makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-28 06:08:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

Yet more fixes ... note there is a bug in user admin at present

Browse source 
git-svn-id: file:///svn/phpbb/branches/phpBB-2_0_0@3083 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Paul S. Owen 2002-11-24 16:22:52 +00:00
parent 95c6156b4a
commit 73650b59c7
10 changed files with 414 additions and 401 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

361
phpBB/admin/admin_users.php
View file

@ -68,6 +68,184 @@ if( $mode == 'edit' || $mode == 'save' && ( isset($HTTP_POST_VARS['username']) |
message_die(GENERAL_MESSAGE, $lang['No_user_id_specified'] );
}
if( $HTTP_POST_VARS['deleteuser'] )
{
$sql = "SELECT g.group_id
FROM " . USER_GROUP_TABLE . " ug, " . GROUPS_TABLE . " g
WHERE ug.user_id = $user_id
AND g.group_id = ug.group_id
AND g.group_single_user = 1";
if( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not obtain group information for this user', '', __LINE__, __FILE__, $sql);
}
$row = $db->sql_fetchrow($result);
$sql = "UPDATE " . POSTS_TABLE . "
SET poster_id = " . DELETED . ", post_username = '$username'
WHERE poster_id = $user_id";
if( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not update posts for this user', '', __LINE__, __FILE__, $sql);
}
$sql = "UPDATE " . TOPICS_TABLE . "
SET topic_poster = " . DELETED . "
WHERE topic_poster = $user_id";
if( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not update topics for this user', '', __LINE__, __FILE__, $sql);
}
$sql = "UPDATE " . VOTE_USERS_TABLE . "
SET vote_user_id = " . DELETED . "
WHERE vote_user_id = $user_id";
if( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not update votes for this user', '', __LINE__, __FILE__, $sql);
}
$sql = "SELECT group_id
FROM " . GROUPS_TABLE . "
WHERE group_moderator = $user_id";
if( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not select groups where user was moderator', '', __LINE__, __FILE__, $sql);
}
while ( $row_group = $db->sql_fetchrow($result) )
{
$group_moderator[] = $row_group['group_id'];
}
if ( count($group_moderator) )
{
$update_moderator_id = implode(', ', $group_moderator);
$sql = "UPDATE " . GROUPS_TABLE . "
SET group_moderator = " . $userdata['user_id'] . "
WHERE group_moderator IN ($update_moderator_id)";
if( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not update group moderators', '', __LINE__, __FILE__, $sql);
}
}
$sql = "DELETE FROM " . USERS_TABLE . "
WHERE user_id = $user_id";
if( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not delete user', '', __LINE__, __FILE__, $sql);
}
$sql = "DELETE FROM " . USER_GROUP_TABLE . "
WHERE user_id = $user_id";
if( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not delete user from user_group table', '', __LINE__, __FILE__, $sql);
}
$sql = "DELETE FROM " . GROUPS_TABLE . "
WHERE group_id = " . $row['group_id'];
if( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not delete group for this user', '', __LINE__, __FILE__, $sql);
}
$sql = "DELETE FROM " . AUTH_ACCESS_TABLE . "
WHERE group_id = " . $row['group_id'];
if( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not delete group for this user', '', __LINE__, __FILE__, $sql);
}
$sql = "DELETE FROM " . TOPICS_WATCH_TABLE . "
WHERE user_id = $user_id";
if ( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not delete user from topic watch table', '', __LINE__, __FILE__, $sql);
}
$sql = "SELECT privmsgs_id
FROM " . PRIVMSGS_TABLE . "
WHERE ( ( privmsgs_from_userid = $user_id
AND privmsgs_type = " . PRIVMSGS_NEW_MAIL . " )
OR ( privmsgs_from_userid = $user_id
AND privmsgs_type = " . PRIVMSGS_SENT_MAIL . " )
OR ( privmsgs_to_userid = $user_id
AND privmsgs_type = " . PRIVMSGS_READ_MAIL . " )
OR ( privmsgs_to_userid = $user_id
AND privmsgs_type = " . PRIVMSGS_SAVED_IN_MAIL . " )
OR ( privmsgs_from_userid = $user_id
AND privmsgs_type = " . PRIVMSGS_SAVED_OUT_MAIL . " ) )";
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not select all user\'s private messages', '', __LINE__, __FILE__, $sql);
}
//
// This little bit of code directly from the private messaging section.
// Thanks Paul!
//
while ( $row_privmsgs = $db->sql_fetchrow($result) )
{
$mark_list[] = $row_privmsgs['privmsgs_id'];
}
if ( count($mark_list) )
{
$delete_sql_id = implode(', ', $mark_list);
//
// We shouldn't need to worry about updating conters here...
// They are already gone!
//
$delete_text_sql = "DELETE FROM " . PRIVMSGS_TEXT_TABLE . "
WHERE privmsgs_text_id IN ($delete_sql_id)";
$delete_sql = "DELETE FROM " . PRIVMSGS_TABLE . "
WHERE privmsgs_id IN ($delete_sql_id)";
//
// Shouldn't need the switch statement here, either, as we just want
// to take out all of the private messages. This will not affect
// the other messages we want to keep; the ids are unique.
//
if ( !$db->sql_query($delete_sql) )
{
message_die(GENERAL_ERROR, 'Could not delete private message info', '', __LINE__, __FILE__, $delete_sql);
}
if ( !$db->sql_query($delete_text_sql) )
{
message_die(GENERAL_ERROR, 'Could not delete private message text', '', __LINE__, __FILE__, $delete_text_sql);
}
}
$sql = "UPDATE " . PRIVMSGS_TABLE . "
SET privmsgs_to_userid = " . DELETED . "
WHERE privmsgs_to_userid = $user_id";
if ( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not update private messages saved to the user', '', __LINE__, __FILE__, $sql);
}
$sql = "UPDATE " . PRIVMSGS_TABLE . "
SET privmsgs_from_userid = " . DELETED . "
WHERE privmsgs_from_userid = $user_id";
if ( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not update private messages saved from the user', '', __LINE__, __FILE__, $sql);
}
$message = $lang['User_deleted'] . '<br /><br />' . sprintf($lang['Click_return_useradmin'], '<a href="' . append_sid("admin_users.$phpEx") . '">', '</a>') . '<br /><br />' . sprintf($lang['Click_return_admin_index'], '<a href="' . append_sid("index.$phpEx?pane=right") . '">', '</a>');
message_die(GENERAL_MESSAGE, $message);
}
$username = ( !empty($HTTP_POST_VARS['username']) ) ? trim(strip_tags( $HTTP_POST_VARS['username'] ) ) : '';
$email = ( !empty($HTTP_POST_VARS['email']) ) ? trim(strip_tags(htmlspecialchars( $HTTP_POST_VARS['email'] ) )) : '';
@ -495,187 +673,10 @@ if( $mode == 'edit' || $mode == 'save' && ( isset($HTTP_POST_VARS['username']) |
//
if( !$error )
{
if( $HTTP_POST_VARS['deleteuser'] )
{
$sql = "SELECT g.group_id
FROM " . USER_GROUP_TABLE . " ug, " . GROUPS_TABLE . " g
WHERE ug.user_id = $user_id
AND g.group_id = ug.group_id
AND g.group_single_user = 1";
if( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not obtain group information for this user', '', __LINE__, __FILE__, $sql);
}
$sql = "UPDATE " . USERS_TABLE . "
