makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-28 06:08:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

Yet more fixes ... note there is a bug in user admin at present

Browse source 
git-svn-id: file:///svn/phpbb/branches/phpBB-2_0_0@3083 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Paul S. Owen 2002-11-24 16:22:52 +00:00
parent 95c6156b4a
commit 73650b59c7
10 changed files with 414 additions and 401 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

357
phpBB/admin/admin_users.php
View file

@ -68,6 +68,184 @@ if( $mode == 'edit' || $mode == 'save' && ( isset($HTTP_POST_VARS['username']) |
message_die(GENERAL_MESSAGE, $lang['No_user_id_specified'] ); message_die(GENERAL_MESSAGE, $lang['No_user_id_specified'] );
} }
if( $HTTP_POST_VARS['deleteuser'] )
{
$sql = "SELECT g.group_id
FROM " . USER_GROUP_TABLE . " ug, " . GROUPS_TABLE . " g
WHERE ug.user_id = $user_id
AND g.group_id = ug.group_id
AND g.group_single_user = 1";
if( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not obtain group information for this user', '', __LINE__, __FILE__, $sql);
}
$row = $db->sql_fetchrow($result);
$sql = "UPDATE " . POSTS_TABLE . "
SET poster_id = " . DELETED . ", post_username = '$username'
WHERE poster_id = $user_id";
if( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not update posts for this user', '', __LINE__, __FILE__, $sql);
}
$sql = "UPDATE " . TOPICS_TABLE . "
SET topic_poster = " . DELETED . "
WHERE topic_poster = $user_id";
if( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not update topics for this user', '', __LINE__, __FILE__, $sql);
}
$sql = "UPDATE " . VOTE_USERS_TABLE . "
SET vote_user_id = " . DELETED . "
WHERE vote_user_id = $user_id";
if( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not update votes for this user', '', __LINE__, __FILE__, $sql);
}
$sql = "SELECT group_id
FROM " . GROUPS_TABLE . "
WHERE group_moderator = $user_id";
if( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not select groups where user was moderator', '', __LINE__, __FILE__, $sql);
}
while ( $row_group = $db->sql_fetchrow($result) )
{
$group_moderator[] = $row_group['group_id'];
}
if ( count($group_moderator) )
{
$update_moderator_id = implode(', ', $group_moderator);
$sql = "UPDATE " . GROUPS_TABLE . "
SET group_moderator = " . $userdata['user_id'] . "
WHERE group_moderator IN ($update_moderator_id)";
if( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not update group moderators', '', __LINE__, __FILE__, $sql);
}
}
$sql = "DELETE FROM " . USERS_TABLE . "
WHERE user_id = $user_id";
if( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not delete user', '', __LINE__, __FILE__, $sql);
}
$sql = "DELETE FROM " . USER_GROUP_TABLE . "
WHERE user_id = $user_id";
if( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not delete user from user_group table', '', __LINE__, __FILE__, $sql);
}
$sql = "DELETE FROM " . GROUPS_TABLE . "
WHERE group_id = " . $row['group_id'];
if( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not delete group for this user', '', __LINE__, __FILE__, $sql);
}
$sql = "DELETE FROM " . AUTH_ACCESS_TABLE . "
WHERE group_id = " . $row['group_id'];
if( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not delete group for this user', '', __LINE__, __FILE__, $sql);
}
$sql = "DELETE FROM " . TOPICS_WATCH_TABLE . "
WHERE user_id = $user_id";
if ( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not delete user from topic watch table', '', __LINE__, __FILE__, $sql);
}
$sql = "SELECT privmsgs_id
FROM " . PRIVMSGS_TABLE . "
WHERE ( ( privmsgs_from_userid = $user_id
AND privmsgs_type = " . PRIVMSGS_NEW_MAIL . " )
OR ( privmsgs_from_userid = $user_id
AND privmsgs_type = " . PRIVMSGS_SENT_MAIL . " )
OR ( privmsgs_to_userid = $user_id
AND privmsgs_type = " . PRIVMSGS_READ_MAIL . " )
OR ( privmsgs_to_userid = $user_id
AND privmsgs_type = " . PRIVMSGS_SAVED_IN_MAIL . " )
OR ( privmsgs_from_userid = $user_id
AND privmsgs_type = " . PRIVMSGS_SAVED_OUT_MAIL . " ) )";
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not select all user\'s private messages', '', __LINE__, __FILE__, $sql);
}
//
// This little bit of code directly from the private messaging section.
// Thanks Paul!
//
while ( $row_privmsgs = $db->sql_fetchrow($result) )
{
$mark_list[] = $row_privmsgs['privmsgs_id'];
}
if ( count($mark_list) )
{
$delete_sql_id = implode(', ', $mark_list);
//
// We shouldn't need to worry about updating conters here...
// They are already gone!
//
$delete_text_sql = "DELETE FROM " . PRIVMSGS_TEXT_TABLE . "
WHERE privmsgs_text_id IN ($delete_sql_id)";
$delete_sql = "DELETE FROM " . PRIVMSGS_TABLE . "
WHERE privmsgs_id IN ($delete_sql_id)";
//
// Shouldn't need the switch statement here, either, as we just want
// to take out all of the private messages. This will not affect
