_activate", stripslashes($user_lang));
$emailer->email_address($board_config['board_email']);
$emailer->set_subject(); //$lang['New_account_subject']
$emailer->extra_headers($email_headers);
$emailer->assign_vars(array(
'USERNAME' => $username,
'EMAIL_SIG' => str_replace('<br />', "\n", "-- \n" . $board_config['board_email_sig']),
'U_ACTIVATE' => $server_url . '?mode=activate&act_key=' . $user_actkey)
);
$emailer->send();
$emailer->reset();
}
$message = $message . '<br /><br />' . sprintf($lang['Click_return_index'], '<a href="' . append_sid("index.$phpEx") . '">', '</a>');
message_die(GENERAL_MESSAGE, $message);
} // if mode == register
}
}
if ( $error )
{
//
// If an error occured we need to stripslashes on returned data
//
$username = stripslashes($username);
$email = stripslashes($email);
$password = '';
$password_confirm = '';
$icq = stripslashes($icq);
$aim = stripslashes($aim);
$msn = stripslashes($msn);
$yim = stripslashes($yim);
$website = stripslashes($website);
$location = stripslashes($location);
$occupation = stripslashes($occupation);
$interests = stripslashes($interests);
$signature = stripslashes($signature);
$user_lang = stripslashes($user_lang);
$user_dateformat = stripslashes($user_dateformat);
}
else if ( $mode == 'editprofile' && !isset($HTTP_POST_VARS['avatargallery']) && !isset($HTTP_POST_VARS['submitavatar']) && !isset($HTTP_POST_VARS['cancelavatar']) )
{
$user_id = $userdata['user_id'];
$username = $userdata['username'];
$email = $userdata['user_email'];
$password = "";
$password_confirm = "";
$icq = $userdata['user_icq'];
$aim = $userdata['user_aim'];
$msn = $userdata['user_msnm'];
$yim = $userdata['user_yim'];
$website = $userdata['user_website'];
$location = $userdata['user_from'];
$occupation = $userdata['user_occ'];
$interests = $userdata['user_interests'];
$signature_bbcode_uid = $userdata['user_sig_bbcode_uid'];
$signature = ( $signature_bbcode_uid != "" ) ? preg_replace("/\:(([a-z0-9]:)?)$signature_bbcode_uid/si", '', $userdata['user_sig']) : $userdata['user_sig'];
$viewemail = $userdata['user_viewemail'];
$notifypm = $userdata['user_notify_pm'];
$popuppm = $userdata['user_popup_pm'];
$notifyreply = $userdata['user_notify'];
$attachsig = $userdata['user_attachsig'];
$allowhtml = $userdata['user_allowhtml'];
$allowbbcode = $userdata['user_allowbbcode'];
$allowsmilies = $userdata['user_allowsmile'];
$allowviewonline = $userdata['user_allow_viewonline'];
$user_avatar = ( $userdata['user_allowavatar'] ) ? $userdata['user_avatar'] : '';
$user_avatar_type = ( $userdata['user_allowavatar'] ) ? $userdata['user_avatar_type'] : USER_AVATAR_NONE;
$user_style = $userdata['user_style'];
$user_lang = $userdata['user_lang'];
$user_timezone = $userdata['user_timezone'];
$user_dateformat = $userdata['user_dateformat'];
}
include($phpbb_root_path . 'includes/page_header.'.$phpEx);
$template->set_filenames(array(
"jumpbox" => "jumpbox.tpl")
);
$jumpbox = make_jumpbox();
$template->assign_vars(array(
'L_GO' => $lang['Go'],
'L_JUMP_TO' => $lang['Jump_to'],
'L_SELECT_FORUM' => $lang['Select_forum'],
'S_JUMPBOX_LIST' => $jumpbox,
'S_JUMPBOX_ACTION' => append_sid('viewforum.$phpEx'))
);
$template->assign_var_from_handle('JUMPBOX', 'jumpbox');
if ( $mode == 'editprofile' )
{