SET " . $username_sql . $passwd_sql . "user_email = '" . str_replace("\'", "''", $email) . "', user_icq = '" . str_replace("\'", "''", $icq) . "', user_website = '" . str_replace("\'", "''", $website) . "', user_occ = '" . str_replace("\'", "''", $occupation) . "', user_from = '" . str_replace("\'", "''", $location) . "', user_interests = '" . str_replace("\'", "''", $interests) . "', user_sig = '" . str_replace("\'", "''", $signature) . "', user_viewemail = $viewemail, user_aim = '" . str_replace("\'", "''", $aim) . "', user_yim = '" . str_replace("\'", "''", $yim) . "', user_msnm = '" . str_replace("\'", "''", $msn) . "', user_attachsig = $attachsig, user_sig_bbcode_uid = '$signature_bbcode_uid', user_allowsmile = $allowsmilies, user_allowhtml = $allowhtml, user_allowavatar = $user_allowavatar, user_allowbbcode = $allowbbcode, user_allow_viewonline = $allowviewonline, user_notify = $notifyreply, user_allow_pm = $user_allowpm, user_notify_pm = $notifypm, user_popup_pm = $popuppm, user_lang = '" . str_replace("\'", "''", $user_lang) . "', user_style = $user_style, user_timezone = $user_timezone, user_dateformat = '" . str_replace("\'", "''", $user_dateformat) . "', user_active = $user_status, user_rank = $user_rank" . $avatar_sql . "
WHERE user_id = $user_id";
$row = $db->sql_fetchrow($result);
$sql = "UPDATE " . POSTS_TABLE . "
SET poster_id = " . DELETED . ", post_username = '$username'
WHERE poster_id = $user_id";
if( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not update posts for this user', '', __LINE__, __FILE__, $sql);
}
$sql = "UPDATE " . TOPICS_TABLE . "
SET topic_poster = " . DELETED . "
WHERE topic_poster = $user_id";
if( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not update topics for this user', '', __LINE__, __FILE__, $sql);
}
$sql = "UPDATE " . VOTE_USERS_TABLE . "
SET vote_user_id = " . DELETED . "
WHERE vote_user_id = $user_id";
if( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not update votes for this user', '', __LINE__, __FILE__, $sql);
}
$sql = "SELECT group_id
FROM " . GROUPS_TABLE . "
WHERE group_moderator = $user_id";
if( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not select groups where user was moderator', '', __LINE__, __FILE__, $sql);
}
while ( $row_group = $db->sql_fetchrow($result) )
{
$group_moderator[] = $row_group['group_id'];
}
if ( count($group_moderator) )
{
$update_moderator_id = implode(', ', $group_moderator);
$sql = "UPDATE " . GROUPS_TABLE . "
SET group_moderator = " . $userdata['user_id'] . "
WHERE group_moderator IN ($update_moderator_id)";
if( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not update group moderators', '', __LINE__, __FILE__, $sql);
}
}
$sql = "DELETE FROM " . USERS_TABLE . "
WHERE user_id = $user_id";
if( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not delete user', '', __LINE__, __FILE__, $sql);
}
$sql = "DELETE FROM " . USER_GROUP_TABLE . "
WHERE user_id = $user_id";
if( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not delete user from user_group table', '', __LINE__, __FILE__, $sql);
}
$sql = "DELETE FROM " . GROUPS_TABLE . "
WHERE group_id = " . $row['group_id'];
if( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not delete group for this user', '', __LINE__, __FILE__, $sql);
}
$sql = "DELETE FROM " . AUTH_ACCESS_TABLE . "
WHERE group_id = " . $row['group_id'];
if( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not delete group for this user', '', __LINE__, __FILE__, $sql);
}
$sql = "DELETE FROM " . TOPICS_WATCH_TABLE . "
WHERE user_id = $user_id";
if ( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not delete user from topic watch table', '', __LINE__, __FILE__, $sql);
}
$sql = "SELECT privmsgs_id
FROM " . PRIVMSGS_TABLE . "
WHERE ( ( privmsgs_from_userid = $user_id
AND privmsgs_type = " . PRIVMSGS_NEW_MAIL . " )
OR ( privmsgs_from_userid = $user_id
AND privmsgs_type = " . PRIVMSGS_SENT_MAIL . " )
OR ( privmsgs_to_userid = $user_id
AND privmsgs_type = " . PRIVMSGS_READ_MAIL . " )
OR ( privmsgs_to_userid = $user_id
AND privmsgs_type = " . PRIVMSGS_SAVED_IN_MAIL . " )
OR ( privmsgs_from_userid = $user_id
AND privmsgs_type = " . PRIVMSGS_SAVED_OUT_MAIL . " ) )";
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not select all user\'s private messages', '', __LINE__, __FILE__, $sql);
}
//
// This little bit of code directly from the private messaging section.
// Thanks Paul!
//
while ( $row_privmsgs = $db->sql_fetchrow($result) )
{
$mark_list[] = $row_privmsgs['privmsgs_id'];
}
if ( count($mark_list) )
{
$delete_sql_id = implode(', ', $mark_list);
//
// We shouldn't need to worry about updating conters here...
// They are already gone!
//
$delete_text_sql = "DELETE FROM " . PRIVMSGS_TEXT_TABLE . "
WHERE privmsgs_text_id IN ($delete_sql_id)";
$delete_sql = "DELETE FROM " . PRIVMSGS_TABLE . "
WHERE privmsgs_id IN ($delete_sql_id)";
//
// Shouldn't need the switch statement here, either, as we just want
// to take out all of the private messages. This will not affect
// the other messages we want to keep; the ids are unique.
//
if ( !$db->sql_query($delete_sql) )
{
message_die(GENERAL_ERROR, 'Could not delete private message info', '', __LINE__, __FILE__, $delete_sql);
}
if ( !$db->sql_query($delete_text_sql) )
{
message_die(GENERAL_ERROR, 'Could not delete private message text', '', __LINE__, __FILE__, $delete_text_sql);
}
}
$sql = "UPDATE " . PRIVMSGS_TABLE . "
SET privmsgs_to_userid = " . DELETED . "
WHERE privmsgs_to_userid = $user_id";
if ( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not update private messages saved to the user', '', __LINE__, __FILE__, $sql);
}
$sql = "UPDATE " . PRIVMSGS_TABLE . "
SET privmsgs_from_userid = " . DELETED . "
WHERE privmsgs_from_userid = $user_id";
if ( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not update private messages saved from the user', '', __LINE__, __FILE__, $sql);
}
$message = $lang['User_deleted'];
}
else
{
$sql = "UPDATE " . USERS_TABLE . "
SET " . $username_sql . $passwd_sql . "user_email = '" . str_replace("\'", "''", $email) . "', user_icq = '" . str_replace("\'", "''", $icq) . "', user_website = '" . str_replace("\'", "''", $website) . "', user_occ = '" . str_replace("\'", "''", $occupation) . "', user_from = '" . str_replace("\'", "''", $location) . "', user_interests = '" . str_replace("\'", "''", $interests) . "', user_sig = '" . str_replace("\'", "''", $signature) . "', user_viewemail = $viewemail, user_aim = '" . str_replace("\'", "''", $aim) . "', user_yim = '" . str_replace("\'", "''", $yim) . "', user_msnm = '" . str_replace("\'", "''", $msn) . "', user_attachsig = $attachsig, user_sig_bbcode_uid = '$signature_bbcode_uid', user_allowsmile = $allowsmilies, user_allowhtml = $allowhtml, user_allowavatar = $user_allowavatar, user_allowbbcode = $allowbbcode, user_allow_viewonline = $allowviewonline, user_notify = $notifyreply, user_allow_pm = $user_allowpm, user_notify_pm = $notifypm, user_popup_pm = $popuppm, user_lang = '" . str_replace("\'", "''", $user_lang) . "', user_style = $user_style, user_timezone = $user_timezone, user_dateformat = '" . str_replace("\'", "''", $user_dateformat) . "', user_active = $user_status, user_rank = $user_rank" . $avatar_sql . "
WHERE user_id = $user_id";
if( $result = $db->sql_query($sql) )
{
if( isset($rename_user) )

