diff --git a/phpBB/admin/admin_board.php b/phpBB/admin/admin_board.php index 9a9f1a5990..d39b0c28a3 100644 --- a/phpBB/admin/admin_board.php +++ b/phpBB/admin/admin_board.php @@ -46,17 +46,8 @@ else if( isset($HTTP_POST_VARS['submit']) ) { - if( $config_name == "default_theme" ) - { - $new[$config_name] = substr($HTTP_POST_VARS['board_style'], strrpos($HTTP_POST_VARS['board_style'], "_") + 1); - } - else if( $config_name == "board_template" ) - { - $new[$config_name] = substr($HTTP_POST_VARS['board_style'], 0, strrpos($HTTP_POST_VARS['board_style'], "_")); - } - $sql = "UPDATE " . CONFIG_TABLE . " SET - config_value = '".$new[$config_name]."' + config_value = '" . $new[$config_name] . "' WHERE config_name = '$config_name'"; if( !$db->sql_query($sql) ) { @@ -71,18 +62,24 @@ else } } -$style_select = style_select($new['board_template'], $new['default_theme'], 'board_style', "../templates"); +$style_select = style_select($new['default_style'], 'default_style', "../templates"); +$admin_style_select = style_select($new['default_admin_style'], 'default_admin_style', "../templates"); $lang_select = language_select($new['default_lang'], 'default_lang', "../language"); $timezone_select = tz_select($new['board_timezone'], 'board_timezone'); +$override_user_style_yes = ($new['override_user_style']) ? "checked=\"checked\"" : ""; +$override_user_style_no = (!$new['override_user_style']) ? "checked=\"checked\"" : ""; $html_yes = ($new['allow_html']) ? "checked=\"checked\"" : ""; $html_no = (!$new['allow_html']) ? "checked=\"checked\"" : ""; $bbcode_yes = ($new['allow_bbcode']) ? "checked=\"checked\"" : ""; $bbcode_no = (!$new['allow_bbcode']) ? "checked=\"checked\"" : ""; -$activation_yes = ($new['require_activation']) ? "checked=\"checked\"" : ""; -$activation_no = (!$new['require_activation']) ? "checked=\"checked\"" : ""; +$activation_none = ($new['require_activation'] == ACTIVATION_NONE) ? "checked=\"checked\"" : ""; +$activation_user = ($new['require_activation'] == ACTIVATION_USER) ? "checked=\"checked\"" : ""; +$activation_admin = ($new['require_activation'] == ACTIVATION_ADMIN) ? "checked=\"checked\"" : ""; $gzip_yes = ($new['gzip_compress']) ? "checked=\"checked\"" : ""; $gzip_no = (!$new['gzip_compress']) ? "checked=\"checked\"" : ""; +$prune_yes = ($new['prune_enable']) ? "checked=\"checked\"" : ""; +$prune_no = (!$new['prune_enable']) ? "checked=\"checked\"" : ""; $smile_yes = ($new['allow_smilies']) ? "checked=\"checked\"" : ""; $smile_no = (!$new['allow_smilies']) ? "checked=\"checked\"" : ""; $sig_yes = ($new['allow_sig']) ? "checked=\"checked\"" : ""; @@ -105,19 +102,27 @@ $template->set_filenames(array( $template->assign_vars(array( "S_CONFIG_ACTION" => append_sid("admin_board.$phpEx"), "SITENAME" => $new['sitename'], - "ACTIVATION_YES" => $activation_yes, - "ACTIVATION_NO" => $activation_no, + "ACTIVATION_NONE" => ACTIVATION_NONE, + "ACTIVATION_NONE_CHECKED" => $activation_none, + "ACTIVATION_USER" => ACTIVATION_USER, + "ACTIVATION_USER_CHECKED" => $activation_user, + "ACTIVATION_ADMIN" => ACTIVATION_ADMIN, + "ACTIVATION_ADMIN_CHECKED" => $activation_admin, "FLOOD_INTERVAL" => $new['flood_interval'], "TOPICS_PER_PAGE" => $new['topics_per_page'], "POSTS_PER_PAGE" => $new['posts_per_page'], "HOT_TOPIC" => $new['hot_threshold'], "STYLE_SELECT" => $style_select, + "OVERRIDE_STYLE_YES" => $override_user_style_yes, + "OVERRIDE_STYLE_NO" => $override_user_style_no, "LANG_SELECT" => $lang_select, "L_DATE_FORMAT_EXPLAIN" => $lang['Date_format_explain'], "DEFAULT_DATEFORMAT" => $new['default_dateformat'], "TIMEZONE_SELECT" => $timezone_select, "GZIP_YES" => $gzip_yes, "GZIP_NO" => $gzip_no, + "PRUNE_YES" => $prune_yes, + "PRUNE_NO" => $prune_no, "HTML_YES" => $html_yes, "HTML_NO" => $html_no, "BBCODE_YES" => $bbcode_yes, @@ -138,8 +143,9 @@ $template->assign_vars(array( "AVATAR_MAX_HEIGHT" => $new['avatar_max_height'], "AVATAR_MAX_WIDTH" => $new['avatar_max_width'], "AVATAR_PATH" => $new['avatar_path'], - "EMAIL_FROM" => $new['email_from'], - "EMAIL_SIG" => $new['email_sig'], + "SMILIES_PATH" => $new['smilies_path'], + "EMAIL_FROM" => $new['board_email'], + "EMAIL_SIG" => $new['board_email_sig'], "SMTP_YES" => $smtp_yes, "SMTP_NO" => $smtp_no, "SMTP_HOST" => $new['smtp_host']) diff --git a/phpBB/admin/admin_users.php b/phpBB/admin/admin_users.php index 9fd8352c69..ec01a8ed6a 100644 --- a/phpBB/admin/admin_users.php +++ b/phpBB/admin/admin_users.php @@ -35,6 +35,81 @@ $phpbb_root_path = "./../"; include($phpbb_root_path . 'extension.inc'); include($phpbb_root_path . 'common.'.$phpEx); + +// +// Functions +// +function validate_optional_fields(&$icq, &$aim, &$msnm, &$yim, &$website, &$location, &$occupation, &$interests, &$sig) +{ + // ICQ number has to be only numbers. + if (!preg_match("/^[0-9]+$/", $icq)) + { + $icq = ""; + } + + // AIM address has to have length >= 2. + if (strlen($aim) < 2) + { + $aim = ""; + } + + // MSNM address has to have length >= 2. + if (strlen($msnm) < 2) + { + $msnm = ""; + } + + // YIM address has to have length >= 2. + if (strlen($yim) < 2) + { + $yim = ""; + } + + // website has to start with http://, followed by something with length at least 3 that + // contains at least one dot. + if($website != "") + { + if( !ereg("^http\:\/\/", $website) ) + { + $website = "http://" . $website; + } + + if (!preg_match("#^http\\:\\/\\/[a-z0-9]+\.[a-z0-9]+#i", $website)) + { + $website = ""; + } + } + + // location has to have length >= 2. + if (strlen($location) < 2) + { + $location = ""; + } + + // occupation has to have length >= 2. + if (strlen($occupation) < 2) + { + $occupation = ""; + } + + // interests has to have length >= 2. + if (strlen($interests) < 2) + { + $interests = ""; + } + + // sig has to have length >= 2. + if (strlen($sig) < 2) + { + $sig = ""; + } + + return; +} +// +// End Functions +// + // // Start session management // @@ -94,23 +169,16 @@ if ( isset($HTTP_GET_VARS['submit']) ) { $allowviewonline = $userdata['user_allow_viewonline']; $user_avatar = $userdata['user_avatar']; - $user_theme = $userdata['user_theme']; + $user_style = $userdata['user_style']; $user_lang = $userdata['user_lang']; $user_timezone = $userdata['user_timezone']; - $user_template = $userdata['user_template']; $user_dateformat = $userdata['user_dateformat']; $user_status = $userdata['user_active']; $user_allowavatar = $userdata['user_allowavatar']; $user_allowpm = $userdata['user_allow_pm']; - $COPPA = false; - - if(!isset($user_template)) - { - $selected_template = $board_config['board_template']; - } $html_status = ($board_config['allow_html']) ? $lang['ON'] : $lang['OFF']; $bbcode_status = ($board_config['allow_bbcode']) ? $lang['ON'] : $lang['OFF']; @@ -118,19 +186,15 @@ if ( isset($HTTP_GET_VARS['submit']) ) { $s_hidden_fields = ''; $s_hidden_fields .= ''; - // Send the users current email address. If they change it, and account activation is turned on - // the user account will be disabled and the user will have to reactivate their account. - $s_hidden_fields .= ''; - if($user_avatar != '') + if( $user_avatar != "" ) { - $avatar = (strstr($user_avatar, 'http') && $board_config['allow_avatar_remote']) ? - "

" - : "
\"\"
"; + $avatar = (strstr($user_avatar, 'http') && $board_config['allow_avatar_remote']) ? "

" : "
\"\"
"; + $s_hidden_fields .= ''; } else { - $avatar = ''; + $avatar = ""; } $template->set_filenames(array( @@ -167,17 +231,19 @@ if ( isset($HTTP_GET_VARS['submit']) ) { "ALWAYS_ALLOW_SMILIES_YES" => ($allowsmilies) ? "checked=\"checked\"" : "", "ALWAYS_ALLOW_SMILIES_NO" => (!$allowsmilies) ? "checked=\"checked\"" : "", "AVATAR" => $avatar, + "LANGUAGE_SELECT" => language_select($user_lang, 'language', '../language'), "TIMEZONE_SELECT" => tz_select($user_timezone), + "STYLE_SELECT" => style_select($user_style, 'style'), "DATE_FORMAT" => $user_dateformat, "HTML_STATUS" => $html_status, "BBCODE_STATUS" => $bbcode_status, "SMILIES_STATUS" => $smilies_status, - "ALLOWPM_YES" => ($user_allowpm) ? "checked=\"checked\"" : "", - "ALLOWAVATAR_YES" => ($user_allowavatar) ? "checked=\"checked\"" : "", - "STATUS_YES" => ($user_status) ? "checked=\"checked\"" : "", - "ALLOWPM_NO" => (!$user_allowpm) ? "checked=\"checked\"" : "", - "ALLOWAVATAR_NO" => (!$user_allowavatar) ? "checked=\"checked\"" : "", - "STATUS_NO" => (!$user_status) ? "checked=\"checked\"" : "", + "ALLOW_PM_YES" => ($user_allowpm) ? "checked=\"checked\"" : "", + "ALLOW_PM_NO" => (!$user_allowpm) ? "checked=\"checked\"" : "", + "ALLOW_AVATAR_YES" => ($user_allowavatar) ? "checked=\"checked\"" : "", + "ALLOW_AVATAR_NO" => (!$user_allowavatar) ? "checked=\"checked\"" : "", + "USER_ACTIVE_YES" => ($user_status) ? "checked=\"checked\"" : "", + "USER_ACTIVE_NO" => (!