// the other messages we want to keep; the ids are unique.
//
if ( !$db->sql_query($delete_sql) )
{
message_die(GENERAL_ERROR, 'Could not delete private message info', '', __LINE__, __FILE__, $delete_sql);
}
if ( !$db->sql_query($delete_text_sql) )
{
message_die(GENERAL_ERROR, 'Could not delete private message text', '', __LINE__, __FILE__, $delete_text_sql);
}
}
$sql = "UPDATE " . PRIVMSGS_TABLE . "
SET privmsgs_to_userid = " . DELETED . "
WHERE privmsgs_to_userid = $user_id";
if ( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not update private messages saved to the user', '', __LINE__, __FILE__, $sql);
}
$sql = "UPDATE " . PRIVMSGS_TABLE . "
SET privmsgs_from_userid = " . DELETED . "
WHERE privmsgs_from_userid = $user_id";
if ( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not update private messages saved from the user', '', __LINE__, __FILE__, $sql);
}
$message = $lang['User_deleted'] . '<br /><br />' . sprintf($lang['Click_return_useradmin'], '<a href="' . append_sid("admin_users.$phpEx") . '">', '</a>') . '<br /><br />' . sprintf($lang['Click_return_admin_index'], '<a href="' . append_sid("index.$phpEx?pane=right") . '">', '</a>');
message_die(GENERAL_MESSAGE, $message);
}
$username = ( !empty($HTTP_POST_VARS['username']) ) ? trim(strip_tags( $HTTP_POST_VARS['username'] ) ) : ''; $username = ( !empty($HTTP_POST_VARS['username']) ) ? trim(strip_tags( $HTTP_POST_VARS['username'] ) ) : '';
$email = ( !empty($HTTP_POST_VARS['email']) ) ? trim(strip_tags(htmlspecialchars( $HTTP_POST_VARS['email'] ) )) : ''; $email = ( !empty($HTTP_POST_VARS['email']) ) ? trim(strip_tags(htmlspecialchars( $HTTP_POST_VARS['email'] ) )) : '';
@ -494,188 +672,11 @@ if( $mode == 'edit' || $mode == 'save' && ( isset($HTTP_POST_VARS['username']) |
// Update entry in DB // Update entry in DB
// //
if( !$error ) if( !$error )
{
if( $HTTP_POST_VARS['deleteuser'] )
{
$sql = "SELECT g.group_id
FROM " . USER_GROUP_TABLE . " ug, " . GROUPS_TABLE . " g
WHERE ug.user_id = $user_id
AND g.group_id = ug.group_id
AND g.group_single_user = 1";
if( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not obtain group information for this user', '', __LINE__, __FILE__, $sql);
}
$row = $db->sql_fetchrow($result);
$sql = "UPDATE " . POSTS_TABLE . "
SET poster_id = " . DELETED . ", post_username = '$username'
WHERE poster_id = $user_id";
if( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not update posts for this user', '', __LINE__, __FILE__, $sql);
}
$sql = "UPDATE " . TOPICS_TABLE . "
SET topic_poster = " . DELETED . "
WHERE topic_poster = $user_id";
if( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not update topics for this user', '', __LINE__, __FILE__, $sql);
}
$sql = "UPDATE " . VOTE_USERS_TABLE . "
SET vote_user_id = " . DELETED . "
WHERE vote_user_id = $user_id";
if( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not update votes for this user', '', __LINE__, __FILE__, $sql);
}
$sql = "SELECT group_id
FROM " . GROUPS_TABLE . "
WHERE group_moderator = $user_id";
if( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not select groups where user was moderator', '', __LINE__, __FILE__, $sql);
}
while ( $row_group = $db->sql_fetchrow($result) )
{
$group_moderator[] = $row_group['group_id'];
}
if ( count($group_moderator) )
{
$update_moderator_id = implode(', ', $group_moderator);
$sql = "UPDATE " . GROUPS_TABLE . "
SET group_moderator = " . $userdata['user_id'] . "
WHERE group_moderator IN ($update_moderator_id)";
if( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not update group moderators', '', __LINE__, __FILE__, $sql);
}
}
$sql = "DELETE FROM " . USERS_TABLE . "
WHERE user_id = $user_id";
if( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not delete user', '', __LINE__, __FILE__, $sql);
}
$sql = "DELETE FROM " . USER_GROUP_TABLE . "
WHERE user_id = $user_id";
if( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not delete user from user_group table', '', __LINE__, __FILE__, $sql);
}
$sql = "DELETE FROM " . GROUPS_TABLE . "
WHERE group_id = " . $row['group_id'];
if( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not delete group for this user', '', __LINE__, __FILE__, $sql);
}
$sql = "DELETE FROM " . AUTH_ACCESS_TABLE . "
WHERE group_id = " . $row['group_id'];
if( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not delete group for this user', '', __LINE__, __FILE__, $sql);
}
$sql = "DELETE FROM " . TOPICS_WATCH_TABLE . "
WHERE user_id = $user_id";
if ( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not delete user from topic watch table', '', __LINE__, __FILE__, $sql);
}
$sql = "SELECT privmsgs_id
FROM " . PRIVMSGS_TABLE . "
WHERE ( ( privmsgs_from_userid = $user_id
AND privmsgs_type = " . PRIVMSGS_NEW_MAIL . " )
OR ( privmsgs_from_userid = $user_id
AND privmsgs_type = " . PRIVMSGS_SENT_MAIL . " )