2
phpBB/db/schemas/mssql_basic.sql
View file

@ -242,4 +242,4 @@ INSERT INTO phpbb_search_wordmatch (word_id, post_id, title_match) VALUES ( 11,
INSERT INTO phpbb_search_wordmatch (word_id, post_id, title_match) VALUES ( 12, 1, 1 );
INSERT INTO phpbb_search_wordmatch (word_id, post_id, title_match) VALUES ( 3, 1, 1 );
COMMIT;
COMMIT;

184
phpBB/db/schemas/mssql_schema.sql
View file

@ -1,6 +1,6 @@
/*
mssql_schema.sql for phpBB2 (c) 2001, phpBB Group
mssql_schema.sql for phpBB2 (c) 2001, phpBB Group
$Id$
@ -23,7 +23,7 @@ CREATE TABLE [phpbb_auth_access] (
[auth_vote] [smallint] NOT NULL ,
[auth_pollcreate] [smallint] NOT NULL ,
[auth_attachments] [smallint] NOT NULL ,
[auth_mod] [smallint] NOT NULL
[auth_mod] [smallint] NOT NULL
) ON [PRIMARY]
GO
@ -31,26 +31,26 @@ CREATE TABLE [phpbb_banlist] (
[ban_id] [int] IDENTITY (1, 1) NOT NULL ,
[ban_userid] [int] NULL ,
[ban_ip] [char] (8) NULL ,
[ban_email] [varchar] (50) NULL
[ban_email] [varchar] (50) NULL
) ON [PRIMARY]
GO
CREATE TABLE [phpbb_categories] (
[cat_id] [int] IDENTITY (1, 1) NOT NULL ,
[cat_title] [varchar] (50) NOT NULL ,
[cat_order] [int] NOT NULL
[cat_order] [int] NOT NULL
) ON [PRIMARY]
GO
CREATE TABLE [phpbb_config] (
[config_name] [varchar] (255) NULL ,
[config_value] [varchar] (255) NULL
[config_value] [varchar] (255) NULL
) ON [PRIMARY]
GO
CREATE TABLE [phpbb_disallow] (
[disallow_id] [int] IDENTITY (1, 1) NOT NULL ,
[disallow_username] [varchar] (100) NULL
[disallow_username] [varchar] (100) NULL
) ON [PRIMARY]
GO
@ -58,7 +58,7 @@ CREATE TABLE [phpbb_forum_prune] (
[prune_id] [int] IDENTITY (1, 1) NOT NULL ,
[forum_id] [int] NOT NULL ,
[prune_days] [int] NOT NULL ,
[prune_freq] [int] NOT NULL
[prune_freq] [int] NOT NULL
) ON [PRIMARY]
GO
@ -84,7 +84,7 @@ CREATE TABLE [phpbb_forums] (
[auth_announce] [smallint] NOT NULL ,
[auth_vote] [smallint] NOT NULL ,
[auth_pollcreate] [smallint] NOT NULL ,
[auth_attachments] [smallint] NOT NULL
[auth_attachments] [smallint] NOT NULL
) ON [PRIMARY]
GO
@ -94,7 +94,7 @@ CREATE TABLE [phpbb_groups] (
[group_name] [varchar] (50) NOT NULL ,
[group_description] [varchar] (255) NOT NULL ,
[group_moderator] [int] NULL ,
[group_single_user] [smallint] NOT NULL
[group_single_user] [smallint] NOT NULL
) ON [PRIMARY]
GO
@ -111,7 +111,7 @@ CREATE TABLE [phpbb_posts] (
[enable_smilies] [smallint] NULL ,
[enable_sig] [smallint] NULL ,
[post_edit_time] [int] NULL ,
[post_edit_count] [smallint] NULL
[post_edit_count] [smallint] NULL
) ON [PRIMARY]
GO
@ -119,7 +119,7 @@ CREATE TABLE [phpbb_posts_text] (
[post_id] [int] NOT NULL ,
[bbcode_uid] [char] (10) NULL ,
[post_subject] [char] (60) NULL ,
[post_text] [text] NULL
[post_text] [text] NULL
) ON [PRIMARY] TEXTIMAGE_ON [PRIMARY]
GO
@ -134,14 +134,14 @@ CREATE TABLE [phpbb_privmsgs] (
[privmsgs_enable_bbcode] [smallint] NULL ,
[privmsgs_enable_html] [smallint] NULL ,
[privmsgs_enable_smilies] [smallint] NULL ,
[privmsgs_attach_sig] [smallint] NULL
[privmsgs_attach_sig] [smallint] NULL
) ON [PRIMARY]
GO
CREATE TABLE [phpbb_privmsgs_text] (
[privmsgs_text_id] [int] NOT NULL ,
[privmsgs_bbcode_uid] [char] (10) NULL ,
[privmsgs_text] [text] NULL
[privmsgs_text] [text] NULL
) ON [PRIMARY] TEXTIMAGE_ON [PRIMARY]
GO
@ -150,28 +150,28 @@ CREATE TABLE [phpbb_ranks] (
[rank_title] [varchar] (50) NOT NULL ,
[rank_min] [int] NULL ,
[rank_special] [smallint] NULL ,
[rank_image] [varchar] (50) NULL
[rank_image] [varchar] (50) NULL
) ON [PRIMARY]
GO
CREATE TABLE [phpbb_search_results] (
[search_id] [int] NOT NULL ,
[session_id] [char] (32) NOT NULL ,
[search_array] [text] NOT NULL
[search_array] [text] NOT NULL
) ON [PRIMARY] TEXTIMAGE_ON [PRIMARY]
GO
CREATE TABLE [phpbb_search_wordlist] (
[word_id] [int] IDENTITY (1, 1) NOT NULL ,
[word_text] [varchar] (50) NOT NULL ,
[word_common] [tinyint] NOT NULL
[word_common] [tinyint] NOT NULL
) ON [PRIMARY]
GO
CREATE TABLE [phpbb_search_wordmatch] (
[post_id] [int] NOT NULL ,
[word_id] [int] NOT NULL ,
[title_match] [smallint] NOT NULL
[title_match] [smallint] NOT NULL
) ON [PRIMARY]
GO
@ -182,7 +182,7 @@ CREATE TABLE [phpbb_sessions] (
[session_time] [int] NULL ,
[session_ip] [char] (8) NOT NULL ,
[session_page] [int] NULL ,
[session_logged_in] [smallint] NULL
[session_logged_in] [smallint] NULL
) ON [PRIMARY]
GO
@ -190,7 +190,7 @@ CREATE TABLE [phpbb_smilies] (
[smilies_id] [int] IDENTITY (1, 1) NOT NULL ,
[code] [varchar] (10) NOT NULL ,
