diff --git a/phpBB/admin/admin_users.php b/phpBB/admin/admin_users.php
index e6e89276ea..694c13ae9c 100644
--- a/phpBB/admin/admin_users.php
+++ b/phpBB/admin/admin_users.php
@@ -68,6 +68,184 @@ if( $mode == 'edit' || $mode == 'save' && ( isset($HTTP_POST_VARS['username']) |
message_die(GENERAL_MESSAGE, $lang['No_user_id_specified'] );
}
+ if( $HTTP_POST_VARS['deleteuser'] )
+ {
+ $sql = "SELECT g.group_id
+ FROM " . USER_GROUP_TABLE . " ug, " . GROUPS_TABLE . " g
+ WHERE ug.user_id = $user_id
+ AND g.group_id = ug.group_id
+ AND g.group_single_user = 1";
+ if( !($result = $db->sql_query($sql)) )
+ {
+ message_die(GENERAL_ERROR, 'Could not obtain group information for this user', '', __LINE__, __FILE__, $sql);
+ }
+
+ $row = $db->sql_fetchrow($result);
+
+ $sql = "UPDATE " . POSTS_TABLE . "
+ SET poster_id = " . DELETED . ", post_username = '$username'
+ WHERE poster_id = $user_id";
+ if( !$db->sql_query($sql) )
+ {
+ message_die(GENERAL_ERROR, 'Could not update posts for this user', '', __LINE__, __FILE__, $sql);
+ }
+
+ $sql = "UPDATE " . TOPICS_TABLE . "
+ SET topic_poster = " . DELETED . "
+ WHERE topic_poster = $user_id";
+ if( !$db->sql_query($sql) )
+ {
+ message_die(GENERAL_ERROR, 'Could not update topics for this user', '', __LINE__, __FILE__, $sql);
+ }
+
+ $sql = "UPDATE " . VOTE_USERS_TABLE . "
+ SET vote_user_id = " . DELETED . "
+ WHERE vote_user_id = $user_id";
+ if( !$db->sql_query($sql) )
+ {
+ message_die(GENERAL_ERROR, 'Could not update votes for this user', '', __LINE__, __FILE__, $sql);
+ }
+
+ $sql = "SELECT group_id
+ FROM " . GROUPS_TABLE . "
+ WHERE group_moderator = $user_id";
+ if( !($result = $db->sql_query($sql)) )
+ {
+ message_die(GENERAL_ERROR, 'Could not select groups where user was moderator', '', __LINE__, __FILE__, $sql);
+ }
+
+ while ( $row_group = $db->sql_fetchrow($result) )
+ {
+ $group_moderator[] = $row_group['group_id'];
+ }
+
+ if ( count($group_moderator) )
+ {
+ $update_moderator_id = implode(', ', $group_moderator);
+
+ $sql = "UPDATE " . GROUPS_TABLE . "
+ SET group_moderator = " . $userdata['user_id'] . "
+ WHERE group_moderator IN ($update_moderator_id)";
+ if( !$db->sql_query($sql) )
+ {
+ message_die(GENERAL_ERROR, 'Could not update group moderators', '', __LINE__, __FILE__, $sql);
+ }
+ }
+
+ $sql = "DELETE FROM " . USERS_TABLE . "
+ WHERE user_id = $user_id";
+ if( !$db->sql_query($sql) )
+ {
+ message_die(GENERAL_ERROR, 'Could not delete user', '', __LINE__, __FILE__, $sql);
+ }
+
+ $sql = "DELETE FROM " . USER_GROUP_TABLE . "
+ WHERE user_id = $user_id";
+ if( !$db->sql_query($sql) )
+ {
+ message_die(GENERAL_ERROR, 'Could not delete user from user_group table', '', __LINE__, __FILE__, $sql);
+ }
+
+ $sql = "DELETE FROM " . GROUPS_TABLE . "
+ WHERE group_id = " . $row['group_id'];
+ if( !$db->sql_query($sql) )
+ {
+ message_die(GENERAL_ERROR, 'Could not delete group for this user', '', __LINE__, __FILE__, $sql);
+ }
+
+ $sql = "DELETE FROM " . AUTH_ACCESS_TABLE . "
+ WHERE group_id = " . $row['group_id'];
+ if( !$db->sql_query($sql) )
+ {
+ message_die(GENERAL_ERROR, 'Could not delete group for this user', '', __LINE__, __FILE__, $sql);
+ }
+
+ $sql = "DELETE FROM " . TOPICS_WATCH_TABLE . "
+ WHERE user_id = $user_id";
+ if ( !$db->sql_query($sql) )
+ {
+ message_die(GENERAL_ERROR, 'Could not delete user from topic watch table', '', __LINE__, __FILE__, $sql);
+ }
+
+ $sql = "SELECT privmsgs_id
+ FROM " . PRIVMSGS_TABLE . "
+ WHERE ( ( privmsgs_from_userid = $user_id
+ AND privmsgs_type = " . PRIVMSGS_NEW_MAIL . " )
+ OR ( privmsgs_from_userid = $user_id
+ AND privmsgs_type = " . PRIVMSGS_SENT_MAIL . " )
+ OR ( privmsgs_to_userid = $user_id
+ AND privmsgs_type = " . PRIVMSGS_READ_MAIL . " )
+ OR ( privmsgs_to_userid = $user_id
+ AND privmsgs_type = " . PRIVMSGS_SAVED_IN_MAIL . " )
+ OR ( privmsgs_from_userid = $user_id
+ AND privmsgs_type = " . PRIVMSGS_SAVED_OUT_MAIL . " ) )";
+ if ( !($result = $db->sql_query($sql)) )
+ {
+ message_die(GENERAL_ERROR, 'Could not select all user\'s private messages', '', __LINE__, __FILE__, $sql);
+ }
+
+ //
+ // This little bit of code directly from the private messaging section.
+ // Thanks Paul!
+ //
+
+ while ( $row_privmsgs = $db->sql_fetchrow($result) )
+ {
+ $mark_list[] = $row_privmsgs['privmsgs_id'];
+ }
+
+ if ( count($mark_list) )
+ {
+ $delete_sql_id = implode(', ', $mark_list);
+
+ //
+ // We shouldn't need to worry about updating conters here...
+ // They are already gone!
+ //
+
+ $delete_text_sql = "DELETE FROM " . PRIVMSGS_TEXT_TABLE . "
+ WHERE privmsgs_text_id IN ($delete_sql_id)";
+ $delete_sql = "DELETE FROM " . PRIVMSGS_TABLE . "
+ WHERE privmsgs_id IN ($delete_sql_id)";
+
+ //
+ // Shouldn't need the switch statement here, either, as we just want
+ // to take out all of the private messages. This will not affect
+ // the other messages we want to keep; the ids are unique.