OR ( privmsgs_to_userid = $user_id
AND privmsgs_type = " . PRIVMSGS_READ_MAIL . " )
OR ( privmsgs_to_userid = $user_id
AND privmsgs_type = " . PRIVMSGS_SAVED_IN_MAIL . " )
OR ( privmsgs_from_userid = $user_id
AND privmsgs_type = " . PRIVMSGS_SAVED_OUT_MAIL . " ) )";
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not select all user\'s private messages', '', __LINE__, __FILE__, $sql);
}
//
// This little bit of code directly from the private messaging section.
// Thanks Paul!
//
while ( $row_privmsgs = $db->sql_fetchrow($result) )
{
$mark_list[] = $row_privmsgs['privmsgs_id'];
}
if ( count($mark_list) )
{
$delete_sql_id = implode(', ', $mark_list);
//
// We shouldn't need to worry about updating conters here...
// They are already gone!
//
$delete_text_sql = "DELETE FROM " . PRIVMSGS_TEXT_TABLE . "
WHERE privmsgs_text_id IN ($delete_sql_id)";
$delete_sql = "DELETE FROM " . PRIVMSGS_TABLE . "
WHERE privmsgs_id IN ($delete_sql_id)";
//
// Shouldn't need the switch statement here, either, as we just want
// to take out all of the private messages. This will not affect
// the other messages we want to keep; the ids are unique.
//
if ( !$db->sql_query($delete_sql) )
{
message_die(GENERAL_ERROR, 'Could not delete private message info', '', __LINE__, __FILE__, $delete_sql);
}
if ( !$db->sql_query($delete_text_sql) )
{
message_die(GENERAL_ERROR, 'Could not delete private message text', '', __LINE__, __FILE__, $delete_text_sql);
}
}
$sql = "UPDATE " . PRIVMSGS_TABLE . "
SET privmsgs_to_userid = " . DELETED . "
WHERE privmsgs_to_userid = $user_id";
if ( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not update private messages saved to the user', '', __LINE__, __FILE__, $sql);
}
$sql = "UPDATE " . PRIVMSGS_TABLE . "
SET privmsgs_from_userid = " . DELETED . "
WHERE privmsgs_from_userid = $user_id";
if ( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not update private messages saved from the user', '', __LINE__, __FILE__, $sql);
}
$message = $lang['User_deleted'];
}
else
{ {
$sql = "UPDATE " . USERS_TABLE . " $sql = "UPDATE " . USERS_TABLE . "
SET " . $username_sql . $passwd_sql . "user_email = '" . str_replace("\'", "''", $email) . "', user_icq = '" . str_replace("\'", "''", $icq) . "', user_website = '" . str_replace("\'", "''", $website) . "', user_occ = '" . str_replace("\'", "''", $occupation) . "', user_from = '" . str_replace("\'", "''", $location) . "', user_interests = '" . str_replace("\'", "''", $interests) . "', user_sig = '" . str_replace("\'", "''", $signature) . "', user_viewemail = $viewemail, user_aim = '" . str_replace("\'", "''", $aim) . "', user_yim = '" . str_replace("\'", "''", $yim) . "', user_msnm = '" . str_replace("\'", "''", $msn) . "', user_attachsig = $attachsig, user_sig_bbcode_uid = '$signature_bbcode_uid', user_allowsmile = $allowsmilies, user_allowhtml = $allowhtml, user_allowavatar = $user_allowavatar, user_allowbbcode = $allowbbcode, user_allow_viewonline = $allowviewonline, user_notify = $notifyreply, user_allow_pm = $user_allowpm, user_notify_pm = $notifypm, user_popup_pm = $popuppm, user_lang = '" . str_replace("\'", "''", $user_lang) . "', user_style = $user_style, user_timezone = $user_timezone, user_dateformat = '" . str_replace("\'", "''", $user_dateformat) . "', user_active = $user_status, user_rank = $user_rank" . $avatar_sql . " SET " . $username_sql . $passwd_sql . "user_email = '" . str_replace("\'", "''", $email) . "', user_icq = '" . str_replace("\'", "''", $icq) . "', user_website = '" . str_replace("\'", "''", $website) . "', user_occ = '" . str_replace("\'", "''", $occupation) . "', user_from = '" . str_replace("\'", "''", $location) . "', user_interests = '" . str_replace("\'", "''", $interests) . "', user_sig = '" . str_replace("\'", "''", $signature) . "', user_viewemail = $viewemail, user_aim = '" . str_replace("\'", "''", $aim) . "', user_yim = '" . str_replace("\'", "''", $yim) . "', user_msnm = '" . str_replace("\'", "''", $msn) . "', user_attachsig = $attachsig, user_sig_bbcode_uid = '$signature_bbcode_uid', user_allowsmile = $allowsmilies, user_allowhtml = $allowhtml, user_allowavatar = $user_allowavatar, user_allowbbcode = $allowbbcode, user_allow_viewonline = $allowviewonline, user_notify = $notifyreply, user_allow_pm = $user_allowpm, user_notify_pm = $notifypm, user_popup_pm = $popuppm, user_lang = '" . str_replace("\'", "''", $user_lang) . "', user_style = $user_style, user_timezone = $user_timezone, user_dateformat = '" . str_replace("\'", "''", $user_dateformat) . "', user_active = $user_status, user_rank = $user_rank" . $avatar_sql . "
WHERE user_id = $user_id"; WHERE user_id = $user_id";
if( $result = $db->sql_query($sql) ) if( $result = $db->sql_query($sql) )
{ {
if( isset($rename_user) ) if( isset($rename_user) )