[smile_url] [varchar] (50) NOT NULL ,
[emoticon] [varchar] (50) NULL
[emoticon] [varchar] (50) NULL
) ON [PRIMARY]
GO
@ -237,7 +237,7 @@ CREATE TABLE [phpbb_themes] (
[span_class2] [varchar] (25) NULL ,
[span_class3] [varchar] (25) NULL ,
[img_size_poll] [smallint] NULL ,
[img_size_privmsg] [smallint] NULL
[img_size_privmsg] [smallint] NULL
) ON [PRIMARY]
GO
@ -289,21 +289,21 @@ CREATE TABLE [phpbb_topics] (
[topic_vote] [smallint] NOT NULL ,
[topic_first_post_id] [int] NULL ,
[topic_last_post_id] [int] NULL ,
[topic_moved_id] [int] NULL
[topic_moved_id] [int] NULL
) ON [PRIMARY]
GO
CREATE TABLE [phpbb_topics_watch] (
[topic_id] [int] NOT NULL ,
[user_id] [int] NOT NULL ,
[notify_status] [smallint] NOT NULL
[notify_status] [smallint] NOT NULL
) ON [PRIMARY]
GO
CREATE TABLE [phpbb_user_group] (
[group_id] [int] NOT NULL ,
[user_id] [int] NOT NULL ,
[user_pending] [smallint] NULL
[user_pending] [smallint] NULL
) ON [PRIMARY]
GO
@ -352,7 +352,7 @@ CREATE TABLE [phpbb_users] (
[user_interests] [varchar] (255) NULL ,
[user_actkey] [varchar] (32) NULL ,
[user_newpasswd] [varchar] (32) NULL ,
[user_notify] [smallint] NOT NULL
[user_notify] [smallint] NOT NULL
) ON [PRIMARY] TEXTIMAGE_ON [PRIMARY]
GO
@ -361,7 +361,7 @@ CREATE TABLE [phpbb_vote_desc] (
[topic_id] [int] NOT NULL ,
[vote_text] [varchar] (255) NOT NULL ,
[vote_start] [int] NOT NULL ,
[vote_length] [int] NOT NULL
[vote_length] [int] NOT NULL
) ON [PRIMARY]
GO
@ -369,158 +369,158 @@ CREATE TABLE [phpbb_vote_results] (
[vote_id] [int] NOT NULL ,
[vote_option_id] [int] NOT NULL ,
[vote_option_text] [varchar] (255) NOT NULL ,
[vote_result] [int] NOT NULL
[vote_result] [int] NOT NULL
) ON [PRIMARY]
GO
CREATE TABLE [phpbb_vote_voters] (
[vote_id] [int] NOT NULL ,
[vote_user_id] [int] NOT NULL ,
[vote_user_ip] [char] (8) NOT NULL
[vote_user_ip] [char] (8) NOT NULL
) ON [PRIMARY]
GO
CREATE TABLE [phpbb_words] (
[word_id] [int] IDENTITY (1, 1) NOT NULL ,
[word] [varchar] (255) NOT NULL ,
[replacement] [varchar] (255) NOT NULL
[replacement] [varchar] (255) NOT NULL
) ON [PRIMARY]
GO
ALTER TABLE [phpbb_banlist] WITH NOCHECK ADD
CONSTRAINT [PK_phpbb_banlist] PRIMARY KEY CLUSTERED
ALTER TABLE [phpbb_banlist] WITH NOCHECK ADD
CONSTRAINT [PK_phpbb_banlist] PRIMARY KEY CLUSTERED
(
[ban_id]
) ON [PRIMARY]
) ON [PRIMARY]
GO
ALTER TABLE [phpbb_categories] WITH NOCHECK ADD
CONSTRAINT [PK_phpbb_categories] PRIMARY KEY CLUSTERED
ALTER TABLE [phpbb_categories] WITH NOCHECK ADD
CONSTRAINT [PK_phpbb_categories] PRIMARY KEY CLUSTERED
(
[cat_id]
) ON [PRIMARY]
) ON [PRIMARY]
GO
ALTER TABLE [phpbb_disallow] WITH NOCHECK ADD
CONSTRAINT [PK_phpbb_disallow] PRIMARY KEY CLUSTERED
ALTER TABLE [phpbb_disallow] WITH NOCHECK ADD
CONSTRAINT [PK_phpbb_disallow] PRIMARY KEY CLUSTERED
(
[disallow_id]
) ON [PRIMARY]
) ON [PRIMARY]
GO
ALTER TABLE [phpbb_forum_prune] WITH NOCHECK ADD
CONSTRAINT [PK_phpbb_forum_prune] PRIMARY KEY CLUSTERED
ALTER TABLE [phpbb_forum_prune] WITH NOCHECK ADD
CONSTRAINT [PK_phpbb_forum_prune] PRIMARY KEY CLUSTERED
(
[prune_id]
) ON [PRIMARY]
) ON [PRIMARY]
GO
ALTER TABLE [phpbb_forums] WITH NOCHECK ADD
CONSTRAINT [PK_phpbb_forums] PRIMARY KEY CLUSTERED
ALTER TABLE [phpbb_forums] WITH NOCHECK ADD
CONSTRAINT [PK_phpbb_forums] PRIMARY KEY CLUSTERED
(
[forum_id]
) ON [PRIMARY]
) ON [PRIMARY]
GO
ALTER TABLE [phpbb_groups] WITH NOCHECK ADD
CONSTRAINT [PK_phpbb_groups] PRIMARY KEY CLUSTERED
ALTER TABLE [phpbb_groups] WITH NOCHECK ADD
CONSTRAINT [PK_phpbb_groups] PRIMARY KEY CLUSTERED
(
[group_id]
) ON [PRIMARY]
) ON [PRIMARY]
GO
ALTER TABLE [phpbb_posts] WITH NOCHECK ADD
CONSTRAINT [PK_phpbb_posts] PRIMARY KEY CLUSTERED
ALTER TABLE [phpbb_posts] WITH NOCHECK ADD
CONSTRAINT [PK_phpbb_posts] PRIMARY KEY CLUSTERED
(
[post_id]
) ON [PRIMARY]
) ON [PRIMARY]
GO
ALTER TABLE [phpbb_privmsgs] WITH NOCHECK ADD
CONSTRAINT [PK_phpbb_privmsgs] PRIMARY KEY CLUSTERED
ALTER TABLE [phpbb_privmsgs] WITH NOCHECK ADD
CONSTRAINT [PK_phpbb_privmsgs] PRIMARY KEY CLUSTERED
(
[privmsgs_id]
) ON [PRIMARY]
) ON [PRIMARY]
GO
ALTER TABLE [phpbb_privmsgs_text] WITH NOCHECK ADD
CONSTRAINT [PK_phpbb_privmsgs_text] PRIMARY KEY CLUSTERED
ALTER TABLE [phpbb_privmsgs_text] WITH NOCHECK ADD
CONSTRAINT [PK_phpbb_privmsgs_text] PRIMARY KEY CLUSTERED
(
[privmsgs_text_id]
) ON [PRIMARY]
) ON [PRIMARY]
GO
ALTER TABLE [phpbb_ranks] WITH NOCHECK ADD
CONSTRAINT [PK_phpbb_ranks] PRIMARY KEY CLUSTERED
ALTER TABLE [phpbb_ranks] WITH NOCHECK ADD