+ //
+
+ if ( !$db->sql_query($delete_sql) )
+ {
+ message_die(GENERAL_ERROR, 'Could not delete private message info', '', __LINE__, __FILE__, $delete_sql);
+ }
+
+ if ( !$db->sql_query($delete_text_sql) )
+ {
+ message_die(GENERAL_ERROR, 'Could not delete private message text', '', __LINE__, __FILE__, $delete_text_sql);
+ }
+ }
+
+ $sql = "UPDATE " . PRIVMSGS_TABLE . "
+ SET privmsgs_to_userid = " . DELETED . "
+ WHERE privmsgs_to_userid = $user_id";
+ if ( !$db->sql_query($sql) )
+ {
+ message_die(GENERAL_ERROR, 'Could not update private messages saved to the user', '', __LINE__, __FILE__, $sql);
+ }
+
+ $sql = "UPDATE " . PRIVMSGS_TABLE . "
+ SET privmsgs_from_userid = " . DELETED . "
+ WHERE privmsgs_from_userid = $user_id";
+ if ( !$db->sql_query($sql) )
+ {
+ message_die(GENERAL_ERROR, 'Could not update private messages saved from the user', '', __LINE__, __FILE__, $sql);
+ }
+
+ $message = $lang['User_deleted'] . '
' . sprintf($lang['Click_return_useradmin'], '', '') . '
' . sprintf($lang['Click_return_admin_index'], '', '');
+
+ message_die(GENERAL_MESSAGE, $message);
+ }
+
$username = ( !empty($HTTP_POST_VARS['username']) ) ? trim(strip_tags( $HTTP_POST_VARS['username'] ) ) : '';
$email = ( !empty($HTTP_POST_VARS['email']) ) ? trim(strip_tags(htmlspecialchars( $HTTP_POST_VARS['email'] ) )) : '';
@@ -495,187 +673,10 @@ if( $mode == 'edit' || $mode == 'save' && ( isset($HTTP_POST_VARS['username']) |
//
if( !$error )
{
- if( $HTTP_POST_VARS['deleteuser'] )
- {
- $sql = "SELECT g.group_id
- FROM " . USER_GROUP_TABLE . " ug, " . GROUPS_TABLE . " g
- WHERE ug.user_id = $user_id
- AND g.group_id = ug.group_id
- AND g.group_single_user = 1";
- if( !($result = $db->sql_query($sql)) )
- {
- message_die(GENERAL_ERROR, 'Could not obtain group information for this user', '', __LINE__, __FILE__, $sql);
- }
+ $sql = "UPDATE " . USERS_TABLE . "
+ SET " . $username_sql . $passwd_sql . "user_email = '" . str_replace("\'", "''", $email) . "', user_icq = '" . str_replace("\'", "''", $icq) . "', user_website = '" . str_replace("\'", "''", $website) . "', user_occ = '" . str_replace("\'", "''", $occupation) . "', user_from = '" . str_replace("\'", "''", $location) . "', user_interests = '" . str_replace("\'", "''", $interests) . "', user_sig = '" . str_replace("\'", "''", $signature) . "', user_viewemail = $viewemail, user_aim = '" . str_replace("\'", "''", $aim) . "', user_yim = '" . str_replace("\'", "''", $yim) . "', user_msnm = '" . str_replace("\'", "''", $msn) . "', user_attachsig = $attachsig, user_sig_bbcode_uid = '$signature_bbcode_uid', user_allowsmile = $allowsmilies, user_allowhtml = $allowhtml, user_allowavatar = $user_allowavatar, user_allowbbcode = $allowbbcode, user_allow_viewonline = $allowviewonline, user_notify = $notifyreply, user_allow_pm = $user_allowpm, user_notify_pm = $notifypm, user_popup_pm = $popuppm, user_lang = '" . str_replace("\'", "''", $user_lang) . "', user_style = $user_style, user_timezone = $user_timezone, user_dateformat = '" . str_replace("\'", "''", $user_dateformat) . "', user_active = $user_status, user_rank = $user_rank" . $avatar_sql . "
+ WHERE user_id = $user_id";
- $row = $db->sql_fetchrow($result);
-
- $sql = "UPDATE " . POSTS_TABLE . "
- SET poster_id = " . DELETED . ", post_username = '$username'
- WHERE poster_id = $user_id";
- if( !$db->sql_query($sql) )
- {
- message_die(GENERAL_ERROR, 'Could not update posts for this user', '', __LINE__, __FILE__, $sql);
- }
-
- $sql = "UPDATE " . TOPICS_TABLE . "
- SET topic_poster = " . DELETED . "
- WHERE topic_poster = $user_id";
- if( !$db->sql_query($sql) )
- {
- message_die(GENERAL_ERROR, 'Could not update topics for this user', '', __LINE__, __FILE__, $sql);
- }
-
- $sql = "UPDATE " . VOTE_USERS_TABLE . "
- SET vote_user_id = " . DELETED . "
- WHERE vote_user_id = $user_id";
- if( !$db->sql_query($sql) )
- {
- message_die(GENERAL_ERROR, 'Could not update votes for this user', '', __LINE__, __FILE__, $sql);
- }
-
- $sql = "SELECT group_id
- FROM " . GROUPS_TABLE . "
- WHERE group_moderator = $user_id";
- if( !($result = $db->sql_query($sql)) )
- {
- message_die(GENERAL_ERROR, 'Could not select groups where user was moderator', '', __LINE__, __FILE__, $sql);
- }
-
- while ( $row_group = $db->sql_fetchrow($result) )
- {
- $group_moderator[] = $row_group['group_id'];
- }
-
- if ( count($group_moderator) )
- {
- $update_moderator_id = implode(', ', $group_moderator);
-
- $sql = "UPDATE " . GROUPS_TABLE . "
- SET group_moderator = " . $userdata['user_id'] . "
- WHERE group_moderator IN ($update_moderator_id)";
- if( !$db->sql_query($sql) )
- {
- message_die(GENERAL_ERROR, 'Could not update group moderators', '', __LINE__, __FILE__, $sql);
- }
- }
-
- $sql = "DELETE FROM " . USERS_TABLE . "
- WHERE user_id = $user_id";
- if( !$db->sql_query($sql) )
- {
- message_die(GENERAL_ERROR, 'Could not delete user', '', __LINE__, __FILE__, $sql);
- }
-
- $sql = "DELETE FROM " . USER_GROUP_TABLE . "
- WHERE user_id = $user_id";
- if( !$db->sql_query($sql) )
- {
- message_die(GENERAL_ERROR, 'Could not delete user from user_group table', '', __LINE__, __FILE__, $sql);
- }
-
- $sql = "DELETE FROM " . GROUPS_TABLE . "
- WHERE group_id = " . $row['group_id'];
- if( !$db->sql_query($sql) )
- {
- message_die(GENERAL_ERROR, 'Could not delete group for this user', '', __LINE__, __FILE__, $sql);
- }
-
- $sql = "DELETE FROM " . AUTH_ACCESS_TABLE . "
- WHERE group_id = " . $row['group_id'];
- if( !$db->sql_query($sql) )
- {
- message_die(GENERAL_ERROR, 'Could not delete group for this user', '', __LINE__, __FILE__, $sql);
- }
-
- $sql = "DELETE FROM " . TOPICS_WATCH_TABLE . "
- WHERE user_id = $user_id";
- if ( !$db->sql_query($sql) )
- {
- message_die(GENERAL_ERROR, 'Could not delete user from topic watch table', '', __LINE__, __FILE__, $sql);
- }
-
- $sql = "SELECT privmsgs_id
- FROM " . PRIVMSGS_TABLE . "
- WHERE ( ( privmsgs_from_userid = $user_id
- AND privmsgs_type = " . PRIVMSGS_NEW_MAIL . " )
- OR ( privmsgs_from_userid = $user_id
- AND privmsgs_type = " . PRIVMSGS_SENT_MAIL . " )
- OR ( privmsgs_to_userid = $user_id
- AND privmsgs_type = " . PRIVMSGS_READ_MAIL . " )
- OR ( privmsgs_to_userid = $user_id
- AND privmsgs_type = " . PRIVMSGS_SAVED_IN_MAIL . " )
- OR ( privmsgs_from_userid = $user_id
- AND privmsgs_type = " . PRIVMSGS_SAVED_OUT_MAIL . " ) )";
- if ( !($result = $db->sql_query($sql)) )
- {
- message_die(GENERAL_ERROR, 'Could not select all user\'s private messages', '', __LINE__, __FILE__, $sql);
- }
-
- //
- // This little bit of code directly from the private messaging section.
- // Thanks Paul!
- //
-
- while ( $row_privmsgs = $db->sql_fetchrow($result) )
- {
- $mark_list[] = $row_privmsgs['privmsgs_id'];
- }
-
- if ( count($mark_list) )
- {
- $delete_sql_id = implode(', ', $mark_list);
-
- //
- // We shouldn't need to worry about updating conters here...
- // They are already gone!
- //
-
- $delete_text_sql = "DELETE FROM " . PRIVMSGS_TEXT_TABLE . "
- WHERE privmsgs_text_id IN ($delete_sql_id)";
- $delete_sql = "DELETE FROM " . PRIVMSGS_TABLE . "
- WHERE privmsgs_id IN ($delete_sql_id)";
-
- //
- // Shouldn't need the switch statement here, either, as we just want
- // to take out all of the private messages. This will not affect
- // the other messages we want to keep; the ids are unique.