$user_status) ? "checked=\"checked\"" : "", "L_PASSWORD_IF_CHANGED" => $lang['password_if_changed'], "L_PASSWORD_CONFIRM_IF_CHANGED" => $lang['password_confirm_if_changed'], @@ -191,8 +257,7 @@ if ( isset($HTTP_GET_VARS['submit']) ) { "L_LOCATION" => $lang['From'], "L_OCCUPATION" => $lang['Occupation'], "L_BOARD_LANGUAGE" => $lang['Board_lang'], - "L_BOARD_THEME" => $lang['Board_theme'], - "L_BOARD_TEMPLATE" => $lang['Board_template'], + "L_BOARD_STYLE" => $lang['Board_style'], "L_TIMEZONE" => $lang['Timezone'], "L_DATE_FORMAT" => $lang['Date_format'], "L_DATE_FORMAT_EXPLAIN" => $lang['Date_format_explain'], @@ -207,9 +272,9 @@ if ( isset($HTTP_GET_VARS['submit']) ) { "L_SPECIAL" => $lang['User_special'], "L_SPECIAL_EXPLAIN" => $lang['User_specail_explain'], - "L_STATUS" => $lang['User_status'], - "L_ALLOWPM" => $lang['User_allowpm'], - "L_ALLOWAVATAR" => $lang['User_allowavatar'], + "L_USER_ACTIVE" => $lang['User_status'], + "L_ALLOW_PM" => $lang['User_allowpm'], + "L_ALLOW_AVATAR" => $lang['User_allowavatar'], "L_AVATAR_PANEL" => $lang['Avatar_panel'], "L_AVATAR_EXPLAIN" => $lang['Admin_avatar_explain'], @@ -244,14 +309,12 @@ if ( isset($HTTP_GET_VARS['submit']) ) { } else if($HTTP_POST_VARS[submit] && $HTTP_POST_VARS['user_id']) { -// -// Ok, the profile has been modified and submitted, let's update -// + // + // Ok, the profile has been modified and submitted, let's update + // $user_id = $HTTP_POST_VARS['user_id']; - $current_email = trim(strip_tags(htmlspecialchars($HTTP_POST_VARS['current_email']))); - - $username = (!empty($HTTP_POST_VARS['username'])) ? trim(strip_tags(htmlspecialchars($HTTP_POST_VARS['username']))) : ""; + $username = (!empty($HTTP_POST_VARS['username'])) ? trim(strip_tags($HTTP_POST_VARS['username'])) : ""; $email = (!empty($HTTP_POST_VARS['email'])) ? trim(strip_tags(htmlspecialchars($HTTP_POST_VARS['email']))) : ""; $password = (!empty($HTTP_POST_VARS['password'])) ? trim(strip_tags(htmlspecialchars($HTTP_POST_VARS['password']))) : ""; @@ -263,18 +326,13 @@ else if($HTTP_POST_VARS[submit] && $HTTP_POST_VARS['user_id']) $yim = (!empty($HTTP_POST_VARS['yim'])) ? trim(strip_tags($HTTP_POST_VARS['yim'])) : ""; $website = (!empty($HTTP_POST_VARS['website'])) ? trim(strip_tags($HTTP_POST_VARS['website'])) : ""; - if($website != "") - { - if( !ereg("^http\:\/\/", $website) ) - { - $website = "http://" . $website; - } - } $location = (!empty($HTTP_POST_VARS['location'])) ? trim(strip_tags($HTTP_POST_VARS['location'])) : ""; $occupation = (!empty($HTTP_POST_VARS['occupation'])) ? trim(strip_tags($HTTP_POST_VARS['occupation'])) : ""; $interests = (!empty($HTTP_POST_VARS['interests'])) ? trim(strip_tags($HTTP_POST_VARS['interests'])) : ""; $signature = (!empty($HTTP_POST_VARS['signature'])) ? trim(strip_tags(str_replace("
", "\n", $HTTP_POST_VARS['signature']))) : ""; + validate_optional_fields($icq, $aim, $msn, $yim, $website, $location, $occupation, $interests, $signature); + $viewemail = (isset($HTTP_POST_VARS['viewemail'])) ? $HTTP_POST_VARS['viewemail'] : 0; $allowviewonline = (isset($HTTP_POST_VARS['hideonline'])) ? ( ($HTTP_POST_VARS['hideonline']) ? 0 : 1 ) : 1; $notifypm = (isset($HTTP_POST_VARS['notifypm'])) ? $HTTP_POST_VARS['notifypm'] : 1; @@ -284,12 +342,14 @@ else if($HTTP_POST_VARS[submit] && $HTTP_POST_VARS['user_id']) $allowbbcode = (isset($HTTP_POST_VARS['allowbbcode'])) ? $HTTP_POST_VARS['allowbbcode'] : $board_config['allow_bbcode']; $allowsmilies = (isset($HTTP_POST_VARS['allowsmilies'])) ? $HTTP_POST_VARS['allowsmilies'] : $board_config['allow_smilies']; - $user_theme = ($HTTP_POST_VARS['theme']) ? $HTTP_POST_VARS['theme'] : $board_config['default_theme']; + $user_style = ($HTTP_POST_VARS['style']) ? $HTTP_POST_VARS['style'] : $board_config['default_style']; $user_lang = ($HTTP_POST_VARS['language']) ? $HTTP_POST_VARS['language'] : $board_config['default_lang']; $user_timezone = (isset($HTTP_POST_VARS['timezone'])) ? $HTTP_POST_VARS['timezone'] : $board_config['board_timezone']; $user_template = ($HTTP_POST_VARS['template']) ? $HTTP_POST_VARS['template'] : $board_config['board_template']; $user_dateformat = ($HTTP_POST_VARS['dateformat']) ? trim($HTTP_POST_VARS['dateformat']) : $board_config['default_dateformat']; + $user_avatar = ( isset($HTTP_POST_VARS['user_avatar']) ) ? $HTTP_POST_VARS['user_avatar'] : ""; + $user_status = (!empty($HTTP_POST_VARS['user_status'])) ? $HTTP_POST_VARS['user_status'] : 0; $user_allowpm = (!empty($HTTP_POST_VARS['user_allowpm'])) ? $HTTP_POST_VARS['usr_allowpm'] : 0; $user_allowavatar = (!empty($HTTP_POST_VARS['usr_allowavatar'])) ? $HTTP_POST_VARS['user_allowavatar'] : 0; @@ -320,13 +380,16 @@ else if($HTTP_POST_VARS[submit] && $HTTP_POST_VARS['user_id']) $error_msg = $lang['Password_mismatch']; } - if(isset($HTTP_POST_VARS['avatardel']) && $mode == "editprofile") + if( isset($HTTP_POST_VARS['avatardel']) ) { - if(file_exists("./".$board_config['avatar_path']."/".$userdata['user_avatar'])) + if( !eregi("http", $user_avatar) ) { - @unlink("./".$board_config['avatar_path']."/".$userdata['user_avatar']); - $avatar_sql = ", user_avatar = ''"; + if(file_exists("./../" . $board_config['avatar_path'] . "/" . $user_avatar)) + { + @unlink("./../" . $board_config['avatar_path'] . "/" . $user_avatar); + } } + $avatar_sql = ", user_avatar = ''"; } if(!$error) @@ -334,23 +397,25 @@ else if($HTTP_POST_VARS[submit] && $HTTP_POST_VARS['user_id']) if( $HTTP_POST_VARS['deleteuser'] ) { $sql = "UPDATE " . POSTS_TABLE . " - SET poster_id = '-1' - WHERE poster_id = $user_id"; + SET poster_id = '-1', post_username = '$username' + WHERE poster_id = $user_id"; if( $result = $db->sql_query($sql) ) { $sql = "UPDATE " . TOPICS_TABLE . " - SET topic_poster = '-1' - WHERE topic_poster = $user_id"; + SET topic_poster = '-1' + WHERE topic_poster = $user_id"; if( $result = $db->sql_query($sql) ) { $sql = "DELETE FROM " . USERS_TABLE . " - WHERE user_id = $user_id"; + WHERE user_id = $user_id"; if( $result = $db->sql_query($sql) ) { $sql = "DELETE FROM " . USER_GROUP_TABLE . " - WHERE user_id = $user_id"; + WHERE user_id = $user_id"; $result = @$db->sql_query($sql); + include('page_header_admin.'. $phpEx); + $template->set_filenames(array( "body" => "admin/admin_message_body.tpl") ); @@ -393,39 +458,42 @@ else if($HTTP_POST_VARS[submit] && $HTTP_POST_VARS['user_id']) else { $sql = "UPDATE " . USERS_TABLE . " - SET " . $username_sql . $passwd_sql . "user_email = '$email', user_icq = '$icq', user_website = '$website', user_occ = '$occupation', user_from = '$location', user_interests = '$interests', user_sig = '$signature', user_viewemail = $viewemail, user_aim = '$aim', user_yim = '$yim', user_msnm = '$msn', user_attachsig = $attachsig, user_allowsmile = $allowsmilies, user_allowhtml = $allowhtml, user_allowavatar = $user_allowavatar, user_allowbbcode = $allowbbcode, user_allow_viewonline = $allowviewonline, user_allow_pm = $user_allowpm user_notify_pm = $notifypm, user_timezone = $user_timezone, user_dateformat = '$user_dateformat', user_lang = '$user_lang', user_active = $user_status, user_actkey = '$user_actkey'" . $avatar_sql . " - WHERE user_id = $user_id"; + SET " . $username_sql . $passwd_sql . "user_email = '$email', user_icq = '$icq', user_website = '$website', user_occ = '$occupation', user_from = '$location', user_interests = '$interests', user_sig = '$signature', user_viewemail = $viewemail, user_aim = '$aim', user_yim = '$yim', user_msnm = '$msn', user_attachsig = $attachsig, user_allowsmile = $allowsmilies, user_allowhtml = $allowhtml, user_allowavatar = $user_allowavatar, user_allowbbcode = $allowbbcode, user_allow_viewonline = $allowviewonline, user_allow_pm = $user_allowpm user_notify_pm = $notifypm, user_lang = '$user_lang', user_style = $user_style, user_timezone = $user_timezone, user_dateformat = '$user_dateformat', user_active = $user_status, user_actkey = '$user_actkey'" . $avatar_sql . " + WHERE user_id = $user_id"; if($result = $db->sql_query($sql)) { - include('page_header_admin.' . $phpEx); - $template->set_filenames(array( - "body" => "admin/admin_message_body.tpl") - ); + include('page_header_admin.' . $phpEx); - $template->assign_vars(array( - "MESSAGE_TITLE" => $lang['User'] . $lang['User_admin'], - "MESSAGE_TEXT" => $lang['Profile_updated']) - ); - $template->pparse("body"); + $template->set_filenames(array( + "body" => "admin/admin_message_body.tpl") + ); + + $template->assign_vars(array( + "MESSAGE_TITLE" => $lang['User'] . $lang['User_admin'], + "MESSAGE_TEXT" => $lang['Profile_updated']) + ); + $template->pparse("body"); } else { - include('page_header_admin.' . $phpEx); - $template->set_filenames(array( - "body" => "admin/admin_message_body.tpl") - ); + include('page_header_admin.' . $phpEx); - $template->assign_vars(array( - "MESSAGE_TITLE" => $lang['User'] . $lang['User_admin'], - "MESSAGE_TEXT" => "Error updating user profile") - ); - $template->pparse("body"); + $template->set_filenames(array( + "body" => "admin/admin_message_body.tpl") + ); + + $template->assign_vars(array( + "MESSAGE_TITLE" => $lang['User'] . $lang['User_admin'], + "MESSAGE_TEXT" => "Error updating user profile") + ); + $template->pparse("body"); } } } else { include('page_header_admin.' . $phpEx); + $template->set_filenames(array( "body" => "admin/admin_message_body.tpl") ); @@ -444,7 +512,6 @@ else // // This should be altered on the final system // - $sql = "SELECT user_id, username FROM " . USERS_TABLE . " WHERE user_id <> " . ANONYMOUS ." @@ -480,4 +547,4 @@ else include('page_footer_admin.'.$phpEx); -?> +?> \ No newline at end of file diff --git a/phpBB/common.php b/phpBB/common.php index 0b87f9a5c8..09f6d967a6 100644 --- a/phpBB/common.php +++ b/phpBB/common.php @@ -102,34 +102,28 @@ $theme = Array(); $images = Array(); $lang = Array(); -if(empty($phpbb_root_path)) -{ - $phpbb_root_path = "./"; -} include($phpbb_root_path . 'config.'.$phpEx); include($phpbb_root_path . 'includes/constants.'.$phpEx); include($phpbb_root_path . 'includes/template.'.$phpEx); -include($phpbb_root_path . 'includes/message.'.$phpEx); include($phpbb_root_path . 'includes/sessions.'