8
phpBB/groupcp.php
View file

@ -127,7 +127,7 @@ $server_url = $server_protocol . $server_name . $server_port . $script_name;
if ( isset($HTTP_GET_VARS[POST_GROUPS_URL]) || isset($HTTP_POST_VARS[POST_GROUPS_URL]) ) if ( isset($HTTP_GET_VARS[POST_GROUPS_URL]) || isset($HTTP_POST_VARS[POST_GROUPS_URL]) )
{ {
$group_id = ( isset($HTTP_GET_VARS[POST_GROUPS_URL]) ) ? intval($HTTP_GET_VARS[POST_GROUPS_URL]) : intval($HTTP_POST_VARS[POST_GROUPS_URL]); $group_id = ( isset($HTTP_POST_VARS[POST_GROUPS_URL]) ) ? intval($HTTP_POST_VARS[POST_GROUPS_URL]) : intval($HTTP_GET_VARS[POST_GROUPS_URL]);
} }
else else
{ {
@ -1243,7 +1243,11 @@ else
$template->assign_block_vars('switch_groups_remaining', array() ); $template->assign_block_vars('switch_groups_remaining', array() );
} }
$s_hidden_fields = '<input type="hidden" name="sid" value="' . $userdata['session_id'] . '" />'; $s_hidden_fields = '';
if ( !empty($SID) )
{
$s_hidden_fields .= '<input type="hidden" name="sid" value="' . $userdata['session_id'] . '" />';
}
$template->assign_vars(array( $template->assign_vars(array(
'L_GROUP_MEMBERSHIP_DETAILS' => $lang['Group_member_details'], 'L_GROUP_MEMBERSHIP_DETAILS' => $lang['Group_member_details'],

8
phpBB/includes/functions.php
View file

@ -92,7 +92,7 @@ function get_userdata($user)
function make_jumpbox($action, $match_forum_id = 0) function make_jumpbox($action, $match_forum_id = 0)
{ {
global $template, $lang, $db, $SID, $nav_links, $phpEx; global $template, $userdata, $lang, $db, $nav_links, $phpEx;
// $is_auth = auth(AUTH_VIEW, AUTH_LIST_ALL, $userdata); // $is_auth = auth(AUTH_VIEW, AUTH_LIST_ALL, $userdata);
@ -174,9 +174,9 @@ function make_jumpbox($action, $match_forum_id = 0)
$boxstring .= '<select name="' . POST_FORUM_URL . '" onChange="if(this.options[this.selectedIndex].value != -1){ forms[\'jumpbox\'].submit() }"></select>'; $boxstring .= '<select name="' . POST_FORUM_URL . '" onChange="if(this.options[this.selectedIndex].value != -1){ forms[\'jumpbox\'].submit() }"></select>';
} }
if ( isset($SID) ) if ( !empty($SID) )
{ {
$boxstring .= '<input type="hidden" name="sid" value="' . substr($SID, 4) . '" />'; $boxstring .= '<input type="hidden" name="sid" value="' . $userdata['session_id'] . '" />';
} }
$template->set_filenames(array( $template->set_filenames(array(
@ -288,7 +288,7 @@ function setup_style($style)
message_die(CRITICAL_ERROR, "Could not open $template_name template config file", '', __LINE__, __FILE__); message_die(CRITICAL_ERROR, "Could not open $template_name template config file", '', __LINE__, __FILE__);
} }
$img_lang = ( file_exists(@realpath($current_template_path . '/images/lang_' . $board_config['default_lang'])) ) ? $board_config['default_lang'] : 'english'; $img_lang = ( file_exists(@realpath($phpbb_root_path . $current_template_path . '/images/lang_' . $board_config['default_lang'])) ) ? $board_config['default_lang'] : 'english';
while( list($key, $value) = @each($images) ) while( list($key, $value) = @each($images) )
{ {

6
phpBB/includes/usercp_avatar.php
View file

@ -96,7 +96,7 @@ function user_avatar_url($mode, &$error, &$error_msg, $avatar_filename)
function user_avatar_upload($mode, $avatar_mode, &$current_avatar, &$current_type, &$error, &$error_msg, $avatar_filename, $avatar_realname, $avatar_filesize, $avatar_filetype) function user_avatar_upload($mode, $avatar_mode, &$current_avatar, &$current_type, &$error, &$error_msg, $avatar_filename, $avatar_realname, $avatar_filesize, $avatar_filetype)
{ {
global $board_config, $user_ip, $db, $lang; global $board_config, $db, $lang;
$ini_val = ( @phpversion() >= '4.0.0' ) ? 'ini_get' : 'get_cfg_var'; $ini_val = ( @phpversion() >= '4.0.0' ) ? 'ini_get' : 'get_cfg_var';
@ -145,7 +145,7 @@ function user_avatar_upload($mode, $avatar_mode, &$current_avatar, &$current_typ
$avatar_data = substr($avatar_data, strlen($avatar_data) - $avatar_filesize, $avatar_filesize); $avatar_data = substr($avatar_data, strlen($avatar_data) - $avatar_filesize, $avatar_filesize);
$tmp_path = ( !@$ini_val('safe_mode') ) ? '/tmp' : './' . $board_config['avatar_path'] . '/tmp'; $tmp_path = ( !@$ini_val('safe_mode') ) ? '/tmp' : './' . $board_config['avatar_path'] . '/tmp';
$tmp_filename = tempnam($tmp_path, uniqid($user_ip) . '-'); $tmp_filename = tempnam($tmp_path, uniqid(rand()) . '-');
$fptr = @fopen($tmp_filename, 'wb'); $fptr = @fopen($tmp_filename, 'wb');
$bytes_written = @fwrite($fptr, $avatar_data, $avatar_filesize); $bytes_written = @fwrite($fptr, $avatar_data, $avatar_filesize);
@ -193,7 +193,7 @@ function user_avatar_upload($mode, $avatar_mode, &$current_avatar, &$current_typ
if ( $width <= $board_config['avatar_max_width'] && $height <= $board_config['avatar_max_height'] ) if ( $width <= $board_config['avatar_max_width'] && $height <= $board_config['avatar_max_height'] )
{ {
$new_filename = uniqid($user_ip) . $imgtype; $new_filename = uniqid(rand()) . $imgtype;
if ( $mode == 'editprofile' && $current_type == USER_AVATAR_UPLOAD && $current_avatar != '' ) if ( $mode == 'editprofile' && $current_type == USER_AVATAR_UPLOAD && $current_avatar != '' )
{ {