- //
-
- if ( !$db->sql_query($delete_sql) )
- {
- message_die(GENERAL_ERROR, 'Could not delete private message info', '', __LINE__, __FILE__, $delete_sql);
- }
-
- if ( !$db->sql_query($delete_text_sql) )
- {
- message_die(GENERAL_ERROR, 'Could not delete private message text', '', __LINE__, __FILE__, $delete_text_sql);
- }
- }
-
- $sql = "UPDATE " . PRIVMSGS_TABLE . "
- SET privmsgs_to_userid = " . DELETED . "
- WHERE privmsgs_to_userid = $user_id";
- if ( !$db->sql_query($sql) )
- {
- message_die(GENERAL_ERROR, 'Could not update private messages saved to the user', '', __LINE__, __FILE__, $sql);
- }
-
- $sql = "UPDATE " . PRIVMSGS_TABLE . "
- SET privmsgs_from_userid = " . DELETED . "
- WHERE privmsgs_from_userid = $user_id";
- if ( !$db->sql_query($sql) )
- {
- message_die(GENERAL_ERROR, 'Could not update private messages saved from the user', '', __LINE__, __FILE__, $sql);
- }
-
- $message = $lang['User_deleted'];
-
- }
- else
- {
- $sql = "UPDATE " . USERS_TABLE . "
- SET " . $username_sql . $passwd_sql . "user_email = '" . str_replace("\'", "''", $email) . "', user_icq = '" . str_replace("\'", "''", $icq) . "', user_website = '" . str_replace("\'", "''", $website) . "', user_occ = '" . str_replace("\'", "''", $occupation) . "', user_from = '" . str_replace("\'", "''", $location) . "', user_interests = '" . str_replace("\'", "''", $interests) . "', user_sig = '" . str_replace("\'", "''", $signature) . "', user_viewemail = $viewemail, user_aim = '" . str_replace("\'", "''", $aim) . "', user_yim = '" . str_replace("\'", "''", $yim) . "', user_msnm = '" . str_replace("\'", "''", $msn) . "', user_attachsig = $attachsig, user_sig_bbcode_uid = '$signature_bbcode_uid', user_allowsmile = $allowsmilies, user_allowhtml = $allowhtml, user_allowavatar = $user_allowavatar, user_allowbbcode = $allowbbcode, user_allow_viewonline = $allowviewonline, user_notify = $notifyreply, user_allow_pm = $user_allowpm, user_notify_pm = $notifypm, user_popup_pm = $popuppm, user_lang = '" . str_replace("\'", "''", $user_lang) . "', user_style = $user_style, user_timezone = $user_timezone, user_dateformat = '" . str_replace("\'", "''", $user_dateformat) . "', user_active = $user_status, user_rank = $user_rank" . $avatar_sql . "
- WHERE user_id = $user_id";
if( $result = $db->sql_query($sql) )
{
if( isset($rename_user) )
diff --git a/phpBB/db/schemas/mssql_basic.sql b/phpBB/db/schemas/mssql_basic.sql
index 81fe512f11..bed7b9a017 100644
--- a/phpBB/db/schemas/mssql_basic.sql
+++ b/phpBB/db/schemas/mssql_basic.sql
@@ -242,4 +242,4 @@ INSERT INTO phpbb_search_wordmatch (word_id, post_id, title_match) VALUES ( 11,
INSERT INTO phpbb_search_wordmatch (word_id, post_id, title_match) VALUES ( 12, 1, 1 );
INSERT INTO phpbb_search_wordmatch (word_id, post_id, title_match) VALUES ( 3, 1, 1 );
-COMMIT;
+COMMIT;
\ No newline at end of file
diff --git a/phpBB/db/schemas/mssql_schema.sql b/phpBB/db/schemas/mssql_schema.sql
index c7badb6236..e328d4d7ac 100644
--- a/phpBB/db/schemas/mssql_schema.sql
+++ b/phpBB/db/schemas/mssql_schema.sql
@@ -1,6 +1,6 @@
/*
- mssql_schema.sql for phpBB2 (c) 2001, phpBB Group
+ mssql_schema.sql for phpBB2 (c) 2001, phpBB Group
$Id$
@@ -23,7 +23,7 @@ CREATE TABLE [phpbb_auth_access] (
[auth_vote] [smallint] NOT NULL ,
[auth_pollcreate] [smallint] NOT NULL ,
[auth_attachments] [smallint] NOT NULL ,
- [auth_mod] [smallint] NOT NULL
+ [auth_mod] [smallint] NOT NULL
) ON [PRIMARY]
GO
@@ -31,26 +31,26 @@ CREATE TABLE [phpbb_banlist] (
[ban_id] [int] IDENTITY (1, 1) NOT NULL ,
[ban_userid] [int] NULL ,
[ban_ip] [char] (8) NULL ,
- [ban_email] [varchar] (50) NULL
+ [ban_email] [varchar] (50) NULL
) ON [PRIMARY]
GO
CREATE TABLE [phpbb_categories] (
[cat_id] [int] IDENTITY (1, 1) NOT NULL ,
[cat_title] [varchar] (50) NOT NULL ,
- [cat_order] [int] NOT NULL
+ [cat_order] [int] NOT NULL
) ON [PRIMARY]
GO
CREATE TABLE [phpbb_config] (
[config_name] [varchar] (255) NULL ,
- [config_value] [varchar] (255) NULL
+ [config_value] [varchar] (255) NULL
) ON [PRIMARY]
GO
CREATE TABLE [phpbb_disallow] (
[disallow_id] [int] IDENTITY (1, 1) NOT NULL ,
- [disallow_username] [varchar] (100) NULL
+ [disallow_username] [varchar] (100) NULL
) ON [PRIMARY]
GO
@@ -58,7 +58,7 @@ CREATE TABLE [phpbb_forum_prune] (
[prune_id] [int] IDENTITY (1, 1) NOT NULL ,
[forum_id] [int] NOT NULL ,
[prune_days] [int] NOT NULL ,
- [prune_freq] [int] NOT NULL
+ [prune_freq] [int] NOT NULL
) ON [PRIMARY]
GO
@@ -84,7 +84,7 @@ CREATE TABLE [phpbb_forums] (
[auth_announce] [smallint] NOT NULL ,
[auth_vote] [smallint] NOT NULL ,
[auth_pollcreate] [smallint] NOT NULL ,
- [auth_attachments] [smallint] NOT NULL
+ [auth_attachments] [smallint] NOT NULL
) ON [PRIMARY]
GO
@@ -94,7 +94,7 @@ CREATE TABLE [phpbb_groups] (
[group_name] [varchar] (50) NOT NULL ,
[group_description] [varchar] (255) NOT NULL ,
[group_moderator] [int] NULL ,
- [group_single_user] [smallint] NOT NULL
+ [group_single_user] [smallint] NOT NULL
) ON [PRIMARY]
GO
@@ -111,7 +111,7 @@ CREATE TABLE [phpbb_posts] (
[enable_smilies] [smallint] NULL ,
[enable_sig] [smallint] NULL ,
[post_edit_time] [int] NULL ,
- [post_edit_count] [smallint] NULL
+ [post_edit_count] [smallint] NULL
) ON [PRIMARY]
GO
@@ -119,7 +119,7 @@ CREATE TABLE [phpbb_posts_text] (
[post_id] [int] NOT NULL ,
[bbcode_uid] [char] (10) NULL ,
[post_subject] [char] (60) NULL ,
- [post_text] [text] NULL
+ [post_text] [text] NULL
) ON [PRIMARY] TEXTIMAGE_ON [PRIMARY]
GO
@@ -134,14 +134,14 @@ CREATE TABLE [phpbb_privmsgs] (
[privmsgs_enable_bbcode] [smallint] NULL ,
[privmsgs_enable_html] [smallint] NULL ,
[privmsgs_enable_smilies] [smallint] NULL ,
- [privmsgs_attach_sig] [smallint] NULL
+ [privmsgs_attach_sig] [smallint] NULL
) ON [PRIMARY]
GO
CREATE TABLE [phpbb_privmsgs_text] (
[privmsgs_text_id] [int] NOT NULL ,
[privmsgs_bbcode_uid] [char] (10) NULL ,
- [privmsgs_text] [text] NULL
+ [privmsgs_text] [text] NULL
) ON [PRIMARY] TEXTIMAGE_ON [PRIMARY]