.$phpEx); include($phpbb_root_path . 'includes/auth.'.$phpEx); include($phpbb_root_path . 'includes/functions.'.$phpEx); include($phpbb_root_path . 'includes/db.'.$phpEx); -include($phpbb_root_path . 'includes/emailer.'.$phpEx); // // Obtain and encode users IP // if(!empty($HTTP_CLIENT_IP)) { - $client_ip = (ereg("[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+", $HTTP_CLIENT_IP)) ? $HTTP_CLIENT_IP : $REMOTE_ADDR; + $client_ip = ( ereg("[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+", $HTTP_CLIENT_IP) ) ? $HTTP_CLIENT_IP : $REMOTE_ADDR; } else if(!empty($HTTP_X_FORWARDED_FOR)) { - $client_ip = (ereg("([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)", $HTTP_X_FORWARDED_FOR, $ip_list)) ? $ip_list[0] : $REMOTE_ADDR; + $client_ip = ( ereg("^([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)", $HTTP_X_FORWARDED_FOR, $ip_list) ) ? $ip_list[0] : $REMOTE_ADDR; } else if(!empty($HTTP_PROXY_USER)) { - $client_ip = (ereg("[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+", $HTTP_PROXY_USER)) ? $HTTP_PROXY_USER : $REMOTE_ADDR; + $client_ip = ( ereg("[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+", $HTTP_PROXY_USER) ) ? $HTTP_PROXY_USER : $REMOTE_ADDR; } else { @@ -154,22 +148,11 @@ else { $board_config[$row['config_name']] = $row['config_value']; } - $board_config['allow_html_tags'] = split(",", $board_config['allow_html_tags']); - $board_config['board_email'] = str_replace("
", "\n", "-- \n" . $board_config['email_sig']); - $board_config['default_template'] = stripslashes($board_config['sys_template']); - $board_config['board_timezone'] = $board_config['system_timezone']; } if( $board_config['board_disable'] && !defined("IN_ADMIN") ) { - include($phpbb_root_path . 'language/lang_' . $board_config['default_lang'] . '.'.$phpEx); - - message_die(GENERAL_MESSAGE, $lang['Board_disable'], $lang['Information']); + message_die(GENERAL_MESSAGE, 'Board_disable', 'Information'); } -// -// Setup the emailer -// -$emailer = new emailer($board_config['smtp_delivery']); - ?> \ No newline at end of file diff --git a/phpBB/includes/constants.php b/phpBB/includes/constants.php index 00cc6e2eb9..f760c0abfd 100644 --- a/phpBB/includes/constants.php +++ b/phpBB/includes/constants.php @@ -36,6 +36,12 @@ define(USER, 0); define(ADMIN, 1); +// User Activation +define(USER_ACTIVATION_NONE, 0); +define(USER_ACTIVATION_USER, 1); +define(USER_ACTIVATION_ADMIN, 2); + + // Forum state define(FORUM_UNLOCKED, 0); define(FORUM_LOCKED, 1); @@ -152,6 +158,7 @@ define('PRIVMSGS_TEXT_TABLE', $table_prefix.'privmsgs_text'); define('PRIVMSGS_IGNORE_TABLE', $table_prefix.'privmsgs_ignore'); define('PRUNE_TABLE', $table_prefix.'forum_prune'); define('RANKS_TABLE', $table_prefix.'ranks'); +define('SEARCH_TABLE', $table_prefix.'search_results'); define('SESSIONS_TABLE', $table_prefix.'sessions'); define('SMILIES_TABLE', $table_prefix.'smilies'); define('THEMES_TABLE', $table_prefix.'themes'); diff --git a/phpBB/includes/emailer.php b/phpBB/includes/emailer.php index b739a71a4d..0082efda22 100755 --- a/phpBB/includes/emailer.php +++ b/phpBB/includes/emailer.php @@ -51,6 +51,7 @@ class emailer $this->address = ""; $this->msg = ""; $this->memOut = ""; + $this->vars = ""; } // diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 155259cddf..7fda06f86c 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -226,29 +226,36 @@ function init_userprefs($userdata) { global $board_config, $theme, $images, $template, $lang, $phpEx, $phpbb_root_path; - if(!$board_config['override_user_themes']) - { - if( $userdata['user_id'] != ANONYMOUS && isset($userdata['user_theme']) ) +// if( !defined("IN_ADMIN") ) +// { + if( !$board_config['override_user_style'] ) { - $theme = setuptheme($userdata['user_theme']); - if($theme == FALSE) + if( $userdata['user_id'] != ANONYMOUS && isset($userdata['user_style']) ) { - $theme = setuptheme($board_config['default_theme']); + $theme = setup_style($userdata['user_style']); + if( !$theme ) + { + $theme = setup_style($board_config['default_style']); + } + } + else + { + $theme = setup_style($board_config['default_style']); } } else { - $theme = setuptheme($board_config['default_theme']); + $theme = setup_style($board_config['default_style']); } - } - else - { - $theme = setuptheme($board_config['default_theme']); - } +// } +// else +// { +// $theme = setup_style($board_config['default_admin_style']); +// } if( $userdata['user_id'] != ANONYMOUS ) { - if(!empty($userdata['user_lang'])) + if( !empty($userdata['user_lang'])) { $board_config['default_lang'] = $userdata['user_lang']; } @@ -262,24 +269,6 @@ function init_userprefs($userdata) { $board_config['board_timezone'] = $userdata['user_timezone']; } - - if(!empty($userdata['user_template'])) - { - $board_config['board_template'] = $userdata['user_template']; - } - } - - $template = new Template($phpbb_root_path . "templates/" . $board_config['board_template']); - - if( $template ) - { - @include($phpbb_root_path . "templates/" . $board_config['board_template'] . "/" . $board_config['board_template'] . ".cfg"); - - if( !defined("TEMPLATE_CONFIG") ) - { - message_die(CRITICAL_ERROR, "Couldn't open " . $board_config['board_template'] . " template config file"); - } - } if(file_exists("language/lang_".$board_config['default_lang'].".".$phpEx) ) @@ -294,22 +283,42 @@ function init_userprefs($userdata) return; } -function setuptheme($theme) +function setup_style($style) { - global $db; + global $db, $board_config, $template, $images, $phpbb_root_path; $sql = "SELECT * FROM " . THEMES_TABLE . " - WHERE themes_id = $theme"; + WHERE themes_id = $style"; if(!$result = $db->sql_query($sql)) { return(FALSE); } - if(!$myrow = $db->sql_fetchrow($result)) + + if( !$row = $db->sql_fetchrow($result) ) { return(FALSE); } - return($myrow); + +// $template_path = ( defined("IN_ADMIN") ) ? "admin/templates/" : "templates/" ; +// $template_name = ( defined("IN_ADMIN") ) ? $board_config['board_admin_template'] : $myrow['template_name'] ; + $template_path = "templates/" ; + $template_name = $row['template_name'] ; + + $template = new Template($phpbb_root_path . $template_path . $template_name); + + if( $template ) + { + @include($phpbb_root_path . $template_path . $template_name . "/" . $template_name . ".cfg"); + + if( !defined("TEMPLATE_CONFIG") ) + { + message_die(CRITICAL_ERROR, "Couldn't open " . $template_name . " template config file"); + } + + } + + return($row); } function generate_activation_key() @@ -462,14 +471,10 @@ function generate_pagination($base_url, $num_items, $per_page, $start_item, $add // function validate_username($username) { - global $db; switch(SQL_LAYER) { - // Along with subqueries MySQL also lacks - // a UNION clause which would be very nice here :( - // So we have to use two queries case 'mysql': $sql_users = "SELECT u.username, g.group_name FROM " . USERS_TABLE . " u, " . GROUPS_TABLE . " g, " . USER_GROUP_TABLE . " ug @@ -517,6 +522,25 @@ function validate_username($username) break; } + $sql = "SELECT word + FROM " . WORDS_TABLE; + if( !$words_result = $db->sql_query($sql) ) + { + message_die(GENERAL_ERROR, "Couldn't get censored words from database.", "", __LINE__, __FILE__, $sql); + } + else + { + $word_list = $db->sql_fetchrowset($words_result); + + for($i = 0; $i < count($word_list); $i++) + { + if( preg_match("/\b(" . str_replace("\*", "\w*?", preg_quote($word_list[$i]['word'])) . ")\b/i", $username) ) + { + return(FALSE); + } + } + } + return(TRUE); } @@ -706,11 +730,11 @@ function language_select($default, $select_name = "language", $dirname="language // Pick a template/theme combo, personally recommend // PSO - Blue but then I would ... // -function style_select($default_template, $default_theme, $select_name = "style", $dirname = "templates") +function style_select($default_style, $select_name = "style", $dirname = "templates") { global $db; - $sql = "SELECT themes_id, template_name, themes_name + $sql = "SELECT themes_id, style_name FROM " . THEMES_TABLE . " ORDER BY template_name, themes_id"; if( !$result = $db->sql_query($sql) ) @@ -718,31 +742,17 @@ function style_select($default_template, $default_theme, $select_name = "style", message_die(GENERAL_ERROR, "Couldn't query themes table", "", __LINE__, __FILE__, $sql); } - while( $row = $db->sql_fetchrow($result) ) - { - $template_themes[$row['template_name']]['name'][] = $row['themes_name']; - $template_themes[$row['template_name']]['id'][] = $row['themes_id']; - } + $template_style = $db->sql_fetchrowset($result); - $dir = opendir($dirname); - $style_select = ""; - closedir($dir); - return($style_select); } @@ -881,4 +891,195 @@ function obtain_word_list(&$orig_word, &$replacement_word) return(TRUE); } +// +// This function gets called to output any message or error +// that doesn't require additional output from the calling +// page. +// +// $msg_code takes one of four constant values: +// +// GENERAL_MESSAGE -> Use for any simple text message, eg. +// results of an operation, authorisation failures, etc. +// +// GENERAL ERROR -> Use for any error which occurs _AFTER_ +// the common.php include and session code, ie. most errors +// in pages/functions +// +// CRITICAL_MESSAGE -> Only currently used to announce a user +// has been banned, can be used where session results cannot +// be relied upon to exist but we can and do assume that basic +// board configuration data is available +// +// CRITICAL_ERROR -> Used whenever a DB connection cannot be +// guaranteed and/or we've been unable to obtain basic board +// configuration data. Shouldn't be used in general +// pages/functions (it results in a simple echo'd statement, +// no templates are used) +// +function message_die($msg_code, $msg_text = "", $msg_title = "", $err_line = "", $err_file = "", $sql = "") +{ + global $db, $template, $board_config, $theme, $lang, $phpEx, $phpbb_root_path; + global $userdata, $user_ip, $session_length; + global $starttime; + + $sql_store = $sql; + + if( empty($userdata) && ( $msg_code == GENERAL_MESSAGE || $msg_code == GENERAL_ERROR ) ) + { + $userdata = session_pagestart($user_ip, PAGE_INDEX, $session_length); + init_userprefs($userdata); + } + + // + // If the header hasn't been output then do it + // + if( !defined("HEADER_INC") && $msg_code != CRITICAL_ERROR ) + { + if( empty($lang) ) + { + if( !empty($board_config['default_lang']) ) + { + include($phpbb_root_path . 