81
phpBB/includes/usercp_register.php
View file

@ -101,7 +101,7 @@ if (
{ {
if ( !empty($HTTP_POST_VARS[$param]) ) if ( !empty($HTTP_POST_VARS[$param]) )
{ {
$$var = trim(strip_tags($HTTP_POST_VARS[$param])); $$var = trim(htmlspecialchars(strip_tags($HTTP_POST_VARS[$param])));
} }
} }
@ -115,8 +115,6 @@ if (
} }
} }
$username = str_replace('&nbsp;', '', $username);
$email = htmlspecialchars($email);
$signature = str_replace('<br />', "\n", $signature); $signature = str_replace('<br />', "\n", $signature);
// Run some validation on the optional fields. These are pass-by-ref, so they'll be changed to // Run some validation on the optional fields. These are pass-by-ref, so they'll be changed to
@ -152,7 +150,7 @@ if (
{ {
if ( preg_match('/^[a-z_]+$/i', $HTTP_POST_VARS['language']) ) if ( preg_match('/^[a-z_]+$/i', $HTTP_POST_VARS['language']) )
{ {
$user_lang = $HTTP_POST_VARS['language']; $user_lang = htmlspecialchars($HTTP_POST_VARS['language']);
} }
else else
{ {
@ -166,7 +164,7 @@ if (
} }
$user_timezone = ( isset($HTTP_POST_VARS['timezone']) ) ? doubleval($HTTP_POST_VARS['timezone']) : $board_config['board_timezone']; $user_timezone = ( isset($HTTP_POST_VARS['timezone']) ) ? doubleval($HTTP_POST_VARS['timezone']) : $board_config['board_timezone'];
$user_dateformat = ( !empty($HTTP_POST_VARS['dateformat']) ) ? trim($HTTP_POST_VARS['dateformat']) : $board_config['default_dateformat']; $user_dateformat = ( !empty($HTTP_POST_VARS['dateformat']) ) ? trim(htmlspecialchars($HTTP_POST_VARS['dateformat'])) : $board_config['default_dateformat'];
$user_avatar_local = ( isset($HTTP_POST_VARS['avatarselect']) && !empty($HTTP_POST_VARS['submitavatar']) && $board_config['allow_avatar_local'] ) ? $HTTP_POST_VARS['avatarselect'] : ( ( isset($HTTP_POST_VARS['avatarlocal']) ) ? htmlspecialchars($HTTP_POST_VARS['avatarlocal']) : '' ); $user_avatar_local = ( isset($HTTP_POST_VARS['avatarselect']) && !empty($HTTP_POST_VARS['submitavatar']) && $board_config['allow_avatar_local'] ) ? $HTTP_POST_VARS['avatarselect'] : ( ( isset($HTTP_POST_VARS['avatarlocal']) ) ? htmlspecialchars($HTTP_POST_VARS['avatarlocal']) : '' );
@ -188,29 +186,23 @@ if (
$password_confirm = stripslashes($password_confirm); $password_confirm = stripslashes($password_confirm);
$icq = stripslashes($icq); $icq = stripslashes($icq);
$aim = htmlspecialchars(stripslashes($aim)); $aim = stripslashes($aim);
$msn = htmlspecialchars(stripslashes($msn)); $msn = stripslashes($msn);
$yim = htmlspecialchars(stripslashes($yim)); $yim = stripslashes($yim);
$website = htmlspecialchars(stripslashes($website)); $website = stripslashes($website);
$location = htmlspecialchars(stripslashes($location)); $location = stripslashes($location);
$occupation = htmlspecialchars(stripslashes($occupation)); $occupation = stripslashes($occupation);
$interests = htmlspecialchars(stripslashes($interests)); $interests = stripslashes($interests);
$signature = htmlspecialchars(stripslashes($signature)); $signature = stripslashes($signature);
$user_lang = stripslashes($user_lang); $user_lang = stripslashes($user_lang);
$user_dateformat = htmlspecialchars(stripslashes($user_dateformat)); $user_dateformat = stripslashes($user_dateformat);
if ( !isset($HTTP_POST_VARS['cancelavatar'])) if ( !isset($HTTP_POST_VARS['cancelavatar']))
{ {
$user_avatar = $user_avatar_local; $user_avatar = $user_avatar_local;
$user_avatar_type = USER_AVATAR_GALLERY; $user_avatar_type = USER_AVATAR_GALLERY;
if ( $userdata['user_avatar_type'] == USER_AVATAR_UPLOAD && @file_exists(@realpath('./' . $board_config['avatar_path'] . '/' . $userdata['user_avatar'])) )
{
@unlink('./' . $board_config['avatar_path'] . '/' . $userdata['user_avatar']);
}
} }
} }
} }
@ -343,6 +335,8 @@ if ( isset($HTTP_POST_VARS['submit']) )
$error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Username_disallowed']; $error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Username_disallowed'];
} }
else if ( $username != $userdata['username'] || $mode == 'register' ) else if ( $username != $userdata['username'] || $mode == 'register' )
{
if (strtolower($username) != strtolower($userdata['username']))
{ {
$result = validate_username($username); $result = validate_username($username);
if ( $result['error'] ) if ( $result['error'] )
@ -350,7 +344,9 @@ if ( isset($HTTP_POST_VARS['submit']) )
$error = TRUE; $error = TRUE;
$error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $result['error_msg']; $error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $result['error_msg'];
} }
else }
if (!$error)
{ {
$username_sql = "username = '" . str_replace("\'", "''", $username) . "', "; $username_sql = "username = '" . str_replace("\'", "''", $username) . "', ";
} }
@ -372,6 +368,7 @@ if ( isset($HTTP_POST_VARS['submit']) )
$signature = prepare_message($signature, $allowhtml, $allowbbcode, $allowsmilies, $signature_bbcode_uid); $signature = prepare_message($signature, $allowhtml, $allowbbcode, $allowsmilies, $signature_bbcode_uid);