if ( $user_id != $userdata['user_id'] )
{
$error = TRUE;
$error_msg = $lang['Wrong_Profile'];
}
}
if( isset($HTTP_POST_VARS['avatargallery']) && !$error )
{
include($phpbb_root_path . 'includes/usercp_avatar.'.$phpEx);
$avatar_category = ( !empty($HTTP_POST_VARS['avatarcategory']) ) ? $HTTP_POST_VARS['avatarcategory'] : '';
$template->set_filenames(array(
"body" => "profile_avatar_gallery.tpl")
);
display_avatar_gallery($mode, $avatar_category, $user_id, $email, $current_email, $coppa, $username, $email, $icq, $aim, $msn, $yim, $website, $location, $occupation, $interests, $signature, $viewemail, $notifypm, $popuppm, $notifyreply, $attachsig, $allowhtml, $allowbbcode, $allowsmilies, $allowviewonline, $user_style, $user_lang, $user_timezone, $user_dateformat);
}
else
{
include($phpbb_root_path . 'includes/functions_selects.'.$phpEx);
if ( !isset($coppa) )
{
$coppa = FALSE;
}
if ( !isset($user_template) )
{
$selected_template = $board_config['system_template'];
}
$signature = preg_replace('/\:[0-9a-z\:]*?\]/si', ']', $signature);
$avatar_img = '';
if ( $user_avatar_type )
{
switch( $user_avatar_type )
{
case USER_AVATAR_UPLOAD:
$avatar_img = ( $board_config['allow_avatar_upload'] ) ? '<img src="' . $board_config['avatar_path'] . '/' . $user_avatar . '" alt="" />' : '';
break;
case USER_AVATAR_REMOTE:
$avatar_img = ( $board_config['allow_avatar_remote'] ) ? '<img src="' . $user_avatar . '" alt="" />' : '';
break;
case USER_AVATAR_GALLERY:
$avatar_img = ( $board_config['allow_avatar_local'] ) ? '<img src="' . $board_config['avatar_gallery_path'] . '/' . $user_avatar . '" alt="" />' : '';
break;
}
}
$s_hidden_fields = '<input type="hidden" name="mode" value="' . $mode . '" /><input type="hidden" name="agreed" value="true" /><input type="hidden" name="coppa" value="' . $coppa . '" />';
if( $mode == 'editprofile' )
{
$s_hidden_fields .= '<input type="hidden" name="user_id" value="' . $userdata['user_id'] . '" />';
//
// Send the users current email address. If they change it, and account activation is turned on
// the user account will be disabled and the user will have to reactivate their account.
//
$s_hidden_fields .= '<input type="hidden" name="current_email" value="' . $userdata['user_email'] . '" />';
}
if ( !empty($user_avatar_local) )
{
$s_hidden_fields .= '<input type="hidden" name="avatarlocal" value="' . $user_avatar_local . '" />';
}
$html_status = ( $userdata['user_allowhtml'] && $board_config['allow_html'] ) ? $lang['HTML_is_ON'] : $lang['HTML_is_OFF'];
$bbcode_status = ( $userdata['user_allowbbcode'] && $board_config['allow_bbcode'] ) ? $lang['BBCode_is_ON'] : $lang['BBCode_is_OFF'];
$smilies_status = ( $userdata['user_allowsmile'] && $board_config['allow_smilies'] ) ? $lang['Smilies_are_ON'] : $lang['Smilies_are_OFF'];
if ( $error )
{
$template->set_filenames(array(
'reg_header' => 'error_body.tpl')
);
$template->assign_vars(array(
'ERROR_MESSAGE' => $error_msg)
);
$template->assign_var_from_handle('ERROR_BOX', 'reg_header');
}
$template->set_filenames(array(
'body' => 'profile_add_body.tpl')
);
if ( $mode == 'editprofile' )
{
$template->assign_block_vars('edit_profile', array());
}
//
// Let's do an overall check for settings/versions which would prevent
// us from doing file uploads....