CONSTRAINT [PK_phpbb_ranks] PRIMARY KEY CLUSTERED
(
[rank_id]
) ON [PRIMARY]
) ON [PRIMARY]
GO
ALTER TABLE [phpbb_search_results] WITH NOCHECK ADD
CONSTRAINT [PK_phpbb_search_results] PRIMARY KEY CLUSTERED
ALTER TABLE [phpbb_search_results] WITH NOCHECK ADD
CONSTRAINT [PK_phpbb_search_results] PRIMARY KEY CLUSTERED
(
[search_id]
) ON [PRIMARY]
) ON [PRIMARY]
GO
ALTER TABLE [phpbb_search_wordlist] WITH NOCHECK ADD
CONSTRAINT [PK_phpbb_search_wordlist] PRIMARY KEY CLUSTERED
ALTER TABLE [phpbb_search_wordlist] WITH NOCHECK ADD
CONSTRAINT [PK_phpbb_search_wordlist] PRIMARY KEY CLUSTERED
(
[word_id]
) ON [PRIMARY]
) ON [PRIMARY]
GO
ALTER TABLE [phpbb_smilies] WITH NOCHECK ADD
CONSTRAINT [PK_phpbb_smilies] PRIMARY KEY CLUSTERED
ALTER TABLE [phpbb_smilies] WITH NOCHECK ADD
CONSTRAINT [PK_phpbb_smilies] PRIMARY KEY CLUSTERED
(
[smilies_id]
) ON [PRIMARY]
) ON [PRIMARY]
GO
ALTER TABLE [phpbb_themes] WITH NOCHECK ADD
CONSTRAINT [PK_phpbb_themes] PRIMARY KEY CLUSTERED
ALTER TABLE [phpbb_themes] WITH NOCHECK ADD
CONSTRAINT [PK_phpbb_themes] PRIMARY KEY CLUSTERED
(
[themes_id]
) ON [PRIMARY]
) ON [PRIMARY]
GO
ALTER TABLE [phpbb_themes_name] WITH NOCHECK ADD
CONSTRAINT [PK_phpbb_themes_name] PRIMARY KEY CLUSTERED
ALTER TABLE [phpbb_themes_name] WITH NOCHECK ADD
CONSTRAINT [PK_phpbb_themes_name] PRIMARY KEY CLUSTERED
(
[themes_id]
) ON [PRIMARY]
) ON [PRIMARY]
GO
ALTER TABLE [phpbb_topics] WITH NOCHECK ADD
CONSTRAINT [PK_phpbb_topics] PRIMARY KEY CLUSTERED
ALTER TABLE [phpbb_topics] WITH NOCHECK ADD
CONSTRAINT [PK_phpbb_topics] PRIMARY KEY CLUSTERED
(
[topic_id]
) ON [PRIMARY]
) ON [PRIMARY]
GO
ALTER TABLE [phpbb_users] WITH NOCHECK ADD
CONSTRAINT [PK_phpbb_users] PRIMARY KEY CLUSTERED
ALTER TABLE [phpbb_users] WITH NOCHECK ADD
CONSTRAINT [PK_phpbb_users] PRIMARY KEY CLUSTERED
(
[user_id]
) ON [PRIMARY]
) ON [PRIMARY]
GO
ALTER TABLE [phpbb_vote_desc] WITH NOCHECK ADD
CONSTRAINT [PK_phpbb_vote_desc] PRIMARY KEY CLUSTERED
ALTER TABLE [phpbb_vote_desc] WITH NOCHECK ADD
CONSTRAINT [PK_phpbb_vote_desc] PRIMARY KEY CLUSTERED
(
[vote_id]
) ON [PRIMARY]
) ON [PRIMARY]
GO
ALTER TABLE [phpbb_words] WITH NOCHECK ADD
CONSTRAINT [PK_phpbb_words] PRIMARY KEY CLUSTERED
ALTER TABLE [phpbb_words] WITH NOCHECK ADD
CONSTRAINT [PK_phpbb_words] PRIMARY KEY CLUSTERED
(
[word_id]
) ON [PRIMARY]
) ON [PRIMARY]
GO
ALTER TABLE [phpbb_auth_access] WITH NOCHECK ADD
ALTER TABLE [phpbb_auth_access] WITH NOCHECK ADD
CONSTRAINT [DF_phpbb_auth_access_auth_view] DEFAULT (0) FOR [auth_view],
CONSTRAINT [DF_phpbb_auth_access_auth_read] DEFAULT (0) FOR [auth_read],
CONSTRAINT [DF_phpbb_auth_access_auth_post] DEFAULT (0) FOR [auth_post],
@ -535,7 +535,7 @@ ALTER TABLE [phpbb_auth_access] WITH NOCHECK ADD
CONSTRAINT [DF_phpbb_auth_access_auth_mod] DEFAULT (0) FOR [auth_mod]
GO
ALTER TABLE [phpbb_forums] WITH NOCHECK ADD
ALTER TABLE [phpbb_forums] WITH NOCHECK ADD
CONSTRAINT [DF_phpbb_forums_forum_posts] DEFAULT (0) FOR [forum_posts],
CONSTRAINT [DF_phpbb_forums_forum_topics] DEFAULT (0) FOR [forum_topics],
CONSTRAINT [DF_phpbb_forums_forum_last_post_id] DEFAULT (0) FOR [forum_last_post_id],
@ -553,20 +553,20 @@ ALTER TABLE [phpbb_forums] WITH NOCHECK ADD
CONSTRAINT [DF_phpbb_forums_auth_attachments] DEFAULT (0) FOR [auth_attachments]
GO
ALTER TABLE [phpbb_search_wordlist] WITH NOCHECK ADD
ALTER TABLE [phpbb_search_wordlist] WITH NOCHECK ADD
CONSTRAINT [DF_phpbb_search_wordlist_word_common] DEFAULT (0) FOR [word_common]
GO
ALTER TABLE [phpbb_topics] WITH NOCHECK ADD
ALTER TABLE [phpbb_topics] WITH NOCHECK ADD
CONSTRAINT [DF_phpbb_topics_topic_views] DEFAULT (0) FOR [topic_views],
CONSTRAINT [DF_phpbb_topics_topic_replies] DEFAULT (0) FOR [topic_replies],
CONSTRAINT [DF_phpbb_topics_topic_status] DEFAULT (0) FOR [topic_status],
CONSTRAINT [DF_phpbb_topics_topic_type] DEFAULT (0) FOR [topic_type],
CONSTRAINT [DF_phpbb_topics_topic_vote] DEFAULT (0) FOR [topic_vote],
CONSTRAINT [DF_phpbb_topics_topic_vote] DEFAULT (0) FOR [topic_vote],
CONSTRAINT [DF_phpbb_topics_topic_moved_id] DEFAULT (0) FOR topic_moved_id
GO
ALTER TABLE [phpbb_users] WITH NOCHECK ADD
ALTER TABLE [phpbb_users] WITH NOCHECK ADD
CONSTRAINT [DF_phpbb_users_user_level] DEFAULT (0) FOR [user_level],
CONSTRAINT [DF_phpbb_users_user_posts] DEFAULT (0) FOR [user_posts],
CONSTRAINT [DF_phpbb_users_user_session_time] DEFAULT (0) FOR [user_session_time],
@ -665,4 +665,4 @@ GO
GO
COMMIT
GO
GO