} }
//??
if ( $website != '' ) if ( $website != '' )
{ {
rawurlencode($website); rawurlencode($website);
@ -398,10 +395,18 @@ if ( isset($HTTP_POST_VARS['submit']) )
} }
else if ( $user_avatar_remoteurl != '' && $board_config['allow_avatar_remote'] ) else if ( $user_avatar_remoteurl != '' && $board_config['allow_avatar_remote'] )
{ {
if ( @file_exists(@realpath('./' . $board_config['avatar_path'] . '/' . $userdata['user_avatar'])) )
{
@unlink('./' . $board_config['avatar_path'] . '/' . $userdata['user_avatar']);
}
$avatar_sql = user_avatar_url($mode, $error, $error_msg, $user_avatar_remoteurl); $avatar_sql = user_avatar_url($mode, $error, $error_msg, $user_avatar_remoteurl);
} }
else if ( $user_avatar_local != '' && $board_config['allow_avatar_local'] ) else if ( $user_avatar_local != '' && $board_config['allow_avatar_local'] )
{ {
if ( @file_exists(@realpath('./' . $board_config['avatar_path'] . '/' . $userdata['user_avatar'])) )
{
@unlink('./' . $board_config['avatar_path'] . '/' . $userdata['user_avatar']);
}
$avatar_sql = user_avatar_gallery($mode, $error, $error_msg, $user_avatar_local); $avatar_sql = user_avatar_gallery($mode, $error, $error_msg, $user_avatar_local);
} }
else else
@ -644,38 +649,38 @@ if ( $error )
$password_confirm = ''; $password_confirm = '';
$icq = stripslashes($icq); $icq = stripslashes($icq);
$aim = htmlspecialchars(str_replace('+', ' ', stripslashes($aim))); $aim = str_replace('+', ' ', stripslashes($aim));
$msn = htmlspecialchars(stripslashes($msn)); $msn = stripslashes($msn);
$yim = htmlspecialchars(stripslashes($yim)); $yim = stripslashes($yim);
$website = htmlspecialchars(stripslashes($website)); $website = stripslashes($website);
$location = htmlspecialchars(stripslashes($location)); $location = stripslashes($location);
$occupation = htmlspecialchars(stripslashes($occupation)); $occupation = stripslashes($occupation);
$interests = htmlspecialchars(stripslashes($interests)); $interests = stripslashes($interests);
$signature = stripslashes($signature); $signature = stripslashes($signature);
$signature = ( $signature_bbcode_uid != '' ) ? preg_replace("/:(([a-z0-9]+:)?)$signature_bbcode_uid\]/si", ']', $signature) : $signature; $signature = ( $signature_bbcode_uid != '' ) ? preg_replace("/:(([a-z0-9]+:)?)$signature_bbcode_uid\]/si", ']', $signature) : $signature;
$user_lang = stripslashes($user_lang); $user_lang = stripslashes($user_lang);
$user_dateformat = htmlspecialchars(stripslashes($user_dateformat)); $user_dateformat = stripslashes($user_dateformat);
} }
else if ( $mode == 'editprofile' && !isset($HTTP_POST_VARS['avatargallery']) && !isset($HTTP_POST_VARS['submitavatar']) && !isset($HTTP_POST_VARS['cancelavatar']) ) else if ( $mode == 'editprofile' && !isset($HTTP_POST_VARS['avatargallery']) && !isset($HTTP_POST_VARS['submitavatar']) && !isset($HTTP_POST_VARS['cancelavatar']) )
{ {
$user_id = $userdata['user_id']; $user_id = $userdata['user_id'];
$username = htmlspecialchars($userdata['username']); $username = $userdata['username'];
$email = $userdata['user_email']; $email = $userdata['user_email'];
$new_password = ''; $new_password = '';
$password_confirm = ''; $password_confirm = '';
$icq = $userdata['user_icq']; $icq = $userdata['user_icq'];
$aim = htmlspecialchars(str_replace('+', ' ', $userdata['user_aim'])); $aim = str_replace('+', ' ', $userdata['user_aim']);
$msn = htmlspecialchars($userdata['user_msnm']); $msn = $userdata['user_msnm'];
$yim = htmlspecialchars($userdata['user_yim']); $yim = $userdata['user_yim'];
$website = htmlspecialchars($userdata['user_website']); $website = $userdata['user_website'];
$location = htmlspecialchars($userdata['user_from']); $location = $userdata['user_from'];
$occupation = htmlspecialchars($userdata['user_occ']); $occupation = $userdata['user_occ'];
$interests = htmlspecialchars($userdata['user_interests']); $interests = $userdata['user_interests'];
$signature_bbcode_uid = $userdata['user_sig_bbcode_uid']; $signature_bbcode_uid = $userdata['user_sig_bbcode_uid'];
$signature = ( $signature_bbcode_uid != '' ) ? preg_replace("/:(([a-z0-9]+:)?)$signature_bbcode_uid\]/si", ']', $userdata['user_sig']) : $userdata['user_sig']; $signature = ( $signature_bbcode_uid != '' ) ? preg_replace("/:(([a-z0-9]+:)?)$signature_bbcode_uid\]/si", ']', $userdata['user_sig']) : $userdata['user_sig'];
@ -695,7 +700,7 @@ else if ( $mode == 'editprofile' && !isset($HTTP_POST_VARS['avatargallery']) &&
$user_style = $userdata['user_style']; $user_style = $userdata['user_style'];
$user_lang = $userdata['user_lang']; $user_lang = $userdata['user_lang'];
$user_timezone = $userdata['user_timezone']; $user_timezone = $userdata['user_timezone'];
$user_dateformat = htmlspecialchars($userdata['user_dateformat']); $user_dateformat = $userdata['user_dateformat'];
} }
// //