//
$ini_val = ( phpversion() >= '4.0.0' ) ? 'ini_get' : 'get_cfg_var';
$form_enctype = ( !$ini_val('file_uploads') || phpversion() == '4.0.4pl1' || !$board_config['allow_avatar_upload'] || ( phpversion() < '4.0.3' && $ini_val('open_basedir') != '' ) ) ? '' : 'enctype="multipart/form-data"';
$template->assign_vars(array(
'USERNAME' => $username,
'EMAIL' => $email,
'YIM' => $yim,
'ICQ' => $icq,
'MSN' => $msn,
'AIM' => $aim,
'OCCUPATION' => $occupation,
'INTERESTS' => $interests,
'LOCATION' => $location,
'WEBSITE' => $website,
'SIGNATURE' => str_replace('<br />', "\n", $signature),
'VIEW_EMAIL_YES' => ( $viewemail ) ? 'checked="checked"' : '',
'VIEW_EMAIL_NO' => ( !$viewemail ) ? 'checked="checked"' : '',
'HIDE_USER_YES' => ( !$allowviewonline ) ? 'checked="checked"' : '',
'HIDE_USER_NO' => ( $allowviewonline ) ? 'checked="checked"' : '',
'NOTIFY_PM_YES' => ( $notifypm ) ? 'checked="checked"' : '',
'NOTIFY_PM_NO' => ( !$notifypm ) ? 'checked="checked"' : '',
'POPUP_PM_YES' => ( $popuppm ) ? 'checked="checked"' : '',
'POPUP_PM_NO' => ( !$popuppm ) ? 'checked="checked"' : '',
'ALWAYS_ADD_SIGNATURE_YES' => ( $attachsig ) ? 'checked="checked"' : '',
'ALWAYS_ADD_SIGNATURE_NO' => ( !$attachsig ) ? 'checked="checked"' : '',
'NOTIFY_REPLY_YES' => ( $notifyreply ) ? 'checked="checked"' : '',
'NOTIFY_REPLY_NO' => ( !$notifyreply ) ? 'checked="checked"' : '',
'ALWAYS_ALLOW_BBCODE_YES' => ( $allowbbcode ) ? 'checked="checked"' : '',
'ALWAYS_ALLOW_BBCODE_NO' => ( !$allowbbcode ) ? 'checked="checked"' : '',
'ALWAYS_ALLOW_HTML_YES' => ( $allowhtml ) ? 'checked="checked"' : '',
'ALWAYS_ALLOW_HTML_NO' => ( !$allowhtml ) ? 'checked="checked"' : '',
'ALWAYS_ALLOW_SMILIES_YES' => ( $allowsmilies ) ? 'checked="checked"' : '',
'ALWAYS_ALLOW_SMILIES_NO' => ( !$allowsmilies ) ? 'checked="checked"' : '',
'ALLOW_AVATAR' => $board_config['allow_avatar_upload'],
'AVATAR' => $avatar_img,
'AVATAR_SIZE' => $board_config['avatar_filesize'],
'LANGUAGE_SELECT' => language_select($user_lang, 'language'),
'STYLE_SELECT' => style_select($user_style, 'style'),
'TIMEZONE_SELECT' => tz_select($user_timezone, 'timezone'),
'DATE_FORMAT' => $user_dateformat,
'HTML_STATUS' => $html_status,
'BBCODE_STATUS' => sprintf($bbcode_status, '<a href="' . append_sid("faq.$phpEx?mode=bbcode") . '" target="_phpbbcode">', '</a>'),
'SMILIES_STATUS' => $smilies_status,
'L_CURRENT_PASSWORD' => $lang['Current_password'],
'L_NEW_PASSWORD' => ( $mode == 'register' ) ? $lang['Password'] : $lang['New_password'],
'L_CONFIRM_PASSWORD' => $lang['Confirm_password'],
'L_CONFIRM_PASSWORD_EXPLAIN' => ( $mode == 'editprofile' ) ? $lang['Confirm_password_explain'] : '',
'L_PASSWORD_IF_CHANGED' => ( $mode == 'editprofile' ) ? $lang['password_if_changed'] : '',
'L_PASSWORD_CONFIRM_IF_CHANGED' => ( $mode == 'editprofile' ) ? $lang['password_confirm_if_changed'] : '',
'L_SUBMIT' => $lang['Submit'],
'L_RESET' => $lang['Reset'],
'L_ICQ_NUMBER' => $lang['ICQ'],
'L_MESSENGER' => $lang['MSNM'],
'L_YAHOO' => $lang['YIM'],
'L_WEBSITE' => $lang['Website'],
'L_AIM' => $lang['AIM'],
'L_LOCATION' => $lang['Location'],
'L_OCCUPATION' => $lang['Occupation'],
'L_BOARD_LANGUAGE' => $lang['Board_lang'],
'L_BOARD_STYLE' => $lang['Board_style'],
'L_TIMEZONE' => $lang['Timezone'],
'L_DATE_FORMAT' => $lang['Date_format'],
'L_DATE_FORMAT_EXPLAIN' => $lang['Date_format_explain'],
'L_YES' => $lang['Yes'],
'L_NO' => $lang['No'],
'L_INTERESTS' => $lang['Interests'],