GO
@@ -150,28 +150,28 @@ CREATE TABLE [phpbb_ranks] (
[rank_title] [varchar] (50) NOT NULL ,
[rank_min] [int] NULL ,
[rank_special] [smallint] NULL ,
- [rank_image] [varchar] (50) NULL
+ [rank_image] [varchar] (50) NULL
) ON [PRIMARY]
GO
CREATE TABLE [phpbb_search_results] (
[search_id] [int] NOT NULL ,
[session_id] [char] (32) NOT NULL ,
- [search_array] [text] NOT NULL
+ [search_array] [text] NOT NULL
) ON [PRIMARY] TEXTIMAGE_ON [PRIMARY]
GO
CREATE TABLE [phpbb_search_wordlist] (
[word_id] [int] IDENTITY (1, 1) NOT NULL ,
[word_text] [varchar] (50) NOT NULL ,
- [word_common] [tinyint] NOT NULL
+ [word_common] [tinyint] NOT NULL
) ON [PRIMARY]
GO
CREATE TABLE [phpbb_search_wordmatch] (
[post_id] [int] NOT NULL ,
[word_id] [int] NOT NULL ,
- [title_match] [smallint] NOT NULL
+ [title_match] [smallint] NOT NULL
) ON [PRIMARY]
GO
@@ -182,7 +182,7 @@ CREATE TABLE [phpbb_sessions] (
[session_time] [int] NULL ,
[session_ip] [char] (8) NOT NULL ,
[session_page] [int] NULL ,
- [session_logged_in] [smallint] NULL
+ [session_logged_in] [smallint] NULL
) ON [PRIMARY]
GO
@@ -190,7 +190,7 @@ CREATE TABLE [phpbb_smilies] (
[smilies_id] [int] IDENTITY (1, 1) NOT NULL ,
[code] [varchar] (10) NOT NULL ,
[smile_url] [varchar] (50) NOT NULL ,
- [emoticon] [varchar] (50) NULL
+ [emoticon] [varchar] (50) NULL
) ON [PRIMARY]
GO
@@ -237,7 +237,7 @@ CREATE TABLE [phpbb_themes] (
[span_class2] [varchar] (25) NULL ,
[span_class3] [varchar] (25) NULL ,
[img_size_poll] [smallint] NULL ,
- [img_size_privmsg] [smallint] NULL
+ [img_size_privmsg] [smallint] NULL
) ON [PRIMARY]
GO
@@ -289,21 +289,21 @@ CREATE TABLE [phpbb_topics] (
[topic_vote] [smallint] NOT NULL ,
[topic_first_post_id] [int] NULL ,
[topic_last_post_id] [int] NULL ,
- [topic_moved_id] [int] NULL
+ [topic_moved_id] [int] NULL
) ON [PRIMARY]
GO
CREATE TABLE [phpbb_topics_watch] (
[topic_id] [int] NOT NULL ,
[user_id] [int] NOT NULL ,
- [notify_status] [smallint] NOT NULL
+ [notify_status] [smallint] NOT NULL
) ON [PRIMARY]
GO
CREATE TABLE [phpbb_user_group] (
[group_id] [int] NOT NULL ,
[user_id] [int] NOT NULL ,
- [user_pending] [smallint] NULL
+ [user_pending] [smallint] NULL
) ON [PRIMARY]
GO
@@ -352,7 +352,7 @@ CREATE TABLE [phpbb_users] (
[user_interests] [varchar] (255) NULL ,
[user_actkey] [varchar] (32) NULL ,
[user_newpasswd] [varchar] (32) NULL ,
- [user_notify] [smallint] NOT NULL
+ [user_notify] [smallint] NOT NULL
) ON [PRIMARY] TEXTIMAGE_ON [PRIMARY]
GO
@@ -361,7 +361,7 @@ CREATE TABLE [phpbb_vote_desc] (
[topic_id] [int] NOT NULL ,
[vote_text] [varchar] (255) NOT NULL ,
[vote_start] [int] NOT NULL ,
- [vote_length] [int] NOT NULL
+ [vote_length] [int] NOT NULL
) ON [PRIMARY]
GO
@@ -369,158 +369,158 @@ CREATE TABLE [phpbb_vote_results] (
[vote_id] [int] NOT NULL ,
[vote_option_id] [int] NOT NULL ,
[vote_option_text] [varchar] (255) NOT NULL ,
- [vote_result] [int] NOT NULL
+ [vote_result] [int] NOT NULL
) ON [PRIMARY]
GO
CREATE TABLE [phpbb_vote_voters] (
[vote_id] [int] NOT NULL ,
[vote_user_id] [int] NOT NULL ,
- [vote_user_ip] [char] (8) NOT NULL
+ [vote_user_ip] [char] (8) NOT NULL
) ON [PRIMARY]
GO
CREATE TABLE [phpbb_words] (
[word_id] [int] IDENTITY (1, 1) NOT NULL ,
[word] [varchar] (255) NOT NULL ,
- [replacement] [varchar] (255) NOT NULL
+ [replacement] [varchar] (255) NOT NULL
) ON [PRIMARY]
GO
-ALTER TABLE [phpbb_banlist] WITH NOCHECK ADD
- CONSTRAINT [PK_phpbb_banlist] PRIMARY KEY CLUSTERED
+ALTER TABLE [phpbb_banlist] WITH NOCHECK ADD
+ CONSTRAINT [PK_phpbb_banlist] PRIMARY KEY CLUSTERED
(
[ban_id]
- ) ON [PRIMARY]
+ ) ON [PRIMARY]
GO
-ALTER TABLE [phpbb_categories] WITH NOCHECK ADD
- CONSTRAINT [PK_phpbb_categories] PRIMARY KEY CLUSTERED
+ALTER TABLE [phpbb_categories] WITH NOCHECK ADD
+ CONSTRAINT [PK_phpbb_categories] PRIMARY KEY CLUSTERED
(
[cat_id]
- ) ON [PRIMARY]
+ ) ON [PRIMARY]
GO
-ALTER TABLE [phpbb_disallow] WITH NOCHECK ADD
- CONSTRAINT [PK_phpbb_disallow] PRIMARY KEY CLUSTERED
+ALTER TABLE [phpbb_disallow] WITH NOCHECK ADD
+ CONSTRAINT [PK_phpbb_disallow] PRIMARY KEY CLUSTERED
(
[disallow_id]
- ) ON [PRIMARY]
+ ) ON [PRIMARY]
GO
-ALTER TABLE [phpbb_forum_prune] WITH NOCHECK ADD
- CONSTRAINT [PK_phpbb_forum_prune] PRIMARY KEY CLUSTERED
+ALTER TABLE [phpbb_forum_prune] WITH NOCHECK ADD
+ CONSTRAINT [PK_phpbb_forum_prune] PRIMARY KEY CLUSTERED
(
[prune_id]
- ) ON [PRIMARY]
+ ) ON [PRIMARY]
GO
-ALTER TABLE [phpbb_forums] WITH NOCHECK ADD
- CONSTRAINT [PK_phpbb_forums] PRIMARY KEY CLUSTERED
+ALTER TABLE [phpbb_forums] WITH NOCHECK ADD
+ CONSTRAINT [PK_phpbb_forums] PRIMARY KEY CLUSTERED
(
[forum_id]
- ) ON [PRIMARY]
+ ) ON [PRIMARY]
GO
-ALTER TABLE [phpbb_groups] WITH NOCHECK ADD
- CONSTRAINT [PK_phpbb_groups] PRIMARY KEY CLUSTERED
+ALTER TABLE [phpbb_groups] WITH NOCHECK ADD
+ CONSTRAINT [PK_phpbb_groups] PRIMARY KEY CLUSTERED
(
[group_id]
- ) ON [PRIMARY]
+ ) ON [PRIMARY]
GO
-ALTER TABLE [phpbb_posts] WITH NOCHECK ADD
- CONSTRAINT [PK_phpbb_posts] PRIMARY KEY CLUSTERED
+ALTER TABLE [phpbb_posts] WITH NOCHECK ADD
+ CONSTRAINT [PK_phpbb_posts] PRIMARY KEY CLUSTERED
(
[post_id]
- ) ON [PRIMARY]
+ ) ON [PRIMARY]
GO
-ALTER TABLE [phpbb_privmsgs] WITH NOCHECK ADD
- CONSTRAINT [PK_phpbb_privmsgs] PRIMARY KEY CLUSTERED
+ALTER TABLE [phpbb_privmsgs] WITH NOCHECK ADD
+ CONSTRAINT [PK_phpbb_privmsgs] PRIMARY KEY CLUSTERED
(
[privmsgs_id]
- ) ON [PRIMARY]
+ ) ON [PRIMARY]
GO
-ALTER TABLE [phpbb_privmsgs_text] WITH NOCHECK ADD
- CONSTRAINT [PK_phpbb_privmsgs_text] PRIMARY KEY CLUSTERED
+ALTER TABLE [phpbb_privmsgs_text] WITH NOCHECK ADD
+ CONSTRAINT [PK_phpbb_privmsgs_text] PRIMARY KEY CLUSTERED
(
[privmsgs_text_id]
- ) ON [PRIMARY]
+ ) ON [PRIMARY]
GO
-ALTER TABLE [phpbb_ranks] WITH NOCHECK ADD
- CONSTRAINT [PK_phpbb_ranks] PRIMARY KEY CLUSTERED
+ALTER TABLE [phpbb_ranks] WITH NOCHECK ADD
+ CONSTRAINT [PK_phpbb_ranks] PRIMARY KEY CLUSTERED
(
[rank_id]
- ) ON [PRIMARY]
+ ) ON [PRIMARY]
GO
-ALTER TABLE [phpbb_search_results] WITH NOCHECK ADD