8
phpBB/groupcp.php
View file

@ -127,7 +127,7 @@ $server_url = $server_protocol . $server_name . $server_port . $script_name;
if ( isset($HTTP_GET_VARS[POST_GROUPS_URL]) || isset($HTTP_POST_VARS[POST_GROUPS_URL]) )
{
$group_id = ( isset($HTTP_GET_VARS[POST_GROUPS_URL]) ) ? intval($HTTP_GET_VARS[POST_GROUPS_URL]) : intval($HTTP_POST_VARS[POST_GROUPS_URL]);
$group_id = ( isset($HTTP_POST_VARS[POST_GROUPS_URL]) ) ? intval($HTTP_POST_VARS[POST_GROUPS_URL]) : intval($HTTP_GET_VARS[POST_GROUPS_URL]);
}
else
{
@ -1243,7 +1243,11 @@ else
$template->assign_block_vars('switch_groups_remaining', array() );
}
$s_hidden_fields = '<input type="hidden" name="sid" value="' . $userdata['session_id'] . '" />';
$s_hidden_fields = '';
if ( !empty($SID) )
{
$s_hidden_fields .= '<input type="hidden" name="sid" value="' . $userdata['session_id'] . '" />';
}
$template->assign_vars(array(
'L_GROUP_MEMBERSHIP_DETAILS' => $lang['Group_member_details'],

8
phpBB/includes/functions.php
View file

@ -92,7 +92,7 @@ function get_userdata($user)
function make_jumpbox($action, $match_forum_id = 0)
{
global $template, $lang, $db, $SID, $nav_links, $phpEx;
global $template, $userdata, $lang, $db, $nav_links, $phpEx;
// $is_auth = auth(AUTH_VIEW, AUTH_LIST_ALL, $userdata);
@ -174,9 +174,9 @@ function make_jumpbox($action, $match_forum_id = 0)
$boxstring .= '<select name="' . POST_FORUM_URL . '" onChange="if(this.options[this.selectedIndex].value != -1){ forms[\'jumpbox\'].submit() }"></select>';
}
if ( isset($SID) )
if ( !empty($SID) )
{
$boxstring .= '<input type="hidden" name="sid" value="' . substr($SID, 4) . '" />';
$boxstring .= '<input type="hidden" name="sid" value="' . $userdata['session_id'] . '" />';
}
$template->set_filenames(array(
@ -288,7 +288,7 @@ function setup_style($style)
message_die(CRITICAL_ERROR, "Could not open $template_name template config file", '', __LINE__, __FILE__);
}
$img_lang = ( file_exists(@realpath($current_template_path . '/images/lang_' . $board_config['default_lang'])) ) ? $board_config['default_lang'] : 'english';
$img_lang = ( file_exists(@realpath($phpbb_root_path . $current_template_path . '/images/lang_' . $board_config['default_lang'])) ) ? $board_config['default_lang'] : 'english';
while( list($key, $value) = @each($images) )
{

6
phpBB/includes/usercp_avatar.php
View file

@ -96,7 +96,7 @@ function user_avatar_url($mode, &$error, &$error_msg, $avatar_filename)
function user_avatar_upload($mode, $avatar_mode, &$current_avatar, &$current_type, &$error, &$error_msg, $avatar_filename, $avatar_realname, $avatar_filesize, $avatar_filetype)
{
global $board_config, $user_ip, $db, $lang;
global $board_config, $db, $lang;
$ini_val = ( @phpversion() >= '4.0.0' ) ? 'ini_get' : 'get_cfg_var';
@ -145,7 +145,7 @@ function user_avatar_upload($mode, $avatar_mode, &$current_avatar, &$current_typ
$avatar_data = substr($avatar_data, strlen($avatar_data) - $avatar_filesize, $avatar_filesize);
$tmp_path = ( !@$ini_val('safe_mode') ) ? '/tmp' : './' . $board_config['avatar_path'] . '/tmp';
$tmp_filename = tempnam($tmp_path, uniqid($user_ip) . '-');
$tmp_filename = tempnam($tmp_path, uniqid(rand()) . '-');
$fptr = @fopen($tmp_filename, 'wb');
$bytes_written = @fwrite($fptr, $avatar_data, $avatar_filesize);
@ -193,7 +193,7 @@ function user_avatar_upload($mode, $avatar_mode, &$current_avatar, &$current_typ
if ( $width <= $board_config['avatar_max_width'] && $height <= $board_config['avatar_max_height'] )
{
$new_filename = uniqid($user_ip) . $imgtype;
$new_filename = uniqid(rand()) . $imgtype;
if ( $mode == 'editprofile' && $current_type == USER_AVATAR_UPLOAD && $current_avatar != '' )
{