'language/lang_' . $board_config['default_lang'] . '.'.$phpEx); + } + else + { + include($phpbb_root_path . 'language/lang_english.'.$phpEx); + } + } + + if( empty($template) ) + { + $template = new Template($phpbb_root_path . "templates/" . $board_config['board_template']); + } + + if( empty($theme) ) + { + $theme = setuptheme($board_config['default_theme']); + } + + // + // Load the Page Header + // + if( !defined("IN_ADMIN") ) + { + include($phpbb_root_path . 'includes/page_header.'.$phpEx); + } + else + { + include($phpbb_root_path . 'admin/page_header_admin.'.$phpEx); + } + } + + switch($msg_code) + { + case GENERAL_MESSAGE: + if($msg_title == "") + { + $msg_title = $lang['Information']; + } + break; + + case CRITICAL_MESSAGE: + if($msg_title == "") + { + $msg_title = $lang['Critical_Information']; + } + break; + + case GENERAL_ERROR: + if($msg_text == "") + { + $msg_text = $lang['An_error_occured']; + } + + if($msg_title == "") + { + $msg_title = $lang['General_Error']; + } + + case CRITICAL_ERROR: + // + // Critical errors mean we cannot rely on _ANY_ DB information being + // available so we're going to dump out a simple echo'd statement + // + include($phpbb_root_path . 'language/lang_english.'.$phpEx); + + if($msg_text == "") + { + $msg_text = $lang['A_critical_error']; + } + + if($msg_title == "") + { + $msg_title = "phpBB : " . $lang['Critical_Error'] . ""; + } + break; + } + + // + // Add on DEBUG info if we've enabled debug mode and this is an error. This + // prevents debug info being output for general messages should DEBUG be + // set TRUE by accident (preventing confusion for the end user!) + // + if(DEBUG && ( $msg_code == GENERAL_ERROR || $msg_code == CRITICAL_ERROR ) ) + { + $sql_error = $db->sql_error(); + + $debug_text = ""; + + if($sql_error['message'] != "") + { + $debug_text .= "

SQL Error : " . $sql_error['code'] . " " . $sql_error['message']; + } + + if($sql_store != "") + { + $debug_text .= "

$sql_store"; + } + + if($err_line != "" && $err_file != "") + { + $debug_text .= "

Line : " . $err_line . "
File : " . $err_file; + } + + if($debug_text != "") + { + $msg_text = $msg_text . "

DEBUG MODE" . $debug_text; + } + } + + if( $msg_code != CRITICAL_ERROR ) + { + if( !empty($lang[$msg_text]) ) + { + $msg_text = $lang[$msg_text]; + } + + $template->set_filenames(array( + "message_body" => "message_body.tpl") + ); + $template->assign_vars(array( + "MESSAGE_TITLE" => $msg_title, + "MESSAGE_TEXT" => $msg_text) + ); + $template->pparse("message_body"); + + if( !defined("IN_ADMIN") ) + { + include($phpbb_root_path . 'includes/page_tail.'.$phpEx); + } + else + { + include($phpbb_root_path . 'admin/page_footer_admin.'.$phpEx); + } + } + else + { + echo "\n\n" . $msg_title . "\n

\n" . $msg_text . "\n"; + } + + exit; + +} + ?> \ No newline at end of file diff --git a/phpBB/includes/post.php b/phpBB/includes/post.php index ac364f6472..db77d05498 100644 --- a/phpBB/includes/post.php +++ b/phpBB/includes/post.php @@ -28,6 +28,8 @@ function prepare_message($message, $html_on, $bbcode_on, $smile_on, $bbcode_uid { global $board_config; + $allowed_html_tags = split(",", $board_config['allow_html_tags']); + // // Clean up the message // @@ -48,9 +50,9 @@ function prepare_message($message, $html_on, $bbcode_on, $smile_on, $bbcode_uid $length = $end_html - $start_html + 1; $tagallowed = 0; - for($i = 0; $i < sizeof($board_config['allow_html_tags']); $i++) + for($i = 0; $i < sizeof($allowed_html_tags); $i++) { - $match_tag = trim($board_config['allow_html_tags'][$i]); + $match_tag = trim($allowed_html_tags[$i]); if( preg_match("/^[\/]?" . $match_tag . "( .*?)*$/i", trim(substr($message, $start_html + 1, $length - 2))) ) { diff --git a/phpBB/language/email/admin_activate_english.tpl b/phpBB/language/email/admin_activate_english.tpl new file mode 100644 index 0000000000..ece89ca1b0 --- /dev/null +++ b/phpBB/language/email/admin_activate_english.tpl @@ -0,0 +1,7 @@ +Hello, + +The account owned by "{USERNAME}" has been deactivated or newly created, you should check the details of this user (if required) and activate it using the following link: + +{U_ACTIVATE} + +{EMAIL_SIG} \ No newline at end of file diff --git a/phpBB/language/email/admin_welcome_activated_english.tpl b/phpBB/language/email/admin_welcome_activated_english.tpl new file mode 100644 index 0000000000..1fbed221ba --- /dev/null +++ b/phpBB/language/email/admin_welcome_activated_english.tpl @@ -0,0 +1,5 @@ +Hello {USERNAME}, + +Your account has now been activated, you may login using the username and password you received in a previous email. + +{EMAIL_SIG} \ No newline at end of file diff --git a/phpBB/language/email/admin_welcome_inactive_english.tpl b/phpBB/language/email/admin_welcome_inactive_english.tpl new file mode 100644 index 0000000000..44b66bf63e --- /dev/null +++ b/phpBB/language/email/admin_welcome_inactive_english.tpl @@ -0,0 +1,16 @@ +{WELCOME_MSG} + +Please keep this email for your records. Your account information is as follows: + +---------------------------- +Username: {USERNAME} +Password: {PASSWORD} +---------------------------- + +Your account is currently inactive, the administrator of the board will need to activate it before you can log in. You will receive another email when this has occured. + +Please do not forget your password as it has been encrypted in our database and we cannot retrieve it for you. However, should you forget your password you can request a new one which will be activated in the same way as this account. + +Thank you for registering. + +{EMAIL_SIG} \ No newline at end of file diff --git a/phpBB/language/email/topic_notify_english.tpl b/phpBB/language/email/topic_notify_english.tpl index 1280ab15d4..0ca46072b8 100644 --- a/phpBB/language/email/topic_notify_english.tpl +++ b/phpBB/language/email/topic_notify_english.tpl @@ -2,10 +2,10 @@ Hello {USERNAME}, You are receiving this email because you are watching the topic, "{TOPIC_TITLE}" at {SITENAME}. This topic has received a reply since your last visit. You can use the following link to view the replies made, no more notifications will be sent until you visit the topic. -{TOPIC_URL} +{U_TOPIC} If you no longer wish to watch this topic you can either click the "Stop watching this topic link" found at the bottom of the topic above, or by clicking the following link: -{UN_WATCH_URL} +{U_STOP_WATCHING_TOPIC} {EMAIL_SIG} \ No newline at end of file diff --git a/phpBB/language/email/user_activate_english.tpl b/phpBB/language/email/user_activate_english.tpl new file mode 100644 index 0000000000..5d9457814e --- /dev/null +++ b/phpBB/language/email/user_activate_english.tpl @@ -0,0 +1,7 @@ +Hello {USERNAME}, + +Your account on {SITENAME} has been deactivated, most likely due to changes made to your profile. In order to reactivate your account you must click on the link below: + +{U_ACTIVATE} + +{EMAIL_SIG} \ No newline at end of file diff --git a/phpBB/language/email/user_welcome_english.tpl b/phpBB/language/email/user_welcome_english.tpl new file mode 100644 index 0000000000..cd56a43ca9 --- /dev/null +++ b/phpBB/language/email/user_welcome_english.tpl @@ -0,0 +1,14 @@ +{WELCOME_MSG} + +Please keep this email for your records. Your account information is as follows: + +---------------------------- +Username: {USERNAME} +Password: {PASSWORD} +---------------------------- + +Please do not forget your password as it has been encrypted in our database and we cannot retrieve it for you. However, should you forget your password you can request a new one which will be activated in the same way as this account. + +Thank you for registering. + +{EMAIL_SIG} \ No newline at end of file diff --git a/phpBB/language/email/user_welcome_inactive_english.tpl b/phpBB/language/email/user_welcome_inactive_english.tpl new file mode 100644 index 0000000000..81e4d41c12 --- /dev/null +++ b/phpBB/language/email/user_welcome_inactive_english.tpl @@ -0,0 +1,18 @@ +{WELCOME_MSG} + +Please keep this email for your records. Your account information is as follows: + +---------------------------- +Username: {USERNAME} +Password: {PASSWORD} +---------------------------- + +Your account is currently inactive. You cannot use it until you visit the following link: + +{U_ACTIVATE} + +Please do not forget your password as it has been encrypted in our database and we cannot retrieve it for you. However, should you forget your password you can