- CONSTRAINT [PK_phpbb_search_results] PRIMARY KEY CLUSTERED
+ALTER TABLE [phpbb_search_results] WITH NOCHECK ADD
+ CONSTRAINT [PK_phpbb_search_results] PRIMARY KEY CLUSTERED
(
[search_id]
- ) ON [PRIMARY]
+ ) ON [PRIMARY]
GO
-ALTER TABLE [phpbb_search_wordlist] WITH NOCHECK ADD
- CONSTRAINT [PK_phpbb_search_wordlist] PRIMARY KEY CLUSTERED
+ALTER TABLE [phpbb_search_wordlist] WITH NOCHECK ADD
+ CONSTRAINT [PK_phpbb_search_wordlist] PRIMARY KEY CLUSTERED
(
[word_id]
- ) ON [PRIMARY]
+ ) ON [PRIMARY]
GO
-ALTER TABLE [phpbb_smilies] WITH NOCHECK ADD
- CONSTRAINT [PK_phpbb_smilies] PRIMARY KEY CLUSTERED
+ALTER TABLE [phpbb_smilies] WITH NOCHECK ADD
+ CONSTRAINT [PK_phpbb_smilies] PRIMARY KEY CLUSTERED
(
[smilies_id]
- ) ON [PRIMARY]
+ ) ON [PRIMARY]
GO
-ALTER TABLE [phpbb_themes] WITH NOCHECK ADD
- CONSTRAINT [PK_phpbb_themes] PRIMARY KEY CLUSTERED
+ALTER TABLE [phpbb_themes] WITH NOCHECK ADD
+ CONSTRAINT [PK_phpbb_themes] PRIMARY KEY CLUSTERED
(
[themes_id]
- ) ON [PRIMARY]
+ ) ON [PRIMARY]
GO
-ALTER TABLE [phpbb_themes_name] WITH NOCHECK ADD
- CONSTRAINT [PK_phpbb_themes_name] PRIMARY KEY CLUSTERED
+ALTER TABLE [phpbb_themes_name] WITH NOCHECK ADD
+ CONSTRAINT [PK_phpbb_themes_name] PRIMARY KEY CLUSTERED
(
[themes_id]
- ) ON [PRIMARY]
+ ) ON [PRIMARY]
GO
-ALTER TABLE [phpbb_topics] WITH NOCHECK ADD
- CONSTRAINT [PK_phpbb_topics] PRIMARY KEY CLUSTERED
+ALTER TABLE [phpbb_topics] WITH NOCHECK ADD
+ CONSTRAINT [PK_phpbb_topics] PRIMARY KEY CLUSTERED
(
[topic_id]
- ) ON [PRIMARY]
+ ) ON [PRIMARY]
GO
-ALTER TABLE [phpbb_users] WITH NOCHECK ADD
- CONSTRAINT [PK_phpbb_users] PRIMARY KEY CLUSTERED
+ALTER TABLE [phpbb_users] WITH NOCHECK ADD
+ CONSTRAINT [PK_phpbb_users] PRIMARY KEY CLUSTERED
(
[user_id]
- ) ON [PRIMARY]
+ ) ON [PRIMARY]
GO
-ALTER TABLE [phpbb_vote_desc] WITH NOCHECK ADD
- CONSTRAINT [PK_phpbb_vote_desc] PRIMARY KEY CLUSTERED
+ALTER TABLE [phpbb_vote_desc] WITH NOCHECK ADD
+ CONSTRAINT [PK_phpbb_vote_desc] PRIMARY KEY CLUSTERED
(
[vote_id]
- ) ON [PRIMARY]
+ ) ON [PRIMARY]
GO
-ALTER TABLE [phpbb_words] WITH NOCHECK ADD
- CONSTRAINT [PK_phpbb_words] PRIMARY KEY CLUSTERED
+ALTER TABLE [phpbb_words] WITH NOCHECK ADD
+ CONSTRAINT [PK_phpbb_words] PRIMARY KEY CLUSTERED
(
[word_id]
- ) ON [PRIMARY]
+ ) ON [PRIMARY]
GO
-ALTER TABLE [phpbb_auth_access] WITH NOCHECK ADD
+ALTER TABLE [phpbb_auth_access] WITH NOCHECK ADD
CONSTRAINT [DF_phpbb_auth_access_auth_view] DEFAULT (0) FOR [auth_view],
CONSTRAINT [DF_phpbb_auth_access_auth_read] DEFAULT (0) FOR [auth_read],
CONSTRAINT [DF_phpbb_auth_access_auth_post] DEFAULT (0) FOR [auth_post],
@@ -535,7 +535,7 @@ ALTER TABLE [phpbb_auth_access] WITH NOCHECK ADD
CONSTRAINT [DF_phpbb_auth_access_auth_mod] DEFAULT (0) FOR [auth_mod]
GO
-ALTER TABLE [phpbb_forums] WITH NOCHECK ADD
+ALTER TABLE [phpbb_forums] WITH NOCHECK ADD
CONSTRAINT [DF_phpbb_forums_forum_posts] DEFAULT (0) FOR [forum_posts],
CONSTRAINT [DF_phpbb_forums_forum_topics] DEFAULT (0) FOR [forum_topics],
CONSTRAINT [DF_phpbb_forums_forum_last_post_id] DEFAULT (0) FOR [forum_last_post_id],
@@ -553,20 +553,20 @@ ALTER TABLE [phpbb_forums] WITH NOCHECK ADD
CONSTRAINT [DF_phpbb_forums_auth_attachments] DEFAULT (0) FOR [auth_attachments]
GO
-ALTER TABLE [phpbb_search_wordlist] WITH NOCHECK ADD
+ALTER TABLE [phpbb_search_wordlist] WITH NOCHECK ADD
CONSTRAINT [DF_phpbb_search_wordlist_word_common] DEFAULT (0) FOR [word_common]
GO
-ALTER TABLE [phpbb_topics] WITH NOCHECK ADD
+ALTER TABLE [phpbb_topics] WITH NOCHECK ADD
CONSTRAINT [DF_phpbb_topics_topic_views] DEFAULT (0) FOR [topic_views],
CONSTRAINT [DF_phpbb_topics_topic_replies] DEFAULT (0) FOR [topic_replies],
CONSTRAINT [DF_phpbb_topics_topic_status] DEFAULT (0) FOR [topic_status],
CONSTRAINT [DF_phpbb_topics_topic_type] DEFAULT (0) FOR [topic_type],
- CONSTRAINT [DF_phpbb_topics_topic_vote] DEFAULT (0) FOR [topic_vote],
+ CONSTRAINT [DF_phpbb_topics_topic_vote] DEFAULT (0) FOR [topic_vote],
CONSTRAINT [DF_phpbb_topics_topic_moved_id] DEFAULT (0) FOR topic_moved_id
GO
-ALTER TABLE [phpbb_users] WITH NOCHECK ADD
+ALTER TABLE [phpbb_users] WITH NOCHECK ADD
CONSTRAINT [DF_phpbb_users_user_level] DEFAULT (0) FOR [user_level],
CONSTRAINT [DF_phpbb_users_user_posts] DEFAULT (0) FOR [user_posts],
CONSTRAINT [DF_phpbb_users_user_session_time] DEFAULT (0) FOR [user_session_time],
@@ -665,4 +665,4 @@ GO
GO
COMMIT
-GO
+GO
\ No newline at end of file
diff --git a/phpBB/groupcp.php b/phpBB/groupcp.php
index 43d1a95017..e1d484f4f9 100644
--- a/phpBB/groupcp.php
+++ b/phpBB/groupcp.php
@@ -127,7 +127,7 @@ $server_url = $server_protocol . $server_name . $server_port . $script_name;
if ( isset($HTTP_GET_VARS[POST_GROUPS_URL]) || isset($HTTP_POST_VARS[POST_GROUPS_URL]) )
{
- $group_id = ( isset($HTTP_GET_VARS[POST_GROUPS_URL]) ) ? intval($HTTP_GET_VARS[POST_GROUPS_URL]) : intval($HTTP_POST_VARS[POST_GROUPS_URL]);
+ $group_id = ( isset($HTTP_POST_VARS[POST_GROUPS_URL]) ) ? intval($HTTP_POST_VARS[POST_GROUPS_URL]) : intval($HTTP_GET_VARS[POST_GROUPS_URL]);
}
else
{
@@ -1243,7 +1243,11 @@ else
$template->assign_block_vars('switch_groups_remaining', array() );
}
- $s_hidden_fields = '';
+ $s_hidden_fields = '';
+ if ( !empty($SID) )
+ {
+ $s_hidden_fields .= '';
+ }
$template->assign_vars(array(
'L_GROUP_MEMBERSHIP_DETAILS' => $lang['Group_member_details'],
diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php
index eaebdb9ac4..9d1702aaec 100644
--- a/phpBB/includes/functions.php
+++ b/phpBB/includes/functions.php
@@ -92,7 +92,7 @@ function get_userdata($user)
function make_jumpbox($action, $match_forum_id = 0)
{
- global $template, $lang, $db, $SID, $nav_links, $phpEx;
+ global $template, $userdata, $lang, $db, $nav_links, $phpEx;
// $is_auth = auth(AUTH_VIEW, AUTH_LIST_ALL, $userdata);
@@ -174,9 +174,9 @@ function make_jumpbox($action, $match_forum_id = 0)
$boxstring .= '';
}
- if ( isset($SID) )
+ if ( !empty($SID) )
{
- $boxstring .= '';