89
phpBB/includes/usercp_register.php
View file

@ -101,7 +101,7 @@ if (
{
if ( !empty($HTTP_POST_VARS[$param]) )
{
$$var = trim(strip_tags($HTTP_POST_VARS[$param]));
$$var = trim(htmlspecialchars(strip_tags($HTTP_POST_VARS[$param])));
}
}
@ -115,8 +115,6 @@ if (
}
}
$username = str_replace('&nbsp;', '', $username);
$email = htmlspecialchars($email);
$signature = str_replace('<br />', "\n", $signature);
// Run some validation on the optional fields. These are pass-by-ref, so they'll be changed to
@ -152,7 +150,7 @@ if (
{
if ( preg_match('/^[a-z_]+$/i', $HTTP_POST_VARS['language']) )
{
$user_lang = $HTTP_POST_VARS['language'];
$user_lang = htmlspecialchars($HTTP_POST_VARS['language']);
}
else
{
@ -166,7 +164,7 @@ if (
}
$user_timezone = ( isset($HTTP_POST_VARS['timezone']) ) ? doubleval($HTTP_POST_VARS['timezone']) : $board_config['board_timezone'];
$user_dateformat = ( !empty($HTTP_POST_VARS['dateformat']) ) ? trim($HTTP_POST_VARS['dateformat']) : $board_config['default_dateformat'];
$user_dateformat = ( !empty($HTTP_POST_VARS['dateformat']) ) ? trim(htmlspecialchars($HTTP_POST_VARS['dateformat'])) : $board_config['default_dateformat'];
$user_avatar_local = ( isset($HTTP_POST_VARS['avatarselect']) && !empty($HTTP_POST_VARS['submitavatar']) && $board_config['allow_avatar_local'] ) ? $HTTP_POST_VARS['avatarselect'] : ( ( isset($HTTP_POST_VARS['avatarlocal']) ) ? htmlspecialchars($HTTP_POST_VARS['avatarlocal']) : '' );
@ -188,29 +186,23 @@ if (
$password_confirm = stripslashes($password_confirm);
$icq = stripslashes($icq);
$aim = htmlspecialchars(stripslashes($aim));
$msn = htmlspecialchars(stripslashes($msn));
$yim = htmlspecialchars(stripslashes($yim));
$aim = stripslashes($aim);
$msn = stripslashes($msn);
$yim = stripslashes($yim);
$website = htmlspecialchars(stripslashes($website));
$location = htmlspecialchars(stripslashes($location));
$occupation = htmlspecialchars(stripslashes($occupation));
$interests = htmlspecialchars(stripslashes($interests));
$signature = htmlspecialchars(stripslashes($signature));
$website = stripslashes($website);
$location = stripslashes($location);
$occupation = stripslashes($occupation);
$interests = stripslashes($interests);
$signature = stripslashes($signature);
$user_lang = stripslashes($user_lang);
$user_dateformat = htmlspecialchars(stripslashes($user_dateformat));
$user_dateformat = stripslashes($user_dateformat);
if ( !isset($HTTP_POST_VARS['cancelavatar']))
{
$user_avatar = $user_avatar_local;
$user_avatar_type = USER_AVATAR_GALLERY;
if ( $userdata['user_avatar_type'] == USER_AVATAR_UPLOAD && @file_exists(@realpath('./' . $board_config['avatar_path'] . '/' . $userdata['user_avatar'])) )
{
@unlink('./' . $board_config['avatar_path'] . '/' . $userdata['user_avatar']);
}
}
}
}
@ -344,13 +336,17 @@ if ( isset($HTTP_POST_VARS['submit']) )
}
else if ( $username != $userdata['username'] || $mode == 'register' )
{
$result = validate_username($username);
if ( $result['error'] )
if (strtolower($username) != strtolower($userdata['username']))
{
$error = TRUE;
$error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $result['error_msg'];
$result = validate_username($username);
if ( $result['error'] )
{
$error = TRUE;
$error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $result['error_msg'];
}
}
else
if (!$error)
{
$username_sql = "username = '" . str_replace("\'", "''", $username) . "', ";
}
@ -372,6 +368,7 @@ if ( isset($HTTP_POST_VARS['submit']) )
$signature = prepare_message($signature, $allowhtml, $allowbbcode, $allowsmilies, $signature_bbcode_uid);
}
//??
if ( $website != '' )
{
rawurlencode($website);
@ -398,10 +395,18 @@ if ( isset($HTTP_POST_VARS['submit']) )
}
else if ( $user_avatar_remoteurl != '' && $board_config['allow_avatar_remote'] )
{
if ( @file_exists(@realpath('./' . $board_config['avatar_path'] . '/' . $userdata['user_avatar'])) )
{
@unlink('./' . $board_config['avatar_path'] . '/' . $userdata['user_avatar']);
}
$avatar_sql = user_avatar_url($mode, $error, $error_msg, $user_avatar_remoteurl);
}
else if ( $user_avatar_local != '' && $board_config['allow_avatar_local'] )
{
if ( @file_exists(@realpath('./' . $board_config['avatar_path'] . '/' . $userdata['user_avatar'])) )
{
@unlink('./' . $board_config['avatar_path'] . '/' . $userdata['user_avatar']);
}
$avatar_sql = user_avatar_gallery($mode, $error, $error_msg, $user_avatar_local);
}
else
@ -644,38 +649,38 @@ if ( $error )
$password_confirm = '';
$icq = stripslashes($icq);
$aim = htmlspecialchars(str_replace('+', ' ', stripslashes($aim)));
$msn = htmlspecialchars(stripslashes($msn));
$yim = htmlspecialchars(stripslashes($yim));
$aim = str_replace('+', ' ', stripslashes($aim));
$msn = stripslashes($msn);
$yim = stripslashes($yim);
$website = htmlspecialchars(stripslashes($website));
$location = htmlspecialchars(stripslashes($location));
$occupation = htmlspecialchars(stripslashes($occupation));
$interests = htmlspecialchars(stripslashes($interests));
$website = stripslashes($website);
$location = stripslashes($location);
$occupation = stripslashes($occupation);
$interests = stripslashes($interests);
$signature = stripslashes($signature);
$signature = ( $signature_bbcode_uid != '' ) ? preg_replace("/:(([a-z0-9]+:)?)$signature_bbcode_uid\]/si", ']', $signature) : $signature;
$user_lang = stripslashes($user_lang);
$user_dateformat = htmlspecialchars(stripslashes($user_dateformat));
$user_dateformat = stripslashes($user_dateformat);
}
else if ( $mode == 'editprofile' && !isset($HTTP_POST_VARS['avatargallery']) && !isset($HTTP_POST_VARS['submitavatar']) && !isset($HTTP_POST_VARS['cancelavatar']) )
{
$user_id = $userdata['user_id'];
$username = htmlspecialchars($userdata['username']);
$username = $userdata['username'];
$email = $userdata['user_email'];
$new_password = '';
$password_confirm = '';
$icq = $userdata['user_icq'];
$aim = htmlspecialchars(str_replace('+', ' ', $userdata['user_aim']));
$msn = htmlspecialchars($userdata['user_msnm']);
$yim = htmlspecialchars($userdata['user_yim']);
$aim = str_replace('+', ' ', $userdata['user_aim']);
$msn = $userdata['user_msnm'];
$yim = $userdata['user_yim'];
$website = htmlspecialchars($userdata['user_website']);
$location = htmlspecialchars($userdata['user_from']);
$occupation = htmlspecialchars($userdata['user_occ']);
$interests = htmlspecialchars($userdata['user_interests']);
$website = $userdata['user_website'];
$location = $userdata['user_from'];
$occupation = $userdata['user_occ'];
$interests = $userdata['user_interests'];
$signature_bbcode_uid = $userdata['user_sig_bbcode_uid'];
$signature = ( $signature_bbcode_uid != '' ) ? preg_replace("/:(([a-z0-9]+:)?)$signature_bbcode_uid\]/si", ']', $userdata['user_sig']) : $userdata['user_sig'];
@ -695,7 +700,7 @@ else if ( $mode == 'editprofile' && !isset($HTTP_POST_VARS['avatargallery']) &&
$user_style = $userdata['user_style'];
$user_lang = $userdata['user_lang'];
$user_timezone = $userdata['user_timezone'];
$user_dateformat = htmlspecialchars($userdata['user_dateformat']);
$user_dateformat = $userdata['user_dateformat'];
}
//