43
phpBB/install.php
View file

@ -22,15 +22,6 @@
error_reporting (E_ERROR | E_WARNING | E_PARSE); // This will NOT report uninitialized variables error_reporting (E_ERROR | E_WARNING | E_PARSE); // This will NOT report uninitialized variables
set_magic_quotes_runtime(0); // Disable magic_quotes_runtime set_magic_quotes_runtime(0); // Disable magic_quotes_runtime
define('IN_PHPBB', true);
$phpbb_root_path='./';
include($phpbb_root_path.'extension.inc');
include($phpbb_root_path . 'includes/functions_selects.'.$phpEx);
$userdata = array();
$lang = array();
$reinstall = false;
if( !get_magic_quotes_gpc() ) if( !get_magic_quotes_gpc() )
{ {
if( is_array($HTTP_GET_VARS) ) if( is_array($HTTP_GET_VARS) )
@ -94,6 +85,15 @@ if( !get_magic_quotes_gpc() )
} }
} }
define('IN_PHPBB', true);
$phpbb_root_path='./';
include($phpbb_root_path.'extension.inc');
include($phpbb_root_path . 'includes/functions_selects.'.$phpEx);
$userdata = array();
$lang = array();
$reinstall = false;
/*************************************************************************** /***************************************************************************
* Install Customization Section * Install Customization Section
* *
@ -720,12 +720,11 @@ else
$sql_query = $remove_remarks($sql_query); $sql_query = $remove_remarks($sql_query);
$sql_query = split_sql_file($sql_query, $delimiter); $sql_query = split_sql_file($sql_query, $delimiter);
$sql_count = count($sql_query); for ($i = 0; $i < sizeof($sql_query); $i++)
for($i = 0; $i < $sql_count; $i++)
{ {
$result = $db->sql_query($sql_query[$i]); if (trim($sql_query[$i]) != '')
if( !$result ) {
if (!($result = $db->sql_query($sql_query[$i])))
{ {
$error = $db->sql_error(); $error = $db->sql_error();
@ -741,6 +740,7 @@ else
exit; exit;
} }
} }
}
// //
// Ok tables have been built, let's fill in the basic information // Ok tables have been built, let's fill in the basic information
@ -751,12 +751,11 @@ else
$sql_query = $remove_remarks($sql_query); $sql_query = $remove_remarks($sql_query);
$sql_query = split_sql_file($sql_query, $delimiter_basic); $sql_query = split_sql_file($sql_query, $delimiter_basic);
$sql_count = count($sql_query); for($i = 0; $i < sizeof($sql_query); $i++)
for($i = 0; $i < $sql_count; $i++)
{ {
$result = $db->sql_query($sql_query[$i]); if (trim($sql_query[$i]) != '')
if( !$result ) {
if (!($result = $db->sql_query($sql_query[$i])))
{ {
$error = $db->sql_error(); $error = $db->sql_error();
@ -773,6 +772,7 @@ else
} }
} }
} }
}
// //
// Ok at this point they have entered their admin password, let's go // Ok at this point they have entered their admin password, let's go
@ -781,7 +781,7 @@ else
// this we are going to pass them over to the admin_forum.php script // this we are going to pass them over to the admin_forum.php script
// to set up their forum defaults. // to set up their forum defaults.
// //
$error = ""; $error = '';
// //
// Update the default admin user with their information. // Update the default admin user with their information.
@ -862,6 +862,8 @@ else
$error .= "Could not update user_regdate :: " . $sql . " :: " . __LINE__ . " :: " . __FILE__ . "<br /><br />"; $error .= "Could not update user_regdate :: " . $sql . " :: " . __LINE__ . " :: " . __FILE__ . "<br /><br />";
} }
/*
// Disabled in 2.0.4 ... too many issues with MAX ROWS
// //
// Change session table to HEAP if MySQL version matches // Change session table to HEAP if MySQL version matches
// //
@ -881,6 +883,7 @@ else
} }
} }
} }
*/
if( $error != "" ) if( $error != "" )
{ {