+ $boxstring .= '';
}
$template->set_filenames(array(
@@ -288,7 +288,7 @@ function setup_style($style)
message_die(CRITICAL_ERROR, "Could not open $template_name template config file", '', __LINE__, __FILE__);
}
- $img_lang = ( file_exists(@realpath($current_template_path . '/images/lang_' . $board_config['default_lang'])) ) ? $board_config['default_lang'] : 'english';
+ $img_lang = ( file_exists(@realpath($phpbb_root_path . $current_template_path . '/images/lang_' . $board_config['default_lang'])) ) ? $board_config['default_lang'] : 'english';
while( list($key, $value) = @each($images) )
{
diff --git a/phpBB/includes/usercp_avatar.php b/phpBB/includes/usercp_avatar.php
index f6d3f2d7a9..b8d3da2a4b 100644
--- a/phpBB/includes/usercp_avatar.php
+++ b/phpBB/includes/usercp_avatar.php
@@ -96,7 +96,7 @@ function user_avatar_url($mode, &$error, &$error_msg, $avatar_filename)
function user_avatar_upload($mode, $avatar_mode, &$current_avatar, &$current_type, &$error, &$error_msg, $avatar_filename, $avatar_realname, $avatar_filesize, $avatar_filetype)
{
- global $board_config, $user_ip, $db, $lang;
+ global $board_config, $db, $lang;
$ini_val = ( @phpversion() >= '4.0.0' ) ? 'ini_get' : 'get_cfg_var';
@@ -145,7 +145,7 @@ function user_avatar_upload($mode, $avatar_mode, &$current_avatar, &$current_typ
$avatar_data = substr($avatar_data, strlen($avatar_data) - $avatar_filesize, $avatar_filesize);
$tmp_path = ( !@$ini_val('safe_mode') ) ? '/tmp' : './' . $board_config['avatar_path'] . '/tmp';
- $tmp_filename = tempnam($tmp_path, uniqid($user_ip) . '-');
+ $tmp_filename = tempnam($tmp_path, uniqid(rand()) . '-');
$fptr = @fopen($tmp_filename, 'wb');
$bytes_written = @fwrite($fptr, $avatar_data, $avatar_filesize);
@@ -193,7 +193,7 @@ function user_avatar_upload($mode, $avatar_mode, &$current_avatar, &$current_typ
if ( $width <= $board_config['avatar_max_width'] && $height <= $board_config['avatar_max_height'] )
{
- $new_filename = uniqid($user_ip) . $imgtype;
+ $new_filename = uniqid(rand()) . $imgtype;
if ( $mode == 'editprofile' && $current_type == USER_AVATAR_UPLOAD && $current_avatar != '' )
{
diff --git a/phpBB/includes/usercp_register.php b/phpBB/includes/usercp_register.php
index 151fa0c804..76441593f3 100644
--- a/phpBB/includes/usercp_register.php
+++ b/phpBB/includes/usercp_register.php
@@ -101,7 +101,7 @@ if (
{
if ( !empty($HTTP_POST_VARS[$param]) )
{
- $$var = trim(strip_tags($HTTP_POST_VARS[$param]));
+ $$var = trim(htmlspecialchars(strip_tags($HTTP_POST_VARS[$param])));
}
}
@@ -115,8 +115,6 @@ if (
}
}
- $username = str_replace(' ', '', $username);
- $email = htmlspecialchars($email);
$signature = str_replace('
', "\n", $signature);
// Run some validation on the optional fields. These are pass-by-ref, so they'll be changed to
@@ -152,7 +150,7 @@ if (
{
if ( preg_match('/^[a-z_]+$/i', $HTTP_POST_VARS['language']) )
{
- $user_lang = $HTTP_POST_VARS['language'];
+ $user_lang = htmlspecialchars($HTTP_POST_VARS['language']);
}
else
{
@@ -166,7 +164,7 @@ if (
}
$user_timezone = ( isset($HTTP_POST_VARS['timezone']) ) ? doubleval($HTTP_POST_VARS['timezone']) : $board_config['board_timezone'];
- $user_dateformat = ( !empty($HTTP_POST_VARS['dateformat']) ) ? trim($HTTP_POST_VARS['dateformat']) : $board_config['default_dateformat'];
+ $user_dateformat = ( !empty($HTTP_POST_VARS['dateformat']) ) ? trim(htmlspecialchars($HTTP_POST_VARS['dateformat'])) : $board_config['default_dateformat'];
$user_avatar_local = ( isset($HTTP_POST_VARS['avatarselect']) && !empty($HTTP_POST_VARS['submitavatar']) && $board_config['allow_avatar_local'] ) ? $HTTP_POST_VARS['avatarselect'] : ( ( isset($HTTP_POST_VARS['avatarlocal']) ) ? htmlspecialchars($HTTP_POST_VARS['avatarlocal']) : '' );
@@ -188,29 +186,23 @@ if (
$password_confirm = stripslashes($password_confirm);
$icq = stripslashes($icq);
- $aim = htmlspecialchars(stripslashes($aim));
- $msn = htmlspecialchars(stripslashes($msn));
- $yim = htmlspecialchars(stripslashes($yim));
+ $aim = stripslashes($aim);
+ $msn = stripslashes($msn);
+ $yim = stripslashes($yim);
- $website = htmlspecialchars(stripslashes($website));
- $location = htmlspecialchars(stripslashes($location));
- $occupation = htmlspecialchars(stripslashes($occupation));
- $interests = htmlspecialchars(stripslashes($interests));
- $signature = htmlspecialchars(stripslashes($signature));
+ $website = stripslashes($website);
+ $location = stripslashes($location);
+ $occupation = stripslashes($occupation);
+ $interests = stripslashes($interests);
+ $signature = stripslashes($signature);
$user_lang = stripslashes($user_lang);
- $user_dateformat = htmlspecialchars(stripslashes($user_dateformat));
+ $user_dateformat = stripslashes($user_dateformat);
if ( !isset($HTTP_POST_VARS['cancelavatar']))
{
$user_avatar = $user_avatar_local;
$user_avatar_type = USER_AVATAR_GALLERY;
-
- if ( $userdata['user_avatar_type'] == USER_AVATAR_UPLOAD && @file_exists(@realpath('./' . $board_config['avatar_path'] . '/' . $userdata['user_avatar'])) )
- {
- @unlink('./' . $board_config['avatar_path'] . '/' . $userdata['user_avatar']);
- }
-
}
}
}
@@ -344,13 +336,17 @@ if ( isset($HTTP_POST_VARS['submit']) )
}
else if ( $username != $userdata['username'] || $mode == 'register' )
{
- $result = validate_username($username);
- if ( $result['error'] )
+ if (strtolower($username) != strtolower($userdata['username']))
{
- $error = TRUE;
- $error_msg .= ( ( isset($error_msg) ) ? '
' : '' ) . $result['error_msg'];
+ $result = validate_username($username);
+ if ( $result['error'] )
+ {
+ $error = TRUE;
+ $error_msg .= ( ( isset($error_msg) ) ? '
' : '' ) . $result['error_msg'];
+ }
}
- else
+
+ if (!$error)
{
$username_sql = "username = '" . str_replace("\'", "''", $username) . "', ";
}
@@ -372,6 +368,7 @@ if ( isset($HTTP_POST_VARS['submit']) )
$signature = prepare_message($signature, $allowhtml, $allowbbcode, $allowsmilies, $signature_bbcode_uid);
}
+ //??