79
phpBB/install.php
View file

@ -22,15 +22,6 @@
error_reporting (E_ERROR | E_WARNING | E_PARSE); // This will NOT report uninitialized variables
set_magic_quotes_runtime(0); // Disable magic_quotes_runtime
define('IN_PHPBB', true);
$phpbb_root_path='./';
include($phpbb_root_path.'extension.inc');
include($phpbb_root_path . 'includes/functions_selects.'.$phpEx);
$userdata = array();
$lang = array();
$reinstall = false;
if( !get_magic_quotes_gpc() )
{
if( is_array($HTTP_GET_VARS) )
@ -94,6 +85,15 @@ if( !get_magic_quotes_gpc() )
}
}
define('IN_PHPBB', true);
$phpbb_root_path='./';
include($phpbb_root_path.'extension.inc');
include($phpbb_root_path . 'includes/functions_selects.'.$phpEx);
$userdata = array();
$lang = array();
$reinstall = false;
/***************************************************************************
* Install Customization Section
*
@ -720,25 +720,25 @@ else
$sql_query = $remove_remarks($sql_query);
$sql_query = split_sql_file($sql_query, $delimiter);
$sql_count = count($sql_query);
for($i = 0; $i < $sql_count; $i++)
for ($i = 0; $i < sizeof($sql_query); $i++)
{
$result = $db->sql_query($sql_query[$i]);
if( !$result )
if (trim($sql_query[$i]) != '')
{
$error = $db->sql_error();
$template->assign_block_vars("switch_error_install", array());
if (!($result = $db->sql_query($sql_query[$i])))
{
$error = $db->sql_error();
$template->assign_block_vars("switch_error_install", array());
$template->assign_vars(array(
"L_ERROR_TITLE" => $lang['Installer_Error'],
"L_ERROR" => $lang['Install_db_error'] . '<br />' . $error['message'])
);
$template->assign_vars(array(
"L_ERROR_TITLE" => $lang['Installer_Error'],
"L_ERROR" => $lang['Install_db_error'] . '<br />' . $error['message'])
);
$template->pparse('body');
$template->pparse('body');
exit;
exit;
}
}
}
@ -751,25 +751,25 @@ else
$sql_query = $remove_remarks($sql_query);
$sql_query = split_sql_file($sql_query, $delimiter_basic);
$sql_count = count($sql_query);
for($i = 0; $i < $sql_count; $i++)
for($i = 0; $i < sizeof($sql_query); $i++)
{
$result = $db->sql_query($sql_query[$i]);
if( !$result )
if (trim($sql_query[$i]) != '')
{
$error = $db->sql_error();
$template->assign_block_vars("switch_error_install", array());
if (!($result = $db->sql_query($sql_query[$i])))
{
$error = $db->sql_error();
$template->assign_block_vars("switch_error_install", array());
$template->assign_vars(array(
"L_ERROR_TITLE" => $lang['Installer_Error'],
"L_ERROR" => $lang['Install_db_error'] . "<br />" . $error["message"])
);
$template->assign_vars(array(
"L_ERROR_TITLE" => $lang['Installer_Error'],
"L_ERROR" => $lang['Install_db_error'] . "<br />" . $error["message"])
);
$template->pparse('body');
$template->pparse('body');
exit;
exit;
}
}
}
}
@ -781,7 +781,7 @@ else
// this we are going to pass them over to the admin_forum.php script
// to set up their forum defaults.
//
$error = "";
$error = '';
//
// Update the default admin user with their information.
@ -862,6 +862,8 @@ else
$error .= "Could not update user_regdate :: " . $sql . " :: " . __LINE__ . " :: " . __FILE__ . "<br /><br />";
}
/*
// Disabled in 2.0.4 ... too many issues with MAX ROWS
//
// Change session table to HEAP if MySQL version matches
//
@ -881,6 +883,7 @@ else
}
}
}
*/
if( $error != "" )
{

68
phpBB/memberlist.php
View file

@ -35,6 +35,15 @@ init_userprefs($userdata);
$start = ( isset($HTTP_GET_VARS['start']) ) ? intval($HTTP_GET_VARS['start']) : 0;
if ( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) )
{
$mode = ( isset($HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode'];
}
else
{
$mode = 'joined';
}
if(isset($HTTP_POST_VARS['order']))
{
$sort_order = ($HTTP_POST_VARS['order'] == 'ASC') ? 'ASC' : 'DESC';
@ -104,41 +113,32 @@ $template->assign_vars(array(
'S_MODE_ACTION' => append_sid("memberlist.$phpEx"))
);
if ( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) )
switch( $mode )
{
$mode = ( isset($HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode'];
switch( $mode )
{
case 'joined':
$order_by = "user_regdate ASC LIMIT $start, " . $board_config['topics_per_page'];
break;
case 'username':
$order_by = "username $sort_order LIMIT $start, " . $board_config['topics_per_page'];
break;
case 'location':
$order_by = "user_from $sort_order LIMIT $start, " . $board_config['topics_per_page'];
break;
case 'posts':
$order_by = "user_posts $sort_order LIMIT $start, " . $board_config['topics_per_page'];
break;
case 'email':
$order_by = "user_email $sort_order LIMIT $start, " . $board_config['topics_per_page'];
break;
case 'website':
$order_by = "user_website $sort_order LIMIT $start, " . $board_config['topics_per_page'];
break;
case 'topten':
$order_by = "user_posts DESC LIMIT 10";
break;
default:
$order_by = "user_regdate $sort_order LIMIT $start, " . $board_config['topics_per_page'];
break;
}
}
else
{
$order_by = "user_regdate $sort_order LIMIT $start, " . $board_config['topics_per_page'];
case 'joined':
$order_by = "user_regdate ASC LIMIT $start, " . $board_config['topics_per_page'];
break;
case 'username':
$order_by = "username $sort_order LIMIT $start, " . $board_config['topics_per_page'];
break;
case 'location':
$order_by = "user_from $sort_order LIMIT $start, " . $board_config['topics_per_page'];
break;
case 'posts':
$order_by = "user_posts $sort_order LIMIT $start, " . $board_config['topics_per_page'];
break;
case 'email':
$order_by = "user_email $sort_order LIMIT $start, " . $board_config['topics_per_page'];
break;
case 'website':
$order_by = "user_website $sort_order LIMIT $start, " . $board_config['topics_per_page'];
break;
case 'topten':
$order_by = "user_posts $sort_order LIMIT 10";
break;
default:
$order_by = "user_regdate $sort_order LIMIT $start, " . $board_config['topics_per_page'];
break;
}
$sql = "SELECT username, user_id, user_viewemail, user_posts, user_regdate, user_from, user_website, user_email, user_icq, user_aim, user_yim, user_msnm, user_avatar, user_avatar_type, user_allowavatar

10
phpBB/posting.php
View file

@ -403,13 +403,13 @@ else
$smilies_on = ( $submit || $refresh ) ? ( ( !empty($HTTP_POST_VARS['disable_smilies']) ) ? 0 : TRUE ) : ( ( $userdata['user_id'] == ANONYMOUS ) ? $board_config['allow_smilies'] : $userdata['user_allowsmile'] );
}
if ( $submit || $refresh )
if ( ($submit || $refresh) && $is_auth['auth_read'])
{
$notify_user = ( !empty($HTTP_POST_VARS['notify']) ) ? TRUE : 0;
}
else
{
if ( $mode != 'newtopic' && $userdata['session_logged_in'] )
if ( $mode != 'newtopic' && $userdata['session_logged_in'] && $is_auth['auth_read'] )
{
$sql = "SELECT topic_id
FROM " . TOPICS_WATCH_TABLE . "
@ -424,7 +424,7 @@ else
}
else
{
$notify_user = ( $userdata['session_logged_in'] ) ? $userdata['user_notify'] : 0;
$notify_user = ( $userdata['session_logged_in'] && $is_auth['auth_read'] ) ? $userdata['user_notify'] : 0;
}
}
@ -879,7 +879,7 @@ if( !$userdata['session_logged_in'] || ( $mode == 'editpost' && $post_info['post
//
// Notify checkbox - only show if user is logged in
//
if ( $userdata['session_logged_in'] )
if ( $userdata['session_logged_in'] && $is_auth['auth_read'] )
{
if ( $mode != 'editpost' || ( $mode == 'editpost' && $post_info['poster_id'] != ANONYMOUS ) )
{
@ -1104,7 +1104,7 @@ if( ( $mode == 'newtopic' || ( $mode == 'editpost' && $post_data['first_post'] )
//
// Topic review
//
if( $mode == 'reply' )
if( $mode == 'reply' && $is_auth['auth_read'] )
{
require($phpbb_root_path . 'includes/topic_review.'.$phpEx);
topic_review($topic_id, true);