request a new one which will be activated in the same way as this account. + +Thank you for registering. + +{EMAIL_SIG} \ No newline at end of file diff --git a/phpBB/language/lang_english.php b/phpBB/language/lang_english.php index ea18d29ffc..13f39cdc2d 100755 --- a/phpBB/language/lang_english.php +++ b/phpBB/language/lang_english.php @@ -137,6 +137,7 @@ $lang['You_last_visit'] = "You last visited on"; $lang['Welcome_to'] = "Welcome to"; // Followed by site name $lang['Register'] = "Register"; $lang['Profile'] = "Profile"; +$lang['Edit_profile'] = "Edit your profile"; $lang['Search'] = "Search"; $lang['Private_msgs'] = "Private Messages"; $lang['Memberlist'] = "Memberlist"; @@ -358,7 +359,7 @@ $lang['No_such_user'] = "Sorry but no such user exists"; $lang['Message_sent'] = "Your message has been sent"; $lang['to_return_inbox'] = " to return to your Inbox"; // This follows a "Click HERE ... " -$lang['to_return_index'] = " to return to the Forum Index"; // This follows a "Click HERE ... " +$lang['to_return_index'] = " to return to the Index"; // This follows a "Click HERE ... " $lang['Re'] = "Re"; // Re as in 'Response to' @@ -367,7 +368,6 @@ $lang['Send_a_reply'] = "Reply to a private message"; $lang['Edit_message'] = "Edit private message"; $lang['Notification_subject'] = "New Private Message has arrived"; -$lang['Notification_email'] = "Hello " . $to_userdata['username'] . "\n\n, You have received a new private message on your account at " . $board_config['sitename'] . ". To view it immediately click the following link " . $pm_url . ", you may of course visit the site later your message will be stored in your Inbox.\n"; $lang['Find_username'] = "Find a username"; $lang['Find'] = "Find"; @@ -395,7 +395,7 @@ $lang['Contact'] = "Contact"; $lang['Email_address'] = "Email address"; $lang['Email'] = "Email"; $lang['Private_message'] = "Send Private Message"; -$lang['Hidden_email'] = "[ Hidden email address ]"; +$lang['Hidden_email'] = "[ Hidden ]"; $lang['Search_user_posts'] = "Search for posts by this user"; $lang['Interests'] = "Interests"; $lang['Occupation'] = "Occupation"; @@ -405,7 +405,7 @@ $lang['of_total'] = "of total"; // follows percentage of total posts $lang['Wrong_Profile'] = "You cannot modify a profile that is not your own."; $lang['Bad_username'] = "The username you choose has been taken or is disallowed by the administrator."; -$lang['Sorry_banned_or_taken_email'] = "Sorry but the email address you gave has either been banned or is already registered to another user. You may try an alternative address, if that is also banned then you should contact the board administrator for advice."; +$lang['Sorry_banned_or_taken_email'] = "Sorry but the email address you gave has either been banned, is already registered to another user or is invalid. Please try an alternative address, if that is also banned you should contact the board administrator for advice"; $lang['Only_one_avatar'] = "Only one type of avatar can be specified"; $lang['File_no_data'] = "The file at the URL you gave contains no data"; $lang['No_connection_URL'] = "A connection could not be made to the URL you gave"; @@ -464,13 +464,16 @@ $lang['Avatar_filetype'] = "The avatar filetype must be .jpg, .gif or .png"; $lang['Avatar_filesize'] = "The avatar image file size must more than 0 kB and less than " . round($board_config['avatar_filesize'] / 1024) . " kB"; $lang['Avatar_imagesize'] = "The avatar must be less than " . $board_config['avatar_max_width'] . " pixels wide and " . $board_config['avatar_max_height'] . " pixels high"; +$lang['Welcome_subject'] = "Welcome to " . $board_config['sitename'] . " Forums"; +$lang['New_account_subject'] = "New user account"; +$lang['Account_activated_subject'] = "Account Activated"; + $lang['Account_added'] = "Thank you for registering, your account has been created. You may now login with your username and password"; $lang['Account_inactive'] = "Your account has been created. However, this forum requires account activation, an activation key has been sent to the email address you provided. Pease check your email for further information"; +$lang['Account_inactive_admin'] = "Your account has been created. However, this forum requires account activation by the administrator. An email has been sent to them and you will be informed when your account has been activated"; $lang['Account_active'] = "Your account has now been activated. Thank you for registering"; +$lang['Account_active_admin'] = "The account has now been activated"; $lang['Reactivate'] = "Reactivate your account!"; - -$lang['Welcome_subject'] = "Welcome to " . $board_config['sitename'] . " Forums"; - $lang['COPPA'] = "Your account has been created but has to be approved, please check your email for details."; $lang['Welcome_COPPA'] = "Your account has been created, however in complance with the COPPA act you must print out this page and have you parent or guardian mail it to:
" . $lang['Mailing_address'] . "
Or fax it to:
" . $lang['Fax_info'] . "
Once this information has been received your account will be activated by the administrator and you will receive an email notification."; @@ -539,7 +542,7 @@ $lang['Search_for_any'] = "Search for any terms or use query as entered"; $lang['Search_for_all'] = "Search for all terms"; $lang['Search_author'] = "Search for Author"; $lang['Return_first'] = "Return first"; // followed by xxx characters -$lang['characters'] = "characters"; +$lang['characters_posts'] = "characters of posts"; $lang['Search_previous'] = "Search previous"; // followed by days, weeks, months, year, all $lang['Sort_by'] = "Sort by"; $lang['Sort_Ascending'] = "Sort Ascending"; @@ -547,6 +550,9 @@ $lang['Sort_Decending'] = "Sort Descending"; $lang['Display_results'] = "Display results as"; $lang['All'] = "All"; $lang['No_search_match'] = "No topics or posts met your search criteria"; +$lang['found'] = "found"; // this precedes the number of matches found and follows Search +$lang['match'] = "Match"; // this and the following entry proceed the number of matches found +$lang['matches'] = "Matches"; $lang['Search_new'] = "View posts since last visit"; // // Topic Admin <= Should be blank for now diff --git a/phpBB/profile.php b/phpBB/profile.php index 0ca4d15e2c..92f94f7039 100644 --- a/phpBB/profile.php +++ b/phpBB/profile.php @@ -23,6 +23,8 @@ $phpbb_root_path = "./"; include($phpbb_root_path . 'extension.inc'); include($phpbb_root_path . 'common.'.$phpEx); +include($phpbb_root_path . 'includes/post.'.$phpEx); +include($phpbb_root_path . 'includes/bbcode.'.$phpEx); // // Start session management @@ -34,10 +36,9 @@ init_userprefs($userdata); // -// +// ----------------------- // Page specific functions // - // // Check to see if email address is banned // or already present in the DB @@ -48,35 +49,42 @@ function validate_email($email) if($email != "") { - $sql = "SELECT ban_email - FROM " . BANLIST_TABLE; - if(!$result = $db->sql_query($sql)) + if( preg_match("/^[a-z0-9\.\-_]+@[a-z0-9\-_]+\.([a-z0-9\-_]+\.)?[a-z]+$/is", $email) ) { - message_die(GENERAL_ERROR, "Couldn't obtain email ban information.", "", __LINE__, __FILE__, $sql); - } - $ban_email_list = $db->sql_fetchrowset($result); - for($i = 0; $i < count($ban_email_list); $i++) - { - $match_email = str_replace("*@", ".*@", $ban_email_list[$i]['ban_email']); - if( preg_match("/^" . $match_email . "$/is", $email) ) + $sql = "SELECT ban_email + FROM " . BANLIST_TABLE; + if(!$result = $db->sql_query($sql)) + { + message_die(GENERAL_ERROR, "Couldn't obtain email ban information.", "", __LINE__, __FILE__, $sql); + } + $ban_email_list = $db->sql_fetchrowset($result); + for($i = 0; $i < count($ban_email_list); $i++) + { + $match_email = str_replace("*@", ".*@", $ban_email_list[$i]['ban_email']); + if( preg_match("/^" . $match_email . "$/is", $email) ) + { + return(0); + } + } + $sql = "SELECT user_email + FROM " . USERS_TABLE . " + WHERE user_email = '" . $email . "'"; + if(!$result = $db->sql_query($sql)) + { + message_die(GENERAL_ERROR, "Couldn't obtain user email information.", "", __LINE__, __FILE__, $sql); + } + $email_taken = $db->sql_fetchrow($result); + if($email_taken['user_email'] != "") { return(0); } + + return(1); } - $sql = "SELECT user_email - FROM " . USERS_TABLE . " - WHERE user_email = '" . $email . "'"; - if(!$result = $db->sql_query($sql)) - { - message_die(GENERAL_ERROR, "Couldn't obtain user email information.", "", __LINE__, __FILE__, $sql); - } - $email_taken = $db->sql_fetchrow($result); - if($email_taken['user_email'] != "") + else { return(0); } - - return(1); } else { @@ -117,9 +125,17 @@ function validate_optional_fields(&$icq, &$aim, &$msnm, &$yim, &$website, &$loca // website has to start with http://, followed by something with length at least 3 that // contains at least one dot. - if (!preg_match("#^http\\:\\/\\/[a-z0-9]+\.[a-z0-9]+#i", $website)) + if($website != "") { - $website = ""; + if( !ereg("^http\:\/\/", $website) ) + { + $website = "http://" . $website; + } + + if (!preg_match("#^http\\:\\/\\/[a-z0-9]+\.[a-z0-9]+#i", $website)) + { + $website = ""; + } } // location has to have length >= 2. @@ -163,7 +179,7 @@ if(isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode'])) // // Begin page proper // - if($mode == "viewprofile") + if( $mode == "viewprofile" ) { // // Output page header and @@ -192,8 +208,9 @@ if(isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode'])) // End header // - if(!