if ( $website != '' )
{
rawurlencode($website);
@@ -398,10 +395,18 @@ if ( isset($HTTP_POST_VARS['submit']) )
}
else if ( $user_avatar_remoteurl != '' && $board_config['allow_avatar_remote'] )
{
+ if ( @file_exists(@realpath('./' . $board_config['avatar_path'] . '/' . $userdata['user_avatar'])) )
+ {
+ @unlink('./' . $board_config['avatar_path'] . '/' . $userdata['user_avatar']);
+ }
$avatar_sql = user_avatar_url($mode, $error, $error_msg, $user_avatar_remoteurl);
}
else if ( $user_avatar_local != '' && $board_config['allow_avatar_local'] )
{
+ if ( @file_exists(@realpath('./' . $board_config['avatar_path'] . '/' . $userdata['user_avatar'])) )
+ {
+ @unlink('./' . $board_config['avatar_path'] . '/' . $userdata['user_avatar']);
+ }
$avatar_sql = user_avatar_gallery($mode, $error, $error_msg, $user_avatar_local);
}
else
@@ -644,38 +649,38 @@ if ( $error )
$password_confirm = '';
$icq = stripslashes($icq);
- $aim = htmlspecialchars(str_replace('+', ' ', stripslashes($aim)));
- $msn = htmlspecialchars(stripslashes($msn));
- $yim = htmlspecialchars(stripslashes($yim));
+ $aim = str_replace('+', ' ', stripslashes($aim));
+ $msn = stripslashes($msn);
+ $yim = stripslashes($yim);
- $website = htmlspecialchars(stripslashes($website));
- $location = htmlspecialchars(stripslashes($location));
- $occupation = htmlspecialchars(stripslashes($occupation));
- $interests = htmlspecialchars(stripslashes($interests));
+ $website = stripslashes($website);
+ $location = stripslashes($location);
+ $occupation = stripslashes($occupation);
+ $interests = stripslashes($interests);
$signature = stripslashes($signature);
$signature = ( $signature_bbcode_uid != '' ) ? preg_replace("/:(([a-z0-9]+:)?)$signature_bbcode_uid\]/si", ']', $signature) : $signature;
$user_lang = stripslashes($user_lang);
- $user_dateformat = htmlspecialchars(stripslashes($user_dateformat));
+ $user_dateformat = stripslashes($user_dateformat);
}
else if ( $mode == 'editprofile' && !isset($HTTP_POST_VARS['avatargallery']) && !isset($HTTP_POST_VARS['submitavatar']) && !isset($HTTP_POST_VARS['cancelavatar']) )
{
$user_id = $userdata['user_id'];
- $username = htmlspecialchars($userdata['username']);
+ $username = $userdata['username'];
$email = $userdata['user_email'];
$new_password = '';
$password_confirm = '';
$icq = $userdata['user_icq'];
- $aim = htmlspecialchars(str_replace('+', ' ', $userdata['user_aim']));
- $msn = htmlspecialchars($userdata['user_msnm']);
- $yim = htmlspecialchars($userdata['user_yim']);
+ $aim = str_replace('+', ' ', $userdata['user_aim']);
+ $msn = $userdata['user_msnm'];
+ $yim = $userdata['user_yim'];
- $website = htmlspecialchars($userdata['user_website']);
- $location = htmlspecialchars($userdata['user_from']);
- $occupation = htmlspecialchars($userdata['user_occ']);
- $interests = htmlspecialchars($userdata['user_interests']);
+ $website = $userdata['user_website'];
+ $location = $userdata['user_from'];
+ $occupation = $userdata['user_occ'];
+ $interests = $userdata['user_interests'];
$signature_bbcode_uid = $userdata['user_sig_bbcode_uid'];
$signature = ( $signature_bbcode_uid != '' ) ? preg_replace("/:(([a-z0-9]+:)?)$signature_bbcode_uid\]/si", ']', $userdata['user_sig']) : $userdata['user_sig'];
@@ -695,7 +700,7 @@ else if ( $mode == 'editprofile' && !isset($HTTP_POST_VARS['avatargallery']) &&
$user_style = $userdata['user_style'];
$user_lang = $userdata['user_lang'];
$user_timezone = $userdata['user_timezone'];
- $user_dateformat = htmlspecialchars($userdata['user_dateformat']);
+ $user_dateformat = $userdata['user_dateformat'];
}
//
diff --git a/phpBB/install.php b/phpBB/install.php
index a1d69c4436..d1f0eb3779 100644
--- a/phpBB/install.php
+++ b/phpBB/install.php
@@ -22,15 +22,6 @@
error_reporting (E_ERROR | E_WARNING | E_PARSE); // This will NOT report uninitialized variables
set_magic_quotes_runtime(0); // Disable magic_quotes_runtime
-define('IN_PHPBB', true);
-$phpbb_root_path='./';
-include($phpbb_root_path.'extension.inc');
-include($phpbb_root_path . 'includes/functions_selects.'.$phpEx);
-
-$userdata = array();
-$lang = array();
-$reinstall = false;
-
if( !get_magic_quotes_gpc() )
{
if( is_array($HTTP_GET_VARS) )
@@ -94,6 +85,15 @@ if( !get_magic_quotes_gpc() )
}
}
+define('IN_PHPBB', true);
+$phpbb_root_path='./';
+include($phpbb_root_path.'extension.inc');
+include($phpbb_root_path . 'includes/functions_selects.'.$phpEx);
+
+$userdata = array();
+$lang = array();
+$reinstall = false;
+
/***************************************************************************
* Install Customization Section
*
@@ -720,25 +720,25 @@ else
$sql_query = $remove_remarks($sql_query);
$sql_query = split_sql_file($sql_query, $delimiter);
- $sql_count = count($sql_query);
-
- for($i = 0; $i < $sql_count; $i++)
+ for ($i = 0; $i < sizeof($sql_query); $i++)
{
- $result = $db->sql_query($sql_query[$i]);
- if( !$result )
+ if (trim($sql_query[$i]) != '')
{
- $error = $db->sql_error();
-
- $template->assign_block_vars("switch_error_install", array());
+ if (!($result = $db->sql_query($sql_query[$i])))
+ {
+ $error = $db->sql_error();
+
+ $template->assign_block_vars("switch_error_install", array());
- $template->assign_vars(array(
- "L_ERROR_TITLE" => $lang['Installer_Error'],
- "L_ERROR" => $lang['Install_db_error'] . '
' . $error['message'])
- );
+ $template->assign_vars(array(
+ "L_ERROR_TITLE" => $lang['Installer_Error'],
+ "L_ERROR" => $lang['Install_db_error'] . '
' . $error['message'])
+ );
- $template->pparse('body');
+ $template->pparse('body');
- exit;
+ exit;
+ }
}
}
@@ -751,25 +751,25 @@ else
$sql_query = $remove_remarks($sql_query);
$sql_query = split_sql_file($sql_query, $delimiter_basic);
- $sql_count = count($sql_query);
-
- for($i = 0; $i < $sql_count; $i++)
+ for($i = 0; $i < sizeof($sql_query); $i++)
{
- $result = $db->sql_query($sql_query[$i]);
- if( !$result )
+ if (trim($sql_query[$i]) != '')
{
- $error = $db->sql_error();
-
- $template->assign_block_vars("switch_error_install", array());
+ if (!($result = $db->sql_query($sql_query[$i])))
+ {
+ $error = $db->sql_error();
+
+ $template->assign_block_vars("switch_error_install", array());
- $template->assign_vars(array(
- "L_ERROR_TITLE" => $lang['Installer_Error'],
- "L_ERROR" => $lang['Install_db_error'] . "
" . $error["message"])
- );
+ $template->assign_vars(array(
+ "L_ERROR_TITLE" => $lang['Installer_Error'],
+ "L_ERROR" => $lang['Install_db_error'] . "
" . $error["message"])
+ );
- $template->pparse('body');
+ $template->pparse('body');
- exit;
+ exit;
+ }
}
}
}
@@ -781,7 +781,7 @@ else
// this we are going to pass them over to the admin_forum.php script
// to set up their forum defaults.