22
phpBB/memberlist.php
View file

@ -35,6 +35,15 @@ init_userprefs($userdata);
$start = ( isset($HTTP_GET_VARS['start']) ) ? intval($HTTP_GET_VARS['start']) : 0; $start = ( isset($HTTP_GET_VARS['start']) ) ? intval($HTTP_GET_VARS['start']) : 0;
if ( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) )
{
$mode = ( isset($HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode'];
}
else
{
$mode = 'joined';
}
if(isset($HTTP_POST_VARS['order'])) if(isset($HTTP_POST_VARS['order']))
{ {
$sort_order = ($HTTP_POST_VARS['order'] == 'ASC') ? 'ASC' : 'DESC'; $sort_order = ($HTTP_POST_VARS['order'] == 'ASC') ? 'ASC' : 'DESC';
@ -104,12 +113,8 @@ $template->assign_vars(array(
'S_MODE_ACTION' => append_sid("memberlist.$phpEx")) 'S_MODE_ACTION' => append_sid("memberlist.$phpEx"))
); );
if ( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) ) switch( $mode )
{ {
$mode = ( isset($HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode'];
switch( $mode )
{
case 'joined': case 'joined':
$order_by = "user_regdate ASC LIMIT $start, " . $board_config['topics_per_page']; $order_by = "user_regdate ASC LIMIT $start, " . $board_config['topics_per_page'];
break; break;
@ -129,16 +134,11 @@ if ( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) )
$order_by = "user_website $sort_order LIMIT $start, " . $board_config['topics_per_page']; $order_by = "user_website $sort_order LIMIT $start, " . $board_config['topics_per_page'];
break; break;
case 'topten': case 'topten':
$order_by = "user_posts DESC LIMIT 10"; $order_by = "user_posts $sort_order LIMIT 10";
break; break;
default: default:
$order_by = "user_regdate $sort_order LIMIT $start, " . $board_config['topics_per_page']; $order_by = "user_regdate $sort_order LIMIT $start, " . $board_config['topics_per_page'];
break; break;
}
}
else
{
$order_by = "user_regdate $sort_order LIMIT $start, " . $board_config['topics_per_page'];
} }
$sql = "SELECT username, user_id, user_viewemail, user_posts, user_regdate, user_from, user_website, user_email, user_icq, user_aim, user_yim, user_msnm, user_avatar, user_avatar_type, user_allowavatar $sql = "SELECT username, user_id, user_viewemail, user_posts, user_regdate, user_from, user_website, user_email, user_icq, user_aim, user_yim, user_msnm, user_avatar, user_avatar_type, user_allowavatar

10
phpBB/posting.php
View file

@ -403,13 +403,13 @@ else
$smilies_on = ( $submit || $refresh ) ? ( ( !empty($HTTP_POST_VARS['disable_smilies']) ) ? 0 : TRUE ) : ( ( $userdata['user_id'] == ANONYMOUS ) ? $board_config['allow_smilies'] : $userdata['user_allowsmile'] ); $smilies_on = ( $submit || $refresh ) ? ( ( !empty($HTTP_POST_VARS['disable_smilies']) ) ? 0 : TRUE ) : ( ( $userdata['user_id'] == ANONYMOUS ) ? $board_config['allow_smilies'] : $userdata['user_allowsmile'] );
} }
if ( $submit || $refresh ) if ( ($submit || $refresh) && $is_auth['auth_read'])
{ {
$notify_user = ( !empty($HTTP_POST_VARS['notify']) ) ? TRUE : 0; $notify_user = ( !empty($HTTP_POST_VARS['notify']) ) ? TRUE : 0;
} }
else else
{ {
if ( $mode != 'newtopic' && $userdata['session_logged_in'] ) if ( $mode != 'newtopic' && $userdata['session_logged_in'] && $is_auth['auth_read'] )
{ {
$sql = "SELECT topic_id $sql = "SELECT topic_id
FROM " . TOPICS_WATCH_TABLE . " FROM " . TOPICS_WATCH_TABLE . "
@ -424,7 +424,7 @@ else
} }
else else
{ {
$notify_user = ( $userdata['session_logged_in'] ) ? $userdata['user_notify'] : 0; $notify_user = ( $userdata['session_logged_in'] && $is_auth['auth_read'] ) ? $userdata['user_notify'] : 0;
} }
} }
@ -879,7 +879,7 @@ if( !$userdata['session_logged_in'] || ( $mode == 'editpost' && $post_info['post
// //
// Notify checkbox - only show if user is logged in // Notify checkbox - only show if user is logged in
// //
if ( $userdata['session_logged_in'] ) if ( $userdata['session_logged_in'] && $is_auth['auth_read'] )
{ {
if ( $mode != 'editpost' || ( $mode == 'editpost' && $post_info['poster_id'] != ANONYMOUS ) ) if ( $mode != 'editpost' || ( $mode == 'editpost' && $post_info['poster_id'] != ANONYMOUS ) )
{ {
@ -1104,7 +1104,7 @@ if( ( $mode == 'newtopic' || ( $mode == 'editpost' && $post_data['first_post'] )
// //
// Topic review // Topic review
// //
if( $mode == 'reply' ) if( $mode == 'reply' && $is_auth['auth_read'] )
{ {
require($phpbb_root_path . 'includes/topic_review.'.$phpEx); require($phpbb_root_path . 'includes/topic_review.'.$phpEx);
topic_review($topic_id, true); topic_review($topic_id, true);