$HTTP_GET_VARS[POST_USERS_URL]) + if( !$HTTP_GET_VARS[POST_USERS_URL] ) { + // CHANGE THIS! message_die(GENERAL_ERROR, "You must supply the user ID number of the user you want to view", "", __LINE__, __FILE__); } $profiledata = get_userdata_from_id($HTTP_GET_VARS[POST_USERS_URL]); @@ -204,7 +221,7 @@ if(isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode'])) // $regdate = $profiledata['user_regdate']; - $memberdays = (time() - $regdate) / (24*60*60); + $memberdays = round( ( time() - $regdate ) / 86400 ); $posts_per_day = sprintf("%.2f", $profiledata['user_posts'] / $memberdays); // Get the users percentage of total posts @@ -218,16 +235,16 @@ if(isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode'])) $percentage = 0; } - if($profiledata['user_viewemail']) + if( $profiledata['user_viewemail'] ) { // Replace the @ with 'at'. Some anti-spam mesures. $email_addr = str_replace("@", " at ", $profiledata['user_email']); $email = "$email_addr"; - $email_img = "\"""; + $email_img = "\"""; } else { - $email = $lang['Hidden_email']; + $email = ""; $email_img = ""; } @@ -261,7 +278,7 @@ if(isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode'])) $search_img = "\"""; $search = "" . $lang['Search_user_posts'] . ""; - $www_img = ($profiledata['user_website']) ? "\""" : " "; + $www_img = ($profiledata['user_website']) ? "\""" : " "; $pm_img = "\"""; @@ -320,7 +337,7 @@ if(isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode'])) else if($mode == "editprofile" || $mode == "register") { - if(!$userdata['session_logged_in'] && $mode == "editprofile") + if( !$userdata['session_logged_in'] && $mode == "editprofile" ) { header(append_sid("Location: login.$phpEx?forward_page=$PHP_SELF&mode=editprofile")); } @@ -367,9 +384,9 @@ if(isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode'])) include($phpbb_root_path . 'includes/page_tail.'.$phpEx); } } - else if(isset($HTTP_POST_VARS['submit']) || $mode == "register") + else if( isset($HTTP_POST_VARS['submit']) || $mode == "register" ) { - if($mode == "editprofile") + if( $mode == "editprofile" ) { $user_id = $HTTP_POST_VARS['user_id']; $current_email = trim(strip_tags(htmlspecialchars($HTTP_POST_VARS['current_email']))); @@ -386,13 +403,6 @@ if(isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode'])) $yim = (!empty($HTTP_POST_VARS['yim'])) ? trim(strip_tags($HTTP_POST_VARS['yim'])) : ""; $website = (!empty($HTTP_POST_VARS['website'])) ? trim(strip_tags($HTTP_POST_VARS['website'])) : ""; - if($website != "") - { - if( !ereg("^http\:\/\/", $website) ) - { - $website = "http://" . $website; - } - } $location = (!empty($HTTP_POST_VARS['location'])) ? trim(strip_tags($HTTP_POST_VARS['location'])) : ""; $occupation = (!empty($HTTP_POST_VARS['occupation'])) ? trim(strip_tags($HTTP_POST_VARS['occupation'])) : ""; $interests = (!empty($HTTP_POST_VARS['interests'])) ? trim(strip_tags($HTTP_POST_VARS['interests'])) : ""; @@ -402,18 +412,17 @@ if(isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode'])) // empty strings if they fail. validate_optional_fields($icq, $aim, $msn, $yim, $website, $location, $occupation, $interests, $signature); - $viewemail = (isset($HTTP_POST_VARS['viewemail'])) ? ( ($HTTP_POST_VARS['viewemail']) ? 1 : 0 ) : 0; - $allowviewonline = (isset($HTTP_POST_VARS['hideonline'])) ? ( ($HTTP_POST_VARS['hideonline']) ? 0 : 1 ) : 1; - $notifyreply = (isset($HTTP_POST_VARS['notifyreply'])) ? ( ($HTTP_POST_VARS['notifyreply']) ? 1 : 0 ) : 0; - $notifypm = (isset($HTTP_POST_VARS['notifypm'])) ? ( ($HTTP_POST_VARS['notifypm']) ? 1 : 0 ) : 1; - $attachsig = (isset($HTTP_POST_VARS['attachsig'])) ? ( ($HTTP_POST_VARS['attachsig']) ? 1 : 0 ) : 0; + $viewemail = (isset($HTTP_POST_VARS['viewemail'])) ? ( ($HTTP_POST_VARS['viewemail']) ? TRUE : 0 ) : 0; + $allowviewonline = (isset($HTTP_POST_VARS['hideonline'])) ? ( ($HTTP_POST_VARS['hideonline']) ? 0 : TRUE ) : TRUE; + $notifyreply = (isset($HTTP_POST_VARS['notifyreply'])) ? ( ($HTTP_POST_VARS['notifyreply']) ? TRUE : 0 ) : 0; + $notifypm = (isset($HTTP_POST_VARS['notifypm'])) ? ( ($HTTP_POST_VARS['notifypm']) ? TRUE : 0 ) : TRUE; + $attachsig = (isset($HTTP_POST_VARS['attachsig'])) ? ( ($HTTP_POST_VARS['attachsig']) ? TRUE : 0 ) : 0; - $allowhtml = (isset($HTTP_POST_VARS['allowhtml'])) ? ( ($HTTP_POST_VARS['allowhtml']) ? 1 : 0 ) : $board_config['allow_html']; - $allowbbcode = (isset($HTTP_POST_VARS['allowbbcode'])) ? ( ($HTTP_POST_VARS['allowbbcode']) ? 1 : 0 ) : $board_config['allow_bbcode']; - $allowsmilies = (isset($HTTP_POST_VARS['allowsmilies'])) ? ( ($HTTP_POST_VARS['allowsmilies']) ? 1 : 0 ) : $board_config['allow_smilies']; + $allowhtml = (isset($HTTP_POST_VARS['allowhtml'])) ? ( ($HTTP_POST_VARS['allowhtml']) ? TRUE : 0 ) : $userdata['user_allowhtml']; + $allowbbcode = (isset($HTTP_POST_VARS['allowbbcode'])) ? ( ($HTTP_POST_VARS['allowbbcode']) ? TRUE : 0 ) : $userdata['user_allowbbcode']; + $allowsmilies = (isset($HTTP_POST_VARS['allowsmilies'])) ? ( ($HTTP_POST_VARS['allowsmilies']) ? TRUE : 0 ) : $userdata['user_allowsmilies']; - $user_template = ( isset($HTTP_POST_VARS['style']) ) ? substr($HTTP_POST_VARS['style'], 0, strrpos($HTTP_POST_VARS['style'], "_")) : $board_config['board_template']; - $user_theme = ( isset($HTTP_POST_VARS['style']) ) ? substr($HTTP_POST_VARS['style'], strrpos($HTTP_POST_VARS['style'], "_") + 1) : $board_config['default_theme']; + $user_style = ( isset($HTTP_POST_VARS['style']) ) ? $HTTP_POST_VARS['style'] : $board_config['default_style']; $user_lang = ($HTTP_POST_VARS['language']) ? $HTTP_POST_VARS['language'] : $board_config['default_lang']; $user_timezone = (isset($HTTP_POST_VARS['timezone'])) ? $HTTP_POST_VARS['timezone'] : $board_config['board_timezone']; @@ -443,19 +452,16 @@ if(isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode'])) } else if($mode == "register") { - $coppa = (!$HTTP_POST_VARS['coppa'] && !$HTTP_GET_VARS['coppa']) ? 0 : 1; + $coppa = (!$HTTP_POST_VARS['coppa'] && !$HTTP_GET_VARS['coppa']) ? 0 : TRUE; - if(empty($username) || empty($password) || empty($password_confirm) || empty($email)) + if( empty($username) || empty($password) || empty($password_confirm) || empty($email) ) { $error = TRUE; $error_msg = $lang['Fields_empty']; } } - // - // Do a ban check on this email address - // - if(!empty($password) && !empty($password_confirm)) + if( !empty($password) && !empty($password_confirm) ) { // Awww, the user wants to change their password, isn't that cute.. if($password != $password_confirm) @@ -469,12 +475,15 @@ if(isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode'])) $passwd_sql = "user_password = '$password', "; } } - else if($password && !$password_confirm) + else if( ( $password && !$password_confirm ) || ( !$password && $password_confirm ) ) { $error = TRUE; $error_msg = $lang['Password_mismatch']; } + // + // Do a ban check on this email address + // if($email != $userdata['user_email'] || $mode == "register") { if(!validate_email($email)) @@ -799,11 +808,17 @@ if(isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode'])) } } + if( $signature != "" ) + { + $signature_bbcode_uid = ( $allowbbcode ) ? make_bbcode_uid() : ""; + $signature = prepare_message($signature, $allowhtml, $allowbbcode, $allowsmilies, $signature_bbcode_uid); + } + if(!$error) { if($mode == "editprofile") { - if($email != $current_email && $board_config['require_activation']) + if($email != $current_email && ( $board_config['require_activation'] == USER_ACTIVATION_SELF || $board_config['require_activation'] == USER_ACTIVATION_ADMIN ) ) { $user_active = 0; $user_actkey = generate_activation_key(); @@ -812,7 +827,7 @@ if(isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode'])) // The user is inactive, remove their session forcing them to login again before they can post. // $sql = "DELETE FROM " . SESSIONS_TABLE . " - WHERE session_user_id = " . $userdata['user_id']; + WHERE session_user_id = " . $userdata['user_id']; $db->sql_query($sql); @@ -824,42 +839,58 @@ if(isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode'])) } $sql = "UPDATE " . USERS_TABLE . " - SET " . $username_sql . $passwd_sql . "user_email = '$email', user_icq = '$icq', user_website = '$website', user_occ = '$occupation', user_from = '$location', user_interests = '$interests', user_sig = '$signature', user_viewemail = $viewemail, user_aim = '$aim', user_yim = '$yim', user_msnm = '$msn', user_attachsig = $attachsig, user_allowsmile = $allowsmilies, user_allowhtml = $allowhtml, user_allowbbcode = $allowbbcode, user_allow_viewonline = $allowviewonline, user_notify = $notifyreply, user_notify_pm = $notifypm, user_timezone = $user_timezone, user_dateformat = '$user_dateformat', user_lang = '$user_lang', user_template = '$user_template', user_active = $user_active, user_actkey = '$user_actkey', user_theme = $user_theme" . $avatar_sql . " + SET " . $username_sql . $passwd_sql . "user_email = '$email', user_icq = '$icq', user_website = '$website', user_occ = '$occupation', user_from = '$location', user_interests = '$interests', user_sig = '$signature', user_sig_bbcode_uid = '$signature_bbcode_uid', user_viewemail = $viewemail, user_aim = '$aim', user_yim = '$yim', user_msnm = '$msn', user_attachsig = $attachsig, user_allowsmile = $allowsmilies, user_allowhtml = $allowhtml, user_allowbbcode = $allowbbcode, user_allow_viewonline = $allowviewonline, user_notify = $notifyreply, user_notify_pm = $notifypm, user_timezone = $user_timezone, user_dateformat = '$user_dateformat', user_lang = '$user_lang', user_style = $user_style, user_active = $user_active, user_actkey = '$user_actkey'" . $avatar_sql . " WHERE user_id = $user_id"; if($result = $db->sql_query($sql)) { - if($user_active == 0) + if( $user_active == 0 ) { // // The users account has been deactivated, send them an email with a new activation key // - $email_headers = "From: " . $board_config['email_from'] . "\r\n"; + include($phpbb_root_path . 