//
- $error = "";
+ $error = '';
//
// Update the default admin user with their information.
@@ -862,6 +862,8 @@ else
$error .= "Could not update user_regdate :: " . $sql . " :: " . __LINE__ . " :: " . __FILE__ . "
";
}
+ /*
+ // Disabled in 2.0.4 ... too many issues with MAX ROWS
//
// Change session table to HEAP if MySQL version matches
//
@@ -881,6 +883,7 @@ else
}
}
}
+ */
if( $error != "" )
{
diff --git a/phpBB/memberlist.php b/phpBB/memberlist.php
index 838e11dc1f..cc8dbb2fed 100644
--- a/phpBB/memberlist.php
+++ b/phpBB/memberlist.php
@@ -35,6 +35,15 @@ init_userprefs($userdata);
$start = ( isset($HTTP_GET_VARS['start']) ) ? intval($HTTP_GET_VARS['start']) : 0;
+if ( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) )
+{
+ $mode = ( isset($HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode'];
+}
+else
+{
+ $mode = 'joined';
+}
+
if(isset($HTTP_POST_VARS['order']))
{
$sort_order = ($HTTP_POST_VARS['order'] == 'ASC') ? 'ASC' : 'DESC';
@@ -104,41 +113,32 @@ $template->assign_vars(array(
'S_MODE_ACTION' => append_sid("memberlist.$phpEx"))
);
-if ( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) )
+switch( $mode )
{
- $mode = ( isset($HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode'];
-
- switch( $mode )
- {
- case 'joined':
- $order_by = "user_regdate ASC LIMIT $start, " . $board_config['topics_per_page'];
- break;
- case 'username':
- $order_by = "username $sort_order LIMIT $start, " . $board_config['topics_per_page'];
- break;
- case 'location':
- $order_by = "user_from $sort_order LIMIT $start, " . $board_config['topics_per_page'];
- break;
- case 'posts':
- $order_by = "user_posts $sort_order LIMIT $start, " . $board_config['topics_per_page'];
- break;
- case 'email':
- $order_by = "user_email $sort_order LIMIT $start, " . $board_config['topics_per_page'];
- break;
- case 'website':
- $order_by = "user_website $sort_order LIMIT $start, " . $board_config['topics_per_page'];
- break;
- case 'topten':
- $order_by = "user_posts DESC LIMIT 10";
- break;
- default:
- $order_by = "user_regdate $sort_order LIMIT $start, " . $board_config['topics_per_page'];
- break;
- }
-}
-else
-{
- $order_by = "user_regdate $sort_order LIMIT $start, " . $board_config['topics_per_page'];
+ case 'joined':
+ $order_by = "user_regdate ASC LIMIT $start, " . $board_config['topics_per_page'];
+ break;
+ case 'username':
+ $order_by = "username $sort_order LIMIT $start, " . $board_config['topics_per_page'];
+ break;
+ case 'location':
+ $order_by = "user_from $sort_order LIMIT $start, " . $board_config['topics_per_page'];
+ break;
+ case 'posts':
+ $order_by = "user_posts $sort_order LIMIT $start, " . $board_config['topics_per_page'];
+ break;
+ case 'email':
+ $order_by = "user_email $sort_order LIMIT $start, " . $board_config['topics_per_page'];
+ break;
+ case 'website':
+ $order_by = "user_website $sort_order LIMIT $start, " . $board_config['topics_per_page'];
+ break;
+ case 'topten':
+ $order_by = "user_posts $sort_order LIMIT 10";
+ break;
+ default:
+ $order_by = "user_regdate $sort_order LIMIT $start, " . $board_config['topics_per_page'];
+ break;
}
$sql = "SELECT username, user_id, user_viewemail, user_posts, user_regdate, user_from, user_website, user_email, user_icq, user_aim, user_yim, user_msnm, user_avatar, user_avatar_type, user_allowavatar
diff --git a/phpBB/posting.php b/phpBB/posting.php
index 2fb832f975..718ee177ff 100644
--- a/phpBB/posting.php
+++ b/phpBB/posting.php
@@ -403,13 +403,13 @@ else
$smilies_on = ( $submit || $refresh ) ? ( ( !empty($HTTP_POST_VARS['disable_smilies']) ) ? 0 : TRUE ) : ( ( $userdata['user_id'] == ANONYMOUS ) ? $board_config['allow_smilies'] : $userdata['user_allowsmile'] );
}
-if ( $submit || $refresh )
+if ( ($submit || $refresh) && $is_auth['auth_read'])
{
$notify_user = ( !empty($HTTP_POST_VARS['notify']) ) ? TRUE : 0;
}
else
{
- if ( $mode != 'newtopic' && $userdata['session_logged_in'] )
+ if ( $mode != 'newtopic' && $userdata['session_logged_in'] && $is_auth['auth_read'] )
{
$sql = "SELECT topic_id
FROM " . TOPICS_WATCH_TABLE . "
@@ -424,7 +424,7 @@ else
}
else
{
- $notify_user = ( $userdata['session_logged_in'] ) ? $userdata['user_notify'] : 0;
+ $notify_user = ( $userdata['session_logged_in'] && $is_auth['auth_read'] ) ? $userdata['user_notify'] : 0;
}
}
@@ -879,7 +879,7 @@ if( !$userdata['session_logged_in'] || ( $mode == 'editpost' && $post_info['post
//
// Notify checkbox - only show if user is logged in
//
-if ( $userdata['session_logged_in'] )
+if ( $userdata['session_logged_in'] && $is_auth['auth_read'] )
{
if ( $mode != 'editpost' || ( $mode == 'editpost' && $post_info['poster_id'] != ANONYMOUS ) )
{
@@ -1104,7 +1104,7 @@ if( ( $mode == 'newtopic' || ( $mode == 'editpost' && $post_data['first_post'] )
//
// Topic review
//
-if( $mode == 'reply' )
+if( $mode == 'reply' && $is_auth['auth_read'] )
{
require($phpbb_root_path . 'includes/topic_review.'.$phpEx);
topic_review($topic_id, true);