'L_ALWAYS_ALLOW_SMILIES' => $lang['Always_smile'],
'L_ALWAYS_ALLOW_BBCODE' => $lang['Always_bbcode'],
'L_ALWAYS_ALLOW_HTML' => $lang['Always_html'],
'L_HIDE_USER' => $lang['Hide_user'],
'L_ALWAYS_ADD_SIGNATURE' => $lang['Always_add_sig'],
'L_AVATAR_PANEL' => $lang['Avatar_panel'],
'L_AVATAR_EXPLAIN' => sprintf($lang['Avatar_explain'], $board_config['avatar_max_width'], $board_config['avatar_max_height'], (round($board_config['avatar_filesize'] / 1024))),
'L_UPLOAD_AVATAR_FILE' => $lang['Upload_Avatar_file'],
'L_UPLOAD_AVATAR_URL' => $lang['Upload_Avatar_URL'],
'L_UPLOAD_AVATAR_URL_EXPLAIN' => $lang['Upload_Avatar_URL_explain'],
'L_AVATAR_GALLERY' => $lang['Select_from_gallery'],
'L_SHOW_GALLERY' => $lang['View_avatar_gallery'],
'L_LINK_REMOTE_AVATAR' => $lang['Link_remote_Avatar'],
'L_LINK_REMOTE_AVATAR_EXPLAIN' => $lang['Link_remote_Avatar_explain'],
'L_DELETE_AVATAR' => $lang['Delete_Image'],
'L_CURRENT_IMAGE' => $lang['Current_Image'],
'L_SIGNATURE' => $lang['Signature'],
'L_SIGNATURE_EXPLAIN' => sprintf($lang['Signature_explain'], $board_config['max_sig_chars']),
'L_NOTIFY_ON_REPLY' => $lang['Always_notify'],
'L_NOTIFY_ON_REPLY_EXPLAIN' => $lang['Always_notify_explain'],
'L_NOTIFY_ON_PRIVMSG' => $lang['Notify_on_privmsg'],
'L_POPUP_ON_PRIVMSG' => $lang['Popup_on_privmsg'],
'L_POPUP_ON_PRIVMSG_EXPLAIN' => $lang['Popup_on_privmsg_explain'],
'L_PREFERENCES' => $lang['Preferences'],
'L_PUBLIC_VIEW_EMAIL' => $lang['Public_view_email'],
'L_ITEMS_REQUIRED' => $lang['Items_required'],
'L_REGISTRATION_INFO' => $lang['Registration_info'],
'L_PROFILE_INFO' => $lang['Profile_info'],
'L_PROFILE_INFO_NOTICE' => $lang['Profile_info_warn'],
'L_EMAIL_ADDRESS' => $lang['Email_address'],
'S_ALLOW_AVATAR_UPLOAD' => $board_config['allow_avatar_upload'],
'S_ALLOW_AVATAR_LOCAL' => $board_config['allow_avatar_local'],
'S_ALLOW_AVATAR_REMOTE' => $board_config['allow_avatar_remote'],
'S_HIDDEN_FIELDS' => $s_hidden_fields,
'S_FORM_ENCTYPE' => $form_enctype,
'S_PROFILE_ACTION' => append_sid("profile.$phpEx"))
);
//
// This is another cheat using the block_var capability
// of the templates to 'fake' an IF...ELSE...ENDIF solution
// it works well :)
//
if ( $userdata['user_allowavatar'] && ( $board_config['allow_avatar_upload'] || $board_config['allow_avatar_local'] || $board_config['allow_avatar_remote'] ) )
{
$template->assign_block_vars('avatar_block', array() );
if ( $board_config['allow_avatar_upload'] && file_exists('./' . $board_config['avatar_path']) )
{
if ( $form_enctype != '' )
{
$template->assign_block_vars('avatar_block.avatar_local_upload', array() );
}
$template->assign_block_vars('avatar_block.avatar_remote_upload', array() );
}
if ( $board_config['allow_avatar_remote'] )
{
$template->assign_block_vars('avatar_block.avatar_remote_link', array() );
}
if ( $board_config['allow_avatar_local'] && file_exists('./' . $board_config['avatar_gallery_path']) )
{
$template->assign_block_vars('avatar_block.avatar_local_gallery', array() );
}
}
}
$template->pparse('body');
include($phpbb_root_path . 'includes/page_tail.'.$phpEx);
?>

2
phpBB/includes/usercp_sendpasswd.php
View file

@ -23,7 +23,7 @@
if ( !defined('IN_PROFILE') )
{
header("Location: ../index.$phpEx");
die("Hacking attempt");
exit;
}

2
phpBB/includes/usercp_viewprofile.php
View file

@ -23,7 +23,7 @@
if ( !defined('IN_PROFILE') )
{
header("Location: ../index.$phpEx");
die("Hacking attempt");
exit;
}