'includes/emailer.'.$phpEx); + $emailer = new emailer($board_config['smtp_delivery']); + + $email_headers = "From: " . $board_config['board_email'] . "\nReturn-Path: " . $board_config['board_email'] . "\r\n"; $path = (dirname($HTTP_SERVER_VARS['REQUEST_URI']) == "/") ? "" : dirname($HTTP_SERVER_VARS['REQUEST_URI']); - $emailer->use_template("activate"); - $emailer->email_address($email); + if( $board_config['require_activation'] == USER_ACTIVATION_SELF ) + { + $emailer->use_template("user_activate"); + $emailer->email_address($email); + } + else + { + $emailer->use_template("admin_activate"); + $emailer->email_address($board_config['board_email']); + } $emailer->set_subject($lang['Reactivate']); $emailer->extra_headers($email_headers); $emailer->assign_vars(array( "SITENAME" => $board_config['sitename'], "USERNAME" => $username, - "EMAIL_SIG" => $board_config['board_email'], + "EMAIL_SIG" => str_replace("
", "\n", "-- \n" . $board_config['board_email_sig']), "U_ACTIVATE" => "http://" . $HTTP_SERVER_VARS['SERVER_NAME'] . $path . "/profile.$phpEx?mode=activate&act_key=$act_key") ); $emailer->send(); $emailer->reset(); + + $message = $lang['Profile_updated'] . "

" . $lang['Click'] . " " . $lang['Here'] . " " . $lang['to_return_index']; + + } + else + { + $message = $lang['Profile_updated'] . "

" . $lang['Click'] . " " . $lang['Here'] . " " . $lang['to_return_index']; } $template->assign_vars(array( "META" => '') ); - $message = $lang['Profile_updated'] . "

" . $lang['Click'] . " " . $lang['Here'] . " " . $lang['to_return_index']; - message_die(GENERAL_MESSAGE, $message); } else @@ -872,10 +903,10 @@ if(isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode'])) // // Get current date // - $sql = "INSERT INTO " . USERS_TABLE . " (user_id, username, user_regdate, user_password, user_email, user_icq, user_website, user_occ, user_from, user_interests, user_sig, user_avatar, user_viewemail, user_aim, user_yim, user_msnm, user_attachsig, user_allowsmile, user_allowhtml, user_allowbbcode, user_allow_viewonline, user_notify, user_notify_pm, user_timezone, user_dateformat, user_lang, user_template, user_theme, user_level, user_allow_pm, user_active, user_actkey) - VALUES ($new_user_id, '$username', " . time() . ", '$password', '$email', '$icq', '$website', '$occupation', '$location', '$interests', '$signature', '$avatar_filename', $viewemail, '$aim', '$yim', '$msn', $attachsig, $allowsmilies, $allowhtml, $allowbbcode, $allowviewonline, $notifyreply, $notifypm, $user_timezone, '$user_dateformat', '$user_lang', '$user_template', $user_theme, 0, 1, "; + $sql = "INSERT INTO " . USERS_TABLE . " (user_id, username, user_regdate, user_password, user_email, user_icq, user_website, user_occ, user_from, user_interests, user_sig, user_sig_bbcode_uid, user_avatar, user_viewemail, user_aim, user_yim, user_msnm, user_attachsig, user_allowsmile, user_allowhtml, user_allowbbcode, user_allow_viewonline, user_notify, user_notify_pm, user_timezone, user_dateformat, user_lang, user_style, user_level, user_allow_pm, user_active, user_actkey) + VALUES ($new_user_id, '$username', " . time() . ", '$password', '$email', '$icq', '$website', '$occupation', '$location', '$interests', '$signature', '$signature_bbcode_uid', '$avatar_filename', $viewemail, '$aim', '$yim', '$msn', $attachsig, $allowsmilies, $allowhtml, $allowbbcode, $allowviewonline, $notifyreply, $notifypm, $user_timezone, '$user_dateformat', '$user_lang', $user_style, 0, 1, "; - if($board_config['require_activation'] || $coppa == 1) + if( $board_config['require_activation'] ==USER_ACTIVATION_SELF || $board_config['require_activation'] == USER_ACTIVATION_ADMIN || $coppa == 1) { $user_actkey = generate_activation_key(); $sql .= "0, '$user_actkey')"; @@ -895,29 +926,36 @@ if(isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode'])) VALUES ($new_user_id, $new_group_id, 0)"; if($result = $db->sql_query($sql, END_TRANSACTION)) { - if($board_config['require_activation']) + if( $board_config['require_activation'] == USER_ACTIVATION_SELF ) { $message = $lang['Account_inactive']; - $email_msg = "welcome_inactive"; + $email_template = "user_welcome_inactive"; } - else if($coppa) + else if( $board_config['require_activation'] == USER_ACTIVATION_ADMIN ) + { + $message = $lang['Account_inactive_admin']; + $email_template = "admin_welcome_inactive"; + } + else if( $coppa ) { $message = $lang['COPPA']; - $email_msg = $lang['Welcome_COPPA']; } else { $message = $lang['Account_added']; - $email_msg = "welcome"; + $email_template = "user_welcome"; } - if(!$coppa) + if( !$coppa ) { - $email_headers = "From: " . $board_config['email_from'] . "\r\n"; + include($phpbb_root_path . 'includes/emailer.'.$phpEx); + $emailer = new emailer($board_config['smtp_delivery']); + + $email_headers = "From: " . $board_config['board_email'] . "\nReturn-Path: " . $board_config['board_email'] . "\r\n"; $path = (dirname($HTTP_SERVER_VARS['REQUEST_URI']) == "/") ? "" : dirname($HTTP_SERVER_VARS['REQUEST_URI']); - $emailer->use_template($email_msg); + $emailer->use_template($email_template); $emailer->email_address($email); $emailer->set_subject($lang['Welcome_subject']); $emailer->extra_headers($email_headers); @@ -926,16 +964,34 @@ if(isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode'])) "WELCOME_MSG" => $lang['Welcome_subject'], "USERNAME" => $username, "PASSWORD" => $password_confirm, - "EMAIL_SIG" => $board_config['board_email'], + "EMAIL_SIG" => str_replace("
", "\n", "-- \n" . $board_config['board_email_sig']), "U_ACTIVATE" => "http://" . $HTTP_SERVER_VARS['SERVER_NAME'] . $path . "/profile.$phpEx?mode=activate&act_key=$user_actkey") ); $emailer->send(); $emailer->reset(); + + if( $board_config['require_activation'] == USER_ACTIVATION_ADMIN ) + { + $emailer->use_template("admin_activate"); + $emailer->email_address($board_config['board_email']); + $emailer->set_subject($lang['New_account_subject']); + $emailer->extra_headers($email_headers); + + $emailer->assign_vars(array( + "WELCOME_MSG" => $lang['Welcome_subject'], + "USERNAME" => $username, + "EMAIL_SIG" => str_replace("
", "\n", "-- \n" . $board_config['board_email_sig']), + + "U_ACTIVATE" => "http://" . $HTTP_SERVER_VARS['SERVER_NAME'] . $path . "/profile.$phpEx?mode=activate&act_key=$user_actkey") + ); + $emailer->send(); + $emailer->reset(); + } } $template->assign_vars(array( - "META" => '') + "META" => '') ); $message = $message . "

" . $lang['Click'] . " " . $lang['Here'] . " " . $lang['to_return_index']; @@ -977,6 +1033,7 @@ if(isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode'])) $occupation = $userdata['user_occ']; $interests = $userdata['user_interests']; $signature = $userdata['user_sig']; + $signature_bbcode_uid = $userdata['user_sig_bbcode_uid']; $viewemail = $userdata['user_viewemail']; $notifypm = $userdata['user_notify_pm']; @@ -988,30 +1045,31 @@ if(isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode'])) $allowviewonline = $userdata['user_allow_viewonline']; $user_avatar = $userdata['user_avatar']; - $user_theme = $userdata['user_theme']; + $user_style = $userdata['user_style']; $user_lang = $userdata['user_lang']; $user_timezone = $userdata['user_timezone']; - $user_template = $userdata['user_template']; $user_dateformat = $userdata['user_dateformat']; } - if(!isset($coppa)) + if( !isset($coppa) ) { $coppa = FALSE; } - if(!isset($user_template)) + if( !isset($user_template) ) { $selected_template = $board_config['system_template']; } - $html_status = ($board_config['allow_html']) ? $lang['ON'] : $lang['OFF']; - $bbcode_status = ($board_config['allow_bbcode']) ? $lang['ON'] : $lang['OFF']; - $smilies_status = ($board_config['allow_smilies']) ? $lang['ON'] : $lang['OFF']; + $html_status = ($userdata['user_allowhtml']) ? $lang['ON'] : $lang['OFF']; + $bbcode_status = ($userdata['user_allowbbcode']) ? $lang['ON'] : $lang['OFF']; + $smilies_status = ($userdata['user_allowsmile']) ? $lang['ON'] : $lang['OFF']; - if(stripslashes($user_avatar) != "") + $signature = preg_replace("/\:[0-9a-z\:]*?\]/si", "]", $signature); + + if($user_avatar != "") { - $avatar_img = (eregi("^http", stripslashes($user_avatar)) && $board_config['allow_avatar_remote']) ? "" : "\"\""; + $avatar_img = (eregi("^http", $user_avatar) && $board_config['allow_avatar_remote']) ? "" : "\"\""; } else { @@ -1019,11 +1077,13 @@ if(isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode'])) } $s_hidden_fields = ''; - if($mode == "editprofile") + if( $mode == "editprofile" ) { $s_hidden_fields .= ''; + // // Send the users current email address. If they change it, and account activation is turned on // the user account will be disabled and the user will have to reactivate their account. + // $s_hidden_fields .= ''; } @@ -1088,7 +1148,7 @@ if(isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode'])) "AVATAR" => $avatar_img, "AVATAR_SIZE" => $board_config['avatar_filesize'], "LANGUAGE_SELECT" => language_select($user_lang, 'language'), - "STYLE_SELECT" => style_select($user_template, $user_theme, 'style'), + "STYLE_SELECT" => style_select($user_style, 'style'), "TIMEZONE_SELECT" => tz_select($user_timezone, 'timezone'), "DATE_FORMAT" => $user_dateformat, "HTML_STATUS" => $html_status, @@ -1187,21 +1247,46 @@ if(isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode'])) } else if($mode == "activate") { - $sql = "SELECT user_id + $sql = "SELECT user_id, user_email FROM " . USERS_TABLE . " WHERE user_actkey = '$act_key'"; - if($result = $db->sql_query($sql)) + if( $result = $db->sql_query($sql) ) { - if($num = $db->sql_numrows($result)) + if( $row = $db->sql_fetchrow($result) ) { - $rowset = $db->sql_fetchrowset($result); - $sql_update = "UPDATE " . USERS_TABLE . " SET user_active = 1, user_actkey = '' - WHERE user_id = " . $rowset[0]['user_id']; + WHERE user_id = " . $row['user_id']; if($result = $db->sql_query($sql_update)) { - message_die(GENERAL_MESSAGE, $lang['Account_active']); + if( $board_config['require_activation'] == USER_ACTIVATION_ADMIN ) + { + include($phpbb_root_path . 'includes/emailer.'.$phpEx); + $emailer = new emailer($board_config['smtp_delivery']); + + $email_headers = "From: " . $board_config['board_email'] . "\nReturn-Path: " . $board_config['board_email'] . "\r\n"; + + $path = (dirname($HTTP_SERVER_VARS['REQUEST_URI']) == "/") ? "" : dirname($HTTP_SERVER_VARS['REQUEST_URI']); + + $emailer->use_template("admin_welcome_activated"); + $emailer->email_address($row['user_email']); + $emailer->set_subject($lang['Account_activated_subject']); + $emailer->extra_headers($email_headers); + + $emailer->assign_vars(array( + "USERNAME" => $username, + "PASSWORD" => $password_confirm, + "EMAIL_SIG" => str_replace("
", "\n", "-- \n" . $board_config['board_email_sig'])) + ); + $emailer->send(); + $emailer->reset(); + + message_die(GENERAL_MESSAGE, $lang['Account_active_admin']); + } + else + { + message_die(GENERAL_MESSAGE, $lang['Account_active']); + } } else { diff --git a/phpBB/templates/PSO/admin/admin_config_body.tpl b/phpBB/templates/PSO/admin/admin_config_body.tpl index a3fb78eddf..771eeceeee 100644 --- a/phpBB/templates/PSO/admin/admin_config_body.tpl +++ b/phpBB/templates/PSO/admin/admin_config_body.tpl @@ -14,7 +14,7 @@ Enable account activation: - Yes  No + None   User   Admin Flood Interval:
Number of seconds a user must wait between posts @@ -36,6 +36,10 @@ Default Style: {STYLE_SELECT} + + Override user style:
Replaces users style with the default + Yes   No + Default Language: {LANG_SELECT} @@ -52,6 +56,10 @@ Enable GZip Compression: Yes   No + + Enable Forum Pruning: + Yes   No + User/Forum Ability Settings @@ -67,6 +75,10 @@ Allow Smilies Yes   No + + Smilies Storage Path
Path under your phpBB root dir, e.g. images/smilies + + Allow Signatures Yes   No @@ -109,11 +121,11 @@ Admin Email Address - + Email Signature
This text will be attached to all emails the board sends - + Use SMTP for delivery
Say yes if you want or have to send email via a server instead of the local mail function diff --git a/phpBB/templates/PSO/admin/user_edit_body.tpl b/phpBB/templates/PSO/admin/user_edit_body.tpl index 60245b45cb..3871b0d5f3 100644 --- a/phpBB/templates/PSO/admin/user_edit_body.tpl +++ b/phpBB/templates/PSO/admin/user_edit_body.tpl @@ -94,6 +94,14 @@ {L_ALWAYS_ALLOW_SMILIES}: {L_YES}   {L_NO} + + {L_BOARD_LANGUAGE}: + {LANGUAGE_SELECT} + + + {L_BOARD_STYLE}: + {STYLE_SELECT} + {L_TIMEZONE}: {TIMEZONE_SELECT} @@ -117,16 +125,16 @@ {L_SPECIAL}
{L_SPECIAL_EXPLAIN} - {L_STATUS}: - {L_YES}   {L_NO} + {L_USER_ACTIVE}: + {L_YES}   {L_NO} - {L_ALLOWPM}: - {L_YES}   {L_NO} + {L_ALLOW_PM}: + {L_YES}   {L_NO} - {L_ALLOWAVATAR}: - {L_YES}   {L_NO} + {L_ALLOW_AVATAR}: + {L_YES}   {L_NO} {L_DELETE_USER}? diff --git a/phpBB/viewtopic.php b/phpBB/viewtopic.php index 6e99c94afa..0624fc3120 100644 --- a/phpBB/viewtopic.php +++ b/phpBB/viewtopic.php @@ -42,9 +42,9 @@ $start = (isset($HTTP_GET_VARS['start'])) ? $HTTP_GET_VARS['start'] : 0; // End initial var setup // -if(!isset($topic_id) && !isset($post_id)) +if( !isset($topic_id) && !isset($post_id) ) { - message_die(GENERAL_MESSAGE, $lang['Topic_post_not_exist']); + message_die(GENERAL_MESSAGE, 'Topic_post_not_exist'); } // @@ -83,11 +83,11 @@ if( isset($HTTP_GET_VARS["view"]) && empty($HTTP_GET_VARS[POST_POST_URL]) ) { if($HTTP_GET_VARS["view"] == "next") { - message_die(GENERAL_MESSAGE, $lang['No_newer_topics']); + message_die(GENERAL_MESSAGE, 'No_newer_topics'); } else { - message_die(GENERAL_MESSAGE, $lang['No_older_topics']); + message_die(GENERAL_MESSAGE, 'No_older_topics'); } } else @@ -120,7 +120,7 @@ if(!$result = $db->sql_query($sql)) if(!$total_rows = $db->sql_numrows($result)) { - message_die(GENERAL_MESSAGE, $lang['Topic_post_not_exist'], "", __LINE__, __FILE__, $sql); + message_die(GENERAL_MESSAGE, 'Topic_post_not_exist', "", __LINE__, __FILE__, $sql); } $forum_row = $db->sql_fetchrow($result); @@ -135,8 +135,8 @@ init_userprefs($userdata); // End session management // -$forum_name = stripslashes($forum_row['forum_name']); -$topic_title = stripslashes($forum_row['topic_title']); +$forum_name = $forum_row['forum_name']; +$topic_title = $forum_row['topic_title']; $topic_id = $forum_row['topic_id']; $topic_time = $forum_row['topic_time']; @@ -332,7 +332,7 @@ $select_post_order .= ""; // // Go ahead and pull all data for this topic // -$sql = "SELECT u.username, u.user_id, u.user_posts, u.user_from, u.user_website, u.user_email, u.user_icq, u.user_aim, u.user_yim, u.user_regdate, u.user_msnm, u.user_viewemail, u.user_rank, u.user_sig, u.user_avatar, p.*, pt.post_text, pt.post_subject +$sql = "SELECT u.username, u.user_id, u.user_posts, u.user_from, u.user_website, u.user_email, u.user_icq, u.user_aim, u.user_yim, u.user_regdate, u.user_msnm, u.user_viewemail, u.user_rank, u.user_sig, u.user_sig_bbcode_uid, u.user_avatar, p.*, pt.post_text, pt.post_subject FROM " . POSTS_TABLE . " p, " . USERS_TABLE . " u, " . POSTS_TEXT_TABLE . " pt WHERE p.topic_id = $topic_id AND p.poster_id = u.user_id @@ -674,11 +674,24 @@ for($i = 0; $i < $total_posts; $i++) $www_img = ($postrow[$i]['user_website']) ? "\""" : ""; - if($postrow[$i]['user_icq']) + if( !empty($postrow[$i]['user_icq']) ) { - $icq_status_img = ""; + $icq_status_img = ""; - $icq_add_img = "\"""; + // + // This cannot stay like this, it needs a 'proper' solution, eg a separate + // template for overlaying the ICQ icon, or we just do away with the icq status + // display (which is after all somewhat a pain in the rear :D + // + if( $board_config['default_template'] == "subSilver" || $userdata['user_template'] == "subSilver" ) + { + $icq_add_img = '
' . $icq_status_img . '' . $lang['ICQ'] . '
'; + $icq_status_img = ""; + } + else + { + $icq_add_img = "\"""; + } } else { @@ -686,7 +699,7 @@ for($i = 0; $i < $total_posts; $i++) $icq_add_img = ""; } - $aim_img = ($postrow[$i]['user_aim']) ? "\""" : ""; + $aim_img = ($postrow[$i]['user_aim']) ? "\""" : ""; $msn_img = ($postrow[$i]['user_msnm']) ? "\""" : ""; @@ -730,12 +743,13 @@ for($i = 0; $i < $total_posts; $i++) $delpost_img = ""; } - $message = $postrow[$i]['post_text']; - $post_subject = ( $postrow[$i]['post_subject'] != "" ) ? $postrow[$i]['post_subject'] : $topic_title; + $post_subject = ( $postrow[$i]['post_subject'] != "" ) ? $postrow[$i]['post_subject'] : ""; + $message = $postrow[$i]['post_text']; $bbcode_uid = $postrow[$i]['bbcode_uid']; $user_sig = $postrow[$i]['user_sig']; + $user_sig_bbcode_uid = $postrow[$i]['user_sig_bbcode_uid']; // // If the board has HTML off but the post has HTML @@ -743,7 +757,7 @@ for($i = 0; $i < $total_posts; $i++) // if( !$board_config['allow_html'] ) { - if( $user_sig != "" && $postrow[$i]['enable_sig'] ) + if( $user_sig != "" && $postrow[$i]['enable_sig'] && $userdata['user_allowhtml'] ) { $user_sig = preg_replace("#(<)([\/]?.*?)(>)#is", "<\\2>", $user_sig); } @@ -754,25 +768,19 @@ for($i = 0; $i < $total_posts; $i++) } } - if( $board_config['allow_bbcode'] && $bbcode_uid != "" ) + if( $user_sig != "" && $postrow[$i]['enable_sig'] && $user_sig_bbcode_uid != "" ) { - if( $user_sig != "" && $postrow[$i]['enable_sig'] ) - { - $sig_uid = make_bbcode_uid(); - $user_sig = bbencode_first_pass($user_sig, $sig_uid); - $user_sig = bbencode_second_pass($user_sig, $sig_uid); - } - - $message = bbencode_second_pass($message, $bbcode_uid); + $user_sig = ( $board_config['allow_bbcode'] ) ? bbencode_second_pass($user_sig, $user_sig_bbcode_uid) : preg_replace("/\:[0-9a-z\:]+\]/si", "]", $user_sig); } - else if( !$board_config['allow_bbcode'] && $bbcode != "" ) + + if( $bbcode_uid != "" ) { - $message = preg_replace("/\:[0-9a-z\:]+\]/si", "]", $message); + $message = ( $board_config['allow_bbcode'] ) ? bbencode_second_pass($message, $bbcode_uid) : preg_replace("/\:[0-9a-z\:]+\]/si", "]", $message); } $message = make_clickable($message); - if( $postrow[$i]['enable_sig'] ) + if( $postrow[$i]['enable_sig'] && $user_sig != "" ) { $message .= "

_________________
" . make_clickable($user_sig); } @@ -826,7 +834,7 @@ for($i = 0; $i < $total_posts; $i++) "EMAIL_IMG" => $email_img, "WWW_IMG" => $www_img, "ICQ_STATUS_IMG" => $icq_status_img, - "ICQ_ADD_IMG" => $icq_add_img, + "ICQ_ADD_IMG" => $icq_add_img, "AIM_IMG" => $aim_img, "MSN_IMG" => $msn_img, "YIM_IMG" => $yim_img,